[b]SDFix: Version 1.177 [/b] Run by Administrator on 30.04.2008 at 17:26 Microsoft Windows XP [Version 5.1.2600] Running From: C:\DOKUME~1\Heitmann\Desktop\sdfix\SDFix [b]Checking Services [/b]: Restoring Windows Registry Values Restoring Windows Default Hosts File Rebooting [b]Checking Files [/b]: No Trojan Files Found Removing Temp Files [b]ADS Check [/b]: [b]Final Check [/b]: catchme 0.3.1353.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-04-30 18:25:40 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden services & system hive ... [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg] "s1"=dword:7f64c304 "s2"=dword:655931fb "h0"=dword:00000002 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04] "p0"="C:\Programme\Alcohol Soft\Alcohol 120\" "h0"=dword:00000000 "ujdew"=hex:e7,31,17,84,6e,53,36,0c,de,83,db,a7,77,4a,3e,3c,89,45,cb,54,b0,.. [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4] "p0"="C:\Programme\DAEMON Tools Lite\" "h0"=dword:00000001 "khjeh"=hex:7c,64,30,92,f5,58,68,77,18,2e,92,4d,5f,36,ef,0d,55,62,c7,db,93,.. [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001] "a0"=hex:20,01,00,00,79,02,76,90,d6,3b,fe,b8,99,b6,71,95,07,7f,ef,7c,4f,.. "khjeh"=hex:17,17,e4,1e,76,a9,2d,8c,77,b1,30,ea,31,5d,09,37,39,f9,5c,f2,5f,.. [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40] "khjeh"=hex:06,26,32,f0,71,0c,c4,84,4d,8f,0e,c4,02,e4,19,31,dc,ee,b8,ed,45,.. [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41] "khjeh"=hex:06,26,32,f0,71,0c,c4,84,4d,8f,0e,c4,02,e4,19,31,dc,ee,b8,ed,45,.. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04] "p0"="C:\Programme\Alcohol Soft\Alcohol 120\" "h0"=dword:00000000 "ujdew"=hex:e7,31,17,84,6e,53,36,0c,de,83,db,a7,77,4a,3e,3c,89,45,cb,54,b0,.. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4] "p0"="C:\Programme\DAEMON Tools Lite\" "h0"=dword:00000001 "khjeh"=hex:7c,64,30,92,f5,58,68,77,18,2e,92,4d,5f,36,ef,0d,55,62,c7,db,93,.. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001] "a0"=hex:20,01,00,00,79,02,76,90,d6,3b,fe,b8,99,b6,71,95,07,7f,ef,7c,4f,.. "khjeh"=hex:17,17,e4,1e,76,a9,2d,8c,77,b1,30,ea,31,5d,09,37,39,f9,5c,f2,5f,.. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40] "khjeh"=hex:06,26,32,f0,71,0c,c4,84,4d,8f,0e,c4,02,e4,19,31,dc,ee,b8,ed,45,.. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41] "khjeh"=hex:06,26,32,f0,71,0c,c4,84,4d,8f,0e,c4,02,e4,19,31,dc,ee,b8,ed,45,.. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04] "p0"="C:\Programme\Alcohol Soft\Alcohol 120\" "h0"=dword:00000000 "ujdew"=hex:e7,31,17,84,6e,53,36,0c,de,83,db,a7,77,4a,3e,3c,89,45,cb,54,b0,.. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4] "p0"="C:\Programme\DAEMON Tools Lite\" "h0"=dword:00000001 "khjeh"=hex:7c,64,30,92,f5,58,68,77,18,2e,92,4d,5f,36,ef,0d,55,62,c7,db,93,.. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001] "a0"=hex:20,01,00,00,79,02,76,90,d6,3b,fe,b8,99,b6,71,95,07,7f,ef,7c,4f,.. "khjeh"=hex:17,17,e4,1e,76,a9,2d,8c,77,b1,30,ea,31,5d,09,37,39,f9,5c,f2,5f,.. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40] "khjeh"=hex:06,26,32,f0,71,0c,c4,84,4d,8f,0e,c4,02,e4,19,31,dc,ee,b8,ed,45,.. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41] "khjeh"=hex:06,26,32,f0,71,0c,c4,84,4d,8f,0e,c4,02,e4,19,31,dc,ee,b8,ed,45,.. scanning hidden registry entries ... scanning hidden files ... scan completed successfully hidden processes: 0 hidden services: 0 hidden files: 31 [b]Remaining Services [/b]: Authorized Application Key Export: [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "C:\\Programme\\QIP\\qip.exe"="C:\\Programme\\QIP\\qip.exe:*:Enabled:Quiet Internet Pager" "C:\\Programme\\Microsoft Office\\Office12\\OUTLOOK.EXE"="C:\\Programme\\Microsoft Office\\Office12\\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook" "C:\\Programme\\Microsoft Office\\Office12\\GROOVE.EXE"="C:\\Programme\\Microsoft Office\\Office12\\GROOVE.EXE:*:Enabled:Microsoft Office Groove" "C:\\Programme\\Microsoft Office\\Office12\\ONENOTE.EXE"="C:\\Programme\\Microsoft Office\\Office12\\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote" "%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "C:\\Programme\\Macromedia\\Dreamweaver 8\\Dreamweaver.exe"="C:\\Programme\\Macromedia\\Dreamweaver 8\\Dreamweaver.exe:*:Enabled:Dreamweaver 8" "C:\\WINDOWS\\system32\\dplaysvr.exe"="C:\\WINDOWS\\system32\\dplaysvr.exe:*:Enabled:Microsoft DirectPlay Helper" "C:\\Programme\\Rockstar Games\\GTA2\\gta2.exe"="C:\\Programme\\Rockstar Games\\GTA2\\gta2.exe:*:Enabled:GTA2 main executable" "C:\\Programme\\DVBViewer\\DVBServer.exe"="C:\\Programme\\DVBViewer\\DVBServer.exe:*:Enabled:DVBViewer Pro NetworkServer" "D:\\Media\\Tactical ops\\System\\TacticalOps.exe"="D:\\Media\\Tactical ops\\System\\TacticalOps.exe:*:Enabled:TacticalOps" "D:\\Media\\Tactical ops cheat\\System\\TacticalOps.exe"="D:\\Media\\Tactical ops cheat\\System\\TacticalOps.exe:*:Enabled:TacticalOps" "C:\\Programme\\ICQ6\\ICQ.exe"="C:\\Programme\\ICQ6\\ICQ.exe:*:Enabled:ICQ6" "C:\\Programme\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Programme\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger" "C:\\Programme\\Windows Live\\Messenger\\livecall.exe"="C:\\Programme\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)" "C:\\Programme\\Bonjour\\mDNSResponder.exe"="C:\\Programme\\Bonjour\\mDNSResponder.exe:*:Enabled:Bonjour" "C:\\Programme\\iTunes\\iTunes.exe"="C:\\Programme\\iTunes\\iTunes.exe:*:Enabled:iTunes" "C:\\Programme\\Spamihilator\\dccproc.exe"="C:\\Programme\\Spamihilator\\dccproc.exe:*:Enabled:dccproc" "C:\\Programme\\Veoh Networks\\Veoh\\VeohClient.exe"="C:\\Programme\\Veoh Networks\\Veoh\\VeohClient.exe:*:Enabled:Veoh Client" [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "C:\\Programme\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Programme\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger" "C:\\Programme\\Windows Live\\Messenger\\livecall.exe"="C:\\Programme\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)" [b]Remaining Files [/b]: File Backups: - C:\DOKUME~1\Heitmann\Desktop\sdfix\SDFix\backups\backups.zip [b]Files with Hidden Attributes [/b]: Thu 10 Apr 2008 72 ..SH. --- "C:\WINDOWS\S527B1825.tmp" Mon 28 Jan 2008 1,404,240 A.SHR --- "C:\Programme\Spybot - Search & Destroy\SDUpdate.exe" Mon 28 Jan 2008 5,146,448 A.SHR --- "C:\Programme\Spybot - Search & Destroy\SpybotSD.exe" Mon 28 Jan 2008 2,097,488 A.SHR --- "C:\Programme\Spybot - Search & Destroy\TeaTimer.exe" Fri 25 Jan 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\0a67b6c406b1d7e0f5c1e6f6d44a3f6e\BIT9.tmp" Wed 23 Jan 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\1465040073c1369a804d4781c6028d16\BIT28.tmp" Fri 25 Jan 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\18b19374451d28a8fbaf1939cf31ff45\BITC.tmp" Fri 25 Jan 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\26924cbc8132a10b438ce6e2b49d4652\BIT8.tmp" Fri 25 Jan 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\2d9afc485ff57441ce14a08241df89e8\BITE.tmp" Wed 23 Jan 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\3e19b207a1881f6bd4b9258481ec8a33\BIT27.tmp" Tue 22 Jan 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\57591e6a55ce2be7cac231e51e4ccf92\BIT12.tmp" Wed 23 Jan 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\67c3915d5da877a91646b44186bc9377\BIT2B.tmp" Wed 23 Jan 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\965222022b8748e4a3a02d1faa748a3c\BIT2A.tmp" Wed 23 Jan 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\9df5b5ae0e37d4de6aa55dcad50daf42\BIT25.tmp" Fri 25 Jan 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\ad2d37be81d37204b0a12680c06ffd51\BITB.tmp" Fri 25 Jan 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\d77b9b5b8fed23dd91f50d167cce60d3\BITD.tmp" Wed 23 Jan 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\dea07cea60c5eb7a13232eafd8384a1e\BIT29.tmp" Wed 23 Jan 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\e4c09e907811fc4c3fafcc970c1720b3\BIT22.tmp" Fri 25 Jan 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\ed6c7531380802fe7c2504f3909edb19\BITA.tmp" Wed 30 Apr 2008 65,536 A..H. --- "C:\Dokumente und Einstellungen\Heitmann\Lokale Einstellungen\Anwendungsdaten\Microsoft\Outlook\~Outlook.pst.tmp" [b]Finished![/b]