VIRY.CZ

Zdravím.
Chcem požiadať niekoho skúseného o pomoc.
Presiel som pocitac vsetkymi moznimi antivirmy, NOD32, Kasperski, Malwarebytes, Avast, Combofix, nieco pomazalo, a uz hlasia ze je cisty.
Ale po preinstalovani Windowsu, po jednom dni znova
vyskakuju chybove hlasenia, a pada internet.
Restartuje pocitac, a z hlaseni som vygooglil, hardwarove chyby, ale môže za tym byť aj výrus Haxdoor.
Otestoval som system combofixom a prosím Vás o pomoc s logom a dalším postupom.
poradte mi este prosím, či vírus dokaže zavíriť aj filmy, fotky a hudbu.
Prosím pomôžte niekto, Vďaka.

Log z combofixu:

ComboFix 12-12-14.01 - BERESKO 16.12.2012 6:35.3.2 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.421.1033.18.1022.521 [GMT 1:00]
Running from: c:\documents and settings\BERESKO\Desktop\aaa.exe
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
.
((((((((((((((((((((((((( Files Created from 2012-11-16 to 2012-12-16 )))))))))))))))))))))))))))))))
.
.
2012-12-16 05:13 . 2012-12-16 05:13 -------- d-----w- C:\aaa
2012-12-15 06:05 . 2012-12-15 06:06 -------- d-----w- C:\9117c64852370b7ab5b0
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-11-13 01:25 . 2008-04-14 12:00 1866368 ----a-w- c:\windows\system32\win32k.sys
2012-11-06 00:41 . 2008-04-14 12:00 290560 ----a-w- c:\windows\system32\atmfd.dll
2012-11-02 02:02 . 2008-04-14 12:00 375296 ----a-w- c:\windows\system32\dpnet.dll
2012-11-01 03:28 . 2008-06-19 20:42 841216 ----a-w- c:\windows\system32\wininet.dll
2012-11-01 03:28 . 2008-06-19 20:42 78336 ----a-w- c:\windows\system32\ieencode.dll
2012-11-01 03:28 . 2008-06-19 20:42 17408 ----a-w- c:\windows\system32\corpol.dll
2012-11-01 03:28 . 2008-04-14 12:00 1830912 ----a-w- c:\windows\system32\inetcpl.cpl
2012-10-31 23:39 . 2008-06-19 20:42 389120 ----a-w- c:\windows\system32\html.iec
2012-10-02 18:04 . 2008-04-14 12:00 58368 ----a-w- c:\windows\system32\synceng.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-10-30 22:50 121528 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-03-22 1271808]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2012-10-19 17875120]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LClock"="c:\program files\LClock\LClock.exe" [BU]
"UnlockerAssistant"="c:\program files\Unlocker\UnlockerAssistant.exe" [2006-09-07 15872]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2006-05-01 843776]
"Ai Nap"="c:\program files\ASUS\AI Nap\AiNap.exe" [2006-08-22 1422848]
"Ai Gear Help"="c:\program files\ASUS\AI Gear\GearHelp.exe" [2006-07-27 415744]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-03-08 98304]
"PivotSoftware"="c:\program files\Portrait Displays\Pivot Pro Plugin\Pivot_startup.exe" [2010-05-13 110192]
"DT PLP"="c:\program files\Common Files\Portrait Displays\Shared\DT_startup.exe" [2011-08-15 121648]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-12-22 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-12-11 948672]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-10-30 4297136]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"ShowDeskFix"="shell32" [X]
"nltide_3"="advpack.dll" [2012-11-01 124928]
.
c:\documents and settings\BERESKO\Start Menu\Programs\Startup\
Styler.lnk - c:\documents and settings\BERESKO\Application Data\Microsoft\Installer\{E9ECF354-2422-4FDB-9ABF-D8ADAC0EF941}\_585b207a.exe [2012-12-15 15086]
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\Documents and Settings\\BERESKO\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
.
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [15.12.2012 1:13 738504]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [15.12.2012 1:13 361032]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [15.12.2012 1:13 21256]
R2 PdiService;Portrait Displays SDK Service;c:\program files\Common Files\Portrait Displays\Drivers\pdisrvc.exe [15.12.2012 0:30 113264]
R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdXP3.sys [15.12.2012 0:22 101904]
S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [19.10.2012 16:14 160944]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{D58F39FF-953E-4F45-898F-59F243B9A523}]
2012-11-01 03:28 124928 ----a-w- c:\windows\system32\advpack.dll
.
Contents of the 'Scheduled Tasks' folder
.
2012-12-14 c:\windows\Tasks\1-Click Maintenance.job
- c:\program files\TuneUp Utilities 2008\OneClick.exe [2007-12-21 12:49]
.
2012-12-16 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-12-16 02:13]
.
2012-12-16 c:\windows\Tasks\avast! Emergency Update.job
- c:\program files\AVAST Software\Avast\AvastEmUpdate.exe [2012-12-15 22:50]
.
2012-12-16 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-12-15 00:38]
.
2012-12-16 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-12-15 00:38]
.
2012-12-16 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-725345543-1284227242-682003330-1004Core.job
- c:\documents and settings\BERESKO\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2012-12-16 00:38]
.
2012-12-16 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-725345543-1284227242-682003330-1004UA.job
- c:\documents and settings\BERESKO\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2012-12-16 00:38]
.
2012-12-16 c:\windows\Tasks\WGASetup.job
- c:\windows\system32\KB905474\wgasetup.exe [2012-12-15 21:18]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
IE: Crawler Search - tbr:iemenu
TCP: DhcpNameServer = 10.0.1.2 10.0.1.4
Handler: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - c:\progra~1\Crawler\Toolbar\ctbr.dll
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-12-16 06:39
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*]
@="?????????????????? v1"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*\CLSID]
@="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*]
@="?????????????????? v2"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*\CLSID]
@="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(904)
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\atiadlxx.dll
.
- - - - - - - > 'explorer.exe'(3320)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2012-12-16 06:40:06
ComboFix-quarantined-files.txt 2012-12-16 05:40
.
Pre-Run: 6 800 928 768 bytes free
Post-Run: 6 796 922 880 voľných bajtov
.
- - End Of File - - CF6AFDE61DC45C40C6AE5E8F400EEC96

Také zdravím!
Proč spouštíte ComboFix bez předchozí konzultace? Zřejmě nečtete pravidla: http://forum.viry.cz/viewtopic.php?f=12&t=5601 . CF je utilita určená odborníkům a laici by s ní mohli i nabořit systém.

Ještě dočistíme. Otevřte poznámkový blok a zkopírujte do něj:

KillAll::

Collect::
c:\documents and settings\BERESKO\Application Data\Microsoft\Installer\{E9ECF354-2422-4FDB-9ABF-D8ADAC0EF941}\_585b207a.exe

File::
c:\documents and settings\BERESKO\Start Menu\Programs\Startup\Styler.lnk
c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-725345543-1284227242-682003330-1004Core.job
c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-725345543-1284227242-682003330-1004UA.job

Reboot::

Uložte na plochu jako CFScript.txt. Pak jej myší přetáhněte nad ikonu ComboFix a pusťte. CF se spustí a vykoná příkazy ze skriptu.
[img]
http://img138.imageshack.us/img138/6433/cfscript.gif[/img]

Ďakujem za pomoc, myslíte že už by mal byť počítač čistý, alebo môžu byť niekde skryte zavirene inštalačky, antivirusy mi neukazali nič.

PC by již měl být OK. Funguje normálně?

Nie, nejde. Vyskakuju chybove hlasenia, ale caka ho preinstalovanie, system som neobnovoval, len bolo pre mna dolezite spravit zalohy, a
byt si isty ze niesu infikované ostatne dokumenty. Antivirusy hlasia vsetko v poriadku. Po preinstalovani sa uvidi. Vdaka za Vas cas.

OK. Nemáte zač!