PC běží na 100% při startu systemu chybová hlaška

[Dennis]

při startu píše The procedure entry point GetNativeSystemInfo could not be located in the dynamic link library KERNEL32.dll
a pak proces a824adcc-6ec9-4 běží na 78% CPU a csrss.exe na zbytek do 100%

RSIT nedojede uplně do konce podle grafického ukazatele průběhu a ukončit po 20 minutách jde jedině přes spravce úloh


Logfile of random's system information tool 1.09 (written by random/random)
Run by Administrator at 2013-11-01 11:09:15
Microsoft Windows 2000 Professional Service Pack 3
System drive C: has 51 GB (67%) free of 76 GB
Total RAM: 1023 MB (76% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 11:09:20, on 1.11.2013
Platform: Windows 2000 SP3 (WinNT 5.00.2195)
MSIE: Internet Explorer v5.00 SP3 (5.00.2920.0000)
Boot mode: Normal

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\System32\mgabg.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\ZipToA.exe
C:\WINNT\Explorer.EXE
C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe
C:\Program Files\Analog Devices\SoundMAX\Smtray.exe
C:\WINNT\System32\PDesk\PDesk.exe
C:\Program Files\AVAST Software\Avast\avastUI.exe
C:\WINNT\system32\internat.exe
C:\Program Files\AVAST Software\Avast\Setup\02360570-e6b9-4b35-9f74-d25688c4eb75.exe
C:\WINNT\system32\taskmgr.exe
C:\totalcmd\TOTALCMD.EXE
\P4\Digitál\Pracovní\RSIT.exe
C:\Program Files\trend micro\Administrator.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\Smtray.exe
O4 - HKLM\..\Run: [Matrox Powerdesk] C:\WINNT\System32\PDesk\PDesk.exe /Autolaunch
O4 - HKLM\..\Run: [Iomega Startup Options] C:\Program Files\Iomega\Common\ImgStart.exe
O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
O4 - HKCU\..\Run: [internat.exe] internat.exe
O4 - HKUS\.DEFAULT\..\Run: [internat.exe] internat.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [^SetupICWDesktop] C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User 'Default user')
O4 - Startup: QSS-32_33.lnk = C:\Noritsukoki\QSS-32_33\Exe\QSS_SEQ.exe
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINNT\System32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINNT\System32\browseui.dll
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: IomegaAccess - Iomega Corporation - C:\WINNT\System32\IomegaAccess.exe
O23 - Service: MGABGEXE - Matrox Graphics Inc. - C:\WINNT\System32\mgabg.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: ZipToA - Iomega Corporation - C:\WINNT\System32\ZipToA.exe

--
End of file - 3319 bytes

======Scheduled tasks folder======

C:\WINNT\tasks\avast! Emergency Update.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{8E718888-423F-11D2-876E-00A0C9082467} - @msdxmLC.dll,-1@1033,&Radio - C:\WINNT\System32\msdxm.ocx [2003-09-17 844048]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Synchronization Manager"=mobsync.exe /logon []
"Smapp"=C:\Program Files\Analog Devices\SoundMAX\Smtray.exe [2002-06-26 90112]
"Matrox Powerdesk"=C:\WINNT\System32\PDesk\PDesk.exe [2001-08-03 622592]
"Iomega Startup Options"=C:\Program Files\Iomega\Common\ImgStart.exe [2000-06-02 32768]
"avast"=C:\Program Files\AVAST Software\Avast\avastUI.exe [2013-05-09 4858968]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"internat.exe"=C:\WINNT\system32\internat.exe [2002-07-24 20752]

C:\Documents and Settings\Administrator\Start Menu\Programs\Startup
QSS-32_33.lnk - C:\Noritsukoki\QSS-32_33\Exe\QSS_SEQ.exe

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=149

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=255

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"aux"=mmdrv.dll
"midimapper"=midimap.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msadpcm"=msadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.trspch"=tssoft32.acm
"vidc.cvid"=iccvid.dll
"vidc.iv31"=ir32_32.dll
"vidc.iv32"=ir32_32.dll
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"wavemapper"=msacm32.drv
"wave1"=
"wave2"=
"wave3"=
"wave4"=
"wave5"=
"wave6"=
"wave7"=
"wave8"=
"wave9"=
"midi1"=
"midi2"=
"midi3"=
"midi4"=
"midi5"=
"midi6"=
"midi7"=
"midi8"=
"midi9"=
"aux1"=
"aux2"=
"aux3"=
"aux4"=
"aux5"=
"aux6"=
"aux7"=
"aux8"=
"aux9"=
"mixer1"=
"mixer2"=
"mixer3"=
"mixer4"=
"mixer5"=
"mixer6"=
"mixer7"=
"mixer8"=
"mixer9"=
"wdmaud.drv"=wdmaud.drv
"msacm.lhacm"=lhacm.acm
"msacm.msg723"=msg723.acm
"vidc.M263"=msh263.drv
"vidc.M261"=msh261.drv
"vidc.I420"=msh263.drv
"msacm.iac2"=C:\WINNT\System32\iac25_32.ax
"vidc.iv50"=ir50_32.dll
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"MIDI10"=SYNCOR11.DLL
"SENTINEL"=snti386.dll

======List of files/folders created in the last 1 month======

2013-11-01 11:09:15 ----D---- C:\rsit
2013-11-01 10:57:36 ----D---- C:\Program Files\trend micro
2013-11-01 10:57:36 ----AT---- C:\WINNT\system32\Perflib_Perfdata_2e8.dat
2013-11-01 10:15:55 ----D---- C:\back up 11 2013

======List of files/folders modified in the last 1 month======

2013-11-01 10:57:36 ----RAD---- C:\Program Files
2013-11-01 10:57:36 ----AD---- C:\WINNT\system32
2013-11-01 10:38:25 ----AD---- C:\WINNT\Temp
2013-11-01 10:38:05 ----D---- C:\WINNT\system32\NtmsData
2013-11-01 10:37:00 ----AD---- C:\WINNT\Debug
2013-11-01 10:35:32 ----A---- C:\WINNT\SchedLgU.Txt
2013-10-23 07:58:15 ----D---- C:\image
2013-10-14 06:27:49 ----D---- C:\Templates

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 ACPI;Microsoft ACPI Driver; C:\WINNT\System32\DRIVERS\ACPI.sys [2002-07-24 163152]
R0 adf6u160;adf6u160; C:\WINNT\System32\DRIVERS\adf6u160.sys [2000-10-27 88076]
R0 agp440;Intel AGP Bus Filter; C:\WINNT\System32\DRIVERS\agp440.sys [2002-07-22 20944]
R0 atapi;Standard IDE/ESDI Hard Disk Controller; C:\WINNT\System32\DRIVERS\atapi.sys [2002-07-22 86704]
R0 Disk;Disk Driver; C:\WINNT\System32\DRIVERS\disk.sys [2002-07-24 29904]
R0 Diskperf;Diskperf; C:\WINNT\system32\drivers\Diskperf.sys [2002-07-24 7728]
R0 dmio;Logical Disk Manager Driver; C:\WINNT\System32\drivers\dmio.sys [2002-07-24 137936]
R0 dmload;dmload; C:\WINNT\System32\drivers\dmload.sys [2002-07-24 7312]
R0 Ftdisk;Volume Manager Driver; C:\WINNT\System32\DRIVERS\ftdisk.sys [2002-07-24 115376]
R0 IntelIde;IntelIde; C:\WINNT\System32\DRIVERS\intelide.sys [2002-07-22 4432]
R0 isapnp;PnP ISA/EISA Bus Driver; C:\WINNT\System32\DRIVERS\isapnp.sys [2002-07-22 46992]
R0 KSecDD;KSecDD; C:\WINNT\system32\drivers\KSecDD.sys [2003-09-21 71888]
R0 MountMgr;MountMgr; C:\WINNT\system32\drivers\MountMgr.sys [2004-02-10 30160]
R0 Mup;Mup; C:\WINNT\system32\drivers\Mup.sys [2002-07-24 87024]
R0 NDIS;NDIS System Driver; C:\WINNT\system32\drivers\NDIS.sys [2002-07-24 167344]
R0 PartMgr;PartMgr; C:\WINNT\system32\drivers\PartMgr.sys [2002-07-24 11792]
R0 PCI;PCI Bus Driver; C:\WINNT\System32\DRIVERS\pci.sys [2002-07-22 59216]
R1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINNT\system32\drivers\Aavmker4.sys [2013-05-09 25696]
R1 aswRdr;aswRdr; C:\WINNT\system32\drivers\aswRdr.sys [2013-05-09 49760]
R1 aswSP;aswSP; C:\WINNT\system32\drivers\aswSP.sys [2013-08-14 369584]
R1 aswTdi;avast! Network Shield Support; C:\WINNT\system32\drivers\aswTdi.sys [2013-05-09 56080]
R2 aswMon;avast! Standard Shield Support; C:\WINNT\system32\drivers\aswMon.sys [2013-05-09 102936]
R2 Sentinel;Sentinel; C:\WINNT\System32\Drivers\SENTINEL.SYS [2001-06-21 73728]
R3 aeaudio;aeaudio; C:\WINNT\system32\drivers\aeaudio.sys [2002-08-23 98752]
R3 E100B;Intel(R) PRO Adapter Driver; C:\WINNT\System32\DRIVERS\e100bnt5.sys [2002-02-26 139536]
R3 G400DH;G400DH; C:\WINNT\System32\DRIVERS\g400dhm.sys [2001-08-10 324907]
R3 LvdsArc;LVDS-ARCNET service; C:\WINNT\System32\Drivers\LvdsArc.sys [2009-10-29 118304]
R3 openhci;Microsoft USB Open Host Controller Driver; C:\WINNT\System32\DRIVERS\openhci.sys [2002-07-24 24752]
R3 smwdm;smwdm; C:\WINNT\system32\drivers\smwdm.sys [2002-08-23 549672]
R3 uhcd;Microsoft USB Universal Host Controller Driver; C:\WINNT\System32\DRIVERS\uhcd.sys [2002-07-22 32560]
R3 usbhub;Microsoft USB Standard Hub Driver; C:\WINNT\System32\DRIVERS\usbhub.sys [2002-07-22 40112]
R3 USBSTOR;USB Mass Storage Driver; C:\WINNT\System32\DRIVERS\USBSTOR.SYS [2002-07-22 21552]
S3 ichaud;Service for AC'97 Driver (WDM); C:\WINNT\system32\drivers\ichaud.sys [1999-10-22 32592]
S3 mgabg;mgabg; \??\C:\WINNT\system32\drivers\mgabg.sys []
S3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINNT\System32\DRIVERS\usbehci.sys [2002-04-23 19216]
S3 usbhub20;USB 2.0 Root Hub Support; C:\WINNT\System32\DRIVERS\usbhub20.sys [2002-04-18 49392]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 avast! Antivirus;avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2013-05-09 46808]
R2 MGABGEXE;MGABGEXE; C:\WINNT\System32\mgabg.exe [2001-03-08 81920]
R2 SoundMAX Agent Service (default);SoundMAX Agent Service; C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe [2002-07-15 45056]
R2 ZipToA;ZipToA; C:\WINNT\System32\ZipToA.exe [2000-02-10 356352]
S2 IomegaAccess;IomegaAccess; C:\WINNT\System32\IomegaAccess.exe [2000-02-10 352256]

-----------------EOF-----------------

[Rudy]

Zdravím!
Dejte log ComboFix:

Stahnete a ulozte nejlepe na plochu ComboFix: http://download.bleepingcomputer.com/sUBs/ComboFix.exe

pote spustte aplikaci pod uctem s administratorskym opravnenim

hned po startu se zobrazi obrazovka s licencnimi podminkami, pokracujte kliknutim na tlacitko Ano.

v klidu si postavte na kafe (cela akce trva cca. 5-10 minut, nekdy i dele - dle toho, o jak rychly stroj se

jedna a kolika soubory se skener bude muset prodirat), behem skenu se nepokousejte spoustet zadne jine

aplikace ani nic jineho

behem skenovani nepropadejte panice, vas stroj muze byt restartovan (predevsim pri prvni aplikaci skeneru)

upozorneni: pokud pouzivate antispyware s rezidentnim stitem, prepnete jeho rezidentni stit do Install Mode,

pripadne jej po dobu skenu uplne deaktivujte, protoze dochazi pri skenu a vymazu pripadneho malware k

nezadoucim kolizim s rezidentem antispyware.

[Dennis]

problém combofix nejde pod WIN2000

[Rudy]

Aha. Přehlédl jsem. Navíc vám chybí SP4, čímž systém není dostatečně chráněn. Zkuste tedy tento postup: http://forum.viry.cz/viewtopic.php?f=24&t=132509 . Na W2k už nefunguje celá řada čisticích utilit.

[Dennis]

děkuji
nepovedlo se mi to spustit přes ten Launcher psaloto to at stáhnu verzi pro 64-bit a ta taky samozřejmě nefungovala tak jsem spustil soubor FRST.exe přímo snad to nevadí

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 31-10-2013
Ran by Administrator (administrator) on PC-NRT-RS2 on 06-11-2013 07:50:30
Running from C:\Documents and Settings\Administrator\Desktop
Microsoft Windows 2000 Professional Service Pack 3 (X86) OS Language: English(US)
Internet Explorer Version 5
Boot Mode: Normal

==================== Processes (Whitelisted) ===================

(Microsoft Corporation) C:\WINNT\System32\smss.exe
(Microsoft Corporation) C:\WINNT\system32\csrss.exe
(Microsoft Corporation) C:\WINNT\system32\winlogon.exe
(Microsoft Corporation) C:\WINNT\system32\services.exe
(Microsoft Corporation) C:\WINNT\system32\lsass.exe
(Microsoft Corporation) C:\WINNT\system32\svchost.exe
(Microsoft Corporation) C:\WINNT\system32\spoolsv.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Microsoft Corporation) C:\WINNT\System32\svchost.exe
(Matrox Graphics Inc.) C:\WINNT\System32\mgabg.exe
(Microsoft Corporation) C:\WINNT\system32\regsvc.exe
(Microsoft Corporation) C:\WINNT\system32\MSTask.exe
(Analog Devices, Inc.) C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
(Microsoft Corporation) C:\WINNT\System32\WBEM\WinMgmt.exe
(Microsoft Corporation) C:\WINNT\system32\svchost.exe
(Iomega Corporation) C:\WINNT\System32\ZipToA.exe
(Microsoft Corporation) C:\WINNT\Explorer.EXE
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe
(Analog Devices, Inc.) C:\Program Files\Analog Devices\SoundMAX\Smtray.exe
(Matrox Graphics Inc.) C:\WINNT\System32\PDesk\PDesk.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastUI.exe
(Microsoft Corporation) C:\WINNT\system32\internat.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\Setup\34e49639-1f9f-4a90-9654-da8a1b29cca8.exe
(Microsoft Corporation) C:\WINNT\system32\taskmgr.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [Synchronization Manager] - mobsync.exe /logon
HKLM\...\Run: [Smapp] - C:\Program Files\Analog Devices\SoundMAX\SMTray.exe [90112 2002-06-26] (Analog Devices, Inc.)
HKLM\...\Run: [Matrox Powerdesk] - C:\WINNT\system32\PDesk\pdesk.exe [622592 2001-08-03] (Matrox Graphics Inc.)
HKLM\...\Run: [Iomega Startup Options] - C:\Program Files\Iomega\Common\IMGSTART.EXE [32768 2000-06-02] (Iomega Corporation)
HKLM\...\Run: [avast] - C:\Program Files\AVAST Software\Avast\AvastUI.exe [4858968 2013-05-09] (AVAST Software)
HKLM\...\Winlogon: [Userinit] C:\WINNT\system32\userinit.exe,
HKLM\...\Winlogon: [Shell] Explorer.exe [x ] ()
Winlogon\Notify\crypt32chain: crypt32.dll [X]
Winlogon\Notify\cryptnet: cryptnet.dll [X]
Winlogon\Notify\cscdll: cscdll.dll [X]
Winlogon\Notify\sclgntfy: sclgntfy.dll [X]
Winlogon\Notify\SensLogn: WlNotify.dll [X]
HKLM\...\InprocServer32: [Default-wbemess] ATTENTION! ====> ZeroAccess?
HKLM\...D6A79037F57F\InprocServer32: [Default-fastprox] ATTENTION! ====> ZeroAccess?
HKLM\...\Command Processor: <======= ATTENTION
HKCU\...\Run: [internat.exe] - internat.exe
Startup: C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\QSS-32_33.lnk
ShortcutTarget: QSS-32_33.lnk -> C:\Noritsukoki\QSS-32_33\Exe\QSS_SEQ.exe (ノーリツ鋼機)
SSODL: Network.ConnectionTray - {7007ACCF-3202-11D1-AAD2-00805FC1270E} - C:\WINNT\system32\NETSHELL.dll (Microsoft Corporation)
SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - %SystemRoot%\System32\webcheck.dll No File
SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - stobject.dll No File

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dl ... ar=msnhome
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dl ... r=iesearch
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dl ... R}&ar=home
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.msn.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dl ... r=iesearch
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dl ... r=iesearch
SearchScopes: HKLM - DefaultScope value is missing.
Toolbar: HKLM - @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx ()
Toolbar: HKCU - &Address - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - %SystemRoot%\System32\browseui.dll No File
Toolbar: HKCU - &Links - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - %SystemRoot%\System32\browseui.dll No File
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shoc ... wflash.cab
Handler: about - {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - %SystemRoot%\System32\mshtml.dll No File
Handler: gopher - {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\WINNT\system32\urlmon.dll (Microsoft Corporation)
Handler: javascript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - %SystemRoot%\System32\mshtml.dll No File
Handler: mailto - {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - %SystemRoot%\System32\mshtml.dll No File
Handler: mhtml - {05300401-BCBC-11d0-85E3-00C04FD85AB4} - %SystemRoot%\System32\inetcomm.dll No File
Handler: res - {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - %SystemRoot%\System32\mshtml.dll No File
Handler: sysimage - {76E67A63-06E9-11D2-A840-006008059382} - %SystemRoot%\System32\mshtml.dll No File
Handler: vbscript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - %SystemRoot%\System32\mshtml.dll No File
Handler: vnd.ms.radio - {3DA2AA3B-3D96-11D2-9BD2-204C4F4F5020} - C:\WINNT\system32\msdxm.ocx ()
Filter: Class Install Handler - {32B533BB-EDAE-11d0-BD5A-00AA00B92AF1} - C:\WINNT\system32\urlmon.dll (Microsoft Corporation)
Filter: lzdhtml - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINNT\system32\urlmon.dll (Microsoft Corporation)
Filter: text/webviewhtml - {733AC4CB-F1A4-11d0-B951-00A0C90312E1} - %SystemRoot%\system32\shell32.dll No File
ShellExecuteHooks: URL Exec Hook - {AEB6717E-7E19-11d0-97EE-00C04FD91972} - shell32.dll No File [ ]
Winsock: Catalog5 01 %SystemRoot%\System32\rnr20.dll [36624] (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"
Winsock: Catalog9 01 %SystemRoot%\system32\msafd.dll [108816] (Microsoft Corporation)
Winsock: Catalog9 02 %SystemRoot%\system32\msafd.dll [108816] (Microsoft Corporation)
Winsock: Catalog9 03 %SystemRoot%\system32\msafd.dll [108816] (Microsoft Corporation)
Winsock: Catalog9 06 %SystemRoot%\system32\msafd.dll [108816] (Microsoft Corporation)
Winsock: Catalog9 07 %SystemRoot%\system32\msafd.dll [108816] (Microsoft Corporation)
Winsock: Catalog9 08 %SystemRoot%\system32\msafd.dll [108816] (Microsoft Corporation)
Winsock: Catalog9 09 %SystemRoot%\system32\msafd.dll [108816] (Microsoft Corporation)
Winsock: Catalog9 10 %SystemRoot%\system32\msafd.dll [108816] (Microsoft Corporation)
Winsock: Catalog9 11 %SystemRoot%\system32\msafd.dll [108816] (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 193.179.144.2 212.47.0.4

========================== Services (Whitelisted) =================

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [46808 2013-05-09] (AVAST Software)
S3 cisvc; C:\WINNT\System32\cisvc.exe [5392 2002-07-24] (Microsoft Corporation)
R3 EventSystem; C:\WINNT\System32\es.dll [239888 2004-03-11] (Microsoft Corporation)
S2 IomegaAccess; C:\WINNT\System32\IomegaAccess.exe [352256 2000-02-10] ( Iomega Corporation)
S3 mnmsrvc; C:\WINNT\System32\mnmsrvc.exe [21776 2002-07-24] (Microsoft Corporation)
S3 MSDTC; C:\WINNT\System32\msdtc.exe [6928 2002-07-24] (Microsoft Corporation)
R2 SoundMAX Agent Service (default); C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe [45056 2002-07-15] (Analog Devices, Inc.)
R2 wuauserv; C:\WINNT\System32\wuauserv.dll [8704 2002-07-24] (Microsoft Corporation)
R2 ZipToA; C:\WINNT\System32\ZipToA.exe [356352 2000-02-10] (Iomega Corporation)
S3 Alerter; %SystemRoot%\System32\services.exe [x]
S3 AppMgmt; %SystemRoot%\system32\services.exe [x]
S3 BITS; %SystemRoot%\System32\qmgr.dll [x]
R2 Browser; %SystemRoot%\System32\services.exe [x]
S3 ClipSrv; %SystemRoot%\system32\clipsrv.exe [x]
R2 Dhcp; %SystemRoot%\System32\services.exe [x]
S3 dmadmin; %SystemRoot%\System32\dmadmin.exe /com [x]
R2 dmserver; %SystemRoot%\System32\services.exe [x]
R2 Dnscache; %SystemRoot%\System32\services.exe [x]
R2 Eventlog; [x]
S3 Fax; %systemroot%\system32\faxsvc.exe [x]
R2 lanmanserver; %SystemRoot%\System32\services.exe [x]
R2 lanmanworkstation; %SystemRoot%\System32\services.exe [x]
R2 LmHosts; %SystemRoot%\System32\services.exe [x]
R2 Messenger; %SystemRoot%\System32\services.exe [x]
R2 MGABGEXE; %SystemRoot%\System32\mgabg.exe [x]
S3 MSIServer; C:\WINNT\System32\msiexec.exe /V [x]
S3 NetDDE; %SystemRoot%\system32\netdde.exe [x]
S3 NetDDEdsdm; %SystemRoot%\system32\netdde.exe [x]
S3 Netlogon; %SystemRoot%\System32\lsass.exe [x]
R3 Netman; %SystemRoot%\System32\netman.dll [x]
S3 NtLmSsp; %SystemRoot%\System32\lsass.exe [x]
R2 NtmsSvc; %SystemRoot%\System32\NtmsSvc.dll [x]
R2 PlugPlay; %SystemRoot%\system32\services.exe [x]
R2 PolicyAgent; %SystemRoot%\System32\lsass.exe [x]
R2 ProtectedStorage; %SystemRoot%\system32\services.exe [x]
S3 RasAuto; %SystemRoot%\System32\rasauto.dll [x]
R3 RasMan; %SystemRoot%\System32\rasmans.dll [x]
S4 RemoteAccess; %SystemRoot%\System32\mprdim.dll [x]
R2 RemoteRegistry; %SystemRoot%\system32\regsvc.exe [x]
S3 RpcLocator; %SystemRoot%\System32\locator.exe [x]
R2 RpcSs; %SystemRoot%\system32\rpcss.dll [x]
S3 RSVP; %SystemRoot%\System32\rsvp.exe -s [x]
R2 SamSs; %SystemRoot%\system32\lsass.exe [x]
S3 SCardDrv; %SystemRoot%\System32\SCardSvr.exe [x]
S3 SCardSvr; %SystemRoot%\System32\SCardSvr.exe [x]
R2 Schedule; %SystemRoot%\system32\MSTask.exe [x]
R2 seclogon; %SystemRoot%\system32\services.exe [x]
R2 SENS; %SystemRoot%\system32\sens.dll [x]
S3 SharedAccess; %SystemRoot%\System32\ipnathlp.dll [x]
R2 Spooler; %SystemRoot%\system32\spoolsv.exe [x]
S3 SysmonLog; %SystemRoot%\system32\smlogsvc.exe [x]
R3 TapiSrv; %SystemRoot%\System32\tapisrv.dll [x]
S3 TlntSvr; %SystemRoot%\system32\tlntsvr.exe [x]
R2 TrkWks; %SystemRoot%\system32\services.exe [x]
S3 UPS; %SystemRoot%\System32\ups.exe [x]
S3 UtilMan; %SystemRoot%\System32\UtilMan.exe [x]
S3 W32Time; %SystemRoot%\System32\services.exe [x]
R2 WinMgmt; %SystemRoot%\System32\WBEM\WinMgmt.exe [x]
R3 Wmi; %SystemRoot%\system32\Services.exe [x]

==================== Drivers (Whitelisted) ====================

S3 mgabg; C:\WINNT\system32\drivers\mgabg.sys [5500 2001-03-08] (Matrox Graphics Inc.)
R1 Aavmker4; No ImagePath
R0 ACPI; System32\DRIVERS\ACPI.sys [x]
S4 ACPIEC; No ImagePath
R0 adf6u160; System32\DRIVERS\adf6u160.sys [x]
R3 aeaudio; system32\drivers\aeaudio.sys [x]
R2 AFD; \SystemRoot\System32\drivers\afd.sys [x]
R0 agp440; System32\DRIVERS\agp440.sys [x]
S4 aic116x; No ImagePath
S4 ami0nt; No ImagePath
R2 aswMon; No ImagePath
R1 aswRdr; No ImagePath
R1 aswSP; No ImagePath
R1 aswTdi; No ImagePath
S3 AsyncMac; System32\DRIVERS\asyncmac.sys [x]
R0 atapi; System32\DRIVERS\atapi.sys [x]
S3 Atmarpc; System32\DRIVERS\atmarpc.sys [x]
R3 audstub; System32\DRIVERS\audstub.sys [x]
R1 Beep; No ImagePath
S4 BusLogic; No ImagePath
S1 Cdaudio; No ImagePath
R4 Cdfs; No ImagePath
R1 Cdrom; System32\DRIVERS\cdrom.sys [x]
S4 cpqarry2; No ImagePath
S4 cpqfcalm; No ImagePath
S4 cpqfws2e; No ImagePath
S4 deckzpsx; No ImagePath
R0 Disk; System32\DRIVERS\disk.sys [x]
R0 Diskperf; No ImagePath
S4 dmboot; System32\drivers\dmboot.sys [x]
R0 dmio; System32\drivers\dmio.sys [x]
R0 dmload; System32\drivers\dmload.sys [x]
S3 DMusic; system32\drivers\DMusic.sys [x]
R3 E100B; System32\DRIVERS\e100bnt5.sys [x]
R4 EFS; No ImagePath
R4 Fastfat; No ImagePath
S4 Fd16_700; No ImagePath
R3 Fdc; System32\DRIVERS\fdc.sys [x]
R2 Fips; No ImagePath
S4 fireport; No ImagePath
S4 flashpnt; No ImagePath
R3 Flpydisk; System32\DRIVERS\flpydisk.sys [x]
U1 Fs_Rec; No ImagePath
R0 Ftdisk; System32\DRIVERS\ftdisk.sys [x]
R3 G400DH; System32\DRIVERS\g400dhm.sys [x]
R3 Gpc; System32\DRIVERS\msgpc.sys [x]
R1 i8042prt; System32\DRIVERS\i8042prt.sys [x]
S3 ichaud; system32\drivers\ichaud.sys [x]
R0 IntelIde; System32\DRIVERS\intelide.sys [x]
S3 IpFilterDriver; System32\DRIVERS\ipfltdrv.sys [x]
S3 IpInIp; System32\DRIVERS\ipinip.sys [x]
S3 IpNat; System32\DRIVERS\ipnat.sys [x]
R3 IPSEC; System32\DRIVERS\ipsec.sys [x]
S4 ipsraidn; No ImagePath
S3 IRENUM; System32\DRIVERS\irenum.sys [x]
R0 isapnp; System32\DRIVERS\isapnp.sys [x]
R1 Kbdclass; System32\DRIVERS\kbdclass.sys [x]
R3 kmixer; system32\drivers\kmixer.sys [x]
R0 KSecDD; No ImagePath
S4 lp6nds35; No ImagePath
R3 LvdsArc; System32\Drivers\LvdsArc.sys [x]
R1 mnmdd; No ImagePath
S3 Modem; No ImagePath
R1 Mouclass; System32\DRIVERS\mouclass.sys [x]
R0 MountMgr; No ImagePath
R1 MRxSmb; System32\DRIVERS\mrxsmb.sys [x]
R1 Msfs; No ImagePath
S3 MSKSSRV; system32\drivers\MSKSSRV.sys [x]
S3 MSPCLOCK; system32\drivers\MSPCLOCK.sys [x]
S3 MSPQM; system32\drivers\MSPQM.sys [x]
R0 Mup; No ImagePath
S4 Ncrc710; No ImagePath
R0 NDIS; No ImagePath
R3 NdisTapi; System32\DRIVERS\ndistapi.sys [x]
R3 NdisWan; System32\DRIVERS\ndiswan.sys [x]
R3 NDProxy; No ImagePath
R1 NetBIOS; System32\DRIVERS\netbios.sys [x]
R1 NetBT; System32\DRIVERS\netbt.sys [x]
S3 NetDetect; \SystemRoot\system32\drivers\netdtect.sys [x]
R1 Npfs; No ImagePath
R4 Ntfs; No ImagePath
R1 Null; No ImagePath
S3 NwlnkFlt; System32\DRIVERS\nwlnkflt.sys [x]
S3 NwlnkFwd; System32\DRIVERS\nwlnkfwd.sys [x]
R3 openhci; System32\DRIVERS\openhci.sys [x]
R3 Parallel; System32\DRIVERS\parallel.sys [x]
R1 Parport; System32\DRIVERS\parport.sys [x]
R0 PartMgr; No ImagePath
R2 ParVdm; No ImagePath
R0 PCI; System32\DRIVERS\pci.sys [x]
R0 PCIIde; System32\DRIVERS\pciide.sys [x]
S4 Pcmcia; No ImagePath
R3 PptpMiniport; System32\DRIVERS\raspptp.sys [x]
R3 Ptilink; System32\DRIVERS\ptilink.sys [x]
S4 ql2100; No ImagePath
R1 RasAcd; System32\DRIVERS\rasacd.sys [x]
R3 Rasl2tp; System32\DRIVERS\rasl2tp.sys [x]
R3 Raspti; System32\DRIVERS\raspti.sys [x]
S3 RCA; system32\drivers\RCA.sys [x]
R1 Rdbss; System32\DRIVERS\rdbss.sys [x]
S1 redbook; System32\DRIVERS\redbook.sys [x]
U2 SchedulingAgent;
R2 Sentinel; \SystemRoot\System32\Drivers\SENTINEL.SYS [x]
R3 serenum; System32\DRIVERS\serenum.sys [x]
R1 Serial; System32\DRIVERS\serial.sys [x]
S1 Sfloppy; No ImagePath
S1 sglfb; No ImagePath
R3 smwdm; system32\drivers\smwdm.sys [x]
R3 Srv; System32\DRIVERS\srv.sys [x]
R3 swenum; System32\DRIVERS\swenum.sys [x]
S3 swmidi; system32\drivers\swmidi.sys [x]
R3 sysaudio; system32\drivers\sysaudio.sys [x]
R1 Tcpip; System32\DRIVERS\tcpip.sys [x]
S1 tga; No ImagePath
S4 Udfs; No ImagePath
R3 uhcd; System32\DRIVERS\uhcd.sys [x]
S4 ultra66; No ImagePath
R3 Update; System32\DRIVERS\update.sys [x]
S3 usbehci; System32\DRIVERS\usbehci.sys [x]
R3 usbhub; System32\DRIVERS\usbhub.sys [x]
S3 usbhub20; System32\DRIVERS\usbhub20.sys [x]
R3 USBSTOR; System32\DRIVERS\USBSTOR.SYS [x]
R1 VgaSave; \SystemRoot\System32\drivers\vga.sys [x]
R3 Wanarp; System32\DRIVERS\wanarp.sys [x]
R3 wdmaud; system32\drivers\wdmaud.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-11-06 07:50 - 2013-11-06 07:50 - 00016384 ____T C:\WINNT\system32\Perflib_Perfdata_2e4.dat
2013-11-06 07:50 - 2013-11-06 07:50 - 00000000 ____D C:\FRST
2013-11-06 07:49 - 2013-11-05 10:41 - 01089445 _____ (Farbar) C:\Documents and Settings\Administrator\Desktop\FRST.exe
2013-11-06 07:44 - 2013-11-06 07:50 - 00029696 _____ C:\Documents and Settings\Administrator\Local Settings\Application Data\MSGBOX.EXE
2013-11-06 07:42 - 2013-11-05 10:41 - 00112128 _____ (forum.viry.cz) C:\Documents and Settings\Administrator\Desktop\FRSTLauncher.exe
2013-11-04 12:58 - 2013-11-04 13:21 - 05143677 _____ (Swearware) C:\Documents and Settings\Administrator\Desktop\ComboFix.exe
2013-11-01 11:09 - 2013-11-01 11:09 - 00000000 ____D C:\rsit
2013-11-01 10:57 - 2013-11-01 11:09 - 00000000 ____D C:\Program Files\trend micro
2013-11-01 10:57 - 2013-11-01 10:57 - 02359350 _____ C:\Documents and Settings\Administrator\Desktop\obr02.bmp
2013-11-01 10:57 - 2013-11-01 10:57 - 00016384 ____T C:\WINNT\system32\Perflib_Perfdata_2e8.dat
2013-11-01 10:35 - 2013-11-01 10:35 - 02359350 _____ C:\Documents and Settings\Administrator\Desktop\obr01.bmp
2013-11-01 10:15 - 2013-11-01 10:21 - 00000000 ____D C:\back up 11 2013

==================== One Month Modified Files and Folders =======

2013-11-06 07:50 - 2013-11-06 07:50 - 00016384 ____T C:\WINNT\system32\Perflib_Perfdata_2e4.dat
2013-11-06 07:50 - 2013-11-06 07:50 - 00000000 ____D C:\FRST
2013-11-06 07:50 - 2013-11-06 07:44 - 00029696 _____ C:\Documents and Settings\Administrator\Local Settings\Application Data\MSGBOX.EXE
2013-11-06 07:35 - 2003-06-26 22:53 - 02691072 _____ C:\WINNT\system32\config\SYSTEM.ALT
2013-11-06 06:36 - 2011-05-06 00:33 - 01136807 _____ C:\WINNT\WindowsUpdate.log
2013-11-06 06:36 - 2003-06-26 14:25 - 00000000 ____D C:\WINNT\system32\NtmsData
2013-11-06 06:35 - 2012-07-18 12:33 - 00000316 ____H C:\WINNT\Tasks\avast! Emergency Update.job
2013-11-06 06:35 - 2003-06-26 14:22 - 00000006 ____H C:\WINNT\Tasks\SA.DAT
2013-11-05 10:41 - 2013-11-06 07:49 - 01089445 _____ (Farbar) C:\Documents and Settings\Administrator\Desktop\FRST.exe
2013-11-05 10:41 - 2013-11-06 07:42 - 00112128 _____ (forum.viry.cz) C:\Documents and Settings\Administrator\Desktop\FRSTLauncher.exe
2013-11-05 08:07 - 2003-06-26 14:25 - 00032634 _____ C:\WINNT\SchedLgU.Txt
2013-11-04 13:21 - 2013-11-04 12:58 - 05143677 _____ (Swearware) C:\Documents and Settings\Administrator\Desktop\ComboFix.exe
2013-11-04 10:01 - 2011-05-06 08:09 - 00000000 ____D C:\image
2013-11-01 11:09 - 2013-11-01 11:09 - 00000000 ____D C:\rsit
2013-11-01 11:09 - 2013-11-01 10:57 - 00000000 ____D C:\Program Files\trend micro
2013-11-01 10:57 - 2013-11-01 10:57 - 02359350 _____ C:\Documents and Settings\Administrator\Desktop\obr02.bmp
2013-11-01 10:57 - 2013-11-01 10:57 - 00016384 ____T C:\WINNT\system32\Perflib_Perfdata_2e8.dat
2013-11-01 10:35 - 2013-11-01 10:35 - 02359350 _____ C:\Documents and Settings\Administrator\Desktop\obr01.bmp
2013-11-01 10:35 - 2011-05-05 03:33 - 00464342 ____H C:\WINNT\ShellIconCache
2013-11-01 10:35 - 2003-06-26 14:27 - 00000180 ___SH C:\Documents and Settings\Administrator\ntuser.ini
2013-11-01 10:21 - 2013-11-01 10:15 - 00000000 ____D C:\back up 11 2013

==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe IS MISSING <==== ATTENTION!.
C:\Windows\System32\winlogon.exe IS MISSING <==== ATTENTION!.
C:\Windows\System32\svchost.exe IS MISSING <==== ATTENTION!.
C:\Windows\System32\services.exe IS MISSING <==== ATTENTION!.
C:\Windows\System32\User32.dll IS MISSING <==== ATTENTION!.
C:\Windows\System32\userinit.exe IS MISSING <==== ATTENTION!.
C:\Windows\System32\Drivers\volsnap.sys IS MISSING <==== ATTENTION!.
C:\Windows\system32\codeintegrity\Bootcat.cache IS MISSING <==== ATTENTION!.
C:\Windows\System32\winsrv.dll IS MISSING <==== ATTENTION!.

==================== End Of Log ============================

[Rudy]

Nic nebezpečného tam nevidím. Navíc FRST opět není viditelně stavěný na váš oper. systém. Zkuste udělat kompletní sken MBAM: http://www.malwarebytes.org/mbam.php a dejte log. Předem nic nemažte.

[Dennis]

Malwarebytes Anti-Malware (Zkušební verze Malwarebytes Anti-Malware.) 1.75.0.1300
www.malwarebytes.org

Verze: v2013.11.08.02

Windows 2000 Service Pack 3 x86 NTFS
Internet Explorer 5.00.3502.1000
Administrator :: PC-NRT-RS2 [administrátor]

Ochrana: Povolena

8.11.2013 7:44:53
mbam-log-2013-11-08 (07-44-53).txt

Typ: Rychlá kontrola
Nastavení kontroly povoleno: Paměť | Po spuštění | Registr | Systémové soubory | Heuristická analýza Extra | Heuristická analýza Shuriken | PUP | PUM
Nastavení kontroly zakázáno: P2P
Kontrolované objekty: 118424
Uplynulý čas: 6 minut, 42 sekund

Nalezené procesy v paměti: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené moduly v paměti: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené klíče v registru: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené hodnoty v registru: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené datové položky v registru: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené složky: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené soubory: 0
(Žádné škodlivé položky nebyly zjištěny)

(konec)

[JaRon]

jednorazovo vstupim:
Rudy pisal o potrebe SP4 - je nejaky problem ho doinstalovat

[Dennis]

to by nemel, to pujde normálně přes windows aktualizace ?

[JaRon]

idealne stiahnut subor SP4 - cca 120MB a instalovat priamo z disku - nie cez aktualizacie
http://forum.viry.cz/viewtopic.php?f=46&t=86100

[Dennis]

aktualizovano oba dva balíčky

combofix nejde spustit

[JaRon]

cielom bolo zvysit zabezpecenie PC CF nepojde ,,,
doporucujem vycistit PC s CCleanerom

[Dennis]

tím jsem to čistil

ccleaner + win aso

malwarebytes anti-malvare - nic nenalezlo

[JaRon]

ake su sucasne problemy

[Dennis]

pc ikdyž níc nedělá tak běží na 100%

a je tam takový divný proces ktyrý se pokaždé jmenuje divně kombinace písem a čísel (v příloze)

a pří startu je pokaždé chyba (také v příloze)