Elektroda.pl
Elektroda.pl
X
Proszę, dodaj wyjątek www.elektroda.pl do Adblock.
Dzięki temu, że oglądasz reklamy, wspierasz portal i użytkowników.

Jak usunąć DNS Unlocker? Logi FRST

noker6 15 Gru 2015 13:17 606 4
  • Pomocny post
    #2 15 Gru 2015 13:44
    Domino_2
    Pomocny dla użytkowników

    Odinstaluj SystemEnterprise i SystemHelp.

    Cytat:

    Task: {97D95861-0EC3-4413-9792-0E99F69B2F0D} - System32\Tasks\{139F5D64-D80B-4931-BFB0-01C72AD8B893} => Chrome.exe hxxp://ui.skype.com/ui/0/7.1.0.105/pl/abandon...all?source=lightinstaller&page=tsBing
    Task: {DEBDD839-58A8-4B5A-9360-B5E647AA2388} - System32\Tasks\Superclean => c:\programdata\{c47ac6dc-7942-51fa-c47a-ac6dc7941b71}\hqghumeaylnlf.exe [2014-08-21] (Super PC Tools Ltd) <==== UWAGA
    Task: C:\Windows\Tasks\Superclean.job => c:\programdata\{c47ac6dc-7942-51fa-c47a-ac6dc7941b71}\hqghumeaylnlf.exe <==== UWAGA
    HKU\S-1-5-21-280257935-598406109-3019398643-1001\...\MountPoints2: {03064998-a0ae-11e4-be83-240a647351fc} - "G:\AutoRun.exe"
    HKU\S-1-5-21-280257935-598406109-3019398643-1001\...\MountPoints2: {242de389-edde-11e4-be9b-240a647351fc} - "I:\AutoRun.exe"
    HKU\S-1-5-21-280257935-598406109-3019398643-1001\...\MountPoints2: {242de3af-edde-11e4-be9b-240a647351fc} - "I:\AutoRun.exe"
    HKU\S-1-5-21-280257935-598406109-3019398643-1001\...\MountPoints2: {3a19ceb9-a0ad-11e4-be82-240a647351fc} - "G:\AutoRun.exe"
    HKU\S-1-5-21-280257935-598406109-3019398643-1001\...\MountPoints2: {ccefa251-d3b4-11e4-be97-020903080001} - "I:\AutoRun.exe"
    HKU\S-1-5-21-280257935-598406109-3019398643-1001\...\MountPoints2: {ccefa496-d3b4-11e4-be97-020903080001} - "I:\AutoRun.exe"
    CHR HKLM\SOFTWARE\Policies\Google: Ograniczenia <======= UWAGA
    CHR HKU\S-1-5-21-280257935-598406109-3019398643-1001\SOFTWARE\Policies\Google: Ograniczenia <======= UWAGA
    HKU\S-1-5-21-280257935-598406109-3019398643-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.gboxapp.com/?aff=p
    SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    BHO: GreAtSAAve4U -> {ABD2FA29-39E6-46C4-83EB-C7442F266EFD} -> C:\Program Files (x86)\GreAtSAAve4U\fyadHUNFQnfMiQ.x64.dll => Brak pliku
    BHO-x32: GreAtSAAve4U -> {ABD2FA29-39E6-46C4-83EB-C7442F266EFD} -> C:\Program Files (x86)\GreAtSAAve4U\fyadHUNFQnfMiQ.dll => Brak pliku
    CHR Extension: (Brak nazwy) - C:\Users\Wojtek\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-01-22]
    CHR Extension: (Brak nazwy) - C:\Users\Wojtek\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-01-22]
    CHR Extension: (Brak nazwy) - C:\Users\Wojtek\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2015-01-22]




    CHR Extension: (Brak nazwy) - C:\Users\Wojtek\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-01-22]
    CHR Extension: (Brak nazwy) - C:\Users\Wojtek\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfchnphgogjhineanplmfkofljiagjfb [2015-01-22]
    CHR Extension: (Brak nazwy) - C:\Users\Wojtek\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-01-22]
    CHR Extension: (pliki do pobrania) - C:\Users\Wojtek\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\bkccjobhflhnncbcimnnlbagidfllkoc [2015-02-11] [UpdateUrl: hxxps://epicunitscan.info/00service/update2/crx] <==== UWAGA
    CHR Extension: (Adblock Plus) - C:\Users\Wojtek\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2015-02-25] [UpdateUrl: hxxps://epicunitscan.info/00service/update2/crx] <==== UWAGA
    CHR Extension: (Google Wallet) - C:\Users\Wojtek\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-02-11] [UpdateUrl: hxxps://epicunitscan.info/00service/update2/crx] <==== UWAGA
    S3 gusvc; "C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe" [X]
    S2 Shaky Print; "C:\Program Files (x86)\Shaky Print\Shaky Print.exe" [X]
    U3 aen2p7xi; C:\Windows\System32\Drivers\aen2p7xi.sys [0 ] (Intel Corporation) <==== UWAGA (zerobajtowy plik/folder)
    U3 ajj8nnpf; C:\Windows\System32\Drivers\ajj8nnpf.sys [0 ] (Intel Corporation) <==== UWAGA (zerobajtowy plik/folder)
    S3 ASUSProcObsrv; \??\E:\I386\AsPrOb64.sys [X]
    S3 hwusb_cdcacm; \SystemRoot\system32\DRIVERS\ew_cdcacm.sys [X]
    S3 hwusb_wwanecm; \SystemRoot\system32\DRIVERS\ew_wwanecm.sys [X]
    S1 MpKsl0fbf372d; \??\C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{A08F09D6-6EB4-4514-9737-6FC06DB3415C}\MpKsl0fbf372d.sys [X]
    2015-12-14 19:57 - 2015-08-21 18:57 - 00000374 _____ C:\Windows\Tasks\Superclean.job
    EmptyTemp:


    Wklej to do notatnika i zapisz pod nazwą fixlist.txt i umieść w folderze gdzie znajduje się plik FRST.exe/FRST64.exe, odpal go i kliknij Fix/Napraw.

    Przeskanuj komputer programem ADWCleaner i usuń wszystko co znalazł.

    0
  • Pomocny post
    #3 15 Gru 2015 13:51
    Kolobos
    Spec od komputerów

    Odinstaluj:
    SystemEnterprise
    SystemHelp

    Obok frst.exe utworz plik fixlist.txt z zawartoscia:
    Task: {97D95861-0EC3-4413-9792-0E99F69B2F0D} - System32\Tasks\{139F5D64-D80B-4931-BFB0-01C72AD8B893} => Chrome.exe hxxp://ui.skype.com/ui/0/7.1.0.105/pl/abandon...all?source=lightinstaller&amp;page=tsBing
    Task: {DEBDD839-58A8-4B5A-9360-B5E647AA2388} - System32\Tasks\Superclean => c:\programdata\{c47ac6dc-7942-51fa-c47a-ac6dc7941b71}\hqghumeaylnlf.exe [2014-08-21] (Super PC Tools Ltd) <==== UWAGA
    Task: C:\Windows\Tasks\Superclean.job => c:\programdata\{c47ac6dc-7942-51fa-c47a-ac6dc7941b71}\hqghumeaylnlf.exe <==== UWAGA
    HKU\S-1-5-21-280257935-598406109-3019398643-1001\...\Policies\Explorer: []
    HKU\S-1-5-21-280257935-598406109-3019398643-1001\...\MountPoints2: {03064998-a0ae-11e4-be83-240a647351fc} - "G:\AutoRun.exe"
    HKU\S-1-5-21-280257935-598406109-3019398643-1001\...\MountPoints2: {242de389-edde-11e4-be9b-240a647351fc} - "I:\AutoRun.exe"
    HKU\S-1-5-21-280257935-598406109-3019398643-1001\...\MountPoints2: {242de3af-edde-11e4-be9b-240a647351fc} - "I:\AutoRun.exe"
    HKU\S-1-5-21-280257935-598406109-3019398643-1001\...\MountPoints2: {3a19ceb9-a0ad-11e4-be82-240a647351fc} - "G:\AutoRun.exe"
    HKU\S-1-5-21-280257935-598406109-3019398643-1001\...\MountPoints2: {ccefa251-d3b4-11e4-be97-020903080001} - "I:\AutoRun.exe"
    HKU\S-1-5-21-280257935-598406109-3019398643-1001\...\MountPoints2: {ccefa496-d3b4-11e4-be97-020903080001} - "I:\AutoRun.exe"
    CHR HKLM\SOFTWARE\Policies\Google: Ograniczenia <======= UWAGA
    CHR HKU\S-1-5-21-280257935-598406109-3019398643-1001\SOFTWARE\Policies\Google: Ograniczenia <======= UWAGA
    HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.gboxapp.com/?aff=p
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.gboxapp.com/?aff=p
    HKU\S-1-5-21-280257935-598406109-3019398643-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.gboxapp.com/?aff=p
    BHO: GreAtSAAve4U -> {ABD2FA29-39E6-46C4-83EB-C7442F266EFD} -> C:\Program Files (x86)\GreAtSAAve4U\fyadHUNFQnfMiQ.x64.dll => Brak pliku
    BHO-x32: GreAtSAAve4U -> {ABD2FA29-39E6-46C4-83EB-C7442F266EFD} -> C:\Program Files (x86)\GreAtSAAve4U\fyadHUNFQnfMiQ.dll => Brak pliku
    CHR Extension: (Brak nazwy) - C:\Users\Wojtek\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-01-22]
    CHR Extension: (Brak nazwy) - C:\Users\Wojtek\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-01-22]
    CHR Extension: (Brak nazwy) - C:\Users\Wojtek\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2015-01-22]
    CHR Extension: (Brak nazwy) - C:\Users\Wojtek\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-01-22]
    CHR Extension: (Brak nazwy) - C:\Users\Wojtek\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfchnphgogjhineanplmfkofljiagjfb [2015-01-22]
    CHR Extension: (Brak nazwy) - C:\Users\Wojtek\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-01-22]
    CHR Extension: (pliki do pobrania) - C:\Users\Wojtek\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\bkccjobhflhnncbcimnnlbagidfllkoc [2015-02-11] [UpdateUrl: hxxps://epicunitscan.info/00service/update2/crx] <==== UWAGA
    CHR Extension: (Adblock Plus) - C:\Users\Wojtek\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2015-02-25] [UpdateUrl: hxxps://epicunitscan.info/00service/update2/crx] <==== UWAGA
    CHR Extension: (Google Wallet) - C:\Users\Wojtek\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-02-11] [UpdateUrl: hxxps://epicunitscan.info/00service/update2/crx] <==== UWAGA
    S2 22e35c0f; "C:\Windows\system32\rundll32.exe" "c:\Program Files (x86)\SystemHelp\SystemHelp.dll",serv
    S2 afa5aa21; "C:\Windows\system32\rundll32.exe" "c:\Program Files (x86)\SystemEnterprise\SystemEnterprise.dll",serv
    S3 gusvc; "C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe" [X]
    S2 Shaky Print; "C:\Program Files (x86)\Shaky Print\Shaky Print.exe" [X]
    U3 aen2p7xi; C:\Windows\System32\Drivers\aen2p7xi.sys [0 ] (Intel Corporation) <==== UWAGA (zerobajtowy plik/folder)
    U3 ajj8nnpf; C:\Windows\System32\Drivers\ajj8nnpf.sys [0 ] (Intel Corporation) <==== UWAGA (zerobajtowy plik/folder)
    S3 ASUSProcObsrv; \??\E:\I386\AsPrOb64.sys [X]
    S3 hwusb_cdcacm; \SystemRoot\system32\DRIVERS\ew_cdcacm.sys [X]
    S3 hwusb_wwanecm; \SystemRoot\system32\DRIVERS\ew_wwanecm.sys [X]
    S1 MpKsl0fbf372d; \??\C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{A08F09D6-6EB4-4514-9737-6FC06DB3415C}\MpKsl0fbf372d.sys [X]
    2015-11-25 15:58 - 2015-11-27 16:49 - 00000000 ___HD C:\Users\Wojtek\AppData\Roaming\pwo12
    2015-11-25 15:58 - 2015-11-25 15:58 - 00000000 ____D C:\Users\Wojtek\AppData\Local\Ethash
    2015-11-25 15:57 - 2015-12-10 20:05 - 00000000 ___HD C:\Users\Wojtek\AppData\Roaming\pwo6
    2015-11-19 18:30 - 2015-04-13 15:53 - 00003886 _____ C:\Windows\System32\Tasks\Opera scheduled Autoupdate 1428936789
    2015-12-14 19:57 - 2015-08-21 18:57 - 00000374 _____ C:\Windows\Tasks\Superclean.job
    c:\programdata\{c47ac6dc-7942-51fa-c47a-ac6dc7941b71}
    EmptyTemp:

    W FRST wybierz Napraw.

    Usun katalog C:\FRST.

    0
  • #4 15 Gru 2015 20:54
    noker6
    Poziom 6  

    Działa. :spoko: :ok: :shocked!: :D
    Wielkie dzięki.

    0
  • #5 16 Gru 2015 08:37
    Domino_2
    Pomocny dla użytkowników

    Możesz skasować folder C:\FRST.
    Jak usunąć DNS Unlocker? Logi FRST

    0