[b]SDFix: Version 1.184 [/b] Run on 22.05.2008 at 23:32 Microsoft Windows XP [Versjon 5.1.2600] Running From: C:\SDFix [b]Checking Services [/b]: Restoring Windows Registry Values Restoring Windows Default Hosts File Rebooting [b]Checking Files [/b]: No Trojan Files Found Removing Temp Files [b]ADS Check [/b]: [b]Final Check [/b]: catchme 0.3.1359.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-05-22 23:59:04 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden services & system hive ... [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\BTHPORT\Parameters\Keys\0010c63a7a0d] "0013fd017e41"=hex:29,17,ee,da,9e,c2,81,69,41,8c,1f,e0,3a,67,31,42 "0012eef7e0e9"=hex:b9,6b,1f,9b,0c,05,36,2e,db,21,1e,bf,2f,45,de,1c scanning hidden registry entries ... scanning hidden files ... scan completed successfully hidden processes: 0 hidden services: 0 hidden files: 0 [b]Remaining Services [/b]: Authorized Application Key Export: [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "C:\\Programfiler\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"="C:\\Programfiler\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger" "C:\\Programfiler\\Mozilla Firefox\\firefox.exe"="C:\\Programfiler\\Mozilla Firefox\\firefox.exe:*:Disabled:Firefox" "C:\\WINDOWS\\system32\\LEXPPS.EXE"="C:\\WINDOWS\\system32\\LEXPPS.EXE:*:Disabled:LEXPPS.EXE" "C:\\Programfiler\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Programfiler\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger" "C:\\Programfiler\\Windows Live\\Messenger\\livecall.exe"="C:\\Programfiler\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)" "C:\\Programfiler\\AVG\\AVG8\\avgupd.exe"="C:\\Programfiler\\AVG\\AVG8\\avgupd.exe:*:Enabled:avgupd.exe" "C:\\Programfiler\\AVG\\AVG8\\avgemc.exe"="C:\\Programfiler\\AVG\\AVG8\\avgemc.exe:*:Enabled:avgemc.exe" "C:\\Programfiler\\AVG\\AVG8\\avgnsx.exe"="C:\\Programfiler\\AVG\\AVG8\\avgnsx.exe:*:Enabled:avgnsx.exe" "C:\\Programfiler\\Internet Explorer\\iexplore.exe"="C:\\Programfiler\\Internet Explorer\\iexplore.exe:*:Enabled:Internet Explorer" "C:\\Programfiler\\Skype\\Phone\\Skype.exe"="C:\\Programfiler\\Skype\\Phone\\Skype.exe:*:Enabled:Skype" [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "C:\\Programfiler\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"="C:\\Programfiler\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger" "C:\\Programfiler\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Programfiler\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger" "C:\\Programfiler\\Windows Live\\Messenger\\livecall.exe"="C:\\Programfiler\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)" [b]Remaining Files [/b]: File Backups: - C:\SDFix\backups\backups.zip [b]Files with Hidden Attributes [/b]: Fri 18 Apr 2008 6,104,632 A..H. --- "C:\Programfiler\Picasa2\setup.exe" Mon 28 Jan 2008 1,404,240 A.SHR --- "C:\Programfiler\Spybot - Search & Destroy\SDUpdate.exe" Mon 28 Jan 2008 5,146,448 A.SHR --- "C:\Programfiler\Spybot - Search & Destroy\SpybotSD.exe" Mon 28 Jan 2008 2,097,488 A.SHR --- "C:\Programfiler\Spybot - Search & Destroy\TeaTimer.exe" Wed 30 Apr 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\02a4f2fd7d9c575c80786d5284ddaf44\BIT6F.tmp" Thu 15 May 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\27d4a83e15599dacf71be27edd0b072a\BIT6F.tmp" Thu 10 Apr 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\a7b63628b39fd8bdb7e535e34d0ea696\BIT6F.tmp" [b]Finished![/b]