SDFix: Version 1.115 Run by Wyka Cezary on 2007-11-10 at 16:48 Microsoft Windows XP [Wersja 5.1.2600] Running From: C:\SDFix Safe Mode: Checking Services: Restoring Windows Registry Values Restoring Windows Default Hosts File Rebooting… Normal Mode: Checking Files: Trojan Files Found: C:\WINDOWS\nethop.exe - Deleted C:\WINDOWS\rmvgor.dll - Deleted C:\WINDOWS\sapnet.dll - Deleted Removing Temp Files… ADS Check: C:\WINDOWS No streams found. C:\WINDOWS\system32 No streams found. C:\WINDOWS\system32\svchost.exe No streams found. C:\WINDOWS\system32\ntoskrnl.exe No streams found. Final Check: catchme 0.3.1262.1 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2007-11-10 16:53:29 Windows 5.1.2600 Dodatek Service Pack 2 NTFS scanning hidden processes … scanning hidden services & system hive … [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg] “s1”=dword:2df9c43f “s2”=dword:110480d0 “h0”=dword:00000001 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4] “p0”=“C:\Program Files\DAEMON Tools” “h0”=dword:00000000 “khjeh”=hex:d0,d8,36,c1,3d,b6,1f,4e,29,f6,37,ae,a5,4f,78,0e,98,7a,0d,dc,39,… [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001] “a0”=hex:20,01,00,00,4f,76,36,83,34,4d,59,4c,a3,87,7a,9a,b1,15,f6,a1,91,… “khjeh”=hex:db,94,23,8f,10,f6,70,95,cd,c8,bf,59,bb,a7,e4,5e,2c,06,ce,ee,37,… [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40] “khjeh”=hex:d8,b2,c1,2a,3d,22,fe,d3,82,21,e7,b3,db,d7,b6,9b,6b,0e,9c,90,b7,… [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4] “p0”=“C:\Program Files\DAEMON Tools” “h0”=dword:00000000 “khjeh”=hex:d0,d8,36,c1,3d,b6,1f,4e,29,f6,37,ae,a5,4f,78,0e,98,7a,0d,dc,39,… [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001] “a0”=hex:20,01,00,00,4f,76,36,83,34,4d,59,4c,a3,87,7a,9a,b1,15,f6,a1,91,… “khjeh”=hex:db,94,23,8f,10,f6,70,95,cd,c8,bf,59,bb,a7,e4,5e,2c,06,ce,ee,37,… [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40] “khjeh”=hex:d8,b2,c1,2a,3d,22,fe,d3,82,21,e7,b3,db,d7,b6,9b,6b,0e,9c,90,b7,… scanning hidden registry entries … [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\A\1\5\1c] “Order”=hex:08,00,00,00,02,00,00,00,b8,01,00,00,01,00,00,00,04,00,00,00,8c,… scanning hidden files … scan completed successfully hidden processes: 0 hidden services: 0 hidden files: 0 Remaining Services: ------------------ Authorized Application Key Export: [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] “D:\programy\Gadu-Gadu\g76\gg.exe”=“D:\programy\Gadu-Gadu\g76\gg.exe:*:Enabled:Gadu-Gadu - program główny” “F:\AmericasArmy 2.8.2\System\ArmyOps.exe”=“F:\AmericasArmy 2.8.2\System\ArmyOps.exe:*:Enabled:ArmyOps” “C:\Program Files\Azureus\Azureus.exe”=“C:\Program Files\Azureus\Azureus.exe:*:Enabled:Azureus” [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] Remaining Files: --------------- File Backups: - C:\SDFix\backups\backups.zip Files with Hidden Attributes: Finished!