neznam zasto ali stalno mi se pokrece neki keygenerator kad upalim xp... trazio sam u msconfigu pod startup taj program ali ga nema ... kako da to maknem da mi se vise ne pokrece kad upalim xp ?
Startup problem
- poruka: 27
- |
- čitano: 6.387
- |
- moderatori:
pirat, Lazarus Long, XXX-Man, vincimus
- +/- sve poruke
- ravni prikaz
- starije poruke gore
Probaj si instalirati winpatrol
EDIT:kada ga instaliraš ponovno restartaj komp,winpatrol će ga najvjerovatnije registrirati
Značajke:
· Increase Your Speed & System Performance
· Detect & Neutralize Spyware. Detect & Neutralize ADware
· Detect & Neutralize Viral infections. Detect & Neutralize Unwanted IE Add-Ons
· Detect & Restore File Type Changes Automatically Filter Unwanted Cookies
· Avoid Start Page Hijacking. Detect HOSTS file changes
· Kill Multiple Tasks that replicate each other, in a single step
· Stop programs that repeatedly add themselves to your Startup List
· Delete and Remove the most Stubborn Infections
Skini novi CCleaner i probaj pomocu njega iskljuciti taj nezeljeni "startup program". ;)
CCleaner: http://www.filehippo.com/download_ccleaner/download/b2e89e56d18e956c29600f8e45ae1ee9/
neznam zasto ali stalno mi se pokrece neki keygenerator kad upalim xp... trazio sam u msconfigu pod startup taj program ali ga nema ... kako da to maknem da mi se vise ne pokrece kad upalim xp ?
Najdetaljniji program za pregled stavki koje se pokreću sa Windowsima je Autoruns.
CCleaner vec imam na instaliran na kompu i on nije nista prepozno...
neznam zasto ali stalno mi se pokrece neki keygenerator kad upalim xp... trazio sam u msconfigu pod startup taj program ali ga nema ... kako da to maknem da mi se vise ne pokrece kad upalim xp ?
skini DDS i spremi na desktop, dvoklikom pokreni program i sačekaj dok ne izbaci dva loga...DDS.txt kopiraj tu na forum da vidimo što se sve pokreće
DDS (Ver_09-06-26.01) - NTFSx86
Run by PhysoTronic at 13:08:10,64 on pet 31.12.2010
Internet Explorer: 6.0.2900.5512
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1124 [GMT 1:00]
AV: avast! Antivirus *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
============== Running Processes ===============
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\PixArt\PAC7302\Monitor.exe
C:\PROGRA~1\EPSONS~1\EVENTM~1\EEventManager.exe
C:\Program Files\Alwil Software\Avast5\avastUI.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\DAEMON Tools Lite\DTLite.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Documents and Settings\PhysoTronic\Desktop\dds.scr
============== Pseudo HJT Report ===============
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
uRun: [uTorrent] "c:\program files\utorrent\uTorrent.exe"
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized
uRun: [DAEMON Tools Lite] "c:\program files\daemon tools lite\DTLite.exe" -autorun
uRun: [EPSON SX210 Series] c:\windows\system32\spool\drivers\w32x86\3\e_fatifde.exe /fu "c:\windows\temp\E_S57.tmp" /EF "HKCU"
uRun: [MsnMsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
uRun: [CCleaner.exe] c:\documents and settings\physotronic\application data\hfzrolhgmitwlhisbwzpid\hfzrolhgmitwlhisbwzpid\0.0.0.0\CCleaner.exe
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [Alcmtr] ALCMTR.EXE
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] c:\program files\nvidia corporation\nview\nwiz.exe /installquiet
mRun: [PAC7302_Monitor] c:\windows\pixart\pac7302\Monitor.exe
mRun: [EEventManager] c:\progra~1\epsons~1\eventm~1\EEventManager.exe
mRun: [avast5] "c:\program files\alwil software\avast5\avastUI.exe" /nogui
IE: Free YouTube Download - c:\documents and settings\physotronic\application data\dvdvideosoftiehelpers\youtubedownload.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
================= FIREFOX ===================
FF - ProfilePath - c:\docume~1\physot~1\applic~1\mozilla\firefox\profiles\9bcs7mbo.default\
FF - prefs.js: network.proxy.type - 0
FF - plugin: c:\program files\google\update\1.2.183.39\npGoogleOneClick8.dll
---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.cache_size", 51200);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.ogg.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.wave.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.autoplay.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess");
c:\program files\mozilla firefox\greprefs\all.js - pref("dom.storage.default_quota", 5120);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqz9s", true); // Traditional
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqs8s", true); // Simplified
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--j6w193g", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgba3a4f16a", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgba3a4fra", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4a87g", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7c0a67fbc", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7cvafr", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kpry57d", true); // Traditional
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kprw13d", true); // Simplified
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096);
c:\program files\mozilla firefox\greprefs\all.js - pref("layout.css.dpi", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", "-1");
c:\program files\mozilla firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072);
c:\program files\mozilla firefox\greprefs\all.js - pref("geo.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35"); // now unused
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.urlbar.delay", 50);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.history", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
============= SERVICES / DRIVERS ===============
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2010-12-18 165584]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2010-12-18 17744]
R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2010-12-18 40384]
R3 AtcL002;NDIS Miniport Driver for Atheros L2 Fast Ethernet Controller;c:\windows\system32\drivers\l251x86.sys [2010-12-17 30720]
R3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-12-18 40384]
R3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-12-18 40384]
R3 CamSuiteVAC;CamSuite Virtual Audio;c:\windows\system32\drivers\CamSuiteVAC.sys [2010-12-17 37560]
R3 PAC7302;Eye 312;c:\windows\system32\drivers\PAC7302.SYS [2010-12-17 457856]
S2 gupdate;Usluga Google ažuriranje (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-12-17 136176]
S3 GGSAFERDriver;GGSAFER Driver;\??\c:\program files\garena\safedrv.sys - c:\program files\garena\safedrv.sys [?]
=============== Created Last 30 ================
2010-12-28 17:44 <DIR> --d----- c:\windows\system32\appmgmt
2010-12-27 01:36 209,608 a------- c:\windows\system32\tabctl32.ocx
2010-12-27 01:36 109,248 a------- c:\windows\system32\mswinsck.ocx
2010-12-27 01:36 2,271,152 a------- c:\windows\system32\Codejock.CommandBars.Unicode.v12.1.1.ocx
2010-12-27 01:36 132,880 a------- c:\windows\system32\MSINET.OCX
2010-12-27 01:36 1,779,632 a------- c:\windows\system32\Codejock.Controls.v12.1.1.ocx
2010-12-27 01:36 <DIR> --d----- c:\program files\CoD RconTool
2010-12-26 21:56 <DIR> --d----- c:\docume~1\physot~1\applic~1\ACD Systems
2010-12-26 21:30 <DIR> --d----- c:\program files\common files\ACD Systems
2010-12-26 20:48 <DIR> --d----- c:\docume~1\physot~1\applic~1\TypingMaster7
2010-12-26 20:48 <DIR> --d----- c:\docume~1\physot~1\applic~1\Thinstall
2010-12-24 22:48 <DIR> --d----- c:\docume~1\physot~1\applic~1\TS3Client
2010-12-24 18:08 <DIR> --d----- c:\program files\Garena
2010-12-24 17:49 139,264 a------- c:\windows\War3Unin.exe
2010-12-24 17:49 77,328 a------- c:\windows\War3Unin.dat
2010-12-24 17:49 2,829 a------- c:\windows\War3Unin.pif
2010-12-24 00:38 <DIR> --d----- c:\docume~1\physot~1\applic~1\hfZroLhGMITWlHISbWzPiD
2010-12-24 00:38 <DIR> --d----- c:\docume~1\physot~1\applic~1\DVDVideoSoftIEHelpers
2010-12-24 00:37 <DIR> --d----- c:\program files\DVDVideoSoft
2010-12-24 00:37 <DIR> --d----- c:\program files\common files\DVDVideoSoft
2010-12-24 00:35 <DIR> --d----- c:\windows\system32\XPSViewer
2010-12-24 00:35 26,488 a------- c:\windows\system32\spupdsvc.exe
2010-12-24 00:35 597,504 -c------ c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2010-12-24 00:35 575,488 -c------ c:\windows\system32\dllcache\xpsshhdr.dll
2010-12-24 00:35 89,088 -c------ c:\windows\system32\dllcache\filterpipelineprintproc.dll
2010-12-24 00:35 575,488 -------- c:\windows\system32\xpsshhdr.dll
2010-12-24 00:35 117,760 -------- c:\windows\system32\prntvpt.dll
2010-12-24 00:35 1,676,288 -c------ c:\windows\system32\dllcache\xpssvcs.dll
2010-12-24 00:35 1,676,288 -------- c:\windows\system32\xpssvcs.dll
2010-12-24 00:19 <DIR> --d----- C:\Download
2010-12-22 16:04 <DIR> --d----- c:\windows\system32\Adobe
2010-12-19 19:25 <DIR> --d----- c:\documents and settings\physotronic\Tracing
2010-12-19 19:24 <DIR> --d----- c:\program files\Microsoft
2010-12-19 19:24 <DIR> --d----- c:\program files\Windows Live SkyDrive
2010-12-19 17:57 <DIR> --d----- c:\program files\common files\Windows Live
2010-12-19 17:54 <DIR> --d----- c:\documents and settings\physotronic\Contacts
2010-12-18 13:20 271,200 a------- c:\windows\system32\PnkBstrB.xtr
2010-12-18 13:15 <DIR> --d----- c:\program files\VideoLAN
2010-12-18 13:14 38,848 a------- c:\windows\avastSS.scr
2010-12-18 13:13 <DIR> --d----- C:\tmpDownload
2010-12-18 12:55 0 a------- c:\windows\EEventManager.INI
2010-12-18 12:38 15,104 ac------ c:\windows\system32\dllcache\usbscan.sys
2010-12-18 12:38 15,104 a------- c:\windows\system32\drivers\usbscan.sys
2010-12-18 10:05 342,016 a------- c:\windows\system32\eswiaud.dll
2010-12-18 10:05 128,392 a------- c:\windows\system32\esdevapp.exe
2010-12-18 10:05 15,872 a------- c:\windows\system32\escdev.dll
2010-12-18 10:04 <DIR> --d----- c:\program files\Epson Software
2010-12-18 09:49 <DIR> --d----- c:\program files\epson
2010-12-18 09:48 8,192 a------- c:\windows\system32\E_DCINST.DLL
2010-12-18 09:48 86,528 a------- c:\windows\system32\E_FLBFDE.DLL
2010-12-18 09:48 78,848 a------- c:\windows\system32\E_FD4BFDE.DLL
2010-12-18 09:47 <DIR> --d----- c:\docume~1\alluse~1\applic~1\EPSON
2010-12-18 09:32 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Alwil Software
2010-12-18 01:57 <DIR> --ds---- c:\documents and settings\physotronic\UserData
2010-12-18 01:56 <DIR> --d----- c:\docume~1\physot~1\applic~1\Xfire
2010-12-18 01:56 <DIR> --d----- c:\program files\Xfire
2010-12-18 01:50 266,088 a------- c:\windows\system32\xactengine2_8.dll
2010-12-18 01:50 22,328 a------- c:\docume~1\physot~1\applic~1\PnkBstrK.sys
2010-12-18 01:49 271,200 a------- c:\windows\system32\PnkBstrB.exe
2010-12-18 01:49 271,200 a------- c:\windows\system32\PnkBstrB.ex0
2010-12-18 01:49 75,136 a------- c:\windows\system32\PnkBstrA.exe
2010-12-18 01:49 <DIR> --d----- c:\windows\system32\LogFiles
2010-12-18 01:49 319 a------- c:\windows\game.ini
2010-12-18 01:44 1,060,864 a------- c:\windows\system32\MFC71.dll
2010-12-18 01:44 499,712 a------- c:\windows\system32\MSVCP71.dll
2010-12-18 01:44 348,160 a------- c:\windows\system32\MSVCR71.dll
2010-12-18 01:42 <DIR> --d----- c:\program files\Activision
2010-12-18 01:40 <DIR> --dsh--- c:\windows\ftpcache
2010-12-17 23:03 691,696 a------- c:\windows\system32\drivers\sptd.sys
2010-12-17 23:03 <DIR> --d----- c:\program files\DAEMON Tools Lite
2010-12-17 23:03 <DIR> --d----- c:\docume~1\physot~1\applic~1\DAEMON Tools Lite
2010-12-17 23:02 <DIR> --d----- c:\docume~1\alluse~1\applic~1\DAEMON Tools Lite
2010-12-17 22:21 230,432 a------- C:\PA7302.DAT
2010-12-17 22:08 28,672 ac------ c:\windows\system32\dllcache\vidcap.ax
2010-12-17 22:08 28,672 a------- c:\windows\system32\vidcap.ax
2010-12-17 22:08 91,136 ac------ c:\windows\system32\dllcache\kswdmcap.ax
2010-12-17 22:08 61,952 ac------ c:\windows\system32\dllcache\kstvtune.ax
2010-12-17 22:08 53,760 ac------ c:\windows\system32\dllcache\vfwwdm32.dll
2010-12-17 22:08 43,008 ac------ c:\windows\system32\dllcache\ksxbar.ax
2010-12-17 22:08 91,136 a------- c:\windows\system32\kswdmcap.ax
2010-12-17 22:08 61,952 a------- c:\windows\system32\kstvtune.ax
2010-12-17 22:08 53,760 a------- c:\windows\system32\vfwwdm32.dll
2010-12-17 22:08 43,008 a------- c:\windows\system32\ksxbar.ax
2010-12-17 21:33 <DIR> --d----- c:\docume~1\physot~1\applic~1\Reallusion
2010-12-17 21:26 37,560 a------- c:\windows\system32\drivers\CamSuiteVAC.sys
2010-12-17 21:26 <DIR> --d----- c:\program files\common files\Reallusion
2010-12-17 21:25 457,856 a------- c:\windows\system32\drivers\PAC7302.SYS
2010-12-17 21:25 48,128 a------- c:\windows\system32\Remove.exe
2010-12-17 21:25 302 a------- c:\windows\system32\Remover.ini
2010-12-17 21:25 <DIR> --d----- c:\program files\common files\Eye 312
2010-12-17 21:25 6,656 a------- c:\windows\system32\CoInst_070614.dll
2010-12-17 21:25 129,024 a------- c:\windows\system32\SP7302.ax
2010-12-17 21:25 566 a------- c:\windows\system32\SP7302.ini
2010-12-17 21:25 14,336 a------- c:\windows\system32\P7302USD.dll
2010-12-17 21:25 <DIR> --d----- c:\windows\PixArt
2010-12-17 21:25 <DIR> --d----- c:\program files\common files\Pac7302
2010-12-17 20:43 <DIR> --d----- c:\docume~1\physot~1\applic~1\TeamViewer
2010-12-17 20:43 <DIR> --d----- c:\program files\TeamViewer
2010-12-17 20:40 57,600 a------- c:\windows\system32\drivers\redbook.sys
2010-12-17 20:40 20,992 a------- c:\windows\system32\drivers\RTL8139.sys
2010-12-17 20:39 74,240 ac------ c:\windows\system32\dllcache\usbui.dll
2010-12-17 20:39 74,240 a------- c:\windows\system32\usbui.dll
2010-12-17 20:38 <DIR> --d----- c:\program files\common files\ODBC
2010-12-17 20:38 <DIR> --d----- c:\program files\common files\SpeechEngines
2010-12-17 20:38 <DIR> --d--r-- c:\documents and settings\all users\Documents
2010-12-17 20:36 1,296,669 ac------ c:\windows\system32\dllcache\SP3.CAT
2010-12-17 20:35 <DIR> --d----- C:\Documents and Settings
2010-12-17 20:34 845 a------- c:\windows\system32\$winnt$.inf
2010-12-17 20:20 <DIR> --d----- c:\program files\CCleaner
2010-12-17 20:18 <DIR> --d--r-- c:\program files\Skype
2010-12-17 20:17 <DIR> --d----- c:\program files\uTorrent
2010-12-17 20:17 <DIR> --d----- c:\docume~1\physot~1\applic~1\uTorrent
2010-12-17 20:10 <DIR> --d----- c:\program files\K-Lite Codec Pack
2010-12-17 20:08 <DIR> --d----- c:\docume~1\alluse~1\applic~1\NVIDIA Corporation
2010-12-17 20:07 <DIR> --d----- c:\program files\NVIDIA Corporation
2010-12-17 20:00 <DIR> --d----- c:\program files\Realtek
2010-12-17 19:46 <DIR> --dsh--- c:\documents and settings\all users\DRM
2010-12-17 19:46 <DIR> --d-h--- c:\program files\WindowsUpdate
2010-12-17 19:45 <DIR> --d----- c:\program files\common files\MSSoap
2010-12-17 19:44 <DIR> --d----- c:\program files\Online Services
2010-12-17 19:44 <DIR> --d----- c:\program files\Messenger
2010-12-17 19:44 <DIR> --d----- c:\program files\MSN Gaming Zone
2010-12-17 19:43 <DIR> --d----- c:\program files\Windows NT
==================== Find3M ====================
2010-12-30 01:36 138,160 a------- c:\windows\system32\drivers\PnkBstrK.sys
2010-12-18 20:58 86,327 a------- c:\windows\pchealth\helpctr\offlinecache\index.dat
2010-12-17 22:37 241,428 a------- c:\windows\system32\nvdrsdb1.bin
2010-12-17 22:37 241,428 a------- c:\windows\system32\nvdrsdb0.bin
2010-12-17 20:00 315,392 a------- c:\windows\HideWin.exe
2010-12-17 19:44 21,640 a------- c:\windows\system32\emptyregdb.dat
2010-10-22 07:23 14,532,608 a------- c:\windows\system32\nvoglnt.dll
2010-10-22 07:23 61,440 a------- c:\windows\system32\OpenCL.dll
2010-10-22 07:23 4,882,432 a------- c:\windows\system32\nvcuda.dll
2010-10-22 07:23 2,932,840 a------- c:\windows\system32\nvcuvid.dll
2010-10-22 07:23 2,666,600 a------- c:\windows\system32\nvcuvenc.dll
2010-10-22 07:23 2,293,194 a------- c:\windows\system32\nvdata.bin
2010-10-22 07:23 888,424 a------- c:\windows\system32\nvdispco32.dll
2010-10-22 07:23 813,672 a------- c:\windows\system32\nvgenco32.dll
2010-10-22 07:23 13,012,992 a------- c:\windows\system32\nvcompiler.dll
2010-10-22 07:23 6,359,552 a------- c:\windows\system32\nv4_disp.dll
2010-10-22 07:23 1,462,272 a------- c:\windows\system32\nvapi.dll
2010-10-18 09:00 108,032 a------- c:\windows\system32\ff_vfw.dll
============= FINISH: 13:08:20,37 ===============
Probaj si instalirati winpatrol
EDIT:kada ga instaliraš ponovno restartaj komp,winpatrol će ga najvjerovatnije registrirati
ovo je dobra ideja,u njemu ga se bez problema može onemogućiti,(to se napravi doslovno u 10 sekundi)a i ostane na kompu taj koristan programčić (instalacijski file cca 800 kb)
samo treba skinuti odavde i to ovu verziju
Skeniraj MBAM-om,možda imaš još nešto uz taj keygen.
CCleaner vec imam na instaliran na kompu i on nije nista prepozno...
skini OTM i spremi ga na desktop
otvori program i ovo kopiraj u polje pod costum/scans
:files
c:\documents and settings\physotronic\application data\hfzrolhgmitwlhisbwzpid\hfzrolhgmitwlhisbwzpid\0.0.0.0\CCleaner.exe
c:\docume~1\physot~1\applic~1\hfZroLhGMITWlHISbWzPiD
:Commands
[purity]
[emptytemp]
klik na move it!
log koji dobiješ kopiraj na forum
2.skini combofix i spremi na desktop
-antivirus privremeno isključi, pokreni combofix i na sve što traži odgovori potvrdno
-log kopiraj
evo sad sam slucajno malo prije restarto komp i nije mi se pojavio vise onaj keygen... ako mi se slucajno opet otvori taj keygen onda cu napraviti kako ste napisali u zadnjem postu :D
imaš virus na računalu, savjet: učini što sam napisao.....
All processes killed
========== FILES ==========
File/Folder c:\documents and settings\physotronic\application data\hfzrolhgmitwlhisbwzpid\hfzrolhgmitwlhisbwzpid\0.0.0.0\CCleaner.exe not found.
c:\docume~1\physot~1\applic~1\hfZroLhGMITWlHISbWzPiD\hfZroLhGMITWlHISbWzPiD\0.0.0.0 folder moved successfully.
c:\docume~1\physot~1\applic~1\hfZroLhGMITWlHISbWzPiD\hfZroLhGMITWlHISbWzPiD folder moved successfully.
c:\docume~1\physot~1\applic~1\hfZroLhGMITWlHISbWzPiD folder moved successfully.
========== COMMANDS ==========
[EMPTYTEMP]
User: All Users
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
User: LocalService
->Temp folder emptied: 65984 bytes
->Temporary Internet Files folder emptied: 33170 bytes
User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
User: PhysoTronic
->Temp folder emptied: 67218793 bytes
->Temporary Internet Files folder emptied: 5111719 bytes
->FireFox cache emptied: 71558050 bytes
->Google Chrome cache emptied: 364001293 bytes
->Flash cache emptied: 8191 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 2402044 bytes
%systemroot%\System32 .tmp files removed: 2577 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 381 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 0 bytes
Total Files Cleaned = 487,00 mb
OTM by OldTimer - Version 3.1.17.2 log created on 12312010_180929
Files moved on Reboot...
File move failed. C:\WINDOWS\temp\_avast5_\Webshlock.txt scheduled to be moved on reboot.
Registry entries deleted on Reboot...
i onda na kraju sta je? dal je virus ili nije nista
obrisan je virus iz startupa i njegov folder...
jesi li combofix pokrenio?
ne :S
ne :S
neda ti se ? :D
ako ti računalo radi dobro, ne trebaš pokrećati combofix...btw. kako sad radi ?
edit: antivirus ti nije updejtan...provjeri, možda trebaš obnoviti licencu za avast ?
Skeniraj i MBAM-om kako sam ti već napisao.
evo sad sam pokreno onaj combo i doso do onog kad treba skenirat 10min pa sam sad na laptopu... pa kompjuter mi radi kao i prije... nije meni bilo promjena u brzini ni sa onim keygenom ni bez... zato sam se i iznenadio kad si reko da je to virus jer nije bilo nikakve stete osim toga sto mi se pokreto kada bih upalio komp... eto jedini minus tog keygena.... isto tako i dalje cisto sumnjam da je to virus jer sam to skino sa warezbb-a a koliko sam primjetio tamo se vise manje ''kontrolira'' sta se postavlja
evo sad sam pokreno onaj combo i doso do onog kad treba skenirat 10min pa sam sad na laptopu... pa kompjuter mi radi kao i prije... nije meni bilo promjena u brzini ni sa onim keygenom ni bez... zato sam se i iznenadio kad si reko da je to virus jer nije bilo nikakve stete osim toga sto mi se pokreto kada bih upalio komp... eto jedini minus tog keygena.... isto tako i dalje cisto sumnjam da je to virus jer sam to skino sa warezbb-a a koliko sam primjetio tamo se vise manje ''kontrolira'' sta se postavlja
ono što se pokrećalo u startup nje keygen definitivno...
pa nebi reko ni da je to ni virus...
onaj combo sam prekino jer mi je do sad stajalo i nije se nista dogodilo i sad sam vidio kad sam restart komp da mi se pojavi onaj crni ekran i tamo onaj microsoft recovery i ono ostalo... koji je to k... ?
pa nebi reko ni da je to ni virus...
ako misliš da ccleaner.exe ima folder koji se zove hfzrolhgmitwlhisbwzpid i da to nije virus, jednostavno možeš vratti nazad izbrisani folder
odeš u c:/_OTM/moved files i vratiš kako je bilo
nisam reko da je virus al nisam reko ni da je korisno xD to sam reko jer si me pito dal sam zamjetio neku promjenu ja sam reko ne pa zato mislim da nije virus :D sad sam skino onaj malwarebytes i skeniram sve diskove ( stavio sam full scan) sad mi je doso na c disku do sloba m i nije nista naso :S
onaj combo sam prekino jer mi je do sad stajalo i nije se nista dogodilo i sad sam vidio kad sam restart komp da mi se pojavi onaj crni ekran i tamo onaj microsoft recovery i ono ostalo... koji je to k... ?
nisi trebao prekidati scan jer combofix nije igračka
start /run / combofix /uninstall , ovo boldano kopiraj u run polje i potvrdi
recovery console se briše ovako
kopiro sam to boldano pa mi opet poceo skenirat komp al ovaj put mi sve zastekalo...
rijesio sam to na najlaksi nacin... instaliro sam windows i sad nema virus sigurno