Złe działanie gry
Otóż, mój kolega ma problemy podczas gry netsoccer. Jest to gierka powiedzmy online, którą się ściąga na dysk /gdzieś 6mb/ i żeby móc grać, wchodzimy na jakieś serwery treningowe.
Problem w tym, że podczas wejścia na ten serwer, gra zaczyna klatkować, lub jakby powiedzieć inaczej lagować. Dzieję się tak od kilku dni, bo przedtem było dobrze.
Daje tutaj logi z Hijacka oraz Sillenta, ponieważ coś może w nich tkwi.
"Silent Runners.vbs", revision 41, http://www.silentrunners.org/
Operating System: Windows XP SP2
Output limited to non-default values, except where indicated by "{++}"
Startup items buried in registry:
---------------------------------
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
"AutoConnect" = "C:\AutoConnect\AutoConnect.exe" ["http://autoconnect.prv.pl"]
HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
"{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Rozszerzenie CPL kadrowania wyświetlania"
-> {CLSID}\InProcServer32\(Default) = "deskpan.dll" [file not found]
"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "Rozszerzenie ikony HyperTerminalu"
-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\hticons.dll" ["Hilgraeve, Inc."]
"{1CDB2949-8F65-4355-8456-263E7C208A5D}" = "Eksplorator pulpitów"
-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"]
"{1E9B04FB-F9E5-4718-997B-B8DA88302A47}" = "Desktop Explorer Menu"
-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"]
"{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]
"{21569614-B795-46b1-85F4-E737A8DC09AD}" = "Shell Search Band"
-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\browseui.dll" [MS]
"{40950107-FEA6-4d53-A65F-B2DCBA57DD58}" = "Nokia Phone Browser"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Nokia\Nokia PC Suite 6\PhoneBrowser.dll" ["Nokia"]
"{FBFE7864-D495-41f0-B7DC-4BB601CC295E}" = "Contact View"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Nokia\Nokia PC Suite 6\ContactView.dll" [file not found]
"{C0C4375A-5B72-4efe-929D-3B848C3A1E91}" = "Message View"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Nokia\Nokia PC Suite 6\MessageView.dll" [file not found]
"{63AFBDFB-5EF8-4791-AF79-9A3C0DE48974}" = "EditPlus Context Menu Handler"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\EditPlus 2\eppshell.dll" [file not found]
"{DBD8E168-244D-448C-9922-25508950D1DC}" = "Ulead UDF Driver"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Common Files\Ulead Systems\DVD\USIShex.dll" ["Ulead Systems, Inc."]
"{0006F045-0000-0000-C000-000000000046}" = "Microsoft Outlook Custom Icon Handler"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Microsoft Office\Office10\OLKFSTUB.DLL" [MS]
"{42042206-2D85-11D3-8CFF-005004838597}" = "Microsoft Office HTML Icon Handler"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Microsoft Office\Office10\msohev.dll" [MS]
"{472083B0-C522-11CF-8763-00608CC02F24}" = "avast"
-> {CLSID}\InProcServer32\(Default) = "D:\\Avast4\ashShell.dll" ["ALWIL Software"]
HKLM\Software\Classes\*\shellex\ContextMenuHandlers\
avast\(Default) = "{472083B0-C522-11CF-8763-00608CC02F24}"
-> {CLSID}\InProcServer32\(Default) = "D:\\Avast4\ashShell.dll" ["ALWIL Software"]
EditPlus\(Default) = "{63AFBDFB-5EF8-4791-AF79-9A3C0DE48974}"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\EditPlus 2\eppshell.dll" [file not found]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]
HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]
HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\
avast\(Default) = "{472083B0-C522-11CF-8763-00608CC02F24}"
-> {CLSID}\InProcServer32\(Default) = "D:\\Avast4\ashShell.dll" ["ALWIL Software"]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]
Active Desktop and Wallpaper:
-----------------------------
Active Desktop is disabled at this entry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState
HKCU\Control Panel\Desktop\
"Wallpaper" = "C:\Documents and Settings\Michał\Dane aplikacji\Mozilla\Firefox\Tapeta pulpitu.bmp"
Enabled Screen Saver:
---------------------
HKCU\Control Panel\Desktop\
"SCRNSAVE.EXE" = "C:\WINDOWS\system32\logon.scr" [MS]
Winsock2 Service Provider DLLs:
-------------------------------
Namespace Service Providers
HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}
000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]
000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
Transport Service Providers
HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}
0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:
%SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 16
%SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05
Toolbars, Explorer Bars, Extensions:
------------------------------------
Toolbars
HKCU\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\
"{37B85A29-692B-4205-9CAD-2626E4993404}" = "My Global Search Bar" [from CLSID]
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\MyGlobalSearch\bar\3.bin\MGSBAR.DLL" ["My Global Search"]
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\
"{EF99BD32-C1FB-11D2-892F-0090271D4F88}" = "Yahoo! Toolbar" [from CLSID]
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll" [file not found]
Running Services (Display Name, Service Name, Path {Service DLL}):
------------------------------------------------------------------
avast! iAVS4 Control Service, aswUpdSv, ""D:\\Avast4\aswUpdSv.exe"" [null data]
NVIDIA Driver Helper Service, NVSvc, "C:\WINDOWS\system32\nvsvc32.exe" ["NVIDIA Corporation"]
Windows User Mode Driver Framework, UMWdf, "C:\WINDOWS\system32\wdfmgr.exe" [MS]
----------
+ This report excludes default entries except where indicated.
+ To see *everywhere* the script checks and *everything* it finds,
launch it from a command prompt or a shortcut with the -all parameter.
+ To search all directories of local fixed drives for DESKTOP.INI
DLL launch points and all Registry CLSIDs for dormant Explorer Bars,
use the -supp parameter or answer "No" at the first message box.
---------- (total run time: 59 seconds, including 9 seconds for message boxes)
Logfile of HijackThis v1.99.1
Scan saved at 12:57:17, on 2007-01-28
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
D:\Avast4\aswUpdSv.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\AutoConnect\AutoConnect.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wuauclt.exe
E:\Netsoccer\netsoccer.exe
C:\Program Files\Gadu-Gadu\gg.exe
C:\Program Files\Winamp\winamp.exe
D:\MOZILL~1\FIREFOX.EXE
D:\PRZYDATNE\Do windy\HijackThis.exe
O4 - HKCU\..\Run: [AutoConnect] C:\AutoConnect\AutoConnect.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{C10E6E55-6560-43E4-9C80-DC1AE2A65179}: NameServer = 194.204.152.34 217.98.63.164
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - D:\\Avast4\aswUpdSv.exe
O23 - Service: cFosSpeed System Service (cFosSpeedS) - Unknown owner - D:\cfosspeed\spd.exe" -service (file missing)
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Unknown owner - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe (file missing)
Odpowiedzi: 1
Nic innego szkodliwego tu nie ma. To oczywiście wcale nie znaczy, że nie masz takich szkodników, których nie widać w Hijacku i Sillencie.
Mogą być np. Rootkity. Jeśli chcesz, to możesz ściągnąć stąd: GMERa.
Uruchom go >>gmer.exe>>Rootkit>>Szukaj>>Kopiuj>>CTRL+V do Notatnika. Ten log zapisz sobie gdzieś. Potem poszukaj, czy w którymś wierszu nie będzie napisu "<Rootkit", lub "<hidden", lub "< **** >". Jeśli będzie, to wklej ten wiersz tu do postu.
Możesz też ściągnąć stąd: ComboFix.
Uruchom go >>ComboFix.exe>>gdy pojawi się pytanie: „Y” or „N”, to wklepujesz literkę Y + ENTER>>czekasz, aż zniknie Combo, a pojawi się Notatnik. Jeśli Notatnik nie pojawi się na ekranie, to znajdź go w C:\ComboFix.txt.
Z tego Raportu wklej tu cztery jego części:
1) Other Deletions - (całe)
2) Files Created from - tylko 5 górnych pozycji
3) Find3M Report - tylko te, które są z tego miesiąca, a jeśli jest ich dużo, to wklej tylko 10 górnych pozycji
4) ADS - jeśli będzie (to prawie na samym dole logu).
Powodzenia!
