Elektroda.pl
Elektroda.pl
X
Proszę, dodaj wyjątek www.elektroda.pl do Adblock.
Dzięki temu, że oglądasz reklamy, wspierasz portal i użytkowników.

Malware - DNS Unlocker - jak to usunąć?

szymeek89 27 Kwi 2016 14:25 558 3
  • Pomocny post
    #2 27 Kwi 2016 14:50
    Domino_2
    Pomocny dla użytkowników

    Odinstaluj ASUS WebStorage i SpyHunter.

    Cytat:

    Task: {0A61D2C4-D0B2-4E8A-8C18-1C7A04356B07} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime -> Brak pliku <==== UWAGA
    Task: {124488C5-2CA2-4A77-9993-4FE281F46319} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> Brak pliku <==== UWAGA
    Task: {1BB88A82-5D82-48AE-9DA8-D39F1D213E4B} - System32\Tasks\SpyHunter4Startup => C:\Program Files (x86)\Enigma Software Group\SpyHunter\Spyhunter4.exe [2016-04-27] (Enigma Software Group USA, LLC.)
    Task: {36B94CF9-9073-4D68-8DEF-ED662534211E} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> Brak pliku <==== UWAGA
    Task: {388F0D27-61D2-43DB-B330-139374E00DFD} - \Microsoft\Windows\Setup\GWXTriggers\Logon-URT -> Brak pliku <==== UWAGA
    Task: {3F6B1F1F-407F-4344-BE72-7E66CD9ACC37} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> Brak pliku <==== UWAGA
    Task: {699E4827-FFD3-47A2-8AE8-CE04A63E25D8} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime -> Brak pliku <==== UWAGA
    Task: {73AA5B3E-8A1B-4349-A893-83E6969131A2} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> Brak pliku <==== UWAGA
    Task: {7FDED68D-3418-434E-89B2-9487DEC5B224} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> Brak pliku <==== UWAGA
    Task: {8EAF01C1-6A59-44A5-B547-BE4F710BACAA} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> Brak pliku <==== UWAGA
    Task: {8FD9B86E-5566-4798-AD07-B9441DC73E55} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> Brak pliku <==== UWAGA
    Task: {9A8190B4-98B4-4EB2-9D20-1B2876B34B78} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> Brak pliku <==== UWAGA
    Task: {B1CA3534-5242-4272-AD7A-04AEC7B95E04} - System32\Tasks\{2DFDCB57-7E30-28B7-36DC-DBC2D44CC06E} => Regsvr32.exe /s /n /i:"/rt" "C:\PROGRA~3\b8032e00\eead4347.dll" <==== UWAGA
    Task: {B305BFF0-A9D2-462D-A4C3-333F6593FD96} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> Brak pliku <==== UWAGA
    Task: {BE7474EE-31ED-4DBD-B140-870201E38994} - System32\Tasks\SystemHealer Monitor => C:\Program Files (x86)\SystemHealer\HealerConsole.exe <==== UWAGA
    Task: {D6CA53FC-B517-4586-BB37-F8FBF4ABA424} - System32\Tasks\Opera scheduled Autoupdate 1461712779 => C:\Program Files (x86)\Opera\launcher.exe [2016-04-21] (Opera Software)
    Task: {FA618A0B-0A74-407E-A7BB-068724D658E4} - System32\Tasks\System Healer Task => C:\PROGRA~2\SYSTEM~1\RESCUE~1.EXE <==== UWAGA
    Task: {FF97457D-878A-4BE3-92C9-65B25860B185} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> Brak pliku <==== UWAGA
    (© 2015 Microsoft Corporation) C:\Users\Szymek\AppData\Local\Microsoft\BingSvc\BingSvc.exe
    (Enigma Software Group USA, LLC.) C:\Program Files (x86)\Enigma Software Group\SpyHunter\SH4Service.exe
    (Enigma Software Group USA, LLC.) C:\Program Files (x86)\Enigma Software Group\SpyHunter\SpyHunter4.exe




    HKLM-x32\...\Run: [ASUSWebStorage] => C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.108.222\AsusWSPanel.exe [737104 2011-07-29] (ecareme)
    HKU\S-1-5-21-1410074913-3769213442-3900024005-1001\...\Run: [BingSvc] => C:\Users\Szymek\AppData\Local\Microsoft\BingSvc\BingSvc.exe [144008 2016-02-02] (© 2015 Microsoft Corporation)
    HKU\S-1-5-21-1410074913-3769213442-3900024005-1001\...\Run: [AdobeBridge] => [X]
    HKU\S-1-5-21-1410074913-3769213442-3900024005-1001\...\RunOnce: [ALLPlayer Remote Update] => C:\Users\Szymek\AppData\Local\Temp\ALLRemote.exe <===== UWAGA
    ShellIconOverlayIdentifiers: [AsusWSShellExt_B] -> {6D4133E5-0742-4ADC-8A8C-9303440F7190} => C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.108.222\ASUSWSShellExt64.dll [2011-05-25] (eCareme Technologies, Inc.)
    ShellIconOverlayIdentifiers: [AsusWSShellExt_O] -> {64174815-8D98-4CE6-8646-4C039977D808} => C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.108.222\ASUSWSShellExt64.dll [2011-05-25] (eCareme Technologies, Inc.)
    Tcpip\Parameters: [NameServer] 82.163.142.7 95.211.158.134
    Tcpip\..\Interfaces\{89baee30-2493-4814-ba99-3215c18a0fd3}: [NameServer] 82.163.142.7 95.211.158.134
    Tcpip\..\Interfaces\{89baee30-2493-4814-ba99-3215c18a0fd3}: [DhcpNameServer] 82.163.142.7
    Tcpip\..\Interfaces\{d746579d-cbf1-4520-8266-477ac99ef64d}: [NameServer] 82.163.142.7 95.211.158.134
    Tcpip\..\Interfaces\{d746579d-cbf1-4520-8266-477ac99ef64d}: [DhcpNameServer] 82.163.142.7
    Tcpip\..\Interfaces\{effb1a46-c677-4a50-afe2-824097c8cbe4}: [NameServer] 82.163.142.7 95.211.158.134
    SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=NP06&src=IE-SearchBox
    SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=NP06&src=IE-SearchBox
    SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=NP06&src=IE-SearchBox
    SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=NP06&src=IE-SearchBox
    SearchScopes: HKU\S-1-5-21-1410074913-3769213442-3900024005-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-21-1410074913-3769213442-3900024005-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32.dll [Brak pliku]
    CHR HomePage: Default -> msn.com/?pc=__PARAM__&ocid=__PARAM__DHP&osmkt=pl-pl
    CHR DefaultSearchURL: Default -> hxxp://www.bing.com/search?FORM=__PARAM__DF&PC=__PARAM__&q={searchTerms}
    CHR DefaultSearchKeyword: Default -> bing.com
    CHR HKU\S-1-5-21-1410074913-3769213442-3900024005-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [fcfenmboojpjinhpgggodefccipikbpd] - hxxps://clients2.google.com/service/update2/crx
    R2 SpyHunter 4 Service; C:\Program Files (x86)\Enigma Software Group\SpyHunter\SH4Service.exe [327064 2010-05-18] (Enigma Software Group USA, LLC.)
    U3 idsvc; Brak ImagePath
    U3 wpcsvc; Brak ImagePath
    2016-04-27 12:44 - 2016-04-27 12:44 - 00000000 _____ C:\autoexec.bat
    2016-04-27 12:43 - 2016-04-27 12:43 - 00003458 _____ C:\WINDOWS\System32\Tasks\SpyHunter4Startup
    2016-04-27 12:43 - 2016-04-27 12:43 - 00002365 _____ C:\Users\Szymek\Desktop\SpyHunter.lnk
    2016-04-27 12:43 - 2016-04-27 12:43 - 00000000 ____D C:\Users\Szymek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpyHunter
    2016-04-27 12:43 - 2016-04-27 12:43 - 00000000 ____D C:\Program Files (x86)\Enigma Software Group
    2016-04-27 01:25 - 2016-04-27 01:25 - 15397208 _____ C:\Users\Szymek\Downloads\SpyHunter 4.1.11.0 [ENG] program.exe
    2016-04-27 01:25 - 2016-04-27 01:25 - 03021720 _____ (Enigma Software Group USA, LLC.) C:\Users\Szymek\Downloads\SpyHunter4.exe
    2016-04-10 23:25 - 2016-04-10 23:26 - 00000000 ____D C:\ProgramData\c2dbdc36-7e57-1
    2016-04-10 23:25 - 2016-04-10 23:26 - 00000000 ____D C:\ProgramData\c2dbdc36-0ce5-0
    2016-04-07 23:25 - 2016-04-07 23:25 - 00000000 ____D C:\ProgramData\c2dbdc36-71b7-0
    2016-04-07 23:25 - 2016-04-07 23:25 - 00000000 ____D C:\ProgramData\c2dbdc36-0fd1-1
    2016-04-04 23:20 - 2016-04-04 23:20 - 00000000 ____D C:\ProgramData\c2dbdc36-5123-0
    2016-03-30 22:55 - 2016-04-04 23:20 - 00000000 ____D C:\ProgramData\c2dbdc36-1561-0
    2016-03-30 22:55 - 2016-03-30 22:55 - 00000000 ____D C:\ProgramData\{0873e437-012c-1}
    2016-03-30 22:55 - 2016-03-30 22:55 - 00000000 ____D C:\ProgramData\{05dd4a18-212c-0}
    2016-03-30 22:56 - 2016-03-09 10:41 - 00000000 ____D C:\ProgramData\4161fa85-6d97-0
    2016-03-30 22:55 - 2016-03-09 10:41 - 00000000 ____D C:\ProgramData\4161fa85-55d7-1
    EmptyTemp:


    Wklej to do notatnika i zapisz pod nazwą fixlist.txt i umieść w folderze gdzie znajduje się plik FRST.exe/FRST64.exe, odpal go i kliknij Fix/Napraw.

    0
  • #3 27 Kwi 2016 15:28
    szymeek89
    Poziom 2  

    Dziękuje za pomoc! Pomogło! :)

    0
  • #4 27 Kwi 2016 15:34
    Domino_2
    Pomocny dla użytkowników

    Możesz skasować folder C:\FRST.
    Malware - DNS Unlocker - jak to usunąć?

    0