Dlouhý start PC

[kala]

Ano, ale ja ted potrebuju nejak dokoncit ten rozjety ComboFix. Mam to teda odignorovat nebo je bezpecnejsi vypnout uplne pocitac? a nedokoncit to.

[Rudy]

CF se nedporučuje přerušovat. Pokud to bude možné, nechte sken dokončit.

[kala]

Dobre, zkusim to dokoncit. Nevite teda jestli ve spravci uloh je to Comodo zkratka cmd.3XE? ze bych to zkusil ukoncit tam, ale to mi taky pise upozorneni o ztrate dat atd...

[kala]

Tady je ten log a muzu ted normalne prepnout do normalniho rezimu restartem nebo jeste neco nastavit?:

ComboFix 13-04-21.01 - Lada 21.04.2013 22:18:06.1.2 - x86 NETWORK
Microsoft Windows XP Home Edition 5.1.2600.3.1250.420.1029.18.1023.698 [GMT 2:00]
Spuštěný z: c:\documents and settings\Lada\Plocha\ComboFix.exe
AV: COMODO Antivirus *Enabled/Updated* {043803A5-4F86-4ef7-AFC5-F6E02A79969B}
FW: COMODO Firewall *Enabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\IsUn0405.exe
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2013-03-21 do 2013-04-21 )))))))))))))))))))))))))))))))
.
.
2013-04-21 05:39 . 2013-04-21 08:48 -------- d-----w- c:\documents and settings\Lada\Data aplikací\Wise Care 365
2013-04-21 05:39 . 2013-04-21 05:39 -------- d-----w- c:\program files\Wise
2013-04-20 06:42 . 2013-04-20 06:42 -------- d-----w- c:\windows\system32\config\systemprofile\Local Settings\Data aplikací\COMODO
2013-04-19 17:20 . 2013-04-19 17:20 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Data aplikací\COMODO
2013-04-19 17:19 . 2013-04-19 17:19 47368 ----a-w- c:\windows\system32\certsentry.dll
2013-04-19 09:11 . 2013-04-19 09:11 -------- d-----w- c:\program files\Common Files\Java
2013-04-19 09:10 . 2013-04-04 03:35 94112 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2013-04-18 13:33 . 2013-04-18 13:33 -------- d-----w- c:\program files\Common Files\COMODO
2013-04-11 08:27 . 2013-04-11 08:27 -------- d-----w- c:\documents and settings\Lada\Local Settings\Data aplikací\GHISLER
2013-04-11 08:26 . 2013-04-11 08:26 -------- d-----w- C:\totalcmd
2013-04-11 08:26 . 2013-04-11 08:26 -------- d-----w- c:\documents and settings\Lada\Data aplikací\GHISLER
2013-04-07 22:07 . 2013-04-07 22:07 -------- d-----w- c:\program files\Common Files\Nero
2013-04-07 20:25 . 2013-04-07 20:25 -------- d-----w- c:\documents and settings\Lada\Data aplikací\AnvSoft
2013-04-07 16:19 . 2013-04-07 16:19 -------- d-sh--w- c:\documents and settings\Default User\IETldCache
2013-04-07 11:28 . 2013-04-19 17:19 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Data aplikací\COMODO
2013-04-07 11:20 . 2013-04-07 11:20 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
2013-04-07 11:19 . 2013-04-21 18:47 1474832 ----a-w- c:\windows\system32\drivers\sfi.dat
2013-04-07 11:17 . 2013-04-07 11:17 -------- d-s---w- c:\documents and settings\All Users\Data aplikací\Shared Space
2013-04-07 11:16 . 2013-04-07 11:16 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache
2013-04-07 11:15 . 2013-04-07 11:16 -------- d-----w- c:\documents and settings\All Users\Data aplikací\COMODO
2013-04-07 11:15 . 2013-04-20 22:07 -------- d-----w- c:\documents and settings\Lada\Local Settings\Data aplikací\COMODO
2013-04-07 11:15 . 2013-04-19 17:18 -------- d-----w- c:\program files\Comodo
2013-04-07 11:15 . 2013-04-07 11:15 1700352 ----a-w- c:\windows\system32\gdiplus.dll
2013-04-07 11:15 . 2013-04-07 11:15 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Comodo Downloader
2013-04-06 13:22 . 2013-04-06 13:22 -------- d-----w- c:\documents and settings\Lada\Data aplikací\Malwarebytes
2013-04-06 13:21 . 2013-04-06 13:21 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Malwarebytes
2013-04-06 13:21 . 2013-04-06 13:21 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2013-04-06 13:21 . 2012-12-14 14:49 21104 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-04-05 09:16 . 2013-04-21 06:40 -------- d-----w- c:\program files\trend micro
2013-04-05 09:16 . 2013-04-05 09:17 -------- d-----w- C:\rsit
2013-04-04 16:21 . 2013-04-04 16:35 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Spybot - Search & Destroy
2013-04-04 16:21 . 2013-04-05 10:15 -------- d-----w- c:\program files\Spybot - Search & Destroy 2
2013-04-04 15:12 . 2013-04-04 15:12 -------- d-sh--w- c:\documents and settings\Vlastník\PrivacIE
2013-03-28 09:12 . 2013-03-28 09:19 -------- d-----w- c:\documents and settings\Administrator
2013-03-28 07:41 . 2013-03-28 07:41 -------- d-----w- c:\documents and settings\Vlastník\Local Settings\Data aplikací\ATI
2013-03-28 07:41 . 2013-03-28 07:41 -------- d-----w- c:\documents and settings\Vlastník\Data aplikací\ATI
2013-03-28 07:40 . 2013-03-28 07:40 -------- d-sh--w- c:\documents and settings\Vlastník\IETldCache
2013-03-26 21:55 . 2013-03-26 21:55 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2013-03-26 14:41 . 2013-03-26 14:41 -------- d-----w- c:\documents and settings\Lada\Data aplikací\Nitro
2013-03-26 14:41 . 2013-03-26 14:41 -------- d-----w- c:\documents and settings\Lada\Data aplikací\FileOpen
2013-03-26 14:41 . 2013-03-26 14:41 -------- d-----w- c:\documents and settings\All Users\Data aplikací\FileOpen
2013-03-26 12:35 . 2013-03-26 12:36 -------- d-----w- c:\documents and settings\Lada\kbpki
2013-03-26 12:35 . 2013-03-26 12:35 -------- d-----w- c:\windows\Sun
2013-03-26 12:35 . 2013-03-26 12:35 -------- d-----w- c:\documents and settings\Lada\Local Settings\Data aplikací\Sun
2013-03-26 12:32 . 2013-03-26 12:31 861088 ----a-w- c:\windows\system32\npDeployJava1.dll
2013-03-26 12:32 . 2013-03-26 12:31 782240 ----a-w- c:\windows\system32\deployJava1.dll
2013-03-26 12:31 . 2013-04-19 09:10 -------- d-----w- c:\program files\Java
2013-03-25 21:27 . 2013-03-25 21:27 -------- d-----r- C:\D3
2013-03-25 21:26 . 2013-03-25 21:31 -------- d-----r- C:\D4
2013-03-25 16:24 . 2013-03-25 16:34 -------- d-----w- c:\program files\GetFLV
2013-03-25 15:43 . 2013-04-16 17:30 -------- d-----w- C:\HD exporty video projektů a DVD
2013-03-23 11:42 . 2013-03-23 11:42 -------- d-sh--w- c:\documents and settings\Lada\IECompatCache
2013-03-23 08:59 . 2013-03-23 08:59 -------- d-----w- c:\documents and settings\Lada\Local Settings\Data aplikací\Identities
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-04-18 17:02 . 2013-01-16 17:51 99392 ----a-w- c:\windows\system32\drivers\inspect.sys
2013-04-15 17:38 . 2013-01-16 17:51 32816 ----a-w- c:\windows\system32\drivers\cmdhlp.sys
2013-04-15 17:38 . 2013-01-16 17:51 592384 ----a-w- c:\windows\system32\drivers\cmdGuard.sys
2013-04-15 17:38 . 2013-01-16 17:51 18528 ----a-w- c:\windows\system32\drivers\cmderd.sys
2013-04-15 17:38 . 2013-01-24 20:43 35488 ----a-w- c:\windows\system32\cmdcsr.dll
2013-04-15 17:38 . 2013-01-24 20:43 348584 ----a-w- c:\windows\system32\guard32.dll
2013-04-15 17:38 . 2013-01-24 20:42 276688 ----a-w- c:\windows\system32\cmdvrt32.dll
2013-04-15 17:38 . 2013-01-24 20:42 40656 ----a-w- c:\windows\system32\cmdkbd32.dll
2013-04-12 11:27 . 2013-03-18 14:07 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-04-12 11:27 . 2013-03-18 14:07 691592 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-03-08 08:36 . 2008-04-14 12:00 293376 ----a-w- c:\windows\system32\winsrv.dll
2013-03-07 15:56 . 2008-04-14 12:00 2151936 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-03-07 15:56 . 2008-04-14 08:06 2030592 ----a-w- c:\windows\system32\ntkrnlpa.exe
2013-03-05 15:57 . 2013-03-18 14:09 27152 ----a-w- c:\windows\system32\nitrolocalmon2.dll
2013-03-05 15:57 . 2013-03-18 14:09 18448 ----a-w- c:\windows\system32\nitrolocalui2.dll
2013-03-02 02:08 . 2008-04-14 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
2013-03-02 02:08 . 2008-04-14 12:00 43520 ------w- c:\windows\system32\licmgr10.dll
2013-03-02 02:08 . 2008-04-14 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2013-03-02 01:57 . 2008-04-14 12:00 1867264 ----a-w- c:\windows\system32\win32k.sys
2013-03-02 01:08 . 2008-04-14 12:00 385024 ------w- c:\windows\system32\html.iec
2013-02-27 07:58 . 2013-03-18 13:27 2067456 ----a-w- c:\windows\system32\mstscax.dll
2013-02-12 00:32 . 2008-04-14 12:00 12928 ----a-w- c:\windows\system32\drivers\usb8023.sys
2013-01-26 03:55 . 2008-04-14 12:00 552448 ----a-w- c:\windows\system32\oleaut32.dll
2013-04-12 07:03 . 2013-04-12 07:03 263064 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HDAudDeck"="c:\program files\VIA\VIAudioi\HDADeck\HDeck.exe" [2009-08-25 33660928]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-07-03 98304]
"USBToolTip"="c:\progra~1\Pinnacle\SHARED~1\Programs\USBTip\USBTip.exe" [2007-02-20 199752]
"COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cistray.exe" [2013-04-15 3012816]
"gbrspcontrol"="c:\program files\Common Files\COMODO\GeekBuddyRSP.exe" [2013-04-17 1851088]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2013-3-19 113664]
Start GeekBuddy.lnk - c:\program files\Comodo\GeekBuddy\launcher.exe [2013-4-17 49352]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0\0sdnclean.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Pinnacle\\Studio 14\\Programs\\RM.exe"=
"c:\\Program Files\\Pinnacle\\Studio 14\\Programs\\Studio.exe"=
"c:\\Program Files\\Pinnacle\\Studio 14\\Programs\\umi.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\program files\Common Files\Comodo\GeekBuddyRSP.exe"= c:\program files\Common Files\Comodo\GeekBuddyRSP.exe:127.0.0.1/255.255.255.255:Enabled:GeekBuddy RSP
"c:\\Program Files\\PANDORA.TV\\PanService\\PanProcess.exe"=
"c:\\Program Files\\PANDORA.TV\\PanService\\PandoraService.exe"=
.
R1 cmderd;COMODO Internet Security Eradication Driver;c:\windows\system32\drivers\cmderd.sys [16.1.2013 19:51 18528]
R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [16.1.2013 19:51 32816]
S1 CFRMD;CFRMD;c:\windows\system32\drivers\CFRMD.sys [3.9.2012 9:20 36112]
S1 cmdGuard;COMODO Internet Security Driver;c:\windows\system32\drivers\cmdGuard.sys [16.1.2013 19:51 592384]
S2 CLPSLauncher;COMODO LPS Launcher;c:\program files\Common Files\COMODO\launcher_service.exe [17.4.2013 11:57 70344]
S2 DragonUpdater;COMODO Dragon Update Service;c:\program files\Comodo\Dragon\dragon_updater.exe [19.4.2013 11:27 2074760]
S2 GeekBuddyRSP;GeekBuddyRSP Service;c:\program files\Common Files\COMODO\GeekBuddyRSP.exe [17.4.2013 13:27 1851088]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [6.4.2013 15:21 682344]
S2 WiseBootAssistant;Wise Boot Assistant;c:\program files\Wise\Wise Care 365\BootTime.exe [21.4.2013 7:39 580648]
S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdXP3.sys [18.3.2013 22:38 103040]
S3 cmdvirth;COMODO Virtual Service Manager;c:\program files\Comodo\COMODO Internet Security\cmdvirth.exe [24.1.2013 22:42 127184]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [6.4.2013 15:21 21104]
S3 NitroReaderDriverReadSpool3;NitroPDFReaderDriverCreatorReadSpool3;c:\program files\Nitro\Reader 3\NitroPDFReaderDriverService3.exe [5.3.2013 17:57 196624]
S3 PanService;PandoraService;c:\program files\PANDORA.TV\PanService\PandoraService.exe [19.3.2013 16:12 625304]
S3 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [28.2.2013 19:45 161384]
S3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [10.7.2009 12:03 1381632]
.
Obsah adresáře 'Naplánované úlohy'
.
2013-04-21 c:\windows\Tasks\COMODO Cache Builder {0FB77674-7905-4F34-A362-C5A9A26F8CF9}.job
- c:\program files\COMODO\COMODO Internet Security\cfpconfg.exe [2013-01-24 17:38]
.
2013-04-21 c:\windows\Tasks\COMODO Scan {F140D794-60B6-4F00-9235-D6457AA25B22}.job
- c:\program files\COMODO\COMODO Internet Security\cfpconfg.exe [2013-01-24 17:38]
.
2013-04-21 c:\windows\Tasks\COMODO Signature Update {B9D5C6F9-17D2-4917-8BD0-614BAA1C6A59}.job
- c:\program files\COMODO\COMODO Internet Security\cfpconfg.exe [2013-01-24 17:38]
.
2013-04-21 c:\windows\Tasks\COMODO Update {A6D52E4F-569B-4756-B3D8-DF217313DA85}.job
- c:\program files\COMODO\COMODO Internet Security\cfpconfg.exe [2013-01-24 17:38]
.
2013-04-21 c:\windows\Tasks\Wise Care 365.job
- c:\program files\Wise\Wise Care 365\WiseTray.exe [2013-04-21 11:55]
.
.
------- Doplňkový sken -------
.
uInternet Connection Wizard,ShellNext = hxxp://get.adobe.com/flashplayer/completion/aih/?exitcode=0&type=install
Trusted Zone: mojebanka.cz\etrading
Trusted Zone: mojebanka.cz\www
Trusted Zone: mojebanka.cz\etrading
Trusted Zone: mojebanka.cz\www
TCP: DhcpNameServer = 10.0.0.138
TCP: Interfaces\{AB424AF6-A993-4DE1-8AD5-2079413CD839}: NameServer = 8.26.56.26,156.154.70.22
FF - ProfilePath - c:\documents and settings\Lada\Data aplikací\Mozilla\Firefox\Profiles\ah7fsb89.default\
FF - ExtSQL: 2013-03-19 10:59; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
AddRemove-Adobe Photoshop 7.0 CE - c:\windows\ISUN0405.EXE
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-04-21 22:22
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
HDAudDeck = c:\program files\VIA\VIAudioi\HDADeck\HDeck.exe 1????????????????????????????????????????????????
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*]
@="?????????????????? v1"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*\CLSID]
@="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*]
@="?????????????????? v2"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*\CLSID]
@="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'winlogon.exe'(624)
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\atiadlxx.dll
.
Celkový čas: 2013-04-21 22:23:59
ComboFix-quarantined-files.txt 2013-04-21 20:23
.
Před spuštěním: Volných bajtů: 833 501 552 640
Po spuštění: Volných bajtů: 833 507 323 904
.
WindowsXP-KB310994-SP2-Home-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect
.
- - End Of File - - DBBD05B25B04DF97CC7ED99460BE4B40

[Rudy]

Ještě dočistíme. Otevřte poznámkový blok a zkopírujte do něj:

RegLock::
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

Reboot::

Uložte na plochu jako CFScript.txt. Pak jej myší přetáhněte nad ikonu ComboFix a pusťte. CF se spustí a vykoná příkazy ze skriptu.

[kala]

Provedeno. Co jsme tim vlastne udelai konkretne? at vim co postradat nebo co se stalo.
Pocitac se restartoval a nabehl v normalnim rezimu. Start ale trval zase 259 sekund :!
Tady je log:

ComboFix 13-04-21.01 - Lada 21.04.2013 22:43:04.2.2 - x86 NETWORK
Microsoft Windows XP Home Edition 5.1.2600.3.1250.420.1029.18.1023.658 [GMT 2:00]
Spuštěný z: c:\documents and settings\Lada\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\Lada\Plocha\CFScript.txt
AV: COMODO Antivirus *Enabled/Updated* {043803A5-4F86-4ef7-AFC5-F6E02A79969B}
FW: COMODO Firewall *Enabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B}
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2013-03-21 do 2013-04-21 )))))))))))))))))))))))))))))))
.
.
2013-04-21 05:39 . 2013-04-21 20:53 -------- d-----w- c:\documents and settings\Lada\Data aplikací\Wise Care 365
2013-04-21 05:39 . 2013-04-21 05:39 -------- d-----w- c:\program files\Wise
2013-04-20 06:42 . 2013-04-20 06:42 -------- d-----w- c:\windows\system32\config\systemprofile\Local Settings\Data aplikací\COMODO
2013-04-19 17:20 . 2013-04-19 17:20 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Data aplikací\COMODO
2013-04-19 17:19 . 2013-04-19 17:19 47368 ----a-w- c:\windows\system32\certsentry.dll
2013-04-19 09:11 . 2013-04-19 09:11 -------- d-----w- c:\program files\Common Files\Java
2013-04-19 09:10 . 2013-04-04 03:35 94112 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2013-04-18 13:33 . 2013-04-18 13:33 -------- d-----w- c:\program files\Common Files\COMODO
2013-04-11 08:27 . 2013-04-11 08:27 -------- d-----w- c:\documents and settings\Lada\Local Settings\Data aplikací\GHISLER
2013-04-11 08:26 . 2013-04-11 08:26 -------- d-----w- C:\totalcmd
2013-04-11 08:26 . 2013-04-11 08:26 -------- d-----w- c:\documents and settings\Lada\Data aplikací\GHISLER
2013-04-07 22:07 . 2013-04-07 22:07 -------- d-----w- c:\program files\Common Files\Nero
2013-04-07 20:25 . 2013-04-07 20:25 -------- d-----w- c:\documents and settings\Lada\Data aplikací\AnvSoft
2013-04-07 16:19 . 2013-04-07 16:19 -------- d-sh--w- c:\documents and settings\Default User\IETldCache
2013-04-07 11:28 . 2013-04-19 17:19 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Data aplikací\COMODO
2013-04-07 11:20 . 2013-04-07 11:20 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
2013-04-07 11:19 . 2013-04-21 18:47 1474832 ----a-w- c:\windows\system32\drivers\sfi.dat
2013-04-07 11:17 . 2013-04-07 11:17 -------- d-s---w- c:\documents and settings\All Users\Data aplikací\Shared Space
2013-04-07 11:16 . 2013-04-07 11:16 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache
2013-04-07 11:15 . 2013-04-07 11:16 -------- d-----w- c:\documents and settings\All Users\Data aplikací\COMODO
2013-04-07 11:15 . 2013-04-20 22:07 -------- d-----w- c:\documents and settings\Lada\Local Settings\Data aplikací\COMODO
2013-04-07 11:15 . 2013-04-19 17:18 -------- d-----w- c:\program files\Comodo
2013-04-07 11:15 . 2013-04-07 11:15 1700352 ----a-w- c:\windows\system32\gdiplus.dll
2013-04-07 11:15 . 2013-04-07 11:15 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Comodo Downloader
2013-04-06 13:22 . 2013-04-06 13:22 -------- d-----w- c:\documents and settings\Lada\Data aplikací\Malwarebytes
2013-04-06 13:21 . 2013-04-06 13:21 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Malwarebytes
2013-04-06 13:21 . 2013-04-06 13:21 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2013-04-06 13:21 . 2012-12-14 14:49 21104 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-04-05 09:16 . 2013-04-21 06:40 -------- d-----w- c:\program files\trend micro
2013-04-05 09:16 . 2013-04-05 09:17 -------- d-----w- C:\rsit
2013-04-04 16:21 . 2013-04-04 16:35 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Spybot - Search & Destroy
2013-04-04 16:21 . 2013-04-05 10:15 -------- d-----w- c:\program files\Spybot - Search & Destroy 2
2013-04-04 15:12 . 2013-04-04 15:12 -------- d-sh--w- c:\documents and settings\Vlastník\PrivacIE
2013-03-28 09:12 . 2013-03-28 09:19 -------- d-----w- c:\documents and settings\Administrator
2013-03-28 07:41 . 2013-03-28 07:41 -------- d-----w- c:\documents and settings\Vlastník\Local Settings\Data aplikací\ATI
2013-03-28 07:41 . 2013-03-28 07:41 -------- d-----w- c:\documents and settings\Vlastník\Data aplikací\ATI
2013-03-28 07:40 . 2013-03-28 07:40 -------- d-sh--w- c:\documents and settings\Vlastník\IETldCache
2013-03-26 21:55 . 2013-03-26 21:55 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2013-03-26 14:41 . 2013-03-26 14:41 -------- d-----w- c:\documents and settings\Lada\Data aplikací\Nitro
2013-03-26 14:41 . 2013-03-26 14:41 -------- d-----w- c:\documents and settings\Lada\Data aplikací\FileOpen
2013-03-26 14:41 . 2013-03-26 14:41 -------- d-----w- c:\documents and settings\All Users\Data aplikací\FileOpen
2013-03-26 12:35 . 2013-03-26 12:36 -------- d-----w- c:\documents and settings\Lada\kbpki
2013-03-26 12:35 . 2013-03-26 12:35 -------- d-----w- c:\windows\Sun
2013-03-26 12:35 . 2013-03-26 12:35 -------- d-----w- c:\documents and settings\Lada\Local Settings\Data aplikací\Sun
2013-03-26 12:32 . 2013-03-26 12:31 861088 ----a-w- c:\windows\system32\npDeployJava1.dll
2013-03-26 12:32 . 2013-03-26 12:31 782240 ----a-w- c:\windows\system32\deployJava1.dll
2013-03-26 12:31 . 2013-04-19 09:10 -------- d-----w- c:\program files\Java
2013-03-25 21:27 . 2013-03-25 21:27 -------- d-----r- C:\D3
2013-03-25 21:26 . 2013-03-25 21:31 -------- d-----r- C:\D4
2013-03-25 16:24 . 2013-03-25 16:34 -------- d-----w- c:\program files\GetFLV
2013-03-25 15:43 . 2013-04-16 17:30 -------- d-----w- C:\HD exporty video projektů a DVD
2013-03-23 11:42 . 2013-03-23 11:42 -------- d-sh--w- c:\documents and settings\Lada\IECompatCache
2013-03-23 08:59 . 2013-03-23 08:59 -------- d-----w- c:\documents and settings\Lada\Local Settings\Data aplikací\Identities
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-04-18 17:02 . 2013-01-16 17:51 99392 ----a-w- c:\windows\system32\drivers\inspect.sys
2013-04-15 17:38 . 2013-01-16 17:51 32816 ----a-w- c:\windows\system32\drivers\cmdhlp.sys
2013-04-15 17:38 . 2013-01-16 17:51 592384 ----a-w- c:\windows\system32\drivers\cmdGuard.sys
2013-04-15 17:38 . 2013-01-16 17:51 18528 ----a-w- c:\windows\system32\drivers\cmderd.sys
2013-04-15 17:38 . 2013-01-24 20:43 35488 ----a-w- c:\windows\system32\cmdcsr.dll
2013-04-15 17:38 . 2013-01-24 20:43 348584 ----a-w- c:\windows\system32\guard32.dll
2013-04-15 17:38 . 2013-01-24 20:42 276688 ----a-w- c:\windows\system32\cmdvrt32.dll
2013-04-15 17:38 . 2013-01-24 20:42 40656 ----a-w- c:\windows\system32\cmdkbd32.dll
2013-04-12 11:27 . 2013-03-18 14:07 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-04-12 11:27 . 2013-03-18 14:07 691592 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-03-08 08:36 . 2008-04-14 12:00 293376 ----a-w- c:\windows\system32\winsrv.dll
2013-03-07 15:56 . 2008-04-14 12:00 2151936 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-03-07 15:56 . 2008-04-14 08:06 2030592 ----a-w- c:\windows\system32\ntkrnlpa.exe
2013-03-05 15:57 . 2013-03-18 14:09 27152 ----a-w- c:\windows\system32\nitrolocalmon2.dll
2013-03-05 15:57 . 2013-03-18 14:09 18448 ----a-w- c:\windows\system32\nitrolocalui2.dll
2013-03-02 02:08 . 2008-04-14 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
2013-03-02 02:08 . 2008-04-14 12:00 43520 ------w- c:\windows\system32\licmgr10.dll
2013-03-02 02:08 . 2008-04-14 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2013-03-02 01:57 . 2008-04-14 12:00 1867264 ----a-w- c:\windows\system32\win32k.sys
2013-03-02 01:08 . 2008-04-14 12:00 385024 ------w- c:\windows\system32\html.iec
2013-02-27 07:58 . 2013-03-18 13:27 2067456 ----a-w- c:\windows\system32\mstscax.dll
2013-02-12 00:32 . 2008-04-14 12:00 12928 ----a-w- c:\windows\system32\drivers\usb8023.sys
2013-01-26 03:55 . 2008-04-14 12:00 552448 ----a-w- c:\windows\system32\oleaut32.dll
2013-04-12 07:03 . 2013-04-12 07:03 263064 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HDAudDeck"="c:\program files\VIA\VIAudioi\HDADeck\HDeck.exe" [2009-08-25 33660928]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-07-03 98304]
"USBToolTip"="c:\progra~1\Pinnacle\SHARED~1\Programs\USBTip\USBTip.exe" [2007-02-20 199752]
"COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cistray.exe" [2013-04-15 3012816]
"gbrspcontrol"="c:\program files\Common Files\COMODO\GeekBuddyRSP.exe" [2013-04-17 1851088]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2013-3-19 113664]
Start GeekBuddy.lnk - c:\program files\Comodo\GeekBuddy\launcher.exe [2013-4-17 49352]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0\0sdnclean.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Pinnacle\\Studio 14\\Programs\\RM.exe"=
"c:\\Program Files\\Pinnacle\\Studio 14\\Programs\\Studio.exe"=
"c:\\Program Files\\Pinnacle\\Studio 14\\Programs\\umi.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\program files\Common Files\Comodo\GeekBuddyRSP.exe"= c:\program files\Common Files\Comodo\GeekBuddyRSP.exe:127.0.0.1/255.255.255.255:Enabled:GeekBuddy RSP
"c:\\Program Files\\PANDORA.TV\\PanService\\PanProcess.exe"=
"c:\\Program Files\\PANDORA.TV\\PanService\\PandoraService.exe"=
.
R1 CFRMD;CFRMD;c:\windows\system32\drivers\CFRMD.sys [3.9.2012 9:20 36112]
R1 cmderd;COMODO Internet Security Eradication Driver;c:\windows\system32\drivers\cmderd.sys [16.1.2013 19:51 18528]
R1 cmdGuard;COMODO Internet Security Driver;c:\windows\system32\drivers\cmdGuard.sys [16.1.2013 19:51 592384]
R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [16.1.2013 19:51 32816]
R2 CLPSLauncher;COMODO LPS Launcher;c:\program files\Common Files\COMODO\launcher_service.exe [17.4.2013 11:57 70344]
R2 DragonUpdater;COMODO Dragon Update Service;c:\program files\Comodo\Dragon\dragon_updater.exe [19.4.2013 11:27 2074760]
R2 GeekBuddyRSP;GeekBuddyRSP Service;c:\program files\Common Files\COMODO\GeekBuddyRSP.exe [17.4.2013 13:27 1851088]
R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdXP3.sys [18.3.2013 22:38 103040]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [6.4.2013 15:21 21104]
R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [10.7.2009 12:03 1381632]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [6.4.2013 15:21 682344]
S2 WiseBootAssistant;Wise Boot Assistant;c:\program files\Wise\Wise Care 365\BootTime.exe [21.4.2013 7:39 580648]
S3 cmdvirth;COMODO Virtual Service Manager;c:\program files\Comodo\COMODO Internet Security\cmdvirth.exe [24.1.2013 22:42 127184]
S3 NitroReaderDriverReadSpool3;NitroPDFReaderDriverCreatorReadSpool3;c:\program files\Nitro\Reader 3\NitroPDFReaderDriverService3.exe [5.3.2013 17:57 196624]
S3 PanService;PandoraService;c:\program files\PANDORA.TV\PanService\PandoraService.exe [19.3.2013 16:12 625304]
S3 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [28.2.2013 19:45 161384]
.
--- Ostatní služby/ovladače v paměti ---
.
*NewlyCreated* - WS2IFSL
.
Obsah adresáře 'Naplánované úlohy'
.
2013-04-21 c:\windows\Tasks\COMODO Cache Builder {0FB77674-7905-4F34-A362-C5A9A26F8CF9}.job
- c:\program files\COMODO\COMODO Internet Security\cfpconfg.exe [2013-01-24 17:38]
.
2013-04-21 c:\windows\Tasks\COMODO Scan {F140D794-60B6-4F00-9235-D6457AA25B22}.job
- c:\program files\COMODO\COMODO Internet Security\cfpconfg.exe [2013-01-24 17:38]
.
2013-04-21 c:\windows\Tasks\COMODO Signature Update {B9D5C6F9-17D2-4917-8BD0-614BAA1C6A59}.job
- c:\program files\COMODO\COMODO Internet Security\cfpconfg.exe [2013-01-24 17:38]
.
2013-04-21 c:\windows\Tasks\COMODO Update {A6D52E4F-569B-4756-B3D8-DF217313DA85}.job
- c:\program files\COMODO\COMODO Internet Security\cfpconfg.exe [2013-01-24 17:38]
.
2013-04-21 c:\windows\Tasks\Wise Care 365.job
- c:\program files\Wise\Wise Care 365\WiseTray.exe [2013-04-21 11:55]
.
.
------- Doplňkový sken -------
.
uInternet Connection Wizard,ShellNext = hxxp://get.adobe.com/flashplayer/completion/aih/?exitcode=0&type=install
Trusted Zone: mojebanka.cz\etrading
Trusted Zone: mojebanka.cz\www
Trusted Zone: mojebanka.cz\etrading
Trusted Zone: mojebanka.cz\www
TCP: DhcpNameServer = 10.0.0.138
TCP: Interfaces\{AB424AF6-A993-4DE1-8AD5-2079413CD839}: NameServer = 8.26.56.26,156.154.70.22
FF - ProfilePath - c:\documents and settings\Lada\Data aplikací\Mozilla\Firefox\Profiles\ah7fsb89.default\
FF - ExtSQL: 2013-03-19 10:59; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-04-21 22:53
Windows 5.1.2600 Service Pack 3 NTFS
.
detected NTDLL code modification:
ZwClose
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
HDAudDeck = c:\program files\VIA\VIAudioi\HDADeck\HDeck.exe 1????????????????????????????????????????????????
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*]
@="?????????????????? v1"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*\CLSID]
@="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*]
@="?????????????????? v2"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*\CLSID]
@="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'winlogon.exe'(756)
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\atiadlxx.dll
.
- - - - - - - > 'lsass.exe'(812)
c:\windows\system32\MPR.dll
c:\windows\system32\guard32.dll
c:\windows\system32\mswsock.dll
c:\windows\System32\wshtcpip.dll
.
- - - - - - - > 'explorer.exe'(2492)
c:\windows\system32\guard32.dll
c:\windows\system32\msi.dll
c:\windows\system32\WS2_32.dll
c:\windows\system32\WS2HELP.dll
c:\windows\system32\webcheck.dll
.
- - - - - - - > 'csrss.exe'(700)
c:\windows\system32\cmdcsr.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\program files\COMODO\COMODO Internet Security\cmdagent.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
c:\program files\COMODO\COMODO Internet Security\cavwp.exe
c:\program files\Comodo\GeekBuddy\unit_manager.exe
c:\program files\Comodo\GeekBuddy\unit.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
c:\windows\system32\wbem\unsecapp.exe
.
**************************************************************************
.
Celkový čas: 2013-04-21 22:58:14 - počítač byl restartován
ComboFix-quarantined-files.txt 2013-04-21 20:58
ComboFix2.txt 2013-04-21 20:23
.
Před spuštěním: Volných bajtů: 833 504 915 456
Po spuštění: Volných bajtů: 833 496 674 304
.
- - End Of File - - BCF91C43BC6356462A59470328C24A56

[kala]

Takže teď nevím. mám nějak řešit tu DNS v Americe a co s tím dlouhým nabiháním systému?? je to porád stejné. A co jsme tím přepsáním vlastně udělali/opravili?

[Rudy]

V síť. připojeních>vlastnosti>TCP/IP protokol nastavte vše podle smlouvy o přiojení k internetu, kterou máte. Tj. IP adresu masku, bránu a DNS servery, případně automatiuckou konfiguraci.

Pokud toto máte a nic se nezměnilo na délce startu, zkuste:
Start>spustit>(napsat) msconfig>OK. Na záložkách "Po spuštění" a "Služby" odstraňte zatržítka u všech položek, které nemusí automaticky startovat. Tj. u takových, které lze v případě potřeby spustit ručně.

[Rudy]

Teď jsem se dověděl, že tato chyba (černá obrazovka) bude ještě tento týden opravena.

[kala]

Dekuju, vážně? A kde je ta chyba? Primo Windows XP - udelaji opravu?

[Rudy]

Je to chyba poslední verze Comoda. Kolega mne informoval o tom, že tento týden bude chyba opravena.

[kala]

Diky, snad to bude ok. Celkove pocitac nejak dychavicne nestiha + videa na youtube pomalu nacitaji a sekaji se treba ve ctvtine... Kazdy otevreny dokument se neotvre hned, ale jako by chvili chroustal a pak se otevre. A i prace v Photohopu dela problemy s prepisovanim obrazku - kdyz s nim posunui preskladava se po castech... Asi vite co myslim. Co se to deje kompletne?

[Rudy]

Zkuste PC vyčistit CCleanerem: http://forum.viry.cz/viewtopic.php?f=46&t=7478 , příp. defragmentujte disk.

[kala]

CCleaner pouzity, ale problemy jsou stale stejne...

[Rudy]

Změřte si rychlost připojení třeba na www.dsl.cz a porovnejte, zda zhruba odpovídá rychlosti ve smlouvě o připojení k internetu.