SDFix: Version 1.114 Run by Kotus 3 on 2007-11-13 at 21:28 Microsoft Windows XP [Wersja 5.1.2600] Running From: C:\sdfix\SDFix Safe Mode: Checking Services: Restoring Windows Registry Values Restoring Windows Default Hosts File Rebooting… Normal Mode: Checking Files: No Trojan Files Found Removing Temp Files… ADS Check: C:\WINDOWS No streams found. C:\WINDOWS\system32 No streams found. C:\WINDOWS\system32\svchost.exe No streams found. C:\WINDOWS\system32\ntoskrnl.exe No streams found. Final Check: catchme 0.3.1262.1 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2007-11-13 21:39:25 Windows 5.1.2600 Dodatek Service Pack 2 NTFS scanning hidden processes … scanning hidden services & system hive … [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg] “s1”=dword:08c3da58 “s2”=dword:dd8593cb “h0”=dword:00000002 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04] “h0”=dword:00000001 “ujdew”=hex:64,e1,16,48,d1,25,31,dc,32,b1,2b,8d,af,fa,c3,35,a5,2c,f3,20,59,… [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4] “p0”=“C:\Program Files\DAEMON Tools” “h0”=dword:00000000 “khjeh”=hex:58,2e,37,1c,6b,ac,37,6a,c7,49,fc,79,52,b8,5f,0c,03,77,52,20,46,… [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001] “a0”=hex:20,01,00,00,d6,57,90,77,6f,43,08,2e,d2,c5,1d,52,c6,01,d0,84,98,… “khjeh”=hex:b0,a0,99,87,67,b5,23,45,1e,53,04,88,a4,04,40,b0,68,12,40,98,7f,… [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40] “khjeh”=hex:29,0b,1b,8a,a6,e0,d4,35,9f,b1,61,e7,d9,56,10,f0,df,96,01,91,0b,… [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04] “h0”=dword:00000001 “ujdew”=hex:64,e1,16,48,d1,25,31,dc,32,b1,2b,8d,af,fa,c3,35,a5,2c,f3,20,59,… [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4] “p0”=“C:\Program Files\DAEMON Tools” “h0”=dword:00000000 “khjeh”=hex:58,2e,37,1c,6b,ac,37,6a,c7,49,fc,79,52,b8,5f,0c,03,77,52,20,46,… [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001] “a0”=hex:20,01,00,00,d6,57,90,77,6f,43,08,2e,d2,c5,1d,52,c6,01,d0,84,98,… “khjeh”=hex:b0,a0,99,87,67,b5,23,45,1e,53,04,88,a4,04,40,b0,68,12,40,98,7f,… [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40] “khjeh”=hex:29,0b,1b,8a,a6,e0,d4,35,9f,b1,61,e7,d9,56,10,f0,df,96,01,91,0b,… scanning hidden registry entries … [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\A\1\5\1c] “Order”=hex:08,00,00,00,02,00,00,00,b8,01,00,00,01,00,00,00,04,00,00,00,8c,… scanning hidden files … scan completed successfully hidden processes: 0 hidden services: 0 hidden files: 0 Remaining Services: ------------------ Authorized Application Key Export: [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] “C:\Program Files\FlashGet\flashget.exe”=“C:\Program Files\FlashGet\flashget.exe:*:Enabled:FlashGet” [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] Remaining Files: --------------- Files with Hidden Attributes: Tue 4 Sep 2007 56 …SHR — “C:\WINDOWS\system32\6D0BA19373.sys” Tue 4 Sep 2007 3,350 A.SH. — “C:\WINDOWS\system32\KGyGaAvL.sys” Finished!