Tady je log po nouzáku. Trvalo to víc než 5 minut a tak jsem propadl lehké depce, ale vše je už ok.
SDFix: Version 1.240
Run by Tomas on po 09.02.2009 at 17:57
Microsoft Windows XP [Verze 5.1.2600]
Running From: C:\SDFix
Checking Services :
Name :
{DEF85C80-216A-43ab-AF70-1665EDBE2780}
Path :
\??\C:\WINDOWS\TEMP\111E.tmp
{DEF85C80-216A-43ab-AF70-1665EDBE2780} - Deleted
AUTOEXEC.NT Restored from backups
Restoring Default Security Values
Restoring Default Hosts File
Rebooting
Checking Files :
Trojan Files Found:
C:\Documents and Settings\Tomas\Local Settings\Temp\nshE4.tmp.exe - Deleted
C:\WINDOWS\Casino.ico - Deleted
C:\WINDOWS\Temp\bca4e2da.$$$ - Deleted
C:\WINDOWS\Temp\fa56d7ec.$$$ - Deleted
Note - Files associated with the MBR Rootkit have been found on this system, to check the PC use the MBR Rootkit Detector by Gmer
Removing Temp Files
ADS Check :
Final Check :
catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.net
Rootkit scan 2009-02-09 18:08:00
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden services & system hive ...
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="C:\Program Files\DAEMON Tools\"
"h0"=dword:00000000
"khjeh"=hex:97,0c,e0,cb,ee,d0,98,2b,05,3b,b0,fc,c1,c2,10,c1,5a,ad,a1,ce,1c,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,d3,7e,d1,63,a8,36,cd,50,9f,5d,e9,f4,e5,12,2f,60,55,..
"khjeh"=hex:1d,8d,bb,8c,53,3c,18,0b,b0,45,6d,a8,b4,38,4a,96,a9,c1,41,d5,18,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:b1,d4,98,8a,67,ad,94,d8,74,8c,46,96,c7,47,1e,85,4a,f7,be,4e,5c,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41]
"khjeh"=hex:cd,8a,4e,60,75,b1,f7,60,1a,34,f1,83,5e,28,8f,c0,d6,b8,dd,d6,28,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="C:\Program Files\DAEMON Tools\"
"h0"=dword:00000000
"khjeh"=hex:97,0c,e0,cb,ee,d0,98,2b,05,3b,b0,fc,c1,c2,10,c1,5a,ad,a1,ce,1c,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,d3,7e,d1,63,a8,36,cd,50,9f,5d,e9,f4,e5,12,2f,60,55,..
"khjeh"=hex:1d,8d,bb,8c,53,3c,18,0b,b0,45,6d,a8,b4,38,4a,96,a9,c1,41,d5,18,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:b1,d4,98,8a,67,ad,94,d8,74,8c,46,96,c7,47,1e,85,4a,f7,be,4e,5c,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41]
"khjeh"=hex:cd,8a,4e,60,75,b1,f7,60,1a,34,f1,83,5e,28,8f,c0,d6,b8,dd,d6,28,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg]
"s0"=dword:2df55ec2
"s1"=dword:222c03f4
"s2"=dword:242fd43f
"h0"=dword:00000001
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="C:\Program Files\DAEMON Tools\"
"h0"=dword:00000000
"khjeh"=hex:97,0c,e0,cb,ee,d0,98,2b,05,3b,b0,fc,c1,c2,10,c1,5a,ad,a1,ce,1c,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,d3,7e,d1,63,a8,36,cd,50,9f,5d,e9,f4,e5,12,2f,60,55,..
"khjeh"=hex:1d,8d,bb,8c,53,3c,18,0b,b0,45,6d,a8,b4,38,4a,96,a9,c1,41,d5,18,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:b1,d4,98,8a,67,ad,94,d8,74,8c,46,96,c7,47,1e,85,4a,f7,be,4e,5c,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41]
"khjeh"=hex:cd,8a,4e,60,75,b1,f7,60,1a,34,f1,83,5e,28,8f,c0,d6,b8,dd,d6,28,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="C:\Program Files\DAEMON Tools\"
"h0"=dword:00000000
"khjeh"=hex:97,0c,e0,cb,ee,d0,98,2b,05,3b,b0,fc,c1,c2,10,c1,5a,ad,a1,ce,1c,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,d3,7e,d1,63,a8,36,cd,50,9f,5d,e9,f4,e5,12,2f,60,55,..
"khjeh"=hex:1d,8d,bb,8c,53,3c,18,0b,b0,45,6d,a8,b4,38,4a,96,a9,c1,41,d5,18,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:b1,d4,98,8a,67,ad,94,d8,74,8c,46,96,c7,47,1e,85,4a,f7,be,4e,5c,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41]
"khjeh"=hex:cd,8a,4e,60,75,b1,f7,60,1a,34,f1,83,5e,28,8f,c0,d6,b8,dd,d6,28,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="C:\Program Files\DAEMON Tools\"
"h0"=dword:00000000
"khjeh"=hex:97,0c,e0,cb,ee,d0,98,2b,05,3b,b0,fc,c1,c2,10,c1,5a,ad,a1,ce,1c,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,d3,7e,d1,63,a8,36,cd,50,9f,5d,e9,f4,e5,12,2f,60,55,..
"khjeh"=hex:1d,8d,bb,8c,53,3c,18,0b,b0,45,6d,a8,b4,38,4a,96,a9,c1,41,d5,18,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:b1,d4,98,8a,67,ad,94,d8,74,8c,46,96,c7,47,1e,85,4a,f7,be,4e,5c,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41]
"khjeh"=hex:cd,8a,4e,60,75,b1,f7,60,1a,34,f1,83,5e,28,8f,c0,d6,b8,dd,d6,28,..
scanning hidden registry entries ...
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Control Panel\Cursors\Schemes]
"\f\1e?r?n?é? ?u?k?a?z?a?t?e?l?e? ?"="C:\WINDOWS\cursors\arrow_r.cur,C:\WINDOWS\cursors\help_r.cur,C:\WINDOWS\cursors\wait_r.cur,C:\WINDOWS\cursors\busy_r.cur,C:\WINDOWS\cursors\cross_r.cur,C:\WINDOWS\cursors\beam_r.cur,C:\WINDOWS\cursors\pen_r.cur,C:\WINDOWS\cursors\no_r.cur,C:\WINDOWS\cursors\size4_r.cur,C:\WINDOWS\cursors\size3_r.cur,C:\WINDOWS\cursors\size2_r.cur,C:\WINDOWS\cursors\size1_r.cur,C:\WINDOWS\cursors\move_r.cur,C:\WINDOWS\cursors\up_r.cur"
"\f\1e?r?n?é? ?u?k?a?z?a?t?e?l?e? ?(?v?e?l?k?é?)?"="C:\WINDOWS\cursors\arrow_rm.cur,C:\WINDOWS\cursors\help_rm.cur,C:\WINDOWS\cursors\wait_rm.cur,C:\WINDOWS\cursors\busy_rm.cur,C:\WINDOWS\cursors\cross_rm.cur,C:\WINDOWS\cursors\beam_rm.cur,C:\WINDOWS\cursors\pen_rm.cur,C:\WINDOWS\cursors\no_rm.cur,C:\WINDOWS\cursors\size4_rm.cur,C:\WINDOWS\cursors\size3_rm.cur,C:\WINDOWS\cursors\size2_rm.cur,C:\WINDOWS\cursors\size1_rm.cur,C:\WINDOWS\cursors\move_rm.cur,C:\WINDOWS\cursors\up_rm.cur"
"\f\1e?r?n?é? ?u?k?a?z?a?t?e?l?e? ?(?n?e?j?v?\e\1t?a\1í?)?"="C:\WINDOWS\cursors\arrow_rl.cur,C:\WINDOWS\cursors\help_rl.cur,C:\WINDOWS\cursors\wait_rl.cur,C:\WINDOWS\cursors\busy_rl.cur,C:\WINDOWS\cursors\cross_rl.cur,C:\WINDOWS\cursors\beam_rl.cur,C:\WINDOWS\cursors\pen_rl.cur,C:\WINDOWS\cursors\no_rl.cur,C:\WINDOWS\cursors\size4_rl.cur,C:\WINDOWS\cursors\size3_rl.cur,C:\WINDOWS\cursors\size2_rl.cur,C:\WINDOWS\cursors\size1_rl.cur,C:\WINDOWS\cursors\move_rl.cur,C:\WINDOWS\cursors\up_rl.cur"
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0
Remaining Services :
Authorized Application Key Export:
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\ICQLite\\ICQLite.exe"="C:\\Program Files\\ICQLite\\ICQLite.exe:*:Enabled:ICQ Lite"
"C:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"="C:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe:*:Enabled:BlueSoleil"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"G:\\Office12\\OUTLOOK.EXE"="G:\\Office12\\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\HP1006MC.EXE"="C:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\HP1006MC.EXE:*:Enabled:SMLMProxy Module - HP1006MC.EXE"
"C:\\Program Files\\ICQ6\\ICQ.exe"="C:\\Program Files\\ICQ6\\ICQ.exe:*:Enabled:ICQ6"
"C:\\Program Files\\ICQ6.5\\ICQ.exe"="C:\\Program Files\\ICQ6.5\\ICQ.exe:*:Enabled:ICQ6"
"C:\\Program Files\\Skype\\Phone\\Skype.exe"="C:\\Program Files\\Skype\\Phone\\Skype.exe:*:Enabled:Skype"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
Remaining Files :
File Backups: - C:\SDFix\backups\backups.zip
Files with Hidden Attributes :
Mon 9 Feb 1998 5,928,960 ...H. --- "C:\Corel\Graphics8\Programs\CNSFlt80.dll"
Tue 10 Feb 1998 416,768 ...H. --- "C:\Corel\Graphics8\Programs\convintl.dll"
Wed 5 Nov 1997 77,312 ...H. --- "C:\Corel\Graphics8\Programs\Mos1680.dll"
Thu 6 Nov 1997 4,608 ...H. --- "C:\Corel\Graphics8\Programs\Mos3280.dll"
Finished!