Jump to content

CappuHB

CappuHB
 Share

Recommended Posts

CappuHB

CappuHB

Posted
Posted

got the same Problem here

2012/04/02 20:03:01 +0200 A530 User MESSAGE Starting protection

2012/04/02 20:03:01 +0200 A530 User MESSAGE Executing scheduled update: Daily

2012/04/02 20:03:02 +0200 A530 User MESSAGE Database already up-to-date

2012/04/02 20:03:03 +0200 A530 User MESSAGE Protection started successfully

2012/04/02 20:03:06 +0200 A530 User MESSAGE Starting IP protection

2012/04/02 20:03:08 +0200 A530 User MESSAGE IP Protection started successfully

2012/04/02 20:07:34 +0200 A530 User MESSAGE Stopping IP protection

2012/04/02 20:08:54 +0200 A530 User MESSAGE IP Protection stopped

2012/04/02 20:08:54 +0200 A530 User MESSAGE Starting IP protection

2012/04/02 20:08:57 +0200 A530 User MESSAGE IP Protection started successfully

2012/04/02 20:19:22 +0200 A530 User IP-BLOCK 208.73.210.29 (Type: outgoing, Port: 50767, Process: firefox.exe)

2012/04/02 20:25:49 +0200 A530 User IP-BLOCK 208.73.210.29 (Type: outgoing, Port: 52432, Process: firefox.exe)

2012/04/02 20:28:38 +0200 A530 User IP-BLOCK 208.73.210.29 (Type: outgoing, Port: 53927, Process: firefox.exe)

trying to find the cause for my SMART HDD infection, my wife uses an USB-Stick with Firefow-Portable, this i scanned on a noninfected, protected pc with MBAM, no joy.

then i startet to open the sites she used prior to the infection, and BAM, the IP-Block pops up

attached you find the files from DDS

.

DDS (Ver_2011-08-26.01) - NTFSAMD64

Internet Explorer: 9.0.8112.16421

Run by User at 20:42:24 on 2012-04-02

Microsoft Windows 7 Professional 6.1.7601.1.1252.49.1031.18.1909.276 [GMT 2:00]

.

AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}

SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k RPCSS

c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe

C:\Windows\system32\svchost.exe -k bthsvcs

C:\Windows\system32\taskhost.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Windows\System32\igfxtray.exe

C:\Windows\System32\hkcmd.exe

C:\Windows\System32\igfxpers.exe

C:\Program Files\Microsoft Security Client\msseces.exe

C:\Windows\system32\SearchIndexer.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe

C:\Windows\system32\sppsvc.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe

C:\Windows\system32\WUDFHost.exe

E:\PortableApps\PortableAppsMenu\PortableAppsMenu.exe

E:\PortableApps\FirefoxPortable\FirefoxPortable.exe

E:\PortableApps\FirefoxPortable\App\firefox\firefox.exe

E:\PortableApps\FirefoxPortable\App\firefox\plugin-container.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\system32\igfxsrvc.exe

C:\Windows\system32\DllHost.exe

C:\Windows\system32\DllHost.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\conhost.exe

C:\Windows\SysWOW64\cscript.exe

C:\Windows\system32\wbem\wmiprvse.exe

.

============== Pseudo HJT Report ===============

.

mWinlogon: Userinit=userinit.exe

mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

mRunOnce: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent

mPolicies-explorer: NoActiveDesktop = 1 (0x1)

mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)

mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

TCP: DhcpNameServer = 192.168.178.1

TCP: Interfaces\{984263D2-2DAF-4962-842B-45A21126363D} : DhcpNameServer = 192.168.178.1

mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

mRunOnce-x64: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent

.

================= FIREFOX ===================

.

FF - ProfilePath - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\lgjbd4w2.default\

FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrlui.dll

FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll

.

============= SERVICES / DRIVERS ===============

.

R1 MpFilter;Microsoft Malware Protection Driver;C:\Windows\system32\DRIVERS\MpFilter.sys --> C:\Windows\system32\DRIVERS\MpFilter.sys [?]

R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-4-2 652360]

R3 FUJ02E3;Fujitsu FUJ02E3 Device Driver;C:\Windows\system32\DRIVERS\FUJ02E3.sys --> C:\Windows\system32\DRIVERS\FUJ02E3.sys [?]

R3 HECIx64;Intel® Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?]

R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]

R3 MpNWMon;Microsoft Malware Protection Network Driver;C:\Windows\system32\DRIVERS\MpNWMon.sys --> C:\Windows\system32\DRIVERS\MpNWMon.sys [?]

R3 NisDrv;Microsoft Network Inspection System;C:\Windows\system32\DRIVERS\NisDrvWFP.sys --> C:\Windows\system32\DRIVERS\NisDrvWFP.sys [?]

R3 NisSrv;Microsoft-Netzwerkinspektion;C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-4-27 288272]

R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]

S3 dmvsc;dmvsc;C:\Windows\system32\drivers\dmvsc.sys --> C:\Windows\system32\drivers\dmvsc.sys [?]

S3 StorSvc;Speicherdienst;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-14 20992]

S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]

S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\system32\drivers\TsUsbGD.sys --> C:\Windows\system32\drivers\TsUsbGD.sys [?]

.

=============== Created Last 30 ================

.

2012-04-02 18:14:38 8669240 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{C8DB4AF9-1D31-413A-914D-FA2A74DCF9A2}\mpengine.dll

2012-04-02 18:02:38 -------- d-----w- C:\Users\User\AppData\Roaming\Malwarebytes

2012-04-02 18:02:33 -------- d-----w- C:\ProgramData\Malwarebytes

2012-04-02 18:02:32 23152 ----a-w- C:\Windows\System32\drivers\mbam.sys

2012-04-02 18:02:31 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware

2012-04-01 14:45:05 -------- d-----w- C:\Users\User\AppData\Local\ElevatedDiagnostics

2012-03-31 18:27:02 -------- d-----w- C:\Program Files (x86)\VideoLAN

2012-03-30 15:37:41 8669240 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll

2012-03-30 15:29:07 -------- d-----w- C:\Program Files (x86)\Pulse-Eight

2012-03-30 15:11:39 -------- d-----w- C:\Users\User\AppData\Roaming\XBMC

2012-03-30 15:08:44 2106216 ----a-w- C:\Windows\SysWow64\D3DCompiler_43.dll

2012-03-30 15:08:44 1998168 ----a-w- C:\Windows\SysWow64\D3DX9_43.dll

2012-03-30 15:02:17 -------- d-----w- C:\Program Files (x86)\XBMC

2012-03-27 16:53:12 414368 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

2012-03-27 16:50:38 927800 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{5233E1E6-DA6E-450B-A0A5-4F4A07641642}\gapaengine.dll

2012-03-27 16:48:51 -------- d-----w- C:\Program Files (x86)\Microsoft Security Client

2012-03-27 16:48:37 -------- d-sh--w- C:\Windows\Installer

2012-03-27 16:48:37 -------- d-----w- C:\Program Files\Microsoft Security Client

2012-03-24 21:12:58 -------- d-----w- C:\Windows\SysWow64\wbem\en-US

2012-03-24 21:12:57 -------- d-----w- C:\Windows\System32\wbem\en-US

2012-03-24 21:06:17 1139200 ----a-w- C:\Windows\System32\FntCache.dll

2012-03-24 21:06:16 902656 ----a-w- C:\Windows\System32\d2d1.dll

2012-03-24 21:06:16 739840 ----a-w- C:\Windows\SysWow64\d2d1.dll

2012-03-24 15:57:12 5559152 ----a-w- C:\Windows\System32\ntoskrnl.exe

2012-03-24 15:57:12 3968368 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe

2012-03-24 15:57:11 3913584 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe

2012-03-24 15:55:04 8199504 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll

2012-03-24 15:55:00 8669240 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{03B95CE9-0DAD-4A8B-BBBE-98A737C52720}\mpengine.dll

2012-03-24 15:47:59 1395712 ----a-w- C:\Windows\System32\mfc42.dll

2012-03-24 15:42:42 77312 ----a-w- C:\Windows\System32\packager.dll

2012-03-24 15:42:42 67072 ----a-w- C:\Windows\SysWow64\packager.dll

2012-03-24 15:34:13 -------- d-----w- C:\Intel

2012-03-24 15:32:59 9216 ----a-w- C:\Windows\System32\rdrmemptylst.exe

2012-03-24 15:32:59 77312 ----a-w- C:\Windows\System32\rdpwsx.dll

2012-03-24 15:32:59 149504 ----a-w- C:\Windows\System32\rdpcorekmts.dll

2012-03-24 15:32:58 826880 ----a-w- C:\Windows\SysWow64\rdpcore.dll

2012-03-24 15:32:58 23552 ----a-w- C:\Windows\System32\drivers\tdtcp.sys

2012-03-24 15:32:58 210944 ----a-w- C:\Windows\System32\drivers\rdpwd.sys

2012-03-24 15:32:58 1031680 ----a-w- C:\Windows\System32\rdpcore.dll

2012-03-24 15:30:52 -------- d-sh--we C:\Programme

2012-03-24 15:30:52 -------- d-sh--we C:\ProgramData\Vorlagen

2012-03-24 15:30:52 -------- d-sh--we C:\ProgramData\Startmenü

2012-03-24 15:30:52 -------- d-sh--we C:\ProgramData\Favoriten

2012-03-24 15:30:52 -------- d-sh--we C:\ProgramData\Dokumente

2012-03-24 15:30:52 -------- d-sh--we C:\ProgramData\Anwendungsdaten

2012-03-24 15:30:52 -------- d-sh--we C:\Program Files\Gemeinsame Dateien

2012-03-24 15:30:52 -------- d-sh--we C:\Dokumente und Einstellungen

2012-03-24 15:30:52 -------- d-sh--w- C:\Recovery

2012-03-24 15:22:41 -------- d-----w- C:\Windows\Panther

.

==================== Find3M ====================

.

2012-03-27 16:56:20 7808 ----a-w- C:\Windows\System32\drivers\fuj02b1.sys

2012-03-27 16:56:12 7296 ----a-w- C:\Windows\System32\drivers\fuj02e3.sys

2012-03-27 16:56:04 74272 ----a-w- C:\Windows\System32\RtNicProp64.dll

2012-03-27 16:56:04 346144 ----a-w- C:\Windows\System32\drivers\Rt64win7.sys

2012-03-27 16:56:04 107552 ----a-w- C:\Windows\System32\RTNUninst64.dll

2012-02-10 06:36:07 1544192 ----a-w- C:\Windows\System32\DWrite.dll

2012-02-10 05:38:43 1077248 ----a-w- C:\Windows\SysWow64\DWrite.dll

2012-02-03 04:34:34 3145728 ----a-w- C:\Windows\System32\win32k.sys

2012-01-31 12:44:20 279656 ------w- C:\Windows\System32\MpSigStub.exe

2012-01-10 21:43:30 167704 ----a-w- C:\Windows\System32\igfxtray.exe

2012-01-10 21:43:28 510232 ----a-w- C:\Windows\System32\igfxsrvc.exe

2012-01-10 21:43:26 417560 ----a-w- C:\Windows\System32\igfxpers.exe

2012-01-10 21:43:20 239896 ----a-w- C:\Windows\System32\igfxext.exe

2012-01-10 21:43:08 4379416 ----a-w- C:\Windows\System32\GfxUI.exe

2012-01-10 21:43:08 392984 ----a-w- C:\Windows\System32\hkcmd.exe

2012-01-10 21:43:06 184600 ----a-w- C:\Windows\System32\difx64.exe

2012-01-10 21:37:38 90112 ----a-w- C:\Windows\System32\igfxCoIn_v2622.dll

2012-01-10 21:28:32 8313856 ----a-w- C:\Windows\System32\igdumd64.dll

2012-01-10 21:28:18 12311904 ----a-w- C:\Windows\System32\drivers\igdkmd64.sys

2012-01-10 21:27:26 867020 ----a-w- C:\Windows\SysWow64\igkrng575.bin

2012-01-10 21:27:26 867020 ----a-w- C:\Windows\System32\igkrng575.bin

2012-01-10 21:27:26 128204 ----a-w- C:\Windows\SysWow64\igcompkrng575.bin

2012-01-10 21:27:26 128204 ----a-w- C:\Windows\System32\igcompkrng575.bin

2012-01-10 21:27:26 105608 ----a-w- C:\Windows\SysWow64\igfcg575m.bin

2012-01-10 21:27:26 105608 ----a-w- C:\Windows\System32\igfcg575m.bin

2012-01-10 21:18:36 6323712 ----a-w- C:\Windows\SysWow64\igdumd32.dll

2012-01-10 21:12:26 581120 ----a-w- C:\Windows\SysWow64\igdumdx32.dll

2012-01-10 21:06:22 9528832 ----a-w- C:\Windows\System32\igd10umd64.dll

2012-01-10 20:55:08 7988224 ----a-w- C:\Windows\SysWow64\igd10umd32.dll

2012-01-10 20:42:26 18653696 ----a-w- C:\Windows\System32\ig4icd64.dll

2012-01-10 20:29:54 13904384 ----a-w- C:\Windows\SysWow64\ig4icd32.dll

2012-01-10 20:19:58 378368 ----a-w- C:\Windows\System32\igfxTMM.dll

2012-01-10 20:19:52 28672 ----a-w- C:\Windows\System32\igfxexps.dll

2012-01-10 20:19:42 62464 ----a-w- C:\Windows\System32\igfxsrvc.dll

2012-01-10 20:19:14 110080 ----a-w- C:\Windows\System32\hccutils.dll

2012-01-10 20:19:06 4096 ----a-w- C:\Windows\System32\IGFXDEVLib.dll

2012-01-10 20:19:06 390656 ----a-w- C:\Windows\System32\igfxdev.dll

2012-01-10 20:19:06 146432 ----a-w- C:\Windows\System32\gfxSrvc.dll

2012-01-10 20:18:36 285696 ----a-w- C:\Windows\System32\igfxrenu.lrc

2012-01-10 20:18:32 9014784 ----a-w- C:\Windows\System32\igfxress.dll

2012-01-10 20:18:32 142336 ----a-w- C:\Windows\System32\igfxdo.dll

2012-01-10 20:15:16 24576 ----a-w- C:\Windows\SysWow64\igfxexps32.dll

2012-01-10 20:14:34 294400 ----a-w- C:\Windows\SysWow64\igfxdv32.dll

2012-01-10 20:12:12 98304 ----a-w- C:\Windows\SysWow64\iglhcp32.dll

2012-01-10 20:12:12 98304 ----a-w- C:\Windows\System32\iglhcp64.dll

2012-01-10 20:12:12 94208 ----a-w- C:\Windows\System32\IccLibDll_x64.dll

2012-01-10 20:12:12 376832 ----a-w- C:\Windows\SysWow64\iglhsip32.dll

2012-01-10 20:12:12 376832 ----a-w- C:\Windows\System32\iglhsip64.dll

2012-01-10 20:12:12 2177536 ----a-w- C:\Windows\System32\igfxcmjit64.dll

2012-01-10 20:12:12 171520 ----a-w- C:\Windows\SysWow64\igfxcmrt32.dll

2012-01-10 20:12:12 1663488 ----a-w- C:\Windows\SysWow64\igfxcmjit32.dll

2012-01-10 20:12:12 148480 ----a-w- C:\Windows\System32\igfxcmrt64.dll

2012-01-04 10:44:20 509952 ----a-w- C:\Windows\System32\ntshrui.dll

2012-01-04 08:58:41 442880 ----a-w- C:\Windows\SysWow64\ntshrui.dll

.

============= FINISH: 20:42:52,04 ===============

Attach.txt

Link to post
Share on other sites
  • 1 month later...
  • Staff
screen317

screen317

Posted
  • Staff
Posted

Hi and welcome to Malwarebytes.

Please update MBAM, run a Quick Scan, and post its log.

Next, download DDS by sUBs and save it to your Desktop.

Double-click on the DDS icon and let the scan run. When it has run two logs will be produced, please post only DDS.txt directly into your reply.

Link to post
Share on other sites
  • 2 weeks later...
Maurice Naggar

Maurice Naggar

Posted
Posted

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites
Guest
This topic is now closed to further replies.
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.

  I accept