SDFix: Version 1.215 Run by Administrator on 2008-08-11 at 13:57 Microsoft Windows XP [Wersja 5.1.2600] Running From: E:\SDFix Checking Services : Restoring Default Security Values Restoring Default Hosts File Rebooting Checking Files : No Trojan Files Found Removing Temp Files ADS Check : Final Check : catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-08-11 14:02:36 Windows 5.1.2600 Dodatek Service Pack 2 NTFS scanning hidden processes … scanning hidden services & system hive … [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg] “s1”=dword:2df9c43f “s2”=dword:110480d0 “h0”=dword:00000002 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04] “h0”=dword:00000000 “ujdew”=hex:ac,f3,12,98,81,dc,d9,d8,f7,86,59,5e,bf,4a,10,41,76,1f,1a,09,00,… [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4] “h0”=dword:00000001 “khjeh”=hex:99,23,53,3d,f7,7c,82,64,06,36,68,fd,f9,c1,f9,6a,3a,9c,78,aa,92,… “p0”=“E:\Program Files\DAEMON Tools Lite” [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001] “a0”=hex:20,01,00,00,27,62,3d,da,fd,9a,28,59,73,bb,2c,6d,79,d5,35,68,39,… “khjeh”=hex:74,90,d6,9f,23,1d,3d,ed,28,f5,e9,d7,07,36,49,26,8e,e2,3e,49,6c,… [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40] “khjeh”=hex:89,ad,0f,f1,93,5c,d4,77,37,36,2b,73,ab,13,cc,da,35,7b,ec,71,4c,… [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41] “khjeh”=hex:b7,fd,ac,9d,d2,e5,99,d6,f6,6b,91,ec,0f,f1,b2,15,84,9e,f5,df,6f,… [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04] “h0”=dword:00000000 “ujdew”=hex:ac,f3,12,98,81,dc,d9,d8,f7,86,59,5e,bf,4a,10,41,76,1f,1a,09,00,… [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4] “h0”=dword:00000001 “khjeh”=hex:99,23,53,3d,f7,7c,82,64,06,36,68,fd,f9,c1,f9,6a,3a,9c,78,aa,92,… “p0”=“E:\Program Files\DAEMON Tools Lite” [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001] “a0”=hex:20,01,00,00,27,62,3d,da,fd,9a,28,59,73,bb,2c,6d,79,d5,35,68,39,… “khjeh”=hex:74,90,d6,9f,23,1d,3d,ed,28,f5,e9,d7,07,36,49,26,8e,e2,3e,49,6c,… [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40] “khjeh”=hex:89,ad,0f,f1,93,5c,d4,77,37,36,2b,73,ab,13,cc,da,35,7b,ec,71,4c,… [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41] “khjeh”=hex:b7,fd,ac,9d,d2,e5,99,d6,f6,6b,91,ec,0f,f1,b2,15,84,9e,f5,df,6f,… scanning hidden registry entries … scanning hidden files … scan completed successfully hidden processes: 0 hidden services: 0 hidden files: 0 Remaining Services : Authorized Application Key Export: [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] “%windir%\system32\sessmgr.exe”="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" “E:\Program Files\Gadu-Gadu\gg.exe”=“E:\Program Files\Gadu-Gadu\gg.exe:*:Enabled:Gadu-Gadu - program główny” “E:\Program Files\uTorrent\uTorrent.exe”=“E:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent” “E:\WINDOWS\system32\dpnsvr.exe”=“E:\WINDOWS\system32\dpnsvr.exe:*:Enabled:Microsoft DirectPlay8 Server” “C:\Program Files\Railroad Tycoon 3\rt3.exe”=“C:\Program Files\Railroad Tycoon 3\rt3.exe:*:Enabled:Railroad Tycoon 3” [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] “%windir%\system32\sessmgr.exe”="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" Remaining Files : Files with Hidden Attributes : Wed 30 Jul 2008 1,429,840 A.SHR — “E:\Program Files\Spybot - Search & Destroy\SDUpdate.exe” Wed 30 Jul 2008 4,891,984 A.SHR — “E:\Program Files\Spybot - Search & Destroy\SpybotSD.exe” Wed 30 Jul 2008 1,829,712 A.SHR — “E:\Program Files\Spybot - Search & Destroy\TeaTimer.exe” Mon 25 Feb 2008 4,348 …SH. — “E:\Documents and Settings\All Users\DRM\DRMv1.bak” Sat 9 Aug 2008 0 A.SH. — “E:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp” Mon 25 Feb 2008 4,348 …H. — “E:\Documents and Settings\pav\Moje dokumenty\Moja muzyka\Kopia zapasowa licencji\drmv1key.bak” Tue 11 Mar 2008 20 A…H. — “E:\Documents and Settings\pav\Moje dokumenty\Moja muzyka\Kopia zapasowa licencji\drmv1lic.bak” Mon 25 Feb 2008 9,656 A.SH. — “E:\Documents and Settings\pav\Moje dokumenty\Moja muzyka\Kopia zapasowa licencji\drmv2key.bak” Mon 25 Feb 2008 4,348 A…H. — “E:\Documents and Settings\pav\Moje dokumenty\Moje obrazy\Moja muzyka\Kopia zapasowa licencji\drmv1key.bak” Tue 11 Mar 2008 20 A…H. — “E:\Documents and Settings\pav\Moje dokumenty\Moje obrazy\Moja muzyka\Kopia zapasowa licencji\drmv1lic.bak” Mon 25 Feb 2008 9,656 A.SH. — “E:\Documents and Settings\pav\Moje dokumenty\Moje obrazy\Moja muzyka\Kopia zapasowa licencji\drmv2key.bak” Finished!