PC po 1 minúte samo reštartuje-kontrola logu HijackThis

Prosím o pomoc. PC mi po asi minútke po zapnutí samo reštartuje. Aj som pustil na disk Pandu Internet Security 2008, odstránilo mi nejaké spyware z adresára DOCUMENTS AND SETTINGS, ale stále problém pretrváva.
Prosím o radu a vopred veľmi pekne ĎAKUJEM.
Takisto sa mi stále objavuje vpravo dole na lište okno s oznámením, že som sa stal obeťou softvérovej kriminality. Ako toto okno trvalo vypnúť ?

Tu je log HijackThis:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:09:41, on 24. 6. 2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\asuskbservice.exe
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\HPZipm12.exe
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\WgaTray.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\nvraidservice.exe
C:\WINDOWS\anvshell.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\Program Files\Google\Google Talk\googletalk.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\JustVoip.com\JustVoip\JustVoip.exe
C:\WINDOWS\System32\wbem\unsecapp.exe
C:\Program Files\totalcmd\TOTALCMD.EXE
C:\Program Files\Skype\Plugin Manager\skypePM.exe
F:\antivirus\HiJackThis.exe
C:\WINDOWS\system32\wuauclt.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://internetsearchservice.com
R1 - HKLM\Software\Microsoft\Internet Explorer,SearchURL = http://internetsearchservice.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://internetsearchservice.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://search.bearshare.com/sidebar.html?src=ssb
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://internetsearchservice.com/ie6.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://internetsearchservice.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://internetsearchservice.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://internetsearchservice.com/ie6.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://internetsearchservice.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://internetsearchservice.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://internetsearchservice.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/def ... .yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 192.9.210.77:3128
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: (no name) - {1BB22D38-A411-4B13-A746-C2A4F4EC7344} - (no file)
R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\PROGRA~1\ICQTOO~1\4919\toolbaru.dll
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: XTTBPos00 - {055FD26D-3A88-4e15-963D-DC8493744B1D} - C:\PROGRA~1\ICQTOO~1\4919\toolbaru.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0 CE\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {43F31A50-EBB0-4926-A058-9F89EDC21C41} - C:\PROGRA~1\TNSAUD~1\iaudit_t.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: XBTP01621 - {F6104497-54FD-4688-9162-5115CC8AB0FB} - C:\PROGRA~1\BEARSH~1\BEARSH~2\MediaBar.dll (file missing)
O3 - Toolbar: BearShare MediaBar - {D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A} - C:\Program Files\BearShare applications\BearShare MediaBar\MediaBar.dll (file missing)
O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\PROGRA~1\ICQTOO~1\4919\toolbaru.dll
O4 - HKLM\..\Run: [NVRaidService] C:\WINDOWS\System32\nvraidservice.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [anvshell] anvshell.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\System32\NeroCheck.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe /autostart
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [JustVoip] "C:\Program Files\JustVoip.com\JustVoip\JustVoip.exe" -nosplash -minimized
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: &Search - ?p=ZRfox000
O8 - Extra context menu item: E&xportovať do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Informácie o aplikácii TNS Audit - meter - {912B1533-A668-41B3-92E6-627B150EDB90} - http://monitor.idot.sk/info (file missing)
O9 - Extra 'Tools' menuitem: Plugin TNS Audit - meter - {912B1533-A668-41B3-92E6-627B150EDB90} - http://monitor.idot.sk/info (file missing)
O9 - Extra button: Zdroje informácií - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - D:\Program Files\ICQLite\ICQLite.exe (file missing)
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - D:\Program Files\ICQLite\ICQLite.exe (file missing)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - D:\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - D:\ICQ6\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: ASUSKeyboardService - ASUSTeK COMPUTER INC. - C:\WINDOWS\asuskbservice.exe
O23 - Service: Eset HTTP Server (EHttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: %NVSVC.name% (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe

--
End of file - 8979 bytes

Zdravim, pred restartom aj vidis nejake odpocitavanie?

Fixni v logu tieto zbytocnosti:


potom si stiahni combofix zo sekcie ComboFix - vytvorenie logu: http://www.pcforum.sk/cistime-napadnuty ... 27265.html
je tam aj navod k nemu....po dokonceni combofixu log z neho vloz sem...

Zakup si licenciu na Windows, kamarat.

+

Otestuj na www.virustotal.com tento subor:

C:\PROGRA~1\TNSAUD~1\iaudit_t.dll

Ak ti bezi nejake odpocitavanie, stlac Win + R a napis shutdown -a, alebo to napis cez Start - Spustit na liste.

Nebeží mi žiadne odpočítavanie. Súbor iaudit_t.dll som otestoval. Testovanie nič nenašlo.
Spustil som Combo Fix. Tu log z neho.
ComboFix 08-06-20.4 - Administrator 2008-06-25 7:05:48.1 - NTFSx86 MINIMAL
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.1.1029.18.631 [GMT 2:00]
Running from: F:\antivirus\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

F:\U.BAT

.
((((((((((((((((((((((((( Files Created from 2008-05-25 to 2008-06-25 )))))))))))))))))))))))))))))))
.

2008-06-24 12:03 . 2008-06-24 13:49 <DIR> d-------- C:\Documents and Settings\Administrator\Plocha
2008-06-24 12:03 . 2005-12-16 22:15 <DIR> d--h----- C:\Documents and Settings\Administrator\Okolní tiskárny
2008-06-24 12:03 . 2005-12-16 22:15 <DIR> d--h----- C:\Documents and Settings\Administrator\Okolní síť
2008-06-24 12:03 . 2005-12-16 22:15 <DIR> d-------- C:\Documents and Settings\Administrator\Oblíbené položky
2008-06-24 12:03 . 2005-12-16 21:19 <DIR> d--h----- C:\Documents and Settings\Administrator\Šablony
2008-06-24 12:03 . 2005-12-16 22:15 <DIR> dr------- C:\Documents and Settings\Administrator\Nabídka Start
2008-06-24 12:03 . 2005-12-16 22:15 <DIR> d-------- C:\Documents and Settings\Administrator\Dokumenty
2008-06-24 12:03 . 2005-12-16 22:15 <DIR> dr-h----- C:\Documents and Settings\Administrator\Data aplikací
2008-06-24 12:03 . 2008-06-24 12:03 <DIR> d-------- C:\Documents and Settings\Administrator
2008-06-09 13:16 . 2008-06-09 13:16 <DIR> d-------- C:\Documents and Settings\home\Data aplikací\JustVoip
2008-06-09 13:12 . 2008-06-09 13:12 <DIR> d-------- C:\Program Files\JustVoip.com
2008-06-08 15:07 . 2008-06-08 15:07 206 --a------ C:\Zástupce - Jednotka CD-ROM.lnk
2008-06-02 19:21 . 2008-06-02 19:21 101 --a------ C:\WINDOWS\wininit.ini
2008-06-02 18:47 . 2008-06-02 18:47 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-06-02 18:47 . 2008-06-02 19:30 <DIR> d-------- C:\Documents and Settings\All Users\Data aplikací\Spybot - Search & Destroy
2008-06-02 12:29 . 2008-06-02 12:29 <DIR> d-------- C:\Program Files\CCleaner
2008-06-02 12:25 . 2008-06-02 12:25 <DIR> d-------- C:\Documents and Settings\All Users\Data aplikací\Lavasoft
2008-06-01 13:37 . 2008-06-01 13:39 <DIR> d-------- C:\Program Files\weblin
2008-06-01 13:36 . 2008-06-01 13:39 <DIR> d-------- C:\Documents and Settings\home\Data aplikací\zweitgeist
2008-06-01 11:10 . 2008-06-01 11:10 <DIR> d-------- C:\WINDOWS\system32\824223
2008-05-27 23:20 . 2008-05-27 23:20 <DIR> d--h----- C:\WINDOWS\PIF

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-24 11:31 --------- d-----w C:\Program Files\Google
2008-06-24 10:24 --------- d-----w C:\Documents and Settings\home\Data aplikací\Skype
2008-06-06 10:07 --------- d-----w C:\Documents and Settings\home\Data aplikací\ICQ Toolbar
2008-06-02 11:30 --------- d-----w C:\Documents and Settings\home\Data aplikací\U3
2008-06-02 10:25 --------- d-----w C:\Program Files\Lavasoft
2008-06-02 10:24 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-06-01 11:28 --------- d-----w C:\Program Files\Microsoft AntiSpyware
2008-06-01 11:26 --------- d-----w C:\Program Files\LostInEU
2008-06-01 09:10 --------- d-----w C:\Program Files\Opera
2008-05-30 13:24 --------- d-----w C:\Program Files\EA SPORTS
2008-05-16 09:58 12,632 ----a-w C:\WINDOWS\system32\lsdelete.exe
2008-05-12 12:08 --------- d-----w C:\Program Files\JoWooD
2008-05-11 20:09 --------- d-----w C:\Documents and Settings\home\Data aplikací\Image Zone Express
2008-05-01 10:33 --------- d-----w C:\Program Files\ESET
2008-05-01 10:29 --------- d-----w C:\Documents and Settings\home\Data aplikací\ESET
2008-04-29 09:20 15,648 ----a-w C:\WINDOWS\system32\drivers\NSDriver.sys
2008-04-29 09:19 15,648 ----a-w C:\WINDOWS\system32\drivers\Awrtrd.sys
2008-04-29 09:19 12,960 ----a-w C:\WINDOWS\system32\drivers\Awrtpd.sys
2008-04-14 12:25 107,888 ----a-w C:\WINDOWS\system32\CmdLineExt.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-17 15:49 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NVRaidService"="C:\WINDOWS\System32\nvraidservice.exe" [2004-06-11 05:15 83968]
"NvCplDaemon"="C:\WINDOWS\System32\NvCpl.dll" [2004-07-09 12:02 4136960]
"nwiz"="nwiz.exe" [2004-07-09 12:02 880640 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\System32\NvMcTray.dll" [2004-07-09 12:02 81920]
"anvshell"="anvshell.exe" [2004-06-24 15:28 393216 C:\WINDOWS\anvshell.exe]
"egui"="C:\Program Files\ESET\ESET Smart Security\egui.exe" [2008-03-13 16:48 1443072]
"MSConfig"="C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe" [2004-08-17 15:49 159232]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-17 15:49 15360]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{0CD68AC9-FF63-3E61-626B-B663E62F6236}"= C:\Program Files\Internet Explorer\romdrivers.dll [ ]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.xvid"= xvid.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^HP Digital Imaging Monitor.lnk]
path=C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění\HP Digital Imaging Monitor.lnk
backup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^home^Nabídka Start^Programy^Po spuštění^Kalendár.lnk]
path=C:\Documents and Settings\home\Nabídka Start\Programy\Po spuštění\Kalendár.lnk
backup=C:\WINDOWS\pss\Kalendár.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\googletalk]
C:\Program Files\Google\Google Talk\googletalk.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
--a------ 2005-05-12 00:12 49152 C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LanguageShortcut]
--------- 2007-02-07 16:21 54832 C:\Program Files\CyberLink\PowerDVD\Language\Language.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\My Web Search Bar]
C:\PROGRA~1\MYWEBS~1\bar\4.bin\MWSBAR.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MyWebSearch Email Plugin]
C:\PROGRA~1\MYWEBS~1\bar\4.bin\mwsoemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2001-07-09 11:50 155648 C:\WINDOWS\System32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
--------- 2007-03-14 21:01 71216 C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
-ra------ 2005-05-17 12:48 77824 C:\WINDOWS\soundman.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
-rahs---- 2008-01-28 11:43 2097488 C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
--a------ 2007-07-25 13:23 185784 C:\Program Files\Common Files\Real\Update_OB\realsched.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"D:\\ICQ6\\ICQ.exe"=
"C:\\Program Files\\CyberLink\\PowerDVD\\PowerDVD.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\QIP\\qip.exe"=
"C:\\Program Files\\JustVoip.com\\JustVoip\\JustVoip.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=

S1 ANVIOCTL;ANVIOCTL;C:\WINDOWS\system32\DRIVERS\anvioctl.sys [2004-07-08 15:44]
S2 {95808DC4-FA4A-4c74-92FE-5B863F82066B};{95808DC4-FA4A-4c74-92FE-5B863F82066B};C:\Program Files\CyberLink\PowerDVD\000.fcl [2006-11-02 16:51]
S3 AvFlt;Antivirus Filter Driver;C:\WINDOWS\system32\drivers\av5flt.sys []
S3 PSched;Plánovač paketů technologie QoS;C:\WINDOWS\system32\DRIVERS\psched.sys [2004-08-03 23:04]

*Newly Created Service* - CATCHME
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-25 07:07:40
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\{95808DC4-FA4A-4c74-92FE-5B863F82066B}]
"ImagePath"="\??\C:\Program Files\CyberLink\PowerDVD\000.fcl"
.
Completion time: 2008-06-25 7:08:19
ComboFix-quarantined-files.txt 2008-06-25 05:08:16

Adresářů: 7, Volných bajtů: 3,635,986,432
Adresářů: 12, Volných bajtů: 3,753,680,896

134 --- E O F --- 2008-05-28 13:02:35

Prosím o pomoc. ĎAKUJEM.

Pouzi Avenger s tymto skriptom:




Posli mi na mail zalohu z C:\Avenger, vdaka.



Co sa nachadza v tomto adresari?

Avenger mi napísal toto:

Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Services\xjjpylum

*******************

Script file located at: \??\C:\WINDOWS\system32\eyvcawgp.txt
Script file opened successfully.

Script file read successfully

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:



File C:\Program Files\Internet Explorer\romdrivers.dll not found!
Deletion of file C:\Program Files\Internet Explorer\romdrivers.dll failed!

Could not process line:
C:\Program Files\Internet Explorer\romdrivers.dll
Status: 0xc0000034

Registry value hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks|{0CD68AC9-FF63-3E61-626B-B663E62F6236} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\My Web Search Bar deleted successfully.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MyWebSearch Email Plugin deleted successfully.

Completed script processing.

*******************

Finished! Terminate.

V tom spomínanom adresári pod SYSTEM32 nič nie je.
PC mi stále po asi 1 minúte reštartuje-bez odpočítavania.
Prosím o pomoc.

Posli mi na mail log zo SysInspectoru.