Elektroda.pl
Elektroda.pl
X
Proszę, dodaj wyjątek www.elektroda.pl do Adblock.
Dzięki temu, że oglądasz reklamy, wspierasz portal i użytkowników.

DNS Unlocker - usunięcie - logi z FRST.

Massuri 22 Sty 2016 15:21 576 3
  • #2 22 Sty 2016 15:29
    spicter
    Poziom 22  

    Jakie kroki poczyniłeś?

    1. Odinstalowanie z Programy i Funkcje?
    2. Jakich programów użyłeś do skany, czyszczenia, usunięcia programu.

    Coś więcej napisz.

    0
  • Pomocny post
    #3 22 Sty 2016 15:30
    Kolobos
    Spec od komputerów

    Odinstaluj:
    Adobe Reader 8.1.3, zmien na najnowsza wersje lub na Foxit: http://ninite.com/foxit/
    BlockIt Ad remover
    DragonApp
    McAfee Security Scan Plus
    OptimizerPro1
    Spybot - Search & Destroy

    Uzyj AdwCleaner, opcja Scan i Clean/Szukaj i Usun: http://www.bleepingcomputer.com/download/adwcleaner/

    Obok frst.exe utworz plik fixlist.txt z zawartoscia:
    CustomCLSID: HKU\S-1-5-21-1917631560-802162086-2875221809-1000_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\pc\AppData\Local\Google\Update\1.3.25.5\psuser_64.dll => Brak pliku
    CustomCLSID: HKU\S-1-5-21-1917631560-802162086-2875221809-1000_Classes\CLSID\{1423F872-3F7F-4E57-B621-8B1A9D49B448}\InprocServer32 -> C:\Users\pc\AppData\Local\Google\Update\1.3.27.5\psuser_64.dll => Brak pliku
    CustomCLSID: HKU\S-1-5-21-1917631560-802162086-2875221809-1000_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\pc\AppData\Local\Google\Update\1.3.23.9\psuser_64.dll => Brak pliku
    CustomCLSID: HKU\S-1-5-21-1917631560-802162086-2875221809-1000_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\pc\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll => Brak pliku
    CustomCLSID: HKU\S-1-5-21-1917631560-802162086-2875221809-1000_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}\InprocServer32 -> C:\Users\pc\AppData\Local\Google\Update\1.3.26.9\psuser_64.dll => Brak pliku
    CustomCLSID: HKU\S-1-5-21-1917631560-802162086-2875221809-1000_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\pc\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll => Brak pliku
    CustomCLSID: HKU\S-1-5-21-1917631560-802162086-2875221809-1000_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\pc\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll => Brak pliku
    Task: {0B5E6A36-7D12-40F6-9183-CD16D61A46BA} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe [2014-06-24] (Safer-Networking Ltd.)
    Task: {0DCE6BAB-7A45-40FB-8957-4FE83A038802} - System32\Tasks\{826CB565-18BC-D3EB-A708-EA65FE05EBE6} => powershell.exe -windowstyle hidden -noninteractive -ExecutionPolicy bypass -EncodedCommand
    Task: {267A2601-78F8-4FDE-B580-4B7CA612F3A7} - System32\Tasks\{7D5A9D52-B622-48CD-8331-A677454DA09F} => pcalua.exe -a "C:\Program Files (x86)\Common Files\Nero\Uninstall\setupx.exe" -c /uninstall ExtraUninstallID=""
    Task: {63DF653A-CE01-4F47-AAF7-DCD18EAAF6E7} - System32\Tasks\{AEF4846D-3607-41DD-8544-19250FE08F10} => pcalua.exe -a E:\scrubber.exe -d E:\
    Task: {6EB04643-53ED-44B2-973E-01F5A1944914} - System32\Tasks\Superclean => c:\programdata\{6ce62c4f-125d-374f-6ce6-62c4f125b13c}\hqghumeaylnlf.exe [2014-08-19] (Super PC Tools Ltd) <==== UWAGA




    Task: {75FC4AD4-009C-4EC0-8FAB-9B936C4AD4E3} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-1917631560-802162086-2875221809-1000UA => C:\Users\pc\AppData\Local\Facebook\Update\FacebookUpdate.exe
    Task: {79ABE0F9-A5A1-4A65-ADDB-A40E3FE5462E} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe [2014-06-24] (Safer-Networking Ltd.)
    Task: {8B71135A-90CE-4CC5-A116-E0F0FCC776C9} - System32\Tasks\{3CE6A622-8E27-4E63-A410-32E2B3A3A329} => pcalua.exe -a D:\Instalki\CAVS_Setup_2.0.17.58_Beta.exe -d D:\Instalki
    Task: {969E5E69-F4B8-45B5-8F8F-5D73C98FA918} - System32\Tasks\Opera scheduled Autoupdate 1425998087 => C:\Program Files (x86)\Opera\launcher.exe [2016-01-18] (Opera Software)
    Task: {9C8D0E33-6D8B-4C56-BBCA-F54AC8C195C2} - System32\Tasks\OptimizerPro1UpdaterTask{B6D55B5A-32BE-4D6C-8609-483E52333B57} => C:\ProgramData\Premium\OptimizerPro1\OptimizerPro1.exe [2012-09-19] () <==== UWAGA
    Task: {A06E5CAC-99CA-4B7B-9E5D-11D652AE3E13} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe [2014-06-27] (Safer-Networking Ltd.)
    Task: {CB8B1D53-4364-479D-9A95-B945704B2608} - System32\Tasks\{D7C311B3-3687-47B3-A0FE-8DBEF401CB71} => pcalua.exe -a "D:\Gry\Planescape Torment\Black Isle\BGII - SoA\setup-widescreen.exe" -d "D:\Gry\Planescape Torment\Black Isle\BGII - SoA"
    Task: {D91FC5EF-2B34-48CA-B3F5-177C2553C5D6} - System32\Tasks\{616704A2-2532-4814-9C1B-8A216BB74F95} => pcalua.exe -a "C:\Program Files (x86)\Zenographics\{2C7C0CEE-62D6-4065-A93B-89E2DCD1D361}\setup.exe" -c -u "HPLJInstaller.dll=Hplj1018.inf"
    Task: {E5BE9738-0C11-4AFA-8C91-1FA3BE989F94} - System32\Tasks\{3CF9B1E5-673B-47A6-8B8D-0A30B4411044} => pcalua.exe -a E:\setup.exe -d E:\
    Task: {E8A53417-27A4-4F3F-97D0-0994B9C3FCA7} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-1917631560-802162086-2875221809-1000Core => C:\Users\pc\AppData\Local\Facebook\Update\FacebookUpdate.exe
    Task: {EDE8625C-80C9-4868-A0B3-FE2BD91057B7} - System32\Tasks\{0BC9D4AB-FF28-44C7-99DE-3C911C14EF61} => D:\Gry\Mafia\Game.exe
    Task: {F0ADC420-2EC7-4B66-A2D4-E6CF71D262C4} - System32\Tasks\{8E55BB42-17F0-4C90-9780-5521D34C76D6} => pcalua.exe -a "C:\Program Files (x86)\Hewlett-Packard\OrderReminder\uninstall\hpuninstaller.exe" -c hp_LaserJet_1018
    Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1917631560-802162086-2875221809-1000Core.job => C:\Users\pc\AppData\Local\Facebook\Update\FacebookUpdate.exe
    Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1917631560-802162086-2875221809-1000UA.job => C:\Users\pc\AppData\Local\Facebook\Update\FacebookUpdate.exe
    Task: C:\Windows\Tasks\OptimizerPro1UpdaterTask{B6D55B5A-32BE-4D6C-8609-483E52333B57}.job => C:\ProgramData\Premium\OptimizerPro1\OptimizerPro1.exeJ/schedule /profilepath C:\ProgramData\Premium\OptimizerPro1\profile.ini <==== UWAGA
    Task: C:\Windows\Tasks\Superclean.job => c:\programdata\{6ce62c4f-125d-374f-6ce6-62c4f125b13c}\hqghumeaylnlf.exe <==== UWAGA
    Hosts:
    () C:\ProgramData\Premium\OptimizerPro1\OptimizerPro1.exe
    (McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.11.266\SSScheduler.exe
    Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
    HKU\S-1-5-21-1917631560-802162086-2875221809-1000\...\Run: [Facebook Update] => "C:\Users\pc\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
    HKU\S-1-5-21-1917631560-802162086-2875221809-1000\...\Run: [SpybotPostWindows10UpgradeReInstall] => C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe [1011200 2015-07-28] (Safer-Networking Ltd.)
    Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk [2015-12-16]
    ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.11.266\SSScheduler.exe (McAfee, Inc.)
    BootExecute: autocheck autochk * sdnclean64.exe
    CHR HKLM\SOFTWARE\Policies\Google: Ograniczenia <======= UWAGA
    CHR HKU\S-1-5-21-1917631560-802162086-2875221809-1000\SOFTWARE\Policies\Google: Ograniczenia <======= UWAGA
    Tcpip\Parameters: [NameServer] 82.163.142.3 95.211.158.130
    Tcpip\..\Interfaces\{63C1238F-8FF6-4C19-AC92-E3E581A3A7B1}: [NameServer] 82.163.142.3 95.211.158.130
    Tcpip\..\Interfaces\{A3E9DA1F-5ED3-42F0-A3A0-B0B19C2A1B8D}: [NameServer] 82.163.142.3 95.211.158.130
    HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Ograniczenia <======= UWAGA
    HKU\S-1-5-21-1917631560-802162086-2875221809-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Ograniczenia <======= UWAGA
    HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.gboxapp.com/
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.gboxapp.com/
    HKU\S-1-5-21-1917631560-802162086-2875221809-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.gboxapp.com/
    FF DefaultSearchEngine: WebSearch
    FF DefaultSearchEngine,S: WebSearch
    FF DefaultSearchUrl: hxxp://websearch.coolsearches.info/?pid=21899...p;lg=EN&cc=PL&unqvl=85&l=1&q=
    FF SearchEngineOrder.1: WebSearch
    FF SearchEngineOrder.1,S: WebSearch
    FF SelectedSearchEngine: WebSearch
    FF SelectedSearchEngine,S: WebSearch
    FF Homepage: hxxp://search.gboxapp.com/
    FF Keyword.URL: hxxp://websearch.coolsearches.info/?pid=21899...p;lg=EN&cc=PL&unqvl=85&l=1&q=
    FF user.js: detected! => C:\Users\pc\AppData\Roaming\Mozilla\Firefox\Profiles\dbqrgy3b.default\user.js [2013-02-03]
    FF SearchPlugin: C:\Users\pc\AppData\Roaming\Mozilla\Firefox\Profiles\dbqrgy3b.default\searchplugins\web-search.xml [2011-03-19]
    FF HKLM-x32\...\Firefox\Extensions: [50981f33e5deb@50981f33e5e25.com] - C:\Users\pc\AppData\Roaming\Mozilla\Firefox\Profiles\dbqrgy3b.default\extensions\50981f33e5deb@50981f33e5e25.com => nie znaleziono
    CHR StartupUrls: Default -> "hxxp://search.gboxapp.com/"
    CHR HKLM-x32\...\Chrome\Extension: [jiephddmjfgdcgbdlegpfidnddlnbmkl] - C:\ProgramData\Download and Sa\jiephddmjfgdcgbdlegpfidnddlnbmkl.crx <nie znaleziono>
    R2 4dd8d474; c:\Program Files (x86)\RelayDouble\RelayDouble.dll [1576448 2015-03-16] () [Brak podpisu cyfrowego]
    S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.11.266\McCHSvc.exe [289256 2015-12-02] (McAfee, Inc.)
    R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
    R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)
    R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
    S3 catchme; \??\C:\1234aaa\catchme.sys [X]
    S3 cpuz134; \??\C:\Users\pc\AppData\Local\Temp\cpuz134\cpuz134_x64.sys [X]
    2016-01-22 15:08 - 2016-01-22 15:08 - 02370560 _____ (Farbar) C:\Users\pc\Downloads\FRST64 (1).exe
    c:\Program Files (x86)\RelayDouble\
    2016-01-22 14:23 - 2012-11-05 21:13 - 00000406 ____H C:\Windows\Tasks\OptimizerPro1UpdaterTask{B6D55B5A-32BE-4D6C-8609-483E52333B57}.job
    2016-01-21 23:53 - 2015-08-19 16:53 - 00000334 _____ C:\Windows\Tasks\Superclean.job
    2016-01-21 22:18 - 2014-11-02 16:13 - 00000916 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1917631560-802162086-2875221809-1000UA.job
    2016-01-21 19:21 - 2015-03-10 15:34 - 00003880 _____ C:\Windows\System32\Tasks\Opera scheduled Autoupdate 1425998087
    2016-01-09 16:18 - 2014-11-02 16:13 - 00000894 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1917631560-802162086-2875221809-1000Core.job
    2015-12-28 15:54 - 2015-03-16 13:20 - 00000000 ____D C:\ProgramData\711196437904859477
    C:\Users\pc\AppData\Local\Temp*.html
    EmptyTemp:

    W FRST wybierz Napraw.

    Zrob pelny skan przy pomocy Mbam i usun to co wykryje:
    http://www.bleepingcomputer.com/download/malwarebytes-anti-malware/

    Usun katalog C:\FRST i to wszystko.

    0
  • #4 23 Sty 2016 22:44
    Massuri
    Poziom 2  

    Wow, dziękuję! Nie pamiętam kiedy mi tak szybko internet działał.
    DNS Unlocker - usunięcie - logi z FRST.

    0