Elektroda.pl
Elektroda.pl
X
Proszę, dodaj wyjątek www.elektroda.pl do Adblock.
Dzięki temu, że oglądasz reklamy, wspierasz portal i użytkowników.

DNS Unlocker - jak się tego pozbyć

egze90 18 Lut 2016 23:18 741 2
  • #1 18 Lut 2016 23:18
    egze90
    Poziom 2  

    Dobry wieczór,

    na jednym z komputerów mam problem z reklamami DNS Unlocker (i być może także innymi temu podobnymi), co w zasadzie uniemożliwia jakiekolwiek sensowne korzystanie z przeglądarek.

    Z góry dziękuję za pomoc

    0 2
  • #3 18 Lut 2016 23:28
    Kolobos
    Spec od komputerów

    Odinstaluj:
    Java(TM) 6 Update 32 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83216032FF}) (Version: 6.0.320 - Oracle)
    Java(TM) 6 Update 7 (HKLM\...\{3248F0A8-6813-11D6-A77B-00B0D0160070}) (Version: 1.6.0.70 - Sun Microsystems, Inc.)
    LiveVDO (HKLM\...\LiveVDO) (Version: 1.3 - LiveVDO) <==== UWAGA
    PriceFountain (HKU\S-1-5-21-789336058-1844823847-839522115-1003\...\PriceFountain) (Version: - ) <==== UWAGA
    Qtrax Player (HKLM\...\{58C91689-85E3-4B25-ADEC-2697986DF817}) (Version: 1.00.0001 - Qtrax)
    RemAkieApp (HKLM\...\{6EE8408F-3152-246B-B2E7-E1BD522E6D07}) (Version: - "")
    System Healer (HKLM\...\SystemHealer) (Version: 4.1.0.0 - SystemHealer)

    Obok frst.exe utworz plik fixlist.txt z zawartoscia:
    Google Update Helper (Version: 1.3.23.0 - DealPly Technologies Ltd) Hidden <==== UWAGA
    Task: C:\WINDOWS\Tasks\Opera scheduled Autoupdate 1424368104.job => C:\Program Files\Opera\launcher.exe
    Task: C:\WINDOWS\Tasks\System Healer Task.job => C:\PROGRA~1\SYSTEM~2\RescueMonitor.exe
    AlternateDataStreams: C:\Documents and Settings\All Users\Dane aplikacji:$SS_DESCRIPTOR_MVPUV9PFSVXJKX69UK1CWPP0DTVNYKM1UVXPJCEPP4DMJ3K1XYE7LRJEM53EPPJCFLPXB564BPLBB5N14D0B8F0LFUTVLJVMVFVV14TE
    AlternateDataStreams: C:\Documents and Settings\All Users\Pulpit:$SS_DESCRIPTOR_MVPUV9PFSVXJKX69UK1CWPP0DTVNYKM1UVXPJCEPP4DMJ3K1XYE7LRJEM53EPPJCFLPXB564BPLBB5N14D0B8F0LFUTVLJVMVFVV14TE
    (McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.0.285\SSScheduler.exe
    HKU\S-1-5-21-789336058-1844823847-839522115-1003\...\Run: [Full Battery] => C:\WINDOWS\system32\rundll32.exe "C:\Documents and Settings\Klaudusia\Local Settings\Application Data\Full Battery\Bin\FullBattery.dll",#3
    Startup: C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\McAfee Security Scan Plus.lnk [2015-04-24]
    ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.0.285\SSScheduler.exe (McAfee, Inc.)
    CHR HKLM\SOFTWARE\Policies\Google: Ograniczenia <======= UWAGA
    Tcpip\..\Interfaces\{D7A73605-FA40-47AD-87E8-34BAFEFE47E5}: [NameServer] 82.163.142.3 95.211.158.130
    HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Ograniczenia <======= UWAGA
    HKU\S-1-5-21-789336058-1844823847-839522115-1003\SOFTWARE\Policies\Microsoft\Internet Explorer: Ograniczenia <======= UWAGA
    HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs,Tabs: "C:\Documents and Settings\Klaudusia\Dane aplikacji\MEGAUPLOADTOOLBAR\tabwelcome.html" <======= UWAGA
    Toolbar: HKU\S-1-5-21-789336058-1844823847-839522115-1003 -> Brak nazwy - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - Brak pliku
    DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab




    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab
    FF NewTab: hxxp://www.yoursearching.com/newtab/?type=nt&...=cor&uid=ST3160815AS_5RX23BXWXXXX5RX23BXW
    FF SearchEngineOrder.1: error
    FF SearchEngineOrder.3: Bing
    FF Homepage: hxxp://www.yoursearching.com/?type=hp&ts=...=cor&uid=ST3160815AS_5RX23BXWXXXX5RX23BXW
    FF Keyword.URL: error
    FF Plugin: @mcafee.com/McAfeeMssPlugin -> C:\Program Files\McAfee Security Scan\3.0.318\npMcAfeeMss.dll [Brak pliku]
    FF SearchPlugin: C:\Documents and Settings\Klaudusia\Dane aplikacji\Mozilla\Firefox\Profiles\yazhcyfb.default\searchplugins\yoursearching.xml [2015-12-19]
    FF Extension: FirefixTab - C:\Documents and Settings\Klaudusia\Dane aplikacji\Mozilla\Firefox\Profiles\yazhcyfb.default\extensions\deskCutv2@gmail.com [2015-12-19] [Brak podpisu cyfrowego]
    FF Extension: YahooToolsProtected - C:\Documents and Settings\Klaudusia\Dane aplikacji\Mozilla\Firefox\Profiles\yazhcyfb.default\extensions\yahooprotected@gmail.com [2015-12-19] [Brak podpisu cyfrowego]
    FF HKLM\...\Firefox\Extensions: [deskCutv2@gmail.com] - C:\Documents and Settings\Klaudusia\Dane aplikacji\Mozilla\Firefox\Profiles\yazhcyfb.default\extensions\deskCutv2@gmail.com
    FF HKLM\...\Firefox\Extensions: [yahooprotected@gmail.com] - C:\Documents and Settings\Klaudusia\Dane aplikacji\Mozilla\Firefox\Profiles\yazhcyfb.default\extensions\yahooprotected@gmail.com
    StartMenuInternet: FIREFOX.EXE - D:\Mozilla Firefox\firefox.exe hxxp://www.yoursearching.com/?type=sc&ts=...=cor&uid=ST3160815AS_5RX23BXWXXXX5RX23BXW
    CHR HKLM\...\Chrome\Extension: [bildoibdboopgomcbiplincneeicgipj] - C:\Program Files\StartSearch plugin\startsplg.crx <nie znaleziono>
    CHR HKLM\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files\Internet Download Manager\IDMGCExt.crx <nie znaleziono>
    StartMenuInternet: Google Chrome - C:\Program Files\Google\Chrome\Application\chrome.exe hxxp://www.yoursearching.com/?type=sc&ts=...=cor&uid=ST3160815AS_5RX23BXWXXXX5RX23BXW
    OPR Extension: (adblockforopera) - C:\Documents and Settings\Klaudusia\Dane aplikacji\Opera Software\Opera Stable\Extensions\aobdicepooefnbaeokijohmhjlleamfj [2015-12-04]
    OPR Extension: (CinemaPlus-4.2vV21.07) - C:\Documents and Settings\Klaudusia\Dane aplikacji\Opera Software\Opera Stable\Extensions\gegdfeiahlfolhcfioipjlkombmgbakh [2015-07-21]
    StartMenuInternet: (HKLM) OperaStable - C:\Program Files\Opera\Launcher.exe hxxp://www.yoursearching.com/?type=sc&ts=...=cor&uid=ST3160815AS_5RX23BXWXXXX5RX23BXW
    S2 Uptight Steal; C:\Program Files\Uptight Steal\Uptight Steal.exe [8016609 2015-07-10] () [Brak podpisu cyfrowego] <==== UWAGA
    S3 AresChatServer; C:\Program Files\Ares\chatServer.exe [X]
    S2 hxkfki; C:\WINDOWS\system32\fwjpc.dll [X]
    S2 knpkusw; C:\Documents and Settings\NetworkService\Dane aplikacji\fwjpc.dll [X]
    S3 McComponentHostService; "C:\Program Files\McAfee Security Scan\3.0.285\McCHSvc.exe" [X]
    S2 ouylolqq; C:\WINDOWS\TEMP\\fwjpc.dll [X]
    S2 SBAMSvc; "C:\Program Files\ParetoLogic\XoftSpy AntiVirus Pro\SBAMSvc.exe" [X]
    S2 winnetdns; C:\WINDOWS\system32\dfrg\svc.exe [X]
    U3 au3rkwqo; C:\WINDOWS\system32\Drivers\au3rkwqo.sys [0 ] (Microsoft Corporation) <==== UWAGA (zerobajtowy plik/folder)
    R3 catchme; \??\C:\DOCUME~1\KLAUDU~1\USTAWI~1\Temp\catchme.sys [X]
    S3 GMSIPCI; \??\E:\INSTALL\GMSIPCI.SYS [X]
    U1 luafv; Brak ImagePath
    S2 sbbotdi; \??\C:\PROGRA~1\SPEEDB~1\sbbotdi.sys [X]
    U2 wuaserv; Brak ImagePath
    U3 af7mn6lb; Brak ImagePath
    U3 mbr; \??\C:\ComboFix\mbr.sys [X]
    NETSVC: hxkfki -> C:\WINDOWS\system32\fwjpc.dll ==> Brak pliku
    NETSVC: zutxe -> Brak ścieżki do pliku.
    NETSVC: knpkusw -> C:\Documents and Settings\NetworkService\Dane aplikacji\fwjpc.dll ==> Brak pliku
    NETSVC: ouylolqq -> C:\WINDOWS\TEMP\\fwjpc.dll ==> Brak pliku
    NETSVC: fbxhtyc -> Brak ścieżki do pliku.
    2016-02-18 21:05 - 2016-02-18 21:05 - 00016428 _____ C:\ComboFix.txt
    2016-02-18 22:44 - 2015-04-09 09:17 - 00000000 ____D C:\AdwCleaner
    2016-02-18 22:33 - 2015-02-19 18:48 - 00000448 _____ C:\WINDOWS\Tasks\Opera scheduled Autoupdate 1424368104.job
    2016-02-18 21:05 - 2013-03-27 12:37 - 00000000 ____D C:\Qoobox
    2016-02-16 14:00 - 2016-01-01 00:38 - 00000272 _____ C:\WINDOWS\Tasks\System Healer Task.job
    2015-05-12 19:07 - 2015-05-12 19:07 - 0000079 _____ () C:\Program Files\prefs.js
    2014-01-09 00:52 - 2014-03-12 00:51 - 0008704 ___SH () C:\Documents and Settings\Klaudusia\Dane aplikacji\Thumbs.db
    C:\Documents and Settings\Klaudusia\iphist.dat
    EmptyTemp:

    W FRST wybierz Napraw.

    Zainstaluj Sp3 dla XP oraz pozostale aktualizacje.

    Zrob pelny skan przy pomocy Mbam i usun to co wykryje:
    http://www.bleepingcomputer.com/download/malwarebytes-anti-malware/

    0