Problem z lsass.exe - spowolnienie komputera

system · 19 Listopad 2007 10:41

Witam. Mam podobny problem, gdy uruchamiam komputer to po zaladowaniu Windows XP (ale przed pojawieniem sie ekranu logowania) wyswietla sie (czasami, czasami nie dzieje sie poprostu nic, ciemny ekran) komunikat ze jest problem z lsass.exe.

Troche dowiadywalem sie na ten temat i okazuje sie ze lsass.exe to aplikacja odpowiedzialna za zabezpieczenia w Windows XP a isass.exe lub lsess.exe to wirus. Czy jest mozliwe ze sie myle i posiadam wirusa ?

Prosze o pomoc. Nizej zamieszczam loga, moze w nim ktos z was znajdzie cos nie tak.

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 09:55:56, on 2007-11-19

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16544)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Windows Defender\MsMpEng.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\System32\FTRTSVC.exe

C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe

c:\program files\fichiers communs\mcafee\mna\mcnasvc.exe

c:\PROGRA~1\mcafee.com\agent\mcagent.exe

c:\PROGRA~1\FICHIE~1\mcafee\mcproxy\mcproxy.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\Program Files\McAfee\MPF\MPFSrv.exe

C:\Program Files\SiteAdvisor\6172\SAService.exe

C:\WINDOWS\System32\snmp.exe

D:\Utilisateur1\Zaistalowane\Alcohol 120+crack 1.9.5.3105\Alcohol 120%\Alcohol 120\StarWind\StarWindService.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\SearchIndexer.exe

C:\WINDOWS\system32\fxssvc.exe

C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

C:\Program Files\SigmaTel\Pilotes Audio SigmaTel AC97\stacmon.exe

C:\Program Files\SiteAdvisor\6172\SiteAdv.exe

C:\Program Files\Windows Defender\MSASCui.exe

C:\WINDOWS\system32\ctfmon.exe

C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe

C:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe

C:\WINDOWS\BricoPacks\Vista Inspirat 2\YzShadow\YzShadow.exe

C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe

C:\Program Files\OrangeBs\TaskBarIcon.exe

C:\Program Files\OrangeBs\BusinessEverywhere.exe

C:\Program Files\OrangeBs\ComComp.exe

C:\Program Files\OrangeBs\Watch.exe

C:\WINDOWS\system32\FTCOMM~1\FTCOMM~1.EXE

C:\PROGRA~1\INCRED~1\bin\IMApp.exe

D:\Tworzy logi\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://mystart.incredimail.com/french

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens

O2 - BHO: Aide pour le lien d’Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6172\SiteAdv.dll

O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll

O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll

O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6172\SiteAdv.dll

O3 - Toolbar: QT TabBar - {d2bf470e-ed1c-487f-a333-2bd8835eb6ce} - mscoree.dll (file missing)

O3 - Toolbar: QT Tab Standard Buttons - {D2BF470E-ED1C-487F-A666-2BD8835EB6CE} - mscoree.dll (file missing)

O4 - HKLM…\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

O4 - HKLM…\Run: [sigmaTel StacMon] C:\Program Files\SigmaTel\Pilotes Audio SigmaTel AC97\stacmon.exe

O4 - HKLM…\Run: [siteAdvisor] C:\Program Files\SiteAdvisor\6172\SiteAdv.exe

O4 - HKLM…\Run: [Windows Defender] “C:\Program Files\Windows Defender\MSASCui.exe” -hide

O4 - HKLM…\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey

O4 - HKCU…\Run: [Odkurzacz-MCD] C:\Program Files\Odkurzacz\odk_mcd.exe

O4 - HKCU…\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU…\Run: [sTYLEXP] C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide

O4 - HKCU…\Run: [RocketDock] “C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe”

O4 - HKUS\S-1-5-19…\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User ‘SERVICE LOCAL’)

O4 - HKUS\S-1-5-20…\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User ‘SERVICE RÉSEAU’)

O4 - HKUS\S-1-5-18…\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User ‘SYSTEM’)

O4 - HKUS.DEFAULT…\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User ‘Default user’)

O4 - Startup: RocketDock.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe

O4 - Startup: TransBar.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\TransBar\TransBar.exe

O4 - Startup: UberIcon.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe

O4 - Startup: Y’z Shadow.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\YzShadow\YzShadow.exe

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\Program Files\IncrediMail\bin\resources\WebMenuImg.htm

O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm

O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm

O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll

O9 - Extra ‘Tools’ menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll

O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\UTILIS~1\ZAISTA~1\MICROS~3\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra ‘Tools’ menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra ‘Tools’ menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll

O16 - DPF: {36C417C6-13C6-448B-9784-DD73A93B0582} (McAfee.com Download+Installer Class) - http://download.mcafee.com/molbin/share … insctl.cab

O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/share … insctl.cab

O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/share … cgdmgr.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s … wflash.cab

O17 - HKLM\System\CCS\Services\Tcpip…{C8ACD9EE-AA4B-438A-9F7D-BB340A5EE8AF}: NameServer = 194.51.3.56 10.11.12.14

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL

O23 - Service: McAfee Application Installer Cleanup (0282961195462256) (0282961195462256mcinstcleanup) - McAfee, Inc. - C:\WINDOWS\TEMP\028296~1.EXE

O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe

O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe

O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\fichiers communs\mcafee\mna\mcnasvc.exe

O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe

O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\FICHIE~1\mcafee\mcproxy\mcproxy.exe

O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe

O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe

O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe

O23 - Service: MySql - Unknown owner - D:\Serwer WWW\usr/MYSQL/bin/mysqld.exe (file missing)

O23 - Service: Service SiteAdvisor (SiteAdvisor Service) - Unknown owner - C:\Program Files\SiteAdvisor\6172\SAService.exe

O23 - Service: StarWind iSCSI Service (StarWindService) - Unknown owner - C:\WINDOWS\

O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe

–

End of file - 9172 bytes

Złączono Posta : 19.11.2007 (Pon) 12:33

To jeszcze ja. Tutaj przedstawiam loga wykreowanego programem Deckard’s System Scanner. Mysle ze jest lepszy (napewno bardziej czytelny)

Deckard’s System Scanner v20071014.68

Run by Plaza Dariusz on 2007-11-19 12:15:28

Computer is in Normal Mode.

– HijackThis (run as Plaza Dariusz.exe) ---------------------------------------

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 12:15:30, on 2007-11-19

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16544)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Windows Defender\MsMpEng.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\System32\FTRTSVC.exe

C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe

c:\program files\fichiers communs\mcafee\mna\mcnasvc.exe

c:\PROGRA~1\mcafee.com\agent\mcagent.exe

c:\PROGRA~1\FICHIE~1\mcafee\mcproxy\mcproxy.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\Program Files\McAfee\MPF\MPFSrv.exe

C:\Program Files\SiteAdvisor\6172\SAService.exe

C:\WINDOWS\System32\snmp.exe

D:\Utilisateur1\Zaistalowane\Alcohol 120+crack 1.9.5.3105\Alcohol 120%\Alcohol 120\StarWind\StarWindService.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\SearchIndexer.exe

C:\WINDOWS\system32\fxssvc.exe

C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

C:\Program Files\SigmaTel\Pilotes Audio SigmaTel AC97\stacmon.exe

C:\Program Files\SiteAdvisor\6172\SiteAdv.exe

C:\Program Files\Windows Defender\MSASCui.exe

C:\WINDOWS\system32\ctfmon.exe

C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe

C:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe

C:\WINDOWS\BricoPacks\Vista Inspirat 2\YzShadow\YzShadow.exe

C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe

C:\Program Files\OrangeBs\TaskBarIcon.exe

C:\Program Files\OrangeBs\BusinessEverywhere.exe

C:\Program Files\OrangeBs\ComComp.exe

C:\Program Files\OrangeBs\Watch.exe

C:\WINDOWS\system32\FTCOMM~1\FTCOMM~1.EXE

C:\PROGRA~1\INCRED~1\bin\IMApp.exe

C:\WINDOWS\Explorer.exe

D:\dss.exe

D:\TWORZY~1\PLAZAD~1.EXE