imam problem
moj brat je cackao komp i bez razmisljanja prihvatio nesto od druga koji ima virus
i sad i ja imam virus koji sam salje nesto na engleskom svima koji su mi u friends listi
kako da ga obrisem,vec me nervira

Skini neki od antivirus programa.
Imaš ovde urađen kompletan test svih AV programa.

Preporučujem ti www.avast.com

e jbg,nisam toliko glup
skenirao sam sa 3 antivirusa (nod32,ad-aware i spyware terminator)
ali oni ga ne nalaze

Skenirao si samo sa jednim a to je nod, znaci skini sta ti je reko covek pa skeniraj.

Imaš verziju na srpskom, odmah registruj i skini najnoviju dopunu. Sve je besplatno.
Ako ti i sa tim ne pokaže ništa onda javi.

sad cu da probam

Spybot 

Prilikom pojavljivanja doticnih problema kao preliminarno resenje preporucujemo vam da skenirate vas racunar sa azuriranim Anti-Virus i Anti-Spyware programima. Posetite ovu temu za vise informacija, kao i ovu temu za spisak i test najboljih Anti-Virus programa.
Ukoliko se Vas problem i dalje pojavljuje, preporucujemo Vam da skenirate Vas racunar sa HiJackThis software-om koji je besplatan i mozete ga download-ovati na ovoj adresi, nakon cega zakacite ovde Vas tekstualni HiJackThis log.

Meni se na samom logovanju pojavljuju u poslednje vreme neke greške.
Ne znam zašto.

Logfile of HijackThis v1.99.1
Scan saved at 22:51:58, on 16.3.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Winamp\winampa.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\ApexDC++_Gusari_XY6\ApexDC.exe
C:\Program Files\TechSmith\SnagIt 8\SnagIt32.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\TechSmith\SnagIt 8\TSCHelp.exe
C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Program Files\Autodesk\3ds Max 9\mentalray\satellite\raysat_3dsmax9_32server.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Totalcmd\TotalCmd.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Hattrick Forever\HattrickForever.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Macromedia\Flash MX\Flash.exe
D:\Backup C\Desktop\Internet\Download\Programi\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: HelperObject Class - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 8\SnagItBHO.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 8\SnagItIEAddin.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [ApexDC++] "C:\Program Files\ApexDC++_Gusari_XY6\ApexDC.exe"
O4 - HKCU\..\Run: [amva] C:\WINDOWS\system32\amvo.exe
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: SnagIt 8.lnk = C:\Program Files\TechSmith\SnagIt 8\SnagIt32.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe" -k runservice (file missing)
O23 - Service: mental ray 3.5 Satellite (32-bit) (mi-raysat_3dsmax9_32) - Unknown owner - C:\Program Files\Autodesk\3ds Max 9\mentalray\satellite\raysat_3dsmax9_32server.exe
O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O4 - HKCU\..\Run: [amva] C:\WINDOWS\system32\amvo.exe
Šta je ovo?
To mi izbacuje na početku.

Obriši to
http://www.bleepingcomputer.com/startups/amvo.exe-21216.html

i za tebe važi
Prilikom pojavljivanja doticnih problema kao preliminarno resenje preporucujemo vam da skenirate vas racunar sa azuriranim Anti-Virus i Anti-Spyware programima. Posetite ovu temu za vise informacija, kao i ovu temu za spisak i test najboljih Anti-Virus programa.
Ukoliko se Vas problem i dalje pojavljuje, preporucujemo Vam da skenirate Vas racunar sa HiJackThis software-om koji je besplatan i mozete ga download-ovati na ovoj adresi, nakon cega zakacite ovde Vas tekstualni HiJackThis log.

...ali i ovo
Nemojte slati vise komentara za redom. Postoji dugme izmeni ako ste nesto zaboravili reci. Postovanjem vise odgovora zaredom tema se samo razvodnjava i smanjuje se preglednost. Za ostala pravila ponasanja pogledajte pravilnik Burek Foruma.

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKCU\..\Run: [amva] C:\WINDOWS\system32\amvo.exe
O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe" -k runservice (file missing)
trebas ova tri fiksirati i ponovo skeniraj ukoliko se ponovo pojavi skini Combo fix i pokreni trebo bi on izbrissati.Nedavno sam imao isti problem ali uspio sam skinuti imas temu (oko 5 ,6 strane)amvo.exe pa pogledaj

amvo sam obrisao i iz system foldera i iz startupa i iz registry-ja.
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) - Ovaj sam sada obrisao.
A ovo treće gde mi pokreće Apache to nikako ne znam kako da ugasim.

Amvo bi trebalo da je dosta. To je to sto salje poruke svima.

Zakaci novi log.

Logfile of HijackThis v1.99.1
Scan saved at 16:35:37, on 17.3.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Winamp\winampa.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\ApexDC++_Gusari_XY6\ApexDC.exe
C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Program Files\Autodesk\3ds Max 9\mentalray\satellite\raysat_3dsmax9_32server.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
C:\Program Files\TechSmith\SnagIt 8\SnagIt32.exe
C:\Program Files\TechSmith\SnagIt 8\TSCHelp.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Real\Update_OB\RealOneMessageCenter.exe
C:\PROGRA~1\Mozilla Firefox\firefox.exe
C:\PROGRA~1\MICROS~2\Office12\OUTLOOK.EXE
C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
C:\Program Files\Microsoft Office\Office12\WINWORD.EXE
C:\Program Files\Totalcmd\TotalCmd.exe
D:\Backup C\Desktop\Internet\Download\Programi\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: HelperObject Class - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 8\SnagItBHO.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 8\SnagItIEAddin.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [ApexDC++] "C:\Program Files\ApexDC++_Gusari_XY6\ApexDC.exe"
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
O4 - HKCU\..\Run: [amva] C:\WINDOWS\system32\amvo.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: SnagIt 8.lnk = C:\Program Files\TechSmith\SnagIt 8\SnagIt32.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe" -k runservice (file missing)
O23 - Service: mental ray 3.5 Satellite (32-bit) (mi-raysat_3dsmax9_32) - Unknown owner - C:\Program Files\Autodesk\3ds Max 9\mentalray\satellite\raysat_3dsmax9_32server.exe
O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

Majku mu evo ga opet.

Fixuj ga opet iz Safe Mode-a, pa pokreni normalno Windows, pa pokreni SDFix koji mozes skinuti odavde.
O4 - HKCU\..\Run: [amva] C:\WINDOWS\system32\amvo.exe
Okaci posle novi log.

Neces ga tako popraviti. Moras da brises iz registry-ja rucno ili da instaliras KIS koji ima definicije za ovaj trojan.

Preuzmi ComboFix odavde :    ComboFix

Kako instalirati ComboFix sa i bez Recovery Konzole : link
Potreban ti je samo prvi deo, dakle samo ga instaliraj i pokreni, recovery konzola nije sada prioritet, cisto da vidimo hoce li da ga ubije, a trebalo bi jer je skripta jako dobra.
Obrati paznju na upozorenja da nakon pokretanja ComboFix-a ne stiskas ni jedno dugme na tastaturi i ne pomeras misa, jer se desava da se proces jednostavno zamrzne.

Nakon toga udji u safe mode, pokreni Spybot S&D, pusti da skenira i brisi sta god da nadje.
Ako je i dalje tu, daj novi log od HJT-a i postavi mi log od ComboFix-a takodje (pitace te da sacuvas log negde u toku rada sa njim, ili ce sam da stavi txt log negde na sistemsku particiju, to je u zavisnosti od verzije pa ne znam tacno).

OK. Sad ću pokušati.
SD fix mi nije pomogao.

EDIT: Evo ga log.

ComboFix 08-03-14.4 - Alen 2008-03-17 17:22:28.1 - NTFSx86
Microsoft Windows XP Professional  5.1.2600.2.1251.1.1033.18.983 [GMT 1:00]
Running from: D:\Internet\Download\ComboFix.exe
 * Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Autorun.inf
D:\Autorun.inf

.
(((((((((((((((((((((((((   Files Created from 2008-02-17 to 2008-03-17  )))))))))))))))))))))))))))))))
.

2008-03-17 17:01 . 2008-03-17 17:02   <DIR>   d--------   C:\SDFix
2008-03-17 01:58 . 2008-03-17 01:58   <DIR>   d--------   C:\Documents and Settings\Alen\Application Data\Corel
2008-03-17 01:52 . 2008-03-17 01:52   <DIR>   d--------   C:\Program Files\Corel
2008-03-17 01:52 . 2008-03-17 01:52   <DIR>   d--------   C:\Program Files\Common Files\Corel
2008-03-17 01:34 . 2008-03-17 01:34   <DIR>   d--------   C:\Program Files\Spybot - Search & Destroy
2008-03-17 01:31 . 2008-03-17 01:24   691,545   --a------   C:\WINDOWS\unins000.exe
2008-03-17 01:31 . 2008-03-17 01:31   2,549   --a------   C:\WINDOWS\unins000.dat
2008-03-17 01:20 . 2008-03-17 02:02   <DIR>   d--------   C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-03-17 00:14 . 2008-03-17 00:14   <DIR>   d--------   C:\WINDOWS\Sun
2008-03-16 21:27 . 2008-03-16 21:27   <DIR>   d--------   C:\Program Files\Hattrick Forever
2008-03-15 14:21 . 2008-03-15 14:21   <DIR>   d--------   C:\Program Files\Real
2008-03-15 14:21 . 2008-03-15 14:21   <DIR>   d--------   C:\Program Files\Common Files\xing shared
2008-03-15 14:21 . 2008-03-15 14:21   <DIR>   d--------   C:\Program Files\Common Files\Real
2008-03-15 08:58 . 2008-03-15 08:58   101,166   -r-hs----   C:\cfdflx.com
2008-03-14 15:46 . 2008-03-14 15:46   159,241   --a------   C:\kugla1.jpg
2008-03-14 13:03 . 2008-03-14 13:03   <DIR>   d--------   C:\Program Files\Recnik jezickih nedoumica
2008-03-14 01:02 . 2008-03-14 03:06   <DIR>   d--------   C:\Program Files\Italijanski 3
2008-03-14 01:01 . 2008-03-14 01:01   <DIR>   d--------   C:\Program Files\Italijanski 2
2008-03-14 01:01 . 2008-03-14 01:01   <DIR>   d--------   C:\Documents and Settings\Alen\WINDOWS
2008-03-14 01:01 . 1996-01-31 07:09   1,593,681   --a------   C:\Program Files\ITXSTRA2.EXE
2008-03-14 01:00 . 2008-03-14 01:03   <DIR>   d--------   C:\Program Files\Italijanski
2008-03-14 00:59 . 2008-03-14 01:01   141   --a------   C:\WINDOWS\asym.ini
2008-03-13 21:35 . 2008-03-13 21:35   <DIR>   d--------   C:\Program Files\Common Files\Adobe
2008-03-13 21:20 . 2008-03-13 22:16   <DIR>   d--------   C:\Documents and Settings\Alen\Application Data\AdobeUM
2008-03-13 20:09 . 2008-03-13 20:09   <DIR>   d--------   C:\Documents and Settings\All Users\Application Data\Autodesk
2008-03-13 20:07 . 2008-03-13 20:10   <DIR>   d--------   C:\Program Files\Common Files\Autodesk Shared
2008-03-13 20:07 . 2008-03-13 20:10   <DIR>   d--------   C:\Program Files\Autodesk
2008-03-13 20:03 . 2005-05-26 15:34   2,297,552   --a------   C:\WINDOWS\system32\d3dx9_26.dll
2008-03-13 01:37 . 2008-03-13 01:37   <DIR>   d--------   C:\Documents and Settings\All Users\Application Data\TechSmith
2008-03-13 01:36 . 2008-03-13 01:36   <DIR>   d--------   C:\Program Files\TechSmith
2008-03-13 01:36 . 2008-03-13 01:36   <DIR>   d--------   C:\Program Files\Common Files\Wise Installation Wizard
2008-03-12 12:26 . 2008-03-12 12:26   <DIR>   d--------   C:\Program Files\uTorrent
2008-03-12 12:26 . 2008-03-17 04:12   <DIR>   d--------   C:\Documents and Settings\Alen\Application Data\uTorrent
2008-03-11 14:31 . 2008-03-11 14:31   <DIR>   d--------   C:\Program Files\Windows Live Toolbar
2008-03-11 14:31 . 2008-03-11 14:31   <DIR>   d--------   C:\Program Files\Windows Live Favorites
2008-03-11 14:29 . 2008-03-11 14:29   <DIR>   d----c---   C:\WINDOWS\system32\DRVSTORE
2008-03-11 14:29 . 2008-03-11 14:29   <DIR>   d--------   C:\Documents and Settings\Alen\Contacts
2008-03-11 14:28 . 2008-03-11 14:29   163   --a------   C:\forum.php
2008-03-11 14:15 . 2008-03-11 14:28   <DIR>   d--------   C:\Program Files\Windows Live
2008-03-11 14:15 . 2008-03-11 14:28   <DIR>   d--hsc---   C:\Program Files\Common Files\WindowsLiveInstaller
2008-03-11 14:15 . 2008-03-11 14:15   <DIR>   d--------   C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-03-11 13:32 . 2008-03-17 04:08   <DIR>   d--------   C:\Program Files\Opera
2008-03-11 13:20 . 2007-04-18 17:12   2,854,400   --a--c---   C:\WINDOWS\system32\dllcache\msi.dll
2008-03-11 13:20 . 2005-05-04 14:45   271,360   --a--c---   C:\WINDOWS\system32\dllcache\msihnd.dll
2008-03-11 13:20 . 2005-05-04 14:45   78,848   --a--c---   C:\WINDOWS\system32\dllcache\msiexec.exe
2008-03-11 00:41 . 2008-03-11 00:41   <DIR>   d--------   C:\Documents and Settings\Alen\Application Data\Lavasoft
2008-03-11 00:40 . 2008-03-11 00:40   <DIR>   d--------   C:\Program Files\DAEMON Tools
2008-03-11 00:40 . 2008-03-11 00:40   223,128   --a------   C:\WINDOWS\system32\drivers\dtscsi.sys
2008-03-11 00:39 . 2007-07-30 19:19   271,224   --a------   C:\WINDOWS\system32\mucltui.dll
2008-03-11 00:39 . 2007-07-30 19:19   207,736   --a------   C:\WINDOWS\system32\muweb.dll
2008-03-11 00:39 . 2007-07-30 19:19   30,072   --a------   C:\WINDOWS\system32\mucltui.dll.mui
2008-03-11 00:30 . 2008-03-11 00:30   642,560   --a------   C:\WINDOWS\system32\drivers\sptd.sys
2008-03-11 00:30 . 2008-03-11 00:30   96,256   --a------   C:\WINDOWS\system32\drivers\sptd8429.sys
2008-03-11 00:12 . 2008-03-11 00:12   <DIR>   d--------   C:\Program Files\UltraISO
2008-03-11 00:12 . 2008-03-11 00:12   <DIR>   d--------   C:\Program Files\Common Files\EZB Systems
2008-03-11 00:04 . 2008-02-22 02:33   69,632   --a------   C:\WINDOWS\system32\javacpl.cpl
2008-03-10 18:47 . 2008-03-17 04:08   <DIR>   d--------   C:\Program Files\Common Files\Macromedia
2008-03-10 17:36 . 2007-12-07 03:21   6,066,176   -----c---   C:\WINDOWS\system32\dllcache\ieframe.dll
2008-03-10 17:36 . 2007-07-01 04:31   2,455,488   -----c---   C:\WINDOWS\system32\dllcache\ieapfltr.dat
2008-03-10 17:36 . 2007-07-01 04:36   991,232   -----c---   C:\WINDOWS\system32\dllcache\ieframe.dll.mui
2008-03-10 17:36 . 2007-12-07 03:21   459,264   -----c---   C:\WINDOWS\system32\dllcache\msfeeds.dll
2008-03-10 17:36 . 2007-12-07 03:21   383,488   -----c---   C:\WINDOWS\system32\dllcache\ieapfltr.dll
2008-03-10 17:36 . 2007-12-07 03:21   267,776   -----c---   C:\WINDOWS\system32\dllcache\iertutil.dll
2008-03-10 17:36 . 2007-12-07 03:21   63,488   -----c---   C:\WINDOWS\system32\dllcache\icardie.dll
2008-03-10 17:36 . 2007-12-07 03:21   52,224   -----c---   C:\WINDOWS\system32\dllcache\msfeedsbs.dll
2008-03-10 17:36 . 2007-12-06 12:00   13,824   -----c---   C:\WINDOWS\system32\dllcache\ieudinit.exe
2008-03-10 17:00 . 2008-03-10 17:00   <DIR>   d--------   C:\Documents and Settings\Alen\Application Data\ACD Systems
2008-03-10 16:58 . 2008-03-17 04:01   <DIR>   d--------   C:\WINDOWS\Downloaded Installations
2008-03-10 16:58 . 2008-03-10 16:58   <DIR>   d--------   C:\Program Files\Common Files\ACD Systems
2008-03-10 16:58 . 2008-03-10 16:58   <DIR>   d--------   C:\Program Files\ACD Systems
2008-03-10 16:58 . 2008-03-10 16:58   <DIR>   d--------   C:\Documents and Settings\All Users\Application Data\ACD Systems
2008-03-10 16:03 . 2008-03-16 20:53   <DIR>   d--------   C:\Program Files\Winamp
2008-03-10 16:03 . 2008-03-10 21:38   <DIR>   d--------   C:\Documents and Settings\Alen\Application Data\Winamp
2008-03-10 15:48 . 2008-03-10 15:48   <DIR>   d--------   C:\Program Files\Webteh
2008-03-10 15:48 . 2008-03-10 15:48   <DIR>   d--------   C:\Program Files\Ligos
2008-03-10 15:48 . 2000-06-23 14:05   136,704   ---------   C:\WINDOWS\system32\iacenc.dll
2008-03-10 15:48 . 2000-06-22 13:09   56,320   ---------   C:\WINDOWS\system32\iyvu9_32.dll
2008-03-10 15:47 . 2008-03-10 15:47   <DIR>   d--------   C:\Program Files\XviD
2008-03-10 15:47 . 2008-03-10 15:47   <DIR>   d--------   C:\Program Files\Mv2Player
2008-03-10 15:46 . 2008-03-10 15:46   <DIR>   d--------   C:\Program Files\ffdshow
2008-03-10 15:46 . 1998-10-29 16:45   306,688   --a------   C:\WINDOWS\IsUninst.exe
2008-03-10 15:45 . 2008-03-17 04:08   <DIR>   d--------   C:\WINDOWS\system32\QuickTime
2008-03-10 15:45 . 2008-03-10 15:45   <DIR>   d--------   C:\Program Files\DivX
2008-03-10 15:45 . 2008-03-10 15:45   <DIR>   d--------   C:\Program Files\AC3Filter
2008-03-10 15:45 . 2008-03-10 15:45   <DIR>   d--------   C:\Program Files\3ivx
2008-03-10 15:45 . 2004-05-25 16:06   417,792   --a------   C:\WINDOWS\system32\ac3filter.cpl
2008-03-10 15:45 . 1999-12-17 11:13   86,016   --a------   C:\WINDOWS\unvise32.exe
2008-03-10 15:43 . 2002-12-31 13:00   221,184   --a------   C:\WINDOWS\system32\wmpns.dll
2008-03-10 15:39 . 2008-03-11 00:04   <DIR>   d--------   C:\Program Files\Java
2008-03-10 15:34 . 2008-03-10 15:34   <DIR>   d--------   C:\Program Files\Common Files\Java
2008-03-10 15:33 . 2008-03-10 15:33   <DIR>   d--------   C:\Program Files\Totalcmd
2008-03-10 15:32 . 2008-03-17 04:08   <DIR>   d--------   C:\Program Files\Macromedia
2008-03-10 15:26 . 2008-03-10 15:26   0   --a------   C:\WINDOWS\[INI]
2008-03-10 15:25 . 2008-03-10 15:26   <DIR>   d--------   C:\WINDOWS\uninstall
2008-03-10 15:25 . 2008-03-10 15:26   <DIR>   d--------   C:\Program Files\StartupStar
2008-03-10 14:41 . 2006-10-26 19:56   32,592   --a------   C:\WINDOWS\system32\msonpmon.dll
2008-03-10 14:39 . 2008-03-10 14:39   <DIR>   d--------   C:\Program Files\Microsoft Works
2008-03-10 14:38 . 2008-03-10 14:38   <DIR>   d--------   C:\Program Files\MSBuild
2008-03-10 14:35 . 2008-03-10 14:35   <DIR>   d--------   C:\Program Files\ApexDC++_Gusari_XY6
2008-03-10 14:34 . 2008-03-10 14:37   <DIR>   d--------   C:\WINDOWS\SHELLNEW

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-17 03:08   ---------   d--h--w   C:\Program Files\InstallShield Installation Information
2008-03-17 00:52   ---------   d-----w   C:\Program Files\Common Files\InstallShield
2008-03-10 12:18   ---------   d-----w   C:\Program Files\Alwil Software
2008-03-10 12:17   103,516   --sh--r   C:\b.com
2008-03-10 12:14   ---------   d-----w   C:\Program Files\ASUS
2008-03-10 12:14   ---------   d-----w   C:\Documents and Settings\Alen\Application Data\U3
2008-03-10 12:11   ---------   d-----w   C:\Program Files\AMD
2008-03-10 12:10   ---------   d-----w   C:\Program Files\Analog Devices
2008-03-10 12:08   ---------   d-----w   C:\Program Files\NVIDIA Corporation
2008-03-10 11:52   ---------   d-----w   C:\Program Files\microsoft frontpage
1996-02-01 01:23   1,180,026   ----a-w   C:\Program Files\GRAMMAR.TBK
1996-01-31 07:27   1,381,140   ----a-w   C:\Program Files\SYSTEM.TBK
1995-11-19 18:11   1,991,048   ----a-w   C:\Program Files\SIGLA.FLC
1995-10-28 13:10   238,136   ----a-w   C:\Program Files\SIGLA.WAV
1995-09-27 09:31   1,501,194   ----a-w   C:\Program Files\PRONU5.WAV
1995-09-27 09:27   64,966   ----a-w   C:\Program Files\PRONU6.WAV
1995-09-27 09:23   230,682   ----a-w   C:\Program Files\PRONU3.WAV
1995-09-27 09:21   736,912   ----a-w   C:\Program Files\PRONU4.WAV
1995-06-27 09:47   998,718   ----a-w   C:\Program Files\PRONU.WAV
.

(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2002-12-31 13:00 15360]
"ApexDC++"="C:\Program Files\ApexDC++_Gusari_XY6\ApexDC.exe" [2008-03-09 16:39 3109888]
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 16:45 313472]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [2005-05-20 02:11 925696]
"SoundMAX"="C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" [2005-09-07 15:35 716800]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 14:00 79224]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-06-28 17:43 8466432]
"nwiz"="nwiz.exe" [2007-06-28 17:43 1626112 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-06-28 17:43 81920]
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2008-01-15 23:54 37376]
"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2005-11-08 23:00 128920]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2008-03-15 14:21 180269]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2002-12-31 13:00 15360]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 22:05:26 29696]
SnagIt 8.lnk - C:\Program Files\TechSmith\SnagIt 8\SnagIt32.exe [2005-12-22 08:00:00 5513216]

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\NVIDIA Corporation\\NetworkAccessManager\\Apache Group\\Apache2\\bin\\Apache.exe"=
"C:\\Program Files\\ApexDC++_Gusari_XY6\\ApexDC.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"C:\\Program Files\\Totalcmd\\TOTALCMD.EXE"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
"C:\\Program Files\\Autodesk\\3ds Max 9\\3dsmax.exe"=
"C:\\Program Files\\Autodesk\\Backburner\\monitor.exe"=
"C:\\Program Files\\Autodesk\\Backburner\\manager.exe"=
"C:\\Program Files\\Autodesk\\Backburner\\server.exe"=

S3 usnjsvc;Messenger Sharing Folders USN Journal Reader service;"C:\Program Files\Windows Live\Messenger\usnsvc.exe" [2007-10-18 11:31]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F]
\Shell\AutoRun\command - F:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4575a3f6-ef66-11dc-99f6-001bfcdfa3ac}]
\Shell\AutoRun\command - J:\v.cmd
\Shell\explore\Command - J:\v.cmd
\Shell\open\Command - J:\v.cmd

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7a158226-ee9b-11dc-99f0-000a941310a5}]
\Shell\AutoRun\command - F:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7a158227-ee9b-11dc-99f0-000a941310a5}]
\Shell\AutoRun\command - G:\3o.exe
\Shell\explore\Command - G:\3o.exe
\Shell\open\Command - G:\3o.exe

*Newly Created Service* - CATCHME
.
Contents of the 'Scheduled Tasks' folder
"2008-03-17 15:37:00 C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job"
- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-17 17:23:15
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-03-17 17:23:36
ComboFix-quarantined-files.txt  2008-03-17 16:23:35
.
2008-03-14 02:38:40   --- E O F --- 

I novi HJT log

Evo ga. U Safe modu mi je S&D našao 49 čuda.

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 18:00:17, on 17.3.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Winamp\winampa.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\ApexDC++_Gusari_XY6\ApexDC.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\TechSmith\SnagIt 8\SnagIt32.exe
C:\Program Files\TechSmith\SnagIt 8\TSCHelp.exe
C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Program Files\Autodesk\3ds Max 9\mentalray\satellite\raysat_3dsmax9_32server.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wuauclt.exe
C:\DOCUME~1\Alen\LOCALS~1\Temp\HIJACK.EXE

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: HelperObject Class - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 8\SnagItBHO.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 8\SnagItIEAddin.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [ApexDC++] "C:\Program Files\ApexDC++_Gusari_XY6\ApexDC.exe"
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: SnagIt 8.lnk = C:\Program Files\TechSmith\SnagIt 8\SnagIt32.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Apache Software Foundation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
O23 - Service: mental ray 3.5 Satellite (32-bit) (mi-raysat_3dsmax9_32) - Unknown owner - C:\Program Files\Autodesk\3ds Max 9\mentalray\satellite\raysat_3dsmax9_32server.exe
O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

--
End of file - 8429 bytes

Iz safe moda ga nema? 

Idi rucno iz safe moda i nadji ga u C:\WINDOWS\system32\amvo.exe ako je tu obrisi ga (shift+delete), ako ga nema ok.

Znaci dok si u safe modu, pokreni HJT i fixuj sledece:

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: HelperObject Class - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 8\SnagItBHO.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 8\SnagItIEAddin.dll
O4 - Global Startup: SnagIt 8.lnk = C:\Program Files\TechSmith\SnagIt 8\SnagIt32.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

(ovo smo ocistili sve nepotrebne stavke, cisto iz predostroznosti, jer realan problem se ne vidi - za sada)
Kad fixujes zatvori HJT i ostani u safe modu.
Sad otvori registry iz safe moda start/run/regedit
navedi do sledeceg kljuca:

HKEY_CURRENT_USER\software\microsoft\windows\ currentversion\explorer\mountpoints2
Ako postoji - obrisi ga, dakle desni klik na njega u levom panelu i delete.

Dalje, radis u registry bazi, svi naredni kljucevi ne moraju da postoje, tj mozda ih je Spybot izmenio nakon restarta, ako ne postoje preskoci do sledeceg, ako postoje, uradi kao sto je savetovano:

HKEY_CURRENT_USER>Software>Microsoft>Windows>CurrentVersion>Run
Sa desne strane bi trebalo da je unos:
avpa = "C:\Windows\System32\avpo.exe"
Obrisi taj unos (desni klik na taj unos u listi i delete).

HKEY_CURRENT_USER>Software>Microsoft>Windows>CurrentVersion>Explorer>Advanced
U desnom panelu bi trebalo da je unos:
 Hidden = "2"
Desni klik na value name i izaberi Modify. Promeni value data ovom unosu u 0  (nula)

HKEY_CURRENT_USER>Software>Microsoft>Windows>CurrentVersion>Explorer>Advanced
U desnom panelu trebalo bi da postoji ovaj unos:
 ShowSuperHidden = "0"
Desni klik na value name i izaberi Modify. Promeni value data ovom unosu u 1 

HKEY_LOCAL_MACHINE>SOFTWARE>Microsoft>Windows>CurrentVersion>Explorer>Advanced>Folder> Hidden>SHOWALL
U desnom panelu trebalo bi da postoji ovaj unos:
 CheckedValue = "0"
Desni klik na value name i izaberi Modify. Promeni value data ovom unosu u 1 

Zatvori registry, i dalje si u safe modu.
Idi na start /search

trazi u svim fajlovima i folderima i omoguci i hidden files and folders
dakle trazis AUTORUN.INF
kada ti izbaci listu fajlova otvori svaki autorun.inf i pregledaj unose i ako postoje sledeci unosi obrisi taj fajl: (ali samo ako postoje sledeci unosi, ako ih nema predji na drugi fajl ):

[AutoRun]
open=ntdelect.com
;shell\open=Open(&O)
shell\open\Command=utdetect.com
shell\open\Default=1
;shell\explore=Manager(&X)
shell\explore\Command=utdetect.com

Bez obzira da li si brisao ili nisi autorun.inf (u zavisnosti da li je postojao ovaj unos) sad pokreni registry cleaner. Kad zavrsis sa ciscenjem registry baze izadji iz safe moda.
Kad se digne win normalno, idi na start/ run/kucaj  msconfig
Kartica startup

Odstikliraj sve aplikacije koje ne zelis da ti se dizu sa sistemom.
Restart
Digni masinu normalno (ne iz safe moda) i daj mi novi HJT log.