kamen Posted February 5, 2010 Report Share Posted February 5, 2010 Since betas of version 2.0, uTorrent stils open in task maneger after close the program.when you need re-open utorrent the warning shows up saying that and you can't close the process in task maneger (invalid operation).i needed back to version 1.8.5 because that.i use win 7 ultimate, without firewall and I use avira antivirus ( but I tested with avira off).PS.: sorry my terrible english. Link to comment Share on other sites More sharing options...
DreadWingKnight Posted February 5, 2010 Report Share Posted February 5, 2010 Process explorer process list with the dll list for the offending utorrent.exe process please. Link to comment Share on other sites More sharing options...
moogly Posted February 5, 2010 Report Share Posted February 5, 2010 Guide here: http://forum.utorrent.com/viewtopic.php?id=29748 Link to comment Share on other sites More sharing options...
kamen Posted February 6, 2010 Author Report Share Posted February 6, 2010 explorer process list:Process PID CPU Description Company NameSystem Idle Process 0 96.21 Interrupts n/a Hardware Interrupts DPCs n/a Deferred Procedure Calls System 4 smss.exe 272 Gerenciador de Sessão do Windows Microsoft Corporationcsrss.exe 368 Processo do tempo de Execução do Servidor do Cliente Microsoft Corporationwininit.exe 428 Aplicativo de Inicialização do Windows Microsoft Corporation services.exe 476 Aplicativo de serviços e controle Microsoft Corporation svchost.exe 652 Processo de Host para Serviços do Windows Microsoft Corporation fdm.exe 4076 Free Download Manager FreeDownloadManager.ORG svchost.exe 732 Processo de Host para Serviços do Windows Microsoft Corporation atiesrxx.exe 796 AMD External Events Service Module AMD atieclxx.exe 1124 AMD External Events Client Module AMD svchost.exe 876 Processo de Host para Serviços do Windows Microsoft Corporation svchost.exe 924 Processo de Host para Serviços do Windows Microsoft Corporation dwm.exe 2020 Gerenciador de Janelas da Área de Trabalho Microsoft Corporation svchost.exe 956 Processo de Host para Serviços do Windows Microsoft Corporation taskeng.exe 1936 Mecanismo do Agendador de Tarefas Microsoft Corporation SixEngine.exe 1028 svchost.exe 600 Processo de Host para Serviços do Windows Microsoft Corporation svchost.exe 1040 Processo de Host para Serviços do Windows Microsoft Corporation spoolsv.exe 1220 Aplicativo de subsistema de spooler Microsoft Corporation sched.exe 1260 Antivirus Scheduler Avira GmbH svchost.exe 1284 Processo de Host para Serviços do Windows Microsoft Corporation AEADISRV.EXE 1404 Andrea filters APO access service (64-bit) Andrea Electronics Corporation avguard.exe 1432 Antivirus On-Access Service Avira GmbH AsSysCtrlService.exe 1456 svchost.exe 1488 Processo de Host para Serviços do Windows Microsoft Corporation svchost.exe 1608 Processo de Host para Serviços do Windows Microsoft Corporation taskhost.exe 1840 Processo de Host para Tarefas do Windows Microsoft Corporation SearchIndexer.exe 2784 Indexador do Microsoft Windows Search Microsoft Corporation SearchProtocolHost.exe 1084 Microsoft Windows Search Protocol Host Microsoft Corporation SearchFilterHost.exe 728 Microsoft Windows Search Filter Host Microsoft Corporation wmpnetwk.exe 2948 Serviço de Compartilhamento de Rede do Windows Media Player Microsoft Corporation svchost.exe 2772 Processo de Host para Serviços do Windows Microsoft Corporation svchost.exe 3572 Processo de Host para Serviços do Windows Microsoft Corporation svchost.exe 3916 Processo de Host para Serviços do Windows Microsoft Corporation lsass.exe 492 Local Security Authority Process Microsoft Corporation lsm.exe 500 Serviço do Gerenciador de Sessão Local Microsoft Corporationcsrss.exe 452 Processo do tempo de Execução do Servidor do Cliente Microsoft Corporationwinlogon.exe 568 Aplicativo de Logon do Windows Microsoft Corporationexplorer.exe 1532 Windows Explorer Microsoft Corporation SoundMAX.exe 2180 SoundMAX Audio Settings (32-bit) Analog Devices, Inc. jusched.exe 2196 Java Platform SE binary Sun Microsystems, Inc. iexplore.exe 3140 Internet Explorer Microsoft Corporation iexplore.exe 3208 Internet Explorer Microsoft Corporation iexplore.exe 3676 Internet Explorer Microsoft Corporation iexplore.exe 2308 Internet Explorer Microsoft Corporation uTorrent.exe 2592 µTorrent BitTorrent, Inc. procexp.exe 4044 Sysinternals Process Explorer Sysinternals - www.sysinternals.com procexp64.exe 2552 3.79 Sysinternals Process Explorer Sysinternals - www.sysinternals.comsmax4pnp.exe 2364 SMax4PNP Analog Devices, Inc.avgnt.exe 2408 Antivirus System Tray Tool Avira GmbHjusched.exe 2484 Java Platform SE binary Sun Microsystems, Inc.MOM.exe 2492 Catalyst Control Center: Monitoring program Advanced Micro Devices Inc. CCC.exe 3020 Catalyst Control Centre: Host application ATI Technologies Inc.Process: uTorrent.exe Pid: 2592 Name Description Company Name Version ADVAPI32.dll API de base do Windows 32 avançada Microsoft Corporation 6.1.7600.16385 ATL.DLL ATL Module for Windows XP (Unicode) Microsoft Corporation 3.5.2284.0 AUTHZ.dll Authorization Framework Microsoft Corporation 6.1.7600.16385 bcrypt.dll Windows Cryptographic Primitives Library (Wow64) Microsoft Corporation 6.1.7600.16385 bcryptprimitives.dll Windows Cryptographic Primitives Library Microsoft Corporation 6.1.7600.16385 Cabinet.dll Microsoft® Cabinet File API Microsoft Corporation 6.1.7600.16385 CLBCatQ.DLL COM+ Configuration Catalog Microsoft Corporation 2001.12.8530.16385 COMCTL32.dll Biblioteca de Controles de Experiência do Usuário Microsoft Corporation 6.10.7600.16385 comctl32.dll.mui Biblioteca de Controles de Experiência do Usuário Microsoft Corporation 6.10.7600.16385 comdlg32.dll DLL de diálogos comuns Microsoft Corporation 6.1.7600.16385 credssp.dll Credential Delegation Security Package Microsoft Corporation 6.1.7600.16385 CRYPT32.dll Crypto API32 Microsoft Corporation 6.1.7600.16385 crypt32.dll.mui Crypto API32 Microsoft Corporation 6.1.7600.16385 CRYPTBASE.dll Base cryptographic API DLL Microsoft Corporation 6.1.7600.16385 cryptnet.dll Crypto Network Related API Microsoft Corporation 6.1.7600.16385 CRYPTSP.dll Cryptographic Service Provider API Microsoft Corporation 6.1.7600.16385 DEVRTL.dll Device Management Run Time Library Microsoft Corporation 6.1.7600.16385 dhcpcsvc.DLL Serviço do Cliente DHCP Microsoft Corporation 6.1.7600.16385 dhcpcsvc6.DLL Cliente DHCPv6 Microsoft Corporation 6.1.7600.16385 DnsApi.dll DLL da API de cliente DNS Microsoft Corporation 6.1.7600.16385 DUser.dll Windows DirectUser Engine Microsoft Corporation 6.1.7600.16385 duser.dll.mui Windows DirectUser Engine Microsoft Corporation 6.1.7600.16385 dwmapi.dll Microsoft Desktop Window Manager API Microsoft Corporation 6.1.7600.16385 FirewallAPI.dll API do Firewall do Windows Microsoft Corporation 6.1.7600.16385 fwpuclnt.dll API de Modo de Usuário FWP/IPsec Microsoft Corporation 6.1.7600.16385 GDI32.dll GDI Client DLL Microsoft Corporation 6.1.7600.16385 GPAPI.dll API do Cliente da Diretiva de Grupo Microsoft Corporation 6.1.7600.16385 hnetcfg.dll Gerenciador de configurações de rede doméstica Microsoft Corporation 6.1.7600.16385 hnetcfg.dll.mui Gerenciador de configurações de rede doméstica Microsoft Corporation 6.1.7600.16385 iertutil.dll Run time utility for Internet Explorer Microsoft Corporation 8.0.7600.16385 IMM32.DLL Multi-User Windows IMM32 API Client DLL Microsoft Corporation 6.1.7600.16385 index.dat index.dat index.dat Iphlpapi.dll IP Helper API Microsoft Corporation 6.1.7600.16385 kernel32.dll DLL cliente da API BASE do Windows NT Microsoft Corporation 6.1.7600.16385 KERNELBASE.dll DLL cliente da API BASE do Windows NT Microsoft Corporation 6.1.7600.16385 KernelBase.dll.mui DLL cliente da API BASE do Windows NT Microsoft Corporation 6.1.7600.16385 locale.nls LPK.dll Language Pack Microsoft Corporation 6.1.7600.16385 MSASN1.dll ASN.1 Runtime APIs Microsoft Corporation 6.1.7600.16415 MSCTF.dll DLL de servidor MSCTF Microsoft Corporation 6.1.7600.16385 msctf.dll.mui DLL de servidor MSCTF Microsoft Corporation 6.1.7600.16385 msvcrt.dll Windows NT CRT DLL Microsoft Corporation 7.0.7600.16385 mswsock.dll Provedor de serviços do Microsoft Windows Sockets 2.0 Microsoft Corporation 6.1.7600.16385 msxml3.dll MSXML 3.0 SP11 Microsoft Corporation 8.110.760.016.385 msxml3r.dll XML Resources Microsoft Corporation 8.110.760.016.385 napinsp.dll Provedor de Correção de Nomeação de Emails Microsoft Corporation 6.1.7600.16385 ncrypt.dll Biblioteca criptográfica do Windows Microsoft Corporation 6.1.7600.16385 netshell.dll Shell de conexões de rede Microsoft Corporation 6.1.7600.16385 netutils.dll Net Win32 API Helpers DLL Microsoft Corporation 6.1.7600.16385 NLAapi.dll Network Location Awareness 2 Microsoft Corporation 6.1.7600.16385 Normaliz.dll Unicode Normalization DLL Microsoft Corporation 6.1.7600.16385 npmproxy.dll Network List Manager Proxy Microsoft Corporation 6.1.7600.16385 NSI.dll NSI User-mode interface DLL Microsoft Corporation 6.1.7600.16385 ntdll.dll DLL de nível do NT Microsoft Corporation 6.1.7600.16385 ntdll.dll DLL de nível do NT Microsoft Corporation 6.1.7600.16385 ntmarta.dll Provedor MARTA do Windows NT Microsoft Corporation 6.1.7600.16385 ole32.dll Microsoft OLE para Windows e Windows NT Microsoft Corporation 6.1.7600.16385 oleaut32.dll Microsoft Corporation 6.1.7600.16385 peerdist.dll Biblioteca de Cliente do BranchCache Microsoft Corporation 6.1.7600.16385 pnrpnsp.dll PNRP Name Space Provider Microsoft Corporation 6.1.7600.16385 profapi.dll User Profile Basic API Microsoft Corporation 6.1.7600.16385 rasadhlp.dll Remote Access AutoDial Helper Microsoft Corporation 6.1.7600.16385 RASAPI32.dll Remote Access API Microsoft Corporation 6.1.7600.16385 rasman.dll Remote Access Connection Manager Microsoft Corporation 6.1.7600.16385 RPCRT4.dll Tempo de Execução da Chamada de Procedimento Remoto Microsoft Corporation 6.1.7600.16385 RpcRtRemote.dll Remote RPC Extension Microsoft Corporation 6.1.7600.16385 rsaenh.dll Microsoft Enhanced Cryptographic Provider Microsoft Corporation 6.1.7600.16385 rtutils.dll Routing Utilities Microsoft Corporation 6.1.7600.16385 schannel.DLL TLS / SSL Security Provider Microsoft Corporation 6.1.7600.16385 sechost.dll Host for SCM/SDDL/LSA Lookup APIs Microsoft Corporation 6.1.7600.16385 secur32.dll Security Support Provider Interface Microsoft Corporation 6.1.7600.16385 sensapi.dll SENS Connectivity API DLL Microsoft Corporation 6.1.7600.16385 SHELL32.dll DLL comum do Shell do Windows Microsoft Corporation 6.1.7600.16385 shfolder.dll Shell Folder Service Microsoft Corporation 6.1.7600.16385 SHLWAPI.dll Biblioteca de utilitário abreviado para Shell Microsoft Corporation 6.1.7600.16385 slc.dll Dll do Cliente de Licenciamento de Software Microsoft Corporation 6.1.7600.16385 SortDefault.nls SSDPAPI.dll SSDP Client API DLL Microsoft Corporation 6.1.7600.16385 SspiCli.dll Security Support Provider Interface Microsoft Corporation 6.1.7600.16385 StaticCache.dat SXS.DLL Fusion 2.5 Microsoft Corporation 6.1.7600.16385 upnp.dll API de Ponto de Controle UPnP Microsoft Corporation 6.1.7600.16385 urlmon.dll Extensões OLE32 para Win32 Microsoft Corporation 8.0.7600.16490 urlmon.dll.mui Extensões OLE32 para Win32 Microsoft Corporation 8.0.7600.16385 USER32.dll DLL de cliente API de usuário Windows para multiusuários Microsoft Corporation 6.1.7600.16385 USERENV.dll Userenv Microsoft Corporation 6.1.7600.16385 USP10.dll Uniscribe Unicode script processor Microsoft Corporation 1.626.760.016.385 uTorrent.exe µTorrent BitTorrent, Inc. 2.0.0.17920 uxtheme.dll Biblioteca UxTheme Microsoft Microsoft Corporation 6.1.7600.16385 VERSION.dll Version Checking and File Installation Libraries Microsoft Corporation 6.1.7600.16385 webio.dll API de Protocolos de Transferência Web Microsoft Corporation 6.1.7600.16385 WINHTTP.dll Windows HTTP Services Microsoft Corporation 6.1.7600.16385 wininet.dll Internet Extensions para Win32 Microsoft Corporation 8.0.7600.16490 winmm.dll MCI API DLL Microsoft Corporation 6.1.7600.16385 WINNSI.DLL Network Store Information RPC interface Microsoft Corporation 6.1.7600.16385 winrnr.dll LDAP RnR Provider DLL Microsoft Corporation 6.1.7600.16385 wintrust.dll Microsoft Trust Verification APIs Microsoft Corporation 6.1.7600.16385 wkscli.dll Workstation Service Client DLL Microsoft Corporation 6.1.7600.16385 WLDAP32.dll DLL da API LDAP Win32 Microsoft Corporation 6.1.7600.16385 wow64.dll Win32 Emulation on NT64 Microsoft Corporation 6.1.7600.16385 wow64cpu.dll AMD64 Wow64 CPU Microsoft Corporation 6.1.7600.16385 wow64win.dll Wow64 Console and Win32 API Logging Microsoft Corporation 6.1.7600.16385 WS2_32.dll DLL de 32 bits do Windows Socket 2.0 Microsoft Corporation 6.1.7600.16385 wship6.dll Winsock2 Helper DLL (TL/IPv6) Microsoft Corporation 6.1.7600.16385 wshtcpip.dll DLL Auxiliar Winsock2 (TL/IPv4) Microsoft Corporation 6.1.7600.16385hijack this log:Logfile of Trend Micro HijackThis v2.0.2Scan saved at 08:45:08, on 06/02/2010Platform: Unknown Windows (WinNT 6.01.3504)MSIE: Internet Explorer v8.00 (8.00.7600.16385)Boot mode: NormalRunning processes:C:\Program Files (x86)\ASUS\EPU-6 Engine\SixEngine.exeC:\Program Files (x86)\Analog Devices\SoundMAX\SoundMAX.exeC:\Program Files (x86)\Analog Devices\Core\smax4pnp.exeC:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exeC:\Program Files (x86)\Java\jre6\bin\jusched.exeC:\Program Files (x86)\Internet Explorer\iexplore.exeC:\Program Files (x86)\Internet Explorer\iexplore.exeC:\Program Files (x86)\Internet Explorer\iexplore.exeC:\PROGRA~2\FREEDO~1\fdm.exeC:\Program Files (x86)\Internet Explorer\iexplore.exeC:\Program Files (x86)\uTorrent\uTorrent.exeC:\Users\AMATTE\Desktop\Nova pasta\HijackThis.exeR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htmR1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = ftp=195.131.119.165:1080;http=195.131.119.165:1080;https=195.131.119.165:1080;socks=195.131.119.165:1080R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = F2 - REG:system.ini: UserInit=userinit.exeO2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dllO2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dllO2 - BHO: MegaIEMn - {bf00e119-21a3-4fd1-b178-3b8537e75c92} - C:\Program Files (x86)\Megaupload\Mega Manager\MegaIEMn.dllO2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files (x86)\Free Download Manager\iefdm2.dllO2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dllO4 - HKLM\..\Run: [soundMAXPnP] C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exeO4 - HKLM\..\Run: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRunO4 - HKLM\..\Run: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /minO4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbyloginO4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files (x86)\Java\jre6\bin\jusched.exe"O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')O8 - Extra context menu item: Baixar com o Free Download Manager - file://C:\Program Files (x86)\Free Download Manager\dllink.htmO8 - Extra context menu item: Baixar tudo com o Free Download Manager - file://C:\Program Files (x86)\Free Download Manager\dlall.htmO8 - Extra context menu item: Baixar vídeo com o Free Download Manager - file://C:\Program Files (x86)\Free Download Manager\dlfvideo.htmO8 - Extra context menu item: Download all with Free Download Manager - file://C:\Program Files (x86)\Free Download Manager\dlall.htmO8 - Extra context menu item: Download selecionado pelo Free Download Manager - file://C:\Program Files (x86)\Free Download Manager\dlselected.htmO8 - Extra context menu item: Download selected with Free Download Manager - file://C:\Program Files (x86)\Free Download Manager\dlselected.htmO8 - Extra context menu item: Download video with Free Download Manager - file://C:\Program Files (x86)\Free Download Manager\dlfvideo.htmO8 - Extra context menu item: Download with Free Download Manager - file://C:\Program Files (x86)\Free Download Manager\dllink.htmO8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~2\MICROS~3\OFFICE11\EXCEL.EXE/3000O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~3\OFFICE11\REFIEBAR.DLLO13 - Gopher Prefix: O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cabO16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cabO23 - Service: Andrea ADI Filters Service (AEADIFilters) - Unknown owner - C:\Windows\system32\AEADISRV.EXE (file missing)O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exeO23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exeO23 - Service: ASUS System Control Service (AsSysCtrlService) - Unknown owner - C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exeO23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exeO23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)--End of file - 8840 bytes Link to comment Share on other sites More sharing options...
bugmenot2 Posted February 8, 2010 Report Share Posted February 8, 2010 i got the same problem i also use Win7 Ultimate Here R The Logs please help:Process PID CPU Description Company NameSystem Idle Process 0 94.40 Interrupts n/a 0.37 Hardware Interrupts DPCs n/a 0.75 Deferred Procedure Calls System 4 smss.exe 272 Menedżer sesji systemu Windows Microsoft Corporationcsrss.exe 372 Proces wykonawczy klienta/serwera Microsoft Corporationwininit.exe 440 Aplikacja uruchamiania systemu Windows Microsoft Corporation services.exe 492 Usługi i aplikacja Kontroler Microsoft Corporation svchost.exe 652 Proces hosta dla usług systemu Windows Microsoft Corporation nvvsvc.exe 712 NVIDIA Driver Helper Service, Version 196.21 NVIDIA Corporation nvvsvc.exe 1300 NVIDIA Driver Helper Service, Version 196.21 NVIDIA Corporation svchost.exe 752 Proces hosta dla usług systemu Windows Microsoft Corporation svchost.exe 848 Proces hosta dla usług systemu Windows Microsoft Corporation audiodg.exe 2968 Izolacja wykresu urządzenia audio systemu Windows Microsoft Corporation svchost.exe 888 Proces hosta dla usług systemu Windows Microsoft Corporation dwm.exe 1820 Menedżer okien pulpitu Microsoft Corporation svchost.exe 916 Proces hosta dla usług systemu Windows Microsoft Corporation svchost.exe 1108 Proces hosta dla usług systemu Windows Microsoft Corporation svchost.exe 1204 Proces hosta dla usług systemu Windows Microsoft Corporation spoolsv.exe 1356 Spooler SubSystem App Microsoft Corporation svchost.exe 1396 Proces hosta dla usług systemu Windows Microsoft Corporation svchost.exe 1488 Proces hosta dla usług systemu Windows Microsoft Corporation NBService.exe 1544 Nero BackItUp Nero AG PnkBstrA.exe 1692 nvSCPAPISvr.exe 1716 Stereo Vision Control Panel API Server NVIDIA Corporation taskhost.exe 1828 Proces hosta dla zadań systemu Windows Microsoft Corporation svchost.exe 2040 Proces hosta dla usług systemu Windows Microsoft Corporation SearchIndexer.exe 2320 Indeksator programu Microsoft Windows Search Microsoft Corporation wmpnetwk.exe 2900 Usługa udostępniania w sieci programu Windows Media Player Microsoft Corporation svchost.exe 3372 Proces hosta dla usług systemu Windows Microsoft Corporation sppsvc.exe 2912 Usługa platformy ochrony oprogramowania firmy Microsoft Microsoft Corporation svchost.exe 2608 Proces hosta dla usług systemu Windows Microsoft Corporation lsass.exe 524 0.37 Local Security Authority Process Microsoft Corporation lsm.exe 532 Usługa Menedżer sesji lokalnej Microsoft Corporationcsrss.exe 448 Proces wykonawczy klienta/serwera Microsoft Corporationwinlogon.exe 548 Aplikacja logowania systemu Windows Microsoft Corporation taskmgr.exe 3704 Menedżer zadań Windows Microsoft Corporationexplorer.exe 1896 Eksplorator Windows Microsoft Corporation jusched.exe 2108 Java Update Scheduler Sun Microsystems, Inc. StikyNot.exe 2140 Sticky Notes Microsoft Corporation uTorrent.exe 3832 µTorrent BitTorrent, Inc. firefox.exe 3612 Firefox Mozilla Corporationprocexp.exe 3088 4.10 Sysinternals Process Explorer Sysinternals - www.sysinternals.comProcess: uTorrent.exe Pid: 3832Name Description Company Name Version{6AF0698E-D558-4F6E-9B3C-3716689AF493}.2.ver0x0000000000000003.db {AFBF9F1A-8EE8-4C77-AF34-C647E37CA0D9}.1.ver0x000000000000001b.db {DDF571F2-BE98-426D-8288-1A9A39C3FDA2}.2.ver0x0000000000000001.db actxprxy.dll ActiveX Interface Marshaling Library Microsoft Corporation 6.1.7600.16385ADVAPI32.dll Advanced Windows 32 Base API Microsoft Corporation 6.1.7600.16385apphelp.dll Biblioteka klienta zgodności aplikacji Microsoft Corporation 6.1.7600.16385ATL.DLL ATL Module for Windows XP (Unicode) Microsoft Corporation 3.5.2284.0AUTHZ.dll Authorization Framework Microsoft Corporation 6.1.7600.16385bcrypt.dll Windows Cryptographic Primitives Library Microsoft Corporation 6.1.7600.16385bcryptprimitives.dll Windows Cryptographic Primitives Library Microsoft Corporation 6.1.7600.16385C_1252.NLS Cabinet.dll Microsoft® Cabinet File API Microsoft Corporation 6.1.7600.16385CFGMGR32.dll Configuration Manager DLL Microsoft Corporation 6.1.7600.16385CLBCatQ.DLL COM+ Configuration Catalog Microsoft Corporation 2001.12.8530.16385COMCTL32.dll Biblioteka formantów czynności użytkownika Microsoft Corporation 6.10.7600.16385comctl32.dll.mui Biblioteka formantów czynności użytkownika Microsoft Corporation 6.10.7600.16385comdlg32.dll Plik DLL wspólnych okien dialogowych Microsoft Corporation 6.1.7600.16385credssp.dll Credential Delegation Security Package Microsoft Corporation 6.1.7600.16385CRYPT32.dll Crypto API32 Microsoft Corporation 6.1.7600.16385CRYPTBASE.dll Base cryptographic API DLL Microsoft Corporation 6.1.7600.16385cryptnet.dll Crypto Network Related API Microsoft Corporation 6.1.7600.16385CRYPTSP.dll Cryptographic Service Provider API Microsoft Corporation 6.1.7600.16385cversions.2.db cversions.2.db cversions.2.db DEVOBJ.dll Device Information Set DLL Microsoft Corporation 6.1.7600.16385DEVRTL.dll Device Management Run Time Library Microsoft Corporation 6.1.7600.16385dhcpcsvc.DLL Usługa klienta DHCP Microsoft Corporation 6.1.7600.16385dhcpcsvc6.DLL Klient DHCPv6 Microsoft Corporation 6.1.7600.16385DnsApi.dll Biblioteka DLL interfejsu API klienta usługi DNS Microsoft Corporation 6.1.7600.16385DUser.dll Windows DirectUser Engine Microsoft Corporation 6.1.7600.16385duser.dll.mui Windows DirectUser Engine Microsoft Corporation 6.1.7600.16385dwmapi.dll Interfejs API menedżera okien Microsoft Desktop Window Manager Microsoft Corporation 6.1.7600.16385FirewallAPI.dll Interfejs API Zapory systemu Windows Microsoft Corporation 6.1.7600.16385fwpuclnt.dll Interfejs API trybu użytkownika funkcji FWP/IPSec Microsoft Corporation 6.1.7600.16385GDI32.dll GDI Client DLL Microsoft Corporation 6.1.7600.16385GPAPI.dll Interfejs API klienta zasad grupy Microsoft Corporation 6.1.7600.16385hnetcfg.dll Menedżer konfiguracji sieci domowej Microsoft Corporation 6.1.7600.16385ieframe.dll Przeglądarka internetowa Microsoft Corporation 8.0.7600.16490iertutil.dll Run time utility for Internet Explorer Microsoft Corporation 8.0.7600.16385IMM32.DLL Multi-User Windows IMM32 API Client DLL Microsoft Corporation 6.1.7600.16385index.dat index.dat index.dat Iphlpapi.dll IP Helper API Microsoft Corporation 6.1.7600.16385kernel32.dll Biblioteka DLL klienta Windows NT BASE API Microsoft Corporation 6.1.7600.16385KERNELBASE.dll Biblioteka DLL klienta Windows NT BASE API Microsoft Corporation 6.1.7600.16385KernelBase.dll.mui Biblioteka DLL klienta Windows NT BASE API Microsoft Corporation 6.1.7600.16385locale.nls LPK.dll Language Pack Microsoft Corporation 6.1.7600.16385MSASN1.dll ASN.1 Runtime APIs Microsoft Corporation 6.1.7600.16415MSCTF.dll Biblioteka DLL serwera MSCTF Microsoft Corporation 6.1.7600.16385mssprxy.dll Microsoft Search Proxy Microsoft Corporation 7.0.7600.16385msvcrt.dll Windows NT CRT DLL Microsoft Corporation 7.0.7600.16385mswsock.dll Microsoft Windows Sockets 2.0 Dostawca usługi Microsoft Corporation 6.1.7600.16385msxml3.dll MSXML 3.0 SP11 Microsoft Corporation 8.110.7600.16385msxml3r.dll XML Resources Microsoft Corporation 8.110.7600.16385napinsp.dll Dostawca podkładek nazewnictwa poczty e-mail Microsoft Corporation 6.1.7600.16385ncrypt.dll Biblioteka kryptograficzna systemu Windows Microsoft Corporation 6.1.7600.16385netshell.dll Powłoka połączeń sieciowych Microsoft Corporation 6.1.7600.16385netutils.dll Net Win32 API Helpers DLL Microsoft Corporation 6.1.7600.16385nlaapi.dll Network Location Awareness 2 Microsoft Corporation 6.1.7600.16385Normaliz.dll Unicode Normalization DLL Microsoft Corporation 6.1.7600.16385npmproxy.dll Network List Manager Proxy Microsoft Corporation 6.1.7600.16385NSI.dll NSI User-mode interface DLL Microsoft Corporation 6.1.7600.16385ntdll.dll Biblioteka NT Layer DLL Microsoft Corporation 6.1.7600.16385ntmarta.dll Windows NT - dostawca MARTA Microsoft Corporation 6.1.7600.16385ole32.dll Microsoft OLE for Windows Microsoft Corporation 6.1.7600.16385OLEACC.dll Active Accessibility Core Component Microsoft Corporation 7.0.0.0oleaccrc.dll Active Accessibility Resource DLL Microsoft Corporation 7.0.0.0oleaut32.dll Microsoft Corporation 6.1.7600.16385peerdist.dll Biblioteka dll kontenera usługi BranchCache Microsoft Corporation 6.1.7600.16385pnrpnsp.dll Dostawca obszaru nazw PNRP Microsoft Corporation 6.1.7600.16385profapi.dll User Profile Basic API Microsoft Corporation 6.1.7600.16385PROPSYS.dll System właściwości firmy Microsoft Microsoft Corporation 7.0.7600.16385PSAPI.DLL Process Status Helper Microsoft Corporation 6.1.7600.16385rasadhlp.dll Remote Access AutoDial Helper Microsoft Corporation 6.1.7600.16385RASAPI32.dll Remote Access API Microsoft Corporation 6.1.7600.16385rasman.dll Remote Access Connection Manager Microsoft Corporation 6.1.7600.16385RPCRT4.dll Czas wykonania zdalnego wywoływania procedury Microsoft Corporation 6.1.7600.16385RpcRtRemote.dll Remote RPC Extension Microsoft Corporation 6.1.7600.16385rsaenh.dll Microsoft Enhanced Cryptographic Provider Microsoft Corporation 6.1.7600.16385rtutils.dll Routing Utilities Microsoft Corporation 6.1.7600.16385schannel.DLL TLS / SSL Security Provider Microsoft Corporation 6.1.7600.16385sechost.dll Host for SCM/SDDL/LSA Lookup APIs Microsoft Corporation 6.1.7600.16385secur32.dll Security Support Provider Interface Microsoft Corporation 6.1.7600.16385sensapi.dll SENS Connectivity API DLL Microsoft Corporation 6.1.7600.16385SETUPAPI.dll Interfejs API Instalatora systemu Windows Microsoft Corporation 6.1.7600.16385SHELL32.dll Wspólna biblioteka DLL Powłoki systemu Windows Microsoft Corporation 6.1.7600.16385shfolder.dll Shell Folder Service Microsoft Corporation 6.1.7600.16385SHLWAPI.dll Biblioteka dodatkowych narzędzi powłoki Microsoft Corporation 6.1.7600.16385simhook.dll Simple Hook Scott Seligman <scott@scottandmichelle.net> 1.0.0.1slc.dll Biblioteka DLL klienta usługi licencjonowania oprogramowania Microsoft Corporation 6.1.7600.16385SortDefault.nls SSDPAPI.dll SSDP Client API DLL Microsoft Corporation 6.1.7600.16385SspiCli.dll Security Support Provider Interface Microsoft Corporation 6.1.7600.16385StaticCache.dat SXS.DLL Fusion 2.5 Microsoft Corporation 6.1.7600.16385upnp.dll Interfejs API punktu kontrolnego UPnP Microsoft Corporation 6.1.7600.16385urlmon.dll Rozszerzenia OLE32 dla Win32 Microsoft Corporation 8.0.7600.16490USER32.dll Współużytkowana biblioteka DLL klienta Windows USER API Microsoft Corporation 6.1.7600.16385USERENV.dll Userenv Microsoft Corporation 6.1.7600.16385USP10.dll Uniscribe Unicode script processor Microsoft Corporation 1.626.7600.16385uTorrent.exe µTorrent BitTorrent, Inc. 2.0.0.17920uxtheme.dll Biblioteka Microsoft UxTheme Microsoft Corporation 6.1.7600.16385VERSION.dll Version Checking and File Installation Libraries Microsoft Corporation 6.1.7600.16385webio.dll Interfejs API protokołów transferu w sieci Web Microsoft Corporation 6.1.7600.16385WINHTTP.dll Usługi Windows HTTP Services Microsoft Corporation 6.1.7600.16385wininet.dll Rozszerzenia internetowe Win32 Microsoft Corporation 8.0.7600.16490WINNSI.DLL Network Store Information RPC interface Microsoft Corporation 6.1.7600.16385winrnr.dll LDAP RnR Provider DLL Microsoft Corporation 6.1.7600.16385wintrust.dll Microsoft Trust Verification APIs Microsoft Corporation 6.1.7600.16385wkscli.dll Workstation Service Client DLL Microsoft Corporation 6.1.7600.16385WLDAP32.dll Win32 LDAP API DLL Microsoft Corporation 6.1.7600.16385WS2_32.dll Biblioteka DLL 32-bitowej wersji usługi Windows Socket 2.0 Microsoft Corporation 6.1.7600.16385wship6.dll Biblioteka DLL pomocy usługi Winsock2 (TL/IPv6) Microsoft Corporation 6.1.7600.16385wshtcpip.dll Biblioteka DLL pomocy usługi Winsock2 (TL/IPv4) Microsoft Corporation 6.1.7600.16385Logfile of Trend Micro HijackThis v2.0.2Scan saved at 01:09:27, on 2010-02-08Platform: Unknown Windows (WinNT 6.01.3504)MSIE: Internet Explorer v8.00 (8.00.7600.16385)Boot mode: NormalRunning processes:C:\Windows\system32\Dwm.exeC:\Windows\system32\taskhost.exeC:\Windows\Explorer.EXEC:\Program Files\Common Files\Java\Java Update\jusched.exeC:\Windows\System32\StikyNot.exeC:\Program Files\uTorrent\uTorrent.exeC:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\system32\NOTEPAD.EXEC:\Windows\system32\SearchFilterHost.exeC:\Users\Matis\Downloads\HijackThis.exeR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dllO4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"O4 - HKCU\..\Run: [stefan] C:\Program Files\INTERIAPL\Stefan\Stefan.exeO4 - HKCU\..\Run: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exeO4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe"O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'USŁUGA LOKALNA')O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'USŁUGA LOKALNA')O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'USŁUGA SIECIOWA')O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'USŁUGA SIECIOWA')O8 - Extra context menu item: E&ksportuj do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLLO13 - Gopher Prefix: O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cabO23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exeO23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exeO23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exeO23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe--End of file - 3285 bytes Link to comment Share on other sites More sharing options...
moogly Posted February 8, 2010 Report Share Posted February 8, 2010 simhook.dll Simple Hook Scott Seligman <scott@scottandmichelle.net> 1.0.0.1It's injected into µT. What's that? Link to comment Share on other sites More sharing options...
bugmenot2 Posted February 8, 2010 Report Share Posted February 8, 2010 it its related with my communication program Stefan Link to comment Share on other sites More sharing options...
moogly Posted February 8, 2010 Report Share Posted February 8, 2010 What's it? A messenger? Link to comment Share on other sites More sharing options...
bugmenot2 Posted February 8, 2010 Report Share Posted February 8, 2010 yes. Any1 know whats going on? Link to comment Share on other sites More sharing options...
DreadWingKnight Posted February 8, 2010 Report Share Posted February 8, 2010 I want to know why it thinks it needs to inject itself in every process. Link to comment Share on other sites More sharing options...
bugmenot2 Posted February 9, 2010 Report Share Posted February 9, 2010 whats injecting itself tge dll moodly is saying about? Sorry for my bad english Link to comment Share on other sites More sharing options...
DreadWingKnight Posted February 9, 2010 Report Share Posted February 9, 2010 The DLL is hooking itself into the uTorrent process.Chances are, that messenger doesn't actually need to do so. Link to comment Share on other sites More sharing options...
bugmenot2 Posted February 9, 2010 Report Share Posted February 9, 2010 maybe idk. Any1 know how to fix that problem? Btw if downgrade to uT 1.85 all my preferences will stay the same?any1? Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.