wklejto.pl

Dodane przez: ~mgm (2008-07-01 16:04) -> text
1.
2.
3.
4.
5.
6.
7.
8.
9.
10.
11.
12.
13.
14.
15.
16.
17.
18.
19.
20.
21.
22.
23.
24.
25.
26.
27.
28.
29.
30.
31.
32.
33.
34.
35.
36.
37.
38.
39.
40.
41.
42.
43.
44.
45.
46.
47.
48.
49.
50.
51.
52.
53.
54.
55.
56.
57.
58.
59.
60.
61.
62.
63.
64.
65.
66.
67.
68.
69.
70.
71.
72.
73.
74.
75.
76.
77.
78.
79.
80.
81.
82.
83.
84.
85.
86.
87.
88.
89.
90.
91.
92.
93.
94.
95.
96.
97.
98.
99.
100.
101.
102.
103.
104.
105.
106.
107.
108.
109.
110.
111.
112.
113.
114.
115.
116.
117.
118.
119.
120.
121.
122.
123.
124.
125.
126.
127.
128.
129.
130.
131.
132.
133.
134.
 
[b]SDFix: Version 1.199 [/b]
Run by Marta on 2008-07-01 at 15:23
 
Microsoft Windows XP [Wersja 5.1.2600]
Running From: C:\\SDFix
 
[b]Checking Services [/b]:
 
 
Restoring Default Security Values
Restoring Default Hosts File
 
Rebooting
 
 
[b]Checking Files [/b]: 
 
Trojan Files Found:
 
C:\\WINDOWS\\system32\\svrhost.exe  - Deleted
 
 
 
 
 
Removing Temp Files
 
[b]ADS Check [/b]:
 
 
 
                                 [b]Final Check [/b]:
 
catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-01 15:41:05
Windows 5.1.2600 Dodatek Service Pack 3 NTFS
 
scanning hidden processes ...
 
scanning hidden services & system hive ...
 
[HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Services\\sptd\\Cfg\\0D79C293C1ED61418462E24595C90D04]
\"h0\"=dword:00000000
\"ujdew\"=hex:33,c6,4d,0d,3b,6b,f9,22,5c,17,54,31,10,f3,b8,79,38,77,28,86,4d,..
[HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\sptd\\Cfg]
\"s1\"=dword:2df9c43f
\"s2\"=dword:110480d0
\"h0\"=dword:00000001
 
[HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\sptd\\Cfg\\0D79C293C1ED61418462E24595C90D04]
\"h0\"=dword:00000000
\"ujdew\"=hex:33,c6,4d,0d,3b,6b,f9,22,5c,17,54,31,10,f3,b8,79,38,77,28,86,4d,..
[HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet003\\Services\\sptd\\Cfg\\0D79C293C1ED61418462E24595C90D04]
\"h0\"=dword:00000000
\"ujdew\"=hex:33,c6,4d,0d,3b,6b,f9,22,5c,17,54,31,10,f3,b8,79,38,77,28,86,4d,..
[HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet004\\Services\\sptd\\Cfg\\0D79C293C1ED61418462E24595C90D04]
\"h0\"=dword:00000000
\"ujdew\"=hex:33,c6,4d,0d,3b,6b,f9,22,5c,17,54,31,10,f3,b8,79,38,77,28,86,4d,..
[HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet005\\Services\\sptd\\Cfg\\0D79C293C1ED61418462E24595C90D04]
\"h0\"=dword:00000000
\"ujdew\"=hex:33,c6,4d,0d,3b,6b,f9,22,5c,17,54,31,10,f3,b8,79,38,77,28,86,4d,..
[HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet006\\Services\\sptd\\Cfg\\0D79C293C1ED61418462E24595C90D04]
\"h0\"=dword:00000000
\"ujdew\"=hex:33,c6,4d,0d,3b,6b,f9,22,5c,17,54,31,10,f3,b8,79,38,77,28,86,4d,..
 
scanning hidden registry entries ...
 
[HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Shell Extensions\\Approved\\{8CB72269-629D-3400-2576-3A06B4DA9527}]
\"iakjnbiniiabgbkhkm\"=hex:69,61,70,66,62,62,6e,6b,6d,6f,70,67,6a,68,6e,68,64,61,00,00
\"haekllnjdagooihm\"=hex:69,61,70,66,62,62,6e,6b,6d,6f,70,67,6a,68,6e,68,64,61,00,00
\"oajjngpommnhkndhkjipacfbmkohha\"=hex:61,69,6c,67,6b,63,63,63,66,66,6c,62,6f,6b,6e,66,65,6c,61,70,6e,..
[HKEY_CURRENT_USER\\Software\\Microsoft\\Windows NT\\CurrentVersion\\Twain]
\"y\\1r?ó?d?B\\1o? ?d?o?m?y?[\\1l?n?e?\"=\"C:\\WINDOWS\\Twain_32\\hpsj_0006\\hpsj_0006.ds\"
 
scanning hidden files ...
 
scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0
 
 
[b]Remaining Services [/b]:
 
 
 
 
Authorized Application Key Export:
 
[HKEY_LOCAL_MACHINE\\system\\currentcontrolset\\services\\sharedaccess\\parameters\\firewallpolicy\\standardprofile\\authorizedapplications\\list]
\"C:\\\\Program Files\\\\BitTornado\\\\btdownloadgui.exe\"=\"C:\\\\Program Files\\\\BitTornado\\\\btdownloadgui.exe:*:Enabled:btdownloadgui\"
\"C:\\\\Program Files\\\\Microsoft Office\\\\Office12\\\\OUTLOOK.EXE\"=\"C:\\\\Program Files\\\\Microsoft Office\\\\Office12\\\\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook\"
\"C:\\\\Program Files\\\\Microsoft Office\\\\Office12\\\\GROOVE.EXE\"=\"C:\\\\Program Files\\\\Microsoft Office\\\\Office12\\\\GROOVE.EXE:*:Enabled:Microsoft Office Groove\"
\"C:\\\\Program Files\\\\Microsoft Office\\\\Office12\\\\ONENOTE.EXE\"=\"C:\\\\Program Files\\\\Microsoft Office\\\\Office12\\\\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote\"
\"C:\\\\Documents and Settings\\\\Marta\\\\Moje dokumenty\\\\Nowy folder\\\\utorrent.exe\"=\"C:\\\\Documents and Settings\\\\Marta\\\\Moje dokumenty\\\\Nowy folder\\\\utorrent.exe:*:Enabled:µTorrent\"
\"C:\\\\WINDOWS\\\\system32\\\\rtcshare.exe\"=\"C:\\\\WINDOWS\\\\system32\\\\rtcshare.exe:*:Enabled:Udostępnianie aplikacji RTC\"
\"F:\\\\BEAR SHARE\\\\BearShare.exe\"=\"F:\\\\BEAR SHARE\\\\BearShare.exe:*:Enabled:BearShare\"
\"C:\\\\Program Files\\\\BearShare Applications\\\\BearShare\\\\BearShare.exe\"=\"C:\\\\Program Files\\\\BearShare Applications\\\\BearShare\\\\BearShare.exe:*:Enabled:BearShare\"
\"C:\\\\Program Files\\\\Nokia\\\\Nokia Software Updater\\\\nsu_ui_client.exe\"=\"C:\\\\Program Files\\\\Nokia\\\\Nokia Software Updater\\\\nsu_ui_client.exe:*:Enabled:Nokia Software Updater\"
\"C:\\\\Program Files\\\\Common Files\\\\Nokia\\\\Service Layer\\\\A\\\\nsl_host_process.exe\"=\"C:\\\\Program Files\\\\Common Files\\\\Nokia\\\\Service Layer\\\\A\\\\nsl_host_process.exe:*:Enabled:Nokia Service Layer Host Process \"
\"%windir%\\\\system32\\\\sessmgr.exe\"=\"%windir%\\\\system32\\\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019\"
\"%windir%\\\\Network Diagnostic\\\\xpnetdiag.exe\"=\"%windir%\\\\Network Diagnostic\\\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000\"
\"C:\\\\Program Files\\\\Windows Live\\\\Messenger\\\\msnmsgr.exe\"=\"C:\\\\Program Files\\\\Windows Live\\\\Messenger\\\\msnmsgr.exe:*:Enabled:Windows Live Messenger\"
\"C:\\\\Program Files\\\\Windows Live\\\\Messenger\\\\livecall.exe\"=\"C:\\\\Program Files\\\\Windows Live\\\\Messenger\\\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)\"
 
[HKEY_LOCAL_MACHINE\\system\\currentcontrolset\\services\\sharedaccess\\parameters\\firewallpolicy\\domainprofile\\authorizedapplications\\list]
\"%windir%\\\\system32\\\\sessmgr.exe\"=\"%windir%\\\\system32\\\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019\"
\"%windir%\\\\Network Diagnostic\\\\xpnetdiag.exe\"=\"%windir%\\\\Network Diagnostic\\\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000\"
\"C:\\\\Program Files\\\\Windows Live\\\\Messenger\\\\msnmsgr.exe\"=\"C:\\\\Program Files\\\\Windows Live\\\\Messenger\\\\msnmsgr.exe:*:Enabled:Windows Live Messenger\"
\"C:\\\\Program Files\\\\Windows Live\\\\Messenger\\\\livecall.exe\"=\"C:\\\\Program Files\\\\Windows Live\\\\Messenger\\\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)\"
 
[b]Remaining Files [/b]:
 
 
File Backups: - C:\\SDFix\\backups\\backups.zip
 
[b]Files with Hidden Attributes [/b]:
 
Wed 18 Jun 2008            88 ..SHR --- \"C:\\Documents and Settings\\All Users\\Dane aplikacji\\456FBDBD0E.sys\"
Wed 18 Jun 2008           848 A.SH. --- \"C:\\Documents and Settings\\All Users\\Dane aplikacji\\KGyGaAvL.sys\"
Wed  9 May 2007         4,348 ..SH. --- \"C:\\Documents and Settings\\All Users\\DRM\\DRMv1.bak\"
Thu  1 Nov 2007        61,440 ...H. --- \"C:\\Documents and Settings\\Marta\\Moje dokumenty\\~WRL0001.tmp\"
Sun 28 Oct 2007        26,624 ...H. --- \"C:\\Documents and Settings\\Marta\\Moje dokumenty\\~WRL0004.tmp\"
Wed 20 Jun 2007        22,016 ...H. --- \"C:\\Documents and Settings\\Marta\\Moje dokumenty\\~WRL1504.tmp\"
Sun  3 Jun 2007       237,056 ...H. --- \"C:\\Documents and Settings\\Marta\\Pulpit\\~WRL0004.tmp\"
Sun 17 Jun 2007        54,272 ...H. --- \"C:\\Documents and Settings\\Marta\\Pulpit\\~WRL3404.tmp\"
Fri 21 Sep 2007             0 A..H. --- \"C:\\WINDOWS\\SoftwareDistribution\\Download\\8d097da1e8c89a333191843e23dfc161\\BIT1.tmp\"
Wed  7 May 2008             0 A..H. --- \"C:\\WINDOWS\\SoftwareDistribution\\Download\\bb094e9f8c2d7d8ec9a15b1be70e1f47\\BIT1.tmp\"
Wed 14 May 2008       156,160 ...H. --- \"C:\\Documents and Settings\\Marta\\Dane aplikacji\\Microsoft\\Word\\~WRL3601.tmp\"
 
[b]Finished![/b]
 
 
Wygenerowano w 0.049s, przy pomocy GeSHi 1.0.8
'
Podziel się na Facebook Podziel się na BLIP Podziel się na Twitter Podziel się na Buzz Podziel się na Flaker Dodaj zakładkę Google Podziel się na Delicious Wykop to!

Nowy Komentarz:

Komentarze:

Brak Komentarzy!