- Kod: Zaznacz wszystko
[b]SDFix: Version 1.240 [/b]
Run by DOM on 2009-12-11 at 10:44
Microsoft Windows XP [Wersja 5.1.2600]
Running From: C:\SDFix
[b]Checking Services [/b]:
Restoring Default Security Values
Restoring Default Hosts File
Rebooting
[b]Checking Files [/b]:
No Trojan Files Found
Removing Temp Files
[b]ADS Check [/b]:
[b]Final Check [/b]:
catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-12-11 10:56:32
Windows 5.1.2600 Dodatek Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden services & system hive ...
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg]
"s1"=dword:2df9c43f
"s2"=dword:110480d0
"h0"=dword:00000001
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC]
"p0"="C:\Program Files\DAEMON Tools Lite\"
"h0"=dword:00000000
"hdf12"=hex:8c,6c,3f,36,c1,c5,51,d9,11,0d,07,77,55,61,30,ce,62,f0,fe,ee,7f,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001]
"a0"=hex:20,01,00,00,51,45,33,d8,58,7c,1e,83,39,1a,fa,96,cf,b9,c2,f5,f7,..
"hdf12"=hex:ac,63,7a,ac,f3,6c,f6,ce,7a,29,d0,07,f9,43,b2,fc,a0,1c,5f,d8,15,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0]
"hdf12"=hex:05,01,e0,3c,78,a3,3e,82,fd,41,68,7d,98,bf,81,8e,79,84,ef,96,39,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC]
"p0"="C:\Program Files\DAEMON Tools Lite\"
"h0"=dword:00000000
"hdf12"=hex:8c,6c,3f,36,c1,c5,51,d9,11,0d,07,77,55,61,30,ce,62,f0,fe,ee,7f,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001]
"a0"=hex:20,01,00,00,51,45,33,d8,58,7c,1e,83,39,1a,fa,96,cf,b9,c2,f5,f7,..
"hdf12"=hex:ac,63,7a,ac,f3,6c,f6,ce,7a,29,d0,07,f9,43,b2,fc,a0,1c,5f,d8,15,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0]
"hdf12"=hex:05,01,e0,3c,78,a3,3e,82,fd,41,68,7d,98,bf,81,8e,79,84,ef,96,39,..
scanning hidden registry entries ...
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Twain]
"y\1r?ó?d?B\1o? ?d?o?m?y?[\1l?n?e?"="C:\WINDOWS\Twain_32\Lexmark\2300 Series\lxcgtwds.ds"
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0
[b]Remaining Services [/b]:
Authorized Application Key Export:
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"="C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"
"C:\\WINDOWS\\system32\\lxcgcoms.exe"="C:\\WINDOWS\\system32\\lxcgcoms.exe:*:Enabled:2300 Series"
"C:\\Program Files\\eMule\\emule.exe"="C:\\Program Files\\eMule\\emule.exe:*:Enabled:eMule"
"C:\\Program Files\\TOSHIBA\\ConfigFree\\CFXFER.exe"="C:\\Program Files\\TOSHIBA\\ConfigFree\\CFXFER.exe:*:Enabled:ConfigFree SUMMIT Engine"
"C:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe"="C:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe:*:Enabled:ActiveSync Connection Manager"
"C:\\Program Files\\Microsoft ActiveSync\\WCESMgr.exe"="C:\\Program Files\\Microsoft ActiveSync\\WCESMgr.exe:*:Enabled:ActiveSync Application"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Gadu-Gadu\\gg.exe"="C:\\Program Files\\Gadu-Gadu\\gg.exe:*:Enabled:Gadu-Gadu - program g˘wny"
"H:\\SpikOnStick\\Spik.exe"="H:\\SpikOnStick\\Spik.exe:*:Enabled:Spik"
"C:\\Documents and Settings\\DOM\\Dane aplikacji\\Thinstall\\O&O Defrag Professional\\40000014e00002i\\oodag.exe"="C:\\Documents and Settings\\DOM\\Dane
aplikacji\\Thinstall\\O&O Defrag Professional\\40000014e00002i\\oodag.exe:*:Enabled:oodag"
"C:\\Program Files\\uTorrent\\uTorrent.exe"="C:\\Program Files\\uTorrent\\uTorrent.exe:*:Enabled:uTorrent"
"C:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleilCS.exe"="C:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleilCS.exe:*:Enabled:BlueSoleilCS"
"C:\\Program Files\\IncrediMail\\bin\\IncMail.exe"="C:\\Program Files\\IncrediMail\\bin\\IncMail.exe:*:Disabled:IncrediMail"
"C:\\Program Files\\IncrediMail\\bin\\ImpCnt.exe"="C:\\Program Files\\IncrediMail\\bin\\ImpCnt.exe:*:Disabled:IncrediMail"
"C:\\Program Files\\IncrediMail\\bin\\ImApp.exe"="C:\\Program Files\\IncrediMail\\bin\\ImApp.exe:*:Disabled:IncrediMail"
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"="C:\\Program Files\\Mozilla Firefox\\firefox.exe:*:Disabled:Mozilla Firefox"
"C:\\WINDOWS\\system32\\dpvsetup.exe"="C:\\WINDOWS\\system32\\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test"
"C:\\WINDOWS\\system32\\rundll32.exe"="C:\\WINDOWS\\system32\\rundll32.exe:*:Enabled:Uruchamia plik DLL jako aplikacj©"
"C:\\Program Files\\Skype\\Phone\\Skype.exe"="C:\\Program Files\\Skype\\Phone\\Skype.exe:*:Enabled:Skype"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
[b]Remaining Files [/b]:
[b]Files with Hidden Attributes [/b]:
Wed 22 Oct 2008 949,072 A..H. --- "C:\Program Files\Spybot - Search & Destroy\advcheck.dll"
Thu 19 Mar 2009 9,934,392 A..H. --- "C:\Program Files\Google\Picasa3\setup.exe"
Tue 23 Oct 2007 3,350,528 A..H. --- "C:\Documents and Settings\DOM\Dane aplikacji\U3\temp\Launchpad Removal.exe"
[b]Finished![/b]
(przeniosłem)
