Forum » Pomoč in nasveti » A je to virus?
A je to virus?
djmusica ::
Imam problem na računalniku se mi je pojavil neke vrste virus, v bistu so dve datoteke ki se pojavijo v na particijah ki jih imam ustvarjene(npr. C: in D:),te 2 datoteke so shranjene direktno na disk in so označene kot skrite, ko kliknem na moj računalnik in hočem odpreti npr. disk c: mi ga noče odpret odpre mi ga šele ko kliknem kontra tipko in izberem odpri če kliknem kontra tipko imam možnost tudi auto play, v disk mi gre pa pol normalno, sicer ni nobenih drugih problemov z računalnikom,če pa vstavim usb ključ se te dve datoteke brez da kaj kopiram pojavijo tud tam in delajo isto stvar kot na disku, če jih zbrišem se mi to več ne dogaja, sam pol se spet čez čas pojavijo. A mogoče ve kdo kaj je to a je virus al kej druga.Ka lahka nardim da se to ne bo več dogajal?
Hvala!
Hvala!
5er--> ::
To je virus. Preskeniraj pc in se znebi teh file-ov. Pobriši tudi autorun.ini (skirta datoteka) na root vseh particij. (tudi ključkov)
djmusica ::
hm preskeniram ga naj s čim antivirusom al lahka kok drugač to naredim?
zanima me kateri antivirus bi bil najbol primern za tak primer??
zanima me kateri antivirus bi bil najbol primern za tak primer??
Zgodovina sprememb…
- spremenil: djmusica ()
imagodei ::
Dajmo vsi skupaj:
DvE datotekI STA
Dveh datotek ni
DveMA datotekaMA dam
Dve datotekI vidim
Pri dveh datotekah sem
Z dveMA datotekaMA grem
(Zadnjič, ko sem gledal, je slovenščina še vedno imela dvojino. Kje vas proizvajajo?)
DvE datotekI STA
Dveh datotek ni
DveMA datotekaMA dam
Dve datotekI vidim
Pri dveh datotekah sem
Z dveMA datotekaMA grem
(Zadnjič, ko sem gledal, je slovenščina še vedno imela dvojino. Kje vas proizvajajo?)
- Hoc est qui sumus -
imagodei ::
Eh, dvojina je samo en problem tukaj. Pomanjkljiva uporaba velike začetnice in ločil... Komaj kaj razumeš. In fante se verjetno sprašuje, zakaj mu nihče ne odgovori in zakaj se še tisti, ki mu odgovorijo, vtikajo v obliko.
Over&Out
Over&Out
- Hoc est qui sumus -
fulgur ::
tam ko sta rdeča križca.... zdaj sem namreč še z hijackthisom sprobal... in tole mi javi:
- HKLM\..\Run: [WindowsServicesStartup] C:\DOCUME~1\MH\LOCALS~1 Temp\svchost.exe 1
Must be fixed! Malware
- C:\DOCUME~1\MH\LOCALS~1\Temp\svchost.exe
This entry is not running from the System32 folder, so it is probably nasty.
Possibly nasty! According to our database this process runs normally in c:\windows\system32\! Check if you know this process and arrange a viruscheck where required. This process is not running from the System32 folder as it is supposed to be.
Gre zgleda za nekej kar mi ad-aware in NOD32 sploh ne zaznata!!!
R33D3M33R ::
Verjetno zato, ker imaš "originalni" verziji obeh, po možnosti nazadnje posodobljeni pred kakim mesecem. Poženi sistem v varnem načinu (Safe mode - pritiskaj F8 pred zagonom) in datoteko izbriši.
Moja domača stran: http://andrej.mernik.eu
Na spletu že od junija 2002 ;)
:(){ :|:& };:
Na spletu že od junija 2002 ;)
:(){ :|:& };:
fulgur ::
ja sam nism zihr če smem zbrisat :)..... da nam česa pofedlov...
tole mi je pa naredil SDFix v varnem načinu:
SDFix: Version 1.240
Run by Administrator on sob 06.12.2008 at 13:09
Microsoft Windows XP [Version 5.1.2600]
Running From: C:\SDFix
Checking Services :
Restoring Default Security Values
Restoring Default Hosts File
Rebooting
Checking Files :
No Trojan Files Found
Removing Temp Files
ADS Check :
Final Check:
catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-06 13:21:00
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden services & system hive ...
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg]
"s1"=dword:2df9c43f
"s2"=dword:110480d0
"h0"=dword:00000001
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="C:\Program Files\DAEMON Tools Lite\"
"h0"=dword:00000000
"khjeh"=hex:b9,71,75,41,9c,67,5a,1e,1d,f5,65,70,d8,d6,2e,71,36,5c,bd,1e,99,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,64,35,bc,5a,04,07,bd,3d,4c,69,60,c4,58,ff,59,b0,2a,..
"khjeh"=hex:cd,5c,54,92,2a,d6,ce,e1,bd,64,bd,fa,c0,78,b2,39,93,81,54,46,5c,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:cd,65,38,c2,1a,af,63,8b,b0,6c,19,34,81,06,69,b7,48,72,33,d0,9f,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41]
"khjeh"=hex:b0,65,a8,a7,8b,58,fe,4c,0f,10,d8,65,c8,c5,5c,cb,ff,5d,03,d5,bf,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="C:\Program Files\DAEMON Tools Lite\"
"h0"=dword:00000000
"khjeh"=hex:b9,71,75,41,9c,67,5a,1e,1d,f5,65,70,d8,d6,2e,71,36,5c,bd,1e,99,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,64,35,bc,5a,04,07,bd,3d,4c,69,60,c4,58,ff,59,b0,2a,..
"khjeh"=hex:cd,5c,54,92,2a,d6,ce,e1,bd,64,bd,fa,c0,78,b2,39,93,81,54,46,5c,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:cd,65,38,c2,1a,af,63,8b,b0,6c,19,34,81,06,69,b7,48,72,33,d0,9f,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41]
"khjeh"=hex:b0,65,a8,a7,8b,58,fe,4c,0f,10,d8,65,c8,c5,5c,cb,ff,5d,03,d5,bf,..
scanning hidden registry entries ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0
Remaining Services:
Authorized Application Key Export:
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"="C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"="C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE:*:Enabled:Microsoft Office Groove"
"C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"="C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"C:\\Program Files\\Pinnacle\\Shared Files\\Programs\\StrmServer\\StrmServer.exe"="C:\\Program Files\\Pinnacle\\Shared Files\\Programs\\StrmServer\\StrmServer.exe:LocalSubNet:Enabled:Pinnacle Streaming Server"
"C:\\Program Files\\FlashFXP\\FlashFXP.exe"="C:\\Program Files\\FlashFXP\\FlashFXP.exe:*:Enabled:FlashFXP v3"
"C:\\WINDOWS\\system32\\PnkBstrA.exe"="C:\\WINDOWS\\system32\\PnkBstrA.exe:*:Enabled:PnkBstrA"
"C:\\WINDOWS\\system32\\PnkBstrB.exe"="C:\\WINDOWS\\system32\\PnkBstrB.exe:*:Enabled:PnkBstrB"
"C:\\Program Files\\Xfire\\xfire.exe"="C:\\Program Files\\Xfire\\xfire.exe:*:Enabled:Xfire"
"C:\\Program Files\\uTorrent\\uTorrent.exe"="C:\\Program Files\\uTorrent\\uTorrent.exe:*:Enabled:uTorrent"
"C:\\Program Files\\eMule\\emule.exe"="C:\\Program Files\\eMule\\emule.exe:*:Enabled:eMule"
"C:\\Program Files\\SopCast\\adv\\SopAdver.exe"="C:\\Program Files\\SopCast\\adv\\SopAdver.exe:*:Enabled:SopCast Adver"
"C:\\Program Files\\SopCast\\SopCast.exe"="C:\\Program Files\\SopCast\\SopCast.exe:*:Enabled:SopCast Main Application"
"C:\\Program Files\\Pinnacle\\Studio 12\\Programs\\RM.exe"="C:\\Program Files\\Pinnacle\\Studio 12\\Programs\\RM.exe:*:Enabled:Render Manager"
"C:\\Program Files\\Pinnacle\\Studio 12\\Programs\\Studio.exe"="C:\\Program Files\\Pinnacle\\Studio 12\\Programs\\Studio.exe:*:Enabled:Studio"
"C:\\Program Files\\Pinnacle\\Studio 12\\Programs\\umi.exe"="C:\\Program Files\\Pinnacle\\Studio 12\\Programs\\umi.exe:*:Enabled:umi"
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"="C:\\Program Files\\Bonjour\\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
"C:\\Program Files\\Vuze\\Azureus.exe"="C:\\Program Files\\Vuze\\Azureus.exe:*:Enabled:Azureus"
"C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"="C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger"
"D:\\Program Files\\Activision\\Call of Duty - World at War\\CoDWaW.exe"="D:\\Program Files\\Activision\\Call of Duty - World at War\\CoDWaW.exe:*:Enabled:Call of Duty® - World at War™ "
"D:\\Program Files\\Activision\\Call of Duty - World at War\\CoDWaWmp.exe"="D:\\Program Files\\Activision\\Call of Duty - World at War\\CoDWaWmp.exe:*:Enabled:Call of Duty® - World at War™ "
"G:\\Matiko\\Matija - back up\\Drek\\NetTransport.exe"="G:\\Matiko\\Matija - back up\\Drek\\NetTransport.exe:*:Enabled:NetXfer Download Manager"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"C:\\Program Files\\FlashFXP\\FlashFXP.exe"="C:\\Program Files\\FlashFXP\\FlashFXP.exe:*:Enabled:FlashFXP v3"
"C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"="C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger"
Remaining Files:
Files with Hidden Attributes :
Wed 16 Apr 2008 344,064 ...H. --- "C:\ASUS.SYS\SplashtopDll.dll"
Mon 7 Jan 2008 352 A..H. --- "C:\WINDOWS\nod32fixtemdono.reg"
Mon 3 Mar 2008 5,702 A..H. --- "C:\WINDOWS\nod32restoretemdono.reg"
Wed 15 Oct 2008 2,002 A..H. --- "C:\Documents and Settings\All Users\Application Data\ArcSoft\arcsoft-tmt-21-080228-ret\acforall.dll"
Finished!
tole mi je pa naredil SDFix v varnem načinu:
SDFix: Version 1.240
Run by Administrator on sob 06.12.2008 at 13:09
Microsoft Windows XP [Version 5.1.2600]
Running From: C:\SDFix
Checking Services :
Restoring Default Security Values
Restoring Default Hosts File
Rebooting
Checking Files :
No Trojan Files Found
Removing Temp Files
ADS Check :
Final Check:
catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-06 13:21:00
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden services & system hive ...
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg]
"s1"=dword:2df9c43f
"s2"=dword:110480d0
"h0"=dword:00000001
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="C:\Program Files\DAEMON Tools Lite\"
"h0"=dword:00000000
"khjeh"=hex:b9,71,75,41,9c,67,5a,1e,1d,f5,65,70,d8,d6,2e,71,36,5c,bd,1e,99,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,64,35,bc,5a,04,07,bd,3d,4c,69,60,c4,58,ff,59,b0,2a,..
"khjeh"=hex:cd,5c,54,92,2a,d6,ce,e1,bd,64,bd,fa,c0,78,b2,39,93,81,54,46,5c,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:cd,65,38,c2,1a,af,63,8b,b0,6c,19,34,81,06,69,b7,48,72,33,d0,9f,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41]
"khjeh"=hex:b0,65,a8,a7,8b,58,fe,4c,0f,10,d8,65,c8,c5,5c,cb,ff,5d,03,d5,bf,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="C:\Program Files\DAEMON Tools Lite\"
"h0"=dword:00000000
"khjeh"=hex:b9,71,75,41,9c,67,5a,1e,1d,f5,65,70,d8,d6,2e,71,36,5c,bd,1e,99,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,64,35,bc,5a,04,07,bd,3d,4c,69,60,c4,58,ff,59,b0,2a,..
"khjeh"=hex:cd,5c,54,92,2a,d6,ce,e1,bd,64,bd,fa,c0,78,b2,39,93,81,54,46,5c,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:cd,65,38,c2,1a,af,63,8b,b0,6c,19,34,81,06,69,b7,48,72,33,d0,9f,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41]
"khjeh"=hex:b0,65,a8,a7,8b,58,fe,4c,0f,10,d8,65,c8,c5,5c,cb,ff,5d,03,d5,bf,..
scanning hidden registry entries ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0
Remaining Services:
Authorized Application Key Export:
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"="C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"="C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE:*:Enabled:Microsoft Office Groove"
"C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"="C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"C:\\Program Files\\Pinnacle\\Shared Files\\Programs\\StrmServer\\StrmServer.exe"="C:\\Program Files\\Pinnacle\\Shared Files\\Programs\\StrmServer\\StrmServer.exe:LocalSubNet:Enabled:Pinnacle Streaming Server"
"C:\\Program Files\\FlashFXP\\FlashFXP.exe"="C:\\Program Files\\FlashFXP\\FlashFXP.exe:*:Enabled:FlashFXP v3"
"C:\\WINDOWS\\system32\\PnkBstrA.exe"="C:\\WINDOWS\\system32\\PnkBstrA.exe:*:Enabled:PnkBstrA"
"C:\\WINDOWS\\system32\\PnkBstrB.exe"="C:\\WINDOWS\\system32\\PnkBstrB.exe:*:Enabled:PnkBstrB"
"C:\\Program Files\\Xfire\\xfire.exe"="C:\\Program Files\\Xfire\\xfire.exe:*:Enabled:Xfire"
"C:\\Program Files\\uTorrent\\uTorrent.exe"="C:\\Program Files\\uTorrent\\uTorrent.exe:*:Enabled:uTorrent"
"C:\\Program Files\\eMule\\emule.exe"="C:\\Program Files\\eMule\\emule.exe:*:Enabled:eMule"
"C:\\Program Files\\SopCast\\adv\\SopAdver.exe"="C:\\Program Files\\SopCast\\adv\\SopAdver.exe:*:Enabled:SopCast Adver"
"C:\\Program Files\\SopCast\\SopCast.exe"="C:\\Program Files\\SopCast\\SopCast.exe:*:Enabled:SopCast Main Application"
"C:\\Program Files\\Pinnacle\\Studio 12\\Programs\\RM.exe"="C:\\Program Files\\Pinnacle\\Studio 12\\Programs\\RM.exe:*:Enabled:Render Manager"
"C:\\Program Files\\Pinnacle\\Studio 12\\Programs\\Studio.exe"="C:\\Program Files\\Pinnacle\\Studio 12\\Programs\\Studio.exe:*:Enabled:Studio"
"C:\\Program Files\\Pinnacle\\Studio 12\\Programs\\umi.exe"="C:\\Program Files\\Pinnacle\\Studio 12\\Programs\\umi.exe:*:Enabled:umi"
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"="C:\\Program Files\\Bonjour\\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
"C:\\Program Files\\Vuze\\Azureus.exe"="C:\\Program Files\\Vuze\\Azureus.exe:*:Enabled:Azureus"
"C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"="C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger"
"D:\\Program Files\\Activision\\Call of Duty - World at War\\CoDWaW.exe"="D:\\Program Files\\Activision\\Call of Duty - World at War\\CoDWaW.exe:*:Enabled:Call of Duty® - World at War™ "
"D:\\Program Files\\Activision\\Call of Duty - World at War\\CoDWaWmp.exe"="D:\\Program Files\\Activision\\Call of Duty - World at War\\CoDWaWmp.exe:*:Enabled:Call of Duty® - World at War™ "
"G:\\Matiko\\Matija - back up\\Drek\\NetTransport.exe"="G:\\Matiko\\Matija - back up\\Drek\\NetTransport.exe:*:Enabled:NetXfer Download Manager"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"C:\\Program Files\\FlashFXP\\FlashFXP.exe"="C:\\Program Files\\FlashFXP\\FlashFXP.exe:*:Enabled:FlashFXP v3"
"C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"="C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger"
Remaining Files:
Files with Hidden Attributes :
Wed 16 Apr 2008 344,064 ...H. --- "C:\ASUS.SYS\SplashtopDll.dll"
Mon 7 Jan 2008 352 A..H. --- "C:\WINDOWS\nod32fixtemdono.reg"
Mon 3 Mar 2008 5,702 A..H. --- "C:\WINDOWS\nod32restoretemdono.reg"
Wed 15 Oct 2008 2,002 A..H. --- "C:\Documents and Settings\All Users\Application Data\ArcSoft\arcsoft-tmt-21-080228-ret\acforall.dll"
Finished!
Zgodovina sprememb…
- spremenilo: fulgur ()
Vredno ogleda ...
| Tema | Ogledi | Zadnje sporočilo | |
|---|---|---|---|
| Tema | Ogledi | Zadnje sporočilo | |
| » | Undo za ComboFixOddelek: Pomoč in nasveti | 1618 (1383) | MrStein |
| » | analiza hijack thisOddelek: Pomoč in nasveti | 1764 (1544) | klaudija |
| » | problem z računalnikom!!Oddelek: Pomoč in nasveti | 2146 (1945) | mjk |
| » | winxp, safe mode ne dela, problem z registromOddelek: Pomoč in nasveti | 1981 (1913) | SkIDiver |
| » | Proxy trojanski konjOddelek: Pomoč in nasveti | 2435 (2154) | jan01 |