samovolná změna domovské stránky - Google Chrome

[vincet]

Dobrý den,

samovolně se mi mění domovská stránka na Google Chromu z www.google.cz na nějaké ruské stránky s adwarem. Nepomohlo ani přeinstalování prohlížeče. Můžu tedy požádat o pomoc?

Předem děkuji za váš čas!

[JaRon]

ahoj,
na zaciatok pouzi JRT - citat:
Junkware removal tool: http://thisisudax.org/downloads/JRT.exe
•Ulozte nejlepe na plochu
•Po spusteni se zobrazi licencni podminky, stisknete libovolnou klavesu
•Probehne vytvoreni zalohy a nasledne prohledavani
•Probehne skenovani a pak se objevi log, pripadne bude ulozen v c:\JRT jako JRT.txt, ten sem vlozte.

[vincet]

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.0.7 (07.03.2016)
Operating System: Windows 7 Home Premium x64
Ran by Vˇtek (Administrator) on źt 04.08.2016 at 14:17:11,51
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




File System: 25

Successfully deleted: C:\ProgramData\mntemp (File)
Successfully deleted: C:\Users\Vˇtek\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\04ZH73N6 (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Vˇtek\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0PS72R2M (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Vˇtek\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\62AXOPQ5 (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Vˇtek\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\A1R89IUU (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Vˇtek\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FM283WUS (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Vˇtek\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FZG8CKJ5 (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Vˇtek\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JRVS8MXV (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Vˇtek\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LIXMVQOA (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Vˇtek\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\S653MXMZ (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Vˇtek\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TVA2EP87 (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Vˇtek\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UB2W8IUX (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Vˇtek\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XYKHGNKQ (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\04ZH73N6 (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0PS72R2M (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\62AXOPQ5 (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\A1R89IUU (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FM283WUS (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FZG8CKJ5 (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JRVS8MXV (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LIXMVQOA (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\S653MXMZ (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TVA2EP87 (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UB2W8IUX (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XYKHGNKQ (Temporary Internet Files Folder)

Deleted the following from C:\Users\Vˇtek\AppData\Roaming\Mozilla\Firefox\Profiles\ca5cvw5r.default\prefs.js
user_pref(browser.search.defaulturl, hxxp://search.seznam.cz/?sourceid=quicksearch_22668&q={searchTerms}&);
user_pref(keyword.URL, hxxp://search.seznam.cz/?sourceid=quicksearch_22668&q={searchTerms}&);



Registry: 3

Successfully deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Run\\tmp8C67 (Registry Value)
Successfully deleted: HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95E84BD3-3604-4AAC-B2CA-D9AC3E55B64B} (Registry Key)
Successfully deleted: HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95E84BD3-3604-4AAC-B2CA-D9AC3E55B64B} (Registry Key)




~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on źt 04.08.2016 at 14:20:32,86
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

[JaRon]

- ak sa stav zlepsil, hotovo
- ak nie, vycisti este s ADWCleanerom

[vincet]

No pomohlo, to nevím...problém byl asi jinde. Vir udělal na ploše nakaženou ikonu Chromu (tu, přes kterou jsem ,,Chrome" spouštěl), která odkazovala na složku v AppData a tam je složka HPRewriter a v ní byly tři soubory - uninstall.exe (ten antivir hnedka označil jako hrozbu a přemístil jej do truhly), RewRun3.exe a HPWriterSrv2.exe (tyto dva ani smazat nejdou). Hledal jsem ty soubory na internetu, ale nikde o nich není ani zmínka. Co teď?

[vincet]

Předtím jsem dělal ještě hloubkový test Avastem po restartu a pak až AdwCleaner.

[JaRon]

Subory skus zmazat v nudzovom rezime PC
Ak budu este nejske problemy,vloz log FRST