lasttime13 utworzono 21 sierpnia 2014 utworzono 21 sierpnia 2014 Witam:) nie wiem czy w dobrym dziale pisze, ale od jakiegoś tygodnia mam bardzo irytujący problem, a mianowicie podczas korzystania z przeglądarki(w sumie również nawet gdy jest ona wyłączona), pojawiają się co chwile nowe karty z reklamami i nie da się w normalny sposób korzystać z komputera... zainstalowałem adblocka, lecz to nic nie dało... Możecie w jakiś sposób mi doradzić co powinienem zrobić? Z góry wielkie, pozdrawiam!:)
Youki komentarz 21 sierpnia 2014 komentarz 21 sierpnia 2014 http://www.forumpc.pl/topic/277786-nieingerencyjne-narzędzia-do-tworzenia-logów-systemowych/ OTL i GMER
lasttime13 komentarz 21 sierpnia 2014 Autor komentarz 21 sierpnia 2014 GMER 2.1.19357 - http://www.gmer.net Rootkit scan 2014-08-21 13:15:48 Windows 6.1.7600 x64 Running: mf4w6128.exe; Driver: E:\Users\kwl\AppData\Local\Temp\pwrdqaow.sys ---- User code sections - GMER 2.1 ---- .text E:\ProgramData\IePluginServices\PluginService.exe[1304] E:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076591465 2 bytes [59, 76] .text E:\ProgramData\IePluginServices\PluginService.exe[1304] E:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000765914bb 2 bytes [59, 76] .text ... * 2 .text E:\Program Files (x86)\PANDORA.TV\PanService\PandoraService.exe[2960] E:\Program Files (x86)\PANDORA.TV\PanService\avformat-53.dll!ff_http_auth_create_response + 294 000000006ab32076 4 bytes [24, D9, B9, 68] .text E:\Program Files (x86)\PANDORA.TV\PanService\PandoraService.exe[2960] E:\Program Files (x86)\PANDORA.TV\PanService\avformat-53.dll!ff_mp4_read_dec_config_descr + 435 000000006ab37283 4 bytes [74, 4C, 09, 66] .text E:\Program Files (x86)\PANDORA.TV\PanService\PandoraService.exe[2960] E:\Program Files (x86)\PANDORA.TV\PanService\avformat-53.dll!ff_nut_add_sp + 70 000000006ab751a6 4 bytes [20, EF, B9, 68] .text E:\Windows\SysWOW64\PnkBstrA.exe[3052] E:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 322 0000000070791a22 2 bytes [79, 70] .text E:\Windows\SysWOW64\PnkBstrA.exe[3052] E:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 496 0000000070791ad0 2 bytes [79, 70] .text E:\Windows\SysWOW64\PnkBstrA.exe[3052] E:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 552 0000000070791b08 2 bytes [79, 70] .text E:\Windows\SysWOW64\PnkBstrA.exe[3052] E:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 730 0000000070791bba 2 bytes [79, 70] .text E:\Windows\SysWOW64\PnkBstrA.exe[3052] E:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 762 0000000070791bda 2 bytes [79, 70] ? E:\Windows\system32\iertutil.dll [3048] entry point in ".rdata" section 0000000074ba5251 .text E:\Users\kwl\AppData\Local\fst_pl_144\upfst_pl_144.exe[4472] E:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076591465 2 bytes [59, 76] .text E:\Users\kwl\AppData\Local\fst_pl_144\upfst_pl_144.exe[4472] E:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000765914bb 2 bytes [59, 76] .text ... * 2 .text E:\Users\kwl\AppData\Local\Akamai\netsession_win.exe[4528] E:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076591465 2 bytes [59, 76] .text E:\Users\kwl\AppData\Local\Akamai\netsession_win.exe[4528] E:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000765914bb 2 bytes [59, 76] .text ... * 2 .text E:\Users\kwl\AppData\Local\Akamai\netsession_win.exe[4696] E:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076591465 2 bytes [59, 76] .text E:\Users\kwl\AppData\Local\Akamai\netsession_win.exe[4696] E:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000765914bb 2 bytes [59, 76] .text ... * 2 .text E:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe[4808] E:\Windows\syswow64\Psapi.dll!GetModuleInformation + 69 0000000076591465 2 bytes [59, 76] .text E:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe[4808] E:\Windows\syswow64\Psapi.dll!GetModuleInformation + 155 00000000765914bb 2 bytes [59, 76] .text ... * 2 .text E:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[1968] E:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076591465 2 bytes [59, 76] .text E:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[1968] E:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000765914bb 2 bytes [59, 76] .text ... * 2 .text E:\Program Files (x86)\PokerStars.EU\PokerStars.exe[5876] E:\Windows\SysWOW64\ntdll.dll!DbgBreakPoint 000000007736000c 1 byte [C3] .text E:\Program Files (x86)\PokerStars.EU\PokerStars.exe[5876] E:\Windows\SysWOW64\ntdll.dll!DbgUiRemoteBreakin 00000000773ef962 5 bytes JMP 000000017739d579 .text E:\Program Files (x86)\PokerStars.EU\PokerStars.exe[5876] E:\Windows\syswow64\psapi.dll!GetModuleInformation + 69 0000000076591465 2 bytes [59, 76] .text E:\Program Files (x86)\PokerStars.EU\PokerStars.exe[5876] E:\Windows\syswow64\psapi.dll!GetModuleInformation + 155 00000000765914bb 2 bytes [59, 76] .text ... * 2 .text E:\Program Files (x86)\Holdem Manager 2\HudFuncsApp.exe[6256] E:\Windows\syswow64\kernel32.dll!LoadLibraryExW 0000000075f11e2c 6 bytes JMP 5f080f5a .text E:\Program Files (x86)\Holdem Manager 2\HudFuncsApp.exe[6256] E:\Windows\syswow64\USER32.dll!GetClientRect 00000000750a08e5 6 bytes JMP 5f120f5a .text E:\Program Files (x86)\Holdem Manager 2\HudFuncsApp.exe[6256] E:\Windows\syswow64\USER32.dll!DrawTextW 00000000750a2300 6 bytes JMP 5f180f5a .text E:\Program Files (x86)\Holdem Manager 2\HudFuncsApp.exe[6256] E:\Windows\syswow64\USER32.dll!GetScrollInfo 00000000750a452a 6 bytes JMP 5f0f0f5a .text E:\Program Files (x86)\Holdem Manager 2\HudFuncsApp.exe[6256] E:\Windows\syswow64\GDI32.dll!CreateCompatibleDC 00000000769c54f4 6 bytes JMP 5f1b0f5a .text E:\Program Files (x86)\Holdem Manager 2\HudFuncsApp.exe[6256] E:\Windows\syswow64\GDI32.dll!DeleteDC 00000000769c5876 6 bytes JMP 5f1e0f5a .text E:\Program Files (x86)\Holdem Manager 2\HudFuncsApp.exe[6256] E:\Windows\syswow64\GDI32.dll!ExtTextOutW 00000000769c834a 6 bytes JMP 5f150f5a .text E:\Program Files (x86)\Holdem Manager 2\HudFuncsApp.exe[6256] E:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076591465 2 bytes [59, 76] .text E:\Program Files (x86)\Holdem Manager 2\HudFuncsApp.exe[6256] E:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000765914bb 2 bytes [59, 76] .text ... * 2 .text E:\Program Files (x86)\Holdem Manager 2\ThirtyTwoBitIPC.exe[6652] E:\Windows\SysWOW64\ntdll.dll!DbgBreakPoint 000000007736000c 1 byte [C3] .text E:\Program Files (x86)\Holdem Manager 2\ThirtyTwoBitIPC.exe[6652] E:\Windows\SysWOW64\ntdll.dll!DbgUiRemoteBreakin 00000000773ef962 5 bytes JMP 000000017739d579 .text E:\Program Files (x86)\Holdem Manager 2\ThirtyTwoBitIPC.exe[6652] E:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076591465 2 bytes [59, 76] .text E:\Program Files (x86)\Holdem Manager 2\ThirtyTwoBitIPC.exe[6652] E:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000765914bb 2 bytes [59, 76] .text ... * 2 .text F:\Programy\Winamp\winamp.exe[676] E:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076591465 2 bytes [59, 76] .text F:\Programy\Winamp\winamp.exe[676] E:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000765914bb 2 bytes [59, 76] .text ... * 2 .text E:\Users\kwl\Downloads\OTL.exe[6020] E:\Windows\syswow64\PSAPI.dll!GetModuleInformation + 69 0000000076591465 2 bytes [59, 76] .text E:\Users\kwl\Downloads\OTL.exe[6020] E:\Windows\syswow64\PSAPI.dll!GetModuleInformation + 155 00000000765914bb 2 bytes [59, 76] .text ... * 2 ---- Threads - GMER 2.1 ---- Thread E:\Users\kwl\AppData\Roaming\Dealply\UPDATE~1\UPDATE~1.EXE [208:6196] 000000000043a860 ---- Processes - GMER 2.1 ---- Process E:\Users\kwl\AppData\Roaming\VOPackage\VOsrv.exe (*** suspicious ***) @ E:\Users\kwl\AppData\Roaming\VOPackage\VOsrv.exe [2464](2014- 0000000000810000 Library E:\ProgramData\GG\ggdrive\ggdrive-overlay.dll (*** suspicious ***) @ E:\Windows\Explorer.EXE [4356] (GG drive overlay/GG Network S.A.)(2013-01-06 12:22:31) 000000005c080000 Process E:\Users\kwl\AppData\Local\fst_pl_144\upfst_pl_144.exe (*** suspicious ***) @ E:\Users\kwl\AppData\Local\fst_pl_144\upfst_pl_144.exe [4472](2014-06-26 18:41:58) 0000000000270000 Process E:\Users\kwl\AppData\Roaming\DSite\UPDATE~1\UPDATE~1.EXE (*** suspicious ***) @ E:\Users\kwl\AppData\Roaming\DSite\UPDATE~1\UPDATE~1.EXE [7836](2013-05-14 09:17:01) 0000000000400000 ---- EOF - GMER 2.1 ---- Robiąc skan OTL po zakończeniu nie wyświetlają mi się żadne pliki....
pawel315 komentarz 22 sierpnia 2014 komentarz 22 sierpnia 2014 Otl tworzy dwa pliki tekstowe, w miejscu w którym był uruchamiany
Wciąż szukasz rozwiązania problemu? Napisz teraz na forum!
Możesz zadać pytanie bez konieczności rejestracji - wystarczy, że wypełnisz formularz.