[b]SDFix: Version 1.218 [/b] Run by Sloetjes on wo 20-08-2008 at 14:20 Microsoft Windows XP [versie 5.1.2600] Running From: C:\SDFix\SDFix [b]Checking Services [/b]: Restoring Default Security Values Restoring Default Hosts File Rebooting [b]Checking Files [/b]: Trojan Files Found: C:\Documents and Settings\All Users\Menu Start\Programma's\PCPrivacyCleaner\PCPrivacyCleaner.lnk - Deleted C:\Documents and Settings\All Users\Menu Start\Programma's\PCPrivacyCleaner\Uninstall PCPrivacyCleaner.lnk - Deleted C:\Program Files\PCPrivacyCleaner\pcpc.exe - Deleted C:\Program Files\VirusRemover2008\VRM2008.exe - Deleted C:\WINDOWS\system32\~.exe - Deleted C:\Documents and Settings\Sloetjes\Bureaublad\PCPrivacyCleaner.lnk - Deleted Folder C:\Documents and Settings\All Users\Menu Start\Programma's\PCPrivacyCleaner - Removed Folder C:\Program Files\PCPrivacyCleaner - Removed Folder C:\Program Files\VirusRemover2008 - Removed Removing Temp Files [b]ADS Check [/b]: [b]Final Check [/b]: catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-08-20 14:28:41 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden services & system hive ... scanning hidden registry entries ... [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Prefetcher] "TracesProcessed"=dword:00000077 "TracesSuccessful"=dword:00000003 scanning hidden files ... scan completed successfully hidden processes: 0 hidden services: 0 hidden files: 0 [b]Remaining Services [/b]: Authorized Application Key Export: [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "C:\\Documents and Settings\\Sloetjes\\Bureaublad\\LimeWire\\LimeWire.exe"="C:\\Documents and Settings\\Sloetjes\\Bureaublad\\LimeWire\\LimeWire.exe:*:Disabled:LimeWire" "C:\\StubInstaller.exe"="C:\\StubInstaller.exe:*:Enabled:LimeWire swarmed installer" "C:\\Documents and Settings\\Sloetjes\\Bureaublad\\LimeWire\\Nieuwe map\\LimeWire\\LimeWire.exe"="C:\\Documents and Settings\\Sloetjes\\Bureaublad\\LimeWire\\Nieuwe map\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire" "C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger" "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger" "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)" [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger" "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)" [b]Remaining Files [/b]: File Backups: - C:\SDFix\SDFix\backups\backups.zip [b]Files with Hidden Attributes [/b]: Thu 25 Jan 2007 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp" Mon 13 Nov 2006 319,456 A..H. --- "C:\Program Files\Common Files\Motorola Shared\MotPCSDrivers\difxapi.dll" Sat 10 May 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\a282fd7b00204b775909f4664bd74484\BIT89.tmp" Sun 26 Mar 2006 4,348 A.SH. --- "C:\Oude data\Ntfs\Documents and Settings\All Users\Drm\Drmv1.bak" Sun 17 Dec 2006 4,900,464 A..H. --- "C:\Oude data\Ntfs\System Volume Information\_restore{4D8360BF-C82D-4FAC-86FE-0CEF6C4B9807}\Rp68\A0017752.exe" Mon 16 Oct 2006 251,656 A..H. --- "C:\Oude data\Ntfs\Documents and Settings\Papa & Mama\Local Settings\Temp\Bitb7.tmp" [b]Finished![/b]