[ peralaza @ 31.01.2010. 08:42 ] @
Evo i ja imam problem sa ovim fajlom!Nod ga prijavljujekao virus, a ne može da ga skloni.Okreće mi redosled slova pri kucanju,fleška ne može da se formatira...itd.Napravio sam log fajl pomocu ComboFix-a pa ko zna nek pomaže.
[ peralaza @ 31.01.2010. 08:43 ] @
evo log
ComboFix 10-01-30.04 - Giga 31.01.10 9:28.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1250.381.1033.18.3583.2553 [GMT 1:00]
Running from: c:\documents and settings\Giga\My Documents\Downloads\ComboFix.exe
AV: ESET NOD32 antivirus system 2.70 *On-access scanning enabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
* Resident AV is active

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\temp
c:\program files\temp\Message.ini
c:\program files\temp\Msg.ini
c:\program files\temp\Msg_chs.ini
c:\program files\temp\Msg_cht.ini
c:\program files\temp\Msg_kor.ini
c:\program files\temp\Uninst\Admin.exe
c:\program files\temp\Uninst\Message.ini
c:\program files\temp\Uninst\Msg.ini
c:\program files\temp\Uninst\Msg_chs.ini
c:\program files\temp\Uninst\Msg_cht.ini
c:\program files\temp\Uninst\Msg_kor.ini
c:\windows\system32\vb6ko.dll
D:\Autorun.inf

.
((((((((((((((((((((((((( Files Created from 2009-12-28 to 2010-01-31 )))))))))))))))))))))))))))))))
.

2010-01-30 16:03 . 2010-01-30 16:03 -------- d-----w- c:\documents and settings\Giga\Application Data\Lavasoft
2010-01-30 16:02 . 2010-01-30 16:02 -------- d-----w- c:\program files\Lavasoft
2010-01-23 19:05 . 2010-01-23 19:05 -------- d-----w- c:\documents and settings\Giga\Local Settings\Application Data\Opera
2010-01-23 19:05 . 2010-01-23 19:05 -------- d-----w- c:\program files\Opera
2010-01-19 20:08 . 2010-01-19 20:08 -------- d-----w- c:\documents and settings\All Users\Application Data\MSScanAppDataDir
2010-01-16 18:30 . 2010-01-16 18:30 -------- d-----w- c:\documents and settings\Giga\Local Settings\Application Data\Identities
2010-01-10 09:20 . 2010-01-10 09:20 -------- d-----w- C:\Downloads
2010-01-08 23:17 . 2010-01-08 23:17 512096 ----a-w- c:\windows\system32\drivers\amon.sys
2010-01-08 23:17 . 2010-01-08 23:17 299392 ----a-w- c:\windows\system32\imon.dll
2010-01-08 23:17 . 2010-01-08 23:17 15424 ----a-w- c:\windows\system32\drivers\nod32drv.sys
2010-01-08 22:57 . 2010-01-09 13:41 -------- d-----w- c:\program files\ESET
2010-01-08 15:57 . 2010-01-08 16:02 -------- d-----w- C:\Pis
2010-01-06 21:52 . 2010-01-06 21:52 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Google
2010-01-06 21:47 . 2010-01-30 17:59 -------- d-----w- c:\documents and settings\Giga\Local Settings\Application Data\Temp
2010-01-06 21:47 . 2010-01-06 21:47 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Google

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-31 06:35 . 2009-10-02 13:25 17408 ----a-w- c:\windows\system32\rpcnetp.exe
2010-01-30 16:55 . 2009-10-05 21:07 56680 ----a-w- c:\windows\system32\rpcnet.dll
2010-01-23 19:28 . 2009-10-04 23:27 -------- d-----w- c:\program files\Google
2009-12-27 21:37 . 2009-12-24 06:40 -------- d-----w- c:\program files\coolpro2
2009-12-27 21:33 . 2009-12-27 21:33 -------- d-----w- c:\documents and settings\Giga\Application Data\Publish Providers
2009-12-27 21:33 . 2009-12-27 21:30 -------- d-----w- c:\documents and settings\Giga\Application Data\Sony
2009-12-27 21:30 . 2009-12-27 21:30 -------- d-----w- c:\program files\Microsoft SQL Server
2009-12-27 21:30 . 2009-12-27 21:29 -------- d-----w- c:\documents and settings\All Users\Application Data\Sony
2009-12-27 21:29 . 2009-12-27 21:29 -------- d-----w- c:\program files\Vstplugins
2009-12-27 21:29 . 2009-12-27 21:29 -------- d-----w- c:\program files\Sony
2009-12-27 21:28 . 2009-12-27 21:28 -------- d-----w- c:\program files\Sony Setup
2009-12-27 18:33 . 2009-10-02 13:12 2776 --sha-w- c:\windows\system32\KGyGaAvL.sys
2009-12-24 17:48 . 2009-10-06 18:52 -------- d-----w- c:\documents and settings\Giga\Application Data\Skype
2009-12-24 17:48 . 2009-10-06 18:53 -------- d-----w- c:\documents and settings\Giga\Application Data\skypePM
2009-12-24 06:41 . 2009-12-24 06:41 -------- d-----w- c:\documents and settings\Giga\Application Data\Syntrillium
2009-12-17 22:07 . 2009-12-17 22:07 -------- d-----w- c:\program files\psqlODBC
2009-12-17 22:07 . 2009-12-17 22:07 -------- d-----w- c:\program files\Sybase
2009-12-15 00:37 . 2009-10-02 11:44 150352 ----a-w- c:\documents and settings\Giga\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-12-14 06:37 . 2009-10-02 13:39 56816 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2009-12-12 21:08 . 2009-10-02 13:22 -------- d-----w- c:\documents and settings\Giga\Application Data\BSplayer Pro
2009-12-12 18:46 . 2009-10-02 11:43 17408 ----a-w- c:\windows\system32\rpcnetp.dll
2009-12-12 18:35 . 2009-12-04 06:40 -------- d-----w- c:\program files\Leap
2009-12-08 20:28 . 2009-12-08 20:28 -------- d-----w- c:\documents and settings\All Users\Application Data\LIDLIC
2009-12-07 20:44 . 2009-12-07 20:44 -------- d-----w- c:\program files\Borland
2009-12-04 16:21 . 2009-12-03 22:45 249856 ------w- c:\windows\Setup1.exe
2009-12-04 16:21 . 2009-12-03 22:45 73216 ----a-w- c:\windows\ST6UNST.EXE
2009-12-04 06:35 . 2009-10-02 11:56 -------- d-----w- c:\program files\InstallShield Installation Information
2009-12-03 20:20 . 2009-12-03 20:20 -------- d-----w- c:\program files\Common Files\Business Objects
2009-11-27 21:40 . 2009-11-27 21:40 152576 ----a-w- c:\documents and settings\Giga\Application Data\Sun\Java\jre1.6.0_17\lzma.dll
2009-11-27 21:39 . 2009-11-27 21:39 79488 ----a-w- c:\documents and settings\Giga\Application Data\Sun\Java\jre1.6.0_17\gtapi.dll
2009-11-16 06:19 . 2009-11-16 06:19 3351812 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{4C911A61-39EA-41CC-AB3C-FE3BFFDB5F78}\Installer\CommonCustomActions\msxml6Exec.exe
2009-11-16 06:19 . 2009-11-16 06:19 36864 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{4C911A61-39EA-41CC-AB3C-FE3BFFDB5F78}\Installer\CommonCustomActions\Sleep.exe
2009-11-16 06:19 . 2009-11-16 06:19 3203453 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{4C911A61-39EA-41CC-AB3C-FE3BFFDB5F78}\Installer\CommonCustomActions\vcredistExec.exe
2009-11-16 06:09 . 2009-11-16 06:20 24565400 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{4C911A61-39EA-41CC-AB3C-FE3BFFDB5F78}\NokiaSoftwareUpdaterSetup_hr.exe
2009-11-03 00:51 . 2009-11-03 00:51 9728 ----a-w- c:\windows\system32\wceprv.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-04-15 13750272]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-04-15 86016]
"nwiz"="nwiz.exe" [2009-04-15 1657376]
"ETDWare"="c:\program files\Elantech\ETDCtrl.exe" [2009-04-21 534528]
"AmIcoSinglun"="c:\program files\AmIcoSingLun\AmIcoSinglun.exe" [2008-09-30 237568]
"MsgTranAgt"="c:\program files\ASUS\ATK Hotkey\MsgTranAgt.exe" [2008-08-18 117304]
"HControlUser"="c:\program files\ASUS\ATK Hotkey\HControlUser.exe" [2008-08-18 98304]
"ATKHOTKEY"="c:\program files\ASUS\ATK Hotkey\HControl.exe" [2009-03-20 174648]
"ATKOSD2"="c:\program files\ASUS\ATKOSD2\ATKOSD2.exe" [2009-03-04 8392704]
"RTHDCPL"="RTHDCPL.EXE" [2009-03-24 17567744]
"ATKMEDIA"="c:\program files\ASUS\ATK Media\DMedia.exe" [2009-04-20 159744]
"ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-08-11 249856]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-08-11 81920]
"CertificateRegistration"="SafeSignCertReg.exe" [2004-02-17 28672]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-11 149280]
"nod32kui"="c:\program files\Eset\nod32kui.exe" [2010-01-08 950664]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Certificate Manager.lnk - c:\program files\sentryPM\TokenManager\spmTMcertManager.exe [2005-9-24 45056]

[HKLM\~\startupfolder\C:^Documents and Settings^Giga^Start Menu^Programs^Startup^Adobe Gamma.lnk]
path=c:\documents and settings\Giga\Start Menu\Programs\Startup\Adobe Gamma.lnk
backup=c:\windows\pss\Adobe Gamma.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2009-02-27 15:10 35696 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CryptLoad]
2007-10-26 20:20 143360 ----a-w- c:\documents and settings\Giga\Desktop\CryptLoad_1.1.6\CryptLoad_1.1.6\RouterClient.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LanguageShortcut]
2006-04-13 09:09 49152 ----a-w- c:\program files\CyberLink\PowerDVD\Language\Language.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
2009-07-26 14:44 3883840 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
2005-12-07 20:57 30208 ------w- c:\program files\CyberLink\PowerDVD\PDVDServ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2009-09-02 13:27 25623336 ----a-r- c:\program files\Skype\Phone\Skype.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SRS Premium Sound]
2009-04-07 08:02 3405048 ----a-w- c:\program files\SRS Labs\SRS Premium Sound\SRSPremiumSoundBig_Small.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2009-10-11 03:17 149280 ----a-w- c:\program files\Java\jre6\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Wireless Console 3]
2009-04-17 14:04 1593344 ----a-w- c:\program files\ASUS\Wireless Console 3\wcourier.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Opera\\opera.exe"=

R1 nod32drv;nod32drv;c:\windows\system32\drivers\nod32drv.sys [09.01.10 12:17 AM 15424]
R2 SRS_VolSync_Service;SRS Volume Sync Service;c:\program files\SRS Labs\SRS Premium Sound\SRS_VolSync.exe [07.04.09 9:04 AM 70880]
R3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\drivers\ETD.sys [02.10.09 12:55 PM 89856]
R3 SRS_PremiumSound_Service;SRS Labs Premium Sound;c:\windows\system32\drivers\SRS_PremiumSound_i386.sys [02.10.09 1:03 PM 233128]
S2 pgsql-8.2;PostgreSQL Database Server 8.2;c:\fiposoft\PostgreSQL\8.2\bin\pg_ctl.exe runservice -w -N "pgsql-8.2" -D "c:\fiposoft\PostgreSQL\8.2\data\" --> c:\fiposoft\PostgreSQL\8.2\bin\pg_ctl.exe runservice -w -N pgsql-8.2 [?]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [02.10.09 12:59 PM 1684736]
S3 ASUSProcObsrv;ASUS Process Creation/Termination Observer;\??\e:\i386\AsProcOb.sys --> e:\i386\AsProcOb.sys [?]
S3 CRFILTER;USB Mass Storage Filter;c:\windows\system32\drivers\CRFILTER.sys [07.04.08 7:00 AM 6656]
S3 TodosAgmII;Driver for Todos Argosmini II USB;c:\windows\system32\drivers\AgmIIusb.sys [05.10.09 10:04 PM 22016]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Contents of the 'Scheduled Tasks' folder

2010-01-22 c:\windows\Tasks\1-Click Maintenance.job
- c:\program files\TuneUp Utilities 2007\SystemOptimizer.exe [2006-12-19 14:53]

2010-01-30 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-06 21:47]

2010-01-31 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-06 21:47]

2010-01-31 c:\windows\Tasks\User_Feed_Synchronization-{CEDF62F5-1E1D-44FB-BAB1-F9D3799F87D7}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 03:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.rs/
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
LSP: c:\windows\system32\imon.dll
TCP: {E9F10570-E627-4DBA-BF3D-80E475263975} = 208.67.222.222 208.67.220.220
DPF: {76326493-E84F-4D4B-939C-1E07B50037F2} - hxxps://online.bancaintesabeograd.com/RetailDLL/SGCMSCCD.DLL
DPF: {A7C346A3-B076-46B3-97F0-D00F6B479451} - hxxps://online.bancaintesabeograd.com/RetailDLL/FSINT.dll
FF - ProfilePath - c:\documents and settings\Giga\Application Data\Mozilla\Firefox\Profiles\psj5yi8z.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.rs/
FF - component: c:\program files\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Update\1.2.183.13\npGoogleOneClick8.dll

---- FIREFOX POLICIES ----
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: content.max.tokenizing.time - 200000
FF - user.js: content.notify.interval - 100000
FF - user.js: content.switch.threshold - 650000
FF - user.js: nglayout.initialpaint.delay - 300
.
- - - - ORPHANS REMOVED - - - -

MSConfigStartUp-run32 - c:\win\lsass.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-01-31 09:31
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'lsass.exe'(788)
c:\windows\system32\imon.dll
.
Completion time: 2010-01-31 09:32:06
ComboFix-quarantined-files.txt 2010-01-31 08:32

Pre-Run: 14,150,389,760 bytes free
Post-Run: 14,271,582,208 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

- - End Of File - - EE709A36A560EABDB0C132949003415B
[ kristi1 @ 31.01.2010. 09:12 ] @
Skini alat i pocisti ostatke Avire http://dl.antivir.de/down/windows/registrycleaner_en.zip
Obrisi ikonicu Combofixa i foldere:
c:\combofix
c:\qoobox
Iskljuci system restore, restartuj pa ukljuci SR.
[ peralaza @ 02.02.2010. 20:32 ] @
Hvala najlepše!