Elektroda.pl
Elektroda.pl
X
CControls
Proszę, dodaj wyjątek www.elektroda.pl do Adblock.
Dzięki temu, że oglądasz reklamy, wspierasz portal i użytkowników.

DNS unlocker - usuwanie - logi z FRST.

Hordekilla 29 Lip 2016 20:26 534 1
  • CControls
  • #2 29 Lip 2016 20:36
    Kolobos
    Spec od komputerów

    Odinstaluj DNSUnlocker

    Obok frst.exe utworz plik fixlist.txt z zawartoscia:
    Task: {03749D83-C0DE-47D1-A43B-BF435E3A7F29} - \WinTaske -> Brak pliku <==== UWAGA
    Task: {257746E8-F620-4B76-8D6A-E33370D26D48} - System32\Tasks\Chromium => C:\Users\ICHTRO~1\AppData\Local\Chromium\APPLIC~1\450244~1.0\INSTAL~1\UNINST~1.EXE
    Task: {29949E26-7AA3-45D4-9C02-C7A288FA23B6} - System32\Tasks\Ich troje i piesThicketUpswingV2 => Rundll32.exe ExertsCetology.dll,main 7 1 <==== UWAGA
    Task: {2C6E6808-8CC9-49D1-8E61-5E45CF8A7EB2} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> Brak pliku <==== UWAGA
    Task: {2CE361D8-3DF3-4EF0-A138-46B413EFB375} - \Browser Updater Task(Core) -> Brak pliku <==== UWAGA
    Task: {52D534D3-B256-43CE-B4B5-220BDD39B450} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> Brak pliku <==== UWAGA
    Task: {69B9A88E-E62D-43B3-94F4-E4CBC5652F55} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> Brak pliku <==== UWAGA
    Task: {6FDDB44F-BB2A-41E1-9174-EA1E9851A2AF} - \Microsoft\Windows\Maintenance\SMupdate2 -> Brak pliku <==== UWAGA
    Task: {7E02597E-0990-46D9-9410-9DBA5B45CAC8} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> Brak pliku <==== UWAGA
    Task: {8AFD739D-4B41-4219-BE1F-2C444B057E07} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> Brak pliku <==== UWAGA
    Task: {9EEDE1D3-5D9B-4E9E-91C0-3E5968AF059A} - System32\Tasks\SMupdate1 => Rundll32.exe C:\PROGRA~1\COMMON~1\System\SysMenu.dll ,Command701 update1 <==== UWAGA
    Task: {A709B11A-8FCA-44E1-AA28-72124271687D} - System32\Tasks\{965B7900-2F74-FB9A-E413-DDA1DA7B2715} => Regsvr32.exe /s /n /i:"/rt" "C:\PROGRA~3\aa2c2ac8\a76816e4.dll" <==== UWAGA
    Task: {ACFB1769-5575-4E33-AF76-EADB4E0F1C5E} - \Microsoft\Windows\Multimedia\SMupdate3 -> Brak pliku <==== UWAGA
    Task: {CF431491-BF18-41DA-A6BE-393854BA5811} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> Brak pliku <==== UWAGA
    Task: {D0B81C79-2BB5-4797-BAD9-3DBA5D6B5F25} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> Brak pliku <==== UWAGA
    Task: {DE9B25FD-97CA-4676-B4DB-BC00A98DF055} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> Brak pliku <==== UWAGA
    Task: {EA99BEEC-93C4-4B6D-8CB9-3DE0F7295107} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> Brak pliku <==== UWAGA
    Task: {F4238E9C-71E8-4919-BA4A-F853DB55335E} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> Brak pliku <==== UWAGA
    Task: {F8BBE1B1-36DF-49D3-A2ED-208213FB6ACB} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> Brak pliku <==== UWAGA
    Task: C:\WINDOWS\Tasks\Chromium.job => C:\Users\ICHTRO~1\AppData\Local\Chromium\APPLIC~1\450244~1.0\INSTAL~1\UNINST~1.EXE
    ShortcutWithArgument: C:\Users\Ich troje i pies\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\WarThunder.lnk -> C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) -> hxxp://mmotraffic.com/catalog/goplay/1000932/...AyCzy0EtA2RtBtDtCyCtDtBtDyCtBtDtDtBtByEtDzyyB




    Tcpip\Parameters: [NameServer] 82.163.143.171 82.163.142.173
    Tcpip\..\Interfaces\{0441f87e-c5db-4bfa-8315-2c57d47dd6b3}: [NameServer] 82.163.143.171 82.163.142.173
    Tcpip\..\Interfaces\{0de2986f-72ec-40e3-9bbe-411c67a88457}: [NameServer] 82.163.143.171 82.163.142.173
    Tcpip\..\Interfaces\{0de2986f-72ec-40e3-9bbe-411c67a88457}: [DhcpNameServer] 82.163.143.171
    Tcpip\..\Interfaces\{79c9ce0b-3368-4006-afdf-659e66c7e9fe}: [NameServer] 82.163.143.171 82.163.142.173
    Tcpip\..\Interfaces\{79c9ce0b-3368-4006-afdf-659e66c7e9fe}: [DhcpNameServer] 82.163.143.171
    Tcpip\..\Interfaces\{95f73c78-520f-4f4c-9f2a-f358281ba552}: [NameServer] 82.163.143.171 82.163.142.173
    Tcpip\..\Interfaces\{95f73c78-520f-4f4c-9f2a-f358281ba552}: [DhcpNameServer] 82.163.143.171
    HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/?pc=MSE1
    HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.istartsurf.com/web/?type=ds&ts...OSHIBAXMQ01ABF050_23P1C5ZQTXX23P1C5ZQT&q={searchTerms}
    HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.istartsurf.com/?type=hppp&ts=1...p;uid=TOSHIBAXMQ01ABF050_23P1C5ZQTXX23P1C5ZQT
    HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.istartsurf.com/web/?type=ds&ts...OSHIBAXMQ01ABF050_23P1C5ZQTXX23P1C5ZQT&q={searchTerms}
    HKU\S-1-5-21-2980603388-2326059780-3898639561-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.istartsurf.com/web/?type=dspp&...OSHIBAXMQ01ABF050_23P1C5ZQTXX23P1C5ZQT&q={searchTerms}
    HKU\S-1-5-21-2980603388-2326059780-3898639561-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkID=617910...amp;GUID=11908A21-275D-43C0-8A78-A28E010CE022
    HKU\S-1-5-21-2980603388-2326059780-3898639561-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.istartsurf.com/?type=hppp&ts=1...p;uid=TOSHIBAXMQ01ABF050_23P1C5ZQTXX23P1C5ZQT
    HKU\S-1-5-21-2980603388-2326059780-3898639561-1001\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.istartsurf.com/web/?type=dspp&...OSHIBAXMQ01ABF050_23P1C5ZQTXX23P1C5ZQT&q={searchTerms}
    HKU\S-1-5-21-2980603388-2326059780-3898639561-500\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/?pc=MSE1
    HKU\S-1-5-21-2980603388-2326059780-3898639561-500\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://toshiba13.msn.com
    HKU\S-1-5-21-2980603388-2326059780-3898639561-500\Software\Microsoft\Internet Explorer\Main,First Home Page = hxxp://go.microsoft.com/fwlink/?LinkID=226786...p;OHP=http%3A%2F%2Ftoshiba13.msn.com&OSP=
    SearchScopes: HKLM -> {2f23ab71-4ac6-41f2-a955-ea576e553146} URL =
    SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-21-2980603388-2326059780-3898639561-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
    SearchScopes: HKU\S-1-5-21-2980603388-2326059780-3898639561-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
    SearchScopes: HKU\S-1-5-21-2980603388-2326059780-3898639561-1001 -> {2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0} URL = hxxp://www.istartsurf.com/web/?utm_source=b&a...ZQT&ts=1434384020&type=default&q={searchTerms}
    SearchScopes: HKU\S-1-5-21-2980603388-2326059780-3898639561-1001 -> {2f23ab71-4ac6-41f2-a955-ea576e553146} URL = hxxp://www.istartsurf.com/web/?type=dspp&...OSHIBAXMQ01ABF050_23P1C5ZQTXX23P1C5ZQT&q={searchTerms}
    SearchScopes: HKU\S-1-5-21-2980603388-2326059780-3898639561-1001 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
    SearchScopes: HKU\S-1-5-21-2980603388-2326059780-3898639561-1001 -> {DE4ED612-6E59-4898-B2BC-4A99AD493BBE} URL = hxxp://www.istartsurf.com/web/?utm_source=b&a...ZQT&ts=1434384020&type=default&q={searchTerms}
    SearchScopes: HKU\S-1-5-21-2980603388-2326059780-3898639561-1001 -> {E733165D-CBCF-4FDA-883E-ADEF965B476C} URL = hxxp://www.istartsurf.com/web/?utm_source=b&a...ZQT&ts=1434384020&type=default&q={searchTerms}
    FF HKLM-x32\...\Firefox\Extensions: [sweetsearch@gmail.com] - C:\Users\Ich troje i pies\AppData\Roaming\Mozilla\Firefox\Profiles\nyqo62tp.default\extensions\sweetsearch@gmail.com => nie znaleziono
    FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK => nie znaleziono
    CHR Extension: (bkghojmamekkhbgcjmegbmnfclpfihem) - C:\Users\Ich troje i pies\AppData\Local\Google\Chrome\User Data\Default\Extensions\bkghojmamekkhbgcjmegbmnfclpfihem [2015-01-10]
    2016-07-09 17:48 - 2016-07-23 20:14 - 00000000 ____D C:\ProgramData\a1dd13e5-5c53-1
    2016-07-09 17:48 - 2016-07-23 20:14 - 00000000 ____D C:\ProgramData\a1dd13e5-37f1-0
    2016-07-25 05:40 - 2016-03-24 17:57 - 00000000 ____D C:\Program Files (x86)\QQBrowser
    2016-07-24 21:07 - 2015-05-14 17:21 - 00000000 ____D C:\AdwCleaner
    2016-07-13 15:52 - 2016-06-20 23:43 - 00000000 ____D C:\ProgramData\a1dd13e5-27a1-0
    2014-12-30 22:06 - 2014-12-30 22:06 - 1830376 _____ (Object Browser) C:\Users\Ich troje i pies\AppData\Roaming\BBHJ.exe
    2014-12-30 22:08 - 2014-12-30 22:08 - 1356264 _____ (Object Browser) C:\Users\Ich troje i pies\AppData\Roaming\SCOWI.exe
    2014-08-28 19:15 - 2014-08-29 11:44 - 0000336 _____ () C:\Users\Ich troje i pies\AppData\Local\JunkAtx.bin
    2014-08-28 13:47 - 2014-08-28 13:47 - 0000051 _____ () C:\Users\Ich troje i pies\AppData\Local\Kosong.Bron.Tok.txt
    2014-12-30 23:17 - 2014-12-30 23:17 - 0628496 _____ (CMI Limited) C:\Users\Ich troje i pies\AppData\Local\nsaFC95.tmp
    EmptyTemp:

    W FRST wybierz Napraw.

    Usun katalog C:\FRST.

    Zrob pelny skan przy pomocy Mbam i usun to co wykryje:
    http://www.bleepingcomputer.com/download/malwarebytes-anti-malware/

    0