| View previous topic :: View next topic |
| Author |
Message |
Haswell
Grandmaster Cheater
![]() Reputation: 10
Joined: 24 Nov 2007
Posts: 703
|
 Posted: Mon Aug 10, 2009 7:30 am Post subject: I am targeted by a computer virus [RESOLVED] |
 |
|
Au_.exe to be exact. http://www.prevx.com/filenames/2090368270727727277-X1/AU_.EXE.html
It always tries to run itself around 20:30 (GMT+ . My firewall blocked its execution to warn me, and I deleted the folder by force in Command Prompt. I think the virus downloaded itself via a port I opened in uTorrent. However, I still don't know the origin of the attack (the IP address of the attacker). Is there any way I can track what comes in and goes out?
Last edited by Haswell on Tue Aug 11, 2009 7:59 am; edited 1 time in total |
|
| Back to top |
|
 |
Polynomial
Grandmaster Cheater
![]() Reputation: 5
Joined: 17 Feb 2008
Posts: 524
Location: Inside the Intel CET shadow stack
|
| Posted: Mon Aug 10, 2009 7:42 am Post subject: |
|
|
Run Windows Update and get the latest security patches. Make sure you have the latest version of uTorrent too. Run the at command with no parameters to see if the task is being scheduled.
Check this list of registry locations for startup processes that I made for anything out of the ordinary (especially Au_.exe and any alias file names listed on Prevx).
Also, get the autoruns utility from Microsoft Sysinternals to see everything that runs at bootup and everything that is hooking into your applications and your OS.
|
|
| Back to top |
|
|
Dark Byte
Site Admin
 Reputation: 470
Joined: 09 May 2003
Posts: 25778
Location: The netherlands
|
| Posted: Mon Aug 10, 2009 7:58 am Post subject: |
|
|
also check your browser. Most likely you got it from a browser exploit
_________________
Do not ask me about online cheats. I don't know any and wont help finding them.
Like my help? Join me on Patreon so i can keep helping |
|
| Back to top |
|
|
Haswell
Grandmaster Cheater
![]() Reputation: 10
Joined: 24 Nov 2007
Posts: 703
|
| Posted: Mon Aug 10, 2009 8:21 am Post subject: |
|
|
at comes clean, "There are no entries in the list". And yes, I'm an administrator. There are three startup programs I'm not too sure of:
nwiz.exe /install
C:\WINDOWS\tsnp2std.exe
C:\WINDOWS\vsnp2std.exe
I also found a pretty suspicious string in the registry:
| Quote: | PendingFileRenameOperations
\??\C:\DOCUME~1\User\LOCALS~1\TEMPOR~1\Content.IE5\index.dat
\??\C:\DOCUME~1\User\LOCALS~1\History\History.IE5\index.dat
\??\C:\DOCUME~1\User\LOCALS~1\Temp\_iu14D2N.tmp
\??\C:\DOCUME~1\User\LOCALS~1\Temp\~nsu.tmp\Au_.exe
\??\C:\DOCUME~1\User\LOCALS~1\Temp\~nsu.tmp\Bu_.exe
\??\C:\DOCUME~1\User\LOCALS~1\Temp\~nsu.tmp\Cu_.exe
\??\C:\DOCUME~1\User\LOCALS~1\Temp\~nsu.tmp\Du_.exe
|
This matches the events today, when I force-terminated Du_.exe and removed the directory ~nsu.tmp. I also cleared my entire temp folder with CCleaner.
If the residential directory of the virus is Temp, then I figured that the virus got in from an open port not restricted by my firewall, like port 21 and 80. uTorrent is up-to-date (1.8.3) and running at the time when Au_.exe attempted to execute itself, so the downloading port might be the culprit. However, Firefox (Minefield 3.6a2) and Windows Live Messenger was also running at that time, so I'm not ruling out any possibilities yet.
Edit: Dark Byte, I'm using the hourly trunk of FF. I know there should be a log of activities somewhere...
Last edited by Haswell on Mon Aug 10, 2009 8:31 am; edited 1 time in total |
|
| Back to top |
|
|
Polynomial
Grandmaster Cheater
![]() Reputation: 5
Joined: 17 Feb 2008
Posts: 524
Location: Inside the Intel CET shadow stack
|
| Posted: Mon Aug 10, 2009 8:28 am Post subject: |
|
|
These are for your webcam:
C:\WINDOWS\tsnp2std.exe
C:\WINDOWS\vsnp2std.exe
The "nwiz" entry is part of your nVida drivers.
This definately looks like a browser exploit. Install the latest Windows Updates (including IE8). You should also be using Firefox, as it's much more secure than IE.
|
|
| Back to top |
|
|
Haswell
Grandmaster Cheater
![]() Reputation: 10
Joined: 24 Nov 2007
Posts: 703
|
| Posted: Mon Aug 10, 2009 8:40 am Post subject: |
|
|
I am using FF as my default browser. Chances of being infiltrated using FF should be low, so IE should be at fault, which is weird since I most definitely did not use IE for the last 2 years.
Should I try and block IE in my AV and firewall? What I'm really looking for is something that can keep track of all network activities, logging every single packet sent and received so I can block specific IP connections.
Edit: for some reason, IE fails on me. It terminates itself upon execution. Will try installing a new copy.
|
|
| Back to top |
|
|
Polynomial
Grandmaster Cheater
![]() Reputation: 5
Joined: 17 Feb 2008
Posts: 524
Location: Inside the Intel CET shadow stack
|
| Posted: Mon Aug 10, 2009 9:02 am Post subject: |
|
|
Logging all of your traffic won't help you, as you'll not be able to tell the difference between what is and what isn't an attack.
It is possible that IE is not the culprit, and that another process is putting those files in the temp folder. Does the Au_.exe come back when you kill it off? If so, use Process Explorer (procexp) from Sysinternals to watch the process list. When it comes back, Process Explorer will show it in the process tree under the process that launched it. This will highlight the culprit of the attack.
|
|
| Back to top |
|
|
Haswell
Grandmaster Cheater
![]() Reputation: 10
Joined: 24 Nov 2007
Posts: 703
|
| Posted: Mon Aug 10, 2009 9:12 am Post subject: |
|
|
Too late. I cleared the entire temp folder, which broke the trail. However when my firewall blocks the execution (and I denied it manually), another process Bu_.exe pops up. I block that as well, Cu_.exe comes, etc...
I was able to taskkill Du_.exe without Eu_.exe popping up, but there's no way to tell if Eu_.exe will even pop up when taskkilling Du_.exe since I removed ~nsu.tmp immediately after taskkilling.
Oh, and IE8 installation failed.
Edit: the virus never actually had a chance to install anything since I denied its execution.
|
|
| Back to top |
|
|
Polynomial
Grandmaster Cheater
![]() Reputation: 5
Joined: 17 Feb 2008
Posts: 524
Location: Inside the Intel CET shadow stack
|
| Posted: Mon Aug 10, 2009 9:49 am Post subject: |
|
|
| Well if it does come back, use my method to work out what ran it. Chances are that there is a keepalive process hanging around somewhere.
|
|
| Back to top |
|
|
Haswell
Grandmaster Cheater
![]() Reputation: 10
Joined: 24 Nov 2007
Posts: 703
|
| Posted: Mon Aug 10, 2009 10:00 am Post subject: |
|
|
| Oh, and I can't reinstall IE 8, nor can I run it from Program Files. That means Windows Update is screwed as well.
|
|
| Back to top |
|
|
Haswell
Grandmaster Cheater
![]() Reputation: 10
Joined: 24 Nov 2007
Posts: 703
|
| Posted: Mon Aug 10, 2009 6:40 pm Post subject: |
|
|
| cheseboi007 wrote: | Do what I did when I got a virus! Re-Install Windows... There are 2 ways of doing this:
Way one
1. Go to Run and type CMD
2. Click OK
3. Type Re-Install Windows
4. Hit enter
Way 2
1. Follow those steps exept change Re-Install Windows to Uninstall Windows
2.Put in you're windows Installation CD and follow the steps on there |
Reinstalling is my last resort, and one that I clearly don't want to initiate unless there is a very good reason behind it. What you said was total bullshit. Period.
Well, the times after the attempted infection went without incident after the attack, leading me to the conclusion that I'm actually being targeted actively, twice. How else can I explain why does the two attempts to infect my system is similar in time? Another argument is an auto-run schedule somewhere, but I haven't found it yet. Besides, the virus got in from the web... I doubt it can restore itself from the auto-run program alone.
I'm going to test again tonight with uTorrent closed, using Process Explorer to log the processes. If something goes wrong, I can always pull the plug.
|
|
| Back to top |
|
|
Polynomial
Grandmaster Cheater
![]() Reputation: 5
Joined: 17 Feb 2008
Posts: 524
Location: Inside the Intel CET shadow stack
|
| Posted: Mon Aug 10, 2009 6:42 pm Post subject: |
|
|
| Well the chances are a keepalive process is scheduling the recreation.
|
|
| Back to top |
|
|
Haswell
Grandmaster Cheater
![]() Reputation: 10
Joined: 24 Nov 2007
Posts: 703
|
| Posted: Mon Aug 10, 2009 6:55 pm Post subject: |
|
|
Okay, I got a list of my currently running processes (tasklist in CMD). I haven't turned my computer off all night so chances are that the 'keepalive' process is still here. but how can that process run without my firewall squeaking about it? I checked the exceptions, they are all normal.
| Code: | Image Name PID Session Name Session# Mem Usage
========================= ====== ================ ======== ============
System 4 Console 0 32 K
SMSS.EXE 1184 Console 0 44 K
csrss.exe 1600 Console 0 1,992 K
winlogon.exe 1660 Console 0 428 K
services.exe 1740 Console 0 1,016 K
lsass.exe 1760 Console 0 1,636 K
svchost.exe 1952 Console 0 1,440 K
svchost.exe 220 Console 0 1,204 K
MsMpEng.exe 248 Console 0 8,280 K
svchost.exe 292 Console 0 43,612 K
svchost.exe 392 Console 0 1,380 K
svchost.exe 484 Console 0 44 K
svchost.exe 752 Console 0 1,232 K
svchost.exe 772 Console 0 700 K
spoolsv.exe 1128 Console 0 532 K
svchost.exe 320 Console 0 52 K
acs.exe 440 Console 0 6,836 K
AppleMobileDeviceService. 548 Console 0 112 K
aspnet_state.exe 636 Console 0 112 K
avgwdsvc.exe 732 Console 0 2,184 K
mDNSResponder.exe 828 Console 0 692 K
hamachi-2.exe 1164 Console 0 276 K
svchost.exe 1412 Console 0 108 K
avgrsx.exe 1564 Console 0 16,444 K
avgnsx.exe 1608 Console 0 3,388 K
LogMeIn.exe 1892 Console 0 3,072 K
LMIGuardian.exe 1328 Console 0 96 K
SMSvcHost.exe 1584 Console 0 484 K
EXPLORER.EXE 2432 Console 0 8,064 K
nvsvc32.exe 2452 Console 0 244 K
svchost.exe 2536 Console 0 56 K
dllhost.exe 3132 Console 0 128 K
vssvc.exe 3372 Console 0 32 K
WMPNetwk.exe 3632 Console 0 1,068 K
avgemc.exe 4072 Console 0 540 K
CTFMON.EXE 432 Console 0 1,260 K
avgcsrvx.exe 2876 Console 0 36 K
dllhost.exe 3244 Console 0 584 K
alg.exe 3472 Console 0 64 K
msdtc.exe 3768 Console 0 32 K
avgtray.exe 2664 Console 0 1,372 K
bpk.exe 3180 Console 0 1,400 K
GrooveMonitor.exe 3816 Console 0 560 K
MSASCui.exe 3996 Console 0 1,580 K
JUSCHED.EXE 1064 Console 0 40 K
iTunesHelper.exe 336 Console 0 636 K
LogMeInSystray.exe 2484 Console 0 1,736 K
FixCamera.exe 2984 Console 0 508 K
tsnp2std.exe 2104 Console 0 752 K
vsnp2std.exe 2680 Console 0 744 K
LMIGuardian.exe 3828 Console 0 96 K
op_mon.exe 3048 Console 0 2,088 K
GoogleUpdate.exe 2296 Console 0 780 K
GoogleCrashHandler.exe 3312 Console 0 60 K
iPodService.exe 460 Console 0 772 K
avgcsrvx.exe 2568 Console 0 36 K
msnmsgr.exe 1924 Console 0 7,012 K
wlcomm.exe 1640 Console 0 5,720 K
firefox.exe 3796 Console 0 89,112 K
wuauclt.exe 840 Console 0 3,656 K
cmd.exe 236 Console 0 3,340 K
tasklist.exe 720 Console 0 5,628 K
wmiprvse.exe 2360 Console 0 6,456 K
|
And please don't mind bpk.exe. I use it for debugging and history tracing.
Edit: really weird. At in CMD replies me with a "Access is denied". And I'm an administrator.
|
|
| Back to top |
|
|
Polynomial
Grandmaster Cheater
![]() Reputation: 5
Joined: 17 Feb 2008
Posts: 524
Location: Inside the Intel CET shadow stack
|
| Posted: Mon Aug 10, 2009 7:00 pm Post subject: |
|
|
Can you post the list along with file locations? I can't tell if some are impersonating others.
_________________
It's not fun unless every exploit mitigation is enabled.
Please do not reply to my posts with LLM-generated slop; I consider it to be an insult to my time. |
|
| Back to top |
|
|
Haswell
Grandmaster Cheater
![]() Reputation: 10
Joined: 24 Nov 2007
Posts: 703
|
| Posted: Mon Aug 10, 2009 7:15 pm Post subject: |
|
|
HiJackThis Log:
| Code: | Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:58:35 AM, on 8/11/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18241)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\LogMeIn Hamachi\hamachi-2.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\LogMeIn\x86\RaMaint.exe
C:\Program Files\LogMeIn\x86\LogMeIn.exe
C:\Program Files\LogMeIn\x86\LMIGuardian.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\System32\vssvc.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\WINDOWS\system32\dllhost.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\BPK\bpk.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
C:\WINDOWS\FixCamera.exe
C:\WINDOWS\tsnp2std.exe
C:\WINDOWS\vsnp2std.exe
C:\Program Files\LogMeIn\x86\LMIGuardian.exe
C:\Documents and Settings\User\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\Documents and Settings\User\Local Settings\Application Data\Google\Update\1.2.183.7\GoogleCrashHandler.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Minefield\firefox.exe
C:\Documents and Settings\User\Desktop\HiJackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.bearshare.com/sidebar.html?src=ssb
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: FCTBPos00Pos - {28A27F58-704F-40E1-8053-28E909FBF604} - C:\Program Files\Mob Wars Toolbar\Toolbar.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Mob Wars Toolbar - {6857857C-15D3-435D-AF19-E0217298B416} - C:\Program Files\Mob Wars Toolbar\Toolbar.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [bpk] C:\Program Files\BPK\bpk.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Program Files\LogMeIn\x86\LogMeInSystray.exe"
O4 - HKLM\..\Run: [FixCamera] C:\WINDOWS\FixCamera.exe
O4 - HKLM\..\Run: [tsnp2std] C:\WINDOWS\tsnp2std.exe
O4 - HKLM\..\Run: [snp2std] C:\WINDOWS\vsnp2std.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [OutpostFeedBack] "C:\Program Files\Agnitum\Outpost Firewall\feedback.exe" /dump:os_startup
O4 - HKLM\..\Run: [OutpostMonitor] C:\PROGRA~1\Agnitum\OUTPOS~1\op_mon.exe /tray /noservice
O4 - HKLM\..\RunOnce: [Installing-ie8] C:\DOCUME~1\User\LOCALS~1\Temp\IE8-WindowsXP-x86-ENU.exe /passive
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\User\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZKfox000
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1217755548996
O17 - HKLM\System\CCS\Services\Tcpip\..\{7E403055-BF98-4B53-BD36-A456484EA6F3}: NameServer = 203.198.23.208 218.102.32.208
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: c:\progra~1\agnitum\outpos~1\wl_hook.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: Agnitum Client Security Service (acssrv) - Agnitum Ltd. - C:\PROGRA~1\Agnitum\OUTPOS~1\acs.exe
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AdobeVersionCue - Adobe Sytems - C:\Program Files\Adobe\Adobe Version Cue\service\VersionCue.exe
O23 - Service: Apache2 - Unknown owner - C:\OpenSA\Apache2\bin\Apache.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: LogMeIn Hamachi 2.0 Tunneling Engine (Hamachi2Svc) - LogMeIn Inc. - C:\Program Files\LogMeIn Hamachi\hamachi-2.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\RaMaint.exe
O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\LogMeIn.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - C:\Program Files\WinPcap\rpcapd.exe
--
End of file - 9265 bytes
|
|
|
| Back to top |
|
|
|
FAQ
Search
Memberlist
Usergroups
Register
Profile
Log in to check your private messages
Log in
