SDFix: Version 1.132 Run by Administrator on 2008-01-28 at 22:40 Microsoft Windows XP [Wersja 5.1.2600] Running From: C:\SDFix Safe Mode: Checking Services: Restoring Windows Registry Values Restoring Windows Default Hosts File Rebooting... Normal Mode: Checking Files: No Trojan Files Found Removing Temp Files... ADS Check: Final Check: catchme 0.3.1344.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-01-28 22:47:42 Windows 5.1.2600 Dodatek Service Pack. 1 NTFS scanning hidden processes ... scanning hidden services & system hive ... [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg] "s1"=dword:2df9c43f "s2"=dword:110480d0 "h0"=dword:00000001 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4] "p0"="C:\Program Files\DAEMON Tools Lite\" "h0"=dword:00000000 "khjeh"=hex:98,d7,31,c2,12,da,17,19,47,fb,bd,05,54,0e,23,64,8c,53,8f,66,8a,.. [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001] "a0"=hex:20,01,00,00,78,24,d6,93,b9,db,f8,d2,70,96,9e,7b,bc,f0,f1,5c,5e,.. "khjeh"=hex:bc,76,0c,ed,12,f7,08,52,d6,3b,1e,76,56,91,8e,ac,2d,f2,01,6a,ef,.. [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40] "khjeh"=hex:28,a1,25,ff,d5,7c,76,37,28,ba,74,f7,f9,f7,2a,f7,ac,04,fa,bf,eb,.. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4] "p0"="C:\Program Files\DAEMON Tools Lite\" "h0"=dword:00000000 "khjeh"=hex:98,d7,31,c2,12,da,17,19,47,fb,bd,05,54,0e,23,64,8c,53,8f,66,8a,.. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001] "a0"=hex:20,01,00,00,78,24,d6,93,b9,db,f8,d2,70,96,9e,7b,bc,f0,f1,5c,5e,.. "khjeh"=hex:bc,76,0c,ed,12,f7,08,52,d6,3b,1e,76,56,91,8e,ac,2d,f2,01,6a,ef,.. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40] "khjeh"=hex:28,a1,25,ff,d5,7c,76,37,28,ba,74,f7,f9,f7,2a,f7,ac,04,fa,bf,eb,.. scanning hidden registry entries ... [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\A\1\5\1c] "Order"=hex:08,00,00,00,02,00,00,00,b8,01,00,00,01,00,00,00,04,00,00,00,8c,.. scanning hidden files ... scan completed successfully hidden processes: 0 hidden services: 0 hidden files: 0 Remaining Services: ------------------ Authorized Application Key Export: [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] Remaining Files: --------------- Files with Hidden Attributes: Finished!