Przycinanie filmików na youtubie, ciągłe reklamy, spadek fps

**Posty:** 503 · przez **Lucky17** 02 Sty 2014, 22:21

Witam,
Problemy takie jak w temacie.

Kod: Zaznacz wszystko: GMER 2.1.19163 - http://www.gmer.net Rootkit scan 2014-01-02 21:19:55 Windows 6.1.7600 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 ST3160811AS rev.3.AAE 149,05GB Running: 7r2d7592.exe; Driver: H:\Users\Lucky\AppData\Local\Temp\awrdqkow.sys ---- Kernel code sections - GMER 2.1 ---- .text H:\Windows\system32\DRIVERS\USBPORT.SYS!DllUnload fffff88009428ca8 12 bytes {MOV RAX, 0xfffffa8004f432a0; JMP RAX} ---- User code sections - GMER 2.1 ---- .text H:\Windows\SysWOW64\PnkBstrA.exe[2032] H:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 322 000000006c1d1a22 2 bytes [1D, 6C] .text H:\Windows\SysWOW64\PnkBstrA.exe[2032] H:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 496 000000006c1d1ad0 2 bytes [1D, 6C] .text H:\Windows\SysWOW64\PnkBstrA.exe[2032] H:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 552 000000006c1d1b08 2 bytes [1D, 6C] .text H:\Windows\SysWOW64\PnkBstrA.exe[2032] H:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 730 000000006c1d1bba 2 bytes [1D, 6C] .text H:\Windows\SysWOW64\PnkBstrA.exe[2032] H:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 762 000000006c1d1bda 2 bytes [1D, 6C] ---- Kernel IAT/EAT - GMER 2.1 ---- IAT H:\Windows\system32\DRIVERS\atapi.sys[ataport.SYS!AtaPortReadPortBufferUshort] [fffff88001047f1c] \SystemRoot\System32\Drivers\sptd.sys [.text] IAT H:\Windows\system32\DRIVERS\atapi.sys[ataport.SYS!AtaPortReadPortUchar] [fffff88001047cc0] \SystemRoot\System32\Drivers\sptd.sys [.text] IAT H:\Windows\system32\DRIVERS\atapi.sys[ataport.SYS!AtaPortWritePortUchar] [fffff8800104869c] \SystemRoot\System32\Drivers\sptd.sys [.text] IAT H:\Windows\system32\DRIVERS\atapi.sys[ataport.SYS!AtaPortWritePortUlong] [fffff88001048a98] \SystemRoot\System32\Drivers\sptd.sys [.text] IAT H:\Windows\system32\DRIVERS\atapi.sys[ataport.SYS!AtaPortWritePortBufferUshort] [fffff880010488f4] \SystemRoot\System32\Drivers\sptd.sys [.text] ---- Devices - GMER 2.1 ---- Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-0 fffffa80039aa2c0 Device \Driver\atapi \Device\Ide\IdePort0 fffffa80039aa2c0 Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-2 fffffa80039aa2c0 Device \Driver\atapi \Device\Ide\IdePort1 fffffa80039aa2c0 Device \Driver\atapi \Device\Ide\IdePort2 fffffa80039aa2c0 Device \Driver\atapi \Device\Ide\IdePort3 fffffa80039aa2c0 Device \FileSystem\Ntfs \Ntfs fffffa80039ae2c0 Device \Driver\usbehci \Device\USBPDO-5 fffffa8004f572c0 Device \Driver\usbohci \Device\USBFDO-3 fffffa8004f452c0 Device \Driver\usbohci \Device\USBPDO-1 fffffa8004f452c0 Device \Driver\NetBT \Device\NetBT_Tcpip_{64D53BA8-77B1-409D-9EA2-A6E5FA5D62BD} fffffa8004bca2c0 Device \Driver\usbohci \Device\USBPDO-6 fffffa8004f452c0 Device \Driver\usbohci \Device\USBFDO-4 fffffa8004f452c0 Device \Driver\usbohci \Device\USBFDO-0 fffffa8004f452c0 Device \Driver\usbehci \Device\USBPDO-2 fffffa8004f572c0 Device \Driver\usbehci \Device\USBFDO-5 fffffa8004f572c0 Device \Driver\usbohci \Device\USBPDO-3 fffffa8004f452c0 Device \Driver\usbohci \Device\USBFDO-1 fffffa8004f452c0 Device \Driver\NetBT \Device\NetBt_Wins_Export fffffa8004bca2c0 Device \Driver\NetBT \Device\NetBT_Tcpip_{31DA0AED-EDD1-4D6C-8FB3-0E2B9979F9BB} fffffa8004bca2c0 Device \Driver\usbohci \Device\USBFDO-6 fffffa8004f452c0 Device \Driver\usbohci \Device\USBPDO-4 fffffa8004f452c0 Device \Driver\usbehci \Device\USBFDO-2 fffffa8004f572c0 Device \Driver\atapi \Device\ScsiPort0 fffffa80039aa2c0 Device \Driver\usbohci \Device\USBPDO-0 fffffa8004f452c0 Device \Driver\atapi \Device\ScsiPort1 fffffa80039aa2c0 Device \Driver\NetBT \Device\NetBT_Tcpip_{9882C034-ADA2-4489-AD7C-D547A200C4FA} fffffa8004bca2c0 Device \Driver\atapi \Device\ScsiPort2 fffffa80039aa2c0 Device \Driver\atapi \Device\ScsiPort3 fffffa80039aa2c0 ---- Trace I/O - GMER 2.1 ---- Trace ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys >>UNKNOWN [0xfffffa80039aa2c0]<< sptd.sys ataport.SYS pciide.sys fffffa80039aa2c0 Trace 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004a4b060] fffffa8004a4b060 Trace 3 CLASSPNP.SYS[fffff880013c843f] -> nt!IofCallDriver -> [0xfffffa8004420520] fffffa8004420520 Trace 5 ACPI.sys[fffff88001197781] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa8004414060] fffffa8004414060 Trace \Driver\atapi[0xfffffa80043ffe70] -> IRP_MJ_CREATE -> 0xfffffa80039aa2c0 fffffa80039aa2c0 ---- Threads - GMER 2.1 ---- Thread H:\Windows\System32\svchost.exe [940:1060] 000007fefb09331c Thread H:\Windows\System32\svchost.exe [940:2828] 000007fef84c20c0 Thread H:\Windows\System32\svchost.exe [940:2840] 000007fef84c26a8 Thread H:\Windows\System32\svchost.exe [940:2856] 000007fef84c29dc Thread H:\Windows\System32\svchost.exe [940:1880] 000007fef7f77750 Thread H:\Windows\System32\svchost.exe [940:4332] 000007fef8cc88f8 Thread H:\Windows\system32\svchost.exe [976:2484] 000007fef789506c Thread H:\Windows\system32\svchost.exe [976:2480] 000007fef85c1c20 Thread H:\Windows\system32\svchost.exe [976:2488] 000007fef85c1c20 Thread H:\Windows\system32\svchost.exe [976:3620] 000007fefc094164 Thread H:\Windows\system32\svchost.exe [976:2844] 000007feeeeb1ab0 Thread H:\Windows\system32\svchost.exe [484:2168] 000007feeb48d3c8 Thread H:\Windows\system32\svchost.exe [484:3832] 000007feeb48d3c8 Thread H:\Windows\system32\svchost.exe [484:3272] 000007feeb48d3c8 Thread H:\Windows\system32\svchost.exe [484:2140] 000007feeb48d3c8 Thread H:\Windows\system32\svchost.exe [484:4132] 000007feeb3dc2d4 Thread H:\Windows\system32\svchost.exe [484:1996] 000007feeb3dc2d4 Thread H:\Windows\system32\svchost.exe [484:2864] 000007feeb3dc2d4 Thread H:\Windows\system32\svchost.exe [484:5584] 000007feeb3dc2d4 Thread H:\Windows\system32\svchost.exe [484:5984] 000007fef8945124 Thread H:\Windows\System32\spoolsv.exe [1216:2284] 000007fef8c610c8 Thread H:\Windows\System32\spoolsv.exe [1216:2292] 000007fef8916144 Thread H:\Windows\System32\spoolsv.exe [1216:2296] 000007fef95c5fd0 Thread H:\Windows\System32\spoolsv.exe [1216:2300] 000007fef8963438 Thread H:\Windows\System32\spoolsv.exe [1216:2304] 000007fef95c63ec Thread H:\Windows\System32\spoolsv.exe [1216:2312] 000007fef9335e5c Thread H:\Windows\system32\svchost.exe [1428:1460] 000007fefce71a70 Thread H:\Windows\system32\svchost.exe [1428:1464] 000007fefce71a70 Thread H:\Windows\system32\svchost.exe [1428:1756] 000007fef99a3060 Thread H:\Windows\system32\svchost.exe [1428:2812] 000007fef99a5570 Thread H:\Windows\system32\svchost.exe [1428:2924] 000007fef8152940 Thread H:\Windows\system32\svchost.exe [1428:2528] 000007fef86a2888 Thread H:\Windows\system32\svchost.exe [1428:4768] 000007fef86a2a40 Thread H:\Windows\SysWOW64\ntdll.dll [1560:1564] 000000000094d1f6 Thread H:\Windows\SysWOW64\ntdll.dll [1560:2644] 000000007280a7e0 Thread H:\Windows\SysWOW64\ntdll.dll [1560:2764] 000000006b088960 Thread H:\Windows\SysWOW64\ntdll.dll [1560:2768] 000000006b088960 Thread H:\Windows\SysWOW64\ntdll.dll [1560:2772] 000000006b088960 Thread H:\Windows\SysWOW64\ntdll.dll [1560:2776] 000000006b084090 Thread H:\Windows\SysWOW64\ntdll.dll [1560:3516] 000000007308e2cb Thread H:\Windows\SysWOW64\ntdll.dll [1716:1720] 000000000095178c Thread H:\Windows\SysWOW64\ntdll.dll [1716:1952] 000000006d26abe7 Thread H:\Windows\SysWOW64\ntdll.dll [1716:5116] 000000006d3fcfe0 Thread H:\Windows\system32\svchost.exe [1748:1544] 000007fef7785f00 Thread H:\Windows\system32\svchost.exe [1748:2500] 000007fef954f130 Thread H:\Windows\system32\svchost.exe [1748:2440] 000007fef9544734 Thread H:\Windows\system32\svchost.exe [1748:2996] 000007fef9544734 Thread H:\Windows\system32\svchost.exe [1748:356] 000007fef8945124 Thread [1776:1792] 000007fefdcaa808 Thread [1776:1808] 0000000076f798b0 Thread [1776:2752] 0000000076f78d20 Thread [1776:4600] 0000000076f78d20 Thread [1776:5800] 0000000076f78d20 Thread H:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe [1864:1972] 000000006c2c95a8 Thread H:\Program Files\Windows Media Player\wmpnetwk.exe [636:2788] 000007fefb942a88 Thread H:\Windows\SysWOW64\ntdll.dll [2100:880] 000000000095178c Thread H:\Windows\SysWOW64\ntdll.dll [1196:1636] 0000000000036971 Thread H:\Windows\System32\svchost.exe [3772:4492] 000007fef73cfdf0 Thread H:\Windows\System32\svchost.exe [3772:4800] 000007fef8949874 Thread H:\Windows\SysWOW64\ntdll.dll [5160:6092] 000000000041f70b Thread H:\Windows\SysWOW64\ntdll.dll [5160:5784] 0000000000409a35 ---- Registry - GMER 2.1 ---- Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xDD 0x2A 0xEC 0x87 ... Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 c:\Program Files (x86)\DAEMON Tools Lite\ Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0 Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xDD 0x2A 0xEC 0x87 ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files (x86)\DAEMON Tools Lite\ Reg HKCU\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Persisted@E:\3D cenzura-spam 2.055.001 OxS \xae\3D cenzura-spam 2.055.001 OxS!\xae.exe 1 ---- EOF - GMER 2.1 ----

**Posty:** 4765 · przez **ordynat** 02 Sty 2014, 23:10

Użyj >Adw-cleaner (aby pobrać kliknij na dużą zieloną strzałkę po prawej).
najpierw kliknij na SZUKAJ, a dopiero po zakończeniu skanowania, gdy uaktywni się przycisk USUŃ, to kliknij na niego.
Pokaż raport z niego C:\AdwCleaner\AdwCleaner.txt

Zrób nowy log z OTL.

**Posty:** 503 · przez **Lucky17** 03 Sty 2014, 12:06

Gotowe.

**Posty:** 4765 · przez **ordynat** 03 Sty 2014, 14:00

H:\ProgramData\SaVeNewaApPz
H:\ProgramData\DowNSavE

Daję te powyższe do usuwania, ale jeśli je znasz/sam instalowałeś, to napisz - zmienimy Skrypt.

Uruchom OTL i w oknie Własne opcje skanowania/Skrypt wklej to:

:OTL
O2:64bit: - BHO: (SaVeNewaApPz) - {BCB7675A-19E5-2837-C0C6-C354004A49C0} - H:\ProgramData\SaVeNewaApPz\Y6buvgLl6r.x64.dll ()
O2:64bit: - BHO: (DowNSavE) - {F4D8A4FD-19E9-333A-F772-671ABD164A3E} - H:\ProgramData\DowNSavE\bNu1.x64.dll ()
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Java Plug-in 10.21.2)
O16 - DPF: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Java Plug-in 1.6.0_27)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Java Plug-in 10.21.2)
[2013-12-30 07:53:50 | 000,000,000 | ---D | C] -- H:\ProgramData\ebkaimeiloahmibklbckiggocehlnljo
[2013-12-13 16:36:39 | 000,000,000 | ---D | C] -- H:\Users\Lucky\AppData\Roaming\newnext.me
[2013-12-13 16:36:38 | 000,000,000 | ---D | C] -- H:\Users\Lucky\AppData\Local\genienext
[2013-12-10 18:25:11 | 000,000,000 | ---D | C] -- H:\ProgramData\1b01e5dcaf069762
[2013-12-10 18:24:52 | 000,000,000 | ---D | C] -- H:\ProgramData\InstallMate
[2013-12-05 16:24:42 | 000,000,000 | ---D | C] -- H:\Users\Lucky\.android

:Files
H:\Users\Lucky\AppData\Local\Google\Chrome\User Data\Default\Extensions\pedkelpfelppnfglodekdnpdbjljoigj
H:\ProgramData\DowNSavE
H:\ProgramData\SaVeNewaApPz

:Reg
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes] /64
"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
[HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"=-
[HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"=-
[HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"=-
[HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"=-
[HKEY_USERS\S-1-5-21-4086880579-2245560418-3349926169-1001\Software\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"=-

:Commands
[emptytemp]

Kliknij w Wykonaj Skrypt. Zatwierdź restart komputera. Zapisz raport, który pokaże się po restarcie.
Następnie uruchom OTL ponownie, tym razem kliknij Skanuj.
Pokaż nowy log OTL.txt oraz raport z usuwania Skryptem.

O20:64bit: - AppInit_DLLs: (H:\PROGRA~3\ACCELE~1\ACCELE~2.DLL) - H:\ProgramData\Accelesys\Accelesys_x64.dll ()
O20 - AppInit_DLLs: (h:\progra~3\accele~1\accele~1.dll) - h:\ProgramData\Accelesys\Accelesys.dll ()
[2013-12-26 18:34:50 | 000,000,000 | ---D | C] -- H:\ProgramData\Accelesys

Co to jest? Znasz to?
.

**Posty:** 503 · przez **Lucky17** 03 Sty 2014, 16:09

Akurat nie znam nic z tych rzeczy, które podałeś.

Zapodaję następne.

**Posty:** 4765 · przez **ordynat** 03 Sty 2014, 17:21

Skoro nie znasz, to usuniemy:
Uruchom OTL i w oknie Własne opcje skanowania/Skrypt wklej to:

:OTL
MOD - [2013-12-26 18:34:50 | 004,241,920 | ---- | M] () -- h:\ProgramData\Accelesys\Accelesys.dll
O20:64bit: - AppInit_DLLs: (H:\PROGRA~3\ACCELE~1\ACCELE~2.DLL) - H:\ProgramData\Accelesys\Accelesys_x64.dll ()
O20 - AppInit_DLLs: (h:\progra~3\accele~1\accele~1.dll) - h:\ProgramData\Accelesys\Accelesys.dll ()
O20:64bit: - Winlogon\Notify\WB: DllName - (Reg Error: Value error.) - Reg Error: Value error. File not found
[2013-12-26 18:34:50 | 000,000,000 | ---D | C] -- H:\ProgramData\Accelesys

:Commands
[emptytemp]

Kliknij w Wykonaj Skrypt.
Raportu z tego już nie dawaj.

Kończymy:
W Adw-Cleaner kliknij na przycisk Odinstaluj (UNINSTALL)
W OTL kliknij na przycisk Sprzątanie - to go usunie razem z jego Kwarantanną.

.