Ikonka Critical error oraz protection toolbar

[Gość: Ytek]

Zainstalowałem toolbara ze stronki depositfiles...i chce sie tego pozbyć nie
moge go odinstalować bo go nie ma w dodaj/usuń, na dole w pasku zadań mam
ciągle critical error system POMOCY! strona startowa ustawiona na jakiś auto
skan kompa i wykrywa mi mase trojanów miedzy innymi backdorhaxdor z ktorym
juz mialem do czynienia POMOCY!
Właśnie skanuje EVIDO i zaraz podam loga...

[Gość: Ytek]

[Gość: Ytek]

dalszy ciąg


O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) -
messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) -
messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) -
messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {6932D140-ABC4-4073-A44C-D4A541665E35} (ImageShack Toolbar) -
toolbar.imageshack.us/toolbar/ImageShackToolbar.cab
O16 - DPF: {6CB5E471-C305-11D3-99A8-000086395495} (Google Activate) -
toolbar1.google.com/data/pl/big/1.1.62-big/GoogleNav.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) -
messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) -
messenger.zone.msn.com/binary/ZIntro.cab47946.cab
O16 - DPF: {BE833F39-1E0C-468C-BA70-25AAEE55775E} (System Requirements Lab) -
www.systemrequirementslab.com/sysreqlab.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{37DCA4E9-8971-4F97-A8C4-DCA3B7BF4517}:
NameServer = 213.241.79.37 195.114.181.130
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1
\MSNMES~1\msgrapp.dll" (file missing)
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program
Files\Skype\Plugin Manager\Skype4COM.dll
O21 - SSODL: flammei - {9d635a36-6b3c-4146-8625-f3aaf507bbf8} -
C:\WINDOWS\system32\vcehaeb.dll
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. -
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program
Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe" /service (file
missing)
O23 - Service: DriveCrypt Service (DriveCryptService) - Unknown owner -
C:\Program Files\DriveCrypt\DcrServ.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - Unknown owner -
C:\Program Files\Common Files\Softwin\BitDefender Update
Service\livesrv.exe" /service (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation -
C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd -
C:\Program Files\Spyware Doctor\sdhelp.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. -
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - Unknown owner - C:\Program
Files\Softwin\BitDefender10\vsserv.exe" /service (file missing)
O23 - Service: BitDefender Communicator (XCOMM) - Unknown owner - C:\Program
Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe" /service
(file missing)

[Gość: Ytek]

lol drugi wykrzyknik !! system alert trojan-spy.win32@mx 0_o

[Gość: Kolobos]

Uzyj: siri.urz.free.fr/Fix/SmitfraudFix_En.php zrob to co masz napisane na stronie pod "Clean", po uzyciu utworz sie log, ktory wklej na forum.

W hjt usun:
O2 - BHO: (no name) - {1a1ddc19-5893-43ab-a73f-f41a0f34d115} - C:\Program
Files\Video ActiveX Object\isaddon.dll
O2 - BHO: SafeIE Utility - {B5D4581D-ED6A-4905-A267-25BAF7BE79C1} -
C:\WINDOWS\system32\safeie.dll <- plik usun z dysku.
O3 - Toolbar: Protection Bar - {96ebbe6a-2864-4345-b32b-26ee9be524b5} -
C:\Program Files\Video ActiveX Object\iesplugin.dll
O21 - SSODL: flammei - {9d635a36-6b3c-4146-8625-f3aaf507bbf8} -
C:\WINDOWS\system32\vcehaeb.dll <- plik usun z dysku.

[Gość: Ytek]

SmitFraudFix v2.128

Scan done at 14:47:23,17, 2006-12-05
Run from C:\Documents and Settings\Sebek\Pulpit\SmitfraudFix
OS: Microsoft Windows XP [Wersja 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in safe mode

»»»»»»»»»»»»»»»»»»»»»»»» Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» Killing process


»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

GenericRenosFix by S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files


»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"system"=""


»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning

Registry Cleaning done.

»»»»»»»»»»»»»»»»»»»»»»»» After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» End

moge jeszcze kontrolnie loga z hjt wkleic ?

[Gość: Kolobos]

Tak.

[Gość: Ytek]

Logfile of HijackThis v1.99.1
Scan saved at 15:43:20, on 2006-12-05
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\DriveCrypt\DcrServ.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe
C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe
C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
C:\Program Files\Softwin\BitDefender10\bdagent.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\DriveCrypt\DriveCrypt.exe
C:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe
C:\Program Files\Softwin\BitDefender10\vsserv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Gadu-Gadu\gg.exe
C:\Program Files\Gadu-Gadu\gg.exe
C:\Program Files\Softwin\BitDefender10\bdmcon.exe
C:\Documents and Settings\Sebek\Pulpit\Instalki\HiJackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -
C:\Program Files\Acrobat 6.0.1\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} -
C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL
O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} -
C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program
Files\Java\jre1.5.0_09\bin\ssv.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} -
C:\WINDOWS\Downloaded Program Files\googlenav.dll
O3 - Toolbar: ImageShack Toolbar - {6932D140-ABC4-4073-A44C-D4A541665E35} -
C:\WINDOWS\ImageShackToolbar\ImageShackToolbar.dll
O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} -
C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O4 - HKLM\..\Run: [NVRTCLK] C:\WINDOWS\system32\NVRTCLK\NVRTClk.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32
\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32
\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program
Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-
Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09
\bin\jusched.exe"
O4 - HKLM\..\Run: [BDMCon] "C:\Program Files\Softwin\BitDefender10
\bdmcon.exe" /reg
O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\Softwin\BitDefender10\bdagent.exe"
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-
88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [DriveCrypt Startup] c:\Program
Files\DriveCrypt\DriveCrypt.exe /WS
O8 - Extra context menu item: &Google Search - res://C:\WINDOWS\Downloaded
Program Files\googlenav.dll/cmsearch.html
O8 - Extra context menu item: &Ściągnij wszystko za pomocą WellGeta -
C:\Program Files\WellGet\nxall.htm
O8 - Extra context menu item: Backward &Links - res://C:\WINDOWS\Downloaded
Program Files\googlenav.dll/cmbacklinks.html
O8 - Extra context menu item: Cac&hed Snapshot of Page -
res://C:\WINDOWS\Downloaded Program Files\googlenav.dll/cmcache.html
O8 - Extra context menu item: Post Image to Blog -
res://C:\WINDOWS\ImageShackToolbar\ImageShackToolbar.dll/5003
O8 - Extra context menu item: Si&milar Pages - res://C:\WINDOWS\Downloaded
Program Files\googlenav.dll/cmsimilar.html
O8 - Extra context menu item: Tag This Image -
res://C:\WINDOWS\ImageShackToolbar\ImageShackToolbar.dll/5002
O8 - Extra context menu item: Upload All Images to ImageShack -
res://C:\WINDOWS\ImageShackToolbar\ImageShackToolbar.dll/5000
O8 - Extra context menu item: Upload Image to ImageShack -
res://C:\WINDOWS\ImageShackToolbar\ImageShackToolbar.dll/5001
O8 - Extra context menu item: Ściągnij za pomocą &WellGeta - C:\Program
Files\WellGet\nxcatch.htm

[Gość: Ytek]

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} -
C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-
00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: Flash Saver - {09EA1F80-F40A-11D1-B792-444553540001} -
C:\PROGRA~1\FLASHS~1\save.htm (file missing)
O9 - Extra 'Tools' menuitem: Flash Saver - {09EA1F80-F40A-11D1-B792-
444553540001} - C:\PROGRA~1\FLASHS~1\save.htm (file missing)
O9 - Extra button: WellGet - {35980F6E-A258-4E50-953D-813BB8556899} -
C:\Program Files\WellGet\WellGet.exe
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\PROGRA~1
\Skype\Phone\IEPlugin\SKYPEI~1.DLL
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} -
C:\Program Files\ICQLite\ICQLite.exe (file missing)
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} -
C:\Program Files\ICQLite\ICQLite.exe (file missing)
O9 - Extra button: eBay - Homepage - {EF79EAC5-3452-4E02-B8BD-BA4C89F1AC7A} -
C:\Program Files\IrfanView\Ebay\Ebay.htm
O9 - Extra button: Movies Extractor Scout - {F1EEBE30-9780-47FA-8AFF-
114EF77B9EC9} - C:\Program Files\Movies Extractor Scout\flashextract.exe (file
missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} -
C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-
00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: toolbar.imageshack.us
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) -
messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) -
messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) -
messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {6932D140-ABC4-4073-A44C-D4A541665E35} (ImageShack Toolbar) -
toolbar.imageshack.us/toolbar/ImageShackToolbar.cab
O16 - DPF: {6CB5E471-C305-11D3-99A8-000086395495} (Google Activate) -
toolbar1.google.com/data/pl/big/1.1.62-big/GoogleNav.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) -
messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) -
messenger.zone.msn.com/binary/ZIntro.cab47946.cab
O16 - DPF: {BE833F39-1E0C-468C-BA70-25AAEE55775E} (System Requirements Lab) -
www.systemrequirementslab.com/sysreqlab.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{37DCA4E9-8971-4F97-A8C4-DCA3B7BF4517}:
NameServer = 213.241.79.37 195.114.181.130
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1
\MSNMES~1\msgrapp.dll" (file missing)
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program
Files\Skype\Plugin Manager\Skype4COM.dll
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. -
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program
Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe" /service (file
missing)
O23 - Service: DriveCrypt Service (DriveCryptService) - Unknown owner -
C:\Program Files\DriveCrypt\DcrServ.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - Unknown owner -
C:\Program Files\Common Files\Softwin\BitDefender Update
Service\livesrv.exe" /service (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation -
C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. -
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - Unknown owner - C:\Program
Files\Softwin\BitDefender10\vsserv.exe" /service (file missing)
O23 - Service: BitDefender Communicator (XCOMM) - Unknown owner - C:\Program
Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe" /service
(file missing)

I pytanie czy to ten toolbar tak nabroił ?? czy to mozliwe zeby na takiej
stronie dali takiego klopotliwego toolbara?

[Gość: Kolobos]

Log jest juz ok.

> I pytanie czy to ten toolbar tak nabroił ?? czy to mozliwe zeby na takiej
> stronie dali takiego klopotliwego toolbara?

Pewnie tak, wiec nie wchodz wiecej na takie strony i nie instaluj takich programow. Najlepiej zmien tez przegladarke na Opere, a unikniesz takich problemow.

[Gość: Kolobos]

Ta czesc wyglada ok.

[Gość: Ytek]

Mam bit defender 10 w nim jest anti spyware, antivirus, firewall, antispam czy
to dobry program ?
A ten program fraudfix moge go używac jak coś nie tak zauważe czy on jest tylko
do spywareów?

[Gość: Kolobos]

Bit jest dobry, fraudfix jest tylko na niektore infekcje wiec nie ma sensu go uzywac jezeli sie danej infekcji nie ma.
Jak chcesz cos do skanowania to uzyj ewido.