Kontrola logu - mám vírus reader_s + Vyřešeno

[anonym004]

Zdravím, chytil som vírus reader_s a neviem si s ním rady. Skúšal som všeličo, ale dosiahol som to iba do štádia, že to vyzerá že som odstránil väčšinu nákazy ktorú tento vírus vyvoláva, a po štarte windowsu mi ho objaví AVG a pošlem ho do karanteny ale samozrejme vírus sa objavuje znova a znova, ale zatiaľ až po reštarte systému. Úplný formát urobiť nemôžem, lebo mám kopec .exe, .html, .xml súborov, ktoré sú dôležité a nemôžem ich vymazať. Takže to potrebujem dáko vyliečiť. Diki za radu

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:41:14, on 16.5.2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\ATKKBService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\WINDOWS\AV.EXE
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\Program Files\OpenOffice.org 3\program\soffice.bin
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\services.exe
C:\WINDOWS\services.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\services.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\services.exe
D:\Program Files\QIP Infium\infium.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Total Commander\TOTALCMD.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [exflashservice] "C:\Program Files\EPOX\EFS\EZ_FLASH_SERVICE.exe" "5000"
O4 - HKLM\..\Run: [nTrayFw] C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Secure AntiVirus Pro] C:\WINDOWS\AV.EXE
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [services] C:\WINDOWS\services.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: OpenOffice.org 3.0.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe
O8 - Extra context menu item: E&xportovať do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6824D897-F7E1-4E41-B84B-B1D3FA4BF1BD} (PCPitstop AntiVirus) - http://utilities.pcpitstop.com/Extermin ... iVirus.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: ASP.NET State Service (aspnet_state) - Unknown owner - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (file missing)
O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Dhcp server (DhcpSrv) - Unknown owner - C:\WINDOWS\dhcp\svchost.exe (file missing)
O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Apache Software Foundation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

--
End of file - 6479 bytes

[Reklama]

[memphisto]

Vítej na fóru PC-HELP.CZ

Stáhni si Malwarebytes' Anti-Malware
Nainstaluj a spusť ho
- na konci instalace se ujisti že máš zvoleny/zatrhnuty obě možnosti:
Update Malwarebytes' Anti-Malware (Aktualizace Malwarebytes' Anti-Malware) a Launch Malwarebytes' Anti-Malware (Spustit aplikaci Malwarebytes' Anti-Malware), pokud jo tak klikni na tlačítko Finish
- pokud bude nalezena aktualizace, tak se stáhne a nainstaluje
- program se po té spustí a nech vybranou možnost Perform Quick Scan (Provést rychlý sken) a klikni na tlačítko Scan (Skenovat)
- po proběhnutí programu se ti objeví hláška tak klikni na OK a pak na tlačítko Show Results
- pak zvol možnost Save Logfile a ulož si log na plochu
- po té klikni na tlačítko Exit, objeví se ti hláška tak zvol Ano
(zatím nic nemaž!).
Vlož sem pak obsah toho logu.

[anonym004]

Malwarebytes' Anti-Malware 1.36
Verzia databázy: 1945
Windows 5.1.2600 Service Pack 2

16.5.2009 13:35:28
mbam-log-2009-05-16 (13-35-19).txt

Typ kontroly: Rýchla
Objektov kontrolovaných: 67899
Uplynutý cas: 7 minute(s), 50 second(s)

Infikovaných procesov pamäte: 1
Infikovaných modulov pamäte: 0
Infikovaných registracných klúcov: 0
Infikovaných registracných hodnôt: 2
Infikovaných registracných údajov položiek: 1
Infikovaných priecinkov: 0
Infikovaných súborov: 4

Infikovaných procesov pamäte:
C:\WINDOWS\services.exe (Trojan.Agent) -> No action taken.

Infikovaných modulov pamäte:
(Žiadne škodlivé položky)

Infikovaných registracných klúcov:
(Žiadne škodlivé položky)

Infikovaných registracných hodnôt:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\services (Trojan.FakeAlert.H) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\services\del (Malware.Trace) -> No action taken.

Infikovaných registracných údajov položiek:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.

Infikovaných priecinkov:
(Žiadne škodlivé položky)

Infikovaných súborov:
C:\WINDOWS\services.exe (Trojan.FakeAlert.H) -> No action taken.
C:\Documents and Settings\Administrator\Desktop\VirusRemover.log (Rogue.VirusRemove) -> No action taken.
C:\WINDOWS\system32\5.tmp (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\8.tmp (Trojan.Agent) -> No action taken.

[memphisto]

. Takže spusť znovu MbAM a dej Scan
- po proběhnutí programu se ti objeví hláška tak klikni na OK a pak na tlačítko Show Results
- ujistit se že máš zatrhnuté všechny vypsané nálezy a klikni na tlačítko Remove Selected
- když skončí odstraňování tak se ti zobrazí log, tak ho sem dej.
- pak zvol v programu OK a pak program ukonči přes Exit

Vypni rezidentní štít antiviru a antispywaru
Stáhni si ComboFix (by sUBs)
a ulož si ho na plochu.
Ukonči všechna aktivní okna a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem tlačítka Ano
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení skenování by měl program vytvořit log - C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah

[anonym004]

Log s MbAM je dolu ale problém nastal pri ComboFix. Spustil som ho, a po chvíli vypísal tento error:
"!! Alert !! It is NOT SAFE to continue!

The contents of the ComboFix package has been compromised.
Please download a fresh copy from:

http://www.bleepingcomputer.com/combofi ... e-combofix

Note: You may be infected with a file patching virus (Virut)"




Malwarebytes' Anti-Malware 1.36
Verzia databázy: 1945
Windows 5.1.2600 Service Pack 2

16.5.2009 14:08:52
mbam-log-2009-05-16 (14-08-52).txt

Typ kontroly: Rýchla
Objektov kontrolovaných: 67555
Uplynutý cas: 6 minute(s), 4 second(s)

Infikovaných procesov pamäte: 1
Infikovaných modulov pamäte: 0
Infikovaných registracných klúcov: 0
Infikovaných registracných hodnôt: 2
Infikovaných registracných údajov položiek: 1
Infikovaných priecinkov: 0
Infikovaných súborov: 4

Infikovaných procesov pamäte:
C:\WINDOWS\services.exe (Trojan.Agent) -> Unloaded process successfully.

Infikovaných modulov pamäte:
(Žiadne škodlivé položky)

Infikovaných registracných klúcov:
(Žiadne škodlivé položky)

Infikovaných registracných hodnôt:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\services (Trojan.FakeAlert.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\services\del (Malware.Trace) -> Quarantined and deleted successfully.

Infikovaných registracných údajov položiek:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Infikovaných priecinkov:
(Žiadne škodlivé položky)

Infikovaných súborov:
C:\WINDOWS\services.exe (Trojan.FakeAlert.H) -> Delete on reboot.
C:\Documents and Settings\Administrator\Desktop\VirusRemover.log (Rogue.VirusRemove) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\5.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\8.tmp (Trojan.Agent) -> Quarantined and deleted successfully.

[jaro3]

Neměl jsi v PC nějakou starší verzi Combofixu (neodinstalovanou)?
Stáhni zde:
http://subs.geekstogo.com/ComboFix.exe

[anonym004]

Tak som musel znovu preinštalovať windows, ale som hneď ako prvé nainštaloval MbAM a urobil plnú kontrolu a už mi fungoval aj ComboFix. logy sú dole, a ešte by som potreboval poradiť, aký antivir mám nainštalovať, aby som zabránil ďalšiemu prístupu reader_s ? neviem ktorý by mohol byť pre toto naspoľahlivejší?? Lebo vyzerá to zatiaľ tak, že som sa ho zbavil, ale neviem kedy zase skočí :)

MbAM LOG

Malwarebytes' Anti-Malware 1.36
Verzia databázy: 2144
Windows 5.1.2600 Service Pack 2

17. 5. 2009 14:33:38
mbam-log-2009-05-17 (14-33-38).txt

Typ kontroly: Úplná (C:\|D:\|)
Objektov kontrolovaných: 233920
Uplynutý cas: 40 minute(s), 24 second(s)

Infikovaných procesov pamäte: 0
Infikovaných modulov pamäte: 0
Infikovaných registracných klúcov: 0
Infikovaných registracných hodnôt: 0
Infikovaných registracných údajov položiek: 0
Infikovaných priecinkov: 0
Infikovaných súborov: 0

Infikovaných procesov pamäte:
(Žiadne škodlivé položky)

Infikovaných modulov pamäte:
(Žiadne škodlivé položky)

Infikovaných registracných klúcov:
(Žiadne škodlivé položky)

Infikovaných registracných hodnôt:
(Žiadne škodlivé položky)

Infikovaných registracných údajov položiek:
(Žiadne škodlivé položky)

Infikovaných priecinkov:
(Žiadne škodlivé položky)

Infikovaných súborov:
(Žiadne škodlivé položky)


COMBOFIX LOG

ComboFix 09-05-16.05 - Azuritko . 05. 2009 14:35.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1250.421.1033.18.1023.695 [GMT 2:00]
Running from: c:\documents and settings\Azuritko\Desktop\ComboFix.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

d:\recycler\S-1-5-21-1177238915-1972579041-839522115-1003\Dd2.torrent
d:\recycler\S-1-5-21-1177238915-1972579041-839522115-1003\Dd3\'96\2 Unlimited - Get Ready For This.mp3
d:\recycler\S-1-5-21-1177238915-1972579041-839522115-1003\Dd3\'99\David Bowie - Heroes.mp3
d:\recycler\S-1-5-21-1177238915-1972579041-839522115-1003\Dd3\2000\Garbage - Push It.mp3
d:\recycler\S-1-5-21-1177238915-1972579041-839522115-1003\Dd3\2001\Collective Soul - Heavy.mp3
d:\recycler\S-1-5-21-1177238915-1972579041-839522115-1003\Dd3\2002\Barenaked Ladies - It's Only Me.mp3
d:\recycler\S-1-5-21-1177238915-1972579041-839522115-1003\Dd3\2002\Gob - I Hear You Calling.mp3
d:\recycler\S-1-5-21-1177238915-1972579041-839522115-1003\Dd3\2002\Sum 41 - Fat Lip.mp3
d:\recycler\S-1-5-21-1177238915-1972579041-839522115-1003\Dd3\2002\Sum 41 - Makes No Difference.mp3
d:\recycler\S-1-5-21-1177238915-1972579041-839522115-1003\Dd3\2002\The Tea Party - Temptation.mp3
d:\recycler\S-1-5-21-1177238915-1972579041-839522115-1003\Dd3\2002\Treble Charger - American Psycho.mp3
d:\recycler\S-1-5-21-1177238915-1972579041-839522115-1003\Dd3\2002\Treble Charger - Brand New Low.mp3
d:\recycler\S-1-5-21-1177238915-1972579041-839522115-1003\Dd3\2003\Blindside - Pitiful.mp3
d:\recycler\S-1-5-21-1177238915-1972579041-839522115-1003\Dd3\2003\Default - Deny.mp3
d:\recycler\S-1-5-21-1177238915-1972579041-839522115-1003\Dd3\2003\Default - Slow Me Down.mp3
d:\recycler\S-1-5-21-1177238915-1972579041-839522115-1003\Dd3\2003\Dragpipe - Simple Minded.mp3
d:\recycler\S-1-5-21-1177238915-1972579041-839522115-1003\Dd3\2003\Gob - I've Been Up These Steps.mp3
d:\recycler\S-1-5-21-1177238915-1972579041-839522115-1003\Dd3\2003\Gob - Sick With You.mp3
d:\recycler\S-1-5-21-1177238915-1972579041-839522115-1003\Dd3\2003\Greenwheel - Strong.mp3
d:\recycler\S-1-5-21-1177238915-1972579041-839522115-1003\Dd3\2003\Jimmy Eat World - Sweetness.mp3
d:\recycler\S-1-5-21-1177238915-1972579041-839522115-1003\Dd3\2003\Papa Roach - She Loves Me Not.mp3
d:\recycler\S-1-5-21-1177238915-1972579041-839522115-1003\Dd3\2003\Queens of the Stone Age - No One Knows.mp3
d:\recycler\S-1-5-21-1177238915-1972579041-839522115-1003\Dd3\2003\Trapt - Headstrong.mp3
d:\recycler\S-1-5-21-1177238915-1972579041-839522115-1003\Dd3\2003\Treble Charger - Hundred Million.mp3
d:\recycler\S-1-5-21-1177238915-1972579041-839522115-1003\Dd3\2004\Adema - Co-Dependent.mp3
d:\recycler\S-1-5-21-1177238915-1972579041-839522115-1003\Dd3\2004\Alien Ant Farm - S.S. Recognize.mp3
d:\recycler\S-1-5-21-1177238915-1972579041-839522115-1003\Dd3\2004\Autopilot Off - Clockwork.mp3
d:\recycler\S-1-5-21-1177238915-1972579041-839522115-1003\Dd3\2004\Avenged Sevenfold - Chapter Four.mp3
d:\recycler\S-1-5-21-1177238915-1972579041-839522115-1003\Dd3\2004\Bowling for Soup - Punk Rock 101.mp3
d:\recycler\S-1-5-21-1177238915-1972579041-839522115-1003\Dd3\2004\Brand New - The Quiet Things That No One Ever Knows.mp3
d:\recycler\S-1-5-21-1177238915-1972579041-839522115-1003\Dd3\2004\Cinder - Soul Creation.mp3
d:\recycler\S-1-5-21-1177238915-1972579041-839522115-1003\Dd3\2004\Deftones - Minerva.mp3
d:\recycler\S-1-5-21-1177238915-1972579041-839522115-1003\Dd3\2004\Dexter Freebish - A Life of Saturdays.mp3
d:\recycler\S-1-5-21-1177238915-1972579041-839522115-1003\Dd3\2004\Dexter Freebish - Falling Down.mp3
d:\recycler\S-1-5-21-1177238915-1972579041-839522115-1003\Dd3\2004\Gob - Oh! Ellin.mp3
d:\recycler\S-1-5-21-1177238915-1972579041-839522115-1003\Dd3\2004\Jerk - Sucked In.mp3
d:\recycler\S-1-5-21-1177238915-1972579041-839522115-1003\Dd3\2004\Less Than Jake - The Ghosts Of Me And You.mp3
d:\recycler\S-1-5-21-1177238915-1972579041-839522115-1003\Dd3\2004\Mesh STL - NHL 2004 - Down.mp3
d:\recycler\S-1-5-21-1177238915-1972579041-839522115-1003\Dd3\2004\The Ataris - Radio #2.mp3
d:\recycler\S-1-5-21-1177238915-1972579041-839522115-1003\Dd3\2004\Vendetta Red - Shatterday.mp3
d:\recycler\S-1-5-21-1177238915-1972579041-839522115-1003\Dd3\2005\Ash - Orpheus.mp3
d:\recycler\S-1-5-21-1177238915-1972579041-839522115-1003\Dd3\2005\Burning Brides - Heart Full of Black.mp3
d:\recycler\S-1-5-21-1177238915-1972579041-839522115-1003\Dd3\2005\Dropkick Murphys - Time To Go.mp3
d:\recycler\S-1-5-21-1177238915-1972579041-839522115-1003\Dd3\2005\Faith No More - From out of Nowhere.mp3
d:\recycler\S-1-5-21-1177238915-1972579041-839522115-1003\Dd3\2005\Franz Ferdinand - Take Me Out.mp3
d:\recycler\S-1-5-21-1177238915-1972579041-839522115-1003\Dd3\2005\Hazen Street - Fool the World.mp3
d:\recycler\S-1-5-21-1177238915-1972579041-839522115-1003\Dd3\2005\Letter Kills - Radio Up.mp3
d:\recycler\S-1-5-21-1177238915-1972579041-839522115-1003\Dd3\2005\Lola Ray - Automatic Girl.mp3
d:\recycler\S-1-5-21-1177238915-1972579041-839522115-1003\Dd3\2005\Papa Roach - Not Listening.mp3
d:\recycler\S-1-5-21-1177238915-1972579041-839522115-1003\Dd3\2005\Sugarcult - Memory.mp3
d:\recycler\S-1-5-21-1177238915-1972579041-839522115-1003\Dd3\2005\The F-Ups - Lazy Generation.mp3
d:\recycler\S-1-5-21-1177238915-1972579041-839522115-1003\Dd3\2005\The Network - Roshambo.mp3
d:\recycler\S-1-5-21-1177238915-1972579041-839522115-1003\Dd3\2005\The Soundtrack of Our Lives - Karmageddon.mp3
d:\recycler\S-1-5-21-1177238915-1972579041-839522115-1003\Dd3\2006\American Head Charge - Loyalty.mp3
d:\recycler\S-1-5-21-1177238915-1972579041-839522115-1003\Dd3\2006\Animal Alpha - Bundy.mp3
d:\recycler\S-1-5-21-1177238915-1972579041-839522115-1003\Dd3\2006\Avenged Sevenfold - Bat Country.mp3
d:\recycler\S-1-5-21-1177238915-1972579041-839522115-1003\Dd3\2006\Beatsteaks - Atomic Love.mp3
d:\recycler\S-1-5-21-1177238915-1972579041-839522115-1003\Dd3\2006\Billy Talent - Red Flag.mp3
d:\recycler\S-1-5-21-1177238915-1972579041-839522115-1003\Dd3\2006\Bullet for My Valentine - 4 Words (To Choke Upon).mp3
d:\recycler\S-1-5-21-1177238915-1972579041-839522115-1003\Dd3\2006\Fall Out Boy - Our Lawyers Made Us Change the Name of This Song So We Wouldn't Get Sued.mp3
d:\recycler\S-1-5-21-1177238915-1972579041-839522115-1003\Dd3\2006\Institute - Bullet Proof Skin.mp3
d:\recycler\S-1-5-21-1177238915-1972579041-839522115-1003\Dd3\2006\Kaiser Chiefs - Saturday Night.mp3
d:\recycler\S-1-5-21-1177238915-1972579041-839522115-1003\Dd3\2006\Mando Diao - Down In The Past.mp3
d:\recycler\S-1-5-21-1177238915-1972579041-839522115-1003\Dd3\2006\Pennywise - Knocked Down.mp3
d:\recycler\S-1-5-21-1177238915-1972579041-839522115-1003\Dd3\2006\Rock and Roll Soldiers - Flag Song.mp3
d:\recycler\S-1-5-21-1177238915-1972579041-839522115-1003\Dd3\2007\Anti Flag - This is the End (For You My Friend).mp3
d:\recycler\S-1-5-21-1177238915-1972579041-839522115-1003\Dd3\2007\Blood Pit - Platitude.mp3
d:\recycler\S-1-5-21-1177238915-1972579041-839522115-1003\Dd3\2007\Cute Is What We Aim For - There's a Class for this .mp3
d:\recycler\S-1-5-21-1177238915-1972579041-839522115-1003\Dd3\2007\Gatsbys American Dream - Theatre.mp3
d:\recycler\S-1-5-21-1177238915-1972579041-839522115-1003\Dd3\2007\Good Riddance - Darkest Daysl.mp3
d:\recycler\S-1-5-21-1177238915-1972579041-839522115-1003\Dd3\2007\Goodnight Nurse - My Only.mp3
d:\recycler\S-1-5-21-1177238915-1972579041-839522115-1003\Dd3\2007\Hurt - Unkind.mp3
d:\recycler\S-1-5-21-1177238915-1972579041-839522115-1003\Dd3\2007\Inkwell - Equador is Lovely This Time of Year.mp3
d:\recycler\S-1-5-21-1177238915-1972579041-839522115-1003\Dd3\2007\Mashlin - The Shore.mp3
d:\recycler\S-1-5-21-1177238915-1972579041-839522115-1003\Dd3\2007\Mobile - Montreal Calling.mp3
d:\recycler\S-1-5-21-1177238915-1972579041-839522115-1003\Dd3\2007\NOFX - Wolves in Wolves' Clothing.mp3
d:\recycler\S-1-5-21-1177238915-1972579041-839522115-1003\Dd3\2007\Pilate - Barely Listening.mp3
d:\recycler\S-1-5-21-1177238915-1972579041-839522115-1003\Dd3\2007\Pistolita - Beni Accident.mp3
d:\recycler\S-1-5-21-1177238915-1972579041-839522115-1003\Dd3\2007\Priestess - Talk to Her.mp3
d:\recycler\S-1-5-21-1177238915-1972579041-839522115-1003\Dd3\2007\Protest the Hero - Divinity Within.mp3
d:\recycler\S-1-5-21-1177238915-1972579041-839522115-1003\Dd3\2007\Quiet Drive - Rise From the Ashes.mp3
d:\recycler\S-1-5-21-1177238915-1972579041-839522115-1003\Dd3\2007\The Hellacopters - Bring it on Home.mp3
d:\recycler\S-1-5-21-1177238915-1972579041-839522115-1003\Dd3\2008\Airbourne - Stand Up For Rock N Roll.mp3
d:\recycler\S-1-5-21-1177238915-1972579041-839522115-1003\Dd3\2008\Anberlin - A Whisper And A Clamor.mp3
d:\recycler\S-1-5-21-1177238915-1972579041-839522115-1003\Dd3\2008\Bayside - The Walking Wounded.mp3
d:\recycler\S-1-5-21-1177238915-1972579041-839522115-1003\Dd3\2008\Datarock - Fa-Fa-Fa.mp3
d:\recycler\S-1-5-21-1177238915-1972579041-839522115-1003\Dd3\2008\Disco Ensemble - This Is My Head Exploding.mp3
d:\recycler\S-1-5-21-1177238915-1972579041-839522115-1003\Dd3\2008\Dustin Kensrue - I Knew You Before.mp3
d:\recycler\S-1-5-21-1177238915-1972579041-839522115-1003\Dd3\2008\Enter Shikari - Sorry, You're Not a Winner.mp3
d:\recycler\S-1-5-21-1177238915-1972579041-839522115-1003\Dd3\2008\Jupiter One - Turn Up The Radio.mp3
d:\recycler\S-1-5-21-1177238915-1972579041-839522115-1003\Dd3\2008\Luna Halo - Kings & Queens.mp3
d:\recycler\S-1-5-21-1177238915-1972579041-839522115-1003\Dd3\2008\Mando Diao - The Wildfire (If It Was True).mp3
d:\recycler\S-1-5-21-1177238915-1972579041-839522115-1003\Dd3\2008\Manchester Orchestra - Wolves At Night.mp3
d:\recycler\S-1-5-21-1177238915-1972579041-839522115-1003\Dd3\2008\OK Go - Do What You Want.mp3
d:\recycler\S-1-5-21-1177238915-1972579041-839522115-1003\Dd3\2008\Paramore - Misery Business.mp3
d:\recycler\S-1-5-21-1177238915-1972579041-839522115-1003\Dd3\2008\PlayRadioPlay! - Compliment Each Other Like Colors.mp3
d:\recycler\S-1-5-21-1177238915-1972579041-839522115-1003\Dd3\2008\Pop Levi - Sugar Assault Me Now.mp3
d:\recycler\S-1-5-21-1177238915-1972579041-839522115-1003\Dd3\2008\Santogold - L.E.S. Artistes.mp3
d:\recycler\S-1-5-21-1177238915-1972579041-839522115-1003\Dd3\2008\The Black Keys - Just Got To Be.mp3
d:\recycler\S-1-5-21-1177238915-1972579041-839522115-1003\Dd3\2008\The View - Comin' Down.mp3
d:\recycler\S-1-5-21-1177238915-1972579041-839522115-1003\INFO2

.
((((((((((((((((((((((((( Files Created from 2009-04-17 to 2009-05-17 )))))))))))))))))))))))))))))))
.

No new files created in this timespan

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-05-17 11:51 . 2009-05-17 11:51 -------- d-----w c:\program files\Malwarebytes' Anti-Malware
2009-05-17 11:20 . 2009-05-17 11:20 -------- d-----w c:\program files\microsoft frontpage
2009-05-17 11:16 . 2009-05-17 11:16 21640 ----a-w c:\windows\system32\emptyregdb.dat
2009-04-06 13:32 . 2009-05-17 11:51 38496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-04-06 13:32 . 2009-05-17 11:51 15504 ----a-w c:\windows\system32\drivers\mbam.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-08-03 15360]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-03 15360]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=

R3 PSched;QoS Packet Scheduler;c:\windows\system32\drivers\psched.sys [3. 8. 2004 23:04 69120]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - BROWSER
*NewlyCreated* - FASTUSERSWITCHINGCOMPATIBILITY
*NewlyCreated* - FLTMGR
*NewlyCreated* - HELPSVC
*NewlyCreated* - IMAPISERVICE
*NewlyCreated* - LANMANSERVER
*NewlyCreated* - MSISERVER
*NewlyCreated* - NDISUIO
*NewlyCreated* - POLICYAGENT
*NewlyCreated* - RASACD
*NewlyCreated* - RASMAN
*NewlyCreated* - RDPCDD
*NewlyCreated* - RDPNP
*NewlyCreated* - SCHEDULE
*NewlyCreated* - SENS
*NewlyCreated* - SHELLHWDETECTION
*NewlyCreated* - SR
*NewlyCreated* - SRSERVICE
*NewlyCreated* - SRV
*NewlyCreated* - SSDPSRV
*NewlyCreated* - TERMSERVICE
*NewlyCreated* - THEMES
*NewlyCreated* - WUAUSERV
*NewlyCreated* - WZCSVC
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-05-17 14:37
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2009-05-17 14:37
ComboFix-quarantined-files.txt 2009-05-17 12:37

Pre-Run: 17 991 303 168 bytes free
Post-Run: 17 986 285 568 bytes free

174

[jaro3]

Log CF po výmazech O.K. , vlož nový log z HJT.

[anonym004]

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:34:39, on 17.5.2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\CTFMON.EXE
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Total Commander\TOTALCMD.EXE
D:\Program Files\QIP Infium\infium.exe
C:\Program Files\Last.fm\LastFM.exe
D:\Program Files\foobar2000\foobar2000.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O4 - HKLM\..\Run: [exflashservice] "C:\Program Files\EPOX\EFS\EZ_FLASH_SERVICE.exe" "5000"
O4 - HKLM\..\Run: [nTrayFw] C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Apache Software Foundation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

--
End of file - 3432 bytes

[jaro3]

Log O.K:

ComboFix se odinstaluje takto:
Start-Spustit a zadej ComboFix[mezera]/u

takže jestli nejsou problémy,tak vyčisti systém CCleanerem

a použij i T-Cleaner
smaže vše po Combu,SDFixu,Avengeru,MWAVu atd.-stáhneš>spustíš

pozn. před stažením T-Cleaneru a po dobu čištění deaktivuj AVG, následně T-Cleaner smaž a zapni si AVG.


Stáhni si ATF Cleaner
Poklepej na ATF Cleaner.exe, klikni select all found, pak klik empty selected.
Pokud chceš zachovat svoje uložená hesla, klikni na No.
ATF-Cleaner je jednoduchý nástroj na odstranění historie z webového prohlížeče. Program dokáže odstranit cache, cookies, historii a další stopy po surfování na Internetu. Mezi podporované prohlížeče patří Internet Explorer, Firefox a Opera. Aplikace navíc umí odstranit dočasné soubory Windows, vysypat koš atd.

Nainstaluj javu:
Java SE Runtime Environment 6u13
Vyber OS ( předpokládám Windows), dej zatržítko agree-continue
Vyber:
Windows Offline Installation
jre-6u13-windows-i586-p.exe
Vše,

[anonym004]

Tak som musel znova preinštalovať win, ale reader_s sa už neobjavil, ale myslím že by to mohlo pre tých čo nemôžu naformátovať celý disk fungovať spôsobom ktorý sa mi zatiaľ osvedčuje. Po preinštalovaní win som ako prvé nainštaloval avast-a a dal som urobiť kontrolu disku. Zmazal som všetko čo našlo ako vírus, nebolo tam nič nenahraditeľné. A potom až som inštaloval ovládače a podobne. A teraz postupne ako inštalujem programy, avast na niektoré exe vyhodí že sú vírus, čiže pravdepdobne sú to tie infikované reader-rom. Takže vždy to dám zmazať, a program stiahnem na novo, a zatiaľ nemám žiadny problém, win funguje normálne. Uvidím ešte časom, ale zatiaľ sa mi to osvedčuje.
Každopádne díki za každú radu, určite to dopomohlo k tomu, že to vyzerá, že som sa toho konečne zbavil