b3r53rk3r
(Mati Vegetto)
15 Sierpień 2007 23:38
#1
Witam, mam następujący problem: Od pewnego czasu gdy gram w jakąkolwiek grę, raz na jakiś czas, samoistnie się ona minimalizuje. Gdy to się stanie, nic na pasku (oprócz tej zminimalizowanej gry) ani w tray’u dziwnego się nie pojawia, jedyne co to słyszę parę takich kliknięć (takich które słychać przy wchodzeniu w foldery). Oczywiście mogę później spokojnie przywrócić okno z grą i wszystko śmiga jak należy. Byłbym wdzięczny za pomoc w tej sprawie… Poniżej zamieszczam log z HiJackThis:
Logfile of HijackThis v1.99.1 Scan saved at 01:22:16, on 2007-08-16 Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\CyberLink\Shared files\RichVideo.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\SOUNDMAN.EXE C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\WINDOWS\TBPanel.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe C:\Program Files\Saitek\Software\ProfilerU.exe C:\Program Files\Saitek\Software\SaiMfd.exe C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe C:\Program Files\Internet Explorer\Setup\svchost.exe C:\Program Files\Gadu-Gadu\gg.exe C:\Program Files\D-Tools\daemon.exe C:\PROGRA~1\FlashGet\flashget.exe D:\Programy\HiJackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0 CE\Reader\ActiveX\AcroIEHelper.ocx O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\PROGRA~1\FlashGet\jccatch.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll O4 - HKLM…\Run: [soundMan] SOUNDMAN.EXE O4 - HKLM…\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM…\Run: [Gainward] C:\WINDOWS\TBPanel.exe /A O4 - HKLM…\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM…\Run: [nwiz] nwiz.exe /install O4 - HKLM…\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM…\Run: [sunJavaUpdateSched] “C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe” O4 - HKLM…\Run: [GrooveMonitor] “C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe” O4 - HKLM…\Run: [iMJPMIG8.1] “C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE” /Spoil /RemAdvDef /Migration32 O4 - HKLM…\Run: [iMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE O4 - HKLM…\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC O4 - HKLM…\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC O4 - HKLM…\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName O4 - HKLM…\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM…\Run: [Profiler] C:\Program Files\Saitek\Software\ProfilerU.exe O4 - HKLM…\Run: [saiMfd] C:\Program Files\Saitek\Software\SaiMfd.exe O4 - HKLM…\Run: [RemoteControl] “C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe” O4 - HKLM…\Run: [LanguageShortcut] “C:\Program Files\CyberLink\PowerDVD\Language\Language.exe” O4 - HKLM…\Run: [DAEMON Tools-1033] “C:\Program Files\D-Tools\daemon.exe” -lang 1033 O4 - HKLM…\Run: [svchost] C:\Program Files\Internet Explorer\Setup\svchost.exe O4 - HKCU…\Run: [Gadu-Gadu] “C:\Program Files\Gadu-Gadu\gg.exe” /tray O8 - Extra context menu item: &Ściągnij przy pomocy FlashGet’a - C:\PROGRA~1\FlashGet\jc_link.htm O8 - Extra context menu item: &Ściągnij wszystko przy pomocy FlashGet’a - C:\PROGRA~1\FlashGet\jc_all.htm O8 - Extra context menu item: E&ksportuj do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O9 - Extra ‘Tools’ menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O9 - Extra button: Wyślij do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra ‘Tools’ menuitem: Wyślij &do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe O9 - Extra ‘Tools’ menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra ‘Tools’ menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing) O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing) O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe
Z góry dziękuję za pomoc, pozdrawiam!!
qrczak13
(qrczak13)
16 Sierpień 2007 20:02
#2
Folder na czerwono usuń w trybie awaryjnym, a wpis w HijackThis.
Daj po tym log z ComboFix (opis zrobienia loga na samym dole strony).
b3r53rk3r
(Mati Vegetto)
16 Sierpień 2007 20:45
#3
Zrobione. Oto log z ComboFix:
ComboFix 07-08-14.4 - “Mateusz” 2007-08-16 22:38:46.3 - FAT32x86 Microsoft Windows XP Professional 5.1.2600.2.1250.1.1045.18.705 [GMT 2:00] ((((((((((((((((((((((((( Files Created from 2007-07-16 to 2007-08-16 ))))))))))))))))))))))))))))))) 2007-08-16 22:22 51,200 --a------ C:\WINDOWS\nircmd.exe 2007-08-16 20:09 2007-08-16 17:35 2007-08-15 16:24 24 --a------ C:\WINDOWS\popcinfo.dat 2007-08-06 21:12 2007-08-02 16:33 86,016 --a------ C:\WINDOWS\system32\OpenAL32.dll 2007-08-02 16:33 262,144 --a------ C:\WINDOWS\system32\wrap_oal.dll 2007-08-02 16:33 2007-08-01 13:17 2007-07-30 15:53 2007-07-30 15:53 2007-07-30 00:30 2007-07-29 23:35 2007-07-29 23:31 10,345 --a------ C:\WINDOWS\system32\drivers\hamachi.sys 2007-07-29 23:31 2007-07-27 22:18 2007-07-27 22:07 274,432 --a------ C:\WINDOWS\system32\IscDbc.dll 2007-07-27 22:07 262,144 --a------ C:\WINDOWS\system32\OdbcJdbcMT.dll 2007-07-27 22:07 253,952 --a------ C:\WINDOWS\system32\OdbcJdbc.dll 2007-07-27 22:07 155,648 --a------ C:\WINDOWS\system32\OdbcJdbcSetup.dll (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) 2007-07-28 00:07 783224 --a------ C:\WINDOWS\system32\aswBoot.exe 2007-07-28 00:02 94416 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys 2007-07-28 00:02 92848 --a------ C:\WINDOWS\system32\drivers\aswmon.sys 2007-07-28 00:00 23152 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys 2007-07-27 23:59 42912 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys 2007-07-27 23:58 26624 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys 2007-07-27 23:57 95608 --a------ C:\WINDOWS\system32\AVASTSS.scr 2007-07-10 00:23 --------- d-------- C:\Program Files\Common Files\DirectX 2007-07-09 13:39 --------- d-------- C:\Program Files\Dual Vibration Gamepad-Macro A 2007-07-09 12:55 12528 --a------ C:\WINDOWS\system32\drivers\secdrv.sys 2007-07-02 00:18 --------- d-------- C:\Program Files\ABBYY PDF Transformer 2.0 2007-06-28 17:44 --------- d–h----- C:\Program Files\CanonBJ 2007-06-27 19:54 --------- d-------- C:\DOCUME~1\Mateusz\DANEAP~1\Help 2007-06-26 15:57 851968 --------- C:\WINDOWS\system32\dllcache\vgx.dll 2007-06-26 08:10 1104896 --a------ C:\WINDOWS\system32\msxml3.dll 2007-06-26 08:10 1104896 --------- C:\WINDOWS\system32\dllcache\msxml3.dll 2007-06-19 15:32 282112 --a------ C:\WINDOWS\system32\gdi32.dll 2007-06-19 15:32 282112 --------- C:\WINDOWS\system32\dllcache\gdi32.dll 2007-06-16 15:37 --------- d-------- C:\Program Files\Canon 2007-06-13 15:23 1034752 --a------ C:\WINDOWS\explorer.exe 2007-06-13 15:23 1034752 --------- C:\WINDOWS\system32\dllcache\explorer.exe 2007-05-22 23:56 108144 --a------ C:\WINDOWS\system32\CmdLineExt.dll 2007-05-17 13:30 549376 --a------ C:\WINDOWS\system32\oleaut32.dll 2007-05-17 13:30 549376 --------- C:\WINDOWS\system32\dllcache\oleaut32.dll 2007-05-16 17:19 85504 --------- C:\WINDOWS\system32\dllcache\wabimp.dll 2007-05-16 17:19 510976 --------- C:\WINDOWS\system32\dllcache\wab32.dll 2007-05-16 17:19 1314816 --------- C:\WINDOWS\system32\dllcache\msoe.dll 2007-05-16 17:18 86528 --------- C:\WINDOWS\system32\dllcache\directdb.dll 2007-05-16 17:18 683520 --a------ C:\WINDOWS\system32\inetcomm.dll 2007-05-16 17:18 683520 --------- C:\WINDOWS\system32\dllcache\inetcomm.dll 2000-11-29 12:57 390867 --a------ C:\WINDOWS\Fonts.\RunMe.exe --------- C:\DOCUME~1\Mateusz\DANEAP~1\Moje pliki Bitwy o Śródziemie™ II ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] “SoundMan”=“SOUNDMAN.EXE” [2006-06-20 23:42 C:\WINDOWS\soundman.exe] “avast!”=“C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe” [2007-07-28 00:03] “Gainward”=“C:\WINDOWS\TBPanel.exe” [2006-09-14 11:51] “NvCplDaemon”=“C:\WINDOWS\system32\NvCpl.dll” [2006-08-11 15:43] “nwiz”=“nwiz.exe” [2006-08-11 15:43 C:\WINDOWS\system32\nwiz.exe] “NvMediaCenter”=“C:\WINDOWS\system32\NvMcTray.dll” [2006-08-11 15:43] “SunJavaUpdateSched”=“C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe” [2007-07-12 04:00] “GrooveMonitor”=“C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe” [2006-10-27 00:47] “IMJPMIG8.1”=“C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe” [2004-08-03 22:32] “IMEKRMIG6.1”=“C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE” [2002-09-29 00:00] “MSPY2002”=“C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe” [2004-08-03 22:31] “PHIME2002ASync”=“C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe” [2004-08-03 22:32] “PHIME2002A”=“C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe” [2004-08-03 22:32] “NeroFilterCheck”=“C:\WINDOWS\system32\NeroCheck.exe” [2001-07-09 10:50] “Profiler”=“C:\Program Files\Saitek\Software\ProfilerU.exe” [2005-10-18 14:34] “SaiMfd”=“C:\Program Files\Saitek\Software\SaiMfd.exe” [2005-11-03 11:09] “RemoteControl”=“C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe” [2005-12-07 22:57] “LanguageShortcut”=“C:\Program Files\CyberLink\PowerDVD\Language\Language.exe” [2006-05-18 11:29] “DAEMON Tools-1033”=“C:\Program Files\D-Tools\daemon.exe” [2004-03-12 22:43] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] “Gadu-Gadu”=“C:\Program Files\Gadu-Gadu\gg.exe” [2004-12-28 18:02] R0 a347bus;a347bus;C:\WINDOWS\system32\DRIVERS\a347bus.sys R0 a347scsi;a347scsi;C:\WINDOWS\system32\Drivers\a347scsi.sys R0 d346bus;d346bus;C:\WINDOWS\system32\DRIVERS\d346bus.sys R0 d346prt;d346prt;C:\WINDOWS\system32\Drivers\d346prt.sys R2 TBPanel;TBPanel;C:\WINDOWS\system32\drivers\TBPanel.sys R3 SaiMini;SaiMini;C:\WINDOWS\system32\DRIVERS\SaiMini.sys R3 SaiNtBus;SaiNtBus;C:\WINDOWS\system32\drivers\SaiBus.sys S3 SaiClass;SaiClass;C:\WINDOWS\system32\drivers\SaiNtBus.sys *Newly Created Service* - CATCHME ************************************************************************** catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2007-08-16 22:39:09 Windows 5.1.2600 Dodatek Service Pack 2 FAT NTAPI scanning hidden processes … scanning hidden autostart entries … scanning hidden files … scan completed successfully hidden files: 0 ************************************************************************** Completion time: 2007-08-16 22:39:26 C:\ComboFix-quarantined-files.txt … 2007-08-16 22:39 — E O F —
Gutek
(Gutek)
16 Sierpień 2007 20:48
#4
Skan AVG Anti-Spyware 7.5 po update + raport
Pobierz program SDFix
b3r53rk3r
(Mati Vegetto)
16 Sierpień 2007 22:32
#5
Zrobione. Przeskanowałem AVG, znalazło koło 500 trackerów, zrobiłem na wszystkich zalecaną operację - delete. Oto Raport z AVG:
http://www.wklej.org/id/c8f610ec8c
Oto Raport z SDFix:
jessica
(jessica)
16 Sierpień 2007 23:28
#6
Powinno być OK. Przynajmniej tak wynika z raportów.
jessi
b3r53rk3r
(Mati Vegetto)
19 Sierpień 2007 20:32
#7
No i jest ok :!: Przetestowałem sobie trochę i stwierdzam, że problem zniknął Dzięki wielkie za pomoc :!: Mam jeszcze pytanie co polecacie żeby się ochronić przed spywarem itd ??