Problem s vypnutim

Zdravim,
mam maly problem a to uz s dvoma pocitacmi. Ked dam vypnut pc, tak mi pocitac zostane na obrazovke s hlaskou SYSTEM WINDOWS SA VYPINA stat a dalej nic. Sa nevypne. Mys reaguje, ale ctrl+alt+del napr nie. Skusil som cez hijack najst nieco, na http://www.hijackthis.de/cz mi nic, co by bolo vazne nenaslo. Na mojom pocitaci to robi odvcera, na inom uz davnejsie. Neviete, v com moze byt problem?

http://support.microsoft.com/?kbid=307274

alebo hod sem logy z Hjt + combofixu

sk ak by bol problem s en http://support.microsoft.com/kb/307274/sk

hm, myslim, ze v tomto to nebude. on prestane reagovat pri hlaske SYSTEM WINDOWS SA VYPINA, nie pri SYSTEM UKLADA VASE NASTAVENIA. nie som teraz za mojim pc. vecer tu hodim log z HjT.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:52:25, on 29.5.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\System\Ad-Aware 2007\aawservice.exe
C:\Program Files\Internet\Avast\aswUpdSv.exe
C:\Program Files\Internet\Avast\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Internet\Avast\ashDisp.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\PROGRA~1\ERGOSE~1\MouseElf.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Internet\Avast\ashMaiSv.exe
C:\Program Files\Internet\Avast\ashWebSv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\System\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://iptv2.antik.sk/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
O2 - BHO: Podpora odkazu pre aplikáciu Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Pomocník pro přihlášení ke službě Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\Internet\Avast\ashDisp.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [mouseElf] C:\PROGRA~1\ERGOSE~1\MouseElf.EXE
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\Internet\ICQ\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\Internet\ICQ\ICQLite.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O15 - Trusted Zone: http://asia.msi.com.tw
O15 - Trusted Zone: http://global.msi.com.tw
O15 - Trusted Zone: http://www.msi.com.tw
O16 - DPF: {8167C273-DF59-4416-B647-C8BB2C7EE83E} (WebSDev Control) - http://liveupdate.msi.com.tw/autobios/L ... nstall.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload.macromedia.com/pub/s ... wflash.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\System\Ad-Aware 2007\aawservice.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Internet\Avast\aswUpdSv.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Internet\Avast\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Internet\Avast\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Internet\Avast\ashWebSv.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Napalovanie\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SolidWorks Licensing Service - SolidWorks - C:\Program Files\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe

--
End of file - 5172 bytes

no nikto mi nic neporadi?

ten pocitac sa so mnou hra. vcera som odinstaloval 5 poslednych updatov, vratil hodnoty OC na grafike. 2 krat sa spravne vypol a na treti krat nie

resetni bios, a skus. samozrejme potom nastav cas a pod.. ale pokrocile nastavenia nie.

myslis, ze to bude biosom? ale tam som nic nemenil. akurat OC procaku ale skusim...
zaujimave je, ze sa mi to deje na dvoch PC. ta ista vec. takze s tym biosom asi neporiesim nic....

kirik, log je čistý. Ešte hod log z combofix

mozes mat posahane nastavenie acpi a podobne, tak to resetni, nic sa ti nestane ked to spravis (pri odpojenom napajani )

reset biosu nepomohol. ked ukaze tu obrazovku, ze system sa vypina, tak prestane reagovat, ale hdd dioda sem tam preblikne. tu je log z combofix:
ComboFix 08-06-01.6 - Palik 2008-06-02 21:23:16.1 - NTFSx86
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.1.1033.18.1136 [GMT 2:00]
Running from: D:\Stiahnuté\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((( Files Created from 2008-05-02 to 2008-06-02 )))))))))))))))))))))))))))))))
.

2008-06-01 21:07 . 2008-06-01 21:08 1,355 --a------ C:\WINDOWS\imsins.BAK
2008-05-30 22:38 . 2008-05-30 22:45 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-05-30 22:36 . 2008-05-30 22:43 <DIR> d-------- C:\Program Files\Google
2008-05-26 20:12 . 2008-05-26 20:12 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\DVD Shrink
2008-05-20 20:58 . 2008-05-20 20:58 <DIR> d-------- C:\Program Files\Setup Files
2008-05-20 20:43 . 2008-05-20 20:43 <DIR> d-------- C:\Program Files\MSI
2008-05-15 17:18 . 2008-05-15 17:18 <DIR> d-------- C:\Documents and Settings\Palik\Application Data\dvdcss
2008-05-11 17:18 . 2008-05-11 17:18 20 --ah----- C:\sccfg.sys
2008-05-07 21:13 . 2008-05-07 21:15 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-05-07 19:55 . 2008-05-07 19:55 <DIR> d-------- C:\Program Files\MSXML 6.0
2008-05-07 19:55 . 2008-05-07 19:55 <DIR> d-------- C:\Program Files\Microsoft CAPICOM 2.1.0.2
2008-05-04 15:25 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll
2008-05-04 15:25 . 2007-07-30 19:19 207,736 --a------ C:\WINDOWS\system32\muweb.dll
2008-05-04 15:25 . 2007-07-30 19:19 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui
2008-05-04 13:10 . 2008-05-04 13:10 <DIR> d-------- C:\Program Files\Common Files\Autodesk
2008-05-04 13:08 . 2008-05-04 13:08 <DIR> d-------- C:\Program Files\Microsoft WSE
2008-05-04 13:08 . 2008-05-04 13:08 <DIR> d-------- C:\Program Files\DWG TrueView 2007
2008-05-04 13:04 . 2008-05-04 13:10 <DIR> d-------- C:\Program Files\Autodesk
2008-05-04 13:00 . 2008-05-10 18:21 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Autodesk
2008-05-04 12:58 . 2008-05-04 15:45 <DIR> d-------- C:\Program Files\Common Files\Autodesk Shared
2008-05-03 18:25 . 2008-05-03 18:25 <DIR> d-------- C:\Documents and Settings\Palik\Contacts
2008-05-03 18:24 . 2008-05-03 18:24 <DIR> d-------- C:\Program Files\Windows Live
2008-05-03 18:24 . 2008-05-03 18:24 <DIR> d--hsc--- C:\Program Files\Common Files\WindowsLiveInstaller
2008-05-03 18:24 . 2008-05-03 18:24 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-05-02 12:26 . 2006-12-08 17:01 547,840 --a------ C:\WINDOWS\mHotkey.exe
2008-05-02 12:26 . 2003-07-03 14:21 294,912 --a------ C:\WINDOWS\PIC.dll
2008-05-02 12:26 . 2005-02-25 16:54 233,472 --a------ C:\WINDOWS\InstIt.exe
2008-05-02 12:26 . 2005-02-25 16:54 24,576 --a------ C:\WINDOWS\HKNTDLL.dll
2008-05-02 12:26 . 2005-02-25 16:54 5,280 --a------ C:\WINDOWS\hotbtnv.vxd
2008-05-02 12:26 . 2007-01-15 17:37 4,308 --a------ C:\WINDOWS\NT4_98.reg
2008-05-02 12:26 . 2007-01-15 17:37 4,306 --a------ C:\WINDOWS\2K.reg
2008-05-02 12:26 . 2007-01-15 17:37 4,290 --a------ C:\WINDOWS\Other.reg
2008-05-02 12:26 . 2007-01-15 17:37 4,290 --a------ C:\WINDOWS\MeXP.reg
2008-05-02 12:26 . 2007-01-11 15:45 490 --a------ C:\WINDOWS\Instit.ini

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-02 19:09 --------- d-----w C:\Documents and Settings\Palik\Application Data\Skype
2008-06-02 18:39 --------- d-----w C:\Documents and Settings\Palik\Application Data\skypePM
2008-05-30 20:52 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-05-28 19:05 --------- d-----w C:\Documents and Settings\Palik\Application Data\uTorrent
2008-05-26 18:12 --------- d-----w C:\Program Files\Multimedia
2008-05-26 17:48 --------- d-----w C:\Program Files\System
2008-05-19 18:16 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-05-10 16:21 --------- d-----w C:\Documents and Settings\Palik\Application Data\Autodesk
2008-05-07 19:13 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-05-04 13:41 --------- d-----w C:\Program Files\Internet
2008-05-04 13:41 --------- d-----w C:\Documents and Settings\Palik\Application Data\Lavasoft
2008-04-26 14:22 --------- d-----w C:\Documents and Settings\Palik\Application Data\TuneUp Software
2008-04-26 14:21 --------- d-----w C:\Documents and Settings\All Users\Application Data\TuneUp Software
2008-04-22 17:32 --------- d-----w C:\Program Files\Sierra On-Line
2008-04-22 17:22 --------- d-----w C:\Documents and Settings\Palik\Application Data\SolidWorks
2008-04-22 17:17 --------- d-----w C:\Program Files\Common Files\SolidWorks Shared
2008-04-22 17:16 --------- d-----w C:\Program Files\SolidWorks Installation Manager
2008-04-22 17:16 --------- d-----w C:\Program Files\Common Files\eDrawings2007
2008-04-22 16:50 --------- d-----w C:\Program Files\Ergo Series
2008-04-21 16:12 --------- d-----w C:\Program Files\Ovládače
2008-04-20 15:16 --------- d-----w C:\Documents and Settings\Palik\Application Data\sldIM
2008-04-20 14:45 --------- d-----w C:\Documents and Settings\All Users\Application Data\Macrovision
2008-04-20 14:26 --------- d-----w C:\Program Files\Iné
2008-04-20 12:48 --------- d-----w C:\Program Files\Common Files\Adobe
2008-04-13 09:21 17,920 ----a-w C:\WINDOWS\system32\Ntaccess.sys
2008-04-08 19:08 6,656 ----a-w C:\WINDOWS\system32\haspvdd.dll
2008-04-08 19:07 132,608 ----a-w C:\WINDOWS\system32\drivers\Haspnt.sys
2008-04-08 19:07 106,496 ----a-w C:\WINDOWS\kokundo.exe
2008-03-19 09:47 1,845,248 ----a-w C:\WINDOWS\system32\win32k.sys
2008-02-10 17:20 32 ----a-w C:\Documents and Settings\All Users\Application Data\ezsid.dat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 01:56 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast!"="C:\PROGRA~1\Internet\Avast\ashDisp.exe" [2008-05-16 01:19 79224]
"nwiz"="nwiz.exe" [2006-08-11 22:43 1519616 C:\WINDOWS\system32\nwiz.exe]
"SoundMan"="SOUNDMAN.EXE" [2005-04-15 05:01 77824 C:\WINDOWS\SOUNDMAN.EXE]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-08-11 22:43 7630848]
"mouseElf"="C:\PROGRA~1\ERGOSE~1\MouseElf.EXE" [2005-03-17 01:58 184320]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 01:56 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"RichVideo"=2 (0x2)
"Autodesk Licensing Service"=3 (0x3)
"lanmanworkstation"=2 (0x2)
"WZCSVC"=2 (0x2)
"W32Time"=2 (0x2)
"upnphost"=3 (0x3)
"UxTuneUp"=2 (0x2)
"LmHosts"=2 (0x2)
"lanmanserver"=2 (0x2)
"seclogon"=2 (0x2)
"RemoteRegistry"=2 (0x2)
"RDSessMgr"=3 (0x3)
"WmdmPmSN"=3 (0x3)
"Irmon"=2 (0x2)
"CiSvc"=3 (0x3)
"FastUserSwitchingCompatibility"=3 (0x3)
"ERSvc"=2 (0x2)
"TrkWks"=2 (0x2)
"Browser"=2 (0x2)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Internet\\ICQ\\ICQLite.exe"=
"D:\\Program Files\\Strong DC++\\StrongDC.exe"=
"C:\\Program Files\\Iné\\Total Commander\\TOTALCMD.EXE"=
"C:\\Program Files\\Internet\\Mozilla Firefox\\firefox.exe"=
"C:\\Program Files\\Internet\\uTorrent\\uTorrent.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=

R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-05-16 01:20]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-05-16 01:16]
R3 genmcmnUSB;USB Scroll Mouse Driver;C:\WINDOWS\system32\DRIVERS\gflmouhid.sys [2004-04-19 07:01]
R3 PSched;QoS Packet Scheduler;C:\WINDOWS\system32\DRIVERS\psched.sys [2004-08-04 00:04]
R3 usbprint;Microsoft USB PRINTER Class;C:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-04 00:01]
S3 genmcmn;Scroll Mouse Driver;C:\WINDOWS\system32\DRIVERS\gmfiltr.sys [2004-09-15 09:53]
S3 k510bus;Sony Ericsson K510 Driver driver (WDM);C:\WINDOWS\system32\DRIVERS\k510bus.sys [2008-02-09 14:10]
S3 k510mdfl;Sony Ericsson K510 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\k510mdfl.sys [2008-02-09 14:10]
S3 k510mdm;Sony Ericsson K510 USB WMC Modem Driver;C:\WINDOWS\system32\DRIVERS\k510mdm.sys [2008-02-09 14:10]
S3 k510mgmt;Sony Ericsson K510 USB WMC Device Management Drivers (WDM);C:\WINDOWS\system32\DRIVERS\k510mgmt.sys [2008-02-09 14:10]
S3 k510obex;Sony Ericsson K510 USB WMC OBEX Interface;C:\WINDOWS\system32\DRIVERS\k510obex.sys [2008-02-09 14:10]
S3 RushTopDevice;RushTopDevice;D:\Program Files\System\Core Center\RushTop.sys []
S4 UxTuneUp;TuneUp Theme Extension;C:\WINDOWS\System32\svchost.exe [2004-08-04 01:56]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E]
\Shell\AutoRun\command - E:\Setup.exe

*Newly Created Service* - CATCHME
.
Contents of the 'Scheduled Tasks' folder
"2008-05-30 15:15:00 C:\WINDOWS\Tasks\1-Click Maintenance.job"
- C:\Program Files\System\TuneUp Utilities 2007\SystemOptimizer.exe
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-02 21:24:26
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\explorer.exe
-> C:\PROGRA~1\ERGOSE~1\WhoRU.dll
.
Completion time: 2008-06-02 21:25:03
ComboFix-quarantined-files.txt 2008-06-02 19:24:57

Pre-Run: 10,170,818,560 bytes free
Post-Run: 10,174,865,408 bytes free

163 --- E O F --- 2008-05-19 17:59:47

no tak to vyzera, ze dnes updatnem win zo zalohy. dufam, ze potom bude fungovat vsetko, ako ma. cakal som, ze mi viac poradite, no co uz

problem som vyriesil a pravdepodobne aj nasiel zdroj. obnovil som win zo zalohy a kym som v registroch neprepisal veci ohladom zrychleneho vypnutia systemu, ktore su v clanku na tomto fore, tak to slapalo v pohode. potom sa zacal zas zasekavat pri vypinani. takze som ho znova obnovil a nechal uz tak.