Elektroda.pl
Elektroda.pl
X
Proszę, dodaj wyjątek www.elektroda.pl do Adblock.
Dzięki temu, że oglądasz reklamy, wspierasz portal i użytkowników.

Usunięcie Dns Unlocker - logi z FRST

nowson 27 Cze 2016 20:16 396 4
  • Pomocny post
    #2 27 Cze 2016 20:53
    Kolobos
    Spec od komputerów

    Odinstaluj DNSUnlocker

    Obok frst.exe utworz plik Fixlist.txt z zawartoscia:
    Task: {0288F7D4-94E0-4122-8A2B-695FF73B3B2A} - System32\Tasks\{C16877B9-2B51-2679-519B-C4929C198013} => Regsvr32.exe /s /n /i:"/rt" "C:\PROGRA~3\886bc752\ec9c3de2.dll" <==== UWAGA
    Task: {452D4C41-E406-44D5-93BF-7F573F17463A} - \CCleanerSkipUAC -> Brak pliku <==== UWAGA
    Task: {4D17176A-49A7-47F8-8506-B74FB10DF6DD} - System32\Tasks\{3ECF4032-4F63-4CF9-89C8-D1E5CA86C449} => pcalua.exe -a "C:\Users\nowson\Downloads\Mp3 Direct Cut 2.07.exe" -d C:\Users\nowson\Downloads
    Task: {679343A5-ED29-4C38-8E8B-5DF8D6EE432D} - System32\Tasks\{856B84CF-DB73-4EF5-92BB-75CFDBA2111C} => pcalua.exe -a "C:\Users\nowson\Downloads\Vag-Com 311.2 +crack\VAG-COM_v311.2_Działa\Release3112n2.exe" -d "C:\Users\nowson\Downloads\Vag-Com 311.2 +crack\VAG-COM_v311.2_Działa"
    Task: {9B191164-CC70-48E5-B4D5-0FDBFCBD3581} - System32\Tasks\SlimCleaner Plus (Scheduled Scan - nowson) => C:\Program Files\SlimCleaner Plus\SlimCleanerPlus.exe
    Task: {ADFCA775-C44D-4629-9D69-2CD80C243D39} - System32\Tasks\{5EE58393-5781-4DD8-9E88-23DC19A0BE7D} => C:\Program Files (x86)\VAG-COM\VagCom.exe
    Task: {C82F5540-6CF9-443A-9D24-0F71F1845108} - System32\Tasks\Opera scheduled Autoupdate 1412970681 => C:\Program Files (x86)\Opera\launcher.exe [2016-06-13] (Opera Software)
    Task: {E92C8F66-EFFA-41F9-B3AE-64CFBF8ED0D3} - System32\Tasks\{2BA40654-903F-971D-1A29-6ADBB1D20926} => C:\Users\nowson\AppData\Local\{470B7~1\UNINST~1.EXE <==== UWAGA
    Task: C:\WINDOWS\Tasks\SlimCleaner Plus (Scheduled Scan - nowson).job => C:\Program Files\SlimCleaner Plus\SlimCleanerPlus.exe
    Task: C:\WINDOWS\Tasks\{2BA40654-903F-971D-1A29-6ADBB1D20926}.job =>
    ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => Brak pliku
    CHR HKLM\SOFTWARE\Policies\Google: Ograniczenia <======= UWAGA
    Tcpip\Parameters: [NameServer] 82.163.142.7 95.211.158.134
    Tcpip\..\Interfaces\{0d7c6b9e-50f5-4376-8ee7-b2499147a044}: [DhcpNameServer] 82.163.142.7
    Tcpip\..\Interfaces\{13ca0253-0d60-4961-8f87-9000280da0df}: [NameServer] 82.163.142.7 95.211.158.134
    Tcpip\..\Interfaces\{13ca0253-0d60-4961-8f87-9000280da0df}: [DhcpNameServer] 82.163.142.7
    Tcpip\..\Interfaces\{155ad1cf-8d42-4b39-8010-bc33a004e660}: [NameServer] 82.163.142.7 95.211.158.134
    Tcpip\..\Interfaces\{155ad1cf-8d42-4b39-8010-bc33a004e660}: [DhcpNameServer] 82.163.142.7
    Tcpip\..\Interfaces\{6812ade1-d6c7-4703-b522-5f1a919a2991}: [NameServer] 82.163.142.7 95.211.158.134
    Tcpip\..\Interfaces\{6812ade1-d6c7-4703-b522-5f1a919a2991}: [DhcpNameServer] 82.163.142.7
    HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://no.search.yahoo.com/yhs/web?hspart=ir...18%26os_ver%3D10.0%26os%3DWindows%2B10%2BHome
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxps://no.search.yahoo.com/yhs/web?hspart=ir...18%26os_ver%3D10.0%26os%3DWindows%2B10%2BHome
    HKU\S-1-5-21-1264080788-789849914-2988117188-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://no.search.yahoo.com/yhs/web?hspart=ir...18%26os_ver%3D10.0%26os%3DWindows%2B10%2BHome
    HKU\S-1-5-21-1264080788-789849914-2988117188-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer.msn.com
    HKU\S-1-5-21-1264080788-789849914-2988117188-1001\Software\Microsoft\Internet Explorer\Main,First Home Page = hxxp://go.microsoft.com/fwlink/?LinkID=226786...rms%7D%26src%3DIE%2DSearchBox%26FORM%3DIESR02
    URLSearchHook: HKU\S-1-5-21-1264080788-789849914-2988117188-1001 - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
    URLSearchHook: HKU\S-1-5-21-1264080788-789849914-2988117188-1001 - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
    SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://no.search.yahoo.com/yhs/search?hspart..._ver%3D10.0%26os%3DWindows%2B10%2BHome&p={searchTerms}
    SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://no.search.yahoo.com/yhs/search?hspart..._ver%3D10.0%26os%3DWindows%2B10%2BHome&p={searchTerms}
    SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=AARTDF&pc=MAAR&src=IE-SearchBox
    SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=AARTDF&pc=MAAR&src=IE-SearchBox
    SearchScopes: HKU\S-1-5-21-1264080788-789849914-2988117188-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://no.search.yahoo.com/yhs/search?hspart..._ver%3D10.0%26os%3DWindows%2B10%2BHome&p={searchTerms}
    SearchScopes: HKU\S-1-5-21-1264080788-789849914-2988117188-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://no.search.yahoo.com/yhs/search?hspart..._ver%3D10.0%26os%3DWindows%2B10%2BHome&p={searchTerms}
    BHO: Brak nazwy -> {A24BF1F1-ECA7-4FA6-8E69-9F82502349DB} -> Brak pliku
    BHO: Brak nazwy -> {FBC5C9AF-BD25-4A68-9180-B9C02CC7A5F2} -> Brak pliku
    BHO-x32: Brak nazwy -> {A24BF1F1-ECA7-4FA6-8E69-9F82502349DB} -> Brak pliku
    BHO-x32: Brak nazwy -> {FBC5C9AF-BD25-4A68-9180-B9C02CC7A5F2} -> Brak pliku
    FF SelectedSearchEngine: Search Provided by Yahoo
    FF DefaultSearchEngine: Search Provided by Yahoo
    FF Homepage: hxxps://no.search.yahoo.com/yhs/web?hspart=ir...18%26os_ver%3D10.0%26os%3DWindows%2B10%2BHome
    FF NewTab: about:newtab
    FF user.js: detected! => C:\Users\nowson\AppData\Roaming\Mozilla\Firefox\Profiles\vv1qxz8y.default\user.js [2015-05-25]
    FF SearchPlugin: C:\Users\nowson\AppData\Roaming\Mozilla\Firefox\Profiles\vv1qxz8y.default\searchplugins\Search Provided by Yahoo.xml [2016-05-06]
    FF Extension: GoldenCoupon - C:\Users\nowson\AppData\Roaming\Mozilla\Firefox\Profiles\vv1qxz8y.default\extensions\ysloofsknypyy@ndcelydhdi_iw.com [2015-06-15] [Brak podpisu cyfrowego]
    FF Extension: FineeDealSofet - C:\Users\nowson\AppData\Roaming\Mozilla\Firefox\Profiles\vv1qxz8y.default\Extensions\lx@e5vYc.org [2015-06-15] [Brak podpisu cyfrowego]
    CHR Extension: (Ad.Block.Plus) - C:\Users\nowson\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ohcnaaadeofcikkkfnnkkcljnohdcakh [2016-04-16]
    CHR HKLM\...\Chrome\Extension: [pilplloabdedfmialnfchjomjmpjcoej] - hxxps://clients2.google.com/service/update2/crx
    CHR HKU\S-1-5-21-1264080788-789849914-2988117188-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [pilplloabdedfmialnfchjomjmpjcoej] - hxxps://clients2.google.com/service/update2/crx
    CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - hxxp://clients2.google.com/service/update2/crx
    CHR HKLM-x32\...\Chrome\Extension: [pilplloabdedfmialnfchjomjmpjcoej] - hxxps://clients2.google.com/service/update2/crx
    S0 BTATH_BUS; System32\drivers\btath_bus.sys [X]
    S3 IntcAzAudAddService; \SystemRoot\system32\drivers\RTKVHD64.sys [X]
    2016-06-27 16:35 - 2016-06-27 16:35 - 00000000 ____D C:\ProgramData\92c49b50-6687-0
    2016-06-27 16:30 - 2016-06-27 16:30 - 00003884 _____ C:\WINDOWS\System32\Tasks\{C16877B9-2B51-2679-519B-C4929C198013}
    2016-06-27 16:30 - 2016-06-27 16:30 - 00000000 ____D C:\ProgramData\92c49b50-2287-0
    2016-06-27 16:30 - 2016-06-27 16:30 - 00000000 ____D C:\ProgramData\886bc752
    2016-06-27 16:30 - 2016-06-27 16:30 - 00000000 ____D C:\ProgramData\{1f17022e-712c-1}
    2016-06-27 16:30 - 2016-06-27 16:30 - 00000000 ____D C:\ProgramData\{1ef2ac51-012c-0}
    2016-06-27 16:30 - 2016-06-27 16:30 - 00000000 ____D C:\ProgramData\{0c4aa33f-312c-0}
    2016-06-27 19:43 - 2016-05-06 23:43 - 00000294 _____ C:\WINDOWS\Tasks\{2BA40654-903F-971D-1A29-6ADBB1D20926}.job
    2016-06-27 16:31 - 2016-05-06 23:42 - 00000000 ____D C:\ProgramData\8da71a55-7ea3-1
    2016-06-27 16:30 - 2016-05-06 23:42 - 00000000 ____D C:\ProgramData\8da71a55-0ba7-0
    2015-06-14 18:36 - 2015-06-14 18:36 - 0000079 _____ () C:\Program Files (x86)\prefs.js
    EmptyTemp:

    W FRST wybierz Napraw.

    Usun katalog C:\FRST

    0
  • #3 27 Cze 2016 21:34
    nowson
    Poziom 10  

    Dziękuję . Pomogło .

    Ciekawi mnie kiedy się to zainstalowało i jak ???
    W czwartek wyłączyłem kompa i nikt go nie włączał do dziś (poniedziałek).
    Jak go dziś włączyłem to ten syf już był na komputerze .

    0
  • #4 27 Cze 2016 21:42
    Kolobos
    Spec od komputerów

    Wyglada na to, ze 2016-05-06 23:42, a dzis pobralo tylko kolejne szkodliwe skladniki.

    0
  • #5 01 Paź 2016 11:10
    nowson
    Poziom 10  

    Dziękuję . Pomogło.

    0