Elektroda.pl
Elektroda.pl
X
CControls
Proszę, dodaj wyjątek www.elektroda.pl do Adblock.
Dzięki temu, że oglądasz reklamy, wspierasz portal i użytkowników.

DNSunlocker - jak się tego pozbyć

agutka2322 25 Sie 2015 14:34 717 4
  • CControls
  • Pomocny post
    #2 25 Sie 2015 17:23
    Acorus 20
    Spec od komputerów

    Odinstaluj GS.Supporter 1.80, Red AdBlocker, Updater Service. Otwórz notatnik systemowy i wklej:

    Cytat:
    Task: {04FF3862-E4E6-42A8-A891-3756AD222150} - System32\Tasks\Superclean => c:\programdata\{a1a4ec5b-ce8e-182c-a1a4-4ec5bce8b16f}\hqghumeaylnlf.exe [2014-08-16] (Super PC Tools Ltd) <==== UWAGA
    Task: {218954DA-FCF0-4AAD-82FE-0976ABCCD188} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-2838589005-2072240065-930408761-1000Core => C:\Users\Agata\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-02-04] (Facebook Inc.)
    Task: {805C919C-2067-4D57-96FD-CD5C62D1BFBF} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-2838589005-2072240065-930408761-1000UA => C:\Users\Agata\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-02-04] (Facebook Inc.)
    Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2838589005-2072240065-930408761-1000Core.job => C:\Users\Agata\AppData\Local\Facebook\Update\FacebookUpdate.exe
    Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2838589005-2072240065-930408761-1000UA.job => C:\Users\Agata\AppData\Local\Facebook\Update\FacebookUpdate.exe
    Task: C:\Windows\Tasks\Superclean.job => c:\programdata\{a1a4ec5b-ce8e-182c-a1a4-4ec5bce8b16f}\hqghumeaylnlf.exe <==== UWAGA
    AppInit_DLLs: C:\PROGRA~2\SupTab\SEARCH~2.DLL => C:\PROGRA~2\SupTab\SEARCH~2.DLL Plik nie znaleziono
    AppInit_DLLs-x32: C:\PROGRA~2\SupTab\SEARCH~1.DLL => "C:\PROGRA~2\SupTab\SEARCH~1.DLL" Plik nie znaleziono
    ShellIconOverlayIdentifiers: [GGDriveOverlay1] -> {E68D0A50-3C40-4712-B90D-DCFA93FF2534} => Brak pliku
    ShellIconOverlayIdentifiers: [GGDriveOverlay2] -> {E68D0A51-3C40-4712-B90D-DCFA93FF2534} => Brak pliku
    ShellIconOverlayIdentifiers: [GGDriveOverlay3] -> {E68D0A52-3C40-4712-B90D-DCFA93FF2534} => Brak pliku
    ShellIconOverlayIdentifiers: [GGDriveOverlay4] -> {E68D0A53-3C40-4712-B90D-DCFA93FF2534} => Brak pliku
    CHR HKLM\SOFTWARE\Policies\Google: Zasada ograniczeń <======= UWAGA
    HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.gboxapp.com/
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page =
    HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.sweet-page.com/web/?type=ds&ts...p;uid=ST9500325AS_5VEQFASJXXXX5VEQFASJ&q={searchTerms}
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page =
    HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
    HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.sweet-page.com/web/?type=ds&ts...p;uid=ST9500325AS_5VEQFASJXXXX5VEQFASJ&q={searchTerms}




    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
    SearchScopes: HKLM-x32 -> {BB74DE59-BC4C-4172-9AC4-73315F71CFFE} URL = hxxp://websearch.toolksearchbook.info/?l=1&q={searchTerms}&pid=1481&r=2014/01/15&hid=5546147303943515208&lg=EN&cc=PL&unqvl=46
    SearchScopes: HKU\.DEFAULT -> {F341B7FF-B7B1-4A4C-98C0-0544DC06F765} URL = hxxp://services.zinio.com/search?s={searchTerms}&rf=sonyslices
    SearchScopes: HKU\S-1-5-21-2838589005-2072240065-930408761-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-21-2838589005-2072240065-930408761-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-21-2838589005-2072240065-930408761-1000 -> {B4A038D1-F6A2-4571-A46B-70513B9E9820} URL = hxxp://services.zinio.com/search?s={searchTerms}&rf=sonyslices
    SearchScopes: HKU\S-1-5-21-2838589005-2072240065-930408761-1000 -> {BB74DE59-BC4C-4172-9AC4-73315F71CFFE} URL = hxxp://websearch.toolksearchbook.info/?l=1&q={searchTerms}&pid=1481&r=2014/01/15&hid=5546147303943515208&lg=EN&cc=PL&unqvl=46
    BHO-x32: Brak nazwy -> {7a38e53c-e000-41e4-9b5a-47447db81c2b} -> Brak pliku
    BHO-x32: Brak nazwy -> {88803a01-4125-443b-b869-4062a160ceea} -> Brak pliku
    StartMenuInternet: IEXPLORE.EXE - C:\Program Files\Internet Explorer\iexplore.exe http://www.sweet-page.com/?type=sc&ts=140...=cor&uid=ST9500325AS_5VEQFASJXXXX5VEQFASJ
    FF DefaultSearchEngine,S: WebSearch
    FF DefaultSearchUrl: hxxp://websearch.toolksearchbook.info/?pid=14...p;lg=EN&cc=PL&unqvl=46&l=1&q=
    FF SearchEngineOrder.1,S: WebSearch
    FF SelectedSearchEngine,S: WebSearch
    FF HKLM-x32\...\Firefox\Extensions: [statuswinks@StatusWinks] - C:\Users\Agata\AppData\Roaming\Mozilla\Extensions\statuswinks@StatusWinks
    FF HKU\S-1-5-21-2838589005-2072240065-930408761-1000\...\Firefox\Extensions: [statuswinks@StatusWinks] - C:\Users\Agata\AppData\Roaming\Mozilla\Extensions\statuswinks@StatusWinks
    CHR Extension: (Воздушные шары) - C:\Users\Agata\AppData\Local\Google\Chrome\User Data\Default\Extensions\fkpdcmljomjdbddodmmclbkbjaadmcim [2015-08-24]
    CHR HKLM-x32\...\Chrome\Extension: [bicnnkjibmphdeigoodpjlcklcnaobdj] - C:\Program Files (x86)\TornTV.com\torntv10.crx <nie znaleziono>
    CHR HKLM-x32\...\Chrome\Extension: [hfimjncgpflkpkhbnnblhblobjjjhjhd] - C:\Program Files (x86)\qualitink\hfimjncgpflkpkhbnnblhblobjjjhjhd.crx <nie znaleziono>
    CHR HKLM-x32\...\Chrome\Extension: [hgojaaaiddhmiiakpejiklijbalpckih] - C:\Users\Agata\AppData\Roaming\StatusWinks\statuswinks.crx [2013-02-05]
    R2 IBUpdaterService; C:\ProgramData\IBUpdaterService\ibsvc.exe [592184 2013-03-25] ()
    R1 {291bfea4-019b-41de-a68d-736bec29b080}Gw64; C:\Windows\System32\drivers\{291bfea4-019b-41de-a68d-736bec29b080}Gw64.sys [48784 2015-02-25] (StdLib)
    R1 {50c078f1-4117-4aad-852a-0b3bbfb46b18}Gw64; C:\Windows\System32\drivers\{50c078f1-4117-4aad-852a-0b3bbfb46b18}Gw64.sys [61112 2014-04-24] (StdLib)
    R1 {7f21ea28-929b-4f19-b057-483d53f11b0d}w64; C:\Windows\System32\drivers\{7f21ea28-929b-4f19-b057-483d53f11b0d}w64.sys [48784 2015-03-08] (StdLib)
    R1 {8ec7a18b-bb06-4e8b-bc9b-34809b4a9468}Gw64; C:\Windows\System32\drivers\{8ec7a18b-bb06-4e8b-bc9b-34809b4a9468}Gw64.sys [48784 2015-02-24] (StdLib)
    S3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [X]
    2015-08-24 06:58 - 2015-08-24 12:10 - 00000000 ____D C:\Program Files (x86)\DNS Unlocker
    C:\ProgramData\dsgsdgdsgdsgw.pad
    EmptyTemp:


    Plik zapisz pod nazwą fixlist.txt i umieść obok FRST w tym samym folderze.
    Uruchom jako administrator FRST i kliknij w Fix. Pobierz i uruchom jako administrator AdwCleaner https://toolslib.net/downloads/finish/1/ Kliknij Scan i później Cleaning.

    1
  • CControls
  • #3 25 Sie 2015 20:12
    agutka2322
    Poziom 2  

    Niestety nic nie pomogło

    0
  • Pomocny post
    #4 25 Sie 2015 20:14
    Acorus 20
    Spec od komputerów

    Pokaż nowe logi z FRST.

    1
  • #5 25 Sie 2015 20:50
    agutka2322
    Poziom 2  

    Już wszystko dobrze, trochę pokombinowałam z tym chrome i po kilku zmianach + zainstalowanie od nowa pozbyłam się przykrego problemu. Dziękuję bardzo za pomoc

    0