Possibly trojan á tölvunni

silenzer · Pósturaf **silenzer** » Þri 29. Des 2009 13:47

Getur einhver hjálpað mér? Ég held það sé trojan í tölvunni. Ég postaði Hijackthis loggum á margar síður en enginn búinn að svara mér. Svo hér er hún:

Kóði: Velja allt

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:44:28, on 29.12.2009
Platform: Unknown Windows (WinNT 6.01.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16385)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskhost.exe
C:\Windows\Explorer.EXE
C:\Program Files\AVG\AVG9\avgtray.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Steam\Steam.exe
C:\Users\Gummi\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Gummi\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files\iTunes\iTunes.exe
C:\Users\Gummi\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Gummi\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Gummi\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.meatspin.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe
O4 - HKCU\..\Run: [Google Update] "C:\Users\Gummi\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent
O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O13 - Gopher Prefix: 
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Free E-mail Scanner (avg9emc) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgemc.exe
O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\Windows\system32\PnkBstrB.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe

--
End of file - 4665 bytes

Svo er líka eitthvað "DDS" sem einhver gaur sagði mér að setja hér inn... ef einhver veit hvað það er:

Kóði: Velja allt

DDS (Ver_09-12-01.01) - NTFSx86  
Run by Gummi at 18:42:37,58 on lau. 26.12.2009
Internet Explorer: 8.0.7600.16385
Microsoft Windows 7 Ultimate   6.1.7600.0.1252.354.1033.18.3071.2040 [GMT 0:00]


============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\Windows\system32\lsm.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\Program Files\AVG\AVG9\avgemc.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\Program Files\AVG\AVG9\avgtray.exe
C:\Program Files\Steam\Steam.exe
C:\Windows\system32\SearchIndexer.exe
C:\Users\Gummi\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\SRK Corp\GameMenu_Designer\GameMenuDesigner.exe
C:\Users\Gummi\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Gummi\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Gummi\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Gummi\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Gummi\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Gummi\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files\iTunes\iTunes.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Users\Gummi\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Gummi\Documents\Downloads\dds.scr
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = www.meatspin.com
uInternet Settings,ProxyOverride = *.local
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg9\avgssie.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
uRun: [Google Update] "c:\users\gummi\appdata\local\google\update\GoogleUpdate.exe" /c
uRun: [Steam] "c:\program files\steam\steam.exe" -silent
uRun: [uTorrent] "c:\program files\utorrent\uTorrent.exe"
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
uRun: [PlayNC Launcher] 
mRun: [AVG9_TRAY] c:\progra~1\avg\avg9\avgtray.exe
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg9\avgpp.dll
AppInit_DLLs: avgrsstx.dll

============= SERVICES / DRIVERS ===============

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-12-1 333192]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2009-12-1 28424]
R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-12-1 360584]
R2 avg9emc;AVG Free E-mail Scanner;c:\program files\avg\avg9\avgemc.exe [2009-12-1 906520]
R2 avg9wd;AVG Free WatchDog;c:\program files\avg\avg9\avgwdsvc.exe [2009-12-1 285392]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2009-6-10 139776]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]

=============== Created Last 30 ================

2009-12-26 02:58:38   0   d-----w-   c:\program files\GCFScape
2009-12-26 02:29:27   0   d-----w-   c:\users\gummi\appdata\roaming\GameMenu_Designer
2009-12-26 02:29:17   0   d-----w-   c:\program files\SRK Corp
2009-12-26 02:06:27   0   d-----w-   c:\program files\VTFEdit
2009-12-25 02:44:45   0   d-----w-   c:\program files\Vstplugins
2009-12-25 02:44:38   0   d-----w-   c:\programdata\Sony
2009-12-25 02:44:30   0   d-----w-   c:\program files\Sony
2009-12-25 02:42:03   0   d-----w-   c:\program files\Sony Setup
2009-12-24 23:44:48   0   ---ha-w-   c:\windows\system32\drivers\Msft_User_WpdFs_01_09_00.Wdf
2009-12-20 17:48:20   0   d-----w-   c:\windows\pss
2009-12-19 21:59:51   0   d--h--w-   c:\windows\msdownld.tmp
2009-12-19 21:59:49   0   d-----w-   c:\windows\system32\directx
2009-12-19 16:11:37   0   d-----w-   c:\program files\CSStrat
2009-12-19 14:35:08   0   d-----w-   c:\program files\NVIDIA Corporation
2009-12-16 21:10:25   0   d-----w-   c:\program files\X-ray Anti-Cheat
2009-12-15 14:16:55   0   d-----w-   c:\users\gummi\appdata\roaming\Octoshape
2009-12-15 13:24:16   0   d-----w-   c:\programdata\Blizzard
2009-12-15 13:24:05   0   d-----w-   c:\program files\World of Warcraft Installer
2009-12-15 00:38:33   0   d-----w-   c:\programdata\Media Center Programs
2009-12-13 17:02:54   0   d-----w-   c:\users\gummi\appdata\roaming\Xfire
2009-12-13 17:02:49   0   d-----w-   c:\programdata\Xfire
2009-12-13 17:02:49   0   d-----w-   c:\program files\Xfire
2009-12-13 16:14:03   0   d-----w-   c:\windows\system32\AGEIA
2009-12-13 16:13:16   0   d-----w-   c:\program files\common files\Wise Installation Wizard
2009-12-12 14:13:00   0   d-----w-   c:\program files\common files\Blizzard Entertainment
2009-12-12 13:55:14   0   d-----w-   c:\program files\CCleaner
2009-12-11 19:05:09   0   d-----w-   c:\windows\Time Stopper
2009-12-11 19:05:09   0   d-----w-   c:\program files\Time Stopper
2009-12-09 22:48:46   0   d-----w-   c:\program files\Trend Micro
2009-12-09 22:05:51   0   d-----w-   C:\Autoruns
2009-12-09 22:04:24   670072   ----a-w-   C:\autoruns.exe
2009-12-09 22:04:24   559992   ----a-w-   C:\autorunsc.exe
2009-12-09 22:04:24   48904   ----a-w-   C:\autoruns.chm
2009-12-07 00:36:33   0   d-----w-   c:\users\gummi\appdata\roaming\TERMINAL Studio
2009-12-07 00:36:32   3306   ----a-w-   c:\windows\system32\Free Fireplace 3D Screensaver.html
2009-12-07 00:36:31   92216   ----a-w-   c:\windows\system32\bass.dll
2009-12-07 00:36:31   499712   ----a-w-   c:\windows\system32\msvcp71.dll
2009-12-07 00:36:31   3592192   ----a-w-   c:\windows\system32\Free Fireplace 3D Screensaver.scr
2009-12-07 00:36:31   348160   ----a-w-   c:\windows\system32\msvcr71.dll
2009-12-07 00:36:31   0   d-----w-   c:\program files\Free Fireplace 3D Screensaver
2009-12-03 20:48:55   0   d-----w-   c:\program files\VentriloMIX
2009-12-01 16:35:56   0   d-----w-   c:\users\gummi\appdata\roaming\AVG8
2009-12-01 16:30:54   0   d--h--w-   C:\$AVG
2009-12-01 16:30:52   12464   ----a-w-   c:\windows\system32\avgrsstx.dll
2009-12-01 16:30:51   360584   ----a-w-   c:\windows\system32\drivers\avgtdix.sys
2009-12-01 16:30:48   333192   ----a-w-   c:\windows\system32\drivers\avgldx86.sys
2009-12-01 16:30:44   0   d-----w-   c:\windows\system32\drivers\Avg
2009-12-01 16:30:33   0   d-----w-   c:\program files\AVG
2009-12-01 16:30:31   0   d-----w-   c:\programdata\avg9
2009-11-30 19:37:34   41872   ----a-w-   c:\windows\system32\xfcodec.dll
2009-11-29 12:12:26   26600   ----a-w-   c:\windows\system32\drivers\GEARAspiWDM.sys
2009-11-29 12:12:26   107368   ----a-w-   c:\windows\system32\GEARAspi.dll
2009-11-29 12:12:09   0   d-----w-   c:\program files\iPod
2009-11-29 12:12:08   0   d-----w-   c:\programdata\{755AC846-7372-4AC8-8550-C52491DAA8BD}
2009-11-29 12:12:08   0   d-----w-   c:\program files\iTunes
2009-11-29 12:11:42   0   d-----w-   c:\program files\Bonjour
2009-11-29 12:11:30   0   d-----w-   c:\programdata\Apple Computer
2009-11-29 12:10:44   0   d-----w-   c:\programdata\Apple
2009-11-29 12:01:32   2048   ----a-w-   c:\windows\system32\tzres.dll
2009-11-29 11:47:38   728648   ----a-w-   c:\windows\system32\drivers\dxgkrnl.sys
2009-11-29 11:47:38   71168   ----a-w-   c:\windows\system32\fontsub.dll
2009-11-29 11:47:38   507568   ----a-w-   c:\windows\system32\winload.exe
2009-11-29 11:47:38   442920   ----a-w-   c:\windows\system32\winresume.exe
2009-11-29 11:47:38   293888   ----a-w-   c:\windows\system32\atmfd.dll
2009-11-29 11:47:38   2613248   ----a-w-   c:\windows\explorer.exe
2009-11-29 11:47:38   1320960   ----a-w-   c:\windows\system32\CertEnroll.dll
2009-11-29 11:47:38   12625408   ----a-w-   c:\windows\system32\wmploc.DLL
2009-11-29 11:47:38   108544   ----a-w-   c:\windows\system32\t2embed.dll
2009-11-28 20:36:02   0   d-----w-   c:\users\gummi\appdata\roaming\mIRC
2009-11-28 20:36:02   0   d-----w-   C:\mIRC
2009-11-28 19:01:10   0   d-----w-   C:\Windows.old
2009-11-28 17:58:57   0   d-----w-   c:\programdata\Adobe
2009-11-28 17:51:45   0   d--h--w-   c:\programdata\CanonBJ
2009-11-28 15:46:00   0   d-----w-   c:\users\gummi\Tracing
2009-11-28 15:44:32   0   d-----w-   c:\program files\Microsoft
2009-11-28 15:44:04   0   d-----w-   c:\program files\Windows Live SkyDrive
2009-11-28 15:43:20   0   d-----w-   c:\windows\PCHEALTH
2009-11-28 15:39:56   0   d-----w-   c:\program files\common files\Windows Live
2009-11-28 15:38:02   0   d-----w-   c:\users\gummi\appdata\roaming\Digsby
2009-11-28 12:42:45   0   d-----w-   c:\program files\uTorrent
2009-11-28 12:34:12   0   d-----w-   c:\program files\Ask.com
2009-11-28 12:31:34   0   d-----w-   c:\users\gummi\appdata\roaming\uTorrent
2009-11-28 12:27:50   411368   ----a-w-   c:\windows\system32\deploytk.dll
2009-11-28 12:27:20   0   d-sh--w-   c:\windows\Installer
2009-11-28 11:44:15   0   d-----w-   c:\program files\NCSoft
2009-11-28 11:42:06   0   d-----w-   c:\users\gummi\appdata\roaming\FlashFXP
2009-11-28 11:36:50   0   d-----w-   c:\program files\common files\Steam
2009-11-28 11:31:27   713888   ----a-w-   c:\windows\system32\PerfStringBackup.INI
2009-11-28 11:31:04   0   d-----w-   c:\windows\system32\wbem\Performance
2009-11-28 11:25:10   171136   --sha-r-   C:\w7ldr
2009-11-28 11:22:46   0   d-sh--we   c:\programdata\Documents

==================== Find3M  ====================

2009-12-09 20:04:36   560   ---ha-w-   C:\msg.vbs
2009-11-02 20:42:06   195456   ------w-   c:\windows\system32\MpSigStub.exe
2009-07-14 04:56:42   31548   ----a-w-   c:\windows\inf\perflib\0409\perfd.dat
2009-07-14 04:56:42   31548   ----a-w-   c:\windows\inf\perflib\0409\perfc.dat
2009-07-14 04:56:42   291294   ----a-w-   c:\windows\inf\perflib\0409\perfi.dat
2009-07-14 04:56:42   291294   ----a-w-   c:\windows\inf\perflib\0409\perfh.dat
2009-07-14 04:41:57   174   --sha-w-   c:\program files\desktop.ini
2009-07-14 00:34:40   291294   ----a-w-   c:\windows\inf\perflib\0000\perfi.dat
2009-07-14 00:34:40   291294   ----a-w-   c:\windows\inf\perflib\0000\perfh.dat
2009-07-14 00:34:38   31548   ----a-w-   c:\windows\inf\perflib\0000\perfd.dat
2009-07-14 00:34:38   31548   ----a-w-   c:\windows\inf\perflib\0000\perfc.dat
2009-06-10 21:26:35   9633792   --sha-r-   c:\windows\fonts\StaticCache.dat
2009-07-14 01:14:45   396800   --sha-w-   c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe

============= FINISH: 18:42:59,19 ===============