Næsten 400 returmails i min mail-box?

En af årsagerne kan være at en af dine bekendte har fået en virus, som videresender til hele hans adressekartotek og der står du i.
For at det skal være lidt sværer at spore baglæns benytter nogle virus en adresse i det adressekartotek (altså din) som afsender. Det kan være årsagen?

Men for at gå sikker:
Udfør følgende handling: www.exp.dk/artikler/755 og kom med relevante logs, som kigger jeg på dem. (Bliver først i morgen)

Sådan, - endelig færdig,,,, Jeg tror der var en masse gris... Fedt, at du vil hjælpe!


>Det nederste af dr.web-loggen<

Scan statistics
-----------------------------------------------------------------------------
Objects scanned: 229413
Infected objects found: 30
Objects with modifications found: 0
Suspicious objects found: 0
Adware programs found: 1
Dialer programs found: 0
Joke programs found: 0
Riskware programs found: 0
Hacktool programs found: 0
Objects cured: 0
Objects deleted: 30
Objects renamed: 1
Objects moved: 0
Objects ignored: 0
Scan speed: 370 Kb/s
Scan time: 01:33:28
-----------------------------------------------------------------------------

=============================================================================
Total session statistics
=============================================================================
Objects scanned: 229516
Infected objects found: 30
Objects with modifications found: 0
Suspicious objects found: 0
Adware programs found: 1
Dialer programs found: 0
Joke programs found: 0
Riskware programs found: 0
Hacktool programs found: 0
Objects cured: 0
Objects deleted: 30
Objects renamed: 1
Objects moved: 0
Objects ignored: 0
Scan speed: 377 Kb/s
Scan time: 01:33:47
=============================================================================




---------------------------------------------------------
ewido anti-malware - Scanningsrapport
---------------------------------------------------------

+ Oprettet den:            23:02:05, 08-01-2006
+ Rapport-Checksum:        2C8FDF2A

+ Scanningsresultat:
    :mozilla.8:C:\Documents and Settings\AB\Application Data\Mozilla\Firefox\Profiles\u0kpmoj1.default\cookies.txt -> Spyware.Cookie.Adtech : Renset med backup
    :mozilla.9:C:\Documents and Settings\AB\Application Data\Mozilla\Firefox\Profiles\u0kpmoj1.default\cookies.txt -> Spyware.Cookie.Adtech : Renset med backup
    :mozilla.10:C:\Documents and Settings\AB\Application Data\Mozilla\Firefox\Profiles\u0kpmoj1.default\cookies.txt -> Spyware.Cookie.Mediaplex : Renset med backup
    :mozilla.23:C:\Documents and Settings\AB\Application Data\Mozilla\Firefox\Profiles\u0kpmoj1.default\cookies.txt -> Spyware.Cookie.Com : Renset med backup
    :mozilla.24:C:\Documents and Settings\AB\Application Data\Mozilla\Firefox\Profiles\u0kpmoj1.default\cookies.txt -> Spyware.Cookie.Com : Renset med backup
    :mozilla.82:C:\Documents and Settings\AB\Application Data\Mozilla\Firefox\Profiles\u0kpmoj1.default\cookies.txt -> Spyware.Cookie.2o7 : Renset med backup
    :mozilla.115:C:\Documents and Settings\AB\Application Data\Mozilla\Firefox\Profiles\u0kpmoj1.default\cookies.txt -> Spyware.Cookie.Googleadservices : Renset med backup
    C:\Documents and Settings\AB\Cookies\ab@adtech[2].txt -> Spyware.Cookie.Adtech : Renset med backup
    C:\Documents and Settings\AB\Cookies\ab@advertising[2].txt -> Spyware.Cookie.Advertising : Renset med backup
    C:\Documents and Settings\AB\Cookies\ab@cnn.122.2o7[1].txt -> Spyware.Cookie.2o7 : Renset med backup
    C:\Documents and Settings\AB\Cookies\ab@com[2].txt -> Spyware.Cookie.Com : Renset med backup
    C:\Documents and Settings\AB\Cookies\ab@mediaplex[2].txt -> Spyware.Cookie.Mediaplex : Renset med backup
    :mozilla.16:C:\Documents and Settings\ti g\Application Data\Mozilla\Firefox\Profiles\xfht70lo.default\cookies.txt -> Spyware.Cookie.Casalemedia : Renset med backup
    :mozilla.17:C:\Documents and Settings\ti g\Application Data\Mozilla\Firefox\Profiles\xfht70lo.default\cookies.txt -> Spyware.Cookie.Casalemedia : Renset med backup
    :mozilla.18:C:\Documents and Settings\ti g\Application Data\Mozilla\Firefox\Profiles\xfht70lo.default\cookies.txt -> Spyware.Cookie.Casalemedia : Renset med backup
    :mozilla.25:C:\Documents and Settings\ti g\Application Data\Mozilla\Firefox\Profiles\xfht70lo.default\cookies.txt -> Spyware.Cookie.Fastclick : Renset med backup
    :mozilla.26:C:\Documents and Settings\ti g\Application Data\Mozilla\Firefox\Profiles\xfht70lo.default\cookies.txt -> Spyware.Cookie.Fastclick : Renset med backup
    :mozilla.27:C:\Documents and Settings\ti g\Application Data\Mozilla\Firefox\Profiles\xfht70lo.default\cookies.txt -> Spyware.Cookie.Sextracker : Renset med backup
    :mozilla.28:C:\Documents and Settings\ti g\Application Data\Mozilla\Firefox\Profiles\xfht70lo.default\cookies.txt -> Spyware.Cookie.Sexlist : Renset med backup
    :mozilla.29:C:\Documents and Settings\ti g\Application Data\Mozilla\Firefox\Profiles\xfht70lo.default\cookies.txt -> Spyware.Cookie.Sexlist : Renset med backup
    :mozilla.30:C:\Documents and Settings\ti g\Application Data\Mozilla\Firefox\Profiles\xfht70lo.default\cookies.txt -> Spyware.Cookie.Sexlist : Renset med backup
    :mozilla.31:C:\Documents and Settings\ti g\Application Data\Mozilla\Firefox\Profiles\xfht70lo.default\cookies.txt -> Spyware.Cookie.Sextracker : Renset med backup
    :mozilla.72:C:\Documents and Settings\ti g\Application Data\Mozilla\Firefox\Profiles\xfht70lo.default\cookies.txt -> Spyware.Cookie.Revenue : Renset med backup
    :mozilla.74:C:\Documents and Settings\ti g\Application Data\Mozilla\Firefox\Profiles\xfht70lo.default\cookies.txt -> Spyware.Cookie.Hitbox : Renset med backup
    :mozilla.75:C:\Documents and Settings\ti g\Application Data\Mozilla\Firefox\Profiles\xfht70lo.default\cookies.txt -> Spyware.Cookie.Hitbox : Renset med backup
    :mozilla.77:C:\Documents and Settings\ti g\Application Data\Mozilla\Firefox\Profiles\xfht70lo.default\cookies.txt -> Spyware.Cookie.2o7 : Renset med backup
    :mozilla.78:C:\Documents and Settings\ti g\Application Data\Mozilla\Firefox\Profiles\xfht70lo.default\cookies.txt -> Spyware.Cookie.Masterstats : Renset med backup
    C:\Documents and Settings\ti g\Cookies\ti g@counter14.sextracker[1].txt -> Spyware.Cookie.Sextracker : Renset med backup
    C:\Documents and Settings\ti g\Cookies\ti g@sextracker[1].txt -> Spyware.Cookie.Sextracker : Renset med backup


::Rapport slut





Logfile of HijackThis v1.99.1
Scan saved at 00:13:17, on 09-01-2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ZCfgSvc.exe
C:\WINDOWS\Explorer.EXE
C:\Documents and Settings\AB\Skrivebord\hijackthis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.dk/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmer\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmer\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - D:\Programmer\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - D:\Programmer\NavShExt.dll
O4 - HKLM\..\Run: [Apoint] C:\Programmer\Apoint\Apoint.exe
O4 - HKLM\..\Run: [PRONoMgr.exe] C:\Programmer\Intel\NCS\PROSet\PRONoMgr.exe
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Programmer\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [MessengerPlus3] "D:\Programmer\msn-plus3\MsgPlus.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programmer\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [hplampc] C:\WINDOWS\system32\hplampc.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [ccApp] "C:\Programmer\Fælles filer\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Advanced Tools Check] D:\PROGRA~1\AdvTools\ADVCHK.EXE
O4 - HKLM\..\Run: [DAEMON Tools-1033] "D:\Programmer\demon\daemon.exe"  -lang 1033
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [iTunesHelper] "D:\Programmer\Itunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmer\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [dmocw.exe] C:\WINDOWS\system32\dmocw.exe
O4 - HKLM\..\RunOnce: [WIAWizardMenu] RUNDLL32.EXE C:\WINDOWS\system32\sti_ci.dll,WiaCreateWizardMenu
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Programmer\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Skype] "D:\Programmer\Phone\Skype.exe" /nosplash /minimized
O4 - Global Startup: Adobe Gamma Loader.lnk = ?
O4 - Global Startup: Adobe Reader Hurtigstart.lnk = C:\Programmer\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Post-it® Software Notes Lite.lnk = C:\Programmer\3M\PSN2Lite\Psn2Lite.exe
O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://D:\PROGRA~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Opslag - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O16 - DPF: {029FDBA6-3547-11D7-AA4C-0050BF051A00} (Rawflow ICD Client) - http://downol.dr.dk/download/netradio/Rawflow.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {18D9C485-7EEC-4395-95DA-DC3875B10E81} (TEInstallPlugIn) - http://www.skylinesoft.com/interactive/TerraExplorer/Install/TEInstallPlugIn.cab
O16 - DPF: {402EE96E-2CE8-482D-ADA5-CECEEA07E16D} (TurnTool Scene) - http://www.turntool.com/ViewerInstall.exe
O16 - DPF: {62789780-B744-11D0-986B-00609731A21D} (Autodesk MapGuide ActiveX Control) - http://gis.aarhus.dk/Mapguide%20viewer/mgaxctrl.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - http://h30043.www3.hp.com/sj/en/check/qdiagh.cab?322
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - AppInit_DLLs: MsgPlusLoader.dll
O20 - Winlogon Notify: Sebring - C:\WINDOWS\System32\LgNotify.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Programmer\Fælles filer\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programmer\Fælles filer\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Programmer\Fælles filer\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Programmer\Fælles filer\Symantec Shared\ccSetMgr.exe
O23 - Service: ewido security suite control - ewido networks - D:\Programmer\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - D:\Programmer\security suite\ewidoguard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmer\Fælles filer\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Programmer\iPod\bin\iPodService.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Programmer\Fælles filer\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - D:\Programmer\navapsvc.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Programmer\Intel\NCS\Sync\NetSvc.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - D:\Programmer\AdvTools\NPROTECT.EXE
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: RegSrvc - Intel Corporation - C:\WINDOWS\System32\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation  - C:\WINDOWS\System32\S24EvMon.exe
O23 - Service: SAVScan - Symantec Corporation - D:\Programmer\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FLLESF~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Programmer\Fælles filer\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Programmer\Fælles filer\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Programmer\Fælles filer\Symantec Shared\Security Center\SymWSC.exe


Er der andet du skal bruge?

Nej loggen er ren, så virusen er ikke kommet fra din maskine, så det er nok øverste svar

Ewido har ikke fjernet noget som kunne have genereret mails.

Min netforbindelse virker lidt ustabil, - jeg flader meget af og på. Har du en god forklaring?

Rigtig mange tak!

flader=falder

Jeg har trådløst net

umiddelbart nej, der er intet i loggen, der kan skyldes dette.
Er du på ydergrænsen af modtagelse? - kan der være støj?