Jump to content

hotmail redirection to russian IP 46.17.97.109

cedrill

By cedrill
in Resolved Malware Removal Logs

 Share

Recommended Posts

cedrill

cedrill

Posted
Posted

Hello,

When I connect to my hotmail account, malwarebytes indicates it blocked a redirection to a Russian IP 46.17.97.109.

I read some similar post in your forum but I couldn't solve it by myself.

In attached, Malwarebytes, Combofix report. Some part are in french, sorry :unsure:

Also, you will find the DDS and Attach report.

Malwarebytes didn't find anything but send a message each time I connect to one of hotmail account. (to the other one, no).

Could you help me?

Thanks a lot,

Cédric

DDS.txt

Attach.txt

ComboFix.txt

Malwarebytes.txt

Link to post
Share on other sites
  • Replies 55
  • Created
  • Last Reply

Top Posters In This Topic

Popular Days

Top Posters In This Topic

Popular Days

TheDarkKnight

TheDarkKnight

Posted
Posted

:welcome: I am TheDarkKnight and will be assisting you. Please ask questions if anything is unclear. :)

In attached, Malwarebytes, Combofix report. Some part are in french, sorry

Please note that ComboFix is a very powerful and using it without the supervision of a helper such as myself can be quite dangerous for your computer. As for your logs in French, I know a bit of French myself so all good. :P

Babylon is one of those annoying toolbars that often won't go away. Please run the two tools below.

Please download AdwCleaner by Xplode onto your Desktop.

  • Double click on AdwCleaner.exe to run the tool.
  • Click on Search.
  • A logfile will automatically open after the scan has finished.
  • Please post the content of that logfile in your reply.
  • You can find the logfile at C:\AdwCleaner[R1].txt as well.

=====

Then, please download OTL.exe by OldTimer to your Desktop.

  • Close all windows and double click OTL.exe.
  • In the "Custom Scans/Fixes" window (under the light green bar) paste the following in bold:
    netsvcs
    drivers32
    %SYSTEMDRIVE%\*.*
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
  • Click Run Scan and let the program run uninterrupted.
  • When the scan completes, it will open two Notepad windows. OTL.txt and Extras.txt. These are saved in the same location as OTL. Post both logs in this thread.
  • You may need to use two posts to get it all.

=====

In your reply please provide the contents of the following logs (please do not attach):

  • AdwCleaner[R1].txt.
  • OTL.txt.
  • Extras.txt.

Link to post
Share on other sites
cedrill

cedrill

Posted
  • Author
Posted

Bonjour,

Thanks for your help.

Here there are the first 2 logs:

Cédric,

AdwCleaner[R1].txt.

# AdwCleaner v2.006 - Logfile created 11/03/2012 at 00:40:17

# Updated 30/10/2012 by Xplode

# Operating system : Windows 7 Professional Service Pack 1 (64 bits)

# User : Cedric - CEDRIC-THINK

# Boot Mode : Normal

# Running from : C:\Users\Cedric\Downloads\adwcleaner.exe

# Option [search]

***** [services] *****

***** [Files / Folders] *****

Folder Found : C:\Program Files (x86)\Ask.com

Folder Found : C:\ProgramData\Babylon

Folder Found : C:\Users\Cedric\AppData\Local\AskToolbar

Folder Found : C:\Users\Cedric\AppData\Local\Babylon

Folder Found : C:\Users\Cedric\AppData\LocalLow\AskToolbar

Folder Found : C:\Users\Cedric\AppData\Roaming\Babylon

Folder Found : C:\Windows\Installer\{86D4B82A-ABED-442A-BE86-96357B70F4FE}

***** [Registry] *****

Key Found : HKCU\Software\APN

Key Found : HKCU\Software\AppDataLow\AskToolbarInfo

Key Found : HKCU\Software\AppDataLow\Software

Key Found : HKCU\Software\AppDataLow\Software\AskToolbar

Key Found : HKCU\Software\Ask.com

Key Found : HKCU\Software\AskToolbar

Key Found : HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440}

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\{79A765E1-C399-405B-85AF-466F52E918B0}

Key Found : HKCU\Software\Softonic

Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40B7-AC73-056A5EBA4A7E}

Key Found : HKLM\Software\APN

Key Found : HKLM\Software\AskToolbar

Key Found : HKLM\Software\Babylon

Key Found : HKLM\Software\BabylonToolbar

Key Found : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}

Key Found : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL

Key Found : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd

Key Found : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd.1

Key Found : HKLM\SOFTWARE\Classes\Installer\Features\A28B4D68DEBAA244EB686953B7074FEF

Key Found : HKLM\SOFTWARE\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF

Key Found : HKLM\SOFTWARE\Classes\Prod.cap

Key Found : HKLM\SOFTWARE\Classes\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}

Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}

Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}

Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}

Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}

Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}

Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}

Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}

Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE}

Key Found : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}

Key Found : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}

Key Found : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}

Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF

Key Found : HKU\S-1-5-21-3945560438-835355012-1364033068-1000\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40B7-AC73-056A5EBA4A7E}

Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]

Value Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [ApnUpdater]

Value Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{D4027C7F-154A-4066-A1AD-4243D8127440}]

***** [internet Browsers] *****

-\\ Internet Explorer v8.0.7601.17514

[OK] Registry is clean.

-\\ Google Chrome v [unable to get version]

File : C:\Users\Cedric\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

-\\ Chromium v22.0.1216.0

File : C:\Users\Cedric\AppData\Local\Chromium\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [4499 octets] - [03/11/2012 00:40:17]

########## EOF - C:\AdwCleaner[R1].txt - [4559 octets] ##########

Extras.Txt

OTL Extras logfile created on: 03/11/2012 00:43:29 - Run 1

OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Cedric\Downloads

64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Internet Explorer (Version = 8.0.7601.17514)

Locale: 0000040C | Country: France | Language: FRA | Date Format: dd/MM/yyyy

3,89 Gb Total Physical Memory | 1,95 Gb Available Physical Memory | 50,24% Memory free

7,78 Gb Paging File | 5,78 Gb Available in Paging File | 74,34% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 454,82 Gb Total Space | 84,82 Gb Free Space | 18,65% Space Free | Partition Type: NTFS

Drive Q: | 9,77 Gb Total Space | 9,69 Gb Free Space | 99,22% Space Free | Partition Type: NTFS

Computer Name: CEDRIC-THINK | User Name: Cedric | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.html [@ = Opera.HTML] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1"

.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

.html [@ = Opera.HTML] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1"

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]

.html [@ = ChromiumHTML.WN5V6WUYVWEMANRDOFD242GULA] -- C:\Users\Cedric\AppData\Local\Chromium\Application\chrome.exe (The Chromium Authors)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

htmlfile [edit] -- Reg Error: Key error.

htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)

https [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1"

inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)

InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)

InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()

Directory [browse with FastStone] -- "C:\Program Files (x86)\FastStone Image Viewer\FSViewer.exe" "%1" ()

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()

Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)

Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)

Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)

Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [explore] -- Reg Error: Value error.

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

htmlfile [edit] -- Reg Error: Key error.

https [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1"

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()

Directory [browse with FastStone] -- "C:\Program Files (x86)\FastStone Image Viewer\FSViewer.exe" "%1" ()

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()

Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)

Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)

Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)

Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [explore] -- Reg Error: Value error.

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"cval" = 1

"FirewallDisableNotify" = 0

"AntiVirusDisableNotify" = 0

"UpdatesDisableNotify" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]

"AntiVirusOverride" = 0

"AntiSpywareOverride" = 0

"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]

"DisableSR" = 0

========== Firewall Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{00F536E8-9E04-443A-B7F1-14906CD98826}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |

"{162DC1F9-5CB4-4E0D-B0C2-C43D59CA6824}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |

"{1634276F-1395-48B5-8085-3018B7F2325D}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |

"{168E14C8-02EA-4F62-924B-B7C8C0CFFB23}" = lport=137 | protocol=17 | dir=in | app=system |

"{1870E630-5B55-42C6-832D-FA7756A653D6}" = lport=4482 | protocol=6 | dir=in | name=blackberry desktop software wireless music sync data transfer |

"{216274A5-07AD-4765-AECE-C12114898D2F}" = lport=139 | protocol=6 | dir=in | app=system |

"{2D0924F6-F330-4A7A-A909-CF3BC3E19D11}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |

"{3D0A5C0F-3065-45EB-9A71-F8E416EDCFF0}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |

"{5D3FC0F0-DA85-4959-8903-6C0706E46D76}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |

"{6515E93C-7B2B-4797-BA55-2DE7D9A03A09}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |

"{6709DEC3-78E9-4F2F-B48B-079B7313AD3F}" = lport=10243 | protocol=6 | dir=in | app=system |

"{7E067D83-F6E4-4808-867C-9AB3743B3F16}" = lport=4481 | protocol=17 | dir=in | name=blackberry desktop software wireless music sync discovery |

"{7E224E02-9ECC-4667-9BFC-8FFB1916E5D7}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |

"{81B0E38E-B0A2-49EB-B041-26E9CB9F5803}" = rport=139 | protocol=6 | dir=out | app=system |

"{846E6800-7A41-404B-8234-270C5B252F60}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |

"{866A1FB7-93FA-4C55-AB93-98662AB530CC}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |

"{87D872B1-3EFE-40F4-B963-7B47F738770F}" = lport=445 | protocol=6 | dir=in | app=system |

"{94E3DAA0-0964-409A-AEBA-27262B05C6A1}" = rport=10243 | protocol=6 | dir=out | app=system |

"{B04EEEFD-8DB5-4A0E-84C1-8CB62F95C812}" = lport=138 | protocol=17 | dir=in | app=system |

"{B0D4E3D6-7056-4914-ABF2-27CCF32DEDBB}" = rport=445 | protocol=6 | dir=out | app=system |

"{BBFD9B4B-BDA2-4A7F-857A-E2FA4D1FFEB8}" = lport=4482 | protocol=17 | dir=in | name=blackberry desktop software wireless music sync discovery |

"{BC116B38-3C69-412C-83C7-219DF61963B2}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |

"{CE469A05-CA76-4498-AB5B-313ED7BF489A}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |

"{CF49962B-6CAF-4D64-8F66-6AC350A87D57}" = lport=2869 | protocol=6 | dir=in | app=system |

"{D85A660F-CA98-4F98-80DB-301D89AD9C37}" = rport=138 | protocol=17 | dir=out | app=system |

"{E045EA36-F60F-4BFD-8A45-89540448563C}" = rport=137 | protocol=17 | dir=out | app=system |

"{EE4B5034-4234-420E-AAEE-D6960E4F4BD3}" = lport=4481 | protocol=6 | dir=in | name=blackberry desktop software wireless music sync data transfer |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{07A1157C-87E4-4B5A-BBC4-1FDE142EA341}" = protocol=17 | dir=in | app=c:\program files (x86)\bittorrent\bittorrent.exe |

"{10CB080D-80EC-4EE2-A5CE-F4A36D9F3F14}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |

"{184EA067-4FD7-4209-A052-610BA18DED45}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |

"{19DCAF61-0FB0-4F03-96B9-BCF22A058158}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |

"{2AA1B182-06A6-4FF0-B61C-BE4E73889B5C}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |

"{2EFFA88D-6752-4A53-A5B0-6BBAE65E3974}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |

"{3E676A7A-370D-47F7-AA5B-67AA3FA9B371}" = protocol=58 | dir=out | name=@iphlpsvc.dll,-503 |

"{42315113-72D0-4FFA-8927-EAAC7BF01502}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |

"{43A1CAAD-82D2-4DC4-B390-2976D22D47CA}" = protocol=17 | dir=in | app=e:\fscommand\cksocketserver.exe |

"{45446F33-E6CC-4A4B-A665-6E8B30E14706}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |

"{4FEA7436-AA8C-4398-87FA-C43952801C41}" = protocol=6 | dir=out | app=system |

"{51ABA579-29D7-4A39-ACB2-3FB070712B9A}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |

"{5AD16DF9-D0A8-4179-B970-3C47EE490DDB}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |

"{5B694C26-CDBF-4A70-99B2-9E5895A2DC17}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |

"{6EA27CB2-C054-4636-AF3D-BD1B5D3C0677}" = protocol=17 | dir=in | app=c:\program files (x86)\research in motion\blackberry desktop\rim.desktop.exe |

"{6F619AF1-95D6-4E27-AE71-1FD8DA4F83F3}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |

"{748BE49B-AB55-4F16-9B8D-71F15FE5A7D7}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |

"{7B2F5942-B12A-4D0F-B5E6-D0046A7275C9}" = dir=in | app=c:\users\cedric\appdata\local\facebook\video\skype\facebookvideocalling.exe |

"{7C1F2196-28EF-4D94-BE08-4AED82FF0209}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe |

"{7D7DDB8C-DA92-4CEC-A061-DD57E3C44BC2}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |

"{8886969F-625A-4B51-9619-2C726F1F197C}" = protocol=17 | dir=in | app=c:\program files (x86)\opera\opera.exe |

"{923FFEA8-B97F-49BB-8BDF-6E857BC65855}" = protocol=6 | dir=in | app=e:\fscommand\cksocketserver.exe |

"{94B48834-7AD1-4123-A497-8755E550FB05}" = protocol=6 | dir=in | app=c:\program files (x86)\opera\opera.exe |

"{9AD9071F-41D6-4856-AA7B-14DD98B2D6FF}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |

"{ACA3127C-B1FB-4582-9CDB-12C2B5A434BD}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |

"{AF960A30-5A2C-42F0-8105-DDAB65471DA7}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |

"{B4A7CCB0-D132-404D-ADFB-0472BCA7D783}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |

"{B5EDDCF1-5E3C-4BB6-948A-666752942501}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |

"{B6F3070B-65EA-4585-9F4A-06796CE1D582}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |

"{C1EFDE79-B06A-413F-8F2C-B5EFB05A982D}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |

"{C2E36F79-EF0F-4A91-99ED-B3679119904B}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |

"{C7F79EDF-D5E2-4481-A36E-21F2D5041174}" = protocol=6 | dir=in | app=c:\program files (x86)\research in motion\blackberry desktop\rim.desktop.exe |

"{CEACAF07-C1A9-466D-9098-27F287EA68DE}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |

"{EA391BD6-E55A-46DE-8110-BFEFF1687517}" = dir=in | app=c:\program files (x86)\rapidsolution\audials 9\audials.exe |

"{EA586D64-EF05-4474-90F8-D3607B44AFD6}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |

"{EC6BD773-11EF-472A-AD39-B2D86626FB0F}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |

"{EF55B88A-3A34-46B0-9FDF-9CBDD5F77420}" = protocol=17 | dir=in | app=e:\fscommand\cksocketserver.exe |

"{EF59DC80-7A22-42B8-B3B6-58D5840AC2EA}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |

"{F34518B4-1F5D-4ACB-927A-C4D1DE165234}" = protocol=6 | dir=in | app=e:\fscommand\cksocketserver.exe |

"{F5F3C78F-A41F-48AA-8597-28C7727CAA1A}" = protocol=58 | dir=in | app=system |

"{F6001D73-8D35-4AD1-8655-C65034EB9B02}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |

"{F6F89103-82BB-414A-92EF-3D6D3C6F64C7}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |

"{FDFC41BD-67F5-4C6A-9FA7-3042C51DA211}" = protocol=6 | dir=in | app=c:\program files (x86)\bittorrent\bittorrent.exe |

"TCP Query User{1A9D9BBD-B613-4A57-8567-79FCD5B91FD9}C:\program files (x86)\winamp\winamp.exe" = protocol=6 | dir=in | app=c:\program files (x86)\winamp\winamp.exe |

"TCP Query User{27C0ED3C-015D-4835-9CAD-20B309389662}C:\users\cedric\appdata\local\temp\pylab61.tmp\pyrun.exe" = protocol=6 | dir=in | app=c:\users\cedric\appdata\local\temp\pylab61.tmp\pyrun.exe |

"TCP Query User{2CAEFFA8-83B6-49FF-B3CC-CC16627F3235}C:\program files (x86)\emule\emule.exe" = protocol=6 | dir=in | app=c:\program files (x86)\emule\emule.exe |

"TCP Query User{497692E0-1C6A-45B1-B950-06CE5B0572A9}C:\users\cedric\appdata\local\temp\pyl8b34.tmp\pyrun.exe" = protocol=6 | dir=in | app=c:\users\cedric\appdata\local\temp\pyl8b34.tmp\pyrun.exe |

"TCP Query User{7B650792-14ED-4A4E-8EC8-6E668769B3AB}C:\program files (x86)\electronic arts\eadm\core.exe" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\eadm\core.exe |

"TCP Query User{AA8B3413-D3E5-4579-A172-FC84B6DC8477}C:\program files (x86)\electronic arts\eadm\core.exe" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\eadm\core.exe |

"TCP Query User{ECE93DC2-67E5-4EE0-AF1D-36146B8FF61B}C:\users\cedric\appdata\local\chromium\application\chrome.exe" = protocol=6 | dir=in | app=c:\users\cedric\appdata\local\chromium\application\chrome.exe |

"UDP Query User{30BAA907-0FAD-4156-BBDF-A5CF04F0546D}C:\users\cedric\appdata\local\temp\pyl8b34.tmp\pyrun.exe" = protocol=17 | dir=in | app=c:\users\cedric\appdata\local\temp\pyl8b34.tmp\pyrun.exe |

"UDP Query User{41C87CE7-F811-42C8-B865-310FB90283F4}C:\program files (x86)\electronic arts\eadm\core.exe" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\eadm\core.exe |

"UDP Query User{440F2273-6BAF-43D0-B4CA-4FF185776AFE}C:\users\cedric\appdata\local\temp\pylab61.tmp\pyrun.exe" = protocol=17 | dir=in | app=c:\users\cedric\appdata\local\temp\pylab61.tmp\pyrun.exe |

"UDP Query User{9C96FD35-08A4-4767-AFD0-6224016BF22D}C:\program files (x86)\winamp\winamp.exe" = protocol=17 | dir=in | app=c:\program files (x86)\winamp\winamp.exe |

"UDP Query User{BC73C366-FB49-41AC-80DC-385D8A0371E4}C:\users\cedric\appdata\local\chromium\application\chrome.exe" = protocol=17 | dir=in | app=c:\users\cedric\appdata\local\chromium\application\chrome.exe |

"UDP Query User{EB2D5A53-2C02-4B47-BD52-A9E848E5CFD6}C:\program files (x86)\electronic arts\eadm\core.exe" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\eadm\core.exe |

"UDP Query User{F36F0168-6CF1-41AD-9C1D-1D28DCAFA60E}C:\program files (x86)\emule\emule.exe" = protocol=17 | dir=in | app=c:\program files (x86)\emule\emule.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{027E5FAB-1476-4C59-AAB4-32EF28520399}" = Windows Live Language Selector

"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)

"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant

"{1DD81E7D-0D28-4CEB-87B2-C041A4FCB215}" = Rapport

"{23170F69-40C1-2702-0920-000001000000}" = 7-Zip 9.20 (x64 edition)

"{290D4DB2-F1B4-4B8E-918D-D71EF29A001B}" = Intel® PROSet/Wireless WiFi Software

"{32E9C1A5-0FDA-4483-987D-DBABF9CC1DD8}" = Microsoft Antimalware Service FR-FR Language Pack

"{46A84694-59EC-48F0-964C-7E76E9F8A2ED}" = ThinkVantage Active Protection System

"{502EE63C-9A62-4330-8F8B-1EAB51B7BB46}" = ThinkVantage Fingerprint Software

"{57DD35E9-D9BB-4089-BB05-EF933C586CB3}" = Broadcom InConcert Maestro

"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161

"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources

"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour

"{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}" = Microsoft Visual C++ 2005 Redistributable (x64)

"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17

"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources

"{88C6A6D9-324C-46E8-BA87-563D14021442}_is1" = ThinkVantage Communications Utility

"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight

"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting

"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)

"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053

"{B8AD779A-82DA-4365-A7D0-AD3DCFC55CFF}" = Apple Mobile Device Support

"{C6C9D5F7-630C-4125-8C4E-94AF77C1896E}" = ThinkPad Bluetooth with Enhanced Data Rate Software

"{C78D3032-9DFD-41D0-9DE9-58EAE750CBA4}" = Microsoft Security Client

"{CF8FFD12-602B-422D-AF1D-511B411E7632}" = iTunes

"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter

"{DC911ADF-7B60-40F2-A112-FB1EB6402D07}" = Microsoft Security Client FR-FR Language Pack

"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client

"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service

"{E224B44B-B5EB-4af3-A80A-A255358E241A}_is1" = ThinkVantage AutoLock

"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile

"0CDBDD444A1F5FFEA227B4E7DCE195F11F08240A" = Windows Driver Package - Intel System (09/10/2010 9.2.0.1011)

"466E9B20D871055D6D3CDA2CDD1D355E978A61AF" = Windows Driver Package - Lenovo 1.61.00.11 (11/11/2010 1.61.00.11)

"598E94DC2EBC0E4D1F6240F3E25E1AC6D2D1A0FA" = Windows Driver Package - Ricoh Company SD Host Controller (12/14/2010 6.10.10.25)

"6D23A494E9A245843FB8584D9307D3E328DF8613" = Windows Driver Package - Intel (e1cexpress) Net (12/21/2010 11.8.84.0)

"8DAEF707B6B749388AD4ADA30B486276CDDD9282" = Windows Driver Package - Synaptics (SynTP) Mouse (12/15/2010 15.2.5.2)

"90FD26A77B849AE03FF5F07A1CDA7F950406A8D8" = Windows Driver Package - Intel (MEIx64) System (10/19/2010 7.0.0.1144)

"A513FC5E5A08D4EF27F234E91E0E942A0234210B" = Windows Driver Package - Intel System (09/10/2010 9.2.0.1011)

"CNXT_AUDIO_HDA" = Conexant 20672 SmartAudio HD

"D97688B8E3830BF9820E15EB8D9552DCBF988CFD" = Windows Driver Package - Intel USB (09/16/2010 9.2.0.1013)

"DisableAMTPopup" = Disable AMT Profile Synchronization Pop-up for Windows XP/Vista/7

"EnablePS" = Registry Patch to Enable Maximum Power Saving on WiFi Adapters for Windows 7

"FE1BEBFD475BB832AAF104F5C63348E98A9286DF" = Windows Driver Package - Intel System (10/04/2010 9.2.0.1015)

"LENOVO.SMIIF" = Lenovo System Interface Driver

"LenovoAutoScrollUtility" = Lenovo Auto Scroll Utility

"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile

"Microsoft Security Client" = Microsoft Security Essentials

"OnScreenDisplay" = On Screen Display

"PC-Doctor for Windows" = Lenovo ThinkVantage Toolbox

"Power Management Driver" = ThinkPad Power Management Driver

"ProInst" = Intel PROSet Wireless

"SynTPDeinstKey" = ThinkPad UltraNav Driver

"ThinkPad FullScreen Magnifier" = ThinkPad FullScreen Magnifier

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer

"{13F59938-C595-479C-B479-F171AB9AF64F}" = Lenovo User Guide

"{155E102A-A022-48F7-92D8-5B38D260BBD5}" = ELECOM MouseAssistant2

"{17CBC505-D1AE-459D-B445-3D2000A85842}" = ThinkPad UltraNav Utility

"{1845470B-EB14-4ABC-835B-E36C693DC07D}" = Skype™ 5.10

"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker

"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update

"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions

"{2436F2A8-4B7E-4B6C-AE4E-604C84AA6A4F}" = Nero Core Components 10

"{25C64847-B900-48AD-A164-1B4F9B774650}" = System Update

"{26A24AE4-039D-4CA4-87B4-2F83216033FF}" = Java 6 Update 37

"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections

"{2934DCB0-F8EE-11E0-A4A5-B8AC6F97B88E}" = Google Earth Plug-in

"{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger

"{2C43790E-8470-1027-82D3-DF319F3C410F}" = Intel® Identity Protection Technology 1.0.71.0

"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery

"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery

"{43D16DA8-BF42-3C62-89D3-3AD47829DC2E}" = Google Talk Plugin

"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater

"{50DC5136-21E8-48BC-97E5-1AD055F6B0B6}" = Create Recovery Media

"{50F68032-B5B7-4513-9116-C978DBD8F27A}" = Corel DVD MovieFactory 7

"{523B2B1B-D8DB-4B41-90FF-C4D799E2758A}" = Nero ControlCenter 10 Help (CHM)

"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack

"{5C1F18D2-F6B7-4242-B803-B5A78648185D}" = Corel WinDVD

"{6068A42A-C1CF-45F2-9859-5DB16287FE5D}" = msvcrt_installer

"{61EDBE71-5D3E-4AB7-AD95-E53FEAF68C17}" = Bing Rewards Client Installer

"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel® Management Engine Components

"{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}" = Nero Update

"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE

"{6DFB899F-17A2-48F0-A533-ED8D6866CF38}" = Nero Control Center 10

"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable

"{77F955CC-E8AC-489F-9AF0-2BF48935CF9C}" = ELECOM MouseAssistant2

"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update

"{7DA1C06F-C913-46C7-8A0F-DA2CBA17EA1D}" = OpenOffice.org 3.4.1

"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable

"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform

"{842BEE12-CCCB-43F4-ABAF-CBA6DFE2583D}" = Nero BurnLite 10

"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar

"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime

"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT

"{8EB278E8-7FDA-4ED9-A429-C87A76F95087}_is1" = 1AVCapture version 1.9.3.10

"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker

"{97B70991-5002-4241-8B0C-D74B8ADEB2B5}" = BlackBerry Desktop Software 7.1

"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

"{9CA0DEE4-E84B-466F-9B96-FC255F3A929F}" = Integrated Camera TWAIN

"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail

"{9DF0196F-B6B8-4C3A-8790-DE42AA530101}" = SPORE™

"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh

"{A3BE3F1E-2472-4211-8735-E8239BE49D9F}" = Burn.Now 4.5

"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer

"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper

"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common

"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer

"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer

"{AB627AF2-9C7E-4DBD-816B-3B2646B81E89}" = Nero BurnLite 10

"{AC76BA86-7AD7-1033-7B44-A95000000001}" = Adobe Reader 9.5.2

"{B2CA6F37-1602-4823-81B5-0384B6888AA6}" = Integrated Camera Driver Installer Package Ver.1.1.0.1134

"{B383F243-0ABC-4E56-AA30-923B8D85076E}" = Rescue and Recovery

"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call

"{B92C5909-1D37-4C51-8397-A28BB28E5DC3}" = Facebook Video Calling 1.2.0.287

"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail

"{C83D5AA1-6A1F-4102-8F7F-C0230DD31FC0}" = RapidBoot

"{CD95F661-A5C4-44F5-A6AA-ECDD91C240C1}" = WinZip 15.0

"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform

"{D0B39629-8BB3-4AE2-8AAC-FDDD7E80901E}" = Audials

"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64

"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common

"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform

"{D6C3C9E7-D334-4918-BD57-5B1EF14C207D}" = Bing Bar

"{DAC01CEE-5BAE-42D5-81FC-B687E84E8405}" = ThinkPad Power Manager

"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources

"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh

"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10

"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger

"{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support

"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]

"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel® Processor Graphics

"{F2004B8D-7791-4B35-A3FA-D8CA8BB4DD81}" = Direct DiscRecorder

"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel® Control Center

"{FD331A3B-F7A5-4C31-B8D4-DF413C85AF7A}" = Message Center Plus

"{FD4EC278-C1B1-4496-99ED-C0BE1B0AA521}" = Lenovo Warranty Information

"{FE041B02-234C-4AAA-9511-80DF6482A458}" = RICOH Media Driver v2.10.18.02

"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials

"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX

"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin

"BitTorrent" = BitTorrent

"BlackBerry_Desktop" = BlackBerry Desktop Software 7.1

"CobBackup10" = Cobian Backup 10

"CobBackup11" = Cobian Backup 11 Gravity

"DominateGame" = DominateGame 20050929 (dominate)

"eMule" = eMule

"FastStone Image Viewer" = FastStone Image Viewer 4.6

"Free PDF to Word Doc Converter_is1" = Free PDF to Word Doc Converter v1.1

"InstallShield_{50F68032-B5B7-4513-9116-C978DBD8F27A}" = Corel DVD MovieFactory Lenovo Edition

"InstallShield_{A3BE3F1E-2472-4211-8735-E8239BE49D9F}" = Corel Burn.Now Lenovo Edition

"InstallShield_{C83D5AA1-6A1F-4102-8F7F-C0230DD31FC0}" = RapidBoot

"InstallShield_{F2004B8D-7791-4B35-A3FA-D8CA8BB4DD81}" = Direct DiscRecorder

"Jaangle music management" = Jaangle music management

"kit bouygtel" = kit bouygtel

"Lenovo Welcome_is1" = Lenovo Welcome

"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.65.1.1000

"Rapport_msi" = Rapport

"VLC media player" = VLC media player 2.0.2

"Winamp" = Winamp

"WinLiveSuite" = Windows Live Essentials

"Wubi" = Ubuntu

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{79A765E1-C399-405B-85AF-466F52E918B0}" = système de mise à jour de Nero Toolbar Updater

"Chromium" = Chromium

========== Last 20 Event Log Errors ==========

[ Application Events ]

Error - 18/10/2012 23:10:25 | Computer Name = Cedric-THINK | Source = Bonjour Service | ID = 100

Description = Task Scheduling Error: m->NextScheduledSPRetry 1139

Error - 18/10/2012 23:10:26 | Computer Name = Cedric-THINK | Source = Bonjour Service | ID = 100

Description = Task Scheduling Error: Continuously busy for more than a second

Error - 18/10/2012 23:10:26 | Computer Name = Cedric-THINK | Source = Bonjour Service | ID = 100

Description = Task Scheduling Error: m->NextScheduledEvent 2340

Error - 18/10/2012 23:10:26 | Computer Name = Cedric-THINK | Source = Bonjour Service | ID = 100

Description = Task Scheduling Error: m->NextScheduledSPRetry 2340

Error - 18/10/2012 23:10:27 | Computer Name = Cedric-THINK | Source = Bonjour Service | ID = 100

Description = Task Scheduling Error: Continuously busy for more than a second

Error - 18/10/2012 23:10:27 | Computer Name = Cedric-THINK | Source = Bonjour Service | ID = 100

Description = Task Scheduling Error: m->NextScheduledEvent 3479

Error - 18/10/2012 23:10:27 | Computer Name = Cedric-THINK | Source = Bonjour Service | ID = 100

Description = Task Scheduling Error: m->NextScheduledSPRetry 3479

Error - 18/10/2012 23:10:28 | Computer Name = Cedric-THINK | Source = Bonjour Service | ID = 100

Description = Task Scheduling Error: Continuously busy for more than a second

Error - 18/10/2012 23:10:28 | Computer Name = Cedric-THINK | Source = Bonjour Service | ID = 100

Description = Task Scheduling Error: m->NextScheduledEvent 4618

Error - 18/10/2012 23:10:28 | Computer Name = Cedric-THINK | Source = Bonjour Service | ID = 100

Description = Task Scheduling Error: m->NextScheduledSPRetry 4618

[ Lenovo-Message Center Plus/Admin Events ]

Error - 11/03/2012 14:41:19 | Computer Name = Cedric-THINK | Source = Lenovo-Message Center Plus/Admin | ID = 4

Description = The file size of the downloaded file /TOC.cab is not the same as the

file size of the file on the server

Error - 11/03/2012 14:41:19 | Computer Name = Cedric-THINK | Source = Lenovo-Message Center Plus/Admin | ID = 4

Description = The file C:\ProgramData\Lenovo\MessageCenterPlus\ServerRepository\temp\indexEncryptingChilli.php

does not have a Lenovo Digital Signature. The file will be deleted

Error - 14/03/2012 16:47:03 | Computer Name = Cedric-THINK | Source = Lenovo-Message Center Plus/Admin | ID = 4

Description = The file size of the downloaded file /TOC.cab is not the same as the

file size of the file on the server

Error - 14/03/2012 16:47:03 | Computer Name = Cedric-THINK | Source = Lenovo-Message Center Plus/Admin | ID = 4

Description = The file C:\ProgramData\Lenovo\MessageCenterPlus\ServerRepository\temp\indexEncryptingChilli.php

does not have a Lenovo Digital Signature. The file will be deleted

Error - 14/03/2012 20:48:29 | Computer Name = Cedric-THINK | Source = Lenovo-Message Center Plus/Admin | ID = 4

Description = The file size of the downloaded file /TOC.cab is not the same as the

file size of the file on the server

Error - 14/03/2012 20:48:29 | Computer Name = Cedric-THINK | Source = Lenovo-Message Center Plus/Admin | ID = 4

Description = The file C:\ProgramData\Lenovo\MessageCenterPlus\ServerRepository\temp\indexEncryptingChilli.php

does not have a Lenovo Digital Signature. The file will be deleted

Error - 18/03/2012 14:01:40 | Computer Name = Cedric-THINK | Source = Lenovo-Message Center Plus/Admin | ID = 4

Description = The file size of the downloaded file /TOC.cab is not the same as the

file size of the file on the server

Error - 18/03/2012 14:01:40 | Computer Name = Cedric-THINK | Source = Lenovo-Message Center Plus/Admin | ID = 4

Description = The file C:\ProgramData\Lenovo\MessageCenterPlus\ServerRepository\temp\indexEncryptingChilli.php

does not have a Lenovo Digital Signature. The file will be deleted

Error - 21/03/2012 17:41:24 | Computer Name = Cedric-THINK | Source = Lenovo-Message Center Plus/Admin | ID = 4

Description = The file size of the downloaded file /TOC.cab is not the same as the

file size of the file on the server

Error - 21/03/2012 17:41:24 | Computer Name = Cedric-THINK | Source = Lenovo-Message Center Plus/Admin | ID = 4

Description = The file C:\ProgramData\Lenovo\MessageCenterPlus\ServerRepository\temp\indexEncryptingChilli.php

does not have a Lenovo Digital Signature. The file will be deleted

[ Media Center Events ]

Error - 14/03/2012 15:08:26 | Computer Name = Cedric-THINK | Source = MCUpdate | ID = 0

Description = 20:08:26 - Error connecting to the internet. 20:08:26 - Unable

to contact server..

Error - 21/03/2012 15:10:32 | Computer Name = Cedric-THINK | Source = MCUpdate | ID = 0

Description = 20:10:31 - Error connecting to the internet. 20:10:31 - Unable

to contact server..

Error - 26/03/2012 16:45:20 | Computer Name = Cedric-THINK | Source = MCUpdate | ID = 0

Description = 22:45:20 - Error connecting to the internet. 22:45:20 - Unable

to contact server..

Error - 05/04/2012 02:02:13 | Computer Name = Cedric-THINK | Source = MCUpdate | ID = 0

Description = 8:02:12 - Error connecting to the internet. 8:02:12 - Unable to

contact server..

Error - 05/04/2012 14:03:32 | Computer Name = Cedric-THINK | Source = MCUpdate | ID = 0

Description = 20:03:32 - Error connecting to the internet. 20:03:32 - Unable

to contact server..

Error - 29/04/2012 17:12:44 | Computer Name = Cedric-THINK | Source = MCUpdate | ID = 0

Description = 23:12:43 - Error connecting to the internet. 23:12:44 - Unable

to contact server..

Error - 29/04/2012 17:12:50 | Computer Name = Cedric-THINK | Source = MCUpdate | ID = 0

Description = 23:12:49 - Error connecting to the internet. 23:12:49 - Unable

to contact server..

Error - 11/07/2012 09:53:52 | Computer Name = Cedric-THINK | Source = MCUpdate | ID = 0

Description = 15:53:52 - Error connecting to the internet. 15:53:52 - Unable

to contact server..

Error - 16/07/2012 08:45:34 | Computer Name = Cedric-THINK | Source = MCUpdate | ID = 0

Description = 14:45:34 - Error connecting to the internet. 14:45:34 - Unable

to contact server..

Error - 30/07/2012 05:16:21 | Computer Name = Cedric-THINK | Source = MCUpdate | ID = 0

Description = 11:16:19 - Error connecting to the internet. 11:16:19 - Unable

to contact server..

[ System Events ]

Error - 29/10/2012 18:07:22 | Computer Name = Cedric-THINK | Source = Service Control Manager | ID = 7001

Description = The Network List Service service depends on the Network Location Awareness

service which failed to start because of the following error: %%1068

Error - 29/10/2012 21:04:02 | Computer Name = Cedric-THINK | Source = DCOM | ID = 10005

Description =

Error - 29/10/2012 21:04:03 | Computer Name = Cedric-THINK | Source = Microsoft Antimalware | ID = 2001

Description = %%860 has encountered an error trying to update signatures. New Signature

Version: Previous Signature Version: 1.139.863.0 Update Source: %%859 Update Stage:

%%852 Source Path: Default URL Signature Type: %%800 Update Type: %%803 User: NT AUTHORITY\SYSTEM

Current

Engine Version: Previous Engine Version: 1.1.8904.0 Error code: 0x8007043c Error

description: This service cannot be started in Safe Mode

Error - 31/10/2012 04:46:06 | Computer Name = Cedric-THINK | Source = Service Control Manager | ID = 7011

Description = A timeout (30000 milliseconds) was reached while waiting for a transaction

response from the ShellHWDetection service.

Error - 31/10/2012 04:46:52 | Computer Name = Cedric-THINK | Source = Service Control Manager | ID = 7009

Description = A timeout was reached (30000 milliseconds) while waiting for the Windows

Biometric Service service to connect.

Error - 31/10/2012 04:46:54 | Computer Name = Cedric-THINK | Source = Service Control Manager | ID = 7000

Description = The Windows Biometric Service service failed to start due to the following

error: %%1053

Error - 02/11/2012 06:33:44 | Computer Name = Cedric-THINK | Source = Service Control Manager | ID = 7034

Description = The Skype C2C Service service terminated unexpectedly. It has done

this 1 time(s).

Error - 02/11/2012 06:49:50 | Computer Name = Cedric-THINK | Source = Service Control Manager | ID = 7030

Description = The PEVSystemStart service is marked as an interactive service. However,

the system is configured to not allow interactive services. This service may not

function properly.

Error - 02/11/2012 06:52:57 | Computer Name = Cedric-THINK | Source = Application Popup | ID = 1060

Description = \??\C:\ComboFix\catchme.sys has been blocked from loading due to incompatibility

with this system. Please contact your software vendor for a compatible version

of the driver.

Error - 02/11/2012 06:57:02 | Computer Name = Cedric-THINK | Source = Service Control Manager | ID = 7030

Description = The PEVSystemStart service is marked as an interactive service. However,

the system is configured to not allow interactive services. This service may not

function properly.

< End of report >

Link to post
Share on other sites
cedrill

cedrill

Posted
  • Author
Posted

and the last one

OTL.Txt

OTL logfile created on: 03/11/2012 00:43:29 - Run 1

OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Cedric\Downloads

64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Internet Explorer (Version = 8.0.7601.17514)

Locale: 0000040C | Country: France | Language: FRA | Date Format: dd/MM/yyyy

3,89 Gb Total Physical Memory | 1,95 Gb Available Physical Memory | 50,24% Memory free

7,78 Gb Paging File | 5,78 Gb Available in Paging File | 74,34% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 454,82 Gb Total Space | 84,82 Gb Free Space | 18,65% Space Free | Partition Type: NTFS

Drive Q: | 9,77 Gb Total Space | 9,69 Gb Free Space | 99,22% Space Free | Partition Type: NTFS

Computer Name: CEDRIC-THINK | User Name: Cedric | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/11/03 00:41:55 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Cedric\Downloads\OTL.exe

PRC - [2012/11/03 00:40:08 | 000,540,977 | ---- | M] () -- C:\Users\Cedric\Downloads\adwcleaner.exe

PRC - [2012/10/02 12:13:44 | 003,064,000 | ---- | M] (Skype Technologies S.A.) -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe

PRC - [2012/09/29 18:54:26 | 000,766,536 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe

PRC - [2012/09/29 18:54:26 | 000,676,936 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

PRC - [2012/09/29 18:54:26 | 000,399,432 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe

PRC - [2012/09/22 16:34:24 | 001,677,144 | ---- | M] (Trusteer Ltd.) -- C:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe

PRC - [2012/09/22 16:34:24 | 000,976,728 | ---- | M] (Trusteer Ltd.) -- C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe

PRC - [2012/08/13 11:22:48 | 010,376,704 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe

PRC - [2012/08/13 11:22:48 | 010,368,512 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin

PRC - [2012/08/13 11:22:48 | 000,103,936 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\swriter.exe

PRC - [2012/06/28 16:40:52 | 000,074,752 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\Winamp\winampa.exe

PRC - [2012/04/09 16:43:42 | 001,557,160 | ---- | M] (Ask) -- C:\Program Files (x86)\Ask.com\Updater\Updater.exe

PRC - [2012/02/10 10:28:06 | 000,240,408 | ---- | M] (Microsoft Corporation.) -- C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\SeaPort.EXE

PRC - [2011/02/03 19:45:00 | 000,062,824 | ---- | M] (Lenovo Group Limited) -- C:\Program Files (x86)\ThinkPad\Utilities\SCHTASK.EXE

PRC - [2011/01/17 02:42:04 | 002,656,280 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe

PRC - [2011/01/17 02:42:02 | 000,326,168 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

PRC - [2011/01/14 01:54:12 | 000,059,240 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe

PRC - [2011/01/14 01:54:10 | 000,041,320 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe

PRC - [2011/01/14 01:53:52 | 000,040,808 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\Communications Utility\CamMute.exe

PRC - [2010/12/29 07:18:32 | 000,137,656 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\ZOOM\TpScrex.exe

PRC - [2010/12/29 07:18:14 | 000,259,432 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe

PRC - [2010/12/17 03:36:18 | 000,281,448 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\AutoLock\ALCKRESI.exe

PRC - [2010/12/14 22:07:36 | 000,028,672 | ---- | M] (Lenovo Group Limited) -- C:\Program Files (x86)\Lenovo\System Update\SUService.exe

PRC - [2010/12/11 18:39:28 | 001,028,096 | ---- | M] (Lenovo Group Limited) -- C:\Program Files (x86)\Common Files\Lenovo\tvt_reg_monitor_svc.exe

PRC - [2010/12/02 04:55:56 | 000,064,440 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe

PRC - [2010/11/29 20:10:32 | 000,210,896 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe

PRC - [2010/11/24 08:34:26 | 000,045,496 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\HOTKEY\micmute.exe

PRC - [2010/11/18 12:47:52 | 000,446,592 | ---- | M] (Conexant Systems, Inc.) -- C:\Windows\SysWOW64\SASrv.exe

PRC - [2010/05/04 11:07:22 | 000,503,080 | ---- | M] (Nero AG) -- C:\Program Files (x86)\Nero\Update\NASvc.exe

PRC - [2010/04/07 06:37:40 | 000,093,032 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\VIRTSCRL\lvvsst.exe

PRC - [2010/04/01 06:50:46 | 000,043,960 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\VIRTSCRL\virtscrl.exe

PRC - [2010/03/11 22:06:06 | 000,193,824 | ---- | M] (Protexis Inc.) -- C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe

PRC - [2009/05/28 06:09:36 | 000,049,976 | ---- | M] () -- C:\Program Files (x86)\Lenovo\Message Center Plus\MCPLaunch.exe

PRC - [2008/01/10 20:13:50 | 000,061,440 | ---- | M] (Ulead Systems, Inc.) -- C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

========== Modules (No Company Name) ==========

MOD - [2012/11/03 00:40:08 | 000,540,977 | ---- | M] () -- C:\Users\Cedric\Downloads\adwcleaner.exe

MOD - [2012/10/31 11:07:15 | 000,520,464 | ---- | M] () -- C:\ProgramData\Trusteer\Rapport\store\exts\RapportMS\baseline\RapportMS.dll

MOD - [2012/08/21 18:18:44 | 000,557,056 | ---- | M] () -- C:\Program Files (x86)\Trusteer\Rapport\bin\js32.dll

MOD - [2012/08/10 16:51:32 | 000,985,088 | ---- | M] () -- C:\Program Files (x86)\OpenOffice.org 3\program\libxml2.dll

MOD - [2012/08/10 16:50:56 | 000,303,616 | ---- | M] () -- C:\Program Files (x86)\OpenOffice.org 3\program\libxmlsec.dll

MOD - [2012/08/10 16:50:56 | 000,170,496 | ---- | M] () -- C:\Program Files (x86)\OpenOffice.org 3\program\libxslt.dll

MOD - [2012/08/10 16:50:56 | 000,136,192 | ---- | M] () -- C:\Program Files (x86)\OpenOffice.org 3\program\libxmlsec-mscrypto.dll

MOD - [2010/04/06 17:05:16 | 002,085,888 | ---- | M] () -- C:\Program Files\Lenovo\AutoLock\cv210.dll

MOD - [2010/04/06 17:04:06 | 002,201,088 | ---- | M] () -- C:\Program Files\Lenovo\AutoLock\cxcore210.dll

MOD - [2009/05/28 06:09:36 | 000,049,976 | ---- | M] () -- C:\Program Files (x86)\Lenovo\Message Center Plus\MCPLaunch.exe

========== Services (SafeList) ==========

SRV:64bit: - [2012/09/12 20:21:48 | 000,368,896 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)

SRV:64bit: - [2012/09/12 20:21:48 | 000,022,072 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)

SRV:64bit: - [2011/01/14 01:54:12 | 000,059,240 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe -- (LENOVO.TPKNRSVC)

SRV:64bit: - [2011/01/14 01:53:52 | 000,040,808 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Lenovo\Communications Utility\CamMute.exe -- (LENOVO.CAMMUTE)

SRV:64bit: - [2010/12/18 23:50:36 | 000,962,848 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Program Files\ThinkPad\Bluetooth Software\btwdins.exe -- (btwdins)

SRV:64bit: - [2010/12/17 22:41:32 | 001,515,792 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng)

SRV:64bit: - [2010/12/17 22:26:50 | 000,836,880 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc)

SRV:64bit: - [2010/12/17 04:18:08 | 000,198,784 | ---- | M] (Conexant Systems Inc.) [Auto | Running] -- C:\Windows\SysNative\CxAudMsg64.exe -- (CxAudMsg)

SRV:64bit: - [2010/12/16 00:46:46 | 000,047,728 | ---- | M] (Lenovo.) [On_Demand | Stopped] -- C:\Windows\SysNative\TPHDEXLG64.exe -- (TPHDEXLGSVC)

SRV:64bit: - [2010/12/03 21:01:54 | 000,116,072 | ---- | M] (Lenovo Group Limited) [Auto | Stopped] -- C:\Program Files\Lenovo\RapidBoot\HyperW7Svc64.exe -- (HyperW7Svc)

SRV:64bit: - [2010/12/03 03:00:56 | 000,114,024 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Lenovo\HOTKEY\tphkload.exe -- (TPHKLOAD)

SRV:64bit: - [2010/12/02 04:55:56 | 000,064,440 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe -- (TPHKSVC)

SRV:64bit: - [2010/11/24 08:34:26 | 000,045,496 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Lenovo\HOTKEY\micmute.exe -- (LENOVO.MICMUTE)

SRV:64bit: - [2010/11/12 10:48:50 | 000,045,928 | ---- | M] (Lenovo.) [Auto | Running] -- C:\Windows\SysNative\ibmpmsvc.exe -- (IBMPMSVC)

SRV:64bit: - [2010/09/23 02:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)

SRV:64bit: - [2010/04/07 06:37:40 | 000,093,032 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Lenovo\VIRTSCRL\lvvsst.exe -- (Lenovo.VIRTSCRLSVC)

SRV:64bit: - [2009/07/14 02:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)

SRV:64bit: - [2009/07/14 02:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)

SRV - [2012/10/02 12:13:44 | 003,064,000 | ---- | M] (Skype Technologies S.A.) [Auto | Running] -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service)

SRV - [2012/09/29 18:54:26 | 000,676,936 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)

SRV - [2012/09/29 18:54:26 | 000,399,432 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)

SRV - [2012/09/22 16:34:24 | 000,976,728 | ---- | M] (Trusteer Ltd.) [Auto | Running] -- C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe -- (RapportMgmtService)

SRV - [2012/07/31 11:12:32 | 000,067,584 | ---- | M] (CobianSoft, Luis Cobian) [Auto | Running] -- C:\Program Files (x86)\Cobian Backup 11\cbVSCService11.exe -- (cbVSCService11)

SRV - [2012/02/10 10:28:06 | 000,240,408 | ---- | M] (Microsoft Corporation.) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\SeaPort.EXE -- (BBUpdate)

SRV - [2012/02/10 10:28:06 | 000,193,816 | ---- | M] (Microsoft Corporation.) [Auto | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BBSvc.EXE -- (BBSvc)

SRV - [2011/02/03 19:45:00 | 000,155,496 | ---- | M] (Lenovo.) [On_Demand | Running] -- C:\Program Files (x86)\ThinkPad\Utilities\DZSVC64.EXE -- (DozeSvc)

SRV - [2011/02/03 19:45:00 | 000,079,208 | ---- | M] (Lenovo) [On_Demand | Stopped] -- C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.exe -- (Power Manager DBC Service)

SRV - [2011/01/17 02:42:04 | 002,656,280 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS)

SRV - [2011/01/17 02:42:02 | 000,326,168 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS)

SRV - [2010/12/14 22:07:36 | 000,028,672 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files (x86)\Lenovo\System Update\SUService.exe -- (SUService)

SRV - [2010/12/11 18:39:28 | 001,028,096 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files (x86)\Common Files\Lenovo\tvt_reg_monitor_svc.exe -- (ThinkVantage Registry Monitor Service)

SRV - [2010/11/29 20:10:32 | 000,210,896 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe -- (jhi_service)

SRV - [2010/11/18 12:47:52 | 000,446,592 | ---- | M] (Conexant Systems, Inc.) [Auto | Running] -- C:\Windows\SysWOW64\SASrv.exe -- (SAService)

SRV - [2010/05/04 11:07:22 | 000,503,080 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files (x86)\Nero\Update\NASvc.exe -- (NAUpdate)

SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)

SRV - [2010/03/11 22:06:06 | 000,193,824 | ---- | M] (Protexis Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2)

SRV - [2009/06/10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)

SRV - [2008/01/10 20:13:50 | 000,061,440 | ---- | M] (Ulead Systems, Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe -- (UleadBurningHelper)

========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/09/29 18:54:26 | 000,025,928 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)

DRV:64bit: - [2012/09/22 16:34:44 | 000,101,688 | ---- | M] (Trusteer Ltd.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\RapportKE64.sys -- (RapportKE64)

DRV:64bit: - [2012/08/30 21:03:48 | 000,128,456 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)

DRV:64bit: - [2012/06/05 17:40:42 | 001,580,704 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CHDRT64.sys -- (CnxtHdAudService)

DRV:64bit: - [2012/03/01 07:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)

DRV:64bit: - [2012/03/01 02:32:39 | 000,047,208 | ---- | M] (RapidSolution Software AG) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tbhsd.sys -- (tbhsd)

DRV:64bit: - [2012/03/01 02:32:32 | 000,037,480 | ---- | M] (RapidSolution Software AG) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rrnetcap.sys -- (RRNetCapMP)

DRV:64bit: - [2012/03/01 02:32:32 | 000,037,480 | ---- | M] (RapidSolution Software AG) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rrnetcap.sys -- (RRNetCap)

DRV:64bit: - [2012/02/15 10:01:50 | 000,052,736 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)

DRV:64bit: - [2011/07/25 16:44:46 | 000,074,752 | ---- | M] (Research In Motion Limited) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RimUsb_AMD64.sys -- (RimUsb)

DRV:64bit: - [2011/07/20 12:58:22 | 000,044,032 | ---- | M] (Research in Motion Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RimSerial_AMD64.sys -- (RimVSerPort)

DRV:64bit: - [2011/03/15 21:25:29 | 000,031,152 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\pmxdrv.sys -- (pmxdrv)

DRV:64bit: - [2011/03/11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)

DRV:64bit: - [2011/03/11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)

DRV:64bit: - [2011/02/03 19:45:00 | 000,031,344 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\DZHDD64.SYS -- (DzHDD64)

DRV:64bit: - [2011/02/03 19:45:00 | 000,014,960 | ---- | M] (Lenovo Group Limited) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\TPPWR64V.SYS -- (TPPWRIF)

DRV:64bit: - [2010/12/21 17:08:48 | 008,505,856 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NETwNs64.sys -- (NETwNs64)

DRV:64bit: - [2010/12/20 17:31:00 | 000,316,080 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\e1c62x64.sys -- (e1cexpress)

DRV:64bit: - [2010/12/19 01:58:00 | 000,425,000 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwampfl.sys -- (BTWAMPFL)

DRV:64bit: - [2010/12/19 01:57:34 | 000,039,464 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwl2cap.sys -- (btwl2cap)

DRV:64bit: - [2010/12/19 01:57:34 | 000,021,416 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwrchid.sys -- (btwrchid)

DRV:64bit: - [2010/12/19 01:57:32 | 000,162,344 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwavdt.sys -- (btwavdt)

DRV:64bit: - [2010/12/19 01:57:32 | 000,145,960 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwaudio.sys -- (btwaudio)

DRV:64bit: - [2010/12/16 09:39:08 | 012,256,512 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)

DRV:64bit: - [2010/12/16 04:56:06 | 001,402,416 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)

DRV:64bit: - [2010/12/16 00:45:16 | 000,139,888 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\ApsX64.sys -- (Shockprf)

DRV:64bit: - [2010/12/16 00:43:00 | 000,023,664 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\ApsHM64.sys -- (TPDIGIMN)

DRV:64bit: - [2010/12/15 04:12:00 | 000,098,816 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\risdxc64.sys -- (risdxc)

DRV:64bit: - [2010/12/03 21:56:26 | 000,167,680 | ---- | M] (Ricoh co.,Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\5U877.sys -- (5U877)

DRV:64bit: - [2010/12/03 21:01:58 | 000,031,592 | ---- | M] (Lenovo Group Limited) [Kernel | System | Running] -- C:\Program Files\Lenovo\RapidBoot\PHCORE64.sys -- (PHCORE)

DRV:64bit: - [2010/11/30 13:42:48 | 000,017,408 | ---- | M] (ELECOM) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ElcMouUFlt.sys -- (ElcMouUFlt)

DRV:64bit: - [2010/11/20 14:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)

DRV:64bit: - [2010/11/20 12:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)

DRV:64bit: - [2010/11/20 10:37:42 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)

DRV:64bit: - [2010/11/12 10:48:30 | 000,039,024 | ---- | M] (Lenovo.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ibmpmdrv.sys -- (IBMPMDRV)

DRV:64bit: - [2010/11/05 15:45:48 | 000,438,808 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)

DRV:64bit: - [2010/10/19 08:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)

DRV:64bit: - [2010/10/14 16:28:16 | 000,317,440 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud)

DRV:64bit: - [2010/10/05 07:30:58 | 000,018,432 | ---- | M] (ELECOM) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ElcMouLFlt.sys -- (ElcMouLFlt)

DRV:64bit: - [2010/09/07 06:09:36 | 000,015,472 | ---- | M] (Lenovo Group Limited) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\smiifx64.sys -- (lenovo.smi)

DRV:64bit: - [2009/12/02 08:33:30 | 000,040,512 | ---- | M] (Lenovo (United States) Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\psadd.sys -- (psadd)

DRV:64bit: - [2009/09/24 12:58:38 | 000,041,536 | ---- | M] (Lenovo (United States) Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tvti2c.sys -- (TVTI2C)

DRV:64bit: - [2009/07/14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)

DRV:64bit: - [2009/07/14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)

DRV:64bit: - [2009/07/14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)

DRV:64bit: - [2009/07/14 01:10:47 | 000,011,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rootmdm.sys -- (ROOTMODEM)

DRV:64bit: - [2009/07/14 00:21:48 | 000,038,400 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tpm.sys -- (TPM)

DRV:64bit: - [2009/06/10 22:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (SrvHsfV92)

DRV:64bit: - [2009/06/10 22:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (SrvHsfWinac)

DRV:64bit: - [2009/06/10 22:01:11 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTAZL6.SYS -- (SrvHsfHDA)

DRV:64bit: - [2009/06/10 21:35:28 | 005,434,368 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netw5v64.sys -- (netw5v64)

DRV:64bit: - [2009/06/10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)

DRV:64bit: - [2009/06/10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)

DRV:64bit: - [2009/06/10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)

DRV:64bit: - [2009/06/10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)

DRV:64bit: - [2009/05/18 12:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)

DRV:64bit: - [2009/03/13 21:47:34 | 000,013,840 | ---- | M] (UPEK Inc.) [Kernel | Auto | Running] -- C:\Program Files\ThinkVantage Fingerprint Software\smihlp.sys -- (smihlp)

DRV:64bit: - [2008/03/17 11:06:14 | 000,115,328 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ewusbmdm.sys -- (hwdatacard)

DRV - [2012/10/31 11:07:53 | 000,505,720 | ---- | M] () [Kernel | System | Running] -- C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\43926\RapportCerberus64_43926.sys -- (RapportCerberus_43926)

DRV - [2012/09/22 16:34:44 | 000,055,096 | ---- | M] (Trusteer Ltd.) [Kernel | System | Running] -- C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys -- (RapportEI64)

DRV - [2012/09/22 16:34:42 | 000,297,240 | ---- | M] (Trusteer Ltd.) [Kernel | System | Running] -- C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys -- (RapportPG64)

DRV - [2009/07/14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {BE87916A-9E77-4755-B92F-8737989D649A}

IE:64bit: - HKLM\..\SearchScopes\{BE87916A-9E77-4755-B92F-8737989D649A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=LEMDF8&pc=MALC&src=IE-SearchBox

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKLM\..\SearchScopes,DefaultScope = {D8E4E56F-78F8-444E-A253-ED854D6E4592}

IE - HKLM\..\SearchScopes\{D8E4E56F-78F8-444E-A253-ED854D6E4592}: "URL" = http://www.bing.com/search?q={searchTerms}&form=LEMDF8&pc=MALC&src=IE-SearchBox

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://www.lenovo.com/welcome/thinkpad [binary data]

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://lenovo.msn.com

IE - HKCU\..\SearchScopes,DefaultScope = {D8E4E56F-78F8-444E-A253-ED854D6E4592}

IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_4_402_287.dll File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll ()

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()

FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)

FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_37: C:\Windows\SysWOW64\npdeployJava1.dll (Sun Microsystems, Inc.)

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@RIM.com/WebSLLauncher,version=1.0: C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll ()

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.2: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)

FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\Cedric\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)

FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\Cedric\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)

FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\Cedric\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()

FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Cedric\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)

FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Cedric\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)

========== Chrome ==========

CHR - homepage: http://www.google.fr/

CHR - default_search_provider: Google (Enabled)

CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}

CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}

CHR - homepage: http://www.google.fr/

CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer

CHR - plugin: Native Client (Enabled) = C:\Users\Cedric\AppData\Local\Google\Chrome\Application\21.0.1180.83\ppGoogleNaClPluginChrome.dll

CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Cedric\AppData\Local\Google\Chrome\Application\21.0.1180.83\pdf.dll

CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Cedric\AppData\Local\Google\Chrome\Application\21.0.1180.83\gcswf32.dll

CHR - plugin: Shockwave Flash (Disabled) = C:\Users\Cedric\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll

CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll

CHR - plugin: Google Talk Plugin (Enabled) = C:\Users\Cedric\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll

CHR - plugin: Google Talk Plugin Video Accelerator (Enabled) = C:\Users\Cedric\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll

CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL

CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll

CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll

CHR - plugin: Java Platform SE 6 U31 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll

CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

CHR - plugin: Facebook Video Calling Plugin (Enabled) = C:\Users\Cedric\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll

CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll

CHR - Extension: YouTube = C:\Users\Cedric\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\

CHR - Extension: Recherche Google = C:\Users\Cedric\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\

CHR - Extension: AdBlock = C:\Users\Cedric\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.5.41_0\

CHR - Extension: Skype Click to Call = C:\Users\Cedric\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.1.0.10441_0\

CHR - Extension: Gmail = C:\Users\Cedric\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2012/11/02 11:56:52 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O2:64bit: - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)

O2 - BHO: (Bing Bar Helper) - {1dad3af3-ef2f-4f64-ac4b-11789189fcb6} - C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BingExt.dll (Microsoft Corporation.)

O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)

O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O2 - BHO: (Nero Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)

O3 - HKLM\..\Toolbar: (Nero Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)

O3 - HKLM\..\Toolbar: (Bing Bar) - {eec0f710-38b5-4aba-99bf-ec87564a4e13} - C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BingExt.dll (Microsoft Corporation.)

O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.

O3 - HKCU\..\Toolbar\WebBrowser: (Nero Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)

O4:64bit: - HKLM..\Run: [ALCKRESI.EXE] C:\Program Files\Lenovo\AutoLock\ALCKRESI.exe (Lenovo Group Limited)

O4:64bit: - HKLM..\Run: [ElcMouse] C:\Program Files\ELECOM_Mouse_Driver\ElcMouseApl.exe ()

O4:64bit: - HKLM..\Run: [ForteConfig] C:\Program Files\CONEXANT\ForteConfig\fmapp.exe ()

O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)

O4:64bit: - HKLM..\Run: [igfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)

O4:64bit: - HKLM..\Run: [LENOVO.TPKNRRES] C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe (Lenovo Group Limited)

O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)

O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)

O4:64bit: - HKLM..\Run: [smartAudio] C:\Program Files\CONEXANT\SAII\SAIICpl.exe (Conexant systems, Inc.)

O4:64bit: - HKLM..\Run: [TpShocks] C:\Windows\SysNative\TpShocks.exe (Lenovo.)

O4 - HKLM..\Run: [] File not found

O4 - HKLM..\Run: [ApnUpdater] C:\Program Files (x86)\Ask.com\Updater\Updater.exe (Ask)

O4 - HKLM..\Run: [iMSS] C:\Program Files (x86)\Intel\Intel® Management Engine Components\IMSS\PIconStartup.exe (Intel Corporation)

O4 - HKLM..\Run: [PWMTRV] C:\Program Files (x86)\ThinkPad\Utilities\PWMTR64V.DLL (Lenovo Group Limited)

O4 - HKLM..\Run: [RotateImage] C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe (Ricoh co.,Ltd.)

O4 - HKLM..\Run: [WinampAgent] C:\Program Files (x86)\Winamp\winampa.exe (Nullsoft, Inc.)

O4 - Startup: C:\Users\Cedric\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableCAD = 1

O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O8:64bit: - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000 File not found

O8:64bit: - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105 File not found

O8:64bit: - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm ()

O8:64bit: - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm ()

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000 File not found

O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105 File not found

O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm ()

O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm ()

O9:64bit: - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)

O9:64bit: - Extra Button: @C:\Program Files\ThinkPad\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm ()

O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\ThinkPad\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm ()

O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O9 - Extra Button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm ()

O9 - Extra 'Tools' menuitem : Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm ()

O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000010 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000010 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)

O13 - gopher Prefix: missing

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 1.6.0_37)

O16 - DPF: {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 1.6.0_37)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 1.6.0_37)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0E09DE6D-DB27-415C-AD6B-C61FF7EDA61B}: DhcpNameServer = 192.168.1.1

O18:64bit: - Protocol\Handler\livecall - No CLSID value found

O18:64bit: - Protocol\Handler\msnim - No CLSID value found

O18:64bit: - Protocol\Handler\skype4com - No CLSID value found

O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)

O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found

O18:64bit: - Protocol\Handler\wlpg - No CLSID value found

O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)

O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)

O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)

O20:64bit: - Winlogon\Notify\psfus: DllName - (C:\Program Files\ThinkVantage Fingerprint Software\psqlpwd.dll) - C:\Program Files\ThinkVantage Fingerprint Software\psqlpwd.dll (UPEK Inc.)

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O32 - HKLM CDRom: AutoRun - 1

O34 - HKLM BootExecute: (autocheck autochk *)

O35:64bit: - HKLM\..comfile [open] -- "%1" %*

O35:64bit: - HKLM\..exefile [open] -- "%1" %*

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*

O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*

O37 - HKLM\...com [@ = ComFile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)

O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)

Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)

Drivers32: msacm.dvacm - C:\Program Files (x86)\Common Files\Ulead Systems\vio\DVACM.acm (Ulead Systems, Inc.)

Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)

Drivers32: msacm.mpegacm - C:\Program Files (x86)\Common Files\Ulead Systems\MPEG\MPEGACM.acm (Ulead Systems, Inc.)

Drivers32: msacm.ulmp3acm - C:\Program Files (x86)\Common Files\Ulead Systems\MPEG\ulmp3acm.acm (Ulead systems)

Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)

Drivers32: VIDC.MP42 - C:\Windows\SysWow64\mpg4c32.dll (Microsoft Corporation)

Drivers32: VIDC.MPG4 - C:\Windows\SysWow64\mpg4c32.dll (Microsoft Corporation)

CREATERESTOREPOINT

Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2012/11/02 21:07:20 | 000,000,000 | --SD | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenOffice.org 3.4.1

[2012/11/02 21:06:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\OpenOffice.org 3

[2012/11/02 20:42:50 | 000,000,000 | -HSD | C] -- C:\Config.Msi

[2012/11/02 15:54:49 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN

[2012/11/02 15:43:20 | 000,000,000 | ---D | C] -- C:\Users\Cedric\AppData\Local\{ABAC34ED-E40C-48A6-94DF-B5855AD3F1A6}

[2012/11/02 12:14:04 | 000,000,000 | ---D | C] -- C:\Windows\temp

[2012/11/02 11:44:30 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe

[2012/11/02 11:44:30 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe

[2012/11/02 11:44:30 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe

[2012/11/02 11:34:07 | 000,000,000 | ---D | C] -- C:\Qoobox

[2012/11/02 11:33:19 | 000,000,000 | ---D | C] -- C:\Windows\erdnt

[2012/11/02 11:14:09 | 000,000,000 | ---D | C] -- C:\Users\Cedric\Desktop\RK_Quarantine

[2012/11/02 07:00:04 | 000,000,000 | ---D | C] -- C:\Users\Cedric\AppData\Roaming\Mozilla

[2012/11/01 23:45:24 | 000,000,000 | ---D | C] -- C:\Windows\pss

[2012/11/01 21:49:09 | 000,000,000 | ---D | C] -- C:\Users\Cedric\AppData\Local\{61CAB3AE-3C6C-41FC-B55E-B24BBEE37D88}

[2012/11/01 09:48:34 | 000,000,000 | ---D | C] -- C:\Users\Cedric\AppData\Local\{63AFCA17-9F9D-4158-927C-8E6820352DC5}

[2012/10/31 21:48:11 | 000,000,000 | ---D | C] -- C:\Users\Cedric\AppData\Local\{88C8C98F-B31A-4117-BB3F-EC079DCCB006}

[2012/10/31 11:06:58 | 000,101,688 | ---- | C] (Trusteer Ltd.) -- C:\Windows\SysNative\drivers\RapportKE64.sys

[2012/10/31 11:06:12 | 000,000,000 | ---D | C] -- C:\Users\Cedric\AppData\Local\Trusteer

[2012/10/31 11:06:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Trusteer Rapport

[2012/10/31 11:05:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Trusteer

[2012/10/31 11:02:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Trusteer

[2012/10/31 09:47:49 | 000,000,000 | ---D | C] -- C:\Users\Cedric\AppData\Local\{4B891243-F853-4894-BE2E-7B75689DB74C}

[2012/10/30 18:36:39 | 000,000,000 | ---D | C] -- C:\Users\Cedric\AppData\Local\{A318BF90-51FB-44F3-AE2B-707475A64273}

[2012/10/30 06:36:28 | 000,000,000 | ---D | C] -- C:\Users\Cedric\AppData\Local\{2C9CED35-C577-4AB7-909A-9D34B22200B3}

[2012/10/29 22:03:53 | 000,000,000 | ---D | C] -- C:\Users\Cedric\AppData\Local\{BAFD767F-50B8-42AD-B060-F12470463F47}

[2012/10/26 16:18:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java

[2012/10/26 16:18:30 | 000,157,680 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe

[2012/10/26 16:18:30 | 000,149,488 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe

[2012/10/26 16:18:30 | 000,149,488 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe

[2012/10/26 16:11:56 | 000,000,000 | ---D | C] -- C:\Users\Cedric\AppData\Local\{ABAF88BB-E989-4AC9-8F92-DDD3F43CC304}

[2012/10/25 21:37:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cobian Backup 11

[2012/10/25 21:37:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Cobian Backup 11

[2012/10/25 17:10:54 | 000,000,000 | ---D | C] -- C:\Users\Cedric\AppData\Roaming\Malwarebytes

[2012/10/25 17:10:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware

[2012/10/25 17:10:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes

[2012/10/25 17:10:04 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys

[2012/10/25 17:10:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware

[2012/10/25 12:08:59 | 000,000,000 | ---D | C] -- C:\Users\Cedric\AppData\Local\{E170CB48-303E-47F5-8253-6A3E9CF9DEE6}

[2012/10/24 23:59:37 | 000,000,000 | ---D | C] -- C:\Users\Cedric\AppData\Local\{1B5AE5DF-4F4A-49C4-A909-899708BAC085}

[2012/10/24 11:59:02 | 000,000,000 | ---D | C] -- C:\Users\Cedric\AppData\Local\{E2429550-B3AC-4263-A882-95769D96E4AE}

[2012/10/23 11:11:03 | 000,000,000 | ---D | C] -- C:\Users\Cedric\AppData\Local\{47F3FDAC-5607-4756-B204-B051A54F2768}

[2012/10/22 22:01:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip

[2012/10/22 22:01:35 | 000,000,000 | ---D | C] -- C:\Program Files\7-Zip

[2012/10/22 11:29:23 | 000,000,000 | ---D | C] -- C:\Users\Cedric\AppData\Local\{276D49AE-335F-4A33-BE79-487E6B08AFEA}

[2012/10/19 13:23:36 | 000,000,000 | ---D | C] -- C:\Users\Cedric\AppData\Local\{2257F5FE-0139-433C-B755-1332399B5C0C}

[2012/10/19 01:23:12 | 000,000,000 | ---D | C] -- C:\Users\Cedric\AppData\Local\{CF86EF16-719F-4484-B59D-4E2D78806B71}

[2012/10/18 12:25:40 | 000,000,000 | ---D | C] -- C:\Users\Cedric\AppData\Local\{5F023312-0B84-4E9E-8FD2-C5E936982D56}

[2012/10/18 00:25:06 | 000,000,000 | ---D | C] -- C:\Users\Cedric\AppData\Local\{D5B86DE3-65FC-48B4-B4AB-5FE686B09FFA}

[2012/10/17 21:39:46 | 000,000,000 | ---D | C] -- C:\Users\Cedric\Documents\back up ANGELICA II

[2012/10/17 12:24:44 | 000,000,000 | ---D | C] -- C:\Users\Cedric\AppData\Local\{589C2DED-6173-4FB7-8E34-E2482AC962DB}

[2012/10/17 00:24:22 | 000,000,000 | ---D | C] -- C:\Users\Cedric\AppData\Local\{D0F8C3C3-049F-41D0-964B-946D919ED3D0}

[2012/10/16 12:24:06 | 000,000,000 | ---D | C] -- C:\Users\Cedric\AppData\Local\{D4400836-0A0C-49C4-848A-774C4EF75D55}

[2012/10/15 11:17:22 | 000,000,000 | ---D | C] -- C:\Users\Cedric\AppData\Local\{6CCC5358-993D-4EDA-9493-8B62450B2DEB}

[2012/10/13 21:42:05 | 000,000,000 | ---D | C] -- C:\Users\Cedric\AppData\Local\{21085959-FA22-4F57-905B-2619953F20FA}

[2012/10/13 09:41:40 | 000,000,000 | ---D | C] -- C:\Users\Cedric\AppData\Local\{20FD0026-71E7-4D86-B4E8-6A19424A8649}

[2012/10/12 12:17:41 | 000,000,000 | ---D | C] -- C:\Users\Cedric\AppData\Local\{E7D30600-45B3-4DDA-849C-63FF04B50D49}

[2012/10/11 11:32:11 | 000,000,000 | ---D | C] -- C:\Users\Cedric\AppData\Local\{D6FC5F46-C182-4D57-B6DC-7625E8F9EBA4}

[2012/10/10 23:40:09 | 000,000,000 | ---D | C] -- C:\Users\Cedric\AppData\Local\{37C1315A-8FBF-4542-9F39-5F3544A00076}

[2012/10/10 11:02:14 | 005,559,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe

[2012/10/10 11:02:14 | 003,914,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe

[2012/10/10 11:02:13 | 003,968,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe

[2012/10/10 11:02:02 | 001,162,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kernel32.dll

[2012/10/10 11:02:02 | 000,424,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KernelBase.dll

[2012/10/10 11:02:01 | 000,338,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\conhost.exe

[2012/10/10 11:02:01 | 000,215,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winsrv.dll

[2012/10/10 11:01:58 | 000,243,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64.dll

[2012/10/10 11:01:58 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe

[2012/10/10 11:01:57 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntvdm64.dll

[2012/10/10 11:01:56 | 000,362,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64win.dll

[2012/10/10 11:01:56 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll

[2012/10/10 11:01:56 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64cpu.dll

[2012/10/10 11:01:55 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe

[2012/10/10 11:01:55 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll

[2012/10/10 11:01:55 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll

[2012/10/10 11:01:55 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll

[2012/10/10 11:01:55 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll

[2012/10/10 11:01:55 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll

[2012/10/10 11:01:55 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll

[2012/10/10 11:01:55 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-string-l1-1-0.dll

[2012/10/10 11:01:55 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll

[2012/10/10 11:01:54 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-file-l1-1-0.dll

[2012/10/10 11:01:54 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processthreads-l1-1-0.dll

[2012/10/10 11:01:54 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll

[2012/10/10 11:01:54 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll

[2012/10/10 11:01:54 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll

[2012/10/10 11:01:54 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-memory-l1-1-0.dll

[2012/10/10 11:01:54 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll

[2012/10/10 11:01:54 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll

[2012/10/10 11:01:54 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll

[2012/10/10 11:01:54 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll

[2012/10/10 11:01:54 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-profile-l1-1-0.dll

[2012/10/10 11:01:54 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-io-l1-1-0.dll

[2012/10/10 11:01:54 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll

[2012/10/10 11:01:54 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll

[2012/10/10 11:01:54 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll

[2012/10/10 11:01:54 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll

[2012/10/10 11:01:54 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-delayload-l1-1-0.dll

[2012/10/10 11:01:54 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll

[2012/10/10 11:01:54 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-debug-l1-1-0.dll

[2012/10/10 11:01:53 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-threadpool-l1-1-0.dll

[2012/10/10 11:01:53 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-synch-l1-1-0.dll

[2012/10/10 11:01:53 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-xstate-l1-1-0.dll

[2012/10/10 11:01:53 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll

[2012/10/10 11:01:53 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-datetime-l1-1-0.dll

[2012/10/10 11:01:52 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-file-l1-1-0.dll

[2012/10/10 11:01:52 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localregistry-l1-1-0.dll

[2012/10/10 11:01:52 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-namedpipe-l1-1-0.dll

[2012/10/10 11:01:52 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-heap-l1-1-0.dll

[2012/10/10 11:01:51 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll

[2012/10/10 11:01:51 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-security-base-l1-1-0.dll

[2012/10/10 11:01:51 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll

[2012/10/10 11:01:51 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll

[2012/10/10 11:01:51 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-rtlsupport-l1-1-0.dll

[2012/10/10 11:01:51 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processenvironment-l1-1-0.dll

[2012/10/10 11:01:51 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-misc-l1-1-0.dll

[2012/10/10 11:01:51 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-libraryloader-l1-1-0.dll

[2012/10/10 11:01:51 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll

[2012/10/10 11:01:51 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-util-l1-1-0.dll

[2012/10/10 11:01:51 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-string-l1-1-0.dll

[2012/10/10 11:01:51 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-io-l1-1-0.dll

[2012/10/10 11:01:51 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-interlocked-l1-1-0.dll

[2012/10/10 11:01:51 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-handle-l1-1-0.dll

[2012/10/10 11:01:51 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-fibers-l1-1-0.dll

[2012/10/10 11:01:51 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-errorhandling-l1-1-0.dll

[2012/10/10 11:01:50 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-sysinfo-l1-1-0.dll

[2012/10/10 11:01:50 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll

[2012/10/10 11:01:50 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localization-l1-1-0.dll

[2012/10/10 11:01:50 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-console-l1-1-0.dll

[2012/10/10 11:01:50 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-console-l1-1-0.dll

[2012/10/10 11:01:50 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe

[2012/10/10 11:01:32 | 000,220,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wintrust.dll

[2012/10/10 11:01:07 | 001,464,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\crypt32.dll

[2012/10/10 11:01:05 | 000,140,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cryptnet.dll

[2012/10/10 10:53:52 | 000,000,000 | ---D | C] -- C:\Users\Cedric\AppData\Local\{05B98F24-7E25-40D9-AC3D-66C3BA6DED00}

[2012/10/09 22:53:00 | 000,000,000 | ---D | C] -- C:\Users\Cedric\AppData\Local\{931F23F1-24FE-4C70-ADD7-FAE663A153AD}

[2012/10/09 10:24:47 | 000,000,000 | ---D | C] -- C:\Users\Cedric\AppData\Local\{76FBDF50-125E-48E8-B2B3-F15A633B6709}

[2012/10/08 21:13:17 | 000,000,000 | ---D | C] -- C:\Users\Cedric\AppData\Local\{403F8422-CFE6-4641-9477-0B3B65970E8A}

[2012/10/08 09:12:54 | 000,000,000 | ---D | C] -- C:\Users\Cedric\AppData\Local\{80C7D969-439B-4863-B06D-42289BD2D848}

[2012/10/07 22:26:38 | 000,000,000 | ---D | C] -- C:\Users\Cedric\AppData\Roaming\OpenOffice.org

[2012/10/07 22:24:00 | 000,000,000 | ---D | C] -- C:\Users\Cedric\Desktop\OpenOffice.org 3.4.1 (fr) Installation Files

[2012/10/06 18:09:52 | 000,000,000 | ---D | C] -- C:\Users\Cedric\AppData\Local\{67F853FD-68E2-4996-B53F-AB680C7310A7}

[2012/10/06 06:09:19 | 000,000,000 | ---D | C] -- C:\Users\Cedric\AppData\Local\{7F00D982-F60A-44F9-98C2-11B56F517E7A}

[2012/10/05 15:23:58 | 000,000,000 | ---D | C] -- C:\Users\Cedric\AppData\Local\{2D8904B3-4CEC-42A0-8927-D8885D26CFCB}

========== Files - Modified Within 30 Days ==========

[2012/11/03 00:45:00 | 000,001,008 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

[2012/11/03 00:31:32 | 000,001,100 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-3945560438-835355012-1364033068-1000UA.job

[2012/11/02 23:59:00 | 000,001,082 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3945560438-835355012-1364033068-1000UA.job

[2012/11/02 21:08:07 | 000,001,246 | ---- | M] () -- C:\Users\Cedric\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk

[2012/11/02 20:07:25 | 000,020,704 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

[2012/11/02 20:07:25 | 000,020,704 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

[2012/11/02 20:06:22 | 000,726,444 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI

[2012/11/02 20:06:22 | 000,616,242 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat

[2012/11/02 20:06:22 | 000,106,622 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat

[2012/11/02 20:00:25 | 000,001,004 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job

[2012/11/02 20:00:06 | 000,000,466 | ---- | M] () -- C:\Windows\tasks\SystemToolsDailyTest.job

[2012/11/02 19:59:54 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2012/11/02 19:59:07 | 3132,542,976 | -HS- | M] () -- C:\hiberfil.sys

[2012/11/02 16:23:20 | 000,011,770 | ---- | M] () -- C:\Users\Cedric\Documents\list eemploi belgique.ods

[2012/11/02 15:31:00 | 000,001,078 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-3945560438-835355012-1364033068-1000Core.job

[2012/11/02 11:59:02 | 000,001,030 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3945560438-835355012-1364033068-1000Core.job

[2012/11/02 11:56:52 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts

[2012/10/30 06:35:30 | 000,000,528 | ---- | M] () -- C:\Windows\tasks\PCDoctorBackgroundMonitorTask.job

[2012/10/26 16:34:26 | 000,013,538 | ---- | M] () -- C:\Users\Cedric\Documents\relevé edf magenta.odt

[2012/10/26 11:41:52 | 000,110,888 | ---- | M] () -- C:\Users\Cedric\Documents\etat-des-lieux sortie magenta 2012 10 26.pdf

[2012/10/25 17:10:09 | 000,001,120 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

[2012/10/17 10:31:05 | 000,151,207 | ---- | M] () -- C:\Users\Cedric\Documents\ETicket_radiohead.pdf

[2012/10/12 03:53:26 | 000,027,494 | ---- | M] () -- C:\Users\Cedric\Documents\saphie.odt

[2012/10/11 12:06:14 | 000,020,047 | ---- | M] () -- C:\Users\Cedric\Documents\sumo sophie.odt

[2012/10/09 22:55:23 | 000,021,429 | ---- | M] () -- C:\Users\Cedric\Documents\convocation pole emploi.pdf

[2012/10/09 10:25:43 | 000,696,760 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe

[2012/10/09 10:25:42 | 000,073,656 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

[2012/10/08 09:12:01 | 000,397,336 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT

========== Files Created - No Company Name ==========

[2012/11/02 21:08:07 | 000,001,246 | ---- | C] () -- C:\Users\Cedric\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk

[2012/11/02 11:44:30 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe

[2012/11/02 11:44:30 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe

[2012/11/02 11:44:30 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe

[2012/11/02 11:44:30 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe

[2012/11/02 11:44:30 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe

[2012/10/26 16:34:23 | 000,013,538 | ---- | C] () -- C:\Users\Cedric\Documents\relevé edf magenta.odt

[2012/10/26 11:41:49 | 000,110,888 | ---- | C] () -- C:\Users\Cedric\Documents\etat-des-lieux sortie magenta 2012 10 26.pdf

[2012/10/25 17:10:09 | 000,001,120 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

[2012/10/17 10:31:05 | 000,151,207 | ---- | C] () -- C:\Users\Cedric\Documents\ETicket_radiohead.pdf

[2012/10/17 02:11:16 | 000,011,770 | ---- | C] () -- C:\Users\Cedric\Documents\list eemploi belgique.ods

[2012/10/12 01:55:37 | 000,027,494 | ---- | C] () -- C:\Users\Cedric\Documents\saphie.odt

[2012/10/11 00:42:31 | 000,020,047 | ---- | C] () -- C:\Users\Cedric\Documents\sumo sophie.odt

[2012/10/09 22:55:23 | 000,021,429 | ---- | C] () -- C:\Users\Cedric\Documents\convocation pole emploi.pdf

[2012/09/20 19:56:45 | 000,002,374 | ---- | C] () -- C:\Windows\ElcMouse.ini

[2011/11/04 07:40:25 | 000,007,656 | ---- | C] () -- C:\Users\Cedric\AppData\Local\Resmon.ResmonCfg

[2011/07/18 22:14:10 | 000,736,616 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI

[2011/03/15 22:00:14 | 000,066,856 | ---- | C] () -- C:\Windows\SysWow64\SynTPEnhPS.dll

[2011/03/15 21:30:22 | 000,960,940 | ---- | C] () -- C:\Windows\SysWow64\igkrng600.bin

[2011/03/15 21:30:22 | 000,207,376 | ---- | C] () -- C:\Windows\SysWow64\igfcg600m.bin

[2011/03/15 21:30:21 | 000,145,804 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng600.bin

========== ZeroAccess Check ==========

[2009/07/14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

"" = C:\Windows\SysNative\shell32.dll -- [2012/06/09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

"" = %SystemRoot%\system32\shell32.dll -- [2012/06/09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64

"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]

"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64

"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== Custom Scans ==========

< %SYSTEMDRIVE%\*.* >

[2012/08/23 00:23:21 | 000,253,952 | ---- | M] () -- C:\1036.MST

[2012/11/03 00:40:22 | 000,004,618 | ---- | M] () -- C:\AdwCleaner[R1].txt

[2009/07/14 02:38:58 | 000,383,562 | R-S- | M] () -- C:\bootmgr

[2009/07/24 18:28:58 | 000,008,192 | R-S- | M] () -- C:\BOOTSECT.BAK

[2012/11/02 12:13:53 | 000,024,191 | ---- | M] () -- C:\ComboFix.txt

[2007/12/13 07:12:32 | 000,057,344 | ---- | M] () -- C:\F405FIX.EXE

[2012/11/02 19:59:07 | 3132,542,976 | -HS- | M] () -- C:\hiberfil.sys

[2006/12/02 07:37:14 | 000,904,704 | ---- | M] (Microsoft Corporation) -- C:\msdia80.dll

[2012/11/02 19:59:12 | 4176,723,968 | -HS- | M] () -- C:\pagefile.sys

[2012/11/02 14:23:03 | 000,009,194 | ---- | M] () -- C:\protection-log-2012-11-02.txt

[2012/08/23 00:23:41 | 089,387,520 | ---- | M] () -- C:\Rescue and Recovery.msi

[2011/03/15 21:25:23 | 000,000,211 | ---- | M] () -- C:\setup.log

< %systemroot%\*. /mp /s >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >

========== Alternate Data Streams ==========

@Alternate Data Stream - 114 bytes -> C:\ProgramData\TEMP:EEDA5B17

< End of report >

Link to post
Share on other sites
TheDarkKnight

TheDarkKnight

Posted
Posted

Hello cedrill,

You have the Ask Toolbar (AskBarDis)/Nero Toolbar installed. I strongly recommend you remove the Ask Toolbar from your computer because:

It promotes its toolbars on sites targeted at kids.

It promotes its toolbars through ads that appear to be part of other companies' sites.

It promotes its toolbars through other companies' spyware.

It is installed without any disclosure whatsoever and without any consent from the user whatsoever.

It solicits installations via "deceptive door openers" that do not accurately describe the offer; failing to affirmatively show a license agreement; linking to a EULA via an off-screen link.

It makes confusing changes to user's browsers -- increasing Ask's revenues while taking users to pages they didn't intend to visit.

Please go to Start>Control Panel>Add or Remove Programs and remove the following programs (if present):

  • Ask.com
  • AskBarDis
  • Nero Toolbar

Please restart your computer after these program removal.

=====

  • Next, please close all open programs and internet browsers.
  • Double click on adwcleaner.exe to run the tool.
  • Click on Delete.
  • Confirm each time with OK.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile in your reply.
  • You can find the logfile at C:\AdwCleaner[s1].txt.

=====

Then, please run OTL.exe.

  • Copy the commands with file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
    :OTL
    O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
    O4 - HKLM..\Run: [] File not found
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    :Commands
    [EmptyTemp]
    [EmptyFlash]
    [Reboot]
  • Return to OTL.exe, right click in the "Custom Scans/Fixes" window (under the light green bar) and choose Paste.
  • Click the red Run Fix button.
  • A fix log in Notepad will appear. Copy the contents of the fix log to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  • Close OTL.exe

If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

=====

In your reply please provide the contents of the following logs:

  • AdwCleaner[s1].txt.
  • OTL fix log.

Is Babylon still present? Are you still experiencing the redirect?

Link to post
Share on other sites
cedrill

cedrill

Posted
  • Author
Posted

Hello,

I think I ran all the steps, but I still have the same message from malewarebytes

Blocage réussis a un site potentiellement malveillant: 46.17.97.109

Type sortant, port 49456, process chromium

Did I do something wrong?

.

From add/remove program I found only Ask.com and Nero Toolbar (not AskBarDis)

OTL had to reboot

Bellow the logs.

is it more serious than you thought?

Thanks again,

Cédric

+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

All processes killed

========== OTL ==========

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ not found.

Registry key HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Restrictions\ deleted successfully.

Registry key HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Control Panel\ deleted successfully.

========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Cedric

->Temp folder emptied: 1234688 bytes

->Temporary Internet Files folder emptied: 104942300 bytes

->Java cache emptied: 6868 bytes

->Google Chrome cache emptied: 382040327 bytes

->Flash cache emptied: 43908 bytes

User: Default

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 67 bytes

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

User: Public

->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 0 bytes

%systemroot%\System32 .tmp files removed: 0 bytes

%systemroot%\System32 (64bit) .tmp files removed: 0 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 89667 bytes

%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 67563 bytes

RecycleBin emptied: 0 bytes

Total Files Cleaned = 466,00 mb

[EMPTYFLASH]

User: All Users

User: Cedric

->Flash cache emptied: 0 bytes

User: Default

User: Default User

User: Public

Total Flash Files Cleaned = 0,00 mb

OTL by OldTimer - Version 3.2.69.0 log created on 11032012_122835

Files\Folders moved on Reboot...

C:\Users\Cedric\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

# AdwCleaner v2.006 - Logfile created 11/03/2012 at 12:22:01

# Updated 30/10/2012 by Xplode

# Operating system : Windows 7 Professional Service Pack 1 (64 bits)

# User : Cedric - CEDRIC-THINK

# Boot Mode : Normal

# Running from : C:\Users\Cedric\Downloads\adwcleaner.exe

# Option [Delete]

***** [services] *****

***** [Files / Folders] *****

Folder Deleted : C:\ProgramData\Babylon

Folder Deleted : C:\Users\Cedric\AppData\Local\Babylon

Folder Deleted : C:\Users\Cedric\AppData\Roaming\Babylon

***** [Registry] *****

Key Deleted : HKCU\Software\AppDataLow\Software

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}

Key Deleted : HKCU\Software\Softonic

Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40B7-AC73-056A5EBA4A7E}

Key Deleted : HKLM\Software\Babylon

Key Deleted : HKLM\Software\BabylonToolbar

Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF

Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]

***** [internet Browsers] *****

-\\ Internet Explorer v8.0.7601.17514

[OK] Registry is clean.

-\\ Google Chrome v [unable to get version]

File : C:\Users\Cedric\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

-\\ Chromium v22.0.1216.0

File : C:\Users\Cedric\AppData\Local\Chromium\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [4618 octets] - [03/11/2012 00:40:17]

AdwCleaner[s1].txt - [1712 octets] - [03/11/2012 12:22:01]

########## EOF - C:\AdwCleaner[s1].txt - [1772 octets] ##########

Link to post
Share on other sites
TheDarkKnight

TheDarkKnight

Posted
Posted

Hello cedrill,

You did fine. Please go to the below link to view a set of instructions on how to block a port in Windows 7:

http://maximumpcguid...ws-7s-firewall/

Please follow all instructions. When you are prompted what port you would like to block, please enter 49456. Let me know how that goes please. :)

Link to post
Share on other sites
TheDarkKnight

TheDarkKnight

Posted
Posted

Hey cedrill,

Let's check that your computer is clean.

Please download the Kaspersky Virus Removal Tool from here to your Desktop.

Double-click the Removal Tool.

Click the cog in the upper right corner:

AVPfront.gif

Select down to and including your main drive.

Once done please select the Automatic Scan tab and press Start Scan.

avpsettings.gif

Allow AVP to delete all infections found.

Once it has finished select the Report tab.

Select the Detected threats report from the left and press the Save button.

Save it to your Desktop and post the contents in your next reply.

Link to post
Share on other sites
TheDarkKnight

TheDarkKnight

Posted
Posted

Hey cedrill,

OK all good.

Please download Junkware Removal Tool to your Desktop.

  • Please close your security software to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista or 7, right-mouse click it and select Run as administrator.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete, depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your Desktop and will automatically open.
  • Please post the contents of JRT.txt into your reply.

Link to post
Share on other sites
cedrill

cedrill

Posted
  • Author
Posted

Hello,

Here it is.

Still nothing :unsure:

Junkware Removal Tool (JRT) by Thisisu

Version: 2.7.1 (11.05.2012)

OS: Windows 7 Professional x64

Ran by Cedric on 06/11/2012 at 0:22:16,24

Blog: http://thisisudax.blogspot.com

**************************************************************

*** Services: 0 Detections

*** Registry Values: 0 Detections

*** Registry Keys: 0 Detections

*** Files: 0 Detections

*** Folders: 0 Detections

*** Event Viewer Logs - Cleared

**************************************************************

Scan was completed on 06/11/2012 at 0:26:51,38

End of Report

Link to post
Share on other sites
TheDarkKnight

TheDarkKnight

Posted
Posted

Hey cedrill,

Please download GMER from one of the following locations and save it to your Desktop:

  • Main Mirror
    This version will download a randomly named file (Recommended)
  • Zipped Mirror
    This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your Desktop.

  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
  • Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.
  • Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.
    gmer_zip.gif
  • GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress).
  • If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
  • Now click the Scan button. If you see a rootkit warning window, click OK.
  • When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
  • Click the Copy button and paste the results into your next reply.
  • Exit GMER and be sure to re-enable your anti-virus, firewall and any other security programs you had disabled.

-- If you encounter any problems, try running GMER in Safe Mode.

-- If GMER crashes or keeps resulting in a BSODs, uncheck Devices on the right side before scanning.

Link to post
Share on other sites
cedrill

cedrill

Posted
  • Author
Posted

Hi again,

Here it is.

GMER 1.0.15.15641 - http://www.gmer.net

Rootkit scan 2012-11-06 14:11:46

Windows 6.1.7601 Service Pack 1

Running: dogjq064.exe

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\001f3ad3f74a

Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\e02a82f24c57

Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\e02a82f24c57@68ed436f99ac 0xF7 0x14 0x7A 0x32 ...

Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\001f3ad3f74a (not active ControlSet)

Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\e02a82f24c57 (not active ControlSet)

Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\e02a82f24c57@68ed436f99ac 0xF7 0x14 0x7A 0x32 ...

---- EOF - GMER 1.0.15 ----

Link to post
Share on other sites
TheDarkKnight

TheDarkKnight

Posted
Posted

Howdy cedrill,

Do these blocks in MBAM occur when you aren't using an internet browser or application accessing the internet?

Please take a look at FAQ Section G for more information about the IP blocking module in MBAM.

Please answer my question and let me know if the FAQ was any help. :)

Link to post
Share on other sites
TheDarkKnight

TheDarkKnight

Posted
Posted

Hey cedrill,

OK. Please run these scans to ensure there are rootkits.

Please download aswMBR by gmer to your Desktop.

  • Please visit this site for instructions on how to run the tool.
  • Once familiar with this tool, double click aswMBR.exe to run it.
  • Click the Scan button to start the scan. If it finds something, do NOT fix it.
  • Once the scan has completed, please save the aswMBR.txt log to the Desktop and post it in your next reply.

=====

Also, please download to your Desktop:

  • TDSSKiller.zip from here and extract it (right click on it => "Extract here").

>>> TDSSKiller: Double-click on TDSSKiller.exe to run the application.

  • Click Change parameters.
  • Make sure you check the box Loaded modules.
  • A window will popup and say Reboot is required. Please click Reboot now.
  • Then click Change parameters again. Check the box Detect TDLFS file system.
  • Click on the Start Scan button.
  • If an infected file is detected, the default action will be Cure. Instead, choose SKIP, then click on Continue. tdsskiller2.png
  • If a suspicious file is detected, the default action will be Skip, click on Continue. tdsskiller3.png
  • If you are asked to reboot the computer to complete the process, click on the Reboot Now button.
  • Once the tool has finished, please click Report. Please copy and paste the contents of that log in your reply.

    Note:
    A report will be automatically saved at the root of the System drive ((usually C:\) in the form of "
    TDSSKiller.[Version]_[Date]_[Time]_log.txt
    " (for example, C:\
    TDSSKiller.2.2.0_20.12.2009_15.31.43_log.txt
    ).

=====

Please post the contents of both logs.

Link to post
Share on other sites
cedrill

cedrill

Posted
  • Author
Posted

Hello,

Here is the aswMBR reports,

Thanks a lot,

Cédric

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software

Run date: 2012-11-07 17:53:25

-----------------------------

17:53:25.299 OS Version: Windows x64 6.1.7601 Service Pack 1

17:53:25.299 Number of processors: 4 586 0x2A07

17:53:25.299 ComputerName: CEDRIC-THINK UserName: Cedric

17:53:27.579 Initialize success

17:53:53.217 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1

17:53:53.217 Disk 0 Vendor: ST950042 0003 Size: 476940MB BusType: 3

17:53:53.227 Disk 0 MBR read successfully

17:53:53.227 Disk 0 MBR scan

17:53:53.227 Disk 0 unknown MBR code

17:53:53.232 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 1200 MB offset 2048

17:53:53.247 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 465737 MB offset 2459648

17:53:53.432 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 10000 MB offset 956291072

17:53:53.497 Disk 0 scanning C:\Windows\system32\drivers

17:54:14.700 Service scanning

17:54:36.502 Modules scanning

17:54:36.512 Disk 0 trace - called modules:

17:54:36.537 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys iaStor.sys hal.dll

17:54:36.542 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80065ea060]

17:54:36.867 3 CLASSPNP.SYS[fffff88001a5143f] -> nt!IofCallDriver -> [0xfffffa80053898c0]

17:54:36.867 5 ACPI.sys[fffff88000ee07a1] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa800538e050]

17:54:36.872 Scan finished successfully

17:55:00.070 Disk 0 MBR has been saved successfully to "C:\Users\Cedric\Documents\MBR.dat"

17:55:00.075 The log file has been saved successfully to "C:\Users\Cedric\Documents\aswMBR.txt"

Link to post
Share on other sites
TheDarkKnight

TheDarkKnight

Posted
Posted

Howdy cedrill,

I would like to confirm something.

Please download MBRCheck by a_d_13 to your Desktop from one of these locations:

http://ad13.geekstogo.com/MBRCheck.exe

http://download.bleepingcomputer.com/rootrepeal/MBRCheck.exe

http://www.kernelmode.info/MBRCheck.exe

Close all opened programs/ windows and double-click on MBRCheck.exe.

It will produce a log file saved automatically on your Desktop as "MBRCheck_[Date]_[Time].txt".

Press the "Enter" key to close the MBRCheck window and post the contents of the log file.

Link to post
Share on other sites
cedrill

cedrill

Posted
  • Author
Posted

Bonjour

Voila!

Merci,

MBRCheck, version 1.2.3

© 2010, AD

Command-line:

Windows Version: Windows 7 Professional

Windows Information: Service Pack 1 (build 7601), 64-bit

Base Board Manufacturer: LENOVO

BIOS Manufacturer: LENOVO

System Manufacturer: LENOVO

System Product Name: 41786UU

Logical Drives Mask: 0x00010004

Kernel Drivers (total 217):

0x02E4C000 \SystemRoot\system32\ntoskrnl.exe

0x02E03000 \SystemRoot\system32\hal.dll

0x00BD3000 \SystemRoot\system32\kdcom.dll

0x00C41000 \SystemRoot\system32\mcupdate_GenuineIntel.dll

0x00C90000 \SystemRoot\system32\PSHED.dll

0x00CA4000 \SystemRoot\system32\CLFS.SYS

0x00D02000 \SystemRoot\system32\CI.dll

0x00EA8000 \SystemRoot\system32\drivers\Wdf01000.sys

0x00F4C000 \SystemRoot\system32\drivers\WDFLDR.SYS

0x00F5B000 \SystemRoot\system32\drivers\ACPI.sys

0x00FB2000 \SystemRoot\system32\drivers\WMILIB.SYS

0x00FBB000 \SystemRoot\system32\drivers\msisadrv.sys

0x00FC5000 \SystemRoot\system32\drivers\pci.sys

0x00E00000 \SystemRoot\system32\drivers\vdrvroot.sys

0x00E0D000 \SystemRoot\System32\drivers\partmgr.sys

0x00E22000 \SystemRoot\system32\DRIVERS\compbatt.sys

0x00E2B000 \SystemRoot\system32\DRIVERS\BATTC.SYS

0x00E37000 \SystemRoot\system32\drivers\volmgr.sys

0x00E4C000 \SystemRoot\System32\drivers\volmgrx.sys

0x00DC2000 \SystemRoot\System32\drivers\mountmgr.sys

0x00C00000 \SystemRoot\system32\drivers\vmbus.sys

0x00DDC000 \SystemRoot\system32\drivers\winhv.sys

0x0106A000 \SystemRoot\system32\DRIVERS\iaStor.sys

0x011BE000 \SystemRoot\system32\drivers\amdxata.sys

0x01000000 \SystemRoot\system32\drivers\fltmgr.sys

0x0104C000 \SystemRoot\system32\drivers\fileinfo.sys

0x012A7000 \SystemRoot\system32\DRIVERS\MpFilter.sys

0x01436000 \SystemRoot\System32\Drivers\Ntfs.sys

0x012DF000 \SystemRoot\System32\Drivers\msrpc.sys

0x015D9000 \SystemRoot\System32\Drivers\ksecdd.sys

0x0133D000 \SystemRoot\System32\Drivers\cng.sys

0x01400000 \SystemRoot\System32\drivers\pcw.sys

0x01411000 \SystemRoot\System32\DRIVERS\DzHDD64.sys

0x0141C000 \SystemRoot\System32\Drivers\Fs_Rec.sys

0x01661000 \SystemRoot\system32\drivers\ndis.sys

0x01753000 \SystemRoot\system32\drivers\NETIO.SYS

0x017B3000 \SystemRoot\System32\Drivers\ksecpkg.sys

0x01800000 \SystemRoot\System32\drivers\tcpip.sys

0x01600000 \SystemRoot\System32\drivers\fwpkclnt.sys

0x0164A000 \SystemRoot\system32\drivers\vmstorfl.sys

0x013AF000 \SystemRoot\system32\drivers\volsnap.sys

0x017DD000 \SystemRoot\System32\DRIVERS\ApsHM64.sys

0x017E7000 \SystemRoot\System32\Drivers\spldr.sys

0x01200000 \SystemRoot\System32\drivers\rdyboost.sys

0x0123A000 \SystemRoot\System32\DRIVERS\Apsx64.sys

0x01260000 \SystemRoot\System32\Drivers\RapportKE64.sys

0x01277000 \SystemRoot\System32\Drivers\mup.sys

0x017EF000 \SystemRoot\System32\drivers\hwpolicy.sys

0x01AB3000 \SystemRoot\System32\DRIVERS\fvevol.sys

0x01AED000 \SystemRoot\system32\DRIVERS\disk.sys

0x01B03000 \SystemRoot\system32\DRIVERS\CLASSPNP.SYS

0x01B41000 \??\C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\43926\RapportCerberus64_43926.sys

0x0402A000 \??\C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys

0x04071000 \SystemRoot\System32\Drivers\Null.SYS

0x0407A000 \SystemRoot\System32\Drivers\Beep.SYS

0x0F20D000 \??\C:\Program Files\Lenovo\RapidBoot\PHCORE64.SYS

0x103B2000 \SystemRoot\System32\drivers\vga.sys

0x103C0000 \SystemRoot\System32\drivers\VIDEOPRT.SYS

0x103E5000 \SystemRoot\System32\drivers\watchdog.sys

0x103F5000 \SystemRoot\System32\DRIVERS\RDPCDD.sys

0x0F200000 \SystemRoot\system32\drivers\rdpencdd.sys

0x041EB000 \SystemRoot\system32\drivers\rdprefmp.sys

0x041F4000 \SystemRoot\System32\Drivers\Msfs.SYS

0x01BBB000 \SystemRoot\System32\Drivers\Npfs.SYS

0x01BCC000 \SystemRoot\system32\DRIVERS\tdx.sys

0x01BEE000 \SystemRoot\system32\DRIVERS\TDI.SYS

0x01A00000 \SystemRoot\system32\drivers\afd.sys

0x044B9000 \SystemRoot\System32\DRIVERS\netbt.sys

0x044FE000 \SystemRoot\system32\drivers\ws2ifsl.sys

0x04509000 \SystemRoot\system32\DRIVERS\wfplwf.sys

0x04512000 \SystemRoot\system32\DRIVERS\pacer.sys

0x04538000 \SystemRoot\system32\DRIVERS\vwififlt.sys

0x0454E000 \SystemRoot\system32\DRIVERS\netbios.sys

0x0455D000 \SystemRoot\system32\DRIVERS\serial.sys

0x0457A000 \SystemRoot\system32\DRIVERS\wanarp.sys

0x04595000 \SystemRoot\System32\drivers\Tppwr64v.sys

0x0459C000 \SystemRoot\system32\drivers\termdd.sys

0x04400000 \SystemRoot\system32\DRIVERS\rdbss.sys

0x04451000 \??\C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys

0x04464000 \SystemRoot\system32\drivers\nsiproxy.sys

0x04470000 \SystemRoot\system32\drivers\mssmbios.sys

0x0447B000 \SystemRoot\system32\DRIVERS\smiifx64.sys

0x04482000 \SystemRoot\System32\drivers\discache.sys

0x02E04000 \SystemRoot\system32\drivers\csc.sys

0x02E87000 \SystemRoot\System32\Drivers\dfsc.sys

0x02EA5000 \SystemRoot\system32\DRIVERS\blbdrive.sys

0x02EB6000 \SystemRoot\system32\DRIVERS\tunnel.sys

0x02EDC000 \SystemRoot\system32\DRIVERS\intelppm.sys

0x04A4D000 \SystemRoot\system32\DRIVERS\igdkmd64.sys

0x02EF2000 \SystemRoot\System32\drivers\dxgkrnl.sys

0x04A00000 \SystemRoot\System32\drivers\dxgmms1.sys

0x02FE6000 \SystemRoot\system32\DRIVERS\HECIx64.sys

0x04491000 \SystemRoot\system32\DRIVERS\serenum.sys

0x045B0000 \SystemRoot\system32\DRIVERS\e1c62x64.sys

0x0449D000 \SystemRoot\system32\drivers\usbehci.sys

0x058AC000 \SystemRoot\system32\drivers\USBPORT.SYS

0x05902000 \SystemRoot\system32\drivers\HDAudBus.sys

0x05A9B000 \SystemRoot\system32\DRIVERS\NETwNs64.sys

0x06306000 \SystemRoot\system32\DRIVERS\vwifibus.sys

0x06313000 \SystemRoot\system32\DRIVERS\risdxc64.sys

0x0636F000 \SystemRoot\system32\drivers\i8042prt.sys

0x0638D000 \SystemRoot\system32\drivers\kbdclass.sys

0x068A3000 \SystemRoot\system32\DRIVERS\SynTP.sys

0x06800000 \SystemRoot\system32\DRIVERS\USBD.SYS

0x06802000 \SystemRoot\system32\DRIVERS\mouclass.sys

0x06811000 \SystemRoot\system32\drivers\tpm.sys

0x06820000 \SystemRoot\system32\DRIVERS\CmBatt.sys

0x06825000 \SystemRoot\system32\DRIVERS\ibmpmdrv.sys

0x06832000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys

0x0683F000 \SystemRoot\system32\drivers\wmiacpi.sys

0x06848000 \SystemRoot\system32\drivers\CompositeBus.sys

0x06858000 \SystemRoot\system32\drivers\tbhsd.sys

0x0639C000 \SystemRoot\system32\drivers\portcls.sys

0x06868000 \SystemRoot\system32\drivers\drmk.sys

0x05A00000 \SystemRoot\system32\drivers\ks.sys

0x0688A000 \SystemRoot\system32\drivers\ksthunk.sys

0x06890000 \SystemRoot\System32\Drivers\RootMdm.sys

0x05A43000 \SystemRoot\system32\drivers\modem.sys

0x05A52000 \SystemRoot\system32\DRIVERS\AgileVpn.sys

0x05A68000 \SystemRoot\system32\DRIVERS\rasl2tp.sys

0x05A8C000 \SystemRoot\system32\DRIVERS\ndistapi.sys

0x05926000 \SystemRoot\system32\DRIVERS\ndiswan.sys

0x063D9000 \SystemRoot\system32\DRIVERS\raspppoe.sys

0x05955000 \SystemRoot\system32\DRIVERS\raspptp.sys

0x05976000 \SystemRoot\system32\DRIVERS\rassstp.sys

0x05990000 \SystemRoot\system32\DRIVERS\RimSerial_AMD64.sys

0x06898000 \SystemRoot\system32\DRIVERS\rdpbus.sys

0x063F4000 \SystemRoot\system32\DRIVERS\rrnetcap.sys

0x059A2000 \SystemRoot\system32\DRIVERS\psadd.sys

0x059B0000 \SystemRoot\system32\DRIVERS\Tvti2c.sys

0x05A98000 \SystemRoot\system32\drivers\swenum.sys

0x059BE000 \SystemRoot\system32\DRIVERS\umbus.sys

0x05800000 \SystemRoot\system32\DRIVERS\usbhub.sys

0x0585A000 \SystemRoot\System32\Drivers\NDProxy.SYS

0x0823E000 \SystemRoot\system32\drivers\CHDRT64.sys

0x08400000 \SystemRoot\system32\DRIVERS\IntcDAud.sys

0x000E0000 \SystemRoot\System32\win32k.sys

0x08453000 \SystemRoot\System32\drivers\Dxapi.sys

0x0845F000 \SystemRoot\System32\Drivers\crashdmp.sys

0x0846D000 \SystemRoot\System32\Drivers\dump_iaStor.sys

0x085C1000 \SystemRoot\System32\Drivers\dump_dumpfve.sys

0x085D4000 \SystemRoot\system32\DRIVERS\usbccgp.sys

0x085F1000 \SystemRoot\system32\DRIVERS\hidusb.sys

0x08200000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS

0x08219000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS

0x083CE000 \SystemRoot\system32\DRIVERS\5U877.sys

0x08222000 \SystemRoot\system32\DRIVERS\STREAM.SYS

0x08233000 \SystemRoot\system32\DRIVERS\ElcMouLFlt.sys

0x0586F000 \SystemRoot\system32\DRIVERS\mouhid.sys

0x0587C000 \SystemRoot\system32\DRIVERS\ElcMouUFlt.sys

0x05887000 \SystemRoot\system32\DRIVERS\monitor.sys

0x00540000 \SystemRoot\System32\TSDDD.dll

0x00680000 \SystemRoot\System32\cdd.dll

0x059D0000 \SystemRoot\system32\drivers\luafv.sys

0x059F3000 \??\C:\Windows\system32\drivers\mbam.sys

0x083F7000 \??\C:\Program Files\ThinkVantage Fingerprint Software\smihlp.sys

0x04081000 \SystemRoot\system32\drivers\WudfPf.sys

0x06331000 \SystemRoot\system32\DRIVERS\WinUSB.sys

0x040A2000 \SystemRoot\system32\DRIVERS\WUDFRd.sys

0x06342000 \SystemRoot\system32\DRIVERS\lltdio.sys

0x040D3000 \SystemRoot\system32\DRIVERS\nwifi.sys

0x06357000 \SystemRoot\system32\DRIVERS\ndisuio.sys

0x04126000 \SystemRoot\system32\DRIVERS\rspndr.sys

0x03CAF000 \SystemRoot\system32\drivers\HTTP.sys

0x03D78000 \SystemRoot\system32\DRIVERS\bowser.sys

0x03D96000 \SystemRoot\System32\drivers\mpsdrv.sys

0x03DAE000 \SystemRoot\system32\DRIVERS\mrxsmb.sys

0x03C00000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys

0x03C4E000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys

0x03C72000 \SystemRoot\system32\DRIVERS\NisDrvWFP.sys

0x0413E000 \SystemRoot\system32\drivers\peauth.sys

0x03C93000 \SystemRoot\System32\Drivers\secdrv.SYS

0x011C9000 \SystemRoot\System32\DRIVERS\srvnet.sys

0x03DDB000 \SystemRoot\System32\drivers\tcpipreg.sys

0x08020000 \SystemRoot\System32\DRIVERS\srv2.sys

0x08089000 \SystemRoot\System32\DRIVERS\srv.sys

0x08121000 \SystemRoot\system32\drivers\spsys.sys

0x779C0000 \Windows\System32\ntdll.dll

0x47720000 \Windows\System32\smss.exe

0xFFCE0000 \Windows\System32\apisetschema.dll

0xFF7F0000 \Windows\System32\autochk.exe

0xFFC30000 \Windows\System32\comdlg32.dll

0xFFA50000 \Windows\System32\setupapi.dll

0xFFA30000 \Windows\System32\sechost.dll

0x77B90000 \Windows\System32\psapi.dll

0xFF900000 \Windows\System32\wininet.dll

0xFF6F0000 \Windows\System32\ole32.dll

0xFF6E0000 \Windows\System32\nsi.dll

0x778A0000 \Windows\System32\kernel32.dll

0xFF670000 \Windows\System32\gdi32.dll

0xFF4F0000 \Windows\System32\urlmon.dll

0xFF450000 \Windows\System32\clbcatq.dll

0xFF340000 \Windows\System32\msctf.dll

0xFF0E0000 \Windows\System32\iertutil.dll

0x77B80000 \Windows\System32\normaliz.dll

0xFF0D0000 \Windows\System32\lpk.dll

0xFF0A0000 \Windows\System32\imm32.dll

0xFF080000 \Windows\System32\imagehlp.dll

0xFEFE0000 \Windows\System32\msvcrt.dll

0xFEF60000 \Windows\System32\shlwapi.dll

0xFEE80000 \Windows\System32\oleaut32.dll

0xFE0F0000 \Windows\System32\shell32.dll

0xFE070000 \Windows\System32\difxapi.dll

0xFDF40000 \Windows\System32\rpcrt4.dll

0xFDE60000 \Windows\System32\advapi32.dll

0x777A0000 \Windows\System32\user32.dll

0xFDE00000 \Windows\System32\Wldap32.dll

0xFDD30000 \Windows\System32\usp10.dll

0xFDCE0000 \Windows\System32\ws2_32.dll

0xFDCA0000 \Windows\System32\cfgmgr32.dll

0xFDC00000 \Windows\System32\comctl32.dll

0xFDB90000 \Windows\System32\KernelBase.dll

0xFDA20000 \Windows\System32\crypt32.dll

0xFD9E0000 \Windows\System32\wintrust.dll

0xFD9C0000 \Windows\System32\devobj.dll

0xFD9B0000 \Windows\System32\msasn1.dll

0x770F0000 \Windows\SysWOW64\normaliz.dll

Processes (total 118):

0 System Idle Process

4 System

404 C:\Windows\System32\smss.exe

532 csrss.exe

588 C:\Windows\System32\wininit.exe

608 csrss.exe

644 C:\Windows\System32\services.exe

664 C:\Windows\System32\lsass.exe

672 C:\Windows\System32\lsm.exe

776 C:\Windows\System32\svchost.exe

864 C:\Windows\System32\ibmpmsvc.exe

924 C:\Windows\System32\svchost.exe

996 C:\Program Files\Microsoft Security Client\MsMpEng.exe

372 C:\Windows\System32\winlogon.exe

544 C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe

1228 C:\Windows\System32\svchost.exe

1268 C:\Windows\System32\svchost.exe

1300 C:\Windows\System32\svchost.exe

1372 C:\Windows\System32\audiodg.exe

1428 C:\Windows\System32\svchost.exe

1656 C:\Program Files\ThinkVantage Fingerprint Software\upeksvr.exe

1924 WUDFHost.exe

2000 C:\Windows\System32\svchost.exe

492 C:\Windows\System32\wlanext.exe

1364 C:\Windows\System32\conhost.exe

1736 C:\Windows\System32\spoolsv.exe

1880 C:\Windows\System32\svchost.exe

2088 C:\Program Files\Lenovo\HOTKEY\tphkload.exe

2108 C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe

2144 C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

2184 C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BBSvc.EXE

2224 C:\Program Files\Bonjour\mDNSResponder.exe

2252 C:\Program Files\ThinkPad\Bluetooth Software\btwdins.exe

2300 C:\Program Files (x86)\Cobian Backup 11\cbVSCService11.exe

2396 C:\Windows\System32\CxAudMsg64.exe

2428 C:\Program Files\Intel\WiFi\bin\EvtEng.exe

2476 C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe

2592 C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe

2624 C:\Program Files\Lenovo\Communications Utility\CamMute.exe

2652 C:\Program Files\Lenovo\HOTKEY\micmute.exe

2680 C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe

2716 C:\Program Files\Lenovo\VIRTSCRL\lvvsst.exe

2768 C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe

2792 C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

2852 C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe

2880 C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe

2912 C:\Windows\SysWOW64\SASrv.exe

2980 C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe

3044 C:\Windows\System32\svchost.exe

2344 C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

1616 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

3076 C:\Windows\System32\taskhost.exe

3152 C:\Windows\System32\dwm.exe

3176 C:\Windows\explorer.exe

3484 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

3496 C:\Windows\System32\TpShocks.exe

3540 C:\Windows\System32\hkcmd.exe

3552 C:\Windows\System32\igfxpers.exe

3564 C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe

3652 C:\Program Files\Microsoft Security Client\NisSrv.exe

3716 C:\Program Files\Lenovo\AutoLock\ALCKRESI.exe

3744 C:\Program Files\Microsoft Security Client\msseces.exe

3808 C:\Windows\System32\svchost.exe

3948 C:\Windows\System32\svchost.exe

3976 C:\Program Files\CONEXANT\ForteConfig\fmapp.exe

4080 C:\Program Files\ELECOM_Mouse_Driver\ElcMouseApl.exe

4092 C:\Program Files\Windows Sidebar\sidebar.exe

1680 C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe

728 C:\Windows\SysWOW64\rundll32.exe

1564 C:\Program Files (x86)\Adobe\Reader 9.0\Reader\reader_sl.exe

4000 C:\Program Files (x86)\Winamp\winampa.exe

3844 C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

2940 C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe

3884 C:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe

4168 C:\Windows\System32\svchost.exe

4364 WmiPrvSE.exe

4420 unsecapp.exe

4512 C:\Windows\System32\rundll32.exe

4524 C:\PROGRA~1\Lenovo\ZOOM\TpScrex.exe

4532 C:\PROGRA~1\Lenovo\HOTKEY\TPONSCR.exe

4632 C:\PROGRA~1\Lenovo\VIRTSCRL\virtscrl.exe

4688 C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe

4788 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE

4988 C:\Program Files\Synaptics\SynTP\SynTPLpr.exe

4980 dllhost.exe

4184 C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

2260 C:\Windows\System32\taskeng.exe

2988 C:\Windows\System32\rundll32.exe

2036 C:\PROGRA~1\Lenovo\ZOOM\TpScrex.exe

4912 C:\PROGRA~1\Lenovo\HOTKEY\TPONSCR.exe

5076 C:\Program Files\Lenovo\HOTKEY\tpnumlkd.exe

5992 C:\Windows\System32\rundll32.exe

5700 WmiPrvSE.exe

5460 C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin

5480 C:\Program Files (x86)\ThinkPad\Utilities\SCHTASK.EXE

6108 C:\Program Files\Windows Media Player\wmpnetwk.exe

6516 C:\Program Files (x86)\Intel\Intel® Management Engine Components\IMSS\PrivacyIconClient.exe

6760 C:\Windows\System32\SearchIndexer.exe

6316 C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

6752 C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe

6780 C:\Program Files (x86)\Internet Explorer\ielowutil.exe

6948 WmiPrvSE.exe

6472 C:\Windows\System32\SearchProtocolHost.exe

6464 C:\Program Files (x86)\Nero\Update\NASvc.exe

3924 C:\Windows\System32\sppsvc.exe

5756 C:\Program Files (x86)\Lenovo\System Update\SUService.exe

3196 C:\Program Files (x86)\Common Files\Lenovo\tvt_reg_monitor_svc.exe

3476 C:\Windows\servicing\TrustedInstaller.exe

4032 C:\Program Files (x86)\ThinkPad\Utilities\DZSVC64.EXE

1852 taskhost.exe

5148 C:\Windows\System32\wbem\WmiApSrv.exe

3696 <unknown>

3364 dllhost.exe

4804 dllhost.exe

5440 C:\Users\Cedric\Downloads\MBRCheck (1).exe

5436 C:\Windows\System32\conhost.exe

5740 C:\Windows\System32\dllhost.exe

3236 C:\Windows\System32\SearchFilterHost.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`4b100000 (NTFS)

\\.\Q: --> \\.\PhysicalDrive0 at offset 0x00000071`ffb00000 (NTFS)

PhysicalDrive0 Model Number: ST9500420AS, Rev: 0003LVM1

Size Device Name MBR Status

--------------------------------------------

465 GB \\.\PhysicalDrive0 Unknown MBR code

SHA1: DBE738B53FBD2A1F00767FD6E2D4095DE99B03EB

Found non-standard or infected MBR.

Enter 'Y' and hit ENTER for more options, or 'N' to exit:

Done!

Link to post
Share on other sites
TheDarkKnight

TheDarkKnight

Posted
Posted

Hey cedrill,

Thanks for the log. Your MBR seems to either be unrecognised or faked.

  • Please download MBRScan and save it to your Desktop.
  • Doubleclick on MBRScan.exe and click the Report button. (Vista and Windows 7 Users, right click on MBRScan and then click on Run as administrator).
  • Please don't use the computer while the scan is running. The computer may not respond until the scan is done. Please be patient and don't force a restart of the computer.
  • When the scan is finished, a log file will appear.
  • Save that log file to your Desktop and post its content in your next reply.

Link to post
Share on other sites
cedrill

cedrill

Posted
  • Author
Posted

Hello,

Here is the report, but it was very fast (less than one second) is it normal?


MBRScan v1.1.1

OS             : Windows 7 Service Pack 1 (64 bit)
PROCESSOR      : Intel64 Family 6 Model 42 Stepping 7, GenuineIntel
BOOT           : Normal Boot
DATE           : 2012/11/08 (ISO 8601) at 00:10:49
________________________________________________________________________________

DISK           : Device\Harddisk0\DR0 __ST950042 0AS (0003)
BUS_TYPE       : (0x03)  P-ATA
USE_PIO        : NO
MAX_TRANSFER   : 128 Kb
ALIGNMENT_MASK : word aligned
________________________________________________________________________________

Device\Harddisk0\DR0 465.8 Go  [Fixed] ==> Lenovo boot sector .

MBR_MD5   : 6DFA341D7918DD07785E7847F1A410D7
MBR_SHA1  : 1D58D65248CA19FBE5DB9FDA2D9979CB29C3CAD0

Device\Harddisk0\Partition1 1.17 Go   0x07 NTFS / HPFS __ BOOTABLE __
Device\Harddisk0\Partition2 454.8 Go   0x07 NTFS / HPFS
Device\Harddisk0\Partition3 9.77 Go   0x07 NTFS / HPFS
________________________________________________________________________________

############################### Additional scan ################################

DRIVER  : C:\Windows\system32\hal.dll => Invisible on the disk
ADDRESS : 0x02E03000
SIZE    : 292.0 Ko

DRIVER  : C:\Windows\system32\kdcom.dll => Invisible on the disk
ADDRESS : 0x00BD3000
SIZE    : 40.0 Ko

DRIVER  : C:\Windows\system32\mcupdate_GenuineIntel.dll => Invisible on the disk
ADDRESS : 0x00C41000
SIZE    : 316.0 Ko

DRIVER  : C:\Windows\system32\CLFS.SYS => Invisible on the disk
ADDRESS : 0x00CA4000
SIZE    : 376.0 Ko

DRIVER  : C:\Windows\system32\CI.dll => Invisible on the disk
ADDRESS : 0x00D02000
SIZE    : 768.0 Ko

DRIVER  : C:\Windows\system32\drivers\Wdf01000.sys => Invisible on the disk
ADDRESS : 0x00EA8000
SIZE    : 656.0 Ko

DRIVER  : C:\Windows\system32\drivers\WDFLDR.SYS => Invisible on the disk
ADDRESS : 0x00F4C000
SIZE    : 60.0 Ko

DRIVER  : C:\Windows\system32\drivers\ACPI.sys => Invisible on the disk
ADDRESS : 0x00F5B000
SIZE    : 348.0 Ko

DRIVER  : C:\Windows\system32\drivers\WMILIB.SYS => Invisible on the disk
ADDRESS : 0x00FB2000
SIZE    : 36.0 Ko

DRIVER  : C:\Windows\system32\drivers\msisadrv.sys => Invisible on the disk
ADDRESS : 0x00FBB000
SIZE    : 40.0 Ko

DRIVER  : C:\Windows\system32\drivers\pci.sys => Invisible on the disk
ADDRESS : 0x00FC5000
SIZE    : 204.0 Ko

DRIVER  : C:\Windows\system32\drivers\vdrvroot.sys => Invisible on the disk
ADDRESS : 0x00E00000
SIZE    : 52.0 Ko

DRIVER  : C:\Windows\System32\drivers\partmgr.sys => Invisible on the disk
ADDRESS : 0x00E0D000
SIZE    : 84.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\compbatt.sys => Invisible on the disk
ADDRESS : 0x00E22000
SIZE    : 36.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\BATTC.SYS => Invisible on the disk
ADDRESS : 0x00E2B000
SIZE    : 48.0 Ko

DRIVER  : C:\Windows\system32\drivers\volmgr.sys => Invisible on the disk
ADDRESS : 0x00E37000
SIZE    : 84.0 Ko

DRIVER  : C:\Windows\System32\drivers\volmgrx.sys => Invisible on the disk
ADDRESS : 0x00E4C000
SIZE    : 368.0 Ko

DRIVER  : C:\Windows\System32\drivers\mountmgr.sys => Invisible on the disk
ADDRESS : 0x00DC2000
SIZE    : 104.0 Ko

DRIVER  : C:\Windows\system32\drivers\vmbus.sys => Invisible on the disk
ADDRESS : 0x00C00000
SIZE    : 240.0 Ko

DRIVER  : C:\Windows\system32\drivers\winhv.sys => Invisible on the disk
ADDRESS : 0x00DDC000
SIZE    : 80.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\iaStor.sys => Invisible on the disk
ADDRESS : 0x0106A000
SIZE    : 1.33 Mo

DRIVER  : C:\Windows\system32\drivers\amdxata.sys => Invisible on the disk
ADDRESS : 0x011BE000
SIZE    : 44.0 Ko

DRIVER  : C:\Windows\system32\drivers\fltmgr.sys => Invisible on the disk
ADDRESS : 0x01000000
SIZE    : 304.0 Ko

DRIVER  : C:\Windows\system32\drivers\fileinfo.sys => Invisible on the disk
ADDRESS : 0x0104C000
SIZE    : 80.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\MpFilter.sys => Invisible on the disk
ADDRESS : 0x012A7000
SIZE    : 224.0 Ko

DRIVER  : C:\Windows\System32\Drivers\Ntfs.sys => Invisible on the disk
ADDRESS : 0x01436000
SIZE    : 1.64 Mo

DRIVER  : C:\Windows\System32\Drivers\msrpc.sys => Invisible on the disk
ADDRESS : 0x012DF000
SIZE    : 376.0 Ko

DRIVER  : C:\Windows\System32\Drivers\ksecdd.sys => Invisible on the disk
ADDRESS : 0x015D9000
SIZE    : 108.0 Ko

DRIVER  : C:\Windows\System32\Drivers\cng.sys => Invisible on the disk
ADDRESS : 0x0133D000
SIZE    : 456.0 Ko

DRIVER  : C:\Windows\System32\drivers\pcw.sys => Invisible on the disk
ADDRESS : 0x01400000
SIZE    : 68.0 Ko

DRIVER  : C:\Windows\System32\DRIVERS\DzHDD64.sys => Invisible on the disk
ADDRESS : 0x01411000
SIZE    : 44.0 Ko

DRIVER  : C:\Windows\System32\Drivers\Fs_Rec.sys => Invisible on the disk
ADDRESS : 0x0141C000
SIZE    : 40.0 Ko

DRIVER  : C:\Windows\system32\drivers\ndis.sys => Invisible on the disk
ADDRESS : 0x01661000
SIZE    : 968.0 Ko

DRIVER  : C:\Windows\system32\drivers\NETIO.SYS => Invisible on the disk
ADDRESS : 0x01753000
SIZE    : 384.0 Ko

DRIVER  : C:\Windows\System32\Drivers\ksecpkg.sys => Invisible on the disk
ADDRESS : 0x017B3000
SIZE    : 168.0 Ko

DRIVER  : C:\Windows\System32\drivers\tcpip.sys => Invisible on the disk
ADDRESS : 0x01800000
SIZE    : 2.00 Mo

DRIVER  : C:\Windows\System32\drivers\fwpkclnt.sys => Invisible on the disk
ADDRESS : 0x01600000
SIZE    : 296.0 Ko

DRIVER  : C:\Windows\system32\drivers\vmstorfl.sys => Invisible on the disk
ADDRESS : 0x0164A000
SIZE    : 64.0 Ko

DRIVER  : C:\Windows\system32\drivers\volsnap.sys => Invisible on the disk
ADDRESS : 0x013AF000
SIZE    : 304.0 Ko

DRIVER  : C:\Windows\System32\DRIVERS\ApsHM64.sys => Invisible on the disk
ADDRESS : 0x017DD000
SIZE    : 40.0 Ko

DRIVER  : C:\Windows\System32\Drivers\spldr.sys => Invisible on the disk
ADDRESS : 0x017E7000
SIZE    : 32.0 Ko

DRIVER  : C:\Windows\System32\drivers\rdyboost.sys => Invisible on the disk
ADDRESS : 0x01200000
SIZE    : 232.0 Ko

DRIVER  : C:\Windows\System32\DRIVERS\Apsx64.sys => Invisible on the disk
ADDRESS : 0x0123A000
SIZE    : 152.0 Ko

DRIVER  : C:\Windows\System32\Drivers\RapportKE64.sys => Invisible on the disk
ADDRESS : 0x01260000
SIZE    : 92.0 Ko

DRIVER  : C:\Windows\System32\Drivers\mup.sys => Invisible on the disk
ADDRESS : 0x01277000
SIZE    : 72.0 Ko

DRIVER  : C:\Windows\System32\drivers\hwpolicy.sys => Invisible on the disk
ADDRESS : 0x017EF000
SIZE    : 36.0 Ko

DRIVER  : C:\Windows\System32\DRIVERS\fvevol.sys => Invisible on the disk
ADDRESS : 0x01AB3000
SIZE    : 232.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\disk.sys => Invisible on the disk
ADDRESS : 0x01AED000
SIZE    : 88.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\CLASSPNP.SYS => Invisible on the disk
ADDRESS : 0x01B03000
SIZE    : 192.0 Ko

DRIVER  : C:\Windows\System32\Drivers\Null.SYS => Invisible on the disk
ADDRESS : 0x04071000
SIZE    : 36.0 Ko

DRIVER  : C:\Windows\System32\Drivers\Beep.SYS => Invisible on the disk
ADDRESS : 0x0407A000
SIZE    : 28.0 Ko

DRIVER  : C:\Windows\System32\drivers\vga.sys => Invisible on the disk
ADDRESS : 0x103B2000
SIZE    : 56.0 Ko

DRIVER  : C:\Windows\System32\drivers\VIDEOPRT.SYS => Invisible on the disk
ADDRESS : 0x103C0000
SIZE    : 148.0 Ko

DRIVER  : C:\Windows\System32\drivers\watchdog.sys => Invisible on the disk
ADDRESS : 0x103E5000
SIZE    : 64.0 Ko

DRIVER  : C:\Windows\System32\DRIVERS\RDPCDD.sys => Invisible on the disk
ADDRESS : 0x103F5000
SIZE    : 36.0 Ko

DRIVER  : C:\Windows\system32\drivers\rdpencdd.sys => Invisible on the disk
ADDRESS : 0x0F200000
SIZE    : 36.0 Ko

DRIVER  : C:\Windows\system32\drivers\rdprefmp.sys => Invisible on the disk
ADDRESS : 0x041EB000
SIZE    : 36.0 Ko

DRIVER  : C:\Windows\System32\Drivers\Msfs.SYS => Invisible on the disk
ADDRESS : 0x041F4000
SIZE    : 44.0 Ko

DRIVER  : C:\Windows\System32\Drivers\Npfs.SYS => Invisible on the disk
ADDRESS : 0x01BBB000
SIZE    : 68.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\tdx.sys => Invisible on the disk
ADDRESS : 0x01BCC000
SIZE    : 136.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\TDI.SYS => Invisible on the disk
ADDRESS : 0x01BEE000
SIZE    : 52.0 Ko

DRIVER  : C:\Windows\system32\drivers\afd.sys => Invisible on the disk
ADDRESS : 0x01A00000
SIZE    : 548.0 Ko

DRIVER  : C:\Windows\System32\DRIVERS\netbt.sys => Invisible on the disk
ADDRESS : 0x044B9000
SIZE    : 276.0 Ko

DRIVER  : C:\Windows\system32\drivers\ws2ifsl.sys => Invisible on the disk
ADDRESS : 0x044FE000
SIZE    : 44.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\wfplwf.sys => Invisible on the disk
ADDRESS : 0x04509000
SIZE    : 36.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\pacer.sys => Invisible on the disk
ADDRESS : 0x04512000
SIZE    : 152.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\vwififlt.sys => Invisible on the disk
ADDRESS : 0x04538000
SIZE    : 88.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\netbios.sys => Invisible on the disk
ADDRESS : 0x0454E000
SIZE    : 60.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\serial.sys => Invisible on the disk
ADDRESS : 0x0455D000
SIZE    : 116.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\wanarp.sys => Invisible on the disk
ADDRESS : 0x0457A000
SIZE    : 108.0 Ko

DRIVER  : C:\Windows\System32\drivers\Tppwr64v.sys => Invisible on the disk
ADDRESS : 0x04595000
SIZE    : 28.0 Ko

DRIVER  : C:\Windows\system32\drivers\termdd.sys => Invisible on the disk
ADDRESS : 0x0459C000
SIZE    : 80.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\rdbss.sys => Invisible on the disk
ADDRESS : 0x04400000
SIZE    : 324.0 Ko

DRIVER  : C:\Windows\system32\drivers\nsiproxy.sys => Invisible on the disk
ADDRESS : 0x04464000
SIZE    : 48.0 Ko

DRIVER  : C:\Windows\system32\drivers\mssmbios.sys => Invisible on the disk
ADDRESS : 0x04470000
SIZE    : 44.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\smiifx64.sys => Invisible on the disk
ADDRESS : 0x0447B000
SIZE    : 28.0 Ko

DRIVER  : C:\Windows\System32\drivers\discache.sys => Invisible on the disk
ADDRESS : 0x04482000
SIZE    : 60.0 Ko

DRIVER  : C:\Windows\system32\drivers\csc.sys => Invisible on the disk
ADDRESS : 0x02E04000
SIZE    : 524.0 Ko

DRIVER  : C:\Windows\System32\Drivers\dfsc.sys => Invisible on the disk
ADDRESS : 0x02E87000
SIZE    : 120.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\blbdrive.sys => Invisible on the disk
ADDRESS : 0x02EA5000
SIZE    : 68.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\tunnel.sys => Invisible on the disk
ADDRESS : 0x02EB6000
SIZE    : 152.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\intelppm.sys => Invisible on the disk
ADDRESS : 0x02EDC000
SIZE    : 88.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\igdkmd64.sys => Invisible on the disk
ADDRESS : 0x04A4D000
SIZE    : 11.69 Mo

DRIVER  : C:\Windows\System32\drivers\dxgkrnl.sys => Invisible on the disk
ADDRESS : 0x02EF2000
SIZE    : 976.0 Ko

DRIVER  : C:\Windows\System32\drivers\dxgmms1.sys => Invisible on the disk
ADDRESS : 0x04A00000
SIZE    : 280.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\HECIx64.sys => Invisible on the disk
ADDRESS : 0x02FE6000
SIZE    : 68.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\serenum.sys => Invisible on the disk
ADDRESS : 0x04491000
SIZE    : 48.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\e1c62x64.sys => Invisible on the disk
ADDRESS : 0x045B0000
SIZE    : 320.0 Ko

DRIVER  : C:\Windows\system32\drivers\usbehci.sys => Invisible on the disk
ADDRESS : 0x0449D000
SIZE    : 68.0 Ko

DRIVER  : C:\Windows\system32\drivers\USBPORT.SYS => Invisible on the disk
ADDRESS : 0x058AC000
SIZE    : 344.0 Ko

DRIVER  : C:\Windows\system32\drivers\HDAudBus.sys => Invisible on the disk
ADDRESS : 0x05902000
SIZE    : 144.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\NETwNs64.sys => Invisible on the disk
ADDRESS : 0x05A9B000
SIZE    : 8.42 Mo

DRIVER  : C:\Windows\system32\DRIVERS\vwifibus.sys => Invisible on the disk
ADDRESS : 0x06306000
SIZE    : 52.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\risdxc64.sys => Invisible on the disk
ADDRESS : 0x06313000
SIZE    : 120.0 Ko

DRIVER  : C:\Windows\system32\drivers\i8042prt.sys => Invisible on the disk
ADDRESS : 0x0636F000
SIZE    : 120.0 Ko

DRIVER  : C:\Windows\system32\drivers\kbdclass.sys => Invisible on the disk
ADDRESS : 0x0638D000
SIZE    : 60.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\SynTP.sys => Invisible on the disk
ADDRESS : 0x068A3000
SIZE    : 1.36 Mo

DRIVER  : C:\Windows\system32\DRIVERS\USBD.SYS => Invisible on the disk
ADDRESS : 0x06800000
SIZE    : 8.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\mouclass.sys => Invisible on the disk
ADDRESS : 0x06802000
SIZE    : 60.0 Ko

DRIVER  : C:\Windows\system32\drivers\tpm.sys => Invisible on the disk
ADDRESS : 0x06811000
SIZE    : 60.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\CmBatt.sys => Invisible on the disk
ADDRESS : 0x06820000
SIZE    : 20.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\ibmpmdrv.sys => Invisible on the disk
ADDRESS : 0x06825000
SIZE    : 52.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\GEARAspiWDM.sys => Invisible on the disk
ADDRESS : 0x06832000
SIZE    : 52.0 Ko

DRIVER  : C:\Windows\system32\drivers\wmiacpi.sys => Invisible on the disk
ADDRESS : 0x0683F000
SIZE    : 36.0 Ko

DRIVER  : C:\Windows\system32\drivers\CompositeBus.sys => Invisible on the disk
ADDRESS : 0x06848000
SIZE    : 64.0 Ko

DRIVER  : C:\Windows\system32\drivers\tbhsd.sys => Invisible on the disk
ADDRESS : 0x06858000
SIZE    : 64.0 Ko

DRIVER  : C:\Windows\system32\drivers\portcls.sys => Invisible on the disk
ADDRESS : 0x0639C000
SIZE    : 244.0 Ko

DRIVER  : C:\Windows\system32\drivers\drmk.sys => Invisible on the disk
ADDRESS : 0x06868000
SIZE    : 136.0 Ko

DRIVER  : C:\Windows\system32\drivers\ks.sys => Invisible on the disk
ADDRESS : 0x05A00000
SIZE    : 268.0 Ko

DRIVER  : C:\Windows\system32\drivers\ksthunk.sys => Invisible on the disk
ADDRESS : 0x0688A000
SIZE    : 24.0 Ko

DRIVER  : C:\Windows\System32\Drivers\RootMdm.sys => Invisible on the disk
ADDRESS : 0x06890000
SIZE    : 32.0 Ko

DRIVER  : C:\Windows\system32\drivers\modem.sys => Invisible on the disk
ADDRESS : 0x05A43000
SIZE    : 60.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\AgileVpn.sys => Invisible on the disk
ADDRESS : 0x05A52000
SIZE    : 88.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\rasl2tp.sys => Invisible on the disk
ADDRESS : 0x05A68000
SIZE    : 144.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\ndistapi.sys => Invisible on the disk
ADDRESS : 0x05A8C000
SIZE    : 48.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\ndiswan.sys => Invisible on the disk
ADDRESS : 0x05926000
SIZE    : 188.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\raspppoe.sys => Invisible on the disk
ADDRESS : 0x063D9000
SIZE    : 108.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\raspptp.sys => Invisible on the disk
ADDRESS : 0x05955000
SIZE    : 132.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\rassstp.sys => Invisible on the disk
ADDRESS : 0x05976000
SIZE    : 104.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\RimSerial_AMD64.sys => Invisible on the disk
ADDRESS : 0x05990000
SIZE    : 72.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\rdpbus.sys => Invisible on the disk
ADDRESS : 0x06898000
SIZE    : 44.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\rrnetcap.sys => Invisible on the disk
ADDRESS : 0x063F4000
SIZE    : 48.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\psadd.sys => Invisible on the disk
ADDRESS : 0x059A2000
SIZE    : 56.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\Tvti2c.sys => Invisible on the disk
ADDRESS : 0x059B0000
SIZE    : 56.0 Ko

DRIVER  : C:\Windows\system32\drivers\swenum.sys => Invisible on the disk
ADDRESS : 0x05A98000
SIZE    : 8.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\umbus.sys => Invisible on the disk
ADDRESS : 0x059BE000
SIZE    : 72.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\usbhub.sys => Invisible on the disk
ADDRESS : 0x05800000
SIZE    : 360.0 Ko

DRIVER  : C:\Windows\System32\Drivers\NDProxy.SYS => Invisible on the disk
ADDRESS : 0x0585A000
SIZE    : 84.0 Ko

DRIVER  : C:\Windows\system32\drivers\CHDRT64.sys => Invisible on the disk
ADDRESS : 0x0823E000
SIZE    : 1.56 Mo

DRIVER  : C:\Windows\system32\DRIVERS\IntcDAud.sys => Invisible on the disk
ADDRESS : 0x08400000
SIZE    : 332.0 Ko

DRIVER  : C:\Windows\System32\win32k.sys => Invisible on the disk
ADDRESS : 0x000E0000
SIZE    : 3.08 Mo

DRIVER  : C:\Windows\System32\drivers\Dxapi.sys => Invisible on the disk
ADDRESS : 0x08453000
SIZE    : 48.0 Ko

DRIVER  : C:\Windows\System32\Drivers\crashdmp.sys => Invisible on the disk
ADDRESS : 0x0845F000
SIZE    : 56.0 Ko

DRIVER  : C:\Windows\System32\Drivers\dump_iaStor.sys => Invisible on the disk
ADDRESS : 0x0846D000
SIZE    : 1.33 Mo

DRIVER  : C:\Windows\System32\Drivers\dump_dumpfve.sys => Invisible on the disk
ADDRESS : 0x085C1000
SIZE    : 76.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\usbccgp.sys => Invisible on the disk
ADDRESS : 0x085D4000
SIZE    : 116.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\hidusb.sys => Invisible on the disk
ADDRESS : 0x085F1000
SIZE    : 56.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\HIDCLASS.SYS => Invisible on the disk
ADDRESS : 0x08200000
SIZE    : 100.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\HIDPARSE.SYS => Invisible on the disk
ADDRESS : 0x08219000
SIZE    : 36.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\5U877.sys => Invisible on the disk
ADDRESS : 0x083CE000
SIZE    : 164.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\STREAM.SYS => Invisible on the disk
ADDRESS : 0x08222000
SIZE    : 68.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\ElcMouLFlt.sys => Invisible on the disk
ADDRESS : 0x08233000
SIZE    : 44.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\mouhid.sys => Invisible on the disk
ADDRESS : 0x0586F000
SIZE    : 52.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\ElcMouUFlt.sys => Invisible on the disk
ADDRESS : 0x0587C000
SIZE    : 44.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\monitor.sys => Invisible on the disk
ADDRESS : 0x05887000
SIZE    : 56.0 Ko

DRIVER  : C:\Windows\System32\TSDDD.dll => Invisible on the disk
ADDRESS : 0x00540000
SIZE    : 40.0 Ko

DRIVER  : C:\Windows\System32\cdd.dll => Invisible on the disk
ADDRESS : 0x00680000
SIZE    : 156.0 Ko

DRIVER  : C:\Windows\system32\drivers\luafv.sys => Invisible on the disk
ADDRESS : 0x059D0000
SIZE    : 140.0 Ko

DRIVER  : C:\Windows\system32\drivers\mbam.sys => Invisible on the disk
ADDRESS : 0x059F3000
SIZE    : 40.0 Ko

DRIVER  : C:\Windows\system32\drivers\WudfPf.sys => Invisible on the disk
ADDRESS : 0x04081000
SIZE    : 132.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\WinUSB.sys => Invisible on the disk
ADDRESS : 0x06331000
SIZE    : 68.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\WUDFRd.sys => Invisible on the disk
ADDRESS : 0x040A2000
SIZE    : 196.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\lltdio.sys => Invisible on the disk
ADDRESS : 0x06342000
SIZE    : 84.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\nwifi.sys => Invisible on the disk
ADDRESS : 0x040D3000
SIZE    : 332.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\ndisuio.sys => Invisible on the disk
ADDRESS : 0x06357000
SIZE    : 76.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\rspndr.sys => Invisible on the disk
ADDRESS : 0x04126000
SIZE    : 96.0 Ko

DRIVER  : C:\Windows\system32\drivers\HTTP.sys => Invisible on the disk
ADDRESS : 0x03CAF000
SIZE    : 804.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\bowser.sys => Invisible on the disk
ADDRESS : 0x03D78000
SIZE    : 120.0 Ko

DRIVER  : C:\Windows\System32\drivers\mpsdrv.sys => Invisible on the disk
ADDRESS : 0x03D96000
SIZE    : 96.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\mrxsmb.sys => Invisible on the disk
ADDRESS : 0x03DAE000
SIZE    : 180.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\mrxsmb10.sys => Invisible on the disk
ADDRESS : 0x03C00000
SIZE    : 312.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\mrxsmb20.sys => Invisible on the disk
ADDRESS : 0x03C4E000
SIZE    : 144.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\NisDrvWFP.sys => Invisible on the disk
ADDRESS : 0x03C72000
SIZE    : 132.0 Ko

DRIVER  : C:\Windows\system32\drivers\peauth.sys => Invisible on the disk
ADDRESS : 0x0413E000
SIZE    : 664.0 Ko

DRIVER  : C:\Windows\System32\Drivers\secdrv.SYS => Invisible on the disk
ADDRESS : 0x03C93000
SIZE    : 44.0 Ko

DRIVER  : C:\Windows\System32\DRIVERS\srvnet.sys => Invisible on the disk
ADDRESS : 0x011C9000
SIZE    : 196.0 Ko

DRIVER  : C:\Windows\System32\drivers\tcpipreg.sys => Invisible on the disk
ADDRESS : 0x03DDB000
SIZE    : 72.0 Ko

DRIVER  : C:\Windows\System32\DRIVERS\srv2.sys => Invisible on the disk
ADDRESS : 0x08020000
SIZE    : 420.0 Ko

DRIVER  : C:\Windows\System32\DRIVERS\srv.sys => Invisible on the disk
ADDRESS : 0x08089000
SIZE    : 608.0 Ko

DRIVER  : C:\Windows\System32\smss.exe => Invisible on the disk
ADDRESS : 0x47720000
SIZE    : 128.0 Ko

BCD EmsSettings {0CE4991B-E6B3-4B16-B23C-5E0D9250E5D9} => BcdLibraryBoolean_EmsEnabled (16000020)

SystemStartOptions :  NOEXECUTE=OPTIN

________________________________________________________________________________

_______MBR   \Device\Harddisk0\DR0  

0x00000000   EB 0E 0A 00 04 00 C0 09 00 00 00 00 00 00 4E 50   ë.....À.......NP
0x00000010   FA 33 C0 BC 00 66 8E D0 50 07 50 1F FB FC BE 09   ú3À¼.f.ÐP.P.ûü¾.
0x00000020   00 89 14 BF 00 08 BE 00 7C B9 00 01 F3 A5 50 BF   ...¿..¾.|¹..ó¥P¿
0x00000030   34 08 57 CB BB 00 06 BE 02 08 0F B6 0C B8 01 02   4.WË»..¾...¶.¸..
0x00000040   BA 80 00 CD 13 BA 05 00 BF 00 06 B9 00 02 E8 24   º..Í.º..¿..¹..è$
0x00000050   01 B9 05 00 BB 00 12 BE 00 06 03 F1 E8 FF 00 EB   .¹..»..¾...ñè..ë
0x00000060   0A B3 01 BE A7 12 88 1C E9 89 00 E8 2D 00 3C 01   .³.¾§...é..è-.<.
0x00000070   74 EF E8 52 00 3C 01 74 E8 BA 04 00 BF 00 0A B9   tïèR.<.tèº..¿..¹
0x00000080   A7 08 E8 F0 00 E8 35 05 E9 88 01 BE 05 08 0A 04   §.èð.è5.é..¾....
0x00000090   88 04 B1 01 BB 00 08 E8 B9 00 C3 BE 00 06 E8 17   ..±.»..è¹.þ..è.
0x000000A0   00 BE 23 06 80 3C 00 74 0C 3C 00 74 08 B0 02 E8   .¾#..<.t.<.t.°.è
0x000000B0   D9 FF B0 01 C3 B0 00 C3 B9 00 02 4E 32 C0 8B D9   Ù.°.ð.ù..N2À.Ù
0x000000C0   8A 10 32 C2 E2 F8 C3 B9 05 00 51 B8 00 02 F7 E1   ..2Ââøù..Q¸..÷á
0x000000D0   05 00 08 8B F0 E8 E0 FF 5E 56 0F B6 8C 05 06 E3   ....ðèà.^V.¶...ã
0x000000E0   04 38 C1 75 06 59 E2 E2 B0 00 C3 59 B0 01 E8 9A   .8Áu.Yââ°.ÃY°.è.
0x000000F0   FF B0 01 C3 BE 07 08 0F B6 0C B8 01 02 BB 00 7C   .°.þ...¶.¸..».|
0x00000100   BA 80 00 CD 13 BE 00 7C E8 AD FF BE 06 08 0F B6   º..Í.¾.|è­.¾...¶
0x00000110   0C E3 1C 38 C1 74 18 B0 04 E8 6F FF BE AF 07 E8   .ã.8Át.°.èo.¾¯.è
0x00000120   8C 02 BE A7 12 80 3C 01 74 03 E8 0A 01 CD 18 BE   ..¾§..<.t.è..Í.¾
0x00000130   BE 09 BF BE 7D B9 20 00 F3 A5 BA 04 00 BF 00 7C   ¾.¿¾}¹ .ó¥º..¿.|
0x00000140   B9 BE 01 E8 2F 00 BE 09 00 8B 14 33 C0 50 BF 00   ¹¾.è/.¾....3ÀP¿.
0x00000150   7C 57 CB 32 ED B8 01 03 BA 80 00 CD 13 C3 51 4E   |WË2í¸..º..Í.ÃQN
0x00000160   0F B6 0C E3 08 B8 01 02 BA 80 00 CD 13 81 EB 00   .¶.ã.¸..º..Í..ë.
0x00000170   02 59 E2 EA C3 52 57 51 B8 00 BB CD 1A 72 2B 66   .YâêÃRWQ¸.»Í.r+f
0x00000180   83 F8 00 75 25 81 F9 02 01 7C 1F 66 81 FB 54 43   .ø.u%.ù..|.f.ûTC
0x00000190   50 41 75 16 33 C0 8E C0 66 33 F6 B8 07 BB 66 33   PAu.3À.Àf3ö¸.»f3
0x000001A0   C9 66 33 D2 59 5F 5A CD 1A C3 59 5F 5A C3 00 00   Éf3ÒY_ZÍ.ÃY_ZÃ..
0x000001B0   6D 00 00 00 00 62 7A 99 50 4A 3A A1 00 00 80 20   m....bz.PJ:¡... 
0x000001C0   21 00 07 1B 02 99 00 08 00 00 00 80 25 00 00 1B   !...........%...
0x000001D0   03 99 07 FE FF FF 00 88 25 00 F8 4F DA 38 00 FE   ...þ....%.øOÚ8.þ
0x000001E0   FF FF 07 FE FF FF 00 D8 FF 38 00 80 38 01 00 00   ...þ...Ø.8..8...
0x000001F0   00 00 00 00 00 00 00 00 00 00 00 00 00 00 55 AA   ..............Uª

Link to post
Share on other sites
Guest
This topic is now closed to further replies.
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.