[b]SDFix: Version 1.237 [/b] Run by Artur on 2008-10-24 at 18:09 Microsoft Windows XP [Wersja 5.1.2600] Running From: C:\SDFix [b]Checking Services [/b]: Restoring Default Security Values Restoring Default Hosts File Rebooting [b]Checking Files [/b]: Trojan Files Found: C:\WINDOWS\SYSTEM32\NHATQU~1.EXE - Deleted C:\WINDOWS\SYSTEM32\SCVHSOT.EXE - Deleted C:\WINDOWS\SYSTEM32\TEST1.EXE - Deleted C:\Documents and Settings\Artur\Dane aplikacji\Facegame\Facegame.exe - Deleted C:\Temp\xp34\cPH.log - Deleted C:\Program Files\Mjcore\Mjcore.dll - Deleted C:\Program Files\Common Files\Yazzle3090OinUninstaller.exe - Deleted C:\WINDOWS\lsass.exe - Deleted C:\WINDOWS\system32\msnav32.ax - Deleted C:\WINDOWS\system32\pac.txt - Deleted C:\WINDOWS\system32\scvhsot.exe - Deleted C:\WINDOWS\system32\setting.ini - Deleted C:\WINDOWS\system32\SCVHSOT.exe - Deleted C:\WINDOWS\system32\zxdnt3d.cfg - Deleted Folder C:\Documents and Settings\Artur\Dane aplikacji\Facegame - Removed Folder C:\Program Files\Mjcore - Removed Folder C:\Temp\xp34 - Removed Removing Temp Files [b]ADS Check [/b]: [b]Final Check [/b]: catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-10-24 18:17:53 Windows 5.1.2600 Dodatek Service Pack 2 NTFS scanning hidden processes ... scanning hidden services & system hive ... scanning hidden registry entries ... scanning hidden files ... scan completed successfully hidden processes: 0 hidden services: 0 hidden files: 0 [b]Remaining Services [/b]: Authorized Application Key Export: [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "C:\\Program Files\\BearShare\\BearShare.exe"="C:\\Program Files\\BearShare\\BearShare.exe:*:Disabled:BearShare" "C:\\Program Files\\Valve\\hl.exe"="C:\\Program Files\\Valve\\hl.exe:*:Disabled:Half-Life Launcher" "C:\\Program Files\\Gadu-Gadu\\gg.exe"="C:\\Program Files\\Gadu-Gadu\\gg.exe:*:Enabled:Gadu-Gadu - program gˆ¢wny" "C:\\Program Files\\LimeWire\\LimeWire.exe"="C:\\Program Files\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire" "C:\\Program Files\\8BallClub\\GameDirector.exe"="C:\\Program Files\\8BallClub\\GameDirector.exe:*:Enabled:8BallClub Game" "C:\\Program Files\\MySpace\\IM\\MySpaceIM.exe"="C:\\Program Files\\MySpace\\IM\\MySpaceIM.exe:*:Enabled:MySpaceIM" [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" [b]Remaining Files [/b]: File Backups: - C:\SDFix\backups\backups.zip [b]Files with Hidden Attributes [/b]: Sat 5 Apr 2008 4,348 ..SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak" Fri 24 Oct 2008 0 A..H. --- "C:\Documents and Settings\Artur\Pulpit\setup_sbd_en.exe" Fri 3 Oct 2008 1,849,723 A..H. --- "C:\Program Files\8BallClub\Updates\3.10\BIT1C.tmp" Fri 3 Oct 2008 390,230 A..H. --- "C:\Program Files\8BallClub\Updates\3.10\BIT1D.tmp" Fri 3 Oct 2008 859,632 A..H. --- "C:\Program Files\8BallClub\Updates\3.10\BIT1E.tmp" [b]Finished![/b]