MyCity » Ambulanta -> Arhiva Ambulante » Win32:Neredr

Win32:Neredr

Napisano na dan: 17.9.2009
2

Win32:Neredr
Pagination Prethodna strana

Idi na vrh

Poslao: 18 Sep 2009 16:13
Idi na vrh
offline
  • Pridružio: 23 Dec 2008
  • Poruke: 30
  • Gde živiš: RS

ComboFix 09-09-17.04 - Asko 09/18/2009 16:01.1.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.502.183 [GMT 2:00]
Running from: c:\documents and settings\Asko\Desktop\ComboFix.exe
AV: avast! antivirus 4.8.1351 [VPS 090917-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\docume~1\Asko\LOCALS~1\Temp\1.wmv
c:\documents and settings\Asko\Application Data\wiaserva.log
c:\windows\Installer\13d42c.msi

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_glaide32


((((((((((((((((((((((((( Files Created from 2009-08-18 to 2009-09-18 )))))))))))))))))))))))))))))))
.

2009-09-17 16:54 . 2009-09-17 16:54 -------- d--h--w- c:\windows\PIF
2009-09-17 15:23 . 2009-09-17 15:23 604488 ----a-w- c:\windows\system32\TUProgSt.exe
2009-09-17 15:23 . 2009-07-15 09:48 29000 ----a-w- c:\windows\system32\uxtuneup.dll
2009-09-17 15:23 . 2009-09-17 15:23 361288 ----a-w- c:\windows\system32\TuneUpDefragService.exe
2009-09-17 15:23 . 2009-09-17 15:23 -------- d-----w- c:\documents and settings\Asko\Application Data\TuneUp Software
2009-09-17 15:22 . 2009-09-17 15:22 -------- d-----w- c:\documents and settings\All Users\Application Data\TuneUp Software
2009-09-17 15:22 . 2009-09-17 15:23 -------- d-----w- c:\program files\TuneUp Utilities 2009
2009-09-17 15:22 . 2009-09-17 15:22 -------- d-sh--w- c:\documents and settings\All Users\Application Data\{55A29068-F2CE-456C-9148-C869879E2357}
2009-09-17 08:27 . 2009-09-17 15:20 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-09-17 10:23 . 2009-02-25 12:07 -------- d-----w- c:\documents and settings\Asko\Application Data\mIRC
2009-09-17 10:22 . 2009-02-25 12:07 -------- d-----w- c:\program files\mIRC
2009-09-12 19:31 . 2009-03-01 20:43 -------- d-----w- c:\documents and settings\Asko\Application Data\Skype
2009-09-12 18:13 . 2009-03-01 20:45 -------- d-----w- c:\documents and settings\Asko\Application Data\skypePM
2009-08-17 16:10 . 2009-02-25 11:56 1279456 ----a-w- c:\windows\system32\aswBoot.exe
2009-08-17 16:06 . 2009-02-25 11:57 93392 ----a-w- c:\windows\system32\drivers\aswmon.sys
2009-08-17 16:06 . 2009-02-25 11:57 94160 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2009-08-17 16:05 . 2009-02-25 11:57 114768 ----a-w- c:\windows\system32\drivers\aswSP.sys
2009-08-17 16:05 . 2009-02-25 11:57 20560 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2009-08-17 16:04 . 2009-02-25 11:57 23152 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2009-08-17 16:03 . 2009-02-25 11:57 26944 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2009-08-17 16:02 . 2009-02-25 11:57 97480 ----a-w- c:\windows\system32\AvastSS.scr
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{9CB65206-89C4-402c-BA80-02D8C59F9B1D}"= "c:\program files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL" [2009-02-25 57344]

[HKEY_CLASSES_ROOT\clsid\{9cb65206-89c4-402c-ba80-02d8c59f9b1d}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="c:\program files\Analog Devices\SoundMAX\SMax4PNP.exe" [2004-10-14 1388544]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-01-13 131072]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-01-13 163840]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-01-13 135168]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-08-17 81000]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-07-03 1323008]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-05-01 198160]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-09 148888]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\ThinkPad\Bluetooth Software\BTTray.exe [2007-11-26 576104]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"wuauserv"=2 (0x2)
"wscsvc"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2/25/2009 1:57 PM 114768]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2/25/2009 1:57 PM 20560]
R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [4/14/2009 2:28 PM 55152]
R2 TuneUp.ProgramStatisticsSvc;TuneUp Program Statistics Service;c:\windows\system32\TUProgSt.exe [9/17/2009 5:23 PM 604488]
S2 gupdate1c999ecf0996a8c;Google Update Service (gupdate1c999ecf0996a8c);c:\program files\Google\Update\GoogleUpdate.exe [2/28/2009 11:38 PM 133104]
S3 fsssvc;Windows Live Family Safety;c:\program files\Windows Live\Family Safety\fsssvc.exe [2/6/2009 6:08 PM 533360]
S3 P101bVID;Creative WebCam;c:\windows\system32\drivers\P101bVid.sys [4/15/2009 3:18 PM 184362]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Contents of the 'Scheduled Tasks' folder

2009-09-18 c:\windows\Tasks\1-Click Maintenance.job
- c:\program files\TuneUp Utilities 2009\OneClickStarter.exe [2009-07-16 08:54]

2009-09-18 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-28 21:38]

2009-09-18 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-28 21:38]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uDefault_Search_URL = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Prevedi sa Di recnikom - c:\program files\Di recnik\diie.htm
IE: Send to &Bluetooth Device... - c:\program files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send To Bluetooth - c:\program files\ThinkPad\Bluetooth Software\btsendto_ie.htm
IE: Translate with Di dictionary -
FF - ProfilePath - c:\documents and settings\Asko\Application Data\Mozilla\Firefox\Profiles\gj1xkhg7.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.live.com/results.aspx?FORM=IEFM1&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: keyword.URL - hxxp://search.live.com/results.aspx?FORM=IEFM1&q=
FF - component: c:\program files\Mozilla Firefox\extensions\browserhighlighter@ebay.com\components\Shim.dll
FF - component: c:\program files\Real\RealPlayer\browserrecord\components\nprpbrowserrecordplugin.dll
FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll
FF - plugin: c:\program files\Google\Update\1.2.183.7\npGoogleOneClick8.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net
Rootkit scan 2009-09-18 16:06
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(3704)
c:\windows\system32\btmmhook.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\OneX.DLL
c:\windows\system32\eappprxy.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\ibmpmsvc.exe
c:\program files\ThinkPad\Bluetooth Software\bin\btwdins.exe
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\program files\Alwil Software\Avast4\ashServ.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files\Synaptics\SynTP\SynTPLpr.exe
c:\program files\Analog Devices\SoundMAX\SMAgent.exe
c:\windows\system32\wdfmgr.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2009-09-18 16:08 - machine was rebooted
ComboFix-quarantined-files.txt 2009-09-18 14:08

Pre-Run: 5,307,932,672 bytes free
Post-Run: 5,964,582,912 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

165

Poslao: 18 Sep 2009 16:44
Idi na vrh
offline
  • dr_Bora  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 24 Jul 2007
  • Poruke: 12280
  • Gde živiš: Höganäs, SE

Potrebno je deinstalirati ComboFix:
klikni start (ili ), a zatim RUN.

Na Visti koristiti Start Search polje ukoliko Run nije dostupan.

U liniju za unos teksta ukucaj (iskopiraj) sledeće:

combofix /u

Primeti da postoji razmak između "ComboFix" i "/u".



a zatim klikni OK (ili pritisni Enter).

Sačekaj da se proces deinstalacije završi.





Da li sada avast! nešto detektuje (a da to ne može da ukloni)?

Poslao: 18 Sep 2009 20:47
Idi na vrh
offline
  • Pridružio: 23 Dec 2008
  • Poruke: 30
  • Gde živiš: RS

Ne, nista! Na poslednjem skeniranju nista nije nasao Smile


Hvala puno i srdacan pozdrav!

MyCity » Ambulanta -> Arhiva Ambulante » Win32:Neredr

Ko je trenutno na forumu
 

Ukupno su 941 korisnika na forumu :: 47 registrovanih, 7 sakrivenih i 887 gosta   ::   [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:
Korisnici trenutno na forumu: atmel, babaroga, cavatina, cinoeye, darkangel, Denaya, Dimitrise93, djboj, drimer, FileFinder, FOX, Georgius, h8propaganda, HrcAk47, hyla, ILGromovnik, JOntra, kihot, Kubovac, kubura91, Levi, macak44, marsovac 2, mean_machine, mercedesamg, Mercury, milenko crazy north, Mixelotti, mkukoleca, naki011, nemkea71, nikoladim, opt1, radoznao, Sirius, Smiljke, sombrero, Srki94, styg, theNedjeljko, Trpe Grozni, tubular, Vlada1389, vukovi, wizzardone, šumar bk2, žeks62