cedrill

Good evening! I will follow your last recommendations. Thanks a lot for all your helps, that was very helpful.

<p>Hello,</p> <p>Now, everything is up to date I think.</p> <p> </p> <p> </p> <p> </p> <div> Results of screen317's Security Check version 0.99.54 </div> <div> Windows 7 Service Pack 1 x64 (UAC is enabled) </div> <div> Internet Explorer 9 </div> <div>``````````````Antivirus/Firewall Check:`````````````` </div> <div> Windows Firewall Enabled! </div> <div>Microsoft Security Essentials </div> <div> Antivirus up to date! </div> <div>`````````Anti-malware/Other Utilities Check:````````` </div> <div> Malwarebytes Anti-Malware version 1.65.1.1000 </div> <div> Adobe Flash Player 11.5.502.110 </div> <div>````````Process Check: objlist.exe by Laurent```````` </div> <div> Microsoft Security Essentials MSMpEng.exe </div> <div> Microsoft Security Essentials msseces.exe </div> <div>`````````````````System Health check````````````````` </div> <div> Total Fragmentation on Drive C: 0% </div> <div>````````````````````End of Log`````````````````````` </div> <br />

Hello, Thanks for the advice, I'll reinstall chrome and flash. Bellow the log. Cédric, Results of screen317's Security Check version 0.99.54 Windows 7 Service Pack 1 x64 (UAC is enabled) Internet Explorer 8 Out of date! ``````````````Antivirus/Firewall Check:`````````````` Windows Firewall Enabled! Microsoft Security Essentials Antivirus up to date! `````````Anti-malware/Other Utilities Check:````````` Malwarebytes Anti-Malware version 1.65.1.1000 Java 6 Update 37 Java version out of Date! Adobe Flash Player 11.5.502.110 Adobe Reader 9 Adobe Reader out of Date! ````````Process Check: objlist.exe by Laurent```````` Microsoft Security Essentials MSMpEng.exe Microsoft Security Essentials msseces.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: 1% ````````````````````End of Log``````````````````````

Hello, Sorry for late answer, I was in week end. Difficult to say. Sometime, when I read a video on you tube, video stops few seconds before the end. Sometime chromium crash, but it's infrequent. Except that, nothing special. Cédric,

Hello, Here are the logs. I hope it s ok now RogueKiller V8.2.3 [07/11/2012] by Tigzy mail: tigzyRK<at>gmail<dot>com Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/ Website: http://tigzy.geekstogo.com/roguekiller.php Blog: http://tigzyrk.blogspot.com Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version Started in : Normal mode User : Cedric [Admin rights] Mode : Remove -- Date : 16/11/2012 23:53:11 ¤¤¤ Bad processes : 0 ¤¤¤ ¤¤¤ Registry Entries : 0 ¤¤¤ ¤¤¤ Particular Files / Folders: ¤¤¤ ¤¤¤ Driver : [NOT LOADED] ¤¤¤ ¤¤¤ HOSTS File: ¤¤¤ --> C:\Windows\system32\drivers\etc\hosts 127.0.0.1 localhost ¤¤¤ MBR Check: ¤¤¤ +++++ PhysicalDrive0: ST9500420AS +++++ --- User --- [MBR] 6dfa341d7918dd07785e7847f1a410d7 [bSP] 5ff6e46df53fa96bb1401dd65357b79f : Lenovo tatooed MBR Code Partition table: 0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 1200 Mo 1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 2459648 | Size: 465737 Mo 2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 956291072 | Size: 10000 Mo User = LL1 ... OK! User = LL2 ... OK! Finished : << RKreport[19]_D_16112012_235311.txt >> RKreport[10].txt ; RKreport[11]_S_08112012_072611.txt ; RKreport[12]_S_08112012_164701.txt ; RKreport[13]_D_08112012_164710.txt ; RKreport[14]_D_08112012_164718.txt ; RKreport[15]_S_08112012_165543.txt ; RKreport[16]_D_08112012_165548.txt ; RKreport[17]_D_08112012_170749.txt ; RKreport[18]_S_16112012_235258.txt ; RKreport[19]_D_16112012_235311.txt ; RKreport[1].txt ; RKreport[2].txt ; RKreport[3].txt ; RKreport[4].txt ; RKreport[5].txt ; RKreport[6].txt ; RKreport[7].txt ; RKreport[8].txt ; RKreport[9].txt Malwarebytes Anti-Malware 1.65.1.1000 www.malwarebytes.org Version de la base de données: v2012.11.16.06 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 8.0.7601.17514 Cedric :: CEDRIC-THINK [administrateur] 16/11/2012 14:11:00 mbam-log-2012-11-16 (14-11-00).txt Type d'examen: Examen complet (C:\|Q:\|) Options d'examen activées: Mémoire | Démarrage | Registre | Système de fichiers | Heuristique/Extra | Heuristique/Shuriken | PUP | PUM Options d'examen désactivées: P2P Elément(s) analysé(s): 643721 Temps écoulé: 2 heure(s), 20 minute(s), 21 seconde(s) Processus mémoire détecté(s): 0 (Aucun élément nuisible détecté) Module(s) mémoire détecté(s): 0 (Aucun élément nuisible détecté) Clé(s) du Registre détectée(s): 0 (Aucun élément nuisible détecté) Valeur(s) du Registre détectée(s): 0 (Aucun élément nuisible détecté) Elément(s) de données du Registre détecté(s): 0 (Aucun élément nuisible détecté) Dossier(s) détecté(s): 0 (Aucun élément nuisible détecté) Fichier(s) détecté(s): 4 C:\Users\Cedric\Documents\FOTOS Et MUSICA\TAFF TAFF 2 2012-01-18 01;00;20\NSN Paris project\Back up 2008 08\USERINF\nla\NLAliczkowsc6fb\LegacyScript\isadmin.exe (Rogue.SecurityScan) -> Mis en quarantaine et supprimé avec succès. C:\Users\Cedric\Documents\FOTOS Et MUSICA\TAFF TAFF 2 2012-01-18 01;00;20\NSN Paris project\back up 2008 10\USERINF\nla\NLAliczkowsc6fb\LegacyScript\isadmin.exe (Rogue.SecurityScan) -> Mis en quarantaine et supprimé avec succès. C:\Users\Cedric\Documents\TAFF TAFF 2\NSN Paris project\Back up 2008 08\USERINF\nla\NLAliczkowsc6fb\LegacyScript\isadmin.exe (Rogue.SecurityScan) -> Mis en quarantaine et supprimé avec succès. C:\Users\Cedric\Documents\TAFF TAFF 2\NSN Paris project\back up 2008 10\USERINF\nla\NLAliczkowsc6fb\LegacyScript\isadmin.exe (Rogue.SecurityScan) -> Mis en quarantaine et supprimé avec succès. (fin)

Hello, Do you mean this IP is not dangerous any more? Cool! But bad new, I ran a scan again and it found something. Am I really unlucky? Must I delete this isadmin.exe ? Thanks again Cédric Malwarebytes Anti-Malware 1.65.1.1000 www.malwarebytes.org Version de la base de données: v2012.11.16.06 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 8.0.7601.17514 Cedric :: CEDRIC-THINK [administrateur] 16/11/2012 14:11:00 mbam-log-2012-11-16 (16-33-04).txt Type d'examen: Examen complet (C:\|Q:\|) Options d'examen activées: Mémoire | Démarrage | Registre | Système de fichiers | Heuristique/Extra | Heuristique/Shuriken | PUP | PUM Options d'examen désactivées: P2P Elément(s) analysé(s): 643721 Temps écoulé: 2 heure(s), 20 minute(s), 21 seconde(s) Processus mémoire détecté(s): 0 (Aucun élément nuisible détecté) Module(s) mémoire détecté(s): 0 (Aucun élément nuisible détecté) Clé(s) du Registre détectée(s): 0 (Aucun élément nuisible détecté) Valeur(s) du Registre détectée(s): 0 (Aucun élément nuisible détecté) Elément(s) de données du Registre détecté(s): 0 (Aucun élément nuisible détecté) Dossier(s) détecté(s): 0 (Aucun élément nuisible détecté) Fichier(s) détecté(s): 4 C:\Users\Cedric\Documents\FOTOS Et MUSICA\TAFF TAFF 2 2012-01-18 01;00;20\NSN Paris project\Back up 2008 08\USERINF\nla\NLAliczkowsc6fb\LegacyScript\isadmin.exe (Rogue.SecurityScan) -> Aucune action effectuée. C:\Users\Cedric\Documents\FOTOS Et MUSICA\TAFF TAFF 2 2012-01-18 01;00;20\NSN Paris project\back up 2008 10\USERINF\nla\NLAliczkowsc6fb\LegacyScript\isadmin.exe (Rogue.SecurityScan) -> Aucune action effectuée. C:\Users\Cedric\Documents\TAFF TAFF 2\NSN Paris project\Back up 2008 08\USERINF\nla\NLAliczkowsc6fb\LegacyScript\isadmin.exe (Rogue.SecurityScan) -> Aucune action effectuée. C:\Users\Cedric\Documents\TAFF TAFF 2\NSN Paris project\back up 2008 10\USERINF\nla\NLAliczkowsc6fb\LegacyScript\isadmin.exe (Rogue.SecurityScan) -> Aucune action effectuée. (fin)

Hello, Yes, I tried to change my hotmail password. Something strange is the message appears only with one of my two hotmail accounts. Do you think it could be a bug? Bellow, the log file. 2012/11/08 00:20:19 +0100 CEDRIC-THINK Cedric IP-BLOCK 46.17.97.109 (Type: outgoing, Port: 50538, Process: chrome.exe) 2012/11/08 01:02:42 +0100 CEDRIC-THINK Cedric IP-BLOCK 46.17.97.109 (Type: outgoing, Port: 51113, Process: chrome.exe) 2012/11/08 07:28:35 +0100 CEDRIC-THINK Cedric IP-BLOCK 46.17.97.109 (Type: outgoing, Port: 51681, Process: chrome.exe) 2012/11/08 16:45:04 +0100 CEDRIC-THINK Cedric IP-BLOCK 46.17.97.109 (Type: outgoing, Port: 52147, Process: chrome.exe) 2012/11/08 16:48:16 +0100 CEDRIC-THINK Cedric IP-BLOCK 46.17.97.109 (Type: outgoing, Port: 52323, Process: chrome.exe) 2012/11/08 16:54:43 +0100 CEDRIC-THINK Cedric IP-BLOCK 46.17.97.109 (Type: outgoing, Port: 52472, Process: chrome.exe) 2012/11/08 17:02:36 +0100 CEDRIC-THINK Cedric IP-BLOCK 46.17.97.109 (Type: outgoing, Port: 52645, Process: chrome.exe) 2012/11/08 17:42:12 +0100 CEDRIC-THINK Cedric MESSAGE Stopping protection 2012/11/08 17:42:12 +0100 CEDRIC-THINK Cedric MESSAGE Protection stopped successfully 2012/11/08 17:42:12 +0100 CEDRIC-THINK Cedric MESSAGE Stopping IP protection 2012/11/08 17:42:12 +0100 CEDRIC-THINK Cedric MESSAGE IP Protection stopped successfully 2012/11/08 17:42:35 +0100 CEDRIC-THINK Cedric MESSAGE Protection stopped

Hello, I ran again the MBAM and nothing was found (report bellow). Then, how can I be sure there is no redirecting to Russian IP now? Thanks again for your time. Malwarebytes Anti-Malware 1.65.1.1000 www.malwarebytes.org Version de la base de données: v2012.11.13.04 Windows 7 Service Pack 1 x64 NTFS (Mode sans échec) Internet Explorer 8.0.7601.17514 Cedric :: CEDRIC-THINK [administrateur] 13/11/2012 14:43:53 mbam-log-2012-11-13 (14-43-53).txt Type d'examen: Examen complet (C:\|Q:\|) Options d'examen activées: Mémoire | Démarrage | Registre | Système de fichiers | Heuristique/Extra | Heuristique/Shuriken | PUP | PUM Options d'examen désactivées: P2P Elément(s) analysé(s): 640841 Temps écoulé: 1 heure(s), 46 minute(s), 49 seconde(s) Processus mémoire détecté(s): 0 (Aucun élément nuisible détecté) Module(s) mémoire détecté(s): 0 (Aucun élément nuisible détecté) Clé(s) du Registre détectée(s): 0 (Aucun élément nuisible détecté) Valeur(s) du Registre détectée(s): 0 (Aucun élément nuisible détecté) Elément(s) de données du Registre détecté(s): 0 (Aucun élément nuisible détecté) Dossier(s) détecté(s): 0 (Aucun élément nuisible détecté) Fichier(s) détecté(s): 0 (Aucun élément nuisible détecté) (fin)

Good morning, Yes, that s very strange. Nothing was found but when I connected to hotmail I had a MBAM message telling me it blocked an IP adresse to russian. Now, my MBAM trial version expired. As the free version doesn't have automatic web site protection, I don't have the message anymore. Then, I'm a bit confused.

Nothing found!

Hello, Nop, it was not ticked. Should I run anto-rootkit any way?

Hello, No, sorry, I didn't see any IP list in Internet property windows. What should I looking for? In Internet property / LAN setting, I found: Use a proxy server for your LAN Should I tick this box?

Hello, I use chomium and I have the following message: Chromium is using your computer's system proxy settings to connect to the network. Should I change that? The hosts files only contains: 127.0.0.1 localhost

Hello, Here is the log roguekiller. By mistake I did DELETE twice. The report is after the second one. I couldn't see 46.17.97.109 in TCPView list. I tried to connect and disconnect my hotmail account. Impossible to see this IP in the list but the message still appears in Malwarebyte ! Any idea? Thanks Cédric RogueKiller V8.2.3 [07/11/2012] by Tigzy mail: tigzyRK<at>gmail<dot>com Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/ Website: http://tigzy.geekstogo.com/roguekiller.php Blog: http://tigzyrk.blogspot.com Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version Started in : Normal mode User : Cedric [Admin rights] Mode : Remove -- Date : 08/11/2012 16:47:18 ¤¤¤ Bad processes : 2 ¤¤¤ [RESIDUE] GoogleUpdate.exe -- C:\Users\Cedric\AppData\Local\Google\Update\GoogleUpdate.exe -> KILLED [TermProc] [RESIDUE] FacebookUpdate.exe -- C:\Users\Cedric\AppData\Local\Facebook\Update\FacebookUpdate.exe -> KILLED [TermProc] ¤¤¤ Registry Entries : 0 ¤¤¤ ¤¤¤ Particular Files / Folders: ¤¤¤ ¤¤¤ Driver : [NOT LOADED] ¤¤¤ ¤¤¤ HOSTS File: ¤¤¤ --> C:\Windows\system32\drivers\etc\hosts 127.0.0.1 localhost ¤¤¤ MBR Check: ¤¤¤ +++++ PhysicalDrive0: ST9500420AS +++++ --- User --- [MBR] 6dfa341d7918dd07785e7847f1a410d7 [bSP] 5ff6e46df53fa96bb1401dd65357b79f : Lenovo tatooed MBR Code Partition table: 0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 1200 Mo 1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 2459648 | Size: 465737 Mo 2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 956291072 | Size: 10000 Mo User = LL1 ... OK! User = LL2 ... OK! Finished : << RKreport[14]_D_08112012_164718.txt >> RKreport[10].txt ; RKreport[11]_S_08112012_072611.txt ; RKreport[12]_S_08112012_164701.txt ; RKreport[13]_D_08112012_164710.txt ; RKreport[14]_D_08112012_164718.txt ; RKreport[1].txt ; RKreport[2].txt ; RKreport[3].txt ; RKreport[4].txt ; RKreport[5].txt ; RKreport[6].txt ; RKreport[7].txt ; RKreport[8].txt ; RKreport[9].txt

Hey! It gave me that: RogueKiller V8.2.3 [07/11/2012] by Tigzy mail: tigzyRK<at>gmail<dot>com Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/ Website: http://tigzy.geekstogo.com/roguekiller.php Blog: http://tigzyrk.blogspot.com Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version Started in : Normal mode User : Cedric [Admin rights] Mode : Scan -- Date : 08/11/2012 07:26:11 ¤¤¤ Bad processes : 0 ¤¤¤ ¤¤¤ Registry Entries : 10 ¤¤¤ [TASK][sUSP PATH] GoogleUpdateTaskUserS-1-5-21-3945560438-835355012-1364033068-1000UA.job : C:\Users\Cedric\AppData\Local\Google\Update\GoogleUpdate.exe -> FOUND [TASK][sUSP PATH] GoogleUpdateTaskUserS-1-5-21-3945560438-835355012-1364033068-1000Core.job : C:\Users\Cedric\AppData\Local\Google\Update\GoogleUpdate.exe -> FOUND [TASK][sUSP PATH] FacebookUpdateTaskUserS-1-5-21-3945560438-835355012-1364033068-1000UA.job : C:\Users\Cedric\AppData\Local\Facebook\Update\FacebookUpdate.exe -> FOUND [TASK][sUSP PATH] FacebookUpdateTaskUserS-1-5-21-3945560438-835355012-1364033068-1000Core.job : C:\Users\Cedric\AppData\Local\Facebook\Update\FacebookUpdate.exe -> FOUND [TASK][sUSP PATH] FacebookUpdateTaskUserS-1-5-21-3945560438-835355012-1364033068-1000Core : C:\Users\Cedric\AppData\Local\Facebook\Update\FacebookUpdate.exe /c /nocrashserver -> FOUND [TASK][sUSP PATH] FacebookUpdateTaskUserS-1-5-21-3945560438-835355012-1364033068-1000UA : C:\Users\Cedric\AppData\Local\Facebook\Update\FacebookUpdate.exe /ua /installsource scheduler -> FOUND [TASK][sUSP PATH] GoogleUpdateTaskUserS-1-5-21-3945560438-835355012-1364033068-1000Core : C:\Users\Cedric\AppData\Local\Google\Update\GoogleUpdate.exe /c -> FOUND [TASK][sUSP PATH] GoogleUpdateTaskUserS-1-5-21-3945560438-835355012-1364033068-1000UA : C:\Users\Cedric\AppData\Local\Google\Update\GoogleUpdate.exe /ua /installsource scheduler -> FOUND [HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> FOUND [HJPOL] HKLM\[...]\Wow6432Node\System : DisableRegistryTools (0) -> FOUND ¤¤¤ Particular Files / Folders: ¤¤¤ ¤¤¤ Driver : [NOT LOADED] ¤¤¤ ¤¤¤ HOSTS File: ¤¤¤ --> C:\Windows\system32\drivers\etc\hosts 127.0.0.1 localhost ¤¤¤ MBR Check: ¤¤¤ +++++ PhysicalDrive0: ST9500420AS +++++ --- User --- [MBR] 6dfa341d7918dd07785e7847f1a410d7 [bSP] 5ff6e46df53fa96bb1401dd65357b79f : Lenovo tatooed MBR Code Partition table: 0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 1200 Mo 1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 2459648 | Size: 465737 Mo 2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 956291072 | Size: 10000 Mo User = LL1 ... OK! User = LL2 ... OK! Finished : << RKreport[11]_S_08112012_072611.txt >> RKreport[10].txt ; RKreport[11]_S_08112012_072611.txt ; RKreport[1].txt ; RKreport[2].txt ; RKreport[3].txt ; RKreport[4].txt ; RKreport[5].txt ; RKreport[6].txt ; RKreport[7].txt ; RKreport[8].txt ; RKreport[9].txt