Elektroda.pl
Elektroda.pl
X
Proszę, dodaj wyjątek www.elektroda.pl do Adblock.
Dzięki temu, że oglądasz reklamy, wspierasz portal i użytkowników.

DNS Unlocker - Jak to usunąć?

waski1133 17 Sty 2016 23:26 702 11
  • Pomocny post
    #4 17 Sty 2016 23:53
    xoree
    Poziom 29  

    Zapodaj jeszcze aktualny plik : Addition.txt

    0
  • Pomocny post
    #7 18 Sty 2016 07:23
    Kolobos
    Spec od komputerów

    @waski1133 podany wczesniej fixlist, nie jest poprawny.

    Odinstaluj:
    Click Caption 1.10.0.2
    Jailbreak the Patriarchy
    ToutApp Email Tracking Templates
    REACHit
    YAC(Yet Another Cleaner!

    Zainstaluj https://support.microsoft.com/en-us/kb/2545227

    Obok frst.exe utworz plik fixlist.txt z zawartoscia:
    CloseProcesses:
    C:\Program Files (x86)\Elex-tech\
    Task: {263EC49D-C7F9-4988-9098-C3B82B2903D3} - System32\Tasks\Lenovo\REACHit Agent Startup => C:\Program Files (x86)\Lenovo\REACHit\webAgent.exe [2015-11-11] (Lenovo)
    Task: {282E2A04-60A6-4E83-A675-09705171377C} - System32\Tasks\{D3276D8E-2824-470E-AFAB-4933A2CF7ABF} => c:\program files (x86)\opera\launcher.exe [2015-12-15] (Opera Software)
    Task: {356F96CF-9EEB-4E7E-85D2-E993607609E0} - System32\Tasks\Lenovo\REACHit Agent Update => C:\Program Files (x86)\Lenovo\REACHit\webAgent.exe [2015-11-11] (Lenovo)
    Task: {408A62E2-4BCF-411E-BCB5-3F8B846BF5A9} - System32\Tasks\Opera scheduled Autoupdate 1401289250 => C:\Program Files (x86)\Opera\launcher.exe [2015-12-15] (Opera Software)
    Task: {5EE58CB4-CF95-4A81-A5E2-5E12808AE17A} - \avast! Emergency Update -> Brak pliku <==== UWAGA
    Task: {61F58650-D796-49FA-909C-6919752FB573} - System32\Tasks\{AB6F80CD-25AA-4258-B01F-E9E7AD7E656A} => Chrome.exe hxxp://ui.skype.com/ui/0/7.8.0.102/pl/go/help...?source=lightinstaller&amp;LastError=1603
    Task: {7C70B73B-8A7D-4D66-A087-D6D13C2E53A4} - System32\Tasks\{739B664F-9F5C-40F6-A009-8871A2A342B0} => c:\program files (x86)\opera\launcher.exe [2015-12-15] (Opera Software)
    Task: {F52CF33E-F273-40CA-979C-B0C4BCE4079F} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program 64 => C:\Program Files (x86)\Lenovo\Customer Feedback Program\Lenovo.TVT.CustomerFeedback.Agent.exe [2015-07-08] (Lenovo)
    Shortcut: C:\Users\Szymon\Desktop\Nowy folder\Hattrick Organizer (2).lnk -> D:\Programy\HattrickOrganizer\HO.bat (Brak pliku)
    Shortcut: C:\Users\Szymon\Desktop\Nowy folder\Hattrick Organizer.lnk -> D:\Programy\HattrickOrganizer\HO.bat (Brak pliku)
    AlternateDataStreams: C:\Windows\system32\Drivers\rnqlmehd.sys:changelist
    (Elex do Brasil Participações Ltda) C:\Program Files (x86)\Elex-tech\YAC\iSafeSvc.exe
    (Elex do Brasil Participações Ltda) C:\Program Files (x86)\Elex-tech\YAC\iSafeSvc2.exe
    (Elex do Brasil Participações Ltda) C:\Program Files (x86)\Elex-tech\YAC\iSafeTray.exe
    HKU\S-1-5-21-3330955607-1330193023-3165991698-1001\...\MountPoints2: F - F:\AutoRun.exe
    HKU\S-1-5-21-3330955607-1330193023-3165991698-1001\...\MountPoints2: {24a3be05-04f3-11e4-af57-40f02f107c4c} - G:\AutoRun.exe




    HKU\S-1-5-21-3330955607-1330193023-3165991698-1001\...\MountPoints2: {499a1624-1e66-11e5-8e71-40f02f107c4c} - G:\AutoRun.exe
    HKU\S-1-5-21-3330955607-1330193023-3165991698-1001\...\MountPoints2: {499a1650-1e66-11e5-8e71-40f02f107c4c} - G:\AutoRun.exe
    HKU\S-1-5-21-3330955607-1330193023-3165991698-1001\...\MountPoints2: {49ae23cf-037a-11e4-a031-40f02f107c4c} - F:\AutoRun.exe
    HKU\S-1-5-21-3330955607-1330193023-3165991698-1001\...\MountPoints2: {49ae23dd-037a-11e4-a031-40f02f107c4c} - G:\AutoRun.exe
    HKU\S-1-5-21-3330955607-1330193023-3165991698-1001\...\MountPoints2: {7c0afb36-7326-11e4-898f-40f02f107c4c} - F:\setup.exe
    HKU\S-1-5-21-3330955607-1330193023-3165991698-1001\...\MountPoints2: {cfd22317-0b4d-11e4-8fb7-40f02f107c4c} - G:\AutoRun.exe
    HKU\S-1-5-21-3330955607-1330193023-3165991698-1001\...\MountPoints2: {d273da96-3799-11e5-8f47-001e101f82a7} - G:\AutoRun.exe
    HKU\S-1-5-21-3330955607-1330193023-3165991698-1001\...\MountPoints2: {d273daa4-3799-11e5-8f47-001e101f82a7} - G:\AutoRun.exe
    HKU\S-1-5-21-3330955607-1330193023-3165991698-1001\...\MountPoints2: {d383ca32-299a-11e5-90b4-001e101fa1f5} - G:\AutoRun.exe
    ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll Brak pliku
    Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\CodecPackUpdateChecker.lnk [2014-06-03]
    ShortcutTarget: CodecPackUpdateChecker.lnk -> C:\Windows\SysWOW64\C2MP\UpdateChecker.exe (Brak pliku)
    GroupPolicy: Ograniczenia - Chrome <======= UWAGA
    GroupPolicy-x32: Ograniczenia - Chrome <======= UWAGA
    CHR HKLM\SOFTWARE\Policies\Google: Ograniczenia <======= UWAGA
    CHR HKU\S-1-5-21-3330955607-1330193023-3165991698-1001\SOFTWARE\Policies\Google: Ograniczenia <======= UWAGA
    HKU\S-1-5-21-3330955607-1330193023-3165991698-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.v9.com?type=hp&ts=1433602338&a...;z=d713e946440702a06847a82gfz1c0cdq0e2o8c2z8z
    HKU\S-1-5-21-3330955607-1330193023-3165991698-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.v9.com?type=hp&ts=1433602338&a...;z=d713e946440702a06847a82gfz1c0cdq0e2o8c2z8z
    SearchScopes: HKLM -> DefaultScope {425ED333-6083-428a-92C9-0CFC28B9D1BF} URL =
    Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll Brak pliku
    FF DefaultSearchEngine: V9
    FF SelectedSearchEngine: V9
    FF SearchPlugin: C:\Users\Szymon\AppData\Roaming\Mozilla\Firefox\Profiles\p0fv747h.default\searchplugins\v9-.xml [2015-11-03]
    FF Extension: xRocket Toolbar - C:\Users\Szymon\AppData\Roaming\Mozilla\Firefox\Profiles\p0fv747h.default\extensions\arthurj8283@gmail.com [2015-09-14] [Brak podpisu cyfrowego]
    FF Extension: Yellow AdBlocker - C:\Users\Szymon\AppData\Roaming\Mozilla\Firefox\Profiles\p0fv747h.default\extensions\wdibrkkoxdzgh@wnafqukjwwbcxjuscs.com [2015-09-03] [Brak podpisu cyfrowego]
    FF Extension: sidebar - C:\Users\Szymon\AppData\Roaming\Mozilla\Firefox\Profiles\p0fv747h.default\extensions\sidebarff@gmail.com [2015-11-07] [Brak podpisu cyfrowego]
    FF Extension: Jungle Net - C:\Users\Szymon\AppData\Roaming\Mozilla\Firefox\Profiles\p0fv747h.default\Extensions\{8f2a3863-c201-4a50-8c51-c3f9da1feea6}.xpi [2015-08-22] [Brak podpisu cyfrowego]
    FF HKLM-x32\...\Firefox\Extensions: [arthurj8283@gmail.com] - C:\Users\Szymon\AppData\Roaming\Mozilla\Firefox\Profiles\p0fv747h.default\extensions\arthurj8283@gmail.com
    FF HKLM-x32\...\Firefox\Extensions: [sidebarff@gmail.com] - C:\Users\Szymon\AppData\Roaming\Mozilla\Firefox\Profiles\p0fv747h.default\extensions\sidebarff@gmail.com
    CHR HomePage: Default -> gazeta.allplayer.org/
    CHR Extension: (Gazeta.pl) - C:\Users\Szymon\AppData\Local\Google\Chrome\User Data\Default\Extensions\efhdjkbfpoohkmfaldijcpbnmbpefpkb [2015-07-31] [UpdateUrl: hxxp://mynamedomain.koko/00] <==== UWAGA
    CHR Extension: (Płatności w sklepie Chrome Web Store) - C:\Users\Szymon\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-08-14] [UpdateUrl: hxxps://epicunitscan.info/00service/update2/crx] <==== UWAGA
    CHR HKLM\...\Chrome\Extension: [jdiejbegdjikmehflknhkbieocmnogcf] - C:\Users\Szymon\AppData\Local\Google\Chrome\User Data\Default\Extensions\jdiejbegdjikmehflknhkbieocmnogcf.crx [2015-11-07]
    CHR HKU\S-1-5-21-3330955607-1330193023-3165991698-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [apdfllckaahabafndbhieahigkjlhalf] - C:\Users\Szymon\AppData\Local\Google\Drive\user_default\apdfllckaahabafndbhieahigkjlhalf_live.crx [2015-09-17]
    CHR HKU\S-1-5-21-3330955607-1330193023-3165991698-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx
    CHR HKLM-x32\...\Chrome\Extension: [jdiejbegdjikmehflknhkbieocmnogcf] - C:\Users\Szymon\AppData\Local\Google\Chrome\User Data\Default\Extensions\jdiejbegdjikmehflknhkbieocmnogcf.crx [2015-11-07]
    R2 iSafeService; C:\Program Files (x86)\Elex-tech\YAC\iSafeSvc.exe [118048 2015-06-10] (Elex do Brasil Participações Ltda)
    S2 06c60260; "C:\Windows\system32\rundll32.exe" "c:\Program Files (x86)\TrimInstance\TrimInstance.dll",serv
    S2 7f11b722; "C:\Windows\system32\rundll32.exe" "c:\Program Files (x86)\AppendRunner\AppendRunner.dll",serv
    S2 c2cautoupdatesvc; "C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe" /service [X]
    S2 c2cpnrsvc; "C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe" /service [X]
    S2 f063af40; "C:\Windows\system32\rundll32.exe" "c:\Program Files (x86)\PragmaModulator\PragmaModulator.dll",serv
    S0 aswRvrt; Brak ImagePath
    S0 aswVmm; Brak ImagePath
    R1 iSafeKrnl; C:\Program Files (x86)\Elex-tech\YAC\iSafeKrnl.sys [260856 2015-06-10] (Elex do Brasil Participações Ltda)
    R1 iSafeKrnlKit; C:\Program Files (x86)\Elex-tech\YAC\iSafeKrnlKit.sys [108616 2015-06-10] (Elex do Brasil Participações Ltda)
    R1 iSafeKrnlMon; C:\Program Files (x86)\Elex-tech\YAC\iSafeKrnlMon.sys [50944 2015-06-10] (Elex do Brasil Participações Ltda)
    R1 iSafeKrnlR3; C:\Program Files (x86)\Elex-tech\YAC\iSafeKrnlR3.sys [102416 2015-06-10] (Elex do Brasil Participações Ltda)
    R1 iSafeNetFilter; C:\Windows\System32\DRIVERS\iSafeNetFilter.sys [52392 2015-04-17] (Elex do Brasil Participações Ltda)
    S2 aswHwid; \SystemRoot\system32\drivers\aswHwid.sys [X]
    S2 aswMonFlt; \SystemRoot\system32\drivers\aswMonFlt.sys [X]
    S1 aswRdr; \SystemRoot\system32\drivers\aswRdr2.sys [X]
    S1 aswSnx; \SystemRoot\system32\drivers\aswSnx.sys [X]
    S1 aswSP; \SystemRoot\system32\drivers\aswSP.sys [X]
    S2 aswStm; \SystemRoot\system32\drivers\aswStm.sys [X]
    S3 vm331avs; System32\Drivers\vm331avs.sys [X]
    S1 {825c5be7-672f-4c14-9929-48a3a5e1a660}w64; system32\drivers\{825c5be7-672f-4c14-9929-48a3a5e1a660}w64.sys [X]
    S1 {8aa67d0b-c01c-4d37-acff-fff3e85a7686}w64; system32\drivers\{8aa67d0b-c01c-4d37-acff-fff3e85a7686}w64.sys [X]
    S1 {8ce1c375-1e13-43f7-a4fd-6530f47c4fde}w64; system32\drivers\{8ce1c375-1e13-43f7-a4fd-6530f47c4fde}w64.sys [X]
    S1 {e4c6b00c-d06e-4877-9f09-d92a224047b5}w64; system32\drivers\{e4c6b00c-d06e-4877-9f09-d92a224047b5}w64.sys [X]
    S1 {eb5ff5f5-0862-4d0e-b77f-65f32d94e6ab}w64; system32\drivers\{eb5ff5f5-0862-4d0e-b77f-65f32d94e6ab}w64.sys [X]
    2016-01-17 23:44 - 2015-04-17 03:43 - 00052392 _____ (Elex do Brasil Participações Ltda) C:\Windows\system32\Drivers\iSafeNetFilter.sys
    2016-01-17 23:42 - 2016-01-17 23:42 - 00000000 ____D C:\Users\Szymon\AppData\Roaming\Elex-tech
    2016-01-17 23:31 - 2016-01-17 23:34 - 00000000 ____D C:\AdwCleaner
    2016-01-05 22:32 - 2016-01-05 22:32 - 00000001 _____ C:\Windows\SysWOW64\pl.html
    2015-12-22 20:48 - 2015-12-22 20:48 - 00000144 _____ C:\Windows\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
    2015-12-24 23:11 - 2015-07-03 15:12 - 00000000 ____D C:\Program Files (x86)\ToutApp Email Tracking Templates Analytics
    2015-12-24 23:11 - 2015-05-27 19:48 - 00000000 ____D C:\Program Files (x86)\Jailbreak the Patriarchy
    2015-12-22 22:30 - 2014-06-03 13:52 - 00003894 _____ C:\Windows\System32\Tasks\Opera scheduled Autoupdate 1401289250
    2015-12-22 22:14 - 2015-07-06 16:12 - 00000000 ____D C:\Program Files (x86)\Appalling Primary
    2015-12-22 22:08 - 2015-08-09 17:00 - 00000000 ____D C:\Program Files (x86)\SoftwareAlert
    2015-08-09 17:21 - 2015-08-09 20:02 - 0000079 _____ () C:\Program Files (x86)\prefs.js
    2015-06-24 16:07 - 2015-08-14 15:23 - 0000020 _____ () C:\Users\Szymon\AppData\Roaming\appdataFr2.bin
    2015-05-31 14:12 - 2015-12-08 17:59 - 0000024 _____ () C:\Users\Szymon\AppData\Roaming\appdataFr25.bin
    2015-04-02 18:31 - 2015-05-13 18:55 - 0000020 _____ () C:\Users\Szymon\AppData\Roaming\appdataFr3.bin
    2014-09-01 09:18 - 2014-09-01 09:18 - 0001248 _____ () C:\Users\Szymon\AppData\Roaming\HMJS
    2014-09-01 09:18 - 2014-09-01 09:18 - 0001248 _____ () C:\Users\Szymon\AppData\Roaming\QWMS
    2014-09-01 09:18 - 2014-09-01 09:18 - 0002086 _____ () C:\Users\Szymon\AppData\Roaming\VX
    2014-09-01 09:18 - 2014-09-01 09:18 - 0002086 _____ () C:\Users\Szymon\AppData\Roaming\YJVIWV
    2014-09-16 16:48 - 2014-09-16 16:48 - 0617369 _____ (ClickMeIn Limited) C:\Users\Szymon\AppData\Local\nsj1A99.tmp
    2015-07-12 13:14 - 2015-07-12 13:15 - 35250961 _____ () C:\Users\Szymon\AppData\Local\SelfExtractible.zip
    2015-07-30 16:35 - 2015-07-30 16:35 - 0000000 _____ () C:\Users\Szymon\AppData\Local\Temp.dat
    EmptyTemp:

    W FRST wybierz Napraw.

    Nastepnie do okna frst wpisz:
    TrustedInstaller.exe
    I wybierz wyszukiwanie plikow, po zakonczeniu zamiesc log, ktory sie utworzy.

    1
  • Pomocny post
    #9 18 Sty 2016 17:35
    Kolobos
    Spec od komputerów

    Przejmij na wlasnosc ( https://technet.microsoft.com/pl-pl/library/cc753659.aspx )i nadaj sobie prawa do zapisu dla katalogu C:\Windows\servicing\ nastepnie skopiuj tam plik z C:\Windows\winsxs\amd64_microsoft-windows-trustedinstaller_31bf3856ad364e35_6.1.7601.17514_none_ef3338f363c6403c\TrustedInstaller.exe

    0
  • #10 18 Sty 2016 18:01
    waski1133
    Poziom 7  

    Ok, zrobiłem tak. Coś zapodać?

    0
  • Pomocny post
    #11 18 Sty 2016 19:17
    Kolobos
    Spec od komputerów

    Usun katalog C:\FRST i to wszystko.

    0
  • #12 18 Sty 2016 19:30
    waski1133
    Poziom 7  

    Dzięki wielkie! Wszystko gra ;)

    0