Gry sie minimalizuja do paska zadań

Wszystko co dotyczy bezpieczeństwa systemów oraz walki z malware, w szczególności analiza logów
Kuba1029

Użytkownik
Posty: 2
Rejestracja: 30 gru 2009, 20:47

Gry sie minimalizuja do paska zadań

Post30 gru 2009, 20:50

Witam ,moj problem polega na minimalizacji sie gier do paska zadań po ok. 5-10 minutach grania.
Reinstalowalem juz sterowniki i directa. Nie wiem co moze byc przyczyna, choc podejrzewam ze to jest cos w stylu wirusa.
Prosze o pomoc i pozdrawiam.

Log z OTL Dostępne tylko dla zarejestrowanych użytkowników
Nie wiem czemu ale po zainstalowaniu HijackThis klikajac na ikonke nic sie nie otwiera.
Na górę
Awatar użytkownika
djarta

Globalny Moderator
Posty: 5854
Rejestracja: 26 gru 2008, 17:15
Lokalizacja: Białystok
Kontaktowanie:
Skontaktuj się z djarta

Gry sie minimalizuja do paska zadań

Post31 gru 2009, 22:55

DRV - [2009-12-12 15:39:16 | 00,000,000 | ---- | M] () [Kernel | System | Stopped] -- C:\WINDOWS\System32\drivers\8356be73.sys -- (8356be73)
DRV - [2009-09-04 22:44:55 | 00,093,436 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\6eb5b1b.sys -- (6eb5b1b)
DRV - [2009-09-04 22:44:55 | 00,093,308 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\84b8b8be.sys -- (84b8b8be)
DRV - [2009-08-18 10:57:04 | 00,000,000 | ---- | M] () [Kernel | System | Stopped] -- C:\WINDOWS\System32\drivers\c5457a9d.sys -- (c5457a9d)
DRV - [2009-04-16 20:22:03 | 00,000,000 | ---- | M] () [Kernel | System | Stopped] -- C:\WINDOWS\System32\drivers\c1e5e763.sys -- (c1e5e763)

5 Rootkitów, ciekawe czy OTL z nimi sobie poradzi... :D

Uruchom OTL i w oknie Custom Scans/Fixes wklej to:
:OTL
O32 - AutoRun File - [2008-07-02 17:20:15 | 00,000,000 | ---D | M] - E:\Automap -- [ NTFS ]
O33 - MountPoints2\{0395c272-9960-11de-9501-4d6564696130}\Shell - "" = AutoRun
O33 - MountPoints2\{0395c272-9960-11de-9501-4d6564696130}\Shell\autorun\command - "" = H:\nba2k9setup.exe -- File not found
O27 - HKLM IFEO\a2service.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\ArcaCheck.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\arcavir.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\ashDisp.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\ashEnhcd.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\ashServ.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\ashUpd.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\aswUpdSv.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\autoruns.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\avadmin.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\avcenter.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\avcls.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\avconfig.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\avconsol.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\avgnt.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\avgrssvc.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\avguard.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\AvMonitor.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\avp.com: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\avp.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\AVP32.EXE: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\avscan.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\avz.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\avz_se.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\avz4.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\bdagent.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\bdinit.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\caav.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\caavguiscan.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\casecuritycenter.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\CCenter.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\ccupdate.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\cfp.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\cfpupdat.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\cmdagent.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\drwadins.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\DRWEB32.EXE: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\drwebupw.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\ekrn.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\FAMEH32.EXE: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\filemon.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\FPAVServer.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\fpscan.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\FPWin.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\fsav32.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\fsgk32st.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\FSMA32.EXE: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\GFRing3.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\guardgui.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\guardxservice.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\guardxup.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\HijackThis.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\KASMain.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\KASTask.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\KAV32.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\KAVDX.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\KAVPF.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\KAVPFW.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\KAVStart.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\KPFW32.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\KPFW32X.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\Navapsvc.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\Navapw32.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\navigator.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\NAVNT.EXE: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\NAVSTUB.EXE: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\NAVW32.EXE: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\NAVWNT.EXE: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\niu.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\nod32.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\nod32krn.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\Nvcc.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\OllyDBG.EXE: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\outpost.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\preupd.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\procexp.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\pskdr.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\regedit.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\regmon.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\RegTool.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\scan32.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\SfFnUp.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\Vba32arkit.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\vba32ldr.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\vsserv.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\Zanda.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\zapro.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\Zlh.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\zonealarm.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\zoneband.dll: Debugger - ntsd -d (Microsoft Corporation)
O20 - Winlogon\Notify\atiextevent: DllName - Reg Error: Value error. - Reg Error: Value error. File not found
O20 - Winlogon\Notify\logoninit: DllName - logonInit.dll - C:\Program Files\Common Files\logonInit.dll ()
O16 - DPF: {31435657-9980-0010-8000-00AA00389B71} Dostępne tylko dla zarejestrowanych użytkowników (Reg Error: Key error.)
O4 - Startup: C:\Documents and Settings\user\Menu Start\Programy\Autostart\ikowin32.exe (Qjvofoa Bocbyxyzmon)
O4 - HKCU..\Run: [97895633859877803540983382788753] C:\Program Files\Antivirus 2009\av2009.exe File not found
O4 - HKLM..\Run: [services] C:\WINDOWS\services.exe File not found
O4 - HKLM..\Run: [sXe Injected] E:\gry\cstrike\sXe Injected\sXe Injected.exe File not found
O4 - HKLM..\Run: [nwiz] File not found
O4 - HKLM..\Run: [NPSStartup] File not found
O4 - HKLM..\Run: [Internet Connection Wizard Setup Tool] C:\Program Files\Internet Explorer\Connection Wizard\icwsetup.exe ()
O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com)
O2 - BHO: (Ask Toolbar) - {d4027c7f-154a-4066-a1ad-4243d8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com)
DRV - [2009-12-12 15:39:16 | 00,000,000 | ---- | M] () [Kernel | System | Stopped] -- C:\WINDOWS\System32\drivers\8356be73.sys -- (8356be73)
DRV - [2009-09-04 22:44:55 | 00,093,436 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\6eb5b1b.sys -- (6eb5b1b)
DRV - [2009-09-04 22:44:55 | 00,093,308 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\84b8b8be.sys -- (84b8b8be)
DRV - [2009-08-18 10:57:04 | 00,000,000 | ---- | M] () [Kernel | System | Stopped] -- C:\WINDOWS\System32\drivers\c5457a9d.sys -- (c5457a9d)
DRV - [2009-04-16 20:22:03 | 00,000,000 | ---- | M] () [Kernel | System | Stopped] -- C:\WINDOWS\System32\drivers\c1e5e763.sys -- (c1e5e763)

:Files
C:\Program Files\uik.dat
C:\Program Files\is.dat
C:\Program Files\Ask.com
C:\Program Files\Antivirus 2009
C:\WINDOWS\services.exe
C:\WINDOWS\System32\drivers\8356be73.sys
C:\WINDOWS\System32\drivers\6eb5b1b.sys
C:\WINDOWS\System32\drivers\84b8b8be.sys
C:\WINDOWS\System32\drivers\c5457a9d.sys
C:\WINDOWS\System32\drivers\c1e5e763.sys

:Services
8356be73
6eb5b1b
84b8b8be
c5457a9d
c1e5e763

:Reg
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced]
"SuperHidden"=dword:00000001
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced]
"Hidden"=dword:00000001
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced]
"ShowSuperHidden"=dword:00000001
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL]
"CheckedValue"=dword:00000001

:Commands
[emptytemp]
[resethosts]
[Reboot]

Kliknij w Run Fix. Zatwierdź restart komputera.

Następnie uruchom OTL ponownie, tym razem wywołaj opcję Run Scan.
Pokaż nowy log OTL.txt oraz log z czyszczenia.


.
Na górę
Kuba1029

Użytkownik
Posty: 2
Rejestracja: 30 gru 2009, 20:47

Gry sie minimalizuja do paska zadań

Post01 sty 2010, 12:51

Log z oczyszczenia : Dostępne tylko dla zarejestrowanych użytkowników
Nowy log : Dostępne tylko dla zarejestrowanych użytkowników
Na górę
Awatar użytkownika
djarta

Globalny Moderator
Posty: 5854
Rejestracja: 26 gru 2008, 17:15
Lokalizacja: Białystok
Kontaktowanie:
Skontaktuj się z djarta

Gry sie minimalizuja do paska zadań

Post01 sty 2010, 15:26

Daj log z ComboFixa.
Na górę

  • Reklama

Wróć do „Bezpieczeństwo”



Kto jest online

Użytkownicy przeglądający to forum: Obecnie na forum nie ma żadnego zarejestrowanego użytkownika i 5 gości