SDFix: Version 1.119 Run by Administrator on 2007-12-21 at 17:13 Microsoft Windows XP [Wersja 5.1.2600] Running From: C:\SDFix Safe Mode: Checking Services: Restoring Windows Registry Values Restoring Windows Default Hosts File Rebooting… Normal Mode: Checking Files: Trojan Files Found: C:\LOG.TMP - Deleted Removing Temp Files… ADS Check: C:\WINDOWS No streams found. C:\WINDOWS\system32 No streams found. C:\WINDOWS\system32\svchost.exe No streams found. C:\WINDOWS\system32\ntoskrnl.exe No streams found. Final Check: catchme 0.3.1333.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2007-12-21 17:14:42 Windows 5.1.2600 Dodatek Service Pack 2 NTFS scanning hidden processes … scanning hidden services & system hive … [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\d347prt\Cfg\0Jf40] “khjeh”=hex:20,02,00,00,36,0e,97,74,18,02,c6,25,12,72,44,60,4a,0b,a7,d4,11,… “hj34z0”=hex:ea,3c,67,b4,bd,2f,52,14,5d,46,b0,a0,82,79,e1,19,42,68,7c,b6,f6,… “hj34z1”=hex:66,3c,67,b4,c5,2f,52,14,5c,46,b1,a0,83,79,e1,19,42,68,7c,b6,71,… “hj34z2”=hex:66,3c,67,b4,c5,2f,52,14,5c,46,b1,a0,83,79,e1,19,42,68,7c,b6,71,… “hj34z3”=hex:66,3c,67,b4,c5,2f,52,14,5c,46,b1,a0,83,79,e1,19,42,68,7c,b6,71,… “hj34z4”=hex:66,3c,67,b4,c5,2f,52,14,5c,46,b1,a0,83,79,e1,19,42,68,7c,b6,71,… scanning hidden registry entries … [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\A\1\5\1c] “Order”=hex:08,00,00,00,02,00,00,00,b8,01,00,00,01,00,00,00,04,00,00,00,8c,… scanning hidden files … scan completed successfully hidden processes: 0 hidden services: 0 hidden files: 0 Remaining Services: ------------------ Authorized Application Key Export: [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] “%windir%\system32\sessmgr.exe”="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] “%windir%\system32\sessmgr.exe”="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" Remaining Files: --------------- File Backups: - C:\SDFix\backups\backups.zip Files with Hidden Attributes: Thu 6 Dec 2007 88 …SHR — “C:\WINDOWS\system32\515D116084.sys” Thu 6 Dec 2007 3,766 A.SH. — “C:\WINDOWS\system32\KGyGaAvL.sys” Finished!