Vir - Prosím o kontrolu logu ....

[GrowerM]

Ahoj .... už delší dobu mám problém s PC ... vždycky po nějaké době nahlásí chybu : GenericGhost 32 ukončil services.exe. Nebo nějak podobně to bylo. Vyustí to v to, že není možno pouívat zvukovou kartu - prostě nejde zvuk kromě zvuků ve windowsech. Dnes jsem tady náhodou narazil na progámek Prevx 2.0 - možná ho znáte. No prostě jsem si odnich nechal udělat jejich reklamní test abych si pak koupil jejich licenci a zjistili mi že mám v PC jednoho červa : mmdmm.exe a dva trojáky : wimtqrrd.dll a druhý bohužel už nevím název, ale byl v systemu 32 jako knihovna *.dll , tuším že začínal na R. Mám v PC ještě dva anitiviry a ani jeden znich to nedokázal najít, což mě udivuje, proto prosím vás o profesionální zakročení.

zde je log z Hijackthis

Logfile of HijackThis v1.99.1
Scan saved at 22:23:36, on 24.11.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe
C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\Mixer.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe
C:\Program Files\Razer\razerhid.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Valve\Steam\Steam.exe
C:\Program Files\Razer\razertra.exe
C:\Program Files\Razer\razerofa.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\WINDOWS\system32\wuauclt.exe
D:\Install\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O2 - BHO: (no name) - {1ebc37a3-5d41-4725-b085-b84e9891a3c6} - C:\WINDOWS\system32\mprlay.dll (file missing)
O2 - BHO: {4d3477ec-a0ac-81b9-e8c4-f3e8f1b1dace} - {ecad1b1f-8e3f-4c8e-9b18-ca0ace7743d4} - C:\WINDOWS\system32\wimtqrrd.dll
O3 - Toolbar: &Crawler lišta - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [mmsass] mmdmm.exe
O4 - HKLM\..\Run: [40236406] rundll32.exe "C:\WINDOWS\system32\irdnumix.dll",b
O4 - HKLM\..\Run: [SpywareTerminator] "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe"
O4 - HKLM\..\Run: [razer] C:\Program Files\Razer\razerhid.exe
O4 - HKLM\..\RunServices: [mmsass] mmdmm.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Steam] "C:\Program Files\Valve\Steam\Steam.exe" -silent
O8 - Extra context menu item: Crawler Search - tbr:iemenu
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O20 - Winlogon Notify: awtqnkh - awtqnkh.dll (file missing)
O20 - Winlogon Notify: gdaslcvm - gdaslcvm.dll (file missing)
O20 - Winlogon Notify: mprlay - mprlay.dll (file missing)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Kerio Personal Firewall 4 (KPF4) - Kerio Technologies - C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe
O23 - Service: nTune Service (nTuneService) - NVIDIA - C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe

[Reklama]

[fredik]

Pokud máš u obou antispyware programů (AVG Anti-Spyware & Spyware Terminator) zapnutou rezidentní ochranu, tak ji nech zapnutou jen u jednoho a u druhého ji vypni.

Stáhni si ComboFix (by sUBs) a ulož si ho na plochu.
Ukonči všechna aktivní okna a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem klávesy 1
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení skenování by měl program vytvořit log - C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah

[GrowerM]

Provedeno ...

ComboFix 07-11-19.3 - G_M 2007-11-24 23:15:36.1 - NTFSx86
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.1.1029.18.398 [GMT 1:00]
Running from: C:\Documents and Settings\G_M\Plocha\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Administrator\Oblíbené položky\Online Security Guide.lnk
C:\Documents and Settings\Administrator\Plocha\Live Safety Center.lnk
C:\Documents and Settings\Administrator\Plocha\Online Security Guide.lnk
C:\Documents and Settings\All Users\Nabídka Start\Live Safety Center.lnk
C:\Documents and Settings\All Users\Nabídka Start\Online Security Guide.lnk
C:\Documents and Settings\G_M\Oblíbené položky\Online Security Guide.lnk
C:\WINDOWS\cookies.ini
C:\WINDOWS\system32\gdaslcvm.dllbox

.
((((((((((((((((((((((((( Files Created from 2007-10-24 to 2007-11-24 )))))))))))))))))))))))))))))))
.

2007-11-24 19:37 <DIR> d-------- C:\Temp\Tmp___13777
2007-11-24 19:37 <DIR> d-------- C:\Temp
2007-11-24 09:02 25,856 --a------ C:\WINDOWS\system32\drivers\usbprint.sys
2007-11-24 09:02 25,856 --a--c--- C:\WINDOWS\system32\dllcache\usbprint.sys
2007-11-24 00:47 <DIR> d-------- C:\Program Files\BSPlayer
2007-11-24 00:19 <DIR> d-------- C:\Program Files\Razer
2007-11-24 00:19 53,248 --a------ C:\WINDOWS\system32\razer.cpl
2007-11-24 00:19 13,225 --a------ C:\WINDOWS\system32\drivers\Razerlow.sys
2007-11-23 23:21 <DIR> d-------- C:\Program Files\Valve
2007-11-23 01:07 <DIR> d-------- C:\Documents and Settings\Administrator\Plocha
2007-11-23 01:07 <DIR> d--h----- C:\Documents and Settings\Administrator\Okolnˇ tisk rny
2007-11-23 01:07 <DIR> d--h----- C:\Documents and Settings\Administrator\Okolnˇ sˇś
2007-11-23 01:07 <DIR> d-------- C:\Documents and Settings\Administrator\Oblˇben‚ polo§ky
2007-11-23 01:07 <DIR> dr------- C:\Documents and Settings\Administrator\Nabˇdka Start
2007-11-23 01:07 <DIR> d-------- C:\Documents and Settings\Administrator\Dokumenty
2007-11-23 00:52 <DIR> d--h----- C:\Documents and Settings\Administrator\ćablony
2007-11-23 00:52 <DIR> dr-h----- C:\Documents and Settings\Administrator\Data aplikacˇ
2007-11-23 00:28 <DIR> d-------- C:\Program Files\WinClamAVShield
2007-11-23 00:27 138,368 --a------ C:\WINDOWS\system32\drivers\sp_rsdrv2.sys
2007-11-23 00:23 <DIR> d-------- C:\Program Files\Spyware Terminator
2007-11-23 00:23 <DIR> d-------- C:\Program Files\Crawler
2007-11-22 21:58 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-11-22 19:27 <DIR> d-------- C:\Program Files\SpywareBlaster
2007-11-22 19:27 1,066,176 --a------ C:\WINDOWS\system32\MSCOMCTL.OCX
2007-11-22 19:27 118,784 --a------ C:\WINDOWS\system32\MSSTDFMT.DLL
2007-11-22 19:27 115,920 --a------ C:\WINDOWS\system32\MSINET.OCX
2007-11-22 18:16 8,704 --a------ C:\WINDOWS\system32\kbdjpn.dll
2007-11-22 18:16 8,704 --a--c--- C:\WINDOWS\system32\dllcache\kbdjpn.dll
2007-11-22 18:16 8,192 --a------ C:\WINDOWS\system32\kbdkor.dll
2007-11-22 18:16 8,192 --a--c--- C:\WINDOWS\system32\dllcache\kbdkor.dll
2007-11-22 18:16 6,144 --a------ C:\WINDOWS\system32\kbd106.dll
2007-11-22 18:16 6,144 --a------ C:\WINDOWS\system32\kbd101c.dll
2007-11-22 18:16 6,144 --a------ C:\WINDOWS\system32\kbd101b.dll
2007-11-22 18:16 6,144 --a--c--- C:\WINDOWS\system32\dllcache\kbd106.dll
2007-11-22 18:16 6,144 --a--c--- C:\WINDOWS\system32\dllcache\kbd101c.dll
2007-11-22 18:16 6,144 --a--c--- C:\WINDOWS\system32\dllcache\kbd101b.dll
2007-11-22 18:16 5,632 --a------ C:\WINDOWS\system32\kbd103.dll
2007-11-22 18:16 5,632 --a--c--- C:\WINDOWS\system32\dllcache\kbd103.dll
2007-11-22 18:06 26,496 --a--c--- C:\WINDOWS\system32\dllcache\usbstor.sys
2007-11-22 15:25 767,467 ---hs---- C:\WINDOWS\system32\ximundri.ini
2007-11-22 15:25 85,056 --a------ C:\WINDOWS\system32\irdnumix.dll
2007-11-22 15:19 79,936 --a------ C:\WINDOWS\system32\wimtqrrd.dll
2007-11-22 15:14 145,984 --a------ C:\WINDOWS\system32\bwvacxst.dll
2007-11-22 00:53 <DIR> d-------- C:\Program Files\Codec Pack - All In 1
2007-11-22 00:53 737,280 --a------ C:\WINDOWS\iun6002.exe
2007-11-21 21:26 144,896 -----c--- C:\WINDOWS\system32\dllcache\schannel.dll
2007-11-21 21:22 983,040 -----c--- C:\WINDOWS\system32\dllcache\kernel32.dll
2007-11-21 21:18 <DIR> d--h----- C:\WINDOWS\$hf_mig$
2007-11-21 21:07 <DIR> d-------- C:\Program Files\NVIDIA Corporation
2007-11-21 21:06 <DIR> d-------- C:\Program Files\ICQ6
2007-11-21 21:01 0 --a------ C:\WINDOWS\system32\h323log.txt

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-11-24 18:24 --------- d-----w C:\Program Files\TCM
2007-11-23 23:19 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-11-21 19:56 99,970 ----a-w C:\WINDOWS\UninstallFirefox.exe
2007-11-21 19:40 --------- d-----w C:\Program Files\Kerio
2007-11-21 19:40 --------- d-----w C:\Program Files\Common Files\InstallShield
2007-11-21 19:22 --------- d-----w C:\Program Files\Alwil Software
2007-11-21 19:06 --------- d-----w C:\Program Files\microsoft frontpage
2007-10-04 16:14 6,854,464 ----a-w C:\WINDOWS\system32\drivers\nv4_mini.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1ebc37a3-5d41-4725-b085-b84e9891a3c6}]
C:\WINDOWS\system32\mprlay.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ecad1b1f-8e3f-4c8e-9b18-ca0ace7743d4}]
2007-11-22 15:19 79936 --a------ C:\WINDOWS\system32\wimtqrrd.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-17 15:49]
"Steam"="C:\Program Files\Valve\Steam\Steam.exe" [2007-11-23 23:24]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="RUNDLL32.exe" [2004-08-17 15:49 C:\WINDOWS\system32\rundll32.exe]
"nwiz"="nwiz.exe" [2007-10-04 17:14 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="RUNDLL32.exe" [2004-08-17 15:49 C:\WINDOWS\system32\rundll32.exe]
"C-Media Mixer"="Mixer.exe" [2002-07-12 15:33 C:\WINDOWS\mixer.exe]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-09-06 12:06]
"mmsass"="mmdmm.exe" []
"40236406"="C:\WINDOWS\system32\irdnumix.dll" [2007-11-22 15:25]
"SpywareTerminator"="C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe" [2007-11-23 00:26]
"razer"="C:\Program Files\Razer\razerhid.exe" [2005-05-17 18:21]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]
"mmsass"="mmdmm.exe" []

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-17 15:49]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\awtqnkh]
awtqnkh.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\gdaslcvm]
gdaslcvm.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\mprlay]
mprlay.dll

R1 fwdrv;Firewall Driver;C:\WINDOWS\system32\drivers\fwdrv.sys
R1 sp_rsdrv2;Spyware Terminator Driver 2;\??\C:\WINDOWS\system32\drivers\sp_rsdrv2.sys
R3 PSched;Plánovač paketů technologie QoS;C:\WINDOWS\system32\DRIVERS\psched.sys
R3 Razerlow;Razerlow USB Filter Driver;C:\WINDOWS\system32\Drivers\Razerlow.sys

.
**************************************************************************

catchme 0.3.1262 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-11-24 23:19:49
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-11-24 23:20:33 - machine was rebooted

[GrowerM]

Ještě dodám že se mi kvůli tomu ukončuje:
Generic Host process for Win32 services
Přitom ve firewallu běží.... to nechápu

[fredik]

Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok)
Zkopíruj do něj následující text označený zeleně:

Kód: Vybrat vše

File::
C:\WINDOWS\system32\ximundri.ini
C:\WINDOWS\system32\irdnumix.dll
C:\WINDOWS\system32\wimtqrrd.dll
C:\WINDOWS\system32\bwvacxst.dll

Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1ebc37a3-5d41-4725-b085-b84e9891a3c6}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ecad1b1f-8e3f-4c8e-9b18-ca0ace7743d4}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"mmsass"=-
"40236406"=-
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]
"mmsass"=-
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\awtqnkh]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\gdaslcvm]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\mprlay]

Zvol možnost Uložit soubor jako, pojmenuj soubor CFScript.txt a zvol Uložit jako typ: Všechny soubory.
Ulož soubor na plochu.
Ukonči všechna aktivní okna.

Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť

- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu

* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *

Mrkni jestli máš nainstalované tyto dvě aktualizace: Generic Host proces for win32 services

V následujícím příspěvku sem vlož tyto logy/výsledky:
- log z Combofix po použití skriptu
- nový log z HJT

[GrowerM]

tak jsem udělal co si říkal ...

ComboFix 07-11-19.3 - G_M 2007-11-25 20:37:15.2 - NTFSx86
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.1.1029.18.457 [GMT 1:00]
Running from: C:\Documents and Settings\G_M\Plocha\ComboFix.exe
Command switches used :: C:\Documents and Settings\G_M\Plocha\CFScript.txt
* Created a new restore point

FILE
C:\WINDOWS\system32\bwvacxst.dll
C:\WINDOWS\system32\irdnumix.dll
C:\WINDOWS\system32\wimtqrrd.dll
C:\WINDOWS\system32\ximundri.ini
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\ximundri.ini

.
((((((((((((((((((((((((( Files Created from 2007-10-25 to 2007-11-25 )))))))))))))))))))))))))))))))
.

2007-11-25 01:48 1,254 --a------ C:\WINDOWS\system\CmcnfgU.ini
2007-11-25 01:47 <DIR> d-------- C:\Program Files\Trust HS-6200 Surround USB Headset
2007-11-25 01:47 5,464,064 -ra------ C:\WINDOWS\system\cmcnfgu.cpl
2007-11-25 01:47 917,504 -ra------ C:\WINDOWS\system\cmds3du.dll
2007-11-25 01:47 315,392 -ra------ C:\WINDOWS\system\cmifltr.dll
2007-11-25 01:47 258,048 -r------- C:\WINDOWS\CmiUSB2Uninstall.exe
2007-11-25 01:47 61,440 -ra------ C:\WINDOWS\system\cmsnxeye.exe
2007-11-25 01:45 21,504 --a------ C:\WINDOWS\system32\hidserv.dll
2007-11-25 00:34 <DIR> d-------- C:\Documents and Settings\All Users\Data aplikací\SUPERAntiSpyware.com
2007-11-24 19:37 <DIR> d-------- C:\Temp\Tmp___13777
2007-11-24 19:37 <DIR> d-------- C:\Temp
2007-11-24 19:37 <DIR> d-------- C:\Documents and Settings\All Users\Data aplikací\Prevx
2007-11-24 09:02 25,856 --a--c--- C:\WINDOWS\system32\dllcache\usbprint.sys
2007-11-24 00:47 <DIR> d-------- C:\Program Files\BSPlayer
2007-11-24 00:19 <DIR> d-------- C:\Program Files\Razer
2007-11-24 00:19 53,248 --a------ C:\WINDOWS\system32\razer.cpl
2007-11-23 23:21 <DIR> d-------- C:\Program Files\Valve
2007-11-23 01:07 <DIR> d-------- C:\Documents and Settings\All Users\Data aplikací\Grisoft
2007-11-23 01:07 <DIR> d-------- C:\Documents and Settings\Administrator\Plocha
2007-11-23 01:07 <DIR> d--h----- C:\Documents and Settings\Administrator\Okolní tiskárny
2007-11-23 01:07 <DIR> d--h----- C:\Documents and Settings\Administrator\Okolní síť
2007-11-23 01:07 <DIR> d-------- C:\Documents and Settings\Administrator\Oblíbené položky
2007-11-23 01:07 <DIR> dr------- C:\Documents and Settings\Administrator\Nabídka Start
2007-11-23 01:07 <DIR> d-------- C:\Documents and Settings\Administrator\Dokumenty
2007-11-23 00:52 <DIR> d--h----- C:\Documents and Settings\Administrator\Šablony
2007-11-23 00:52 <DIR> dr-h----- C:\Documents and Settings\Administrator\Data aplikací
2007-11-23 00:28 <DIR> d-------- C:\Program Files\WinClamAVShield
2007-11-23 00:23 <DIR> d-------- C:\Program Files\Spyware Terminator
2007-11-23 00:23 <DIR> d-------- C:\Program Files\Crawler
2007-11-23 00:23 <DIR> d-------- C:\Documents and Settings\All Users\Data aplikací\Spyware Terminator
2007-11-22 21:58 <DIR> d-------- C:\Documents and Settings\G_M\Data aplikací\Grisoft
2007-11-22 21:58 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-11-22 19:27 <DIR> d-------- C:\Program Files\SpywareBlaster
2007-11-22 19:27 1,066,176 --a------ C:\WINDOWS\system32\MSCOMCTL.OCX
2007-11-22 19:27 118,784 --a------ C:\WINDOWS\system32\MSSTDFMT.DLL
2007-11-22 19:27 115,920 --a------ C:\WINDOWS\system32\MSINET.OCX
2007-11-22 18:16 8,704 --a------ C:\WINDOWS\system32\kbdjpn.dll
2007-11-22 18:16 8,192 --a------ C:\WINDOWS\system32\kbdkor.dll
2007-11-22 18:16 6,144 --a------ C:\WINDOWS\system32\kbd106.dll
2007-11-22 18:16 6,144 --a------ C:\WINDOWS\system32\kbd101c.dll
2007-11-22 18:16 6,144 --a------ C:\WINDOWS\system32\kbd101b.dll
2007-11-22 18:16 5,632 --a------ C:\WINDOWS\system32\kbd103.dll
2007-11-22 18:06 26,496 --a--c--- C:\WINDOWS\system32\dllcache\usbstor.sys
2007-11-22 00:53 <DIR> d-------- C:\Program Files\Codec Pack - All In 1
2007-11-22 00:53 737,280 --a------ C:\WINDOWS\iun6002.exe
2007-11-21 21:18 <DIR> d--h----- C:\WINDOWS\$hf_mig$
2007-11-21 21:07 <DIR> d-------- C:\Program Files\NVIDIA Corporation
2007-11-21 21:06 <DIR> d-------- C:\Program Files\ICQ6
2007-11-21 21:06 <DIR> d-------- C:\Documents and Settings\G_M\Data aplikací\ICQ
2007-11-21 21:01 0 --a------ C:\WINDOWS\system32\h323log.txt

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-11-24 18:24 --------- d-----w C:\Program Files\TCM
2007-11-23 23:19 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-11-22 23:29 167,633 --sha-w C:\WINDOWS\system32\kmllm.ini2
2007-11-22 23:27 138,368 ----a-w C:\WINDOWS\system32\drivers\sp_rsdrv2.sys
2007-11-21 19:56 99,970 ----a-w C:\WINDOWS\UninstallFirefox.exe
2007-11-21 19:40 --------- d-----w C:\Program Files\Kerio
2007-11-21 19:40 --------- d-----w C:\Program Files\Common Files\InstallShield
2007-11-21 19:22 --------- d-----w C:\Program Files\Alwil Software
2007-11-21 19:06 --------- d-----w C:\Program Files\microsoft frontpage
2007-10-04 16:14 81,920 ----a-w C:\WINDOWS\system32\nvwddi.dll
2007-10-04 16:14 81,920 ----a-w C:\WINDOWS\system32\nvmctray.dll
2007-10-04 16:14 8,491,008 ----a-w C:\WINDOWS\system32\nvcpl.dll
2007-10-04 16:14 753,664 ----a-w C:\WINDOWS\system32\nvcplui.exe
2007-10-04 16:14 6,854,464 ----a-w C:\WINDOWS\system32\drivers\nv4_mini.sys
2007-10-04 16:14 6,750,208 ----a-w C:\WINDOWS\system32\nvoglnt.dll
2007-10-04 16:14 6,344,704 ----a-w C:\WINDOWS\system32\nvdisps.dll
2007-10-04 16:14 5,783,424 ----a-w C:\WINDOWS\system32\nv4_disp.dll
2007-10-04 16:14 466,944 ----a-w C:\WINDOWS\system32\nvshell.dll
2007-10-04 16:14 45,056 ----a-w C:\WINDOWS\system32\nvmccsrs.dll
2007-10-04 16:14 442,368 ----a-w C:\WINDOWS\system32\nvappbar.exe
2007-10-04 16:14 425,984 ----a-w C:\WINDOWS\system32\keystone.exe
2007-10-04 16:14 364,544 ----a-w C:\WINDOWS\system32\nvapi.dll
2007-10-04 16:14 36,864 ----a-w C:\WINDOWS\system32\nvcodins.dll
2007-10-04 16:14 36,864 ----a-w C:\WINDOWS\system32\nvcod.dll
2007-10-04 16:14 356,352 ----a-w C:\WINDOWS\system32\nvudisp.exe
2007-10-04 16:14 307,200 ----a-w C:\WINDOWS\system32\nvexpbar.dll
2007-10-04 16:14 3,551,232 ----a-w C:\WINDOWS\system32\nvvitvs.dll
2007-10-04 16:14 3,334,144 ----a-w C:\WINDOWS\system32\nvgames.dll
2007-10-04 16:14 286,720 ----a-w C:\WINDOWS\system32\nvnt4cpl.dll
2007-10-04 16:14 229,376 ----a-w C:\WINDOWS\system32\nvmccs.dll
2007-10-04 16:14 2,371,584 ----a-w C:\WINDOWS\system32\nvwss.dll
2007-10-04 16:14 188,416 ----a-w C:\WINDOWS\system32\nvmccss.dll
2007-10-04 16:14 155,716 ----a-w C:\WINDOWS\system32\nvsvc32.exe
2007-10-04 16:14 147,456 ----a-w C:\WINDOWS\system32\nvcolor.exe
2007-10-04 16:14 1,703,936 ----a-w C:\WINDOWS\system32\nvwdmcpl.dll
2007-10-04 16:14 1,626,112 ----a-w C:\WINDOWS\system32\nwiz.exe
2007-10-04 16:14 1,478,656 ----a-w C:\WINDOWS\system32\nview.dll
2007-10-04 16:14 1,339,392 ----a-w C:\WINDOWS\system32\nvdspsch.exe
2007-10-04 16:14 1,150,976 ----a-w C:\WINDOWS\system32\nvmobls.dll
2007-10-04 16:14 1,019,904 ----a-w C:\WINDOWS\system32\nvwimg.dll
2007-09-06 11:09 801,144 ----a-w C:\WINDOWS\system32\aswBoot.exe
2007-09-06 11:00 95,608 ----a-w C:\WINDOWS\system32\AvastSS.scr
.

((((((((((((((((((((((((((((( snapshot@2007-11-24_23.20.04.93 )))))))))))))))))))))))))))))))))))))))))
.
+ 2001-11-23 12:08:20 712,704 ----a-r C:\WINDOWS\system32\a3dpropu.dll
+ 2005-03-07 14:29:30 45,056 ----a-r C:\WINDOWS\system32\cmdrvrmu.dll
+ 2005-12-21 14:41:58 253,952 ----a-r C:\WINDOWS\system32\cmdrvrmu.exe
+ 2004-02-18 14:19:28 16,384 ----a-r C:\WINDOWS\system32\cmpropu.dll
+ 2004-02-13 15:39:32 98,304 ----a-r C:\WINDOWS\system32\cmudau.dll
+ 2004-08-17 14:49:08 21,504 -c--a-w C:\WINDOWS\system32\dllcache\hidserv.dll
+ 2004-08-03 22:07:56 59,264 -c--a-w C:\WINDOWS\system32\dllcache\usbaudio.sys
+ 2004-08-03 22:08:48 31,616 -c--a-w C:\WINDOWS\system32\dllcache\usbccgp.sys
+ 2006-02-10 11:51:14 1,391,040 ----a-r C:\WINDOWS\system32\drivers\cmudaxu.sys
+ 2004-08-03 22:07:56 59,264 ----a-w C:\WINDOWS\system32\drivers\USBAUDIO.sys
+ 2004-08-03 22:08:48 31,616 ----a-w C:\WINDOWS\system32\drivers\usbccgp.sys
+ 2004-08-03 22:08:00 60,288 ----a-w C:\WINDOWS\system32\ReinstallBackups\0004\DriverFiles\i386\drmk.sys
+ 2004-08-03 22:15:22 140,928 ----a-w C:\WINDOWS\system32\ReinstallBackups\0004\DriverFiles\i386\ks.sys
+ 2004-08-17 14:49:10 4,096 ----a-w C:\WINDOWS\system32\ReinstallBackups\0004\DriverFiles\i386\ksuser.dll
+ 2004-08-03 22:15:50 145,792 ----a-w C:\WINDOWS\system32\ReinstallBackups\0004\DriverFiles\i386\portcls.sys
+ 2004-08-03 22:08:04 48,640 ----a-w C:\WINDOWS\system32\ReinstallBackups\0004\DriverFiles\i386\stream.sys
+ 2004-08-03 22:07:56 59,264 ----a-w C:\WINDOWS\system32\ReinstallBackups\0004\DriverFiles\i386\USBAUDIO.sys
+ 2007-11-25 19:26:09 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_5b8.dat
+ 2007-11-25 19:26:28 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_798.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-17 15:49]
"Steam"="C:\Program Files\Valve\Steam\Steam.exe" [2007-11-23 23:24]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="RUNDLL32.exe" [2004-08-17 15:49 C:\WINDOWS\system32\rundll32.exe]
"nwiz"="nwiz.exe" [2007-10-04 17:14 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="RUNDLL32.exe" [2004-08-17 15:49 C:\WINDOWS\system32\rundll32.exe]
"C-Media Mixer"="Mixer.exe" [2002-07-12 15:33 C:\WINDOWS\mixer.exe]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-09-06 12:06]
"SpywareTerminator"="C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe" [2007-11-23 00:26]
"razer"="C:\Program Files\Razer\razerhid.exe" [2005-05-17 18:21]
"CmUsbSound"="RunDll32 cmcnfgu.cpl" []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]
"mmsass"="mmdmm.exe" []

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-17 15:49]

R1 fwdrv;Firewall Driver;C:\WINDOWS\system32\drivers\fwdrv.sys
R1 sp_rsdrv2;Spyware Terminator Driver 2;\??\C:\WINDOWS\system32\drivers\sp_rsdrv2.sys
R3 PSched;Plánovač paketů technologie QoS;C:\WINDOWS\system32\DRIVERS\psched.sys
R3 Razerlow;Razerlow USB Filter Driver;C:\WINDOWS\system32\Drivers\Razerlow.sys
S3 cmudau32;C-Media USB UDA Sound Interface;C:\WINDOWS\system32\drivers\cmudaxu.sys

.
**************************************************************************

catchme 0.3.1262 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-11-25 20:38:43
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-11-25 20:39:08
C:\ComboFix2.txt ... 2007-11-24 23:20
.

[fredik]

Vytvoř si nový CFScript.txt, vlož do něho tentokrát toto a použij ho stejným způsobem jako ten předchozí:

Kód: Vybrat vše

File::
C:\WINDOWS\system32\kmllm.ini2

Registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]
"mmsass"=-

Vlož se log z Combofixu, po použití skriptu a dej sem taky nový log z HJT.

[GrowerM]

Combo fix --->

ComboFix 07-11-19.3 - G_M 2007-11-25 21:16:58.3 - NTFSx86
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.1.1029.18.460 [GMT 1:00]
Running from: C:\Documents and Settings\G_M\Plocha\ComboFix.exe
Command switches used :: C:\Documents and Settings\G_M\Plocha\CFScript.txt
* Created a new restore point

FILE
C:\WINDOWS\system32\kmllm.ini2
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\kmllm.ini2

.
((((((((((((((((((((((((( Files Created from 2007-10-25 to 2007-11-25 )))))))))))))))))))))))))))))))
.

2007-11-25 01:48 1,254 --a------ C:\WINDOWS\system\CmcnfgU.ini
2007-11-25 01:47 <DIR> d-------- C:\Program Files\Trust HS-6200 Surround USB Headset
2007-11-25 01:47 5,464,064 -ra------ C:\WINDOWS\system\cmcnfgu.cpl
2007-11-25 01:47 917,504 -ra------ C:\WINDOWS\system\cmds3du.dll
2007-11-25 01:47 315,392 -ra------ C:\WINDOWS\system\cmifltr.dll
2007-11-25 01:47 258,048 -r------- C:\WINDOWS\CmiUSB2Uninstall.exe
2007-11-25 01:47 61,440 -ra------ C:\WINDOWS\system\cmsnxeye.exe
2007-11-25 01:45 21,504 --a------ C:\WINDOWS\system32\hidserv.dll
2007-11-25 00:34 <DIR> d-------- C:\Documents and Settings\All Users\Data aplikací\SUPERAntiSpyware.com
2007-11-24 19:37 <DIR> d-------- C:\Temp\Tmp___13777
2007-11-24 19:37 <DIR> d-------- C:\Temp
2007-11-24 19:37 <DIR> d-------- C:\Documents and Settings\All Users\Data aplikací\Prevx
2007-11-24 09:02 25,856 --a--c--- C:\WINDOWS\system32\dllcache\usbprint.sys
2007-11-24 00:47 <DIR> d-------- C:\Program Files\BSPlayer
2007-11-24 00:19 <DIR> d-------- C:\Program Files\Razer
2007-11-24 00:19 53,248 --a------ C:\WINDOWS\system32\razer.cpl
2007-11-23 23:21 <DIR> d-------- C:\Program Files\Valve
2007-11-23 01:07 <DIR> d-------- C:\Documents and Settings\All Users\Data aplikací\Grisoft
2007-11-23 01:07 <DIR> d-------- C:\Documents and Settings\Administrator\Plocha
2007-11-23 01:07 <DIR> d--h----- C:\Documents and Settings\Administrator\Okolní tiskárny
2007-11-23 01:07 <DIR> d--h----- C:\Documents and Settings\Administrator\Okolní síť
2007-11-23 01:07 <DIR> d-------- C:\Documents and Settings\Administrator\Oblíbené položky
2007-11-23 01:07 <DIR> dr------- C:\Documents and Settings\Administrator\Nabídka Start
2007-11-23 01:07 <DIR> d-------- C:\Documents and Settings\Administrator\Dokumenty
2007-11-23 00:52 <DIR> d--h----- C:\Documents and Settings\Administrator\Šablony
2007-11-23 00:52 <DIR> dr-h----- C:\Documents and Settings\Administrator\Data aplikací
2007-11-23 00:28 <DIR> d-------- C:\Program Files\WinClamAVShield
2007-11-23 00:23 <DIR> d-------- C:\Program Files\Spyware Terminator
2007-11-23 00:23 <DIR> d-------- C:\Program Files\Crawler
2007-11-23 00:23 <DIR> d-------- C:\Documents and Settings\All Users\Data aplikací\Spyware Terminator
2007-11-22 21:58 <DIR> d-------- C:\Documents and Settings\G_M\Data aplikací\Grisoft
2007-11-22 21:58 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-11-22 19:27 <DIR> d-------- C:\Program Files\SpywareBlaster
2007-11-22 19:27 1,066,176 --a------ C:\WINDOWS\system32\MSCOMCTL.OCX
2007-11-22 19:27 118,784 --a------ C:\WINDOWS\system32\MSSTDFMT.DLL
2007-11-22 19:27 115,920 --a------ C:\WINDOWS\system32\MSINET.OCX
2007-11-22 18:16 8,704 --a------ C:\WINDOWS\system32\kbdjpn.dll
2007-11-22 18:16 8,192 --a------ C:\WINDOWS\system32\kbdkor.dll
2007-11-22 18:16 6,144 --a------ C:\WINDOWS\system32\kbd106.dll
2007-11-22 18:16 6,144 --a------ C:\WINDOWS\system32\kbd101c.dll
2007-11-22 18:16 6,144 --a------ C:\WINDOWS\system32\kbd101b.dll
2007-11-22 18:16 5,632 --a------ C:\WINDOWS\system32\kbd103.dll
2007-11-22 18:06 26,496 --a--c--- C:\WINDOWS\system32\dllcache\usbstor.sys
2007-11-22 00:53 <DIR> d-------- C:\Program Files\Codec Pack - All In 1
2007-11-22 00:53 737,280 --a------ C:\WINDOWS\iun6002.exe
2007-11-21 21:18 <DIR> d--h----- C:\WINDOWS\$hf_mig$
2007-11-21 21:07 <DIR> d-------- C:\Program Files\NVIDIA Corporation
2007-11-21 21:06 <DIR> d-------- C:\Program Files\ICQ6
2007-11-21 21:06 <DIR> d-------- C:\Documents and Settings\G_M\Data aplikací\ICQ
2007-11-21 21:01 0 --a------ C:\WINDOWS\system32\h323log.txt

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-11-24 18:24 --------- d-----w C:\Program Files\TCM
2007-11-23 23:19 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-11-22 23:27 138,368 ----a-w C:\WINDOWS\system32\drivers\sp_rsdrv2.sys
2007-11-21 19:56 99,970 ----a-w C:\WINDOWS\UninstallFirefox.exe
2007-11-21 19:40 --------- d-----w C:\Program Files\Kerio
2007-11-21 19:40 --------- d-----w C:\Program Files\Common Files\InstallShield
2007-11-21 19:22 --------- d-----w C:\Program Files\Alwil Software
2007-11-21 19:06 --------- d-----w C:\Program Files\microsoft frontpage
2007-10-04 16:14 81,920 ----a-w C:\WINDOWS\system32\nvwddi.dll
2007-10-04 16:14 81,920 ----a-w C:\WINDOWS\system32\nvmctray.dll
2007-10-04 16:14 8,491,008 ----a-w C:\WINDOWS\system32\nvcpl.dll
2007-10-04 16:14 753,664 ----a-w C:\WINDOWS\system32\nvcplui.exe
2007-10-04 16:14 6,854,464 ----a-w C:\WINDOWS\system32\drivers\nv4_mini.sys
2007-10-04 16:14 6,750,208 ----a-w C:\WINDOWS\system32\nvoglnt.dll
2007-10-04 16:14 6,344,704 ----a-w C:\WINDOWS\system32\nvdisps.dll
2007-10-04 16:14 5,783,424 ----a-w C:\WINDOWS\system32\nv4_disp.dll
2007-10-04 16:14 466,944 ----a-w C:\WINDOWS\system32\nvshell.dll
2007-10-04 16:14 45,056 ----a-w C:\WINDOWS\system32\nvmccsrs.dll
2007-10-04 16:14 442,368 ----a-w C:\WINDOWS\system32\nvappbar.exe
2007-10-04 16:14 425,984 ----a-w C:\WINDOWS\system32\keystone.exe
2007-10-04 16:14 364,544 ----a-w C:\WINDOWS\system32\nvapi.dll
2007-10-04 16:14 36,864 ----a-w C:\WINDOWS\system32\nvcodins.dll
2007-10-04 16:14 36,864 ----a-w C:\WINDOWS\system32\nvcod.dll
2007-10-04 16:14 356,352 ----a-w C:\WINDOWS\system32\nvudisp.exe
2007-10-04 16:14 307,200 ----a-w C:\WINDOWS\system32\nvexpbar.dll
2007-10-04 16:14 3,551,232 ----a-w C:\WINDOWS\system32\nvvitvs.dll
2007-10-04 16:14 3,334,144 ----a-w C:\WINDOWS\system32\nvgames.dll
2007-10-04 16:14 286,720 ----a-w C:\WINDOWS\system32\nvnt4cpl.dll
2007-10-04 16:14 229,376 ----a-w C:\WINDOWS\system32\nvmccs.dll
2007-10-04 16:14 2,371,584 ----a-w C:\WINDOWS\system32\nvwss.dll
2007-10-04 16:14 188,416 ----a-w C:\WINDOWS\system32\nvmccss.dll
2007-10-04 16:14 155,716 ----a-w C:\WINDOWS\system32\nvsvc32.exe
2007-10-04 16:14 147,456 ----a-w C:\WINDOWS\system32\nvcolor.exe
2007-10-04 16:14 1,703,936 ----a-w C:\WINDOWS\system32\nvwdmcpl.dll
2007-10-04 16:14 1,626,112 ----a-w C:\WINDOWS\system32\nwiz.exe
2007-10-04 16:14 1,478,656 ----a-w C:\WINDOWS\system32\nview.dll
2007-10-04 16:14 1,339,392 ----a-w C:\WINDOWS\system32\nvdspsch.exe
2007-10-04 16:14 1,150,976 ----a-w C:\WINDOWS\system32\nvmobls.dll
2007-10-04 16:14 1,019,904 ----a-w C:\WINDOWS\system32\nvwimg.dll
2007-09-06 11:09 801,144 ----a-w C:\WINDOWS\system32\aswBoot.exe
2007-09-06 11:00 95,608 ----a-w C:\WINDOWS\system32\AvastSS.scr
.

((((((((((((((((((((((((((((( snapshot@2007-11-24_23.20.04.93 )))))))))))))))))))))))))))))))))))))))))
.
+ 2001-11-23 12:08:20 712,704 ----a-r C:\WINDOWS\system32\a3dpropu.dll
+ 2005-03-07 14:29:30 45,056 ----a-r C:\WINDOWS\system32\cmdrvrmu.dll
+ 2005-12-21 14:41:58 253,952 ----a-r C:\WINDOWS\system32\cmdrvrmu.exe
+ 2004-02-18 14:19:28 16,384 ----a-r C:\WINDOWS\system32\cmpropu.dll
+ 2004-02-13 15:39:32 98,304 ----a-r C:\WINDOWS\system32\cmudau.dll
+ 2004-08-17 14:49:08 21,504 -c--a-w C:\WINDOWS\system32\dllcache\hidserv.dll
+ 2004-08-03 22:07:56 59,264 -c--a-w C:\WINDOWS\system32\dllcache\usbaudio.sys
+ 2004-08-03 22:08:48 31,616 -c--a-w C:\WINDOWS\system32\dllcache\usbccgp.sys
+ 2006-02-10 11:51:14 1,391,040 ----a-r C:\WINDOWS\system32\drivers\cmudaxu.sys
+ 2004-08-03 22:07:56 59,264 ----a-w C:\WINDOWS\system32\drivers\USBAUDIO.sys
+ 2004-08-03 22:08:48 31,616 ----a-w C:\WINDOWS\system32\drivers\usbccgp.sys
+ 2004-08-03 22:08:00 60,288 ----a-w C:\WINDOWS\system32\ReinstallBackups\0004\DriverFiles\i386\drmk.sys
+ 2004-08-03 22:15:22 140,928 ----a-w C:\WINDOWS\system32\ReinstallBackups\0004\DriverFiles\i386\ks.sys
+ 2004-08-17 14:49:10 4,096 ----a-w C:\WINDOWS\system32\ReinstallBackups\0004\DriverFiles\i386\ksuser.dll
+ 2004-08-03 22:15:50 145,792 ----a-w C:\WINDOWS\system32\ReinstallBackups\0004\DriverFiles\i386\portcls.sys
+ 2004-08-03 22:08:04 48,640 ----a-w C:\WINDOWS\system32\ReinstallBackups\0004\DriverFiles\i386\stream.sys
+ 2004-08-03 22:07:56 59,264 ----a-w C:\WINDOWS\system32\ReinstallBackups\0004\DriverFiles\i386\USBAUDIO.sys
+ 2007-11-25 19:26:09 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_5b8.dat
+ 2007-11-25 19:26:28 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_798.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-17 15:49]
"Steam"="C:\Program Files\Valve\Steam\Steam.exe" [2007-11-23 23:24]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="RUNDLL32.exe" [2004-08-17 15:49 C:\WINDOWS\system32\rundll32.exe]
"nwiz"="nwiz.exe" [2007-10-04 17:14 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="RUNDLL32.exe" [2004-08-17 15:49 C:\WINDOWS\system32\rundll32.exe]
"C-Media Mixer"="Mixer.exe" [2002-07-12 15:33 C:\WINDOWS\mixer.exe]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-09-06 12:06]
"SpywareTerminator"="C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe" [2007-11-23 00:26]
"razer"="C:\Program Files\Razer\razerhid.exe" [2005-05-17 18:21]
"CmUsbSound"="RunDll32 cmcnfgu.cpl" []

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-17 15:49]

R1 fwdrv;Firewall Driver;C:\WINDOWS\system32\drivers\fwdrv.sys
R1 sp_rsdrv2;Spyware Terminator Driver 2;\??\C:\WINDOWS\system32\drivers\sp_rsdrv2.sys
R3 PSched;Plánovač paketů technologie QoS;C:\WINDOWS\system32\DRIVERS\psched.sys
R3 Razerlow;Razerlow USB Filter Driver;C:\WINDOWS\system32\Drivers\Razerlow.sys
S3 cmudau32;C-Media USB UDA Sound Interface;C:\WINDOWS\system32\drivers\cmudaxu.sys

.
**************************************************************************

catchme 0.3.1262 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-11-25 21:18:11
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-11-25 21:18:34
C:\ComboFix2.txt ... 2007-11-25 20:39
C:\ComboFix3.txt ... 2007-11-24 23:20

.
.
.
.
.
.
HiJackThis --->

Logfile of HijackThis v1.99.1
Scan saved at 21:20:36, on 25.11.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe
C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe
C:\WINDOWS\Mixer.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe
C:\Program Files\Razer\razerhid.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Valve\Steam\Steam.exe
C:\Program Files\Razer\razertra.exe
C:\Program Files\Razer\razerofa.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\TCM\TOTALCMD.EXE
D:\Install\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O3 - Toolbar: &Crawler lišta - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SpywareTerminator] "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe"
O4 - HKLM\..\Run: [razer] C:\Program Files\Razer\razerhid.exe
O4 - HKLM\..\Run: [CmUsbSound] RunDll32 cmcnfgu.cpl,CMICtrlWnd
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Steam] "C:\Program Files\Valve\Steam\Steam.exe" -silent
O8 - Extra context menu item: Crawler Search - tbr:iemenu
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Kerio Personal Firewall 4 (KPF4) - Kerio Technologies - C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe
O23 - Service: nTune Service (nTuneService) - NVIDIA - C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe

[fredik]

Jdi přes Start -> Spustit... a napiš do okna tento příkaz označený modře ComboFix /u (mezi comobofix a /u musí být mezera) a dej Ok.

Poznámka:
Používáš starší verzi HijackThis, pokud by jsi někdy v budoucnu ho potřeboval, stáhni si aktuální verzi zde a tu starou před použitím vymaž.

Pokud víš co máš v této složce (C:\Temp), tak logy vypadají dobře, máš ještě problémy?

[GrowerM]

Mno až a ten ("V aplikaci Generic Host Process for Win32 Services došlo k problému a je třeba ji zavřít. Omlouváme se za vzniklé potíže.") je to v cajku ... počítač se startuje za nějakejch 30secund... to mě hodně překvapilo.....
Díky ti moc ... hlavně díky za super rychlé vyřešení, i když né na 100%(ten zvuk mě štve:-( ) ....
Jsem rád, že mezi námi ještě existují lidé kteří takto vstřícně pomáhají .... rychle, zadarmo a na profesionální úrovni....

[GrowerM]

Ta chyba už jest taky vyřešena .... Zítra sem na forum hodim návod jak na to, páč co sem viděl na jiných forech, s tim má problém dost lidí .....
A jinak můžu schledat, že stabilnější komp sem díky fredikovi neměl od doby pvního připojení na net .... Pevně doufám, že mi to vydrží alespoň měsíc aniž bych Formátoval ...