Elektroda.pl
Elektroda.pl
X
Proszę, dodaj wyjątek www.elektroda.pl do Adblock.
Dzięki temu, że oglądasz reklamy, wspierasz portal i użytkowników.

Google chrome - DNS Unlocker

Robastard 27 Cze 2016 12:39 339 2
  • #1 27 Cze 2016 12:39
    Robastard
    Poziom 1  

    Witam

    Zainstalował mi się do przegladarki Google Chrome adware DNS Unlocker. Usunąłem go przez panel sterowania ale nie pomogło. Nadal zarządza mi przeglądarką. Przeczytałem żeby zrobić scan za pomocą aplikacji FRST. Proszę o pomoc w dalszych czynnościach.
    W załączniku dwa pliki: FRST i Addition.txt

    Dzięki z góry za pomoc

    0 2
  • #3 27 Cze 2016 13:56
    Kolobos
    Spec od komputerów

    Odinstaluj:
    DNSUnlocker
    WebStorage

    Obok frst.exe utworz plik Fixlist.txt z zawartoscia:
    Task: {79E99981-9273-47A8-852F-5E82DE848776} - System32\Tasks\{244CA4FC-9B80-1C32-5030-815EB22E644E} => Regsvr32.exe /s /n /i:"/rt" "C:\PROGRA~3\cc65f082\be02f3fc.dll" <==== AANDACHT
    GroupPolicy: Restrictie - Chrome <======= AANDACHT
    CHR HKLM\SOFTWARE\Policies\Google: Restrictie <======= AANDACHT
    Tcpip\Parameters: [NameServer] 82.163.143.171 82.163.142.173
    Tcpip\..\Interfaces\{4fdc595a-66f7-4712-899d-c1f58c0c3cee}: [NameServer] 82.163.143.171 82.163.142.173
    Tcpip\..\Interfaces\{4fdc595a-66f7-4712-899d-c1f58c0c3cee}: [DhcpNameServer] 82.163.143.171
    Tcpip\..\Interfaces\{fb9e563f-34a4-492f-a4be-8aacee636a5e}: [NameServer] 82.163.143.171 82.163.142.173
    Tcpip\..\Interfaces\{fb9e563f-34a4-492f-a4be-8aacee636a5e}: [DhcpNameServer] 82.163.143.171
    HKU\S-1-5-21-447138321-1644301191-4082722162-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://nl.search.yahoo.com/yhs/web?hspart=ir...23%26os_ver%3D10.0%26os%3DWindows%2B10%2BHome
    SearchScopes: HKLM -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxps://nl.search.yahoo.com/yhs/search?hspart..._ver%3D10.0%26os%3DWindows%2B10%2BHome&p={searchTerms}
    SearchScopes: HKLM -> {01673828-425E-4904-8F94-C4D9F3616B69} URL = hxxp://www.istartsurf.com/web/?type=ds&ts...600xmtfddak256mbf_1533105a092d105a092d&q={searchTerms}




    SearchScopes: HKLM -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxps://nl.search.yahoo.com/yhs/search?hspart..._ver%3D10.0%26os%3DWindows%2B10%2BHome&p={searchTerms}
    SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://nl.search.yahoo.com/yhs/search?hspart..._ver%3D10.0%26os%3DWindows%2B10%2BHome&p={searchTerms}
    SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://nl.search.yahoo.com/yhs/search?hspart..._ver%3D10.0%26os%3DWindows%2B10%2BHome&p={searchTerms}
    SearchScopes: HKU\S-1-5-21-447138321-1644301191-4082722162-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://nl.search.yahoo.com/yhs/search?hspart..._ver%3D10.0%26os%3DWindows%2B10%2BHome&p={searchTerms}
    SearchScopes: HKU\S-1-5-21-447138321-1644301191-4082722162-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://nl.search.yahoo.com/yhs/search?hspart..._ver%3D10.0%26os%3DWindows%2B10%2BHome&p={searchTerms}
    BHO-x32: Discovery App -> {ba32987d-db80-4ccb-a8bb-f812b5421c0f} -> C:\Program Files (x86)\Discovery App\Extensions\ba32987d-db80-4ccb-a8bb-f812b5421c0f.dll => Geen bestand
    Edge HomeButtonPage: HKU\S-1-5-21-447138321-1644301191-4082722162-1001 -> hxxp://www.istartsurf.com/?type=hp&ts=144...icronxm600xmtfddak256mbf_1533105a092d105a092d
    FF NewTab: about:newtab
    FF DefaultSearchEngine: Yahoo! Powered
    FF SelectedSearchEngine: Yahoo! Powered
    FF Homepage: hxxps://nl.search.yahoo.com/yhs/web?hspart=ir...23%26os_ver%3D10.0%26os%3DWindows%2B10%2BHome
    FF Keyword.URL: user_pref("keyword.URL", true);
    FF SearchPlugin: C:\Users\Gebruiker\AppData\Roaming\Mozilla\Firefox\Profiles\3efi10f5.default\searchplugins\default.xml [2016-06-24]
    FF SearchPlugin: C:\Users\Gebruiker\AppData\Roaming\Mozilla\Firefox\Profiles\3efi10f5.default\searchplugins\McSiteAdvisor.xml [2015-11-09]
    FF SearchPlugin: C:\Users\Gebruiker\AppData\Roaming\Mozilla\Firefox\Profiles\3efi10f5.default\searchplugins\yahoo! powered.xml [2016-06-06]
    FF Extension: Jungle Net - C:\Users\Gebruiker\AppData\Roaming\Mozilla\Firefox\Profiles\3efi10f5.default\Extensions\{69295fe8-00d6-4e4e-aab9-2a096a77128f}.xpi [2015-10-17] [ niet getekend]
    FF Extension: Discovery App - C:\Users\Gebruiker\AppData\Roaming\Mozilla\Firefox\Profiles\3efi10f5.default\Extensions\{70d74554-b8e0-4983-ad33-e12bf864164e}.xpi [2015-11-06] [ niet getekend]
    FF HKLM-x32\...\Firefox\Extensions: [sidebarff@gmail.com] - C:\Users\Gebruiker\AppData\Roaming\Mozilla\Firefox\Profiles\3efi10f5.default\extensions\sidebarff@gmail.com => niet gevonden
    CHR DefaultSearchURL: Default -> hxxp://srch.bar/{searchTerms}
    CHR DefaultSearchKeyword: Default -> t
    CHR DefaultSuggestURL: Default -> hxxp://srch.bar/?s={searchTerms}
    CHR HKLM\...\Chrome\Extension: [iccodbepgnkhafhjajchdjkadbflkijl] - C:\Users\Gebruiker\AppData\Local\Google\Chrome\User Data\Default\Extensions\iccodbepgnkhafhjajchdjkadbflkijl.crx [2015-11-15]
    CHR HKLM\...\Chrome\Extension: [pilplloabdedfmialnfchjomjmpjcoej] - hxxps://clients2.google.com/service/update2/crx
    CHR HKU\S-1-5-21-447138321-1644301191-4082722162-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [pilplloabdedfmialnfchjomjmpjcoej] - hxxps://clients2.google.com/service/update2/crx
    CHR HKLM-x32\...\Chrome\Extension: [iccodbepgnkhafhjajchdjkadbflkijl] - C:\Users\Gebruiker\AppData\Local\Google\Chrome\User Data\Default\Extensions\iccodbepgnkhafhjajchdjkadbflkijl.crx [2015-11-15]
    CHR HKLM-x32\...\Chrome\Extension: [pilplloabdedfmialnfchjomjmpjcoej] - hxxps://clients2.google.com/service/update2/crx
    S3 GSService; "C:\WINDOWS\SysWOW64\GSService.exe" [X]
    2016-06-24 21:51 - 2016-06-24 21:51 - 00000000 ____D C:\ProgramData\5e813051-0ca7-0
    2016-06-24 15:46 - 2016-06-24 15:46 - 00003890 _____ C:\WINDOWS\System32\Tasks\{244CA4FC-9B80-1C32-5030-815EB22E644E}
    2016-06-24 15:46 - 2016-06-24 15:46 - 00000000 ____D C:\ProgramData\cc65f082
    2016-06-24 15:46 - 2016-06-24 15:46 - 00000000 ____D C:\ProgramData\5e813051-7eb7-0
    2016-06-24 15:46 - 2016-06-24 15:46 - 00000000 ____D C:\ProgramData\{1404cc85-712c-0}
    2016-06-24 15:46 - 2016-06-24 15:46 - 00000000 ____D C:\ProgramData\{02f72d8a-712c-1}
    2016-06-06 19:53 - 2016-06-24 15:47 - 00000000 ____D C:\ProgramData\11ce4a3f-44e5-1
    2016-06-06 19:53 - 2016-06-24 15:47 - 00000000 ____D C:\ProgramData\11ce4a3f-0095-0
    2016-06-25 13:41 - 2015-12-05 08:02 - 00000180 _____ C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
    EmptyTemp:

    W FRST wybierz napraw.

    Usun katalog C:\FRST.

    0