My computer is still infected
SD FIX report
Started by
suzyokubo
, Jun 27 2008 01:40 AM
#1
Posted 27 June 2008 - 01:40 AM
My computer is still infected
#2
Posted 27 June 2008 - 01:43 AM
SDFix: Version 1.194
Run by Owner on Fri 06/27/2008 at 07:41 AM
Microsoft Windows XP [Version 5.1.2600]
Running From: C:\DOCUME~1\Owner\F245~1\SDFix
Checking Services :
Restoring Windows Registry Values
Restoring Windows Default Hosts File
Rebooting
Checking Files :
No Trojan Files Found
Removing Temp Files
ADS Check :
Final Check :
catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-27 08:04:01
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden services & system hive ...
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\Descriptions]
"\xf892\5\5\x5c0\5\xf891\5 ?\x5c0\5\5״\5׀\5\x5f4\5 ?\xf892\5נ\5\xf88d\5״\5 ?P?C?I? ?\xf892\5\x5c1\5ס\5ׁ\5ׁ\5 ?D?P?8?3?8?1?5? ?\5\xf890\5 ?N?a?t?i?o?n?a?l? ?S?e?m?i?c?o?n?d?u?c?t?o?r?"=str(7):"1\0"
"\xf88d\5ײ\5\xf88d\5\x5c0\5\5 ?\x5c0\5\xf88d\5׀\5װ\5״\5\x5c0\5-?\x5c0\5\x5c3\5ס\5\xf891\5"=str(7):"1\0"
"\xf892\5\5\x5c0\5\xf891\5 ?\16 1?3?9?4? ?N?e?t?\16 "=str(7):"1\0"
"\xf892\5\5\x5c0\5\xf891\5 ?A?s?y?n?c? ?\5\xf890\5 ?R?A?S?"=str(7):"1\0"
"\xf892\5\xf88d\5׀\5\xf88d\5-?\xf88d\5ײ\5\xf88d\5\x5c0\5נ\5 ?\5\xf890\5 ?\xf892\5\5ע\5\xf892\5\xf893\5 ?\xf892\5׀\5ס\5\5"=str(7):"1\0002\0003\0"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\lanmanserver\Shares]
"\xf892\5\x5c3\5װ\5ׁ\5\5"=str(7):"CSCFlags=0\0MaxUses=4294967295\0Path=Microsoft Office Document Image Writer,LocalsplOnly\0Permissions=0\0Remark=Microsoft Office Document Image Writer\0Type=1\0"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\Descriptions]
"\xf892\5\5\x5c0\5\xf891\5 ?\x5c0\5\5״\5׀\5\x5f4\5 ?\xf892\5נ\5\xf88d\5״\5 ?P?C?I? ?\xf892\5\x5c1\5ס\5ׁ\5ׁ\5 ?D?P?8?3?8?1?5? ?\5\xf890\5 ?N?a?t?i?o?n?a?l? ?S?e?m?i?c?o?n?d?u?c?t?o?r?"=str(7):"1\0"
"\xf88d\5ײ\5\xf88d\5\x5c0\5\5 ?\x5c0\5\xf88d\5׀\5װ\5״\5\x5c0\5-?\x5c0\5\x5c3\5ס\5\xf891\5"=str(7):"1\0"
"\xf892\5\5\x5c0\5\xf891\5 ?\16 1?3?9?4? ?N?e?t?\16 "=str(7):"1\0"
"\xf892\5\5\x5c0\5\xf891\5 ?A?s?y?n?c? ?\5\xf890\5 ?R?A?S?"=str(7):"1\0"
"\xf892\5\xf88d\5׀\5\xf88d\5-?\xf88d\5ײ\5\xf88d\5\x5c0\5נ\5 ?\5\xf890\5 ?\xf892\5\5ע\5\xf892\5\xf893\5 ?\xf892\5׀\5ס\5\5"=str(7):"1\0002\0003\0004\0"
"נ\5\5׳\5\xf893\5 ?B?l?u?e?t?o?o?t?h? ?(?״\5\5\5 ?\5׳\5\5ס\5״\5\5 ?\x5c0\5\xf88d\5\5\xf88d\5\5)?"=str(7):"1\0"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\00025b013a34]
"000e7b2ac2f7"=hex:7c,f7,1d,0e,3f,54,24,97,40,57,3c,ec,0b,38,ec,a1
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\lanmanserver\Shares]
"\xf892\5\x5c3\5װ\5ׁ\5\5"=str(7):"CSCFlags=0\0MaxUses=4294967295\0Path=Microsoft Office Document Image Writer,LocalsplOnly\0Permissions=0\0Remark=Microsoft Office Document Image Writer\0Type=1\0"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\Descriptions]
"\xf892\5\5\x5c0\5\xf891\5 ?\x5c0\5\5״\5׀\5\x5f4\5 ?\xf892\5נ\5\xf88d\5״\5 ?P?C?I? ?\xf892\5\x5c1\5ס\5ׁ\5ׁ\5 ?D?P?8?3?8?1?5? ?\5\xf890\5 ?N?a?t?i?o?n?a?l? ?S?e?m?i?c?o?n?d?u?c?t?o?r?"=str(7):"1\0"
"\xf88d\5ײ\5\xf88d\5\x5c0\5\5 ?\x5c0\5\xf88d\5׀\5װ\5״\5\x5c0\5-?\x5c0\5\x5c3\5ס\5\xf891\5"=str(7):"1\0"
"\xf892\5\5\x5c0\5\xf891\5 ?\16 1?3?9?4? ?N?e?t?\16 "=str(7):"1\0"
"\xf892\5\5\x5c0\5\xf891\5 ?A?s?y?n?c? ?\5\xf890\5 ?R?A?S?"=str(7):"1\0"
"\xf892\5\xf88d\5׀\5\xf88d\5-?\xf88d\5ײ\5\xf88d\5\x5c0\5נ\5 ?\5\xf890\5 ?\xf892\5\5ע\5\xf892\5\xf893\5 ?\xf892\5׀\5ס\5\5"=str(7):"1\0002\0003\0004\0"
"נ\5\5׳\5\xf893\5 ?B?l?u?e?t?o?o?t?h? ?(?״\5\5\5 ?\5׳\5\5ס\5״\5\5 ?\x5c0\5\xf88d\5\5\xf88d\5\5)?"=str(7):"1\0"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\00025b013a34]
"000e7b2ac2f7"=hex:7c,f7,1d,0e,3f,54,24,97,40,57,3c,ec,0b,38,ec,a1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\lanmanserver\Shares]
"\xf892\5\x5c3\5װ\5ׁ\5\5"=str(7):"CSCFlags=0\0MaxUses=4294967295\0Path=Microsoft Office Document Image Writer,LocalsplOnly\0Permissions=0\0Remark=Microsoft Office Document Image Writer\0Type=1\0"
scanning hidden registry entries ...
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Control Panel\Cursors\Schemes]
"\x5c1\5״\5\xf88d\5״\5\5 ?\xf892\5\x5f3\5\x5c3\5\xf890\5 ?\5\xf890\5 ?W?i?n?d?o?w?s?"="",,,,,,,,,,,,,""
"נ\5׀\5װ\5\5נ\5 ?\5\xf890\5 ?W?i?n?d?o?w?s?"=""C:\WINDOWS\Cursors\rainbow.ani,,C:\WINDOWS\Cursors\appstart.ani,C:\WINDOWS\Cursors\hourglas.ani,C:\WINDOWS\Cursors\cross.cur,,,,C:\WINDOWS\Cursors\sizens.ani,C:\WINDOWS\Cursors\sizewe.ani,C:\WINDOWS\Cursors\sizenwse.ani,C:\WINDOWS\Cursors\sizenesw.ani,,""
"\xf890\5\x5c1\5\xf893\5 ?\5\xf890\5\5-?\xf892\5\xf88d\5\xf892\5\x5c3\5\xf88d\5"=""C:\WINDOWS\Cursors\3dwarro.cur,,C:\WINDOWS\Cursors\appstar3.ani,C:\WINDOWS\Cursors\hourgla3.ani,C:\WINDOWS\Cursors\cross.cur,,,C:\WINDOWS\Cursors\3dwno.cur,C:\WINDOWS\Cursors\3dwns.cur,C:\WINDOWS\Cursors\3dwwe.cur,C:\WINDOWS\Cursors\3dwnwse.cur,C:\WINDOWS\Cursors\3dwnesw.cur,C:\WINDOWS\Cursors\3dwmove.cur,""
"\xf88d\5\x5c3\5\xf88d\5\xf88d\5\xf891\5 ?1?"=""C:\WINDOWS\Cursors\harrow.cur,,C:\WINDOWS\Cursors\handapst.ani,C:\WINDOWS\Cursors\hand.ani,C:\WINDOWS\Cursors\hcross.cur,C:\WINDOWS\Cursors\hibeam.cur,,C:\WINDOWS\Cursors\hnodrop.cur,C:\WINDOWS\Cursors\hns.cur,C:\WINDOWS\Cursors\hwe.cur,C:\WINDOWS\Cursors\hnwse.cur,C:\WINDOWS\Cursors\hnesw.cur,C:\WINDOWS\Cursors\hmove.cur,""
"\xf88d\5\x5c3\5\xf88d\5\xf88d\5\xf891\5 ?2?"=""C:\WINDOWS\Cursors\harrow.cur,,C:\WINDOWS\Cursors\handapst.ani,C:\WINDOWS\Cursors\handwait.ani,C:\WINDOWS\Cursors\hcross.cur,C:\WINDOWS\Cursors\hibeam.cur,,C:\WINDOWS\Cursors\handno.ani,C:\WINDOWS\Cursors\handns.ani,C:\WINDOWS\Cursors\handwe.ani,C:\WINDOWS\Cursors\handnwse.ani,C:\WINDOWS\Cursors\handnesw.ani,C:\WINDOWS\Cursors\hmove.cur,""
"\x5c3\5\xf88d\5׀\5ס\5ע\5\x5c0\5ס\5״\5"=""C:\WINDOWS\Cursors\3dgarro.cur,,C:\WINDOWS\Cursors\dinosaur.ani,C:\WINDOWS\Cursors\dinosau2.ani,C:\WINDOWS\Cursors\cross.cur,,,C:\WINDOWS\Cursors\banana.ani,C:\WINDOWS\Cursors\3dsns.cur,C:\WINDOWS\Cursors\3dgwe.cur,C:\WINDOWS\Cursors\3dsnwse.cur,C:\WINDOWS\Cursors\3dgnesw.cur,C:\WINDOWS\Cursors\3dsmove.cur,""
"ׁ\5\x5c2\5׀\5ס\5\xf893\5 ?\xf892\5\xf88d\5ס\5\5\xf893\5"=""C:\WINDOWS\Cursors\harrow.cur,,C:\WINDOWS\Cursors\horse.ani,C:\WINDOWS\Cursors\barber.ani,C:\WINDOWS\Cursors\hcross.cur,C:\WINDOWS\Cursors\hibeam.cur,,C:\WINDOWS\Cursors\coin.ani,C:\WINDOWS\Cursors\3dgns.cur,C:\WINDOWS\Cursors\3dgwe.cur,C:\WINDOWS\Cursors\3dgnwse.cur,C:\WINDOWS\Cursors\3dgnesw.cur,C:\WINDOWS\Cursors\3dgmove.cur,""
"\xf892\5׀\5ײ\5\x5f3\5"=""C:\WINDOWS\Cursors\harrow.cur,,C:\WINDOWS\Cursors\drum.ani,C:\WINDOWS\Cursors\metronom.ani,C:\WINDOWS\Cursors\hcross.cur,C:\WINDOWS\Cursors\hibeam.cur,,C:\WINDOWS\Cursors\piano.ani,C:\WINDOWS\Cursors\hns.cur,C:\WINDOWS\Cursors\hwe.cur,C:\WINDOWS\Cursors\hnwse.cur,C:\WINDOWS\Cursors\hnesw.cur,C:\WINDOWS\Cursors\hmove.cur,""
"\xf892\5ס\5\x5c2\5\x5c3\5\xf890\5"=""C:\WINDOWS\Cursors\larrow.cur,,C:\WINDOWS\Cursors\lappstrt.cur,C:\WINDOWS\Cursors\lwait.cur,C:\WINDOWS\Cursors\lcross.cur,C:\WINDOWS\Cursors\libeam.cur,,C:\WINDOWS\Cursors\lnodrop.cur,C:\WINDOWS\Cursors\lns.cur,C:\WINDOWS\Cursors\lwe.cur,C:\WINDOWS\Cursors\lnwse.cur,C:\WINDOWS\Cursors\lnesw.cur,C:\WINDOWS\Cursors\lmove.cur,""
"\5\xf88d\5׀\5ס\5\xf88d\5\xf88d\5\xf891\5"=""C:\WINDOWS\Cursors\fillitup.ani,,C:\WINDOWS\Cursors\raindrop.ani,C:\WINDOWS\Cursors\counter.ani,C:\WINDOWS\Cursors\cross.cur,,,C:\WINDOWS\Cursors\wagtail.ani,C:\WINDOWS\Cursors\sizens.ani,C:\WINDOWS\Cursors\sizewe.ani,C:\WINDOWS\Cursors\sizenwse.ani,C:\WINDOWS\Cursors\sizenesw.ani,""
"\x5c0\5״\5\x5c3\5 ?\5\xf890\5\5-?\xf892\5\xf88d\5\xf892\5\x5c3\5\xf88d\5"=""C:\WINDOWS\Cursors\3dgarro.cur,,C:\WINDOWS\Cursors\appstar2.ani,C:\WINDOWS\Cursors\hourgla2.ani,C:\WINDOWS\Cursors\cross.cur,,,C:\WINDOWS\Cursors\3dgno.cur,C:\WINDOWS\Cursors\3dgns.cur,C:\WINDOWS\Cursors\3dgwe.cur,C:\WINDOWS\Cursors\3dgnwse.cur,C:\WINDOWS\Cursors\3dgnesw.cur,C:\WINDOWS\Cursors\3dgmove.cur,""
"\5\x5f3\5ס\5״\5 ?\5\xf890\5 ?W?i?n?d?o?w?s? ?"="C:\WINDOWS\cursors\arrow_r.cur,C:\WINDOWS\cursors\help_r.cur,C:\WINDOWS\cursors\wait_r.cur,C:\WINDOWS\cursors\busy_r.cur,C:\WINDOWS\cursors\cross_r.cur,C:\WINDOWS\cursors\beam_r.cur,C:\WINDOWS\cursors\pen_r.cur,C:\WINDOWS\cursors\no_r.cur,C:\WINDOWS\cursors\size4_r.cur,C:\WINDOWS\cursors\size3_r.cur,C:\WINDOWS\cursors\size2_r.cur,C:\WINDOWS\cursors\size1_r.cur,C:\WINDOWS\cursors\move_r.cur,C:\WINDOWS\cursors\up_r.cur"
"\5\x5f3\5ס\5״\5 ?\5\xf890\5 ?W?i?n?d?o?w?s? ?(?\x5c2\5\x5c3\5ס\5\xf890\5)?"="C:\WINDOWS\cursors\arrow_rm.cur,C:\WINDOWS\cursors\help_rm.cur,C:\WINDOWS\cursors\wait_rm.cur,C:\WINDOWS\cursors\busy_rm.cur,C:\WINDOWS\cursors\cross_rm.cur,C:\WINDOWS\cursors\beam_rm.cur,C:\WINDOWS\cursors\pen_rm.cur,C:\WINDOWS\cursors\no_rm.cur,C:\WINDOWS\cursors\size4_rm.cur,C:\WINDOWS\cursors\size3_rm.cur,C:\WINDOWS\cursors\size2_rm.cur,C:\WINDOWS\cursors\size1_rm.cur,C:\WINDOWS\cursors\move_rm.cur,C:\WINDOWS\cursors\up_rm.cur"
"\5\x5f3\5ס\5״\5 ?\5\xf890\5 ?W?i?n?d?o?w?s? ?(?\x5c2\5\x5c3\5ס\5\xf890\5 ?\xf892\5\x5c0\5ס\5\x5c3\5)?"="C:\WINDOWS\cursors\arrow_rl.cur,C:\WINDOWS\cursors\help_rl.cur,C:\WINDOWS\cursors\wait_rl.cur,C:\WINDOWS\cursors\busy_rl.cur,C:\WINDOWS\cursors\cross_rl.cur,C:\WINDOWS\cursors\beam_rl.cur,C:\WINDOWS\cursors\pen_rl.cur,C:\WINDOWS\cursors\no_rl.cur,C:\WINDOWS\cursors\size4_rl.cur,C:\WINDOWS\cursors\size3_rl.cur,C:\WINDOWS\cursors\size2_rl.cur,C:\WINDOWS\cursors\size1_rl.cur,C:\WINDOWS\cursors\move_rl.cur,C:\WINDOWS\cursors\up_rl.cur"
"ײ\5\x5c1\5ׂ\5\xf88d\5\xf891\5 ?נ\5װ\5ס\5\xf88f\5\xf88d\5\xf891\5 ?\5\xf890\5 ?W?i?n?d?o?w?s?"="C:\WINDOWS\cursors\arrow_i.cur,C:\WINDOWS\cursors\help_i.cur,C:\WINDOWS\cursors\wait_i.cur,C:\WINDOWS\cursors\busy_i.cur,C:\WINDOWS\cursors\cross_i.cur,C:\WINDOWS\cursors\beam_i.cur,C:\WINDOWS\cursors\pen_i.cur,C:\WINDOWS\cursors\no_i.cur,C:\WINDOWS\cursors\size4_i.cur,C:\WINDOWS\cursors\size3_i.cur,C:\WINDOWS\cursors\size2_i.cur,C:\WINDOWS\cursors\size1_i.cur,C:\WINDOWS\cursors\move_i.cur,C:\WINDOWS\cursors\up_i.cur"
"ײ\5\x5c1\5ׂ\5\xf88d\5\xf891\5 ?נ\5װ\5ס\5\xf88f\5\xf88d\5\xf891\5 ?\5\xf890\5 ?W?i?n?d?o?w?s? ?(?\x5c2\5\x5c3\5ס\5\xf890\5)?"="C:\WINDOWS\cursors\arrow_im.cur,C:\WINDOWS\cursors\help_im.cur,C:\WINDOWS\cursors\wait_im.cur,C:\WINDOWS\cursors\busy_im.cur,C:\WINDOWS\cursors\cross_im.cur,C:\WINDOWS\cursors\beam_im.cur,C:\WINDOWS\cursors\pen_im.cur,C:\WINDOWS\cursors\no_im.cur,C:\WINDOWS\cursors\size4_im.cur,C:\WINDOWS\cursors\size3_im.cur,C:\WINDOWS\cursors\size2_im.cur,C:\WINDOWS\cursors\size1_im.cur,C:\WINDOWS\cursors\move_im.cur,C:\WINDOWS\cursors\up_im.cur"
"ײ\5\x5c1\5ׂ\5\xf88d\5\xf891\5 ?נ\5װ\5ס\5\xf88f\5\xf88d\5\xf891\5 ?\5\xf890\5 ?W?i?n?d?o?w?s? ?(?\x5c2\5\x5c3\5ס\5\xf890\5 ?\xf892\5\x5c0\5ס\5\x5c3\5)?"="C:\WINDOWS\cursors\arrow_il.cur,C:\WINDOWS\cursors\help_il.cur,C:\WINDOWS\cursors\wait_il.cur,C:\WINDOWS\cursors\busy_il.cur,C:\WINDOWS\cursors\cross_il.cur,C:\WINDOWS\cursors\beam_il.cur,C:\WINDOWS\cursors\pen_il.cur,C:\WINDOWS\cursors\no_il.cur,C:\WINDOWS\cursors\size4_il.cur,C:\WINDOWS\cursors\size3_il.cur,C:\WINDOWS\cursors\size2_il.cur,C:\WINDOWS\cursors\size1_il.cur,C:\WINDOWS\cursors\move_il.cur,C:\WINDOWS\cursors\up_il.cur"
"ׁ\5\x5f4\5׀\5\x5c3\5״\5\x5f4\5\xf88d\5 ?\5\xf890\5 ?W?i?n?d?o?w?s? ?(?\x5c2\5\x5c3\5ס\5\xf890\5)?"="C:\WINDOWS\cursors\arrow_m.cur,C:\WINDOWS\cursors\help_m.cur,C:\WINDOWS\cursors\wait_m.cur,C:\WINDOWS\cursors\busy_m.cur,C:\WINDOWS\cursors\cross_m.cur,C:\WINDOWS\cursors\beam_m.cur,C:\WINDOWS\cursors\pen_m.cur,C:\WINDOWS\cursors\no_m.cur,C:\WINDOWS\cursors\size4_m.cur,C:\WINDOWS\cursors\size3_m.cur,C:\WINDOWS\cursors\size2_m.cur,C:\WINDOWS\cursors\size1_m.cur,C:\WINDOWS\cursors\move_m.cur,C:\WINDOWS\cursors\up_m.cur"
"ׁ\5\x5f4\5׀\5\x5c3\5״\5\x5f4\5\xf88d\5 ?\5\xf890\5 ?W?i?n?d?o?w?s? ?(?\x5c2\5\x5c3\5ס\5\xf890\5 ?\xf892\5\x5c0\5ס\5\x5c3\5)?"="C:\WINDOWS\cursors\arrow_l.cur,C:\WINDOWS\cursors\help_l.cur,C:\WINDOWS\cursors\wait_l.cur,C:\WINDOWS\cursors\busy_l.cur,C:\WINDOWS\cursors\cross_l.cur,C:\WINDOWS\cursors\beam_l.cur,C:\WINDOWS\cursors\pen_l.cur,C:\WINDOWS\cursors\no_l.cur,C:\WINDOWS\cursors\size4_l.cur,C:\WINDOWS\cursors\size3_l.cur,C:\WINDOWS\cursors\size2_l.cur,C:\WINDOWS\cursors\size1_l.cur,C:\WINDOWS\cursors\move_l.cur,C:\WINDOWS\cursors\up_l.cur"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\GrpConv\MapGroups]
"\xf892\5\5\x5f3\5׳\5\xf88d\5\xf891\5"="גײט\י׳ח"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{35CD480D-16FA-F999-65D5-8534217FF352}]
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0
Remaining Services :
Authorized Application Key Export:
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"H:\\Program Files\\eMule\\emule.exe"="H:\\Program Files\\eMule\\emule.exe:*:Enabled:TLN eMule MOD v6.0 [v0.47a]"
"C:\\Program Files\\eMule XvooM 3.0\\eMule XvooM 3.0.exe"="C:\\Program Files\\eMule XvooM 3.0\\eMule XvooM 3.0.exe:*:Enabled:eMule"
"C:\\Program Files\\Grisoft\\AVG7\\avginet.exe"="C:\\Program Files\\Grisoft\\AVG7\\avginet.exe:*:Enabled:avginet.exe"
"C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe"="C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe:*:Enabled:avgamsvr.exe"
"C:\\Program Files\\Grisoft\\AVG7\\avgcc.exe"="C:\\Program Files\\Grisoft\\AVG7\\avgcc.exe:*:Enabled:avgcc.exe"
"C:\\Program Files\\Grisoft\\AVG7\\avgemc.exe"="C:\\Program Files\\Grisoft\\AVG7\\avgemc.exe:*:Enabled:avgemc.exe"
"C:\\Program Files\\WebTV\\webtv.exe"="C:\\Program Files\\WebTV\\webtv.exe:*:Enabled:webtv"
"C:\\Program Files\\Spikko\\SpikkoPhone.exe"="C:\\Program Files\\Spikko\\SpikkoPhone.exe:*:Enabled: "
"C:\\Program Files\\RayV\\RayV\\RayV.exe"="C:\\Program Files\\RayV\\RayV\\RayV.exe:*:Enabled:RayV"
"C:\\Program Files\\ooVoo\\ooVoo.exe"="C:\\Program Files\\ooVoo\\ooVoo.exe:*:Enabled:ooVoo"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
"C:\\Program Files\\Yahoo!J\\Messenger\\YPagerj.exe"="C:\\Program Files\\Yahoo!J\\Messenger\\YPagerj.exe:*:Enabled:Yahoo!???????"
"C:\\Program Files\\Yahoo!J\\Messenger\\YServer.exe"="C:\\Program Files\\Yahoo!J\\Messenger\\YServer.exe:*:Enabled:Yahoo! FT Server"
"C:\\Program Files\\WinFtp Server\\WFTPSRV.exe"="C:\\Program Files\\WinFtp Server\\WFTPSRV.exe:*:Enabled:WinFtp Server"
"C:\\Program Files\\Google\\Google Talk\\googletalk.exe"="C:\\Program Files\\Google\\Google Talk\\googletalk.exe:*:Enabled:Google Talk"
"C:\\Program Files\\Skype\\Phone\\Skype.exe"="C:\\Program Files\\Skype\\Phone\\Skype.exe:*:Enabled:Skype"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
Remaining Files :
Files with Hidden Attributes :
Wed 31 Jul 2002 100 ..SH. --- "C:\WINDOWS\WSYS049.SYS"
Sun 17 Feb 2008 38,912 ...H. --- "C:\Documents and Settings\Owner\ \~WRL0629.tmp"
Tue 19 Feb 2008 37,376 ...H. --- "C:\Documents and Settings\Owner\ \~WRL0939.tmp"
Sat 15 Dec 2007 34,304 ...H. --- "C:\Documents and Settings\Owner\ \~WRL3108.tmp"
Tue 12 Feb 2008 24,064 ...H. --- "C:\Documents and Settings\Owner\ \~WRL3220.tmp"
Fri 13 Jun 2008 27,136 A..H. --- "C:\Documents and Settings\Owner\My Documents\~WRL2239.tmp"
Wed 27 Dec 2006 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp"
Mon 15 Oct 2007 54,272 ...H. --- "C:\Documents and Settings\Owner\ \caoching\~WRL0001.tmp"
Wed 30 Apr 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\734c918b43359bcdbde50b62df605e5f\BITF.tmp"
Sun 17 Feb 2008 36,352 ...H. --- "C:\Documents and Settings\Owner\Application Data\Microsoft\Word\~WRL3693.tmp"
Finished!
Run by Owner on Fri 06/27/2008 at 07:41 AM
Microsoft Windows XP [Version 5.1.2600]
Running From: C:\DOCUME~1\Owner\F245~1\SDFix
Checking Services :
Restoring Windows Registry Values
Restoring Windows Default Hosts File
Rebooting
Checking Files :
No Trojan Files Found
Removing Temp Files
ADS Check :
Final Check :
catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-27 08:04:01
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden services & system hive ...
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\Descriptions]
"\xf892\5\5\x5c0\5\xf891\5 ?\x5c0\5\5״\5׀\5\x5f4\5 ?\xf892\5נ\5\xf88d\5״\5 ?P?C?I? ?\xf892\5\x5c1\5ס\5ׁ\5ׁ\5 ?D?P?8?3?8?1?5? ?\5\xf890\5 ?N?a?t?i?o?n?a?l? ?S?e?m?i?c?o?n?d?u?c?t?o?r?"=str(7):"1\0"
"\xf88d\5ײ\5\xf88d\5\x5c0\5\5 ?\x5c0\5\xf88d\5׀\5װ\5״\5\x5c0\5-?\x5c0\5\x5c3\5ס\5\xf891\5"=str(7):"1\0"
"\xf892\5\5\x5c0\5\xf891\5 ?\16 1?3?9?4? ?N?e?t?\16 "=str(7):"1\0"
"\xf892\5\5\x5c0\5\xf891\5 ?A?s?y?n?c? ?\5\xf890\5 ?R?A?S?"=str(7):"1\0"
"\xf892\5\xf88d\5׀\5\xf88d\5-?\xf88d\5ײ\5\xf88d\5\x5c0\5נ\5 ?\5\xf890\5 ?\xf892\5\5ע\5\xf892\5\xf893\5 ?\xf892\5׀\5ס\5\5"=str(7):"1\0002\0003\0"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\lanmanserver\Shares]
"\xf892\5\x5c3\5װ\5ׁ\5\5"=str(7):"CSCFlags=0\0MaxUses=4294967295\0Path=Microsoft Office Document Image Writer,LocalsplOnly\0Permissions=0\0Remark=Microsoft Office Document Image Writer\0Type=1\0"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\Descriptions]
"\xf892\5\5\x5c0\5\xf891\5 ?\x5c0\5\5״\5׀\5\x5f4\5 ?\xf892\5נ\5\xf88d\5״\5 ?P?C?I? ?\xf892\5\x5c1\5ס\5ׁ\5ׁ\5 ?D?P?8?3?8?1?5? ?\5\xf890\5 ?N?a?t?i?o?n?a?l? ?S?e?m?i?c?o?n?d?u?c?t?o?r?"=str(7):"1\0"
"\xf88d\5ײ\5\xf88d\5\x5c0\5\5 ?\x5c0\5\xf88d\5׀\5װ\5״\5\x5c0\5-?\x5c0\5\x5c3\5ס\5\xf891\5"=str(7):"1\0"
"\xf892\5\5\x5c0\5\xf891\5 ?\16 1?3?9?4? ?N?e?t?\16 "=str(7):"1\0"
"\xf892\5\5\x5c0\5\xf891\5 ?A?s?y?n?c? ?\5\xf890\5 ?R?A?S?"=str(7):"1\0"
"\xf892\5\xf88d\5׀\5\xf88d\5-?\xf88d\5ײ\5\xf88d\5\x5c0\5נ\5 ?\5\xf890\5 ?\xf892\5\5ע\5\xf892\5\xf893\5 ?\xf892\5׀\5ס\5\5"=str(7):"1\0002\0003\0004\0"
"נ\5\5׳\5\xf893\5 ?B?l?u?e?t?o?o?t?h? ?(?״\5\5\5 ?\5׳\5\5ס\5״\5\5 ?\x5c0\5\xf88d\5\5\xf88d\5\5)?"=str(7):"1\0"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\00025b013a34]
"000e7b2ac2f7"=hex:7c,f7,1d,0e,3f,54,24,97,40,57,3c,ec,0b,38,ec,a1
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\lanmanserver\Shares]
"\xf892\5\x5c3\5װ\5ׁ\5\5"=str(7):"CSCFlags=0\0MaxUses=4294967295\0Path=Microsoft Office Document Image Writer,LocalsplOnly\0Permissions=0\0Remark=Microsoft Office Document Image Writer\0Type=1\0"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\Descriptions]
"\xf892\5\5\x5c0\5\xf891\5 ?\x5c0\5\5״\5׀\5\x5f4\5 ?\xf892\5נ\5\xf88d\5״\5 ?P?C?I? ?\xf892\5\x5c1\5ס\5ׁ\5ׁ\5 ?D?P?8?3?8?1?5? ?\5\xf890\5 ?N?a?t?i?o?n?a?l? ?S?e?m?i?c?o?n?d?u?c?t?o?r?"=str(7):"1\0"
"\xf88d\5ײ\5\xf88d\5\x5c0\5\5 ?\x5c0\5\xf88d\5׀\5װ\5״\5\x5c0\5-?\x5c0\5\x5c3\5ס\5\xf891\5"=str(7):"1\0"
"\xf892\5\5\x5c0\5\xf891\5 ?\16 1?3?9?4? ?N?e?t?\16 "=str(7):"1\0"
"\xf892\5\5\x5c0\5\xf891\5 ?A?s?y?n?c? ?\5\xf890\5 ?R?A?S?"=str(7):"1\0"
"\xf892\5\xf88d\5׀\5\xf88d\5-?\xf88d\5ײ\5\xf88d\5\x5c0\5נ\5 ?\5\xf890\5 ?\xf892\5\5ע\5\xf892\5\xf893\5 ?\xf892\5׀\5ס\5\5"=str(7):"1\0002\0003\0004\0"
"נ\5\5׳\5\xf893\5 ?B?l?u?e?t?o?o?t?h? ?(?״\5\5\5 ?\5׳\5\5ס\5״\5\5 ?\x5c0\5\xf88d\5\5\xf88d\5\5)?"=str(7):"1\0"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\00025b013a34]
"000e7b2ac2f7"=hex:7c,f7,1d,0e,3f,54,24,97,40,57,3c,ec,0b,38,ec,a1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\lanmanserver\Shares]
"\xf892\5\x5c3\5װ\5ׁ\5\5"=str(7):"CSCFlags=0\0MaxUses=4294967295\0Path=Microsoft Office Document Image Writer,LocalsplOnly\0Permissions=0\0Remark=Microsoft Office Document Image Writer\0Type=1\0"
scanning hidden registry entries ...
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Control Panel\Cursors\Schemes]
"\x5c1\5״\5\xf88d\5״\5\5 ?\xf892\5\x5f3\5\x5c3\5\xf890\5 ?\5\xf890\5 ?W?i?n?d?o?w?s?"="",,,,,,,,,,,,,""
"נ\5׀\5װ\5\5נ\5 ?\5\xf890\5 ?W?i?n?d?o?w?s?"=""C:\WINDOWS\Cursors\rainbow.ani,,C:\WINDOWS\Cursors\appstart.ani,C:\WINDOWS\Cursors\hourglas.ani,C:\WINDOWS\Cursors\cross.cur,,,,C:\WINDOWS\Cursors\sizens.ani,C:\WINDOWS\Cursors\sizewe.ani,C:\WINDOWS\Cursors\sizenwse.ani,C:\WINDOWS\Cursors\sizenesw.ani,,""
"\xf890\5\x5c1\5\xf893\5 ?\5\xf890\5\5-?\xf892\5\xf88d\5\xf892\5\x5c3\5\xf88d\5"=""C:\WINDOWS\Cursors\3dwarro.cur,,C:\WINDOWS\Cursors\appstar3.ani,C:\WINDOWS\Cursors\hourgla3.ani,C:\WINDOWS\Cursors\cross.cur,,,C:\WINDOWS\Cursors\3dwno.cur,C:\WINDOWS\Cursors\3dwns.cur,C:\WINDOWS\Cursors\3dwwe.cur,C:\WINDOWS\Cursors\3dwnwse.cur,C:\WINDOWS\Cursors\3dwnesw.cur,C:\WINDOWS\Cursors\3dwmove.cur,""
"\xf88d\5\x5c3\5\xf88d\5\xf88d\5\xf891\5 ?1?"=""C:\WINDOWS\Cursors\harrow.cur,,C:\WINDOWS\Cursors\handapst.ani,C:\WINDOWS\Cursors\hand.ani,C:\WINDOWS\Cursors\hcross.cur,C:\WINDOWS\Cursors\hibeam.cur,,C:\WINDOWS\Cursors\hnodrop.cur,C:\WINDOWS\Cursors\hns.cur,C:\WINDOWS\Cursors\hwe.cur,C:\WINDOWS\Cursors\hnwse.cur,C:\WINDOWS\Cursors\hnesw.cur,C:\WINDOWS\Cursors\hmove.cur,""
"\xf88d\5\x5c3\5\xf88d\5\xf88d\5\xf891\5 ?2?"=""C:\WINDOWS\Cursors\harrow.cur,,C:\WINDOWS\Cursors\handapst.ani,C:\WINDOWS\Cursors\handwait.ani,C:\WINDOWS\Cursors\hcross.cur,C:\WINDOWS\Cursors\hibeam.cur,,C:\WINDOWS\Cursors\handno.ani,C:\WINDOWS\Cursors\handns.ani,C:\WINDOWS\Cursors\handwe.ani,C:\WINDOWS\Cursors\handnwse.ani,C:\WINDOWS\Cursors\handnesw.ani,C:\WINDOWS\Cursors\hmove.cur,""
"\x5c3\5\xf88d\5׀\5ס\5ע\5\x5c0\5ס\5״\5"=""C:\WINDOWS\Cursors\3dgarro.cur,,C:\WINDOWS\Cursors\dinosaur.ani,C:\WINDOWS\Cursors\dinosau2.ani,C:\WINDOWS\Cursors\cross.cur,,,C:\WINDOWS\Cursors\banana.ani,C:\WINDOWS\Cursors\3dsns.cur,C:\WINDOWS\Cursors\3dgwe.cur,C:\WINDOWS\Cursors\3dsnwse.cur,C:\WINDOWS\Cursors\3dgnesw.cur,C:\WINDOWS\Cursors\3dsmove.cur,""
"ׁ\5\x5c2\5׀\5ס\5\xf893\5 ?\xf892\5\xf88d\5ס\5\5\xf893\5"=""C:\WINDOWS\Cursors\harrow.cur,,C:\WINDOWS\Cursors\horse.ani,C:\WINDOWS\Cursors\barber.ani,C:\WINDOWS\Cursors\hcross.cur,C:\WINDOWS\Cursors\hibeam.cur,,C:\WINDOWS\Cursors\coin.ani,C:\WINDOWS\Cursors\3dgns.cur,C:\WINDOWS\Cursors\3dgwe.cur,C:\WINDOWS\Cursors\3dgnwse.cur,C:\WINDOWS\Cursors\3dgnesw.cur,C:\WINDOWS\Cursors\3dgmove.cur,""
"\xf892\5׀\5ײ\5\x5f3\5"=""C:\WINDOWS\Cursors\harrow.cur,,C:\WINDOWS\Cursors\drum.ani,C:\WINDOWS\Cursors\metronom.ani,C:\WINDOWS\Cursors\hcross.cur,C:\WINDOWS\Cursors\hibeam.cur,,C:\WINDOWS\Cursors\piano.ani,C:\WINDOWS\Cursors\hns.cur,C:\WINDOWS\Cursors\hwe.cur,C:\WINDOWS\Cursors\hnwse.cur,C:\WINDOWS\Cursors\hnesw.cur,C:\WINDOWS\Cursors\hmove.cur,""
"\xf892\5ס\5\x5c2\5\x5c3\5\xf890\5"=""C:\WINDOWS\Cursors\larrow.cur,,C:\WINDOWS\Cursors\lappstrt.cur,C:\WINDOWS\Cursors\lwait.cur,C:\WINDOWS\Cursors\lcross.cur,C:\WINDOWS\Cursors\libeam.cur,,C:\WINDOWS\Cursors\lnodrop.cur,C:\WINDOWS\Cursors\lns.cur,C:\WINDOWS\Cursors\lwe.cur,C:\WINDOWS\Cursors\lnwse.cur,C:\WINDOWS\Cursors\lnesw.cur,C:\WINDOWS\Cursors\lmove.cur,""
"\5\xf88d\5׀\5ס\5\xf88d\5\xf88d\5\xf891\5"=""C:\WINDOWS\Cursors\fillitup.ani,,C:\WINDOWS\Cursors\raindrop.ani,C:\WINDOWS\Cursors\counter.ani,C:\WINDOWS\Cursors\cross.cur,,,C:\WINDOWS\Cursors\wagtail.ani,C:\WINDOWS\Cursors\sizens.ani,C:\WINDOWS\Cursors\sizewe.ani,C:\WINDOWS\Cursors\sizenwse.ani,C:\WINDOWS\Cursors\sizenesw.ani,""
"\x5c0\5״\5\x5c3\5 ?\5\xf890\5\5-?\xf892\5\xf88d\5\xf892\5\x5c3\5\xf88d\5"=""C:\WINDOWS\Cursors\3dgarro.cur,,C:\WINDOWS\Cursors\appstar2.ani,C:\WINDOWS\Cursors\hourgla2.ani,C:\WINDOWS\Cursors\cross.cur,,,C:\WINDOWS\Cursors\3dgno.cur,C:\WINDOWS\Cursors\3dgns.cur,C:\WINDOWS\Cursors\3dgwe.cur,C:\WINDOWS\Cursors\3dgnwse.cur,C:\WINDOWS\Cursors\3dgnesw.cur,C:\WINDOWS\Cursors\3dgmove.cur,""
"\5\x5f3\5ס\5״\5 ?\5\xf890\5 ?W?i?n?d?o?w?s? ?"="C:\WINDOWS\cursors\arrow_r.cur,C:\WINDOWS\cursors\help_r.cur,C:\WINDOWS\cursors\wait_r.cur,C:\WINDOWS\cursors\busy_r.cur,C:\WINDOWS\cursors\cross_r.cur,C:\WINDOWS\cursors\beam_r.cur,C:\WINDOWS\cursors\pen_r.cur,C:\WINDOWS\cursors\no_r.cur,C:\WINDOWS\cursors\size4_r.cur,C:\WINDOWS\cursors\size3_r.cur,C:\WINDOWS\cursors\size2_r.cur,C:\WINDOWS\cursors\size1_r.cur,C:\WINDOWS\cursors\move_r.cur,C:\WINDOWS\cursors\up_r.cur"
"\5\x5f3\5ס\5״\5 ?\5\xf890\5 ?W?i?n?d?o?w?s? ?(?\x5c2\5\x5c3\5ס\5\xf890\5)?"="C:\WINDOWS\cursors\arrow_rm.cur,C:\WINDOWS\cursors\help_rm.cur,C:\WINDOWS\cursors\wait_rm.cur,C:\WINDOWS\cursors\busy_rm.cur,C:\WINDOWS\cursors\cross_rm.cur,C:\WINDOWS\cursors\beam_rm.cur,C:\WINDOWS\cursors\pen_rm.cur,C:\WINDOWS\cursors\no_rm.cur,C:\WINDOWS\cursors\size4_rm.cur,C:\WINDOWS\cursors\size3_rm.cur,C:\WINDOWS\cursors\size2_rm.cur,C:\WINDOWS\cursors\size1_rm.cur,C:\WINDOWS\cursors\move_rm.cur,C:\WINDOWS\cursors\up_rm.cur"
"\5\x5f3\5ס\5״\5 ?\5\xf890\5 ?W?i?n?d?o?w?s? ?(?\x5c2\5\x5c3\5ס\5\xf890\5 ?\xf892\5\x5c0\5ס\5\x5c3\5)?"="C:\WINDOWS\cursors\arrow_rl.cur,C:\WINDOWS\cursors\help_rl.cur,C:\WINDOWS\cursors\wait_rl.cur,C:\WINDOWS\cursors\busy_rl.cur,C:\WINDOWS\cursors\cross_rl.cur,C:\WINDOWS\cursors\beam_rl.cur,C:\WINDOWS\cursors\pen_rl.cur,C:\WINDOWS\cursors\no_rl.cur,C:\WINDOWS\cursors\size4_rl.cur,C:\WINDOWS\cursors\size3_rl.cur,C:\WINDOWS\cursors\size2_rl.cur,C:\WINDOWS\cursors\size1_rl.cur,C:\WINDOWS\cursors\move_rl.cur,C:\WINDOWS\cursors\up_rl.cur"
"ײ\5\x5c1\5ׂ\5\xf88d\5\xf891\5 ?נ\5װ\5ס\5\xf88f\5\xf88d\5\xf891\5 ?\5\xf890\5 ?W?i?n?d?o?w?s?"="C:\WINDOWS\cursors\arrow_i.cur,C:\WINDOWS\cursors\help_i.cur,C:\WINDOWS\cursors\wait_i.cur,C:\WINDOWS\cursors\busy_i.cur,C:\WINDOWS\cursors\cross_i.cur,C:\WINDOWS\cursors\beam_i.cur,C:\WINDOWS\cursors\pen_i.cur,C:\WINDOWS\cursors\no_i.cur,C:\WINDOWS\cursors\size4_i.cur,C:\WINDOWS\cursors\size3_i.cur,C:\WINDOWS\cursors\size2_i.cur,C:\WINDOWS\cursors\size1_i.cur,C:\WINDOWS\cursors\move_i.cur,C:\WINDOWS\cursors\up_i.cur"
"ײ\5\x5c1\5ׂ\5\xf88d\5\xf891\5 ?נ\5װ\5ס\5\xf88f\5\xf88d\5\xf891\5 ?\5\xf890\5 ?W?i?n?d?o?w?s? ?(?\x5c2\5\x5c3\5ס\5\xf890\5)?"="C:\WINDOWS\cursors\arrow_im.cur,C:\WINDOWS\cursors\help_im.cur,C:\WINDOWS\cursors\wait_im.cur,C:\WINDOWS\cursors\busy_im.cur,C:\WINDOWS\cursors\cross_im.cur,C:\WINDOWS\cursors\beam_im.cur,C:\WINDOWS\cursors\pen_im.cur,C:\WINDOWS\cursors\no_im.cur,C:\WINDOWS\cursors\size4_im.cur,C:\WINDOWS\cursors\size3_im.cur,C:\WINDOWS\cursors\size2_im.cur,C:\WINDOWS\cursors\size1_im.cur,C:\WINDOWS\cursors\move_im.cur,C:\WINDOWS\cursors\up_im.cur"
"ײ\5\x5c1\5ׂ\5\xf88d\5\xf891\5 ?נ\5װ\5ס\5\xf88f\5\xf88d\5\xf891\5 ?\5\xf890\5 ?W?i?n?d?o?w?s? ?(?\x5c2\5\x5c3\5ס\5\xf890\5 ?\xf892\5\x5c0\5ס\5\x5c3\5)?"="C:\WINDOWS\cursors\arrow_il.cur,C:\WINDOWS\cursors\help_il.cur,C:\WINDOWS\cursors\wait_il.cur,C:\WINDOWS\cursors\busy_il.cur,C:\WINDOWS\cursors\cross_il.cur,C:\WINDOWS\cursors\beam_il.cur,C:\WINDOWS\cursors\pen_il.cur,C:\WINDOWS\cursors\no_il.cur,C:\WINDOWS\cursors\size4_il.cur,C:\WINDOWS\cursors\size3_il.cur,C:\WINDOWS\cursors\size2_il.cur,C:\WINDOWS\cursors\size1_il.cur,C:\WINDOWS\cursors\move_il.cur,C:\WINDOWS\cursors\up_il.cur"
"ׁ\5\x5f4\5׀\5\x5c3\5״\5\x5f4\5\xf88d\5 ?\5\xf890\5 ?W?i?n?d?o?w?s? ?(?\x5c2\5\x5c3\5ס\5\xf890\5)?"="C:\WINDOWS\cursors\arrow_m.cur,C:\WINDOWS\cursors\help_m.cur,C:\WINDOWS\cursors\wait_m.cur,C:\WINDOWS\cursors\busy_m.cur,C:\WINDOWS\cursors\cross_m.cur,C:\WINDOWS\cursors\beam_m.cur,C:\WINDOWS\cursors\pen_m.cur,C:\WINDOWS\cursors\no_m.cur,C:\WINDOWS\cursors\size4_m.cur,C:\WINDOWS\cursors\size3_m.cur,C:\WINDOWS\cursors\size2_m.cur,C:\WINDOWS\cursors\size1_m.cur,C:\WINDOWS\cursors\move_m.cur,C:\WINDOWS\cursors\up_m.cur"
"ׁ\5\x5f4\5׀\5\x5c3\5״\5\x5f4\5\xf88d\5 ?\5\xf890\5 ?W?i?n?d?o?w?s? ?(?\x5c2\5\x5c3\5ס\5\xf890\5 ?\xf892\5\x5c0\5ס\5\x5c3\5)?"="C:\WINDOWS\cursors\arrow_l.cur,C:\WINDOWS\cursors\help_l.cur,C:\WINDOWS\cursors\wait_l.cur,C:\WINDOWS\cursors\busy_l.cur,C:\WINDOWS\cursors\cross_l.cur,C:\WINDOWS\cursors\beam_l.cur,C:\WINDOWS\cursors\pen_l.cur,C:\WINDOWS\cursors\no_l.cur,C:\WINDOWS\cursors\size4_l.cur,C:\WINDOWS\cursors\size3_l.cur,C:\WINDOWS\cursors\size2_l.cur,C:\WINDOWS\cursors\size1_l.cur,C:\WINDOWS\cursors\move_l.cur,C:\WINDOWS\cursors\up_l.cur"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\GrpConv\MapGroups]
"\xf892\5\5\x5f3\5׳\5\xf88d\5\xf891\5"="גײט\י׳ח"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{35CD480D-16FA-F999-65D5-8534217FF352}]
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0
Remaining Services :
Authorized Application Key Export:
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"H:\\Program Files\\eMule\\emule.exe"="H:\\Program Files\\eMule\\emule.exe:*:Enabled:TLN eMule MOD v6.0 [v0.47a]"
"C:\\Program Files\\eMule XvooM 3.0\\eMule XvooM 3.0.exe"="C:\\Program Files\\eMule XvooM 3.0\\eMule XvooM 3.0.exe:*:Enabled:eMule"
"C:\\Program Files\\Grisoft\\AVG7\\avginet.exe"="C:\\Program Files\\Grisoft\\AVG7\\avginet.exe:*:Enabled:avginet.exe"
"C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe"="C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe:*:Enabled:avgamsvr.exe"
"C:\\Program Files\\Grisoft\\AVG7\\avgcc.exe"="C:\\Program Files\\Grisoft\\AVG7\\avgcc.exe:*:Enabled:avgcc.exe"
"C:\\Program Files\\Grisoft\\AVG7\\avgemc.exe"="C:\\Program Files\\Grisoft\\AVG7\\avgemc.exe:*:Enabled:avgemc.exe"
"C:\\Program Files\\WebTV\\webtv.exe"="C:\\Program Files\\WebTV\\webtv.exe:*:Enabled:webtv"
"C:\\Program Files\\Spikko\\SpikkoPhone.exe"="C:\\Program Files\\Spikko\\SpikkoPhone.exe:*:Enabled: "
"C:\\Program Files\\RayV\\RayV\\RayV.exe"="C:\\Program Files\\RayV\\RayV\\RayV.exe:*:Enabled:RayV"
"C:\\Program Files\\ooVoo\\ooVoo.exe"="C:\\Program Files\\ooVoo\\ooVoo.exe:*:Enabled:ooVoo"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
"C:\\Program Files\\Yahoo!J\\Messenger\\YPagerj.exe"="C:\\Program Files\\Yahoo!J\\Messenger\\YPagerj.exe:*:Enabled:Yahoo!???????"
"C:\\Program Files\\Yahoo!J\\Messenger\\YServer.exe"="C:\\Program Files\\Yahoo!J\\Messenger\\YServer.exe:*:Enabled:Yahoo! FT Server"
"C:\\Program Files\\WinFtp Server\\WFTPSRV.exe"="C:\\Program Files\\WinFtp Server\\WFTPSRV.exe:*:Enabled:WinFtp Server"
"C:\\Program Files\\Google\\Google Talk\\googletalk.exe"="C:\\Program Files\\Google\\Google Talk\\googletalk.exe:*:Enabled:Google Talk"
"C:\\Program Files\\Skype\\Phone\\Skype.exe"="C:\\Program Files\\Skype\\Phone\\Skype.exe:*:Enabled:Skype"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
Remaining Files :
Files with Hidden Attributes :
Wed 31 Jul 2002 100 ..SH. --- "C:\WINDOWS\WSYS049.SYS"
Sun 17 Feb 2008 38,912 ...H. --- "C:\Documents and Settings\Owner\ \~WRL0629.tmp"
Tue 19 Feb 2008 37,376 ...H. --- "C:\Documents and Settings\Owner\ \~WRL0939.tmp"
Sat 15 Dec 2007 34,304 ...H. --- "C:\Documents and Settings\Owner\ \~WRL3108.tmp"
Tue 12 Feb 2008 24,064 ...H. --- "C:\Documents and Settings\Owner\ \~WRL3220.tmp"
Fri 13 Jun 2008 27,136 A..H. --- "C:\Documents and Settings\Owner\My Documents\~WRL2239.tmp"
Wed 27 Dec 2006 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp"
Mon 15 Oct 2007 54,272 ...H. --- "C:\Documents and Settings\Owner\ \caoching\~WRL0001.tmp"
Wed 30 Apr 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\734c918b43359bcdbde50b62df605e5f\BITF.tmp"
Sun 17 Feb 2008 36,352 ...H. --- "C:\Documents and Settings\Owner\Application Data\Microsoft\Word\~WRL3693.tmp"
Finished!
Similar Topics
0 user(s) are reading this topic
0 members, 0 guests, 0 anonymous users