Moje emaile rozsyłają spam -> hijackthis


(stalewiak) #1

Witam od kilku dni mam problem . NP na pocztę interi przychodza mi emaile od siebie ! . Mimo zmiany hasła dalej przychodzą . Na onecie zablokowano tez mi konta . Zmieniłem hasło i nadal onet do mnie pisze ze moja poczta rozsyła spam a nie mam nic w wysłanych :o

Załączam log z hijackthis

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 18:12:26, on 2012-11-20

Platform: Windows Vista SP2 (WinNT 6.00.1906)

MSIE: Internet Explorer v9.00 (9.00.8112.16455)

Boot mode: Normal

Running processes:

C:\Windows\system32\Dwm.exe

C:\Windows\system32\taskeng.exe

C:\Windows\Explorer.EXE

C:\Windows\system32\igfxsrvc.exe

C:\Program Files\NetWorx\networx.exe

C:\Program Files\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\XimSoft\RAM Kontroler\RAMKontroler.exe

C:\Program Files\Microsoft Security Client\msseces.exe

C:\Windows\system32\wbem\unsecapp.exe

C:\Program Files\WapSter\WapSter AQQ\AQQ.exe

C:\Windows\system32\conime.exe

C:\Program Files\WapSter\WapSter AQQ\AQQ.exe

C:\Program Files\Windows Live\Mail\wlmail.exe

C:\Program Files\Windows Live\Contacts\wlcomm.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\Mozilla Firefox\plugin-container.exe

C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe

C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Program Files\Hijackthis\Trend Micro\HiJackThis\HiJackThis.exe

C:\Windows\system32\DllHost.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pl/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

R3 - URLSearchHook: (no name) - {687578b9-7132-4a7a-80e4-30ee31099e03} - (no file)

O1 - Hosts: ::1 localhost

O2 - BHO: Ad-Aware Security Add-on - {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files\adawaretb\adawareDx.dll

O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll

O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll

O3 - Toolbar: &NetWorx Desk Band - {FEEA54B4-D80F-41C7-87B9-DC08E6D3255F} - C:\PROGRA~1\NetWorx\deskband.dll

O3 - Toolbar: Ad-Aware Security Add-on - {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files\adawaretb\adawareDx.dll

O4 - HKLM..\Run: [NetWorx] "C:\Program Files\NetWorx\networx.exe" /auto

O4 - HKLM..\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey

O4 - HKLM..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

O4 - HKCU..\Run: [AQQ] C:\PROGRA~1\WapSter\WAPSTE~1\AQQ.exe

O4 - HKCU..\Run: [RAMKontroler] C:\Program Files\XimSoft\RAM Kontroler\RAMKontroler.exe

O4 - HKUS\S-1-5-19..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'USŁUGA LOKALNA')

O4 - HKUS\S-1-5-19..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'USŁUGA LOKALNA')

O4 - HKUS\S-1-5-20..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'USŁUGA SIECIOWA')

O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll

O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe

O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe

O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe

O23 - Service: Freemake Improver - Freemake - C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe

O23 - Service: Usługa Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: Usługa Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: Motorola Device Manager Service (Motorola Device Manager) - Unknown owner - C:\Program Files\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe

O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe

O23 - Service: PST Service - Motorola - C:\Program Files\Motorola\MotForwardDaemon\ForwardDaemon.exe

O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe

O23 - Service: Sony PC Companion - Avanquest Software - C:\Program Files\Sony\Sony PC Companion\PCCService.exe

O23 - Service: TeamViewer 7 (TeamViewer7) - TeamViewer GmbH - C:\Program Files\TeamViewer\Version7\TeamViewer_Service.exe

--

http://www.wklej.org/id/875632/

Co powywalać ? Antywirus Microsoft Security Essentials w pełnym skanowaniu nic nie wykrywa , adaware tez nie , jedynie Malwarebytes Anti-Malware wywalił mi wirusa tego co policja niby sie ukazuje

No nic . Czekam na pomoc i pozdrawiam :smiley:


(Atronics) #2

podaj logi otl według tego opisu,a nie hijackthis

analiza-dezynfekcja-zestaw-narzedzi-nieingerencyjnych-t485632.html#p3059741

i zaczekaj na odczyt


(stalewiak) #3

Usunałem co nie co . Prosze o to log z OLT .

http://www.wklej.org/id/875682/