CentrumXP Forum Tematyka portalu CentrumXP.pl Bezpieczeństwo og hijackthis do sprawdzenia

og hijackthis do sprawdzenia

Logfile of HijackThis v1.98.2
Scan saved at 20:25:03, on 2004–09–19
Platform: Windows XP Dodatek SP. 1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:WINDOWSSystem32smss.exe

C:WINDOWSSYSTEM32winlogon.exe
C:WINDOWSsystem32services.exe
C:WINDOWSsystem32lsass.exe

C:WINDOWSsystem32svchost.exe
C:WINDOWSSystem32svchost.exe
C:WINDOWSsystem32spoolsv.exe
D:ProgramyKerio Personal Firewall 4.1Personal Firewall 4kpf4ss.exe
C:WINDOWSSystem32 vsvc32.exe

D:ProgramyKerio Personal Firewall 4.1Personal Firewall 4kpf4gui.exe
C:WINDOWSExplorer.EXE

D:ProgramyKerio Personal Firewall 4.1Personal Firewall 4kpf4gui.exe
C:WINDOWSSOUNDMAN.EXE
D:ProgramyDeamonTools v.3.47.0daemon.exe
C:PROGRA~1WanadooTaskbarIcon.exe

D:ProgramyMotherboard Monitor 5.3.6.0MBM5.EXE
C:Program FilesSAGEMSAGEM F@st 800–840dslmon.exe
C:WINDOWSsystem32spider.exe

C:PROGRA~1WanadooEspaceWanadoo.exe
C:PROGRA~1WanadooComComp.exe
D:ProgramyFirefox 0.9.2 PLfirefox.exe
C:WINDOWS otepad.exe
D:ProgramyHijackThis.exe

R1 – HKCUSoftwareMicrosoftInternet ExplorerMain,Search Bar = http://szukaj.wp.pl
R0 – HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = http://www.neostrada.pl

R1 – HKCUSoftwareMicrosoftInternet Connection Wizard,ShellNext = "C:Program FilesOutlook Expressmsimn.exe"

R1 – HKCUSoftwareMicrosoftInternet ExplorerMain,Window Title = Neostrada Plus wita Cie w Internecie
R0 – HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName = Łącza
O2 – BHO: AcroIEHlprObj Class – {06849E9F–C8D7–4D59–B87D–784B7D6BE0B3} – D:ProgramyAdobe Reader 6.0.2 PLReaderActiveXAcroIEHelper.dll

O2 – BHO: (no name) – {53707962–6F74–2D53–2644–206D7942484F} – D:ProgramySPYBOT~1.3SDHelper.dll
O3 – Toolbar: &Radio – {8E718888–423F–11D2–876E–00A0C9082467} – C:WINDOWSSystem32msdxm.ocx
O4 – HKLM..Run: [SoundMan] SOUNDMAN.EXE
O4 – HKLM..Run: [NvCplDaemon] RUNDLL32.EXE
C:WINDOWSSystem32NvCpl.dll,NvStartup
O4 – HKLM..Run: [nwiz] nwiz.exe /install

O4 – HKLM..Run: [DAEMON Tools–1033] "D:ProgramyDeamonTools v.3.47.0daemon.exe" –lang 1033
O4 – HKLM..Run: [WOOWATCH] C:PROGRA~1WanadooWatch.exe
O4 – HKLM..Run: [WOOTASKBARICON] C:PROGRA~1WanadooTaskbarIcon.exe
O4 – HKLM..Run: [MBM 5] "D:ProgramyMotherboard Monitor 5.3.6.0MBM5.EXE"

O4 – HKLM..Run: [KAVPersonal50] D:ProgramyKaspersky Anti–Virus Personal 5kav.exe /minimize
O4 – Global Startup: DSLMON.lnk = C:Program FilesSAGEMSAGEM F@st 800–840dslmon.exe
O8 – Extra context menu item: Download with GetRight – D:ProgramyGetRight 5.1GRdownload.htm
O8 – Extra context menu item: E&ksport do programu Microsoft Excel – res://D:ProgramyMICROS~1OFFICE11EXCEL.EXE/3000

O8 – Extra context menu item: Open with GetRight Browser – D:ProgramyGetRight 5.1GRbrowse.htm
O9 – Extra button: Badanie – {92780B25–18CC–41C8–B9BE–3C9C571A8263} – D:ProgramyMICROS~1OFFICE11REFIEBAR.DLL
O9 – Extra button: Related – {c95fe080–8f5d–11d2–a20b–00aa003c157a} – C:WINDOWSweb elated.htm
O9 – Extra 'Tools' menuitem: Show &Related Links – {c95fe080–8f5d–11d2–a20b–00aa003c157a} – C:WINDOWSweb elated.htm
O17 –
HKLMSystemCCSServicesTcpip..{31C05761–7655–48ED–8E6B–63299AAACF71}: NameServer = 194.204.152.34 217.98.63.164

a mój problem jest następujący:
po połączeniu z netem wszystko jest w porządku przez około 10–15 minut. po tym czasie komp się zawiesza (zrobienie czegokolwiek trwa 10 minut nie przesadzam ) zauwaźyłem w Menadźerze zadań źe w prawie 100% procesor wykorzystuje Isass.exe. proszę o pomoc!

Odpowiedzi: 8

dzieki, wkleilem go poniewaz ostatnio cos mi zaczal mulic system ale nevermind :D
ilaz
Dodano
21.09.2004 03:44:01
Czysto.

Jesli nic sie nie dzieje, nie ladujcie tych logow.
EL NINO
Dodano
21.09.2004 03:41:48
bylbym wdzieczny za sprawdzenie
–––
Logfile of HijackThis v1.97.7
Scan saved at 01:34:43, on 2004–09–21
Platform: Windows XP Dodatek SP. 1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
D:WINDOWSSystem32smss.exe
D:WINDOWSsystem32winlogon.exe
D:WINDOWSsystem32services.exe
D:WINDOWSsystem32lsass.exe
D:WINDOWSsystem32svchost.exe
D:WINDOWSSystem32svchost.exe
D:Program FilesCommon FilesSymantec SharedccSetMgr.exe
D:Program FilesCommon FilesSymantec SharedccEvtMgr.exe
D:WINDOWSExplorer.EXE
D:WINDOWSsystem32spoolsv.exe
D:Program FilesCommon FilesSymantec SharedccApp.exe
D:WINDOWSSOUNDMAN.EXE
D:Program FilesCommon FilesSymantec SharedccProxy.exe
D:Program FilesNorton Internet SecurityNorton AntiVirus avapsvc.exe
D:Program FilesNorton Internet SecurityNorton AntiVirusSAVScan.exe
D:Program FilesCommon FilesSymantec SharedSNDSrvc.exe
D:WINDOWSSystem32svchost.exe
D:Program FilesInternet ExplorerIEXPLORE.EXE
D:Documents and SettingsxxxPulpitHijackThis.exe

O2 – BHO: (no name) – {06849E9F–C8D7–4D59–B87D–784B7D6BE0B3} – D:Program FilesAdobeAcrobat 6.0 CEReaderActiveXAcroIEHelper.dll
O2 – BHO: Web assistant – {9ECB9560–04F9–4bbc–943D–298DDF1699E1} – D:Program FilesCommon FilesSymantec SharedAdBlockingNISShExt.dll
O2 – BHO: NAV Helper – {BDF3E430–B101–42AD–A544–FADC6B084872} – D:Program FilesNorton Internet SecurityNorton AntiVirusNavShExt.dll
O3 – Toolbar: &Radio – {8E718888–423F–11D2–876E–00A0C9082467} – D:WINDOWSSystem32msdxm.ocx
O3 – Toolbar: Web assistant – {0B53EAC3–8D69–4b9e–9B19–A37C9A5676A7} – D:Program FilesCommon FilesSymantec SharedAdBlockingNISShExt.dll
O3 – Toolbar: Norton AntiVirus – {42CDD1BF–3FFB–4238–8AD1–7859DF00B1D6} – D:Program FilesNorton Internet SecurityNorton AntiVirusNavShExt.dll
O4 – HKLM..Run: [ccApp] "D:Program FilesCommon FilesSymantec SharedccApp.exe"
O4 – HKLM..Run: [SoundMan] SOUNDMAN.EXE
O4 – HKLM..Run: [NeroFilterCheck] D:WINDOWSsystem32NeroCheck.exe
O16 – DPF: komentator – http://sport.onet.pl/komentator.cab
O16 – DPF: {31B7EB4E–8B4B–11D1–A789–00A0CC6651A8} (Cult3D ActiveX Player) – http://www.cult3d.com/download/cult.cab
O16 – DPF: {D27CDB6E–AE6D–11CF–96B8–444553540000} (Shockwave Flash Object) – http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
ilaz
Dodano
21.09.2004 03:37:55
ostatnio nic nie instalowalem nie wiem co to jest lepiej usune dzieki za pomoc
Maciokoki
Dodano
21.09.2004 02:41:30
dann13:
lsass. exe
OK, to proces systemowy, ale cos sie moglo pod niego podlaczyc. Pokaz jak pisalem wyzej, zrzut ekranowy okienka z podgladem uruchomionych procesow. Mozesz rowniez dolozyc zrzut okienka msconfig z zakladki autostart. Tak, zeby wszystko bylo widac.
Samemu logowi nic nie mozna zarzucic. No chyba ze spider.exe nie jest tym o czym mysle a trojanem Push.


Maciokoki, pozbadz sie z loga i z dysku znalezionych nizej plikow:

C:CWINDOWSSystem32sdin.exe
C:CWINDOWSSystem32msupdt.exe
C:CWINDOWSSystem32smss32.exe
C:CWINDOWSSystem32MSupdate32.exe

O4 – HKLM..Run: [System Restore] svcnet.exe
O4 – HKLM..Run: [msupdates] msupdt.exe
O4 – HKLM..Run: [Microsoft Internet Services] smss32.exe
O4 – HKLM..Run: [SDIN Adapter] sdin.exe
O4 – HKLM..Run: [msconfig service] MSupdate32.exe
O4 – HKLM..RunServices: [msupdates] msupdt.exe
O4 – HKLM..RunServices: [Microsoft Internet Services] smss32.exe
O4 – HKLM..RunServices: [SDIN Adapter] sdin.exe
O4 – HKLM..RunServices: [msconfig service] MSupdate32.exe
O4 – HKCU..Run: [System Restore] svcnet.exe
O4 – HKCU..Run: [SDIN Adapter] sdin.exe
O4 – HKLM..RunOnce: [SDIN Adapter] sdin.exe
O4 – HKCU..RunOnce: [SDIN Adapter] sdin.exe
O6 – HKCUSoftwarePoliciesMicrosoftInternet ExplorerControl Panel present

Ten sdin.exe jest Ci znany ? Ty instalowales ?
EL NINO
Dodano
20.09.2004 21:35:33
Logfile of HijackThis v1.97.7
Scan saved at 14:22:18, on 2004–09–20
Platform: Windows XP Dodatek SP. 1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:CWINDOWSSystem32smss.exe
C:CWINDOWSsystem32winlogon.exe
C:CWINDOWSsystem32services.exe
C:CWINDOWSsystem32lsass.exe
C:CWINDOWSsystem32svchost.exe
C:CWINDOWSSystem32svchost.exe
C:Program FilesSygateSPFsmc.exe
C:CWINDOWSsystem32spoolsv.exe
C:Program FilesAlwil SoftwareAvast4aswUpdSv.exe
C:Program FilesAlwil SoftwareAvast4ashServ.exe
C:CWINDOWSSystem32 vsvc32.exe
C:CWINDOWSSystem32svchost.exe
C:CWINDOWSExplorer.EXE
C:CWINDOWSSystem32sdin.exe
C:Program FilesJavaj2re1.4.2_04injusched.exe
C:PROGRA~1ALWILS~1Avast4ashDisp.exe
C:Program FilesNetPumperNetPumperIEProxy.exe
C:CWINDOWSSystem32msupdt.exe
C:CWINDOWSSystem32smss32.exe
C:CWINDOWSSystem32MSupdate32.exe
C:Program FilesCursorXPCursorXP.exe
C:Program FilesInternet Exploreriexplore.exe
C:Program FilesInternet Exploreriexplore.exe
D:ProgramyHijackThis.exe

R0 – HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = http://wp.pl
R0 – HKLMSoftwareMicrosoftInternet ExplorerMain,Start Page = http://wp.pl
O2 – BHO: myBar BHO – {0494D0D1–F8E0–41ad–92A3–14154ECE70AC} – (no file)
O2 – BHO: (no name) – {06849E9F–C8D7–4D59–B87D–784B7D6BE0B3} – C:Program FilesAdobeAcrobat 5.0 CEReaderActiveXAcroIEHelper.ocx
O2 – BHO: (no name) – {53707962–6F74–2D53–2644–206D7942484F} – C:Program FilesSpybot – Search & DestroySDHelper.dll
O3 – Toolbar: FlashGet Bar – {E0E899AB–F487–11D5–8D29–0050BA6940E3} – C:PROGRA~1FlashGetfgiebar.dll
O3 – Toolbar: &Radio – {8E718888–423F–11D2–876E–00A0C9082467} – C:CWINDOWSSystem32msdxm.ocx
O3 – Toolbar: (no name) – {0494D0D9–F8E0–41ad–92A3–14154ECE70AC} – (no file)
O4 – HKLM..Run: [SunJavaUpdateSched] C:Program FilesJavaj2re1.4.2_04injusched.exe
O4 – HKLM..Run: [NvCplDaemon] RUNDLL32.EXE C:CWINDOWSSystem32NvCpl.dll,NvStartup
O4 – HKLM..Run: [nwiz] nwiz.exe /install
O4 – HKLM..Run: [avast!] C:PROGRA~1ALWILS~1Avast4ashDisp.exe
O4 – HKLM..Run: [System Restore] svcnet.exe
O4 – HKLM..Run: [NvMediaCenter] RUNDLL32.EXE C:CWINDOWSSystem32NvMcTray.dll,NvTaskbarInit
O4 – HKLM..Run: [NetPumper] "C:Program FilesNetPumperNetPumperIEProxy.exe"
O4 – HKLM..Run: [msupdates] msupdt.exe
O4 – HKLM..Run: [Microsoft Internet Services] smss32.exe
O4 – HKLM..Run: [TrojanScanner] C:Program FilesTrojan RemoverTrjscan.exe
O4 – HKLM..Run: [SmcService] C:PROGRA~1SygateSPFsmc.exe –startgui
O4 – HKLM..Run: [SDIN Adapter] sdin.exe
O4 – HKLM..Run: [msconfig service] MSupdate32.exe
O4 – HKLM..RunServices: [msupdates] msupdt.exe
O4 – HKLM..RunServices: [Microsoft Internet Services] smss32.exe
O4 – HKLM..RunServices: [SDIN Adapter] sdin.exe
O4 – HKLM..RunServices: [msconfig service] MSupdate32.exe
O4 – HKCU..Run: [CursorXP] C:Program FilesCursorXPCursorXP.exe
O4 – HKCU..Run: [System Restore] svcnet.exe
O4 – HKCU..Run: [SDIN Adapter] sdin.exe
O4 – HKLM..RunOnce: [SDIN Adapter] sdin.exe
O4 – HKCU..RunOnce: [SDIN Adapter] sdin.exe
O6 – HKCUSoftwarePoliciesMicrosoftInternet ExplorerControl Panel present
O8 – Extra context menu item: Download All by FlashGet – C:Program FilesFlashGetjc_all.htm
O8 – Extra context menu item: Download using FlashGet – C:Program FilesFlashGetjc_link.htm
O8 – Extra context menu item: Download with NetPumper – C:Program FilesNetPumperAddUrl.htm
O9 – Extra 'Tools' menuitem: Sun Java Console (HKLM)
O9 – Extra button: Microsoft JavaScript Console (HKLM)
O9 – Extra 'Tools' menuitem: JavaScript Console (HKLM)
O9 – Extra button: FlashGet (HKLM)
O9 – Extra 'Tools' menuitem: &FlashGet (HKLM)
O9 – Extra button: Microsoft JavaScript Console (HKCU)
O9 – Extra 'Tools' menuitem: JavaScript Console (HKCU)
O16 – DPF: {0A5FD7C5–A45C–49FC–ADB5–9952547D5715} (Creative Software AutoUpdate) – http://www.creative.com/SU/ocx/12119/CTSUEng.cab
O16 – DPF: {166B1BCA–3F9C–11CF–8075–444553540000} (Shockwave ActiveX Control) – http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
O16 – DPF: {39B0684F–D7BF–4743–B050–FDC3F48F7E3B} (FilePlanet Download Control Class) – http://www.fileplanet.com/fpdlmgr/cabs/FPDC_1_0_0_42.cab
O16 – DPF: {70BA88C8–DAE8–4CE9–92BB–979C4A75F53B} (GSDACtl Class) – http://launch.gamespyarcade.com/software/launch/alaunch.cab
O16 – DPF: {9F1C11AA–197B–4942–BA54–47A8489BB47F} (Update Class) – http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?38074.5414351852
O16 – DPF: {BFA1F11D–3121–AFE1–4112–894323212DAC} (GINWORDS Class) – http://gryonline.wp.pl/files/words_2_0_0_18.cab
O16 – DPF: {D27CDB6E–AE6D–11CF–96B8–444553540000} (Shockwave Flash Object) – http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 – DPF: {E7544C6C–CFD6–43EA–B4E9–360CEE20BDF7} (MainControl Class) – http://skaner.mks.com.pl/SkanerOnline.cab
O16 – DPF: {F6ACF75C–C32C–447B–9BEF–46B766368D29} (Creative Software AutoUpdate Support Package) – http://www.creative.com/SU/ocx/12119/CTPID.cab
O17 – HKLMSystemCCSServicesTcpip..{8958D136–2D71–410C–B405–D470E67FEC93}: NameServer = 194.204.159.1 194.204.152.34


Bede bardzo wczieczny jesli mi ktos powie co z tego usunac... mam niemaly problem zawsze gdy podlacze sie od internetu gdy zaczynam grac w sieci przez neta zaczyna mi zamulac lacze tak ze sie nie da grac... nie wiem czemu ale restart kompa wystarcza ale to sie znowu powtarza :/
Maciokoki
Dodano
20.09.2004 16:27:25
lsass. exe
dodatkowo informacja z firewall–a opis aplikacji z przeglądu połączeń LSA Shell (Export Version)
sytuacja dalej się powtarza
dann13
Dodano
20.09.2004 10:25:47
dann13:
w prawie 100% procesor wykorzystuje Isass.exe
Isass.exe czy lsass.exe ? (isass.exe – Lsass.exe)
Dolacz do posta zrzut okienka z uruchomionymi procesami.
EL NINO
Dodano
20.09.2004 03:04:08
dann13
Dodano:
19.09.2004 22:37:52
Komentarzy:
8
Strona 1 / 1