Here you go! ;D
SDFix: Version 1.163
Run by silvia on Fri 03/28/2008 at 06:19 AM
Microsoft Windows XP [Version 5.1.2600]
Running From: C:\SDFix
Checking Services :
Restoring Windows Registry Values
Restoring Windows Default Hosts File
Rebooting
Checking Files :
No Trojan Files Found
Removing Temp Files
ADS Check :
[b]Final Check [/b]:
catchme 0.3.1344.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-28 06:52:06
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes …
scanning hidden services & system hive …
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\a347scsi\Config\jdgg40]
“ujdew”=hex:20,02,00,00,1d,fb,f7,7c,84,a6,1d,ff,55,1b,ad,f9,93,0b,16,a7,44,…
“ljej40”=hex:03,23,81,5b,fa,46,bb,8d,b0,46,01,d3,d9,5d,29,77,4f,59,11,66,1d,…
“ljej41”=hex:c3,23,81,5b,82,46,bb,8d,b1,46,00,d3,d8,5d,29,77,4f,59,11,66,1e,…
“ljej42”=hex:c3,23,81,5b,82,46,bb,8d,b1,46,00,d3,d8,5d,29,77,4f,59,11,66,1e,…
“ljej43”=hex:c3,23,81,5b,82,46,bb,8d,b1,46,00,d3,d8,5d,29,77,4f,59,11,66,1e,…
“ljej44”=hex:c3,23,81,5b,82,46,bb,8d,b1,46,00,d3,d8,5d,29,77,4f,59,11,66,1e,…
scanning hidden registry entries …
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall{E9F81423-211E-46B6-9AE0-38568BC5CF6F}]
“DisplayName”=“Alcohol 120%”
scanning hidden files …
scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0
Remaining Services :
Authorized Application Key Export:
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
“%windir%\Network Diagnostic\xpnetdiag.exe”=“%windir%\Network Diagnostic\xpnetdiag.exe::Enabled:@xpsp3res.dll,-20000"
“%windir%\system32\sessmgr.exe”="%windir%\system32\sessmgr.exe::enabled:@xpsp2res.dll,-22019”
“J:\Programs\eMule\emule.exe”=“J:\Programs\eMule\emule.exe::Enabled:eMule"
“C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE”="C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE::Enabled:Microsoft Office Outlook”
“C:\Program Files\Microsoft Office\Office12\GROOVE.EXE”=“C:\Program Files\Microsoft Office\Office12\GROOVE.EXE::Enabled:Microsoft Office Groove"
“C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE”="C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE::Enabled:Microsoft Office OneNote”
“C:\Program Files\Messenger\msmsgs.exe”=“C:\Program Files\Messenger\msmsgs.exe::Enabled:Windows Messenger"
“C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe”="C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe::Enabled:Adobe Version Cue CS3 Server”
“C:\WINDOWS\pchealth\helpctr\binaries\HelpCtr.exe”=“C:\WINDOWS\pchealth\helpctr\binaries\HelpCtr.exe::Enabled:Remote Assistance - Windows Messenger and Voice"
“C:\Program Files\Bonjour\mDNSResponder.exe”="C:\Program Files\Bonjour\mDNSResponder.exe::Enabled:Bonjour”
“J:\Programs\iTunes\iTunes.exe”=“J:\Programs\iTunes\iTunes.exe::Enabled:iTunes"
“C:\Program Files\Nero\Nero 7\Nero ShowTime\ShowTime.exe”="C:\Program Files\Nero\Nero 7\Nero ShowTime\ShowTime.exe::Enabled:Windows Media™ Audio (wma)”
“C:\Program Files\Skype\Phone\Skype.exe”=“C:\Program Files\Skype\Phone\Skype.exe::Enabled:Skype"
“C:\Program Files\Windows Live\Messenger\msnmsgr.exe”="C:\Program Files\Windows Live\Messenger\msnmsgr.exe::Enabled:Windows Live Messenger”
“C:\Program Files\Windows Live\Messenger\livecall.exe”=“C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)”
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
“%windir%\Network Diagnostic\xpnetdiag.exe”=“%windir%\Network Diagnostic\xpnetdiag.exe::Enabled:@xpsp3res.dll,-20000"
“%windir%\system32\sessmgr.exe”="%windir%\system32\sessmgr.exe::enabled:@xpsp2res.dll,-22019”
“C:\Program Files\Windows Live\Messenger\msnmsgr.exe”=“C:\Program Files\Windows Live\Messenger\msnmsgr.exe::Enabled:Windows Live Messenger"
“C:\Program Files\Windows Live\Messenger\livecall.exe”="C:\Program Files\Windows Live\Messenger\livecall.exe::Enabled:Windows Live Messenger (Phone)”
Remaining Files :
File Backups: - C:\SDFix\backups\backups.zip
Files with Hidden Attributes :
Wed 9 Jan 2008 0 A.SH. — “C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp”
Wed 12 Dec 2007 0 A…H. — “C:\WINDOWS\SoftwareDistribution\Download\0a67b6c406b1d7e0f5c1e6f6d44a3f6e\BIT3C.tmp”
Wed 12 Dec 2007 0 A…H. — “C:\WINDOWS\SoftwareDistribution\Download\26924cbc8132a10b438ce6e2b49d4652\BIT3A.tmp”
Wed 12 Dec 2007 0 A…H. — “C:\WINDOWS\SoftwareDistribution\Download\2769b111678c52099a3b3123b12f2325\BIT3E.tmp”
Wed 12 Dec 2007 0 A…H. — “C:\WINDOWS\SoftwareDistribution\Download\b69c46c5109d0f8b0dee9fab84906813\BIT3D.tmp”
Wed 12 Dec 2007 0 A…H. — “C:\WINDOWS\SoftwareDistribution\Download\d77b9b5b8fed23dd91f50d167cce60d3\BIT3F.tmp”
Wed 12 Dec 2007 0 A…H. — “C:\WINDOWS\SoftwareDistribution\Download\fa6c916bb150f8a929e7a4ffdfbc120f\BIT3B.tmp”
Finished!