Problem sa Google-om

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Imam jedan specifičan problem! Ne mogu da otvorim Google-ov sajt (www.google.com). Ne znam u čemu je štos!

Evo kako izgleda scan mog compa urađen u programu HijackThis:

Logfile of HijackThis v1.99.1
Scan saved at 22:11:45, on 7.2.2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\drivers\CDAC11BA.EXE
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
C:\Program Files\Samsung\Digimax Viewer 2.1\STImgBrowser.exe
C:\Program Files\Outlook Express\msimn.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\ICQLite\ICQLite.exe
C:\programs\HijackThis.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.infosky.net/
R3 - URLSearchHook: (no name) - _{20EC3D2D-33C1-4C9D-BC37-C2D500688DA2} - (no file)
R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQToolbar\toolbaru.dll
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: XBTP06568 Class - {311F9DE8-6126-4EEE-B15F-65CBB3B4F9F6} - C:\Program Files\AOL Security Toolbar\AOL_security_toolbar.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: QUICKfind BHO Object - {C08DF07A-3E49-4E25-9AB0-D3882835F153} - C:\PROGRA~1\TEXTware\QUICKF~1\PlugIns\IEHelp.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQToolbar\toolbaru.dll
O3 - Toolbar: AOL Security Toolbar - {3BB63FD4-3C00-44D7-94A9-5DE211900DEF} - C:\Program Files\AOL Security Toolbar\AOL_security_toolbar.dll
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Compaq32 Service Drivers] msconfig32.exe
O4 - HKLM\..\Run: [win32] C:\WINDOWS\System32\win32.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\RunServices: [System CSRSS Patch] scrtkfg.exe
O4 - HKLM\..\RunServices: [Compaq32 Service Drivers] msconfig32.exe
O4 - HKCU\..\Run: [Compaq32 Service Drivers] msconfig32.exe
O4 - HKCU\..\RunServices: [Compaq32 Service Drivers] msconfig32.exe
O4 - HKCU\..\RunOnce: [ICQ Lite] C:\Program Files\ICQLite\ICQLite.exe -trayboot
O4 - Startup: .protected
O4 - Startup: desktop(2).ini
O4 - Global Startup: .protected
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O4 - Global Startup: desktop(2).ini
O4 - Global Startup: Digimax Viewer 2.1.lnk = ?
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &ICQ Toolbar Search - res://C:\Program Files\ICQToolbar\toolbaru.dll/SEARCH.HTML
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Download the &current page with Offline Explorer - file://C:\Program Files\Offline Explorer Pro\Add_AllO.htm
O8 - Extra context menu item: Download using Offline &Explorer - file://C:\Program Files\Offline Explorer Pro\Add_UrlO.htm
O8 - Extra context menu item: Download with GetRight - C:\Program Files\GetRight\GRdownload.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Open with GetRight Browser - C:\Program Files\GetRight\GRbrowse.htm
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O16 - DPF: {10000000-1000-0000-1000-000000000000} - file://C:\Program Files\Internet Explorer\update.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {238F6F83-B8B4-11CF-8771-00A024541EE3} (Citrix ICA Client) - http://a516.g.akamai.net/f/516/25175/7d/runaware.d.....o-eula.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Con.....0440352000
O17 - HKLM\System\CCS\Services\Tcpip\..\{093C636E-88A9-4BC6-9663-32B6F9E2C3DF}: NameServer = 77.105.0.2 77.105.0.17
O17 - HKLM\System\CS1\Services\Tcpip\..\{093C636E-88A9-4BC6-9663-32B6F9E2C3DF}: NameServer = 77.105.0.2 77.105.0.17
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: klogon - C:\WINDOWS\System32\klogon.dll
O23 - Service: Active Virus Shield (AVP) - Unknown owner - C:\Program Files\AOL\Active Virus Shield\avp.exe" -r (file missing)
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\System32\drivers\CDAC11BA.EXE
O23 - Service: msib32 - Unknown owner - C:\WINDOWS\msib32.exe (file missing)
O23 - Service: MsLS32 - Unknown owner - C:\WINDOWS\MsLS32.exe (file missing)
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

Zna li neko kako da rešim ovaj problem?

Pozdrav,
Filip

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Zdravo filipm81, posle detaljnog pregleda loga kojeg si postavio, sledeci fajlovi su nam potrebni radi podobnije analize:

R3 - URLSearchHook: (no name) - _{20EC3D2D-33C1-4C9D-BC37-C2D500688DA2} - (no file)
O4 - HKLM\..\RunServices: [Compaq32 Service Drivers] msconfig32.exe
O23 - Service: msib32 - Unknown owner - C:\WINDOWS\msib32.exe (file missing)
O23 - Service: MsLS32 - Unknown owner - C:\WINDOWS\MsLS32.exe (file missing)
O4 - HKLM\..\RunServices: [System CSRSS Patch] scrtkfg.exe

Zipuj ove fajlove a onda ih mozes uploadovati na ovom linku:
http://www.mycity.rs/ambulanta-upload.php

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Ne znam kako da pronađem ove fajlove.Na Windows Searching Files ništa ne pronalazi

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Imena fajlova ciju lokaciju ne znamo su:
msconfig32.exe
scrtkfg.exe

Za druga dva postoji i kompletna putanja:
C:\WINDOWS\msib32.exe
C:\WINDOWS\MsLS32.exe

Dopuna: 15 Feb 2007 19:47

Filipe, sta se dasava? Jel resavamo dalje ili zakljucavamo temu?

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Ne mogu nikako da pronađem tražene fajlove na svom hard disku!

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Uradi sledece filipm81:

Start->Control Panel->Administrative tools->Services->pronadji ove servise: "msib32" i "MsLS32"->kada ih nadjes pretisni na nadjeni servis desni klik i odaberi prvo opciju Stop, pa nakon toga opet desni klik i odaberi opciju Properties->pojavice ti se prozor i otprilike na njegovoj sredini imas tri opcije: Automatic, Manual i Disabled, odaberi opciju Disabled, a onda OK. Ovo treba uraditi za oba servisa.

Posle zaustavljanja servisa pokusaj Start->Search opet da nadjes ove fajlove. Posle stopiranja ovih servisa trebalo bi da postanu vidljivi. Ukoliko ih nadjes zipuj ih i uploaduj na ovaj link http://www.mycity.rs/ambulanta-upload.php

Obavezno posle ovoga bilo da si ih nasao ili ne ostavi nam novi HijackThis log, s tim sto ces ga ovaj put pre skeniranja preimenovati, daj mu neko drugo ime npr. ferdinand.exe

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Uradio sam sve kao što je rečeno, ali fajlovi nisu nađeni. evo novog HijackThis loga:


Logfile of HijackThis v1.99.1
Scan saved at 22:50:50, on 20.2.2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\drivers\CDAC11BA.EXE
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Samsung\Digimax Viewer 2.1\STImgBrowser.exe
C:\Program Files\Outlook Express\msimn.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\ICQLite\ICQLite.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\System32\svchost.exe
C:\programs\HijackThis.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.infosky.net/
R3 - URLSearchHook: (no name) - _{20EC3D2D-33C1-4C9D-BC37-C2D500688DA2} - (no file)
R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQToolbar\toolbaru.dll
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: XBTP06568 Class - {311F9DE8-6126-4EEE-B15F-65CBB3B4F9F6} - C:\Program Files\AOL Security Toolbar\AOL_security_toolbar.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: QUICKfind BHO Object - {C08DF07A-3E49-4E25-9AB0-D3882835F153} - C:\PROGRA~1\TEXTware\QUICKF~1\PlugIns\IEHelp.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQToolbar\toolbaru.dll
O3 - Toolbar: AOL Security Toolbar - {3BB63FD4-3C00-44D7-94A9-5DE211900DEF} - C:\Program Files\AOL Security Toolbar\AOL_security_toolbar.dll
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Compaq32 Service Drivers] msconfig32.exe
O4 - HKLM\..\Run: [win32] C:\WINDOWS\System32\win32.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\RunServices: [System CSRSS Patch] scrtkfg.exe
O4 - HKLM\..\RunServices: [Compaq32 Service Drivers] msconfig32.exe
O4 - HKCU\..\Run: [Compaq32 Service Drivers] msconfig32.exe
O4 - HKCU\..\RunServices: [Compaq32 Service Drivers] msconfig32.exe
O4 - HKCU\..\RunOnce: [ICQ Lite] C:\Program Files\ICQLite\ICQLite.exe -trayboot
O4 - Startup: .protected
O4 - Startup: desktop(2).ini
O4 - Global Startup: .protected
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O4 - Global Startup: desktop(2).ini
O4 - Global Startup: Digimax Viewer 2.1.lnk = ?
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &ICQ Toolbar Search - res://C:\Program Files\ICQToolbar\toolbaru.dll/SEARCH.HTML
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Download the &current page with Offline Explorer - file://C:\Program Files\Offline Explorer Pro\Add_AllO.htm
O8 - Extra context menu item: Download using Offline &Explorer - file://C:\Program Files\Offline Explorer Pro\Add_UrlO.htm
O8 - Extra context menu item: Download with GetRight - C:\Program Files\GetRight\GRdownload.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Open with GetRight Browser - C:\Program Files\GetRight\GRbrowse.htm
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O16 - DPF: {10000000-1000-0000-1000-000000000000} - file://C:\Program Files\Internet Explorer\update.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {238F6F83-B8B4-11CF-8771-00A024541EE3} (Citrix ICA Client) - http://a516.g.akamai.net/f/516/25175/7d/runaware.d.....o-eula.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Con.....0440352000
O17 - HKLM\System\CCS\Services\Tcpip\..\{093C636E-88A9-4BC6-9663-32B6F9E2C3DF}: NameServer = 77.105.0.2 77.105.0.17
O17 - HKLM\System\CS1\Services\Tcpip\..\{093C636E-88A9-4BC6-9663-32B6F9E2C3DF}: NameServer = 77.105.0.2 77.105.0.17
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: klogon - C:\WINDOWS\System32\klogon.dll
O23 - Service: Active Virus Shield (AVP) - Unknown owner - C:\Program Files\AOL\Active Virus Shield\avp.exe" -r (file missing)
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\System32\drivers\CDAC11BA.EXE
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Filipm81 skini Ewido micro (8Mb) :
http://downloads.ewido.net/ewido_micro.exe

Kako se radi sa Ewido micro:
- na prvom ekranu odaberi sve particije (štikliraj polja ispred njih)
- klikni na dugme Start Scan
- nakon završenog skeniranja klikni na Save Report i snimi log fajl na sigurno mesto
- klikni na Remove Infections
- iskopiraj nam ovde sadržaj log fajla.

Nakon skeniranja sa Ewidom i postavljanja log fajla, postavi nam i svez log programa HijackThis.

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Ovako izgleda Ewido micro log fajl posle scana:

__________________________________________________
ewido anti-spyware online scanner
http://www.ewido.net
__________________________________________________


Name: TrackingCookie.Aavalue
Path: C:\Documents and Settings\nn\Cookies\nn@aavalue[1].txt
Risk: Medium

Name: TrackingCookie.Abcsearch
Path: C:\Documents and Settings\nn\Cookies\nn@abcsearch[1].txt
Risk: Medium

Name: TrackingCookie.Texttbnru
Path: C:\Documents and Settings\nn\Cookies\nn@ad.text.tbn[1].txt
Risk: Medium

Name: TrackingCookie.Yieldmanager
Path: C:\Documents and Settings\nn\Cookies\nn@ad.yieldmanager[2].txt
Risk: Medium

Name: TrackingCookie.Clickhype
Path: C:\Documents and Settings\nn\Cookies\nn@ad1.clickhype[2].txt
Risk: Medium

Name: TrackingCookie.Adbrite
Path: C:\Documents and Settings\nn\Cookies\nn@adbrite[1].txt
Risk: Medium

Name: TrackingCookie.Euroclick
Path: C:\Documents and Settings\nn\Cookies\nn@adopt.euroclick[2].txt
Risk: Medium

Name: TrackingCookie.Specificclick
Path: C:\Documents and Settings\nn\Cookies\nn@adopt.specificclick[1].txt
Risk: Medium

Name: TrackingCookie.Adrevolver
Path: C:\Documents and Settings\nn\Cookies\nn@adrevolver[2].txt
Risk: Medium

Name: TrackingCookie.Co
Path: C:\Documents and Settings\nn\Cookies\nn@ads.guardian.co[1].txt
Risk: Medium

Name: TrackingCookie.Falkag
Path: C:\Documents and Settings\nn\Cookies\nn@as-eu.falkag[2].txt
Risk: Medium

Name: TrackingCookie.Casalemedia
Path: C:\Documents and Settings\nn\Cookies\nn@as.casalemedia[1].txt
Risk: Medium

Name: TrackingCookie.Casalemedia
Path: C:\Documents and Settings\nn\Cookies\nn@b.casalemedia[2].txt
Risk: Medium

Name: TrackingCookie.Burstnet
Path: C:\Documents and Settings\nn\Cookies\nn@burstnet[1].txt
Risk: Medium

Name: TrackingCookie.Goclick
Path: C:\Documents and Settings\nn\Cookies\nn@c.goclick[2].txt
Risk: Medium

Name: TrackingCookie.Zedo
Path: C:\Documents and Settings\nn\Cookies\nn@c1.zedo[1].txt
Risk: Medium

Name: TrackingCookie.Zedo
Path: C:\Documents and Settings\nn\Cookies\nn@c5.zedo[2].txt
Risk: Medium

Name: TrackingCookie.Casalemedia
Path: C:\Documents and Settings\nn\Cookies\nn@casalemedia[2].txt
Risk: Medium

Name: TrackingCookie.Clickbank
Path: C:\Documents and Settings\nn\Cookies\nn@clickbank[2].txt
Risk: Medium

Name: TrackingCookie.Com
Path: C:\Documents and Settings\nn\Cookies\nn@com[1].txt
Risk: Medium

Name: TrackingCookie.Sexcounter
Path: C:\Documents and Settings\nn\Cookies\nn@cs.sexcounter[2].txt
Risk: Medium

Name: TrackingCookie.Enhance
Path: C:\Documents and Settings\nn\Cookies\nn@enhance[2].txt
Risk: Medium

Name: TrackingCookie.Aavalue
Path: C:\Documents and Settings\nn\Cookies\nn@eztracks.aavalue[1].txt
Risk: Medium

Name: TrackingCookie.Goclick
Path: C:\Documents and Settings\nn\Cookies\nn@goclick[2].txt
Risk: Medium

Name: TrackingCookie.Adocean
Path: C:\Documents and Settings\nn\Cookies\nn@idg.adocean[1].txt
Risk: Medium

Name: TrackingCookie.Masterstats
Path: C:\Documents and Settings\nn\Cookies\nn@image.masterstats[1].txt
Risk: Medium

Name: TrackingCookie.Ivwbox
Path: C:\Documents and Settings\nn\Cookies\nn@ivwbox[1].txt
Risk: Medium

Name: TrackingCookie.Komtrack
Path: C:\Documents and Settings\nn\Cookies\nn@komtrack[2].txt
Risk: Medium

Name: TrackingCookie.Oewabox
Path: C:\Documents and Settings\nn\Cookies\nn@oewabox[1].txt
Risk: Medium

Name: TrackingCookie.Realmedia
Path: C:\Documents and Settings\nn\Cookies\nn@realmedia[1].txt
Risk: Medium

Name: TrackingCookie.Adengage
Path: C:\Documents and Settings\nn\Cookies\nn@redir.adengage[1].txt
Risk: Medium

Name: TrackingCookie.Revenue
Path: C:\Documents and Settings\nn\Cookies\nn@revenue[2].txt
Risk: Medium

Name: TrackingCookie.Adjuggler
Path: C:\Documents and Settings\nn\Cookies\nn@rotator.adjuggler[2].txt
Risk: Medium

Name: TrackingCookie.Information
Path: C:\Documents and Settings\nn\Cookies\nn@searchportal.information[2].txt
Risk: Medium

Name: TrackingCookie.Liveperson
Path: C:\Documents and Settings\nn\Cookies\nn@server.iad.liveperson[1].txt
Risk: Medium

Name: TrackingCookie.Serving-sys
Path: C:\Documents and Settings\nn\Cookies\nn@serving-sys[2].txt
Risk: Medium

Name: TrackingCookie.Onestat
Path: C:\Documents and Settings\nn\Cookies\nn@stat.onestat[2].txt
Risk: Medium

Name: TrackingCookie.Statcounter
Path: C:\Documents and Settings\nn\Cookies\nn@statcounter[2].txt
Risk: Medium

Name: TrackingCookie.Reliablestats
Path: C:\Documents and Settings\nn\Cookies\nn@stats1.reliablestats[1].txt
Risk: Medium

Name: TrackingCookie.Tacoda
Path: C:\Documents and Settings\nn\Cookies\nn@tacoda[2].txt
Risk: Medium

Name: TrackingCookie.Trafic
Path: C:\Documents and Settings\nn\Cookies\nn@trafic[1].txt
Risk: Medium

Name: TrackingCookie.Weborama
Path: C:\Documents and Settings\nn\Cookies\nn@weborama[1].txt
Risk: Medium

Name: TrackingCookie.Web-stat
Path: C:\Documents and Settings\nn\Cookies\nn@webstat[2].txt
Risk: Medium

Name: TrackingCookie.Belstat
Path: C:\Documents and Settings\nn\Cookies\nn@www.belstat[3].txt
Risk: Medium

Name: TrackingCookie.Burstnet
Path: C:\Documents and Settings\nn\Cookies\nn@www.burstnet[2].txt
Risk: Medium

Name: TrackingCookie.Etracker
Path: C:\Documents and Settings\nn\Cookies\nn@www.etracker[2].txt
Risk: Medium

Name: TrackingCookie.Yadro
Path: C:\Documents and Settings\nn\Cookies\nn@yadro[2].txt
Risk: Medium

Name: TrackingCookie.Zedo
Path: C:\Documents and Settings\nn\Cookies\nn@zedo[2].txt
Risk: Medium

Name: Adware.InternetOptimizer
Path: HKLM\SOFTWARE\Avenue Media
Risk: Medium

Name: Adware.InternetOptimizer
Path: HKLM\SOFTWARE\Avenue Media\Internet Optimizer
Risk: Medium

Name: Adware.InternetOptimizer
Path: HKLM\SOFTWARE\Avenue Media\Internet Optimizer\Browser Helper
Risk: Medium

Name: Adware.InternetOptimizer
Path: HKLM\SOFTWARE\Avenue Media\Internet Optimizer\Browser Helper\cf1
Risk: Medium

Name: Adware.MoneyTree
Path: HKLM\SOFTWARE\Classes\DyFuCA_BH.BHObj
Risk: Medium

Name: Adware.MoneyTree
Path: HKLM\SOFTWARE\Classes\DyFuCA_BH.BHObj\CLSID
Risk: Medium

Name: Adware.MoneyTree
Path: HKLM\SOFTWARE\Classes\DyFuCA_BH.BHObj\CurVer
Risk: Medium

Name: Adware.MoneyTree
Path: HKLM\SOFTWARE\Classes\DyFuCA_BH.BHObj.1
Risk: Medium

Name: Adware.WinAd
Path: HKLM\SOFTWARE\Classes\MediaAccess.Installer
Risk: Medium

Name: Adware.WinAd
Path: HKLM\SOFTWARE\Classes\MediaAccess.Installer\CLSID
Risk: Medium

Name: Adware.WinAd
Path: HKLM\SOFTWARE\Classes\MediaAccess.Installer\CurVer
Risk: Medium

Name: Adware.WinAD
Path: HKLM\SOFTWARE\Media Access
Risk: Medium

Name: Adware.SaveNow
Path: HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\WhenUSave
Risk: Medium

Name: Adware.InternetOptimizer
Path: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\AMeOpt
Risk: Medium

Name: Adware.MoneyTree
Path: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DyFuCA
Risk: Medium

Name: Adware.InternetOptimizer
Path: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Internet Optimizer
Risk: Medium

Name: Adware.InternetOptimizer
Path: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Kapabout
Risk: Medium

Name: Adware.WinAD
Path: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Media Access
Risk: Medium

Name: Adware.InternetOptimizer
Path: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Rotue
Risk: Medium

Name: Adware.180Solutions
Path: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\salm
Risk: Medium

Name: Adware.InternetOptimizer
Path: HKLM\SOFTWARE\Policies\Avenue Media
Risk: Medium

Name: Adware.180Solutions
Path: HKLM\SOFTWARE\salm
Risk: Medium

Name: Adware.NewDotNet
Path: HKU\.DEFAULT\Software\New.net
Risk: Medium

Name: Adware.NewDotNet
Path: HKU\S-1-5-20\Software\New.net
Risk: Medium

Name: Adware.InternetOptimizer
Path: HKU\S-1-5-21-1300369346-1483019177-420933735-1006\Software\Avenue Media
Risk: Medium

Name: Adware.InternetOptimizer
Path: HKU\S-1-5-21-1300369346-1483019177-420933735-1006\Software\Microsoft\Windows\CurrentVersion\Policies\AMeOpt
Risk: Medium

Name: Adware.InternetOptimizer
Path: HKU\S-1-5-21-1300369346-1483019177-420933735-1006\Software\Policies\Avenue Media
Risk: Medium

Name: Adware.180Solutions
Path: HKU\S-1-5-21-1300369346-1483019177-420933735-1006\Software\salm
Risk: Medium

Name: Adware.NewDotNet
Path: HKU\S-1-5-18\Software\New.net
Risk: Medium

Name: TrackingCookie.Statcounter
Path: :mozilla.14:C:\Documents and Settings\nn\Application Data\Mozilla\Firefox\Profiles\w08fjlgh.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Doubleclick
Path: :mozilla.18:C:\Documents and Settings\nn\Application Data\Mozilla\Firefox\Profiles\w08fjlgh.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Atdmt
Path: :mozilla.26:C:\Documents and Settings\nn\Application Data\Mozilla\Firefox\Profiles\w08fjlgh.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Advertising
Path: :mozilla.37:C:\Documents and Settings\nn\Application Data\Mozilla\Firefox\Profiles\w08fjlgh.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Advertising
Path: :mozilla.38:C:\Documents and Settings\nn\Application Data\Mozilla\Firefox\Profiles\w08fjlgh.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Advertising
Path: :mozilla.39:C:\Documents and Settings\nn\Application Data\Mozilla\Firefox\Profiles\w08fjlgh.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Advertising
Path: :mozilla.40:C:\Documents and Settings\nn\Application Data\Mozilla\Firefox\Profiles\w08fjlgh.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Serving-sys
Path: :mozilla.41:C:\Documents and Settings\nn\Application Data\Mozilla\Firefox\Profiles\w08fjlgh.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Serving-sys
Path: :mozilla.42:C:\Documents and Settings\nn\Application Data\Mozilla\Firefox\Profiles\w08fjlgh.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Serving-sys
Path: :mozilla.43:C:\Documents and Settings\nn\Application Data\Mozilla\Firefox\Profiles\w08fjlgh.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Serving-sys
Path: :mozilla.44:C:\Documents and Settings\nn\Application Data\Mozilla\Firefox\Profiles\w08fjlgh.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Serving-sys
Path: :mozilla.45:C:\Documents and Settings\nn\Application Data\Mozilla\Firefox\Profiles\w08fjlgh.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Mediaplex
Path: :mozilla.50:C:\Documents and Settings\nn\Application Data\Mozilla\Firefox\Profiles\w08fjlgh.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Mediaplex
Path: :mozilla.51:C:\Documents and Settings\nn\Application Data\Mozilla\Firefox\Profiles\w08fjlgh.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Serving-sys
Path: :mozilla.53:C:\Documents and Settings\nn\Application Data\Mozilla\Firefox\Profiles\w08fjlgh.default\cookies.txt
Risk: Medium

Name: TrackingCookie.2o7
Path: :mozilla.55:C:\Documents and Settings\nn\Application Data\Mozilla\Firefox\Profiles\w08fjlgh.default\cookies.txt
Risk: Medium

Name: TrackingCookie.2o7
Path: :mozilla.56:C:\Documents and Settings\nn\Application Data\Mozilla\Firefox\Profiles\w08fjlgh.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Hitbox
Path: :mozilla.67:C:\Documents and Settings\nn\Application Data\Mozilla\Firefox\Profiles\w08fjlgh.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Hitbox
Path: :mozilla.68:C:\Documents and Settings\nn\Application Data\Mozilla\Firefox\Profiles\w08fjlgh.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Tribalfusion
Path: :mozilla.72:C:\Documents and Settings\nn\Application Data\Mozilla\Firefox\Profiles\w08fjlgh.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Fastclick
Path: :mozilla.73:C:\Documents and Settings\nn\Application Data\Mozilla\Firefox\Profiles\w08fjlgh.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Questionmarket
Path: :mozilla.74:C:\Documents and Settings\nn\Application Data\Mozilla\Firefox\Profiles\w08fjlgh.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Overture
Path: :mozilla.75:C:\Documents and Settings\nn\Application Data\Mozilla\Firefox\Profiles\w08fjlgh.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Hitslink
Path: :mozilla.87:C:\Documents and Settings\nn\Application Data\Mozilla\Firefox\Profiles\w08fjlgh.default\cookies.txt
Risk: Medium

Name: Adware.Incredifind
Path: C:\Program Files\IncrediFind
Risk: Medium

Name: Adware.Incredifind
Path: C:\Program Files\IncrediFind\BHO
Risk: Medium

Name: Adware.Incredifind
Path: C:\Program Files\IncrediFind\BHO\date.txt
Risk: Medium

Name: Adware.InternetOptimizer
Path: C:\Program Files\Internet Optimizer
Risk: Medium

Name: Adware.InternetOptimizer
Path: C:\Program Files\Internet Optimizer\update
Risk: Medium

Name: Adware.MediaAccess
Path: C:\Program Files\Media Access
Risk: Medium

Name: Adware.MediaAccess
Path: C:\Program Files\Media Access\Info.txt
Risk: Medium

Name: Adware.PestTrap
Path: C:\Program Files\PestTrap
Risk: Medium

Name: Adware.PestTrap
Path: C:\Program Files\PestTrap\base.avd
Risk: Medium

Name: Adware.PestTrap
Path: C:\Program Files\PestTrap\base001.avd
Risk: Medium

Name: Adware.PestTrap
Path: C:\Program Files\PestTrap\base002.avd
Risk: Medium

Name: Adware.PestTrap
Path: C:\Program Files\PestTrap\found.wav
Risk: Medium

Name: Adware.PestTrap
Path: C:\Program Files\PestTrap\notfound.wav
Risk: Medium

Name: Adware.PestTrap
Path: C:\Program Files\PestTrap\PestTrap.dvm
Risk: Medium

Name: Adware.PestTrap
Path: C:\Program Files\PestTrap\removed.wav
Risk: Medium

Name: Adware.VirusBursters
Path: C:\Program Files\Virus-Bursters
Risk: Medium

Name: Adware.VirusBursters
Path: C:\Program Files\Virus-Bursters\blacklist.txt
Risk: Medium

Name: Adware.VirusBursters
Path: C:\Program Files\Virus-Bursters\vir.dat
Risk: Medium

Name: Adware.VirusBursters
Path: C:\Program Files\Virus-Bursters\Virus-Bursters.url
Risk: Medium

Name: Adware.VirusBursters
Path: C:\Program Files\VirusBursters
Risk: Medium

Name: Adware.VirusBursters
Path: C:\Program Files\VirusBursters\blacklist.txt
Risk: Medium

Name: Adware.VirusBursters
Path: C:\Program Files\VirusBursters\ignored.lst
Risk: Medium

Name: Adware.VirusBursters
Path: C:\Program Files\VirusBursters\vir.dat
Risk: Medium

Name: Adware.VirusBursters
Path: C:\Program Files\VirusBursters\VirusBursters.url
Risk: Medium

Name: Trojan.Crypt.g
Path: C:\System Volume Information\_restore{72622990-7F38-44CD-8A64-C9E9A00A5308}\RP360\A0307190.exe
Risk: High

Name: Logger.Agent.pr
Path: C:\System Volume Information\_restore{72622990-7F38-44CD-8A64-C9E9A00A5308}\RP361\A0310172.exe
Risk: High

Name: Logger.Agent.pr
Path: C:\System Volume Information\_restore{72622990-7F38-44CD-8A64-C9E9A00A5308}\RP361\A0310178.exe
Risk: High

Name: Proxy.Xorpix.ar
Path: C:\System Volume Information\_restore{72622990-7F38-44CD-8A64-C9E9A00A5308}\RP361\A0310183.exe
Risk: High

Name: Hijacker.Agent.hz
Path: C:\System Volume Information\_restore{72622990-7F38-44CD-8A64-C9E9A00A5308}\RP361\A0310185.dll
Risk: High

Name: Trojan.Small
Path: C:\System Volume Information\_restore{72622990-7F38-44CD-8A64-C9E9A00A5308}\RP361\A0310187.exe
Risk: High

Name: Downloader.Small
Path: C:\System Volume Information\_restore{72622990-7F38-44CD-8A64-C9E9A00A5308}\RP361\A0310188.exe
Risk: High

Name: Downloader.Small.dwc
Path: C:\System Volume Information\_restore{72622990-7F38-44CD-8A64-C9E9A00A5308}\RP361\A0310189.exe
Risk: High

Name: Adware.WorldSecurityOnline
Path: C:\System Volume Information\_restore{72622990-7F38-44CD-8A64-C9E9A00A5308}\RP361\A0310190.dll
Risk: Medium

Name: Trojan.Conycspa.i
Path: C:\System Volume Information\_restore{72622990-7F38-44CD-8A64-C9E9A00A5308}\RP361\A0310194.exe
Risk: High

Name: Dialer.GBDialer.i
Path: C:\System Volume Information\_restore{72622990-7F38-44CD-8A64-C9E9A00A5308}\RP361\A0310200.exe
Risk: High

Name: Trojan.Agent.oh
Path: C:\System Volume Information\_restore{72622990-7F38-44CD-8A64-C9E9A00A5308}\RP361\A0310203.exe
Risk: High

Name: Downloader.Agent.bbr
Path: C:\System Volume Information\_restore{72622990-7F38-44CD-8A64-C9E9A00A5308}\RP361\A0310208.exe
Risk: High

Name: Downloader.Zlob.bio
Path: C:\System Volume Information\_restore{72622990-7F38-44CD-8A64-C9E9A00A5308}\RP361\A0310210.exe
Risk: High

Name: Downloader.Zlob.aon
Path: C:\System Volume Information\_restore{72622990-7F38-44CD-8A64-C9E9A00A5308}\RP361\A0310211.exe
Risk: High

Name: Downloader.Small.dgk
Path: C:\System Volume Information\_restore{72622990-7F38-44CD-8A64-C9E9A00A5308}\RP361\A0310212.exe
Risk: High

Name: Trojan.Crypt.g
Path: C:\System Volume Information\_restore{72622990-7F38-44CD-8A64-C9E9A00A5308}\RP361\A0310213.exe
Risk: High

Name: Downloader.Tibs.gc
Path: C:\System Volume Information\_restore{72622990-7F38-44CD-8A64-C9E9A00A5308}\RP361\A0310214.exe
Risk: High

Name: Dropper.Small.avb
Path: C:\System Volume Information\_restore{72622990-7F38-44CD-8A64-C9E9A00A5308}\RP361\A0310215.exe
Risk: High

Name: Downloader.Small.dgk
Path: C:\System Volume Information\_restore{72622990-7F38-44CD-8A64-C9E9A00A5308}\RP361\A0310217.exe
Risk: High

Name: Trojan.Crypt.g
Path: C:\System Volume Information\_restore{72622990-7F38-44CD-8A64-C9E9A00A5308}\RP361\A0310219.exe
Risk: High

Name: Downloader.Small.cxx
Path: C:\System Volume Information\_restore{72622990-7F38-44CD-8A64-C9E9A00A5308}\RP361\A0310220.exe
Risk: High

Name: Downloader.Murlo.fa
Path: C:\System Volume Information\_restore{72622990-7F38-44CD-8A64-C9E9A00A5308}\RP361\A0310222.exe
Risk: High

Name: Downloader.Tibs.kh
Path: C:\System Volume Information\_restore{72622990-7F38-44CD-8A64-C9E9A00A5308}\RP361\A0310223.exe
Risk: High

Name: Downloader.Tibs.kh
Path: C:\System Volume Information\_restore{72622990-7F38-44CD-8A64-C9E9A00A5308}\RP361\A0310224.exe
Risk: High

Name: Downloader.Tibs.kh
Path: C:\System Volume Information\_restore{72622990-7F38-44CD-8A64-C9E9A00A5308}\RP361\A0310225.exe
Risk: High

Name: Trojan.Crypt.g
Path: C:\System Volume Information\_restore{72622990-7F38-44CD-8A64-C9E9A00A5308}\RP366\A0311808.exe
Risk: High

Name: Adware.MediaTickets
Path: C:\WINDOWS\Downloaded Program Files\eied.inf
Risk: Medium

Name: Heuristic.Win32.Morphine-Crypted
Path: C:\WINDOWS\system32\TFTP1436
Risk: Questionable

Name: Heuristic.Win32.Morphine-Crypted
Path: C:\WINDOWS\system32\TFTP416
Risk: Questionable

Name: Adware.WorldSecurityOnline
Path: C:\WINDOWS\Temp\laf16.tmp
Risk: Medium

Name: Not-A-Virus.VirTool.Win32.AvSpoffer.a
Path: D:\igrice\Seven Seas\patch.exe
Risk: Low

A evo i svežeg loga programa HijackThis:

Logfile of HijackThis v1.99.1
Scan saved at 14:56:54, on 21.2.2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\drivers\CDAC11BA.EXE
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Samsung\Digimax Viewer 2.1\STImgBrowser.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\Outlook Express\msimn.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\programs\HijackThis.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.infosky.net/
R3 - URLSearchHook: (no name) - _{20EC3D2D-33C1-4C9D-BC37-C2D500688DA2} - (no file)
R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQToolbar\toolbaru.dll
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: XBTP06568 Class - {311F9DE8-6126-4EEE-B15F-65CBB3B4F9F6} - C:\Program Files\AOL Security Toolbar\AOL_security_toolbar.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: QUICKfind BHO Object - {C08DF07A-3E49-4E25-9AB0-D3882835F153} - C:\PROGRA~1\TEXTware\QUICKF~1\PlugIns\IEHelp.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQToolbar\toolbaru.dll
O3 - Toolbar: AOL Security Toolbar - {3BB63FD4-3C00-44D7-94A9-5DE211900DEF} - C:\Program Files\AOL Security Toolbar\AOL_security_toolbar.dll
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Compaq32 Service Drivers] msconfig32.exe
O4 - HKLM\..\Run: [win32] C:\WINDOWS\System32\win32.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\RunServices: [System CSRSS Patch] scrtkfg.exe
O4 - HKLM\..\RunServices: [Compaq32 Service Drivers] msconfig32.exe
O4 - HKCU\..\Run: [Compaq32 Service Drivers] msconfig32.exe
O4 - HKCU\..\RunServices: [Compaq32 Service Drivers] msconfig32.exe
O4 - HKCU\..\RunOnce: [ICQ Lite] C:\Program Files\ICQLite\ICQLite.exe -trayboot
O4 - Startup: .protected
O4 - Startup: desktop(2).ini
O4 - Global Startup: .protected
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O4 - Global Startup: desktop(2).ini
O4 - Global Startup: Digimax Viewer 2.1.lnk = ?
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &ICQ Toolbar Search - res://C:\Program Files\ICQToolbar\toolbaru.dll/SEARCH.HTML
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Download the &current page with Offline Explorer - file://C:\Program Files\Offline Explorer Pro\Add_AllO.htm
O8 - Extra context menu item: Download using Offline &Explorer - file://C:\Program Files\Offline Explorer Pro\Add_UrlO.htm
O8 - Extra context menu item: Download with GetRight - C:\Program Files\GetRight\GRdownload.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Open with GetRight Browser - C:\Program Files\GetRight\GRbrowse.htm
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O16 - DPF: {10000000-1000-0000-1000-000000000000} - file://C:\Program Files\Internet Explorer\update.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {238F6F83-B8B4-11CF-8771-00A024541EE3} (Citrix ICA Client) - http://a516.g.akamai.net/f/516/25175/7d/runaware.d.....o-eula.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Con.....0440352000
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: klogon - C:\WINDOWS\System32\klogon.dll
O23 - Service: Active Virus Shield (AVP) - Unknown owner - C:\Program Files\AOL\Active Virus Shield\avp.exe" -r (file missing)
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\System32\drivers\CDAC11BA.EXE
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Skini ovaj program filipm81-e, SDFix: http://downloads.andymanchesta.com/RemovalTools/SDFix.exe

Nakon sto si skinuo ovaj program otpakuj ga dvoklikom misa.
On ce se automatski otpakovati u C:\SDFix folder.
Restartuj kompjuter i udji u Safe Mode (uputstvo za ulazak u Safe Mode: http://www.mycity.rs/Uputstva-sa-ex-SuperSajta/Kako-uci-u-SAFE-MODE.html ).
Posto si usao u Safe Mode startuj RunThis.bat koji se nalazi u C:\SDFix folderu.
Potvrdi sa Y da moze da pocne skeniranje.
Po zavrsetku skeniranja pojavice ti se poruka da pritisnes bilo koji taster da bi se kompjuter restartovao. Pritisni bilo koji taster.
Nakon restarta ce kompjuter ponovo biti u normalnom rezimu rada gde se proces skeniranja automatski nastavlja.
Po zavrsetku skeniranja pojavice ti se poruka Finished. Pritisni bilo koji taster za izlazak iz programa.
Iskopiraj log koji se nalazi u C:\SDFix\Report.txt ovde i obavezno postavi svez HJT log.