VIRY.CZ

Ahoj,
Už bylo řešeno zde https://forum.viry.cz/viewtopic.php?p=1553404#p1553404
A dnes se mi problém zopakoval. Tehdy jsem měl ESET, nyní mám BitDefender.
Začínám si myslet, že to je hardware nebo některý ovladač.

V příloze FRST a Addition logy.
Může se na to moc prosím někdo podívat?

Děkuji
J.

Zdravím!
Spusťte tuto utilitu:¨

Ulozte na plochu AdwCleaner https://malwarebytes.com/adwcleaner/ nebo http://www.bleepingcomputer.com/download/adwcleaner/

ukoncete vsechny programy
odsouhlaste licencni podmiky (EULA) klikem na Souhlasim
kliknete pravym na ikonu AdwCleaneru a vyberte Spustit jako spravce (v pripade Win XP spustte obycejne dvojklikem)
kliknete na Skenovat nyni (Scan now), pote na Cisteni a opravy (Clean and Repair)
po restartu na Vas vyskoci log (pripadne jej najdete v C:\AdwCleaner\Logs\AdwCleaner[Cxx].txt), jehoz obsah zkopirujte do pristi odpovedi

Je to vážně toto? Ptám se, protože pokud hledám přesně takového názvy tlačítek, o kterých píšete, tak je nevidím.
Skynovat nyní nevidím a čištění a opravy také ne. Když spustím "spustit skenovaní" tak na konci se mi nabízí možnost nálezy umístit do karantény, ale čistit a opravit tam není.

Ano, je to ono. Po skenování (pokud tam nejsou ty uvedené položky), dejte Zobrazit logovací soubor, který se postněte.

# -------------------------------
# Malwarebytes AdwCleaner 8.4.1.0
# -------------------------------
# Build: 01-29-2024
# Database: 2023-07-19.3 (Cloud)
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Scan
# -------------------------------
# Start: 02-03-2024
# Duration: 00:00:06
# OS: Windows 11 (Build 22631.3085)
# Scanned: 32095
# Detected: 10


***** [ Services ] *****

No malicious services found.

***** [ Folders ] *****

No malicious folders found.

***** [ Files ] *****

No malicious files found.

***** [ DLL ] *****

No malicious DLLs found.

***** [ WMI ] *****

No malicious WMI found.

***** [ Shortcuts ] *****

No malicious shortcuts found.

***** [ Tasks ] *****

No malicious tasks found.

***** [ Registry ] *****

No malicious registry entries found.

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries found.

***** [ Chromium URLs ] *****

No malicious Chromium URLs found.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries found.

***** [ Firefox URLs ] *****

No malicious Firefox URLs found.

***** [ Hosts File Entries ] *****

No malicious hosts file entries found.

***** [ Preinstalled Software ] *****

Preinstalled.AcerCareCenter Folder C:\Program Files (x86)\ACER\CARE CENTER
Preinstalled.AcerCareCenter Registry HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{20700F66-5CB2-4FE4-8FD2-92677FF16CDB}
Preinstalled.AcerCareCenter Registry HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{20700F66-5CB2-4FE4-8FD2-92677FF16CDB}
Preinstalled.AcerCareCenter Registry HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6237CAEC-0F96-40F0-A017-FFBDB1D22396}
Preinstalled.AcerCareCenter Registry HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ACCAgent
Preinstalled.AcerCareCenter Registry HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ACCBackgroundApplication
Preinstalled.AcerCareCenter Registry HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{AFB52E98-7597-4484-9202-58F0FD3512ED}
Preinstalled.AcerCareCenter Task C:\Windows\System32\Tasks\ACCAGENT
Preinstalled.AcerCareCenter Task C:\Windows\System32\Tasks\ACCBACKGROUNDAPPLICATION
Preinstalled.AcerUpdater Folder C:\ProgramData\ACER\ACER UPDATER


AdwCleaner[S00].txt - [2626 octets] - [15/01/2024 21:37:45]
AdwCleaner[C00].txt - [1631 octets] - [15/01/2024 21:38:09]
AdwCleaner[S01].txt - [2707 octets] - [15/01/2024 21:38:56]
AdwCleaner[S02].txt - [2768 octets] - [15/01/2024 21:41:26]
AdwCleaner[S03].txt - [2829 octets] - [16/01/2024 17:32:56]
AdwCleaner[S04].txt - [2890 octets] - [03/02/2024 11:57:52]
AdwCleaner[S05].txt - [2951 octets] - [03/02/2024 11:58:54]
AdwCleaner[S06].txt - [3012 octets] - [03/02/2024 12:03:19]

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[S07].txt ##########

Preinstalled jsou OK, utility od Acer. Pokud ničemu nevadí, můžerte ponechat. Otevřte poznámkový blok a zkopírujte do něj:

Start

CloseProcesses:¨
HKLM\SOFTWARE\Microsoft\Windows Defender: [DisableAntiSpyware] Restriction <==== ATTENTION
HKLM\SOFTWARE\Microsoft\Windows Defender: [DisableAntiVirus] Restriction <==== ATTENTION
C:\ProgramData\48C4687D-9760-4F5B-BAB3-60351B0841E4
ContextMenuHandlers2: [ContextMenu] -> {ee10d625-cc60-30a4-b3df-4b349785be6b} => -> No File
HKU\S-1-5-21-175739054-1859323861-2923461289-1001\Software\Classes\regfile: <==== ATTENTION
HKU\S-1-5-21-175739054-1859323861-2923461289-1001\Software\Classes\.reg: => <==== ATTENTION
HKU\S-1-5-21-175739054-1859323861-2923461289-1001\Software\Classes\.bat: => <==== ATTENTION
HKU\S-1-5-21-175739054-1859323861-2923461289-1001\Software\Classes\.cmd: => <==== ATTENTION
FirewallRules: [TCP Query User{59F84713-541A-4880-8230-1AF23FEAC640}C:\users\nitro\appdata\roaming\utorrent web\utweb.exe] => (Allow) C:\users\nitro\appdata\roaming\utorrent web\utweb.exe => No File
FirewallRules: [UDP Query User{BC94A217-9E01-41B6-B434-BA4637851687}C:\users\nitro\appdata\roaming\utorrent web\utweb.exe] => (Allow) C:\users\nitro\appdata\roaming\utorrent web\utweb.exe => No File

EmptyTemp:
End

Uložte do C:\Users\nitro\OneDrive\Desktop jako fixlist.txt. Spusťte znovu FRST a klikněte na >Fix<. Po skončení akce se objeví log, který sem zkopírujte.

Děkuji.

Fix result of Farbar Recovery Scan Tool (x64) Version: 03.02.2024 01
Ran by nitro (03-02-2024 17:05:47) Run:2
Running from C:\Users\nitro\OneDrive\Desktop
Loaded Profiles: nitro & Natálie & D3StinyCZ
Boot Mode: Normal
==============================================

fixlist content:
*****************
CloseProcesses:¨
HKLM\SOFTWARE\Microsoft\Windows Defender: [DisableAntiSpyware] Restriction <==== ATTENTION
HKLM\SOFTWARE\Microsoft\Windows Defender: [DisableAntiVirus] Restriction <==== ATTENTION
C:\ProgramData\48C4687D-9760-4F5B-BAB3-60351B0841E4
ContextMenuHandlers2: [ContextMenu] -> {ee10d625-cc60-30a4-b3df-4b349785be6b} => -> No File
HKU\S-1-5-21-175739054-1859323861-2923461289-1001\Software\Classes\regfile: <==== ATTENTION
HKU\S-1-5-21-175739054-1859323861-2923461289-1001\Software\Classes\.reg: => <==== ATTENTION
HKU\S-1-5-21-175739054-1859323861-2923461289-1001\Software\Classes\.bat: => <==== ATTENTION
HKU\S-1-5-21-175739054-1859323861-2923461289-1001\Software\Classes\.cmd: => <==== ATTENTION
FirewallRules: [TCP Query User{59F84713-541A-4880-8230-1AF23FEAC640}C:\users\nitro\appdata\roaming\utorrent web\utweb.exe] => (Allow) C:\users\nitro\appdata\roaming\utorrent web\utweb.exe => No File
FirewallRules: [UDP Query User{BC94A217-9E01-41B6-B434-BA4637851687}C:\users\nitro\appdata\roaming\utorrent web\utweb.exe] => (Allow) C:\users\nitro\appdata\roaming\utorrent web\utweb.exe => No File

EmptyTemp:
End
*****************

Processes closed successfully.
HKLM\SOFTWARE\Microsoft\Windows Defender\\"DisableAntiSpyware"="0" => value restored successfully
HKLM\SOFTWARE\Microsoft\Windows Defender\\"DisableAntiVirus"="0" => value restored successfully

"C:\ProgramData\48C4687D-9760-4F5B-BAB3-60351B0841E4" folder move:

C:\ProgramData\48C4687D-9760-4F5B-BAB3-60351B0841E4 => moved successfully
HKLM\Software\Classes\Drive\ShellEx\ContextMenuHandlers\ContextMenu => removed successfully
HKU\S-1-5-21-175739054-1859323861-2923461289-1001\Software\Classes\regfile => removed successfully
HKU\S-1-5-21-175739054-1859323861-2923461289-1001\Software\Classes\.reg => removed successfully
HKU\S-1-5-21-175739054-1859323861-2923461289-1001\Software\Classes\.bat => removed successfully
HKU\S-1-5-21-175739054-1859323861-2923461289-1001\Software\Classes\.cmd => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{59F84713-541A-4880-8230-1AF23FEAC640}C:\users\nitro\appdata\roaming\utorrent web\utweb.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{BC94A217-9E01-41B6-B434-BA4637851687}C:\users\nitro\appdata\roaming\utorrent web\utweb.exe" => removed successfully

=========== EmptyTemp: ==========

FlushDNS => completed
BITS transfer queue => 0 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 16911047 B
Java, Discord, Steam htmlcache, WinHttpAutoProxySvc/winhttp *.cache => 35375017 B
Windows/system/drivers => 89395807 B
Edge => 0 B
Chrome => 952260733 B
Firefox => 0 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 305671 B
systemprofile32 => 305671 B
LocalService => 356531 B
NetworkService => 357697 B
nitro => 132148099 B
Natálie => 132148099 B
D3StinyCZ => 132148099 B

RecycleBin => 236426 B
EmptyTemp: => 1.4 GB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 17:06:06 ====

Smazáno. Změnilo se něco k lepšímu?

Uvidím. Ono se to děje sporadicky. Od posledního čištění se to stalo až dnes zase.
Já se zase ozvu

OK, nechám to tady otevřené.