Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

hijack this log (report after sdfix...)


  • This topic is locked This topic is locked

#1
jazzyjesse

jazzyjesse

    Member

  • Member
  • PipPip
  • 18 posts
SDFix: Version 1.213
Run by Owner on Thu 07/08/2008 at 04:36 PM

Microsoft Windows XP [Version 5.1.2600]
Running From: C:\SDFix

Checking Services :


Restoring Default Security Values
Restoring Default Hosts File

Rebooting


Checking Files :

Trojan Files Found:

C:\Documents and Settings\Owner\Local Settings\Temp\tem169.tmp.exe - Deleted
C:\WINDOWS\system32\wsnpoem\video.dll - Deleted
C:\Documents and Settings\LocalService\Application Data\wsnpoem\audio.dll - Deleted
C:\Documents and Settings\NetworkService\Application Data\wsnpoem\audio.dll - Deleted
C:\WINDOWS\system32\wsnpoem\audio.dll - Deleted



Folder C:\WINDOWS\system32\wsnpoem - Removed


Removing Temp Files

ADS Check :



Final Check :

catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-07 16:44:53
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

scanning hidden registry entries ...

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\System]
"OODEFRAG10.00.00.01WORKSTATION"="5B69929D141D7D7559DADD494869C082C196B2611D6DA51D3FBB6ACD118DD53FF9FAEECD6A6
A20830FB7E6F9B65CEA4C95F2F29257D0B8B8BA067422A26C3872DF33686C0E7BE9C0D7FBD432F1BB
CDF6AAD5403C546C2BA6EB9EBC41C7B75FADA1EF05125A63C38ABB33FEBC9E127BECC74CFEBC9E127
BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980
AC7933FEBC9E127BECC74CA6171C11EC38DE3D9DB7CE019D40AA5C47E1DFC568F92647DD3EAF5FC8C
5824FC17C08A5F39A1D6A285D8D77D2A43B587A93DBE38BE181DEEEF5F161EAFA62DB3880B0CD4DE9
A9B8BAA36C4429768F24D7E684C21C7962224CD4991E137C3AE116C146C57497C16F7256F15A6B358
AAF63F52B0E3514752951E91ADE0520A7A730E37C14F51F14A13BCE339C0FA18C7641F0652653546C
7F7C58A9206812CE65FD9EC874C14ED4D1287987A16C4F796CBC180BA05A347CA1F0D7C214C74D554
51AC06753AC493BFB6D580CB642A5BBF64343BAC40F00E005F4B2A221932666E8C6A757D3EE06838A
6300A05A30613FF0E6DB558F1ED7D48F74C84CDF1EC0B0E366C8DCCC254F6DDF8899E8BFBD90F3275
D5FFE3294321D1C7D0E051F9F95663E81AB7DC8D044BB507B63CD4FD298CF5CFEE12110E4567CFA43
09D75D33F53DF3C3EE0586D356372502AE7A23BD304AC64D0969C1E461BDED9C551354D980F1F4FCB
F82F777CEAA1C05DEDF8D2F64E00F670E499450C4AE2D8521C7E9F3ADC22521E449C4E946E56592EF
B10F3C1414D493C0F409C4C3A1E11BB14C3E4B45F05DC735F04639AC3C26D96D68E05F72682A3C82E
6D2C4F96AAC225CBCA08965C468AE9DD30BDB4486F731783FED76096594EEC95A5CB65164A0FE0EF3
18407F8707B29E91D628239FE68FC7385641B1990D5DA052BFE48B6C433FC317DC60DA09ED594B0D9
E5CB6E67494A2966C659D15035FA593CEFE3EE31110148A5E438F9BC3CB4E6C8D97BA4096FD68E1B8
ECCF6B58EB0C268D955131794523F8BDA38C952653E09D035E4314B4B3096777459F3762A318D7B51
F81BDDC552E50CEA093D0A2E1554D901A374CAC3D0AB51740B914EBC5A4B932F75F77155B83C29C3E
B9AEBF0A8E6F7C96D15BCFC705A2BA911F21B23AA122245CD1CEEB1687C7E363E90EF305863BC1042
031E2A327C43A552106688A0FA8E0700F3A21E7B017975BDF592DAD48AC8FF607491E4631792285E7
E83363852BEFB8A3B4E6D989B1DBD5AEF74904F30147E7BB9C2F48F9613107F0782D182D4B0E21F2B
9641432D60AE5BC5B1D2C3FBB8034C92BB7E6E8DE5A1D0A63E49EC4ECACF7AFCBB4E65E0FAF8343F3
71EE71A6051A107A4C82FB9A45F0D8DFDB109FB9EE6EE2F067C4D4231089CF3981B6E54A533F408FF
520C381CE11D3A5882A241FAD1C6A"

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0


Remaining Services :




Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\\Program Files\\IncrediMail\\bin\\IMApp.exe"="C:\\Program Files\\IncrediMail\\bin\\IMApp.exe:*:Enabled:IncrediMail"
"C:\\Program Files\\IncrediMail\\bin\\IncMail.exe"="C:\\Program Files\\IncrediMail\\bin\\IncMail.exe:*:Enabled:IncrediMail"
"C:\\Program Files\\IncrediMail\\bin\\ImpCnt.exe"="C:\\Program Files\\IncrediMail\\bin\\ImpCnt.exe:*:Enabled:IncrediMail"
"C:\\Program Files\\HP\\HP Software Update\\HPWUCli.exe"="C:\\Program Files\\HP\\HP Software Update\\HPWUCli.exe:*:Enabled:HP Software Update Client"
"C:\\StubInstaller.exe"="C:\\StubInstaller.exe:*:Enabled:LimeWire swarmed installer"
"C:\\Program Files\\LimeWire\\LimeWire.exe"="C:\\Program Files\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"
"C:\\Program Files\\Skype\\Phone\\Skype.exe"="C:\\Program Files\\Skype\\Phone\\Skype.exe:*:Enabled:Skype"
"C:\\Program Files\\Grisoft\\AVG7\\avginet.exe"="C:\\Program Files\\Grisoft\\AVG7\\avginet.exe:*:Enabled:avginet.exe"
"C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe"="C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe:*:Enabled:avgamsvr.exe"
"C:\\Program Files\\Grisoft\\AVG7\\avgcc.exe"="C:\\Program Files\\Grisoft\\AVG7\\avgcc.exe:*:Enabled:avgcc.exe"
"C:\\Program Files\\Motorola Phone Tools\\mPhonetools.exe"="C:\\Program Files\\Motorola Phone Tools\\mPhonetools.exe:*:Enabled:mobile Phone Software"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Friendly Software\\Golf Game\\AboutGolf.com World Tours\\Golf Game.exe"="C:\\Program Files\\Friendly Software\\Golf Game\\AboutGolf.com World Tours\\Golf Game.exe:*:Enabled:AboutGolf.com World Tours"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"="C:\\Program Files\\Bonjour\\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\\Program Files\\AVG\\AVG8\\avgemc.exe"="C:\\Program Files\\AVG\\AVG8\\avgemc.exe:*:Enabled:avgemc.exe"
"C:\\Program Files\\AVG\\AVG8\\avgupd.exe"="C:\\Program Files\\AVG\\AVG8\\avgupd.exe:*:Enabled:avgupd.exe"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

Remaining Files :


File Backups: - C:\SDFix\backups\backups.zip

Files with Hidden Attributes :

Wed 1 Mar 2006 507,904 A..H. --- "C:\My Games\Aqua Pearls\pearls.exe"
Fri 4 May 2007 2,283,088 A..H. --- "C:\WINDOWS\NabnGrab\Nab-n-Grab.exe"
Tue 21 Feb 2006 4,348 A.SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
Tue 21 Feb 2006 401 A.SH. --- "C:\Documents and Settings\All Users\DRM\DRMv14.bak"
Fri 18 May 2007 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp"
Tue 21 Feb 2006 4,348 ...H. --- "C:\Documents and Settings\Owner\My Documents\My Music\License Backup\drmv1key.bak"
Wed 7 Jun 2006 401 A..H. --- "C:\Documents and Settings\Owner\My Documents\My Music\License Backup\drmv1lic.bak"
Tue 31 Jan 2006 312 A.SH. --- "C:\Documents and Settings\Owner\My Documents\My Music\License Backup\drmv2key.bak"
Mon 4 Aug 2008 47,207,310 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\fd0264849c01086f3c6b505dc02dbd44\download\BIT20.tmp"

Finished!
  • 0

Advertisements







Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP