מנוי/נקודות לאקסבוקס לייב בזול

מדהים איך ComboFix נתן בראש לזבל

זהירות - ספויילר!

ComboFix 10-10-11.03 - ZivK 10/12/2010 7:49.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1255.972.1033.18.1977.1302 [GMT 2:00]
Running from: d:\my documents\Downloads\ComboFix.exe
AV: Symantec Endpoint Protection *On-access scanning disabled* (Updated) {FB06448E-52B8-493A-90F3-E43226D3305C}
FW: Symantec Endpoint Protection *disabled* {BE898FE3-CD0B-4014-85A9-03DB9923DDB6}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.
c:\documents and settings\All Users\Documents\סבים\תוכנית 1\Desktop_.ini
c:\documents and settings\All Users\Documents\סבים\תוכניות 2\Desktop_.ini
c:\documents and settings\All Users\Documents\סבים\Desktop_.ini
c:\documents and settings\All Users\Documents\My Music\Desktop_.ini
c:\documents and settings\All Users\Documents\My Music\My Playlists\Desktop_.ini
c:\documents and settings\All Users\Documents\My Music\Sample Music\Desktop_.ini
c:\documents and settings\All Users\Documents\My Music\Sample Playlists\0008FC99\Desktop_.ini
c:\documents and settings\All Users\Documents\My Music\Sample Playlists\Desktop_.ini
c:\documents and settings\All Users\Documents\My Music\Sync Playlists\204BF6A2\Desktop_.ini
c:\documents and settings\All Users\Documents\My Music\Sync Playlists\Desktop_.ini
c:\documents and settings\All Users\Documents\My Pictures\Desktop_.ini
c:\documents and settings\All Users\Documents\My Pictures\Sample Pictures\Desktop_.ini
c:\documents and settings\All Users\Documents\My Videos\Desktop_.ini
c:\documents and settings\ZivK\Application Data\avdrn.dat
c:\documents and settings\ZivK\Start Menu\Programs\Startup\updugt32.exe
C:\Thumbs.db
c:\windows\system\VI30AUT.DLL
c:\windows\system32\2CPO1111.ocx
c:\windows\system32\f931e646.dll
c:\windows\twain_16.dll

((((((((((((((((((((((((( Files Created from 2010-09-12 to 2010-10-12 )))))))))))))))))))))))))))))))
.
2010-10-11 14:19 . 2010-10-11 14:21 -------- d-----w- c:\program files\Unlocker
2010-10-11 05:27 . 2010-10-11 05:27 -------- d-----w- c:\documents and settings\ZivK\Local Settings\Application Data\Symantec
2010-10-11 05:24 . 2010-10-11 05:24 60800 ----a-w- c:\windows\system32\S32EVNT1.DLL
2010-10-11 05:24 . 2010-10-11 05:24 123952 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2010-10-11 05:21 . 2010-10-11 05:24 -------- d-----w- c:\program files\Symantec
2010-10-10 23:00 . 2010-10-10 23:01 -------- d-----w- C:\zivk
2010-10-10 22:30 . 2010-10-11 05:26 -------- d-----w- c:\program files\Common Files\Symantec Shared
2010-10-08 23:24 . 2010-10-09 02:58 -------- d-----w- c:\program files\DuaCool Monitoring
2010-10-08 16:26 . 2010-10-08 16:26 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Google
2010-10-08 16:21 . 2010-10-08 16:21 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Google
2010-10-08 16:21 . 2010-10-08 16:25 -------- d-----w- c:\program files\Google
2010-10-03 10:02 . 2010-10-03 10:02 -------- d-----w- c:\documents and settings\ZivK\Application Data\Devart
2010-10-03 10:01 . 2010-10-03 11:35 -------- d-----w- c:\program files\Common Files\Devart
2010-10-03 10:01 . 2010-10-03 11:35 -------- d-----w- c:\documents and settings\All Users\Application Data\Devart
2010-10-03 10:01 . 2010-10-03 10:01 -------- d-----w- c:\program files\Devart
2010-10-02 18:30 . 2010-10-02 18:34 -------- d-----w- c:\program files\SysTools SQL Recovery v4.8.0.2 (Demo Version)
2010-10-02 10:33 . 2010-10-02 10:33 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
2010-10-01 10:22 . 2010-10-02 18:32 -------- d-----w- C:\SQL Server 2000 Sample Databases
2010-10-01 08:24 . 2010-10-01 08:24 -------- d-----w- c:\documents and settings\ZivK\Local Settings\Application Data\Microsoft_Corporation
2010-09-29 14:38 . 2010-09-29 14:38 -------- d-----w- c:\documents and settings\ZivK\Local Settings\Application Data\BlueScada
2010-09-29 14:38 . 2010-09-29 14:38 -------- d-----w- c:\program files\blueSCADA
2010-09-28 16:06 . 2010-09-28 16:06 19456 ----a-w- c:\windows\system32\SMRX.oca
2010-09-28 15:21 . 2010-09-28 15:21 -------- d-----w- c:\program files\Automated Solutions
2010-09-27 10:00 . 2010-09-27 10:00 -------- d-----w- c:\documents and settings\ZivK\Application Data\Microsoft Corporation
2010-09-27 09:23 . 2009-07-23 03:08 50200 ----a-w- c:\windows\system32\perf-SQLAgent$SQLEXPRESS-sqlagtctr10.1.2531.0.dll
2010-09-27 09:22 . 2009-07-23 03:08 79896 ----a-w- c:\windows\system32\perf-MSSQL$SQLEXPRESS-sqlctr10.1.2531.0.dll
2010-09-27 09:21 . 2010-09-27 09:21 -------- d-----w- c:\windows\system32\RsFx
2010-09-27 09:15 . 2010-09-27 09:15 -------- d-----w- c:\program files\Microsoft Synchronization Services
2010-09-27 09:15 . 2010-09-27 09:15 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition
2010-09-27 09:14 . 2010-09-27 09:25 188128 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\VCSExpress\10.0\1033\ResourceCache. dll
2010-09-27 09:13 . 2010-09-27 09:13 -------- d-----w- c:\program files\Microsoft Help Viewer
2010-09-27 09:13 . 2010-09-27 09:25 -------- d-----w- c:\program files\Microsoft Visual Studio 10.0
2010-09-21 17:10 . 2010-09-21 17:10 -------- d-----w- c:\program files\LZAE LUMEL S.A

(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-03-27 1040384]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2008-04-04 1044480]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-06-05 150040]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-06-05 170520]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-06-05 141848]
"QlbCtrl.exe"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2008-10-10 177456]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2009-02-12 115560]
"UnlockerAssistant"="c:\program files\Unlocker\UnlockerAssistant.exe" [2010-07-04 17408]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\Cur rentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2008-11-03 435096]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ackpbsc]
2007-05-15 14:08 112640 ----a-w- c:\windows\system32\ackpbsc.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\acunlock]
2007-05-15 14:08 281088 ----a-w- c:\program files\ActivIdentity\ActivClient\acunlock.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\ccEvtMgr]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\ccSetMgr]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\Symantec Antivirus]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Visual Studio\\COMMON\\Tools\\VS-Ent98\\Vanalyzr\\VARPC.EXE"=
"c:\\Program Files\\FlashFXP\\FlashFXP.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\fxsclnt.exe"=
"c:\\Program Files\\Siemens\\Step7\\S7BIN\\S7tgtopx.exe"=
"c:\\Program Files\\Siemens\\Step7\\S7INF\\S7usiapx.exe"=
"c:\\Program Files\\Common Files\\Siemens\\SQLANY\\dbsrv9.exe"=
"c:\\Program Files\\Wizcon Supervisor\\Wizcon\\Bin\\wizpro.exe"=
"c:\\Program Files\\Wizcon Supervisor\\Wizcon\\Bin\\Wizcon.exe"=
"c:\\Program Files\\Schneider Electric\\Vijeo-Designer\\Vijeo-Runtime\\public\\Bin\\Koohi.exe"=
"c:\\Program Files\\Schneider Electric\\TwidoSuite\\ModbusDrv.exe"=
"c:\\Program Files\\Schneider Electric\\TwidoSuite\\uswitch.exe"=
"c:\\Program Files\\Schneider Electric\\TwidoSuite\\TWDS.exe"=
"c:\\Documents and Settings\\ZivK\\temp\\TeamViewer\\Version5\\TeamVi ewer.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=
"c:\\Program Files\\Siemens\\SIMATIC WinCC flexible\\WinCC flexible 2008\\HmiES.exe"=
"c:\\Program Files\\Siemens\\SIMATIC WinCC flexible\\WinCC flexible 2008\\TraceServer.exe"=
"c:\\Program Files\\Siemens\\SIMATIC WinCC flexible\\WinCC flexible 2008 Runtime\\MiniWeb.exe"=
"c:\\Program Files\\Siemens\\SIMATIC WinCC flexible\\WinCC flexible 2008 Runtime\\SmartServer.exe"=
"c:\\Program Files\\Siemens\\SIMATIC WinCC flexible\\WinCC flexible 2008 Runtime\\HmiLoad.exe"=
"c:\\WINDOWS\\system32\\s7otbxsx.exe"=
"c:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
"c:\\zview\\bin\\ZView.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"d:\\Project\\Unitronics\\DotNet VB C#\\CommDrive_C-Sharp\\CommDrive\\VB\\Reading MIs using Listener - VB.Net 2008 Example\\Com Drive Net - Listener Example\\bin\\Debug\\Com Drive Net - Listener Example.exe"=
"d:\\Reading MIs using Ethernet\\Com Drive Net - Listener Example\\bin\\Release\\Com Drive Net - Example.vshost.exe"=
"d:\\C#\\Code Examples\\Unitronics.ComDrive\\CommDrive Examples\\VB\\Reading MIs using Listener - VB.Net 2008 Example\\Com Drive Net - Listener Example\\bin\\Debug\\Com Drive Net - Listener Example.vshost.exe"=
"c:\\Program Files\\Google\\Google Earth\\client\\googleearth.exe"=
"c:\\Program Files\\Symantec\\Symantec Endpoint Protection\\Smc.exe"=
"c:\\Program Files\\Symantec\\Symantec Endpoint Protection\\SNAC.EXE"=
"c:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\GloballyOpenPorts\List]
"1506:TCP"= 1506:TCP:Z-View Port 1506
R0 SFAUDIO;Sonic Focus DSP Driver;c:\windows\system32\drivers\sfaudio.sys [16/12/2008 16:08 24064]
R2 accoca;ActivClient Middleware Service;c:\program files\ActivIdentity\ActivClient\accoca.exe [15/05/2007 16:08 182576]
R2 almservice;Automation License Manager Service;c:\program files\Common Files\Siemens\SWS\almsrv\almsrvx.exe [20/05/2008 15:10 1146880]
R2 Dpmtrcdd;Dpmtrcdd;c:\windows\system32\drivers\dpmt rcdd.sys [25/06/2007 15:47 28363]
R2 FortiSslvpnDaemon;FortiClient SSL VPN;c:\windows\system32\FortiSSLVPNdaemon.exe [22/03/2010 09:38 703080]
R2 MSSQL$WINCCFLEXEXPRESS;SQL Server (WINCCFLEXEXPRESS);c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [27/05/2009 03:27 29262680]
R2 NA_Service;NetAccess Service;c:\windows\system32\NA_Service.exe [07/04/2009 09:12 49152]
R2 s7asysvx;S7 Global Services;c:\program files\Siemens\Step7\S7BIN\s7asysvx.exe [14/07/2008 19:02 69685]
R2 s7odpx2x;SIMATIC MPI/PROFIBUS DPX2 Driver;c:\windows\system32\drivers\s7odpx2x.sys [22/01/2009 15:44 77312]
R2 s7oiehsx;SIMATIC IEPG Help Service;c:\program files\Common Files\Siemens\S7IEPG\s7oiehsx.exe [22/01/2009 15:56 1576008]
R2 S7opcsrtx;PROFINET IO RT-Protocol (LLDP);c:\windows\system32\drivers\s7opcsrtx.sys [22/01/2009 15:45 31232]
R2 s7osmcax;s7osmcax;c:\windows\system32\drivers\s7os mcax.sys [22/01/2009 15:47 173568]
R2 s7snsrtx;PROFINET IO RT-Protocol;c:\windows\system32\drivers\s7snsrtx.sys [30/07/2007 11:06 71168]
R2 S7TraceServiceX;S7TraceServiceX;c:\program files\Common Files\Siemens\Automation\TraceEngine\bin\S7TraceSe rviceX.exe [22/01/2009 15:56 240712]
R2 SsfdcPp;Parallel Port Ssfdc Programmer Driver;c:\windows\system32\drivers\SsfdcPp.sys [01/07/2010 19:13 14604]
R2 UsbConnect;Usb PLC;c:\windows\system32\UsbConnect.exe [04/02/2010 17:44 61440]
R3 ATSwpWDF;AuthenTec TruePrint USB WDF Driver;c:\windows\system32\drivers\ATSwpWDF.sys [15/05/2008 13:29 475520]
R3 Com4QLBEx;Com4QLBEx;c:\program files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [23/02/2009 11:39 222512]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [11/10/2010 07:49 102448]
R3 fwkbdrtm;fwkbdrtm;c:\windows\system32\drivers\fwkb drtm.sys [24/02/2009 21:37 6656]
R3 IFXTPM;IFXTPM;c:\windows\system32\drivers\ifxtpm.s ys [23/07/2008 11:31 44800]
R3 pppop;PPPoP WAN Adapter;c:\windows\system32\drivers\pppop.sys [21/07/2009 16:53 36384]
S0 sumeshy;sumeshy; [x]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\ v4.0.30319\mscorsvw.exe [18/03/2010 13:16 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [08/10/2010 18:21 136176]
S2 NOD32FiXTemDono;Eset Nod32 Boot;c:\windows\system32\regedt32.exe [14/11/2004 20:24 3584]
S3 117f974660f55604;117f974660f55604;\??\c:\windows\T EMP\11240a3f94998 --> c:\windows\TEMP\11240a3f94998 [?]
S3 147bfc63836d5c72;147bfc63836d5c72;\??\c:\windows\T EMP\112004aed5d47 --> c:\windows\TEMP\112004aed5d47 [?]
S3 358f5f11db52cc58;358f5f11db52cc58;\??\c:\windows\T EMP\11640cfbeb287 --> c:\windows\TEMP\11640cfbeb287 [?]
S3 75d809d302196daf;75d809d302196daf;\??\c:\windows\T EMP\112005aea95cc --> c:\windows\TEMP\112005aea95cc [?]
S3 7764d0092b2b3267;7764d0092b2b3267;\??\c:\windows\T EMP\113203c4061a8 --> c:\windows\TEMP\113203c4061a8 [?]
S3 COH_Mon;COH_Mon;c:\windows\system32\drivers\COH_Mo n.sys [18/11/2008 18:17 23888]
S3 ctndrvd;CTNet NT Driver;c:\windows\system32\drivers\ctndrv2.sys [29/06/2010 15:00 6488]
S3 dpmcslv;dpmcslv;c:\windows\system32\drivers\dpmcsl v.sys [04/07/2005 16:04 68280]
S3 e203b9cbc3e4838d;e203b9cbc3e4838d;\??\c:\windows\T EMP\11080e7809f5a --> c:\windows\TEMP\11080e7809f5a [?]
S3 ECOVARIO;ECOVARIO.SYS ECOVARIO device driver;c:\windows\system32\drivers\ECOVARIO.sys [16/04/2009 23:07 29292]
S3 fa64fa16ae2cf156;fa64fa16ae2cf156;\??\c:\windows\T EMP\110405f7dda43 --> c:\windows\TEMP\110405f7dda43 [?]
S3 s7oefs_x;SIMATIC MPI/EFS Driver;c:\windows\system32\drivers\s7oefs_x.sys [18/10/2002 01:34 30512]
S3 s7oupc2x;SIMATIC PC Adapter USB Driver;c:\windows\system32\drivers\s7oupc2x.sys [29/08/2007 19:24 21536]
S3 SCR3XX2K;SCR3xx USB SmartCardReader;c:\windows\system32\drivers\SCR3XX 2K.sys [21/06/2007 04:40 56448]
S3 VAD_DEV;Virtual Audio Service;c:\windows\system32\drivers\vad.sys --> c:\windows\system32\drivers\vad.sys [?]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30 319\WPF\WPFFontCache_v0400.exe [18/03/2010 13:16 753504]
S3 XBTZG935;XBTZG935/XBTZGUSBB USB Link Cable Driver;c:\windows\system32\drivers\XBTZG935.sys [07/04/2009 09:05 11648]
S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\sqladhlp.exe [23/07/2009 05:08 47128]
S4 RsFx0103;RsFx0103 Driver;c:\windows\system32\drivers\RsFx0103.sys [30/03/2009 03:09 239336]
S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [30/03/2009 03:23 366936]
S4 XBTZG935 USB Link Cable;XBTZG935 USB Link Cable;c:\program files\Schneider Electric\Vijeo-Designer\Vijeo-Frame\XBTZG935\XBTGZ935_ulnk(36fc9e60-c465-11cf-8056-444553540000).exe [10/11/2008 21:08 93400]
.
Contents of the 'Scheduled Tasks' folder
2010-10-12 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-10-08 16:21]
2010-10-12 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-10-08 16:21]
2010-10-11 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-484763869-343818398-725345543-1003Core.job
- c:\documents and settings\ZivK\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-04-06 17:52]
2010-10-12 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-484763869-343818398-725345543-1003UA.job
- c:\documents and settings\ZivK\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-04-06 17:52]
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.co.il/
uInternet Connection Wizard,ShellNext = iexplore
IE: &ייצוא אל Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Send to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send To Bluetooth - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
.
.
------- File Associations -------
.
.scr=AutoCADScriptFile
.
- - - - ORPHANS REMOVED - - - -
WebBrowser-{8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - (no file)
SafeBoot-Symantec Antvirus
AddRemove-Agere Systems Soft Modem - c:\windows\agrsmdel
AddRemove-Totalcmd - c:\totalcmd\tcuninst.exe
AddRemove-Z-View - c:\zview\bin\bin\uninst.exe

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\1 17f974660f55604]

"ImagePath"="\??\c:\windows\TEMP\11240a3f94998"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\1 47bfc63836d5c72]
"ImagePath"="\??\c:\windows\TEMP\112004aed5d47"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\3 58f5f11db52cc58]
"ImagePath"="\??\c:\windows\TEMP\11640cfbeb287"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\7 5d809d302196daf]
"ImagePath"="\??\c:\windows\TEMP\112005aea95cc"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\7 764d0092b2b3267]
"ImagePath"="\??\c:\windows\TEMP\113203c4061a8"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\e 203b9cbc3e4838d]
"ImagePath"="\??\c:\windows\TEMP\11080e7809f5a"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\f a64fa16ae2cf156]
"ImagePath"="\??\c:\windows\TEMP\110405f7dda43"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63 A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil 10k_ActiveX.exe,-101"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63 A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63 A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil1 0k_ActiveX.exe"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63 A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F 2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F 2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F 2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(1076)
c:\windows\system32\ackpbsc.dll
c:\windows\system32\aclog.dll
c:\windows\system32\ACLIBEAY.dll
c:\windows\system32\acevtsub.dll
c:\windows\system32\asphat32.dll
c:\windows\system32\acerrmes.dll
c:\windows\system32\aspcom.dll
c:\program files\ActivIdentity\ActivClient\Resources\Merged\a cerrmrc.dll
c:\program files\ActivIdentity\ActivClient\Resources\Merged\a sphatrc.dll
c:\windows\system32\msi.dll
c:\program files\ActivIdentity\ActivClient\acunlock.dll
c:\windows\system32\aipingui.dll
c:\program files\ActivIdentity\ActivClient\Resources\Merged\a ipinguirc.dll
c:\program files\ActivIdentity\ActivClient\resources\acCobAPI rc.dll
c:\program files\ActivIdentity\ActivClient\Resources\Merged\a cunlockrc.dll
- - - - - - - > 'explorer.exe'(3436)
c:\windows\system32\WININET.dll
c:\program files\Unlocker\UnlockerHook.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a 1e18e3b_8.0.50727.4053_x-ww_e6967989\MSVCR80.dll
c:\windows\system32\msi.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\btncopy.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
c:\program files\Symantec\Symantec Endpoint Protection\Smc.exe
c:\program files\ActivIdentity\ActivClient\acevents.exe
c:\program files\Common Files\Symantec Shared\ccSvcHst.exe
c:\windows\System32\SCardSvr.exe
c:\windows\system32\agrsmsvc.exe
c:\program files\Common Files\Siemens\ALMPanelPlugin\ALMPanelPlugin.exe
c:\windows\system32\CRYPSERV.EXE
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\msiexec.exe
c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe
c:\windows\system32\MODBUSDRV.exe
c:\program files\Common Files\Protexis\License Service\PsiService_2.exe
c:\program files\Symantec\Symantec Endpoint Protection\SmcGui.exe
c:\windows\system32\igfxsrvc.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe
c:\program files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
c:\windows\system32\usbconsole.exe
c:\windows\system32\fxssvc.exe
c:\program files\Hewlett-Packard\Shared\hpqwmiex.exe
.
************************************************** ************************
.
Completion time: 2010-10-12 08:18:28 - machine was rebooted
ComboFix-quarantined-files.txt 2010-10-12 06:18
Pre-Run: 20,352,733,184 bytes free
Post-Run: 20,285,145,088 bytes free
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOW S
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
[old]
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional (Boot-Logo)" /noexecute=optin /fastdetect /KERNEL=NTOSBOOT.EXE
- - End Of File - - 3D530C8B5A1105EE3FBBC260E165470C

כלי אשכול	חפש באשכול זה
הצג גירסת הדפסה שלח דף זה ב E-Mail	חפש באשכול זה: חיפוש מתקדם
מצבי תצוגה	דרג אשכול זה
עבור למצב לינארי מצב כלאיים עבור למצב משורשר	דרג אשכול זה:

הדף נוצר ב 0.07 שניות עם 12 שאילתות
צור קשר - Fresh - למעלה