Minimalizacja gier do paska

Dla specjalistów Bezpieczeństwo
#1

Cześć

Postawię sprawę jasno. Podczas grania co jakiś czas aplikacje po prostu wyrzucają mnie do pulpitu po czym muszę ją z powrotem maksymalizować. Jest to cholernie denerwujące dlatego proszę o pomoc! Poczytałem już wiele innych tematów o tym samym problemie, ale jakoś nie potrafię temu zaradzić.

Jest to problem odkąd skopiowałem grę od znajomego na swój dysk , czyli z pewnością jakiś upierdliwy wirus. Antywirus Malwarebytes nic nie wykrył dlatego daję loga z HJT być może to coś zmieni. Pisanie jakiego mam sprzętu to marnowanie czasu, wcześniej tego nie było. (czyt. pogrubione) Dodam tylko, że jest to win7.

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 12:49:19, on 2011-07-28

Platform: Unknown Windows (WinNT 6.01.3504)

MSIE: Internet Explorer v8.00 (8.00.7600.16671)

Boot mode: Normal


Running processes:

C:\Windows\system32\taskhost.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe

C:\Program Files\Vtune\TBPANEL.exe

C:\Program Files\Valve\Steam.exe

C:\Program Files\Gadu-Gadu 10\gg.exe

C:\Program Files\Avira\AntiVir Desktop\avnotify.exe

C:\Program Files\Windows Media Player\wmplayer.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\Mozilla Firefox\plugin-container.exe

C:\Users\Mars\Downloads\HiJackThis\HijackThis.exe


R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 

R3 - URLSearchHook: (no name) - {6edc3889-b841-4127-a2bf-c5fc48f972c7} - (no file)

O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"

O4 - HKLM\..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe -s

O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent

O4 - HKCU\..\Run: [TBPanel] C:\Program Files\Vtune\TBPanel.exe /A

O4 - HKCU\..\Run: [Steam] "C:\Program Files\Valve\steam.exe" -silent

O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun

O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll

O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll

O13 - Gopher Prefix: 

O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe

O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe

O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe

O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe


--

End of file - 3556 bytes

Combofix

ComboFix 11-07-28.01 - Mars 2011-07-28 13:02:45.1.4 - x86

Microsoft Windows 7 Ultimate 6.1.7600.0.1250.48.1045.18.3070.1861 [GMT 2:00]

Uruchomiony z: c:\users\Mars\Downloads\ComboFix.exe

SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

 * Utworzono nowy punkt przywracania

.

.

((((((((((((((((((((((((((((((((((((((( Usunięto )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

E:\Autorun.inf

.

.

((((((((((((((((((((((((( Pliki utworzone od 2011-06-28 do 2011-07-28 )))))))))))))))))))))))))))))))

.

.

2011-07-28 11:15 . 2011-07-28 11:15	--------	d-----w-	c:\users\Default\AppData\Local\temp

2011-07-28 10:29 . 2011-07-28 10:29	--------	d-----w-	c:\users\Mars\AppData\Roaming\Malwarebytes

2011-07-28 10:29 . 2011-07-06 17:52	41272	----a-w-	c:\windows\system32\drivers\mbamswissarmy.sys

2011-07-28 10:29 . 2011-07-28 10:29	--------	d-----w-	c:\programdata\Malwarebytes

2011-07-28 10:29 . 2011-07-06 17:52	22712	----a-w-	c:\windows\system32\drivers\mbam.sys

2011-07-28 10:29 . 2011-07-28 10:29	--------	d-----w-	c:\program files\Malwarebytes' Anti-Malware

2011-07-27 20:08 . 2011-07-27 20:08	--------	d-----w-	c:\program files\Avira

2011-07-21 17:58 . 2011-07-21 17:58	--------	d-----w-	c:\program files\Warkeys

2011-07-19 15:02 . 2011-07-19 15:02	218688	----a-w-	c:\windows\system32\drivers\dtsoftbus01.sys

2011-07-19 15:02 . 2011-07-19 15:03	--------	d-----w-	c:\program files\DAEMON Tools Lite

2011-07-19 15:01 . 2011-07-19 15:08	--------	d-----w-	c:\users\Mars\AppData\Roaming\DAEMON Tools Lite

2011-07-19 15:01 . 2011-07-19 15:02	--------	d-----w-	c:\programdata\DAEMON Tools Lite

2011-07-19 14:55 . 2008-11-04 16:03	476160	----a-w-	C:\Need For Speed Pro Street Spolszczenie.exe

2011-07-19 13:33 . 2011-07-19 13:33	--------	d-----w-	c:\programdata\Electronic Arts

2011-07-19 13:33 . 2011-07-19 13:33	--------	d-----w-	c:\programdata\EA Core

2011-07-19 12:54 . 2011-07-19 12:54	--------	d-----w-	c:\programdata\Solidshield

.

.

.

(((((((((((((((((((((((((((((((((((((((( Sekcja Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-07-03 18:54 . 2011-05-24 14:18	138160	----a-w-	c:\windows\system32\drivers\PnkBstrK.sys

2011-07-03 18:54 . 2011-05-24 16:22	271200	----a-w-	c:\windows\system32\PnkBstrB.xtr

2011-07-03 18:54 . 2011-05-24 14:18	271200	----a-w-	c:\windows\system32\PnkBstrB.exe

2011-07-03 18:54 . 2011-05-24 14:18	103736	----a-w-	c:\windows\system32\PnkBstrB.ex0

2011-05-24 14:31 . 2011-05-24 14:18	75136	----a-w-	c:\windows\system32\PnkBstrA.exe

2011-05-24 14:18 . 2011-05-24 14:18	22328	----a-w-	c:\users\Mars\AppData\Roaming\PnkBstrK.sys

2011-05-12 14:07 . 2010-06-24 10:33	18328	----a-w-	c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll

.

.

((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane  

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"TBPanel"="c:\program files\Vtune\TBPanel.exe" [2008-09-05 2154496]

"Steam"="c:\program files\Valve\steam.exe" [2010-12-12 1242448]

"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2011-01-20 1305408]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]

"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2010-09-03 9726568]

"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-07-06 449584]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-07-06 449584]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Security Packages	REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

.

R3 GarenaPEngine;GarenaPEngine;c:\users\Mars\AppData\Local\Temp\VFRF1A0.tmp [x]

R3 RTTEAMPT;Realtek Teaming Protocol Driver (NDIS 6.0);c:\windows\system32\DRIVERS\RtTeam60.sys [2009-12-21 43520]

R3 RTVLANPT;Realtek Vlan Protocol Driver (NDIS 6.2);c:\windows\system32\DRIVERS\RtVlan60.sys [2007-12-03 19968]

R3 TEAM;Realtek Virtual Miniport Driver for Teaming (NDIS 6.0);c:\windows\system32\DRIVERS\RtTeam60.sys [2009-12-21 43520]

R3 WatAdminSvc;Usługa Technologie aktywacji systemu Windows;c:\windows\system32\Wat\WatAdminSvc.exe [2010-12-13 1343400]

S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2011-07-06 366640]

S2 RtNdPt60;Realtek NDIS Protocol Driver;c:\windows\system32\DRIVERS\RtNdPt60.sys [2009-07-20 27648]

S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2010-10-16 369256]

S3 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2011-07-19 218688]

S3 GGSAFERDriver;GGSAFER Driver;c:\program files\Garena\safedrv.sys [x]

S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-07-06 22712]

S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2010-09-03 279656]

S4 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2011-07-06 41272]

.

.

--- Inne Usługi/Sterowniki w Pamięci ---

.

*NewlyCreated* - MBAMPROTECTOR

*NewlyCreated* - MBAMSWISSARMY

.

.

------- Skan uzupełniający -------

.

TCP: DhcpNameServer = 192.168.1.1

FF - ProfilePath - c:\users\Mars\AppData\Roaming\Mozilla\Firefox\Profiles\kq1n0vp7.default\

FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}

.

- - - - USUNIĘTO PUSTE WPISY - - - -

.

URLSearchHooks-{6edc3889-b841-4127-a2bf-c5fc48f972c7} - (no file)

WebBrowser-{6EDC3889-B841-4127-A2BF-C5FC48F972C7} - (no file)

.

.

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\GarenaPEngine]

"ImagePath"="\??\c:\users\Mars\AppData\Local\Temp\VFRF1A0.tmp"

.

--------------------- ZABLOKOWANE KLUCZE REJESTRU ---------------------

.

[HKEY_USERS\S-1-5-21-3421040070-3121554014-4132329155-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="WindowsLiveMail.Email.1"

.

[HKEY_USERS\S-1-5-21-3421040070-3121554014-4132329155-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="WindowsLiveMail.VCard.1"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

Czas ukończenia: 2011-07-28 13:20:27

ComboFix-quarantined-files.txt 2011-07-28 11:20

.

Przed: 10 872 475 648 bajtów wolnych

Po: 10 849 923 072 bajtów wolnych

.

- - End Of File - - BF55B5FA43B4FEE1CC2C9D97672533DA