Po uruchomieniu PC uruchamia automatycznie się chrome z reklamami.

[Wratoka]

Witam. Po uruchomieniu pc automatycznie uruchamia się przeglądarka chrome z reklamą. zamieszczam logi frst. Dzieje się tak od wczoraj tj 14.12.2022

 

Addition.txt FRST.txt

[jessica]

Jest infekcja.

 

Uruchom FRST. 
Skopiuj to poniższe: (ale nigdzie nie wklejaj tego!) - FRST sam znajdzie "fixlist" w schowku systemowym

Spoiler

START::
HKU\S-1-5-21-3395532605-2329591853-616625193-1001\...\Run: [PC] => explorer.exe hxxp://dinoraptzor.org (Brak pliku) <==== UWAGA
Task: {548511A1-6513-40FA-88AE-139BC2254604} - System32\Tasks\PC => cmd.exe /c REG ADD HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /f /v PC /t REG_SZ /d "explorer.exe hxxp://dinoraptzor.org" <==== UWAGA
AutoConfigURL: [{72E77982-4CAE-430B-B079-519D13F486D4}] => hxxp://proxy.umlub.pl/studenci.cfg <==== UWAGA
AutoConfigURL: [S-1-5-21-3395532605-2329591853-616625193-1001] => hxxp://proxy.umlub.pl/studenci.cfg <==== UWAGA
ManualProxies: 0hxxp://proxy.umlub.pl/studenci.cfg <==== UWAGA
S3 rsDwf; \SystemRoot\system32\DRIVERS\rsDwf.sys [X]
HKU\S-1-5-21-3395532605-2329591853-616625193-1001\...\Policies\Explorer: [DisallowRun] 1
HKU\S-1-5-21-3395532605-2329591853-616625193-1001\...\Policies\Explorer\DisallowRun: [1] eav_trial_rus.exe
HKU\S-1-5-21-3395532605-2329591853-616625193-1001\...\Policies\Explorer\DisallowRun: [2] avast_free_antivirus_setup_online.exe
HKU\S-1-5-21-3395532605-2329591853-616625193-1001\...\Policies\Explorer\DisallowRun: [3] eis_trial_rus.exe
HKU\S-1-5-21-3395532605-2329591853-616625193-1001\...\Policies\Explorer\DisallowRun: [4] essf_trial_rus.exe
HKU\S-1-5-21-3395532605-2329591853-616625193-1001\...\Policies\Explorer\DisallowRun: [5] hitmanpro_x64.exe
HKU\S-1-5-21-3395532605-2329591853-616625193-1001\...\Policies\Explorer\DisallowRun: [6] ESETOnlineScanner_UKR.exe
HKU\S-1-5-21-3395532605-2329591853-616625193-1001\...\Policies\Explorer\DisallowRun: [7] ESETOnlineScanner_RUS.exe
HKU\S-1-5-21-3395532605-2329591853-616625193-1001\...\Policies\Explorer\DisallowRun: [8] HitmanPro.exe
HKU\S-1-5-21-3395532605-2329591853-616625193-1001\...\Policies\Explorer\DisallowRun: [9] 360TS_Setup_Mini.exe
HKU\S-1-5-21-3395532605-2329591853-616625193-1001\...\Policies\Explorer\DisallowRun: [10] Cezurity_Scanner_Pro_Free.exe
FirewallRules: [{0E4AC711-9B53-4F5F-8FF6-C023B244C425}] => (Allow) C:\ProgramData\WindowsTask\AppModule.exe => Brak pliku
FirewallRules: [{E1FB9788-F088-45E0-949B-91215A1AE166}] => (Allow) C:\ProgramData\WindowsTask\AppModule.exe => Brak pliku
FirewallRules: [{EA11AF40-6E0B-4FCA-A8F6-A4BCE84995B4}] => (Allow) C:\ProgramData\WindowsTask\AMD.exe => Brak pliku
FirewallRules: [{E96FF7CB-1236-4847-9547-E9B8739FF215}] => (Allow) C:\ProgramData\WindowsTask\AMD.exe => Brak pliku
FirewallRules: [{7F9F3225-FC23-4D9E-B527-3668C094A95F}] => (Allow) C:\ProgramData\WindowsTask\MicrosoftHost.exe => Brak pliku
FirewallRules: [{792F02BD-4D2E-4674-BE91-A9E3F703A49B}] => (Allow) C:\ProgramData\WindowsTask\MicrosoftHost.exe => Brak pliku
RemoveDirectory: C:\Users\PC\Downloads\FRST-OlderVersion
EmptyTemp:

EmptyEventLogs:
END::

W FRST kliknij na Fix (NAPRAW).

 

Napisz, czy problem znikł?

 

jessi

 

[Wratoka]

Dzień dobry. Tak, problem ustał, nic się nie otwiera. Dziękuję bardzo za pomoc!