Prepolovljen prikaz win explorera

1

Prepolovljen prikaz win explorera

offline
  • Pridružio: 06 Dec 2005
  • Poruke: 148

XP, SP2, ADSL

Kad otvorim win explorer, nema oznaka za C i D particije, nema control panela, ne mogu da promenim temu sa classic na xp, napravio bih screenshot ali nema painta, u tray baru stoji velikim slovima VIRUS ALERT!, nema nikakva ikonica i ne iskace pop up i verovatno jos brdo problema.

Nod32 ne prijavljuje nista, a evo loga hijack this-a.

Logfile of HijackThis v1.99.1
Scan saved at 00:23: VIRUS ALERT!, on 2008-07-01
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Eset\nod32krn.exe
c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe
C:\Program Files\My Lockbox\flockbox.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.6.0\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Administrator\Desktop\hj+t.exe

R3 - URLSearchHook: (no name) - {ecdee021-0d17-467f-a1ff-c7a115230949} - (no file)
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Adobe Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O2 - BHO: (no name) - {E55E1C86-434D-46F9-A253-2DE4AB3F9734} - C:\WINDOWS\system32\jkkLEVlk.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [Adobe Version Cue CS2] C:\Program Files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe
O4 - HKLM\..\Run: [flockbox] C:\Program Files\My Lockbox\flockbox.exe /a
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0\bin\jusched.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [feedreader.exe] "C:\Program Files\FeedReader30\feedreader.exe"
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AdobeUpdateManager.exe" AcPro7_0_9 -reboot 1
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: BlueSoleil.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Toolbars\Restrictions present
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra button: HP Clipbook - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: HP Smart Select - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: jkkLEVlk - C:\WINDOWS\SYSTEM32\jkkLEVlk.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Adobe Version Cue CS2 - Unknown owner - C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe" -win32service (file missing)
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: Indexing Service (CiSvc) - Unknown owner - C:\WINDOWS\system32\cisvc.exe (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe

Dopuna: 01 Jul 2008 0:36

Ovaj natpis iz tray-a VIRUS ALERT! je nestao par minuta posle postavljanja teme.

Dopuna: 01 Jul 2008 0:40

I explorer puca povremeno, pa se vraca.

offline
  • Pridružio: 07 Avg 2006
  • Poruke: 1182
  • Gde živiš: Fili Davydkovo, Moscow, Russia

Skini ComboFix sa jedne od sledecih adresa na Desktop:
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
http://www.forospyware.com/sUBs/ComboFix.exe
http://subs.geekstogo.com/ComboFix.exe

Startuj ga i ne diraj prozor programa dok skenira.
Sledi uputstva na ekranu. Kada zavrsi pojavice se log (C:\ComboFix.txt) koji ces nam ovde iskopirati.

offline
  • Pridružio: 06 Dec 2005
  • Poruke: 148

Evo loga. Posle skeniranja su se vratile neke ikonice na desktop, vratile su se i oznake particija. Vratio se i control panel, ali nije i opcija da se promeni tema sa classic na xp. Ajde videcemo dalje sta ce biti.

ComboFix 08-06-30.2 - User 2008-07-01 20:34:37.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.212 [GMT 2:00]
Running from: C:\DOCUMENTS AND SETTINGS\USER\DESKTOP\ComboFix.exe
* Resident AV is active


WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\efbq.exe
C:\WINDOWS\gfetqaxsrob.dll
C:\WINDOWS\system32\931928
C:\WINDOWS\system32\931928\931928.dll
C:\WINDOWS\system32\AutoRun.inf
C:\WINDOWS\system32\EfehQqru.ini
C:\WINDOWS\system32\EfehQqru.ini2
C:\WINDOWS\system32\khfCsqnn.dll
C:\WINDOWS\system32\nnqsCfhk.ini
C:\WINDOWS\system32\nnqsCfhk.ini2
C:\WINDOWS\system32\qXIQYJjl.ini
C:\WINDOWS\system32\qXIQYJjl.ini2

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_NPF


((((((((((((((((((((((((( Files Created from 2008-06-01 to 2008-07-01 )))))))))))))))))))))))))))))))
.

2008-06-30 22:52 . 2008-06-30 22:52 <DIR> d-------- C:\WINDOWS\resources
2008-06-30 20:57 . 2008-06-30 20:57 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-06-30 20:57 . 2008-06-30 20:59 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-06-29 15:11 . 2008-06-29 15:11 28,800 --a------ C:\WINDOWS\system32\jkkLEVlk.dll
2008-06-29 15:10 . 2008-06-29 10:49 81,920 --a------ C:\WINDOWS\tovafrnm.exe
2008-06-29 14:50 . 2008-06-29 14:50 <DIR> d-------- C:\Program Files\Common Files\Protexis
2008-06-29 14:50 . 2008-06-29 14:50 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Corel
2008-06-29 14:45 . 2008-06-29 14:45 <DIR> d-------- C:\Program Files\Corel
2008-06-29 04:09 . 2008-06-29 16:40 2,828 --ahs---- C:\Documents and Settings\All Users\Application Data\KGyGaAvL.sys
2008-06-29 04:09 . 2008-06-29 16:40 88 -r-hs---- C:\Documents and Settings\All Users\Application Data\A914F873F1.sys
2008-06-29 02:17 . 2008-06-29 02:17 <DIR> d-------- C:\Program Files\Common Files\Corel
2008-06-10 20:16 . 2008-06-30 23:47 1,143 --a------ C:\WINDOWS\WININIT.INI

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-01 18:41 --------- d-----w C:\Documents and Settings\User\Application Data\skypePM
2008-07-01 18:41 --------- d-----w C:\Documents and Settings\User\Application Data\Skype
2008-06-30 21:59 --------- d-----w C:\Program Files\CCleaner
2008-06-30 19:52 2,498 ----a-w C:\WINDOWS\system32\tmp.reg
2008-06-30 18:48 --------- d-----w C:\Program Files\Conduit
2008-06-29 13:19 --------- d-----w C:\Documents and Settings\User\Application Data\uTorrent
2008-06-29 12:57 --------- d-----w C:\Documents and Settings\User\Application Data\Corel
2008-06-29 01:43 --------- d-----w C:\Program Files\Google
2008-06-28 16:41 --------- d-----w C:\Program Files\MSN Messenger
2008-06-10 19:15 --------- d-----w C:\Program Files\GrandBilliards
2008-06-10 19:12 --------- d-----w C:\Program Files\Java
2008-06-10 18:19 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-06-10 18:19 --------- d-----w C:\Program Files\Compdesk
2008-05-14 18:58 --------- d-----w C:\Documents and Settings\User\Application Data\OpenOffice.org2
2008-05-07 03:33 --------- d-----w C:\Documents and Settings\User\Application Data\AdobeUM
2007-12-31 02:35 32 ------w C:\Documents and Settings\All Users\Application Data\ezsid.dat
2007-09-25 18:41 8,176,200 ------w C:\Program Files\bsplayer224[1].954_clip.exe
2007-09-25 17:07 14,994,264 ------w C:\Program Files\klcodec345f.exe
2007-06-28 17:17 47,360 ------w C:\Documents and Settings\User\Application Data\pcouffin.sys
2007-07-30 16:12 104 --sha-r C:\WINDOWS\system32\494BE402BC.sys
2007-09-25 02:18 10,960 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
.

------- Sigcheck -------

2005-05-25 21:07 359936 63fdfea54eb53de2d863ee454937ce1e C:\WINDOWS\$hf_mig$\KB893066\SP2QFE\tcpip.sys
2002-12-31 14:00 360576 b2220c618b42a2212a59d91ebd6fc4b4 C:\WINDOWS\system32\dllcache\tcpip.sys
2002-12-31 14:00 360576 bb4d3a8e6f7eb1d370bc4ad27ab23368 C:\WINDOWS\system32\drivers\tcpip.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E55E1C86-434D-46F9-A253-2DE4AB3F9734}]
2008-06-29 15:11 28800 --a------ C:\WINDOWS\system32\jkkLEVlk.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2002-12-31 14:00 15360]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.Exe" [2007-01-19 12:54 5674352]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2008-02-01 18:22 21898024]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-26 16:18 68856]
"feedreader.exe"="C:\Program Files\FeedReader30\feedreader.exe" [2008-01-23 13:40 1339392]
"updateMgr"="C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AdobeUpdateManager.exe" [2006-03-30 17:45 313472]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"nod32kui"="C:\Program Files\Eset\nod32kui.exe" [2007-06-04 14:42 917504]
"Acrobat Assistant 7.0"="C:\Program Files\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe" [2006-01-12 21:52 483328]
"Adobe Version Cue CS2"="C:\Program Files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe" [2005-04-04 19:58 856064]
"flockbox"="C:\Program Files\My Lockbox\flockbox.exe" [2007-12-14 17:59 1071472]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2007-03-11 22:34 49152]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2008-03-31 15:21 185896]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0\bin\jusched.exe" [2007-10-10 23:16 77824]
"nwiz"="nwiz.exe" [2006-06-01 17:22 1519616 C:\WINDOWS\system32\nwiz.exe]
"RTHDCPL"="RTHDCPL.EXE" [2006-08-13 00:35 16049664 C:\WINDOWS\RTHDCPL.EXE]
"SkyTel"="SkyTel.EXE" [2006-08-13 00:35 2879488 C:\WINDOWS\SkyTel.exe]
"AGRSMMSG"="AGRSMMSG.exe" [2005-06-30 07:16 88203 C:\WINDOWS\AGRSMMSG.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2002-12-31 14:00 15360]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.Exe" [2007-01-19 12:54 5674352]
"msnsc"="C:\WINDOWS\system32\msnsc.exe" [2002-12-31 14:00 62054]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Acrobat Speed Launcher.lnk - C:\WINDOWS\Installer\{AC76BA86-1033-0000-7760-000000000002}\SC_Acrobat.exe [2007-11-14 16:24:29 25214]
Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 20:16:50 113664]
BlueSoleil.lnk - C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe [2007-08-19 19:02:08 1183744]
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2007-03-11 22:26:24 210520]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"ForceClassicControlPanel"= 1 (0x1)
"NoSMConfigurePrograms"= 1 (0x1)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{E55E1C86-434D-46F9-A253-2DE4AB3F9734}"= "C:\WINDOWS\system32\jkkLEVlk.dll" [2008-06-29 15:11 28800]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\jkkLEVlk]
2008-06-29 15:11 28800 C:\WINDOWS\system32\jkkLEVlk.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.iv41"= ir41_32.dll
"VIDC.X264"= x264vfw.dll
"VIDC.3iv2"= 3ivxVfWCodec.dll
"VIDC.HFYU"= huffyuv.dll
"vidc.i263"= i263_32.drv
"msacm.l3fhg"= mp3fhg.acm
"msacm.divxa32"= divxa32.acm
"msacm.imc"= imc32.acm
"VIDC.YV12"= yv12vfw.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Version Cue CS2]
--a------ 2005-04-04 19:58 856064 C:\Program Files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeUpdater]
--a------ 2007-04-04 15:41 970752 C:\Program Files\Common Files\Adobe\Updater\AdobeUpdater.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"=
"C:\\Program Files\\uTorrent\\utorrent.exe"=
"C:\\Program Files\\TVUPlayer\\TVUPlayer.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\PPStream\\PPStream.exe"=
"C:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"C:\\Program Files\\TVAnts\\Tvants.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=

R0 jahci;jahci;C:\WINDOWS\system32\drivers\jahci.sys [2002-12-31 14:00]
R0 MPRIFL;MPRIFL;C:\WINDOWS\system32\DRIVERS\MPRIFL.SYS [2007-12-13 21:13]
R2 PSI_SVC_2;Protexis Licensing V2;"c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe" [2007-07-24 11:15]
S2 agrsm;Agere Modem Driver;C:\WINDOWS\system32\agrsmnt.sys [2005-06-30 07:44]
S3 axsaki;axsaki;C:\WINDOWS\system32\DRIVERS\axsaki.sys [2003-03-30 22:38]
S3 axskbus;axskbus;C:\WINDOWS\system32\DRIVERS\axskbus.sys [2003-03-28 12:58]
S3 iadusb;MT882;C:\WINDOWS\system32\DRIVERS\glauiad.sys [2006-03-20 09:32]
S3 usnjsvc;Messenger Sharing Folders USN Journal Reader service;"C:\Program Files\MSN Messenger\usnsvc.exe" [2007-01-19 12:54]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{066c78ae-4827-11dc-b3ce-82265f91ad43}]
\Shell\AutoRun\command - E:\Autorun.exe

.
Contents of the 'Scheduled Tasks' folder
"2008-06-28 18:24:00 C:\WINDOWS\Tasks\Uniblue SpeedUpMyPC Nag.job"
- C:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe
"2008-02-19 19:24:05 C:\WINDOWS\Tasks\Uniblue SpeedUpMyPC.job"
- C:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe
.
- - - - ORPHANS REMOVED - - - -

WebBrowser-{ECDEE021-0D17-467F-A1FF-C7A115230949} - (no file)
SharedTaskScheduler-{91316323-2ad5-4794-9589-52a2eaa60a68} - (no file)


**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net
Rootkit scan 2008-07-01 20:40:45
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\system32\winlogon.exe
-> C:\WINDOWS\system32\jkkLEVlk.dll
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Eset\nod32krn.exe
C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\acrobat_sl.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe
.
**************************************************************************
.
Completion time: 2008-07-01 20:44:05 - machine was rebooted
ComboFix-quarantined-files.txt 2008-07-01 18:43:56
ComboFix2.txt 2008-01-16 18:10:38

Pre-Run: 3,829,297,152 bytes free
Post-Run: 3,740,921,856 bytes free

190

offline
  • Pridružio: 04 Sep 2003
  • Poruke: 24135
  • Gde živiš: Wien

Uploaduj mi sledece fajlove na analizu:
C:\WINDOWS\tovafrnm.exe
C:\WINDOWS\system32\jkkLEVlk.dll
C:\WINDOWS\WININIT.INI
C:\WINDOWS\system32\msnsc.exe

Upload uradi preko sledece forme:
http://www.mycity.rs/ambulanta-upload.php

offline
  • Pridružio: 06 Dec 2005
  • Poruke: 148

Okacio sam sva cetiri, jedan po jedan. Ako treba sva cetiri u zip, ti reci.

Hvala.

offline
  • Pridružio: 04 Sep 2003
  • Poruke: 24135
  • Gde živiš: Wien

Otvoriti Notepad i iskopirati sledeci tekst:

File::
C:\WINDOWS\tovafrnm.exe
C:\WINDOWS\system32\jkkLEVlk.dll
C:\WINDOWS\WININIT.INI
C:\WINDOWS\system32\msnsc.exe

Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E55E1C86-434D-46F9-A253-2DE4AB3F9734}]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{E55E1C86-434D-46F9-A253-2DE4AB3F9734}"=-
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\jkkLEVlk]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"msnsc"=-


Snimiti na Desktop fajl iz Notepada kao "CFScript"




Prevuci snimljeni skript/tekst na ComboFix ikonicu kao na slici.
Postaviti u sledecoj poruci log koji bude bio napravljen na kraju ciscenja/skeniranja.

offline
  • Pridružio: 06 Dec 2005
  • Poruke: 148

Evo svezeg loga.


ComboFix 08-06-30.2 - User 2008-07-01 21:36:44.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.123 [GMT 2:00]
Running from: C:\Documents and Settings\User\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\User\Desktop\CFScript.txt
* Resident AV is active


WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

FILE ::
C:\WINDOWS\system32\jkkLEVlk.dll
C:\WINDOWS\system32\msnsc.exe
C:\WINDOWS\tovafrnm.exe
C:\WINDOWS\WININIT.INI
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\jkkLEVlk.dll
C:\WINDOWS\system32\msnsc.exe
C:\WINDOWS\system32\ssqNFwtU.dll
C:\WINDOWS\system32\UtwFNqss.ini
C:\WINDOWS\system32\UtwFNqss.ini2
C:\WINDOWS\tovafrnm.exe
C:\WINDOWS\WININIT.INI

.
((((((((((((((((((((((((( Files Created from 2008-06-01 to 2008-07-01 )))))))))))))))))))))))))))))))
.

2008-06-30 22:52 . 2008-06-30 22:52 <DIR> d-------- C:\WINDOWS\resources
2008-06-30 20:57 . 2008-06-30 20:57 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-06-30 20:57 . 2008-06-30 20:59 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-06-29 14:50 . 2008-06-29 14:50 <DIR> d-------- C:\Program Files\Common Files\Protexis
2008-06-29 14:50 . 2008-06-29 14:50 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Corel
2008-06-29 14:45 . 2008-06-29 14:45 <DIR> d-------- C:\Program Files\Corel
2008-06-29 04:09 . 2008-06-29 16:40 2,828 --ahs---- C:\Documents and Settings\All Users\Application Data\KGyGaAvL.sys
2008-06-29 04:09 . 2008-06-29 16:40 88 -r-hs---- C:\Documents and Settings\All Users\Application Data\A914F873F1.sys
2008-06-29 02:17 . 2008-06-29 02:17 <DIR> d-------- C:\Program Files\Common Files\Corel

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-01 19:46 --------- d-----w C:\Documents and Settings\User\Application Data\Skype
2008-07-01 18:41 --------- d-----w C:\Documents and Settings\User\Application Data\skypePM
2008-06-30 21:59 --------- d-----w C:\Program Files\CCleaner
2008-06-30 19:52 2,498 ----a-w C:\WINDOWS\system32\tmp.reg
2008-06-30 18:48 --------- d-----w C:\Program Files\Conduit
2008-06-29 13:19 --------- d-----w C:\Documents and Settings\User\Application Data\uTorrent
2008-06-29 12:57 --------- d-----w C:\Documents and Settings\User\Application Data\Corel
2008-06-29 01:43 --------- d-----w C:\Program Files\Google
2008-06-28 16:41 --------- d-----w C:\Program Files\MSN Messenger
2008-06-10 19:15 --------- d-----w C:\Program Files\GrandBilliards
2008-06-10 19:12 --------- d-----w C:\Program Files\Java
2008-06-10 18:19 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-06-10 18:19 --------- d-----w C:\Program Files\Compdesk
2008-05-14 18:58 --------- d-----w C:\Documents and Settings\User\Application Data\OpenOffice.org2
2008-05-07 03:33 --------- d-----w C:\Documents and Settings\User\Application Data\AdobeUM
2007-12-31 02:35 32 ------w C:\Documents and Settings\All Users\Application Data\ezsid.dat
2007-09-25 18:41 8,176,200 ------w C:\Program Files\bsplayer224[1].954_clip.exe
2007-09-25 17:07 14,994,264 ------w C:\Program Files\klcodec345f.exe
2007-06-28 17:17 47,360 ------w C:\Documents and Settings\User\Application Data\pcouffin.sys
2007-07-30 16:12 104 --sha-r C:\WINDOWS\system32\494BE402BC.sys
2007-09-25 02:18 10,960 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
.

------- Sigcheck -------

2005-05-25 21:07 359936 63fdfea54eb53de2d863ee454937ce1e C:\WINDOWS\$hf_mig$\KB893066\SP2QFE\tcpip.sys
2002-12-31 14:00 360576 b2220c618b42a2212a59d91ebd6fc4b4 C:\WINDOWS\system32\dllcache\tcpip.sys
2002-12-31 14:00 360576 bb4d3a8e6f7eb1d370bc4ad27ab23368 C:\WINDOWS\system32\drivers\tcpip.sys
.
((((((((((((((((((((((((((((( snapshot@2008-07-01_20.43.31.21 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-07-01 18:39:36 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-07-01 19:44:55 2,048 --s-a-w C:\WINDOWS\bootstat.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2002-12-31 14:00 15360]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.Exe" [2007-01-19 12:54 5674352]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2008-02-01 18:22 21898024]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-26 16:18 68856]
"feedreader.exe"="C:\Program Files\FeedReader30\feedreader.exe" [2008-01-23 13:40 1339392]
"updateMgr"="C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AdobeUpdateManager.exe" [2006-03-30 17:45 313472]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"nod32kui"="C:\Program Files\Eset\nod32kui.exe" [2007-06-04 14:42 917504]
"Acrobat Assistant 7.0"="C:\Program Files\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe" [2006-01-12 21:52 483328]
"Adobe Version Cue CS2"="C:\Program Files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe" [2005-04-04 19:58 856064]
"flockbox"="C:\Program Files\My Lockbox\flockbox.exe" [2007-12-14 17:59 1071472]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2007-03-11 22:34 49152]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2008-03-31 15:21 185896]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0\bin\jusched.exe" [2007-10-10 23:16 77824]
"nwiz"="nwiz.exe" [2006-06-01 17:22 1519616 C:\WINDOWS\system32\nwiz.exe]
"RTHDCPL"="RTHDCPL.EXE" [2006-08-13 00:35 16049664 C:\WINDOWS\RTHDCPL.EXE]
"SkyTel"="SkyTel.EXE" [2006-08-13 00:35 2879488 C:\WINDOWS\SkyTel.exe]
"AGRSMMSG"="AGRSMMSG.exe" [2005-06-30 07:16 88203 C:\WINDOWS\AGRSMMSG.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2002-12-31 14:00 15360]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.Exe" [2007-01-19 12:54 5674352]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Acrobat Speed Launcher.lnk - C:\WINDOWS\Installer\{AC76BA86-1033-0000-7760-000000000002}\SC_Acrobat.exe [2007-11-14 16:24:29 25214]
Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 20:16:50 113664]
BlueSoleil.lnk - C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe [2007-08-19 19:02:08 1183744]
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2007-03-11 22:26:24 210520]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"ForceClassicControlPanel"= 1 (0x1)
"NoSMConfigurePrograms"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.iv41"= ir41_32.dll
"VIDC.X264"= x264vfw.dll
"VIDC.3iv2"= 3ivxVfWCodec.dll
"VIDC.HFYU"= huffyuv.dll
"vidc.i263"= i263_32.drv
"msacm.l3fhg"= mp3fhg.acm
"msacm.divxa32"= divxa32.acm
"msacm.imc"= imc32.acm
"VIDC.YV12"= yv12vfw.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Version Cue CS2]
--a------ 2005-04-04 19:58 856064 C:\Program Files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeUpdater]
--a------ 2007-04-04 15:41 970752 C:\Program Files\Common Files\Adobe\Updater\AdobeUpdater.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"=
"C:\\Program Files\\uTorrent\\utorrent.exe"=
"C:\\Program Files\\TVUPlayer\\TVUPlayer.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\PPStream\\PPStream.exe"=
"C:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"C:\\Program Files\\TVAnts\\Tvants.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=

R0 jahci;jahci;C:\WINDOWS\system32\drivers\jahci.sys [2002-12-31 14:00]
R0 MPRIFL;MPRIFL;C:\WINDOWS\system32\DRIVERS\MPRIFL.SYS [2007-12-13 21:13]
R2 PSI_SVC_2;Protexis Licensing V2;"c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe" [2007-07-24 11:15]
S2 agrsm;Agere Modem Driver;C:\WINDOWS\system32\agrsmnt.sys [2005-06-30 07:44]
S3 axsaki;axsaki;C:\WINDOWS\system32\DRIVERS\axsaki.sys [2003-03-30 22:38]
S3 axskbus;axskbus;C:\WINDOWS\system32\DRIVERS\axskbus.sys [2003-03-28 12:58]
S3 iadusb;MT882;C:\WINDOWS\system32\DRIVERS\glauiad.sys [2006-03-20 09:32]
S3 usnjsvc;Messenger Sharing Folders USN Journal Reader service;"C:\Program Files\MSN Messenger\usnsvc.exe" [2007-01-19 12:54]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{066c78ae-4827-11dc-b3ce-82265f91ad43}]
\Shell\AutoRun\command - E:\Autorun.exe

.
Contents of the 'Scheduled Tasks' folder
"2008-06-28 18:24:00 C:\WINDOWS\Tasks\Uniblue SpeedUpMyPC Nag.job"
- C:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe
"2008-02-19 19:24:05 C:\WINDOWS\Tasks\Uniblue SpeedUpMyPC.job"
- C:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net
Rootkit scan 2008-07-01 21:45:19
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Eset\nod32krn.exe
C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\acrobat_sl.exe
C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
.
**************************************************************************
.
Completion time: 2008-07-01 21:48:31 - machine was rebooted
ComboFix-quarantined-files.txt 2008-07-01 19:48:25
ComboFix2.txt 2008-07-01 18:44:08
ComboFix3.txt 2008-01-16 18:10:38

Pre-Run: 3,753,275,392 bytes free
Post-Run: 3,741,663,232 bytes free

176

offline
  • Pridružio: 04 Sep 2003
  • Poruke: 24135
  • Gde živiš: Wien

Kako se komp ponasa sada?
Ja u logu ne vidim vise nista sporno.

offline
  • Pridružio: 06 Dec 2005
  • Poruke: 148

Ponasa se dobro u smislu da se vise ne gubi explorer na svakih 5 sekundi. Sad sve radi kako treba.

Ono sto je ostao kao problem je da nema Painta, i da ne moze da se promeni tema sa classic na xp, nema opcija.

Moze li to mozda da se nekako sredi?

offline
  • Pridružio: 04 Sep 2003
  • Poruke: 24135
  • Gde živiš: Wien

Idi na Start > Run > kucaj mspaint u polju za upis, pa klikni OK.
Vidi da li ce Paint uopste da se pojavi.
Ukoliko se pojavi, onda ces morati sam da napravis link u meniju za Paint. Ne znam nikakvu automatsku proceduru koja bi ti to sredila.
Po defaultu, Paint ti je C:\Windows\System32\mspaint.exe

Sto se tice ovoga oko tema, nemam tacnu ideju.
Probacemo nesto, mada ne garantujem da ce da pomogne.

Preuzeti FixPolicies.exe i sacuvati ga na Desktopu.

Dvoklik na FixPolicies.exe.
U prozoru koji ce se otvoriti, na donjoj paleti poslova kliknuti na Install button.
Program ce kreirati novi folder sa imenom FixPolicies.
Uci u novi folder, i onda dvoklik na sledeci fajl koji se nalazi u njemu: Fix_Policies.cmd
Crni prozor ce se na trenutak otvoriti i onda zatvoriti.
Restartovati kompjuter kako bi izmene bile prihvacene.

Ko je trenutno na forumu
 

Ukupno su 1223 korisnika na forumu :: 35 registrovanih, 12 sakrivenih i 1176 gosta   ::   [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:
Korisnici trenutno na forumu: _Rade, amaterSRB, Bane san, BORUTUS, Brana01, cikadeda, CikaKURE, dankisha, dijica, Dimitrije Paunovic, DPera, dragoljub11987, dushan, ILGromovnik, Još malo pa deda, Karla, ladro, Leonov, lord sir giga, Magistar78, mercedesamg, milenko crazy north, milutin134, ruma, sabros, Smajser, Steeeefan, vathra, vlad the impaler, vladulns, voja64, Volkhov-M, YugoSlav, Zandar, zzapNDjuric99