Vyskakování oken v prohlížeči

[stargate17]

no, zatím nic nevyskočilo, tak uvidíme, napíšu ještě zítra touhle dobou, jestli je to vážně v pohodě každopádně děkuju moc za ochotu <3

[stargate17]

tak ne, není to v pohodě, okna vyskakují opět

[Conder]

Da sa spustit FRST v normalnom rezime? Ak ano, skus urobit sken a poslat logy.

[stargate17]

Nedá, všechno je stejné jako předtím, po zlomku vteřiny se okno zase zavře

[Conder]

Otvor poznamkovy blok (Win+R -> notepad -> enter)

• Skopiruj nasledujuci text a vloz ho do poznamkoveho bloku:

  Kód: Vybrat vše

  Start
  CloseProcesses:
  CreateRestorePoint:
  
  File: C:\Users\Uzivatel\Ieuunekrioy.exe
  File: C:\Program Files (x86)\Common Files\LaaSxsu.exe
  File: C:\Users\Uzivatel\AppData\Roaming\BwYLTEF.exe
  
  2017-09-29 15:42 - 2017-09-29 15:42 - 000174592 ____N (Microsoft Corporation) C:\Users\Uzivatel\Ieuunekrioy.exe
  2017-09-29 15:42 - 2017-09-29 15:42 - 000059904 ____N (Microsoft Corporation) C:\Program Files (x86)\Common Files\LaaSxsu.exe
  2017-09-29 15:42 - 2017-09-29 15:42 - 000059904 ____N (Microsoft Corporation) C:\Users\Uzivatel\AppData\Roaming\BwYLTEF.exe
  
  Hosts:
  EmptyTemp:
  End

• Uloz na plochu s nazvom fixlist.txt
• Spusti znovu FRST a klikni na Fix
• Po dokonceni si FRST vyziada restart PC, potvrd kliknutim na OK
• Po restartovani PC bude na ploche subor Fixlog.txt, jeho obsah sem skopiruj

[stargate17]

Fix result of Farbar Recovery Scan Tool (x64) Version: 21.07.2018
Ran by Uzivatel (29-07-2018 20:30:47) Run:2
Running from C:\Users\Uzivatel\Desktop
Loaded Profiles: Uzivatel (Available Profiles: Uzivatel)
Boot Mode: Safe Mode (with Networking)
==============================================

fixlist content:
*****************
Start
CloseProcesses:
CreateRestorePoint:

File: C:\Users\Uzivatel\Ieuunekrioy.exe
File: C:\Program Files (x86)\Common Files\LaaSxsu.exe
File: C:\Users\Uzivatel\AppData\Roaming\BwYLTEF.exe

2017-09-29 15:42 - 2017-09-29 15:42 - 000174592 ____N (Microsoft Corporation) C:\Users\Uzivatel\Ieuunekrioy.exe
2017-09-29 15:42 - 2017-09-29 15:42 - 000059904 ____N (Microsoft Corporation) C:\Program Files (x86)\Common Files\LaaSxsu.exe
2017-09-29 15:42 - 2017-09-29 15:42 - 000059904 ____N (Microsoft Corporation) C:\Users\Uzivatel\AppData\Roaming\BwYLTEF.exe

Hosts:
EmptyTemp:
End
*****************

Processes closed successfully.
Error: Restore point can only be created in normal mode.

========================= File: C:\Users\Uzivatel\Ieuunekrioy.exe ========================

C:\Users\Uzivatel\Ieuunekrioy.exe
File is digitally signed
MD5: C2E0CC069248551E1E7CC66932227382
Creation and modification date: 2017-09-29 15:42 - 2017-09-29 15:42
Size: 000174592
Attributes: ----N
Company Name: Microsoft Corporation
Internal Name: bitsadmin.exe
Original Name: bitsadmin.exe
Product: Microsoft® Windows® Operating System
Description: BITS administration utility
File Version: 7.8.16299.15 (WinBuild.160101.0800)
Product Version: 7.8.16299.15
Copyright: © Microsoft Corporation. All rights reserved.
VirusTotal: https://www.virustotal.com/file/1479b1f ... 532849516/

====== End of File: ======


========================= File: C:\Program Files (x86)\Common Files\LaaSxsu.exe ========================

C:\Program Files (x86)\Common Files\LaaSxsu.exe
File is digitally signed
MD5: 7DBC24D758B0A77F6FE7E96E236BBE2B
Creation and modification date: 2017-09-29 15:42 - 2017-09-29 15:42
Size: 000059904
Attributes: ----N
Company Name: Microsoft Corporation
Internal Name: msiexec
Original Name: msiexec.exe
Product: Windows Installer - Unicode
Description: Windows® installer
File Version: 5.0.16299.15 (WinBuild.160101.0800)
Product Version: 5.0.16299.15
Copyright: © Microsoft Corporation. All rights reserved.
VirusTotal: https://www.virustotal.com/file/8761879 ... 532849722/

====== End of File: ======


========================= File: C:\Users\Uzivatel\AppData\Roaming\BwYLTEF.exe ========================

C:\Users\Uzivatel\AppData\Roaming\BwYLTEF.exe
File is digitally signed
MD5: 7DBC24D758B0A77F6FE7E96E236BBE2B
Creation and modification date: 2017-09-29 15:42 - 2017-09-29 15:42
Size: 000059904
Attributes: ----N
Company Name: Microsoft Corporation
Internal Name: msiexec
Original Name: msiexec.exe
Product: Windows Installer - Unicode
Description: Windows® installer
File Version: 5.0.16299.15 (WinBuild.160101.0800)
Product Version: 5.0.16299.15
Copyright: © Microsoft Corporation. All rights reserved.
VirusTotal: https://www.virustotal.com/file/8761879 ... 532849722/

====== End of File: ======

C:\Users\Uzivatel\Ieuunekrioy.exe => moved successfully
C:\Program Files (x86)\Common Files\LaaSxsu.exe => moved successfully
C:\Users\Uzivatel\AppData\Roaming\BwYLTEF.exe => moved successfully
C:\Windows\System32\Drivers\etc\hosts => moved successfully
Hosts restored successfully.

=========== EmptyTemp: ==========

BITS transfer queue => 11034624 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 10559242 B
Java, Flash, Steam htmlcache => 0 B
Windows/system/drivers => 109523 B
Edge => 0 B
Chrome => 123019059 B
Firefox => 24410971 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 0 B
LocalService => 0 B
NetworkService => 4420 B
Uzivatel => 5325971 B

RecycleBin => 4238288579 B
EmptyTemp: => 4.1 GB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 20:31:38 ====

[stargate17]

Vypadá to nadějně, protože se mi poprvé podařilo jenom pro kontrolu spustit frst v normálním režimu ještě zítra nebo pozítří napíšu, jestli je všechno ok každopádně děkuju

[stargate17]

tak ne, okna vyskakují pořád, jediný rozdíl je to spuštění frst v normálním režimu

[Conder]

Stiahni a uloz na plochu ESET Online Scanner

• Odsuhlas licencne podmienky
• Vyber moznost Zapnut detekciu potencialne nechcenych aplikacii
• Otvor rozsirene nastavenia
• Zaskrtni prvu moznost Zapnut detekciu potenciale zneuzitelnych aplikacii
• Klikni na Spustit
• Pockaj na dokoncenie - tento sken moze trvat aj niekolko hodin
• V pripade nalezov:
  • Klikni na Ulozit do textoveho suboru, napis nazov napr. "eset" a uloz log na plochu
  • Obsah tohto logu sem skopiruj

[stargate17]

C:\FRST\Quarantine\C\USERS\UZIVATEL\APPDATA\LOCAL\REMOTE NET.ASSISTANCE\000001R.ZIP.xBAD varianta infiltrace Win64/CoinMiner.BX potenciálně nechtěná aplikace
C:\Users\Uzivatel\AppData\Roaming\uTorrent\updates\3.4.9_42606.exe Win32/OpenCandy.J potenciálně zneužitelná aplikace,je v pořádku

[Conder]

Vyskusaj PC precistit AdwCleanerom:

Stiahni AdwCleaner: https://toolslib.net/downloads/finish/1/

• Uloz na plochu a ukonci vsetky programy
• Spusti AdwCleaner ako spravca
• Odsuhlas licencne podmienky
• Klikni na Skenovat nyni (Scan now) a pockaj na dokoncenie
• Nechaj zaskrtnute vsetky nalezy
• Klikni na Cisteni a opravy (Clean and Repair) a potvrd restart PC teraz
• Po restartovani PC sa otvori AdwCleaner, klikni na Zobrazit soubor protokolu
• Otvori sa log, jeho obsah sem skopiruj

[stargate17]

# -------------------------------
# Malwarebytes AdwCleaner 7.2.2.0
# -------------------------------
# Build: 07-17-2018
# Database: 2018-07-25.1
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Clean
# -------------------------------
# Start: 08-03-2018
# Duration: 00:00:10
# OS: Windows 10 Home
# Cleaned: 1
# Failed: 0


***** [ Services ] *****

No malicious services cleaned.

***** [ Folders ] *****

Deleted C:\Users\Uzivatel\YTDownloader

***** [ Files ] *****

No malicious files cleaned.

***** [ DLL ] *****

No malicious DLLs cleaned.

***** [ WMI ] *****

No malicious WMI cleaned.

***** [ Shortcuts ] *****

No malicious shortcuts cleaned.

***** [ Tasks ] *****

No malicious tasks cleaned.

***** [ Registry ] *****

No malicious registry entries cleaned.

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries cleaned.

***** [ Chromium URLs ] *****

No malicious Chromium URLs cleaned.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries cleaned.

***** [ Firefox URLs ] *****

No malicious Firefox URLs cleaned.


*************************

[+] Delete Tracing Keys
[+] Reset Winsock

*************************

AdwCleaner[S00].txt - [5942 octets] - [05/07/2018 10:44:26]
AdwCleaner[S01].txt - [6003 octets] - [07/07/2018 18:15:00]
AdwCleaner[C01].txt - [5371 octets] - [07/07/2018 18:16:57]
AdwCleaner[S02].txt - [25631 octets] - [24/07/2018 20:04:35]
AdwCleaner[C02].txt - [22630 octets] - [24/07/2018 20:05:36]
AdwCleaner[S03].txt - [1584 octets] - [03/08/2018 20:59:25]

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C03].txt ##########

[stargate17]

ale žádná změna

[Conder]

V akych prehliadacoch vyskakuju tie okna? Len v Chrome?

Zresetuj Chrome na predvolene nastavenia: Nastavenia -> Rozsirene -> Obnovenie povodnych predvolenych nastaveni (predposledna polozka uplne na konci) -> Resetovat nastavenia.

Vytvor a posli nove logy z FRST (z normalneho rezimu).

[stargate17]

Žádná změna... Ano, spouští se to jenom v Chromu, ale to asi proto, že ho mám jako výchozí prohlížeč...