Problem sa shut down-om i task manager-om

Problem sa shut down-om i task manager-om

offline
  • Pridružio: 20 Jun 2007
  • Poruke: 24
  • Gde živiš: Podgorica

Nema mi ikonice shut down, a ni run kad otvorim start. Citao sam vec kako treba da udjem u run i ukucavam nesto grepid ali kad pritisnem windows dugme i run pise mi ovo: This operation has been cancelled due to restrictions in effect on this computer. Please contact your computer administrator.
Takodje kad pritisnem ctrl alt del nema mi task managera.
Molim vas pomagajte...

offline
  • Pridružio: 04 Sep 2003
  • Poruke: 24135
  • Gde živiš: Wien

Pogledaj sledecu temu:
http://www.mycity.rs/Ambulanta/Kako-otvoriti-temu-u-Ambulanti.html

Tu imas uputstvo kako da nam ovde postavis HijackThis log.
Zamolio bih te da to uradis, pa da odatle krenemo.

offline
  • Pridružio: 20 Jun 2007
  • Poruke: 24
  • Gde živiš: Podgorica

Logfile of HijackThis v1.99.1
Scan saved at 8:15:41 PM, on 2/11/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Nokia\Nokia Software Launcher\NSLauncher.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\Program Files\Orbitdownloader\orbitdm.exe
C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
C:\Program Files\Orbitdownloader\orbitnet.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Korisnik\Desktop\ALATI\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = google.rs/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = securityresponse.symantec.com/avcenter/fix_homepage/
R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\4.bin\MWSSRCAS.DLL
O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files\Orbitdownloader\orbitcth.dll
O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\4.bin\MWSSRCAS.DLL
O2 - BHO: Media Holding Enterprises, LLC - {0D39A900-0F3A-4C29-A254-3E65244FDC34} - C:\Program Files\ContextTool\ContextTool-1.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton AntiVirus\osCheck.exe"
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [NSLauncher] C:\Program Files\Nokia\Nokia Software Launcher\NSLauncher.exe /startup
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [Orb] "C:\Program Files\Winamp Remote\bin\OrbTray.exe" /background
O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 - Global Startup: Orbit.lnk = C:\Program Files\Orbitdownloader\orbitdm.exe
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O8 - Extra context menu item: &Download by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/201
O8 - Extra context menu item: &Grab video by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/204
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/203
O8 - Extra context menu item: Down&load all by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/202
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{546899EA-38AD-4524-B107-539B74A988F5}: NameServer = 195.66.160.1 195.66.160.2
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h cltCommon (file missing)
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\isPwdSvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: LiveUpdate Notice Service - Unknown owner - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifEng.dll (file missing)
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: Spyware Doctor Auxiliary Service (sdAuxService) - Unknown owner - C:\Program Files\Spyware Doctor\svcntaux.exe (file missing)
O23 - Service: Spyware Doctor Service (sdCoreService) - Unknown owner - C:\Program Files\Spyware Doctor\swdsvc.exe (file missing)
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe

Imao sam Hijackthis i pre, evo pa ako sad moze pomoc. Very Happy

offline
  • Pridružio: 04 Sep 2003
  • Poruke: 24135
  • Gde živiš: Wien

Skeniraj ponovo HijackThisom, pa stikliraj polje ispred sledece linije:
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
Klikni Fix Checked

Javi sta smo uradili.

Za desetak minuta cu da pregledam ceo log, trenutno imam malko obaveza.

Dopuna: 11 Feb 2008 20:45

Zasto imas instalirana dva anti-virusa?
To obavezno prouzrokuje probleme.

===============================

Skini ComboFix sa jedne od sledecih adresa na Desktop:
http://www.techsupportforum.com/sectools/sUBs/ComboFix.exe
http://download.bleepingcomputer.com/sUBs/ComboFix.exe

Startuj ga i ne diraj prozor programa dok skenira.
Sledi uputstva na ekranu. Kada zavrsi pojavice se log (C:\ComboFix.txt) koji ces nam ovde iskopirati.

offline
  • Pridružio: 20 Jun 2007
  • Poruke: 24
  • Gde živiš: Podgorica

ComboFix 08-02-12.1 - Korisnik 2008-02-12 12:58:24.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.135 [GMT 1:00]
Running from: C:\Documents and Settings\Korisnik\Desktop\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Program Files\ContextTool
C:\Program Files\ContextTool\ContextHelper.dat
C:\Program Files\ContextTool\ContextTool-2.dll
C:\Program Files\ContextTool\pcre3.dll
C:\Program Files\ContextTool\uninstall.exe
C:\Program Files\FunWebProducts
C:\Program Files\internet explorer\msimg32.dll
C:\Program Files\MyWebSearch
C:\Program Files\MyWebSearch\bar\Settings\s_pid.dat
C:\WINDOWS\system32\f3PSSavr.scr

.
((((((((((((((((((((((((( Files Created from 2008-01-12 to 2008-02-12 )))))))))))))))))))))))))))))))
.

2008-02-08 08:21 . 2008-02-08 08:22 <DIR> d-------- C:\WINDOWS\system32\NtmsData
2008-02-06 13:29 . 2008-02-06 13:29 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\ESET
2008-02-04 19:20 . 2008-02-04 19:20 <DIR> d-------- C:\Documents and Settings\Korisnik\Application Data\Nero
2008-02-04 19:14 . 2008-02-04 19:14 <DIR> d-------- C:\Program Files\Nero
2008-02-04 19:14 . 2008-02-04 19:18 <DIR> d-------- C:\Program Files\Common Files\Nero
2008-02-04 19:14 . 2008-02-04 19:14 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Nero
2008-01-30 17:29 . 2003-02-07 00:02 424,448 --a------ C:\WINDOWS\system32\dXTList.dll
2008-01-30 17:29 . 2002-12-27 09:04 233,472 --a------ C:\WINDOWS\system32\WowCtl.dll
2008-01-30 17:29 . 2003-02-07 00:05 138,752 --a------ C:\WINDOWS\system32\dXPSystm.dll
2008-01-30 17:29 . 1999-08-30 14:08 76,560 --a------ C:\WINDOWS\system32\ImgCtls.ocx
2008-01-30 17:28 . 2003-11-25 09:53 815,584 --a------ C:\WINDOWS\system32\Actbar2.ocx
2008-01-30 17:28 . 2000-05-14 22:14 517,632 --a------ C:\WINDOWS\system32\AxTSM.ocx
2008-01-30 16:23 . 2008-01-30 16:23 <DIR> d-------- C:\Program Files\MsoSetup
2008-01-29 23:24 . 2008-01-12 18:32 23,904 --a------ C:\WINDOWS\system32\drivers\COH_Mon.sys
2008-01-29 23:24 . 2008-01-15 09:54 10,537 --a------ C:\WINDOWS\system32\drivers\COH_Mon.cat
2008-01-29 23:24 . 2008-01-15 05:28 706 --a------ C:\WINDOWS\system32\drivers\COH_Mon.inf
2008-01-18 15:36 . 2008-01-18 15:36 <DIR> d-------- C:\Program Files\Nancy Drew
2008-01-17 11:29 . 2008-01-17 11:29 <DIR> d-------- C:\Program Files\Telltale

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-12 12:02 --------- d-----w C:\Documents and Settings\Korisnik\Application Data\uTorrent
2008-02-11 19:20 --------- d-----w C:\Program Files\Windows Live Toolbar
2008-02-11 19:20 --------- d-----w C:\Program Files\Orbitdownloader
2008-02-11 17:40 --------- d-----w C:\Documents and Settings\Korisnik\Application Data\Orbit
2008-02-10 17:29 --------- d-----w C:\Program Files\mIRC
2008-02-10 12:03 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-02-06 12:33 --------- d-----w C:\Program Files\ESET
2008-02-05 15:18 --------- d-----w C:\Program Files\AdVantage
2008-02-04 17:59 --------- d-----w C:\Program Files\Ahead
2008-02-04 12:40 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-02-04 09:04 --------- d-----w C:\Documents and Settings\Korisnik\Application Data\AdobeUM
2008-02-01 10:41 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
2008-01-31 15:31 --------- d-----w C:\Documents and Settings\Korisnik\Application Data\LimeWire
2008-01-30 20:31 --------- d-----w C:\Documents and Settings\Korisnik\Application Data\Skype
2008-01-30 15:09 --------- d-----w C:\Documents and Settings\Korisnik\Application Data\skypePM
2008-01-27 17:57 --------- d-----w C:\Program Files\EBC Script Public EDITION SCRIPT(alpha release)
2008-01-27 17:30 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-01-27 12:47 --------- d-----w C:\Program Files\Norton AntiVirus
2008-01-27 12:46 805 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.INF
2008-01-27 12:46 123,952 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.SYS
2008-01-27 12:46 10,740 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.CAT
2008-01-27 12:46 --------- d-----w C:\Program Files\Symantec
2008-01-05 21:02 --------- d-----w C:\Program Files\LimeWire
2008-01-05 21:02 --------- d-----w C:\Program Files\Java
2008-01-05 21:00 --------- d-----w C:\Program Files\Common Files\Java
2008-01-05 20:04 --------- d-----w C:\Program Files\MSBuild
2008-01-05 20:04 --------- d-----w C:\Program Files\Microsoft Works
2008-01-05 20:03 --------- d-----w C:\Program Files\Microsoft.NET
2008-01-03 21:55 --------- d-----w C:\Documents and Settings\Korisnik\Application Data\Leadertech
2008-01-03 18:54 --------- d-----w C:\Documents and Settings\Korisnik\Application Data\InstallShield
2008-01-03 18:05 --------- d-----w C:\Program Files\Microsoft ActiveSync
2008-01-03 10:46 --------- d-----w C:\Documents and Settings\Korisnik\Application Data\Samsung
2008-01-02 11:46 --------- d-----w C:\Documents and Settings\Korisnik\Application Data\DAEMON Tools
2008-01-01 11:40 --------- d-----w C:\Program Files\DAEMON Tools Lite
2007-12-31 20:29 715,248 ----a-w C:\WINDOWS\system32\drivers\sptd.sys
2007-12-30 14:24 32 ----a-w C:\Documents and Settings\All Users\Application Data\ezsid.dat
2007-12-30 14:21 --------- d-----w C:\Program Files\Skype
2007-12-30 14:21 --------- d-----w C:\Program Files\Common Files\Skype
2007-12-30 14:21 --------- d-----w C:\Documents and Settings\All Users\Application Data\Skype
2007-12-26 20:08 --------- d-----w C:\Documents and Settings\All Users\Application Data\Autodesk
2007-12-26 20:07 --------- d-----w C:\Program Files\backburner 2
2007-12-23 16:44 --------- d-----w C:\Documents and Settings\Korisnik\Application Data\Datalayer
2007-12-23 16:34 --------- d-----w C:\Documents and Settings\Korisnik\Application Data\Nokia
2007-12-22 19:00 56 --sha-w C:\Documents and Settings\All Users\Application Data\dc64vg9.sys
2007-12-22 17:35 --------- d-----w C:\Documents and Settings\All Users\Application Data\PC Suite
2007-12-22 17:34 --------- d-----w C:\Documents and Settings\Korisnik\Application Data\PC Suite
2007-12-22 17:33 --------- d-----w C:\Program Files\SimpleCenter
2007-12-22 17:33 --------- d-----w C:\Program Files\Common Files\i4j_jres
2007-12-22 17:29 --------- d-----w C:\Program Files\Nokia
2007-12-22 17:28 --------- d-----w C:\Program Files\DIFX
2007-12-22 17:28 --------- d-----w C:\Program Files\Common Files\PCSuite
2007-12-22 17:28 --------- d-----w C:\Program Files\Common Files\Nokia
2007-12-22 17:26 --------- d-----w C:\Documents and Settings\All Users\Application Data\Downloaded Installations
2007-12-21 07:21 33,800 ----a-w C:\WINDOWS\system32\drivers\epfwtdir.sys
2007-12-21 07:20 30,216 ----a-w C:\WINDOWS\system32\drivers\easdrv.sys
2007-12-21 07:19 39,944 ----a-w C:\WINDOWS\system32\drivers\eamon.sys
2007-12-16 14:55 --------- d-----w C:\Program Files\Common Files\Adobe Systems Shared
2007-12-16 14:55 --------- d-----w C:\Documents and Settings\All Users\Application Data\Adobe Systems
2007-12-16 14:54 --------- d-----w C:\Program Files\Common Files\Adobe
2007-12-16 13:58 --------- d-----w C:\Program Files\Replay Converter
2007-12-13 18:09 972,072 ----a-w C:\WINDOWS\UNNeroMediaHome.exe
2007-12-04 08:59 972,072 ----a-w C:\WINDOWS\UNRecode.exe
2006-02-19 02:28 12,288 ----a-w C:\WINDOWS\Fonts\RandFont.dll
2007-03-09 07:12 27,648 --sha-w C:\WINDOWS\system32\AVSredirect.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 11:54 5674352]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-09-03 12:43 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NeroFilterCheck"="C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe" [2007-03-01 14:57 153136]
"NBKeyScan"="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2007-12-03 14:21 2213160]
"egui"="C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" [2007-12-21 08:21 1443072]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-09-03 12:43 15360]
"Picasa Media Detector"="C:\Program Files\Picasa2\PicasaMediaDetector.exe" [2007-08-17 21:48 439872]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 nwprovau

R1 epfwtdir;epfwtdir;C:\WINDOWS\system32\DRIVERS\epfwtdir.sys [2007-12-21 08:21]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0785186e-31dd-11dc-ac70-001558073e67}]
\Shell\Auto\command - Cn911.exe
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Cn911.exe

.
Contents of the 'Scheduled Tasks' folder
"2008-02-12 11:59:08 C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job"
- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
"2008-02-11 19:12:47 C:\WINDOWS\Tasks\Norton AntiVirus - Run Full System Scan - Korisnik.job"
- C:\Program Files\Norton AntiVirus\Navw32.exeh/TASK:
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net
Rootkit scan 2008-02-12 13:08:52
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
.
**************************************************************************
.
Completion time: 2008-02-12 13:11:18 - machine was rebooted
ComboFix-quarantined-files.txt 2008-02-12 12:11:13
.
2008-02-07 21:15:38 --- E O F ---



Sad je sve u redu, hvala puno !
Sto si rekao ovo u vezi antivirusa, ja ne znam kako da uklonim norton kad probam pise mi nesto kao da ne moze da se izbrise.

offline
  • Pridružio: 04 Sep 2003
  • Poruke: 24135
  • Gde živiš: Wien

Nije gotovo, ali ja moram da ti se izvinim, u guzvi sam malo.
Javljam ti se kasnije veceras, posle 9, sa daljim uputstvima.

Dopuna: 12 Feb 2008 21:13

Evo ovako:

Nortona ces deinstalirati uz pomoc odgovarajuceg Removera sa ove adrese:
http://service1.symantec.com/SUPPORT/tsgeninfo.nsf/docid/2005033108162039


Nakon toga uradi sledece:

Otvoriti Notepad i iskopirati sledeci tekst:

Registry::
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0785186e-31dd-11dc-ac70-001558073e67}]


Snimiti na Desktop fajl iz Notepada kao "CFScript"




Prevuci snimljeni skript/tekst na ComboFix ikonicu kao na slici.
Postaviti u sledecoj poruci log koji bude bio napravljen na kraju ciscenja/skeniranja.

Postavi i svez HijackThis log.

offline
  • Pridružio: 20 Jun 2007
  • Poruke: 24
  • Gde živiš: Podgorica

Hvala na pomoci !

offline
  • Pridružio: 04 Sep 2003
  • Poruke: 24135
  • Gde živiš: Wien

Daj mi logove koje sam ti zatrazio u prethodnoj poruci, da vidim koja je situacija.

Ko je trenutno na forumu
 

Ukupno su 751 korisnika na forumu :: 40 registrovanih, 5 sakrivenih i 706 gosta   ::   [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:
Korisnici trenutno na forumu: 9k38, A.R.Chafee.Jr., aljosa7, awathorn, brufen, Cobi026, Denaya, Despot1, djo97, draganca, dragon986, Dukelander, gradjanin1863, havoc995, krkalon, ladro, Libertas, manda87, MB120mm, Mercury, MikeHammer, mnn2, pein, pera12345, rodoljub, royst33, sakota79, Simon simonović, Snorks, Srki94, stegonosa, Toni, vasa.93, vathra, VJ, vlvl, voja64, vranjanac29, yrraf, zillbg