robert170173

witam wyniki działań AdwCleanerR0.txt AdwCleanerS0.txt Fixlog.txt FRST.txt

Witam Załączam logi mam problem z usunięciem fst_pl_96, otwiera się okno uninstal i brak dalszej reakcji Addition.txt FRST.txt Shortcut.txt Fixlog.txt

Witam. Od pewnego czasu mam problem z Operą .Po starcie systemu sama się otwiera,podczas użytkowania otwierają się niechciane okna. Problem jest też z Chrome(okna reklamowe po każdym prawie kliknieciu) Dodam że komputer jest syna i nie wiem co tam jest nawyrabiane. Avast wykrył mi: Win32:Evo-gen[susp] Win32:Dropper-gen[Drp] Użycie AdwCleaner nic nie pomogło, używany był też chyba FixMyRegistry(nie mam pewności ale jest zainstalowany) log gmer.log: GMER 2.1.19357 - http://www.gmer.net Rootkit scan 2014-06-09 20:20:11 Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 Hitachi_HDS721050CLA362 rev.JP2OA3EA 465,76GB Running: 3ib9vqb9.exe; Driver: C:\Users\bartek\AppData\Local\Temp\kwrdipob.sys ---- Kernel code sections - GMER 2.1 ---- INITKDBG C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 528 fffff800031f4000 26 bytes [00, 00, 10, 02, 4D, 6D, 43, ...] INITKDBG C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 555 fffff800031f401b 18 bytes {JMP 0xfffffffffa800315} ---- User code sections - GMER 2.1 ---- .text C:\Windows\system32\wininit.exe[516] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076d0ef8d 1 byte [62] .text C:\Windows\system32\services.exe[572] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076d0ef8d 1 byte [62] .text C:\Windows\system32\winlogon.exe[668] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076d0ef8d 1 byte [62] .text C:\Windows\system32\atiesrxx.exe[900] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076d0ef8d 1 byte [62] .text C:\Windows\System32\svchost.exe[976] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076d0ef8d 1 byte [62] .text C:\Windows\System32\svchost.exe[1008] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076d0ef8d 1 byte [62] .text C:\Windows\system32\svchost.exe[348] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076d0ef8d 1 byte [62] .text C:\Windows\system32\svchost.exe[1128] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076d0ef8d 1 byte [62] .text C:\Windows\Explorer.EXE[1480] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076d0ef8d 1 byte [62] .text C:\ProgramData\IePluginService\PluginService.exe[1608] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 0000000074e9a2fd 1 byte [62] .text C:\Windows\system32\taskhost.exe[1848] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076d0ef8d 1 byte [62] .text C:\Program Files\AVAST Software\Avast\afwServ.exe[1932] C:\Windows\syswow64\kernel32.dll!SetUnhandledExceptionFilter 0000000074e78791 8 bytes [31, C0, C2, 04, 00, 90, 90, ...] .text C:\Program Files\AVAST Software\Avast\afwServ.exe[1932] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 0000000074e9a2fd 1 byte [62] .text C:\Program Files\AVAST Software\Avast\afwServ.exe[1932] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000074c21465 2 bytes [C2, 74] .text C:\Program Files\AVAST Software\Avast\afwServ.exe[1932] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000074c214bb 2 bytes [C2, 74] .text ... * 2 .text C:\Program Files (x86)\BrowseMark\updateBrowseMark.exe[2240] C:\Windows\syswow64\KERNEL32.dll!GetBinaryTypeW + 112 0000000074e9a2fd 1 byte [62] .text C:\Program Files (x86)\BrowseMark\bin\utilBrowseMark.exe[2644] C:\Windows\syswow64\KERNEL32.dll!GetBinaryTypeW + 112 0000000074e9a2fd 1 byte [62] .text C:\Program Files (x86)\BrowseMark\bin\utilBrowseMark.exe[2644] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 69 0000000074c21465 2 bytes [C2, 74] .text C:\Program Files (x86)\BrowseMark\bin\utilBrowseMark.exe[2644] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 155 0000000074c214bb 2 bytes [C2, 74] .text ... * 2 .text C:\Users\bartek\AppData\Local\fst_pl_96\upfst_pl_96.exe[3504] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 0000000074e9a2fd 1 byte [62] .text C:\Users\bartek\AppData\Local\PriceMeter\pricemeterw.exe[3716] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 0000000074e9a2fd 1 byte [62] .text C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe[3836] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076d0ef8d 1 byte [62] .text C:\Program Files (x86)\fst_pl_96\fst_pl_96.exe[3884] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 0000000074e9a2fd 1 byte [62] .text C:\PROGRA~2\Raptr\raptr.exe[3952] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 0000000074e9a2fd 1 byte [62] .text C:\Program Files (x86)\Bench\BService\bservice.exe[3980] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 0000000074e9a2fd 1 byte [62] .text C:\Program Files (x86)\Bench\Wd\wd.exe[4008] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 0000000074e9a2fd 1 byte [62] .text C:\Program Files (x86)\BrowseMark\bin\BrowseMark.BrowserAdapter.exe[4408] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 0000000074e9a2fd 1 byte [62] .text G:\3ib9vqb9.exe[5996] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 0000000074e9a2fd 1 byte [62] ---- Threads - GMER 2.1 ---- Thread C:\Windows\System32\svchost.exe [5432:3260] 000007fee17f9688 ---- Processes - GMER 2.1 ---- Process C:\Users\bartek\AppData\Local\fst_pl_96\upfst_pl_96.exe (*** suspicious ***) @ C:\Users\bartek\AppData\Local\fst_pl_96\upfst_pl_96.exe [3504](2014-04-19 11:05:21) 00000000009a0000 ---- Files - GMER 2.1 ---- File C:\avast! sandbox 0 bytes File C:\avast! sandbox\S-1-5-21-2126986811-4245351377-3046878550-1001 0 bytes File C:\avast! sandbox\S-1-5-21-2126986811-4245351377-3046878550-1001\r22 0 bytes File C:\avast! sandbox\S-1-5-21-2126986811-4245351377-3046878550-1001\r22\FRST64.exe_{b9246f29-efed-11e3-8e71-90fba633aad6} 0 bytes File C:\avast! sandbox\S-1-5-21-2126986811-4245351377-3046878550-1001\r22\FRST64.exe_{b9246f29-efed-11e3-8e71-90fba633aad6}\C 0 bytes File C:\avast! sandbox\S-1-5-21-2126986811-4245351377-3046878550-1001\r22\FRST64.exe_{b9246f29-efed-11e3-8e71-90fba633aad6}\C\Users 0 bytes File C:\avast! sandbox\S-1-5-21-2126986811-4245351377-3046878550-1001\r22\FRST64.exe_{b9246f29-efed-11e3-8e71-90fba633aad6}\C\Users\bartek 0 bytes File C:\avast! sandbox\S-1-5-21-2126986811-4245351377-3046878550-1001\r22\FRST64.exe_{b9246f29-efed-11e3-8e71-90fba633aad6}\C\Users\bartek\AppData 0 bytes File C:\avast! sandbox\S-1-5-21-2126986811-4245351377-3046878550-1001\r22\FRST64.exe_{b9246f29-efed-11e3-8e71-90fba633aad6}\C\Users\bartek\AppData\Local 0 bytes File C:\avast! sandbox\S-1-5-21-2126986811-4245351377-3046878550-1001\r22\FRST64.exe_{b9246f29-efed-11e3-8e71-90fba633aad6}\C\Users\bartek\AppData\Local\Microsoft 0 bytes File C:\avast! sandbox\S-1-5-21-2126986811-4245351377-3046878550-1001\r22\FRST64.exe_{b9246f29-efed-11e3-8e71-90fba633aad6}\C\Users\bartek\AppData\Local\Microsoft\Windows 0 bytes File C:\avast! sandbox\S-1-5-21-2126986811-4245351377-3046878550-1001\r22\FRST64.exe_{b9246f29-efed-11e3-8e71-90fba633aad6}\C\Users\bartek\AppData\Local\Microsoft\Windows\Temporary Internet Files 0 bytes File C:\avast! sandbox\S-1-5-21-2126986811-4245351377-3046878550-1001\r22\FRST64.exe_{b9246f29-efed-11e3-8e71-90fba633aad6}\C\Users\bartek\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat 128 bytes File C:\avast! sandbox\snx_rhive 262144 bytes File C:\avast! sandbox\snx_rhive.LOG1 9216 bytes File C:\avast! sandbox\snx_rhive.LOG2 0 bytes File C:\avast! sandbox\snx_rhive{b9246f2b-efed-11e3-8e71-90fba633aad6}.TM.blf 65536 bytes File C:\avast! sandbox\snx_rhive{b9246f2b-efed-11e3-8e71-90fba633aad6}.TMContainer00000000000000000001.regtrans-ms 524288 bytes File C:\avast! sandbox\snx_rhive{b9246f2b-efed-11e3-8e71-90fba633aad6}.TMContainer00000000000000000002.regtrans-ms 524288 bytes ---- EOF - GMER 2.1 ---- nie wiem czy dobrze wkleiłem ale miałem problem z dołączeniem Addition.txt Extras.Txt FRST.txt OTL.Txt