[b]SDFix: Version 1.196 [/b] Run by Mark on do 17-07-2008 at 08:58 Microsoft Windows XP [versie 5.1.2600] Running From: C:\SDFix [b]Checking Services [/b]: Restoring Default Security Values Restoring Default Hosts File Rebooting [b]Checking Files [/b]: Trojan Files Found: C:\Documents and Settings\Mark\Favorieten\Antivirus Scan.url - Deleted C:\Documents and Settings\Mark\Mijn documenten\My Documents.url - Deleted C:\Documents and Settings\Mark\Mijn documenten\Mijn muziek\My Music.url - Deleted C:\Documents and Settings\Mark\Mijn documenten\Mijn afbeeldingen\My Pictures.url - Deleted C:\Documents and Settings\Mark\Mijn documenten\Mijn video's\My Video.url - Deleted C:\Program Files\Web Technologies\iebtu.exe - Deleted C:\Program Files\Web Technologies\iebu.exe - Deleted C:\Program Files\Web Technologies\myd.ico - Deleted C:\Program Files\Web Technologies\mym.ico - Deleted C:\Program Files\Web Technologies\myp.ico - Deleted C:\Program Files\Web Technologies\myv.ico - Deleted C:\Program Files\Web Technologies\ot.ico - Deleted C:\Program Files\Web Technologies\Thumbs.db - Deleted C:\Program Files\Web Technologies\ts.ico - Deleted C:\Program Files\Web Technologies\wcu.exe - Deleted C:\DOCUME~1\Mark\LOCALS~1\Temp\zfe2.exe - Deleted C:\WINDOWS\system32\ieupdates.exe - Deleted C:\WINDOWS\system32\winsrc.dll - Deleted Folder C:\Program Files\Web Technologies - Removed Removing Temp Files [b]ADS Check [/b]: [b]Final Check [/b]: catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-07-17 09:29:13 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden services & system hive ... scanning hidden registry entries ... scanning hidden files ... scan completed successfully hidden processes: 0 hidden services: 0 hidden files: 0 [b]Remaining Services [/b]: Authorized Application Key Export: [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger" "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger" "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)" "C:\\Program Files\\ASC 2.1\\asc 2.1.exe"="C:\\Program Files\\ASC 2.1\\asc 2.1.exe:*:Enabled:AntiSpyCheck" [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger" "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)" [b]Remaining Files [/b]: File Backups: - C:\SDFix\backups\backups.zip [b]Files with Hidden Attributes [/b]: Thu 15 Feb 2007 308,832 A..H. --- "C:\Program Files\Canon\MP Navigator EX 1.0\Maint.exe" Mon 28 Feb 2005 61,440 A..H. --- "C:\Program Files\Canon\MP Navigator EX 1.0\uinstrsc.dll" Sat 19 Apr 2008 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp" Wed 7 May 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\a282fd7b00204b775909f4664bd74484\BIT2.tmp" [b]Finished![/b]