Recommended for You:
Fix up your PC Fast

TuneUp Utilities 2012 takes out the trash: Get back long lost disk space and performance in a snap – Free Download!






You are not connected. Please login or register

SecuraGeek Forums » Malware/Threat Removal » i post the log as requested

Goto page : Previous  1, 2, 3

View previous topic View next topic Go down  Message [Page 3 of 3]

31Topic solved Re: i post the log as requested on Tue Nov 10, 2009 7:43 am

harvester


Member
Member
Logfile of HiJackFree v3.0
Scan saved at 2:42:30 μμ, on 10/11/2009
Platform: Windows Vista64 (Windows NT 6.1.7600)
MSIE: Internet Explorer v 8.0 (8.0.7600.16385)

Running processes:
C:\Windows\System32\smss.exe
C:\Windows\System32\csrss.exe
C:\Windows\System32\wininit.exe
C:\Windows\System32\csrss.exe
C:\Windows\System32\services.exe
C:\Windows\System32\lsass.exe
C:\Windows\System32\lsm.exe
C:\Windows\System32\winlogon.exe
C:\Windows\System32\svchost.exe
C:\Program Files (x86)\Faronics\Deep Freeze\Install C-0\DF5Serv.exe
C:\Windows\System32\nvvsvc.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\nvvsvc.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\System32\svchost.exe
C:\Program Files (x86)\Bonjour\mDNSResponder.exe
C:\Program Files (x86)\F-Secure\Anti-Virus\fsgk32st.exe
C:\Program Files (x86)\F-Secure\Common\FSMA32.EXE
C:\Program Files (x86)\F-Secure\Anti-Virus\fsgk32.exe
C:\Program Files (x86)\Keyboard Driver\KMWDSrv.exe
C:\Program Files (x86)\Common Files\microsoft shared\VS7DEBUG\MDM.EXE
C:\Program Files (x86)\F-Secure\Common\FSHDLL32.EXE
C:\Program Files (x86)\Common Files\PC Tools\sMonitor\StartManSvc.exe
C:\Windows\System32\dwm.exe
C:\Windows\explorer.exe
C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\F-Secure\Common\FSHDLL64.EXE
C:\Program Files (x86)\F-Secure\ORSP Client\fsorsp.exe
C:\Program Files (x86)\F-Secure\FWES\program\fsdfwd.exe
C:\Windows\System32\svchost.exe
C:\Program Files (x86)\F-Secure\Anti-Virus\fssm32.exe
C:\Program Files (x86)\Faronics\Deep Freeze\Install C-0\_$Df\FrzState2k.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Siber Systems\AI RoboForm\robotaskbaricon.exe
C:\Program Files (x86)\F-Secure\Anti-Virus\fsav32.exe
C:\Program Files (x86)\uTorrent\uTorrent.exe
C:\Program Files (x86)\TurboLaunch\TurboLaunch.exe
C:\Program Files (x86)\F-Secure\Common\FSM32.EXE
C:\Program Files (x86)\Common Files\PC Tools\sMonitor\SSDMonitor.exe
C:\Program Files (x86)\Registry Mechanic\RegMech.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Windows\System32\svchost.exe
C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
C:\Windows\System32\wuauclt.exe
C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files\Windows Defender\MpCmdRun.exe
C:\Program Files (x86)\a-squared HiJackFree\a2hijackfree.exe
C:\Windows\SysWOW64\dllhost.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
O2 - BHO: ZoneAlarm Toolbar Registrar - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} -
O2 - BHO: Βοηθός εισόδου του Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: - {AE7CD045-E861-484f-8273-0445EE161910} -
O2 - BHO: Browsing Protection Class - {C6867EB7-8350-4856-877F-93CF8AE3DC9C} - C:\Program Files (x86)\F-Secure\NRS\iescript\baselitmus.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
O3 - Toolbar: ZoneAlarm Toolbar - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} -
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: Browsing Protection Toolbar - {265EEE8E-3228-44D3-AEA5-F7FDF5860049} - C:\Program Files (x86)\F-Secure\NRS\iescript\baselitmus.dll
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files (x86)\F-Secure\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files (x86)\F-Secure\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [SSDMonitor] C:\Program Files (x86)\Common Files\PC Tools\sMonitor\SSDMonitor.exe
O4 - HKLM\..\Run: [RoboForm] "C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
O4 - HKLM\..\Run: [uTorrent] "C:\Program Files (x86)\uTorrent\uTorrent.exe"
O4 - HKLM\..\Run: [RegistryMechanic] C:\Program Files (x86)\Registry Mechanic\rmtray.exe /H
O7 - Regedit - Enabled
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Customize Menu - file://C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: Fill Forms - file://C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O8 - Extra context menu item: RoboForm Toolbar - file://C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O8 - Extra context menu item: Save Forms - file://C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O8 - Extra context menu item: Set Fields - file://C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComSetFields.html
O8 - Extra context menu item: Ε&ξαγωγή στο Microsoft Excel - res://C:\PROGRA~2\MICROS~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Προσθήκη στο ιστολόγιο - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra "Tools" menuitem: &Προσθήκη στο ιστολόγιο στο Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
O9 - Extra "Tools" menuitem: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
O9 - Extra "Tools" menuitem: Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
O9 - Extra "Tools" menuitem: RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
O9 - Extra button: Έρευνα - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\OFFICE11\REFBAR.ICO
O10 - Unknown file in Winsock LSP: C:\Program Files (x86)\F-Secure\FSPS\program\FSLSP.DLL
O10 - Unknown file in Winsock LSP: C:\Program Files (x86)\F-Secure\FSPS\program\FSLSP.DLL
O10 - Unknown file in Winsock LSP: C:\Program Files (x86)\F-Secure\FSPS\program\FSLSP.DLL
O10 - Unknown file in Winsock LSP: C:\Program Files (x86)\F-Secure\FSPS\program\FSLSP.DLL
O10 - Unknown file in Winsock LSP: C:\Program Files (x86)\F-Secure\FSPS\program\FSLSP.DLL
O10 - Unknown file in Winsock LSP: C:\Program Files (x86)\F-Secure\FSPS\program\FSLSP.DLL
O10 - Unknown file in Winsock LSP: C:\Program Files (x86)\F-Secure\FSPS\program\FSLSP.DLL
O10 - Unknown file in Winsock LSP: C:\Program Files (x86)\F-Secure\FSPS\program\FSLSP.DLL
O10 - Unknown file in Winsock LSP: C:\Program Files (x86)\F-Secure\FSPS\program\FSLSP.DLL
O10 - Unknown file in Winsock LSP: C:\Program Files (x86)\F-Secure\FSPS\program\FSLSP.DLL
O10 - Unknown file in Winsock LSP: C:\Program Files (x86)\F-Secure\FSPS\program\FSLSP.DLL
O14 - IERESET.INF: SearchAssistant=
O14 - IERESET.INF: CustomizeSearch=
O21 - ShellServiceObjectDelayLoad: WebCheck -
O23 - Service: Application Experience Service - C:\Windows\system32\svchost.exe
O23 - Service: Υπηρεσία πύλης επιπέδου εφαρμογής - C:\Windows\System32\alg.exe
O23 - Service: Υπηρεσία ταυτότητας εφαρμογής - C:\Windows\system32\svchost.exe
O23 - Service: Υπηρεσία πληροφοριών εφαρμογής - C:\Windows\system32\svchost.exe
O23 - Service: AppMgmt - C:\Windows\system32\svchost.exe
O23 - Service: Υπηρεσία ήχου των Windows - C:\Windows\System32\svchost.exe
O23 - Service: Υπηρεσία ήχου των Windows - C:\Windows\System32\svchost.exe
O23 - Service: Υπηρεσία προγράμματος εγκατάστασης ActiveX - C:\Windows\system32\svchost.exe
O23 - Service: Υπηρεσία BDE - C:\Windows\System32\svchost.exe
O23 - Service: Υπηρεσία έξυπνης μεταφοράς στο παρασκήνιο - C:\Windows\System32\svchost.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## - C:\Program Files (x86)\Bonjour\mDNSResponder.exe
O23 - Service: DLL υπηρεσίας προγράμματος περιήγησης υπολογιστή - C:\Windows\System32\svchost.exe
O23 - Service: Υπηρεσία υποστήριξης Bluetooth - C:\Windows\system32\svchost.exe
O23 - Service: Υπηρεσία μεταβίβασης πιστοποιητικών έξυπνης κάρτας της Microsoft - C:\Windows\system32\svchost.exe
O23 - Service: Microsoft .NET Framework NGEN v2.0.50727_X86 - C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
O23 - Service: Microsoft .NET Framework NGEN v2.0.50727_X64 - C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
O23 - Service: COMSysApp - C:\Windows\system32\dllhost.exe
O23 - Service: Υπηρεσίες κρυπτογράφησης - C:\Windows\system32\svchost.exe
O23 - Service: DLL Υπηρεσίας CSC - C:\Windows\System32\svchost.exe
O23 - Service: DF5Serv - C:\Program Files (x86)\Faronics\Deep Freeze\Install C-0\DF5Serv.exe
O23 - Service: Υπηρεσία προγράμματος-πελάτη DHCP - C:\Windows\system32\svchost.exe
O23 - Service: DLL προγράμματος-πελάτη API DNS - C:\Windows\system32\svchost.exe
O23 - Service: Υπηρεσία αυτόματης ρύθμισης ενσύρματων παραμέτρων - C:\Windows\system32\svchost.exe
O23 - Service: Υπηρεσία Microsoft EAPHost - C:\Windows\System32\svchost.exe
O23 - Service: Υπηρεσία EFS - C:\Windows\System32\lsass.exe
O23 - Service: Υπηρεσία Windows Media Center Receiver - C:\Windows\ehome\ehRecvr.exe
O23 - Service: Υπηρεσία χρονοδιαγράμματος Windows Media Center - C:\Windows\ehome\ehsched.exe
O23 - Service: Υπηρεσία καταγραφής συμβάντων - C:\Windows\System32\svchost.exe
O23 - Service: EventSystem - C:\Windows\system32\svchost.exe
O23 - Service: FSGKHS - C:\Program Files (x86)\F-Secure\Anti-Virus\fsgk32st.exe
O23 - Service: Υπηρεσία Κεντρικού υπολογιστή παροχής εντοπισμού λειτουργιών - C:\Windows\system32\svchost.exe
O23 - Service: Υπηρεσία δημοσίευσης πόρων εντοπισμού λειτουργιών - C:\Windows\system32\svchost.exe
O23 - Service: FLEXnet Licensing Service - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Υπηρεσία cache γραμματοσειρών των Windows - C:\Windows\system32\svchost.exe
O23 - Service: Κεντρικός υπολογιστής Windows Presentation Foundation - C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon - C:\Program Files (x86)\F-Secure\FWES\Program\fsdfwd.exe
O23 - Service: F-Secure Management Agent - C:\Program Files (x86)\F-Secure\Common\FSMA32.EXE
O23 - Service: F-Secure ORSP Client - C:\Program Files (x86)\F-Secure\ORSP Client\fsorsp.exe
O23 - Service: Υπηρεσία Οικογενειακής ασφάλειας του Windows Live - C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe
O23 - Service: Υπηρεσία HID - C:\Windows\system32\svchost.exe
O23 - Service: Υπηρεσία διαχείρισης κλειδιών - C:\Windows\System32\svchost.exe
O23 - Service: Οικιακή ομάδα των Windows - C:\Windows\System32\svchost.exe
O23 - Service: Οικιακή ομάδα των Windows - C:\Windows\System32\svchost.exe
O23 - Service: Service Model Installer Resource Library - C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
O23 - Service: Επέκταση IKE - C:\Windows\system32\svchost.exe
O23 - Service: PnP-X DLL Απαρίθμησης διαύλου IP - C:\Windows\system32\svchost.exe
O23 - Service: Υπηρεσία που προσφέρει συνδεσιμότητα IPv6 σε δίκτυο IPv4. - C:\Windows\System32\svchost.exe
O23 - Service: KeyIso - C:\Windows\system32\lsass.exe
O23 - Service: Keyboard And Mouse Communication Service - C:\Program Files (x86)\Keyboard Driver\KMWDSrv.exe
O23 - Service: KtmRm - C:\Windows\System32\svchost.exe
O23 - Service: DLL υπηρεσίας διακομιστή - C:\Windows\system32\svchost.exe
O23 - Service: DLL υπηρεσίας σταθμού εργασίας - C:\Windows\System32\svchost.exe
O23 - Service: Πόροι εντοπισμού τοπολογίας σύνδεσης-επιπέδου - C:\Windows\System32\svchost.exe
O23 - Service: DLL υπηρεσιών μεταφοράς TCPIP NetBios - C:\Windows\system32\svchost.exe
O23 - Service: Πόροι Media Center - C:\Windows\system32\svchost.exe
O23 - Service: Machine Debug Manager - C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
O23 - Service: Υπηρεσία χρονοδιαγράμματος κλάσης πολυμέσων - C:\Windows\system32\svchost.exe
O23 - Service: API Τείχους προστασίας των Windows - C:\Windows\system32\svchost.exe
O23 - Service: MSDTC - C:\Windows\System32\msdtc.exe
O23 - Service: API εντοπισμού iSCSI - C:\Windows\system32\svchost.exe
O23 - Service: Windows® Installer International Messages - C:\Windows\system32\msiexec.exe
O23 - Service: Χρόνος εκτέλεσης υπηρεσίας παράγοντα καραντίνας - C:\Windows\System32\svchost.exe
O23 - Service: DLL υπηρεσιών σύνδεσης στο δίκτυο - C:\Windows\system32\lsass.exe
O23 - Service: Διαχείριση συνδέσεων δικτύου - C:\Windows\System32\svchost.exe
O23 - Service: Διαχείριση λίστας δικτύων - C:\Windows\System32\svchost.exe
O23 - Service: Service Model Installer Resource Library - C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
O23 - Service: Network Location Awareness 2 - C:\Windows\System32\svchost.exe
O23 - Service: Διακομιστής RPC διασύνδεσης αποθήκευσης δικτύου - C:\Windows\system32\svchost.exe
O23 - Service: NVIDIA Display Driver Service - C:\Windows\system32\nvvsvc.exe
O23 - Service: Office Source Engine - C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
O23 - Service: DLL υπηρεσίας PNRP - C:\Windows\System32\svchost.exe
O23 - Service: Υπηρεσίες ομοτίμων - C:\Windows\System32\svchost.exe
O23 - Service: Υπηρεσία βοηθού συμβατότητας προγράμματος - C:\Windows\system32\svchost.exe
O23 - Service: PC Tools Startup and Shutdown Monitor service - C:\Program Files (x86)\Common Files\PC Tools\sMonitor\StartManSvc.exe
O23 - Service: Υπηρεσία BranchCache - C:\Windows\System32\svchost.exe
O23 - Service: x86 Κεντρικός υπολογιστής μετρητή επιδόσεων - C:\Windows\SysWow64\perfhost.exe
O23 - Service: Αρχεία καταγραφής επιδόσεων και ειδοποιήσεις - C:\Windows\System32\svchost.exe
O23 - Service: Υπηρεσία Τοποθέτησης και άμεσης λειτουργίας χρήστη - C:\Windows\system32\svchost.exe
O23 - Service: DLL αυτόματης υπηρεσίας PNRP - C:\Windows\System32\svchost.exe
O23 - Service: DLL υπηρεσίας PNRP - C:\Windows\System32\svchost.exe
O23 - Service: DLL αποθήκευσης πολιτικών - C:\Windows\system32\svchost.exe
O23 - Service: Υπηρεσία ενέργειας σε λειτουργία χρήστη - C:\Windows\system32\svchost.exe
O23 - Service: ProfSvc - C:\Windows\system32\svchost.exe
O23 - Service: Προεπιλεγμένη υπηρεσία παροχής προστατευμένου χώρου αποθήκευσης - C:\Windows\system32\lsass.exe
O23 - Service: Windows NT - C:\Windows\\system32\svchost.exe
O23 - Service: Διαχείριση Αυτόματης κλήσης απομακρυσμένης πρόσβασης - C:\Windows\System32\svchost.exe
O23 - Service: Διαχείριση συνδέσεων απομακρυσμένης πρόσβασης - C:\Windows\System32\svchost.exe
O23 - Service: Διαχειριστής δυναμικής διασύνδεσης - C:\Windows\System32\svchost.exe
O23 - Service: RemoteRegistry - C:\Windows\system32\svchost.exe
O23 - Service: Πρόγραμμα αντιστοίχισης τελικών σημείων RPC - C:\Windows\system32\svchost.exe
O23 - Service: Εντοπισμός Rpc - C:\Windows\system32\locator.exe
O23 - Service: Υπηρεσία Χρονοδιαγράμματος εργασιών - C:\Windows\system32\svchost.exe
O23 - Service: Υπηρεσία μεταβίβασης πιστοποιητικών έξυπνης κάρτας της Microsoft - C:\Windows\system32\svchost.exe
O23 - Service: Υπηρεσία δημιουργίας αντιγράφων ασφαλείας των Microsoft® Windows - C:\Windows\system32\svchost.exe
O23 - Service: SeaPort - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
O23 - Service: Υπηρεσία ειδοποίησης συμβάντων συστήματος (SENS) - C:\Windows\system32\svchost.exe
O23 - Service: Υπηρεσία φωτός περιβάλλοντος των Microsoft Windows - C:\Windows\system32\svchost.exe
O23 - Service: ServiceLayer - C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Υπηρεσία ρύθμισης παραμέτρων Απομακρυσμένης επιφάνειας εργασίας - C:\Windows\System32\svchost.exe
O23 - Service: Στοιχεία βοηθητικής εφαρμογής NAT Microsoft - C:\Windows\System32\svchost.exe
O23 - Service: Dll υπηρεσιών κελύφους των Windows - C:\Windows\System32\svchost.exe
O23 - Service: SmartLinkService - slmdmsr.exe
O23 - Service: Παγίδευση SNMP - C:\Windows\System32\snmptrap.exe
O23 - Service: Υπηρεσία πλατφόρμας προστασίας λογισμικού της Microsoft - C:\Windows\system32\sppsvc.exe
O23 - Service: Υπηρεσία ειδοποίησης SPP - C:\Windows\system32\svchost.exe
O23 - Service: DLL υπηρεσίας SSDP - C:\Windows\system32\svchost.exe
O23 - Service: Παρέχει τη δυνατότητα χρήσης του πρωτοκόλλου SSTP (Secure Socket Tunneling Protocol) για σύνδεση σε απομακρυσμένους υπολογιστές (με χρήση VPN). - C:\Windows\system32\svchost.exe
O23 - Service: Υπηρεσία συσκευών σταθερού ειδώλου - C:\Windows\system32\svchost.exe
O23 - Service: Υπηρεσία παροχής λογισμικού της υπηρεσίας σκιωδών αντιγράφων τόμου της Microsoft® - C:\Windows\System32\svchost.exe
O23 - Service: Κεντρικός υπολογιστής υπηρεσίας superfetch - C:\Windows\system32\svchost.exe
O23 - Service: Υπηρεσία εισόδου δεδομένων Microsoft Tablet PC - C:\Windows\System32\svchost.exe
O23 - Service: Διακομιστής Τηλεφωνίας των Microsoft® Windows(ΤΜ) - C:\Windows\System32\svchost.exe
O23 - Service: Υπηρεσία TBS - C:\Windows\System32\svchost.exe
O23 - Service: Διαχείριση απομακρυσμένης σύνδεσης Διακομιστή κεντρικού υπολογιστή περιόδου λειτουργίας Απομακρυσμένης επιφάνειας εργασίας - C:\Windows\System32\svchost.exe
O23 - Service: Dll υπηρεσίας θεμάτων κελύφους των Windows - C:\Windows\System32\svchost.exe
O23 - Service: Υπηρεσία χρονοδιαγράμματος κλάσης πολυμέσων - C:\Windows\system32\svchost.exe
O23 - Service: Εντοπισμός αλληλεπιδραστικών υπηρεσιών - C:\Windows\system32\UI0Detect.exe
O23 - Service: Υπηρεσία ανακατεύθυνσης συσκευής Διακομιστή κεντρικού υπολογιστή περιόδου λειτουργίας Απομακρυσμένης επιφάνειας εργασίας - C:\Windows\System32\svchost.exe
O23 - Service: Κεντρικός υπολογιστής συσκευής Τοποθέτησης και Άμεσης Λειτουργίας γενικής χρήσης - C:\Windows\system32\svchost.exe
O23 - Service: Διαχείριση παραθύρων επιφάνειας εργασίας - C:\Windows\System32\svchost.exe
O23 - Service: Υπηρεσία διαχείρισης διαπιστευτηρίων - C:\Windows\system32\lsass.exe
O23 - Service: Υπηρεσία εικονικού δίσκου - C:\Windows\System32\vds.exe
O23 - Service: Υπηρεσία σκιωδών αντιγράφων τόμου της Microsoft® - C:\Windows\system32\vssvc.exe
O23 - Service: Υπηρεσία ώρας των Windows - C:\Windows\system32\svchost.exe
O23 - Service: Εκτελέσιμο αρχείο υπηρεσίας μηχανισμού δημιουργίας αντιγράφων ασφαλείας σε επίπεδο μπλοκ της Microsoft® - C:\Windows\system32\wbengine.exe
O23 - Service: Βιομετρική υπηρεσία Windows - C:\Windows\system32\svchost.exe
O23 - Service: Windows Connect Now - Config Registrar Service - C:\Windows\System32\svchost.exe
O23 - Service: WcsPlugInService DLL - C:\Windows\system32\svchost.exe
O23 - Service: DLL υπηρεσίας Web DAV - C:\Windows\system32\svchost.exe
O23 - Service: Υπηρεσία συλλογής συμβάντων - C:\Windows\system32\svchost.exe
O23 - Service: Αναφορές και λύσεις προβλημάτων - C:\Windows\System32\svchost.exe
O23 - Service: Υπηρεσία αναφοράς σφαλμάτων των Windows - C:\Windows\System32\svchost.exe
O23 - Service: WinDefend - C:\Windows\System32\svchost.exe
O23 - Service: Υπηρεσίες Windows HTTP - C:\Windows\system32\svchost.exe
O23 - Service: WMI - C:\Windows\system32\svchost.exe
O23 - Service: Υπηρεσία WSMan - C:\Windows\System32\svchost.exe
O23 - Service: DLL υπηρεσίας αυτόματης διαμόρφωσης Windows WLAN - C:\Windows\system32\svchost.exe
O23 - Service: Windows Live ID Sign-in Assistant - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
O23 - Service: WMI Performance Reverse Adapter - C:\Windows\system32\wbem\WmiApSrv.exe
O23 - Service: WMPNetworkSvc - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe
O23 - Service: Υπηρεσία φιλτραρίσματος WPC - C:\Windows\system32\svchost.exe
O23 - Service: Απαρίθμηση φορητής συσκευής - C:\Windows\system32\svchost.exe
O23 - Service: Υπηρεσία Windows Security Center - C:\Windows\System32\svchost.exe
O23 - Service: Microsoft Windows Search Indexer - C:\Windows\system32\SearchIndexer.exe
O23 - Service: Windows Update Agent - C:\Windows\system32\svchost.exe
O23 - Service: Υποδομή Προγραμμάτων Οδήγησης των Windows - Υπηρεσία πλαισίου προγράμματος οδήγησης λειτουργίας χρήστη - C:\Windows\system32\svchost.exe
O23 - Service: Υπηρεσία αυτόματης ρύθμισης παραμέτρων WWAN - C:\Windows\system32\svchost.exe

32Topic solved Re: i post the log as requested on Tue Nov 10, 2009 10:23 am

DragonMaster Jay


Site Owner
Site Owner
Ok.

One last check here for these system files:

Please download or Open SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1
Download Mirror #2

  • Double-click SystemLook.exe to run it.
  • Copy the content of the following codebox into the main textfield:
    Code:

    :filefind
    alg.exe
    lsass.exe
    efssvc.dll
    fxsresm.dll
    fxssvc.exe
    keyiso.dll
    comres.dll
    msdtc.exe
    netlogon.dll
    nvvsvc.exe
    psbase.dll
    locator.exe
    samsrv.dll
    snmptrap.exe
    spoolsv.exe
    sppsvc.exe
    UI0Detect.exe
    vaultsvc.dll
    vds.exe
    vssvc.exe
    wbengine.exe
    WmiApSrv.exe
    wmpnetwk.exe


  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt


..........................................................
DragonMaster Jay
Administrative Director SecuraGeek Association
Advanced Malware Analysts Group Owner


Kaspersky E-Store Kaspersky Anti-Virus 2012: Click Here

Contribute/donate to our site

33Topic solved Re: i post the log as requested on Tue Nov 10, 2009 10:33 am

harvester


Member
Member
SystemLook v1.0 by jpshortstuff (29.08.09)
Log created at 17:28 on 10/11/2009 by kostas (Administrator - Elevation successful)

========== filefind ==========

Searching for "alg.exe"
C:\Windows\winsxs\amd64_microsoft-windows-alg_31bf3856ad364e35_6.1.7600.16385_none_04de43c774cf8fe3\alg.exe --a--- 79360 bytes [00:08 14/07/2009] [01:38 14/07/2009] 3290D6946B5E30E70414990574883DDB

Searching for "lsass.exe"
C:\$WINDOWS.~BT\Windows\System32\lsass.exe --a--- 31232 bytes [23:20 13/07/2009] [01:39 14/07/2009] 0793F40B9B8A1BDD266296409DBD91EA
C:\$WINDOWS.~BT\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7600.16385_none_023f7c69767c3edd\lsass.exe --a--- 31232 bytes [23:20 13/07/2009] [01:39 14/07/2009] 0793F40B9B8A1BDD266296409DBD91EA
C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7600.16385_none_023f7c69767c3edd\lsass.exe --a--- 31232 bytes [23:20 13/07/2009] [01:39 14/07/2009] 0793F40B9B8A1BDD266296409DBD91EA

Searching for "efssvc.dll"
C:\$WINDOWS.~BT\Windows\System32\efssvc.dll --a--- 37376 bytes [23:50 13/07/2009] [01:40 14/07/2009] 0C043B0ABBB5E14E68906AB80365395B
C:\$WINDOWS.~BT\Windows\winsxs\amd64_microsoft-windows-efs-service_31bf3856ad364e35_6.1.7600.16385_none_b239b5ae3e6d5dc3\efssvc.dll --a--- 37376 bytes [23:50 13/07/2009] [01:40 14/07/2009] 0C043B0ABBB5E14E68906AB80365395B
C:\Windows\winsxs\amd64_microsoft-windows-efs-service_31bf3856ad364e35_6.1.7600.16385_none_b239b5ae3e6d5dc3\efssvc.dll --a--- 37376 bytes [23:50 13/07/2009] [01:40 14/07/2009] 0C043B0ABBB5E14E68906AB80365395B

Searching for "fxsresm.dll"
C:\Windows\System32\FXSRESM.dll --a--- 925184 bytes [00:15 14/07/2009] [01:05 14/07/2009] C4096CA42199428B3D63DC206C197F0E
C:\Windows\SysWOW64\FXSRESM.dll --a--- 925184 bytes [00:15 14/07/2009] [01:05 14/07/2009] C4096CA42199428B3D63DC206C197F0E
C:\Windows\winsxs\amd64_microsoft-windows-fax-common_31bf3856ad364e35_6.1.7600.16385_none_67f9a0906a518e42\FXSRESM.dll --a--- 925184 bytes [00:36 14/07/2009] [01:27 14/07/2009] C8E8B8239FCF17BEA10E751BE5854631
C:\Windows\winsxs\wow64_microsoft-windows-fax-common_31bf3856ad364e35_6.1.7600.16385_none_724e4ae29eb2503d\FXSRESM.dll --a--- 925184 bytes [00:15 14/07/2009] [01:05 14/07/2009] C4096CA42199428B3D63DC206C197F0E

Searching for "fxssvc.exe"
C:\Windows\winsxs\amd64_microsoft-windows-fax-service_31bf3856ad364e35_6.1.7600.16385_none_09188b6499fa7318\FXSSVC.exe --a--- 689152 bytes [00:36 14/07/2009] [01:39 14/07/2009] D607B2F1BEE3992AA6C2C92C0A2F0855

Searching for "keyiso.dll"
C:\$WINDOWS.~BT\Windows\System32\keyiso.dll --a--- 29184 bytes [23:49 13/07/2009] [01:41 14/07/2009] F9EC845C5EECF20E9A67F9F805F2EF1F
C:\$WINDOWS.~BT\Windows\winsxs\amd64_microsoft-windows-s..ty-cng-keyisolation_31bf3856ad364e35_6.1.7600.16385_none_20318e130fcade6a\keyiso.dll --a--- 29184 bytes [23:49 13/07/2009] [01:41 14/07/2009] F9EC845C5EECF20E9A67F9F805F2EF1F
C:\Windows\System32\keyiso.dll --a--- 19456 bytes [23:32 13/07/2009] [01:15 14/07/2009] AF75DBA674E55221B7A055B0A4345F16
C:\Windows\SysWOW64\keyiso.dll --a--- 19456 bytes [23:32 13/07/2009] [01:15 14/07/2009] AF75DBA674E55221B7A055B0A4345F16
C:\Windows\winsxs\amd64_microsoft-windows-s..ty-cng-keyisolation_31bf3856ad364e35_6.1.7600.16385_none_20318e130fcade6a\keyiso.dll --a--- 29184 bytes [23:49 13/07/2009] [01:41 14/07/2009] F9EC845C5EECF20E9A67F9F805F2EF1F
C:\Windows\winsxs\wow64_microsoft-windows-s..ty-cng-keyisolation_31bf3856ad364e35_6.1.7600.16385_none_2a863865442ba065\keyiso.dll --a--- 19456 bytes [23:32 13/07/2009] [01:15 14/07/2009] AF75DBA674E55221B7A055B0A4345F16

Searching for "comres.dll"
C:\$WINDOWS.~BT\Windows\System32\comres.dll --a--- 1297408 bytes [23:59 13/07/2009] [01:26 14/07/2009] 1A47D52E303B7543E4E6026595B95422
C:\$WINDOWS.~BT\Windows\winsxs\amd64_microsoft-windows-com-complus.res_31bf3856ad364e35_6.1.7600.16385_none_88a5cc7effe2dfca\comres.dll --a--- 1297408 bytes [23:59 13/07/2009] [01:26 14/07/2009] 1A47D52E303B7543E4E6026595B95422
C:\Windows\System32\comres.dll --a--- 1297408 bytes [23:44 13/07/2009] [01:04 14/07/2009] 808D8A8B2A3074002852BC856D419576
C:\Windows\SysWOW64\comres.dll --a--- 1297408 bytes [23:44 13/07/2009] [01:04 14/07/2009] 808D8A8B2A3074002852BC856D419576
C:\Windows\winsxs\amd64_microsoft-windows-com-complus.res_31bf3856ad364e35_6.1.7600.16385_none_88a5cc7effe2dfca\comres.dll --a--- 1297408 bytes [23:59 13/07/2009] [01:26 14/07/2009] 1A47D52E303B7543E4E6026595B95422
C:\Windows\winsxs\x86_microsoft-windows-com-complus.res_31bf3856ad364e35_6.1.7600.16385_none_2c8730fb47856e94\comres.dll --a--- 1297408 bytes [23:44 13/07/2009] [01:04 14/07/2009] 808D8A8B2A3074002852BC856D419576

Searching for "msdtc.exe"
C:\Windows\winsxs\amd64_microsoft-windows-com-dtc-runtime_31bf3856ad364e35_6.1.7600.16385_none_7547f48c79b40229\msdtc.exe --a--- 141824 bytes [23:59 13/07/2009] [01:39 14/07/2009] DE0ECE52236CFA3ED2DBFC03F28253A8

Searching for "netlogon.dll"
C:\$WINDOWS.~BT\Windows\System32\netlogon.dll --a--- 692736 bytes [23:53 13/07/2009] [01:41 14/07/2009] 956D030D375F207B22FB111E06EF9C35
C:\$WINDOWS.~BT\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_59aca8ea51aaeefe\netlogon.dll --a--- 692736 bytes [23:53 13/07/2009] [01:41 14/07/2009] 956D030D375F207B22FB111E06EF9C35
C:\Windows\System32\netlogon.dll --a--- 563712 bytes [23:38 13/07/2009] [01:16 14/07/2009] EAA75D9000B71F10EEC04D2AE6C60E81
C:\Windows\SysWOW64\netlogon.dll --a--- 563712 bytes [23:38 13/07/2009] [01:16 14/07/2009] EAA75D9000B71F10EEC04D2AE6C60E81
C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_59aca8ea51aaeefe\netlogon.dll --a--- 692736 bytes [23:53 13/07/2009] [01:41 14/07/2009] 956D030D375F207B22FB111E06EF9C35
C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_6401533c860bb0f9\netlogon.dll --a--- 563712 bytes [23:38 13/07/2009] [01:16 14/07/2009] EAA75D9000B71F10EEC04D2AE6C60E81

Searching for "nvvsvc.exe"
No files found.

Searching for "psbase.dll"
C:\Windows\System32\psbase.dll --a--- 50688 bytes [23:32 13/07/2009] [01:16 14/07/2009] 274992D0945889A6B56D0E1BD4288A6E
C:\Windows\SysWOW64\psbase.dll --a--- 50688 bytes [23:32 13/07/2009] [01:16 14/07/2009] 274992D0945889A6B56D0E1BD4288A6E
C:\Windows\winsxs\amd64_microsoft-windows-s..ty-protectedstorage_31bf3856ad364e35_6.1.7600.16385_none_a43e06414a0fcb4b\psbase.dll --a--- 52224 bytes [23:49 13/07/2009] [01:41 14/07/2009] AB95FBAE4F9A5A56B177CEC427B2B35E
C:\Windows\winsxs\wow64_microsoft-windows-s..ty-protectedstorage_31bf3856ad364e35_6.1.7600.16385_none_ae92b0937e708d46\psbase.dll --a--- 50688 bytes [23:32 13/07/2009] [01:16 14/07/2009] 274992D0945889A6B56D0E1BD4288A6E

Searching for "locator.exe"
C:\Windows\winsxs\amd64_microsoft-windows-rpc-locator_31bf3856ad364e35_6.1.7600.16385_none_2b2984d40648fbe7\Locator.exe --a--- 10240 bytes [23:59 13/07/2009] [01:39 14/07/2009] D5BA242D4CF8E384DB90E6A8ED850B8C

Searching for "samsrv.dll"
C:\$WINDOWS.~BT\Windows\System32\samsrv.dll --a--- 757760 bytes [23:54 13/07/2009] [01:41 14/07/2009] B160ADAEFC76031D92C4FBAC0918B033
C:\$WINDOWS.~BT\Windows\winsxs\amd64_microsoft-windows-directory-services-sam_31bf3856ad364e35_6.1.7600.16385_none_0de34b04baa5950b\samsrv.dll --a--- 757760 bytes [23:54 13/07/2009] [01:41 14/07/2009] B160ADAEFC76031D92C4FBAC0918B033
C:\Windows\winsxs\amd64_microsoft-windows-directory-services-sam_31bf3856ad364e35_6.1.7600.16385_none_0de34b04baa5950b\samsrv.dll --a--- 757760 bytes [23:54 13/07/2009] [01:41 14/07/2009] B160ADAEFC76031D92C4FBAC0918B033

Searching for "snmptrap.exe"
C:\Windows\winsxs\amd64_microsoft-windows-snmp-trap-service_31bf3856ad364e35_6.1.7600.16385_none_2b7ff0845918e12f\snmptrap.exe --a--- 14336 bytes [00:10 14/07/2009] [01:39 14/07/2009] 6313F223E817CC09AA41811DAA7F541D

Searching for "spoolsv.exe"
C:\Windows\winsxs\amd64_microsoft-windows-printing-spooler-core_31bf3856ad364e35_6.1.7600.16385_none_324094c8db39cbbd\spoolsv.exe --a--- 558080 bytes [00:39 14/07/2009] [01:39 14/07/2009] 89E8550C5862999FCF482EA562B0E98E

Searching for "sppsvc.exe"
C:\Windows\winsxs\amd64_microsoft-windows-security-spp_31bf3856ad364e35_6.1.7600.16385_none_7656491f3aa3f98d\sppsvc.exe --a--- 3524608 bytes [01:05 14/07/2009] [01:39 14/07/2009] 913D843498553A1BC8F8DBAD6358E49F

Searching for "UI0Detect.exe"
C:\Windows\winsxs\amd64_microsoft-windows-session0viewer_31bf3856ad364e35_6.1.7600.16385_none_3ddbd9a9605f0519\UI0Detect.exe --a--- 40960 bytes [23:52 13/07/2009] [01:39 14/07/2009] 3CBDEC8D06B9968ABA702EBA076364A1

Searching for "vaultsvc.dll"
C:\Windows\winsxs\amd64_microsoft-windows-security-vault_31bf3856ad364e35_6.1.7600.16385_none_4d5e025e54ba15f8\vaultsvc.dll --a--- 374272 bytes [23:53 13/07/2009] [01:41 14/07/2009] 567BC1309E05FCFA680ADB6E02260736

Searching for "vds.exe"
C:\$WINDOWS.~BT\Windows\System32\vds.exe --a--- 532480 bytes [23:37 13/07/2009] [01:39 14/07/2009] 44D73E0BBC1D3C8981304BA15135C2F2
C:\$WINDOWS.~BT\Windows\winsxs\amd64_microsoft-windows-virtualdiskservice_31bf3856ad364e35_6.1.7600.16385_none_c6dfc447145fa2e0\vds.exe --a--- 532480 bytes [23:37 13/07/2009] [01:39 14/07/2009] 44D73E0BBC1D3C8981304BA15135C2F2
C:\Windows\winsxs\amd64_microsoft-windows-virtualdiskservice_31bf3856ad364e35_6.1.7600.16385_none_c6dfc447145fa2e0\vds.exe --a--- 532480 bytes [23:37 13/07/2009] [01:39 14/07/2009] 44D73E0BBC1D3C8981304BA15135C2F2

Searching for "vssvc.exe"
C:\$WINDOWS.~BT\Windows\System32\VSSVC.exe --a--- 1598976 bytes [05:21 14/07/2009] [05:21 14/07/2009] 787898BF9FB6D7BD87A36E2D95C899BA
C:\$WINDOWS.~BT\Windows\winsxs\amd64_microsoft-windows-vssservice_31bf3856ad364e35_6.1.7600.16385_none_b6c1c01e31887a6e\VSSVC.exe --a--- 1598976 bytes [05:21 14/07/2009] [05:21 14/07/2009] 787898BF9FB6D7BD87A36E2D95C899BA
C:\Windows\winsxs\amd64_microsoft-windows-vssservice_31bf3856ad364e35_6.1.7600.16385_none_b6c1c01e31887a6e\VSSVC.exe --a--- 1598976 bytes [23:39 13/07/2009] [01:39 14/07/2009] 787898BF9FB6D7BD87A36E2D95C899BA

Searching for "wbengine.exe"
C:\$WINDOWS.~BT\Windows\System32\wbengine.exe --a--- 1503744 bytes [23:37 13/07/2009] [01:39 14/07/2009] 5AB1BB85BD8B5089CC5D64200DEDAE68
C:\$WINDOWS.~BT\Windows\winsxs\amd64_microsoft-windows-blb-engine-main_31bf3856ad364e35_6.1.7600.16385_none_3fd6e79f1970ef80\wbengine.exe --a--- 1503744 bytes [23:37 13/07/2009] [01:39 14/07/2009] 5AB1BB85BD8B5089CC5D64200DEDAE68
C:\Windows\winsxs\amd64_microsoft-windows-blb-engine-main_31bf3856ad364e35_6.1.7600.16385_none_3fd6e79f1970ef80\wbengine.exe --a--- 1503744 bytes [23:37 13/07/2009] [01:39 14/07/2009] 5AB1BB85BD8B5089CC5D64200DEDAE68

Searching for "WmiApSrv.exe"
C:\$WINDOWS.~BT\Windows\System32\wbem\WmiApSrv.exe --a--- 203264 bytes [05:21 14/07/2009] [05:21 14/07/2009] 38B84C94C5A8AF291ADFEA478AE54F93
C:\$WINDOWS.~BT\Windows\winsxs\amd64_microsoft-windows-wmi-core_31bf3856ad364e35_6.1.7600.16385_none_1548f4bc3949a69a\WmiApSrv.exe --a--- 203264 bytes [05:21 14/07/2009] [05:21 14/07/2009] 38B84C94C5A8AF291ADFEA478AE54F93
C:\Windows\winsxs\amd64_microsoft-windows-wmi-core_31bf3856ad364e35_6.1.7600.16385_none_1548f4bc3949a69a\WmiApSrv.exe --a--- 203264 bytes [23:47 13/07/2009] [01:39 14/07/2009] 38B84C94C5A8AF291ADFEA478AE54F93

Searching for "wmpnetwk.exe"
C:\Program Files\Windows Media Player\wmpnetwk.exe --a--- 1525248 bytes [00:24 14/07/2009] [01:39 14/07/2009] 9BF014C20F91D97055532F2F5496E7BD
C:\Windows\winsxs\amd64_microsoft-windows-wmpnss-service_31bf3856ad364e35_6.1.7600.16385_none_5f7bbd79e844a815\wmpnetwk.exe --a--- 1525248 bytes [00:24 14/07/2009] [01:39 14/07/2009] 9BF014C20F91D97055532F2F5496E7BD

-=End Of File=-

34Topic solved Re: i post the log as requested on Tue Nov 10, 2009 10:39 am

DragonMaster Jay


Site Owner
Site Owner
Looks ok. How is your computer running?


..........................................................
DragonMaster Jay
Administrative Director SecuraGeek Association
Advanced Malware Analysts Group Owner


Kaspersky E-Store Kaspersky Anti-Virus 2012: Click Here

Contribute/donate to our site

35Topic solved Re: i post the log as requested on Tue Nov 10, 2009 10:46 am

harvester


Member
Member
i think it is ok

what is the nvvsvc.exe filie that is missing?
is it ok?

my system looks fine anyway!!

i have to thank anyway one thousand times!!! ( you know that one thousand is the first number that has the letter "A" inside and that is so special!!) haha!

you deside if everything is ok!!!

if there is anything else i can do just tell me!

36Topic solved Re: i post the log as requested on Tue Nov 10, 2009 5:23 pm

harvester


Member
Member
thare is something with mozzila...i m not sure if it is associated with this problem but it stops running and close. after that i open mozzila and it opens again all the previous sites...

thnx anyway again!

37Topic solved Re: i post the log as requested on Tue Nov 10, 2009 9:04 pm

DragonMaster Jay


Site Owner
Site Owner
nvvsvc.exe is an nVidia file that gets hidden, because in previous versions of Windows, users were modifying that file and was causing problems. It is still shown as a running process in HijackThis and HiJackFree, but it will not show up in other logs - because of Windows File Protection.

I recommend to reinstall Mozilla (Firefox?). It does not work well with Windows 7, so the stability of it is off.

Download Security Check by screen317 from SpywareInfoforum.org or Changelog.fr.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.


..........................................................
DragonMaster Jay
Administrative Director SecuraGeek Association
Advanced Malware Analysts Group Owner


Kaspersky E-Store Kaspersky Anti-Virus 2012: Click Here

Contribute/donate to our site

38Topic solved Re: i post the log as requested on Wed Nov 11, 2009 5:34 am

harvester


Member
Member
Results of screen317's Security Check version 0.99.0
Windows 7 (UAC is enabled)
``````````````````````````````
Antivirus/Firewall Check:
Adobe After Effects CS3 Presets
F-Secure Internet Security 2010
a-squared HiJackFree 3.1
WMIC entry does not exist for antivirus; attempting automatic update.
``````````````````````````````
Anti-malware/Other Utilities Check:
Spybot - Search & Destroy
Advanced WindowsCare Personal 2.6.0
HijackThis 2.0.2
CCleaner
Java(TM) 6 Update 16
Adobe Flash Player 10
``````````````````````````````
Process Check:
objlist.exe by Laurent
``````````````````````````````
DNS Vulnerability Check:
GREAT! (Not vulnerable to DNS cache poisoning)

`````````End of Log```````````

39Topic solved Re: i post the log as requested on Wed Nov 11, 2009 3:21 pm

DragonMaster Jay


Site Owner
Site Owner
Please read the following information that I have provided, which will help you prevent malicious software in the future. Please keep in mind, malware is a continuous danger on the Internet. It is highly important to stay safe while browsing, to prevent re-infection.

Software recommendations

AntiSpyware

  • SpywareBlaster
    SpywareBlaster is a program that prevents spyware from installing on your computer. A tutorial on using SpywareBlaster may be found here.
  • Spybot - Search & Destroy.
    Spybot - Search & Destroy is a spyware and adware removal program. It also has realtime protection, TeaTimer to help safeguard your computer against spyware. (The link for Spybot - Search & Destroy contains a tutorial that will help you download, install, and begin using Spybot).


NOTE: Please keep ALL of these programs up-to-date and run them whenever you suspect a problem to prevent malware problems.

Resident Protection help
A number of programs have resident protection and it is a good idea to run the resident protection of one of each type of program to maintain protection. However, it is important to run only one resident program of each type since they can conflict and become less effective. That means only one antivirus, firewall, and scanning anti-spyware program at a time. Passive protectors such as SpywareBlaster can be run with any of them.

Rogue programs help
There are a lot of rogue programs out there that want to scare you into giving them your money and some malware actually claims to be security programs. If you get a popup for a security program that you did not install yourself, do NOT click on it and ask for help immediately. It is very important to run an antivirus and firewall, but you can't always rely on reviews and ads for information. Ask in a security forum that you trust if you are not sure. If you are unsure and looking for anti-spyware programs, you can find out if it is a rogue here:
http://www.spywarewarrior.com/rogue_anti-spyware.htm

Securing your computer

  • Windows Updates - It is very important to make sure that both Internet Explorer and Windows are kept current with the latest critical security patches from Microsoft. To do this just start Internet Explorer and select Tools > Windows Update, and follow the online instructions from there.
  • hpHosts file replaces your current HOSTS file with one containing well known ad sites and other bad sites. This prevents your computer from connecting to those sites by redirecting them to 127.0.0.1, which is your local computer's loopback address, meaning it will be difficult to infect your computer in the future.


Please consider using an alternate browser
Mozilla's Firefox browser is a very good alternative. In addition to being generally more secure than Internet Explorer, it has a very good built-in popup blocker and add-ons, like NoScript, can make it even more secure. Opera is another good option.

If you are interested:

  • Firefox may be downloaded from here: http://www.getfirefox.com
  • Opera is available here: http://www.opera.com/download/


Please leave feedback for The Ultimate Geek TaskForce! by going here

If you would like to donate, the link is in my signature.


..........................................................
DragonMaster Jay
Administrative Director SecuraGeek Association
Advanced Malware Analysts Group Owner


Kaspersky E-Store Kaspersky Anti-Virus 2012: Click Here

Contribute/donate to our site

Ad Bot

View previous topic View next topic Back to top  Message [Page 3 of 3]

Goto page : Previous  1, 2, 3

SecuraGeek Forums » Malware/Threat Removal » i post the log as requested

Permissions in this forum:
You cannot reply to topics in this forum