ultimate antivirus 2008

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

kako Snimiti na Desktop fajl iz Notepada kao "CFScript"

Dopuna: 01 Nov 2008 18:32

pocetnik sam-ne zameri

Dopuna: 01 Nov 2008 18:53

snasao sam se

Dopuna: 01 Nov 2008 19:07

evo loga,neznam dali je vazno ali dok je Combo skenirao na trenutak se ukljucio NOD32. ComboFix 08-10-31.02 - My PC 2008-11-01 18:53:14.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.558 [GMT 1:00]
Running from: C:\Documents and Settings\My PC\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\My PC\Desktop\CFScript.txt
* Created a new restore point
* Resident AV is active


FILE ::
C:\WINDOWS\system32\nksibmfo.ini
C:\WINDOWS\system32\upxtjkwb.ini
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\nksibmfo.ini
C:\WINDOWS\system32\upxtjkwb.ini

.
((((((((((((((((((((((((( Files Created from 2008-10-01 to 2008-11-01 )))))))))))))))))))))))))))))))
.

2008-11-01 15:43 . 2008-11-01 15:43 <DIR> d-------- C:\Documents and Settings\My PC\Application Data\Malwarebytes
2008-11-01 15:43 . 2008-11-01 15:43 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-11-01 15:43 . 2008-10-22 16:10 38,496 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-11-01 15:43 . 2008-10-22 16:10 15,504 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-11-01 05:32 . 2008-11-01 14:59 <DIR> d-------- C:\Documents and Settings\My PC\Application Data\Juce VST Host
2008-11-01 01:25 . 2008-11-01 01:25 <DIR> d-------- C:\Program Files\Bonjour
2008-11-01 01:25 . 2008-11-01 01:25 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Apple
2008-11-01 01:14 . 2007-04-25 15:18 464,384 --------- C:\WINDOWS\system32\imapi2fs.dll
2008-11-01 01:14 . 2007-04-25 15:18 464,384 -----c--- C:\WINDOWS\system32\dllcache\imapi2fs.dll
2008-11-01 01:14 . 2007-04-25 15:18 317,952 --------- C:\WINDOWS\system32\imapi2.dll
2008-11-01 01:14 . 2007-04-25 15:18 317,952 -----c--- C:\WINDOWS\system32\dllcache\imapi2.dll
2008-11-01 01:14 . 2007-04-25 12:41 62,592 -----c--- C:\WINDOWS\system32\dllcache\cdrom.sys
2008-11-01 01:13 . 2008-11-01 01:59 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\RapidSolution
2008-11-01 01:05 . 2008-11-01 01:05 <DIR> d-------- C:\Documents and Settings\My PC\Application Data\AltrixSoft
2008-11-01 00:39 . 2006-06-20 09:56 225,280 --a------ C:\WINDOWS\system32\rewire.dll
2008-11-01 00:38 . 2008-11-01 00:39 <DIR> d-------- C:\Program Files\VstPlugins
2008-11-01 00:38 . 2008-11-01 00:40 <DIR> d-------- C:\Program Files\Image-Line
2008-11-01 00:37 . 2008-11-01 00:37 <DIR> d-------- C:\Program Files\Outsim
2008-10-31 23:14 . 2008-10-31 23:14 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-10-31 06:03 . 2008-11-01 13:05 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Google Updater
2008-10-28 00:37 . 2008-10-28 00:37 170 --a------ C:\WINDOWS\wininit.ini
2008-10-23 18:54 . 2008-10-23 18:54 <DIR> d-------- C:\WINDOWS\system32\QuickTime
2008-10-23 18:54 . 2001-09-27 20:41 4,206,080 --a------ C:\WINDOWS\system32\QuickTime.qts
2008-10-23 18:54 . 2001-09-27 20:41 2,017,280 --a------ C:\WINDOWS\system32\QuickTimeMusicalInstruments.qtx
2008-10-23 18:54 . 1997-08-21 13:44 345,600 --a------ C:\WINDOWS\system32\Qtim32.dll
2008-10-23 18:54 . 2001-09-27 19:41 287,232 --a------ C:\WINDOWS\system32\QuickTime.cpl
2008-10-23 18:54 . 1996-08-26 03:12 93,696 --a------ C:\WINDOWS\system32\Qtole32.dll
2008-10-23 18:54 . 2001-11-28 15:43 53,985 --a------ C:\WINDOWS\system32\QuickTime.qtp
2008-10-23 18:15 . 2008-10-23 18:15 292 --a------ C:\WINDOWS\vtmb.ini
2008-10-19 03:49 . 2008-10-19 03:49 <DIR> d-------- C:\Documents and Settings\My PC\TYPHOON
2008-10-08 19:23 . 2008-10-19 23:23 <DIR> d-------- C:\Documents and Settings\My PC\.SimpleCenter
2008-10-08 19:22 . 2008-10-08 19:22 <DIR> d-------- C:\Program Files\SimpleCenter
2008-10-08 19:22 . 2008-10-08 19:22 <DIR> d-------- C:\Program Files\Common Files\i4j_jres

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-01 14:52 --------- d-----w C:\Documents and Settings\All Users\Application Data\services
2008-10-31 23:59 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-10-31 05:06 --------- d-----w C:\Program Files\Google
2008-10-31 01:35 --------- d-----w C:\Program Files\Eset
2008-10-30 16:30 --------- d-----w C:\Documents and Settings\My PC\Application Data\Winamp
2008-10-30 00:50 22,328 ----a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys
2008-10-30 00:50 22,328 ----a-w C:\Documents and Settings\My PC\Application Data\PnkBstrK.sys
2008-10-30 00:50 103,736 ----a-w C:\WINDOWS\system32\PnkBstrB.exe
2008-10-23 17:03 --------- d-----w C:\Program Files\Activision
2008-10-22 19:22 --------- d-----w C:\Program Files\BSPlayer
2008-10-19 15:10 --------- d-----w C:\Documents and Settings\My PC\Application Data\Nokia Multimedia Player
2008-10-19 02:51 720,896 ----a-w C:\WINDOWS\iun6002.exe
2008-10-18 11:15 --------- d-----w C:\Program Files\Opera
2008-10-08 19:03 --------- d-----w C:\Documents and Settings\My PC\Application Data\PC Suite
2008-10-08 18:18 --------- d-----w C:\Program Files\Nokia
2008-10-08 16:51 --------- d-----w C:\Documents and Settings\My PC\Application Data\Datalayer
2008-10-07 20:26 --------- d-----w C:\Documents and Settings\My PC\Application Data\Nokia
2008-09-23 22:34 --------- d-----w C:\Documents and Settings\My PC\Application Data\Wildfire
2008-09-23 18:53 --------- d-----w C:\Program Files\audiograbber
2008-09-23 15:53 --------- d-----w C:\Program Files\The Playa
2008-09-23 15:53 --------- d-----w C:\Program Files\DivXCodec
2008-09-23 15:50 --------- d-----w C:\Program Files\Micro DVD Player
2008-09-18 08:42 --------- d-----w C:\Program Files\Common Files\Adobe
2008-09-18 08:42 --------- d-----w C:\Documents and Settings\My PC\Application Data\InterTrust
2008-09-16 16:38 66,872 ----a-w C:\WINDOWS\system32\PnkBstrA.exe
2008-09-14 12:13 3,839,862 --sh--r C:\AVG7DB_F.DAT
2008-09-14 12:01 --------- d-----w C:\Documents and Settings\All Users\Application Data\AVG7
2008-08-15 10:34 409,600 ----a-w C:\WINDOWS\system32\wrap_oal.dll
2008-08-15 10:34 114,688 ----a-w C:\WINDOWS\system32\OpenAL32.dll
2008-08-15 10:27 108,144 ----a-w C:\WINDOWS\system32\CmdLineExt.dll
2008-08-05 13:42 2,829 ----a-w C:\WINDOWS\War3Unin.pif
2008-08-05 13:42 139,264 ----a-w C:\WINDOWS\War3Unin.exe
2008-07-10 09:35 2,401,296 ----a-w C:\Program Files\WLinstaller.exe
.

(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\Drivers\obvious.sys -- Invalid filepath or file no longer exist


((((((((((((((((((((((((((((( snapshot@2008-11-01_17.00.06.96 )))))))))))))))))))))))))))))))))))))))))
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-03 15360]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-07-25 68856]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-08-04 1667584]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe" [2005-11-24 94208]
"PcSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2006-06-27 1449984]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"nod32kui"="C:\Program Files\Eset\nod32kui.exe" [2006-09-14 921600]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-06-06 57344]
"StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112]
"LanguageShortcut"="C:\Program Files\CyberLink\PowerDVD\Language\Language.exe" [2007-02-07 54832]
"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2006-11-12 157592]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 155648]
"NSLauncher"="C:\Program Files\Nokia\Nokia Software Launcher\NSLauncher.exe" [2006-11-28 2658304]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-03 15360]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe [2006-10-23 40048]
Adobe Reader Synchronizer.lnk - C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe [2006-10-22 734872]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.ACDV"= ACDV.dll
"msacm.clmp3enc"= D:\PROGRA~1\CLMP3Enc.ACM

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 nwprovau

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\WINDOWS\\system32\\PnkBstrA.exe"=
"C:\\WINDOWS\\system32\\PnkBstrB.exe"=
"C:\\WINDOWS\\system32\\mmc.exe"=
"D:\\igre\\Warcraft III\\War3.exe"=
"C:\\Program Files\\NovaLogic\\Delta Force Black Hawk Down\\dfbhd.exe"=
"C:\\Program Files\\SimpleCenter\\Home Media Server.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=

R0 sfsync03;StarForce Protection Synchronization Driver (version 3.x);C:\WINDOWS\system32\drivers\sfsync03.sys [2005-12-06 35328]
R1 BIOS;BIOS;C:\WINDOWS\system32\drivers\BIOS.sys [2005-03-16 13696]
R2 {95808DC4-FA4A-4c74-92FE-5B863F82066B};{95808DC4-FA4A-4c74-92FE-5B863F82066B};C:\Program Files\CyberLink\PowerDVD\000.fcl [2006-11-02 15:51 13560]
R2 ithsgt;ithsgt;C:\WINDOWS\system32\DRIVERS\ithsgt.sys [2008-06-13 162432]
R2 lilsgt;lilsgt;C:\WINDOWS\system32\DRIVERS\lilsgt.sys [2008-06-13 12032]
R2 NwSapAgent;SAP Agent;C:\WINDOWS\system32\svchost.exe [2004-08-03 14336]
R3 Tetris;Tetris driver;C:\WINDOWS\system32\Drivers\Tetris.sys [2008-06-13 48928]
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net
Rootkit scan 2008-11-01 18:55:44
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\{95808DC4-FA4A-4c74-92FE-5B863F82066B}]
"ImagePath"="\??\C:\Program Files\CyberLink\PowerDVD\000.fcl"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\obvious]
"ImagePath"="system32\DRIVERS\obvious.sys"
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\ati2evxx.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
C:\PROGRA~1\COMMON~1\Nokia\MPAPI\MPAPI3s.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
.
**************************************************************************
.
Completion time: 2008-11-01 19:01:13 - machine was rebooted
ComboFix-quarantined-files.txt 2008-11-01 18:00:47
ComboFix2.txt 2008-11-01 16:01:16

Pre-Run: 18.177.032.192 bytes free
Post-Run: 18,161,418,240 bytes free

179 --- E O F --- 2008-08-14 21:27:48

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Kakvo je sada stanje?

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

ultimate .... ga vise nema.hvala imam ledan problem sa nodom, dali da pitam ovde ili da postavim novu temu

Dopuna: 01 Nov 2008 19:37

tj.procitacu prvo u vasoj arhivi o nod32 pa co da vidim.
hvala.
sta dalje sa ovim sto smo radili?

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Uradi sledeće:
Klikni START a zatim RUN
U liniju za unos teksta ukucaj Combofix /u i klikni OK





Sačekaj da se proces deinstalacije završi
Gornja procedura će:
Obrisati sledeće:
ComboFix i njegove file-ove i foldere
VundoFix Backups folder, ako postoji
C:\Deckard folder, ako postoji
C:\OtMoveIt folder, ako postoji
Resetovati podešavanja sata na kompjuteru
Sakriti ekstenzije file-ova, ako je potrebno
Sakriti sistemske/skrivene file-ove/foldere, ako je potrebno
Resetovati System Restore



To je sve što se tiče ovoga...

-------------------------------------------------------------------------------------


Oko NOD-a... Pregledaj forum antivirus programi - ako nema već odgovora na tvoje pitanje, slobodno tamo otvori novu temi i objasni o čemu se radi.

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Hvala opet---Pozz

Dopuna: 01 Nov 2008 19:58

a sta sa ovim sto je ostalo na desku Mbam setup,Reset tea timer i antimalware

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

mbam-setup.exe i ResetTeaTimer.exe možeš obrisati (kao i HijackThis).

Program MalwareBytes' Anti-Malware možeš ostaviti (besplatan je i može ti nekad biti od koristi).