Prosím o kontrolu logů, PC (ne)nabíhá

[P.O.B]

Zdravím rádce,

prosím o nakouknutí na moje PC, po startu proběhne klasicky logo XP s načítáním, proužek se standardně i lehce zastaví, probliknou diody num, caps, scrool... a pak to zhasne, jako že se spustí přihlašovací okno, ale místo toho se zase objeví logo XP a pak už jen donekonečna nabíhá a nabíhá...

Do nouzového režimu se není problém dostat (spuštění přes poslední známou funkční konfig. nepomohlo)...

V nouzovém sem spustil MWAV (běžel asi 3,5 hodinky) a pak ještě RSIT, tady jsou logy...

RSIT:

Logfile of random's system information tool 1.08 (written by random/random)
Run by Administrator at 2010-07-15 13:31:42
Systém Microsoft Windows XP Professional Service Pack 3
System drive C: has 1 GB (14%) free of 10 GB
Total RAM: 767 MB (74% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 13:32:08, on 15.7.2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Safe mode with network support

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\NOTEPAD.EXE
C:\Documents and Settings\Administrator\Dokumenty\Stažené soubory\RSIT.exe
C:\Program Files\trend micro\Administrator.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [PRONoMgr.exe] C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware (registration)] regsvr32.exe /s "C:\Program Files\Malwarebytes' Anti-Malware\mbamext.dll"
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKLM\..\RunOnce: [InnoSetupRegFile.0000000001] "C:\WINDOWS\is-FC0A9.exe" /REG
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{C37E6315-775C-480D-86AC-3809B46E2532}: NameServer = 192.168.0.1,81.200.48.11
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe

--
End of file - 4557 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\AppleSoftwareUpdate.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-12-21 75200]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"ccApp"=C:\Program Files\Common Files\Symantec Shared\ccApp.exe [2005-10-04 48752]
"PRONoMgr.exe"=C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe [2002-10-23 86016]
"SoundMan"=C:\WINDOWS\SOUNDMAN.EXE [2006-01-11 577536]
"UnlockerAssistant"=C:\Program Files\Unlocker\UnlockerAssistant.exe [2009-10-26 15872]
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2010-03-17 421888]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-12-22 35760]
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2010-06-09 976832]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"Malwarebytes' Anti-Malware (registration)"=regsvr32.exe /s C:\Program Files\Malwarebytes' Anti-Malware\mbamext.dll []
"Malwarebytes' Anti-Malware"=C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe [2010-04-29 437584]
"InnoSetupRegFile.0000000001"=C:\WINDOWS\is-FC0A9.exe [2010-07-14 711168]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\CTFMON.EXE [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\NavLogon]
C:\WINDOWS\system32\NavLogon.dll [2005-11-15 43760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2009-03-10 265096]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"DisableStatusMessages"=0

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

======List of files/folders created in the last 1 months======

2010-07-15 13:31:42 ----D---- C:\rsit
2010-07-15 13:31:42 ----D---- C:\Program Files\trend micro
2010-07-15 13:29:59 ----D---- C:\Documents and Settings\Administrator\Data aplikací\Macromedia
2010-07-15 13:29:59 ----D---- C:\Documents and Settings\Administrator\Data aplikací\Adobe
2010-07-15 07:48:46 ----AD---- C:\WINDOWS\VDLL.DLL
2010-07-15 07:48:46 ----AD---- C:\WINDOWS\system32\runouce.exe
2010-07-15 07:48:46 ----AD---- C:\WINDOWS\rundll16.exe
2010-07-15 07:48:46 ----AD---- C:\WINDOWS\RUNDL132.EXE
2010-07-15 07:48:46 ----AD---- C:\WINDOWS\logo1_.exe
2010-07-15 07:48:46 ----AD---- C:\WINDOWS\logo_1.exe
2010-07-15 07:44:39 ----A---- C:\WINDOWS\system32\msvcr80.dll
2010-07-15 07:44:38 ----A---- C:\WINDOWS\system32\msvcp80.dll
2010-07-15 07:44:37 ----A---- C:\WINDOWS\system32\eEmpty.exe
2010-07-15 07:44:35 ----A---- C:\WINDOWS\system32\TASKMGR.COM
2010-07-15 07:44:35 ----A---- C:\WINDOWS\system32\T.COM
2010-07-15 07:44:35 ----A---- C:\WINDOWS\REGEDIT.COM
2010-07-15 07:44:35 ----A---- C:\WINDOWS\R.COM
2010-07-15 07:44:33 ----D---- C:\Program Files\Common Files\MicroWorld
2010-07-15 07:44:31 ----D---- C:\Documents and Settings\All Users\Data aplikací\MicroWorld
2010-07-14 12:50:17 ----D---- C:\Program Files\Defraggler
2010-07-14 12:49:51 ----A---- C:\WINDOWS\ntbtlog.txt
2010-07-14 12:49:45 ----D---- C:\Program Files\Speccy
2010-07-14 12:37:39 ----A---- C:\WINDOWS\is-FC0A9.exe
2010-07-14 12:36:16 ----D---- C:\Documents and Settings\Administrator\Data aplikací\Mozilla
2010-07-14 12:35:26 ----D---- C:\WINDOWS\system32\appmgmt
2010-07-14 12:32:58 ----SHD---- C:\WINDOWS\CSC
2010-07-14 12:27:39 ----D---- C:\Documents and Settings\Administrator\Data aplikací\Malwarebytes
2010-07-14 12:26:26 ----ASH---- C:\Documents and Settings\Administrator\Data aplikací\desktop.ini
2010-07-14 12:26:25 ----SD---- C:\Documents and Settings\Administrator\Data aplikací\Microsoft

======List of files/folders modified in the last 1 months======

2010-07-15 13:31:42 ----RD---- C:\Program Files
2010-07-15 07:48:46 ----D---- C:\WINDOWS\system32
2010-07-15 07:48:46 ----D---- C:\WINDOWS
2010-07-15 07:44:33 ----D---- C:\Program Files\Common Files
2010-07-14 12:49:53 ----D---- C:\WINDOWS\system32\CatRoot2
2010-07-14 12:45:34 ----SHD---- C:\RECYCLER
2010-07-14 12:45:34 ----D---- C:\WINDOWS\Debug
2010-07-14 12:44:50 ----D---- C:\Program Files\CCleaner
2010-07-14 12:38:16 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2010-07-14 12:37:37 ----D---- C:\WINDOWS\system32\drivers
2010-07-14 12:26:25 ----D---- C:\Documents and Settings
2010-07-14 06:02:04 ----D---- C:\WINDOWS\Prefetch
2010-06-29 06:59:03 ----HD---- C:\WINDOWS\inf
2010-06-29 06:55:54 ----D---- C:\Program Files\Mozilla Firefox
2010-06-21 11:56:44 ----D---- C:\WINDOWS\Temp

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 agp440;Filtr Intel sběrnice AGP; C:\WINDOWS\system32\DRIVERS\agp440.sys [2008-04-13 42368]
R0 IdeBusDr;IdeBusDr; C:\WINDOWS\system32\DRIVERS\IdeBusDr.sys [2002-10-15 13891]
R0 IdeChnDr;Intel(R) Ultra ATA Controller; C:\WINDOWS\system32\DRIVERS\IdeChnDr.sys [2002-10-15 101431]
R3 E100B;Intel(R) PRO Adapter Driver; C:\WINDOWS\system32\DRIVERS\e100b325.sys [2002-09-25 140800]
R3 usbuhci;Ovladač Microsoft univerzálního hostitelského řadiče USB od společnosti Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
S1 eeCtrl;Symantec Eraser Control driver; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys []
S1 intelppm;Řadič procesoru Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 40192]
S1 SAVRT;SAVRT; \??\C:\Program Files\Symantec AntiVirus\savrt.sys []
S1 SAVRTPEL;SAVRTPEL; \??\C:\Program Files\Symantec AntiVirus\Savrtpel.sys []
S1 SYMTDI;SYMTDI; C:\WINDOWS\System32\Drivers\SYMTDI.SYS [2005-10-19 195728]
S3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2006-02-08 3846016]
S3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2004-08-17 701440]
S3 cpuz132;cpuz132; \??\C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\cpuz132\cpuz132_x32.sys []
S3 EraserUtilRebootDrv;EraserUtilRebootDrv; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys []
S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2007-03-08 49920]
S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2007-03-08 16496]
S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2007-03-08 21568]
S3 NAL;Nal Service ; \??\C:\WINDOWS\system32\Drivers\iqvw32.sys []
S3 NAVENG;NAVENG; \??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20090108.007\naveng.sys []
S3 NAVEX15;NAVEX15; \??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20090108.007\navex15.sys []
S3 SPBBCDrv;SPBBCDrv; \??\C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys []
S3 SymEvent;SymEvent; \??\C:\Program Files\Symantec\SYMEVENT.SYS []
S3 SYMREDRV;SYMREDRV; C:\WINDOWS\System32\Drivers\SYMREDRV.SYS [2005-10-19 24720]
S3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 usbprint;Třída USB Printer; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 usbscan;Ovladač skeneru USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

S2 ccEvtMgr;Symantec Event Manager; C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe [2005-10-04 185968]
S2 ccSetMgr;Symantec Settings Manager; C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe [2005-10-04 177776]
S2 DefWatch;Symantec AntiVirus Definition Watcher; C:\Program Files\Symantec AntiVirus\DefWatch.exe [2005-11-15 20208]
S2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-20 322120]
S2 Net Driver HPZ12;Net Driver HPZ12; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]
S2 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]
S3 ccPwdSvc;Symantec Password Validation; C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe [2005-10-04 83568]
S3 NetSvc;Intel NCS NetService; C:\Program Files\Intel\NCS\Sync\NetSvc.exe [2002-09-27 139264]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 SavRoam;SAVRoam; C:\Program Files\Symantec AntiVirus\SavRoam.exe [2005-11-15 169200]
S3 SNDSrvc;Symantec Network Drivers Service; C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe [2005-10-19 214672]
S3 SPBBCSvc;Symantec SPBBCSvc; C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe [2005-03-30 992864]
S3 Symantec AntiVirus;Symantec AntiVirus; C:\Program Files\Symantec AntiVirus\Rtvscan.exe [2005-11-15 1756912]

-----------------EOF-----------------



MWAV:


Object "Security Master AV Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "Smitfraud Corrupted Adware/Spyware" found in File System! Action Taken: No Action Taken.
Object "Orifice2K.plugin Trojan" found in File System! Action Taken: No Action Taken.

File C:\Documents and Settings\bielesz petr\Local Settings\Data aplikací\Identities\{D5AD8504-C712-4978-BD73-ED4578B6CE19}\Microsoft\Outlook Express\Doručená pošta.dbx infected by "Win32.Generic.495979 (DB)" Virus! Action Taken: No Action Taken.
File C:\Program Files\scanner\uninstall.exe infected by "Trojan.Generic.1681186 (DB)" Virus! Action Taken: No Action Taken.
File C:\RECYCLER\S-1-5-21-57989841-1450960922-839522115-1003\Dc40.exe infected by "Trojan.Agent.ALYV (DB)" Virus! Action Taken: No Action Taken.
File C:\WINDOWS\Installer\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}\icon.exe infected by "Exe.Corrupted" Virus! Action Taken: No Action Taken.
File C:\WINDOWS\WinSxS\x86_Microsoft.MSXML2R_6bd6b9abf345378f_4.1.1.0_x-ww_2a41bceb\msxml4r.dll infected by "Exe.Corrupted" Virus! Action Taken: No Action Taken.
File F:\Documents and Settings\Petr Bielesz\Dokumenty\Programy\antiviry\Norton AntiVirus 2005\NORTON.ANTIVIRUS.2005-PHXiSO.rar infected by "Packer.FSG.A (DB)" Virus! Action Taken: No Action Taken.
File F:\Documents and Settings\Petr Bielesz\Dokumenty\Programy\nové prg\popupBlocker800a.exe infected by "Adware.Safeguardprotect.A (DB)" Virus! Action Taken: No Action Taken.
File F:\Documents and Settings\Petr Bielesz\Dokumenty\Ze sdílení\moje\nové prg\popupBlocker800a.exe infected by "Adware.Safeguardprotect.A (DB)" Virus! Action Taken: No Action Taken.
File F:\Documents and Settings\Petr Bielesz\Plocha\net\aresregular204_installer.exe infected by "Trojan.Generic.75758 (DB)" Virus! Action Taken: No Action Taken.
File F:\Documents and Settings\Petr Bielesz\Plocha\Programy\FreeScan.exe infected by "Trojan.Generic.IS.614354 (DB)" Virus! Action Taken: No Action Taken.
File F:\Documents and Settings\Petr Bielesz\Plocha\Programy\Internet Alert v3.2.exe infected by "Application.Internetalert.A (DB)" Virus! Action Taken: No Action Taken.
File F:\Documents and Settings\Petr Bielesz\Plocha\Programy\popupBlocker800a.exe infected by "Adware.Safeguardprotect.A (DB)" Virus! Action Taken: No Action Taken.
File F:\zálohy\a\Doručená pošta.dbx infected by "Win32.Generic.495979 (DB)" Virus! Action Taken: No Action Taken.
File F:\zálohy\Miluška\disk C\archiv\záloha\system\archiv\Program Files\Norton AntiVirus\Quarantine\06833CD3.exe infected by "Win32.BugBear.E@mm (DB)" Virus! Action Taken: No Action Taken.
File F:\zálohy\Miluška\disk C\archiv\záloha\system\archiv\Program Files\Norton AntiVirus\Quarantine\19C050E0.exe infected by "Win32.BugBear.B@mm (DB)" Virus! Action Taken: No Action Taken.
File F:\zálohy\Miluška\disk C\archiv\záloha\system\archiv\Program Files\Norton AntiVirus\Quarantine\21A414F7.EXE infected by "Win32.BugBear.B@mm (DB)" Virus! Action Taken: No Action Taken.
File F:\zálohy\Miluška\disk C\archiv\záloha\system\archiv\Program Files\Norton AntiVirus\Quarantine\325915B9.exe infected by "Win32.BugBear.E@mm (DB)" Virus! Action Taken: No Action Taken.
File F:\zálohy\Miluška\disk C\archiv\záloha\system\archiv\Program Files\Norton AntiVirus\Quarantine\33136EEC.exe infected by "Win32.BugBear.B@mm (DB)" Virus! Action Taken: No Action Taken.
File F:\zálohy\Miluška\disk C\archiv\záloha\system\archiv\Program Files\Norton AntiVirus\Quarantine\332A14D3.exe infected by "Win32.BugBear.B@mm (DB)" Virus! Action Taken: No Action Taken.
File F:\zálohy\Miluška\disk C\archiv\záloha\system\archiv\Program Files\Norton AntiVirus\Quarantine\333E10BE.exe infected by "Win32.BugBear.B@mm (DB)" Virus! Action Taken: No Action Taken.
File F:\zálohy\Miluška\disk C\archiv\záloha\system\archiv\Program Files\Norton AntiVirus\Quarantine\334E62AC.exe infected by "Win32.BugBear.E@mm (DB)" Virus! Action Taken: No Action Taken.
File F:\zálohy\Miluška\disk C\archiv\záloha\system\archiv\Program Files\Norton AntiVirus\Quarantine\335860A1.exe infected by "Win32.BugBear.B@mm (DB)" Virus! Action Taken: No Action Taken.
File F:\zálohy\Miluška\disk C\archiv\záloha\system\archiv\Program Files\Norton AntiVirus\Quarantine\33F115F8.exe infected by "Win32.BugBear.B@mm (DB)" Virus! Action Taken: No Action Taken.
File F:\zálohy\Miluška\disk C\archiv\záloha\system\archiv\Program Files\Norton AntiVirus\Quarantine\52BE58EF.EXE infected by "Win32.BugBear.B@mm (DB)" Virus! Action Taken: No Action Taken.
File F:\zálohy\Miluška\disk C\archiv\záloha\system\archiv\Program Files\Norton AntiVirus\Quarantine\52EB24BD.EXE infected by "Win32.BugBear.B@mm (DB)" Virus! Action Taken: No Action Taken.
File F:\zálohy\Miluška\disk C\archiv\záloha\system\archiv\Program Files\Norton AntiVirus\Quarantine\54C56CB4.exe infected by "Win32.BugBear.E@mm (DB)" Virus! Action Taken: No Action Taken.
File F:\zálohy\Miluška\disk C\archiv\záloha\system\archiv\Program Files\Norton AntiVirus\Quarantine\568B38C0.exe infected by "Win32.BugBear.B@mm (DB)" Virus! Action Taken: No Action Taken.
File F:\zálohy\Miluška\disk C\archiv\záloha\system\archiv\Program Files\Norton AntiVirus\Quarantine\60B56F90.scr infected by "Win32.BugBear.B@mm (DB)" Virus! Action Taken: No Action Taken.
File F:\zálohy\Miluška\disk C\archiv\záloha\system\archiv\Program Files\Norton AntiVirus\Quarantine\61A4688A.SCR infected by "Win32.BugBear.B@mm (DB)" Virus! Action Taken: No Action Taken.
File F:\zálohy\Miluška\disk C\archiv\záloha\system\archiv\Program Files\Norton AntiVirus\Quarantine\6D494527.exe infected by "Win32.BugBear.E@mm (DB)" Virus! Action Taken: No Action Taken.
File F:\zálohy\Miluška\disk C\archiv\záloha\system\archiv\Program Files\Norton AntiVirus\Quarantine\6D50191F.exe infected by "Win32.BugBear.B@mm (DB)" Virus! Action Taken: No Action Taken.
File F:\zálohy\Miluška\disk C\archiv\záloha\system\archiv\Program Files\Norton AntiVirus\Quarantine\6E5861FC.tmp infected by "Win32.BugBear.B@mm (DB)" Virus! Action Taken: No Action Taken.
File F:\zálohy\Miluška\disk C\archiv\záloha\system\archiv\Program Files\Norton AntiVirus\Quarantine\6E6C5DE7.exe infected by "Win32.BugBear.E@mm (DB)" Virus! Action Taken: No Action Taken.
File F:\zálohy\Miluška\disk C\archiv\záloha\system\archiv\Program Files\Norton AntiVirus\Quarantine\6E7905D8.exe infected by "Win32.BugBear.B@mm (DB)" Virus! Action Taken: No Action Taken.
File F:\zálohy\Miluška\disk C\archiv\záloha\system\archiv\Program Files\Norton AntiVirus\Quarantine\6E8303CE.exe infected by "Win32.BugBear.B@mm (DB)" Virus! Action Taken: No Action Taken.
File F:\zálohy\Miluška\disk C\archiv\záloha\system\archiv\Program Files\Norton AntiVirus\Quarantine\6F98749C.tmp infected by "Win32.BugBear.B@mm (DB)" Virus! Action Taken: No Action Taken.
File F:\zálohy\Miluška\disk C\archiv\záloha\system\archiv\Program Files\Norton AntiVirus\Quarantine\Incoming\AP0.exe infected by "Win32.BugBear.E@mm (DB)" Virus! Action Taken: No Action Taken.
File F:\zálohy\Miluška\disk C\archiv\záloha\system\archiv\Program Files\Norton AntiVirus\Quarantine\Incoming\AP1.exe infected by "Win32.BugBear.B@mm (DB)" Virus! Action Taken: No Action Taken.
File F:\zálohy\Miluška\disk C\archiv\záloha\system\archiv\Program Files\Norton AntiVirus\Quarantine\Incoming\AP2.exe infected by "Win32.BugBear.B@mm (DB)" Virus! Action Taken: No Action Taken.
File F:\zálohy\Miluška\disk C\archiv\záloha\system\archiv\Program Files\Norton AntiVirus\Quarantine\Incoming\AP3.exe infected by "Win32.BugBear.E@mm (DB)" Virus! Action Taken: No Action Taken.
File F:\zálohy\Miluška\disk C\archiv\záloha\system\archiv\Program Files\Norton AntiVirus\Quarantine\Incoming\AP4.exe infected by "Win32.BugBear.B@mm (DB)" Virus! Action Taken: No Action Taken.
File F:\zálohy\Miluška\disk C\archiv\záloha\system\archiv\Program Files\Norton AntiVirus\Quarantine\Incoming\AP5.exe infected by "Win32.BugBear.B@mm (DB)" Virus! Action Taken: No Action Taken.
File F:\zálohy\Miluška\disk C\archiv\záloha\system\archiv\WINDOWS\Application Data\Identities\{AB724080-A048-11D7-BDAF-A47A02F78113}\Microsoft\Outlook Express\Doručená pošta.dbx infected by "Exploit.Iframe.Vulnerability (DB)" Virus! Action Taken: No Action Taken.
File F:\zálohy\Miluška\disk C\archiv\záloha\system\archiv\WINDOWS\Application Data\Identities\{AB724080-A048-11D7-BDAF-A47A02F78113}\Microsoft\Outlook Express\Odstraněná pošta.dbx infected by "Win32.BugBear.B@mm.Damaged (DB)" Virus! Action Taken: No Action Taken.
File F:\zálohy\Miluška\disk C\archiv\záloha\system\archiv\WINDOWS\Profiles\miluska\Application Data\Identities\{AB724080-A048-11D7-BDAF-A47A02F78113}\Microsoft\Outlook Express\Doručená pošta.dbx infected by "Exploit.Iframe.Vulnerability (DB)" Virus! Action Taken: No Action Taken.
File F:\zálohy\Miluška\disk C\archiv\záloha\system\archiv\WINDOWS\Profiles\miluska\Application Data\Identities\{AB724080-A048-11D7-BDAF-A47A02F78113}\Microsoft\Outlook Express\Odstraněná pošta.dbx infected by "Win32.BugBear.B@mm.Damaged (DB)" Virus! Action Taken: No Action Taken.
File F:\zálohy\Miluška\disk C\Program Files\Common Files\CMEII\apps\DashBar\dashbar2100.zip infected by "Application.Claria.Dashbar.J (DB)" Virus! Action Taken: No Action Taken.
File F:\zálohy\Miluška\disk C\Program Files\Common Files\GMT\GMT.exe.manifest infected by "Adware.Gain.I (DB)" Virus! Action Taken: No Action Taken.
File F:\zálohy\Miluška\disk C\Program Files\Hotbar\bin\4.3.5.0\HbHostOE.dll infected by "Gen:Adware.Heur.ay8@Q0lcsGmi (DB)" Virus! Action Taken: No Action Taken.
File F:\zálohy\Miluška\disk C\Program Files\incredimail_install.exe infected by "Trojan.Downloader.Imloader.C (DB)" Virus! Action Taken: No Action Taken.
File F:\zálohy\Miluška\disk C\Program Files\MyWebSearch\bar\1.bin\F3CJPEG.DLL infected by "Adware.Mywebsearch.DN (DB)" Virus! Action Taken: No Action Taken.
File F:\zálohy\Miluška\disk C\Program Files\MyWebSearch\bar\1.bin\F3HTMLMU.DLL infected by "Adware.Bundler.Funwebproducts.C (DB)" Virus! Action Taken: No Action Taken.
File F:\zálohy\Miluška\disk C\Program Files\MyWebSearch\bar\1.bin\F3POPSWT.DLL infected by "Adware.Bundler.Funwebproducts.D (DB)" Virus! Action Taken: No Action Taken.
File F:\zálohy\Miluška\disk C\Program Files\MyWebSearch\bar\1.bin\F3REPROX.DLL infected by "Adware.Myway.F (DB)" Virus! Action Taken: No Action Taken.
File F:\zálohy\Miluška\disk C\Program Files\MyWebSearch\bar\1.bin\F3SCRCTR.DLL infected by "Adware.Toolbar.Mywebsearch.L (DB)" Virus! Action Taken: No Action Taken.
File F:\zálohy\Miluška\disk C\Program Files\MyWebSearch\bar\1.bin\M3HTML.DLL infected by "Application.Mywebsearch.Toolbar.B (DB)" Virus! Action Taken: No Action Taken.
File F:\zálohy\Miluška\disk C\Program Files\MyWebSearch\bar\1.bin\M3PLUGIN.DLL infected by "Adware.Mywebsearch.AX (DB)" Virus! Action Taken: No Action Taken.
File F:\zálohy\Miluška\disk C\Program Files\MyWebSearch\bar\1.bin\M3SKIN.DLL infected by "Adware.Bundler.Funwebproducts.G (DB)" Virus! Action Taken: No Action Taken.
File F:\zálohy\Miluška\disk C\Program Files\MyWebSearch\bar\1.bin\MWSOEPLG.DLL infected by "Adware.Myway.B (DB)" Virus! Action Taken: No Action Taken.
File F:\zálohy\Miluška\disk C\Program Files\MyWebSearch\bar\1.bin\MWSOESTB.DLL infected by "Adware.Toolbar.Mywebsearch.B (DB)" Virus! Action Taken: No Action Taken.
File F:\zálohy\Miluška\disk C\Program Files\Norton AntiVirus\Quarantine\18596228.EXE infected by "Helloween.1376.E (DB)" Virus! Action Taken: No Action Taken.
File F:\zálohy\Miluška\disk C\Program Files\Norton AntiVirus\Quarantine\18BF77B9.EXE infected by "Helloween.1376.E (DB)" Virus! Action Taken: No Action Taken.
File F:\zálohy\Miluška\disk C\Program Files\Norton AntiVirus\Quarantine\21917BC3.EXE infected by "Kaczor.4444 (DB)" Virus! Action Taken: No Action Taken.
File F:\zálohy\Miluška\disk C\Program Files\SafeGuard Pop-up Blocker Pro FREE Edition\popupBlocker800a.exe infected by "Adware.Safeguardprotect.A (DB)" Virus! Action Taken: No Action Taken.
File F:\zálohy\Miluška\disk C\RECYCLED\NPROTECT\00312467.CAB infected by "Application.Claria.NN (DB)" Virus! Action Taken: No Action Taken.
File F:\zálohy\Miluška\disk C\RECYCLED\NPROTECT\00312503.CAB infected by "Application.Claria.DQ (DB)" Virus! Action Taken: No Action Taken.
File F:\zálohy\Miluška\disk C\RECYCLED\NPROTECT\00312613.CAB infected by "Application.Claria.NN (DB)" Virus! Action Taken: No Action Taken.
File F:\zálohy\Miluška\disk C\RECYCLED\NPROTECT\00312657.CAB infected by "Application.Claria.DQ (DB)" Virus! Action Taken: No Action Taken.
File F:\zálohy\Miluška\disk C\RECYCLED\NPROTECT\00312869.CAB infected by "Application.Claria.NN (DB)" Virus! Action Taken: No Action Taken.
File F:\zálohy\Miluška\disk C\RECYCLED\NPROTECT\00312877.CAB infected by "Application.Claria.DQ (DB)" Virus! Action Taken: No Action Taken.
File F:\zálohy\Miluška\disk C\RECYCLED\NPROTECT\00313121.CAB infected by "Application.Claria.NN (DB)" Virus! Action Taken: No Action Taken.
File F:\zálohy\Miluška\disk C\RECYCLED\NPROTECT\00313123.CAB infected by "Application.Claria.DQ (DB)" Virus! Action Taken: No Action Taken.
File F:\zálohy\Staré PC\Plocha\vypal\Programy\FreeScan.exe infected by "Trojan.Generic.IS.614354 (DB)" Virus! Action Taken: No Action Taken.
File F:\zálohy\Staré PC\Sdílení\Programy\AnyDVD_6.0.9.7_by_jursik.blog.cz.rar infected by "Trojan.Generic.204271 (DB)" Virus! Action Taken: No Action Taken.
File F:\zálohy\Staré PC\Sdílení\Programy\FreeScan.exe infected by "Trojan.Generic.IS.614354 (DB)" Virus! Action Taken: No Action Taken.
File F:\zálohy\Staré PC\Sdílení\Programy\Internet Alert v3.2.exe infected by "Application.Internetalert.A (DB)" Virus! Action Taken: No Action Taken.
File F:\zálohy\Staré PC\Sdílení\Programy\popupBlocker800a.exe infected by "Adware.Safeguardprotect.A (DB)" Virus! Action Taken: No Action Taken.
File F:\zálohy\záloha\Documents and Settings\A\Local Settings\Data aplikací\Identities\{5D8D8E9D-5948-49C8-A77C-943DA218BCAB}\Microsoft\Outlook Express\Doručená pošta.dbx infected by "Win32.Generic.495979 (DB)" Virus! Action Taken: No Action Taken.


Dělal jsem ještě i rychlý scan v MbAMu, ale nic nenašel...

Je toho dost, PC se dlouho používalo jako záloha

Prosím o pomoc s čištěním Petr

[Rudy]

1. Všechny infikované položky, které našel MWAV smažte.
2. Dejte log z ComboFix.

Stahnete a ulozte nejlepe na plochu ComboFix: http://download.bleepingcomputer.com/sUBs/ComboFix.exe

pote spustte aplikaci pod uctem s administratorskym opravnenim

hned po startu se zobrazi obrazovka s licencnimi podminkami, pokracujte kliknutim na tlacitko Ano.

v klidu si postavte na kafe (cela akce trva cca. 5-10 minut, nekdy i dele - dle toho, o jak rychly stroj se jedna a kolika soubory se skener bude muset prodirat), behem skenu se nepokousejte spoustet zadne jine aplikace ani nic jineho

behem skenovani nepropadejte panice, vas stroj muze byt restartovan (predevsim pri prvni aplikaci skeneru)

upozorneni: pokud pouzivate antispyware s rezidentnim stitem, prepnete jeho rezidentni stit do Install Mode, pripadne jej po dobu skenu uplne deaktivujte, protoze dochazi pri skenu a vymazu pripadneho malware k nezadoucim kolizim s rezidentem antispyware

[P.O.B]

1, Soubory ze scanu MWAV smazány (trochu to trvalo) ty první 3, co začínaly "Object..." nemají cestu, takže ty ne

2, log z CF:

ComboFix 10-07-15.03 - Administrator 16.07.2010 7:42.1.1 - x86 NETWORK
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.767.603 [GMT 2:00]
Spuštěný z: c:\documents and settings\Administrator\Plocha\ComboFix.exe
AV: Symantec AntiVirus Corporate Edition *On-access scanning disabled* (Updated) {FB06448E-52B8-493A-90F3-E43226D3305C}
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\regedit.com
c:\windows\system32\AutoRun.inf
c:\windows\system32\taskmgr.com

.
((((((((((((((((((((((((( Soubory vytvořené od 2010-06-16 do 2010-07-16 )))))))))))))))))))))))))))))))
.

2010-07-15 11:31 . 2010-07-15 11:32 -------- d-----w- C:\rsit
2010-07-15 11:31 . 2010-07-15 11:32 -------- d-----w- c:\program files\trend micro
2010-07-15 05:48 . 2010-07-15 05:48 -------- d---a-w- c:\windows\VDLL.DLL
2010-07-15 05:48 . 2010-07-15 05:48 -------- d---a-w- c:\windows\system32\runouce.exe
2010-07-15 05:48 . 2010-07-15 05:48 -------- d---a-w- c:\windows\rundll16.exe
2010-07-15 05:48 . 2010-07-15 05:48 -------- d---a-w- c:\windows\RUNDL132.EXE
2010-07-15 05:48 . 2010-07-15 05:48 -------- d---a-w- c:\windows\logo1_.exe
2010-07-15 05:48 . 2010-07-15 05:48 -------- d---a-w- c:\windows\logo_1.exe
2010-07-15 05:44 . 2010-07-15 05:44 632064 ----a-w- c:\windows\system32\msvcr80.dll
2010-07-15 05:44 . 2010-07-15 05:44 554240 ----a-w- c:\windows\system32\msvcp80.dll
2010-07-15 05:44 . 2010-07-15 05:44 34048 ----a-w- c:\windows\system32\eEmpty.exe
2010-07-15 05:44 . 2008-04-14 03:22 137216 ----a-w- c:\windows\system32\T.COM
2010-07-15 05:44 . 2008-04-14 03:22 147968 ----a-w- c:\windows\R.COM
2010-07-15 05:44 . 2010-07-15 05:44 -------- d-----w- c:\program files\Common Files\MicroWorld
2010-07-14 10:50 . 2010-07-14 10:50 -------- d-----w- c:\program files\Defraggler
2010-07-14 10:49 . 2010-07-14 10:49 -------- d-----w- c:\program files\Speccy

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-07-14 10:44 . 2010-03-08 07:42 -------- d-----w- c:\program files\CCleaner
2010-07-14 10:38 . 2009-06-09 05:47 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-07-14 10:37 . 2010-07-14 10:37 711168 ----a-w- c:\windows\isRS-000.tmp
2010-05-28 07:39 . 2009-01-28 14:45 -------- d-----w- c:\program files\Advanced Spyware Remover Pro
2010-05-28 07:19 . 2010-05-28 07:18 -------- d-----w- c:\program files\Common Files\Adobe
2010-05-02 08:09 . 2006-03-02 12:00 1851264 ----a-w- c:\windows\system32\win32k.sys
2010-04-29 13:39 . 2009-06-09 05:47 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-29 13:39 . 2009-06-09 05:47 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-04-20 05:32 . 2006-03-02 12:00 285696 ----a-w- c:\windows\system32\atmfd.dll
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2005-10-04 48752]
"PRONoMgr.exe"="c:\program files\Intel\NCS\PROSet\PRONoMgr.exe" [2002-10-23 86016]
"SoundMan"="SOUNDMAN.EXE" [2006-01-11 577536]
"UnlockerAssistant"="c:\program files\Unlocker\UnlockerAssistant.exe" [2009-10-26 15872]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-03-17 421888]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-12-21 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=

S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [28.11.2008 15:55 99376]
S3 SavRoam;SAVRoam;c:\program files\Symantec AntiVirus\SavRoam.exe [15.11.2005 13:27 169200]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
.
Obsah adresáře 'Naplánované úlohy'

2010-06-18 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 10:34]
.
.
------- Doplňkový sken -------
.
TCP: {C37E6315-775C-480D-86AC-3809B46E2532} = 192.168.0.1,81.200.48.11
FF - ProfilePath - c:\documents and settings\Administrator\Data aplikací\Mozilla\Firefox\Profiles\3d4awig2.default\

---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-07-16 07:45
Windows 5.1.2600 Service Pack 3 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
Celkový čas: 2010-07-16 07:46:40
ComboFix-quarantined-files.txt 2010-07-16 05:46

Před spuštěním: 1 391 136 768
Po spuštění: 1 927 716 864

WindowsXP-KB310994-SP2-Pro-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

- - End Of File - - 5F3216D11C7F8E2883114AD69749B89C


CF nerestartoval, tak já to zatím taky nebudu zkoušet (jestli XP případně najedou normálně)...

Jak to vypadá teď, jsme "čistí"? Petr

[Rudy]

CF smazal ještě 3 položky, zbytek logu vypadá OK. Ty položky v MWAV, které nemají cestu, jsou pouze neškodné zbytky po dříve vyléčené infekci.

[P.O.B]

Omlouvám se, byl jsem na víkend mimo signál

- - -

PC už naběhne normálně, žádný problém nepozoruju... (krom toho, že winy hlásí vyplý Norton, ale to má na svědomí určitě ComboFix)

Asi je to OK, co teď (odinsalovat CF a tak?)

Díky...

[Rudy]

CF odinstalujte Start>spustit>(napsat) combofix /uninstall>OK. CF se spustí a odinstaluje. Norton zapněte, může se stát, že se poškodila jeho instalace, v tom případě ho reinstalujte.

[P.O.B]

CF uninstall, Norton reinstal, PC je OK

Díky moc za pomoc. Petr

[Rudy]

Nemáte zač!