Navigacija
Lista poslednjih: 16, 32, 64, 128 poruka.

Problem sa C:\Win\lsass.exe

[es] :: Zaštita :: Problem sa C:\Win\lsass.exe

[ Pregleda: 5373 | Odgovora: 19 ] > FB > Twit

Postavi temu Odgovori

Autor

Pretraga teme: Traži
Markiranje Štampanje RSS

igor_cg

Član broj: 140731
Poruke: 63
213.133.5.*



Profil

icon Problem sa C:\Win\lsass.exe29.07.2009. u 23:15 - pre 144 meseci
Molim vas moze li mi neko pomoći?!
Pojavio mi se isass.exe,googlao sam i procitao da je nije "zdrav" :) za moj komp.
Unaprijed hvala!!

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 00:08:19, on 7/30/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\Explorer.EXE
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\Common Files\ACD Systems\EN\DevDetect.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\PC\Desktop\123\123.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar.dll
O4 - HKLM\..\Run: [Device Detector] DevDetect.exe -autorun
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [run32] C:\Win\lsass.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\googletoolbar.dll/cmsearch.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software - C:\WINDOWS\System32\TuneUpDefragService.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

--
End of file - 6447 bytes
 
Odgovor na temu

magna86
Anti Malware Fighter

Član broj: 189287
Poruke: 557

Sajt: www.mycity.rs/Ambulanta


+16 Profil

icon Re: Problem sa C:\Win\lsass.exe30.07.2009. u 07:55 - pre 144 meseci
Preuzmi ovaj program: OTM
http://oldtimer.geekstogo.com/OTM.exe

Pokreni program i u levi prozor ispod " Paste Instructions for Items to be Moved "
iskopiraj sve dole sto sam ti oznacio:


Code:
:reg
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"run32"=-

:files
C:\Win\lsass.exe


Idi na MoveIt!

restartuj komp....

Onda Skini DDS sa ovog linka:
http://download.bleepingcomputer.com/sUBs/dds.scr

Pokreni ga i sacekaj par minuta da program zavrsi skeniranje. Kad zavrsi napravice dva loga.
Prvi se zove Attach.txt i on nam netreba vec onaj drugi ( veci ) koji se zove DDS.txt

Tj log DDS.txt odmah kopiraj u drugi notepad ( File > Save As ) i taj notepad prikaci uz poruku
[/quote]






 
Odgovor na temu

hajduk7

Član broj: 132919
Poruke: 435
*.dynamic.sbb.rs.



+3 Profil

icon Re: Problem sa C:\Win\lsass.exe30.07.2009. u 12:33 - pre 144 meseci
Interesantna stvar ali skoro sam ubio kod drugara taj virus, crv ili sta vec bese. Uradio ovako skini AV ESET SMART SECURITY 3.0.672. prvo obrisi taj fajl na lokaciji c\win\ i tu obrisi sve sto ima pa onda otvori Registry i obrisi svude gde nadjes c:\win pa onda idi start pa Run i tu kucaj "msconfig"(naravno ako imas XP) i tu ides na stavku startup i tu obrises tamo gde pise c:\win\isass.exe posle samo restart i instaliras AV nek ti skenira lepo komp kad nadje sve obrises viruse pa restart i onda ce da ga izbrise iz kompa
Ako te snadje muka pozovi hajduka
Pazi se hajduka ako ga snjadje muka
 
Odgovor na temu

igor_cg

Član broj: 140731
Poruke: 63
213.133.5.*



Profil

icon Re: Problem sa C:Winlsass.exe30.07.2009. u 15:38 - pre 144 meseci
Hvala na javljanju!Cekam dalje upute, pozz


DDS (Ver_09-07-30.01) - NTFSx86
Run by PC at 16:34:09.85 on Thu 07/30/2009
Internet Explorer: 6.0.2900.2180 BrowserJavaVersion: 1.6.0_06
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2046.1376 [GMT 2:00]

AV: ESET Smart Security 3.0 *On-access scanning enabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: ESET Personal firewall *enabled* {E5E70D32-0101-4340-86A3-A7B0F1C8FFE0}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\Explorer.EXE
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\Common Files\ACD Systems\EN\DevDetect.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\PC\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.yahoo.com/
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\micros~2\office12\GRA8E1~1.DLL
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_06\bin\ssv.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\googletoolbar.dll
TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
uRun: [CTFMON.EXE] c:\windows\system32\ctfmon.exe
mRun: [Device Detector] DevDetect.exe -autorun
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [egui] "c:\program files\eset\eset smart security\egui.exe" /hide /waitservice
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [run32] c:\win\lsass.exe
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
dRunOnce: [RunNarrator] Narrator.exe
IE: &Google Search - c:\program files\google\googletoolbar.dll/cmsearch.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_06\bin\ssv.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\Yinsthelper.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\progra~1\micros~2\office12\GR99D3~1.DLL
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
SEH: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - No File
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\micros~2\office12\GRA8E1~1.DLL
SecurityProviders: msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,
LSA: Authentication Packages = msv1_0 c:\windows\system32\yayaYpMF

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\pc\applic~1\mozilla\firefox\profiles\1nptc0nz.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.startup.homepage - hxxp://www.vijesti.cg.yu/
FF - component: c:\program files\nokia\nokia pc suite 7\bkmrksync\components\BkMrkExt.dll
FF - component: c:\program files\real\realplayer\browserrecord\firefox\ext\components\nprpffbrowserrecordext.dll
FF - plugin: c:\documents and settings\all users\application data\zylom\zylomgamesplayer\npzylomgamesplayer.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npyaxmpb.dll

---- FIREFOX POLICIES ----

============= SERVICES / DRIVERS ===============

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-5-13 64160]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2008-2-1 8944]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2008-2-1 51440]
R2 {B154377D-700F-42cc-9474-23858FBDF4BD};Power Control [2009/05/13 08:40:42];c:\program files\cyberlink\powerdvd9\000.fcl [2009-2-28 87536]
R2 aawservice;Ad-Aware 2007 Service;c:\program files\lavasoft\ad-aware 2007\aawservice.exe [2008-1-4 587096]
R2 ekrn;Eset Service;c:\program files\eset\eset smart security\ekrn.exe [2007-12-21 468224]
R3 camvid20;Philips ToUcam Camera; Video;c:\windows\system32\drivers\camdrv21.sys [2008-5-14 223232]
S3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2009-3-9 1029456]
S3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2006-2-16 4096]
S3 WFIOCTL;WFIOCTL;c:\program files\winfast\wfdtv\WFIOCTL.sys [2008-5-14 9446]

============== File Associations ===============

regfile=regedit.exe "%1" %*

=============== Created Last 30 ================

2009-07-30 16:31 <DIR> --d----- C:\_OTM
2009-07-21 00:52 352 a---h--- c:\windows\nod32fixtemdono.reg
2009-07-21 00:51 <DIR> --d----- c:\program files\ESET
2009-07-21 00:47 360,192 a------- c:\windows\system32\TuneUpDefragService.exe
2009-07-18 23:41 54,156 a---h--- c:\windows\QTFont.qfn
2009-07-18 23:41 1,409 a------- c:\windows\QTFont.for
2009-07-11 21:31 <DIR> --d----- C:\VundoFix Backups
2009-07-11 17:58 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Jes-Soft
2009-07-09 18:34 25 a------- c:\windows\cdplayer.ini
2009-07-09 18:34 <DIR> --d----- c:\program files\common files\xing shared

==================== Find3M ====================

2009-07-13 13:36 38,160 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-07-13 13:36 19,096 a------- c:\windows\system32\drivers\mbam.sys
2009-07-09 18:34 499,712 a------- c:\windows\system32\msvcp71.dll
2009-07-09 18:34 348,160 a------- c:\windows\system32\msvcr71.dll
2009-06-26 18:18 659,456 a------- c:\windows\system32\wininet.dll
2009-06-26 18:18 81,920 a------- c:\windows\system32\ieencode.dll
2009-06-16 16:55 119,808 a------- c:\windows\system32\t2embed.dll
2009-06-16 16:55 82,432 a------- c:\windows\system32\fontsub.dll
2009-06-03 21:27 1,290,752 a------- c:\windows\system32\quartz.dll
2009-06-01 16:18 15,688 a------- c:\windows\system32\lsdelete.exe
2009-05-13 08:38 29,480 a------- c:\windows\system32\msxml3a.dll
2009-05-12 22:42 87,608 a------- c:\docume~1\pc\applic~1\inst.exe
2009-05-12 22:42 47,360 a------- c:\docume~1\pc\applic~1\pcouffin.sys
2009-05-07 17:44 344,064 a------- c:\windows\system32\localspl.dll
2008-05-15 16:32 32 a------- c:\docume~1\alluse~1\applic~1\ezsid.dat

============= FINISH: 16:34:36.07 ===============
 
Odgovor na temu

magna86
Anti Malware Fighter

Član broj: 189287
Poruke: 557

Sajt: www.mycity.rs/Ambulanta


+16 Profil

icon Re: Problem sa C:Winlsass.exe30.07.2009. u 15:59 - pre 144 meseci
To je to. Kompjuter je cist. Sad mozes obrisati sve te dijagnosticke alate koje smo koristili.
 
Odgovor na temu

igor_cg

Član broj: 140731
Poruke: 63
213.133.5.*



Profil

icon Re: Problem sa C:Winlsass.exe30.07.2009. u 16:14 - pre 144 meseci
Jeli ovo ok, treba li da postoji ovo i kako da se ukloni?Pozz

 
Odgovor na temu

magna86
Anti Malware Fighter

Član broj: 189287
Poruke: 557

Sajt: www.mycity.rs/Ambulanta


+16 Profil

icon Re: Problem sa C:Winlsass.exe30.07.2009. u 16:26 - pre 144 meseci
izvini moja startiva...preskocio sam jedan mali deo loga...mali ali dovoljan...

Skini ovaj program:
Avenger
http://swandog46.geekstogo.com/avenger2/download.php

Znaci raspakuj Program u neki Folder na Desktop pa ga pokreni:

Iskopiraj ovaj tekst:

Code:
Registry values to delete:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run | run32

Files to delete:
C:\Win\lsass.exe


Idi na Execute ...pa Yes...Yes ... doci ce do restarta kompjutera

posle toga mi molim te postavi novi DDS log i HJT log


Ako ga sila od Avengera ne ukloni idemo na drasticnije mere
 
Odgovor na temu

igor_cg

Član broj: 140731
Poruke: 63
213.133.5.*



Profil

icon Re: Problem sa C:Winlsass.exe30.07.2009. u 16:34 - pre 144 meseci
"Naredjenje izvrsenje" :)
ono isass i dalje postoji

DDS (Ver_09-07-30.01) - NTFSx86
Run by PC at 17:32:06.65 on Thu 07/30/2009
Internet Explorer: 6.0.2900.2180 BrowserJavaVersion: 1.6.0_06
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2046.1452 [GMT 2:00]

AV: ESET Smart Security 3.0 *On-access scanning enabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: ESET Personal firewall *enabled* {E5E70D32-0101-4340-86A3-A7B0F1C8FFE0}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\Common Files\ACD Systems\EN\DevDetect.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\PC\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.yahoo.com/
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\micros~2\office12\GRA8E1~1.DLL
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_06\bin\ssv.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\googletoolbar.dll
TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
uRun: [CTFMON.EXE] c:\windows\system32\ctfmon.exe
mRun: [Device Detector] DevDetect.exe -autorun
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [egui] "c:\program files\eset\eset smart security\egui.exe" /hide /waitservice
mRun: [run32] c:\_otm\movedfiles\07302009_163103\win\lsass.exe
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
dRunOnce: [RunNarrator] Narrator.exe
IE: &Google Search - c:\program files\google\googletoolbar.dll/cmsearch.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_06\bin\ssv.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\Yinsthelper.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\progra~1\micros~2\office12\GR99D3~1.DLL
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
SEH: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - No File
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\micros~2\office12\GRA8E1~1.DLL
SecurityProviders: msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,
LSA: Authentication Packages = msv1_0 c:\windows\system32\yayaYpMF

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\pc\applic~1\mozilla\firefox\profiles\1nptc0nz.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.startup.homepage - hxxp://www.vijesti.cg.yu/
FF - component: c:\program files\nokia\nokia pc suite 7\bkmrksync\components\BkMrkExt.dll
FF - component: c:\program files\real\realplayer\browserrecord\firefox\ext\components\nprpffbrowserrecordext.dll
FF - plugin: c:\documents and settings\all users\application data\zylom\zylomgamesplayer\npzylomgamesplayer.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npyaxmpb.dll

---- FIREFOX POLICIES ----

============= SERVICES / DRIVERS ===============

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-5-13 64160]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2008-2-1 8944]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2008-2-1 51440]
R2 {B154377D-700F-42cc-9474-23858FBDF4BD};Power Control [2009/05/13 08:40:42];c:\program files\cyberlink\powerdvd9\000.fcl [2009-2-28 87536]
R2 aawservice;Ad-Aware 2007 Service;c:\program files\lavasoft\ad-aware 2007\aawservice.exe [2008-1-4 587096]
R2 ekrn;Eset Service;c:\program files\eset\eset smart security\ekrn.exe [2007-12-21 468224]
R3 camvid20;Philips ToUcam Camera; Video;c:\windows\system32\drivers\camdrv21.sys [2008-5-14 223232]
S3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2009-3-9 1029456]
S3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2006-2-16 4096]
S3 WFIOCTL;WFIOCTL;c:\program files\winfast\wfdtv\WFIOCTL.sys [2008-5-14 9446]

============== File Associations ===============

regfile=regedit.exe "%1" %*

=============== Created Last 30 ================

2009-07-30 16:31 <DIR> --d----- C:\_OTM
2009-07-21 00:52 352 a---h--- c:\windows\nod32fixtemdono.reg
2009-07-21 00:51 <DIR> --d----- c:\program files\ESET
2009-07-21 00:47 360,192 a------- c:\windows\system32\TuneUpDefragService.exe
2009-07-18 23:41 54,156 a---h--- c:\windows\QTFont.qfn
2009-07-18 23:41 1,409 a------- c:\windows\QTFont.for
2009-07-11 21:31 <DIR> --d----- C:\VundoFix Backups
2009-07-11 17:58 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Jes-Soft
2009-07-09 18:34 25 a------- c:\windows\cdplayer.ini
2009-07-09 18:34 <DIR> --d----- c:\program files\common files\xing shared

==================== Find3M ====================

2009-07-13 13:36 38,160 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-07-13 13:36 19,096 a------- c:\windows\system32\drivers\mbam.sys
2009-07-09 18:34 499,712 a------- c:\windows\system32\msvcp71.dll
2009-07-09 18:34 348,160 a------- c:\windows\system32\msvcr71.dll
2009-06-26 18:18 659,456 a------- c:\windows\system32\wininet.dll
2009-06-26 18:18 81,920 a------- c:\windows\system32\ieencode.dll
2009-06-16 16:55 119,808 a------- c:\windows\system32\t2embed.dll
2009-06-16 16:55 82,432 a------- c:\windows\system32\fontsub.dll
2009-06-03 21:27 1,290,752 a------- c:\windows\system32\quartz.dll
2009-06-01 16:18 15,688 a------- c:\windows\system32\lsdelete.exe
2009-05-13 08:38 29,480 a------- c:\windows\system32\msxml3a.dll
2009-05-12 22:42 87,608 a------- c:\docume~1\pc\applic~1\inst.exe
2009-05-12 22:42 47,360 a------- c:\docume~1\pc\applic~1\pcouffin.sys
2009-05-07 17:44 344,064 a------- c:\windows\system32\localspl.dll
2008-05-15 16:32 32 a------- c:\docume~1\alluse~1\applic~1\ezsid.dat

============= FINISH: 17:32:32.26 ===============
 
Odgovor na temu

magna86
Anti Malware Fighter

Član broj: 189287
Poruke: 557

Sajt: www.mycity.rs/Ambulanta


+16 Profil

icon Re: Problem sa C:Winlsass.exe30.07.2009. u 16:38 - pre 144 meseci
Hajde sad obrisi OTM iz kompjutera,restartuj kompjuter pa pokreni HijackThis log i proveri jel se nalazi neka od ovih linija

O4 - HKLM\..\Run: [run32] C:\Win\lsass.exe

O4 - HKLM\..\Run: [run32] c:\_otm\movedfiles\07302009_163103\win\lsass.exe

ili mi postavi HJT log..kako ti lakse
 
Odgovor na temu

igor_cg

Član broj: 140731
Poruke: 63
213.133.5.*



Profil

icon Re: Problem sa C:Winlsass.exe30.07.2009. u 16:50 - pre 144 meseci
Kako se brise otm? Ja sam ga odavno izbrisao ,desni klik i delete.Ako se tako brise :(
Bolje da majstor provjeri...

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:46:26, on 7/30/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\Common Files\ACD Systems\EN\DevDetect.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\_OTM\MovedFiles\07302009_163103\Win\lsass.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\PC\Desktop\123\123.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar.dll
O4 - HKLM\..\Run: [Device Detector] DevDetect.exe -autorun
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [run32] C:\_OTM\MovedFiles\07302009_163103\Win\lsass.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\googletoolbar.dll/cmsearch.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software - C:\WINDOWS\System32\TuneUpDefragService.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

--
End of file - 6529 bytes
 
Odgovor na temu

magna86
Anti Malware Fighter

Član broj: 189287
Poruke: 557

Sajt: www.mycity.rs/Ambulanta


+16 Profil

icon Re: Problem sa C:Winlsass.exe30.07.2009. u 16:58 - pre 144 meseci
boze...svasta...

Pazljivo isprati uputstvo za skidanje Combofix

http://www.elitesecurity.org/t...e-programa-HijackThis-ComboFix

znaci pre skidanja obavezno iskljuci AntiVirus program,
znaci pokreni ESET AV >> idi na "Setup >> izaberi "Antivirus and antispyware"
opciju i klikni na "Temporarily disable Antivirus and antispyware protection"

pa po datom uputstvu pokreni skriptu i postavi mi log koji CF napravi na kraju


 
Odgovor na temu

igor_cg

Član broj: 140731
Poruke: 63
213.133.5.*



Profil

icon Re: Problem sa C:Winlsass.exe30.07.2009. u 17:19 - pre 144 meseci
Nadam se da sam sve odradio kako treba jer isass je i dalje tu :( !

ComboFix 09-07-29.04 - PC 07/30/2009 18:08.1.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2046.1598 [GMT 2:00]
Running from: c:\documents and settings\PC\Desktop\ComboFix.exe
AV: ESET Smart Security 3.0 *On-access scanning enabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: ESET Personal firewall *enabled* {E5E70D32-0101-4340-86A3-A7B0F1C8FFE0}
* Resident AV is active

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\PC\Application Data\.#
c:\documents and settings\PC\Application Data\inst.exe
c:\windows\Installer\19a771e.msi
c:\windows\Installer\a41ed.msi
c:\windows\Installer\fff055.msi
c:\windows\system32\Dvbpws.dll

.
((((((((((((((((((((((((( Files Created from 2009-06-28 to 2009-07-30 )))))))))))))))))))))))))))))))
.

2009-07-30 14:31 . 2009-07-30 14:31 -------- d-----w- C:\_OTM
2009-07-30 12:15 . 2009-07-30 12:15 328 ----a-w- c:\documents and settings\PC\Application Data\WinFF\ff090730141520.bat
2009-07-29 08:54 . 2009-07-29 08:54 2883 ----a-w- c:\documents and settings\PC\Application Data\WinFF\ff090729105403.bat
2009-07-27 18:06 . 2009-07-27 18:06 337 ----a-w- c:\documents and settings\PC\Application Data\WinFF\ff090727200645.bat
2009-07-27 14:08 . 2009-07-27 14:08 551 ----a-w- c:\documents and settings\PC\Application Data\WinFF\ff090727160838.bat
2009-07-26 18:17 . 2009-07-26 18:17 554 ----a-w- c:\documents and settings\PC\Application Data\WinFF\ff090726201739.bat
2009-07-20 22:52 . 2008-01-07 12:29 352 ---ha-w- c:\windows\nod32fixtemdono.reg
2009-07-20 22:51 . 2009-07-20 22:51 -------- d-----w- c:\program files\ESET
2009-07-20 22:47 . 2009-07-20 22:47 360192 ----a-w- c:\windows\system32\TuneUpDefragService.exe
2009-07-20 19:06 . 2009-07-20 19:06 431 ----a-w- c:\documents and settings\PC\Application Data\WinFF\ff090720210656.bat
2009-07-20 11:13 . 2009-07-20 11:13 345 ----a-w- c:\documents and settings\PC\Application Data\WinFF\ff090720131348.bat
2009-07-20 11:10 . 2009-07-20 11:10 360 ----a-w- c:\documents and settings\PC\Application Data\WinFF\ff090720131025.bat
2009-07-20 11:05 . 2009-07-20 11:05 354 ----a-w- c:\documents and settings\PC\Application Data\WinFF\ff090720130559.bat
2009-07-20 11:01 . 2009-07-20 11:01 345 ----a-w- c:\documents and settings\PC\Application Data\WinFF\ff090720130145.bat
2009-07-19 16:18 . 2009-07-19 16:18 352 ----a-w- c:\documents and settings\PC\Application Data\WinFF\ff090719181830.bat
2009-07-11 19:31 . 2009-07-11 19:31 -------- d-----w- C:\VundoFix Backups
2009-07-11 15:58 . 2009-07-11 15:58 -------- d-----w- c:\documents and settings\All Users\Application Data\Jes-Soft
2009-07-10 15:05 . 2009-07-10 15:05 557 ----a-w- c:\documents and settings\PC\Application Data\WinFF\ff090710170525.bat
2009-07-10 14:52 . 2009-07-10 14:52 316 ----a-w- c:\documents and settings\PC\Application Data\WinFF\ff090710165216.bat
2009-07-09 20:43 . 2009-07-09 20:46 -------- d-----w- c:\documents and settings\PC\Local Settings\Application Data\Temp
2009-07-09 20:43 . 2009-07-09 20:43 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Google
2009-07-09 16:34 . 2009-07-09 16:34 -------- d-----w- c:\documents and settings\PC\Local Settings\Application Data\Real
2009-07-09 16:34 . 2009-07-09 16:34 -------- d-----w- c:\program files\Common Files\xing shared
2009-07-09 16:33 . 2009-07-09 16:33 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Google
2009-07-08 19:42 . 2009-07-08 19:42 -------- d-----w- c:\program files\FLV Player

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-30 15:30 . 2008-11-18 22:55 169936 ----a-w- c:\documents and settings\PC\Application Data\Mozilla\Firefox\Profiles\1nptc0nz.default\FlashGot.exe
2009-07-30 12:15 . 2008-05-24 12:03 -------- d-----w- c:\documents and settings\PC\Application Data\WinFF
2009-07-29 22:32 . 2008-05-16 14:19 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-07-29 21:12 . 2008-05-15 14:35 -------- d-----w- c:\documents and settings\PC\Application Data\uTorrent
2009-07-28 21:05 . 2008-09-26 15:13 -------- d-----w- c:\documents and settings\PC\Application Data\Kingston
2009-07-27 14:30 . 2008-05-21 18:28 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-07-27 14:25 . 2008-06-01 08:05 3775176 ----a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2009-07-20 22:51 . 2008-05-23 09:09 -------- d-----w- c:\documents and settings\All Users\Application Data\ESET
2009-07-20 22:15 . 2008-05-15 13:25 -------- d-----w- c:\program files\Yahoo!
2009-07-13 11:36 . 2008-08-10 14:34 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-07-13 11:36 . 2008-05-21 18:28 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-07-11 12:53 . 2008-12-06 12:00 -------- d-----w- c:\program files\vanBasco's Karaoke Player
2009-07-10 14:43 . 2008-09-19 13:38 -------- d-----w- c:\program files\Google
2009-07-10 14:19 . 2009-01-31 01:18 -------- d-----w- c:\program files\TuneUp Utilities 2009
2009-07-09 16:34 . 2008-05-15 19:01 -------- d-----w- c:\program files\Common Files\Real
2009-07-09 16:34 . 2008-05-15 19:01 499712 ----a-w- c:\windows\system32\msvcp71.dll
2009-07-09 16:34 . 2008-05-15 19:01 348160 ----a-w- c:\windows\system32\msvcr71.dll
2009-07-08 18:52 . 2008-05-15 14:29 -------- d-----w- c:\documents and settings\PC\Application Data\Skype
2009-07-08 18:52 . 2008-05-15 14:32 -------- d-----w- c:\documents and settings\PC\Application Data\skypePM
2009-07-07 20:00 . 2009-06-24 14:12 25440 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\savapibridge.dll
2009-07-07 20:00 . 2009-06-24 14:12 1630560 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Resources.dll
2009-07-07 20:00 . 2009-06-24 14:11 2353480 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Ad-Aware.exe
2009-07-07 19:20 . 2008-05-15 13:21 -------- d-----w- c:\documents and settings\PC\Application Data\Vso
2009-07-06 14:17 . 2009-06-24 14:12 314712 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\threatwork.exe
2009-07-06 14:17 . 2009-06-24 14:12 169312 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\lavamessage.dll
2009-07-06 14:17 . 2009-06-24 14:12 348496 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\lavalicense.dll
2009-07-06 14:17 . 2009-06-24 14:12 298336 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\UpdateManager.dll
2009-07-06 14:17 . 2009-06-01 14:18 84832 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\ShellExt.dll
2009-07-06 14:16 . 2009-06-01 14:09 246128 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\RPAPI.dll
2009-07-06 14:16 . 2009-06-24 14:11 85352 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Drivers\32\AAWDriverTool.exe
2009-07-06 14:16 . 2009-06-01 14:09 40288 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\PrivacyClean.dll
2009-07-06 14:16 . 2009-06-24 14:11 664424 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\CEAPI.dll
2009-07-06 14:16 . 2009-06-24 14:11 563064 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Ad-AwareCommand.exe
2009-07-06 14:16 . 2009-06-24 14:11 566632 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Ad-AwareAdmin.exe
2009-07-06 14:16 . 2009-06-24 14:10 629072 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\AAWWSC.exe
2009-07-06 14:16 . 2009-06-24 14:10 520024 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\AAWTray.exe
2009-07-06 14:16 . 2009-06-24 14:10 1029456 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\AAWService.exe
2009-06-26 19:36 . 2009-06-26 19:36 -------- d-----w- c:\documents and settings\All Users\Application Data\KONAMI
2009-06-26 19:32 . 2009-06-26 19:32 -------- d-----w- c:\program files\KONAMI
2009-06-26 16:18 . 2004-08-03 22:56 659456 ----a-w- c:\windows\system32\wininet.dll
2009-06-26 16:18 . 2004-08-03 22:56 81920 ----a-w- c:\windows\system32\ieencode.dll
2009-06-24 14:19 . 2009-06-24 14:19 337 ----a-w- c:\documents and settings\PC\Application Data\WinFF\ff090624161917.bat
2009-06-24 14:17 . 2009-06-24 14:17 789 ----a-w- c:\documents and settings\PC\Application Data\WinFF\ff090624161739.bat
2009-06-23 18:55 . 2009-06-23 18:55 388 ----a-w- c:\documents and settings\PC\Application Data\WinFF\ff090623205533.bat
2009-06-23 18:33 . 2009-06-23 18:33 924 ----a-w- c:\documents and settings\PC\Application Data\WinFF\ff090623203351.bat
2009-06-23 18:30 . 2009-06-23 18:30 2958 ----a-w- c:\documents and settings\PC\Application Data\WinFF\ff090623203031.bat
2009-06-21 22:13 . 2008-05-16 13:36 -------- d-----w- c:\documents and settings\PC\Application Data\BSplayer PRO
2009-06-21 22:11 . 2009-06-21 22:11 -------- d-----w- c:\program files\Adobe Media Player
2009-06-21 22:11 . 2009-06-21 22:11 -------- d-----w- c:\program files\Common Files\Adobe AIR
2009-06-21 22:10 . 2009-06-21 22:11 38208 ----a-w- c:\documents and settings\PC\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
2009-06-16 14:55 . 2004-08-03 22:56 119808 ----a-w- c:\windows\system32\t2embed.dll
2009-06-16 14:55 . 2001-08-23 10:00 82432 ----a-w- c:\windows\system32\fontsub.dll
2009-06-12 20:15 . 2009-06-12 20:15 2165 ----a-w- c:\documents and settings\PC\Application Data\WinFF\ff090612221550.bat
2009-06-09 18:50 . 2009-06-09 18:50 313 ----a-w- c:\documents and settings\PC\Application Data\WinFF\ff090609205015.bat
2009-06-07 15:27 . 2009-06-07 15:27 3765 ----a-w- c:\documents and settings\PC\Application Data\WinFF\ff090607172718.bat
2009-06-06 16:48 . 2009-06-06 16:48 440 ----a-w- c:\documents and settings\PC\Application Data\WinFF\ff090606184822.bat
2009-06-06 14:06 . 2009-06-06 14:06 313 ----a-w- c:\documents and settings\PC\Application Data\WinFF\ff090606160652.bat
2009-06-03 19:27 . 2004-08-03 22:56 1290752 ----a-w- c:\windows\system32\quartz.dll
2009-06-01 14:18 . 2009-06-01 14:18 15688 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\lsdelete.exe
2009-06-01 14:18 . 2009-05-13 14:10 15688 ----a-w- c:\windows\system32\lsdelete.exe
2009-05-29 16:56 . 2009-05-29 16:56 390664 ----a-w- c:\documents and settings\PC\Application Data\Real\RealPlayer\Update\RealPlayer11.exe
2009-05-13 14:04 . 2009-05-13 14:05 64160 ----a-w- c:\windows\system32\drivers\Lbd.sys
2009-05-13 14:04 . 2009-05-13 14:04 64160 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Drivers\32\lbd.sys
2009-05-13 06:42 . 2009-05-12 20:16 53319 ----a-w- c:\documents and settings\All Users\Application Data\TEMP\{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}\PostBuild.exe
2009-05-13 06:38 . 2008-07-10 14:33 29480 ----a-w- c:\windows\system32\msxml3a.dll
2009-05-12 20:42 . 2008-05-15 13:21 47360 ----a-w- c:\windows\system32\drivers\pcouffin.sys
2009-05-12 20:42 . 2008-05-15 13:21 47360 ----a-w- c:\documents and settings\PC\Application Data\pcouffin.sys
2009-05-12 20:42 . 2008-05-15 13:21 47360 ----a-w- c:\documents and settings\PC\Application Data\pcouffin.sys
2009-05-08 10:44 . 2009-05-08 10:44 319 ----a-w- c:\documents and settings\PC\Application Data\WinFF\ff090508124456.bat
2009-05-07 15:44 . 2004-08-03 22:56 344064 ----a-w- c:\windows\system32\localspl.dll
2009-05-04 19:28 . 2009-05-04 19:28 322 ----a-w- c:\documents and settings\PC\Application Data\WinFF\ff090504212841.bat
2009-07-26 19:34 . 2009-04-23 15:17 134648 ----a-w- c:\program files\mozilla firefox\components\brwsrcmp.dll
2008-05-16 23:53 . 2008-05-15 14:07 48 --sh--w- c:\windows\SEAB9B388.tmp
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-08-03 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-06-28 8466432]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2007-12-21 1443072]
"run32"="c:\_otm\MovedFiles\07302009_163103\Win\lsass.exe" [2002-01-01 552103]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-03 15360]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" - c:\windows\system32\narrator.exe [2006-10-04 53760]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2007-04-19 10:41 294912 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\CyberLink\\PowerDVD9\\PowerDVD Cinema\\PowerDVDCinema.exe"=
"c:\\Program Files\\CyberLink\\PowerDVD9\\PowerDVD9.exe"=
"c:\\Program Files\\KONAMI\\Pro Evolution Soccer 2009\\pes2009.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [5/13/2009 16:05 64160]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2/1/2008 13:48 8944]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2/1/2008 13:48 51440]
R2 {B154377D-700F-42cc-9474-23858FBDF4BD};Power Control [2009/05/13 08:40];c:\program files\CyberLink\PowerDVD9\000.fcl [2/28/2009 19:40 87536]
R2 ekrn;Eset Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [12/21/2007 08:21 468224]
R3 camvid20;Philips ToUcam Camera; Video;c:\windows\system32\drivers\camdrv21.sys [5/14/2008 20:03 223232]
S3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [3/9/2009 21:06 1029456]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2/16/2006 16:51 4096]
S3 WFIOCTL;WFIOCTL;c:\program files\WinFast\WFDTV\WFIOCTL.sys [5/14/2008 17:25 9446]
.
Contents of the 'Scheduled Tasks' folder

2009-07-29 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-03-09 14:16]
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-Device Detector - DevDetect.exe
ShellExecuteHooks-{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - (no file)


.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
IE: &Google Search - c:\program files\Google\googletoolbar.dll/cmsearch.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\PC\Application Data\Mozilla\Firefox\Profiles\1nptc0nz.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.startup.homepage - hxxp://www.vijesti.cg.yu/
FF - component: c:\program files\Nokia\Nokia PC Suite 7\bkmrksync\components\BkMrkExt.dll
FF - component: c:\program files\Real\RealPlayer\browserrecord\firefox\ext\components\nprpffbrowserrecordext.dll
FF - plugin: c:\documents and settings\All Users\Application Data\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npyaxmpb.dll

---- FIREFOX POLICIES ----
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-07-30 18:13
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\{B154377D-700F-42cc-9474-23858FBDF4BD}]
"ImagePath"="\??\c:\program files\CyberLink\PowerDVD9\000.fcl"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1288)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Lavasoft\Ad-Aware 2007\aawservice.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\Nero\Nero8\Nero BackItUp\NBService.exe
c:\windows\system32\nvsvc32.exe
c:\program files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
c:\windows\system32\wdfmgr.exe
c:\program files\Common Files\ACD Systems\EN\DevDetect.exe
.
**************************************************************************
.
Completion time: 2009-07-30 18:16 - machine was rebooted
ComboFix-quarantined-files.txt 2009-07-30 16:16

Pre-Run: 44,667,514,880 bytes free
Post-Run: 45,848,989,696 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

228 --- E O F --- 2009-07-29 18:39
 
Odgovor na temu

magna86
Anti Malware Fighter

Član broj: 189287
Poruke: 557

Sajt: www.mycity.rs/Ambulanta


+16 Profil

icon Re: Problem sa C:Winlsass.exe30.07.2009. u 17:42 - pre 144 meseci
Otvori novi notepad i kopiraj ovo:

Code:
KILLALL::
File:: 
c:\_otm\MovedFiles\07302009_163103\Win\lsass.exe

Registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"run32"=-


nazovi taj notepad kao CFScript i sacuvaj ga na Desktop

Prevuci CFScript preko Combofix-a ( kao na slici )

http://img.photobucket.com/albums/v666/sUBs/CFScriptB-4.gif

po zavrsetku skeniranja postavi log koji napravi CF
 
Odgovor na temu

igor_cg

Član broj: 140731
Poruke: 63
213.133.5.*



Profil

icon Re: Problem sa C:Winlsass.exe30.07.2009. u 17:56 - pre 144 meseci
Mislim da je sada sve ok :) ?!

ComboFix 09-07-29.04 - PC 07/30/2009 18:46.2.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2046.1592 [GMT 2:00]
Running from: c:\documents and settings\PC\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\PC\Desktop\CFScript.txt
AV: ESET Smart Security 3.0 *On-access scanning enabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: ESET Personal firewall *enabled* {E5E70D32-0101-4340-86A3-A7B0F1C8FFE0}
* Resident AV is active


FILE ::
"c:\_otm\MovedFiles\07302009_163103\Win\lsass.exe"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\_otm\MovedFiles\07302009_163103\Win\lsass.exe

.
((((((((((((((((((((((((( Files Created from 2009-06-28 to 2009-07-30 )))))))))))))))))))))))))))))))
.

2009-07-30 14:31 . 2009-07-30 14:31 -------- d-----w- C:\_OTM
2009-07-30 12:15 . 2009-07-30 12:15 328 ----a-w- c:\documents and settings\PC\Application Data\WinFF\ff090730141520.bat
2009-07-29 08:54 . 2009-07-29 08:54 2883 ----a-w- c:\documents and settings\PC\Application Data\WinFF\ff090729105403.bat
2009-07-27 18:06 . 2009-07-27 18:06 337 ----a-w- c:\documents and settings\PC\Application Data\WinFF\ff090727200645.bat
2009-07-27 14:08 . 2009-07-27 14:08 551 ----a-w- c:\documents and settings\PC\Application Data\WinFF\ff090727160838.bat
2009-07-26 18:17 . 2009-07-26 18:17 554 ----a-w- c:\documents and settings\PC\Application Data\WinFF\ff090726201739.bat
2009-07-20 22:52 . 2008-01-07 12:29 352 ---ha-w- c:\windows\nod32fixtemdono.reg
2009-07-20 22:51 . 2009-07-20 22:51 -------- d-----w- c:\program files\ESET
2009-07-20 22:47 . 2009-07-20 22:47 360192 ----a-w- c:\windows\system32\TuneUpDefragService.exe
2009-07-20 19:06 . 2009-07-20 19:06 431 ----a-w- c:\documents and settings\PC\Application Data\WinFF\ff090720210656.bat
2009-07-20 11:13 . 2009-07-20 11:13 345 ----a-w- c:\documents and settings\PC\Application Data\WinFF\ff090720131348.bat
2009-07-20 11:10 . 2009-07-20 11:10 360 ----a-w- c:\documents and settings\PC\Application Data\WinFF\ff090720131025.bat
2009-07-20 11:05 . 2009-07-20 11:05 354 ----a-w- c:\documents and settings\PC\Application Data\WinFF\ff090720130559.bat
2009-07-20 11:01 . 2009-07-20 11:01 345 ----a-w- c:\documents and settings\PC\Application Data\WinFF\ff090720130145.bat
2009-07-19 16:18 . 2009-07-19 16:18 352 ----a-w- c:\documents and settings\PC\Application Data\WinFF\ff090719181830.bat
2009-07-11 19:31 . 2009-07-11 19:31 -------- d-----w- C:\VundoFix Backups
2009-07-11 15:58 . 2009-07-11 15:58 -------- d-----w- c:\documents and settings\All Users\Application Data\Jes-Soft
2009-07-10 15:05 . 2009-07-10 15:05 557 ----a-w- c:\documents and settings\PC\Application Data\WinFF\ff090710170525.bat
2009-07-10 14:52 . 2009-07-10 14:52 316 ----a-w- c:\documents and settings\PC\Application Data\WinFF\ff090710165216.bat
2009-07-09 20:43 . 2009-07-09 20:46 -------- d-----w- c:\documents and settings\PC\Local Settings\Application Data\Temp
2009-07-09 20:43 . 2009-07-09 20:43 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Google
2009-07-09 16:34 . 2009-07-09 16:34 -------- d-----w- c:\documents and settings\PC\Local Settings\Application Data\Real
2009-07-09 16:34 . 2009-07-09 16:34 -------- d-----w- c:\program files\Common Files\xing shared
2009-07-09 16:33 . 2009-07-09 16:33 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Google
2009-07-08 19:42 . 2009-07-08 19:42 -------- d-----w- c:\program files\FLV Player

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-30 16:18 . 2008-11-18 22:55 169936 ----a-w- c:\documents and settings\PC\Application Data\Mozilla\Firefox\Profiles\1nptc0nz.default\FlashGot.exe
2009-07-30 12:15 . 2008-05-24 12:03 -------- d-----w- c:\documents and settings\PC\Application Data\WinFF
2009-07-29 22:32 . 2008-05-16 14:19 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-07-29 21:12 . 2008-05-15 14:35 -------- d-----w- c:\documents and settings\PC\Application Data\uTorrent
2009-07-28 21:05 . 2008-09-26 15:13 -------- d-----w- c:\documents and settings\PC\Application Data\Kingston
2009-07-27 14:30 . 2008-05-21 18:28 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-07-27 14:25 . 2008-06-01 08:05 3775176 ----a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2009-07-20 22:51 . 2008-05-23 09:09 -------- d-----w- c:\documents and settings\All Users\Application Data\ESET
2009-07-20 22:15 . 2008-05-15 13:25 -------- d-----w- c:\program files\Yahoo!
2009-07-13 11:36 . 2008-08-10 14:34 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-07-13 11:36 . 2008-05-21 18:28 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-07-11 12:53 . 2008-12-06 12:00 -------- d-----w- c:\program files\vanBasco's Karaoke Player
2009-07-10 14:43 . 2008-09-19 13:38 -------- d-----w- c:\program files\Google
2009-07-10 14:19 . 2009-01-31 01:18 -------- d-----w- c:\program files\TuneUp Utilities 2009
2009-07-09 16:34 . 2008-05-15 19:01 -------- d-----w- c:\program files\Common Files\Real
2009-07-09 16:34 . 2008-05-15 19:01 499712 ----a-w- c:\windows\system32\msvcp71.dll
2009-07-09 16:34 . 2008-05-15 19:01 348160 ----a-w- c:\windows\system32\msvcr71.dll
2009-07-08 18:52 . 2008-05-15 14:29 -------- d-----w- c:\documents and settings\PC\Application Data\Skype
2009-07-08 18:52 . 2008-05-15 14:32 -------- d-----w- c:\documents and settings\PC\Application Data\skypePM
2009-07-07 20:00 . 2009-06-24 14:12 25440 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\savapibridge.dll
2009-07-07 20:00 . 2009-06-24 14:12 1630560 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Resources.dll
2009-07-07 20:00 . 2009-06-24 14:11 2353480 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Ad-Aware.exe
2009-07-07 19:20 . 2008-05-15 13:21 -------- d-----w- c:\documents and settings\PC\Application Data\Vso
2009-07-06 14:17 . 2009-06-24 14:12 314712 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\threatwork.exe
2009-07-06 14:17 . 2009-06-24 14:12 169312 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\lavamessage.dll
2009-07-06 14:17 . 2009-06-24 14:12 348496 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\lavalicense.dll
2009-07-06 14:17 . 2009-06-24 14:12 298336 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\UpdateManager.dll
2009-07-06 14:17 . 2009-06-01 14:18 84832 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\ShellExt.dll
2009-07-06 14:16 . 2009-06-01 14:09 246128 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\RPAPI.dll
2009-07-06 14:16 . 2009-06-24 14:11 85352 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Drivers\32\AAWDriverTool.exe
2009-07-06 14:16 . 2009-06-01 14:09 40288 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\PrivacyClean.dll
2009-07-06 14:16 . 2009-06-24 14:11 664424 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\CEAPI.dll
2009-07-06 14:16 . 2009-06-24 14:11 563064 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Ad-AwareCommand.exe
2009-07-06 14:16 . 2009-06-24 14:11 566632 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Ad-AwareAdmin.exe
2009-07-06 14:16 . 2009-06-24 14:10 629072 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\AAWWSC.exe
2009-07-06 14:16 . 2009-06-24 14:10 520024 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\AAWTray.exe
2009-07-06 14:16 . 2009-06-24 14:10 1029456 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\AAWService.exe
2009-06-26 19:36 . 2009-06-26 19:36 -------- d-----w- c:\documents and settings\All Users\Application Data\KONAMI
2009-06-26 19:32 . 2009-06-26 19:32 -------- d-----w- c:\program files\KONAMI
2009-06-26 16:18 . 2004-08-03 22:56 659456 ----a-w- c:\windows\system32\wininet.dll
2009-06-26 16:18 . 2004-08-03 22:56 81920 ----a-w- c:\windows\system32\ieencode.dll
2009-06-24 14:19 . 2009-06-24 14:19 337 ----a-w- c:\documents and settings\PC\Application Data\WinFF\ff090624161917.bat
2009-06-24 14:17 . 2009-06-24 14:17 789 ----a-w- c:\documents and settings\PC\Application Data\WinFF\ff090624161739.bat
2009-06-23 18:55 . 2009-06-23 18:55 388 ----a-w- c:\documents and settings\PC\Application Data\WinFF\ff090623205533.bat
2009-06-23 18:33 . 2009-06-23 18:33 924 ----a-w- c:\documents and settings\PC\Application Data\WinFF\ff090623203351.bat
2009-06-23 18:30 . 2009-06-23 18:30 2958 ----a-w- c:\documents and settings\PC\Application Data\WinFF\ff090623203031.bat
2009-06-21 22:13 . 2008-05-16 13:36 -------- d-----w- c:\documents and settings\PC\Application Data\BSplayer PRO
2009-06-21 22:11 . 2009-06-21 22:11 -------- d-----w- c:\program files\Adobe Media Player
2009-06-21 22:11 . 2009-06-21 22:11 -------- d-----w- c:\program files\Common Files\Adobe AIR
2009-06-21 22:10 . 2009-06-21 22:11 38208 ----a-w- c:\documents and settings\PC\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
2009-06-16 14:55 . 2004-08-03 22:56 119808 ----a-w- c:\windows\system32\t2embed.dll
2009-06-16 14:55 . 2001-08-23 10:00 82432 ----a-w- c:\windows\system32\fontsub.dll
2009-06-12 20:15 . 2009-06-12 20:15 2165 ----a-w- c:\documents and settings\PC\Application Data\WinFF\ff090612221550.bat
2009-06-09 18:50 . 2009-06-09 18:50 313 ----a-w- c:\documents and settings\PC\Application Data\WinFF\ff090609205015.bat
2009-06-07 15:27 . 2009-06-07 15:27 3765 ----a-w- c:\documents and settings\PC\Application Data\WinFF\ff090607172718.bat
2009-06-06 16:48 . 2009-06-06 16:48 440 ----a-w- c:\documents and settings\PC\Application Data\WinFF\ff090606184822.bat
2009-06-06 14:06 . 2009-06-06 14:06 313 ----a-w- c:\documents and settings\PC\Application Data\WinFF\ff090606160652.bat
2009-06-03 19:27 . 2004-08-03 22:56 1290752 ----a-w- c:\windows\system32\quartz.dll
2009-06-01 14:18 . 2009-06-01 14:18 15688 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\lsdelete.exe
2009-06-01 14:18 . 2009-05-13 14:10 15688 ----a-w- c:\windows\system32\lsdelete.exe
2009-05-29 16:56 . 2009-05-29 16:56 390664 ----a-w- c:\documents and settings\PC\Application Data\Real\RealPlayer\Update\RealPlayer11.exe
2009-05-13 14:04 . 2009-05-13 14:05 64160 ----a-w- c:\windows\system32\drivers\Lbd.sys
2009-05-13 14:04 . 2009-05-13 14:04 64160 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Drivers\32\lbd.sys
2009-05-13 06:42 . 2009-05-12 20:16 53319 ----a-w- c:\documents and settings\All Users\Application Data\TEMP\{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}\PostBuild.exe
2009-05-13 06:38 . 2008-07-10 14:33 29480 ----a-w- c:\windows\system32\msxml3a.dll
2009-05-12 20:42 . 2008-05-15 13:21 47360 ----a-w- c:\windows\system32\drivers\pcouffin.sys
2009-05-12 20:42 . 2008-05-15 13:21 47360 ----a-w- c:\documents and settings\PC\Application Data\pcouffin.sys
2009-05-12 20:42 . 2008-05-15 13:21 47360 ----a-w- c:\documents and settings\PC\Application Data\pcouffin.sys
2009-05-08 10:44 . 2009-05-08 10:44 319 ----a-w- c:\documents and settings\PC\Application Data\WinFF\ff090508124456.bat
2009-05-07 15:44 . 2004-08-03 22:56 344064 ----a-w- c:\windows\system32\localspl.dll
2009-05-04 19:28 . 2009-05-04 19:28 322 ----a-w- c:\documents and settings\PC\Application Data\WinFF\ff090504212841.bat
2009-07-26 19:34 . 2009-04-23 15:17 134648 ----a-w- c:\program files\mozilla firefox\components\brwsrcmp.dll
2008-05-16 23:53 . 2008-05-15 14:07 48 --sh--w- c:\windows\SEAB9B388.tmp
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-08-03 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-06-28 8466432]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2007-12-21 1443072]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-03 15360]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" - c:\windows\system32\narrator.exe [2006-10-04 53760]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2007-04-19 10:41 294912 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\CyberLink\\PowerDVD9\\PowerDVD Cinema\\PowerDVDCinema.exe"=
"c:\\Program Files\\CyberLink\\PowerDVD9\\PowerDVD9.exe"=
"c:\\Program Files\\KONAMI\\Pro Evolution Soccer 2009\\pes2009.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [5/13/2009 16:05 64160]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2/1/2008 13:48 8944]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2/1/2008 13:48 51440]
R2 {B154377D-700F-42cc-9474-23858FBDF4BD};Power Control [2009/05/13 08:40];c:\program files\CyberLink\PowerDVD9\000.fcl [2/28/2009 19:40 87536]
R2 ekrn;Eset Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [12/21/2007 08:21 468224]
R3 camvid20;Philips ToUcam Camera; Video;c:\windows\system32\drivers\camdrv21.sys [5/14/2008 20:03 223232]
S3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [3/9/2009 21:06 1029456]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2/16/2006 16:51 4096]
S3 WFIOCTL;WFIOCTL;c:\program files\WinFast\WFDTV\WFIOCTL.sys [5/14/2008 17:25 9446]
.
Contents of the 'Scheduled Tasks' folder

2009-07-29 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-03-09 14:16]
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-run32 - c:\_otm\MovedFiles\07302009_163103\Win\lsass.exe


.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
IE: &Google Search - c:\program files\Google\googletoolbar.dll/cmsearch.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\PC\Application Data\Mozilla\Firefox\Profiles\1nptc0nz.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.startup.homepage - hxxp://www.vijesti.cg.yu/
FF - component: c:\program files\Nokia\Nokia PC Suite 7\bkmrksync\components\BkMrkExt.dll
FF - component: c:\program files\Real\RealPlayer\browserrecord\firefox\ext\components\nprpffbrowserrecordext.dll
FF - plugin: c:\documents and settings\All Users\Application Data\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npyaxmpb.dll

---- FIREFOX POLICIES ----
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-07-30 18:50
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\{B154377D-700F-42cc-9474-23858FBDF4BD}]
"ImagePath"="\??\c:\program files\CyberLink\PowerDVD9\000.fcl"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1408)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Lavasoft\Ad-Aware 2007\aawservice.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\Nero\Nero8\Nero BackItUp\NBService.exe
c:\windows\system32\nvsvc32.exe
c:\program files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
c:\windows\system32\wdfmgr.exe
.
**************************************************************************
.
Completion time: 2009-07-30 18:54 - machine was rebooted
ComboFix-quarantined-files.txt 2009-07-30 16:54
ComboFix2.txt 2009-07-30 16:16

Pre-Run: 45,860,954,112 bytes free
Post-Run: 45,817,937,920 bytes free

217 --- E O F --- 2009-07-29 18:39
 
Odgovor na temu

magna86
Anti Malware Fighter

Član broj: 189287
Poruke: 557

Sajt: www.mycity.rs/Ambulanta


+16 Profil

icon Re: Problem sa C:Winlsass.exe30.07.2009. u 18:05 - pre 144 meseci
Ok...to je to
Start >> Run kopiraj sledece:
Code:
Combofix /u

OK

to ce uninstalirati Combofix skriptu
 
Odgovor na temu

igor_cg

Član broj: 140731
Poruke: 63
213.133.5.*



Profil

icon Re: Problem sa C:Winlsass.exe30.07.2009. u 18:09 - pre 144 meseci
Hvala ti puno, znas znanje :) !!
Posle restarta pojavljuje mi se da li da kliknem na Recovery Console ili operativni sistem.To je povezano sa combofixom?Treba li tako svaki put ili mogu i to da uklonim, a pri tome sam aktivirao skriptu za brisanje combofixa.Pozz

[Ovu poruku je menjao igor_cg dana 30.07.2009. u 19:31 GMT+1]
 
Odgovor na temu

magna86
Anti Malware Fighter

Član broj: 189287
Poruke: 557

Sajt: www.mycity.rs/Ambulanta


+16 Profil

icon Re: Problem sa C:Winlsass.exe30.07.2009. u 19:14 - pre 144 meseci
hehe...Hvala
pazi,preporucljivo je da ostane ali ako hoces da je bas uklonis i ako ti smeta idi na C particijiu i
obrisi CMDCONS folder i CMDLDR file sa root-a kao i Boot.bak.
Start >> Run kucaj
Code:
msconfig
OK

Na Boot.ini tabu treba kliknuti na "Check All Boot Paths"
Windows će da prijavi nefunkcionalnu liniju i samo treba kliknuti Yes
pa OK


 
Odgovor na temu

igor_cg

Član broj: 140731
Poruke: 63
213.133.5.*



Profil

icon Re: Problem sa C:Winlsass.exe30.07.2009. u 19:54 - pre 144 meseci
Ako je preporucljivo necemo ga dirati hvala jos jednom!
 
Odgovor na temu

hajduk7

Član broj: 132919
Poruke: 435
*.dynamic.sbb.rs.



+3 Profil

icon Re: Problem sa C:Winlsass.exe30.07.2009. u 20:01 - pre 144 meseci
Pazi ovako prosto jednostavno u glavnom windows folderu postoji taj fajl lsass.exe i on mora da bude pokrenut non stop a ako vidis negde gde pise c:\win\isass.exe slobodno brisi, ako to isto nadjes u Registry slobodno brise jer win direktorijum u XP nepostoji postoji glavni folder pod imenu WINDOWS. Posle kad obrises svuda gde nadjes c:\win\ posle sa AV ponovo skeniraj komp kad nadje sve viruse samo ga restartuj i to je to. Nadam se da sam bio jasan.
Ako te snadje muka pozovi hajduka
Pazi se hajduka ako ga snjadje muka
 
Odgovor na temu

igor_cg

Član broj: 140731
Poruke: 63
213.133.5.*



Profil

icon Re: Problem sa C:Winlsass.exe01.08.2009. u 15:47 - pre 144 meseci
ok,hvala!!
 
Odgovor na temu

[es] :: Zaštita :: Problem sa C:\Win\lsass.exe

[ Pregleda: 5373 | Odgovora: 19 ] > FB > Twit

Postavi temu Odgovori

Navigacija
Lista poslednjih: 16, 32, 64, 128 poruka.