VIRY.CZ

Dobrý den, prosím o kontrolu logu. Jednak se zpomalil NB a pak také z ničeho nic přestal fungovat Bloueooth.Z hodiny na hodinu zmizel a není ani ve správci zařízení vůbec zobrazen. Zkoušel jsem stáhnout ze stránek výrobce ACER a nainstalovat znovu, ale výsledek je 0. Logy přikládám.

Ahoj

Stiahni AdwCleaner: https://toolslib.net/downloads/finish/1/

• Uloz na plochu a ukonci vsetky programy
• Spusti AdwCleaner ako spravca
• Odsuhlas licencne podmienky
• Klikni na Skenovat nyni (Scan now) a pockaj na dokoncenie
• Nechaj zaskrtnute vsetky nalezy
• Klikni na Cisteni a opravy (Clean and Repair) a potvrd restart PC teraz
• Po restartovani PC sa otvori AdwCleaner, klikni na Zobrazit soubor protokolu
• Otvori sa log, jeho obsah sem skopiruj

První zpráva je, že se Bluetooth opět obnovilo a je funkční, i když nevím jakým způsobem-vypnutí a zapnutí NB ?
# -------------------------------
# Malwarebytes AdwCleaner 7.3.0.0
# -------------------------------
# Build: 04-04-2019
# Database: 2019-05-27.1 (Cloud)
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Scan
# -------------------------------
# Start: 06-08-2019
# Duration: 00:00:18
# OS: Windows 10 Pro
# Scanned: 27501
# Detected: 1


***** [ Services ] *****

No malicious services found.

***** [ Folders ] *****

No malicious folders found.

***** [ Files ] *****

No malicious files found.

***** [ DLL ] *****

No malicious DLLs found.

***** [ WMI ] *****

No malicious WMI found.

***** [ Shortcuts ] *****

No malicious shortcuts found.

***** [ Tasks ] *****

No malicious tasks found.

***** [ Registry ] *****

PUP.Optional.ProductSetup.A HKCU\Software\PRODUCTSETUP

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries found.

***** [ Chromium URLs ] *****

No malicious Chromium URLs found.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries found.

***** [ Firefox URLs ] *****

No malicious Firefox URLs found.


AdwCleaner[S00].txt - [1419 octets] - [09/01/2019 17:17:44]
AdwCleaner[C00].txt - [1547 octets] - [09/01/2019 17:18:19]
AdwCleaner[S01].txt - [2576 octets] - [02/06/2019 22:22:20]
AdwCleaner[C01].txt - [2484 octets] - [02/06/2019 22:22:58]

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[S02].txt ##########

Aj to je mozne. Podla logov PC vyzera cisty, len este docistime zbytocnosti.

Poprosim o obidva nove logy z FRST.

log 1

Potrebujem aj hlavny log - FRST.txt. Vytvor a posli logy este raz.

FRST.

Addition

Otvor poznamkovy blok (Win+R -> notepad -> enter)

• Skopiruj nasledujuci text a vloz ho do poznamkoveho bloku:

  Kód: Vybrat vše

  Start
  CloseProcesses:
  CreateRestorePoint:
  
  PowerShell: Get-ChildItem -Path "$ENV:USERPROFILE\Desktop" -Recurse -Force | Measure-Object -Property Length -Sum
  File: C:\Users\ruda6\Downloads\EFClock.exe
  CMD: type "C:\Program Files\Intel\SUR\QUEENCREEK\x64\task.vbs"
  CMD: type "C:\Program Files\mozilla firefox\defaults\pref\kl_prefs_62fbb8f7_c917_4cf7_957a_aad2b8fa768c.js"
  CMD: type "C:\Program Files\mozilla firefox\kl_config_62fbb8f7_c917_4cf7_957a_aad2b8fa768c.cfg"
  CMD: type "C:\Users\ruda6\AppData\Local\temp.bat"
  
  HKU\S-1-5-21-267884743-2030251231-2907502807-1001\...\MountPoints2: {c7d85400-dbe7-11e7-8776-94e97978fbde} - "F:\WD Drive Unlock.exe" autoplay=true
  HKU\S-1-5-21-267884743-2030251231-2907502807-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.bing.com/
  CHR HomePage: Default -> hxxps://www.google.cz/?gfe_rd=cr&ei=X0EGWaPSAYiO8QfXrpjQCw&gws_rd=ssl&pli=1
  CHR StartupUrls: Default -> "hxxps://www.google.cz/?pli=1","hxxps://www.seznam.cz/","hxxp://www.centrum.cz/"
  2019-06-09 17:21 - 2019-06-09 17:21 - 000000000 ____D C:\Users\ruda6\Desktop\FRST-OlderVersion
  ContextMenuHandlers1: [PDFCreator.ShellContextMenu] -> {d9cea52e-100d-4159-89ea-76e845bc13e1} => C:\Program Files\PDFCreator\PDFCreatorShell.DLL -> No File
  
  Hosts:
  EmptyTemp:
  End

• Uloz na plochu s nazvom fixlist.txt
• Spusti znovu FRST a klikni na Fix
• Po dokonceni si FRST vyziada restart PC, potvrd kliknutim na OK
• Po restartovani PC bude na ploche subor Fixlog.txt, jeho obsah sem skopiruj

Fix result of Farbar Recovery Scan Tool (x64) Version: 10-06-2019
Ran by ruda6 (10-06-2019 18:41:45) Run:3
Running from C:\Users\ruda6\Desktop
Loaded Profiles: ruda6 (Available Profiles: ruda6 & DevToolsUser)
Boot Mode: Normal
==============================================

fixlist content:
*****************
Start
CloseProcesses:
CreateRestorePoint:

PowerShell: Get-ChildItem -Path "$ENV:USERPROFILE\Desktop" -Recurse -Force | Measure-Object -Property Length -Sum
File: C:\Users\ruda6\Downloads\EFClock.exe
CMD: type "C:\Program Files\Intel\SUR\QUEENCREEK\x64\task.vbs"
CMD: type "C:\Program Files\mozilla firefox\defaults\pref\kl_prefs_62fbb8f7_c917_4cf7_957a_aad2b8fa768c.js"
CMD: type "C:\Program Files\mozilla firefox\kl_config_62fbb8f7_c917_4cf7_957a_aad2b8fa768c.cfg"
CMD: type "C:\Users\ruda6\AppData\Local\temp.bat"

HKU\S-1-5-21-267884743-2030251231-2907502807-1001\...\MountPoints2: {c7d85400-dbe7-11e7-8776-94e97978fbde} - "F:\WD Drive Unlock.exe" autoplay=true
HKU\S-1-5-21-267884743-2030251231-2907502807-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.bing.com/
CHR HomePage: Default -> hxxps://www.google.cz/?gfe_rd=cr&ei=X0EGWaPSAYi ... =ssl&pli=1
CHR StartupUrls: Default -> "hxxps://www.google.cz/?pli=1","hxxps://www.sezn ... entrum.cz/"
2019-06-09 17:21 - 2019-06-09 17:21 - 000000000 ____D C:\Users\ruda6\Desktop\FRST-OlderVersion
ContextMenuHandlers1: [PDFCreator.ShellContextMenu] -> {d9cea52e-100d-4159-89ea-76e845bc13e1} => C:\Program Files\PDFCreator\PDFCreatorShell.DLL -> No File

Hosts:
EmptyTemp:
End
*****************

Processes closed successfully.
Restore point was successfully created.

========= Get-ChildItem -Path "$ENV:USERPROFILE\Desktop" -Recurse -Force | Measure-Object -Property Length -Sum =========



Count : 476
Average :
Sum : 92356299
Maximum :
Minimum :
Property : Length




========= End of Powershell: =========


========================= File: C:\Users\ruda6\Downloads\EFClock.exe ========================

C:\Users\ruda6\Downloads\EFClock.exe
File not signed
MD5: F79F220F279FCD81CD521AEB240F6E05
Creation and modification date: 2019-02-03 00:23 - 2019-02-03 00:23
Size: 000458752
Attributes: ----A
Company Name: Eusing Software
Internal Name: EFClock
Original Name: EFClock.exe
Product: Eusing Clock
Description: A beautiful clock
File Version: 2.08
Product Version: 2.08
Copyright: Copyright (C) 2004 - 2018 Eusing Software
VirusTotal: https://www.virustotal.com/file/d7394bd ... 559681642/

====== End of File: ======


========= type "C:\Program Files\Intel\SUR\QUEENCREEK\x64\task.vbs" =========

Set objShell = CreateObject("WScript.Shell")
objShell.Run("C:\WINDOWS\system32\cmd.exe /c ""C:\Program Files\Intel\SUR\QUEENCREEK\x64\task.bat"""), 0
Set objShell = Nothing

========= End of CMD: =========


========= type "C:\Program Files\mozilla firefox\defaults\pref\kl_prefs_62fbb8f7_c917_4cf7_957a_aad2b8fa768c.js" =========

// kl_prefs_62fbb8f7_c917_4cf7_957a_aad2b8fa768c.js
pref("general.config.obscure_value", 0);
pref("general.config.filename", "kl_config_62fbb8f7_c917_4cf7_957a_aad2b8fa768c.cfg");

========= End of CMD: =========


========= type "C:\Program Files\mozilla firefox\kl_config_62fbb8f7_c917_4cf7_957a_aad2b8fa768c.cfg" =========

// kl_config_62fbb8f7_c917_4cf7_957a_aad2b8fa768c.cfg
lockPref("security.enterprise_roots.enabled", true);

========= End of CMD: =========


========= type "C:\Users\ruda6\AppData\Local\temp.bat" =========

setlocal ENABLEDELAYEDEXPANSION
Set Process=purevpn_setup
:ppp
tasklist | Find /i "%Process%.exe" || (goto Else)
:THEN
goto ppp
:ELSE
%systemdrive%
cd %programfiles%
cd purevpn
if exist purevpn.exe start purevpn.exe
cd C:\Users\ruda6\AppData\Local
del temp.bat
Exit

========= End of CMD: =========

HKU\S-1-5-21-267884743-2030251231-2907502807-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c7d85400-dbe7-11e7-8776-94e97978fbde} => removed successfully
HKLM\Software\Classes\CLSID\{c7d85400-dbe7-11e7-8776-94e97978fbde} => not found
HKU\S-1-5-21-267884743-2030251231-2907502807-1001\Software\Microsoft\Internet Explorer\Main\\Start Page => value restored successfully
"Chrome HomePage" => removed successfully
"Chrome StartupUrls" => removed successfully
C:\Users\ruda6\Desktop\FRST-OlderVersion => moved successfully
HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers\PDFCreator.ShellContextMenu => removed successfully
HKLM\Software\Classes\CLSID\{d9cea52e-100d-4159-89ea-76e845bc13e1} => removed successfully
Could not move "C:\Windows\System32\Drivers\etc\hosts" => Scheduled to move on reboot.

=========== EmptyTemp: ==========

BITS transfer queue => 10510336 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 29605538 B
Java, Flash, Steam htmlcache => 0 B
Windows/system/drivers => 539037 B
Edge => 82332156 B
Chrome => 485973 B
Firefox => 22838187 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 0 B
LocalService => 4940 B
LocalService => 0 B
NetworkService => 0 B
NetworkService => 0 B
ruda6 => 43184902 B
rudyk => 0 B
DevToolsUser => 0 B

RecycleBin => 33304757 B
EmptyTemp: => 212.5 MB temporary data Removed.

================================

Result of scheduled files to move (Boot Mode: Normal) (Date&Time: 10-06-2019 18:43:47)

C:\Windows\System32\Drivers\etc\hosts => Is moved successfully

Vyzera to OK. Su este nejake problemy?