Pentru discutii despre programe antivirus, firewall si alte solutii de securitate, dar mai ales in cazul unei virusari a PC-ului va invitam pe FORUM.
Sunt prezent acolo cu nick-ul pykko si alaturi de colegii mei vom incerca sa va dam raspunsuri in cel mai scurt timp posibil.
Loading ...
Daca nu e Radu online, va raspund eu.
user: crysty2k5
Salut Radu,
Se pare ca site-ul hxtp://plantextrakt.ro/ este virusat. Nis 2010 a blocat un atac la fiecare accesare a acestui site( http Gumblar Request) iar la o scanare pe http://www.novirusthanks.org, Nod32 il gaseste ca fiind infectat. Poti arunca o privire?
adicatelea si aicea trebe sa fiu on-topic? ca tot caut o portita de scapare sa bat campii in liniste da’ n-am sanse dom’le !
Ce se intampla cu site-ul http://www.ebay.de (germania) ca imi da urmatorul mesaj
Http/1.1 Bad Request
e atacat de hackeri au ce ?
cum scap de svchost.exe?? X( multumesc
@Narcis: svchost.exe este un proces normal al Windows-ului. De ce vrei sa scapi de el?
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 12:01:39, on 04/05/2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16945)
Boot mode: Normal
Running processes:
E:\WINDOWS\System32\smss.exe
E:\WINDOWS\system32\winlogon.exe
E:\WINDOWS\system32\services.exe
E:\WINDOWS\system32\lsass.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\System32\svchost.exe
E:\WINDOWS\system32\spoolsv.exe
E:\Program Files\ESET\ESET Smart Security\ekrn.exe
E:\WINDOWS\system32\svchost.exe
E:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
E:\WINDOWS\system32\svchost.exe
E:\Program Files\TeamViewer\Version4\TeamViewer_Service.exe
E:\WINDOWS\system32\WgaTray.exe
E:\WINDOWS\Explorer.EXE
E:\WINDOWS\SOUNDMAN.EXE
E:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb02.exe
E:\Program Files\ESET\ESET Smart Security\egui.exe
E:\WINDOWS\system32\ctfmon.exe
E:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
E:\WINDOWS\infocard.exe
E:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
E:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe
E:\Program Files\Yahoo!\Search Protection\YspService.exe
E:\Program Files\PC Connectivity Solution\ServiceLayer.exe
E:\Program Files\Opera\opera.exe
E:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
E:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
E:\Documents and Settings\Carmen\Local Settings\Application Data\Opera\Opera\temporary_downloads\HiJackThis.exe
R1 – HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
R1 – HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*http://www.yahoo.com
R0 – HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://mail.yahoo.com/
R1 – HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
R1 – HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
R1 – HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
R1 – HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*http://www.yahoo.com
R0 – HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R1 – HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
R3 – URLSearchHook: Yahoo! Toolbar – {EF99BD32-C1FB-11D2-892F-0090271D4F88} – E:\Program Files\Yahoo!\Companion\Installs\cpn8\yt.dll
R3 – URLSearchHook: SweetIM ToolbarURLSearchHook Class – {EEE6C35D-6118-11DC-9C72-001320C79847} – E:\Program Files\SweetIM\Toolbars\Internet Explorer\mgHelper.dll
R3 – URLSearchHook: DigiTv Online Toolbar – {ad4eabaa-0a3b-4820-bc03-e7c3068b2ec7} – E:\Program Files\DigiTv_Online\tbDigi.dll
R3 – URLSearchHook: Radio Ciresarii 2 Toolbar – {7504bb63-9378-4d23-905f-6e1c0bc14a0e} – E:\Program Files\Radio_Ciresarii_2\tbRad1.dll
O2 – BHO: &Yahoo! Toolbar Helper – {02478D38-C3F9-4EFB-9B51-7695ECA05670} – E:\Program Files\Yahoo!\Companion\Installs\cpn8\yt.dll
O2 – BHO: HP Print Enhancer – {0347C33E-8762-4905-BF09-768834316C61} – E:\Program Files\HP\Smart Web Printing\hpswp_printenhancer.dll
O2 – BHO: HP Print Clips – {053F9267-DC04-4294-A72C-58F732D338C0} – E:\Program Files\HP\Smart Web Printing\hpswp_framework.dll
O2 – BHO: Adobe PDF Reader Link Helper – {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} – E:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 – BHO: YSPManager – {25BC7718-0BFA-40EA-B381-4B2D9732D686} – E:\Program Files\Yahoo!\Search Protection\ysp.dll
O2 – BHO: Yahoo! IE Services Button – {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} – E:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 – BHO: Radio Ciresarii 2 Toolbar – {7504bb63-9378-4d23-905f-6e1c0bc14a0e} – E:\Program Files\Radio_Ciresarii_2\tbRad1.dll
O2 – BHO: Google Toolbar Helper – {AA58ED58-01DD-4d91-8333-CF10577473F7} – E:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 – BHO: DigiTv Online Toolbar – {ad4eabaa-0a3b-4820-bc03-e7c3068b2ec7} – E:\Program Files\DigiTv_Online\tbDigi.dll
O2 – BHO: Google Toolbar Notifier BHO – {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} – E:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll
O2 – BHO: Google Dictionary Compression sdch – {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} – E:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O2 – BHO: SWEETIE – {EEE6C35C-6118-11DC-9C72-001320C79847} – E:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
O2 – BHO: SingleInstance Class – {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} – E:\Program Files\Yahoo!\Companion\Installs\cpn8\YTSingleInstance.dll
O3 – Toolbar: Yahoo! Toolbar – {EF99BD32-C1FB-11D2-892F-0090271D4F88} – E:\Program Files\Yahoo!\Companion\Installs\cpn8\yt.dll
O3 – Toolbar: SweetIM Toolbar for Internet Explorer – {EEE6C35B-6118-11DC-9C72-001320C79847} – E:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
O3 – Toolbar: Google Toolbar – {2318C2B1-4965-11d4-9B18-009027A5CD4F} – E:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O3 – Toolbar: DigiTv Online Toolbar – {ad4eabaa-0a3b-4820-bc03-e7c3068b2ec7} – E:\Program Files\DigiTv_Online\tbDigi.dll
O3 – Toolbar: Radio Ciresarii 2 Toolbar – {7504bb63-9378-4d23-905f-6e1c0bc14a0e} – E:\Program Files\Radio_Ciresarii_2\tbRad1.dll
O4 – HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 – HKLM\..\Run: [HPDJ Taskbar Utility] E:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb02.exe
O4 – HKLM\..\Run: [QuickTime Task] “E:\WINDOWS\system32\qttask.exe” -atboottime
O4 – HKLM\..\Run: [egui] “E:\Program Files\ESET\ESET Smart Security\egui.exe” /hide /waitservice
O4 – HKLM\..\Run: [NodEnabler] E:\Program Files\ESET\ESET Smart Security\NodEnabler\NodEnabler.exe
O4 – HKLM\..\Run: [Firewall Administrating] E:\WINDOWS\infocard.exe
O4 – HKCU\..\Run: [CTFMON.EXE] E:\WINDOWS\system32\ctfmon.exe
O4 – HKCU\..\Run: [Messenger (Yahoo!)] “E:\Program Files\Yahoo!\Messenger\YahooMessenger.exe” -quiet
O4 – HKCU\..\Run: [swg] “E:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe”
O4 – HKCU\..\Run: [PC Suite Tray] “E:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe” -onlytray
O4 – HKCU\..\Run: [Firewall Administrating] E:\WINDOWS\infocard.exe
O4 – HKCU\..\Run: [YSearchProtection] E:\Program Files\Yahoo!\Search Protection\YspService.exe
O4 – HKUS\S-1-5-19\..\Run: [CTFMON.EXE] E:\WINDOWS\system32\CTFMON.EXE (User ‘LOCAL SERVICE’)
O4 – HKUS\S-1-5-20\..\Run: [CTFMON.EXE] E:\WINDOWS\system32\CTFMON.EXE (User ‘NETWORK SERVICE’)
O4 – HKUS\S-1-5-18\..\Run: [CTFMON.EXE] E:\WINDOWS\system32\CTFMON.EXE (User ‘SYSTEM’)
O4 – HKUS\.DEFAULT\..\Run: [CTFMON.EXE] E:\WINDOWS\system32\CTFMON.EXE (User ‘Default user’)
O8 – Extra context menu item: &Yahoo! Search – file:///E:\Program Files\Yahoo!\Common/ycsrch.htm
O8 – Extra context menu item: E&xport to Microsoft Excel – res://E:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 – Extra context menu item: Yahoo! &Dictionary – file:///E:\Program Files\Yahoo!\Common/ycdict.htm
O8 – Extra context menu item: Yahoo! &Maps – file:///E:\Program Files\Yahoo!\Common/ycmap.htm
O8 – Extra context menu item: Yahoo! &SMS – file:///E:\Program Files\Yahoo!\Common/ycsms.htm
O9 – Extra button: HP Clipbook – {58ECB495-38F0-49cb-A538-10282ABF65E7} – E:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 – Extra button: Yahoo! Services – {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} – E:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 – Extra button: HP Smart Select – {700259D7-1666-479a-93B1-3250410481E8} – E:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 – Extra button: Research – {92780B25-18CC-41C8-B9BE-3C9C571A8263} – E:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 – Extra button: (no name) – {BBF74FB9-ABCD-4678-880A-2511DAABB5E1} – E:\Program Files\Yahoo!\Search Protection\ysp.dll
O9 – Extra ‘Tools’ menuitem: Yahoo! Search Protection – {BBF74FB9-ABCD-4678-880A-2511DAABB5E1} – E:\Program Files\Yahoo!\Search Protection\ysp.dll
O9 – Extra button: (no name) – {e2e2dd38-d088-4134-82b7-f2ba38496583} – E:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 – Extra ‘Tools’ menuitem: @xpsp3res.dll,-20001 – {e2e2dd38-d088-4134-82b7-f2ba38496583} – E:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 – Extra button: Messenger – {FB5F1910-F110-11d2-BB9E-00C04F795683} – E:\Program Files\Messenger\msmsgs.exe
O9 – Extra ‘Tools’ menuitem: Windows Messenger – {FB5F1910-F110-11d2-BB9E-00C04F795683} – E:\Program Files\Messenger\msmsgs.exe
O10 – Unknown file in Winsock LSP: e:\windows\system32\nwprovau.dll
O16 – DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) – E:\Program Files\Yahoo!\Common\Yinsthelper200711281.dll
O16 – DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) – http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O17 – HKLM\System\CCS\Services\Tcpip\..\{A53C61D2-E8DB-43DB-8522-226841457504}: NameServer = 213.154.124.1 193.231.252.1
O18 – Filter: x-sdch – {B1759355-3EEC-4C1E-B0F1-B719FE26E377} – E:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O22 – SharedTaskScheduler: Browseui preloader – {438755C2-A8BA-11D1-B96B-00A0C90312E1} – E:\WINDOWS\system32\browseui.dll
O22 – SharedTaskScheduler: Component Categories cache daemon – {8C7461EF-2B13-11d2-BE35-3078302C2030} – E:\WINDOWS\system32\browseui.dll
O23 – Service: ESET HTTP Server (EhttpSrv) – ESET – E:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 – Service: ESET Service (ekrn) – ESET – E:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 – Service: ServiceLayer – Nokia – E:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 – Service: TeamViewer 4 (TeamViewer4) – TeamViewer GmbH – E:\Program Files\TeamViewer\Version4\TeamViewer_Service.exe
–
End of file – 10185 bytes
@Carmen: Bifeaza intrarile urmatoare in log si apasa “Fix checked”
O4 – HKLM\..\Run: [Firewall Administrating] E:\WINDOWS\infocard.exe
O4 – HKCU\..\Run: [Firewall Administrating] E:\WINDOWS\infocard.exe
P.S.: Mai usor cu crack-urile
Salut. Nu stiu daca am facut exact ce tebuia,dar virusul meu e bine merci instalat in calculatorul meu si nu se da dus. Te rog ajuta-ma sa scap de el,ca mi-am inebunit toti prietenii din lista de mes.
@Carmen: Trimite-mi te rog prin e-mail un log HijackThis, log-ul scanarii Malwarebytes Anti-Malware si de asemenea link-ul pe care-l trimiti prin messenger.
E-mail: faravirusicom@gmail.com
salut!cum dezactivez si eu extraoptiunea cu 500 de min si 500 de sms? pt ca se a ctiveaza automat daca am minim 3 euro pe cartela si nu mai am nevoie sa se mai activeze!multumesc!
ai incercat sa lovesti cartela cu ciocanul? da scoate-o mai intai din telefon.
@mihai: Cel mai sigur, te duci la un magazin Cosmote, Germanos sau Internity pentru a te ajuta.
Transfera banii unui prieten sau rude din aceeasi retea pana trece perioada in care se activeaza automat.
Ce nick ai pe Comodo Forums?