Elektroda.pl
Elektroda.pl
X
CControls
Proszę, dodaj wyjątek www.elektroda.pl do Adblock.
Dzięki temu, że oglądasz reklamy, wspierasz portal i użytkowników.

DNS Unlocker - Jak usunąć

radamentx64 17 Sie 2015 16:34 25722 13
  • #1 17 Sie 2015 16:34
    radamentx64
    Poziom 2  

    Witam od pewnego czasu męczę się z tym dziadostwem jakim jest DNS Unlocker.
    Próbowałem go usunąć ręcznie z przeglądarki, usunąłem z panelu sterowania, grzebałem w regedit'cie i nic. Ktoś zna jakiś konkretny sposób? (Posiadam Win 7.)

    5 13
  • CControls
  • CControls
  • #4 17 Sie 2015 16:53
    Kolobos
    Spec od komputerów

    Masz dac logi w zalaczniku na forum, od biedy na wklej.org
    Nie na jakis badziewny hosting, ktory wyswietla jedynie reklamy.

    0
  • #6 17 Sie 2015 17:18
    Kolobos
    Spec od komputerów

    Potrzebne Ci te programy?
    HKU\S-1-5-21-3063791839-1170576514-2770126652-1000\...\Run: [FreeVPN] => "C:\Program Files (x86)\FreeVPN\FreeVPN.exe" hide
    HKU\S-1-5-21-3063791839-1170576514-2770126652-1000\...\Run: [Hide IP NG] => C:\Program Files (x86)\Hide IP NG\hideipng.exe
    HKU\S-1-5-21-3063791839-1170576514-2770126652-1000\...\Run: [Real Hide IP] => C:\Program Files (x86)\RealHideIP\RealHideIP.exe
    Jezeli nie to dodaj do fixlist.txt.

    Odinstaluj:
    Adobe Reader 7.0 - Polish (HKLM-x32\...\{AC76BA86-7AD7-1045-7B44-A70000000000}) (Version: 007.000.000 - Adobe Systems Incorporated)
    Show Apps in new tab (HKLM-x32\...\{F6C44C71-2CFE-8176-3A4D-CBD0DCE5AEFA}) (Version: - "") <==== ATTENTION

    Zainstaluj http://ninite.com/foxit/

    Obok frst.exe utworz plik fixlist.txt z zawartoscia:
    Task: {81488DCD-20C1-4C19-9ACB-DDB0E9B1197F} - System32\Tasks\Bidaily Synchronize Task[8da6] => c:\programdata\{39e45bd3-293b-cfdc-39e4-45bd32936f4c}\hqghumeaylnlf.exe <==== ATTENTION
    Task: C:\Windows\Tasks\Bidaily Synchronize Task[8da6].job => c:\programdata\{39e45bd3-293b-cfdc-39e4-45bd32936f4c}\hqghumeaylnlf.exe <==== ATTENTION
    HKU\S-1-5-21-3063791839-1170576514-2770126652-1000\Software\Classes\.exe: => <===== ATTENTION
    () C:\Program Files (x86)\Astonishing Boy\0014c823.ftf.ftf
    () C:\Program Files (x86)\Proud Bitter\Proud Bitter.exe
    (© 2015 Microsoft Corporation) C:\Users\Zbig\AppData\Local\Microsoft\BingSvc\BingSvc.exe
    HKU\S-1-5-19\...\Run: [Exetender] => "C:\Program Files (x86)\Free Ride Games\GPlayer.exe" /runonstartup
    HKU\S-1-5-20\...\Run: [Exetender] => "C:\Program Files (x86)\Free Ride Games\GPlayer.exe" /runonstartup
    HKU\S-1-5-21-3063791839-1170576514-2770126652-1000\...\Run: [DW6] => C:\Program Files (x86)\The Weather Channel FW\Desktop\DesktopWeather.exe [822384 2010-06-04] (The Weather Channel Interactive, Inc.)
    HKU\S-1-5-21-3063791839-1170576514-2770126652-1000\...\Run: [Exetender] => "C:\Program Files (x86)\Free Ride Games\GPlayer.exe" /schedule 300000
    HKU\S-1-5-21-3063791839-1170576514-2770126652-1000\...\Run: [Akamai NetSession Interface] => C:\Users\Zbig\AppData\Local\Akamai\netsession_win.exe [4691384 2015-07-23] (Akamai Technologies, Inc.)
    HKU\S-1-5-21-3063791839-1170576514-2770126652-1000\...\Run: [BingSvc] => C:\Users\Zbig\AppData\Local\Microsoft\BingSvc\BingSvc.exe [144008 2015-04-07] (© 2015 Microsoft Corporation)
    HKU\S-1-5-18\...\Run: [Exetender] => "C:\Program Files (x86)\Free Ride Games\GPlayer.exe" /runonstartup
    AppInit_DLLs: C:\PROGRA~2\GS_BOO~1\ASSIST~2.DLL => C:\PROGRA~2\GS_BOO~1\ASSIST~2.DLL File not found
    AppInit_DLLs-x32: c:\progra~3\browse~1\261095~1.52\{c16c1~1\browse~1.dll => "c:\progra~3\browse~1\261095~1.52\{c16c1~1\browse~1.dll" File not found
    AppInit_DLLs-x32: c:\progra~2\gs_boo~1\assist~1.dll => "c:\progra~2\gs_boo~1\assist~1.dll" File not found




    Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk [2014-12-01]
    ShortcutTarget: Adobe Reader Speed Launch.lnk -> C:\Program Files (x86)\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated)
    Startup: C:\Users\Zbig\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\wnr3.exe [2010-09-17] ()
    GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
    GroupPolicyUsers\S-1-5-21-3063791839-1170576514-2770126652-1004\User: Restriction detected <======= ATTENTION
    CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
    CHR HKU\S-1-5-21-3063791839-1170576514-2770126652-1000\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
    URLSearchHook: HKLM-x32 - IAOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files (x86)\AOL Toolbar\aoltb.dll No File
    URLSearchHook: HKU\S-1-5-21-3063791839-1170576514-2770126652-1000 - IAOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files (x86)\AOL Toolbar\aoltb.dll No File
    URLSearchHook: HKU\S-1-5-21-3063791839-1170576514-2770126652-1000 - (No Name) - {87d5d709-40f2-48a7-8f47-7bb821af70ab} - No File
    SearchScopes: HKU\S-1-5-21-3063791839-1170576514-2770126652-1000 -> DefaultScope {BF63B9E9-28F3-4C76-94FA-043620F7FF7E} URL = hxxp://www.bing.com/search?FORM=SK2MDF&PC=SK2M&q={searchTerms}&src=IE-SearchBox
    SearchScopes: HKU\S-1-5-21-3063791839-1170576514-2770126652-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-21-3063791839-1170576514-2770126652-1000 -> {BF63B9E9-28F3-4C76-94FA-043620F7FF7E} URL = hxxp://www.bing.com/search?FORM=SK2MDF&PC=SK2M&q={searchTerms}&src=IE-SearchBox
    Toolbar: HKU\S-1-5-21-3063791839-1170576514-2770126652-1000 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
    Toolbar: HKU\S-1-5-21-3063791839-1170576514-2770126652-1000 -> No Name - {87D5D709-40F2-48A7-8F47-7BB821AF70AB} - No File
    CHR HKU\S-1-5-21-3063791839-1170576514-2770126652-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [hmhfbmpdiffkamakhdbcgojfnbnlcenm] - C:\ProgramData\Microsoft\Windows\DRM\Server\notificatoin_1.0.0.crx [2013-10-28]
    CHR HKLM-x32\...\Chrome\Extension: [giacfgjdclhnmkacnfbaljbmpnelflol] - C:\Program Files (x86)\iVIDI.org plugin\ividiplg.crx [2012-11-05]
    CHR HKLM-x32\...\Chrome\Extension: [hmhfbmpdiffkamakhdbcgojfnbnlcenm] - C:\ProgramData\Microsoft\Windows\DRM\Server\notificatoin_1.0.0.crx [2013-10-28]
    CHR HKLM-x32\...\Chrome\Extension: [ieadcoanfjloocmfafkebdnfefmohngj] - C:\Program Files (x86)\BonanzaDeals\BonanzaDeals.crx <not found>
    CHR HKLM-x32\...\Chrome\Extension: [jfmjfhklogoienhpfnppmbcbjfjnkonk] - <no Path/update_url>
    CHR HKLM-x32\...\Chrome\Extension: [knkakpihealnpggeceajhaonlmgdkaip] - C:\Users\Zbig\AppData\Local\Temp\tbch.crx <not found>
    CHR HKLM-x32\...\Chrome\Extension: [pbiamblgmkgbcgbcgejjgebalncpmhnp] - C:\Program Files (x86)\StartSearch plugin\vshareplg.crx <not found>
    R2 Astonishing Boy; C:\Program Files (x86)\Astonishing Boy\0014c823.ftf.ftf [8016624 2015-05-15] () [File not signed]
    R2 Proud Bitter; C:\Program Files (x86)\Proud Bitter\Proud Bitter.exe [8016107 2015-06-10] () [File not signed] <==== ATTENTION
    S3 ByakkoSvc; C:\Program Files (x86)\EliteKingdoms\Cabal\Byakko.exe [X]
    U3 ao8bm0og; C:\Windows\System32\Drivers\ao8bm0og.sys [0 ] (Microsoft Corporation) <==== ATTENTION (zero byte File/Folder)
    S3 dump_wmimmc; \??\C:\Rohan_Global\GameGuard\dump_wmimmc.sys [X]
    S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]
    S3 VBoxNetFlt; system32\DRIVERS\VBoxNetFlt.sys [X]
    S3 vtany; \??\C:\Windows\vtany.sys [X]
    S3 wanatw; system32\DRIVERS\wanatw64.sys [X]
    S3 WinRing0_1_2_0; \??\C:\Program Files (x86)\IObit\Game Booster 3\Driver\WinRing0x64.sys [X]
    S2 X5XSEx; \??\C:\Program Files (x86)\Free Ride Games\X5XSEx.Sys [X]
    S3 X6va003; \??\C:\Users\Zbig\AppData\Local\Temp\00365F3.tmp [X]
    S3 X6va005; \??\C:\Users\Zbig\AppData\Local\Temp\005D883.tmp [X]
    S3 X6va006; \??\C:\Users\Zbig\AppData\Local\Temp\0066D67.tmp [X]
    S3 X6va007; \??\C:\Users\Zbig\AppData\Local\Temp\007E789.tmp [X]
    S3 X6va008; \??\C:\Windows\SysWOW64\Drivers\X6va008 [X]
    S3 X6va009; \??\C:\Windows\SysWOW64\Drivers\X6va009 [X]
    S3 X6va010; \??\C:\Windows\SysWOW64\Drivers\X6va010 [X]
    S3 X6va011; \??\C:\Windows\SysWOW64\Drivers\X6va011 [X]
    S3 X6va012; \??\C:\Windows\SysWOW64\Drivers\X6va012 [X]
    S3 X6va015; \??\C:\Windows\SysWOW64\Drivers\X6va015 [X]
    S3 X6va016; \??\C:\Windows\SysWOW64\Drivers\X6va016 [X]
    S3 X6va017; \??\C:\Windows\SysWOW64\Drivers\X6va017 [X]
    S3 X6va019; \??\C:\Windows\SysWOW64\Drivers\X6va019 [X]
    S3 X6va021; \??\C:\Windows\SysWOW64\Drivers\X6va021 [X]
    S3 X6va022; \??\C:\Windows\SysWOW64\Drivers\X6va022 [X]
    S3 X6va028; \??\C:\Windows\SysWOW64\Drivers\X6va028 [X]
    S3 X6va029; \??\C:\Windows\SysWOW64\Drivers\X6va029 [X]
    S3 xhunter1; \??\C:\Windows\xhunter1.sys [X]
    2015-08-17 16:45 - 2015-08-17 16:46 - 00001442 _____ C:\AdwCleaner[S2].txt
    2015-08-17 13:05 - 2015-08-17 13:05 - 00000000 ____D C:\ProgramData\4c60f23aaee4e7be
    2015-08-17 12:57 - 2015-08-17 12:57 - 00003368 _____ C:\Windows\PFRO.log
    2015-08-17 12:55 - 2015-08-17 12:56 - 00063012 _____ C:\AdwCleaner[C1].txt
    2015-08-17 12:53 - 2015-08-17 12:55 - 00000000 ____D C:\AdwCleaner
    2015-08-17 12:53 - 2015-08-17 12:54 - 00059347 _____ C:\AdwCleaner[S1].txt
    2015-08-15 10:29 - 2015-08-17 16:29 - 00000338 _____ C:\Windows\Tasks\Bidaily Synchronize Task[8da6].job
    2015-08-15 10:29 - 2015-08-15 10:29 - 00003248 _____ C:\Windows\System32\Tasks\Bidaily Synchronize Task[8da6]
    2015-02-02 23:55 - 2015-04-14 20:35 - 0000079 _____ () C:\Program Files (x86)\prefs.js
    C:\Users\Zbig\AppData\Local\Temp*.html
    C:\ProgramData\dsgsdgdsgdsgw.pad
    EmptyTemp:

    W FRST wybierz Fix.

    2
  • #8 21 Sie 2015 09:47
    Acorus 20
    Spec od komputerów

    Otwórz notatnik systemowy i wklej:

    Cytat:
    SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-21-1730731496-1249537530-3085688557-1002 -> DefaultScope {5F3C9433-1D9B-4C48-9092-20889DC6E3F8} URL = hxxp://isearch.omiga-plus.com/web/?utm_source...LW3XXXXS1DHSLW3&ts=1422354500&type=default&q={searchTerms}
    SearchScopes: HKU\S-1-5-21-1730731496-1249537530-3085688557-1002 -> {5F3C9433-1D9B-4C48-9092-20889DC6E3F8} URL = hxxp://isearch.omiga-plus.com/web/?utm_source...LW3XXXXS1DHSLW3&ts=1422354500&type=default&q={searchTerms}
    SearchScopes: HKU\S-1-5-21-1730731496-1249537530-3085688557-1002 -> {E733165D-CBCF-4FDA-883E-ADEF965B476C} URL = hxxp://isearch.omiga-plus.com/web/?utm_source...LW3XXXXS1DHSLW3&ts=1422354500&type=default&q={searchTerms}
    BHO: WWowCoupOn -> {2B333802-3108-4547-B215-312694801292} -> C:\Program Files (x86)\WWowCoupOn\o01Uqpaq71NZOy.x64.dll No File
    BHO: WowCoupioN -> {5AB5D45E-3789-4082-A6FD-A848AF2C1193} -> C:\Program Files (x86)\WowCoupioN\SDVH6VIDDzxzna.x64.dll No File
    BHO: FIneDEaleSouFt -> {61E83196-8303-4198-8D46-EF1B2B2376DF} -> No File
    BHO: savvingtoyouu -> {EE04EA7D-91CE-489D-91D3-D4BE25DF6EBE} -> C:\Program Files (x86)\savvingtoyouu\1LcWEMigHtmMEV.x64.dll No File
    BHO-x32: No Name -> {61E83196-8303-4198-8D46-EF1B2B2376DF} -> No File
    BHO-x32: No Name -> {EE04EA7D-91CE-489D-91D3-D4BE25DF6EBE} -> No File
    CHR HKLM\...\Chrome\Extension: [dbhjdbfgekjfcfkkfjjmlmojhbllhbho] - https://chrome.google.com/webstore/detail/dbhjdbfgekjfcfkkfjjmlmojhbllhbho
    CHR HKLM-x32\...\Chrome\Extension: [dbhjdbfgekjfcfkkfjjmlmojhbllhbho] - https://chrome.google.com/webstore/detail/dbhjdbfgekjfcfkkfjjmlmojhbllhbho
    U4 klkbdflt2; \SystemRoot\system32\DRIVERS\klkbdflt2.sys [X]
    2015-08-21 08:55 - 2015-08-21 08:55 - 00000000 ____D C:\AdwCleaner
    EmptyTemp:


    Plik zapisz pod nazwą fixlist.txt i umieść obok FRST w tym samym folderze.
    Uruchom jako administrator FRST i kliknij w Fix. Przeskanuj programem Malwarebytes Anti-Malware https://www.malwarebytes.org/downloads/
    Podczas instalacji usuń zaznaczenie przy Uruchom okres testowy Malwarebytes Anti-Malware Premium.

    2
  • #9 21 Sie 2015 09:49
    Domino_2
    Pomocny dla użytkowników

    Cytat:

    SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-21-1730731496-1249537530-3085688557-1002 -> DefaultScope {5F3C9433-1D9B-4C48-9092-20889DC6E3F8} URL = hxxp://isearch.omiga-plus.com/web/?utm_source...LW3XXXXS1DHSLW3&ts=1422354500&type=default&q={searchTerms}
    SearchScopes: HKU\S-1-5-21-1730731496-1249537530-3085688557-1002 -> {5F3C9433-1D9B-4C48-9092-20889DC6E3F8} URL = hxxp://isearch.omiga-plus.com/web/?utm_source...LW3XXXXS1DHSLW3&ts=1422354500&type=default&q={searchTerms}
    SearchScopes: HKU\S-1-5-21-1730731496-1249537530-3085688557-1002 -> {E733165D-CBCF-4FDA-883E-ADEF965B476C} URL = hxxp://isearch.omiga-plus.com/web/?utm_source...LW3XXXXS1DHSLW3&ts=1422354500&type=default&q={searchTerms}
    BHO: WWowCoupOn -> {2B333802-3108-4547-B215-312694801292} -> C:\Program Files (x86)\WWowCoupOn\o01Uqpaq71NZOy.x64.dll No File
    BHO: WowCoupioN -> {5AB5D45E-3789-4082-A6FD-A848AF2C1193} -> C:\Program Files (x86)\WowCoupioN\SDVH6VIDDzxzna.x64.dll No File
    BHO: FIneDEaleSouFt -> {61E83196-8303-4198-8D46-EF1B2B2376DF} -> No File
    BHO: savvingtoyouu -> {EE04EA7D-91CE-489D-91D3-D4BE25DF6EBE} -> C:\Program Files (x86)\savvingtoyouu\1LcWEMigHtmMEV.x64.dll No File
    BHO-x32: No Name -> {61E83196-8303-4198-8D46-EF1B2B2376DF} -> No File
    BHO-x32: No Name -> {EE04EA7D-91CE-489D-91D3-D4BE25DF6EBE} -> No File
    CHR HKLM\...\Chrome\Extension: [dbhjdbfgekjfcfkkfjjmlmojhbllhbho] - https://chrome.google.com/webstore/detail/dbhjdbfgekjfcfkkfjjmlmojhbllhbho
    CHR HKLM-x32\...\Chrome\Extension: [dbhjdbfgekjfcfkkfjjmlmojhbllhbho] - https://chrome.google.com/webstore/detail/dbhjdbfgekjfcfkkfjjmlmojhbllhbho
    U4 klkbdflt2; \SystemRoot\system32\DRIVERS\klkbdflt2.sys [X]
    EmptyTemp:


    Wklej to do notatnika i zapisz pod nazwą fixlist.txt i umieść w folderze gdzie znajduje się plik FRST.exe, odpal go jako administrator i kliknij Fix.

    Na przyszłość załóż nowy temat zamiast podczepiać się pod czyjeś.

    1
  • #10 21 Sie 2015 10:21
    1923
    Poziom 2  

    Cytat:
    Na przyszłość załóż nowy temat zamiast podczepiać się pod czyjeś.


    Rozumiem. Po prostu uznałem, że skoro autor tematu nie pociągnął problemu, to warto było z nim ruszyć dalej, bo temat ma dobrą pozycję w Google i przyda się innym.

    Wygląda na to, że Chrome jest "czysty", a Mozilla pozostała zapaskudzona.

    Malwarebytes Anti-Malware podczas skanowania wykrył (screen niżej)
    DNS Unlocker - Jak usunąć
    W nazwie by się zgadzało.

    0
  • #11 21 Sie 2015 10:27
    Kolobos
    Spec od komputerów

    Usun, to dnsy z izraela.

    Chodzi o ten wpis:
    Tcpip\..\Interfaces\{ADB0A870-B5B5-4D3A-A206-3DE95FA43CDE}: [NameServer] 82.163.143.172,82.163.142.174

    4
  • #12 21 Sie 2015 10:36
    1923
    Poziom 2  

    Kolobos napisał:
    Usun, to dnsy z izraela.

    Chodzi o ten wpis:
    Tcpip\..\Interfaces\{ADB0A870-B5B5-4D3A-A206-3DE95FA43CDE}: [NameServer] 82.163.143.172,82.163.142.174


    Usunięte i DNS Unlocker pozostał wspomnieniem. Dzięki wielkie!

    1
  • #13 21 Sie 2015 11:27
    Domino_2
    Pomocny dla użytkowników

    1923 napisał:
    Rozumiem. Po prostu uznałem, że skoro autor tematu nie pociągnął problemu, to warto było z nim ruszyć dalej, bo temat ma dobrą pozycję w Google i przyda się innym.



    Chodzi o to, że każdy przypadek jest indywidualny bo każdy ma inną konfigurację i zainstalowane programy.

    1