Problem z minimalizacją gier ?!

Dla specjalistów Bezpieczeństwo
#1

Witam mam problem gdyż gdy wchodzę w byle jaką grę ona odrazu minimalizuję się na pasek i jak probuje zpowrotem to znów się minimaizuje, i tak w kółko. Prose o Pomoc

Zrobiłem logi ComboFIX i HijackThis może znajdziecie jakieś błedy.

ComboFIX:

ComboFix 08-07-02.5 - Mario 2008-07-03 15:14:18.1 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.2.1250.1.1045.18.198 [GMT 2:00]

Running from: C:\Documents and Settings\Mario\Pulpit\ComboFix.exe

 * Created a new restore point


[color=red][b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED [/b][/color]

.


((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.


C:\Documents and Settings\Marek\Dane aplikacji\inst.exe

C:\Documents and Settings\Mario\Dane aplikacji\addon.dat

C:\Documents and Settings\Mario\Menu Start\XP Antivirus 2008

C:\Documents and Settings\Mario\Menu Start\XP Antivirus 2008\Uninstall XP Antivirus 2008.lnk

C:\Documents and Settings\Mario\Menu Start\XP Antivirus 2008\XP Antivirus 2008.lnk

C:\Program Files\myglobalsearch

C:\Program Files\myglobalsearch\bar\2.bin\M9FFXTBR.JAR

C:\Program Files\myglobalsearch\bar\2.bin\M9FFXTBR.MANIFEST

C:\Program Files\myglobalsearch\bar\2.bin\M9NTSTBR.JAR

C:\Program Files\myglobalsearch\bar\2.bin\M9NTSTBR.MANIFEST

C:\Program Files\myglobalsearch\bar\2.bin\M9PLUGIN.DLL

C:\Program Files\myglobalsearch\bar\2.bin\MGSBAR.DLL

C:\Program Files\myglobalsearch\bar\2.bin\NPMYGLSH.DLL

C:\Program Files\myglobalsearch\bar\Cache\[u]0[/u]00B21EA

C:\Program Files\myglobalsearch\bar\Cache\[u]0[/u]00B2564

C:\Program Files\myglobalsearch\bar\Cache\[u]0[/u]00B268D.bin

C:\Program Files\myglobalsearch\bar\Cache\[u]0[/u]00B28FE.bin

C:\Program Files\myglobalsearch\bar\Cache\[u]0[/u]00B2A94.bin

C:\Program Files\myglobalsearch\bar\Cache\files.ini

C:\Program Files\myglobalsearch\bar\History\search

C:\Program Files\myglobalsearch\bar\Settings\prevcfg.htm

C:\Program Files\PlayMP3z

C:\Program Files\PlayMP3z\uninstall.exe

C:\Program Files\XP Antivirus

C:\setup.exe

C:\WINDOWS\system.exe

C:\WINDOWS\system32\28463

C:\WINDOWS\system32\28463\AKV.exe

C:\WINDOWS\system32\28463\CQIV.001

C:\WINDOWS\system32\28463\CQIV.002

C:\WINDOWS\system32\28463\CQIV.006

C:\WINDOWS\system32\28463\CQIV.007

C:\WINDOWS\system32\h@tkeysh@@k.dll

C:\WINDOWS\system32\MSINET.oca

C:\WINDOWS\system32\server.exe

C:\WINDOWS\system32\winnb58.dll


.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.


-------\Legacy_XPROTECTOR

-------\Service_XPROTECTOR



((((((((((((((((((((((((( Files Created from 2008-06-03 to 2008-07-03 )))))))))))))))))))))))))))))))

.


2008-07-03 15:10 . 2008-07-03 15:10

----a-w 1,560,576 2008-03-19 11:22:53 C:\Documents and Settings\Mario\Dane aplikacji\Microsoft\Internet Explorer\Quick Launch\Metin2\HACKI\metin 2 hack\M2 MULTIHACK 1.83 (beta)\M2 MULTIHACK 1.83 (beta) .exe

[/code] ------- Sigcheck ------- 2002-09-20 20:05 601600 4965c02574610e9b2d1e18d63d11a772 C:\WINDOWS$NtServicePackUninstall$\wininet.dll 2004-08-04 01:44 693248 7d46293106e58ca7878509ccc4071f2f C:\WINDOWS\ServicePackFiles\i386\wininet.dll 2004-08-04 01:44 693248 7d46293106e58ca7878509ccc4071f2f C:\WINDOWS\system32\wininet.dll 2004-08-04 01:44 975872 196c130d31317fe53de984220b5e13b9 C:\WINDOWS\explorer.exe 2002-09-20 20:05 1005568 f4af85d918e83d71341fce2aa5318181 C:\WINDOWS$NtServicePackUninstall$\explorer.exe 2004-08-04 01:44 975872 196c130d31317fe53de984220b5e13b9 C:\WINDOWS\ServicePackFiles\i386\explorer.exe . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE~\Browser Helper Objects{25CEE8EC-5730-41bc-8B58-22DDC8AB8C20}] 2007-12-13 18:49 1185120 --a------ C:\Program Files\Winamp Toolbar\winamptb.dll [HKEY_LOCAL_MACHINE~\Browser Helper Objects{87E68009-29A8-D669-F7C2-B31D08635C50}] 2007-12-30 22:48 1019904 --a------ C:\Program Files\ContextAdvisor\ContextAdvisor-2.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] “{EBF2BA02-9094-4c5a-858B-BB198F3D8DE2}”= “C:\Program Files\Winamp Toolbar\winamptb.dll” [2007-12-13 18:49 1185120] [HKEY_CLASSES_ROOT\clsid{ebf2ba02-9094-4c5a-858b-bb198f3d8de2}] [HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand.1] [HKEY_CLASSES_ROOT\TypeLib{538CD77C-BFDD-49b0-9562-77419CAB89D1}] [HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] “{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}”= “C:\Program Files\Winamp Toolbar\winamptb.dll” [2007-12-13 18:49 1185120] [HKEY_CLASSES_ROOT\clsid{ebf2ba02-9094-4c5a-858b-bb198f3d8de2}] [HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand.1] [HKEY_CLASSES_ROOT\TypeLib{538CD77C-BFDD-49b0-9562-77419CAB89D1}] [HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] “CTFMON.EXE”=“C:\WINDOWS\system32\ctfmon.exe” [2004-08-04 01:44 15360] “IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}”=“C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe” [N/A] “Skype”=“C:\Program Files\Skype\Phone\Skype.exe” [2008-02-01 17:22 21898024] “Gadu-Gadu”=“C:\Program Files\Gadu-Gadu\gg.exe” [2007-07-09 09:39 2119104] “Steam”=“D:\Program Files\Steam\Steam.exe” [2008-07-02 22:36 1271032] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] “SBDrvDet”=“C:\Program Files\Creative\SB Drive Det\SBDrvDet.exe” [2002-12-03 18:06 45056] “MediaKey”=“C:\PROGRA~1\MediaKey\MMKeybd.EXE” [2001-09-25 20:33 159744] “USBKBDrv”=“C:\PROGRA~1\MediaKey\KPDrv4XP.EXE” [2001-08-07 23:03 32768] “AVPDWIN”=“C:\Program Files\Panda Software\Panda Demo\pandasft.exe” [N/A] “Onet.pl AutoUpdate”=“C:\Program Files\Common Files\Onet.pl\AutoUpdate.exe” [2006-02-08 15:40 260096] “NBKeyScan”=“C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe” [N/A] “InstantAccess”=“C:\Program Files\ScannerP\TBRIDGE\BIN\InstantAccess.exe” [1998-07-08 08:04 37376] “RegisterDropHandler”=“C:\Program Files\ScannerP\TBRIDGE\BIN\RegisterDropHandler.exe” [1998-07-08 08:20 22528] “ISUSPM”=“C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe” [2006-05-16 11:58 213936] “HPDJ Taskbar Utility”=“C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe” [2001-11-29 22:07 196608] “TkBellExe”=“C:\Program Files\Common Files\Real\Update_OB\realsched.exe” [2008-02-25 23:22 185896] “LogitechVideoRepair”=“C:\Program Files\Logitech\Video\ISStart.exe” [2004-02-12 17:57 188416] “LogitechVideoTray”=“C:\Program Files\Logitech\Video\LogiTray.exe” [2004-02-12 17:59 77824] “NeroFilterCheck”=“C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe” [2007-03-01 16:57 153136] “SunJavaUpdateSched”=“C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe” [2007-09-25 02:11 132496] “DAEMON Tools”=“C:\Program Files\DAEMON Tools\daemon.exe” [2005-11-09 00:00 128920] “ATIPTA”=“C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe” [2004-08-03 21:10 339968] “Metin2”=“C:\Metin2.exe” [N/A] “CTSysVol”=“C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe” [2003-09-17 10:43 57344] “CTDVDDET”=“C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE” [2003-06-18 01:00 45056] “UpdReg”=“C:\WINDOWS\UpdReg.EXE” [2000-05-11 01:00 90112] “CloneDVDElbyDelay”=“C:\Program Files\Elaborate Bytes\CloneDVD\ElbyCheck.exe” [2002-11-02 08:33 45056] “CTHelper”=“CTHELPER.EXE” [2004-03-19 10:33 24576 C:\WINDOWS\system32\CTHELPER.EXE] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices] “RegisterDropHandler”=“C:\Program Files\ScannerP\TBRIDGE\BIN\RegisterDropHandler.exe” [1998-07-08 08:20 22528] [HKEY_USERS.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] “CTFMON.EXE”=“C:\WINDOWS\System32\CTFMON.EXE” [2004-08-04 01:44 15360] C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\ Action Manager 32.lnk - C:\Program Files\ScannerP\AM32.exe [2008-01-30 14:24:18 57344] [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] “{93994DE8-8239-4655-B1D1-5F4E91300429}”= “C:\PROGRA~1\DVDREG~1\DVDShell.dll” [2004-10-09 15:18 49152] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] “VIDC.I420”= i263_32.drv “VIDC.XFR1”= xfcodec.dll “vidc.ffds”= C:\PROGRA~1\COMBIN~1\Filters\ff_vfw.dll “msacm.enc”= ITIG726.acm “vidc.XVID”= xvid.dll “vidc.3ivx”= 3ivxVfWCodec.dll “vidc.3iv2”= 3ivxVfWCodec.dll “msacm.divxa32”= divxa32.acm “VIDC.HFYU”= huffyuv.dll “VIDC.i263”= i263_32.drv “msacm.imc”= imc32.acm “VIDC.VP31”= vp31vfw.dll [HKLM~\services\sharedaccess\parameters\firewallpolicy\standardprofile] “EnableFirewall”= 0 (0x0) [HKLM~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] “%windir%\system32\sessmgr.exe”= “C:\Program Files\Winamp Remote\bin\OrbTray.exe”= “C:\Program Files\Gadu-Gadu\gg.exe”= “C:\Program Files\FreeCall.com\FreeCall\FreeCall.exe”= “C:\Program Files\VoipBuster.com\VoipBuster\VoipBuster.exe”= “C:\WINDOWS\system32\PnkBstrA.exe”= “C:\WINDOWS\system32\PnkBstrB.exe”= “C:\Program Files\uTorrent\uTorrent.exe”= “D:\Program Files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe”= “G:\FreeCall\FreeCall.exe”= “D:\Program Files\Steam\steamapps\common\red orchestra\System\RedOrchestra.exe”= “C:\Program Files\Skype\Phone\Skype.exe”= [HKLM~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] “25891:TCP”= 25891:TCP:BitComet 25891 TCP “25891:UDP”= 25891:UDP:BitComet 25891 UDP “17377:TCP”= 17377:TCP:BitComet 17377 TCP “17377:UDP”= 17377:UDP:BitComet 17377 UDP R0 sfsync03;StarForce Protection Synchronization Driver (version 3.x);C:\WINDOWS\system32\drivers\sfsync03.sys [2005-12-06 17:11] R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-05-16 01:20] R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-05-16 01:16] R2 SCNDRVP;OpticWorks;C:\WINDOWS\system32\drivers\SCNDRVP.sys [2000-07-14 21:41] . ************************************************************************** catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.netRootkit scan 2008-07-03 15:21:43 Windows 5.1.2600 Dodatek Service Pack 2 NTFS scanning hidden processes … scanning hidden autostart entries … scanning hidden files … C:\WINDOWS\TEMP_av_proI.tm~a01776\dld1.tmp scan completed successfully hidden files: 1 ************************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- PROCESS: C:\WINDOWS\system32\winlogon.exe -> C:\WINDOWS\system32\Ati2evxx.dll PROCESS: C:\WINDOWS\explorer.exe -> C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.dll . ------------------------ Other Running Processes ------------------------ . C:\WINDOWS\system32\ati2evxx.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\system32\CTSVCCDA.EXE C:\WINDOWS\system32\PnkBstrA.exe C:\WINDOWS\system32\ati2evxx.exe C:\WINDOWS\system32\MsPMSPSv.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\system32\LVComS.exe C:\Program Files\Hook99\hook99.exe C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe C:\Program Files\Hook99\hk2re.exe . ************************************************************************** . Completion time: 2008-07-03 15:31:56 - machine was rebooted ComboFix-quarantined-files.txt 2008-07-03 13:31:47 Pre-Run: 2,691,649,536 bajtów wolnych Post-Run: 3,988,090,880 bajt˘w wolnych 291[/code] HijackThis:

[code]Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 15:49:06, on 2008-07-03 Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\System32\CTsvcCDA.exe C:\WINDOWS\system32\PnkBstrA.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\MsPMSPSv.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\WINDOWS\system32\wscntfy.exe C:\PROGRA~1\MediaKey\MMKeybd.EXE C:\PROGRA~1\MediaKey\KPDrv4XP.EXE C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE C:\WINDOWS\system32\CTHELPER.EXE C:\WINDOWS\system32\LVComS.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe C:\WINDOWS\explorer.exe C:\Program Files\Hook99\hook99.exe C:\Program Files\Opera\opera.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe C:\WINDOWS\system32\NOTEPAD.EXE R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.bearshare.com/pl/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = socks= R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: Winamp Toolbar BHO - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealOne Player\rpbrowserrecordplugin.dll O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - D:\Program Files\BitComet\tools\BitCometBHO_1.2.1.2.dll O2 - BHO: Idea2 SidebarBrowserMonitor Class - {45AD732C-2CE2-4666-B366-B2214AD57A49} - C:\Program Files\Desktop Sidebar\sbhelp.dll O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O2 - BHO: Expressivo - {85F685C3-20D9-4943-95E4-EB4224056C3F} - C:\Program Files\ivo\Expressivo Demo\IH_iexplore.dll O2 - BHO: ContextAdvisor - {87E68009-29A8-D669-F7C2-B31D08635C50} - C:\Program Files\ContextAdvisor\ContextAdvisor-2.dll O2 - BHO: Catcher Class - {ADECBED6-0366-4377-A739-E69DFBA04663} - C:\Program Files\Moyea\FLV Downloader\MoyeaCth.dll O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll O3 - Toolbar: My Global Search Bar - {37B85A29-692B-4205-9CAD-2626E4993404} - C:\Program Files\MyGlobalSearch\bar\2.bin\MGSBAR.DLL (file missing) O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL O3 - Toolbar: Expressivo - {85F685C3-20D9-4943-95E4-EB4224056C3F} - C:\Program Files\ivo\Expressivo Demo\IH_iexplore.dll O4 - HKLM…\Run: [SBDrvDet] C:\Program Files\Creative\SB Drive Det\SBDrvDet.exe /r O4 - HKLM…\Run: [MediaKey] C:\PROGRA~1\MediaKey\MMKeybd.EXE O4 - HKLM…\Run: [USBKBDrv] C:\PROGRA~1\MediaKey\KPDrv4XP.EXE O4 - HKLM…\Run: [AVPDWIN] “C:\Program Files\Panda Software\Panda Demo\pandasft.exe” O4 - HKLM…\Run: [Onet.pl AutoUpdate] C:\Program Files\Common Files\Onet.pl\AutoUpdate.exe /tsr O4 - HKLM…\Run: [NBKeyScan] “C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe” O4 - HKLM…\Run: [InstantAccess] C:\Program Files\ScannerP\TBRIDGE\BIN\InstantAccess.exe /h O4 - HKLM…\Run: [RegisterDropHandler] C:\Program Files\ScannerP\TBRIDGE\BIN\RegisterDropHandler.exe O4 - HKLM…\Run: [ISUSPM] “C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe” -scheduler O4 - HKLM…\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe O4 - HKLM…\Run: [TkBellExe] “C:\Program Files\Common Files\Real\Update_OB\realsched.exe” -osboot O4 - HKLM…\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe O4 - HKLM…\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe O4 - HKLM…\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe O4 - HKLM…\Run: [SunJavaUpdateSched] “C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe” O4 - HKLM…\Run: [DAEMON Tools] “C:\Program Files\DAEMON Tools\daemon.exe” -lang 1033 O4 - HKLM…\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM…\Run: [Metin2] C:\Metin2.exe O4 - HKLM…\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe /r O4 - HKLM…\Run: [CTDVDDET] C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE O4 - HKLM…\Run: [CTHelper] CTHELPER.EXE O4 - HKLM…\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE O4 - HKLM…\Run: [CloneDVDElbyDelay] “C:\Program Files\Elaborate Bytes\CloneDVD\ElbyCheck.exe” /L ElbyDelay O4 - HKLM…\RunServices: [RegisterDropHandler] C:\Program Files\ScannerP\TBRIDGE\BIN\RegisterDropHandler.exe O4 - HKCU…\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU…\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] “C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe” ASO-616B5711-6DAE-4795-A05F-39A1E5104020 O4 - HKCU…\Run: [Skype] “C:\Program Files\Skype\Phone\Skype.exe” /nosplash /minimized O4 - HKCU…\Run: [Gadu-Gadu] “C:\Program Files\Gadu-Gadu\gg.exe” /tray O4 - HKCU…\Run: [Steam] “D:\Program Files\Steam\Steam.exe” -silent O4 - HKUS\S-1-5-19…\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User ‘USŁUGA LOKALNA’) O4 - HKUS\S-1-5-20…\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User ‘USŁUGA SIECIOWA’) O4 - HKUS\S-1-5-18…\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User ‘SYSTEM’) O4 - HKUS.DEFAULT…\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User ‘Default user’) O4 - Startup: Deer Hunter 2005 Registration.lnk = D:\Program Files\Atari\Deer Hunter 2005\ATR1.EXE O4 - Startup: Hook99startup.lnk = C:\Program Files\Hook99\hk2re.exe O4 - Startup: MagicDisc.lnk = C:\Program Files\MagicDisc\MagicDisc.exe O4 - Startup: RocketDock.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe O4 - Global Startup: Action Manager 32.lnk = C:\Program Files\ScannerP\AM32.exe O9 - Extra button: Trace - {04849C74-016E-4a43-8AA5-1F01DE57F4A1} - C:\Program Files\VisualRoute 2008\vrie.dll O9 - Extra ‘Tools’ menuitem: VisualRoute Trace - {04849C74-016E-4a43-8AA5-1F01DE57F4A1} - C:\Program Files\VisualRoute 2008\vrie.dll O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra ‘Tools’ menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra button: Subscribe in Desktop Sidebar - {09FE188B-6E85-479e-9411-51FB2220DF80} - C:\Program Files\Desktop Sidebar\sbhelp.dll O9 - Extra ‘Tools’ menuitem: Subscribe in Desktop Sidebar - {09FE188B-6E85-479e-9411-51FB2220DF80} - C:\Program Files\Desktop Sidebar\sbhelp.dll O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://D:\Program Files\BitComet\tools\BitCometBHO_1.2.1.2.dll/206 (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra ‘Tools’ menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O15 - Trusted Zone: http://click.getmirar.com (HKLM) O15 - Trusted Zone: http://click.mirarsearch.com (HKLM) O15 - Trusted Zone: http://redirect.mirarsearch.com (HKLM) O15 - Trusted Zone: http://awbeta.net-nucleus.com (HKLM) O16 - DPF: {27527D31-447B-11D5-A46E-0001023B4289} (CoGSManager Class) - http://gamingzone.ubisoft.com/dev/packages/GSManager.cab O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab2.cab O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe – End of file - 10380 bytes

#2

chudy1515, zmień tytuł “Problem ???/” na konkretny, albo temat poleci do śmietnka!

#3

fix w hijackthis

Pobierz ComboFix, ale nie uruchamiaj

Wklej do notatnika:

Folder::

C:\Program Files\ContextAdvisor

Plik -> zapisz jako -> CFScript.txt (najwygodniej będzie, jeśli zapiszesz w takiej lokalizacji, by ikonka CFScript.txt znalazła się obok ikonki ComboFix.exe )

Przeciągnij i upuść ikonkę CFScript.txt na ikonkę ComboFix.exe tak jak tu ->

02f8f1e3c410a4cc.gif

Rozpocznie się usuwanie i powstanie log, daj ten log na forum.

Logi dajesz na http://wklejto.pl a w poście dajesz tylko link

#4

Skopiowalem loga do notatnika zapisałem go tak jak pisałeś CFScript.txt, ale gdy prubuje przeciągoć na ikonke ComboFix przeskakuje mi ciagle niżej jak mam to wszsystko zrobić. :frowning:

#5

Pobierz The Avenger

wklej do niego ten tekst:

Folders to delete:

C:\Program Files\ContextAdvisor

kopiuj to i klikasz na Paste Script from Clipboard wybierasz Execute oraz Potwierdzasz i zgadzasz się na restart klikając OK.

Kasujesz ręcznie z dysku plik: C:\Avenger\backup.zip i wklejasz na forum raport: C:\avenger.txt

Po tym dajesz nowego loga z Combofix

#6

Oto log z avenger:

Logfile of The Avenger Version 2.0, © by Swandog46

http://swandog46.geekstogo.com

Platform: Windows XP

*******************

Script file opened successfully.

Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Rootkit scan active.

No rootkits found!

Folder “C:\Program Files\ContextAdvisor” deleted successfully.

Completed script processing.

*******************

Finished! Terminate.

Log z ComboFix:

ComboFix 08-07-02.5 - Mario 2008-07-04 9:07:14.2 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.2.1250.1.1045.18.213 [GMT 2:00]Running from: C:\Documents and Settings\Mario\Pulpit\ComboFix.exe


[color=red][b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED [/b][/color]

.


((((((((((((((((((((((((( Files Created from 2008-06-04 to 2008-07-04 )))))))))))))))))))))))))))))))

.


2008-07-03 15:10 . 2008-07-03 15:10

----a-w 1,560,576 2008-03-19 11:22:53 C:\Documents and Settings\Mario\Dane aplikacji\Microsoft\Internet Explorer\Quick Launch\Metin2\HACKI\metin 2 hack\M2 MULTIHACK 1.83 (beta)\M2 MULTIHACK 1.83 (beta) .exe

[/code] ------- Sigcheck ------- 2002-09-20 20:05 601600 4965c02574610e9b2d1e18d63d11a772 C:\WINDOWS$NtServicePackUninstall$\wininet.dll 2004-08-04 01:44 693248 7d46293106e58ca7878509ccc4071f2f C:\WINDOWS\ServicePackFiles\i386\wininet.dll 2004-08-04 01:44 693248 7d46293106e58ca7878509ccc4071f2f C:\WINDOWS\system32\wininet.dll 2004-08-04 01:44 975872 196c130d31317fe53de984220b5e13b9 C:\WINDOWS\explorer.exe 2002-09-20 20:05 1005568 f4af85d918e83d71341fce2aa5318181 C:\WINDOWS$NtServicePackUninstall$\explorer.exe 2004-08-04 01:44 975872 196c130d31317fe53de984220b5e13b9 C:\WINDOWS\ServicePackFiles\i386\explorer.exe . ((((((((((((((((((((((((((((( snapshot@2008-07-03_15.31.32.23 ))))))))))))))))))))))))))))))))))))))))) . - 2008-07-03 13:21:03 2,048 --s-a-w C:\WINDOWS\bootstat.dat + 2008-07-04 07:02:04 2,048 --s-a-w C:\WINDOWS\bootstat.dat + 2006-10-18 19:47:22 2,450,944 -c–a-w C:\WINDOWS\system32\dllcache\wmvcore.dll + 2008-07-04 07:02:10 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_5d0.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE~\Browser Helper Objects{25CEE8EC-5730-41bc-8B58-22DDC8AB8C20}] 2007-12-13 18:49 1185120 --a------ C:\Program Files\Winamp Toolbar\winamptb.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] “{EBF2BA02-9094-4c5a-858B-BB198F3D8DE2}”= “C:\Program Files\Winamp Toolbar\winamptb.dll” [2007-12-13 18:49 1185120] [HKEY_CLASSES_ROOT\clsid{ebf2ba02-9094-4c5a-858b-bb198f3d8de2}] [HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand.1] [HKEY_CLASSES_ROOT\TypeLib{538CD77C-BFDD-49b0-9562-77419CAB89D1}] [HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] “{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}”= “C:\Program Files\Winamp Toolbar\winamptb.dll” [2007-12-13 18:49 1185120] [HKEY_CLASSES_ROOT\clsid{ebf2ba02-9094-4c5a-858b-bb198f3d8de2}] [HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand.1] [HKEY_CLASSES_ROOT\TypeLib{538CD77C-BFDD-49b0-9562-77419CAB89D1}] [HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] “CTFMON.EXE”=“C:\WINDOWS\system32\ctfmon.exe” [2004-08-04 01:44 15360] “IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}”=“C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe” [N/A] “Skype”=“C:\Program Files\Skype\Phone\Skype.exe” [2008-02-01 17:22 21898024] “Gadu-Gadu”=“C:\Program Files\Gadu-Gadu\gg.exe” [2007-07-09 09:39 2119104] “Steam”=“D:\Program Files\Steam\Steam.exe” [2008-07-02 22:36 1271032] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] “SBDrvDet”=“C:\Program Files\Creative\SB Drive Det\SBDrvDet.exe” [2002-12-03 18:06 45056] “MediaKey”=“C:\PROGRA~1\MediaKey\MMKeybd.EXE” [2001-09-25 20:33 159744] “USBKBDrv”=“C:\PROGRA~1\MediaKey\KPDrv4XP.EXE” [2001-08-07 23:03 32768] “AVPDWIN”=“C:\Program Files\Panda Software\Panda Demo\pandasft.exe” [N/A] “Onet.pl AutoUpdate”=“C:\Program Files\Common Files\Onet.pl\AutoUpdate.exe” [2006-02-08 15:40 260096] “NBKeyScan”=“C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe” [N/A] “InstantAccess”=“C:\Program Files\ScannerP\TBRIDGE\BIN\InstantAccess.exe” [1998-07-08 08:04 37376] “RegisterDropHandler”=“C:\Program Files\ScannerP\TBRIDGE\BIN\RegisterDropHandler.exe” [1998-07-08 08:20 22528] “ISUSPM”=“C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe” [2006-05-16 11:58 213936] “HPDJ Taskbar Utility”=“C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe” [2001-11-29 22:07 196608] “TkBellExe”=“C:\Program Files\Common Files\Real\Update_OB\realsched.exe” [2008-02-25 23:22 185896] “LogitechVideoRepair”=“C:\Program Files\Logitech\Video\ISStart.exe” [2004-02-12 17:57 188416] “LogitechVideoTray”=“C:\Program Files\Logitech\Video\LogiTray.exe” [2004-02-12 17:59 77824] “NeroFilterCheck”=“C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe” [2007-03-01 16:57 153136] “SunJavaUpdateSched”=“C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe” [2007-09-25 02:11 132496] “DAEMON Tools”=“C:\Program Files\DAEMON Tools\daemon.exe” [2005-11-09 00:00 128920] “ATIPTA”=“C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe” [2004-08-03 21:10 339968] “Metin2”=“C:\Metin2.exe” [N/A] “CTSysVol”=“C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe” [2003-09-17 10:43 57344] “CTDVDDET”=“C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE” [2003-06-18 01:00 45056] “UpdReg”=“C:\WINDOWS\UpdReg.EXE” [2000-05-11 01:00 90112] “CloneDVDElbyDelay”=“C:\Program Files\Elaborate Bytes\CloneDVD\ElbyCheck.exe” [2002-11-02 08:33 45056] “CTHelper”=“CTHELPER.EXE” [2004-03-19 10:33 24576 C:\WINDOWS\system32\CTHELPER.EXE] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices] “RegisterDropHandler”=“C:\Program Files\ScannerP\TBRIDGE\BIN\RegisterDropHandler.exe” [1998-07-08 08:20 22528] [HKEY_USERS.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] “CTFMON.EXE”=“C:\WINDOWS\System32\CTFMON.EXE” [2004-08-04 01:44 15360] C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\ Action Manager 32.lnk - C:\Program Files\ScannerP\AM32.exe [2008-01-30 14:24:18 57344] [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] “{93994DE8-8239-4655-B1D1-5F4E91300429}”= “C:\PROGRA~1\DVDREG~1\DVDShell.dll” [2004-10-09 15:18 49152] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] “VIDC.I420”= i263_32.drv “VIDC.XFR1”= xfcodec.dll “vidc.ffds”= C:\PROGRA~1\COMBIN~1\Filters\ff_vfw.dll “msacm.enc”= ITIG726.acm “vidc.XVID”= xvid.dll “vidc.3ivx”= 3ivxVfWCodec.dll “vidc.3iv2”= 3ivxVfWCodec.dll “msacm.divxa32”= divxa32.acm “VIDC.HFYU”= huffyuv.dll “VIDC.i263”= i263_32.drv “msacm.imc”= imc32.acm “VIDC.VP31”= vp31vfw.dll [HKLM~\services\sharedaccess\parameters\firewallpolicy\standardprofile] “EnableFirewall”= 0 (0x0) [HKLM~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] “%windir%\system32\sessmgr.exe”= “C:\Program Files\Winamp Remote\bin\OrbTray.exe”= “C:\Program Files\Gadu-Gadu\gg.exe”= “C:\Program Files\FreeCall.com\FreeCall\FreeCall.exe”= “C:\Program Files\VoipBuster.com\VoipBuster\VoipBuster.exe”= “C:\WINDOWS\system32\PnkBstrA.exe”= “C:\WINDOWS\system32\PnkBstrB.exe”= “C:\Program Files\uTorrent\uTorrent.exe”= “D:\Program Files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe”= “G:\FreeCall\FreeCall.exe”= “D:\Program Files\Steam\steamapps\common\red orchestra\System\RedOrchestra.exe”= “C:\Program Files\Skype\Phone\Skype.exe”= [HKLM~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] “25891:TCP”= 25891:TCP:BitComet 25891 TCP “25891:UDP”= 25891:UDP:BitComet 25891 UDP “17377:TCP”= 17377:TCP:BitComet 17377 TCP “17377:UDP”= 17377:UDP:BitComet 17377 UDP R0 sfsync03;StarForce Protection Synchronization Driver (version 3.x);C:\WINDOWS\system32\drivers\sfsync03.sys [2005-12-06 17:11] R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-05-16 01:20] R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-05-16 01:16] R2 SCNDRVP;OpticWorks;C:\WINDOWS\system32\drivers\SCNDRVP.sys [2000-07-14 21:41] *Newly Created Service* - CATCHME . - - - - ORPHANS REMOVED - - - - BHO-{87E68009-29A8-D669-F7C2-B31D08635C50} - C:\Program Files\ContextAdvisor\ContextAdvisor-2.dll ************************************************************************** catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.netRootkit scan 2008-07-04 09:10:53 Windows 5.1.2600 Dodatek Service Pack 2 NTFS scanning hidden processes … scanning hidden autostart entries … scanning hidden files … scan completed successfully hidden files: 0 ************************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- PROCESS: C:\WINDOWS\system32\winlogon.exe -> C:\WINDOWS\system32\Ati2evxx.dll . Completion time: 2008-07-04 9:13:07 ComboFix-quarantined-files.txt 2008-07-04 07:12:30 Pre-Run: 3,995,672,576 bajtów wolnych Post-Run: 3,985,661,952 bajtów wolnych 231 [/code]

#7

Log wyglada na czysty

usuń ręcznie folder C: \Qoobox , usuń instalkę Combofix z dysku.

Przeczyść komputer Ccleanerem

Wykonaj optymalizację autostartu

Wyłącz i włącz przywracanie systemu na wszystkich dyskach. Instrukcja

Przeskanuj obszar mojego komputera http://www.kaspersky.pl/virusscanner.html (uruchom przez IE) Daj raport z niego na forum

lub

Dr.WEB CureIt!

#8

Zrobiłem tak jak pisałeś .Raportu stworzyć nie mogłem przeskanowałem kompa programem Dr.Web

#9

A czy Dr web wykrył jakieś wirusy? Jesli tak to zamieść z niego raport na forum

#10

Znalazłem plik to chyba log ze skanowania programem DR.Web. Prosze o Sprawdzenie

http://wklejto.pl/4862

#11

Jest Ok

#12

W jaki sposób ma to rozwiązać moj problem, gry nadal mi sie minimalzują. :expressionless:

#13

To nie wina syfu zrób jeszcze:

Optymalizacja XP: viewtopic.php?t=76580

Optymalizacja autostartu: http://www.bezpieczenstwosystemow.pl/in … opic=116.0

Czyszczenie rejestru:

RegCleaner - http://www.dobreprogramy.pl/index.php?dz=2&t=29&id=177

możesz rejestr przelecieć albo

jv16 PowerTools - http://www.dobreprogramy.pl/index.php?dz=2&t=29&id=509

Opis RegCleaner - http://www.agavk.p9.pl/strony/progra_regcleaner.php

Zobacz - Obsługa jv16 PowerTools

Jak grasz wyłącz gg :slight_smile:

#14

Jednak nic nie pomaga.

W dniu 05.07.2008 , o godzinie 20:01 został dopisany post przez chudy1515

Po jakimś czasie sam doszłem do rozwiązania :lol: Najnowsze sterowniki do karty graficznej i po sprawie wszystko działa.