My Windows xp SP3's taskbar doesn't work, my Avast Antivirus says that all modules are shut down and sometimes My Documents pops up when I log in.
My Malwarebytes anti-malware log (it's partly Finnish):Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org
Tietokantaversio: 6628
Windows 5.1.2600 Service Pack 3 (Safe Mode)
Internet Explorer 8.0.6001.18702
21.5.2011 1:29:57
mbam-log-2011-05-21 (01-29-57).txt
Tarkistustyyppi: Täysi tarkistus (C:\|)
Tarkistettuja kohteita: 358726
Kulunut aika: 48 minuutti(a), 29 sekunti(a)
Saastuneita muistiprosesseja: 0
Saastuneita muistimoduuleja: 0
Saastuneita rekisteriavaimia: 2
Saastuneita rekisteriarvoja: 0
Saastuneita rekisterikohteita: 0
Saastuneita kansioita: 0
Saastuneita tiedostoja: 47
Saastuneita muistiprosesseja:
(Ei haitallisia kohteita)
Saastuneita muistimoduuleja:
(Ei haitallisia kohteita)
Saastuneita rekisteriavaimia:
HKEY_CURRENT_USER\SOFTWARE\Turkojan (Backdoor.Turkojan) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\DC3_FEXEC (Malware.Trace) -> Quarantined and deleted successfully.
Saastuneita rekisteriarvoja:
(Ei haitallisia kohteita)
Saastuneita rekisterikohteita:
(Ei haitallisia kohteita)
Saastuneita kansioita:
(Ei haitallisia kohteita)
Saastuneita tiedostoja:
c:\WINDOWS\servicepackfiles\i386\notepad.exe (Trojan.FakeMS) -> Quarantined and deleted successfully.
c:\documents and settings\Kristian\local settings\Temp\dclogs.sys (Stolen.Data) -> Quarantined and deleted successfully.
c:\system volume information\_restore{214986c9-2d86-4d74-8dfd-f9201943c32c}\RP1812\A0327538.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\system volume information\_restore{214986c9-2d86-4d74-8dfd-f9201943c32c}\RP1817\A0329904.dll (Backdoor.Turkojan) -> Quarantined and deleted successfully.
c:\system volume information\_restore{214986c9-2d86-4d74-8dfd-f9201943c32c}\RP1817\A0329905.exe (Backdoor.Turkojan) -> Quarantined and deleted successfully.
c:\system volume information\_restore{214986c9-2d86-4d74-8dfd-f9201943c32c}\RP1817\A0331018.exe (Backdoor.Turkojan) -> Quarantined and deleted successfully.
c:\system volume information\_restore{214986c9-2d86-4d74-8dfd-f9201943c32c}\RP1817\A0331022.exe (Backdoor.Turkojan) -> Quarantined and deleted successfully.
c:\system volume information\_restore{214986c9-2d86-4d74-8dfd-f9201943c32c}\RP1817\A0331023.exe (Backdoor.Turkojan) -> Quarantined and deleted successfully.
c:\system volume information\_restore{214986c9-2d86-4d74-8dfd-f9201943c32c}\RP1817\A0331027.dll (Backdoor.Turkojan) -> Quarantined and deleted successfully.
c:\system volume information\_restore{214986c9-2d86-4d74-8dfd-f9201943c32c}\RP1817\A0331029.dll (Backdoor.Turkojan) -> Quarantined and deleted successfully.
c:\system volume information\_restore{214986c9-2d86-4d74-8dfd-f9201943c32c}\RP1817\A0331049.dll (Backdoor.Turkojan) -> Quarantined and deleted successfully.
c:\system volume information\_restore{214986c9-2d86-4d74-8dfd-f9201943c32c}\RP1817\A0331990.dll (Backdoor.Turkojan) -> Quarantined and deleted successfully.
c:\system volume information\_restore{214986c9-2d86-4d74-8dfd-f9201943c32c}\RP1817\A0332073.exe (Backdoor.Turkojan) -> Quarantined and deleted successfully.
c:\system volume information\_restore{214986c9-2d86-4d74-8dfd-f9201943c32c}\RP1817\A0332074.exe (Backdoor.Turkojan) -> Quarantined and deleted successfully.
c:\system volume information\_restore{214986c9-2d86-4d74-8dfd-f9201943c32c}\RP1819\A0333230.dll (Backdoor.Turkojan) -> Quarantined and deleted successfully.
c:\system volume information\_restore{214986c9-2d86-4d74-8dfd-f9201943c32c}\RP1819\A0333231.exe (Backdoor.Turkojan) -> Quarantined and deleted successfully.
c:\system volume information\_restore{214986c9-2d86-4d74-8dfd-f9201943c32c}\RP1819\A0333232.dll (Backdoor.Turkojan) -> Quarantined and deleted successfully.
c:\system volume information\_restore{214986c9-2d86-4d74-8dfd-f9201943c32c}\RP1819\A0333263.exe (Trojan.Backdoor) -> Quarantined and deleted successfully.
c:\system volume information\_restore{214986c9-2d86-4d74-8dfd-f9201943c32c}\RP1819\A0333279.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\system volume information\_restore{214986c9-2d86-4d74-8dfd-f9201943c32c}\RP1819\A0333344.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\system volume information\_restore{214986c9-2d86-4d74-8dfd-f9201943c32c}\RP1819\A0333345.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\system volume information\_restore{214986c9-2d86-4d74-8dfd-f9201943c32c}\RP1819\A0333347.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\system volume information\_restore{214986c9-2d86-4d74-8dfd-f9201943c32c}\RP1819\A0333349.exe (Backdoor.Daromec) -> Quarantined and deleted successfully.
c:\system volume information\_restore{214986c9-2d86-4d74-8dfd-f9201943c32c}\RP1819\A0333350.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\system volume information\_restore{214986c9-2d86-4d74-8dfd-f9201943c32c}\RP1819\A0333351.exe (Backdoor.Daromec) -> Quarantined and deleted successfully.
c:\system volume information\_restore{214986c9-2d86-4d74-8dfd-f9201943c32c}\RP1819\A0333353.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\system volume information\_restore{214986c9-2d86-4d74-8dfd-f9201943c32c}\RP1819\A0333354.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\system volume information\_restore{214986c9-2d86-4d74-8dfd-f9201943c32c}\RP1819\A0333355.bat (Trojan.Backdoor) -> Quarantined and deleted successfully.
c:\system volume information\_restore{214986c9-2d86-4d74-8dfd-f9201943c32c}\RP1819\A0333358.bat (Backdoor.Turkojan) -> Quarantined and deleted successfully.
c:\system volume information\_restore{214986c9-2d86-4d74-8dfd-f9201943c32c}\RP1819\A0333359.bat (Trojan.Backdoor) -> Quarantined and deleted successfully.
c:\system volume information\_restore{214986c9-2d86-4d74-8dfd-f9201943c32c}\RP1819\A0333360.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\system volume information\_restore{214986c9-2d86-4d74-8dfd-f9201943c32c}\RP1819\A0333361.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\system volume information\_restore{214986c9-2d86-4d74-8dfd-f9201943c32c}\RP1819\A0333364.exe (Trojan.Backdoor) -> Quarantined and deleted successfully.
c:\system volume information\_restore{214986c9-2d86-4d74-8dfd-f9201943c32c}\RP1819\A0333366.exe (Backdoor.Daromec) -> Quarantined and deleted successfully.
c:\system volume information\_restore{214986c9-2d86-4d74-8dfd-f9201943c32c}\RP1819\A0333368.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\system volume information\_restore{214986c9-2d86-4d74-8dfd-f9201943c32c}\RP1819\A0333369.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\system volume information\_restore{214986c9-2d86-4d74-8dfd-f9201943c32c}\RP1819\A0333370.exe (Backdoor.Daromec) -> Quarantined and deleted successfully.
c:\system volume information\_restore{214986c9-2d86-4d74-8dfd-f9201943c32c}\RP1819\A0333408.exe (Backdoor.Bifrose) -> Quarantined and deleted successfully.
c:\system volume information\_restore{214986c9-2d86-4d74-8dfd-f9201943c32c}\RP1819\A0333409.exe (Backdoor.Turkojan) -> Quarantined and deleted successfully.
c:\system volume information\_restore{214986c9-2d86-4d74-8dfd-f9201943c32c}\RP1819\A0333411.dll (Backdoor.Turkojan) -> Quarantined and deleted successfully.
c:\system volume information\_restore{214986c9-2d86-4d74-8dfd-f9201943c32c}\RP1819\A0333413.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\system volume information\_restore{214986c9-2d86-4d74-8dfd-f9201943c32c}\RP1821\A0340286.dll (Backdoor.Turkojan) -> Quarantined and deleted successfully.
c:\system volume information\_restore{214986c9-2d86-4d74-8dfd-f9201943c32c}\RP1821\A0340287.dll (Backdoor.Turkojan) -> Quarantined and deleted successfully.
c:\system volume information\_restore{214986c9-2d86-4d74-8dfd-f9201943c32c}\RP1821\A0340288.exe (Backdoor.Turkojan) -> Quarantined and deleted successfully.
c:\system volume information\_restore{214986c9-2d86-4d74-8dfd-f9201943c32c}\RP1821\A0342423.exe (Backdoor.Daromec) -> Quarantined and deleted successfully.
c:\system volume information\_restore{214986c9-2d86-4d74-8dfd-f9201943c32c}\RP1821\A0342424.exe (Backdoor.Bifrose) -> Quarantined and deleted successfully.
c:\system volume information\_restore{214986c9-2d86-4d74-8dfd-f9201943c32c}\RP1821\A0342425.exe (Trojan.Backdoor) -> Quarantined and deleted successfully.
GMER One:GMER 1.0.15.15627 - http://www.gmer.net
Rootkit quick scan 2011-05-21 19:55:23
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 ST3160021A rev.8.01
Running: gmer.exe; Driver: C:\DOCUME~1\Kristian\LOCALS~1\Temp\pgloyuob.sys
---- Disk sectors - GMER 1.0.15 ----
Disk \Device\Harddisk0\DR0 MBR read error
Disk \Device\Harddisk0\DR0 MBR BIOS signature not found 0
---- System - GMER 1.0.15 ----
SSDT d347bus.sys (PnP BIOS Extension/ ) ZwEnumerateKey [0xF75B22A8]
SSDT d347bus.sys (PnP BIOS Extension/ ) ZwEnumerateValueKey [0xF75BD910]
---- Devices - GMER 1.0.15 ----
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-17 8A7DBE00
Device \Driver\atapi \Device\Ide\IdePort0 8A7DBE00
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 8A7DBE00
Device \Driver\atapi \Device\Ide\IdePort1 8A7DBE00
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-f 8A7DBE00
Device \FileSystem\Ntfs \Ntfs 8A8062D8
Device \Driver\Tcpip \Device\Ip vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
Device \Driver\Tcpip \Device\Tcp vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
AttachedDevice \Driver\Tcpip \Device\Tcp aswRdr.SYS (avast! TDI RDR Driver/AVAST Software)
Device \Driver\Tcpip \Device\Udp vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
Device \Driver\Tcpip \Device\RawIp vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
---- Modules - GMER 1.0.15 ----
Module _________ F7482000-F749A000 (98304 bytes)
---- EOF - GMER 1.0.15 ----
GMER Two
GMER 1.0.15.15627 - http://www.gmer.net
Rootkit scan 2011-05-21 20:33:36
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdePort0 ST3160021A rev.8.01
Running: gmer.exe; Driver: C:\DOCUME~1\Kristian\LOCALS~1\Temp\pgloyuob.sys
---- System - GMER 1.0.15 ----
SSDT d347bus.sys (PnP BIOS Extension/ ) ZwClose [0xF75BD818]
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwCreateFile [0xBA231782]
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwCreateKey [0xBA2506DC]
SSDT d347bus.sys (PnP BIOS Extension/ ) ZwCreatePagingFile [0xF75B1A20]
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwCreateProcess [0xBA24AEB4]
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwCreateProcessEx [0xBA24B2A2]
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwCreateSection [0xBA254916]
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwDeleteFile [0xBA232398]
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwDeleteKey [0xBA251FE4]
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwDeleteValueKey [0xBA25193C]
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwDuplicateObject [0xBA249DF0]
SSDT d347bus.sys (PnP BIOS Extension/ ) ZwEnumerateKey [0xF75B22A8]
SSDT d347bus.sys (PnP BIOS Extension/ ) ZwEnumerateValueKey [0xF75BD910]
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwLoadKey [0xBA25293C]
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwLoadKey2 [0xBA252B44]
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwOpenFile [0xBA231FAA]
SSDT d347bus.sys (PnP BIOS Extension/ ) ZwOpenKey [0xF75BD794]
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwOpenProcess [0xBA24D1CE]
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwOpenThread [0xBA24CDF8]
SSDT d347bus.sys (PnP BIOS Extension/ ) ZwQueryKey [0xF75B22C8]
SSDT d347bus.sys (PnP BIOS Extension/ ) ZwQueryValueKey [0xF75BD866]
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwRenameKey [0xBA2538D2]
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwReplaceKey [0xBA253208]
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwRestoreKey [0xBA2542A4]
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwSecureConnectPort [0xBA2377DC]
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwSetInformationFile [0xBA23275C]
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwSetSecurityObject [0xBA253E12]
SSDT d347bus.sys (PnP BIOS Extension/ ) ZwSetSystemPowerState [0xF75BD0B0]
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwSetValueKey [0xBA2510C4]
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwSystemDebugControl [0xBA24BF0A]
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwTerminateProcess [0xBA24BC86]
---- Devices - GMER 1.0.15 ----
Device \FileSystem\Ntfs \Ntfs 8A8062D8
Device \Driver\Tcpip \Device\Ip vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
Device \Driver\Tcpip \Device\Tcp vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
AttachedDevice \Driver\Tcpip \Device\Tcp aswRdr.SYS (avast! TDI RDR Driver/AVAST Software)
Device \Driver\Cdrom \Device\CdRom0 8A808DA0
Device \FileSystem\Rdbss \Device\FsWrap 8A46A2B8
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-17 8A7DBE00
Device \Driver\atapi \Device\Ide\IdePort0 8A7DBE00
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 8A7DBE00
Device \Driver\atapi \Device\Ide\IdePort1 8A7DBE00
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-f 8A7DBE00
Device \Driver\Cdrom \Device\CdRom1 8A808DA0
Device \FileSystem\Srv \Device\LanmanServer 8A324558
Device \Driver\Tcpip \Device\Udp vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
Device \Driver\Tcpip \Device\RawIp vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 8A464EC8
Device \Driver\Tcpip \Device\IPMULTICAST vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
Device \FileSystem\MRxSmb \Device\LanmanRedirector 8A464EC8
Device \FileSystem\Npfs \Device\NamedPipe 8A710620
Device \FileSystem\Msfs \Device\Mailslot 8A70E138
Device \FileSystem\Fastfat \Fat B8B4DD20
Device \FileSystem\Fastfat \Fat 8A463FB0
Device \FileSystem\Fs_Rec \FileSystem\UdfsCdRomRecognizer 8A810D18
Device \FileSystem\Fs_Rec \FileSystem\FatCdRomRecognizer 8A810D18
Device \FileSystem\Fs_Rec \FileSystem\CdfsRecognizer 8A810D18
Device \FileSystem\Fs_Rec \FileSystem\FatDiskRecognizer 8A810D18
Device \FileSystem\Fs_Rec \FileSystem\UdfsDiskRecognizer 8A810D18
Device \FileSystem\Cdfs \Cdfs 8A440950
---- Modules - GMER 1.0.15 ----
Module _________ F7482000-F749A000 (98304 bytes)
---- Registry - GMER 1.0.15 ----
Reg HKLM\SYSTEM\CurrentControlSet\Services\d347prt\Cfg\0Jf40
Reg HKLM\SYSTEM\CurrentControlSet\Services\d347prt\Cfg\0Jf40@khjeh 0x20 0x02 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\d347prt\Cfg\0Jf40@hj34z0 0x75 0xDE 0xDD 0x48 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\d347prt\Cfg\0Jf40@hj34z1 0xAB 0xDE 0xDD 0x48 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\d347prt\Cfg\0Jf40@hj34z2 0xAB 0xDE 0xDD 0x48 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\d347prt\Cfg\0Jf40@hj34z3 0xAB 0xDE 0xDD 0x48 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\d347prt\Cfg\0Jf40@hj34z4 0xAB 0xDE 0xDD 0x48 ...
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@DeviceNotSelectedTimeout 15
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@GDIProcessHandleQuota 10000
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@Spooler yes
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@swapdisk
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@TransmissionRetryTimeout 90
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@USERProcessHandleQuota 10000
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@RequireSignedAppInit_DLLs 1
Reg HKLM\SOFTWARE\Classes\CLSID\{248FCFB3-5914-AF2C-CCBA-9BB5E3C749D5}\InProcServer32@ %SystemRoot%\system32\shdocvw.dll
Reg HKLM\SOFTWARE\Classes\CLSID\{248FCFB3-5914-AF2C-CCBA-9BB5E3C749D5}\InProcServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{7777E048-70AD-98BB-1CDD-839B22C3DE2D}\InprocServer32@ C:\WINDOWS\system32\wstdecod.dll
Reg HKLM\SOFTWARE\Classes\CLSID\{7777E048-70AD-98BB-1CDD-839B22C3DE2D}\InprocServer32@ThreadingModel Both
Reg HKLM\SOFTWARE\Classes\CLSID\{DA07BE83-B97B-BA2D-4FC8-30F1027AA7BE}\Implemented Categories\{A9A10010-338A-11d2-BE43-006008C3FEBE}
Reg HKLM\SOFTWARE\Classes\CLSID\{DA07BE83-B97B-BA2D-4FC8-30F1027AA7BE}\Implemented Categories\{F2BB56D1-DB07-11d1-AA6B-006097DB9539}
Reg HKLM\SOFTWARE\Classes\CLSID\{DA07BE83-B97B-BA2D-4FC8-30F1027AA7BE}\InprocServer32@ C:\PROGRA~1\MICROS~2\Office\MSOWC.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{DA07BE83-B97B-BA2D-4FC8-30F1027AA7BE}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{DA07BE83-B97B-BA2D-4FC8-30F1027AA7BE}\MiscStatus@ 0
Reg HKLM\SOFTWARE\Classes\CLSID\{DA07BE83-B97B-BA2D-4FC8-30F1027AA7BE}\MiscStatus\1
Reg HKLM\SOFTWARE\Classes\CLSID\{DA07BE83-B97B-BA2D-4FC8-30F1027AA7BE}\MiscStatus\1@ 131473
Reg HKLM\SOFTWARE\Classes\CLSID\{DA07BE83-B97B-BA2D-4FC8-30F1027AA7BE}\ProgID@ OWC.Chart.9
Reg HKLM\SOFTWARE\Classes\CLSID\{DA07BE83-B97B-BA2D-4FC8-30F1027AA7BE}\ToolboxBitmap32@ C:\PROGRA~1\MICROS~2\Office\MSOWC.DLL, 1002
Reg HKLM\SOFTWARE\Classes\CLSID\{DA07BE83-B97B-BA2D-4FC8-30F1027AA7BE}\TypeLib@ {0002E540-0000-0000-C000-000000000046}
Reg HKLM\SOFTWARE\Classes\CLSID\{DA07BE83-B97B-BA2D-4FC8-30F1027AA7BE}\Version@ 1.0
Reg HKLM\SOFTWARE\Classes\CLSID\{DA07BE83-B97B-BA2D-4FC8-30F1027AA7BE}\VersionIndependentProgID@ OWC.Chart
---- Disk sectors - GMER 1.0.15 ----
Disk \Device\Harddisk0\DR0 MBR read error
Disk \Device\Harddisk0\DR0 MBR BIOS signature not found 0
---- EOF - GMER 1.0.15 ----
DDS.txt
.
DDS (Ver_11-05-19.01) - NTFSx86 NETWORK
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_24
Run by Kristian at 20:35:55 on 2011-05-21
Microsoft Windows XP Home Edition 5.1.2600.3.1252.358.1035.18.2047.1293 [GMT 3:00]
.
AV: avast! Antivirus *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: ZoneAlarm Firewall *Enabled*
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
svchost.exe
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\WINDOWS\system32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\internet explorer\iexplore.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\Kristian\Työpöytä\gmer.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Winamp Remote\bin\OrbTray.exe
C:\Program Files\Winamp Remote\bin\Orb.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\Kristian\Työpöytä\dds.scr
C:\WINDOWS\system32\WSCRIPT.exe
.
============== Pseudo HJT Report ===============
.
uLocal Page =
uStart Page = hxxp://google.fi/
mLocal Page =
mWinlogon: UIHost=c:\windows\system32\logonui.exe
BHO: Windows Liven kirjautumisapuohjelma: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - No File
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll
TB: {B760D5A4-8D24-4CB6-942E-D6BB540AD88C} - No File
uRun: [uTorrent] "c:\program files\utorrent\uTorrent.exe"
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [ZoneAlarm Client] "c:\program files\zone labs\zonealarm\zlclient.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [SoundMan] SOUNDMAN.EXE
mRun: [MSConfig] c:\windows\pchealth\helpctr\binaries\MSCONFIG.EXE /auto
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
StartupFolder: c:\docume~1\kristian\kynnis~1\ohjelmat\kynnis~1\lastfm~1.lnk - c:\program files\last.fm\LastFM.exe
StartupFolder: c:\docume~1\kristian\kynnis~1\ohjelmat\kynnis~1\spotify.lnk - c:\program files\spotify\spotify.exe
IE: E&xport to Microsoft Excel - c:\progra~1\mi1933~1\office11\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204
DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - hxxp://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} - hxxp://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos-beta/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
DPF: {CAFEEFAC-0014-0002-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_04-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
Notify: AtiExtEvent - Ati2evxx.dll
Notify: WRNotifier - WRLogonNTF.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\kristian\application data\mozilla\firefox\profiles\ud98rffb.default\
FF - prefs.js: browser.startup.homepage - www.google.fi
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?ie=UTF-8&sourceid=navclient&gfns=1&q=
FF - component: c:\program files\nokia\nokia pc suite 7\bkmrksync\components\BkMrkExt.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft silverlight\4.0.60310.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox\plugins\np_IEGetPlugin.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npGoogleGadgetPluginFirefoxWin.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npwachk.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
.
============= SERVICES / DRIVERS ===============
.
R0 d347bus;d347bus;c:\windows\system32\drivers\d347bus.sys [2010-1-23 155136]
R0 d347prt;d347prt;c:\windows\system32\drivers\d347prt.sys [2010-1-23 5248]
R1 vsdatant;vsdatant;c:\windows\system32\vsdatant.sys [2010-1-23 532224]
R2 vsmon;TrueVector Internet Monitor;c:\windows\system32\zonelabs\vsmon.exe -service --> c:\windows\system32\zonelabs\vsmon.exe -service [?]
S0 boreyq;boreyq;c:\windows\system32\drivers\kxyn.sys --> c:\windows\system32\drivers\kxyn.sys [?]
S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2011-5-11 441176]
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2010-8-28 307928]
S1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-2-17 12872]
S1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-5-10 67656]
S2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2010-8-28 19544]
S2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2010-8-28 42184]
S2 BecHelperService;BecHelperService;c:\program files\mobiililaajakaista\mobiililaajakaista\BecHelperService.exe [2011-2-28 1837464]
S2 FirebirdGuardianDefaultInstance;Firebird Guardian - DefaultInstance;c:\program files\firebird\firebird_2_5\bin\fbguard.exe [2011-3-3 98304]
S2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [2010-1-21 54752]
S2 gupdate;Google-päivityspalvelu (gupdate);"c:\program files\google\update\googleupdate.exe" /svc --> c:\program files\google\update\GoogleUpdate.exe [?]
S2 UDTTCAP;USBDTT - USB 1.1 DVB-T adapter Driver;c:\windows\system32\drivers\UDTTCAP.sys [2006-10-7 24646]
S3 3xHybrid;Pinnacle PCTV 100i-110i-300i-310i-MCE;c:\windows\system32\drivers\3xHybrid.sys [2006-11-22 698368]
S3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\drivers\ewusbnet.sys [2011-2-28 114432]
S3 FirebirdServerDefaultInstance;Firebird Server - DefaultInstance;c:\program files\firebird\firebird_2_5\bin\fbserver.exe [2011-3-3 3735552]
S3 fsssvc;Windows Live -perheturvapalvelu;c:\program files\windows live\family safety\fsssvc.exe [2010-4-28 704872]
S3 hwusbdev;Huawei DataCard USB PNP Device;c:\windows\system32\drivers\ewusbdev.sys [2011-2-28 100736]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [2011-1-31 137600]
S3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [2011-1-31 8576]
S3 UDTTLOAD;UDTTLOAD;c:\windows\system32\drivers\UDTTload.sys [2006-10-7 17754]
.
=============== Created Last 30 ================
.
2011-05-21 16:07:44 -------- d-s---w- C:\ComboFix
2011-05-21 10:50:29 -------- d-----w- c:\program files\ESET
2011-05-21 10:35:50 -------- d-----w- c:\documents and settings\kristian\application data\SUPERAntiSpyware.com
2011-05-21 10:35:50 -------- d-----w- c:\documents and settings\all users\application data\SUPERAntiSpyware.com
2011-05-21 10:35:18 -------- d-----w- c:\program files\SUPERAntiSpyware
2011-05-20 20:27:40 98816 ----a-w- c:\windows\sed.exe
2011-05-20 20:27:40 89088 ----a-w- c:\windows\MBR.exe
2011-05-20 20:27:40 256512 ----a-w- c:\windows\PEV.exe
2011-05-20 20:27:40 161792 ----a-w- c:\windows\SWREG.exe
2011-05-20 18:23:52 -------- d-----w- c:\windows\system32\wbem\repository\FS
2011-05-20 18:23:52 -------- d-----w- c:\windows\system32\wbem\Repository
2011-05-15 13:17:22 -------- d-----w- c:\documents and settings\kristian\local settings\application data\Vitalwerks
2011-05-11 18:55:31 441176 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-05-08 17:11:43 -------- d-----w- c:\program files\mp3DirectCut
2011-05-08 17:02:01 -------- d-----w- c:\windows\LameCodec
2011-05-08 16:59:23 -------- d-----w- c:\documents and settings\kristian\application data\foobar2000
2011-05-08 16:59:10 -------- d-----w- c:\program files\foobar2000
2011-05-08 12:30:44 -------- d-----w- c:\program files\Rockstar Games
2011-04-30 15:00:38 -------- d-----w- c:\program files\MTA San Andreas 2
2011-04-30 11:43:44 -------- d-----w- c:\documents and settings\kristian\local settings\application data\MTA San Andreas
2011-04-30 11:43:07 -------- d-----w- c:\program files\MTA San Andreas
.
==================== Find3M ====================
.
2011-05-10 12:10:59 40112 ----a-w- c:\windows\avastSS.scr
2011-03-07 05:33:37 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-03-04 06:36:12 420864 ----a-w- c:\windows\system32\vbscript.dll
2011-03-03 13:52:58 1858176 ----a-w- c:\windows\system32\win32k.sys
2011-02-28 13:17:10 71259 ----a-w- c:\windows\Huawei ModemsUninstall.exe
2011-02-22 23:08:07 916480 ----a-w- c:\windows\system32\wininet.dll
2011-02-22 23:08:06 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-02-22 23:08:06 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2011-02-22 11:42:13 385024 ----a-w- c:\windows\system32\html.iec
2008-04-14 16:12:19 60416 --sha-w- c:\windows\bricopacks\sysfiles\80_msimn.exe
.
============= FINISH: 20:36:23,73 ===============
