SDFix: Version 1.112 Run by Lukas on 2007-10-25 at 20:42 Microsoft Windows XP [Version 5.1.2600] Running From: C:\SDFix Safe Mode: Checking Services: Restoring Windows Registry Values Restoring Windows Default Hosts File Rebooting... Normal Mode: Checking Files: Trojan Files Found: C:\WINDOWS\SYSTEM32\CPUINF32.DLL - Deleted C:\WINDOWS\SYSTEM32\OGG.DLL - Deleted C:\WINDOWS\dat.txt - Deleted C:\WINDOWS\kthemup.exe - Deleted Removing Temp Files... ADS Check: C:\WINDOWS No streams found. C:\WINDOWS\system32 No streams found. C:\WINDOWS\system32\svchost.exe No streams found. C:\WINDOWS\system32\ntoskrnl.exe No streams found. Final Check: Remaining Services: ------------------ Authorized Application Key Export: [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] "C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger" "C:\\Program Files\\Nero\\Nero 7\\Nero Home\\NeroHome.exe"="C:\\Program Files\\Nero\\Nero 7\\Nero Home\\NeroHome.exe:*:Enabled:Nero Home" "C:\\Program Files\\TritonPC\\Triton.exe"="C:\\Program Files\\TritonPC\\Triton.exe:*:Enabled:Triton" "C:\\Program Files\\Azureus\\Azureus.exe"="C:\\Program Files\\Azureus\\Azureus.exe:*:Enabled:Azureus" "C:\\Program Files\\DAP\\DAP.exe"="C:\\Program Files\\DAP\\DAP.exe:*:Enabled:Download Accelerator Plus (DAP)" "C:\\Program Files\\Soulseek\\slsk.exe"="C:\\Program Files\\Soulseek\\slsk.exe:*:Enabled:SoulSeek" "C:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"="C:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe:*:Enabled:BlueSoleil" "%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "C:\\Program Files\\mIRC\\mirc.exe"="C:\\Program Files\\mIRC\\mirc.exe:*:Enabled:mIRC" "C:\\Program Files\\Gadu-Gadu\\gg.exe"="C:\\Program Files\\Gadu-Gadu\\gg.exe:*:Enabled:Gadu-Gadu - program gˆ¢wny" "C:\\WINDOWS\\system32\\dpvsetup.exe"="C:\\WINDOWS\\system32\\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test" "C:\\WINDOWS\\system32\\rundll32.exe"="C:\\WINDOWS\\system32\\rundll32.exe:*:Enabled:Run a DLL as an App" "C:\\Program Files\\Mozilla Firefox\\firefox.exe"="C:\\Program Files\\Mozilla Firefox\\firefox.exe:*:Enabled:Firefox" "C:\\Program Files\\PHP Expert Editor 4.1\\phpxedit.exe"="C:\\Program Files\\PHP Expert Editor 4.1\\phpxedit.exe:*:Enabled:PHP Expert Editor" "C:\\Program Files\\PHP Expert Editor 4.1\\DBG\\DbgListener.exe"="C:\\Program Files\\PHP Expert Editor 4.1\\DBG\\DbgListener.exe:*:Enabled:Listener for php debugger DBG" "C:\\Program Files\\xampp\\apache\\bin\\apache.exe"="C:\\Program Files\\xampp\\apache\\bin\\apache.exe:*:Enabled:Apache HTTP Server" "C:\\Program Files\\xampp\\mysql\\bin\\mysqld.exe"="C:\\Program Files\\xampp\\mysql\\bin\\mysqld.exe:*:Enabled:mysqld" "C:\\Program Files\\xampp\\MercuryMail\\mercury.exe"="C:\\Program Files\\xampp\\MercuryMail\\mercury.exe:*:Enabled:Mercury/32 Core Processing Module v4.01a" "C:\\WINDOWS\\system32\\sessmgr.exe"="C:\\WINDOWS\\system32\\sessmgr.exe:*:Disabled:@xpsp2res.dll,-22019" "C:\\Documents and Settings\\Lukas\\Application Data\\SopCast\\adv\\SopAdver.exe"="C:\\Documents and Settings\\Lukas\\Application Data\\SopCast\\adv\\SopAdver.exe:*:Disabled:SopCast Adver" "C:\\Program Files\\SopCast\\SopCast.exe"="C:\\Program Files\\SopCast\\SopCast.exe:*:Disabled:SopCast Main Application" "C:\\Documents and Settings\\Lukas\\My Documents\\Obrazy i instalki programow\\Twierdza 2\\GRA\\Stronghold2.exe"="C:\\Documents and Settings\\Lukas\\My Documents\\Obrazy i instalki programow\\Twierdza 2\\GRA\\Stronghold2.exe:*:Disabled:Stronghold2" "C:\\Program Files\\Bonjour\\mDNSResponder.exe"="C:\\Program Files\\Bonjour\\mDNSResponder.exe:*:Enabled:Bonjour" "C:\\Program Files\\Skype\\Phone\\Skype.exe"="C:\\Program Files\\Skype\\Phone\\Skype.exe:*:Enabled:Skype" "C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes" "C:\\Program Files\\S.T.A.L.K.E.R. - Shadow of Chernobyl\\bin\\XR_3DA.exe"="C:\\Program Files\\S.T.A.L.K.E.R. - Shadow of Chernobyl\\bin\\XR_3DA.exe:*:Enabled:S.T.A.L.K.E.R. - Shadow of Chernobyl (CLI)" "C:\\Program Files\\S.T.A.L.K.E.R. - Shadow of Chernobyl\\bin\\dedicated\\XR_3DA.exe"="C:\\Program Files\\S.T.A.L.K.E.R. - Shadow of Chernobyl\\bin\\dedicated\\XR_3DA.exe:*:Enabled:S.T.A.L.K.E.R. - Shadow of Chernobyl (SRV)" "C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe:*:Disabled:AOL" "C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe:*:Disabled:AOL" "C:\\Program Files\\America Online 9.0\\waol.exe"="C:\\Program Files\\America Online 9.0\\waol.exe:*:Disabled:AOL" "C:\\Program Files\\DC++\\DCPlusPlus.exe"="C:\\Program Files\\DC++\\DCPlusPlus.exe:*:Disabled:DC++" [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe:*:Enabled:AOL" "C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe:*:Enabled:AOL" "C:\\Program Files\\America Online 9.0\\waol.exe"="C:\\Program Files\\America Online 9.0\\waol.exe:*:Enabled:AOL" "%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" Remaining Files: --------------- File Backups: - C:\SDFix\backups\backups.zip Files with Hidden Attributes: Mon 9 Jul 2007 5,388,088 A..H. --- "C:\Program Files\Picasa2\setup.exe" Thu 21 Jun 2007 88 ..SHR --- "C:\WINDOWS\system32\512C4D4AC4.sys" Thu 21 Jun 2007 3,350 A.SH. --- "C:\WINDOWS\system32\KGyGaAvL.sys" Wed 6 Sep 2006 4,348 ..SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak" Fri 5 Jan 2007 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp" Thu 25 Oct 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\a877011d990fb4875b54ce0706b47f90\BIT2.tmp" Sat 22 Sep 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\cf7ced0e70c80a1e476f1abf49afecb1\BIT1.tmp" Thu 25 Oct 2007 0 A..H. --- "C:\Deckard\System Scanner\backup\DOCUME~1\Lukas\LOCALS~1\Temp\BIT1.tmp" Thu 25 Oct 2007 0 A..H. --- "C:\Deckard\System Scanner\backup\DOCUME~1\Lukas\LOCALS~1\Temp\BIT10.tmp" Thu 25 Oct 2007 0 A..H. --- "C:\Deckard\System Scanner\backup\DOCUME~1\Lukas\LOCALS~1\Temp\BIT11.tmp" Thu 25 Oct 2007 0 A..H. --- "C:\Deckard\System Scanner\backup\DOCUME~1\Lukas\LOCALS~1\Temp\BIT12.tmp" Thu 25 Oct 2007 0 A..H. --- "C:\Deckard\System Scanner\backup\DOCUME~1\Lukas\LOCALS~1\Temp\BIT13.tmp" Thu 25 Oct 2007 0 A..H. --- "C:\Deckard\System Scanner\backup\DOCUME~1\Lukas\LOCALS~1\Temp\BIT14.tmp" Thu 25 Oct 2007 0 A..H. --- "C:\Deckard\System Scanner\backup\DOCUME~1\Lukas\LOCALS~1\Temp\BIT15.tmp" Thu 25 Oct 2007 0 A..H. --- "C:\Deckard\System Scanner\backup\DOCUME~1\Lukas\LOCALS~1\Temp\BIT16.tmp" Thu 25 Oct 2007 0 A..H. --- "C:\Deckard\System Scanner\backup\DOCUME~1\Lukas\LOCALS~1\Temp\BIT17.tmp" Thu 25 Oct 2007 0 A..H. --- "C:\Deckard\System Scanner\backup\DOCUME~1\Lukas\LOCALS~1\Temp\BIT18.tmp" Thu 25 Oct 2007 0 A..H. --- "C:\Deckard\System Scanner\backup\DOCUME~1\Lukas\LOCALS~1\Temp\BIT19.tmp" Thu 25 Oct 2007 0 A..H. --- "C:\Deckard\System Scanner\backup\DOCUME~1\Lukas\LOCALS~1\Temp\BIT1A.tmp" Thu 25 Oct 2007 0 A..H. --- "C:\Deckard\System Scanner\backup\DOCUME~1\Lukas\LOCALS~1\Temp\BIT1B.tmp" Thu 25 Oct 2007 0 A..H. --- "C:\Deckard\System Scanner\backup\DOCUME~1\Lukas\LOCALS~1\Temp\BIT1C.tmp" Thu 25 Oct 2007 388,090 A..H. --- "C:\Deckard\System Scanner\backup\DOCUME~1\Lukas\LOCALS~1\Temp\BIT1D.tmp" Thu 25 Oct 2007 0 A..H. --- "C:\Deckard\System Scanner\backup\DOCUME~1\Lukas\LOCALS~1\Temp\BIT1E.tmp" Thu 25 Oct 2007 0 A..H. --- "C:\Deckard\System Scanner\backup\DOCUME~1\Lukas\LOCALS~1\Temp\BIT1F.tmp" Thu 25 Oct 2007 0 A..H. --- "C:\Deckard\System Scanner\backup\DOCUME~1\Lukas\LOCALS~1\Temp\BIT2.tmp" Thu 25 Oct 2007 0 A..H. --- "C:\Deckard\System Scanner\backup\DOCUME~1\Lukas\LOCALS~1\Temp\BIT20.tmp" Thu 25 Oct 2007 0 A..H. --- "C:\Deckard\System Scanner\backup\DOCUME~1\Lukas\LOCALS~1\Temp\BIT21.tmp" Thu 25 Oct 2007 0 A..H. --- "C:\Deckard\System Scanner\backup\DOCUME~1\Lukas\LOCALS~1\Temp\BIT22.tmp" Thu 25 Oct 2007 388,090 A..H. --- "C:\Deckard\System Scanner\backup\DOCUME~1\Lukas\LOCALS~1\Temp\BIT23.tmp" Thu 25 Oct 2007 0 A..H. --- "C:\Deckard\System Scanner\backup\DOCUME~1\Lukas\LOCALS~1\Temp\BIT24.tmp" Thu 25 Oct 2007 0 A..H. --- "C:\Deckard\System Scanner\backup\DOCUME~1\Lukas\LOCALS~1\Temp\BIT25.tmp" Thu 25 Oct 2007 0 A..H. --- "C:\Deckard\System Scanner\backup\DOCUME~1\Lukas\LOCALS~1\Temp\BIT26.tmp" Thu 25 Oct 2007 0 A..H. --- "C:\Deckard\System Scanner\backup\DOCUME~1\Lukas\LOCALS~1\Temp\BIT27.tmp" Thu 25 Oct 2007 0 A..H. --- "C:\Deckard\System Scanner\backup\DOCUME~1\Lukas\LOCALS~1\Temp\BIT28.tmp" Thu 25 Oct 2007 388,090 A..H. --- "C:\Deckard\System Scanner\backup\DOCUME~1\Lukas\LOCALS~1\Temp\BIT29.tmp" Thu 25 Oct 2007 388,090 A..H. --- "C:\Deckard\System Scanner\backup\DOCUME~1\Lukas\LOCALS~1\Temp\BIT2A.tmp" Thu 25 Oct 2007 0 A..H. --- "C:\Deckard\System Scanner\backup\DOCUME~1\Lukas\LOCALS~1\Temp\BIT2E.tmp" Thu 25 Oct 2007 0 A..H. --- "C:\Deckard\System Scanner\backup\DOCUME~1\Lukas\LOCALS~1\Temp\BIT3.tmp" Thu 25 Oct 2007 388,090 A..H. --- "C:\Deckard\System Scanner\backup\DOCUME~1\Lukas\LOCALS~1\Temp\BIT39.tmp" Thu 25 Oct 2007 0 A..H. --- "C:\Deckard\System Scanner\backup\DOCUME~1\Lukas\LOCALS~1\Temp\BIT3A.tmp" Thu 25 Oct 2007 388,090 A..H. --- "C:\Deckard\System Scanner\backup\DOCUME~1\Lukas\LOCALS~1\Temp\BIT3B.tmp" Thu 25 Oct 2007 388,090 A..H. --- "C:\Deckard\System Scanner\backup\DOCUME~1\Lukas\LOCALS~1\Temp\BIT3D.tmp" Thu 25 Oct 2007 0 A..H. --- "C:\Deckard\System Scanner\backup\DOCUME~1\Lukas\LOCALS~1\Temp\BIT3E.tmp" Thu 25 Oct 2007 388,090 A..H. --- "C:\Deckard\System Scanner\backup\DOCUME~1\Lukas\LOCALS~1\Temp\BIT3F.tmp" Thu 25 Oct 2007 0 A..H. --- "C:\Deckard\System Scanner\backup\DOCUME~1\Lukas\LOCALS~1\Temp\BIT4.tmp" Thu 25 Oct 2007 0 A..H. --- "C:\Deckard\System Scanner\backup\DOCUME~1\Lukas\LOCALS~1\Temp\BIT40.tmp" Thu 25 Oct 2007 0 A..H. --- "C:\Deckard\System Scanner\backup\DOCUME~1\Lukas\LOCALS~1\Temp\BIT47.tmp" Thu 25 Oct 2007 0 A..H. --- "C:\Deckard\System Scanner\backup\DOCUME~1\Lukas\LOCALS~1\Temp\BIT48.tmp" Thu 25 Oct 2007 0 A..H. --- "C:\Deckard\System Scanner\backup\DOCUME~1\Lukas\LOCALS~1\Temp\BIT49.tmp" Thu 25 Oct 2007 0 A..H. --- "C:\Deckard\System Scanner\backup\DOCUME~1\Lukas\LOCALS~1\Temp\BIT4A.tmp" Thu 25 Oct 2007 0 A..H. --- "C:\Deckard\System Scanner\backup\DOCUME~1\Lukas\LOCALS~1\Temp\BIT4B.tmp" Thu 25 Oct 2007 0 A..H. --- "C:\Deckard\System Scanner\backup\DOCUME~1\Lukas\LOCALS~1\Temp\BIT4C.tmp" Thu 25 Oct 2007 0 A..H. --- "C:\Deckard\System Scanner\backup\DOCUME~1\Lukas\LOCALS~1\Temp\BIT5.tmp" Thu 25 Oct 2007 0 A..H. --- "C:\Deckard\System Scanner\backup\DOCUME~1\Lukas\LOCALS~1\Temp\BIT50.tmp" Thu 25 Oct 2007 388,090 A..H. --- "C:\Deckard\System Scanner\backup\DOCUME~1\Lukas\LOCALS~1\Temp\BIT51.tmp" Thu 25 Oct 2007 0 A..H. --- "C:\Deckard\System Scanner\backup\DOCUME~1\Lukas\LOCALS~1\Temp\BIT52.tmp" Thu 25 Oct 2007 0 A..H. --- "C:\Deckard\System Scanner\backup\DOCUME~1\Lukas\LOCALS~1\Temp\BIT53.tmp" Thu 25 Oct 2007 0 A..H. --- "C:\Deckard\System Scanner\backup\DOCUME~1\Lukas\LOCALS~1\Temp\BIT54.tmp" Thu 25 Oct 2007 388,090 A..H. --- "C:\Deckard\System Scanner\backup\DOCUME~1\Lukas\LOCALS~1\Temp\BIT5B.tmp" Thu 25 Oct 2007 0 A..H. --- "C:\Deckard\System Scanner\backup\DOCUME~1\Lukas\LOCALS~1\Temp\BIT60.tmp" Thu 25 Oct 2007 0 A..H. --- "C:\Deckard\System Scanner\backup\DOCUME~1\Lukas\LOCALS~1\Temp\BIT61.tmp" Thu 25 Oct 2007 0 A..H. --- "C:\Deckard\System Scanner\backup\DOCUME~1\Lukas\LOCALS~1\Temp\BIT62.tmp" Thu 25 Oct 2007 0 A..H. --- "C:\Deckard\System Scanner\backup\DOCUME~1\Lukas\LOCALS~1\Temp\BIT66.tmp" Thu 25 Oct 2007 0 A..H. --- "C:\Deckard\System Scanner\backup\DOCUME~1\Lukas\LOCALS~1\Temp\BIT69.tmp" Thu 25 Oct 2007 388,090 A..H. --- "C:\Deckard\System Scanner\backup\DOCUME~1\Lukas\LOCALS~1\Temp\BIT6A.tmp" Thu 25 Oct 2007 0 A..H. --- "C:\Deckard\System Scanner\backup\DOCUME~1\Lukas\LOCALS~1\Temp\BIT6D.tmp" Thu 25 Oct 2007 0 A..H. --- "C:\Deckard\System Scanner\backup\DOCUME~1\Lukas\LOCALS~1\Temp\BIT6E.tmp" Thu 25 Oct 2007 0 A..H. --- "C:\Deckard\System Scanner\backup\DOCUME~1\Lukas\LOCALS~1\Temp\BIT6F.tmp" Thu 25 Oct 2007 0 A..H. --- "C:\Deckard\System Scanner\backup\DOCUME~1\Lukas\LOCALS~1\Temp\BIT7.tmp" Thu 25 Oct 2007 0 A..H. --- "C:\Deckard\System Scanner\backup\DOCUME~1\Lukas\LOCALS~1\Temp\BIT70.tmp" Thu 25 Oct 2007 0 A..H. --- "C:\Deckard\System Scanner\backup\DOCUME~1\Lukas\LOCALS~1\Temp\BIT8.tmp" Thu 25 Oct 2007 0 A..H. --- "C:\Deckard\System Scanner\backup\DOCUME~1\Lukas\LOCALS~1\Temp\BIT8C.tmp" Thu 25 Oct 2007 0 A..H. --- "C:\Deckard\System Scanner\backup\DOCUME~1\Lukas\LOCALS~1\Temp\BIT9.tmp" Thu 25 Oct 2007 388,090 A..H. --- "C:\Deckard\System Scanner\backup\DOCUME~1\Lukas\LOCALS~1\Temp\BITA3.tmp" Thu 25 Oct 2007 0 A..H. --- "C:\Deckard\System Scanner\backup\DOCUME~1\Lukas\LOCALS~1\Temp\BITB.tmp" Thu 25 Oct 2007 0 A..H. --- "C:\Deckard\System Scanner\backup\DOCUME~1\Lukas\LOCALS~1\Temp\BITB1.tmp" Thu 25 Oct 2007 0 A..H. --- "C:\Deckard\System Scanner\backup\DOCUME~1\Lukas\LOCALS~1\Temp\BITB2.tmp" Thu 25 Oct 2007 0 A..H. --- "C:\Deckard\System Scanner\backup\DOCUME~1\Lukas\LOCALS~1\Temp\BITB3.tmp" Thu 25 Oct 2007 0 A..H. --- "C:\Deckard\System Scanner\backup\DOCUME~1\Lukas\LOCALS~1\Temp\BITC.tmp" Thu 25 Oct 2007 388,090 A..H. --- "C:\Deckard\System Scanner\backup\DOCUME~1\Lukas\LOCALS~1\Temp\BITD.tmp" Thu 25 Oct 2007 0 A..H. --- "C:\Deckard\System Scanner\backup\DOCUME~1\Lukas\LOCALS~1\Temp\BITE.tmp" Wed 30 May 2007 8 A..H. --- "C:\Documents and Settings\All Users\Application Data\GTek\GTUpdate\AUpdate\Channels\ch10\lock.tmp" Wed 30 May 2007 8 A..H. --- "C:\Documents and Settings\All Users\Application Data\GTek\GTUpdate\AUpdate\Channels\ch11\lock.tmp" Wed 13 Sep 2006 8 A..H. --- "C:\Documents and Settings\All Users\Application Data\GTek\GTUpdate\AUpdate\Channels\ch5\lock.tmp" Wed 30 May 2007 8 A..H. --- "C:\Documents and Settings\All Users\Application Data\GTek\GTUpdate\AUpdate\Channels\ch6\lock.tmp" Wed 30 May 2007 8 A..H. --- "C:\Documents and Settings\All Users\Application Data\GTek\GTUpdate\AUpdate\Channels\ch7\lock.tmp" Wed 30 May 2007 8 A..H. --- "C:\Documents and Settings\All Users\Application Data\GTek\GTUpdate\AUpdate\Channels\ch8\lock.tmp" Wed 30 May 2007 8 A..H. --- "C:\Documents and Settings\All Users\Application Data\GTek\GTUpdate\AUpdate\Channels\ch9\lock.tmp" Finished!