powazny problem??

15.02.06, 19:38
od jakiegos czasu email scanner programu AVG sygnalizuje skanowanie serwera
AUTOPOP3 OL205-51.fibertel.com.ar (nie mam nic takiego w kontach w
Outlooku)- czyzbym cos zlapal i komputer wysyla jakies swinstwa??
z gory dziekuje za podpowiedz.
Szpaku
    • Gość: k Re: powazny problem?? IP: *.warszawa.sdi.tpnet.pl 15.02.06, 19:51
      Przeskanuj system antyvirusem do tego wklej log z hijackthis na forum.
      • bimm Re: powazny problem?? 15.02.06, 20:10
        Logfile of HijackThis v1.99.1
        Scan saved at 20:10:58, on 2006-02-15
        Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
        MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

        Running processes:
        C:\WINDOWS\System32\smss.exe
        C:\WINDOWS\system32\winlogon.exe
        C:\WINDOWS\system32\services.exe
        C:\WINDOWS\system32\lsass.exe
        C:\WINDOWS\System32\Ati2evxx.exe
        C:\WINDOWS\system32\svchost.exe
        C:\WINDOWS\System32\svchost.exe
        C:\WINDOWS\system32\spoolsv.exe
        C:\WINDOWS\system32\Ati2evxx.exe
        C:\WINDOWS\Explorer.EXE
        C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
        C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
        C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
        C:\Program Files\Common Files\Real\Update_OB\realsched.exe
        C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb05.exe
        C:\WINDOWS\system32\atwtusb.exe
        C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
        C:\Program Files\Common Files\PCSuite\DataLayer\DataLayer.exe
        C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
        C:\Program Files\Musicmatch\Musicmatch Jukebox\MMDiag.exe
        C:\WINDOWS\system32\rundll32.exe
        C:\WINDOWS\system32\ctfmon.exe
        C:\Program Files\Skype\Phone\Skype.exe
        C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe
        C:\Program Files\Musicmatch\Musicmatch Jukebox\mim.exe
        C:\Program Files\Tlen.pl\tlen.exe
        C:\Program Files\Messenger\msmsgs.exe
        C:\PROGRA~1\COMMON~1\PCSuite\Services\SERVIC~1.EXE
        C:\PROGRA~1\COMMON~1\Nokia\MPAPI\MPAPI3s.exe
        D:\Program Files\eMule\emule.exe
        C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
        C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
        C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
        C:\WINDOWS\System32\svchost.exe
        C:\Program Files\Outlook Express\msimn.exe
        C:\Program Files\Mozilla Firefox\firefox.exe
        C:\Program Files\WinRAR\WinRAR.exe
        C:\DOCUME~1\szpaku\USTAWI~1\Temp\Rar$EX00.656\HijackThis.exe
        • Gość: k Re: powazny problem?? IP: *.warszawa.sdi.tpnet.pl 15.02.06, 20:18
          CALY!
          • bimm sorki 15.02.06, 20:21
            Logfile of HijackThis v1.99.1
            Scan saved at 20:24:35, on 2006-02-15
            Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
            MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

            Running processes:
            C:\WINDOWS\System32\smss.exe
            C:\WINDOWS\system32\winlogon.exe
            C:\WINDOWS\system32\services.exe
            C:\WINDOWS\system32\lsass.exe
            C:\WINDOWS\System32\Ati2evxx.exe
            C:\WINDOWS\system32\svchost.exe
            C:\WINDOWS\System32\svchost.exe
            C:\WINDOWS\system32\spoolsv.exe
            C:\WINDOWS\system32\Ati2evxx.exe
            C:\WINDOWS\Explorer.EXE
            C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
            C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
            C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
            C:\Program Files\Common Files\Real\Update_OB\realsched.exe
            C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb05.exe
            C:\WINDOWS\system32\atwtusb.exe
            C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
            C:\Program Files\Common Files\PCSuite\DataLayer\DataLayer.exe
            C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
            C:\Program Files\Musicmatch\Musicmatch Jukebox\MMDiag.exe
            C:\WINDOWS\system32\rundll32.exe
            C:\WINDOWS\system32\ctfmon.exe
            C:\Program Files\Skype\Phone\Skype.exe
            C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe
            C:\Program Files\Musicmatch\Musicmatch Jukebox\mim.exe
            C:\Program Files\Tlen.pl\tlen.exe
            C:\Program Files\Messenger\msmsgs.exe
            C:\PROGRA~1\COMMON~1\PCSuite\Services\SERVIC~1.EXE
            C:\PROGRA~1\COMMON~1\Nokia\MPAPI\MPAPI3s.exe
            D:\Program Files\eMule\emule.exe
            C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
            C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
            C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
            C:\WINDOWS\System32\svchost.exe
            C:\Program Files\Mozilla Firefox\firefox.exe
            C:\Program Files\Outlook Express\msimn.exe
            E:\Program Files\HijackThis.exe

            R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
            O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -
            C:\Program Files\Adobe\Acrobat 5.0 CE\Reader\ActiveX\AcroIEHelper.ocx
            O2 - BHO: URLLink - {4A2AACF3-ADF6-11D5-98A9-00E018981B9E} - C:\Program
            Files\NewDotNet\newdotnet7_22.dll
            O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program
            Files\Java\jre1.5.0_06\bin\ssv.dll
            O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
            O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control
            Panel\atiptaxx.exe
            O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
            O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program
            Files\Java\jre1.5.0_06\bin\jusched.exe
            O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common
            Files\Real\Update_OB\realsched.exe" -osboot
            O4 - HKLM\..\Run: [MimBoot] C:\Program Files\Musicmatch\Musicmatch
            Jukebox\mimboot.exe
            O4 - HKLM\..\Run: [HPDJ Taskbar Utility]
            C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb05.exe
            O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe"
            -atboottime
            O4 - HKLM\..\Run: [winupdate] C:\Program Files\winupdate\winupdate.exe /auto
            O4 - HKLM\..\Run: [p2pnetworking] p2pnetworking.exe
            O4 - HKLM\..\Run: [atwtusb] atwtusb.exe beta
            O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite
            6\LaunchApplication.exe -onlytray
            O4 - HKLM\..\Run: [DataLayer] C:\Program Files\Common
            Files\PCSuite\DataLayer\DataLayer.exe
            O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
            O4 - HKLM\..\Run: [New.net Startup] rundll32
            C:\PROGRA~1\NEWDOT~1\NEWDOT~1.DLL,ClientStartup -s
            O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
            O4 - HKLM\..\RunServices: [p2pnetworking] p2pnetworking.exe
            O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
            O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash
            /minimized
            O4 - HKCU\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe
            /NoDialog
            O4 - HKCU\..\Run: [Komunikator] C:\Program Files\Tlen.pl\tlen.exe
            O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
            O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft
            Office\Office\OSA9.EXE
            O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} -
            C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
            O9 - Extra 'Tools' menuitem: Sun Java Console -
            {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program
            Files\Java\jre1.5.0_06\bin\ssv.dll
            O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} -
            C:\Program Files\Messenger\msmsgs.exe
            O9 - Extra 'Tools' menuitem: Windows Messenger -
            {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
            O10 - Hijacked Internet access by New.Net
            O10 - Hijacked Internet access by New.Net
            O10 - Hijacked Internet access by New.Net
            O10 - Hijacked Internet access by New.Net
            O10 - Hijacked Internet access by New.Net
            O15 - Trusted Zone: *.musicmatch.com
            O15 - Trusted Zone: *.musicmatch.com (HKLM)
            O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) -
            www.kaspersky.pl/resources/virusscanner/kavwebscan_unicode.cab
            O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -
            update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1124748088816
            O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) -
            acs.pandasoftware.com/activescan/as5free/asinst.cab
            O16 - DPF: {A6916797-7ABD-4F07-93AE-098B6F543129} (CO2Player Class) -
            www.lemontv.pl/lmctrlp.cab
            O16 - DPF: {E7544C6C-CFD6-43EA-B4E9-360CEE20BDF7} (MainControl Class) -
            skaner.mks.com.pl/SkanerOnline.cab
            O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
            O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
            O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. -
            C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
            O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. -
            C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
            O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. -
            C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
            O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation
            - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

            • Gość: k Re: sorki IP: *.warszawa.sdi.tpnet.pl 15.02.06, 20:58
              Odinstaluj NewDotNet i usun jego katalog.

              W hijackthis usun:
              O2 - BHO: URLLink - {4A2AACF3-ADF6-11D5-98A9-00E018981B9E} - C:\Program
              Files\NewDotNet\newdotnet7_22.dll
              O4 - HKLM\..\Run: [winupdate] C:\Program Files\winupdate\winupdate.exe /auto <-
              usun katalog winupdate
              O4 - HKLM\..\Run: [p2pnetworking] p2pnetworking.exe
              O4 - HKLM\..\Run: [New.net Startup] rundll32
              C:\PROGRA~1\NEWDOT~1\NEWDOT~1.DLL,ClientStartup -s
              O4 - HKLM\..\RunServices: [p2pnetworking] p2pnetworking.exe <- usun plik z
              dysku.
              O10 - Hijacked Internet access by New.Net <- sciagnij z google lspfix.exe i
              usun w nim newdotnet ale nic wiecej nie ruszaj.
              O15 - Trusted Zone: *.musicmatch.com
              O15 - Trusted Zone: *.musicmatch.com (HKLM)

              Zrob skan:
              ftp://download.hirekmedia.hu/ssfsetup1_0.exe <- zrob update przed skanowaniem,
              po przeskanowaniu odinstaluj.
              download.ewido.net/ewido-setup.exe <- zrob update przed skanowaniem, po
              przeskanowaniu odinstaluj.
Pełna wersja