+++Rapport SDFix:
SDFix: Version 1.240
Run by St? et Isa on 02/06/2009 at 12:20
Microsoft Windows XP [version 5.1.2600]
Running From: C:\SDFix
Checking Services :
Restoring Default Security Values
Restoring Default Hosts File
Rebooting
Checking Files :
No Trojan Files Found
Removing Temp Files
ADS Check :
C:\WINDOWS
:E1C9A55E737B7DDE 48
Total size: 48 bytes.
WINDOWS: deleted 48 bytes in 1 streams.
Checking for remaining Streams
C:\WINDOWS
No streams found.
[b]Final Check [/b]:
catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, www.gmer.net…
Rootkit scan 2009-06-02 13:35:24
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes …
scanning hidden services & system hive …
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg]
“s1”=dword:2df9c43f
“s2”=dword:110480d0
“h0”=dword:00000002
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC]
“p0”=“C:\Program Files\DAEMON Tools Lite”
“h0”=dword:00000001
“hdf12”=hex:eb,17,43,a1,3c,15,0c,f2,35,dc,a0,8c,ea,52,2d,fa,c2,70,f4,fe,8f,…
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001]
“a0”=hex:20,01,00,00,36,46,77,f3,d9,1b,4d,40,2a,42,da,43,e6,9b,99,0f,38,…
“hdf12”=hex:ae,7e,7d,5c,5f,af,56,37,be,7f,f9,8d,dd,da,39,dd,90,d4,0c,9a,36,…
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0]
“hdf12”=hex:b9,e1,23,f4,24,57,dd,6a,41,a9,74,d8,7c,f9,c6,10,ed,03,3b,7b,41,…
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
“p0”=“C:\Program Files\DAEMON Tools Lite”
“h0”=dword:00000000
“khjeh”=hex:d4,c9,ea,29,26,69,43,57,81,1b,d2,ad,6e,46,3a,07,72,f6,18,bf,c1,…
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
“a0”=hex:20,01,00,00,3d,d5,15,b8,ba,4f,e5,cf,4d,fa,ff,fe,eb,7b,25,59,43,…
“khjeh”=hex:d9,80,9f,f0,ea,2b,be,e8,ec,96,4a,2b,aa,d3,f4,ac,d1,e8,62,63,df,…
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
“khjeh”=hex:b8,c5,2e,7a,11,7d,b3,52,9f,f1,60,9a,9d,26,a8,61,ec,5d,77,e9,20,…
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
“p0”=“C:\Program Files\DAEMON Tools Lite”
“h0”=dword:00000000
“khjeh”=hex:d4,c9,ea,29,26,69,43,57,81,1b,d2,ad,6e,46,3a,07,72,f6,18,bf,c1,…
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
“a0”=hex:20,01,00,00,3d,d5,15,b8,ba,4f,e5,cf,4d,fa,ff,fe,eb,7b,25,59,43,…
“khjeh”=hex:d9,80,9f,f0,ea,2b,be,e8,ec,96,4a,2b,aa,d3,f4,ac,d1,e8,62,63,df,…
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
“khjeh”=hex:b8,c5,2e,7a,11,7d,b3,52,9f,f1,60,9a,9d,26,a8,61,ec,5d,77,e9,20,…
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
“p0”=“C:\Program Files\DAEMON Tools Lite”
“h0”=dword:00000000
“khjeh”=hex:d4,c9,ea,29,26,69,43,57,81,1b,d2,ad,6e,46,3a,07,72,f6,18,bf,c1,…
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
“a0”=hex:20,01,00,00,3d,d5,15,b8,ba,4f,e5,cf,4d,fa,ff,fe,eb,7b,25,59,43,…
“khjeh”=hex:d9,80,9f,f0,ea,2b,be,e8,ec,96,4a,2b,aa,d3,f4,ac,d1,e8,62,63,df,…
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
“khjeh”=hex:4c,94,93,31,47,a0,56,49,00,4c,45,f1,f3,d4,b5,9d,e9,24,24,7d,7b,…
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC]
“p0”=“C:\Program Files\DAEMON Tools Lite”
“h0”=dword:00000001
“hdf12”=hex:eb,17,43,a1,3c,15,0c,f2,35,dc,a0,8c,ea,52,2d,fa,c2,70,f4,fe,8f,…
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001]
“a0”=hex:20,01,00,00,36,46,77,f3,d9,1b,4d,40,2a,42,da,43,e6,9b,99,0f,38,…
“hdf12”=hex:ae,7e,7d,5c,5f,af,56,37,be,7f,f9,8d,dd,da,39,dd,90,d4,0c,9a,36,…
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0]
“hdf12”=hex:b9,e1,23,f4,24,57,dd,6a,41,a9,74,d8,7c,f9,c6,10,ed,03,3b,7b,41,…
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
“p0”=“C:\Program Files\DAEMON Tools Lite”
“h0”=dword:00000000
“khjeh”=hex:d4,c9,ea,29,26,69,43,57,81,1b,d2,ad,6e,46,3a,07,72,f6,18,bf,c1,…
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
“a0”=hex:20,01,00,00,3d,d5,15,b8,ba,4f,e5,cf,4d,fa,ff,fe,eb,7b,25,59,43,…
“khjeh”=hex:d9,80,9f,f0,ea,2b,be,e8,ec,96,4a,2b,aa,d3,f4,ac,d1,e8,62,63,df,…
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
“khjeh”=hex:b8,c5,2e,7a,11,7d,b3,52,9f,f1,60,9a,9d,26,a8,61,ec,5d,77,e9,20,…
scanning hidden registry entries …
scanning hidden files …
scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0
Remaining Services :
Authorized Application Key Export:
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
“%windir%\system32\sessmgr.exe”="%windir%\system32\sessmgr.exe::enabled:@xpsp2res.dll,-22019"
“C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE”="C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE::Enabled:Microsoft Office Outlook"
“%windir%\Network Diagnostic\xpnetdiag.exe”="%windir%\Network Diagnostic\xpnetdiag.exe::Enabled:@xpsp3res.dll,-20000"
“C:\Program Files\SEGA\SEGA Rally\SEGA Rally.exe”="C:\Program Files\SEGA\SEGA Rally\SEGA Rally.exe::Enabled:SEGA Rally"
“C:\Program Files\SEGA\SEGA Rally\SEGA Rally_SSE1.exe”=“C:\Program Files\SEGA\SEGA Rally\SEGA Rally_SSE1.exe::Enabled:SEGA Rally"
“C:\Program Files\uTorrent\uTorrent.exe”="C:\Program Files\uTorrent\uTorrent.exe::Enabled:æTorrent”
“C:\Program Files\IEPro\MiniDM.exe”=“C:\Program Files\IEPro\MiniDM.exe::Enabled:MiniDM"
“C:\Program Files\Cyanide\GameCenter\GameCenter.exe”="C:\Program Files\Cyanide\GameCenter\GameCenter.exe::Enabled:GameCenter”
“C:\Program Files\2K Games\Firaxis Games\Sid Meier’s Civilization 4 Complete\Civilization4.exe”=“C:\Program Files\2K Games\Firaxis Games\Sid Meier’s Civilization 4 Complete\Civilization4.exe::Enabled:Sid Meier’s Civilization 4 Complete"
“C:\Program Files\2K Games\Firaxis Games\Sid Meier’s Civilization 4 Complete\Warlords\Civ4Warlords.exe”="C:\Program Files\2K Games\Firaxis Games\Sid Meier’s Civilization 4 Complete\Warlords\Civ4Warlords.exe::Enabled:Sid Meier’s Civilization 4: Warlords”
“C:\Program Files\2K Games\Firaxis Games\Sid Meier’s Civilization 4 Complete\Beyond the Sword\Civ4BeyondSword.exe”=“C:\Program Files\2K Games\Firaxis Games\Sid Meier’s Civilization 4 Complete\Beyond the Sword\Civ4BeyondSword.exe::Enabled:Sid Meier’s Civilization 4: Beyond the Sword"
“C:\Program Files\Windows Live\Messenger\wlcsdk.exe”="C:\Program Files\Windows Live\Messenger\wlcsdk.exe::Enabled:Windows Live Call”
“C:\Program Files\Windows Live\Messenger\msnmsgr.exe”=“C:\Program Files\Windows Live\Messenger\msnmsgr.exe::Enabled:Windows Live Messenger"
“C:\Program Files\KONAMI\Pro Evolution Soccer 2009\pes2009.exe”="C:\Program Files\KONAMI\Pro Evolution Soccer 2009\pes2009.exe::Enabled:Pro Evolution Soccer 2009”
“C:\Program Files\Rosetta Stone\Rosetta Stone V3\RosettaStoneVersion3.exe”=“C:\Program Files\Rosetta Stone\Rosetta Stone V3\RosettaStoneVersion3.exe::Enabled:Rosetta Stone V3 Application"
“C:\Program Files\Rosetta Stone\Rosetta Stone V3\support\bin\win\RosettaStoneLtdServices.exe”="C:\Program Files\Rosetta Stone\Rosetta Stone V3\support\bin\win\RosettaStoneLtdServices.exe::Enabled:Rosetta Stone Ltd Services”
“C:\Program Files\GigaTribe\gigatribe.exe”=“C:\Program Files\GigaTribe\gigatribe.exe::Enabled:gigatribe"
“C:\Program Files\ma-config.com\maconfservice.exe”=“C:\Program Files\ma-config.com\maconfservice.exe:LocalSubNet:Enabled:maconfservice”
“C:\Program Files\Skype\Phone\Skype.exe”="C:\Program Files\Skype\Phone\Skype.exe::Enabled:Skype”
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
“%windir%\system32\sessmgr.exe”="%windir%\system32\sessmgr.exe::enabled:@xpsp2res.dll,-22019"
“%windir%\Network Diagnostic\xpnetdiag.exe”="%windir%\Network Diagnostic\xpnetdiag.exe::Enabled:@xpsp3res.dll,-20000"
“C:\Program Files\Windows Live\Messenger\wlcsdk.exe”=“C:\Program Files\Windows Live\Messenger\wlcsdk.exe::Enabled:Windows Live Call"
“C:\Program Files\Windows Live\Messenger\msnmsgr.exe”="C:\Program Files\Windows Live\Messenger\msnmsgr.exe::Enabled:Windows Live Messenger”
“C:\Program Files\Rosetta Stone\Rosetta Stone V3\RosettaStoneVersion3.exe”=“C:\Program Files\Rosetta Stone\Rosetta Stone V3\RosettaStoneVersion3.exe::Enabled:Rosetta Stone V3 Application"
“C:\Program Files\Rosetta Stone\Rosetta Stone V3\support\bin\win\RosettaStoneLtdServices.exe”="C:\Program Files\Rosetta Stone\Rosetta Stone V3\support\bin\win\RosettaStoneLtdServices.exe::Enabled:Rosetta Stone Ltd Services”
Remaining Files :
Files with Hidden Attributes :
Mon 26 Jan 2009 1,740,632 A.SHR — “C:\Program Files\Spybot - Search & Destroy\SDUpdate.exe”
Mon 26 Jan 2009 5,365,592 A.SHR — “C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe”
Thu 5 Mar 2009 2,260,480 A.SHR — “C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe”
Wed 22 Oct 2008 962,896 A.SHR — “C:\Program Files\Spybot - Search & Destroy\Tools.dll”
Mon 12 Jan 2009 0 A.SH. — “C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp”
Mon 12 Jan 2009 556,608 A…H. — “C:\WINDOWS\SoftwareDistribution\Download\883eec76aefb0a5cf511411d94499dbb\BIT1.tmp”
Finished!