Jump to content

CappuHB

Members
  • Posts

    1
  • Joined

  • Last visited

Reputation

0 Neutral
  1. got the same Problem here 2012/04/02 20:03:01 +0200 A530 User MESSAGE Starting protection 2012/04/02 20:03:01 +0200 A530 User MESSAGE Executing scheduled update: Daily 2012/04/02 20:03:02 +0200 A530 User MESSAGE Database already up-to-date 2012/04/02 20:03:03 +0200 A530 User MESSAGE Protection started successfully 2012/04/02 20:03:06 +0200 A530 User MESSAGE Starting IP protection 2012/04/02 20:03:08 +0200 A530 User MESSAGE IP Protection started successfully 2012/04/02 20:07:34 +0200 A530 User MESSAGE Stopping IP protection 2012/04/02 20:08:54 +0200 A530 User MESSAGE IP Protection stopped 2012/04/02 20:08:54 +0200 A530 User MESSAGE Starting IP protection 2012/04/02 20:08:57 +0200 A530 User MESSAGE IP Protection started successfully 2012/04/02 20:19:22 +0200 A530 User IP-BLOCK 208.73.210.29 (Type: outgoing, Port: 50767, Process: firefox.exe) 2012/04/02 20:25:49 +0200 A530 User IP-BLOCK 208.73.210.29 (Type: outgoing, Port: 52432, Process: firefox.exe) 2012/04/02 20:28:38 +0200 A530 User IP-BLOCK 208.73.210.29 (Type: outgoing, Port: 53927, Process: firefox.exe) trying to find the cause for my SMART HDD infection, my wife uses an USB-Stick with Firefow-Portable, this i scanned on a noninfected, protected pc with MBAM, no joy. then i startet to open the sites she used prior to the infection, and BAM, the IP-Block pops up attached you find the files from DDS . DDS (Ver_2011-08-26.01) - NTFSAMD64 Internet Explorer: 9.0.8112.16421 Run by User at 20:42:24 on 2012-04-02 Microsoft Windows 7 Professional 6.1.7601.1.1252.49.1031.18.1909.276 [GMT 2:00] . AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160} SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . ============== Running Processes =============== . C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k RPCSS c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe C:\Windows\system32\svchost.exe -k bthsvcs C:\Windows\system32\taskhost.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Windows\System32\igfxtray.exe C:\Windows\System32\hkcmd.exe C:\Windows\System32\igfxpers.exe C:\Program Files\Microsoft Security Client\msseces.exe C:\Windows\system32\SearchIndexer.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe C:\Windows\system32\sppsvc.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe C:\Windows\system32\WUDFHost.exe E:\PortableApps\PortableAppsMenu\PortableAppsMenu.exe E:\PortableApps\FirefoxPortable\FirefoxPortable.exe E:\PortableApps\FirefoxPortable\App\firefox\firefox.exe E:\PortableApps\FirefoxPortable\App\firefox\plugin-container.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\system32\igfxsrvc.exe C:\Windows\system32\DllHost.exe C:\Windows\system32\DllHost.exe C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\conhost.exe C:\Windows\SysWOW64\cscript.exe C:\Windows\system32\wbem\wmiprvse.exe . ============== Pseudo HJT Report =============== . mWinlogon: Userinit=userinit.exe mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray mRunOnce: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent mPolicies-explorer: NoActiveDesktop = 1 (0x1) mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1) mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5) mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3) mPolicies-system: EnableUIADesktopToggle = 0 (0x0) TCP: DhcpNameServer = 192.168.178.1 TCP: Interfaces\{984263D2-2DAF-4962-842B-45A21126363D} : DhcpNameServer = 192.168.178.1 mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray mRunOnce-x64: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent . ================= FIREFOX =================== . FF - ProfilePath - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\lgjbd4w2.default\ FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrlui.dll FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll . ============= SERVICES / DRIVERS =============== . R1 MpFilter;Microsoft Malware Protection Driver;C:\Windows\system32\DRIVERS\MpFilter.sys --> C:\Windows\system32\DRIVERS\MpFilter.sys [?] R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?] R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576] R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-4-2 652360] R3 FUJ02E3;Fujitsu FUJ02E3 Device Driver;C:\Windows\system32\DRIVERS\FUJ02E3.sys --> C:\Windows\system32\DRIVERS\FUJ02E3.sys [?] R3 HECIx64;Intel® Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?] R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?] R3 MpNWMon;Microsoft Malware Protection Network Driver;C:\Windows\system32\DRIVERS\MpNWMon.sys --> C:\Windows\system32\DRIVERS\MpNWMon.sys [?] R3 NisDrv;Microsoft Network Inspection System;C:\Windows\system32\DRIVERS\NisDrvWFP.sys --> C:\Windows\system32\DRIVERS\NisDrvWFP.sys [?] R3 NisSrv;Microsoft-Netzwerkinspektion;C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-4-27 288272] R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?] S3 dmvsc;dmvsc;C:\Windows\system32\drivers\dmvsc.sys --> C:\Windows\system32\drivers\dmvsc.sys [?] S3 StorSvc;Speicherdienst;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-14 20992] S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?] S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\system32\drivers\TsUsbGD.sys --> C:\Windows\system32\drivers\TsUsbGD.sys [?] . =============== Created Last 30 ================ . 2012-04-02 18:14:38 8669240 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{C8DB4AF9-1D31-413A-914D-FA2A74DCF9A2}\mpengine.dll 2012-04-02 18:02:38 -------- d-----w- C:\Users\User\AppData\Roaming\Malwarebytes 2012-04-02 18:02:33 -------- d-----w- C:\ProgramData\Malwarebytes 2012-04-02 18:02:32 23152 ----a-w- C:\Windows\System32\drivers\mbam.sys 2012-04-02 18:02:31 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware 2012-04-01 14:45:05 -------- d-----w- C:\Users\User\AppData\Local\ElevatedDiagnostics 2012-03-31 18:27:02 -------- d-----w- C:\Program Files (x86)\VideoLAN 2012-03-30 15:37:41 8669240 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll 2012-03-30 15:29:07 -------- d-----w- C:\Program Files (x86)\Pulse-Eight 2012-03-30 15:11:39 -------- d-----w- C:\Users\User\AppData\Roaming\XBMC 2012-03-30 15:08:44 2106216 ----a-w- C:\Windows\SysWow64\D3DCompiler_43.dll 2012-03-30 15:08:44 1998168 ----a-w- C:\Windows\SysWow64\D3DX9_43.dll 2012-03-30 15:02:17 -------- d-----w- C:\Program Files (x86)\XBMC 2012-03-27 16:53:12 414368 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl 2012-03-27 16:50:38 927800 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{5233E1E6-DA6E-450B-A0A5-4F4A07641642}\gapaengine.dll 2012-03-27 16:48:51 -------- d-----w- C:\Program Files (x86)\Microsoft Security Client 2012-03-27 16:48:37 -------- d-sh--w- C:\Windows\Installer 2012-03-27 16:48:37 -------- d-----w- C:\Program Files\Microsoft Security Client 2012-03-24 21:12:58 -------- d-----w- C:\Windows\SysWow64\wbem\en-US 2012-03-24 21:12:57 -------- d-----w- C:\Windows\System32\wbem\en-US 2012-03-24 21:06:17 1139200 ----a-w- C:\Windows\System32\FntCache.dll 2012-03-24 21:06:16 902656 ----a-w- C:\Windows\System32\d2d1.dll 2012-03-24 21:06:16 739840 ----a-w- C:\Windows\SysWow64\d2d1.dll 2012-03-24 15:57:12 5559152 ----a-w- C:\Windows\System32\ntoskrnl.exe 2012-03-24 15:57:12 3968368 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe 2012-03-24 15:57:11 3913584 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe 2012-03-24 15:55:04 8199504 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll 2012-03-24 15:55:00 8669240 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{03B95CE9-0DAD-4A8B-BBBE-98A737C52720}\mpengine.dll 2012-03-24 15:47:59 1395712 ----a-w- C:\Windows\System32\mfc42.dll 2012-03-24 15:42:42 77312 ----a-w- C:\Windows\System32\packager.dll 2012-03-24 15:42:42 67072 ----a-w- C:\Windows\SysWow64\packager.dll 2012-03-24 15:34:13 -------- d-----w- C:\Intel 2012-03-24 15:32:59 9216 ----a-w- C:\Windows\System32\rdrmemptylst.exe 2012-03-24 15:32:59 77312 ----a-w- C:\Windows\System32\rdpwsx.dll 2012-03-24 15:32:59 149504 ----a-w- C:\Windows\System32\rdpcorekmts.dll 2012-03-24 15:32:58 826880 ----a-w- C:\Windows\SysWow64\rdpcore.dll 2012-03-24 15:32:58 23552 ----a-w- C:\Windows\System32\drivers\tdtcp.sys 2012-03-24 15:32:58 210944 ----a-w- C:\Windows\System32\drivers\rdpwd.sys 2012-03-24 15:32:58 1031680 ----a-w- C:\Windows\System32\rdpcore.dll 2012-03-24 15:30:52 -------- d-sh--we C:\Programme 2012-03-24 15:30:52 -------- d-sh--we C:\ProgramData\Vorlagen 2012-03-24 15:30:52 -------- d-sh--we C:\ProgramData\Startmenü 2012-03-24 15:30:52 -------- d-sh--we C:\ProgramData\Favoriten 2012-03-24 15:30:52 -------- d-sh--we C:\ProgramData\Dokumente 2012-03-24 15:30:52 -------- d-sh--we C:\ProgramData\Anwendungsdaten 2012-03-24 15:30:52 -------- d-sh--we C:\Program Files\Gemeinsame Dateien 2012-03-24 15:30:52 -------- d-sh--we C:\Dokumente und Einstellungen 2012-03-24 15:30:52 -------- d-sh--w- C:\Recovery 2012-03-24 15:22:41 -------- d-----w- C:\Windows\Panther . ==================== Find3M ==================== . 2012-03-27 16:56:20 7808 ----a-w- C:\Windows\System32\drivers\fuj02b1.sys 2012-03-27 16:56:12 7296 ----a-w- C:\Windows\System32\drivers\fuj02e3.sys 2012-03-27 16:56:04 74272 ----a-w- C:\Windows\System32\RtNicProp64.dll 2012-03-27 16:56:04 346144 ----a-w- C:\Windows\System32\drivers\Rt64win7.sys 2012-03-27 16:56:04 107552 ----a-w- C:\Windows\System32\RTNUninst64.dll 2012-02-10 06:36:07 1544192 ----a-w- C:\Windows\System32\DWrite.dll 2012-02-10 05:38:43 1077248 ----a-w- C:\Windows\SysWow64\DWrite.dll 2012-02-03 04:34:34 3145728 ----a-w- C:\Windows\System32\win32k.sys 2012-01-31 12:44:20 279656 ------w- C:\Windows\System32\MpSigStub.exe 2012-01-10 21:43:30 167704 ----a-w- C:\Windows\System32\igfxtray.exe 2012-01-10 21:43:28 510232 ----a-w- C:\Windows\System32\igfxsrvc.exe 2012-01-10 21:43:26 417560 ----a-w- C:\Windows\System32\igfxpers.exe 2012-01-10 21:43:20 239896 ----a-w- C:\Windows\System32\igfxext.exe 2012-01-10 21:43:08 4379416 ----a-w- C:\Windows\System32\GfxUI.exe 2012-01-10 21:43:08 392984 ----a-w- C:\Windows\System32\hkcmd.exe 2012-01-10 21:43:06 184600 ----a-w- C:\Windows\System32\difx64.exe 2012-01-10 21:37:38 90112 ----a-w- C:\Windows\System32\igfxCoIn_v2622.dll 2012-01-10 21:28:32 8313856 ----a-w- C:\Windows\System32\igdumd64.dll 2012-01-10 21:28:18 12311904 ----a-w- C:\Windows\System32\drivers\igdkmd64.sys 2012-01-10 21:27:26 867020 ----a-w- C:\Windows\SysWow64\igkrng575.bin 2012-01-10 21:27:26 867020 ----a-w- C:\Windows\System32\igkrng575.bin 2012-01-10 21:27:26 128204 ----a-w- C:\Windows\SysWow64\igcompkrng575.bin 2012-01-10 21:27:26 128204 ----a-w- C:\Windows\System32\igcompkrng575.bin 2012-01-10 21:27:26 105608 ----a-w- C:\Windows\SysWow64\igfcg575m.bin 2012-01-10 21:27:26 105608 ----a-w- C:\Windows\System32\igfcg575m.bin 2012-01-10 21:18:36 6323712 ----a-w- C:\Windows\SysWow64\igdumd32.dll 2012-01-10 21:12:26 581120 ----a-w- C:\Windows\SysWow64\igdumdx32.dll 2012-01-10 21:06:22 9528832 ----a-w- C:\Windows\System32\igd10umd64.dll 2012-01-10 20:55:08 7988224 ----a-w- C:\Windows\SysWow64\igd10umd32.dll 2012-01-10 20:42:26 18653696 ----a-w- C:\Windows\System32\ig4icd64.dll 2012-01-10 20:29:54 13904384 ----a-w- C:\Windows\SysWow64\ig4icd32.dll 2012-01-10 20:19:58 378368 ----a-w- C:\Windows\System32\igfxTMM.dll 2012-01-10 20:19:52 28672 ----a-w- C:\Windows\System32\igfxexps.dll 2012-01-10 20:19:42 62464 ----a-w- C:\Windows\System32\igfxsrvc.dll 2012-01-10 20:19:14 110080 ----a-w- C:\Windows\System32\hccutils.dll 2012-01-10 20:19:06 4096 ----a-w- C:\Windows\System32\IGFXDEVLib.dll 2012-01-10 20:19:06 390656 ----a-w- C:\Windows\System32\igfxdev.dll 2012-01-10 20:19:06 146432 ----a-w- C:\Windows\System32\gfxSrvc.dll 2012-01-10 20:18:36 285696 ----a-w- C:\Windows\System32\igfxrenu.lrc 2012-01-10 20:18:32 9014784 ----a-w- C:\Windows\System32\igfxress.dll 2012-01-10 20:18:32 142336 ----a-w- C:\Windows\System32\igfxdo.dll 2012-01-10 20:15:16 24576 ----a-w- C:\Windows\SysWow64\igfxexps32.dll 2012-01-10 20:14:34 294400 ----a-w- C:\Windows\SysWow64\igfxdv32.dll 2012-01-10 20:12:12 98304 ----a-w- C:\Windows\SysWow64\iglhcp32.dll 2012-01-10 20:12:12 98304 ----a-w- C:\Windows\System32\iglhcp64.dll 2012-01-10 20:12:12 94208 ----a-w- C:\Windows\System32\IccLibDll_x64.dll 2012-01-10 20:12:12 376832 ----a-w- C:\Windows\SysWow64\iglhsip32.dll 2012-01-10 20:12:12 376832 ----a-w- C:\Windows\System32\iglhsip64.dll 2012-01-10 20:12:12 2177536 ----a-w- C:\Windows\System32\igfxcmjit64.dll 2012-01-10 20:12:12 171520 ----a-w- C:\Windows\SysWow64\igfxcmrt32.dll 2012-01-10 20:12:12 1663488 ----a-w- C:\Windows\SysWow64\igfxcmjit32.dll 2012-01-10 20:12:12 148480 ----a-w- C:\Windows\System32\igfxcmrt64.dll 2012-01-04 10:44:20 509952 ----a-w- C:\Windows\System32\ntshrui.dll 2012-01-04 08:58:41 442880 ----a-w- C:\Windows\SysWow64\ntshrui.dll . ============= FINISH: 20:42:52,04 =============== Attach.txt
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.