Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Weird Process, And Connection Troubles..


  • Please log in to reply
1 reply to this topic

#1 Sephiroth IX

Sephiroth IX

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:12:20 AM

Posted 02 January 2008 - 02:28 PM

I don't know that the smss.exe and the msns32.exe programs are... any help info please let me know.

Thnks in advance...
---------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:25:20 AM, on 02-Jan-08
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v5.00 SP4 (5.00.2920.0000)
Boot mode: Normal

Running processes:
C:\Documents and Settings\Administrator.SERVIDOR\WINDOWS\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\System32\termsrv.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
D:\Archivos de Programa\xampp\apache\bin\Apache.exe
D:\Program Files\Sybase9\SQL Anywhere 9\win32\dbsrv9.exe
C:\WINNT\System32\svchost.exe
D:\Archivos de Programa\xampp\filezillaftp\filezillaserver.exe
C:\WINNT\System32\llssrv.exe
C:\WINNT\system32\msiexec.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\System32\lserver.exe
D:\Program Files\UPHClean\uphclean.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\inetsrv\inetinfo.exe
C:\WINNT\System32\msdtc.exe
C:\Program Files\Common Files\System\MSSearch\Bin\mssearch.exe
C:\WINNT\system32\Dfssvc.exe
D:\Archivos de Programa\xampp\apache\bin\Apache.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\userinit.exe
C:\WINNT\Explorer.EXE
C:\WINNT\system32\msns32.exe
D:\Program Files\Sybase9\Shared\Sybase Central 4.3\win32\scjview.exe
D:\Program Files\Sybase9\SQL Anywhere 9\win32\dbisqlg.exe
D:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\WINNT\msconfig.exe
D:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINNT\system32\blank.htm
F2 - REG:system.ini: UserInit=C:\WINNT\system32\userinit.exe,
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O4 - HKLM\..\Run: [Windows MSN] C:\WINNT\system32\msns32.exe
O4 - HKCU\..\Run: [SybaseCentral43] "D:\Program Files\Sybase9\Shared\Sybase Central 4.3\win32\scjview.exe" -preload
O4 - HKCU\..\Run: [DBISQL9] "D:\Program Files\Sybase9\SQL Anywhere 9\win32\dbisqlg.exe" -preload
O4 - HKCU\..\Run: [SUPERAntiSpyware] D:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [Windows MSN] C:\WINNT\system32\msns32.exe
O4 - HKUS\.DEFAULT\..\Run: [Windows MSN] C:\WINNT\system32\msns32.exe (User 'Default user')
O10 - Broken Internet access because of LSP provider 'c:\documents and settings\administrator.servidor\windows\system32\rnr20.dll' missing
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {7584C670-2274-4EFB-B00B-D6AABA6D3850} (Microsoft RDP Client Control (redist)) - file://C:\Inetpub\wwwroot\TSWeb\msrdp.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} -
O16 - DPF: {B1E2B96C-12FE-45E2-BEF1-44A219113CDD} (SABScanProcesses Class) - http://www.superadblocker.com/activex/sabspx.cab
O16 - DPF: {CAFEEFAC-0014-0001-0000-ABCDEFFEDCBA} -
O17 - HKLM\System\CCS\Services\Tcpip\..\{D535CED5-21F1-43B1-A2B7-71D938EC22BF}: NameServer = 192.168.1.1
O20 - Winlogon Notify: !SASWinLogon - D:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Apache2 - Apache Software Foundation - D:\Archivos de Programa\xampp\apache\bin\Apache.exe
O23 - Service: Adaptive Server Anywhere - serv_v8 (ASANYs_serv_v8) - iAnywhere Solutions, Inc. - D:\Program Files\Sybase9\SQL Anywhere 9\win32\dbsrv9.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: FileZilla Server FTP server (FileZilla Server) - Unknown owner - D:\Archivos de Programa\xampp\filezillaftp\filezillaserver.exe
O23 - Service: Jaguar - Unknown owner - D:\Program Files\Sybase\Jaguar CTS 3.5\bin\jagsrv.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINNT\system32\ZoneLabs\vsmon.exe

--
End of file - 4289 bytes

BC AdBot (Login to Remove)

 


#2 RichieUK

RichieUK

    Malware Assassin


  • Malware Response Team
  • 13,614 posts
  • OFFLINE
  •  
  • Local time:07:20 AM

Posted 09 January 2008 - 07:25 AM

Welcome to the BleepingComputer HijackThis Logs and Analysis forum.
My name is Richie and i'll be helping you to fix your problems.

Apologies for the late response,as i'm sure you can appreciate we are absolutely snowed under with logs.
If you still require help,please post a new Hijackthis log into your next reply.
Posted Image
Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users