Ahoj,
prosím o pomoc s mým notebookem. Nedávno "ze dne na den" začal být neskutečně pomalý, po startu nelze spustit ani průzkumník. "Funguje" pouze v nouzovém režimu. Snažil jsem přejít na poslední bod obnovy, neúspěšně.
1) Snažil jsem se udělat RSIT log dle návodu. Vyskočil AutoIt Error - Line-1: Error: Variable used without being declared.
2) FRST log přikládám níže
Díky moc!
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 12-09-2014
Ran by Ahne (administrator) on AHNE-PC on 13-09-2014 09:46:27
Running from C:\Users\Ahne\Desktop
Platform: Microsoft Windows 7 Professional Service Pack 1 (X86) OS Language: Čeština (Česká republika)
Internet Explorer Version 11
Boot Mode: Safe Mode (minimal)
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [avast] => C:\Program Files\AVAST Software\Avast\avastUI.exe [4858968 2013-05-09] (AVAST Software)
HKLM\...\Run: [HControlUser] => C:\Program Files\ASUS\ATK Hotkey\HControlUser.exe [105016 2009-06-19] (ASUS)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKU\S-1-5-21-1324107380-2242765828-2030796882-1001\...\RunOnce: [Report] => C:\AdwCleaner\AdwCleaner[S0].txt [1556 2014-08-28] ()
HKU\S-1-5-21-1324107380-2242765828-2030796882-1001\...\MountPoints2: {f193a114-b0ea-11e2-96f1-002243c94155} - F:\Autorun.exe
ShellIconOverlayIdentifiers: 00avast -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll (AVAST Software)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
Toolbar: HKLM - avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 213.46.172.36 213.46.172.37
FireFox:
========
FF ProfilePath: C:\Users\Ahne\AppData\Roaming\Mozilla\Firefox\Profiles\hxhcbcli.default
FF Homepage: hxxp://www.google.cz/
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_14_0_0_145.dll ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\heureka-cz.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\mapy-cz.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\seznam-cz.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\slunecnice-cz.xml
FF Extension: FireShot - C:\Users\Ahne\AppData\Roaming\Mozilla\Firefox\Profiles\hxhcbcli.default\Extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba} [2014-07-24]
FF Extension: Pushbullet - C:\Users\Ahne\AppData\Roaming\Mozilla\Firefox\Profiles\hxhcbcli.default\Extensions\jid1-BYcQOfYfmBMd9A@jetpack.xpi [2014-07-14]
FF Extension: Adblock Plus - C:\Users\Ahne\AppData\Roaming\Mozilla\Firefox\Profiles\hxhcbcli.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013-07-26]
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2013-07-18]
Chrome:
=======
CHR CustomProfile: C:\Users\Ahne\AppData\Local\Google\Chrome\User Data\Default
========================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
S4 ASLDRService; C:\Program Files\ASUS\ATK Hotkey\ASLDRSrv.exe [84536 2009-06-15] (ASUS)
S2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [46808 2013-05-09] (AVAST Software)
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
S2 aswFsBlk; C:\Windows\system32\Drivers\aswFsBlk.sys [29816 2013-05-09] (AVAST Software)
S2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [66336 2013-05-09] (AVAST Software)
S1 aswRdr; C:\Windows\System32\Drivers\aswrdr2.sys [61680 2013-05-09] (AVAST Software)
S0 aswRvrt; C:\Windows\system32\Drivers\aswRvrt.sys [49376 2013-05-09] ()
S1 aswSnx; C:\Windows\system32\Drivers\aswSnx.sys [770344 2013-07-18] (AVAST Software)
S1 aswSP; C:\Windows\system32\Drivers\aswSP.sys [369584 2013-07-18] (AVAST Software)
S1 aswTdi; C:\Windows\system32\Drivers\aswTdi.sys [56080 2013-05-09] (AVAST Software)
S0 aswVmm; C:\Windows\system32\Drivers\aswVmm.sys [175176 2013-07-18] ()
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [242240 2013-04-29] (DT Soft Ltd)
R3 MTsensor; C:\Windows\System32\DRIVERS\ATKACPI.sys [7680 2007-07-31] (ATK0100)
R0 SmartDefragDriver; C:\Windows\System32\Drivers\SmartDefragDriver.sys [18624 2014-06-04] (IObit)
S3 SWDUMon; C:\Windows\System32\DRIVERS\SWDUMon.sys [13024 2012-12-01] ()
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-09-13 09:46 - 2014-09-13 09:46 - 00006342 _____ () C:\Users\Ahne\Desktop\FRST.txt
2014-09-13 09:46 - 2014-09-13 09:46 - 00000000 ____D () C:\FRST
2014-09-13 09:45 - 2014-09-13 09:42 - 01097728 _____ (Farbar) C:\Users\Ahne\Desktop\FRST.exe
2014-09-13 09:32 - 2014-09-13 09:32 - 00000000 ____D () C:\rsit
2014-09-13 09:32 - 2014-09-13 09:32 - 00000000 ____D () C:\Program Files\trend micro
2014-09-13 09:31 - 2014-09-13 09:21 - 00781909 _____ () C:\Users\Ahne\Desktop\RSIT.exe
2014-09-13 09:31 - 2014-08-28 22:35 - 01364531 _____ () C:\Users\Ahne\Desktop\AdwCleaner.exe
2014-08-28 22:57 - 2014-09-13 09:24 - 00410032 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-08-28 22:57 - 2014-09-13 09:23 - 00000180 _____ () C:\Windows\setupact.log
2014-08-28 22:57 - 2014-08-28 22:57 - 00000000 _____ () C:\Windows\setuperr.log
2014-08-28 22:56 - 2014-08-28 22:56 - 00000314 _____ () C:\Windows\PFRO.log
2014-08-28 22:48 - 2014-08-28 22:55 - 00000000 ____D () C:\AdwCleaner
2014-08-28 22:48 - 2014-08-28 22:35 - 01364531 _____ () C:\Users\Ahne\Downloads\AdwCleaner.exe
2014-08-22 08:38 - 2014-08-22 08:38 - 00003216 ____N () C:\bootsqm.dat
2014-08-22 08:36 - 2014-08-22 08:36 - 00000000 __SHD () C:\found.000
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-09-13 09:46 - 2014-09-13 09:46 - 00006342 _____ () C:\Users\Ahne\Desktop\FRST.txt
2014-09-13 09:46 - 2014-09-13 09:46 - 00000000 ____D () C:\FRST
2014-09-13 09:42 - 2014-09-13 09:45 - 01097728 _____ (Farbar) C:\Users\Ahne\Desktop\FRST.exe
2014-09-13 09:32 - 2014-09-13 09:32 - 00000000 ____D () C:\rsit
2014-09-13 09:32 - 2014-09-13 09:32 - 00000000 ____D () C:\Program Files\trend micro
2014-09-13 09:24 - 2014-08-28 22:57 - 00410032 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-09-13 09:23 - 2014-08-28 22:57 - 00000180 _____ () C:\Windows\setupact.log
2014-09-13 09:21 - 2014-09-13 09:31 - 00781909 _____ () C:\Users\Ahne\Desktop\RSIT.exe
2014-09-13 09:15 - 2012-11-05 09:43 - 00000914 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-09-13 09:15 - 2009-07-14 06:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-08-28 22:57 - 2014-08-28 22:57 - 00000000 _____ () C:\Windows\setuperr.log
2014-08-28 22:56 - 2014-08-28 22:56 - 00000314 _____ () C:\Windows\PFRO.log
2014-08-28 22:55 - 2014-08-28 22:48 - 00000000 ____D () C:\AdwCleaner
2014-08-28 22:35 - 2014-09-13 09:31 - 01364531 _____ () C:\Users\Ahne\Desktop\AdwCleaner.exe
2014-08-28 22:35 - 2014-08-28 22:48 - 01364531 _____ () C:\Users\Ahne\Downloads\AdwCleaner.exe
2014-08-28 22:30 - 2013-11-06 10:33 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-08-28 22:30 - 2012-11-07 20:52 - 00000000 ____D () C:\Users\Ahne\AppData\Roaming\uTorrent
2014-08-28 21:42 - 2012-11-04 18:17 - 01612600 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-08-22 08:54 - 2009-07-14 06:34 - 00027776 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-08-22 08:53 - 2009-07-14 06:34 - 00027776 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-08-22 08:38 - 2014-08-22 08:38 - 00003216 ____N () C:\bootsqm.dat
2014-08-22 08:36 - 2014-08-22 08:36 - 00000000 __SHD () C:\found.000
2014-08-17 20:05 - 2012-11-07 20:56 - 00000000 ____D () C:\Users\Ahne\Downloads\Torrents
2014-08-14 15:03 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\rescache
2014-08-14 10:50 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\Microsoft.NET
2014-08-14 08:53 - 2014-05-09 22:47 - 00000000 ___SD () C:\Windows\system32\CompatTel
Some content of TEMP:
====================
C:\Users\Ahne\AppData\Local\Temp\Quarantine.exe
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2014-08-11 19:21
==================== End Of Log ============================
Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz
Zpomalený, nepoužitelný NTB, nejde RSIT
Moderátor: Moderátoři
Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
-
Rudy
- Site Admin
- Příspěvky: 119547
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: Zpomalený, nepoužitelný NTB, nejde RSIT
Zdravím!
Nejprve spusťte tuto utilitu:
Nejprve spusťte tuto utilitu:
Stáhněte AdwCleaner http://general-changelog-team.fr/fr/dow ... adwcleaner
Uložte na plochu
Ukončete všechny programy
Klikněte nejprve na >Scan< a pak na >Clean<.
Proběhne skenováni a pak se objeví log, který sem vložte.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Re: Zpomalený, nepoužitelný NTB, nejde RSIT
Díky. AdwCleaner jsem pouštěl již 28.8., přikládám tedy oba logy včetně toho dnešního. Netuším proč, ale po dvou nouzových režimech se dnes NTB zpamatoval a zatím jede v pohodě. Nějaký tip, proč tomu mohlo být? Dříve opravdu použitelný nebyl.
EDIT: Centrum akcí mi hláší, že Avast! Antivirus hláší vypnuto, nicméně Avast běží, pouze potřebuje aktualizovat, při čemž hlásí chybu - poslední použitý instalační soubor byl vadný.
Díky. A teď logy:
# AdwCleaner v3.308 - Report created 28/08/2014 at 22:55:41
# Updated 20/08/2014 by Xplode
# Operating System : Windows 7 Professional Service Pack 1 (32 bits)
# Username : Ahne - AHNE-PC
# Running from : C:\Users\Ahne\Downloads\AdwCleaner.exe
# Option : Clean
***** [ Services ] *****
***** [ Files / Folders ] *****
Folder Deleted : C:\Users\Ahne\AppData\Roaming\pdfforge
***** [ Scheduled Tasks ] *****
***** [ Shortcuts ] *****
***** [ Registry ] *****
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{74F475FA-6C75-43BD-AAB9-ECDA6184F600}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{25A3A431-30BB-47C8-AD6A-E1063801134F}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{25A3A431-30BB-47C8-AD6A-E1063801134F}
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKCU\Software\YahooPartnerToolbar
***** [ Browsers ] *****
-\\ Internet Explorer v11.0.9600.17239
-\\ Mozilla Firefox v31.0 (x86 cs)
[ File : C:\Users\Ahne\AppData\Roaming\Mozilla\Firefox\Profiles\hxhcbcli.default\prefs.js ]
-\\ Google Chrome v
[ File : C:\Users\Ahne\AppData\Local\Google\Chrome\User Data\Default\preferences ]
*************************
AdwCleaner[R0].txt - [1481 octets] - [28/08/2014 22:48:55]
AdwCleaner[S0].txt - [1416 octets] - [28/08/2014 22:55:41]
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [1476 octets] ##########
# AdwCleaner v3.308 - Report created 14/09/2014 at 09:09:01
# Updated 20/08/2014 by Xplode
# Operating System : Windows 7 Professional Service Pack 1 (32 bits)
# Username : Ahne - AHNE-PC
# Running from : C:\Users\Ahne\Desktop\AdwCleaner.exe
# Option : Clean
***** [ Services ] *****
***** [ Files / Folders ] *****
***** [ Scheduled Tasks ] *****
***** [ Shortcuts ] *****
***** [ Registry ] *****
***** [ Browsers ] *****
-\\ Internet Explorer v11.0.9600.17239
-\\ Mozilla Firefox v31.0 (x86 cs)
[ File : C:\Users\Ahne\AppData\Roaming\Mozilla\Firefox\Profiles\hxhcbcli.default\prefs.js ]
-\\ Google Chrome v
[ File : C:\Users\Ahne\AppData\Local\Google\Chrome\User Data\Default\preferences ]
*************************
AdwCleaner[R0].txt - [1481 octets] - [28/08/2014 22:48:55]
AdwCleaner[R1].txt - [1036 octets] - [14/09/2014 09:06:50]
AdwCleaner[S0].txt - [1556 octets] - [28/08/2014 22:55:41]
AdwCleaner[S1].txt - [959 octets] - [14/09/2014 09:09:01]
########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [1018 octets] ##########
EDIT: Centrum akcí mi hláší, že Avast! Antivirus hláší vypnuto, nicméně Avast běží, pouze potřebuje aktualizovat, při čemž hlásí chybu - poslední použitý instalační soubor byl vadný.
Díky. A teď logy:
# AdwCleaner v3.308 - Report created 28/08/2014 at 22:55:41
# Updated 20/08/2014 by Xplode
# Operating System : Windows 7 Professional Service Pack 1 (32 bits)
# Username : Ahne - AHNE-PC
# Running from : C:\Users\Ahne\Downloads\AdwCleaner.exe
# Option : Clean
***** [ Services ] *****
***** [ Files / Folders ] *****
Folder Deleted : C:\Users\Ahne\AppData\Roaming\pdfforge
***** [ Scheduled Tasks ] *****
***** [ Shortcuts ] *****
***** [ Registry ] *****
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{74F475FA-6C75-43BD-AAB9-ECDA6184F600}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{25A3A431-30BB-47C8-AD6A-E1063801134F}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{25A3A431-30BB-47C8-AD6A-E1063801134F}
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKCU\Software\YahooPartnerToolbar
***** [ Browsers ] *****
-\\ Internet Explorer v11.0.9600.17239
-\\ Mozilla Firefox v31.0 (x86 cs)
[ File : C:\Users\Ahne\AppData\Roaming\Mozilla\Firefox\Profiles\hxhcbcli.default\prefs.js ]
-\\ Google Chrome v
[ File : C:\Users\Ahne\AppData\Local\Google\Chrome\User Data\Default\preferences ]
*************************
AdwCleaner[R0].txt - [1481 octets] - [28/08/2014 22:48:55]
AdwCleaner[S0].txt - [1416 octets] - [28/08/2014 22:55:41]
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [1476 octets] ##########
# AdwCleaner v3.308 - Report created 14/09/2014 at 09:09:01
# Updated 20/08/2014 by Xplode
# Operating System : Windows 7 Professional Service Pack 1 (32 bits)
# Username : Ahne - AHNE-PC
# Running from : C:\Users\Ahne\Desktop\AdwCleaner.exe
# Option : Clean
***** [ Services ] *****
***** [ Files / Folders ] *****
***** [ Scheduled Tasks ] *****
***** [ Shortcuts ] *****
***** [ Registry ] *****
***** [ Browsers ] *****
-\\ Internet Explorer v11.0.9600.17239
-\\ Mozilla Firefox v31.0 (x86 cs)
[ File : C:\Users\Ahne\AppData\Roaming\Mozilla\Firefox\Profiles\hxhcbcli.default\prefs.js ]
-\\ Google Chrome v
[ File : C:\Users\Ahne\AppData\Local\Google\Chrome\User Data\Default\preferences ]
*************************
AdwCleaner[R0].txt - [1481 octets] - [28/08/2014 22:48:55]
AdwCleaner[R1].txt - [1036 octets] - [14/09/2014 09:06:50]
AdwCleaner[S0].txt - [1556 octets] - [28/08/2014 22:55:41]
AdwCleaner[S1].txt - [959 octets] - [14/09/2014 09:09:01]
########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [1018 octets] ##########
-
Rudy
- Site Admin
- Příspěvky: 119547
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: Zpomalený, nepoužitelný NTB, nejde RSIT
Dejte nový log FRST.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Re: Zpomalený, nepoužitelný NTB, nejde RSIT
Nutno z nouzového režimu...
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 12-09-2014
Ran by Ahne (administrator) on AHNE-PC on 14-09-2014 18:31:41
Running from C:\Users\Ahne\Desktop
Platform: Microsoft Windows 7 Professional Service Pack 1 (X86) OS Language: Čeština (Česká republika)
Internet Explorer Version 11
Boot Mode: Safe Mode (minimal)
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [avast] => C:\Program Files\AVAST Software\Avast\avastUI.exe [4858968 2013-05-09] (AVAST Software)
HKLM\...\Run: [HControlUser] => C:\Program Files\ASUS\ATK Hotkey\HControlUser.exe [105016 2009-06-19] (ASUS)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKU\S-1-5-21-1324107380-2242765828-2030796882-1001\...\RunOnce: [FlashPlayerUpdate] => C:\Windows\system32\Macromed\Flash\FlashUtil32_14_0_0_145_Plugin.exe [851632 2014-07-20] (Adobe Systems Incorporated)
HKU\S-1-5-21-1324107380-2242765828-2030796882-1001\...\MountPoints2: {f193a114-b0ea-11e2-96f1-002243c94155} - F:\Autorun.exe
ShellIconOverlayIdentifiers: 00avast -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll (AVAST Software)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
Toolbar: HKLM - avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 213.46.172.36 213.46.172.37
FireFox:
========
FF ProfilePath: C:\Users\Ahne\AppData\Roaming\Mozilla\Firefox\Profiles\hxhcbcli.default
FF Homepage: hxxp://www.google.cz/
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_14_0_0_145.dll ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\heureka-cz.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\mapy-cz.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\seznam-cz.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\slunecnice-cz.xml
FF Extension: FireShot - C:\Users\Ahne\AppData\Roaming\Mozilla\Firefox\Profiles\hxhcbcli.default\Extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba} [2014-07-24]
FF Extension: Pushbullet - C:\Users\Ahne\AppData\Roaming\Mozilla\Firefox\Profiles\hxhcbcli.default\Extensions\jid1-BYcQOfYfmBMd9A@jetpack.xpi [2014-07-14]
FF Extension: Adblock Plus - C:\Users\Ahne\AppData\Roaming\Mozilla\Firefox\Profiles\hxhcbcli.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013-07-26]
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2013-07-18]
Chrome:
=======
CHR CustomProfile: C:\Users\Ahne\AppData\Local\Google\Chrome\User Data\Default
========================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
S4 ASLDRService; C:\Program Files\ASUS\ATK Hotkey\ASLDRSrv.exe [84536 2009-06-15] (ASUS)
S2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [46808 2013-05-09] (AVAST Software)
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
S2 aswFsBlk; C:\Windows\system32\Drivers\aswFsBlk.sys [29816 2013-05-09] (AVAST Software)
S2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [66336 2013-05-09] (AVAST Software)
S1 aswRdr; C:\Windows\System32\Drivers\aswrdr2.sys [61680 2013-05-09] (AVAST Software)
S0 aswRvrt; C:\Windows\system32\Drivers\aswRvrt.sys [49376 2013-05-09] ()
S1 aswSnx; C:\Windows\system32\Drivers\aswSnx.sys [770344 2013-07-18] (AVAST Software)
S1 aswSP; C:\Windows\system32\Drivers\aswSP.sys [369584 2013-07-18] (AVAST Software)
S1 aswTdi; C:\Windows\system32\Drivers\aswTdi.sys [56080 2013-05-09] (AVAST Software)
S0 aswVmm; C:\Windows\system32\Drivers\aswVmm.sys [175176 2013-07-18] ()
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [242240 2013-04-29] (DT Soft Ltd)
R3 MTsensor; C:\Windows\System32\DRIVERS\ATKACPI.sys [7680 2007-07-31] (ATK0100)
R0 SmartDefragDriver; C:\Windows\System32\Drivers\SmartDefragDriver.sys [18624 2014-06-04] (IObit)
S3 SWDUMon; C:\Windows\System32\DRIVERS\SWDUMon.sys [13024 2012-12-01] ()
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-09-14 09:52 - 2014-08-19 19:39 - 00327872 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-09-14 09:52 - 2014-08-19 00:26 - 17455104 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-09-14 09:52 - 2014-08-19 00:08 - 04232704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-09-14 09:52 - 2014-08-18 23:57 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-09-14 09:52 - 2014-08-18 23:57 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-09-14 09:52 - 2014-08-18 23:46 - 00454656 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-09-14 09:52 - 2014-08-18 23:45 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-09-14 09:52 - 2014-08-18 23:44 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-09-14 09:52 - 2014-08-18 23:44 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-09-14 09:52 - 2014-08-18 23:42 - 02185728 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-09-14 09:52 - 2014-08-18 23:39 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-09-14 09:52 - 2014-08-18 23:39 - 00032768 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-09-14 09:52 - 2014-08-18 23:37 - 00440320 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-09-14 09:52 - 2014-08-18 23:36 - 00112128 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-09-14 09:52 - 2014-08-18 23:36 - 00108032 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-09-14 09:52 - 2014-08-18 23:35 - 00597504 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-09-14 09:52 - 2014-08-18 23:30 - 00646144 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-09-14 09:52 - 2014-08-18 23:27 - 00365056 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-09-14 09:52 - 2014-08-18 23:22 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-09-14 09:52 - 2014-08-18 23:19 - 00164864 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-09-14 09:52 - 2014-08-18 23:17 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-09-14 09:52 - 2014-08-18 23:17 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-09-14 09:52 - 2014-08-18 23:15 - 11769856 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-09-14 09:52 - 2014-08-18 23:09 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-09-14 09:52 - 2014-08-18 23:08 - 02014208 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-09-14 09:52 - 2014-08-18 23:08 - 00673792 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-09-14 09:52 - 2014-08-18 23:07 - 01068032 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-09-14 09:52 - 2014-08-18 22:46 - 01812992 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-09-14 09:52 - 2014-08-18 22:38 - 01190400 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-09-14 09:52 - 2014-08-18 22:36 - 00678400 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-09-14 09:51 - 2014-06-27 03:45 - 02285056 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2vdec.dll
2014-09-14 09:35 - 2014-08-23 03:46 - 00305152 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-09-14 09:35 - 2014-08-23 02:42 - 02352640 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-09-14 09:35 - 2014-07-07 03:40 - 01059840 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-09-14 09:35 - 2014-07-07 03:40 - 00550912 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-09-14 09:34 - 2014-09-05 03:52 - 00445952 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-09-14 09:34 - 2014-09-05 03:47 - 00302592 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-09-14 09:34 - 2014-08-01 13:35 - 00793600 _____ (Microsoft Corporation) C:\Windows\system32\TSWorkspace.dll
2014-09-14 09:34 - 2014-06-24 04:59 - 01987584 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2014-09-14 09:22 - 2014-05-14 18:23 - 01973728 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2014-09-14 09:22 - 2014-05-14 18:23 - 00054240 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2014-09-14 09:22 - 2014-05-14 18:23 - 00045536 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2014-09-14 09:22 - 2014-05-14 18:17 - 02425856 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2014-09-14 09:21 - 2014-05-14 18:23 - 00581600 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2014-09-14 09:21 - 2014-05-14 18:23 - 00036320 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2014-09-14 09:21 - 2014-05-14 18:17 - 00092672 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2014-09-14 09:21 - 2014-05-14 09:23 - 00179656 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2014-09-14 09:21 - 2014-05-14 09:17 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2014-09-14 09:19 - 2014-09-14 11:17 - 00450497 _____ () C:\Windows\WindowsUpdate.log
2014-09-14 09:12 - 2014-09-14 09:12 - 00001098 _____ () C:\Users\Ahne\Desktop\AdwCleaner[S1]_09_14.txt
2014-09-13 09:49 - 2014-09-13 09:49 - 00110112 _____ () C:\Users\Ahne\AppData\Local\GDIPFONTCACHEV1.DAT
2014-09-13 09:47 - 2014-09-13 09:47 - 00025030 _____ () C:\Users\Ahne\Desktop\Addition.txt
2014-09-13 09:46 - 2014-09-14 18:31 - 00002863 _____ () C:\Users\Ahne\Desktop\FRST.txt
2014-09-13 09:46 - 2014-09-14 18:31 - 00000000 ____D () C:\FRST
2014-09-13 09:45 - 2014-09-13 09:42 - 01097728 _____ (Farbar) C:\Users\Ahne\Desktop\FRST.exe
2014-09-13 09:32 - 2014-09-14 10:28 - 00000000 ____D () C:\Program Files\trend micro
2014-09-13 09:32 - 2014-09-13 09:32 - 00000000 ____D () C:\rsit
2014-09-13 09:31 - 2014-09-13 09:21 - 00781909 _____ () C:\Users\Ahne\Desktop\RSIT.exe
2014-09-13 09:31 - 2014-08-28 22:35 - 01364531 _____ () C:\Users\Ahne\Desktop\AdwCleaner.exe
2014-08-28 22:57 - 2014-09-14 18:20 - 00000516 _____ () C:\Windows\setupact.log
2014-08-28 22:57 - 2014-09-14 09:58 - 00410328 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-08-28 22:57 - 2014-08-28 22:57 - 00000000 _____ () C:\Windows\setuperr.log
2014-08-28 22:56 - 2014-09-14 09:09 - 00000620 _____ () C:\Windows\PFRO.log
2014-08-28 22:48 - 2014-09-14 09:09 - 00000000 ____D () C:\AdwCleaner
2014-08-28 22:48 - 2014-08-28 22:35 - 01364531 _____ () C:\Users\Ahne\Downloads\AdwCleaner.exe
2014-08-22 08:38 - 2014-08-22 08:38 - 00003216 ____N () C:\bootsqm.dat
2014-08-22 08:36 - 2014-08-22 08:36 - 00000000 __SHD () C:\found.000
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-09-14 18:31 - 2014-09-13 09:46 - 00002863 _____ () C:\Users\Ahne\Desktop\FRST.txt
2014-09-14 18:31 - 2014-09-13 09:46 - 00000000 ____D () C:\FRST
2014-09-14 18:20 - 2014-08-28 22:57 - 00000516 _____ () C:\Windows\setupact.log
2014-09-14 18:20 - 2009-07-14 06:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-09-14 11:17 - 2014-09-14 09:19 - 00450497 _____ () C:\Windows\WindowsUpdate.log
2014-09-14 11:08 - 2012-11-05 09:43 - 00000914 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-09-14 10:31 - 2009-07-14 06:34 - 00027776 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-09-14 10:31 - 2009-07-14 06:34 - 00027776 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-09-14 10:28 - 2014-09-13 09:32 - 00000000 ____D () C:\Program Files\trend micro
2014-09-14 10:28 - 2012-11-04 18:17 - 01612600 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-09-14 10:15 - 2013-08-15 09:47 - 00000000 ____D () C:\Windows\system32\MRT
2014-09-14 10:03 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\Microsoft.NET
2014-09-14 09:58 - 2014-08-28 22:57 - 00410328 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-09-14 09:50 - 2014-05-09 22:47 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-09-14 09:12 - 2014-09-14 09:12 - 00001098 _____ () C:\Users\Ahne\Desktop\AdwCleaner[S1]_09_14.txt
2014-09-14 09:09 - 2014-08-28 22:56 - 00000620 _____ () C:\Windows\PFRO.log
2014-09-14 09:09 - 2014-08-28 22:48 - 00000000 ____D () C:\AdwCleaner
2014-09-13 09:49 - 2014-09-13 09:49 - 00110112 _____ () C:\Users\Ahne\AppData\Local\GDIPFONTCACHEV1.DAT
2014-09-13 09:47 - 2014-09-13 09:47 - 00025030 _____ () C:\Users\Ahne\Desktop\Addition.txt
2014-09-13 09:42 - 2014-09-13 09:45 - 01097728 _____ (Farbar) C:\Users\Ahne\Desktop\FRST.exe
2014-09-13 09:32 - 2014-09-13 09:32 - 00000000 ____D () C:\rsit
2014-09-13 09:21 - 2014-09-13 09:31 - 00781909 _____ () C:\Users\Ahne\Desktop\RSIT.exe
2014-09-05 03:52 - 2014-09-14 09:34 - 00445952 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-09-05 03:47 - 2014-09-14 09:34 - 00302592 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-08-29 13:01 - 2012-11-05 20:55 - 98758480 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-08-28 22:57 - 2014-08-28 22:57 - 00000000 _____ () C:\Windows\setuperr.log
2014-08-28 22:35 - 2014-09-13 09:31 - 01364531 _____ () C:\Users\Ahne\Desktop\AdwCleaner.exe
2014-08-28 22:35 - 2014-08-28 22:48 - 01364531 _____ () C:\Users\Ahne\Downloads\AdwCleaner.exe
2014-08-28 22:30 - 2013-11-06 10:33 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-08-28 22:30 - 2012-11-07 20:52 - 00000000 ____D () C:\Users\Ahne\AppData\Roaming\uTorrent
2014-08-25 06:53 - 2012-11-04 18:45 - 00231584 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-08-23 03:46 - 2014-09-14 09:35 - 00305152 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-08-23 02:42 - 2014-09-14 09:35 - 02352640 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-08-22 08:38 - 2014-08-22 08:38 - 00003216 ____N () C:\bootsqm.dat
2014-08-22 08:36 - 2014-08-22 08:36 - 00000000 __SHD () C:\found.000
2014-08-19 19:39 - 2014-09-14 09:52 - 00327872 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-08-19 00:26 - 2014-09-14 09:52 - 17455104 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-08-19 00:08 - 2014-09-14 09:52 - 04232704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-08-18 23:57 - 2014-09-14 09:52 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-08-18 23:57 - 2014-09-14 09:52 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-08-18 23:46 - 2014-09-14 09:52 - 00454656 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-08-18 23:45 - 2014-09-14 09:52 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-08-18 23:44 - 2014-09-14 09:52 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-08-18 23:44 - 2014-09-14 09:52 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-08-18 23:42 - 2014-09-14 09:52 - 02185728 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-08-18 23:39 - 2014-09-14 09:52 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-08-18 23:39 - 2014-09-14 09:52 - 00032768 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-08-18 23:37 - 2014-09-14 09:52 - 00440320 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-08-18 23:36 - 2014-09-14 09:52 - 00112128 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-08-18 23:36 - 2014-09-14 09:52 - 00108032 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-08-18 23:35 - 2014-09-14 09:52 - 00597504 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-08-18 23:30 - 2014-09-14 09:52 - 00646144 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-08-18 23:27 - 2014-09-14 09:52 - 00365056 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-08-18 23:22 - 2014-09-14 09:52 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-08-18 23:19 - 2014-09-14 09:52 - 00164864 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-08-18 23:17 - 2014-09-14 09:52 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-08-18 23:17 - 2014-09-14 09:52 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-08-18 23:15 - 2014-09-14 09:52 - 11769856 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-08-18 23:09 - 2014-09-14 09:52 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-08-18 23:08 - 2014-09-14 09:52 - 02014208 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-08-18 23:08 - 2014-09-14 09:52 - 00673792 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-08-18 23:07 - 2014-09-14 09:52 - 01068032 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-08-18 22:46 - 2014-09-14 09:52 - 01812992 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-08-18 22:38 - 2014-09-14 09:52 - 01190400 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-08-18 22:36 - 2014-09-14 09:52 - 00678400 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-08-17 20:05 - 2012-11-07 20:56 - 00000000 ____D () C:\Users\Ahne\Downloads\Torrents
Some content of TEMP:
====================
C:\Users\Ahne\AppData\Local\Temp\Quarantine.exe
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2014-08-11 19:21
==================== End Of Log ============================
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 12-09-2014
Ran by Ahne (administrator) on AHNE-PC on 14-09-2014 18:31:41
Running from C:\Users\Ahne\Desktop
Platform: Microsoft Windows 7 Professional Service Pack 1 (X86) OS Language: Čeština (Česká republika)
Internet Explorer Version 11
Boot Mode: Safe Mode (minimal)
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [avast] => C:\Program Files\AVAST Software\Avast\avastUI.exe [4858968 2013-05-09] (AVAST Software)
HKLM\...\Run: [HControlUser] => C:\Program Files\ASUS\ATK Hotkey\HControlUser.exe [105016 2009-06-19] (ASUS)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKU\S-1-5-21-1324107380-2242765828-2030796882-1001\...\RunOnce: [FlashPlayerUpdate] => C:\Windows\system32\Macromed\Flash\FlashUtil32_14_0_0_145_Plugin.exe [851632 2014-07-20] (Adobe Systems Incorporated)
HKU\S-1-5-21-1324107380-2242765828-2030796882-1001\...\MountPoints2: {f193a114-b0ea-11e2-96f1-002243c94155} - F:\Autorun.exe
ShellIconOverlayIdentifiers: 00avast -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll (AVAST Software)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
Toolbar: HKLM - avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 213.46.172.36 213.46.172.37
FireFox:
========
FF ProfilePath: C:\Users\Ahne\AppData\Roaming\Mozilla\Firefox\Profiles\hxhcbcli.default
FF Homepage: hxxp://www.google.cz/
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_14_0_0_145.dll ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\heureka-cz.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\mapy-cz.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\seznam-cz.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\slunecnice-cz.xml
FF Extension: FireShot - C:\Users\Ahne\AppData\Roaming\Mozilla\Firefox\Profiles\hxhcbcli.default\Extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba} [2014-07-24]
FF Extension: Pushbullet - C:\Users\Ahne\AppData\Roaming\Mozilla\Firefox\Profiles\hxhcbcli.default\Extensions\jid1-BYcQOfYfmBMd9A@jetpack.xpi [2014-07-14]
FF Extension: Adblock Plus - C:\Users\Ahne\AppData\Roaming\Mozilla\Firefox\Profiles\hxhcbcli.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013-07-26]
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2013-07-18]
Chrome:
=======
CHR CustomProfile: C:\Users\Ahne\AppData\Local\Google\Chrome\User Data\Default
========================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
S4 ASLDRService; C:\Program Files\ASUS\ATK Hotkey\ASLDRSrv.exe [84536 2009-06-15] (ASUS)
S2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [46808 2013-05-09] (AVAST Software)
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
S2 aswFsBlk; C:\Windows\system32\Drivers\aswFsBlk.sys [29816 2013-05-09] (AVAST Software)
S2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [66336 2013-05-09] (AVAST Software)
S1 aswRdr; C:\Windows\System32\Drivers\aswrdr2.sys [61680 2013-05-09] (AVAST Software)
S0 aswRvrt; C:\Windows\system32\Drivers\aswRvrt.sys [49376 2013-05-09] ()
S1 aswSnx; C:\Windows\system32\Drivers\aswSnx.sys [770344 2013-07-18] (AVAST Software)
S1 aswSP; C:\Windows\system32\Drivers\aswSP.sys [369584 2013-07-18] (AVAST Software)
S1 aswTdi; C:\Windows\system32\Drivers\aswTdi.sys [56080 2013-05-09] (AVAST Software)
S0 aswVmm; C:\Windows\system32\Drivers\aswVmm.sys [175176 2013-07-18] ()
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [242240 2013-04-29] (DT Soft Ltd)
R3 MTsensor; C:\Windows\System32\DRIVERS\ATKACPI.sys [7680 2007-07-31] (ATK0100)
R0 SmartDefragDriver; C:\Windows\System32\Drivers\SmartDefragDriver.sys [18624 2014-06-04] (IObit)
S3 SWDUMon; C:\Windows\System32\DRIVERS\SWDUMon.sys [13024 2012-12-01] ()
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-09-14 09:52 - 2014-08-19 19:39 - 00327872 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-09-14 09:52 - 2014-08-19 00:26 - 17455104 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-09-14 09:52 - 2014-08-19 00:08 - 04232704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-09-14 09:52 - 2014-08-18 23:57 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-09-14 09:52 - 2014-08-18 23:57 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-09-14 09:52 - 2014-08-18 23:46 - 00454656 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-09-14 09:52 - 2014-08-18 23:45 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-09-14 09:52 - 2014-08-18 23:44 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-09-14 09:52 - 2014-08-18 23:44 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-09-14 09:52 - 2014-08-18 23:42 - 02185728 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-09-14 09:52 - 2014-08-18 23:39 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-09-14 09:52 - 2014-08-18 23:39 - 00032768 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-09-14 09:52 - 2014-08-18 23:37 - 00440320 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-09-14 09:52 - 2014-08-18 23:36 - 00112128 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-09-14 09:52 - 2014-08-18 23:36 - 00108032 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-09-14 09:52 - 2014-08-18 23:35 - 00597504 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-09-14 09:52 - 2014-08-18 23:30 - 00646144 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-09-14 09:52 - 2014-08-18 23:27 - 00365056 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-09-14 09:52 - 2014-08-18 23:22 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-09-14 09:52 - 2014-08-18 23:19 - 00164864 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-09-14 09:52 - 2014-08-18 23:17 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-09-14 09:52 - 2014-08-18 23:17 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-09-14 09:52 - 2014-08-18 23:15 - 11769856 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-09-14 09:52 - 2014-08-18 23:09 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-09-14 09:52 - 2014-08-18 23:08 - 02014208 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-09-14 09:52 - 2014-08-18 23:08 - 00673792 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-09-14 09:52 - 2014-08-18 23:07 - 01068032 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-09-14 09:52 - 2014-08-18 22:46 - 01812992 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-09-14 09:52 - 2014-08-18 22:38 - 01190400 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-09-14 09:52 - 2014-08-18 22:36 - 00678400 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-09-14 09:51 - 2014-06-27 03:45 - 02285056 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2vdec.dll
2014-09-14 09:35 - 2014-08-23 03:46 - 00305152 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-09-14 09:35 - 2014-08-23 02:42 - 02352640 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-09-14 09:35 - 2014-07-07 03:40 - 01059840 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-09-14 09:35 - 2014-07-07 03:40 - 00550912 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-09-14 09:34 - 2014-09-05 03:52 - 00445952 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-09-14 09:34 - 2014-09-05 03:47 - 00302592 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-09-14 09:34 - 2014-08-01 13:35 - 00793600 _____ (Microsoft Corporation) C:\Windows\system32\TSWorkspace.dll
2014-09-14 09:34 - 2014-06-24 04:59 - 01987584 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2014-09-14 09:22 - 2014-05-14 18:23 - 01973728 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2014-09-14 09:22 - 2014-05-14 18:23 - 00054240 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2014-09-14 09:22 - 2014-05-14 18:23 - 00045536 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2014-09-14 09:22 - 2014-05-14 18:17 - 02425856 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2014-09-14 09:21 - 2014-05-14 18:23 - 00581600 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2014-09-14 09:21 - 2014-05-14 18:23 - 00036320 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2014-09-14 09:21 - 2014-05-14 18:17 - 00092672 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2014-09-14 09:21 - 2014-05-14 09:23 - 00179656 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2014-09-14 09:21 - 2014-05-14 09:17 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2014-09-14 09:19 - 2014-09-14 11:17 - 00450497 _____ () C:\Windows\WindowsUpdate.log
2014-09-14 09:12 - 2014-09-14 09:12 - 00001098 _____ () C:\Users\Ahne\Desktop\AdwCleaner[S1]_09_14.txt
2014-09-13 09:49 - 2014-09-13 09:49 - 00110112 _____ () C:\Users\Ahne\AppData\Local\GDIPFONTCACHEV1.DAT
2014-09-13 09:47 - 2014-09-13 09:47 - 00025030 _____ () C:\Users\Ahne\Desktop\Addition.txt
2014-09-13 09:46 - 2014-09-14 18:31 - 00002863 _____ () C:\Users\Ahne\Desktop\FRST.txt
2014-09-13 09:46 - 2014-09-14 18:31 - 00000000 ____D () C:\FRST
2014-09-13 09:45 - 2014-09-13 09:42 - 01097728 _____ (Farbar) C:\Users\Ahne\Desktop\FRST.exe
2014-09-13 09:32 - 2014-09-14 10:28 - 00000000 ____D () C:\Program Files\trend micro
2014-09-13 09:32 - 2014-09-13 09:32 - 00000000 ____D () C:\rsit
2014-09-13 09:31 - 2014-09-13 09:21 - 00781909 _____ () C:\Users\Ahne\Desktop\RSIT.exe
2014-09-13 09:31 - 2014-08-28 22:35 - 01364531 _____ () C:\Users\Ahne\Desktop\AdwCleaner.exe
2014-08-28 22:57 - 2014-09-14 18:20 - 00000516 _____ () C:\Windows\setupact.log
2014-08-28 22:57 - 2014-09-14 09:58 - 00410328 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-08-28 22:57 - 2014-08-28 22:57 - 00000000 _____ () C:\Windows\setuperr.log
2014-08-28 22:56 - 2014-09-14 09:09 - 00000620 _____ () C:\Windows\PFRO.log
2014-08-28 22:48 - 2014-09-14 09:09 - 00000000 ____D () C:\AdwCleaner
2014-08-28 22:48 - 2014-08-28 22:35 - 01364531 _____ () C:\Users\Ahne\Downloads\AdwCleaner.exe
2014-08-22 08:38 - 2014-08-22 08:38 - 00003216 ____N () C:\bootsqm.dat
2014-08-22 08:36 - 2014-08-22 08:36 - 00000000 __SHD () C:\found.000
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-09-14 18:31 - 2014-09-13 09:46 - 00002863 _____ () C:\Users\Ahne\Desktop\FRST.txt
2014-09-14 18:31 - 2014-09-13 09:46 - 00000000 ____D () C:\FRST
2014-09-14 18:20 - 2014-08-28 22:57 - 00000516 _____ () C:\Windows\setupact.log
2014-09-14 18:20 - 2009-07-14 06:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-09-14 11:17 - 2014-09-14 09:19 - 00450497 _____ () C:\Windows\WindowsUpdate.log
2014-09-14 11:08 - 2012-11-05 09:43 - 00000914 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-09-14 10:31 - 2009-07-14 06:34 - 00027776 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-09-14 10:31 - 2009-07-14 06:34 - 00027776 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-09-14 10:28 - 2014-09-13 09:32 - 00000000 ____D () C:\Program Files\trend micro
2014-09-14 10:28 - 2012-11-04 18:17 - 01612600 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-09-14 10:15 - 2013-08-15 09:47 - 00000000 ____D () C:\Windows\system32\MRT
2014-09-14 10:03 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\Microsoft.NET
2014-09-14 09:58 - 2014-08-28 22:57 - 00410328 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-09-14 09:50 - 2014-05-09 22:47 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-09-14 09:12 - 2014-09-14 09:12 - 00001098 _____ () C:\Users\Ahne\Desktop\AdwCleaner[S1]_09_14.txt
2014-09-14 09:09 - 2014-08-28 22:56 - 00000620 _____ () C:\Windows\PFRO.log
2014-09-14 09:09 - 2014-08-28 22:48 - 00000000 ____D () C:\AdwCleaner
2014-09-13 09:49 - 2014-09-13 09:49 - 00110112 _____ () C:\Users\Ahne\AppData\Local\GDIPFONTCACHEV1.DAT
2014-09-13 09:47 - 2014-09-13 09:47 - 00025030 _____ () C:\Users\Ahne\Desktop\Addition.txt
2014-09-13 09:42 - 2014-09-13 09:45 - 01097728 _____ (Farbar) C:\Users\Ahne\Desktop\FRST.exe
2014-09-13 09:32 - 2014-09-13 09:32 - 00000000 ____D () C:\rsit
2014-09-13 09:21 - 2014-09-13 09:31 - 00781909 _____ () C:\Users\Ahne\Desktop\RSIT.exe
2014-09-05 03:52 - 2014-09-14 09:34 - 00445952 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-09-05 03:47 - 2014-09-14 09:34 - 00302592 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-08-29 13:01 - 2012-11-05 20:55 - 98758480 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-08-28 22:57 - 2014-08-28 22:57 - 00000000 _____ () C:\Windows\setuperr.log
2014-08-28 22:35 - 2014-09-13 09:31 - 01364531 _____ () C:\Users\Ahne\Desktop\AdwCleaner.exe
2014-08-28 22:35 - 2014-08-28 22:48 - 01364531 _____ () C:\Users\Ahne\Downloads\AdwCleaner.exe
2014-08-28 22:30 - 2013-11-06 10:33 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-08-28 22:30 - 2012-11-07 20:52 - 00000000 ____D () C:\Users\Ahne\AppData\Roaming\uTorrent
2014-08-25 06:53 - 2012-11-04 18:45 - 00231584 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-08-23 03:46 - 2014-09-14 09:35 - 00305152 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-08-23 02:42 - 2014-09-14 09:35 - 02352640 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-08-22 08:38 - 2014-08-22 08:38 - 00003216 ____N () C:\bootsqm.dat
2014-08-22 08:36 - 2014-08-22 08:36 - 00000000 __SHD () C:\found.000
2014-08-19 19:39 - 2014-09-14 09:52 - 00327872 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-08-19 00:26 - 2014-09-14 09:52 - 17455104 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-08-19 00:08 - 2014-09-14 09:52 - 04232704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-08-18 23:57 - 2014-09-14 09:52 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-08-18 23:57 - 2014-09-14 09:52 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-08-18 23:46 - 2014-09-14 09:52 - 00454656 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-08-18 23:45 - 2014-09-14 09:52 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-08-18 23:44 - 2014-09-14 09:52 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-08-18 23:44 - 2014-09-14 09:52 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-08-18 23:42 - 2014-09-14 09:52 - 02185728 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-08-18 23:39 - 2014-09-14 09:52 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-08-18 23:39 - 2014-09-14 09:52 - 00032768 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-08-18 23:37 - 2014-09-14 09:52 - 00440320 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-08-18 23:36 - 2014-09-14 09:52 - 00112128 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-08-18 23:36 - 2014-09-14 09:52 - 00108032 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-08-18 23:35 - 2014-09-14 09:52 - 00597504 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-08-18 23:30 - 2014-09-14 09:52 - 00646144 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-08-18 23:27 - 2014-09-14 09:52 - 00365056 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-08-18 23:22 - 2014-09-14 09:52 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-08-18 23:19 - 2014-09-14 09:52 - 00164864 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-08-18 23:17 - 2014-09-14 09:52 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-08-18 23:17 - 2014-09-14 09:52 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-08-18 23:15 - 2014-09-14 09:52 - 11769856 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-08-18 23:09 - 2014-09-14 09:52 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-08-18 23:08 - 2014-09-14 09:52 - 02014208 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-08-18 23:08 - 2014-09-14 09:52 - 00673792 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-08-18 23:07 - 2014-09-14 09:52 - 01068032 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-08-18 22:46 - 2014-09-14 09:52 - 01812992 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-08-18 22:38 - 2014-09-14 09:52 - 01190400 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-08-18 22:36 - 2014-09-14 09:52 - 00678400 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-08-17 20:05 - 2012-11-07 20:56 - 00000000 ____D () C:\Users\Ahne\Downloads\Torrents
Some content of TEMP:
====================
C:\Users\Ahne\AppData\Local\Temp\Quarantine.exe
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2014-08-11 19:21
==================== End Of Log ============================
-
Rudy
- Site Admin
- Příspěvky: 119547
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: Zpomalený, nepoužitelný NTB, nejde RSIT
Otevřte poznámkový blok a zkopírujte do něj:
Uložte na plochu jako fixlist.txt. Spusťte znovu FRST a klikněte na >Fix<. Po skončení akce se objeví log, který sem zkopírujte.Start
HKU\S-1-5-21-1324107380-2242765828-2030796882-1001\...\MountPoints2: {f193a114-b0ea-11e2-96f1-002243c94155} - F:\Autorun.exe
FF Plugin: @microsoft.com/GENUINE -> disabled No File
C:\Users\Ahne\AppData\Local\Temp
End
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Re: Zpomalený, nepoužitelný NTB, nejde RSIT
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 12-09-2014
Ran by Ahne at 2014-09-14 22:47:48 Run:1
Running from C:\Users\Ahne\Desktop
Boot Mode: Safe Mode (minimal)
==============================================
Content of fixlist:
*****************
Start
HKU\S-1-5-21-1324107380-2242765828-2030796882-1001\...\MountPoints2: {f193a114-b0ea-11e2-96f1-002243c94155} - F:\Autorun.exe
FF Plugin: @microsoft.com/GENUINE -> disabled No File
C:\Users\Ahne\AppData\Local\Temp
End
*****************
"HKU\S-1-5-21-1324107380-2242765828-2030796882-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f193a114-b0ea-11e2-96f1-002243c94155}" => Key deleted successfully.
"HKCR\CLSID\{f193a114-b0ea-11e2-96f1-002243c94155}" => Key not found.
"HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE" => Key deleted successfully.
"C:\Users\Ahne\AppData\Local\Temp" directory move:
C:\Users\Ahne\AppData\Local\Temp\AdobeARM.log => Moved successfully.
C:\Users\Ahne\AppData\Local\Temp\AdobeARM_NotLocked.log => Moved successfully.
C:\Users\Ahne\AppData\Local\Temp\AdwCleaner.jpg => Moved successfully.
C:\Users\Ahne\AppData\Local\Temp\Cleaning.ico => Moved successfully.
C:\Users\Ahne\AppData\Local\Temp\Donate.ico => Moved successfully.
C:\Users\Ahne\AppData\Local\Temp\etilqs_FQAaTC56yW6Nt30 => Moved successfully.
C:\Users\Ahne\AppData\Local\Temp\etilqs_O6rxx5hwIYikdS0 => Moved successfully.
C:\Users\Ahne\AppData\Local\Temp\EULA.txt => Moved successfully.
Could not move "C:\Users\Ahne\AppData\Local\Temp\FXSAPIDebugLogFile.txt" => Scheduled to move on reboot.
C:\Users\Ahne\AppData\Local\Temp\log3 => Moved successfully.
C:\Users\Ahne\AppData\Local\Temp\Quarantine.exe => Moved successfully.
C:\Users\Ahne\AppData\Local\Temp\Report.ico => Moved successfully.
C:\Users\Ahne\AppData\Local\Temp\Scan.ico => Moved successfully.
C:\Users\Ahne\AppData\Local\Temp\Uninstall.ico => Moved successfully.
Could not move "C:\Users\Ahne\AppData\Local\Temp" directory. => Scheduled to move on reboot.
=> Result of Scheduled Files to move (Boot Mode: Normal) (Date&Time: 2014-09-14 22:49:43)<=
C:\Users\Ahne\AppData\Local\Temp\FXSAPIDebugLogFile.txt => Is moved successfully.
C:\Users\Ahne\AppData\Local\Temp => Moved successfully.
==== End of Fixlog ====
Ran by Ahne at 2014-09-14 22:47:48 Run:1
Running from C:\Users\Ahne\Desktop
Boot Mode: Safe Mode (minimal)
==============================================
Content of fixlist:
*****************
Start
HKU\S-1-5-21-1324107380-2242765828-2030796882-1001\...\MountPoints2: {f193a114-b0ea-11e2-96f1-002243c94155} - F:\Autorun.exe
FF Plugin: @microsoft.com/GENUINE -> disabled No File
C:\Users\Ahne\AppData\Local\Temp
End
*****************
"HKU\S-1-5-21-1324107380-2242765828-2030796882-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f193a114-b0ea-11e2-96f1-002243c94155}" => Key deleted successfully.
"HKCR\CLSID\{f193a114-b0ea-11e2-96f1-002243c94155}" => Key not found.
"HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE" => Key deleted successfully.
"C:\Users\Ahne\AppData\Local\Temp" directory move:
C:\Users\Ahne\AppData\Local\Temp\AdobeARM.log => Moved successfully.
C:\Users\Ahne\AppData\Local\Temp\AdobeARM_NotLocked.log => Moved successfully.
C:\Users\Ahne\AppData\Local\Temp\AdwCleaner.jpg => Moved successfully.
C:\Users\Ahne\AppData\Local\Temp\Cleaning.ico => Moved successfully.
C:\Users\Ahne\AppData\Local\Temp\Donate.ico => Moved successfully.
C:\Users\Ahne\AppData\Local\Temp\etilqs_FQAaTC56yW6Nt30 => Moved successfully.
C:\Users\Ahne\AppData\Local\Temp\etilqs_O6rxx5hwIYikdS0 => Moved successfully.
C:\Users\Ahne\AppData\Local\Temp\EULA.txt => Moved successfully.
Could not move "C:\Users\Ahne\AppData\Local\Temp\FXSAPIDebugLogFile.txt" => Scheduled to move on reboot.
C:\Users\Ahne\AppData\Local\Temp\log3 => Moved successfully.
C:\Users\Ahne\AppData\Local\Temp\Quarantine.exe => Moved successfully.
C:\Users\Ahne\AppData\Local\Temp\Report.ico => Moved successfully.
C:\Users\Ahne\AppData\Local\Temp\Scan.ico => Moved successfully.
C:\Users\Ahne\AppData\Local\Temp\Uninstall.ico => Moved successfully.
Could not move "C:\Users\Ahne\AppData\Local\Temp" directory. => Scheduled to move on reboot.
=> Result of Scheduled Files to move (Boot Mode: Normal) (Date&Time: 2014-09-14 22:49:43)<=
C:\Users\Ahne\AppData\Local\Temp\FXSAPIDebugLogFile.txt => Is moved successfully.
C:\Users\Ahne\AppData\Local\Temp => Moved successfully.
==== End of Fixlog ====
-
Rudy
- Site Admin
- Příspěvky: 119547
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: Zpomalený, nepoužitelný NTB, nejde RSIT
Smazáno. Nastala nějaká změna?
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Re: Zpomalený, nepoužitelný NTB, nejde RSIT
Bohužel vůbec. Stále stejný problém. Po startu cca ještě 30 sekund reaguje, pak se zpomalí na minimum a spuštění průzkumníku trvá 5 minut.
Díky za jakékoli rady.
Díky za jakékoli rady.
-
Rudy
- Site Admin
- Příspěvky: 119547
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: Zpomalený, nepoužitelný NTB, nejde RSIT
Dejte log ComboFix:
Stahnete a ulozte nejlepe na plochu ComboFix: http://download.bleepingcomputer.com/sUBs/ComboFix.exe
pote spustte aplikaci pod uctem s administratorskym opravnenim
hned po startu se zobrazi obrazovka s licencnimi podminkami, pokracujte kliknutim na tlacitko Ano.
v klidu si postavte na kafe (cela akce trva cca. 5-10 minut, nekdy i dele - dle toho, o jak rychly stroj se
jedna a kolika soubory se skener bude muset prodirat), behem skenu se nepokousejte spoustet zadne jine
aplikace ani nic jineho
behem skenovani nepropadejte panice, vas stroj muze byt restartovan (predevsim pri prvni aplikaci skeneru)
upozorneni: pokud pouzivate antispyware s rezidentnim stitem, prepnete jeho rezidentni stit do Install Mode,
pripadne jej po dobu skenu uplne deaktivujte, protoze dochazi pri skenu a vymazu pripadneho malware k
nezadoucim kolizim s rezidentem antispyware.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Přispějete na provoz fóra?