Problém s iexplore.exe-žeby vir?

Příspěvekod **fredik** » 24 zář 2007 13:36

Combofix máš tam i návod.

Reklama

Sicco · Příspěvekod **Sicco** » 24 zář 2007 14:34

Nepomohl ani reinstal Woken dělá to stále,vypadá to na formát disku,jinak se toho snad nezbavím...

Sicco · Příspěvekod **Sicco** » 24 zář 2007 14:39

jenom mě celkem zmátlo,že mi u něho Avast vyhodil,že obsahuje Trojana,jinak tady máš ten log z Combofixu:

ComboFix 07-09-21.2 - "Pavel" 2007-09-25 14:39:12.1 - NTFSx86
Syst‚m Microsoft Windows XP Professional 5.1.2600.2.1250.1.1029.18.620 [GMT 2:00]
* Created a new restore point
.

((((((((((((((((((((((((( Files Created from 2007-08-25 to 2007-09-25 )))))))))))))))))))))))))))))))
.

2007-09-25 14:38 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-09-25 14:18 24,661 --a------ C:\WINDOWS\system32\spxcoins.dll
2007-09-25 14:18 13,312 --a------ C:\WINDOWS\system32\irclass.dll
2007-09-25 13:47 38,400 --a------ C:\WINDOWS\iexplorer.exe
2007-09-25 13:28 95,608 --a------ C:\WINDOWS\system32\AvastSS.scr
2007-09-25 13:28 94,416 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys
2007-09-25 13:28 92,848 --a------ C:\WINDOWS\system32\drivers\aswmon.sys
2007-09-25 13:28 801,144 --a------ C:\WINDOWS\system32\aswBoot.exe
2007-09-25 13:28 42,912 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys
2007-09-25 13:28 26,624 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys
2007-09-25 13:28 23,152 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys
2007-09-25 13:28 <DIR> d-------- C:\Program Files\Alwil Software
2007-09-25 13:26 <DIR> d-------- C:\Program Files\Lavasoft
2007-09-25 13:26 <DIR> d-------- C:\DOCUME~1\ALLUSE~1.WIN\DATAAP~1\Lavasoft
2007-09-24 21:25 53,248 --a------ C:\WINDOWS\system32\Process.exe
2007-09-24 21:25 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2007-09-24 21:25 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
2007-09-24 21:25 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2007-09-24 21:25 1,970 --a------ C:\WINDOWS\system32\tmp.reg
2007-09-23 21:12 <DIR> d-------- C:\Program Files\TryMedia
2007-09-21 20:12 <DIR> d-------- C:\Program Files\mIRC
2007-09-21 19:56 107,888 --a------ C:\WINDOWS\system32\CmdLineExt.dll
2007-09-20 11:40 <DIR> d-------- C:\DOCUME~1\PAVEL~1.PAV\.jpi_cache
2007-09-19 20:32 <DIR> d--h----- C:\WINDOWS\ShellNew
2007-09-19 20:22 <DIR> d-------- C:\DOCUME~1\ALLUSE~1.WIN\DATAAP~1\Office Genuine Advantage
2007-09-19 20:21 676,224 --a------ C:\WINDOWS\system32\OGACheckControl.dll
2007-09-17 21:25 <DIR> d-------- C:\Program Files\Prime95
2007-09-17 15:34 <DIR> d-------- C:\Program Files\uTorrent
2007-09-16 19:53 <DIR> d-------- C:\Program Files\InterVideo
2007-09-16 19:45 <DIR> d-------- C:\Program Files\PowerStrip
2007-09-16 18:27 81,768 --a------ C:\WINDOWS\system32\xinput1_3.dll
2007-09-16 09:19 2,297,552 --a------ C:\WINDOWS\system32\d3dx9_26.dll
2007-09-16 09:19 <DIR> d----c--- C:\WINDOWS\system32\DRVSTORE
2007-09-16 09:19 <DIR> d-------- C:\WINDOWS\system32\AGEIA
2007-09-16 09:18 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-09-16 09:18 <DIR> d-------- C:\Program Files\AGEIA Technologies
2007-09-16 08:48 356,352 --a------ C:\WINDOWS\system32\nvudisp.exe
2007-09-16 08:48 <DIR> d-------- C:\WINDOWS\nview
2007-09-15 17:30 356,352 --a------ C:\WINDOWS\system32\NVUNINST.EXE
2007-09-14 21:57 <DIR> d-------- C:\Program Files\RivaTuner v2.03
2007-09-13 18:44 3,426,072 --a------ C:\WINDOWS\system32\d3dx9_32.dll
2007-09-13 17:54 5,248 --a------ C:\WINDOWS\system32\drivers\vax347s.sys
2007-09-13 17:54 159,616 --a------ C:\WINDOWS\system32\drivers\vax347b.sys
2007-09-13 17:32 <DIR> d-------- C:\DOCUME~1\PAVEL~1.PAV\.thumbnails
2007-09-13 17:31 <DIR> d-------- C:\DOCUME~1\PAVEL~1.PAV\.gimp-2.0
2007-09-13 17:27 32,592 --a------ C:\WINDOWS\system32\msonpmon.dll
2007-09-13 16:55 <DIR> d-------- C:\Program Files\Alcohol Soft
2007-09-13 14:07 1,156 --a------ C:\WINDOWS\mozver.dat
2007-09-13 14:03 33,160 --a------ C:\WINDOWS\system32\drivers\ET5Drv.sys
2007-09-12 22:59 3,072 --a------ C:\WINDOWS\system32\drivers\audstub.sys
2007-09-12 22:58 58,240 --a------ C:\WINDOWS\system32\drivers\redbook.sys
2007-09-12 22:58 <DIR> d-------- C:\DOCUME~1\ALLUSE~1.WIN\DATAAP~1\Microsoft Help
2007-09-12 22:56 75,264 --a------ C:\WINDOWS\system32\storprop.dll
2007-09-12 22:56 70,272 --a------ C:\WINDOWS\system\AVICAP.DLL
2007-09-12 22:56 176,157 --a------ C:\WINDOWS\system32\dgrpsetu.dll
2007-09-12 22:56 11,264 --a------ C:\WINDOWS\system32\drivers\irenum.sys
2007-09-12 22:56 103,424 --a------ C:\WINDOWS\system32\EqnClass.Dll
2007-09-12 22:56 <DIR> dr-h----- C:\DOCUME~1\DEFAUL~1.WIN\Data aplikacˇ
2007-09-12 22:56 <DIR> dr-h----- C:\DOCUME~1\ALLUSE~1.WIN\Data aplikacˇ
2007-09-12 22:56 <DIR> dr------- C:\DOCUME~1\DEFAUL~1.WIN\Nabˇdka Start
2007-09-12 22:56 <DIR> dr------- C:\DOCUME~1\ALLUSE~1.WIN\Nabˇdka Start
2007-09-12 22:56 <DIR> dr------- C:\DOCUME~1\ALLUSE~1.WIN\Dokumenty
2007-09-12 22:56 <DIR> d--h----- C:\DOCUME~1\DEFAUL~1.WIN\ćablony
2007-09-12 22:56 <DIR> d--h----- C:\DOCUME~1\DEFAUL~1.WIN\Okolnˇ tisk rny
2007-09-12 22:56 <DIR> d--h----- C:\DOCUME~1\DEFAUL~1.WIN\Okolnˇ sˇś
2007-09-12 22:56 <DIR> d--h----- C:\DOCUME~1\ALLUSE~1.WIN\ćablony
2007-09-12 22:56 <DIR> d-------- C:\DOCUME~1\DEFAUL~1.WIN\Plocha
2007-09-12 22:56 <DIR> d-------- C:\DOCUME~1\DEFAUL~1.WIN\Oblˇben‚ polo§ky
2007-09-12 22:56 <DIR> d-------- C:\DOCUME~1\DEFAUL~1.WIN\Dokumenty
2007-09-12 22:56 <DIR> d-------- C:\DOCUME~1\ALLUSE~1.WIN\Plocha
2007-09-12 22:56 <DIR> d-------- C:\DOCUME~1\ALLUSE~1.WIN\Oblˇben‚ polo§ky
2007-09-12 22:48 <DIR> d-------- C:\WINDOWS\Provisioning
2007-09-12 22:48 <DIR> d-------- C:\WINDOWS\PeerNet
2007-09-12 22:48 <DIR> d-------- C:\WINDOWS\ehome
2007-09-12 22:34 <DIR> d-------- C:\Program Files\Winamp
2007-09-12 22:32 545 --a------ C:\WINDOWS\UC.PIF
2007-09-12 22:32 545 --a------ C:\WINDOWS\RAR.PIF
2007-09-12 22:32 545 --a------ C:\WINDOWS\PKZIP.PIF
2007-09-12 22:32 545 --a------ C:\WINDOWS\PKUNZIP.PIF
2007-09-12 22:32 545 --a------ C:\WINDOWS\NOCLOSE.PIF
2007-09-12 22:32 545 --a------ C:\WINDOWS\LHA.PIF
2007-09-12 22:32 545 --a------ C:\WINDOWS\ARJ.PIF
2007-09-12 22:32 <DIR> d-------- C:\Program Files\Total Commander
2007-09-12 22:30 <DIR> d-------- C:\Program Files\Teamspeak2_RC2
2007-09-12 22:28 <DIR> d-------- C:\Program Files\Spyware Terminator
2007-09-12 22:27 <DIR> dr------- C:\DOCUME~1\DEFAUL~1\Nabˇdka Start
2007-09-12 22:27 <DIR> dr------- C:\DOCUME~1\ALLUSE~1\Nabˇdka Start
2007-09-12 22:27 <DIR> dr------- C:\DOCUME~1\ALLUSE~1\Dokumenty
2007-09-12 22:27 <DIR> d--h----- C:\DOCUME~1\DEFAUL~1\ćablony
2007-09-12 22:27 <DIR> d--h----- C:\DOCUME~1\DEFAUL~1\Okolnˇ tisk rny
2007-09-12 22:27 <DIR> d--h----- C:\DOCUME~1\DEFAUL~1\Okolnˇ sˇś
2007-09-12 22:27 <DIR> d--h----- C:\DOCUME~1\ALLUSE~1\ćablony
2007-09-12 22:27 <DIR> d-------- C:\WINDOWS\system32\CatRoot2
2007-09-12 22:27 <DIR> d-------- C:\WINDOWS\system32\CatRoot
2007-09-12 22:27 <DIR> d-------- C:\Program Files\RegCleaner
2007-09-12 22:27 <DIR> d-------- C:\Program Files\QuickTime
2007-09-12 22:27 <DIR> d-------- C:\DOCUME~1\DEFAUL~1\Plocha
2007-09-12 22:27 <DIR> d-------- C:\DOCUME~1\DEFAUL~1\Oblˇben‚ polo§ky
2007-09-12 22:27 <DIR> d-------- C:\DOCUME~1\DEFAUL~1\Dokumenty
2007-09-12 22:27 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\Plocha

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-09-12 21:14 8972 --a------ C:\WINDOWS\PCHealth\HelpCtr\Config\Cntstore.bin
2007-09-12 20:36 --------- d-------- C:\Program Files\microsoft frontpage
2007-08-26 12:35 4224 --a------ C:\WINDOWS\system32\drivers\NVStrap.sys
2007-08-07 13:58 8320 --a------ C:\WINDOWS\system32\drivers\AWRTRD.sys
2007-08-07 13:56 9344 --a------ C:\WINDOWS\system32\drivers\NSDriver.sys
2007-07-12 09:22 81920 --a------ C:\WINDOWS\system32\frapsvid.dll
2007-06-29 00:43 8466432 --a------ C:\WINDOWS\system32\nvcpl.dll
2007-06-29 00:43 81920 --a------ C:\WINDOWS\system32\nvwddi.dll
2007-06-29 00:43 81920 --a------ C:\WINDOWS\system32\nvmctray.dll
2007-06-29 00:43 753664 --a------ C:\WINDOWS\system32\nvcplui.exe
2007-06-29 00:43 6729728 --a------ C:\WINDOWS\system32\nvoglnt.dll
2007-06-29 00:43 6234112 --a------ C:\WINDOWS\system32\nvdisps.dll
2007-06-29 00:43 5455872 --a------ C:\WINDOWS\system32\nvdispsr.dll
2007-06-29 00:43 466944 --a------ C:\WINDOWS\system32\nvshell.dll
2007-06-29 00:43 458752 --a------ C:\WINDOWS\system32\nvmccssr.dll
2007-06-29 00:43 45056 --a------ C:\WINDOWS\system32\nvmccsrs.dll
2007-06-29 00:43 442368 --a------ C:\WINDOWS\system32\nvappbar.exe
2007-06-29 00:43 425984 --a------ C:\WINDOWS\system32\keystone.exe
2007-06-29 00:43 37376 --a------ C:\WINDOWS\system32\nvcodins.dll
2007-06-29 00:43 37376 --a------ C:\WINDOWS\system32\nvcod.dll
2007-06-29 00:43 360448 --a------ C:\WINDOWS\system32\nvapi.dll
2007-06-29 00:43 3600384 --a------ C:\WINDOWS\system32\nvvitvsr.dll
2007-06-29 00:43 3518464 --a------ C:\WINDOWS\system32\nvvitvs.dll
2007-06-29 00:43 3321856 --a------ C:\WINDOWS\system32\nvgames.dll
2007-06-29 00:43 3072000 --a------ C:\WINDOWS\system32\nvgamesr.dll
2007-06-29 00:43 307200 --a------ C:\WINDOWS\system32\nvexpbar.dll
2007-06-29 00:43 286720 --a------ C:\WINDOWS\system32\nvnt4cpl.dll
2007-06-29 00:43 2854912 --a------ C:\WINDOWS\system32\nvmoblsr.dll
2007-06-29 00:43 2416640 --a------ C:\WINDOWS\system32\nvwssr.dll
2007-06-29 00:43 2330624 --a------ C:\WINDOWS\system32\nvwss.dll
2007-06-29 00:43 229376 --a------ C:\WINDOWS\system32\nvmccs.dll
2007-06-29 00:43 188416 --a------ C:\WINDOWS\system32\nvmccss.dll
2007-06-29 00:43 1703936 --a------ C:\WINDOWS\system32\nvwdmcpl.dll
2007-06-29 00:43 1626112 --a------ C:\WINDOWS\system32\nwiz.exe
2007-06-29 00:43 155716 --a------ C:\WINDOWS\system32\nvsvc32.exe
2007-06-29 00:43 1474560 --a------ C:\WINDOWS\system32\nview.dll
2007-06-29 00:43 147456 --a------ C:\WINDOWS\system32\nvcolor.exe
2007-06-29 00:43 1339392 --a------ C:\WINDOWS\system32\nvdspsch.exe
2007-06-29 00:43 1142784 --a------ C:\WINDOWS\system32\nvmobls.dll
2007-06-29 00:43 1073152 --a------ C:\WINDOWS\system32\nvcpluir.dll
2007-06-29 00:43 1019904 --a------ C:\WINDOWS\system32\nvwimg.dll
2007-06-29 00:43 1018772 --a------ C:\WINDOWS\system32\nvucode.bin
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"GBB36X Configure"="C:\WINDOWS\system32\JMRaidTool.exe" [2006-07-12 11:58]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-06-29 00:43]
"nwiz"="nwiz.exe" [2007-06-29 00:43 C:\WINDOWS\system32\nwiz.exe]
"AAWTray"="C:\Program Files\Lavasoft\Ad-Aware 2007\AAWTray.exe" [2007-08-08 15:53]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-09-06 12:06]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-06-29 00:43]
"RTHDCPL"="RTHDCPL.EXE" [2006-07-21 10:56 C:\WINDOWS\RTHDCPL.exe]
"SkyTel"="SkyTel.EXE" [2006-05-16 12:04 C:\WINDOWS\SkyTel.exe]
"Explorer"="C:\WINDOWS\iexplorer.exe" [2007-09-25 13:47]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-17 16:49]
"uTorrent"="C:\Program Files\uTorrent\utorrent.exe" [2007-09-17 15:35]

R0 JGOGO;JMicron Hot-Plug Driver;C:\WINDOWS\system32\DRIVERS\JGOGO.sys
R0 JRAID;JRAID;C:\WINDOWS\system32\DRIVERS\jraid.sys
R2 PStrip;PStrip;C:\WINDOWS\system32\drivers\pstrip.sys
R3 PSched;Plánovač paketů technologie QoS;C:\WINDOWS\system32\DRIVERS\psched.sys
S3 EverestDriver;Lavalys EVEREST Kernel Driver;\??\C:\Documents and Settings\Pavel.PAVEL-603E47480\Plocha\everestultimate_build_1128\kerneld.wnt
S3 MarkFun_NT;MarkFun_NT;\??\C:\Program Files\Gigabyte\ET5\markfun.w32
S3 RivaTuner32;RivaTuner32;\??\C:\Program Files\RivaTuner v2.03\RivaTuner32.sys

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
Schedule

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{72d300c2-616e-11dc-aeb6-806d6172696f}]
AutoRun\command- E:\autorun.exe

*Newly Created Service* - CATCHME
*Newly Created Service* - VAX347S
.
**************************************************************************

catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-09-25 14:40:06
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-09-25 14:40:23
.
--- E O F ---

milanste · Příspěvekod **milanste** » 28 zář 2007 18:56

Mal som podobný problém a ten IE spúštal program schovaný vo windows\system 32\krpcs.exe. Tak nejako sa volal nie som si muž 100% istý. Bol to program ktorý bol maskovaný pod hlavičkou Microsoftu a bol v ňom trojsky kôn !!! Žiaden antivir NOD 32 , antispyware, ho nenašiel len AVG Anti Spyware 7.5. hned na prvý pokus. Vyskúšaj toto !

Sicco · Příspěvekod **Sicco** » 28 zář 2007 19:02

diky vyzkouším a napíšu jestli to zabralo :smile:

X · Příspěvekod X » 29 zář 2007 00:22

Zkontroluj taky, jestli nemáš nějakou neplechu v: C:\WINDOWS\Downloaded Program Files

Na smazání neřádů z IE doplňků je výborný:

Tool Bar Cop 3.0.1-umožňuje selektivní odstranění různých nechtěných rozšíření Internet Exploreru- Browser Helper Objects (BHO), Nástroj je určen zkušeným uživatelům.zip

Sicco · Příspěvekod **Sicco** » 29 zář 2007 09:08

AvG Anti Spyware to našel a smazal,diky za tip

Problém s iexplore.exe-žeby vir?

SKUS TO TAKTO

Kdo je online