SDFix: Version 1.114 Run by RTV mix AGD on 2007-11-11 at 15:37 Microsoft Windows XP [Wersja 5.1.2600] Running From: C:\SDFix Safe Mode: Checking Services: Restoring Windows Registry Values Restoring Windows Default Hosts File Rebooting… Normal Mode: Checking Files: Trojan Files Found: C:\WINDOWS\mljul0.exe - Deleted C:\WINDOWS\system32\qtplugin.exe - Deleted Removing Temp Files… ADS Check: C:\WINDOWS No streams found. C:\WINDOWS\system32 No streams found. C:\WINDOWS\system32\svchost.exe No streams found. C:\WINDOWS\system32\ntoskrnl.exe No streams found. Final Check: catchme 0.3.1262.1 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2007-11-11 15:44:18 Windows 5.1.2600 Dodatek Service Pack 2 NTFS scanning hidden processes … scanning hidden services & system hive … [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg] “s1”=dword:2df9c43f “s2”=dword:110480d0 “h0”=dword:00000001 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4] “h0”=dword:00000000 “khjeh”=hex:7f,de,1d,1d,1d,3b,3f,10,56,0e,97,44,2a,3d,7d,2a,4f,03,6a,a2,36,… [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4] “h0”=dword:00000000 “khjeh”=hex:7f,de,1d,1d,1d,3b,3f,10,56,0e,97,44,2a,3d,7d,2a,4f,03,6a,a2,36,… scanning hidden registry entries … [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Reinstall\24\xe1\21] “DisplayName”="\x1fe8\x3d1\x1fe8\x3d1\1" “DeviceDesc”="\x1fe8\x3d1\x1fe8\x3d1\1" “ProviderName”="\xfed4\21\xee18\x7c90\xff44\21\b" “MFG”="\x648" “ReinstallString”=“C:\WINDOWS\System32\ReinstallBackups\xe114\21\x80\xc010\DriverFiles.INF” “DeviceInstanceIds”=str(7):“c:\toolscd\display driver\sbdrv\smbus\smbusati.inf” [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\A\1\5\1c] “Order”=hex:08,00,00,00,02,00,00,00,b8,01,00,00,01,00,00,00,04,00,00,00,8c,… scanning hidden files … scan completed successfully hidden processes: 0 hidden services: 0 hidden files: 0 Remaining Services: ------------------ Authorized Application Key Export: [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] “C:\Program Files\TOSHIBA\ConfigFree\CFXFER.exe”=“C:\Program Files\TOSHIBA\ConfigFree\CFXFER.exe:*:Enabled:ConfigFree SUMMIT Engine” [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] Remaining Files: --------------- File Backups: - C:\SDFix\backups\backups.zip Files with Hidden Attributes: Wed 29 Aug 2007 56 …SHR — “C:\WINDOWS\system32\C0BA5A1F94.sys” Fri 9 Nov 2007 10,856 A.SH. — “C:\WINDOWS\system32\KGyGaAvL.sys” Mon 7 May 2007 4,348 A.SH. — “C:\Documents and Settings\All Users\DRM\DRMv1.bak” Wed 7 Nov 2007 10,856 A.SH. — “C:\System Volume Information_restore{05629D35-582F-4426-A966-71C42E82A9CD}\RP147\A0027330.sys” Thu 7 Dec 2006 3,096,576 A…H. — “C:\Documents and Settings\RTV mix AGD\Dane aplikacji\U3\temp\Launchpad Removal.exe” Finished!