Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

DNS cache poisoning attack


  • This topic is locked This topic is locked
4 replies to this topic

#1 melwin

melwin

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:日本
  • Local time:09:30 PM

Posted 06 August 2012 - 01:39 PM

please post your log in this section


Posted Image

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421
Run by メルウィン at 3:34:06 on 2012-08-07
Microsoft Windows 7 Ultimate 6.1.7601.1.932.81.1041.18.3957.1802 [GMT 9:00]
.
AV: ESET Smart Security 5.2 *Enabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1}
SP: ESET Smart Security 5.2 *Enabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: ESET Personal firewall *Enabled* {4FE52EC8-CB26-1113-0EFE-8842E2773BAA}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\atieclxx.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\AppServ\Apache2.2\bin\httpd.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe
C:\AppServ\MySQL\bin\mysqld-nt.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\Elantech\ETDCtrl.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\AppServ\Apache2.2\bin\httpd.exe
C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
C:\Program Files (x86)\Internet Download Manager\IDMan.exe
C:\Program Files (x86)\uTorrent\uTorrent.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\SRS Labs\SRS Premium Sound Control Panel\SRSPremiumPanel_64.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Elantech\ETDCtrlHelper.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
C:\Windows\SysWOW64\RunDll32.exe
C:\Program Files\Rainmeter\Rainmeter.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Internet Download Manager\IEMonitor.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_3_300_270_ActiveX.exe
C:\Windows\system32\taskhost.exe
C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Windows Media Player\wmplayer.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\system32\conhost.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\IELowutil.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://9ch.sakura.ne.jp/web
mWinlogon: Userinit=userinit.exe
BHO: IDM integration (IDMIEHlprObj Class): {0055c089-8582-441b-a0bf-17b458c2a3a8} - C:\Program Files (x86)\Internet Download Manager\IDMIECC.dll
uRun: [IDMan] C:\Program Files (x86)\Internet Download Manager\IDMan.exe /onboot
uRun: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
uRun: [uTorrent] "C:\Program Files (x86)\uTorrent\uTorrent.exe" /MINIMIZED
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
StartupFolder: C:\Users\メルウ~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\RAINME~1.LNK - C:\Program Files\Rainmeter\Rainmeter.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\BLUETO~1.LNK - C:\Program Files (x86)\WIDCOMM\Bluetooth Software\BTTray.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\SRSPRE~1.LNK - C:\Windows\Installer\{E5CF6B9C-3ABE-43C9-9413-AD5FFC98F049}\NewShortcut11_C03C290FA6F54A2B8A2DFE2786A1E275.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Download with IDM - C:\Program Files (x86)\Internet Download Manager\IEExt.htm
IE: すべてのリンクをIDMでダウンロード - C:\Program Files (x86)\Internet Download Manager\IEGetAll.htm
IE: イメージを Bluetooth デバイスに送信(&B)... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: ページを Bluetooth デバイスに送信(&B)... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{4F809AA1-BE36-4324-8E64-BF69A6218655} : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{4F809AA1-BE36-4324-8E64-BF69A6218655}\E456B6F6021436365637370205F696E647 : DhcpNameServer = 192.168.1.1
{0055C089-8582-441B-A0BF-17B458C2A3A8}
mRun-x64: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
IE-X64: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
.
============= SERVICES / DRIVERS ===============
.
R0 epfwwfp;epfwwfp;C:\Windows\system32\DRIVERS\epfwwfp.sys --> C:\Windows\system32\DRIVERS\epfwwfp.sys [?]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\system32\DRIVERS\dtsoftbus01.sys --> C:\Windows\system32\DRIVERS\dtsoftbus01.sys [?]
R1 eamonm;eamonm;C:\Windows\system32\DRIVERS\eamonm.sys --> C:\Windows\system32\DRIVERS\eamonm.sys [?]
R1 EpfwLWF;Epfw NDIS LightWeight Filter;C:\Windows\system32\DRIVERS\EpfwLWF.sys --> C:\Windows\system32\DRIVERS\EpfwLWF.sys [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]
R2 Apache2.2;Apache2.2;C:\AppServ\Apache2.2\bin\httpd.exe [2008-1-18 24635]
R2 ekrn;ESET Service;C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe [2012-3-7 913144]
R2 IDMWFP;IDMWFP;C:\Windows\system32\DRIVERS\idmwfp.sys --> C:\Windows\system32\DRIVERS\idmwfp.sys [?]
R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atipmdag.sys --> C:\Windows\system32\DRIVERS\atipmdag.sys [?]
R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]
R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;C:\Windows\system32\drivers\AtihdW76.sys --> C:\Windows\system32\drivers\AtihdW76.sys [?]
R3 btwampfl;Bluetooth AMP USB Filter;C:\Windows\system32\drivers\btwampfl.sys --> C:\Windows\system32\drivers\btwampfl.sys [?]
R3 btwl2cap;Bluetooth L2CAP Service;C:\Windows\system32\DRIVERS\btwl2cap.sys --> C:\Windows\system32\DRIVERS\btwl2cap.sys [?]
R3 ETD;ELAN PS/2 Port Input Device;C:\Windows\system32\DRIVERS\ETD.sys --> C:\Windows\system32\DRIVERS\ETD.sys [?]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk62x64.sys --> C:\Windows\system32\DRIVERS\yk62x64.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 named;ISC BIND;C:\Windows\System32\dns\bin\named.exe [2012-8-7 376832]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-8-1 250056]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\system32\drivers\rdpvideominiport.sys --> C:\Windows\system32\drivers\rdpvideominiport.sys [?]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 WatAdminSvc;Windows Activation Technologies サービス;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
.
=============== Created Last 30 ================
.
2012-08-06 18:08:12 -------- d-----w- C:\Windows\SysWow64\dns
2012-08-06 12:35:46 69000 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{45E6050A-67A2-4671-902B-DB3C713318BA}\offreg.dll
2012-08-06 04:38:10 -------- d-----w- C:\Users\メルウィン\AppData\Roaming\Media Player Classic
2012-08-06 04:18:14 -------- d-----w- C:\Users\メルウィン\AppData\Roaming\LogoMaker
2012-08-06 02:46:55 -------- d-----w- C:\Program Files (x86)\Common Files\Blizzard Entertainment
2012-08-05 09:20:01 -------- d-----w- C:\Users\メルウィン\AppData\Local\TSVNCache
2012-08-05 09:06:34 -------- d-----w- C:\Users\メルウィン\AppData\Roaming\TortoiseSVN
2012-08-05 09:04:23 -------- d-----w- C:\Users\メルウィン\AppData\Roaming\Subversion
2012-08-05 09:01:42 -------- d-----w- C:\Program Files (x86)\Common Files\TortoiseOverlays
2012-08-05 09:01:40 -------- d-----w- C:\Program Files\TortoiseSVN
2012-08-05 08:38:22 -------- d-----w- C:\Users\メルウィン\AppData\Roaming\TortoiseHg
2012-08-05 08:37:53 -------- d-----w- C:\Program Files\TortoiseHg
2012-08-05 08:37:53 -------- d-----w- C:\Program Files\Common Files\TortoiseOverlays
2012-08-04 20:43:01 -------- d-----w- C:\Users\メルウィン\AppData\Roaming\FileZilla
2012-08-04 18:08:28 -------- d-----w- C:\Users\メルウィン\AppData\Roaming\Rainmeter
2012-08-04 18:08:26 -------- d-----w- C:\Program Files\Rainmeter
2012-08-04 17:40:04 -------- d-----w- C:\Users\メルウィン\AppData\Local\Ubisoft Game Launcher
2012-08-04 17:37:47 -------- d-----w- C:\Ubisoft Game Launcher
2012-08-04 17:36:05 -------- d-----w- C:\Program Files (x86)\RocketDock
2012-08-04 17:34:21 -------- d-----w- C:\Users\メルウィン\AppData\Roaming\PunkBuster
2012-08-04 17:32:35 519000 ----a-w- C:\Windows\System32\d3dx10_40.dll
2012-08-04 17:32:35 452440 ----a-w- C:\Windows\SysWow64\d3dx10_40.dll
2012-08-04 17:32:35 2605920 ----a-w- C:\Windows\System32\D3DCompiler_40.dll
2012-08-04 17:32:35 2036576 ----a-w- C:\Windows\SysWow64\D3DCompiler_40.dll
2012-08-04 17:32:33 5631312 ----a-w- C:\Windows\System32\D3DX9_40.dll
2012-08-04 17:32:33 4379984 ----a-w- C:\Windows\SysWow64\D3DX9_40.dll
2012-08-04 14:41:13 -------- d-----w- C:\Users\メルウィン\AppData\Local\SkinSoft
2012-08-04 08:26:38 -------- d-----w- C:\Users\メルウィン\AppData\Local\SKIDROW
2012-08-03 12:48:57 -------- d-----w- C:\Fraps
2012-08-03 12:43:31 -------- d-----w- C:\Program Files (x86)\uTorrent
2012-08-03 12:42:42 -------- d-----w- C:\Users\メルウィン\AppData\Roaming\uTorrent
2012-08-03 06:43:15 9133488 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll
2012-08-03 06:43:12 9133488 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{45E6050A-67A2-4671-902B-DB3C713318BA}\mpengine.dll
2012-08-02 05:22:33 -------- d-----w- C:\Users\メルウィン\AppData\Local\Deployment
2012-08-02 05:22:33 -------- d-----w- C:\Users\メルウィン\AppData\Local\Apps
2012-08-02 04:08:17 -------- d-----w- C:\RO EP20.0
2012-08-02 04:07:58 -------- d-----w- C:\SERVER 20.0
2012-08-02 04:01:06 -------- d-----w- C:\AppServ
2012-08-02 03:55:45 1589248 ----a-w- C:\Windows\SysWow64\libmysql_d.dll
2012-08-02 03:55:40 -------- d-----w- C:\Program Files (x86)\PremiumSoft
2012-08-01 18:36:29 -------- d-----w- C:\Program Files (x86)\MSECache
2012-08-01 18:14:00 -------- d-----w- C:\Users\メルウィン\AppData\Roaming\Opera
2012-08-01 18:14:00 -------- d-----w- C:\Users\メルウィン\AppData\Local\Opera
2012-08-01 17:39:59 517960 ----a-w- C:\Windows\System32\XAudio2_5.dll
2012-08-01 17:27:16 -------- d-----w- C:\Windows\System32\SPReview
2012-08-01 17:21:26 -------- d-----w- C:\Windows\SysWow64\directx
2012-08-01 17:15:27 283200 ----a-w- C:\Windows\System32\drivers\dtsoftbus01.sys
2012-08-01 17:15:23 -------- d-----w- C:\Users\メルウィン\AppData\Roaming\DAEMON Tools Lite
2012-08-01 17:15:20 -------- d-----w- C:\Program Files (x86)\DAEMON Tools Lite
2012-08-01 17:14:40 -------- d-----w- C:\ProgramData\DAEMON Tools Lite
2012-08-01 16:57:55 -------- d-----w- C:\Users\メルウィン\AppData\Roaming\Foxit
2012-08-01 16:57:44 -------- d-----w- C:\Program Files (x86)\Foxit Software
2012-08-01 15:42:47 1139200 ----a-w- C:\Windows\System32\FntCache.dll
2012-08-01 15:42:46 902656 ----a-w- C:\Windows\System32\d2d1.dll
2012-08-01 15:42:46 739840 ----a-w- C:\Windows\SysWow64\d2d1.dll
2012-08-01 15:02:15 -------- d-----w- C:\Windows\System32\EventProviders
2012-08-01 14:47:18 48976 ----a-w- C:\Windows\System32\netfxperf.dll
2012-08-01 14:47:18 1942856 ----a-w- C:\Windows\System32\dfshim.dll
2012-08-01 14:47:10 1130824 ----a-w- C:\Windows\SysWow64\dfshim.dll
2012-08-01 14:47:06 59392 ----a-w- C:\Windows\System32\drivers\TsUsbFlt.sys
2012-08-01 14:47:06 3715584 ----a-w- C:\Windows\System32\mstscax.dll
2012-08-01 14:47:06 12288 ----a-w- C:\Windows\System32\TsUsbRedirectionGroupPolicyExtension.dll
2012-08-01 14:47:05 1838080 ----a-w- C:\Windows\System32\d3d10warp.dll
2012-08-01 14:47:05 14967808 ----a-w- C:\Program Files\DVD Maker\OmdBase.dll
2012-08-01 14:47:02 3215872 ----a-w- C:\Windows\SysWow64\mstscax.dll
2012-08-01 14:45:59 934912 ----a-w- C:\Windows\System32\FirewallControlPanel.dll
2012-08-01 14:44:59 73728 ----a-w- C:\Windows\System32\tlscsp.dll
2012-08-01 14:43:56 606208 ----a-w- C:\Windows\SysWow64\wbem\fastprox.dll
2012-08-01 14:43:56 363008 ----a-w- C:\Windows\SysWow64\wbemcomn.dll
2012-08-01 14:43:56 189952 ----a-w- C:\Program Files (x86)\Windows Portable Devices\sqmapi.dll
2012-08-01 14:42:46 529408 ----a-w- C:\Windows\System32\wbemcomn.dll
2012-08-01 14:42:46 244736 ----a-w- C:\Program Files\Windows Portable Devices\sqmapi.dll
2012-08-01 14:42:39 244736 ----a-w- C:\Windows\System32\sqmapi.dll
2012-08-01 14:32:07 -------- d-----w- C:\Users\メルウィン\AppData\Roaming\WinRAR
2012-08-01 13:31:59 -------- d-----w- C:\Users\メルウィン\AppData\Roaming\IDM
2012-08-01 13:31:59 -------- d-----w- C:\Users\メルウィン\AppData\Roaming\DMCache
2012-08-01 13:31:54 -------- d-----w- C:\Program Files (x86)\Internet Download Manager
2012-08-01 13:16:42 -------- d-----w- C:\Users\メルウィン\AppData\Roaming\Macromedia
2012-08-01 13:16:42 -------- d-----w- C:\Users\メルウィン\AppData\Roaming\Adobe
2012-08-01 13:16:37 70344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-08-01 13:16:37 426184 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-08-01 13:06:13 -------- d-----w- C:\Users\メルウィン\AppData\Roaming\ESET
2012-08-01 13:06:13 -------- d-----w- C:\Users\メルウィン\AppData\Local\ESET
2012-08-01 13:05:21 -------- d-----w- C:\Program Files\ESET
2012-08-01 12:52:26 -------- d-----w- C:\Windows\SysWow64\Wat
2012-08-01 12:52:25 -------- d-----w- C:\Windows\System32\Wat
2012-08-01 12:33:52 3148800 ----a-w- C:\Windows\System32\win32k.sys
2012-08-01 11:42:07 81408 ----a-w- C:\Windows\System32\imagehlp.dll
2012-08-01 11:42:07 5120 ----a-w- C:\Windows\SysWow64\wmi.dll
2012-08-01 11:42:07 5120 ----a-w- C:\Windows\System32\wmi.dll
2012-08-01 11:42:07 23408 ----a-w- C:\Windows\System32\drivers\fs_rec.sys
2012-08-01 11:42:07 220672 ----a-w- C:\Windows\System32\wintrust.dll
2012-08-01 11:42:07 172544 ----a-w- C:\Windows\SysWow64\wintrust.dll
2012-08-01 11:42:07 159232 ----a-w- C:\Windows\SysWow64\imagehlp.dll
2012-08-01 11:39:21 279656 ------w- C:\Windows\System32\MpSigStub.exe
2012-08-01 11:32:47 2164224 ----a-w- C:\Program Files\Windows Journal\Journal.exe
2012-08-01 11:32:47 1732096 ----a-w- C:\Program Files\Windows Journal\NBDoc.DLL
2012-08-01 11:32:47 1367552 ----a-w- C:\Program Files\Common Files\Microsoft Shared\ink\journal.dll
2012-08-01 11:32:46 936960 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\ink\journal.dll
2012-08-01 11:32:46 1402880 ----a-w- C:\Program Files\Windows Journal\JNWDRV.dll
2012-08-01 11:32:46 1393664 ----a-w- C:\Program Files\Windows Journal\JNTFiltr.dll
2012-08-01 11:31:34 288768 ----a-w- C:\Windows\System32\drivers\mrxsmb10.sys
2012-08-01 11:31:34 158208 ----a-w- C:\Windows\System32\drivers\mrxsmb.sys
2012-08-01 11:31:34 128000 ----a-w- C:\Windows\System32\drivers\mrxsmb20.sys
2012-08-01 11:29:54 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2012-08-01 11:28:37 142336 ----a-w- C:\Windows\System32\poqexec.exe
2012-08-01 11:28:37 123904 ----a-w- C:\Windows\SysWow64\poqexec.exe
2012-08-01 11:28:14 1544704 ----a-w- C:\Windows\System32\DWrite.dll
2012-08-01 11:28:14 1077248 ----a-w- C:\Windows\SysWow64\DWrite.dll
2012-08-01 11:28:04 395776 ----a-w- C:\Windows\System32\webio.dll
2012-08-01 11:28:04 314880 ----a-w- C:\Windows\SysWow64\webio.dll
2012-08-01 11:28:01 467456 ----a-w- C:\Windows\System32\drivers\srv.sys
2012-08-01 11:28:01 410112 ----a-w- C:\Windows\System32\drivers\srv2.sys
2012-08-01 11:28:01 168448 ----a-w- C:\Windows\System32\drivers\srvnet.sys
2012-08-01 11:26:36 1465344 ----a-w- C:\Windows\System32\XpsPrint.dll
2012-08-01 11:26:35 870912 ----a-w- C:\Windows\SysWow64\XpsPrint.dll
2012-08-01 11:26:35 826880 ----a-w- C:\Windows\SysWow64\rdpcore.dll
2012-08-01 11:26:35 23552 ----a-w- C:\Windows\System32\drivers\tdtcp.sys
2012-08-01 11:26:35 1031680 ----a-w- C:\Windows\System32\rdpcore.dll
2012-08-01 11:26:15 2004480 ----a-w- C:\Windows\System32\msxml6.dll
2012-08-01 11:26:15 1881600 ----a-w- C:\Windows\System32\msxml3.dll
2012-08-01 11:26:14 2048 ----a-w- C:\Windows\SysWow64\msxml3r.dll
2012-08-01 11:26:14 2048 ----a-w- C:\Windows\System32\msxml3r.dll
2012-08-01 11:26:14 1390080 ----a-w- C:\Windows\SysWow64\msxml6.dll
2012-08-01 11:26:14 1236992 ----a-w- C:\Windows\SysWow64\msxml3.dll
2012-08-01 11:25:47 1572864 ----a-w- C:\Windows\System32\quartz.dll
2012-08-01 11:25:47 1328128 ----a-w- C:\Windows\SysWow64\quartz.dll
2012-08-01 11:25:46 514560 ----a-w- C:\Windows\SysWow64\qdvd.dll
2012-08-01 11:25:46 366592 ----a-w- C:\Windows\System32\qdvd.dll
2012-08-01 11:25:13 1462272 ----a-w- C:\Windows\System32\crypt32.dll
2012-08-01 11:25:12 184320 ----a-w- C:\Windows\System32\cryptsvc.dll
2012-08-01 11:25:12 140288 ----a-w- C:\Windows\SysWow64\cryptsvc.dll
2012-08-01 11:25:12 140288 ----a-w- C:\Windows\System32\cryptnet.dll
2012-08-01 11:25:12 1158656 ----a-w- C:\Windows\SysWow64\crypt32.dll
2012-08-01 11:25:12 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll
2012-08-01 11:21:52 715776 ----a-w- C:\Windows\System32\kerberos.dll
2012-08-01 11:21:52 542208 ----a-w- C:\Windows\SysWow64\kerberos.dll
2012-08-01 11:20:48 723456 ----a-w- C:\Windows\System32\EncDec.dll
2012-08-01 11:20:48 534528 ----a-w- C:\Windows\SysWow64\EncDec.dll
2012-08-01 11:20:05 64512 ----a-w- C:\Windows\SysWow64\devobj.dll
2012-08-01 11:20:05 44544 ----a-w- C:\Windows\SysWow64\devrtl.dll
2012-08-01 11:20:05 404480 ----a-w- C:\Windows\System32\umpnpmgr.dll
2012-08-01 11:20:05 252928 ----a-w- C:\Windows\SysWow64\drvinst.exe
2012-08-01 11:20:05 207872 ----a-w- C:\Windows\System32\cfgmgr32.dll
2012-08-01 11:20:05 145920 ----a-w- C:\Windows\SysWow64\cfgmgr32.dll
2012-08-01 11:19:29 476160 ----a-w- C:\Windows\System32\XpsGdiConverter.dll
2012-08-01 11:19:29 288256 ----a-w- C:\Windows\SysWow64\XpsGdiConverter.dll
2012-08-01 11:17:59 2342400 ----a-w- C:\Windows\SysWow64\msi.dll
2012-08-01 11:16:54 75120 ----a-w- C:\Windows\System32\drivers\partmgr.sys
2012-08-01 11:15:59 70656 ----a-w- C:\Windows\SysWow64\fontsub.dll
2012-08-01 11:09:42 2622464 ----a-w- C:\Windows\System32\wucltux.dll
2012-08-01 11:09:38 99840 ----a-w- C:\Windows\System32\wudriver.dll
2012-08-01 11:09:32 36864 ----a-w- C:\Windows\System32\wuapp.exe
2012-08-01 11:09:32 186752 ----a-w- C:\Windows\System32\wuwebv.dll
2012-08-01 10:33:16 0 ----a-w- C:\Windows\ativpsrm.bin
2012-08-01 10:29:40 -------- d-----w- C:\Program Files\Elantech
2012-08-01 10:29:39 4675976 ----a-w- C:\Windows\System32\ETDUI.cpl
2012-08-01 10:29:39 136192 ----a-w- C:\Windows\System32\drivers\ETD.sys
2012-08-01 10:28:27 340520 ----a-w- C:\Windows\System32\drivers\btwampfl.sys
2012-08-01 10:28:26 39464 ----a-w- C:\Windows\System32\drivers\btwl2cap.sys
2012-08-01 10:28:26 21544 ----a-w- C:\Windows\System32\drivers\btwrchid.sys
2012-08-01 10:28:26 135720 ----a-w- C:\Windows\System32\drivers\btwavdt.sys
2012-08-01 10:28:23 102440 ----a-w- C:\Windows\System32\drivers\btwaudio.sys
2012-08-01 10:26:32 -------- d-----w- C:\Program Files\WIDCOMM
2012-08-01 10:25:39 95544 ----a-w- C:\Windows\System32\bcmwlcoi.dll
2012-08-01 10:25:39 6656 ----a-w- C:\Windows\System32\bcmwlrc.dll
2012-08-01 10:25:39 3891200 ----a-w- C:\Windows\System32\bcmihvsrv64.dll
2012-08-01 10:25:39 3555840 ----a-w- C:\Windows\System32\bcmihvui64.dll
2012-08-01 10:25:39 3062336 ----a-w- C:\Windows\System32\drivers\BCMWL664.SYS
2012-08-01 10:25:38 -------- d-----w- C:\Program Files\Broadcom
2012-08-01 10:24:44 -------- d-----w- C:\Program Files (x86)\Marvell
2012-08-01 10:24:39 -------- d-----w- C:\Users\メルウィン\AppData\Roaming\ATI
2012-08-01 10:24:39 -------- d-----w- C:\Users\メルウィン\AppData\Local\ATI
2012-08-01 10:24:35 116240 ----a-w- C:\Windows\System32\drivers\AtihdW76.sys
2012-08-01 10:22:56 108960 ----a-w- C:\Windows\System32\AERTAR64.dll
2012-08-01 10:21:35 55296 ----a-w- C:\Windows\System32\coinst.dll
2012-08-01 10:21:35 446464 ----a-w- C:\Windows\System32\ATIDEMGX.dll
2012-08-01 10:21:16 -------- d-----w- C:\Program Files\ATI
2012-08-01 10:21:11 -------- d-----w- C:\Program Files (x86)\ATI Technologies
2012-08-01 10:20:48 -------- d-sh--w- C:\Windows\Installer
2012-08-01 10:19:45 540696 ----a-w- C:\Windows\System32\drivers\iaStor.sys
2012-08-01 10:19:42 -------- d-----w- C:\Users\メルウィン\AppData\Roaming\InstallShield
2012-08-01 10:19:34 53248 ----a-w- C:\Windows\SysWow64\CSVer.dll
2012-08-01 10:19:28 -------- d-----w- C:\Intel
2012-08-01 10:15:30 -------- d-----r- C:\Users\メルウィン\Searches
2012-08-01 10:15:15 -------- d-----w- C:\Users\メルウィン\AppData\Roaming\Identities
2012-08-01 10:15:09 -------- d-----r- C:\Users\メルウィン\Contacts
2012-08-01 10:15:05 -------- d-----w- C:\Users\メルウィン\AppData\Local\VirtualStore
2012-08-01 10:02:33 -------- d-----w- C:\Windows\Panther
.
==================== Find3M ====================
.
2012-08-01 17:32:23 152576 ----a-w- C:\Windows\SysWow64\msclmd.dll
2012-08-01 17:32:22 175616 ----a-w- C:\Windows\System32\msclmd.dll
2012-06-06 06:02:54 1133568 ----a-w- C:\Windows\System32\cdosys.dll
2012-06-06 05:03:06 805376 ----a-w- C:\Windows\SysWow64\cdosys.dll
2012-06-02 05:50:10 458704 ----a-w- C:\Windows\System32\drivers\cng.sys
2012-06-02 05:48:16 95600 ----a-w- C:\Windows\System32\drivers\ksecdd.sys
2012-06-02 05:48:16 151920 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys
2012-06-02 05:45:31 340992 ----a-w- C:\Windows\System32\schannel.dll
2012-06-02 05:44:21 307200 ----a-w- C:\Windows\System32\ncrypt.dll
2012-06-02 04:40:42 22016 ----a-w- C:\Windows\SysWow64\secur32.dll
2012-06-02 04:40:39 225280 ----a-w- C:\Windows\SysWow64\schannel.dll
2012-06-02 04:39:10 219136 ----a-w- C:\Windows\SysWow64\ncrypt.dll
2012-06-02 04:34:09 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
.
============= FINISH: 3:35:53.27 ===============



Attached File  Attach.zip   3.12KB   0 downloads

Attached File  DDS.txt   23.67KB   0 downloads

Edited by melwin, 06 August 2012 - 02:19 PM.


BC AdBot (Login to Remove)

 


#2 melwin

melwin
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:日本
  • Local time:09:30 PM

Posted 07 August 2012 - 12:25 PM

help me please > <

#3 Orange Blossom

Orange Blossom

    OBleepin Investigator


  • Moderator
  • 36,947 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Bloomington, IN
  • Local time:08:30 AM

Posted 09 August 2012 - 03:36 PM

I know how frustrating it is when your computer isn't working properly. Let me assure you that your topic isn't lost, forgotten, or ignored. We work with hundreds of logs every day, so we have devised a means of seeing only those topics that don't have responses yet. At the moment, we have nearly 100 unanswered topics, the oldest dated Aug. 5 at 12:33 am Eastern Daylight Savings time in the U.S.A. Your log topic is dated Aug. 6 at 2:39 PM using the same time zone.

Our volunteer MRT team members have various levels of expertise and training, so while we try to take the oldest DDS/HJT logs, it is often the skill level of the particular helper and sometimes the operating system that dictates which logs get selected first. Some infections are more complicated than others and require a higher skill level to remove. Without that skill level attempted removal could result in disastrous results. In other instances, the helper may not be familiar with the operating system that you are using, since they use another. In either case, neither of us would want someone to assist you who is not familiar with your issue and attempt to fix it.

Please be patient. It may take a couple more days to get a response but your log will be reviewed and answered as soon as possible. I advise checking your topic once a day for responses as the e-mail notification system is unreliable.

If HelpBot replies to your topic, PLEASE follow Step One so it will report your topic to the team members.
Help us help you. If HelpBot replies, you MUST follow step 1 in its reply so we know you need help.

Orange Blossom

An ounce of prevention is worth a pound of cure

SpywareBlaster, WinPatrol Plus, ESET Smart Security, Malwarebytes' Anti-Malware, NoScript Firefox ext., Norton noscript

#4 nasdaq

nasdaq

  • Malware Response Team
  • 39,243 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:08:30 AM

Posted 11 August 2012 - 10:36 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps.
===

Please download Malwarebytes Anti-Malware and save it to your desktop.
  • alternate download link 2
    • Make sure you are connected to the Internet.
    • Double-click on Download_mbam-setup.exe to install the application.
    • When the installation begins, follow the prompts and do not make any changes to default settings.
    • When installation has finished, make sure you leave both of these checked:[list]
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
  • MBAM will automatically start and you will be asked to update the program before performing a scan. If an update is found, the program will automatically update itself. Press the OK button to close that box and continue. If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install.
  • On the Scanner tab:
    • Make sure the "Perform Quick Scan" option is selected.
    • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
  • Back at the main Scanner screen, click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad and you may be prompted to restart your computer. (see Note below)
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply and exit MBAM.
Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.

For complete or visual instructions on installing and running Malwarebytes Anti-Malware please read this link

Post back with the Malwarebytes Anti-Malware log once it's complete.
===

Please download ComboFix from any of the links below, and save it to your desktop. For information regarding this download, please visit this web page: http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Link 1
Link 2


* IMPORTANT !!! Save ComboFix.exe to your Desktop

IMPORTANT....

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Do not install any other programs until this if fixed.


How to : Disable Anti-virus and Firewall...
http://www.bleepingcomputer.com/forums/topic114351.html

Double click on ComboFix.exe & follow the prompts.
  • When finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt
Note:
Do not mouse click ComboFix's window while it's running. That may cause it to stall


Note: If you have difficulty properly disabling your protective programs, refer to this link --> http://www.bleepingcomputer.com/forums/topic114351.html


Note: If after running ComboFix you get this error message "Illegal operation attempted on a registry key that has been marked for deletion." when attempting to run a program all you need to do is restart the computer to reset the registry.
===

Third party programs if not up to date can be the cause infiltration of an infection.

Please run this security check for my review.

Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
===

Please post the 3 logs for my review.
Let me know what problem persists.

#5 nasdaq

nasdaq

  • Malware Response Team
  • 39,243 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:08:30 AM

Posted 17 August 2012 - 09:05 AM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days. Please include a link to your topic in the Private Message. Thank you.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users