edendom

I have a server and yesterday I underwent a DOS attack from an IP hosted voxility.com I've noticed quickly and I blocked their IP address in the firewall on my server but I find that I am not alone in this. Not forgetting that there was a time that my server has been hacked and malware was injected through ip also voxility.com. Definitively banish!

I'm on adobe cloud acrobe reader should be auto update, I will check this. The issue seems to be resolve yes, will keep an eye on it but thanks a lot for the help

I attached the jrt log I thought it was already sent. For now it seems to works fine. JRT.txt

1/ No threats found with online check. 2/ MB report: -------------------------------------------- Malwarebytes Anti-Malware (PRO) 1.70.0.1100 www.malwarebytes.org Version de la base de données: v2012.12.29.08 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 Dominique :: DOMINIQUE-PC [administrateur] Protection: Activé 29/12/2012 18:09:33 mbam-log-2012-12-29 (18-09-33).txt Type d'examen: Examen rapide Options d'examen activées: Mémoire | Démarrage | Registre | Système de fichiers | Heuristique/Extra | Heuristique/Shuriken | PUP | PUM Options d'examen désactivées: P2P Elément(s) analysé(s): 232907 Temps écoulé: 26 seconde(s) Processus mémoire détecté(s): 0 (Aucun élément nuisible détecté) Module(s) mémoire détecté(s): 0 (Aucun élément nuisible détecté) Clé(s) du Registre détectée(s): 0 (Aucun élément nuisible détecté) Valeur(s) du Registre détectée(s): 0 (Aucun élément nuisible détecté) Elément(s) de données du Registre détecté(s): 0 (Aucun élément nuisible détecté) Dossier(s) détecté(s): 0 (Aucun élément nuisible détecté) Fichier(s) détecté(s): 0 (Aucun élément nuisible détecté) (fin) 3/ Files attached AdwCleanerS1.txt

Sorry I miss it it was not link on hotmail

Can you tell me where I can download Junkware Removal Tool please? Thanks

I attaches all rk reports Thanks RKreport1_S_29122012_173828.txt RKreport2_D_29122012_173926.txt RKreport3_SC_29122012_174334.txt

Thanks, here is the combofix log: ComboFix 12-12-29.02 - Dominique 29/12/2012 17:23:58.1.8 - x64 Microsoft Windows 7 Édition Familiale Premium 6.1.7601.1.1252.33.1036.18.8167.4943 [GMT 1:00] Lancé depuis: c:\users\Dominique\Desktop\ComboFix.exe AV: Microsoft Security Essentials *Disabled/Updated* {B140BF4E-23BB-4198-90AB-A51A4C60A69C} SP: Microsoft Security Essentials *Disabled/Updated* {0A215EAA-0581-4E16-AA1B-9E6837E7EC21} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . . c:\windows\isRS-000.tmp E:\install.exe . . ((((((((((((((((((((((((((((( Fichiers créés du 2012-11-28 au 2012-12-29 )))))))))))))))))))))))))))))))))))) . . 2012-12-29 16:26 . 2012-12-29 16:26 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp 2012-12-29 16:26 . 2012-12-29 16:26 -------- d-----w- c:\users\Default\AppData\Local\temp 2012-12-29 12:45 . 2012-12-29 12:45 -------- d-----w- c:\users\Dominique\AppData\Roaming\PDAppFlex 2012-12-28 15:05 . 2012-12-28 15:05 -------- d-----w- c:\users\Dominique\AppData\Local\Programs 2012-12-28 14:54 . 2012-12-28 14:54 -------- d-----w- c:\users\Dominique\AppData\Roaming\FireShot 2012-12-28 08:16 . 2012-11-08 17:24 9125352 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{71B6BAE8-C117-42EF-BA7A-37CE5E76EB8C}\mpengine.dll 2012-12-27 08:08 . 2012-11-08 17:24 9125352 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll 2012-12-21 11:39 . 2012-12-16 17:11 46080 ----a-w- c:\windows\system32\atmlib.dll 2012-12-21 11:39 . 2012-12-16 14:45 367616 ----a-w- c:\windows\system32\atmfd.dll 2012-12-21 11:39 . 2012-12-16 14:13 34304 ----a-w- c:\windows\SysWow64\atmlib.dll 2012-12-21 11:39 . 2012-12-16 14:13 295424 ----a-w- c:\windows\SysWow64\atmfd.dll 2012-12-19 21:41 . 2012-12-19 21:42 -------- d-----w- c:\users\Dominique\AppData\Roaming\Mount&Blade Warband 2012-12-15 11:33 . 2012-12-15 11:33 -------- d-----r- C:\MSOCache 2012-12-12 08:38 . 2012-11-09 05:45 2048 ----a-w- c:\windows\system32\tzres.dll 2012-12-11 14:25 . 2012-12-11 14:25 -------- d--h--w- c:\programdata\CanonIJScan 2012-12-11 14:25 . 2012-12-11 14:25 -------- d-----w- c:\users\Dominique\AppData\Roaming\Canon 2012-12-08 17:12 . 2012-12-09 17:23 -------- d-----w- c:\program files (x86)\Microsoft Works 2012-12-08 17:10 . 2012-12-08 17:10 -------- d-----w- c:\program files\Microsoft Office 2012-12-08 17:10 . 2012-12-08 17:10 -------- d-----w- c:\users\Dominique\AppData\Local\Microsoft Help 2012-12-08 17:09 . 2012-12-12 08:47 -------- d-----w- c:\programdata\Microsoft Help 2012-12-07 22:45 . 2012-12-07 22:45 -------- d-----w- c:\windows\Sun 2012-12-07 16:15 . 2012-12-07 16:15 19696 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll 2012-12-07 16:15 . 2012-12-07 16:15 -------- dc----w- c:\windows\system32\DRVSTORE 2012-12-07 16:15 . 2012-12-07 16:15 -------- d-----w- c:\program files\Windows Live 2012-12-07 16:15 . 2012-09-12 14:20 57856 ----a-w- c:\windows\system32\drivers\fssfltr.sys 2012-12-05 08:58 . 2012-12-05 09:42 -------- d-----w- c:\users\Dominique\AppData\Roaming\Skype 2012-12-05 08:58 . 2012-12-05 09:42 -------- d-----w- c:\programdata\Skype 2012-12-04 16:01 . 2012-12-04 16:01 -------- d-----w- c:\program files (x86)\AGEIA Technologies 2012-12-03 23:27 . 2012-12-03 23:27 -------- d-----w- c:\windows\SysWow64\wbem\en-US 2012-12-03 23:27 . 2012-12-03 23:27 -------- d-----w- c:\windows\system32\wbem\en-US 2012-12-03 11:48 . 2012-12-03 11:48 995328 ----a-w- c:\program files\Common Files\Microsoft Shared\VGX\VGX.dll 2012-11-30 21:43 . 2012-11-30 21:43 438632 ----a-w- c:\windows\SysWow64\nvStreaming.exe . . . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2012-12-14 15:49 . 2012-11-03 18:26 24176 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-12-12 11:17 . 2012-10-29 10:47 73656 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2012-12-12 11:17 . 2012-10-29 10:47 697272 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2012-12-12 08:47 . 2012-10-29 09:39 67413224 ----a-w- c:\windows\system32\MRT.exe 2012-12-03 15:47 . 2012-10-29 07:42 2816824 ----a-w- c:\windows\system32\nvapi64.dll 2012-12-03 15:47 . 2012-10-29 07:42 1805672 ----a-w- c:\windows\system32\nvdispco64.dll 2012-12-03 15:47 . 2012-10-10 20:23 1504104 ----a-w- c:\windows\system32\nvdispgenco64.dll 2012-12-03 15:47 . 2012-10-10 20:23 983936 ----a-w- c:\windows\system32\nvumdshimx.dll 2012-12-03 15:47 . 2012-10-10 20:23 15016256 ----a-w- c:\windows\system32\nvwgf2umx.dll 2012-12-03 15:47 . 2012-10-10 20:23 12603960 ----a-w- c:\windows\SysWow64\nvwgf2um.dll 2012-12-03 15:47 . 2012-10-10 20:22 2496976 ----a-w- c:\windows\SysWow64\nvapi.dll 2012-12-01 05:49 . 2012-10-29 10:40 3663213 ----a-w- c:\windows\system32\nvcoproc.bin 2012-12-01 05:49 . 2012-10-29 07:42 2557800 ----a-w- c:\windows\system32\nvsvcr.dll 2012-12-01 05:49 . 2012-10-29 07:42 63336 ----a-w- c:\windows\system32\nvshext.dll 2012-12-01 05:49 . 2012-10-29 07:42 118120 ----a-w- c:\windows\system32\nvmctray.dll 2012-12-01 05:49 . 2012-10-29 07:42 890216 ----a-w- c:\windows\system32\nvvsvc.exe 2012-12-01 05:48 . 2012-10-29 07:42 6223208 ----a-w- c:\windows\system32\nvcpl.dll 2012-12-01 05:48 . 2012-10-29 07:42 3311464 ----a-w- c:\windows\system32\nvsvc64.dll 2012-11-28 09:07 . 2012-11-28 09:07 972264 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{D54F713A-3929-42D6-8BAB-FA441CD89FE5}\gapaengine.dll 2012-11-08 10:03 . 2012-11-08 10:03 95208 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll 2012-11-08 10:03 . 2012-11-08 10:03 821736 ----a-w- c:\windows\SysWow64\npDeployJava1.dll 2012-11-08 10:03 . 2012-11-08 10:03 746984 ----a-w- c:\windows\SysWow64\deployJava1.dll 2012-11-03 21:37 . 2012-11-03 21:37 367200 ----a-w- c:\windows\system32\drivers\afcdp.sys 2012-11-03 21:37 . 2012-11-03 21:37 228488 ----a-w- c:\windows\system32\drivers\vididr.sys 2012-11-03 21:37 . 2012-11-03 21:37 166024 ----a-w- c:\windows\system32\drivers\vidsflt.sys 2012-11-03 21:37 . 2012-11-03 21:37 1340040 ----a-w- c:\windows\system32\drivers\tdrpman.sys 2012-11-03 21:37 . 2012-11-03 21:37 1093256 ----a-w- c:\windows\system32\drivers\tib_mounter.sys 2012-11-03 21:37 . 2012-11-03 21:37 340104 ----a-w- c:\windows\system32\drivers\snapman.sys 2012-11-03 21:37 . 2012-11-03 21:37 155272 ----a-w- c:\windows\system32\drivers\fltsrv.sys 2012-10-29 18:18 . 2012-11-28 09:07 972192 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll 2012-10-29 11:22 . 2009-07-14 02:36 175616 ----a-w- c:\windows\system32\msclmd.dll 2012-10-29 11:22 . 2009-07-14 02:36 152576 ----a-w- c:\windows\SysWow64\msclmd.dll 2012-10-17 01:31 . 2012-10-29 09:36 9291768 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{95EC132A-2AA0-4AE4-86A9-B17F08E38188}\mpengine.dll 2012-10-16 08:38 . 2012-11-28 09:00 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll 2012-10-16 08:38 . 2012-11-28 09:00 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll 2012-10-16 07:39 . 2012-11-28 09:00 561664 ----a-w- c:\windows\apppatch\AcLayers.dll 2012-10-09 18:17 . 2012-11-14 08:59 55296 ----a-w- c:\windows\system32\dhcpcsvc6.dll 2012-10-09 18:17 . 2012-11-14 08:59 226816 ----a-w- c:\windows\system32\dhcpcore6.dll 2012-10-09 17:40 . 2012-11-14 08:59 44032 ----a-w- c:\windows\SysWow64\dhcpcsvc6.dll 2012-10-09 17:40 . 2012-11-14 08:59 193536 ----a-w- c:\windows\SysWow64\dhcpcore6.dll 2012-10-04 16:40 . 2012-12-12 08:38 44032 ----a-w- c:\windows\apppatch\acwow64.dll 2012-10-03 17:56 . 2012-11-14 08:59 1914248 ----a-w- c:\windows\system32\drivers\tcpip.sys 2012-10-03 17:44 . 2012-11-14 08:59 70656 ----a-w- c:\windows\system32\nlaapi.dll 2012-10-03 17:44 . 2012-11-14 08:59 303104 ----a-w- c:\windows\system32\nlasvc.dll 2012-10-03 17:44 . 2012-11-14 08:59 246272 ----a-w- c:\windows\system32\netcorehc.dll 2012-10-03 17:44 . 2012-11-14 08:59 18944 ----a-w- c:\windows\system32\netevent.dll 2012-10-03 17:44 . 2012-11-14 08:59 216576 ----a-w- c:\windows\system32\ncsi.dll 2012-10-03 17:42 . 2012-11-14 08:59 569344 ----a-w- c:\windows\system32\iphlpsvc.dll 2012-10-03 16:42 . 2012-11-14 08:59 18944 ----a-w- c:\windows\SysWow64\netevent.dll 2012-10-03 16:42 . 2012-11-14 08:59 175104 ----a-w- c:\windows\SysWow64\netcorehc.dll 2012-10-03 16:42 . 2012-11-14 08:59 156672 ----a-w- c:\windows\SysWow64\ncsi.dll 2012-10-03 16:07 . 2012-11-14 08:59 45568 ----a-w- c:\windows\system32\drivers\tcpipreg.sys . . ((((((((((((((((((((((((((((((((( Points de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584] "Steam"="f:\program files (x86)\Steam\steam.exe" [2012-12-04 1354736] "ICQ"="f:\program files (x86)\ICQ7M\ICQ.exe" [2012-10-29 127040] "TBPanel"="f:\program files (x86)\EXPERTool\TBPanel.exe" [2012-10-11 2048368] "RoboForm"="c:\program files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" [2012-12-14 109336] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "JMB36X IDE Setup"="c:\windows\RaidTool\xInsIDE.exe" [2010-01-19 43632] "AdobeCS6ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" [2012-06-25 1073352] "SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-09-23 926896] "Acrobat Assistant 8.0"="f:\program files (x86)\Adobe\Acrobat 11.0\Acrobat\Acrotray.exe" [2012-09-23 3477640] "TrueImageMonitor.exe"="f:\program files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe" [2012-08-23 6048408] "AcronisTibMounterMonitor"="c:\program files (x86)\Common Files\Acronis\TibMounter\TibMounterMonitor.exe" [2012-07-24 943560] "IJNetworkScanUtility"="c:\program files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe" [2010-08-23 206240] "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 0 (0x0) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableLUA"= 0 (0x0) "EnableUIADesktopToggle"= 0 (0x0) "PromptOnSecureDesktop"= 0 (0x0) "EnableLinkedConnections"= 1 (0x1) . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc] @="Service" . R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R3 ATHDFU;Atheros Valkyrie USB BootROM;c:\windows\system32\Drivers\AthDfu.sys [2011-03-13 51872] R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2012-08-30 128456] R3 NisSrv;Inspection du réseau Microsoft;c:\program files\Microsoft Security Client\NisSrv.exe [2012-09-12 368896] R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392] R3 WatAdminSvc;Service Windows Activation Technologies;c:\windows\system32\Wat\WatAdminSvc.exe [2012-10-29 1255736] S0 fltsrv;Acronis Storage Filter Management;c:\windows\system32\DRIVERS\fltsrv.sys [2012-11-03 155272] S0 mv91xx;mv91xx;c:\windows\system32\DRIVERS\mv91xx.sys [2010-08-27 297000] S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2011-11-03 56208] S0 tib_mounter;Acronis TIB Mounter;c:\windows\system32\DRIVERS\tib_mounter.sys [2012-11-03 1093256] S0 vididr;Acronis Virtual Disk;c:\windows\system32\DRIVERS\vididr.sys [2012-11-03 228488] S0 vidsflt;Acronis Disk Storage Filter;c:\windows\system32\DRIVERS\vidsflt.sys [2012-11-03 166024] S2 afcdpsrv;Acronis Nonstop Backup Service;c:\program files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe [2012-11-03 3717112] S2 AtherosSvc;AtherosSvc;c:\program files (x86)\Bluetooth Suite\adminservice.exe [2011-03-13 74912] S2 Intel® PROSet Monitoring Service;Intel® PROSet Monitoring Service;c:\windows\system32\IProsetMonitor.exe [2010-08-12 133800] S2 MBAMScheduler;MBAMScheduler;f:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-12-14 398184] S2 MBAMService;MBAMService;f:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-12-14 682344] S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-11-30 382824] S2 syncagentsrv;Acronis Sync Agent Service;c:\program files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe [2012-08-18 7026408] S3 afcdp;afcdp;c:\windows\system32\DRIVERS\afcdp.sys [2012-11-03 367200] S3 asmthub3;ASMedia USB3 Hub Service;c:\windows\system32\DRIVERS\asmthub3.sys [2011-02-24 126952] S3 asmtxhci;ASMEDIA XHCI Service;c:\windows\system32\DRIVERS\asmtxhci.sys [2011-02-24 389608] S3 AthBTPort;Atheros Virtual Bluetooth Class;c:\windows\system32\DRIVERS\btath_flt.sys [2011-03-13 36000] S3 BTATH_A2DP;Bluetooth A2DP Audio Driver;c:\windows\system32\drivers\btath_a2dp.sys [2011-03-13 298656] S3 BTATH_BUS;Atheros Bluetooth Bus;c:\windows\system32\DRIVERS\btath_bus.sys [2011-03-13 28832] S3 BTATH_HCRP;Bluetooth HCRP Server driver;c:\windows\system32\DRIVERS\btath_hcrp.sys [2011-03-13 201376] S3 BTATH_LWFLT;Bluetooth LWFLT Device;c:\windows\system32\DRIVERS\btath_lwflt.sys [2011-03-13 55456] S3 BTATH_RCP;Bluetooth AVRCP Device;c:\windows\system32\DRIVERS\btath_rcp.sys [2011-03-13 154272] S3 BtFilter;BtFilter;c:\windows\system32\DRIVERS\btfilter.sys [2011-03-13 280224] S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-12-14 24176] S3 RTL8192cu;%RTL8192cu.DeviceDesc.DispName%;c:\windows\system32\DRIVERS\RTL8192cu.sys [2011-04-07 848384] . . --- Autres Services/Pilotes en mémoire --- . *NewlyCreated* - ASWMBR *Deregistered* - aswMBR . Contenu du dossier 'Tâches planifiées' . 2012-12-29 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-10-29 11:17] . 2012-12-29 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-10-30 09:32] . 2012-12-29 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-10-30 09:32] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AcronisSyncError] @="{934BC6C0-FEC2-4df5-A100-961DE2C8A0ED}" [HKEY_CLASSES_ROOT\CLSID\{934BC6C0-FEC2-4df5-A100-961DE2C8A0ED}] 2012-08-23 01:48 2739176 ----a-w- f:\program files (x86)\Acronis\TrueImageHome\tishell64.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AcronisSyncInProgress] @="{00F848DC-B1D4-4892-9C25-CAADC86A215D}" [HKEY_CLASSES_ROOT\CLSID\{00F848DC-B1D4-4892-9C25-CAADC86A215D}] 2012-08-23 01:48 2739176 ----a-w- f:\program files (x86)\Acronis\TrueImageHome\tishell64.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AcronisSyncOk] @="{71573297-552E-46fc-BE3D-3DFAF88D47B7}" [HKEY_CLASSES_ROOT\CLSID\{71573297-552E-46fc-BE3D-3DFAF88D47B7}] 2012-08-23 01:48 2739176 ----a-w- f:\program files (x86)\Acronis\TrueImageHome\tishell64.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-11-19 11613288] "AtherosBtStack"="c:\program files (x86)\Bluetooth Suite\BtvStack.exe" [2011-03-13 617120] "AthBtTray"="c:\program files (x86)\Bluetooth Suite\AthBtTray.exe" [2011-03-13 379552] "AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2012-12-15 478984] "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-09-12 1289704] "Acronis Scheduler2 Service"="c:\program files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe" [2012-08-23 403816] . ------- Examen supplémentaire ------- . uLocal Page = c:\windows\system32\blank.htm mLocal Page = c:\windows\SysWOW64\blank.htm IE: Ajouter la cible du lien à un fichier PDF existant - c:\program files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html IE: Ajouter à un fichier PDF existant - c:\program files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll/AcroIEAppend.html IE: Barre RoboForm - file://c:\program files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html IE: Convertir au format Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll/AcroIECapture.html IE: Convertir la cible du lien au format Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html IE: E&xporter vers Microsoft Excel - f:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000 IE: Enregistrer les formulaires - file://c:\program files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html IE: Personnaliser le menu - file://c:\program files (x86)\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html IE: Remplir les formulaires - file://c:\program files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html IE: {{781B39EC-2E18-41FC-9B00-B84E4FFCA85F} - f:\program files (x86)\ICQ7M\ICQ.exe TCP: DhcpNameServer = 192.168.1.1 FF - ProfilePath - c:\users\Dominique\AppData\Roaming\Mozilla\Firefox\Profiles\5lkvvw3y.default-1352153870516\ FF - ExtSQL: 2012-11-21 19:53; en-US@dictionaries.addons.mozilla.org; c:\users\Dominique\AppData\Roaming\Mozilla\Firefox\Profiles\5lkvvw3y.default-1352153870516\extensions\en-US@dictionaries.addons.mozilla.org FF - ExtSQL: 2012-12-28 15:53; {0b457cAA-602d-484a-8fe7-c1d894a011ba}; c:\users\Dominique\AppData\Roaming\Mozilla\Firefox\Profiles\5lkvvw3y.default-1352153870516\extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba} . - - - - ORPHELINS SUPPRIMES - - - - . URLSearchHooks-{f999a48b-1950-4d81-9971-79018f807b4b} - (no file) Wow6432Node-HKCU-Run-RESTART_STICKY_NOTES - c:\windows\System32\StikyNot.exe Wow6432Node-HKCU-Run-AdobeBridge - (no file) Wow6432Node-HKLM-Run-<NO NAME> - (no file) HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start WebBrowser-{F999A48B-1950-4D81-9971-79018F807B4B} - (no file) . . . --------------------- CLES DE REGISTRE BLOQUEES --------------------- . [HKEY_USERS\S-1-5-21-489810796-1196830077-2147401925-1000\Software\Microsoft\Notification de cadeaux MSN] @DACL=(02 0000) . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_135_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_135_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_135_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_135_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.11" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Heure de fin: 2012-12-29 17:27:07 ComboFix-quarantined-files.txt 2012-12-29 16:27 . Avant-CF: 58 145 480 704 octets libres Après-CF: 58 161 364 992 octets libres . - - End Of File - - 3B6EEDED8FC1817B64342C1FF8148DE8

Hi, Thanks for your feedback. Here is the log you need: aswMBR version 0.9.9.1707 Copyright© 2011 AVAST Software Run date: 2012-12-29 16:54:45 ----------------------------- 16:54:45.236 OS Version: Windows x64 6.1.7601 Service Pack 1 16:54:45.236 Number of processors: 8 586 0x2A07 16:54:45.237 ComputerName: DOMINIQUE-PC UserName: Dominique 16:54:45.465 Initialize success 16:55:28.529 AVAST engine defs: 12122900 16:55:39.707 Disk 0 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP3T0L0-3 16:55:39.709 Disk 0 Vendor: Hitachi_HDT721010SLA360 ST6OA3AA Size: 953869MB BusType: 11 16:55:39.712 Disk 1 \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP0T0L0-0 16:55:39.715 Disk 1 Vendor: WDC_WD1002FAEX-00Z3A0 05.01D05 Size: 953869MB BusType: 11 16:55:39.719 Disk 2 (boot) \Device\Harddisk2\DR2 -> \Device\Ide\IdeDeviceP1T0L0-1 16:55:39.722 Disk 2 Vendor: OCZ-AGILITY3 2.13 Size: 114473MB BusType: 11 16:55:39.726 Disk 2 MBR read successfully 16:55:39.729 Disk 2 MBR scan 16:55:39.734 Disk 2 Windows 7 default MBR code 16:55:39.736 Disk 2 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048 16:55:39.753 Disk 2 Partition 2 00 07 HPFS/NTFS NTFS 114371 MB offset 206848 16:55:39.787 Disk 2 scanning C:\Windows\system32\drivers 16:55:44.702 Service scanning 16:55:56.055 Modules scanning 16:55:56.066 Disk 2 trace - called modules: 16:55:56.076 ntoskrnl.exe fltsrv.sys tdrpman.sys CLASSPNP.SYS disk.sys vidsflt.sys ACPI.sys ataport.SYS PCIIDEX.SYS hal.dll msahci.sys 16:55:56.082 1 nt!IofCallDriver -> \Device\Harddisk2\DR2[0xfffffa80074cd060] 16:55:56.085 3 CLASSPNP.SYS[fffff8800180143f] -> nt!IofCallDriver -> [0xfffffa80073cfe10] 16:55:56.088 5 vidsflt.sys[fffff88000e695cd] -> nt!IofCallDriver -> [0xfffffa8006d661e0] 16:55:56.091 7 ACPI.sys[fffff88000faf7a1] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP1T0L0-1[0xfffffa8006d83060] 16:55:56.302 AVAST engine scan C:\Windows 16:55:57.007 AVAST engine scan C:\Windows\system32 16:57:22.550 AVAST engine scan C:\Windows\system32\drivers 16:57:27.775 AVAST engine scan C:\Users\Dominique 16:59:14.061 AVAST engine scan C:\ProgramData 16:59:31.410 Scan finished successfully 17:12:25.688 Disk 2 MBR has been saved successfully to "C:\Users\Dominique\Desktop\MBR.dat" 17:12:25.722 The log file has been saved successfully to "C:\Users\Dominique\Desktop\aswMBR.txt" I also attached the zip required MBR.zip

Hi, I would need your help. Malwarebytes Pro keeps blocking the I.P. address 109.163.231.119. I attached the 2 required files. Thanks attach.txt dds.txt