http://www.centrumxp.pl/forum/viewtopic.php?t=20602 – odpowiedź EL NINO

Mcscr@by myślałeś o tym aby startowac na prezydenta ? :D

ale mam pytanie jelsi ty wiedziałes co wyrzuci c jak ja bede wiedział na nastepny raz co wyrzucić jest jakiś wyzncznik tego ?

warto spytac i samemu sie nauczyć niz za kazdym razem sie dopytywac

Wyłącz przywracanie systemu,

Fix:

R1 – HKCUSoftwareMicrosoftInternet ExplorerMain,Search Bar = http://www.couldnotfind.com/search_page.html?&account_id=56715
R1 – HKCUSoftwareMicrosoftInternet ExplorerMain,Search Page = http://www.couldnotfind.com/search_page.html?&account_id=56715
R1 – HKCUSoftwareMicrosoftInternet ExplorerSearch,SearchAssistant = http://www.couldnotfind.com/search_page.html?&account_id=56715
R3 – URLSearchHook: (no name) – _{CFBFAE00–17A6–11D0–99CB–00C04FD64497} – (no file)
O2 – BHO: (no name) – {00000010–6F7D–442C–93E3–4A4827C2E4C8} – C:WINDOWS em219.dll
O2 – BHO: (no name) – {4A2AACF3–ADF6–11D5–98A9–00E018981B9E} – C:Program FilesNewDotNet ewdotnet6_30.dll
O2 – BHO: (no name) – {82315A18–6CFB–44a7–BDFD–90E36537C252} – C:Program FilesQuickSearchQuickSearchBar1_27.dll
O2 – BHO: (no name) – {A3FDD654–A057–4971–9844–4ED8E67DBBB8} – C:Program FilesSideFindsfbho.dll
O2 – BHO: (no name) – {AEECBFDA–12FA–4881–BDCE–8C3E1CE4B344} – C:WINDOWSSystem32 vms.dll
O2 – BHO: (no name) – {CE188402–6EE7–4022–8868–AB25173A3E14} – C:WINDOWSSystem32mscb.dll
O2 – BHO: Url Catcher – {CE31A1F7–3D90–4874–8FBE–A5D97F8BC8F1} – C:WINDOWSSystem32apuc.dll
O2 – BHO: (no name) – {F4E04583–354E–4076–BE7D–ED6A80FD66DA} – C:WINDOWSSystem32msbe.dll
O3 – Toolbar: QuickSearch Search Bar – {82315A18–6CFB–44a7–BDFD–90E36537C252} – C:Program FilesQuickSearchQuickSearchBar1_27.dll
O3 – Toolbar: ISTbar – {5F1ABCDB–A875–46c1–8345–B72A4567E486} – C:Program FilesISTbaristbar.dll
O3 – Toolbar: DashBar Toolbar – {CC90CDA0–74A0–45b4–80EF–D89CA8C249B8} – C:Program FilesDashBarDashBar17.dll
O4 – HKLM..Run: [New.net Startup] rundll32 C:PROGRA~1NEWDOT~1NEWDOT~2.DLL,NewDotNetStartup –s
O4 – HKLM..Run: [IST Service] C:Program FilesISTsvcistsvc.exe
O4 – HKLM..Run: [Internet Optimizer] "C:Program FilesInternet Optimizeroptimize.exe"
O4 – HKLM..Run: [msbb] c:program files180solutionsmsbb.exe
O4 – HKLM..Run: [BullsEye Network] C:Program FilesBullsEye Networkinargains.exe
O4 – HKLM..Run: [rivmn] C:WINDOWS ivmn.exe
O4 – HKLM..Run: [CMESys] "C:Program FilesCommon FilesCMEIICMESys.exe"
O4 – Global Startup: GStartup.lnk = C:Program FilesCommon FilesGMTGMT.exe
O4 – Global Startup: PrecisionTime.lnk = C:Program FilesPrecisionTimePrecisionTime.exe
O9 – Extra button: SideFind (HKLM)
O9 – Extra button: Related (HKLM)
O9 – Extra 'Tools' menuitem: Show &Related Links (HKLM)
O10 – Hijacked Internet access by New.Net
O10 – Hijacked Internet access by New.Net
O10 – Hijacked Internet access by New.Net
O10 – Hijacked Internet access by New.Net
O10 – Hijacked Internet access by New.Net
O16 – DPF: {386A771C–E96A–421F–8BA7–32F1B706892F} (Installer Class) – http://www.xxxtoolbar.com/ist/softwares/v4.0/0006_regular.cab

Uruchom Task ( Ctrl+Alt+Del ),
Wyszukaj i zakończ następujące procesy :

istsvc.exe
optimize.exe
msbb.exe
bargains.exe
optimize.exe
CMESys.exe
GMT.exe
PrecisionTime.exe
rivmn.exe

Wyszukaj zaznaczając ukryte pliki i foldery i usuń :

istsvc.exe
optimize.exe
msbb.exe
bargains.exe
optimize.exe
CMESys.exe
GMT.exe
PrecisionTime.exe
nem219.dll
newdotnet6_30.dll
QuickSearchBar1_27.dll
sfbho.dll
nvms.dll
mscb.dll
apuc.dll
msbe.dll
istbar.dll
DashBar17.dll
NEWDOT~2.DLL
rivmn.exe

Włącz przywracanie systemu.
Zainstaluj zaporę połaczeń ( firewall ).

logRunning processes:
C:WINDOWSSystem32smss.exe
C:WINDOWSsystem32winlogon.exe
C:WINDOWSsystem32services.exe
C:WINDOWSsystem32lsass.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSSystem32svchost.exe
C:Program FilesTGTSoftStyleXPStyleXPService.exe
C:WINDOWSsystem32spoolsv.exe
C:Program FilesPanda SoftwarePanda Antivirus TitaniumPavsrv51.exe
C:WINDOWSSystem32svchost.exe
C:Program FilesPanda SoftwarePanda Antivirus TitaniumAVENGINE.EXE
C:WINDOWSsystem32winlogon.exe
C:WINDOWSExplorer.EXE
C:Program FilesJavaj2re1.4.2_04injusched.exe
C:WINDOWSSystem32 undll32.exe
C:Program FilesISTsvcistsvc.exe
C:Program FilesInternet Optimizeroptimize.exe
C:program files180solutionsmsbb.exe
C:Program FilesBullsEye Networkinargains.exe
C:WINDOWSSOUNDMAN.EXE
D:Winampwinampa.exe
C:WINDOWSSystem32ctfmon.exe
C:Program FilesTGTSoftStyleXPStyleXP.exe
D:ShareazaShareaza.exe
C:WINDOWSsystem32cmd.exe
C:Program FilesPanda SoftwarePanda Antivirus Titaniumapvxdwin.exe
C:Program FilesPanda SoftwarePanda Antivirus TitaniumpavProxy.exe
C:WINDOWSSystem32wuauclt.exe
D:Gadu–Gadugg.exe
C:Program FilesOpera75opera.exe
C:Documents and SettingsmiszczuniuPulpitHijackThis.exe

R1 – HKCUSoftwareMicrosoftInternet ExplorerMain,Search Bar = http://www.couldnotfind.com/search_page.html?&account_id=56715
R1 – HKCUSoftwareMicrosoftInternet ExplorerMain,Search Page = http://www.couldnotfind.com/search_page.html?&account_id=56715
R0 – HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = http://www.wp.pl/
R1 – HKCUSoftwareMicrosoftInternet ExplorerSearch,SearchAssistant = http://www.couldnotfind.com/search_page.html?&account_id=56715
R1 – HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page_bak = http://www.wp.pl/
R0 – HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName = Łącza
R3 – URLSearchHook: (no name) – _{CFBFAE00–17A6–11D0–99CB–00C04FD64497} – (no file)
O2 – BHO: (no name) – {00000010–6F7D–442C–93E3–4A4827C2E4C8} – C:WINDOWS em219.dll
O2 – BHO: (no name) – {4A2AACF3–ADF6–11D5–98A9–00E018981B9E} – C:Program FilesNewDotNet ewdotnet6_30.dll
O2 – BHO: (no name) – {82315A18–6CFB–44a7–BDFD–90E36537C252} – C:Program FilesQuickSearchQuickSearchBar1_27.dll
O2 – BHO: (no name) – {A3FDD654–A057–4971–9844–4ED8E67DBBB8} – C:Program FilesSideFindsfbho.dll
O2 – BHO: (no name) – {AEECBFDA–12FA–4881–BDCE–8C3E1CE4B344} – C:WINDOWSSystem32 vms.dll
O2 – BHO: TGTSoft Explorer Toolbar Changer – {C333CF63–767F–4831–94AC–E683D962C63C} – C:Program FilesTGTSoftStyleXPTGT_BHO.dll
O2 – BHO: (no name) – {CE188402–6EE7–4022–8868–AB25173A3E14} – C:WINDOWSSystem32mscb.dll
O2 – BHO: Url Catcher – {CE31A1F7–3D90–4874–8FBE–A5D97F8BC8F1} – C:WINDOWSSystem32apuc.dll
O2 – BHO: (no name) – {F4E04583–354E–4076–BE7D–ED6A80FD66DA} – C:WINDOWSSystem32msbe.dll
O3 – Toolbar: &Radio – {8E718888–423F–11D2–876E–00A0C9082467} – C:WINDOWSSystem32msdxm.ocx
O3 – Toolbar: QuickSearch Search Bar – {82315A18–6CFB–44a7–BDFD–90E36537C252} – C:Program FilesQuickSearchQuickSearchBar1_27.dll
O3 – Toolbar: ISTbar – {5F1ABCDB–A875–46c1–8345–B72A4567E486} – C:Program FilesISTbaristbar.dll
O3 – Toolbar: DashBar Toolbar – {CC90CDA0–74A0–45b4–80EF–D89CA8C249B8} – C:Program FilesDashBarDashBar17.dll
O4 – HKLM..Run: [APVXDWIN] "C:Program FilesPanda SoftwarePanda Antivirus TitaniumAPVXDWIN.EXE" /s
O4 – HKLM..Run: [SunJavaUpdateSched] C:Program FilesJavaj2re1.4.2_04injusched.exe
O4 – HKLM..Run: [New.net Startup] rundll32 C:PROGRA~1NEWDOT~1NEWDOT~2.DLL,NewDotNetStartup –s
O4 – HKLM..Run: [IST Service] C:Program FilesISTsvcistsvc.exe
O4 – HKLM..Run: [Internet Optimizer] "C:Program FilesInternet Optimizeroptimize.exe"
O4 – HKLM..Run: [msbb] c:program files180solutionsmsbb.exe
O4 – HKLM..Run: [BullsEye Network] C:Program FilesBullsEye Networkinargains.exe
O4 – HKLM..Run: [rivmn] C:WINDOWS ivmn.exe
O4 – HKLM..Run: [CMESys] "C:Program FilesCommon FilesCMEIICMESys.exe"
O4 – HKLM..Run: [SoundMan] SOUNDMAN.EXE
O4 – HKLM..Run: [WinampAgent] D:Winampwinampa.exe
O4 – HKCU..Run: [CTFMON.EXE] C:WINDOWSSystem32ctfmon.exe
O4 – HKCU..Run: [STYLEXP] C:Program FilesTGTSoftStyleXPStyleXP.exe –Hide
O4 – HKCU..Run: [Gadu–Gadu] "D:Gadu–GaduPowergg.exe" /tray
O4 – HKCU..Run: [Shareaza] "D:ShareazaShareaza.exe" –tray
O4 – HKCU..Run: [Steam] D:Program FilesSteamSteam.exe –silent
O4 – Global Startup: Microsoft Office.lnk = C:Program FilesMicrosoft OfficeOffice10OSA.EXE
O4 – Global Startup: GStartup.lnk = C:Program FilesCommon FilesGMTGMT.exe
O4 – Global Startup: PrecisionTime.lnk = C:Program FilesPrecisionTimePrecisionTime.exe
O8 – Extra context menu item: E&ksport do programu Microsoft Excel – res://C:PROGRA~1MICROS~2Office10EXCEL.EXE/3000
O9 – Extra 'Tools' menuitem: Sun Java Console (HKLM)
O9 – Extra button: SideFind (HKLM)
O9 – Extra button: Related (HKLM)
O9 – Extra 'Tools' menuitem: Show &Related Links (HKLM)
O10 – Hijacked Internet access by New.Net
O10 – Hijacked Internet access by New.Net
O10 – Hijacked Internet access by New.Net
O10 – Hijacked Internet access by New.Net
O10 – Hijacked Internet access by New.Net
O16 – DPF: {386A771C–E96A–421F–8BA7–32F1B706892F} (Installer Class) – http://www.xxxtoolbar.com/ist/softwares/v4.0/0006_regular.cab
O16 – DPF: {D27CDB6E–AE6D–11CF–96B8–444553540000} (Shockwave Flash Object) – http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O17 – HKLMSystemCCSServicesTcpip..{6E209963–DF40–4330–9B36–BF730FD6AA3E}: NameServer = 194.204.159.1,194.204.152.32

Nie musisz przepraszać,
No body perfect :P :wink: .

mcscr@by własnie znalazłem i chciałem sie poprawić sorki za moja nie uwage i nie kompetencje

:arrow: http://www.centrumxp.pl/forum/viewtopic.php?t=19974

log z hijack this lekka podpowiedz o co chodzi a co do wirusa tak to jest to

Chyba W32.Blaster.E :?: .

Tia, musisz być pewien w 100 % czym został zainfekowany system, aby pozbyć się inkekcji.
W przyklejonym Topic`u napisanym przez Pawka jest dokładnie napisane krok po kroku co naleźy zrobic aby pozbyć się infekcji.
Jeśli z jakiegoś powodu nie dajesz sobie rady to zamieśc log z Hijack This wtedy EL NINO czy ja napiszemy Tobie co naleźy usunąć i jakie dalej podjąć działania.

BTW, czego dotyczą błędy IE(?), Explorer i Opera :?: .