ljudi imam problem je mi se IE non stop pali i kad udjem u tast menadzer pise 4 puta da je otvoren i zauzima puno memorije. znaci sam se upali i ne vidim ga ali je ukljucen ja ga u tasku iskljucim i on se opet upali par puta.
takodje na windows 7 vecina programa odjednom ne radi i bela je ikonica, moram ponovo da ih instaliram, ne razumem u cemu je problem. Hvala

Koji antivirus imas? Skeniraj sistem sa Malwarebytes-om.

ma imam nod32 bez veze, ne znam dal je moguce ali im je i digitron crkao i opera i aimp sve zivo ;s i sad aimp uopste ne mogu da instaliram, ajde sad cu skenirati

izvinjavam se sto pisem post za postom ali moram da bi cvrle video da sam skenirao

evo ovo je nasao, sad sam izbrisao to

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\XML (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\egui.exe (Security.Hijack) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\EKRN.exe (Security.Hijack) -> Delete on reboot.

Pa izgleda da tu imas ozbiljne probleme sa racunarom. Kakva je sad situacija?

evo izgleda da vise ne pali IE sam, valjda ce tako i ostati. Hvala

Nista, ali ako i dalje imas probleme koje si naveo, trebalo bi da proveris sistem sa nekim antivirusom, skenirati u Safe mode-u, preskenirati sistem sa combofix-om, gmer-om, pa ako nema poboljsanja uraditi reinstalaciju.

ne valja ovo...

Nikad ne pokretati Combofix sam na svoju ruku bez nekog supervizora!!! 

Zasto?
Prvo...evo sta kaze main publick tuto za ComboFix.
http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Drugo,ako ne verujes meni,evo sta kaze sam tvorac CF programa.
http://www.techsupportforum.com/security-center/virus-trojan-spyware-help/resolved-hjt-threads/318155-hijack-help.html#post1829551

Kakvu vrstu posledica da snosi?

Obucenu helperu su dostupne novosti i informacije o pojavi novih infekcija koje mogu da naprave haos i o tome kako povratiti stvari na svoje mesto ukoliko je neka od alatki napravila neki haos

Uvek mora da postoji neko prvi koji ce da nagrabusi ukoliko se pojavi neka nova infekcija ili sabotaza alatki. 

Puno puta se desilo da se pokaze bug u nekoj alatki, pa se to fino dokumentuje i prijavi tako da se alatka popravi.
Konkretno, za spomenuti ComboFix,ja imam u arhivi skinut sa oficijalnog sajta koji jednim pokretanje pobrise sve iz c:\documents and settings\ i c:\windows\system32\config\systemprofile\ foldera...

Koga da okrivis ukoliko je naisao na neku novu infekciju
koja ce namerno da zezne komp ukoliko pokusas da je sredis ComboFix-om? 
Licno ja imam oko pedesetak >> slucajeva gde sam video da ljudi vez dijagnose sistema pustaju CF i da im on zameni ili obrise bitan file...

itd...itd ...itd... 

sorry ako malo pametujem ali samo pokusavam da upozorim na nesmotrenu opasnost pri samostalnom pokrentanju CF-a...

Drugo...gmer je prvenstveno AntiRootkit alat,on radi dijagnostiku,ne i uklanjanje.
Ok,moguce je uklanjanje ali moras da znas sta je tu malware i postupak uklanjanja...sto nije next>>nest
http://www.gmer.net/
Dobar predlog jeste Malwarebytes...

Ma opusteno, hvala tebi na informaciji!!! Pratio sam neke forume, domace i strane i gledao kad ljudi preporucuju programe koje sam ja naveo, a i licno sam svaki koristio i nisam imao nekih problema sa njima. Hvala tebi na savetu, nisam znao da toliko moze da napravi problem Combofix.

Ja dva puta mesecno skeniram sa Anti-Malware i nikad nemam slicnih problema preporucio bih i tebi da to radis  a ne kad se nesto desi tada moze biti kasno.Znaci iz predostroznosti bar dva puta mesecno pustis ga nista ti ne smeta i ne primetis da radi.

Simicu, odradi ovo da vidimo o cemu se radi.


Skini Program DDS http://download.bleepingcomputer.com/sUBs/dds.scr
                             http://download.bleepingcomputer.com/sUBs/dds.com
Dvoklikom pokreni DDS
Sacekaj malo, izbacice ti dva loga
Kopiraj mi log DDS.txt

DS (Ver_10-11-10.01) - NTFSx86 
Run by dramz at 15:04:49.49 on Fri 11/19/2010
Internet Explorer: 8.0.7600.16385
Microsoft Windows 7 Ultimate   6.1.7600.0.1252.1.1033.18.2046.1136 [GMT 1:00]


============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\Dwm.exe
C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
C:\Windows\Explorer.EXE
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\Windows\PixArt\Pac207\Monitor.exe
C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Users\dramz\AppData\Local\Google\Update\1.2.183.39\GoogleCrashHandler.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Users\dramz\AppData\Local\Temp\Odx.exe
C:\Users\dramz\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\dramz\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files\AIMP2\AIMP2.exe
C:\Windows\system32\notepad.exe
C:\Users\dramz\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\dramz\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\dramz\Downloads\dds.scr
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uSearch Page = hxxp://www.google.com
uStart Page = hxxp://vshare.toolbarhome.com/?hp=df&t=1
uSearch Bar = hxxp://www.google.com/ie
mDefault_Page_URL = hxxp://www.yahoo.com
mStart Page = hxxp://www.yahoo.com
uURLSearchHooks: DVDVideoSoftTB Toolbar: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - c:\program files\dvdvideosofttb\tbDVDV.dll
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
mURLSearchHooks: DVDVideoSoftTB Toolbar: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - c:\program files\dvdvideosofttb\tbDVDV.dll
BHO: Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: vShare Plugin: {043c5167-00bb-4324-af7e-62013faedacf} - c:\program files\vshare\vshare_toolbar.dll
BHO: {0974BA1E-64EC-11DE-B2A5-E43756D89593} - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: CescrtHlpr Object: {64182481-4f71-486b-a045-b233bd0da8fc} - c:\program files\facemoods.com\facemoods\1.4.8.1\bh\facemoods.dll
BHO: {74322BF9-DF26-493f-B0DA-6D2FC5E6429E} - No File
BHO: DVDVideoSoftTB Toolbar: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - c:\program files\dvdvideosofttb\tbDVDV.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: DAEMON Tools Toolbar: {32099aac-c132-4136-9e9a-4e364a424e17} - c:\program files\daemon tools toolbar\DTToolbar.dll
TB: {0974BA1E-64EC-11DE-B2A5-E43756D89593} - No File
TB: DVDVideoSoftTB Toolbar: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - c:\program files\dvdvideosofttb\tbDVDV.dll
TB: {DB4E9724-F518-4dfd-9C7C-78B52103CAB9} - No File
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
TB: vShare Plugin: {043c5167-00bb-4324-af7e-62013faedacf} - c:\program files\vshare\vshare_toolbar.dll
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
uRun: [MsnMsgr] "c:\program files\windows live\messenger\MsnMsgr.Exe" /background
uRun: [Google Update] "c:\users\dramz\appdata\local\google\update\GoogleUpdate.exe" /c
uRun: [Metropolis] rundll32.exe c:\windows\system32\sshnas21.dll,GetHandle
uRun: [U36VRSFLG6] c:\users\dramz\appdata\local\temp\Odx.exe
uRun: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "c:\program files\common files\ahead\lib\NMBgMonitor.exe"
uRun: [<NO NAME>]
uRun: [NokiaOviSuite2] c:\program files\nokia\nokia ovi suite\NokiaOviSuite.exe -tray
mRun: [SSBkgdUpdate] "c:\program files\common files\scansoft shared\ssbkgdupdate\SSBkgdupdate.exe" -Embedding -boot
mRun: [RtHDVCpl] c:\program files\realtek\audio\hda\RtHDVCpl.exe -s
mRun: [egui] "c:\program files\eset\eset smart security\egui.exe" /hide /waitservice
mRun: [Monitor] c:\windows\pixart\pac207\Monitor.exe
mRun: [NeroFilterCheck] c:\program files\common files\ahead\lib\NeroCheck.exe
mRun: [NokiaMServer] c:\program files\common files\nokia\mplatform\NokiaMServer /watchfiles startup
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Free YouTube to Mp3 Converter - c:\users\dramz\appdata\roaming\dvdvideosoftiehelpers\youtubetomp3.htm
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\yinsthelper.dll
DPF: {5D6F45B3-9043-443D-A792-115447494D24} - hxxp://messenger.zone.msn.com/MessengerGamesContent/GameContent/Default/uno1/GAME_UNO1.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Handler: vsharechrome - {3F3A4B8A-86FC-43A4-BB00-6D7EBE9D4484} - c:\program files\vshare\vshare_toolbar.dll

================= FIREFOX ===================

FF - ProfilePath - c:\users\dramz\appdata\roaming\mozilla\firefox\profiles\93kbl5ih.default\

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref("network.cookie.p3plevel",             1); // 0=low, 1=medium, 2=high, 3=custom
c:\program files\mozilla firefox\greprefs\all.js - pref("network.enablePad",                   false); // Allow client to do proxy autodiscovery
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.search.param.Google.1.default", "chrome://branding/content/searchconfig.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.search.param.Google.1.custom",  "chrome://branding/content/searchconfig.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("signon.prefillForms",                 true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.safebrowsing.remoteLookups", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.safebrowsing.provider.0.updateURL", "http://sb.google.com/safebrowsing/update?client={moz:client}&appver={moz:version}&");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.safebrowsing.provider.0.lookupURL", "http://sb.google.com/safebrowsing/lookup?sourceid=firefox-antiphish&features=TrustRank&client={moz:client}&appver={moz:version}&");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.safebrowsing.provider.0.reportURL", "http://sb.google.com/safebrowsing/report?");

============= SERVICES / DRIVERS ===============

R2 eamonm;eamonm;c:\windows\system32\drivers\eamonm.sys [2010-6-24 136120]
R2 ekrn;ESET Service;c:\program files\eset\eset smart security\ekrn.exe [2010-6-24 810144]
R2 epfwwfp;epfwwfp;c:\windows\system32\drivers\epfwwfp.sys [2010-4-28 41312]
R2 StarWindServiceAE;StarWind AE Service;c:\program files\alcohol soft\alcohol 120\starwind\StarWindServiceAE.exe [2009-12-23 370688]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\nvidia corporation\3d vision\nvSCPAPISvr.exe [2010-1-11 240232]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2009-6-10 139776]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 PAC207;SoC PC-Camera;c:\windows\system32\drivers\PFC027.SYS [2006-12-5 507136]

=============== Created Last 30 ================

2010-11-18 21:06:11   --------   d-----w-   c:\users\dramz\appdata\roaming\Malwarebytes
2010-11-18 21:06:07   38160   ----a-w-   c:\windows\system32\drivers\mbamswissarmy.sys
2010-11-18 21:06:04   19096   ----a-w-   c:\windows\system32\drivers\mbam.sys
2010-11-18 21:06:04   --------   d-----w-   c:\progra~2\Malwarebytes
2010-11-18 21:06:03   --------   d-----w-   c:\program files\Malwarebytes' Anti-Malware
2010-11-16 14:27:07   --------   d-----w-   c:\program files\Santa Claus in Trouble
2010-11-15 13:47:40   --------   d-----w-   c:\users\dramz\appdata\roaming\Nokia Ovi Suite
2010-11-15 13:41:05   --------   d-----w-   c:\users\dramz\appdata\local\NokiaAccount
2010-11-15 13:41:04   --------   d-----w-   c:\users\dramz\appdata\local\Nokia
2010-11-15 12:21:10   --------   d-----w-   c:\program files\PC Connectivity Solution
2010-11-15 12:18:36   --------   d-----w-   c:\progra~2\NokiaInstallerCache
2010-11-09 22:32:06   --------   d-----w-   c:\users\dramz\appdata\local\Ahead
2010-11-07 20:15:27   --------   d-----w-   c:\program files\TimeAdjuster
2010-11-07 20:09:05   --------   d-----w-   c:\program files\URUSoft
2010-11-04 13:33:58   --------   d-----w-   c:\program files\Eusing Free Registry Cleaner
2010-11-04 13:28:50   --------   d-----w-   c:\program files\ParetoLogic
2010-11-04 13:17:47   270336   ----a-w-   c:\windows\system32\sshnas21.dll
2010-11-04 13:13:24   --------   d-----w-   c:\users\dramz\appdata\roaming\DriverCure
2010-11-04 13:13:23   --------   d-----w-   c:\users\dramz\appdata\roaming\ParetoLogic
2010-11-04 13:13:10   --------   d-----w-   c:\progra~2\ParetoLogic
2010-11-02 16:53:07   --------   d-----w-   c:\program files\Counter-Strike 1.6
2010-10-26 19:56:59   --------   d-----w-   c:\program files\coolpro2
2010-10-24 15:07:21   --------   d-----w-   c:\program files\Veetle
2010-10-23 16:56:18   --------   d-----w-   c:\program files\vShare
2010-10-20 14:45:01   --------   d-----w-   c:\users\dramz\appdata\roaming\Command and Conquer 4

==================== Find3M  ====================

2010-10-19 10:23:59   66872   ----a-w-   c:\windows\system32\PnkBstrA.exe
2010-10-19 10:23:34   183112   ----a-w-   c:\windows\system32\PnkBstrB.exe

============= FINISH: 15:05:59.20 ===============

Pronadji i proveri mi ovaj fajl na VT   http://www.virustotal.com/

c:\windows\system32\sshnas21.dll

Auuu bruka 

Iskljuci Nod privremeno.

Skini na desktop  http://download.bleepingcomputer.com/sUBs/ComboFix.exe

Pokreni CF sa desktopa i odgovaraj potvrdno za sve sto te pita
Kad zavrsi skeniranje izbacice ti log na desktop.

Zakaci mi log uz poruku.

ok odradicu to, ali koliko sam procitao Genije1 na prosloj strani je rekao da ga ne koristim 

Rekao ti je da ga ne koristis samoinicijativno, jer ne bi znao sta ces posle. Nije dovoljno pokrenuti samo CF.

Odradi kao sto sam ti napisao, imas jos jednog u startup-u, sto se moze videti iz ovog loga. Sta jos imas videcemo posle iz CF loga.

evo log

Ok sada je u redu.

U run kucaj Combofix /uninstall  enter i  potvrdi uninstall

Instaliraj sledeci program  http://amf.mycity.rs/programs/mc/mcshield/MCShield-Setup.exe

Zatim ubodi Flesku i sacekaj da je skenira i ocisti, pa mi kopiraj log da pogledam.