Elektroda.pl
Elektroda.pl
X
Proszę, dodaj wyjątek www.elektroda.pl do Adblock.
Dzięki temu, że oglądasz reklamy, wspierasz portal i użytkowników.

[Rozwiązano] Wirus Firefox. Przekierowanie na stronę bestadbid.com.

Kol23 02 Sie 2018 17:43 198 3
  • #1 02 Sie 2018 17:43
    Kol23
    Poziom 2  

    Co jakiś czas w przeglądarce zostaję przekierowany na tę stronę: bestadbid.com. Dodatkowo kiedy chcę uzyskać wymagane logi FRST z Farbar Recovery Scan Tool to program się automatycznie zamyka. Podobnie AdwCleaner. Jak w przeglądarkę wpiszę coś co ma frazę jak adw lub malware to przeglądarka też się sama zamyka. Logi które w końcu uzyskałem są zrobione zaraz po uruchomieniu systemu.

    0 3
  • Pomocny post
    #2 02 Sie 2018 18:05
    krzychupar
    Poziom 40  

    Odinstaluj:
    McAfee Security Scan Plus
    McAfee WebAdvisor

    Otwórz notatnik systemowy i wklej:
    Task: {5137567F-15D2-46B5-A3E3-634AB9FFA7AE} - \{36B1BF02-14BC-892A-42EC-F2807449EE0E} -> Brak pliku <==== UWAGA
    Task: {61FA35EC-8EB5-4961-8409-8DBEFA24B036} - \{533F0CC0-D334-AD28-8EA7-1CBEC86A5417} -> Brak pliku <==== UWAGA
    Task: {AC916929-F5A8-4A92-ADE1-9C23FF4AE398} - \Microsoft\Windows\UNP\RunCampaignManager -> Brak pliku <==== UWAGA
    Task: {B2776215-A7CF-4B22-A70B-290B6196E4F3} - \{AABDEC01-B5DA-D333-806B-E3624F2A23CF} -> Brak pliku <==== UWAGA
    HKLM Group Policy restriction on software: %systemroot%\system32\mrt.exe <==== UWAGA
    HKU\S-1-5-21-3984499806-4004556595-2038261355-1001\...\Policies\Explorer: [NoLowDiskSpaceChecks] False
    HKU\S-1-5-21-3984499806-4004556595-2038261355-1001\...\MountPoints2: F - "F:\setup.exe"
    HKU\S-1-5-21-3984499806-4004556595-2038261355-1001\...\MountPoints2: {4d0fc20b-034f-11e8-8e00-4ccc6aae3626} - "I:\HiSuiteDownLoader.exe"
    HKU\S-1-5-21-3984499806-4004556595-2038261355-1001\...\MountPoints2: {8a8a3a6b-ed62-11e7-a522-4ccc6aae3626} - "G:\HiSuiteDownLoader.exe"
    Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk [2017-02-17]
    ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.11.500\SSScheduler.exe (McAfee, Inc.)
    CHR HKLM\SOFTWARE\Policies\Google: Ograniczenia <==== UWAGA
    HKU\S-1-5-21-3984499806-4004556595-2038261355-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.x-kom.pl/
    HKU\S-1-5-21-3984499806-4004556595-2038261355-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.x-kom.pl
    SearchScopes: HKLM -> DefaultScope {24A16929-691E-4B45-937C-7DED3A8D92BD} URL = hxxp://www.x-kom.pl
    SearchScopes: HKLM -> {24A16929-691E-4B45-937C-7DED3A8D92BD} URL = hxxp://www.x-kom.pl
    SearchScopes: HKLM-x32 -> DefaultScope {24A16929-691E-4B45-937C-7DED3A8D92BD} URL = hxxp://www.x-kom.pl
    SearchScopes: HKLM-x32 -> {24A16929-691E-4B45-937C-7DED3A8D92BD} URL = hxxp://www.x-kom.pl
    SearchScopes: HKU\S-1-5-21-3984499806-4004556595-2038261355-1001 -> DefaultScope {24A16929-691E-4B45-937C-7DED3A8D92BD} URL =
    BHO: McAfee WebAdvisor -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2018-07-17] (McAfee, Inc.)
    BHO-x32: McAfee WebAdvisor -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2018-07-17] (McAfee, Inc.)




    Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2018-07-17] (McAfee, Inc.)
    Handler-x32: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2018-07-17] (McAfee, Inc.)
    Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2018-07-17] (McAfee, Inc.)
    Handler-x32: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2018-07-17] (McAfee, Inc.)
    FF HKLM\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor\e10ssaffplg.xpi
    FF Extension: (McAfee® WebAdvisor) - C:\Program Files (x86)\McAfee\SiteAdvisor\e10ssaffplg.xpi [2018-05-15]
    FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor\e10ssaffplg.xpi
    FF ExtraCheck: C:\Program Files (x86)\mozilla firefox\defaults\pref\local-settings.js [2016-04-04] <==== UWAGA (Linkuje do pliku *.cfg)
    FF ExtraCheck: C:\Program Files (x86)\mozilla firefox\mozilla.cfg [2016-05-10] <==== UWAGA
    Edge HomeButtonPage: HKU\S-1-5-21-3984499806-4004556595-2038261355-1001 -> hxxp://www.x-kom.pl/l/dziekujemy-za-zakupy
    CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - hxxp://clients2.google.com/service/update2/crx
    CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
    CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - hxxps://clients2.google.com/service/update2/crx
    CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - hxxp://clients2.google.com/service/update2/crx
    CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - hxxps://clients2.google.com/service/update2/crx
    R2 McAfee SiteAdvisor Service; C:\Program Files (x86)\McAfee\SiteAdvisor\McSACore.exe [604824 2018-07-17] (McAfee, Inc.)
    S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.11.500\McCHSvc.exe [329480 2017-01-19] (McAfee, Inc.)
    U1 aswbdisk; Brak ImagePath
    2018-08-02 17:17 - 2018-08-02 17:23 - 000000000 ____D C:\Users\kubad\Doctor Web
    2018-08-02 17:17 - 2018-08-02 17:17 - 000000000 ____D C:\ProgramData\Doctor Web
    2018-08-02 16:15 - 2018-08-02 16:17 - 000000000 ____D C:\AdwCleaner
    2018-07-22 14:01 - 2017-02-17 15:18 - 000000000 ____D C:\Program Files (x86)\McAfee
    2018-04-12 01:34 - 2018-04-12 01:34 - 000178688 ____N (Microsoft Corporation) C:\Users\kubad\Xoku.exe
    2018-04-12 01:34 - 2018-04-12 01:34 - 000059904 ____N (Microsoft Corporation) C:\Users\kubad\ZpEzwipYVyuGY.exe
    2017-02-16 22:22 - 2018-07-14 13:04 - 000000000 _____ () C:\Users\kubad\AppData\Roaming\avoriontestfile
    2017-03-05 17:39 - 2017-06-17 19:33 - 000004023 _____ () C:\Users\kubad\AppData\Roaming\LTspiceXVII.ini
    2018-03-03 18:14 - 2018-03-03 18:14 - 000000058 _____ () C:\Users\kubad\AppData\Local\DonationCoder_ScreenshotCaptor_InstallInfo.dat
    2018-08-02 10:51 - 2018-08-02 10:51 - 000000002 _____ () C:\Users\kubad\AppData\Local\imw.ini
    2018-04-12 01:34 - 2018-04-12 01:34 - 000059904 ____N (Microsoft Corporation) C:\Users\kubad\AppData\Local\OXoxOBMUVJxU.exe
    2017-02-17 18:16 - 2018-05-10 21:00 - 000007601 _____ () C:\Users\kubad\AppData\Local\Resmon.ResmonCfg
    2018-01-27 13:24 - 2018-01-27 13:24 - 000000128 _____ () C:\Users\kubad\AppData\Local\uts.ini
    EmptyTemp:

    Plik zapisz pod nazwą fixlist.txt i umieść w folderze, gdzie masz FRST.exe.
    Uruchom FRST i kliknij w Fix/Napraw.

    0
  • #4 02 Sie 2018 21:39
    Kol23
    Poziom 2  

    Zadziałało. Wielkie dzięki!

    0