HijackThis Opţiuni

[AlecksX]

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:20:00 PM, on 11/8/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
C:\Program Files\BitDefender\BitDefender 2010\vsserv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE
C:\WINDOWS\PixArt\PAC207\Monitor.exe
C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe
C:\Program Files\Nero\Nero 7\InCD\InCD.exe
C:\Program Files\SweetIM\Messenger\SweetIM.exe
C:\Program Files\BitDefender\BitDefender 2010\bdagent.exe
C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Samsung\Samsung New PC Studio\NPSAgent.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\PROGRA~1\COMMON~1\Nokia\MPAPI\MPAPI3s.exe
C:\WINDOWS\system32\FsUsbExService.Exe
C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\Program Files\BitDefender\BitDefender 2010\seccenter.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\explorer.exe
C:\Program Files\PowerQuest\PartitionMagic 8.0\PMAGIC.EXE
C:\Program Files\PowerQuest\PartitionMagic 8.0\PMAGICnt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Service Pack 3 Internet Explorer
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
R3 - URLSearchHook: SweetIM ToolbarURLSearchHook Class - {EEE6C35D-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgHelper.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.3.7.16.dll
O2 - BHO: SWEETIE - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: SweetIM Toolbar for Internet Explorer - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2010\IEToolbar.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -startup
O4 - HKLM\..\Run: [PAC207_Monitor] C:\WINDOWS\PixArt\PAC207\Monitor.exe
O4 - HKLM\..\Run: [Monitor] C:\WINDOWS\PixArt\PAC207\Monitor.exe
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [OpwareSE4] "C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe"
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [SecurDisc] C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Nero\Nero 7\InCD\InCD.exe
O4 - HKLM\..\Run: [SweetIM] C:\Program Files\SweetIM\Messenger\SweetIM.exe
O4 - HKLM\..\Run: [BitDefender Antiphishing Helper] "C:\Program Files\BitDefender\BitDefender 2010\IEShow.exe"
O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\BitDefender\BitDefender 2010\bdagent.exe"
O4 - HKCU\..\Run: [MsnMsgr] ~"C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Messenger (Yahoo!)] ~"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [AutoStartNPSAgent] C:\Program Files\Samsung\Samsung New PC Studio\NPSAgent.exe
O4 - HKUS\S-1-5-19\..\Run: [msnsc] C:\WINDOWS\system32\msnsc.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [msnsc] C:\WINDOWS\system32\msnsc.exe (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [msnsc] C:\WINDOWS\system32\msnsc.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [msnsc] C:\WINDOWS\system32\msnsc.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'Default user')
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.3.7.16.dll/206 (file missing)
O23 - Service: BitDefender Arrakis Server (Arrakis3) - BitDefender S.R.L. http://www.bitdefender.com - C:\Program Files\Common Files\BitDefender\BitDefender Arrakis Server\bin\arrakis3.exe
O23 - Service: FsUsbExService - Teruten - C:\WINDOWS\system32\FsUsbExService.Exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Serviciu Actualizare Desktop BitDefender (LIVESRV) - BitDefender S.R.L. - C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Scut antivirus BitDefender (VSSERV) - BitDefender S.R.L. - C:\Program Files\BitDefender\BitDefender 2010\vsserv.exe
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

--
End of file - 8939 bytes

Acest mesaj a fost modificat de AlecksX: 8th November 2009, 13:48

[pykko]

AlecksX, log-ul tau este curat. Suspectezi vreo problema? Sper ca nu ai aplicat sfatul lui Header de a fixa acele intrari. Sunt perfect legitime si sfatul sau e total gresit, drept pentru care a luat si warn.

[cristian0007]

Hai sa-mi incerc si eu norocul (IMG:http://forum.softpedia.com/style_emoticons/default/harhar.gif)

Deci,conform:

http://forums.pcpitstop.com/index.php?show...p;mode=threaded


Malwarebytes vede msnsc.exe ca trojan.

C:\WINDOWS\system32\msnsc.exe (Trojan.Agent) -> Quarantined and deleted successfully.
KEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\msnsc (Trojan.Agent) -> Quarantined and deleted successfully.

Eu zic ca un scan cu MB sau Dr Web nu ar strica.

[pykko]

msnsc.exe este si legitim si infectat in unele cazuri.

Scanarea cu Malwarebytes AntiMalware ne va clarifica lucrurile. (IMG:http://forum.softpedia.com/style_emoticons/default/smile.gif)

[AlecksX]

Din pacate am facut ceea ce a zis Header.Am terminat de scanat cu Malwarebytes AntiMalware.La sfarsit am dat din greseala Restart Computer si nu am putut copia erorile gasite. Unde pot gasi acel document?
Orikum nu sunt foarte grave erorile.
Singura problema este aceea ca atunci cand intru intr-o partititie imi zice :
(IMG:http://img301.imageshack.us/img301/5671/36474480.th.png)
Cum pot remedia aceasta problema?
Multumesc.

Acest mesaj a fost modificat de AlecksX: 8th November 2009, 17:38

[cristian0007]

Rulezi chestia asta ca sa-ti dispara mesajul de eroare.

http://download.bleepingcomputer.com/sUBs/...Disinfector.exe

Daca deschizi MB o sa vezi tabul de logs.

Enjoy !

[AlecksX]

multumesc mult.Rezolvat. (IMG:http://forum.softpedia.com/style_emoticons/default/wink.gif)

[pykko]

multumesc mult.Rezolvat. (IMG:http://forum.softpedia.com/style_emoticons/default/wink.gif)

Daca mai ai probleme te asteptam aici.

[cristian0007]

multumesc mult.Rezolvat. (IMG:http://forum.softpedia.com/style_emoticons/default/wink.gif)

Bravo bravo dar posteaza si logul. (IMG:http://forum.softpedia.com/style_emoticons/default/icecream.gif)

[AlecksX]

Malwarebytes' Anti-Malware 1.41
Database version: 3123
Windows 5.1.2600 Service Pack 2

11/8/2009 5:06:30 PM
mbam-log-2009-11-08 (17-06-30).txt

Scan type: Full Scan (D:\|E:\|F:\|G:\|H:\|)
Objects scanned: 21320
Time elapsed: 5 minute(s), 24 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

[cristian0007]

(IMG:http://forum.softpedia.com/style_emoticons/default/laugh.gif) Deci nu ti-a scanat mai nimic.

Scan type: Full Scan (D:\|E:\|F:\|G:\|H:\|)

pe C trebuia sa dai scan.

[AlecksX]

poi daca dau pe C:\ iar stau 3 h (IMG:http://forum.softpedia.com/style_emoticons/default/tongue.gif)

am sa postez in cateva minute:D

[cristian0007]

poi daca dau pe C:\ iar stau 3 h (IMG:http://forum.softpedia.com/style_emoticons/default/tongue.gif)

am sa postez in cateva minute:D

Ok,da logu pe care l-ai facut pe C.

[pykko]

poi daca dau pe C:\ iar stau 3 h (IMG:http://forum.softpedia.com/style_emoticons/default/tongue.gif)

am sa postez in cateva minute:D

Deschizi Malwarebytes Anti-Malware >> Logs, selectezi log-ul, apesi Open si postezi continutul sau aici.

Nu e nevoie sa scanezi din nou.

Acest mesaj a fost modificat de pykko: 8th November 2009, 18:29

[AlecksX]

Malwarebytes' Anti-Malware 1.41
Database version: 3123
Windows 5.1.2600 Service Pack 2

11/8/2009 3:52:54 PM
mbam-log-2009-11-08 (15-52-54).txt

Scan type: Full Scan (C:\|D:\|E:\|F:\|G:\|H:\|)
Objects scanned: 114160
Time elapsed: 2 hour(s), 24 minute(s), 38 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 14

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\system32\msnsc.exe (Trojan.Agent) -> Quarantined and deleted successfully.
D:\System Volume Information\_restore{347009E4-D3FF-4CBD-835F-C7277C63398F}\RP43\A0022095.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
D:\System Volume Information\_restore{6C1F3C74-552C-4A4C-8AD8-C246533363ED}\RP4\A0004620.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
E:\System Volume Information\_restore{347009E4-D3FF-4CBD-835F-C7277C63398F}\RP43\A0022100.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
E:\System Volume Information\_restore{6C1F3C74-552C-4A4C-8AD8-C246533363ED}\RP4\A0004621.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
F:\System Volume Information\_restore{03A844E7-B836-4846-83C7-A86AFB15F0FA}\RP1\A0001684.dll (Malware.Packer) -> Quarantined and deleted successfully.
F:\System Volume Information\_restore{03A844E7-B836-4846-83C7-A86AFB15F0FA}\RP1\A0001687.dll (Malware.Packer) -> Quarantined and deleted successfully.
F:\System Volume Information\_restore{6C1F3C74-552C-4A4C-8AD8-C246533363ED}\RP4\A0004622.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
G:\System Volume Information\_restore{347009E4-D3FF-4CBD-835F-C7277C63398F}\RP43\A0022091.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
G:\System Volume Information\_restore{6C1F3C74-552C-4A4C-8AD8-C246533363ED}\RP4\A0004623.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
H:\System Volume Information\_restore{347009E4-D3FF-4CBD-835F-C7277C63398F}\RP43\A0022099.exe (Malware.Packer) -> Quarantined and deleted successfully.
H:\System Volume Information\_restore{347009E4-D3FF-4CBD-835F-C7277C63398F}\RP43\A0022221.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
H:\System Volume Information\_restore{6C1F3C74-552C-4A4C-8AD8-C246533363ED}\RP2\A0003440.exe (Backdoor.ProRat) -> Quarantined and deleted successfully.
H:\System Volume Information\_restore{6C1F3C74-552C-4A4C-8AD8-C246533363ED}\RP4\A0004624.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
H:\System Volume Information\_restore{E33F3DFD-2592-443B-A55F-5C646C9A78E4}\RP1\A0001636.exe (Backdoor.ProRat) -> Quarantined and deleted successfully.
H:\System Volume Information\_restore{E33F3DFD-2592-443B-A55F-5C646C9A78E4}\RP1\A0003064.exe (Backdoor.ProRat) -> Quarantined and deleted successfully.
H:\System Volume Information\_restore{E33F3DFD-2592-443B-A55F-5C646C9A78E4}\RP10\A0018470.exe (Backdoor.ProRat) -> Quarantined and deleted successfully.
H:\System Volume Information\_restore{E33F3DFD-2592-443B-A55F-5C646C9A78E4}\RP11\A0018861.exe (Backdoor.ProRat) -> Quarantined and deleted successfully.
H:\System Volume Information\_restore{E33F3DFD-2592-443B-A55F-5C646C9A78E4}\RP11\A0019754.exe (Backdoor.ProRat) -> Quarantined and deleted successfully.
H:\System Volume Information\_restore{E33F3DFD-2592-443B-A55F-5C646C9A78E4}\RP11\A0020047.exe (Backdoor.ProRat) -> Quarantined and deleted successfully.
H:\System Volume Information\_restore{E33F3DFD-2592-443B-A55F-5C646C9A78E4}\RP11\A0020273.exe (Backdoor.ProRat) -> Quarantined and deleted successfully.
H:\System Volume Information\_restore{E33F3DFD-2592-443B-A55F-5C646C9A78E4}\RP11\A0020608.exe (Backdoor.ProRat) -> Quarantined and deleted successfully.
H:\System Volume Information\_restore{E33F3DFD-2592-443B-A55F-5C646C9A78E4}\RP12\A0021148.exe (Backdoor.ProRat) -> Quarantined and deleted successfully.
H:\System Volume Information\_restore{E33F3DFD-2592-443B-A55F-5C646C9A78E4}\RP13\A0022155.exe (Backdoor.ProRat) -> Quarantined and deleted successfully.
H:\System Volume Information\_restore{E33F3DFD-2592-443B-A55F-5C646C9A78E4}\RP14\A0022446.exe (Backdoor.ProRat) -> Quarantined and deleted successfully.
H:\System Volume Information\_restore{E33F3DFD-2592-443B-A55F-5C646C9A78E4}\RP14\A0023452.exe (Backdoor.ProRat) -> Quarantined and deleted successfully.
H:\System Volume Information\_restore{E33F3DFD-2592-443B-A55F-5C646C9A78E4}\RP14\A0024448.exe (Backdoor.ProRat) -> Quarantined and deleted successfully.
H:\System Volume Information\_restore{E33F3DFD-2592-443B-A55F-5C646C9A78E4}\RP14\A0024992.exe (Backdoor.ProRat) -> Quarantined and deleted successfully.
H:\System Volume Information\_restore{E33F3DFD-2592-443B-A55F-5C646C9A78E4}\RP14\A0025167.exe (Backdoor.ProRat) -> Quarantined and deleted successfully.
H:\System Volume Information\_restore{E33F3DFD-2592-443B-A55F-5C646C9A78E4}\RP14\A0025510.exe (Backdoor.ProRat) -> Quarantined and deleted successfully.
H:\System Volume Information\_restore{E33F3DFD-2592-443B-A55F-5C646C9A78E4}\RP15\A0025773.exe (Backdoor.ProRat) -> Quarantined and deleted successfully.
H:\System Volume Information\_restore{E33F3DFD-2592-443B-A55F-5C646C9A78E4}\RP17\A0026351.exe (Backdoor.ProRat) -> Quarantined and deleted successfully.
H:\System Volume Information\_restore{E33F3DFD-2592-443B-A55F-5C646C9A78E4}\RP17\A0027335.exe (Backdoor.ProRat) -> Quarantined and deleted successfully.
H:\System Volume Information\_restore{E33F3DFD-2592-443B-A55F-5C646C9A78E4}\RP2\A0003406.exe (Backdoor.ProRat) -> Quarantined and deleted successfully.
H:\System Volume Information\_restore{E33F3DFD-2592-443B-A55F-5C646C9A78E4}\RP2\A0003710.exe (Backdoor.ProRat) -> Quarantined and deleted successfully.
H:\System Volume Information\_restore{E33F3DFD-2592-443B-A55F-5C646C9A78E4}\RP2\A0004007.exe (Backdoor.ProRat) -> Quarantined and deleted successfully.
H:\System Volume Information\_restore{E33F3DFD-2592-443B-A55F-5C646C9A78E4}\RP2\A0004303.exe (Backdoor.ProRat) -> Quarantined and deleted successfully.
H:\System Volume Information\_restore{E33F3DFD-2592-443B-A55F-5C646C9A78E4}\RP3\A0004606.exe (Backdoor.ProRat) -> Quarantined and deleted successfully.
H:\System Volume Information\_restore{E33F3DFD-2592-443B-A55F-5C646C9A78E4}\RP3\A0004864.exe (Backdoor.ProRat) -> Quarantined and deleted successfully.
H:\System Volume Information\_restore{E33F3DFD-2592-443B-A55F-5C646C9A78E4}\RP3\A0005864.exe (Backdoor.ProRat) -> Quarantined and deleted successfully.
H:\System Volume Information\_restore{E33F3DFD-2592-443B-A55F-5C646C9A78E4}\RP3\A0006136.exe (Backdoor.ProRat) -> Quarantined and deleted successfully.
H:\System Volume Information\_restore{E33F3DFD-2592-443B-A55F-5C646C9A78E4}\RP3\A0007142.exe (Backdoor.ProRat) -> Quarantined and deleted successfully.
H:\System Volume Information\_restore{E33F3DFD-2592-443B-A55F-5C646C9A78E4}\RP3\A0007448.exe (Backdoor.ProRat) -> Quarantined and deleted successfully.
H:\System Volume Information\_restore{E33F3DFD-2592-443B-A55F-5C646C9A78E4}\RP4\A0007777.exe (Backdoor.ProRat) -> Quarantined and deleted successfully.
H:\System Volume Information\_restore{E33F3DFD-2592-443B-A55F-5C646C9A78E4}\RP4\A0008777.exe (Backdoor.ProRat) -> Quarantined and deleted successfully.
H:\System Volume Information\_restore{E33F3DFD-2592-443B-A55F-5C646C9A78E4}\RP4\A0008954.exe (Backdoor.ProRat) -> Quarantined and deleted successfully.
H:\System Volume Information\_restore{E33F3DFD-2592-443B-A55F-5C646C9A78E4}\RP4\A0009263.exe (Backdoor.ProRat) -> Quarantined and deleted successfully.
H:\System Volume Information\_restore{E33F3DFD-2592-443B-A55F-5C646C9A78E4}\RP5\A0010260.exe (Backdoor.ProRat) -> Quarantined and deleted successfully.
H:\System Volume Information\_restore{E33F3DFD-2592-443B-A55F-5C646C9A78E4}\RP5\A0011271.exe (Backdoor.ProRat) -> Quarantined and deleted successfully.
H:\System Volume Information\_restore{E33F3DFD-2592-443B-A55F-5C646C9A78E4}\RP5\A0012599.exe (Backdoor.ProRat) -> Quarantined and deleted successfully.
H:\System Volume Information\_restore{E33F3DFD-2592-443B-A55F-5C646C9A78E4}\RP5\A0015423.exe (Backdoor.ProRat) -> Quarantined and deleted successfully.
H:\System Volume Information\_restore{E33F3DFD-2592-443B-A55F-5C646C9A78E4}\RP5\A0012910.exe (Backdoor.ProRat) -> Quarantined and deleted successfully.
H:\System Volume Information\_restore{E33F3DFD-2592-443B-A55F-5C646C9A78E4}\RP5\A0013916.exe (Backdoor.ProRat) -> Quarantined and deleted successfully.
H:\System Volume Information\_restore{E33F3DFD-2592-443B-A55F-5C646C9A78E4}\RP5\A0014241.exe (Backdoor.ProRat) -> Quarantined and deleted successfully.
H:\System Volume Information\_restore{E33F3DFD-2592-443B-A55F-5C646C9A78E4}\RP5\A0014477.exe (Backdoor.ProRat) -> Quarantined and deleted successfully.
H:\System Volume Information\_restore{E33F3DFD-2592-443B-A55F-5C646C9A78E4}\RP5\A0014875.exe (Backdoor.ProRat) -> Quarantined and deleted successfully.
H:\System Volume Information\_restore{E33F3DFD-2592-443B-A55F-5C646C9A78E4}\RP5\A0015098.exe (Backdoor.ProRat) -> Quarantined and deleted successfully.
H:\System Volume Information\_restore{E33F3DFD-2592-443B-A55F-5C646C9A78E4}\RP5\A0015601.exe (Backdoor.ProRat) -> Quarantined and deleted successfully.
H:\System Volume Information\_restore{E33F3DFD-2592-443B-A55F-5C646C9A78E4}\RP5\A0015933.exe (Backdoor.ProRat) -> Quarantined and deleted successfully.
H:\System Volume Information\_restore{E33F3DFD-2592-443B-A55F-5C646C9A78E4}\RP5\A0016311.exe (Backdoor.ProRat) -> Quarantined and deleted successfully.
H:\System Volume Information\_restore{E33F3DFD-2592-443B-A55F-5C646C9A78E4}\RP5\A0016655.exe (Backdoor.ProRat) -> Quarantined and deleted successfully.
H:\System Volume Information\_restore{E33F3DFD-2592-443B-A55F-5C646C9A78E4}\RP6\A0017000.exe (Backdoor.ProRat) -> Quarantined and deleted successfully.
H:\System Volume Information\_restore{E33F3DFD-2592-443B-A55F-5C646C9A78E4}\RP7\A0017126.exe (Backdoor.ProRat) -> Quarantined and deleted successfully.
H:\System Volume Information\_restore{E33F3DFD-2592-443B-A55F-5C646C9A78E4}\RP9\A0017236.exe (Backdoor.ProRat) -> Quarantined and deleted successfully.
H:\System Volume Information\_restore{E33F3DFD-2592-443B-A55F-5C646C9A78E4}\RP9\A0017404.exe (Backdoor.ProRat) -> Quarantined and deleted successfully.


Cam asta este.

Acest mesaj a fost modificat de AlecksX: 8th November 2009, 18:38

[crysty2k5]

Deci era virusat !

C:\WINDOWS\system32\msnsc.exe (Trojan.Agent) -> Quarantined and deleted successfully.

Imi aduc aminte ca am luat warn pe motivul asta de la pykko pe cand eram user...daca procesul este in system32, 99% e virus.

Opreste System Restore, restart, activeaza-l la loc (IMG:http://forum.softpedia.com/style_emoticons/default/smile.gif)

Revino daca sunt alte probleme.

[AlecksX]

Deci era virusat !


Imi aduc aminte ca am luat warn pe motivul asta de la pykko pe cand eram user...daca procesul este in system32, 99% e virus.

Opreste System Restore, restart, activeaza-l la loc (IMG:http://forum.softpedia.com/style_emoticons/default/smile.gif)

Revino daca sunt alte probleme.

OK,multumesc deocamdata.(IMG:http://forum.softpedia.com/style_emoticons/default/smile.gif)

[Header]

Merci pykko,am zis ca-i virus msnsc.exe si virus a fost fapt confirmat si de alte forumuri straine,dar ai zis ca nu este insa a fost ca mine.
Rog pe viitor sa nu mai stergi postul userului fara mila ci doar sa editezi/stergi ceea ce esti sigur ca este gresit,in acest caz C:\WINDOWS\system32\msnsc.exe era corect deci trebuia lasat si trebuia fixat cu HijackThis.
Cu toate ca omul a bifat ce i-am indicat pc-ul inca ai merge.

Acest mesaj a fost modificat de Header: 8th November 2009, 19:31