SDFix: Version 1.115 Run by Administrator on 07-11-25 at 18:59 Microsoft Windows XP [Wersja 5.1.2600] Running From: C:\SDFix Safe Mode: Checking Services: Name: Distributed Allocated Memory Unit MSN RAV Path: "C:\WINDOWS\system32\dllcache\mravsc32.exe" "C:\WINDOWS\system\msnrav.exe" Distributed Allocated Memory Unit - Deleted MSN RAV - Deleted Restoring Windows Registry Values Restoring Windows Default Hosts File Rebooting... Normal Mode: Checking Files: Trojan Files Found: C:\WINDOWS\SYSTEM32\SYSTEM~2.EXE - Deleted C:\WINDOWS\system\msnrav.exe - Deleted C:\WINDOWS\system32\dllcache\mravsc32.exe - Deleted C:\WINDOWS\system32\i - Deleted C:\WINDOWS\system32\service.exe - Deleted C:\WINDOWS\system32\systembin.exe - Deleted C:\WINDOWS\system32\TFTP1104 - Deleted C:\WINDOWS\system32\TFTP2020 - Deleted C:\WINDOWS\system32\TFTP2076 - Deleted C:\WINDOWS\system32\TFTP272 - Deleted C:\WINDOWS\system32\TFTP388 - Deleted C:\WINDOWS\system32\TFTP940 - Deleted C:\WINDOWS\system32\TFTP972 - Deleted C:\WINDOWS\system32\u.exe - Deleted Removing Temp Files... ADS Check: C:\WINDOWS No streams found. C:\WINDOWS\system32 No streams found. C:\WINDOWS\system32\svchost.exe No streams found. C:\WINDOWS\system32\ntoskrnl.exe No streams found. Final Check: catchme 0.3.1262.1 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2007-11-25 20:15:31 Windows 5.1.2600 NTFS scanning hidden processes ... scanning hidden services & system hive ... scanning hidden registry entries ... [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\A\1\5\1c] "Order"=hex:08,00,00,00,02,00,00,00,b8,01,00,00,01,00,00,00,04,00,00,00,8c,.. scanning hidden files ... scan completed successfully hidden processes: 0 hidden services: 0 hidden files: 0 Remaining Services: ------------------ Authorized Application Key Export: [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] "C:\\WINDOWS\\System32\\upds.exe"="C:\\WINDOWS\\System32\\upds.exe:*:Enabled:Windows System Update Tools" "C:\\WINDOWS\\System32\\wbem\\scrcons32.exe"="C:\\WINDOWS\\System32\\wbem\\scrcons32.exe:*:Enabled:WMI Standard Event Consumer - Scripting" Remaining Files: --------------- File Backups: - C:\SDFix\backups\backups.zip Files with Hidden Attributes: Tue 20 Nov 2007 918,045 A..H. --- "C:\DH Temp.tmp" Finished!