logo elektroda
logo elektroda
X
logo elektroda
Szukanie Zaawansowane
logo elektroda
Drukarka UV na Twoim biurku?
Drukarka UV na Twoim biurku? Poznaj eufyMake E1 »
REKLAMA
Dostępna jest polska wersja

Czy wolisz polską wersję strony elektroda?

Nie, dziękuję Przekieruj mnie tam
REKLAMA
REKLAMA
Adblock/uBlockOrigin/AdGuard mogą powodować znikanie niektórych postów z powodu nowej reguły.

Infekcja web-pl.com pomimo użycia Malwarebytes - analiza logów FRST

Tenkist 21 Mar 2020 15:33 306 3
REKLAMA
Zgłoś naruszenie prawa
| Nowy temat
  • #1 18547747
    Tenkist
    Poziom 5  
    Posty: 5
    Ocena: 3
    Witam
    Zauważyłem, że zamiast domyślnej wyszukiwarki przekierowuje mnie na jakąś stronę web-pl.com i dalej na niemieckie Google. Skorzystałem z programu Malwarebytes i usunąłem wszystko co wskazał. Zmieniłem domyślną witrynę w przeglądarce i problem wyglądał na rozwiązany. Przeskanowałem kompa FRST i po logach zauważyłem, że nadal tam ta strona siedzi. Bardzo bym prosił kogoś znającego się na rzeczy o przejrzenie logów.
    Załączniki:
    • Addition.txt (387.7 KB) Musisz być zalogowany, aby pobrać ten załącznik.
    • FRST.txt (58.6 KB) Musisz być zalogowany, aby pobrać ten załącznik.
  • REKLAMA
  • Pomocny post
    #2 18547872
    Kolobos
    Spec od komputerów
    Posty: 85165
    Pomógł: 17165
    Ocena: 10442
    Wykonaj Fixlist.txt dla FRST:
    CloseProcesses:
    Task: {C9B6480A-59F7-4CEE-97BE-DA5058682090} - \Microsoft\Windows\UNP\RunCampaignManager -> Brak pliku <==== UWAGA
    HKU\S-1-5-21-1697064138-2086180413-4032939745-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.web-pl.com/
    HKU\S-1-5-21-1697064138-2086180413-4032939745-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://lenovo15.msn.com/?pc=LCTE
    HKU\S-1-5-21-1697064138-2086180413-4032939745-1001\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://mystart.lenovo.com
    HKU\S-1-5-21-1697064138-2086180413-4032939745-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-03212020085641924\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.web-pl.com/
    HKU\S-1-5-21-1697064138-2086180413-4032939745-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-03212020085641924\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://lenovo15.msn.com/?pc=LCTE
    HKU\S-1-5-21-1697064138-2086180413-4032939745-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-03212020085641924\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://mystart.lenovo.com
    HKU\S-1-5-21-1697064138-2086180413-4032939745-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-03212020085752253\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.web-pl.com/
    HKU\S-1-5-21-1697064138-2086180413-4032939745-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-03212020085752253\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://lenovo15.msn.com/?pc=LCTE
    HKU\S-1-5-21-1697064138-2086180413-4032939745-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-03212020085752253\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://mystart.lenovo.com
    HKU\S-1-5-21-1697064138-2086180413-4032939745-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-03212020085827090\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.web-pl.com/
    HKU\S-1-5-21-1697064138-2086180413-4032939745-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-03212020085827090\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://lenovo15.msn.com/?pc=LCTE
    HKU\S-1-5-21-1697064138-2086180413-4032939745-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-03212020085827090\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://mystart.lenovo.com
    HKU\S-1-5-21-1697064138-2086180413-4032939745-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-03212020085849832\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.web-pl.com/
    HKU\S-1-5-21-1697064138-2086180413-4032939745-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-03212020085849832\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://lenovo15.msn.com/?pc=LCTE
    HKU\S-1-5-21-1697064138-2086180413-4032939745-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-03212020085849832\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://mystart.lenovo.com
    HKU\S-1-5-21-1697064138-2086180413-4032939745-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-03212020105650221\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.web-pl.com/
    HKU\S-1-5-21-1697064138-2086180413-4032939745-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-03212020105650221\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://lenovo15.msn.com/?pc=LCTE
    HKU\S-1-5-21-1697064138-2086180413-4032939745-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-03212020105650221\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://mystart.lenovo.com
    HKU\S-1-5-21-1697064138-2086180413-4032939745-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-03212020105945826\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.web-pl.com/
    HKU\S-1-5-21-1697064138-2086180413-4032939745-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-03212020105945826\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://lenovo15.msn.com/?pc=LCTE
    HKU\S-1-5-21-1697064138-2086180413-4032939745-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-03212020105945826\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://mystart.lenovo.com
    SearchScopes: HKU\S-1-5-21-1697064138-2086180413-4032939745-1001 -> DefaultScope {52B32DF5-BA14-40DB-AE27-945428672E8A} URL = hxxp://www.web-pl.com/search?q={searchTerms}
    SearchScopes: HKU\S-1-5-21-1697064138-2086180413-4032939745-1001 -> {52B32DF5-BA14-40DB-AE27-945428672E8A} URL = hxxp://www.web-pl.com/search?q={searchTerms}
    SearchScopes: HKU\S-1-5-21-1697064138-2086180413-4032939745-1001 -> {585ECD28-4734-4880-89A3-F23A585E2303} URL =
    SearchScopes: HKU\S-1-5-21-1697064138-2086180413-4032939745-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-03212020085641924 -> DefaultScope {52B32DF5-BA14-40DB-AE27-945428672E8A} URL = hxxp://www.web-pl.com/search?q={searchTerms}
    SearchScopes: HKU\S-1-5-21-1697064138-2086180413-4032939745-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-03212020085641924 -> {52B32DF5-BA14-40DB-AE27-945428672E8A} URL = hxxp://www.web-pl.com/search?q={searchTerms}
    SearchScopes: HKU\S-1-5-21-1697064138-2086180413-4032939745-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-03212020085641924 -> {585ECD28-4734-4880-89A3-F23A585E2303} URL =
    SearchScopes: HKU\S-1-5-21-1697064138-2086180413-4032939745-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-03212020085752253 -> DefaultScope {52B32DF5-BA14-40DB-AE27-945428672E8A} URL = hxxp://www.web-pl.com/search?q={searchTerms}
    SearchScopes: HKU\S-1-5-21-1697064138-2086180413-4032939745-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-03212020085752253 -> {52B32DF5-BA14-40DB-AE27-945428672E8A} URL = hxxp://www.web-pl.com/search?q={searchTerms}
    SearchScopes: HKU\S-1-5-21-1697064138-2086180413-4032939745-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-03212020085752253 -> {585ECD28-4734-4880-89A3-F23A585E2303} URL =
    SearchScopes: HKU\S-1-5-21-1697064138-2086180413-4032939745-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-03212020085827090 -> DefaultScope {52B32DF5-BA14-40DB-AE27-945428672E8A} URL = hxxp://www.web-pl.com/search?q={searchTerms}
    SearchScopes: HKU\S-1-5-21-1697064138-2086180413-4032939745-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-03212020085827090 -> {52B32DF5-BA14-40DB-AE27-945428672E8A} URL = hxxp://www.web-pl.com/search?q={searchTerms}
    SearchScopes: HKU\S-1-5-21-1697064138-2086180413-4032939745-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-03212020085827090 -> {585ECD28-4734-4880-89A3-F23A585E2303} URL =
    SearchScopes: HKU\S-1-5-21-1697064138-2086180413-4032939745-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-03212020085849832 -> DefaultScope {52B32DF5-BA14-40DB-AE27-945428672E8A} URL = hxxp://www.web-pl.com/search?q={searchTerms}
    SearchScopes: HKU\S-1-5-21-1697064138-2086180413-4032939745-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-03212020085849832 -> {52B32DF5-BA14-40DB-AE27-945428672E8A} URL = hxxp://www.web-pl.com/search?q={searchTerms}
    SearchScopes: HKU\S-1-5-21-1697064138-2086180413-4032939745-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-03212020085849832 -> {585ECD28-4734-4880-89A3-F23A585E2303} URL =
    SearchScopes: HKU\S-1-5-21-1697064138-2086180413-4032939745-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-03212020105650221 -> DefaultScope {52B32DF5-BA14-40DB-AE27-945428672E8A} URL = hxxp://www.web-pl.com/search?q={searchTerms}
    SearchScopes: HKU\S-1-5-21-1697064138-2086180413-4032939745-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-03212020105650221 -> {52B32DF5-BA14-40DB-AE27-945428672E8A} URL = hxxp://www.web-pl.com/search?q={searchTerms}
    SearchScopes: HKU\S-1-5-21-1697064138-2086180413-4032939745-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-03212020105650221 -> {585ECD28-4734-4880-89A3-F23A585E2303} URL =
    SearchScopes: HKU\S-1-5-21-1697064138-2086180413-4032939745-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-03212020105945826 -> DefaultScope {52B32DF5-BA14-40DB-AE27-945428672E8A} URL = hxxp://www.web-pl.com/search?q={searchTerms}
    SearchScopes: HKU\S-1-5-21-1697064138-2086180413-4032939745-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-03212020105945826 -> {52B32DF5-BA14-40DB-AE27-945428672E8A} URL = hxxp://www.web-pl.com/search?q={searchTerms}
    SearchScopes: HKU\S-1-5-21-1697064138-2086180413-4032939745-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-03212020105945826 -> {585ECD28-4734-4880-89A3-F23A585E2303} URL =
    Edge HomeButtonPage: HKU\S-1-5-21-1697064138-2086180413-4032939745-1001 -> hxxp://www.web-pl.com/
    CHR HomePage: Default -> hxxp://www.web-pl.com/
    CHR HKLM\...\Chrome\Extension: [mchjnmdbdlkdbfliogedbnpnanfjnolk] - hxxps://chrome.google.com/webstore/detail/mchjnmdbdlkdbfliogedbnpnanfjnolk
    CHR HKU\S-1-5-21-1697064138-2086180413-4032939745-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj]
    CHR HKU\S-1-5-21-1697064138-2086180413-4032939745-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-03212020085641924\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj]
    CHR HKU\S-1-5-21-1697064138-2086180413-4032939745-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-03212020085752253\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj]
    CHR HKU\S-1-5-21-1697064138-2086180413-4032939745-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-03212020085827090\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj]
    CHR HKU\S-1-5-21-1697064138-2086180413-4032939745-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-03212020085849832\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj]
    CHR HKU\S-1-5-21-1697064138-2086180413-4032939745-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-03212020105650221\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj]
    CHR HKU\S-1-5-21-1697064138-2086180413-4032939745-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-03212020105945826\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj]
    CHR HKLM-x32\...\Chrome\Extension: [mchjnmdbdlkdbfliogedbnpnanfjnolk] - hxxps://chrome.google.com/webstore/detail/mchjnmdbdlkdbfliogedbnpnanfjnolk
    2020-03-21 09:40 - 2017-02-12 21:02 - 000000000 ____D C:\ProgramData\Solvusoft
    2018-05-19 10:32 - 2018-05-19 10:32 - 007649280 _____ () C:\Program Files (x86)\GUT404B.tmp
  • REKLAMA
  • #3 18548084
    Tenkist
    Poziom 5  
    Posty: 5
    Ocena: 3
    Dziękuję za pomoc.
    Wykonałem fixa, żadnych objawów problemu nie widzę. Powinienem jeszcze raz wykonać skan, czy temat do zamknięcia?
  • Pomocny post
    #4 18548088
    Kolobos
    Spec od komputerów
    Posty: 85165
    Pomógł: 17165
    Ocena: 10442
    Usun katalog C:\FRST i to wszystko. Skanowac mozesz jak chcesz.
| Nowy temat
Zgłoś naruszenie prawa
REKLAMA