VIRY.CZ

Ano, ale ja ted potrebuju nejak dokoncit ten rozjety ComboFix. Mam to teda odignorovat nebo je bezpecnejsi vypnout uplne pocitac? a nedokoncit to.

CF se nedporučuje přerušovat. Pokud to bude možné, nechte sken dokončit.

Dobre, zkusim to dokoncit. Nevite teda jestli ve spravci uloh je to Comodo zkratka cmd.3XE? ze bych to zkusil ukoncit tam, ale to mi taky pise upozorneni o ztrate dat atd...

Tady je ten log a muzu ted normalne prepnout do normalniho rezimu restartem nebo jeste neco nastavit?:

ComboFix 13-04-21.01 - Lada 21.04.2013 22:18:06.1.2 - x86 NETWORK
Microsoft Windows XP Home Edition 5.1.2600.3.1250.420.1029.18.1023.698 [GMT 2:00]
Spuštěný z: c:\documents and settings\Lada\Plocha\ComboFix.exe
AV: COMODO Antivirus *Enabled/Updated* {043803A5-4F86-4ef7-AFC5-F6E02A79969B}
FW: COMODO Firewall *Enabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\IsUn0405.exe
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2013-03-21 do 2013-04-21 )))))))))))))))))))))))))))))))
.
.
2013-04-21 05:39 . 2013-04-21 08:48 -------- d-----w- c:\documents and settings\Lada\Data aplikací\Wise Care 365
2013-04-21 05:39 . 2013-04-21 05:39 -------- d-----w- c:\program files\Wise
2013-04-20 06:42 . 2013-04-20 06:42 -------- d-----w- c:\windows\system32\config\systemprofile\Local Settings\Data aplikací\COMODO
2013-04-19 17:20 . 2013-04-19 17:20 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Data aplikací\COMODO
2013-04-19 17:19 . 2013-04-19 17:19 47368 ----a-w- c:\windows\system32\certsentry.dll
2013-04-19 09:11 . 2013-04-19 09:11 -------- d-----w- c:\program files\Common Files\Java
2013-04-19 09:10 . 2013-04-04 03:35 94112 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2013-04-18 13:33 . 2013-04-18 13:33 -------- d-----w- c:\program files\Common Files\COMODO
2013-04-11 08:27 . 2013-04-11 08:27 -------- d-----w- c:\documents and settings\Lada\Local Settings\Data aplikací\GHISLER
2013-04-11 08:26 . 2013-04-11 08:26 -------- d-----w- C:\totalcmd
2013-04-11 08:26 . 2013-04-11 08:26 -------- d-----w- c:\documents and settings\Lada\Data aplikací\GHISLER
2013-04-07 22:07 . 2013-04-07 22:07 -------- d-----w- c:\program files\Common Files\Nero
2013-04-07 20:25 . 2013-04-07 20:25 -------- d-----w- c:\documents and settings\Lada\Data aplikací\AnvSoft
2013-04-07 16:19 . 2013-04-07 16:19 -------- d-sh--w- c:\documents and settings\Default User\IETldCache
2013-04-07 11:28 . 2013-04-19 17:19 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Data aplikací\COMODO
2013-04-07 11:20 . 2013-04-07 11:20 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
2013-04-07 11:19 . 2013-04-21 18:47 1474832 ----a-w- c:\windows\system32\drivers\sfi.dat
2013-04-07 11:17 . 2013-04-07 11:17 -------- d-s---w- c:\documents and settings\All Users\Data aplikací\Shared Space
2013-04-07 11:16 . 2013-04-07 11:16 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache
2013-04-07 11:15 . 2013-04-07 11:16 -------- d-----w- c:\documents and settings\All Users\Data aplikací\COMODO
2013-04-07 11:15 . 2013-04-20 22:07 -------- d-----w- c:\documents and settings\Lada\Local Settings\Data aplikací\COMODO
2013-04-07 11:15 . 2013-04-19 17:18 -------- d-----w- c:\program files\Comodo
2013-04-07 11:15 . 2013-04-07 11:15 1700352 ----a-w- c:\windows\system32\gdiplus.dll
2013-04-07 11:15 . 2013-04-07 11:15 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Comodo Downloader
2013-04-06 13:22 . 2013-04-06 13:22 -------- d-----w- c:\documents and settings\Lada\Data aplikací\Malwarebytes
2013-04-06 13:21 . 2013-04-06 13:21 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Malwarebytes
2013-04-06 13:21 . 2013-04-06 13:21 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2013-04-06 13:21 . 2012-12-14 14:49 21104 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-04-05 09:16 . 2013-04-21 06:40 -------- d-----w- c:\program files\trend micro
2013-04-05 09:16 . 2013-04-05 09:17 -------- d-----w- C:\rsit
2013-04-04 16:21 . 2013-04-04 16:35 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Spybot - Search & Destroy
2013-04-04 16:21 . 2013-04-05 10:15 -------- d-----w- c:\program files\Spybot - Search & Destroy 2
2013-04-04 15:12 . 2013-04-04 15:12 -------- d-sh--w- c:\documents and settings\Vlastník\PrivacIE
2013-03-28 09:12 . 2013-03-28 09:19 -------- d-----w- c:\documents and settings\Administrator
2013-03-28 07:41 . 2013-03-28 07:41 -------- d-----w- c:\documents and settings\Vlastník\Local Settings\Data aplikací\ATI
2013-03-28 07:41 . 2013-03-28 07:41 -------- d-----w- c:\documents and settings\Vlastník\Data aplikací\ATI
2013-03-28 07:40 . 2013-03-28 07:40 -------- d-sh--w- c:\documents and settings\Vlastník\IETldCache
2013-03-26 21:55 . 2013-03-26 21:55 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2013-03-26 14:41 . 2013-03-26 14:41 -------- d-----w- c:\documents and settings\Lada\Data aplikací\Nitro
2013-03-26 14:41 . 2013-03-26 14:41 -------- d-----w- c:\documents and settings\Lada\Data aplikací\FileOpen
2013-03-26 14:41 . 2013-03-26 14:41 -------- d-----w- c:\documents and settings\All Users\Data aplikací\FileOpen
2013-03-26 12:35 . 2013-03-26 12:36 -------- d-----w- c:\documents and settings\Lada\kbpki
2013-03-26 12:35 . 2013-03-26 12:35 -------- d-----w- c:\windows\Sun
2013-03-26 12:35 . 2013-03-26 12:35 -------- d-----w- c:\documents and settings\Lada\Local Settings\Data aplikací\Sun
2013-03-26 12:32 . 2013-03-26 12:31 861088 ----a-w- c:\windows\system32\npDeployJava1.dll
2013-03-26 12:32 . 2013-03-26 12:31 782240 ----a-w- c:\windows\system32\deployJava1.dll
2013-03-26 12:31 . 2013-04-19 09:10 -------- d-----w- c:\program files\Java
2013-03-25 21:27 . 2013-03-25 21:27 -------- d-----r- C:\D3
2013-03-25 21:26 . 2013-03-25 21:31 -------- d-----r- C:\D4
2013-03-25 16:24 . 2013-03-25 16:34 -------- d-----w- c:\program files\GetFLV
2013-03-25 15:43 . 2013-04-16 17:30 -------- d-----w- C:\HD exporty video projektů a DVD
2013-03-23 11:42 . 2013-03-23 11:42 -------- d-sh--w- c:\documents and settings\Lada\IECompatCache
2013-03-23 08:59 . 2013-03-23 08:59 -------- d-----w- c:\documents and settings\Lada\Local Settings\Data aplikací\Identities
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-04-18 17:02 . 2013-01-16 17:51 99392 ----a-w- c:\windows\system32\drivers\inspect.sys
2013-04-15 17:38 . 2013-01-16 17:51 32816 ----a-w- c:\windows\system32\drivers\cmdhlp.sys
2013-04-15 17:38 . 2013-01-16 17:51 592384 ----a-w- c:\windows\system32\drivers\cmdGuard.sys
2013-04-15 17:38 . 2013-01-16 17:51 18528 ----a-w- c:\windows\system32\drivers\cmderd.sys
2013-04-15 17:38 . 2013-01-24 20:43 35488 ----a-w- c:\windows\system32\cmdcsr.dll
2013-04-15 17:38 . 2013-01-24 20:43 348584 ----a-w- c:\windows\system32\guard32.dll
2013-04-15 17:38 . 2013-01-24 20:42 276688 ----a-w- c:\windows\system32\cmdvrt32.dll
2013-04-15 17:38 . 2013-01-24 20:42 40656 ----a-w- c:\windows\system32\cmdkbd32.dll
2013-04-12 11:27 . 2013-03-18 14:07 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-04-12 11:27 . 2013-03-18 14:07 691592 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-03-08 08:36 . 2008-04-14 12:00 293376 ----a-w- c:\windows\system32\winsrv.dll
2013-03-07 15:56 . 2008-04-14 12:00 2151936 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-03-07 15:56 . 2008-04-14 08:06 2030592 ----a-w- c:\windows\system32\ntkrnlpa.exe
2013-03-05 15:57 . 2013-03-18 14:09 27152 ----a-w- c:\windows\system32\nitrolocalmon2.dll
2013-03-05 15:57 . 2013-03-18 14:09 18448 ----a-w- c:\windows\system32\nitrolocalui2.dll
2013-03-02 02:08 . 2008-04-14 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
2013-03-02 02:08 . 2008-04-14 12:00 43520 ------w- c:\windows\system32\licmgr10.dll
2013-03-02 02:08 . 2008-04-14 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2013-03-02 01:57 . 2008-04-14 12:00 1867264 ----a-w- c:\windows\system32\win32k.sys
2013-03-02 01:08 . 2008-04-14 12:00 385024 ------w- c:\windows\system32\html.iec
2013-02-27 07:58 . 2013-03-18 13:27 2067456 ----a-w- c:\windows\system32\mstscax.dll
2013-02-12 00:32 . 2008-04-14 12:00 12928 ----a-w- c:\windows\system32\drivers\usb8023.sys
2013-01-26 03:55 . 2008-04-14 12:00 552448 ----a-w- c:\windows\system32\oleaut32.dll
2013-04-12 07:03 . 2013-04-12 07:03 263064 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HDAudDeck"="c:\program files\VIA\VIAudioi\HDADeck\HDeck.exe" [2009-08-25 33660928]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-07-03 98304]
"USBToolTip"="c:\progra~1\Pinnacle\SHARED~1\Programs\USBTip\USBTip.exe" [2007-02-20 199752]
"COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cistray.exe" [2013-04-15 3012816]
"gbrspcontrol"="c:\program files\Common Files\COMODO\GeekBuddyRSP.exe" [2013-04-17 1851088]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2013-3-19 113664]
Start GeekBuddy.lnk - c:\program files\Comodo\GeekBuddy\launcher.exe [2013-4-17 49352]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0\0sdnclean.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Pinnacle\\Studio 14\\Programs\\RM.exe"=
"c:\\Program Files\\Pinnacle\\Studio 14\\Programs\\Studio.exe"=
"c:\\Program Files\\Pinnacle\\Studio 14\\Programs\\umi.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\program files\Common Files\Comodo\GeekBuddyRSP.exe"= c:\program files\Common Files\Comodo\GeekBuddyRSP.exe:127.0.0.1/255.255.255.255:Enabled:GeekBuddy RSP
"c:\\Program Files\\PANDORA.TV\\PanService\\PanProcess.exe"=
"c:\\Program Files\\PANDORA.TV\\PanService\\PandoraService.exe"=
.
R1 cmderd;COMODO Internet Security Eradication Driver;c:\windows\system32\drivers\cmderd.sys [16.1.2013 19:51 18528]
R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [16.1.2013 19:51 32816]
S1 CFRMD;CFRMD;c:\windows\system32\drivers\CFRMD.sys [3.9.2012 9:20 36112]
S1 cmdGuard;COMODO Internet Security Driver;c:\windows\system32\drivers\cmdGuard.sys [16.1.2013 19:51 592384]
S2 CLPSLauncher;COMODO LPS Launcher;c:\program files\Common Files\COMODO\launcher_service.exe [17.4.2013 11:57 70344]
S2 DragonUpdater;COMODO Dragon Update Service;c:\program files\Comodo\Dragon\dragon_updater.exe [19.4.2013 11:27 2074760]
S2 GeekBuddyRSP;GeekBuddyRSP Service;c:\program files\Common Files\COMODO\GeekBuddyRSP.exe [17.4.2013 13:27 1851088]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [6.4.2013 15:21 682344]
S2 WiseBootAssistant;Wise Boot Assistant;c:\program files\Wise\Wise Care 365\BootTime.exe [21.4.2013 7:39 580648]
S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdXP3.sys [18.3.2013 22:38 103040]
S3 cmdvirth;COMODO Virtual Service Manager;c:\program files\Comodo\COMODO Internet Security\cmdvirth.exe [24.1.2013 22:42 127184]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [6.4.2013 15:21 21104]
S3 NitroReaderDriverReadSpool3;NitroPDFReaderDriverCreatorReadSpool3;c:\program files\Nitro\Reader 3\NitroPDFReaderDriverService3.exe [5.3.2013 17:57 196624]
S3 PanService;PandoraService;c:\program files\PANDORA.TV\PanService\PandoraService.exe [19.3.2013 16:12 625304]
S3 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [28.2.2013 19:45 161384]
S3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [10.7.2009 12:03 1381632]
.
Obsah adresáře 'Naplánované úlohy'
.
2013-04-21 c:\windows\Tasks\COMODO Cache Builder {0FB77674-7905-4F34-A362-C5A9A26F8CF9}.job
- c:\program files\COMODO\COMODO Internet Security\cfpconfg.exe [2013-01-24 17:38]
.
2013-04-21 c:\windows\Tasks\COMODO Scan {F140D794-60B6-4F00-9235-D6457AA25B22}.job
- c:\program files\COMODO\COMODO Internet Security\cfpconfg.exe [2013-01-24 17:38]
.
2013-04-21 c:\windows\Tasks\COMODO Signature Update {B9D5C6F9-17D2-4917-8BD0-614BAA1C6A59}.job
- c:\program files\COMODO\COMODO Internet Security\cfpconfg.exe [2013-01-24 17:38]
.
2013-04-21 c:\windows\Tasks\COMODO Update {A6D52E4F-569B-4756-B3D8-DF217313DA85}.job
- c:\program files\COMODO\COMODO Internet Security\cfpconfg.exe [2013-01-24 17:38]
.
2013-04-21 c:\windows\Tasks\Wise Care 365.job
- c:\program files\Wise\Wise Care 365\WiseTray.exe [2013-04-21 11:55]
.
.
------- Doplňkový sken -------
.
uInternet Connection Wizard,ShellNext = hxxp://get.adobe.com/flashplayer/completion/aih/?exitcode=0&type=install
Trusted Zone: mojebanka.cz\etrading
Trusted Zone: mojebanka.cz\www
Trusted Zone: mojebanka.cz\etrading
Trusted Zone: mojebanka.cz\www
TCP: DhcpNameServer = 10.0.0.138
TCP: Interfaces\{AB424AF6-A993-4DE1-8AD5-2079413CD839}: NameServer = 8.26.56.26,156.154.70.22
FF - ProfilePath - c:\documents and settings\Lada\Data aplikací\Mozilla\Firefox\Profiles\ah7fsb89.default\
FF - ExtSQL: 2013-03-19 10:59; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
AddRemove-Adobe Photoshop 7.0 CE - c:\windows\ISUN0405.EXE
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-04-21 22:22
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
HDAudDeck = c:\program files\VIA\VIAudioi\HDADeck\HDeck.exe 1????????????????????????????????????????????????
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*]
@="?????????????????? v1"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*\CLSID]
@="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*]
@="?????????????????? v2"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*\CLSID]
@="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'winlogon.exe'(624)
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\atiadlxx.dll
.
Celkový čas: 2013-04-21 22:23:59
ComboFix-quarantined-files.txt 2013-04-21 20:23
.
Před spuštěním: Volných bajtů: 833 501 552 640
Po spuštění: Volných bajtů: 833 507 323 904
.
WindowsXP-KB310994-SP2-Home-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect
.
- - End Of File - - DBBD05B25B04DF97CC7ED99460BE4B40

Ještě dočistíme. Otevřte poznámkový blok a zkopírujte do něj:

RegLock::
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

Reboot::

Uložte na plochu jako CFScript.txt. Pak jej myší přetáhněte nad ikonu ComboFix a pusťte. CF se spustí a vykoná příkazy ze skriptu.

Provedeno. Co jsme tim vlastne udelai konkretne? at vim co postradat nebo co se stalo.
Pocitac se restartoval a nabehl v normalnim rezimu. Start ale trval zase 259 sekund :!
Tady je log:

ComboFix 13-04-21.01 - Lada 21.04.2013 22:43:04.2.2 - x86 NETWORK
Microsoft Windows XP Home Edition 5.1.2600.3.1250.420.1029.18.1023.658 [GMT 2:00]
Spuštěný z: c:\documents and settings\Lada\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\Lada\Plocha\CFScript.txt
AV: COMODO Antivirus *Enabled/Updated* {043803A5-4F86-4ef7-AFC5-F6E02A79969B}
FW: COMODO Firewall *Enabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B}
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2013-03-21 do 2013-04-21 )))))))))))))))))))))))))))))))
.
.
2013-04-21 05:39 . 2013-04-21 20:53 -------- d-----w- c:\documents and settings\Lada\Data aplikací\Wise Care 365
2013-04-21 05:39 . 2013-04-21 05:39 -------- d-----w- c:\program files\Wise
2013-04-20 06:42 . 2013-04-20 06:42 -------- d-----w- c:\windows\system32\config\systemprofile\Local Settings\Data aplikací\COMODO
2013-04-19 17:20 . 2013-04-19 17:20 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Data aplikací\COMODO
2013-04-19 17:19 . 2013-04-19 17:19 47368 ----a-w- c:\windows\system32\certsentry.dll
2013-04-19 09:11 . 2013-04-19 09:11 -------- d-----w- c:\program files\Common Files\Java
2013-04-19 09:10 . 2013-04-04 03:35 94112 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2013-04-18 13:33 . 2013-04-18 13:33 -------- d-----w- c:\program files\Common Files\COMODO
2013-04-11 08:27 . 2013-04-11 08:27 -------- d-----w- c:\documents and settings\Lada\Local Settings\Data aplikací\GHISLER
2013-04-11 08:26 . 2013-04-11 08:26 -------- d-----w- C:\totalcmd
2013-04-11 08:26 . 2013-04-11 08:26 -------- d-----w- c:\documents and settings\Lada\Data aplikací\GHISLER
2013-04-07 22:07 . 2013-04-07 22:07 -------- d-----w- c:\program files\Common Files\Nero
2013-04-07 20:25 . 2013-04-07 20:25 -------- d-----w- c:\documents and settings\Lada\Data aplikací\AnvSoft
2013-04-07 16:19 . 2013-04-07 16:19 -------- d-sh--w- c:\documents and settings\Default User\IETldCache
2013-04-07 11:28 . 2013-04-19 17:19 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Data aplikací\COMODO
2013-04-07 11:20 . 2013-04-07 11:20 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
2013-04-07 11:19 . 2013-04-21 18:47 1474832 ----a-w- c:\windows\system32\drivers\sfi.dat
2013-04-07 11:17 . 2013-04-07 11:17 -------- d-s---w- c:\documents and settings\All Users\Data aplikací\Shared Space
2013-04-07 11:16 . 2013-04-07 11:16 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache
2013-04-07 11:15 . 2013-04-07 11:16 -------- d-----w- c:\documents and settings\All Users\Data aplikací\COMODO
2013-04-07 11:15 . 2013-04-20 22:07 -------- d-----w- c:\documents and settings\Lada\Local Settings\Data aplikací\COMODO
2013-04-07 11:15 . 2013-04-19 17:18 -------- d-----w- c:\program files\Comodo
2013-04-07 11:15 . 2013-04-07 11:15 1700352 ----a-w- c:\windows\system32\gdiplus.dll
2013-04-07 11:15 . 2013-04-07 11:15 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Comodo Downloader
2013-04-06 13:22 . 2013-04-06 13:22 -------- d-----w- c:\documents and settings\Lada\Data aplikací\Malwarebytes
2013-04-06 13:21 . 2013-04-06 13:21 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Malwarebytes
2013-04-06 13:21 . 2013-04-06 13:21 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2013-04-06 13:21 . 2012-12-14 14:49 21104 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-04-05 09:16 . 2013-04-21 06:40 -------- d-----w- c:\program files\trend micro
2013-04-05 09:16 . 2013-04-05 09:17 -------- d-----w- C:\rsit
2013-04-04 16:21 . 2013-04-04 16:35 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Spybot - Search & Destroy
2013-04-04 16:21 . 2013-04-05 10:15 -------- d-----w- c:\program files\Spybot - Search & Destroy 2
2013-04-04 15:12 . 2013-04-04 15:12 -------- d-sh--w- c:\documents and settings\Vlastník\PrivacIE
2013-03-28 09:12 . 2013-03-28 09:19 -------- d-----w- c:\documents and settings\Administrator
2013-03-28 07:41 . 2013-03-28 07:41 -------- d-----w- c:\documents and settings\Vlastník\Local Settings\Data aplikací\ATI
2013-03-28 07:41 . 2013-03-28 07:41 -------- d-----w- c:\documents and settings\Vlastník\Data aplikací\ATI
2013-03-28 07:40 . 2013-03-28 07:40 -------- d-sh--w- c:\documents and settings\Vlastník\IETldCache
2013-03-26 21:55 . 2013-03-26 21:55 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2013-03-26 14:41 . 2013-03-26 14:41 -------- d-----w- c:\documents and settings\Lada\Data aplikací\Nitro
2013-03-26 14:41 . 2013-03-26 14:41 -------- d-----w- c:\documents and settings\Lada\Data aplikací\FileOpen
2013-03-26 14:41 . 2013-03-26 14:41 -------- d-----w- c:\documents and settings\All Users\Data aplikací\FileOpen
2013-03-26 12:35 . 2013-03-26 12:36 -------- d-----w- c:\documents and settings\Lada\kbpki
2013-03-26 12:35 . 2013-03-26 12:35 -------- d-----w- c:\windows\Sun
2013-03-26 12:35 . 2013-03-26 12:35 -------- d-----w- c:\documents and settings\Lada\Local Settings\Data aplikací\Sun
2013-03-26 12:32 . 2013-03-26 12:31 861088 ----a-w- c:\windows\system32\npDeployJava1.dll
2013-03-26 12:32 . 2013-03-26 12:31 782240 ----a-w- c:\windows\system32\deployJava1.dll
2013-03-26 12:31 . 2013-04-19 09:10 -------- d-----w- c:\program files\Java
2013-03-25 21:27 . 2013-03-25 21:27 -------- d-----r- C:\D3
2013-03-25 21:26 . 2013-03-25 21:31 -------- d-----r- C:\D4
2013-03-25 16:24 . 2013-03-25 16:34 -------- d-----w- c:\program files\GetFLV
2013-03-25 15:43 . 2013-04-16 17:30 -------- d-----w- C:\HD exporty video projektů a DVD
2013-03-23 11:42 . 2013-03-23 11:42 -------- d-sh--w- c:\documents and settings\Lada\IECompatCache
2013-03-23 08:59 . 2013-03-23 08:59 -------- d-----w- c:\documents and settings\Lada\Local Settings\Data aplikací\Identities
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-04-18 17:02 . 2013-01-16 17:51 99392 ----a-w- c:\windows\system32\drivers\inspect.sys
2013-04-15 17:38 . 2013-01-16 17:51 32816 ----a-w- c:\windows\system32\drivers\cmdhlp.sys
2013-04-15 17:38 . 2013-01-16 17:51 592384 ----a-w- c:\windows\system32\drivers\cmdGuard.sys
2013-04-15 17:38 . 2013-01-16 17:51 18528 ----a-w- c:\windows\system32\drivers\cmderd.sys
2013-04-15 17:38 . 2013-01-24 20:43 35488 ----a-w- c:\windows\system32\cmdcsr.dll
2013-04-15 17:38 . 2013-01-24 20:43 348584 ----a-w- c:\windows\system32\guard32.dll
2013-04-15 17:38 . 2013-01-24 20:42 276688 ----a-w- c:\windows\system32\cmdvrt32.dll
2013-04-15 17:38 . 2013-01-24 20:42 40656 ----a-w- c:\windows\system32\cmdkbd32.dll
2013-04-12 11:27 . 2013-03-18 14:07 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-04-12 11:27 . 2013-03-18 14:07 691592 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-03-08 08:36 . 2008-04-14 12:00 293376 ----a-w- c:\windows\system32\winsrv.dll
2013-03-07 15:56 . 2008-04-14 12:00 2151936 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-03-07 15:56 . 2008-04-14 08:06 2030592 ----a-w- c:\windows\system32\ntkrnlpa.exe
2013-03-05 15:57 . 2013-03-18 14:09 27152 ----a-w- c:\windows\system32\nitrolocalmon2.dll
2013-03-05 15:57 . 2013-03-18 14:09 18448 ----a-w- c:\windows\system32\nitrolocalui2.dll
2013-03-02 02:08 . 2008-04-14 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
2013-03-02 02:08 . 2008-04-14 12:00 43520 ------w- c:\windows\system32\licmgr10.dll
2013-03-02 02:08 . 2008-04-14 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2013-03-02 01:57 . 2008-04-14 12:00 1867264 ----a-w- c:\windows\system32\win32k.sys
2013-03-02 01:08 . 2008-04-14 12:00 385024 ------w- c:\windows\system32\html.iec
2013-02-27 07:58 . 2013-03-18 13:27 2067456 ----a-w- c:\windows\system32\mstscax.dll
2013-02-12 00:32 . 2008-04-14 12:00 12928 ----a-w- c:\windows\system32\drivers\usb8023.sys
2013-01-26 03:55 . 2008-04-14 12:00 552448 ----a-w- c:\windows\system32\oleaut32.dll
2013-04-12 07:03 . 2013-04-12 07:03 263064 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HDAudDeck"="c:\program files\VIA\VIAudioi\HDADeck\HDeck.exe" [2009-08-25 33660928]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-07-03 98304]
"USBToolTip"="c:\progra~1\Pinnacle\SHARED~1\Programs\USBTip\USBTip.exe" [2007-02-20 199752]
"COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cistray.exe" [2013-04-15 3012816]
"gbrspcontrol"="c:\program files\Common Files\COMODO\GeekBuddyRSP.exe" [2013-04-17 1851088]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2013-3-19 113664]
Start GeekBuddy.lnk - c:\program files\Comodo\GeekBuddy\launcher.exe [2013-4-17 49352]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0\0sdnclean.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Pinnacle\\Studio 14\\Programs\\RM.exe"=
"c:\\Program Files\\Pinnacle\\Studio 14\\Programs\\Studio.exe"=
"c:\\Program Files\\Pinnacle\\Studio 14\\Programs\\umi.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\program files\Common Files\Comodo\GeekBuddyRSP.exe"= c:\program files\Common Files\Comodo\GeekBuddyRSP.exe:127.0.0.1/255.255.255.255:Enabled:GeekBuddy RSP
"c:\\Program Files\\PANDORA.TV\\PanService\\PanProcess.exe"=
"c:\\Program Files\\PANDORA.TV\\PanService\\PandoraService.exe"=
.
R1 CFRMD;CFRMD;c:\windows\system32\drivers\CFRMD.sys [3.9.2012 9:20 36112]
R1 cmderd;COMODO Internet Security Eradication Driver;c:\windows\system32\drivers\cmderd.sys [16.1.2013 19:51 18528]
R1 cmdGuard;COMODO Internet Security Driver;c:\windows\system32\drivers\cmdGuard.sys [16.1.2013 19:51 592384]
R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [16.1.2013 19:51 32816]
R2 CLPSLauncher;COMODO LPS Launcher;c:\program files\Common Files\COMODO\launcher_service.exe [17.4.2013 11:57 70344]
R2 DragonUpdater;COMODO Dragon Update Service;c:\program files\Comodo\Dragon\dragon_updater.exe [19.4.2013 11:27 2074760]
R2 GeekBuddyRSP;GeekBuddyRSP Service;c:\program files\Common Files\COMODO\GeekBuddyRSP.exe [17.4.2013 13:27 1851088]
R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdXP3.sys [18.3.2013 22:38 103040]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [6.4.2013 15:21 21104]
R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [10.7.2009 12:03 1381632]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [6.4.2013 15:21 682344]
S2 WiseBootAssistant;Wise Boot Assistant;c:\program files\Wise\Wise Care 365\BootTime.exe [21.4.2013 7:39 580648]
S3 cmdvirth;COMODO Virtual Service Manager;c:\program files\Comodo\COMODO Internet Security\cmdvirth.exe [24.1.2013 22:42 127184]
S3 NitroReaderDriverReadSpool3;NitroPDFReaderDriverCreatorReadSpool3;c:\program files\Nitro\Reader 3\NitroPDFReaderDriverService3.exe [5.3.2013 17:57 196624]
S3 PanService;PandoraService;c:\program files\PANDORA.TV\PanService\PandoraService.exe [19.3.2013 16:12 625304]
S3 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [28.2.2013 19:45 161384]
.
--- Ostatní služby/ovladače v paměti ---
.
*NewlyCreated* - WS2IFSL
.
Obsah adresáře 'Naplánované úlohy'
.
2013-04-21 c:\windows\Tasks\COMODO Cache Builder {0FB77674-7905-4F34-A362-C5A9A26F8CF9}.job
- c:\program files\COMODO\COMODO Internet Security\cfpconfg.exe [2013-01-24 17:38]
.
2013-04-21 c:\windows\Tasks\COMODO Scan {F140D794-60B6-4F00-9235-D6457AA25B22}.job
- c:\program files\COMODO\COMODO Internet Security\cfpconfg.exe [2013-01-24 17:38]
.
2013-04-21 c:\windows\Tasks\COMODO Signature Update {B9D5C6F9-17D2-4917-8BD0-614BAA1C6A59}.job
- c:\program files\COMODO\COMODO Internet Security\cfpconfg.exe [2013-01-24 17:38]
.
2013-04-21 c:\windows\Tasks\COMODO Update {A6D52E4F-569B-4756-B3D8-DF217313DA85}.job
- c:\program files\COMODO\COMODO Internet Security\cfpconfg.exe [2013-01-24 17:38]
.
2013-04-21 c:\windows\Tasks\Wise Care 365.job
- c:\program files\Wise\Wise Care 365\WiseTray.exe [2013-04-21 11:55]
.
.
------- Doplňkový sken -------
.
uInternet Connection Wizard,ShellNext = hxxp://get.adobe.com/flashplayer/completion/aih/?exitcode=0&type=install
Trusted Zone: mojebanka.cz\etrading
Trusted Zone: mojebanka.cz\www
Trusted Zone: mojebanka.cz\etrading
Trusted Zone: mojebanka.cz\www
TCP: DhcpNameServer = 10.0.0.138
TCP: Interfaces\{AB424AF6-A993-4DE1-8AD5-2079413CD839}: NameServer = 8.26.56.26,156.154.70.22
FF - ProfilePath - c:\documents and settings\Lada\Data aplikací\Mozilla\Firefox\Profiles\ah7fsb89.default\
FF - ExtSQL: 2013-03-19 10:59; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-04-21 22:53
Windows 5.1.2600 Service Pack 3 NTFS
.
detected NTDLL code modification:
ZwClose
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
HDAudDeck = c:\program files\VIA\VIAudioi\HDADeck\HDeck.exe 1????????????????????????????????????????????????
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*]
@="?????????????????? v1"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*\CLSID]
@="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*]
@="?????????????????? v2"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*\CLSID]
@="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'winlogon.exe'(756)
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\atiadlxx.dll
.
- - - - - - - > 'lsass.exe'(812)
c:\windows\system32\MPR.dll
c:\windows\system32\guard32.dll
c:\windows\system32\mswsock.dll
c:\windows\System32\wshtcpip.dll
.
- - - - - - - > 'explorer.exe'(2492)
c:\windows\system32\guard32.dll
c:\windows\system32\msi.dll
c:\windows\system32\WS2_32.dll
c:\windows\system32\WS2HELP.dll
c:\windows\system32\webcheck.dll
.
- - - - - - - > 'csrss.exe'(700)
c:\windows\system32\cmdcsr.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\program files\COMODO\COMODO Internet Security\cmdagent.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
c:\program files\COMODO\COMODO Internet Security\cavwp.exe
c:\program files\Comodo\GeekBuddy\unit_manager.exe
c:\program files\Comodo\GeekBuddy\unit.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
c:\windows\system32\wbem\unsecapp.exe
.
**************************************************************************
.
Celkový čas: 2013-04-21 22:58:14 - počítač byl restartován
ComboFix-quarantined-files.txt 2013-04-21 20:58
ComboFix2.txt 2013-04-21 20:23
.
Před spuštěním: Volných bajtů: 833 504 915 456
Po spuštění: Volných bajtů: 833 496 674 304
.
- - End Of File - - BCF91C43BC6356462A59470328C24A56

Takže teď nevím. mám nějak řešit tu DNS v Americe a co s tím dlouhým nabiháním systému?? je to porád stejné. A co jsme tím přepsáním vlastně udělali/opravili?

V síť. připojeních>vlastnosti>TCP/IP protokol nastavte vše podle smlouvy o přiojení k internetu, kterou máte. Tj. IP adresu masku, bránu a DNS servery, případně automatiuckou konfiguraci.

Pokud toto máte a nic se nezměnilo na délce startu, zkuste:
Start>spustit>(napsat) msconfig>OK. Na záložkách "Po spuštění" a "Služby" odstraňte zatržítka u všech položek, které nemusí automaticky startovat. Tj. u takových, které lze v případě potřeby spustit ručně.

Teď jsem se dověděl, že tato chyba (černá obrazovka) bude ještě tento týden opravena.

Dekuju, vážně? A kde je ta chyba? Primo Windows XP - udelaji opravu?

Je to chyba poslední verze Comoda. Kolega mne informoval o tom, že tento týden bude chyba opravena.

Diky, snad to bude ok. Celkove pocitac nejak dychavicne nestiha + videa na youtube pomalu nacitaji a sekaji se treba ve ctvtine... Kazdy otevreny dokument se neotvre hned, ale jako by chvili chroustal a pak se otevre. A i prace v Photohopu dela problemy s prepisovanim obrazku - kdyz s nim posunui preskladava se po castech... Asi vite co myslim. Co se to deje kompletne?

Zkuste PC vyčistit CCleanerem: http://forum.viry.cz/viewtopic.php?f=46&t=7478 , příp. defragmentujte disk.

CCleaner pouzity, ale problemy jsou stale stejne...

Změřte si rychlost připojení třeba na www.dsl.cz a porovnejte, zda zhruba odpovídá rychlosti ve smlouvě o připojení k internetu.