Results 1 to 5 of 5

Thread:

Hybrid View

Previous Post Previous Post   Next Post Next Post
  1. #1
    มวยไทย HellRaiseR's Avatar
    Join Date: Oct:2004
    Location: Hell
    Posts: 3,941

    , . ( ) pc- .
    40 . , - , , internet explorer, .
    task manager-a .
    40 .
    task manager-a , , , rundll32.exe, 1 mb - "" ( 3.2 mb), , , .

    XP SP2 , , anti-spyware malware, .
    ? rundll32?

  2. #2
    Prolemuris
    Join Date: Oct:2006
    Location: Varna
    Posts: 4,296
    System Information, . , . . , , , ComboFix.

  3. #3
    มวยไทย HellRaiseR's Avatar
    Join Date: Oct:2004
    Location: Hell
    Posts: 3,941
    - system information ?
    , , , .

  4. #4
    Prolemuris
    Join Date: Oct:2006
    Location: Varna
    Posts: 4,296
    1. System Information, Software, Loaded Modules, dll-. , , Process Explorer, MS.

    2. http://hardwarebg.com/forum/showthread.php?t=91314

    ComboFix.

  5. #5
    มวยไทย HellRaiseR's Avatar
    Join Date: Oct:2004
    Location: Hell
    Posts: 3,941
    hijackthis .

    Code:
    Logfile of HijackThis v1.97.7
    Scan saved at 11:22:15, on 31.8.2009 .
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.20583)
    
    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\RTHDCPL.EXE
    C:\Program Files\Winamp\Winampa.exe
    C:\WINDOWS\vVX1000.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Internet Download Manager\IDMan.exe
    C:\WINDOWS\Datecs\Flex2K.exe
    C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
    C:\WINDOWS\system32\oodag.exe
    C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Skype\Phone\Skype.exe
    C:\Program Files\Winamp\winamp.exe
    C:\Program Files\HiJackThis\HijackThis.exe
    
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
    O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
    O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\Winampa.exe"
    O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [OODefragTray] C:\WINDOWS\system32\oodtray.exe
    O4 - HKLM\..\Run: [VX1000] C:\WINDOWS\vVX1000.exe
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
    O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
    O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: FlexType 2K.lnk = ?
    O8 - Extra context menu item: Download All Links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm
    O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: Skype (HKLM)
    O9 - Extra button: Research (HKLM)
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 (HKLM)
    O9 - Extra button: Messenger (HKLM)
    O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM)
    O10 - Unknown file in Winsock LSP: c:\windows\system32\idmmbc.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\idmmbc.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\idmmbc.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\idmmbc.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\idmmbc.dll
    O11 - Options group: [INTERNATIONAL] International*
    O11 - Options group: [TABS] Tabbed Browsing
    O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://dev.srtest.com/srl_bin/sysreqlab3.cab
    O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{26225E05-8EC3-4C82-BFD0-D12AF34E009D}: NameServer = 83.97.65.104 83.97.65.104
    edit: combofix
    System Information, , software?

    Code:
    ComboFix 09-08-30.02 - Cail 08.2009 . 11:39.1.2 - NTFSx86
    Microsoft Windows XP Professional  5.1.2600.2.1251.359.1033.18.2046.1627 [GMT 3:00]
    Running from: C:\ComboFix.exe
    
    WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
    .
    
    (((((((((((((((((((((((((   Files Created from 2009-07-28 to 2009-08-31  )))))))))))))))))))))))))))))))
    .
    
    2009-08-30 20:12 . 2009-08-30 20:20	--------	d-----w-	c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
    2009-08-30 20:12 . 2009-08-30 20:12	--------	d-----w-	c:\program files\Spybot - Search & Destroy
    2009-08-19 22:23 . 2009-08-19 22:23	--------	d-----w-	c:\documents and settings\My Documents\id Software
    2009-08-19 09:40 . 2009-08-19 22:23	--------	d-----w-	c:\documents and settings\Cail\Local Settings\Application Data\id Software
    
    .
    ((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2009-08-31 08:42 . 2008-06-15 17:00	--------	d-----w-	c:\documents and settings\Cail\Application Data\DMCache
    2009-08-31 08:38 . 2009-08-31 08:37	3188346	----a-r-	C:\ComboFix.exe
    2009-08-31 08:20 . 2008-06-15 17:31	--------	d-----w-	c:\documents and settings\Cail\Application Data\Skype
    2009-08-30 20:26 . 2009-02-26 22:53	--------	d-----w-	c:\program files\Garena
    2009-08-28 15:13 . 2008-06-15 17:10	--------	d-----w-	c:\program files\DC++
    2009-08-25 19:54 . 2008-06-15 16:57	--------	d-----w-	c:\program files\mIRC
    2009-08-19 09:37 . 2008-06-15 20:23	--------	d--h--w-	c:\program files\InstallShield Installation Information
    2009-08-18 08:34 . 2009-02-18 20:42	--------	d-----w-	c:\documents and settings\Cail\Application Data\Hamachi
    2009-07-21 19:13 . 2009-07-21 18:56	--------	d-----w-	c:\documents and settings\All Users\Application Data\Codemasters
    2009-07-21 18:51 . 2009-07-21 18:51	--------	d-----w-	c:\program files\OpenAL
    2009-07-21 18:51 . 2008-07-27 22:20	444952	----a-w-	c:\windows\system32\wrap_oal.dll
    2009-07-21 18:51 . 2008-07-27 22:20	109080	----a-w-	c:\windows\system32\OpenAL32.dll
    2009-07-18 18:58 . 2009-03-28 16:11	--------	d-----w-	c:\program files\TweakNow RegCleaner
    2009-07-18 17:36 . 2009-07-18 17:36	3180505	----a-w-	c:\program files\Everest.rar
    2009-07-08 00:09 . 2008-07-10 21:25	1915520	----a-w-	c:\documents and settings\Cail\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\fpupdateax\fpupdateax.exe
    2009-07-06 01:41 . 2009-07-06 01:41	--------	d-----w-	c:\program files\Common Files\DVDVideoSoft
    2009-06-10 05:28 . 2009-06-10 05:28	3510272	----a-w-	c:\windows\system32\nvgames.dll
    2009-06-10 05:28 . 2009-06-10 05:28	4022272	----a-w-	c:\windows\system32\nvdisps.dll
    2009-06-10 05:28 . 2009-06-10 05:28	86016	----a-w-	c:\windows\system32\nvmctray.dll
    2009-06-10 05:28 . 2009-06-10 05:28	168004	----a-w-	c:\windows\system32\nvsvc32.exe
    2009-06-10 05:28 . 2009-06-10 05:28	143360	----a-w-	c:\windows\system32\nvcolor.exe
    2009-06-10 05:28 . 2009-06-10 05:28	13758464	----a-w-	c:\windows\system32\nvcpl.dll
    2009-06-10 05:28 . 2009-06-10 05:28	229376	----a-w-	c:\windows\system32\nvmccs.dll
    2009-06-10 03:03 . 2009-06-07 13:43	671744	----a-w-	c:\windows\system32\nvcuvid.dll
    2009-06-10 03:03 . 2009-06-07 13:43	1580550	----a-w-	c:\windows\system32\nvdata.bin
    2009-06-10 03:03 . 2009-06-07 13:43	1310720	----a-w-	c:\windows\system32\nvcuvenc.dll
    2009-06-10 03:03 . 2008-06-15 15:50	457248	----a-w-	c:\windows\system32\nvudisp.exe
    2009-06-10 03:03 . 2008-05-02 19:46	9998336	----a-w-	c:\windows\system32\nvoglnt.dll
    2009-06-10 03:03 . 2008-05-02 19:46	815104	----a-w-	c:\windows\system32\nvapi.dll
    2009-06-10 03:03 . 2008-05-02 19:46	8087712	----a-w-	c:\windows\system32\drivers\nv4_mini.sys
    2009-06-10 03:03 . 2008-05-02 19:46	5908608	----a-w-	c:\windows\system32\nv4_disp.dll
    2009-06-10 03:03 . 2008-05-02 19:46	1720320	----a-w-	c:\windows\system32\nvcuda.dll
    2009-06-10 03:03 . 2008-05-02 19:46	151552	----a-w-	c:\windows\system32\nvcodins.dll
    2009-06-10 03:03 . 2008-05-02 19:46	151552	----a-w-	c:\windows\system32\nvcod.dll
    2009-06-07 00:43 . 2009-06-07 00:43	279712	----a-w-	c:\windows\system32\drivers\atksgt.sys
    2009-06-07 00:43 . 2009-06-07 00:43	25888	----a-w-	c:\windows\system32\drivers\lirsgt.sys
    2009-06-04 13:39 . 2008-06-15 15:49	457248	----a-w-	c:\windows\system32\NVUNINST.EXE
    2007-06-24 07:38 . 2007-06-24 07:38	164746	--sha-r-	c:\windows\system32\jcpirss.dll
    .
    
    (((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown 
    REGEDIT4
    
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "IDMan"="c:\program files\Internet Download Manager\IDMan.exe" [2004-04-22 462336]
    
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
    "WinampAgent"="c:\program files\Winamp\Winampa.exe" [2003-04-02 12288]
    "Sony Ericsson PC Suite"="c:\program files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2005-10-26 159744]
    "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2006-09-01 282624]
    "OODefragTray"="c:\windows\system32\oodtray.exe" [2009-02-25 2553088]
    "VX1000"="c:\windows\vVX1000.exe" [2007-04-10 709992]
    "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2006-09-11 229952]
    "Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2009-03-26 401040]
    "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-06-10 13758464]
    "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-06-10 86016]
    "RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.exe [2007-09-19 16844800]
    "nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2009-06-10 1657376]
    
    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
    "ShowDeskFix"="shell32" [X]
    
    c:\documents and settings\All Users\Start Menu\Programs\Startup\
    Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2008-6-23 113664]
    FlexType 2K.lnk - c:\windows\Datecs\Flex2K.exe [2008-6-16 151552]
    
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
    BootExecute	REG_MULTI_SZ   	autocheck autochk *\0OODBS
    
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\Program Files\\mIRC\\mirc.exe"=
    "c:\\Program Files\\DC++\\DCPlusPlus.exe"=
    "e:\\GAMES\\Condition Zero\\Valve\\hl.exe"=
    "c:\\Program Files\\BitComet\\BitComet.exe"=
    "e:\\GAMES\\Crysis\\Bin32\\Crysis.exe"=
    "e:\\GAMES\\Crysis\\Bin32\\CrysisDedicatedServer.exe"=
    "c:\\Program Files\\iTunes\\iTunes.exe"=
    "e:\\GAMES\\Condition Zero\\Valve\\hlds.exe"=
    "e:\\GAMES\\Call Of Duty 4\\iw3mp.exe"=
    "e:\\GAMES\\Don't Get Angry 2\\DA2.exe"=
    "c:\\Program Files\\Hamachi\\hamachi.exe"=
    "e:\\GAMES\\Warcraft III\\War3.exe"=
    "e:\\GAMES\\Warcraft III\\Frozen Throne.exe"=
    "e:\\GAMES\\Quake 3\\quake3.exe"=
    "e:\\GAMES\\Need For Speed Underground 2\\speed2.exe"=
    "c:\\Program Files\\Garena\\Garena.exe"=
    "e:\\GAMES\\Condition Zero\\Valve\\18630393230005338112.exe"=
    "e:\\GAMES\\Call of Juarez Bound in Blood\\CoJBiBGame_x86.exe"=
    "e:\\GAMES\\FEAR\\FEARXP2.exe"=
    "e:\\GAMES\\Far Cry2\\Far Cry 2\\bin\\FarCry2.exe"=
    "e:\\GAMES\\Far Cry2\\Far Cry 2\\bin\\FC2Launcher.exe"=
    "e:\\GAMES\\Far Cry2\\Far Cry 2\\bin\\FC2Editor.exe"=
    "e:\\GAMES\\Wolfenstain 2\\MP\\Wolf2MP.exe"=
    "e:\\GAMES\\Wolfenstain 2\\MP\\Wolf2MPLite.exe"=
    "c:\\Program Files\\Skype\\Phone\\Skype.exe"=
    
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "55798:TCP"= 55798:TCP:PORT_55798
    "48813:TCP"= 48813:TCP:PORT_48813
    "20596:TCP"= 20596:TCP:PORT_20596
    "19051:TCP"= 19051:TCP:PORT_19051
    "9992:TCP"= 9992:TCP:PORT_9992
    "53127:TCP"= 53127:TCP:PORT_53127
    "8078:TCP"= 8078:TCP:PORT_8078
    "28986:TCP"= 28986:TCP:PORT_28986
    "25063:TCP"= 25063:TCP:PORT_25063
    "5301:TCP"= 5301:TCP:PORT_5301
    "40286:TCP"= 40286:TCP:PORT_40286
    "62208:TCP"= 62208:TCP:PORT_62208
    "14551:TCP"= 14551:TCP:PORT_14551
    "53191:TCP"= 53191:TCP:PORT_53191
    "63024:TCP"= 63024:TCP:PORT_63024
    "21531:TCP"= 21531:TCP:PORT_21531
    "7735:TCP"= 7735:TCP:PORT_7735
    "20099:TCP"= 20099:TCP:PORT_20099
    "38398:TCP"= 38398:TCP:PORT_38398
    "50381:TCP"= 50381:TCP:PORT_50381
    "44780:TCP"= 44780:TCP:PORT_44780
    "9158:TCP"= 9158:TCP:PORT_9158
    "46961:TCP"= 46961:TCP:PORT_46961
    "10606:TCP"= 10606:TCP:PORT_10606
    "9424:TCP"= 9424:TCP:PORT_9424
    "17646:TCP"= 17646:TCP:PORT_17646
    "16742:TCP"= 16742:TCP:PORT_16742
    "52339:TCP"= 52339:TCP:PORT_52339
    "16398:TCP"= 16398:TCP:PORT_16398
    "5740:TCP"= 5740:TCP:xwlzjdp
    
    R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [28.3.2009 . 20:50 179856]
    R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [28.3.2009 . 20:50 15504]
    S0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys --> c:\windows\system32\drivers\TfFsMon.sys [?]
    S0 TfSysMon;TfSysMon;c:\windows\system32\drivers\TfSysMon.sys --> c:\windows\system32\drivers\TfSysMon.sys [?]
    S2 adpblegv;Shell Center;c:\windows\system32\svchost.exe -k netsvcs [04.8.2004 . 02:56 14336]
    S3 GarenaPEngine;GarenaPEngine;\??\c:\docume~1\Cail\LOCALS~1\Temp\CCG1.tmp --> c:\docume~1\Cail\LOCALS~1\Temp\CCG1.tmp [?]
    S3 pctplsg;pctplsg;\??\c:\windows\system32\drivers\pctplsg.sys --> c:\windows\system32\drivers\pctplsg.sys [?]
    S3 TfNetMon;TfNetMon;\??\c:\windows\system32\drivers\TfNetMon.sys --> c:\windows\system32\drivers\TfNetMon.sys [?]
    
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - NetSvcs
    adpblegv
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = about:blank
    IE: Download All Links with IDM - c:\program files\Internet Download Manager\IEGetAll.htm
    IE: Download with IDM - c:\program files\Internet Download Manager\IEExt.htm
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    LSP: c:\windows\system32\idmmbc.dll
    TCP: {26225E05-8EC3-4C82-BFD0-D12AF34E009D} = 83.97.65.104 83.97.65.104
    DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    .
    
    **************************************************************************
    
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2009-08-31 11:42
    Windows 5.1.2600 Service Pack 2 NTFS
    
    scanning hidden processes ...  
    
    scanning hidden autostart entries ... 
    
    scanning hidden files ...  
    
    scan completed successfully
    hidden files: 0
    
    **************************************************************************
    
    [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\GarenaPEngine]
    "ImagePath"="\??\c:\docume~1\Cail\LOCALS~1\Temp\CCG1.tmp"
    
    [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\adpblegv]
    "ServiceDll"="c:\windows\system32\jcpirss.dll"
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    
    [HKEY_USERS\S-1-5-21-343818398-1390067357-839522115-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
    "??"=hex:cb,24,f0,d2,ab,81,4b,49,9a,52,d1,16,d6,83,19,54,9c,05,d6,94,50,2d,ec,
       15,41,b3,42,3c,d5,a6,3a,e4,4f,c8,de,0b,cc,89,cd,82,87,3f,d5,20,83,9d,db,89,\
    "??"=hex:f1,42,49,73,a4,b4,8b,22,77,dd,69,bc,52,95,ad,ee
    
    [HKEY_USERS\S-1-5-21-343818398-1390067357-839522115-1003\Software\SecuROM\License information*]
    "datasecu"=hex:37,38,cf,87,16,07,16,2a,33,67,65,4c,be,2d,4e,7b,8f,00,69,63,69,
       7f,0a,84,80,d8,74,2b,d3,9f,d9,3e,a2,d5,ee,eb,d6,dd,64,e2,d9,ef,02,60,b3,91,\
    "rkeysecu"=hex:25,b1,a8,e2,05,9a,90,7f,73,c3,fe,b7,7a,d7,80,39
    
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10c.exe,-101"
    
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
    "Enabled"=dword:00000001
    
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
    @="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10c.exe"
    
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker3"
    
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    
    [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]
    "OODEFRAG11.00.00.01WORKSTATION"="A35C63563EE8A083ED9FFEED6C7004C99E736733A1BDE05C11232F8A61C15C5272CD85D43D9B2E55C9D3D9FC40C8F5ACCCDED88D2BF9576303EF32D000E36AF03B86B211E23203F5CCCFA85740FB3512B2E626C3CD5043BBE92D7CF8D5D1C132272B9F0BD3E122F95E7DC7895ED47CEC15FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC79335D575E7D6A3B98089DB7CE019D40AA5CA2D97226D213B55552F1949B259711F4D2761324E8E3C9D0A8528E0940DA6425BFBA017D89D95217528B45B00E9D2F50586E1836301456D58ED4B0C241FBFC2907C1E63C54D96240C95EE890AD2F0C468BE68165BA949AB36D5DF1971B162131CF19D37FC060954A349A9417924952F5B033F45E2D1822667304A71DAD2D5D34D13CF16C056A9CC9EFBDE395E97C71B06F7AA0BBD1643C9EAF33B0DCF75C84DFA87E6E18FB86670AC221F5CE8AEC1DFD54B7B11094517E3E192CECD5A253A916CF827A8D2658AE87526DECFAE8D1CB18CF38DD5F074D405E0A0240F876522868ACC14C4CA51669742A1F6F472478B7ED36215B23DC589D483D9D94AC61329A2182091DC7C08C58353A0AA851FAC2E121BF67E6C7EF0AF57DD6B9564B735AE4BDFE78ABE6E21A7CE356D24730D0228C89895640AF3D09EE315A657523E5C92AEB2E86B7841C321DCD3473FC69AD1FBE30938CA9AEE414F0CAB20667759094D31304F988EF9C5CC2F4703A807ABD584454C27C6C8E2DFB2665AA5224F8F16010C956F0E66B3DB3BB0F8A478DD2D07B2CE95E6ED20C7DA50050F6D6A8D72C65CFDDDEDB21ADF7661B84E51362D6DA4E4915137BAD57E28BB2902BF276AE04F3474F3D7E09636D3937F3C8E4C05DF329B1B1F2934F9610B9365BC0D99090E5ED705272F373AA5E8429AEE0DBF0355777C14DEFF890625752C51F151500045C49084FE527BA16B3B050B9BA68BB1B66BA99AA64C1CC48348A63F86A7E52821B108FE3E159BB2EF5BD4D4F4CD271C423859AC10C5A63C7C0AAD23D66C61879F8E04CDF941FD86CD5C087DCEB32645AB682ECBC0600B75740919A7310F0E44C6D6FC6481162F6BFA65F280354756AF6EC6B7AF7594633DF172F8857D65652CF9800CBD34C5D800DDC559E9825DEDE2CB49074086C14BE3FCD09AB588B217D4EBA6CED71A12363A895F19CA5E2049F7CA3D8CB338CA34CC31139591A64D20686BB250241501910608F9897E9744E8F60703BB9F36904CE35B0EC287379BD10A9A22B2016F8F4FDF0AC41C95425FA174476C238781898BCCA24E3F571490945DDA095A6F9A346A48FF4F4B20C249C9E073711862310179333837562D1B432D23E858D36A9B96D03E012D4926A851995FED5D9280A2F8A520D8B89D00980086857C7D0B314091D1A82D31471"
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------
    
    - - - - - - - > 'lsass.exe'(724)
    c:\windows\system32\idmmbc.dll
    
    - - - - - - - > 'explorer.exe'(3832)
    c:\windows\system32\newdll.dll
    c:\program files\Internet Download Manager\idmmkb.dll
    c:\windows\system32\WPDShServiceObj.dll
    c:\windows\system32\PortableDeviceTypes.dll
    c:\windows\system32\PortableDeviceApi.dll
    .
    Completion time: 2009-08-31 11:43
    ComboFix-quarantined-files.txt  2009-08-31 08:42
    
    Pre-Run: 4*683*264*000 bytes free
    Post-Run: 4*954*492*928 bytes free
    
    220


    ---------- 17:00 ---------- 11:32 ----------

    , - McAfee 8.7i
    Last edited by HellRaiseR; 31st August 2009 at 11:49.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

Copyright © 1999-2011 . .
iskamPC.com | mobility.BG | Bloody's Techblog | | 3D Vision Blog |