Prvo, kada već ne štima nešto, tj da se sumnja na infekciju - treba instalirane antivirusne programe poisključivati (malo je problem ako su licencirani), pa pokrenuti neki OL sken.
Na primer, besplatno na:
http://www.pandasecurity.com/s...vescan/default.htm?track=80383
(ovo skeniranje se MORA obaviti iz Internet Explorera, uz prihvatanje instaliranja "pogona" za ActivX, par megabajta)

Drugo, skinuti BESPLATNI (novi!) >Spybot - Search & Destroy< sada je ver. 1.5.2.20 i poterati ceo sistem kroz njega.

Treće, ako se imao virus ili neki pametni špijun, on se lepo sakrije da ga ovi (najčešće besmisleni) logovi i ne vide!
U tom slučaju skinuti, tačnije i bez ovoga, kao neminovan alat za "ispravke grešaka" tzv >ERD Commander 2005<, narezati image na cd-disk, pa podesiti u BIOS-u startovanje sa CD-a.
Nakon podizanja sistema sa ovakvog CD-a, ući u opciju Files-managera, pa NA SVIM particijama, ako ih ima, i na svim HDD-ima ako ih ima, "otvoriti" folder <System Volume Information> i SVE iz njega obrisati!!!

Četvrto, naći poruke na ES-u oko sredjivanja tzv Services, pa sve što ne treba - posiključivati.

Peto, mnogi programi imaju uslov da idu na mrežu i ako nama to ne treba!!! Na primer, NERO, Adobeovi programi, ACDSee-ovi... U principu, osim programa za praćenje meteo-prognoze, ne treba puštati ništa. Naročito ne win-ove programe.

Šesto, treba isključiti sve automatske opcije UP-a: i u windowsu, i na ostalim programima - pa i na antivirusima i antišpijunima.

Sedmo, ne idu svi uz sve programi za odbranu i zaštitu. Ovde je reč o poznatom terminu: kolju se neki programi medjusobno. Ovde se ne oslanjati na svoje mišljenje, ukus i verovanje. Treba pratiti mnoge poruke pa izvući zaključke.

Osmo, neke opcije za totalne-početnike ne treba koristiti - zbog višestrukih razloga. Na primer, "legendarni" System restore. Iskusniji korisnici za to koriste neki graber, pravljač "slike" particije ili celog diska, pa, na pr. drže sredjeni upakovani fajl cele particije C na drugoj particiji, disku ili i na DVD-disku.

Deveto, danas je GLAVNI izvor infekcija USB-flash!!! Prvo, što se lako šire, teško otkrivaju, a napisani originalni štetni programi su najbolji do sada! Ježim se pri pomisli kada dodju na red i destruktivni, kao nekadašnji CIH...

HiJackThis! log je dobar. Iskljuci System Restore. Skini Combofix na desktop i sledi promptove. Kad pocne skeniranje ne diraj mis i tastaturu dok ne zavrsi. Posle okaci njegov log. Evo linka za Combofix:

http://download.bleepingcomputer.com/sUBs/ComboFix.exe

Zahvaljujem obojici. Evo log sa Combo fix-a:

ComboFix 08-02.05.3 - YOweetza 2008-02-09 20:56:56.1 - NTFSx86
Running from: C:\Documents and Settings\YOweetza\Desktop\ComboFix.exe
* Created a new restore point

[color=red]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/color]
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\_000003_.tmp.dll
C:\WINDOWS\system32\_000006_.tmp.dll
C:\WINDOWS\system32\_000007_.tmp.dll
C:\WINDOWS\system32\_000010_.tmp.dll
C:\WINDOWS\system32\_000013_.tmp.dll
C:\WINDOWS\system32\_000016_.tmp.dll
C:\WINDOWS\system32\_000017_.tmp.dll
C:\WINDOWS\system32\_000018_.tmp.dll
C:\WINDOWS\system32\_000024_.tmp.dll

.
((((((((((((((((((((((((( Files Created from 2008-01-09 to 2008-02-09 )))))))))))))))))))))))))))))))
.

2008-02-09 06:34 . 2008-02-09 06:34 <DIR> d-------- C:\Program Files\IrfanView
2008-02-09 03:59 . 2008-02-09 03:59 <DIR> d-------- C:\Program Files\Lavasoft
2008-02-09 03:58 . 2008-02-09 03:58 <DIR> d-------- C:\Documents and Settings\YOweetza\Application Data\Lavasoft
2008-02-01 20:05 . 2008-02-02 14:44 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-02-01 20:05 . 2008-02-01 20:05 1,409 --a------ C:\WINDOWS\QTFont.for
2008-02-01 19:49 . 2008-02-01 19:49 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Apple Computer
2008-01-27 12:51 . 2008-01-27 12:51 <DIR> d-------- C:\Program Files\QuickTime
2008-01-27 12:50 . 2008-01-27 12:50 <DIR> d-------- C:\Program Files\Xilisoft

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-09 19:55 --------- d-----w C:\Program Files\mIRC
2008-02-09 05:21 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\ACD Systems
2008-02-09 04:28 --------- d-----w C:\Program Files\DAP
2008-02-09 02:20 --------- d-----w C:\Program Files\Starcraft
2008-02-09 01:05 --------- d-----w C:\Program Files\ESET
2008-01-09 11:29 --------- d-----w C:\Program Files\Diablo II
2008-01-08 01:50 --------- d-----w C:\Program Files\Opera
2008-01-07 22:48 --------- d-----w C:\Program Files\GG Client
2008-01-04 21:27 --------- d-----w C:\Program Files\wormsarm
2008-01-04 12:28 --------- d-----w C:\Program Files\HighGrow
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 02:07 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"nod32kui"="C:\Program Files\Eset\nod32kui.exe" [2007-06-02 17:03 921600]
"DiskeeperSystray"="C:\Program Files\Executive Software\Diskeeper\DkIcon.exe" [2004-12-21 22:29 180312]
"DAEMON Tools-1033"="C:\Program Files\D-Tools\daemon.exe" [2003-03-12 18:41 77824]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\evntsvc.exe" [2007-06-08 18:00 146432]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoInstrumentation"= 1 (0x1)

[HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Start Menu^Programs^Startup^Adobe Reader Synchronizer.lnk]
backup=C:\WINDOWS\pss\Adobe Reader Synchronizer.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Start Menu^Programs^Startup^Raketa Krstarice.lnk]
backup=C:\WINDOWS\pss\Raketa Krstarice.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
--a------ 2006-10-09 10:28 139264 C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CloneCDTray]
--a------ 2005-05-19 14:47 57344 C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DiskeeperSystray]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
C:\WINDOWS\system32\dumprep 0 -k

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
--a------ 2007-08-16 19:27 5674352 C:\Program Files\MSN Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroCheck]
C:\WINDOWS\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2006-01-12 15:40 155648 C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RegistryMechanic]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SlipStream]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2007-03-10 07:07 77824 C:\Program Files\Java\jre1.6.0\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
--a------ 2007-06-08 18:00 146432 C:\Program Files\Common Files\Real\Update_OB\evntsvc.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Virtual Drive]
C:\Program Files\FarStone\VirtualDrive\vdtask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
--a------ 2006-11-03 18:20 866584 C:\Program Files\Windows Defender\MSASCui.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"WMPNetworkSvc"=3 (0x3)
"idsvc"=3 (0x3)
"wuauserv"=2 (0x2)
"Themes"=2 (0x2)
"WinDefend"=2 (0x2)
"usnjsvc"=3 (0x3)
"NBService"=3 (0x3)

R2 SVKP;SVKP;C:\WINDOWS\system32\SVKP.sys [2007-03-09 18:26]
R3 es1969;ESS 1969 Audio Driver (WDM);C:\WINDOWS\system32\drivers\es1969.sys [2001-08-17 13:19]
R3 Intels51;Intel(R) 536EP Modem;C:\WINDOWS\system32\DRIVERS\Intels51.sys [2003-05-22 16:44]
R3 st3tgbus;st3tgbus;C:\WINDOWS\system32\DRIVERS\st3tgbus.sys [2003-03-12 18:37]
R3 st3tiger;st3tiger;C:\WINDOWS\system32\DRIVERS\st3tiger.sys [2003-03-12 18:38]
S3 NtApm;NT Apm/Legacy Interface Driver;C:\WINDOWS\system32\DRIVERS\NtApm.sys [2001-08-17 14:47]
S3 p2pgasvc;Peer Networking Group Authentication;C:\WINDOWS\system32\svchost.exe [2004-08-04 02:07]
S3 p2pimsvc;Peer Networking Identity Manager;C:\WINDOWS\system32\svchost.exe [2004-08-04 02:07]
S3 p2psvc;Peer Networking;C:\WINDOWS\system32\svchost.exe [2004-08-04 02:07]
S3 PNRPSvc;Peer Name Resolution Protocol;C:\WINDOWS\system32\svchost.exe [2004-08-04 02:07]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
p2psvc REG_MULTI_SZ p2psvc p2pimsvc p2pgasvc PNRPSvc

.
Contents of the 'Scheduled Tasks' folder
"2007-06-02 16:13:44 C:\WINDOWS\Tasks\MP Scheduled Scan.job"
- C:\Program Files\Windows Defender\MpCmdRun.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-09 21:01:12
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-02-09 21:02:49
ComboFix-quarantined-files.txt 2008-02-09 20:02:24

Hajde sad okaci novi HJT! log i novi Combofix log...

HijackThis:

Logfile of HijackThis v1.99.1
Scan saved at 10:47:12 PM, on 2/9/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Executive Software\Diskeeper\DkService.exe
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\D-Tools\daemon.exe
C:\Program Files\Common Files\Real\Update_OB\evntsvc.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Opera\Opera.exe
C:\Documents and Settings\YOweetza\Desktop\HijackThis.exe

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [DiskeeperSystray] "C:\Program Files\Executive Software\Diskeeper\DkIcon.exe"
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\evntsvc.exe -osboot
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O9 - Extra button: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Program Files\Executive Software\Diskeeper\DkService.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe






ComboFix:



ComboFix 08-02.05.3 - YOweetza 2008-02-09 22:48:37.2 - NTFSx86
Running from: C:\Documents and Settings\YOweetza\Desktop\ComboFix.exe

[color=red]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/color]
.

((((((((((((((((((((((((( Files Created from 2008-01-09 to 2008-02-09 )))))))))))))))))))))))))))))))
.

2008-02-09 06:34 . 2008-02-09 06:34 <DIR> d-------- C:\Program Files\IrfanView
2008-02-09 03:59 . 2008-02-09 03:59 <DIR> d-------- C:\Program Files\Lavasoft
2008-02-09 03:58 . 2008-02-09 03:58 <DIR> d-------- C:\Documents and Settings\YOweetza\Application Data\Lavasoft
2008-02-01 20:05 . 2008-02-02 14:44 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-02-01 20:05 . 2008-02-01 20:05 1,409 --a------ C:\WINDOWS\QTFont.for
2008-02-01 19:49 . 2008-02-01 19:49 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Apple Computer
2008-01-27 12:51 . 2008-01-27 12:51 <DIR> d-------- C:\Program Files\QuickTime
2008-01-27 12:50 . 2008-01-27 12:50 <DIR> d-------- C:\Program Files\Xilisoft

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-09 19:55 --------- d-----w C:\Program Files\mIRC
2008-02-09 05:21 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\ACD Systems
2008-02-09 04:28 --------- d-----w C:\Program Files\DAP
2008-02-09 02:20 --------- d-----w C:\Program Files\Starcraft
2008-02-09 01:05 --------- d-----w C:\Program Files\ESET
2008-01-09 11:29 --------- d-----w C:\Program Files\Diablo II
2008-01-08 01:50 --------- d-----w C:\Program Files\Opera
2008-01-07 22:48 --------- d-----w C:\Program Files\GG Client
2008-01-04 21:27 --------- d-----w C:\Program Files\wormsarm
2008-01-04 12:28 --------- d-----w C:\Program Files\HighGrow
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 02:07 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"nod32kui"="C:\Program Files\Eset\nod32kui.exe" [2007-06-02 17:03 921600]
"DiskeeperSystray"="C:\Program Files\Executive Software\Diskeeper\DkIcon.exe" [2004-12-21 22:29 180312]
"DAEMON Tools-1033"="C:\Program Files\D-Tools\daemon.exe" [2003-03-12 18:41 77824]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\evntsvc.exe" [2007-06-08 18:00 146432]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoInstrumentation"= 1 (0x1)

[HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Start Menu^Programs^Startup^Adobe Reader Synchronizer.lnk]
backup=C:\WINDOWS\pss\Adobe Reader Synchronizer.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Start Menu^Programs^Startup^Raketa Krstarice.lnk]
backup=C:\WINDOWS\pss\Raketa Krstarice.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
--a------ 2006-10-09 10:28 139264 C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CloneCDTray]
--a------ 2005-05-19 14:47 57344 C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DiskeeperSystray]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
C:\WINDOWS\system32\dumprep 0 -k

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
--a------ 2007-08-16 19:27 5674352 C:\Program Files\MSN Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroCheck]
C:\WINDOWS\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2006-01-12 15:40 155648 C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RegistryMechanic]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SlipStream]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2007-03-10 07:07 77824 C:\Program Files\Java\jre1.6.0\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
--a------ 2007-06-08 18:00 146432 C:\Program Files\Common Files\Real\Update_OB\evntsvc.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Virtual Drive]
C:\Program Files\FarStone\VirtualDrive\vdtask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
--a------ 2006-11-03 18:20 866584 C:\Program Files\Windows Defender\MSASCui.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"WMPNetworkSvc"=3 (0x3)
"idsvc"=3 (0x3)
"wuauserv"=2 (0x2)
"Themes"=2 (0x2)
"WinDefend"=2 (0x2)
"usnjsvc"=3 (0x3)
"NBService"=3 (0x3)

R2 SVKP;SVKP;C:\WINDOWS\system32\SVKP.sys [2007-03-09 18:26]
R3 es1969;ESS 1969 Audio Driver (WDM);C:\WINDOWS\system32\drivers\es1969.sys [2001-08-17 13:19]
R3 Intels51;Intel(R) 536EP Modem;C:\WINDOWS\system32\DRIVERS\Intels51.sys [2003-05-22 16:44]
R3 st3tgbus;st3tgbus;C:\WINDOWS\system32\DRIVERS\st3tgbus.sys [2003-03-12 18:37]
R3 st3tiger;st3tiger;C:\WINDOWS\system32\DRIVERS\st3tiger.sys [2003-03-12 18:38]
S3 NtApm;NT Apm/Legacy Interface Driver;C:\WINDOWS\system32\DRIVERS\NtApm.sys [2001-08-17 14:47]
S3 p2pgasvc;Peer Networking Group Authentication;C:\WINDOWS\system32\svchost.exe [2004-08-04 02:07]
S3 p2pimsvc;Peer Networking Identity Manager;C:\WINDOWS\system32\svchost.exe [2004-08-04 02:07]
S3 p2psvc;Peer Networking;C:\WINDOWS\system32\svchost.exe [2004-08-04 02:07]
S3 PNRPSvc;Peer Name Resolution Protocol;C:\WINDOWS\system32\svchost.exe [2004-08-04 02:07]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
p2psvc REG_MULTI_SZ p2psvc p2pimsvc p2pgasvc PNRPSvc

.
Contents of the 'Scheduled Tasks' folder
"2007-06-02 16:13:44 C:\WINDOWS\Tasks\MP Scheduled Scan.job"
- C:\Program Files\Windows Defender\MpCmdRun.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-09 22:52:22
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-02-09 22:54:30
ComboFix-quarantined-files.txt 2008-02-09 21:54:11
ComboFix2.txt 2008-02-09 20:02:50


HVALA!

Kako sad radi paklena masina? Ima li potrebe da idemo dalje :) Logovi izgledaju dosta cisto...

Pa i predpostavljao sam da nije do ovoga. Ako mogu na ovom delu foruma da dobijem pomoc od dial-upa, bilo bi lepo. (:
Naime, kao shto rekoh u prvom postu, puca mi chesto veza chim se nakachim i posle toga ne mogu da se konektujem jer mi je shatro modem zauzet, tj. neko/neshto ga koristi, ili kad kliknem na "connect" izbaci mi 2 greshke, jedna je da ne mozhe da nadje "phonebook" a za drugu greshku ne znam. Znate li u chemu je prob.? Hvala...

Pa mozda si u pravu a mozda nisi. Bio si inficiran, pa je Combofix obrisao sledece fajlove:



Da li si mozda prckao u msconfig sa servisima:

Sry za kashnjenje, bio sam na faxu.
Da, "prchkao" sam po msconfig-u, ali sve shto sam uradio jeste da sam iskljuchio stvari tipa update check za nero i real player, virtual drive (koji sam izbrisao iz kompa jer koristim daemon, ali ima ga i dalje u start up-u, dodushe iskljuchen je), clone cd, a od windows-ovih stvarchica su windows defender (nisam bash siguran za shta sluzhi, znam da je za zashtitu rachunara, ali efikasnost...), windows cardspace, messanger sharing folder, theme i help and support (koji nikom nikad nije pomogao, pa zbog toga ga iskljuchih [krsh rachunar pa onda shto manje procesa, to bolje]) i to je to. Neshto od ovoga nisam trebao iskljuchiti? Hvala!

Uredu je. Samo sam pitao jer postoje malware-i koji iskljucuju odredjene servise. Komp bi sad trebalo da je cist. Samo mi daj shifre svih gresaka koje se pojavljuju a moguce shifre za probleme sa phone book-om su:


621 - Cannot open the phone book file.
622 - Cannot load the phone book file.
623 - Cannot find the phone book entry.
624 - Cannot write the phone book file.
625 - Invalid information found in the phone book.


Obavezno postuj i tu drugu gresku koje se nisi setio kada si nabrajao...

Chini se da je stvar reshena jer mi nije ni jednom pukla veza niti mi je izbacivalo greshke. Ako se ponovo pojavi neshto od ovoga, javicu vam. Veliko hvala svima!