PDA

View Full Version : Smitfraud-C.Toolbar888


Hellward
2007-03-04, 15:59
I was trying to get rid of it myself, but my efforts turned out useless.

Here is hjk log:

Logfile of HijackThis v1.99.1
Scan saved at 14:41:42, on 2007-03-04
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\wdfmgr.exe
C:\Program Files\Gadu-Gadu\gg.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\D-Link AirPlus\AirPlus.exe
C:\Documents and Settings\united_area\Pulpit\VundoFix.exe
C:\hijackthis_199\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pl/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\RunServices: [RegisterDropHandler] C:\Program Files\ScannerU\TBRIDGE\BIN\RegisterDropHandler.exe
O4 - HKCU\..\Run: [Gadu-Gadu] "C:\Program Files\Gadu-Gadu\gg.exe" /tray
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\spydoctor.exe" /Q
O4 - Global Startup: D-Link AirPlus.lnk = ?
O7 - HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O8 - Extra context menu item: &Tlumacz z LING... - http://www.ling.pl/ling/def-src.php4
O8 - Extra context menu item: Subskrybuj w Cafe News - C:\Program Files\Press-Service\CafeNews\addFeed.htm
O8 - Extra context menu item: Ściągnij przy pomocy FlashGet'a - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: Ściągnij wszystko przy pomocy FlashGet'a - C:\Program Files\FlashGet\jc_all.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\flashget.exe
O9 - Extra button: (no name) - SolidConverterPDF - (no file) (HKCU)
O15 - Trusted Zone: http://*.mks.com.pl
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.pl/resources/virusscanner/kavwebscan_unicode.cab
O16 - DPF: {5A09E43F-A0A7-4ABF-AF80-11367CF1DC8F} (MainControl Class) - http://mks.com.pl/skaner/SkanerOnline.cab
O16 - DPF: {68282C51-9459-467B-95BF-3C0E89627E55} (MainControl Class) - http://www.mks.com.pl/skaner/SkanerOnline.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{BD4ECE95-C687-48C1-94E5-A5B5152230CA}: NameServer = 85.255.114.107 85.255.112.133
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

I've deleted some dll's with VundoFix... ti didn't help :(
pskelley
2007-03-04, 17:12
Welcome to the forum, for starters it appears you missed these directions:
"BEFORE you POST" -Preliminary Steps
http://forums.spybot.info/showthread.php?t=288

I can see you are hijacked by these folks: http://whois.domaintools.com/85.255.114.107

Update Your Windows XP.
You are currently using an unpatched version of Windows XP.
Before attempting to remove malware, it is CRITICAL that you update to Service Pack 1a.
Get SP1a here : http://www.microsoft.com/windowsxp/downloads/updates/sp1/default.mspx
You should also get SP2, but NOT NOW, rather only after your machine is clean.
After updating your Windows to SP1a, post a new HijackThis log please, using the Post Reply button.

Thanks
Hellward
2007-03-04, 17:55
Thanks for fassst reply :]

I think taht it'll be easier If I reinstal my system and instal SP2 directly onto fresh win. Anyway, tnx for your help. :bigthumb:
pskelley
2007-03-04, 19:13
Member believes they have another option for success. Topic is closed.

Thanks