
[b]SDFix: Version 1.240 [/b]
Run by  on 15.12.2008 at 23:44

Microsoft Windows XP [ 5.1.2600]
Running From: C:\SDFix

[b]Checking Services [/b]:


Restoring Default Security Values
Restoring Default Hosts File

Rebooting


[b]Checking Files [/b]: 

No Trojan Files Found






Removing Temp Files

[b]ADS Check [/b]:
 


                                 [b]Final Check [/b]:

catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-15 23:49:56
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\Descriptions]
"\34\48\4=\48\4?\4>\4@\4B\4 ??\4;\0040\4=\48\4@\4>\0042\4I\48\4:\0040\4 ??\0040\4:\0045\4B\4>\0042\4"=str(7):"1\0002\0003\0"
"\34\48\4=\48\4?\4>\4@\4B\4 ?W?A?N? ?(?L?2?T?P?)?"=str(7):"1\0"
"\34\48\4=\48\4?\4>\4@\4B\4 ?W?A?N? ?(?P?P?T?P?)?"=str(7):"1\0"
"\34\48\4=\48\4?\4>\4@\4B\4 ?W?A?N? ?(?P?P?P?o?E?)?"=str(7):"1\0"
"\37\4@\4O\4<\4>\49\4 ??\0040\4@\0040\4;\4;\0045\4;\4L\4=\4K\49\4 ??\4>\4@\4B\4"=str(7):"1\0"
"\34\48\4=\48\4?\4>\4@\4B\4 ?W?A?N? ?(?I?P?)?"=str(7):"1\0"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg]
"s1"=dword:2df9c43f
"s2"=dword:110480d0
"h0"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="C:\Program Files\DAEMON Tools Lite\"
"h0"=dword:00000000
"khjeh"=hex:ad,01,b6,47,1b,b4,b2,c5,4a,94,80,d8,5c,26,6e,08,be,4f,81,39,3f,..

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,c4,0f,46,80,e5,34,b8,d5,a4,b8,b2,7e,78,15,f2,59,4a,..
"khjeh"=hex:1b,e8,a2,b4,44,89,a7,c2,9e,ee,70,33,6a,b6,74,17,da,ef,c0,c6,8a,..

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:a8,20,75,17,35,b3,3c,7d,61,41,7f,64,c0,1d,1e,a0,2f,db,49,46,39,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\Descriptions]
"\34\48\4=\48\4?\4>\4@\4B\4 ??\4;\0040\4=\48\4@\4>\0042\4I\48\4:\0040\4 ??\0040\4:\0045\4B\4>\0042\4"=str(7):"1\0002\0003\0"
"\34\48\4=\48\4?\4>\4@\4B\4 ?W?A?N? ?(?L?2?T?P?)?"=str(7):"1\0"
"\34\48\4=\48\4?\4>\4@\4B\4 ?W?A?N? ?(?P?P?T?P?)?"=str(7):"1\0"
"\34\48\4=\48\4?\4>\4@\4B\4 ?W?A?N? ?(?P?P?P?o?E?)?"=str(7):"1\0"
"\37\4@\4O\4<\4>\49\4 ??\0040\4@\0040\4;\4;\0045\4;\4L\4=\4K\49\4 ??\4>\4@\4B\4"=str(7):"1\0"
"\34\48\4=\48\4?\4>\4@\4B\4 ?W?A?N? ?(?I?P?)?"=str(7):"1\0"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="C:\Program Files\DAEMON Tools Lite\"
"h0"=dword:00000000
"khjeh"=hex:ad,01,b6,47,1b,b4,b2,c5,4a,94,80,d8,5c,26,6e,08,be,4f,81,39,3f,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,c4,0f,46,80,e5,34,b8,d5,a4,b8,b2,7e,78,15,f2,59,4a,..
"khjeh"=hex:1b,e8,a2,b4,44,89,a7,c2,9e,ee,70,33,6a,b6,74,17,da,ef,c0,c6,8a,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:a8,20,75,17,35,b3,3c,7d,61,41,7f,64,c0,1d,1e,a0,2f,db,49,46,39,..

scanning hidden registry entries ...

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Control Panel\Cursors\Schemes]
"\30\4=\0042\0045\4@\4A\4=\0040\4O\4"=str(2):"%SYSTEMROOT%\Cursors\I_arrow.cur,%SYSTEMROOT%\Cursors\I_help.cur,%SYSTEMROOT%\Cursors\I_wait.cur,%SYSTEMROOT%\Cursors\I_busy.cur,%SYSTEMROOT%\Cursors\I_cross.cur,%SYSTEMROOT%\Cursors\I_beam.cur,%SYSTEMROOT%\Cursors\I_pen.cur,%SYSTEMROOT%\Cursors\I_no.cur,%SYSTEMROOT%\Cursors\I_size4.cur,%SYSTEMROOT%\Cursors\I_size3.cur,%SYSTEMROOT%\Cursors\I_size2.cur,%SYSTEMROOT%\Cursors\I_size1.cur,%SYSTEMROOT%\Cursors\I_move.cur,%SYSTEMROOT%\Cursors\I_up.cur,"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\DocFolderPaths]
"\20\0044\4<\48\4=\48\4A\4B\4@\0040\4B\4>\4@\4"="C:\Documents and Settings\4<8=8AB@0B>@\>8 4>:C<5=BK"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Windows Sidebar]
"\30\0047\0044\0040\4B\0045\4;\4L\4"=">@?>@0F8O 09:@>A>DB"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Fonts]
"Il\16_A~\22\x201aSO ?(?T?r?u?e?T?y?p?e?)?"="HDZB_10.TTF"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\GrpConv\MapGroups]
"\30\0043\4@\4K\4"="!B0=40@B=K5\3@K"

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0


[b]Remaining Services [/b]:




Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\uTorrent\\utorrent.exe"="C:\\Program Files\\uTorrent\\utorrent.exe:*:Enabled:Torrent"
"C:\\Program Files\\Skype\\Phone\\Skype.exe"="C:\\Program Files\\Skype\\Phone\\Skype.exe:*:Enabled:Skype"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

[b]Remaining Files [/b]:



[b]Files with Hidden Attributes [/b]:

Tue 15 Nov 2005        78,104 ..SHR --- "C:\Program Files\Autodesk\Autodesk DWF Viewer\Setup.exe"
Tue 15 Nov 2005        12,912 A.SHR --- "C:\Program Files\Autodesk\Autodesk DWF Viewer\_Setupx.dll"

[b]Finished![/b]

