Elektroda.pl
Elektroda.pl
X
Proszę, dodaj wyjątek www.elektroda.pl do Adblock.
Dzięki temu, że oglądasz reklamy, wspierasz portal i użytkowników.

Dns - DNS UNLOCKER chrome

raywan1 13 Gru 2015 14:23 696 6
  • Pomocny post
    #2 13 Gru 2015 15:08
    Kolobos
    Spec od komputerów

    Odinstaluj:
    20Dollars2Surf 1.1 (HKLM\...\{1EE9BBA1-312F-4EC0-9DEA-A8FE22BBABAA}_is1) (Version: - Galactic Brothers LTD) <==== UWAGA
    FixMyRegistry (HKLM\...\FixMyRegistry) (Version: 38.1 - SmartTweak Software) <==== UWAGA
    HiJackThis (HKLM\...\{45A66726-69BC-466B-A7A4-12FCBA4883D7}) (Version: 1.0.0 - Trend Micro)
    Search Assistant SimpleSpeedy 1.74 (HKLM\...\SP_7699c875) (Version: - )
    Share YouTube Videos version 1 (HKLM\...\{55DAC5D1-B178-42B2-86A3-94A3E0B4F3DD}_is1) (Version: 1 - )
    SpyHunter 4 (HKLM\...\SpyHunter) (Version: 4.21.10.4584 - Enigma Software Group, LLC)
    Visual Basic Packages (HKU\S-1-5-21-1801862992-1426478454-3260467837-1000\...\Visual Basic Packages) (Version: - ) <==== UWAGA

    Uzyj AdwCleaner, opcja Scan i Clean/Szukaj i Usun: https://toolslib.net/downloads/viewdownload/1-adwcleaner/

    Obok frst.exe utworz plik fixlist.txt z zawartoscia:
    CustomCLSID: HKU\S-1-5-21-1801862992-1426478454-3260467837-1001_Classes\CLSID\{182FB546-8596-4CEF-9CB5-E9505BF7F628}\InprocServer32 -> C:\Users\UpdatusUser\AppData\Local\HHD Software\Hex Editor Neo\hhdhexneo.dll => Brak pliku
    CustomCLSID: HKU\S-1-5-21-1801862992-1426478454-3260467837-1001_Classes\CLSID\{31261F21-2B16-45EE-BEAB-07C4CFA18B65}\InprocServer32 -> C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll => Brak pliku
    CustomCLSID: HKU\S-1-5-21-1801862992-1426478454-3260467837-1001_Classes\CLSID\{444785F1-DE89-4295-863A-D46C3A781394}\InprocServer32 -> C:\Users\UpdatusUser\AppData\LocalLow\Unity\WebPlayer\loader\UnityWebPluginAX.ocx => Brak pliku
    CustomCLSID: HKU\S-1-5-21-1801862992-1426478454-3260467837-1001_Classes\CLSID\{6DB27B2E-87AC-4354-927A-AD711A0ED77E}\InprocServer32 -> C:\Users\UpdatusUser\AppData\Local\HHD Software\Hex Editor Neo\FileDocument.dll => Brak pliku
    CustomCLSID: HKU\S-1-5-21-1801862992-1426478454-3260467837-1001_Classes\CLSID\{A244CEC5-DB63-4ED9-B0D7-A0527C064113}\InprocServer32 -> C:\Users\UpdatusUser\AppData\Local\HHD Software\Hex Editor Neo\FileDocument.dll => Brak pliku
    CustomCLSID: HKU\S-1-5-21-1801862992-1426478454-3260467837-1001_Classes\CLSID\{AE1514A4-5D7D-4D1B-BC7F-320E6962B0DD}\InprocServer32 -> C:\Users\UpdatusUser\AppData\Local\HHD Software\Hex Editor Neo\FileDocument.dll => Brak pliku
    CustomCLSID: HKU\S-1-5-21-1801862992-1426478454-3260467837-1001_Classes\CLSID\{B845012A-F05A-4EC8-816D-B033183B9CA5}\InprocServer32 -> C:\Users\UpdatusUser\AppData\Local\HHD Software\Hex Editor Neo\hhdhexneo.dll => Brak pliku
    Task: {02A67AA6-F2BD-4325-B2C1-5B43928B0AEB} - System32\Tasks\TerminusDouble => c:\programdata\{0db779f0-d7d8-3622-0db7-779f0d7de7c3}\119888042293320946b.exe <==== UWAGA
    Task: {1A2CDA67-778F-4143-8F98-09B275D86594} - System32\Tasks\0 => Iexplore.exe <==== UWAGA
    Task: {474338E7-9AC7-4E04-A051-A48C1D10EAE7} - System32\Tasks\DearClear => c:\programdata\{4d8e7167-6f9c-1e84-4d8e-e71676f9c59d}\1109291818321600526c.exe <==== UWAGA




    Task: {502A04C9-67CD-4599-887E-63F1C4FA4508} - System32\Tasks\{CECAC7CE-8BFC-4BAC-B90F-881D505F5C87} => pcalua.exe -a E:\Thomson.exe -d E:\
    Task: {99D4F355-7116-458A-ADAF-D23AEF1FF0CE} - System32\Tasks\{30D274E3-FCFA-4A6A-B74F-C4293FB57500} => pcalua.exe -a "C:\Program Files\BlueStacks\HD-RuntimeUninstaller.exe"
    Task: {BCCF6385-8FBE-4266-94A5-AB7445C30640} - System32\Tasks\4807 => Wscript.exe C:\Users\Raywan\AppData\Local\Temp\launchie.vbs //B <==== UWAGA
    Task: {FFA34B2E-31B8-498D-AD85-AFBF654BECF1} - System32\Tasks\{E86536B4-A4B3-49B5-BF0A-CFBDDC771339} => pcalua.exe -a "D:\Pobrane\dotNetFx35setup (1).exe" -d D:\Pobrane
    Task: C:\Windows\Tasks\DearClear.job => c:\programdata\{4d8e7167-6f9c-1e84-4d8e-e71676f9c59d}\1109291818321600526c.exe <==== UWAGA
    Task: C:\Windows\Tasks\TerminusDouble.job => c:\programdata\{0db779f0-d7d8-3622-0db7-779f0d7de7c3}\119888042293320946b.exe <==== UWAGA
    AlternateDataStreams: C:\ProgramData\TEMP:373E1720
    AlternateDataStreams: C:\ProgramData\TEMP:6BE50C2B
    (TFuns LIMITED) C:\ProgramData\pWdMp\WdMan.exe
    HKLM\...\Run: [jafdeqiphm] => wscript.exe //B "C:\Users\Raywan\AppData\Local\Temp\jafdeqiphm..vbs" <===== UWAGA
    HKU\S-1-5-21-1801862992-1426478454-3260467837-1000\...\Run: [] => [X]
    HKU\S-1-5-21-1801862992-1426478454-3260467837-1000\...\Run: [jafdeqiphm] => wscript.exe //B "C:\Users\Raywan\AppData\Local\Temp\jafdeqiphm..vbs" <===== UWAGA
    HKU\S-1-5-21-1801862992-1426478454-3260467837-1000\...\MountPoints2: F - F:\INSTALL.EXE
    HKU\S-1-5-21-1801862992-1426478454-3260467837-1000\...\MountPoints2: {0d6d5d97-32c7-11e5-868a-d65f6e756415} - G:\HTC_Sync_Manager_PC.exe
    HKU\S-1-5-21-1801862992-1426478454-3260467837-1000\...\MountPoints2: {40d6619c-10b4-11e3-9142-001e690e5c4f} - G:\NokiaPCIA_Autorun.exe
    HKU\S-1-5-21-1801862992-1426478454-3260467837-1000\...\MountPoints2: {7ef4b2c8-6d3b-11e2-9e9e-806e6f6e6963} - E:\Pentagram.exe
    HKU\S-1-5-21-1801862992-1426478454-3260467837-1000\...\MountPoints2: {dba47edc-6df2-11e2-9e77-001e690e5c4f} - F:\setup.exe
    HKU\S-1-5-21-1801862992-1426478454-3260467837-1001\...\MountPoints2: F - F:\Setup.exe
    HKU\S-1-5-21-1801862992-1426478454-3260467837-1001\...\MountPoints2: {dba47edc-6df2-11e2-9e77-001e690e5c4f} - F:\Setup.exe
    Startup: C:\Users\Raywan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\jafdeqiphm..vbs [2013-08-26] ()
    CHR HKLM\SOFTWARE\Policies\Google: Ograniczenia <======= UWAGA
    CHR HKU\S-1-5-21-1801862992-1426478454-3260467837-1000\SOFTWARE\Policies\Google: Ograniczenia <======= UWAGA
    CHR HKU\S-1-5-21-1801862992-1426478454-3260467837-1001\SOFTWARE\Policies\Google: Ograniczenia <======= UWAGA
    Tcpip\Parameters: [NameServer] 199.203.131.145
    Tcpip\..\Interfaces\{18DEB5E7-A0FD-4FF9-A425-7D07E1B6EAD1}: [NameServer] 199.203.131.145
    Tcpip\..\Interfaces\{C54CE6A2-451C-44FC-B598-36AD86E3B906}: [NameServer] 199.203.131.145
    Tcpip\..\Interfaces\{C84434FA-6D3C-4C2F-BFC6-6F659E142380}: [NameServer] 199.203.131.145
    Toolbar: HKU\S-1-5-21-1801862992-1426478454-3260467837-1000 -> Brak nazwy - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - Brak pliku
    FF NewTab: hxxp://www.yoursites123.com/newtab/?type=nt&a...m=ient07021&uid=395049983_266035_8808FC6A
    FF Extension: Brak nazwy - C:\Users\Raywan\AppData\Roaming\Mozilla\Firefox\Profiles\ymx8gdbj.default\extensions\default_newtabff@gmail.com [nie znaleziono]
    FF Extension: Brak nazwy - C:\Users\Raywan\AppData\Roaming\Mozilla\Firefox\Profiles\ymx8gdbj.default\extensions\yahooprotected@gmail.com [nie znaleziono]
    StartMenuInternet: FIREFOX.EXE - C:\Program Files\Mozilla Firefox\firefox.exe hxxp://www.yoursites123.com/?type=sc&ts=1...m=ient07021&uid=395049983_266035_8808FC6A
    CHR StartupUrls: Default -> "hxxp://www.omniboxes.com/?type=hp&ts=1448527155&z=56b797cc214a09ce33a963cgdz8zeb0wfo8m7g8tfe&from=ient07021&uid=395049983_266035_8808FC6A"
    CHR HKLM\...\Chrome\Extension: [jbolfgndggfhhpbnkgnpjkfhinclbigj] - <Brak Path\update_url>
    S2 SpyHunter 4 Service; C:\Program Files\Enigma Software Group\SpyHunter\SH4Service.exe [784256 2015-12-11] (Enigma Software Group USA, LLC.)
    R2 WdMan; C:\ProgramData\pWdMp\WdMan.exe [333312 2015-12-04] (TFuns LIMITED) [Brak podpisu cyfrowego]
    S2 21a6d46d; "C:\Windows\system32\rundll32.exe" "c:\Program Files\SegmentEnhancer\SegmentEnhancer.dll",serv
    S3 esgiguard; C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [16432 2015-12-11] (Enigma Software Group USA, LLC.)
    S3 EsgScanner; C:\Windows\System32\DRIVERS\EsgScanner.sys [19984 2015-12-11] ()
    S0 cexlhuog; System32\drivers\yctlarr.sys [X]
    S3 EagleXNt; \??\C:\Windows\system32\drivers\EagleXNt.sys [X]
    2015-12-13 14:09 - 2015-12-13 14:13 - 00000000 ____D C:\AdwCleaner
    2015-12-11 00:08 - 2015-12-13 13:48 - 00001244 _____ C:\Users\Raywan\Desktop\SpyHunter.lnk
    2015-12-11 00:08 - 2015-12-11 00:08 - 00000000 ____D C:\Users\Raywan\AppData\Roaming\Enigma Software Group
    2015-12-11 00:08 - 2015-12-11 00:08 - 00000000 ____D C:\sh4ldr
    2015-12-11 00:07 - 2015-12-11 00:07 - 00019984 _____ C:\Windows\system32\Drivers\EsgScanner.sys
    2015-12-11 00:07 - 2015-12-11 00:07 - 00000000 ____D C:\Program Files\Enigma Software Group
    2015-12-10 23:30 - 2015-12-10 23:30 - 00000000 ____D C:\Users\Raywan\AppData\Roaming\eCyber
    2015-12-09 12:06 - 2015-12-09 12:07 - 00000000 ____D C:\ProgramData\pWdMp
    2015-12-09 12:05 - 2015-12-09 12:06 - 00000000 ____D C:\ProgramData\lWdMl
    2015-11-26 09:40 - 2015-12-09 12:06 - 00000074 _____ C:\ProgramData\{262E20B8-6E20-4CEF-B1FD-D022AB1085F5}.dat
    2015-12-13 13:15 - 2013-04-15 07:26 - 00000000 ____D C:\ProgramData\InstallMate
    2015-12-12 02:36 - 2015-07-24 01:36 - 00000356 _____ C:\Windows\Tasks\DearClear.job
    2015-12-12 02:36 - 2015-06-08 01:36 - 00000354 _____ C:\Windows\Tasks\TerminusDouble.job
    C:\Users\Raywan\Uninstall ModPack by DjVirusPL FULL 0.9.0 v6.exe
    EmptyTemp:

    W FRST wybierz Napraw.

    Zrob pelny skan przy pomocy Mbam i usun to co wykryje:
    http://www.bleepingcomputer.com/download/malwarebytes-anti-malware/

    Po wykonaniu zamiesc nowe logi z FRST, ze skanowania, przed skanowaniem odznacz w FRST opcje Internet w sekcji Filtroawanie.

    0
  • #4 13 Gru 2015 16:19
    Kolobos
    Spec od komputerów

    Uruchom menadzer urzadzen, wlacz pokazywanie ukrytych urzadzen i sprawdz czy wszstko wyglada poprawnie, w szczegolnosci czy nie masz np. wielu urzadzen Microsoft 6to4 Adapter.

    0
  • #7 13 Gru 2015 16:36
    raywan1
    Poziom 2  

    niestety ale ja mam 32bit system

    EDIT: już własnie pobrałem wersje zgodną z moim systemem, na razie wszystko działa bez zarzutów i nie wyskakują żadne strony z DNS unlocker, ale jeszcze proszę o nie zamykanie wątku, jak coś to się odezwe. A tobie Kolobos, dziękuje za pomoc bardzo!

    0