PC-HELP.CZ

České diskuzní fórum o počítačích
https://pc-help.cnews.cz/

Pomale otvirani souboru

https://pc-help.cnews.cz/viewtopic.php?f=46&t=5082

Stránka 2 z 2

Napsal: 10 kvě 2006 20:10
od mijaja
Jistější je kontrola kompu MWAVem, ukáže ti i ty skryté v Obnově systému - takže to proskenuj - odkaz i návod mám v podpisu.

Napsal: 12 kvě 2006 18:51
od Danmaker
Toto mi nasel MWAV:

Object "cydoor Spyware/Adware" found in File System! Action Taken: No Action Taken.

Object "media access Spyware/Adware" found in File System! Action Taken: No Action Taken.

Object "newdotnet Spyware/Adware" found in File System! Action Taken: No Action Taken.

Object "media tickets Spyware/Adware" found in File System! Action Taken: No Action Taken.

Object "cydoor Spyware/Adware" found in File System! Action Taken: No Action Taken.

Object "coolwebsearch Spyware/Adware" found in File System! Action Taken: No Action Taken.

Object "tencent qq Spyware/Adware" found in File System! Action Taken: No Action Taken.

Object "tencent qq Spyware/Adware" found in File System! Action Taken: No Action Taken.

Object "tencent qq Spyware/Adware" found in File System! Action Taken: No Action Taken.

Object "peopleonpage Spyware/Adware" found in File System! Action Taken: No Action Taken.

Object "cydoor Spyware/Adware" found in File System! Action Taken: No Action Taken.

Object "abetterinternet Spyware/Adware" found in File System! Action Taken: No Action Taken.

Object "tencent qq Spyware/Adware" found in File System! Action Taken: No Action Taken.

File C:\WINDOWS\system32\.pif infected by "Trojan-Downloader.BAT.Ftp.y" Virus! Action Taken: No Action Taken.




Offending Key found: HKLM\Software\cydoor !!!
Sat May 06 09:47:47 2006 => Object "cydoor Spyware/Adware" found in File System! Action Taken: No Action Taken.

Sat May 06 09:47:47 2006 => Offending Key found: HKCU\Software\cydoor !!!
Sat May 06 09:47:47 2006 => Object "cydoor Spyware/Adware" found in File System! Action Taken: No Action Taken.

Sat May 06 09:47:47 2006 => Offending Key found: HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\StartupReg\cydoor !!!
Sat May 06 09:47:47 2006 => Object "cydoor Spyware/Adware" found in File System! Action Taken: No Action Taken.

Sat May 06 09:47:47 2006 => Offending Key found: HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\StartupReg\media gateway !!!
Sat May 06 09:47:47 2006 => Object "media access Spyware/Adware" found in File System! Action Taken: No Action Taken.

Sat May 06 09:47:47 2006 => Offending Key found: HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\StartupReg\new.net startup !!!
Sat May 06 09:47:47 2006 => Object "newdotnet Spyware/Adware" found in File System! Action Taken: No Action Taken.

Sat May 06 09:47:48 2006 => Offending file found: C:\WINDOWS\mtu.bat
Sat May 06 09:47:48 2006 => System found infected with media tickets Spyware/Adware (mtu.bat)! Action taken: No Action Taken.

Sat May 06 09:47:49 2006 => Offending file found: C:\WINDOWS\system32\cd_clint.dll
Sat May 06 09:47:49 2006 => System found infected with cydoor Spyware/Adware (cd_clint.dll)! Action taken: No Action Taken.

Sat May 06 09:47:49 2006 => Offending file found: C:\DOCUME~1\VYKOVS~1\LOCALS~1\Temp\cd_clint.dll
Sat May 06 09:47:49 2006 => System found infected with cydoor Spyware/Adware (cd_clint.dll)! Action taken: No Action Taken.

Sat May 06 09:47:54 2006 => Offending file found: C:\Documents and Settings\Plocha\dan\et\docs\help\manual\html\top.html
Sat May 06 09:47:54 2006 => System found infected with whenu.sidefinder Spyware/Adware (top.html)! Action taken: No Action Taken.

Sat May 06 09:47:55 2006 => Offending Folder found: C:\Documents and Settings\Plocha\dan\programy\anydvd\manual\se
Sat May 06 09:47:55 2006 => Object "coolwebsearch Spyware/Adware" found in File System! Action Taken: No Action Taken.

Sat May 06 09:47:55 2006 => Offending file found: C:\Documents and Settings\Plocha\dan\programy\bsplayer\skins\base\skin.ini
Sat May 06 09:47:55 2006 => System found infected with tencent qq Spyware/Adware (skin.ini)! Action taken: No Action Taken.

Sat May 06 09:47:55 2006 => Offending file found: C:\Documents and Settings\Plocha\dan\programy\clonecd\graphics\skin.ini
Sat May 06 09:47:55 2006 => System found infected with tencent qq Spyware/Adware (skin.ini)! Action taken: No Action Taken.

Sat May 06 09:47:55 2006 => Offending file found: C:\Documents and Settings\Plocha\dan\programy\winavi video converter\skins\0\skin.ini
Sat May 06 09:47:55 2006 => System found infected with tencent qq Spyware/Adware (skin.ini)! Action taken: No Action Taken.

Sat May 06 09:47:55 2006 => Offending file found: C:\Documents and Settings\Plocha\dan\stunts\stunts\data\load.exe
Sat May 06 09:47:55 2006 => System found infected with peopleonpage Spyware/Adware (load.exe)! Action taken: No Action Taken.

Sat May 06 09:48:02 2006 => Offending file found: C:\Documents and Settings\Local Settings\temp\cd_clint.dll
Sat May 06 09:48:02 2006 => System found infected with cydoor Spyware/Adware (cd_clint.dll)! Action taken: No Action Taken.

Sat May 06 09:48:03 2006 => Offending file found: C:\Documents and Settings\Local Settings\temp\nsz2a8.tmp\banner.dll
Sat May 06 09:48:03 2006 => System found infected with abetterinternet Spyware/Adware (banner.dll)! Action taken: No Action Taken.

Sat May 06 09:48:03 2006 => Offending file found: C:\Documents and Settings\Local Settings\temp\_bspst$_\skin.ini
Sat May 06 09:48:03 2006 => System found infected with tencent qq Spyware/Adware (skin.ini)!

Sat May 06 09:53:41 2006 => File C:\WINDOWS\system32\smrss.exe infected by "Net-Worm.Win32.Dedler.o" Virus! Action Taken: No Action Taken.

Napsal: 12 kvě 2006 19:22
od mijaja
No Dane, v první řadě si nainstaluj firewall - v linku Důležité ... mám dobrý výběr.

Ten výběr z logu MWAVu je celý? Jestli ano:

Takže tyhle soubory by měly z disku pryč:

C:\WINDOWS\system32\.pif
C:\WINDOWS\system32\cd_clint.dll
C:\WINDOWS\mtu.bat
C:\DOCUME~1\VYKOVS~1\LOCALS~1\Temp\cd_clint.dll
C:\Documents and Settings\Plocha\dan\et\docs\help\manual\html\top.html
C:\Documents and Settings\Plocha\dan\programy\anydvd\manual\se
C:\Documents and Settings\Plocha\dan\programy\bsplayer\skins\base\skin.ini - šmejd provázející nejnovější verze BSPlayeru
C:\Documents and Settings\Plocha\dan\programy\winavi video converter\skins\0\skin.ini
C:\Documents and Settings\Plocha\dan\stunts\stunts\data\load.exe
C:\Documents and Settings\Local Settings\temp\cd_clint.dll
C:\Documents and Settings\Local Settings\temp\nsz2a8.tmp\banner.dll
C:\Documents and Settings\Local Settings\temp\_bspst$_\skin.ini
C:\WINDOWS\system32\smrss.exe - Net-Worm.Win32.Dedler.o - to je ten nej...šmejd ze všech co máš v kompu.

Ty červené soubory musíš všechny smazat! Musíš mít nastaveno v Možnostech složky zobrazování skrytých a systémových souborů. Pokud některý nenajdeš, tak napiš který. Až to budeš mít, otevři si editor registrů a najdi tyhle klíče a smaž je taky ( jen ty klíče - ne celé větve!)



HKLM\Software\cydoor !!!
HKCU\Software\cydoor !!!
HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\StartupReg\cydoor !!!
HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\StartupReg\media gateway !!!
HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\StartupReg\new.net startup !!!

Až to budeš mít stáhni si Ccleaner - link s návodem mám v podpisu - a pořádně vyčisti celý komp i registry. Aspoň dvakrát po sobě, aby tam nezůstal jediný šmejdík.
Časové pásmo: UTC+02:00
Stránka 2 z 2
Powered by phpBB® Forum Software © phpBB Limited
https://www.phpbb.com/