Logan Posted February 4, 2008 Report Share Posted February 4, 2008 Ok, my pc freeze (XPsp2) after 4~5min after i open uTorrent, it started to act like that since uTorrent 1.7.6 update and it also occur in v 1.7.7-----------------Logfile of Trend Micro HijackThis v2.0.2Scan saved at 07:18:52, on 4/2/2008Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\Explorer.EXEC:\Arquivos de programas\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exeC:\Arquivos de programas\cFosSpeed\spd.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\SOUNDMAN.EXEC:\Arquivos de programas\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exeC:\Arquivos de programas\cFosSpeed\cFosSpeed.exeC:\Arquivos de programas\Mozilla Firefox\firefox.exeD:\Arquivos de programas\Trend Micro\HijackThis\HijackThis.exeR0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blankO2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dllO2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\ARQUIV~1\SPYBOT~1\SDHelper.dllO2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXEO4 - HKLM\..\Run: [AVP] "C:\Arquivos de programas\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe"O4 - HKLM\..\Run: [cFosSpeed] C:\Arquivos de programas\cFosSpeed\cFosSpeed.exeO4 - HKLM\..\Run: [QuickTime Task] "C:\Arquivos de programas\QuickTime\QTTask.exe" -atboottimeO4 - HKLM\..\RunOnce: [WIAWizardMenu] RUNDLL32.EXE C:\WINDOWS\system32\sti_ci.dll,WiaCreateWizardMenuO4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')O4 - HKUS\S-1-5-19\..\Run: [Free Download Manager] C:\Arquivos de programas\Free Download Manager\fdm.exe -autorun (User 'LOCAL SERVICE')O4 - HKUS\S-1-5-19\..\Run: [MsnMsgr] "C:\Arquivos de programas\MSN Messenger\MsnMsgr.Exe" /background (User 'LOCAL SERVICE')O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_01] rundll32 advpack.dll,DelNodeRunDLL32 "C:\WINDOWS\eHome" (User 'LOCAL SERVICE')O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_05] rundll32 advpack.dll,DelNodeRunDLL32 "C:\WINDOWS\system32\Inetsrv" (User 'LOCAL SERVICE')O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_07] rundll32 advpack.dll,DelNodeRunDLL32 "%SystemRoot%\System32\dllcache" (User 'LOCAL SERVICE')O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_08] cmd.exe /c md "%SystemRoot%\System32\dllcache" (User 'LOCAL SERVICE')O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_14] rundll32 advpack.dll,DelNodeRunDLL32 "C:\WINDOWS\help" (User 'LOCAL SERVICE')O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_15] cmd.exe /c md "%USERPROFILE%\Configurações locais\Temp" (User 'LOCAL SERVICE')O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_18] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'LOCAL SERVICE')O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_19] rundll32 advpack.dll,LaunchINFSection nlite.inf,nLiteReg (User 'LOCAL SERVICE')O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_20] rundll32 advpack.dll,LaunchINFSection nlite.inf,S (User 'LOCAL SERVICE')O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')O4 - HKUS\S-1-5-20\..\RunOnce: [nlpo_01] rundll32 advpack.dll,DelNodeRunDLL32 "C:\WINDOWS\eHome" (User 'NETWORK SERVICE')O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~1\OFFICE11\EXCEL.EXE/3000O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\shdocvw.dllO9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\shdocvw.dllO9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Arquivos de programas\Kaspersky Lab\Kaspersky Anti-Virus 6.0\scieplugin.dllO9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~1\OFFICE11\REFIEBAR.DLLO14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.aspO16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1160013089656O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\ARQUIV~1\ARQUIV~1\Skype\SKYPE4~1.DLLO23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exeO23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exeO23 - Service: Kaspersky Anti-Virus 6.0 (AVP) - Kaspersky Lab - C:\Arquivos de programas\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exeO23 - Service: cFosSpeed System Service (cFosSpeedS) - cFos Software GmbH - C:\Arquivos de programas\cFosSpeed\spd.exeO23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\1150\Intel 32\IDriverT.exeO23 - Service: NMIndexingService - Unknown owner - C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexingService.exe (file missing)--End of file - 5459 bytes-------------------------------------------------Process PID CPU Description Company NameSystem Idle Process 0 58.96 Interrupts n/a 0.75 Hardware Interrupts DPCs n/a Deferred Procedure Calls System 4 2.99 smss.exe 996 Gerenciador de Sessão do Windows NT Microsoft Corporation csrss.exe 1052 Client Server Runtime Process Microsoft Corporation winlogon.exe 1096 Aplicativo de logon do Windows NT Microsoft Corporation services.exe 1148 0.75 Aplicativo de serviços e controle Microsoft Corporation ati2evxx.exe 1328 ATI External Event Utility EXE Module ATI Technologies Inc. svchost.exe 1348 Generic Host Process for Win32 Services Microsoft Corporation svchost.exe 1456 Generic Host Process for Win32 Services Microsoft Corporation svchost.exe 1580 Generic Host Process for Win32 Services Microsoft Corporation svchost.exe 1632 Generic Host Process for Win32 Services Microsoft Corporation svchost.exe 1836 Generic Host Process for Win32 Services Microsoft Corporation spoolsv.exe 1944 Spooler SubSystem App Microsoft Corporation avp.exe 484 Kaspersky Anti-Virus Kaspersky Lab spd.exe 508 cFosSpeed Service cFos Software GmbH svchost.exe 696 Generic Host Process for Win32 Services Microsoft Corporation alg.exe 964 Application Layer Gateway Service Microsoft Corporation lsass.exe 1160 LSA Shell (Export Version) Microsoft Corporation ati2evxx.exe 1732 ATI External Event Utility EXE Module ATI Technologies Inc.explorer.exe 412 Windows Explorer Microsoft Corporation SOUNDMAN.EXE 1512 Realtek Sound Manager Realtek Semiconductor Corp. avp.exe 1520 Kaspersky Anti-Virus Kaspersky Lab cfosspeed.exe 1528 cFosSpeed Window cFos Software GmbH firefox.exe 2860 Firefox Mozilla Corporation procexp.exe 468 0.75 Sysinternals Process Explorer Sysinternals utorrent.exe 2068 35.82 Process: utorrent.exe Pid: 2068Name Description Company Name VersionACTIVEDS.dll DLL de camada de roteador ADs Microsoft Corporation 5.01.2600.2180adsldpc.dll DLL C de provedor ADs LDAP Microsoft Corporation 5.01.2600.2180ADVAPI32.dll API de base do Windows 32 avançada Microsoft Corporation 5.01.2600.2180ATL.DLL ATL Module for Windows XP (Unicode) Microsoft Corporation 3.05.2284.0000CLBCATQ.DLL Microsoft Corporation 2001.12.4414.0308COMCTL32.dll User Experience Controls Library Microsoft Corporation 6.00.2900.2982comdlg32.dll DLL de diálogos comuns Microsoft Corporation 6.00.2900.2180COMRes.dll Microsoft Corporation 2001.12.4414.0258ctype.nls DNSAPI.dll DNS Client API DLL Microsoft Corporation 5.01.2600.2938GDI32.dll GDI Client DLL Microsoft Corporation 5.01.2600.3159hnetcfg.dll Gerenciador de configurações de rede doméstica Microsoft Corporation 5.01.2600.2180Iphlpapi.dll IP Helper API Microsoft Corporation 5.01.2600.2912kernel32.dll DLL cliente da API BASE do Windows NT Microsoft Corporation 5.01.2600.3119locale.nls MPRAPI.dll Windows NT MP Router Administration DLL Microsoft Corporation 5.01.2600.2180msvcrt.dll Windows NT CRT DLL Microsoft Corporation 7.00.2600.2180mswsock.dll Fornecedor de serviços do Microsoft Windows Sockets 2.0 Microsoft Corporation 5.01.2600.2180NETAPI32.dll Net Win32 API DLL Microsoft Corporation 5.01.2600.2976ntdll.dll DLL de nível do NT Microsoft Corporation 5.01.2600.2180ole32.dll Microsoft OLE para Windows e Windows NT Microsoft Corporation 5.01.2600.2726oleaut32.dll Microsoft Corporation 5.01.2600.3139rasadhlp.dll Remote Access AutoDial Helper Microsoft Corporation 5.01.2600.2938RPCRT4.dll Remote Procedure Call Runtime Microsoft Corporation 5.01.2600.3173rtutils.dll Routing Utilities Microsoft Corporation 5.01.2600.2180SAMLIB.dll SAM Library DLL Microsoft Corporation 5.01.2600.2180Secur32.dll Security Support Provider Interface Microsoft Corporation 5.01.2600.2180SETUPAPI.dll API de instalação do Windows Microsoft Corporation 5.01.2600.2180SHELL32.dll DLL comum do Shell do Windows Microsoft Corporation 6.00.2900.3241SHLWAPI.dll Biblioteca de utilitário abreviado para Shell Microsoft Corporation 6.00.2900.3231sortkey.nls sorttbls.nls unicode.nls USER32.dll DLL de Cliente API de usuário Windows XP Microsoft Corporation 5.01.2600.3099utorrent.exe uxtheme.dll Biblioteca UxTheme Microsoft Microsoft Corporation 6.00.2900.2180VERSION.dll Version Checking and File Installation Libraries Microsoft Corporation 5.01.2600.2180winrnr.dll LDAP RnR Provider DLL Microsoft Corporation 5.01.2600.2180WLDAP32.dll DLL da API LDAP Win32 Microsoft Corporation 5.01.2600.2180WS2_32.dll Windows Socket 2.0 32-Bit DLL Microsoft Corporation 5.01.2600.2180WS2HELP.dll DLL de ajuda do Windows Socket 2.0 para Windows NT Microsoft Corporation 5.01.2600.2180wshtcpip.dll Windows Sockets Helper DLL Microsoft Corporation 5.01.2600.2180 Link to comment Share on other sites More sharing options...
jewelisheaven Posted February 4, 2008 Report Share Posted February 4, 2008 Nero Scout can cause problems with file permissions. I don't see anything added to uT's process, so I'm thinking it's CFOS speed... Can you make sure it's configured like in the firewall setup thread http://forum.utorrent.com/viewtopic.php?id=7862 >? Link to comment Share on other sites More sharing options...
DreadWingKnight Posted February 4, 2008 Report Share Posted February 4, 2008 I would also potentially suspect Kapersky. Link to comment Share on other sites More sharing options...
Logan Posted February 4, 2008 Author Report Share Posted February 4, 2008 No problem with CFOS speed, i have no firewallKaspersky detected this last ut update:detected: riskware Trojan.generic Running process: C:\Documents and Settings\Administrador\Configurações locais\Temp\utt3.tmp.exe Link to comment Share on other sites More sharing options...
jewelisheaven Posted February 4, 2008 Report Share Posted February 4, 2008 Detected what? That's a useless error message . Tell KIS to allow utorrent.exe: If you have to give it the full path to your exe. Link to comment Share on other sites More sharing options...
Firon Posted February 5, 2008 Report Share Posted February 5, 2008 Kaspersky is a junky firewall. Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.