Elektroda.pl
Elektroda.pl
X
Proszę, dodaj wyjątek www.elektroda.pl do Adblock.
Dzięki temu, że oglądasz reklamy, wspierasz portal i użytkowników.

DNS Unlocker - DNS Unlocker

Sharp12 15 Mar 2016 22:17 858 8
  • #1 15 Mar 2016 22:17
    Sharp12
    Poziom 4  

    Witam. Mam pewien problem. Otóż nagle niewiadomo skąd pojawił mi się DNS unlocker. Zapewne virus czasowy. Chodzi teraz o to że raz zreinstallowałem mozille i było po sprawie. Na 2 tygodnie. Znów się uaktywnił. Na niektórych stronach się nie pokazuje. Ale na niektórych tak. Jak już się włączy to okropnie zużywa procesor i trudno wyłączyć tą kartę. Szukałem go jako programu do usunięcia ale nie znalazłem. Proszę o pomoc i z góry dziękuje :)

    0 8
  • #3 16 Mar 2016 18:44
    Sharp12
    Poziom 4  

    Jak załącznik wrzucić?

    0
  • #6 16 Mar 2016 20:58
    Kolobos
    Spec od komputerów

    Uruchom services.msc i wylacz oraz zatrzymaj usluge: OverwolfUpdater

    Odinstaluj:
    Reimage Repair
    SpyHunter 4

    Obok frst.exe utworz plik fixlist.txt z zawartoscia:
    Task: {3C562F70-7463-4AAD-87ED-BE0BB39937EF} - System32\Tasks\Reimage Reminder => C:\Program Files\Reimage\Reimage Repair\ReimageReminder.exe [2015-11-10] (Reimage ltd.) <==== UWAGA
    Task: {469EA92E-0D9C-4CCC-8781-A063C9E4F352} - System32\Tasks\ReimageUpdater => C:\Program Files\Reimage\Reimage Protector\ReiGuard.exe [2015-08-19] (Reimage®) <==== UWAGA
    Task: {47B9386F-B61D-430E-BF01-F27FBE8853FC} - System32\Tasks\{B1FD3F72-9CE2-478D-D522-D79EEB634214} => C:\Windows\system32\regsvr32.exe [2009-07-14] (Microsoft Corporation)
    Task: {4DA20D68-3A7B-423F-BAEF-810B3FC45EE0} - System32\Tasks\{2A21CC72-6ACD-49AA-8A5B-6D49D22B3A30} => E:\setup.exe
    Task: {4EE0B77D-4A46-4BDD-A0ED-97530A1B1AD9} - System32\Tasks\{2A41A501-2F54-4FF4-BB04-680451514C4E} => pcalua.exe -a "C:\Program Files (x86)\MTA San Andreas 1.5\Multi Theft Auto.exe" -d "C:\Program Files (x86)\MTA San Andreas 1.5"
    Task: {5A82EEC1-88C5-4C9F-95D5-3DCC35378B65} - System32\Tasks\{492365F1-0BA9-40C8-86D2-66FCEAE711C4} => E:\setup.exe
    Task: {78BAFCF7-FFAA-41B5-8342-7BB05E914D16} - System32\Tasks\{CA1DCFD5-DEBB-46C8-B628-FF08C7C8AF6D} => E:\setup.exe
    Task: {8F4E9F70-0C60-4D5A-B484-DFC4D61B68BE} - System32\Tasks\Opera scheduled Autoupdate 1404727440 => C:\Program Files (x86)\Opera\launcher.exe [2015-12-04] (Opera Software)
    Task: {99EB4F2D-8C51-4B4C-8E3D-8447A2DA2B73} - System32\Tasks\{0D7D0847-790E-0F0F-7A11-087A040B117A} => powershell.exe -nologo -executionpolicy bypass -noninteractive -windowstyle hidden -EncodedCommand
    Task: {A0791437-F434-421F-B4D0-30238CCDC0A0} - System32\Tasks\{8BE8D165-266D-422D-982D-F6F55D4274AD} => E:\Setup\rsrc\SM3.exe
    Task: {C270AE57-0342-42BB-8F6C-D48DDACF6862} - System32\Tasks\DNSWALTERS => dnswalters.exe <==== UWAGA
    2014-09-18 18:48 - 2014-09-18 18:48 - 08220192 _____ () C:\Users\Badi\AppData\Roaming\Copy\overlay\Brt.dll
    2015-08-19 09:56 - 2015-08-19 09:56 - 06908904 _____ () C:\Program Files\Reimage\Reimage Protector\ReiSystem.exe
    Task: {56E35211-8FB4-4B39-8A49-C7A6D9B20220} - System32\Tasks\Overwolf Updater Task => C:\Program Files (x86)\Overwolf\OverwolfUpdater.exe [2015-12-15] (Overwolf LTD)
    (Reimage®) C:\Program Files\Reimage\Reimage Protector\ReiGuard.exe
    () C:\Program Files\Reimage\Reimage Protector\ReiSystem.exe
    HKLM\...\Run: [3D BubbleSound] => "C:\Program Files\BubbleSound\3D BubbleSound.exe"
    HKU\S-1-5-21-3355143570-1423229344-1991530574-1000\...\Run: [AdobeBridge] => [X]
    HKU\S-1-5-21-3355143570-1423229344-1991530574-1000\...\Run: [Windows Shutdown Assistant] => C:\Program Files (x86)\Apowersoft\Windows Shutdown Assistant\Windows Shutdown Assistant.exe /autoStart
    HKU\S-1-5-21-3355143570-1423229344-1991530574-1000\...\Run: [Chromium] => "c:\users\badi\appdata\local\chromium\application\chrome.exe" --auto-launch-at-startup --profile-directory="Default" --restore-last-session




    HKU\S-1-5-21-3355143570-1423229344-1991530574-1000\...\MountPoints2: F - F:\setup.exe
    HKU\S-1-5-21-3355143570-1423229344-1991530574-1000\...\MountPoints2: {bb69caa2-0b27-11e4-9060-902b346fd672} - I:\LaunchU3.exe -a
    ShellIconOverlayIdentifiers: [###MegaShellExtPending] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\Users\Badi\AppData\Local\MEGAsync\ShellExtX64.dll Brak pliku
    ShellIconOverlayIdentifiers: [###MegaShellExtSynced] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\Users\Badi\AppData\Local\MEGAsync\ShellExtX64.dll Brak pliku
    ShellIconOverlayIdentifiers: [###MegaShellExtSyncing] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\Users\Badi\AppData\Local\MEGAsync\ShellExtX64.dll Brak pliku
    ShellIconOverlayIdentifiers: [1aCopyShExtError] -> {83BEA36E-7680-4598-A4DF-994426F6E78D} => C:\Users\Badi\AppData\Roaming\Copy\overlay\CopyShExt.dll [2014-09-18] (Barracuda Networks, Inc.)
    ShellIconOverlayIdentifiers: [2aCopyShExtSynced] -> {845B7388-6F85-4F32-9FD5-F02DC7882B89} => C:\Users\Badi\AppData\Roaming\Copy\overlay\CopyShExt.dll [2014-09-18] (Barracuda Networks, Inc.)
    ShellIconOverlayIdentifiers: [3aCopyShExtSyncing] -> {F6378A7A-F753-449B-AE1B-997A96132E61} => C:\Users\Badi\AppData\Roaming\Copy\overlay\CopyShExt.dll [2014-09-18] (Barracuda Networks, Inc.)
    ShellIconOverlayIdentifiers: [4aCopyShExtSyncingProg1] -> {3A511828-777D-46F8-82F4-5B530C1B3D9E} => C:\Users\Badi\AppData\Roaming\Copy\overlay\CopyShExt.dll [2014-09-18] (Barracuda Networks, Inc.)
    ShellIconOverlayIdentifiers: [5aCopyShExtSyncingProg2] -> {C8C88204-5B14-40EC-BA72-8AEBC762047E} => C:\Users\Badi\AppData\Roaming\Copy\overlay\CopyShExt.dll [2014-09-18] (Barracuda Networks, Inc.)
    ShellIconOverlayIdentifiers: [6aCopyShExtSyncingProg3] -> {ACFF45C3-3EEB-4351-86C2-6696BA264239} => C:\Users\Badi\AppData\Roaming\Copy\overlay\CopyShExt.dll [2014-09-18] (Barracuda Networks, Inc.)
    ShellIconOverlayIdentifiers: [7aCopyShExtSyncingProg4] -> {29AF997F-488B-46F0-AE78-7146F1B89CC3} => C:\Users\Badi\AppData\Roaming\Copy\overlay\CopyShExt.dll [2014-09-18] (Barracuda Networks, Inc.)
    ShellIconOverlayIdentifiers: [8aCopyShExtSyncingProg5] -> {03F9AD29-1C78-4B66-8890-B177B5430C53} => C:\Users\Badi\AppData\Roaming\Copy\overlay\CopyShExt.dll [2014-09-18] (Barracuda Networks, Inc.)
    ShellIconOverlayIdentifiers-x32: [###MegaShellExtPending] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\Users\Badi\AppData\Local\MEGAsync\ShellExtX32.dll Brak pliku
    ShellIconOverlayIdentifiers-x32: [###MegaShellExtSynced] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\Users\Badi\AppData\Local\MEGAsync\ShellExtX32.dll Brak pliku
    ShellIconOverlayIdentifiers-x32: [###MegaShellExtSyncing] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\Users\Badi\AppData\Local\MEGAsync\ShellExtX32.dll Brak pliku
    GroupPolicy: Ograniczenia - Chrome <======= UWAGA
    CHR HKLM\SOFTWARE\Policies\Google: Ograniczenia <======= UWAGA
    ProxyEnable: [.DEFAULT] => Proxy [funkcja włączona]
    ProxyServer: [.DEFAULT] => http=127.0.0.1:62944;https=127.0.0.1:62944
    Tcpip\Parameters: [NameServer] 82.163.142.7 95.211.158.134
    Tcpip\..\Interfaces\{8B56254B-A63D-4EA8-9ED7-E3F63E567E14}: [NameServer] 82.163.142.7 95.211.158.134
    Tcpip\..\Interfaces\{8B56254B-A63D-4EA8-9ED7-E3F63E567E14}: [DhcpNameServer] 82.163.142.7
    Tcpip\..\Interfaces\{90A9417C-0D00-44FA-8932-0A7999CE35CB}: [NameServer] 82.163.142.7 95.211.158.134
    HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://no.search.yahoo.com/yhs/web?hspart=ir...ver%3D6.1%26os%3DWindows%2B7%2BHome%2BPremium
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxps://no.search.yahoo.com/yhs/web?hspart=ir...ver%3D6.1%26os%3DWindows%2B7%2BHome%2BPremium
    HKU\S-1-5-21-3355143570-1423229344-1991530574-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://no.search.yahoo.com/yhs/web?hspart=ir...ver%3D6.1%26os%3DWindows%2B7%2BHome%2BPremium
    FF Plugin HKU\S-1-5-21-3355143570-1423229344-1991530574-1000: @hola.org/FlashPlayer -> C:\Users\Badi\AppData\Local\Hola\firefox\app\flash\NPSWF32_18_0_0_232.dll [Brak pliku]
    FF Plugin HKU\S-1-5-21-3355143570-1423229344-1991530574-1000: @hola.org/vlc -> C:\Users\Badi\AppData\Local\Hola\firefox\app\vlc\npvlc.dll [Brak pliku]
    CHR HomePage: Default -> hxxps://no.search.yahoo.com/yhs/web?hspart=ir...ver%3D6.1%26os%3DWindows%2B7%2BHome%2BPremium
    CHR StartupUrls: Default -> "hxxps://no.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_kmpswt_16_07&param1=1&param2=f%3D7%26b%3DChrome%26cc%3Dno%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1QzuzytDtB0BtAyEyC0F0DyCyBtBtAtC0CyCtN0D0Tzu0StCyDtCtCtN1L2XzutAtFtCzztFtCtFtDtN1L1Czu1TtN1L1G1B1V1N2Y1L1Qzu2StDyBtBzytA0FtDtDtGtAtC0ByEtGyEzz0DyDtGyC0FzytAtG0AyByC0EtDyB0BtA0CtAtB0D2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0ByB0A0Fzy0E0B0AtGyC0F0FtAtGyEyEtDtBtGzyzz0CyEtG0C0FzytA0DyDzztCtB0A0A0F2QtN0A0LzuyE%26cr%3D1291973054%26a%3Dwbf_kmpswt_16_07%26os_ver%3D6.1%26os%3DWindows%2B7%2BHome%2BPremium"
    CHR DefaultSearchURL: Default -> hxxps://no.search.yahoo.com/yhs/search?hspart....1%26os%3DWindows%2B7%2BHome%2BPremium&p={searchTerms}
    CHR DefaultSearchKeyword: Default -> Search Provided by Yahoo.com
    CHR Extension: (Brak nazwy) - C:\Users\Badi\AppData\Local\Google\Chrome\User Data\Default\Extensions\aabcgdmkeabbnleenpncegpcngjpnjkc [2015-10-10]
    StartMenuInternet: (HKLM) OperaStable - C:\Program Files (x86)\Opera\Launcher.exe hxxp://www.mysites123.com/?type=sc&ts=145...tt4u&uid=ST3500418AS_5VMJB2LJXXXX5VMJB2LJ
    R2 ReimageRealTimeProtector; C:\Program Files\Reimage\Reimage Protector\ReiGuard.exe [7743472 2015-08-19] (Reimage®)
    S2 downioadwi; C:\Users\Badi\AppData\Local\Techitrax.exe dmdattu downioadwi [X]
    S3 EsgScanner; C:\Windows\System32\DRIVERS\EsgScanner.sys [22704 2016-03-06] ()
    S3 cpuz134; \??\C:\Users\Badi\AppData\Local\Temp\cpuz134\cpuz134_x64.sys [X]
    S3 cpuz136; \??\C:\Windows\TEMP\cpuz136\cpuz136_x64.sys [X]
    S3 FairplayKD; \??\C:\ProgramData\MTA San Andreas All\Common\temp\FairplayKD.sys [X]
    S3 GPUZ; \??\C:\Windows\TEMP\GPUZ.sys [X]
    S1 swsedrvr_vt_1_10_0_25; system32\drivers\swsedrvr_vt_1_10_0_25.sys [X]
    S3 xhunter1; \??\C:\Windows\xhunter1.sys [X]
    2016-03-15 19:46 - 2016-03-15 19:46 - 00000000 ____D C:\ProgramData\9ed722d5-4825-1
    2016-03-15 19:46 - 2016-03-15 19:46 - 00000000 ____D C:\ProgramData\9ed722d5-12c1-0
    2016-03-13 12:02 - 2016-03-13 12:02 - 01076448 _____ ( ) C:\Users\Badi\Downloads\installer_Microsoft_Word_sciagnij.exe
    2016-03-06 17:49 - 2016-03-06 17:49 - 03209832 _____ () C:\Users\Badi\Downloads\Reimage Pc Repair License Key Generator Latest is here.exe
    2016-03-06 17:41 - 2016-03-06 17:41 - 00003440 _____ C:\Windows\System32\Tasks\Reimage Reminder
    2016-03-06 17:40 - 2016-03-06 17:41 - 00000000 ____D C:\rei
    2016-03-06 17:40 - 2016-03-06 17:40 - 00004282 _____ C:\Windows\System32\Tasks\ReimageUpdater
    2016-03-06 17:40 - 2016-03-06 17:40 - 00000000 ____D C:\ProgramData\Reimage Protector
    2016-03-06 17:40 - 2016-03-06 17:40 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Reimage Repair
    2016-03-06 17:40 - 2016-03-06 17:40 - 00000000 ____D C:\Program Files\Reimage
    2016-03-06 17:39 - 2016-03-06 17:41 - 00000150 _____ C:\Windows\Reimage.ini
    2016-03-06 17:39 - 2016-03-06 17:39 - 00772016 _____ (Reimage®) C:\Users\Badi\Downloads\ReimageRepair.exe
    2016-03-06 13:23 - 2016-03-06 13:23 - 00000000 _____ C:\autoexec.bat
    2016-03-06 13:22 - 2016-03-06 17:34 - 00000000 ____D C:\Users\Badi\AppData\Roaming\Enigma Software Group
    2016-03-06 13:21 - 2016-03-06 13:21 - 00022704 _____ C:\Windows\system32\Drivers\EsgScanner.sys
    2016-03-06 13:19 - 2016-03-06 13:20 - 03286400 _____ (Enigma Software Group USA, LLC.) C:\Users\Badi\Downloads\SpyHunter-Installer.exe
    2016-03-05 19:46 - 2016-03-15 15:01 - 00000000 ____D C:\ProgramData\9ed722d5-2e21-0
    2016-03-05 19:43 - 2016-03-05 19:43 - 00022168 _____ C:\Windows\System32\Tasks\DNSWALTERS
    2016-03-05 19:41 - 2016-03-15 15:01 - 00000000 ____D C:\ProgramData\9ed722d5-1fa3-0
    2016-03-05 19:41 - 2016-03-05 19:41 - 00003726 _____ C:\Windows\System32\Tasks\{B1FD3F72-9CE2-478D-D522-D79EEB634214}
    2016-03-05 19:41 - 2016-03-05 19:41 - 00000000 ____D C:\ProgramData\53dfe3fa
    2016-03-05 19:41 - 2016-03-05 19:41 - 00000000 ____D C:\ProgramData\{064f38c2-612c-0}
    2016-03-05 19:41 - 2016-03-05 19:41 - 00000000 ____D C:\ProgramData\{06340af4-012c-0}
    2016-03-05 19:41 - 2016-03-05 19:41 - 00000000 ____D C:\ProgramData\{0234f94a-712c-1}
    2016-03-05 19:43 - 2016-01-09 13:23 - 00000000 ____D C:\ProgramData\1388d7b6-7553-0
    2016-03-05 19:41 - 2016-01-09 13:23 - 00000000 ____D C:\ProgramData\1388d7b6-6507-1
    EmptyTemp:

    W FRST wybierz Napraw.

    Usun katalog C:\FRST i to wszystko.

    0
  • #7 16 Mar 2016 21:24
    Sharp12
    Poziom 4  

    Overwolfupadter nie moge wylaczyć. pisze tylko uruchom. Rp i sh usunięte. A jak mam naprawić to FRST?

    0
  • Pomocny post
    #8 16 Mar 2016 21:30
    Kolobos
    Spec od komputerów

    Utworz podany fixlist.txt i w FRST masz nacisnac przycisk z napisem Napraw, tak jak napisalem.

    0
  • #9 16 Mar 2016 21:46
    Sharp12
    Poziom 4  

    Chyba działa. Przynajmniej narazie nic nie wyskakuje :)
    Serdecznie dzięki i oczywiście leci "pomógł" :)

    0