Elektroda.pl
Elektroda.pl
X
Proszę, dodaj wyjątek www.elektroda.pl do Adblock.
Dzięki temu, że oglądasz reklamy, wspierasz portal i użytkowników.

DNS Unlocker zaatakował PC

Tattsu 11 Kwi 2016 15:08 573 3
  • #2 11 Kwi 2016 15:20
    Acorus 20
    Spec od komputerów

    Otwórz notatnik systemowy i wklej:

    Cytat:
    Task: {0D1E79C5-3592-4755-A697-610B75D69E55} - System32\Tasks\{3E26B2A2-B740-47B3-8AC6-E75CC34AC26A} => C:\Users\Szymon\AppData\Local\Temp\Rar$EXa0.597\StubInstallerCleanUp.bat [2016-04-11] () <==== UWAGA
    Task: {619DA86A-4BC1-43F5-9027-7A465CE9D9A4} - System32\Tasks\{912C2531-333B-40CC-8CCD-2CCDDF3D5CE7} => C:\Users\Szymon\AppData\Local\Temp\Rar$EXa0.384\StubInstallerCleanUp.bat [2016-04-11] () <==== UWAGA
    Task: {87798221-3A04-4517-86A4-9D56DE680E0D} - System32\Tasks\{E3FD5CD0-355A-457D-8F87-C0E4D4BAAC8E} => C:\Users\Szymon\AppData\Local\Temp\Rar$EXa0.597\StubInstallerCleanUp.bat [2016-04-11] () <==== UWAGA
    Task: {C51033B4-D3F3-4B8B-9C39-7D526BBC5F8F} - System32\Tasks\{C0525D45-C174-4CAA-B376-5B01AAA9CADF} => C:\Users\Szymon\AppData\Local\Temp\Rar$EXa0.384\StubInstallerCleanUp.bat [2016-04-11] () <==== UWAGA
    ShortcutWithArgument: C:\Users\Szymon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> %SNP%
    ShortcutWithArgument: C:\Users\Szymon\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> %SNP%
    Hosts:
    HKLM\...\Run: [sun21] => [X]
    Winlogon\Notify\igfxcui: igfxdev.dll [X]
    HKU\S-1-5-21-2799973692-4231256310-2576747226-1000\...\Run: [Ewtion] => C:\Users\Szymon\AppData\Local\Ewtion\Windows_Activaton.exe [183808 2016-03-29] ()
    HKU\S-1-5-21-2799973692-4231256310-2576747226-1000\...\Run: [Ajjworks] => regsvr32.exe C:\Users\Szymon\AppData\Local\Ajjworks\nkwmekdj.dll <===== UWAGA
    HKU\S-1-5-21-2799973692-4231256310-2576747226-1000\...\Run: [Udnmedia] => C:\Windows\System32\regsvr32.exe C:\Users\Szymon\AppData\Local\Ewtion\vfvhexmk.dll
    HKU\S-1-5-21-2799973692-4231256310-2576747226-1000\...\MountPoints2: F - F:\Launch.exe
    HKU\S-1-5-21-2799973692-4231256310-2576747226-1000\...\MountPoints2: {37291c1a-dec6-11e5-ba70-94de80a96684} - I:\Launch.exe
    HKU\S-1-5-21-2799973692-4231256310-2576747226-1000\...\MountPoints2: {37ef04cf-ce68-11e5-b036-806e6f6e6963} - D:\setup.exe
    HKU\S-1-5-21-2799973692-4231256310-2576747226-1000\...\MountPoints2: {5d4dae12-de2b-11e5-844f-94de80a96684} - F:\Launch.exe
    HKU\S-1-5-21-2799973692-4231256310-2576747226-1000\...\MountPoints2: {5d4dae1c-de2b-11e5-844f-94de80a96684} - G:\Launch.exe
    HKU\S-1-5-21-2799973692-4231256310-2576747226-1000\...\MountPoints2: {5d4dae33-de2b-11e5-844f-94de80a96684} - H:\Launch.exe
    HKU\S-1-5-21-2799973692-4231256310-2576747226-1000\...\MountPoints2: {cca333c7-ce63-11e5-a7ea-806e6f6e6963} - D:\Run.exe
    HKU\S-1-5-21-2799973692-4231256310-2576747226-1000\...409d6c4515e9\InprocServer32: [Default-shell32] C:\Users\Szymon\AppData\Local\Ewtion\vgmmevbz.dll UWAGA




    HKU\S-1-5-21-2799973692-4231256310-2576747226-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61...SE78iS7CHcYlOxQGM7pwPbpaCa5v6g00zxJw4,&q={searchTerms}
    HKU\S-1-5-21-2799973692-4231256310-2576747226-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://%66%65%65%64.%68%65%6C%70%65%72%62%61%...ccdwRHEh2viDXR9_1XqUgy3PtR4D0qee1DSWSebcvD4A,,
    HKU\S-1-5-21-2799973692-4231256310-2576747226-1000\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61...SE78iS7CHcYlOxQGM7pwPbpaCa5v6g00zxJw4,&q={searchTerms}
    HKU\S-1-5-21-2799973692-4231256310-2576747226-1000\Software\Microsoft\Internet Explorer\Main,SearchAssistant = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61...SE78iS7CHcYlOxQGM7pwPbpaCa5v6g00zxJw4,&q={searchTerms}
    SearchScopes: HKLM -> DefaultScope {ielnksrch} URL =
    SearchScopes: HKU\S-1-5-21-2799973692-4231256310-2576747226-1000 -> DefaultScope {ielnksrch} URL =
    CHR StartupUrls: Default -> "hxxp://www.hohosearch.com/?mode=nnnb&ptid=t4c&uid=C479089655D8EC4E6874C139B3EC3A55&v=20160409&ts=AHEqA3ArBX0lC0.."
    CHR Extension: (Universe) - C:\Users\Szymon\AppData\Local\Google\Chrome\User Data\Default\Extensions\oecmlnmneeeeiccpcohlffnipjhngmdk [2016-04-11]
    R2 produatpzointyownloa; C:\Users\Szymon\AppData\Local\Mediafan.exe [28160 2016-04-11] () [Brak podpisu cyfrowego]
    S2 ktip; "C:\Program Files\ktip\ktip.exe" /s iid=6328744 did=APSFTuto4PC sid=11 ref=19d72844-919c-5c94-20e0-4edf8b1828a5-PolicyMac id=1d6671d173e81dad17535a3de418190991fd2e38667a5674fc1c1de8df71e5e5 [X]
    S2 SlimService; "C:\Program Files\SlimService\SlimServiceFactory.exe" [X]
    S3 gdrv; \??\C:\Windows\gdrv.sys [X]
    2016-04-11 14:48 - 2016-04-11 14:49 - 00000000 ____D C:\AdwCleaner
    2016-04-11 14:00 - 2016-04-11 14:00 - 06504960 _____ C:\Users\Szymon\AppData\Roaming\agent.dat
    2016-04-11 14:00 - 2016-04-11 14:00 - 01626416 _____ C:\Users\Szymon\AppData\Roaming\IceLam.tst
    2016-04-11 14:00 - 2016-04-11 14:00 - 00991744 _____ C:\Users\Szymon\AppData\Roaming\Softtone.exe
    2016-04-11 14:00 - 2016-04-11 14:00 - 00991744 _____ C:\Users\Szymon\AppData\Roaming\IceLam.exe
    2016-04-11 14:00 - 2016-04-11 14:00 - 00848437 _____ C:\Users\Szymon\AppData\Roaming\SuperJoytouch.bin
    2016-04-11 14:00 - 2016-04-11 14:00 - 00188563 _____ () C:\Users\Szymon\AppData\Roaming\Vaiatrax.bin
    2016-04-11 14:00 - 2016-04-11 14:00 - 00127488 _____ C:\Users\Szymon\AppData\Roaming\Installer.dat
    2016-04-11 14:00 - 2016-04-11 14:00 - 00126464 _____ C:\Users\Szymon\AppData\Roaming\noah.dat
    2016-04-11 14:00 - 2016-04-11 14:00 - 00126464 _____ C:\Users\Szymon\AppData\Roaming\lobby.dat
    2016-04-11 14:00 - 2016-04-11 14:00 - 00072699 _____ C:\Users\Szymon\AppData\Roaming\Softtone.tst
    2016-04-11 14:00 - 2016-04-11 14:00 - 00065424 _____ C:\Users\Szymon\AppData\Roaming\Config.xml
    2016-04-11 14:00 - 2016-04-11 14:00 - 00058402 _____ C:\Users\Szymon\AppData\Roaming\inst.lat
    2016-04-11 14:00 - 2016-04-11 14:00 - 00054272 _____ C:\Users\Szymon\AppData\Roaming\ApplicationHosting.dat
    2016-04-11 14:00 - 2016-04-11 14:00 - 00018432 _____ C:\Users\Szymon\AppData\Roaming\Main.dat
    2016-04-11 14:00 - 2016-04-11 14:00 - 00017760 _____ C:\Users\Szymon\AppData\Roaming\InstallationConfiguration.xml
    2016-04-11 14:00 - 2016-04-11 14:00 - 00005568 _____ C:\Users\Szymon\AppData\Roaming\md.xml
    2016-04-11 14:00 - 2016-04-11 14:00 - 00000000 ____D C:\Users\Szymon\AppData\Local\csdi_monetize_220160408
    2016-04-11 14:00 - 2016-04-11 14:00 - 00000000 ____D C:\Users\Szymon\AppData\Local\csdi_monetize_120160408
    2016-04-11 14:00 - 2016-04-11 14:00 - 00000000 ____D C:\extensions
    2016-04-11 13:58 - 2016-04-11 13:58 - 00260876 _____ (VuuPC Limited) C:\Users\Szymon\AppData\Local\nsqABA9.tmp
    2016-04-11 13:57 - 2016-04-11 14:06 - 00000000 ____D C:\Users\Szymon\AppData\Local\Ewtion
    2016-04-11 13:57 - 2016-04-11 13:57 - 00000000 ____D C:\Users\Szymon\AppData\Local\Ajjworks
    2016-04-11 13:56 - 2016-04-11 13:56 - 00041472 _____ C:\Users\Szymon\AppData\Local\Mediafan.dat
    2016-04-11 13:56 - 2016-04-11 13:56 - 00028160 _____ C:\Users\Szymon\AppData\Local\Mediafan.exe
    2016-04-11 13:56 - 2016-04-11 13:56 - 00000187 _____ C:\Users\Szymon\AppData\Local\Mediafan.exe.config
    2016-04-11 13:56 - 2016-04-11 13:56 - 00000000 ____D C:\Program Files\REACHit
    cmd: netsh winsock reset
    EmptyTemp:


    Plik zapisz pod nazwą fixlist.txt i umieść obok FRST w tym samym folderze.
    Uruchom jako administrator FRST i kliknij w Fix/Napraw.

    1
  • #3 11 Kwi 2016 21:39
    Tattsu
    Poziom 8  

    Pomogło, wielkie dziękuje! Szacunek za posiadaną wiedzę i chęć pomagania mniej zaawansowanym użytkownikom!

    0
  • #4 11 Kwi 2016 22:47
    RADU23
    Moderator - Komputery Serwis

    Usuń folder C:\FRST i to wszystko.

    1