Jump to content

chocka

Members
 View Profile  See their activity

  • Posts

    15

  • Joined

  • Last visited

Reputation

0 Neutral
  1. chocka
    nssm.rar MBAMSERVICE.rar
  2. chocka
    This morning after the scan got Generic.Malware/Suspicious, C:\PROGRAM FILES (X86)\DOMOTICZ\NSSM.EXE yesterday, I installed Domoticz and just looked it up with the Domoticz forum, from which I read that it was reported as false positive. As you may need something, let me know about it
  3. chocka
    Thanx for the explain, installed application update as you mentioned and its now 391 and loaded in the memory
  4. chocka
    Just restarted the PC and the exploit protection started at start up, seems to be OK again.
  5. chocka
    Hi Just started the PC and see a red sign on the Mbam icon in the systemtray, seems that I'm not fully protected cause exploit protection is off, but can't get it started or turn it on? Used the support and added the zip file. What struck me in the result file, is that despite myself always put Windows defender off, Windows again and again to get them to turn on, immensely annoying. I also see that Windows has now built in its own exploit protection, to what extent does it compete with the Mbam version? mbst-grab-results.zip
  6. chocka
    Thanx for the input, than I need to find those video's somewhere else, already unliked the page
  7. chocka
    I like to follow Max Verstappen and get a lot of info by Facebook links of autobahn.eu, but since a couple of days when I start the video, its blocked casue of riskware. The last three years seen all without a problem and suddenly its not safe anymore? Is this really very dangerous to see those video's or is something wrong with that site? e.g. this ios a link https://www.autobahn.eu/8643/de-reactie-van-max-verstappen-vlak-na-de-kwalificatie-bij-jack-plooij/
  8. chocka
    Good question, the website says " NOW EVEN STRONGER AND SMARTER, ANTIVIRUS IS UNNECESSARY" But may be this is only marketing?
  9. chocka
    Is there a way with MBAM to let the automated flash scan after an update operate in the background, without that MBAM opens a new window? Is there a way to find out which program is behind the IP which is been blocked by MBAM?
  10. chocka
    Copied from this topic http://forums.malwarebytes.org/index.php?showtopic=106347 I try to find out what are those IP blocked adresses which MAM reported. May some can help me figure out from which programs those are? - IP-BLOCK 92.241.184.162 (Type: outgoing) - IP-BLOCK 93.190.140.59 (Type: outgoing) Been through the DDS file, and the first attention I got is at the top the file where I see: - FW: ZoneAlarm Firewall *Enabled* I asked why is it there, because I don not use that program any more since many years (5 or 6) - S0 eBoost;eBoostr caching filter driver;c:\windows\system32\drivers\eboost.sys --> c:\windows\system32\drivers\eBoost.sys [?] eBoost.sys is not at c:\windows\system32\drivers\ ? In the past I tried that proram once and uninstalled it, but still I get errors from it. (Added two new files) . DDS (Ver_2011-08-26.01) - NTFSx86 Internet Explorer: 8.0.6001.18702 Run by Pols at 19:04:25 on 2012-02-19 Microsoft Windows XP Professional 5.1.2600.3.1252.31.1033.18.2047.1121 [GMT 1:00] . AV: Avira AntiVir PersonalEdition *Disabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7} FW: PC Tools Firewall Plus *Enabled* FW: ZoneAlarm Firewall *Enabled* . ============== Running Processes =============== . C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost -k DcomLaunch svchost.exe C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup C:\WINDOWS\system32\svchost.exe -k netsvcs C:\WINDOWS\system32\Ati2evxx.exe svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Avira\AntiVir Desktop\sched.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Logitech\iTouch\iTouch.exe C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe C:\Program Files\Logitech\SetPointP\SetPoint.exe C:\Program Files\Avira\AntiVir Desktop\avgnt.exe C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe C:\Program Files\Analog Devices\SoundMAX\Smax4.exe C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe C:\Program Files\Avira\AntiVir Desktop\avguard.exe C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Documents and Settings\Pols\Application Data\SanDisk\Sansa Updater\SansaDispatch.exe C:\Program Files\Internet Download Manager\IDMan.exe C:\Program Files\DFX\DFX.exe C:\WINDOWS\ATKKBService.exe C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe C:\Program Files\PC Tools Firewall Plus\FWService.exe C:\Program Files\Internet Download Manager\IEMonitor.exe C:\WINDOWS\system32\HPZipm12.exe C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesService32.exe C:\WINDOWS\system32\wbem\wmiapsrv.exe C:\Program Files\DFX\Universal\Apps\DfxSharedApp32.exe C:\Program Files\Avira\AntiVir Desktop\avshadow.exe C:\PROGRAM FILES\INTUWAVE\SHARED\MROUTERRUNTIME\MROUTERCONFIG.EXE C:\Program Files\Intuwave\Shared\mRouterRuntime\mRouterRuntime.exe C:\Program Files\Avira\AntiVir Desktop\avmailc.exe C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE C:\PROGRAM FILES\OO SOFTWARE\DEFRAG\OODTRAY.EXE C:\PROGRAM FILES\NORTON GHOST\AGENT\VPROTRAY.EXE C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesApp32.exe C:\Program Files\Norton Ghost\Agent\VProSvc.exe C:\Program Files\Norton Ghost\Shared\Drivers\SymSnapService.exe C:\WINDOWS\system32\svchost.exe -k imgsvc C:\Program Files\DivX\DivX Update\DivXUpdate.exe C:\Program Files\Mozilla Firefox\firefox.exe . ============== Pseudo HJT Report =============== . uLocal Page = about:blank uStart Page = about:blank uSearch Page = about:blank mDefault_Page_URL = about:blank mDefault_Search_URL = about:blank mSearch Page = about:blank mLocal Page = about:blank mStart Page = about:blank mWindow Title = uInternet Settings,ProxyOverride = localhost;*.local mSearchAssistant = about:blank mCustomizeSearch = about:blank BHO: IDM integration (IDMIEHlprObj Class): {0055c089-8582-441b-a0bf-17b458c2a3a8} - c:\program files\internet download manager\IDMIECC.dll BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - c:\program files\divx\divx plus web player\ie\divxhtml5\DivXHTML5.dll BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0\bin\ssv.dll TB: {7792546F-70AE-4ABC-B2B6-BE68E9410002} - No File uRun: [LDM] c:\program files\logitech\desktop messenger\8876480\program\BackWeb-8876480.exe uRun: [sansaDispatch] c:\documents and settings\pols\application data\sandisk\sansa updater\SansaDispatch.exe uRun: [iDMan] c:\program files\internet download manager\IDMan.exe /onboot mRun: [Logitech Utility] Logi_MwX.Exe mRun: [zBrowser Launcher] c:\program files\logitech\itouch\iTouch.exe mRun: [00PCTFW] "c:\program files\pc tools firewall plus\FirewallGUI.exe" -s mRun: [EvtMgr6] c:\program files\logitech\setpointp\SetPoint.exe /launchGaming mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min mRun: [soundMAXPnP] c:\program files\analog devices\soundmax\SMax4PNP.exe mRun: [soundMAX] "c:\program files\analog devices\soundmax\Smax4.exe" /tray mRun: [WinPatrol] c:\program files\billp studios\winpatrol\winpatrol.exe -expressboot mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\dfx.lnk - c:\program files\dfx\DFX.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\logitech desktop messenger.lnk - c:\program files\logitech\desktop messenger\8876480\program\LDMConf.exe uPolicies-explorer: NoLogoff = 01000000 uPolicies-explorer: NoSMMyDocs = 1 (0x1) uPolicies-explorer: NoFavoritesMenu = 1 (0x1) uPolicies-explorer: NoRecycleFiles = 0 (0x0) uPolicies-explorer: NoInstrumentation = 1 (0x1) IE: Download alle links met IDM - c:\program files\internet download manager\IEGetAll.htm IE: Download met IDM - c:\program files\internet download manager\IEExt.htm IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe LSP: c:\program files\avira\antivir desktop\avsda.dll DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab TCP: DhcpNameServer = 192.168.1.254 TCP: Interfaces\{1DBDE8CD-556C-4AF9-9182-5FD097D937D9} : DhcpNameServer = 192.168.1.254 Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL Notify: AtiExtEvent - Ati2evxx.dll Notify: LBTWlgn - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL . ================= FIREFOX =================== . FF - ProfilePath - c:\documents and settings\pols\application data\mozilla\firefox\profiles\chocka.default\ FF - prefs.js: network.proxy.type - 0 FF - component: c:\documents and settings\pols\application data\idm\idmmzcc3\components\idmmzcc.dll FF - plugin: c:\documents and settings\pols\application data\mozilla\firefox\profiles\chocka.default\extensions\coralietab@mozdev.org\plugins\npCoralIETab.dll FF - plugin: c:\program files\divx\divx ovs helper\npovshelper.dll FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll FF - plugin: c:\program files\microsoft silverlight\5.0.61118.0\npctrlui.dll FF - plugin: c:\program files\mozilla firefox\plugins\npwachk.dll FF - plugin: c:\program files\vlc\npvlc.dll . ---- FIREFOX POLICIES ---- FF - user.js: extensions.BabylonToolbar_i.babTrack - tt=090212_noffx FF - user.js: extensions.BabylonToolbar_i.babExt - FF - user.js: extensions.BabylonToolbar_i.srcExt - ss FF - user.js: extensions.BabylonToolbar_i.id - 04c10d2d000000000000001b211bad52 FF - user.js: extensions.BabylonToolbar_i.hardId - 04c10d2d000000000000001b211bad52 FF - user.js: extensions.BabylonToolbar_i.instlDay - 15388 FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17 FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17 FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.1722:38:50 FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar FF - user.js: extensions.BabylonToolbar_i.aflt - babsst FF - user.js: extensions.BabylonToolbar_i.smplGrp - none FF - user.js: extensions.BabylonToolbar_i.tlbrId - base FF - user.js: extensions.BabylonToolbar_i.instlRef - sst . ============= SERVICES / DRIVERS =============== . R0 SscRdBus;Virtual bus device (SuperSpeed LLC);c:\windows\system32\drivers\SscRdBus.sys [2007-11-16 61968] R0 SscRdCls;RAM Disk (SuperSpeed LLC);c:\windows\system32\drivers\SscRdCls.sys [2007-11-16 37504] R1 avkmgr;avkmgr;c:\windows\system32\drivers\avkmgr.sys [2011-10-12 36000] R1 IDMTDI;IDMTDI;c:\windows\system32\drivers\idmtdi.sys [2011-12-29 104072] R1 pctgntdi;pctgntdi;c:\windows\system32\drivers\pctgntdi.sys [2011-6-18 251560] R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\SASDIFSV.SYS [2010-2-17 12880] R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2011-1-27 67664] R2 AntiVirMailService;Avira Mail Protection;c:\program files\avira\antivir desktop\avmailc.exe [2011-10-12 342480] R2 AntiVirSchedulerService;Avira Scheduler;c:\program files\avira\antivir desktop\sched.exe [2011-10-12 86224] R2 AntiVirService;Avira Realtime Protection;c:\program files\avira\antivir desktop\avguard.exe [2011-10-12 110032] R2 AntiVirWebService;Avira Web Protection;c:\program files\avira\antivir desktop\avwebgrd.exe [2011-10-12 463824] R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2011-10-12 74640] R2 LBeepKE;Logitech Beep Suppression Driver;c:\windows\system32\drivers\LBeepKE.sys [2010-8-6 12184] R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2009-1-3 652360] R2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2010-6-25 35088] R2 PCTAppEvent;PCTAppEvent Driver;c:\windows\system32\drivers\PCTAppEvent.sys [2011-6-18 160576] R2 PCToolsFirewallPlus;PC Tools Firewall Plus;c:\program files\pc tools firewall plus\FWService.exe [2011-6-18 286000] R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files\tuneup utilities 2012\TuneUpUtilitiesService32.exe [2011-10-20 1479488] R3 GenericMount;Generic Mount Driver;c:\windows\system32\drivers\GenericMount.sys [2009-9-21 46192] R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2009-1-3 20464] R3 PCTFW-PacketFilter;PCTools Firewall - Packet filter driver;c:\windows\system32\drivers\pctNdis-PacketFilter.sys [2011-6-18 89472] R3 pctNdisMP;PC Tools Driver;c:\windows\system32\drivers\pctNdis.sys [2011-6-18 57536] R3 pctplfw;pctplfw;c:\windows\system32\drivers\pctplfw.sys [2011-6-18 125248] R3 seehcri;Sony Ericsson seehcri Device Driver;c:\windows\system32\drivers\seehcri.sys [2009-9-12 27632] R3 SymSnapService;SymSnapService;c:\program files\norton ghost\shared\drivers\SymSnapService.exe [2009-9-21 1964528] R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files\tuneup utilities 2012\TuneUpUtilitiesDriver32.sys [2011-10-20 10064] S0 eBoost;eBoostr caching filter driver;c:\windows\system32\drivers\eboost.sys --> c:\windows\system32\drivers\eBoost.sys [?] S2 AviraUpgradeService;Avira Upgrade Service;"z:\temp\avsetup_4e9571fd\avupgsvc.exe" /tempstart:""z:\temp\avsetup_4e9571fd\setup.exe" /notempcleanup /crossupgrade" --> z:\temp\avsetup_4e9571fd\avupgsvc.exe [?] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S3 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCORE.EXE [2011-3-19 116608] S3 GenericMount Helper Service;GenericMount Helper Service;c:\program files\norton ghost\shared\drivers\GenericMountHelper.exe [2009-9-21 1571336] S3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\drivers\ggflt.sys [2009-9-13 13224] S3 GPU-Z;GPU-Z;\??\i:\temp\gpu-z.sys --> i:\temp\GPU-Z.sys [?] S3 OODefragAgent;O&O Defrag Agent;c:\program files\oo software\defrag\oodag.exe [2011-6-29 2468168] S3 pctNdis;PC Tools Firewall Intermediate Filter Service;c:\windows\system32\drivers\pctNdis.sys [2011-6-18 57536] S3 Revoflt;Revoflt;c:\windows\system32\drivers\revoflt.sys [2010-4-15 27064] S3 s0016bus;Sony Ericsson Device 0016 driver (WDM);c:\windows\system32\drivers\s0016bus.sys [2009-9-12 89256] S3 s0016mdfl;Sony Ericsson Device 0016 USB WMC Modem Filter;c:\windows\system32\drivers\s0016mdfl.sys [2009-9-12 15016] S3 s0016mdm;Sony Ericsson Device 0016 USB WMC Modem Driver;c:\windows\system32\drivers\s0016mdm.sys [2009-9-12 120744] S3 s0016mgmt;Sony Ericsson Device 0016 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s0016mgmt.sys [2009-9-12 114216] S3 s0016nd5;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (NDIS);c:\windows\system32\drivers\s0016nd5.sys [2009-9-12 25512] S3 s0016obex;Sony Ericsson Device 0016 USB WMC OBEX Interface;c:\windows\system32\drivers\s0016obex.sys [2009-9-12 110632] S3 s0016unic;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (WDM);c:\windows\system32\drivers\s0016unic.sys [2009-9-12 115752] S3 s1018bus;Sony Ericsson Device 1018 driver (WDM);c:\windows\system32\drivers\s1018bus.sys [2010-6-20 86824] S3 s1018mdfl;Sony Ericsson Device 1018 USB WMC Modem Filter;c:\windows\system32\drivers\s1018mdfl.sys [2010-6-20 15016] S3 s1018mdm;Sony Ericsson Device 1018 USB WMC Modem Driver;c:\windows\system32\drivers\s1018mdm.sys [2010-6-20 114728] S3 s1018mgmt;Sony Ericsson Device 1018 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s1018mgmt.sys [2010-6-20 106208] S3 s1018nd5;Sony Ericsson Device 1018 USB Ethernet Emulation (NDIS);c:\windows\system32\drivers\s1018nd5.sys [2010-6-20 26024] S3 s1018obex;Sony Ericsson Device 1018 USB WMC OBEX Interface;c:\windows\system32\drivers\s1018obex.sys [2010-6-20 104744] S3 s1018unic;Sony Ericsson Device 1018 USB Ethernet Emulation (WDM);c:\windows\system32\drivers\s1018unic.sys [2010-6-20 109864] S3 Symantec SymSnap VSS Provider;Symantec SymSnap VSS Provider;c:\windows\system32\dllhost.exe [2007-7-27 5120] S3 vaxscsi;vaxscsi;c:\windows\system32\drivers\vaxscsi.sys [2008-1-13 223128] S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504] . =============== File Associations =============== . regfile\shell\edit\command=%SystemRoot%\system32\NOTEPAD.EXE %1 . =============== Created Last 30 ================ . 2012-02-19 16:02:56 -------- d-----w- c:\documents and settings\pols\local settings\application data\PowerDVDCox 2012-02-19 16:02:53 -------- d-----w- c:\documents and settings\pols\local settings\application data\PowerDVDCinema 2012-02-19 15:59:57 -------- d-----w- c:\program files\common files\CyberLink 2012-02-19 11:50:55 -------- d-----w- c:\documents and settings\pols\application data\Cocoon Software 2012-02-19 11:50:18 -------- d-----w- c:\documents and settings\pols\local settings\application data\WDSetup 2012-02-19 11:18:18 709968 ----a-w- c:\windows\isRS-000.tmp 2012-02-18 21:38:41 -------- d-----w- c:\documents and settings\pols\local settings\application data\Babylon 2012-02-18 21:38:35 -------- d-----w- c:\documents and settings\all users\application data\Babylon 2012-01-30 09:33:58 -------- d-----w- c:\program files\System Ninja 2012-01-22 14:44:22 -------- d-----w- c:\documents and settings\pols\application data\BashGames 2012-01-21 19:24:47 235100 ----a-w- c:\windows\system32\drivers\MidiSyn.sys 2012-01-21 19:23:55 3744 ----a-w- c:\windows\system32\drivers\smsens.sys 2012-01-21 19:23:54 30208 ----a-w- c:\windows\system32\wdmioctl.dll 2012-01-21 19:23:54 1285632 ----a-w- c:\windows\system32\SMMedia.dll 2012-01-21 19:23:53 765952 ----a-w- c:\windows\system\crlds3d.dll 2012-01-21 19:23:52 991232 ----a-w- c:\windows\system32\virtear.dll 2012-01-21 19:23:52 720896 ----a-w- c:\windows\system32\Audio3d.dll 2012-01-21 19:23:52 720896 ----a-w- c:\windows\system32\a3d.dll 2012-01-21 19:23:52 578304 ----a-w- c:\windows\system32\drivers\smwdm.sys 2012-01-21 19:23:52 45056 ----a-w- c:\windows\system32\CleanUp.exe 2012-01-21 19:23:52 -------- d-----w- c:\windows\VirtualEar 2012-01-21 19:23:52 -------- d-----w- c:\program files\Analog Devices 2012-01-21 19:23:51 49152 ----a-w- c:\windows\system32\DSndUp.exe 2012-01-21 19:11:53 -------- d-----w- c:\documents and settings\pols\application data\DDMSettings 2012-01-21 19:07:39 -------- d-----w- C:\Intel 2012-01-21 18:56:41 176128 ----a-w- c:\windows\system32\dfxmm32.dll 2012-01-21 18:56:34 -------- d-----w- c:\program files\common files\DFX 2012-01-21 18:49:54 -------- d-----w- c:\program files\Internet Download Manager . ==================== Find3M ==================== . 2012-02-19 17:08:30 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2012-02-19 16:21:32 505128 ----a-w- c:\windows\system32\msvcp71.dll 2012-02-19 16:21:32 353576 ----a-w- c:\windows\system32\msvcr71.dll 2012-02-15 21:24:21 25992 -c--a-w- c:\windows\system32\pgdfgsvc.exe 2012-01-27 00:48:06 104072 ----a-w- c:\windows\system32\drivers\idmtdi.sys 2012-01-04 00:48:42 354176 ----a-w- c:\windows\system32\DivXControlPanelApplet.cpl 2011-12-15 10:28:21 16400 ----a-w- c:\windows\system32\drivers\LNonPnP.sys 2011-12-10 14:24:06 20464 ----a-w- c:\windows\system32\drivers\mbam.sys 2011-12-04 21:21:30 69632 ----a-w- c:\windows\system32\javacpl.cpl . ============= FINISH: 19:05:43,71 =============== dds.txt attach.txt
  11. chocka
    But that topic is called "I'm infected" and so far MAM as SAS reported both nothing thats indicated I'm infected. I only try to find to which programs those blocked IP adresses belong!?
  12. chocka
    Thanx about the babylon stuff! Which is easily to remove by adjusting the pref.js file of firefox. Just did, so thats gone. But don't know of this got something to do the both mentioned blocked IP adresses!?
  13. chocka
    Sorry couldn't find the edit my post button? Been through the DDS file, and the first attention I got is at the top the file where I see: - FW: ZoneAlarm Firewall *Enabled* I asked why is it there, because I don not use that program any more since many years (5 or 6) - S0 eBoost;eBoostr caching filter driver;c:\windows\system32\drivers\eboost.sys --> c:\windows\system32\drivers\eBoost.sys [?] eBoost.sys is not at c:\windows\system32\drivers\ ? In the past I tried that proram once and uninstalled it, but still I get errors from it.
  14. chocka
    I try to find out what are those IP blocked adresses which MAM reported. May some can help me figure out from which programs those are? - IP-BLOCK 92.241.184.162 (Type: outgoing) - IP-BLOCK 93.190.140.59 (Type: outgoing) Tx in advance dds.txt attach.txt
  15. chocka
    My system isnot what it was before last thursday when tried to update windows with the dot net 3.5 sp1 update My Avira antivir premium is up to date and after a full system scan nothing was found. I just did a scan with Dr.Web which also found nothing. But when I try to start up Mbam 1.45 I get a runtime error 372 vbalsgrid6.ocx Beside that some functions don't work anymore as copy/paste and search for files like vbalsgrid.ocx So I cannot put the log of a quickscan from Mbam in this topic. I only have a HJT log, which I renamed with extension .txt hebind it, because I cannot as said copy/past it in this topic. So far I know something of the HJT log, I don't see something special about it, but may be you do? hijackthis.log.txt
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.