MyCity » Ambulanta -> Arhiva Ambulante » Win32:Neredr

Win32:Neredr

Napisano na dan: 17.9.2009
2

Win32:Neredr
Pagination Prethodna strana

Idi na vrh

Poslao: 18 Sep 2009 16:13
Idi na vrh
offline
  • Pridružio: 23 Dec 2008
  • Poruke: 30
  • Gde živiš: RS

ComboFix 09-09-17.04 - Asko 09/18/2009 16:01.1.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.502.183 [GMT 2:00]
Running from: c:\documents and settings\Asko\Desktop\ComboFix.exe
AV: avast! antivirus 4.8.1351 [VPS 090917-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\docume~1\Asko\LOCALS~1\Temp\1.wmv
c:\documents and settings\Asko\Application Data\wiaserva.log
c:\windows\Installer\13d42c.msi

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_glaide32


((((((((((((((((((((((((( Files Created from 2009-08-18 to 2009-09-18 )))))))))))))))))))))))))))))))
.

2009-09-17 16:54 . 2009-09-17 16:54 -------- d--h--w- c:\windows\PIF
2009-09-17 15:23 . 2009-09-17 15:23 604488 ----a-w- c:\windows\system32\TUProgSt.exe
2009-09-17 15:23 . 2009-07-15 09:48 29000 ----a-w- c:\windows\system32\uxtuneup.dll
2009-09-17 15:23 . 2009-09-17 15:23 361288 ----a-w- c:\windows\system32\TuneUpDefragService.exe
2009-09-17 15:23 . 2009-09-17 15:23 -------- d-----w- c:\documents and settings\Asko\Application Data\TuneUp Software
2009-09-17 15:22 . 2009-09-17 15:22 -------- d-----w- c:\documents and settings\All Users\Application Data\TuneUp Software
2009-09-17 15:22 . 2009-09-17 15:23 -------- d-----w- c:\program files\TuneUp Utilities 2009
2009-09-17 15:22 . 2009-09-17 15:22 -------- d-sh--w- c:\documents and settings\All Users\Application Data\{55A29068-F2CE-456C-9148-C869879E2357}
2009-09-17 08:27 . 2009-09-17 15:20 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-09-17 10:23 . 2009-02-25 12:07 -------- d-----w- c:\documents and settings\Asko\Application Data\mIRC
2009-09-17 10:22 . 2009-02-25 12:07 -------- d-----w- c:\program files\mIRC
2009-09-12 19:31 . 2009-03-01 20:43 -------- d-----w- c:\documents and settings\Asko\Application Data\Skype
2009-09-12 18:13 . 2009-03-01 20:45 -------- d-----w- c:\documents and settings\Asko\Application Data\skypePM
2009-08-17 16:10 . 2009-02-25 11:56 1279456 ----a-w- c:\windows\system32\aswBoot.exe
2009-08-17 16:06 . 2009-02-25 11:57 93392 ----a-w- c:\windows\system32\drivers\aswmon.sys
2009-08-17 16:06 . 2009-02-25 11:57 94160 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2009-08-17 16:05 . 2009-02-25 11:57 114768 ----a-w- c:\windows\system32\drivers\aswSP.sys
2009-08-17 16:05 . 2009-02-25 11:57 20560 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2009-08-17 16:04 . 2009-02-25 11:57 23152 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2009-08-17 16:03 . 2009-02-25 11:57 26944 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2009-08-17 16:02 . 2009-02-25 11:57 97480 ----a-w- c:\windows\system32\AvastSS.scr
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{9CB65206-89C4-402c-BA80-02D8C59F9B1D}"= "c:\program files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL" [2009-02-25 57344]

[HKEY_CLASSES_ROOT\clsid\{9cb65206-89c4-402c-ba80-02d8c59f9b1d}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="c:\program files\Analog Devices\SoundMAX\SMax4PNP.exe" [2004-10-14 1388544]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-01-13 131072]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-01-13 163840]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-01-13 135168]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-08-17 81000]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-07-03 1323008]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-05-01 198160]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-09 148888]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\ThinkPad\Bluetooth Software\BTTray.exe [2007-11-26 576104]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"wuauserv"=2 (0x2)
"wscsvc"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2/25/2009 1:57 PM 114768]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2/25/2009 1:57 PM 20560]
R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [4/14/2009 2:28 PM 55152]
R2 TuneUp.ProgramStatisticsSvc;TuneUp Program Statistics Service;c:\windows\system32\TUProgSt.exe [9/17/2009 5:23 PM 604488]
S2 gupdate1c999ecf0996a8c;Google Update Service (gupdate1c999ecf0996a8c);c:\program files\Google\Update\GoogleUpdate.exe [2/28/2009 11:38 PM 133104]
S3 fsssvc;Windows Live Family Safety;c:\program files\Windows Live\Family Safety\fsssvc.exe [2/6/2009 6:08 PM 533360]
S3 P101bVID;Creative WebCam;c:\windows\system32\drivers\P101bVid.sys [4/15/2009 3:18 PM 184362]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Contents of the 'Scheduled Tasks' folder

2009-09-18 c:\windows\Tasks\1-Click Maintenance.job
- c:\program files\TuneUp Utilities 2009\OneClickStarter.exe [2009-07-16 08:54]

2009-09-18 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-28 21:38]

2009-09-18 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-28 21:38]
.
.
------- Supplementary Scan -------
.
uStart Page = [Link mogu videti samo ulogovani korisnici]
uDefault_Search_URL = [Link mogu videti samo ulogovani korisnici]
uSearchURL,(Default) = [Link mogu videti samo ulogovani korisnici]
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Prevedi sa Di recnikom - c:\program files\Di recnik\diie.htm
IE: Send to &Bluetooth Device... - c:\program files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send To Bluetooth - c:\program files\ThinkPad\Bluetooth Software\btsendto_ie.htm
IE: Translate with Di dictionary -
FF - ProfilePath - c:\documents and settings\Asko\Application Data\Mozilla\Firefox\Profiles\gj1xkhg7.default\
FF - prefs.js: browser.search.defaulturl - [Link mogu videti samo ulogovani korisnici]
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - [Link mogu videti samo ulogovani korisnici]
FF - prefs.js: keyword.URL - [Link mogu videti samo ulogovani korisnici]
FF - component: c:\program files\Mozilla Firefox\extensions\browserhighlighter@ebay.com\components\Shim.dll
FF - component: c:\program files\Real\RealPlayer\browserrecord\components\nprpbrowserrecordplugin.dll
FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll
FF - plugin: c:\program files\Google\Update\1.2.183.7\npGoogleOneClick8.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [Link mogu videti samo ulogovani korisnici]
Rootkit scan 2009-09-18 16:06
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(3704)
c:\windows\system32\btmmhook.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\OneX.DLL
c:\windows\system32\eappprxy.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\ibmpmsvc.exe
c:\program files\ThinkPad\Bluetooth Software\bin\btwdins.exe
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\program files\Alwil Software\Avast4\ashServ.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files\Synaptics\SynTP\SynTPLpr.exe
c:\program files\Analog Devices\SoundMAX\SMAgent.exe
c:\windows\system32\wdfmgr.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2009-09-18 16:08 - machine was rebooted
ComboFix-quarantined-files.txt 2009-09-18 14:08

Pre-Run: 5,307,932,672 bytes free
Post-Run: 5,964,582,912 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

165



Poslao: 18 Sep 2009 16:44
Idi na vrh
offline
  • dr_Bora  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 24 Jul 2007
  • Poruke: 12280
  • Gde živiš: Höganäs, SE

Potrebno je deinstalirati ComboFix:
klikni start (ili ), a zatim RUN.

Na Visti koristiti Start Search polje ukoliko Run nije dostupan.

U liniju za unos teksta ukucaj (iskopiraj) sledeće:

combofix /u

Primeti da postoji razmak između "ComboFix" i "/u".



a zatim klikni OK (ili pritisni Enter).

Sačekaj da se proces deinstalacije završi.





Da li sada avast! nešto detektuje (a da to ne može da ukloni)?



Poslao: 18 Sep 2009 20:47
Idi na vrh
offline
  • Pridružio: 23 Dec 2008
  • Poruke: 30
  • Gde živiš: RS

Ne, nista! Na poslednjem skeniranju nista nije nasao Smile


Hvala puno i srdacan pozdrav!

MyCity » Ambulanta -> Arhiva Ambulante » Win32:Neredr

Ko je trenutno na forumu
 

Ukupno su 1433 korisnika na forumu :: 69 registrovanih, 8 sakrivenih i 1356 gosta   ::   [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 15694 - dana 01 Feb 2026 12:23

Korisnici koji su trenutno na forumu:
Korisnici trenutno na forumu: A.R.Chafee.Jr., acov34, aleph_one, antonije64, Arhiv, Banovo Brdo, Ben Roj, berste23, blatruc82, boracbl1389, boromir, Bosnjo, Cirkon, Clouseau, Darko Jovanovic, dj.ape, Dolinc, Draganeli, draganl, Džekson, feanor, FOX, g_g, gasha, goxin, Hardenberg, Igor Antonic, ILGromovnik, Imperator_Aleksandr_lll, istina, Jager715510, jarovitt, Jezekijel, Još malo pa deda, Kajzer Soze, Kubovac, laurusri, lord sir giga, ludiagresivan, luja, mane123, Mcdado, mercedesamg, metallac777, Milometer, milutin134, mmelezovic, MrNo, nick79, nobutado, Povratak1912, procesor, proka89, RajkoB, raso76, Sagotolio, sap, Semberija, Sonic, Stevan Visoki, tuf, Vanderx, vandrej, vladao75, Volkhov-M, zastavnik, zil10, Zoran1959, ČOBAN