Lsass.exe - brak pliku przy ładowaniu systemu

Majka · 2 Marzec 2007 09:09

Witam

Powtarza mi sie blad: lsass.exe przy ładowaniu Win XP home. I komp. sa sie wylancza, nie idzie tez z plytki insatalcyjnej ( oryginalnej) przy ładowaniu biblioteki plikow. Nastepnego dnia juz sie sam wlancza bez problemow. Ta historia powtarza sie co jakis czas. Co jest tego przyczyna?

ak6 · 2 Marzec 2007 18:17

błąd lsass.exe i restart kompa występuje z reguły gdy załapiesz wirusa sasser.

Jednak zastanawia mnie to, że jak piszesz:

Ale może warto spróbować:

http://www.wsp.krakow.pl/techsupp/sasser.html

Majka · 2 Marzec 2007 22:35

mks.vir wykrył tylko jednego trojana :

C:\Program Files\Internet Explorer\msimg32.dll

z Advare. MyWeb.Search.M

ale niestety nie chce go usunąc mam problemy z ładowaniem win XP home - brak pliku lsass.exe, jednak po “ostygnięciu” komputera, np. na drugi dzien. system ładuje sie, z klopotami -ale ładuje.

Licze na pomoc

Złączono Posta : 2 Marzec 2007, 23:43:15

Logfile of HijackThis v1.99.1 Scan saved at 21:21:41, on 02-03-2007 Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16414) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Windows Defender\MsMpEng.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\LEXBCES.EXE C:\WINDOWS\system32\LEXPPS.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Firebird\Firebird_1_5\bin\fbguard.exe C:\Program Files\Eset\nod32krn.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\Program Files\Firebird\Firebird_1_5\bin\fbserver.exe C:\WINDOWS\Explorer.EXE C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\PROGRA~1\Wanadoo\TaskbarIcon.exe C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe C:\WINDOWS\system32\LVCOMSX.EXE C:\Program Files\Logitech\Video\LogiTray.exe C:\Program Files\Google\Gmail Notifier\gnotify.exe C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe C:\Program Files\Eset\nod32kui.exe C:\Program Files\Winamp\winampa.exe C:\Program Files\Windows Defender\MSASCui.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Lexmark X1100 Series\lxbkbmon.exe C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe C:\Windows\ADS.exe C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe C:\Program Files\Logitech\Video\FxSvr2.exe C:\PROGRA~1\Wanadoo\EspaceWanadoo.exe C:\PROGRA~1\Wanadoo\ComComp.exe C:\PROGRA~1\Wanadoo\Watch.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files\WinRAR\WinRAR.exe C:\DOCUME~1\Maja\USTAWI~1\Temp\Rar$EX00.922\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://szukaj.wp.pl R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.neostrada.pl R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0 CE\Reader\ActiveX\AcroIEHelper.ocx O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll O4 - HKLM…\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM…\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe O4 - HKLM…\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\TaskbarIcon.exe O4 - HKLM…\Run: [RemoteControl] “C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe” O4 - HKLM…\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM…\Run: [zzzHPSETUP] D:\Setup.exe \RESET O4 - HKLM…\Run: [sunJavaUpdateSched] “C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe” O4 - HKLM…\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE O4 - HKLM…\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe O4 - HKLM…\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe O4 - HKLM…\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\gnotify.exe O4 - HKLM…\Run: [Lexmark X1100 Series] “C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe” O4 - HKLM…\Run: [iSUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup O4 - HKLM…\Run: [iSUSScheduler] “C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe” -start O4 - HKLM…\Run: [nod32kui] “C:\Program Files\Eset\nod32kui.exe” /WAITSERVICE O4 - HKLM…\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe O4 - HKLM…\Run: [Windows Defender] “C:\Program Files\Windows Defender\MSASCui.exe” -hide O4 - HKCU…\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU…\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe O4 - HKCU…\Run: [ADS] C:\Windows\ADS.exe O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredi … jhtml?p=ZR O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll O9 - Extra ‘Tools’ menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file) O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra ‘Tools’ menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra ‘Tools’ menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O11 - Options group: [iNTERNATIONAL] International* O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {68282C51-9459-467B-95BF-3C0E89627E55} (MksSkanerOnline Class) - http://www.mks.com.pl/skaner/SkanerOnline.cab O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup … 1739544234 O17 - HKLM\System\CCS\Services\Tcpip…{BF2C0465-439D-4729-B72D-4F56E1A9B66A}: NameServer = 194.204.159.1 217.98.63.164 O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: Firebird Guardian - DefaultInstance (FirebirdGuardianDefaultInstance) - The Firebird Project - C:\Program Files\Firebird\Firebird_1_5\bin\fbguard.exe O23 - Service: Firebird Server - DefaultInstance (FirebirdServerDefaultInstance) - The Firebird Project - C:\Program Files\Firebird\Firebird_1_5\bin\fbserver.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe

Kazali to wklejam

Złączono Posta : 3 Marzec 2007, 0:07:27

jeszcze jedna wazna informacja komp mi sie zawiesza i wolno pracuje ad avare nie wykrywa nic procz MRU List wszystko usuwa, spybot nic nie znajduje mam ciagle komunikaty win że wystapil blad i wysyla komunikaty na microsoftu i chyba najwazniejsza informacja - jestem zielona jak “natka z pietruszki” wszytsko trzeba mi pisac jak “kr… na granicy” :oops: co mam zrobic???

Złączono Posta : 3 Marzec 2007, 0:25:19

Variant 31: - CWS.Msconfig Approx date first sighted: February 5, 2004 Symptoms: IE pages being hijacked to http://www.31234.com on system startup and when changing homepage back, continuous errors about an invalid Registry script in temp2.txt, extra item in right-click menu of webpages named ‘???’ Cleverness: 2/10 Manual removal difficulty: Involves a process killer, some Registry editing and restoring a Windows system file from CD This variant uses the filename msconfig.exe which overwrites the real Windows file in Windows 98/98SE/ME. The temp2.txt file it drops is actually a Registry script, but since it’s in the wrong format, Windows 9x/ME will throw up an error about an invalid Registry script. Windows 2000/XP will import it without complaining, creating the ‘???’ item in the IE right-click menu. The msconfig.exe file will always stay in memory, reinstalling the hijack every 5 seconds. Killing the process, deleting the file and restoring the IE homepages/search pages fixes this hijack. The real Windows file msconfig.exe can be download here, if you can’t restore it from your Windows Setup CD for some reason.

To wynik skanowania CWShedder Ale co z tym zrobic nie wiem :?

adam9870 · 3 Marzec 2007 10:08

Nie trzymaj hijacka w TEMPie lub innym katalogu tymczasowym. Umieść go np. na pulpicie.

Ściągasz program KillBox, zaznaczasz Delete on reboot , w polu full path of file wklej ścieżkę:

C:\Windows\ADS.exe

Klikasz X czerwony i restart kompa.

Usuń wpisy HJT.

Po wykonaniu proszę pokazać nowy log z HijackThis plus z SilentRunners.

Majka · 4 Marzec 2007 14:47

a wpisy jak mam usunac?

adam9870 · 4 Marzec 2007 14:54

Uruchamiasz HijackThis => robisz nowe skanowanie lub klikasz Do a system scan only => pokaże się lista wpisów => stawiasz ptaszek przy wpisach:

=> klikasz Fix checked i potwierdzasz usunięcie.

Majka · 4 Marzec 2007 14:59

Logfile of HijackThis v1.99.1 Scan saved at 15:57:57, on 04-03-2007 Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16414) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Windows Defender\MsMpEng.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\LEXBCES.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\LEXPPS.EXE C:\Program Files\Firebird\Firebird_1_5\bin\fbguard.exe C:\Program Files\Eset\nod32krn.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Firebird\Firebird_1_5\bin\fbserver.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\PROGRA~1\Wanadoo\TaskbarIcon.exe C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe C:\WINDOWS\system32\LVCOMSX.EXE C:\Program Files\Logitech\Video\LogiTray.exe C:\Program Files\Google\Gmail Notifier\gnotify.exe C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe C:\Program Files\Lexmark X1100 Series\lxbkbmon.exe C:\Program Files\Eset\nod32kui.exe C:\Program Files\Winamp\winampa.exe

Złączono Posta : 4 Marzec 2007, 16:00:21

to to

mam nadzieje ze wszystko ok

Złączono Posta : 4 Marzec 2007, 16:02:35

Logfile of HijackThis v1.99.1 Scan saved at 15:57:57, on 04-03-2007 Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16414) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Windows Defender\MsMpEng.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\LEXBCES.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\LEXPPS.EXE C:\Program Files\Firebird\Firebird_1_5\bin\fbguard.exe C:\Program Files\Eset\nod32krn.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Firebird\Firebird_1_5\bin\fbserver.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\PROGRA~1\Wanadoo\TaskbarIcon.exe C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe C:\WINDOWS\system32\LVCOMSX.EXE C:\Program Files\Logitech\Video\LogiTray.exe C:\Program Files\Google\Gmail Notifier\gnotify.exe C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe C:\Program Files\Lexmark X1100 Series\lxbkbmon.exe C:\Program Files\Eset\nod32kui.exe C:\Program Files\Winamp\winampa.exe C:\Program Files\Windows Defender\MSASCui.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe C:\Program Files\Logitech\Video\FxSvr2.exe C:\PROGRA~1\Wanadoo\EspaceWanadoo.exe C:\PROGRA~1\Wanadoo\ComComp.exe C:\PROGRA~1\Wanadoo\Watch.exe C:\Program Files\Winamp\winamp.exe C:\Program Files\WinRAR\WinRAR.exe C:\DOCUME~1\Maja\USTAWI~1\Temp\Rar$EX35.890\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://szukaj.wp.pl R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.neostrada.pl R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0 CE\Reader\ActiveX\AcroIEHelper.ocx O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll O4 - HKLM…\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM…\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe O4 - HKLM…\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\TaskbarIcon.exe O4 - HKLM…\Run: [RemoteControl] “C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe” O4 - HKLM…\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM…\Run: [zzzHPSETUP] D:\Setup.exe \RESET O4 - HKLM…\Run: [sunJavaUpdateSched] “C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe” O4 - HKLM…\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE O4 - HKLM…\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe O4 - HKLM…\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe O4 - HKLM…\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\gnotify.exe O4 - HKLM…\Run: [Lexmark X1100 Series] “C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe” O4 - HKLM…\Run: [iSUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup O4 - HKLM…\Run: [iSUSScheduler] “C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe” -start O4 - HKLM…\Run: [nod32kui] “C:\Program Files\Eset\nod32kui.exe” /WAITSERVICE O4 - HKLM…\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe O4 - HKLM…\Run: [Windows Defender] “C:\Program Files\Windows Defender\MSASCui.exe” -hide O4 - HKCU…\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU…\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe O4 - HKCU…\Run: [MSMSGS] “C:\Program Files\Messenger\msmsgs.exe” /background O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll O9 - Extra ‘Tools’ menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra ‘Tools’ menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra ‘Tools’ menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O11 - Options group: [iNTERNATIONAL] International* O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {68282C51-9459-467B-95BF-3C0E89627E55} (MksSkanerOnline Class) - http://www.mks.com.pl/skaner/SkanerOnline.cab O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup … 1739544234 O17 - HKLM\System\CCS\Services\Tcpip…{BF2C0465-439D-4729-B72D-4F56E1A9B66A}: NameServer = 194.204.159.1 217.98.63.164 O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: Firebird Guardian - DefaultInstance (FirebirdGuardianDefaultInstance) - The Firebird Project - C:\Program Files\Firebird\Firebird_1_5\bin\fbguard.exe O23 - Service: Firebird Server - DefaultInstance (FirebirdServerDefaultInstance) - The Firebird Project - C:\Program Files\Firebird\Firebird_1_5\bin\fbserver.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe

Złączono Posta : 4 Marzec 2007, 16:03:08

Logfile of HijackThis v1.99.1 Scan saved at 15:57:57, on 04-03-2007 Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16414) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Windows Defender\MsMpEng.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\LEXBCES.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\LEXPPS.EXE C:\Program Files\Firebird\Firebird_1_5\bin\fbguard.exe C:\Program Files\Eset\nod32krn.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Firebird\Firebird_1_5\bin\fbserver.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\PROGRA~1\Wanadoo\TaskbarIcon.exe C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe C:\WINDOWS\system32\LVCOMSX.EXE C:\Program Files\Logitech\Video\LogiTray.exe C:\Program Files\Google\Gmail Notifier\gnotify.exe C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe C:\Program Files\Lexmark X1100 Series\lxbkbmon.exe C:\Program Files\Eset\nod32kui.exe C:\Program Files\Winamp\winampa.exe C:\Program Files\Windows Defender\MSASCui.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe C:\Program Files\Logitech\Video\FxSvr2.exe C:\PROGRA~1\Wanadoo\EspaceWanadoo.exe C:\PROGRA~1\Wanadoo\ComComp.exe C:\PROGRA~1\Wanadoo\Watch.exe C:\Program Files\Winamp\winamp.exe C:\Program Files\WinRAR\WinRAR.exe C:\DOCUME~1\Maja\USTAWI~1\Temp\Rar$EX35.890\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://szukaj.wp.pl R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.neostrada.pl R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0 CE\Reader\ActiveX\AcroIEHelper.ocx O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll O4 - HKLM…\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM…\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe O4 - HKLM…\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\TaskbarIcon.exe O4 - HKLM…\Run: [RemoteControl] “C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe” O4 - HKLM…\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM…\Run: [zzzHPSETUP] D:\Setup.exe \RESET O4 - HKLM…\Run: [sunJavaUpdateSched] “C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe” O4 - HKLM…\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE O4 - HKLM…\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe O4 - HKLM…\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe O4 - HKLM…\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\gnotify.exe O4 - HKLM…\Run: [Lexmark X1100 Series] “C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe” O4 - HKLM…\Run: [iSUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup O4 - HKLM…\Run: [iSUSScheduler] “C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe” -start O4 - HKLM…\Run: [nod32kui] “C:\Program Files\Eset\nod32kui.exe” /WAITSERVICE O4 - HKLM…\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe O4 - HKLM…\Run: [Windows Defender] “C:\Program Files\Windows Defender\MSASCui.exe” -hide O4 - HKCU…\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU…\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe O4 - HKCU…\Run: [MSMSGS] “C:\Program Files\Messenger\msmsgs.exe” /background O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll O9 - Extra ‘Tools’ menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra ‘Tools’ menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra ‘Tools’ menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O11 - Options group: [iNTERNATIONAL] International* O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {68282C51-9459-467B-95BF-3C0E89627E55} (MksSkanerOnline Class) - http://www.mks.com.pl/skaner/SkanerOnline.cab O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup … 1739544234 O17 - HKLM\System\CCS\Services\Tcpip…{BF2C0465-439D-4729-B72D-4F56E1A9B66A}: NameServer = 194.204.159.1 217.98.63.164 O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: Firebird Guardian - DefaultInstance (FirebirdGuardianDefaultInstance) - The Firebird Project - C:\Program Files\Firebird\Firebird_1_5\bin\fbguard.exe O23 - Service: Firebird Server - DefaultInstance (FirebirdServerDefaultInstance) - The Firebird Project - C:\Program Files\Firebird\Firebird_1_5\bin\fbserver.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe

Gutek · 4 Marzec 2007 23:01

Log już jest czysty

Majka · 8 Marzec 2007 20:09

nie do konca:(

Złączono Posta : 10 Marzec 2007, 9:21:27

ale dalej mam problem z tym lsass.exe nie ładuje sie. mks vir wykrył cos takiego inne antywirusy nic.

nie chce go susunac, mam jeszcze plik msimg32.dll w C:\WINDOWS\system32. nie wiem czy to ten problem …

Złączono Posta : 16 Marzec 2007, 20:05:15

juz nie mam msing32.dll w Internet explorer ale nadal problemy z lsass.exe - czy mozliwe że jest to problem nie z wirusami a np. z chlodzeniem procesora?

Złączono Posta : 16 Marzec 2007, 20:11:25

dzis znowu sie to pojawiło po twardym resecie - komp mi sie zawiesil nie szedl miekki reset wiec wyłaczyłam komp twardym i wtedy pojawil sie bląd lsass.exe - ze nie ma pliku po 0,5 h właczyłam komp. i po jednym restarcie zaladowal sie. a i jeszcze problem nie dziala mi komp w trybie awaryjnym.

Złączono Posta : 16 Marzec 2007, 20:17:34

Logfile of HijackThis v1.99.1 Scan saved at 20:16:34, on 16-03-2007 Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16414) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Windows Defender\MsMpEng.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\LEXBCES.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\LEXPPS.EXE C:\Program Files\Firebird\Firebird_1_5\bin\fbguard.exe C:\Program Files\Eset\nod32krn.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\Program Files\Firebird\Firebird_1_5\bin\fbserver.exe C:\WINDOWS\Explorer.EXE C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\PROGRA~1\Wanadoo\TaskbarIcon.exe C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe C:\WINDOWS\system32\LVCOMSX.EXE C:\Program Files\Logitech\Video\LogiTray.exe C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe C:\Program Files\Winamp\winampa.exe C:\Program Files\Windows Defender\MSASCui.exe C:\Program Files\Lexmark X1100 Series\lxbkbmon.exe C:\Program Files\Eset\nod32kui.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe C:\Program Files\Logitech\Video\FxSvr2.exe C:\PROGRA~1\Wanadoo\EspaceWanadoo.exe C:\PROGRA~1\Wanadoo\ComComp.exe C:\PROGRA~1\Wanadoo\Watch.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files\WinRAR\WinRAR.exe C:\DOCUME~1\Maja\USTAWI~1\Temp\Rar$EX00.469\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://szukaj.wp.pl R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.neostrada.pl R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0 CE\Reader\ActiveX\AcroIEHelper.ocx O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll O4 - HKLM…\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM…\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe O4 - HKLM…\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\TaskbarIcon.exe O4 - HKLM…\Run: [RemoteControl] “C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe” O4 - HKLM…\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM…\Run: [zzzHPSETUP] D:\Setup.exe \RESET O4 - HKLM…\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE O4 - HKLM…\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe O4 - HKLM…\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe O4 - HKLM…\Run: [Lexmark X1100 Series] “C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe” O4 - HKLM…\Run: [iSUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup O4 - HKLM…\Run: [iSUSScheduler] “C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe” -start O4 - HKLM…\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe O4 - HKLM…\Run: [Windows Defender] “C:\Program Files\Windows Defender\MSASCui.exe” -hide O4 - HKLM…\Run: [nod32kui] “C:\Program Files\Eset\nod32kui.exe” /WAITSERVICE O4 - HKCU…\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU…\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll O9 - Extra ‘Tools’ menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra ‘Tools’ menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra ‘Tools’ menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O11 - Options group: [iNTERNATIONAL] International* O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {68282C51-9459-467B-95BF-3C0E89627E55} (MksSkanerOnline Class) - http://www.mks.com.pl/skaner/SkanerOnline.cab O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup … 1739544234 O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan … asinst.cab O17 - HKLM\System\CCS\Services\Tcpip…{BF2C0465-439D-4729-B72D-4F56E1A9B66A}: NameServer = 194.204.159.1 217.98.63.164 O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: Firebird Guardian - DefaultInstance (FirebirdGuardianDefaultInstance) - The Firebird Project - C:\Program Files\Firebird\Firebird_1_5\bin\fbguard.exe O23 - Service: Firebird Server - DefaultInstance (FirebirdServerDefaultInstance) - The Firebird Project - C:\Program Files\Firebird\Firebird_1_5\bin\fbserver.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe

moze cos znowu sie przyplatalo

adam9870 · 16 Marzec 2007 20:04

Log czysty.

Sprawdź czy masz na dysku ten plik:

A jeśli tak to pobierz Pocket Killbox, zaznacz Delete on reboot , w polu full path of file wklej ścieżkę:

C:\Program Files\Internet Explorer\msimg32.dll

Kliknij czerwonego iksa i potwierdź reset.

Po wykonaniu dla wykluczenia syfu możesz wkleić log z ComboFix.

Majka · 16 Marzec 2007 20:09

nie mam tego pliku

Czy mozliwe że to jest wina złej konfiguracji systemu badź wad sprzetowych - jak tak to jakich ? Jak to sprawdzic? Za co odpowiedzialny jest ten plik lsass.exe? Wiem że jest potrzebny do uruchomienia XP home ale nie wiem za jakie procesy odpowiada. Moze po nitce do klebka ? :?

adam9870 · 16 Marzec 2007 20:14

Na samym początku tej strony jest napisane na temat procesu lsass.exe

http://www.elektronikjk.republika.pl/r5.html

Jednak pragnę zwrócić uwagę na jedną rzecz, a mianowicie na to z jakiej litery i o jakiej wielkości nazwa tego pliku się zaczyna. Szkodniki typu Sasser mają nazwę Isass.exe natomiast prawidłowy plik systemu ma nazwę lsass.exe. Jak widać, nazwa szkodliwego pliku jest napisana z dużej litery I , a nazwa pliku systemowego jest napisana z małej litery l. A to wszystko po to, aby mniej doświadczony użytkownik podczas ręcznego usuwania pliku szkodnika mógł go pomylić z plikiem systemowym.

… proszę pokaż log z ComboFix’a.

Majka · 16 Marzec 2007 20:24

wcisnaleam 1

“Maja” - 07-03-16 21:19:57 Dodatek Service Pack 2 ComboFix 07-03-15.2 - Running from: “C:\Documents and Settings\Maja\Pulpit” ((((((((((((((((((((((((((((((( Files Created from 2007-02-16 to 2007-03-16 )))))))))))))))))))))))))))))))))) 2007-03-16 20:41 2007-03-16 20:30 2007-03-16 20:30 2007-03-11 13:07 2007-03-10 09:05 2007-03-09 20:38 502,368 --a------ C:\WINDOWS\system32\drivers\amon.sys 2007-03-09 20:38 274,432 --a------ C:\WINDOWS\system32\imon.dll 2007-03-06 00:55 147 --a------ C:\Delapp.bat 2007-03-06 00:48 2007-03-06 00:47 2007-03-06 00:45 328,704 --a------ C:\WINDOWS\IsUn0407.exe 2007-03-06 00:44 2007-03-06 00:28 67,072 --a------ C:\WINDOWS\system32\Gksui16.exe 2007-03-06 00:26 2007-03-04 20:31 2007-03-04 00:20 2007-03-01 20:34 2007-03-01 20:24 2007-03-01 20:23 2007-02-28 01:14 2007-02-28 01:14 2007-02-25 14:43 2007-02-25 14:43 2007-02-25 13:14 2007-02-24 01:18 2007-02-24 01:18 2007-02-24 01:18 2007-02-24 01:18 2007-02-24 00:33 2007-02-23 18:37 2007-02-23 18:37 2007-02-23 17:40 9,600 --a------ C:\WINDOWS\system32\drivers\hidusb.sys 2007-02-23 17:40 12,160 --a------ C:\WINDOWS\system32\drivers\mouhid.sys 2007-02-18 15:38 128,232 --a------ C:\WINDOWS\system32\mucltui.dll 2007-02-17 20:34 2007-02-17 18:29 2007-02-16 09:25 (((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))) 2007-03-16 20:59 -------- d-------- C:\Program Files\wanadoo 2007-03-15 09:56 -------- d-------- C:\Program Files\lexmark x1100 series 2007-03-15 08:15 -------- d-------- C:\DOCUME~1\Maja\DANEAP~1\utorrent 2007-03-10 23:32 -------- d-------- C:\DOCUME~1\Maja\DANEAP~1\skype 2007-03-10 21:40 664 --a------ C:\WINDOWS\system32\d3d9caps.dat 2007-03-09 17:07 -------- d-------- C:\Program Files\emule 2007-03-06 00:06 -------- d-------- C:\Program Files\gadu-gadu 2007-03-04 20:40 -------- d-------- C:\DOCUME~1\Maja\DANEAP~1\azureus 2007-03-03 00:45 -------- d-------- C:\Program Files\aida32 - enterprise system information 2007-02-25 13:04 -------- d-------- C:\Program Files\pit_11 2007-02-23 23:56 -------- d-------- C:\Program Files\azureus 2007-02-21 01:07 -------- d-------- C:\Program Files\soulseek 2007-02-21 01:03 -------- d-------- C:\Program Files\winamp 2007-02-19 15:30 -------- d–h----- C:\Program Files\installshield installation information 2007-02-16 20:51 -------- d-------- C:\Program Files\mpeg audio collection 2007-02-12 21:50 -------- d-------- C:\Program Files\divx 2007-02-12 21:23 -------- d-------- C:\Program Files\skype 2007-02-12 21:23 -------- d-------- C:\Program Files\Common Files\skype 2007-02-11 17:33 -------- d-------- C:\Program Files\java 2007-02-11 13:36 -------- d-------- C:\DOCUME~1\Maja\DANEAP~1\tlen.pl 2007-02-10 13:08 -------- d-------- C:\Program Files\picasa2 2007-02-09 00:52 -------- d-------- C:\Program Files\snapstream media 2007-02-02 19:21 -------- d-------- C:\Program Files\google 2007-01-27 23:40 -------- d-------- C:\Program Files\xvid 2007-01-27 23:37 -------- d-------- C:\Program Files\ffdshow 2007-01-27 22:32 -------- d-------- C:\Program Files\combined community codec pack 2007-01-22 12:00 719088 --a------ C:\WINDOWS\system32\skaneronline.dll 2007-01-21 19:56 -------- d-------- C:\DOCUME~1\Maja\DANEAP~1\intertrust 2007-01-20 02:20 -------- d-------- C:\DOCUME~1\Maja\DANEAP~1\ringjacker 2007-01-19 09:40 89088 --a------ C:\WINDOWS\system32\skaneronlineuninstall.exe 2007-01-19 03:07 -------- d-------- C:\Program Files\utorrent 2007-01-10 02:11 552 --a------ C:\WINDOWS\system32\d3d8caps.dat 2007-01-08 19:01 17408 --a------ C:\WINDOWS\system32\corpol.dll 2007-01-07 02:39 67078 --a------ C:\WINDOWS\system32\perfc015.dat 2007-01-07 02:39 435978 --a------ C:\WINDOWS\system32\perfh015.dat 2007-01-06 11:04 86489 --a------ C:\WINDOWS\hpiins01.dat 2007-01-06 00:40 119568 --------- C:\WINDOWS\system32\vb6fr.dll 2007-01-06 00:37 57344 --a------ C:\WINDOWS\uneng.exe 2007-01-05 22:41 62 --ahs---- C:\DOCUME~1\Maja\DANEAP~1\desktop.ini 2007-01-05 22:26 24064 --a------ C:\WINDOWS\autoload.exe 2007-01-05 21:53 0 -rahs---- C:\MSDOS.SYS 2007-01-05 21:53 0 -rahs---- C:\IO.SYS 2007-01-05 21:53 0 --a------ C:\CONFIG.SYS 2007-01-05 21:53 0 --a------ C:\AUTOEXEC.BAT 2007-01-05 21:50 21856 --a------ C:\WINDOWS\system32\emptyregdb.dat 2007-01-03 23:10 5120 --a------ C:\WINDOWS\system32\ff_vfw.dll (((((((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))) *Note* empty entries & legit default entries are not shown [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run] “CTFMON.EXE”=“C:\WINDOWS\system32\ctfmon.exe” “swg”=“C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe” [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run] “ATIPTA”=“C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe” “WOOWATCH”=“C:\PROGRA~1\Wanadoo\Watch.exe” “WOOTASKBARICON”=“C:\PROGRA~1\Wanadoo\TaskbarIcon.exe” “RemoteControl”="“C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe”" “NeroFilterCheck”=“C:\WINDOWS\system32\NeroCheck.exe” “zzzHPSETUP”=“D:\Setup.exe \RESET” “LVCOMSX”=“C:\WINDOWS\system32\LVCOMSX.EXE” “LogitechVideoRepair”=“C:\Program Files\Logitech\Video\ISStart.exe " “LogitechVideoTray”=“C:\Program Files\Logitech\Video\LogiTray.exe” “Lexmark X1100 Series”=”“C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe”" “ISUSScheduler”="“C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe” -start" “WinampAgent”=“C:\Program Files\Winamp\winampa.exe” “Windows Defender”="“C:\Program Files\Windows Defender\MSASCui.exe” -hide" “nod32kui”="“C:\Program Files\Eset\nod32kui.exe” /WAITSERVICE" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL] “Installed”=“1” [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI] “NoChange”=“1” “Installed”=“1” [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS] “Installed”=“1” [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^HP Digital Imaging Monitor.lnk] “path”=“C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\HP Digital Imaging Monitor.lnk” “backup”=“C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup” “location”=“Common Startup” “command”=“C:\PROGRA~1\HP\DIGITA~1\bin\hpqtra08.exe " “item”=“HP Digital Imaging Monitor” [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^HP Image Zone - szybkie uruchamianie.lnk] “path”=“C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\HP Image Zone - szybkie uruchamianie.lnk” “backup”=“C:\WINDOWS\pss\HP Image Zone - szybkie uruchamianie.lnkCommon Startup” “location”=“Common Startup” “command”=“C:\PROGRA~1\HP\DIGITA~1\bin\hpqthb08.exe -s” “item”=“HP Image Zone - szybkie uruchamianie” [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Component Manager] “key”=“SOFTWARE\Microsoft\Windows\CurrentVersion\Run” “item”=“hpcmpmgr” “hkey”=“HKLM” “command”=”“C:\Program Files\HP\hpcoretech\hpcmpmgr.exe”" “inimapping”=“0” [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update] “key”=“SOFTWARE\Microsoft\Windows\CurrentVersion\Run” “item”=“HPWuSchd2” “hkey”=“HKLM” “command”=“C:\Program Files\HP\HP Software Update\HPWuSchd2.exe” “inimapping”=“0” [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS] “key”=“SOFTWARE\Microsoft\Windows\CurrentVersion\Run” “item”=“msmsgs” “hkey”=“HKCU” “command”="“C:\Program Files\Messenger\msmsgs.exe” /background" “inimapping”=“0” [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\My Web Search Bar Search Scope Monitor] “key”=“SOFTWARE\Microsoft\Windows\CurrentVersion\Run” “item”=“m3SrchMn” “hkey”=“HKLM” “command”="“C:\PROGRA~1\MYWEBS~1\bar\1.bin\m3SrchMn.exe” /m=0" “inimapping”=“0” [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MyWebSearch Email Plugin] “key”=“SOFTWARE\Microsoft\Windows\CurrentVersion\Run” “item”=“mwsoemon” “hkey”=“HKLM” “command”=“C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe” “inimapping”=“0” [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Picasa Media Detector] “key”=“SOFTWARE\Microsoft\Windows\CurrentVersion\Run” “item”=“PicasaMediaDetector” “hkey”=“HKLM” “command”=“C:\Program Files\Picasa2\PicasaMediaDetector.exe” “inimapping”=“0” [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] “key”=“SOFTWARE\Microsoft\Windows\CurrentVersion\Run” “item”=“jusched” “hkey”=“HKLM” “command”="“C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe”" “inimapping”=“0” [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks] “{091EB208-39DD-417D-A5DD-7E2C2D8FB9CB}”=“Microsoft AntiMalware ShellExecuteHook” [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload] “WPDShServiceObj”="{AAA288BA-9A4C-45B0-95D7-94D524869DB5}" [HKEY_USERS.default\software\microsoft\windows\currentversion\run] “DWQueuedReporting”="“C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe” -t" [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders] “SecurityProviders”=“msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll” [HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost] HTTPFilter REG_MULTI_SZ HTTPFilter\0\0 LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0 NetworkService REG_MULTI_SZ DnsCache\0\0 DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0 rpcss REG_MULTI_SZ RpcSs\0\0 imgsvc REG_MULTI_SZ StiSvc\0\0 termsvcs REG_MULTI_SZ TermService\0\0 WudfServiceGroup REG_MULTI_SZ WUDFSvc\0\0 Contents of the ‘Scheduled Tasks’ folder C:\WINDOWS\tasks\MP Scheduled Scan.job ******************************************************************** catchme 0.2 W2K/XP/Vista - userland rootkit detector by Gmer, 17 October 2006 http://www.gmer.net scanning hidden processes … scanning hidden services … scanning hidden autostart entries … scanning hidden files … scan completed successfully hidden processes: 0 hidden services: 0 hidden files: 0 ******************************************************************** Completion time: 07-03-16 21:23:07

juz

Złączono Posta : 16 Marzec 2007, 21:30:44

:o kurcze cala historia … to tak jakby mi ktoś w kieszenie zaglądał :oops: ale spoko :x

Złączono Posta : 16 Marzec 2007, 21:43:11

Open Processes Name PID Memory Usage 3DMark03.exe 2696 13 MB alg.exe 1120 4 MB ati2evxx.exe 844 2 MB ati2evxx.exe 468 2 MB atiptaxx.exe 1784 4 MB Azureus.exe 572 116 MB ComComp.exe 2860 9 MB csrss.exe 612 7 MB ctfmon.exe 2160 3 MB dslmon.exe 2308 4 MB EspaceWanadoo.exe 2836 6 MB explorer.exe 356 39 MB fbguard.exe 1612 3 MB fbserver.exe 500 5 MB FxSvr2.exe 2548 4 MB GoogleToolbarNotifier.exe 2188 2 MB iexplore.exe 3320 12 MB issch.exe 2064 1 MB LEXBCES.EXE 1384 3 MB LEXPPS.EXE 1420 4 MB LogiTray.exe 2004 10 MB lsass.exe 700 2 MB LVCOMSX.EXE 1980 5 MB lxbkbmgr.exe 2056 2 MB lxbkbmon.exe 2128 2 MB MSASCui.exe 2092 14 MB MsMpEng.exe 968 20 MB nod32krn.exe 1676 23 MB nod32kui.exe 2136 5 MB PDVDServ.exe 1920 3 MB ping.exe 1960 3 MB services.exe 688 5 MB smss.exe 540 900 KB spoolsv.exe 1412 6 MB svchost.exe 856 5 MB svchost.exe 924 5 MB svchost.exe 1012 35 MB svchost.exe 1072 4 MB svchost.exe 1192 5 MB svchost.exe 1984 7 MB System 4 212 KB System Idle Process 0 16 KB TaskBarIcon.exe 1644 4 MB Watch.exe 3060 1 MB winampa.exe 2072 2 MB winlogon.exe 636 28 MB wmiprvse.exe 4040 6 MB

moze to tez sie przyda

adam9870 · 16 Marzec 2007 20:51

Otwórz Notatnik i wklej w nim to:

Plik >>> Zapisz jako >>> Zmień rozszerzenie z TXT na Wszystkie pliki >>> Zapisz pod nazwą FIX.REG >>> kliknij dwa razy na utworzony plik FIX.REG i potwierdź dodanie do rejestru >>> restart.

Dwa pliki bardzo różnej reputacji. Z tego co zauważyłem, na zagranicznych forach raz są usuwane, a raz nie. Dla pewności przeskanuj je na stronie http://virusscan.jotti.org/ lub http://www.virustotal.com/ a jeśli okażą się szkodliwe - usuń je ręcznie będąc w trybie awaryjnym lub przy pomocy Killboxa.

Prze niektóre skanery AV wykrywany jako Adware.SearchPage. Możesz go usunąć.

Majka · 16 Marzec 2007 20:54

jakie to trudne nie mam trybu awaryjnego :-x

Złączono Posta : 16 Marzec 2007, 21:59:28

ROBIE RESTART …niech moc bedzie ze mna … boje sie wylaczyc kompa

Złączono Posta : 16 Marzec 2007, 22:17:04

wrocilam

http://virusscan.jotti.org/ nie wykryl że to wirusy

Złączono Posta : 16 Marzec 2007, 22:20:29

moze juz jest wszytsko dobrze po zmianie rejestru???

adam9870 · 16 Marzec 2007 21:31

Skoro pliki, które wskazałem do przeskanowania okazały się czyste i wykonałaś FIX.REG to wszystko powinno być już w porządku

Majka · 16 Marzec 2007 23:06

Niestety po kolejnym restarcie nie miałam pliku lsass.exe -komp. restartował z 15 razy potem sie wyłaczył sam ze trzy razy. poszlam z psem na spacer właczyłam i tylko maly restarcik i wszedl. Czy mozliwe ze to cos z chlodzeniem?

Złączono Posta : 18 Marzec 2007, 15:08:35

dzis znowu nie mogłam uruchomic kompa Ja juz nie wiem co moze byc przyczyna