Brána firewall ---- nutná pomoc

[PavelKilleR]

caute vsem , nevim jestli jsem toto tema zaradil spravne , ale kazdou minutu se mi obkevuje tabulka Brány firewall, která mi oznamuje """""Název : jakýkoliv číslo, takže od 0 do 1 000 /// Vydavatel : neznámy""""""a nechyby k tomu ani otázka odblokovat - blokovat. Jelikoz jsem nemel zadny antivirus , tak jsem si stahl Nod32 smart security a důkladně jsem vyčistil svůj hardisk . Naslo mi to plno trojskych konu, ale taky jinou haved ktera byla podle testu na 100% odstranena...Ale ani to nepomohlo, proste mi to nabiha kazdou minutu jiny cislo. napadlo me vypnout ochranu brany firewall a prestalo se mi to ukazovat ale pokud jsem zacal hrat hru tak se mi hra strasne sekala..Napadlo me se podivat na tabulku prez ctrl+alt+delete a opet jsem zjistil spatnou vec. proste at delam co delam vzdy mi ty chyby naskakuji a nevim co mam delat. spomaluje mi to cely system proto jsem vyzkousel plno programu na procisteni registru apodobne, bohuzel ani to nepomohlo . jinak sorry za tento slohovy utvar ale kratce jsem to nedokazal popsat pismem jinak prikladam sem prilohu - obrazek kde sjou chyby ukazany cervenym podtrzenim

divne

[Reklama]

[alenka_v_říši_divů]

to vypada divne..co log z HJT?

[PavelKilleR]

ted si pripadam trapne treba to vim ale co je to HJT????? a nesmej se mi a jinak je to hodne divny

[alenka_v_říši_divů]

se nesmeju..neni duvod :) mrkni sem http://pc-help.cz/viewtopic.php?f=70&t=5119 proste to stahni..nainstaluj a zmackni v tom scanu to prvni tlacitko "do a system scan and save la logfile" a za minutku ti vyjede log v textaku..ten zkopirujes sem :)

[PavelKilleR]

dobra ty jsi ale hodna :-)
tady je vysledek ///
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:28:56, on 18.3.2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\WINDOWS\system32\nvraidservice.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\CameraFixer.exe
C:\WINDOWS\vsnpstd.exe
C:\DOCUME~1\PAVELK~1\LOCALS~1\Temp\918.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\OETRN.EXE
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Documents and Settings\PavelKilleR\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Firebird\Firebird_1_5\bin\fbguard.exe
C:\Program Files\ICQ6Toolbar\ICQ Service.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\Program Files\Firebird\Firebird_1_5\bin\fbserver.exe
C:\DOCUME~1\PAVELK~1\LOCALS~1\Temp\149.exe
C:\DOCUME~1\PAVELK~1\LOCALS~1\Temp\137.exe
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\ICQ6.5\ICQ.exe
C:\DOCUME~1\PAVELK~1\LOCALS~1\Temp\236.exe
C:\DOCUME~1\PAVELK~1\LOCALS~1\Temp\218.exe
C:\DOCUME~1\PAVELK~1\LOCALS~1\Temp\106.exe
C:\DOCUME~1\PAVELK~1\LOCALS~1\Temp\140.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\DOCUME~1\PAVELK~1\LOCALS~1\Temp\674.exe
C:\DOCUME~1\PAVELK~1\LOCALS~1\Temp\930.exe
C:\Program Files\QIP Infium\infium.exe
C:\DOCUME~1\PAVELK~1\LOCALS~1\Temp\005.exe
C:\DOCUME~1\PAVELK~1\LOCALS~1\Temp\872.exe
C:\DOCUME~1\PAVELK~1\LOCALS~1\Temp\625.exe
C:\DOCUME~1\PAVELK~1\LOCALS~1\Temp\551.exe
C:\DOCUME~1\PAVELK~1\LOCALS~1\Temp\187.exe
C:\DOCUME~1\PAVELK~1\LOCALS~1\Temp\131.exe
C:\DOCUME~1\PAVELK~1\LOCALS~1\Temp\991.exe
C:\DOCUME~1\PAVELK~1\LOCALS~1\Temp\492.exe
C:\DOCUME~1\PAVELK~1\LOCALS~1\Temp\039.exe
C:\DOCUME~1\PAVELK~1\LOCALS~1\Temp\015.exe
C:\DOCUME~1\PAVELK~1\LOCALS~1\Temp\387.exe
C:\DOCUME~1\PAVELK~1\LOCALS~1\Temp\171.exe
C:\DOCUME~1\PAVELK~1\LOCALS~1\Temp\030.exe
C:\DOCUME~1\PAVELK~1\LOCALS~1\Temp\043.exe
C:\WINDOWS\System32\rundll32.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\DOCUME~1\PAVELK~1\LOCALS~1\Temp\061.exe
C:\totalcmd\TOTALCMD.EXE
C:\WINDOWS\system32\rundll32.exe
C:\DOCUME~1\PAVELK~1\LOCALS~1\Temp\134.exe
C:\DOCUME~1\PAVELK~1\LOCALS~1\Temp\842.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.atlas.cz/?from=icqhp
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: SearchSettings Class - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\Search Settings\kb127\SearchSettings.dll
R3 - URLSearchHook: (no name) - - (no file)
R3 - URLSearchHook: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
O2 - BHO: WebTransBHO Class - {2DB66063-BB98-466A-AA0D-3E7ACF5ED853} - C:\WINDOWS\WebIE.dll
O2 - BHO: DealioBHO Class - {6A87B991-A31F-4130-AE72-6D0C294BF082} - C:\Program Files\Dealio\kb127\Dealio.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~3\Office12\GRA8E1~1.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: SearchSettings Class - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\Search Settings\kb127\SearchSettings.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: WebTranslator - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - C:\WINDOWS\WebIE.dll
O3 - Toolbar: Dealio - {E67C74F4-A00A-4F2C-9FEC-FD9DC004A67F} - C:\Program Files\Dealio\kb127\Dealio.dll
O3 - Toolbar: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
O4 - HKLM\..\Run: [NVRaidService] C:\WINDOWS\system32\nvraidservice.exe
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [au] C:\Program Files\Dealio\DealioAU.exe
O4 - HKLM\..\Run: [SearchSettings] C:\Program Files\Search Settings\SearchSettings.exe
O4 - HKLM\..\Run: [NVMixerTray] "C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [CameraFixer] C:\WINDOWS\CameraFixer.exe
O4 - HKLM\..\Run: [snpstd] C:\WINDOWS\vsnpstd.exe
O4 - HKLM\..\Run: [Skype Recorder] "C:\Program Files\Skype Recorder\Skype Recorder.exe"
O4 - HKLM\..\Run: [Advanced DHTML Enable] C:\DOCUME~1\PAVELK~1\LOCALS~1\Temp\842.exe
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [Tracks Eraser Pro] C:\Program Files\Acesoft\Tracks Eraser Pro\te.exe min
O4 - HKCU\..\Run: [OEXPRESS] C:\WINDOWS\OETRN.EXE
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [32NFG94-H61-2SF-N1P-5M1ERH6L6] C:\RECYCLER\S-1-5-21-2597092678-0739118450-406198496-8752\winIgn.exe
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\PavelKilleR\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [12CFG914-K641-26SF-N31P] C:\RECYCLER\S-1-5-21-0243336031-1052116379-181863308-1851\vsexy1.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: Compare Prices with &Dealio - C:\Documents and Settings\PavelKilleR\Data aplikací\Dealio\kb127\res\DealioSearch.html
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: WebTran - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - C:\WINDOWS\WebIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - (no file)
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748449} - C:\WINDOWS\WebIE.dll
O9 - Extra 'Tools' menuitem: &Nastavit překladač - {CC963627-B1DC-40E0-B52A-CF21EE748449} - C:\WINDOWS\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\WINDOWS\WebIE.dll
O9 - Extra 'Tools' menuitem: &Slovník - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\WINDOWS\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\WINDOWS\WebIE.dll
O9 - Extra 'Tools' menuitem: Přeložit &označený text - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\WINDOWS\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\WINDOWS\WebIE.dll
O9 - Extra 'Tools' menuitem: Přeložit &stránku - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\WINDOWS\WebIE.dll
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra button: Dealio - {E908B145-C847-4e85-B315-07E2E70DECF8} - C:\Program Files\Dealio\kb127\Dealio.dll
O9 - Extra 'Tools' menuitem: Dealio - {E908B145-C847-4e85-B315-07E2E70DECF8} - C:\Program Files\Dealio\kb127\Dealio.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} (Oberon Flash Game Host) - http://icq.oberon-media.com/Gameshell/G ... meHost.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{63C43C92-5508-46B7-B810-C53D59993753}: NameServer = 77.237.153.1,77.237.128.2
O17 - HKLM\System\CS1\Services\Tcpip\..\{63C43C92-5508-46B7-B810-C53D59993753}: NameServer = 77.237.153.1,77.237.128.2
O17 - HKLM\System\CS2\Services\Tcpip\..\{63C43C92-5508-46B7-B810-C53D59993753}: NameServer = 77.237.153.1,77.237.128.2
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~3\Office12\GR99D3~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Skype Recorder\Skype4COM.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: Firebird Guardian - DefaultInstance (FirebirdGuardianDefaultInstance) - The Firebird Project - C:\Program Files\Firebird\Firebird_1_5\bin\fbguard.exe
O23 - Service: Firebird Server - DefaultInstance (FirebirdServerDefaultInstance) - The Firebird Project - C:\Program Files\Firebird\Firebird_1_5\bin\fbserver.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: ICQ Service - Unknown owner - C:\Program Files\ICQ6Toolbar\ICQ Service.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe

--
End of file - 11702 bytes

[alenka_v_říši_divů]

ježiši..kdes to nachytal tak .. odpoj se od netu vypni prohlizec a aktivni okna a fixni v HJT

[*]R3 - URLSearchHook: (no name) - - (no file)*****O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe*****O4 - HKLM\..\Run: [Advanced DHTML Enable] C:\DOCUME~1\PAVELK~1\LOCALS~1\Temp\842.exe*****O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\PavelKilleR\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe" /c--ponech jestli chces*****O4 - HKCU\..\Run: [12CFG914-K641-26SF-N31P] C:\RECYCLER\S-1-5-21-0243336031-1052116379-181863308-1851\vsexy1.exe*****O9 - Extra button: (no name) - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - (no file)*****O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\WINDOWS\WebIE.dll

... jeste bys mel fixnout zalezitosti,kde je v klici "(no name)" .. ale ted to hlavni..az to udelas,tak spust MBAM,kterej si stahnes zde http://www.besttechie.net/tools/mbam-setup.exe po te udelej toto:navod od uzivatele "jaro3":::Nainstaluj a spusť ho
- na konci instalace se ujisti že máš zvoleny/zatrhnuty obě možnosti:
Aktualizace Malwarebytes' Anti-Malware a Spustit aplikaci Malwarebytes' Anti-Malware, pokud jo tak klikni na tlačítko konec
- pokud bude nalezena aktualizace, tak se stáhne a nainstaluje
- program se po té spustí a nech vybranou možnost Provést rychlý sken a klikni na tlačítko Skenovat
- po proběhnutí programu se ti objeví hláška tak klikni na OK a pak na tlačítko Zobrazit výsledky
- pak zvol možnost uložit log a ulož si log na plochu
- po té klikni na tlačítko Exit, objeví se ti hláška tak zvol Ano
(zatím nic nemaž!).
Vlož sem pak obsah toho logu. chapes to?

[PavelKilleR]

ty vole husty nikdy sem to nedelal tak vydrz

[alenka_v_říši_divů]

jinak ja su kořeň ne mařka .... a nejsu profik co se týče logů...ale neradím ti nic..co by nebylo v tvym zajmu...je dost možny..že cosi zbylo na fix..ale je to prekerni situace/aspon sem to tak pochopil/ :) a nikdo jinej tu není....ten šmejd odstřelíme... :)

[PavelKilleR]

sakra ty si kluk hej promin me napadlo alenka jako ta holka vis jak ne ty brdo trapassssssssss

[PavelKilleR]

tady je novy log

Malwarebytes' Anti-Malware 1.34
Verze databáze: 1861
Windows 5.1.2600 Service Pack 2

18.3.2009 2:07:35
mbam-log-2009-03-18 (02-07-30).txt

Typ skenu: Rychlý sken
Objektu skenováno: 72953
Uplynulý cas: 5 minute(s), 31 second(s)

Infikované procesy pameti: 0
Infikované pametové moduly: 0
Infikované klíce registru: 0
Infikované hodnoty registru: 3
Infikované položky dat registru: 1
Infikované složky: 1
Infikované soubory: 3

Infikované procesy pameti:
(Žádné zákerné položky nebyly zjišteny)

Infikované pametové moduly:
(Žádné zákerné položky nebyly zjišteny)

Infikované klíce registru:
(Žádné zákerné položky nebyly zjišteny)

Infikované hodnoty registru:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Advanced DHTML Enable (Trojan.Agent) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\32nfg94-h61-2sf-n1p-5m1erh6l6 (Trojan.Agent) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\12cfg914-k641-26sf-n31p (Trojan.Agent) -> No action taken.

Infikované položky dat registru:
HKEY_CLASSES_ROOT\regfile\shell\open\command\ (Broken.OpenCommand) -> Bad: ("regedit.exe" "%1") Good: (regedit.exe "%1") -> No action taken.

Infikované složky:
C:\RECYCLER\S-1-5-21-0243336031-1052116379-181863308-1851 (Trojan.Agent) -> No action taken.

Infikované soubory:
C:\RECYCLER\S-1-5-21-0243336031-1052116379-181863308-1851\Desktop.ini (Trojan.Agent) -> No action taken.
C:\Documents and Settings\PavelKilleR\Local Settings\Temp\195.exe (Trojan.Agent) -> No action taken.
C:\RECYCLER\S-1-5-21-2597092678-0739118450-406198496-8752\winIgn.exe (Trojan.Agent) -> No action taken.

[alenka_v_říši_divů]

hruza čeče :) tedka bys mel provest "normalni" scan ..v MBAM ... pod tim expres scan....pokud to mas v cestine..tak na konci scanu zadej vymazat vybrané/vsechny nalezy ale musis oznacit-pokud nejsou/..pak se ti zobrazi log.....rozumime si? :)

[PavelKilleR]

Malwarebytes' Anti-Malware 1.34
Verze databáze: 1861
Windows 5.1.2600 Service Pack 2

18.3.2009 2:22:53
mbam-log-2009-03-18 (02-22-53).txt

Typ skenu: Rychlý sken
Objektu skenováno: 72953
Uplynulý cas: 5 minute(s), 31 second(s)

Infikované procesy pameti: 0
Infikované pametové moduly: 0
Infikované klíce registru: 0
Infikované hodnoty registru: 3
Infikované položky dat registru: 1
Infikované složky: 1
Infikované soubory: 3

Infikované procesy pameti:
(Žádné zákerné položky nebyly zjišteny)

Infikované pametové moduly:
(Žádné zákerné položky nebyly zjišteny)

Infikované klíce registru:
(Žádné zákerné položky nebyly zjišteny)

Infikované hodnoty registru:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Advanced DHTML Enable (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\32nfg94-h61-2sf-n1p-5m1erh6l6 (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\12cfg914-k641-26sf-n31p (Trojan.Agent) -> Quarantined and deleted successfully.

Infikované položky dat registru:
HKEY_CLASSES_ROOT\regfile\shell\open\command\ (Broken.OpenCommand) -> Bad: ("regedit.exe" "%1") Good: (regedit.exe "%1") -> Quarantined and deleted successfully.

Infikované složky:
C:\RECYCLER\S-1-5-21-0243336031-1052116379-181863308-1851 (Trojan.Agent) -> Quarantined and deleted successfully.

Infikované soubory:
C:\RECYCLER\S-1-5-21-0243336031-1052116379-181863308-1851\Desktop.ini (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\PavelKilleR\Local Settings\Temp\195.exe (Trojan.Agent) -> Delete on reboot.
C:\RECYCLER\S-1-5-21-2597092678-0739118450-406198496-8752\winIgn.exe (Trojan.Agent) -> Delete on reboot.