cedrill
Honorary Members-
Posts
31 -
Joined
-
Last visited
Reputation
0 Neutral-
hotmail redirection to russian IP 46.17.97.109
cedrill replied to cedrill's topic in Resolved Malware Removal Logs
Good evening! I will follow your last recommendations. Thanks a lot for all your helps, that was very helpful. -
hotmail redirection to russian IP 46.17.97.109
cedrill replied to cedrill's topic in Resolved Malware Removal Logs
<p>Hello,</p> <p>Now, everything is up to date I think.</p> <p> </p> <p> </p> <p> </p> <div> Results of screen317's Security Check version 0.99.54 </div> <div> Windows 7 Service Pack 1 x64 (UAC is enabled) </div> <div> Internet Explorer 9 </div> <div>``````````````Antivirus/Firewall Check:`````````````` </div> <div> Windows Firewall Enabled! </div> <div>Microsoft Security Essentials </div> <div> Antivirus up to date! </div> <div>`````````Anti-malware/Other Utilities Check:````````` </div> <div> Malwarebytes Anti-Malware version 1.65.1.1000 </div> <div> Adobe Flash Player 11.5.502.110 </div> <div>````````Process Check: objlist.exe by Laurent```````` </div> <div> Microsoft Security Essentials MSMpEng.exe </div> <div> Microsoft Security Essentials msseces.exe </div> <div>`````````````````System Health check````````````````` </div> <div> Total Fragmentation on Drive C: 0% </div> <div>````````````````````End of Log`````````````````````` </div> <br /> -
hotmail redirection to russian IP 46.17.97.109
cedrill replied to cedrill's topic in Resolved Malware Removal Logs
Hello, Thanks for the advice, I'll reinstall chrome and flash. Bellow the log. Cédric, Results of screen317's Security Check version 0.99.54 Windows 7 Service Pack 1 x64 (UAC is enabled) Internet Explorer 8 Out of date! ``````````````Antivirus/Firewall Check:`````````````` Windows Firewall Enabled! Microsoft Security Essentials Antivirus up to date! `````````Anti-malware/Other Utilities Check:````````` Malwarebytes Anti-Malware version 1.65.1.1000 Java 6 Update 37 Java version out of Date! Adobe Flash Player 11.5.502.110 Adobe Reader 9 Adobe Reader out of Date! ````````Process Check: objlist.exe by Laurent```````` Microsoft Security Essentials MSMpEng.exe Microsoft Security Essentials msseces.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: 1% ````````````````````End of Log`````````````````````` -
hotmail redirection to russian IP 46.17.97.109
cedrill replied to cedrill's topic in Resolved Malware Removal Logs
Hello, Sorry for late answer, I was in week end. Difficult to say. Sometime, when I read a video on you tube, video stops few seconds before the end. Sometime chromium crash, but it's infrequent. Except that, nothing special. Cédric, -
hotmail redirection to russian IP 46.17.97.109
cedrill replied to cedrill's topic in Resolved Malware Removal Logs
Hello, Here are the logs. I hope it s ok now RogueKiller V8.2.3 [07/11/2012] by Tigzy mail: tigzyRK<at>gmail<dot>com Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/ Website: http://tigzy.geekstogo.com/roguekiller.php Blog: http://tigzyrk.blogspot.com Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version Started in : Normal mode User : Cedric [Admin rights] Mode : Remove -- Date : 16/11/2012 23:53:11 ¤¤¤ Bad processes : 0 ¤¤¤ ¤¤¤ Registry Entries : 0 ¤¤¤ ¤¤¤ Particular Files / Folders: ¤¤¤ ¤¤¤ Driver : [NOT LOADED] ¤¤¤ ¤¤¤ HOSTS File: ¤¤¤ --> C:\Windows\system32\drivers\etc\hosts 127.0.0.1 localhost ¤¤¤ MBR Check: ¤¤¤ +++++ PhysicalDrive0: ST9500420AS +++++ --- User --- [MBR] 6dfa341d7918dd07785e7847f1a410d7 [bSP] 5ff6e46df53fa96bb1401dd65357b79f : Lenovo tatooed MBR Code Partition table: 0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 1200 Mo 1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 2459648 | Size: 465737 Mo 2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 956291072 | Size: 10000 Mo User = LL1 ... OK! User = LL2 ... OK! Finished : << RKreport[19]_D_16112012_235311.txt >> RKreport[10].txt ; RKreport[11]_S_08112012_072611.txt ; RKreport[12]_S_08112012_164701.txt ; RKreport[13]_D_08112012_164710.txt ; RKreport[14]_D_08112012_164718.txt ; RKreport[15]_S_08112012_165543.txt ; RKreport[16]_D_08112012_165548.txt ; RKreport[17]_D_08112012_170749.txt ; RKreport[18]_S_16112012_235258.txt ; RKreport[19]_D_16112012_235311.txt ; RKreport[1].txt ; RKreport[2].txt ; RKreport[3].txt ; RKreport[4].txt ; RKreport[5].txt ; RKreport[6].txt ; RKreport[7].txt ; RKreport[8].txt ; RKreport[9].txt Malwarebytes Anti-Malware 1.65.1.1000 www.malwarebytes.org Version de la base de données: v2012.11.16.06 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 8.0.7601.17514 Cedric :: CEDRIC-THINK [administrateur] 16/11/2012 14:11:00 mbam-log-2012-11-16 (14-11-00).txt Type d'examen: Examen complet (C:\|Q:\|) Options d'examen activées: Mémoire | Démarrage | Registre | Système de fichiers | Heuristique/Extra | Heuristique/Shuriken | PUP | PUM Options d'examen désactivées: P2P Elément(s) analysé(s): 643721 Temps écoulé: 2 heure(s), 20 minute(s), 21 seconde(s) Processus mémoire détecté(s): 0 (Aucun élément nuisible détecté) Module(s) mémoire détecté(s): 0 (Aucun élément nuisible détecté) Clé(s) du Registre détectée(s): 0 (Aucun élément nuisible détecté) Valeur(s) du Registre détectée(s): 0 (Aucun élément nuisible détecté) Elément(s) de données du Registre détecté(s): 0 (Aucun élément nuisible détecté) Dossier(s) détecté(s): 0 (Aucun élément nuisible détecté) Fichier(s) détecté(s): 4 C:\Users\Cedric\Documents\FOTOS Et MUSICA\TAFF TAFF 2 2012-01-18 01;00;20\NSN Paris project\Back up 2008 08\USERINF\nla\NLAliczkowsc6fb\LegacyScript\isadmin.exe (Rogue.SecurityScan) -> Mis en quarantaine et supprimé avec succès. C:\Users\Cedric\Documents\FOTOS Et MUSICA\TAFF TAFF 2 2012-01-18 01;00;20\NSN Paris project\back up 2008 10\USERINF\nla\NLAliczkowsc6fb\LegacyScript\isadmin.exe (Rogue.SecurityScan) -> Mis en quarantaine et supprimé avec succès. C:\Users\Cedric\Documents\TAFF TAFF 2\NSN Paris project\Back up 2008 08\USERINF\nla\NLAliczkowsc6fb\LegacyScript\isadmin.exe (Rogue.SecurityScan) -> Mis en quarantaine et supprimé avec succès. C:\Users\Cedric\Documents\TAFF TAFF 2\NSN Paris project\back up 2008 10\USERINF\nla\NLAliczkowsc6fb\LegacyScript\isadmin.exe (Rogue.SecurityScan) -> Mis en quarantaine et supprimé avec succès. (fin) -
hotmail redirection to russian IP 46.17.97.109
cedrill replied to cedrill's topic in Resolved Malware Removal Logs
Hello, Do you mean this IP is not dangerous any more? Cool! But bad new, I ran a scan again and it found something. Am I really unlucky? Must I delete this isadmin.exe ? Thanks again Cédric Malwarebytes Anti-Malware 1.65.1.1000 www.malwarebytes.org Version de la base de données: v2012.11.16.06 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 8.0.7601.17514 Cedric :: CEDRIC-THINK [administrateur] 16/11/2012 14:11:00 mbam-log-2012-11-16 (16-33-04).txt Type d'examen: Examen complet (C:\|Q:\|) Options d'examen activées: Mémoire | Démarrage | Registre | Système de fichiers | Heuristique/Extra | Heuristique/Shuriken | PUP | PUM Options d'examen désactivées: P2P Elément(s) analysé(s): 643721 Temps écoulé: 2 heure(s), 20 minute(s), 21 seconde(s) Processus mémoire détecté(s): 0 (Aucun élément nuisible détecté) Module(s) mémoire détecté(s): 0 (Aucun élément nuisible détecté) Clé(s) du Registre détectée(s): 0 (Aucun élément nuisible détecté) Valeur(s) du Registre détectée(s): 0 (Aucun élément nuisible détecté) Elément(s) de données du Registre détecté(s): 0 (Aucun élément nuisible détecté) Dossier(s) détecté(s): 0 (Aucun élément nuisible détecté) Fichier(s) détecté(s): 4 C:\Users\Cedric\Documents\FOTOS Et MUSICA\TAFF TAFF 2 2012-01-18 01;00;20\NSN Paris project\Back up 2008 08\USERINF\nla\NLAliczkowsc6fb\LegacyScript\isadmin.exe (Rogue.SecurityScan) -> Aucune action effectuée. C:\Users\Cedric\Documents\FOTOS Et MUSICA\TAFF TAFF 2 2012-01-18 01;00;20\NSN Paris project\back up 2008 10\USERINF\nla\NLAliczkowsc6fb\LegacyScript\isadmin.exe (Rogue.SecurityScan) -> Aucune action effectuée. C:\Users\Cedric\Documents\TAFF TAFF 2\NSN Paris project\Back up 2008 08\USERINF\nla\NLAliczkowsc6fb\LegacyScript\isadmin.exe (Rogue.SecurityScan) -> Aucune action effectuée. C:\Users\Cedric\Documents\TAFF TAFF 2\NSN Paris project\back up 2008 10\USERINF\nla\NLAliczkowsc6fb\LegacyScript\isadmin.exe (Rogue.SecurityScan) -> Aucune action effectuée. (fin) -
hotmail redirection to russian IP 46.17.97.109
cedrill replied to cedrill's topic in Resolved Malware Removal Logs
Hello, Yes, I tried to change my hotmail password. Something strange is the message appears only with one of my two hotmail accounts. Do you think it could be a bug? Bellow, the log file. 2012/11/08 00:20:19 +0100 CEDRIC-THINK Cedric IP-BLOCK 46.17.97.109 (Type: outgoing, Port: 50538, Process: chrome.exe) 2012/11/08 01:02:42 +0100 CEDRIC-THINK Cedric IP-BLOCK 46.17.97.109 (Type: outgoing, Port: 51113, Process: chrome.exe) 2012/11/08 07:28:35 +0100 CEDRIC-THINK Cedric IP-BLOCK 46.17.97.109 (Type: outgoing, Port: 51681, Process: chrome.exe) 2012/11/08 16:45:04 +0100 CEDRIC-THINK Cedric IP-BLOCK 46.17.97.109 (Type: outgoing, Port: 52147, Process: chrome.exe) 2012/11/08 16:48:16 +0100 CEDRIC-THINK Cedric IP-BLOCK 46.17.97.109 (Type: outgoing, Port: 52323, Process: chrome.exe) 2012/11/08 16:54:43 +0100 CEDRIC-THINK Cedric IP-BLOCK 46.17.97.109 (Type: outgoing, Port: 52472, Process: chrome.exe) 2012/11/08 17:02:36 +0100 CEDRIC-THINK Cedric IP-BLOCK 46.17.97.109 (Type: outgoing, Port: 52645, Process: chrome.exe) 2012/11/08 17:42:12 +0100 CEDRIC-THINK Cedric MESSAGE Stopping protection 2012/11/08 17:42:12 +0100 CEDRIC-THINK Cedric MESSAGE Protection stopped successfully 2012/11/08 17:42:12 +0100 CEDRIC-THINK Cedric MESSAGE Stopping IP protection 2012/11/08 17:42:12 +0100 CEDRIC-THINK Cedric MESSAGE IP Protection stopped successfully 2012/11/08 17:42:35 +0100 CEDRIC-THINK Cedric MESSAGE Protection stopped -
hotmail redirection to russian IP 46.17.97.109
cedrill replied to cedrill's topic in Resolved Malware Removal Logs
Hello, I ran again the MBAM and nothing was found (report bellow). Then, how can I be sure there is no redirecting to Russian IP now? Thanks again for your time. Malwarebytes Anti-Malware 1.65.1.1000 www.malwarebytes.org Version de la base de données: v2012.11.13.04 Windows 7 Service Pack 1 x64 NTFS (Mode sans échec) Internet Explorer 8.0.7601.17514 Cedric :: CEDRIC-THINK [administrateur] 13/11/2012 14:43:53 mbam-log-2012-11-13 (14-43-53).txt Type d'examen: Examen complet (C:\|Q:\|) Options d'examen activées: Mémoire | Démarrage | Registre | Système de fichiers | Heuristique/Extra | Heuristique/Shuriken | PUP | PUM Options d'examen désactivées: P2P Elément(s) analysé(s): 640841 Temps écoulé: 1 heure(s), 46 minute(s), 49 seconde(s) Processus mémoire détecté(s): 0 (Aucun élément nuisible détecté) Module(s) mémoire détecté(s): 0 (Aucun élément nuisible détecté) Clé(s) du Registre détectée(s): 0 (Aucun élément nuisible détecté) Valeur(s) du Registre détectée(s): 0 (Aucun élément nuisible détecté) Elément(s) de données du Registre détecté(s): 0 (Aucun élément nuisible détecté) Dossier(s) détecté(s): 0 (Aucun élément nuisible détecté) Fichier(s) détecté(s): 0 (Aucun élément nuisible détecté) (fin) -
hotmail redirection to russian IP 46.17.97.109
cedrill replied to cedrill's topic in Resolved Malware Removal Logs
Good morning, Yes, that s very strange. Nothing was found but when I connected to hotmail I had a MBAM message telling me it blocked an IP adresse to russian. Now, my MBAM trial version expired. As the free version doesn't have automatic web site protection, I don't have the message anymore. Then, I'm a bit confused. -
hotmail redirection to russian IP 46.17.97.109
cedrill replied to cedrill's topic in Resolved Malware Removal Logs
Nothing found! -
hotmail redirection to russian IP 46.17.97.109
cedrill replied to cedrill's topic in Resolved Malware Removal Logs
Hello, Nop, it was not ticked. Should I run anto-rootkit any way? -
hotmail redirection to russian IP 46.17.97.109
cedrill replied to cedrill's topic in Resolved Malware Removal Logs
Hello, No, sorry, I didn't see any IP list in Internet property windows. What should I looking for? In Internet property / LAN setting, I found: Use a proxy server for your LAN Should I tick this box? -
hotmail redirection to russian IP 46.17.97.109
cedrill replied to cedrill's topic in Resolved Malware Removal Logs
Hello, I use chomium and I have the following message: Chromium is using your computer's system proxy settings to connect to the network. Should I change that? The hosts files only contains: 127.0.0.1 localhost -
hotmail redirection to russian IP 46.17.97.109
cedrill replied to cedrill's topic in Resolved Malware Removal Logs
Hello, Here is the log roguekiller. By mistake I did DELETE twice. The report is after the second one. I couldn't see 46.17.97.109 in TCPView list. I tried to connect and disconnect my hotmail account. Impossible to see this IP in the list but the message still appears in Malwarebyte ! Any idea? Thanks Cédric RogueKiller V8.2.3 [07/11/2012] by Tigzy mail: tigzyRK<at>gmail<dot>com Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/ Website: http://tigzy.geekstogo.com/roguekiller.php Blog: http://tigzyrk.blogspot.com Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version Started in : Normal mode User : Cedric [Admin rights] Mode : Remove -- Date : 08/11/2012 16:47:18 ¤¤¤ Bad processes : 2 ¤¤¤ [RESIDUE] GoogleUpdate.exe -- C:\Users\Cedric\AppData\Local\Google\Update\GoogleUpdate.exe -> KILLED [TermProc] [RESIDUE] FacebookUpdate.exe -- C:\Users\Cedric\AppData\Local\Facebook\Update\FacebookUpdate.exe -> KILLED [TermProc] ¤¤¤ Registry Entries : 0 ¤¤¤ ¤¤¤ Particular Files / Folders: ¤¤¤ ¤¤¤ Driver : [NOT LOADED] ¤¤¤ ¤¤¤ HOSTS File: ¤¤¤ --> C:\Windows\system32\drivers\etc\hosts 127.0.0.1 localhost ¤¤¤ MBR Check: ¤¤¤ +++++ PhysicalDrive0: ST9500420AS +++++ --- User --- [MBR] 6dfa341d7918dd07785e7847f1a410d7 [bSP] 5ff6e46df53fa96bb1401dd65357b79f : Lenovo tatooed MBR Code Partition table: 0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 1200 Mo 1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 2459648 | Size: 465737 Mo 2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 956291072 | Size: 10000 Mo User = LL1 ... OK! User = LL2 ... OK! Finished : << RKreport[14]_D_08112012_164718.txt >> RKreport[10].txt ; RKreport[11]_S_08112012_072611.txt ; RKreport[12]_S_08112012_164701.txt ; RKreport[13]_D_08112012_164710.txt ; RKreport[14]_D_08112012_164718.txt ; RKreport[1].txt ; RKreport[2].txt ; RKreport[3].txt ; RKreport[4].txt ; RKreport[5].txt ; RKreport[6].txt ; RKreport[7].txt ; RKreport[8].txt ; RKreport[9].txt -
hotmail redirection to russian IP 46.17.97.109
cedrill replied to cedrill's topic in Resolved Malware Removal Logs
Hey! It gave me that: RogueKiller V8.2.3 [07/11/2012] by Tigzy mail: tigzyRK<at>gmail<dot>com Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/ Website: http://tigzy.geekstogo.com/roguekiller.php Blog: http://tigzyrk.blogspot.com Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version Started in : Normal mode User : Cedric [Admin rights] Mode : Scan -- Date : 08/11/2012 07:26:11 ¤¤¤ Bad processes : 0 ¤¤¤ ¤¤¤ Registry Entries : 10 ¤¤¤ [TASK][sUSP PATH] GoogleUpdateTaskUserS-1-5-21-3945560438-835355012-1364033068-1000UA.job : C:\Users\Cedric\AppData\Local\Google\Update\GoogleUpdate.exe -> FOUND [TASK][sUSP PATH] GoogleUpdateTaskUserS-1-5-21-3945560438-835355012-1364033068-1000Core.job : C:\Users\Cedric\AppData\Local\Google\Update\GoogleUpdate.exe -> FOUND [TASK][sUSP PATH] FacebookUpdateTaskUserS-1-5-21-3945560438-835355012-1364033068-1000UA.job : C:\Users\Cedric\AppData\Local\Facebook\Update\FacebookUpdate.exe -> FOUND [TASK][sUSP PATH] FacebookUpdateTaskUserS-1-5-21-3945560438-835355012-1364033068-1000Core.job : C:\Users\Cedric\AppData\Local\Facebook\Update\FacebookUpdate.exe -> FOUND [TASK][sUSP PATH] FacebookUpdateTaskUserS-1-5-21-3945560438-835355012-1364033068-1000Core : C:\Users\Cedric\AppData\Local\Facebook\Update\FacebookUpdate.exe /c /nocrashserver -> FOUND [TASK][sUSP PATH] FacebookUpdateTaskUserS-1-5-21-3945560438-835355012-1364033068-1000UA : C:\Users\Cedric\AppData\Local\Facebook\Update\FacebookUpdate.exe /ua /installsource scheduler -> FOUND [TASK][sUSP PATH] GoogleUpdateTaskUserS-1-5-21-3945560438-835355012-1364033068-1000Core : C:\Users\Cedric\AppData\Local\Google\Update\GoogleUpdate.exe /c -> FOUND [TASK][sUSP PATH] GoogleUpdateTaskUserS-1-5-21-3945560438-835355012-1364033068-1000UA : C:\Users\Cedric\AppData\Local\Google\Update\GoogleUpdate.exe /ua /installsource scheduler -> FOUND [HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> FOUND [HJPOL] HKLM\[...]\Wow6432Node\System : DisableRegistryTools (0) -> FOUND ¤¤¤ Particular Files / Folders: ¤¤¤ ¤¤¤ Driver : [NOT LOADED] ¤¤¤ ¤¤¤ HOSTS File: ¤¤¤ --> C:\Windows\system32\drivers\etc\hosts 127.0.0.1 localhost ¤¤¤ MBR Check: ¤¤¤ +++++ PhysicalDrive0: ST9500420AS +++++ --- User --- [MBR] 6dfa341d7918dd07785e7847f1a410d7 [bSP] 5ff6e46df53fa96bb1401dd65357b79f : Lenovo tatooed MBR Code Partition table: 0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 1200 Mo 1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 2459648 | Size: 465737 Mo 2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 956291072 | Size: 10000 Mo User = LL1 ... OK! User = LL2 ... OK! Finished : << RKreport[11]_S_08112012_072611.txt >> RKreport[10].txt ; RKreport[11]_S_08112012_072611.txt ; RKreport[1].txt ; RKreport[2].txt ; RKreport[3].txt ; RKreport[4].txt ; RKreport[5].txt ; RKreport[6].txt ; RKreport[7].txt ; RKreport[8].txt ; RKreport[9].txt