CappuHB

[CappuHB 0]

got the same Problem here

2012/04/02 20:03:01 +0200 A530 User MESSAGE Starting protection

2012/04/02 20:03:01 +0200 A530 User MESSAGE Executing scheduled update: Daily

2012/04/02 20:03:02 +0200 A530 User MESSAGE Database already up-to-date

2012/04/02 20:03:03 +0200 A530 User MESSAGE Protection started successfully

2012/04/02 20:03:06 +0200 A530 User MESSAGE Starting IP protection

2012/04/02 20:03:08 +0200 A530 User MESSAGE IP Protection started successfully

2012/04/02 20:07:34 +0200 A530 User MESSAGE Stopping IP protection

2012/04/02 20:08:54 +0200 A530 User MESSAGE IP Protection stopped

2012/04/02 20:08:54 +0200 A530 User MESSAGE Starting IP protection

2012/04/02 20:08:57 +0200 A530 User MESSAGE IP Protection started successfully

2012/04/02 20:19:22 +0200 A530 User IP-BLOCK 208.73.210.29 (Type: outgoing, Port: 50767, Process: firefox.exe)

2012/04/02 20:25:49 +0200 A530 User IP-BLOCK 208.73.210.29 (Type: outgoing, Port: 52432, Process: firefox.exe)

2012/04/02 20:28:38 +0200 A530 User IP-BLOCK 208.73.210.29 (Type: outgoing, Port: 53927, Process: firefox.exe)

trying to find the cause for my SMART HDD infection, my wife uses an USB-Stick with Firefow-Portable, this i scanned on a noninfected, protected pc with MBAM, no joy.

then i startet to open the sites she used prior to the infection, and BAM, the IP-Block pops up

attached you find the files from DDS

.

DDS (Ver_2011-08-26.01) - NTFSAMD64

Internet Explorer: 9.0.8112.16421

Run by User at 20:42:24 on 2012-04-02

Microsoft Windows 7 Professional 6.1.7601.1.1252.49.1031.18.1909.276 [GMT 2:00]

.

AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}

SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k RPCSS

c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe

C:\Windows\system32\svchost.exe -k bthsvcs

C:\Windows\system32\taskhost.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Windows\System32\igfxtray.exe

C:\Windows\System32\hkcmd.exe

C:\Windows\System32\igfxpers.exe

C:\Program Files\Microsoft Security Client\msseces.exe

C:\Windows\system32\SearchIndexer.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe

C:\Windows\system32\sppsvc.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe

C:\Windows\system32\WUDFHost.exe

E:\PortableApps\PortableAppsMenu\PortableAppsMenu.exe

E:\PortableApps\FirefoxPortable\FirefoxPortable.exe

E:\PortableApps\FirefoxPortable\App\firefox\firefox.exe

E:\PortableApps\FirefoxPortable\App\firefox\plugin-container.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\system32\igfxsrvc.exe

C:\Windows\system32\DllHost.exe

C:\Windows\system32\DllHost.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\conhost.exe

C:\Windows\SysWOW64\cscript.exe

C:\Windows\system32\wbem\wmiprvse.exe

.

============== Pseudo HJT Report ===============

.

mWinlogon: Userinit=userinit.exe

mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

mRunOnce: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent

mPolicies-explorer: NoActiveDesktop = 1 (0x1)

mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)

mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

TCP: DhcpNameServer = 192.168.178.1

TCP: Interfaces\{984263D2-2DAF-4962-842B-45A21126363D} : DhcpNameServer = 192.168.178.1

mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

mRunOnce-x64: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent

.

================= FIREFOX ===================

.

FF - ProfilePath - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\lgjbd4w2.default\

FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrlui.dll

FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll

.

============= SERVICES / DRIVERS ===============

.

R1 MpFilter;Microsoft Malware Protection Driver;C:\Windows\system32\DRIVERS\MpFilter.sys --> C:\Windows\system32\DRIVERS\MpFilter.sys [?]

R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-4-2 652360]

R3 FUJ02E3;Fujitsu FUJ02E3 Device Driver;C:\Windows\system32\DRIVERS\FUJ02E3.sys --> C:\Windows\system32\DRIVERS\FUJ02E3.sys [?]

R3 HECIx64;Intel® Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?]

R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]

R3 MpNWMon;Microsoft Malware Protection Network Driver;C:\Windows\system32\DRIVERS\MpNWMon.sys --> C:\Windows\system32\DRIVERS\MpNWMon.sys [?]

R3 NisDrv;Microsoft Network Inspection System;C:\Windows\system32\DRIVERS\NisDrvWFP.sys --> C:\Windows\system32\DRIVERS\NisDrvWFP.sys [?]

R3 NisSrv;Microsoft-Netzwerkinspektion;C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-4-27 288272]

R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]

S3 dmvsc;dmvsc;C:\Windows\system32\drivers\dmvsc.sys --> C:\Windows\system32\drivers\dmvsc.sys [?]

S3 StorSvc;Speicherdienst;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-14 20992]

S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]

S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\system32\drivers\TsUsbGD.sys --> C:\Windows\system32\drivers\TsUsbGD.sys [?]

.

=============== Created Last 30 ================

.

2012-04-02 18:14:38 8669240 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{C8DB4AF9-1D31-413A-914D-FA2A74DCF9A2}\mpengine.dll

2012-04-02 18:02:38 -------- d-----w- C:\Users\User\AppData\Roaming\Malwarebytes

2012-04-02 18:02:33 -------- d-----w- C:\ProgramData\Malwarebytes

2012-04-02 18:02:32 23152 ----a-w- C:\Windows\System32\drivers\mbam.sys

2012-04-02 18:02:31 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware

2012-04-01 14:45:05 -------- d-----w- C:\Users\User\AppData\Local\ElevatedDiagnostics

2012-03-31 18:27:02 -------- d-----w- C:\Program Files (x86)\VideoLAN

2012-03-30 15:37:41 8669240 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll

2012-03-30 15:29:07 -------- d-----w- C:\Program Files (x86)\Pulse-Eight

2012-03-30 15:11:39 -------- d-----w- C:\Users\User\AppData\Roaming\XBMC

2012-03-30 15:08:44 2106216 ----a-w- C:\Windows\SysWow64\D3DCompiler_43.dll

2012-03-30 15:08:44 1998168 ----a-w- C:\Windows\SysWow64\D3DX9_43.dll

2012-03-30 15:02:17 -------- d-----w- C:\Program Files (x86)\XBMC

2012-03-27 16:53:12 414368 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

2012-03-27 16:50:38 927800 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{5233E1E6-DA6E-450B-A0A5-4F4A07641642}\gapaengine.dll

2012-03-27 16:48:51 -------- d-----w- C:\Program Files (x86)\Microsoft Security Client

2012-03-27 16:48:37 -------- d-sh--w- C:\Windows\Installer

2012-03-27 16:48:37 -------- d-----w- C:\Program Files\Microsoft Security Client

2012-03-24 21:12:58 -------- d-----w- C:\Windows\SysWow64\wbem\en-US

2012-03-24 21:12:57 -------- d-----w- C:\Windows\System32\wbem\en-US

2012-03-24 21:06:17 1139200 ----a-w- C:\Windows\System32\FntCache.dll

2012-03-24 21:06:16 902656 ----a-w- C:\Windows\System32\d2d1.dll

2012-03-24 21:06:16 739840 ----a-w- C:\Windows\SysWow64\d2d1.dll

2012-03-24 15:57:12 5559152 ----a-w- C:\Windows\System32\ntoskrnl.exe

2012-03-24 15:57:12 3968368 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe

2012-03-24 15:57:11 3913584 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe

2012-03-24 15:55:04 8199504 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll

2012-03-24 15:55:00 8669240 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{03B95CE9-0DAD-4A8B-BBBE-98A737C52720}\mpengine.dll

2012-03-24 15:47:59 1395712 ----a-w- C:\Windows\System32\mfc42.dll

2012-03-24 15:42:42 77312 ----a-w- C:\Windows\System32\packager.dll

2012-03-24 15:42:42 67072 ----a-w- C:\Windows\SysWow64\packager.dll

2012-03-24 15:34:13 -------- d-----w- C:\Intel

2012-03-24 15:32:59 9216 ----a-w- C:\Windows\System32\rdrmemptylst.exe

2012-03-24 15:32:59 77312 ----a-w- C:\Windows\System32\rdpwsx.dll

2012-03-24 15:32:59 149504 ----a-w- C:\Windows\System32\rdpcorekmts.dll

2012-03-24 15:32:58 826880 ----a-w- C:\Windows\SysWow64\rdpcore.dll

2012-03-24 15:32:58 23552 ----a-w- C:\Windows\System32\drivers\tdtcp.sys

2012-03-24 15:32:58 210944 ----a-w- C:\Windows\System32\drivers\rdpwd.sys

2012-03-24 15:32:58 1031680 ----a-w- C:\Windows\System32\rdpcore.dll

2012-03-24 15:30:52 -------- d-sh--we C:\Programme

2012-03-24 15:30:52 -------- d-sh--we C:\ProgramData\Vorlagen

2012-03-24 15:30:52 -------- d-sh--we C:\ProgramData\Startmenü

2012-03-24 15:30:52 -------- d-sh--we C:\ProgramData\Favoriten

2012-03-24 15:30:52 -------- d-sh--we C:\ProgramData\Dokumente

2012-03-24 15:30:52 -------- d-sh--we C:\ProgramData\Anwendungsdaten

2012-03-24 15:30:52 -------- d-sh--we C:\Program Files\Gemeinsame Dateien

2012-03-24 15:30:52 -------- d-sh--we C:\Dokumente und Einstellungen

2012-03-24 15:30:52 -------- d-sh--w- C:\Recovery

2012-03-24 15:22:41 -------- d-----w- C:\Windows\Panther

.

==================== Find3M ====================

.

2012-03-27 16:56:20 7808 ----a-w- C:\Windows\System32\drivers\fuj02b1.sys

2012-03-27 16:56:12 7296 ----a-w- C:\Windows\System32\drivers\fuj02e3.sys

2012-03-27 16:56:04 74272 ----a-w- C:\Windows\System32\RtNicProp64.dll

2012-03-27 16:56:04 346144 ----a-w- C:\Windows\System32\drivers\Rt64win7.sys

2012-03-27 16:56:04 107552 ----a-w- C:\Windows\System32\RTNUninst64.dll

2012-02-10 06:36:07 1544192 ----a-w- C:\Windows\System32\DWrite.dll

2012-02-10 05:38:43 1077248 ----a-w- C:\Windows\SysWow64\DWrite.dll

2012-02-03 04:34:34 3145728 ----a-w- C:\Windows\System32\win32k.sys

2012-01-31 12:44:20 279656 ------w- C:\Windows\System32\MpSigStub.exe

2012-01-10 21:43:30 167704 ----a-w- C:\Windows\System32\igfxtray.exe

2012-01-10 21:43:28 510232 ----a-w- C:\Windows\System32\igfxsrvc.exe

2012-01-10 21:43:26 417560 ----a-w- C:\Windows\System32\igfxpers.exe

2012-01-10 21:43:20 239896 ----a-w- C:\Windows\System32\igfxext.exe

2012-01-10 21:43:08 4379416 ----a-w- C:\Windows\System32\GfxUI.exe

2012-01-10 21:43:08 392984 ----a-w- C:\Windows\System32\hkcmd.exe

2012-01-10 21:43:06 184600 ----a-w- C:\Windows\System32\difx64.exe

2012-01-10 21:37:38 90112 ----a-w- C:\Windows\System32\igfxCoIn_v2622.dll

2012-01-10 21:28:32 8313856 ----a-w- C:\Windows\System32\igdumd64.dll

2012-01-10 21:28:18 12311904 ----a-w- C:\Windows\System32\drivers\igdkmd64.sys

2012-01-10 21:27:26 867020 ----a-w- C:\Windows\SysWow64\igkrng575.bin

2012-01-10 21:27:26 867020 ----a-w- C:\Windows\System32\igkrng575.bin

2012-01-10 21:27:26 128204 ----a-w- C:\Windows\SysWow64\igcompkrng575.bin

2012-01-10 21:27:26 128204 ----a-w- C:\Windows\System32\igcompkrng575.bin

2012-01-10 21:27:26 105608 ----a-w- C:\Windows\SysWow64\igfcg575m.bin

2012-01-10 21:27:26 105608 ----a-w- C:\Windows\System32\igfcg575m.bin

2012-01-10 21:18:36 6323712 ----a-w- C:\Windows\SysWow64\igdumd32.dll

2012-01-10 21:12:26 581120 ----a-w- C:\Windows\SysWow64\igdumdx32.dll

2012-01-10 21:06:22 9528832 ----a-w- C:\Windows\System32\igd10umd64.dll

2012-01-10 20:55:08 7988224 ----a-w- C:\Windows\SysWow64\igd10umd32.dll

2012-01-10 20:42:26 18653696 ----a-w- C:\Windows\System32\ig4icd64.dll

2012-01-10 20:29:54 13904384 ----a-w- C:\Windows\SysWow64\ig4icd32.dll

2012-01-10 20:19:58 378368 ----a-w- C:\Windows\System32\igfxTMM.dll

2012-01-10 20:19:52 28672 ----a-w- C:\Windows\System32\igfxexps.dll

2012-01-10 20:19:42 62464 ----a-w- C:\Windows\System32\igfxsrvc.dll

2012-01-10 20:19:14 110080 ----a-w- C:\Windows\System32\hccutils.dll

2012-01-10 20:19:06 4096 ----a-w- C:\Windows\System32\IGFXDEVLib.dll

2012-01-10 20:19:06 390656 ----a-w- C:\Windows\System32\igfxdev.dll

2012-01-10 20:19:06 146432 ----a-w- C:\Windows\System32\gfxSrvc.dll

2012-01-10 20:18:36 285696 ----a-w- C:\Windows\System32\igfxrenu.lrc

2012-01-10 20:18:32 9014784 ----a-w- C:\Windows\System32\igfxress.dll

2012-01-10 20:18:32 142336 ----a-w- C:\Windows\System32\igfxdo.dll

2012-01-10 20:15:16 24576 ----a-w- C:\Windows\SysWow64\igfxexps32.dll

2012-01-10 20:14:34 294400 ----a-w- C:\Windows\SysWow64\igfxdv32.dll

2012-01-10 20:12:12 98304 ----a-w- C:\Windows\SysWow64\iglhcp32.dll

2012-01-10 20:12:12 98304 ----a-w- C:\Windows\System32\iglhcp64.dll

2012-01-10 20:12:12 94208 ----a-w- C:\Windows\System32\IccLibDll_x64.dll

2012-01-10 20:12:12 376832 ----a-w- C:\Windows\SysWow64\iglhsip32.dll

2012-01-10 20:12:12 376832 ----a-w- C:\Windows\System32\iglhsip64.dll

2012-01-10 20:12:12 2177536 ----a-w- C:\Windows\System32\igfxcmjit64.dll

2012-01-10 20:12:12 171520 ----a-w- C:\Windows\SysWow64\igfxcmrt32.dll

2012-01-10 20:12:12 1663488 ----a-w- C:\Windows\SysWow64\igfxcmjit32.dll

2012-01-10 20:12:12 148480 ----a-w- C:\Windows\System32\igfxcmrt64.dll

2012-01-04 10:44:20 509952 ----a-w- C:\Windows\System32\ntshrui.dll

2012-01-04 08:58:41 442880 ----a-w- C:\Windows\SysWow64\ntshrui.dll

.

============= FINISH: 20:42:52,04 ===============

Attach.txt

[screen317 0]

Hi and welcome to Malwarebytes.

Please update MBAM, run a Quick Scan, and post its log.

Next, download DDS by sUBs and save it to your Desktop.

Double-click on the DDS icon and let the scan run. When it has run two logs will be produced, please post only DDS.txt directly into your reply.

[Maurice Naggar 75]

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!