Ceva Suspect In Running Processes?
buna seara
ma scuzati daca nu postez unde trebuie dar este prima oara cand postez pe acest forum.
as dori sa stiu daca exista ceva suspicios in pc-ul meu va postez acest log
Logfile of HijackThis v1.99.1
Scan saved at 11:26:35 PM, on 9/7/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
C:\Program Files\BitDefender\BitDefender 2009\vsserv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\Common Files\Eagletron\TrackerPodSvcSvr.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Creative\SB Live! 24-bit\Surround Mixer\CTSysVol.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\drivers\LBTWi.exe
C:\Program Files\BitDefender\BitDefender 2009\bdagent.exe
C:\Program Files\BitDefender\BitDefender 2009\seccenter.exe
C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\DOCUME~1\larisa\LOCALS~1\Temp\Rar$EX00.641\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2009\IEToolbar.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SB Live! 24-bit\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [updReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [bDAgent] "C:\Program Files\BitDefender\BitDefender 2009\bdagent.exe"
O4 - HKLM\..\Run: [bitDefender Antiphishing Helper] "C:\Program Files\BitDefender\BitDefender 2009\IEShow.exe"
O4 - HKLM\..\Run: [YSearchProtection] "C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe"
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [Microsoft Driver Setup] C:\WINDOWS\system32\drivers\LBTWi.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [search Protection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{2148ED80-9E32-46CA-82E2-57A966CE0C2B}: NameServer = 95.64.72.1,95.64.72.2
O17 - HKLM\System\CS1\Services\Tcpip\..\{2148ED80-9E32-46CA-82E2-57A966CE0C2B}: NameServer = 95.64.72.1,95.64.72.2
O23 - Service: BitDefender Arrakis Server (Arrakis3) - BitDefender S.R.L. http://www.bitdefender.com - C:\Program Files\Common Files\BitDefender\BitDefender Arrakis Server\bin\Arrakis3.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe (file missing)
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: Eagletron TrackerPod Service - Eagletron Inc. - C:\Program Files\Common Files\Eagletron\TrackerPodSvcSvr.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - Unknown owner - C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe" /service (file missing)
O23 - Service: BitDefender Virus Shield (VSSERV) - Unknown owner - C:\Program Files\BitDefender\BitDefender 2009\vsserv.exe" /service (file missing)
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
cele ingrosate imi atrag atentia!
daca exista ceva suspect in calculator va rog sa imi comunicati si sa ma ajutati sa indepartez aceea problema!
Comentarii
-
Foloseste serviciul virustotal.com si testeaza fisierele care ti se par suspecte.
LBTWiz.exe (suspect) pare sa apartina Logitech ,daca folosesti ceva hardware Logitech e posibil sa apartina acestuia, desi uzual e ragasit in Program Files
wscntfy.exe este Windows Security Center
MsPMSPSv.exe pare sa apartina Windows Media Player Service
Ruleaza (pentru linistea proprie) si niste scanari antispyware cu AdAware Free,Spybot Search & Distroy,SuperAntiSpyware,Spyware Terminator sau MalwareBytes Antimalware (toate fiind freeware si intelegandu-se bine cu BD),antivirusii mai dau rateu pe zona adware/spyware.
Chiar iti trebuie yahoo toolbar ?0 -
pai eu aveam o suspiciune asupra LBTWI.EXE nu este LBTWIZ.EXE cum zici tu si ciudat este ca exact in momentul asta mi-a aparat in BDef. ca acest fisier este virusat! si se afla in carantina : nume fisier : LBTWI.EXE nume virus Worm.Generic.84389
0 -
Fişier 40692_spoolsv.exe.ico primit la data de 2009.09.07 02:26:23 (UTC)
Status actual: încheiat
Rezultat: 1/41 (2.44%)
Rezultate compacte Rezultate compacte
Imprimă rezultatele Imprimă rezultatele
Antivirus Versiune Ultima actualizare Rezultat
a-squared 4.5.0.24 2009.09.07 -
AhnLab-V3 5.0.0.2 2009.09.05 -
AntiVir 7.9.1.8 2009.09.06 -
Antiy-AVL 2.0.3.7 2009.09.04 -
Authentium 5.1.2.4 2009.09.06 -
Avast 4.8.1351.0 2009.09.07 -
AVG 8.5.0.409 2009.09.06 -
BitDefender 7.2 2009.09.07 -
CAT-QuickHeal 10.00 2009.09.05 -
ClamAV 0.94.1 2009.09.06 -
Comodo 2204 2009.09.07 -
DrWeb 5.0.0.12182 2009.09.07 -
eSafe 7.0.17.0 2009.09.06 -
eTrust-Vet 31.6.6721 2009.09.04 -
F-Prot 4.5.1.85 2009.09.06 -
F-Secure 8.0.14470.0 2009.09.07 -
Fortinet 3.120.0.0 2009.09.06 -
GData 19 2009.09.07 -
Ikarus T3.1.1.72.0 2009.09.07 -
Jiangmin 11.0.800 2009.09.06 -
K7AntiVirus 7.10.837 2009.09.05 -
Kaspersky 7.0.0.125 2009.09.07 -
McAfee 5733 2009.09.06 -
McAfee+Artemis 5733 2009.09.06 -
McAfee-GW-Edition 6.8.5 2009.09.07 Heuristic.LooksLike.Trojan.PePatch.L
Microsoft 1.5005 2009.09.06 -
NOD32 4401 2009.09.06 -
Norman 6.01.09 2009.09.04 -
nProtect 2009.1.8.0 2009.09.06 -
Panda 10.0.2.2 2009.09.06 -
PCTools 4.4.2.0 2009.09.06 -
Prevx 3.0 2009.09.07 -
Rising 21.45.14.00 2009.09.01 -
Sophos 4.45.0 2009.09.07 -
Sunbelt 3.2.1858.2 2009.09.06 -
Symantec 1.4.4.12 2009.09.07 -
TheHacker 6.3.4.3.396 2009.09.04 -
TrendMicro 8.950.0.1094 2009.09.05 -
VBA32 3.12.10.10 2009.09.06 -
ViRobot 2009.9.4.1919 2009.09.04 -
VirusBuster 4.6.5.0 2009.09.06 -
Informaţii suplimentare
File size: 57856 bytes
MD5 : 7435b108b935e42ea92ca94f59c8e717
SHA1 : c0c79c39a7f4d4e491bff70810439c1aae3e5006
SHA256: 73887ef68291264d9a17d70133efdc0de87e30b717a965a4b64108fb5482c39c
PEInfo: PE Structure information
( base data )
entrypointaddress.: 0x637A
timedatestamp.....: 0x41107EB4 (Wed Aug 4 08:14:12 2004)
machinetype.......: 0x14C (Intel I386)
( 3 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0xBA30 0xBC00 5.96 a175750097bec623aae4798134d776a2
.data 0xD000 0x138C 0x1400 2.23 c5a21bf1e7d86df2c21db3ef5c7e28ac
.rsrc 0xF000 0xC78 0xE00 6.19 379eff6fefd381cd4ad70f1dde3b3161
( 0 imports )
( 0 exports )
TrID : File type identification
Win64 Executable Generic (59.6%)
Win32 Executable MS Visual C++ (generic) (26.2%)
Win32 Executable Generic (5.9%)
Win32 Dynamic Link Library (generic) (5.2%)
Generic Win/DOS Executable (1.3%)
ThreatExpert: http://www.threatexpert.com/report.aspx?md...92ca94f59c8e717
ssdeep: 768:pM9EWlrVpYFtRtCqMQK0rWcSHhoJxWxDV3D+JMdbug/zUG9Jigo:p0PYFtRtCbQK0rpH6VygrUGGgo
PEiD : -
RDS : NSRL Reference Data Set
( Gateway )
Gateway Operating System Windows XP Pro Edition SP2: spoolsv.exe
( Microsoft )
MSDN Disc 2428.4: spoolsv.exeMSDN Disc 2428.5: spoolsv.exeMSDN Disc 2428.8: spoolsv.exeOperating System Reinstallation CD Microsoft Windows XP Professional Service Pack 2: spoolsv.exeVirtual PC for Mac Windows XP Home Edition: spoolsv.exeVirtual PC for Mac Windows XP Professional Edition: spoolsv.exe
CE ATENTIE TREBUIE SA ACORD ACELUI VIRUS0
Liderul tuturor timpurilor
Categorii de discuții
- Toate Categoriile
- 2 Știri și bloguri
- 10 Subiecte generale
- 2 Securitate pentru companii
- 4 Sugestii și idei pentru produse
- 12 Alte produse și servicii
- 19 Central & Abonamente
- 15 VPN
- 14 Mobile Security
- 2 Mac
- 39 Windows
- 1.3K Protectie utilizatori individuali
- 949 Arhiva
- 199 Discu355ii generale
- 199 Discu355ii malware
- 6 Discu355ii spam 351i phishing
- 58 Produse
- 49 Sta355ii de lucru
- 1 Unix
- Servere windows
- 3 Protec355ie enterprise
- 5 Mobile
- 487 350tiri
