cedrill
-
Posts
31 -
Joined
-
Last visited
Content Type
Events
Profiles
Forums
Posts posted by cedrill
-
-
<p>Hello,</p>
<p>Now, everything is up to date I think.</p>
<p> </p>
<p> </p>
<p> </p>
<div> Results of screen317's Security Check version 0.99.54 </div>
<div> Windows 7 Service Pack 1 x64 (UAC is enabled) </div>
<div> Internet Explorer 9 </div>
<div>``````````````Antivirus/Firewall Check:`````````````` </div>
<div> Windows Firewall Enabled! </div>
<div>Microsoft Security Essentials </div>
<div> Antivirus up to date! </div>
<div>`````````Anti-malware/Other Utilities Check:````````` </div>
<div> Malwarebytes Anti-Malware version 1.65.1.1000 </div>
<div> Adobe Flash Player 11.5.502.110 </div>
<div>````````Process Check: objlist.exe by Laurent```````` </div>
<div> Microsoft Security Essentials MSMpEng.exe </div>
<div> Microsoft Security Essentials msseces.exe </div>
<div>`````````````````System Health check````````````````` </div>
<div> Total Fragmentation on Drive C: 0% </div>
<div>````````````````````End of Log`````````````````````` </div>
<br />
-
Hello,
Thanks for the advice, I'll reinstall chrome and flash.
Bellow the log.
Cédric,
Results of screen317's Security Check version 0.99.54
Windows 7 Service Pack 1 x64 (UAC is enabled)
Internet Explorer 8 Out of date!
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
Microsoft Security Essentials
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
Malwarebytes Anti-Malware version 1.65.1.1000
Java 6 Update 37
Java version out of Date!
Adobe Flash Player 11.5.502.110
Adobe Reader 9 Adobe Reader out of Date!
````````Process Check: objlist.exe by Laurent````````
Microsoft Security Essentials MSMpEng.exe
Microsoft Security Essentials msseces.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 1%
````````````````````End of Log``````````````````````
-
Hello,
Sorry for late answer, I was in week end.
Difficult to say. Sometime, when I read a video on you tube, video stops few seconds before the end. Sometime chromium crash, but it's infrequent.
Except that, nothing special.
Cédric,
-
Hello,
Here are the logs.
I hope it s ok now
RogueKiller V8.2.3 [07/11/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/
Website: http://tigzy.geekstogo.com/roguekiller.php
Blog: http://tigzyrk.blogspot.com
Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Cedric [Admin rights]
Mode : Remove -- Date : 16/11/2012 23:53:11
¤¤¤ Bad processes : 0 ¤¤¤
¤¤¤ Registry Entries : 0 ¤¤¤
¤¤¤ Particular Files / Folders: ¤¤¤
¤¤¤ Driver : [NOT LOADED] ¤¤¤
¤¤¤ HOSTS File: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts
127.0.0.1 localhost
¤¤¤ MBR Check: ¤¤¤
+++++ PhysicalDrive0: ST9500420AS +++++
--- User ---
[MBR] 6dfa341d7918dd07785e7847f1a410d7
[bSP] 5ff6e46df53fa96bb1401dd65357b79f : Lenovo tatooed MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 1200 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 2459648 | Size: 465737 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 956291072 | Size: 10000 Mo
User = LL1 ... OK!
User = LL2 ... OK!
Finished : << RKreport[19]_D_16112012_235311.txt >>
RKreport[10].txt ; RKreport[11]_S_08112012_072611.txt ; RKreport[12]_S_08112012_164701.txt ; RKreport[13]_D_08112012_164710.txt ; RKreport[14]_D_08112012_164718.txt ;
RKreport[15]_S_08112012_165543.txt ; RKreport[16]_D_08112012_165548.txt ; RKreport[17]_D_08112012_170749.txt ; RKreport[18]_S_16112012_235258.txt ; RKreport[19]_D_16112012_235311.txt ;
RKreport[1].txt ; RKreport[2].txt ; RKreport[3].txt ; RKreport[4].txt ; RKreport[5].txt ;
RKreport[6].txt ; RKreport[7].txt ; RKreport[8].txt ; RKreport[9].txt
Malwarebytes Anti-Malware 1.65.1.1000
www.malwarebytes.org
Version de la base de données: v2012.11.16.06
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 8.0.7601.17514
Cedric :: CEDRIC-THINK [administrateur]
16/11/2012 14:11:00
mbam-log-2012-11-16 (14-11-00).txt
Type d'examen: Examen complet (C:\|Q:\|)
Options d'examen activées: Mémoire | Démarrage | Registre | Système de fichiers | Heuristique/Extra | Heuristique/Shuriken | PUP | PUM
Options d'examen désactivées: P2P
Elément(s) analysé(s): 643721
Temps écoulé: 2 heure(s), 20 minute(s), 21 seconde(s)
Processus mémoire détecté(s): 0
(Aucun élément nuisible détecté)
Module(s) mémoire détecté(s): 0
(Aucun élément nuisible détecté)
Clé(s) du Registre détectée(s): 0
(Aucun élément nuisible détecté)
Valeur(s) du Registre détectée(s): 0
(Aucun élément nuisible détecté)
Elément(s) de données du Registre détecté(s): 0
(Aucun élément nuisible détecté)
Dossier(s) détecté(s): 0
(Aucun élément nuisible détecté)
Fichier(s) détecté(s): 4
C:\Users\Cedric\Documents\FOTOS Et MUSICA\TAFF TAFF 2 2012-01-18 01;00;20\NSN Paris project\Back up 2008 08\USERINF\nla\NLAliczkowsc6fb\LegacyScript\isadmin.exe (Rogue.SecurityScan) -> Mis en quarantaine et supprimé avec succès.
C:\Users\Cedric\Documents\FOTOS Et MUSICA\TAFF TAFF 2 2012-01-18 01;00;20\NSN Paris project\back up 2008 10\USERINF\nla\NLAliczkowsc6fb\LegacyScript\isadmin.exe (Rogue.SecurityScan) -> Mis en quarantaine et supprimé avec succès.
C:\Users\Cedric\Documents\TAFF TAFF 2\NSN Paris project\Back up 2008 08\USERINF\nla\NLAliczkowsc6fb\LegacyScript\isadmin.exe (Rogue.SecurityScan) -> Mis en quarantaine et supprimé avec succès.
C:\Users\Cedric\Documents\TAFF TAFF 2\NSN Paris project\back up 2008 10\USERINF\nla\NLAliczkowsc6fb\LegacyScript\isadmin.exe (Rogue.SecurityScan) -> Mis en quarantaine et supprimé avec succès.
(fin)
-
Hello,
Do you mean this IP is not dangerous any more?
Cool!
But bad new, I ran a scan again and it found something.
Am I really unlucky?
Must I delete this isadmin.exe ?
Thanks again
Cédric
Malwarebytes Anti-Malware 1.65.1.1000
www.malwarebytes.org
Version de la base de données: v2012.11.16.06
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 8.0.7601.17514
Cedric :: CEDRIC-THINK [administrateur]
16/11/2012 14:11:00
mbam-log-2012-11-16 (16-33-04).txt
Type d'examen: Examen complet (C:\|Q:\|)
Options d'examen activées: Mémoire | Démarrage | Registre | Système de fichiers | Heuristique/Extra | Heuristique/Shuriken | PUP | PUM
Options d'examen désactivées: P2P
Elément(s) analysé(s): 643721
Temps écoulé: 2 heure(s), 20 minute(s), 21 seconde(s)
Processus mémoire détecté(s): 0
(Aucun élément nuisible détecté)
Module(s) mémoire détecté(s): 0
(Aucun élément nuisible détecté)
Clé(s) du Registre détectée(s): 0
(Aucun élément nuisible détecté)
Valeur(s) du Registre détectée(s): 0
(Aucun élément nuisible détecté)
Elément(s) de données du Registre détecté(s): 0
(Aucun élément nuisible détecté)
Dossier(s) détecté(s): 0
(Aucun élément nuisible détecté)
Fichier(s) détecté(s): 4
C:\Users\Cedric\Documents\FOTOS Et MUSICA\TAFF TAFF 2 2012-01-18 01;00;20\NSN Paris project\Back up 2008 08\USERINF\nla\NLAliczkowsc6fb\LegacyScript\isadmin.exe (Rogue.SecurityScan) -> Aucune action effectuée.
C:\Users\Cedric\Documents\FOTOS Et MUSICA\TAFF TAFF 2 2012-01-18 01;00;20\NSN Paris project\back up 2008 10\USERINF\nla\NLAliczkowsc6fb\LegacyScript\isadmin.exe (Rogue.SecurityScan) -> Aucune action effectuée.
C:\Users\Cedric\Documents\TAFF TAFF 2\NSN Paris project\Back up 2008 08\USERINF\nla\NLAliczkowsc6fb\LegacyScript\isadmin.exe (Rogue.SecurityScan) -> Aucune action effectuée.
C:\Users\Cedric\Documents\TAFF TAFF 2\NSN Paris project\back up 2008 10\USERINF\nla\NLAliczkowsc6fb\LegacyScript\isadmin.exe (Rogue.SecurityScan) -> Aucune action effectuée.
(fin)
-
Hello,
Yes, I tried to change my hotmail password.
Something strange is the message appears only with one of my two hotmail accounts.
Do you think it could be a bug?
Bellow, the log file.
2012/11/08 00:20:19 +0100 CEDRIC-THINK Cedric IP-BLOCK 46.17.97.109 (Type: outgoing, Port: 50538, Process: chrome.exe)
2012/11/08 01:02:42 +0100 CEDRIC-THINK Cedric IP-BLOCK 46.17.97.109 (Type: outgoing, Port: 51113, Process: chrome.exe)
2012/11/08 07:28:35 +0100 CEDRIC-THINK Cedric IP-BLOCK 46.17.97.109 (Type: outgoing, Port: 51681, Process: chrome.exe)
2012/11/08 16:45:04 +0100 CEDRIC-THINK Cedric IP-BLOCK 46.17.97.109 (Type: outgoing, Port: 52147, Process: chrome.exe)
2012/11/08 16:48:16 +0100 CEDRIC-THINK Cedric IP-BLOCK 46.17.97.109 (Type: outgoing, Port: 52323, Process: chrome.exe)
2012/11/08 16:54:43 +0100 CEDRIC-THINK Cedric IP-BLOCK 46.17.97.109 (Type: outgoing, Port: 52472, Process: chrome.exe)
2012/11/08 17:02:36 +0100 CEDRIC-THINK Cedric IP-BLOCK 46.17.97.109 (Type: outgoing, Port: 52645, Process: chrome.exe)
2012/11/08 17:42:12 +0100 CEDRIC-THINK Cedric MESSAGE Stopping protection
2012/11/08 17:42:12 +0100 CEDRIC-THINK Cedric MESSAGE Protection stopped successfully
2012/11/08 17:42:12 +0100 CEDRIC-THINK Cedric MESSAGE Stopping IP protection
2012/11/08 17:42:12 +0100 CEDRIC-THINK Cedric MESSAGE IP Protection stopped successfully
2012/11/08 17:42:35 +0100 CEDRIC-THINK Cedric
MESSAGE Protection stopped
-
Hello,
I ran again the MBAM and nothing was found (report bellow).
Then, how can I be sure there is no redirecting to Russian IP now? Thanks again for your time.
Malwarebytes Anti-Malware 1.65.1.1000
www.malwarebytes.org
Version de la base de données: v2012.11.13.04
Windows 7 Service Pack 1 x64 NTFS (Mode sans échec)
Internet Explorer 8.0.7601.17514
Cedric :: CEDRIC-THINK [administrateur]
13/11/2012 14:43:53
mbam-log-2012-11-13 (14-43-53).txt
Type d'examen: Examen complet (C:\|Q:\|)
Options d'examen activées: Mémoire | Démarrage | Registre | Système de fichiers | Heuristique/Extra | Heuristique/Shuriken | PUP | PUM
Options d'examen désactivées: P2P
Elément(s) analysé(s): 640841
Temps écoulé: 1 heure(s), 46 minute(s), 49 seconde(s)
Processus mémoire détecté(s): 0
(Aucun élément nuisible détecté)
Module(s) mémoire détecté(s): 0
(Aucun élément nuisible détecté)
Clé(s) du Registre détectée(s): 0
(Aucun élément nuisible détecté)
Valeur(s) du Registre détectée(s): 0
(Aucun élément nuisible détecté)
Elément(s) de données du Registre détecté(s): 0
(Aucun élément nuisible détecté)
Dossier(s) détecté(s): 0
(Aucun élément nuisible détecté)
Fichier(s) détecté(s): 0
(Aucun élément nuisible détecté)
(fin)
-
Good morning,
Yes, that s very strange. Nothing was found but when I connected to hotmail I had a MBAM message telling me it blocked an IP adresse to russian.
Now, my MBAM trial version expired. As the free version doesn't have automatic web site protection, I don't have the message anymore.
Then, I'm a bit confused.
-
Nothing found!
-
Hello,
Nop, it was not ticked.
Should I run anto-rootkit any way?
-
Hello,
No, sorry, I didn't see any IP list in Internet property windows.
What should I looking for?
In Internet property / LAN setting, I found:
Use a proxy server for your LAN
Should I tick this box?
-
Hello,
I use chomium and I have the following message: Chromium is using your computer's system proxy settings to connect to the network.
Should I change that?
The hosts files only contains:
127.0.0.1 localhost
-
Hello,
Here is the log roguekiller. By mistake I did DELETE twice. The report is after the second one.
I couldn't see 46.17.97.109 in TCPView list.
I tried to connect and disconnect my hotmail account. Impossible to see this IP in the list but the message still appears in Malwarebyte !
Any idea?
Thanks
Cédric
RogueKiller V8.2.3 [07/11/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/
Website: http://tigzy.geekstogo.com/roguekiller.php
Blog: http://tigzyrk.blogspot.com
Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Cedric [Admin rights]
Mode : Remove -- Date : 08/11/2012 16:47:18
¤¤¤ Bad processes : 2 ¤¤¤
[RESIDUE] GoogleUpdate.exe -- C:\Users\Cedric\AppData\Local\Google\Update\GoogleUpdate.exe -> KILLED [TermProc]
[RESIDUE] FacebookUpdate.exe -- C:\Users\Cedric\AppData\Local\Facebook\Update\FacebookUpdate.exe -> KILLED [TermProc]
¤¤¤ Registry Entries : 0 ¤¤¤
¤¤¤ Particular Files / Folders: ¤¤¤
¤¤¤ Driver : [NOT LOADED] ¤¤¤
¤¤¤ HOSTS File: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts
127.0.0.1 localhost
¤¤¤ MBR Check: ¤¤¤
+++++ PhysicalDrive0: ST9500420AS +++++
--- User ---
[MBR] 6dfa341d7918dd07785e7847f1a410d7
[bSP] 5ff6e46df53fa96bb1401dd65357b79f : Lenovo tatooed MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 1200 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 2459648 | Size: 465737 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 956291072 | Size: 10000 Mo
User = LL1 ... OK!
User = LL2 ... OK!
Finished : << RKreport[14]_D_08112012_164718.txt >>
RKreport[10].txt ; RKreport[11]_S_08112012_072611.txt ; RKreport[12]_S_08112012_164701.txt ; RKreport[13]_D_08112012_164710.txt ; RKreport[14]_D_08112012_164718.txt ;
RKreport[1].txt ; RKreport[2].txt ; RKreport[3].txt ; RKreport[4].txt ; RKreport[5].txt ;
RKreport[6].txt ; RKreport[7].txt ; RKreport[8].txt ; RKreport[9].txt
-
Hey!
It gave me that:
RogueKiller V8.2.3 [07/11/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/
Website: http://tigzy.geekstogo.com/roguekiller.php
Blog: http://tigzyrk.blogspot.com
Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Cedric [Admin rights]
Mode : Scan -- Date : 08/11/2012 07:26:11
¤¤¤ Bad processes : 0 ¤¤¤
¤¤¤ Registry Entries : 10 ¤¤¤
[TASK][sUSP PATH] GoogleUpdateTaskUserS-1-5-21-3945560438-835355012-1364033068-1000UA.job : C:\Users\Cedric\AppData\Local\Google\Update\GoogleUpdate.exe -> FOUND
[TASK][sUSP PATH] GoogleUpdateTaskUserS-1-5-21-3945560438-835355012-1364033068-1000Core.job : C:\Users\Cedric\AppData\Local\Google\Update\GoogleUpdate.exe -> FOUND
[TASK][sUSP PATH] FacebookUpdateTaskUserS-1-5-21-3945560438-835355012-1364033068-1000UA.job : C:\Users\Cedric\AppData\Local\Facebook\Update\FacebookUpdate.exe -> FOUND
[TASK][sUSP PATH] FacebookUpdateTaskUserS-1-5-21-3945560438-835355012-1364033068-1000Core.job : C:\Users\Cedric\AppData\Local\Facebook\Update\FacebookUpdate.exe -> FOUND
[TASK][sUSP PATH] FacebookUpdateTaskUserS-1-5-21-3945560438-835355012-1364033068-1000Core : C:\Users\Cedric\AppData\Local\Facebook\Update\FacebookUpdate.exe /c /nocrashserver -> FOUND
[TASK][sUSP PATH] FacebookUpdateTaskUserS-1-5-21-3945560438-835355012-1364033068-1000UA : C:\Users\Cedric\AppData\Local\Facebook\Update\FacebookUpdate.exe /ua /installsource scheduler -> FOUND
[TASK][sUSP PATH] GoogleUpdateTaskUserS-1-5-21-3945560438-835355012-1364033068-1000Core : C:\Users\Cedric\AppData\Local\Google\Update\GoogleUpdate.exe /c -> FOUND
[TASK][sUSP PATH] GoogleUpdateTaskUserS-1-5-21-3945560438-835355012-1364033068-1000UA : C:\Users\Cedric\AppData\Local\Google\Update\GoogleUpdate.exe /ua /installsource scheduler -> FOUND
[HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> FOUND
[HJPOL] HKLM\[...]\Wow6432Node\System : DisableRegistryTools (0) -> FOUND
¤¤¤ Particular Files / Folders: ¤¤¤
¤¤¤ Driver : [NOT LOADED] ¤¤¤
¤¤¤ HOSTS File: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts
127.0.0.1 localhost
¤¤¤ MBR Check: ¤¤¤
+++++ PhysicalDrive0: ST9500420AS +++++
--- User ---
[MBR] 6dfa341d7918dd07785e7847f1a410d7
[bSP] 5ff6e46df53fa96bb1401dd65357b79f : Lenovo tatooed MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 1200 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 2459648 | Size: 465737 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 956291072 | Size: 10000 Mo
User = LL1 ... OK!
User = LL2 ... OK!
Finished : << RKreport[11]_S_08112012_072611.txt >>
RKreport[10].txt ; RKreport[11]_S_08112012_072611.txt ; RKreport[1].txt ; RKreport[2].txt ; RKreport[3].txt ;
RKreport[4].txt ; RKreport[5].txt ; RKreport[6].txt ; RKreport[7].txt ; RKreport[8].txt ;
RKreport[9].txt
-
Hello,
Here is the report, but it was very fast (less than one second) is it normal?
MBRScan v1.1.1
OS : Windows 7 Service Pack 1 (64 bit)
PROCESSOR : Intel64 Family 6 Model 42 Stepping 7, GenuineIntel
BOOT : Normal Boot
DATE : 2012/11/08 (ISO 8601) at 00:10:49
________________________________________________________________________________
DISK : Device\Harddisk0\DR0 __ST950042 0AS (0003)
BUS_TYPE : (0x03) P-ATA
USE_PIO : NO
MAX_TRANSFER : 128 Kb
ALIGNMENT_MASK : word aligned
________________________________________________________________________________
Device\Harddisk0\DR0 465.8 Go [Fixed] ==> Lenovo boot sector .
MBR_MD5 : 6DFA341D7918DD07785E7847F1A410D7
MBR_SHA1 : 1D58D65248CA19FBE5DB9FDA2D9979CB29C3CAD0
Device\Harddisk0\Partition1 1.17 Go 0x07 NTFS / HPFS __ BOOTABLE __
Device\Harddisk0\Partition2 454.8 Go 0x07 NTFS / HPFS
Device\Harddisk0\Partition3 9.77 Go 0x07 NTFS / HPFS
________________________________________________________________________________
############################### Additional scan ################################
DRIVER : C:\Windows\system32\hal.dll => Invisible on the disk
ADDRESS : 0x02E03000
SIZE : 292.0 Ko
DRIVER : C:\Windows\system32\kdcom.dll => Invisible on the disk
ADDRESS : 0x00BD3000
SIZE : 40.0 Ko
DRIVER : C:\Windows\system32\mcupdate_GenuineIntel.dll => Invisible on the disk
ADDRESS : 0x00C41000
SIZE : 316.0 Ko
DRIVER : C:\Windows\system32\CLFS.SYS => Invisible on the disk
ADDRESS : 0x00CA4000
SIZE : 376.0 Ko
DRIVER : C:\Windows\system32\CI.dll => Invisible on the disk
ADDRESS : 0x00D02000
SIZE : 768.0 Ko
DRIVER : C:\Windows\system32\drivers\Wdf01000.sys => Invisible on the disk
ADDRESS : 0x00EA8000
SIZE : 656.0 Ko
DRIVER : C:\Windows\system32\drivers\WDFLDR.SYS => Invisible on the disk
ADDRESS : 0x00F4C000
SIZE : 60.0 Ko
DRIVER : C:\Windows\system32\drivers\ACPI.sys => Invisible on the disk
ADDRESS : 0x00F5B000
SIZE : 348.0 Ko
DRIVER : C:\Windows\system32\drivers\WMILIB.SYS => Invisible on the disk
ADDRESS : 0x00FB2000
SIZE : 36.0 Ko
DRIVER : C:\Windows\system32\drivers\msisadrv.sys => Invisible on the disk
ADDRESS : 0x00FBB000
SIZE : 40.0 Ko
DRIVER : C:\Windows\system32\drivers\pci.sys => Invisible on the disk
ADDRESS : 0x00FC5000
SIZE : 204.0 Ko
DRIVER : C:\Windows\system32\drivers\vdrvroot.sys => Invisible on the disk
ADDRESS : 0x00E00000
SIZE : 52.0 Ko
DRIVER : C:\Windows\System32\drivers\partmgr.sys => Invisible on the disk
ADDRESS : 0x00E0D000
SIZE : 84.0 Ko
DRIVER : C:\Windows\system32\DRIVERS\compbatt.sys => Invisible on the disk
ADDRESS : 0x00E22000
SIZE : 36.0 Ko
DRIVER : C:\Windows\system32\DRIVERS\BATTC.SYS => Invisible on the disk
ADDRESS : 0x00E2B000
SIZE : 48.0 Ko
DRIVER : C:\Windows\system32\drivers\volmgr.sys => Invisible on the disk
ADDRESS : 0x00E37000
SIZE : 84.0 Ko
DRIVER : C:\Windows\System32\drivers\volmgrx.sys => Invisible on the disk
ADDRESS : 0x00E4C000
SIZE : 368.0 Ko
DRIVER : C:\Windows\System32\drivers\mountmgr.sys => Invisible on the disk
ADDRESS : 0x00DC2000
SIZE : 104.0 Ko
DRIVER : C:\Windows\system32\drivers\vmbus.sys => Invisible on the disk
ADDRESS : 0x00C00000
SIZE : 240.0 Ko
DRIVER : C:\Windows\system32\drivers\winhv.sys => Invisible on the disk
ADDRESS : 0x00DDC000
SIZE : 80.0 Ko
DRIVER : C:\Windows\system32\DRIVERS\iaStor.sys => Invisible on the disk
ADDRESS : 0x0106A000
SIZE : 1.33 Mo
DRIVER : C:\Windows\system32\drivers\amdxata.sys => Invisible on the disk
ADDRESS : 0x011BE000
SIZE : 44.0 Ko
DRIVER : C:\Windows\system32\drivers\fltmgr.sys => Invisible on the disk
ADDRESS : 0x01000000
SIZE : 304.0 Ko
DRIVER : C:\Windows\system32\drivers\fileinfo.sys => Invisible on the disk
ADDRESS : 0x0104C000
SIZE : 80.0 Ko
DRIVER : C:\Windows\system32\DRIVERS\MpFilter.sys => Invisible on the disk
ADDRESS : 0x012A7000
SIZE : 224.0 Ko
DRIVER : C:\Windows\System32\Drivers\Ntfs.sys => Invisible on the disk
ADDRESS : 0x01436000
SIZE : 1.64 Mo
DRIVER : C:\Windows\System32\Drivers\msrpc.sys => Invisible on the disk
ADDRESS : 0x012DF000
SIZE : 376.0 Ko
DRIVER : C:\Windows\System32\Drivers\ksecdd.sys => Invisible on the disk
ADDRESS : 0x015D9000
SIZE : 108.0 Ko
DRIVER : C:\Windows\System32\Drivers\cng.sys => Invisible on the disk
ADDRESS : 0x0133D000
SIZE : 456.0 Ko
DRIVER : C:\Windows\System32\drivers\pcw.sys => Invisible on the disk
ADDRESS : 0x01400000
SIZE : 68.0 Ko
DRIVER : C:\Windows\System32\DRIVERS\DzHDD64.sys => Invisible on the disk
ADDRESS : 0x01411000
SIZE : 44.0 Ko
DRIVER : C:\Windows\System32\Drivers\Fs_Rec.sys => Invisible on the disk
ADDRESS : 0x0141C000
SIZE : 40.0 Ko
DRIVER : C:\Windows\system32\drivers\ndis.sys => Invisible on the disk
ADDRESS : 0x01661000
SIZE : 968.0 Ko
DRIVER : C:\Windows\system32\drivers\NETIO.SYS => Invisible on the disk
ADDRESS : 0x01753000
SIZE : 384.0 Ko
DRIVER : C:\Windows\System32\Drivers\ksecpkg.sys => Invisible on the disk
ADDRESS : 0x017B3000
SIZE : 168.0 Ko
DRIVER : C:\Windows\System32\drivers\tcpip.sys => Invisible on the disk
ADDRESS : 0x01800000
SIZE : 2.00 Mo
DRIVER : C:\Windows\System32\drivers\fwpkclnt.sys => Invisible on the disk
ADDRESS : 0x01600000
SIZE : 296.0 Ko
DRIVER : C:\Windows\system32\drivers\vmstorfl.sys => Invisible on the disk
ADDRESS : 0x0164A000
SIZE : 64.0 Ko
DRIVER : C:\Windows\system32\drivers\volsnap.sys => Invisible on the disk
ADDRESS : 0x013AF000
SIZE : 304.0 Ko
DRIVER : C:\Windows\System32\DRIVERS\ApsHM64.sys => Invisible on the disk
ADDRESS : 0x017DD000
SIZE : 40.0 Ko
DRIVER : C:\Windows\System32\Drivers\spldr.sys => Invisible on the disk
ADDRESS : 0x017E7000
SIZE : 32.0 Ko
DRIVER : C:\Windows\System32\drivers\rdyboost.sys => Invisible on the disk
ADDRESS : 0x01200000
SIZE : 232.0 Ko
DRIVER : C:\Windows\System32\DRIVERS\Apsx64.sys => Invisible on the disk
ADDRESS : 0x0123A000
SIZE : 152.0 Ko
DRIVER : C:\Windows\System32\Drivers\RapportKE64.sys => Invisible on the disk
ADDRESS : 0x01260000
SIZE : 92.0 Ko
DRIVER : C:\Windows\System32\Drivers\mup.sys => Invisible on the disk
ADDRESS : 0x01277000
SIZE : 72.0 Ko
DRIVER : C:\Windows\System32\drivers\hwpolicy.sys => Invisible on the disk
ADDRESS : 0x017EF000
SIZE : 36.0 Ko
DRIVER : C:\Windows\System32\DRIVERS\fvevol.sys => Invisible on the disk
ADDRESS : 0x01AB3000
SIZE : 232.0 Ko
DRIVER : C:\Windows\system32\DRIVERS\disk.sys => Invisible on the disk
ADDRESS : 0x01AED000
SIZE : 88.0 Ko
DRIVER : C:\Windows\system32\DRIVERS\CLASSPNP.SYS => Invisible on the disk
ADDRESS : 0x01B03000
SIZE : 192.0 Ko
DRIVER : C:\Windows\System32\Drivers\Null.SYS => Invisible on the disk
ADDRESS : 0x04071000
SIZE : 36.0 Ko
DRIVER : C:\Windows\System32\Drivers\Beep.SYS => Invisible on the disk
ADDRESS : 0x0407A000
SIZE : 28.0 Ko
DRIVER : C:\Windows\System32\drivers\vga.sys => Invisible on the disk
ADDRESS : 0x103B2000
SIZE : 56.0 Ko
DRIVER : C:\Windows\System32\drivers\VIDEOPRT.SYS => Invisible on the disk
ADDRESS : 0x103C0000
SIZE : 148.0 Ko
DRIVER : C:\Windows\System32\drivers\watchdog.sys => Invisible on the disk
ADDRESS : 0x103E5000
SIZE : 64.0 Ko
DRIVER : C:\Windows\System32\DRIVERS\RDPCDD.sys => Invisible on the disk
ADDRESS : 0x103F5000
SIZE : 36.0 Ko
DRIVER : C:\Windows\system32\drivers\rdpencdd.sys => Invisible on the disk
ADDRESS : 0x0F200000
SIZE : 36.0 Ko
DRIVER : C:\Windows\system32\drivers\rdprefmp.sys => Invisible on the disk
ADDRESS : 0x041EB000
SIZE : 36.0 Ko
DRIVER : C:\Windows\System32\Drivers\Msfs.SYS => Invisible on the disk
ADDRESS : 0x041F4000
SIZE : 44.0 Ko
DRIVER : C:\Windows\System32\Drivers\Npfs.SYS => Invisible on the disk
ADDRESS : 0x01BBB000
SIZE : 68.0 Ko
DRIVER : C:\Windows\system32\DRIVERS\tdx.sys => Invisible on the disk
ADDRESS : 0x01BCC000
SIZE : 136.0 Ko
DRIVER : C:\Windows\system32\DRIVERS\TDI.SYS => Invisible on the disk
ADDRESS : 0x01BEE000
SIZE : 52.0 Ko
DRIVER : C:\Windows\system32\drivers\afd.sys => Invisible on the disk
ADDRESS : 0x01A00000
SIZE : 548.0 Ko
DRIVER : C:\Windows\System32\DRIVERS\netbt.sys => Invisible on the disk
ADDRESS : 0x044B9000
SIZE : 276.0 Ko
DRIVER : C:\Windows\system32\drivers\ws2ifsl.sys => Invisible on the disk
ADDRESS : 0x044FE000
SIZE : 44.0 Ko
DRIVER : C:\Windows\system32\DRIVERS\wfplwf.sys => Invisible on the disk
ADDRESS : 0x04509000
SIZE : 36.0 Ko
DRIVER : C:\Windows\system32\DRIVERS\pacer.sys => Invisible on the disk
ADDRESS : 0x04512000
SIZE : 152.0 Ko
DRIVER : C:\Windows\system32\DRIVERS\vwififlt.sys => Invisible on the disk
ADDRESS : 0x04538000
SIZE : 88.0 Ko
DRIVER : C:\Windows\system32\DRIVERS\netbios.sys => Invisible on the disk
ADDRESS : 0x0454E000
SIZE : 60.0 Ko
DRIVER : C:\Windows\system32\DRIVERS\serial.sys => Invisible on the disk
ADDRESS : 0x0455D000
SIZE : 116.0 Ko
DRIVER : C:\Windows\system32\DRIVERS\wanarp.sys => Invisible on the disk
ADDRESS : 0x0457A000
SIZE : 108.0 Ko
DRIVER : C:\Windows\System32\drivers\Tppwr64v.sys => Invisible on the disk
ADDRESS : 0x04595000
SIZE : 28.0 Ko
DRIVER : C:\Windows\system32\drivers\termdd.sys => Invisible on the disk
ADDRESS : 0x0459C000
SIZE : 80.0 Ko
DRIVER : C:\Windows\system32\DRIVERS\rdbss.sys => Invisible on the disk
ADDRESS : 0x04400000
SIZE : 324.0 Ko
DRIVER : C:\Windows\system32\drivers\nsiproxy.sys => Invisible on the disk
ADDRESS : 0x04464000
SIZE : 48.0 Ko
DRIVER : C:\Windows\system32\drivers\mssmbios.sys => Invisible on the disk
ADDRESS : 0x04470000
SIZE : 44.0 Ko
DRIVER : C:\Windows\system32\DRIVERS\smiifx64.sys => Invisible on the disk
ADDRESS : 0x0447B000
SIZE : 28.0 Ko
DRIVER : C:\Windows\System32\drivers\discache.sys => Invisible on the disk
ADDRESS : 0x04482000
SIZE : 60.0 Ko
DRIVER : C:\Windows\system32\drivers\csc.sys => Invisible on the disk
ADDRESS : 0x02E04000
SIZE : 524.0 Ko
DRIVER : C:\Windows\System32\Drivers\dfsc.sys => Invisible on the disk
ADDRESS : 0x02E87000
SIZE : 120.0 Ko
DRIVER : C:\Windows\system32\DRIVERS\blbdrive.sys => Invisible on the disk
ADDRESS : 0x02EA5000
SIZE : 68.0 Ko
DRIVER : C:\Windows\system32\DRIVERS\tunnel.sys => Invisible on the disk
ADDRESS : 0x02EB6000
SIZE : 152.0 Ko
DRIVER : C:\Windows\system32\DRIVERS\intelppm.sys => Invisible on the disk
ADDRESS : 0x02EDC000
SIZE : 88.0 Ko
DRIVER : C:\Windows\system32\DRIVERS\igdkmd64.sys => Invisible on the disk
ADDRESS : 0x04A4D000
SIZE : 11.69 Mo
DRIVER : C:\Windows\System32\drivers\dxgkrnl.sys => Invisible on the disk
ADDRESS : 0x02EF2000
SIZE : 976.0 Ko
DRIVER : C:\Windows\System32\drivers\dxgmms1.sys => Invisible on the disk
ADDRESS : 0x04A00000
SIZE : 280.0 Ko
DRIVER : C:\Windows\system32\DRIVERS\HECIx64.sys => Invisible on the disk
ADDRESS : 0x02FE6000
SIZE : 68.0 Ko
DRIVER : C:\Windows\system32\DRIVERS\serenum.sys => Invisible on the disk
ADDRESS : 0x04491000
SIZE : 48.0 Ko
DRIVER : C:\Windows\system32\DRIVERS\e1c62x64.sys => Invisible on the disk
ADDRESS : 0x045B0000
SIZE : 320.0 Ko
DRIVER : C:\Windows\system32\drivers\usbehci.sys => Invisible on the disk
ADDRESS : 0x0449D000
SIZE : 68.0 Ko
DRIVER : C:\Windows\system32\drivers\USBPORT.SYS => Invisible on the disk
ADDRESS : 0x058AC000
SIZE : 344.0 Ko
DRIVER : C:\Windows\system32\drivers\HDAudBus.sys => Invisible on the disk
ADDRESS : 0x05902000
SIZE : 144.0 Ko
DRIVER : C:\Windows\system32\DRIVERS\NETwNs64.sys => Invisible on the disk
ADDRESS : 0x05A9B000
SIZE : 8.42 Mo
DRIVER : C:\Windows\system32\DRIVERS\vwifibus.sys => Invisible on the disk
ADDRESS : 0x06306000
SIZE : 52.0 Ko
DRIVER : C:\Windows\system32\DRIVERS\risdxc64.sys => Invisible on the disk
ADDRESS : 0x06313000
SIZE : 120.0 Ko
DRIVER : C:\Windows\system32\drivers\i8042prt.sys => Invisible on the disk
ADDRESS : 0x0636F000
SIZE : 120.0 Ko
DRIVER : C:\Windows\system32\drivers\kbdclass.sys => Invisible on the disk
ADDRESS : 0x0638D000
SIZE : 60.0 Ko
DRIVER : C:\Windows\system32\DRIVERS\SynTP.sys => Invisible on the disk
ADDRESS : 0x068A3000
SIZE : 1.36 Mo
DRIVER : C:\Windows\system32\DRIVERS\USBD.SYS => Invisible on the disk
ADDRESS : 0x06800000
SIZE : 8.0 Ko
DRIVER : C:\Windows\system32\DRIVERS\mouclass.sys => Invisible on the disk
ADDRESS : 0x06802000
SIZE : 60.0 Ko
DRIVER : C:\Windows\system32\drivers\tpm.sys => Invisible on the disk
ADDRESS : 0x06811000
SIZE : 60.0 Ko
DRIVER : C:\Windows\system32\DRIVERS\CmBatt.sys => Invisible on the disk
ADDRESS : 0x06820000
SIZE : 20.0 Ko
DRIVER : C:\Windows\system32\DRIVERS\ibmpmdrv.sys => Invisible on the disk
ADDRESS : 0x06825000
SIZE : 52.0 Ko
DRIVER : C:\Windows\system32\DRIVERS\GEARAspiWDM.sys => Invisible on the disk
ADDRESS : 0x06832000
SIZE : 52.0 Ko
DRIVER : C:\Windows\system32\drivers\wmiacpi.sys => Invisible on the disk
ADDRESS : 0x0683F000
SIZE : 36.0 Ko
DRIVER : C:\Windows\system32\drivers\CompositeBus.sys => Invisible on the disk
ADDRESS : 0x06848000
SIZE : 64.0 Ko
DRIVER : C:\Windows\system32\drivers\tbhsd.sys => Invisible on the disk
ADDRESS : 0x06858000
SIZE : 64.0 Ko
DRIVER : C:\Windows\system32\drivers\portcls.sys => Invisible on the disk
ADDRESS : 0x0639C000
SIZE : 244.0 Ko
DRIVER : C:\Windows\system32\drivers\drmk.sys => Invisible on the disk
ADDRESS : 0x06868000
SIZE : 136.0 Ko
DRIVER : C:\Windows\system32\drivers\ks.sys => Invisible on the disk
ADDRESS : 0x05A00000
SIZE : 268.0 Ko
DRIVER : C:\Windows\system32\drivers\ksthunk.sys => Invisible on the disk
ADDRESS : 0x0688A000
SIZE : 24.0 Ko
DRIVER : C:\Windows\System32\Drivers\RootMdm.sys => Invisible on the disk
ADDRESS : 0x06890000
SIZE : 32.0 Ko
DRIVER : C:\Windows\system32\drivers\modem.sys => Invisible on the disk
ADDRESS : 0x05A43000
SIZE : 60.0 Ko
DRIVER : C:\Windows\system32\DRIVERS\AgileVpn.sys => Invisible on the disk
ADDRESS : 0x05A52000
SIZE : 88.0 Ko
DRIVER : C:\Windows\system32\DRIVERS\rasl2tp.sys => Invisible on the disk
ADDRESS : 0x05A68000
SIZE : 144.0 Ko
DRIVER : C:\Windows\system32\DRIVERS\ndistapi.sys => Invisible on the disk
ADDRESS : 0x05A8C000
SIZE : 48.0 Ko
DRIVER : C:\Windows\system32\DRIVERS\ndiswan.sys => Invisible on the disk
ADDRESS : 0x05926000
SIZE : 188.0 Ko
DRIVER : C:\Windows\system32\DRIVERS\raspppoe.sys => Invisible on the disk
ADDRESS : 0x063D9000
SIZE : 108.0 Ko
DRIVER : C:\Windows\system32\DRIVERS\raspptp.sys => Invisible on the disk
ADDRESS : 0x05955000
SIZE : 132.0 Ko
DRIVER : C:\Windows\system32\DRIVERS\rassstp.sys => Invisible on the disk
ADDRESS : 0x05976000
SIZE : 104.0 Ko
DRIVER : C:\Windows\system32\DRIVERS\RimSerial_AMD64.sys => Invisible on the disk
ADDRESS : 0x05990000
SIZE : 72.0 Ko
DRIVER : C:\Windows\system32\DRIVERS\rdpbus.sys => Invisible on the disk
ADDRESS : 0x06898000
SIZE : 44.0 Ko
DRIVER : C:\Windows\system32\DRIVERS\rrnetcap.sys => Invisible on the disk
ADDRESS : 0x063F4000
SIZE : 48.0 Ko
DRIVER : C:\Windows\system32\DRIVERS\psadd.sys => Invisible on the disk
ADDRESS : 0x059A2000
SIZE : 56.0 Ko
DRIVER : C:\Windows\system32\DRIVERS\Tvti2c.sys => Invisible on the disk
ADDRESS : 0x059B0000
SIZE : 56.0 Ko
DRIVER : C:\Windows\system32\drivers\swenum.sys => Invisible on the disk
ADDRESS : 0x05A98000
SIZE : 8.0 Ko
DRIVER : C:\Windows\system32\DRIVERS\umbus.sys => Invisible on the disk
ADDRESS : 0x059BE000
SIZE : 72.0 Ko
DRIVER : C:\Windows\system32\DRIVERS\usbhub.sys => Invisible on the disk
ADDRESS : 0x05800000
SIZE : 360.0 Ko
DRIVER : C:\Windows\System32\Drivers\NDProxy.SYS => Invisible on the disk
ADDRESS : 0x0585A000
SIZE : 84.0 Ko
DRIVER : C:\Windows\system32\drivers\CHDRT64.sys => Invisible on the disk
ADDRESS : 0x0823E000
SIZE : 1.56 Mo
DRIVER : C:\Windows\system32\DRIVERS\IntcDAud.sys => Invisible on the disk
ADDRESS : 0x08400000
SIZE : 332.0 Ko
DRIVER : C:\Windows\System32\win32k.sys => Invisible on the disk
ADDRESS : 0x000E0000
SIZE : 3.08 Mo
DRIVER : C:\Windows\System32\drivers\Dxapi.sys => Invisible on the disk
ADDRESS : 0x08453000
SIZE : 48.0 Ko
DRIVER : C:\Windows\System32\Drivers\crashdmp.sys => Invisible on the disk
ADDRESS : 0x0845F000
SIZE : 56.0 Ko
DRIVER : C:\Windows\System32\Drivers\dump_iaStor.sys => Invisible on the disk
ADDRESS : 0x0846D000
SIZE : 1.33 Mo
DRIVER : C:\Windows\System32\Drivers\dump_dumpfve.sys => Invisible on the disk
ADDRESS : 0x085C1000
SIZE : 76.0 Ko
DRIVER : C:\Windows\system32\DRIVERS\usbccgp.sys => Invisible on the disk
ADDRESS : 0x085D4000
SIZE : 116.0 Ko
DRIVER : C:\Windows\system32\DRIVERS\hidusb.sys => Invisible on the disk
ADDRESS : 0x085F1000
SIZE : 56.0 Ko
DRIVER : C:\Windows\system32\DRIVERS\HIDCLASS.SYS => Invisible on the disk
ADDRESS : 0x08200000
SIZE : 100.0 Ko
DRIVER : C:\Windows\system32\DRIVERS\HIDPARSE.SYS => Invisible on the disk
ADDRESS : 0x08219000
SIZE : 36.0 Ko
DRIVER : C:\Windows\system32\DRIVERS\5U877.sys => Invisible on the disk
ADDRESS : 0x083CE000
SIZE : 164.0 Ko
DRIVER : C:\Windows\system32\DRIVERS\STREAM.SYS => Invisible on the disk
ADDRESS : 0x08222000
SIZE : 68.0 Ko
DRIVER : C:\Windows\system32\DRIVERS\ElcMouLFlt.sys => Invisible on the disk
ADDRESS : 0x08233000
SIZE : 44.0 Ko
DRIVER : C:\Windows\system32\DRIVERS\mouhid.sys => Invisible on the disk
ADDRESS : 0x0586F000
SIZE : 52.0 Ko
DRIVER : C:\Windows\system32\DRIVERS\ElcMouUFlt.sys => Invisible on the disk
ADDRESS : 0x0587C000
SIZE : 44.0 Ko
DRIVER : C:\Windows\system32\DRIVERS\monitor.sys => Invisible on the disk
ADDRESS : 0x05887000
SIZE : 56.0 Ko
DRIVER : C:\Windows\System32\TSDDD.dll => Invisible on the disk
ADDRESS : 0x00540000
SIZE : 40.0 Ko
DRIVER : C:\Windows\System32\cdd.dll => Invisible on the disk
ADDRESS : 0x00680000
SIZE : 156.0 Ko
DRIVER : C:\Windows\system32\drivers\luafv.sys => Invisible on the disk
ADDRESS : 0x059D0000
SIZE : 140.0 Ko
DRIVER : C:\Windows\system32\drivers\mbam.sys => Invisible on the disk
ADDRESS : 0x059F3000
SIZE : 40.0 Ko
DRIVER : C:\Windows\system32\drivers\WudfPf.sys => Invisible on the disk
ADDRESS : 0x04081000
SIZE : 132.0 Ko
DRIVER : C:\Windows\system32\DRIVERS\WinUSB.sys => Invisible on the disk
ADDRESS : 0x06331000
SIZE : 68.0 Ko
DRIVER : C:\Windows\system32\DRIVERS\WUDFRd.sys => Invisible on the disk
ADDRESS : 0x040A2000
SIZE : 196.0 Ko
DRIVER : C:\Windows\system32\DRIVERS\lltdio.sys => Invisible on the disk
ADDRESS : 0x06342000
SIZE : 84.0 Ko
DRIVER : C:\Windows\system32\DRIVERS\nwifi.sys => Invisible on the disk
ADDRESS : 0x040D3000
SIZE : 332.0 Ko
DRIVER : C:\Windows\system32\DRIVERS\ndisuio.sys => Invisible on the disk
ADDRESS : 0x06357000
SIZE : 76.0 Ko
DRIVER : C:\Windows\system32\DRIVERS\rspndr.sys => Invisible on the disk
ADDRESS : 0x04126000
SIZE : 96.0 Ko
DRIVER : C:\Windows\system32\drivers\HTTP.sys => Invisible on the disk
ADDRESS : 0x03CAF000
SIZE : 804.0 Ko
DRIVER : C:\Windows\system32\DRIVERS\bowser.sys => Invisible on the disk
ADDRESS : 0x03D78000
SIZE : 120.0 Ko
DRIVER : C:\Windows\System32\drivers\mpsdrv.sys => Invisible on the disk
ADDRESS : 0x03D96000
SIZE : 96.0 Ko
DRIVER : C:\Windows\system32\DRIVERS\mrxsmb.sys => Invisible on the disk
ADDRESS : 0x03DAE000
SIZE : 180.0 Ko
DRIVER : C:\Windows\system32\DRIVERS\mrxsmb10.sys => Invisible on the disk
ADDRESS : 0x03C00000
SIZE : 312.0 Ko
DRIVER : C:\Windows\system32\DRIVERS\mrxsmb20.sys => Invisible on the disk
ADDRESS : 0x03C4E000
SIZE : 144.0 Ko
DRIVER : C:\Windows\system32\DRIVERS\NisDrvWFP.sys => Invisible on the disk
ADDRESS : 0x03C72000
SIZE : 132.0 Ko
DRIVER : C:\Windows\system32\drivers\peauth.sys => Invisible on the disk
ADDRESS : 0x0413E000
SIZE : 664.0 Ko
DRIVER : C:\Windows\System32\Drivers\secdrv.SYS => Invisible on the disk
ADDRESS : 0x03C93000
SIZE : 44.0 Ko
DRIVER : C:\Windows\System32\DRIVERS\srvnet.sys => Invisible on the disk
ADDRESS : 0x011C9000
SIZE : 196.0 Ko
DRIVER : C:\Windows\System32\drivers\tcpipreg.sys => Invisible on the disk
ADDRESS : 0x03DDB000
SIZE : 72.0 Ko
DRIVER : C:\Windows\System32\DRIVERS\srv2.sys => Invisible on the disk
ADDRESS : 0x08020000
SIZE : 420.0 Ko
DRIVER : C:\Windows\System32\DRIVERS\srv.sys => Invisible on the disk
ADDRESS : 0x08089000
SIZE : 608.0 Ko
DRIVER : C:\Windows\System32\smss.exe => Invisible on the disk
ADDRESS : 0x47720000
SIZE : 128.0 Ko
BCD EmsSettings {0CE4991B-E6B3-4B16-B23C-5E0D9250E5D9} => BcdLibraryBoolean_EmsEnabled (16000020)
SystemStartOptions : NOEXECUTE=OPTIN
________________________________________________________________________________
_______MBR \Device\Harddisk0\DR0
0x00000000 EB 0E 0A 00 04 00 C0 09 00 00 00 00 00 00 4E 50 ë.....À.......NP
0x00000010 FA 33 C0 BC 00 66 8E D0 50 07 50 1F FB FC BE 09 ú3À¼.f.ÐP.P.ûü¾.
0x00000020 00 89 14 BF 00 08 BE 00 7C B9 00 01 F3 A5 50 BF ...¿..¾.|¹..ó¥P¿
0x00000030 34 08 57 CB BB 00 06 BE 02 08 0F B6 0C B8 01 02 4.WË»..¾...¶.¸..
0x00000040 BA 80 00 CD 13 BA 05 00 BF 00 06 B9 00 02 E8 24 º..Í.º..¿..¹..è$
0x00000050 01 B9 05 00 BB 00 12 BE 00 06 03 F1 E8 FF 00 EB .¹..»..¾...ñè..ë
0x00000060 0A B3 01 BE A7 12 88 1C E9 89 00 E8 2D 00 3C 01 .³.¾§...é..è-.<.
0x00000070 74 EF E8 52 00 3C 01 74 E8 BA 04 00 BF 00 0A B9 tïèR.<.tèº..¿..¹
0x00000080 A7 08 E8 F0 00 E8 35 05 E9 88 01 BE 05 08 0A 04 §.èð.è5.é..¾....
0x00000090 88 04 B1 01 BB 00 08 E8 B9 00 C3 BE 00 06 E8 17 ..±.»..è¹.þ..è.
0x000000A0 00 BE 23 06 80 3C 00 74 0C 3C 00 74 08 B0 02 E8 .¾#..<.t.<.t.°.è
0x000000B0 D9 FF B0 01 C3 B0 00 C3 B9 00 02 4E 32 C0 8B D9 Ù.°.ð.ù..N2À.Ù
0x000000C0 8A 10 32 C2 E2 F8 C3 B9 05 00 51 B8 00 02 F7 E1 ..2Ââøù..Q¸..÷á
0x000000D0 05 00 08 8B F0 E8 E0 FF 5E 56 0F B6 8C 05 06 E3 ....ðèà.^V.¶...ã
0x000000E0 04 38 C1 75 06 59 E2 E2 B0 00 C3 59 B0 01 E8 9A .8Áu.Yââ°.ÃY°.è.
0x000000F0 FF B0 01 C3 BE 07 08 0F B6 0C B8 01 02 BB 00 7C .°.þ...¶.¸..».|
0x00000100 BA 80 00 CD 13 BE 00 7C E8 AD FF BE 06 08 0F B6 º..Í.¾.|è.¾...¶
0x00000110 0C E3 1C 38 C1 74 18 B0 04 E8 6F FF BE AF 07 E8 .ã.8Át.°.èo.¾¯.è
0x00000120 8C 02 BE A7 12 80 3C 01 74 03 E8 0A 01 CD 18 BE ..¾§..<.t.è..Í.¾
0x00000130 BE 09 BF BE 7D B9 20 00 F3 A5 BA 04 00 BF 00 7C ¾.¿¾}¹ .ó¥º..¿.|
0x00000140 B9 BE 01 E8 2F 00 BE 09 00 8B 14 33 C0 50 BF 00 ¹¾.è/.¾....3ÀP¿.
0x00000150 7C 57 CB 32 ED B8 01 03 BA 80 00 CD 13 C3 51 4E |WË2í¸..º..Í.ÃQN
0x00000160 0F B6 0C E3 08 B8 01 02 BA 80 00 CD 13 81 EB 00 .¶.ã.¸..º..Í..ë.
0x00000170 02 59 E2 EA C3 52 57 51 B8 00 BB CD 1A 72 2B 66 .YâêÃRWQ¸.»Í.r+f
0x00000180 83 F8 00 75 25 81 F9 02 01 7C 1F 66 81 FB 54 43 .ø.u%.ù..|.f.ûTC
0x00000190 50 41 75 16 33 C0 8E C0 66 33 F6 B8 07 BB 66 33 PAu.3À.Àf3ö¸.»f3
0x000001A0 C9 66 33 D2 59 5F 5A CD 1A C3 59 5F 5A C3 00 00 Éf3ÒY_ZÍ.ÃY_ZÃ..
0x000001B0 6D 00 00 00 00 62 7A 99 50 4A 3A A1 00 00 80 20 m....bz.PJ:¡...
0x000001C0 21 00 07 1B 02 99 00 08 00 00 00 80 25 00 00 1B !...........%...
0x000001D0 03 99 07 FE FF FF 00 88 25 00 F8 4F DA 38 00 FE ...þ....%.øOÚ8.þ
0x000001E0 FF FF 07 FE FF FF 00 D8 FF 38 00 80 38 01 00 00 ...þ...Ø.8..8...
0x000001F0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 55 AA ..............Uª -
Bonjour
Voila!
Merci,
MBRCheck, version 1.2.3
© 2010, AD
Command-line:
Windows Version: Windows 7 Professional
Windows Information: Service Pack 1 (build 7601), 64-bit
Base Board Manufacturer: LENOVO
BIOS Manufacturer: LENOVO
System Manufacturer: LENOVO
System Product Name: 41786UU
Logical Drives Mask: 0x00010004
Kernel Drivers (total 217):
0x02E4C000 \SystemRoot\system32\ntoskrnl.exe
0x02E03000 \SystemRoot\system32\hal.dll
0x00BD3000 \SystemRoot\system32\kdcom.dll
0x00C41000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
0x00C90000 \SystemRoot\system32\PSHED.dll
0x00CA4000 \SystemRoot\system32\CLFS.SYS
0x00D02000 \SystemRoot\system32\CI.dll
0x00EA8000 \SystemRoot\system32\drivers\Wdf01000.sys
0x00F4C000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x00F5B000 \SystemRoot\system32\drivers\ACPI.sys
0x00FB2000 \SystemRoot\system32\drivers\WMILIB.SYS
0x00FBB000 \SystemRoot\system32\drivers\msisadrv.sys
0x00FC5000 \SystemRoot\system32\drivers\pci.sys
0x00E00000 \SystemRoot\system32\drivers\vdrvroot.sys
0x00E0D000 \SystemRoot\System32\drivers\partmgr.sys
0x00E22000 \SystemRoot\system32\DRIVERS\compbatt.sys
0x00E2B000 \SystemRoot\system32\DRIVERS\BATTC.SYS
0x00E37000 \SystemRoot\system32\drivers\volmgr.sys
0x00E4C000 \SystemRoot\System32\drivers\volmgrx.sys
0x00DC2000 \SystemRoot\System32\drivers\mountmgr.sys
0x00C00000 \SystemRoot\system32\drivers\vmbus.sys
0x00DDC000 \SystemRoot\system32\drivers\winhv.sys
0x0106A000 \SystemRoot\system32\DRIVERS\iaStor.sys
0x011BE000 \SystemRoot\system32\drivers\amdxata.sys
0x01000000 \SystemRoot\system32\drivers\fltmgr.sys
0x0104C000 \SystemRoot\system32\drivers\fileinfo.sys
0x012A7000 \SystemRoot\system32\DRIVERS\MpFilter.sys
0x01436000 \SystemRoot\System32\Drivers\Ntfs.sys
0x012DF000 \SystemRoot\System32\Drivers\msrpc.sys
0x015D9000 \SystemRoot\System32\Drivers\ksecdd.sys
0x0133D000 \SystemRoot\System32\Drivers\cng.sys
0x01400000 \SystemRoot\System32\drivers\pcw.sys
0x01411000 \SystemRoot\System32\DRIVERS\DzHDD64.sys
0x0141C000 \SystemRoot\System32\Drivers\Fs_Rec.sys
0x01661000 \SystemRoot\system32\drivers\ndis.sys
0x01753000 \SystemRoot\system32\drivers\NETIO.SYS
0x017B3000 \SystemRoot\System32\Drivers\ksecpkg.sys
0x01800000 \SystemRoot\System32\drivers\tcpip.sys
0x01600000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x0164A000 \SystemRoot\system32\drivers\vmstorfl.sys
0x013AF000 \SystemRoot\system32\drivers\volsnap.sys
0x017DD000 \SystemRoot\System32\DRIVERS\ApsHM64.sys
0x017E7000 \SystemRoot\System32\Drivers\spldr.sys
0x01200000 \SystemRoot\System32\drivers\rdyboost.sys
0x0123A000 \SystemRoot\System32\DRIVERS\Apsx64.sys
0x01260000 \SystemRoot\System32\Drivers\RapportKE64.sys
0x01277000 \SystemRoot\System32\Drivers\mup.sys
0x017EF000 \SystemRoot\System32\drivers\hwpolicy.sys
0x01AB3000 \SystemRoot\System32\DRIVERS\fvevol.sys
0x01AED000 \SystemRoot\system32\DRIVERS\disk.sys
0x01B03000 \SystemRoot\system32\DRIVERS\CLASSPNP.SYS
0x01B41000 \??\C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\43926\RapportCerberus64_43926.sys
0x0402A000 \??\C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys
0x04071000 \SystemRoot\System32\Drivers\Null.SYS
0x0407A000 \SystemRoot\System32\Drivers\Beep.SYS
0x0F20D000 \??\C:\Program Files\Lenovo\RapidBoot\PHCORE64.SYS
0x103B2000 \SystemRoot\System32\drivers\vga.sys
0x103C0000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x103E5000 \SystemRoot\System32\drivers\watchdog.sys
0x103F5000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x0F200000 \SystemRoot\system32\drivers\rdpencdd.sys
0x041EB000 \SystemRoot\system32\drivers\rdprefmp.sys
0x041F4000 \SystemRoot\System32\Drivers\Msfs.SYS
0x01BBB000 \SystemRoot\System32\Drivers\Npfs.SYS
0x01BCC000 \SystemRoot\system32\DRIVERS\tdx.sys
0x01BEE000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x01A00000 \SystemRoot\system32\drivers\afd.sys
0x044B9000 \SystemRoot\System32\DRIVERS\netbt.sys
0x044FE000 \SystemRoot\system32\drivers\ws2ifsl.sys
0x04509000 \SystemRoot\system32\DRIVERS\wfplwf.sys
0x04512000 \SystemRoot\system32\DRIVERS\pacer.sys
0x04538000 \SystemRoot\system32\DRIVERS\vwififlt.sys
0x0454E000 \SystemRoot\system32\DRIVERS\netbios.sys
0x0455D000 \SystemRoot\system32\DRIVERS\serial.sys
0x0457A000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x04595000 \SystemRoot\System32\drivers\Tppwr64v.sys
0x0459C000 \SystemRoot\system32\drivers\termdd.sys
0x04400000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x04451000 \??\C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys
0x04464000 \SystemRoot\system32\drivers\nsiproxy.sys
0x04470000 \SystemRoot\system32\drivers\mssmbios.sys
0x0447B000 \SystemRoot\system32\DRIVERS\smiifx64.sys
0x04482000 \SystemRoot\System32\drivers\discache.sys
0x02E04000 \SystemRoot\system32\drivers\csc.sys
0x02E87000 \SystemRoot\System32\Drivers\dfsc.sys
0x02EA5000 \SystemRoot\system32\DRIVERS\blbdrive.sys
0x02EB6000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x02EDC000 \SystemRoot\system32\DRIVERS\intelppm.sys
0x04A4D000 \SystemRoot\system32\DRIVERS\igdkmd64.sys
0x02EF2000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x04A00000 \SystemRoot\System32\drivers\dxgmms1.sys
0x02FE6000 \SystemRoot\system32\DRIVERS\HECIx64.sys
0x04491000 \SystemRoot\system32\DRIVERS\serenum.sys
0x045B0000 \SystemRoot\system32\DRIVERS\e1c62x64.sys
0x0449D000 \SystemRoot\system32\drivers\usbehci.sys
0x058AC000 \SystemRoot\system32\drivers\USBPORT.SYS
0x05902000 \SystemRoot\system32\drivers\HDAudBus.sys
0x05A9B000 \SystemRoot\system32\DRIVERS\NETwNs64.sys
0x06306000 \SystemRoot\system32\DRIVERS\vwifibus.sys
0x06313000 \SystemRoot\system32\DRIVERS\risdxc64.sys
0x0636F000 \SystemRoot\system32\drivers\i8042prt.sys
0x0638D000 \SystemRoot\system32\drivers\kbdclass.sys
0x068A3000 \SystemRoot\system32\DRIVERS\SynTP.sys
0x06800000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x06802000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x06811000 \SystemRoot\system32\drivers\tpm.sys
0x06820000 \SystemRoot\system32\DRIVERS\CmBatt.sys
0x06825000 \SystemRoot\system32\DRIVERS\ibmpmdrv.sys
0x06832000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
0x0683F000 \SystemRoot\system32\drivers\wmiacpi.sys
0x06848000 \SystemRoot\system32\drivers\CompositeBus.sys
0x06858000 \SystemRoot\system32\drivers\tbhsd.sys
0x0639C000 \SystemRoot\system32\drivers\portcls.sys
0x06868000 \SystemRoot\system32\drivers\drmk.sys
0x05A00000 \SystemRoot\system32\drivers\ks.sys
0x0688A000 \SystemRoot\system32\drivers\ksthunk.sys
0x06890000 \SystemRoot\System32\Drivers\RootMdm.sys
0x05A43000 \SystemRoot\system32\drivers\modem.sys
0x05A52000 \SystemRoot\system32\DRIVERS\AgileVpn.sys
0x05A68000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x05A8C000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x05926000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x063D9000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x05955000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x05976000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x05990000 \SystemRoot\system32\DRIVERS\RimSerial_AMD64.sys
0x06898000 \SystemRoot\system32\DRIVERS\rdpbus.sys
0x063F4000 \SystemRoot\system32\DRIVERS\rrnetcap.sys
0x059A2000 \SystemRoot\system32\DRIVERS\psadd.sys
0x059B0000 \SystemRoot\system32\DRIVERS\Tvti2c.sys
0x05A98000 \SystemRoot\system32\drivers\swenum.sys
0x059BE000 \SystemRoot\system32\DRIVERS\umbus.sys
0x05800000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x0585A000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x0823E000 \SystemRoot\system32\drivers\CHDRT64.sys
0x08400000 \SystemRoot\system32\DRIVERS\IntcDAud.sys
0x000E0000 \SystemRoot\System32\win32k.sys
0x08453000 \SystemRoot\System32\drivers\Dxapi.sys
0x0845F000 \SystemRoot\System32\Drivers\crashdmp.sys
0x0846D000 \SystemRoot\System32\Drivers\dump_iaStor.sys
0x085C1000 \SystemRoot\System32\Drivers\dump_dumpfve.sys
0x085D4000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0x085F1000 \SystemRoot\system32\DRIVERS\hidusb.sys
0x08200000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0x08219000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0x083CE000 \SystemRoot\system32\DRIVERS\5U877.sys
0x08222000 \SystemRoot\system32\DRIVERS\STREAM.SYS
0x08233000 \SystemRoot\system32\DRIVERS\ElcMouLFlt.sys
0x0586F000 \SystemRoot\system32\DRIVERS\mouhid.sys
0x0587C000 \SystemRoot\system32\DRIVERS\ElcMouUFlt.sys
0x05887000 \SystemRoot\system32\DRIVERS\monitor.sys
0x00540000 \SystemRoot\System32\TSDDD.dll
0x00680000 \SystemRoot\System32\cdd.dll
0x059D0000 \SystemRoot\system32\drivers\luafv.sys
0x059F3000 \??\C:\Windows\system32\drivers\mbam.sys
0x083F7000 \??\C:\Program Files\ThinkVantage Fingerprint Software\smihlp.sys
0x04081000 \SystemRoot\system32\drivers\WudfPf.sys
0x06331000 \SystemRoot\system32\DRIVERS\WinUSB.sys
0x040A2000 \SystemRoot\system32\DRIVERS\WUDFRd.sys
0x06342000 \SystemRoot\system32\DRIVERS\lltdio.sys
0x040D3000 \SystemRoot\system32\DRIVERS\nwifi.sys
0x06357000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0x04126000 \SystemRoot\system32\DRIVERS\rspndr.sys
0x03CAF000 \SystemRoot\system32\drivers\HTTP.sys
0x03D78000 \SystemRoot\system32\DRIVERS\bowser.sys
0x03D96000 \SystemRoot\System32\drivers\mpsdrv.sys
0x03DAE000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0x03C00000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0x03C4E000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0x03C72000 \SystemRoot\system32\DRIVERS\NisDrvWFP.sys
0x0413E000 \SystemRoot\system32\drivers\peauth.sys
0x03C93000 \SystemRoot\System32\Drivers\secdrv.SYS
0x011C9000 \SystemRoot\System32\DRIVERS\srvnet.sys
0x03DDB000 \SystemRoot\System32\drivers\tcpipreg.sys
0x08020000 \SystemRoot\System32\DRIVERS\srv2.sys
0x08089000 \SystemRoot\System32\DRIVERS\srv.sys
0x08121000 \SystemRoot\system32\drivers\spsys.sys
0x779C0000 \Windows\System32\ntdll.dll
0x47720000 \Windows\System32\smss.exe
0xFFCE0000 \Windows\System32\apisetschema.dll
0xFF7F0000 \Windows\System32\autochk.exe
0xFFC30000 \Windows\System32\comdlg32.dll
0xFFA50000 \Windows\System32\setupapi.dll
0xFFA30000 \Windows\System32\sechost.dll
0x77B90000 \Windows\System32\psapi.dll
0xFF900000 \Windows\System32\wininet.dll
0xFF6F0000 \Windows\System32\ole32.dll
0xFF6E0000 \Windows\System32\nsi.dll
0x778A0000 \Windows\System32\kernel32.dll
0xFF670000 \Windows\System32\gdi32.dll
0xFF4F0000 \Windows\System32\urlmon.dll
0xFF450000 \Windows\System32\clbcatq.dll
0xFF340000 \Windows\System32\msctf.dll
0xFF0E0000 \Windows\System32\iertutil.dll
0x77B80000 \Windows\System32\normaliz.dll
0xFF0D0000 \Windows\System32\lpk.dll
0xFF0A0000 \Windows\System32\imm32.dll
0xFF080000 \Windows\System32\imagehlp.dll
0xFEFE0000 \Windows\System32\msvcrt.dll
0xFEF60000 \Windows\System32\shlwapi.dll
0xFEE80000 \Windows\System32\oleaut32.dll
0xFE0F0000 \Windows\System32\shell32.dll
0xFE070000 \Windows\System32\difxapi.dll
0xFDF40000 \Windows\System32\rpcrt4.dll
0xFDE60000 \Windows\System32\advapi32.dll
0x777A0000 \Windows\System32\user32.dll
0xFDE00000 \Windows\System32\Wldap32.dll
0xFDD30000 \Windows\System32\usp10.dll
0xFDCE0000 \Windows\System32\ws2_32.dll
0xFDCA0000 \Windows\System32\cfgmgr32.dll
0xFDC00000 \Windows\System32\comctl32.dll
0xFDB90000 \Windows\System32\KernelBase.dll
0xFDA20000 \Windows\System32\crypt32.dll
0xFD9E0000 \Windows\System32\wintrust.dll
0xFD9C0000 \Windows\System32\devobj.dll
0xFD9B0000 \Windows\System32\msasn1.dll
0x770F0000 \Windows\SysWOW64\normaliz.dll
Processes (total 118):
0 System Idle Process
4 System
404 C:\Windows\System32\smss.exe
532 csrss.exe
588 C:\Windows\System32\wininit.exe
608 csrss.exe
644 C:\Windows\System32\services.exe
664 C:\Windows\System32\lsass.exe
672 C:\Windows\System32\lsm.exe
776 C:\Windows\System32\svchost.exe
864 C:\Windows\System32\ibmpmsvc.exe
924 C:\Windows\System32\svchost.exe
996 C:\Program Files\Microsoft Security Client\MsMpEng.exe
372 C:\Windows\System32\winlogon.exe
544 C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe
1228 C:\Windows\System32\svchost.exe
1268 C:\Windows\System32\svchost.exe
1300 C:\Windows\System32\svchost.exe
1372 C:\Windows\System32\audiodg.exe
1428 C:\Windows\System32\svchost.exe
1656 C:\Program Files\ThinkVantage Fingerprint Software\upeksvr.exe
1924 WUDFHost.exe
2000 C:\Windows\System32\svchost.exe
492 C:\Windows\System32\wlanext.exe
1364 C:\Windows\System32\conhost.exe
1736 C:\Windows\System32\spoolsv.exe
1880 C:\Windows\System32\svchost.exe
2088 C:\Program Files\Lenovo\HOTKEY\tphkload.exe
2108 C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe
2144 C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
2184 C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BBSvc.EXE
2224 C:\Program Files\Bonjour\mDNSResponder.exe
2252 C:\Program Files\ThinkPad\Bluetooth Software\btwdins.exe
2300 C:\Program Files (x86)\Cobian Backup 11\cbVSCService11.exe
2396 C:\Windows\System32\CxAudMsg64.exe
2428 C:\Program Files\Intel\WiFi\bin\EvtEng.exe
2476 C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
2592 C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe
2624 C:\Program Files\Lenovo\Communications Utility\CamMute.exe
2652 C:\Program Files\Lenovo\HOTKEY\micmute.exe
2680 C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe
2716 C:\Program Files\Lenovo\VIRTSCRL\lvvsst.exe
2768 C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
2792 C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
2852 C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
2880 C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
2912 C:\Windows\SysWOW64\SASrv.exe
2980 C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
3044 C:\Windows\System32\svchost.exe
2344 C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
1616 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
3076 C:\Windows\System32\taskhost.exe
3152 C:\Windows\System32\dwm.exe
3176 C:\Windows\explorer.exe
3484 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
3496 C:\Windows\System32\TpShocks.exe
3540 C:\Windows\System32\hkcmd.exe
3552 C:\Windows\System32\igfxpers.exe
3564 C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe
3652 C:\Program Files\Microsoft Security Client\NisSrv.exe
3716 C:\Program Files\Lenovo\AutoLock\ALCKRESI.exe
3744 C:\Program Files\Microsoft Security Client\msseces.exe
3808 C:\Windows\System32\svchost.exe
3948 C:\Windows\System32\svchost.exe
3976 C:\Program Files\CONEXANT\ForteConfig\fmapp.exe
4080 C:\Program Files\ELECOM_Mouse_Driver\ElcMouseApl.exe
4092 C:\Program Files\Windows Sidebar\sidebar.exe
1680 C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe
728 C:\Windows\SysWOW64\rundll32.exe
1564 C:\Program Files (x86)\Adobe\Reader 9.0\Reader\reader_sl.exe
4000 C:\Program Files (x86)\Winamp\winampa.exe
3844 C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
2940 C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
3884 C:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe
4168 C:\Windows\System32\svchost.exe
4364 WmiPrvSE.exe
4420 unsecapp.exe
4512 C:\Windows\System32\rundll32.exe
4524 C:\PROGRA~1\Lenovo\ZOOM\TpScrex.exe
4532 C:\PROGRA~1\Lenovo\HOTKEY\TPONSCR.exe
4632 C:\PROGRA~1\Lenovo\VIRTSCRL\virtscrl.exe
4688 C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
4788 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
4988 C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
4980 dllhost.exe
4184 C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
2260 C:\Windows\System32\taskeng.exe
2988 C:\Windows\System32\rundll32.exe
2036 C:\PROGRA~1\Lenovo\ZOOM\TpScrex.exe
4912 C:\PROGRA~1\Lenovo\HOTKEY\TPONSCR.exe
5076 C:\Program Files\Lenovo\HOTKEY\tpnumlkd.exe
5992 C:\Windows\System32\rundll32.exe
5700 WmiPrvSE.exe
5460 C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
5480 C:\Program Files (x86)\ThinkPad\Utilities\SCHTASK.EXE
6108 C:\Program Files\Windows Media Player\wmpnetwk.exe
6516 C:\Program Files (x86)\Intel\Intel® Management Engine Components\IMSS\PrivacyIconClient.exe
6760 C:\Windows\System32\SearchIndexer.exe
6316 C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
6752 C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
6780 C:\Program Files (x86)\Internet Explorer\ielowutil.exe
6948 WmiPrvSE.exe
6472 C:\Windows\System32\SearchProtocolHost.exe
6464 C:\Program Files (x86)\Nero\Update\NASvc.exe
3924 C:\Windows\System32\sppsvc.exe
5756 C:\Program Files (x86)\Lenovo\System Update\SUService.exe
3196 C:\Program Files (x86)\Common Files\Lenovo\tvt_reg_monitor_svc.exe
3476 C:\Windows\servicing\TrustedInstaller.exe
4032 C:\Program Files (x86)\ThinkPad\Utilities\DZSVC64.EXE
1852 taskhost.exe
5148 C:\Windows\System32\wbem\WmiApSrv.exe
3696 <unknown>
3364 dllhost.exe
4804 dllhost.exe
5440 C:\Users\Cedric\Downloads\MBRCheck (1).exe
5436 C:\Windows\System32\conhost.exe
5740 C:\Windows\System32\dllhost.exe
3236 C:\Windows\System32\SearchFilterHost.exe
\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`4b100000 (NTFS)
\\.\Q: --> \\.\PhysicalDrive0 at offset 0x00000071`ffb00000 (NTFS)
PhysicalDrive0 Model Number: ST9500420AS, Rev: 0003LVM1
Size Device Name MBR Status
--------------------------------------------
465 GB \\.\PhysicalDrive0 Unknown MBR code
SHA1: DBE738B53FBD2A1F00767FD6E2D4095DE99B03EB
Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit:
Done!
-
TDSS report is too long to be posted, but no threats was found.
Do you want to see the report any way?
-
Hello,
Here is the aswMBR reports,
Thanks a lot,
Cédric
aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-11-07 17:53:25
-----------------------------
17:53:25.299 OS Version: Windows x64 6.1.7601 Service Pack 1
17:53:25.299 Number of processors: 4 586 0x2A07
17:53:25.299 ComputerName: CEDRIC-THINK UserName: Cedric
17:53:27.579 Initialize success
17:53:53.217 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
17:53:53.217 Disk 0 Vendor: ST950042 0003 Size: 476940MB BusType: 3
17:53:53.227 Disk 0 MBR read successfully
17:53:53.227 Disk 0 MBR scan
17:53:53.227 Disk 0 unknown MBR code
17:53:53.232 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 1200 MB offset 2048
17:53:53.247 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 465737 MB offset 2459648
17:53:53.432 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 10000 MB offset 956291072
17:53:53.497 Disk 0 scanning C:\Windows\system32\drivers
17:54:14.700 Service scanning
17:54:36.502 Modules scanning
17:54:36.512 Disk 0 trace - called modules:
17:54:36.537 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys iaStor.sys hal.dll
17:54:36.542 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80065ea060]
17:54:36.867 3 CLASSPNP.SYS[fffff88001a5143f] -> nt!IofCallDriver -> [0xfffffa80053898c0]
17:54:36.867 5 ACPI.sys[fffff88000ee07a1] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa800538e050]
17:54:36.872 Scan finished successfully
17:55:00.070 Disk 0 MBR has been saved successfully to "C:\Users\Cedric\Documents\MBR.dat"
17:55:00.075 The log file has been saved successfully to "C:\Users\Cedric\Documents\aswMBR.txt"
-
Block occurs only with a browser (I tried with chromium and IE only)
I don't have outlook, I don't know
-
Hello,
These block occurs when I use Chromium or IE and connect to my hotmail account.
It's an malicious IP (in russian: 46.17.97.109).
I installed TCPview but I couldn't find this IP in the list.
I don't know what to do now. :-(
-
Hi again,
Here it is.
GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2012-11-06 14:11:46
Windows 6.1.7601 Service Pack 1
Running: dogjq064.exe
---- Registry - GMER 1.0.15 ----
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\001f3ad3f74a
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\e02a82f24c57
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\e02a82f24c57@68ed436f99ac 0xF7 0x14 0x7A 0x32 ...
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\001f3ad3f74a (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\e02a82f24c57 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\e02a82f24c57@68ed436f99ac 0xF7 0x14 0x7A 0x32 ...
---- EOF - GMER 1.0.15 ----
-
Hello,
Here it is.
Still nothing
Junkware Removal Tool (JRT) by Thisisu
Version: 2.7.1 (11.05.2012)
OS: Windows 7 Professional x64
Ran by Cedric on 06/11/2012 at 0:22:16,24
Blog: http://thisisudax.blogspot.com
**************************************************************
*** Services: 0 Detections
*** Registry Values: 0 Detections
*** Registry Keys: 0 Detections
*** Files: 0 Detections
*** Folders: 0 Detections
*** Event Viewer Logs - Cleared
**************************************************************
Scan was completed on 06/11/2012 at 0:26:51,38
End of Report
-
Hello,
After more than 24 hours scanning, kaspersky didn't found anything and then, there is no detected threats report.
During the scan I had some message: files protected by password.
It seems to be complicated!
Thanks again
Cédric
-
I blocked it, but it uses a other port. (with TCP)
I blocked the new one, and still the same malwarebytes messages...
hotmail redirection to russian IP 46.17.97.109
in Resolved Malware Removal Logs
Posted
Good evening!
I will follow your last recommendations.
Thanks a lot for all your helps, that was very helpful.