SDFix: Version 1.235
Run by Administrator on 2008-10-16 at 13:43
Microsoft Windows XP [Wersja 5.1.2600]
Running From: C:\SDFix
Checking Services :
Restoring Default Security Values
Restoring Default Hosts File
Restoring Default Desktop Wallpaper
Rebooting
Checking Files :
Trojan Files Found:
C:\WINDOWS\system32\lphct0qj0e3b3.exe - Deleted
C:\WINDOWS\system32\urqQhIXp.dll - Deleted
C:\WINDOWS\system32\phct0qj0e3b3.bmp - Deleted
Removing Temp Files
ADS Check :
Final Check :
catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.net
Rootkit scan 2008-10-16 14:00:20
Windows 5.1.2600 Dodatek Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden services & system hive ...
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\sptd\Cfg]
"s1"=dword:2df9c43f
"s2"=dword:110480d0
"h0"=dword:00000002
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\sptd\Cfg\0D79C293C1ED61418462E24595C90D04]
"h0"=dword:00000001
"ujdew"=hex:79,c6,84,9f,6a,4f,ff,d6,31,cd,e9,3a,8c ,9d,c7,48,af,a7,d3,cc,cc,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="C:\Program Files\DAEMON Tools Lite\"
"h0"=dword:00000000
"khjeh"=hex:27,6d,b2,92,de,28,e3,19,8a,d2,5d,42,4b ,15,66,87,0d,72,44,e4,f2,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000 001]
"a0"=hex:20,01,00,00,66,01,f4,e6,2e,96,76,53,9a,b9 ,25,2b,f6,3c,f1,61,08,..
"khjeh"=hex:20,7a,e2,c9,2e,4f,79,dc,6b,18,9d,c4,21 ,59,f7,33,d8,e0,a6,cd,39,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000 001\0Jf40]
"khjeh"=hex:74,18,47,7b,00,ff,fe,8f,a8,42,d1,58,dc ,e8,90,d6,3d,e9,fc,77,e9,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000 001\0Jf41]
"khjeh"=hex:ef,df,82,92,30,df,db,a6,12,18,8e,0f,a2 ,ea,31,12,f1,7a,cd,88,f9,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000 001\0Jf42]
"khjeh"=hex:ef,df,82,92,30,df,db,a6,12,18,8e,0f,a2 ,ea,31,12,f1,7a,cd,88,f9,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000 001\0Jf43]
"khjeh"=hex:ef,df,82,92,30,df,db,a6,12,18,8e,0f,a2 ,ea,31,12,f1,7a,cd,88,f9,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\s ptd\Cfg\0D79C293C1ED61418462E24595C90D04]
"h0"=dword:00000001
"ujdew"=hex:79,c6,84,9f,6a,4f,ff,d6,31,cd,e9,3a,8c ,9d,c7,48,af,a7,d3,cc,cc,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\s ptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="C:\Program Files\DAEMON Tools Lite\"
"h0"=dword:00000000
"khjeh"=hex:27,6d,b2,92,de,28,e3,19,8a,d2,5d,42,4b ,15,66,87,0d,72,44,e4,f2,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\s ptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,66,01,f4,e6,2e,96,76,53,9a,b9 ,25,2b,f6,3c,f1,61,08,..
"khjeh"=hex:20,7a,e2,c9,2e,4f,79,dc,6b,18,9d,c4,21 ,59,f7,33,d8,e0,a6,cd,39,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\s ptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\ 0Jf40]
"khjeh"=hex:74,18,47,7b,00,ff,fe,8f,a8,42,d1,58,dc ,e8,90,d6,3d,e9,fc,77,e9,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\s ptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\ 0Jf41]
"khjeh"=hex:ef,df,82,92,30,df,db,a6,12,18,8e,0f,a2 ,ea,31,12,f1,7a,cd,88,f9,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\s ptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\ 0Jf42]
"khjeh"=hex:ef,df,82,92,30,df,db,a6,12,18,8e,0f,a2 ,ea,31,12,f1,7a,cd,88,f9,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\s ptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\ 0Jf43]
"khjeh"=hex:ef,df,82,92,30,df,db,a6,12,18,8e,0f,a2 ,ea,31,12,f1,7a,cd,88,f9,..
scanning hidden registry entries ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0
Remaining Services :
Authorized Application Key Export:
[HKEY_LOCAL_MACHINE\system\currentcontrolset\servic es\sharedaccess\parameters\firewallpolicy\standard profile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\syste m32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"D:\\Program Files\\tzar\\Tzar.exe"="D:\\Program Files\\tzar\\Tzar.exe:*:Enabled:Tzar"
"D:\\kozaki\\dmcr.exe"="D:\\kozaki\\dmcr.exe:*:Ena bled:dmcr"
"C:\\WINDOWS\\system32\\dplaysvr.exe"="C:\\WINDOWS \\system32\\dplaysvr.exe:*:Enabled:Microsoft DirectPlay Helper"
"C:\\Program Files\\Gadu-Gadu\\gg.exe"="C:\\Program Files\\Gadu-Gadu\\gg.exe:*:Enabled:Gadu-Gadu - program gˆ˘wny"
"D:\\Program Files\\Praetorians\\Praetorians.exe"="D:\\Program Files\\Praetorians\\Praetorians.exe:*:Enabled:Prae torians"
"C:\\Program Files\\FlashGet\\flashget.exe"="C:\\Program Files\\FlashGet\\flashget.exe:*:Enabled:Flashget"
"D:\\Program Files\\Little Fighter 2.5 - v2.0\\lf2.5\\lf2.5.exe"="D:\\Program Files\\Little Fighter 2.5 - v2.0\\lf2.5\\lf2.5.exe:*:Enabled:lf2.5"
"D:\\Program Files\\LucasArts\\Star Wars Jedi Knight Jedi Academy\\GameData\\jamp.exe"="D:\\Program Files\\LucasArts\\Star Wars Jedi Knight Jedi Academy\\GameData\\jamp.exe:*:Enabled:Jedi Academy MultiPlayer"
"D:\\Program Files\\Metin2_PL\\metin2.bin"="D:\\Program Files\\Metin2_PL\\metin2.bin:*:Enabled:metin2"
"D:\\Program Files\\Celtic Kings\\Celtic kings.exe"="D:\\Program Files\\Celtic Kings\\Celtic kings.exe:*:Enabled:Celtic kings"
"D:\\Program Files\\Anno 1602\\START.exe"="D:\\Program Files\\Anno 1602\\START.exe:*:Enabled:1602"
"D:\\Program Files\\Original War\\OwarFull.dll"="D:\\Program Files\\Original War\\OwarFull.dll:*:Enabled:OwarFull"
"D:\\Program Files\\Original War\\OwarLite.dll"="D:\\Program Files\\Original War\\OwarLite.dll:*:Enabled:OwarLite"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\servic es\sharedaccess\parameters\firewallpolicy\domainpr ofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\syste m32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
Remaining Files :
File Backups: - C:\SDFix\backups\backups.zip
Files with Hidden Attributes :
Thu 25 Sep 2008 24 ..SH. --- "C:\WINDOWS\SCE40E959.tmp"
Tue 4 Jul 2006 4,789,792 ...H. --- "C:\Program Files\Picasa2\setup.exe"
Fri 15 Aug 2008 56 ..SHR --- "C:\WINDOWS\system32\98303EF539.sys"
Fri 15 Aug 2008 848 A.SH. --- "C:\WINDOWS\system32\KGyGaAvL.sys"
Finished!
Brak opcji zmiany pulpitu
Odpowiedź z Cytatem
Copyright © 2006-2024 - HACK.pl. Wszelkie prawa zastrzeżone.