Olen ilmeisesti saanut koneelleni viruksen, joka lähettää sähköpostiviestejä automaattisesti. Minulle tulee päivässä kymmeniä "mail delivery failed" yms. viestejä. Lähetetyt viestit eivät ole minun omia viestejä ja useimmat takaisin tulevat ovat erilaisia viestejä. Minulla on koneella AOL active virus shield, jossa on kaikki viimeisimmät päivitykset. Ohjelma ei kuitenkaan löydä mitään haittaohjelmaa koneelta. Mitä luulette, onko koneellani kuitenkin joku ohjelma, joka lähettää viestejä vai lähettää joku vain viestejä käyttäen minun sähköpostiosoitettani? Miten pääsisin eroon ongelmasta?
Veikkaisin että joku muu lähettää niitä viestejä, ja sinun osoitteesi on vain laitettu niihin lähettäjäksi. Ikävä asia, jolle ei ole paljon mitään tehtävissä. Jos haluat varma olla ettei koneella ole mitään pöpöjä, voit laittaa esim. Hijackthis -lokin tänne, jospa joku asiantuntija-fixaaja katsoisi sen läpi kaiken varalta.
Ok. Logi näyttää seuraavalta: Logfile of HijackThis v1.99.1 Scan saved at 10:43:18, on 16.1.2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.5730.0011) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\Program Files\iTunes\iTunesHelper.exe C:\WINDOWS\system32\qttask.exe C:\Program Files\AOL\Active Virus Shield\avp.exe C:\Program Files\Winamp\winampa.exe C:\Program Files\MSN Messenger\MsnMsgr.Exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe C:\Program Files\AOL\Active Virus Shield\avp.exe C:\PROGRA~1\SONERA~1\backweb\4436233\Program\SERVIC~1.EXE C:\WINDOWS\System32\CTsvcCDA.exe C:\Program Files\Sonera Tietoturva\backweb\4436233\program\fsbwsys.exe C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe C:\Program Files\Sonera Tietoturva\backweb\4436233\Program\fspex.exe C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\Creative\Diagnostics\diagent.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\ZoneLabs\vsmon.exe C:\WINDOWS\System32\MsPMSPSv.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Outlook Express\msimn.exe C:\Program Files\Messenger\msmsgs.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files\Winamp\winamp.exe F:\HijackThis_v1.99.1.exe C:\WINDOWS\system32\CTPdeSrv.exe R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://searchmiracle.com/sp.php R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.irc.fi/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit O1 - Hosts: localhost 127.0.0.1 O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - (no file) O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.4000.1001\fi\msntb.dll O2 - BHO: 888Bar - {C004DEC2-2623-438e-9CA2-C9043AB28508} - C:\Program Files\Common Files\{3C4A109A-09DC-1035-1112-020816020166}\888Bar.dll (file missing) O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.4000.1001\fi\msntb.dll O3 - Toolbar: 888Bar - {C004DEC2-2623-438e-9CA2-C9043AB28508} - C:\Program Files\Common Files\{3C4A109A-09DC-1035-1112-020816020166}\888Bar.dll (file missing) O4 - HKLM\..\Run: [NTSF MICROSOFT SYSTEM] rundl32.exe O4 - HKLM\..\Run: [Help Temp Files] netreg.exe O4 - HKLM\..\Run: [runs] run.exe O4 - HKLM\..\Run: [Microsoft Winsocks 32 Controller] MSWSCK32.exe O4 - HKLM\..\Run: [Microsoft Windows Registry Service] wregistry.exe O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe" O4 - HKLM\..\Run: [diagent] "C:\Program Files\Creative\Diagnostics\diagent.exe" startup O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\system32\qttask.exe" -atboottime O4 - HKLM\..\Run: [aol] "C:\Program Files\AOL\Active Virus Shield\avp.exe" O4 - HKLM\..\Run: [Tweak UI] RUNDLL32.EXE TWEAKUI.CPL,TweakMeUp O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe O4 - HKLM\..\RunServices: [NTSF MICROSOFT SYSTEM] rundl32.exe O4 - HKLM\..\RunServices: [Help Temp Files] netreg.exe O4 - HKLM\..\RunServices: [runs] run.exe O4 - HKLM\..\RunServices: [Microsoft Winsocks 32 Controller] MSWSCK32.exe O4 - HKLM\..\RunServices: [Microsoft Windows Registry Service] wregistry.exe O4 - HKLM\..\RunServices: [NDdehsetdapter] wow123.exe O4 - HKCU\..\Run: [NTSF MICROSOFT SYSTEM] rundl32.exe O4 - HKCU\..\Run: [Help Temp Files] netreg.exe O4 - HKCU\..\Run: [Microsoft Winsocks 32 Controller] MSWSCK32.exe O4 - HKCU\..\Run: [runs] run.exe O4 - HKCU\..\Run: [NDdehsetdapter] wow123.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [Creative Detector] C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe /R O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NVMCTRAY.DLL,NvTaskbarInit O4 - HKCU\..\Run: [KillAndClean] "C:\Program Files\KillAndClean\KillAndClean.exe" O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O8 - Extra context menu item: Vie Microsoft E&xceliin - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000 O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O11 - Options group: [INTERNATIONAL] International* O12 - Plugin for .asp: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {82FFA573-38AA-482A-99AD-91F697B91631} (Installer.InstallControl) - http://static.35mb.com/applet/applet_o.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{20BA45FF-05E0-431B-B01D-1759D5409908}: NameServer = 85.255.114.50,85.255.112.20 O17 - HKLM\System\CCS\Services\Tcpip\..\{6F738857-D33C-432E-A18B-40E9BBC0866B}: NameServer = 85.255.114.50,85.255.112.20 O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.114.50 85.255.112.20 O17 - HKLM\System\CS1\Services\Tcpip\..\{20BA45FF-05E0-431B-B01D-1759D5409908}: NameServer = 85.255.114.50,85.255.112.20 O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.114.50 85.255.112.20 O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing) O20 - Winlogon Notify: klogon - C:\WINDOWS\system32\klogon.dll O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Active Virus Shield (AVP) - Unknown owner - C:\Program Files\AOL\Active Virus Shield\avp.exe" -r (file missing) O23 - Service: Sonera Tietoturva (BackWeb Plug-in - 4436233) - Unknown owner - C:\PROGRA~1\SONERA~1\backweb\4436233\Program\SERVIC~1.EXE O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe O23 - Service: fsbwsys - F-Secure Corp. - C:\Program Files\Sonera Tietoturva\backweb\4436233\program\fsbwsys.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Macromedia Licensing Service - Macromedia - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe Löytyykö siitä jotain epäilyttävää?
Kyllä siellä jotain näyttäisi olevan, mutta minulla ei ole tarvittavia taitoja auttaa enempää. Jos et saa täältä vastausta, kokeile Virustorjunta.netin HJT-logien analysointi -palstaa, josta saanee vastauksen kenties varmemmin.
