Elektroda.pl
Elektroda.pl
X
CControls
Proszę, dodaj wyjątek www.elektroda.pl do Adblock.
Dzięki temu, że oglądasz reklamy, wspierasz portal i użytkowników.

DNSunlocker - Jak usunąć? logi.

w0itas 31 Gru 2015 12:50 1125 15
  • CControls
  • Pomocny post
    #2 31 Gru 2015 13:04
    Acorus 20
    Spec od komputerów

    Otwórz notatnik systemowy i wklej:

    Cytat:
    Task: {EBC0E80B-D29A-483E-AB67-1AA778DF7936} - System32\Tasks\{3C9E2DBD-7526-4164-846D-21D318E4CD88} => pcalua.exe -a "C:\Program Files (x86)\RelevantKnowledge\rlvknlg.exe" -c -bootremove -uninst:RelevantKnowledge
    Task: {FBACC30F-E1E9-40F6-BFE1-111224C423E3} - System32\Tasks\DNSBEECHER => dnsbeecher.exe <==== UWAGA
    Tcpip\..\Interfaces\{0F28DA10-CEA3-4938-B045-AB876FF6E39D}: [NameServer] 82.163.143.165,82.163.142.167
    Tcpip\..\Interfaces\{85AAC926-427C-410E-8E4A-2E209657AAD8}: [NameServer] 82.163.143.165,82.163.142.167
    Tcpip\..\Interfaces\{85CC966C-5FA2-486D-B2AD-BCA68BEF901F}: [NameServer] 82.163.143.165,82.163.142.167
    HKU\S-1-5-21-720441573-3623215186-1900946837-1000\...\Run: [AVG-Secure-Search-Update_1213b] => C:\Users\techkart\AppData\Roaming\AVG 1213b Campaign\AVG-Secure-Search-Update-1213b.exe /PROMPT /mid=50c4c8d5b64747d2bd060574387703fb-0e7f3b00f1b3659a3953c88ed98c26e7e9273a47 /CMPID=1213b
    HKU\S-1-5-21-720441573-3623215186-1900946837-1001\...\Run: [AVG-Secure-Search-Update_1213b] => C:\Users\UpdatusUser\AppData\Roaming\AVG 1213b Campaign\AVG-Secure-Search-Update-1213b.exe /PROMPT /mid=50c4c8d5b64747d2bd060574387703fb-0e7f3b00f1b3659a3953c88ed98c26e7e9273a47 /CMPID=1213b
    HKU\S-1-5-21-720441573-3623215186-1900946837-1001\...\MountPoints2: {80ab9ac8-7fcd-11e3-8bb8-806e6f6e6963} - D:\DVDSetup.exe
    SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-21-720441573-3623215186-1900946837-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    Toolbar: HKU\S-1-5-21-720441573-3623215186-1900946837-1000 -> Brak nazwy - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - Brak pliku
    Toolbar: HKU\S-1-5-21-720441573-3623215186-1900946837-1001 -> Brak nazwy - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - Brak pliku
    CHR HomePage: Default -> hxxp://www.mysites123.com/?type=hp&ts=145...uid=wdcxwd10ezex-00bn5a0_wd-wcc3f063289532895
    CHR StartupUrls: Default -> "hxxp://www.mysites123.com/?type=hp&ts=1451482366&z=c0385debcc792e880dcd578g6zawbgezbb5o7c8qaq&from=amt&uid=wdcxwd10ezex-00bn5a0_wd-wcc3f063289532895"
    CHR DefaultSearchURL: Default -> hxxp://mysites123.com/web?type=ds&ts=1451...xwd10ezex-00bn5a0_wd-wcc3f063289532895&q={searchTerms}
    CHR DefaultSearchKeyword: Default -> mysites123
    S4 PSI_SVC_2; "c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe" [X]
    S2 vToolbarUpdater3.5.0; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\3.5.0\ToolbarUpdater.exe [X]
    S3 MSICDSetup; \??\D:\CDriver64.sys [X]
    S3 NTIOLib_1_0_C; \??\D:\NTIOLib_X64.sys [X]
    2015-12-31 08:30 - 2015-12-31 12:10 - 00000000 ____D C:\AdwCleaner
    2015-12-30 12:47 - 2015-12-30 12:47 - 00002894 _____ C:\Windows\System32\Tasks\{E90E3739-BE9A-4323-846C-887E9DEA0BDE}
    2015-12-28 16:51 - 2015-12-28 16:51 - 00003144 _____ C:\Windows\System32\Tasks\{F8EF8FFC-E367-4E42-AB5F-238D43DD095D}
    2015-12-28 15:07 - 2015-12-28 15:07 - 00003036 _____ C:\Windows\System32\Tasks\{1DA87A7B-B4C0-4597-8B8A-13AA28A7F9F6}
    EmptyTemp:


    Plik zapisz pod nazwą fixlist.txt i umieść obok FRST w tym samym folderze.
    Uruchom jako administrator FRST i kliknij w Fix/Napraw.

    0
  • CControls
  • #3 02 Sty 2016 10:39
    w0itas
    Poziom 9  

    Niestety nie pomogło ...:(

    0
  • #4 02 Sty 2016 10:46
    Acorus 20
    Spec od komputerów

    Pokaż nowe logi z FRST.

    0
  • Pomocny post
    #8 04 Sty 2016 10:48
    Kolobos
    Spec od komputerów

    Odinstaluj: AVG Web TuneUp

    Fixlist.txt dla FRST:
    Task: {007707DB-9DF9-404A-B060-F94361DFE55C} - \{F8EF8FFC-E367-4E42-AB5F-238D43DD095D} -> Brak pliku <==== UWAGA
    Task: {07D884DF-51EF-4DA3-9049-59B804A5B8F1} - System32\Tasks\{0AD212B4-702A-49DD-80E5-89D9C3D73EBF} => D:\INSTALL\DTPRMV.EXE
    Task: {0EE45C0F-2673-44BA-860A-384578E1232E} - System32\Tasks\{B34739EE-C516-49B0-BCEE-B76ED7FF0EC8} => D:\setup.exe
    Task: {127501C9-AE02-495A-BF54-B201134E0E9C} - System32\Tasks\{DDEBFCDD-A092-4C15-B887-FBF3A83B45A0} => N:\INSTALL\INSTALL.EXE
    Task: {15A78127-59AC-4BFE-9B7E-601C6E603297} - System32\Tasks\{84760A86-E536-4CAF-95E1-AA2358A086FF} => L:\photoshop CS2\CS_2.0_WWE_Extras_1.exe [2014-01-13] (Adobe Systems Inc. )
    Task: {162930B3-2697-470E-A45A-1EB69A4D8CB0} - System32\Tasks\{410D1235-613D-4409-8A15-88599450117C} => J:\PROGRAMY\MainTop\MON\mt_mon.exe [2004-04-23] ()
    Task: {2A65AE7F-EB88-4999-805A-68A821D466E1} - System32\Tasks\{4438942E-35DB-4E03-9651-3D33DFC6171A} => D:\INSTALL\DTPRMV.EXE
    Task: {2E22EC7E-DF1E-4407-82FE-ADACD2E11E0D} - System32\Tasks\{FCE5FD1B-4316-43C6-A4CF-5921D439AE6B} => D:\RIP\INSTALL.EXE
    Task: {4071D767-FE0C-4FCE-B97C-7F01B8837AFE} - System32\Tasks\{F7DE0195-901A-46BC-809A-1D9C4F9555C5} => D:\INSTALL\DTPRMV.EXE
    Task: {415B5416-A507-4F52-A0CF-E843DD502015} - System32\Tasks\{F1F4DA67-E6D5-4E8C-BE3B-EBED7070FF61} => N:\INSTALL\INSTALL.EXE
    Task: {4B8B1FC1-0AF2-472B-8692-E887A26ECF96} - System32\Tasks\{015AE2ED-12C0-4DB2-B8D2-7496B6299918} => D:\DS-30040-1\XP_2003 x64\PCIeSetup64.exe
    Task: {4CBA472D-B797-406F-A984-FE3CD41ABD41} - System32\Tasks\{27C9E36E-2E7C-4A85-862A-8216022BD858} => J:\PROGRAMY\MainTop\DTP\DTPW.EXE [2004-09-16] ()
    Task: {4CCD6F3B-4D83-4BD4-B678-9324B12B427B} - System32\Tasks\{B3B2F8AA-C7C3-469C-AE92-43B71807D45D} => J:\PROGRAMY\MainTop\DTP\DTPW.EXE [2004-09-16] ()
    Task: {4E57FFF0-55AC-4468-A066-DFC59397DC0C} - System32\Tasks\{4172A59E-CF50-4562-BAD2-F22666A92B9A} => D:\INSTALL\_install.exe
    Task: {5069E44C-64E4-47AA-8624-F9E09982C18A} - System32\Tasks\{55BDCD91-3F63-4882-AE40-0E44F808C155} => D:\INSTALL\INSTALL.EXE
    Task: {58B18925-A67E-41F9-9318-895E8D62486B} - System32\Tasks\{85D76B98-7EB9-491A-A199-E544A7910709} => D:\INSTALL\DTPRMV.EXE
    Task: {734F0F84-D718-4D86-AE83-32F98FD85FBF} - System32\Tasks\{6ADB9155-EF65-465A-9930-81CCE81446D4} => D:\INSTALL\INSTALL.EXE
    Task: {74C1C516-0AB9-473D-9A21-753A4208DEA9} - System32\Tasks\{0D9D4AC8-2243-49C9-947F-02821C4F0108} => N:\INSTALL\INSTALL.EXE
    Task: {7DE3A1EC-BA15-4F7A-992D-5D9D34B94DD3} - System32\Tasks\{AEE8B249-636D-46D8-B453-39BCC46B4474} => N:\INSTALL\_install.exe
    Task: {87D40DC8-7B7B-41A9-9F3D-18B70FADE305} - System32\Tasks\{533AD3BC-8525-4E61-8F6B-DE4C893659A6} => pcalua.exe -a D:\INSTALL\INSTALL.EXE -d D:\INSTALL
    Task: {90C432D8-6724-4515-8ACC-DAEA34B901CD} - System32\Tasks\{857337F0-E083-47A6-8454-9C9BA426C067} => D:\INSTALL\INSTALL.EXE




    Task: {931019D2-886F-473A-8A58-743B1A7CD128} - System32\Tasks\{7AF9E60D-6FF0-4A01-9E5F-EDE7433305DF} => N:\INSTALL\_install.exe
    Task: {9A9B7130-7494-40B0-B085-1B955DFBAC40} - System32\Tasks\{51FA010E-235C-4F8C-9AA1-B2329F7095B3} => D:\INSTALL\INSTALL.EXE
    Task: {A0489321-006F-4753-9D62-F792C3C2CEE1} - System32\Tasks\{2F1741FE-50D2-4675-AC88-A0A424FF0CF4} => N:\INSTALL\INSTALL.EXE
    Task: {A87722C7-2AED-4082-A852-38775F0402F7} - System32\Tasks\{BAB9D8D7-E75B-47A9-A7DB-64CFDDBFFB5B} => N:\INSTALL\DTPRMV.EXE
    Task: {AC8AFE2D-DDB9-4C0B-B28D-D88EE1D7CD24} - System32\Tasks\{BA80B6B2-F9E3-462F-AC30-5BD20CAFCFEC} => D:\setup.exe
    Task: {ACCFD072-D761-4DCC-B95E-F018DAC8E1D2} - System32\Tasks\{BCFB1FF9-16C9-43CD-AF8E-2BFA6E8255AF} => D:\INSTALL\DTPRMV.EXE
    Task: {B4F90BB2-C71D-487F-B758-68B441811B2C} - System32\Tasks\{195A7ABA-2C47-4368-A8FA-59AE8D0D5792} => pcalua.exe -a "K:\STEROWNIKI LPT I COM\32Bit Windows 7\PCIeSetup32.exe" -d "K:\STEROWNIKI LPT I COM\32Bit Windows 7"
    Task: {BE42511F-22BB-41D5-9158-99632E03887F} - System32\Tasks\{5AC3D194-9DBA-4D44-A8AC-9C3F6E61AA5C} => D:\INSTALL\DTPRMV.EXE
    Task: {C5254EA2-698E-4F42-9BCD-F53B68B9B131} - System32\Tasks\{763EBF53-5479-46DB-9F41-C221110840B5} => N:\MainTop\DTP\DTPW.EXE
    Task: {C73832B4-AE61-436B-B438-6AF9EC18FA37} - System32\Tasks\{A1D2DF42-5889-45F1-A49E-86791DED02AC} => D:\INSTALL\INSTALL.EXE
    Task: {D0967745-0A17-4DE2-B26F-7264704C0921} - System32\Tasks\{A94D854C-AE22-43F8-B722-B010FBE87102} => D:\INSTALL\DTPRMV.EXE
    Task: {DD2B1C5E-A503-443F-9706-ABAD8A8B7784} - System32\Tasks\{BB21CE2F-0397-4806-8D3D-CAEC86176D37} => J:\PROGRAMY\MainTop\DTP\DTPW.EXE [2004-09-16] ()
    Task: {E7267432-B668-4FB4-A97B-3570E86C7321} - System32\Tasks\{07E294DF-0566-4A8B-96E0-2CE6F64D49D2} => D:\RIP\INSTALL.EXE
    Task: {E86ED718-5762-47EE-BEBC-FBA02FBE3728} - \{E90E3739-BE9A-4323-846C-887E9DEA0BDE} -> Brak pliku <==== UWAGA
    Task: {F1B555C5-2530-414B-BA94-38FBD26342A1} - System32\Tasks\{944E8179-8F63-4855-9FD6-0986FFB34FB6} => pcalua.exe -a "L:\photoshop CS2\CS_2.0_WWE_Extras_1.exe" -d "L:\photoshop CS2"
    Task: {F49A6A2C-79DB-44DE-97FA-EF45E6A4B4D3} - \{1DA87A7B-B4C0-4597-8B8A-13AA28A7F9F6} -> Brak pliku <==== UWAGA
    Task: {F568C0FC-1EC6-42A3-8346-F71D31D651B5} - System32\Tasks\{9C0BCD2C-7DD1-4722-A355-308A178027F4} => D:\INSTALL\DTPRMV.EXE
    Tcpip\..\Interfaces\{0F28DA10-CEA3-4938-B045-AB876FF6E39D}: [NameServer] 82.163.143.165,82.163.142.167
    Tcpip\..\Interfaces\{85AAC926-427C-410E-8E4A-2E209657AAD8}: [NameServer] 82.163.143.165,82.163.142.167
    Tcpip\..\Interfaces\{85CC966C-5FA2-486D-B2AD-BCA68BEF901F}: [NameServer] 82.163.143.165,82.163.142.167
    CHR Plugin: (Browser Exploit Prevention) - C:\Users\techkart\AppData\Local\Google\Chrome\User Data\Default\Extensions\bmiabdepfhhiieiipmeecdmeljggmfee\7.5.0.1107_0\nptmbep.dll => Brak pliku
    CHR Plugin: (Trend Micro Titanium) - C:\Program Files\Trend Micro\Titanium\UIFramework\Toolbar\firefoxextension\components\npToolbarChrome.dll => Brak pliku
    S3 cpuz134; \??\C:\Users\techkart\AppData\Local\Temp\cpuz134\cpuz134_x64.sys [X]
    2015-12-31 13:01 - 2015-12-31 13:01 - 03282218 _____ C:\Users\techkart\Downloads\ComboFix.rar

    Po wykonaniu wszystko juz powinno byc ok.

    0
  • #9 04 Sty 2016 15:51
    w0itas
    Poziom 9  

    nic nie pomogło ... z internetu nie da się normalnie korzystać...

    0
  • #10 04 Sty 2016 15:59
    Acorus 20
    Spec od komputerów

    Pokaż nowe logi z FRST.

    0
  • Pomocny post
    #12 04 Sty 2016 16:24
    Kolobos
    Spec od komputerów

    Nie uzywaj combofix!

    Fixlist.txt dla FRST:
    HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Ograniczenia <======= UWAGA
    HKU\S-1-5-21-720441573-3623215186-1900946837-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Ograniczenia <======= UWAGA
    FF Plugin-x32: @TrendMicro.com/FFExtension -> C:\Program Files\Trend Micro\Titanium\UIFramework\Toolbar\firefoxextension\components\npToolbarChrome.dll [Brak pliku]
    FF Extension: AVG Web TuneUp - C:\Users\techkart\AppData\Roaming\Mozilla\Firefox\Profiles\mvo8jjdf.default\Extensions\avg@wtu3.xpi [2015-12-11]
    CHR Plugin: (Browser Exploit Prevention) - C:\Users\techkart\AppData\Local\Google\Chrome\User Data\Default\Extensions\bmiabdepfhhiieiipmeecdmeljggmfee\7.5.0.1107_0\nptmbep.dll => Brak pliku
    CHR Plugin: (Trend Micro Titanium) - C:\Program Files\Trend Micro\Titanium\UIFramework\Toolbar\firefoxextension\components\npToolbarChrome.dll => Brak pliku
    S3 catchme; \??\C:\ComboFix\catchme.sys [X]
    2016-01-04 14:15 - 2016-01-04 14:15 - 00023559 _____ C:\ComboFix.txt
    2016-01-04 14:08 - 2016-01-04 14:15 - 00000000 ____D C:\Qoobox
    2016-01-04 14:08 - 2016-01-04 14:15 - 00000000 ____D C:\ComboFix
    2016-01-04 14:08 - 2011-06-26 07:45 - 00256000 _____ C:\Windows\PEV.exe
    2016-01-04 14:08 - 2010-11-07 18:20 - 00208896 _____ C:\Windows\MBR.exe
    2016-01-04 14:08 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
    2016-01-04 14:08 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
    2016-01-04 14:08 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
    2016-01-04 14:08 - 2000-08-31 01:00 - 00098816 _____ C:\Windows\sed.exe
    2016-01-04 14:08 - 2000-08-31 01:00 - 00080412 _____ C:\Windows\grep.exe
    2016-01-04 14:08 - 2000-08-31 01:00 - 00068096 _____ C:\Windows\zip.exe
    2016-01-04 14:06 - 2016-01-04 14:06 - 05643309 _____ (Swearware) C:\Users\techkart\Downloads\ComboFix(1).exe
    2015-12-31 13:28 - 2015-12-31 13:28 - 05643545 ____R (Swearware) C:\Users\techkart\Desktop\ComboFix.exe

    Dnsy sa juz ok. Zaloguj sie do routera i ustaw tam dnsy na: 8.8.8.8 oraz 8.8.4.4

    Do tego uruchom okno cmd z prawami administratora i tam uruchom: ipconfig /flushdns

    Infekcji juz nie widac.

    0
  • Pomocny post
    #14 04 Sty 2016 16:50
    krzychupar
    Poziom 40  

    Jeszcze to:
    Otwórz notatnik systemowy i wklej:

    FF Plugin: @microsoft.com/GENUINE -> disabled [Brak pliku]
    FF Plugin-x32: @microsoft.com/GENUINE -> disabled [Brak pliku]
    CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\47.0.2526.106\ppGoogleNaClPluginChrome.dll => Brak pliku
    CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\47.0.2526.106\pdf.dll => Brak pliku
    CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\47.0.2526.106\gcswf32.dll => Brak pliku
    CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll => Brak pliku
    S3 cpuz134; \??\C:\Users\techkart\AppData\Local\Temp\cpuz134\cpuz134_x64.sys [X]

    EmptyTemp:

    Plik zapisz pod nazwą fixlist.txt i umieść obok FRST w tym samym folderze.
    Uruchom jako administrator FRST i kliknij w Fix/Napraw.

    0
  • Pomocny post
    #15 04 Sty 2016 17:16
    Kolobos
    Spec od komputerów

    @w0itas odinstaluj przegladarke, usun katalog profilu przegladarki z %LOCALAPPDATA%\Google\Chrome\User Data\ i zainstaluj ponownie.
    Wczesniej zrob kopie zakladek.

    0
  • #16 04 Sty 2016 18:05
    w0itas
    Poziom 9  

    wydaje mi się że już wszystko jest Ok, przeglądarka działa płynnie i na chwile obecną nie ma żarnych problemów. Chciałbym wam bardzo podziękować za pomoc i cierpliwość. Życzę wszystkiego dobrego w nowym roku ;)

    0