prudke zpomaleni PC, je takrka nepouzitelne
Napsal: 17 kvě 2012 10:01
Zdravim zdejsi borce, i ja se hlasim po kratkem case bohuzel znovu. Pocitac se dnes rano najednou neskutecne zpomalil (i jen vypnuti pocitace trva pres 20 minut), nesel spustit ani RSIT (hlasilo "rsit" neni platna aplikace...). Vse neuveritelne dlouho trva. Nenabiha ani nouzovy rezim (proste to v polovine nabihani nouzaku prestane nabihat, disk neustale poblikava a desitky minut se nic jineho nedeje).
Nezkousel jsem nic jineho, nez spustit rkill (vypsal pouze, ze doslo k zastaveni procesu "C:\Windows\SysWOW64\grpconv.exe"), nasledni muzu zda se vse spoustet normalne, takze vkladam log z RSITu.
Nic od rana nehlasi ani legalni ESET.
editace - 13:35: nainstaloval jsem a spustil MBAM - nic nenalezeno, pocitac dle nej cisty jako lilie. (ovsem jenom nainstalovani MBAMu trvalo pocitaci cca 50 minut!) Vypada to, ze v pocitaci lze spustit cokoliv, jenom spusteni nekterych aplikaci straslive, straslive dlouho trva....disk neustale poblikava, i kdyz pocitac v klidu, pritom zatez CPU stale prakticky nula...
Logfile of random's system information tool 1.09 (written by random/random)
Run by michalek at 2012-05-17 10:42:40
Microsoft Windows 7 Professional Service Pack 1
System drive C: has 57 GB (57%) free of 100 GB
Total RAM: 6135 MB (81% free)
HijackThis download failed
======Listing Processes======
\SystemRoot\System32\smss.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
wininit.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
winlogon.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
"C:\Program Files\Tablet\Wacom\Wacom_TouchService.exe"
"C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe"
C:\Windows\system32\nvvsvc.exe -session -first
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
"C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe"
"C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe"
"C:\Program Files (x86)\Bonjour\mDNSResponder.exe"
"C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe"
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\SysWOW64\nlssrv32.exe
"C:\Program Files\Tablet\Wacom\Wacom_Tablet.exe"
"taskhost.exe"
"C:\Windows\system32\Dwm.exe"
C:\Windows\Explorer.EXE
taskeng.exe {7AFA2735-1648-4AA2-AA34-ED84EE39303B}
"C:\Program Files (x86)\ASUS\EPU-6 Engine\SixEngine.exe" -b
"C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
"C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe"
"C:\Program Files\Tablet\Wacom\Wacom_TouchUser.exe"
"C:\Program Files\Tablet\Wacom\Wacom_TabletUser.exe"
C:\Windows\system32\SearchIndexer.exe /Embedding
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
"C:\Windows\system32\WUDFHost.exe" -HostGUID:{193a1820-d9ac-4997-8c55-be817523f6aa} -IoEventPortName:HostProcess-c7d6ac4a-ae29-4008-8465-9a4f1c72278f -SystemEventPortName:HostProcess-53883d30-a961-4327-8ee2-2afbda2ebc35 -IoCancelEventPortName:HostProcess-753b27f7-5eb2-454e-9645-0c55c4d6e84f -NonStateChangingEventPortName:HostProcess-87648633-d293-4b37-8430-ff5feb026b6f -ServiceSID:S-1-5-80-2652678385-582572993-1835434367-1344795993-749280709 -LifetimeId:e80d059a-0388-4c68-ae29-61e94d99a04c
"C:\Program Files\Tablet\Wacom\Wacom_Tablet.exe" au
C:\Windows\System32\svchost.exe -k secsvcs
"C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe"
taskeng.exe {898A2B0F-A60B-43E6-B248-62E159588A07}
C:\Windows\system32\wbem\wmiprvse.exe
"C:\Users\michalek\Desktop\RSITx64.exe"
C:\Windows\system32\wbem\wmiprvse.exe
======Scheduled tasks folder======
C:\Windows\tasks\Adobe Flash Player Updater.job
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Podpora odkazu pro Adobe PDF Reader - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2011-06-06 64928]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2011-06-06 63912]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"egui"=C:\Program Files\ESET\ESET Smart Security\egui.exe [2011-01-12 2918656]
"RtHDVCpl"=C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [2009-05-22 7833120]
"Skytel"=C:\Program Files\Realtek\Audio\HDA\Skytel.exe [2009-05-22 1833504]
[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"JMB36X IDE Setup"=C:\Windows\RaidTool\xInsIDE.exe [2009-06-30 36864]
"AdobeCS4ServiceManager"=C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe [2008-08-14 611712]
"Adobe ARM"=C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2011-06-06 937920]
C:\Users\michalek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
startup.bat – zástupce.lnk - C:\startup.bat
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED}
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=0
"ConsentPromptBehaviorUser"=3
"EnableLUA"=0
"EnableUIADesktopToggle"=0
"PromptOnSecureDesktop"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoActiveDesktop"=1
"ForceActiveDesktopOn"=0
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"vidc.uyvy"=msyuv.dll
"vidc.yuy2"=msyuv.dll
"vidc.yvyu"=msyuv.dll
"vidc.iyuv"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"vidc.yvu9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
======File associations======
.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*
======List of files/folders created in the last 1 month======
2012-05-17 10:42:40 ----D---- C:\rsit
2012-05-17 10:42:40 ----D---- C:\Program Files\trend micro
2012-05-17 10:31:27 ----N---- C:\bootsqm.dat
2012-05-17 08:29:32 ----A---- C:\Windows\ntbtlog.txt
2012-05-17 08:20:36 ----D---- C:\temp
2012-05-10 12:29:31 ----D---- C:\Users\michalek\AppData\Roaming\vlc
2012-05-10 12:29:08 ----D---- C:\Program Files (x86)\VideoLAN
2012-05-10 08:34:45 ----A---- C:\Windows\system32\DWrite.dll
2012-05-10 08:34:44 ----A---- C:\Windows\SYSWOW64\DWrite.dll
2012-05-10 08:34:39 ----A---- C:\Windows\system32\drivers\tcpip.sys
2012-05-10 08:34:24 ----A---- C:\Windows\system32\ntoskrnl.exe
2012-05-10 08:34:22 ----A---- C:\Windows\system32\win32k.sys
2012-05-10 08:34:19 ----A---- C:\Windows\SYSWOW64\ntkrnlpa.exe
2012-05-10 08:34:18 ----A---- C:\Windows\SYSWOW64\ntoskrnl.exe
2012-05-10 08:34:06 ----A---- C:\Windows\system32\drivers\partmgr.sys
2012-05-03 10:35:14 ----A---- C:\Windows\system32\drivers\wacomrouterfilter.sys
2012-05-03 10:34:57 ----A---- C:\Windows\system32\wdfcoinstaller01009.dll
2012-05-03 10:34:57 ----A---- C:\Windows\system32\drivers\wachidrouter.sys
2012-05-03 10:34:57 ----A---- C:\Windows\system32\drivers\hidkmdf.sys
2012-04-30 14:22:47 ----A---- C:\Windows\NeroDigital.ini
2012-04-23 12:25:37 ----D---- C:\Program Files (x86)\SourceTec
2012-04-20 09:25:15 ----HD---- C:\ProgramData\CanonBJ
======List of files/folders modified in the last 1 month======
2012-05-17 10:42:40 ----RD---- C:\Program Files
2012-05-17 10:42:36 ----D---- C:\Windows\Temp
2012-05-17 10:38:30 ----D---- C:\Windows\System32
2012-05-17 10:38:30 ----A---- C:\Windows\system32\PerfStringBackup.INI
2012-05-17 10:38:11 ----D---- C:\Windows\Prefetch
2012-05-17 10:34:12 ----D---- C:\Windows\system32\catroot2
2012-05-17 09:50:16 ----SD---- C:\ProgramData\Microsoft
2012-05-17 08:33:42 ----D---- C:\Windows\inf
2012-05-17 08:31:07 ----SHD---- C:\System Volume Information
2012-05-17 08:29:32 ----AD---- C:\Windows
2012-05-17 08:04:22 ----D---- C:\Windows\system32\config
2012-05-10 15:32:33 ----SD---- C:\Users\michalek\AppData\Roaming\Microsoft
2012-05-10 15:32:33 ----D---- C:\Users\michalek\AppData\Roaming\Adobe
2012-05-10 15:30:17 ----SHD---- C:\Windows\Installer
2012-05-10 15:30:12 ----D---- C:\Windows\winsxs
2012-05-10 15:29:56 ----D---- C:\ProgramData\Adobe
2012-05-10 15:29:55 ----D---- C:\Program Files (x86)\Adobe
2012-05-10 15:29:49 ----D---- C:\Windows\SysWOW64
2012-05-10 15:26:11 ----D---- C:\Windows\Enfocus Prefs Folder
2012-05-10 15:26:11 ----A---- C:\Windows\TextSpy.ini
2012-05-10 14:35:12 ----D---- C:\Users\michalek\AppData\Roaming\EditPlus 3
2012-05-10 12:29:08 ----RD---- C:\Program Files (x86)
2012-05-10 11:42:12 ----D---- C:\Windows\Microsoft.NET
2012-05-10 11:42:07 ----RSD---- C:\Windows\assembly
2012-05-10 08:40:35 ----D---- C:\Windows\system32\drivers
2012-05-10 08:36:14 ----D---- C:\Windows\system32\catroot
2012-05-10 08:35:42 ----D---- C:\Program Files\Windows Journal
2012-05-07 09:38:19 ----A---- C:\Windows\SYSWOW64\FlashPlayerApp.exe
2012-05-07 09:38:04 ----A---- C:\Windows\SYSWOW64\FlashPlayerInstaller.exe
2012-05-03 10:35:22 ----D---- C:\Program Files (x86)\TabletPlugins
2012-05-03 10:35:16 ----D---- C:\Windows\system32\DriverStore
2012-05-03 10:35:14 ----D---- C:\Program Files\Tablet
2012-04-23 12:25:38 ----D---- C:\Program Files (x86)\Common Files
2012-04-20 10:25:05 ----D---- C:\Program Files (x86)\Internet Explorer
2012-04-20 09:25:15 ----HD---- C:\ProgramData
2012-04-20 09:25:12 ----D---- C:\Windows\system32\spool
2012-04-19 19:41:46 ----D---- C:\Windows\system32\wdi
2012-04-19 17:30:37 ----RSD---- C:\Windows\Fonts
2012-04-18 09:47:16 ----A---- C:\Windows\SYSWOW64\Wintab32.dll
2012-04-18 09:47:16 ----A---- C:\Windows\SYSWOW64\WacomMT.dll
2012-04-18 09:47:16 ----A---- C:\Windows\SYSWOW64\Wacom_Touch_Tablet.dll
2012-04-18 09:47:16 ----A---- C:\Windows\SYSWOW64\Wacom_Tablet.dll
2012-04-18 09:47:16 ----A---- C:\Windows\system32\Wintab32.dll
2012-04-18 09:47:16 ----A---- C:\Windows\system32\WacomMT.dll
2012-04-18 09:47:16 ----A---- C:\Windows\system32\Wacom_Touch_Tablet.dll
2012-04-18 09:47:16 ----A---- C:\Windows\system32\Wacom_Tablet.dll
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R0 JRAID;JRAID; C:\Windows\system32\DRIVERS\jraid.sys [2009-06-30 104408]
R0 pciide;pciide; C:\Windows\system32\drivers\pciide.sys [2009-07-14 12352]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2010-11-20 213888]
R0 vmbus;@%SystemRoot%\system32\vmbusres.dll,-1000; C:\Windows\system32\drivers\vmbus.sys [2010-11-20 199552]
R1 AsIO;AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [2009-08-04 13440]
R1 CSC;@%systemroot%\system32\cscsvc.dll,-202; C:\Windows\system32\drivers\csc.sys [2010-11-20 514560]
R1 ehdrv;ehdrv; C:\Windows\system32\DRIVERS\ehdrv.sys [2010-12-21 141264]
R1 vpcnfltr;Virtual PC Network Filter Driver; C:\Windows\system32\DRIVERS\vpcnfltr.sys [2010-11-20 59392]
R1 vpcvmm;@%SystemRoot%\system32\drivers\vpcvmm.sys,-100; C:\Windows\system32\drivers\vpcvmm.sys [2010-11-20 360832]
R2 adfs;adfs; C:\Windows\system32\drivers\adfs.sys [2008-06-27 88632]
R2 eamonm;eamonm; C:\Windows\system32\DRIVERS\eamonm.sys [2010-12-21 170640]
R2 epfw;epfw; C:\Windows\system32\DRIVERS\epfw.sys [2010-12-21 170640]
R2 epfwwfp;epfwwfp; C:\Windows\system32\DRIVERS\epfwwfp.sys [2010-12-21 50624]
R3 Epfwndis;Eset Personal Firewall; C:\Windows\system32\DRIVERS\Epfwndis.sys [2010-12-21 34144]
R3 hidkmdf;KMDF Driver; C:\Windows\system32\DRIVERS\hidkmdf.sys [2012-03-29 13688]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHD64.sys [2009-05-22 1762080]
R3 MTsensor;ATK0110 ACPI UTILITY; C:\Windows\system32\DRIVERS\ASACPI.sys [2009-07-16 15416]
R3 RTL8167;Ovladač Realtek 8167 NT; C:\Windows\system32\DRIVERS\Rt64win7.sys [2009-06-10 187392]
R3 vpcbus;Služba hostitelské sběrnice programu Virtual PC; C:\Windows\system32\DRIVERS\vpchbus.sys [2010-11-20 194944]
R3 vpcusb;Služba konektoru virtualizace rozhraní USB; C:\Windows\system32\DRIVERS\vpcusb.sys [2010-11-20 95232]
R3 WacHidRouter;Wacom Hid Router; C:\Windows\system32\DRIVERS\wachidrouter.sys [2012-03-29 65912]
R3 wacomrouterfilter;Wacom Router Filter Driver; C:\Windows\system32\DRIVERS\wacomrouterfilter.sys [2012-03-29 15736]
S3 RDPDR;Terminal Server Device Redirector Driver; C:\Windows\System32\drivers\rdpdr.sys [2010-11-20 165888]
S3 s3cap;s3cap; C:\Windows\system32\drivers\vms3cap.sys [2010-11-20 6656]
S3 storvsc;storvsc; C:\Windows\system32\drivers\storvsc.sys [2010-11-20 34688]
S3 TsUsbFlt;TsUsbFlt; C:\Windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
S3 VMBusHID;VMBusHID; C:\Windows\system32\drivers\VMBusHID.sys [2010-11-20 21760]
S3 wacmoumonitor;Wacom Mode Helper; C:\Windows\system32\DRIVERS\wacmoumonitor.sys [2011-11-14 13312]
S3 wacommousefilter;Wacom Mouse Filter Driver; C:\Windows\system32\DRIVERS\wacommousefilter.sys []
S3 wacomvhid;Wacom Virtual Hid Driver; C:\Windows\system32\DRIVERS\wacomvhid.sys []
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
R2 AsSysCtrlService;ASUS System Control Service; C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe [2009-08-19 90112]
R2 Bonjour Service;##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762##; C:\Program Files (x86)\Bonjour\mDNSResponder.exe [2006-02-28 229376]
R2 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\Windows\System32\svchost.exe [2009-07-14 27136]
R2 ekrn;ESET Service; C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe [2011-01-12 810144]
R2 nlsX86cc;Nalpeiron Licensing Service; C:\Windows\SysWOW64\nlssrv32.exe [2011-12-18 66560]
R2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe [2012-02-29 889664]
R2 TabletServiceWacom;TabletServiceWacom; C:\Program Files\Tablet\Wacom\Wacom_Tablet.exe [2012-04-18 8518008]
R2 TouchServiceWacom;Wacom Professional Touch Service; C:\Program Files\Tablet\Wacom\Wacom_TouchService.exe [2012-04-18 567672]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-07 257696]
S3 AppMgmt;@appmgmts.dll,-3250; C:\Windows\system32\svchost.exe [2009-07-14 27136]
S3 EhttpSrv;ESET HTTP Server; C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe [2011-01-12 42360]
S3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2012-04-05 1038088]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2012-04-05 655624]
S3 Macromedia Licensing Service;Macromedia Licensing Service; C:\Program Files (x86)\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe [2012-04-02 68096]
S3 ose;Office Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 PeerDistSvc;@%SystemRoot%\system32\peerdistsvc.dll,-9000; C:\Windows\System32\svchost.exe [2009-07-14 27136]
S3 StorSvc;@%SystemRoot%\System32\StorSvc.dll,-100; C:\Windows\System32\svchost.exe [2009-07-14 27136]
S3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\Windows\System32\svchost.exe [2009-07-14 27136]
-----------------EOF-----------------
Nezkousel jsem nic jineho, nez spustit rkill (vypsal pouze, ze doslo k zastaveni procesu "C:\Windows\SysWOW64\grpconv.exe"), nasledni muzu zda se vse spoustet normalne, takze vkladam log z RSITu.
Nic od rana nehlasi ani legalni ESET.
editace - 13:35: nainstaloval jsem a spustil MBAM - nic nenalezeno, pocitac dle nej cisty jako lilie. (ovsem jenom nainstalovani MBAMu trvalo pocitaci cca 50 minut!) Vypada to, ze v pocitaci lze spustit cokoliv, jenom spusteni nekterych aplikaci straslive, straslive dlouho trva....disk neustale poblikava, i kdyz pocitac v klidu, pritom zatez CPU stale prakticky nula...
Logfile of random's system information tool 1.09 (written by random/random)
Run by michalek at 2012-05-17 10:42:40
Microsoft Windows 7 Professional Service Pack 1
System drive C: has 57 GB (57%) free of 100 GB
Total RAM: 6135 MB (81% free)
HijackThis download failed
======Listing Processes======
\SystemRoot\System32\smss.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
wininit.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
winlogon.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
"C:\Program Files\Tablet\Wacom\Wacom_TouchService.exe"
"C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe"
C:\Windows\system32\nvvsvc.exe -session -first
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
"C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe"
"C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe"
"C:\Program Files (x86)\Bonjour\mDNSResponder.exe"
"C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe"
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\SysWOW64\nlssrv32.exe
"C:\Program Files\Tablet\Wacom\Wacom_Tablet.exe"
"taskhost.exe"
"C:\Windows\system32\Dwm.exe"
C:\Windows\Explorer.EXE
taskeng.exe {7AFA2735-1648-4AA2-AA34-ED84EE39303B}
"C:\Program Files (x86)\ASUS\EPU-6 Engine\SixEngine.exe" -b
"C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
"C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe"
"C:\Program Files\Tablet\Wacom\Wacom_TouchUser.exe"
"C:\Program Files\Tablet\Wacom\Wacom_TabletUser.exe"
C:\Windows\system32\SearchIndexer.exe /Embedding
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
"C:\Windows\system32\WUDFHost.exe" -HostGUID:{193a1820-d9ac-4997-8c55-be817523f6aa} -IoEventPortName:HostProcess-c7d6ac4a-ae29-4008-8465-9a4f1c72278f -SystemEventPortName:HostProcess-53883d30-a961-4327-8ee2-2afbda2ebc35 -IoCancelEventPortName:HostProcess-753b27f7-5eb2-454e-9645-0c55c4d6e84f -NonStateChangingEventPortName:HostProcess-87648633-d293-4b37-8430-ff5feb026b6f -ServiceSID:S-1-5-80-2652678385-582572993-1835434367-1344795993-749280709 -LifetimeId:e80d059a-0388-4c68-ae29-61e94d99a04c
"C:\Program Files\Tablet\Wacom\Wacom_Tablet.exe" au
C:\Windows\System32\svchost.exe -k secsvcs
"C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe"
taskeng.exe {898A2B0F-A60B-43E6-B248-62E159588A07}
C:\Windows\system32\wbem\wmiprvse.exe
"C:\Users\michalek\Desktop\RSITx64.exe"
C:\Windows\system32\wbem\wmiprvse.exe
======Scheduled tasks folder======
C:\Windows\tasks\Adobe Flash Player Updater.job
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Podpora odkazu pro Adobe PDF Reader - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2011-06-06 64928]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2011-06-06 63912]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"egui"=C:\Program Files\ESET\ESET Smart Security\egui.exe [2011-01-12 2918656]
"RtHDVCpl"=C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [2009-05-22 7833120]
"Skytel"=C:\Program Files\Realtek\Audio\HDA\Skytel.exe [2009-05-22 1833504]
[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"JMB36X IDE Setup"=C:\Windows\RaidTool\xInsIDE.exe [2009-06-30 36864]
"AdobeCS4ServiceManager"=C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe [2008-08-14 611712]
"Adobe ARM"=C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2011-06-06 937920]
C:\Users\michalek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
startup.bat – zástupce.lnk - C:\startup.bat
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED}
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=0
"ConsentPromptBehaviorUser"=3
"EnableLUA"=0
"EnableUIADesktopToggle"=0
"PromptOnSecureDesktop"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoActiveDesktop"=1
"ForceActiveDesktopOn"=0
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"vidc.uyvy"=msyuv.dll
"vidc.yuy2"=msyuv.dll
"vidc.yvyu"=msyuv.dll
"vidc.iyuv"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"vidc.yvu9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
======File associations======
.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*
======List of files/folders created in the last 1 month======
2012-05-17 10:42:40 ----D---- C:\rsit
2012-05-17 10:42:40 ----D---- C:\Program Files\trend micro
2012-05-17 10:31:27 ----N---- C:\bootsqm.dat
2012-05-17 08:29:32 ----A---- C:\Windows\ntbtlog.txt
2012-05-17 08:20:36 ----D---- C:\temp
2012-05-10 12:29:31 ----D---- C:\Users\michalek\AppData\Roaming\vlc
2012-05-10 12:29:08 ----D---- C:\Program Files (x86)\VideoLAN
2012-05-10 08:34:45 ----A---- C:\Windows\system32\DWrite.dll
2012-05-10 08:34:44 ----A---- C:\Windows\SYSWOW64\DWrite.dll
2012-05-10 08:34:39 ----A---- C:\Windows\system32\drivers\tcpip.sys
2012-05-10 08:34:24 ----A---- C:\Windows\system32\ntoskrnl.exe
2012-05-10 08:34:22 ----A---- C:\Windows\system32\win32k.sys
2012-05-10 08:34:19 ----A---- C:\Windows\SYSWOW64\ntkrnlpa.exe
2012-05-10 08:34:18 ----A---- C:\Windows\SYSWOW64\ntoskrnl.exe
2012-05-10 08:34:06 ----A---- C:\Windows\system32\drivers\partmgr.sys
2012-05-03 10:35:14 ----A---- C:\Windows\system32\drivers\wacomrouterfilter.sys
2012-05-03 10:34:57 ----A---- C:\Windows\system32\wdfcoinstaller01009.dll
2012-05-03 10:34:57 ----A---- C:\Windows\system32\drivers\wachidrouter.sys
2012-05-03 10:34:57 ----A---- C:\Windows\system32\drivers\hidkmdf.sys
2012-04-30 14:22:47 ----A---- C:\Windows\NeroDigital.ini
2012-04-23 12:25:37 ----D---- C:\Program Files (x86)\SourceTec
2012-04-20 09:25:15 ----HD---- C:\ProgramData\CanonBJ
======List of files/folders modified in the last 1 month======
2012-05-17 10:42:40 ----RD---- C:\Program Files
2012-05-17 10:42:36 ----D---- C:\Windows\Temp
2012-05-17 10:38:30 ----D---- C:\Windows\System32
2012-05-17 10:38:30 ----A---- C:\Windows\system32\PerfStringBackup.INI
2012-05-17 10:38:11 ----D---- C:\Windows\Prefetch
2012-05-17 10:34:12 ----D---- C:\Windows\system32\catroot2
2012-05-17 09:50:16 ----SD---- C:\ProgramData\Microsoft
2012-05-17 08:33:42 ----D---- C:\Windows\inf
2012-05-17 08:31:07 ----SHD---- C:\System Volume Information
2012-05-17 08:29:32 ----AD---- C:\Windows
2012-05-17 08:04:22 ----D---- C:\Windows\system32\config
2012-05-10 15:32:33 ----SD---- C:\Users\michalek\AppData\Roaming\Microsoft
2012-05-10 15:32:33 ----D---- C:\Users\michalek\AppData\Roaming\Adobe
2012-05-10 15:30:17 ----SHD---- C:\Windows\Installer
2012-05-10 15:30:12 ----D---- C:\Windows\winsxs
2012-05-10 15:29:56 ----D---- C:\ProgramData\Adobe
2012-05-10 15:29:55 ----D---- C:\Program Files (x86)\Adobe
2012-05-10 15:29:49 ----D---- C:\Windows\SysWOW64
2012-05-10 15:26:11 ----D---- C:\Windows\Enfocus Prefs Folder
2012-05-10 15:26:11 ----A---- C:\Windows\TextSpy.ini
2012-05-10 14:35:12 ----D---- C:\Users\michalek\AppData\Roaming\EditPlus 3
2012-05-10 12:29:08 ----RD---- C:\Program Files (x86)
2012-05-10 11:42:12 ----D---- C:\Windows\Microsoft.NET
2012-05-10 11:42:07 ----RSD---- C:\Windows\assembly
2012-05-10 08:40:35 ----D---- C:\Windows\system32\drivers
2012-05-10 08:36:14 ----D---- C:\Windows\system32\catroot
2012-05-10 08:35:42 ----D---- C:\Program Files\Windows Journal
2012-05-07 09:38:19 ----A---- C:\Windows\SYSWOW64\FlashPlayerApp.exe
2012-05-07 09:38:04 ----A---- C:\Windows\SYSWOW64\FlashPlayerInstaller.exe
2012-05-03 10:35:22 ----D---- C:\Program Files (x86)\TabletPlugins
2012-05-03 10:35:16 ----D---- C:\Windows\system32\DriverStore
2012-05-03 10:35:14 ----D---- C:\Program Files\Tablet
2012-04-23 12:25:38 ----D---- C:\Program Files (x86)\Common Files
2012-04-20 10:25:05 ----D---- C:\Program Files (x86)\Internet Explorer
2012-04-20 09:25:15 ----HD---- C:\ProgramData
2012-04-20 09:25:12 ----D---- C:\Windows\system32\spool
2012-04-19 19:41:46 ----D---- C:\Windows\system32\wdi
2012-04-19 17:30:37 ----RSD---- C:\Windows\Fonts
2012-04-18 09:47:16 ----A---- C:\Windows\SYSWOW64\Wintab32.dll
2012-04-18 09:47:16 ----A---- C:\Windows\SYSWOW64\WacomMT.dll
2012-04-18 09:47:16 ----A---- C:\Windows\SYSWOW64\Wacom_Touch_Tablet.dll
2012-04-18 09:47:16 ----A---- C:\Windows\SYSWOW64\Wacom_Tablet.dll
2012-04-18 09:47:16 ----A---- C:\Windows\system32\Wintab32.dll
2012-04-18 09:47:16 ----A---- C:\Windows\system32\WacomMT.dll
2012-04-18 09:47:16 ----A---- C:\Windows\system32\Wacom_Touch_Tablet.dll
2012-04-18 09:47:16 ----A---- C:\Windows\system32\Wacom_Tablet.dll
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R0 JRAID;JRAID; C:\Windows\system32\DRIVERS\jraid.sys [2009-06-30 104408]
R0 pciide;pciide; C:\Windows\system32\drivers\pciide.sys [2009-07-14 12352]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2010-11-20 213888]
R0 vmbus;@%SystemRoot%\system32\vmbusres.dll,-1000; C:\Windows\system32\drivers\vmbus.sys [2010-11-20 199552]
R1 AsIO;AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [2009-08-04 13440]
R1 CSC;@%systemroot%\system32\cscsvc.dll,-202; C:\Windows\system32\drivers\csc.sys [2010-11-20 514560]
R1 ehdrv;ehdrv; C:\Windows\system32\DRIVERS\ehdrv.sys [2010-12-21 141264]
R1 vpcnfltr;Virtual PC Network Filter Driver; C:\Windows\system32\DRIVERS\vpcnfltr.sys [2010-11-20 59392]
R1 vpcvmm;@%SystemRoot%\system32\drivers\vpcvmm.sys,-100; C:\Windows\system32\drivers\vpcvmm.sys [2010-11-20 360832]
R2 adfs;adfs; C:\Windows\system32\drivers\adfs.sys [2008-06-27 88632]
R2 eamonm;eamonm; C:\Windows\system32\DRIVERS\eamonm.sys [2010-12-21 170640]
R2 epfw;epfw; C:\Windows\system32\DRIVERS\epfw.sys [2010-12-21 170640]
R2 epfwwfp;epfwwfp; C:\Windows\system32\DRIVERS\epfwwfp.sys [2010-12-21 50624]
R3 Epfwndis;Eset Personal Firewall; C:\Windows\system32\DRIVERS\Epfwndis.sys [2010-12-21 34144]
R3 hidkmdf;KMDF Driver; C:\Windows\system32\DRIVERS\hidkmdf.sys [2012-03-29 13688]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHD64.sys [2009-05-22 1762080]
R3 MTsensor;ATK0110 ACPI UTILITY; C:\Windows\system32\DRIVERS\ASACPI.sys [2009-07-16 15416]
R3 RTL8167;Ovladač Realtek 8167 NT; C:\Windows\system32\DRIVERS\Rt64win7.sys [2009-06-10 187392]
R3 vpcbus;Služba hostitelské sběrnice programu Virtual PC; C:\Windows\system32\DRIVERS\vpchbus.sys [2010-11-20 194944]
R3 vpcusb;Služba konektoru virtualizace rozhraní USB; C:\Windows\system32\DRIVERS\vpcusb.sys [2010-11-20 95232]
R3 WacHidRouter;Wacom Hid Router; C:\Windows\system32\DRIVERS\wachidrouter.sys [2012-03-29 65912]
R3 wacomrouterfilter;Wacom Router Filter Driver; C:\Windows\system32\DRIVERS\wacomrouterfilter.sys [2012-03-29 15736]
S3 RDPDR;Terminal Server Device Redirector Driver; C:\Windows\System32\drivers\rdpdr.sys [2010-11-20 165888]
S3 s3cap;s3cap; C:\Windows\system32\drivers\vms3cap.sys [2010-11-20 6656]
S3 storvsc;storvsc; C:\Windows\system32\drivers\storvsc.sys [2010-11-20 34688]
S3 TsUsbFlt;TsUsbFlt; C:\Windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
S3 VMBusHID;VMBusHID; C:\Windows\system32\drivers\VMBusHID.sys [2010-11-20 21760]
S3 wacmoumonitor;Wacom Mode Helper; C:\Windows\system32\DRIVERS\wacmoumonitor.sys [2011-11-14 13312]
S3 wacommousefilter;Wacom Mouse Filter Driver; C:\Windows\system32\DRIVERS\wacommousefilter.sys []
S3 wacomvhid;Wacom Virtual Hid Driver; C:\Windows\system32\DRIVERS\wacomvhid.sys []
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
R2 AsSysCtrlService;ASUS System Control Service; C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe [2009-08-19 90112]
R2 Bonjour Service;##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762##; C:\Program Files (x86)\Bonjour\mDNSResponder.exe [2006-02-28 229376]
R2 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\Windows\System32\svchost.exe [2009-07-14 27136]
R2 ekrn;ESET Service; C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe [2011-01-12 810144]
R2 nlsX86cc;Nalpeiron Licensing Service; C:\Windows\SysWOW64\nlssrv32.exe [2011-12-18 66560]
R2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe [2012-02-29 889664]
R2 TabletServiceWacom;TabletServiceWacom; C:\Program Files\Tablet\Wacom\Wacom_Tablet.exe [2012-04-18 8518008]
R2 TouchServiceWacom;Wacom Professional Touch Service; C:\Program Files\Tablet\Wacom\Wacom_TouchService.exe [2012-04-18 567672]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-07 257696]
S3 AppMgmt;@appmgmts.dll,-3250; C:\Windows\system32\svchost.exe [2009-07-14 27136]
S3 EhttpSrv;ESET HTTP Server; C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe [2011-01-12 42360]
S3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2012-04-05 1038088]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2012-04-05 655624]
S3 Macromedia Licensing Service;Macromedia Licensing Service; C:\Program Files (x86)\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe [2012-04-02 68096]
S3 ose;Office Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 PeerDistSvc;@%SystemRoot%\system32\peerdistsvc.dll,-9000; C:\Windows\System32\svchost.exe [2009-07-14 27136]
S3 StorSvc;@%SystemRoot%\System32\StorSvc.dll,-100; C:\Windows\System32\svchost.exe [2009-07-14 27136]
S3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\Windows\System32\svchost.exe [2009-07-14 27136]
-----------------EOF-----------------
