Automatic Updates

1

Automatic Updates

offline
  • Pridružio: 21 Feb 2006
  • Poruke: 408

Ne mogu da pokrenem Automatic Updates. Kad kliknem Turn on,kaze da ne moze da ga pokrene.
Evo loga:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:45:04, on 6.12.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\SweetIM\Messenger\SweetIM.exe
C:\WINDOWS\system32\gdrhost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\lkcitdl.exe
C:\WINDOWS\system32\lkads.exe
C:\WINDOWS\system32\lktsrv.exe
C:\Program Files\National Instruments\Shared\Security\nidmsrv.exe
C:\WINDOWS\system32\nisvcloc.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\SolidDocuments\SolidConverterPDF\SCPDF\SolidPdfService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\uTorrent\utorrent.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Windows Live\Toolbar\wltuser.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Documents and Settings\Dule\Desktop\dfdsfsd\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: SweetIM ToolbarURLSearchHook Class - {EEE6C35D-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgHelper.dll
R3 - URLSearchHook: ChrisTV Add-on Toolbar - {1192a62b-4dbc-4d1f-b54e-d820a1be76be} - C:\Program Files\ChrisTV_Add-on\tbChri.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: ChrisTV Add-on Toolbar - {1192a62b-4dbc-4d1f-b54e-d820a1be76be} - C:\Program Files\ChrisTV_Add-on\tbChri.dll
O2 - BHO: Solid Converter PDF - {259F616C-A300-44F5-B04A-ED001A26C85C} - C:\Program Files\SolidDocuments\SolidConverterPDF\SCPDF\ExploreExtPDF.dll
O2 - BHO: Click-to-Call BHO - {5C255C8A-E604-49b4-9D64-90988571CECB} - C:\Program Files\Windows Live\Messenger\wlchtc.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - C:\PROGRA~1\FlashGet\jccatch.dll
O2 - BHO: Windows Live Toolbar Beta - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O2 - BHO: SWEETIE - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
O3 - Toolbar: Solid Converter PDF - {259F616C-A300-44F5-B04A-ED001A26C85C} - C:\Program Files\SolidDocuments\SolidConverterPDF\SCPDF\ExploreExtPDF.dll
O3 - Toolbar: &Windows Live Toolbar Beta - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: ChrisTV Add-on Toolbar - {1192a62b-4dbc-4d1f-b54e-d820a1be76be} - C:\Program Files\ChrisTV_Add-on\tbChri.dll
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\fgiebar.dll
O3 - Toolbar: SweetIM Toolbar for Internet Explorer - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [SweetIM] C:\Program Files\SweetIM\Messenger\SweetIM.exe
O4 - HKLM\..\Run: [GDR driver] gdrhost.exe
O4 - HKLM\..\RunServices: [GDR driver] gdrhost.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] ~"C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'Default user')
O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\PROGRA~1\INCRED~1\bin\resources\WebMenuImg.htm
O8 - Extra context menu item: Download All by FlashGet - C:\PROGRA~1\FlashGet\jc_all.htm
O8 - Extra context menu item: Download using FlashGet - C:\PROGRA~1\FlashGet\jc_link.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Program Files\Bonjour\ExplorerPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: (no name) - SolidConverterPDF - (no file) (HKCU)
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl-esd.sun.com/update/1.6.0/jinstall-6u3-windows-i586-jc.cab
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://news.beograd.com/AxisCamControl.ocx
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com/products/acrobat/nos/gp.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Lookout Citadel Server (LkCitadelServer) - National Instruments, Inc. - C:\WINDOWS\system32\lkcitdl.exe
O23 - Service: National Instruments PSP Server Locator (lkClassAds) - National Instruments, Inc. - C:\WINDOWS\system32\lkads.exe
O23 - Service: National Instruments Time Synchronization (lkTimeSync) - National Instruments, Inc. - C:\WINDOWS\system32\lktsrv.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: National Instruments Domain Service (NIDomainService) - National Instruments, Inc. - C:\Program Files\National Instruments\Shared\Security\nidmsrv.exe
O23 - Service: NILM License Manager - Macrovision Corporation - C:\Program Files\National Instruments\Shared\License Manager\Bin\lmgrd.exe
O23 - Service: NI Service Locator (niSvcLoc) - National Instruments Corp. - C:\WINDOWS\system32\nisvcloc.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: SolidPDFConverterReadSpool (ScReadSpool) - VoyagerSoft, LLC - C:\Program Files\SolidDocuments\SolidConverterPDF\SCPDF\SolidPdfService.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
O24 - Desktop Component 0: (no name) - http://www.fmjam.com/forum/templates/DAJ_Glass/images/icon_minipost.gif

--
End of file - 10269 bytes

offline
  • dr_Bora  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 24 Jul 2007
  • Poruke: 12280
  • Gde živiš: Höganäs, SE

Pozdrav...


Upload-uj sledeći file C:\WINDOWS\system32\gdrhost.exe

Upload link: http://www.mycity.rs/ambulanta-upload.php

offline
  • Pridružio: 21 Feb 2006
  • Poruke: 408

Nemam doticni fajl!

offline
  • dr_Bora  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 24 Jul 2007
  • Poruke: 12280
  • Gde živiš: Höganäs, SE

* Otvori Nod32 Control Center (Klik na njegovu tray ikonicu ( ) u donjem desnom uglu ekrana).
* Izaberi AMON iz Threat Protection grupe opcija.
* Na desnom panelu deštikliraj opciju File system monitor (AMON) enabled.
* Gašenje ove opcije pokazaće se kroz promenu boje Control Center-a iz zelene u crvenu.

Napomena: Ne zaboravi da uključiš ovu opciju po završetku čišćenja.




Arrow Skini ComboFix sa jedne od sledecih adresa na Desktop:
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
http://www.forospyware.com/sUBs/ComboFix.exe
http://subs.geekstogo.com/ComboFix.exe

Startuj ga i ne diraj prozor programa dok skenira.
Sledi uputstva na ekranu. Kada zavrsi pojavice se log (C:\ComboFix.txt) koji ces nam ovde iskopirati.

offline
  • Pridružio: 21 Feb 2006
  • Poruke: 408

Izvinjavam se sto me nema.

Evo loga:


ComboFix 08-12-06.06 - Dule 2008-12-07 15:57:52.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.401 [GMT 1:00]
Running from: c:\documents and settings\Dule\Desktop\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\drivers\npf.sys
c:\windows\system32\packet.dll
c:\windows\system32\wpcap.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_NPF


((((((((((((((((((((((((( Files Created from 2008-11-07 to 2008-12-07 )))))))))))))))))))))))))))))))
.

2153-01-22 02:17 . 2153-01-22 02:17 3,120 --a------ c:\windows\MF_C421.lfa
2153-01-22 02:17 . 2153-01-22 02:17 3,120 --a------ c:\windows\MF_C420.lfa
2063-09-19 06:50 . 2063-09-19 06:50 5,501 --a------ c:\windows\system32\rtclmg32.dll
2008-12-05 18:02 . 2008-12-05 21:37 <DIR> d-------- c:\documents and settings\All Users\Application Data\Sports Interactive
2008-12-05 17:43 . 2008-12-05 17:43 <DIR> d--h----- c:\program files\Zero G Registry
2008-12-05 17:43 . 2008-12-05 17:43 <DIR> d-------- c:\program files\Sports Interactive
2008-12-05 17:42 . 2008-12-05 17:42 <DIR> d--h----- c:\documents and settings\Dule\InstallAnywhere
2008-12-05 17:16 . 2008-12-05 18:11 <DIR> d-------- c:\documents and settings\Dule\Application Data\Sports Interactive
2008-12-05 14:29 . 2008-12-07 16:03 <DIR> d-a------ c:\documents and settings\All Users\Application Data\TEMP
2008-12-04 15:22 . 2008-12-06 13:09 <DIR> d-------- c:\program files\Valve
2008-12-03 23:59 . 2008-12-03 23:59 200 --a------ C:\sqmnoopt08.sqm
2008-12-03 23:59 . 2008-12-03 23:59 200 --a------ C:\sqmdata08.sqm
2008-12-02 15:21 . 2008-12-02 15:21 <DIR> d-------- C:\ATI
2008-11-29 21:43 . 2008-11-29 21:43 <DIR> d-------- c:\program files\Common Files\ATI Technologies
2008-11-29 20:07 . 2008-11-29 20:07 <DIR> d-------- c:\program files\FlashGet
2008-11-29 19:59 . 2008-11-29 19:59 23,600 --a------ c:\windows\system32\drivers\TVICHW32.SYS
2008-11-29 10:08 . 2008-12-06 15:06 183,112 --a------ c:\windows\system32\PnkBstrB.exe
2008-11-29 10:08 . 2008-12-06 15:06 138,184 --a------ c:\windows\system32\drivers\PnkBstrK.sys
2008-11-29 10:08 . 2008-11-29 10:33 66,872 --a------ c:\windows\system32\PnkBstrA.exe
2008-11-29 09:43 . 2008-11-29 09:43 <DIR> d-------- c:\documents and settings\Dule\Application Data\Leadertech
2008-11-23 18:27 . 2008-11-23 18:30 <DIR> d-------- C:\DVDVideoSoft
2008-11-23 18:25 . 2008-11-23 18:25 <DIR> d-------- c:\program files\DVDVideoSoft
2008-11-23 18:25 . 2008-11-23 18:25 <DIR> d-------- c:\program files\Common Files\DVDVideoSoft
2008-11-19 18:56 . 2008-11-19 18:56 <DIR> d-------- c:\program files\Scope
2008-11-17 20:55 . 2007-04-16 16:52 1,376 --a------ c:\windows\system32\dciman13.sys
2008-11-17 20:09 . 2008-11-17 20:09 236 --a------ C:\sqmdata07.sqm
2008-11-17 20:09 . 2008-11-17 20:09 200 --a------ C:\sqmnoopt07.sqm
2008-11-17 19:49 . 2008-11-17 20:06 <DIR> d-------- C:\CTV_TEMP
2008-11-17 19:34 . 2008-12-04 12:57 <DIR> d-------- c:\program files\ChrisTV PVR
2008-11-16 19:59 . 2008-11-16 19:59 62,752 --ah----- c:\windows\system32\mlfcache.dat
2008-11-16 19:53 . 2008-11-16 19:53 <DIR> d-------- c:\documents and settings\Dule\Application Data\Apple Computer
2008-11-16 19:52 . 2008-11-16 19:52 <DIR> d-------- c:\program files\Safari
2008-11-16 19:51 . 2008-11-16 19:51 <DIR> d-------- c:\program files\Apple Software Update
2008-11-16 19:51 . 2008-11-16 19:51 <DIR> d-------- c:\documents and settings\All Users\Application Data\Apple
2008-11-15 22:48 . 2008-11-15 22:48 230,454 --a------ C:\capt0000.bmp
2008-11-15 16:13 . 2008-11-15 16:13 <DIR> d-------- c:\program files\RelevantKnowledge
2008-11-15 16:12 . 2008-11-15 16:12 <DIR> d-------- c:\program files\Conduit
2008-11-15 16:12 . 2008-11-15 16:12 <DIR> d-------- c:\program files\ChrisTV_Add-on
2008-11-15 16:12 . 2008-12-06 12:01 <DIR> d-------- c:\program files\ChrisTV Lite
2008-11-15 14:03 . 2008-11-15 14:03 <DIR> d-------- c:\program files\KWorld Multimedia
2008-11-15 14:03 . 2004-08-04 00:56 90,624 --a------ c:\windows\system32\kswdmcap.ax
2008-11-15 14:03 . 2004-08-04 00:56 90,624 --a--c--- c:\windows\system32\dllcache\kswdmcap.ax
2008-11-15 14:03 . 2004-08-04 00:56 61,952 --a------ c:\windows\system32\kstvtune.ax
2008-11-15 14:03 . 2004-08-04 00:56 61,952 --a--c--- c:\windows\system32\dllcache\kstvtune.ax
2008-11-15 14:03 . 2004-08-04 00:56 53,760 --a------ c:\windows\system32\vfwwdm32.dll
2008-11-15 14:03 . 2004-08-04 00:56 53,760 --a--c--- c:\windows\system32\dllcache\vfwwdm32.dll
2008-11-15 14:03 . 2004-08-04 00:56 43,008 --a------ c:\windows\system32\ksxbar.ax
2008-11-15 14:03 . 2004-08-04 00:56 43,008 --a--c--- c:\windows\system32\dllcache\ksxbar.ax
2008-11-15 14:03 . 2004-08-04 00:56 28,672 --a------ c:\windows\system32\vidcap.ax
2008-11-15 14:03 . 2004-08-04 00:56 28,672 --a--c--- c:\windows\system32\dllcache\vidcap.ax
2008-11-15 14:03 . 2004-08-03 23:10 17,024 --a------ c:\windows\system32\drivers\CCDECODE.sys
2008-11-15 14:03 . 2004-08-03 23:10 17,024 --a--c--- c:\windows\system32\dllcache\ccdecode.sys
2008-11-12 23:32 . 2008-11-12 23:32 <DIR> d-------- c:\program files\MSXML 4.0

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-07 15:03 42,512 ----a-w c:\windows\system32\drivers\npf.sys
2008-12-06 22:32 --------- d-----w c:\documents and settings\Dule\Application Data\uTorrent
2008-12-06 22:05 --------- d-----w c:\documents and settings\Dule\Application Data\LimeWire
2008-12-06 17:10 --------- d-----w c:\windows\system32\config\systemprofile\Application Data\SolidDocuments
2008-12-04 14:22 --------- d--h--w c:\program files\InstallShield Installation Information
2008-12-02 22:57 --------- d-----w c:\program files\ATI Technologies
2008-12-01 20:26 --------- d-----w c:\documents and settings\Dule\Application Data\SolidDocuments
2008-11-30 22:47 --------- d-----w c:\program files\SweetIM
2008-11-29 08:34 --------- d-----w c:\program files\EA GAMES
2008-11-27 09:51 --------- d-----w c:\program files\Common Files\Adobe
2008-11-16 18:52 --------- d-----w c:\program files\Bonjour
2008-11-06 21:49 --------- d-----w c:\program files\GraphCalc
2008-10-24 11:10 453,632 ----a-w c:\windows\system32\drivers\mrxsmb.sys
2008-10-13 18:41 --------- d-----w c:\program files\Windows Live
2008-10-13 18:41 --------- d-----w c:\program files\Microsoft Office Outlook Connector
2008-10-13 18:36 --------- d-----w c:\program files\Microsoft SQL Server Compact Edition
2008-10-13 18:32 --------- d-----w c:\program files\MSN Messenger
2008-10-13 18:32 --------- d-----w c:\program files\Microsoft
2008-10-13 18:18 --------- d-----w c:\program files\Common Files\Windows Live
2008-10-13 09:42 --------- d-----w c:\program files\HT Audio
2008-10-13 09:42 --------- d-----w c:\program files\DivX
2008-10-11 23:44 --------- d-----w c:\program files\Sony Ericsson
2008-10-10 16:03 --------- d-----w c:\program files\Ulead Systems
2008-10-09 16:14 --------- d-----w c:\program files\Malwarebytes' Anti-Malware
2008-10-09 16:13 --------- d-----w c:\documents and settings\Dule\Application Data\Malwarebytes
2008-10-09 16:13 --------- d-----w c:\documents and settings\All Users\Application Data\Malwarebytes
2008-10-08 20:47 --------- d-----w c:\documents and settings\All Users\Application Data\FLEXnet
2008-10-08 20:19 --------- d-----w c:\program files\Common Files\Macrovision Shared
2006-01-23 08:32 131,072 ----a-w c:\program files\internet explorer\plugins\LV80ActiveXControl.dll
2006-06-07 12:40 132,848 ----a-w c:\program files\internet explorer\plugins\LV82ActiveXControl.dll
2007-06-13 10:23 1,220,608 --sh--r c:\windows\system32\gdrhost.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{EEE6C35D-6118-11DC-9C72-001320C79847}"= "c:\program files\SweetIM\Toolbars\Internet Explorer\mgHelper.dll" [2008-10-08 173368]
"{1192a62b-4dbc-4d1f-b54e-d820a1be76be}"= "c:\program files\ChrisTV_Add-on\tbChri.dll" [2008-07-09 1597976]

[HKEY_CLASSES_ROOT\clsid\{eee6c35d-6118-11dc-9c72-001320c79847}]
[HKEY_CLASSES_ROOT\SweetIM_URLSearchHook.ToolbarURLSearchHook.1]
[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35F-6118-11DC-9C72-001320C79847}]
[HKEY_CLASSES_ROOT\SweetIM_URLSearchHook.ToolbarURLSearchHook]

[HKEY_CLASSES_ROOT\clsid\{1192a62b-4dbc-4d1f-b54e-d820a1be76be}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1192a62b-4dbc-4d1f-b54e-d820a1be76be}]
2008-07-09 15:00 1597976 --a------ c:\program files\ChrisTV_Add-on\tbChri.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847}]
2008-10-08 12:22 1172792 --a------ c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{1192a62b-4dbc-4d1f-b54e-d820a1be76be}"= "c:\program files\ChrisTV_Add-on\tbChri.dll" [2008-07-09 1597976]
"{EEE6C35B-6118-11DC-9C72-001320C79847}"= "c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll" [2008-10-08 1172792]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{1192A62B-4DBC-4D1F-B54E-D820A1BE76BE}"= "c:\program files\ChrisTV_Add-on\tbChri.dll" [2008-07-09 1597976]
"{EEE6C35B-6118-11DC-9C72-001320C79847}"= "c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll" [2008-10-08 1172792]

[HKEY_CLASSES_ROOT\clsid\{1192a62b-4dbc-4d1f-b54e-d820a1be76be}]

[HKEY_CLASSES_ROOT\clsid\{eee6c35b-6118-11dc-9c72-001320c79847}]
[HKEY_CLASSES_ROOT\SWEETIE.SWEETIE.3]
[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}]
[HKEY_CLASSES_ROOT\SWEETIE.SWEETIE]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-08-03 15360]
"H/PC Connection Agent"="c:\program files\Microsoft ActiveSync\WCESCOMM.EXE" [2004-02-03 401491]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"nod32kui"="c:\program files\Eset\nod32kui.exe" [2008-08-01 917504]
"SweetIM"="c:\program files\SweetIM\Messenger\SweetIM.exe" [2008-11-17 111928]
"GDR driver"="gdrhost.exe" [2007-06-13 c:\windows\system32\gdrhost.exe]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]
"GDR driver"="gdrhost.exe" [2007-06-13 c:\windows\system32\gdrhost.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-08-03 15360]
"MySpaceIM"="c:\program files\MySpace\IM\MySpaceIM.exe" [2008-02-01 8699904]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.DIV3"= DivXc32.dll
"vidc.DIV4"= DivXc32f.dll
"msacm.divxa32"= DivXa32.acm
"MSACM.CEGSM"= mobilev.acm

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Remote Control.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Remote Control.lnk
backup=c:\windows\pss\Remote Control.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Ulead Photo Express 3.0 SE Calendar Checker.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Ulead Photo Express 3.0 SE Calendar Checker.lnk
backup=c:\windows\pss\Ulead Photo Express 3.0 SE Calendar Checker.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Watch.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Watch.lnk
backup=c:\windows\pss\Watch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Dule^Start Menu^Programs^Startup^Adobe Gamma.lnk]
path=c:\documents and settings\Dule\Start Menu\Programs\Startup\Adobe Gamma.lnk
backup=c:\windows\pss\Adobe Gamma.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2008-10-15 01:04 39792 c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ASUS SmartDoctor]
--a------ 2004-03-10 11:58 958464 c:\program files\ASUS\SmartDoctor\SmartDoctor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
--a------ 2006-10-09 11:28 139264 c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ChrisTV Agent]
--a------ 2008-02-11 17:01 275456 c:\program files\ChrisTV PVR\ChrisTV_Agent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools-1033]
--a------ 2004-08-22 16:05 81920 c:\program files\D-Tools\daemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\H/PC Connection Agent]
--a------ 2004-02-03 14:42 401491 c:\program files\Microsoft ActiveSync\WCESCOMM.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IncrediMail]
--a------ 2005-10-27 19:05 192555 c:\progra~1\INCRED~1\bin\IncMail.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MySpaceIM]
--a------ 2008-02-01 21:32 8699904 c:\program files\MySpace\IM\MySpaceIM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2006-01-12 16:40 155648 c:\program files\Common Files\Ahead\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sony Ericsson PC Suite]
-ra------ 2006-11-24 00:06 487424 c:\program files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2007-09-25 01:11 132496 c:\program files\Java\jre1.6.0_03\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VirtualDrive]
--a------ 2003-09-26 07:34 98304 c:\program files\FarStone\VirtualDrive\vdtask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WireLessMouse]
--a------ 2005-11-30 11:48 94208 c:\program files\Multimedia Mouse Driver\StartAutorun.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AGRSMMSG]
--a------ 2004-06-29 08:06 88363 c:\windows\AGRSMMSG.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
--a------ 2005-12-14 18:06 577536 c:\windows\soundman.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\IncrediMail\\bin\\ImNotfy.exe"=
"c:\\Program Files\\IncrediMail\\bin\\IncMail.exe"=
"c:\\Program Files\\IncrediMail\\bin\\ImpCnt.exe"=
"c:\\Program Files\\IncrediMail\\bin\\IMApp.exe"=
"c:\\Program Files\\uTorrent\\utorrent.exe"=
"c:\\Program Files\\Altium2004\\DXP.exe"=
"c:\\Program Files\\FarStone\\VirtualDrive\\MGR.exe"=
"c:\\Program Files\\Microsoft ActiveSync\\WCESCOMM.EXE"=
"c:\\WINDOWS\\system32\\winver.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Valve\\hl.exe"=

R2 BT848;KWorld TV878 Video Capture;c:\windows\system32\drivers\cxvcap.sys [2004-07-27 63232]
R2 BTXBAR;KWorld TV878 Crossbar;c:\windows\system32\drivers\CXXBAR.sys [2004-07-27 9472]
R2 CXTUNER;KWorld TV878 Tuner;c:\windows\system32\drivers\CXTUNER.sys [2004-07-27 30080]
R2 fssfltr;FssFltr;c:\windows\system32\DRIVERS\fssfltr.sys [2008-10-13 56344]
R3 FVDSCSI;FVDSCSI;c:\windows\system32\DRIVERS\fvdscsi.sys [2008-03-30 60008]
S3 ATIXPGAA;ATIXPGAA;\??\c:\program files\ASUS\SmartDoctor\ATIXPGAA.SYS [2003-10-29 11776]
S3 fsssvc;Windows Live Family Safety;"c:\program files\Windows Live\Family Safety\fsssvc.exe" [2008-09-04 512536]
S3 NPF;Netgroup Packet Filter;c:\windows\system32\drivers\npf.sys [2008-12-07 42512]
S3 se44bus;Sony Ericsson Device 068 driver (WDM);c:\windows\system32\DRIVERS\se44bus.sys [2008-04-09 61536]
S3 se44mdfl;Sony Ericsson Device 068 USB WMC Modem Filter;c:\windows\system32\DRIVERS\se44mdfl.sys [2008-04-09 9360]
S3 se44mdm;Sony Ericsson Device 068 USB WMC Modem Driver;c:\windows\system32\DRIVERS\se44mdm.sys [2008-04-09 97088]
S3 se44mgmt;Sony Ericsson Device 068 USB WMC Device Management Drivers (WDM);c:\windows\system32\DRIVERS\se44mgmt.sys [2008-04-09 88624]
S3 se44nd5;Sony Ericsson Device 068 USB Ethernet Emulation SEMC44 (NDIS);c:\windows\system32\DRIVERS\se44nd5.sys [2008-04-09 18704]
S3 se44obex;Sony Ericsson Device 068 USB WMC OBEX Interface;c:\windows\system32\DRIVERS\se44obex.sys [2008-04-09 86432]
S3 se44unic;Sony Ericsson Device 068 USB Ethernet Emulation SEMC44 (WDM);c:\windows\system32\DRIVERS\se44unic.sys [2008-04-09 90800]
.
Contents of the 'Scheduled Tasks' folder

2008-11-16 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 17:57]
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-msnmsgr - ~c:\program files\Windows Live\Messenger\msnmsgr.exe
MSConfigStartUp-4c0ceaaa - c:\windows\system32\kobjktmn.dll
MSConfigStartUp-ATIPTA - c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe
MSConfigStartUp-Gtwatch - c:\windows\gtwatch.exe
MSConfigStartUp-MsnMsgr - c:\program files\MSN Messenger\msnmsgr.exe


.
------- Supplementary Scan -------
.
uStart Page = about:blank
uInternet Settings,ProxyOverride = *.local
IE: &Add animation to IncrediMail Style Box - c:\progra~1\INCRED~1\bin\resources\WebMenuImg.htm
IE: Download All by FlashGet - c:\progra~1\FlashGet\jc_all.htm
IE: Download using FlashGet - c:\progra~1\FlashGet\jc_link.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
LSP: imon.dll
WinCE Filter: image/bmp - {86F59FAE-FB3A-11D1-AA72-00C04FAE2D4B} - c:\program files\Microsoft ActiveSync\CENETFLT.DLL
WinCE Filter: image/gif - {86F59FAE-FB3A-11D1-AA72-00C04FAE2D4B} - c:\program files\Microsoft ActiveSync\CENETFLT.DLL
WinCE Filter: image/jpeg - {86F59FAE-FB3A-11D1-AA72-00C04FAE2D4B} - c:\program files\Microsoft ActiveSync\CENETFLT.DLL
WinCE Filter: image/xbm - {86F59FAE-FB3A-11D1-AA72-00C04FAE2D4B} - c:\program files\Microsoft ActiveSync\CENETFLT.DLL
WinCE Filter: text/asp - {6C5C3074-FFAB-11d1-8EC4-00C04F98D57A} - c:\program files\Microsoft ActiveSync\CENETFLT.DLL
WinCE Filter: text/html - {6C5C3074-FFAB-11d1-8EC4-00C04F98D57A} - c:\program files\Microsoft ActiveSync\CENETFLT.DLL

O16 -: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab
c:\windows\Downloaded Program Files\Microsoft XML Parser for Java.osd
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-07 16:02:43
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKCU\Software\Microsoft\Windows\CurrentVersion\Run
msnmsgr = ~"c:\program files\Windows Live\Messenger\msnmsgr.exe" /background?

scanning hidden files ...


c:\windows\system32\wpcap.dll 240240 bytes executable

scan completed successfully
hidden files: 1

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(708-)
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'lsass.exe'(764)
c:\windows\system32\imon.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\ati2evxx.exe
c:\windows\system32\ati2evxx.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\system32\lkcitdl.exe
c:\windows\system32\lkads.exe
c:\windows\system32\lktsrv.exe
c:\program files\National Instruments\Shared\Security\nidmsrv.exe
c:\windows\system32\nisvcloc.exe
c:\program files\Eset\nod32krn.exe
c:\windows\system32\PnkBstrA.exe
c:\program files\SolidDocuments\SolidConverterPDF\SCPDF\SolidPdfService.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2008-12-07 16:07:12 - machine was rebooted
ComboFix-quarantined-files.txt 2008-12-07 15:07:09
ComboFix2.txt 2008-09-29 18:50:45

Pre-Run: 2.989.236.224 bytes free
Post-Run: 4,592,893,952 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

303 --- E O F --- 2008-12-04 11:58:46

offline
  • dr_Bora  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 24 Jul 2007
  • Poruke: 12280
  • Gde živiš: Höganäs, SE

Otvoriti Notepad i iskopirati sledeci tekst:

File::
c:\windows\system32\gdrhost.exe

Registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"GDR driver"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]
"GDR driver"=-


Snimiti na Desktop fajl iz Notepada kao "CFScript"




Prevuci snimljeni skript/tekst na ComboFix ikonicu kao na slici.
Postaviti u sledecoj poruci log koji bude bio napravljen na kraju ciscenja/skeniranja.

offline
  • Pridružio: 21 Feb 2006
  • Poruke: 408

ComboFix 08-12-06.06 - Dule 2008-12-07 17:04:48.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.421 [GMT 1:00]
Running from: c:\documents and settings\Dule\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Dule\Desktop\CFScript.txt
* Created a new restore point
* Resident AV is active


FILE ::
c:\windows\system32\gdrhost.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\drivers\npf.sys
c:\windows\system32\gdrhost.exe
c:\windows\system32\packet.dll
c:\windows\system32\wpcap.dll

.
((((((((((((((((((((((((( Files Created from 2008-11-07 to 2008-12-07 )))))))))))))))))))))))))))))))
.

2153-01-22 02:17 . 2153-01-22 02:17 3,120 --a------ c:\windows\MF_C421.lfa
2153-01-22 02:17 . 2153-01-22 02:17 3,120 --a------ c:\windows\MF_C420.lfa
2063-09-19 06:50 . 2063-09-19 06:50 5,501 --a------ c:\windows\system32\rtclmg32.dll
2008-12-05 18:02 . 2008-12-05 21:37 <DIR> d-------- c:\documents and settings\All Users\Application Data\Sports Interactive
2008-12-05 17:43 . 2008-12-05 17:43 <DIR> d--h----- c:\program files\Zero G Registry
2008-12-05 17:43 . 2008-12-05 17:43 <DIR> d-------- c:\program files\Sports Interactive
2008-12-05 17:42 . 2008-12-05 17:42 <DIR> d--h----- c:\documents and settings\Dule\InstallAnywhere
2008-12-05 17:16 . 2008-12-05 18:11 <DIR> d-------- c:\documents and settings\Dule\Application Data\Sports Interactive
2008-12-05 14:29 . 2008-12-07 16:03 <DIR> d-a------ c:\documents and settings\All Users\Application Data\TEMP
2008-12-04 15:22 . 2008-12-06 13:09 <DIR> d-------- c:\program files\Valve
2008-12-03 23:59 . 2008-12-03 23:59 200 --a------ C:\sqmnoopt08.sqm
2008-12-03 23:59 . 2008-12-03 23:59 200 --a------ C:\sqmdata08.sqm
2008-12-02 15:21 . 2008-12-02 15:21 <DIR> d-------- C:\ATI
2008-11-29 21:43 . 2008-11-29 21:43 <DIR> d-------- c:\program files\Common Files\ATI Technologies
2008-11-29 20:07 . 2008-11-29 20:07 <DIR> d-------- c:\program files\FlashGet
2008-11-29 19:59 . 2008-11-29 19:59 23,600 --a------ c:\windows\system32\drivers\TVICHW32.SYS
2008-11-29 10:08 . 2008-12-06 15:06 183,112 --a------ c:\windows\system32\PnkBstrB.exe
2008-11-29 10:08 . 2008-12-06 15:06 138,184 --a------ c:\windows\system32\drivers\PnkBstrK.sys
2008-11-29 10:08 . 2008-11-29 10:33 66,872 --a------ c:\windows\system32\PnkBstrA.exe
2008-11-29 09:43 . 2008-11-29 09:43 <DIR> d-------- c:\documents and settings\Dule\Application Data\Leadertech
2008-11-23 18:27 . 2008-11-23 18:30 <DIR> d-------- C:\DVDVideoSoft
2008-11-23 18:25 . 2008-11-23 18:25 <DIR> d-------- c:\program files\DVDVideoSoft
2008-11-23 18:25 . 2008-11-23 18:25 <DIR> d-------- c:\program files\Common Files\DVDVideoSoft
2008-11-19 18:56 . 2008-11-19 18:56 <DIR> d-------- c:\program files\Scope
2008-11-17 20:55 . 2007-04-16 16:52 1,376 --a------ c:\windows\system32\dciman13.sys
2008-11-17 20:09 . 2008-11-17 20:09 236 --a------ C:\sqmdata07.sqm
2008-11-17 20:09 . 2008-11-17 20:09 200 --a------ C:\sqmnoopt07.sqm
2008-11-17 19:49 . 2008-11-17 20:06 <DIR> d-------- C:\CTV_TEMP
2008-11-17 19:34 . 2008-12-04 12:57 <DIR> d-------- c:\program files\ChrisTV PVR
2008-11-16 19:59 . 2008-11-16 19:59 62,752 --ah----- c:\windows\system32\mlfcache.dat
2008-11-16 19:53 . 2008-11-16 19:53 <DIR> d-------- c:\documents and settings\Dule\Application Data\Apple Computer
2008-11-16 19:52 . 2008-11-16 19:52 <DIR> d-------- c:\program files\Safari
2008-11-16 19:51 . 2008-11-16 19:51 <DIR> d-------- c:\program files\Apple Software Update
2008-11-16 19:51 . 2008-11-16 19:51 <DIR> d-------- c:\documents and settings\All Users\Application Data\Apple
2008-11-15 22:48 . 2008-11-15 22:48 230,454 --a------ C:\capt0000.bmp
2008-11-15 16:13 . 2008-11-15 16:13 <DIR> d-------- c:\program files\RelevantKnowledge
2008-11-15 16:12 . 2008-11-15 16:12 <DIR> d-------- c:\program files\Conduit
2008-11-15 16:12 . 2008-11-15 16:12 <DIR> d-------- c:\program files\ChrisTV_Add-on
2008-11-15 16:12 . 2008-12-06 12:01 <DIR> d-------- c:\program files\ChrisTV Lite
2008-11-15 14:03 . 2008-11-15 14:03 <DIR> d-------- c:\program files\KWorld Multimedia
2008-11-15 14:03 . 2004-08-04 00:56 90,624 --a------ c:\windows\system32\kswdmcap.ax
2008-11-15 14:03 . 2004-08-04 00:56 90,624 --a--c--- c:\windows\system32\dllcache\kswdmcap.ax
2008-11-15 14:03 . 2004-08-04 00:56 61,952 --a------ c:\windows\system32\kstvtune.ax
2008-11-15 14:03 . 2004-08-04 00:56 61,952 --a--c--- c:\windows\system32\dllcache\kstvtune.ax
2008-11-15 14:03 . 2004-08-04 00:56 53,760 --a------ c:\windows\system32\vfwwdm32.dll
2008-11-15 14:03 . 2004-08-04 00:56 53,760 --a--c--- c:\windows\system32\dllcache\vfwwdm32.dll
2008-11-15 14:03 . 2004-08-04 00:56 43,008 --a------ c:\windows\system32\ksxbar.ax
2008-11-15 14:03 . 2004-08-04 00:56 43,008 --a--c--- c:\windows\system32\dllcache\ksxbar.ax
2008-11-15 14:03 . 2004-08-04 00:56 28,672 --a------ c:\windows\system32\vidcap.ax
2008-11-15 14:03 . 2004-08-04 00:56 28,672 --a--c--- c:\windows\system32\dllcache\vidcap.ax
2008-11-15 14:03 . 2004-08-03 23:10 17,024 --a------ c:\windows\system32\drivers\CCDECODE.sys
2008-11-15 14:03 . 2004-08-03 23:10 17,024 --a--c--- c:\windows\system32\dllcache\ccdecode.sys
2008-11-12 23:32 . 2008-11-12 23:32 <DIR> d-------- c:\program files\MSXML 4.0

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-06 22:32 --------- d-----w c:\documents and settings\Dule\Application Data\uTorrent
2008-12-06 22:05 --------- d-----w c:\documents and settings\Dule\Application Data\LimeWire
2008-12-06 17:10 --------- d-----w c:\windows\system32\config\systemprofile\Application Data\SolidDocuments
2008-12-04 14:22 --------- d--h--w c:\program files\InstallShield Installation Information
2008-12-02 22:57 --------- d-----w c:\program files\ATI Technologies
2008-12-01 20:26 --------- d-----w c:\documents and settings\Dule\Application Data\SolidDocuments
2008-11-30 22:47 --------- d-----w c:\program files\SweetIM
2008-11-29 08:34 --------- d-----w c:\program files\EA GAMES
2008-11-27 09:51 --------- d-----w c:\program files\Common Files\Adobe
2008-11-16 18:52 --------- d-----w c:\program files\Bonjour
2008-11-06 21:49 --------- d-----w c:\program files\GraphCalc
2008-10-24 11:10 453,632 ----a-w c:\windows\system32\drivers\mrxsmb.sys
2008-10-16 13:13 202,776 ----a-w c:\windows\system32\wuweb.dll
2008-10-16 13:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll
2008-10-16 13:12 561,688 ----a-w c:\windows\system32\wuapi.dll
2008-10-16 13:12 323,608 ----a-w c:\windows\system32\wucltui.dll
2008-10-16 13:09 92,696 ----a-w c:\windows\system32\cdm.dll
2008-10-16 13:09 51,224 ----a-w c:\windows\system32\wuauclt.exe
2008-10-16 13:09 43,544 ----a-w c:\windows\system32\wups2.dll
2008-10-16 13:08 34,328 ----a-w c:\windows\system32\wups.dll
2008-10-13 18:41 --------- d-----w c:\program files\Windows Live
2008-10-13 18:41 --------- d-----w c:\program files\Microsoft Office Outlook Connector
2008-10-13 18:36 --------- d-----w c:\program files\Microsoft SQL Server Compact Edition
2008-10-13 18:32 --------- d-----w c:\program files\MSN Messenger
2008-10-13 18:32 --------- d-----w c:\program files\Microsoft
2008-10-13 18:18 --------- d-----w c:\program files\Common Files\Windows Live
2008-10-13 09:42 --------- d-----w c:\program files\HT Audio
2008-10-13 09:42 --------- d-----w c:\program files\DivX
2008-10-11 23:44 --------- d-----w c:\program files\Sony Ericsson
2008-10-10 16:03 --------- d-----w c:\program files\Ulead Systems
2008-10-09 16:14 --------- d-----w c:\program files\Malwarebytes' Anti-Malware
2008-10-09 16:13 --------- d-----w c:\documents and settings\Dule\Application Data\Malwarebytes
2008-10-09 16:13 --------- d-----w c:\documents and settings\All Users\Application Data\Malwarebytes
2008-10-08 20:47 --------- d-----w c:\documents and settings\All Users\Application Data\FLEXnet
2008-10-08 20:19 --------- d-----w c:\program files\Common Files\Macrovision Shared
2008-09-30 15:43 1,286,152 ----a-w c:\windows\system32\msxml4.dll
2008-09-15 11:57 1,846,016 ----a-w c:\windows\system32\win32k.sys
2008-09-08 22:03 51,712 ----a-w c:\windows\system32\sirenacm.dll
2006-01-23 08:32 131,072 ----a-w c:\program files\internet explorer\plugins\LV80ActiveXControl.dll
2006-06-07 12:40 132,848 ----a-w c:\program files\internet explorer\plugins\LV82ActiveXControl.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{EEE6C35D-6118-11DC-9C72-001320C79847}"= "c:\program files\SweetIM\Toolbars\Internet Explorer\mgHelper.dll" [2008-10-08 173368]
"{1192a62b-4dbc-4d1f-b54e-d820a1be76be}"= "c:\program files\ChrisTV_Add-on\tbChri.dll" [2008-07-09 1597976]

[HKEY_CLASSES_ROOT\clsid\{eee6c35d-6118-11dc-9c72-001320c79847}]
[HKEY_CLASSES_ROOT\SweetIM_URLSearchHook.ToolbarURLSearchHook.1]
[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35F-6118-11DC-9C72-001320C79847}]
[HKEY_CLASSES_ROOT\SweetIM_URLSearchHook.ToolbarURLSearchHook]

[HKEY_CLASSES_ROOT\clsid\{1192a62b-4dbc-4d1f-b54e-d820a1be76be}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1192a62b-4dbc-4d1f-b54e-d820a1be76be}]
2008-07-09 15:00 1597976 --a------ c:\program files\ChrisTV_Add-on\tbChri.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847}]
2008-10-08 12:22 1172792 --a------ c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{1192a62b-4dbc-4d1f-b54e-d820a1be76be}"= "c:\program files\ChrisTV_Add-on\tbChri.dll" [2008-07-09 1597976]
"{EEE6C35B-6118-11DC-9C72-001320C79847}"= "c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll" [2008-10-08 1172792]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{1192A62B-4DBC-4D1F-B54E-D820A1BE76BE}"= "c:\program files\ChrisTV_Add-on\tbChri.dll" [2008-07-09 1597976]
"{EEE6C35B-6118-11DC-9C72-001320C79847}"= "c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll" [2008-10-08 1172792]

[HKEY_CLASSES_ROOT\clsid\{1192a62b-4dbc-4d1f-b54e-d820a1be76be}]

[HKEY_CLASSES_ROOT\clsid\{eee6c35b-6118-11dc-9c72-001320c79847}]
[HKEY_CLASSES_ROOT\SWEETIE.SWEETIE.3]
[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}]
[HKEY_CLASSES_ROOT\SWEETIE.SWEETIE]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-08-03 15360]
"H/PC Connection Agent"="c:\program files\Microsoft ActiveSync\WCESCOMM.EXE" [2004-02-03 401491]
"msnmsgr"="~c:\program files\Windows Live\Messenger\msnmsgr.exe" [BU]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"nod32kui"="c:\program files\Eset\nod32kui.exe" [2008-08-01 917504]
"SweetIM"="c:\program files\SweetIM\Messenger\SweetIM.exe" [2008-11-17 111928]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-08-03 15360]
"MySpaceIM"="c:\program files\MySpace\IM\MySpaceIM.exe" [2008-02-01 8699904]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.DIV3"= DivXc32.dll
"vidc.DIV4"= DivXc32f.dll
"msacm.divxa32"= DivXa32.acm
"MSACM.CEGSM"= mobilev.acm

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Remote Control.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Remote Control.lnk
backup=c:\windows\pss\Remote Control.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Ulead Photo Express 3.0 SE Calendar Checker.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Ulead Photo Express 3.0 SE Calendar Checker.lnk
backup=c:\windows\pss\Ulead Photo Express 3.0 SE Calendar Checker.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Watch.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Watch.lnk
backup=c:\windows\pss\Watch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Dule^Start Menu^Programs^Startup^Adobe Gamma.lnk]
path=c:\documents and settings\Dule\Start Menu\Programs\Startup\Adobe Gamma.lnk
backup=c:\windows\pss\Adobe Gamma.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2008-10-15 01:04 39792 c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ASUS SmartDoctor]
--a------ 2004-03-10 11:58 958464 c:\program files\ASUS\SmartDoctor\SmartDoctor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
--a------ 2006-10-09 11:28 139264 c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ChrisTV Agent]
--a------ 2008-02-11 17:01 275456 c:\program files\ChrisTV PVR\ChrisTV_Agent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools-1033]
--a------ 2004-08-22 16:05 81920 c:\program files\D-Tools\daemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\H/PC Connection Agent]
--a------ 2004-02-03 14:42 401491 c:\program files\Microsoft ActiveSync\WCESCOMM.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IncrediMail]
--a------ 2005-10-27 19:05 192555 c:\progra~1\INCRED~1\bin\IncMail.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MySpaceIM]
--a------ 2008-02-01 21:32 8699904 c:\program files\MySpace\IM\MySpaceIM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2006-01-12 16:40 155648 c:\program files\Common Files\Ahead\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sony Ericsson PC Suite]
-ra------ 2006-11-24 00:06 487424 c:\program files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2007-09-25 01:11 132496 c:\program files\Java\jre1.6.0_03\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VirtualDrive]
--a------ 2003-09-26 07:34 98304 c:\program files\FarStone\VirtualDrive\vdtask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WireLessMouse]
--a------ 2005-11-30 11:48 94208 c:\program files\Multimedia Mouse Driver\StartAutorun.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AGRSMMSG]
--a------ 2004-06-29 08:06 88363 c:\windows\AGRSMMSG.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
--a------ 2005-12-14 18:06 577536 c:\windows\soundman.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\IncrediMail\\bin\\ImNotfy.exe"=
"c:\\Program Files\\IncrediMail\\bin\\IncMail.exe"=
"c:\\Program Files\\IncrediMail\\bin\\ImpCnt.exe"=
"c:\\Program Files\\IncrediMail\\bin\\IMApp.exe"=
"c:\\Program Files\\uTorrent\\utorrent.exe"=
"c:\\Program Files\\Altium2004\\DXP.exe"=
"c:\\Program Files\\FarStone\\VirtualDrive\\MGR.exe"=
"c:\\Program Files\\Microsoft ActiveSync\\WCESCOMM.EXE"=
"c:\\WINDOWS\\system32\\winver.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Valve\\hl.exe"=

R2 BT848;KWorld TV878 Video Capture;c:\windows\system32\drivers\cxvcap.sys [2004-07-27 63232]
R2 BTXBAR;KWorld TV878 Crossbar;c:\windows\system32\drivers\CXXBAR.sys [2004-07-27 9472]
R2 CXTUNER;KWorld TV878 Tuner;c:\windows\system32\drivers\CXTUNER.sys [2004-07-27 30080]
R2 fssfltr;FssFltr;c:\windows\system32\DRIVERS\fssfltr.sys [2008-10-13 56344]
R3 FVDSCSI;FVDSCSI;c:\windows\system32\DRIVERS\fvdscsi.sys [2008-03-30 60008]
S3 ATIXPGAA;ATIXPGAA;\??\c:\program files\ASUS\SmartDoctor\ATIXPGAA.SYS [2003-10-29 11776]
S3 fsssvc;Windows Live Family Safety;"c:\program files\Windows Live\Family Safety\fsssvc.exe" [2008-09-04 512536]
S3 se44bus;Sony Ericsson Device 068 driver (WDM);c:\windows\system32\DRIVERS\se44bus.sys [2008-04-09 61536]
S3 se44mdfl;Sony Ericsson Device 068 USB WMC Modem Filter;c:\windows\system32\DRIVERS\se44mdfl.sys [2008-04-09 9360]
S3 se44mdm;Sony Ericsson Device 068 USB WMC Modem Driver;c:\windows\system32\DRIVERS\se44mdm.sys [2008-04-09 97088]
S3 se44mgmt;Sony Ericsson Device 068 USB WMC Device Management Drivers (WDM);c:\windows\system32\DRIVERS\se44mgmt.sys [2008-04-09 88624]
S3 se44nd5;Sony Ericsson Device 068 USB Ethernet Emulation SEMC44 (NDIS);c:\windows\system32\DRIVERS\se44nd5.sys [2008-04-09 18704]
S3 se44obex;Sony Ericsson Device 068 USB WMC OBEX Interface;c:\windows\system32\DRIVERS\se44obex.sys [2008-04-09 86432]
S3 se44unic;Sony Ericsson Device 068 USB Ethernet Emulation SEMC44 (WDM);c:\windows\system32\DRIVERS\se44unic.sys [2008-04-09 90800]
.
Contents of the 'Scheduled Tasks' folder

2008-11-16 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 17:57]
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
uInternet Settings,ProxyOverride = *.local
IE: &Add animation to IncrediMail Style Box - c:\progra~1\INCRED~1\bin\resources\WebMenuImg.htm
IE: Download All by FlashGet - c:\progra~1\FlashGet\jc_all.htm
IE: Download using FlashGet - c:\progra~1\FlashGet\jc_link.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
LSP: imon.dll
WinCE Filter: image/bmp - {86F59FAE-FB3A-11D1-AA72-00C04FAE2D4B} - c:\program files\Microsoft ActiveSync\CENETFLT.DLL
WinCE Filter: image/gif - {86F59FAE-FB3A-11D1-AA72-00C04FAE2D4B} - c:\program files\Microsoft ActiveSync\CENETFLT.DLL
WinCE Filter: image/jpeg - {86F59FAE-FB3A-11D1-AA72-00C04FAE2D4B} - c:\program files\Microsoft ActiveSync\CENETFLT.DLL
WinCE Filter: image/xbm - {86F59FAE-FB3A-11D1-AA72-00C04FAE2D4B} - c:\program files\Microsoft ActiveSync\CENETFLT.DLL
WinCE Filter: text/asp - {6C5C3074-FFAB-11d1-8EC4-00C04F98D57A} - c:\program files\Microsoft ActiveSync\CENETFLT.DLL
WinCE Filter: text/html - {6C5C3074-FFAB-11d1-8EC4-00C04F98D57A} - c:\program files\Microsoft ActiveSync\CENETFLT.DLL

O16 -: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab
c:\windows\Downloaded Program Files\Microsoft XML Parser for Java.osd
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-07 17:08:12
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKCU\Software\Microsoft\Windows\CurrentVersion\Run
msnmsgr = ~"c:\program files\Windows Live\Messenger\msnmsgr.exe" /background?

scanning hidden files ...


**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(708-)
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'lsass.exe'(764)
c:\windows\system32\imon.dll
.
Completion time: 2008-12-07 17:10:20
ComboFix-quarantined-files.txt 2008-12-07 16:09:02
ComboFix2.txt 2008-12-07 15:07:15
ComboFix3.txt 2008-09-29 18:50:45

Pre-Run: 4.585.832.448 bytes free
Post-Run: 4,585,574,400 bytes free

279 --- E O F --- 2008-12-04 11:58:46

offline
  • dr_Bora  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 24 Jul 2007
  • Poruke: 12280
  • Gde živiš: Höganäs, SE

Kakvo je trenutno stanje?

offline
  • Pridružio: 21 Feb 2006
  • Poruke: 408

Isto... Sta sad da radim?

offline
  • dr_Bora  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 24 Jul 2007
  • Poruke: 12280
  • Gde živiš: Höganäs, SE

Preuzmi sledeći file na Desktop: http://djlizard.net.nyud.net:8080/software/Dial-a-fix-v0.60.0.24.zip

Raspakuj ga i pokreni program Dial-A-Fix.exe koji će se nalaziti u raspakovanom folderu.

Čekiraj Fix Windows Update i zatim klikni Go.


Pomoglo?

Ko je trenutno na forumu
 

Ukupno su 1048 korisnika na forumu :: 33 registrovanih, 4 sakrivenih i 1011 gosta   ::   [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:
Korisnici trenutno na forumu: A.R.Chafee.Jr., airsuba, babaroga, bojank, BORUTUS, Botovac, bufanje, ccoogg123, Darkhunter, DonRumataEstorski, draganl, draggan, dragoljub11987, gorican, HogarStrashni, HrcAk47, Ivica1102, ivica976, kikisp, Kubovac, Magistar78, milenko crazy north, nemkea71, nenooo, Outis, Panonsky, pein, Romibrat, Shinobi, sickmouse, slonic_tonic, vaso1, Webb