Welcome, Guest. Please login or register. Did you miss your activation email?

Author Topic: Mời các bạn thành viên forum CMCLab Support test phiên bản CMCIS với engine mới  (Read 15389 times)

bolzano_1989

  • Administrator
  • Thank You
  • -Given: 540
  • -Receive: 840
  • Posts: 4629

REDFOX, bạn tạo các file log để sẵn để CMCIS lưu log lại cho mình (xem hướng dẫn ở bài viết số 1 ở chủ đề này), sau đó cài lại CMCIS chạy 1 thời gian để lặp lại hiện tượng rồi lấy các file log trên gửi cho mình nhé R:) .

@quocbao: Anh đã gửi rồi đó R;) .
I hear and I may forget, I see and I remember, I do and I understand...
CMC InfoSec hỗ trợ khách hàng 24/7 qua đường dây nóng: 1900 571 244
CMCiS Fan Club: http://goo.gl/pnIHl
Trợ giúp diệt virus gửi tin nhắn Yahoo: http://goo.gl/MWzFT
CMC InfoSec FB: http://goo.gl/WZlbg
Mình không nhận kiểm tra log không phí qua email, tin nhắn riêng (trừ khi có lý do bảo mật đặc biệt cụ thể), cũng như các trường hợp gửi log mà không ghi rõ các hiện tượng đặc trưng biểu hiện máy tính bị lây nhiễm virus: http://goo.gl/XOnBi
Nếu bạn có các kĩ năng Reverse Code Engineering và muốn đóng góp cho forum thì gửi tin nhắn riêng cho mình nhé.

kienvp

  • Registered Users
  • Thank You
  • -Given: 3
  • -Receive: 0
  • Posts: 17

Bài viết này sẽ được dùng để cập nhật các thông tin và câu hỏi thường gặp.

Để tránh hiện tượng tham gia chỉ với mục đích thu thập key bản quyền mà không thực sự tham gia testing với một số thành viên, có thể tôi sẽ yêu cầu bạn gửi thêm một bản scan giấy tờ tùy thân (giấy Chứng Minh Nhân Dân,...) của bạn cho tôi qua email.
Link tải khác cho file CMCLog.zip: http://www.mediafire.com/?xmz1blidz24c0jn
Mình không Dowload được từ Media nhỉ.
hình như link đó bị die rồi đó.

quocbao

  • CMC Express Group
  • Thank You
  • -Given: 432
  • -Receive: 517
  • Posts: 4346

Bài viết này sẽ được dùng để cập nhật các thông tin và câu hỏi thường gặp.

Để tránh hiện tượng tham gia chỉ với mục đích thu thập key bản quyền mà không thực sự tham gia testing với một số thành viên, có thể tôi sẽ yêu cầu bạn gửi thêm một bản scan giấy tờ tùy thân (giấy Chứng Minh Nhân Dân,...) của bạn cho tôi qua email.
Link tải khác cho file CMCLog.zip: http://www.mediafire.com/?xmz1blidz24c0jn
Mình không Dowload được từ Media nhỉ.
hình như link đó bị die rồi đó.


Của bạn đây, link đó đã die
machtudong.vn - Chuyên cung cấp các sản phẩm Arduino và nhiều loại linh kiện cơ điện tử phục vụ các hoạt động nghiên cứu, thực hành, chế tạo robot, đồ chơi, các ứng dụng tự động, các mạch tự động... và nhiều ứng dụng do it yourseft khác.

luckeyone

  • Registered Users
  • Thank You
  • -Given: 9
  • -Receive: 0
  • Posts: 28

Bác Bol gởi cho em một key với nào. email: gocchiaseso1@gmail.com bác nhá. Thân bác nhiều. đan muốn làm bài test cmc phát đây bác ơi.

bolzano_1989

  • Administrator
  • Thank You
  • -Given: 540
  • -Receive: 840
  • Posts: 4629

Bác Bol gởi cho em một key với nào. email: gocchiaseso1@gmail.com bác nhá. Thân bác nhiều. đan muốn làm bài test cmc phát đây bác ơi.

Mình đã gửi bạn key bản quyền để bạn tham gia testing.
Bạn hãy gửi những kết quả testing và các góp ý, nhận xét,...vào chủ đề này nhé R;) .
I hear and I may forget, I see and I remember, I do and I understand...
CMC InfoSec hỗ trợ khách hàng 24/7 qua đường dây nóng: 1900 571 244
CMCiS Fan Club: http://goo.gl/pnIHl
Trợ giúp diệt virus gửi tin nhắn Yahoo: http://goo.gl/MWzFT
CMC InfoSec FB: http://goo.gl/WZlbg
Mình không nhận kiểm tra log không phí qua email, tin nhắn riêng (trừ khi có lý do bảo mật đặc biệt cụ thể), cũng như các trường hợp gửi log mà không ghi rõ các hiện tượng đặc trưng biểu hiện máy tính bị lây nhiễm virus: http://goo.gl/XOnBi
Nếu bạn có các kĩ năng Reverse Code Engineering và muốn đóng góp cho forum thì gửi tin nhắn riêng cho mình nhé.

luckeyone

  • Registered Users
  • Thank You
  • -Given: 9
  • -Receive: 0
  • Posts: 28

vâng cảm ơn bác. em sẽ test để có y kiến cho bác ngay ok.

luckeyone

  • Registered Users
  • Thank You
  • -Given: 9
  • -Receive: 0
  • Posts: 28

Xin có ý kiến về việc sử dụng key là CMC nên có mục backup key ( gồm thông tin key) để khôi phục khỏi active nhiều lần một key để những người tham gia test sản phẩm không phải active cùng một thông tin lỡ khi cài đặt lại hoặc đổi máy tính hoặc làm việc tại quán net có đóng băng. Đó là ý kiến của em các bác CMC nếu thấy hợp lý thì em xin cảm ơn nếu không hợp lý đừng chém em nhá.

luckeyone

  • Registered Users
  • Thank You
  • -Given: 9
  • -Receive: 0
  • Posts: 28

Đây là các lỗi mà mình gặp khi test bản mới.
Link HÌnh
http://i840.photobucket.com/albums/zz330/atula9x/Up%20anh%20CMC/loi3.jpg ( Lỗi không UPdate được báo 103)
http://i840.photobucket.com/albums/zz330/atula9x/Up%20anh%20CMC/loi2.jpg (Lỗi thông tin đăng ký bị xin chờ... không hoàn tất)
http://i840.photobucket.com/albums/zz330/atula9x/Up%20anh%20CMC/li1.jpg ( Bảo vệ Mail và QUản lý Internet không bật lên được, tự tắt khi bật lên)
http://i840.photobucket.com/albums/zz330/atula9x/Up%20anh%20CMC/loi4.jpg ( Quét bộ nhớ không phát hiện gì )---- Mình quét lần thứ nhất. đang up ảnh lần quét toàn máy và sẽ upload file hijack hunter.




luckeyone

  • Registered Users
  • Thank You
  • -Given: 9
  • -Receive: 0
  • Posts: 28

CMC nên có nút tắt các tab riêng cho từng tác vụ quét thì tốt hơn không nên để thế này vì tắt một tác vụ là tắt hết tác vụ quét. như hình dưới đây là cần cải tiến thêm để có thể tắt các tác vụ hoàn thành mà không tắt tác vụ đang hoạt động.
http://i840.photobucket.com/albums/zz330/atula9x/Up%20anh%20CMC/loi5.jpg

luckeyone

  • Registered Users
  • Thank You
  • -Given: 9
  • -Receive: 0
  • Posts: 28

Menu chuột phải khi bấm vào file chưa việt hóa hết khi cài đặt chọn mặc định ngôn ngữ tiếng việt
http://i840.photobucket.com/albums/zz330/atula9x/Up%20anh%20CMC/loi6.jpg

luckeyone

  • Registered Users
  • Thank You
  • -Given: 9
  • -Receive: 0
  • Posts: 28

Log Của Hijack Hunter nè các bác.
Hijack Hunter 1.8.4.1
http://www.novirusthanks.org
Log created on 1/31/2012 at 8:22:53 PM

  • Generic system info


Operating System: Microsoft Windows XP Service Pack 3 32-bit
Build Version: 2600.xpsp.080413-2111
Internet Explorer: 8.0.6001.18702
System Folder: C:\WINDOWS\system32

  • Running processes
[System Process] (0 bytes) (Unknown) () (HSAR) (d41d8cd98f00b204e9800998ecf8427e)
System (0 bytes) (Unknown) () (HSAR) (d41d8cd98f00b204e9800998ecf8427e)
C:\WINDOWS\system32\AutoService.exe (65536 bytes) (Unknown) (1/1/2012 9:47:01 AM) (--A-) (a321609e3c1b07953ddf259780968534)
C:\WINDOWS\system32\underground.exe (94152 bytes) (Unknown) (1/1/2012 9:47:01 AM) (--A-) (947ffe5ddf7155dd4022fa7c85733ee0)
C:\WINDOWS\system32\smssas.exe (155648 bytes) (VinaGame) (1/1/2012 9:47:01 AM) (--A-) (ba4c613b7d06c3900d203cfe3c0d0269)
C:\Program Files\CSMClient\CyberStation.exe (420232 bytes) (VinaGame JSC) (1/1/2012 9:47:01 AM) (--A-) (4fcc878458d5e161e64ca2c40894f660)
C:\Program Files\CSMClient\GameMenuClient\GMClient.exe (651656 bytes) (VinaGame JSC) (1/13/2012 2:34:31 AM) (--A-) (71a5c045e9bec2743d6a4c1ccdedca77)
C:\Program Files\UniKey\UniKeyNT.exe (217088 bytes) (Unknown) (4/19/2006 6:55:00 AM) (--A-) (e2878cc39db71606f2f77186a0fd16de)
C:\WINDOWS\system32\wdfmgr.exe (38912 bytes) (Microsoft Corporation) (1/28/2005 1:44:28 PM) (--A-) (ab0a7ca90d9e3d6a193905dc1715ded0)
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe (602392 bytes) (Yahoo! Inc.) (11/10/2008 3:48:14 AM) (--A-) (dd0042f0c3b606a6a8b92d49afb18ad6)
C:\Documents and Settings\TuanKiet\Local Settings\Application Data\Google\Chrome\Application\chrome.exe (1047024 bytes) (Google Inc.) (1/1/2012 9:37:12 AM) (--A-) (e5c93e2cf6c7b903799cf99f71286e1a)
C:\PROGRA~1\Yahoo!\Messenger\ymsgr_tray.exe (79160 bytes) (Yahoo! Inc.) (1/1/2012 9:38:02 AM) (--A-) (0ac86947dc37b645cd29949d87f6830d)
C:\Program Files\Adblock Pro\abpmain.exe (372736 bytes) (Adblock Pro Team) (6/28/2010 6:59:08 PM) (--A-) (8e72a2a138757250c5890f770fbf8c50)
C:\Program Files\CMC\Internet Security\cmccore.exe (1587304 bytes) (Unknown) (1/31/2012 7:45:14 PM) (--A-) (876078fe0d9f3d03c8a7c9a69028038a)
C:\Program Files\CMC\Internet Security\CMCTrayIcon.exe (270336 bytes) (CMC Information Security Corp) (1/31/2012 7:45:15 PM) (--A-) (3e07c4a28a67db786571106d1ddd0c57)
C:\Program Files\CMC\Internet Security\cmc_ipsfltr.exe (1202176 bytes) (CMC Information Security) (1/31/2012 7:45:16 PM) (--A-) (8394f56aeb7ace940eaf2c1dde569b50)
C:\Program Files\Internet Download Manager\IDMan.exe (3437976 bytes) (Tonec Inc.) (11/14/2011 8:39:03 PM) (--A-) (e1141db68ad2f6a8dd464aaa16c975b6)
C:\Program Files\Internet Download Manager\IEMonitor.exe (263600 bytes) (Tonec Inc.) (11/14/2011 8:39:02 PM) (--A-) (207b16fa69f61d1895f8d8532f587e4b)
C:\Program Files\WinRAR\WinRAR.exe (915968 bytes) (Unknown) (1/1/2012 9:34:19 AM) (--A-) (8fa8baad4c6fa621e5f5837a91b9681b)
C:\DOCUME~1\TuanKiet\LOCALS~1\Temp\Rar$EX00.266\HijackHunter.exe (628736 bytes) (NoVirusThanks Company Srl) (1/31/2012 8:22:50 PM) (--A-) (b6ffa83b91d78a0369fe0e15e4dba69c)

  • Loaded Modules


C:\WINDOWS\system32\msacm32.drv (20480 bytes) (Microsoft Corporation) (9/1/2004 2:00:00 PM) (--A-) (9a3bd5f55aadff859539142f6328a66e)
C:\WINDOWS\AppPatch\AcAdProc.dll (39424 bytes) (Microsoft Corporation) (4/14/2008 4:41:50 AM) (--A-) (ea9ee60b408878e5f2012f9c783836db)
C:\WINDOWS\system32\Normaliz.dll (23552 bytes) (Microsoft Corporation) (1/7/2009 6:20:36 PM) (--A-) (10753a3adc3e39a3b10cc3f08e98e6b4)
C:\WINDOWS\system32\iertutil.dll (1985024 bytes) (Microsoft Corporation) (3/8/2009 4:32:22 AM) (----) (58bd4689e1dcd40a903721d7ef45f2ec)
C:\WINDOWS\system32\ddmUp.dll (57736 bytes) (Unknown) (1/1/2012 9:47:01 AM) (--A-) (0c94980edafe2de3d200481508e986e4)
C:\WINDOWS\system32\mddencrypt.dll (53640 bytes) (TODO: <Company name>) (1/1/2012 9:47:01 AM) (--A-) (2b3b1b38e2c0622cddc0dc29cc19e277)
C:\WINDOWS\system32\BugTrapU.dll (286208 bytes) (IntelleSoft) (1/1/2012 9:47:01 AM) (--A-) (26f77864c0a19bdf2c7be916fb45a7db)
C:\WINDOWS\system32\csmcrbt.dll (91592 bytes) (VinaGame JSC) (1/1/2012 9:47:01 AM) (--A-) (165d283e5dd87ae3015ad4904a3d5975)
C:\WINDOWS\system32\csmctck.dll (72648 bytes) (VinaGame JSC) (1/10/2012 10:56:37 PM) (--A-) (2d8cb6ef4c85dc2176bc5b5f483d6f29)
C:\WINDOWS\system32\ieframe.dll (11063808 bytes) (Microsoft Corporation) (3/8/2009 4:39:48 AM) (----) (729da5d23a9ad20a6aa353156a126420)
C:\WINDOWS\system32\Macromed\Flash\Flash11c.ocx (8627360 bytes) (Adobe Systems, Inc.) (1/1/2012 9:38:09 AM) (--AR) (bd007d624e4cd905ab2e8df2c6de891c)
C:\WINDOWS\system32\igfxpph.dll (194048 bytes) (Intel Corporation) (12/21/2011 11:55:19 PM) (--A-) (4de35a8e699f9af56c328be40d57ed87)
C:\WINDOWS\system32\hccutils.DLL (94720 bytes) (Intel Corporation) (12/21/2011 11:55:19 PM) (--A-) (97ad468d6755e59a25227fa3c702b087)
C:\WINDOWS\system32\igfxsrvc.dll (57344 bytes) (Intel Corporation) (12/21/2011 11:55:19 PM) (--A-) (1f20c04c5290c504644700ef73c4124e)
C:\WINDOWS\system32\igfxrENU.lrc (85504 bytes) (Intel Corporation) (12/21/2011 11:55:19 PM) (--A-) (1329d192636305905229b7b68f8db83f)
C:\WINDOWS\system32\blcs.dll (77920 bytes) (VinaGame) (1/1/2012 9:47:01 AM) (--A-) (02ef211173f42842643da021a97b75ea)
C:\WINDOWS\system32\MSVCRTD.dll (385100 bytes) (Microsoft Corporation) (1/1/2012 9:47:01 AM) (--A-) (2760781da57e727ba519af0139b4b1bc)
C:\WINDOWS\system32\Audiodev.dll (484352 bytes) (Microsoft Corporation) (1/28/2005 1:44:28 PM) (--A-) (6e2a195b0094d8f8a076d248c0bf832e)

  • Registry startups


Value: Cyber Station Manager
Data: C:\Program Files\CSMClient\CyberStation.exe
Key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Value: MSConfig
Data: C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
Key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Value: KernelFaultCheck
Data: %systemroot%\system32\dumprep 0 -k
Key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Value: adblock pro
Data: C:\Program Files\Adblock Pro\abpmain.exe -m
Key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Value: Messenger (Yahoo!)
Data: "C:\PROGRA~1\Yahoo!\Messenger\YahooMessenger.exe" -quiet
Key: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Value: UniKey
Data: C:\Program Files\UniKey\UniKeyNT.exe
Key: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Value: ctfmon.exe
Data: C:\WINDOWS\system32\ctfmon.exe
Key: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Value: CMC Internet Security
Data: "C:\Program Files\CMC\Internet Security\CMCTrayIcon.exe"
Key: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Value: CMC Remote Support
Data: "C:\Program Files\CMC\Internet Security\CMCHst.exe" -AUTORUN
Key: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Value: IDMan
Data: C:\Program Files\Internet Download Manager\IDMan.exe /onboot
Key: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Value: StubPath
Data: C:\WINDOWS\system32\ieudinit.exe
Key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\<{12d0ed0d-0ee0-4f90-8827-78cefb8f4988}

Value: {0055C089-8582-441B-A0BF-17B458C2A3A8}
Data: C:\Program Files\Internet Download Manager\IDMIECC.dll
Key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0055C089-8582-441B-A0BF-17B458C2A3A8}

Value: {02478D38-C3F9-4efb-9B51-7695ECA05670}
Data: C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll
Key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}

Value: {0CB66BA8-5E1F-4963-93D1-E1D6B78FE9A2}
Data: C:\WINDOWS\system32\blcs.dll
Key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0CB66BA8-5E1F-4963-93D1-E1D6B78FE9A2}

Value: {F385C231-605B-4d8f-ACA9-DBFF765BBE17}
Data: C:\Program Files\Adblock Pro\AdblockPro.dll
Key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F385C231-605B-4d8f-ACA9-DBFF765BBE17}

Value: {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081}
Data: C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll
Key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081}


  • Other Startups Methods


Value: DLLName
Data: igfxdev.dll
Key: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui


  • Startup folders
  • TCPIP nameservers
  • Internet Explorer settings


Value: Start Page
Data: http://vn.yahoo.com/?fr=mkg029
Key: HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main

Value: Start Page
Data: http://www.google.com.vn/
Key: HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main

Value: Default_Page_URL
Data: http://vn.yahoo.com/?fr=mkg029
Key: HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main

Value: ProxyOverride
Data: local
Key: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings


  • Internet Explorer Trusted Sites
  • Windows Firewall allowed programs


Value: %windir%\Network Diagnostic\xpnetdiag.exe
Data: %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000
Key: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List

Value: C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
Data: C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger
Key: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List

Value: D:\Game online\FIFA Online 2\FF2Client.exe
Data: D:\Game online\FIFA Online 2\FF2Client.exe:*:Enabled:FIFA ONLINE
Key: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List

Value: C:\Program Files\CMC\Internet Security\cmccore.exe
Data: C:\Program Files\CMC\Internet Security\cmccore.exe:*:Enabled:CMC_IS_CLIENT_CORE
Key: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List

Value: %windir%\Network Diagnostic\xpnetdiag.exe
Data: %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000
Key: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List


  • Windows Firewall allowed ports


Value: 139:TCP
Data: 139:TCP:*:Enabled:@xpsp2res.dll,-22004
Key: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List

Value: 445:TCP
Data: 445:TCP:*:Enabled:@xpsp2res.dll,-22005
Key: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List

Value: 137:UDP
Data: 137:UDP:*:Enabled:@xpsp2res.dll,-22001
Key: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List

Value: 138:UDP
Data: 138:UDP:*:Enabled:@xpsp2res.dll,-22002
Key: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List

Value: 139:TCP
Data: 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
Key: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List

Value: 445:TCP
Data: 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
Key: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List

Value: 137:UDP
Data: 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
Key: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List

Value: 138:UDP
Data: 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
Key: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List

Value: 7122:TCP
Data: 7122:TCP:*:Enabled:CMC_IS_CORE_PORT_7122
Key: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List


  • System Hijack


Value: DisableTaskMgr
Data: 1
Key: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System

Value: DisableRegistryTools
Data: 1
Key: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System

Value: DisableTaskMgr
Data: 1
Key: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System

Value: DisableRegistryTools
Data: 1
Key: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System

Value: DisableSR
Data: 1
Key: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\SystemRestore

Value: Hidden
Data: 2
Key: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced

Value: FirstRunDisabled
Data: 1
Key: HKEY_LOCAL_MACHINE\Software\Microsoft\Security Center

Value: AntiVirusDisableNotify
Data: 1
Key: HKEY_LOCAL_MACHINE\Software\Microsoft\Security Center

Value: FirewallDisableNotify
Data: 1
Key: HKEY_LOCAL_MACHINE\Software\Microsoft\Security Center

Value: UpdatesDisableNotify
Data: 1
Key: HKEY_LOCAL_MACHINE\Software\Microsoft\Security Center

Value: EnableDCOM
Data: Y
Key: HKEY_LOCAL_MACHINE\Software\Microsoft\Ole

Value: Start
Data: 2
Key: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry

Value: Wallpaper
Data: d:\My Documents\bluegrid1024_2copy.bmp
Key: HKEY_CURRENT_USER\Control Panel\Desktop


  • Executables in Temp folders


C:\DOCUME~1\TuanKiet\LOCALS~1\Temp\174.tmp (321184 bytes) (Adobe Systems, Inc.) (1/1/2012 9:47:31 AM) (--A-) (73d4dea1a876f78feb83862d514bfe63)
C:\DOCUME~1\TuanKiet\LOCALS~1\Temp\FP_PL_PFS_INSTALLER_32bit.exe (3763360 bytes) (Adobe Systems, Inc.) (1/1/2012 9:39:57 AM) (--A-) (9344cb5046802d76d191239eb78ac267)
C:\DOCUME~1\TuanKiet\LOCALS~1\Temp\GLB110.tmp (71680 bytes) (Unknown) (1/1/2012 9:37:31 AM) (--A-) (96c6ef9a605f686878822c227aed8097)
C:\DOCUME~1\TuanKiet\LOCALS~1\Temp\np10.tmp (578560 bytes) (Microsoft Corporation) (1/1/2012 10:03:44 AM) (--A-) (b26b135ff1b9f60c9388b4a7d16f600b)
C:\DOCUME~1\TuanKiet\LOCALS~1\Temp\np11.tmp (617472 bytes) (Microsoft Corporation) (1/1/2012 10:03:44 AM) (--A-) (bab489a5fe26f2d0c910cf7af7e4cf92)
C:\DOCUME~1\TuanKiet\LOCALS~1\Temp\np12.tmp (706048 bytes) (Microsoft Corporation) (1/1/2012 10:03:55 AM) (--A-) (27d9ed8cb8b62d1e0a8e5ace6cf52e2f)
C:\DOCUME~1\TuanKiet\LOCALS~1\Temp\np13.tmp (989696 bytes) (Microsoft Corporation) (1/1/2012 10:03:55 AM) (--A-) (c24b983d211c34da8fcc1ac38477971d)
C:\DOCUME~1\TuanKiet\LOCALS~1\Temp\np14.tmp (989696 bytes) (Microsoft Corporation) (1/1/2012 10:03:55 AM) (--A-) (c24b983d211c34da8fcc1ac38477971d)
C:\DOCUME~1\TuanKiet\LOCALS~1\Temp\np15.tmp (578560 bytes) (Microsoft Corporation) (1/1/2012 10:03:55 AM) (--A-) (b26b135ff1b9f60c9388b4a7d16f600b)
C:\DOCUME~1\TuanKiet\LOCALS~1\Temp\np16.tmp (617472 bytes) (Microsoft Corporation) (1/1/2012 10:03:55 AM) (--A-) (bab489a5fe26f2d0c910cf7af7e4cf92)
C:\DOCUME~1\TuanKiet\LOCALS~1\Temp\np17.tmp (989696 bytes) (Microsoft Corporation) (1/1/2012 10:03:58 AM) (--A-) (c24b983d211c34da8fcc1ac38477971d)
C:\DOCUME~1\TuanKiet\LOCALS~1\Temp\np18.tmp (578560 bytes) (Microsoft Corporation) (1/1/2012 10:03:58 AM) (--A-) (b26b135ff1b9f60c9388b4a7d16f600b)
C:\DOCUME~1\TuanKiet\LOCALS~1\Temp\np19.tmp (617472 bytes) (Microsoft Corporation) (1/1/2012 10:03:58 AM) (--A-) (bab489a5fe26f2d0c910cf7af7e4cf92)
C:\DOCUME~1\TuanKiet\LOCALS~1\Temp\npF.tmp (989696 bytes) (Microsoft Corporation) (1/1/2012 10:03:44 AM) (--A-) (c24b983d211c34da8fcc1ac38477971d)

  • Executables in suspicious folders


C:\Uninstall Hiren's Boot HDD.exe (184970 bytes) (Unknown) (1/1/2012 12:44:59 PM) (--A-) (df4f0d1a07a4a2c3006f4678ccdbce4b)
C:\WINDOWS\system32\diskflt.sys (34632 bytes) (Unknown) (1/1/2012 9:47:00 AM) (--A-) (64ed1ba14d34e059e17f1497c13cddd5)
C:\WINDOWS\system32\FsFilter.sys (21448 bytes) (Unknown) (1/1/2012 9:47:01 AM) (--A-) (cfc24c4cdb052157ecf6567c3f53fbca)
C:\WINDOWS\system32\npptNT2.sys (4682 bytes) (INCA Internet Co., Ltd.) (1/1/2012 10:03:45 AM) (--A-) (9131fe60adfab595c8da53ad6a06aa31)
C:\WINDOWS\system32\truecrypt.sys (227912 bytes) (TrueCrypt Foundation) (1/1/2012 9:47:01 AM) (--A-) (441c9557ef1a48acd544762924000f96)
C:\Program Files\windows nt\hypertrm.exe (28160 bytes) (Hilgraeve, Inc.) (1/1/2012 8:24:05 AM) (--A-) (9dbb82fb602aa42b131c55c5d136dc9c)

  • Autorun.ini
  • Unknown .SYS files


C:\WINDOWS\system32\drivers\Ambfilt.sys (1684736 bytes) (Creative) (1/1/2012 9:27:40 AM) (--A-) (f6af59d6eee5e1c304f7f73706ad11d8)
C:\WINDOWS\system32\drivers\cmcguardian.sys (66712 bytes) (CMC Information Security) (1/31/2012 7:45:26 PM) (--A-) (4a01bf5bd81fac8840875abeb57db1e7)
C:\WINDOWS\system32\drivers\diskflt.sys (34632 bytes) (Unknown) (1/1/2012 9:47:00 AM) (--A-) (a3be2bad17775773f233cec9b4781786)
C:\WINDOWS\system32\drivers\FsFilter.sys (21448 bytes) (Unknown) (1/1/2012 1:07:34 PM) (--A-) (cfc24c4cdb052157ecf6567c3f53fbca)
C:\WINDOWS\system32\drivers\hdaudbus.sys (144384 bytes) (Windows (R) Server 2003 DDK provider) (4/13/2008 9:06:06 PM) (--A-) (573c7d0a32852b48f3058cfd8026f511)
C:\WINDOWS\system32\drivers\idmtdi.sys (101616 bytes) (Tonec Inc.) (11/14/2011 8:39:02 PM) (--A-) (330a6a0baf4fd945bde14c7b1d88d9b9)
C:\WINDOWS\system32\drivers\igxpmp32.sys (2003584 bytes) (Intel Corporation) (12/21/2011 11:55:20 PM) (--A-) (7df53bb1f78de5dca8ac842868d34b01)
C:\WINDOWS\system32\drivers\Monfilt.sys (1389056 bytes) (Creative Technology Ltd.) (1/1/2012 9:27:42 AM) (--A-) (9fa7207d1b1adead88ae8eed9cdbbaa5)
C:\WINDOWS\system32\drivers\Ndisrd.sys (29120 bytes) (NT Kernel Resources) (1/31/2012 7:45:57 PM) (--A-) (0d71bef03e0059228a4d56cccf9a3b27)
C:\WINDOWS\system32\drivers\Rtenicxp.sys (177152 bytes) (Realtek Semiconductor Corporation) (12/21/2011 11:55:21 PM) (--A-) (6fc7ddf3b8d94fba7ac664452d6478d4)
C:\WINDOWS\system32\drivers\RtkHDAud.sys (4967424 bytes) (Realtek Semiconductor Corp.) (1/1/2012 9:27:45 AM) (--A-) (2cb7c44a36b54d1712ea3e537ca827b1)
C:\WINDOWS\system32\drivers\secdrv.sys (20480 bytes) (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) (4/13/2008 9:09:16 PM) (--A-) (90a3935d05b494a5a39d37e71f09a677)
C:\WINDOWS\system32\drivers\sffp_mmc.sys (10240 bytes) (Microsoft Corporation) (4/13/2008 11:10:50 PM) (--A-) (d66d22d76878bf3483a6be30183fb648)
C:\WINDOWS\system32\drivers\truecrypt.sys (227912 bytes) (TrueCrypt Foundation) (1/1/2012 1:07:35 PM) (--A-) (441c9557ef1a48acd544762924000f96)
C:\WINDOWS\system32\drivers\wpdusb.sys (18944 bytes) (Microsoft Corporation) (1/28/2005 1:44:28 PM) (--A-) (1385e5aa9c9821790d33a9563b8d2dd0)

  • Non accessible files


C:\WINDOWS\system32\regblcs.exe (0 bytes) (Unknown) (d41d8cd98f00b204e9800998ecf8427e)

  • Executables in Internet Explorer Folder


C:\Program Files\Internet Explorer\ExtExport.exe (144384 bytes) (Microsoft Corporation) (3/8/2009 4:35:04 AM) (----) (44d37a87f00d8684ad907dae295f67fb)
C:\Program Files\Internet Explorer\iecompat.dll (2048 bytes) (Microsoft Corporation) (3/8/2009 4:35:04 AM) (----) (d439e31044c4f0fbd41a0c7f30668c35)
C:\Program Files\Internet Explorer\iedvtool.dll (742912 bytes) (Microsoft Corporation) (3/8/2009 4:35:32 AM) (----) (bd3c4101b9340e697c9eb0c9c7c9fedf)
C:\Program Files\Internet Explorer\ieproxy.dll (246784 bytes) (Microsoft Corporation) (3/8/2009 4:33:50 AM) (----) (2ad2e831fb023915188008f5b3103f5b)
C:\Program Files\Internet Explorer\iexplore.exe.mui (12288 bytes) (Microsoft Corporation) (3/8/2009 2:21:44 PM) (----) (943030b55fdb56fb8b8fcc086071e119)
C:\Program Files\Internet Explorer\jsdbgui.dll (521216 bytes) (Microsoft Corporation) (3/8/2009 4:35:02 AM) (----) (33db6e706fd3a2271033c5d29b3d6f76)
C:\Program Files\Internet Explorer\jsdebuggeride.dll (121344 bytes) (Microsoft Corporation) (3/8/2009 4:35:02 AM) (----) (3494af094cfb1d1b9a3c1ce255492b6c)
C:\Program Files\Internet Explorer\JSProfilerCore.dll (118272 bytes) (Microsoft Corporation) (3/8/2009 4:35:04 AM) (----) (d68cc4e775420716b6abc4d188d5d316)
C:\Program Files\Internet Explorer\jsprofilerui.dll (233984 bytes) (Microsoft Corporation) (3/8/2009 4:35:12 AM) (----) (0f6a0675181d3ae76755986f3bf9e598)
C:\Program Files\Internet Explorer\pdm.dll (355832 bytes) (Microsoft Corporation) (1/7/2009 6:20:18 PM) (----) (3ca2dfd1ee857cde7dccf4235f52d142)
C:\Program Files\Internet Explorer\sqmapi.dll (134144 bytes) (Microsoft Corporation) (1/7/2009 6:20:54 PM) (----) (5eb87ba0b93ca7e894fc8002e3ce4c2a)
C:\Program Files\Internet Explorer\xpshims.dll (12288 bytes) (Microsoft Corporation) (3/8/2009 4:33:18 AM) (----) (065b2f67ebf71130e9126b161f3740dc)

  • Files created/modified 15 days ago


C:\WINDOWS\system32\drivers\cmcguardian.sys (66712 bytes) (CMC Information Security) (1/31/2012 7:45:26 PM) (--A-) (4a01bf5bd81fac8840875abeb57db1e7) (Created)
C:\WINDOWS\system32\drivers\Ndisrd.sys (29120 bytes) (NT Kernel Resources) (1/31/2012 7:45:57 PM) (--A-) (0d71bef03e0059228a4d56cccf9a3b27) (Created)
C:\Program Files\Adblock Pro\uninst.exe (81308 bytes) (Unknown) (1/31/2012 7:41:58 PM) (--A-) (b4841395141834d91aa868921d65cf14) (Created)
C:\Program Files\CMC\Internet Security\cmcark_gui.exe (2495319 bytes) (Unknown) (1/31/2012 7:45:13 PM) (--A-) (f0495c5c01c8acff447561b53bc0abb2) (Created)
C:\Program Files\CMC\Internet Security\cmcau3dll.dll (106496 bytes) (CMC InfoSec) (1/31/2012 7:45:14 PM) (--A-) (be3701d625c9c6c002e8930833fbfd49) (Created)
C:\Program Files\CMC\Internet Security\CMCAu3strep.dll (102400 bytes) (CMC InfoSec) (1/31/2012 7:45:14 PM) (--A-) (c3900bd49bf885509272f8680b16657b) (Created)
C:\Program Files\CMC\Internet Security\cmcavfs.cll (650240 bytes) (Unknown) (1/31/2012 7:45:26 PM) (--A-) (33da068f455b273bb7c5fa51efbd2f54) (Created)
C:\Program Files\CMC\Internet Security\cmcavfs.dll (650240 bytes) (Unknown) (1/31/2012 7:45:14 PM) (--A-) (33da068f455b273bb7c5fa51efbd2f54) (Created)
C:\Program Files\CMC\Internet Security\CMCAVShell.dll (472576 bytes) (CMCInfoSec) (1/31/2012 7:45:14 PM) (--A-) (662107c5eb84f3dd1481cc994bced33a) (Created)
C:\Program Files\CMC\Internet Security\CMCBuy.exe (225280 bytes) (Unknown) (1/31/2012 7:45:14 PM) (--A-) (4a2988a5034aa0557ee91dfe68d3368b) (Created)
C:\Program Files\CMC\Internet Security\CMCContmenu.dll (403968 bytes) (Unknown) (1/31/2012 7:45:14 PM) (--A-) (0eaf07e0a71c8bea218c1ff5e94df7c5) (Created)
C:\Program Files\CMC\Internet Security\cmccore.exe (1587304 bytes) (Unknown) (1/31/2012 7:45:14 PM) (--A-) (876078fe0d9f3d03c8a7c9a69028038a) (Created)
C:\Program Files\CMC\Internet Security\cmcexcol.dll (508928 bytes) (Unknown) (1/31/2012 7:45:14 PM) (--A-) (b2ccc1ec313c5c038af3b82dab151c1f) (Created)
C:\Program Files\CMC\Internet Security\CMCFWON.exe (44040 bytes) (Unknown) (1/31/2012 7:45:14 PM) (--A-) (7cf9b5d78ba8649e8e3eda7c5f79a792) (Created)
C:\Program Files\CMC\Internet Security\cmcguardian.sys (66712 bytes) (CMC Information Security) (1/31/2012 7:45:14 PM) (--A-) (4a01bf5bd81fac8840875abeb57db1e7) (Created)
C:\Program Files\CMC\Internet Security\cmchkdrv3.sys (39592 bytes) (Unknown) (1/31/2012 7:45:15 PM) (--A-) (15ddf7051fab545f7547cb6b4f45b3ca) (Created)
C:\Program Files\CMC\Internet Security\CMCHst.exe (594432 bytes) (CMC InfoSec) (1/31/2012 7:45:15 PM) (--A-) (52a3c64bc00809f5956d86ce1d777fe8) (Created)
C:\Program Files\CMC\Internet Security\CMCIniDll.dll (99328 bytes) (Unknown) (1/31/2012 7:45:15 PM) (--A-) (3ae45ebd53223b20e578af3e9d20bdb9) (Created)
C:\Program Files\CMC\Internet Security\CMCiTray.CPL (26112 bytes) (Unknown) (1/31/2012 7:45:15 PM) (--A-) (9a7d292c3cdea4ef28bcfa360dcda85a) (Created)
C:\Program Files\CMC\Internet Security\cmcliman.exe (19456 bytes) (Unknown) (1/31/2012 7:45:15 PM) (--A-) (b6790dbba83585dcfdbe74f0bf657d24) (Created)
C:\Program Files\CMC\Internet Security\CMCNSTR.exe (143360 bytes) (CMC InfoSec) (1/31/2012 7:45:15 PM) (--A-) (509467a4f1abf37e4af127e33bc04392) (Created)
C:\Program Files\CMC\Internet Security\CMCPanel.exe (694240 bytes) (CMC InfoSec) (1/31/2012 7:45:15 PM) (--A-) (a80a075a17c3fd5faab82a47e2ba6ea0) (Created)
C:\Program Files\CMC\Internet Security\CMCPlgRep.dll (90624 bytes) (Unknown) (1/31/2012 7:45:15 PM) (--A-) (89d1122060932bc0576a79626e87329c) (Created)
C:\Program Files\CMC\Internet Security\CMCpwman.exe (190976 bytes) (CMC InfoSec) (1/31/2012 7:45:15 PM) (--A-) (81c6d61d52242f299adca0afd4787586) (Created)
C:\Program Files\CMC\Internet Security\CMCpwmn.CPL (11776 bytes) (Unknown) (1/31/2012 7:45:15 PM) (--A-) (726c5e563b28706f18b76031f0869354) (Created)
C:\Program Files\CMC\Internet Security\CMCQuar.exe (187904 bytes) (Unknown) (1/31/2012 7:45:15 PM) (--A-) (5c43a228c6b61f8c26138bd74134e577) (Created)
C:\Program Files\CMC\Internet Security\CMCRdDep.cll (692224 bytes) (CMC Information Security) (1/31/2012 7:45:26 PM) (--A-) (0a113d76f6c8a6e33c42fbe396b6915d) (Created)
C:\Program Files\CMC\Internet Security\CMCRdDep.dll (692224 bytes) (CMC Information Security) (1/31/2012 7:45:15 PM) (--A-) (0a113d76f6c8a6e33c42fbe396b6915d) (Created)
C:\Program Files\CMC\Internet Security\cmcreport.exe (1106432 bytes) (CMC Information Security) (1/31/2012 7:45:15 PM) (--A-) (bfbd4abde5a64aec7cd66d50eed1ff53) (Created)
C:\Program Files\CMC\Internet Security\CMCrGUI.dll (162304 bytes) (CMCInfosec) (1/31/2012 7:45:15 PM) (--A-) (d332a2b903a96a7548d24a61c6fffe37) (Created)
C:\Program Files\CMC\Internet Security\cmcrshlp.dll (93696 bytes) (Unknown) (1/31/2012 7:45:15 PM) (--A-) (1e705b914dc1e42e47a147b6a4fb65ef) (Created)
C:\Program Files\CMC\Internet Security\CMCRTON.exe (44040 bytes) (Unknown) (1/31/2012 7:45:15 PM) (--A-) (96b142d3f9fb954481b73b3fd8b7758c) (Created)
C:\Program Files\CMC\Internet Security\CMCScanLib.dll (623104 bytes) (Unknown) (1/31/2012 7:45:15 PM) (--A-) (04327c5ceef6779b55f5c27f8f202803) (Created)
C:\Program Files\CMC\Internet Security\CMCScanner.exe (1332224 bytes) (CMC InfoSec) (1/31/2012 7:45:15 PM) (--A-) (c834ed06d3b2c029d4b0c17a65ac6664) (Created)
C:\Program Files\CMC\Internet Security\CMCScheduler.dll (159744 bytes) (Unknown) (1/31/2012 7:45:15 PM) (--A-) (b2bf11f4e5c42e7ec2ccd3df0dfe9341) (Created)
C:\Program Files\CMC\Internet Security\cmcsubmit.exe (341504 bytes) (Unknown) (1/31/2012 7:45:15 PM) (--A-) (2ad56b71ea8ec47686aafa13623690d1) (Created)
C:\Program Files\CMC\Internet Security\CMCSubSFind.dll (73728 bytes) (CMC InfoSec) (1/31/2012 7:45:15 PM) (--A-) (42bf09e460d469a6c29e121a8a93fdca) (Created)
C:\Program Files\CMC\Internet Security\cmcsyshk.1013.dll (311696 bytes) (CMC Information Security) (1/31/2012 7:45:15 PM) (--A-) (a79f1b9a8a917e5026da5637068ebb3a) (Created)
C:\Program Files\CMC\Internet Security\cmcsyshk.dll (309216 bytes) (CMC Information Security) (1/31/2012 7:45:15 PM) (--A-) (cfa243b96cd4ad8d9b255d1fed9ed7ef) (Created)
C:\Program Files\CMC\Internet Security\cmcsyshk32.dll (207872 bytes) (Unknown) (1/31/2012 7:45:15 PM) (--A-) (236d6984f0a2d3a76a9ce98727855bba) (Created)
C:\Program Files\CMC\Internet Security\CMCTrayIcon.exe (270336 bytes) (CMC Information Security Corp) (1/31/2012 7:45:15 PM) (--A-) (3e07c4a28a67db786571106d1ddd0c57) (Created)
C:\Program Files\CMC\Internet Security\CMCuCore.dll (627712 bytes) (CMC InfoSec) (1/31/2012 7:45:15 PM) (--A-) (4e4e0d2ba7c9d148c2fe991354c86025) (Created)
C:\Program Files\CMC\Internet Security\cmcupack.dll (44544 bytes) (Unknown) (1/31/2012 7:45:16 PM) (--A-) (8b223b55bc72de62b92bb7138837f41b) (Created)
C:\Program Files\CMC\Internet Security\CMCWedis.dll (163840 bytes) (CMC InfoSec) (1/31/2012 7:45:16 PM) (--A-) (8ac64bd1ba58027b63ec58fbe25cd7ab) (Created)
C:\Program Files\CMC\Internet Security\CMCwEngine.dll (137216 bytes) (CMC InfoSec) (1/31/2012 7:45:16 PM) (--A-) (153e717f2fe353604d816936225abd72) (Created)
C:\Program Files\CMC\Internet Security\CmcWsc.exe (17696 bytes) (CMC Information Security) (1/31/2012 7:45:16 PM) (--A-) (b3270e8ac40003aee449cc92a9a68cd3) (Created)
C:\Program Files\CMC\Internet Security\CMCxCore.cll (125952 bytes) (Unknown) (1/31/2012 7:45:26 PM) (--A-) (facb7a698e7bc2abb3c9a1b42ca645d5) (Created)
C:\Program Files\CMC\Internet Security\CMCxCore.dll (125952 bytes) (Unknown) (1/31/2012 7:45:16 PM) (--A-) (facb7a698e7bc2abb3c9a1b42ca645d5) (Created)
C:\Program Files\CMC\Internet Security\CMCxEmu.dll (937984 bytes) (CMC Information Security) (1/31/2012 7:45:16 PM) (--A-) (8cc03c0ea79abb8999c13d0138a3a531) (Created)
C:\Program Files\CMC\Internet Security\cmcxicon.dll (493056 bytes) (Unknown) (1/31/2012 7:45:16 PM) (--A-) (6af2babd94d610377302ef85801134ea) (Created)
C:\Program Files\CMC\Internet Security\cmcxprop.dll (691712 bytes) (Unknown) (1/31/2012 7:45:16 PM) (--A-) (fca0ede534a393d576163744e2e1d80f) (Created)
C:\Program Files\CMC\Internet Security\CMCxScan.cll (189440 bytes) (CMC InfoSec) (1/31/2012 7:45:29 PM) (--A-) (c9f65c2df900a65de83117eb6b0c6d58) (Created)
C:\Program Files\CMC\Internet Security\CMCxScan.dll (189440 bytes) (CMC InfoSec) (1/31/2012 7:45:16 PM) (--A-) (c9f65c2df900a65de83117eb6b0c6d58) (Created)
C:\Program Files\CMC\Internet Security\cmc_ipsfltr.exe (1202176 bytes) (CMC Information Security) (1/31/2012 7:45:16 PM) (--A-) (8394f56aeb7ace940eaf2c1dde569b50) (Created)
C:\Program Files\CMC\Internet Security\CMC_NL.CPL (93184 bytes) (Unknown) (1/31/2012 7:45:16 PM) (--A-) (1c35851f0e1155073333c1e80bb5b5c5) (Created)
C:\Program Files\CMC\Internet Security\cmc_tools.CPL (16384 bytes) (Unknown) (1/31/2012 7:45:16 PM) (--A-) (b9295061c97e857530dd0717928f1c3e) (Created)
C:\Program Files\CMC\Internet Security\CVITools.exe (645632 bytes) (Unknown) (1/31/2012 7:45:16 PM) (--A-) (cb30d6f8744f8cc0743cb59f99459707) (Created)
C:\Program Files\CMC\Internet Security\guardapi.dll (3584 bytes) (CMC Information Security) (1/31/2012 7:45:16 PM) (--A-) (2869b7f6d8f3902e5f698488052cd2fa) (Created)
C:\Program Files\CMC\Internet Security\inscore.exe (279552 bytes) (Unknown) (1/31/2012 7:45:16 PM) (--A-) (4bd0f6bb6f253c424ff68068438d16e1) (Created)
C:\Program Files\CMC\Internet Security\unins000.exe (1202437 bytes) (Unknown) (1/31/2012 7:45:13 PM) (--A-) (97dd72bf2a909d92541b9ec27aad4e2d) (Created)
C:\Program Files\CMC\Internet Security\wengine.dll (254022 bytes) (Unknown) (1/31/2012 7:45:16 PM) (--A-) (d816695a49859272259474b6cb4d284b) (Created)
C:\Program Files\CMC\Internet Security\ztvcabinet.dll (69632 bytes) (Microsoft Corporation) (1/31/2012 7:45:16 PM) (--A-) (9ec7cf498f3f71e807629577c7bc2d19) (Created)
C:\Program Files\CMC\Internet Security\ztvunace26.dll (77312 bytes) (Unknown) (1/31/2012 7:45:16 PM) (--A-) (de02c4d04088b69e64ecc30a3d9e22e5) (Created)
C:\Program Files\CMC\Internet Security\ztvunrar37.dll (164352 bytes) (Unknown) (1/31/2012 7:45:16 PM) (--A-) (149a100a8e7b4cdfbb62c734bb7e7b8a) (Created)
C:\Program Files\CMC\Internet Security\ztvunrar38.dll (168960 bytes) (Unknown) (1/31/2012 7:45:16 PM) (--A-) (a3922cd380f968b898da4bb414c38900) (Created)
C:\Program Files\Garena Plus\uninst.exe (119875 bytes) (Unknown) (1/22/2012 8:43:41 AM) (--A-) (6cd7024bc96a7990c871d8d1f3b4a208) (Created)
C:\Program Files\Internet Download Manager\downlWithIDM.dll (95584 bytes) (Tonec Inc.) (1/26/2012 8:42:01 PM) (--A-) (f2e331b0961620a633a46875d8994768) (Created)
C:\Program Files\Internet Download Manager\idmbrbtn.dll (77992 bytes) (Tonec Inc.) (1/26/2012 8:42:01 PM) (--A-) (695ab51574936100bdc3c451943452b0) (Created)
C:\Program Files\Internet Download Manager\idmcchandler.dll (566704 bytes) (Tonec Inc.) (1/31/2012 8:22:27 PM) (--A-) (55ff73825468622e1234dd6d2f9f231e) (Created)
C:\Program Files\Internet Download Manager\idmfsa.dll (83376 bytes) (Tonec Inc.) (1/26/2012 8:42:01 PM) (--A-) (a148f3eb5e8b966bab691dda2494f6f2) (Created)
C:\Program Files\Internet Download Manager\idmftype.dll (42472 bytes) (Tonec Inc.) (1/26/2012 8:42:01 PM) (--A-) (ea1a320b897268bd6accfeddb31b9cab) (Created)
C:\Program Files\Internet Download Manager\IDMGetAll.dll (54624 bytes) (Tonec Inc.) (1/26/2012 8:42:01 PM) (--A-) (17306b512c935c4cb94028db6de883b0) (Created)
C:\Program Files\Internet Download Manager\IDMGrHlp.exe (288096 bytes) (Tonec Inc.) (1/26/2012 8:42:01 PM) (--A-) (b7bed782786100f8220fe87ac2401c90) (Created)
C:\Program Files\Internet Download Manager\IDMIECC.dll (218544 bytes) (Internet Download Manager, Tonec Inc.) (1/26/2012 8:42:01 PM) (--A-) (46ec6d0d65fd03d36f9b750d11c22639) (Created)
C:\Program Files\Internet Download Manager\idmmkb.dll (38304 bytes) (Tonec Inc.) (1/26/2012 8:42:01 PM) (--A-) (706dd70fe7ea8b4362e7a4817ff6baf8) (Created)
C:\Program Files\Internet Download Manager\IDMNetMon.dll (109928 bytes) (Tonec Inc.) (1/26/2012 8:42:01 PM) (--A-) (b7ae8e447e5f42eca17f099e5956a0ef) (Created)
C:\Program Files\Internet Download Manager\IDMShellExt.dll (21864 bytes) (Tonec Inc.) (1/26/2012 8:42:01 PM) (--A-) (dc891400a8ad2adfed1f2f420ada7d5c) (Created)
C:\Program Files\Internet Download Manager\idmtdi32.sys (104072 bytes) (Tonec Inc.) (1/26/2012 8:42:01 PM) (--A-) (505c3e797a9dcfb73b48d8eab60ddeb8) (Created)
C:\Program Files\Internet Download Manager\idmwfp32.sys (91936 bytes) (Tonec Inc.) (1/26/2012 8:42:01 PM) (--A-) (499fc110088cc0baf13f57cfa001f49c) (Created)
C:\Program Files\Internet Download Manager\IEMonitor.exe (263600 bytes) (Tonec Inc.) (1/26/2012 8:42:01 PM) (--A-) (207b16fa69f61d1895f8d8532f587e4b) (Created)
C:\Program Files\Internet Download Manager\Uninstall.exe (159584 bytes) (Tonec Inc.) (1/26/2012 8:42:04 PM) (--A-) (9ff896e6fed133aa23836263c3ca74ef) (Created)
C:\DOCUME~1\TuanKiet\LOCALS~1\Temp\IDM_Setup_Temp\IDM1.tmp (159584 bytes) (Tonec Inc.) (1/26/2012 8:42:04 PM) (--A-) (9ff896e6fed133aa23836263c3ca74ef) (Created)
C:\DOCUME~1\TuanKiet\LOCALS~1\Temp\Rar$EX00.266\HijackHunter.exe (628736 bytes) (NoVirusThanks Company Srl) (1/31/2012 8:22:50 PM) (--A-) (b6ffa83b91d78a0369fe0e15e4dba69c) (Created)
C:\DOCUME~1\TuanKiet\LOCALS~1\Temp\Rar$EX00.266\nhdrv.sys (4608 bytes) (NoVirusThanks Company Srl) (1/31/2012 8:22:51 PM) (--A-) (8f40312ac7b0f3d0246fe52105e4f1d7) (Created)

  • Hidden files in suspicious folders
  • Suspicious Registry Keys
  • Suspicious folders
  • Drivers


C:\WINDOWS\system32\drivers\fsfilter.sys (FsFilter) (FsFilter) (Unknown) (cfc24c4cdb052157ecf6567c3f53fbca)
C:\WINDOWS\system32\drivers\hdaudbus.sys (HDAudBus) (Microsoft UAA Bus Driver for High Definition Audio) (Windows (R) Server 2003 DDK provider) (573c7d0a32852b48f3058cfd8026f511)
C:\WINDOWS\system32\drivers\igxpmp32.sys (ialm) (ialm) (Intel Corporation) (7df53bb1f78de5dca8ac842868d34b01)
C:\WINDOWS\system32\drivers\rtkhdaud.sys (IntcAzAudAddService) (Service for Realtek HD Audio (WDM)) (Realtek Semiconductor Corp.) (2cb7c44a36b54d1712ea3e537ca827b1)
C:\WINDOWS\system32\drivers\rtenicxp.sys (RTLE8023xp) (Realtek 10/100/1000 PCI-E NIC Family NDIS XP Driver) (Realtek Semiconductor Corporation) (6fc7ddf3b8d94fba7ac664452d6478d4)
C:\WINDOWS\system32\drivers\truecrypt.sys (truecrypt) (truecrypt) (TrueCrypt Foundation) (441c9557ef1a48acd544762924000f96)
C:\WINDOWS\system32\drivers\cmcguardian.sys (cmcguardian) (CMC Guardian Service) (CMC Information Security) (4a01bf5bd81fac8840875abeb57db1e7)
C:\WINDOWS\system32\drivers\ndisrd.sys (NdisrdMP) (NdisrdMP) (NT Kernel Resources) (0d71bef03e0059228a4d56cccf9a3b27)
C:\WINDOWS\system32\drivers\cmcantirootkit.sys (CMC AntiRootkit Service) (CMC AntiRootkit Service) (Unknown) (d41d8cd98f00b204e9800998ecf8427e)
C:\WINDOWS\system32\drivers\idmtdi.sys (IDMTDI) (IDMTDI) (Tonec Inc.) (505c3e797a9dcfb73b48d8eab60ddeb8)

  • Drivers -> FSFilter Anti-Virus
  • Services


c:\windows\system32\autoservice.exe (AutoService) (AutoService) (Unknown) (a321609e3c1b07953ddf259780968534)
c:\windows\system32\wdfmgr.exe (UMWdf) (Windows User Mode Driver Framework) (Microsoft Corporation) (ab0a7ca90d9e3d6a193905dc1715ded0)
c:\program files\yahoo!\softwareupdate\yahooauservice.exe (YahooAUService) (Yahoo! Updater) (Yahoo! Inc.) (dd0042f0c3b606a6a8b92d49afb18ad6)
c:\program files\cmc\internet security\cmccore.exe (cmcis) (CMC Internet Security Core) (Unknown) (876078fe0d9f3d03c8a7c9a69028038a)
c:\program files\cmc\internet security\cmc_ipsfltr.exe (cmcipsfltr) (cmcipsfltr) (CMC Information Security) (8394f56aeb7ace940eaf2c1dde569b50)

  • ServiceDll
  • Unknown files in Winsock LSP
  • Unknown files in CLSID


C:\WINDOWS\system32\igfxsrvc.exe (264216 bytes) (Intel Corporation) (12/21/2011 11:55:19 PM) (--A-) (dd5a8a057da6b8eef0a36df02a8439aa)
C:\WINDOWS\system32\hypertrm.dll (347136 bytes) (Hilgraeve, Inc.) (1/1/2012 8:23:43 AM) (--A-) (277bdf16a94be0d063988d692541650b)
C:\WINDOWS\system32\ir50_32.dll (755200 bytes) (Intel Corporation) (4/14/2008 4:41:56 AM) (--A-) (5f10dc19d92ccf6b719b494572f4f74b)
C:\WINDOWS\system32\IGFXEXPS.DLL (23552 bytes) (Intel Corporation) (12/21/2011 11:55:19 PM) (--A-) (2e049d02c65ad390ed4f5bc026540ab8)
C:\WINDOWS\system32\ir41_32.ax (848384 bytes) (Intel Corporation) (4/14/2008 4:42:44 AM) (--A-) (948e1498c6438625247f94534aaa82fe)
C:\WINDOWS\system32\l3codecx.ax (83456 bytes) (Fraunhofer Institut Integrierte Schaltungen IIS) (9/1/2004 2:00:00 PM) (--A-) (b5a7a5a67ecc144117d1e7d5352a2f6a)
C:\WINDOWS\system32\acelpdec.ax (61952 bytes) (Sipro Lab Telecom Inc.) (9/1/2004 2:00:00 PM) (--A-) (d0a33c77354a6f12ccd8034e4429a30d)
C:\WINDOWS\system32\igfxdo.dll (130048 bytes) (Intel Corporation) (12/21/2011 11:55:19 PM) (--A-) (51f380f13e4338b6bd8be61c597ed8e2)
C:\WINDOWS\system32\l3codeca.acm (290816 bytes) (Fraunhofer Institut Integrierte Schaltungen IIS) (4/14/2008 4:39:58 AM) (--A-) (452705ac9e4c0dde91a61f0e02292423)
C:\WINDOWS\system32\hticons.dll (44544 bytes) (Hilgraeve, Inc.) (1/1/2012 8:24:05 AM) (--A-) (f759a6e14403bc3d7a55ccad1b8f7b4a)
C:\WINDOWS\system32\igfxdev.dll (214016 bytes) (Intel Corporation) (12/21/2011 11:55:19 PM) (--A-) (09caa6f91ea354b390d1c608416bfcce)
C:\WINDOWS\system32\RTCOM\RTCOMDLL.dll (266240 bytes) (Unknown) (1/1/2012 9:27:42 AM) (--A-) (bd47529c036933881b6d651d6a046e38)
C:\WINDOWS\system32\iac25_32.ax (199680 bytes) (Intel Corporation) (4/14/2008 4:42:44 AM) (--A-) (877c90686858d899b042bba45e9b7f2c)
C:\WINDOWS\system32\RTCOM\RTLCPAPI.dll (131072 bytes) (Unknown) (1/1/2012 9:27:45 AM) (--A-) (05229a9335934a9414c9ee1696b11f2c)

  • TCP Connections


svchost.exe -> 0.0.0.0:135 -> 0.0.0.0:57420 -> LISTENING
N/A -> 0.0.0.0:445 -> 0.0.0.0:173 -> LISTENING
cmccore.exe -> 0.0.0.0:1981 -> 0.0.0.0:47104 -> LISTENING
abpmain.exe -> 0.0.0.0:2530 -> 0.0.0.0:8252 -> LISTENING
cmccore.exe -> 0.0.0.0:7121 -> 0.0.0.0:38958 -> LISTENING
cmccore.exe -> 0.0.0.0:7122 -> 0.0.0.0:36914 -> LISTENING
alg.exe -> 127.0.0.1:1041 -> 0.0.0.0:8268 -> LISTENING
CMCTrayIcon.exe -> 127.0.0.1:2030 -> 127.0.0.1:7122 -> ESTABLISHED
CMCScanner.exe -> 127.0.0.1:4060 -> 127.0.0.1:7121 -> ESTABLISHED
CMCScanner.exe -> 127.0.0.1:4061 -> 127.0.0.1:7121 -> ESTABLISHED
N/A -> 127.0.0.1:4789 -> 127.0.0.1:7121 -> TIME_WAIT
N/A -> 127.0.0.1:4790 -> 127.0.0.1:7121 -> TIME_WAIT
N/A -> 127.0.0.1:4791 -> 127.0.0.1:7121 -> TIME_WAIT
N/A -> 127.0.0.1:4813 -> 127.0.0.1:7121 -> TIME_WAIT
N/A -> 127.0.0.1:4885 -> 127.0.0.1:7121 -> TIME_WAIT
N/A -> 127.0.0.1:4905 -> 127.0.0.1:7121 -> TIME_WAIT
N/A -> 127.0.0.1:4906 -> 127.0.0.1:7121 -> TIME_WAIT
cmccore.exe -> 127.0.0.1:7121 -> 127.0.0.1:4060 -> ESTABLISHED
cmccore.exe -> 127.0.0.1:7121 -> 127.0.0.1:4061 -> ESTABLISHED
cmccore.exe -> 127.0.0.1:7122 -> 127.0.0.1:2030 -> ESTABLISHED
N/A -> 127.0.31.247:4784 -> 127.0.31.247:1981 -> TIME_WAIT
N/A -> 127.0.31.248:1981 -> 127.0.31.248:4785 -> TIME_WAIT
N/A -> 192.168.1.19:139 -> 0.0.0.0:14364 -> LISTENING
GMClient.exe -> 192.168.1.19:2207 -> 192.168.1.99:10500 -> ESTABLISHED
GMClient.exe -> 192.168.1.19:2227 -> 192.168.1.99:31560 -> CLOSE_WAIT
CyberStation.exe -> 192.168.1.19:3243 -> 192.168.1.99:51955 -> ESTABLISHED
chrome.exe -> 192.168.1.19:3932 -> 74.125.71.138:80 -> ESTABLISHED
chrome.exe -> 192.168.1.19:3936 -> 74.125.71.95:80 -> ESTABLISHED
chrome.exe -> 192.168.1.19:3937 -> 74.125.71.95:80 -> ESTABLISHED
N/A -> 192.168.1.19:4255 -> 118.215.15.139:80 -> TIME_WAIT
N/A -> 192.168.1.19:4323 -> 192.150.16.64:80 -> TIME_WAIT
N/A -> 192.168.1.19:4328 -> 125.252.225.17:80 -> TIME_WAIT
chrome.exe -> 192.168.1.19:4353 -> 209.17.88.52:80 -> CLOSE_WAIT
N/A -> 192.168.1.19:4354 -> 216.52.92.3:80 -> TIME_WAIT
N/A -> 192.168.1.19:4358 -> 74.217.78.140:80 -> TIME_WAIT
N/A -> 192.168.1.19:4360 -> 74.114.28.200:80 -> TIME_WAIT
N/A -> 192.168.1.19:4361 -> 74.217.78.140:80 -> TIME_WAIT
N/A -> 192.168.1.19:4362 -> 74.217.78.140:80 -> TIME_WAIT
N/A -> 192.168.1.19:4363 -> 74.217.78.140:80 -> TIME_WAIT
N/A -> 192.168.1.19:4364 -> 74.217.78.140:80 -> TIME_WAIT
N/A -> 192.168.1.19:4368 -> 74.217.78.150:80 -> TIME_WAIT
chrome.exe -> 192.168.1.19:4484 -> 74.125.71.113:80 -> ESTABLISHED
chrome.exe -> 192.168.1.19:4493 -> 74.125.71.100:80 -> ESTABLISHED
chrome.exe -> 192.168.1.19:4495 -> 74.125.71.138:80 -> ESTABLISHED
N/A -> 192.168.1.19:4499 -> 222.255.28.38:80 -> TIME_WAIT
N/A -> 192.168.1.19:4511 -> 222.255.28.38:80 -> TIME_WAIT
N/A -> 192.168.1.19:4520 -> 222.255.28.38:80 -> TIME_WAIT
N/A -> 192.168.1.19:4524 -> 222.255.28.220:80 -> TIME_WAIT
N/A -> 192.168.1.19:4531 -> 123.30.180.60:80 -> TIME_WAIT
N/A -> 192.168.1.19:4536 -> 123.30.180.60:80 -> TIME_WAIT
N/A -> 192.168.1.19:4537 -> 222.255.28.220:80 -> TIME_WAIT
N/A -> 192.168.1.19:4551 -> 123.30.180.61:80 -> TIME_WAIT
N/A -> 192.168.1.19:4553 -> 123.30.180.61:80 -> TIME_WAIT
N/A -> 192.168.1.19:4554 -> 123.30.180.61:80 -> TIME_WAIT
N/A -> 192.168.1.19:4557 -> 123.30.180.61:80 -> TIME_WAIT
N/A -> 192.168.1.19:4562 -> 123.30.180.60:80 -> TIME_WAIT
N/A -> 192.168.1.19:4566 -> 123.30.180.60:80 -> TIME_WAIT
N/A -> 192.168.1.19:4568 -> 123.30.180.60:80 -> TIME_WAIT
N/A -> 192.168.1.19:4569 -> 123.30.180.60:80 -> TIME_WAIT
N/A -> 192.168.1.19:4571 -> 222.255.28.220:80 -> TIME_WAIT
N/A -> 192.168.1.19:4573 -> 222.255.28.220:80 -> TIME_WAIT
N/A -> 192.168.1.19:4589 -> 123.30.180.55:80 -> TIME_WAIT
N/A -> 192.168.1.19:4602 -> 74.125.71.156:80 -> TIME_WAIT
N/A -> 192.168.1.19:4632 -> 222.255.28.38:80 -> TIME_WAIT
chrome.exe -> 192.168.1.19:4634 -> 74.125.71.100:80 -> ESTABLISHED
chrome.exe -> 192.168.1.19:4635 -> 74.125.71.139:80 -> ESTABLISHED
chrome.exe -> 192.168.1.19:4637 -> 74.125.71.100:80 -> ESTABLISHED
N/A -> 192.168.1.19:4640 -> 67.201.31.224:80 -> TIME_WAIT
N/A -> 192.168.1.19:4656 -> 222.255.236.170:80 -> TIME_WAIT
N/A -> 192.168.1.19:4659 -> 123.30.180.61:80 -> TIME_WAIT
N/A -> 192.168.1.19:4662 -> 222.255.28.220:80 -> TIME_WAIT
N/A -> 192.168.1.19:4663 -> 222.255.28.220:80 -> TIME_WAIT
N/A -> 192.168.1.19:4672 -> 222.255.28.38:80 -> TIME_WAIT
N/A -> 192.168.1.19:4674 -> 123.30.180.55:80 -> TIME_WAIT
N/A -> 192.168.1.19:4676 -> 123.30.180.55:80 -> TIME_WAIT
N/A -> 192.168.1.19:4678 -> 123.30.180.55:80 -> TIME_WAIT
N/A -> 192.168.1.19:4684 -> 222.255.28.38:80 -> TIME_WAIT
N/A -> 192.168.1.19:4708 -> 118.214.190.24:80 -> TIME_WAIT
N/A -> 192.168.1.19:4729 -> 222.255.28.38:80 -> TIME_WAIT
N/A -> 192.168.1.19:4731 -> 118.215.12.20:80 -> TIME_WAIT
N/A -> 192.168.1.19:4733 -> 222.255.28.38:80 -> TIME_WAIT
N/A -> 192.168.1.19:4735 -> 222.255.28.38:80 -> TIME_WAIT
N/A -> 192.168.1.19:4737 -> 74.125.71.147:80 -> TIME_WAIT
N/A -> 192.168.1.19:4739 -> 123.30.180.55:80 -> TIME_WAIT
N/A -> 192.168.1.19:4746 -> 210.211.98.20:80 -> TIME_WAIT
N/A -> 192.168.1.19:4753 -> 210.211.98.20:80 -> TIME_WAIT
N/A -> 192.168.1.19:4754 -> 210.211.98.20:80 -> TIME_WAIT
N/A -> 192.168.1.19:4755 -> 210.211.98.20:80 -> TIME_WAIT
N/A -> 192.168.1.19:4756 -> 210.211.98.20:80 -> TIME_WAIT
N/A -> 192.168.1.19:4757 -> 210.211.98.20:80 -> TIME_WAIT
N/A -> 192.168.1.19:4759 -> 210.211.98.20:80 -> TIME_WAIT
N/A -> 192.168.1.19:4761 -> 74.125.71.101:80 -> TIME_WAIT
N/A -> 192.168.1.19:4773 -> 118.215.12.20:80 -> TIME_WAIT
N/A -> 192.168.1.19:4775 -> 118.215.12.20:80 -> TIME_WAIT
N/A -> 192.168.1.19:4777 -> 74.125.71.102:80 -> TIME_WAIT
chrome.exe -> 192.168.1.19:4793 -> 74.125.71.94:80 -> ESTABLISHED
chrome.exe -> 192.168.1.19:4794 -> 222.255.28.38:80 -> ESTABLISHED
chrome.exe -> 192.168.1.19:4795 -> 222.255.28.38:80 -> ESTABLISHED
chrome.exe -> 192.168.1.19:4796 -> 222.255.28.38:80 -> ESTABLISHED
chrome.exe -> 192.168.1.19:4797 -> 222.255.28.38:80 -> ESTABLISHED
chrome.exe -> 192.168.1.19:4798 -> 222.255.28.38:80 -> ESTABLISHED
chrome.exe -> 192.168.1.19:4799 -> 222.255.28.38:80 -> ESTABLISHED
chrome.exe -> 192.168.1.19:4800 -> 222.255.28.38:80 -> ESTABLISHED
chrome.exe -> 192.168.1.19:4801 -> 222.255.28.38:80 -> ESTABLISHED
chrome.exe -> 192.168.1.19:4802 -> 222.255.28.38:80 -> ESTABLISHED
chrome.exe -> 192.168.1.19:4803 -> 123.30.180.55:80 -> ESTABLISHED
chrome.exe -> 192.168.1.19:4804 -> 123.30.180.55:80 -> ESTABLISHED
chrome.exe -> 192.168.1.19:4805 -> 123.30.180.55:80 -> ESTABLISHED
chrome.exe -> 192.168.1.19:4809 -> 50.23.235.4:80 -> ESTABLISHED
chrome.exe -> 192.168.1.19:4810 -> 50.23.235.4:80 -> ESTABLISHED
chrome.exe -> 192.168.1.19:4811 -> 210.211.98.20:80 -> ESTABLISHED
N/A -> 192.168.1.19:4812 -> 14.0.20.11:80 -> TIME_WAIT
chrome.exe -> 192.168.1.19:4814 -> 222.255.28.220:80 -> ESTABLISHED
chrome.exe -> 192.168.1.19:4816 -> 123.30.180.60:80 -> ESTABLISHED
chrome.exe -> 192.168.1.19:4817 -> 123.30.180.60:80 -> ESTABLISHED
chrome.exe -> 192.168.1.19:4818 -> 123.30.180.60:80 -> ESTABLISHED
chrome.exe -> 192.168.1.19:4819 -> 123.30.180.60:80 -> ESTABLISHED
chrome.exe -> 192.168.1.19:4820 -> 123.30.180.60:80 -> ESTABLISHED
chrome.exe -> 192.168.1.19:4821 -> 222.255.28.220:80 -> ESTABLISHED
chrome.exe -> 192.168.1.19:4822 -> 222.255.28.220:80 -> ESTABLISHED
chrome.exe -> 192.168.1.19:4823 -> 222.255.28.220:80 -> ESTABLISHED
chrome.exe -> 192.168.1.19:4824 -> 222.255.28.220:80 -> ESTABLISHED
chrome.exe -> 192.168.1.19:4825 -> 222.255.28.220:80 -> ESTABLISHED
chrome.exe -> 192.168.1.19:4826 -> 222.255.28.38:80 -> ESTABLISHED
chrome.exe -> 192.168.1.19:4830 -> 222.255.236.170:80 -> ESTABLISHED
chrome.exe -> 192.168.1.19:4831 -> 222.255.236.170:80 -> ESTABLISHED
chrome.exe -> 192.168.1.19:4832 -> 222.255.28.220:80 -> ESTABLISHED
chrome.exe -> 192.168.1.19:4833 -> 210.211.98.20:80 -> ESTABLISHED
chrome.exe -> 192.168.1.19:4836 -> 222.255.28.220:80 -> ESTABLISHED
chrome.exe -> 192.168.1.19:4837 -> 123.30.180.55:80 -> ESTABLISHED
chrome.exe -> 192.168.1.19:4838 -> 210.211.98.20:80 -> ESTABLISHED
chrome.exe -> 192.168.1.19:4839 -> 210.211.98.20:80 -> ESTABLISHED
chrome.exe -> 192.168.1.19:4840 -> 210.211.98.20:80 -> ESTABLISHED
chrome.exe -> 192.168.1.19:4841 -> 210.211.98.20:80 -> ESTABLISHED
chrome.exe -> 192.168.1.19:4842 -> 210.211.98.20:80 -> ESTABLISHED
chrome.exe -> 192.168.1.19:4846 -> 74.125.71.154:80 -> ESTABLISHED
chrome.exe -> 192.168.1.19:4847 -> 60.254.131.55:80 -> ESTABLISHED
N/A -> 192.168.1.19:4850 -> 74.125.71.139:80 -> TIME_WAIT
chrome.exe -> 192.168.1.19:4851 -> 74.125.71.139:80 -> ESTABLISHED
N/A -> 192.168.1.19:4852 -> 74.125.71.139:80 -> TIME_WAIT
chrome.exe -> 192.168.1.19:4853 -> 74.125.71.154:80 -> ESTABLISHED
N/A -> 192.168.1.19:4854 -> 98.124.156.54:80 -> TIME_WAIT
N/A -> 192.168.1.19:4855 -> 98.124.156.54:80 -> TIME_WAIT
chrome.exe -> 192.168.1.19:4856 -> 98.124.156.54:80 -> LAST_ACK
chrome.exe -> 192.168.1.19:4857 -> 74.125.71.156:80 -> ESTABLISHED
N/A -> 192.168.1.19:4858 -> 74.125.71.156:80 -> TIME_WAIT
chrome.exe -> 192.168.1.19:4859 -> 74.125.71.156:80 -> ESTABLISHED
chrome.exe -> 192.168.1.19:4860 -> 74.125.71.155:80 -> ESTABLISHED
chrome.exe -> 192.168.1.19:4861 -> 74.125.71.155:80 -> ESTABLISHED
chrome.exe -> 192.168.1.19:4862 -> 98.124.156.54:80 -> LAST_ACK
N/A -> 192.168.1.19:4863 -> 98.124.156.54:80 -> TIME_WAIT
chrome.exe -> 192.168.1.19:4864 -> 74.125.71.103:80 -> ESTABLISHED
N/A -> 192.168.1.19:4866 -> 118.214.124.20:80 -> TIME_WAIT
chrome.exe -> 192.168.1.19:4867 -> 118.214.124.20:80 -> ESTABLISHED
chrome.exe -> 192.168.1.19:4868 -> 118.214.124.20:80 -> ESTABLISHED
chrome.exe -> 192.168.1.19:4869 -> 118.214.124.20:80 -> ESTABLISHED
chrome.exe -> 192.168.1.19:4876 -> 60.254.131.78:80 -> CLOSE_WAIT
N/A -> 192.168.1.19:4877 -> 60.254.131.78:80 -> TIME_WAIT
chrome.exe -> 192.168.1.19:4878 -> 74.125.71.139:443 -> ESTABLISHED
chrome.exe -> 192.168.1.19:4880 -> 113.171.252.85:443 -> ESTABLISHED
chrome.exe -> 192.168.1.19:4881 -> 118.215.4.20:80 -> ESTABLISHED
N/A -> 192.168.1.19:4882 -> 118.215.4.20:80 -> TIME_WAIT
N/A -> 192.168.1.19:4892 -> 119.18.189.229:80 -> TIME_WAIT
chrome.exe -> 192.168.1.19:4907 -> 120.138.68.140:80 -> ESTABLISHED
HelpHost.exe -> 192.168.1.19:4908 -> 65.55.12.249:80 -> ESTABLISHED

  • UDP Connections


N/A -> 0.0.0.0:445 -> *.*
lsass.exe -> 0.0.0.0:500 -> *.*
CyberStation.exe -> 0.0.0.0:1026 -> *.*
svchost.exe -> 0.0.0.0:1037 -> *.*
svchost.exe -> 0.0.0.0:1050 -> *.*
svchost.exe -> 0.0.0.0:1051 -> *.*
svchost.exe -> 0.0.0.0:1098 -> *.*
svchost.exe -> 0.0.0.0:1100 -> *.*
svchost.exe -> 0.0.0.0:1160 -> *.*
svchost.exe -> 0.0.0.0:1191 -> *.*
svchost.exe -> 0.0.0.0:1492 -> *.*
lsass.exe -> 0.0.0.0:4500 -> *.*
svchost.exe -> 127.0.0.1:123 -> *.*
underground.exe -> 127.0.0.1:1025 -> *.*
CyberStation.exe -> 127.0.0.1:1031 -> *.*
abpmain.exe -> 127.0.0.1:1809 -> *.*
svchost.exe -> 127.0.0.1:1900 -> *.*
svchost.exe -> 192.168.1.19:123 -> *.*
N/A -> 192.168.1.19:137 -> *.*
N/A -> 192.168.1.19:138 -> *.*
svchost.exe -> 192.168.1.19:1900 -> *.*

  • Hosts file


222.255.28.123 update.nprotect.com
222.255.28.123 update.nprotect.net
222.255.28.123 guard.gunbound.net
222.255.28.123 update.gameguard.net
222.255.28.123 update.gameguard.com
222.255.28.123 gameguard.co.kr

  • Ring3 API Hooks


C:\DOCUME~1\TuanKiet\LOCALS~1\Temp\Rar$EX00.266\HijackHunter.exe -> NTDLL.DLL->NtCreateFile -> N/A -> Inline JMP 0x25FF
C:\DOCUME~1\TuanKiet\LOCALS~1\Temp\Rar$EX00.266\HijackHunter.exe -> NTDLL.DLL->NtOpenFile -> N/A -> Inline JMP 0x25FF
C:\DOCUME~1\TuanKiet\LOCALS~1\Temp\Rar$EX00.266\HijackHunter.exe -> NTDLL.DLL->NtTerminateProcess -> N/A -> Inline JMP 0x25FF
C:\DOCUME~1\TuanKiet\LOCALS~1\Temp\Rar$EX00.266\HijackHunter.exe -> NTDLL.DLL->ZwCreateFile -> N/A -> Inline JMP 0x25FF
C:\DOCUME~1\TuanKiet\LOCALS~1\Temp\Rar$EX00.266\HijackHunter.exe -> NTDLL.DLL->ZwOpenFile -> N/A -> Inline JMP 0x25FF
C:\DOCUME~1\TuanKiet\LOCALS~1\Temp\Rar$EX00.266\HijackHunter.exe -> NTDLL.DLL->ZwTerminateProcess -> N/A -> Inline JMP 0x25FF
C:\DOCUME~1\TuanKiet\LOCALS~1\Temp\Rar$EX00.266\HijackHunter.exe -> KERNEL32.DLL->ExitProcess -> N/A -> Inline JMP 0x25FF
C:\WINDOWS\explorer.exe -> KERNEL32.DLL->GetProcAddress -> ShimEng.dll -> IAT
C:\WINDOWS\explorer.exe -> NTDLL.DLL->NtCreateFile -> N/A -> Inline JMP 0x25FF
C:\WINDOWS\explorer.exe -> NTDLL.DLL->NtOpenFile -> N/A -> Inline JMP 0x25FF
C:\WINDOWS\explorer.exe -> NTDLL.DLL->NtTerminateProcess -> N/A -> Inline JMP 0x25FF
C:\WINDOWS\explorer.exe -> NTDLL.DLL->ZwCreateFile -> N/A -> Inline JMP 0x25FF
C:\WINDOWS\explorer.exe -> NTDLL.DLL->ZwOpenFile -> N/A -> Inline JMP 0x25FF
C:\WINDOWS\explorer.exe -> NTDLL.DLL->ZwTerminateProcess -> N/A -> Inline JMP 0x25FF
C:\WINDOWS\explorer.exe -> KERNEL32.DLL->ExitProcess -> N/A -> Inline JMP 0x25FF

  • Kernel Mode Info
[SSDT] NtCreateThread -> 0xA71D4150 -> 0x805D0FD4 -> cmcguardian.sys
[SSDT] NtDuplicateObject -> 0xA71D4F10 -> 0x805BDFC4 -> cmcguardian.sys
[SSDT] NtOpenProcess -> 0xA71D4CA0 -> 0x805CB3FC -> cmcguardian.sys
[SSDT] NtOpenThread -> 0xA71D43A0 -> 0x805CB688 -> cmcguardian.sys
[SSDT] NtQueueApcThread -> 0xA71D3DB0 -> 0x805D1232 -> cmcguardian.sys
[SSDT] NtSystemDebugControl -> 0xA71CCF10 -> 0x8061776E -> cmcguardian.sys
[SSDT] NtWriteVirtualMemory -> 0xA71D3BD0 -> 0x805B4394 -> cmcguardian.sys

---
Finish [ 0:13:3 ]

 

luckeyone

  • Registered Users
  • Thank You
  • -Given: 9
  • -Receive: 0
  • Posts: 28

Lỗi cuối hôm nay em gặp là lỗi kích hoạt bản quyền không hiển thị mòi mấy bác xử lý. Thân các bác nhiều mong là CMC còn phát triển nhiều hơn nữa. Chân thành cảm ơn.

luckeyone

  • Registered Users
  • Thank You
  • -Given: 9
  • -Receive: 0
  • Posts: 28

Khá nhiều lỗi đã lặp lại trong lần cập nhật phiên bản lên 2012 của CMC Internet Security. Mục sự kiện, báo cáo chưa được việt hóa. và nhiều lỗi khá khó khăn. (riêng em chưa hiểu lắm về cái "lưới lọc thông minh SODAZ" là cái gì và tại sao không có seting về nó.)
và các lỗi trong hình em đã up lên nhưng bị lỗi như là lỗi mục cài đặt thông báo của CMC không bật mặc dịnh mà bị tắt. và lỗi bị ngừng quét.

kienvp

  • Registered Users
  • Thank You
  • -Given: 3
  • -Receive: 0
  • Posts: 17

Nam ngoai minh co dung CMC IS 6 thang thay khong hieu qua lam, nam nay neu duoc cho minh test xem CMC2012 co gi vuot troi khong, giao dien the nao, so luong mau virus duoc diet ra lam sao, kha nang canh bao web, khan nang ngan chan virus ra lam sao, . . .

Diễn đàn chính