Ceva Suspect In Running Processes?

cara_ionutz

buna seara

ma scuzati daca nu postez unde trebuie dar este prima oara cand postez pe acest forum.

as dori sa stiu daca exista ceva suspicios in pc-ul meu va postez acest log

Logfile of HijackThis v1.99.1

Scan saved at 11:26:35 PM, on 9/7/2009

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe

C:\Program Files\BitDefender\BitDefender 2009\vsserv.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

C:\WINDOWS\system32\CTsvcCDA.exe

C:\Program Files\Common Files\Eagletron\TrackerPodSvcSvr.exe

C:\WINDOWS\system32\MsPMSPSv.exe

C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Creative\SB Live! 24-bit\Surround Mixer\CTSysVol.exe

C:\WINDOWS\system32\wscntfy.exe

C:\WINDOWS\system32\drivers\LBTWi.exe

C:\Program Files\BitDefender\BitDefender 2009\bdagent.exe

C:\Program Files\BitDefender\BitDefender 2009\seccenter.exe

C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe

C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

C:\Program Files\Winamp\winampa.exe

C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe

C:\WINDOWS\system32\taskmgr.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\WinRAR\WinRAR.exe

C:\DOCUME~1\larisa\LOCALS~1\Temp\Rar$EX00.641\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll

O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2009\IEToolbar.dll

O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll

O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SB Live! 24-bit\Surround Mixer\CTSysVol.exe /r

O4 - HKLM\..\Run: [updReg] C:\WINDOWS\UpdReg.EXE

O4 - HKLM\..\Run: [bDAgent] "C:\Program Files\BitDefender\BitDefender 2009\bdagent.exe"

O4 - HKLM\..\Run: [bitDefender Antiphishing Helper] "C:\Program Files\BitDefender\BitDefender 2009\IEShow.exe"

O4 - HKLM\..\Run: [YSearchProtection] "C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe"

O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe

O4 - HKLM\..\Run: [Microsoft Driver Setup] C:\WINDOWS\system32\drivers\LBTWi.exe

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet

O4 - HKCU\..\Run: [search Protection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O17 - HKLM\System\CCS\Services\Tcpip\..\{2148ED80-9E32-46CA-82E2-57A966CE0C2B}: NameServer = 95.64.72.1,95.64.72.2

O17 - HKLM\System\CS1\Services\Tcpip\..\{2148ED80-9E32-46CA-82E2-57A966CE0C2B}: NameServer = 95.64.72.1,95.64.72.2

O23 - Service: BitDefender Arrakis Server (Arrakis3) - BitDefender S.R.L. http://www.bitdefender.com - C:\Program Files\Common Files\BitDefender\BitDefender Arrakis Server\bin\Arrakis3.exe

O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe (file missing)

O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe

O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe

O23 - Service: Eagletron TrackerPod Service - Eagletron Inc. - C:\Program Files\Common Files\Eagletron\TrackerPodSvcSvr.exe

O23 - Service: BitDefender Desktop Update Service (LIVESRV) - Unknown owner - C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe" /service (file missing)

O23 - Service: BitDefender Virus Shield (VSSERV) - Unknown owner - C:\Program Files\BitDefender\BitDefender 2009\vsserv.exe" /service (file missing)

O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

cele ingrosate imi atrag atentia!

daca exista ceva suspect in calculator va rog sa imi comunicati si sa ma ajutati sa indepartez aceea problema!

Sm3K3R

Foloseste serviciul virustotal.com si testeaza fisierele care ti se par suspecte.

LBTWiz.exe (suspect) pare sa apartina Logitech ,daca folosesti ceva hardware Logitech e posibil sa apartina acestuia, desi uzual e ragasit in Program Files

wscntfy.exe este Windows Security Center

MsPMSPSv.exe pare sa apartina Windows Media Player Service

Ruleaza (pentru linistea proprie) si niste scanari antispyware cu AdAware Free,Spybot Search & Distroy,SuperAntiSpyware,Spyware Terminator sau MalwareBytes Antimalware (toate fiind freeware si intelegandu-se bine cu BD),antivirusii mai dau rateu pe zona adware/spyware.

Chiar iti trebuie yahoo toolbar ?

cara_ionutz

pai eu aveam o suspiciune asupra LBTWI.EXE nu este LBTWIZ.EXE cum zici tu si ciudat este ca exact in momentul asta mi-a aparat in BDef. ca acest fisier este virusat! si se afla in carantina : nume fisier : LBTWI.EXE nume virus Worm.Generic.84389

cara_ionutz

Fişier 40692_spoolsv.exe.ico primit la data de 2009.09.07 02:26:23 (UTC)

Status actual: încheiat

Rezultat: 1/41 (2.44%)

Rezultate compacte Rezultate compacte

Imprimă rezultatele Imprimă rezultatele

Antivirus Versiune Ultima actualizare Rezultat

a-squared 4.5.0.24 2009.09.07 -

AhnLab-V3 5.0.0.2 2009.09.05 -

AntiVir 7.9.1.8 2009.09.06 -

Antiy-AVL 2.0.3.7 2009.09.04 -

Authentium 5.1.2.4 2009.09.06 -

Avast 4.8.1351.0 2009.09.07 -

AVG 8.5.0.409 2009.09.06 -

BitDefender 7.2 2009.09.07 -

CAT-QuickHeal 10.00 2009.09.05 -

ClamAV 0.94.1 2009.09.06 -

Comodo 2204 2009.09.07 -

DrWeb 5.0.0.12182 2009.09.07 -

eSafe 7.0.17.0 2009.09.06 -

eTrust-Vet 31.6.6721 2009.09.04 -

F-Prot 4.5.1.85 2009.09.06 -

F-Secure 8.0.14470.0 2009.09.07 -

Fortinet 3.120.0.0 2009.09.06 -

GData 19 2009.09.07 -

Ikarus T3.1.1.72.0 2009.09.07 -

Jiangmin 11.0.800 2009.09.06 -

K7AntiVirus 7.10.837 2009.09.05 -

Kaspersky 7.0.0.125 2009.09.07 -

McAfee 5733 2009.09.06 -

McAfee+Artemis 5733 2009.09.06 -

McAfee-GW-Edition 6.8.5 2009.09.07 Heuristic.LooksLike.Trojan.PePatch.L

Microsoft 1.5005 2009.09.06 -

NOD32 4401 2009.09.06 -

Norman 6.01.09 2009.09.04 -

nProtect 2009.1.8.0 2009.09.06 -

Panda 10.0.2.2 2009.09.06 -

PCTools 4.4.2.0 2009.09.06 -

Prevx 3.0 2009.09.07 -

Rising 21.45.14.00 2009.09.01 -

Sophos 4.45.0 2009.09.07 -

Sunbelt 3.2.1858.2 2009.09.06 -

Symantec 1.4.4.12 2009.09.07 -

TheHacker 6.3.4.3.396 2009.09.04 -

TrendMicro 8.950.0.1094 2009.09.05 -

VBA32 3.12.10.10 2009.09.06 -

ViRobot 2009.9.4.1919 2009.09.04 -

VirusBuster 4.6.5.0 2009.09.06 -

Informaţii suplimentare

File size: 57856 bytes

MD5 : 7435b108b935e42ea92ca94f59c8e717

SHA1 : c0c79c39a7f4d4e491bff70810439c1aae3e5006

SHA256: 73887ef68291264d9a17d70133efdc0de87e30b717a965a4b64108fb5482c39c

PEInfo: PE Structure information

( base data )

entrypointaddress.: 0x637A

timedatestamp.....: 0x41107EB4 (Wed Aug 4 08:14:12 2004)

machinetype.......: 0x14C (Intel I386)

( 3 sections )

name viradd virsiz rawdsiz ntrpy md5

.text 0x1000 0xBA30 0xBC00 5.96 a175750097bec623aae4798134d776a2

.data 0xD000 0x138C 0x1400 2.23 c5a21bf1e7d86df2c21db3ef5c7e28ac

.rsrc 0xF000 0xC78 0xE00 6.19 379eff6fefd381cd4ad70f1dde3b3161

( 0 imports )

( 0 exports )

TrID : File type identification

Win64 Executable Generic (59.6%)

Win32 Executable MS Visual C++ (generic) (26.2%)

Win32 Executable Generic (5.9%)

Win32 Dynamic Link Library (generic) (5.2%)

Generic Win/DOS Executable (1.3%)

ThreatExpert: http://www.threatexpert.com/report.aspx?md...92ca94f59c8e717

ssdeep: 768:pM9EWlrVpYFtRtCqMQK0rWcSHhoJxWxDV3D+JMdbug/zUG9Jigo:p0PYFtRtCbQK0rpH6VygrUGGgo

PEiD : -

RDS : NSRL Reference Data Set

( Gateway )

Gateway Operating System Windows XP Pro Edition SP2: spoolsv.exe

( Microsoft )

MSDN Disc 2428.4: spoolsv.exeMSDN Disc 2428.5: spoolsv.exeMSDN Disc 2428.8: spoolsv.exeOperating System Reinstallation CD Microsoft Windows XP Professional Service Pack 2: spoolsv.exeVirtual PC for Mac Windows XP Home Edition: spoolsv.exeVirtual PC for Mac Windows XP Professional Edition: spoolsv.exe

CE ATENTIE TREBUIE SA ACORD ACELUI VIRUS