Jump to content

edendom

Members
 View Profile  See their activity

  • Posts

    10

  • Joined

  • Last visited

 Content Type 

Posts posted by edendom

    37.221.165.32/28 blocked (Voxility ranges)

    in Website Blocking

    Posted

    I have a server and yesterday I underwent a DOS attack from an IP hosted voxility.com

    I've noticed quickly and I blocked their IP address in the firewall on my server but I find that I am not alone in this.

     

    Not forgetting that there was a time that my server has been hacked and malware was injected through ip also voxility.com. Definitively banish!

    ip address blocked by MalewareBytes Pro

    in Resolved Malware Removal Logs

    Posted

    1/ No threats found with online check.

    2/ MB report:

    --------------------------------------------

    Malwarebytes Anti-Malware (PRO) 1.70.0.1100

    www.malwarebytes.org

    Version de la base de données: v2012.12.29.08

    Windows 7 Service Pack 1 x64 NTFS

    Internet Explorer 9.0.8112.16421

    Dominique :: DOMINIQUE-PC [administrateur]

    Protection: Activé

    29/12/2012 18:09:33

    mbam-log-2012-12-29 (18-09-33).txt

    Type d'examen: Examen rapide

    Options d'examen activées: Mémoire | Démarrage | Registre | Système de fichiers | Heuristique/Extra | Heuristique/Shuriken | PUP | PUM

    Options d'examen désactivées: P2P

    Elément(s) analysé(s): 232907

    Temps écoulé: 26 seconde(s)

    Processus mémoire détecté(s): 0

    (Aucun élément nuisible détecté)

    Module(s) mémoire détecté(s): 0

    (Aucun élément nuisible détecté)

    Clé(s) du Registre détectée(s): 0

    (Aucun élément nuisible détecté)

    Valeur(s) du Registre détectée(s): 0

    (Aucun élément nuisible détecté)

    Elément(s) de données du Registre détecté(s): 0

    (Aucun élément nuisible détecté)

    Dossier(s) détecté(s): 0

    (Aucun élément nuisible détecté)

    Fichier(s) détecté(s): 0

    (Aucun élément nuisible détecté)

    (fin)

    3/ Files attached

    AdwCleanerS1.txt

    ip address blocked by MalewareBytes Pro

    in Resolved Malware Removal Logs

    Posted

    Thanks, here is the combofix log:

    ComboFix 12-12-29.02 - Dominique 29/12/2012 17:23:58.1.8 - x64

    Microsoft Windows 7 Édition Familiale Premium 6.1.7601.1.1252.33.1036.18.8167.4943 [GMT 1:00]

    Lancé depuis: c:\users\Dominique\Desktop\ComboFix.exe

    AV: Microsoft Security Essentials *Disabled/Updated* {B140BF4E-23BB-4198-90AB-A51A4C60A69C}

    SP: Microsoft Security Essentials *Disabled/Updated* {0A215EAA-0581-4E16-AA1B-9E6837E7EC21}

    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

    .

    .

    (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))

    .

    .

    c:\windows\isRS-000.tmp

    E:\install.exe

    .

    .

    ((((((((((((((((((((((((((((( Fichiers créés du 2012-11-28 au 2012-12-29 ))))))))))))))))))))))))))))))))))))

    .

    .

    2012-12-29 16:26 . 2012-12-29 16:26 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp

    2012-12-29 16:26 . 2012-12-29 16:26 -------- d-----w- c:\users\Default\AppData\Local\temp

    2012-12-29 12:45 . 2012-12-29 12:45 -------- d-----w- c:\users\Dominique\AppData\Roaming\PDAppFlex

    2012-12-28 15:05 . 2012-12-28 15:05 -------- d-----w- c:\users\Dominique\AppData\Local\Programs

    2012-12-28 14:54 . 2012-12-28 14:54 -------- d-----w- c:\users\Dominique\AppData\Roaming\FireShot

    2012-12-28 08:16 . 2012-11-08 17:24 9125352 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{71B6BAE8-C117-42EF-BA7A-37CE5E76EB8C}\mpengine.dll

    2012-12-27 08:08 . 2012-11-08 17:24 9125352 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll

    2012-12-21 11:39 . 2012-12-16 17:11 46080 ----a-w- c:\windows\system32\atmlib.dll

    2012-12-21 11:39 . 2012-12-16 14:45 367616 ----a-w- c:\windows\system32\atmfd.dll

    2012-12-21 11:39 . 2012-12-16 14:13 34304 ----a-w- c:\windows\SysWow64\atmlib.dll

    2012-12-21 11:39 . 2012-12-16 14:13 295424 ----a-w- c:\windows\SysWow64\atmfd.dll

    2012-12-19 21:41 . 2012-12-19 21:42 -------- d-----w- c:\users\Dominique\AppData\Roaming\Mount&Blade Warband

    2012-12-15 11:33 . 2012-12-15 11:33 -------- d-----r- C:\MSOCache

    2012-12-12 08:38 . 2012-11-09 05:45 2048 ----a-w- c:\windows\system32\tzres.dll

    2012-12-11 14:25 . 2012-12-11 14:25 -------- d--h--w- c:\programdata\CanonIJScan

    2012-12-11 14:25 . 2012-12-11 14:25 -------- d-----w- c:\users\Dominique\AppData\Roaming\Canon

    2012-12-08 17:12 . 2012-12-09 17:23 -------- d-----w- c:\program files (x86)\Microsoft Works

    2012-12-08 17:10 . 2012-12-08 17:10 -------- d-----w- c:\program files\Microsoft Office

    2012-12-08 17:10 . 2012-12-08 17:10 -------- d-----w- c:\users\Dominique\AppData\Local\Microsoft Help

    2012-12-08 17:09 . 2012-12-12 08:47 -------- d-----w- c:\programdata\Microsoft Help

    2012-12-07 22:45 . 2012-12-07 22:45 -------- d-----w- c:\windows\Sun

    2012-12-07 16:15 . 2012-12-07 16:15 19696 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll

    2012-12-07 16:15 . 2012-12-07 16:15 -------- dc----w- c:\windows\system32\DRVSTORE

    2012-12-07 16:15 . 2012-12-07 16:15 -------- d-----w- c:\program files\Windows Live

    2012-12-07 16:15 . 2012-09-12 14:20 57856 ----a-w- c:\windows\system32\drivers\fssfltr.sys

    2012-12-05 08:58 . 2012-12-05 09:42 -------- d-----w- c:\users\Dominique\AppData\Roaming\Skype

    2012-12-05 08:58 . 2012-12-05 09:42 -------- d-----w- c:\programdata\Skype

    2012-12-04 16:01 . 2012-12-04 16:01 -------- d-----w- c:\program files (x86)\AGEIA Technologies

    2012-12-03 23:27 . 2012-12-03 23:27 -------- d-----w- c:\windows\SysWow64\wbem\en-US

    2012-12-03 23:27 . 2012-12-03 23:27 -------- d-----w- c:\windows\system32\wbem\en-US

    2012-12-03 11:48 . 2012-12-03 11:48 995328 ----a-w- c:\program files\Common Files\Microsoft Shared\VGX\VGX.dll

    2012-11-30 21:43 . 2012-11-30 21:43 438632 ----a-w- c:\windows\SysWow64\nvStreaming.exe

    .

    .

    .

    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))

    .

    2012-12-14 15:49 . 2012-11-03 18:26 24176 ----a-w- c:\windows\system32\drivers\mbam.sys

    2012-12-12 11:17 . 2012-10-29 10:47 73656 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

    2012-12-12 11:17 . 2012-10-29 10:47 697272 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe

    2012-12-12 08:47 . 2012-10-29 09:39 67413224 ----a-w- c:\windows\system32\MRT.exe

    2012-12-03 15:47 . 2012-10-29 07:42 2816824 ----a-w- c:\windows\system32\nvapi64.dll

    2012-12-03 15:47 . 2012-10-29 07:42 1805672 ----a-w- c:\windows\system32\nvdispco64.dll

    2012-12-03 15:47 . 2012-10-10 20:23 1504104 ----a-w- c:\windows\system32\nvdispgenco64.dll

    2012-12-03 15:47 . 2012-10-10 20:23 983936 ----a-w- c:\windows\system32\nvumdshimx.dll

    2012-12-03 15:47 . 2012-10-10 20:23 15016256 ----a-w- c:\windows\system32\nvwgf2umx.dll

    2012-12-03 15:47 . 2012-10-10 20:23 12603960 ----a-w- c:\windows\SysWow64\nvwgf2um.dll

    2012-12-03 15:47 . 2012-10-10 20:22 2496976 ----a-w- c:\windows\SysWow64\nvapi.dll

    2012-12-01 05:49 . 2012-10-29 10:40 3663213 ----a-w- c:\windows\system32\nvcoproc.bin

    2012-12-01 05:49 . 2012-10-29 07:42 2557800 ----a-w- c:\windows\system32\nvsvcr.dll

    2012-12-01 05:49 . 2012-10-29 07:42 63336 ----a-w- c:\windows\system32\nvshext.dll

    2012-12-01 05:49 . 2012-10-29 07:42 118120 ----a-w- c:\windows\system32\nvmctray.dll

    2012-12-01 05:49 . 2012-10-29 07:42 890216 ----a-w- c:\windows\system32\nvvsvc.exe

    2012-12-01 05:48 . 2012-10-29 07:42 6223208 ----a-w- c:\windows\system32\nvcpl.dll

    2012-12-01 05:48 . 2012-10-29 07:42 3311464 ----a-w- c:\windows\system32\nvsvc64.dll

    2012-11-28 09:07 . 2012-11-28 09:07 972264 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{D54F713A-3929-42D6-8BAB-FA441CD89FE5}\gapaengine.dll

    2012-11-08 10:03 . 2012-11-08 10:03 95208 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll

    2012-11-08 10:03 . 2012-11-08 10:03 821736 ----a-w- c:\windows\SysWow64\npDeployJava1.dll

    2012-11-08 10:03 . 2012-11-08 10:03 746984 ----a-w- c:\windows\SysWow64\deployJava1.dll

    2012-11-03 21:37 . 2012-11-03 21:37 367200 ----a-w- c:\windows\system32\drivers\afcdp.sys

    2012-11-03 21:37 . 2012-11-03 21:37 228488 ----a-w- c:\windows\system32\drivers\vididr.sys

    2012-11-03 21:37 . 2012-11-03 21:37 166024 ----a-w- c:\windows\system32\drivers\vidsflt.sys

    2012-11-03 21:37 . 2012-11-03 21:37 1340040 ----a-w- c:\windows\system32\drivers\tdrpman.sys

    2012-11-03 21:37 . 2012-11-03 21:37 1093256 ----a-w- c:\windows\system32\drivers\tib_mounter.sys

    2012-11-03 21:37 . 2012-11-03 21:37 340104 ----a-w- c:\windows\system32\drivers\snapman.sys

    2012-11-03 21:37 . 2012-11-03 21:37 155272 ----a-w- c:\windows\system32\drivers\fltsrv.sys

    2012-10-29 18:18 . 2012-11-28 09:07 972192 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll

    2012-10-29 11:22 . 2009-07-14 02:36 175616 ----a-w- c:\windows\system32\msclmd.dll

    2012-10-29 11:22 . 2009-07-14 02:36 152576 ----a-w- c:\windows\SysWow64\msclmd.dll

    2012-10-17 01:31 . 2012-10-29 09:36 9291768 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{95EC132A-2AA0-4AE4-86A9-B17F08E38188}\mpengine.dll

    2012-10-16 08:38 . 2012-11-28 09:00 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll

    2012-10-16 08:38 . 2012-11-28 09:00 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll

    2012-10-16 07:39 . 2012-11-28 09:00 561664 ----a-w- c:\windows\apppatch\AcLayers.dll

    2012-10-09 18:17 . 2012-11-14 08:59 55296 ----a-w- c:\windows\system32\dhcpcsvc6.dll

    2012-10-09 18:17 . 2012-11-14 08:59 226816 ----a-w- c:\windows\system32\dhcpcore6.dll

    2012-10-09 17:40 . 2012-11-14 08:59 44032 ----a-w- c:\windows\SysWow64\dhcpcsvc6.dll

    2012-10-09 17:40 . 2012-11-14 08:59 193536 ----a-w- c:\windows\SysWow64\dhcpcore6.dll

    2012-10-04 16:40 . 2012-12-12 08:38 44032 ----a-w- c:\windows\apppatch\acwow64.dll

    2012-10-03 17:56 . 2012-11-14 08:59 1914248 ----a-w- c:\windows\system32\drivers\tcpip.sys

    2012-10-03 17:44 . 2012-11-14 08:59 70656 ----a-w- c:\windows\system32\nlaapi.dll

    2012-10-03 17:44 . 2012-11-14 08:59 303104 ----a-w- c:\windows\system32\nlasvc.dll

    2012-10-03 17:44 . 2012-11-14 08:59 246272 ----a-w- c:\windows\system32\netcorehc.dll

    2012-10-03 17:44 . 2012-11-14 08:59 18944 ----a-w- c:\windows\system32\netevent.dll

    2012-10-03 17:44 . 2012-11-14 08:59 216576 ----a-w- c:\windows\system32\ncsi.dll

    2012-10-03 17:42 . 2012-11-14 08:59 569344 ----a-w- c:\windows\system32\iphlpsvc.dll

    2012-10-03 16:42 . 2012-11-14 08:59 18944 ----a-w- c:\windows\SysWow64\netevent.dll

    2012-10-03 16:42 . 2012-11-14 08:59 175104 ----a-w- c:\windows\SysWow64\netcorehc.dll

    2012-10-03 16:42 . 2012-11-14 08:59 156672 ----a-w- c:\windows\SysWow64\ncsi.dll

    2012-10-03 16:07 . 2012-11-14 08:59 45568 ----a-w- c:\windows\system32\drivers\tcpipreg.sys

    .

    .

    ((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))

    .

    .

    *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

    REGEDIT4

    .

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

    "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]

    "Steam"="f:\program files (x86)\Steam\steam.exe" [2012-12-04 1354736]

    "ICQ"="f:\program files (x86)\ICQ7M\ICQ.exe" [2012-10-29 127040]

    "TBPanel"="f:\program files (x86)\EXPERTool\TBPanel.exe" [2012-10-11 2048368]

    "RoboForm"="c:\program files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" [2012-12-14 109336]

    .

    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

    "JMB36X IDE Setup"="c:\windows\RaidTool\xInsIDE.exe" [2010-01-19 43632]

    "AdobeCS6ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" [2012-06-25 1073352]

    "SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]

    "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-09-23 926896]

    "Acrobat Assistant 8.0"="f:\program files (x86)\Adobe\Acrobat 11.0\Acrobat\Acrotray.exe" [2012-09-23 3477640]

    "TrueImageMonitor.exe"="f:\program files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe" [2012-08-23 6048408]

    "AcronisTibMounterMonitor"="c:\program files (x86)\Common Files\Acronis\TibMounter\TibMounterMonitor.exe" [2012-07-24 943560]

    "IJNetworkScanUtility"="c:\program files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe" [2010-08-23 206240]

    "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]

    .

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

    "ConsentPromptBehaviorAdmin"= 0 (0x0)

    "ConsentPromptBehaviorUser"= 3 (0x3)

    "EnableLUA"= 0 (0x0)

    "EnableUIADesktopToggle"= 0 (0x0)

    "PromptOnSecureDesktop"= 0 (0x0)

    "EnableLinkedConnections"= 1 (0x1)

    .

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

    @="Service"

    .

    R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

    R3 ATHDFU;Atheros Valkyrie USB BootROM;c:\windows\system32\Drivers\AthDfu.sys [2011-03-13 51872]

    R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2012-08-30 128456]

    R3 NisSrv;Inspection du réseau Microsoft;c:\program files\Microsoft Security Client\NisSrv.exe [2012-09-12 368896]

    R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]

    R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]

    R3 WatAdminSvc;Service Windows Activation Technologies;c:\windows\system32\Wat\WatAdminSvc.exe [2012-10-29 1255736]

    S0 fltsrv;Acronis Storage Filter Management;c:\windows\system32\DRIVERS\fltsrv.sys [2012-11-03 155272]

    S0 mv91xx;mv91xx;c:\windows\system32\DRIVERS\mv91xx.sys [2010-08-27 297000]

    S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2011-11-03 56208]

    S0 tib_mounter;Acronis TIB Mounter;c:\windows\system32\DRIVERS\tib_mounter.sys [2012-11-03 1093256]

    S0 vididr;Acronis Virtual Disk;c:\windows\system32\DRIVERS\vididr.sys [2012-11-03 228488]

    S0 vidsflt;Acronis Disk Storage Filter;c:\windows\system32\DRIVERS\vidsflt.sys [2012-11-03 166024]

    S2 afcdpsrv;Acronis Nonstop Backup Service;c:\program files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe [2012-11-03 3717112]

    S2 AtherosSvc;AtherosSvc;c:\program files (x86)\Bluetooth Suite\adminservice.exe [2011-03-13 74912]

    S2 Intel® PROSet Monitoring Service;Intel® PROSet Monitoring Service;c:\windows\system32\IProsetMonitor.exe [2010-08-12 133800]

    S2 MBAMScheduler;MBAMScheduler;f:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-12-14 398184]

    S2 MBAMService;MBAMService;f:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-12-14 682344]

    S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-11-30 382824]

    S2 syncagentsrv;Acronis Sync Agent Service;c:\program files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe [2012-08-18 7026408]

    S3 afcdp;afcdp;c:\windows\system32\DRIVERS\afcdp.sys [2012-11-03 367200]

    S3 asmthub3;ASMedia USB3 Hub Service;c:\windows\system32\DRIVERS\asmthub3.sys [2011-02-24 126952]

    S3 asmtxhci;ASMEDIA XHCI Service;c:\windows\system32\DRIVERS\asmtxhci.sys [2011-02-24 389608]

    S3 AthBTPort;Atheros Virtual Bluetooth Class;c:\windows\system32\DRIVERS\btath_flt.sys [2011-03-13 36000]

    S3 BTATH_A2DP;Bluetooth A2DP Audio Driver;c:\windows\system32\drivers\btath_a2dp.sys [2011-03-13 298656]

    S3 BTATH_BUS;Atheros Bluetooth Bus;c:\windows\system32\DRIVERS\btath_bus.sys [2011-03-13 28832]

    S3 BTATH_HCRP;Bluetooth HCRP Server driver;c:\windows\system32\DRIVERS\btath_hcrp.sys [2011-03-13 201376]

    S3 BTATH_LWFLT;Bluetooth LWFLT Device;c:\windows\system32\DRIVERS\btath_lwflt.sys [2011-03-13 55456]

    S3 BTATH_RCP;Bluetooth AVRCP Device;c:\windows\system32\DRIVERS\btath_rcp.sys [2011-03-13 154272]

    S3 BtFilter;BtFilter;c:\windows\system32\DRIVERS\btfilter.sys [2011-03-13 280224]

    S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-12-14 24176]

    S3 RTL8192cu;%RTL8192cu.DeviceDesc.DispName%;c:\windows\system32\DRIVERS\RTL8192cu.sys [2011-04-07 848384]

    .

    .

    --- Autres Services/Pilotes en mémoire ---

    .

    *NewlyCreated* - ASWMBR

    *Deregistered* - aswMBR

    .

    Contenu du dossier 'Tâches planifiées'

    .

    2012-12-29 c:\windows\Tasks\Adobe Flash Player Updater.job

    - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-10-29 11:17]

    .

    2012-12-29 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-10-30 09:32]

    .

    2012-12-29 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-10-30 09:32]

    .

    .

    --------- X64 Entries -----------

    .

    .

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AcronisSyncError]

    @="{934BC6C0-FEC2-4df5-A100-961DE2C8A0ED}"

    [HKEY_CLASSES_ROOT\CLSID\{934BC6C0-FEC2-4df5-A100-961DE2C8A0ED}]

    2012-08-23 01:48 2739176 ----a-w- f:\program files (x86)\Acronis\TrueImageHome\tishell64.dll

    .

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AcronisSyncInProgress]

    @="{00F848DC-B1D4-4892-9C25-CAADC86A215D}"

    [HKEY_CLASSES_ROOT\CLSID\{00F848DC-B1D4-4892-9C25-CAADC86A215D}]

    2012-08-23 01:48 2739176 ----a-w- f:\program files (x86)\Acronis\TrueImageHome\tishell64.dll

    .

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AcronisSyncOk]

    @="{71573297-552E-46fc-BE3D-3DFAF88D47B7}"

    [HKEY_CLASSES_ROOT\CLSID\{71573297-552E-46fc-BE3D-3DFAF88D47B7}]

    2012-08-23 01:48 2739176 ----a-w- f:\program files (x86)\Acronis\TrueImageHome\tishell64.dll

    .

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

    "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-11-19 11613288]

    "AtherosBtStack"="c:\program files (x86)\Bluetooth Suite\BtvStack.exe" [2011-03-13 617120]

    "AthBtTray"="c:\program files (x86)\Bluetooth Suite\AthBtTray.exe" [2011-03-13 379552]

    "AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2012-12-15 478984]

    "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-09-12 1289704]

    "Acronis Scheduler2 Service"="c:\program files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe" [2012-08-23 403816]

    .

    ------- Examen supplémentaire -------

    .

    uLocal Page = c:\windows\system32\blank.htm

    mLocal Page = c:\windows\SysWOW64\blank.htm

    IE: Ajouter la cible du lien à un fichier PDF existant - c:\program files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

    IE: Ajouter à un fichier PDF existant - c:\program files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll/AcroIEAppend.html

    IE: Barre RoboForm - file://c:\program files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html

    IE: Convertir au format Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll/AcroIECapture.html

    IE: Convertir la cible du lien au format Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

    IE: E&xporter vers Microsoft Excel - f:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000

    IE: Enregistrer les formulaires - file://c:\program files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html

    IE: Personnaliser le menu - file://c:\program files (x86)\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html

    IE: Remplir les formulaires - file://c:\program files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html

    IE: {{781B39EC-2E18-41FC-9B00-B84E4FFCA85F} - f:\program files (x86)\ICQ7M\ICQ.exe

    TCP: DhcpNameServer = 192.168.1.1

    FF - ProfilePath - c:\users\Dominique\AppData\Roaming\Mozilla\Firefox\Profiles\5lkvvw3y.default-1352153870516\

    FF - ExtSQL: 2012-11-21 19:53; en-US@dictionaries.addons.mozilla.org; c:\users\Dominique\AppData\Roaming\Mozilla\Firefox\Profiles\5lkvvw3y.default-1352153870516\extensions\en-US@dictionaries.addons.mozilla.org

    FF - ExtSQL: 2012-12-28 15:53; {0b457cAA-602d-484a-8fe7-c1d894a011ba}; c:\users\Dominique\AppData\Roaming\Mozilla\Firefox\Profiles\5lkvvw3y.default-1352153870516\extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba}

    .

    - - - - ORPHELINS SUPPRIMES - - - -

    .

    URLSearchHooks-{f999a48b-1950-4d81-9971-79018f807b4b} - (no file)

    Wow6432Node-HKCU-Run-RESTART_STICKY_NOTES - c:\windows\System32\StikyNot.exe

    Wow6432Node-HKCU-Run-AdobeBridge - (no file)

    Wow6432Node-HKLM-Run-<NO NAME> - (no file)

    HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start

    WebBrowser-{F999A48B-1950-4D81-9971-79018F807B4B} - (no file)

    .

    .

    .

    --------------------- CLES DE REGISTRE BLOQUEES ---------------------

    .

    [HKEY_USERS\S-1-5-21-489810796-1196830077-2147401925-1000\Software\Microsoft\Notification de cadeaux MSN]

    @DACL=(02 0000)

    .

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

    @Denied: (A 2) (Everyone)

    @="FlashBroker"

    "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_135_ActiveX.exe,-101"

    .

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

    "Enabled"=dword:00000001

    .

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

    @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_135_ActiveX.exe"

    .

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

    .

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

    @Denied: (A 2) (Everyone)

    @="IFlashBroker5"

    .

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

    @="{00020424-0000-0000-C000-000000000046}"

    .

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

    "Version"="1.0"

    .

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

    @Denied: (A 2) (Everyone)

    @="FlashBroker"

    "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_135_ActiveX.exe,-101"

    .

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

    "Enabled"=dword:00000001

    .

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_135_ActiveX.exe"

    .

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

    .

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

    @Denied: (A 2) (Everyone)

    @="Shockwave Flash Object"

    .

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx"

    "ThreadingModel"="Apartment"

    .

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

    @="0"

    .

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

    @="ShockwaveFlash.ShockwaveFlash.11"

    .

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx, 1"

    .

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

    .

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

    @="1.0"

    .

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

    @="ShockwaveFlash.ShockwaveFlash"

    .

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

    @Denied: (A 2) (Everyone)

    @="Macromedia Flash Factory Object"

    .

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx"

    "ThreadingModel"="Apartment"

    .

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

    @="FlashFactory.FlashFactory.1"

    .

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx, 1"

    .

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

    .

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

    @="1.0"

    .

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

    @="FlashFactory.FlashFactory"

    .

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

    @Denied: (A 2) (Everyone)

    @="IFlashBroker5"

    .

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

    @="{00020424-0000-0000-C000-000000000046}"

    .

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

    "Version"="1.0"

    .

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

    @Denied: (Full) (Everyone)

    .

    Heure de fin: 2012-12-29 17:27:07

    ComboFix-quarantined-files.txt 2012-12-29 16:27

    .

    Avant-CF: 58 145 480 704 octets libres

    Après-CF: 58 161 364 992 octets libres

    .

    - - End Of File - - 3B6EEDED8FC1817B64342C1FF8148DE8

    ip address blocked by MalewareBytes Pro

    in Resolved Malware Removal Logs

    Posted

    Hi,

    Thanks for your feedback.

    Here is the log you need:

    aswMBR version 0.9.9.1707 Copyright© 2011 AVAST Software

    Run date: 2012-12-29 16:54:45

    -----------------------------

    16:54:45.236 OS Version: Windows x64 6.1.7601 Service Pack 1

    16:54:45.236 Number of processors: 8 586 0x2A07

    16:54:45.237 ComputerName: DOMINIQUE-PC UserName: Dominique

    16:54:45.465 Initialize success

    16:55:28.529 AVAST engine defs: 12122900

    16:55:39.707 Disk 0 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP3T0L0-3

    16:55:39.709 Disk 0 Vendor: Hitachi_HDT721010SLA360 ST6OA3AA Size: 953869MB BusType: 11

    16:55:39.712 Disk 1 \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP0T0L0-0

    16:55:39.715 Disk 1 Vendor: WDC_WD1002FAEX-00Z3A0 05.01D05 Size: 953869MB BusType: 11

    16:55:39.719 Disk 2 (boot) \Device\Harddisk2\DR2 -> \Device\Ide\IdeDeviceP1T0L0-1

    16:55:39.722 Disk 2 Vendor: OCZ-AGILITY3 2.13 Size: 114473MB BusType: 11

    16:55:39.726 Disk 2 MBR read successfully

    16:55:39.729 Disk 2 MBR scan

    16:55:39.734 Disk 2 Windows 7 default MBR code

    16:55:39.736 Disk 2 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048

    16:55:39.753 Disk 2 Partition 2 00 07 HPFS/NTFS NTFS 114371 MB offset 206848

    16:55:39.787 Disk 2 scanning C:\Windows\system32\drivers

    16:55:44.702 Service scanning

    16:55:56.055 Modules scanning

    16:55:56.066 Disk 2 trace - called modules:

    16:55:56.076 ntoskrnl.exe fltsrv.sys tdrpman.sys CLASSPNP.SYS disk.sys vidsflt.sys ACPI.sys ataport.SYS PCIIDEX.SYS hal.dll msahci.sys

    16:55:56.082 1 nt!IofCallDriver -> \Device\Harddisk2\DR2[0xfffffa80074cd060]

    16:55:56.085 3 CLASSPNP.SYS[fffff8800180143f] -> nt!IofCallDriver -> [0xfffffa80073cfe10]

    16:55:56.088 5 vidsflt.sys[fffff88000e695cd] -> nt!IofCallDriver -> [0xfffffa8006d661e0]

    16:55:56.091 7 ACPI.sys[fffff88000faf7a1] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP1T0L0-1[0xfffffa8006d83060]

    16:55:56.302 AVAST engine scan C:\Windows

    16:55:57.007 AVAST engine scan C:\Windows\system32

    16:57:22.550 AVAST engine scan C:\Windows\system32\drivers

    16:57:27.775 AVAST engine scan C:\Users\Dominique

    16:59:14.061 AVAST engine scan C:\ProgramData

    16:59:31.410 Scan finished successfully

    17:12:25.688 Disk 2 MBR has been saved successfully to "C:\Users\Dominique\Desktop\MBR.dat"

    17:12:25.722 The log file has been saved successfully to "C:\Users\Dominique\Desktop\aswMBR.txt"

    I also attached the zip required

    MBR.zip

Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.