Problem z uruchomieniem systemu , wyskakujący malware.

[Scarface]

Witam, od kilku dni występuje problem z prawidłowym uruchamianiem systemu,  nie uruchamia się do końca. Startuje po ponownym restarcie. Ponadto teraz od dwóch dni po uruchomieniu, uruchamia się od razu po logowaniu jakaś strona, którą blokuje chrome. Proszę o sprawdzenie logów.

Addition.txt FRST.txt Shortcut.txt

[jessica]

1)

Cytat

SpyHunter 5 (HKLM-x32\...\SpyHunter5) (Version: 5.12.28.283 - EnigmaSoft Limited)

To nie jest program godny zaufania.

Spróbuj odinstalować w ten sposób:
kliknij na tę ikonkę C:\Users\nazwa Użytkownika\Start Menu\Programs\SpyHunter\Uninstall.lnk (czyli >>START >>Programy>>SpyHunter>>Uninstall)
wyskoczy okienko, ale zamiast klikać wielki zielony guzik "continue" kliknij "no, thanks". To drugie odinstalowuje.

---------------------------

 

2) Infekcja jest, więc:

Uruchom FRST. 
Skopiuj to poniższe: (ale nigdzie nie wklejaj tego!) - FRST sam znajdzie "fixlist" w schowku systemowym

Spoiler

START::
HKU\S-1-5-21-2277654708-3986498821-1161186268-1002\...\Run: [scarf] => cmd.exe /c start www.dipladoks.org (Brak pliku)
Task: {1FFC85E3-D660-4C09-8F1A-F5D3B2AC20CB} - System32\Tasks\scarf => cmd.exe /c REG ADD HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /f /v scarf /t REG_SZ /d "cmd.exe /c start www.dipladoks.org"
RemoveDirectory: C:\Program Files\EnigmaSoft
S2 EsgShKernel; C:\Program Files\EnigmaSoft\SpyHunter\ShKernel.exe [17456368 2022-09-05] (EnigmaSoft Limited -> EnigmaSoft Limited)
R2 ShMonitor; C:\Program Files\EnigmaSoft\SpyHunter\ShMonitor.exe [537840 2022-09-05] (EnigmaSoft Limited -> EnigmaSoft Limited)
S3 AscFileFilter; \??\D:\Użytki\Advanced SystemCare Ultimate\drivers\win10_amd64\AscFileFilter.sys [X]
S3 AscRegistryFilter; \??\D:\Użytki\Advanced SystemCare Ultimate\drivers\win10_amd64\AscRegistryFilter.sys [X]
S3 cpuz145; \??\C:\WINDOWS\temp\cpuz145\cpuz145_x64.sys [X]
S3 iobit_monitor_server; \??\D:\Użytki\Advanced SystemCare Ultimate\drivers\Monitor_win10_x64.sys [X]
S3 MpKsl00b64f4e; \??\C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{93235D0E-30E9-4954-83F8-B5AA66FB3B06}\MpKslDrv.sys [X]
2022-09-05 13:54 - 2022-09-05 13:54 - 000001061 _____ C:\Users\Public\Desktop\SpyHunter5.lnk
2022-09-05 13:54 - 2022-09-05 13:54 - 000000000 ____D C:\sh5ldr
2022-09-05 13:54 - 2022-09-05 13:54 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EnigmaSoft
2022-09-05 13:54 - 2022-09-05 13:54 - 000000000 ____D C:\ProgramData\EnigmaSoft Limited
2022-09-05 13:53 - 2022-09-05 13:53 - 000000000 ____D C:\Program Files\EnigmaSoft
2022-09-05 13:51 - 2022-09-05 13:51 - 000004304 _____ C:\Users\scarf\Downloads\[nitro.to] SpyHunter 4.18.9.4384 [ENG].torrent
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SpyHunter5.lnk
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EnigmaSoft\SpyHunter5.lnk
C:\Users\Public\Desktop\SpyHunter5.lnk
FirewallRules: [{EB3242EA-29EC-449D-8D69-414E2AF4C4E8}] => (Allow) C:\Users\scarf\AppData\Local\Temp\7zS492F\HPDiagnosticCoreUI.exe => Brak pliku
FirewallRules: [{2266680B-AF84-4EC5-832A-99830E204AF3}] => (Allow) C:\Users\scarf\AppData\Local\Temp\7zS492F\HPDiagnosticCoreUI.exe => Brak pliku
FirewallRules: [{89AE2853-AA9F-4890-8F04-2B814240CAC7}] => (Allow) C:\Users\scarf\AppData\Local\Temp\7zS4BE3\HPDiagnosticCoreUI.exe => Brak pliku
FirewallRules: [{618A428C-D75F-43A4-9960-3BE3C71F0905}] => (Allow) C:\Users\scarf\AppData\Local\Temp\7zS4BE3\HPDiagnosticCoreUI.exe => Brak pliku
FirewallRules: [{D2C67283-B9D6-4595-8661-42588A2A239E}] => (Block) D:\Gry\American Truck Simulator Colorado\bin\win_x64\amtrucks.exe => Brak pliku
FirewallRules: [TCP Query User{C70F9ADD-73E4-43B3-8681-F66FC29B0C1D}C:7\forzahorizon5.exe] => (Allow) C:7\forzahorizon5.exe => Brak pliku
FirewallRules: [UDP Query User{0B18A4FA-5C08-4EEC-98EC-175D6B30920E}C:7\forzahorizon5.exe] => (Allow) C:7\forzahorizon5.exe => Brak pliku
FirewallRules: [TCP Query User{E3B97D73-C15A-4D56-B192-ACB48A292DAE}D:2\forzahorizon5.exe] => (Allow) D:2\forzahorizon5.exe => Brak pliku
FirewallRules: [UDP Query User{D6D2456A-D558-4B82-B9D3-8509C6696151}D:2\forzahorizon5.exe] => (Allow) D:2\forzahorizon5.exe => Brak pliku
FirewallRules: [TCP Query User{96CD04EC-15BC-4866-94FA-C9A19E494A77}C:1\forzahorizon5.exe] => (Allow) C:1\forzahorizon5.exe => Brak pliku
FirewallRules: [UDP Query User{C7662594-6916-41B1-970D-C14DC3ADD19C}C:1\forzahorizon5.exe] => (Allow) C:1\forzahorizon5.exe => Brak pliku
FirewallRules: [TCP Query User{DDAB1DF1-C0C4-4542-966F-1B36A027C4C6}D:0\forzahorizon5.exe] => (Allow) D:0\forzahorizon5.exe => Brak pliku
FirewallRules: [UDP Query User{2CFA2CCE-90EB-4E67-B557-B7150270F4D7}D:0\forzahorizon5.exe] => (Allow) D:0\forzahorizon5.exe => Brak pliku
FirewallRules: [TCP Query User{CD63CEA8-0379-4A6E-8792-9FBAF40BDBBF}C:3\forzahorizon5.exe] => (Allow) C:3\forzahorizon5.exe => Brak pliku
FirewallRules: [UDP Query User{FB331309-D0C8-41C4-ABE0-8BFC09D1C73C}C:3\forzahorizon5.exe] => (Allow) C:3\forzahorizon5.exe => Brak pliku
FirewallRules: [TCP Query User{D28C57BA-1599-4D4B-A2E2-511B44D2B7C7}D:8\forzahorizon5.exe] => (Allow) D:8\forzahorizon5.exe => Brak pliku
FirewallRules: [UDP Query User{0A8177DE-DE55-4DC5-A10C-45FCBC12EA40}D:8\forzahorizon5.exe] => (Allow) D:8\forzahorizon5.exe => Brak pliku
FirewallRules: [TCP Query User{18569677-8664-41C8-8519-3DFBF38927A4}C:9\forzahorizon5.exe] => (Allow) C:9\forzahorizon5.exe => Brak pliku
FirewallRules: [UDP Query User{C458C236-0733-4672-B01A-DC3EADEDBEC8}C:9\forzahorizon5.exe] => (Allow) C:9\forzahorizon5.exe => Brak pliku
FirewallRules: [TCP Query User{67C38744-9C2E-484B-9026-F6E8BBC52C41}D:1\forzahorizon5.exe] => (Allow) D:1\forzahorizon5.exe => Brak pliku
FirewallRules: [UDP Query User{F2AEAE3B-DAE7-4FCA-8FEA-75F241B37D49}D:1\forzahorizon5.exe] => (Allow) D:1\forzahorizon5.exe => Brak pliku
FirewallRules: [TCP Query User{C2C6B578-D14A-4045-B4E1-12B53C00710D}D:3\forzahorizon5.exe] => (Allow) D:3\forzahorizon5.exe => Brak pliku
FirewallRules: [UDP Query User{97AB1CAF-68A3-45F3-9E9E-35DC71606C98}D:3\forzahorizon5.exe] => (Allow) D:3\forzahorizon5.exe => Brak pliku
FirewallRules: [TCP Query User{07890C6E-D6C7-4551-B6FB-FA6195A537E7}C:4\forzahorizon5.exe] => (Allow) C:4\forzahorizon5.exe => Brak pliku
FirewallRules: [UDP Query User{385E5FDA-BA32-494C-AC82-A06A47809303}C:4\forzahorizon5.exe] => (Allow) C:4\forzahorizon5.exe => Brak pliku
FirewallRules: [TCP Query User{B47FE5FE-2987-4FED-8B3B-7E2D235AB122}D:5\forzahorizon5.exe] => (Allow) D:5\forzahorizon5.exe => Brak pliku
FirewallRules: [UDP Query User{62E83FC7-3C4A-4A63-983D-FC3737325DA5}D:5\forzahorizon5.exe] => (Allow) D:5\forzahorizon5.exe => Brak pliku
FirewallRules: [TCP Query User{117AEDD1-B29F-46CD-8EE3-1A83C0380AAC}C:0\forzahorizon5.exe] => (Allow) C:0\forzahorizon5.exe => Brak pliku
FirewallRules: [UDP Query User{698CD681-28F7-40FA-8290-8579B8C6DB4C}C:0\forzahorizon5.exe] => (Allow) C:0\forzahorizon5.exe => Brak pliku
FirewallRules: [TCP Query User{D029237E-12A4-49DB-ACDB-05B6F66FA495}C:5\forzahorizon5.exe] => (Allow) C:5\forzahorizon5.exe => Brak pliku
FirewallRules: [UDP Query User{466C29DF-54B3-4A1C-BB4B-EDF18D333280}C:5\forzahorizon5.exe] => (Allow) C:5\forzahorizon5.exe => Brak pliku
FirewallRules: [TCP Query User{7845CC17-0F82-4797-BEC9-FB2C2B64F311}C:6\forzahorizon5.exe] => (Allow) C:6\forzahorizon5.exe => Brak pliku
FirewallRules: [UDP Query User{39AF4060-6E13-4914-AC1B-32875D7D3D6D}C:6\forzahorizon5.exe] => (Allow) C:6\forzahorizon5.exe => Brak pliku
EmptyEventLogs: 
EmptyTemp:
END::

W FRST kliknij na Fix (NAPRAW).

 

Napisz, czy problem znikł?

 

jessi

[Scarface]

19 minut temu, jessica napisał:

Napisz, czy problem znikł?

 

Po problemie. Dziękuje.