Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Suspicious log


  • Please log in to reply
3 replies to this topic

#1 beatit

beatit

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:01:56 AM

Posted 22 June 2013 - 09:07 AM

Hi,

I ran Farbar service scanner with all checkboxes checked and found something strange in the "File check" section. Machine seems to work fine,but you never know...

Can anyone tell if this log is regular?

Thank you

 

 

Farbar Service Scanner Version: 16-06-2013
Ran by Franz (administrator) on 22-06-2013 at 15:06:13
Running from "C:\Users\Franz\AppData\Local\Opera\Opera\temporary_downloads"
Windows 7 Starter Service Pack 1 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
WAN connected
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Action Center:
============


Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============

Other Services:
==============


File Check:
========
C:\Windows\system32\nsisvc.dll => MD5 is legit
C:\Windows\system32\Drivers\nsiproxy.sys => MD5 is legit
C:\Windows\system32\dhcpcore.dll => MD5 is legit
C:\Windows\system32\Drivers\afd.sys => MD5 is legit
C:\Windows\system32\Drivers\tdx.sys => MD5 is legit
C:\Windows\system32\Drivers\tcpip.sys
[2013-06-12 23:14] - [2013-05-08 07:38] - 1293672 ____A (Microsoft Corporation) D32FDAC73FCD76B85389C39BC1087F2A

C:\Windows\system32\dnsrslvr.dll => MD5 is legit
C:\Windows\system32\mpssvc.dll => MD5 is legit
C:\Windows\system32\bfe.dll => MD5 is legit
C:\Windows\system32\Drivers\mpsdrv.sys => MD5 is legit
C:\Windows\system32\SDRSVC.dll => MD5 is legit
C:\Windows\system32\vssvc.exe => MD5 is legit
C:\Windows\system32\wscsvc.dll => MD5 is legit
C:\Windows\system32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\system32\wuaueng.dll => MD5 is legit
C:\Windows\system32\qmgr.dll => MD5 is legit
C:\Windows\system32\es.dll => MD5 is legit
C:\Windows\system32\cryptsvc.dll
[2013-06-12 23:14] - [2013-05-13 06:45] - 0140288 ____A (Microsoft Corporation) 3897DFF247D9ED0006190349DE264E14

C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\system32\ipnathlp.dll => MD5 is legit
C:\Windows\system32\iphlpsvc.dll => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit


**** End of log ****


Edited by beatit, 22 June 2013 - 09:10 AM.


BC AdBot (Login to Remove)

 


#2 beatit

beatit
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:01:56 AM

Posted 22 June 2013 - 09:33 AM

I add also a netstat /a output with no programs running:

 

 

TCP 0.0.0.0:135 OLIBOOK:0 LISTENING
TCP 0.0.0.0:445 OLIBOOK:0 LISTENING
TCP 0.0.0.0:49152 OLIBOOK:0 LISTENING
TCP 0.0.0.0:49153 OLIBOOK:0 LISTENING
TCP 0.0.0.0:49154 OLIBOOK:0 LISTENING
TCP 0.0.0.0:49155 OLIBOOK:0 LISTENING
TCP 0.0.0.0:49156 OLIBOOK:0 LISTENING
TCP [::]:135 OLIBOOK:0 LISTENING
TCP [::]:445 OLIBOOK:0 LISTENING
TCP [::]:49152 OLIBOOK:0 LISTENING
TCP [::]:49153 OLIBOOK:0 LISTENING
TCP [::]:49154 OLIBOOK:0 LISTENING
TCP [::]:49155 OLIBOOK:0 LISTENING
TCP [::]:49156 OLIBOOK:0 LISTENING
UDP 0.0.0.0:5355 *:*
UDP 127.0.0.1:1900 *:*
UDP 127.0.0.1:59250 *:*
UDP 151.95.77.82:1900 *:*
UDP [::1]:1900 *:*
UDP [::1]:59249 *:*

 

I don't understand TCP ports from 49152 onwards and UDP ports from 59249 onwards

I forgot to mention my OS: Windows 7 32bit

Thanks again



#3 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,698 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:04:56 PM

Posted 22 June 2013 - 09:03 PM

FSS log looks fine.


My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#4 beatit

beatit
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:01:56 AM

Posted 23 June 2013 - 03:57 AM

Thanks Broni. It seems that ports 49152-49158 are used by Windows 7,mainly for RPC.Anyone can confirm this?




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users