[b]SDFix: Version 1.240 [/b] Run by Gebruiker on wo 17/12/2008 at 19:14 Microsoft Windows XP [versie 5.1.2600] Running From: C:\SDFix [b]Checking Services [/b]: Restoring Default Security Values Restoring Default Hosts File Rebooting [b]Checking Files [/b]: Trojan Files Found: C:\Documents and Settings\LocalService\Application Data\twain_32\user.ds - Deleted C:\Documents and Settings\NetworkService\Application Data\twain_32\user.ds - Deleted C:\WINDOWS\system32\TDSSkrxx.dll - Deleted C:\WINDOWS\system32\TDSSyaqu.dll - Deleted C:\WINDOWS\system32\TDSSnpur.dll - Deleted C:\WINDOWS\system32\TDSSixgp.dll - Deleted C:\WINDOWS\system32\TDSSmtpe.dat - Deleted C:\WINDOWS\system32\TDSSwkod.log - Deleted C:\WINDOWS\system32\twain_32\local.ds - Deleted C:\WINDOWS\system32\twain_32\user.ds - Deleted C:\WINDOWS\system32\twext.exe - Deleted Could Not Remove C:\WINDOWS\system32\TDSSoitu.dll Folder C:\Documents and Settings\LocalService\Application Data\twain_32 - Removed Folder C:\Documents and Settings\NetworkService\Application Data\twain_32 - Removed Folder C:\WINDOWS\system32\twain_32 - Removed Removing Temp Files [b]ADS Check [/b]: [b]Final Check [/b]: catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-12-17 19:27:16 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden services & system hive ... disk error: C:\WINDOWS\system32\config\system, 0 scanning hidden registry entries ... disk error: C:\WINDOWS\system32\config\software, 0 disk error: C:\Documents and Settings\Gebruiker\ntuser.dat, 0 scanning hidden files ... disk error: C:\WINDOWS\ please note that you need administrator rights to perform deep scan [b]Remaining Services [/b]: Authorized Application Key Export: [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "C:\\Program Files\\Bonjour\\mDNSResponder.exe"="C:\\Program Files\\Bonjour\\mDNSResponder.exe:*:Enabled:Bonjour" "C:\\Program Files\\uTorrent\\uTorrent.exe"="C:\\Program Files\\uTorrent\\uTorrent.exe:*:Enabled:ęTorrent" "C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes" [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" [b]Remaining Files [/b]: C:\WINDOWS\system32\TDSSoitu.dll Found File Backups: - C:\SDFix\backups\backups.zip [b]Files with Hidden Attributes [/b]: Mon 7 Jul 2008 1,429,840 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\SDUpdate.exe" Mon 7 Jul 2008 4,891,472 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" Mon 7 Jul 2008 2,156,368 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" Mon 23 Jun 2008 4,348 ..SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak" Wed 6 Feb 2008 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp" Fri 2 May 2008 3,493,888 A..H. --- "C:\Documents and Settings\Administrator\Application Data\U3\temp\Launchpad Removal.exe" Fri 2 May 2008 3,493,888 A..H. --- "C:\Documents and Settings\Gebruiker\Application Data\U3\temp\Launchpad Removal.exe" [b]Finished![/b]