Windows Host Script- Vírus

Zpráva

jjuriss · #1 Příspěvek od **jjuriss** » 24 led 2018 20:21

Zdravím,
mohli by ste mi prosím poradiť ako sa zbaviť vírusu.
Na obrazovku mi stále vybieha okno Windows Script Host a píše: Súbor skriptu "C:\Users\ASUS" sa nedá nájsť.
Ďakujem za odpoveď.

#2 Příspěvek od **altrok** » 24 led 2018 20:26

Krasny den Vam preju

V ramci cisteni Vam budou vyprazdneny docasne adresare (vysypani Kose a tempu, vyprazdneni cache prohlizecu apod.).

Dejte logy FRST.txt a Addition.txt - http://forum.viry.cz/viewtopic.php?f=30&t=133101
Pokud budete mit problemy se stazenim FRSTLauncheru, staci kdyz pouzijete samotny FRST.exe/FRST64.exe.

jjuriss · #3 Příspěvek od **jjuriss** » 24 led 2018 20:48

Nech sa páči

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 21.01.2018
Ran by ASUS notebook (administrator) on ASUS (24-01-2018 20:41:57)
Running from C:\Users\ASUS notebook\Desktop
Loaded Profiles: ASUS notebook (Available Profiles: ASUS notebook)
Platform: Windows 8.1 Pro (X64) Language: Angličtina (USA)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe
(Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(@ByELDI) C:\Program Files\KMSpico\Service_KMS.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Disc Soft Ltd) C:\Program Files\DAEMON Tools Lite\DTAgent.exe
(Disc Soft Ltd) C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [246120 2018-01-06] (AVAST Software)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [508128 2016-07-01] (Adobe Systems Incorporated)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13535304 2013-04-24] (Realtek Semiconductor)
HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2383040 2016-10-12] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS6ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1073312 2012-03-09] (Adobe Systems Incorporated)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-1796349016-2797826880-3011471461-1001\...\Run: [AdobeBridge] => [X]
HKU\S-1-5-21-1796349016-2797826880-3011471461-1001\...\Run: [DAEMON Tools Lite Automount] => C:\Program Files\DAEMON Tools Lite\DTAgent.exe [4836032 2017-08-14] (Disc Soft Ltd)
AppInit_DLLs: C:\Windows\system32\nvinitx.dll => C:\Windows\system32\nvinitx.dll [181280 2017-01-25] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\Windows\SysWOW64\nvinit.dll => C:\Windows\SysWOW64\nvinit.dll [158392 2017-01-25] (NVIDIA Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{7E7D48ED-D29E-4E80-A574-E48D40E34CAE}: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{87DE5799-7263-46E7-905E-5BC114007970}: [DhcpNameServer] 158.193.86.1 158.193.86.5

Internet Explorer:
==================
HKU\S-1-5-21-1796349016-2797826880-3011471461-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.google.sk/?gws_rd=ssl
HKU\S-1-5-21-1796349016-2797826880-3011471461-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/?ocid=iehp
SearchScopes: HKU\S-1-5-21-1796349016-2797826880-3011471461-1001 -> {56906745-02F2-4852-89FB-284120DDC6D4} URL = hxxp://tv.seznam.cz/hledej?w={searchTerms}&sourceid=QuickSearch_13554
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2018-01-21] (Microsoft Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2017-11-21] (AVAST Software)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2017-11-21] (AVAST Software)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2018-01-21] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2018-01-21] (Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2018-01-21] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2018-01-21] (Microsoft Corporation)

FireFox:
========
FF HKU\S-1-5-21-1796349016-2797826880-3011471461-1001\...\Firefox\Extensions: [acewebextension_unlisted@acestream.org] - C:\Users\ASUS notebook\AppData\Roaming\ACEStream\extensions\awe\firefox\acewebextension_unlisted.xpi
FF Extension: (__MSG_extName__) - C:\Users\ASUS notebook\AppData\Roaming\ACEStream\extensions\awe\firefox\acewebextension_unlisted.xpi [2017-11-09]
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2016-10-12] (Adobe Systems)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2017-12-20] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2016-12-29] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2016-12-29] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-15] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-15] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2017-11-04] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2016-10-12] (Adobe Systems)

Chrome:
=======
CHR HomePage: Default -> hxxp://www.google.sk/
CHR Profile: C:\Users\ASUS notebook\AppData\Local\Google\Chrome\User Data\Default [2018-01-24]
CHR Extension: (Prezentácie) - C:\Users\ASUS notebook\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-11-02]
CHR Extension: (Dokumenty) - C:\Users\ASUS notebook\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-11-02]
CHR Extension: (Disk Google) - C:\Users\ASUS notebook\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-11-02]
CHR Extension: (YouTube) - C:\Users\ASUS notebook\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-11-02]
CHR Extension: (Tabuľky) - C:\Users\ASUS notebook\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-11-02]
CHR Extension: (Dokumenty Google v režime offline) - C:\Users\ASUS notebook\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-11-03]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\ASUS notebook\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-11-02]
CHR Extension: (Gmail) - C:\Users\ASUS notebook\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-11-02]
CHR Extension: (Chrome Media Router) - C:\Users\ASUS notebook\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-12-14]
CHR HKU\S-1-5-21-1796349016-2797826880-3011471461-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [mjbepbhonbojpoaenhckjocchgfiaofo] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AdobeUpdateService; C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe [744640 2016-10-12] (Adobe Systems Incorporated)
R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2257016 2017-08-23] (Adobe Systems, Incorporated)
R3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe [7538536 2018-01-06] (AVAST Software)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [301168 2018-01-06] (AVAST Software)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [7967920 2018-01-16] (Microsoft Corporation)
R3 Disc Soft Lite Bus Service; C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe [2291904 2017-08-14] (Disc Soft Ltd)
R2 Service KMSELDI; C:\Program Files\KMSpico\Service_KMS.exe [740544 2015-11-01] (@ByELDI) [File not signed]
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [346872 2013-08-22] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23840 2013-08-22] (Microsoft Corporation)
S2 Nero BackItUp Scheduler 4.0; C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe [X]
R2 NVDisplay.ContainerLocalSystem; "C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe" -s NVDisplay.ContainerLocalSystem -f "C:\ProgramData\NVIDIA\NVDisplay.ContainerLocalSystem.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\Display.NvContainer\plugins\LocalSystem"

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 aswArPot; C:\Windows\System32\drivers\aswArPot.sys [185096 2018-01-06] (AVAST Software)
R1 aswbidsdriver; C:\Windows\System32\drivers\aswbidsdrivera.sys [321512 2018-01-06] (AVAST Software)
R0 aswbidsh; C:\Windows\System32\drivers\aswbidsha.sys [199448 2018-01-06] (AVAST Software)
R0 aswblog; C:\Windows\System32\drivers\aswbloga.sys [343768 2018-01-06] (AVAST Software)
R0 aswbuniv; C:\Windows\System32\drivers\aswbuniva.sys [57696 2018-01-06] (AVAST Software)
R1 aswHdsKe; C:\Windows\System32\drivers\aswHdsKe.sys [149344 2018-01-06] (AVAST Software)
S3 aswHwid; C:\Windows\System32\drivers\aswHwid.sys [46976 2018-01-06] (AVAST Software)
R2 aswMonFlt; C:\Windows\System32\drivers\aswMonFlt.sys [146648 2018-01-10] (AVAST Software)
R1 aswRdr; C:\Windows\System32\drivers\aswRdr2.sys [110336 2018-01-06] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\drivers\aswRvrt.sys [84384 2018-01-06] (AVAST Software)
R1 aswSnx; C:\Windows\System32\drivers\aswSnx.sys [1025176 2018-01-06] (AVAST Software)
R1 aswSP; C:\Windows\System32\drivers\aswSP.sys [457896 2018-01-10] (AVAST Software)
R2 aswStm; C:\Windows\System32\drivers\aswStm.sys [204456 2018-01-06] (AVAST Software)
R0 aswVmm; C:\Windows\System32\drivers\aswVmm.sys [358672 2018-01-06] (AVAST Software)
R3 dtlitescsibus; C:\Windows\System32\drivers\dtlitescsibus.sys [30264 2017-11-23] (Disc Soft Ltd)
R3 dtliteusbbus; C:\Windows\System32\drivers\dtliteusbbus.sys [47672 2017-11-23] (Disc Soft Ltd)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [34760 2013-08-22] (Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [265056 2013-08-22] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [124256 2013-08-22] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-01-24 20:41 - 2018-01-24 20:42 - 000013922 _____ C:\Users\ASUS notebook\Desktop\FRST.txt
2018-01-24 20:41 - 2018-01-24 20:41 - 000000000 ____D C:\FRST
2018-01-24 20:38 - 2018-01-24 20:38 - 002393088 _____ (Farbar) C:\Users\ASUS notebook\Desktop\FRST64.exe
2018-01-22 21:33 - 2018-01-22 21:33 - 000000000 ____D C:\Windows\SysWOW64\RTCOM
2018-01-22 21:33 - 2018-01-22 21:33 - 000000000 ____D C:\ProgramData\SonicFocus
2018-01-22 21:32 - 2018-01-22 21:34 - 000000000 ___HD C:\Program Files (x86)\Temp
2018-01-22 21:32 - 2018-01-22 21:32 - 000000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2018-01-22 21:32 - 2018-01-22 21:32 - 000000000 ____D C:\Program Files\Realtek
2018-01-22 21:32 - 2018-01-22 21:32 - 000000000 ____D C:\Program Files (x86)\Realtek
2018-01-22 21:32 - 2013-04-30 21:12 - 003388744 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\Drivers\RTKVHD64.sys
2018-01-22 21:32 - 2013-04-30 19:53 - 003693640 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkAPO64.dll
2018-01-22 21:32 - 2013-04-30 17:37 - 000551917 _____ C:\Windows\system32\Drivers\RTAIODAT.DAT
2018-01-22 21:32 - 2013-04-30 17:32 - 000140872 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RCoInstII64.dll
2018-01-22 21:32 - 2013-04-30 14:28 - 000916016 _____ (Sony Corporation) C:\Windows\system32\SFSS_APO.dll
2018-01-22 21:32 - 2013-04-30 13:02 - 004810008 _____ (ASUSTeKcomputer.Inc) C:\Windows\system32\RTKSMlfx.dll
2018-01-22 21:32 - 2013-04-30 13:01 - 000747864 _____ (A-Volute) C:\Windows\system32\RTKSMSettingsIPC.dll
2018-01-22 21:32 - 2013-04-29 18:27 - 023609344 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RCoRes64.dat
2018-01-22 21:32 - 2013-04-29 15:44 - 005228028 _____ C:\Windows\system32\Drivers\rtvienna.dat
2018-01-22 21:32 - 2013-04-24 17:16 - 001662024 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RTSnMg64.cpl
2018-01-22 21:32 - 2013-04-24 09:38 - 001002056 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkApi64.dll
2018-01-22 21:32 - 2013-04-23 00:40 - 002735648 _____ (Fortemedia Corporation) C:\Windows\system32\FMAPO64.dll
2018-01-22 21:32 - 2013-04-22 18:34 - 009123608 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioVnA64.dll
2018-01-22 21:32 - 2013-04-16 06:23 - 000834328 _____ (SRS Labs, Inc.) C:\Windows\system32\slcnt64.dll
2018-01-22 21:32 - 2013-04-16 06:23 - 000635160 _____ (SRS Labs, Inc.) C:\Windows\system32\sltech64.dll
2018-01-22 21:32 - 2013-04-16 06:23 - 000528152 _____ (SRS Labs, Inc.) C:\Windows\system32\sl3apo64.dll
2018-01-22 21:32 - 2013-04-16 06:23 - 000215320 _____ (TODO: <Company name>) C:\Windows\system32\slprp64.dll
2018-01-22 21:32 - 2013-04-15 11:19 - 003138304 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioVnN64.dll
2018-01-22 21:32 - 2013-04-15 11:19 - 002103040 _____ (Waves Audio Ltd.) C:\Windows\system32\WavesGUILib64.dll
2018-01-22 21:32 - 2013-04-15 11:19 - 001903872 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioRealtek264.dll
2018-01-22 21:32 - 2013-04-15 11:19 - 000915712 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioAPOShell64.dll
2018-01-22 21:32 - 2013-04-15 11:19 - 000722688 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioAPO5064.dll
2018-01-22 21:32 - 2013-04-10 17:22 - 002802760 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtPgEx64.dll
2018-01-22 21:32 - 2013-04-08 17:37 - 000148912 _____ (TOSHIBA Corporation) C:\Windows\system32\toseaeapo64.dll
2018-01-22 21:32 - 2013-04-08 17:36 - 000858032 _____ (TOSHIBA Corporation) C:\Windows\system32\tossaeapo64.dll
2018-01-22 21:32 - 2013-04-08 17:36 - 000569256 _____ (TOSHIBA Corporation) C:\Windows\system32\tosasfapo64.dll
2018-01-22 21:32 - 2013-04-03 22:02 - 000613448 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtDataProc64.dll
2018-01-22 21:32 - 2013-04-03 14:13 - 000906800 _____ (Sony Corporation) C:\Windows\system32\MISS_APO.dll
2018-01-22 21:32 - 2013-04-01 14:06 - 002079816 _____ (Realtek Semiconductor Corp.) C:\Windows\RtlExUpd.dll
2018-01-22 21:32 - 2013-03-23 03:43 - 000208072 _____ (Andrea Electronics Corporation) C:\Windows\system32\AERTAC64.dll
2018-01-22 21:32 - 2013-02-28 13:10 - 014021912 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioRealtek64.dll
2018-01-22 21:32 - 2013-02-28 13:10 - 002032408 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioEQ64.dll
2018-01-22 21:32 - 2013-02-20 18:55 - 001284680 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RTCOM64.dll
2018-01-22 21:32 - 2012-12-12 11:17 - 000395208 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioAPO30.dll
2018-01-22 21:32 - 2012-10-02 14:41 - 000501192 _____ (DTS) C:\Windows\system32\DTSU2PLFX64.dll
2018-01-22 21:32 - 2012-10-02 14:41 - 000487368 _____ (DTS) C:\Windows\system32\DTSU2PGFX64.dll
2018-01-22 21:32 - 2012-10-02 14:41 - 000415688 _____ (DTS) C:\Windows\system32\DTSU2PREC64.dll
2018-01-22 21:32 - 2012-09-10 20:06 - 000612728 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioAPO4064.dll
2018-01-22 21:32 - 2012-08-31 19:18 - 007164176 _____ (Dolby Laboratories) C:\Windows\system32\R4EEP64A.dll
2018-01-22 21:32 - 2012-08-31 19:17 - 000434960 _____ (Dolby Laboratories) C:\Windows\system32\R4EED64A.dll
2018-01-22 21:32 - 2012-08-31 19:17 - 000141584 _____ (Dolby Laboratories) C:\Windows\system32\R4EEL64A.dll
2018-01-22 21:32 - 2012-08-31 19:17 - 000124176 _____ (Dolby Laboratories) C:\Windows\system32\R4EEA64A.dll
2018-01-22 21:32 - 2012-08-31 19:17 - 000075024 _____ (Dolby Laboratories) C:\Windows\system32\R4EEG64A.dll
2018-01-22 21:32 - 2012-07-15 21:13 - 000394616 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxVolumeSDAPO.dll
2018-01-22 21:32 - 2012-06-20 17:26 - 000110592 _____ (Real Sound Lab SIA) C:\Windows\system32\CONEQMSAPOGUILibrary.dll
2018-01-22 21:32 - 2012-03-08 11:47 - 000108640 _____ (Andrea Electronics Corporation) C:\Windows\system32\AERTAR64.dll
2018-01-22 21:32 - 2012-01-30 11:43 - 000836544 _____ (TOSHIBA Corporation) C:\Windows\system32\tadefxapo264.dll
2018-01-22 21:32 - 2012-01-10 10:20 - 000065944 _____ (TOSHIBA CORPORATION.) C:\Windows\system32\tepeqapo64.dll
2018-01-22 21:32 - 2011-12-20 15:32 - 000331880 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtlCPAPI64.dll
2018-01-22 21:32 - 2011-11-22 16:28 - 000014952 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkCoLDR64.dll
2018-01-22 21:32 - 2011-09-02 14:21 - 000221024 _____ (Synopsys, Inc.) C:\Windows\system32\SFNHK64.dll
2018-01-22 21:32 - 2011-09-02 14:21 - 000081248 _____ (Synopsys, Inc.) C:\Windows\system32\SFCOM64.dll
2018-01-22 21:32 - 2011-09-02 14:21 - 000078688 _____ (Synopsys, Inc.) C:\Windows\system32\SFAPO64.dll
2018-01-22 21:32 - 2011-08-23 17:00 - 000603984 _____ (Knowles Acoustics ) C:\Windows\system32\KAAPORT64.dll
2018-01-22 21:32 - 2011-05-31 09:42 - 001756264 _____ (DTS) C:\Windows\system32\DTSS2SpeakerDLL64.dll
2018-01-22 21:32 - 2011-05-31 09:42 - 001568360 _____ (DTS) C:\Windows\system32\DTSS2HeadphoneDLL64.dll
2018-01-22 21:32 - 2011-05-31 09:42 - 001486952 _____ (DTS) C:\Windows\system32\DTSBoostDLL64.dll
2018-01-22 21:32 - 2011-05-31 09:42 - 000728680 _____ (DTS) C:\Windows\system32\DTSBassEnhancementDLL64.dll
2018-01-22 21:32 - 2011-05-31 09:42 - 000712296 _____ (DTS) C:\Windows\system32\DTSSymmetryDLL64.dll
2018-01-22 21:32 - 2011-05-31 09:42 - 000693352 _____ (DTS) C:\Windows\system32\DTSVoiceClarityDLL64.dll
2018-01-22 21:32 - 2011-05-31 09:42 - 000491112 _____ (DTS) C:\Windows\system32\DTSNeoPCDLL64.dll
2018-01-22 21:32 - 2011-05-31 09:42 - 000432744 _____ (DTS) C:\Windows\system32\DTSLimiterDLL64.dll
2018-01-22 21:32 - 2011-05-31 09:42 - 000428648 _____ (DTS) C:\Windows\system32\DTSGainCompensatorDLL64.dll
2018-01-22 21:32 - 2011-05-31 09:42 - 000242792 _____ (DTS) C:\Windows\system32\DTSLFXAPO64.dll
2018-01-22 21:32 - 2011-05-31 09:42 - 000242792 _____ (DTS) C:\Windows\system32\DTSGFXAPO64.dll
2018-01-22 21:32 - 2011-05-31 09:42 - 000241768 _____ (DTS) C:\Windows\system32\DTSGFXAPONS64.dll
2018-01-22 21:32 - 2011-03-17 12:17 - 001361336 _____ (TOSHIBA Corporation) C:\Windows\system32\tosade.dll
2018-01-22 21:32 - 2011-03-07 17:11 - 000148416 _____ (TOSHIBA Corporation) C:\Windows\system32\tadefxapo.dll
2018-01-22 21:32 - 2010-11-08 07:31 - 000375128 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEEP64A.dll
2018-01-22 21:32 - 2010-11-08 07:31 - 000310104 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RP3DHT64.dll
2018-01-22 21:32 - 2010-11-08 07:31 - 000310104 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RP3DAA64.dll
2018-01-22 21:32 - 2010-11-08 07:31 - 000204120 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEED64A.dll
2018-01-22 21:32 - 2010-11-08 07:31 - 000101208 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEEL64A.dll
2018-01-22 21:32 - 2010-11-08 07:31 - 000078680 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEEG64A.dll
2018-01-22 21:32 - 2010-11-03 18:30 - 000149608 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkCfg64.dll
2018-01-22 21:32 - 2010-09-27 09:34 - 000318808 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioAPO20.dll
2018-01-22 21:32 - 2010-07-22 16:48 - 000074064 _____ (Virage Logic Corporation / Sonic Focus) C:\Windows\SysWOW64\SFCOM.dll
2018-01-22 21:32 - 2009-11-24 09:55 - 000518896 _____ (SRS Labs, Inc.) C:\Windows\system32\SRSTSX64.dll
2018-01-22 21:32 - 2009-11-24 09:55 - 000211184 _____ (SRS Labs, Inc.) C:\Windows\system32\SRSTSH64.dll
2018-01-22 21:32 - 2009-11-24 09:55 - 000198896 _____ (SRS Labs, Inc.) C:\Windows\system32\SRSHP64.dll
2018-01-22 21:32 - 2009-11-24 09:55 - 000155888 _____ (SRS Labs, Inc.) C:\Windows\system32\SRSWOW64.dll
2018-01-20 16:01 - 2018-01-20 16:01 - 000003638 _____ C:\Windows\System32\Tasks\MicrosoftSearchIndexer
2018-01-20 16:01 - 2017-03-27 09:24 - 000043802 ___SH C:\Users\ASUS notebook\AppData\Roaming\MicrosoftSearchIndexer
2018-01-17 20:59 - 2018-01-17 20:59 - 000000000 ____D C:\Users\ASUS notebook\Desktop\Nový priečinok
2018-01-16 18:22 - 2018-01-16 18:22 - 000000000 ____D C:\Windows\Minidump
2018-01-11 14:54 - 2018-01-11 14:54 - 000000000 ____D C:\ProgramData\SWCUTemp
2018-01-06 10:52 - 2018-01-06 10:52 - 000365680 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2018-01-06 10:52 - 2018-01-06 10:52 - 000149344 _____ (AVAST Software) C:\Windows\system32\Drivers\aswHdsKe.sys
2018-01-03 18:51 - 2018-01-03 18:51 - 000000000 ____D C:\ProgramData\Oracle
2018-01-02 16:59 - 2018-01-02 16:59 - 000000720 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Brackets.lnk
2018-01-02 16:58 - 2018-01-02 16:59 - 000000000 ____D C:\Program Files (x86)\Brackets
2017-12-29 23:04 - 2018-01-17 15:29 - 000000000 ____D C:\ProgramData\EPSON
2017-12-29 23:04 - 2017-12-29 23:04 - 000000000 ____D C:\Program Files\Common Files\EPSON
2017-12-29 23:03 - 2015-03-25 02:58 - 000180224 _____ (SEIKO EPSON CORPORATION) C:\Windows\system32\E_YLMBPEE.DLL
2017-12-29 23:03 - 2015-03-25 02:58 - 000083968 _____ (SEIKO EPSON CORPORATION) C:\Windows\system32\E_YD4BPEE.DLL

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-01-24 20:41 - 2017-11-02 19:28 - 000003986 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{75C9580F-7AF2-4CDE-BF8C-C19CB627080A}
2018-01-24 12:48 - 2017-11-02 19:33 - 000000000 ____D C:\ProgramData\NVIDIA
2018-01-24 12:48 - 2013-08-22 15:45 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2018-01-23 21:26 - 2017-11-02 18:59 - 000863592 _____ C:\Windows\system32\PerfStringBackup.INI
2018-01-23 21:26 - 2013-08-22 14:36 - 000000000 ____D C:\Windows\Inf
2018-01-22 22:53 - 2017-11-03 09:14 - 000004172 _____ C:\Windows\System32\Tasks\Avast Emergency Update
2018-01-21 22:27 - 2017-11-02 19:00 - 000000000 ____D C:\Users\ASUS notebook\AppData\Local\Packages
2018-01-21 05:16 - 2013-08-22 16:36 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2018-01-21 05:14 - 2017-11-02 19:56 - 000000000 ____D C:\Program Files (x86)\Microsoft Office
2018-01-18 09:39 - 2017-12-02 10:21 - 000000000 ____D C:\Windows\System32\Tasks\AVAST Software
2018-01-18 09:39 - 2017-11-23 13:20 - 000004110 _____ C:\Windows\System32\Tasks\Opera scheduled Autoupdate 1511439631
2018-01-18 09:39 - 2017-11-03 14:47 - 000004476 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2018-01-18 09:39 - 2017-11-03 07:55 - 000003180 _____ C:\Windows\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-1796349016-2797826880-3011471461-1001
2018-01-18 09:39 - 2017-11-02 19:46 - 000003368 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2018-01-18 09:39 - 2017-11-02 19:46 - 000003240 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2018-01-18 09:39 - 2017-11-02 18:59 - 000003300 _____ C:\Windows\System32\Tasks\KMS Server Daily Activate
2018-01-18 09:39 - 2017-11-02 18:59 - 000003114 _____ C:\Windows\System32\Tasks\KMS Server OnLogon Activate
2018-01-17 15:30 - 2017-11-06 17:00 - 000000000 ____D C:\Program Files\VCG
2018-01-17 15:22 - 2017-12-08 06:06 - 000000000 ____D C:\Users\ASUS notebook\Desktop\unlited
2018-01-17 12:12 - 2017-11-02 19:05 - 000003600 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1796349016-2797826880-3011471461-1001
2018-01-17 11:49 - 2013-08-22 16:36 - 000000000 ___HD C:\Program Files\WindowsApps
2018-01-17 11:49 - 2013-08-22 16:36 - 000000000 ____D C:\Windows\AppReadiness
2018-01-16 18:22 - 2017-11-02 18:51 - 000303228 ____N C:\Windows\Minidump\011618-39437-01.dmp
2018-01-16 18:22 - 2013-08-22 15:44 - 005057472 _____ C:\Windows\system32\FNTCACHE.DAT
2018-01-13 23:20 - 2017-11-04 14:50 - 000001740 _____ C:\Users\ASUS notebook\Desktop\Need.txt
2018-01-11 19:02 - 2017-11-03 07:38 - 000000000 ____D C:\ProgramData\Adobe
2018-01-11 19:01 - 2017-11-03 10:48 - 000000000 ____D C:\Users\ASUS notebook\AppData\Local\Adobe
2018-01-11 19:01 - 2017-11-02 19:00 - 000000000 ____D C:\Users\ASUS notebook\AppData\Roaming\Adobe
2018-01-11 16:21 - 2017-11-02 19:00 - 000000000 ____D C:\Users\ASUS notebook
2018-01-11 15:14 - 2013-08-22 14:25 - 000262144 ___SH C:\Windows\system32\config\BBI
2018-01-10 22:52 - 2017-11-03 09:14 - 000457896 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2018-01-10 22:52 - 2017-11-03 09:14 - 000146648 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2018-01-09 10:26 - 2017-11-02 19:48 - 000002227 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2018-01-09 10:26 - 2017-11-02 19:48 - 000002215 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2018-01-06 10:52 - 2017-11-21 02:31 - 000185096 _____ (AVAST Software) C:\Windows\system32\Drivers\aswArPot.sys
2018-01-06 10:52 - 2017-11-03 09:14 - 001025176 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2018-01-06 10:52 - 2017-11-03 09:14 - 000358672 _____ (AVAST Software) C:\Windows\system32\Drivers\aswVmm.sys
2018-01-06 10:52 - 2017-11-03 09:14 - 000204456 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2018-01-06 10:52 - 2017-11-03 09:14 - 000110336 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2018-01-06 10:52 - 2017-11-03 09:14 - 000084384 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRvrt.sys
2018-01-06 10:52 - 2017-11-03 09:14 - 000046976 _____ (AVAST Software) C:\Windows\system32\Drivers\aswHwid.sys
2018-01-06 10:51 - 2017-11-03 09:14 - 000343768 _____ (AVAST Software) C:\Windows\system32\Drivers\aswbloga.sys
2018-01-06 10:51 - 2017-11-03 09:14 - 000321512 _____ (AVAST Software) C:\Windows\system32\Drivers\aswbidsdrivera.sys
2018-01-06 10:51 - 2017-11-03 09:14 - 000199448 _____ (AVAST Software) C:\Windows\system32\Drivers\aswbidsha.sys
2018-01-06 10:51 - 2017-11-03 09:14 - 000057696 _____ (AVAST Software) C:\Windows\system32\Drivers\aswbuniva.sys
2018-01-02 17:08 - 2017-11-03 11:43 - 000000000 ____D C:\Users\ASUS notebook\AppData\Roaming\Brackets
2018-01-02 16:52 - 2017-11-30 13:57 - 000000000 ____D C:\Users\ASUS notebook\AppData\Roaming\Seznam.cz
2018-01-02 16:52 - 2017-11-30 13:57 - 000000000 ____D C:\Program Files (x86)\Seznam.cz
2018-01-02 16:52 - 2017-11-03 07:34 - 000000000 ____D C:\Users\ASUS notebook\AppData\Local\CrashDumps
2017-12-26 19:56 - 2013-08-22 16:36 - 000000000 ____D C:\Windows\LiveKernelReports

==================== Files in the root of some directories =======

2018-01-20 16:01 - 2017-03-27 09:24 - 000043802 ___SH () C:\Users\ASUS notebook\AppData\Roaming\MicrosoftSearchIndexer
2017-11-03 11:05 - 2017-09-24 00:13 - 000152193 ___RS () C:\Users\ASUS notebook\AppData\Roaming\MSShell32

Some files in TEMP:
====================
2017-11-23 13:18 - 2017-11-23 13:18 - 027536744 _____ (Disc Soft Ltd) C:\Users\ASUS notebook\AppData\Local\Temp\DTLite1060-0283.exe
2017-11-30 16:16 - 2018-01-02 16:52 - 000534528 _____ () C:\Users\ASUS notebook\AppData\Local\Temp\{E638ABC1-0067-474b-A379-87CFE81E7848}.exe

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2018-01-24 13:29

==================== End of FRST.txt ============================

#4 Příspěvek od **altrok** » 24 led 2018 20:56

Znovu spustte FRST.exe/FRST64.exe
stisknete Ctrl + y (obe klavesy zaroven)
otevre se fixlist.txt, do nejz vlozte obsah bileho pole nize
stisknete Ctrl + s (ulozite zmeny), pote fixlist zavrete
kliknete na tlacitko Fix

po restartu bude vedle FRST vytvoren fixlog, jehoz obsah vlozte do pristi odpovedi

Kód: Vybrat vše

Start
CreateRestorePoint:
CloseProcesses:
File: C:\Users\ASUS notebook\AppData\Roaming\MicrosoftSearchIndexer
HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS6ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1073312 2012-03-09] (Adobe Systems Incorporated)
HKU\S-1-5-21-1796349016-2797826880-3011471461-1001\...\Run: [AdobeBridge] => [X]
HKU\S-1-5-21-1796349016-2797826880-3011471461-1001\...\Run: [DAEMON Tools Lite Automount] => C:\Program Files\DAEMON Tools Lite\DTAgent.exe [4836032 2017-08-14] (Disc Soft Ltd)
R2 Service KMSELDI; C:\Program Files\KMSpico\Service_KMS.exe [740544 2015-11-01] (@ByELDI) [File not signed]
CustomCLSID: HKU\S-1-5-21-1796349016-2797826880-3011471461-1001_Classes\CLSID\{162C6FB5-44D3-435B-903D-E613FA093FB5}\InprocServer32 -> C:\Users\ASUS notebook\AppData\Local\Microsoft\OneDrive\17.3.6743.1212\amd64\FileCoAuthLib64.dll => No File
C:\Program Files\KMSpico
Task: {1C2E4E62-194B-4FD1-B0F0-B5D08C74E49C} - \AutoPico Daily Restart -> No File <==== ATTENTION
C:\Windows\AutoKMS_VL_ALL
Task: {3DE4CB33-9A5A-4B03-9C98-FFADC0DAD3E8} - System32\Tasks\KMS Server Daily Activate => C:\Windows\AutoKMS_VL_ALL\AutoKMS_VL_ALL.exe [2013-11-19] (MDL)
Task: {45F1CC61-C233-44D5-A9BB-4A42898FB4E0} - System32\Tasks\KMS Server OnLogon Activate => C:\Windows\AutoKMS_VL_ALL\AutoKMS_VL_ALL.exe [2013-11-19] (MDL)
Task: {73766CD9-DAF2-4E32-A011-275D42FC3878} - System32\Tasks\MicrosoftSearchIndexer => wscript.exe //E:vbscript C:\Users\ASUS notebook\AppData\Roaming\MicrosoftSearchIndexer
AlternateDataStreams: C:\Users\ASUS notebook\Cookies:CNAlLEeNpyZ8iiKZVUH6c3 [2408]
AlternateDataStreams: C:\Users\ASUS notebook\AppData\Local\Temporary Internet Files:rfhOf5PJC4x0uJE6IUzYKlN [2420]
2018-01-20 16:01 - 2017-03-27 09:24 - 000043802 ___SH C:\Users\ASUS notebook\AppData\Roaming\MicrosoftSearchIndexer
Hosts:
EmptyTemp:
End

jjuriss · #5 Příspěvek od **jjuriss** » 24 led 2018 21:06

Fix result of Farbar Recovery Scan Tool (x64) Version: 21.01.2018
Ran by ASUS notebook (24-01-2018 20:59:44) Run:1
Running from C:\Users\ASUS notebook\Desktop
Loaded Profiles: ASUS notebook (Available Profiles: ASUS notebook)
Boot Mode: Normal
==============================================

fixlist content:
*****************
Start
CreateRestorePoint:
CloseProcesses:
File: C:\Users\ASUS notebook\AppData\Roaming\MicrosoftSearchIndexer
HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS6ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1073312 2012-03-09] (Adobe Systems Incorporated)
HKU\S-1-5-21-1796349016-2797826880-3011471461-1001\...\Run: [AdobeBridge] => [X]
HKU\S-1-5-21-1796349016-2797826880-3011471461-1001\...\Run: [DAEMON Tools Lite Automount] => C:\Program Files\DAEMON Tools Lite\DTAgent.exe [4836032 2017-08-14] (Disc Soft Ltd)
R2 Service KMSELDI; C:\Program Files\KMSpico\Service_KMS.exe [740544 2015-11-01] (@ByELDI) [File not signed]
CustomCLSID: HKU\S-1-5-21-1796349016-2797826880-3011471461-1001_Classes\CLSID\{162C6FB5-44D3-435B-903D-E613FA093FB5}\InprocServer32 -> C:\Users\ASUS notebook\AppData\Local\Microsoft\OneDrive\17.3.6743.1212\amd64\FileCoAuthLib64.dll => No File
C:\Program Files\KMSpico
Task: {1C2E4E62-194B-4FD1-B0F0-B5D08C74E49C} - \AutoPico Daily Restart -> No File <==== ATTENTION
C:\Windows\AutoKMS_VL_ALL
Task: {3DE4CB33-9A5A-4B03-9C98-FFADC0DAD3E8} - System32\Tasks\KMS Server Daily Activate => C:\Windows\AutoKMS_VL_ALL\AutoKMS_VL_ALL.exe [2013-11-19] (MDL)
Task: {45F1CC61-C233-44D5-A9BB-4A42898FB4E0} - System32\Tasks\KMS Server OnLogon Activate => C:\Windows\AutoKMS_VL_ALL\AutoKMS_VL_ALL.exe [2013-11-19] (MDL)
Task: {73766CD9-DAF2-4E32-A011-275D42FC3878} - System32\Tasks\MicrosoftSearchIndexer => wscript.exe //E:vbscript C:\Users\ASUS notebook\AppData\Roaming\MicrosoftSearchIndexer
AlternateDataStreams: C:\Users\ASUS notebook\Cookies:CNAlLEeNpyZ8iiKZVUH6c3 [2408]
AlternateDataStreams: C:\Users\ASUS notebook\AppData\Local\Temporary Internet Files:rfhOf5PJC4x0uJE6IUzYKlN [2420]
2018-01-20 16:01 - 2017-03-27 09:24 - 000043802 ___SH C:\Users\ASUS notebook\AppData\Roaming\MicrosoftSearchIndexer
Hosts:
EmptyTemp:
End
*****************

Restore point was successfully created.
Processes closed successfully.

========================= File: C:\Users\ASUS notebook\AppData\Roaming\MicrosoftSearchIndexer ========================

C:\Users\ASUS notebook\AppData\Roaming\MicrosoftSearchIndexer
File not signed
MD5: 46C2A5BE85DDD7A3A7940CA871AE84CD
Creation and modification date: 2018-01-20 16:01 - 2017-03-27 09:24
Size: 000043802
Attributes: --ASH
Company Name:
Internal Name:
Original Name:
Product:
Description:
File Version:
Product Version:
Copyright:
VirusTotal: https://www.virustotal.com/file/802b4e3 ... 514885696/

====== End of File: ======

"HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\SwitchBoard" => removed successfully
"HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\AdobeCS6ServiceManager" => removed successfully
"HKU\S-1-5-21-1796349016-2797826880-3011471461-1001\Software\Microsoft\Windows\CurrentVersion\Run\\AdobeBridge" => removed successfully
"HKU\S-1-5-21-1796349016-2797826880-3011471461-1001\Software\Microsoft\Windows\CurrentVersion\Run\\DAEMON Tools Lite Automount" => removed successfully
"HKLM\System\CurrentControlSet\Services\Service KMSELDI" => removed successfully
Service KMSELDI => service removed successfully
"HKU\S-1-5-21-1796349016-2797826880-3011471461-1001_Classes\CLSID\{162C6FB5-44D3-435B-903D-E613FA093FB5}" => removed successfully
C:\Program Files\KMSpico => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{1C2E4E62-194B-4FD1-B0F0-B5D08C74E49C} => could not remove key. ErrorCode1: 0x00000002
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1C2E4E62-194B-4FD1-B0F0-B5D08C74E49C}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\AutoPico Daily Restart" => removed successfully
C:\Windows\AutoKMS_VL_ALL => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{3DE4CB33-9A5A-4B03-9C98-FFADC0DAD3E8}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3DE4CB33-9A5A-4B03-9C98-FFADC0DAD3E8}" => removed successfully
C:\Windows\System32\Tasks\KMS Server Daily Activate => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\KMS Server Daily Activate" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{45F1CC61-C233-44D5-A9BB-4A42898FB4E0}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{45F1CC61-C233-44D5-A9BB-4A42898FB4E0}" => removed successfully
C:\Windows\System32\Tasks\KMS Server OnLogon Activate => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\KMS Server OnLogon Activate" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{73766CD9-DAF2-4E32-A011-275D42FC3878}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{73766CD9-DAF2-4E32-A011-275D42FC3878}" => removed successfully
C:\Windows\System32\Tasks\MicrosoftSearchIndexer => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\MicrosoftSearchIndexer" => removed successfully
C:\Users\ASUS notebook\Cookies => ":CNAlLEeNpyZ8iiKZVUH6c3" ADS removed successfully
C:\Users\ASUS notebook\AppData\Local\Temporary Internet Files => ":rfhOf5PJC4x0uJE6IUzYKlN" ADS removed successfully
C:\Users\ASUS notebook\AppData\Roaming\MicrosoftSearchIndexer => moved successfully
C:\Windows\System32\Drivers\etc\hosts => moved successfully
Hosts restored successfully.

=========== EmptyTemp: ==========

BITS transfer queue => 8388608 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 28648636 B
Java, Flash, Steam htmlcache => 17828 B
Windows/system/drivers => 44134938 B
Edge => 0 B
Chrome => 323554678 B
Firefox => 0 B
Opera => 20629026 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 94328 B
systemprofile32 => 0 B
LocalService => 250921 B
NetworkService => 13620 B
ASUS notebook => 6855890025 B

RecycleBin => 546 B
EmptyTemp: => 6.8 GB temporary data Removed.

================================

The system needed a reboot.

==== End of Fixlog 21:01:54 ====

#6 Příspěvek od **altrok** » 24 led 2018 21:07

Takze jeste uklidime.

Stahnete a spustte DelFix - https://toolslib.net/downloads/viewdownload/2-delfix/
Oznacte jen moznost "Remove disinfection tools"
kliknete na Run

A pokud nejsou dotazy ci jine problemy, je to ode mne vse.

jjuriss · #7 Příspěvek od **jjuriss** » 24 led 2018 21:12

Problém je vyriešený. Ďakujem.

#8 Příspěvek od **altrok** » 24 led 2018 21:20

Nemate zac, rad jsem pomohl

Mejte se krasne a treba zase nekdy

VIRY.CZ

Windows Host Script- Vírus

Windows Host Script- Vírus

Re: Windows Host Script- Vírus

Re: Windows Host Script- Vírus

Re: Windows Host Script- Vírus

Re: Windows Host Script- Vírus

Re: Windows Host Script- Vírus

Re: Windows Host Script- Vírus

Re: Windows Host Script- Vírus