|
You last visited: Today at 16:27
Advertisement
Unsichtbare Wände
Discussion on Unsichtbare Wände within the World of Warcraft forum part of the Popular Games category.
11/06/2008, 21:00
|
#16
|
elite*gold: 0 
Join Date: Apr 2006
Posts: 2,524
Received Thanks: 74
|
@ vorposter:
auf sowas achte ich schon garnich mehr, das sind meistens eh nur welche, die sich wichtig machen wollen, und selbst keine ahnung haben. außerdem haette er ja mitposten koennen, was wir denn so scheiße machen  (komisch hat nix geschrieben, hmmm)
und sowas is jetz post 2500, grml xD
|
|
|
|
11/07/2008, 08:39
|
#17
|
elite*gold: 202
Join Date: Oct 2008
Posts: 1,440
Received Thanks: 945
|
Code:
[=============================================================================]
Load-time Dlls
[=============================================================================]
Module Name: [ C:\WINDOWS\system32\ntdll.dll ],
Base Address: [0x7C900000 ], Size: [0x000AF000 ]
Module Name: [ C:\WINDOWS\system32\kernel32.dll ],
Base Address: [0x7C800000 ], Size: [0x000F6000 ]
Module Name: [ C:\WINDOWS\system32\ADVAPI32.dll ],
Base Address: [0x77DD0000 ], Size: [0x0009B000 ]
Module Name: [ C:\WINDOWS\system32\RPCRT4.dll ],
Base Address: [0x77E70000 ], Size: [0x00092000 ]
Module Name: [ C:\WINDOWS\system32\Secur32.dll ],
Base Address: [0x77FE0000 ], Size: [0x00011000 ]
Module Name: [ C:\WINDOWS\system32\GDI32.dll ],
Base Address: [0x77F10000 ], Size: [0x00049000 ]
Module Name: [ C:\WINDOWS\system32\USER32.dll ],
Base Address: [0x7E410000 ], Size: [0x00091000 ]
Module Name: [ C:\WINDOWS\system32\COMCTL32.dll ],
Base Address: [0x5D090000 ], Size: [0x0009A000 ]
Module Name: [ C:\WINDOWS\system32\VERSION.dll ],
Base Address: [0x77C00000 ], Size: [0x00008000 ]
Module Name: [ C:\WINDOWS\system32\IMM32.DLL ],
Base Address: [0x76390000 ], Size: [0x0001D000 ]
[=============================================================================]
Run-time Dlls
[=============================================================================]
Module Name: [ C:\WINDOWS\system32\advpack.dll ],
Base Address: [0x42EC0000 ], Size: [0x0002E000 ]
Module Name: [ C:\WINDOWS\system32\feclient.dll ],
Base Address: [0x693F0000 ], Size: [0x00009000 ]
Module Name: [ C:\WINDOWS\system32\MPR.dll ],
Base Address: [0x71B20000 ], Size: [0x00012000 ]
Module Name: [ C:\WINDOWS\system32\USERENV.dll ],
Base Address: [0x769C0000 ], Size: [0x000B4000 ]
Module Name: [ C:\WINDOWS\system32\ole32.dll ],
Base Address: [0x774E0000 ], Size: [0x0013D000 ]
Module Name: [ C:\WINDOWS\system32\SETUPAPI.dll ],
Base Address: [0x77920000 ], Size: [0x000F3000 ]
Module Name: [ C:\WINDOWS\system32\CRYPT32.dll ],
Base Address: [0x77A80000 ], Size: [0x00095000 ]
Module Name: [ C:\WINDOWS\system32\MSASN1.dll ],
Base Address: [0x77B20000 ], Size: [0x00012000 ]
Module Name: [ C:\WINDOWS\system32\Apphelp.dll ],
Base Address: [0x77B40000 ], Size: [0x00022000 ]
Module Name: [ C:\WINDOWS\system32\msvcrt.dll ],
Base Address: [0x77C10000 ], Size: [0x00058000 ]
Module Name: [ C:\WINDOWS\system32\SHLWAPI.dll ],
Base Address: [0x77F60000 ], Size: [0x00076000 ]
[=============================================================================]
SigBuster Output
[=============================================================================]
Microsoft_CAB vna SN:206
[=============================================================================]
2.a) sample.exe - Registry Activities
[=============================================================================]
[=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=]
Registry Values Modified:
[=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=]
Key: [ HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce ],
Value Name: [ wextract_cleanup0 ], New Value: [ rundll32.exe C:\WINDOWS\system32\advpack.dll,DelNodeRunDLL32 "C:\DOCUME~1\user\LOCALS~1\Temp\IXP000.TMP\" ]
[=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=]
Registry Values Read:
[=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=]
Key: [ HKLM\SYSTEM\CurrentControlSet\Control\Session Manager ],
Value Name: [ CriticalSectionTimeout ], Value: [ 2592000 ], 1 time
Key: [ HKLM\SYSTEM\Setup ],
Value Name: [ OsLoaderPath ], Value: [ \ ], 2 times
Key: [ HKLM\SYSTEM\Setup ],
Value Name: [ SystemPartition ], Value: [ \Device\HarddiskVolume1 ], 2 times
Key: [ HKLM\SYSTEM\WPA\MediaCenter ],
Value Name: [ Installed ], Value: [ 0 ], 1 time
Key: [ HKLM\Software\Microsoft\Windows\CurrentVersion ],
Value Name: [ DevicePath ], Value: [ %SystemRoot%\inf ], 1 time
Key: [ HKLM\Software\Microsoft\Windows\CurrentVersion\Setup ],
Value Name: [ DriverCachePath ], Value: [ %SystemRoot%\Driver Cache ], 2 times
Key: [ HKLM\Software\Microsoft\Windows\CurrentVersion\Setup ],
Value Name: [ LogLevel ], Value: [ 0 ], 2 times
Key: [ HKLM\Software\Microsoft\Windows\CurrentVersion\Setup ],
Value Name: [ ServicePackCachePath ], Value: [ c:\windows\ServicePackFiles\ServicePackCache ], 2 times
Key: [ HKLM\Software\Microsoft\Windows\CurrentVersion\Setup ],
Value Name: [ ServicePackSourcePath ], Value: [ c:\windows\ServicePackFiles ], 2 times
Key: [ HKLM\Software\Microsoft\Windows\CurrentVersion\Setup ],
Value Name: [ SourcePath ], Value: [ D:\ ], 2 times
Key: [ HKLM\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers ],
Value Name: [ AuthenticodeEnabled ], Value: [ 0 ], 1 time
Key: [ HKLM\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers ],
Value Name: [ DefaultLevel ], Value: [ 262144 ], 1 time
Key: [ HKLM\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers ],
Value Name: [ PolicyScope ], Value: [ 0 ], 1 time
Key: [ HKLM\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers ],
Value Name: [ TransparentEnabled ], Value: [ 1 ], 1 time
Key: [ HKLM\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{349d35ab-37b5-462f-9b89-edd5fbde1328} ],
Value Name: [ HashAlg ], Value: [ 32771 ], 1 time
Key: [ HKLM\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{349d35ab-37b5-462f-9b89-edd5fbde1328} ],
Value Name: [ ItemData ], Value: [ 0x5eab304f957a49896a006c1c31154015 ], 1 time
Key: [ HKLM\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{349d35ab-37b5-462f-9b89-edd5fbde1328} ],
Value Name: [ ItemSize ], Value: [ 779 ], 1 time
Key: [ HKLM\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{349d35ab-37b5-462f-9b89-edd5fbde1328} ],
Value Name: [ SaferFlags ], Value: [ 0 ], 1 time
Key: [ HKLM\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{7fb9cd2e-3076-4df9-a57b-b813f72dbb91} ],
Value Name: [ HashAlg ], Value: [ 32771 ], 1 time
Key: [ HKLM\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{7fb9cd2e-3076-4df9-a57b-b813f72dbb91} ],
Value Name: [ ItemData ], Value: [ 0x67b0d48b343a3fd3bce9dc646704f394 ], 1 time
Key: [ HKLM\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{7fb9cd2e-3076-4df9-a57b-b813f72dbb91} ],
Value Name: [ ItemSize ], Value: [ 517 ], 1 time
Key: [ HKLM\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{7fb9cd2e-3076-4df9-a57b-b813f72dbb91} ],
Value Name: [ SaferFlags ], Value: [ 0 ], 1 time
Key: [ HKLM\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{81d1fe15-dd9d-4762-b16d-7c29ddecae3f} ],
Value Name: [ HashAlg ], Value: [ 32771 ], 1 time
Key: [ HKLM\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{81d1fe15-dd9d-4762-b16d-7c29ddecae3f} ],
Value Name: [ ItemData ], Value: [ 0x327802dcfef8c893dc8ab006dd847d1d ], 1 time
Key: [ HKLM\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{81d1fe15-dd9d-4762-b16d-7c29ddecae3f} ],
Value Name: [ ItemSize ], Value: [ 918 ], 1 time
Key: [ HKLM\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{81d1fe15-dd9d-4762-b16d-7c29ddecae3f} ],
Value Name: [ SaferFlags ], Value: [ 0 ], 1 time
Key: [ HKLM\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{94e3e076-8f53-42a5-8411-085bcc18a68d} ],
Value Name: [ HashAlg ], Value: [ 32771 ], 1 time
Key: [ HKLM\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{94e3e076-8f53-42a5-8411-085bcc18a68d} ],
Value Name: [ ItemData ], Value: [ 0xbd9a2adb42ebd8560e250e4df8162f67 ], 1 time
Key: [ HKLM\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{94e3e076-8f53-42a5-8411-085bcc18a68d} ],
Value Name: [ ItemSize ], Value: [ 229 ], 1 time
Key: [ HKLM\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{94e3e076-8f53-42a5-8411-085bcc18a68d} ],
Value Name: [ SaferFlags ], Value: [ 0 ], 1 time
Key: [ HKLM\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{dc971ee5-44eb-4fe4-ae2e-b91490411bfc} ],
Value Name: [ HashAlg ], Value: [ 32771 ], 1 time
Key: [ HKLM\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{dc971ee5-44eb-4fe4-ae2e-b91490411bfc} ],
Value Name: [ ItemData ], Value: [ 0x386b085f84ecf669d36b956a22c01e80 ], 1 time
Key: [ HKLM\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{dc971ee5-44eb-4fe4-ae2e-b91490411bfc} ],
Value Name: [ ItemSize ], Value: [ 370 ], 1 time
Key: [ HKLM\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{dc971ee5-44eb-4fe4-ae2e-b91490411bfc} ],
Value Name: [ SaferFlags ], Value: [ 0 ], 1 time
Key: [ HKLM\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{dda3f824-d8cb-441b-834d-be2efd2c1a33} ],
Value Name: [ ItemData ], Value: [ %HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\Cache%OLK* ], 1 time
Key: [ HKLM\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{dda3f824-d8cb-441b-834d-be2efd2c1a33} ],
Value Name: [ SaferFlags ], Value: [ 0 ], 1 time
Key: [ HKLM\System\CurrentControlSet\Control\ComputerName\ActiveComputerName ],
Value Name: [ ComputerName ], Value: [ USER ], 3 times
Key: [ HKLM\System\CurrentControlSet\Control\ProductOptions ],
Value Name: [ ProductType ], Value: [ WinNT ], 1 time
Key: [ HKLM\System\CurrentControlSet\Services\Tcpip\Parameters ],
Value Name: [ Domain ], Value: [ ], 2 times
Key: [ HKLM\System\CurrentControlSet\Services\Tcpip\Parameters ],
Value Name: [ Hostname ], Value: [ user ], 2 times
Key: [ HKLM\System\Setup ],
Value Name: [ SystemSetupInProgress ], Value: [ 0 ], 1 time
Key: [ HKLM\System\WPA\PnP ],
Value Name: [ seed ], Value: [ 1374283966 ], 1 time
Key: [ HKU\S-1-5-21-1229272821-1004336348-527237240-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders ],
Value Name: [ Cache ], Value: [ C:\Documents and Settings\user\Local Settings\Temporary Internet Files ], 1 time
Key: [ HKU\S-1-5-21-1229272821-1004336348-527237240-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders ],
Value Name: [ Local Settings ], Value: [ %USERPROFILE%\Local Settings ], 1 time
Key: [ HKU\S-1-5-21-1229272821-1004336348-527237240-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders ],
Value Name: [ Personal ], Value: [ %USERPROFILE%\My Documents ], 1 time
[=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=]
Monitored Registry Keys:
[=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=]
Key: [ HKLM\system\CurrentControlSet\control\NetworkProvider\HwOrder ],
Watch subtree: [ 0 ], Notify Filter: [ Value Change ], 1 time
[=============================================================================]
2.b) sample.exe - File Activities
[=============================================================================]
[=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=]
Files Created:
[=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=]
File Name: [ C:\DOCUME~1\user\LOCALS~1\Temp\IXP000.TMP ]
File Name: [ C:\DOCUME~1\user\LOCALS~1\Temp\IXP000.TMP\TMP4351$.TMP ]
File Name: [ C:\DOCUME~1\user\LOCALS~1\Temp\IXP000.TMP\crypted.exe ]
[=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=]
Files Read:
[=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=]
File Name: [ PIPE\lsarpc ]
[=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=]
Files Modified:
[=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=]
File Name: [ C:\DOCUME~1\user\LOCALS~1\Temp\IXP000.TMP\crypted.exe ]
File Name: [ MountPointManager ]
File Name: [ PIPE\lsarpc ]
[=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=]
Directories Created:
[=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=]
Directory: [ C:\DOCUME~1\user\LOCALS~1\Temp\IXP000.TMP ]
[=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=]
File System Control Communication:
[=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=]
File: [ PIPE\lsarpc ], Control Code: [ 0x0011C017 ], 1 time
[=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=]
Device Control Communication:
[=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=]
File: [ C: ], Control Code: [ 0x004D0008 ], 1 time
File: [ MountPointManager ], Control Code: [ 0x006D0008 ], 1 time
File: [ \Device\KsecDD ], Control Code: [ 0x00390008 ], 1 time
[=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=]
Memory Mapped Files:
[=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=]
File Name: [ C:\DOCUME~1\user\LOCALS~1\Temp\IXP000.TMP\crypted.exe ]
File Name: [ C:\WINDOWS\system32\Apphelp.dll ]
File Name: [ C:\WINDOWS\system32\SETUPAPI.dll ]
File Name: [ C:\WINDOWS\system32\advpack.dll ]
File Name: [ C:\WINDOWS\system32\feclient.dll ]
File Name: [ C:\Windows\AppPatch\sysmain.sdb ]
[=============================================================================]
2.c) sample.exe - Process Activities
[=============================================================================]
[=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=]
Processes Created:
[=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=]
Executable: [ C:\DOCUME~1\user\LOCALS~1\Temp\IXP000.TMP\crypted.exe ], Command Line: [ ]
Executable: [ ], Command Line: [ C:\DOCUME~1\user\LOCALS~1\Temp\IXP000.TMP\crypted.exe ]
[=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=]
Remote Threads Created:
[=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=]
Affected Process: [ C:\DOCUME~1\user\LOCALS~1\Temp\IXP000.TMP\crypted.exe ]
[=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=]
Foreign Memory Regions Read:
[=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=]
Process: [ C:\DOCUME~1\user\LOCALS~1\Temp\IXP000.TMP\crypted.exe ]
[#############################################################################]
3. crypted.exe
[#############################################################################]
[=============================================================================]
General information about this executable
[=============================================================================]
Analysis Reason: Started by sample.exe
Filename: crypted.exe
MD5: ca71346d15cd55f9238d9f2042ffb04b
SHA-1: 26e87ab5db02d66fa9b0bda7bd9a8af0859fe565
File Size: 112740 Bytes
Command Line: C:\DOCUME~1\user\LOCALS~1\Temp\IXP000.TMP\crypted.exe
Process-status
at analysis end: alive
Exit Code: 0
[=============================================================================]
Load-time Dlls
[=============================================================================]
Module Name: [ C:\WINDOWS\system32\ntdll.dll ],
Base Address: [0x7C900000 ], Size: [0x000AF000 ]
Module Name: [ C:\WINDOWS\system32\kernel32.dll ],
Base Address: [0x7C800000 ], Size: [0x000F6000 ]
Module Name: [ C:\WINDOWS\system32\MSVBVM60.DLL ],
Base Address: [0x73420000 ], Size: [0x00153000 ]
Module Name: [ C:\WINDOWS\system32\USER32.dll ],
Base Address: [0x7E410000 ], Size: [0x00091000 ]
Module Name: [ C:\WINDOWS\system32\GDI32.dll ],
Base Address: [0x77F10000 ], Size: [0x00049000 ]
Module Name: [ C:\WINDOWS\system32\ADVAPI32.dll ],
Base Address: [0x77DD0000 ], Size: [0x0009B000 ]
Module Name: [ C:\WINDOWS\system32\RPCRT4.dll ],
Base Address: [0x77E70000 ], Size: [0x00092000 ]
Module Name: [ C:\WINDOWS\system32\Secur32.dll ],
Base Address: [0x77FE0000 ], Size: [0x00011000 ]
Module Name: [ C:\WINDOWS\system32\ole32.dll ],
Base Address: [0x774E0000 ], Size: [0x0013D000 ]
Module Name: [ C:\WINDOWS\system32\msvcrt.dll ],
Base Address: [0x77C10000 ], Size: [0x00058000 ]
Module Name: [ C:\WINDOWS\system32\OLEAUT32.dll ],
Base Address: [0x77120000 ], Size: [0x0008B000 ]
Module Name: [ C:\WINDOWS\system32\IMM32.DLL ],
Base Address: [0x76390000 ], Size: [0x0001D000 ]
[=============================================================================]
Run-time Dlls
[=============================================================================]
Module Name: [ C:\WINDOWS\system32\MSCTF.dll ],
Base Address: [0x74720000 ], Size: [0x0004C000 ]
Module Name: [ C:\WINDOWS\system32\msctfime.ime ],
Base Address: [0x755C0000 ], Size: [0x0002E000 ]
Module Name: [ C:\WINDOWS\system32\version.dll ],
Base Address: [0x77C00000 ], Size: [0x00008000 ]
Module Name: [ C:\WINDOWS\system32\SXS.DLL ],
Base Address: [0x7E720000 ], Size: [0x000B0000 ]
[=============================================================================]
3.a) crypted.exe - Registry Activities
[=============================================================================]
[=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=]
Registry Values Read:
[=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=]
Key: [ HKLM\SOFTWARE\Microsoft\CTF\SystemShared\ ],
Value Name: [ CUAS ], Value: [ 0 ], 1 time
Key: [ HKLM\Software\Microsoft\CTF\SystemShared ],
Value Name: [ CUAS ], Value: [ 0 ], 1 time
Key: [ HKLM\Software\Microsoft\Windows NT\CurrentVersion\IMM ],
Value Name: [ Ime File ], Value: [ msctfime.ime ], 1 time
Key: [ HKLM\System\CurrentControlSet\Control\Nls\Codepage ],
Value Name: [ 932 ], Value: [ c_932.nls ], 1 time
Key: [ HKLM\System\CurrentControlSet\Control\Nls\Codepage ],
Value Name: [ 936 ], Value: [ c_936.nls ], 1 time
Key: [ HKLM\System\CurrentControlSet\Control\Nls\Codepage ],
Value Name: [ 949 ], Value: [ c_949.nls ], 1 time
Key: [ HKLM\System\CurrentControlSet\Control\Nls\Codepage ],
Value Name: [ 950 ], Value: [ c_950.nls ], 1 time
[=============================================================================]
3.b) crypted.exe - File Activities
[=============================================================================]
[=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=]
Files Read:
[=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=]
File Name: [ C:\DOCUME~1\user\LOCALS~1\Temp\IXP000.TMP\crypted.exe ]
[=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=]
Device Control Communication:
[=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=]
File: [ unnamed file ], Control Code: [ 0x00390008 ], 7 times
[=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=]
Memory Mapped Files:
[=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=]
File Name: [ C:\WINDOWS\system32\MSCTF.dll ]
File Name: [ C:\WINDOWS\system32\SXS.DLL ]
File Name: [ C:\WINDOWS\system32\msctfime.ime ]
File Name: [ C:\WINDOWS\system32\rpcss.dll ]
wie er deine komplete reg edi. durchleuchtet deine dlls läde und snifft . und sendet gz 
runterladen= verkackt
edit by obilee
|
|
|
|
|
11/07/2008, 13:04
|
#18
|
elite*gold: 0
Join Date: Nov 2007
Posts: 300
Received Thanks: 1,378
|
boah junge setz das doch innen code, du spammst hier alles zu, wers runtergeladen hat selber schuld, zululululul -.-
|
|
|
|
|
11/07/2008, 15:06
|
#19
|
elite*gold: 19
Join Date: Sep 2007
Posts: 1,525
Received Thanks: 1,058
|
Blizzard Entertainment hat kürzlich eine Anfrage zur Änderung einiger der mit Ihrem Account [XXXXXXXXXXXXXX] assoziierten Kontaktinformationen erhalten. Hier können Sie diese Änderungen nochmals überprüfen:
Bisherige E-Mail-Adresse: [k*****]
NEUE E-Mail-Adresse: [  ]
Ahja
Idee? Also IP habe ich, Abuse folgt Bann sollte es auch geben
#
So ein Noob :P Bin erstbesitzer mein kleiner
ALLE INFOS:
Der Kerl wohnt in Osnabrück
Postleitzahl: 49191
07.03.1984
Viel Spaß
|
|
|
|
|
11/08/2008, 19:44
|
#20
|
elite*gold: 0
Join Date: Oct 2007
Posts: 93
Received Thanks: 15
|
1 was soll das bringen durch wände gucken? 2 is der sehr schlau wenn er von 50 tausen privaterserver acc kriegt xD
|
|
|
|
 |
|
Similar Threads
|
unsichtbare gms ?????
07/16/2010 - Last Chaos - 7 Replies
Noch was: könnt sein das diese Woche mehrere unsichtbare GMs da sind-also wird die CS denke ich fair ablaufen und hackt doch wer, müsste er erwischt werden.
habe ich grad in einem text von lcger forum raus gelesen . nun meine frage gibt es gm´s die sich unsichtbar machen können oder ist es mal wieder hirngespennste von irgendwelchen gamer . spiele jetzt seit knapp 2 jahre lc ger und so was habe ich noch nie mit bekommen . wäre dankbar über jede info :rtfm:
|
Unsichtbare Gm´s sehen ?
07/02/2010 - Flyff Private Server - 2 Replies
Halloo,
ich wollte mal wissen, ob es irgendwie eine Möglichkeit gibt, Gm´s zu sehen, wenn sie unsichtbar sind. Vllt. erkennt man sie nur ganz schwach oder so, ich hab keiner Ahnung, aber vllt. ihr x3
Danke im vorraus
|
Unsichtbare Lc ordner
06/25/2010 - Last Chaos - 0 Replies
edit: closed pls hier hat nichts gestanden habe ich wohl geirrt sry.
|
durch unsichtbare wände laufen
06/29/2006 - World of Warcraft - 10 Replies
Ich habe heute ein Video gesehen wie jemand durch unsichtbare wände gelaufen ist und alles dahinter erkunden konnte.
Ich habe mich schon lange gefragt wie und ob sowas geht und kam dabei auf die Idee Modelle zu beabeiten... Nur welches model muß ich wie bearbeiten bzw. mit welchem vertauchen damit es geht.
Link zum Video: http://www.warcraftmovies.com/stream.php?id=15570
Ich hoffe mir kann jemand helfen und kann es evntl. ins englische übersetzen^^
Edit: Habe mir das video jetz erst...
|
All times are GMT +1. The time now is 16:30.
|
|
