Elektroda.pl
Elektroda.pl
X
CControls
Proszę, dodaj wyjątek www.elektroda.pl do Adblock.
Dzięki temu, że oglądasz reklamy, wspierasz portal i użytkowników.

Problem z reklamami Dns unlocker

dawid1416 02 Gru 2015 20:19 999 5
  • CControls
  • #2 02 Gru 2015 20:31
    Acorus 20
    Spec od komputerów

    Otwórz notatnik systemowy i wklej:

    Cytat:
    Task: {2EB6757D-1C4D-4D0D-A682-C18EAC7741F1} - System32\Tasks\psv_4smjtdm1 => cmd.exe /c regedit.exe /s "C:\ProgramData\Itstock\4kaqrcre.hqh.reg" &amp; del "C:\ProgramData\Itstock\4kaqrcre.hqh.reg" &amp; SCHTASKS /Delete /TN "psv_4smjtdm1" /F <==== UWAGA
    Task: {4A0E6A5F-EC84-493D-B95B-A8155738E14D} - System32\Tasks\{92849916-EDBE-4974-82E8-8C52C8C3DE25} => pcalua.exe -a C:\ProgramData\SaveItCoupons\SaveItCoupons.exe -c /progname=SaveItCoupons /progver=3.4.2 /progpub=SaveItCoupons /proguninstallurl=asdahjka.com /deleteappfolder=0 /VERYSILENT
    Task: {5D0BA71E-36EE-43D2-9F5C-56B0286948EF} - System32\Tasks\{7FBF7064-C3B1-4037-8723-BFD136426F81} => pcalua.exe -a C:\Users\Dawid\AppData\Roaming\omiga-plus\UninstallManager.exe -c -ptid=cor <==== UWAGA
    Task: {A2790FDE-8E1B-4F0C-8964-A212ADE8DFB4} - System32\Tasks\{FA84C581-71A7-49BD-8E34-840F8EE40828} => pcalua.exe -a C:\Users\Dawid\AppData\Roaming\istartpageing\UninstallManager.exe -c -ptid=cor
    Task: {AFD1894E-117F-45F1-A9EA-5AE8566310CF} - System32\Tasks\psv_i331vds4 => cmd.exe /c regedit.exe /s "C:\ProgramData\Itstock\lviwsqig.scy.reg" &amp; del "C:\ProgramData\Itstock\lviwsqig.scy.reg" &amp; SCHTASKS /Delete /TN "psv_i331vds4" /F <==== UWAGA
    Task: {F7C2E0EA-9049-40C6-ADA8-E1E30E1E21A8} - System32\Tasks\psv_31ogbvzc => cmd.exe /c regedit.exe /s "C:\ProgramData\Itstock\iqzq3z0v.ep1.reg" &amp; del "C:\ProgramData\Itstock\iqzq3z0v.ep1.reg" &amp; SCHTASKS /Delete /TN "psv_31ogbvzc" /F <==== UWAGA
    AppInit_DLLs: C:\ProgramData\Itstock\Math-La.dll => Brak pliku
    AppInit_DLLs-x32: c:\programdata\itstock\treeron.dll => Brak pliku
    GroupPolicy: Ograniczenia - Chrome <======= UWAGA
    CHR HKLM\SOFTWARE\Policies\Google: Ograniczenia <======= UWAGA
    CHR HKU\S-1-5-21-2637786726-3842444097-10212640-1000\SOFTWARE\Policies\Google: Ograniczenia <======= UWAGA
    Tcpip\..\Interfaces\{353FD05D-BCE2-453B-9BD0-12F8DD381AB2}: [DhcpNameServer] 199.203.131.151
    SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKLM-x32 -> DefaultScope {ielnksrch} URL =
    2015-12-02 20:01 - 2015-12-02 20:02 - 00000000 ____D C:\AdwCleaner
    2015-12-02 13:25 - 2015-12-02 13:25 - 00003164 _____ C:\Windows\System32\Tasks\{FA84C581-71A7-49BD-8E34-840F8EE40828}
    EmptyTemp:


    Plik zapisz pod nazwą fixlist.txt i umieść obok FRST w tym samym folderze.
    Uruchom jako administrator FRST i kliknij w Fix/Napraw.

    0
  • CControls
  • #3 02 Gru 2015 20:52
    dawid1416
    Poziom 2  

    pomogło,dziękuje

    0
  • #4 03 Gru 2015 09:21
    Acorus 20
    Spec od komputerów

    Skasuj folder C:\FRST.

    0
  • #6 01 Cze 2016 13:11
    krzychupar
    Poziom 40  

    Odinstaluj:
    BitGuard (HKLM-x32\...\{15D2D75C-9CB2-4efd-BAD7-B9B4CB4BC693}) (Version: - MediaTechSoft Inc.) <==== UWAGA
    DivX Browser Bar Toolbar for IE (HKLM-x32\...\IECT3288691) (Version: 6.17.2.8 - DivX Browser Bar) <==== UWAGA
    Image Editor Packages (HKU\S-1-5-21-1996943032-2025118078-607771130-1000\...\Image Editor Packages) (Version: - ) <==== UWAGA
    Mobogenie (HKLM-x32\...\Mobogenie) (Version: - Mobogenie.com) <==== UWAGA
    Update for PriceFountain (HKU\S-1-5-21-1996943032-2025118078-607771130-1000\...\Price Fountain) (Version: - Update for PriceFountain) <==== UWAGA

    Otwórz notatnik i wklej:
    Task: {0373268A-47FE-41FB-98EB-CAA7FF559DC3} - System32\Tasks\{9C3B7205-5AD5-21B3-55CD-F1047F4DDC03} => Regsvr32.exe /s /n /i:"/rt" "C:\PROGRA~3\ec3c7ace\a18a07c2.dll" <==== UWAGA
    Task: {130BE639-7895-4A2B-87D7-C639FD11A89B} - System32\Tasks\Price Fountain => C:\Users\Damian\AppData\Roaming\PriceFountain\UpdateProc\UpdateTask.exe [2015-11-27] () <==== UWAGA
    Task: {14FAC55A-F521-4832-879F-487A4E0D27EF} - System32\Tasks\BackgroundContainer Startup Task => Rundll32.exe "C:\Users\Damian\AppData\Local\Conduit\BackgroundContainer\BackgroundContainer.dll",DllRun <==== UWAGA
    Task: {306A9D2C-BA53-493A-A7C8-A8C6A86EEB0B} - System32\Tasks\{F7A6D2B1-48A4-4FB3-BA9A-5B7A6FBAD3A1} => pcalua.exe -a C:\Users\Damian\Downloads\KYOCERA_KX_UPD_V5_0_x64_EN.exe -d C:\Users\Damian\Downloads
    Task: {3D5B0D6F-8E83-447F-A991-310929BEBA8A} - System32\Tasks\OverflowingAccomplisV2 => Rundll32.exe GallimaufriesGolly.dll,main 7 1 <==== UWAGA
    Task: {A59BAB21-A5B2-48CF-82F2-EF45004B0777} - System32\Tasks\Digital Sites => C:\Users\Damian\AppData\Roaming\DigitalSites\UpdateProc\UpdateTask.exe [2013-04-12] () <==== UWAGA
    Task: {EC59AB45-EB64-400A-8078-94C8D6C763D7} - System32\Tasks\{BF547F87-078C-42C8-BE9D-8AA9A829D915} => pcalua.exe -a "C:\Users\Damian\Downloads\Shockwave_Installer_Slim (1).exe" -d C:\Users\Damian\Downloads
    Task: C:\Windows\Tasks\Digital Sites.job => C:\Users\Damian\AppData\Roaming\DIGITA~1\UPDATE~1\UPDATE~1.EXE <==== UWAGA
    Task: C:\Windows\Tasks\Price Fountain.job => C:\Users\Damian\AppData\Roaming\PRICEF~1\UPDATE~1\UPDATE~1.EXE <==== UWAGA
    ShortcutWithArgument: C:\Users\Damian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://start.qone8.com/?type=sc&ts=138372...cor&uid=STM3500418AS_9VM2K31CXXXX9VM2K31C
    ShortcutWithArgument: C:\Users\Damian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://start.qone8.com/?type=sc&ts=138372...cor&uid=STM3500418AS_9VM2K31CXXXX9VM2K31C




    ShortcutWithArgument: C:\Users\Damian\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> hxxp://start.qone8.com/?type=sc&ts=138372...cor&uid=STM3500418AS_9VM2K31CXXXX9VM2K31C
    ShortcutWithArgument: C:\Users\Damian\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> hxxp://start.qone8.com/?type=sc&ts=138372...cor&uid=STM3500418AS_9VM2K31CXXXX9VM2K31C
    ShortcutWithArgument: C:\Users\Damian\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Opera12.16 1860.lnk -> C:\Program Files\Opera x64\opera.exe (Opera Software) -> hxxp://start.qone8.com/?type=sc&ts=138372...cor&uid=STM3500418AS_9VM2K31CXXXX9VM2K31C
    ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> hxxp://start.qone8.com/?type=sc&ts=138372...cor&uid=STM3500418AS_9VM2K31CXXXX9VM2K31C
    ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera.lnk -> C:\Program Files\Opera x64\opera.exe (Opera Software) -> hxxp://start.qone8.com/?type=sc&ts=138372...cor&uid=STM3500418AS_9VM2K31CXXXX9VM2K31C
    ShortcutWithArgument: C:\Users\Public\Desktop\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> hxxp://start.qone8.com/?type=sc&ts=138372...cor&uid=STM3500418AS_9VM2K31CXXXX9VM2K31C
    ShortcutWithArgument: C:\Users\Public\Desktop\Opera.lnk -> C:\Program Files\Opera x64\opera.exe (Opera Software) -> hxxp://start.qone8.com/?type=sc&ts=138372...cor&uid=STM3500418AS_9VM2K31CXXXX9VM2K31C
    2014-01-22 12:36 - 2014-01-22 12:35 - 00061440 _____ () C:\Program Files (x86)\Mobogenie\Device.dll
    2014-01-22 12:36 - 2014-01-22 12:35 - 00471040 _____ () C:\Program Files (x86)\Mobogenie\DCR.dll
    () C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
    () C:\Program Files (x86)\Mobogenie\DaemonProcess.exe
    CHR HKLM-x32\...\Chrome\Extension: [cekcjpgehmohobmdiikfnopibipmgnml] - C:\Users\Damian\AppData\Local\Google\Chrome\User Data\Default\Extensions\ <nie znaleziono>
    S2 WsysSvc; C:\ProgramData\eSafe\eGdpSvc.exe [X]
    S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
    S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
    S3 VGPU; System32\drivers\rdvgkmd.sys [X]
    2016-05-09 14:32 - 2016-05-09 14:32 - 00000000 ____D C:\ProgramData\04f1cd54-37a5-1
    2016-05-09 14:32 - 2016-05-09 14:32 - 00000000 ____D C:\ProgramData\04f1cd54-0513-0
    2016-05-09 14:27 - 2016-05-09 14:28 - 00000000 ____D C:\ProgramData\04f1cd54-2775-0
    2016-05-09 14:20 - 2016-05-09 14:27 - 00000000 ____D C:\ProgramData\0e46be01-72e1-0
    2016-05-05 19:20 - 2016-05-05 19:20 - 00000000 ____D C:\ProgramData\04f1cd54-64f5-1
    2016-05-05 19:20 - 2016-05-05 19:20 - 00000000 ____D C:\ProgramData\04f1cd54-31e1-0
    2016-06-01 12:14 - 2015-11-27 10:14 - 00000296 _____ C:\Windows\Tasks\Price Fountain.job
    2016-05-10 19:21 - 2016-04-15 17:06 - 00000000 ____D C:\ProgramData\ec3c7ace
    2016-05-09 14:27 - 2016-04-15 17:06 - 00003730 _____ C:\Windows\System32\Tasks\{9C3B7205-5AD5-21B3-55CD-F1047F4DDC03}
    2016-05-05 18:31 - 2016-04-30 18:44 - 00000000 ____D C:\ProgramData\0e46be01-51a3-0
    2016-05-05 18:31 - 2016-04-30 18:44 - 00000000 ____D C:\ProgramData\04f1cd54-7f55-0
    2016-05-05 18:31 - 2016-04-30 18:44 - 00000000 ____D C:\ProgramData\04f1cd54-5351-1
    HKLM-x32\...\Run: [mobilegeni daemon] => C:\Program Files (x86)\Mobogenie\DaemonProcess.exe [766656 2014-01-22] ()
    25118078-607771130-1000\...\MountPoints2: {a748766b-1076-11e3-ba30-980f8a294bb9} - I:\LGAutoRun.exe
    HKU\S-1-5-21-1996943032-2025118078-607771130-1000\...\MountPoints2: {b492bb84-e555-11e2-9fba-806e6f6e6963} - D:\setup.exe
    HKU\S-1-5-18\...\RunOnce: s: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => Brak pliku
    Startup: C:\ProgramData\MiTcpip\Parameters: [NameServer] 82.163.142.7 95.211.158.134
    Tcpip\..\Interfaces\{433ACBB3-8290-4C28-A3F6-9F74F46E4084}: [NameServer] 82.163.142.7 95.211.158.134
    Tcpip\..\Interfaces\{49EB2125-7F24-43A9-8BBA-2B898AED4BF7}: [NameServer] 82.163.142.7 95.211.158.134
    Tcpip\..\Interfaces\{B6FBBB81-5870-42E5-9065-B7F5CD9C6E79}: [NameServer] 82.163.142.7 95.211.158.134
    HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.qone8.com/?type=hp&ts=138372...cor&uid=STM3500418AS_9VM2K31CXXXX9VM2K31C
    HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://start.qone8.com/?type=hp&ts=138372...cor&uid=STM3500418AS_9VM2K31CXXXX9VM2K31C
    HKU\S-1-5-21-1996943032-2025118078-607771130-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.bing.com/?pc=COSP&ptag=G3A0B15BED265&conlogo=CT3210127
    HKU\S-1-5-21-1996943032-2025118078-607771130-1000\Software\Microsoft\Internet Explorer\Main,bProtector Start Page = hxxp://www1.delta-search.com/?babsrc=HP_ss&am...C7C243C20073FDB&affID=119357&tsp=4949
    SearchScopes: HKLM -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://start.qone8.com/web/?type=ds&ts=13...;uid=STM3500418AS_9VM2K31CXXXX9VM2K31C&q={searchTerms}
    SearchScopes: HKLM -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://start.qone8.com/web/?type=ds&ts=13...;uid=STM3500418AS_9VM2K31CXXXX9VM2K31C&q={searchTerms}
    SearchScopes: HKLM-x32 -> DefaultScope {B09E63C8-810A-4895-9239-99EE3C60A704} URL =
    SearchScopes: HKLM-x32 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://start.qone8.com/web/?type=ds&ts=13...;uid=STM3500418AS_9VM2K31CXXXX9VM2K31C&q={searchTerms}
    SearchScopes: HKU\S-1-5-21-1996943032-2025118078-607771130-1000 -> DefaultScope {B09E63C8-810A-4895-9239-99EE3C60A704} URL = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3288691&CUI=UN28224849349239262&UM=2
    SearchScopes: HKU\S-1-5-21-1996943032-2025118078-607771130-1000 -> bProtectorDefaultScope {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
    SearchScopes: HKU\S-1-5-21-1996943032-2025118078-607771130-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?pc=COSP&ptag=G...&form=CONBDF&conlogo=CT3210127&q={searchTerms}
    SearchScopes: HKU\S-1-5-21-1996943032-2025118078-607771130-1000 -> {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = hxxp://www1.delta-search.com/?q={searchTerms}&babsrc=SP_ss&mntrId=FC7C243C20073FDB&affID=119357&tsp=4949
    SearchScopes: HKU\S-1-5-21-1996943032-2025118078-607771130-1000 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://start.qone8.com/web/?type=ds&ts=13...;uid=STM3500418AS_9VM2K31CXXXX9VM2K31C&q={searchTerms}
    SearchScopes: HKU\S-1-5-21-1996943032-2025118078-607771130-1000 -> {B09E63C8-810A-4895-9239-99EE3C60A704} URL = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3288691&CUI=UN28224849349239262&UM=2
    BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
    BHO-x32: DB Browser Bar Toolbar -> {77e8143b-6759-416e-b521-82cfed75150b} -> C:\Users\Damian\AppData\LocalLow\DivX_Browser_Bar\prxtbDiv2.dll [2014-09-23] (ClientConnect Ltd.)
    BHO-x32: Brak nazwy -> {95B7759C-8C7F-4BF1-B163-73684A933233} -> Brak pliku
    Toolbar: HKLM-x32 - DB Browser Bar Toolbar - {77e8143b-6759-416e-b521-82cfed75150b} - C:\Users\Damian\AppData\LocalLow\DivX_Browser_Bar\prxtbDiv2.dll [2014-09-23] (ClientConnect Ltd.)
    Toolbar: HKU\S-1-5-21-1996943032-2025118078-607771130-1000 -> Brak nazwy - {77E8143B-6759-416E-B521-82CFED75150B} - Brak pliku
    StartMenuInternet: IEXPLORE.EXE - C:\Program Files\Internet Explorer\iexplore.exe hxxp://start.qone8.com/?type=sc&ts=138372...cor&uid=STM3500418AS_9VM2K31CXXXX9VM2K31C
    EmptyTemp:

    Plik zapisz pod nazwą fixlist.txt i umieść w folderze gdzie znajduje się FRST.exe
    Uruchom FRST i kliknij w Fix/Napraw.

    0