Dlhý čas vypínania pc

[rastik01]

PC sa začalo dlho vypínať. Malwarebytes nič nenašiel a ani Kaspersky. Prosím o kontrolu logu. Ďakujem.

Logfile of random's system information tool 1.08 (written by random/random)
Run by Rastik at 2011-07-07 12:58:03
Microsoft Windows 7 Home Premium Service Pack 1
System drive C: has 12 GB (23%) free of 50 GB
Total RAM: 4030 MB (71% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 12:58:15, on 7. 7. 2011
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\Lenovo\Power2Go\CLMLSvc.exe
D:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE\avp.exe
C:\Program Files\trend micro\Rastik.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - D:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE\ievkbd.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - D:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O2 - BHO: link filter bho - {E33CF602-D945-461A-83F0-819F76A199F8} - D:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE\klwtbbho.dll
O4 - HKLM\..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [CLMLServer] "C:\Program Files (x86)\Lenovo\Power2Go\CLMLSvc.exe"
O4 - HKLM\..\Run: [AVP] "D:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE\avp.exe"
O9 - Extra button: &Virtual Keyboard - {4248FE82-7FCB-46AC-B270-339F08212110} - D:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE\klwtbbho.dll
O9 - Extra button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - D:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE\klwtbbho.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O20 - AppInit_DLLs: D:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll,D:\PROGRA~1\KASPER~1\KASPER~1\sbhook.dll
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\windows\system32\atiesrxx.exe (file missing)
O23 - Service: Kaspersky PURE (AVP) - Kaspersky Lab - D:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE\avp.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\windows\system32\fxssvc.exe (file missing)
O23 - Service: Intel(R) Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: OddLedSrv - Wistron Corporation - C:\Program Files (x86)\Lenovo\OddSrv\OddLedSrv.exe
O23 - Service: OddSrv - Wistron Corporation - C:\Program Files (x86)\Lenovo\OddSrv\OddSrv.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\windows\system32\UI0Detect.exe (file missing)
O23 - Service: Intel(R) Management & Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\windows\system32\wbem\WmiApSrv.exe (file missing)

--
End of file - 6108 bytes

======Listing Processes======

\SystemRoot\System32\smss.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
wininit.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
C:\windows\system32\services.exe
C:\windows\system32\lsass.exe
C:\windows\system32\lsm.exe
winlogon.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\svchost.exe -k RPCSS
C:\windows\system32\atiesrxx.exe
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\svchost.exe -k NetworkService
C:\windows\system32\WLANExt.exe 23959648
\??\C:\windows\system32\conhost.exe
C:\windows\System32\spoolsv.exe
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
"D:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE\avp.exe" -r
atieclxx
/QuitInfo:0000000000000684;0000000000000688; /AddRef;
C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
"C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe"
C:\windows\System32\svchost.exe -k HPZ12
"C:\Program Files (x86)\Lenovo\OddSrv\OddLedSrv.exe"
"C:\Program Files (x86)\Lenovo\OddSrv\OddSrv.exe"
C:\windows\System32\svchost.exe -k HPZ12
C:\windows\system32\svchost.exe -k imgsvc
C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
"taskhost.exe"
/QuitInfo:0000000000000974;000000000000097C; /AddRef;
/QuitInfo:0000000000000978;0000000000000990;
/loadhooks /Parent:0000000000000E48
"C:\windows\system32\Dwm.exe"
C:\windows\Explorer.EXE
"C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe" -s
"C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe" /FORPCEE3
"C:\Program Files\Elo TouchSystems\EloConfig64.exe" /_StarterRegRun
"C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe"
"C:\Program Files (x86)\Lenovo\Power2Go\CLMLSvc.exe"
"C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM"
"D:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE\avp.exe"
"C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe" 0
C:\windows\system32\SearchIndexer.exe /Embedding
"C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe"
C:\windows\system32\svchost.exe -k WindowsMobile
"C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe"
"C:\Users\Rastik\Desktop\RSITx64.exe"
C:\windows\system32\wbem\wmiprvse.exe

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C}]
IEVkbdBHO Class - D:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE\x64\ievkbd.dll [2010-10-01 61528]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - D:\Program Files\Java\jre6\bin\jp2ssv.dll [2011-06-18 49440]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E33CF602-D945-461A-83F0-819F76A199F8}]
FilterBHO Class - D:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE\x64\klwtbbho.dll [2010-10-01 345176]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C}]
IEVkbdBHO Class - D:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE\ievkbd.dll [2010-10-01 68184]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - D:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll [2011-06-18 42272]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E33CF602-D945-461A-83F0-819F76A199F8}]
FilterBHO Class - D:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE\klwtbbho.dll [2010-10-01 268888]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"=C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [2010-05-04 10804256]
"RtHDVBg"=C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2010-05-04 2014752]
"EloConfigDlg"=C:\Program Files\Elo TouchSystems\EloConfig64.exe [2010-08-10 4797520]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Bluetooth.lnk]
C:\PROGRA~1\Lenovo\BLUETO~1\BTTray.exe [2010-06-08 1083680]

[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"=C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [2010-03-04 284696]
"StartCCC"=C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2010-03-03 98304]
"CLMLServer"=C:\Program Files (x86)\Lenovo\Power2Go\CLMLSvc.exe [2009-12-05 103720]
"AVP"=D:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE\avp.exe [2010-10-01 348760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"="D:\PROGRA~1\KASPER~1\KASPER~1\x64\sbhook64.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\klogon]
C:\windows\System32\klogon.dll [2010-10-01 224344]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\windows\system32\webcheck.dll [2011-03-28 249344]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MpfService]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\vsmon]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorUser"=3
"EnableUIADesktopToggle"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"ConsentPromptBehaviorAdmin"=0
"EnableLUA"=0
"PromptOnSecureDesktop"=0

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=60
"NoDrives"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1

======List of files/folders created in the last 1 months======

2011-07-07 12:58:03 ----D---- C:\rsit
2011-07-06 17:33:44 ----D---- C:\Program Files (x86)\A bootable USB
2011-07-06 17:20:02 ----A---- C:\windows\ntbtlog.txt
2011-07-06 12:21:08 ----A---- C:\windows\system32\drivers\klif.sys
2011-07-06 12:15:22 ----HD---- C:\kleaner.tmp
2011-07-06 11:44:27 ----D---- C:\ProgramData\Norton
2011-07-05 15:09:47 ----D---- C:\ProgramData\Kaspersky Lab
2011-07-05 15:07:27 ----D---- C:\ProgramData\Kaspersky Lab Setup Files
2011-07-05 15:02:25 ----D---- C:\WINSSLog
2011-07-05 10:31:20 ----D---- C:\windows\Internet Logs
2011-07-04 09:59:44 ----A---- C:\windows\SYSWOW64\fyjlgzmr.txt
2011-07-04 09:59:44 ----A---- C:\windows\SYSWOW64\drivers\nayneqjr.sys
2011-07-04 09:57:11 ----A---- C:\windows\SYSWOW64\drivers\lfqbf.sys
2011-07-04 09:57:11 ----A---- C:\Program Files (x86)\nhry.txt
2011-07-03 19:42:54 ----SHD---- C:\$RECYCLE.BIN
2011-07-02 16:58:52 ----D---- C:\ProgramData\SUPERAntiSpyware.com
2011-07-01 21:37:04 ----D---- C:\Program Files (x86)\Secure Folder
2011-07-01 16:46:43 ----D---- C:\Users\Rastik\AppData\Roaming\CheckPoint
2011-07-01 16:45:59 ----D---- C:\Program Files\CheckPoint
2011-07-01 16:38:52 ----D---- C:\ProgramData\CheckPoint
2011-07-01 11:45:44 ----D---- C:\Users\Rastik\AppData\Roaming\Nero
2011-07-01 11:44:55 ----D---- C:\ProgramData\Nero
2011-06-30 10:38:38 ----RSH---- C:\ProgramData\3A5AF44BC2.sys
2011-06-30 10:38:38 ----D---- C:\Users\Rastik\AppData\Roaming\Corel
2011-06-30 10:38:37 ----ASH---- C:\ProgramData\KGyGaAvL.sys
2011-06-30 10:29:21 ----D---- C:\ProgramData\Apple Computer
2011-06-30 10:29:21 ----D---- C:\Program Files (x86)\QuickTime
2011-06-30 10:24:20 ----D---- C:\Program Files (x86)\Apple Software Update
2011-06-30 09:21:04 ----D---- C:\Program Files\Defraggler
2011-06-30 03:36:06 ----D---- C:\windows\Standalone System Sweeper
2011-06-29 17:04:28 ----D---- C:\Program Files\trend micro
2011-06-29 16:41:54 ----A---- C:\windows\SYSWOW64\drvinst.exe
2011-06-29 16:41:54 ----A---- C:\windows\SYSWOW64\devrtl.dll
2011-06-29 16:41:54 ----A---- C:\windows\SYSWOW64\devobj.dll
2011-06-29 16:41:54 ----A---- C:\windows\SYSWOW64\cfgmgr32.dll
2011-06-29 16:41:54 ----A---- C:\windows\system32\umpnpmgr.dll
2011-06-29 16:41:53 ----A---- C:\windows\SYSWOW64\tquery.dll
2011-06-29 16:41:53 ----A---- C:\windows\SYSWOW64\mssrch.dll
2011-06-29 16:41:53 ----A---- C:\windows\system32\tquery.dll
2011-06-29 16:41:53 ----A---- C:\windows\system32\SearchProtocolHost.exe
2011-06-29 16:41:53 ----A---- C:\windows\system32\SearchIndexer.exe
2011-06-29 16:41:53 ----A---- C:\windows\system32\mssrch.dll
2011-06-29 16:41:52 ----A---- C:\windows\SYSWOW64\SearchProtocolHost.exe
2011-06-29 16:41:52 ----A---- C:\windows\SYSWOW64\SearchIndexer.exe
2011-06-29 16:41:52 ----A---- C:\windows\SYSWOW64\SearchFilterHost.exe
2011-06-29 16:41:52 ----A---- C:\windows\SYSWOW64\mssvp.dll
2011-06-29 16:41:52 ----A---- C:\windows\SYSWOW64\mssphtb.dll
2011-06-29 16:41:52 ----A---- C:\windows\SYSWOW64\mssph.dll
2011-06-29 16:41:52 ----A---- C:\windows\SYSWOW64\msscntrs.dll
2011-06-29 16:41:52 ----A---- C:\windows\system32\SearchFilterHost.exe
2011-06-29 16:41:52 ----A---- C:\windows\system32\mssvp.dll
2011-06-29 16:41:52 ----A---- C:\windows\system32\mssphtb.dll
2011-06-29 16:41:52 ----A---- C:\windows\system32\mssph.dll
2011-06-29 16:41:52 ----A---- C:\windows\system32\msscntrs.dll
2011-06-21 19:42:15 ----A---- C:\windows\system32\aswBoot.exe
2011-06-21 14:24:32 ----A---- C:\windows\system32\x264vfw.dll
2011-06-21 14:24:32 ----A---- C:\windows\system32\lagarith.dll
2011-06-21 14:14:22 ----D---- C:\windows\Sun
2011-06-18 13:58:06 ----D---- C:\ProgramData\Sun
2011-06-18 13:57:57 ----A---- C:\windows\SYSWOW64\javaws.exe
2011-06-18 13:57:57 ----A---- C:\windows\SYSWOW64\javaw.exe
2011-06-18 13:57:57 ----A---- C:\windows\SYSWOW64\java.exe
2011-06-18 13:56:11 ----A---- C:\windows\system32\javaws.exe
2011-06-18 13:56:11 ----A---- C:\windows\system32\javaw.exe
2011-06-18 13:56:11 ----A---- C:\windows\system32\java.exe
2011-06-16 11:33:38 ----D---- C:\Users\Rastik\AppData\Roaming\Malwarebytes
2011-06-16 11:33:34 ----D---- C:\ProgramData\Malwarebytes
2011-06-15 18:04:41 ----N---- C:\windows\system32\drivers\StMp3Recx64.sys
2011-06-15 09:58:33 ----A---- C:\windows\SYSWOW64\mshtmled.dll
2011-06-15 09:58:33 ----A---- C:\windows\system32\mshtmled.dll
2011-06-15 09:58:32 ----A---- C:\windows\SYSWOW64\jscript9.dll
2011-06-15 09:58:32 ----A---- C:\windows\SYSWOW64\jscript.dll
2011-06-15 09:58:32 ----A---- C:\windows\SYSWOW64\ieui.dll
2011-06-15 09:58:32 ----A---- C:\windows\SYSWOW64\iertutil.dll
2011-06-15 09:58:32 ----A---- C:\windows\system32\jscript9.dll
2011-06-15 09:58:32 ----A---- C:\windows\system32\jscript.dll
2011-06-15 09:58:32 ----A---- C:\windows\system32\ieui.dll
2011-06-15 09:58:32 ----A---- C:\windows\system32\iertutil.dll
2011-06-15 09:58:31 ----A---- C:\windows\SYSWOW64\urlmon.dll
2011-06-15 09:58:31 ----A---- C:\windows\SYSWOW64\mshtml.dll
2011-06-15 09:58:31 ----A---- C:\windows\system32\urlmon.dll
2011-06-15 09:58:30 ----A---- C:\windows\SYSWOW64\ieframe.dll
2011-06-15 09:58:30 ----A---- C:\windows\system32\mshtml.dll
2011-06-15 09:58:29 ----A---- C:\windows\system32\ieframe.dll
2011-06-15 09:45:58 ----A---- C:\windows\system32\drivers\tcpip.sys
2011-06-15 09:45:58 ----A---- C:\windows\system32\drivers\afd.sys
2011-06-15 09:45:09 ----A---- C:\windows\system32\win32k.sys
2011-06-15 09:44:54 ----A---- C:\windows\system32\drivers\mrxsmb20.sys
2011-06-15 09:44:54 ----A---- C:\windows\system32\drivers\mrxsmb10.sys
2011-06-15 09:44:54 ----A---- C:\windows\system32\drivers\mrxsmb.sys
2011-06-15 09:44:53 ----A---- C:\windows\SYSWOW64\oleaut32.dll
2011-06-15 09:44:53 ----A---- C:\windows\system32\oleaut32.dll
2011-06-15 09:44:53 ----A---- C:\windows\system32\drivers\srvnet.sys
2011-06-15 09:44:53 ----A---- C:\windows\system32\drivers\srv2.sys
2011-06-15 09:44:53 ----A---- C:\windows\system32\drivers\srv.sys
2011-06-15 09:44:39 ----A---- C:\windows\SYSWOW64\inetcomm.dll
2011-06-15 09:44:39 ----A---- C:\windows\system32\inetcomm.dll
2011-06-14 08:53:52 ----A---- C:\windows\system32\deployJava1.dll
2011-06-13 12:13:26 ----D---- C:\Users\Rastik\AppData\Roaming\QuickScan

======List of files/folders modified in the last 1 months======

2011-07-07 12:58:15 ----D---- C:\windows\Prefetch
2011-07-07 12:53:26 ----D---- C:\Users\Rastik\AppData\Roaming\Skype
2011-07-07 11:54:58 ----D---- C:\windows\Temp
2011-07-07 11:43:16 ----RD---- C:\Program Files (x86)
2011-07-07 11:30:48 ----D---- C:\windows\system32\LogFiles
2011-07-07 11:24:14 ----D---- C:\Program Files\Elo TouchSystems
2011-07-07 11:23:59 ----D---- C:\windows\system32\config
2011-07-07 11:23:50 ----A---- C:\windows\SYSWOW64\log.txt
2011-07-06 17:22:27 ----D---- C:\Windows
2011-07-06 17:20:09 ----D---- C:\windows\Tasks
2011-07-06 12:31:35 ----D---- C:\windows\system32\drivers
2011-07-06 12:29:34 ----D---- C:\windows\SYSWOW64\drivers
2011-07-06 12:23:11 ----D---- C:\windows\inf
2011-07-06 12:23:11 ----AD---- C:\windows\System32
2011-07-06 12:23:11 ----A---- C:\windows\system32\PerfStringBackup.INI
2011-07-06 12:22:06 ----SHD---- C:\windows\Installer
2011-07-06 12:21:47 ----D---- C:\windows\system32\DriverStore
2011-07-06 12:21:43 ----D---- C:\windows\system32\catroot
2011-07-06 12:20:55 ----SHD---- C:\System Volume Information
2011-07-06 12:20:35 ----D---- C:\windows\SoftwareDistribution
2011-07-06 12:18:25 ----D---- C:\Program Files (x86)\Common Files
2011-07-06 12:15:23 ----D---- C:\windows\SysWOW64
2011-07-06 12:15:08 ----DC---- C:\windows\system32\DRVSTORE
2011-07-06 11:44:27 ----D---- C:\ProgramData
2011-07-06 11:10:56 ----D---- C:\windows\system32\catroot2
2011-07-05 10:27:31 ----RD---- C:\Program Files
2011-07-04 15:32:05 ----D---- C:\windows\system32\drivers\etc
2011-07-04 10:21:17 ----A---- C:\windows\SYSWOW64\PerfStringBackup.INI
2011-07-03 19:35:47 ----A---- C:\windows\system.ini
2011-07-03 19:34:08 ----D---- C:\windows\AppPatch
2011-07-03 19:34:06 ----D---- C:\Program Files\Common Files
2011-07-02 17:06:52 ----D---- C:\windows\Minidump
2011-07-02 16:49:25 ----D---- C:\windows\system32\Tasks
2011-07-01 17:06:53 ----D---- C:\windows\winsxs
2011-06-30 12:01:16 ----RSD---- C:\windows\assembly
2011-06-30 12:01:16 ----D---- C:\windows\Microsoft.NET
2011-06-30 11:18:37 ----HD---- C:\Program Files (x86)\InstallShield Installation Information
2011-06-30 11:18:36 ----D---- C:\Program Files (x86)\Lenovo
2011-06-30 10:41:48 ----D---- C:\Program Files (x86)\Windows Live
2011-06-30 10:41:36 ----D---- C:\Program Files\Common Files\Microsoft Shared
2011-06-30 10:41:06 ----SD---- C:\ProgramData\Microsoft
2011-06-30 10:14:04 ----D---- C:\temp
2011-06-30 10:11:37 ----AD---- C:\ProgramData\Temp
2011-06-29 20:25:53 ----D---- C:\windows\Logs
2011-06-29 19:06:27 ----D---- C:\Program Files\CCleaner
2011-06-29 17:05:43 ----RSD---- C:\windows\Fonts
2011-06-29 16:42:25 ----D---- C:\Program Files (x86)\Microsoft Office
2011-06-21 21:42:33 ----D---- C:\windows\SYSWOW64\config
2011-06-21 21:04:29 ----D---- C:\windows\WindowsMobile
2011-06-21 21:02:46 ----D---- C:\Program Files (x86)\Google
2011-06-21 19:35:26 ----D---- C:\Program Files (x86)\Mozilla Firefox
2011-06-21 14:24:34 ----D---- C:\Users\Rastik\AppData\Roaming\Shark007
2011-06-21 14:24:34 ----D---- C:\ProgramData\Shark007
2011-06-21 14:24:33 ----D---- C:\Program Files\Shark007
2011-06-21 14:23:55 ----D---- C:\ProgramData\Win7codecs
2011-06-20 13:22:22 ----RD---- C:\Program Files (x86)\Skype
2011-06-20 13:22:21 ----D---- C:\ProgramData\Skype
2011-06-20 13:17:42 ----D---- C:\Users\Rastik\AppData\Roaming\skypePM
2011-06-19 16:18:47 ----D---- C:\Users\Rastik\AppData\Roaming\Real
2011-06-19 16:18:46 ----D---- C:\Program Files (x86)\Real
2011-06-19 16:08:08 ----SD---- C:\Users\Rastik\AppData\Roaming\Microsoft
2011-06-18 13:57:53 ----A---- C:\windows\SYSWOW64\deployJava1.dll
2011-06-17 09:27:42 ----A---- C:\windows\system32\xvidvfw.dll
2011-06-17 09:20:04 ----A---- C:\windows\system32\xvidcore.dll
2011-06-15 18:04:27 ----D---- C:\windows\system
2011-06-15 16:09:12 ----D---- C:\windows\debug
2011-06-15 10:05:19 ----D---- C:\Program Files (x86)\Microsoft Silverlight
2011-06-15 10:03:26 ----D---- C:\Program Files\Internet Explorer
2011-06-15 10:03:26 ----D---- C:\Program Files (x86)\Internet Explorer
2011-06-15 10:00:48 ----A---- C:\windows\system32\MRT.exe
2011-06-15 10:00:41 ----D---- C:\ProgramData\Microsoft Help
2011-06-11 17:25:07 ----D---- C:\windows\system32\NDF
2011-06-10 19:13:57 ----D---- C:\ProgramData\Skype Extras
2011-06-10 15:33:03 ----D---- C:\Users\Rastik\AppData\Roaming\Tific
2011-06-08 15:32:41 ----D---- C:\Users\Rastik\AppData\Roaming\GHISLER
2011-06-08 15:27:01 ----D---- C:\windows\Downloaded Program Files

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 iaStor;Intel AHCI Controller; C:\windows\system32\DRIVERS\iaStor.sys [2010-03-04 540696]
R0 KLBG;Kaspersky Lab Boot Guard Driver; C:\windows\system32\DRIVERS\klbg.sys [2009-10-14 40464]
R0 rdyboost;ReadyBoost; C:\windows\System32\drivers\rdyboost.sys [2010-11-20 213888]
R0 WinI2C-DDC;WinI2C-DDC Kernel Mode Driver; C:\windows\system32\drivers\DDCDrv.sys [2008-04-08 20832]
R1 kl1;kl1; C:\windows\system32\DRIVERS\kl1.sys [2009-09-01 157712]
R1 KLIF;Kaspersky Lab Driver; C:\windows\system32\DRIVERS\klif.sys [2011-07-06 353296]
R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter; C:\windows\system32\DRIVERS\klim6.sys [2009-09-14 27152]
R1 vwififlt;Virtual WiFi Filter Driver; C:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
R2 regi;regi; C:\windows\system32\drivers\regi.sys [2007-04-17 14112]
R3 amdkmdag;amdkmdag; C:\windows\system32\DRIVERS\atipmdag.sys [2010-03-03 6402560]
R3 amdkmdap;amdkmdap; C:\windows\system32\DRIVERS\atikmpag.sys [2010-03-03 188928]
R3 ATIAVPCI;ATI Unified AVStream service; C:\windows\system32\DRIVERS\Yatinavrr.SYS [2010-08-09 1444736]
R3 AtiHdmiService;ATI Function Driver for High Definition Audio Service; C:\windows\system32\drivers\AtiHdmi.sys [2010-01-28 116736]
R3 BCM43XX;Broadcom 802.11 Network Adapter Driver; C:\windows\system32\DRIVERS\bcmwl664.sys [2009-11-06 2838008]
R3 e1kexpress;Intel(R) PRO/1000 PCI Express Network Connection Driver K; C:\windows\system32\DRIVERS\e1k62x64.sys [2009-11-05 293552]
R3 EloMTUsb;Elo mt usb serv desc; C:\windows\system32\DRIVERS\EloMTUsb.sys [2010-08-10 56912]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\windows\system32\DRIVERS\GEARAspiWDM.sys [2009-05-18 34152]
R3 HECIx64;Intel(R) Management Engine Interface; C:\windows\system32\DRIVERS\HECIx64.sys [2009-09-17 56344]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\windows\system32\drivers\RTKVHD64.sys [2010-05-04 2363936]
R3 klmouflt;Kaspersky Lab KLMOUFLT; C:\windows\system32\DRIVERS\klmouflt.sys [2009-10-02 21008]
R3 PQAWRwa;PQAWRwa; \??\C:\Program Files (x86)\Lenovo\OddSrv\PQAWDrv.sys [2008-02-29 12384]
R3 sdbus;sdbus; C:\windows\system32\drivers\sdbus.sys [2010-11-20 109056]
R3 VIACRX64;VIACRX64; C:\windows\system32\DRIVERS\viacr64.sys [2010-05-04 75776]
R3 VMC412;Vimicro Camera Service VMC412; C:\windows\System32\Drivers\VMC412.sys [2010-07-17 237568]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service; C:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]
S0 dqalf;dqalf; C:\windows\system32\drivers\nayneqjr.sys []
S0 ihgj;ihgj; C:\windows\system32\drivers\lfqbf.sys []
S3 atikmdag;atikmdag; C:\windows\system32\DRIVERS\atikmdag.sys [2010-03-03 6402560]
S3 BthEnum;Bluetooth Request Block Driver; C:\windows\system32\drivers\BthEnum.sys [2009-07-14 41984]
S3 BthPan;Bluetooth Device (Personal Area Network); C:\windows\system32\DRIVERS\bthpan.sys [2009-07-14 118784]
S3 BTHPORT;Bluetooth Port Driver; C:\windows\System32\Drivers\BTHport.sys [2010-11-20 552448]
S3 BTHUSB;Bluetooth Radio USB Driver; C:\windows\System32\Drivers\BTHUSB.sys [2010-11-20 80384]
S3 btusbflt;Bluetooth USB Filter; C:\windows\system32\drivers\btusbflt.sys [2010-04-08 54824]
S3 btwaudio;Bluetooth Audio Device Service; C:\windows\system32\drivers\btwaudio.sys [2010-01-15 98344]
S3 btwavdt;Bluetooth AVDT Service; C:\windows\system32\drivers\btwavdt.sys [2010-01-15 132648]
S3 btwl2cap;Bluetooth L2CAP Service; C:\windows\system32\DRIVERS\btwl2cap.sys [2009-04-07 35104]
S3 btwrchid;btwrchid; C:\windows\system32\DRIVERS\btwrchid.sys [2010-01-15 21288]
S3 DCamUSBSTK02N;Standard Camera; C:\windows\system32\DRIVERS\STK02NW2.sys [2007-03-12 106496]
S3 gdrv;gdrv; \??\C:\windows\gdrv.sys [2011-03-19 25640]
S3 igfx;igfx; C:\windows\system32\DRIVERS\igdkmd64.sys [2009-06-10 6108416]
S3 MEMSWEEP2;MEMSWEEP2; \??\C:\windows\syswow64\8870.tmp []
S3 NAL;Nal Service ; \??\C:\windows\system32\Drivers\iqvw64e.sys [2009-10-14 34472]
S3 pciide;pciide; C:\windows\system32\drivers\pciide.sys [2009-07-14 12352]
S3 RFCOMM;Bluetooth Device (RFCOMM Protocol TDI); C:\windows\system32\DRIVERS\rfcomm.sys [2009-07-14 158720]
S3 RTL8023x64;Realtek 10/100 NIC Family NDIS x64 Driver; C:\windows\system32\DRIVERS\Rtnic64.sys [2009-06-10 51712]
S3 StarOpen;StarOpen; C:\windows\system32\drivers\StarOpen.sys []
S3 TsUsbFlt;TsUsbFlt; C:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
S3 usb_rndisx;USB RNDIS Adapter; C:\windows\system32\DRIVERS\usb8023x.sys [2009-07-14 19968]
S3 usbscan;USB Scanner Driver; C:\windows\system32\DRIVERS\usbscan.sys [2009-07-14 41984]
S3 WimFltr;WimFltr; C:\windows\system32\DRIVERS\wimfltr.sys [2008-01-19 154168]
S3 wsvd;wsvd; C:\windows\system32\DRIVERS\wsvd.sys [2009-07-22 121840]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AMD External Events Utility;AMD External Events Utility; C:\windows\system32\atiesrxx.exe [2010-03-03 202752]
R2 AVP;Kaspersky PURE; D:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE\avp.exe [2010-10-01 348760]
R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology; C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-03-04 13336]
R2 LMS;Intel(R) Management and Security Application Local Management Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe [2010-02-05 268824]
R2 Net Driver HPZ12;Net Driver HPZ12; C:\windows\System32\svchost.exe [2009-07-14 27136]
R2 OddLedSrv;OddLedSrv; C:\Program Files (x86)\Lenovo\OddSrv\OddLedSrv.exe [2010-03-20 221184]
R2 OddSrv;OddSrv; C:\Program Files (x86)\Lenovo\OddSrv\OddSrv.exe [2009-12-29 221184]
R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\windows\System32\svchost.exe [2009-07-14 27136]
R2 RapiMgr;@%windir%\WindowsMobile\rapimgr.dll,-104; C:\windows\system32\svchost.exe [2009-07-14 27136]
R2 UNS;Intel(R) Management & Security Application User Notification Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-02-05 2320920]
R2 WcesComm;@%windir%\WindowsMobile\wcescomm.dll,-40079; C:\windows\system32\svchost.exe [2009-07-14 27136]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 441712]
S3 ose;Office Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\windows\system32\Wat\WatAdminSvc.exe [2011-03-04 1255736]
S4 btwdins;Bluetooth Service; C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe [2010-06-08 915232]
S4 TomTomHOMEService;TomTomHOMEService; D:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe [2011-04-22 92592]

-----------------EOF-----------------

[rastik01]

Druhá časť logu:

info.txt logfile of random's system information tool 1.08 2011-07-07 12:58:17

======Uninstall list======

Update for Microsoft Office 2007 (KB2508958)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {0C5823AA-7B6F-44E1-8D5B-8FD1FF0E6438}
-->"C:\Program Files (x86)\InstallShield Installation Information\{46F4D124-20E5-4D12-BE52-EC177A7A4B42}\setup.exe" /z-uninstall
-->C:\Program Files (x86)\InstallShield Installation Information\{63B4D80D-7BAC-4D1D-B9B6-27FF54197982}\setup.exe -runfromtemp -l0x0409
-->MsiExec.exe /I{71B7840D-BB4D-409C-87A2-9EFD10BC0C3D}
64 Bit HP CIO Components Installer-->MsiExec.exe /I{5737101A-27C4-408A-8A57-D1DC78DF84B4}
7-Zip 9.20-->"D:\Program Files (x86)\7-Zip\Uninstall.exe"
Adobe Flash Player 10 ActiveX-->C:\windows\SysWOW64\Macromed\Flash\FlashUtil10u_ActiveX.exe -maintain activex
Adobe Flash Player 10 Plugin-->C:\windows\SysWOW64\Macromed\Flash\FlashUtil10u_Plugin.exe -maintain plugin
Adobe Shockwave Player 11.6-->"C:\windows\system32\Adobe\Shockwave 11\uninstaller.exe"
Apple Application Support-->MsiExec.exe /I{EE6097DD-05F4-4178-9719-D3170BF098E8}
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
ArcSoft PhotoStudio Paint-->"C:\Program Files (x86)\InstallShield Installation Information\{EC252D0D-C690-4CE7-BA07-23F4E00505BE}\setup.exe" -runfromtemp -l0x0009 -removeonly
Ask Toolbar-->MsiExec.exe /X{86D4B82A-ABED-442A-BE86-96357B70F4FE}
ATI Catalyst Install Manager-->msiexec /q/x{0FFE639D-34B3-5269-C47E-8F53AF9523F5} REBOOT=ReallySuppress
Bluetooth Notice-->C:\Program Files (x86)\InstallShield Installation Information\{4CC5AE2D-492D-4A21-9E99-1F46A7D4158B}\setup.exe -runfromtemp -removeonly
Broadcom 802.11 Wireless Driver-->C:\Program Files (x86)\InstallShield Installation Information\{8991E763-21F5-4DEA-A938-5D9D77DCB488}\setup.exe -runfromtemp -l0x0009 -removeonly
Canon MP Navigator EX 2.0-->"C:\Program Files (x86)\Canon\MP Navigator EX 2.0\Maint.exe" /UninstallRemove C:\Program Files (x86)\Canon\MP Navigator EX 2.0\uninst.ini
CanoScan LiDE 100 Scanner Driver-->"C:\windows\system32\CanonIJ Uninstaller Information\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_CNQ2413\DelDrv.exe" /U:{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_CNQ2413 /L0x0005
Catalyst Control Center - Branding-->MsiExec.exe /I{AC795EF5-DB2C-457E-B6A8-92C061ACB2A5}
CCleaner-->"C:\Program Files\CCleaner\uninst.exe"
CDBurnerXP-->MsiExec.exe /X{5932A5C4-BB44-4CFB-AD66-1B826F4D788B}
CyberLink YouCam-->"C:\Program Files (x86)\InstallShield Installation Information\{01FB4998-33C4-4431-85ED-079E3EEFE75D}\setup.exe" /z-uninstall
CyberLink YouCam-->"C:\Program Files (x86)\InstallShield Installation Information\{01FB4998-33C4-4431-85ED-079E3EEFE75D}\setup.exe" /z-uninstall
Defraggler-->"C:\Program Files\Defraggler\uninst.exe"
FileHippo.com Update Checker-->"D:\Program Files (x86)\FileHippo.com\uninstall.exe"
FLVPlayer4Free Free FLV Player 1.3.0.0-->"D:\Program Files (x86)\FLVPlayer4Free\unins000.exe"
Foxit PDF Editor-->D:\Program Files (x86)\PDF Editor\uninstall.exe
Foxit Reader 5.0-->"D:\Program Files (x86)\Foxit Software\Foxit Reader\unins000.exe"
Freeraser-->D:\Program Files (x86)\Codyssey\Freeraser\Uninstall.exe
Google Update Helper-->MsiExec.exe /I{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}
HiJackThis-->MsiExec.exe /X{45A66726-69BC-466B-A7A4-12FCBA4883D7}
Idea Touch 3.0-->"C:\Program Files (x86)\InstallShield Installation Information\{70D6A420-AAC3-4213-9EF7-CDD6C16CCF2D}\setup.exe" -runfromtemp -l0x0409 -removeonly
Intel(R) Control Center-->C:\Program Files (x86)\Intel\Intel Control Center\uninstaller\SetupICC.exe -uninstall -force -confirm
Intel(R) Management Engine Components-->C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\Uninstall\setup.exe -uninstall
Intel(R) Network Connections 14.8.43.0-->MsiExec.exe /i{11107A2A-AD44-4BC8-ABB5-E88E63BCA785} ARPREMOVE=1
Intel(R) Network Connections 14.8.43.0-->MsiExec.exe /i{11107A2A-AD44-4BC8-ABB5-E88E63BCA785} ARPREMOVE=1
Intel(R) Rapid Storage Technology-->C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\Uninstall\setup.exe -uninstall
InterVideo WinDVD 8-->C:\Program Files (x86)\InstallShield Installation Information\{20471B27-D702-4FE8-8DEC-0702CC8C0A85}\setup.exe -runfromtemp -l0x0409
Java(TM) 6 Update 26 (64-bit)-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F86416026FF}
Java(TM) 6 Update 26-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216026FF}
Kaspersky PURE-->MsiExec.exe /I{1A59064A-12A9-469F-99F6-04BF118DBCFF}
Kaspersky PURE-->MsiExec.exe /I{1A59064A-12A9-469F-99F6-04BF118DBCFF}
Lenovo Bluetooth with Enhanced Data Rate Software-->MsiExec.exe /X{9E9D49A4-1DF4-4138-B7DB-5D87A893088E}
Lenovo Driver and Application Installation-->C:\Program Files (x86)\InstallShield Installation Information\{45970CD1-D599-47D4-938F-3E9800D54ED1}\setup.exe -runfromtemp -l0x0009 -removeonly
Lenovo Dynamic Brightness System-->C:\Program Files (x86)\InstallShield Installation Information\{D9ED6D06-6002-495E-A7BC-46E6AE386996}\setup.exe -runfromtemp -removeonly
Lenovo Eye Distance System-->C:\Program Files (x86)\InstallShield Installation Information\{5183D7AB-D09B-411F-A74E-BBAEA61C6505}\setup.exe -runfromtemp -removeonly
Lenovo Power2Go-->"C:\Program Files (x86)\InstallShield Installation Information\{40BF1E83-20EB-11D8-97C5-0009C5020658}\setup.exe" /z-uninstall
Lenovo Power2Go-->"C:\Program Files (x86)\InstallShield Installation Information\{40BF1E83-20EB-11D8-97C5-0009C5020658}\setup.exe" /z-uninstall
Lenovo Rescue System-->"C:\Program Files (x86)\InstallShield Installation Information\{46F4D124-20E5-4D12-BE52-EC177A7A4B42}\setup.exe" /z-uninstall
Lenovo Rescue System-->"C:\Program Files (x86)\InstallShield Installation Information\{46F4D124-20E5-4D12-BE52-EC177A7A4B42}\setup.exe" /z-uninstall
Lenovo Screensaver-->C:\Program Files (x86)\InstallShield Installation Information\{803E6DED-5050-4E3D-B26A-5915397362CD}\setup.exe -runfromtemp -removeonly
Lenovo USB2.0 UVC Camera-->C:\Program Files (x86)\InstallShield Installation Information\{70D2C5B8-EB22-45B1-9EAA-5E8C1C408A3B}\setup.exe -runfromtemp -l0x0009 -removeonly
Lenovo_Wireless_Driver-->C:\Program Files (x86)\InstallShield Installation Information\{28ABE740-47F3-441B-9437-852F6A64EFF8}\setup.exe -runfromtemp -l0x0009 -removeonly
LenovoModifyWindowStyle-->C:\Program Files (x86)\InstallShield Installation Information\{EBC41B09-E56D-421C-B3D0-84AC1103541B}\setup.exe -runfromtemp -l0x0009 -removeonly
Link Up-->"C:\Program Files (x86)\InstallShield Installation Information\{3DEDB107-2FCB-4544-844D-EC2878A9F22C}\setup.exe" -runfromtemp -l0x0009 -removeonly
LVT-->C:\Program Files (x86)\InstallShield Installation Information\{D3063097-EC84-4D21-84A4-9D852E974355}\setup.exe -runfromtemp -removeonly
LXH-JME8002B Hotkey Driver-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{29EA755D-404B-4310-872C-EB1B8513F9D6}\setup.exe" -l0x9 -removeonly
MC907-->MsiExec.exe /I{DEE985AE-88AF-450A-B7A8-28FDDA5FAD2D}
Microsoft .NET Framework 4 Client Profile-->C:\windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\Setup.exe /repair /x86 /x64 /parameterfolder Client
Microsoft .NET Framework 4 Client Profile-->MsiExec.exe /X{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}
Microsoft Office Excel MUI (Slovak) 2007-->MsiExec.exe /X{90120000-0016-041B-0000-0000000FF1CE}
Microsoft Office File Validation Add-In-->MsiExec.exe /I{90140000-2005-0000-0000-0000000FF1CE}
Microsoft Office Home and Student 2007-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall HOMESTUDENTR /dll OSETUP.DLL
Microsoft Office Home and Student 2007-->MsiExec.exe /X{91120000-002F-0000-0000-0000000FF1CE}
Microsoft Office Office 64-bit Components 2007-->MsiExec.exe /X{90120000-002A-0000-1000-0000000FF1CE}
Microsoft Office OneNote MUI (Slovak) 2007-->MsiExec.exe /X{90120000-00A1-041B-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (Slovak) 2007-->MsiExec.exe /X{90120000-0018-041B-0000-0000000FF1CE}
Microsoft Office Proof (Czech) 2007-->MsiExec.exe /X{90120000-001F-0405-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (German) 2007-->MsiExec.exe /X{90120000-001F-0407-0000-0000000FF1CE}
Microsoft Office Proof (Hungarian) 2007-->MsiExec.exe /X{90120000-001F-040E-0000-0000000FF1CE}
Microsoft Office Proof (Slovak) 2007-->MsiExec.exe /X{90120000-001F-041B-0000-0000000FF1CE}
Microsoft Office Proofing (Slovak) 2007-->MsiExec.exe /X{90120000-002C-041B-0000-0000000FF1CE}
Microsoft Office Shared 64-bit MUI (Slovak) 2007-->MsiExec.exe /X{90120000-002A-041B-1000-0000000FF1CE}
Microsoft Office Shared MUI (Slovak) 2007-->MsiExec.exe /X{90120000-006E-041B-0000-0000000FF1CE}
Microsoft Office Word MUI (Slovak) 2007-->MsiExec.exe /X{90120000-001B-041B-0000-0000000FF1CE}
Microsoft Research AutoCollage Touch 2009-->MsiExec.exe /I{1F8DA253-3C27-4B01-A63A-BA3533120833}
Microsoft Silverlight-->MsiExec.exe /X{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053-->MsiExec.exe /X{B6E3757B-5E77-3915-866A-CCFC4B8D194C}
Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175-->MsiExec.exe /X{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}
Microsoft Visual C++ 2005 Redistributable (x64)-->MsiExec.exe /X{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}
Microsoft Visual C++ 2005 Redistributable (x64)-->MsiExec.exe /X{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148-->MsiExec.exe /X{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570-->MsiExec.exe /X{8338783A-0968-3B85-AFC7-BAAE0A63DC50}
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570-->MsiExec.exe /X{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17-->MsiExec.exe /X{8220EEFE-38CD-377E-8595-13398D740ACE}
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148-->MsiExec.exe /X{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161-->MsiExec.exe /X{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022-->MsiExec.exe /X{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17-->MsiExec.exe /X{9A25302D-30C0-39D9-BD6F-21E6EC160475}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148-->MsiExec.exe /X{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161-->MsiExec.exe /X{9BE518E6-ECC6-35A9-88E4-87755C07200F}
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319-->MsiExec.exe /X{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}
Mozilla Firefox 5.0 (x86 sk)-->C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MSXML 4.0 SP2 (KB973688)-->MsiExec.exe /I{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}
NTREGOPT 1.1j-->"D:\Program Files (x86)\NT Registry Optimizer\unins000.exe"
OddSrv-->C:\Program Files (x86)\InstallShield Installation Information\{699D0EFA-5AC2-4DAB-846E-E4EFDA00ACAC}\setup.exe -runfromtemp -l0x0009 -removeonly
PlayReady PC Runtime amd64-->MsiExec.exe /X{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}
QuickTime-->MsiExec.exe /I{57752979-A1C9-4C02-856B-FBB27AC4E02C}
Realtek High Definition Audio Driver-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\SETUP.exe" -removeonly
Recuva-->"C:\Program Files\Recuva\uninst.exe"
Secure Folder™ 4.8-->"D:\Program Files (x86)\Secure Folder\unins000.exe"
Security Update for 2007 Microsoft Office System (KB2288621)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {5C497F0B-2061-4CC9-A61C-6B45B867354D}
Security Update for 2007 Microsoft Office System (KB2288931)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {CD769337-C8AC-46DB-A7DC-643E50089263}
Security Update for 2007 Microsoft Office System (KB2345043)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {536FB502-775F-4494-BACE-C02CC90B7A5B}
Security Update for 2007 Microsoft Office System (KB2509488)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {AD0DE453-0804-4495-9C91-33D0F9AA5463}
Security Update for 2007 Microsoft Office System (KB969559)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {69F52148-9BF6-4CDC-BF76-103DEAF3DD08}
Security Update for 2007 Microsoft Office System (KB976321)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {7F207DCA-3399-40CB-A968-6E5991B1421A}
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)-->C:\windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {FD8D7C9A-E56A-3E7B-BA6D-FE68F13296E3} /parameterfolder Client
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)-->C:\windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {F66C3466-1FDB-347C-B3AE-FB6C50627B10} /parameterfolder Client
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)-->C:\windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {B5BD3CA1-11AB-35A6-B22A-6A219DC0668E} /parameterfolder Client
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)-->C:\windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {E720AD01-93D5-3E8E-BB8D-E4EF5AF4E5DD} /parameterfolder Client
Security Update for Microsoft Office 2007 System (KB2541012)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {CD907315-705A-4475-A1A0-2A1245803E4D}
Security Update for Microsoft Office Excel 2007 (KB2541007)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {A0173254-F442-4D04-9154-43FA157B83D0}
Security Update for Microsoft Office InfoPath 2007 (KB979441)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {8CCB781A-CF6B-4FCB-B6D8-59C64DF5C6DB}
Security Update for Microsoft Office PowerPoint 2007 (KB2535818)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {8588DD11-6BD7-4400-B55C-DD5AB74B43E1}
Security Update for Microsoft Office PowerPoint Viewer 2007 (KB2464623)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {D75E6D0C-BADF-4F41-98B2-0C0F02C15062}
Security Update for Microsoft Office system 2007 (972581)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {3D019598-7B59-447A-80AE-815B703B84FF}
Security Update for Microsoft Office system 2007 (KB974234)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {FCD742B9-7A55-44BC-A776-F795F21FEDDC}
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {71127777-8B2C-4F97-AF7A-6CF8CAC8224D}
Security Update for Microsoft Office Word 2007 (KB2344993)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {7A5B74FA-7A92-4FC9-821A-2DD5D4E73E48}
Skype™ 5.3-->MsiExec.exe /X{D6F879CC-59D6-4D4B-AE9B-D761E48D25ED}
STK02N 2.4.1-->C:\Program Files (x86)\InstallShield Installation Information\{3F424493-B0F2-43A4-A892-DFA447B2A59D}\setup.exe -runfromtemp -l0x001b -removeonly
SwissManagerUniCode-->D:\PROGRA~1\SWISSM~1\Setup.exe /remove /q0
ThemeWallpaper-->C:\Program Files (x86)\InstallShield Installation Information\{F29CBF73-C211-4616-898A-379A2679F990}\setup.exe -runfromtemp -removeonly
TomTom HOME 2.8.2.2264-->D:\Program Files (x86)\TomTom HOME 2\Uninstall TomTom HOME.exe
TomTom HOME Visual Studio Merge Modules-->MsiExec.exe /I{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}
Total Commander (Remove or Repair)-->D:\totalcmd\tcuninst.exe
Tyco Electronics TETouchPlus -->C:\Program Files\Elo TouchSystems\EloSetup64.exe /U
Unlocker 1.9.0-x64-->D:\Program Files\Unlocker\uninst.exe
Update for 2007 Microsoft Office System (KB967642)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {C444285D-5E4F-48A4-91DD-47AAAA68E92D}
Update for Microsoft .NET Framework 4 Client Profile (KB2473228)-->C:\windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {A45DD0BE-3CD9-3F1E-B233-B90C6983AE77} /parameterfolder Client
Update for Microsoft Office 2007 System (KB2539530)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {0B4CEEAE-AA88-490C-BCB2-AAC3421981A4}
Update for Microsoft Office OneNote 2007 (KB980729)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {329050A9-EF80-40F9-B633-74508F54C1FF}
Visual C++ 2008 x86 Runtime - (v9.0.30729)-->MsiExec.exe /X{F333A33D-125C-32A2-8DCE-5C5D14231E27}
Visual C++ 2008 x86 Runtime - v9.0.30729.01-->C:\windows\SysWOW64\msiexec.exe /x {F333A33D-125C-32A2-8DCE-5C5D14231E27} /qb+ REBOOTPROMPT=""
Win7codecs-->"C:\Program Files (x86)\Win7codecs\Tools\Settings32.exe" uninstall
Windows Automated Installation Kit-->MsiExec.exe /I{31E8F586-4EF7-4500-844D-BA8756474FF1}
Windows Driver Package - Broadcom (BTHUSB) Bluetooth (04/08/2010 6.3.5.430)-->C:\PROGRA~1\DIFX\84B2E36983483FEB\DPInst.exe /u C:\windows\System32\DriverStore\FileRepository\btusbflt.inf_amd64_neutral_28d1b04bbecdb2f6\btusbflt.inf
Windows Driver Package - Broadcom HIDClass (07/28/2009 6.2.0.9800)-->C:\PROGRA~1\DIFX\84B2E36983483FEB\DPInst.exe /u C:\windows\System32\DriverStore\FileRepository\bcbthid64.inf_amd64_neutral_737f347105a3e66a\bcbthid64.inf
Windows Driver Package - YUAN High-Tech Development Co., Ltd (ATIAVPCI) MEDIA (08/09/2010 6.14.10.404)-->rundll32.exe C:\PROGRA~1\DIFX\8393F03A18C75A9F\DIFxAppA.dll, DIFxARPUninstallDriverPackage C:\windows\System32\DriverStore\FileRepository\aticaw76.inf_amd64_neutral_46d19b780391fa27\aticaw76.inf
Windows Media Player Firefox Plugin-->MsiExec.exe /I{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}
x64 Components v2.9.3-->"C:\Program Files\Shark007\unins000.exe"

======Hosts File======

127.0.0.1 007guard.com
127.0.0.1 www.007guard.com
127.0.0.1 008i.com
127.0.0.1 008k.com
127.0.0.1 www.008k.com
127.0.0.1 00hq.com
127.0.0.1 www.00hq.com
127.0.0.1 010402.com
127.0.0.1 032439.com
127.0.0.1 www.032439.com

======System event log======

Computer Name: Rastik-PC
Event Code: 10002
Message: Modul WLAN Extensibility Module sa zastavil.

Cesta k modulu: C:\windows\System32\bcmihvsrv64.dll

Record Number: 79241
Source Name: Microsoft-Windows-WLAN-AutoConfig
Time Written: 20110705130540.503657-000
Event Type: Warning
User: NT AUTHORITY\SYSTEM

Computer Name: Rastik-PC
Event Code: 7026
Message: Nasledujúce ovládače pre spustenie zavedenia alebo spustenie systému zlyhali pri načítaní:
dqalf
ihgj
Record Number: 79149
Source Name: Service Control Manager
Time Written: 20110705124449.324033-000
Event Type: Error
User:

Computer Name: Rastik-PC
Event Code: 27
Message: Intel(R) 82577LC Gigabit Network Connection
Network link has been disconnected.

Record Number: 79123
Source Name: e1kexpress
Time Written: 20110705124441.166420-000
Event Type: Warning
User:

Computer Name: Rastik-PC
Event Code: 4001
Message: Služba automatickej konfigurácie siete WLAN sa úspešne zastavila.

Record Number: 79069
Source Name: Microsoft-Windows-WLAN-AutoConfig
Time Written: 20110705123758.917661-000
Event Type: Warning
User: NT AUTHORITY\SYSTEM

Computer Name: Rastik-PC
Event Code: 10002
Message: Modul WLAN Extensibility Module sa zastavil.

Cesta k modulu: C:\windows\System32\bcmihvsrv64.dll

Record Number: 79068
Source Name: Microsoft-Windows-WLAN-AutoConfig
Time Written: 20110705123758.917661-000
Event Type: Warning
User: NT AUTHORITY\SYSTEM

=====Application event log=====

Computer Name: Rastik-PC
Event Code: 3012
Message: The performance strings in the Performance registry value is corrupted when process Performance extension counter provider. The BaseIndex value from the Performance registry is the first DWORD in the Data section, LastCounter value is the second DWORD in the Data section, and LastHelp value is the third DWORD in the Data section.
Record Number: 19208
Source Name: Microsoft-Windows-LoadPerf
Time Written: 20110705130045.694606-000
Event Type: Error
User: NT AUTHORITY\SYSTEM

Computer Name: Rastik-PC
Event Code: 3006
Message: Unable to read the performance counter strings defined for the 01B language ID. The first DWORD in the Data section contains the Win32 error code.
Record Number: 19205
Source Name: Microsoft-Windows-LoadPerf
Time Written: 20110705124915.571134-000
Event Type: Error
User: NT AUTHORITY\SYSTEM

Computer Name: Rastik-PC
Event Code: 3006
Message: Unable to read the performance counter strings defined for the 01B language ID. The first DWORD in the Data section contains the Win32 error code.
Record Number: 19204
Source Name: Microsoft-Windows-LoadPerf
Time Written: 20110705124915.493129-000
Event Type: Error
User: NT AUTHORITY\SYSTEM

Computer Name: Rastik-PC
Event Code: 3012
Message: The performance strings in the Performance registry value is corrupted when process Performance extension counter provider. The BaseIndex value from the Performance registry is the first DWORD in the Data section, LastCounter value is the second DWORD in the Data section, and LastHelp value is the third DWORD in the Data section.
Record Number: 19203
Source Name: Microsoft-Windows-LoadPerf
Time Written: 20110705124915.492129-000
Event Type: Error
User: NT AUTHORITY\SYSTEM

Computer Name: Rastik-PC
Event Code: 1
Message: LMS Service cannot connect to Intel(R) MEI driver
Record Number: 19181
Source Name: LMS
Time Written: 20110705124442.000000-000
Event Type: Warning
User: NT AUTHORITY\SYSTEM

=====Security event log=====

Computer Name: Rastik-PC
Event Code: 1100
Message: The event logging service has shut down.
Record Number: 20386
Source Name: Microsoft-Windows-Eventlog
Time Written: 20110705123758.153260-000
Event Type: Audit Success
User:

Computer Name: Rastik-PC
Event Code: 4672
Message: Special privileges assigned to new logon.

Subject:
Security ID: S-1-5-18
Account Name: SYSTEM
Account Domain: NT AUTHORITY
Logon ID: 0x3e7

Privileges: SeAssignPrimaryTokenPrivilege
SeTcbPrivilege
SeSecurityPrivilege
SeTakeOwnershipPrivilege
SeLoadDriverPrivilege
SeBackupPrivilege
SeRestorePrivilege
SeDebugPrivilege
SeAuditPrivilege
SeSystemEnvironmentPrivilege
SeImpersonatePrivilege
Record Number: 20385
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20110705123753.660452-000
Event Type: Audit Success
User:

Computer Name: Rastik-PC
Event Code: 4624
Message: An account was successfully logged on.

Subject:
Security ID: S-1-5-18
Account Name: RASTIK-PC$
Account Domain: WORKGROUP
Logon ID: 0x3e7

Logon Type: 5

New Logon:
Security ID: S-1-5-18
Account Name: SYSTEM
Account Domain: NT AUTHORITY
Logon ID: 0x3e7
Logon GUID: {00000000-0000-0000-0000-000000000000}

Process Information:
Process ID: 0x2d8
Process Name: C:\Windows\System32\services.exe

Network Information:
Workstation Name:
Source Network Address: -
Source Port: -

Detailed Authentication Information:
Logon Process: Advapi
Authentication Package: Negotiate
Transited Services: -
Package Name (NTLM only): -
Key Length: 0

This event is generated when a logon session is created. It is generated on the computer that was accessed.

The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.

The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network).

The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on.

The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.

The authentication information fields provide detailed information about this specific logon request.
- Logon GUID is a unique identifier that can be used to correlate this event with a KDC event.
- Transited services indicate which intermediate services have participated in this logon request.
- Package name indicates which sub-protocol was used among the NTLM protocols.
- Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Record Number: 20384
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20110705123753.660452-000
Event Type: Audit Success
User:

Computer Name: Rastik-PC
Event Code: 4647
Message: User initiated logoff:

Subject:
Security ID: S-1-5-21-3570682749-457814730-2497169069-1001
Account Name: Rastik
Account Domain: Rastik-PC
Logon ID: 0x2e53a

This event is generated when a logoff is initiated. No further user-initiated activity can occur. This event can be interpreted as a logoff event.
Record Number: 20383
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20110705123751.211247-000
Event Type: Audit Success
User:

Computer Name: Rastik-PC
Event Code: 1102
Message: The audit log was cleared.
Subject:
Security ID: S-1-5-21-3570682749-457814730-2497169069-1001
Account Name: Rastik
Domain Name: Rastik-PC
Logon ID: 0x2e53a
Record Number: 20382
Source Name: Microsoft-Windows-Eventlog
Time Written: 20110705120736.390059-000
Event Type: Audit Success
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\system32\wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0;C:\Program Files\Intel\DMIX;C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static;C:\Program Files\Lenovo\Bluetooth Software;C:\Program Files\Lenovo\Bluetooth Software\syswow64;C:\Program Files\Windows Imaging;C:\Program Files (x86)\QuickTime\QTSystem
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
"PROCESSOR_ARCHITECTURE"=AMD64
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"USERNAME"=SYSTEM
"windir"=%SystemRoot%
"PSModulePath"=%SystemRoot%\system32\WindowsPowerShell\v1.0\Modules\
"NUMBER_OF_PROCESSORS"=8
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=Intel64 Family 6 Model 30 Stepping 5, GenuineIntel
"PROCESSOR_REVISION"=1e05
"CLASSPATH"=.;D:\Program Files (x86)\Java\jre6\lib\ext\QTJava.zip
"QTJAVA"=D:\Program Files (x86)\Java\jre6\lib\ext\QTJava.zip
"tvdumpflags"=8

-----------------EOF-----------------

[vyosek]

Zdravim a pekny den preji

Male stadecko rootkitu si tam chovate

Pri stahovani ComboFixu - navod a postup nize - je ulozte jako Beruska.com

PROSIM CTETE DUKLADNE NAVOD - TATO UTILITA MA VELKOU SCHOPNOST MAZAT A JE NUTNE JI APLIKOVAT JEN NA DOPORUCENI, JINAK VAM MUZE JIT SYSTEM DO KYTEK
Stahnete a ulozte na plochu Combofix http://download.bleepingcomputer.com/sUBs/ComboFix.exe

• Vypnete vsechny rezidentni bezpecnostní programy - firewally, antiviry, antispywary apod.
• Pokud mate Win XP spustte pod uctem Spravce\Administratora
• Pokud mate Win Vista ci Win 7, kliknete na Combofix pravym a dejte Run As Administrator ci Spustit jako spravce
• Ihned po startu se zobrazi stranka s licencnim ujednanim, pokracujte kliknutim na Ano
• Pokud Vam CF nabidne instalaci Konzoly pro zotaveni, tak souhlaste
• Dale postupujte dle pokynu, behem scanu nechte PC naprosto v klidu - nespoustejte zadne aplikace a neklikejte do zobrazujiciho se okna
• Scan by mel trvat cca 10 min, ale pokud bude PC hodne zaneseno, muze se cas prodlouzit
• Po dokonceni skenu a pripadnem restartu CF zobrazi log, pripadne jej najdete zde C:\ComboFix.txt, jeho obsah sem vlozte
• Detailni postup vc. obrazku mate zde http://www.bleepingcomputer.com/combofi ... t-combofix

[rastik01]

Log je dosť dlhý a bolo by to na veľa správ. Preto posielam na neho link:
http://leteckaposta.cz/491808843

[vyosek]

Stahnete OTM (viz muj podpis)

• Pokud pouzivate Win Vista ci W7, kliknete na OTM pravym a dejte Run As Administrator ci Spustit jako spravce
• Do leveho okna Paste Instructions for Items to be Moved (pod zlutou caru) vlozte obsah, ktery mate nize

• Kód: Vybrat vše

  :reg
  [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
  "DisableMonitoring"=dword:00000000
  
  :services
  dqalf
  ihgj
  MEMSWEEP2
  
  :files
  c:\programdata\3A5AF44BC2.sys
  C:\windows\SYSWOW64\drivers\nayneqjr.sys
  C:\windows\SYSWOW64\drivers\lfqbf.sys
  C:\windows\SYSWOW64\fyjlgzmr.txt
  %windir%\system32\*.tmp.dll /s
  %windir%\system32\SET*.tmp /s
  %windir%\*.tmp
  
  :commands
  [RESETHOSTS]
  [EMPTYTEMP]
  [EMPTYFLASH]

• Kliknete na cervene tlacitko MoveIt!
• Budete vyzvani na restart, dejte Yes, log pote najdete C:\_OTM\MovedFiles, obsah sem vlozte

[rastik01]

Prikladám log:

All processes killed
========== REGISTRY ==========
HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus\\"DisableMonitoring"|dword:00000000 /E : value set successfully!
========== SERVICES/DRIVERS ==========
Error: No service named dqalf was found to stop!
Service\Driver key dqalf not found.
Error: No service named ihgj was found to stop!
Service\Driver key ihgj not found.
Error: No service named MEMSWEEP2 was found to stop!
Service\Driver key MEMSWEEP2 not found.
========== FILES ==========
c:\programdata\3A5AF44BC2.sys moved successfully.
File/Folder C:\windows\SYSWOW64\drivers\nayneqjr.sys not found.
File/Folder C:\windows\SYSWOW64\drivers\lfqbf.sys not found.
C:\windows\SYSWOW64\fyjlgzmr.txt moved successfully.
File/Folder C:\windows\system32\*.tmp.dll not found.
File/Folder C:\windows\system32\SET*.tmp not found.
File/Folder C:\windows\*.tmp not found.
========== COMMANDS ==========
C:\windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Public
->Temp folder emptied: 0 bytes

User: Rastik
->Temp folder emptied: 3796794 bytes
->Temporary Internet Files folder emptied: 131474 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 43720188 bytes
->Flash cache emptied: 470 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 3518 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50252 bytes
%systemroot%\sysnative\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 45.00 mb


OTM by OldTimer - Version 3.1.18.0 log created on 07072011_142521

Files moved on Reboot...
C:\Users\Rastik\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

Registry entries deleted on Reboot...

[vyosek]

Jak se chova PC

[rastik01]

Už trocha rýchlejšie pracuje, ale to vypínanie nie je moc lepšie.

[vyosek]

Odinstalujte Combofix

• Start - Spustit (nebo pouzijte klavesobou zkratku Win+R)
• Napiste ComboFix /Uninstall
• Stisknete Enter
• Tohle smaze Combofix a jeho slozky

T-Cleaner http://vyosek.ic.cz/pro_usery/T-Cleaner.exe

• Stahnete a spustte
• Pro potvrzeni volby mackejte A, Enter
• Po pouziti utilitu smazte
• Antiviry touhou utilitu chybne oznacit jako vir - jedna se o falesny poplach - takze v pohode stahnete (pripadne vypnete pri stahovani antivir)

OTC http://oldtimer.geekstogo.com/OTC.exe

• Stahnete a spustte
• Kliknete na CleanUp a potvrdte YES
• Program uklidi a restartuje PC

TFC http://oldtimer.geekstogo.com/TFC.exe

• Stahnete a spustte
• Kliknete na Start a potvrdte OK
• Program uklidi a restartuje pc
• Po pouziti utilitu smazte

Stahnete Ccleaner (viz muj podpis)
Panel čistič

• Vse nechte jak je, jen dejte Analyzovat a pote Spustit CCleaner

Panel registry

• dejte Hledej problémy
• nasledne Opravit problémy - zalohu registru doporucuji udelat, opravte vsechny problemy
• postup opakujte dokud nebude bez problemu - vetsinou cca 3x

Panel nástroje

• Zde muzete odinstalovat nepotrebne programy

CCleaner doporucuji pouzivat cca jednou za tyden

Doporucuji provest defragmentaci disku

• Nejjednodussi (ale nejmene ucinny) zpusob je pomoci utility ve windowsech
  • Kliknete na Tento pocitac, dale na disk kliknete pravym tlacitkem, vyberte Vlastnosti
  • prepnete se do zalozky Nastroje
  • Nyni vidite pomucky Defragmentace - spustte ji kliknutim na Defragmentovat
  • Toto provedte se vsemi disky
• Dalsi moznosti (a mnou doporucenou) je pres programek Defraggler http://www.stahuj.centrum.cz/utility_a_ ... efraggler/
  • Program stahnete, nainstalujte (dejte fajfku pryc u yahoo toolbaru) a spustte
  • Kliknete na Analyzovat
  • Pokud je ve sloupci Fragmentováno vice jak 5%, doporucuji provest defragmentaci (klik na Defragmentovat)
  • Postup provedte se vsemi disky
• Posledni moznost je pres jednoduchy programek JKDefrag http://www.stahuj.centrum.cz/utility_a_ ... /jkdefrag/
  • Vyhodou programku je, ze se neinstaluje
  • Staci tedy jen stahnout dle verze vaseho OS a rozbalit
  • Nasledne spustit pomoci souboru JKDefrag pripadne JKDefrag64
  • Probehne analyza disku a nasledne i defragmentace

Co presneji trva dele, nez se vypnou programy (zobrazi se obrazovka odhlasovani\vypinani) nebo az pak dlouho trva, nez se PC z teto obrazovky vypne uplne

[rastik01]

Všetko som urobil.
Dlho trvá hláška vypína sa pc. Teda úplne posledná časť.

[vyosek]

Zkuste procist tento clanek a nastavit to podle nej http://extrawindows.cnews.cz/jak-na-ryc ... ti-windows
POkud si nebudete s registry vedet rady, tak napiste

[rastik01]

S registrami nebol problém.
Dik za pomoc, problém sa podstatne zmenšil. Považujem to za vyriešené.

[vyosek]

Nemate zac, rad jsem pomohl Zase nekdy