Just nu i M3-nätverket
Jump to content

datorn skickar 1000 mail....se log från HijackThis


suprapappa

Recommended Posts

hej

 

har fått ett virus som symantec antivirus corporate edidtion inte hittar trots at virus definitionerna är av dagens datum. op är win xp pro.

 

viruset får in dator att skicka en massa spammail trots att outlook inte är igång.

 

nedan finns en logfil från HijackThis

 

vad ska jag göra?

 

tack

 

petri

 

[log]Logfile of HijackThis v1.99.1

Scan saved at 20:46:23, on 2006-12-25

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\Program\Internet Explorer\iexplore.exe

C:\WINDOWS\system32\svchost.exe

C:\Program\Delade filer\Symantec Shared\ccSetMgr.exe

C:\WINDOWS\Explorer.EXE

C:\Program\Delade filer\Symantec Shared\ccEvtMgr.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program\Symantec\LiveUpdate\ALUSchedulerSvc.exe

C:\Program\Symantec AntiVirus\DefWatch.exe

C:\Program\NORTON~1\NORTON~2\GHOSTS~2.EXE

C:\WINDOWS\system32\NMSSvc.exe

C:\Program\Norton SystemWorks\Norton Utilities\NPROTECT.EXE

C:\Program\SlimServer\server\slim.exe

C:\Program\NORTON~1\SPEEDD~1\nopdb.exe

C:\WINDOWS\system32\svchost.exe

C:\Program\Symantec AntiVirus\Rtvscan.exe

C:\WINDOWS\system32\wdfmgr.exe

C:\Program\SLIMSE~1\server\Bin\MSWIN3~1\mysqld.exe

C:\WINDOWS\system32\kxmixer.exe

C:\Program\Microsoft IntelliType Pro\type32.exe

C:\Program\Microsoft IntelliPoint\point32.exe

C:\Program\SyncroSoft\Pos\H2O\cledx.exe

C:\Program\Delade filer\Symantec Shared\ccApp.exe

C:\Program\SYMANT~1\VPTray.exe

C:\Program\D-Link\AirPlus G\AirGCFG.exe

C:\Program\ANI\ANIWZCS2 Service\WZCSLDR2.exe

C:\Program\MSN Messenger\MsnMsgr.Exe

C:\WINDOWS\System32\svchost.exe

C:\Program\Adobe\Acrobat 6.0\Distillr\acrotray.exe

C:\Program\MicroStar\Bluetooth Software\BTTray.exe

C:\Program\MSI\PC Alert 4\PCAlert4.exe

C:\Program\SlimServer\SlimTray.exe

C:\Program\MicroStar\Bluetooth Software\BTStackServer.exe

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\services.exe

C:\Program\Internet Explorer\iexplore.exe

C:\Program\ICQ\ICQ.exe

C:\Documents and Settings\Petri\Application Data\U3\0000060509133606\LaunchPad.exe

C:\Documents and Settings\Petri\Skrivbord\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://forum.studio.se/index.php

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar

O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll

O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll

O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program\Yahoo!\Companion\Installs\cpn\yt.dll

O4 - HKLM\..\Run: [kX Mixer] kxmixer --startup

O4 - HKLM\..\Run: [type32] "C:\Program\Microsoft IntelliType Pro\type32.exe"

O4 - HKLM\..\Run: [intelliPoint] "C:\Program\Microsoft IntelliPoint\point32.exe"

O4 - HKLM\..\Run: [H2O] C:\Program\SyncroSoft\Pos\H2O\cledx.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [ccApp] "C:\Program\Delade filer\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [vptray] C:\Program\SYMANT~1\VPTray.exe

O4 - HKLM\..\Run: [D-Link AirPlus G] C:\Program\D-Link\AirPlus G\AirGCFG.exe

O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Program\ANI\ANIWZCS2 Service\WZCSLDR2.exe

O4 - HKCU\..\Run: [MsnMsgr] "C:\Program\MSN Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [WinMedia] C:\DOCUME~1\Petri\LOKALA~1\Temp\818015.exe

O4 - HKCU\..\Run: [WinUpdate] "C:\DOCUME~1\Petri\LOKALA~1\Temp\843453.exe"

O4 - Global Startup: Acrobat Assistant.lnk = C:\Program\Adobe\Acrobat 6.0\Distillr\acrotray.exe

O4 - Global Startup: BTTray.lnk = ?

O4 - Global Startup: PC Alert 4.lnk = C:\Program\MSI\PC Alert 4\PCAlert4.exe

O4 - Global Startup: SlimServer Tray Tool.lnk = C:\Program\SlimServer\SlimTray.exe

O8 - Extra context menu item: E&xportera till Microsoft Excel - res://C:\Program\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.5.0_05\bin\npjpi150_05.dll

O9 - Extra 'Tools' menuitem: Sun Java-konsol - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.5.0_05\bin\npjpi150_05.dll

O9 - Extra button: ICQ Pro - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program\ICQ\ICQ.exe

O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program\ICQ\ICQ.exe

O9 - Extra button: Referensinformation - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program\MICROS~2\OFFICE11\REFIEBAR.DLL

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1124895082593

O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{0252D226-B274-44CC-A69E-7B76B659E78D}: NameServer = 85.255.113.138,85.255.112.115

O17 - HKLM\System\CCS\Services\Tcpip\..\{5B7C7C67-F657-4A11-A4CB-2908D51AF2FF}: NameServer = 85.255.113.138,85.255.112.115

O17 - HKLM\System\CCS\Services\Tcpip\..\{775C7B06-ED94-4EB5-9A93-B7E3B84A0DD4}: NameServer = 85.255.113.138,85.255.112.115

O17 - HKLM\System\CCS\Services\Tcpip\..\{D580C4C2-8F2F-4BC8-AE53-15594DCB0D7D}: NameServer = 85.255.113.138,85.255.112.115

O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.113.138 85.255.112.115

O17 - HKLM\System\CS1\Services\Tcpip\..\{0252D226-B274-44CC-A69E-7B76B659E78D}: NameServer = 85.255.113.138,85.255.112.115

O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.113.138 85.255.112.115

O17 - HKLM\System\CS2\Services\Tcpip\..\{0252D226-B274-44CC-A69E-7B76B659E78D}: NameServer = 85.255.113.138,85.255.112.115

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.113.138 85.255.112.115

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\Program\MSNMES~1\msgrapp.dll" (file missing)

O20 - Winlogon Notify: 1_32bean32_1reg - C:\Documents and Settings\All Users\Dokument\Settings\1_32bean32_1.dll

O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll

O23 - Service: Adobe LM Service - Unknown owner - C:\Program\Delade filer\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Alpha Networks Inc. - C:\Program\ANI\ANIWZCS2 Service\ANIWZCSdS.exe

O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program\Symantec\LiveUpdate\ALUSchedulerSvc.exe

O23 - Service: CAILI - Unknown owner - C:\WINDOWS\system32\caili.exe

O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\ccEvtMgr.exe

O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\ccPwdSvc.exe

O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\ccSetMgr.exe

O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program\Symantec AntiVirus\DefWatch.exe

O23 - Service: GhostStartService - Symantec Corporation - C:\Program\NORTON~1\NORTON~2\GHOSTS~2.EXE

O23 - Service: LiveUpdate - Symantec Corporation - C:\Program\Symantec\LIVEUP~1\LUCOMS~1.EXE

O23 - Service: Intel® NMS (NMSSvc) - Intel Corporation - C:\WINDOWS\system32\NMSSvc.exe

O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program\Norton SystemWorks\Norton Utilities\NPROTECT.EXE

O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program\Symantec AntiVirus\SavRoam.exe

O23 - Service: SlimServer (slimsvc) - Unknown owner - C:\Program\SlimServer\server\slim.exe

O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\SNDSrvc.exe

O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\SPBBC\SPBBCSvc.exe

O23 - Service: Speed Disk service - Symantec Corporation - C:\Program\NORTON~1\SPEEDD~1\nopdb.exe

O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program\Symantec AntiVirus\Rtvscan.exe

O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\Security Center\SymWSC.exe

O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Program\TuneUp Utilities 2006\WinStylerThemeSvc.exe

[/log]

 

 

Link to comment
Share on other sites

det ser inte så bra ut, hämta detta program. installera och uppdatera det

http://downloads.grisoft.cz/softw/70/filedir/inst/avgas-setup-7.5.0.50.exe

 

gör en scan med hjt, bocka för dessa rader om du inte känner till ipadressen 85.255.113.138

 

O17 - HKLM\System\CCS\Services\Tcpip\..\{0252D226-B274-44CC-A69E-7

B76B659E78D}: NameServer = 85.255.113.138,85.255.112.115

O17 - HKLM\System\CCS\Services\Tcpip\..\{5B7C7C67-F657-4A11-A4CB-2

908D51AF2FF}: NameServer = 85.255.113.138,85.255.112.115

O17 - HKLM\System\CCS\Services\Tcpip\..\{775C7B06-ED94-4EB5-9A93-B

7E3B84A0DD4}: NameServer = 85.255.113.138,85.255.112.115

O17 - HKLM\System\CCS\Services\Tcpip\..\{D580C4C2-8F2F-4BC8-AE53-1

5594DCB0D7D}: NameServer = 85.255.113.138,85.255.112.115

O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.113.138 85.255.112.115

O17 - HKLM\System\CS1\Services\Tcpip\..\{0252D226-B274-44CC-A69E-B76B659E78D}: NameServer = 85.255.113.138,85.255.112.115

O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.113.138 85.255.112.115

O17 - HKLM\System\CS2\Services\Tcpip\..\{0252D226-B274-44CC-A69E-7

B76B659E78D}: NameServer = 85.255.113.138,85.255.112.115

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.113.138 85.255.112.115

 

starta om i felsäkert läge, starta avg. under scanner väljer du full system scan. efter scanningen klickar du på apply all actions, save report. posta den rapporten

 

[inlägget ändrat 2006-12-25 21:51:57 av 927]

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.



×
×
  • Create New...