View Single Post
  #12  
Old August 8th, 2008, 05:24 AM
skiniemini skiniemini is offline
Senior Member
 
Join Date: Aug 2008
O/S: Windows 7 32-bit
Posts: 163
Report.txt from SDFix:


SDFix: Version 1.214
Run by Mason on Thu 08/07/2008 at 08:40 PM

Microsoft Windows XP [Version 5.1.2600]
Running From: F:\SDFix

Checking Services :


Restoring Default Security Values
Restoring Default Hosts File

Rebooting


Checking Files :

Trojan Files Found:

F:\WINDOWS\system32\comsa32.sys - Deleted





Removing Temp Files

ADS Check :



Final Check :

catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-07 20:52:25
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

scanning hidden registry entries ...

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0


Remaining Services :




Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\servic es\sharedaccess\parameters\firewallpolicy\standard profile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\syste m32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"F:\\WINDOWS\\system32\\usmt\\migwiz.exe"="F:\\WIN DOWS\\system32\\usmt\\migwiz.exe:*:Enabled:Files and Settings Transfer Wizard"
"C:\\Program Files\\Warcraft III\\Warcraft III.exe"="C:\\Program Files\\Warcraft III\\Warcraft III.exe:*:Enabled:Warcraft III"
"F:\\Program Files\\uTorrent\\uTorrent.exe"="F:\\Program Files\\uTorrent\\uTorrent.exe:*:Enabled:ęTorrent"
"F:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"="F:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe:*:Enabled:McAfee Network Agent"
"F:\\Program Files\\Messenger\\msmsgs.exe"="F:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
"F:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="F:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"F:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="F:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"F:\\Program Files\\Bonjour\\mDNSResponder.exe"="F:\\Program Files\\Bonjour\\mDNSResponder.exe:*:Enabled:Bonjou r"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
"F:\\Program Files\\McAfee\\MBK\\McAfeeDataBackup.exe"="F:\\Pro gram Files\\McAfee\\MBK\\McAfeeDataBackup.exe:*:Enabled :McAfee Data Backup"
"F:\\Program Files\\Winamp Remote\\bin\\OrbTray.exe"="F:\\Program Files\\Winamp Remote\\bin\\OrbTray.exe:*:Enabled:Orb"
"F:\\Program Files\\Winamp Remote\\bin\\Orb.exe"="F:\\Program Files\\Winamp Remote\\bin\\Orb.exe:*:Enabled:Orb Application"
"F:\\Program Files\\Microsoft ActiveSync\\rapimgr.exe"="F:\\Program Files\\Microsoft ActiveSync\\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager"
"F:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe"="F:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager"
"F:\\Program Files\\Microsoft ActiveSync\\WCESMgr.exe"="F:\\Program Files\\Microsoft ActiveSync\\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\servic es\sharedaccess\parameters\firewallpolicy\domainpr ofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\syste m32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"F:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="F:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"F:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="F:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"F:\\Program Files\\McAfee\\MBK\\McAfeeDataBackup.exe"="F:\\Pro gram Files\\McAfee\\MBK\\McAfeeDataBackup.exe:*:Enabled :McAfee Data Backup"
"F:\\Program Files\\uTorrent\\uTorrent.exe"="F:\\Program Files\\uTorrent\\uTorrent.exe:*:Enabled:ęTorrent"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
"F:\\Games\\Call of Duty 2\\CoD2MP_s.exe"="F:\\Games\\Call of Duty 2\\CoD2MP_s.exe:*:Enabled:CoD2MP_s"
"F:\\WINDOWS\\pchealth\\helpctr\\binaries\\HelpCtr .exe"="F:\\WINDOWS\\pchealth\\helpctr\\binaries\\H elpCtr.exe:*:Enabled:Remote Assistance - Windows Messenger and Voice"
"F:\\Program Files\\Microsoft ActiveSync\\rapimgr.exe"="F:\\Program Files\\Microsoft ActiveSync\\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager"
"F:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe"="F:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager"
"F:\\Program Files\\Microsoft ActiveSync\\WCESMgr.exe"="F:\\Program Files\\Microsoft ActiveSync\\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application"
"C:\\Program Files\\Warcraft III\\Warcraft III.exe"="C:\\Program Files\\Warcraft III\\Warcraft III.exe:*:Enabled:Warcraft III"

Remaining Files :


File Backups: - F:\SDFix\backups\backups.zip

Files with Hidden Attributes :

Mon 21 Jul 2008 20,487 A.SHR --- "F:\Program Files\McAfee\MQC\MRU.bak"
Mon 21 Jul 2008 265 A.SHR --- "F:\Program Files\McAfee\MQC\qcconf.bak"
Mon 7 Jul 2008 0 A.SH. --- "F:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp"
Wed 16 Jul 2008 0 A..H. --- "F:\WINDOWS\SoftwareDistribution\Download\0d3b5d19 cc06db007bbe6584808bfa9e\BIT4.tmp"
Wed 25 Jun 2008 0 A..H. --- "F:\WINDOWS\SoftwareDistribution\Download\f7db876e 78b88fd8276fd7d29cb7e4eb\BIT1.tmp"
Mon 13 Dec 2004 295,812 A..H. --- "F:\WINDOWS\SoftwareDistribution\Download\080070f6 461c8001578e5e4cd4bb024b\download\BITA4.tmp"
Fri 22 Sep 2006 279,513 A..H. --- "F:\WINDOWS\SoftwareDistribution\Download\f040a43a 7788e207ef67f26bf9f0471f\download\BIT8F.tmp"

Finished!
Reply With Quote