Prosím o kontrolu - pomalejší NB

Zpráva

good007 · #16 Příspěvek od **good007** » 20 led 2012 21:56

Log zde:

############################## | UsbFix 7.059 | [Deletion]

User: bvtechnika (Administrator) # BVTECHNIKA-NB [LENOVO 2714AAG]
Updated 16/09/2011 by El Desaparecido
Started at 21:45:20 | 20/01/2012
Website: http://eldesaparecido.com
Submit your sample: http://eldesaparecido.com/support.php
Contact: contact@eldesaparecido.com

CPU: Intel(R) Core(TM)2 Duo CPU T6670 @ 2.20GHz
CPU 2: Intel(R) Core(TM)2 Duo CPU T6670 @ 2.20GHz
Microsoft Windows 7 Professional (6.1.7601 32-Bit) # Service Pack 1
Internet Explorer 9.0.8112.16421

Windows Firewall: Disabled /!\
RAM -> 1944 Mb
C:\ (%systemdrive%) -> Fixed drive # 222 Gb (126 Mb free - 57%) [Windows7_OS] # NTFS
E:\ -> Removable drive # 7 Gb (345 Mb free - 5%) [] # FAT32
F:\ -> CD-ROM
G:\ -> Fixed drive # 1397 Gb (1034 Mb free - 74%) [SAMSUNG] # FAT32
Q:\ -> Fixed drive # 10 Gb (3 Mb free - 29%) [Lenovo_Reco] # NTFS

################## | Files # Infected Folders |

Deleted ! C:\$RECYCLE.BIN\S-1-5-20
Deleted ! C:\$RECYCLE.BIN\S-1-5-21-1874585466-316254698-1277606442-1004
Deleted ! Q:\$RECYCLE.BIN\S-1-5-21-1874585466-316254698-1277606442-1004
Deleted ! E:\Recycler\desktop.ini
Deleted ! Q:\AUTORUN.INF

(!) Temporary files deleted.

################## | Registry |

################## | Mountpoints2 |

Deleted ! HKCU\.\.\.\.\Explorer\MountPoints2\{a8cae881-4f32-11e0-a804-806e6f6e6963}
Deleted ! HKCU\.\.\.\.\Explorer\MountPoints2\{d9e7159f-e34a-11e0-ae02-506313c883f7}

################## | Listing |

[20/01/2012 - 21:49:11 | SHD ] C:\$Recycle.Bin
[19/09/2011 - 05:59:44 | D ] C:\AuthLog
[10/06/2009 - 22:42:20 | N | 24] C:\autoexec.bat
[21/07/2009 - 07:20:37 | D ] C:\Boot
[13/07/2004 - 12:27:24 | N | 2734] C:\Boot332.s19
[14/07/2009 - 02:38:58 | RASH | 383562] C:\bootmgr
[21/07/2009 - 07:20:38 | N | 8192] C:\BOOTSECT.BAK
[20/01/2012 - 08:01:14 | D ] C:\Config.Msi
[10/06/2009 - 22:42:20 | N | 10] C:\config.sys
[14/07/2009 - 05:53:55 | SHD ] C:\Documents and Settings
[21/03/2011 - 09:12:57 | D ] C:\DRIVERS
[18/03/2008 - 10:02:16 | N | 517136] C:\eps.s19
[07/11/2007 - 08:00:40 | N | 17734] C:\eula.1028.txt
[07/11/2007 - 08:00:40 | N | 17734] C:\eula.1031.txt
[07/11/2007 - 08:00:40 | N | 10134] C:\eula.1033.txt
[07/11/2007 - 08:00:40 | N | 17734] C:\eula.1036.txt
[07/11/2007 - 08:00:40 | N | 17734] C:\eula.1040.txt
[07/11/2007 - 08:00:40 | N | 118] C:\eula.1041.txt
[07/11/2007 - 08:00:40 | N | 17734] C:\eula.1042.txt
[07/11/2007 - 08:00:40 | N | 17734] C:\eula.2052.txt
[07/11/2007 - 08:00:40 | N | 17734] C:\eula.3082.txt
[07/11/2007 - 08:00:40 | N | 1110] C:\globdata.ini
[20/01/2012 - 21:41:56 | ASH | 1528848384] C:\hiberfil.sys
[07/04/2011 - 09:14:21 | D ] C:\IDAPI
[09/12/2011 - 11:08:59 | D ] C:\Install
[07/11/2007 - 08:03:18 | N | 562688] C:\install.exe
[07/11/2007 - 08:00:40 | N | 843] C:\install.ini
[07/11/2007 - 08:03:18 | N | 76304] C:\install.res.1028.dll
[07/11/2007 - 08:03:18 | N | 96272] C:\install.res.1031.dll
[07/11/2007 - 08:03:18 | N | 91152] C:\install.res.1033.dll
[07/11/2007 - 08:03:18 | N | 97296] C:\install.res.1036.dll
[07/11/2007 - 08:03:18 | N | 95248] C:\install.res.1040.dll
[07/11/2007 - 08:03:18 | N | 81424] C:\install.res.1041.dll
[07/11/2007 - 08:03:18 | N | 79888] C:\install.res.1042.dll
[07/11/2007 - 08:03:18 | N | 75792] C:\install.res.2052.dll
[07/11/2007 - 08:03:18 | N | 96272] C:\install.res.3082.dll
[31/10/2009 - 00:59:28 | D ] C:\Intel
[26/11/2011 - 20:31:40 | D ] C:\Intelect
[09/12/2011 - 11:03:34 | N | 0] C:\IO.SYS
[07/04/2011 - 09:07:38 | D ] C:\JCB2
[01/06/2011 - 13:57:36 | D ] C:\JCB_Servicemaster_2
[09/12/2011 - 11:08:41 | D ] C:\klient
[31/10/2009 - 01:30:38 | D ] C:\mfg
[09/12/2011 - 11:03:34 | N | 0] C:\MSDOS.SYS
[31/10/2009 - 01:20:19 | RHD ] C:\MSOCache
[20/01/2012 - 21:42:00 | ASH | 2038464512] C:\pagefile.sys
[02/04/2011 - 21:40:50 | D ] C:\partslnk
[26/11/2011 - 21:12:22 | D ] C:\Pcst
[24/03/2011 - 21:41:01 | D ] C:\PerfLogs
[20/01/2012 - 20:15:02 | N | 512] C:\PhysicalMBR.bin
[20/01/2012 - 07:35:30 | D ] C:\Program Files
[12/01/2012 - 18:19:56 | HD ] C:\ProgramData
[22/03/2011 - 13:55:21 | D ] C:\pvdatastore
[21/03/2011 - 08:03:44 | RSHD ] C:\RRbackups
[18/09/2011 - 20:38:29 | D ] C:\rsit
[09/12/2011 - 11:03:31 | D ] C:\SQL6
[25/03/2011 - 12:00:05 | D ] C:\swshare
[21/03/2011 - 08:27:25 | D ] C:\SWTOOLS
[27/04/2011 - 11:40:45 | D ] C:\swwork
[20/01/2012 - 20:14:51 | SHD ] C:\System Volume Information
[29/09/2011 - 21:25:29 | D ] C:\temp
[20/01/2012 - 21:49:11 | D ] C:\UsbFix
[20/01/2012 - 21:45:22 | A | 942] C:\UsbFix.txt
[21/03/2011 - 08:05:39 | D ] C:\Users
[07/11/2007 - 08:00:40 | N | 5686] C:\vcredist.bmp
[31/10/2009 - 01:09:55 | N | 410158] C:\vcredist_x86.log
[07/11/2007 - 08:09:22 | N | 1442522] C:\VC_RED.cab
[07/11/2007 - 08:12:28 | N | 232960] C:\VC_RED.MSI
[16/01/2012 - 22:26:41 | D ] C:\Windows
[14/01/2012 - 17:50:20 | D ] E:\KLIPY 2011
[15/01/2012 - 19:03:26 | D ] E:\FOTO
[29/11/2011 - 15:58:12 | HD ] E:\RECYCLER
[25/09/2011 - 08:18:08 | D ] E:\HARLEJ - Harlejland-Best Of (CZ 2010)
[25/09/2011 - 08:18:44 | D ] E:\HARLEJ - Harlejova kometa (CZ 1998)
[25/09/2011 - 08:19:08 | D ] E:\Harlej - Musime se pochvalit
[25/09/2011 - 08:19:24 | D ] E:\HARLEJ 2008 - University
[25/09/2011 - 08:20:10 | D ] E:\HARLEJ Zastavte tu vodu
[25/09/2011 - 08:20:28 | D ] E:\Harlej_-_Kdyz_Chvalim_Tak_Sebe-CZ-2004-PiAD
[25/09/2011 - 08:21:00 | D ] E:\KABAT - Banditi di Praga (CZ 2010)
[25/09/2011 - 08:21:38 | D ] E:\Harlej - Ctyri z punku a pes
[25/09/2011 - 08:21:54 | D ] E:\HARLEJ - Harlej krisna (CZ 1997)
[25/09/2011 - 08:23:50 | D ] E:\Ostatní
[17/11/2011 - 15:12:50 | D ] E:\Agritechniky 2011
[29/11/2011 - 15:57:58 | D ] E:\69482745
[18/08/2009 - 11:33:24 | D ] G:\SamsungSoftware
[07/03/2011 - 20:17:44 | D ] G:\Martina
[08/01/2012 - 11:54:54 | D ] G:\BUDA
[19/11/2009 - 18:45:32 | SHD ] G:\System Volume Information
[27/11/2011 - 12:45:42 | D ] G:\Záloha NB 20111127
[13/11/2011 - 19:00:30 | D ] G:\zálohaVojta
[25/07/2010 - 20:59:24 | D ] G:\KBCertifikat
[09/08/2009 - 20:23:58 | N | 165] G:\~$Stroje all.xlsx
[28/11/2009 - 15:19:04 | SHD ] G:\$RECYCLE.BIN
[18/01/2011 - 20:17:08 | D ] G:\Záloha LENOVO
[13/02/2011 - 22:06:38 | ASH | 7168] G:\Thumbs.db
[23/03/2011 - 22:30:32 | D ] G:\Hasiči
[20/01/2010 - 17:34:30 | D ] G:\FILMY
[28/11/2009 - 17:28:04 | D ] G:\Recycled
[18/01/2010 - 21:52:24 | D ] G:\VProRecovery
[28/02/2010 - 19:28:22 | D ] G:\Obrázky
[28/02/2010 - 21:32:02 | D ] G:\HUDBA
[28/02/2010 - 21:33:56 | D ] G:\Soukromé
[20/01/2012 - 21:49:11 | SHD ] Q:\$RECYCLE.BIN
[15/03/2011 - 20:17:49 | D ] Q:\FactoryRecovery
[10/08/2009 - 22:01:24 | N | 267576] Q:\LenovoQDrive.exe
[03/06/2008 - 02:17:50 | N | 422982] Q:\qdrive.ico
[21/03/2011 - 08:02:46 | SHD ] Q:\System Volume Information

################## | Vaccin |

C:\Autorun.inf -> Vaccine created by UsbFix (TeamXscript)
E:\Autorun.inf -> Vaccine created by UsbFix (TeamXscript)
G:\Autorun.inf -> Vaccine created by UsbFix (TeamXscript)
Q:\Autorun.inf -> Vaccine created by UsbFix (TeamXscript)

################## | Upload |

Please send the file: C:\UsbFix_Upload_Me_BVTECHNIKA-NB.zip
http://eldesaparecido.com/support.php
Thank you for your contribution.

################## | E.O.F |

good007 · #17 Příspěvek od **good007** » 20 led 2012 22:03

OTL logfile created on: 20.1.2012 21:58:41 - Run 2
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\bvtechnika\Desktop
Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy

1,90 Gb Total Physical Memory | 1,37 Gb Available Physical Memory | 72,07% Memory free
3,80 Gb Paging File | 3,38 Gb Available in Paging File | 89,12% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 221,95 Gb Total Space | 125,86 Gb Free Space | 56,71% Space Free | Partition Type: NTFS
Drive E: | 7,45 Gb Total Space | 0,34 Gb Free Space | 4,53% Space Free | Partition Type: FAT32
Drive G: | 1396,92 Gb Total Space | 1034,32 Gb Free Space | 74,04% Space Free | Partition Type: FAT32
Drive Q: | 9,76 Gb Total Space | 2,83 Gb Free Space | 28,98% Space Free | Partition Type: NTFS

Computer Name: BVTECHNIKA-NB | User Name: bvtechnika | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 7 Days

========== Processes (SafeList) ==========

PRC - [2012.01.20 19:09:49 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\bvtechnika\Desktop\OTL.exe
PRC - [2011.02.25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe

========== Modules (No Company Name) ==========

MOD - [2011.03.02 12:40:51 | 000,140,288 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll
MOD - [2009.09.09 00:59:06 | 000,651,264 | ---- | M] () -- C:\Program Files\Lenovo\Access Connections\AcDeskBand.dll

========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- -- (ApRunSvc)
SRV - [2012.01.03 14:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Stopped] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011.12.24 17:50:18 | 000,652,872 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011.12.05 13:34:56 | 000,092,592 | ---- | M] (TomTom) [Auto | Stopped] -- C:\Program Files\Navigace\TomTom HOME 2\TomTomHOMEService.exe -- (TomTomHOMEService)
SRV - [2011.03.21 09:42:25 | 001,343,400 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2011.03.01 15:47:56 | 002,296,696 | ---- | M] (TeamViewer GmbH) [Auto | Stopped] -- C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe -- (TeamViewer6)
SRV - [2011.01.12 16:44:02 | 000,033,584 | ---- | M] (ESET) [On_Demand | Stopped] -- C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe -- (EhttpSrv)
SRV - [2011.01.12 16:41:42 | 000,810,144 | ---- | M] (ESET) [Auto | Stopped] -- C:\Program Files\ESET\ESET Smart Security\ekrn.exe -- (ekrn)
SRV - [2010.03.25 13:39:22 | 000,490,280 | ---- | M] (Nero AG) [Auto | Stopped] -- C:\Program Files\Nero\Update\NASvc.exe -- (NAUpdate)
SRV - [2009.09.09 01:10:24 | 000,242,976 | ---- | M] (Lenovo) [Auto | Stopped] -- C:\Program Files\Lenovo\Access Connections\AcSvc.exe -- (AcSvc)
SRV - [2009.09.09 01:10:22 | 000,124,192 | ---- | M] (Lenovo) [Auto | Stopped] -- C:\Program Files\Lenovo\Access Connections\AcPrfMgrSvc.exe -- (AcPrfMgrSvc)
SRV - [2009.09.04 22:58:06 | 000,015,872 | ---- | M] (Lenovo Group Limited) [Disabled | Stopped] -- c:\Program Files\Lenovo\System Update\SUService.exe -- (SUService)
SRV - [2009.09.01 07:32:20 | 000,098,304 | ---- | M] () [Auto | Stopped] -- C:\Windows\System32\DTS.exe -- (dtsvc)
SRV - [2009.09.01 07:32:16 | 000,106,496 | ---- | M] () [On_Demand | Stopped] -- C:\Windows\System32\ADMonitor.exe -- (ADMonitor)
SRV - [2009.09.01 07:28:04 | 001,692,920 | ---- | M] (AuthenTec, Inc.) [Auto | Stopped] -- C:\Windows\System32\AtService.exe -- (ATService)
SRV - [2009.08.26 23:02:26 | 001,021,240 | ---- | M] (Lenovo Group Limited) [Auto | Stopped] -- C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe -- (ThinkVantage Registry Monitor Service)
SRV - [2009.08.24 05:00:02 | 000,172,032 | ---- | M] (AMD) [Auto | Stopped] -- C:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2009.08.23 19:04:00 | 000,075,040 | ---- | M] (Lenovo) [On_Demand | Stopped] -- C:\Program Files\ThinkPad\Utilities\PWMDBSVC.EXE -- (Power Manager DBC Service)
SRV - [2009.07.15 02:18:02 | 000,062,320 | ---- | M] (Lenovo Group Limited) [Auto | Stopped] -- C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe -- (TPHKSVC)
SRV - [2009.07.14 02:16:15 | 000,016,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\StorSvc.dll -- (StorSvc)
SRV - [2009.07.14 02:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009.07.14 02:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009.07.14 02:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009.07.03 10:47:10 | 000,045,424 | ---- | M] (Lenovo Group Limited) [Auto | Stopped] -- C:\Program Files\Lenovo\HOTKEY\micmute.exe -- (LENOVO.MICMUTE)
SRV - [2009.07.02 02:03:12 | 000,582,944 | ---- | M] (Broadcom Corporation.) [Auto | Stopped] -- C:\Program Files\ThinkPad\Bluetooth Software\btwdins.exe -- (btwdins)
SRV - [2009.04.29 03:21:04 | 000,410,624 | ---- | M] (Conexant Systems, Inc.) [Auto | Stopped] -- C:\Windows\System32\XAudio32.dll -- (HsfXAudioService)
SRV - [2008.01.12 01:50:16 | 000,030,312 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe -- (BcmSqlStartupSvc)
SRV - [2007.01.05 03:48:50 | 000,112,152 | ---- | M] (InterVideo) [Auto | Stopped] -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe -- (IviRegMgr)

========== Driver Services (SafeList) ==========

DRV - [2011.12.10 15:24:06 | 000,020,464 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2011.09.29 19:26:09 | 000,691,696 | ---- | M] (Duplex Secure Ltd.) [Kernel | Boot | Stopped] -- C:\Windows\System32\Drivers\sptd.sys -- (sptd)
DRV - [2010.12.21 15:04:06 | 000,137,144 | ---- | M] (ESET) [File_System | Auto | Stopped] -- C:\Windows\System32\drivers\eamonm.sys -- (eamonm)
DRV - [2010.12.21 15:04:06 | 000,115,008 | ---- | M] (ESET) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\ehdrv.sys -- (ehdrv)
DRV - [2010.12.21 13:47:38 | 000,134,000 | ---- | M] (ESET) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\epfw.sys -- (epfw)
DRV - [2010.12.21 13:47:38 | 000,041,336 | ---- | M] (ESET) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\epfwwfp.sys -- (epfwwfp)
DRV - [2010.12.21 13:47:38 | 000,033,120 | ---- | M] (ESET) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\epfwndis.sys -- (Epfwndis)
DRV - [2010.11.20 13:30:15 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\vmbus.sys -- (vmbus)
DRV - [2010.11.20 13:30:15 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\vmstorfl.sys -- (storflt)
DRV - [2010.11.20 13:30:15 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\storvsc.sys -- (storvsc)
DRV - [2010.11.20 11:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010.11.20 10:14:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2010.11.20 10:14:41 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\vms3cap.sys -- (s3cap)
DRV - [2009.12.15 13:05:42 | 000,102,912 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbmdm.sys -- (hwdatacard)
DRV - [2009.12.15 13:05:42 | 000,101,120 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbdev.sys -- (hwusbdev)
DRV - [2009.12.15 13:05:42 | 000,023,424 | ---- | M] (Huawei Tech. Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewdcsc.sys -- (Huawei)
DRV - [2009.10.31 01:13:37 | 000,033,088 | ---- | M] (Lenovo (United States) Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\psadd.sys -- (psadd)
DRV - [2009.09.17 06:05:02 | 000,092,712 | ---- | M] (SafeNet, Inc.) [Kernel | Auto | Stopped] -- C:\Windows\System32\Drivers\SENTINEL.SYS -- (Sentinel)
DRV - [2009.09.17 06:05:02 | 000,038,376 | ---- | M] (SafeNet, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\SNTNLUSB.SYS -- (SNTNLUSB)
DRV - [2009.09.15 18:40:18 | 006,114,816 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw5s32.sys -- (NETw5s32) Ovladač adaptéru Intel(R)
DRV - [2009.09.01 09:44:16 | 000,485,376 | ---- | M] (AuthenTec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ATSwpWDF.sys -- (ATSwpWDF)
DRV - [2009.08.24 05:32:48 | 005,073,920 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2009.08.23 19:04:00 | 000,011,552 | ---- | M] (Lenovo Group Limited) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\TPPWR32V.SYS -- (TPPWRIF)
DRV - [2009.08.18 07:08:14 | 000,020,848 | ---- | M] (PC-Doctor, Inc.) [Kernel | On_Demand | Stopped] -- c:\Program Files\PC-Doctor\pcdsrvc.pkms -- (PCDSRVC{C4B36920-79E24793-06000000}_0)
DRV - [2009.08.18 07:08:14 | 000,020,848 | ---- | M] (PC-Doctor, Inc.) [Kernel | On_Demand | Stopped] -- c:\Program Files\PC-Doctor\pcdsrvc.pkms -- (PCDSRVC{3037D694-FD904ACA-06000000}_0)
DRV - [2009.07.22 06:56:22 | 000,459,264 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\CHDRT32.sys -- (CnxtHdAudService)
DRV - [2009.07.14 00:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vwifimp.sys -- (vwifimp)
DRV - [2009.07.14 00:12:52 | 000,030,720 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tpm.sys -- (TPM)
DRV - [2009.07.02 18:16:22 | 000,038,336 | ---- | M] (Lenovo (United States) Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tvti2c.sys -- (TVTI2C)
DRV - [2009.06.29 21:51:04 | 000,117,800 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\Windows\System32\DRIVERS\Apsx86.sys -- (Shockprf)
DRV - [2009.06.29 21:51:02 | 000,020,520 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\Windows\System32\DRIVERS\ApsHM86.sys -- (TPDIGIMN)
DRV - [2009.06.25 08:58:00 | 000,048,128 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2009.06.25 08:25:00 | 000,038,400 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2009.06.25 08:10:00 | 000,044,544 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2009.06.23 04:49:58 | 000,040,832 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HECI.sys -- (HECI) Intel(R)
DRV - [2009.06.11 09:04:22 | 003,486,208 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\snp2uvc.sys -- (SNP2UVC) USB2.0 PC Camera (SNP2UVC)
DRV - [2009.05.14 00:40:38 | 004,231,680 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw5v32.sys -- (netw5v32) Intel(R)
DRV - [2009.04.29 14:37:26 | 000,025,088 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\KMWDFILTER.sys -- (KMWDFILTERx86)
DRV - [2009.04.29 03:20:56 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\XAudio32.sys -- (XAudio)
DRV - [2009.03.18 16:35:40 | 000,026,176 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\hamachi.sys -- (hamachi)
DRV - [2008.06.06 14:31:00 | 000,029,184 | ---- | M] (Thesycon GmbH, Germany) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbio.sys -- (usbio)
DRV - [2008.05.12 10:04:04 | 000,013,480 | ---- | M] (Lenovo Group Limited) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\smiif32.sys -- (lenovo.smi)
DRV - [2008.03.07 11:08:08 | 000,154,672 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2008.02.20 19:14:46 | 000,023,712 | ---- | M] (NetChip Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NcBulk.sys -- (NCBULK)
DRV - [2007.04.18 04:09:28 | 000,011,032 | ---- | M] (InterVideo) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\regi.sys -- (regi)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search bar = http://search.msn.com/spbasic.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-1874585466-316254698-1277606442-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://www.lenovo.com/welcome/thinkpad [binary data]
IE - HKU\S-1-5-21-1874585466-316254698-1277606442-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/
IE - HKU\S-1-5-21-1874585466-316254698-1277606442-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: MapShare-status@tomtom.com:1.7.1
FF - prefs.js..extensions.enabledItems: baseTheme@tomtom.com:1.0.2

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird [2011.03.24 06:22:43 | 000,000,000 | ---D | M]

[2011.12.12 19:07:52 | 000,000,000 | ---D | M] (No name found) -- C:\Users\bvtechnika\AppData\Roaming\Mozilla\Extensions
[2011.12.12 19:07:52 | 000,000,000 | ---D | M] (No name found) -- C:\Users\bvtechnika\AppData\Roaming\Mozilla\Extensions\home2@tomtom.com
[2011.12.12 19:07:16 | 000,000,000 | ---D | M] (Map status indicator) -- C:\PROGRAM FILES\NAVIGACE\TOMTOM HOME 2\XUL\EXTENSIONS\MAPSHARE-STATUS@TOMTOM.COM

O1 HOSTS File: ([2009.06.10 22:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (IePasswordManagerHelper Class) - {BF468356-BB7E-42D7-9F15-4F3B9BCFCED2} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll (Lenovo Group Limited)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\S-1-5-21-1874585466-316254698-1277606442-1004\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [4-Day Forecast] C:\Program Files\4-Day Forecast\4-Day Forecast\4-Day Forecast.exe ()
O4 - HKLM..\Run: [AcWin7Hlpr] C:\Program Files\Lenovo\Access Connections\AcWin7Hlpr.exe ()
O4 - HKLM..\Run: [CNAP2 Launcher] C:\Windows\System32\spool\drivers\w32x86\3\CNAP2LAK.EXE (CANON INC.)
O4 - HKLM..\Run: [egui] C:\Program Files\ESET\ESET Smart Security\egui.exe (ESET)
O4 - HKLM..\Run: [FingerPrintSoftware] C:\Program Files\Lenovo Fingerprint Software\fpapp.exe (AuthenTec)
O4 - HKLM..\Run: [LENOVO.TPFNF6R] C:\Program Files\Lenovo\HOTKEY\tpfnf6r.exe (Lenovo Group Limited)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [Message Center Plus] C:\Program Files\LENOVO\Message Center Plus\MCPLaunch.exe ()
O4 - HKLM..\Run: [PWMTRV] C:\Program Files\ThinkPad\Utilities\PWMTR32V.DLL (Lenovo Group Limited)
O4 - HKLM..\Run: [TPHOTKEY] C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe (Lenovo Group Limited)
O4 - HKLM..\RunOnce: [] File not found
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableCAD = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
O7 - HKU\S-1-5-21-1874585466-316254698-1277606442-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 0
O7 - HKU\S-1-5-21-1874585466-316254698-1277606442-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 3
O8 - Extra context menu item: Odeslat obrázek do zařízení &Bluetooth... - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Odeslat stránku do zařízení &Bluetooth... - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: @C:\Program Files\ThinkPad\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @C:\Program Files\ThinkPad\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Lenovo Password Manager... - {F4F55DC8-0B69-4DFE-BA94-CB677B88B2A3} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll (Lenovo Group Limited)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_24)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3DA8152A-9ACD-4126-8311-97339128566F}: DhcpNameServer = 10.0.0.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\Userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) -C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2012.01.20 21:50:52 | 000,000,000 | RHSD | M] - C:\Autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2012.01.20 21:50:54 | 000,000,000 | RHSD | M] - E:\Autorun.inf -- [ FAT32 ]
O32 - AutoRun File - [2012.01.20 21:50:56 | 000,000,000 | RHSD | M] - G:\Autorun.inf -- [ FAT32 ]
O32 - AutoRun File - [2012.01.20 21:50:55 | 000,000,000 | RHSD | M] - Q:\Autorun.inf -- [ NTFS ]
O33 - MountPoints2\{a8cae88b-4f32-11e0-a804-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{a8cae88b-4f32-11e0-a804-806e6f6e6963}\Shell\AutoRun\command - "" = explorer index.htm
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 7 Days ==========

[2012.01.20 21:50:52 | 000,000,000 | RHSD | C] -- C:\Autorun.inf
[2012.01.20 21:21:30 | 000,000,000 | ---D | C] -- C:\UsbFix
[2012.01.20 21:20:19 | 001,238,088 | ---- | C] (El Desaparecido.com) -- C:\Users\bvtechnika\Desktop\UsbFix.exe
[2012.01.20 19:09:45 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\bvtechnika\Desktop\OTL.exe
[2012.01.20 09:51:21 | 000,000,000 | ---D | C] -- C:\Users\bvtechnika\Documents\Hauer_Ersatzteilkatalog
[2012.01.20 07:34:01 | 000,000,000 | ---D | C] -- C:\Config.Msi
[2012.01.15 22:20:11 | 000,000,000 | ---D | C] -- C:\Users\bvtechnika\Desktop\Měření výkonu
[2011.02.11 17:40:40 | 000,004,096 | ---- | C] ( ) -- C:\Windows\System32\IGFXDEVLib.dll
[2009.10.31 01:43:17 | 000,232,448 | ---- | C] ( ) -- C:\Windows\System32\rsnp2uvc.dll
[2009.10.31 01:43:17 | 000,196,608 | ---- | C] ( ) -- C:\Windows\System32\csnp2uvc.dll
[2 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]

========== Files - Modified Within 7 Days ==========

[2012.01.20 21:52:54 | 382,344,340 | ---- | M] () -- C:\UsbFix_Upload_Me_BVTECHNIKA-NB.zip
[2012.01.20 21:42:02 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.01.20 21:41:56 | 1528,848,384 | -HS- | M] () -- C:\hiberfil.sys
[2012.01.20 21:41:10 | 000,016,976 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.01.20 21:41:10 | 000,016,976 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.01.20 21:34:47 | 000,001,024 | ---- | M] () -- C:\Users\bvtechnika\.rnd
[2012.01.20 21:21:38 | 000,729,476 | ---- | M] () -- C:\Windows\System32\perfh005.dat
[2012.01.20 21:21:38 | 000,713,842 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.01.20 21:21:38 | 000,159,594 | ---- | M] () -- C:\Windows\System32\perfc005.dat
[2012.01.20 21:21:38 | 000,143,722 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.01.20 21:20:26 | 001,238,088 | ---- | M] (El Desaparecido.com) -- C:\Users\bvtechnika\Desktop\UsbFix.exe
[2012.01.20 20:15:02 | 000,000,512 | ---- | M] () -- C:\PhysicalMBR.bin
[2012.01.20 19:09:49 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\bvtechnika\Desktop\OTL.exe
[2012.01.19 10:30:56 | 000,000,109 | ---- | M] () -- C:\Windows\ODBC.INI
[2012.01.18 08:42:23 | 000,413,008 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012.01.17 20:56:18 | 000,880,762 | ---- | M] () -- C:\Users\bvtechnika\Desktop\prospekt-biodrill_aj.pdf
[2012.01.17 15:03:49 | 010,086,840 | ---- | M] () -- C:\Users\bvtechnika\Desktop\Components_for_trailers_2010.pdf
[2012.01.17 12:27:12 | 000,118,266 | ---- | M] () -- C:\Users\bvtechnika\Desktop\Rando HD 46 - MSDS 2008.pdf
[2012.01.16 22:26:46 | 000,000,069 | ---- | M] () -- C:\Windows\NeroDigital.ini
[2 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012.01.20 21:51:14 | 382,344,340 | ---- | C] () -- C:\UsbFix_Upload_Me_BVTECHNIKA-NB.zip
[2012.01.20 19:16:34 | 000,000,512 | ---- | C] () -- C:\PhysicalMBR.bin
[2012.01.17 20:56:18 | 000,880,762 | ---- | C] () -- C:\Users\bvtechnika\Desktop\prospekt-biodrill_aj.pdf
[2012.01.17 15:03:35 | 010,086,840 | ---- | C] () -- C:\Users\bvtechnika\Desktop\Components_for_trailers_2010.pdf
[2012.01.17 12:27:11 | 000,118,266 | ---- | C] () -- C:\Users\bvtechnika\Desktop\Rando HD 46 - MSDS 2008.pdf
[2012.01.16 22:26:41 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2011.11.07 15:39:50 | 000,000,094 | ---- | C] () -- C:\Windows\ParrotFlashWiz.INI
[2011.09.13 19:07:14 | 000,000,000 | ---- | C] () -- C:\Windows\pcst.INI
[2011.09.13 18:30:26 | 000,000,046 | ---- | C] () -- C:\Windows\RP121032.ini
[2011.09.13 18:04:11 | 000,061,440 | ---- | C] () -- C:\Windows\System32\MD5Lib.dll
[2011.09.13 18:04:11 | 000,048,640 | ---- | C] () -- C:\Windows\System32\Tralib.dll
[2011.09.13 18:04:11 | 000,000,300 | ---- | C] () -- C:\Windows\System32\drivers\GENPORT.INI
[2011.09.13 18:03:30 | 000,357,048 | ---- | C] () -- C:\Windows\System32\Whutil_3_1.dll
[2011.09.13 18:03:30 | 000,356,428 | ---- | C] () -- C:\Windows\System32\WidcommSdkBox.dll
[2011.09.13 18:03:30 | 000,242,632 | ---- | C] () -- C:\Windows\System32\WhLog_3_1.dll
[2011.09.13 18:03:30 | 000,241,763 | ---- | C] () -- C:\Windows\System32\ComClientCriptaDecriptaCNH.dll
[2011.09.13 18:03:30 | 000,102,400 | ---- | C] () -- C:\Windows\System32\WebsiteDataCodeProcessing.dll
[2011.09.13 18:03:30 | 000,102,400 | ---- | C] () -- C:\Windows\System32\DownloadDataCodeProcessing.dll
[2011.09.13 18:03:30 | 000,086,016 | ---- | C] () -- C:\Windows\System32\DPAM32.dll
[2011.09.13 18:03:30 | 000,073,728 | ---- | C] () -- C:\Windows\System32\j2534.dll
[2011.09.13 18:03:30 | 000,010,088 | ---- | C] () -- C:\Windows\System32\dpduEcuParams.ini
[2011.09.13 18:03:30 | 000,008,479 | ---- | C] () -- C:\Windows\System32\dPdu4Ecs.ini
[2011.09.13 18:03:30 | 000,000,962 | ---- | C] () -- C:\Windows\System32\dpaCan4Ecs.ini
[2011.09.13 18:03:30 | 000,000,688 | ---- | C] () -- C:\Windows\System32\ECS_380.ini
[2011.09.13 18:03:29 | 000,032,768 | ---- | C] () -- C:\Windows\System32\ATLRPCMessage.dll
[2011.09.13 18:03:00 | 000,006,550 | ---- | C] () -- C:\Windows\jautoexp.dat
[2011.09.13 17:55:50 | 000,000,138 | ---- | C] () -- C:\Windows\SNSRXCFG_200.INI
[2011.09.13 17:55:30 | 000,278,621 | ---- | C] () -- C:\Windows\System32\ComNewDecryptCrypt.dll
[2011.09.13 17:52:52 | 000,077,824 | ---- | C] () -- C:\Windows\System32\DPAMRP32.dll
[2011.09.13 17:52:52 | 000,048,640 | ---- | C] () -- C:\Windows\System32\DPASRP32.dll
[2011.09.13 17:52:52 | 000,003,642 | ---- | C] () -- C:\Windows\DG121032.ini
[2011.09.13 17:52:52 | 000,000,160 | ---- | C] () -- C:\Windows\Dg_dpa32.ini
[2011.09.04 12:11:49 | 000,000,090 | ---- | C] () -- C:\Windows\wa.INI
[2011.06.24 06:32:18 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2011.04.11 08:39:54 | 000,000,000 | ---- | C] () -- C:\Windows\HPMProp.INI
[2011.03.24 21:40:00 | 000,007,598 | ---- | C] () -- C:\Users\bvtechnika\AppData\Local\resmon.resmoncfg
[2011.03.21 10:45:56 | 000,000,109 | ---- | C] () -- C:\Windows\ODBC.INI
[2010.09.17 16:38:06 | 003,473,408 | ---- | C] () -- C:\Windows\System32\itextsharp.dll
[2010.08.25 19:30:02 | 000,439,308 | ---- | C] () -- C:\Windows\System32\igcompkrng500.bin
[2010.08.25 19:30:00 | 000,982,240 | ---- | C] () -- C:\Windows\System32\igkrng500.bin
[2010.08.25 19:30:00 | 000,092,356 | ---- | C] () -- C:\Windows\System32\igfcg500m.bin
[2010.08.25 18:57:00 | 000,000,151 | ---- | C] () -- C:\Windows\System32\GfxUI.exe.config
[2009.10.31 01:48:59 | 000,729,476 | ---- | C] () -- C:\Windows\System32\perfh005.dat
[2009.10.31 01:48:59 | 000,292,004 | ---- | C] () -- C:\Windows\System32\perfi005.dat
[2009.10.31 01:48:59 | 000,159,594 | ---- | C] () -- C:\Windows\System32\perfc005.dat
[2009.10.31 01:48:59 | 000,036,232 | ---- | C] () -- C:\Windows\System32\perfd005.dat
[2009.10.31 01:43:17 | 003,486,208 | ---- | C] () -- C:\Windows\System32\drivers\snp2uvc.sys
[2009.10.31 01:43:17 | 000,028,544 | ---- | C] () -- C:\Windows\System32\drivers\sncduvc.sys
[2009.10.31 01:43:17 | 000,015,497 | ---- | C] () -- C:\Windows\snp2uvc.ini
[2009.10.31 01:00:13 | 000,197,655 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2009.10.31 00:52:55 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2009.09.01 07:32:20 | 000,098,304 | ---- | C] () -- C:\Windows\System32\DTS.exe
[2009.09.01 07:32:16 | 000,106,496 | ---- | C] () -- C:\Windows\System32\ADMonitor.exe
[2009.07.14 05:57:37 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009.07.14 05:33:53 | 000,413,008 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2009.07.14 03:05:48 | 000,713,842 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2009.07.14 03:05:48 | 000,291,294 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2009.07.14 03:05:48 | 000,143,722 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2009.07.14 03:05:48 | 000,031,548 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2009.07.14 03:05:05 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2009.07.14 03:04:11 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2009.07.14 00:55:01 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009.07.14 00:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009.07.14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[2009.07.13 23:09:19 | 000,139,824 | ---- | C] () -- C:\Windows\System32\igfcg500.bin
[2009.06.10 22:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat

========== LOP Check ==========

[2011.09.29 19:37:11 | 000,000,000 | ---D | M] -- C:\Users\bvtechnika\AppData\Roaming\DAEMON Tools Lite
[2011.03.24 06:23:39 | 000,000,000 | ---D | M] -- C:\Users\bvtechnika\AppData\Roaming\ESET
[2011.03.21 08:40:17 | 000,000,000 | ---D | M] -- C:\Users\bvtechnika\AppData\Roaming\GHISLER
[2011.11.19 22:26:36 | 000,000,000 | ---D | M] -- C:\Users\bvtechnika\AppData\Roaming\InterVideo
[2011.03.21 08:24:06 | 000,000,000 | ---D | M] -- C:\Users\bvtechnika\AppData\Roaming\Lenovo
[2011.10.12 08:09:48 | 000,000,000 | ---D | M] -- C:\Users\bvtechnika\AppData\Roaming\PowerView
[2011.09.20 10:58:13 | 000,000,000 | ---D | M] -- C:\Users\bvtechnika\AppData\Roaming\Telefónica Móviles
[2011.12.12 19:07:51 | 000,000,000 | ---D | M] -- C:\Users\bvtechnika\AppData\Roaming\TomTom
[2011.10.21 20:00:00 | 000,000,452 | ---- | M] () -- C:\Windows\Tasks\PCDoctorBackgroundMonitorTask.job
[2011.10.05 18:50:12 | 000,032,604 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========

========== Custom Scans ==========

< :otl >

< @Alternate Data Stream - 6536 bytes -> C:\Windows\PLA\System\System Diagnostics.xml:0v1ieca3Feahez0jAwxjjk5uRh >

< SRV - File not found [Disabled | Stopped] -- -- (ApRunSvc) >

< 3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. >

< O3 - HKU\S-1-5-21-1874585466-316254698-1277606442-1004\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found. >

< O4 - HKLM..\Run: [] File not found >

< O13 - gopher Prefix: missing >

< 20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found >
Invalid Switch: pagefile) - File not found

< O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. >

< [6 C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\*.tmp files -> C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\*.tmp -> ] >

< [1 C:\Windows\inf\Aurora Core\*.tmp files -> C:\Windows\inf\Aurora Core\*.tmp -> ] >

< [1 C:\Windows\inf\Aurora Core\0000\*.tmp files -> C:\Windows\inf\Aurora Core\0000\*.tmp -> ] >

< [1 C:\Windows\inf\Aurora Core\0005\*.tmp files -> C:\Windows\inf\Aurora Core\0005\*.tmp -> ] >

< [1 C:\Windows\inf\Aurora Core\0009\*.tmp files -> C:\Windows\inf\Aurora Core\0009\*.tmp -> ] >

< [1 C:\Windows\SoftwareDistribution\Download\c8791b92a30551cff0a6adeda368401a\*.tmp files -> C:\Windows\SoftwareDistribution\Download\c8791b92a30551cff0a6adeda368401a\*.tmp -> ] >

< [1 C:\Windows\SoftwareDistribution\Download\c9e9c044766a3c918ec5e5fec8466e43\*.tmp files -> C:\Windows\SoftwareDistribution\Download\c9e9c044766a3c918ec5e5fec8466e43\*.tmp -> ] >

< [2 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ] >

< [2011.10.21 20:00:00 | 000,000,452 | ---- | M] () -- C:\Windows\Tasks\PCDoctorBackgroundMonitorTask.job >

< >

< :files >

< c:\Users\bvtechnika\Documents\Soukromé\Tomtom\TomTom_Western_and_Central_Europe_2GB_870_3419+aktivator\TomTom aktivace /d >
Invalid Switch: d

< %windir%\system32\*.tmp.dll /s >

< %windir%\system32\SET*.tmp /s >
[2 C:\Windows\system32\*.tmp files -> C:\Windows\system32\*.tmp -> ]

< %windir%\*.tmp >

< >

< :commands >

< [RESETHOSTS] >

< [EMPTYTEMP] >

< [EMPTYFLASH] >

< End of report >

#18 Příspěvek od **vyosek** » 20 led 2012 22:10

v OTL musite kliknout na Opravit, jak je psano i v navodu

good007 · #19 Příspěvek od **good007** » 20 led 2012 22:11

Tak tady je ten správný log:

All processes killed
========== OTL ==========
ADS C:\Windows\PLA\System\System Diagnostics.xml:0v1ieca3Feahez0jAwxjjk5uRh deleted successfully.
Service ApRunSvc stopped successfully!
Service ApRunSvc deleted successfully!
Registry value HKEY_USERS\S-1-5-21-1874585466-316254698-1277606442-1004\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{21FA44EF-376D-4D53-9B0F-8A89D3229068} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{21FA44EF-376D-4D53-9B0F-8A89D3229068}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\Prefixes\\gopher|:gopher:// /E : value set successfully!
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.
C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP4DD4.tmp folder deleted successfully.
C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP5E64.tmp folder deleted successfully.
C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP781C.tmp folder deleted successfully.
C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP8545.tmp folder deleted successfully.
C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP9963.tmp folder deleted successfully.
C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP9D57.tmp\mscorlib.dll deleted successfully.
C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP9D57.tmp folder deleted successfully.
C:\Windows\inf\Aurora Core\tmpD9BE.tmp deleted successfully.
C:\Windows\inf\Aurora Core\0000\tmpD9BD.tmp deleted successfully.
C:\Windows\inf\Aurora Core\0005\tmpD9BD.tmp deleted successfully.
C:\Windows\inf\Aurora Core\0009\tmpD9BD.tmp deleted successfully.
C:\Windows\SoftwareDistribution\Download\c8791b92a30551cff0a6adeda368401a\BIT6C1A.tmp deleted successfully.
C:\Windows\SoftwareDistribution\Download\c9e9c044766a3c918ec5e5fec8466e43\BITDFB6.tmp deleted successfully.
C:\Windows\System32\SET8BBD.tmp deleted successfully.
C:\Windows\System32\SETF546.tmp deleted successfully.
C:\Windows\Tasks\PCDoctorBackgroundMonitorTask.job moved successfully.
========== FILES ==========
c:\Users\bvtechnika\Documents\Soukromé\Tomtom\TomTom_Western_and_Central_Europe_2GB_870_3419+aktivator\TomTom aktivace\ttsystem_Patcher\Compact.exe deleted successfully.
c:\Users\bvtechnika\Documents\Soukromé\Tomtom\TomTom_Western_and_Central_Europe_2GB_870_3419+aktivator\TomTom aktivace\ttsystem_Patcher\cygwin1.dll deleted successfully.
c:\Users\bvtechnika\Documents\Soukromé\Tomtom\TomTom_Western_and_Central_Europe_2GB_870_3419+aktivator\TomTom aktivace\ttsystem_Patcher\Extract.exe deleted successfully.
c:\Users\bvtechnika\Documents\Soukromé\Tomtom\TomTom_Western_and_Central_Europe_2GB_870_3419+aktivator\TomTom aktivace\ttsystem_Patcher\gzip.exe deleted successfully.
c:\Users\bvtechnika\Documents\Soukromé\Tomtom\TomTom_Western_and_Central_Europe_2GB_870_3419+aktivator\TomTom aktivace\ttsystem_Patcher\Patcher.exe deleted successfully.
c:\Users\bvtechnika\Documents\Soukromé\Tomtom\TomTom_Western_and_Central_Europe_2GB_870_3419+aktivator\TomTom aktivace\ttsystem_Patcher\RunMe.bat deleted successfully.
c:\Users\bvtechnika\Documents\Soukromé\Tomtom\TomTom_Western_and_Central_Europe_2GB_870_3419+aktivator\TomTom aktivace\ttsystem_Patcher folder deleted successfully.
c:\Users\bvtechnika\Documents\Soukromé\Tomtom\TomTom_Western_and_Central_Europe_2GB_870_3419+aktivator\TomTom aktivace\Progs\keygen6.exe deleted successfully.
c:\Users\bvtechnika\Documents\Soukromé\Tomtom\TomTom_Western_and_Central_Europe_2GB_870_3419+aktivator\TomTom aktivace\Progs\meta.txt deleted successfully.
c:\Users\bvtechnika\Documents\Soukromé\Tomtom\TomTom_Western_and_Central_Europe_2GB_870_3419+aktivator\TomTom aktivace\Progs\tt7_keygen.exe deleted successfully.
c:\Users\bvtechnika\Documents\Soukromé\Tomtom\TomTom_Western_and_Central_Europe_2GB_870_3419+aktivator\TomTom aktivace\Progs\tt7_metacheck.exe deleted successfully.
c:\Users\bvtechnika\Documents\Soukromé\Tomtom\TomTom_Western_and_Central_Europe_2GB_870_3419+aktivator\TomTom aktivace\Progs\tt8_keygen.exe deleted successfully.
c:\Users\bvtechnika\Documents\Soukromé\Tomtom\TomTom_Western_and_Central_Europe_2GB_870_3419+aktivator\TomTom aktivace\Progs\tt8_mapcheck.exe deleted successfully.
c:\Users\bvtechnika\Documents\Soukromé\Tomtom\TomTom_Western_and_Central_Europe_2GB_870_3419+aktivator\TomTom aktivace\Progs\tt8_mapcheck2.exe deleted successfully.
c:\Users\bvtechnika\Documents\Soukromé\Tomtom\TomTom_Western_and_Central_Europe_2GB_870_3419+aktivator\TomTom aktivace\Progs folder deleted successfully.
c:\Users\bvtechnika\Documents\Soukromé\Tomtom\TomTom_Western_and_Central_Europe_2GB_870_3419+aktivator\TomTom aktivace\insert_meta_from_Map_here folder deleted successfully.
c:\Users\bvtechnika\Documents\Soukromé\Tomtom\TomTom_Western_and_Central_Europe_2GB_870_3419+aktivator\TomTom aktivace\DeviceID.txt deleted successfully.
c:\Users\bvtechnika\Documents\Soukromé\Tomtom\TomTom_Western_and_Central_Europe_2GB_870_3419+aktivator\TomTom aktivace\RunMeforAllAutomatic.cmd deleted successfully.
c:\Users\bvtechnika\Documents\Soukromé\Tomtom\TomTom_Western_and_Central_Europe_2GB_870_3419+aktivator\TomTom aktivace\RunMeforDCT.cmd deleted successfully.
c:\Users\bvtechnika\Documents\Soukromé\Tomtom\TomTom_Western_and_Central_Europe_2GB_870_3419+aktivator\TomTom aktivace\RunMeforMetaKey.cmd deleted successfully.
c:\Users\bvtechnika\Documents\Soukromé\Tomtom\TomTom_Western_and_Central_Europe_2GB_870_3419+aktivator\TomTom aktivace folder deleted successfully.
File/Folder C:\Windows\system32\*.tmp.dll not found.
File/Folder C:\Windows\system32\SET*.tmp not found.
File/Folder C:\Windows\*.tmp not found.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: All Users

User: bvtechnika
->Temp folder emptied: 44870152 bytes
->Temporary Internet Files folder emptied: 334326386 bytes
->Java cache emptied: 32555737 bytes
->Flash cache emptied: 931 bytes

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 16875009 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 409,00 mb

[EMPTYFLASH]

User: All Users

User: bvtechnika
->Flash cache emptied: 0 bytes

User: Default

User: Default User

User: Public

Total Flash Files Cleaned = 0,00 mb

OTL by OldTimer - Version 3.2.31.0 log created on 01202012_220502

Files\Folders moved on Reboot...
C:\Users\bvtechnika\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\AntiPhishing\ED8654D5-B9F0-4DD9-B3E8-F8F560086FDF.dat moved successfully.
C:\Users\bvtechnika\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Q77QKHLO\afr[1].htm moved successfully.
C:\Users\bvtechnika\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Q77QKHLO\viewtopic[2].htm moved successfully.

Registry entries deleted on Reboot...

good007 · #20 Příspěvek od **good007** » 20 led 2012 22:11

Omlouvám se , teď je to snad OK

#21 Příspěvek od **vyosek** » 21 led 2012 09:03

Ted ano

TFC http://oldtimer.geekstogo.com/TFC.exe

Stahnete a spustte
Kliknete na Start a potvrdte OK
Program uklidi a restartuje pc
Po pouziti utilitu smazte

Stahnete Ccleaner (viz muj podpis)
Panel čistič

Vse nechte jak je, jen dejte Analyzovat a pote Spustit CCleaner

Panel registry

dejte Hledej problémy
nasledne Opravit problémy - zalohu registru doporucuji udelat, opravte vsechny problemy
postup opakujte dokud nebude bez problemu - vetsinou cca 3x

Panel nástroje

Zde muzete odinstalovat nepotrebne programy

CCleaner doporucuji pouzivat cca jednou za tyden

Doporucuji provest defragmentaci disku

Nejjednodussi (ale nejmene ucinny) zpusob je pomoci utility ve windowsech
- Kliknete na Tento pocitac, dale na disk kliknete pravym tlacitkem, vyberte Vlastnosti
- prepnete se do zalozky Nastroje
- Nyni vidite pomucky Defragmentace - spustte ji kliknutim na Defragmentovat
- Toto provedte se vsemi disky
Dalsi moznosti (a mnou doporucenou) je pres programek Defraggler http://www.stahuj.centrum.cz/utility_a_ ... efraggler/
- Program stahnete, nainstalujte (dejte fajfku pryc u yahoo toolbaru) a spustte
- Kliknete na Analyzovat
- Pokud je ve sloupci Fragmentováno vice jak 5%, doporucuji provest defragmentaci (klik na Defragmentovat)
- Postup provedte se vsemi disky
Posledni moznost je pres jednoduchy programek JKDefrag http://www.stahuj.centrum.cz/utility_a_ ... /jkdefrag/
- Vyhodou programku je, ze se neinstaluje
- Staci tedy jen stahnout dle verze vaseho OS a rozbalit
- Nasledne spustit pomoci souboru JKDefrag pripadne JKDefrag64
- Probehne analyza disku a nasledne i defragmentace

Napiste co PC

good007 · #22 Příspěvek od **good007** » 21 led 2012 09:57

Dobré ráno,

tak defragmentaci disku jsem už spustil na noc, a pomohla. Stejně to ale proběhnu tím vším ostatním... Dám vědět...

#23 Příspěvek od **vyosek** » 21 led 2012 09:58

OK, defrag pres noc je dobry napad

good007 · #24 Příspěvek od **good007** » 21 led 2012 17:47

Uff..
Všechno hotový, defrag všemi programi... Ještě něco mám udělat??NB se docela svižně pouští a už se i vypíná až do konce. Ještě mi prosím řekněte co jsou soubory svchost.exe vprůzkumníku... Je ho tam opravdu požehnaně... Více výstřižek...

#25 Příspěvek od **vyosek** » 21 led 2012 17:54

Svchost.exe jsou systemove soubory, zarucuji beh urcitych systemovych sluzeb - muze byt spusten 1x ale i treba 14x, zalezi kolik sluzeb zrovna windows potrebuji mit spustenych...

OTC http://oldtimer.geekstogo.com/OTC.exe

Stahnete a spustte
Kliknete na CleanUp a potvrdte YES
Program uklidi a restartuje PC

T-Cleaner http://vyosek.ic.cz/pro_usery/T-Cleaner.exe

Stahnete a spustte
Pro potvrzeni volby mackejte A, Enter
Po pouziti utilitu smazte
Antiviry touhou utilitu chybne oznacit jako vir - jedna se o falesny poplach - takze v pohode stahnete (pripadne vypnete pri stahovani antivir)

A pokud nejsou problemy ci dotazy, je to z me strany vse

good007 · #26 Příspěvek od **good007** » 21 led 2012 18:45

Mockrát děkuju...

Všechno šlape tak jak má...

#27 Příspěvek od **vyosek** » 21 led 2012 18:51

Nemate zac, rad jsem pomohl

Zase nekdy Obrázek

VIRY.CZ

Prosím o kontrolu - pomalejší NB

Re: Prosím o kontrolu - pomalejší NB

Re: Prosím o kontrolu - pomalejší NB

Re: Prosím o kontrolu - pomalejší NB

Re: Prosím o kontrolu - pomalejší NB

Re: Prosím o kontrolu - pomalejší NB

Re: Prosím o kontrolu - pomalejší NB

Re: Prosím o kontrolu - pomalejší NB

Re: Prosím o kontrolu - pomalejší NB

Re: Prosím o kontrolu - pomalejší NB

Re: Prosím o kontrolu - pomalejší NB

Re: Prosím o kontrolu - pomalejší NB

Re: Prosím o kontrolu - pomalejší NB