report.txt

Jak usunąć System security protect your pc?

Prosze o sprawdzenie logów:


[b]SDFix: Version 1.240 [/b]
Run by Ala on 2009-03-10 at 07:53

Microsoft Windows XP [Wersja 5.1.2600]
Running From: C:\SDFix

[b]Checking Services [/b]:


Restoring Default Security Values
Restoring Default Hosts File

Rebooting


[b]Checking Files [/b]:

No Trojan Files Found






Removing Temp Files

[b]ADS Check [/b]:



[b]Final Check [/b]:

catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-03-10 07:59:27
Windows 5.1.2600 Dodatek Service Pack. 1 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_963A5FE4A87AFAE59E172FD886AAD950]
" NextInstance " =dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_963A5FE4A87AFAE59E172FD886AAD950\0000]
" Service " = " 963a5fe4a87afae59e172fd886aad950 "
" Legacy " =dword:00000001
" ConfigFlags " =dword:00000000
" Class " = " LegacyDriver "
" ClassGUID " = " {8ECC055D-047F-11D1-A537-0000F8753ED1} "
" DeviceDesc " = " 963a5fe4a87afae59e172fd886aad950 "
" Capabilities " =dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\963a5fe4a87afae59e172fd886aad950]
" c " = " & registry_path=\REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\963a5fe4a87afae59e172fd886aad950 & download_period=846000 & first_download_delay=180 & version=2 & ip_0=586742989 & port_0=7000 & max_fails_0=5 & ip_1=704183501 & port_1=8300 & max_fails_1=5 & ip_2=2241985741 & port_2=9002 & max_fails_2=2 & ip_3=1512966353 & port_3=11234 & max_fails_3=2 & ips_count=4 & name=963a5fe4a87afae59e172fd886aad950 & path=System32\963a5fe4a87afae59e172fd886aad950.sys & wmid=Dkx003 & idate=2009-03-08 17:00:34:037 & last_download_time=2009-3-8 17:3:34.696 & first_skip=1 "
" Type " =dword:00000001
" Start " =dword:00000000
" ErrorControl " =dword:00000000
" Tag " =dword:00000007
" ImagePath " =str(2): " System32\963a5fe4a87afae59e172fd886aad950.sys "
" DisplayName " = " 963a5fe4a87afae59e172fd886aad950 "
" Group " = " System Bus Extender "

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\963a5fe4a87afae59e172fd886aad950\Security]
" Security " =hex:01,00,14,80,90,00,00,00,9c,00,00,00,14,00,00,00,30,00,00,00,02,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg]
" s1 " =dword:2df9c43f
" s2 " =dword:110480d0
" h0 " =dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
" h0 " =dword:00000000
" khjeh " =hex:10,3e,9e,a9,29,57,c7,79,00,41,4d,61,45,0d,53,2c,f8,98,9e,06,27,..

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
" khjeh " =hex:3c,0c,fa,1c,2b,59,53,e9,3b,e0,c4,62,9d,f4,f4,51,d9,6d,ea,00,f7,..
" d0 " =dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
" khjeh " =hex:1d,7e,0c,50,ae,91,58,e6,35,af,2e,40,59,48,ba,ad,e4,99,81,0c,ca,..

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41]
" khjeh " =hex:31,51,f4,92,8d,0b,49,4e,2b,2b,46,79,d5,0f,fb,20,36,65,fa,cb,1f,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_963A5FE4A87AFAE59E172FD886AAD950]
" NextInstance " =dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_963A5FE4A87AFAE59E172FD886AAD950\0000]
" Service " = " 963a5fe4a87afae59e172fd886aad950 "
" Legacy " =dword:00000001
" ConfigFlags " =dword:00000000
" Class " = " LegacyDriver "
" ClassGUID " = " {8ECC055D-047F-11D1-A537-0000F8753ED1} "
" DeviceDesc " = " 963a5fe4a87afae59e172fd886aad950 "
" Capabilities " =dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\963a5fe4a87afae59e172fd886aad950]
" c " = " & registry_path=\REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\963a5fe4a87afae59e172fd886aad950 & download_period=846000 & first_download_delay=180 & version=2 & ip_0=586742989 & port_0=7000 & max_fails_0=5 & ip_1=704183501 & port_1=8300 & max_fails_1=5 & ip_2=2241985741 & port_2=9002 & max_fails_2=2 & ip_3=1512966353 & port_3=11234 & max_fails_3=2 & ips_count=4 & name=963a5fe4a87afae59e172fd886aad950 & path=System32\963a5fe4a87afae59e172fd886aad950.sys & wmid=Dkx003 & idate=2009-03-08 17:00:34:037 & last_download_time=2009-3-8 17:3:34.696 & first_skip=1 "
" Type " =dword:00000001
" Start " =dword:00000000
" ErrorControl " =dword:00000000
" Tag " =dword:00000007
" ImagePath " =str(2): " System32\963a5fe4a87afae59e172fd886aad950.sys "
" DisplayName " = " 963a5fe4a87afae59e172fd886aad950 "
" Group " = " System Bus Extender "

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\963a5fe4a87afae59e172fd886aad950\Security]
" Security " =hex:01,00,14,80,90,00,00,00,9c,00,00,00,14,00,00,00,30,00,00,00,02,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
" h0 " =dword:00000000
" khjeh " =hex:10,3e,9e,a9,29,57,c7,79,00,41,4d,61,45,0d,53,2c,f8,98,9e,06,27,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
" khjeh " =hex:3c,0c,fa,1c,2b,59,53,e9,3b,e0,c4,62,9d,f4,f4,51,d9,6d,ea,00,f7,..
" d0 " =dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
" khjeh " =hex:1d,7e,0c,50,ae,91,58,e6,35,af,2e,40,59,48,ba,ad,e4,99,81,0c,ca,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41]
" khjeh " =hex:31,51,f4,92,8d,0b,49,4e,2b,2b,46,79,d5,0f,fb,20,36,65,fa,cb,1f,..

scanning hidden registry entries ...

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Prefetcher]
" TracesProcessed " =dword:00000000
" TracesSuccessful " =dword:00000000
" LastTraceFailure " =dword:00000000

scanning hidden files ...

C:\WINDOWS\system32\_963a5fe4a87afae59e172fd886aad950.sys_.vir 39936 bytes executable
C:\WINDOWS\system32\963a5fe4a87afae59e172fd886aad950.sys 39936 bytes executable

scan completed successfully
hidden processes: 0
hidden services: 1
hidden files: 2


[b]Remaining Services [/b]:




Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[b]Remaining Files [/b]:



[b]Files with Hidden Attributes [/b]:

Fri 20 Sep 2002 91,136 A.SH. --- " C:\Program Files\Internet Explorer\IEXPLORE.EXE "
Fri 20 Sep 2002 57,856 A.SH. --- " C:\Program Files\Outlook Express\msimn.exe "
Wed 22 Oct 2008 949,072 A.SHR --- " C:\Program Files\Spybot - Search & Destroy\advcheck.dll "
Thu 14 Aug 2008 1,429,840 A.SHR --- " C:\Program Files\Spybot - Search & Destroy\SDUpdate.exe "
Wed 30 Jul 2008 4,891,984 A.SHR --- " C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe "
Wed 22 Oct 2008 962,896 A.SHR --- " C:\Program Files\Spybot - Search & Destroy\Tools.dll "
Thu 23 Mar 2006 4,348 ..SH. --- " C:\Documents and Settings\All Users\DRM\DRMv1.bak "
Thu 23 Mar 2006 401 ..SH. --- " C:\Documents and Settings\All Users\DRM\DRMv18.bak "
Mon 12 Feb 2007 3,096,576 A..H. --- " C:\Documents and Settings\Ala\Dane aplikacji\U3\temp\Launchpad Removal.exe "

[b]Finished![/b]


Pobierz plik - link do postu