Results 1 to 5 of 5
Hybrid View
-
31st August 2009 11:08 #1
, . ( ) pc- .
40 . , - , , internet explorer, .
task manager-a .
40 .
task manager-a , , , rundll32.exe, 1 mb - "" ( 3.2 mb), , , .
XP SP2 , , anti-spyware malware, .
? rundll32?
-
31st August 2009 11:11 #2Prolemuris
Join Date: Oct:2006
Location: Varna
Posts: 4,296
System Information, . , . . , , , ComboFix.
-
31st August 2009 11:18 #3
-
31st August 2009 11:27 #4Prolemuris
Join Date: Oct:2006
Location: Varna
Posts: 4,296
1. System Information, Software, Loaded Modules, dll-. , , Process Explorer, MS.
2. http://hardwarebg.com/forum/showthread.php?t=91314
ComboFix.
-
31st August 2009 17:00 #5
hijackthis .
edit: combofixCode:Logfile of HijackThis v1.97.7 Scan saved at 11:22:15, on 31.8.2009 . Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.20583) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\RTHDCPL.EXE C:\Program Files\Winamp\Winampa.exe C:\WINDOWS\vVX1000.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Internet Download Manager\IDMan.exe C:\WINDOWS\Datecs\Flex2K.exe C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe C:\WINDOWS\system32\oodag.exe C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\wscntfy.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Skype\Phone\Skype.exe C:\Program Files\Winamp\winamp.exe C:\Program Files\HiJackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\Winampa.exe" O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [OODefragTray] C:\WINDOWS\system32\oodtray.exe O4 - HKLM\..\Run: [VX1000] C:\WINDOWS\vVX1000.exe O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: FlexType 2K.lnk = ? O8 - Extra context menu item: Download All Links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: Skype (HKLM) O9 - Extra button: Research (HKLM) O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 (HKLM) O9 - Extra button: Messenger (HKLM) O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM) O10 - Unknown file in Winsock LSP: c:\windows\system32\idmmbc.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\idmmbc.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\idmmbc.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\idmmbc.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\idmmbc.dll O11 - Options group: [INTERNATIONAL] International* O11 - Options group: [TABS] Tabbed Browsing O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://dev.srtest.com/srl_bin/sysreqlab3.cab O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{26225E05-8EC3-4C82-BFD0-D12AF34E009D}: NameServer = 83.97.65.104 83.97.65.104
System Information, , software?
Code:ComboFix 09-08-30.02 - Cail 08.2009 . 11:39.1.2 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1251.359.1033.18.2046.1627 [GMT 3:00] Running from: C:\ComboFix.exe WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . ((((((((((((((((((((((((( Files Created from 2009-07-28 to 2009-08-31 ))))))))))))))))))))))))))))))) . 2009-08-30 20:12 . 2009-08-30 20:20 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy 2009-08-30 20:12 . 2009-08-30 20:12 -------- d-----w- c:\program files\Spybot - Search & Destroy 2009-08-19 22:23 . 2009-08-19 22:23 -------- d-----w- c:\documents and settings\My Documents\id Software 2009-08-19 09:40 . 2009-08-19 22:23 -------- d-----w- c:\documents and settings\Cail\Local Settings\Application Data\id Software . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-08-31 08:42 . 2008-06-15 17:00 -------- d-----w- c:\documents and settings\Cail\Application Data\DMCache 2009-08-31 08:38 . 2009-08-31 08:37 3188346 ----a-r- C:\ComboFix.exe 2009-08-31 08:20 . 2008-06-15 17:31 -------- d-----w- c:\documents and settings\Cail\Application Data\Skype 2009-08-30 20:26 . 2009-02-26 22:53 -------- d-----w- c:\program files\Garena 2009-08-28 15:13 . 2008-06-15 17:10 -------- d-----w- c:\program files\DC++ 2009-08-25 19:54 . 2008-06-15 16:57 -------- d-----w- c:\program files\mIRC 2009-08-19 09:37 . 2008-06-15 20:23 -------- d--h--w- c:\program files\InstallShield Installation Information 2009-08-18 08:34 . 2009-02-18 20:42 -------- d-----w- c:\documents and settings\Cail\Application Data\Hamachi 2009-07-21 19:13 . 2009-07-21 18:56 -------- d-----w- c:\documents and settings\All Users\Application Data\Codemasters 2009-07-21 18:51 . 2009-07-21 18:51 -------- d-----w- c:\program files\OpenAL 2009-07-21 18:51 . 2008-07-27 22:20 444952 ----a-w- c:\windows\system32\wrap_oal.dll 2009-07-21 18:51 . 2008-07-27 22:20 109080 ----a-w- c:\windows\system32\OpenAL32.dll 2009-07-18 18:58 . 2009-03-28 16:11 -------- d-----w- c:\program files\TweakNow RegCleaner 2009-07-18 17:36 . 2009-07-18 17:36 3180505 ----a-w- c:\program files\Everest.rar 2009-07-08 00:09 . 2008-07-10 21:25 1915520 ----a-w- c:\documents and settings\Cail\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\fpupdateax\fpupdateax.exe 2009-07-06 01:41 . 2009-07-06 01:41 -------- d-----w- c:\program files\Common Files\DVDVideoSoft 2009-06-10 05:28 . 2009-06-10 05:28 3510272 ----a-w- c:\windows\system32\nvgames.dll 2009-06-10 05:28 . 2009-06-10 05:28 4022272 ----a-w- c:\windows\system32\nvdisps.dll 2009-06-10 05:28 . 2009-06-10 05:28 86016 ----a-w- c:\windows\system32\nvmctray.dll 2009-06-10 05:28 . 2009-06-10 05:28 168004 ----a-w- c:\windows\system32\nvsvc32.exe 2009-06-10 05:28 . 2009-06-10 05:28 143360 ----a-w- c:\windows\system32\nvcolor.exe 2009-06-10 05:28 . 2009-06-10 05:28 13758464 ----a-w- c:\windows\system32\nvcpl.dll 2009-06-10 05:28 . 2009-06-10 05:28 229376 ----a-w- c:\windows\system32\nvmccs.dll 2009-06-10 03:03 . 2009-06-07 13:43 671744 ----a-w- c:\windows\system32\nvcuvid.dll 2009-06-10 03:03 . 2009-06-07 13:43 1580550 ----a-w- c:\windows\system32\nvdata.bin 2009-06-10 03:03 . 2009-06-07 13:43 1310720 ----a-w- c:\windows\system32\nvcuvenc.dll 2009-06-10 03:03 . 2008-06-15 15:50 457248 ----a-w- c:\windows\system32\nvudisp.exe 2009-06-10 03:03 . 2008-05-02 19:46 9998336 ----a-w- c:\windows\system32\nvoglnt.dll 2009-06-10 03:03 . 2008-05-02 19:46 815104 ----a-w- c:\windows\system32\nvapi.dll 2009-06-10 03:03 . 2008-05-02 19:46 8087712 ----a-w- c:\windows\system32\drivers\nv4_mini.sys 2009-06-10 03:03 . 2008-05-02 19:46 5908608 ----a-w- c:\windows\system32\nv4_disp.dll 2009-06-10 03:03 . 2008-05-02 19:46 1720320 ----a-w- c:\windows\system32\nvcuda.dll 2009-06-10 03:03 . 2008-05-02 19:46 151552 ----a-w- c:\windows\system32\nvcodins.dll 2009-06-10 03:03 . 2008-05-02 19:46 151552 ----a-w- c:\windows\system32\nvcod.dll 2009-06-07 00:43 . 2009-06-07 00:43 279712 ----a-w- c:\windows\system32\drivers\atksgt.sys 2009-06-07 00:43 . 2009-06-07 00:43 25888 ----a-w- c:\windows\system32\drivers\lirsgt.sys 2009-06-04 13:39 . 2008-06-15 15:49 457248 ----a-w- c:\windows\system32\NVUNINST.EXE 2007-06-24 07:38 . 2007-06-24 07:38 164746 --sha-r- c:\windows\system32\jcpirss.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IDMan"="c:\program files\Internet Download Manager\IDMan.exe" [2004-04-22 462336] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792] "WinampAgent"="c:\program files\Winamp\Winampa.exe" [2003-04-02 12288] "Sony Ericsson PC Suite"="c:\program files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2005-10-26 159744] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2006-09-01 282624] "OODefragTray"="c:\windows\system32\oodtray.exe" [2009-02-25 2553088] "VX1000"="c:\windows\vVX1000.exe" [2007-04-10 709992] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2006-09-11 229952] "Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2009-03-26 401040] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-06-10 13758464] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-06-10 86016] "RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.exe [2007-09-19 16844800] "nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2009-06-10 1657376] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "ShowDeskFix"="shell32" [X] c:\documents and settings\All Users\Start Menu\Programs\Startup\ Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2008-6-23 113664] FlexType 2K.lnk - c:\windows\Datecs\Flex2K.exe [2008-6-16 151552] [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager] BootExecute REG_MULTI_SZ autocheck autochk *\0OODBS [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\mIRC\\mirc.exe"= "c:\\Program Files\\DC++\\DCPlusPlus.exe"= "e:\\GAMES\\Condition Zero\\Valve\\hl.exe"= "c:\\Program Files\\BitComet\\BitComet.exe"= "e:\\GAMES\\Crysis\\Bin32\\Crysis.exe"= "e:\\GAMES\\Crysis\\Bin32\\CrysisDedicatedServer.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= "e:\\GAMES\\Condition Zero\\Valve\\hlds.exe"= "e:\\GAMES\\Call Of Duty 4\\iw3mp.exe"= "e:\\GAMES\\Don't Get Angry 2\\DA2.exe"= "c:\\Program Files\\Hamachi\\hamachi.exe"= "e:\\GAMES\\Warcraft III\\War3.exe"= "e:\\GAMES\\Warcraft III\\Frozen Throne.exe"= "e:\\GAMES\\Quake 3\\quake3.exe"= "e:\\GAMES\\Need For Speed Underground 2\\speed2.exe"= "c:\\Program Files\\Garena\\Garena.exe"= "e:\\GAMES\\Condition Zero\\Valve\\18630393230005338112.exe"= "e:\\GAMES\\Call of Juarez Bound in Blood\\CoJBiBGame_x86.exe"= "e:\\GAMES\\FEAR\\FEARXP2.exe"= "e:\\GAMES\\Far Cry2\\Far Cry 2\\bin\\FarCry2.exe"= "e:\\GAMES\\Far Cry2\\Far Cry 2\\bin\\FC2Launcher.exe"= "e:\\GAMES\\Far Cry2\\Far Cry 2\\bin\\FC2Editor.exe"= "e:\\GAMES\\Wolfenstain 2\\MP\\Wolf2MP.exe"= "e:\\GAMES\\Wolfenstain 2\\MP\\Wolf2MPLite.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "55798:TCP"= 55798:TCP:PORT_55798 "48813:TCP"= 48813:TCP:PORT_48813 "20596:TCP"= 20596:TCP:PORT_20596 "19051:TCP"= 19051:TCP:PORT_19051 "9992:TCP"= 9992:TCP:PORT_9992 "53127:TCP"= 53127:TCP:PORT_53127 "8078:TCP"= 8078:TCP:PORT_8078 "28986:TCP"= 28986:TCP:PORT_28986 "25063:TCP"= 25063:TCP:PORT_25063 "5301:TCP"= 5301:TCP:PORT_5301 "40286:TCP"= 40286:TCP:PORT_40286 "62208:TCP"= 62208:TCP:PORT_62208 "14551:TCP"= 14551:TCP:PORT_14551 "53191:TCP"= 53191:TCP:PORT_53191 "63024:TCP"= 63024:TCP:PORT_63024 "21531:TCP"= 21531:TCP:PORT_21531 "7735:TCP"= 7735:TCP:PORT_7735 "20099:TCP"= 20099:TCP:PORT_20099 "38398:TCP"= 38398:TCP:PORT_38398 "50381:TCP"= 50381:TCP:PORT_50381 "44780:TCP"= 44780:TCP:PORT_44780 "9158:TCP"= 9158:TCP:PORT_9158 "46961:TCP"= 46961:TCP:PORT_46961 "10606:TCP"= 10606:TCP:PORT_10606 "9424:TCP"= 9424:TCP:PORT_9424 "17646:TCP"= 17646:TCP:PORT_17646 "16742:TCP"= 16742:TCP:PORT_16742 "52339:TCP"= 52339:TCP:PORT_52339 "16398:TCP"= 16398:TCP:PORT_16398 "5740:TCP"= 5740:TCP:xwlzjdp R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [28.3.2009 . 20:50 179856] R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [28.3.2009 . 20:50 15504] S0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys --> c:\windows\system32\drivers\TfFsMon.sys [?] S0 TfSysMon;TfSysMon;c:\windows\system32\drivers\TfSysMon.sys --> c:\windows\system32\drivers\TfSysMon.sys [?] S2 adpblegv;Shell Center;c:\windows\system32\svchost.exe -k netsvcs [04.8.2004 . 02:56 14336] S3 GarenaPEngine;GarenaPEngine;\??\c:\docume~1\Cail\LOCALS~1\Temp\CCG1.tmp --> c:\docume~1\Cail\LOCALS~1\Temp\CCG1.tmp [?] S3 pctplsg;pctplsg;\??\c:\windows\system32\drivers\pctplsg.sys --> c:\windows\system32\drivers\pctplsg.sys [?] S3 TfNetMon;TfNetMon;\??\c:\windows\system32\drivers\TfNetMon.sys --> c:\windows\system32\drivers\TfNetMon.sys [?] HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs adpblegv . . ------- Supplementary Scan ------- . uStart Page = about:blank IE: Download All Links with IDM - c:\program files\Internet Download Manager\IEGetAll.htm IE: Download with IDM - c:\program files\Internet Download Manager\IEExt.htm IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 LSP: c:\windows\system32\idmmbc.dll TCP: {26225E05-8EC3-4C82-BFD0-D12AF34E009D} = 83.97.65.104 83.97.65.104 DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-08-31 11:42 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\GarenaPEngine] "ImagePath"="\??\c:\docume~1\Cail\LOCALS~1\Temp\CCG1.tmp" [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\adpblegv] "ServiceDll"="c:\windows\system32\jcpirss.dll" . --------------------- LOCKED REGISTRY KEYS --------------------- [HKEY_USERS\S-1-5-21-343818398-1390067357-839522115-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*] "??"=hex:cb,24,f0,d2,ab,81,4b,49,9a,52,d1,16,d6,83,19,54,9c,05,d6,94,50,2d,ec, 15,41,b3,42,3c,d5,a6,3a,e4,4f,c8,de,0b,cc,89,cd,82,87,3f,d5,20,83,9d,db,89,\ "??"=hex:f1,42,49,73,a4,b4,8b,22,77,dd,69,bc,52,95,ad,ee [HKEY_USERS\S-1-5-21-343818398-1390067357-839522115-1003\Software\SecuROM\License information*] "datasecu"=hex:37,38,cf,87,16,07,16,2a,33,67,65,4c,be,2d,4e,7b,8f,00,69,63,69, 7f,0a,84,80,d8,74,2b,d3,9f,d9,3e,a2,d5,ee,eb,d6,dd,64,e2,d9,ef,02,60,b3,91,\ "rkeysecu"=hex:25,b1,a8,e2,05,9a,90,7f,73,c3,fe,b7,7a,d7,80,39 [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10c.exe,-101" [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation] "Enabled"=dword:00000001 [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32] @="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10c.exe" [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" [HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}] @Denied: (A 2) (Everyone) @="IFlashBroker3" [HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" [HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*] "OODEFRAG11.00.00.01WORKSTATION"="A35C63563EE8A083ED9FFEED6C7004C99E736733A1BDE05C11232F8A61C15C5272CD85D43D9B2E55C9D3D9FC40C8F5ACCCDED88D2BF9576303EF32D000E36AF03B86B211E23203F5CCCFA85740FB3512B2E626C3CD5043BBE92D7CF8D5D1C132272B9F0BD3E122F95E7DC7895ED47CEC15FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC79335D575E7D6A3B98089DB7CE019D40AA5CA2D97226D213B55552F1949B259711F4D2761324E8E3C9D0A8528E0940DA6425BFBA017D89D95217528B45B00E9D2F50586E1836301456D58ED4B0C241FBFC2907C1E63C54D96240C95EE890AD2F0C468BE68165BA949AB36D5DF1971B162131CF19D37FC060954A349A9417924952F5B033F45E2D1822667304A71DAD2D5D34D13CF16C056A9CC9EFBDE395E97C71B06F7AA0BBD1643C9EAF33B0DCF75C84DFA87E6E18FB86670AC221F5CE8AEC1DFD54B7B11094517E3E192CECD5A253A916CF827A8D2658AE87526DECFAE8D1CB18CF38DD5F074D405E0A0240F876522868ACC14C4CA51669742A1F6F472478B7ED36215B23DC589D483D9D94AC61329A2182091DC7C08C58353A0AA851FAC2E121BF67E6C7EF0AF57DD6B9564B735AE4BDFE78ABE6E21A7CE356D24730D0228C89895640AF3D09EE315A657523E5C92AEB2E86B7841C321DCD3473FC69AD1FBE30938CA9AEE414F0CAB20667759094D31304F988EF9C5CC2F4703A807ABD584454C27C6C8E2DFB2665AA5224F8F16010C956F0E66B3DB3BB0F8A478DD2D07B2CE95E6ED20C7DA50050F6D6A8D72C65CFDDDEDB21ADF7661B84E51362D6DA4E4915137BAD57E28BB2902BF276AE04F3474F3D7E09636D3937F3C8E4C05DF329B1B1F2934F9610B9365BC0D99090E5ED705272F373AA5E8429AEE0DBF0355777C14DEFF890625752C51F151500045C49084FE527BA16B3B050B9BA68BB1B66BA99AA64C1CC48348A63F86A7E52821B108FE3E159BB2EF5BD4D4F4CD271C423859AC10C5A63C7C0AAD23D66C61879F8E04CDF941FD86CD5C087DCEB32645AB682ECBC0600B75740919A7310F0E44C6D6FC6481162F6BFA65F280354756AF6EC6B7AF7594633DF172F8857D65652CF9800CBD34C5D800DDC559E9825DEDE2CB49074086C14BE3FCD09AB588B217D4EBA6CED71A12363A895F19CA5E2049F7CA3D8CB338CA34CC31139591A64D20686BB250241501910608F9897E9744E8F60703BB9F36904CE35B0EC287379BD10A9A22B2016F8F4FDF0AC41C95425FA174476C238781898BCCA24E3F571490945DDA095A6F9A346A48FF4F4B20C249C9E073711862310179333837562D1B432D23E858D36A9B96D03E012D4926A851995FED5D9280A2F8A520D8B89D00980086857C7D0B314091D1A82D31471" . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'lsass.exe'(724) c:\windows\system32\idmmbc.dll - - - - - - - > 'explorer.exe'(3832) c:\windows\system32\newdll.dll c:\program files\Internet Download Manager\idmmkb.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . Completion time: 2009-08-31 11:43 ComboFix-quarantined-files.txt 2009-08-31 08:42 Pre-Run: 4*683*264*000 bytes free Post-Run: 4*954*492*928 bytes free 220
---------- 17:00 ---------- 11:32 ----------
, - McAfee 8.7iLast edited by HellRaiseR; 31st August 2009 at 11:49.




Reply With Quote
R9 280,
7th May 2023, 21:28 in