b]SDFix: Version 1.202 [/b]
Run by Jeroen Tub‚e on zo 06-07-2008 at 17:20
Microsoft Windows XP [versie 5.1.2600]
Running From: C:\SDFix
Checking Services :
Restoring Default Security Values
Restoring Default Hosts File
Restoring Default HomePage Value
Restoring Default Desktop Components Value
Restoring Default ScreenSaver value
Restoring Windows ProductId To Remove Fake Virus Alert
Rebooting
Checking Files :
Trojan Files Found:
C:\WINDOWS\SYSTEM32\BLPHCN~1.SCR - Deleted
C:\DOCUME~1\JEROEN~1\LOCALS~1\Temp\.tt13.tmp - Deleted
C:\DOCUME~1\JEROEN~1\LOCALS~1\Temp\.tt14.tmp - Deleted
C:\DOCUME~1\JEROEN~1\LOCALS~1\Temp\.tt17.tmp - Deleted
C:\DOCUME~1\JEROEN~1\LOCALS~1\Temp\.tt1A.tmp - Deleted
C:\DOCUME~1\JEROEN~1\LOCALS~1\Temp\.tt1B.tmp - Deleted
C:\DOCUME~1\JEROEN~1\LOCALS~1\Temp\.tt1D.tmp - Deleted
C:\DOCUME~1\JEROEN~1\LOCALS~1\Temp\.tt3.tmp - Deleted
C:\DOCUME~1\JEROEN~1\LOCALS~1\Temp\.tt4.tmp - Deleted
C:\DOCUME~1\JEROEN~1\LOCALS~1\Temp\.tt531E.tmp - Deleted
C:\DOCUME~1\JEROEN~1\LOCALS~1\Temp\.ttC2.tmp - Deleted
C:\WINDOWS\kgqfweltnfv.dll - Deleted
C:\WINDOWS\mrvtdpqe.exe - Deleted
C:\WINDOWS\system32\ntos.exe - Deleted
C:\WINDOWS\system32\wsnpoem\video.dll - Deleted
C:\Documents and Settings\Jeroen Tub‚e\Application Data\wsnpoem\audio.dll - Deleted
C:\WINDOWS\system32\wsnpoem\audio.dll - Deleted
Folder C:\Documents and Settings\Jeroen Tub‚e\Application Data\wsnpoem - Removed
Folder C:\WINDOWS\system32\wsnpoem - Removed
Removing Temp Files
ADS Check :
Final Check :
catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.net
Rootkit scan 2008-07-06 17:29:20
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden services & system hive ...
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"h0"=dword:00000000
"khjeh"=hex:a7,aa,b9,7f,e5,05,f3,2e,7c,cd,7e,15,cd,d8,39,fb,f0,a5,72,a7,18,..
"p0"="C:\Program Files\DAEMON Tools\"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,8c,96,30,ac,3d,61,36,02,ac,c0,f3,30,90,a8,6c,f1,82,..
"khjeh"=hex:07,30,44,ff,b5,2f,5d,66,dc,ef,0b,ff,ef,33,56,6e,fa,b6,f4,84,98,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:59,b7,78,08,53,94,13,01,4a,17,80,f0,03,d3,a1,e9,88,9e,5f,3a,ea,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"h0"=dword:00000000
"khjeh"=hex:a7,aa,b9,7f,e5,05,f3,2e,7c,cd,7e,15,cd,d8,39,fb,f0,a5,72,a7,18,..
"p0"="C:\Program Files\DAEMON Tools\"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,8c,96,30,ac,3d,61,36,02,ac,c0,f3,30,90,a8,6c,f1,82,..
"khjeh"=hex:07,30,44,ff,b5,2f,5d,66,dc,ef,0b,ff,ef,33,56,6e,fa,b6,f4,84,98,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:59,b7,78,08,53,94,13,01,4a,17,80,f0,03,d3,a1,e9,88,9e,5f,3a,ea,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg]
"s1"=dword:2df9c43f
"s2"=dword:110480d0
"h0"=dword:00000001
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"h0"=dword:00000000
"khjeh"=hex:a7,aa,b9,7f,e5,05,f3,2e,7c,cd,7e,15,cd,d8,39,fb,f0,a5,72,a7,18,..
"p0"="C:\Program Files\DAEMON Tools\"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,8c,96,30,ac,3d,61,36,02,ac,c0,f3,30,90,a8,6c,f1,82,..
"khjeh"=hex:07,30,44,ff,b5,2f,5d,66,dc,ef,0b,ff,ef,33,56,6e,fa,b6,f4,84,98,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:59,b7,78,08,53,94,13,01,4a,17,80,f0,03,d3,a1,e9,88,9e,5f,3a,ea,..
scanning hidden registry entries ...
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Prefetcher]
"TracesProcessed"=dword:00000097
"TracesSuccessful"=dword:00000006
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{09DC587F-3CC1-EA35-6D9B-6AC8A805700E}]
"iajomgfhlklopphjfa"=hex:6a,61,63,63,67,68,6e,69,68,61,64,67,68,63,65,70,67,6f,68,6a,00,..
"hapocpjldifhagnf"=hex:6a,61,63,63,67,68,6e,69,68,61,64,67,68,63,65,70,67,6f,68,6a,00,..
"iafmeolgdnbmokijio"=hex:63,61,67,63,6a,67,00,7c
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0
Remaining Services :
Authorized Application Key Export:
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"C:\\Program Files\\Xfire\\xfire.exe"="C:\\Program Files\\Xfire\\xfire.exe:*:Enabled:Xfire"
"F:\\Xfire\\xfire.exe"="F:\\Xfire\\xfire.exe:*:Enabled:Xfire"
"C:\\WINDOWS\\system32\\PnkBstrA.exe"="C:\\WINDOWS\\system32\\PnkBstrA.exe:*:Enabled:PnkBstrA"
"C:\\WINDOWS\\system32\\PnkBstrB.exe"="C:\\WINDOWS\\system32\\PnkBstrB.exe:*:Enabled:PnkBstrB"
"F:\\mIRC\\mirc.exe"="F:\\mIRC\\mirc.exe:*:Enabled:mIRC"
"F:\\Limewire\\LimeWire Plus\\LimeWire.exe"="F:\\Limewire\\LimeWire Plus\\LimeWire.exe:*:Enabled:LimeWire"
"F:\\All-in-one\\Digital Imaging\\bin\\hpqtra08.exe"="F:\\All-in-one\\Digital Imaging\\bin\\hpqtra08.exe:*:Enabled:hpqtra08.exe"
"F:\\All-in-one\\Digital Imaging\\bin\\hpqste08.exe"="F:\\All-in-one\\Digital Imaging\\bin\\hpqste08.exe:*:Enabled:hpqste08.exe"
"F:\\All-in-one\\Digital Imaging\\bin\\hpofxm08.exe"="F:\\All-in-one\\Digital Imaging\\bin\\hpofxm08.exe:*:Enabled:hpofxm08.exe"
"F:\\All-in-one\\Digital Imaging\\bin\\hposfx08.exe"="F:\\All-in-one\\Digital Imaging\\bin\\hposfx08.exe:*:Enabled:hposfx08.exe"
"F:\\All-in-one\\Digital Imaging\\bin\\hposid01.exe"="F:\\All-in-one\\Digital Imaging\\bin\\hposid01.exe:*:Enabled:hposid01.exe"
"F:\\All-in-one\\Digital Imaging\\bin\\hpqscnvw.exe"="F:\\All-in-one\\Digital Imaging\\bin\\hpqscnvw.exe:*:Enabled:hpqscnvw.exe"
"F:\\All-in-one\\Digital Imaging\\bin\\hpqkygrp.exe"="F:\\All-in-one\\Digital Imaging\\bin\\hpqkygrp.exe:*:Enabled:hpqkygrp.exe"
"F:\\All-in-one\\Digital Imaging\\bin\\hpqCopy.exe"="F:\\All-in-one\\Digital Imaging\\bin\\hpqCopy.exe:*:Enabled:hpqcopy.exe"
"F:\\All-in-one\\Digital Imaging\\bin\\hpfccopy.exe"="F:\\All-in-one\\Digital Imaging\\bin\\hpfccopy.exe:*:Enabled:hpfccopy.exe"
"F:\\All-in-one\\Digital Imaging\\bin\\hpzwiz01.exe"="F:\\All-in-one\\Digital Imaging\\bin\\hpzwiz01.exe:*:Enabled:hpzwiz01.exe"
"F:\\All-in-one\\Digital Imaging\\Unload\\HpqPhUnl.exe"="F:\\All-in-one\\Digital Imaging\\Unload\\HpqPhUnl.exe:*:Enabled:hpqphunl.exe"
"F:\\All-in-one\\Digital Imaging\\Unload\\HpqDIA.exe"="F:\\All-in-one\\Digital Imaging\\Unload\\HpqDIA.exe:*:Enabled:hpqdia.exe"
"F:\\All-in-one\\Digital Imaging\\bin\\hpoews01.exe"="F:\\All-in-one\\Digital Imaging\\bin\\hpoews01.exe:*:Enabled:hpoews01.exe"
"F:\\Call of Duty 2\\CoD2MP_s.exe"="F:\\Call of Duty 2\\CoD2MP_s.exe:*:Enabled:CoD2MP_s"
"F:\\Call of Duty 1 + UO\\CoDUOMP.exe"="F:\\Call of Duty 1 + UO\\CoDUOMP.exe:*:Enabled:CoDUOMP"
"D:\\setup\\HPZNET01.EXE"="D:\\setup\\HPZNET01.EXE:*:Enabled:hpznet01.exe"
"D:\\setup\\HPONICIFS01.EXE"="D:\\setup\\HPONICIFS01.EXE:*:Enabled:hponicifs01.exe"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"="C:\\Program Files\\Mozilla Firefox\\firefox.exe:*:Enabled:Firefox"
"C:\\Program Files\\Internet Explorer\\iexplore.exe"="C:\\Program Files\\Internet Explorer\\iexplore.exe:*:Enabled:Internet Explorer"
"C:\\Program Files\\Nero\\Nero8\\Nero Home\\NeroHome.exe"="C:\\Program Files\\Nero\\Nero8\\Nero Home\\NeroHome.exe:*:Enabled:Nero Home"
"F:\\Counter Strike\\Counter-Strike Source\\hl2.exe"="F:\\Counter Strike\\Counter-Strike Source\\hl2.exe:*:Enabled:hl2"
"F:\\Nieuwe map\\TrackMania Nations ESWC\\TmNationsESWC.exe"="F:\\Nieuwe map\\TrackMania Nations ESWC\\TmNationsESWC.exe:*:Enabled:TmNationsESWC"
"F:\\Flat Out 2\\flatout2.exe"="F:\\Flat Out 2\\flatout2.exe:*:Enabled:flatout2"
"C:\\Program Files\\Microsoft Games\\Rise of Nations\\rise.exe"="C:\\Program Files\\Microsoft Games\\Rise of Nations\\rise.exe:*:Enabled:Rise of Nations"
"C:\\Program Files\\Microsoft Games\\Rise of Nations\\nations.exe"="C:\\Program Files\\Microsoft Games\\Rise of Nations\\nations.exe:*:Enabled:Rise of Nations"
"C:\\Documents and Settings\\All Users\\Documenten\\Call of Duty 1 + UO\\CoDMP.exe"="C:\\Documents and Settings\\All Users\\Documenten\\Call of Duty 1 + UO\\CoDMP.exe:*:Enabled:CoDMP"
"F:\\Call of Duty 1 + UO\\CoDMP.exe"="F:\\Call of Duty 1 + UO\\CoDMP.exe:*:Enabled:CoDMP"
"C:\\Program Files\\uTorrent\\uTorrent.exe"="C:\\Program Files\\uTorrent\\uTorrent.exe:*:Enabled:æTorrent"
"C:\\WINDOWS\\system32\\dpvsetup.exe"="C:\\WINDOWS\\system32\\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test"
"C:\\WINDOWS\\system32\\rundll32.exe"="C:\\WINDOWS\\system32\\rundll32.exe:*:Enabled:Een DLL-bestand als toepassing starten"
"F:\\Warcraft III Reign of Chaos, The Frozen Throne +Patch War3TFT_121a_English +Crack +Keygen\\Warcraft III\\Warcraft III.exe"="F:\\Warcraft III Reign of Chaos, The Frozen Throne +Patch War3TFT_121a_English +Crack +Keygen\\Warcraft III\\Warcraft III.exe:*:Enabled:Warcraft III"
"F:\\Warcraft installatie map\\Warcraft III\\Warcraft III.exe"="F:\\Warcraft installatie map\\Warcraft III\\Warcraft III.exe:*:Enabled:Warcraft III"
"F:\\Frontlines\\Binaries\\FFOW.exe"="F:\\Frontlines\\Binaries\\FFOW.exe:*:Enabled:Frontlines Game"
"F:\\Firefox downloads\\utorrent.exe"="F:\\Firefox downloads\\utorrent.exe:*:Enabled:æTorrent"
"C:\\Program Files\\Sports Interactive\\Football Manager 2008\\fm.exe"="C:\\Program Files\\Sports Interactive\\Football Manager 2008\\fm.exe:*:Enabled:Football Manager 2008"
"C:\\Program Files\\Hitman Pro\\wget.exe"="C:\\Program Files\\Hitman Pro\\wget.exe:*:Enabled:wget"
"F:\\Applicatie's\\Xfire\\xfire.exe"="F:\\Applicatie's\\Xfire\\xfire.exe:*:Enabled:Xfire"
"F:\\Applicatie's\\mIRC\\mirc.exe"="F:\\Applicatie's\\mIRC\\mirc.exe:*:Enabled:mIRC"
"F:\\Gaming\\Counter Strike 1.6\\hl.exe"="F:\\Gaming\\Counter Strike 1.6\\hl.exe:*:Enabled:Half-Life Launcher"
"F:\\Applicatie's\\Limewire\\LimeWire Plus\\LimeWire.exe"="F:\\Applicatie's\\Limewire\\LimeWire Plus\\LimeWire.exe:*:Enabled:LimeWire"
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"="C:\\Program Files\\Bonjour\\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
"C:\\WINDOWS\\PCHealth\\HelpCtr\\Binaries\\helpctr.exe"="C:\\WINDOWS\\PCHealth\\HelpCtr\\Binaries\\helpctr.exe:*:Enabled:Hulp op afstand - Windows Messenger en spraak"
"C:\\Program Files\\Steam\\Steam.exe"="C:\\Program Files\\Steam\\Steam.exe:*:Enabled:Steam"
"C:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"="C:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe:*:Enabled:Call of Duty(R) 4 - Modern Warfare(TM) "
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
Remaining Files :
File Backups: - C:\SDFix\backups\backups.zip
Files with Hidden Attributes :
Mon 28 Jan 2008 1,404,240 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\SDUpdate.exe"
Mon 28 Jan 2008 5,146,448 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe"
Mon 28 Jan 2008 2,097,488 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe"
Fri 30 Nov 2007 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp"
Sat 9 Feb 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\523d056929e13eacf8392044f602e53e\BIT12C.tmp"
Wed 7 May 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\9ace568958858279a6c5830b433e310b\BIT10.tmp"
Mon 12 Feb 2007 3,096,576 A..H. --- "C:\Documents and Settings\Jeroen Tub‚e\Application Data\U3\temp\Launchpad Removal.exe"
Finished!
![[RSS]](http://tweakimg.net/g/if/v2/icons/rss_small.gif){kind=icon}
![[view]](images/icons/view.gif "Bekijk bericht"){kind=icon}
![[quote]](images/icons/oldquote.gif "Quote bericht - Bericht is meer dan 4 weken oud!"){kind=icon}
Door: 
Misschien dat jij niet in staat bent om iets geheel te verwijderen, maar ik heb daar nooit écht problemen mee gehad.