Elektroda.pl
Elektroda.pl
X

Search our partners

Find the latest content on electronic components. Datasheets.com
Elektroda.pl
Please add exception to AdBlock for elektroda.pl.
If you watch the ads, you support portal and users.

Rosyjskie strony podczas włączania stron.

10 Jan 2015 16:27 930 9
  • Level 9  
    Witam mam problem z tą stroną http://go.mail.ru/ a mianowicie ciągle mi się włącza, skanowałem ComboFix, ADWCleaner i CCleaner.
  • IT specialist
    Nie uzywaj Combofix.

    Daj w zalaczniku logi z FRST.
  • IT specialist
    Jeszcze addition.txt.
  • IT specialist
    Obok frst.exe utworz plik fixlist.txt z zawartoscia:
    Task: {24D2D04A-BCBF-4962-9FA7-1FFACC4BD0B1} - System32\Tasks\nethost task => C:\Users\Dominik\AppData\Local\SystemDir\nethost.exe [2015-01-10] ()
    Task: {256C71C6-ECD1-4B26-A381-B3427488FED9} - System32\Tasks\{27A90703-FE58-4ED5-B67F-B562E0EAD06A} => pcalua.exe -a C:\Users\Dominik\AppData\Roaming\mystartsearch\UninstallManager.exe -c -ptid=smt
    AlternateDataStreams: C:\ProgramData:NT
    AlternateDataStreams: C:\ProgramData:NT2
    AlternateDataStreams: C:\Users\All Users:NT
    AlternateDataStreams: C:\Users\All Users:NT2
    AlternateDataStreams: C:\ProgramData\Application Data:NT
    AlternateDataStreams: C:\ProgramData\Application Data:NT2
    AlternateDataStreams: C:\ProgramData\Dane aplikacji:NT
    AlternateDataStreams: C:\ProgramData\Dane aplikacji:NT2
    AlternateDataStreams: C:\ProgramData\MTA San Andreas All:NT
    AlternateDataStreams: C:\ProgramData\MTA San Andreas All:NT2
    AlternateDataStreams: C:\ProgramData\Temp:56E2E879
    AlternateDataStreams: C:\Users\Dominik\Dane aplikacji:NT
    AlternateDataStreams: C:\Users\Dominik\Dane aplikacji:NT2
    AlternateDataStreams: C:\Users\Dominik\AppData\Roaming:NT
    AlternateDataStreams: C:\Users\Dominik\AppData\Roaming:NT2
    () C:\Program Files\advPlugin\Basement\ExtensionUpdaterService.exe
    () C:\Users\Dominik\AppData\Local\Temp\net1EA3.tmp.exe
    HKU\S-1-5-21-305566740-955266908-1076458232-1000\...\RunOnce: [GoSearch_startsetsearch_chrome] => C:\Users\Dominik\AppData\Local\Temp\net1EA3.tmp.exe [2606560 2015-01-10] () <===== ATTENTION
    HKU\S-1-5-21-305566740-955266908-1076458232-1000\...\RunOnce: [GoSearchRemoveAppiexplore] => C:\Users\Dominik\AppData\Local\Temp\NET48D~1.EXE [2606560 2015-01-10] () <===== ATTENTION
    HKU\S-1-5-21-305566740-955266908-1076458232-1000\...\RunOnce: [GoSearchRemoveAppoldopera] => C:\Users\Dominik\AppData\Local\Temp\NET48D~2.EXE [2606560 2015-01-10] () <===== ATTENTION
    HKU\S-1-5-21-305566740-955266908-1076458232-1000\...\RunOnce: [GoSearchRemoveAppopera] => C:\Users\Dominik\AppData\Local\Temp\NET48D~3.EXE [2606560 2015-01-10] () <===== ATTENTION
    GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
    CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
    CHR HKU\S-1-5-21-305566740-955266908-1076458232-1000\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
    HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
    HKU\S-1-5-21-305566740-955266908-1076458232-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
    FF NewTab:
    FF DefaultSearchEngine: Поиск@Mail.Ru
    FF SelectedSearchEngine: Поиск@Mail.Ru
    FF Homepage: hxxp://mail.ru/cnt/10445?gp=blackbear2
    FF Keyword.URL: hxxp://go.mail.ru/search?fr=ntg&q=
    FF Plugin HKU\S-1-5-21-305566740-955266908-1076458232-1000: ubisoft.com/uplaypc -> C:\Program Files\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll No File
    FF SearchPlugin: C:\Users\Dominik\AppData\Roaming\Mozilla\Firefox\Profiles\oof5rki9.default\searchplugins\mailru.xml
    FF Extension: Currency calc - C:\Users\Dominik\AppData\Roaming\Mozilla\Firefox\Profiles\oof5rki9.default\Extensions\{1FE48F08-A2AC-44AC-A21C-0556D91C50DA} [2015-01-10]
    FF Extension: Спутник @Mail.Ru - C:\Users\Dominik\AppData\Roaming\Mozilla\Firefox\Profiles\oof5rki9.default\Extensions\{37964A3C-4EE8-47b1-8321-34DE2C39BA4D} [2015-01-10]
    FF Extension: Визуальные закладки @Mail.Ru - C:\Users\Dominik\AppData\Roaming\Mozilla\Firefox\Profiles\oof5rki9.default\Extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7} [2015-01-10]
    FF Extension: Skip Cert Error - C:\Users\Dominik\AppData\Roaming\Mozilla\Firefox\Profiles\oof5rki9.default\Extensions\skipcerterror@foudil.fr.xpi [2014-10-09]
    FF Extension: No Name - C:\Users\Dominik\AppData\Roaming\Mozilla\Firefox\Profiles\oof5rki9.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi [Not Found]
    FF Extension: No Name - C:\Users\Dominik\AppData\Roaming\Mozilla\Firefox\Profiles\oof5rki9.default\extensions\skipcerterror@foudil.fr.xpi [Not Found]
    FF Extension: No Name - C:\Users\Dominik\AppData\Roaming\Mozilla\Firefox\Profiles\oof5rki9.default\extensions\faststartff@gmail.com [Not Found]
    FF Extension: No Name - C:\Users\Dominik\AppData\Roaming\Mozilla\Firefox\Profiles\oof5rki9.default\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7} [Not Found]
    FF Extension: No Name - C:\Users\Dominik\AppData\Roaming\Mozilla\Firefox\Profiles\oof5rki9.default\extensions\{37964A3C-4EE8-47b1-8321-34DE2C39BA4D} [Not Found]
    FF Extension: No Name - C:\Users\Dominik\AppData\Roaming\Mozilla\Firefox\Profiles\oof5rki9.default\extensions\info4@etranslator.pro [Not Found]
    FF Extension: No Name - E:\Program Files\Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [Not Found]
    CHR Extension: (Поделиться ВКонтакте) - C:\Users\Dominik\AppData\Local\Google\Chrome\User Data\Default\Extensions\kneggodalbcmgdkkfhbhbicbbahnacjb [2015-01-10]
    CHR HKLM\...\Chrome\Extension: [kneggodalbcmgdkkfhbhbicbbahnacjb] - No Path
    CHR HKU\S-1-5-21-305566740-955266908-1076458232-1000\...\Chrome\Extension: [kneggodalbcmgdkkfhbhbicbbahnacjb] - No Path
    R2 Update Service for advPlugin; C:\Program Files\advPlugin\Basement\ExtensionUpdaterService.exe [137592 2014-12-30] ()
    S3 catchme; \??\C:\Users\Dominik\AppData\Local\Temp\catchme.sys [X]
    S3 EagleXNt; \??\C:\Windows\system32\drivers\EagleXNt.sys [X]
    2015-01-10 13:36 - 2015-01-10 13:36 - 00000266 __RSH () C:\ProgramData\ntuser.pol
    2015-01-10 13:33 - 2015-01-10 13:35 - 00000000 ____D () C:\AdwCleaner
    2015-01-10 12:03 - 2015-01-10 12:03 - 00022368 _____ () C:\ComboFix.txt
    2015-01-10 11:50 - 2015-01-10 11:51 - 05609736 ____R (Swearware) C:\Users\Dominik\Downloads\ComboFix.exe
    2015-01-10 11:47 - 2015-01-10 11:47 - 00000000 ____D () C:\Program Files\advPlugin
    2015-01-10 11:46 - 2015-01-10 11:46 - 00000000 ____D () C:\Users\Dominik\AppData\Local\Поиcк в Интeрнете
    2015-01-10 11:44 - 2015-01-10 12:44 - 00000000 ____D () C:\Users\Dominik\AppData\Local\SystemDir
    2015-01-10 12:03 - 2014-01-09 14:57 - 00000000 ____D () C:\Qoobox
    EmptyTemp:

    W FRST wybierz Fix.
  • IT specialist
    Daj nowe logi z FRST, ze skanowania.
  • IT specialist
    Nowy Fixlist.txt:
    HKU\S-1-5-21-305566740-955266908-1076458232-1000\Software\Microsoft\Internet Explorer\Main,Start Page = http://mail.ru/cnt/10445?gp=blackbear2
    SearchScopes: HKU\S-1-5-21-305566740-955266908-1076458232-1000 -> DefaultScope {A06ED961-D98F-4CF9-A89B-80AB11DB149C} URL = http://go-search.ru/search?q={searchTerms}
    SearchScopes: HKU\S-1-5-21-305566740-955266908-1076458232-1000 -> {A06ED961-D98F-4CF9-A89B-80AB11DB149C} URL = http://go-search.ru/search?q={searchTerms}
    SearchScopes: HKU\S-1-5-21-305566740-955266908-1076458232-1000 -> {FFEBBF0A-C22C-4172-89FF-45215A135AC7} URL = http://go.mail.ru/search?q={SearchTerms}&fr=ntg
    CHR Extension: (Переводчик для Chrome 2) - C:\Users\Dominik\AppData\Local\Google\Chrome\User Data\Default\Extensions\faminaibgiklngmfpfbhmokfmnglamcm [2015-01-10]
    2015-01-10 17:15 - 2015-01-10 17:15 - 00000008 __RSH () C:\ProgramData\ntuser.pol

    Jezeli nie pomoze to zresetuj Chrome i FF do ustawien fabrycznych.