SDFix: Version 1.240
Run by M Budding on za 07-03-2009 at 09:35
Microsoft Windows XP [versie 5.1.2600]
Running From: C:\SDFix
Checking Services :
Restoring Default Security Values
Restoring Default Hosts File
Rebooting
Checking Files :
No Trojan Files Found
Removing Temp Files
ADS Check :
Final Check :
catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.net
Rootkit scan 2009-03-07 09:45:49
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden services & system hive ...
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg]
"s1"=dword:2df9c43f
"s2"=dword:110480d0
"h0"=dword:00000001
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="D:\Program Files\DAEMON Tools\"
"h0"=dword:00000000
"khjeh"=hex:aa,15,45,5f,6f,67,b9,d2,ca,c5,90,69,95,31,5e,d5,da,b5,d3,bd,f5,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,08,34,72,e4,e9,9b,83,a8,40,10,d8,a8,6c,f1,32,35,ce,..
"khjeh"=hex:45,73,10,8d,ff,33,d3,0f,aa,e9,b6,29,cb,ff,4d,a2,8a,5e,ff,8d,d0,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:5e,83,dc,a2,8f,b9,c1,9f,a5,a6,ec,d4,cf,2e,8b,8c,17,c4,55,e5,df,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="D:\Program Files\DAEMON Tools\"
"h0"=dword:00000000
"khjeh"=hex:aa,15,45,5f,6f,67,b9,d2,ca,c5,90,69,95,31,5e,d5,da,b5,d3,bd,f5,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,08,34,72,e4,e9,9b,83,a8,40,10,d8,a8,6c,f1,32,35,ce,..
"khjeh"=hex:45,73,10,8d,ff,33,d3,0f,aa,e9,b6,29,cb,ff,4d,a2,8a,5e,ff,8d,d0,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:5e,83,dc,a2,8f,b9,c1,9f,a5,a6,ec,d4,cf,2e,8b,8c,17,c4,55,e5,df,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="D:\Program Files\DAEMON Tools\"
"h0"=dword:00000000
"khjeh"=hex:aa,15,45,5f,6f,67,b9,d2,ca,c5,90,69,95,31,5e,d5,da,b5,d3,bd,f5,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,08,34,72,e4,e9,9b,83,a8,40,10,d8,a8,6c,f1,32,35,ce,..
"khjeh"=hex:45,73,10,8d,ff,33,d3,0f,aa,e9,b6,29,cb,ff,4d,a2,8a,5e,ff,8d,d0,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:5e,83,dc,a2,8f,b9,c1,9f,a5,a6,ec,d4,cf,2e,8b,8c,17,c4,55,e5,df,..
scanning hidden registry entries ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0
Remaining Services :
Authorized Application Key Export:
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled
xpsp2res.dll,-22019"
"F:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"="F:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"F:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"="F:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE:*:Enabled:Microsoft Office Groove"
"F:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"="F:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"="C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"="C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE:*:Enabled:Microsoft Office Groove"
"C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"="C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"="C:\\Program Files\\Bonjour\\mDNSResponder.exe:*:Enabled:Bonjour"
"D:\\Program Files\\IBP 9\\IBP.exe"="D:\\Program Files\\IBP 9\\IBP.exe:*:Enabled:Internet Business Promoter (IBP)"
"D:\\Program Files\\IBP 10\\IBP.exe"="D:\\Program Files\\IBP 10\\IBP.exe:*:Enabled:Internet Business Promoter (IBP)"
"D:\\Program Files\\LimeWire\\LimeWire.exe"="D:\\Program Files\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled
xpsp3res.dll,-20000"
"D:\\Program Files\\AVG\\AVG8\\avgupd.exe"="D:\\Program Files\\AVG\\AVG8\\avgupd.exe:*:Enabled:avgupd.exe"
"C:\\wamp\\bin\\apache\\Apache2.2.11\\bin\\httpd.exe"="C:\\wamp\\bin\\apache\\Apache2.2.11\\bin\\httpd.exe:*:Enabled:Apache HTTP Server"
"C:\\Program Files\\SeNuke\\Loader.exe"="C:\\Program Files\\SeNuke\\Loader.exe:*:Enabled:Loader"
"D:\\Program Files\\uTorrent\\uTorrent.exe"="D:\\Program Files\\uTorrent\\uTorrent.exe:*:Enabled:æTorrent"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled
xpsp2res.dll,-22019"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled
xpsp3res.dll,-20000"
Remaining Files :
Files with Hidden Attributes :
Mon 28 Apr 2008 4,348 ..SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
Mon 20 Aug 2007 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp"
Finished!