VIRY.CZ

Dobrý den,
asi již dva dny pozoruji divné chování u PC.
Poprvé jsem si toho všiml, když během sledování filmu vyskočila reklama ve vypnutém Firefoxu.
Pokusil jsem se vyhledat nějaké anti-malware a anti-spyware programy, ale pokud jsem to zadal do vyhledávače, tak se Firefox zavřel. Po stažení na jiném PC mi však tyto programy nejdou spusit, pouze probliknou. Ani program FRST nelze spustit.
Bylo to možné až v nouzovém režimu, kde jsem zkusil spustit i A*d*w*cleaner, ale nic nenalezl. Zkoušel jsem další programy, ale také nic.
Logy z FRST přikládám.
Děkuji za jakoukoli pomoc a radu.
Martin

Po odeslání příspěvku, jsem nebyl ani schopen se na něj podívat, Firefox se pořád zavíral.
Zkusil jsem se na PC odhlásit a přihlásit jako Guest. Spustil jsem Malwarebytes a kupodivu fungoval.
Nalezl Trojan.StartPage.BatBitRst. Po odstranění se zdá, že vše funguje jak má.
Omlouvám se za poplašnou žádost o pomoc. Třeba toto řešení někomu pomůže.

Zdravím!
Spusťte tuto utilitu:

Ulozte na plochu AdwCleaner https://malwarebytes.com/adwcleaner/ nebo http://www.bleepingcomputer.com/download/adwcleaner/

ukoncete vsechny programy
odsouhlaste licencni podmiky (EULA) klikem na Souhlasim
kliknete pravym na ikonu AdwCleaneru a vyberte Spustit jako spravce (v pripade Win XP spustte obycejne dvojklikem)
kliknete na Skenovat nyni (Scan now), pote na Cisteni a opravy (Clean and Repair)
po restartu na Vas vyskoci log (pripadne jej najdete v C:\AdwCleaner\Logs\AdwCleaner[Cxx].txt), jehoz obsah zkopirujte do pristi odpovedi

# -------------------------------
# Malwarebytes AdwCleaner 7.2.2.0
# -------------------------------
# Build: 07-17-2018
# Database: 2018-08-24.1
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Clean
# -------------------------------
# Start: 08-27-2018
# Duration: 00:00:00
# OS: Windows 7 Professional
# Cleaned: 1
# Failed: 0


***** [ Services ] *****

No malicious services cleaned.

***** [ Folders ] *****

No malicious folders cleaned.

***** [ Files ] *****

No malicious files cleaned.

***** [ DLL ] *****

No malicious DLLs cleaned.

***** [ WMI ] *****

No malicious WMI cleaned.

***** [ Shortcuts ] *****

No malicious shortcuts cleaned.

***** [ Tasks ] *****

No malicious tasks cleaned.

***** [ Registry ] *****

Deleted HKLM\Software\Reimage

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries cleaned.

***** [ Chromium URLs ] *****

No malicious Chromium URLs cleaned.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries cleaned.

***** [ Firefox URLs ] *****

No malicious Firefox URLs cleaned.


*************************

[+] Delete Tracing Keys
[+] Reset Winsock

*************************

AdwCleaner[S00].txt - [1266 octets] - [27/08/2018 19:30:40]

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C00].txt ##########

Dejte nový log FRST.

Nový log z FRST...

Otevřte poznámkový blok a zkopírujte do něj:

Start

CloseProcesses:
HKLM-x32\...\Run: [] => [X]
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-21-4198378926-2468882242-2286024969-1000\...\MountPoints2: {00453e0b-1c62-11e7-8992-94de8079524e} - F:\HiSuiteDownLoader.exe
HKU\S-1-5-21-4198378926-2468882242-2286024969-1000\...\MountPoints2: {805b927f-ed0f-11e6-b438-94de8079524e} - J:\HiSuiteDownLoader.exe
HKU\S-1-5-21-4198378926-2468882242-2286024969-1000\...\MountPoints2: {9382e8ac-e943-11e7-98b4-94de8079524e} - F:\HiSuiteDownLoader.exe
HKU\S-1-5-21-4198378926-2468882242-2286024969-1000\...\MountPoints2: {9a13a622-efa5-11e6-8255-94de8079524e} - K:\setup.exe
HKU\S-1-5-21-4198378926-2468882242-2286024969-1000\...\MountPoints2: {baff36bb-c4e7-11e6-beed-94de8079524e} - F:\setup.exe
HKU\S-1-5-21-4198378926-2468882242-2286024969-1000\...\MountPoints2: {e9221520-fb27-11e6-b03b-94de8079524e} - I:\HiSuiteDownLoader.exe
HKU\S-1-5-21-4198378926-2468882242-2286024969-1000\...\MountPoints2: {ed19c821-d5b7-11e6-80b4-94de8079524e} - I:\LG_PC_Programs.exe
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]

EmptyTemp:
Hosts:
End

Uložte do D:\PC\Malware jako fixlist.txt. Spusťte znovu FRST a klikněte na >Fix<. Po skončení akce se objeví log, který sem zkopírujte.

Fix result of Farbar Recovery Scan Tool (x64) Version: 23.08.2018
Ran by Martin (28-08-2018 20:23:41) Run:1
Running from D:\PC\Malware
Loaded Profiles: Martin (Available Profiles: Martin & Guest)
Boot Mode: Normal
==============================================

fixlist content:
*****************
Start

CloseProcesses:
HKLM-x32\...\Run: [] => [X]
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-21-4198378926-2468882242-2286024969-1000\...\MountPoints2: {00453e0b-1c62-11e7-8992-94de8079524e} - F:\HiSuiteDownLoader.exe
HKU\S-1-5-21-4198378926-2468882242-2286024969-1000\...\MountPoints2: {805b927f-ed0f-11e6-b438-94de8079524e} - J:\HiSuiteDownLoader.exe
HKU\S-1-5-21-4198378926-2468882242-2286024969-1000\...\MountPoints2: {9382e8ac-e943-11e7-98b4-94de8079524e} - F:\HiSuiteDownLoader.exe
HKU\S-1-5-21-4198378926-2468882242-2286024969-1000\...\MountPoints2: {9a13a622-efa5-11e6-8255-94de8079524e} - K:\setup.exe
HKU\S-1-5-21-4198378926-2468882242-2286024969-1000\...\MountPoints2: {baff36bb-c4e7-11e6-beed-94de8079524e} - F:\setup.exe
HKU\S-1-5-21-4198378926-2468882242-2286024969-1000\...\MountPoints2: {e9221520-fb27-11e6-b03b-94de8079524e} - I:\HiSuiteDownLoader.exe
HKU\S-1-5-21-4198378926-2468882242-2286024969-1000\...\MountPoints2: {ed19c821-d5b7-11e6-80b4-94de8079524e} - I:\LG_PC_Programs.exe
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]

EmptyTemp:
Hosts:
End
*****************

Processes closed successfully.
"HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\" => removed successfully
"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender" => removed successfully
"HKU\S-1-5-21-4198378926-2468882242-2286024969-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{00453e0b-1c62-11e7-8992-94de8079524e}" => removed successfully
HKLM\Software\Classes\CLSID\{00453e0b-1c62-11e7-8992-94de8079524e} => not found
"HKU\S-1-5-21-4198378926-2468882242-2286024969-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{805b927f-ed0f-11e6-b438-94de8079524e}" => removed successfully
HKLM\Software\Classes\CLSID\{805b927f-ed0f-11e6-b438-94de8079524e} => not found
"HKU\S-1-5-21-4198378926-2468882242-2286024969-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9382e8ac-e943-11e7-98b4-94de8079524e}" => removed successfully
HKLM\Software\Classes\CLSID\{9382e8ac-e943-11e7-98b4-94de8079524e} => not found
"HKU\S-1-5-21-4198378926-2468882242-2286024969-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9a13a622-efa5-11e6-8255-94de8079524e}" => removed successfully
HKLM\Software\Classes\CLSID\{9a13a622-efa5-11e6-8255-94de8079524e} => not found
"HKU\S-1-5-21-4198378926-2468882242-2286024969-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{baff36bb-c4e7-11e6-beed-94de8079524e}" => removed successfully
HKLM\Software\Classes\CLSID\{baff36bb-c4e7-11e6-beed-94de8079524e} => not found
"HKU\S-1-5-21-4198378926-2468882242-2286024969-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e9221520-fb27-11e6-b03b-94de8079524e}" => removed successfully
HKLM\Software\Classes\CLSID\{e9221520-fb27-11e6-b03b-94de8079524e} => not found
"HKU\S-1-5-21-4198378926-2468882242-2286024969-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ed19c821-d5b7-11e6-80b4-94de8079524e}" => removed successfully
HKLM\Software\Classes\CLSID\{ed19c821-d5b7-11e6-80b4-94de8079524e} => not found
"HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE" => removed successfully
"HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE" => removed successfully
C:\Windows\System32\Drivers\etc\hosts => moved successfully
Hosts restored successfully.

=========== EmptyTemp: ==========

BITS transfer queue => 8388608 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 6913724 B
Java, Flash, Steam htmlcache => 165974982 B
Windows/system/drivers => 354489 B
Edge => 0 B
Chrome => 0 B
Firefox => 393566703 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Users => 0 B
Default => 0 B
Public => 0 B
ProgramData => 0 B
systemprofile => 33253 B
systemprofile32 => 33125 B
LocalService => 33125 B
NetworkService => 33125 B
Martin => 7196146 B
Guest => 120073 B

RecycleBin => 0 B
EmptyTemp: => 555.7 MB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 20:23:58 ====

Smazáno. Nastala nějaká změna?

Po restartu ihned proběhlo stažení a aktualizace Windows.
Problém s vyskakujícím oknem se již nevyskytl, PC se chová standardně.
Díky za pomoc a hlavně za toto fórum. Dobrá práce !!!

Rádo se stalo!