cedrill

Good evening! I will follow your last recommendations. Thanks a lot for all your helps, that was very helpful.

<p>Hello,</p> <p>Now, everything is up to date I think.</p> <p> </p> <p> </p> <p> </p> <div> Results of screen317's Security Check version 0.99.54 </div> <div> Windows 7 Service Pack 1 x64 (UAC is enabled) </div> <div> Internet Explorer 9 </div> <div>``````````````Antivirus/Firewall Check:`````````````` </div> <div> Windows Firewall Enabled! </div> <div>Microsoft Security Essentials </div> <div> Antivirus up to date! </div> <div>`````````Anti-malware/Other Utilities Check:````````` </div> <div> Malwarebytes Anti-Malware version 1.65.1.1000 </div> <div> Adobe Flash Player 11.5.502.110 </div> <div>````````Process Check: objlist.exe by Laurent```````` </div> <div> Microsoft Security Essentials MSMpEng.exe </div> <div> Microsoft Security Essentials msseces.exe </div> <div>`````````````````System Health check````````````````` </div> <div> Total Fragmentation on Drive C: 0% </div> <div>````````````````````End of Log`````````````````````` </div> <br />

Hello, Thanks for the advice, I'll reinstall chrome and flash. Bellow the log. Cédric, Results of screen317's Security Check version 0.99.54 Windows 7 Service Pack 1 x64 (UAC is enabled) Internet Explorer 8 Out of date! ``````````````Antivirus/Firewall Check:`````````````` Windows Firewall Enabled! Microsoft Security Essentials Antivirus up to date! `````````Anti-malware/Other Utilities Check:````````` Malwarebytes Anti-Malware version 1.65.1.1000 Java 6 Update 37 Java version out of Date! Adobe Flash Player 11.5.502.110 Adobe Reader 9 Adobe Reader out of Date! ````````Process Check: objlist.exe by Laurent```````` Microsoft Security Essentials MSMpEng.exe Microsoft Security Essentials msseces.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: 1% ````````````````````End of Log``````````````````````

Hello, Sorry for late answer, I was in week end. Difficult to say. Sometime, when I read a video on you tube, video stops few seconds before the end. Sometime chromium crash, but it's infrequent. Except that, nothing special. Cédric,

Hello, Here are the logs. I hope it s ok now RogueKiller V8.2.3 [07/11/2012] by Tigzy mail: tigzyRK<at>gmail<dot>com Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/ Website: http://tigzy.geekstogo.com/roguekiller.php Blog: http://tigzyrk.blogspot.com Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version Started in : Normal mode User : Cedric [Admin rights] Mode : Remove -- Date : 16/11/2012 23:53:11 ¤¤¤ Bad processes : 0 ¤¤¤ ¤¤¤ Registry Entries : 0 ¤¤¤ ¤¤¤ Particular Files / Folders: ¤¤¤ ¤¤¤ Driver : [NOT LOADED] ¤¤¤ ¤¤¤ HOSTS File: ¤¤¤ --> C:\Windows\system32\drivers\etc\hosts 127.0.0.1 localhost ¤¤¤ MBR Check: ¤¤¤ +++++ PhysicalDrive0: ST9500420AS +++++ --- User --- [MBR] 6dfa341d7918dd07785e7847f1a410d7 [bSP] 5ff6e46df53fa96bb1401dd65357b79f : Lenovo tatooed MBR Code Partition table: 0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 1200 Mo 1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 2459648 | Size: 465737 Mo 2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 956291072 | Size: 10000 Mo User = LL1 ... OK! User = LL2 ... OK! Finished : << RKreport[19]_D_16112012_235311.txt >> RKreport[10].txt ; RKreport[11]_S_08112012_072611.txt ; RKreport[12]_S_08112012_164701.txt ; RKreport[13]_D_08112012_164710.txt ; RKreport[14]_D_08112012_164718.txt ; RKreport[15]_S_08112012_165543.txt ; RKreport[16]_D_08112012_165548.txt ; RKreport[17]_D_08112012_170749.txt ; RKreport[18]_S_16112012_235258.txt ; RKreport[19]_D_16112012_235311.txt ; RKreport[1].txt ; RKreport[2].txt ; RKreport[3].txt ; RKreport[4].txt ; RKreport[5].txt ; RKreport[6].txt ; RKreport[7].txt ; RKreport[8].txt ; RKreport[9].txt Malwarebytes Anti-Malware 1.65.1.1000 www.malwarebytes.org Version de la base de données: v2012.11.16.06 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 8.0.7601.17514 Cedric :: CEDRIC-THINK [administrateur] 16/11/2012 14:11:00 mbam-log-2012-11-16 (14-11-00).txt Type d'examen: Examen complet (C:\|Q:\|) Options d'examen activées: Mémoire | Démarrage | Registre | Système de fichiers | Heuristique/Extra | Heuristique/Shuriken | PUP | PUM Options d'examen désactivées: P2P Elément(s) analysé(s): 643721 Temps écoulé: 2 heure(s), 20 minute(s), 21 seconde(s) Processus mémoire détecté(s): 0 (Aucun élément nuisible détecté) Module(s) mémoire détecté(s): 0 (Aucun élément nuisible détecté) Clé(s) du Registre détectée(s): 0 (Aucun élément nuisible détecté) Valeur(s) du Registre détectée(s): 0 (Aucun élément nuisible détecté) Elément(s) de données du Registre détecté(s): 0 (Aucun élément nuisible détecté) Dossier(s) détecté(s): 0 (Aucun élément nuisible détecté) Fichier(s) détecté(s): 4 C:\Users\Cedric\Documents\FOTOS Et MUSICA\TAFF TAFF 2 2012-01-18 01;00;20\NSN Paris project\Back up 2008 08\USERINF\nla\NLAliczkowsc6fb\LegacyScript\isadmin.exe (Rogue.SecurityScan) -> Mis en quarantaine et supprimé avec succès. C:\Users\Cedric\Documents\FOTOS Et MUSICA\TAFF TAFF 2 2012-01-18 01;00;20\NSN Paris project\back up 2008 10\USERINF\nla\NLAliczkowsc6fb\LegacyScript\isadmin.exe (Rogue.SecurityScan) -> Mis en quarantaine et supprimé avec succès. C:\Users\Cedric\Documents\TAFF TAFF 2\NSN Paris project\Back up 2008 08\USERINF\nla\NLAliczkowsc6fb\LegacyScript\isadmin.exe (Rogue.SecurityScan) -> Mis en quarantaine et supprimé avec succès. C:\Users\Cedric\Documents\TAFF TAFF 2\NSN Paris project\back up 2008 10\USERINF\nla\NLAliczkowsc6fb\LegacyScript\isadmin.exe (Rogue.SecurityScan) -> Mis en quarantaine et supprimé avec succès. (fin)

Hello, Do you mean this IP is not dangerous any more? Cool! But bad new, I ran a scan again and it found something. Am I really unlucky? Must I delete this isadmin.exe ? Thanks again Cédric Malwarebytes Anti-Malware 1.65.1.1000 www.malwarebytes.org Version de la base de données: v2012.11.16.06 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 8.0.7601.17514 Cedric :: CEDRIC-THINK [administrateur] 16/11/2012 14:11:00 mbam-log-2012-11-16 (16-33-04).txt Type d'examen: Examen complet (C:\|Q:\|) Options d'examen activées: Mémoire | Démarrage | Registre | Système de fichiers | Heuristique/Extra | Heuristique/Shuriken | PUP | PUM Options d'examen désactivées: P2P Elément(s) analysé(s): 643721 Temps écoulé: 2 heure(s), 20 minute(s), 21 seconde(s) Processus mémoire détecté(s): 0 (Aucun élément nuisible détecté) Module(s) mémoire détecté(s): 0 (Aucun élément nuisible détecté) Clé(s) du Registre détectée(s): 0 (Aucun élément nuisible détecté) Valeur(s) du Registre détectée(s): 0 (Aucun élément nuisible détecté) Elément(s) de données du Registre détecté(s): 0 (Aucun élément nuisible détecté) Dossier(s) détecté(s): 0 (Aucun élément nuisible détecté) Fichier(s) détecté(s): 4 C:\Users\Cedric\Documents\FOTOS Et MUSICA\TAFF TAFF 2 2012-01-18 01;00;20\NSN Paris project\Back up 2008 08\USERINF\nla\NLAliczkowsc6fb\LegacyScript\isadmin.exe (Rogue.SecurityScan) -> Aucune action effectuée. C:\Users\Cedric\Documents\FOTOS Et MUSICA\TAFF TAFF 2 2012-01-18 01;00;20\NSN Paris project\back up 2008 10\USERINF\nla\NLAliczkowsc6fb\LegacyScript\isadmin.exe (Rogue.SecurityScan) -> Aucune action effectuée. C:\Users\Cedric\Documents\TAFF TAFF 2\NSN Paris project\Back up 2008 08\USERINF\nla\NLAliczkowsc6fb\LegacyScript\isadmin.exe (Rogue.SecurityScan) -> Aucune action effectuée. C:\Users\Cedric\Documents\TAFF TAFF 2\NSN Paris project\back up 2008 10\USERINF\nla\NLAliczkowsc6fb\LegacyScript\isadmin.exe (Rogue.SecurityScan) -> Aucune action effectuée. (fin)

Hello, Yes, I tried to change my hotmail password. Something strange is the message appears only with one of my two hotmail accounts. Do you think it could be a bug? Bellow, the log file. 2012/11/08 00:20:19 +0100 CEDRIC-THINK Cedric IP-BLOCK 46.17.97.109 (Type: outgoing, Port: 50538, Process: chrome.exe) 2012/11/08 01:02:42 +0100 CEDRIC-THINK Cedric IP-BLOCK 46.17.97.109 (Type: outgoing, Port: 51113, Process: chrome.exe) 2012/11/08 07:28:35 +0100 CEDRIC-THINK Cedric IP-BLOCK 46.17.97.109 (Type: outgoing, Port: 51681, Process: chrome.exe) 2012/11/08 16:45:04 +0100 CEDRIC-THINK Cedric IP-BLOCK 46.17.97.109 (Type: outgoing, Port: 52147, Process: chrome.exe) 2012/11/08 16:48:16 +0100 CEDRIC-THINK Cedric IP-BLOCK 46.17.97.109 (Type: outgoing, Port: 52323, Process: chrome.exe) 2012/11/08 16:54:43 +0100 CEDRIC-THINK Cedric IP-BLOCK 46.17.97.109 (Type: outgoing, Port: 52472, Process: chrome.exe) 2012/11/08 17:02:36 +0100 CEDRIC-THINK Cedric IP-BLOCK 46.17.97.109 (Type: outgoing, Port: 52645, Process: chrome.exe) 2012/11/08 17:42:12 +0100 CEDRIC-THINK Cedric MESSAGE Stopping protection 2012/11/08 17:42:12 +0100 CEDRIC-THINK Cedric MESSAGE Protection stopped successfully 2012/11/08 17:42:12 +0100 CEDRIC-THINK Cedric MESSAGE Stopping IP protection 2012/11/08 17:42:12 +0100 CEDRIC-THINK Cedric MESSAGE IP Protection stopped successfully 2012/11/08 17:42:35 +0100 CEDRIC-THINK Cedric MESSAGE Protection stopped

Hello, I ran again the MBAM and nothing was found (report bellow). Then, how can I be sure there is no redirecting to Russian IP now? Thanks again for your time. Malwarebytes Anti-Malware 1.65.1.1000 www.malwarebytes.org Version de la base de données: v2012.11.13.04 Windows 7 Service Pack 1 x64 NTFS (Mode sans échec) Internet Explorer 8.0.7601.17514 Cedric :: CEDRIC-THINK [administrateur] 13/11/2012 14:43:53 mbam-log-2012-11-13 (14-43-53).txt Type d'examen: Examen complet (C:\|Q:\|) Options d'examen activées: Mémoire | Démarrage | Registre | Système de fichiers | Heuristique/Extra | Heuristique/Shuriken | PUP | PUM Options d'examen désactivées: P2P Elément(s) analysé(s): 640841 Temps écoulé: 1 heure(s), 46 minute(s), 49 seconde(s) Processus mémoire détecté(s): 0 (Aucun élément nuisible détecté) Module(s) mémoire détecté(s): 0 (Aucun élément nuisible détecté) Clé(s) du Registre détectée(s): 0 (Aucun élément nuisible détecté) Valeur(s) du Registre détectée(s): 0 (Aucun élément nuisible détecté) Elément(s) de données du Registre détecté(s): 0 (Aucun élément nuisible détecté) Dossier(s) détecté(s): 0 (Aucun élément nuisible détecté) Fichier(s) détecté(s): 0 (Aucun élément nuisible détecté) (fin)

Good morning, Yes, that s very strange. Nothing was found but when I connected to hotmail I had a MBAM message telling me it blocked an IP adresse to russian. Now, my MBAM trial version expired. As the free version doesn't have automatic web site protection, I don't have the message anymore. Then, I'm a bit confused.

Nothing found!

Hello, Nop, it was not ticked. Should I run anto-rootkit any way?

Hello, No, sorry, I didn't see any IP list in Internet property windows. What should I looking for? In Internet property / LAN setting, I found: Use a proxy server for your LAN Should I tick this box?

Hello, I use chomium and I have the following message: Chromium is using your computer's system proxy settings to connect to the network. Should I change that? The hosts files only contains: 127.0.0.1 localhost

Hello, Here is the log roguekiller. By mistake I did DELETE twice. The report is after the second one. I couldn't see 46.17.97.109 in TCPView list. I tried to connect and disconnect my hotmail account. Impossible to see this IP in the list but the message still appears in Malwarebyte ! Any idea? Thanks Cédric RogueKiller V8.2.3 [07/11/2012] by Tigzy mail: tigzyRK<at>gmail<dot>com Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/ Website: http://tigzy.geekstogo.com/roguekiller.php Blog: http://tigzyrk.blogspot.com Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version Started in : Normal mode User : Cedric [Admin rights] Mode : Remove -- Date : 08/11/2012 16:47:18 ¤¤¤ Bad processes : 2 ¤¤¤ [RESIDUE] GoogleUpdate.exe -- C:\Users\Cedric\AppData\Local\Google\Update\GoogleUpdate.exe -> KILLED [TermProc] [RESIDUE] FacebookUpdate.exe -- C:\Users\Cedric\AppData\Local\Facebook\Update\FacebookUpdate.exe -> KILLED [TermProc] ¤¤¤ Registry Entries : 0 ¤¤¤ ¤¤¤ Particular Files / Folders: ¤¤¤ ¤¤¤ Driver : [NOT LOADED] ¤¤¤ ¤¤¤ HOSTS File: ¤¤¤ --> C:\Windows\system32\drivers\etc\hosts 127.0.0.1 localhost ¤¤¤ MBR Check: ¤¤¤ +++++ PhysicalDrive0: ST9500420AS +++++ --- User --- [MBR] 6dfa341d7918dd07785e7847f1a410d7 [bSP] 5ff6e46df53fa96bb1401dd65357b79f : Lenovo tatooed MBR Code Partition table: 0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 1200 Mo 1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 2459648 | Size: 465737 Mo 2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 956291072 | Size: 10000 Mo User = LL1 ... OK! User = LL2 ... OK! Finished : << RKreport[14]_D_08112012_164718.txt >> RKreport[10].txt ; RKreport[11]_S_08112012_072611.txt ; RKreport[12]_S_08112012_164701.txt ; RKreport[13]_D_08112012_164710.txt ; RKreport[14]_D_08112012_164718.txt ; RKreport[1].txt ; RKreport[2].txt ; RKreport[3].txt ; RKreport[4].txt ; RKreport[5].txt ; RKreport[6].txt ; RKreport[7].txt ; RKreport[8].txt ; RKreport[9].txt

Hey! It gave me that: RogueKiller V8.2.3 [07/11/2012] by Tigzy mail: tigzyRK<at>gmail<dot>com Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/ Website: http://tigzy.geekstogo.com/roguekiller.php Blog: http://tigzyrk.blogspot.com Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version Started in : Normal mode User : Cedric [Admin rights] Mode : Scan -- Date : 08/11/2012 07:26:11 ¤¤¤ Bad processes : 0 ¤¤¤ ¤¤¤ Registry Entries : 10 ¤¤¤ [TASK][sUSP PATH] GoogleUpdateTaskUserS-1-5-21-3945560438-835355012-1364033068-1000UA.job : C:\Users\Cedric\AppData\Local\Google\Update\GoogleUpdate.exe -> FOUND [TASK][sUSP PATH] GoogleUpdateTaskUserS-1-5-21-3945560438-835355012-1364033068-1000Core.job : C:\Users\Cedric\AppData\Local\Google\Update\GoogleUpdate.exe -> FOUND [TASK][sUSP PATH] FacebookUpdateTaskUserS-1-5-21-3945560438-835355012-1364033068-1000UA.job : C:\Users\Cedric\AppData\Local\Facebook\Update\FacebookUpdate.exe -> FOUND [TASK][sUSP PATH] FacebookUpdateTaskUserS-1-5-21-3945560438-835355012-1364033068-1000Core.job : C:\Users\Cedric\AppData\Local\Facebook\Update\FacebookUpdate.exe -> FOUND [TASK][sUSP PATH] FacebookUpdateTaskUserS-1-5-21-3945560438-835355012-1364033068-1000Core : C:\Users\Cedric\AppData\Local\Facebook\Update\FacebookUpdate.exe /c /nocrashserver -> FOUND [TASK][sUSP PATH] FacebookUpdateTaskUserS-1-5-21-3945560438-835355012-1364033068-1000UA : C:\Users\Cedric\AppData\Local\Facebook\Update\FacebookUpdate.exe /ua /installsource scheduler -> FOUND [TASK][sUSP PATH] GoogleUpdateTaskUserS-1-5-21-3945560438-835355012-1364033068-1000Core : C:\Users\Cedric\AppData\Local\Google\Update\GoogleUpdate.exe /c -> FOUND [TASK][sUSP PATH] GoogleUpdateTaskUserS-1-5-21-3945560438-835355012-1364033068-1000UA : C:\Users\Cedric\AppData\Local\Google\Update\GoogleUpdate.exe /ua /installsource scheduler -> FOUND [HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> FOUND [HJPOL] HKLM\[...]\Wow6432Node\System : DisableRegistryTools (0) -> FOUND ¤¤¤ Particular Files / Folders: ¤¤¤ ¤¤¤ Driver : [NOT LOADED] ¤¤¤ ¤¤¤ HOSTS File: ¤¤¤ --> C:\Windows\system32\drivers\etc\hosts 127.0.0.1 localhost ¤¤¤ MBR Check: ¤¤¤ +++++ PhysicalDrive0: ST9500420AS +++++ --- User --- [MBR] 6dfa341d7918dd07785e7847f1a410d7 [bSP] 5ff6e46df53fa96bb1401dd65357b79f : Lenovo tatooed MBR Code Partition table: 0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 1200 Mo 1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 2459648 | Size: 465737 Mo 2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 956291072 | Size: 10000 Mo User = LL1 ... OK! User = LL2 ... OK! Finished : << RKreport[11]_S_08112012_072611.txt >> RKreport[10].txt ; RKreport[11]_S_08112012_072611.txt ; RKreport[1].txt ; RKreport[2].txt ; RKreport[3].txt ; RKreport[4].txt ; RKreport[5].txt ; RKreport[6].txt ; RKreport[7].txt ; RKreport[8].txt ; RKreport[9].txt

Hello, Here is the report, but it was very fast (less than one second) is it normal? MBRScan v1.1.1 OS : Windows 7 Service Pack 1 (64 bit) PROCESSOR : Intel64 Family 6 Model 42 Stepping 7, GenuineIntel BOOT : Normal Boot DATE : 2012/11/08 (ISO 8601) at 00:10:49 ________________________________________________________________________________ DISK : Device\Harddisk0\DR0 __ST950042 0AS (0003) BUS_TYPE : (0x03) P-ATA USE_PIO : NO MAX_TRANSFER : 128 Kb ALIGNMENT_MASK : word aligned ________________________________________________________________________________ Device\Harddisk0\DR0 465.8 Go [Fixed] ==> Lenovo boot sector . MBR_MD5 : 6DFA341D7918DD07785E7847F1A410D7 MBR_SHA1 : 1D58D65248CA19FBE5DB9FDA2D9979CB29C3CAD0 Device\Harddisk0\Partition1 1.17 Go 0x07 NTFS / HPFS __ BOOTABLE __ Device\Harddisk0\Partition2 454.8 Go 0x07 NTFS / HPFS Device\Harddisk0\Partition3 9.77 Go 0x07 NTFS / HPFS ________________________________________________________________________________ ############################### Additional scan ################################ DRIVER : C:\Windows\system32\hal.dll => Invisible on the disk ADDRESS : 0x02E03000 SIZE : 292.0 Ko DRIVER : C:\Windows\system32\kdcom.dll => Invisible on the disk ADDRESS : 0x00BD3000 SIZE : 40.0 Ko DRIVER : C:\Windows\system32\mcupdate_GenuineIntel.dll => Invisible on the disk ADDRESS : 0x00C41000 SIZE : 316.0 Ko DRIVER : C:\Windows\system32\CLFS.SYS => Invisible on the disk ADDRESS : 0x00CA4000 SIZE : 376.0 Ko DRIVER : C:\Windows\system32\CI.dll => Invisible on the disk ADDRESS : 0x00D02000 SIZE : 768.0 Ko DRIVER : C:\Windows\system32\drivers\Wdf01000.sys => Invisible on the disk ADDRESS : 0x00EA8000 SIZE : 656.0 Ko DRIVER : C:\Windows\system32\drivers\WDFLDR.SYS => Invisible on the disk ADDRESS : 0x00F4C000 SIZE : 60.0 Ko DRIVER : C:\Windows\system32\drivers\ACPI.sys => Invisible on the disk ADDRESS : 0x00F5B000 SIZE : 348.0 Ko DRIVER : C:\Windows\system32\drivers\WMILIB.SYS => Invisible on the disk ADDRESS : 0x00FB2000 SIZE : 36.0 Ko DRIVER : C:\Windows\system32\drivers\msisadrv.sys => Invisible on the disk ADDRESS : 0x00FBB000 SIZE : 40.0 Ko DRIVER : C:\Windows\system32\drivers\pci.sys => Invisible on the disk ADDRESS : 0x00FC5000 SIZE : 204.0 Ko DRIVER : C:\Windows\system32\drivers\vdrvroot.sys => Invisible on the disk ADDRESS : 0x00E00000 SIZE : 52.0 Ko DRIVER : C:\Windows\System32\drivers\partmgr.sys => Invisible on the disk ADDRESS : 0x00E0D000 SIZE : 84.0 Ko DRIVER : C:\Windows\system32\DRIVERS\compbatt.sys => Invisible on the disk ADDRESS : 0x00E22000 SIZE : 36.0 Ko DRIVER : C:\Windows\system32\DRIVERS\BATTC.SYS => Invisible on the disk ADDRESS : 0x00E2B000 SIZE : 48.0 Ko DRIVER : C:\Windows\system32\drivers\volmgr.sys => Invisible on the disk ADDRESS : 0x00E37000 SIZE : 84.0 Ko DRIVER : C:\Windows\System32\drivers\volmgrx.sys => Invisible on the disk ADDRESS : 0x00E4C000 SIZE : 368.0 Ko DRIVER : C:\Windows\System32\drivers\mountmgr.sys => Invisible on the disk ADDRESS : 0x00DC2000 SIZE : 104.0 Ko DRIVER : C:\Windows\system32\drivers\vmbus.sys => Invisible on the disk ADDRESS : 0x00C00000 SIZE : 240.0 Ko DRIVER : C:\Windows\system32\drivers\winhv.sys => Invisible on the disk ADDRESS : 0x00DDC000 SIZE : 80.0 Ko DRIVER : C:\Windows\system32\DRIVERS\iaStor.sys => Invisible on the disk ADDRESS : 0x0106A000 SIZE : 1.33 Mo DRIVER : C:\Windows\system32\drivers\amdxata.sys => Invisible on the disk ADDRESS : 0x011BE000 SIZE : 44.0 Ko DRIVER : C:\Windows\system32\drivers\fltmgr.sys => Invisible on the disk ADDRESS : 0x01000000 SIZE : 304.0 Ko DRIVER : C:\Windows\system32\drivers\fileinfo.sys => Invisible on the disk ADDRESS : 0x0104C000 SIZE : 80.0 Ko DRIVER : C:\Windows\system32\DRIVERS\MpFilter.sys => Invisible on the disk ADDRESS : 0x012A7000 SIZE : 224.0 Ko DRIVER : C:\Windows\System32\Drivers\Ntfs.sys => Invisible on the disk ADDRESS : 0x01436000 SIZE : 1.64 Mo DRIVER : C:\Windows\System32\Drivers\msrpc.sys => Invisible on the disk ADDRESS : 0x012DF000 SIZE : 376.0 Ko DRIVER : C:\Windows\System32\Drivers\ksecdd.sys => Invisible on the disk ADDRESS : 0x015D9000 SIZE : 108.0 Ko DRIVER : C:\Windows\System32\Drivers\cng.sys => Invisible on the disk ADDRESS : 0x0133D000 SIZE : 456.0 Ko DRIVER : C:\Windows\System32\drivers\pcw.sys => Invisible on the disk ADDRESS : 0x01400000 SIZE : 68.0 Ko DRIVER : C:\Windows\System32\DRIVERS\DzHDD64.sys => Invisible on the disk ADDRESS : 0x01411000 SIZE : 44.0 Ko DRIVER : C:\Windows\System32\Drivers\Fs_Rec.sys => Invisible on the disk ADDRESS : 0x0141C000 SIZE : 40.0 Ko DRIVER : C:\Windows\system32\drivers\ndis.sys => Invisible on the disk ADDRESS : 0x01661000 SIZE : 968.0 Ko DRIVER : C:\Windows\system32\drivers\NETIO.SYS => Invisible on the disk ADDRESS : 0x01753000 SIZE : 384.0 Ko DRIVER : C:\Windows\System32\Drivers\ksecpkg.sys => Invisible on the disk ADDRESS : 0x017B3000 SIZE : 168.0 Ko DRIVER : C:\Windows\System32\drivers\tcpip.sys => Invisible on the disk ADDRESS : 0x01800000 SIZE : 2.00 Mo DRIVER : C:\Windows\System32\drivers\fwpkclnt.sys => Invisible on the disk ADDRESS : 0x01600000 SIZE : 296.0 Ko DRIVER : C:\Windows\system32\drivers\vmstorfl.sys => Invisible on the disk ADDRESS : 0x0164A000 SIZE : 64.0 Ko DRIVER : C:\Windows\system32\drivers\volsnap.sys => Invisible on the disk ADDRESS : 0x013AF000 SIZE : 304.0 Ko DRIVER : C:\Windows\System32\DRIVERS\ApsHM64.sys => Invisible on the disk ADDRESS : 0x017DD000 SIZE : 40.0 Ko DRIVER : C:\Windows\System32\Drivers\spldr.sys => Invisible on the disk ADDRESS : 0x017E7000 SIZE : 32.0 Ko DRIVER : C:\Windows\System32\drivers\rdyboost.sys => Invisible on the disk ADDRESS : 0x01200000 SIZE : 232.0 Ko DRIVER : C:\Windows\System32\DRIVERS\Apsx64.sys => Invisible on the disk ADDRESS : 0x0123A000 SIZE : 152.0 Ko DRIVER : C:\Windows\System32\Drivers\RapportKE64.sys => Invisible on the disk ADDRESS : 0x01260000 SIZE : 92.0 Ko DRIVER : C:\Windows\System32\Drivers\mup.sys => Invisible on the disk ADDRESS : 0x01277000 SIZE : 72.0 Ko DRIVER : C:\Windows\System32\drivers\hwpolicy.sys => Invisible on the disk ADDRESS : 0x017EF000 SIZE : 36.0 Ko DRIVER : C:\Windows\System32\DRIVERS\fvevol.sys => Invisible on the disk ADDRESS : 0x01AB3000 SIZE : 232.0 Ko DRIVER : C:\Windows\system32\DRIVERS\disk.sys => Invisible on the disk ADDRESS : 0x01AED000 SIZE : 88.0 Ko DRIVER : C:\Windows\system32\DRIVERS\CLASSPNP.SYS => Invisible on the disk ADDRESS : 0x01B03000 SIZE : 192.0 Ko DRIVER : C:\Windows\System32\Drivers\Null.SYS => Invisible on the disk ADDRESS : 0x04071000 SIZE : 36.0 Ko DRIVER : C:\Windows\System32\Drivers\Beep.SYS => Invisible on the disk ADDRESS : 0x0407A000 SIZE : 28.0 Ko DRIVER : C:\Windows\System32\drivers\vga.sys => Invisible on the disk ADDRESS : 0x103B2000 SIZE : 56.0 Ko DRIVER : C:\Windows\System32\drivers\VIDEOPRT.SYS => Invisible on the disk ADDRESS : 0x103C0000 SIZE : 148.0 Ko DRIVER : C:\Windows\System32\drivers\watchdog.sys => Invisible on the disk ADDRESS : 0x103E5000 SIZE : 64.0 Ko DRIVER : C:\Windows\System32\DRIVERS\RDPCDD.sys => Invisible on the disk ADDRESS : 0x103F5000 SIZE : 36.0 Ko DRIVER : C:\Windows\system32\drivers\rdpencdd.sys => Invisible on the disk ADDRESS : 0x0F200000 SIZE : 36.0 Ko DRIVER : C:\Windows\system32\drivers\rdprefmp.sys => Invisible on the disk ADDRESS : 0x041EB000 SIZE : 36.0 Ko DRIVER : C:\Windows\System32\Drivers\Msfs.SYS => Invisible on the disk ADDRESS : 0x041F4000 SIZE : 44.0 Ko DRIVER : C:\Windows\System32\Drivers\Npfs.SYS => Invisible on the disk ADDRESS : 0x01BBB000 SIZE : 68.0 Ko DRIVER : C:\Windows\system32\DRIVERS\tdx.sys => Invisible on the disk ADDRESS : 0x01BCC000 SIZE : 136.0 Ko DRIVER : C:\Windows\system32\DRIVERS\TDI.SYS => Invisible on the disk ADDRESS : 0x01BEE000 SIZE : 52.0 Ko DRIVER : C:\Windows\system32\drivers\afd.sys => Invisible on the disk ADDRESS : 0x01A00000 SIZE : 548.0 Ko DRIVER : C:\Windows\System32\DRIVERS\netbt.sys => Invisible on the disk ADDRESS : 0x044B9000 SIZE : 276.0 Ko DRIVER : C:\Windows\system32\drivers\ws2ifsl.sys => Invisible on the disk ADDRESS : 0x044FE000 SIZE : 44.0 Ko DRIVER : C:\Windows\system32\DRIVERS\wfplwf.sys => Invisible on the disk ADDRESS : 0x04509000 SIZE : 36.0 Ko DRIVER : C:\Windows\system32\DRIVERS\pacer.sys => Invisible on the disk ADDRESS : 0x04512000 SIZE : 152.0 Ko DRIVER : C:\Windows\system32\DRIVERS\vwififlt.sys => Invisible on the disk ADDRESS : 0x04538000 SIZE : 88.0 Ko DRIVER : C:\Windows\system32\DRIVERS\netbios.sys => Invisible on the disk ADDRESS : 0x0454E000 SIZE : 60.0 Ko DRIVER : C:\Windows\system32\DRIVERS\serial.sys => Invisible on the disk ADDRESS : 0x0455D000 SIZE : 116.0 Ko DRIVER : C:\Windows\system32\DRIVERS\wanarp.sys => Invisible on the disk ADDRESS : 0x0457A000 SIZE : 108.0 Ko DRIVER : C:\Windows\System32\drivers\Tppwr64v.sys => Invisible on the disk ADDRESS : 0x04595000 SIZE : 28.0 Ko DRIVER : C:\Windows\system32\drivers\termdd.sys => Invisible on the disk ADDRESS : 0x0459C000 SIZE : 80.0 Ko DRIVER : C:\Windows\system32\DRIVERS\rdbss.sys => Invisible on the disk ADDRESS : 0x04400000 SIZE : 324.0 Ko DRIVER : C:\Windows\system32\drivers\nsiproxy.sys => Invisible on the disk ADDRESS : 0x04464000 SIZE : 48.0 Ko DRIVER : C:\Windows\system32\drivers\mssmbios.sys => Invisible on the disk ADDRESS : 0x04470000 SIZE : 44.0 Ko DRIVER : C:\Windows\system32\DRIVERS\smiifx64.sys => Invisible on the disk ADDRESS : 0x0447B000 SIZE : 28.0 Ko DRIVER : C:\Windows\System32\drivers\discache.sys => Invisible on the disk ADDRESS : 0x04482000 SIZE : 60.0 Ko DRIVER : C:\Windows\system32\drivers\csc.sys => Invisible on the disk ADDRESS : 0x02E04000 SIZE : 524.0 Ko DRIVER : C:\Windows\System32\Drivers\dfsc.sys => Invisible on the disk ADDRESS : 0x02E87000 SIZE : 120.0 Ko DRIVER : C:\Windows\system32\DRIVERS\blbdrive.sys => Invisible on the disk ADDRESS : 0x02EA5000 SIZE : 68.0 Ko DRIVER : C:\Windows\system32\DRIVERS\tunnel.sys => Invisible on the disk ADDRESS : 0x02EB6000 SIZE : 152.0 Ko DRIVER : C:\Windows\system32\DRIVERS\intelppm.sys => Invisible on the disk ADDRESS : 0x02EDC000 SIZE : 88.0 Ko DRIVER : C:\Windows\system32\DRIVERS\igdkmd64.sys => Invisible on the disk ADDRESS : 0x04A4D000 SIZE : 11.69 Mo DRIVER : C:\Windows\System32\drivers\dxgkrnl.sys => Invisible on the disk ADDRESS : 0x02EF2000 SIZE : 976.0 Ko DRIVER : C:\Windows\System32\drivers\dxgmms1.sys => Invisible on the disk ADDRESS : 0x04A00000 SIZE : 280.0 Ko DRIVER : C:\Windows\system32\DRIVERS\HECIx64.sys => Invisible on the disk ADDRESS : 0x02FE6000 SIZE : 68.0 Ko DRIVER : C:\Windows\system32\DRIVERS\serenum.sys => Invisible on the disk ADDRESS : 0x04491000 SIZE : 48.0 Ko DRIVER : C:\Windows\system32\DRIVERS\e1c62x64.sys => Invisible on the disk ADDRESS : 0x045B0000 SIZE : 320.0 Ko DRIVER : C:\Windows\system32\drivers\usbehci.sys => Invisible on the disk ADDRESS : 0x0449D000 SIZE : 68.0 Ko DRIVER : C:\Windows\system32\drivers\USBPORT.SYS => Invisible on the disk ADDRESS : 0x058AC000 SIZE : 344.0 Ko DRIVER : C:\Windows\system32\drivers\HDAudBus.sys => Invisible on the disk ADDRESS : 0x05902000 SIZE : 144.0 Ko DRIVER : C:\Windows\system32\DRIVERS\NETwNs64.sys => Invisible on the disk ADDRESS : 0x05A9B000 SIZE : 8.42 Mo DRIVER : C:\Windows\system32\DRIVERS\vwifibus.sys => Invisible on the disk ADDRESS : 0x06306000 SIZE : 52.0 Ko DRIVER : C:\Windows\system32\DRIVERS\risdxc64.sys => Invisible on the disk ADDRESS : 0x06313000 SIZE : 120.0 Ko DRIVER : C:\Windows\system32\drivers\i8042prt.sys => Invisible on the disk ADDRESS : 0x0636F000 SIZE : 120.0 Ko DRIVER : C:\Windows\system32\drivers\kbdclass.sys => Invisible on the disk ADDRESS : 0x0638D000 SIZE : 60.0 Ko DRIVER : C:\Windows\system32\DRIVERS\SynTP.sys => Invisible on the disk ADDRESS : 0x068A3000 SIZE : 1.36 Mo DRIVER : C:\Windows\system32\DRIVERS\USBD.SYS => Invisible on the disk ADDRESS : 0x06800000 SIZE : 8.0 Ko DRIVER : C:\Windows\system32\DRIVERS\mouclass.sys => Invisible on the disk ADDRESS : 0x06802000 SIZE : 60.0 Ko DRIVER : C:\Windows\system32\drivers\tpm.sys => Invisible on the disk ADDRESS : 0x06811000 SIZE : 60.0 Ko DRIVER : C:\Windows\system32\DRIVERS\CmBatt.sys => Invisible on the disk ADDRESS : 0x06820000 SIZE : 20.0 Ko DRIVER : C:\Windows\system32\DRIVERS\ibmpmdrv.sys => Invisible on the disk ADDRESS : 0x06825000 SIZE : 52.0 Ko DRIVER : C:\Windows\system32\DRIVERS\GEARAspiWDM.sys => Invisible on the disk ADDRESS : 0x06832000 SIZE : 52.0 Ko DRIVER : C:\Windows\system32\drivers\wmiacpi.sys => Invisible on the disk ADDRESS : 0x0683F000 SIZE : 36.0 Ko DRIVER : C:\Windows\system32\drivers\CompositeBus.sys => Invisible on the disk ADDRESS : 0x06848000 SIZE : 64.0 Ko DRIVER : C:\Windows\system32\drivers\tbhsd.sys => Invisible on the disk ADDRESS : 0x06858000 SIZE : 64.0 Ko DRIVER : C:\Windows\system32\drivers\portcls.sys => Invisible on the disk ADDRESS : 0x0639C000 SIZE : 244.0 Ko DRIVER : C:\Windows\system32\drivers\drmk.sys => Invisible on the disk ADDRESS : 0x06868000 SIZE : 136.0 Ko DRIVER : C:\Windows\system32\drivers\ks.sys => Invisible on the disk ADDRESS : 0x05A00000 SIZE : 268.0 Ko DRIVER : C:\Windows\system32\drivers\ksthunk.sys => Invisible on the disk ADDRESS : 0x0688A000 SIZE : 24.0 Ko DRIVER : C:\Windows\System32\Drivers\RootMdm.sys => Invisible on the disk ADDRESS : 0x06890000 SIZE : 32.0 Ko DRIVER : C:\Windows\system32\drivers\modem.sys => Invisible on the disk ADDRESS : 0x05A43000 SIZE : 60.0 Ko DRIVER : C:\Windows\system32\DRIVERS\AgileVpn.sys => Invisible on the disk ADDRESS : 0x05A52000 SIZE : 88.0 Ko DRIVER : C:\Windows\system32\DRIVERS\rasl2tp.sys => Invisible on the disk ADDRESS : 0x05A68000 SIZE : 144.0 Ko DRIVER : C:\Windows\system32\DRIVERS\ndistapi.sys => Invisible on the disk ADDRESS : 0x05A8C000 SIZE : 48.0 Ko DRIVER : C:\Windows\system32\DRIVERS\ndiswan.sys => Invisible on the disk ADDRESS : 0x05926000 SIZE : 188.0 Ko DRIVER : C:\Windows\system32\DRIVERS\raspppoe.sys => Invisible on the disk ADDRESS : 0x063D9000 SIZE : 108.0 Ko DRIVER : C:\Windows\system32\DRIVERS\raspptp.sys => Invisible on the disk ADDRESS : 0x05955000 SIZE : 132.0 Ko DRIVER : C:\Windows\system32\DRIVERS\rassstp.sys => Invisible on the disk ADDRESS : 0x05976000 SIZE : 104.0 Ko DRIVER : C:\Windows\system32\DRIVERS\RimSerial_AMD64.sys => Invisible on the disk ADDRESS : 0x05990000 SIZE : 72.0 Ko DRIVER : C:\Windows\system32\DRIVERS\rdpbus.sys => Invisible on the disk ADDRESS : 0x06898000 SIZE : 44.0 Ko DRIVER : C:\Windows\system32\DRIVERS\rrnetcap.sys => Invisible on the disk ADDRESS : 0x063F4000 SIZE : 48.0 Ko DRIVER : C:\Windows\system32\DRIVERS\psadd.sys => Invisible on the disk ADDRESS : 0x059A2000 SIZE : 56.0 Ko DRIVER : C:\Windows\system32\DRIVERS\Tvti2c.sys => Invisible on the disk ADDRESS : 0x059B0000 SIZE : 56.0 Ko DRIVER : C:\Windows\system32\drivers\swenum.sys => Invisible on the disk ADDRESS : 0x05A98000 SIZE : 8.0 Ko DRIVER : C:\Windows\system32\DRIVERS\umbus.sys => Invisible on the disk ADDRESS : 0x059BE000 SIZE : 72.0 Ko DRIVER : C:\Windows\system32\DRIVERS\usbhub.sys => Invisible on the disk ADDRESS : 0x05800000 SIZE : 360.0 Ko DRIVER : C:\Windows\System32\Drivers\NDProxy.SYS => Invisible on the disk ADDRESS : 0x0585A000 SIZE : 84.0 Ko DRIVER : C:\Windows\system32\drivers\CHDRT64.sys => Invisible on the disk ADDRESS : 0x0823E000 SIZE : 1.56 Mo DRIVER : C:\Windows\system32\DRIVERS\IntcDAud.sys => Invisible on the disk ADDRESS : 0x08400000 SIZE : 332.0 Ko DRIVER : C:\Windows\System32\win32k.sys => Invisible on the disk ADDRESS : 0x000E0000 SIZE : 3.08 Mo DRIVER : C:\Windows\System32\drivers\Dxapi.sys => Invisible on the disk ADDRESS : 0x08453000 SIZE : 48.0 Ko DRIVER : C:\Windows\System32\Drivers\crashdmp.sys => Invisible on the disk ADDRESS : 0x0845F000 SIZE : 56.0 Ko DRIVER : C:\Windows\System32\Drivers\dump_iaStor.sys => Invisible on the disk ADDRESS : 0x0846D000 SIZE : 1.33 Mo DRIVER : C:\Windows\System32\Drivers\dump_dumpfve.sys => Invisible on the disk ADDRESS : 0x085C1000 SIZE : 76.0 Ko DRIVER : C:\Windows\system32\DRIVERS\usbccgp.sys => Invisible on the disk ADDRESS : 0x085D4000 SIZE : 116.0 Ko DRIVER : C:\Windows\system32\DRIVERS\hidusb.sys => Invisible on the disk ADDRESS : 0x085F1000 SIZE : 56.0 Ko DRIVER : C:\Windows\system32\DRIVERS\HIDCLASS.SYS => Invisible on the disk ADDRESS : 0x08200000 SIZE : 100.0 Ko DRIVER : C:\Windows\system32\DRIVERS\HIDPARSE.SYS => Invisible on the disk ADDRESS : 0x08219000 SIZE : 36.0 Ko DRIVER : C:\Windows\system32\DRIVERS\5U877.sys => Invisible on the disk ADDRESS : 0x083CE000 SIZE : 164.0 Ko DRIVER : C:\Windows\system32\DRIVERS\STREAM.SYS => Invisible on the disk ADDRESS : 0x08222000 SIZE : 68.0 Ko DRIVER : C:\Windows\system32\DRIVERS\ElcMouLFlt.sys => Invisible on the disk ADDRESS : 0x08233000 SIZE : 44.0 Ko DRIVER : C:\Windows\system32\DRIVERS\mouhid.sys => Invisible on the disk ADDRESS : 0x0586F000 SIZE : 52.0 Ko DRIVER : C:\Windows\system32\DRIVERS\ElcMouUFlt.sys => Invisible on the disk ADDRESS : 0x0587C000 SIZE : 44.0 Ko DRIVER : C:\Windows\system32\DRIVERS\monitor.sys => Invisible on the disk ADDRESS : 0x05887000 SIZE : 56.0 Ko DRIVER : C:\Windows\System32\TSDDD.dll => Invisible on the disk ADDRESS : 0x00540000 SIZE : 40.0 Ko DRIVER : C:\Windows\System32\cdd.dll => Invisible on the disk ADDRESS : 0x00680000 SIZE : 156.0 Ko DRIVER : C:\Windows\system32\drivers\luafv.sys => Invisible on the disk ADDRESS : 0x059D0000 SIZE : 140.0 Ko DRIVER : C:\Windows\system32\drivers\mbam.sys => Invisible on the disk ADDRESS : 0x059F3000 SIZE : 40.0 Ko DRIVER : C:\Windows\system32\drivers\WudfPf.sys => Invisible on the disk ADDRESS : 0x04081000 SIZE : 132.0 Ko DRIVER : C:\Windows\system32\DRIVERS\WinUSB.sys => Invisible on the disk ADDRESS : 0x06331000 SIZE : 68.0 Ko DRIVER : C:\Windows\system32\DRIVERS\WUDFRd.sys => Invisible on the disk ADDRESS : 0x040A2000 SIZE : 196.0 Ko DRIVER : C:\Windows\system32\DRIVERS\lltdio.sys => Invisible on the disk ADDRESS : 0x06342000 SIZE : 84.0 Ko DRIVER : C:\Windows\system32\DRIVERS\nwifi.sys => Invisible on the disk ADDRESS : 0x040D3000 SIZE : 332.0 Ko DRIVER : C:\Windows\system32\DRIVERS\ndisuio.sys => Invisible on the disk ADDRESS : 0x06357000 SIZE : 76.0 Ko DRIVER : C:\Windows\system32\DRIVERS\rspndr.sys => Invisible on the disk ADDRESS : 0x04126000 SIZE : 96.0 Ko DRIVER : C:\Windows\system32\drivers\HTTP.sys => Invisible on the disk ADDRESS : 0x03CAF000 SIZE : 804.0 Ko DRIVER : C:\Windows\system32\DRIVERS\bowser.sys => Invisible on the disk ADDRESS : 0x03D78000 SIZE : 120.0 Ko DRIVER : C:\Windows\System32\drivers\mpsdrv.sys => Invisible on the disk ADDRESS : 0x03D96000 SIZE : 96.0 Ko DRIVER : C:\Windows\system32\DRIVERS\mrxsmb.sys => Invisible on the disk ADDRESS : 0x03DAE000 SIZE : 180.0 Ko DRIVER : C:\Windows\system32\DRIVERS\mrxsmb10.sys => Invisible on the disk ADDRESS : 0x03C00000 SIZE : 312.0 Ko DRIVER : C:\Windows\system32\DRIVERS\mrxsmb20.sys => Invisible on the disk ADDRESS : 0x03C4E000 SIZE : 144.0 Ko DRIVER : C:\Windows\system32\DRIVERS\NisDrvWFP.sys => Invisible on the disk ADDRESS : 0x03C72000 SIZE : 132.0 Ko DRIVER : C:\Windows\system32\drivers\peauth.sys => Invisible on the disk ADDRESS : 0x0413E000 SIZE : 664.0 Ko DRIVER : C:\Windows\System32\Drivers\secdrv.SYS => Invisible on the disk ADDRESS : 0x03C93000 SIZE : 44.0 Ko DRIVER : C:\Windows\System32\DRIVERS\srvnet.sys => Invisible on the disk ADDRESS : 0x011C9000 SIZE : 196.0 Ko DRIVER : C:\Windows\System32\drivers\tcpipreg.sys => Invisible on the disk ADDRESS : 0x03DDB000 SIZE : 72.0 Ko DRIVER : C:\Windows\System32\DRIVERS\srv2.sys => Invisible on the disk ADDRESS : 0x08020000 SIZE : 420.0 Ko DRIVER : C:\Windows\System32\DRIVERS\srv.sys => Invisible on the disk ADDRESS : 0x08089000 SIZE : 608.0 Ko DRIVER : C:\Windows\System32\smss.exe => Invisible on the disk ADDRESS : 0x47720000 SIZE : 128.0 Ko BCD EmsSettings {0CE4991B-E6B3-4B16-B23C-5E0D9250E5D9} => BcdLibraryBoolean_EmsEnabled (16000020) SystemStartOptions : NOEXECUTE=OPTIN ________________________________________________________________________________ _______MBR \Device\Harddisk0\DR0 0x00000000 EB 0E 0A 00 04 00 C0 09 00 00 00 00 00 00 4E 50 ë.....À.......NP 0x00000010 FA 33 C0 BC 00 66 8E D0 50 07 50 1F FB FC BE 09 ú3À¼.f.ÐP.P.ûü¾. 0x00000020 00 89 14 BF 00 08 BE 00 7C B9 00 01 F3 A5 50 BF ...¿..¾.|¹..ó¥P¿ 0x00000030 34 08 57 CB BB 00 06 BE 02 08 0F B6 0C B8 01 02 4.WË»..¾...¶.¸.. 0x00000040 BA 80 00 CD 13 BA 05 00 BF 00 06 B9 00 02 E8 24 º..Í.º..¿..¹..è$ 0x00000050 01 B9 05 00 BB 00 12 BE 00 06 03 F1 E8 FF 00 EB .¹..»..¾...ñè..ë 0x00000060 0A B3 01 BE A7 12 88 1C E9 89 00 E8 2D 00 3C 01 .³.¾§...é..è-.<. 0x00000070 74 EF E8 52 00 3C 01 74 E8 BA 04 00 BF 00 0A B9 tïèR.<.tèº..¿..¹ 0x00000080 A7 08 E8 F0 00 E8 35 05 E9 88 01 BE 05 08 0A 04 §.èð.è5.é..¾.... 0x00000090 88 04 B1 01 BB 00 08 E8 B9 00 C3 BE 00 06 E8 17 ..±.»..è¹.þ..è. 0x000000A0 00 BE 23 06 80 3C 00 74 0C 3C 00 74 08 B0 02 E8 .¾#..<.t.<.t.°.è 0x000000B0 D9 FF B0 01 C3 B0 00 C3 B9 00 02 4E 32 C0 8B D9 Ù.°.ð.ù..N2À.Ù 0x000000C0 8A 10 32 C2 E2 F8 C3 B9 05 00 51 B8 00 02 F7 E1 ..2Ââøù..Q¸..÷á 0x000000D0 05 00 08 8B F0 E8 E0 FF 5E 56 0F B6 8C 05 06 E3 ....ðèà.^V.¶...ã 0x000000E0 04 38 C1 75 06 59 E2 E2 B0 00 C3 59 B0 01 E8 9A .8Áu.Yââ°.ÃY°.è. 0x000000F0 FF B0 01 C3 BE 07 08 0F B6 0C B8 01 02 BB 00 7C .°.þ...¶.¸..».| 0x00000100 BA 80 00 CD 13 BE 00 7C E8 AD FF BE 06 08 0F B6 º..Í.¾.|è­.¾...¶ 0x00000110 0C E3 1C 38 C1 74 18 B0 04 E8 6F FF BE AF 07 E8 .ã.8Át.°.èo.¾¯.è 0x00000120 8C 02 BE A7 12 80 3C 01 74 03 E8 0A 01 CD 18 BE ..¾§..<.t.è..Í.¾ 0x00000130 BE 09 BF BE 7D B9 20 00 F3 A5 BA 04 00 BF 00 7C ¾.¿¾}¹ .ó¥º..¿.| 0x00000140 B9 BE 01 E8 2F 00 BE 09 00 8B 14 33 C0 50 BF 00 ¹¾.è/.¾....3ÀP¿. 0x00000150 7C 57 CB 32 ED B8 01 03 BA 80 00 CD 13 C3 51 4E |WË2í¸..º..Í.ÃQN 0x00000160 0F B6 0C E3 08 B8 01 02 BA 80 00 CD 13 81 EB 00 .¶.ã.¸..º..Í..ë. 0x00000170 02 59 E2 EA C3 52 57 51 B8 00 BB CD 1A 72 2B 66 .YâêÃRWQ¸.»Í.r+f 0x00000180 83 F8 00 75 25 81 F9 02 01 7C 1F 66 81 FB 54 43 .ø.u%.ù..|.f.ûTC 0x00000190 50 41 75 16 33 C0 8E C0 66 33 F6 B8 07 BB 66 33 PAu.3À.Àf3ö¸.»f3 0x000001A0 C9 66 33 D2 59 5F 5A CD 1A C3 59 5F 5A C3 00 00 Éf3ÒY_ZÍ.ÃY_ZÃ.. 0x000001B0 6D 00 00 00 00 62 7A 99 50 4A 3A A1 00 00 80 20 m....bz.PJ:¡... 0x000001C0 21 00 07 1B 02 99 00 08 00 00 00 80 25 00 00 1B !...........%... 0x000001D0 03 99 07 FE FF FF 00 88 25 00 F8 4F DA 38 00 FE ...þ....%.øOÚ8.þ 0x000001E0 FF FF 07 FE FF FF 00 D8 FF 38 00 80 38 01 00 00 ...þ...Ø.8..8... 0x000001F0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 55 AA ..............Uª

Bonjour Voila! Merci, MBRCheck, version 1.2.3 © 2010, AD Command-line: Windows Version: Windows 7 Professional Windows Information: Service Pack 1 (build 7601), 64-bit Base Board Manufacturer: LENOVO BIOS Manufacturer: LENOVO System Manufacturer: LENOVO System Product Name: 41786UU Logical Drives Mask: 0x00010004 Kernel Drivers (total 217): 0x02E4C000 \SystemRoot\system32\ntoskrnl.exe 0x02E03000 \SystemRoot\system32\hal.dll 0x00BD3000 \SystemRoot\system32\kdcom.dll 0x00C41000 \SystemRoot\system32\mcupdate_GenuineIntel.dll 0x00C90000 \SystemRoot\system32\PSHED.dll 0x00CA4000 \SystemRoot\system32\CLFS.SYS 0x00D02000 \SystemRoot\system32\CI.dll 0x00EA8000 \SystemRoot\system32\drivers\Wdf01000.sys 0x00F4C000 \SystemRoot\system32\drivers\WDFLDR.SYS 0x00F5B000 \SystemRoot\system32\drivers\ACPI.sys 0x00FB2000 \SystemRoot\system32\drivers\WMILIB.SYS 0x00FBB000 \SystemRoot\system32\drivers\msisadrv.sys 0x00FC5000 \SystemRoot\system32\drivers\pci.sys 0x00E00000 \SystemRoot\system32\drivers\vdrvroot.sys 0x00E0D000 \SystemRoot\System32\drivers\partmgr.sys 0x00E22000 \SystemRoot\system32\DRIVERS\compbatt.sys 0x00E2B000 \SystemRoot\system32\DRIVERS\BATTC.SYS 0x00E37000 \SystemRoot\system32\drivers\volmgr.sys 0x00E4C000 \SystemRoot\System32\drivers\volmgrx.sys 0x00DC2000 \SystemRoot\System32\drivers\mountmgr.sys 0x00C00000 \SystemRoot\system32\drivers\vmbus.sys 0x00DDC000 \SystemRoot\system32\drivers\winhv.sys 0x0106A000 \SystemRoot\system32\DRIVERS\iaStor.sys 0x011BE000 \SystemRoot\system32\drivers\amdxata.sys 0x01000000 \SystemRoot\system32\drivers\fltmgr.sys 0x0104C000 \SystemRoot\system32\drivers\fileinfo.sys 0x012A7000 \SystemRoot\system32\DRIVERS\MpFilter.sys 0x01436000 \SystemRoot\System32\Drivers\Ntfs.sys 0x012DF000 \SystemRoot\System32\Drivers\msrpc.sys 0x015D9000 \SystemRoot\System32\Drivers\ksecdd.sys 0x0133D000 \SystemRoot\System32\Drivers\cng.sys 0x01400000 \SystemRoot\System32\drivers\pcw.sys 0x01411000 \SystemRoot\System32\DRIVERS\DzHDD64.sys 0x0141C000 \SystemRoot\System32\Drivers\Fs_Rec.sys 0x01661000 \SystemRoot\system32\drivers\ndis.sys 0x01753000 \SystemRoot\system32\drivers\NETIO.SYS 0x017B3000 \SystemRoot\System32\Drivers\ksecpkg.sys 0x01800000 \SystemRoot\System32\drivers\tcpip.sys 0x01600000 \SystemRoot\System32\drivers\fwpkclnt.sys 0x0164A000 \SystemRoot\system32\drivers\vmstorfl.sys 0x013AF000 \SystemRoot\system32\drivers\volsnap.sys 0x017DD000 \SystemRoot\System32\DRIVERS\ApsHM64.sys 0x017E7000 \SystemRoot\System32\Drivers\spldr.sys 0x01200000 \SystemRoot\System32\drivers\rdyboost.sys 0x0123A000 \SystemRoot\System32\DRIVERS\Apsx64.sys 0x01260000 \SystemRoot\System32\Drivers\RapportKE64.sys 0x01277000 \SystemRoot\System32\Drivers\mup.sys 0x017EF000 \SystemRoot\System32\drivers\hwpolicy.sys 0x01AB3000 \SystemRoot\System32\DRIVERS\fvevol.sys 0x01AED000 \SystemRoot\system32\DRIVERS\disk.sys 0x01B03000 \SystemRoot\system32\DRIVERS\CLASSPNP.SYS 0x01B41000 \??\C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\43926\RapportCerberus64_43926.sys 0x0402A000 \??\C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys 0x04071000 \SystemRoot\System32\Drivers\Null.SYS 0x0407A000 \SystemRoot\System32\Drivers\Beep.SYS 0x0F20D000 \??\C:\Program Files\Lenovo\RapidBoot\PHCORE64.SYS 0x103B2000 \SystemRoot\System32\drivers\vga.sys 0x103C0000 \SystemRoot\System32\drivers\VIDEOPRT.SYS 0x103E5000 \SystemRoot\System32\drivers\watchdog.sys 0x103F5000 \SystemRoot\System32\DRIVERS\RDPCDD.sys 0x0F200000 \SystemRoot\system32\drivers\rdpencdd.sys 0x041EB000 \SystemRoot\system32\drivers\rdprefmp.sys 0x041F4000 \SystemRoot\System32\Drivers\Msfs.SYS 0x01BBB000 \SystemRoot\System32\Drivers\Npfs.SYS 0x01BCC000 \SystemRoot\system32\DRIVERS\tdx.sys 0x01BEE000 \SystemRoot\system32\DRIVERS\TDI.SYS 0x01A00000 \SystemRoot\system32\drivers\afd.sys 0x044B9000 \SystemRoot\System32\DRIVERS\netbt.sys 0x044FE000 \SystemRoot\system32\drivers\ws2ifsl.sys 0x04509000 \SystemRoot\system32\DRIVERS\wfplwf.sys 0x04512000 \SystemRoot\system32\DRIVERS\pacer.sys 0x04538000 \SystemRoot\system32\DRIVERS\vwififlt.sys 0x0454E000 \SystemRoot\system32\DRIVERS\netbios.sys 0x0455D000 \SystemRoot\system32\DRIVERS\serial.sys 0x0457A000 \SystemRoot\system32\DRIVERS\wanarp.sys 0x04595000 \SystemRoot\System32\drivers\Tppwr64v.sys 0x0459C000 \SystemRoot\system32\drivers\termdd.sys 0x04400000 \SystemRoot\system32\DRIVERS\rdbss.sys 0x04451000 \??\C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys 0x04464000 \SystemRoot\system32\drivers\nsiproxy.sys 0x04470000 \SystemRoot\system32\drivers\mssmbios.sys 0x0447B000 \SystemRoot\system32\DRIVERS\smiifx64.sys 0x04482000 \SystemRoot\System32\drivers\discache.sys 0x02E04000 \SystemRoot\system32\drivers\csc.sys 0x02E87000 \SystemRoot\System32\Drivers\dfsc.sys 0x02EA5000 \SystemRoot\system32\DRIVERS\blbdrive.sys 0x02EB6000 \SystemRoot\system32\DRIVERS\tunnel.sys 0x02EDC000 \SystemRoot\system32\DRIVERS\intelppm.sys 0x04A4D000 \SystemRoot\system32\DRIVERS\igdkmd64.sys 0x02EF2000 \SystemRoot\System32\drivers\dxgkrnl.sys 0x04A00000 \SystemRoot\System32\drivers\dxgmms1.sys 0x02FE6000 \SystemRoot\system32\DRIVERS\HECIx64.sys 0x04491000 \SystemRoot\system32\DRIVERS\serenum.sys 0x045B0000 \SystemRoot\system32\DRIVERS\e1c62x64.sys 0x0449D000 \SystemRoot\system32\drivers\usbehci.sys 0x058AC000 \SystemRoot\system32\drivers\USBPORT.SYS 0x05902000 \SystemRoot\system32\drivers\HDAudBus.sys 0x05A9B000 \SystemRoot\system32\DRIVERS\NETwNs64.sys 0x06306000 \SystemRoot\system32\DRIVERS\vwifibus.sys 0x06313000 \SystemRoot\system32\DRIVERS\risdxc64.sys 0x0636F000 \SystemRoot\system32\drivers\i8042prt.sys 0x0638D000 \SystemRoot\system32\drivers\kbdclass.sys 0x068A3000 \SystemRoot\system32\DRIVERS\SynTP.sys 0x06800000 \SystemRoot\system32\DRIVERS\USBD.SYS 0x06802000 \SystemRoot\system32\DRIVERS\mouclass.sys 0x06811000 \SystemRoot\system32\drivers\tpm.sys 0x06820000 \SystemRoot\system32\DRIVERS\CmBatt.sys 0x06825000 \SystemRoot\system32\DRIVERS\ibmpmdrv.sys 0x06832000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys 0x0683F000 \SystemRoot\system32\drivers\wmiacpi.sys 0x06848000 \SystemRoot\system32\drivers\CompositeBus.sys 0x06858000 \SystemRoot\system32\drivers\tbhsd.sys 0x0639C000 \SystemRoot\system32\drivers\portcls.sys 0x06868000 \SystemRoot\system32\drivers\drmk.sys 0x05A00000 \SystemRoot\system32\drivers\ks.sys 0x0688A000 \SystemRoot\system32\drivers\ksthunk.sys 0x06890000 \SystemRoot\System32\Drivers\RootMdm.sys 0x05A43000 \SystemRoot\system32\drivers\modem.sys 0x05A52000 \SystemRoot\system32\DRIVERS\AgileVpn.sys 0x05A68000 \SystemRoot\system32\DRIVERS\rasl2tp.sys 0x05A8C000 \SystemRoot\system32\DRIVERS\ndistapi.sys 0x05926000 \SystemRoot\system32\DRIVERS\ndiswan.sys 0x063D9000 \SystemRoot\system32\DRIVERS\raspppoe.sys 0x05955000 \SystemRoot\system32\DRIVERS\raspptp.sys 0x05976000 \SystemRoot\system32\DRIVERS\rassstp.sys 0x05990000 \SystemRoot\system32\DRIVERS\RimSerial_AMD64.sys 0x06898000 \SystemRoot\system32\DRIVERS\rdpbus.sys 0x063F4000 \SystemRoot\system32\DRIVERS\rrnetcap.sys 0x059A2000 \SystemRoot\system32\DRIVERS\psadd.sys 0x059B0000 \SystemRoot\system32\DRIVERS\Tvti2c.sys 0x05A98000 \SystemRoot\system32\drivers\swenum.sys 0x059BE000 \SystemRoot\system32\DRIVERS\umbus.sys 0x05800000 \SystemRoot\system32\DRIVERS\usbhub.sys 0x0585A000 \SystemRoot\System32\Drivers\NDProxy.SYS 0x0823E000 \SystemRoot\system32\drivers\CHDRT64.sys 0x08400000 \SystemRoot\system32\DRIVERS\IntcDAud.sys 0x000E0000 \SystemRoot\System32\win32k.sys 0x08453000 \SystemRoot\System32\drivers\Dxapi.sys 0x0845F000 \SystemRoot\System32\Drivers\crashdmp.sys 0x0846D000 \SystemRoot\System32\Drivers\dump_iaStor.sys 0x085C1000 \SystemRoot\System32\Drivers\dump_dumpfve.sys 0x085D4000 \SystemRoot\system32\DRIVERS\usbccgp.sys 0x085F1000 \SystemRoot\system32\DRIVERS\hidusb.sys 0x08200000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS 0x08219000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS 0x083CE000 \SystemRoot\system32\DRIVERS\5U877.sys 0x08222000 \SystemRoot\system32\DRIVERS\STREAM.SYS 0x08233000 \SystemRoot\system32\DRIVERS\ElcMouLFlt.sys 0x0586F000 \SystemRoot\system32\DRIVERS\mouhid.sys 0x0587C000 \SystemRoot\system32\DRIVERS\ElcMouUFlt.sys 0x05887000 \SystemRoot\system32\DRIVERS\monitor.sys 0x00540000 \SystemRoot\System32\TSDDD.dll 0x00680000 \SystemRoot\System32\cdd.dll 0x059D0000 \SystemRoot\system32\drivers\luafv.sys 0x059F3000 \??\C:\Windows\system32\drivers\mbam.sys 0x083F7000 \??\C:\Program Files\ThinkVantage Fingerprint Software\smihlp.sys 0x04081000 \SystemRoot\system32\drivers\WudfPf.sys 0x06331000 \SystemRoot\system32\DRIVERS\WinUSB.sys 0x040A2000 \SystemRoot\system32\DRIVERS\WUDFRd.sys 0x06342000 \SystemRoot\system32\DRIVERS\lltdio.sys 0x040D3000 \SystemRoot\system32\DRIVERS\nwifi.sys 0x06357000 \SystemRoot\system32\DRIVERS\ndisuio.sys 0x04126000 \SystemRoot\system32\DRIVERS\rspndr.sys 0x03CAF000 \SystemRoot\system32\drivers\HTTP.sys 0x03D78000 \SystemRoot\system32\DRIVERS\bowser.sys 0x03D96000 \SystemRoot\System32\drivers\mpsdrv.sys 0x03DAE000 \SystemRoot\system32\DRIVERS\mrxsmb.sys 0x03C00000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys 0x03C4E000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys 0x03C72000 \SystemRoot\system32\DRIVERS\NisDrvWFP.sys 0x0413E000 \SystemRoot\system32\drivers\peauth.sys 0x03C93000 \SystemRoot\System32\Drivers\secdrv.SYS 0x011C9000 \SystemRoot\System32\DRIVERS\srvnet.sys 0x03DDB000 \SystemRoot\System32\drivers\tcpipreg.sys 0x08020000 \SystemRoot\System32\DRIVERS\srv2.sys 0x08089000 \SystemRoot\System32\DRIVERS\srv.sys 0x08121000 \SystemRoot\system32\drivers\spsys.sys 0x779C0000 \Windows\System32\ntdll.dll 0x47720000 \Windows\System32\smss.exe 0xFFCE0000 \Windows\System32\apisetschema.dll 0xFF7F0000 \Windows\System32\autochk.exe 0xFFC30000 \Windows\System32\comdlg32.dll 0xFFA50000 \Windows\System32\setupapi.dll 0xFFA30000 \Windows\System32\sechost.dll 0x77B90000 \Windows\System32\psapi.dll 0xFF900000 \Windows\System32\wininet.dll 0xFF6F0000 \Windows\System32\ole32.dll 0xFF6E0000 \Windows\System32\nsi.dll 0x778A0000 \Windows\System32\kernel32.dll 0xFF670000 \Windows\System32\gdi32.dll 0xFF4F0000 \Windows\System32\urlmon.dll 0xFF450000 \Windows\System32\clbcatq.dll 0xFF340000 \Windows\System32\msctf.dll 0xFF0E0000 \Windows\System32\iertutil.dll 0x77B80000 \Windows\System32\normaliz.dll 0xFF0D0000 \Windows\System32\lpk.dll 0xFF0A0000 \Windows\System32\imm32.dll 0xFF080000 \Windows\System32\imagehlp.dll 0xFEFE0000 \Windows\System32\msvcrt.dll 0xFEF60000 \Windows\System32\shlwapi.dll 0xFEE80000 \Windows\System32\oleaut32.dll 0xFE0F0000 \Windows\System32\shell32.dll 0xFE070000 \Windows\System32\difxapi.dll 0xFDF40000 \Windows\System32\rpcrt4.dll 0xFDE60000 \Windows\System32\advapi32.dll 0x777A0000 \Windows\System32\user32.dll 0xFDE00000 \Windows\System32\Wldap32.dll 0xFDD30000 \Windows\System32\usp10.dll 0xFDCE0000 \Windows\System32\ws2_32.dll 0xFDCA0000 \Windows\System32\cfgmgr32.dll 0xFDC00000 \Windows\System32\comctl32.dll 0xFDB90000 \Windows\System32\KernelBase.dll 0xFDA20000 \Windows\System32\crypt32.dll 0xFD9E0000 \Windows\System32\wintrust.dll 0xFD9C0000 \Windows\System32\devobj.dll 0xFD9B0000 \Windows\System32\msasn1.dll 0x770F0000 \Windows\SysWOW64\normaliz.dll Processes (total 118): 0 System Idle Process 4 System 404 C:\Windows\System32\smss.exe 532 csrss.exe 588 C:\Windows\System32\wininit.exe 608 csrss.exe 644 C:\Windows\System32\services.exe 664 C:\Windows\System32\lsass.exe 672 C:\Windows\System32\lsm.exe 776 C:\Windows\System32\svchost.exe 864 C:\Windows\System32\ibmpmsvc.exe 924 C:\Windows\System32\svchost.exe 996 C:\Program Files\Microsoft Security Client\MsMpEng.exe 372 C:\Windows\System32\winlogon.exe 544 C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe 1228 C:\Windows\System32\svchost.exe 1268 C:\Windows\System32\svchost.exe 1300 C:\Windows\System32\svchost.exe 1372 C:\Windows\System32\audiodg.exe 1428 C:\Windows\System32\svchost.exe 1656 C:\Program Files\ThinkVantage Fingerprint Software\upeksvr.exe 1924 WUDFHost.exe 2000 C:\Windows\System32\svchost.exe 492 C:\Windows\System32\wlanext.exe 1364 C:\Windows\System32\conhost.exe 1736 C:\Windows\System32\spoolsv.exe 1880 C:\Windows\System32\svchost.exe 2088 C:\Program Files\Lenovo\HOTKEY\tphkload.exe 2108 C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe 2144 C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe 2184 C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BBSvc.EXE 2224 C:\Program Files\Bonjour\mDNSResponder.exe 2252 C:\Program Files\ThinkPad\Bluetooth Software\btwdins.exe 2300 C:\Program Files (x86)\Cobian Backup 11\cbVSCService11.exe 2396 C:\Windows\System32\CxAudMsg64.exe 2428 C:\Program Files\Intel\WiFi\bin\EvtEng.exe 2476 C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe 2592 C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe 2624 C:\Program Files\Lenovo\Communications Utility\CamMute.exe 2652 C:\Program Files\Lenovo\HOTKEY\micmute.exe 2680 C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe 2716 C:\Program Files\Lenovo\VIRTSCRL\lvvsst.exe 2768 C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe 2792 C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe 2852 C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe 2880 C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe 2912 C:\Windows\SysWOW64\SASrv.exe 2980 C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe 3044 C:\Windows\System32\svchost.exe 2344 C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe 1616 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE 3076 C:\Windows\System32\taskhost.exe 3152 C:\Windows\System32\dwm.exe 3176 C:\Windows\explorer.exe 3484 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe 3496 C:\Windows\System32\TpShocks.exe 3540 C:\Windows\System32\hkcmd.exe 3552 C:\Windows\System32\igfxpers.exe 3564 C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe 3652 C:\Program Files\Microsoft Security Client\NisSrv.exe 3716 C:\Program Files\Lenovo\AutoLock\ALCKRESI.exe 3744 C:\Program Files\Microsoft Security Client\msseces.exe 3808 C:\Windows\System32\svchost.exe 3948 C:\Windows\System32\svchost.exe 3976 C:\Program Files\CONEXANT\ForteConfig\fmapp.exe 4080 C:\Program Files\ELECOM_Mouse_Driver\ElcMouseApl.exe 4092 C:\Program Files\Windows Sidebar\sidebar.exe 1680 C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe 728 C:\Windows\SysWOW64\rundll32.exe 1564 C:\Program Files (x86)\Adobe\Reader 9.0\Reader\reader_sl.exe 4000 C:\Program Files (x86)\Winamp\winampa.exe 3844 C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe 2940 C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe 3884 C:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe 4168 C:\Windows\System32\svchost.exe 4364 WmiPrvSE.exe 4420 unsecapp.exe 4512 C:\Windows\System32\rundll32.exe 4524 C:\PROGRA~1\Lenovo\ZOOM\TpScrex.exe 4532 C:\PROGRA~1\Lenovo\HOTKEY\TPONSCR.exe 4632 C:\PROGRA~1\Lenovo\VIRTSCRL\virtscrl.exe 4688 C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe 4788 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE 4988 C:\Program Files\Synaptics\SynTP\SynTPLpr.exe 4980 dllhost.exe 4184 C:\Program Files\Synaptics\SynTP\SynTPHelper.exe 2260 C:\Windows\System32\taskeng.exe 2988 C:\Windows\System32\rundll32.exe 2036 C:\PROGRA~1\Lenovo\ZOOM\TpScrex.exe 4912 C:\PROGRA~1\Lenovo\HOTKEY\TPONSCR.exe 5076 C:\Program Files\Lenovo\HOTKEY\tpnumlkd.exe 5992 C:\Windows\System32\rundll32.exe 5700 WmiPrvSE.exe 5460 C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin 5480 C:\Program Files (x86)\ThinkPad\Utilities\SCHTASK.EXE 6108 C:\Program Files\Windows Media Player\wmpnetwk.exe 6516 C:\Program Files (x86)\Intel\Intel® Management Engine Components\IMSS\PrivacyIconClient.exe 6760 C:\Windows\System32\SearchIndexer.exe 6316 C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe 6752 C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe 6780 C:\Program Files (x86)\Internet Explorer\ielowutil.exe 6948 WmiPrvSE.exe 6472 C:\Windows\System32\SearchProtocolHost.exe 6464 C:\Program Files (x86)\Nero\Update\NASvc.exe 3924 C:\Windows\System32\sppsvc.exe 5756 C:\Program Files (x86)\Lenovo\System Update\SUService.exe 3196 C:\Program Files (x86)\Common Files\Lenovo\tvt_reg_monitor_svc.exe 3476 C:\Windows\servicing\TrustedInstaller.exe 4032 C:\Program Files (x86)\ThinkPad\Utilities\DZSVC64.EXE 1852 taskhost.exe 5148 C:\Windows\System32\wbem\WmiApSrv.exe 3696 <unknown> 3364 dllhost.exe 4804 dllhost.exe 5440 C:\Users\Cedric\Downloads\MBRCheck (1).exe 5436 C:\Windows\System32\conhost.exe 5740 C:\Windows\System32\dllhost.exe 3236 C:\Windows\System32\SearchFilterHost.exe \\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`4b100000 (NTFS) \\.\Q: --> \\.\PhysicalDrive0 at offset 0x00000071`ffb00000 (NTFS) PhysicalDrive0 Model Number: ST9500420AS, Rev: 0003LVM1 Size Device Name MBR Status -------------------------------------------- 465 GB \\.\PhysicalDrive0 Unknown MBR code SHA1: DBE738B53FBD2A1F00767FD6E2D4095DE99B03EB Found non-standard or infected MBR. Enter 'Y' and hit ENTER for more options, or 'N' to exit: Done!

TDSS report is too long to be posted, but no threats was found. Do you want to see the report any way?

Hello, Here is the aswMBR reports, Thanks a lot, Cédric aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software Run date: 2012-11-07 17:53:25 ----------------------------- 17:53:25.299 OS Version: Windows x64 6.1.7601 Service Pack 1 17:53:25.299 Number of processors: 4 586 0x2A07 17:53:25.299 ComputerName: CEDRIC-THINK UserName: Cedric 17:53:27.579 Initialize success 17:53:53.217 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 17:53:53.217 Disk 0 Vendor: ST950042 0003 Size: 476940MB BusType: 3 17:53:53.227 Disk 0 MBR read successfully 17:53:53.227 Disk 0 MBR scan 17:53:53.227 Disk 0 unknown MBR code 17:53:53.232 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 1200 MB offset 2048 17:53:53.247 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 465737 MB offset 2459648 17:53:53.432 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 10000 MB offset 956291072 17:53:53.497 Disk 0 scanning C:\Windows\system32\drivers 17:54:14.700 Service scanning 17:54:36.502 Modules scanning 17:54:36.512 Disk 0 trace - called modules: 17:54:36.537 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys iaStor.sys hal.dll 17:54:36.542 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80065ea060] 17:54:36.867 3 CLASSPNP.SYS[fffff88001a5143f] -> nt!IofCallDriver -> [0xfffffa80053898c0] 17:54:36.867 5 ACPI.sys[fffff88000ee07a1] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa800538e050] 17:54:36.872 Scan finished successfully 17:55:00.070 Disk 0 MBR has been saved successfully to "C:\Users\Cedric\Documents\MBR.dat" 17:55:00.075 The log file has been saved successfully to "C:\Users\Cedric\Documents\aswMBR.txt"

Block occurs only with a browser (I tried with chromium and IE only) I don't have outlook, I don't know

Hello, These block occurs when I use Chromium or IE and connect to my hotmail account. It's an malicious IP (in russian: 46.17.97.109). I installed TCPview but I couldn't find this IP in the list. I don't know what to do now. :-(

Hi again, Here it is. GMER 1.0.15.15641 - http://www.gmer.net Rootkit scan 2012-11-06 14:11:46 Windows 6.1.7601 Service Pack 1 Running: dogjq064.exe ---- Registry - GMER 1.0.15 ---- Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\001f3ad3f74a Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\e02a82f24c57 Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\e02a82f24c57@68ed436f99ac 0xF7 0x14 0x7A 0x32 ... Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\001f3ad3f74a (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\e02a82f24c57 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\e02a82f24c57@68ed436f99ac 0xF7 0x14 0x7A 0x32 ... ---- EOF - GMER 1.0.15 ----

Hello, Here it is. Still nothing Junkware Removal Tool (JRT) by Thisisu Version: 2.7.1 (11.05.2012) OS: Windows 7 Professional x64 Ran by Cedric on 06/11/2012 at 0:22:16,24 Blog: http://thisisudax.blogspot.com ************************************************************** *** Services: 0 Detections *** Registry Values: 0 Detections *** Registry Keys: 0 Detections *** Files: 0 Detections *** Folders: 0 Detections *** Event Viewer Logs - Cleared ************************************************************** Scan was completed on 06/11/2012 at 0:26:51,38 End of Report

Hello, After more than 24 hours scanning, kaspersky didn't found anything and then, there is no detected threats report. During the scan I had some message: files protected by password. It seems to be complicated! Thanks again Cédric

I blocked it, but it uses a other port. (with TCP) I blocked the new one, and still the same malwarebytes messages...