Код:
SDFix: Version 1.240
Run by Hayk on 02.04.2010 at 23:37
Microsoft Windows XP [Version 5.1.2600]
Running From: C:\SDFix
Checking Services :
Restoring Default Security Values
Restoring Default Hosts File
Rebooting
Checking Files :
No Trojan Files Found
Removing Temp Files
ADS Check :
Final Check :
catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-04-02 22:50:06
Windows 5.1.2600 Service Pack 4 NTFS
scanning hidden processes ...
scanning hidden services & system hive ...
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_UJE3MJK3\0000]
"Service"="uje3mjk3"
"Legacy"=dword:00000001
"ConfigFlags"=dword:00000000
"Class"="LegacyDriver"
"ClassGUID"="{8ECC055D-047F-11D1-A537-0000F8753ED1}"
"DeviceDesc"="AVZ-SG Kernel Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_UTE3MJK3\0000]
"Service"="ute3mjk3"
"Legacy"=dword:00000001
"ConfigFlags"=dword:00000000
"Class"="LegacyDriver"
"ClassGUID"="{8ECC055D-047F-11D1-A537-0000F8753ED1}"
"DeviceDesc"="AVZ Kernel Driver"
"Capabilities"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_UZE3MJK3\0000]
"Service"="uze3mjk3"
"Legacy"=dword:00000001
"ConfigFlags"=dword:00000000
"Class"="LegacyDriver"
"ClassGUID"="{8ECC055D-047F-11D1-A537-0000F8753ED1}"
"DeviceDesc"="AVZ-RK Kernel Driver"
"Capabilities"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg]
"s1"=dword:2df9c43f
"s2"=dword:110480d0
"h0"=dword:00000002
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC]
"h0"=dword:00000001
"hdf12"=hex:e2,9d,7d,73,9d,34,dd,87,d7,1f,e0,b9,db,75,c2,96,e2,92,20,0b,10,..
"p0"="C:\Program Files\DAEMON Tools Lite\"
"u0"=hex:d4,c3,97,02,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001]
"hdf12"=hex:c2,e2,23,df,5f,d0,e4,a9,d6,80,42,40,29,44,f0,c4,a8,7d,9b,72,18,..
"a0"=hex:20,01,00,00,46,45,89,4a,89,51,78,65,ba,07,3f,d5,16,22,b8,f4,28,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0]
"hdf12"=hex:e6,9c,76,43,79,c8,c2,7c,8b,4b,ed,c0,c4,81,f4,0b,db,c3,1f,c5,b0,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1]
"hdf12"=hex:f2,57,fb,8e,32,86,ec,4c,f3,53,54,2a,21,eb,b9,d1,34,6c,5c,47,8e,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"h0"=dword:00000000
"khjeh"=hex:63,00,02,52,bd,e7,34,b8,74,c5,20,d0,15,1b,a4,b9,0d,a5,c1,38,85,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"khjeh"=hex:57,6d,8c,bb,50,56,fc,f3,df,74,9d,f1,fe,47,74,3c,5a,9e,fe,ab,e8,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:d8,3f,5f,56,7a,a9,e7,fe,7c,38,31,fe,24,42,5d,23,83,46,6b,2f,b9,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_UJE3MJK3\0000]
"Service"="uje3mjk3"
"Legacy"=dword:00000001
"ConfigFlags"=dword:00000000
"Class"="LegacyDriver"
"ClassGUID"="{8ECC055D-047F-11D1-A537-0000F8753ED1}"
"DeviceDesc"="AVZ-SG Kernel Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_UTE3MJK3\0000]
"Service"="ute3mjk3"
"Legacy"=dword:00000001
"ConfigFlags"=dword:00000000
"Class"="LegacyDriver"
"ClassGUID"="{8ECC055D-047F-11D1-A537-0000F8753ED1}"
"DeviceDesc"="AVZ Kernel Driver"
"Capabilities"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_UZE3MJK3\0000]
"Service"="uze3mjk3"
"Legacy"=dword:00000001
"ConfigFlags"=dword:00000000
"Class"="LegacyDriver"
"ClassGUID"="{8ECC055D-047F-11D1-A537-0000F8753ED1}"
"DeviceDesc"="AVZ-RK Kernel Driver"
"Capabilities"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC]
"h0"=dword:00000001
"hdf12"=hex:e2,9d,7d,73,9d,34,dd,87,d7,1f,e0,b9,db,75,c2,96,e2,92,20,0b,10,..
"p0"="C:\Program Files\DAEMON Tools Lite\"
"u0"=hex:d4,c3,97,02,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001]
"hdf12"=hex:c2,e2,23,df,5f,d0,e4,a9,d6,80,42,40,29,44,f0,c4,a8,7d,9b,72,18,..
"a0"=hex:20,01,00,00,46,45,89,4a,89,51,78,65,ba,07,3f,d5,16,22,b8,f4,28,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0]
"hdf12"=hex:e6,9c,76,43,79,c8,c2,7c,8b,4b,ed,c0,c4,81,f4,0b,db,c3,1f,c5,b0,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1]
"hdf12"=hex:f2,57,fb,8e,32,86,ec,4c,f3,53,54,2a,21,eb,b9,d1,34,6c,5c,47,8e,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"h0"=dword:00000000
"khjeh"=hex:63,00,02,52,bd,e7,34,b8,74,c5,20,d0,15,1b,a4,b9,0d,a5,c1,38,85,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"khjeh"=hex:57,6d,8c,bb,50,56,fc,f3,df,74,9d,f1,fe,47,74,3c,5a,9e,fe,ab,e8,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:d8,3f,5f,56,7a,a9,e7,fe,7c,38,31,fe,24,42,5d,23,83,46,6b,2f,b9,..
scanning hidden registry entries ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0
Remaining Services :
Authorized Application Key Export:
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Opera\\opera.exe"="C:\\Program Files\\Opera\\opera.exe:*:Enabled:Opera Internet Browser"
"C:\\Program Files\\Opera 9\\Opera.exe"="C:\\Program Files\\Opera 9\\Opera.exe:*:Enabled:Opera Internet Browser"
"C:\\WINDOWS\\system32\\PnkBstrA.exe"="C:\\WINDOWS\\system32\\PnkBstrA.exe:*:Enabled:PnkBstrA"
"C:\\WINDOWS\\system32\\PnkBstrB.exe"="C:\\WINDOWS\\system32\\PnkBstrB.exe:*:Enabled:PnkBstrB"
"C:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"="C:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe:*:Disabled:Call of Duty(R) 4 - Modern Warfare(TM) "
"G:\\Games\\Battlefield2-ArmoredFury\\BF2.exe"="G:\\Games\\Battlefield2-ArmoredFury\\BF2.exe:*:Enabled:BF2"
"G:\\Games\\Battlefield2-ArmoredFury\\BF2VoipServer.exe"="G:\\Games\\Battlefield2-ArmoredFury\\BF2VoipServer.exe:*:Enabled:BF2VoipServer"
"G:\\Games\\Battlefield2-ArmoredFury\\BF2VoipServer_w32ded.exe"="G:\\Games\\Battlefield2-ArmoredFury\\BF2VoipServer_w32ded.exe:*:Enabled:BF2VoipServer_w32ded"
"G:\\Games\\Battlefield2-IranConflict\\bf2_w32ded.exe"="G:\\Games\\Battlefield2-IranConflict\\bf2_w32ded.exe:*:Enabled:bf2_w32ded"
"C:\\Program Files\\EA GAMES\\Battlefield 2\\BF2.exe"="C:\\Program Files\\EA GAMES\\Battlefield 2\\BF2.exe:*:Enabled:Battlefield 2"
"C:\\Program Files\\Ubisoft\\Shaun White Snowboarding\\ShaunWhiteSnowboardingGame.exe"="C:\\Program Files\\Ubisoft\\Shaun White Snowboarding\\ShaunWhiteSnowboardingGame.exe:*:Enabled:ShaunWhiteSnowboardingGame"
"G:\\Install\\Xtreme-Counter-Strike-1.7-Final\\Xtreme Counter-Strike 1.6 Final\\Xtreme Counter-Strike 1.6 Final\\cstrike.exe"="G:\\Install\\Xtreme-Counter-Strike-1.7-Final\\Xtreme Counter-Strike 1.6 Final\\Xtreme Counter-Strike 1.6 Final\\cstrike.exe:*:Enabled:XTCS Counter-Strike 1.6 Final Release"
"G:\\Games\\HalfLife2\\hl2.exe"="G:\\Games\\HalfLife2\\hl2.exe:*:Enabled:hl2"
"G:\\Games\\Counter strike\\hl2.exe"="G:\\Games\\Counter strike\\hl2.exe:*:Enabled:hl2"
"C:\\Program Files\\DoubleB\\BBcat\\fcPSGRun.exe"="C:\\Program Files\\DoubleB\\BBcat\\fcPSGRun.exe:*:Enabled:Play Sex Game 1.17 HTTP emulator"
"G:\\Install\\Play-sex-game\\Play_sex_game\\crack\\fcPSGRun.exe"="G:\\Install\\Play-sex-game\\Play_sex_game\\crack\\fcPSGRun.exe:*:Enabled:Play Sex Game 1.17 HTTP emulator"
"G:\\Games\\Cossacs Art of War\\dmcr.exe"="G:\\Games\\Cossacs Art of War\\dmcr.exe:*:Enabled:dmcr"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
"C:\\Program Files\\Common Files\\Nokia\\Service Layer\\A\\nsl_host_process.exe"="C:\\Program Files\\Common Files\\Nokia\\Service Layer\\A\\nsl_host_process.exe:*:Disabled:Nokia Service Layer Host Process "
"C:\\Program Files\\Nokia\\Nokia Software Updater\\nsu_ui_client.exe"="C:\\Program Files\\Nokia\\Nokia Software Updater\\nsu_ui_client.exe:*:Enabled:Nokia Software Updater"
"C:\\Program Files\\Microsoft Games\\Microsoft Flight Simulator X\\fsx.exe"="C:\\Program Files\\Microsoft Games\\Microsoft Flight Simulator X\\fsx.exe:*:Enabled:Microsoft Flight SimulatorR"
"G:\\Games\\White Gold\\Xenus.exe"="G:\\Games\\White Gold\\Xenus.exe:*:Enabled:Executable"
"G:\\Games\\Vsk5\\Vsk5.exe"="G:\\Games\\Vsk5\\Vsk5.exe:*:Enabled:Vsk5"
"G:\\Games\\Hawx\\HAWX.exe"="G:\\Games\\Hawx\\HAWX.exe:*:Enabled:Tom Clancy's H.A.W.X"
"G:\\Games\\Hawx\\HAWX_dx10.exe"="G:\\Games\\Hawx\\HAWX_dx10.exe:*:Enabled:Tom Clancy's H.A.W.X"
"C:\\Program Files\\White Gold\\Xenus.exe"="C:\\Program Files\\White Gold\\Xenus.exe:*:Enabled:Executable"
"F:\\SOFPayback\\sof3.exe"="F:\\SOFPayback\\sof3.exe:*:Enabled:sof3"
"C:\\Program Files\\Garena\\Garena.exe"="C:\\Program Files\\Garena\\Garena.exe:*:Enabled:Garena"
"C:\\Program Files\\PPLive\\PPLive.exe"="C:\\Program Files\\PPLive\\PPLive.exe:*:Enabled:PPLive"
"C:\\Program Files\\TVAnts\\Tvants.exe"="C:\\Program Files\\TVAnts\\Tvants.exe:*:Enabled:TVAnts"
"C:\\Program Files\\Autodesk\\Backburner\\monitor.exe"="C:\\Program Files\\Autodesk\\Backburner\\monitor.exe:*:Enabled:backburner 2.3 monitor"
"C:\\Program Files\\Autodesk\\Backburner\\manager.exe"="C:\\Program Files\\Autodesk\\Backburner\\manager.exe:*:Enabled:backburner 2.3 manager"
"C:\\Program Files\\Autodesk\\Backburner\\server.exe"="C:\\Program Files\\Autodesk\\Backburner\\server.exe:*:Enabled:backburner 2.3 server"
"C:\\Program Files\\Autodesk\\3ds Max 2008\\3dsmax.exe"="C:\\Program Files\\Autodesk\\3ds Max 2008\\3dsmax.exe:*:Enabled:Autodesk 3ds Max 2008 32-bit"
"G:\\Games\\Battlefield2-PowerStrike\\BF2.exe"="G:\\Games\\Battlefield2-PowerStrike\\BF2.exe:*:Enabled:BF2"
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"="C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"="C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE:*:Enabled:Microsoft Office Groove"
"C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"="C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"
"G:\\Games\\RomeTotalWar\\RomeTW.exe"="G:\\Games\\RomeTotalWar\\RomeTW.exe:*:Enabled:Rome: Total War"
"C:\\Program Files\\Electronic Arts\\EADM\\Core.exe"="C:\\Program Files\\Electronic Arts\\EADM\\Core.exe:*:Enabled:EA Download Manager"
"F:\\Grand Theft Auto\\Rockstar Games Social Club\\RGSCLauncher.exe"="F:\\Grand Theft Auto\\Rockstar Games Social Club\\RGSCLauncher.exe:*:Enabled:Rockstar Games Social Club"
"F:\\GTA 4\\Rockstar Games Social Club\\RGSCLauncher.exe"="F:\\GTA 4\\Rockstar Games Social Club\\RGSCLauncher.exe:*:Enabled:Rockstar Games Social Club"
"C:\\Program Files\\Steam\\Steam.exe"="C:\\Program Files\\Steam\\Steam.exe:*:Enabled:Steam"
"F:\\ns\\Steam.exe"="F:\\ns\\Steam.exe:*:Enabled:Steam"
"F:\\Rockstar Games\\Rockstar Games Social Club\\RGSCLauncher.exe"="F:\\Rockstar Games\\Rockstar Games Social Club\\RGSCLauncher.exe:*:Enabled:Rockstar Games Social Club"
"F:\\GTA IV\\Grand Theft Auto IV\\LaunchGTAIV.exe"="F:\\GTA IV\\Grand Theft Auto IV\\LaunchGTAIV.exe:*:Enabled:Grand Theft Auto IV"
"F:\\GTA IV\\Grand Theft Auto IV\\GTAIV.exe"="F:\\GTA IV\\Grand Theft Auto IV\\GTAIV.exe:*:Enabled:Grand Theft Auto IV"
"G:\\Left 4 Dead 2\\Steam.exe"="G:\\Left 4 Dead 2\\Steam.exe:*:Enabled:Steam"
"G:\\Games\\Buccaneer\\T3D.exe"="G:\\Games\\Buccaneer\\T3D.exe:*:Enabled:Buccaneer: The Pursuit of Infamy"
"G:\\Games\\Burout - Paradise\\BurnoutLauncher.exe"="G:\\Games\\Burout - Paradise\\BurnoutLauncher.exe:*:Enabled:Burnout(TM) Paradise The Ultimate Box"
"G:\\Games\\Burout - Paradise\\BurnoutConfigTool.exe"="G:\\Games\\Burout - Paradise\\BurnoutConfigTool.exe:*:Enabled:Burnout(TM) Paradise The Ultimate Box"
"G:\\Games\\Burout - Paradise\\BurnoutParadise.exe"="G:\\Games\\Burout - Paradise\\BurnoutParadise.exe:*:Enabled:Burnout(TM) Paradise The Ultimate Box"
"C:\\Program Files\\Nokia\\Nokia Home Media Server\\Media Server\\twonkymedia.exe"="C:\\Program Files\\Nokia\\Nokia Home Media Server\\Media Server\\twonkymedia.exe:*:Enabled:TwonkyMedia"
"C:\\Program Files\\Nokia\\Nokia Home Media Server\\Media Server\\twonkymediaserver.exe"="C:\\Program Files\\Nokia\\Nokia Home Media Server\\Media Server\\twonkymediaserver.exe:*:Enabled:TwonkyMediaServer"
"G:\\Games\\Battlefield - Bad Company 2\\BFBC2Updater.exe"="G:\\Games\\Battlefield - Bad Company 2\\BFBC2Updater.exe:*:Enabled:Battlefield: Bad CompanyT 2"
"G:\\Games\\Ubisoft\\Far Cry 2\\bin\\FarCry2.exe"="G:\\Games\\Ubisoft\\Far Cry 2\\bin\\FarCry2.exe:*:Enabled:Far Cry 2"
"G:\\Games\\Ubisoft\\Far Cry 2\\bin\\FC2Launcher.exe"="G:\\Games\\Ubisoft\\Far Cry 2\\bin\\FC2Launcher.exe:*:Enabled:Far Cry 2 Updater"
"G:\\Games\\Ubisoft\\Far Cry 2\\bin\\FC2Editor.exe"="G:\\Games\\Ubisoft\\Far Cry 2\\bin\\FC2Editor.exe:*:Enabled:ђҐ¤*Єв®а"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
Remaining Files :
Files with Hidden Attributes :
Tue 4 Mar 2008 452 A..H. --- "C:\WINDOWS\Fix.reg"
Wed 28 Oct 2009 4,348 A.SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
Mon 8 Mar 2010 12,310,008 A..H. --- "C:\Program Files\Google\Picasa3\setup.exe"
Sun 22 Feb 2009 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp"
Wed 21 Oct 2009 73,980,062 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\622f16f43aa85c6f9c436d99020fa96f\BIT1A.tmp"
Mon 12 Feb 2007 3,096,576 A..H. --- "C:\Documents and Settings\Hayk\Application Data\U3\temp\Launchpad Removal.exe"
Finished!
|
