This is my SDFix use report:
SDFix: Version 1.240
Run by Administrador on 08/12/2008 at 11:08 a.m.
Microsoft Windows XP [Versi¢n 5.1.2600]
Running From: C:\SDFix
Checking Services :
Restoring Default Security Values
Restoring Default Hosts File
Rebooting
Checking Files :
Trojan Files Found:
C:\DOCUME~1\ADMINI~1\CONFIG~1\Temp\tmp13.tmp - Deleted
C:\DOCUME~1\ADMINI~1\CONFIG~1\Temp\tmp14.tmp - Deleted
C:\DOCUME~1\ADMINI~1\CONFIG~1\Temp\tmp3D.tmp - Deleted
C:\DOCUME~1\ADMINI~1\CONFIG~1\Temp\tmp7.tmp - Deleted
C:\DOCUME~1\ADMINI~1\CONFIG~1\Temp\tmp8.tmp - Deleted
C:\DOCUME~1\ADMINI~1\CONFIG~1\Temp\tmp83.tmp - Deleted
C:\DOCUME~1\ADMINI~1\CONFIG~1\Temp\tmp85.tmp - Deleted
C:\DOCUME~1\ADMINI~1\CONFIG~1\Temp\tmp89.tmp - Deleted
C:\DOCUME~1\ADMINI~1\CONFIG~1\Temp\tmp99.tmp - Deleted
C:\DOCUME~1\ADMINI~1\CONFIG~1\Temp\tmpC.tmp - Deleted
C:\DOCUME~1\ADMINI~1\CONFIG~1\Temp\tmpF.tmp - Deleted
C:\WINDOWS\system32\msxml71.dll - Deleted
Removing Temp Files
ADS Check :
Final Check :
catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-08 11:20:54
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden services & system hive ...
scanning hidden registry entries ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0
Remaining Services :
Authorized Application Key Export:
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Archivos de programa\\Skype\\Phone\\Skype.exe"="C:\\Archivos de programa\\Skype\\Phone\\Skype.exe:*:Enabled:Skype"
"C:\\Archivos de programa\\Grisoft\\AVG7\\avginet.exe"="C:\\Archivos de programa\\Grisoft\\AVG7\\avginet.exe:*:Enabled:avginet.exe"
"C:\\Archivos de programa\\Grisoft\\AVG7\\avgamsvr.exe"="C:\\Archivos de programa\\Grisoft\\AVG7\\avgamsvr.exe:*:Enabled:avgamsvr.exe"
"C:\\Archivos de programa\\Grisoft\\AVG7\\avgcc.exe"="C:\\Archivos de programa\\Grisoft\\AVG7\\avgcc.exe:*:Enabled:avgcc.exe"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Archivos de programa\\Microsoft LifeCam\\LifeCam.exe"="C:\\Archivos de programa\\Microsoft LifeCam\\LifeCam.exe:*:Enabled:LifeCam.exe"
"C:\\Archivos de programa\\Microsoft LifeCam\\LifeExp.exe"="C:\\Archivos de programa\\Microsoft LifeCam\\LifeExp.exe:*:Enabled:LifeExp.exe"
"C:\\Archivos de programa\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Archivos de programa\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Archivos de programa\\Windows Live\\Messenger\\livecall.exe"="C:\\Archivos de programa\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"C:\\Archivos de programa\\Winamp Remote\\bin\\Orb.exe"="C:\\Archivos de programa\\Winamp Remote\\bin\\Orb.exe:*:Enabled:Orb"
"C:\\Archivos de programa\\Winamp Remote\\bin\\OrbTray.exe"="C:\\Archivos de programa\\Winamp Remote\\bin\\OrbTray.exe:*:Enabled:OrbTray"
"C:\\Archivos de programa\\Winamp Remote\\bin\\OrbStreamerClient.exe"="C:\\Archivos de programa\\Winamp Remote\\bin\\OrbStreamerClient.exe:*:Enabled:Orb Stream Client"
"C:\\Archivos de programa\\Kazaa\\kazaa.exe"="C:\\Archivos de programa\\Kazaa\\kazaa.exe:*:Disabled:Kazaa"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Archivos de programa\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Archivos de programa\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Archivos de programa\\Windows Live\\Messenger\\livecall.exe"="C:\\Archivos de programa\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
Remaining Files :
File Backups: - C:\SDFix\backups\backups.zip
Files with Hidden Attributes :
Mon 1 May 2006 4,348 A.SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
Mon 1 May 2006 401 ..SH. --- "C:\Documents and Settings\All Users\DRM\DRMv11.bak"
Mon 9 Jul 2007 348,160 A.SH. --- "C:\System Volume Information\_restore{58DEBF9E-8D38-41FB-BF88-3C8E6BEAA4D3}\RP291\A0117177.dll"
Sun 8 Apr 2007 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp"
Tue 2 Dec 2008 0 ...H. --- "C:\Documents and Settings\Administrador\Datos de programa\Microsoft\Word\~WRL1976.tmp"
Mon 9 Jun 2008 23,552 ...H. --- "C:\Documents and Settings\Administrador\Datos de programa\Microsoft\Word\~WRL4057.tmp"
Sat 29 Apr 2006 23,552 A..H. --- "C:\Documents and Settings\Administrador\Mis documentos\Mis eBooks\Centrum\Ciclo I\Estad¡stica para la Administraci¢n\~WRL2744.tmp"
Sun 1 Oct 2006 851,968 A.SH. --- "C:\Documents and Settings\Administrador\Mis documentos\Mis im genes\Family de Meche\Diego Alonso\2,3,4,5, Meses\SIV3.tmp"
Fri 5 Jan 2007 19,968 A..H. --- "C:\Documents and Settings\Administrador\Mis documentos\Mis eBooks\Centrum\Ciclo II\Gerencia de Marketing\Estudio Gamarra-Minka-Megaplaza\FOTOS MINKA GAMARA MEGA PLAZA\~WRL0447.tmp"
Fri 5 Jan 2007 787,968 A..H. --- "C:\Documents and Settings\Administrador\Mis documentos\Mis eBooks\Centrum\Ciclo II\Gerencia de Marketing\Estudio Gamarra-Minka-Megaplaza\FOTOS MINKA GAMARA MEGA PLAZA\~WRL1208.tmp"
Finished!
Sign In
Create Account
