Elektroda.pl
Elektroda.pl
X
Proszę, dodaj wyjątek www.elektroda.pl do Adblock.
Dzięki temu, że oglądasz reklamy, wspierasz portal i użytkowników.

DNS Unlocker - Jak usunąć?

SLU06 26 Sie 2015 12:35 1074 4
  • #1 26 Sie 2015 12:35
    SLU06
    Poziom 6  

    Witam, zwracam się z podobną prośbą rozwiązania problemu. Próbowałem AdwCleaner, ale po skanowaniu i naprawie, dalej są reklamy.

    0 4
  • Pomocny post
    #2 26 Sie 2015 12:59
    Kolobos
    Spec od komputerów

    Wymagane sa logi z FRST, co zapewne widzisz, w pozostalych watkach.

    1
  • Pomocny post
    #4 26 Sie 2015 13:17
    Kolobos
    Spec od komputerów

    Odinstaluj:
    DNS Unlocker version 1.3 (HKLM-x32\...\{E1527582-8509-4011-B922-29E3FB548882}_is1) (Version: 1.3 - www.vidcreek.tv) <==== UWAGA
    PageRank (HKLM-x32\...\{6C998B44-82D8-CC7E-D847-4CD73036412A}) (Version: - "") <==== UWAGA
    YAC(Yet Another Cleaner!) (HKLM-x32\...\iSafe) (Version: 6.6.216 - ELEX DO BRASIL PARTICIPAÇÕES LTDA) <==== UWAGA

    Uzyj AdwCleaner, opcja Szukaj i Usun.

    Obok frst.exe utworz plik fixlist.txt z zawartoscia:
    CloseProcess:
    Task: {010A284F-3321-4C95-8450-748D0251AC05} - \YTDownloaderUpd -> Brak pliku <==== UWAGA
    Task: {8572F74E-0131-4E75-8C96-B736B583C1A9} - System32\Tasks\UNELEVATE_10309 => C:\Program Files (x86)\ShopperPro\JSDriver\1.42.1.2351\jsdrv.exe <==== UWAGA
    Task: {E020AEA7-41C7-40FE-89E6-9D8970546A19} - \Inst_Rep -> Brak pliku <==== UWAGA
    Task: {FDB1CF4E-ED90-4331-868A-F3D611FE2F48} - System32\Tasks\SPBIW_UpdateTask_Time_333230333739353132372d3437415a556c2a3223346c41 => Wscript.exe //B "C:\ProgramData\ShopperPro\spbihe.js" spbiu.exe /invoke /f:check_services /l:0 <==== UWAGA
    Task: C:\Windows\Tasks\Superclean.job => c:\programdata\{2a9902f5-751f-a7cd-2a99-902f57510bd5}\hqghumeaylnlf.exe <==== UWAGA
    (Elex do Brasil Participações Ltda) D:\Program Files\Elex-tech\YAC\iSafeSvc.exe
    (Elex do Brasil Participações Ltda) D:\Program Files\Elex-tech\YAC\iSafeSvc2.exe
    () C:\Program Files (x86)\00000000-1440284752-0000-0000-D43D7E4ED2C9\hnsjA352.tmp
    () C:\Program Files (x86)\Immense Department\Immense Department.exe
    (Elex do Brasil Participações Ltda) D:\Program Files\Elex-tech\YAC\iSafeTray.exe
    (start) C:\Users\Kocham Anie\AppData\Roaming\start.exe
    () C:\Program Files (x86)\00000000-1440284752-0000-0000-D43D7E4ED2C9\jnsj89B8.tmp
    HKLM\...\Run: [sqlservr] => wscript.exe //B "C:\Users\Kocham Anie\AppData\Roaming\sqlservr.vbs"
    HKU\S-1-5-21-1028690365-3209877844-3244365340-1000\...\Run: [sqlservr] => wscript.exe //B "C:\Users\Kocham Anie\AppData\Roaming\sqlservr.vbs"
    Startup: C:\Users\Kocham Anie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\PowerReg Scheduler.exe [2015-08-02] ()
    Startup: C:\Users\Kocham Anie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\sqlservr.vbs [2015-08-09] ()
    Startup: C:\Users\Kocham Anie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Start.lnk [2015-08-11]
    ShortcutTarget: Start.lnk -> C:\Users\Kocham Anie\AppData\Roaming\start.exe (start)
    GroupPolicy: Zasady grupy Chrome wykryto <======= UWAGA
    CHR HKLM\SOFTWARE\Policies\Google: Zasada ograniczeń <======= UWAGA
    CHR HKU\S-1-5-21-1028690365-3209877844-3244365340-1000\SOFTWARE\Policies\Google: Zasada ograniczeń <======= UWAGA
    HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Zasada ograniczeń <======= UWAGA




    HKU\S-1-5-21-1028690365-3209877844-3244365340-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Zasada ograniczeń <======= UWAGA
    BHO-x32: Brak nazwy -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> Brak pliku
    Toolbar: HKU\S-1-5-21-1028690365-3209877844-3244365340-1000 -> Brak nazwy - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - Brak pliku
    Tcpip\..\Interfaces\{C7BA9CDC-BBE2-4ABB-91DC-919DFF2203E5}: [NameServer] 199.203.131.150,82.163.143.168
    Tcpip\..\Interfaces\{DCA658E0-69A7-4F9F-818F-5F83AD0073E3}: [NameServer] 199.203.131.150,82.163.143.168
    CHR HKU\S-1-5-21-1028690365-3209877844-3244365340-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [kfecnpmgnlnbmipaogfhoacoioifjgko] - http://clients2.google.com/service/update2/crx
    CHR HKLM-x32\...\Chrome\Extension: [kfecnpmgnlnbmipaogfhoacoioifjgko] - http://clients2.google.com/service/update2/crx
    R2 fimevebo; C:\Program Files (x86)\00000000-1440284752-0000-0000-D43D7E4ED2C9\hnsjA352.tmp [137728 2015-08-23] () [Brak podpisu cyfrowego]
    R2 Immense Department; C:\Program Files (x86)\Immense Department\Immense Department.exe [8016248 2015-07-07] () [Brak podpisu cyfrowego] <==== UWAGA
    R2 iSafeService; D:\Program Files\Elex-tech\YAC\iSafeSvc.exe [118048 2015-04-16] (Elex do Brasil Participações Ltda)
    R2 jimocoso; C:\Program Files (x86)\00000000-1440284752-0000-0000-D43D7E4ED2C9\jnsj89B8.tmp [227328 2015-08-23] () [Brak podpisu cyfrowego]
    S2 MBAMScheduler; "\mbamscheduler.exe" [X]
    S2 Switch Off; ŕĎŠ\swoff.exe -service [X]
    S2 ziqusuce; C:\Program Files (x86)\00000000-1440284752-0000-0000-D43D7E4ED2C9\knst6ED2.tmpfs [X]
    R1 iSafeKrnl; D:\Program Files\Elex-tech\YAC\iSafeKrnl.sys [260856 2015-05-14] (Elex do Brasil Participações Ltda)
    S3 iSafeKrnlBoot; C:\Windows\System32\DRIVERS\iSafeKrnlBoot.sys [53568 2015-04-16] (Elex do Brasil Participações Ltda)
    R1 iSafeKrnlKit; D:\Program Files\Elex-tech\YAC\iSafeKrnlKit.sys [110112 2015-07-03] (Elex do Brasil Participações Ltda)
    R1 iSafeKrnlMon; D:\Program Files\Elex-tech\YAC\iSafeKrnlMon.sys [60808 2015-07-27] (Elex do Brasil Participações Ltda)
    R1 iSafeKrnlR3; D:\Program Files\Elex-tech\YAC\iSafeKrnlR3.sys [103904 2015-07-23] (Elex do Brasil Participações Ltda)
    R1 iSafeNetFilter; C:\Windows\System32\DRIVERS\iSafeNetFilter.sys [52392 2015-04-14] (Elex do Brasil Participações Ltda)
    S3 andnetadb; System32\Drivers\lgandnetadb.sys [X]
    S3 AndNetDiag; system32\DRIVERS\lgandnetdiag64.sys [X]
    S3 ANDNetModem; system32\DRIVERS\lgandnetmodem64.sys [X]
    S3 andnetndis; system32\DRIVERS\lgandnetndis64.sys [X]
    S3 catchme; \??\C:\ComboFix\catchme.sys [X]
    S3 cpuz134; \??\C:\Users\KOCHAM~1\AppData\Local\Temp\cpuz134\cpuz134_x64.sys [X]
    S3 ewusbmbb; system32\DRIVERS\ewusbwwan.sys [X]
    S3 ew_hwusbdev; system32\DRIVERS\ew_hwusbdev.sys [X]
    S3 ew_usbenumfilter; system32\DRIVERS\ew_usbenumfilter.sys [X]
    S3 huawei_enumerator; system32\DRIVERS\ew_jubusenum.sys [X]
    S3 hwdatacard; system32\DRIVERS\ewusbmdm.sys [X]
    S3 MBAMProtector; \??\C:\Windows\system32\drivers\mbam.sys [X]
    S3 MBAMWebAccessControl; \??\C:\Windows\system32\drivers\mwac.sys [X]
    S3 MSICDSetup; \??\F:\CDriver64.sys [X]
    S3 MSI_MSIBIOS_010507; \??\C:\Program Files (x86)\MSI\Live Update 5\msibios64_100507.sys [X]
    S3 NTIOLib_1_0_C; \??\F:\NTIOLib_X64.sys [X]
    S3 OSFMount; \??\D:\Program Files\Counter-Strike Global Offensive\image\x64\OSFMount.sys [X]
    S1 ppfd_vt_1_10_0_22; system32\drivers\ppfd_vt_1_10_0_22.sys [X]
    S1 qsafd_vt_1_10_0_20; system32\drivers\qsafd_vt_1_10_0_20.sys [X]
    S3 VBoxNetFlt; system32\DRIVERS\VBoxNetFlt.sys [X]
    S3 VGPU; System32\drivers\rdvgkmd.sys [X]
    S0 vmci; system32\DRIVERS\vmci.sys [X]
    S3 VMnetAdapter; system32\DRIVERS\vmnetadapter.sys [X]
    S3 WinRing0_1_2_0; \??\D:\Program Files\IObit\Game Booster 3\Driver\WinRing0x64.sys [X]
    2015-08-26 12:41 - 2015-08-26 12:41 - 00000000 ____D C:\Program Files (x86)\DNS Unlocker
    2015-08-26 11:39 - 2015-08-26 11:39 - 00000783 _____ C:\Users\Public\Desktop\YAC.lnk
    2015-08-26 11:39 - 2015-04-16 10:55 - 00053568 _____ (Elex do Brasil Participações Ltda) C:\Windows\system32\Drivers\iSafeKrnlBoot.sys
    2015-08-26 11:39 - 2015-04-14 11:01 - 00052392 _____ (Elex do Brasil Participações Ltda) C:\Windows\system32\Drivers\iSafeNetFilter.sys
    2015-08-23 12:32 - 2015-08-23 12:32 - 00000000 __SHD C:\found.000
    2015-08-23 07:35 - 2015-08-23 07:35 - 00042076 _____ C:\ComboFix.txt
    2015-08-23 01:11 - 2015-08-23 01:11 - 00003178 _____ C:\Windows\System32\Tasks\UNELEVATE_10309
    2015-08-23 01:07 - 2015-08-23 07:16 - 00000000 ____D C:\Users\Kocham Anie\AppData\Local\00000000-1440292047-0000-0000-D43D7E4ED2C9
    2015-08-23 01:06 - 2015-08-16 14:21 - 00000027 _____ C:\Windows\system32\Drivers\etc\hp.bak
    2015-08-23 01:05 - 2015-08-23 01:08 - 00000000 ____D C:\Program Files (x86)\00000000-1440284752-0000-0000-D43D7E4ED2C9
    2015-08-23 01:03 - 2015-08-23 22:26 - 00000000 ____D C:\Program Files\Common Files\ShopperPro
    2015-08-23 01:03 - 2015-08-23 01:03 - 00004262 _____ C:\Windows\System32\Tasks\SPBIW_UpdateTask_Time_333230333739353132372d3437415a556c2a3223346c41
    2015-08-23 00:16 - 2015-08-23 00:17 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\YAC
    2015-08-22 07:49 - 2015-08-23 22:26 - 00000000 ____D C:\ProgramData\{2a9902f5-751f-a7cd-2a99-902f57510bd5}
    2015-08-20 16:39 - 2015-08-20 17:25 - 00000000 ____D C:\ProgramData\2WinManPro2
    2015-08-20 16:39 - 2015-08-20 16:41 - 00000000 ____D C:\ProgramData\update
    2015-08-20 16:39 - 2015-08-20 16:40 - 00000000 ____D C:\Program Files (x86)\MiniLite
    2015-08-20 16:32 - 2015-08-23 02:40 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Smart Toolbar Remover
    2015-08-20 16:32 - 2015-08-23 00:16 - 00000000 ____D C:\Users\Kocham Anie\AppData\Roaming\Elex-tech
    2015-08-20 16:32 - 2015-08-20 16:32 - 00000000 ____D C:\Program Files (x86)\Smart PC Solutions
    2015-08-16 16:14 - 2015-08-26 00:53 - 00019968 _____ (newup) C:\Users\Kocham Anie\AppData\Roaming\newup.exe
    2015-08-16 14:11 - 2015-08-23 07:36 - 00000000 ____D C:\Qoobox
    2015-08-16 12:22 - 2015-08-16 12:22 - 00000000 ____D C:\ProgramData\9bd6420000004a61
    2015-08-16 11:27 - 2015-08-22 07:49 - 00000352 _____ C:\Windows\Tasks\Superclean.job
    2015-08-16 11:27 - 2015-08-20 19:59 - 00000000 ____D C:\ProgramData\{60eca8ae-ff63-34fe-60ec-ca8aeff6a2bb}
    2015-08-16 10:52 - 2015-08-26 11:39 - 00000000 ____D C:\AdwCleaner
    2015-08-15 22:32 - 2015-08-15 22:32 - 00000000 ____D C:\ProgramData\1a1bf5e500003ff1
    2015-08-15 22:31 - 2015-08-15 22:31 - 00000000 ____D C:\ProgramData\dc8e9e46000071f6
    2015-08-15 22:12 - 2015-08-15 22:12 - 00000000 ____D C:\ProgramData\836a967c00006f77
    2015-08-11 21:07 - 2015-08-11 21:07 - 00164864 _____ (start) C:\Users\Kocham Anie\AppData\Roaming\start.exe
    2015-08-10 12:19 - 2015-08-20 17:26 - 00000000 ____D C:\Program Files (x86)\ClipMonkey
    2015-08-10 12:18 - 2015-08-20 17:26 - 00000000 ____D C:\Program Files (x86)\BestSaveForYoou
    2015-08-09 11:52 - 2015-08-09 11:52 - 04680484 _____ C:\Users\Kocham Anie\AppData\Roaming\sqlservr.vbs
    2015-08-06 14:50 - 2015-08-06 14:50 - 00000000 ____D C:\ProgramData\cmegibcfjlbbhkminngmlggjcclljmdc
    2015-08-01 16:19 - 2015-08-01 16:19 - 00000000 ____D C:\ProgramData\jhiiekfglchlcpijhiienhaaijanecfl
    2015-08-01 10:55 - 2015-08-01 10:55 - 00000000 ____D C:\ProgramData\bkabjbjemfmnfgkbppghhnfdbbchoikb
    2015-07-31 21:40 - 2015-07-31 21:40 - 00000000 ____D C:\ProgramData\lodpaddjknbopnllinmjbmfmdgkhdmlh
    2015-08-20 19:59 - 2015-01-22 11:57 - 00000000 ____D C:\Program Files (x86)\Optimizer Pro 3.31
    2015-08-20 17:26 - 2015-07-26 10:49 - 00000000 ____D C:\ProgramData\5WinManPro5
    2015-08-20 17:26 - 2015-07-09 21:40 - 00000000 ____D C:\Program Files (x86)\tiopbeuyer
    2015-08-20 17:26 - 2015-07-05 11:04 - 00000000 ____D C:\Program Files (x86)\greatsaviing
    2015-08-20 17:26 - 2015-07-01 13:13 - 00000000 ____D C:\Program Files (x86)\Emoji Input
    2015-08-20 17:26 - 2015-06-11 22:20 - 00000000 ____D C:\Program Files (x86)\TicTaCCoupon
    2015-08-20 17:26 - 2015-06-09 03:56 - 00000000 ____D C:\Program Files (x86)\greeatsavInng
    2015-08-20 17:26 - 2015-06-09 03:56 - 00000000 ____D C:\Program Files (x86)\greatsAviNg
    2015-08-20 16:57 - 2015-07-09 21:40 - 00000000 ____D C:\Program Files (x86)\PageRank
    2015-08-20 16:57 - 2015-07-05 11:04 - 00000000 ____D C:\Program Files (x86)\Referer Control
    2015-08-16 16:14 - 2015-08-26 00:53 - 0019968 _____ (newup) C:\Users\Kocham Anie\AppData\Roaming\newup.exe
    2015-08-09 11:52 - 2015-08-09 11:52 - 4680484 _____ () C:\Users\Kocham Anie\AppData\Roaming\sqlservr.vbs
    2015-08-26 00:50 - 2015-08-26 00:50 - 0245760 _____ (SRS SRS @2015) C:\Users\Kocham Anie\AppData\Roaming\SRS.exe
    2015-08-11 21:07 - 2015-08-11 21:07 - 0164864 _____ (start) C:\Users\Kocham Anie\AppData\Roaming\start.exe
    EmptyTemp:

    W FRST wybierz Fix.

    1
  • #5 26 Sie 2015 14:12
    SLU06
    Poziom 6  

    Dzięki @Kolobos.
    Pomogło, na razie nie ma żadnych reklam.
    Temat do zamknięcia.
    DNS Unlocker - Jak usunąć?

    0