Sprawdźcie loga

Dla specjalistów Bezpieczeństwo
#1

Mam problem z kompem. Strasznie wolo chodzi, mam włączonego firewalla, antywirus nic nie wykrywa. Ciągle zmienia mi się strona główna . Nie mogę usunąć :

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://rl.webtracer.cc/-/?bayzm (obfuscated)

Tu macie loga:

Logfile of HijackThis v1.99.1

Scan saved at 15:33:37, on 2005-02-26

Platform: Windows XP (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\System32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

C:\Program Files\Alwil Software\Avast4\ashServ.exe

C:\PROGRA~1\AGNITUM\OUTPOS~1\outpost.exe

C:\Program Files\Wanadoo\EspaceWanadoo.exe

C:\Program Files\Wanadoo\ComComp.exe

C:\Program Files\Wanadoo\Watch.exe

C:\Program Files\Alwil Software\Avast4\ashSimpl.exe

C:\Program Files\mozilla.org\Mozilla\mozilla.exe

C:\Program Files\Gadu-Gadu\gg.exe

C:\WINDOWS\System32\wuauclt.exe

C:\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.pl

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://rl.webtracer.cc/-/?bayzm (obfuscated)

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.pl

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://rl.webtracer.cc/-/?bayzm (obfuscated)

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Neostrada Plus wita Cie w Internecie

O1 - Hosts: 3510794929 auto.search.msn.com

O16 - DPF: {4BDAF1F5-6D21-42F9-AAB9-CE0050407803} (GameDesire Uninstaller) - http://67.15.101.3/g_bin/ginuser_pl_2_0_0_3.cab

O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab

O16 - DPF: {E7544C6C-CFD6-43EA-B4E9-360CEE20BDF7} (MainControl Class) - http://skaner.mks.com.pl/SkanerOnline.cab

O17 - HKLM\System\CCS\Services\Tcpip…{ABE654BA-1D5C-4BA7-913C-998EA6263BF6}: NameServer = 194.204.152.34 217.98.63.164

O19 - User stylesheet: C:\WINDOWS\stsheets.dat

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe

O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe

O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe

O23 - Service: Outpost Firewall Service (OutpostFirewall) - Agnitum - C:\PROGRA~1\AGNITUM\OUTPOS~1\outpost.exe

Ratujcie mnie!

#2

Usuwaj z trybu awaryjnego:

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://rl.webtracer.cc/-/?bayzm (obfuscated)

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://rl.webtracer.cc/-/?bayzm (obfuscated)

O1 - Hosts: 3510794929 auto.search.msn.com

O16 - DPF: {4BDAF1F5-6D21-42F9-AAB9-CE0050407803} (GameDesire Uninstaller) - http://67.15.101.3/g_bin/ginuser_pl_2_0_0_3.cab

O19 - User stylesheet: C:\WINDOWS\stsheets.dat

Dodatkowo proponuje instalacje SP2 i pozbycie się aplikacji neostrady,a skonfigurowanie połączenia normalnie.

#3

do kasacji:

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://rl.webtracer.cc/-/?bayzm (obfuscated)

O16 - DPF: {4BDAF1F5-6D21-42F9-AAB9-CE0050407803} (GameDesire Uninstaller) - http://67.15.101.3/g_bin/ginuser_pl_2_0_0_3.cab

#4

wykasowalem to co kazaliscie.

Po ponownym wlaczeniu kompa mamy takie cos:

Logfile of HijackThis v1.99.1

Scan saved at 15:55:10, on 2005-02-26

Platform: Windows XP (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\System32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

C:\Program Files\Alwil Software\Avast4\ashServ.exe

C:\PROGRA~1\AGNITUM\OUTPOS~1\outpost.exe

C:\Program Files\Wanadoo\EspaceWanadoo.exe

C:\Program Files\Wanadoo\ComComp.exe

C:\Program Files\Wanadoo\Watch.exe

C:\Program Files\mozilla.org\Mozilla\mozilla.exe

C:\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.pl

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://rl.webtracer.cc/-/?bayzm (obfuscated)

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.pl

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://rl.webtracer.cc/-/?bayzm (obfuscated)

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Neostrada Plus wita Cie w Internecie

O1 - Hosts: 3510794929 auto.search.msn.com

O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab

O16 - DPF: {E7544C6C-CFD6-43EA-B4E9-360CEE20BDF7} (MainControl Class) - http://skaner.mks.com.pl/SkanerOnline.cab

O17 - HKLM\System\CCS\Services\Tcpip…{ABE654BA-1D5C-4BA7-913C-998EA6263BF6}: NameServer = 194.204.152.34 217.98.63.164

O19 - User stylesheet: C:\WINDOWS\stsheets.dat

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe

O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe

O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe

O23 - Service: Outpost Firewall Service (OutpostFirewall) - Agnitum - C:\PROGRA~1\AGNITUM\OUTPOS~1\outpost.exe

CZYLI WSZYSTKO JEST TAK JAK BYLO

POWIEDZCIE, JAK MAM TO USUNAC,ZEBY SIE NIE POJAWIALO PONOWNIE! !!

#5

Powiem tak: Rzecz, które teraz wskażę, usuń w Trybie Awaryjnym, gdy włączasz komputer, pojawia się plansza, naciskasz F8. Przed tą czynnonścią jednak wyłącz przywracanie systemu!!!

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://rl.webtracer.cc/-/?bayzm (obfuscated)

   	R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://rl.webtracer.cc/-/?bayzm (obfuscated)

O1 - Hosts: 3510794929 auto.search.msn.com

   	O19 - User stylesheet: C:\WINDOWS\stsheets.dat

Instalujesz Service Pack 2 i Firefoxa!

#6

Skan:

KillTrusted 0.6

I jeszcze raz log!

#7

killtrusted pokazuje ino to:

Files Found…

Files Not deleted…

Merging registry entries

The Registry Entries Found…

Other bad files to be Manually deleted… Please note that this might also list legit Files, be careful while deleting

msi.dll

Finished

#8

a w hijacku nadal:

Logfile of HijackThis v1.99.1

Scan saved at 22:43:26, on 2005-02-26

Platform: Windows XP (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\System32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

C:\Program Files\Alwil Software\Avast4\ashServ.exe

C:\PROGRA~1\AGNITUM\OUTPOS~1\outpost.exe

C:\Program Files\Extra Page 2.1\extrapage2.exe

C:\Program Files\Wanadoo\EspaceWanadoo.exe

C:\Program Files\Wanadoo\ComComp.exe

C:\Program Files\Wanadoo\Watch.exe

C:\WINDOWS\System32\wuauclt.exe

C:\Program Files\Extra Page 2.1\extrapage2.exe

C:\Program Files\Gadu-Gadu\gg.exe

C:\Program Files\mozilla.org\Mozilla\mozilla.exe

C:\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.pl

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://rl.webtracer.cc/-/?bayzm (obfuscated)

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.pl

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://rl.webtracer.cc/-/?bayzm (obfuscated)

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Neostrada Plus wita Cie w Internecie

O1 - Hosts: 3510794929 auto.search.msn.com

O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab

O16 - DPF: {E7544C6C-CFD6-43EA-B4E9-360CEE20BDF7} (MainControl Class) - http://skaner.mks.com.pl/SkanerOnline.cab

O17 - HKLM\System\CCS\Services\Tcpip…{ABE654BA-1D5C-4BA7-913C-998EA6263BF6}: NameServer = 194.204.152.34 217.98.63.164

O19 - User stylesheet: C:\WINDOWS\stsheets.dat

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe

O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe

O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe

O23 - Service: Outpost Firewall Service (OutpostFirewall) - Agnitum - C:\PROGRA~1\AGNITUM\OUTPOS~1\outpost.exe

#9

C:\Program Files\Extra Page 2.1\extrapage2.exe

C:\Program Files\Extra Page 2.1\extrapage2.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://rl.webtracer.cc/-/?bayzm (obfuscated)

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://rl.webtracer.cc/-/?bayzm (obfuscated)

O1 - Hosts: 3510794929 auto.search.msn.com

O19 - User stylesheet: C:\WINDOWS\stsheets.dat

#10

C:\Windows\system32\drivers\etec\host

Otwierasz za pomocą notatnika i kopiujesz wszystko tutaj co się tam znajduje.