Just nu i M3-nätverket
Gå till innehåll
Eforum är stängt för nya inlägg och svar sedan 20 juni 2022. Klicka för att läsa vad som hände och om alternativ.

Brandväggsfråga lsass.exe

proppovice

Startad av proppovice,
i Brandväggar

Rekommendera Poster

proppovice

proppovice

Postad
Postad

Hej!

 

Jag får följande fråga av ZoneAlarm. "LSA Shell(Export version) vill ha tillgång till internet". Ska jag tillåta eller inte?

 

Se bifogad fil

 

[bild bifogad 2007-12-17 18:08:06 av proppovice]

1010405_thumb.jpg

Länk till kommentar
Dela på andra webbplatser
proppovice

proppovice

Postad
  • Trådskapare
Postad

Hej

 

[log]Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 18:43:17, on 2007-12-17

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16574)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\ZoneLabs\vsmon.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\Program\Grisoft\AVG7\avgamsvr.exe

C:\Program\Grisoft\AVG7\avgupsvc.exe

C:\Program\Grisoft\AVG7\avgemc.exe

C:\WINDOWS\System32\CTsvcCDA.exe

C:\WINDOWS\System32\NMSSvc.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\MsPMSPSv.exe

C:\WINDOWS\system32\CTHELPER.EXE

C:\Program\Grisoft\AVG7\avgcc.exe

C:\Program\ATI Technologies\ATI.ACE\cli.exe

C:\Program\Zone Labs\ZoneAlarm\zlclient.exe

C:\WINDOWS\system32\iid.exe

C:\Program\Java\jre1.6.0_03\bin\jusched.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program\Messenger\msmsgs.exe

C:\Program\ATI Technologies\ATI.ACE\CLI.exe

C:\Program\MSN Messenger\usnsvc.exe

C:\Program\Internet Explorer\iexplore.exe

C:\Program\Winamp\winamp.exe

C:\Program\Trend Micro\HijackThis\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.rexnet.se/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157'>http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896'>http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program\Java\jre1.6.0_03\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE

O4 - HKLM\..\Run: [updReg] C:\WINDOWS\UpdReg.EXE

O4 - HKLM\..\Run: [srmclean] C:\Cpqs\Scom\srmclean.exe

O4 - HKLM\..\Run: [AVG7_CC] C:\Program\Grisoft\AVG7\avgcc.exe /STARTUP

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

O4 - HKLM\..\Run: [ATIPTA] C:\Program\ATI Technologies\ATI Control Panel\atiptaxx.exe

O4 - HKLM\..\Run: [ATICCC] "C:\Program\ATI Technologies\ATI.ACE\cli.exe" runtime

O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program\Zone Labs\ZoneAlarm\zlclient.exe"

O4 - HKLM\..\Run: [Net iD] C:\WINDOWS\system32\iid.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program\Java\jre1.6.0_03\bin\jusched.exe"

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [MsnMsgr] "C:\Program\MSN Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NVMCTRAY.DLL,NvTaskbarInit

O4 - HKCU\..\Run: [MSMSGS] "C:\Program\Messenger\msmsgs.exe" /background

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOKAL TJÄNST')

O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\Program\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOKAL TJÄNST')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-21-3376078148-183450923-3509257688-1003\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe (User '?')

O4 - HKUS\S-1-5-21-3376078148-183450923-3509257688-1003\..\RunOnce: [NeroHomeFirstStart] C:\Program\Delade filer\Ahead\Lib\NeroScoutOptions.exe (User '?')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')

O4 - Global Startup: Systemfältet för ATI CATALYST.lnk = C:\Program\ATI Technologies\ATI.ACE\CLI.exe

O8 - Extra context menu item: E&xportera till Microsoft Excel - res://C:\Program\MICROS~2\Office10\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java-konsol - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O16 - DPF: {0B79F48A-E8D6-11DB-9283-E25056D89593} (F-Secure Online Scanner 3.1) - http://support.f-secure.com/ols/fscax.cab

O16 - DPF: {230C3D02-DA27-11D2-8612-00A0C93EEA3C} (SAXFile FileUpload ActiveX Control) - https://www.rexnet.se/Secure/Rexnet/FileFolder/CAB/saxfile.cab

O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.safety.live.com/resource/download/scanner/wlscbase969.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1159652291202

O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1159656913890

O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab

O16 - DPF: {9B17FE0E-51F2-4692-8B32-8EFB805FC0E7} (HPObjectInstaller Class) - http://h30155.www3.hp.com/ediags/dd/install/guidedsolutions.cab

O20 - Winlogon Notify: !SASWinLogon - C:\Program\SUPERAntiSpyware\SASWINLO.dll

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe

O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\Program\Grisoft\AVG7\avgamsvr.exe

O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\Program\Grisoft\AVG7\avgupsvc.exe

O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\Program\Grisoft\AVG7\avgemc.exe

O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe

O23 - Service: Intel® NMS (NMSSvc) - Intel Corporation - C:\WINDOWS\System32\NMSSvc.exe

O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

 

--

End of file - 7122 bytes

[/log]

 

Länk till kommentar
Dela på andra webbplatser
proppovice

proppovice

Postad
  • Trådskapare
Postad

Hej

 

Log efter combofix

 

[log]Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 18:59:43, on 2007-12-17

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16574)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\ZoneLabs\vsmon.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\Program\Grisoft\AVG7\avgamsvr.exe

C:\Program\Grisoft\AVG7\avgupsvc.exe

C:\Program\Grisoft\AVG7\avgemc.exe

C:\WINDOWS\System32\CTsvcCDA.exe

C:\WINDOWS\System32\NMSSvc.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\MsPMSPSv.exe

C:\WINDOWS\system32\CTHELPER.EXE

C:\Program\Grisoft\AVG7\avgcc.exe

C:\Program\ATI Technologies\ATI.ACE\cli.exe

C:\Program\Zone Labs\ZoneAlarm\zlclient.exe

C:\WINDOWS\system32\iid.exe

C:\Program\Java\jre1.6.0_03\bin\jusched.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program\Messenger\msmsgs.exe

C:\Program\ATI Technologies\ATI.ACE\CLI.exe

C:\Program\MSN Messenger\usnsvc.exe

C:\Program\Internet Explorer\iexplore.exe

C:\ComboFix\nircmd.cfexe

C:\ComboFix\nircmd.cfexe

C:\Program\Trend Micro\HijackThis\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.rexnet.se/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157'>http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896'>http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program\Java\jre1.6.0_03\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE

O4 - HKLM\..\Run: [updReg] C:\WINDOWS\UpdReg.EXE

O4 - HKLM\..\Run: [srmclean] C:\Cpqs\Scom\srmclean.exe

O4 - HKLM\..\Run: [AVG7_CC] C:\Program\Grisoft\AVG7\avgcc.exe /STARTUP

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

O4 - HKLM\..\Run: [ATIPTA] C:\Program\ATI Technologies\ATI Control Panel\atiptaxx.exe

O4 - HKLM\..\Run: [ATICCC] "C:\Program\ATI Technologies\ATI.ACE\cli.exe" runtime

O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program\Zone Labs\ZoneAlarm\zlclient.exe"

O4 - HKLM\..\Run: [Net iD] C:\WINDOWS\system32\iid.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program\Java\jre1.6.0_03\bin\jusched.exe"

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [MsnMsgr] "C:\Program\MSN Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NVMCTRAY.DLL,NvTaskbarInit

O4 - HKCU\..\Run: [MSMSGS] "C:\Program\Messenger\msmsgs.exe" /background

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOKAL TJÄNST')

O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\Program\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOKAL TJÄNST')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-21-3376078148-183450923-3509257688-1003\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe (User '?')

O4 - HKUS\S-1-5-21-3376078148-183450923-3509257688-1003\..\RunOnce: [NeroHomeFirstStart] C:\Program\Delade filer\Ahead\Lib\NeroScoutOptions.exe (User '?')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')

O4 - Global Startup: Systemfältet för ATI CATALYST.lnk = C:\Program\ATI Technologies\ATI.ACE\CLI.exe

O8 - Extra context menu item: E&xportera till Microsoft Excel - res://C:\Program\MICROS~2\Office10\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java-konsol - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O16 - DPF: {0B79F48A-E8D6-11DB-9283-E25056D89593} (F-Secure Online Scanner 3.1) - http://support.f-secure.com/ols/fscax.cab

O16 - DPF: {230C3D02-DA27-11D2-8612-00A0C93EEA3C} (SAXFile FileUpload ActiveX Control) - https://www.rexnet.se/Secure/Rexnet/FileFolder/CAB/saxfile.cab

O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.safety.live.com/resource/download/scanner/wlscbase969.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1159652291202

O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1159656913890

O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab

O16 - DPF: {9B17FE0E-51F2-4692-8B32-8EFB805FC0E7} (HPObjectInstaller Class) - http://h30155.www3.hp.com/ediags/dd/install/guidedsolutions.cab

O20 - Winlogon Notify: !SASWinLogon - C:\Program\SUPERAntiSpyware\SASWINLO.dll

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe

O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\Program\Grisoft\AVG7\avgamsvr.exe

O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\Program\Grisoft\AVG7\avgupsvc.exe

O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\Program\Grisoft\AVG7\avgemc.exe

O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe

O23 - Service: Intel® NMS (NMSSvc) - Intel Corporation - C:\WINDOWS\System32\NMSSvc.exe

O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

 

--

End of file - 7144 bytes

[/log]

 

Länk till kommentar
Dela på andra webbplatser
proppovice

proppovice

Postad
  • Trådskapare
Postad

Hej

 

Nu kommer rätt logg

 

[log]ComboFix 07-12-17.1 - Peter 2007-12-17 19:12:32.1 - NTFSx86

Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1053.18.581 [GMT 1:00]

Running from: C:\Documents and Settings\Peter\Skrivbord\ComboFix.exe

* Created a new restore point

.

 

((((((((((((((((((((((((( Files Created from 2007-11-17 to 2007-12-17 )))))))))))))))))))))))))))))))

.

 

2007-12-16 19:45 . 2007-09-24 23:31 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl

2007-12-12 00:13 . 2007-10-11 00:53 6,065,664 --------- C:\WINDOWS\system32\dllcache\ieframe.dll

2007-12-12 00:13 . 2007-07-01 04:31 2,455,488 --------- C:\WINDOWS\system32\dllcache\ieapfltr.dat

2007-12-12 00:13 . 2007-07-01 04:36 1,011,712 --------- C:\WINDOWS\system32\dllcache\ieframe.dll.mui

2007-12-12 00:13 . 2007-10-11 00:53 459,264 --------- C:\WINDOWS\system32\dllcache\msfeeds.dll

2007-12-12 00:13 . 2007-10-11 00:53 383,488 --------- C:\WINDOWS\system32\dllcache\ieapfltr.dll

2007-12-12 00:13 . 2007-10-11 00:53 267,776 --------- C:\WINDOWS\system32\dllcache\iertutil.dll

2007-12-12 00:13 . 2007-10-11 00:53 63,488 --------- C:\WINDOWS\system32\dllcache\icardie.dll

2007-12-12 00:13 . 2007-10-11 00:53 52,224 --------- C:\WINDOWS\system32\dllcache\msfeedsbs.dll

2007-12-12 00:13 . 2007-10-10 11:59 13,824 --------- C:\WINDOWS\system32\dllcache\ieudinit.exe

2007-12-12 00:12 . 2007-12-12 00:14 <KAT> d-------- C:\WINDOWS\system32\sv-se

2007-12-12 00:05 . 2007-08-13 18:54 33,792 --a------ C:\WINDOWS\system32\dllcache\custsat.dll

2007-11-20 23:11 . 2007-11-20 23:11 <KAT> d-------- C:\Program\Uniblue

2007-11-20 22:56 . 2007-11-20 22:56 <KAT> d-------- C:\WINDOWS\system32\SuperAdBlocker.com

2007-11-18 12:15 . 2007-11-18 12:15 <KAT> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com

2007-11-18 12:14 . 2007-11-18 14:10 <KAT> d-------- C:\Program\SUPERAntiSpyware

2007-11-18 12:14 . 2007-11-18 12:14 <KAT> d-------- C:\Program\Delade filer\Wise Installation Wizard

2007-11-18 12:14 . 2007-11-18 12:14 <KAT> d-------- C:\Documents and Settings\Peter\Application Data\SUPERAntiSpyware.com

2007-11-18 11:59 . 2007-11-18 12:11 616,423,424 --a------ C:\277.tmp

2007-11-18 10:20 . 2007-11-18 11:35 <KAT> d-------- C:\WINDOWS\system32\ActiveScan

2007-11-18 10:20 . 2007-11-18 11:33 30,590 --a------ C:\WINDOWS\system32\pavas.ico

 

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2007-12-17 18:17 50,843,680 --sha-w C:\WINDOWS\system32\drivers\fidbox.dat

2007-12-17 18:04 598,748 --sha-w C:\WINDOWS\system32\drivers\fidbox.idx

2007-12-17 17:25 --------- d-----w C:\Documents and Settings\Peter\Application Data\Azureus

2007-12-17 07:00 --------- d-----w C:\Documents and Settings\LocalService\Application Data\AVG7

2007-12-16 21:04 --------- d-----w C:\Program\Azureus

2007-12-16 18:49 --------- d-----w C:\Program\Java

2007-12-10 21:13 --------- d-----w C:\Documents and Settings\Peter\Application Data\AVG7

2007-12-04 13:13 --------- d-----w C:\Documents and Settings\All Users\Application Data\pdf995

2007-11-22 14:18 --------- d-----w C:\Documents and Settings\Peter\Application Data\dvdcss

2007-11-19 11:18 --------- d-----w C:\Documents and Settings\Peter\Application Data\iid

2007-11-18 11:05 --------- d-----w C:\Program\SopCast

2007-11-18 10:35 --------- d-----w C:\Program\MSN Messenger

2007-11-14 20:44 --------- d-----w C:\Program\TPTEST5

2007-11-14 20:43 --------- d--h--w C:\Program\InstallShield Installation Information

2007-11-14 20:42 --------- d-----w C:\Program\Steam

2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys

2007-11-08 22:06 --------- d-----w C:\Program\QuickTime

2007-11-08 22:06 --------- d-----w C:\Program\pdf995

2007-11-08 22:06 --------- d-----w C:\Program\NetWaiting

2007-11-08 22:06 --------- d-----w C:\Program\Compaqnet SE

2007-11-01 19:17 --------- d-----w C:\Program\Trend Micro

2007-10-31 03:57 3,590,656 ------w C:\WINDOWS\system32\dllcache\mshtml.dll

2007-10-29 22:45 1,289,728 ----a-w C:\WINDOWS\system32\quartz.dll

2007-10-29 22:45 1,289,728 ------w C:\WINDOWS\system32\dllcache\quartz.dll

2007-10-26 19:38 --------- d-----w C:\Documents and Settings\All Users\Application Data\avg7

2007-10-26 19:30 102,664 ----a-w C:\WINDOWS\system32\drivers\tmcomm.sys

2007-10-25 16:44 8,467,968 ----a-w C:\WINDOWS\system32\dllcache\shell32.dll

2007-10-25 15:12 --------- d-----w C:\Documents and Settings\All Users\Application Data\MailFrontier

2007-10-25 08:28 222,720 ----a-w C:\WINDOWS\system32\wmasf.dll

2007-10-25 08:28 222,720 ----a-w C:\WINDOWS\system32\dllcache\wmasf.dll

2007-10-21 12:15 4,568,136 ----a-w C:\WINDOWS\Internet Logs\tvDebug.zip

2007-10-10 23:53 824,832 ------w C:\WINDOWS\system32\dllcache\wininet.dll

2007-10-10 23:53 671,232 ------w C:\WINDOWS\system32\dllcache\mstime.dll

2007-10-10 23:53 478,208 ------w C:\WINDOWS\system32\dllcache\mshtmled.dll

2007-10-10 23:53 44,544 ------w C:\WINDOWS\system32\dllcache\iernonce.dll

2007-10-10 23:53 384,512 ------w C:\WINDOWS\system32\dllcache\iedkcs32.dll

2007-10-10 23:53 27,648 ------w C:\WINDOWS\system32\dllcache\jsproxy.dll

2007-10-10 23:53 232,960 ------w C:\WINDOWS\system32\dllcache\webcheck.dll

2007-10-10 23:53 230,400 ------w C:\WINDOWS\system32\dllcache\ieaksie.dll

2007-10-10 23:53 214,528 ------w C:\WINDOWS\system32\dllcache\dxtrans.dll

2007-10-10 23:53 193,024 ------w C:\WINDOWS\system32\dllcache\msrating.dll

2007-10-10 23:53 153,088 ------w C:\WINDOWS\system32\dllcache\ieakeng.dll

2007-10-10 23:53 132,608 ------w C:\WINDOWS\system32\dllcache\extmgr.dll

2007-10-10 23:53 124,928 ------w C:\WINDOWS\system32\dllcache\advpack.dll

2007-10-10 23:53 105,984 ------w C:\WINDOWS\system32\dllcache\url.dll

2007-10-10 23:53 102,400 ------w C:\WINDOWS\system32\dllcache\occache.dll

2007-10-10 23:53 1,159,680 ------w C:\WINDOWS\system32\dllcache\urlmon.dll

2007-10-10 11:04 70,656 ------w C:\WINDOWS\system32\dllcache\ie4uinit.exe

2007-10-10 11:04 625,152 ------w C:\WINDOWS\system32\dllcache\iexplore.exe

2007-10-10 05:46 161,792 ------w C:\WINDOWS\system32\dllcache\ieakui.dll

2007-08-30 21:07 425,984 ----a-w C:\Documents and Settings\Ägaren\ntuser.dat

2007-08-30 21:07 425,984 ----a-w C:\Documents and Settings\Ägaren\ntuser.dat

2007-08-21 21:38 32,248 ----a-w C:\Documents and Settings\Peter\Application Data\GDIPFONTCACHEV1.DAT

.

 

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 09:34]

"MsnMsgr"="C:\Program\MSN Messenger\MsnMsgr.exe" [2007-01-19 12:55]

"NvMediaCenter"="RUNDLL32.exe" [2004-08-04 09:34 C:\WINDOWS\system32\rundll32.exe]

"MSMSGS"="C:\Program\Messenger\msmsgs.exe" [2004-10-13 17:24]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"WINDVDPatch"="CTHELPER.EXE" [2002-07-02 11:56 C:\WINDOWS\system32\CTHELPER.EXE]

"UpdReg"="C:\WINDOWS\UpdReg.EXE" [2000-05-11 00:00]

"srmclean"="C:\Cpqs\Scom\srmclean.exe" [2001-07-24 22:34]

"AVG7_CC"="C:\Program\Grisoft\AVG7\avgcc.exe" [2007-10-22 18:29]

"NvCplDaemon"="RUNDLL32.exe" [2004-08-04 09:34 C:\WINDOWS\system32\rundll32.exe]

"nwiz"="nwiz.exe" [2003-07-28 13:19 C:\WINDOWS\system32\nwiz.exe]

"ATIPTA"="C:\Program\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-05-03 20:05]

"ATICCC"="C:\Program\ATI Technologies\ATI.ACE\cli.exe" [2005-05-03 23:33]

"ZoneAlarm Client"="C:\Program\Zone Labs\ZoneAlarm\zlclient.exe" [2007-09-06 15:14]

"Net iD"="C:\WINDOWS\system32\iid.exe" [2007-03-15 10:11]

"SunJavaUpdateSched"="C:\Program\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-04 09:34]

"AVG7_Run"="C:\Program\Grisoft\AVG7\avgw.exe" [2007-10-22 18:29]

 

C:\Documents and Settings\All Users\Start-meny\Program\AutostartSystemf„ltet f”r ATI CATALYST.lnk - C:\Program\ATI Technologies\ATI.ACE\CLI.exe [2005-05-03 23:33:42]

 

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]

"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]

C:\Program\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Program\SUPERAntiSpyware\SASWINLO.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start-meny^Program^Autostart^Adobe Gamma Loader.lnk]

backup=C:\WINDOWS\pss\Adobe Gamma Loader.lnkCommon Startup

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start-meny^Program^Autostart^Microsoft Office.lnk]

path=C:\Documents and Settings\All Users\Start-meny\Program\Autostart\Microsoft Office.lnk

backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start-meny^Program^Autostart^Påminnelser för Kalendern i Microsoft Works.lnk]

backup=C:\WINDOWS\pss\Påminnelser för Kalendern i Microsoft Works.lnkCommon Startup

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CPQEASYACC]

2001-12-14 14:01 32768 --a------ C:\Program\COMPAQ\Easy Access Button Support\StartEAK.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Creative WebCam Tray]

2005-10-27 11:00 299008 --------- C:\Program\Creative\Shared Files\CamTray.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Jet Detection]

2001-11-29 00:00 28672 --a------ C:\Program\Creative\SBAudigy\PROGRAM\ADGJDet.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Works Portfolio]

C:\Program\Microsoft Works\WksSb.exe /AllUsers

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Works Update Detection]

2000-08-30 07:17 28739 --a------ C:\Program\Microsoft Works\WkDetect.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBJ]

2005-02-10 16:00 1937408 --------- C:\Program\Ahead\Nero BackItUp\NBJ.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]

2001-07-09 09:50 155648 --a------ C:\WINDOWS\system32\NeroCheck.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

C:\Program\QuickTime\qttask.exe -atboottime

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealTray]

C:\Program\Real\RealPlayer\realplay.exe SYSTEMBOOTHIDEPLAYER

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]

C:\Program\Delade filer\Real\Update_OB\realsched.exe -osboot

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WCOLOREAL]

2002-02-20 11:40 143360 --a------ C:\Program\COMPAQ\Coloreal\coloreal.exe

 

R2 NMSSvc;Intel® NMS;C:\WINDOWS\System32\NMSSvc.exe [2002-03-04 09:35]

R3 NMSCFG;NIC Management Service Configuration Driver;C:\WINDOWS\system32\drivers\NMSCFG.SYS [2002-03-04 09:35]

R3 V0260VID;Live! Cam Vista IM;C:\WINDOWS\system32\DRIVERS\V0260Vid.sys [2006-04-01 16:16]

S3 cusbohcn;cusbohcn;C:\DOCUME~1\Peter\LOKALA~1\Temp\cusbohcn.sys [2001-03-05 15:36]

S3 GVCplDrv;GVCplDrv;C:\WINDOWS\system32\drivers\GVCplDrv.sys [2004-05-02 09:47]

 

*Newly Created Service* - CATCHME

*Newly Created Service* - PROCEXP90

.

Contents of the 'Scheduled Tasks' folder

"2007-12-12 20:16:01 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"

- C:\Program\Apple Software Update\SoftwareUpdate.exe

.

**************************************************************************

 

catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2007-12-17 19:17:53

Windows 5.1.2600 Service Pack 2 NTFS

 

scanning hidden processes ...

 

scanning hidden autostart entries ...

 

scanning hidden files ...

 

scan completed successfully

hidden files: 0

 

**************************************************************************

.

Completion time: 2007-12-17 19:18:48

.

2007-12-12 20:02:28 --- E O F ---

[/log]

 

Länk till kommentar
Dela på andra webbplatser
Cecilia

Cecilia

Postad
Postad

IP-adressen går till Verizon som ger ut certifikat så troligen är det någon kontroll av certifikat.

The LSA handles aspects of security administration on the local computer
http://www.experts-exchange.com/Security/Q_21862589.html

 

Frågan finns på http://forum.zonealarm.com/zonelabs/board/message?board.id=win_za_msgs&message.id=16226 också och där finns det ju folk som är kunniga i ZoneAlarm så förhoppningsvis finns där bra svar också (jag har inte orkat läsa igenom hela).

 

Länk till kommentar
Dela på andra webbplatser

Arkiverat

Det här ämnet är nu arkiverat och är stängt för ytterligare svar.

Gå till ämneslista


×
×
  • Skapa nytt...