VIRY.CZ

Dobrý den, dostal se mi do PC nějaký adware a avast každou chvíli zachytí nějakou hrozbu spojenou s adwerem, děkuji za pomoc.

RSIT log: https://hastebin.com/yenobesopu.tex
RSIT info: https://hastebin.com/wuvawanixe.sql

FRST: https://hastebin.com/rekulebofo.tex

Zdravím!
Spusťte tuto utilitu:

Stáhněte AdwCleaner https://toolslib.net/downloads/viewdown ... dwcleaner/
Uložte na plochu
Ukončete všechny programy
Klikněte nejprve na >Scan<(hledání) a pak na >Clean< (mazání).
Proběhne skenováni a pak se objeví log, který sem vložte.

Zde log: https://hastebin.com/awicakexar.tex

Dejte nový log FRST.

Log: https://hastebin.com/etadacoquq.tex

Otevřte poznámkový blok a zkopírujte do něj:

Start
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page =
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKU\S-1-5-21-3321698757-2860505083-3092554707-1001\Software\Microsoft\Internet Explorer\Main,Start Page =
Edge HomeButtonPage: HKU\S-1-5-21-3321698757-2860505083-3092554707-1001 -> hxxp://www.startpageing123.com/?type=hp&ts=148 ... 016X120AGN
CHR Profile: C:\Users\Gasour\AppData\Local\Google\Chrome\User Data\ChromeDefaultData [2017-03-06] <==== ATTENTION

EmptyTemp:
End

Uložte na plochu jako fixlist.txt. Spusťte znovu FRST a klikněte na >Fix<. Po skončení akce se objeví log, který sem zkopírujte.

Fix result of Farbar Recovery Scan Tool (x64) Version: 12-03-2017
Ran by Gasour (12-03-2017 19:42:20) Run:1
Running from C:\Users\Gasour\Desktop
Loaded Profiles: Gasour (Available Profiles: defaultuser0 & Gasour)
Boot Mode: Normal
==============================================

fixlist content:
*****************
Start
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page =
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKU\S-1-5-21-3321698757-2860505083-3092554707-1001\Software\Microsoft\Internet Explorer\Main,Start Page =
Edge HomeButtonPage: HKU\S-1-5-21-3321698757-2860505083-3092554707-1001 -> hxxp://www.startpageing123.com/?type=hp ... 016X120AGN
CHR Profile: C:\Users\Gasour\AppData\Local\Google\Chrome\User Data\ChromeDefaultData [2017-03-06] <==== ATTENTION

EmptyTemp:
End
*****************

HKLM\Software\\Microsoft\Internet Explorer\Main\\Start Page => value restored successfully
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Start Page => value restored successfully
HKLM\Software\\Microsoft\Internet Explorer\Main\\Search Page => value restored successfully
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Search Page => value restored successfully
HKLM\Software\\Microsoft\Internet Explorer\Main\\Default_Page_URL => value restored successfully
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Page_URL => value restored successfully
HKLM\Software\\Microsoft\Internet Explorer\Main\\Default_Search_URL => value restored successfully
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Search_URL => value restored successfully
HKU\S-1-5-21-3321698757-2860505083-3092554707-1001\Software\Microsoft\Internet Explorer\Main\\Start Page => value restored successfully
HKU\S-1-5-21-3321698757-2860505083-3092554707-1001\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Main\\HomeButtonPage => value removed successfully
C:\Users\Gasour\AppData\Local\Google\Chrome\User Data\ChromeDefaultData => moved successfully

=========== EmptyTemp: ==========

BITS transfer queue => 569585 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 10875350 B
Java, Flash, Steam htmlcache => 138828340 B
Windows/system/drivers => 139911759 B
Edge => 9307631 B
Chrome => 1109122845 B
Firefox => 0 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 2874 B
LocalService => 9898 B
NetworkService => 50104 B
defaultuser0 => 128 B
Gasour => 89691570 B

RecycleBin => 0 B
EmptyTemp: => 1.4 GB temporary data Removed.

================================

The system needed a reboot.

==== End of Fixlog 19:42:36 ====

Smazáno. Nastala nějaká změna?

Avast zatím nic nového nenahlásil a prohlížeče také vypadají čistě. Děkuji za pomoc.

To jsem rád. Nemáte zač!

VIRY.CZ

Adware, startpageing123, Kyubey.exe

Adware, startpageing123, Kyubey.exe

Re: Adware, startpageing123, Kyubey.exe

Re: Adware, startpageing123, Kyubey.exe

Re: Adware, startpageing123, Kyubey.exe

Re: Adware, startpageing123, Kyubey.exe

Re: Adware, startpageing123, Kyubey.exe

Re: Adware, startpageing123, Kyubey.exe

Re: Adware, startpageing123, Kyubey.exe

Re: Adware, startpageing123, Kyubey.exe

Re: Adware, startpageing123, Kyubey.exe