Gå til innhold
🎄🎅❄️God Jul og Godt Nyttår fra alle oss i Diskusjon.no ×

Restart caused by C:\WINDOWS\system32\lsass.exe


Anbefalte innlegg

Jeg fikk akkurat melding om at PC-en min skulle restarte. Restarten var "caused by C:\WINDOWS\system32\lsass.exe". Sjekket jeg denne prosessen med Task Manager, het den "System Shutdown" og prosessnavnet winlogon.exe, som jo er en viktig systemprosess. Jeg har hørt om andre som har sånne restarter, men husker ikke navnet på viruset, men det lurte Task Manager med winlogon-navnet så den ikke kunne avsluttes. Jeg har også åpnet lsass.exe med Notepad, og fant ordet "ShutdownSystem". Er jeg infisert?

Lenke til kommentar
Videoannonse
Annonse

Her er logfil fra resultatet:

 

Logfile of HijackThis v1.99.1

Scan saved at 14:32:47, on 10.03.2005

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\SOUNDMAN.EXE

C:\Norman\bin\ZLH.EXE

C:\PROGRA~1\CA\ETRUST~1\ETRUST~1\ca.exe

C:\Program Files\Microsoft IntelliPoint\point32.exe

D:\All skiten jeg ikke vil ha snarvei til\Winamp\winampa.exe

C:\Program Files\Common Files\Real\Update_OB\realsched.exe

C:\Program Files\Google\Gmail Notifier\gnotify.exe

C:\WINDOWS\system32\RUNDLL32.EXE

C:\WINDOWS\Mixer.exe

D:\All skiten jeg ikke vil ha snarvei til\StatBar\StatBar.exe

C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe

C:\Program Files\MSI\Core Center\CoreCenter.exe

C:\Program Files\Skyr@cer Pro Utility\WLANPRO.exe

C:\Program Files\Executive Software\Diskeeper\DkService.exe

C:\Norman\bin\ZANDA.EXE

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\wdfmgr.exe

C:\WINDOWS\system32\ZoneLabs\vsmon.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Norman\Nvc\BIN\NIP.EXE

C:\NORMAN\Nvc\BIN\NVCSCHED.EXE

C:\NORMAN\Nvc\BIN\nvcoas.exe

C:\Norman\bin\NJEEVES.EXE

C:\NORMAN\Nvc\BIN\nipsvc.exe

C:\WINDOWS\System32\alg.exe

C:\Norman\Nvc\bin\cclaw.exe

C:\Program Files\MSN Messenger\msnmsgr.exe

D:\All skiten jeg ikke vil ha snarvei til\Opera\8Beta\Opera.exe

C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe

C:\Program Files\Google\Google Desktop Search\GoogleDesktopCrawl.exe

C:\WINDOWS\system32\RTLCPL.EXE

C:\WINDOWS\ALCFDRTM.EXE

D:\All skiten jeg ikke vil ha snarvei til\Winamp\winamp.exe

C:\Program Files\Google\Google Desktop Search\GoogleDesktopOE.exe

D:\All skiten jeg ikke vil ha snarvei til\Gidderikkelagenymappefordetsomskalværeher\hijackthis\HijackThis.exe

 

F3 - REG:win.ini: run=

O2 - BHO: Google Desktop Search Capture - {7c1ce531-09e9-4fc5-9803-1c2956615786} - C:\Program Files\Google\Google Desktop Search\GoogleDesktopIE.dll

O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [Norman ZANDA] C:\Norman\bin\ZLH.EXE /LOAD /SPLASH

O4 - HKLM\..\Run: [Zone Labs Client] C:\PROGRA~1\CA\ETRUST~1\ETRUST~1\ca.exe

O4 - HKLM\..\Run: [intelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"

O4 - HKLM\..\Run: [WinampAgent] D:\All skiten jeg ikke vil ha snarvei til\Winamp\winampa.exe

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot

O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\gnotify.exe

O4 - HKLM\..\Run: [DiskeeperSystray] "C:\Program Files\Executive Software\Diskeeper\DkIcon.exe"

O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup

O4 - HKLM\..\Run: [userFaultCheck] %systemroot%\system32\dumprep 0 -u

O4 - HKCU\..\Run: [statBar] D:\All skiten jeg ikke vil ha snarvei til\StatBar\StatBar.exe

O4 - HKCU\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup

O4 - Global Startup: CoreCenter.lnk = C:\Program Files\MSI\Core Center\CoreCenter.exe

O4 - Global Startup: Skyr@cer Pro PCI 154 Configuration Utility.lnk = ?

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O10 - Broken Internet access because of LSP provider 'xfire_lsp_10908.dll' missing

O16 - DPF: {10ABC6DB-E091-4EAE-98DD-21B5A2460714} (DetInstaller Class) - http://www.pandasoftware.es/avchecker/cont...s/AvDetInst.cab

O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab

O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_1_0_0_44.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5co...b?1105202467062

O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab

O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab

O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Program Files\Executive Software\Diskeeper\DkService.exe

O23 - Service: Norman API-hooking helper (NipSvc) - Unknown owner - C:\NORMAN\Nvc\BIN\nipsvc.exe

O23 - Service: Norman NJeeves - Unknown owner - C:\Norman\bin\NJEEVES.EXE

O23 - Service: Norman ZANDA - Unknown owner - C:\Norman\bin\ZANDA.EXE

O23 - Service: Norman Virus Control on-access component (nvcoas) - Norman ASA - C:\NORMAN\Nvc\BIN\nvcoas.exe

O23 - Service: Norman Virus Control Scheduler (NVCScheduler) - Norman Data Defense Systems - C:\NORMAN\Nvc\BIN\NVCSCHED.EXE

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

Lenke til kommentar
  • 4 uker senere...

Hjelper lite om man har et oppdatert antivirusprogram med de nyeste referansefilene om man kjører et operativsystem uten oppdateringer eller med oppdateringer fra et par år tilbake.

 

Ta deg en tur innom windowsupdate og installer alle kritiske oppdateringer. KB890830 MS Malicious Software Removal Tool finner og fjerner de mest kjente virus som utnytter sikkerhetshull i windows xp.

Lenke til kommentar

Opprett en konto eller logg inn for å kommentere

Du må være et medlem for å kunne skrive en kommentar

Opprett konto

Det er enkelt å melde seg inn for å starte en ny konto!

Start en konto

Logg inn

Har du allerede en konto? Logg inn her.

Logg inn nå
  • Hvem er aktive   0 medlemmer

    • Ingen innloggede medlemmer aktive
×
×
  • Opprett ny...