to jsou jenom zápisy v registru.zbytky po vyléčený infekci.
co ten komp?
Prosim o pomoc! PC napaden!
Moderátoři: Mods_senior, Security team
Pravidla fóra
Návod na použití programu HijackThis || Návod na vyčištění počítače CCleanerem || FAQ: Antiviry
Návod na použití programu HijackThis || Návod na vyčištění počítače CCleanerem || FAQ: Antiviry
-
Baron Prášil
- Master Level 7
- Příspěvky: 4882
- Registrován: 09 čer 2006 18:47
-
Baron Prášil
- Master Level 7
- Příspěvky: 4882
- Registrován: 09 čer 2006 18:47
čistil jsi před použitím mwavu?jestli ne tak
vyčisti systém CCleanerem a RegCleanerem
Stáhni si SDFix
a spusť ho,vybalí se do vlastní složky (bude asi na C:\SDfix).
Poté restartuj PC do nouzového režimu.Otevři složku kde je vybalený SDFix a spusť soubor RunThis.bat a stiskni Y pro zahájení čistícího procesu.
Pro dokončení bude třeba stisknout libovolnou klávesu a počítač se restartuje.
Při nabíhání operačního systému budeš muset po vyzvání stisknout libovolnou klávesu pro vstup do do Win.
Po naběhnutí OS by ti měl zobrazit výpis SDFixu tak ho sem zkopíruj. pokud ti nevyběhne tak je umístěný ve své vlastní složce jako Report.txt
vyčisti systém CCleanerem a RegCleanerem
Stáhni si SDFix
a spusť ho,vybalí se do vlastní složky (bude asi na C:\SDfix).
Poté restartuj PC do nouzového režimu.Otevři složku kde je vybalený SDFix a spusť soubor RunThis.bat a stiskni Y pro zahájení čistícího procesu.
Pro dokončení bude třeba stisknout libovolnou klávesu a počítač se restartuje.
Při nabíhání operačního systému budeš muset po vyzvání stisknout libovolnou klávesu pro vstup do do Win.
Po naběhnutí OS by ti měl zobrazit výpis SDFixu tak ho sem zkopíruj. pokud ti nevyběhne tak je umístěný ve své vlastní složce jako Report.txt
SDFix: Version 1.117
Run by user on so 08.12.2007 at 20:34
Microsoft Windows 2000 [Verze 5.00.2195]
Running From: C:\SDFix
Safe Mode:
Checking Services:
Restoring Windows Registry Values
Restoring Windows Default Hosts File
Rebooting...
Normal Mode:
Checking Files:
No Trojan Files Found
Removing Temp Files...
ADS Check:
C:\WINNT
No streams found.
C:\WINNT\system32
No streams found.
C:\WINNT\system32\svchost.exe
No streams found.
C:\WINNT\system32\ntoskrnl.exe
No streams found.
Final Check:
catchme 0.3.1262.1 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-12-08 20:40:06
Windows 5.0.2195 Service Pack 4 NTFS
scanning hidden processes ...
scanning hidden services & system hive ...
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg]
"s1"=dword:2df9c43f
"s2"=dword:110480d0
"h0"=dword:00000001
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="C:\Program Files\DAEMON Tools\"
"h0"=dword:00000000
"khjeh"=hex:3b,ce,4b,fd,ac,63,86,b0,57,9a,d2,76,3e,3f,4d,1e,9f,59,bd,f1,4e,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,71,f2,ba,8a,be,9e,75,1c,51,55,50,9c,af,d1,05,f7,d7,..
"khjeh"=hex:e0,69,b7,ee,29,82,4c,5f,61,d7,8f,c4,07,9d,5c,39,1c,91,6f,b5,b8,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:7d,32,a3,74,03,ef,ac,a2,c5,c0,1f,fb,db,7c,e8,fd,28,40,c6,38,dd,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41]
"khjeh"=hex:fc,e7,94,b1,1b,51,c2,eb,0a,d9,52,23,55,05,04,1a,4b,b0,34,a0,1c,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42]
"khjeh"=hex:5a,bc,db,c9,3a,11,6f,85,a0,78,8e,f1,aa,61,5b,55,25,c7,38,7d,82,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf43]
"khjeh"=hex:c9,70,fd,66,4b,97,8d,b3,16,c5,d6,1d,bc,96,fa,ef,d7,8f,46,f0,da,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="C:\Program Files\DAEMON Tools\"
"h0"=dword:00000000
"khjeh"=hex:3b,ce,4b,fd,ac,63,86,b0,57,9a,d2,76,3e,3f,4d,1e,9f,59,bd,f1,4e,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,71,f2,ba,8a,be,9e,75,1c,51,55,50,9c,af,d1,05,f7,d7,..
"khjeh"=hex:e0,69,b7,ee,29,82,4c,5f,61,d7,8f,c4,07,9d,5c,39,1c,91,6f,b5,b8,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:7d,32,a3,74,03,ef,ac,a2,c5,c0,1f,fb,db,7c,e8,fd,28,40,c6,38,dd,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41]
"khjeh"=hex:fc,e7,94,b1,1b,51,c2,eb,0a,d9,52,23,55,05,04,1a,4b,b0,34,a0,1c,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42]
"khjeh"=hex:5a,bc,db,c9,3a,11,6f,85,a0,78,8e,f1,aa,61,5b,55,25,c7,38,7d,82,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf43]
"khjeh"=hex:c9,70,fd,66,4b,97,8d,b3,16,c5,d6,1d,bc,96,fa,ef,d7,8f,46,f0,da,..
scanning hidden registry entries ...
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Control Panel\Cursors\Schemes]
"\f\1e?r?n?\xe1? ?o?k?n?a? ?"="C:\WINNT\cursors\arrow_r.cur,C:\WINNT\cursors\help_r.cur,C:\WINNT\cursors\wait_r.cur,C:\WINNT\cursors\busy_r.cur,C:\WINNT\cursors\cross_r.cur,C:\WINNT\cursors\beam_r.cur,C:\WINNT\cursors\pen_r.cur,C:\WINNT\cursors\no_r.cur,C:\WINNT\cursors\size4_r.cur,C:\WINNT\cursors\size3_r.cur,C:\WINNT\cursors\size2_r.cur,C:\WINNT\cursors\size1_r.cur,C:\WINNT\cursors\move_r.cur,C:\WINNT\cursors\up_r.cur"
"\f\1e?r?n?\xe1? ?o?k?n?a? ?(?v?e?l?k?\xe9?)?"="C:\WINNT\cursors\arrow_rm.cur,C:\WINNT\cursors\help_rm.cur,C:\WINNT\cursors\wait_rm.cur,C:\WINNT\cursors\busy_rm.cur,C:\WINNT\cursors\cross_rm.cur,C:\WINNT\cursors\beam_rm.cur,C:\WINNT\cursors\pen_rm.cur,C:\WINNT\cursors\no_rm.cur,C:\WINNT\cursors\size4_rm.cur,C:\WINNT\cursors\size3_rm.cur,C:\WINNT\cursors\size2_rm.cur,C:\WINNT\cursors\size1_rm.cur,C:\WINNT\cursors\move_rm.cur,C:\WINNT\cursors\up_rm.cur"
"\f\1e?r?n?\xe1? ?o?k?n?a? ?(?n?e?j?v?\e\1t?a\1\xed?)?"="C:\WINNT\cursors\arrow_rl.cur,C:\WINNT\cursors\help_rl.cur,C:\WINNT\cursors\wait_rl.cur,C:\WINNT\cursors\busy_rl.cur,C:\WINNT\cursors\cross_rl.cur,C:\WINNT\cursors\beam_
Remaining Services:
------------------
Remaining Files:
---------------
Files with Hidden Attributes:
Sat 18 Dec 2004 1,005,056 A..HR --- "C:\Documents and Settings\user\Plocha\m ma\P lˇ N m To\Data\PnT.exe"
Finished!
Run by user on so 08.12.2007 at 20:34
Microsoft Windows 2000 [Verze 5.00.2195]
Running From: C:\SDFix
Safe Mode:
Checking Services:
Restoring Windows Registry Values
Restoring Windows Default Hosts File
Rebooting...
Normal Mode:
Checking Files:
No Trojan Files Found
Removing Temp Files...
ADS Check:
C:\WINNT
No streams found.
C:\WINNT\system32
No streams found.
C:\WINNT\system32\svchost.exe
No streams found.
C:\WINNT\system32\ntoskrnl.exe
No streams found.
Final Check:
catchme 0.3.1262.1 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-12-08 20:40:06
Windows 5.0.2195 Service Pack 4 NTFS
scanning hidden processes ...
scanning hidden services & system hive ...
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg]
"s1"=dword:2df9c43f
"s2"=dword:110480d0
"h0"=dword:00000001
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="C:\Program Files\DAEMON Tools\"
"h0"=dword:00000000
"khjeh"=hex:3b,ce,4b,fd,ac,63,86,b0,57,9a,d2,76,3e,3f,4d,1e,9f,59,bd,f1,4e,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,71,f2,ba,8a,be,9e,75,1c,51,55,50,9c,af,d1,05,f7,d7,..
"khjeh"=hex:e0,69,b7,ee,29,82,4c,5f,61,d7,8f,c4,07,9d,5c,39,1c,91,6f,b5,b8,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:7d,32,a3,74,03,ef,ac,a2,c5,c0,1f,fb,db,7c,e8,fd,28,40,c6,38,dd,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41]
"khjeh"=hex:fc,e7,94,b1,1b,51,c2,eb,0a,d9,52,23,55,05,04,1a,4b,b0,34,a0,1c,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42]
"khjeh"=hex:5a,bc,db,c9,3a,11,6f,85,a0,78,8e,f1,aa,61,5b,55,25,c7,38,7d,82,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf43]
"khjeh"=hex:c9,70,fd,66,4b,97,8d,b3,16,c5,d6,1d,bc,96,fa,ef,d7,8f,46,f0,da,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="C:\Program Files\DAEMON Tools\"
"h0"=dword:00000000
"khjeh"=hex:3b,ce,4b,fd,ac,63,86,b0,57,9a,d2,76,3e,3f,4d,1e,9f,59,bd,f1,4e,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,71,f2,ba,8a,be,9e,75,1c,51,55,50,9c,af,d1,05,f7,d7,..
"khjeh"=hex:e0,69,b7,ee,29,82,4c,5f,61,d7,8f,c4,07,9d,5c,39,1c,91,6f,b5,b8,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:7d,32,a3,74,03,ef,ac,a2,c5,c0,1f,fb,db,7c,e8,fd,28,40,c6,38,dd,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41]
"khjeh"=hex:fc,e7,94,b1,1b,51,c2,eb,0a,d9,52,23,55,05,04,1a,4b,b0,34,a0,1c,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42]
"khjeh"=hex:5a,bc,db,c9,3a,11,6f,85,a0,78,8e,f1,aa,61,5b,55,25,c7,38,7d,82,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf43]
"khjeh"=hex:c9,70,fd,66,4b,97,8d,b3,16,c5,d6,1d,bc,96,fa,ef,d7,8f,46,f0,da,..
scanning hidden registry entries ...
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Control Panel\Cursors\Schemes]
"\f\1e?r?n?\xe1? ?o?k?n?a? ?"="C:\WINNT\cursors\arrow_r.cur,C:\WINNT\cursors\help_r.cur,C:\WINNT\cursors\wait_r.cur,C:\WINNT\cursors\busy_r.cur,C:\WINNT\cursors\cross_r.cur,C:\WINNT\cursors\beam_r.cur,C:\WINNT\cursors\pen_r.cur,C:\WINNT\cursors\no_r.cur,C:\WINNT\cursors\size4_r.cur,C:\WINNT\cursors\size3_r.cur,C:\WINNT\cursors\size2_r.cur,C:\WINNT\cursors\size1_r.cur,C:\WINNT\cursors\move_r.cur,C:\WINNT\cursors\up_r.cur"
"\f\1e?r?n?\xe1? ?o?k?n?a? ?(?v?e?l?k?\xe9?)?"="C:\WINNT\cursors\arrow_rm.cur,C:\WINNT\cursors\help_rm.cur,C:\WINNT\cursors\wait_rm.cur,C:\WINNT\cursors\busy_rm.cur,C:\WINNT\cursors\cross_rm.cur,C:\WINNT\cursors\beam_rm.cur,C:\WINNT\cursors\pen_rm.cur,C:\WINNT\cursors\no_rm.cur,C:\WINNT\cursors\size4_rm.cur,C:\WINNT\cursors\size3_rm.cur,C:\WINNT\cursors\size2_rm.cur,C:\WINNT\cursors\size1_rm.cur,C:\WINNT\cursors\move_rm.cur,C:\WINNT\cursors\up_rm.cur"
"\f\1e?r?n?\xe1? ?o?k?n?a? ?(?n?e?j?v?\e\1t?a\1\xed?)?"="C:\WINNT\cursors\arrow_rl.cur,C:\WINNT\cursors\help_rl.cur,C:\WINNT\cursors\wait_rl.cur,C:\WINNT\cursors\busy_rl.cur,C:\WINNT\cursors\cross_rl.cur,C:\WINNT\cursors\beam_
Remaining Services:
------------------
Remaining Files:
---------------
Files with Hidden Attributes:
Sat 18 Dec 2004 1,005,056 A..HR --- "C:\Documents and Settings\user\Plocha\m ma\P lˇ N m To\Data\PnT.exe"
Finished!
-
Baron Prášil
- Master Level 7
- Příspěvky: 4882
- Registrován: 09 čer 2006 18:47
-
Baron Prášil
- Master Level 7
- Příspěvky: 4882
- Registrován: 09 čer 2006 18:47
ten návod je tady odsud http://www.pc-help.cz/viewtopic.php?t=3200
tak se na to koukni
tak se na to koukni