Elektroda.pl
Elektroda.pl
X
Proszę, dodaj wyjątek www.elektroda.pl do Adblock.
Dzięki temu, że oglądasz reklamy, wspierasz portal i użytkowników.

Wyskakujące reklamy - dns unlocker

PetamanV8 07 Gru 2015 18:56 684 1
  • #2 07 Gru 2015 19:45
    Acorus 20
    Spec od komputerów

    Odinstaluj DAEMON Tools Toolbar, Facebook for Chrome Plus, LibraryModule, oursurfing uninstall, SpyHunter 4. Otwórz notatnik systemowy i wklej:

    Cytat:
    Task: {27A4556F-8D79-4CC3-B5AE-AB21FE2EDF21} - System32\Tasks\Superclean => c:\programdata\{47d62649-3e19-e325-47d6-626493e19924}\hqghumeaylnlf.exe [2014-09-18] (Super PC Tools Ltd) <==== UWAGA
    Task: {A86906C8-B15F-49C7-842F-01EF57E3A8B5} - System32\Tasks\Bidaily Synchronize Task[8da6] => c:\programdata\{03df09ef-172a-1932-03df-f09ef17227bc}\hqghumeaylnlf.exe [2014-08-15] (Super PC Tools Ltd) <==== UWAGA
    Task: C:\Windows\Tasks\Bidaily Synchronize Task[8da6].job => c:\programdata\{03df09ef-172a-1932-03df-f09ef17227bc}\hqghumeaylnlf.exe <==== UWAGA
    Task: C:\Windows\Tasks\Superclean.job => c:\programdata\{47d62649-3e19-e325-47d6-626493e19924}\hqghumeaylnlf.exe <==== UWAGA
    ShortcutWithArgument: C:\Users\Kamilosen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Intеrnеt Ехplоrеr.lnk -> C:\iexplore.bat () -> "hxxp://gotut.ru/?from=im3sng" <==== UWAGA
    ShortcutWithArgument: C:\Users\Kamilosen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Intеrnеt Ехplоrеr (Nо Аdd-оns).lnk -> C:\iexplore.bat () -> "hxxp://gotut.ru/?from=im3sng" <==== UWAGA
    ShortcutWithArgument: C:\Users\Kamilosen\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Gооglе Сhrоmе.lnk -> C:\Program Files (x86)\Google\chrome.bat () -> "hxxp://gotut.ru/?from=im3sng" <==== UWAGA
    ShortcutWithArgument: C:\Users\Kamilosen\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Lаunсh Intеrnеt Ехplоrеr Вrоwsеr.lnk -> C:\iexplore.bat () -> "hxxp://gotut.ru/?from=im3sng" <==== UWAGA
    ShortcutWithArgument: C:\Users\Kamilosen\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Gооglе Сhrоmе.lnk -> C:\Program Files (x86)\Google\chrome.bat () -> "hxxp://gotut.ru/?from=im3sng" <==== UWAGA
    ShortcutWithArgument: C:\Users\Kamilosen\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Оpеrа.lnk -> C:\launcher.bat () -> "hxxp://gotut.ru/?from=im3sng" <==== UWAGA
    ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome\Gооglе Сhrоmе.lnk -> C:\Program Files (x86)\Google\chrome.bat () -> "hxxp://gotut.ru/?from=im3sng" <==== UWAGA
    ShortcutWithArgument: C:\Users\Public\Desktop\Gооglе Сhrоmе.lnk -> C:\Program Files (x86)\Google\chrome.bat () -> "hxxp://gotut.ru/?from=im3sng" <==== UWAGA
    ShortcutWithArgument: C:\Users\Public\Desktop\Worms 4 Mayhem.lnk -> I:\Worms 4 Mayhem\launcher.exe (Team17 Software Ltd) -> hxxp://www.oursurfing.com/?type=sc&ts=143...1w2b&from=exp1&uid=ST380011A_4JV6P6B0 <==== UWAGA




    AlternateDataStreams: C:\ProgramData:NT
    AlternateDataStreams: C:\ProgramData:NT2
    AlternateDataStreams: C:\Users\All Users:NT
    AlternateDataStreams: C:\Users\All Users:NT2
    AlternateDataStreams: C:\ProgramData\.rdata:X
    AlternateDataStreams: C:\ProgramData\Application Data:NT
    AlternateDataStreams: C:\ProgramData\Application Data:NT2
    AlternateDataStreams: C:\ProgramData\Dane aplikacji:NT
    AlternateDataStreams: C:\ProgramData\Dane aplikacji:NT2
    AlternateDataStreams: C:\ProgramData\MTA San Andreas All:NT
    AlternateDataStreams: C:\ProgramData\MTA San Andreas All:NT2
    AlternateDataStreams: C:\Users\Kamilosen\Dane aplikacji:NT
    AlternateDataStreams: C:\Users\Kamilosen\Dane aplikacji:NT2
    AlternateDataStreams: C:\Users\Kamilosen\AppData\Roaming:NT
    AlternateDataStreams: C:\Users\Kamilosen\AppData\Roaming:NT2
    GroupPolicy: Ograniczenia - Chrome <======= UWAGA
    CHR HKU\S-1-5-21-1944184863-2838882318-4009480048-1000\SOFTWARE\Policies\Google: Ograniczenia <======= UWAGA
    Tcpip\..\Interfaces\{CC8DB54F-3E18-4B20-8107-78C9AD84B0D9}: [NameServer] 199.203.131.151 82.163.143.181
    HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Ograniczenia <======= UWAGA
    HKU\S-1-5-21-1944184863-2838882318-4009480048-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Ograniczenia <======= UWAGA
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.oursurfing.com/web/?type=ds&ts...p;from=exp1&uid=ST380011A_4JV6P6B0&q={searchTerms}
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.oursurfing.com/?type=hp&ts=143...1w2b&from=exp1&uid=ST380011A_4JV6P6B0
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.oursurfing.com/web/?type=ds&ts...p;from=exp1&uid=ST380011A_4JV6P6B0&q={searchTerms}
    HKU\S-1-5-21-1944184863-2838882318-4009480048-1000\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://yamdex.net/?searchid=1&l10n=ru&fromsearch=1&im&text={searchTerms}
    SearchScopes: HKU\S-1-5-21-1944184863-2838882318-4009480048-1000 -> DefaultScope {2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
    SearchScopes: HKU\S-1-5-21-1944184863-2838882318-4009480048-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.oursurfing.com/web/?utm_source=b&a...6B0&ts=1438011727&type=default&q={searchTerms}
    SearchScopes: HKU\S-1-5-21-1944184863-2838882318-4009480048-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3C} URL = hxxp://www.oursurfing.com/web/?utm_source=b&a...6B0&ts=1438011727&type=default&q={searchTerms}
    SearchScopes: HKU\S-1-5-21-1944184863-2838882318-4009480048-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3D} URL = hxxp://www.oursurfing.com/web/?utm_source=b&a...6B0&ts=1438011727&type=default&q={searchTerms}
    SearchScopes: HKU\S-1-5-21-1944184863-2838882318-4009480048-1000 -> {2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
    SearchScopes: HKU\S-1-5-21-1944184863-2838882318-4009480048-1000 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.oursurfing.com/web/?utm_source=b&a...6B0&ts=1438011727&type=default&q={searchTerms}
    SearchScopes: HKU\S-1-5-21-1944184863-2838882318-4009480048-1000 -> {AD22EBAF-0D18-4fc7-90CC-5EA0ABBE9EB8} URL = hxxp://www.oursurfing.com/web/?utm_source=b&a...6B0&ts=1438011727&type=default&q={searchTerms}
    SearchScopes: HKU\S-1-5-21-1944184863-2838882318-4009480048-1000 -> {E733165D-CBCF-4FDA-883E-ADEF965B476C} URL = hxxp://www.oursurfing.com/web/?utm_source=b&a...6B0&ts=1438011727&type=default&q={searchTerms}
    Toolbar: HKU\S-1-5-21-1944184863-2838882318-4009480048-1000 -> DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar64.dll [2010-03-25] ()
    DefaultPrefix-x32: => http://yamdex.net/?searchid=1&l10n=ru&fromsearch=1&im&text= <==== UWAGA
    CHR HomePage: Profile 1 -> hxxp://www.oursurfing.com/?type=hp&ts=143...1w2b&from=exp1&uid=ST380011A_4JV6P6B0
    R2 Flat Cut; C:\Program Files (x86)\Flat Cut\Flat Cut.exe [8016555 2015-07-23] () [Brak podpisu cyfrowego] <==== UWAGA
    R1 {06ac6bbd-7425-4566-8546-4008fe0eb6b1}w64; C:\Windows\System32\drivers\{06ac6bbd-7425-4566-8546-4008fe0eb6b1}w64.sys [48784 2015-06-01] (StdLib)
    R1 {e01f243d-3dd9-4978-bbc5-bfc91d704535}Gw64; C:\Windows\System32\drivers\{e01f243d-3dd9-4978-bbc5-bfc91d704535}Gw64.sys [48784 2015-03-09] (StdLib)
    U3 aqz5uy75; C:\Windows\System32\Drivers\aqz5uy75.sys [0 ] (Microsoft Corporation) <==== UWAGA (zerobajtowy plik/folder)
    S3 catchme; \??\C:\ComboFix\catchme.sys [X]
    S3 FairplayKD; \??\C:\ProgramData\MTA San Andreas All\Common\temp\FairplayKD.sys [X]
    S1 QMUdisk; \??\C:\Program Files (x86)\Tencent\QQPCMgr\10.9.16349.225\QMUdisk64.sys [X]
    S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
    S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
    S3 VGPU; System32\drivers\rdvgkmd.sys [X]
    2015-12-03 21:25 - 2015-12-03 21:25 - 00000000 _____ C:\autoexec.bat
    2015-12-03 21:22 - 2015-12-03 21:22 - 03237248 _____ (Enigma Software Group USA, LLC.) C:\Users\Kamilosen\Downloads\sh-remover.exe
    2015-12-03 19:13 - 2015-12-07 18:01 - 00000000 ____D C:\Qoobox
    2015-12-03 19:13 - 2011-06-26 07:45 - 00256000 _____ C:\Windows\PEV.exe
    2015-12-03 19:13 - 2010-11-07 18:20 - 00208896 _____ C:\Windows\MBR.exe
    2015-12-03 19:13 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
    2015-12-03 19:13 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
    2015-12-03 19:13 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
    2015-12-03 19:13 - 2000-08-31 01:00 - 00098816 _____ C:\Windows\sed.exe
    2015-12-03 19:13 - 2000-08-31 01:00 - 00080412 _____ C:\Windows\grep.exe
    2015-12-03 19:13 - 2000-08-31 01:00 - 00068096 _____ C:\Windows\zip.exe
    2015-12-03 19:06 - 2015-12-07 17:48 - 05640425 ____R (Swearware) C:\Users\Kamilosen\Downloads\ComboFix.exe
    EmptyTemp:


    Plik zapisz pod nazwą fixlist.txt i umieść obok FRST w tym samym folderze.
    Uruchom jako administrator FRST i kliknij w Fix/Napraw.
    Pobierz i uruchom jako administrator AdwCleaner https://toolslib.net/downloads/finish/1/ Kliknij Scan i później Cleaning.
    Odinstaluj Chrome zaznaczając usunięcie danych przeglądania za pomocą Geek Uninstaller Free: http://www.geekuninstaller.com/geek.zip
    Najpierw możesz wyeksportować zakładki: https://support.google.com/chrome/answer/96816?hl=pl
    Później zainstaluj: https://www.google.pl/chrome/browser/desktop/

    0