Jump to content

uTorrent 2.0 don't close!


kamen

Recommended Posts

Since betas of version 2.0, uTorrent stils open in task maneger after close the program.

when you need re-open utorrent the warning shows up saying that and you can't close the process in task maneger (invalid operation).

i needed back to version 1.8.5 because that.

i use win 7 ultimate, without firewall and I use avira antivirus ( but I tested with avira off).

PS.: sorry my terrible english.

Link to comment
Share on other sites

explorer process list:

Process PID CPU Description Company Name

System Idle Process 0 96.21

Interrupts n/a Hardware Interrupts

DPCs n/a Deferred Procedure Calls

System 4

smss.exe 272 Gerenciador de Sessão do Windows Microsoft Corporation

csrss.exe 368 Processo do tempo de Execução do Servidor do Cliente Microsoft Corporation

wininit.exe 428 Aplicativo de Inicialização do Windows Microsoft Corporation

services.exe 476 Aplicativo de serviços e controle Microsoft Corporation

svchost.exe 652 Processo de Host para Serviços do Windows Microsoft Corporation

fdm.exe 4076 Free Download Manager FreeDownloadManager.ORG

svchost.exe 732 Processo de Host para Serviços do Windows Microsoft Corporation

atiesrxx.exe 796 AMD External Events Service Module AMD

atieclxx.exe 1124 AMD External Events Client Module AMD

svchost.exe 876 Processo de Host para Serviços do Windows Microsoft Corporation

svchost.exe 924 Processo de Host para Serviços do Windows Microsoft Corporation

dwm.exe 2020 Gerenciador de Janelas da Área de Trabalho Microsoft Corporation

svchost.exe 956 Processo de Host para Serviços do Windows Microsoft Corporation

taskeng.exe 1936 Mecanismo do Agendador de Tarefas Microsoft Corporation

SixEngine.exe 1028

svchost.exe 600 Processo de Host para Serviços do Windows Microsoft Corporation

svchost.exe 1040 Processo de Host para Serviços do Windows Microsoft Corporation

spoolsv.exe 1220 Aplicativo de subsistema de spooler Microsoft Corporation

sched.exe 1260 Antivirus Scheduler Avira GmbH

svchost.exe 1284 Processo de Host para Serviços do Windows Microsoft Corporation

AEADISRV.EXE 1404 Andrea filters APO access service (64-bit) Andrea Electronics Corporation

avguard.exe 1432 Antivirus On-Access Service Avira GmbH

AsSysCtrlService.exe 1456

svchost.exe 1488 Processo de Host para Serviços do Windows Microsoft Corporation

svchost.exe 1608 Processo de Host para Serviços do Windows Microsoft Corporation

taskhost.exe 1840 Processo de Host para Tarefas do Windows Microsoft Corporation

SearchIndexer.exe 2784 Indexador do Microsoft Windows Search Microsoft Corporation

SearchProtocolHost.exe 1084 Microsoft Windows Search Protocol Host Microsoft Corporation

SearchFilterHost.exe 728 Microsoft Windows Search Filter Host Microsoft Corporation

wmpnetwk.exe 2948 Serviço de Compartilhamento de Rede do Windows Media Player Microsoft Corporation

svchost.exe 2772 Processo de Host para Serviços do Windows Microsoft Corporation

svchost.exe 3572 Processo de Host para Serviços do Windows Microsoft Corporation

svchost.exe 3916 Processo de Host para Serviços do Windows Microsoft Corporation

lsass.exe 492 Local Security Authority Process Microsoft Corporation

lsm.exe 500 Serviço do Gerenciador de Sessão Local Microsoft Corporation

csrss.exe 452 Processo do tempo de Execução do Servidor do Cliente Microsoft Corporation

winlogon.exe 568 Aplicativo de Logon do Windows Microsoft Corporation

explorer.exe 1532 Windows Explorer Microsoft Corporation

SoundMAX.exe 2180 SoundMAX Audio Settings (32-bit) Analog Devices, Inc.

jusched.exe 2196 Java Platform SE binary Sun Microsystems, Inc.

iexplore.exe 3140 Internet Explorer Microsoft Corporation

iexplore.exe 3208 Internet Explorer Microsoft Corporation

iexplore.exe 3676 Internet Explorer Microsoft Corporation

iexplore.exe 2308 Internet Explorer Microsoft Corporation

uTorrent.exe 2592 µTorrent BitTorrent, Inc.

procexp.exe 4044 Sysinternals Process Explorer Sysinternals - www.sysinternals.com

procexp64.exe 2552 3.79 Sysinternals Process Explorer Sysinternals - www.sysinternals.com

smax4pnp.exe 2364 SMax4PNP Analog Devices, Inc.

avgnt.exe 2408 Antivirus System Tray Tool Avira GmbH

jusched.exe 2484 Java Platform SE binary Sun Microsystems, Inc.

MOM.exe 2492 Catalyst Control Center: Monitoring program Advanced Micro Devices Inc.

CCC.exe 3020 Catalyst Control Centre: Host application ATI Technologies Inc.

Process: uTorrent.exe Pid: 2592

Name Description Company Name Version

ADVAPI32.dll API de base do Windows 32 avançada Microsoft Corporation 6.1.7600.16385

ATL.DLL ATL Module for Windows XP (Unicode) Microsoft Corporation 3.5.2284.0

AUTHZ.dll Authorization Framework Microsoft Corporation 6.1.7600.16385

bcrypt.dll Windows Cryptographic Primitives Library (Wow64) Microsoft Corporation 6.1.7600.16385

bcryptprimitives.dll Windows Cryptographic Primitives Library Microsoft Corporation 6.1.7600.16385

Cabinet.dll Microsoft® Cabinet File API Microsoft Corporation 6.1.7600.16385

CLBCatQ.DLL COM+ Configuration Catalog Microsoft Corporation 2001.12.8530.16385

COMCTL32.dll Biblioteca de Controles de Experiência do Usuário Microsoft Corporation 6.10.7600.16385

comctl32.dll.mui Biblioteca de Controles de Experiência do Usuário Microsoft Corporation 6.10.7600.16385

comdlg32.dll DLL de diálogos comuns Microsoft Corporation 6.1.7600.16385

credssp.dll Credential Delegation Security Package Microsoft Corporation 6.1.7600.16385

CRYPT32.dll Crypto API32 Microsoft Corporation 6.1.7600.16385

crypt32.dll.mui Crypto API32 Microsoft Corporation 6.1.7600.16385

CRYPTBASE.dll Base cryptographic API DLL Microsoft Corporation 6.1.7600.16385

cryptnet.dll Crypto Network Related API Microsoft Corporation 6.1.7600.16385

CRYPTSP.dll Cryptographic Service Provider API Microsoft Corporation 6.1.7600.16385

DEVRTL.dll Device Management Run Time Library Microsoft Corporation 6.1.7600.16385

dhcpcsvc.DLL Serviço do Cliente DHCP Microsoft Corporation 6.1.7600.16385

dhcpcsvc6.DLL Cliente DHCPv6 Microsoft Corporation 6.1.7600.16385

DnsApi.dll DLL da API de cliente DNS Microsoft Corporation 6.1.7600.16385

DUser.dll Windows DirectUser Engine Microsoft Corporation 6.1.7600.16385

duser.dll.mui Windows DirectUser Engine Microsoft Corporation 6.1.7600.16385

dwmapi.dll Microsoft Desktop Window Manager API Microsoft Corporation 6.1.7600.16385

FirewallAPI.dll API do Firewall do Windows Microsoft Corporation 6.1.7600.16385

fwpuclnt.dll API de Modo de Usuário FWP/IPsec Microsoft Corporation 6.1.7600.16385

GDI32.dll GDI Client DLL Microsoft Corporation 6.1.7600.16385

GPAPI.dll API do Cliente da Diretiva de Grupo Microsoft Corporation 6.1.7600.16385

hnetcfg.dll Gerenciador de configurações de rede doméstica Microsoft Corporation 6.1.7600.16385

hnetcfg.dll.mui Gerenciador de configurações de rede doméstica Microsoft Corporation 6.1.7600.16385

iertutil.dll Run time utility for Internet Explorer Microsoft Corporation 8.0.7600.16385

IMM32.DLL Multi-User Windows IMM32 API Client DLL Microsoft Corporation 6.1.7600.16385

index.dat

index.dat

index.dat

Iphlpapi.dll IP Helper API Microsoft Corporation 6.1.7600.16385

kernel32.dll DLL cliente da API BASE do Windows NT Microsoft Corporation 6.1.7600.16385

KERNELBASE.dll DLL cliente da API BASE do Windows NT Microsoft Corporation 6.1.7600.16385

KernelBase.dll.mui DLL cliente da API BASE do Windows NT Microsoft Corporation 6.1.7600.16385

locale.nls

LPK.dll Language Pack Microsoft Corporation 6.1.7600.16385

MSASN1.dll ASN.1 Runtime APIs Microsoft Corporation 6.1.7600.16415

MSCTF.dll DLL de servidor MSCTF Microsoft Corporation 6.1.7600.16385

msctf.dll.mui DLL de servidor MSCTF Microsoft Corporation 6.1.7600.16385

msvcrt.dll Windows NT CRT DLL Microsoft Corporation 7.0.7600.16385

mswsock.dll Provedor de serviços do Microsoft Windows Sockets 2.0 Microsoft Corporation 6.1.7600.16385

msxml3.dll MSXML 3.0 SP11 Microsoft Corporation 8.110.760.016.385

msxml3r.dll XML Resources Microsoft Corporation 8.110.760.016.385

napinsp.dll Provedor de Correção de Nomeação de Emails Microsoft Corporation 6.1.7600.16385

ncrypt.dll Biblioteca criptográfica do Windows Microsoft Corporation 6.1.7600.16385

netshell.dll Shell de conexões de rede Microsoft Corporation 6.1.7600.16385

netutils.dll Net Win32 API Helpers DLL Microsoft Corporation 6.1.7600.16385

NLAapi.dll Network Location Awareness 2 Microsoft Corporation 6.1.7600.16385

Normaliz.dll Unicode Normalization DLL Microsoft Corporation 6.1.7600.16385

npmproxy.dll Network List Manager Proxy Microsoft Corporation 6.1.7600.16385

NSI.dll NSI User-mode interface DLL Microsoft Corporation 6.1.7600.16385

ntdll.dll DLL de nível do NT Microsoft Corporation 6.1.7600.16385

ntdll.dll DLL de nível do NT Microsoft Corporation 6.1.7600.16385

ntmarta.dll Provedor MARTA do Windows NT Microsoft Corporation 6.1.7600.16385

ole32.dll Microsoft OLE para Windows e Windows NT Microsoft Corporation 6.1.7600.16385

oleaut32.dll Microsoft Corporation 6.1.7600.16385

peerdist.dll Biblioteca de Cliente do BranchCache Microsoft Corporation 6.1.7600.16385

pnrpnsp.dll PNRP Name Space Provider Microsoft Corporation 6.1.7600.16385

profapi.dll User Profile Basic API Microsoft Corporation 6.1.7600.16385

rasadhlp.dll Remote Access AutoDial Helper Microsoft Corporation 6.1.7600.16385

RASAPI32.dll Remote Access API Microsoft Corporation 6.1.7600.16385

rasman.dll Remote Access Connection Manager Microsoft Corporation 6.1.7600.16385

RPCRT4.dll Tempo de Execução da Chamada de Procedimento Remoto Microsoft Corporation 6.1.7600.16385

RpcRtRemote.dll Remote RPC Extension Microsoft Corporation 6.1.7600.16385

rsaenh.dll Microsoft Enhanced Cryptographic Provider Microsoft Corporation 6.1.7600.16385

rtutils.dll Routing Utilities Microsoft Corporation 6.1.7600.16385

schannel.DLL TLS / SSL Security Provider Microsoft Corporation 6.1.7600.16385

sechost.dll Host for SCM/SDDL/LSA Lookup APIs Microsoft Corporation 6.1.7600.16385

secur32.dll Security Support Provider Interface Microsoft Corporation 6.1.7600.16385

sensapi.dll SENS Connectivity API DLL Microsoft Corporation 6.1.7600.16385

SHELL32.dll DLL comum do Shell do Windows Microsoft Corporation 6.1.7600.16385

shfolder.dll Shell Folder Service Microsoft Corporation 6.1.7600.16385

SHLWAPI.dll Biblioteca de utilitário abreviado para Shell Microsoft Corporation 6.1.7600.16385

slc.dll Dll do Cliente de Licenciamento de Software Microsoft Corporation 6.1.7600.16385

SortDefault.nls

SSDPAPI.dll SSDP Client API DLL Microsoft Corporation 6.1.7600.16385

SspiCli.dll Security Support Provider Interface Microsoft Corporation 6.1.7600.16385

StaticCache.dat

SXS.DLL Fusion 2.5 Microsoft Corporation 6.1.7600.16385

upnp.dll API de Ponto de Controle UPnP Microsoft Corporation 6.1.7600.16385

urlmon.dll Extensões OLE32 para Win32 Microsoft Corporation 8.0.7600.16490

urlmon.dll.mui Extensões OLE32 para Win32 Microsoft Corporation 8.0.7600.16385

USER32.dll DLL de cliente API de usuário Windows para multiusuários Microsoft Corporation 6.1.7600.16385

USERENV.dll Userenv Microsoft Corporation 6.1.7600.16385

USP10.dll Uniscribe Unicode script processor Microsoft Corporation 1.626.760.016.385

uTorrent.exe µTorrent BitTorrent, Inc. 2.0.0.17920

uxtheme.dll Biblioteca UxTheme Microsoft Microsoft Corporation 6.1.7600.16385

VERSION.dll Version Checking and File Installation Libraries Microsoft Corporation 6.1.7600.16385

webio.dll API de Protocolos de Transferência Web Microsoft Corporation 6.1.7600.16385

WINHTTP.dll Windows HTTP Services Microsoft Corporation 6.1.7600.16385

wininet.dll Internet Extensions para Win32 Microsoft Corporation 8.0.7600.16490

winmm.dll MCI API DLL Microsoft Corporation 6.1.7600.16385

WINNSI.DLL Network Store Information RPC interface Microsoft Corporation 6.1.7600.16385

winrnr.dll LDAP RnR Provider DLL Microsoft Corporation 6.1.7600.16385

wintrust.dll Microsoft Trust Verification APIs Microsoft Corporation 6.1.7600.16385

wkscli.dll Workstation Service Client DLL Microsoft Corporation 6.1.7600.16385

WLDAP32.dll DLL da API LDAP Win32 Microsoft Corporation 6.1.7600.16385

wow64.dll Win32 Emulation on NT64 Microsoft Corporation 6.1.7600.16385

wow64cpu.dll AMD64 Wow64 CPU Microsoft Corporation 6.1.7600.16385

wow64win.dll Wow64 Console and Win32 API Logging Microsoft Corporation 6.1.7600.16385

WS2_32.dll DLL de 32 bits do Windows Socket 2.0 Microsoft Corporation 6.1.7600.16385

wship6.dll Winsock2 Helper DLL (TL/IPv6) Microsoft Corporation 6.1.7600.16385

wshtcpip.dll DLL Auxiliar Winsock2 (TL/IPv4) Microsoft Corporation 6.1.7600.16385

hijack this log:

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 08:45:08, on 06/02/2010

Platform: Unknown Windows (WinNT 6.01.3504)

MSIE: Internet Explorer v8.00 (8.00.7600.16385)

Boot mode: Normal

Running processes:

C:\Program Files (x86)\ASUS\EPU-6 Engine\SixEngine.exe

C:\Program Files (x86)\Analog Devices\SoundMAX\SoundMAX.exe

C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe

C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe

C:\Program Files (x86)\Java\jre6\bin\jusched.exe

C:\Program Files (x86)\Internet Explorer\iexplore.exe

C:\Program Files (x86)\Internet Explorer\iexplore.exe

C:\Program Files (x86)\Internet Explorer\iexplore.exe

C:\PROGRA~2\FREEDO~1\fdm.exe

C:\Program Files (x86)\Internet Explorer\iexplore.exe

C:\Program Files (x86)\uTorrent\uTorrent.exe

C:\Users\AMATTE\Desktop\Nova pasta\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = ftp=195.131.119.165:1080;http=195.131.119.165:1080;https=195.131.119.165:1080;socks=195.131.119.165:1080

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

F2 - REG:system.ini: UserInit=userinit.exe

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: MegaIEMn - {bf00e119-21a3-4fd1-b178-3b8537e75c92} - C:\Program Files (x86)\Megaupload\Mega Manager\MegaIEMn.dll

O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files (x86)\Free Download Manager\iefdm2.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

O4 - HKLM\..\Run: [soundMAXPnP] C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe

O4 - HKLM\..\Run: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

O4 - HKLM\..\Run: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min

O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files (x86)\Java\jre6\bin\jusched.exe"

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')

O8 - Extra context menu item: Baixar com o Free Download Manager - file://C:\Program Files (x86)\Free Download Manager\dllink.htm

O8 - Extra context menu item: Baixar tudo com o Free Download Manager - file://C:\Program Files (x86)\Free Download Manager\dlall.htm

O8 - Extra context menu item: Baixar vídeo com o Free Download Manager - file://C:\Program Files (x86)\Free Download Manager\dlfvideo.htm

O8 - Extra context menu item: Download all with Free Download Manager - file://C:\Program Files (x86)\Free Download Manager\dlall.htm

O8 - Extra context menu item: Download selecionado pelo Free Download Manager - file://C:\Program Files (x86)\Free Download Manager\dlselected.htm

O8 - Extra context menu item: Download selected with Free Download Manager - file://C:\Program Files (x86)\Free Download Manager\dlselected.htm

O8 - Extra context menu item: Download video with Free Download Manager - file://C:\Program Files (x86)\Free Download Manager\dlfvideo.htm

O8 - Extra context menu item: Download with Free Download Manager - file://C:\Program Files (x86)\Free Download Manager\dllink.htm

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~2\MICROS~3\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~3\OFFICE11\REFIEBAR.DLL

O13 - Gopher Prefix:

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

O23 - Service: Andrea ADI Filters Service (AEADIFilters) - Unknown owner - C:\Windows\system32\AEADISRV.EXE (file missing)

O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)

O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)

O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe

O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe

O23 - Service: ASUS System Control Service (AsSysCtrlService) - Unknown owner - C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe

O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)

O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)

O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)

O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)

O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)

O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)

O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)

O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)

O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)

O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)

O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)

O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)

O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--

End of file - 8840 bytes

Link to comment
Share on other sites

i got the same problem i also use Win7 Ultimate Here R The Logs please help:

Process PID CPU Description Company Name

System Idle Process 0 94.40

Interrupts n/a 0.37 Hardware Interrupts

DPCs n/a 0.75 Deferred Procedure Calls

System 4

smss.exe 272 Menedżer sesji systemu Windows Microsoft Corporation

csrss.exe 372 Proces wykonawczy klienta/serwera Microsoft Corporation

wininit.exe 440 Aplikacja uruchamiania systemu Windows Microsoft Corporation

services.exe 492 Usługi i aplikacja Kontroler Microsoft Corporation

svchost.exe 652 Proces hosta dla usług systemu Windows Microsoft Corporation

nvvsvc.exe 712 NVIDIA Driver Helper Service, Version 196.21 NVIDIA Corporation

nvvsvc.exe 1300 NVIDIA Driver Helper Service, Version 196.21 NVIDIA Corporation

svchost.exe 752 Proces hosta dla usług systemu Windows Microsoft Corporation

svchost.exe 848 Proces hosta dla usług systemu Windows Microsoft Corporation

audiodg.exe 2968 Izolacja wykresu urządzenia audio systemu Windows Microsoft Corporation

svchost.exe 888 Proces hosta dla usług systemu Windows Microsoft Corporation

dwm.exe 1820 Menedżer okien pulpitu Microsoft Corporation

svchost.exe 916 Proces hosta dla usług systemu Windows Microsoft Corporation

svchost.exe 1108 Proces hosta dla usług systemu Windows Microsoft Corporation

svchost.exe 1204 Proces hosta dla usług systemu Windows Microsoft Corporation

spoolsv.exe 1356 Spooler SubSystem App Microsoft Corporation

svchost.exe 1396 Proces hosta dla usług systemu Windows Microsoft Corporation

svchost.exe 1488 Proces hosta dla usług systemu Windows Microsoft Corporation

NBService.exe 1544 Nero BackItUp Nero AG

PnkBstrA.exe 1692

nvSCPAPISvr.exe 1716 Stereo Vision Control Panel API Server NVIDIA Corporation

taskhost.exe 1828 Proces hosta dla zadań systemu Windows Microsoft Corporation

svchost.exe 2040 Proces hosta dla usług systemu Windows Microsoft Corporation

SearchIndexer.exe 2320 Indeksator programu Microsoft Windows Search Microsoft Corporation

wmpnetwk.exe 2900 Usługa udostępniania w sieci programu Windows Media Player Microsoft Corporation

svchost.exe 3372 Proces hosta dla usług systemu Windows Microsoft Corporation

sppsvc.exe 2912 Usługa platformy ochrony oprogramowania firmy Microsoft Microsoft Corporation

svchost.exe 2608 Proces hosta dla usług systemu Windows Microsoft Corporation

lsass.exe 524 0.37 Local Security Authority Process Microsoft Corporation

lsm.exe 532 Usługa Menedżer sesji lokalnej Microsoft Corporation

csrss.exe 448 Proces wykonawczy klienta/serwera Microsoft Corporation

winlogon.exe 548 Aplikacja logowania systemu Windows Microsoft Corporation

taskmgr.exe 3704 Menedżer zadań Windows Microsoft Corporation

explorer.exe 1896 Eksplorator Windows Microsoft Corporation

jusched.exe 2108 Java Update Scheduler Sun Microsystems, Inc.

StikyNot.exe 2140 Sticky Notes Microsoft Corporation

uTorrent.exe 3832 µTorrent BitTorrent, Inc.

firefox.exe 3612 Firefox Mozilla Corporation

procexp.exe 3088 4.10 Sysinternals Process Explorer Sysinternals - www.sysinternals.com

Process: uTorrent.exe Pid: 3832

Name Description Company Name Version

{6AF0698E-D558-4F6E-9B3C-3716689AF493}.2.ver0x0000000000000003.db

{AFBF9F1A-8EE8-4C77-AF34-C647E37CA0D9}.1.ver0x000000000000001b.db

{DDF571F2-BE98-426D-8288-1A9A39C3FDA2}.2.ver0x0000000000000001.db

actxprxy.dll ActiveX Interface Marshaling Library Microsoft Corporation 6.1.7600.16385

ADVAPI32.dll Advanced Windows 32 Base API Microsoft Corporation 6.1.7600.16385

apphelp.dll Biblioteka klienta zgodności aplikacji Microsoft Corporation 6.1.7600.16385

ATL.DLL ATL Module for Windows XP (Unicode) Microsoft Corporation 3.5.2284.0

AUTHZ.dll Authorization Framework Microsoft Corporation 6.1.7600.16385

bcrypt.dll Windows Cryptographic Primitives Library Microsoft Corporation 6.1.7600.16385

bcryptprimitives.dll Windows Cryptographic Primitives Library Microsoft Corporation 6.1.7600.16385

C_1252.NLS

Cabinet.dll Microsoft® Cabinet File API Microsoft Corporation 6.1.7600.16385

CFGMGR32.dll Configuration Manager DLL Microsoft Corporation 6.1.7600.16385

CLBCatQ.DLL COM+ Configuration Catalog Microsoft Corporation 2001.12.8530.16385

COMCTL32.dll Biblioteka formantów czynności użytkownika Microsoft Corporation 6.10.7600.16385

comctl32.dll.mui Biblioteka formantów czynności użytkownika Microsoft Corporation 6.10.7600.16385

comdlg32.dll Plik DLL wspólnych okien dialogowych Microsoft Corporation 6.1.7600.16385

credssp.dll Credential Delegation Security Package Microsoft Corporation 6.1.7600.16385

CRYPT32.dll Crypto API32 Microsoft Corporation 6.1.7600.16385

CRYPTBASE.dll Base cryptographic API DLL Microsoft Corporation 6.1.7600.16385

cryptnet.dll Crypto Network Related API Microsoft Corporation 6.1.7600.16385

CRYPTSP.dll Cryptographic Service Provider API Microsoft Corporation 6.1.7600.16385

cversions.2.db

cversions.2.db

cversions.2.db

DEVOBJ.dll Device Information Set DLL Microsoft Corporation 6.1.7600.16385

DEVRTL.dll Device Management Run Time Library Microsoft Corporation 6.1.7600.16385

dhcpcsvc.DLL Usługa klienta DHCP Microsoft Corporation 6.1.7600.16385

dhcpcsvc6.DLL Klient DHCPv6 Microsoft Corporation 6.1.7600.16385

DnsApi.dll Biblioteka DLL interfejsu API klienta usługi DNS Microsoft Corporation 6.1.7600.16385

DUser.dll Windows DirectUser Engine Microsoft Corporation 6.1.7600.16385

duser.dll.mui Windows DirectUser Engine Microsoft Corporation 6.1.7600.16385

dwmapi.dll Interfejs API menedżera okien Microsoft Desktop Window Manager Microsoft Corporation 6.1.7600.16385

FirewallAPI.dll Interfejs API Zapory systemu Windows Microsoft Corporation 6.1.7600.16385

fwpuclnt.dll Interfejs API trybu użytkownika funkcji FWP/IPSec Microsoft Corporation 6.1.7600.16385

GDI32.dll GDI Client DLL Microsoft Corporation 6.1.7600.16385

GPAPI.dll Interfejs API klienta zasad grupy Microsoft Corporation 6.1.7600.16385

hnetcfg.dll Menedżer konfiguracji sieci domowej Microsoft Corporation 6.1.7600.16385

ieframe.dll Przeglądarka internetowa Microsoft Corporation 8.0.7600.16490

iertutil.dll Run time utility for Internet Explorer Microsoft Corporation 8.0.7600.16385

IMM32.DLL Multi-User Windows IMM32 API Client DLL Microsoft Corporation 6.1.7600.16385

index.dat

index.dat

index.dat

Iphlpapi.dll IP Helper API Microsoft Corporation 6.1.7600.16385

kernel32.dll Biblioteka DLL klienta Windows NT BASE API Microsoft Corporation 6.1.7600.16385

KERNELBASE.dll Biblioteka DLL klienta Windows NT BASE API Microsoft Corporation 6.1.7600.16385

KernelBase.dll.mui Biblioteka DLL klienta Windows NT BASE API Microsoft Corporation 6.1.7600.16385

locale.nls

LPK.dll Language Pack Microsoft Corporation 6.1.7600.16385

MSASN1.dll ASN.1 Runtime APIs Microsoft Corporation 6.1.7600.16415

MSCTF.dll Biblioteka DLL serwera MSCTF Microsoft Corporation 6.1.7600.16385

mssprxy.dll Microsoft Search Proxy Microsoft Corporation 7.0.7600.16385

msvcrt.dll Windows NT CRT DLL Microsoft Corporation 7.0.7600.16385

mswsock.dll Microsoft Windows Sockets 2.0 Dostawca usługi Microsoft Corporation 6.1.7600.16385

msxml3.dll MSXML 3.0 SP11 Microsoft Corporation 8.110.7600.16385

msxml3r.dll XML Resources Microsoft Corporation 8.110.7600.16385

napinsp.dll Dostawca podkładek nazewnictwa poczty e-mail Microsoft Corporation 6.1.7600.16385

ncrypt.dll Biblioteka kryptograficzna systemu Windows Microsoft Corporation 6.1.7600.16385

netshell.dll Powłoka połączeń sieciowych Microsoft Corporation 6.1.7600.16385

netutils.dll Net Win32 API Helpers DLL Microsoft Corporation 6.1.7600.16385

nlaapi.dll Network Location Awareness 2 Microsoft Corporation 6.1.7600.16385

Normaliz.dll Unicode Normalization DLL Microsoft Corporation 6.1.7600.16385

npmproxy.dll Network List Manager Proxy Microsoft Corporation 6.1.7600.16385

NSI.dll NSI User-mode interface DLL Microsoft Corporation 6.1.7600.16385

ntdll.dll Biblioteka NT Layer DLL Microsoft Corporation 6.1.7600.16385

ntmarta.dll Windows NT - dostawca MARTA Microsoft Corporation 6.1.7600.16385

ole32.dll Microsoft OLE for Windows Microsoft Corporation 6.1.7600.16385

OLEACC.dll Active Accessibility Core Component Microsoft Corporation 7.0.0.0

oleaccrc.dll Active Accessibility Resource DLL Microsoft Corporation 7.0.0.0

oleaut32.dll Microsoft Corporation 6.1.7600.16385

peerdist.dll Biblioteka dll kontenera usługi BranchCache Microsoft Corporation 6.1.7600.16385

pnrpnsp.dll Dostawca obszaru nazw PNRP Microsoft Corporation 6.1.7600.16385

profapi.dll User Profile Basic API Microsoft Corporation 6.1.7600.16385

PROPSYS.dll System właściwości firmy Microsoft Microsoft Corporation 7.0.7600.16385

PSAPI.DLL Process Status Helper Microsoft Corporation 6.1.7600.16385

rasadhlp.dll Remote Access AutoDial Helper Microsoft Corporation 6.1.7600.16385

RASAPI32.dll Remote Access API Microsoft Corporation 6.1.7600.16385

rasman.dll Remote Access Connection Manager Microsoft Corporation 6.1.7600.16385

RPCRT4.dll Czas wykonania zdalnego wywoływania procedury Microsoft Corporation 6.1.7600.16385

RpcRtRemote.dll Remote RPC Extension Microsoft Corporation 6.1.7600.16385

rsaenh.dll Microsoft Enhanced Cryptographic Provider Microsoft Corporation 6.1.7600.16385

rtutils.dll Routing Utilities Microsoft Corporation 6.1.7600.16385

schannel.DLL TLS / SSL Security Provider Microsoft Corporation 6.1.7600.16385

sechost.dll Host for SCM/SDDL/LSA Lookup APIs Microsoft Corporation 6.1.7600.16385

secur32.dll Security Support Provider Interface Microsoft Corporation 6.1.7600.16385

sensapi.dll SENS Connectivity API DLL Microsoft Corporation 6.1.7600.16385

SETUPAPI.dll Interfejs API Instalatora systemu Windows Microsoft Corporation 6.1.7600.16385

SHELL32.dll Wspólna biblioteka DLL Powłoki systemu Windows Microsoft Corporation 6.1.7600.16385

shfolder.dll Shell Folder Service Microsoft Corporation 6.1.7600.16385

SHLWAPI.dll Biblioteka dodatkowych narzędzi powłoki Microsoft Corporation 6.1.7600.16385

simhook.dll Simple Hook Scott Seligman <scott@scottandmichelle.net> 1.0.0.1

slc.dll Biblioteka DLL klienta usługi licencjonowania oprogramowania Microsoft Corporation 6.1.7600.16385

SortDefault.nls

SSDPAPI.dll SSDP Client API DLL Microsoft Corporation 6.1.7600.16385

SspiCli.dll Security Support Provider Interface Microsoft Corporation 6.1.7600.16385

StaticCache.dat

SXS.DLL Fusion 2.5 Microsoft Corporation 6.1.7600.16385

upnp.dll Interfejs API punktu kontrolnego UPnP Microsoft Corporation 6.1.7600.16385

urlmon.dll Rozszerzenia OLE32 dla Win32 Microsoft Corporation 8.0.7600.16490

USER32.dll Współużytkowana biblioteka DLL klienta Windows USER API Microsoft Corporation 6.1.7600.16385

USERENV.dll Userenv Microsoft Corporation 6.1.7600.16385

USP10.dll Uniscribe Unicode script processor Microsoft Corporation 1.626.7600.16385

uTorrent.exe µTorrent BitTorrent, Inc. 2.0.0.17920

uxtheme.dll Biblioteka Microsoft UxTheme Microsoft Corporation 6.1.7600.16385

VERSION.dll Version Checking and File Installation Libraries Microsoft Corporation 6.1.7600.16385

webio.dll Interfejs API protokołów transferu w sieci Web Microsoft Corporation 6.1.7600.16385

WINHTTP.dll Usługi Windows HTTP Services Microsoft Corporation 6.1.7600.16385

wininet.dll Rozszerzenia internetowe Win32 Microsoft Corporation 8.0.7600.16490

WINNSI.DLL Network Store Information RPC interface Microsoft Corporation 6.1.7600.16385

winrnr.dll LDAP RnR Provider DLL Microsoft Corporation 6.1.7600.16385

wintrust.dll Microsoft Trust Verification APIs Microsoft Corporation 6.1.7600.16385

wkscli.dll Workstation Service Client DLL Microsoft Corporation 6.1.7600.16385

WLDAP32.dll Win32 LDAP API DLL Microsoft Corporation 6.1.7600.16385

WS2_32.dll Biblioteka DLL 32-bitowej wersji usługi Windows Socket 2.0 Microsoft Corporation 6.1.7600.16385

wship6.dll Biblioteka DLL pomocy usługi Winsock2 (TL/IPv6) Microsoft Corporation 6.1.7600.16385

wshtcpip.dll Biblioteka DLL pomocy usługi Winsock2 (TL/IPv4) Microsoft Corporation 6.1.7600.16385

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 01:09:27, on 2010-02-08

Platform: Unknown Windows (WinNT 6.01.3504)

MSIE: Internet Explorer v8.00 (8.00.7600.16385)

Boot mode: Normal

Running processes:

C:\Windows\system32\Dwm.exe

C:\Windows\system32\taskhost.exe

C:\Windows\Explorer.EXE

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Windows\System32\StikyNot.exe

C:\Program Files\uTorrent\uTorrent.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Windows\system32\NOTEPAD.EXE

C:\Windows\system32\SearchFilterHost.exe

C:\Users\Matis\Downloads\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"

O4 - HKCU\..\Run: [stefan] C:\Program Files\INTERIAPL\Stefan\Stefan.exe

O4 - HKCU\..\Run: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe

O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe"

O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'USŁUGA LOKALNA')

O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'USŁUGA LOKALNA')

O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'USŁUGA SIECIOWA')

O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'USŁUGA SIECIOWA')

O8 - Extra context menu item: E&ksportuj do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL

O13 - Gopher Prefix:

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe

O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe

O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe

O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

--

End of file - 3285 bytes

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...