SDFix: Version 1.240
Run by Personal on 17/04/2009 at 00:55
Microsoft Windows XP [Version 5.1.2600]
Running From: C:\SDFix
Checking Services :
Restoring Default Security Values
Restoring Default Hosts File
Rebooting
Checking Files :
Trojan Files Found:
C:\DOCUME~1\Personal\LOCALS~1\Temp\tmp15.tmp - Deleted
C:\DOCUME~1\Personal\LOCALS~1\Temp\tmp16.tmp - Deleted
C:\DOCUME~1\Personal\LOCALS~1\Temp\tmp1F.tmp - Deleted
C:\DOCUME~1\Personal\LOCALS~1\Temp\tmp21.tmp - Deleted
C:\DOCUME~1\Personal\LOCALS~1\Temp\tmp23.tmp - Deleted
C:\DOCUME~1\Personal\LOCALS~1\Temp\tmp27.tmp - Deleted
C:\DOCUME~1\Personal\LOCALS~1\Temp\tmp2E.tmp - Deleted
C:\DOCUME~1\Personal\LOCALS~1\Temp\tmp34.tmp - Deleted
C:\DOCUME~1\Personal\LOCALS~1\Temp\tmp4E.tmp - Deleted
C:\DOCUME~1\Personal\LOCALS~1\Temp\tmp8F.tmp - Deleted
C:\WINDOWS\lcass.exe - Deleted
Removing Temp Files
ADS Check :
Final Check :
catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-04-17 01:13:08
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden services & system hive ...
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Tudou\?Tudou\TudouVa.exe??"="C:\Program Files\Tudou\\xb7伤賂udou\TudouVa.exe:*:Enabled:?Tudou"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Tudou\?Tudou\TudouVa.exe??"="C:\Program Files\Tudou\\xb7伤賂udou\TudouVa.exe:*:Enabled:?Tudou"
scanning hidden registry entries ...
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\POKxON Simulator]
"Order"=hex:08,00,00,00,02,00,00,00,46,02,00,00,01,00,00,00,04,00,00,00,8c,..
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\PPSA扴
"Order"=hex:08,00,00,00,02,00,00,00,f4,02,00,00,01,00,00,00,06,00,00,00,78,..
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0
Remaining Services :
Authorized Application Key Export:
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\WIZET\\MapleStory\\MapleStory.exe"="C:\\Program Files\\WIZET\\MapleStory\\MapleStory.exe:*:Enabled:MapleStory"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\WIZET\\MapleStory\\Patcher.exe"="C:\\Program Files\\WIZET\\MapleStory\\Patcher.exe:*:Enabled:Patcher MFC ?? ????"
"C:\\Program Files\\National Instruments\\LabVIEW 7.1\\LabVIEW.exe"="C:\\Program Files\\National Instruments\\LabVIEW 7.1\\LabVIEW.exe:*:Enabled:LabVIEW 7.1 Development System"
"C:\\Program Files\\WIZET\\MapleStory\\NewPatcher.exe"="C:\\Program Files\\WIZET\\MapleStory\\NewPatcher.exe:*:Enabled:Patcher MFC ?? ????"
"C:\\Program Files\\eMule\\emule.exe"="C:\\Program Files\\eMule\\emule.exe:*:Enabled:eMule"
"C:\\Program Files\\National Instruments\\MAX\\NIMax.exe"="C:\\Program Files\\National Instruments\\MAX\\NIMax.exe:*:Enabled:NIMax"
"C:\\WINDOWS\\system32\\skcbgm.exe"="C:\\WINDOWS\\system32\\skcbgm.exe:*:Enabled:SK Communications Cyworld BGM Player"
"C:\\Program Files\\Veoh Networks\\Veoh\\VeohClient.exe"="C:\\Program Files\\Veoh Networks\\Veoh\\VeohClient.exe:*:Enabled:Veoh Client"
"C:\\Program Files\\PPStream\\PPStream.exe"="C:\\Program Files\\PPStream\\PPStream.exe:*:Enabled:PPS网络电视"
"C:\\Program Files\\PPStream\\PPSAP.exe"="C:\\Program Files\\PPStream\\PPSAP.exe:*:Enabled:PPS 网络加速器"
"C:\\Program Files\\Tudou\\·é?łTudou\\TudouVa.exe"="C:\\Program Files\\Tudou\\·é?łTudou\\TudouVa.exe:*:Enabled:飞速Tudou"
"E:\\My Received Files\\SopCast\\SopCast.exe"="E:\\My Received Files\\SopCast\\SopCast.exe:*:Enabled:SopCast Main Application"
"E:\\My Received Files\\SopCast\\adv\\SopAdver.exe"="E:\\My Received Files\\SopCast\\adv\\SopAdver.exe:*:Enabled:SopCast Adver"
"C:\\Documents and Settings\\Personal\\Local Settings\\Application Data\\Octoshape\\Octoshape Streaming Services\\OctoshapeClient.exe"="C:\\Documents and Settings\\Personal\\Local Settings\\Application Data\\Octoshape\\Octoshape Streaming Services\\OctoshapeClient.exe:*:Enabled:Main program for Octoshape client"
"C:\\Program Files\\Internet Explorer\\iexplore.exe"="C:\\Program Files\\Internet Explorer\\iexplore.exe:*:Enabled:Internet Explorer"
"C:\\Program Files\\Microsoft Office\\OFFICE11\\EXCEL.EXE"="C:\\Program Files\\Microsoft Office\\OFFICE11\\EXCEL.EXE:*:Enabled:Microsoft Office Excel"
"C:\\Program Files\\Pilot Group Ltd\\Newsletter 2008\\apache\\Apache.exe"="C:\\Program Files\\Pilot Group Ltd\\Newsletter 2008\\apache\\Apache.exe:*:Enabled:Apache"
"C:\\Program Files\\Tudou\\Tudou\\TudouVa.exe"="C:\\Program Files\\Tudou\\Tudou\\TudouVa.exe:*:Enabled:飞速土豆1.12"
"C:\\Program Files\\Tudou\\飞速Tudou\\TudouVa.exe"="C:\\Program Files\\Tudou\\飞速Tudou\\TudouVa.exe:*:Enabled:飞速土豆1.12"
"C:\\DOCUME~1\\Personal\\LOCALS~1\\Temp\\ppsdown\\ppsdown.exe"="C:\\DOCUME~1\\Personal\\LOCALS~1\\Temp\\ppsdown\\ppsdown.exe:*:Enabled:HttpDownLoad Application"
"C:\\Program Files\\Veoh Networks\\VeohWebPlayer\\veohwebplayer.exe"="C:\\Program Files\\Veoh Networks\\VeohWebPlayer\\veohwebplayer.exe:*:Enabled:Veoh Web Player "
"C:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"="C:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe:*:Enabled:Windows Live Call"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"="C:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe:*:Enabled:Windows Live Call"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
Remaining Files :
File Backups: - C:\SDFix\backups\backups.zip
Files with Hidden Attributes :
Sun 30 Nov 2008 960 A.SH. --- "C:\tl13o04v.sys"
Fri 2 Feb 2007 4,348 ..SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
Sun 12 Aug 2007 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv03.tmp"
Fri 2 May 2008 3,493,888 A..H. --- "C:\Documents and Settings\Personal\Application Data\U3\temp\Launchpad Removal.exe"
Thu 17 Apr 2008 54,520 A..H. --- "C:\Documents and Settings\All Users\Application Data\Microsoft\VisualStudio\7.1\vs000223.tmp"
Fri 11 Jan 2008 8 A..H. --- "C:\Documents and Settings\All Users\Application Data\GTek\GTUpdate\AUpdate\Channels\ch5\lock.tmp"
Thu 12 Apr 2007 8 A..H. --- "C:\Documents and Settings\Personal\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u1\lock.tmp"
Thu 12 Apr 2007 8 A..H. --- "C:\Documents and Settings\Personal\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u2\lock.tmp"
Thu 12 Apr 2007 8 A..H. --- "C:\Documents and Settings\Personal\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u3\lock.tmp"
Thu 19 Apr 2007 8 A..H. --- "C:\Documents and Settings\Personal\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u4\lock.tmp"
Fri 7 Sep 2007 8 A..H. --- "C:\Documents and Settings\Personal\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u5\lock.tmp"
Finished!