• Welcome to TechPowerUp Forums, Guest! Please check out our forum guidelines for info related to our community.

Was my pc hacked?

WojtasRed

WojtasRed

Joined
May 22, 2008
Messages
421 (0.07/day)
Location
Thailand
System Specs
Processor AMD Phenom II 720 3x2,8 GHz BE
Motherboard MSI 870A Fuzion A770 SAM3
Cooling Scythe Zipang SCZP-1000
Memory Crucial 4GB DDR3 1600MHz Ballistix Sport CL9
Video Card(s) PALIT GeForce GTX 560Ti 1GB
Storage TOSHIBA 1000GB 32MB 3,5'' 7200 SATA III
Display(s) Gateway FPD2275W `22
Case Shinobi SH09A
Power Supply Thermaltake Toughpower W0116 750W
Software Windows 7 Ultimate 64bit
Every time when I start PC and connect to internet, this massage in HijackThis appears:

O17 - HKLM\System\CCS\Services\Tcpip\..\{F052A8D9-84A0-4405-860B-9C593D51C8E0}: NameServer = 212.2.96.54 212.2.96.52
Do you know the IP or Domain '212.2.96.54 212.2.96.52'? If not, fix this entry.
Click to expand...

I can fix it, but after restart my system and connect to internet, this entry appears again in HijackThis. Even when I remove this entry and reconect to the internet, this problem back again. When I disconnetct my PC from the internet, HijackThis doesn`t detect this problem.

How can I remove this entry permanently?
 
Last edited:
Law-II

Law-II

Joined
May 9, 2011
Messages
1,980 (0.42/day)
Location
Mainland Britain
System Specs
System Name H2o Box
Processor Intel(R) Xeon e5-2690 v2 Stock 3.300 GHz stock
Motherboard MSI X79A-G43 Plus (MS-7760) v3
Cooling CPU EK & Phobya G-Changer 360 V2.0 RAD H2o VGA "AlphaCool M18" Hybrid [pump replaced 18/8/21]
Memory G.Skill TridentX 16Gb 11-12-12-32 2T @ 1866Mhz [locked]
Video Card(s) Zotac GTX 1080ti AMP EXTREME
Storage HyperX Fury 120GB & Savage 480GB SSD, Seagate 250GB,250GB 7200rpm Kingston 64GB SSD
Display(s) Asus TUF Gaming VG32VQR 2560*1440 165Hz VA Panel
Case Corsair O-800D
Audio Device(s) Creative Sound Blaster X-Fi Titanium Fatal1ty Pro
Power Supply Be Quiet! [Dark Power Pro 11] 1200W CM replaced [7-4-2017]
Mouse Zelotes T-90
Keyboard K66 Mechanical US Layout
Software Win 10 Pro 64Bit v 20H2 / OS [build 19043.1237] WFEP 120.2212.3530.0
Hi

This may help - http://ip-lookup.net/ , use the *Lookup an IP address : box; at the bottom of the page to see who the IP or Domain belong to.

atb (all the best)

Law-II
 
Last edited:
95Viper

95Viper

Super Moderator
Staff member
Joined
Oct 12, 2008
Messages
12,670 (2.24/day)
Seems those are Polkomtel (Plus+) 's DNS nameservers.

Did you change your DNS servers or install setup software from (Plus+) Polkomtel.
Who is your service (internet,video, cellular access, software etc.) provider?

Check or change your DNS servers:Change TCP/IP settings

If you want to try OpenDNS, here is their instructions:Change your settings: Configuration for Windows 7

Here is a useful couple of tools.
One for changing your DNS server easily:Dns jumper v1.0.4
And, one to edit your hosts file:BlueLifeHosts editor v1.0

If you do not remember changing your DNS or have no software or dealings with Plus+ (Polkomtel), then run Malwarebytes and your favorite A/V programs to check for any baddies.

I do not believe that has anything to do with you being hacked.:)
 
WojtasRed

WojtasRed

Joined
May 22, 2008
Messages
421 (0.07/day)
Location
Thailand
System Specs
Processor AMD Phenom II 720 3x2,8 GHz BE
Motherboard MSI 870A Fuzion A770 SAM3
Cooling Scythe Zipang SCZP-1000
Memory Crucial 4GB DDR3 1600MHz Ballistix Sport CL9
Video Card(s) PALIT GeForce GTX 560Ti 1GB
Storage TOSHIBA 1000GB 32MB 3,5'' 7200 SATA III
Display(s) Gateway FPD2275W `22
Case Shinobi SH09A
Power Supply Thermaltake Toughpower W0116 750W
Software Windows 7 Ultimate 64bit
Yes, I`m using Polkomtel (Plus+) software. They`re my internet suppliers. I`ll try with Malwarebytes...

Edit:

OTL results:

OTL.txt
Code: 
http://wklej.org/id/820080/

Extras.txt
Code: 
http://wklej.org/id/820082/

Could someone take a look?
 
S

Steevo

Joined
Nov 4, 2005
Messages
11,682 (1.73/day)
System Specs
System Name Compy 386
Processor 7800X3D
Motherboard Asus
Cooling Air for now.....
Memory 64 GB DDR5 6400Mhz
Video Card(s) 7900XTX 310 Merc
Storage Samsung 990 2TB, 2 SP 2TB SSDs and over 10TB spinning
Display(s) 56" Samsung 4K HDR
Audio Device(s) ATI HDMI
Mouse Logitech MX518
Keyboard Razer
Software A lot.
Benchmark Scores Its fast. Enough.
Hijack this is not for users who ask what it is, unless they are asked to use it by users who know what it is.


*******************************

Its just your DNS or WINS being hijacked by your ISP's questionable software.


If you don't like to see this message use OpenDNS or Google for DNS lookup.
 
Jetster

Jetster

Joined
Jan 17, 2010
Messages
12,280 (2.36/day)
Location
Oregon
System Specs
System Name Juliette // HTPC
Processor Intel i7 9700K // AMD Ryzen 5 5600G
Motherboard ASUS Prime Z390X-A // ASRock B550 ITX-AC
Cooling Noctua NH-U12 Black // Stock
Memory Corsair DDR4 3600 32gb //G.SKILL Trident Z Royal Series 16GB (2 x 8GB) 3600
Video Card(s) ASUS RTX4070 OC// GTX 1650
Storage Samsung 970 EVO NVMe 1Tb, Intel 665p Series M.2 2280 1TB // Samsung 1Tb SSD
Display(s) ASUS VP348QGL 34" Quad HD 3440 x 1440 // 55" LG 4K SK8000 Series
Case Seasonic SYNCRO Q7// Silverstone Granada GD05
Audio Device(s) Focusrite Scarlett 4i4 // HDMI to Samsung HW-R650 sound bar
Power Supply Seasonic SYNCRO 750 W // CORSAIR Vengeance 650M
Mouse Cooler Master MM710 53G
Keyboard Logitech 920-009300 G512 SE
Software Windows 10 Pro // Windows 10 Pro
Exactly
 
You must log in or register to reply here.
Top