Elektroda.pl
Elektroda.pl
X
Elektroda.pl
Advanced Search
Elektroda.pl
Please add exception to AdBlock for elektroda.pl.
If you watch the ads, you support portal and users.

Dziwne zachowanie laptopa

Elektryk92 05 Jan 2019 14:38 519 4
Reply | New topic
  • #1
    Elektryk92
    Level 2  
    Dzień dobry,
    może mi ktoś w skrócie opisać, co powyprawiał w systemie prawdopodobnie wirus? W miejscu programu, który sam się usunął (??) powstał taki oto plik tekstowy: (od razu zrobiłem skan Avirą (nic nie wykrył), a poźniej Adw (usunął kilka niepowiązanych śmieci)

    Thu Jan 03 15:41:49 2019 UTC - Module file name: C:\Program Files (x86)\Jurassic World Evolution\Jurassic World Evolution\GameOverlayRenderer64.dll
    Thu Jan 03 15:41:49 2019 UTC - GameID = 0
    Thu Jan 03 15:41:49 2019 UTC - System page size: 4096
    Thu Jan 03 15:41:49 2019 UTC - Hooking SetCursorPos, GetCursorPos, ShowCursor, and SetCursor
    Thu Jan 03 15:41:49 2019 UTC - Aborting HookFunc because pHookFunctionAddr is null
    Thu Jan 03 15:41:49 2019 UTC - Failed hooking RegisterDeviceNotificationA()
    Thu Jan 03 15:41:49 2019 UTC - Aborting HookFunc because pHookFunctionAddr is null
    Thu Jan 03 15:41:49 2019 UTC - Failed hooking RegisterDeviceNotificationW()
    Thu Jan 03 15:41:49 2019 UTC - Aborting HookFunc because pHookFunctionAddr is null
    Thu Jan 03 15:41:49 2019 UTC - Failed hooking UnregisterDeviceNotification()
    Thu Jan 03 15:41:49 2019 UTC - Game is using dxgi (dx10/dx11), preparing to hook.
    Thu Jan 03 15:41:49 2019 UTC - XInput Hooked XInputGetCapabilities Version 10
    Thu Jan 03 15:41:49 2019 UTC - XInput Hooked XInputGetDSoundAudioDeviceGuids Version 10
    Thu Jan 03 15:41:49 2019 UTC - XInput Hooked XInputGetState Version 10
    Thu Jan 03 15:41:49 2019 UTC - XInput Hooked XInputSetState Version 10
    Thu Jan 03 15:41:49 2019 UTC - Modules at GameOverlayRenderer.dll attach
    Thu Jan 03 15:41:49 2019 UTC - 01: JWE.exe - (0000000140000000 to 000000015032A000)
    Thu Jan 03 15:41:49 2019 UTC - 02: ntdll.dll - (00007FF947B70000 to 00007FF947D42000)
    Thu Jan 03 15:41:49 2019 UTC - 03: KERNEL32.DLL - (00007FF947A40000 to 00007FF947AEC000)
    Thu Jan 03 15:41:49 2019 UTC - 04: KERNELBASE.dll - (00007FF944090000 to 00007FF9442AD000)
    Thu Jan 03 15:41:49 2019 UTC - 05: apphelp.dll - (00007FF942210000 to 00007FF94228A000)
    Thu Jan 03 15:41:49 2019 UTC - 06: advapi32.dll - (00007FF946C10000 to 00007FF946CB2000)
    Thu Jan 03 15:41:49 2019 UTC - 07: msvcrt.dll - (00007FF946B10000 to 00007FF946BAE000)
    Thu Jan 03 15:41:49 2019 UTC - 08: sechost.dll - (00007FF946E60000 to 00007FF946EB9000)
    Thu Jan 03 15:41:49 2019 UTC - 09: RPCRT4.dll - (00007FF947150000 to 00007FF947271000)
    Thu Jan 03 15:41:49 2019 UTC - 10: ucrtbase.dll - (00007FF9442B0000 to 00007FF9443A5000)
    Thu Jan 03 15:41:49 2019 UTC - 11: gdi32.dll - (00007FF947280000 to 00007FF9472B4000)
    Thu Jan 03 15:41:49 2019 UTC - 12: anselsdk64.dll - (00007FF936E00000 to 00007FF936EA7000)
    Thu Jan 03 15:41:49 2019 UTC - 13: gdi32full.dll - (00007FF9443B0000 to 00007FF944530000)
    Thu Jan 03 15:41:49 2019 UTC - 14: dbghelp.dll - (00007FF9401D0000 to 00007FF940362000)
    Thu Jan 03 15:41:49 2019 UTC - 15: d3d11.dll - (00007FF940B80000 to 00007FF940E36000)
    Thu Jan 03 15:41:49 2019 UTC - 16: USER32.dll - (00007FF946F40000 to 00007FF9470A5000)
    Thu Jan 03 15:41:49 2019 UTC - 17: win32u.dll - (00007FF944070000 to 00007FF94408E000)
    Thu Jan 03 15:41:49 2019 UTC - 18: normaliz.dll - (00007FF947B60000 to 00007FF947B68000)
    Thu Jan 03 15:41:49 2019 UTC - 19: dxgi.dll - (00007FF942F60000 to 00007FF942FFF000)
    Thu Jan 03 15:41:49 2019 UTC - 20: ole32.dll - (00007FF946D20000 to 00007FF946E58000)
    Thu Jan 03 15:41:49 2019 UTC - 21: combase.dll - (00007FF945100000 to 00007FF9453C8000)
    Thu Jan 03 15:41:49 2019 UTC - 22: bcryptPrimitives.dll - (00007FF944850000 to 00007FF9448BA000)
    Thu Jan 03 15:41:49 2019 UTC - 23: oleaut32.dll - (00007FF9473D0000 to 00007FF94748F000)
    Thu Jan 03 15:41:49 2019 UTC - 24: msvcp_win.dll - (00007FF944700000 to 00007FF94479C000)
    Thu Jan 03 15:41:49 2019 UTC - 25: gfsdk_aftermath_lib.x64.dll - (00007FF93E4C0000 to 00007FF93E4E6000)
    Thu Jan 03 15:41:49 2019 UTC - 26: hid.dll - (00007FF942EC0000 to 00007FF942ECC000)
    Thu Jan 03 15:41:49 2019 UTC - 27: powrprof.dll - (00007FF944010000 to 00007FF94405C000)
    Thu Jan 03 15:41:49 2019 UTC - 28: gdiplus.dll - (00007FF93FF10000 to 00007FF9400AA000)
    Thu Jan 03 15:41:49 2019 UTC - 29: setupapi.dll - (00007FF947610000 to 00007FF947A39000)
    Thu Jan 03 15:41:49 2019 UTC - 30: cfgmgr32.dll - (00007FF944920000 to 00007FF944962000)
    Thu Jan 03 15:41:49 2019 UTC - 31: shell32.dll - (00007FF945460000 to 00007FF946968000)
    Thu Jan 03 15:41:49 2019 UTC - 32: VERSION.dll - (00007FF93DA40000 to 00007FF93DA4A000)
    Thu Jan 03 15:41:49 2019 UTC - 33: windows.storage.dll - (00007FF944970000 to 00007FF94504A000)
    Thu Jan 03 15:41:49 2019 UTC - 34: shlwapi.dll - (00007FF946CC0000 to 00007FF946D12000)
    Thu Jan 03 15:41:49 2019 UTC - 35: kernel.appcore.dll - (00007FF943FE0000 to 00007FF943FEF000)
    Thu Jan 03 15:41:49 2019 UTC - 36: shcore.dll - (00007FF9447A0000 to 00007FF944849000)
    Thu Jan 03 15:41:49 2019 UTC - 37: profapi.dll - (00007FF943FF0000 to 00007FF944004000)
    Thu Jan 03 15:41:49 2019 UTC - 38: ws2_32.dll - (00007FF946EC0000 to 00007FF946F2A000)
    Thu Jan 03 15:41:49 2019 UTC - 39: steam_api64.dll - (0000000077A00000 to 0000000077A3E000)
    Thu Jan 03 15:41:49 2019 UTC - 40: vcruntime140.dll - (00007FF93EEA0000 to 00007FF93EEB6000)
    Thu Jan 03 15:41:49 2019 UTC - 41: wininet.dll - (00007FF92FEC0000 to 00007FF93018A000)
    Thu Jan 03 15:41:49 2019 UTC - 42: winmm.dll - (00007FF942350000 to 00007FF942373000)
    Thu Jan 03 15:41:49 2019 UTC - 43: xinput9_1_0.dll - (00007FF93F090000 to 00007FF93F097000)
    Thu Jan 03 15:41:49 2019 UTC - 44: CODEX64.DLL - (00007FF93DC30000 to 00007FF93DC97000)
    Thu Jan 03 15:41:49 2019 UTC - 45: WINMMBASE.dll - (00000000001B0000 to 00000000001DB000)
    Thu Jan 03 15:41:49 2019 UTC - 46: PSAPI.DLL - (00007FF9472C0000 to 00007FF9472C8000)
    Thu Jan 03 15:41:49 2019 UTC - 47: GameOverlayRenderer64.dll - (00007FF9240D0000 to 00007FF924255000)
    Thu Jan 03 15:41:49 2019 UTC - 48: steamclient64.dll - (0000000180000000 to 000000018027C000)
    Thu Jan 03 15:41:49 2019 UTC - 49: IMM32.dll - (00007FF9453D0000 to 00007FF9453FE000)
    Thu Jan 03 15:41:49 2019 UTC - 50: CRYPTBASE.DLL - (00007FF943AD0000 to 00007FF943ADB000)
    Thu Jan 03 15:41:49 2019 UTC - 51: dbgcore.DLL - (00007FF9362B0000 to 00007FF9362D9000)
    Thu Jan 03 15:41:49 2019 UTC - ----------------------------
    Thu Jan 03 15:41:52 2019 UTC - hookCreateDXGIFactory1 called
    Thu Jan 03 15:41:52 2019 UTC - Hooking vtable for factory
    Thu Jan 03 15:41:52 2019 UTC - DXGIFactory2_CreateSwapChain already hooked via IDXGIFactory or IDXGIFactory1
    Thu Jan 03 15:41:52 2019 UTC - hookCreateDXGIFactory1 called
    Thu Jan 03 15:41:52 2019 UTC - Hooking vtable for factory
    Thu Jan 03 15:41:52 2019 UTC - DXGIFactory2_CreateSwapChain already hooked via IDXGIFactory or IDXGIFactory1
    Thu Jan 03 15:41:53 2019 UTC - Aborting UnhookFunc because pRealFunctionAddr is not hooked
    Thu Jan 03 15:41:53 2019 UTC - Aborting UnhookFunc because pRealFunctionAddr is not hooked
    Thu Jan 03 15:41:53 2019 UTC - Aborting UnhookFunc because pRealFunctionAddr is not hooked
    Thu Jan 03 15:41:53 2019 UTC - Aborting UnhookFunc because pRealFunctionAddr is not hooked
    Thu Jan 03 15:41:53 2019 UTC - XInput Hooked XInputEnable Version 14
    Thu Jan 03 15:41:53 2019 UTC - XInput Hooked XInputGetAudioDeviceIds Version 14
    Thu Jan 03 15:41:53 2019 UTC - XInput Hooked XInputGetBatteryInformation Version 14
    Thu Jan 03 15:41:53 2019 UTC - XInput Hooked XInputGetCapabilities Version 14
    Thu Jan 03 15:41:53 2019 UTC - XInput Hooked XInputGetKeystroke Version 14
    Thu Jan 03 15:41:53 2019 UTC - XInput Hooked XInputGetState Version 14
    Thu Jan 03 15:41:53 2019 UTC - XInput Hooked XInputGetStateEX Version 14
    Thu Jan 03 15:41:53 2019 UTC - XInput Hooked XInputSetState Version 14
    Thu Jan 03 15:41:53 2019 UTC - Initializing Audio...
    Thu Jan 03 15:41:55 2019 UTC - IWrapDXGIFactory2::IDXGIFactory2_CreateSwapChainForHWND called
    Thu Jan 03 15:41:55 2019 UTC - Hooking vtable for swap chain
    Thu Jan 03 15:41:55 2019 UTC - Trying to detour d3d11 device
    Thu Jan 03 15:41:55 2019 UTC - Hooking vtable for device
    Thu Jan 03 15:41:55 2019 UTC - Tracking new device: 11e65570
    Thu Jan 03 15:41:55 2019 UTC - Tracking new swap chain: 1ddc0df0 (with device: 11e65570)
    Thu Jan 03 15:41:55 2019 UTC - Creating D3D11 renderer
    Thu Jan 03 15:41:55 2019 UTC - Hooking vtable for swap chain1
    Thu Jan 03 15:42:06 2019 UTC - Trying to setup input hook...
    Thu Jan 03 15:42:06 2019 UTC - Set input hook...
    Thu Jan 03 15:42:06 2019 UTC - Releasing all resources for device: 0000000011E65570
    Thu Jan 03 15:42:06 2019 UTC - Detaching input hook...
    Thu Jan 03 15:42:07 2019 UTC - Trying to setup input hook...
    Thu Jan 03 15:42:07 2019 UTC - Set input hook...
    Thu Jan 03 15:42:30 2019 UTC - Disabling overlay for 2 seconds (23 seconds since last frame from ui process was seen)
    Thu Jan 03 15:42:53 2019 UTC - Disabling overlay for 2 seconds (46 seconds since last frame from ui process was seen)
    Thu Jan 03 15:42:55 2019 UTC - Disabling overlay for 2 seconds (48 seconds since last frame from ui process was seen)
    Thu Jan 03 15:42:57 2019 UTC - Disabling overlay for 2 seconds (50 seconds since last frame from ui process was seen)
    Thu Jan 03 15:42:59 2019 UTC - Disabling overlay for 2 seconds (52 seconds since last frame from ui process was seen)
    Thu Jan 03 15:43:01 2019 UTC - Disabling overlay for 2 seconds (54 seconds since last frame from ui process was seen)
    Thu Jan 03 15:43:03 2019 UTC - Disabling overlay for 2 seconds (56 seconds since last frame from ui process was seen)
    Thu Jan 03 15:43:05 2019 UTC - Disabling overlay for 2 seconds (58 seconds since last frame from ui process was seen)
    Thu Jan 03 15:43:07 2019 UTC - Disabling overlay for 2 seconds (60 seconds since last frame from ui process was seen)
    Thu Jan 03 15:43:09 2019 UTC - Disabling overlay for 2 seconds (62 seconds since last frame from ui process was seen)
    Thu Jan 03 15:43:11 2019 UTC - Disabling overlay for 2 seconds (64 seconds since last frame from ui process was seen)
    Thu Jan 03 15:43:13 2019 UTC - Disabling overlay for 2 seconds (66 seconds since last frame from ui process was seen)
    Thu Jan 03 15:43:15 2019 UTC - Disabling overlay for 2 seconds (68 seconds since last frame from ui process was seen)
    Thu Jan 03 15:43:39 2019 UTC - Disabling overlay for 2 seconds (92 seconds since last frame from ui process was seen)
    Thu Jan 03 15:43:41 2019 UTC - Disabling overlay for 2 seconds (94 seconds since last frame from ui process was seen)
    Thu Jan 03 15:43:43 2019 UTC - Disabling overlay for 2 seconds (96 seconds since last frame from ui process was seen)
    Thu Jan 03 15:43:45 2019 UTC - Disabling overlay for 2 seconds (98 seconds since last frame from ui process was seen)
    Thu Jan 03 15:43:48 2019 UTC - Disabling overlay for 2 seconds (101 seconds since last frame from ui process was seen)
    Thu Jan 03 15:43:50 2019 UTC - Disabling overlay for 2 seconds (103 seconds since last frame from ui process was seen)
    Thu Jan 03 15:43:52 2019 UTC - Disabling overlay for 2 seconds (105 seconds since last frame from ui process was seen)
    Thu Jan 03 15:43:54 2019 UTC - Disabling overlay for 2 seconds (107 seconds since last frame from ui process was seen)
    Thu Jan 03 15:43:56 2019 UTC - Disabling overlay for 2 seconds (109 seconds since last frame from ui process was seen)
    Thu Jan 03 15:43:58 2019 UTC - Disabling overlay for 2 seconds (111 seconds since last frame from ui process was seen)
    Thu Jan 03 15:44:00 2019 UTC - Disabling overlay for 2 seconds (113 seconds since last frame from ui process was seen)
    Thu Jan 03 15:44:03 2019 UTC - Disabling overlay for 2 seconds (116 seconds since last frame from ui process was seen)
    Thu Jan 03 15:44:20 2019 UTC - Disabling overlay for 10 seconds (133 seconds since last frame from ui process was seen)
    Thu Jan 03 15:44:35 2019 UTC - Disabling overlay for 10 seconds (148 seconds since last frame from ui process was seen)
    Thu Jan 03 15:44:50 2019 UTC - Disabling overlay for 10 seconds (163 seconds since last frame from ui process was seen)
    Thu Jan 03 15:45:05 2019 UTC - Disabling overlay for 10 seconds (178 seconds since last frame from ui process was seen)
    Thu Jan 03 15:45:20 2019 UTC - Disabling overlay for 10 seconds (193 seconds since last frame from ui process was seen)
    Thu Jan 03 15:45:42 2019 UTC - Disabling overlay for 10 seconds (215 seconds since last frame from ui process was seen)
    Thu Jan 03 15:46:10 2019 UTC - Disabling overlay for 10 seconds (243 seconds since last frame from ui process was seen)
    Thu Jan 03 15:46:25 2019 UTC - Disabling overlay for 10 seconds (258 seconds since last frame from ui process was seen)
    Thu Jan 03 15:46:43 2019 UTC - Disabling overlay for 10 seconds (276 seconds since last frame from ui process was seen)
    Thu Jan 03 15:46:58 2019 UTC - Disabling overlay for 10 seconds (291 seconds since last frame from ui process was seen)
    Thu Jan 03 15:47:13 2019 UTC - Disabling overlay for 30 seconds (306 seconds since last frame from ui process was seen)
    Thu Jan 03 15:47:43 2019 UTC - Disabling overlay for 30 seconds (336 seconds since last frame from ui process was seen)
    Thu Jan 03 15:48:13 2019 UTC - Disabling overlay for 30 seconds (366 seconds since last frame from ui process was seen)
    Thu Jan 03 15:48:43 2019 UTC - Disabling overlay for 30 seconds (396 seconds since last frame from ui process was seen)
    Thu Jan 03 15:49:13 2019 UTC - Disabling overlay for 30 seconds (426 seconds since last frame from ui process was seen)
    Thu Jan 03 15:49:43 2019 UTC - Disabling overlay for 30 seconds (456 seconds since last frame from ui process was seen)
    Thu Jan 03 15:50:13 2019 UTC - Disabling overlay for 30 seconds (486 seconds since last frame from ui process was seen)
    Thu Jan 03 15:50:43 2019 UTC - Disabling overlay for 30 seconds (516 seconds since last frame from ui process was seen)
    Thu Jan 03 15:51:13 2019 UTC - Disabling overlay for 30 seconds (546 seconds since last frame from ui process was seen)
    Thu Jan 03 15:51:43 2019 UTC - Disabling overlay for 30 seconds (576 seconds since last frame from ui process was seen)
    Thu Jan 03 15:52:13 2019 UTC - Disabling overlay for 20 minutes (606 seconds since last frame from ui process was seen)
    Thu Jan 03 16:11:33 2019 UTC - Clearing input stream because it is about to overflow
    Thu Jan 03 16:12:13 2019 UTC - Disabling overlay for 20 minutes (1806 seconds since last frame from ui process was seen)
    Thu Jan 03 16:32:13 2019 UTC - Disabling overlay for 20 minutes (3006 seconds since last frame from ui process was seen)
    Thu Jan 03 16:41:00 2019 UTC - Clearing input stream because it is about to overflow
    Thu Jan 03 16:52:13 2019 UTC - Disabling overlay for 20 minutes (4206 seconds since last frame from ui process was seen)
    Thu Jan 03 17:12:13 2019 UTC - Disabling overlay for 20 minutes (5406 seconds since last frame from ui process was seen)
    Thu Jan 03 17:15:06 2019 UTC - Clearing input stream because it is about to overflow
    Thu Jan 03 17:32:13 2019 UTC - Disabling overlay for 20 minutes (6606 seconds since last frame from ui process was seen)
    Thu Jan 03 17:50:14 2019 UTC - Clearing input stream because it is about to overflow
    Thu Jan 03 17:52:26 2019 UTC - Disabling overlay for 20 minutes (7819 seconds since last frame from ui process was seen)
    Thu Jan 03 17:56:24 2019 UTC - Releasing all resources for device: 0000000011E65570
    Thu Jan 03 17:56:24 2019 UTC - Detaching input hook...
    Thu Jan 03 17:56:24 2019 UTC - DeleteD3D11RendererForSwapChain called for: 000000001DDC0DF0
    Thu Jan 03 17:56:24 2019 UTC - Releasing all resources for device: 0000000011E65570
    Thu Jan 03 17:56:25 2019 UTC - DeleteDevice called for: 0000000011E65570
    Thu Jan 03 17:56:25 2019 UTC - No renderer for this device
    Thu Jan 03 17:56:30 2019 UTC - GameOverlayRenderer.dll detaching
  • Helpful post
    #4
    krzychupar
    Level 43  
    Otwórz notatnik systemowy i wklej:

    CloseProcesses:
    Hosts:
    HKLM\...\Run: [] => [X]
    HKLM-x32\...\Run: [] => [X]
    HKU\S-1-5-21-909829594-751420142-932314572-1002\...\Run: [] => [X]
    HKU\S-1-5-21-909829594-751420142-932314572-1002\...\MountPoints2: {6cceb2ca-73b2-11e7-83e0-c83dd4808220} - "F:\setup.exe"
    HKU\S-1-5-21-909829594-751420142-932314572-1002\...\MountPoints2: {a19ecef0-2c5c-11e8-83f2-c83dd4808220} - "G:\HiSuiteDownLoader.exe"
    Tcpip\..\Interfaces\{0b2d565b-a8d2-49be-af4b-3208fab65c5b}: [DhcpNameServer] 150.203.1.2
    S4 McProxy; "C:\Program Files\Common Files\McAfee\platform\McSvcHost\McSvHost.exe" /McCoreSvc [X]
    EmptyTemp:

    Plik zapisz pod nazwą fixlist.txt i umieść w folderze, gdzie masz FRST.exe.
    Uruchom FRST i kliknij w Fix/Napraw.

    Ten plik tekstowy to jaką miał nazwę?
  • #5
    Elektryk92
    Level 2  
    Zrobiłem tak jak mówiłeś. Plik miał nazwę GameOverlayRenderer. Skrypt jak widać uruchomił się wraz z pierwszym odpaleniem gry, po jej wyłączeniu gra sama sie usunela i powstal ten plik. Nie dalo sie wylaczyc laptopa (wylaczenie = wlaczenie), ale po twardym resecie mozna bylo wylaczac juz normalnie.
    Attachments:
Reply | New topic