Otvaranje My Documents-a pri paljenju windowsa

Imao sam sličnu poteškoću kad sam sređivao komp jednom legi i završila je formatiranjem nažalost, ali ne škodi pokušati sa System Mechanicom ili Tune Up Uttilitiesom probati. Tune up ima sken koji rješava poteškoće u registryu, pa ako si siguran da si počistio sve viruse vrijedi probati.

Ne znam koliko se snalaziš u registry-u (Start->Run->Regedit).

Probaj pogledati što je navedeno pod "Shell" u ključu HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon.

Treba biti "explorer.exe".

zstef

Nasel sam taj shell i u njemu je Explorer.exe i path je dobar.

PsychoticBaklava

Tako je i slicno funkcioniral ovaj virus samo kaj je jos uz to i pink floodal playboy.com .... pa ti vidi

Skinul sam TuneUp 2009 pa prckam po njemu ali nikako da nađem gdje da to maknem kvačicu kod My Documentsa pa bih molio pomoć oko toga

Hvala svima na savjetima

Probaj ovo.

Skenira cijeli registry, i onda online analizira sve sto je u start up-u.

Pa ak ništ ne pali, onda ti je problem u registryju, možda čak i crv ili virus...

U start meniju u run utipkaj regedit.

Otvori HKEY local machine i potraži SOFTWARE/Microsoft/Windows NT/CurrentVersion/Winlogon.

Klikneš na winlogon i na desno pri kraju tablice imaš userinit, Data za to mora biti C:\windows\system32\userinit.exe, (skupa sa zarezom na kraju) a tebi je možda dvostruko (C:\windows\system32\userinit.exe,C:\windows\system32\userinit.exe). sad samo izbriši drugu vrijednost, restartaj komp i sve 5! Ako ni to ne pali, mislim da imaš gamad nekakvu negdi

Pod load mi nema nikaj, prazan je.

Hvala vam svima na strpljivom rješavanju mog problema ali nažalost još uvijek nema nikakvog napretka.

Pošto se ne razumijem previše u detalje u načinu rada Windowsa malo sam "kopao" te našao još jedan explorer.exe ali u C:\WINDOWS\SoftwareDistribution\Download\79123dd72d0f61d4ed8c7a816ed338d7 kada sam ga pokrenuo otvori mi se My Documents u Windows Exploreru. Probao sam ga privremeno maknuti ali pri paljenju windowsa opet isto.

Jeli moguce da ga neki kura* pokreće pri paljenju windwosa?

evo hijack loga

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:34:45, on 17.1.2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.exe
D:\Instalirani Programi\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\RunDll32.exe
D:\Instalirani Programi\Avira\AntiVir PersonalEdition Classic\avgnt.exe
D:\Instalirani Programi\Comodo\COMODO Internet Security\cfp.exe
C:\WINDOWS\system32\ctfmon.exe
D:\Instalirani Programi\Spybot - Search & Destroy\TeaTimer.exe
D:\Instalirani Programi\Avira\AntiVir PersonalEdition Classic\avguard.exe
D:\Instalirani Programi\Comodo\COMODO Internet Security\cmdagent.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\TUProgSt.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\MSN Messenger\usnsvc.exe
D:\Instalirani Programi\Opera\opera.exe
D:\Instalirani Programi\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.hr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home
F2 - REG:system.ini: Shell=Explorer.exe "C:\WINDOWS\explorer.exe"
O1 - Hosts: <!doctype html public "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
O1 - Hosts: <html><head><title>Yahoo! - 503 Service Temporarily Unavailable</title><style>
O1 - Hosts: /* nn4 hide */
O1 - Hosts: /*/*/
O1 - Hosts: body {font:small/1.2em arial,helvetica,clean,sans-serif;font:x-small;text-align:center;}table {font-size:inherit;font:x-small;}
O1 - Hosts: html>body {font:83%/1.2em arial,helvetica,clean,sans-serif;}input {font-size:100%;vertical-align:middle;}p, form {margin:0;padding:0;}
O1 - Hosts: p {padding-bottom:6px;margin-bottom:10px;}#doc {width:48.5em;margin:0 auto;border:1px solid #fff;text-align:center;}#ygma {text-align:right;margin-bottom:53px}
O1 - Hosts: h1 {font-size:135%;text-align:center;margin:0 0 15px;}legend {display:none;}fieldset {border:0 solid #fff;padding:.8em 0 .8em 4.5em;}
O1 - Hosts: form {position:relative;background:#eee;margin-bottom:15px;border:1px solid #ccc;border-width:1px 0;}
O1 - Hosts: form span {position:absolute;left:70%;top:.8em;}form a {font:78%/1.2em arial;display:block;padding-left:.8em;white-space:nowrap;background: url(http://us.i1.yimg.com/us.yimg.com/i/s/bullet.gif) no-repeat left center;}
O1 - Hosts: form .sep {display:none;}.more {text-align:center;}#ft {padding-top:10px;border-top:1px solid #999;}#ft p {text-align:center;font:78% arial;}
O1 - Hosts: /* end nn4 hide */
O1 - Hosts: </style></head>
O1 - Hosts: <body><div id="doc">
O1 - Hosts: <div id="ygma"><a href="http://us.rd.yahoo.com/503/*http://www.yahoo.com"><img
O1 - Hosts: src=http://us.i1.yimg.com/us.yimg.com/i/yahoo.gif
O1 - Hosts: width=147 height=31 border=0 alt="Yahoo!"></a><div><a
O1 - Hosts: href="http://us.rd.yahoo.com/503/*http://www.yahoo.com">Yahoo!</a>
O1 - Hosts: - <a href="http://us.rd.yahoo.com/503/*http://help.yahoo.com">Help</a></div></div>
O1 - Hosts: <div id="bd"><h1>Sorry, Service Temporarily Unavailable.</h1>
O1 - Hosts: The server is temporarily unable to service your
O1 - Hosts: request due to maintenance downtime or capacity
O1 - Hosts: problems. Please try again later.
O1 - Hosts: <P>Additionally, a 503 Service Temporarily Unavailable
O1 - Hosts: error was encountered while trying to use an ErrorDocument to handle the request.
O1 - Hosts: <p>Please check the URL for proper spelling and capitalization. If
O1 - Hosts: you're having trouble locating a destination on Yahoo!, try visiting the
O1 - Hosts: <strong><a
O1 - Hosts: href="http://us.rd.yahoo.com/503/*http://www.yahoo.com">Yahoo! home
O1 - Hosts: page</a></strong> or look through a list of <strong><a
O1 - Hosts: href="http://us.rd.yahoo.com/503/*http://docs.yahoo.com/docs/family/more/">Yahoo!'s
O1 - Hosts: online services</a></strong>. Also, you may find what you're looking for
O1 - Hosts: if you try searching below.</p>
O1 - Hosts: <form name="s1" action="http://us.rd.yahoo.com/503/*-http://search.yahoo.com/search"><fieldset>
O1 - Hosts: <legend><label for="s1p">Search the Web</label></legend>
O1 - Hosts: <input type="text" size=30 name="p" id="s1p" title="enter search terms here">
O1 - Hosts: <input type="submit" value="Search">
O1 - Hosts: <span><a href="http://us.rd.yahoo.com/503/*http://search.yahoo.com/search/options?p=">advanced search</a> <span class=sep>|</span> <a href="http://us.rd.yahoo.com/503/*http://buzz.yahoo.com">most popular</a></span>
O1 - Hosts: </fieldset></form>
O1 - Hosts: <p class="more">Please try <strong><a
O1 - Hosts: href="http://us.rd.yahoo.com/503/*http://help.yahoo.com">Yahoo!
O1 - Hosts: Help Central</a></strong> if you need more assistance.</p>
O1 - Hosts: </div><div id="ft"><p>Copyright &copy; 2009 Yahoo! Inc.
O1 - Hosts: All rights reserved. <a
O1 - Hosts: href="http://us.rd.yahoo.com/503/*http://privacy.yahoo.com">Privacy
O1 - Hosts: Policy</a> - <a
O1 - Hosts: href="http://us.rd.yahoo.com/503/*http://docs.yahoo.com/info/terms/">Terms
O1 - Hosts: of Service</a></p></div>
O1 - Hosts: </div></body></html>
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [QuickTime Task] "D:\Instalirani Programi\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [avgnt] "D:\Instalirani Programi\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [COMODO Internet Security] "D:\Instalirani Programi\Comodo\COMODO Internet Security\cfp.exe" -h
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] D:\Instalirani Programi\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1225042546859
O17 - HKLM\System\CCS\Services\Tcpip\..\{2325FCB2-960D-45C9-BA35-A9778B5611BE}: NameServer = 195.29.149.196 195.29.149.197
O17 - HKLM\System\CS1\Services\Tcpip\..\{2325FCB2-960D-45C9-BA35-A9778B5611BE}: NameServer = 195.29.149.196 195.29.149.197
O20 - AppInit_DLLs: C:\WINDOWS\system32\guard32.dll
O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - D:\Instalirani Programi\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - D:\Instalirani Programi\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - Unknown owner - D:\Instalirani Programi\Comodo\COMODO Internet Security\cmdagent.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software - C:\WINDOWS\System32\TuneUpDefragService.exe
O23 - Service: TuneUp Program Statistics Service (TuneUp.ProgramStatisticsSvc) - TuneUp Software - C:\WINDOWS\System32\TUProgSt.exe

--
End of file - 10123 bytes

Vjerovatno je problem sto mu se explorer.exe podize dva puta za redom. Prvi put da se ucita i drugi put da pokaze my documents folder.

Ajde probat vidit ovo nesto u vezi ove linije F2 - REG:system.ini: Shell=Explorer.exe "C:\WINDOWS\explorer.exe"

Otvori sa Notepadom datoteku c:\windows\system.ini

Pogledaj da li imas tu shell liniju. Pobrisi je! al zapamti sto je tocno pisalo.

Resetiraj komp i testiraj.

Ako se nakon reseta kad se logiras u windowse ne pojavljuje shell,ucini alt+tab+delete i izaberi task manager,

pa File - New Task (run) i sam pokreni explorer.exe. Pa natrag vrati to sto si pobrisao...

aha, pogledaj u registryu pod HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\IniFileMapping\system.ini\boot

Javi sto si nasao, jos nista ne brisi

EDIT: Exportaj pomocu Regedita ( File - Export , pospremi u jedan file ) sve sto se nalazi u HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\IniFileMapping i to postaj na forum.

Isto tako i za HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon