InterviewSolution
Saved Bookmarks
InterviewSolution
| 1. |
Solve : Broni need help here.? |
|
Answer» SUPERANTISPYWARE Scan Log http://www.superantispyware.com Generated 04/30/2007 at 05:06 AM Application Version : 3.9.1008 Core Rules Database Version : 3396 Trace Rules Database Version: 1388 Scan type : Custom Scan Total Scan Time : 00:15:44 Memory items scanned : 315 Memory threats detected : 0 Registry items scanned : 4472 Registry threats detected : 24 File items scanned : 20270 File threats detected : 12 Trojan.Net-RoAM HKLM\Software\Classes\CLSID\{4C579E8B-92F1-44d1-9444-66A4355E9386} HKCR\CLSID\{4C579E8B-92F1-44D1-9444-66A4355E9386} HKCR\CLSID\{4C579E8B-92F1-44D1-9444-66A4355E9386} HKCR\CLSID\{4C579E8B-92F1-44D1-9444-66A4355E9386}\InprocServer32 HKCR\CLSID\{4C579E8B-92F1-44D1-9444-66A4355E9386}\InprocServer32#ThreadingModel HKCR\CLSID\{4C579E8B-92F1-44D1-9444-66A4355E9386}\ProgID HKCR\CLSID\{4C579E8B-92F1-44D1-9444-66A4355E9386}\TypeLib ROZMCHILD.DLL Unclassified.Unknown Origin HKLM\Software\Classes\CLSID\{85911752-BC96-4fff-9121-6EB9D8F438E1} HKCR\CLSID\{85911752-BC96-4FFF-9121-6EB9D8F438E1} HKCR\CLSID\{85911752-BC96-4FFF-9121-6EB9D8F438E1} HKCR\CLSID\{85911752-BC96-4FFF-9121-6EB9D8F438E1}\InprocServer32 HKCR\CLSID\{85911752-BC96-4FFF-9121-6EB9D8F438E1}\InprocServer32#ThreadingModel HKCR\CLSID\{85911752-BC96-4FFF-9121-6EB9D8F438E1}\ProgID HKCR\CLSID\{85911752-BC96-4FFF-9121-6EB9D8F438E1}\TypeLib HYPERCONN.DLL HKLM\Software\Classes\CLSID\{B87D203B-B43D-4af9-9E1B-9C20478CBB74} HKCR\CLSID\{B87D203B-B43D-4AF9-9E1B-9C20478CBB74} HKCR\CLSID\{B87D203B-B43D-4AF9-9E1B-9C20478CBB74} HKCR\CLSID\{B87D203B-B43D-4AF9-9E1B-9C20478CBB74}\InprocServer32 HKCR\CLSID\{B87D203B-B43D-4AF9-9E1B-9C20478CBB74}\InprocServer32#ThreadingModel HKCR\CLSID\{B87D203B-B43D-4AF9-9E1B-9C20478CBB74}\ProgID HKCR\CLSID\{B87D203B-B43D-4AF9-9E1B-9C20478CBB74}\TypeLib TARDEME2.DLL HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B87D203B-B43D-4af9-9E1B-9C20478CBB74} Adware.WhenU HKCR\WUSN.1 HKCR\WUSN.1#WUSN_Id Adware.Tracking Cookie C:\Documents and Settings\Administrator.MICROSOF-7D6B22\Local Settings\Temp\Cookies\[emailprotected][2].txt C:\Documents and Settings\Administrator.MICROSOF-7D6B22\Local Settings\Temp\Cookies\[emailprotected][1].txt C:\Documents and Settings\Administrator.MICROSOF-7D6B22\Local Settings\Temp\Cookies\[emailprotected][1].txt C:\Documents and Settings\Administrator.MICROSOF-7D6B22\Local Settings\Temp\Cookies\[emailprotected][2].txt C:\Documents and Settings\Administrator.MICROSOF-7D6B22\Local Settings\Temp\Cookies\[emailprotected][2].txt C:\Documents and Settings\Administrator.MICROSOF-7D6B22\Local Settings\Temp\Cookies\[emailprotected][2].txt C:\Documents and Settings\Administrator.MICROSOF-7D6B22\Local Settings\Temp\Cookies\[emailprotected][1].txt C:\Documents and Settings\Administrator.MICROSOF-7D6B22\Local Settings\Temp\Cookies\[emailprotected][2].txt Trojan.Net-BSNH/Ambler C:\WINDOWS\SYSTEM32\STRIKE12.DLL Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 5:25:07, on 30/4/2550 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\taskswitch.exe C:\WINDOWS\system32\VTTimer.exe C:\WINDOWS\system32\VTtrayp.exe C:\WINDOWS\SOUNDMAN.EXE C:\WINDOWS\system\svchosl.exe C:\WINDOWS\VMSnap3.EXE C:\WINDOWS\Domino.EXE C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe C:\Program Files\Windows LIVE\Messenger\msnmsgr.exe C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe C:\WINDOWS\system32\imapi.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\WINDOWS\system32\notepad.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,START Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*http://www.yahoo.com R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = iLLUSiON R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName O4 - HKLM\..\Run: [CoolSwitch] C:\WINDOWS\system32\taskswitch.exe O4 - HKLM\..\Run: [VTTimer] VTTimer.exe O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKLM\..\Run: [svchosl] C:\WINDOWS\system\svchosl.exe O4 - HKLM\..\Run: [VMSnap3] C:\WINDOWS\VMSnap3.EXE O4 - HKLM\..\Run: [Domino] C:\WINDOWS\Domino.EXE O4 - HKLM\..\Run: [BigDog303] C:\WINDOWS\VM303_STI.EXE VIMICRO USB PC Camera (ZC0301PLH) O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm O8 - Extra context menu item: ส่&งออกไปยัง Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O10 - Unknown file in Winsock LSP: wsock3.dll O10 - Unknown file in Winsock LSP: wsock3.dll O10 - Unknown file in Winsock LSP: wsock3.dll O10 - Unknown file in Winsock LSP: wsock3.dll O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll O23 - Service: SPYWARE Doctor Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe O23 - Service: Spyware Doctor Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe -- End of file - 6536 bytes *** I can't see any antivirus program running. Download, and install AVG free antivirus: http://free.grisoft.com/ After installation, run full scan. *** Make sure, your Windows firewall is ON... Click Start, click Run, type Firewall.cpl, and then click OK. On the General tab, click On (recommended), and then click OK. *** Run free ESET Online Scanner at: http://www.eset.com/onlinescan/ Note: This Scanner is for Internet Explorer Only 1. You will notice that the "Start" button is grayed out. Place a check mark at "Yes, I accept the Terms of use". The "Start" button will become visible. Click on it. 2. If it wants to install an ActiveX component allow it 3. You will be asked to install an ActiveX, click the "Install" button (Note: If you have a Firewall install you may have to approve the installation) 4. Once ActiveX control is installed click on the "Start" button to initialize the scanner 5. After initialization is complete, make sure, that "Remove found threats", and "Scan unwanted applications" are checkmarked. 6. Click the "Scan" button 7. Once the scan is done, you will find a log in C:\Program Files\esetonlinescanner\log.txt Post ESET's log. *** Post new HJT log. |
|