
[b]SDFix: Version 1.180 [/b]
Run by Kraus on 2008-05-06 at 20:06

Microsoft Windows XP [Version 5.1.2600]
Running From: C:\SDFix

[b]Checking Services [/b]:


Restoring Windows Registry Values
Restoring Windows Default Hosts File

Rebooting


[b]Checking Files [/b]: 

Trojan Files Found:

C:\WINDOWS\pics00.zip - Deleted
C:\WINDOWS\pics01.zip - Deleted
C:\WINDOWS\pics06.zip - Deleted
C:\WINDOWS\pics08.zip - Deleted
C:\WINDOWS\system32\1.tmp - Deleted





Removing Temp Files

[b]ADS Check [/b]:
 


                                 [b]Final Check [/b]:

catchme 0.3.1353.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-06 20:15:08
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg]
"s1"=dword:2df9c43f
"s2"=dword:110480d0
"h0"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="C:\Programme\DAEMON Tools\"
"h0"=dword:00000000
"khjeh"=hex:63,39,ab,62,c0,a7,7f,04,f1,72,b3,9b,7b,4a,d2,ea,a8,09,70,c4,2b,..

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,23,2d,1b,be,68,2d,81,5c,5f,a2,b3,25,55,51,cf,57,85,..
"khjeh"=hex:5d,5e,7d,32,09,f7,19,6d,49,b0,c0,21,08,38,2b,7f,b8,8c,2c,f9,dd,..

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:3c,db,05,14,2d,0b,77,47,e9,de,d3,d5,8a,47,24,64,38,39,b1,ee,7e,..

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41]
"khjeh"=hex:9d,58,81,7b,a9,70,49,0a,c7,4e,16,a6,f2,fd,da,eb,2f,38,ce,10,de,..

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42]
"khjeh"=hex:f0,37,fb,e9,2c,ee,ca,18,b0,af,67,1f,64,06,05,14,b3,e2,6b,2a,9a,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="C:\Programme\DAEMON Tools\"
"h0"=dword:00000000
"khjeh"=hex:63,39,ab,62,c0,a7,7f,04,f1,72,b3,9b,7b,4a,d2,ea,a8,09,70,c4,2b,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,23,2d,1b,be,68,2d,81,5c,5f,a2,b3,25,55,51,cf,57,85,..
"khjeh"=hex:5d,5e,7d,32,09,f7,19,6d,49,b0,c0,21,08,38,2b,7f,b8,8c,2c,f9,dd,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:3c,db,05,14,2d,0b,77,47,e9,de,d3,d5,8a,47,24,64,38,39,b1,ee,7e,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41]
"khjeh"=hex:9d,58,81,7b,a9,70,49,0a,c7,4e,16,a6,f2,fd,da,eb,2f,38,ce,10,de,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42]
"khjeh"=hex:f0,37,fb,e9,2c,ee,ca,18,b0,af,67,1f,64,06,05,14,b3,e2,6b,2a,9a,..

scanning hidden registry entries ...

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""
"DeviceNotSelectedTimeout"="15"
"GDIProcessHandleQuota"=dword:00002710
"Spooler"="yes"
"swapdisk"=""
"TransmissionRetryTimeout"="90"
"USERProcessHandleQuota"=dword:00002710
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{87E494A9-88EB-73AB-C04A-F77E8E096A2D}]

scanning hidden files ...


scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 400


[b]Remaining Services [/b]:




Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"E:\\Steam\\Steam.exe"="E:\\Steam\\Steam.exe:*:Enabled:Steam"
"C:\\Programme\\ICQ6\\ICQ.exe"="C:\\Programme\\ICQ6\\ICQ.exe:*:Enabled:ICQ6"
"C:\\Programme\\uTorrent\\uTorrent.exe"="C:\\Programme\\uTorrent\\uTorrent.exe:*:Enabled:æTorrent"
"E:\\Steam\\SteamApps\\lobof10\\counter-strike source\\hl2.exe"="E:\\Steam\\SteamApps\\lobof10\\counter-strike source\\hl2.exe:*:Enabled:hl2"
"C:\\Programme\\LimeWire\\LimeWire.exe"="C:\\Programme\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"
"C:\\Programme\\XLink Kai Evolution VII\\kaiLaunch.exe"="C:\\Programme\\XLink Kai Evolution VII\\kaiLaunch.exe:*:Enabled:XLink Kai Evolution 7 Launcher"
"C:\\Programme\\XLink Kai Evolution VII\\kaiEngine.exe"="C:\\Programme\\XLink Kai Evolution VII\\kaiEngine.exe:*:Enabled:XLink Kai Evolution 7 Engine"
"C:\\Programme\\Electronic Arts\\Crytek\\Crysis\\Bin32\\Crysis.exe"="C:\\Programme\\Electronic Arts\\Crytek\\Crysis\\Bin32\\Crysis.exe:*:Enabled:Crysis_32"
"C:\\Programme\\Electronic Arts\\Crytek\\Crysis\\Bin32\\CrysisDedicatedServer.exe"="C:\\Programme\\Electronic Arts\\Crytek\\Crysis\\Bin32\\CrysisDedicatedServer.exe:*:Enabled:CrysisDedicatedServer_32"
"C:\\WINDOWS\\system32\\PnkBstrA.exe"="C:\\WINDOWS\\system32\\PnkBstrA.exe:*:Enabled:PnkBstrA"
"C:\\WINDOWS\\system32\\PnkBstrB.exe"="C:\\WINDOWS\\system32\\PnkBstrB.exe:*:Enabled:PnkBstrB"
"E:\\HELLGATE London\\Launcher.exe"="E:\\HELLGATE London\\Launcher.exe:*:Enabled:Hellgate: London"
"E:\\Steam\\SteamApps\\lobof10\\team fortress 2\\hl2.exe"="E:\\Steam\\SteamApps\\lobof10\\team fortress 2\\hl2.exe:*:Enabled:hl2"
"C:\\Programme\\Teamspeak2_RC2\\TeamSpeak.exe"="C:\\Programme\\Teamspeak2_RC2\\TeamSpeak.exe:*:Enabled:TeamSpeak.exe"
"C:\\Programme\\Lavasoft\\Ad-Aware 2007\\Ad-Aware2007.exe"="C:\\Programme\\Lavasoft\\Ad-Aware 2007\\Ad-Aware2007.exe:*:Enabled:Ad-Aware 2007"
"C:\\Programme\\PiMPWare\\PiMPStreamer\\PimpStreamer.exe"="C:\\Programme\\PiMPWare\\PiMPStreamer\\PimpStreamer.exe:*:Enabled:PimpStreamer, Streams video from PC to PSP Realtime!"
"C:\\Programme\\FlashGet\\flashget.exe"="C:\\Programme\\FlashGet\\flashget.exe:*:Enabled:Flashget"
"E:\\Guitar Hero III\\gh3.exe"="E:\\Guitar Hero III\\gh3.exe:*:Enabled:Guitar Hero III"
"C:\\Programme\\XCom Media Server\\XCom Media Server.exe"="C:\\Programme\\XCom Media Server\\XCom Media Server.exe:*:Enabled:XCom Media Server"
"C:\\Programme\\Internet Explorer\\iexplore.exe"="C:\\Programme\\Internet Explorer\\iexplore.exe:*:Enabled:Internet Explorer"
"C:\\Programme\\Microsoft Office\\OFFICE11\\WINWORD.EXE"="C:\\Programme\\Microsoft Office\\OFFICE11\\WINWORD.EXE:*:Enabled:Microsoft Office Word"
"E:\\Severance BOD\\Bin\\Blade.exe"="E:\\Severance BOD\\Bin\\Blade.exe:*:Enabled:Blade"
"E:\\Programme\\Soldier of Fortune II - Double Helix\\SoF2MP.exe"="E:\\Programme\\Soldier of Fortune II - Double Helix\\SoF2MP.exe:*:Enabled:SoF2MP"
"E:\\Soldat\\Soldat.exe"="E:\\Soldat\\Soldat.exe:*:Enabled:Soldat"
"E:\\Tremulous\\tremulous.exe"="E:\\Tremulous\\tremulous.exe:*:Enabled:tremulous"
"E:\\Quake Wars ET\\etqw.exe"="E:\\Quake Wars ET\\etqw.exe:*:Enabled:Enemy Territory - QUAKE Wars(TM)"
"E:\\Quake Wars ET\\etqwded.exe"="E:\\Quake Wars ET\\etqwded.exe:*:Enabled:etqwded.exe"
"E:\\Unreal Tournament 3\\Binaries\\UT3.exe"="E:\\Unreal Tournament 3\\Binaries\\UT3.exe:*:Enabled:Unreal Tournament 3"
"C:\\Programme\\Skype\\Phone\\Skype.exe"="C:\\Programme\\Skype\\Phone\\Skype.exe:*:Enabled:Skype"
"E:\\LBZ 3D\\lbzwin.exe"="E:\\LBZ 3D\\lbzwin.exe:*:Enabled:lbzwin"
"C:\\Programme\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Programme\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Programme\\Windows Live\\Messenger\\livecall.exe"="C:\\Programme\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"C:\\Programme\\Bonjour\\mDNSResponder.exe"="C:\\Programme\\Bonjour\\mDNSResponder.exe:*:Enabled:Bonjour"
"E:\\Steam\\SteamApps\\common\\trackmania nations forever\\TmForever.exe"="E:\\Steam\\SteamApps\\common\\trackmania nations forever\\TmForever.exe:*:Enabled:TmForever"
"C:\\Programme\\iTunes\\iTunes.exe"="C:\\Programme\\iTunes\\iTunes.exe:*:Enabled:iTunes"
"C:\\Programme\\Microsoft Games\\Gears of War\\Binaries\\WarGame-G4WLive.exe"="C:\\Programme\\Microsoft Games\\Gears of War\\Binaries\\WarGame-G4WLive.exe:*:Enabled:Gears of War"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Programme\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Programme\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Programme\\Windows Live\\Messenger\\livecall.exe"="C:\\Programme\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

[b]Remaining Files [/b]:


File Backups: - C:\SDFix\backups\backups.zip

[b]Files with Hidden Attributes [/b]:

Mon 24 Dec 2007        71,168 ..SHR --- "C:\Programme\Rebellious Antics\Unreal Tournament 3 Tweaker\Setup.exe"
Thu  1 Nov 2007             0 A.SH. --- "C:\Dokumente und Einstellungen\All Users\DRM\Cache\Indiv01.tmp"
Fri 19 Oct 2007             0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\4214e891c3a19cb7fc83127f6f533b6b\BIT12.tmp"
Thu 20 Mar 2008             0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\52ce26fea0efba79c7052e71b88e981f\BIT8C.tmp"
Fri 19 Oct 2007             0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\5c80d806f8f03b0af859e03ecb7a6a49\BIT20.tmp"
Fri 19 Oct 2007             0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\5df103cbcc544871e14d2dd9b2c2ebfc\BIT1E.tmp"
Fri 19 Oct 2007             0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\604af8087284f4e1493f6d2152b55530\BITF.tmp"
Fri 19 Oct 2007     1,077,984 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\69d42ba1dcdecb87ba29a43e82a3a4b9\BITD.tmp"
Fri 19 Oct 2007             0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\6ddfa67684fb30b37de3a1cfe824730f\BIT16.tmp"
Fri 19 Oct 2007             0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\744079f6cd2707e1a1bbb22c6a538eba\BIT1F.tmp"
Fri 19 Oct 2007             0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\b08a58e6a7f421670f6cfa82692699f5\BIT1C.tmp"
Thu  1 Sep 2005         1,363 A..H. --- "C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Microsoft\lTqLYw8O\mc4zuqlplH4.tmp"
Mon  9 Oct 2006         1,345 A..H. --- "C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Microsoft\lTqLYw8O\P8MAGHzCa6AZ.tmp"
Tue  5 Jun 2007         1,263 A..H. --- "C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\PACE Anti-Piracy\TqLYw8OsS\mc4zuqlplH4.tmp"
Wed 25 Jul 2007         1,418 A..H. --- "C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\PACE Anti-Piracy\TqLYw8OsS\P8MAGHzCa6AZ.tmp"

[b]Finished![/b]