Prosím o kontrolu HJT log, reštarty mi robí pc

Zdravím,

prosím o kotrolu HJT logu, čudne sa mi správa pc, pri otváraní videosúborov reštartuje pc sám seba, neviem prečo...
Pc bol prescanovaný s ESS a Superantispyware, nič nenašli.


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:10:36, on 2. 8. 2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\savedump.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\ASUS\GamerOSD\GamerOSD.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\oodtray.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\PROGRA~1\Zoltrix\GenieTV\TVREMOTE.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\oodag.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\WINDOWS\system32\RunDll32.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Opera\opera.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.crawler.com/search/dispatche ... p=aus&qkw=%s&tbid=60337
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.sk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=60337
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = http://dnl.crawler.com/support/sa_custo ... TbId=60337
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=60337
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://dnl.crawler.com/support/sa_custo ... TbId=60337
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: Winamp Search Class - {57BCA5FA-5DBB-45a2-B558-1755C3F6253B} - (no file)
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Winamp Toolbar Loader - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [ASUSGamerOSD] C:\Program Files\ASUS\GamerOSD\GamerOSD.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\WINDOWS\JM\JMInsIDE.exe
O4 - HKLM\..\Run: [JMB36X Configure] C:\WINDOWS\system32\JMRaidSetup.exe boot
O4 - HKLM\..\Run: [TVdiag] C:\PROGRA~1\Zoltrix\GenieTV\TVdiag.exe /startup
O4 - HKLM\..\Run: [TVWDMDrv] C:\WINDOWS\system32\drivers\tvwdmdrv.exe
O4 - HKLM\..\Run: [OODefragTray] C:\WINDOWS\system32\oodtray.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [TVRemote] C:\PROGRA~1\Zoltrix\GenieTV\TVREMOTE.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: &Winamp Search - C:\Documents and Settings\All Users\Data aplikací\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
O8 - Extra context menu item: E&xportovať do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: (no name) - {12345678-1234-1234-1234-1234567890AB} - (no file)
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microso ... 9419342437
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{29EE0AF0-D9D8-48F1-866E-776D3DBEAC7B}: NameServer = 10.30.0.1
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe

--
End of file - 10691 bytes

Ahoj,

tento subor otestuj na www.virustotal.com:

C:\WINDOWS\system32\drivers\tvwdmdrv.exe

Ahoj,

otestoval som na virustotal.com a tu je odpoveď:

F-Secure 7.60.13501.0 2008.08.02:
Suspicious:W32/ConHook!Gemini

Čo to je "za výsledok"?

Sorry, nevyznám sa v tom až tak veľmi...

Podla vysledku to nevyzera skodlivo. Skus poslat log z ComboFixu, ktory ukaze posledne zmeny v dolezitych oblastiach systemu.

No začal som s tým combofixom, klikol som na to 2x a potom mi začal pípať pc a vyšla jedna anglická tabuľka - nerozumel som čo, mal som možnosť áno/nie - dal som áno, potom ďalšia tab. áno/nie aj tam som dal áno a ďalej nič... POzdejšie začal vypísať také slová: Stage1, Stage2, 3...
Medzitým mi prestal fungovať aj net. Len po reštarte pc išiel zase. Čo je to? Ako mám pustiť tento program?
Iný neexistuje?
A ešte niečo: pred spustením programu mám deaktivovať ochranu ESS?

Ked sa pocitac restartoval, bezal CF az do konca? Je vytvoreny subor C:\ComboFix.txt?

Tu je log zo CF:
Jedna poznámka: ESS bol zapnutý a našiel 1 test. súbor EICAR, uložil do karantény.


ComboFix 08-08-01.05 - Intel Core 2 Duo 2008-08-02 20:23:32.2 - NTFSx86
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.420.1029.18.1349 [GMT 2:00]
Running from: C:\Documents and Settings\Intel Core 2 Duo\Dokumenty\ComboFix.exe
* Resident AV is active


WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((( Files Created from 2008-07-02 to 2008-08-02 )))))))))))))))))))))))))))))))
.

2008-07-24 10:40 . 2008-07-24 10:43 <DIR> d-------- C:\Program Files\BitComet
2008-07-19 10:41 . 2008-07-19 10:41 <DIR> d-------- C:\Documents and Settings\Intel Core 2 Duo\Data aplikací\QIP
2008-07-19 10:40 . 2008-07-19 10:44 <DIR> d-------- C:\Program Files\QIP Infium
2008-07-19 10:30 . 2008-07-19 10:30 <DIR> d-------- C:\Program Files\IrfanView
2008-07-14 19:31 . 2008-07-14 19:31 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2008-07-14 19:31 . 2008-07-14 19:31 <DIR> d-------- C:\Documents and Settings\Intel Core 2 Duo\Data aplikací\SUPERAntiSpyware.com
2008-07-14 19:31 . 2008-07-14 19:31 <DIR> d-------- C:\Documents and Settings\All Users\Data aplikací\SUPERAntiSpyware.com
2008-07-12 20:23 . 2008-07-12 20:23 <DIR> d-------- C:\Documents and Settings\All Users\Data aplikací\Symantec
2008-07-10 19:40 . 2008-07-10 19:40 <DIR> d-------- C:\Program Files\Trend Micro
2008-07-05 11:43 . 2008-07-05 11:43 <DIR> d-------- C:\Program Files\Common Files\Adobe AIR
2008-07-05 11:42 . 2008-07-05 11:43 <DIR> d-------- C:\Program Files\Common Files\Adobe
2008-07-05 11:18 . 2006-01-10 16:50 24,576 --a------ C:\WINDOWS\system32\AsIO.dll
2008-07-05 11:18 . 2007-12-17 17:14 12,400 --a------ C:\WINDOWS\system32\drivers\AsIO.sys
2008-07-05 11:09 . 2008-07-05 11:09 <DIR> d-------- C:\Program Files\AoA Audio Extractor
2008-07-05 11:09 . 2008-07-05 11:20 <DIR> d-a------ C:\Documents and Settings\All Users\Data aplikací\TEMP
2008-07-05 10:19 . 2005-03-10 23:57 356,352 --a------ C:\WINDOWS\eSellerateEngine.dll
2008-07-05 10:19 . 2001-06-21 21:13 81,332 --a------ C:\WINDOWS\system32\BASS.DLL
2008-07-05 10:19 . 2005-06-18 19:21 7,436 --a------ C:\WINDOWS\system32\PulseSoundTouchForVB.tlb
2008-07-05 10:19 . 2008-07-05 10:19 56 --a------ C:\WINDOWS\system\Djsec63691.dll
2008-07-05 10:19 . 2008-07-05 10:19 55 --a------ C:\WINDOWS\system\Djsec61721.dll
2008-07-03 22:48 . 2008-07-03 22:48 <DIR> d-------- C:\Program Files\YouTube Downloader
2008-07-03 16:37 . 2008-07-03 16:37 <DIR> d-------- C:\Program Files\CCleaner

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-08-02 18:09 --------- d-----w C:\Documents and Settings\Intel Core 2 Duo\Data aplikací\Skype
2008-08-02 17:05 196,608 ----a-w C:\WINDOWS\system32\drivers\nStandard.bin
2008-08-02 16:54 --------- d-----w C:\Documents and Settings\Intel Core 2 Duo\Data aplikací\LimeWire
2008-08-02 16:36 --------- d-----w C:\Documents and Settings\Intel Core 2 Duo\Data aplikací\skypePM
2008-08-02 09:41 --------- d-----w C:\Program Files\SpeedFan
2008-07-27 06:24 --------- d-----w C:\Program Files\Java
2008-07-18 13:00 --------- d-----w C:\Documents and Settings\All Users\Data aplikací\Microsoft Help
2008-07-14 17:30 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-07-07 16:15 --------- d-----w C:\Program Files\Opera
2008-07-05 09:18 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-07-05 09:18 --------- d-----w C:\Program Files\ASUS
2008-07-01 14:47 --------- d-----w C:\Documents and Settings\Intel Core 2 Duo\Data aplikací\ESET
2008-07-01 14:46 --------- d-----w C:\Program Files\ESET
2008-06-28 14:08 --------- d-----w C:\Program Files\Common Files\Java
2008-06-28 09:51 --------- d-----w C:\Program Files\Online TV Player 4
2008-06-27 18:51 --------- d-----w C:\Program Files\TrojanHunter 5.0
2008-06-27 18:07 --------- d-----w C:\Program Files\Skype
2008-06-27 18:07 --------- d-----w C:\Program Files\Common Files\Skype
2008-06-27 18:07 --------- d-----w C:\Documents and Settings\All Users\Data aplikací\Skype
2008-06-25 16:14 --------- d-----w C:\Program Files\HD Tune
2008-06-22 16:07 --------- d-----w C:\Program Files\XP Codec Pack
2008-06-22 07:51 --------- d-----w C:\Program Files\The KMPlayer
2008-06-22 07:41 --------- d-----w C:\Program Files\Google
2008-06-21 18:35 --------- d-----w C:\Program Files\ViStart
2008-06-21 15:07 --------- d-----w C:\Program Files\Windows Media Connect 2
2008-06-21 14:48 --------- d-----w C:\Program Files\Lavalys
2008-06-21 11:00 --------- d-----w C:\Documents and Settings\Intel Core 2 Duo\Data aplikací\ViStart
2008-06-21 10:22 203,264 ----a-w C:\WINDOWS\system32\miss_februar_07.scr
2008-06-20 17:42 247,296 ----a-w C:\WINDOWS\system32\mswsock.dll
2008-06-20 10:45 360,320 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
2008-06-20 10:44 138,368 ----a-w C:\WINDOWS\system32\drivers\afd.sys
2008-06-20 09:52 225,920 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys
2008-06-19 17:43 --------- d-----w C:\Documents and Settings\Intel Core 2 Duo\Data aplikací\uTorrent
2008-06-19 16:16 --------- d-----w C:\Program Files\MP3 Cutter
2008-06-19 15:04 --------- d-----w C:\Program Files\mp3DirectCut
2008-06-15 13:29 --------- d-----w C:\Documents and Settings\All Users\Data aplikací\Grisoft
2008-06-14 18:00 272,128 ------w C:\WINDOWS\system32\drivers\bthport.sys
2008-06-10 16:56 71,688 ----a-w C:\WINDOWS\system32\drivers\epfw.sys
2008-06-10 16:56 54,280 ----a-w C:\WINDOWS\system32\drivers\epfwtdi.sys
2008-06-10 16:56 30,728 ----a-w C:\WINDOWS\system32\drivers\epfwndis.sys
2008-06-10 16:48 53,256 ----a-w C:\WINDOWS\system32\drivers\easdrv.sys
2008-06-10 16:47 39,944 ----a-w C:\WINDOWS\system32\drivers\eamon.sys
2008-05-20 16:03 21,840 ----atw C:\WINDOWS\system32\SIntfNT.dll
2008-05-20 16:03 17,212 ----atw C:\WINDOWS\system32\SIntf32.dll
2008-05-20 16:03 12,067 ----atw C:\WINDOWS\system32\SIntf16.dll
2008-05-07 05:16 1,290,240 ----a-w C:\WINDOWS\system32\quartz.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-17 15:49 15360]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-01-15 16:14 147456]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 18:24 1694208]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-06-27 18:28 68856]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2008-05-30 15:54 21718312]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-05-28 10:33 1506544]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-06-28 18:43 8466432]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-06-28 18:43 81920]
"ASUSGamerOSD"="C:\Program Files\ASUS\GamerOSD\GamerOSD.exe" [2007-07-12 10:03 380928]
"JMB36X IDE Setup"="C:\WINDOWS\JM\JMInsIDE.exe" [2006-10-30 14:44 36864]
"JMB36X Configure"="C:\WINDOWS\system32\JMRaidSetup.exe" [2006-10-30 14:44 1953792]
"TVdiag"="C:\PROGRA~1\Zoltrix\GenieTV\TVdiag.exe" [2001-08-17 11:25 158720]
"TVWDMDrv"="C:\WINDOWS\system32\drivers\tvwdmdrv.exe" [2001-06-18 11:01 194048]
"OODefragTray"="C:\WINDOWS\system32\oodtray.exe" [2007-05-11 02:08 2512392]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 15:40 155648]
"Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2008-01-29 17:38 583048]
"TVRemote"="C:\PROGRA~1\Zoltrix\GenieTV\TVREMOTE.exe" [2001-12-17 10:34 299008]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 04:27 144784]
"egui"="C:\Program Files\ESET\ESET Smart Security\egui.exe" [2008-06-10 18:52 1447168]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 02:38 34672]
"nwiz"="nwiz.exe" [2007-06-28 18:43 1626112 C:\WINDOWS\system32\nwiz.exe]
"RTHDCPL"="RTHDCPL.EXE" [2006-11-14 11:21 16270848 C:\WINDOWS\RTHDCPL.exe]
"SkyTel"="SkyTel.EXE" [2006-05-16 12:04 2879488 C:\WINDOWS\SkyTel.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-17 15:49 15360]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "C:\Program Files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 10:13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.YV12"= yv12vfw.dll
"VIDC.FFDS"= ffdshow.ax
"msacm.ac3filter"= ac3filter.acm

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\Program Files\\Infogrames\\Grand Prix 4\\GP4.exe"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"22173:TCP"= 22173:TCP:BitComet 22173 TCP
"22173:UDP"= 22173:UDP:BitComet 22173 UDP

R2 BT848;BtCap, WDM Video Capture;C:\WINDOWS\system32\drivers\BT848.sys [2000-04-28 11:35]
R2 BTTUNER;BtTuner, WDM TvTuner;C:\WINDOWS\system32\drivers\BTTUNER.sys [2001-06-18 15:00]
R2 BTXBAR;BtXBar, WDM Crossbar;C:\WINDOWS\system32\drivers\BTXBAR.sys [1999-07-21 17:28]
R2 UxTuneUp;TuneUp Theme Extension;C:\WINDOWS\System32\svchost.exe [2004-08-17 15:49]
R3 asusgsb;ASUS Virtual Video Capture Device Driver;C:\WINDOWS\system32\drivers\asusgsb.sys [2007-07-12 10:03]
R3 PSched;Plánovač paketů technologie QoS;C:\WINDOWS\system32\DRIVERS\psched.sys [2004-08-03 23:04]
R3 Video3D;ASUS Video3D Service;C:\WINDOWS\system32\Drivers\Video3D32.sys [2007-07-12 10:03]
S3 TuneUp.Defrag;TuneUp Drive Defrag Service;C:\WINDOWS\System32\TuneUpDefragService.exe [2008-04-29 01:35]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp

*Newly Created Service* - CATCHME
*Newly Created Service* - PROCEXP90
.
Contents of the 'Scheduled Tasks' folder

2008-07-11 C:\WINDOWS\Tasks\1-Click Maintenance.job
- C:\Program Files\TuneUp Utilities 2008\OneClick.exe [2007-12-21 15:17]
.
- - - - ORPHANS REMOVED - - - -

URLSearchHooks-{57BCA5FA-5DBB-45a2-B558-1755C3F6253B} - (no file)


.
------- Supplementary Scan -------
.
R0 -: HKCU-Main,Start Page = hxxp://www.google.sk/
O8 -: &Winamp Search - C:\Documents and Settings\All Users\Data aplikací\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
O8 -: E&xportovať do programu Microsoft Excel - C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 -: {12345678-1234-1234-1234-1234567890AB}
O17 -: HKLM\CCS\Interface\{29EE0AF0-D9D8-48F1-866E-776D3DBEAC7B}: NameServer = 10.30.0.1


**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-02 20:24:04
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-08-02 20:24:40
ComboFix-quarantined-files.txt 2008-08-02 18:24:27

Pre-Run: Volných bajtů: 27,229,634,560
Post-Run: Volných bajtů: 27,259,441,152

180 --- E O F --- 2008-07-18 13:00:47

Skusil by som na cas zmazat ten subor, co sme testovali, aj ked si nemyslim, ze sposobuje tieto problemy.

Pouzi Avenger s tymto skriptom:



Zalohu C:\Avenger\backup.zip mi posli na mail, vdaka.



Neinstaloval si tesne pred zaznamenanim problemu kodeky alebo multimedialny prehravac?

Už mám zálohu z Avengera, ale ako to treba poslať?
Užívateľa som vybral ale zálohu ZIP ako viem vložiť?
Sorry, ale ešte som to nerobil.
Neinštaloval som v posl. dobe žiadny multimediálny prehrávač.
Môže mať to súvis s LimeWire? čítal som, že tento P2P program môže meniť nastavenia systému, neviem či je to pravda, ale predtým som taký problém nemal. Alebo nemôže byť to problém s hardwrare, narp. grafika alebo pamäť?

Posli na mail.

Ja taketo programy neinstalujem, takze Ti povedat z vlastnej skusenosti. Ale to, ze meni nastavenia moze byt pravda. Necudoval by som sa, keby to tak bolo a prispievalo tahaniu infiltracii. Hmm, ak sa restartne len po spusteni videi, tak to na hw nevidim. Skus zmenit prednastaveny prehravac.

Už mi len to vysvetli ako Ti mám poslať ZIP z Avengera.
C:/Avenger/backup/zip som aj našiel, len Ti to ako mám vložiť "do správy"?
Neviem postup, sorry.

Ináč tie reštarty najprv boli len pri hraní hier na pc, vždy modrá obrazovka plný textom a reštart ale za posl. 2-3 dni už aj pri otváraní videosúborov.
Len pri otváraní videosúborov keď reštartuje pc, na tej modrej obrazovke je oveľa menej textov ako pri reštartovaní počas hraní hier.
S každým prehrávačom to robí, a hudbu viem otvoriť, aj prehrať.
LimeWire som už odinštaloval dneska, problém ten istý.

Tam to azda vies pridat.


Nasiel som tuto temu este v jednej kategorii, kde je detailnejsi popis. Skusil by som aktualizovat ovladace.

No asi mi to podarilo Ti poslať, poplietol som to so "súkromnou správou".
Keď dostanes, ozvy sa aspoň, že ok.
Ďakujem pekne zatiaľ za pomoc