SDFix: Version 1.107
Run by Owner on Fri 05/10/2007 at 03:32 AM
Microsoft Windows XP [Version 5.1.2600]
Running From: C:\DOCUME~1\Owner\Desktop\SDFix
Safe Mode:
Checking Services:
Restoring Windows Registry Values
Restoring Windows Default Hosts File
Rebooting...
Normal Mode:
Checking Files:
Trojan Files Found:
C:\WINDOWS\retadpu693.exe - Deleted
Removing Temp Files...
ADS Check:
C:\WINDOWS
No streams found.
C:\WINDOWS\system32
No streams found.
C:\WINDOWS\system32\svchost.exe
No streams found.
C:\WINDOWS\system32\ntoskrnl.exe
No streams found.
Final Check:
Remaining Services:
------------------
Authorized Application Key Export:
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\\Program Files\\Kodak\\KODAK Software Updater\\7288971\\Program\\Kodak Software Updater.exe"="C:\\Program Files\\Kodak\\KODAK Software Updater\\7288971\\Program\\Kodak Software Updater.exe:*:Enabled:Kodak Software Updater"
"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"="C:\\Program Files\\Mozilla Firefox\\firefox.exe:*:Enabled:Firefox"
"C:\\Program Files\\LimeWire\\LimeWire.exe"="C:\\Program Files\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"
"C:\\Documents and Settings\\Owner\\Local Settings\\Temp\\Rar$EX07.031\\Proxy Switcher Pro 3 7 3646 incl\\Proxy Switcher Pro 3.7.3646 incl crack\\Cracked.exe-TSRH\\proxyswitcher.exe"="C:\\Documents and Settings\\Owner\\Local Settings\\Temp\\Rar$EX07.031\\Proxy Switcher Pro 3 7 3646 incl\\Proxy Switcher Pro 3.7.3646 incl crack\\Cracked.exe-TSRH\\proxyswitcher.exe:*:Enabled
roxy Switcher"
"C:\\Program Files\\SatelliteTVforPC\\2006\\Elite\\SatelliteTVforPC.exe"="C:\\Program Files\\SatelliteTVforPC\\2006\\Elite\\SatelliteTVforPC.exe:*:Enabled:SatelliteTVforPC"
"C:\\Program Files\\TVAnts\\Tvants.exe"="C:\\Program Files\\TVAnts\\Tvants.exe:*:Enabled:TVAnts"
"C:\\Program Files\\Proxy Switcher Standard\\ProxySwitcher.exe"="C:\\Program Files\\Proxy Switcher Standard\\ProxySwitcher.exe:*:Enabled
roxy Switcher"
"C:\\Program Files\\Real\\RealOne Player\\realplay.exe"="C:\\Program Files\\Real\\RealOne Player\\realplay.exe:*:Enabled:RealPlayer"
"C:\\Program Files\\Opera\\Opera.exe"="C:\\Program Files\\Opera\\Opera.exe:*:Enabled:Opera Internet Browser"
"C:\\Program Files\\IP Hider\\IP Hider.exe"="C:\\Program Files\\IP Hider\\IP Hider.exe:*:Enabled:IP Hider"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled
xpsp3res.dll,-20000"
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe:*:Enabled:Yahoo! FT Server"
"C:\\Program Files\\MSN Messenger\\msncall.exe"="C:\\Program Files\\MSN Messenger\\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"C:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"="C:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe:*:Enabled:McAfee Network Agent"
"C:\\Program Files\\Kodak\\Kodak EasyShare Software\\bin\\EasyShare.exe"="C:\\Program Files\\Kodak\\Kodak EasyShare Software\\bin\\EasyShare.exe:*:Enabled:EasyShare"
"C:\\Program Files\\ActiveX Control Pad\\age2_x1.exe"="C:\\Program Files\\ActiveX Control Pad\\age2_x1.exe:*:Enabled:Age of Empires II Expansion"
"C:\\Program Files\\ActiveX Control Pad\\empires2.exe"="C:\\Program Files\\ActiveX Control Pad\\empires2.exe:*:Enabled:Age of Empires II"
"C:\\Program Files\\age of empires 2\\empires2.exe"="C:\\Program Files\\age of empires 2\\empires2.exe:*:Enabled:Age of Empires II"
"C:\\WINDOWS\\system32\\sessmgr.exe"="C:\\WINDOWS\\system32\\sessmgr.exe:*
isabled
xpsp2res.dll,-22019"
"C:\\Program Files\\age of empires 2\\age2_x1.exe"="C:\\Program Files\\age of empires 2\\age2_x1.exe:*:Enabled:Age of Empires II Expansion"
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"="C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe:*:Enabled:AOL Loader"
"C:\\Program Files\\Microsoft LifeCam\\LifeCam.exe"="C:\\Program Files\\Microsoft LifeCam\\LifeCam.exe:*:Enabled:LifeCam.exe"
"C:\\Program Files\\Microsoft LifeCam\\LifeExp.exe"="C:\\Program Files\\Microsoft LifeCam\\LifeExp.exe:*:Enabled:LifeExp.exe"
"C:\\Documents and Settings\\Owner\\My Documents\\music folder 2\\Update_D240_A8P_106-71_a056_v1s.exe"="C:\\Documents and Settings\\Owner\\My Documents\\music folder 2\\Update_D240_A8P_106-71_a056_v1s.exe:*:Enabled:SwissUpdate"
"C:\\Program Files\\Java\\jre1.6.0_01\\bin\\javaw.exe"="C:\\Program Files\\Java\\jre1.6.0_01\\bin\\javaw.exe:*:Enabled:Java(TM) Platform SE binary"
"C:\\Program Files\\Skype\\Phone\\Skype.exe"="C:\\Program Files\\Skype\\Phone\\Skype.exe:*:Enabled:Skype. Take a deep breath "
"SYSTEM\\CurrentControlSet\\Services\\SharedAccess\\Parameters\\FirewallPolicy\\StandardProfile\\AuthorizedApplications\\List"="SYSTEM\\CurrentControlSet\\Services\\SharedAccess\\Parameters\\FirewallPolicy\\StandardProfile\\AuthorizedApplications\\List:*:enabled
shell32.dll,-1"
"C:\\Program Files\\Internet Explorer\\IEXPLORE.EXE"="C:\\Program Files\\Internet Explorer\\IEXPLORE.EXE:*:Enabled:Internet Explorer"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled
xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled
xpsp3res.dll,-20000"
"C:\\Program Files\\MSN Messenger\\msncall.exe"="C:\\Program Files\\MSN Messenger\\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
Remaining Files:
---------------
File Backups: - C:\DOCUME~1\Owner\Desktop\SDFix\backups\backups.zip
Files with Hidden Attributes:
Tue 25 Jan 2005 196 A.SHR --- "C:\BOOT.BAK"
Tue 25 Sep 2007 48 ..SH. --- "C:\WINDOWS\S4E819C0A.tmp"
Wed 5 Jul 2006 16 ...H. --- "C:\WINDOWS\system32\dzmc7qj.dll"
Tue 15 Nov 2005 4,348 A.SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
Thu 27 Sep 2007 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv02.tmp"
Mon 10 Sep 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\0bf48c56e2f3f29bfbf4f4fd00ad98dd\BIT91.tmp"
Mon 10 Sep 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\466f82a4346fa42a35e5505fe8752428\BIT8B.tmp"
Mon 10 Sep 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\6e49db26b225c64ffbbd852b587ab944\BIT87.tmp"
Mon 10 Sep 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\723d12ccbc22f288fb53cd47a25782f9\BIT93.tmp"
Mon 10 Sep 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\7e6d3b71ce289c954255678645d11495\BIT85.tmp"
Mon 10 Sep 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\a877011d990fb4875b54ce0706b47f90\BIT80.tmp"
Mon 10 Sep 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\c2d37077957388d9858b79ad51eb59b2\BIT8D.tmp"
Mon 10 Sep 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\cf719f1d7800c04efd4b1796edb2edc3\BIT88.tmp"
Mon 10 Sep 2007 7,939,032 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\d9d5f5f1045bf2fb02a62b63d583b7d1\BIT84.tmp"
Mon 10 Sep 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\e6c9dee06442f495611ce67dc17f407e\BIT8C.tmp"
Mon 10 Sep 2007 9,249,736 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\fa5e263db3d19c7c32aedc2969cc4743\BIT83.tmp"
Finished!
i download some log that restores etc and found a trojan!! but am i 100% safe?
i want to know is there anything to restore my missing exe. files
?