ow, i got spied!

jimkonow

jimkonow

New Member
heya guys, i got me some spyware....i scanned with SDFix, here's the log:


SDFix: Version 1.130

Run by Jim Konow on Fri 01/25/2008 at 12:42 PM

Microsoft Windows XP [Version 5.1.2600]

Running From: C:\SDFix

Safe Mode:
Checking Services:


Restoring Windows Registry Values
Restoring Windows Default Hosts File

Rebooting...


Normal Mode:
Checking Files:

No Trojan Files Found




Folder C:\Program Files\Helper - Removed


Removing Temp Files...

ADS Check:

C:\WINDOWS
No streams found.

C:\WINDOWS\system32
No streams found.

C:\WINDOWS\system32\svchost.exe
No streams found.

C:\WINDOWS\system32\ntoskrnl.exe
No streams found.



Final Check:

catchme 0.3.1344.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-25 13:06:11
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

scanning hidden registry entries ...

scanning hidden files ...

C:\WINDOWS\Temp\TMP0000001296CD571AC1F4E83B 524288 bytes executable

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 1


Remaining Services:
------------------



Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"="C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe:*:Enabled:AOL Loader"
"C:\\Program Files\\AIM6\\aim6.exe"="C:\\Program Files\\AIM6\\aim6.exe:*:Enabled:AIM"
"C:\\Documents and Settings\\Jim Konow\\Local Settings\\Temp\\ElectronicArts_Patcher_000.exe"="C:\\Documents and Settings\\Jim Konow\\Local Settings\\Temp\\ElectronicArts_Patcher_000.exe:*:Enabled:ElectronicArts_Patcher_000"
"C:\\Program Files\\Electronic Arts\\Command & Conquer 3\\RetailExe\\1.9\\cnc3game.dat"="C:\\Program Files\\Electronic Arts\\Command & Conquer 3\\RetailExe\\1.9\\cnc3game.dat:*:Enabled:Command & Conquer 3 Tiberium Wars"
"C:\\Program Files\\Ares\\Ares.exe"="C:\\Program Files\\Ares\\Ares.exe:*:Enabled:Ares p2p for windows"
"C:\\Program Files\\BitTorrent\\bittorrent.exe"="C:\\Program Files\\BitTorrent\\bittorrent.exe:*:Enabled:BitTorrent"
"C:\\Program Files\\LucasArts\\SWKotOR2\\swupdate.exe"="C:\\Program Files\\LucasArts\\SWKotOR2\\swupdate.exe:*:Enabled:Star Wars: Knights of the Old Republic II: The Sith Lords Update Program"
"C:\\Program Files\\Xfire\\xfire.exe"="C:\\Program Files\\Xfire\\xfire.exe:*:Enabled:Xfire"
"C:\\Program Files\\Microsoft Games\\Halo Custom Edition\\haloce.exe"="C:\\Program Files\\Microsoft Games\\Halo Custom Edition\\haloce.exe:*:Enabled:Halo"
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"="C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"="C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE:*:Enabled:Microsoft Office Groove"
"C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"="C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"
"C:\\Program Files\\Skype\\Phone\\Skype.exe"="C:\\Program Files\\Skype\\Phone\\Skype.exe:*:Enabled:Skype. Take a deep breath "
"C:\\Program Files\\Java\\jre1.6.0_03\\bin\\javaw.exe"="C:\\Program Files\\Java\\jre1.6.0_03\\bin\\javaw.exe:*:Enabled:Java(TM) Platform SE binary"
"C:\\Program Files\\Sony Ericsson\\Sony Ericsson Media Manager 1.0\\MediaManager.exe"="C:\\Program Files\\Sony Ericsson\\Sony Ericsson Media Manager 1.0\\MediaManager.exe:*:Enabled:Sony Ericsson Media Manager 1.0"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
"C:\\Program Files\\Winamp Remote\\bin\\Orb.exe"="C:\\Program Files\\Winamp Remote\\bin\\Orb.exe:*:Enabled:Orb"
"C:\\Program Files\\Winamp Remote\\bin\\OrbTray.exe"="C:\\Program Files\\Winamp Remote\\bin\\OrbTray.exe:*:Enabled:OrbTray"
"C:\\Program Files\\Winamp Remote\\bin\\OrbStreamerClient.exe"="C:\\Program Files\\Winamp Remote\\bin\\OrbStreamerClient.exe:*:Enabled:Orb Stream Client"
"C:\\Program Files\\WarRock\\System\\WarRock.exe"="C:\\Program Files\\WarRock\\System\\WarRock.exe:*:Enabled:WarRock"
"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\\DOCUME~1\\JIMKON~1\\LOCALS~1\\Temp\\win3F2.exe"="C:\\DOCUME~1\\JIMKON~1\\LOCALS~1\\Temp\\win3F2.exe:*:Enabled:win3F2"
"C:\\DOCUME~1\\JIMKON~1\\LOCALS~1\\Temp\\win413.exe"="C:\\DOCUME~1\\JIMKON~1\\LOCALS~1\\Temp\\win413.exe:*:Enabled:win413"
"C:\\WINDOWS\\system32\\eqoswnmk.exe"="C:\\WINDOWS\\system32\\eqo"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

Remaining Files:
---------------


Files with Hidden Attributes:

Fri 25 Jan 2008 22,016 ..SH. --- "C:\WINDOWS\system32\sgmtoxhf.dllbox"
Fri 21 Dec 2007 4,348 A.SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
Wed 5 Dec 2007 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp"
Fri 21 Dec 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\0a67b6c406b1d7e0f5c1e6f6d44a3f6e\BIT6.tmp"
Fri 21 Dec 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\26924cbc8132a10b438ce6e2b49d4652\BIT4.tmp"
Fri 21 Dec 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\2769b111678c52099a3b3123b12f2325\BIT8.tmp"
Fri 21 Dec 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\b69c46c5109d0f8b0dee9fab84906813\BIT7.tmp"
Fri 21 Dec 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\d77b9b5b8fed23dd91f50d167cce60d3\BIT9.tmp"
Fri 21 Dec 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\fa6c916bb150f8a929e7a4ffdfbc120f\BIT5.tmp"
Sat 8 Dec 2007 857 ...HR --- "C:\Documents and Settings\Jim Konow\Application Data\SecuROM\UserData\securom_v7_01.bak"

Finished!




im also scanning with Spybot S&D right now...can anyone tell me whats happenin from my logfile?
thanks~
 
SDFix should not be used as a casual scanning tool. It is a powerful that could inflict damage to your computer if not used properly.

We need to see a HJT log please:
Click here to download HJTsetup.exe
  • Save HJTsetup.exe to your desktop.
  • Double click on the HJTsetup.exe icon on your desktop.
  • By default it will install to C:\Program Files\Hijack This.
  • Continue to click Next in the setup dialogue boxes until you get to the Select Additional Tasks dialogue.
  • Put a check by Create a desktop icon then click Next again.
  • Continue to follow the rest of the prompts from there.
  • At the final dialogue box click Finish and it will launch Hijack This.
  • Click on the Do a system scan and save a log file button. It will scan and then ask you to save the log.
  • Click Save to save the log file and then the log will open in notepad.
  • Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.
  • Come back here to this thread and Paste the log in your next reply.
  • DO NOT have Hijack This fix anything yet. Most of what it finds will be harmless or even required.
 
You must log in or register to reply here.
Back
Top