I´ve followed all the steps listd in You Must Read This Before Posting... thread, but it did not solve my problem
The thing is: the server on my job is infected with... i have no idea!
i can log in and work normally, but after a time users can´t log in the server and suddenly a system window pops up saying that LSASS.EXE has terminated unexpetedly, and the system will reboot in 60 seconds. ERROR CODE: 1078807364.
(this LSASS.EXE is, apparently, the file responsible for networking security and users logon details)
well, i cant have a server that will not authenticate users correctly and reboots every 15 minutes, or so, and mostly: my boss can´t have a employee that cant solve this in his staff... which will leave me with no job
would there be a kind soul willing to help this brazillian [bleep] keep his job, even tho i dont deserve it?
Thanks a bunch in advance!
oh, and btw, here´s my hijackthis log:
Logfile of HijackThis v1.99.1
Scan saved at 23:18:34, on 08/06/2005
Platform: Windows 2000 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\System32\msdtc.exe
C:\ARQUIV~1\Grisoft\AVG7\avgamsvr.exe
C:\ARQUIV~1\Grisoft\AVG7\avgupsvc.exe
C:\CFusion\cfam\program\ccmgr.exe
C:\CFusion\Bin\cfserver.exe
C:\CFusion\Bin\cfexec.exe
C:\CFusion\Bin\cfrdsservice.exe
C:\CFusion\JRun\bin\JRun.exe
C:\CFusion\jrun\bin\jrun.exe
C:\WINNT\system32\Dfssvc.exe
C:\WINNT\System32\tcpsvcs.exe
C:\WINNT\System32\svchost.exe
C:\CFusion\jre\bin\ntConsoleJava.exe
C:\CFusion\jre\bin\ntConsoleJava.exe
C:\Arquivos de programas\ewido\security suite\ewidoctrl.exe
C:\Arquivos de programas\ewido\security suite\ewidoguard.exe
C:\WINNT\System32\ismserv.exe
C:\WINNT\System32\llssrv.exe
c:\ARQUIV~1\mcafee.com\vso\mcvsrte.exe
C:\ARQUIV~1\MICROS~3\MSSQL\binn\sqlservr.exe
C:\WINNT\system32\ntfrs.exe
C:\WINNT\System32\locator.exe
C:\WINNT\System32\rsvp.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\System32\wins.exe
C:\CFusion\cfam\bin\CANamingAdapter.exe
C:\WINNT\System32\dns.exe
C:\WINNT\System32\inetsrv\inetinfo.exe
C:\Arquivos de programas\Arquivos comuns\System\MSSearch\Bin\mssearch.exe
C:\ARQUIV~1\MICROS~3\MSSQL\binn\sqlagent.exe
C:\WINNT\Explorer.exe
C:\WINNT\System32\hkcmd.exe
C:\ARQUIV~1\mcafee.com\vso\mcvsshld.exe
c:\arquivos de programas\mcafee.com\agent\mcagent.exe
c:\arquiv~1\mcafee.com\vso\mcvsescn.exe
C:\WINNT\System32\internat.exe
C:\Arquivos de programas\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
c:\ARQUIV~1\mcafee.com\vso\mcshield.exe
C:\WINNT\System32\svchost.exe
C:\CFusion\cfam\Program\wsm.exe
C:\CFusion\cfam\Program\dfp.exe
C:\CFusion\cfam\Program\wsprobe.exe
C:\unzipped\hijackthis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://192.168.0.2/televendas
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = &http://home.microsof...ss/allinone.asp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = &http://home.microsof...ss/allinone.asp
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\arquiv~1\mcafee.com\vso\mcvsshl.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINNT\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINNT\System32\hkcmd.exe
O4 - HKLM\..\Run: [VSOCheckTask] "c:\ARQUIV~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] "c:\ARQUIV~1\mcafee.com\vso\mcvsshld.exe"
O4 - HKLM\..\Run: [MCAgentExe] c:\ARQUIV~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\ARQUIV~1\mcafee.com\agent\McUpdate.exe
O4 - HKLM\..\RunServices: [Microsoft Windows Update Logon] win-logon.exe
O4 - HKCU\..\Run: [internat.exe] internat.exe
O4 - Global Startup: Service Manager.lnk = C:\Arquivos de programas\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsof...ss/allinone.asp
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = localdomain.local
O17 - HKLM\System\CCS\Services\Tcpip\..\{8F271D5E-7CD2-4233-B440-23FA8F773414}: NameServer = 192.168.0.254
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = localdomain.local
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = localdomain.local
O20 - Winlogon Notify: igfxcui - C:\WINNT\SYSTEM32\igfxsrvc.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: ColdFusion Monitoring Service (ClusterCATS Service) - Unknown owner - C:\CFusion\cfam\program\ccmgr.exe
O23 - Service: Cold Fusion Application Server - Macromedia Inc. - C:\CFusion\Bin\cfserver.exe
O23 - Service: ColdFusion Executive (Cold Fusion Executive) - Macromedia Inc. - C:\CFusion\Bin\cfexec.exe
O23 - Service: ColdFusion RDS (Cold Fusion RDS) - Macromedia Inc. - C:\CFusion\Bin\cfrdsservice.exe
O23 - Service: ColdFusion Graphing Server - Unknown owner - C:\CFusion\JRun\bin\JRun.exe
O23 - Service: ColdFusion Management Repository Server (ColdFusion Management Repository) - Unknown owner - C:\CFusion\jrun\bin\jrun.exe" -jrundir "C:\CFusion\jrun" -nt "ColdFusion Management Repository" "cfam (file missing)
O23 - Service: ColdFusion Management Service - Unknown owner - C:\CFusion\cfam\bin\CANamingAdapter.exe
O23 - Service: Serviço administrativo do gerenciador de disco lógico (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: ewido security suite control - ewido networks - C:\Arquivos de programas\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Arquivos de programas\ewido\security suite\ewidoguard.exe
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\ARQUIV~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\ARQUIV~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - McAfee, Inc - c:\ARQUIV~1\mcafee.com\vso\mcvsrte.exe
Edited by Guig0, 08 June 2005 - 05:20 AM.