Kone jumittaa ja virukset ilmestyvät aina uudestaan

mailis · 02.05.2008

Elikkä, kone alkaa välillä jumittamaan aivan mielettömästi, niin ettei mikään liiku hyvä jos hiirikään ja CPU 100%:ssa vähän väliä. Jumitus yleensä lakkaa kun utorrentin sammuttaa, joten prossun suuri käyttö voi johtua pelkästään siitä. Mutta ei se jumittanut kylläkään konetta ennen kuin Avast alkoi antamaan virushälytyksiä.

Ja sitten tulee joka kerta samat virukset koneelle windows/system32 kansioon, joskus jopa pari kertaa päivässä. Yleensä ne tulevat klo 21 jälkeen. Taustasuojaus löytää niitä vain kun netti on päällä, mutta jos suljen netin ja tarkistan kansion mitään ei löydy. Avastilla on käyty koko kone läpi samoin Microsoftin Malicious Software Removal Tool. Muutama virus on silloin tällöin löytynyt, mutta ei ole auttanut asiassa. Ad-Aware, Spybot ja Advanced WindowsCare V2 ei ole löytänyt mitään.

Virukset tulevat kyllä kaikkien koneen käyttäjien tunnuksilla, mutta jumittaa vain minun tunnuksilla. Tässä kuitenkin hjt-logi.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:21:29, on 2.5.2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16643)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Avast4\ashDisp.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Users\Sami\Program Files\uTorrent\uTorrent.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {259F616C-A300-44F5-B04A-ED001A26C85C} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [Zboard] C:\Program Files\Ideazon\ZEngine\Zboard.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\RunServices: [Microsoft Updates] svehost.exe
O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'Paikallinen palvelu')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'Paikallinen palvelu')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'Verkkopalvelu')
O4 - HKUS\S-1-5-21-2000478354-57989841-725345543-1007\..\Run: [uTorrent] "C:\Users\Sami\Program Files\uTorrent\uTorrent.exe" (User 'Sami')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: V&ie Microsoft Exceliin - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O13 - Gopher Prefix:
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.6.108.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - http://www.update.microsoft.com/win...ls/en/x86/client/wuweb_site.cab?1188758834687
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe Active File Monitor V6 (AdobeActiveFileMonitor6.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Avast4\aswUpdSv.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\Windows\System32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Avast4\ashWebSv.exe
O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod-palvelu (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: perfmons Service (perfmons) - Unknown owner - C:\Windows\system32\perfs.exe (file missing)
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\Windows\system32\IoctlSvc.exe
O23 - Service: Routing Service (Routing) - Unknown owner - C:\Windows\system32\routing.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: SmartLinkService (SLService) - - C:\Windows\SYSTEM32\slserv.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe

--
End of file - 7054 bytes

AfterDawn

Hujo · 04.05.2008

1.Lataa combofix.exe työpöydällesi yhdestä linkistä:
combofix1
combofix2

2. Tuplaklikkaa combofix.exe tiedostoa ja seuraa ohjeistuksia.
3. Kun työkalu on valmis, se tuottaa lokin. Lähetä tämä loki viesti ketjuusi.
Huom! Älä klikkaile combofixin ikkunaa käytön aikana. Tämä saattaa aiheuttaa ohjelman jumiutumisen.

===============

scannaa hjt:llä merkkaa paina Fix checked

O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: (no name) - {259F616C-A300-44F5-B04A-ED001A26C85C} - (no file)
O4 - HKLM\..\RunServices: [Microsoft Updates] svehost.exe
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present

mailis · 04.05.2008

Korjasin nuo hjt-hommat, mutta combofix ei toimi. Ensin tulee viesti "Järjestelmä ei löydä sanomaa numerolla 0x8 ohjelman System sanomatiedostossa." ja sitten ilmoittaa, että ComboFix käynnistyy pian. Se suorittaa kyllä windowsin rekisterin backupin, mutta sama viesti tulee heti sen jälkeen uudestaan, jonka jälkeen mitään ei tapahdu. Jos painan 1 ja enter tulee samankaltainen viesti, "0x2331 ohjelman Application sanomatiedostossa." vain muuttuneena, eikä tee sen jälkeen mitään.

Hujo · 05.05.2008

Lataa Malwarebytes' Anti-Malware työpöydällesi.

1. Tuplaklikkaa mbam-setup.exe ja seuraa ohjeita asentaaksesi ohjelman.
2. Lopuksi varmistu, että seuraavat on valittu: Update Malwarebytes', Anti-Malwareja
Launch Malwarebytes' Anti-Malware ja sen jälkeen klikkaaFinish.
3. Jos päivitys löytyy. ohjelma lataa ja asentaa uusimman version.
4. Kun ohjelma on latautunut, valitse Perform full scan ja klikkaa Scan.
5. Kun skanni on valmis, klikkaa OK ja sitten Show Results nähdäksesi tulokset.
6. Varmistu, että kaikki on merkitty ja klikkaa Remove Selected.
7. Tämän jälkeen loki avautuu muistioon. Tallenna se paikkaan, josta löydät sen helposti. Loki
löytyy myös täältä: C:\Documents and Settings\Käyttäjänimi\Application
Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-päiväys.txt
8. Lähetä lokin sisältö seuraavassa viestissäsi.

mailis · 06.05.2008

Malwarebytes' Anti-Malware 1.11
Tietokantaversio: 720

Tarkistustyyppi: Täysi tarkistus (C:\|D:\|)
Tarkistetut kohteet: 243836
Kulunut aika: 3 hour(s), 12 minute(s), 49 second(s)

Saastuneita muistiprosesseja: 1
Saastuneita muistimoduuleja: 0
Saastuneita rekisteriavaimia: 2
Saastuneita rekisteriarvoja: 0
Saastuneita rekisterikohteita: 0
Saastuneita hakemistoja: 0
Saastuneita tiedostoja: 4

Saastuneita muistiprosesseja:
C:\Windows\System32\routing.exe (Trojan.Agent) -> Failed to unload process.

Saastuneita muistimoduuleja:
(Haitallisia kohteita ei löydetty)

Saastuneita rekisteriavaimia:
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\routing (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\routing (Trojan.Agent) -> Quarantined and deleted successfully.

Saastuneita rekisteriarvoja:
(Haitallisia kohteita ei löydetty)

Saastuneita rekisterikohteita:
(Haitallisia kohteita ei löydetty)

Saastuneita hakemistoja:
(Haitallisia kohteita ei löydetty)

Saastuneita tiedostoja:
C:\Windows\System32\svehost.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\Indt2.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drmgs.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\routing.exe (Trojan.Agent) -> Delete on reboot.

Hujo · 08.05.2008

mimones hjt:n loki löytyy nyt

mailis · 09.05.2008

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:59, on 2008-05-09
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16643)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Ideazon\ZEngine\Zboard.exe
C:\Program Files\Avast4\ashDisp.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Users\Sami\Program Files\uTorrent\uTorrent.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [Zboard] C:\Program Files\Ideazon\ZEngine\Zboard.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe"
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'Paikallinen palvelu')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'Paikallinen palvelu')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'Verkkopalvelu')
O4 - HKUS\S-1-5-21-2000478354-57989841-725345543-1007\..\Run: [uTorrent] "C:\Users\Sami\Program Files\uTorrent\uTorrent.exe" (User 'Sami')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: V&ie Microsoft Exceliin - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O13 - Gopher Prefix:
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.6.108.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - http://www.update.microsoft.com/win...ls/en/x86/client/wuweb_site.cab?1188758834687
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe Active File Monitor V6 (AdobeActiveFileMonitor6.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Avast4\aswUpdSv.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\Windows\System32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Avast4\ashWebSv.exe
O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod-palvelu (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: perfmons Service (perfmons) - Unknown owner - C:\Windows\system32\perfs.exe (file missing)
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\Windows\system32\IoctlSvc.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: SmartLinkService (SLService) - - C:\Windows\SYSTEM32\slserv.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe

--
End of file - 6880 bytes

Hujo · 09.05.2008

scannaa hjt:llä merkkaa paina Fix checked

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present

mailis · 10.05.2008

Korjattu on. Kone on vieläkin vähän hidas. Hiiri välillä jumittuu paikalleen kun muistista melkein kaikki käytössä, vaikka mitään sen ihmeellisempää ei tehdä. Suoritinkin käy aika useasti 100% nähtävästi ilman kummosempaa syytä. Explorer ainakin syö muistia reippaasti, vaikka vain yksi sivu auki.

Hujo · 10.05.2008

Lataa GMER http://www.gmer.net/gmer.zip ja tallenna se työpöydällesi:

• Pura se työpöydälle ja tuplaklikkaa tiedostoa GMER.exe
• Klikkaa rootkit-välilehteä ja sitten klikkaa scan.
• Älä rastita "Show All" boksia skannauksen aikana!
• Kun skannaus on valmis, klikkaa Copy.
• Tämä kopioi lokin leikepöydälle (voit tallentaa lokin varmuuden vuoksi tekstitiedostoon).
• Liitä loki sitten viestiketjuusi.

============

scannaa hjt:llä merkkaa paina Fix checked

O23 - Service: perfmons Service (perfmons) - Unknown owner - C:\Windows\system32\perfs.exe (file missing)
O23 - Service: Routing Service (Routing) - Unknown owner - C:\Windows\system32\routing.exe

==========

Kopioi / liitä seuraava teksti alapuolella tyhjään muistioFiluun
Varmista että tiedoston tyyppi on ”all Files” ja tallenna se Poisto.bat. nimisenä
työpöydällesi.

@echo off
sc stop perfmons
sc delete perfmons
sc stop Routing
sc delete Routing

Tupla-klikkaa Poisto.bat. filua työpöydälläsi , ikkuna avautuu ja Sulkeutuu tämä on normaalia.

mailis · 10.05.2008

GMER 1.0.14.14205 - http://www.gmer.net
Rootkit scan 2008-05-10 12:15:11
Windows 6.0.6000

---- System - GMER 1.0.14 ----

SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwCreateFile [0x8D23213A]
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwCreateKey [0x8D23C5C6]
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwDeleteFile [0x8D23274C]
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwDeleteKey [0x8D23D29E]
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwDeleteValueKey [0x8D23CEE2]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwDuplicateObject [0x8D78C8AA]
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwLoadKey [0x8D23D5D0]
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwOpenFile [0x8D2325E4]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenProcess [0x8D78C7C8]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenThread [0x8D78C83C]
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwReplaceKey [0x8D23D878]
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwRestoreKey [0x8D23DB2A]
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwSetInformationFile [0x8D232898]
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwSetValueKey [0x8D23CA6E]

---- Kernel code sections - GMER 1.0.14 ----

? System32\Drivers\spau.sys Määritettyä tiedostoa ei löydy. !
.text USBPORT.SYS!DllUnload 8C259FEB 5 Bytes JMP 83AA03C0
.text a71ow4rn.SYS 8D172000 22 Bytes [ 8E, 71, 7A, 82, 78, 70, 7A, ... ]
.text a71ow4rn.SYS 8D172017 74 Bytes [ 00, 99, 07, 44, 80, A4, 05, ... ]
.text a71ow4rn.SYS 8D172062 84 Bytes [ 48, 82, 40, 68, 45, 82, 8C, ... ]
.text a71ow4rn.SYS 8D1720B7 22 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text a71ow4rn.SYS 8D1720CE 80 Bytes [ 00, 00, 27, 00, 00, 00, E0, ... ]
.text ...

---- User code sections - GMER 1.0.14 ----

.text C:\Program Files\Ideazon\ZEngine\Zboard.exe[2080] USER32.dll!DefWindowProcA 75CB05CF 5 Bytes JMP 630016CD C:\Windows\system32\wbocx.ocx (WindowBlinds : DirectSkin /Stardock.Net, Inc)
.text C:\Program Files\Ideazon\ZEngine\Zboard.exe[2080] USER32.dll!GetSysColorBrush 75CB217F 5 Bytes JMP 6305A5E8 C:\Windows\system32\wbocx.ocx (WindowBlinds : DirectSkin /Stardock.Net, Inc)
.text C:\Program Files\Ideazon\ZEngine\Zboard.exe[2080] USER32.dll!GetSysColor 75CBABF8 5 Bytes JMP 6305B449 C:\Windows\system32\wbocx.ocx (WindowBlinds : DirectSkin /Stardock.Net, Inc)
.text C:\Program Files\Ideazon\ZEngine\Zboard.exe[2080] USER32.dll!DefWindowProcW 75CC1D90 5 Bytes JMP 630016FC C:\Windows\system32\wbocx.ocx (WindowBlinds : DirectSkin /Stardock.Net, Inc)

---- Kernel IAT/EAT - GMER 1.0.14 ----

IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortUchar] [86B026D2] \SystemRoot\System32\Drivers\spau.sys
IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortUchar] [86B02040] \SystemRoot\System32\Drivers\spau.sys
IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortBufferUshort] [86B027FC] \SystemRoot\System32\Drivers\spau.sys
IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortUshort] [86B020BE] \SystemRoot\System32\Drivers\spau.sys
IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortBufferUshort] [86B0213C] \SystemRoot\System32\Drivers\spau.sys
IAT \SystemRoot\system32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR] [86B12048] \SystemRoot\System32\Drivers\spau.sys
IAT \SystemRoot\System32\Drivers\a71ow4rn.SYS[ataport.SYS!AtaPortNotification] F73BFF33
IAT \SystemRoot\System32\Drivers\a71ow4rn.SYS[ataport.SYS!AtaPortWritePortUchar] B85F0B75
IAT \SystemRoot\System32\Drivers\a71ow4rn.SYS[ataport.SYS!AtaPortWritePortUlong] FFFFFFFE
IAT \SystemRoot\System32\Drivers\a71ow4rn.SYS[ataport.SYS!AtaPortGetPhysicalAddress] 08C25D5E
IAT \SystemRoot\System32\Drivers\a71ow4rn.SYS[ataport.SYS!AtaPortConvertPhysicalAddressToUlong] 5D8B5300
IAT \SystemRoot\System32\Drivers\a71ow4rn.SYS[ataport.SYS!AtaPortGetScatterGatherList] 74DF3B0C
IAT \SystemRoot\System32\Drivers\a71ow4rn.SYS[ataport.SYS!AtaPortReadPortUchar] 01FB8311
IAT \SystemRoot\System32\Drivers\a71ow4rn.SYS[ataport.SYS!AtaPortStallExecution] 5F5B0C74
IAT \SystemRoot\System32\Drivers\a71ow4rn.SYS[ataport.SYS!AtaPortGetParentBusType] FFFFFEB8
IAT \SystemRoot\System32\Drivers\a71ow4rn.SYS[ataport.SYS!AtaPortRequestCallback] C25D5EFF
IAT \SystemRoot\System32\Drivers\a71ow4rn.SYS[ataport.SYS!AtaPortWritePortBufferUshort] 7E390008
IAT \SystemRoot\System32\Drivers\a71ow4rn.SYS[ataport.SYS!AtaPortGetUnCachedExtension] C7077524
IAT \SystemRoot\System32\Drivers\a71ow4rn.SYS[ataport.SYS!AtaPortCompleteRequest] 01642446
IAT \SystemRoot\System32\Drivers\a71ow4rn.SYS[ataport.SYS!AtaPortReleaseRequestSenseIrb] 7E398D18
IAT \SystemRoot\System32\Drivers\a71ow4rn.SYS[ataport.SYS!AtaPortBuildRequestSenseIrb] C7077528
IAT \SystemRoot\System32\Drivers\a71ow4rn.SYS[ataport.SYS!AtaPortMoveMemory] 01902846
IAT \SystemRoot\System32\Drivers\a71ow4rn.SYS[ataport.SYS!AtaPortReadPortUshort] 468B8D18
IAT \SystemRoot\System32\Drivers\a71ow4rn.SYS[ataport.SYS!AtaPortReadPortBufferUshort] 244E8B2C
IAT \SystemRoot\System32\Drivers\a71ow4rn.SYS[ataport.SYS!AtaPortCompleteAllActiveRequests] 7468016A
IAT \SystemRoot\System32\Drivers\a71ow4rn.SYS[ataport.SYS!AtaPortInitialize] 500000FA
IAT \SystemRoot\System32\Drivers\a71ow4rn.SYS[ataport.SYS!AtaPortGetDeviceBase] C73BD1FF
IAT \SystemRoot\System32\Drivers\a71ow4rn.SYS[ataport.SYS!AtaPortDeviceStateChange] 5F5B0C75

---- User IAT/EAT - GMER 1.0.14 ----

IAT C:\Windows\system32\services.exe[596] @ C:\Windows\system32\services.exe [ADVAPI32.dll!CreateProcessAsUserW] 00070002
IAT C:\Windows\system32\services.exe[596] @ C:\Windows\system32\services.exe [KERNEL32.dll!CreateProcessW] 00070000
IAT C:\Program Files\Ideazon\ZEngine\Zboard.exe[2080] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [63027DC9] C:\Windows\system32\wbocx.ocx (WindowBlinds : DirectSkin /Stardock.Net, Inc)
IAT C:\Program Files\Ideazon\ZEngine\Zboard.exe[2080] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryA] [63027C10] C:\Windows\system32\wbocx.ocx (WindowBlinds : DirectSkin /Stardock.Net, Inc)
IAT C:\Program Files\Ideazon\ZEngine\Zboard.exe[2080] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!CreateThread] [63027D31] C:\Windows\system32\wbocx.ocx (WindowBlinds : DirectSkin /Stardock.Net, Inc)
IAT C:\Program Files\Ideazon\ZEngine\Zboard.exe[2080] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryW] [63027C64] C:\Windows\system32\wbocx.ocx (WindowBlinds : DirectSkin /Stardock.Net, Inc)
IAT C:\Program Files\Ideazon\ZEngine\Zboard.exe[2080] @ C:\Windows\system32\RPCRT4.dll [KERNEL32.dll!GetProcAddress] [63027DC9] C:\Windows\system32\wbocx.ocx (WindowBlinds : DirectSkin /Stardock.Net, Inc)
IAT C:\Program Files\Ideazon\ZEngine\Zboard.exe[2080] @ C:\Windows\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryA] [63027C10] C:\Windows\system32\wbocx.ocx (WindowBlinds : DirectSkin /Stardock.Net, Inc)
IAT C:\Program Files\Ideazon\ZEngine\Zboard.exe[2080] @ C:\Windows\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryW] [63027C64] C:\Windows\system32\wbocx.ocx (WindowBlinds : DirectSkin /Stardock.Net, Inc)
IAT C:\Program Files\Ideazon\ZEngine\Zboard.exe[2080] @ C:\Windows\system32\RPCRT4.dll [KERNEL32.dll!CreateThread] [63027D31] C:\Windows\system32\wbocx.ocx (WindowBlinds : DirectSkin /Stardock.Net, Inc)
IAT C:\Program Files\Ideazon\ZEngine\Zboard.exe[2080] @ C:\Windows\system32\ole32.dll [GDI32.dll!DeleteObject] [6305A5B5] C:\Windows\system32\wbocx.ocx (WindowBlinds : DirectSkin /Stardock.Net, Inc)
IAT C:\Program Files\Ideazon\ZEngine\Zboard.exe[2080] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!CreateThread] [63027D31] C:\Windows\system32\wbocx.ocx (WindowBlinds : DirectSkin /Stardock.Net, Inc)
IAT C:\Program Files\Ideazon\ZEngine\Zboard.exe[2080] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!LoadLibraryW] [63027C64] C:\Windows\system32\wbocx.ocx (WindowBlinds : DirectSkin /Stardock.Net, Inc)
IAT C:\Program Files\Ideazon\ZEngine\Zboard.exe[2080] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!LoadLibraryA] [63027C10] C:\Windows\system32\wbocx.ocx (WindowBlinds : DirectSkin /Stardock.Net, Inc)
IAT C:\Program Files\Ideazon\ZEngine\Zboard.exe[2080] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!GetProcAddress] [63027DC9] C:\Windows\system32\wbocx.ocx (WindowBlinds : DirectSkin /Stardock.Net, Inc)
IAT C:\Program Files\Ideazon\ZEngine\Zboard.exe[2080] @ C:\Windows\system32\ole32.dll [USER32.dll!GetSysColor] [6305A531] C:\Windows\system32\wbocx.ocx (WindowBlinds : DirectSkin /Stardock.Net, Inc)
IAT C:\Program Files\Ideazon\ZEngine\Zboard.exe[2080] @ C:\Windows\system32\ole32.dll [USER32.dll!CallWindowProcW] [6305648D] C:\Windows\system32\wbocx.ocx (WindowBlinds : DirectSkin /Stardock.Net, Inc)
IAT C:\Program Files\Ideazon\ZEngine\Zboard.exe[2080] @ C:\Windows\system32\ole32.dll [USER32.dll!DefWindowProcW] [61001890] C:\Windows\system32\wbhelp2.dll (WindowBlinds Helper DLL/Stardock.Net, Inc)
IAT C:\Program Files\Ideazon\ZEngine\Zboard.exe[2080] @ C:\Windows\system32\ole32.dll [USER32.dll!GetWindowLongW] [610015E0] C:\Windows\system32\wbhelp2.dll (WindowBlinds Helper DLL/Stardock.Net, Inc)
IAT C:\Program Files\Ideazon\ZEngine\Zboard.exe[2080] @ C:\Windows\system32\ole32.dll [USER32.dll!SetWindowLongW] [61001570] C:\Windows\system32\wbhelp2.dll (WindowBlinds Helper DLL/Stardock.Net, Inc)
IAT C:\Program Files\Ideazon\ZEngine\Zboard.exe[2080] @ C:\Windows\system32\ole32.dll [USER32.dll!GetWindowRect] [6301D39F] C:\Windows\system32\wbocx.ocx (WindowBlinds : DirectSkin /Stardock.Net, Inc)
IAT C:\Program Files\Ideazon\ZEngine\Zboard.exe[2080] @ C:\Windows\system32\ole32.dll [USER32.dll!MoveWindow] [6301CF7F] C:\Windows\system32\wbocx.ocx (WindowBlinds : DirectSkin /Stardock.Net, Inc)
IAT C:\Program Files\Ideazon\ZEngine\Zboard.exe[2080] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryW] [63027C64] C:\Windows\system32\wbocx.ocx (WindowBlinds : DirectSkin /Stardock.Net, Inc)
IAT C:\Program Files\Ideazon\ZEngine\Zboard.exe[2080] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!CreateThread] [63027D31] C:\Windows\system32\wbocx.ocx (WindowBlinds : DirectSkin /Stardock.Net, Inc)
IAT C:\Program Files\Ideazon\ZEngine\Zboard.exe[2080] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] [63027C10] C:\Windows\system32\wbocx.ocx (WindowBlinds : DirectSkin /Stardock.Net, Inc)
IAT C:\Program Files\Ideazon\ZEngine\Zboard.exe[2080] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [63027DC9] C:\Windows\system32\wbocx.ocx (WindowBlinds : DirectSkin /Stardock.Net, Inc)
IAT C:\Program Files\Ideazon\ZEngine\Zboard.exe[2080] @ C:\Windows\system32\SHLWAPI.dll [GDI32.dll!DeleteObject] [6305A5B5] C:\Windows\system32\wbocx.ocx (WindowBlinds : DirectSkin /Stardock.Net, Inc)
IAT C:\Program Files\Ideazon\ZEngine\Zboard.exe[2080] @ C:\Windows\system32\SHLWAPI.dll [USER32.dll!SetWindowLongW] [61001570] C:\Windows\system32\wbhelp2.dll (WindowBlinds Helper DLL/Stardock.Net, Inc)
IAT C:\Program Files\Ideazon\ZEngine\Zboard.exe[2080] @ C:\Windows\system32\SHLWAPI.dll [USER32.dll!GetSysColor] [6305A531] C:\Windows\system32\wbocx.ocx (WindowBlinds : DirectSkin /Stardock.Net, Inc)
IAT C:\Program Files\Ideazon\ZEngine\Zboard.exe[2080] @ C:\Windows\system32\SHLWAPI.dll [USER32.dll!DefWindowProcW] [61001890] C:\Windows\system32\wbhelp2.dll (WindowBlinds Helper DLL/Stardock.Net, Inc)
IAT C:\Program Files\Ideazon\ZEngine\Zboard.exe[2080] @ C:\Windows\system32\SHLWAPI.dll [USER32.dll!DefWindowProcA] [61001850] C:\Windows\system32\wbhelp2.dll (WindowBlinds Helper DLL/Stardock.Net, Inc)
IAT C:\Program Files\Ideazon\ZEngine\Zboard.exe[2080] @ C:\Windows\system32\SHLWAPI.dll [USER32.dll!GetWindowLongA] [610015B0] C:\Windows\system32\wbhelp2.dll (WindowBlinds Helper DLL/Stardock.Net, Inc)
IAT C:\Program Files\Ideazon\ZEngine\Zboard.exe[2080] @ C:\Windows\system32\SHLWAPI.dll [USER32.dll!SetWindowLongA] [61001530] C:\Windows\system32\wbhelp2.dll (WindowBlinds Helper DLL/Stardock.Net, Inc)
IAT C:\Program Files\Ideazon\ZEngine\Zboard.exe[2080] @ C:\Windows\system32\shell32.dll [KERNEL32.dll!CreateThread] [63027D31] C:\Windows\system32\wbocx.ocx (WindowBlinds : DirectSkin /Stardock.Net, Inc)
IAT C:\Program Files\Ideazon\ZEngine\Zboard.exe[2080] @ C:\Windows\system32\shell32.dll [KERNEL32.dll!GetProcAddress] [63027DC9] C:\Windows\system32\wbocx.ocx (WindowBlinds : DirectSkin /Stardock.Net, Inc)
IAT C:\Program Files\Ideazon\ZEngine\Zboard.exe[2080] @ C:\Windows\system32\shell32.dll [KERNEL32.dll!LoadLibraryW] [63027C64] C:\Windows\system32\wbocx.ocx (WindowBlinds : DirectSkin /Stardock.Net, Inc)
IAT C:\Program Files\Ideazon\ZEngine\Zboard.exe[2080] @ C:\Windows\system32\shell32.dll [KERNEL32.dll!LoadLibraryA] [63027C10] C:\Windows\system32\wbocx.ocx (WindowBlinds : DirectSkin /Stardock.Net, Inc)
IAT C:\Program Files\Ideazon\ZEngine\Zboard.exe[2080] @ C:\Windows\system32\shell32.dll [GDI32.dll!DeleteObject] [6305A5B5] C:\Windows\system32\wbocx.ocx (WindowBlinds : DirectSkin /Stardock.Net, Inc)
IAT C:\Program Files\Ideazon\ZEngine\Zboard.exe[2080] @ C:\Windows\system32\shell32.dll [USER32.dll!TrackPopupMenuEx] [63027DA4] C:\Windows\system32\wbocx.ocx (WindowBlinds : DirectSkin /Stardock.Net, Inc)
IAT C:\Program Files\Ideazon\ZEngine\Zboard.exe[2080] @ C:\Windows\system32\shell32.dll [USER32.dll!SetWindowLongA] [61001530] C:\Windows\system32\wbhelp2.dll (WindowBlinds Helper DLL/Stardock.Net, Inc)
IAT C:\Program Files\Ideazon\ZEngine\Zboard.exe[2080] @ C:\Windows\system32\shell32.dll [USER32.dll!GetWindowLongA] [610015B0] C:\Windows\system32\wbhelp2.dll (WindowBlinds Helper DLL/Stardock.Net, Inc)
IAT C:\Program Files\Ideazon\ZEngine\Zboard.exe[2080] @ C:\Windows\system32\shell32.dll [USER32.dll!CallWindowProcW] [6305648D] C:\Windows\system32\wbocx.ocx (WindowBlinds : DirectSkin /Stardock.Net, Inc)
IAT C:\Program Files\Ideazon\ZEngine\Zboard.exe[2080] @ C:\Windows\system32\shell32.dll [USER32.dll!DeferWindowPos] [610014A0] C:\Windows\system32\wbhelp2.dll (WindowBlinds Helper DLL/Stardock.Net, Inc)
IAT C:\Program Files\Ideazon\ZEngine\Zboard.exe[2080] @ C:\Windows\system32\shell32.dll [USER32.dll!TrackPopupMenu] [63027D7C] C:\Windows\system32\wbocx.ocx (WindowBlinds : DirectSkin /Stardock.Net, Inc)
IAT C:\Program Files\Ideazon\ZEngine\Zboard.exe[2080] @ C:\Windows\system32\shell32.dll [USER32.dll!GetWindowPlacement] [6301CD6C] C:\Windows\system32\wbocx.ocx (WindowBlinds : DirectSkin /Stardock.Net, Inc)
IAT C:\Program Files\Ideazon\ZEngine\Zboard.exe[2080] @ C:\Windows\system32\shell32.dll [USER32.dll!DrawFrameControl] [6301D920] C:\Windows\system32\wbocx.ocx (WindowBlinds : DirectSkin /Stardock.Net, Inc)
IAT C:\Program Files\Ideazon\ZEngine\Zboard.exe[2080] @ C:\Windows\system32\shell32.dll [USER32.dll!GetSysColorBrush] [6305A5E8] C:\Windows\system32\wbocx.ocx (WindowBlinds : DirectSkin /Stardock.Net, Inc)
IAT C:\Program Files\Ideazon\ZEngine\Zboard.exe[2080] @ C:\Windows\system32\shell32.dll [USER32.dll!MoveWindow] [6301CF7F] C:\Windows\system32\wbocx.ocx (WindowBlinds : DirectSkin /Stardock.Net, Inc)
IAT C:\Program Files\Ideazon\ZEngine\Zboard.exe[2080] @ C:\Windows\system32\shell32.dll [USER32.dll!SetWindowPos] [6301D18A] C:\Windows\system32\wbocx.ocx (WindowBlinds : DirectSkin /Stardock.Net, Inc)
IAT C:\Program Files\Ideazon\ZEngine\Zboard.exe[2080] @ C:\Windows\system32\shell32.dll [USER32.dll!GetSysColor] [6305A531] C:\Windows\system32\wbocx.ocx (WindowBlinds : DirectSkin /Stardock.Net, Inc)
IAT C:\Program Files\Ideazon\ZEngine\Zboard.exe[2080] @ C:\Windows\system32\shell32.dll [USER32.dll!FillRect] [63027A71] C:\Windows\system32\wbocx.ocx (WindowBlinds : DirectSkin /Stardock.Net, Inc)
IAT C:\Program Files\Ideazon\ZEngine\Zboard.exe[2080] @ C:\Windows\system32\shell32.dll [USER32.dll!GetWindowRect] [6301D39F] C:\Windows\system32\wbocx.ocx (WindowBlinds : DirectSkin /Stardock.Net, Inc)
IAT C:\Program Files\Ideazon\ZEngine\Zboard.exe[2080] @ C:\Windows\system32\shell32.dll [USER32.dll!DefWindowProcW] [61001890] C:\Windows\system32\wbhelp2.dll (WindowBlinds Helper DLL/Stardock.Net, Inc)
IAT C:\Program Files\Ideazon\ZEngine\Zboard.exe[2080] @ C:\Windows\system32\shell32.dll [USER32.dll!GetWindowLongW] [610015E0] C:\Windows\system32\wbhelp2.dll (WindowBlinds Helper DLL/Stardock.Net, Inc)
IAT C:\Program Files\Ideazon\ZEngine\Zboard.exe[2080] @ C:\Windows\system32\shell32.dll [USER32.dll!SetWindowLongW] [61001570] C:\Windows\system32\wbhelp2.dll (WindowBlinds Helper DLL/Stardock.Net, Inc)
IAT C:\Program Files\Ideazon\ZEngine\Zboard.exe[2080] @ C:\Windows\system32\shell32.dll [USER32.dll!SetScrollInfo] [61001750] C:\Windows\system32\wbhelp2.dll (WindowBlinds Helper DLL/Stardock.Net, Inc)
IAT C:\Program Files\Ideazon\ZEngine\Zboard.exe[2080] @ C:\Windows\system32\WS2_32.dll [KERNEL32.dll!CreateThread] [63027D31] C:\Windows\system32\wbocx.ocx (WindowBlinds : DirectSkin /Stardock.Net, Inc)
IAT C:\Program Files\Ideazon\ZEngine\Zboard.exe[2080] @ C:\Windows\system32\WS2_32.dll [KERNEL32.dll!GetProcAddress] [63027DC9] C:\Windows\system32\wbocx.ocx (WindowBlinds : DirectSkin /Stardock.Net, Inc)
IAT C:\Program Files\Ideazon\ZEngine\Zboard.exe[2080] @ C:\Windows\system32\WS2_32.dll [KERNEL32.dll!LoadLibraryA] [63027C10] C:\Windows\system32\wbocx.ocx (WindowBlinds : DirectSkin /Stardock.Net, Inc)
IAT C:\Program Files\Ideazon\ZEngine\Zboard.exe[2080] @ C:\Windows\system32\WS2_32.dll [KERNEL32.dll!LoadLibraryW] [63027C64] C:\Windows\system32\wbocx.ocx (WindowBlinds : DirectSkin /Stardock.Net, Inc)
IAT C:\Program Files\Ideazon\ZEngine\Zboard.exe[2080] @ C:\Windows\system32\SAMLIB.dll [KERNEL32.dll!LoadLibraryA] [63027C10] C:\Windows\system32\wbocx.ocx (WindowBlinds : DirectSkin /Stardock.Net, Inc)
IAT C:\Program Files\Ideazon\ZEngine\Zboard.exe[2080] @ C:\Windows\system32\SAMLIB.dll [KERNEL32.dll!GetProcAddress] [63027DC9] C:\Windows\system32\wbocx.ocx (WindowBlinds : DirectSkin /Stardock.Net, Inc)
IAT C:\Program Files\Ideazon\ZEngine\Zboard.exe[2080] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!CreateThread] [63027D31] C:\Windows\system32\wbocx.ocx (WindowBlinds : DirectSkin /Stardock.Net, Inc)
IAT C:\Program Files\Ideazon\ZEngine\Zboard.exe[2080] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!LoadLibraryW] [63027C64] C:\Windows\system32\wbocx.ocx (WindowBlinds : DirectSkin /Stardock.Net, Inc)
IAT C:\Program Files\Ideazon\ZEngine\Zboard.exe[2080] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!GetProcAddress] [63027DC9] C:\Windows\system32\wbocx.ocx (WindowBlinds : DirectSkin /Stardock.Net, Inc)
IAT C:\Program Files\Ideazon\ZEngine\Zboard.exe[2080] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!LoadLibraryA] [63027C10] C:\Windows\system32\wbocx.ocx (WindowBlinds : DirectSkin /Stardock.Net, Inc)
IAT C:\Program Files\Ideazon\ZEngine\Zboard.exe[2080] @ C:\Windows\system32\WININET.dll [USER32.dll!DefWindowProcA] [61001850] C:\Windows\system32\wbhelp2.dll (WindowBlinds Helper DLL/Stardock.Net, Inc)
IAT C:\Program Files\Ideazon\ZEngine\Zboard.exe[2080] @ C:\Windows\system32\WININET.dll [USER32.dll!SetWindowLongA] [61001530] C:\Windows\system32\wbhelp2.dll (WindowBlinds Helper DLL/Stardock.Net, Inc)
IAT C:\Program Files\Ideazon\ZEngine\Zboard.exe[2080] @ C:\Windows\system32\WININET.dll [USER32.dll!GetWindowLongA] [610015B0] C:\Windows\system32\wbhelp2.dll (WindowBlinds Helper DLL/Stardock.Net, Inc)
IAT C:\Program Files\Ideazon\ZEngine\Zboard.exe[2080] @ C:\Windows\system32\WININET.dll [USER32.dll!SetWindowPos] [6301D18A] C:\Windows\system32\wbocx.ocx (WindowBlinds : DirectSkin /Stardock.Net, Inc)
IAT C:\Program Files\Ideazon\ZEngine\Zboard.exe[2080] @ C:\Windows\system32\WININET.dll [USER32.dll!GetWindowRect] [6301D39F] C:\Windows\system32\wbocx.ocx (WindowBlinds : DirectSkin /Stardock.Net, Inc)
IAT C:\Program Files\Ideazon\ZEngine\Zboard.exe[2080] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!GetProcAddress] [63027DC9] C:\Windows\system32\wbocx.ocx (WindowBlinds : DirectSkin /Stardock.Net, Inc)
IAT C:\Program Files\Ideazon\ZEngine\Zboard.exe[2080] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryA] [63027C10] C:\Windows\system32\wbocx.ocx (WindowBlinds : DirectSkin /Stardock.Net, Inc)
IAT C:\Program Files\Ideazon\ZEngine\Zboard.exe[2080] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!CreateThread] [63027D31] C:\Windows\system32\wbocx.ocx (WindowBlinds : DirectSkin /Stardock.Net, Inc)
IAT C:\Program Files\Ideazon\ZEngine\Zboard.exe[2080] @ C:\Windows\system32\USERENV.dll [KERNEL32.dll!CreateThread] [63027D31] C:\Windows\system32\wbocx.ocx (WindowBlinds : DirectSkin /Stardock.Net, Inc)
IAT C:\Program Files\Ideazon\ZEngine\Zboard.exe[2080] @ C:\Windows\system32\USERENV.dll [KERNEL32.dll!GetProcAddress] [63027DC9] C:\Windows\system32\wbocx.ocx (WindowBlinds : DirectSkin /Stardock.Net, Inc)
IAT C:\Program Files\Ideazon\ZEngine\Zboard.exe[2080] @ C:\Windows\system32\USERENV.dll [KERNEL32.dll!LoadLibraryA] [63027C10] C:\Windows\system32\wbocx.ocx (WindowBlinds : DirectSkin /Stardock.Net, Inc)
IAT C:\Program Files\Ideazon\ZEngine\Zboard.exe[2080] @ C:\Windows\system32\Secur32.dll [KERNEL32.dll!LoadLibraryA] [63027C10] C:\Windows\system32\wbocx.ocx (WindowBlinds : DirectSkin /Stardock.Net, Inc)
IAT C:\Program Files\Ideazon\ZEngine\Zboard.exe[2080] @ C:\Windows\system32\Secur32.dll [KERNEL32.dll!LoadLibraryW] [63027C64] C:\Windows\system32\wbocx.ocx (WindowBlinds : DirectSkin /Stardock.Net, Inc)
IAT C:\Program Files\Ideazon\ZEngine\Zboard.exe[2080] @ C:\Windows\system32\Secur32.dll [KERNEL32.dll!GetProcAddress] [63027DC9] C:\Windows\system32\wbocx.ocx (WindowBlinds : DirectSkin /Stardock.Net, Inc)
IAT C:\Windows\Explorer.EXE[2996] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage] [7414FE0C] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6000.16386_none_9ea0ac9ec96e7127\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2996] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI] [7411C53D] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6000.16386_none_9ea0ac9ec96e7127\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2996] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode] [7410A31F] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6000.16386_none_9ea0ac9ec96e7127\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2996] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode] [7410CBEF] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6000.16386_none_9ea0ac9ec96e7127\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2996] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC] [74108AAA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6000.16386_none_9ea0ac9ec96e7127\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2996] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStream] [7411DAB8] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6000.16386_none_9ea0ac9ec96e7127\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2996] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight] [74107D8D] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6000.16386_none_9ea0ac9ec96e7127\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2996] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth] [74107CF4] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6000.16386_none_9ea0ac9ec96e7127\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2996] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage] [74106A4E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6000.16386_none_9ea0ac9ec96e7127\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2996] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFileICM] [7419BE7C] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6000.16386_none_9ea0ac9ec96e7127\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2996] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFile] [74128A5E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6000.16386_none_9ea0ac9ec96e7127\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2996] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics] [741090CD] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6000.16386_none_9ea0ac9ec96e7127\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2996] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree] [74112248] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6000.16386_none_9ea0ac9ec96e7127\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2996] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc] [74112273] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6000.16386_none_9ea0ac9ec96e7127\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2996] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown] [74117724] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6000.16386_none_9ea0ac9ec96e7127\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2996] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup] [74117546] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6000.16386_none_9ea0ac9ec96e7127\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2996] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStreamICM] [7414861D] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6000.16386_none_9ea0ac9ec96e7127\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

---- Devices - GMER 1.0.14 ----

Device \FileSystem\Ntfs \Ntfs 84C521F8
Device \Driver\netbt \Device\NetBT_Tcpip_{E908E245-0BE5-4896-9D28-3A80FEBAF386} 85F051F8
Device \Driver\volmgr \Device\VolMgrControl 84C4F1F8
Device \Driver\usbuhci \Device\USBPDO-0 85B7B1F8
Device \Driver\usbuhci \Device\USBPDO-1 85B7B1F8
Device \Driver\usbuhci \Device\USBPDO-2 85B7B1F8
Device \Driver\PCI_PNP3716 \Device\00000053 spau.sys
Device \Driver\usbuhci \Device\USBPDO-3 85B7B1F8
Device \Driver\usbehci \Device\USBPDO-4 85B93500

AttachedDevice \Driver\tdx \Device\Tcp aswRdr.SYS (avast! TDI RDR Driver/ALWIL Software)

Device \Driver\volmgr \Device\HarddiskVolume1 84C4F1F8
Device \Driver\volmgr \Device\HarddiskVolume2 84C4F1F8
Device \Driver\volmgr \Device\HarddiskVolume3 84C4F1F8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-0 84C511F8
Device \Driver\atapi \Device\Ide\IdeDeviceP2T0L0-2 84C511F8
Device \Driver\atapi \Device\Ide\IdePort0 84C511F8
Device \Driver\atapi \Device\Ide\IdePort1 84C511F8
Device \Driver\atapi \Device\Ide\IdePort2 84C511F8
Device \Driver\atapi \Device\Ide\IdePort3 84C511F8
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-1 84C511F8
Device \Driver\atapi \Device\Ide\IdeDeviceP2T1L0-5 84C511F8
Device \Driver\volmgr \Device\HarddiskVolume4 84C4F1F8
Device \Driver\USBSTOR \Device\00000067 85FE1500
Device \Driver\volmgr \Device\HarddiskVolume5 84C4F1F8
Device \Driver\USBSTOR \Device\00000068 85FE1500
Device \Driver\volmgr \Device\HarddiskVolume6 84C4F1F8
Device \Driver\USBSTOR \Device\00000069 85FE1500
Device \Driver\netbt \Device\NetBt_Wins_Export 85F051F8
Device \Driver\Smb \Device\NetbiosSmb 85F8B1F8
Device \Driver\iScsiPrt \Device\RaidPort0 85BDE1F8
Device \Driver\USBSTOR \Device\0000006a 85FE1500
Device \Driver\USBSTOR \Device\0000006b 85FE1500
Device \Driver\usbuhci \Device\USBFDO-0 85B7B1F8
Device \Driver\usbuhci \Device\USBFDO-1 85B7B1F8
Device \Driver\usbuhci \Device\USBFDO-2 85B7B1F8
Device \Driver\usbuhci \Device\USBFDO-3 85B7B1F8
Device \Driver\sptd \Device\2139277466 spau.sys
Device \Driver\usbehci \Device\USBFDO-4 85B93500
Device \Driver\a71ow4rn \Device\Scsi\a71ow4rn1 85D1C1F8
Device \Driver\a71ow4rn \Device\Scsi\a71ow4rn1Port5Path0Target0Lun0 85D1C1F8
Device \FileSystem\cdfs \Cdfs A13461F8

---- Registry - GMER 1.0.14 ----

Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 1
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x57 0xEC 0x95 0x7C ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Program Files\Alcohol 120\
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew 0xD2 0xA0 0x8C 0x88 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew 0x36 0xB3 0x52 0x20 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x26 0xDF 0xE3 0x78 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x6D 0x7E 0x3B 0x6B ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x60 0x93 0xE4 0x58 ...
Reg HKLM\SYSTEM\ControlSet016\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04
Reg HKLM\SYSTEM\ControlSet016\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 1
Reg HKLM\SYSTEM\ControlSet016\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0xC1 0xEB 0xFA 0x1D ...
Reg HKLM\SYSTEM\ControlSet016\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\ControlSet016\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools\
Reg HKLM\SYSTEM\ControlSet016\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet016\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x26 0xDF 0xE3 0x78 ...
Reg HKLM\SYSTEM\ControlSet016\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Reg HKLM\SYSTEM\ControlSet016\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet016\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x6D 0x7E 0x3B 0x6B ...
Reg HKLM\SYSTEM\ControlSet016\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Reg HKLM\SYSTEM\ControlSet016\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x60 0x93 0xE4 0x58 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 2
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x57 0xEC 0x95 0x7C ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Program Files\Alcohol 120\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew 0xD2 0xA0 0x8C 0x88 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew 0x36 0xB3 0x52 0x20 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x26 0xDF 0xE3 0x78 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x6D 0x7E 0x3B 0x6B ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x60 0x93 0xE4 0x58 ...
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\ëcÓw
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\ëcÓw@b049C053C7D38EE4AB9A00CB3B5D2472 C?\Program Files\Common Files\Microsoft Shared\Web Folders\PUBPLACE.HTT
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\EE52C87977754e64988837C292C7DBDB\Usage@statusexe 950681861
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\EMDMgmt\kYÌ
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\EMDMgmt\kYÌ@CacheSizeInMB 0
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\EMDMgmt\kYÌ@CacheStatus 2
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\EMDMgmt\kYÌ@USBVersion 131072
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\EMDMgmt\kYÌ@ReadSpeedKBs 757
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\EMDMgmt\kYÌ@WriteSpeedKBs 0
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\EMDMgmt\kYÌ@PhysicalDeviceSizeMB 238472
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\EMDMgmt\kYÌ@RecommendedCacheSizeMB 0
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\EMDMgmt\kYÌ@HasSlowRegions 0
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\EMDMgmt\kYÌ@DoRetestDevice 0
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\EMDMgmt\kYÌ@DeviceStatus 4
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\EMDMgmt\kYÌ@LastTestedTime 0xEE 0xE4 0x35 0x17 ...
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@AppInit_DLLs
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@LoadAppInit_DLLs 0
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@IconServiceLib IconCodecService.dll
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@DdeSendTimeout 0
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@DesktopHeapLogging 1
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@GDIProcessHandleQuota 10000
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@ShutdownWarningDialogTimeout -1
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@USERPostMessageLimit 10000
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@USERProcessHandleQuota 10000
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@ mnmsrvc
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@DeviceNotSelectedTimeout 15
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@Spooler yes
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@TransmissionRetryTimeout 90

---- EOF - GMER 1.0.14 ----

Hujo · 10.05.2008

ookos tehnyt noi muut tosta ylempää

mailis · 10.05.2008

Kyllä, hjt:llä korjattu merkatut sekä Poisto.bat tehty ja aktivoitu, jolloin ikkuna välähti kuvaruudulla.

Hujo · 10.05.2008

no mites kone toimii

mailis · 11.05.2008

Virus varoitukset on loppunut, joten taitaa kaikki olla poistettu, eikä konekaan enää jumita pahemmin. Itse taisin tehdä jotain, kun omilla tunnuksilla Explorer kaatui koko ajan ja kaikki kuvakkeet katosiviat. Poistin käynnistyksestä pari ylimääräistä tuntematonta objektia AWC:llä ja ajoin MBAM:n uudestaan, joka löysikin lisää troijalaisia. Nyt kone tuntuu olevan kunnossa.

Hujo · 12.05.2008

saakkos ajettua tuolla combofixsillä.

mailis · 12.05.2008

En saa. Samat virheilmoitukset tulevat kuin viimeksikin ja yksi uusi numerolla 0x2371. Ohjelma ei tee mitään sen jälkeen kun on rekisterin kopionut, vain virhe ilmoitus jää.

Hujo · 12.05.2008

scannaa uusi hjt:n loki

mailis · 12.05.2008

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:32, on 2008-05-12
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16643)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Ideazon\ZEngine\Zboard.exe
C:\Program Files\Avast4\ashDisp.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Users\Sami\Program Files\uTorrent\uTorrent.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [Zboard] C:\Program Files\Ideazon\ZEngine\Zboard.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe"
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'Paikallinen palvelu')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'Paikallinen palvelu')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'Verkkopalvelu')
O4 - HKUS\S-1-5-21-2000478354-57989841-725345543-1007\..\Run: [uTorrent] "C:\Users\Sami\Program Files\uTorrent\uTorrent.exe" (User 'Sami')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: V&ie Microsoft Exceliin - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O13 - Gopher Prefix:
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.6.108.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - http://www.update.microsoft.com/win...ls/en/x86/client/wuweb_site.cab?1188758834687
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe Active File Monitor V6 (AdobeActiveFileMonitor6.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Avast4\aswUpdSv.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\Windows\System32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Avast4\ashWebSv.exe
O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod-palvelu (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: perfmons Service (perfmons) - Unknown owner - C:\Windows\system32\perfs.exe (file missing)
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\Windows\system32\IoctlSvc.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: SmartLinkService (SLService) - - C:\Windows\SYSTEM32\slserv.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe

--
End of file - 6819 bytes

Hujo · 12.05.2008

tuo rivi vielä tuolla on

O23 - Service: perfmons Service (perfmons) - Unknown owner - C:\Windows\system32\perfs.exe (file missing)

Mene käynnistä -> suorita -> services.msc -> ok

etsi tuo service tupla klikkaa sitä laita seis alasvetovalikosta ei käytössä

Käytä ja ok

Kirjaudu tai liity jäseneksi

Kone jumittaa ja virukset ilmestyvät aina uudestaan

mailis Member

Hujo Guest

mailis Member

Hujo Guest

mailis Member

Hujo Guest

mailis Member

Hujo Guest

mailis Member

Hujo Guest

mailis Member

Hujo Guest

mailis Member

Hujo Guest

mailis Member

Hujo Guest

mailis Member

Hujo Guest

mailis Member

Hujo Guest

Jaa tämä sivu

Kirjaudu tai liity jäseneksi

Kone jumittaa ja virukset ilmestyvät aina uudestaan

mailis Member

Hujo Guest

mailis Member

Hujo Guest

mailis Member

Hujo Guest

mailis Member

Hujo Guest

mailis Member

Hujo Guest

mailis Member

Hujo Guest

mailis Member

Hujo Guest

mailis Member

Hujo Guest

mailis Member

Hujo Guest

mailis Member

Hujo Guest

Jaa tämä sivu

Hyödyllisiä hakuja