SpySheriff Infection

2

SpySheriff Infection

offline
  • Pridružio: 17 Jul 2005
  • Poruke: 3097
  • Gde živiš: "Daleko od Negdje"

»»»»»»»»»»»»»»»»» Windows OS and Versions »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Logfile created on: 1/28/2007 8:12:58 AM
WinPFind v1.5.0 Folder = C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\Rar$EX01.063\WinPFind\
Microsoft Windows XP Service Pack 2 (Version = 5.1.2600)
Internet Explorer (Version = 6.0.2900.2180)

»»»»»»»»»»»»»»»»» Checking Selected Standard Folders »»»»»»»»»»»»»»»»»»»»

Checking %SystemDrive% folder...
KavSvc 11/25/2006 10:34:14 AM 14263808 C:\avs.msi ()

Checking %ProgramFilesDir% folder...

Checking %WinDir% folder...

Checking %System% folder...
PEC2 8/9/2004 9:00:00 PM 41397 C:\WINDOWS\SYSTEM32\dfrg.msc ()
WSUD 8/9/2004 9:00:00 PM 1200128 C:\WINDOWS\SYSTEM32\ntbackup.exe (Microsoft Corporation)
aspack 8/10/2004 4:00:00 AM 708096 C:\WINDOWS\SYSTEM32\ntdll.dll (Microsoft Corporation)
WSUD 8/9/2004 9:00:00 PM 257024 C:\WINDOWS\SYSTEM32\nusrmgr.cpl (Microsoft Corporation)
Umonitor 8/9/2004 9:00:00 PM 657920 C:\WINDOWS\SYSTEM32\rasdlg.dll (Microsoft Corporation)
UPX! 4/27/2006 4:49:30 PM 288417 C:\WINDOWS\SYSTEM32\SrchSTS.exe (S!Ri)
UPX! 8/29/2006 6:43:54 PM 135168 C:\WINDOWS\SYSTEM32\swreg.exe (SteelWerX)
UPX! 1/9/2006 9:36:06 AM 40960 C:\WINDOWS\SYSTEM32\swsc.exe ()
UPX! 12/1/2006 5:20:34 AM 79360 C:\WINDOWS\SYSTEM32\swxcacls.exe (SteelWerX)
winsync 8/9/2004 9:00:00 PM 1309184 C:\WINDOWS\SYSTEM32\wbdbase.deu ()

Checking %System%\Drivers folder and sub-folders...
UPX! 1/26/2007 6:04:18 AM 816672 C:\WINDOWS\SYSTEM32\drivers\avg7core.sys (GRISOFT, s.r.o.)
FSG! 1/26/2007 6:04:18 AM 816672 C:\WINDOWS\SYSTEM32\drivers\avg7core.sys (GRISOFT, s.r.o.)
PEC2 1/26/2007 6:04:18 AM 816672 C:\WINDOWS\SYSTEM32\drivers\avg7core.sys (GRISOFT, s.r.o.)
aspack 1/26/2007 6:04:18 AM 816672 C:\WINDOWS\SYSTEM32\drivers\avg7core.sys (GRISOFT, s.r.o.)

Items found in C:\WINDOWS\SYSTEM32\drivers\etc\hosts


Checking the Windows folder and sub-folders for system and hidden files within the last 60 days...
1/28/2007 8:00:10 AM S 2048 C:\WINDOWS\bootstat.dat ()
1/28/2007 8:10:12 AM H 1024 C:\WINDOWS\system32\config\default.LOG ()
1/28/2007 8:00:18 AM H 1024 C:\WINDOWS\system32\config\SAM.LOG ()
1/28/2007 8:02:30 AM H 1024 C:\WINDOWS\system32\config\SECURITY.LOG ()
1/28/2007 8:13:00 AM H 1024 C:\WINDOWS\system32\config\software.LOG ()
1/28/2007 8:12:14 AM H 1024 C:\WINDOWS\system32\config\system.LOG ()
1/28/2007 8:00:24 AM H 6 C:\WINDOWS\Tasks\SA.DAT ()
1/7/2007 3:17:48 PM HS 0 C:\WINDOWS\Temp\02dlbwrd.TMP ()

Checking for CPL files...
8/9/2004 9:00:00 PM 68608 C:\WINDOWS\SYSTEM32\access.cpl (Microsoft Corporation)
9/21/2005 10:25:50 AM 299008 C:\WINDOWS\SYSTEM32\ALSNDMGR.CPL (Realtek Semiconductor Corp.)
8/9/2004 9:00:00 PM 549888 C:\WINDOWS\SYSTEM32\appwiz.cpl (Microsoft Corporation)
8/9/2004 9:00:00 PM 110592 C:\WINDOWS\SYSTEM32\bthprops.cpl (Microsoft Corporation)
8/9/2004 9:00:00 PM 135168 C:\WINDOWS\SYSTEM32\desk.cpl (Microsoft Corporation)
8/9/2004 9:00:00 PM 80384 C:\WINDOWS\SYSTEM32\firewall.cpl (Microsoft Corporation)
8/9/2004 9:00:00 PM 155136 C:\WINDOWS\SYSTEM32\hdwwiz.cpl (Microsoft Corporation)
8/9/2004 9:00:00 PM 358400 C:\WINDOWS\SYSTEM32\inetcpl.cpl (Microsoft Corporation)
8/9/2004 9:00:00 PM 129536 C:\WINDOWS\SYSTEM32\intl.cpl (Microsoft Corporation)
8/9/2004 9:00:00 PM 380416 C:\WINDOWS\SYSTEM32\irprops.cpl (Microsoft Corporation)
7/27/2004 11:50:48 PM 73728 C:\WINDOWS\SYSTEM32\ISUSPM.cpl (InstallShield Software Corporation)
8/9/2004 9:00:00 PM 68608 C:\WINDOWS\SYSTEM32\joy.cpl (Microsoft Corporation)
8/27/2005 1:14:42 AM 49265 C:\WINDOWS\SYSTEM32\jpicpl32.cpl (Sun Microsystems, Inc.)
8/9/2004 9:00:00 PM 187904 C:\WINDOWS\SYSTEM32\main.cpl (Microsoft Corporation)
8/9/2004 9:00:00 PM 618496 C:\WINDOWS\SYSTEM32\mmsys.cpl (Microsoft Corporation)
8/9/2004 9:00:00 PM 35840 C:\WINDOWS\SYSTEM32\ncpa.cpl (Microsoft Corporation)
8/9/2004 9:00:00 PM 25600 C:\WINDOWS\SYSTEM32\netsetup.cpl (Microsoft Corporation)
8/9/2004 9:00:00 PM 257024 C:\WINDOWS\SYSTEM32\nusrmgr.cpl (Microsoft Corporation)
1/24/2006 7:15:00 PM 73728 C:\WINDOWS\SYSTEM32\nvtuicpl.cpl ()
8/9/2004 9:00:00 PM 36864 C:\WINDOWS\SYSTEM32\nwc.cpl (Microsoft Corporation)
8/9/2004 9:00:00 PM 32768 C:\WINDOWS\SYSTEM32\odbccp32.cpl (Microsoft Corporation)
8/9/2004 9:00:00 PM 114688 C:\WINDOWS\SYSTEM32\powercfg.cpl (Microsoft Corporation)
8/26/1996 2:12:00 AM R 341504 C:\WINDOWS\SYSTEM32\QTW32.CPL (Apple Computer, Inc.)
1/10/2006 1:58:40 PM 266240 C:\WINDOWS\SYSTEM32\RTSndMgr.CPL (Realtek Semiconductor Corp.)
8/9/2004 9:00:00 PM 298496 C:\WINDOWS\SYSTEM32\sysdm.cpl (Microsoft Corporation)
8/9/2004 9:00:00 PM 28160 C:\WINDOWS\SYSTEM32\telephon.cpl (Microsoft Corporation)
8/9/2004 9:00:00 PM 94208 C:\WINDOWS\SYSTEM32\timedate.cpl (Microsoft Corporation)
8/9/2004 9:00:00 PM 148480 C:\WINDOWS\SYSTEM32\wscui.cpl (Microsoft Corporation)
8/9/2004 9:00:00 PM 162304 C:\WINDOWS\SYSTEM32\wuaucpl.cpl (Microsoft Corporation)
8/9/2004 9:00:00 PM 68608 C:\WINDOWS\SYSTEM32\dllcache\access.cpl (Microsoft Corporation)
8/9/2004 9:00:00 PM 549888 C:\WINDOWS\SYSTEM32\dllcache\appwiz.cpl (Microsoft Corporation)
8/9/2004 9:00:00 PM 135168 C:\WINDOWS\SYSTEM32\dllcache\desk.cpl (Microsoft Corporation)
8/9/2004 9:00:00 PM 80384 C:\WINDOWS\SYSTEM32\dllcache\firewall.cpl (Microsoft Corporation)
8/9/2004 9:00:00 PM 155136 C:\WINDOWS\SYSTEM32\dllcache\hdwwiz.cpl (Microsoft Corporation)
8/9/2004 9:00:00 PM 358400 C:\WINDOWS\SYSTEM32\dllcache\inetcpl.cpl (Microsoft Corporation)
8/9/2004 9:00:00 PM 129536 C:\WINDOWS\SYSTEM32\dllcache\intl.cpl (Microsoft Corporation)
8/9/2004 9:00:00 PM 68608 C:\WINDOWS\SYSTEM32\dllcache\joy.cpl (Microsoft Corporation)
8/9/2004 9:00:00 PM 187904 C:\WINDOWS\SYSTEM32\dllcache\main.cpl (Microsoft Corporation)
8/9/2004 9:00:00 PM 618496 C:\WINDOWS\SYSTEM32\dllcache\mmsys.cpl (Microsoft Corporation)
8/9/2004 9:00:00 PM 35840 C:\WINDOWS\SYSTEM32\dllcache\ncpa.cpl (Microsoft Corporation)
8/9/2004 9:00:00 PM 25600 C:\WINDOWS\SYSTEM32\dllcache\netsetup.cpl (Microsoft Corporation)
8/9/2004 9:00:00 PM 257024 C:\WINDOWS\SYSTEM32\dllcache\nusrmgr.cpl (Microsoft Corporation)
8/9/2004 9:00:00 PM 36864 C:\WINDOWS\SYSTEM32\dllcache\nwc.cpl (Microsoft Corporation)
8/9/2004 9:00:00 PM 32768 C:\WINDOWS\SYSTEM32\dllcache\odbccp32.cpl (Microsoft Corporation)
8/9/2004 9:00:00 PM 114688 C:\WINDOWS\SYSTEM32\dllcache\powercfg.cpl (Microsoft Corporation)
8/9/2004 9:00:00 PM 155648 C:\WINDOWS\SYSTEM32\dllcache\sapi.cpl (Microsoft Corporation)
8/9/2004 9:00:00 PM 298496 C:\WINDOWS\SYSTEM32\dllcache\sysdm.cpl (Microsoft Corporation)
8/9/2004 9:00:00 PM 28160 C:\WINDOWS\SYSTEM32\dllcache\telephon.cpl (Microsoft Corporation)
8/9/2004 9:00:00 PM 94208 C:\WINDOWS\SYSTEM32\dllcache\timedate.cpl (Microsoft Corporation)
8/9/2004 9:00:00 PM 148480 C:\WINDOWS\SYSTEM32\dllcache\wscui.cpl (Microsoft Corporation)
8/9/2004 9:00:00 PM 162304 C:\WINDOWS\SYSTEM32\dllcache\wuaucpl.cpl (Microsoft Corporation)

Checking for Downloaded Program Files...
{02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - QuickTime Object - CodeBase = http://www.apple.com/qtactivex/qtplugin.cab
{166B1BCA-3F9C-11CF-8075-444553540000} - Shockwave ActiveX Control - CodeBase = http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
{8AD9C840-044E-11D1-B3E9-00805F499D93} - Java Plug-in 1.5.0_05 - CodeBase = http://java.sun.com/update/1.5.0/jinstall-1_5_0_05-windows-i586.cab
{CAFEEFAC-0015-0000-0005-ABCDEFFEDCBA} - Java Plug-in 1.5.0_05 - CodeBase = http://java.sun.com/update/1.5.0/jinstall-1_5_0_05-windows-i586.cab

»»»»»»»»»»»»»»»»» Checking Selected Startup Folders »»»»»»»»»»»»»»»»»»»»»

Checking files in %ALLUSERSPROFILE%\Startup folder...
11/15/2006 6:52:52 AM 1765 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk ()
9/15/2006 8:07:24 PM 1918 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Compaq Connections.lnk ()
8/30/2005 9:02:10 PM HS 84 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\desktop.ini ()
12/23/2006 7:55:26 PM 1816 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk ()
1/27/2007 12:53:16 PM 1762 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\SnagIt 8.lnk ()

Checking files in %ALLUSERSPROFILE%\Application Data folder...
8/30/2005 1:52:20 PM HS 62 C:\Documents and Settings\All Users\Application Data\desktop.ini ()
12/23/2006 8:03:20 PM 1894 C:\Documents and Settings\All Users\Application Data\hpzinstall.log ()

Checking files in %USERPROFILE%\Startup folder...
8/30/2005 9:02:10 PM HS 84 C:\Documents and Settings\Compaq_Administrator\Start Menu\Programs\Startup\desktop.ini ()

Checking files in %USERPROFILE%\Application Data folder...
8/30/2005 1:52:20 PM HS 62 C:\Documents and Settings\Compaq_Administrator\Application Data\desktop.ini ()

»»»»»»»»»»»»»»»»» Checking Selected Registry Keys »»»»»»»»»»»»»»»»»»»»»»»

>>> Internet Explorer Settings <<<


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main]
\\Start Page - http://att.yahoo.com
\\Search Bar - http://red.clientapps.yahoo.com/customize/ie/defaults/sb/sbcydsl/*http://www.yahoo.com/search/ie.html
\\Search Page - http://red.clientapps.yahoo.com/customize/ie/defaults/sp/sbcydsl/*http://www.yahoo.com
\\Default_Page_URL - http://att.yahoo.com
\\Default_Search_URL - http://www.google.com/ie
\\Local Page - %SystemRoot%\system32\blank.htm

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main]
\\Start Page - http://runonce.msn.com/?v=msgrv75
\\Search Bar - http://www.google.com/ie
\\Search Page - http://www.google.com
\\Default_Page_URL - http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=ie.....pf=desktop
\\Default_Search_URL - http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=ie.....pf=desktop
\\Local Page - C:\WINDOWS\system32\blank.htm

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Search]
\\CustomizeSearch - http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
\\SearchAssistant - http://www.google.com/ie

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Search]
\\SearchAssistant - http://www.google.com/ie

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
\\{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - Microsoft Url Search Hook = %SystemRoot%\system32\shdocvw.dll (Microsoft Corporation)

>>> BHO's <<<
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
\{00C6482D-C502-44C8-8409-FCE54AD9C208} - SnagIt Toolbar Loader = C:\Program Files\TechSmith\SnagIt 8\SnagItBHO.dll (TechSmith Corporation)
\{02478D38-C3F9-4EFB-9B51-7695ECA05670} - Yahoo! Toolbar Helper = C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - AcroIEHlprObj Class = C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
\{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - Yahoo! IE Services Button = C:\PROGRA~1\Yahoo!\Common\yiesrvc.dll (Yahoo! Inc.)
\{AA58ED58-01DD-4d91-8333-CF10577473F7} - Google Toolbar Helper = c:\program files\google\googletoolbar5.dll (Google Inc.)
\{AAAE832A-5FFF-4661-9C8F-369692D1DCB9} - hpWebHelper Class = C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\WebHelper.dll (TODO: <Company name>)
\{F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} - SidebarAutoLaunch Class = C:\Program Files\Yahoo!\browser\YSidebarIEBHO.dll (Yahoo! Inc.)

>>> Internet Explorer Bars, Toolbars and Extensions <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars]
\{4D5C8C25-D075-11d0-B416-00C04FB90376} - &Tip of the Day = %SystemRoot%\system32\shdocvw.dll (Microsoft Corporation)

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} - Yahoo! Toolbar = C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
\\{2318C2B1-4965-11d4-9B18-009027A5CD4F} - &Google = c:\program files\google\googletoolbar5.dll (Google Inc.)
\\{8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - SnagIt = C:\Program Files\TechSmith\SnagIt 8\SnagItIEAddin.dll (TechSmith Corporation)

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar]
\ShellBrowser\\{01E04581-4EEE-11D0-BFE9-00AA005B4383} - &Address = %SystemRoot%\system32\browseui.dll (Microsoft Corporation)
\ShellBrowser\\{C4069E3A-68F1-403E-B40E-20066696354B} - = ()
\WebBrowser\\{01E04581-4EEE-11D0-BFE9-00AA005B4383} - &Address = %SystemRoot%\system32\browseui.dll (Microsoft Corporation)
\WebBrowser\\{0E5CBF21-D15F-11D0-8301-00AA005B4383} - &Links = %SystemRoot%\system32\SHELL32.dll (Microsoft Corporation)
\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} - &Google = c:\program files\google\googletoolbar5.dll (Google Inc.)
\WebBrowser\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} - Yahoo! Toolbar = C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
\WebBrowser\\{8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - = ()

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\CmdMapping]
\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} - 8192 = Sun Java Console
\\NEXTID - 8198
\\{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - 8193 =
\\{92780B25-18CC-41C8-B9BE-3C9C571A8263} - 8194 =
\\{E2D4D26B-0180-43a4-B05F-462D6D54C789} - 8195 = Internet Connection Help
\\{FB5F1910-F110-11d2-BB9E-00C04F795683} - 8196 = Windows Messenger
\\{d9288080-1baa-4bc4-9cf8-a92d743db949} - 8197 =

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions]
\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} - MenuText: Sun Java Console = C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll (Sun Microsystems, Inc.)
\{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - ButtonText: AT&T Yahoo! Services =
\{92780B25-18CC-41C8-B9BE-3C9C571A8263} - ButtonText: Research =
\{d9288080-1baa-4bc4-9cf8-a92d743db949} - ButtonText: Run IMVU = C:\Documents and Settings\Compaq_Administrator\Start Menu\Programs\IMVU\Run IMVU.lnk ()
\{E2D4D26B-0180-43a4-B05F-462D6D54C789} - ButtonText: Internet Connection Help = C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
\{FB5F1910-F110-11d2-BB9E-00C04F795683} - ButtonText: Messenger = C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)

>>> Approved Shell Extensions (Non-Microsoft Only) <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
\\{42071714-76d4-11d1-8b24-00a0c9068ff3} - Display Panning CPL Extension = deskpan.dll ()
\\{764BF0E1-F219-11ce-972D-00AA00A14F56} - Shell extensions for file compression = ()
\\{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA} - Encryption Context Menu = ()
\\{88895560-9AA2-1069-930E-00AA0030EBC8} - HyperTerminal Icon Ext = C:\WINDOWS\system32\hticons.dll (Hilgraeve, Inc.)
\\{0DF44EAA-FF21-4412-828E-260A8728E7F1} - Taskbar and Start Menu = ()
\\{00E7B358-F65B-4dcf-83DF-CD026B94BFD4} - Autoplay for SlideShow = ()
\\{7A9D77BD-5403-11d2-8785-2E0420524153} - User Accounts = ()
\\{DBFB267C-334F-4F19-A304-63B7130C20C7} - MediaCenter Property Page = arpower.dll (Microsoft)
\\{A70C977A-BF00-412C-90B7-034C51DA2439} - NvCpl DesktopContext Class = C:\WINDOWS\system32\nvcpl.dll (NVIDIA Corporation)
\\{FFB699E0-306A-11d3-8BD1-00104B6F7516} - Play on my TV helper = C:\WINDOWS\system32\nvcpl.dll (NVIDIA Corporation)
\\{1CDB2949-8F65-4355-8456-263E7C208A5D} - Desktop Explorer = C:\WINDOWS\system32\nvshell.dll ()
\\{1E9B04FB-F9E5-4718-997B-B8DA88302A47} - Desktop Explorer Menu = C:\WINDOWS\system32\nvshell.dll ()
\\{1E9B04FB-F9E5-4718-997B-B8DA88302A48} - nView Desktop Context Menu = C:\WINDOWS\system32\nvshell.dll ()
\\{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4} - Shell Extensions for RealOne Player = C:\Program Files\Real\RealPlayer\rpshell.dll (RealNetworks, Inc.)
\\{7F67036B-66F1-411A-AD85-759FB9C5B0DB} - ShellViewRTF = C:\WINDOWS\system32\ShellvRTF.dll (XSS)
\\{5464D816-CF16-4784-B9F3-75C0DB52B499} - Yahoo! Mail = C:\PROGRA~1\Yahoo!\Common\ymmapi.dll (Yahoo! Inc.)
\\{B41DB860-8EE4-11D2-9906-E49FADC173CA} - WinRAR shell extension = C:\Program Files\WinRAR\rarext.dll ()
\\{9F97547E-4609-42C5-AE0C-81C61FFAEBC3} - AVG7 Shell Extension = C:\Program Files\Grisoft\AVG Free\avgse.dll (GRISOFT, s.r.o.)
\\{9F97547E-460A-42C5-AE0C-81C61FFAEBC3} - AVG7 Find Extension = C:\Program Files\Grisoft\AVG Free\avgse.dll (GRISOFT, s.r.o.)
\\{8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - SnagIt = C:\Program Files\TechSmith\SnagIt 8\SnagItIEAddin.dll (TechSmith Corporation)
\\{CF74B903-3389-469c-B3B6-0204D204FCBD} - SnagIt Shell Extension = C:\Program Files\TechSmith\SnagIt 8\SnagItShellExt.dll (TechSmith Corporation)

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]

>>> Context Menu Handlers (Non-Microsoft Only) <<<
[HKEY_LOCAL_MACHINE\Software\Classes\*\shellex\ContextMenuHandlers]
\AVG7 Shell Extension - {9F97547E-4609-42C5-AE0C-81C61FFAEBC3} = C:\Program Files\Grisoft\AVG Free\avgse.dll (GRISOFT, s.r.o.)
\SnagItMainShellExt - {CF74B903-3389-469c-B3B6-0204D204FCBD} = C:\Program Files\TechSmith\SnagIt 8\SnagItShellExt.dll (TechSmith Corporation)
\WinRAR - {B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Program Files\WinRAR\rarext.dll ()
\Yahoo! Mail - {5464D816-CF16-4784-B9F3-75C0DB52B499} = C:\PROGRA~1\Yahoo!\Common\ymmapi.dll (Yahoo! Inc.)

[HKEY_LOCAL_MACHINE\Software\Classes\AllFilesystemObjects\shellex\ContextMenuHandlers]

[HKEY_LOCAL_MACHINE\Software\Classes\Directory\shellex\ContextMenuHandlers]
\SnagItMainShellExt - {CF74B903-3389-469c-B3B6-0204D204FCBD} = C:\Program Files\TechSmith\SnagIt 8\SnagItShellExt.dll (TechSmith Corporation)
\WinRAR - {B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Program Files\WinRAR\rarext.dll ()

[HKEY_LOCAL_MACHINE\Software\Classes\Directory\BackGround\shellex\ContextMenuHandlers]
\00nView - {1E9B04FB-F9E5-4718-997B-B8DA88302A48} = C:\WINDOWS\system32\nvshell.dll ()
\NvCplDesktopContext - {A70C977A-BF00-412C-90B7-034C51DA2439} = C:\WINDOWS\system32\nvcpl.dll (NVIDIA Corporation)

[HKEY_LOCAL_MACHINE\Software\Classes\Folder\shellex\ContextMenuHandlers]
\AVG7 Shell Extension - {9F97547E-4609-42C5-AE0C-81C61FFAEBC3} = C:\Program Files\Grisoft\AVG Free\avgse.dll (GRISOFT, s.r.o.)
\WinRAR - {B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Program Files\WinRAR\rarext.dll ()

>>> Column Handlers (Non-Microsoft Only) <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers]
\{F9DB5320-233E-11D1-9F84-707F02C10627} - PDF Column Info = C:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll (Adobe Systems, Inc.)

>>> Registry Run Keys <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
ehTray - C:\WINDOWS\ehome\ehtray.exe (Microsoft Corporation)
RTHDCPL - C:\WINDOWS\RTHDCPL.EXE (Realtek Semiconductor Corp.)
AlwaysReady Power Message APP - C:\WINDOWS\ARPWRMSG.EXE (Microsoft)
NvCplDaemon - RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll ()
nwiz - C:\WINDOWS\SYSTEM32\nwiz.exe ()
DISCover - C:\Program Files\DISC\DISCover.exe ()
DiscUpdateManager - C:\Program Files\DISC\DiscUpdMgr.exe ()
Recguard - C:\WINDOWS\SMINST\RECGUARD.EXE ()
- Reg Data missing or invalid ()
PCDrProfiler - Reg Data missing or invalid ()
HPBootOp - C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe ()
Reminder - C:\Windows\Creator\Remind_XP.exe ()
HP Software Update - C:\Program Files\HP\HP Software Update\HPWuSchd2.exe ()
YBrowser - C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe ()
QuickTime Task - C:\Program Files\QuickTime\qttask.exe ()
TkBellExe - C:\Program Files\Common Files\Real\Update_OB\realsched.exe ()
AVG7_CC - C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe (GRISOFT, s.r.o.)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]
IMAIL Installed = 1
MAPI Installed = 1
MSFS Installed = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
ctfmon.exe - C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation)
MsnMsgr - C:\Program Files\MSN Messenger\MsnMsgr.Exe (Microsoft Corporation)
Shareaza - C:\Program Files\Shareaza\Shareaza.exe (Shareaza Development Team)
swg - C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe (Google Inc.)

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\load]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\run]

>>> Startup Links <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\\Common Startup]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated)
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Compaq Connections.lnk - C:\Program Files\Compaq Connections\5577497\Program\Compaq Connections.exe (Hewlett-Packard)
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\desktop.ini ()
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Development Company, L.P.)
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\SnagIt 8.lnk - C:\Program Files\TechSmith\SnagIt 8\SnagIt32.exe (TechSmith Corporation)

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\\Startup]
C:\Documents and Settings\Compaq_Administrator\Start Menu\Programs\Startup\desktop.ini ()

>>> MSConfig Disabled Items <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig]

[All Users Startup Folder Disabled Items]

[Current User Startup Folder Disabled Items]

>>> User Agent Post Platform <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
\\SV1 -

>>> AppInit Dll's <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs]

>>> Image File Execution Options <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options]
\Your Image File Name Here without a path - Debugger = ntsd -d

>>> Shell Service Object Delay Load <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
\\PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} = %SystemRoot%\system32\SHELL32.dll (Microsoft Corporation)
\\CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} = %SystemRoot%\system32\SHELL32.dll (Microsoft Corporation)
\\WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} = %SystemRoot%\system32\webcheck.dll (Microsoft Corporation)
\\SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} = C:\WINDOWS\system32\stobject.dll (Microsoft Corporation)

>>> Shell Execute Hooks <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
\\{AEB6717E-7E19-11d0-97EE-00C04FD91972} - URL Exec Hook = shell32.dll (Microsoft Corporation)

>>> Shared Task Scheduler <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
\\{438755C2-A8BA-11D1-B96B-00A0C90312E1} - Browseui preloader = %SystemRoot%\system32\browseui.dll (Microsoft Corporation)
\\{8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon = %SystemRoot%\system32\browseui.dll (Microsoft Corporation)

>>> Winlogon <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
\\UserInit = C:\WINDOWS\system32\userinit.exe,
\\Shell = Explorer.exe
\\System =

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify]
\crypt32chain - crypt32.dll = (Microsoft Corporation)
\cryptnet - cryptnet.dll = (Microsoft Corporation)
\cscdll - cscdll.dll = (Microsoft Corporation)
\ScCertProp - wlnotify.dll = (Microsoft Corporation)
\Schedule - wlnotify.dll = (Microsoft Corporation)
\sclgntfy - sclgntfy.dll = (Microsoft Corporation)
\SensLogn - WlNotify.dll = (Microsoft Corporation)
\termsrv - wlnotify.dll = (Microsoft Corporation)
\wlballoon - wlnotify.dll = (Microsoft Corporation)

>>> DNS Name Servers <<<
{68DD3497-6FE1-413A-953B-00CEE931B70D} - (NVIDIA nForce Networking Controller)
{892900FC-9814-4488-99C0-81491C1EE93D} - (HP EN1207D-TX PCI 10/100 Fast Ethernet Adapter)
{8D95171C-826B-45F3-BA7E-9D8AF8B1561D} - (1394 Net Adapter)

>>> All Winsock2 Catalogs <<<
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries]
\000000000001\\LibraryPath - %SystemRoot%\System32\mswsock.dll (Microsoft Corporation)
\000000000002\\LibraryPath - %SystemRoot%\System32\winrnr.dll (Microsoft Corporation)
\000000000003\\LibraryPath - %SystemRoot%\System32\mswsock.dll (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries]
\000000000001\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000002\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000003\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000004\\PackedCatalogItem - %SystemRoot%\system32\rsvpsp.dll (Microsoft Corporation)
\000000000005\\PackedCatalogItem - %SystemRoot%\system32\rsvpsp.dll (Microsoft Corporation)
\000000000006\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000007\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000008\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000009\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000010\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000011\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000012\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000013\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000014\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000015\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)

>>> Protocol Handlers (Non-Microsoft Only) <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler]
\ipp - ()
\msdaipp - ()

>>> Protocol Filters (Non-Microsoft Only) <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Filter]

>>> Selected AddOn's <<<


»»»»»»»»»»»»»»»»»»»»»»»» Scan Complete »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

offline
  • Pridružio: 09 Jan 2006
  • Poruke: 317

Na zalost Ella, slucaj je dosta tezak, infekcija se je dobro sakrila tako da cemo morati jos da te namucimo, nadam se da nemas nista protiv.

Skini program SilentRunners sa ovog linka:
http://www.silentrunners.org/Silent%20Runners.vbs

- - Sacuvaj ga na desktopu.
- - Pokreni ga klikcuci dvoklikom ikonu SilentRunnersa na tvom desktopu.
- - Pojavice se pitanje Do you want to skip supplementary searches?
- - Klikni ne
- - Nakon ovoga ce se pojaviti novi tekst-fajl na desktopu – nije gotovo, pusti program da radi (imaces utisak da ne radi nista).
- - Kada dobijes poruku All Done! otvori tekst-fajl sa desktopa i iskopiraj njegov sadrzaj ovde.
- - Napomena: Ako dobijes upozoravajuce poruke od strane antivirusa u kojima se spominje scripts, molim te odaberi da antivirus dopusti rad script-ova.

offline
  • Pridružio: 17 Jul 2005
  • Poruke: 3097
  • Gde živiš: "Daleko od Negdje"

Nije problem, samo da rijesimo.

"Silent Runners.vbs", revision R50, http://www.silentrunners.org/
Operating System: Windows XP SP2
Output limited to non-default values, except where indicated by "{++}"


Startup items buried in registry:
---------------------------------

HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++}
"ctfmon.exe" = "C:\WINDOWS\system32\ctfmon.exe" [MS]
"MsnMsgr" = ""C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background" [MS]
"Shareaza" = ""C:\Program Files\Shareaza\Shareaza.exe" -tray" ["Shareaza Development Team"]
"swg" = "C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" ["Google Inc."]

HKLM\Software\Microsoft\Windows\CurrentVersion\Run\ {++}
"ehTray" = "C:\WINDOWS\ehome\ehtray.exe" [MS]
"RTHDCPL" = "RTHDCPL.EXE" ["Realtek Semiconductor Corp."]
"AlwaysReady Power Message APP" = "ARPWRMSG.EXE" ["Microsoft"]
"NvCplDaemon" = "RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup" [MS]
"nwiz" = "nwiz.exe /install" ["NVIDIA Corporation"]
"DISCover" = "C:\Program Files\DISC\DISCover.exe" [null data]
"DiscUpdateManager" = "C:\Program Files\DISC\DiscUpdMgr.exe" [null data]
"Recguard" = "C:\WINDOWS\SMINST\RECGUARD.EXE" [null data]
"(Default)" = "(empty string)" [file not found]
"PCDrProfiler" = "(empty string)" [file not found]
"HPBootOp" = ""C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run" [null data]
"Reminder" = ""C:\Windows\Creator\Remind_XP.exe"" [null data]
"HP Software Update" = "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [null data]
"YBrowser" = "C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe" [null data]
"QuickTime Task" = ""C:\Program Files\QuickTime\qttask.exe" -atboottime" [null data]
"TkBellExe" = ""C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot" [null data]
"AVG7_CC" = "C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP" ["GRISOFT, s.r.o."]
"KernelFaultCheck" = "C:\WINDOWS\system32\dumprep 0 -k"

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
{00C6482D-C502-44C8-8409-FCE54AD9C208}\(Default) = (no title provided)
-> {HKLM...CLSID} = "SnagIt Toolbar Loader"
\InProcServer32\(Default) = "C:\Program Files\TechSmith\SnagIt 8\SnagItBHO.dll" ["TechSmith Corporation"]
{02478D38-C3F9-4EFB-9B51-7695ECA05670}\(Default) = (no title provided)
-> {HKLM...CLSID} = "Yahoo! Toolbar Helper"
\InProcServer32\(Default) = "C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll" ["Yahoo! Inc."]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\(Default) = (no title provided)
-> {HKLM...CLSID} = "AcroIEHlprObj Class"
\InProcServer32\(Default) = "C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll" ["Adobe Systems Incorporated"]
{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897}\(Default) = (no title provided)
-> {HKLM...CLSID} = "Yahoo! IE Services Button"
\InProcServer32\(Default) = "C:\PROGRA~1\Yahoo!\Common\yiesrvc.dll" ["Yahoo! Inc."]
{AA58ED58-01DD-4d91-8333-CF10577473F7}\(Default) = (no title provided)
-> {HKLM...CLSID} = "Google Toolbar Helper"
\InProcServer32\(Default) = "c:\program files\google\googletoolbar5.dll" ["Google Inc."]
{AAAE832A-5FFF-4661-9C8F-369692D1DCB9}\(Default) = (no title provided)
-> {HKLM...CLSID} = "hpWebHelper Class"
\InProcServer32\(Default) = "C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\WebHelper.dll" ["TODO: <Company name>"]
{F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D}\(Default) = (no title provided)
-> {HKLM...CLSID} = "SidebarAutoLaunch Class"
\InProcServer32\(Default) = "C:\Program Files\Yahoo!\browser\YSidebarIEBHO.dll" ["Yahoo! Inc."]

HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
"{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Display Panning CPL Extension"
-> {HKLM...CLSID} = "Display Panning CPL Extension"
\InProcServer32\(Default) = "deskpan.dll" [file not found]
"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "HyperTerminal Icon Ext"
-> {HKLM...CLSID} = "HyperTerminal Icon Ext"
\InProcServer32\(Default) = "C:\WINDOWS\system32\hticons.dll" ["Hilgraeve, Inc."]
"{cc86590a-b60a-48e6-996b-41d25ed39a1e}" = "Portable Media Devices Menu"
-> {HKLM...CLSID} = "Portable Media Devices Menu"
\InProcServer32\(Default) = "C:\WINDOWS\system32\audiodev.dll" [MS]
"{DBFB267C-334F-4F19-A304-63B7130C20C7}" = "MediaCenter Property Page"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "arpower.dll" ["Microsoft"]
"{A70C977A-BF00-412C-90B7-034C51DA2439}" = "NvCpl DesktopContext Class"
-> {HKLM...CLSID} = "DesktopContext Class"
\InProcServer32\(Default) = "C:\WINDOWS\system32\nvcpl.dll" ["NVIDIA Corporation"]
"{FFB699E0-306A-11d3-8BD1-00104B6F7516}" = "Play on my TV helper"
-> {HKLM...CLSID} = "NVIDIA CPL Extension"
\InProcServer32\(Default) = "C:\WINDOWS\system32\nvcpl.dll" ["NVIDIA Corporation"]
"{1CDB2949-8F65-4355-8456-263E7C208A5D}" = "Desktop Explorer"
-> {HKLM...CLSID} = "Desktop Explorer"
\InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"]
"{1E9B04FB-F9E5-4718-997B-B8DA88302A47}" = "Desktop Explorer Menu"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"]
"{1E9B04FB-F9E5-4718-997B-B8DA88302A48}" = "nView Desktop Context Menu"
-> {HKLM...CLSID} = "nView Desktop Context Menu"
\InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"]
"{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4}" = "Shell Extensions for RealOne Player"
-> {HKLM...CLSID} = "RealOne Player Context Menu Class"
\InProcServer32\(Default) = "C:\Program Files\Real\RealPlayer\rpshell.dll" ["RealNetworks, Inc."]
"{00020D75-0000-0000-C000-000000000046}" = "Microsoft Office Outlook Desktop Icon Handler"
-> {HKLM...CLSID} = "Microsoft Office Outlook"
\InProcServer32\(Default) = "C:\PROGRA~1\MICROS~4\OFFICE11\MLSHEXT.DLL" [MS]
"{0006F045-0000-0000-C000-000000000046}" = "Microsoft Office Outlook Custom Icon Handler"
-> {HKLM...CLSID} = "Outlook File Icon Extension"
\InProcServer32\(Default) = "C:\PROGRA~1\MICROS~4\OFFICE11\OLKFSTUB.DLL" [MS]
"{42042206-2D85-11D3-8CFF-005004838597}" = "Microsoft Office HTML Icon Handler"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\Program Files\Microsoft Office\OFFICE11\msohev.dll" [MS]
"{7F67036B-66F1-411A-AD85-759FB9C5B0DB}" = "ShellViewRTF"
-> {HKLM...CLSID} = "ShellViewRTF"
\InProcServer32\(Default) = "C:\WINDOWS\system32\ShellvRTF.dll" ["XSS"]
"{5464D816-CF16-4784-B9F3-75C0DB52B499}" = "Yahoo! Mail"
-> {HKLM...CLSID} = "YMailShellExt Class"
\InProcServer32\(Default) = "C:\PROGRA~1\Yahoo!\Common\ymmapi.dll" ["Yahoo! Inc."]
"{FC9FB64A-1EB2-4CCF-AF5E-1A497A9B5C2D}" = "Messenger Sharing Folders"
-> {HKLM...CLSID} = "My Sharing Folders"
\InProcServer32\(Default) = "C:\Program Files\MSN Messenger\fsshext.8.0.0812.00.dll" [MS]
"{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]
"{9F97547E-4609-42C5-AE0C-81C61FFAEBC3}" = "AVG7 Shell Extension"
-> {HKLM...CLSID} = "AVG7 Shell Extension Class"
\InProcServer32\(Default) = "C:\Program Files\Grisoft\AVG Free\avgse.dll" ["GRISOFT, s.r.o."]
"{9F97547E-460A-42C5-AE0C-81C61FFAEBC3}" = "AVG7 Find Extension"
-> {HKLM...CLSID} = "AVG7 Find Extension Class"
\InProcServer32\(Default) = "C:\Program Files\Grisoft\AVG Free\avgse.dll" ["GRISOFT, s.r.o."]
"{8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3}" = "SnagIt"
-> {HKLM...CLSID} = "SnagIt"
\InProcServer32\(Default) = "C:\Program Files\TechSmith\SnagIt 8\SnagItIEAddin.dll" ["TechSmith Corporation"]
"{CF74B903-3389-469c-B3B6-0204D204FCBD}" = "SnagIt Shell Extension"
-> {HKLM...CLSID} = "SnagItShellExt Class"
\InProcServer32\(Default) = "C:\Program Files\TechSmith\SnagIt 8\SnagItShellExt.dll" ["TechSmith Corporation"]

HKLM\Software\Classes\PROTOCOLS\Filter\
<<!>> text/xml\CLSID = "{807553E5-5146-11D5-A672-00B0D022E945}"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL" [MS]

HKLM\Software\Classes\Folder\shellex\ColumnHandlers\
{F9DB5320-233E-11D1-9F84-707F02C10627}\(Default) = "PDF Column Info"
-> {HKLM...CLSID} = "PDF Shell Extension"
\InProcServer32\(Default) = "C:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll" ["Adobe Systems, Inc."]

HKLM\Software\Classes\*\shellex\ContextMenuHandlers\
AVG7 Shell Extension\(Default) = "{9F97547E-4609-42C5-AE0C-81C61FFAEBC3}"
-> {HKLM...CLSID} = "AVG7 Shell Extension Class"
\InProcServer32\(Default) = "C:\Program Files\Grisoft\AVG Free\avgse.dll" ["GRISOFT, s.r.o."]
SnagItMainShellExt\(Default) = "{CF74B903-3389-469c-B3B6-0204D204FCBD}"
-> {HKLM...CLSID} = "SnagItShellExt Class"
\InProcServer32\(Default) = "C:\Program Files\TechSmith\SnagIt 8\SnagItShellExt.dll" ["TechSmith Corporation"]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]
Yahoo! Mail\(Default) = "{5464D816-CF16-4784-B9F3-75C0DB52B499}"
-> {HKLM...CLSID} = "YMailShellExt Class"
\InProcServer32\(Default) = "C:\PROGRA~1\Yahoo!\Common\ymmapi.dll" ["Yahoo! Inc."]

HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\
SnagItMainShellExt\(Default) = "{CF74B903-3389-469c-B3B6-0204D204FCBD}"
-> {HKLM...CLSID} = "SnagItShellExt Class"
\InProcServer32\(Default) = "C:\Program Files\TechSmith\SnagIt 8\SnagItShellExt.dll" ["TechSmith Corporation"]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]

HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\
AVG7 Shell Extension\(Default) = "{9F97547E-4609-42C5-AE0C-81C61FFAEBC3}"
-> {HKLM...CLSID} = "AVG7 Shell Extension Class"
\InProcServer32\(Default) = "C:\Program Files\Grisoft\AVG Free\avgse.dll" ["GRISOFT, s.r.o."]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]


Group Policies {GPedit.msc branch and setting}:
-----------------------------------------------

Note: detected settings may not have any effect.

HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System\

"shutdownwithoutlogon" = (REG_DWORD) hex:0x00000001
{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
Shutdown: Allow system to be shut down without having to log on}

"undockwithoutlogon" = (REG_DWORD) hex:0x00000001
{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
Devices: Allow undock without having to log on}

"InstallVisualStyle" = (REG_EXPAND_SZ) C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
{unrecognized setting}

"InstallTheme" = (REG_EXPAND_SZ) C:\WINDOWS\Resources\Themes\Royale.theme
{unrecognized setting}


Active Desktop and Wallpaper:
-----------------------------

Active Desktop may be disabled at this entry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState

Displayed if Active Desktop enabled and wallpaper not set by Group Policy:
HKCU\Software\Microsoft\Internet Explorer\Desktop\General\
"Wallpaper" = "C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Wallpaper1.bmp"

Displayed if Active Desktop disabled and wallpaper not set by Group Policy:
HKCU\Control Panel\Desktop\
"Wallpaper" = "C:\Documents and Settings\Compaq_Administrator\Local Settings\Application Data\Microsoft\Wallpaper1.bmp"


Enabled Screen Saver:
---------------------

HKCU\Control Panel\Desktop\
"SCRNSAVE.EXE" = "C:\WINDOWS\System32\logon.scr" [MS]


DESKTOP.INI DLL launch in local fixed drive directories:
--------------------------------------------------------

E:\cmdcons\DESKTOP.INI
[.ShellClassInfo]
CLSID={7f67036b-66f1-411a-ad85-759fb9c5b0db}
-> {HKLM...CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\ShellvRTF.dll" ["XSS"]

E:\MiniNT\DESKTOP.INI
[.ShellClassInfo]
CLSID={7f67036b-66f1-411a-ad85-759fb9c5b0db}
-> {HKLM...CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\ShellvRTF.dll" ["XSS"]

E:\PRELOAD\DESKTOP.INI
[.ShellClassInfo]
CLSID={7f67036b-66f1-411a-ad85-759fb9c5b0db}
-> {HKLM...CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\ShellvRTF.dll" ["XSS"]

E:\I386\DESKTOP.INI
[.ShellClassInfo]
CLSID={7f67036b-66f1-411a-ad85-759fb9c5b0db}
-> {HKLM...CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\ShellvRTF.dll" ["XSS"]

E:\HP\DESKTOP.INI
[.ShellClassInfo]
CLSID={7f67036b-66f1-411a-ad85-759fb9c5b0db}
-> {HKLM...CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\ShellvRTF.dll" ["XSS"]

E:\TOOLS\DESKTOP.INI
[.ShellClassInfo]
CLSID={7f67036b-66f1-411a-ad85-759fb9c5b0db}
-> {HKLM...CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\ShellvRTF.dll" ["XSS"]


Startup items in "Compaq_Administrator" & "All Users" startup folders:
----------------------------------------------------------------------

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
"Adobe Reader Speed Launch" -> shortcut to: "C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe" ["Adobe Systems Incorporated"]
"Compaq Connections" -> shortcut to: "C:\Program Files\Compaq Connections\5577497\Program\Compaq Connections.exe -startup" ["Hewlett-Packard"]
"HP Digital Imaging Monitor" -> shortcut to: "C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe" ["Hewlett-Packard Development Company, L.P."]
"SnagIt 8" -> shortcut to: "C:\Program Files\TechSmith\SnagIt 8\SnagIt32.exe" ["TechSmith Corporation"]


Enabled Scheduled Tasks:
------------------------

"Warranty Reminder 11 month" -> launches: "c:\windows\system32\pcintro\reminder\Warranty_Reminder_11_month\Warranty_Reminder_11_month.bat" [null data]


Winsock2 Service Provider DLLs:
-------------------------------

Namespace Service Providers

HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}
000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]
000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]

Transport Service Providers

HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}
0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:
%SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 15
%SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05


Toolbars, Explorer Bars, Extensions:
------------------------------------

Toolbars

HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}"
-> {HKLM...CLSID} = "&Google"
\InProcServer32\(Default) = "c:\program files\google\googletoolbar5.dll" ["Google Inc."]
"{EF99BD32-C1FB-11D2-892F-0090271D4F88}"
-> {HKLM...CLSID} = "Yahoo! Toolbar"
\InProcServer32\(Default) = "C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll" ["Yahoo! Inc."]

HKLM\Software\Microsoft\Internet Explorer\Toolbar\
"{EF99BD32-C1FB-11D2-892F-0090271D4F88}" = (no title provided)
-> {HKLM...CLSID} = "Yahoo! Toolbar"
\InProcServer32\(Default) = "C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll" ["Yahoo! Inc."]
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" = (no title provided)
-> {HKLM...CLSID} = "&Google"
\InProcServer32\(Default) = "c:\program files\google\googletoolbar5.dll" ["Google Inc."]
"{8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3}" = (no title provided)
-> {HKLM...CLSID} = "SnagIt"
\InProcServer32\(Default) = "C:\Program Files\TechSmith\SnagIt 8\SnagItIEAddin.dll" ["TechSmith Corporation"]

Explorer Bars

HKLM\Software\Microsoft\Internet Explorer\Explorer Bars\

HKLM\Software\Classes\CLSID\{51085E3D-A958-42A2-A6BE-A6A9B0BAF276}\(Default) = "AT&&T Yahoo! Sidebar"
Implemented Categories\{00021493-0000-0000-C000-000000000046}\ [vertical bar]
InProcServer32\(Default) = "C:\Program Files\Yahoo!\browser\ysidebarIE.dll" ["Yahoo! Inc."]

HKLM\Software\Classes\CLSID\{FF059E31-CC5A-4E2E-BF3B-96E929D65503}\(Default) = "&Research"
Implemented Categories\{00021493-0000-0000-C000-000000000046}\ [vertical bar]
InProcServer32\(Default) = "C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL" [MS]

Extensions (Tools menu items, main toolbar menu buttons)

HKLM\Software\Microsoft\Internet Explorer\Extensions\
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}\
"MenuText" = "Sun Java Console"
"CLSIDExtension" = "{CAFEEFAC-0015-0000-0005-ABCDEFFEDCBC}"
-> {HKLM...CLSID} = "Java Plug-in 1.5.0_05"
\InProcServer32\(Default) = "C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll" ["Sun Microsystems, Inc."]

{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897}\
"ButtonText" = "AT&T Yahoo! Services"
"CLSIDExtension" = "{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897}"
-> {HKLM...CLSID} = "Yahoo! IE Services Button"
\InProcServer32\(Default) = "C:\PROGRA~1\Yahoo!\Common\yiesrvc.dll" ["Yahoo! Inc."]

{92780B25-18CC-41C8-B9BE-3C9C571A8263}\
"ButtonText" = "Research"

{D9288080-1BAA-4BC4-9CF8-A92D743DB949}\
"ButtonText" = "Run IMVU"
"Exec" = "C:\Documents and Settings\Compaq_Administrator\Start Menu\Programs\IMVU\Run IMVU.lnk" [null data]

{E2D4D26B-0180-43A4-B05F-462D6D54C789}\
"ButtonText" = "Internet Connection Help"
"MenuText" = "Internet Connection Help"
"Script" = "C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm" [null data]

{FB5F1910-F110-11D2-BB9E-00C04F795683}\
"ButtonText" = "Messenger"
"MenuText" = "Windows Messenger"
"Exec" = "C:\Program Files\Messenger\msmsgs.exe" [MS]


Miscellaneous IE Hijack Points
------------------------------

C:\WINDOWS\INF\IERESET.INF (used to "Reset Web Settings")

Added lines (compared with English-language version):
[Strings]: START_PAGE_URL=http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome

Missing lines (compared with English-language version):
[Strings]: 1 line


Running Services (Display Name, Service Name, Path {Service DLL}):
------------------------------------------------------------------

ARSVC, ARSVC, "C:\WINDOWS\arservice.exe" ["Microsoft"]
AVG E-mail Scanner, AVGEMS, "C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe" ["GRISOFT, s.r.o."]
AVG7 Alert Manager Server, Avg7Alrt, "C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe" ["GRISOFT, s.r.o."]
AVG7 Update Service, Avg7UpdSvc, "C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe" ["GRISOFT, s.r.o."]
LightScribeService Direct Disc Labeling Service, LightScribeService, ""C:\Program Files\Common Files\LightScribe\LSSrvc.exe"" ["Hewlett-Packard Company"]
Machine Debug Manager, MDM, ""C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE"" [MS]
Media Center Extender Service, McrdSvc, "C:\WINDOWS\ehome\mcrdsvc.exe" [MS]
Media Center Receiver Service, ehRecvr, "C:\WINDOWS\eHome\ehRecvr.exe" [MS]
Media Center Scheduler Service, ehSched, "C:\WINDOWS\eHome\ehSched.exe" [MS]
Messenger Sharing USN Journal Reader service, usnsvc, "C:\WINDOWS\system32\svchost.exe -k usnsvc" {"C:\Program Files\MSN Messenger\usnsvc.dll" [MS]}
NVIDIA Display Driver Service, NVSvc, "C:\WINDOWS\system32\nvsvc32.exe" ["NVIDIA Corporation"]
Symantec Core LC, Symantec Core LC, ""C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe"" ["Symantec Corporation"]


Keyboard Driver Filters:
------------------------

HKLM\System\CurrentControlSet\Control\Class\{4D36E96B-E325-11CE-BFC1-08002BE10318}\
"UpperFilters" = <<!>> "arkbcfltr" [MS]


Print Monitors:
---------------

HKLM\System\CurrentControlSet\Control\Print\Monitors\
HP Standard TCP/IP Port\Driver = "HpTcpMon.dll" ["Hewlett Packard"]
Language Monitor\Driver = "hpz3l054.dll" ["Hewlett-Packard Company"]
Microsoft Document Imaging Writer Monitor\Driver = "mdimon.dll" [MS]
Microsoft Shared Fax Monitor\Driver = "FXSMON.DLL" [MS]


----------
<<!>>: Suspicious data at a malware launch point.

+ This report excludes default entries except where indicated.
+ To see *everywhere* the script checks and *everything* it finds,
launch it from a command prompt or a shortcut with the -all parameter.
+ The search for DESKTOP.INI DLL launch points on all local fixed drives
took 77 seconds.
---------- (total run time: 122 seconds)

offline
  • Pridružio: 04 Sep 2003
  • Poruke: 24135
  • Gde živiš: Wien

Pozdrav Ella, ja cu preuzeti slucaj odavde.

Od samog postavljanja teme pa na ovamo marko antonije i ja razbijamo glavu oko ovih logova koji su naizgled cisti.

Probacemo da vidimo da li nesto mozemo da zakljucimo van logova:
- da li ti je poznat program DISCover koji ti se nalazi u C:\Program Files\DISC ?
- da li se ova infekcija javila nakon instalacije nekog programa?

offline
  • Pridružio: 17 Jul 2005
  • Poruke: 3097
  • Gde živiš: "Daleko od Negdje"

Pozdrav ...

Ja nemam pristup tim fajlovima, mislim imam ali nije lako doci do njih, tako da su sanse velike da ih ja tu nisam postavila. Naravno postoji mogucnost da je neko drugi cackao oko compa, ali to je jako tesko, djeca koriste igrice koje su na compu ili sa neta. A defoltom je postavljeno savovanje svega u my-documents. Znaci odgovor je ne, program mi je nepoznat.

Evo kako izgleda:

https://www.mycity.rs/must-login.png

A infekcija se pojavila dok sam scenirala sa AVG. Znaci njega sam instalirala, gledala sam jos neke stranice ali nisam nista skidala sa njih. Tako da je to jedina novina.

Sad razmisljam, ne sjecam se da li sam ista skinula sa

http://daol.aol.com/safetycenter/virus?sem=1&ncid=AOLACM00170000000053

Znam da sam to jutro gledala i tu stranicu, registrovala se ali sad ne mogu da se sjetim da li sam ista download-ovala. Bilo je jutro, malo sam vremena imala i pojavila mi se infekcija, tako da sam skroz zaboravila na AOL.

offline
  • Pridružio: 04 Sep 2003
  • Poruke: 24135
  • Gde živiš: Wien

Ne znam kakvu internet konekciju imas, ali sa sledeceg linka se moze skinuti Ewido micro koji je tezak 8mb za skidanje:
http://downloads.ewido.net/ewido_micro.exe

Kako se radi sa Ewido micro:
- na prvom ekranu odaberi sve date opcije (stikliraj polja ispred njih)
- klikni na dugme Start Scan
- nakon zavrsenog skeniranja klikni na Save Report i snimi log fajl na sigurno mesto
- klikni na Remove Infections
- iskopiraj nam ovde sadrzaj log fajla kog si malopre snimila

Ukoliko infekcija bude prisutna i nakon pokusaja dezinfekcije ovim programom, onda bih te zamolio da probamo VundoFix:

- skini VundoFix sa http://www.atribune.org/ccount/click.php?id=4
- startuj VundoFix
- selektuj opciju Run VundoFix as a task kada ti to bude ponudjeno
- VundoFix ce sada da se ugasi i startovace se ponovo za od prilike 1 minut
- kada se bude startovao, klikni dugme Scan for Vundo
- kada zavrsi skeniranje klikni na Remove Vundo
- potvrdi brisanje sa Yes
- ovog momenta ce desktop da se ugasi
- kada zavrsi dezinfekciju, pojavice se poruka da ce da ugasi kompjuter
- klikni OK
- ukljuci ponovo kompjuter
- otvori fajl C:\vundofix.txt i iskopiraj nam sadrzaj ovde

Dopuna: 29 Jan 2007 1:08

Sto se tice AOL-a, skinula si od njih antivirus, i nalazi ti se u C:\avs.msi

Dopuna: 29 Jan 2007 1:09

Zaboravih za Ewido Micro da ti kazem - onih 8mb ce skinuti tek kada ga prvi put startujes, tako da te ne buni.

offline
  • Pridružio: 17 Jul 2005
  • Poruke: 3097
  • Gde živiš: "Daleko od Negdje"

__________________________________________________
ewido anti-spyware online scanner
http://www.ewido.net
__________________________________________________


Name: TrackingCookie.2o7
Path: C:\Documents and Settings\Compaq_Administrator\Cookies\compaq_administrator@112.2o7[2].txt
Risk: Medium

Name: TrackingCookie.2o7
Path: C:\Documents and Settings\Compaq_Administrator\Cookies\compaq_administrator@112.2o7[3].txt
Risk: Medium

Name: TrackingCookie.2o7
Path: C:\Documents and Settings\Compaq_Administrator\Cookies\compaq_administrator@122.2o7[2].txt
Risk: Medium

Name: TrackingCookie.247realmedia
Path: C:\Documents and Settings\Compaq_Administrator\Cookies\compaq_administrator@247realmedia[1].txt
Risk: Medium

Name: TrackingCookie.247realmedia
Path: C:\Documents and Settings\Compaq_Administrator\Cookies\compaq_administrator@247realmedia[3].txt
Risk: Medium

Name: TrackingCookie.2o7
Path: C:\Documents and Settings\Compaq_Administrator\Cookies\compaq_administrator@2o7[1].txt
Risk: Medium

Name: TrackingCookie.2o7
Path: C:\Documents and Settings\Compaq_Administrator\Cookies\compaq_administrator@2o7[3].txt
Risk: Medium

Name: TrackingCookie.Adocean
Path: C:\Documents and Settings\Compaq_Administrator\Cookies\compaq_administrator@ad.adocean[2].txt
Risk: Medium

Name: TrackingCookie.Yieldmanager
Path: C:\Documents and Settings\Compaq_Administrator\Cookies\compaq_administrator@ad.yieldmanager[1].txt
Risk: Medium

Name: TrackingCookie.Yieldmanager
Path: C:\Documents and Settings\Compaq_Administrator\Cookies\compaq_administrator@ad.yieldmanager[3].txt
Risk: Medium

Name: TrackingCookie.Adbrite
Path: C:\Documents and Settings\Compaq_Administrator\Cookies\compaq_administrator@adbrite[1].txt
Risk: Medium

Name: TrackingCookie.Adbrite
Path: C:\Documents and Settings\Compaq_Administrator\Cookies\compaq_administrator@adbrite[2].txt
Risk: Medium

Name: TrackingCookie.Admarketplace
Path: C:\Documents and Settings\Compaq_Administrator\Cookies\compaq_administrator@admarketplace[2].txt
Risk: Medium

Name: TrackingCookie.Admarketplace
Path: C:\Documents and Settings\Compaq_Administrator\Cookies\compaq_administrator@admarketplace[3].txt
Risk: Medium

Name: TrackingCookie.Euroclick
Path: C:\Documents and Settings\Compaq_Administrator\Cookies\compaq_administrator@adopt.euroclick[2].txt
Risk: Medium

Name: TrackingCookie.Euroclick
Path: C:\Documents and Settings\Compaq_Administrator\Cookies\compaq_administrator@adopt.euroclick[3].txt
Risk: Medium

Name: TrackingCookie.Specificclick
Path: C:\Documents and Settings\Compaq_Administrator\Cookies\compaq_administrator@adopt.specificclick[1].txt
Risk: Medium

Name: TrackingCookie.Specificclick
Path: C:\Documents and Settings\Compaq_Administrator\Cookies\compaq_administrator@adopt.specificclick[2].txt
Risk: Medium

Name: TrackingCookie.Adrevolver
Path: C:\Documents and Settings\Compaq_Administrator\Cookies\compaq_administrator@adrevolver[1].txt
Risk: Medium

Name: TrackingCookie.Adrevolver
Path: C:\Documents and Settings\Compaq_Administrator\Cookies\compaq_administrator@adrevolver[4].txt
Risk: Medium

Name: TrackingCookie.Quarterserver
Path: C:\Documents and Settings\Compaq_Administrator\Cookies\compaq_administrator@ads-205.quarterserver[1].txt
Risk: Medium

Name: TrackingCookie.Addynamix
Path: C:\Documents and Settings\Compaq_Administrator\Cookies\compaq_administrator@ads.addynamix[1].txt
Risk: Medium

Name: TrackingCookie.Addynamix
Path: C:\Documents and Settings\Compaq_Administrator\Cookies\compaq_administrator@ads.addynamix[2].txt
Risk: Medium

Name: TrackingCookie.Bridgetrack
Path: C:\Documents and Settings\Compaq_Administrator\Cookies\compaq_administrator@ads.bridgetrack[1].txt
Risk: Medium

Name: TrackingCookie.Pointroll
Path: C:\Documents and Settings\Compaq_Administrator\Cookies\compaq_administrator@ads.pointroll[1].txt
Risk: Medium

Name: TrackingCookie.Pointroll
Path: C:\Documents and Settings\Compaq_Administrator\Cookies\compaq_administrator@ads.pointroll[2].txt
Risk: Medium

Name: TrackingCookie.Adtech
Path: C:\Documents and Settings\Compaq_Administrator\Cookies\compaq_administrator@adtech[2].txt
Risk: Medium

Name: TrackingCookie.Adtech
Path: C:\Documents and Settings\Compaq_Administrator\Cookies\compaq_administrator@adtech[3].txt
Risk: Medium

Name: TrackingCookie.Advertising
Path: C:\Documents and Settings\Compaq_Administrator\Cookies\compaq_administrator@advertising[1].txt
Risk: Medium

Name: TrackingCookie.Advertising
Path: C:\Documents and Settings\Compaq_Administrator\Cookies\compaq_administrator@advertising[3].txt
Risk: Medium

Name: TrackingCookie.Tacoda
Path: C:\Documents and Settings\Compaq_Administrator\Cookies\compaq_administrator@anad.tacoda[1].txt
Risk: Medium

Name: TrackingCookie.Tacoda
Path: C:\Documents and Settings\Compaq_Administrator\Cookies\compaq_administrator@anad.tacoda[2].txt
Risk: Medium

Name: TrackingCookie.Tacoda
Path: C:\Documents and Settings\Compaq_Administrator\Cookies\compaq_administrator@anat.tacoda[1].txt
Risk: Medium

Name: TrackingCookie.Tacoda
Path: C:\Documents and Settings\Compaq_Administrator\Cookies\compaq_administrator@anat.tacoda[2].txt
Risk: Medium

Name: TrackingCookie.Falkag
Path: C:\Documents and Settings\Compaq_Administrator\Cookies\compaq_administrator@as-eu.falkag[2].txt
Risk: Medium

Name: TrackingCookie.Falkag
Path: C:\Documents and Settings\Compaq_Administrator\Cookies\compaq_administrator@as-us.falkag[1].txt
Risk: Medium

Name: TrackingCookie.Falkag
Path: C:\Documents and Settings\Compaq_Administrator\Cookies\compaq_administrator@as-us.falkag[2].txt
Risk: Medium

Name: TrackingCookie.Casalemedia
Path: C:\Documents and Settings\Compaq_Administrator\Cookies\compaq_administrator@as.casalemedia[1].txt
Risk: Medium

Name: TrackingCookie.Falkag
Path: C:\Documents and Settings\Compaq_Administrator\Cookies\compaq_administrator@as1.falkag[2].txt
Risk: Medium

Name: TrackingCookie.Atdmt
Path: C:\Documents and Settings\Compaq_Administrator\Cookies\compaq_administrator@atdmt[1].txt
Risk: Medium

Name: TrackingCookie.Atdmt
Path: C:\Documents and Settings\Compaq_Administrator\Cookies\compaq_administrator@atdmt[2].txt
Risk: Medium

Name: TrackingCookie.Bfast
Path: C:\Documents and Settings\Compaq_Administrator\Cookies\compaq_administrator@bfast[2].txt
Risk: Medium

Name: TrackingCookie.Bluestreak
Path: C:\Documents and Settings\Compaq_Administrator\Cookies\compaq_administrator@bluestreak[1].txt
Risk: Medium

Name: TrackingCookie.Bluestreak
Path: C:\Documents and Settings\Compaq_Administrator\Cookies\compaq_administrator@bluestreak[3].txt
Risk: Medium

Name: TrackingCookie.Serving-sys
Path: C:\Documents and Settings\Compaq_Administrator\Cookies\compaq_administrator@bs.serving-sys[1].txt
Risk: Medium

Name: TrackingCookie.Serving-sys
Path: C:\Documents and Settings\Compaq_Administrator\Cookies\compaq_administrator@bs.serving-sys[2].txt
Risk: Medium

Name: TrackingCookie.Burstnet
Path: C:\Documents and Settings\Compaq_Administrator\Cookies\compaq_administrator@burstnet[2].txt
Risk: Medium

Name: TrackingCookie.Burstnet
Path: C:\Documents and Settings\Compaq_Administrator\Cookies\compaq_administrator@burstnet[3].txt
Risk: Medium

Name: TrackingCookie.Casalemedia
Path: C:\Documents and Settings\Compaq_Administrator\Cookies\compaq_administrator@casalemedia[1].txt
Risk: Medium

Name: TrackingCookie.Casalemedia
Path: C:\Documents and Settings\Compaq_Administrator\Cookies\compaq_administrator@casalemedia[2].txt
Risk: Medium

Name: TrackingCookie.Centrport
Path: C:\Documents and Settings\Compaq_Administrator\Cookies\compaq_administrator@centrport[1].txt
Risk: Medium

Name: TrackingCookie.Centrport
Path: C:\Documents and Settings\Compaq_Administrator\Cookies\compaq_administrator@centrport[2].txt
Risk: Medium

Name: TrackingCookie.Bridgetrack
Path: C:\Documents and Settings\Compaq_Administrator\Cookies\compaq_administrator@citi.bridgetrack[2].txt
Risk: Medium

Name: TrackingCookie.Clickbank
Path: C:\Documents and Settings\Compaq_Administrator\Cookies\compaq_administrator@clickbank[1].txt
Risk: Medium

Name: TrackingCookie.2o7
Path: C:\Documents and Settings\Compaq_Administrator\Cookies\compaq_administrator@cnn.122.2o7[1].txt
Risk: Medium

Name: TrackingCookie.Com
Path: C:\Documents and Settings\Compaq_Administrator\Cookies\compaq_administrator@com[1].txt
Risk: Medium

Name: TrackingCookie.Com
Path: C:\Documents and Settings\Compaq_Administrator\Cookies\compaq_administrator@com[2].txt
Risk: Medium

Name: TrackingCookie.Hitslink
Path: C:\Documents and Settings\Compaq_Administrator\Cookies\compaq_administrator@counter.hitslink[1].txt
Risk: Medium

Name: TrackingCookie.Hitslink
Path: C:\Documents and Settings\Compaq_Administrator\Cookies\compaq_administrator@counter.hitslink[2].txt
Risk: Medium

Name: TrackingCookie.Cpvfeed
Path: C:\Documents and Settings\Compaq_Administrator\Cookies\compaq_administrator@cpvfeed[2].txt
Risk: Medium

Name: TrackingCookie.Cpvfeed
Path: C:\Documents and Settings\Compaq_Administrator\Cookies\compaq_administrator@cpvfeed[3].txt
Risk: Medium

Name: TrackingCookie.Overture
Path: C:\Documents and Settings\Compaq_Administrator\Cookies\compaq_administrator@data2.perf.overture[1].txt
Risk: Medium

Name: TrackingCookie.Overture
Path: C:\Documents and Settings\Compaq_Administrator\Cookies\compaq_administrator@data2.perf.overture[3].txt
Risk: Medium

Name: TrackingCookie.Overture
Path: C:\Documents and Settings\Compaq_Administrator\Cookies\compaq_administrator@data3.perf.overture[1].txt
Risk: Medium

Name: TrackingCookie.Overture
Path: C:\Documents and Settings\Compaq_Administrator\Cookies\compaq_administrator@data4.perf.overture[1].txt
Risk: Medium

Name: TrackingCookie.Doubleclick
Path: C:\Documents and Settings\Compaq_Administrator\Cookies\compaq_administrator@doubleclick[1].txt
Risk: Medium

Name: TrackingCookie.Doubleclick
Path: C:\Documents and Settings\Compaq_Administrator\Cookies\compaq_administrator@doubleclick[3].txt
Risk: Medium

Name: TrackingCookie.Ru4
Path: C:\Documents and Settings\Compaq_Administrator\Cookies\compaq_administrator@edge.ru4[1].txt
Risk: Medium

Name: TrackingCookie.Ru4
Path: C:\Documents and Settings\Compaq_Administrator\Cookies\compaq_administrator@edge.ru4[2].txt
Risk: Medium

Name: TrackingCookie.Hitbox
Path: C:\Documents and Settings\Compaq_Administrator\Cookies\compaq_administrator@ehg-411web.hitbox[1].txt
Risk: Medium

Name: TrackingCookie.Hitbox
Path: C:\Documents and Settings\Compaq_Administrator\Cookies\compaq_administrator@ehg-aha.hitbox[1].txt
Risk: Medium

Name: TrackingCookie.Hitbox
Path: C:\Documents and Settings\Compaq_Administrator\Cookies\compaq_administrator@ehg-amtransair.hitbox[2].txt
Risk: Medium

Name: TrackingCookie.Hitbox
Path: C:\Documents and Settings\Compaq_Administrator\Cookies\compaq_administrator@ehg-aon.hitbox[1].txt
Risk: Medium

Name: TrackingCookie.Hitbox
Path: C:\Documents and Settings\Compaq_Administrator\Cookies\compaq_administrator@ehg-ati.hitbox[1].txt
Risk: Medium

Name: TrackingCookie.Hitbox
Path: C:\Documents and Settings\Compaq_Administrator\Cookies\compaq_administrator@ehg-cisco.hitbox[1].txt
Risk: Medium

Name: TrackingCookie.Hitbox
Path: C:\Documents and Settings\Compaq_Administrator\Cookies\compaq_administrator@ehg-crain.hitbox[1].txt
Risk: Medium

Name: TrackingCookie.Hitbox
Path: C:\Documents and Settings\Compaq_Administrator\Cookies\compaq_administrator@ehg-dig.hitbox[1].txt
Risk: Medium

Name: TrackingCookie.Hitbox
Path: C:\Documents and Settings\Compaq_Administrator\Cookies\compaq_administrator@ehg-dig.hitbox[2].txt
Risk: Medium

Name: TrackingCookie.Hitbox
Path: C:\Documents and Settings\Compaq_Administrator\Cookies\compaq_administrator@ehg-digg.hitbox[2].txt
Risk: Medium

Name: TrackingCookie.Hitbox
Path: C:\Documents and Settings\Compaq_Administrator\Cookies\compaq_administrator@ehg-groupernetworks.hitbox[1].txt
Risk: Medium

Name: TrackingCookie.Hitbox
Path: C:\Documents and Settings\Compaq_Administrator\Cookies\compaq_administrator@ehg-highlights.hitbox[1].txt
Risk: Medium

Name: TrackingCookie.Hitbox
Path: C:\Documents and Settings\Compaq_Administrator\Cookies\compaq_administrator@ehg-idgentertainment.hitbox[2].txt
Risk: Medium

Name: TrackingCookie.Hitbox
Path: C:\Documents and Settings\Compaq_Administrator\Cookies\compaq_administrator@ehg-kayak.hitbox[2].txt
Risk: Medium

Name: TrackingCookie.Hitbox
Path: C:\Documents and Settings\Compaq_Administrator\Cookies\compaq_administrator@ehg-kodak.hitbox[1].txt
Risk: Medium

Name: TrackingCookie.Hitbox
Path: C:\Documents and Settings\Compaq_Administrator\Cookies\compaq_administrator@ehg-legonewyorkinc.hitbox[2].txt
Risk: Medium

Name: TrackingCookie.Hitbox
Path: C:\Documents and Settings\Compaq_Administrator\Cookies\compaq_administrator@ehg-lowermybills.hitbox[1].txt
Risk: Medium

Name: TrackingCookie.Hitbox
Path: C:\Documents and Settings\Compaq_Administrator\Cookies\compaq_administrator@ehg-ogilvyspore.hitbox[1].txt
Risk: Medium

Name: TrackingCookie.Hitbox
Path: C:\Documents and Settings\Compaq_Administrator\Cookies\compaq_administrator@ehg-unicef.hitbox[1].txt
Risk: Medium

Name: TrackingCookie.Hitbox
Path: C:\Documents and Settings\Compaq_Administrator\Cookies\compaq_administrator@ehg-youtube.hitbox[1].txt
Risk: Medium

Name: TrackingCookie.Hitbox
Path: C:\Documents and Settings\Compaq_Administrator\Cookies\compaq_administrator@ehg-yvesrocher.hitbox[1].txt
Risk: Medium

Name: TrackingCookie.Hitbox
Path: C:\Documents and Settings\Compaq_Administrator\Cookies\compaq_administrator@ehg.hitbox[2].txt
Risk: Medium

Name: TrackingCookie.2o7
Path: C:\Documents and Settings\Compaq_Administrator\Cookies\compaq_administrator@entrepreneur.122.2o7[1].txt
Risk: Medium

Name: TrackingCookie.Estat
Path: C:\Documents and Settings\Compaq_Administrator\Cookies\compaq_administrator@estat[1].txt
Risk: Medium

Name: TrackingCookie.Targetnet
Path: C:\Documents and Settings\Compaq_Administrator\Cookies\compaq_administrator@fad-609.iad6.targetnet[1].txt
Risk: Medium

Name: TrackingCookie.Fastclick
Path: C:\Documents and Settings\Compaq_Administrator\Cookies\compaq_administrator@fastclick[1].txt
Risk: Medium

Name: TrackingCookie.Fastclick
Path: C:\Documents and Settings\Compaq_Administrator\Cookies\compaq_administrator@fastclick[2].txt
Risk: Medium

Name: TrackingCookie.Comclick
Path: C:\Documents and Settings\Compaq_Administrator\Cookies\compaq_administrator@fl01.ct2.comclick[1].txt
Risk: Medium

Name: TrackingCookie.Comclick
Path: C:\Documents and Settings\Compaq_Administrator\Cookies\compaq_administrator@fl01.ct2.comclick[2].txt
Risk: Medium

Name: TrackingCookie.2o7
Path: C:\Documents and Settings\Compaq_Administrator\Cookies\compaq_administrator@gaiainteractive.112.2o7[1].txt
Risk: Medium

Name: TrackingCookie.Starware
Path: C:\Documents and Settings\Compaq_Administrator\Cookies\compaq_administrator@h.starware[1].txt
Risk: Medium

Name: TrackingCookie.Starware
Path: C:\Documents and Settings\Compaq_Administrator\Cookies\compaq_administrator@h.starware[2].txt
Risk: Medium

Name: TrackingCookie.Hitbox
Path: C:\Documents and Settings\Compaq_Administrator\Cookies\compaq_administrator@hitbox[2].txt
Risk: Medium

Name: TrackingCookie.Hitbox
Path: C:\Documents and Settings\Compaq_Administrator\Cookies\compaq_administrator@hitbox[3].txt
Risk: Medium

Name: TrackingCookie.Hotlog
Path: C:\Documents and Settings\Compaq_Administrator\Cookies\compaq_administrator@hotlog[1].txt
Risk: Medium

Name: TrackingCookie.Hypertracker
Path: C:\Documents and Settings\Compaq_Administrator\Cookies\compaq_administrator@hypertracker[2].txt
Risk: Medium

Name: TrackingCookie.Masterstats
Path: C:\Documents and Settings\Compaq_Administrator\Cookies\compaq_administrator@image.masterstats[1].txt
Risk: Medium

Name: TrackingCookie.2o7
Path: C:\Documents and Settings\Compaq_Administrator\Cookies\compaq_administrator@kaboose.112.2o7[1].txt
Risk: Medium

Name: TrackingCookie.Komtrack
Path: C:\Documents and Settings\Compaq_Administrator\Cookies\compaq_administrator@komtrack[2].txt
Risk: Medium

Name: TrackingCookie.2o7
Path: C:\Documents and Settings\Compaq_Administrator\Cookies\compaq_administrator@leeenterprises.112.2o7[1].txt
Risk: Medium

Name: TrackingCookie.2o7
Path: C:\Documents and Settings\Compaq_Administrator\Cookies\compaq_administrator@marthastewart.122.2o7[1].txt
Risk: Medium

Name: TrackingCookie.Fastclick
Path: C:\Documents and Settings\Compaq_Administrator\Cookies\compaq_administrator@media.fastclick[1].txt
Risk: Medium

Name: TrackingCookie.Mediaplex
Path: C:\Documents and Settings\Compaq_Administrator\Cookies\compaq_administrator@mediaplex[2].txt
Risk: Medium

Name: TrackingCookie.Mediaplex
Path: C:\Documents and Settings\Compaq_Administrator\Cookies\compaq_administrator@mediaplex[3].txt
Risk: Medium

Name: TrackingCookie.2o7
Path: C:\Documents and Settings\Compaq_Administrator\Cookies\compaq_administrator@metacafe.122.2o7[1].txt
Risk: Medium

Name: TrackingCookie.2o7
Path: C:\Documents and Settings\Compaq_Administrator\Cookies\compaq_administrator@msnaccountservices.112.2o7[1].txt
Risk: Medium

Name: TrackingCookie.2o7
Path: C:\Documents and Settings\Compaq_Administrator\Cookies\compaq_administrator@msnportal.112.2o7[1].txt
Risk: Medium

Name: TrackingCookie.2o7
Path: C:\Documents and Settings\Compaq_Administrator\Cookies\compaq_administrator@msnportal.112.2o7[2].txt
Risk: Medium

Name: TrackingCookie.Overture
Path: C:\Documents and Settings\Compaq_Administrator\Cookies\compaq_administrator@overture[1].txt
Risk: Medium

Name: TrackingCookie.Overture
Path: C:\Documents and Settings\Compaq_Administrator\Cookies\compaq_administrator@overture[3].txt
Risk: Medium

Name: TrackingCookie.2o7
Path: C:\Documents and Settings\Compaq_Administrator\Cookies\compaq_administrator@partygaming.122.2o7[1].txt
Risk: Medium

Name: TrackingCookie.2o7
Path: C:\Documents and Settings\Compaq_Administrator\Cookies\compaq_administrator@paypal.112.2o7[1].txt
Risk: Medium

Name: TrackingCookie.2o7
Path: C:\Documents and Settings\Compaq_Administrator\Cookies\compaq_administrator@paypal.112.2o7[2].txt
Risk: Medium

Name: TrackingCookie.Overture
Path: C:\Documents and Settings\Compaq_Administrator\Cookies\compaq_administrator@perf.overture[1].txt
Risk: Medium

Name: TrackingCookie.Overture
Path: C:\Documents and Settings\Compaq_Administrator\Cookies\compaq_administrator@perf.overture[2].txt
Risk: Medium

Name: TrackingCookie.Hitbox
Path: C:\Documents and Settings\Compaq_Administrator\Cookies\compaq_administrator@phg.hitbox[1].txt
Risk: Medium

Name: TrackingCookie.2o7
Path: C:\Documents and Settings\Compaq_Administrator\Cookies\compaq_administrator@poweronemedia.122.2o7[1].txt
Risk: Medium

Name: TrackingCookie.Questionmarket
Path: C:\Documents and Settings\Compaq_Administrator\Cookies\compaq_administrator@questionmarket[1].txt
Risk: Medium

Name: TrackingCookie.Questionmarket
Path: C:\Documents and Settings\Compaq_Administrator\Cookies\compaq_administrator@questionmarket[2].txt
Risk: Medium

Name: TrackingCookie.Realmedia
Path: C:\Documents and Settings\Compaq_Administrator\Cookies\compaq_administrator@realmedia[1].txt
Risk: Medium

Name: TrackingCookie.Realmedia
Path: C:\Documents and Settings\Compaq_Administrator\Cookies\compaq_administrator@realmedia[2].txt
Risk: Medium

Name: TrackingCookie.Valuead
Path: C:\Documents and Settings\Compaq_Administrator\Cookies\compaq_administrator@reduxads.valuead[1].txt
Risk: Medium

Name: TrackingCookie.Valuead
Path: C:\Documents and Settings\Compaq_Administrator\Cookies\compaq_administrator@reduxads.valuead[2].txt
Risk: Medium

Name: TrackingCookie.2o7
Path: C:\Documents and Settings\Compaq_Administrator\Cookies\compaq_administrator@reunioncom.112.2o7[1].txt
Risk: Medium

Name: TrackingCookie.Revenue
Path: C:\Documents and Settings\Compaq_Administrator\Cookies\compaq_administrator@revenue[1].txt
Risk: Medium

Name: TrackingCookie.Revenue
Path: C:\Documents and Settings\Compaq_Administrator\Cookies\compaq_administrator@revenue[2].txt
Risk: Medium

Name: TrackingCookie.Adjuggler
Path: C:\Documents and Settings\Compaq_Administrator\Cookies\compaq_administrator@rotator.adjuggler[2].txt
Risk: Medium

Name: TrackingCookie.Liveperson
Path: C:\Documents and Settings\Compaq_Administrator\Cookies\compaq_administrator@sales.liveperson[1].txt
Risk: Medium

Name: TrackingCookie.Information
Path: C:\Documents and Settings\Compaq_Administrator\Cookies\compaq_administrator@searchportal.information[1].txt
Risk: Medium

Name: TrackingCookie.Information
Path: C:\Documents and Settings\Compaq_Administrator\Cookies\compaq_administrator@searchportal.information[2].txt
Risk: Medium

Name: TrackingCookie.Liveperson
Path: C:\Documents and Settings\Compaq_Administrator\Cookies\compaq_administrator@server.iad.liveperson[1].txt
Risk: Medium

Name: TrackingCookie.Liveperson
Path: C:\Documents and Settings\Compaq_Administrator\Cookies\compaq_administrator@server.iad.liveperson[2].txt
Risk: Medium

Name: TrackingCookie.Serving-sys
Path: C:\Documents and Settings\Compaq_Administrator\Cookies\compaq_administrator@serving-sys[1].txt
Risk: Medium

Name: TrackingCookie.Serving-sys
Path: C:\Documents and Settings\Compaq_Administrator\Cookies\compaq_administrator@serving-sys[2].txt
Risk: Medium

Name: TrackingCookie.Spylog
Path: C:\Documents and Settings\Compaq_Administrator\Cookies\compaq_administrator@spylog[1].txt
Risk: Medium

Name: TrackingCookie.Onestat
Path: C:\Documents and Settings\Compaq_Administrator\Cookies\compaq_administrator@stat.onestat[2].txt
Risk: Medium

Name: TrackingCookie.Statcounter
Path: C:\Documents and Settings\Compaq_Administrator\Cookies\compaq_administrator@statcounter[1].txt
Risk: Medium

Name: TrackingCookie.Statcounter
Path: C:\Documents and Settings\Compaq_Administrator\Cookies\compaq_administrator@statcounter[2].txt
Risk: Medium

Name: TrackingCookie.Reliablestats
Path: C:\Documents and Settings\Compaq_Administrator\Cookies\compaq_administrator@stats1.reliablestats[2].txt
Risk: Medium

Name: TrackingCookie.Webtrendslive
Path: C:\Documents and Settings\Compaq_Administrator\Cookies\compaq_administrator@statse.webtrendslive[1].txt
Risk: Medium

Name: TrackingCookie.Webtrendslive
Path: C:\Documents and Settings\Compaq_Administrator\Cookies\compaq_administrator@statse.webtrendslive[2].txt
Risk: Medium

Name: TrackingCookie.Tacoda
Path: C:\Documents and Settings\Compaq_Administrator\Cookies\compaq_administrator@tacoda[1].txt
Risk: Medium

Name: TrackingCookie.Tacoda
Path: C:\Documents and Settings\Compaq_Administrator\Cookies\compaq_administrator@tacoda[3].txt
Risk: Medium

Name: TrackingCookie.Tacoda
Path: C:\Documents and Settings\Compaq_Administrator\Cookies\compaq_administrator@tacoda[4].txt
Risk: Medium

Name: TrackingCookie.Targetnet
Path: C:\Documents and Settings\Compaq_Administrator\Cookies\compaq_administrator@targetnet[1].txt
Risk: Medium

Name: TrackingCookie.Tradedoubler
Path: C:\Documents and Settings\Compaq_Administrator\Cookies\compaq_administrator@tradedoubler[1].txt
Risk: Medium

Name: TrackingCookie.Tradedoubler
Path: C:\Documents and Settings\Compaq_Administrator\Cookies\compaq_administrator@tradedoubler[3].txt
Risk: Medium

Name: TrackingCookie.Trafficmp
Path: C:\Documents and Settings\Compaq_Administrator\Cookies\compaq_administrator@trafficmp[1].txt
Risk: Medium

Name: TrackingCookie.Trafficmp
Path: C:\Documents and Settings\Compaq_Administrator\Cookies\compaq_administrator@trafficmp[2].txt
Risk: Medium

Name: TrackingCookie.Trafic
Path: C:\Documents and Settings\Compaq_Administrator\Cookies\compaq_administrator@trafic[1].txt
Risk: Medium

Name: TrackingCookie.Tribalfusion
Path: C:\Documents and Settings\Compaq_Administrator\Cookies\compaq_administrator@tribalfusion[1].txt
Risk: Medium

Name: TrackingCookie.Tribalfusion
Path: C:\Documents and Settings\Compaq_Administrator\Cookies\compaq_administrator@tribalfusion[3].txt
Risk: Medium

Name: TrackingCookie.Starware
Path: C:\Documents and Settings\Compaq_Administrator\Cookies\compaq_administrator@try.starware[1].txt
Risk: Medium

Name: TrackingCookie.Starware
Path: C:\Documents and Settings\Compaq_Administrator\Cookies\compaq_administrator@try.starware[2].txt
Risk: Medium

Name: TrackingCookie.Valueclick
Path: C:\Documents and Settings\Compaq_Administrator\Cookies\compaq_administrator@valueclick[1].txt
Risk: Medium

Name: TrackingCookie.Valueclick
Path: C:\Documents and Settings\Compaq_Administrator\Cookies\compaq_administrator@valueclick[2].txt
Risk: Medium

Name: TrackingCookie.2o7
Path: C:\Documents and Settings\Compaq_Administrator\Cookies\compaq_administrator@viamtvcom.112.2o7[1].txt
Risk: Medium

Name: TrackingCookie.Web-stat
Path: C:\Documents and Settings\Compaq_Administrator\Cookies\compaq_administrator@web-stat[2].txt
Risk: Medium

Name: TrackingCookie.Web-stat
Path: C:\Documents and Settings\Compaq_Administrator\Cookies\compaq_administrator@web-stat[3].txt
Risk: Medium

Name: TrackingCookie.Weborama
Path: C:\Documents and Settings\Compaq_Administrator\Cookies\compaq_administrator@weborama[1].txt
Risk: Medium

Name: TrackingCookie.Web-stat
Path: C:\Documents and Settings\Compaq_Administrator\Cookies\compaq_administrator@webstat[2].txt
Risk: Medium

Name: TrackingCookie.Burstbeacon
Path: C:\Documents and Settings\Compaq_Administrator\Cookies\compaq_administrator@www.burstbeacon[1].txt
Risk: Medium

Name: TrackingCookie.Burstbeacon
Path: C:\Documents and Settings\Compaq_Administrator\Cookies\compaq_administrator@www.burstbeacon[2].txt
Risk: Medium

Name: TrackingCookie.Burstnet
Path: C:\Documents and Settings\Compaq_Administrator\Cookies\compaq_administrator@www.burstnet[1].txt
Risk: Medium

Name: TrackingCookie.Burstnet
Path: C:\Documents and Settings\Compaq_Administrator\Cookies\compaq_administrator@www.burstnet[2].txt
Risk: Medium

Name: TrackingCookie.Burstnet
Path: C:\Documents and Settings\Compaq_Administrator\Cookies\compaq_administrator@www.burstnet[3].txt
Risk: Medium

Name: TrackingCookie.Myaffiliateprogram
Path: C:\Documents and Settings\Compaq_Administrator\Cookies\compaq_administrator@www.myaffiliateprogram[1].txt
Risk: Medium

Name: TrackingCookie.Smartadserver
Path: C:\Documents and Settings\Compaq_Administrator\Cookies\compaq_administrator@www.smartadserver[1].txt
Risk: Medium

Name: TrackingCookie.Paypopup
Path: C:\Documents and Settings\Compaq_Administrator\Cookies\compaq_administrator@www222.paypopup[1].txt
Risk: Medium

Name: TrackingCookie.Paypopup
Path: C:\Documents and Settings\Compaq_Administrator\Cookies\compaq_administrator@www222.paypopup[2].txt
Risk: Medium

Name: TrackingCookie.Yadro
Path: C:\Documents and Settings\Compaq_Administrator\Cookies\compaq_administrator@yadro[2].txt
Risk: Medium

Name: TrackingCookie.Yieldmanager
Path: C:\Documents and Settings\Compaq_Administrator\Cookies\compaq_administrator@yieldmanager[1].txt
Risk: Medium

Name: TrackingCookie.Yieldmanager
Path: C:\Documents and Settings\Compaq_Administrator\Cookies\compaq_administrator@yieldmanager[2].txt
Risk: Medium

Name: TrackingCookie.Adserver
Path: C:\Documents and Settings\Compaq_Administrator\Cookies\compaq_administrator@z1.adserver[1].txt
Risk: Medium

Name: TrackingCookie.Zedo
Path: C:\Documents and Settings\Compaq_Administrator\Cookies\compaq_administrator@zedo[2].txt
Risk: Medium

Name: TrackingCookie.Zedo
Path: C:\Documents and Settings\Compaq_Administrator\Cookies\compaq_administrator@zedo[3].txt
Risk: Medium

Name: TrackingCookie.Atdmt
Path: :mozilla.29:C:\Documents and Settings\Compaq_Administrator\Application Data\Netscape\NSB\Profiles\j55r6ayb.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Casalemedia
Path: :mozilla.30:C:\Documents and Settings\Compaq_Administrator\Application Data\Netscape\NSB\Profiles\j55r6ayb.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Tribalfusion
Path: :mozilla.31:C:\Documents and Settings\Compaq_Administrator\Application Data\Netscape\NSB\Profiles\j55r6ayb.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Casalemedia
Path: :mozilla.32:C:\Documents and Settings\Compaq_Administrator\Application Data\Netscape\NSB\Profiles\j55r6ayb.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Casalemedia
Path: :mozilla.33:C:\Documents and Settings\Compaq_Administrator\Application Data\Netscape\NSB\Profiles\j55r6ayb.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Tribalfusion
Path: :mozilla.35:C:\Documents and Settings\Compaq_Administrator\Application Data\Netscape\NSB\Profiles\j55r6ayb.default\cookies.txt
Risk: Medium

Name: TrackingCookie.2o7
Path: :mozilla.36:C:\Documents and Settings\Compaq_Administrator\Application Data\Netscape\NSB\Profiles\j55r6ayb.default\cookies.txt
Risk: Medium

Name: TrackingCookie.2o7
Path: :mozilla.37:C:\Documents and Settings\Compaq_Administrator\Application Data\Netscape\NSB\Profiles\j55r6ayb.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Doubleclick
Path: :mozilla.38:C:\Documents and Settings\Compaq_Administrator\Application Data\Netscape\NSB\Profiles\j55r6ayb.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Advertising
Path: :mozilla.39:C:\Documents and Settings\Compaq_Administrator\Application Data\Netscape\NSB\Profiles\j55r6ayb.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Advertising
Path: :mozilla.40:C:\Documents and Settings\Compaq_Administrator\Application Data\Netscape\NSB\Profiles\j55r6ayb.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Advertising
Path: :mozilla.41:C:\Documents and Settings\Compaq_Administrator\Application Data\Netscape\NSB\Profiles\j55r6ayb.default\cookies.txt
Risk: Medium

Name: Adware.Hoax.Renos
Path: C:\Documents and Settings\Compaq_Administrator\Local Settings\Temp\237y6FRa.exe
Risk: Medium

Name: TrackingCookie.2o7
Path: C:\Documents and Settings\****\Cookies\****@2o7[2].txt
Risk: Medium

Name: TrackingCookie.Addynamix
Path: C:\Documents and Settings\****\Cookies\****@ads.addynamix[2].txt
Risk: Medium

Name: TrackingCookie.Falkag
Path: C:\Documents and Settings\****\Cookies\****@as-us.falkag[1].txt
Risk: Medium

Name: TrackingCookie.Atdmt
Path: C:\Documents and Settings\****\Cookies\****@atdmt[2].txt
Risk: Medium

Name: TrackingCookie.Casalemedia
Path: C:\Documents and Settings\****\Cookies\****@casalemedia[2].txt
Risk: Medium

Name: TrackingCookie.Doubleclick
Path: C:\Documents and Settings\****\Cookies\****@doubleclick[1].txt
Risk: Medium

Name: TrackingCookie.Ru4
Path: C:\Documents and Settings\****\Cookies\****@edge.ru4[1].txt
Risk: Medium

Name: TrackingCookie.Estat
Path: C:\Documents and Settings\****\Cookies\****@estat[1].txt
Risk: Medium

Name: TrackingCookie.Fastclick
Path: C:\Documents and Settings\****\Cookies\****@fastclick[1].txt
Risk: Medium

Name: TrackingCookie.Mediaplex
Path: C:\Documents and Settings\****\Cookies\****@mediaplex[1].txt
Risk: Medium

Name: TrackingCookie.2o7
Path: C:\Documents and Settings\****\Cookies\****@microsoftwlmessengermkt.112.2o7[1].txt
Risk: Medium

Name: TrackingCookie.2o7
Path: C:\Documents and Settings\****\Cookies\****@msnportal.112.2o7[1].txt
Risk: Medium

Name: TrackingCookie.Trafficmp
Path: C:\Documents and Settings\****\Cookies\****@trafficmp[1].txt
Risk: Medium

Name: TrackingCookie.Valueclick
Path: C:\Documents and Settings\__________________________________________________
ewido anti-spyware online scanner
http://www.ewido.net
__________________________________________________


Name: TrackingCookie.2o7
Path: C:\Documents and Settings\Compaq_Administrator\Cookies\compaq_administrator@112.2o7[2].txt
Risk: Medium

Name: TrackingCookie.2o7
Path: C:\Documents and Settings\Compaq_Administrator\Cookies\compaq_administrator@112.2o7[3].txt
Risk: Medium

Name: TrackingCookie.2o7
Path: C:\Documents and Settings\Compaq_Administrator\Cookies\compaq_administrator@122.2o7[2].txt
Risk: Medium

Name: TrackingCookie.247realmedia
Path: C:\Documents and Settings\Compaq_Administrator\Cookies\compaq_administrator@247realmedia[1].txt
Risk: Medium

Name: TrackingCookie.247realmedia
Path: C:\Documents and Settings\Compaq_Administrator\Cookies\compaq_administrator@247realmedia[3].txt
Risk: Medium

Name: TrackingCookie.2o7
Path: C:\Documents and Settings\Compaq_Administrator\Cookies\compaq_administrator@2o7[1].txt
Risk: Medium

Name: TrackingCookie.2o7
Path: C:\Documents and Settings\Compaq_Administrator\Cookies\compaq_administrator@2o7[3].txt
Risk: Medium

Name: TrackingCookie.Adocean
Path: C:\Documents and Settings\Compaq_Administrator\Cookies\compaq_administrator@ad.adocean[2].txt
Risk: Medium

Name: TrackingCookie.Yieldmanager
Path: C:\Documents and Settings\Compaq_Administrator\Cookies\compaq_administrator@ad.yieldmanager[1].txt
Risk: Medium

Name: TrackingCookie.Yieldmanager
Path: C:\Documents and Settings\Compaq_Administrator\Cookies\compaq_administrator@ad.yieldmanager[3].txt
Risk: Medium

Name: TrackingCookie.Adbrite
Path: C:\Documents and Settings\Compaq_Administrator\Cookies\compaq_administrator@adbrite[1].txt
Risk: Medium

Name: TrackingCookie.Adbrite
Path: C:\Documents and Settings\Compaq_Administrator\Cookies\compaq_administrator@adbrite[2].txt
Risk: Medium

Name: TrackingCookie.Admarketplace
Path: C:\Documents and Settings\Compaq_Administrator\Cookies\compaq_administrator@admarketplace[2].txt
Risk: Medium

Name: TrackingCookie.Admarketplace
Path: C:\Documents and Settings\Compaq_Administrator\Cookies\compaq_administrator@admarketplace[3].txt
Risk: Medium

Name: TrackingCookie.Euroclick
Path: C:\Documents and Settings\Compaq_Administrator\Cookies\compaq_administrator@adopt.euroclick[2].txt
Risk: Medium

Name: TrackingCookie.Euroclick
Path: C:\Documents and Settings\Compaq_Administrator\Cookies\compaq_administrator@adopt.euroclick[3].txt
Risk: Medium

Name: TrackingCookie.Specificclick
Path: C:\Documents and Settings\Compaq_Administrator\Cookies\compaq_administrator@adopt.specificclick[1].txt
Risk: Medium

Name: TrackingCookie.Specificclick
Path: C:\Documents and Settings\Compaq_Administrator\Cookies\compaq_administrator@adopt.specificclick[2].txt
Risk: Medium

Name: TrackingCookie.Adrevolver
Path: C:\Documents and Settings\Compaq_Administrator\Cookies\compaq_administrator@adrevolver[1].txt
Risk: Medium

Name: TrackingCookie.Adrevolver
Path: C:\Documents and Settings\Compaq_Administrator\Cookies\compaq_administrator@adrevolver[4].txt
Risk: Medium

Name: TrackingCookie.Quarterserver
Path: C:\Documents and Settings\Compaq_Administrator\Cookies\compaq_administrator@ads-205.quarterserver[1].txt
Risk: Medium

Name: TrackingCookie.Addynamix
Path: C:\Documents and Settings\Compaq_Administrator\Cookies\compaq_administrator@ads.addynamix[1].txt
Risk: Medium

Name: TrackingCookie.Addynamix
Path: C:\Documents and Settings\Compaq_Administrator\Cookies\compaq_administrator@ads.addynamix[2].txt
Risk: Medium

Name: TrackingCookie.Bridgetrack
Path: C:\Documents and Settings\Compaq_Administrator\Cookies\compaq_administrator@ads.bridgetrack[1].txt
Risk: Medium

Name: TrackingCookie.Pointroll
Path: C:\Documents and Settings\Compaq_Administrator\Cookies\compaq_administrator@ads.pointroll[1].txt
Risk: Medium

Name: TrackingCookie.Pointroll
Path: C:\Documents and Settings\Compaq_Administrator\Cookies\compaq_administrator@ads.pointroll[2].txt
Risk: Medium

Name: TrackingCookie.Adtech
Path: C:\Documents and Settings\Compaq_Administrator\Cookies\compaq_administrator@adtech[2].txt
Risk: Medium

Name: TrackingCookie.Adtech
Path: C:\Documents and Settings\Compaq_Administrator\Cookies\compaq_administrator@adtech[3].txt
Risk: Medium

Name: TrackingCookie.Advertising
Path: C:\Documents and Settings\Compaq_Administrator\Cookies\compaq_administrator@advertising[1].txt
Risk: Medium

Name: TrackingCookie.Advertising
Path: C:\Documents and Settings\Compaq_Administrator\Cookies\compaq_administrator@advertising[3].txt
Risk: Medium

Name: TrackingCookie.Tacoda
Path: C:\Documents and Settings\Compaq_Administrator\Cookies\compaq_administrator@anad.tacoda[1].txt
Risk: Medium

Name: TrackingCookie.Tacoda
Path: C:\Documents and Settings\Compaq_Administrator\Cookies\compaq_administrator@anad.tacoda[2].txt
Risk: Medium

Name: TrackingCookie.Tacoda
Path: C:\Documents and Settings\Compaq_Administrator\Cookies\compaq_administrator@anat.tacoda[1].txt
Risk: Medium

Name: TrackingCookie.Tacoda
Path: C:\Documents and Settings\Compaq_Administrator\Cookies\compaq_administrator@anat.tacoda[2].txt
Risk: Medium

Name: TrackingCookie.Falkag
Path: C:\Documents and Settings\Compaq_Administrator\Cookies\compaq_administrator@as-eu.falkag[2].txt
Risk: Medium

Name: TrackingCookie.Falkag
Path: C:\Documents and Settings\Compaq_Administrator\Cookies\compaq_administrator@as-us.falkag[1].txt
Risk: Medium

Name: TrackingCookie.Falkag
Path: C:\Documents and Settings\Compaq_Administrator\Cookies\compaq_administrator@as-us.falkag[2].txt
Risk: Medium

Name: TrackingCookie.Casalemedia
Path: C:\Documents and Settings\Compaq_Administrator\Cookies\compaq_administrator@as.casalemedia[1].txt
Risk: Medium

Name: TrackingCookie.Falkag
Path: C:\Documents and Settings\Compaq_Administrator\Cookies\compaq_administrator@as1.falkag[2].txt
Risk: Medium

Name: TrackingCookie.Atdmt
Path: C:\Documents and Settings\Compaq_Administrator\Cookies\compaq_administrator@atdmt[1].txt
Risk: Medium

Name: TrackingCookie.Atdmt
Path: C:\Documents and Settings\Compaq_Administrator\Cookies\compaq_administrator@atdmt[2].txt
Risk: Medium

Name: TrackingCookie.Bfast
Path: C:\Documents and Settings\Compaq_Administrator\Cookies\compaq_administrator@bfast[2].txt
Risk: Medium

Name: TrackingCookie.Bluestreak
Path: C:\Documents and Settings\Compaq_Administrator\Cookies\compaq_administrator@bluestreak[1].txt
Risk: Medium

Name: TrackingCookie.Bluestreak
Path: C:\Documents and Settings\Compaq_Administrator\Cookies\compaq_administrator@bluestreak[3].txt
Risk: Medium

Name: TrackingCookie.Serving-sys
Path: C:\Documents and Settings\Compaq_Administrator\Cookies\compaq_administrator@bs.serving-sys[1].txt
Risk: Medium

Name: TrackingCookie.Serving-sys
Path: C:\Documents and Settings\Compaq_Administrator\Cookies\compaq_administrator@bs.serving-sys[2].txt
Risk: Medium

Name: TrackingCookie.Burstnet
Path: C:\Documents and Settings\Compaq_Administrator\Cookies\compaq_administrator@burstnet[2].txt
Risk: Medium

Name: TrackingCookie.Burstnet
Path: C:\Documents and Settings\Compaq_Administrator\Cookies\compaq_administrator@burstnet[3].txt
Risk: Medium

Name: TrackingCookie.Casalemedia
Path: C:\Documents and Settings\Compaq_Administrator\Cookies\compaq_administrator@casalemedia[1].txt
Risk: Medium

Name: TrackingCookie.Casalemedia
Path: C:\Documents and Settings\Compaq_Administrator\Cookies\compaq_administrator@casalemedia[2].txt
Risk: Medium

Name: TrackingCookie.Centrport
Path: C:\Documents and Settings\Compaq_Administrator\Cookies\compaq_administrator@centrport[1].txt
Risk: Medium

Name: TrackingCookie.Centrport
Path: C:\Documents and Settings\Compaq_Administrator\Cookies\compaq_administrator@centrport[2].txt
Risk: Medium

Name: TrackingCookie.Bridgetrack
Path: C:\Documents and Settings\Compaq_Administrator\Cookies\compaq_administrator@citi.bridgetrack[2].txt
Risk: Medium

Name: TrackingCookie.Clickbank
Path: C:\Documents and Settings\Compaq_Administrator\Cookies\compaq_administrator@clickbank[1].txt
Risk: Medium

Name: TrackingCookie.2o7
Path: C:\Documents and Settings\Compaq_Administrator\Cookies\compaq_administrator@cnn.122.2o7[1].txt
Risk: Medium

Name: TrackingCookie.Com
Path: C:\Documents and Settings\Compaq_Administrator\Cookies\compaq_administrator@com[1].txt
Risk: Medium

Name: TrackingCookie.Com
Path: C:\Documents and Settings\Compaq_Administrator\Cookies\compaq_administrator@com[2].txt
Risk: Medium

Name: TrackingCookie.Hitslink
Path: C:\Documents and Settings\Compaq_Administrator\Cookies\compaq_administrator@counter.hitslink[1].txt
Risk: Medium

Name: TrackingCookie.Hitslink
Path: C:\Documents and Settings\Compaq_Administrator\Cookies\compaq_administrator@counter.hitslink[2].txt
Risk: Medium

Name: TrackingCookie.Cpvfeed
Path: C:\Documents and Settings\Compaq_Administrator\Cookies\compaq_administrator@cpvfeed[2].txt
Risk: Medium

Name: TrackingCookie.Cpvfeed
Path: C:\Documents and Settings\Compaq_Administrator\Cookies\compaq_administrator@cpvfeed[3].txt
Risk: Medium

Name: TrackingCookie.Overture
Path: C:\Documents and Settings\Compaq_Administrator\Cookies\compaq_administrator@data2.perf.overture[1].txt
Risk: Medium

Name: TrackingCookie.Overture
Path: C:\Documents and Settings\Compaq_Administrator\Cookies\compaq_administrator@data2.perf.overture[3].txt
Risk: Medium

Name: TrackingCookie.Overture
Path: C:\Documents and Settings\Compaq_Administrator\Cookies\compaq_administrator@data3.perf.overture[1].txt
Risk: Medium

Name: TrackingCookie.Overture
Path: C:\Documents and Settings\Compaq_Administrator\Cookies\compaq_administrator@data4.perf.overture[1].txt
Risk: Medium

Name: TrackingCookie.Doubleclick
Path: C:\Documents and Settings\Compaq_Administrator\Cookies\compaq_administrator@doubleclick[1].txt
Risk: Medium

Name: TrackingCookie.Doubleclick
Path: C:\Documents and Settings\Compaq_Administrator\Cookies\compaq_administrator@doubleclick[3].txt
Risk: Medium

Name: TrackingCookie.Ru4
Path: C:\Documents and Settings\Compaq_Administrator\Cookies\compaq_administrator@edge.ru4[1].txt
Risk: Medium

Name: TrackingCookie.Ru4
Path: C:\Documents and Settings\Compaq_Administrator\Cookies\compaq_administrator@edge.ru4[2].txt
Risk: Medium

Name: TrackingCookie.Hitbox
Path: C:\Documents and Settings\Compaq_Administrator\Cookies\compaq_administrator@ehg-411web.hitbox[1].txt
Risk: Medium

Name: TrackingCookie.Hitbox
Path: C:\Documents and Settings\Compaq_Administrator\Cookies\compaq_administrator@ehg-aha.hitbox[1].txt
Risk: Medium

Name: TrackingCookie.Hitbox
Path: C:\Documents and Settings\Compaq_Administrator\Cookies\compaq_administrator@ehg-amtransair.hitbox[2].txt
Risk: Medium

Name: TrackingCookie.Hitbox
Path: C:\Documents and Settings\Compaq_Administrator\Cookies\compaq_administrator@ehg-aon.hitbox[1].txt
Risk: Medium

Name: TrackingCookie.Hitbox
Path: C:\Documents and Settings\Compaq_Administrator\Cookies\compaq_administrator@ehg-ati.hitbox[1].txt
Risk: Medium

Name: TrackingCookie.Hitbox
Path: C:\Documents and Settings\Compaq_Administrator\Cookies\compaq_administrator@ehg-cisco.hitbox[1].txt
Risk: Medium

Name: TrackingCookie.Hitbox
Path: C:\Documents and Settings\Compaq_Administrator\Cookies\compaq_administrator@ehg-crain.hitbox[1].txt
Risk: Medium

Name: TrackingCookie.Hitbox
Path: C:\Documents and Settings\Compaq_Administrator\Cookies\compaq_administrator@ehg-dig.hitbox[1].txt
Risk: Medium

Name: TrackingCookie.Hitbox
Path: C:\Documents and Settings\Compaq_Administrator\Cookies\compaq_administrator@ehg-dig.hitbox[2].txt
Risk: Medium

Name: TrackingCookie.Hitbox
Path: C:\Documents and Settings\Compaq_Administrator\Cookies\compaq_administrator@ehg-digg.hitbox[2].txt
Risk: Medium

Name: TrackingCookie.Hitbox
Path: C:\Documents and Settings\Compaq_Administrator\Cookies\compaq_administrator@ehg-groupernetworks.hitbox[1].txt
Risk: Medium

Name: TrackingCookie.Hitbox
Path: C:\Documents and Settings\Compaq_Administrator\Cookies\compaq_administrator@ehg-highlights.hitbox[1].txt
Risk: Medium

Name: TrackingCookie.Hitbox
Path: C:\Documents and Settings\Compaq_Administrator\Cookies\compaq_administrator@ehg-idgentertainment.hitbox[2].txt
Risk: Medium

Name: TrackingCookie.Hitbox
Path: C:\Documents and Settings\Compaq_Administrator\Cookies\compaq_administrator@ehg-kayak.hitbox[2].txt
Risk: Medium

Name: TrackingCookie.Hitbox
Path: C:\Documents and Settings\Compaq_Administrator\Cookies\compaq_administrator@ehg-kodak.hitbox[1].txt
Risk: Medium

Name: TrackingCookie.Hitbox
Path: C:\Documents and Settings\Compaq_Administrator\Cookies\compaq_administrator@ehg-legonewyorkinc.hitbox[2].txt
Risk: Medium

Name: TrackingCookie.Hitbox
Path: C:\Documents and Settings\Compaq_Administrator\Cookies\compaq_administrator@ehg-lowermybills.hitbox[1].txt
Risk: Medium

Name: TrackingCookie.Hitbox
Path: C:\Documents and Settings\Compaq_Administrator\Cookies\compaq_administrator@ehg-ogilvyspore.hitbox[1].txt
Risk: Medium

Name: TrackingCookie.Hitbox
Path: C:\Documents and Settings\Compaq_Administrator\Cookies\compaq_administrator@ehg-unicef.hitbox[1].txt
Risk: Medium

Name: TrackingCookie.Hitbox
Path: C:\Documents and Settings\Compaq_Administrator\Cookies\compaq_administrator@ehg-youtube.hitbox[1].txt
Risk: Medium

Name: TrackingCookie.Hitbox
Path: C:\Documents and Settings\Compaq_Administrator\Cookies\compaq_administrator@ehg-yvesrocher.hitbox[1].txt
Risk: Medium

Name: TrackingCookie.Hitbox
Path: C:\Documents and Settings\Compaq_Administrator\Cookies\compaq_administrator@ehg.hitbox[2].txt
Risk: Medium

Name: TrackingCookie.2o7
Path: C:\Documents and Settings\Compaq_Administrator\Cookies\compaq_administrator@entrepreneur.122.2o7[1].txt
Risk: Medium

Name: TrackingCookie.Estat
Path: C:\Documents and Settings\Compaq_Administrator\Cookies\compaq_administrator@estat[1].txt
Risk: Medium

Name: TrackingCookie.Targetnet
Path: C:\Documents and Settings\Compaq_Administrator\Cookies\compaq_administrator@fad-609.iad6.targetnet[1].txt
Risk: Medium

Name: TrackingCookie.Fastclick
Path: C:\Documents and Settings\Compaq_Administrator\Cookies\compaq_administrator@fastclick[1].txt
Risk: Medium

Name: TrackingCookie.Fastclick
Path: C:\Documents and Settings\Compaq_Administrator\Cookies\compaq_administrator@fastclick[2].txt
Risk: Medium

Name: TrackingCookie.Comclick
Path: C:\Documents and Settings\Compaq_Administrator\Cookies\compaq_administrator@fl01.ct2.comclick[1].txt
Risk: Medium

Name: TrackingCookie.Comclick
Path: C:\Documents and Settings\Compaq_Administrator\Cookies\compaq_administrator@fl01.ct2.comclick[2].txt
Risk: Medium

Name: TrackingCookie.2o7
Path: C:\Documents and Settings\Compaq_Administrator\Cookies\compaq_administrator@gaiainteractive.112.2o7[1].txt
Risk: Medium

Name: TrackingCookie.Starware
Path: C:\Documents and Settings\Compaq_Administrator\Cookies\compaq_administrator@h.starware[1].txt
Risk: Medium

Name: TrackingCookie.Starware
Path: C:\Documents and Settings\Compaq_Administrator\Cookies\compaq_administrator@h.starware[2].txt
Risk: Medium

Name: TrackingCookie.Hitbox
Path: C:\Documents and Settings\Compaq_Administrator\Cookies\compaq_administrator@hitbox[2].txt
Risk: Medium

Name: TrackingCookie.Hitbox
Path: C:\Documents and Settings\Compaq_Administrator\Cookies\compaq_administrator@hitbox[3].txt
Risk: Medium

Name: TrackingCookie.Hotlog
Path: C:\Documents and Settings\Compaq_Administrator\Cookies\compaq_administrator@hotlog[1].txt
Risk: Medium

Name: TrackingCookie.Hypertracker
Path: C:\Documents and Settings\Compaq_Administrator\Cookies\compaq_administrator@hypertracker[2].txt
Risk: Medium

Name: TrackingCookie.Masterstats
Path: C:\Documents and Settings\Compaq_Administrator\Cookies\compaq_administrator@image.masterstats[1].txt
Risk: Medium

Name: TrackingCookie.2o7
Path: C:\Documents and Settings\Compaq_Administrator\Cookies\compaq_administrator@kaboose.112.2o7[1].txt
Risk: Medium

Name: TrackingCookie.Komtrack
Path: C:\Documents and Settings\Compaq_Administrator\Cookies\compaq_administrator@komtrack[2].txt
Risk: Medium

Name: TrackingCookie.2o7
Path: C:\Documents and Settings\Compaq_Administrator\Cookies\compaq_administrator@leeenterprises.112.2o7[1].txt
Risk: Medium

Name: TrackingCookie.2o7
Path: C:\Documents and Settings\Compaq_Administrator\Cookies\compaq_administrator@marthastewart.122.2o7[1].txt
Risk: Medium

Name: TrackingCookie.Fastclick
Path: C:\Documents and Settings\Compaq_Administrator\Cookies\compaq_administrator@media.fastclick[1].txt
Risk: Medium

Name: TrackingCookie.Mediaplex
Path: C:\Documents and Settings\Compaq_Administrator\Cookies\compaq_administrator@mediaplex[2].txt
Risk: Medium

Name: TrackingCookie.Mediaplex
Path: C:\Documents and Settings\Compaq_Administrator\Cookies\compaq_administrator@mediaplex[3].txt
Risk: Medium

Name: TrackingCookie.2o7
Path: C:\Documents and Settings\Compaq_Administrator\Cookies\compaq_administrator@metacafe.122.2o7[1].txt
Risk: Medium

Name: TrackingCookie.2o7
Path: C:\Documents and Settings\Compaq_Administrator\Cookies\compaq_administrator@msnaccountservices.112.2o7[1].txt
Risk: Medium

Name: TrackingCookie.2o7
Path: C:\Documents and Settings\Compaq_Administrator\Cookies\compaq_administrator@msnportal.112.2o7[1].txt
Risk: Medium

Name: TrackingCookie.2o7
Path: C:\Documents and Settings\Compaq_Administrator\Cookies\compaq_administrator@msnportal.112.2o7[2].txt
Risk: Medium

Name: TrackingCookie.Overture
Path: C:\Documents and Settings\Compaq_Administrator\Cookies\compaq_administrator@overture[1].txt
Risk: Medium

Name: TrackingCookie.Overture
Path: C:\Documents and Settings\Compaq_Administrator\Cookies\compaq_administrator@overture[3].txt
Risk: Medium

Name: TrackingCookie.2o7
Path: C:\Documents and Settings\Compaq_Administrator\Cookies\compaq_administrator@partygaming.122.2o7[1].txt
Risk: Medium

Name: TrackingCookie.2o7
Path: C:\Documents and Settings\Compaq_Administrator\Cookies\compaq_administrator@paypal.112.2o7[1].txt
Risk: Medium

Name: TrackingCookie.2o7
Path: C:\Documents and Settings\Compaq_Administrator\Cookies\compaq_administrator@paypal.112.2o7[2].txt
Risk: Medium

Name: TrackingCookie.Overture
Path: C:\Documents and Settings\Compaq_Administrator\Cookies\compaq_administrator@perf.overture[1].txt
Risk: Medium

Name: TrackingCookie.Overture
Path: C:\Documents and Settings\Compaq_Administrator\Cookies\compaq_administrator@perf.overture[2].txt
Risk: Medium

Name: TrackingCookie.Hitbox
Path: C:\Documents and Settings\Compaq_Administrator\Cookies\compaq_administrator@phg.hitbox[1].txt
Risk: Medium

Name: TrackingCookie.2o7
Path: C:\Documents and Settings\Compaq_Administrator\Cookies\compaq_administrator@poweronemedia.122.2o7[1].txt
Risk: Medium

Name: TrackingCookie.Questionmarket
Path: C:\Documents and Settings\Compaq_Administrator\Cookies\compaq_administrator@questionmarket[1].txt
Risk: Medium

Name: TrackingCookie.Questionmarket
Path: C:\Documents and Settings\Compaq_Administrator\Cookies\compaq_administrator@questionmarket[2].txt
Risk: Medium

Name: TrackingCookie.Realmedia
Path: C:\Documents and Settings\Compaq_Administrator\Cookies\compaq_administrator@realmedia[1].txt
Risk: Medium

Name: TrackingCookie.Realmedia
Path: C:\Documents and Settings\Compaq_Administrator\Cookies\compaq_administrator@realmedia[2].txt
Risk: Medium

Name: TrackingCookie.Valuead
Path: C:\Documents and Settings\Compaq_Administrator\Cookies\compaq_administrator@reduxads.valuead[1].txt
Risk: Medium

Name: TrackingCookie.Valuead
Path: C:\Documents and Settings\Compaq_Administrator\Cookies\compaq_administrator@reduxads.valuead[2].txt
Risk: Medium

Name: TrackingCookie.2o7
Path: C:\Documents and Settings\Compaq_Administrator\Cookies\compaq_administrator@reunioncom.112.2o7[1].txt
Risk: Medium

Name: TrackingCookie.Revenue
Path: C:\Documents and Settings\Compaq_Administrator\Cookies\compaq_administrator@revenue[1].txt
Risk: Medium

Name: TrackingCookie.Revenue
Path: C:\Documents and Settings\Compaq_Administrator\Cookies\compaq_administrator@revenue[2].txt
Risk: Medium

Name: TrackingCookie.Adjuggler
Path: C:\Documents and Settings\Compaq_Administrator\Cookies\compaq_administrator@rotator.adjuggler[2].txt
Risk: Medium

Name: TrackingCookie.Liveperson
Path: C:\Documents and Settings\Compaq_Administrator\Cookies\compaq_administrator@sales.liveperson[1].txt
Risk: Medium

Name: TrackingCookie.Information
Path: C:\Documents and Settings\Compaq_Administrator\Cookies\compaq_administrator@searchportal.information[1].txt
Risk: Medium

Name: TrackingCookie.Information
Path: C:\Documents and Settings\Compaq_Administrator\Cookies\compaq_administrator@searchportal.information[2].txt
Risk: Medium

Name: TrackingCookie.Liveperson
Path: C:\Documents and Settings\Compaq_Administrator\Cookies\compaq_administrator@server.iad.liveperson[1].txt
Risk: Medium

Name: TrackingCookie.Liveperson
Path: C:\Documents and Settings\Compaq_Administrator\Cookies\compaq_administrator@server.iad.liveperson[2].txt
Risk: Medium

Name: TrackingCookie.Serving-sys
Path: C:\Documents and Settings\Compaq_Administrator\Cookies\compaq_administrator@serving-sys[1].txt
Risk: Medium

Name: TrackingCookie.Serving-sys
Path: C:\Documents and Settings\Compaq_Administrator\Cookies\compaq_administrator@serving-sys[2].txt
Risk: Medium

Name: TrackingCookie.Spylog
Path: C:\Documents and Settings\Compaq_Administrator\Cookies\compaq_administrator@spylog[1].txt
Risk: Medium

Name: TrackingCookie.Onestat
Path: C:\Documents and Settings\Compaq_Administrator\Cookies\compaq_administrator@stat.onestat[2].txt
Risk: Medium

Name: TrackingCookie.Statcounter
Path: C:\Documents and Settings\Compaq_Administrator\Cookies\compaq_administrator@statcounter[1].txt
Risk: Medium

Name: TrackingCookie.Statcounter
Path: C:\Documents and Settings\Compaq_Administrator\Cookies\compaq_administrator@statcounter[2].txt
Risk: Medium

Name: TrackingCookie.Reliablestats
Path: C:\Documents and Settings\Compaq_Administrator\Cookies\compaq_administrator@stats1.reliablestats[2].txt
Risk: Medium

Name: TrackingCookie.Webtrendslive
Path: C:\Documents and Settings\Compaq_Administrator\Cookies\compaq_administrator@statse.webtrendslive[1].txt
Risk: Medium

Name: TrackingCookie.Webtrendslive
Path: C:\Documents and Settings\Compaq_Administrator\Cookies\compaq_administrator@statse.webtrendslive[2].txt
Risk: Medium

Name: TrackingCookie.Tacoda
Path: C:\Documents and Settings\Compaq_Administrator\Cookies\compaq_administrator@tacoda[1].txt
Risk: Medium

Name: TrackingCookie.Tacoda
Path: C:\Documents and Settings\Compaq_Administrator\Cookies\compaq_administrator@tacoda[3].txt
Risk: Medium

Name: TrackingCookie.Tacoda
Path: C:\Documents and Settings\Compaq_Administrator\Cookies\compaq_administrator@tacoda[4].txt
Risk: Medium

Name: TrackingCookie.Targetnet
Path: C:\Documents and Settings\Compaq_Administrator\Cookies\compaq_administrator@targetnet[1].txt
Risk: Medium

Name: TrackingCookie.Tradedoubler
Path: C:\Documents and Settings\Compaq_Administrator\Cookies\compaq_administrator@tradedoubler[1].txt
Risk: Medium

Name: TrackingCookie.Tradedoubler
Path: C:\Documents and Settings\Compaq_Administrator\Cookies\compaq_administrator@tradedoubler[3].txt
Risk: Medium

Name: TrackingCookie.Trafficmp
Path: C:\Documents and Settings\Compaq_Administrator\Cookies\compaq_administrator@trafficmp[1].txt
Risk: Medium

Name: TrackingCookie.Trafficmp
Path: C:\Documents and Settings\Compaq_Administrator\Cookies\compaq_administrator@trafficmp[2].txt
Risk: Medium

Name: TrackingCookie.Trafic
Path: C:\Documents and Settings\Compaq_Administrator\Cookies\compaq_administrator@trafic[1].txt
Risk: Medium

Name: TrackingCookie.Tribalfusion
Path: C:\Documents and Settings\Compaq_Administrator\Cookies\compaq_administrator@tribalfusion[1].txt
Risk: Medium

Name: TrackingCookie.Tribalfusion
Path: C:\Documents and Settings\Compaq_Administrator\Cookies\compaq_administrator@tribalfusion[3].txt
Risk: Medium

Name: TrackingCookie.Starware
Path: C:\Documents and Settings\Compaq_Administrator\Cookies\compaq_administrator@try.starware[1].txt
Risk: Medium

Name: TrackingCookie.Starware
Path: C:\Documents and Settings\Compaq_Administrator\Cookies\compaq_administrator@try.starware[2].txt
Risk: Medium

Name: TrackingCookie.Valueclick
Path: C:\Documents and Settings\Compaq_Administrator\Cookies\compaq_administrator@valueclick[1].txt
Risk: Medium

Name: TrackingCookie.Valueclick
Path: C:\Documents and Settings\Compaq_Administrator\Cookies\compaq_administrator@valueclick[2].txt
Risk: Medium

Name: TrackingCookie.2o7
Path: C:\Documents and Settings\Compaq_Administrator\Cookies\compaq_administrator@viamtvcom.112.2o7[1].txt
Risk: Medium

Name: TrackingCookie.Web-stat
Path: C:\Documents and Settings\Compaq_Administrator\Cookies\compaq_administrator@web-stat[2].txt
Risk: Medium

Name: TrackingCookie.Web-stat
Path: C:\Documents and Settings\Compaq_Administrator\Cookies\compaq_administrator@web-stat[3].txt
Risk: Medium

Name: TrackingCookie.Weborama
Path: C:\Documents and Settings\Compaq_Administrator\Cookies\compaq_administrator@weborama[1].txt
Risk: Medium

Name: TrackingCookie.Web-stat
Path: C:\Documents and Settings\Compaq_Administrator\Cookies\compaq_administrator@webstat[2].txt
Risk: Medium

Name: TrackingCookie.Burstbeacon
Path: C:\Documents and Settings\Compaq_Administrator\Cookies\compaq_administrator@www.burstbeacon[1].txt
Risk: Medium

Name: TrackingCookie.Burstbeacon
Path: C:\Documents and Settings\Compaq_Administrator\Cookies\compaq_administrator@www.burstbeacon[2].txt
Risk: Medium

Name: TrackingCookie.Burstnet
Path: C:\Documents and Settings\Compaq_Administrator\Cookies\compaq_administrator@www.burstnet[1].txt
Risk: Medium

Name: TrackingCookie.Burstnet
Path: C:\Documents and Settings\Compaq_Administrator\Cookies\compaq_administrator@www.burstnet[2].txt
Risk: Medium

Name: TrackingCookie.Burstnet
Path: C:\Documents and Settings\Compaq_Administrator\Cookies\compaq_administrator@www.burstnet[3].txt
Risk: Medium

Name: TrackingCookie.Myaffiliateprogram
Path: C:\Documents and Settings\Compaq_Administrator\Cookies\compaq_administrator@www.myaffiliateprogram[1].txt
Risk: Medium

Name: TrackingCookie.Smartadserver
Path: C:\Documents and Settings\Compaq_Administrator\Cookies\compaq_administrator@www.smartadserver[1].txt
Risk: Medium

Name: TrackingCookie.Paypopup
Path: C:\Documents and Settings\Compaq_Administrator\Cookies\compaq_administrator@www222.paypopup[1].txt
Risk: Medium

Name: TrackingCookie.Paypopup
Path: C:\Documents and Settings\Compaq_Administrator\Cookies\compaq_administrator@www222.paypopup[2].txt
Risk: Medium

Name: TrackingCookie.Yadro
Path: C:\Documents and Settings\Compaq_Administrator\Cookies\compaq_administrator@yadro[2].txt
Risk: Medium

Name: TrackingCookie.Yieldmanager
Path: C:\Documents and Settings\Compaq_Administrator\Cookies\compaq_administrator@yieldmanager[1].txt
Risk: Medium

Name: TrackingCookie.Yieldmanager
Path: C:\Documents and Settings\Compaq_Administrator\Cookies\compaq_administrator@yieldmanager[2].txt
Risk: Medium

Name: TrackingCookie.Adserver
Path: C:\Documents and Settings\Compaq_Administrator\Cookies\compaq_administrator@z1.adserver[1].txt
Risk: Medium

Name: TrackingCookie.Zedo
Path: C:\Documents and Settings\Compaq_Administrator\Cookies\compaq_administrator@zedo[2].txt
Risk: Medium

Name: TrackingCookie.Zedo
Path: C:\Documents and Settings\Compaq_Administrator\Cookies\compaq_administrator@zedo[3].txt
Risk: Medium

Name: TrackingCookie.Atdmt
Path: :mozilla.29:C:\Documents and Settings\Compaq_Administrator\Application Data\Netscape\NSB\Profiles\j55r6ayb.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Casalemedia
Path: :mozilla.30:C:\Documents and Settings\Compaq_Administrator\Application Data\Netscape\NSB\Profiles\j55r6ayb.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Tribalfusion
Path: :mozilla.31:C:\Documents and Settings\Compaq_Administrator\Application Data\Netscape\NSB\Profiles\j55r6ayb.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Casalemedia
Path: :mozilla.32:C:\Documents and Settings\Compaq_Administrator\Application Data\Netscape\NSB\Profiles\j55r6ayb.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Casalemedia
Path: :mozilla.33:C:\Documents and Settings\Compaq_Administrator\Application Data\Netscape\NSB\Profiles\j55r6ayb.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Tribalfusion
Path: :mozilla.35:C:\Documents and Settings\Compaq_Administrator\Application Data\Netscape\NSB\Profiles\j55r6ayb.default\cookies.txt
Risk: Medium

Name: TrackingCookie.2o7
Path: :mozilla.36:C:\Documents and Settings\Compaq_Administrator\Application Data\Netscape\NSB\Profiles\j55r6ayb.default\cookies.txt
Risk: Medium

Name: TrackingCookie.2o7
Path: :mozilla.37:C:\Documents and Settings\Compaq_Administrator\Application Data\Netscape\NSB\Profiles\j55r6ayb.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Doubleclick
Path: :mozilla.38:C:\Documents and Settings\Compaq_Administrator\Application Data\Netscape\NSB\Profiles\j55r6ayb.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Advertising
Path: :mozilla.39:C:\Documents and Settings\Compaq_Administrator\Application Data\Netscape\NSB\Profiles\j55r6ayb.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Advertising
Path: :mozilla.40:C:\Documents and Settings\Compaq_Administrator\Application Data\Netscape\NSB\Profiles\j55r6ayb.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Advertising
Path: :mozilla.41:C:\Documents and Settings\Compaq_Administrator\Application Data\Netscape\NSB\Profiles\j55r6ayb.default\cookies.txt
Risk: Medium

Name: Adware.Hoax.Renos
Path: C:\Documents and Settings\Compaq_Administrator\Local Settings\Temp\237y6FRa.exe
Risk: Medium

Name: TrackingCookie.2o7
Path: C:\Documents and Settings\****\Cookies\****@2o7[2].txt
Risk: Medium

Name: TrackingCookie.Addynamix
Path: C:\Documents and Settings\****\Cookies\****@ads.addynamix[2].txt
Risk: Medium

Name: TrackingCookie.Falkag
Path: C:\Documents and Settings\****\Cookies\****@as-us.falkag[1].txt
Risk: Medium

Name: TrackingCookie.Atdmt
Path: C:\Documents and Settings\****\Cookies\****@atdmt[2].txt
Risk: Medium

Name: TrackingCookie.Casalemedia
Path: C:\Documents and Settings\****\Cookies\****@casalemedia[2].txt
Risk: Medium

Name: TrackingCookie.Doubleclick
Path: C:\Documents and Settings\****\Cookies\****@doubleclick[1].txt
Risk: Medium

Name: TrackingCookie.Ru4
Path: C:\Documents and Settings\****\Cookies\****@edge.ru4[1].txt
Risk: Medium

Name: TrackingCookie.Estat
Path: C:\Documents and Settings\****\Cookies\****@estat[1].txt
Risk: Medium

Name: TrackingCookie.Fastclick
Path: C:\Documents and Settings\****\Cookies\****@fastclick[1].txt
Risk: Medium

Name: TrackingCookie.Mediaplex
Path: C:\Documents and Settings\****\Cookies\****@mediaplex[1].txt
Risk: Medium

Name: TrackingCookie.2o7
Path: C:\Documents and Settings\****\Cookies\****@microsoftwlmessengermkt.112.2o7[1].txt
Risk: Medium

Name: TrackingCookie.2o7
Path: C:\Documents and Settings\****\Cookies\****@msnportal.112.2o7[1].txt
Risk: Medium

Name: TrackingCookie.Trafficmp
Path: C:\Documents and Settings\****\Cookies\****@trafficmp[1].txt
Risk: Medium

Name: TrackingCookie.Valueclick
Path: C:\Documents and Settings\****\Cookies\****@valueclick[1].txt
Risk: Medium

Name: TrackingCookie.Zedo
Path: C:\Documents and Settings\****\Cookies\****@zedo[1].txt
Risk: Medium

\Cookies\****@valueclick[1].txt
Risk: Medium

Name: TrackingCookie.Zedo
Path: C:\Documents and Settings\****\Cookies\****@zedo[1].txt
Risk: Medium


I replaced my name with ****

Odoh da restartujem sada.

offline
  • Pridružio: 17 Jul 2005
  • Poruke: 3097
  • Gde živiš: "Daleko od Negdje"

offline
  • Pridružio: 04 Sep 2003
  • Poruke: 24135
  • Gde živiš: Wien

Ovo sto iskace je deo programa DISCover, za koji sam te pitao da li ti je poznat. Ovaj deo fali tom programu, nesto ga je zeznulo.
Problem se najlakse resava ponovnom instalacijom tog programa u slucaju da ti taj program treba.
U slucaju da ti ne treba, iz Add/Remove Programs bi trebalo da mozes potpuno da ga deinstaliras.

VundoFix ne moras vise da startujes ukoliko nemas vise onih laznih uzbuna.
Meni daj samo svez log programa HijackThis, da vidim koja je sada situacija.

offline
  • Pridružio: 17 Jul 2005
  • Poruke: 3097
  • Gde živiš: "Daleko od Negdje"

Logfile of HijackThis v1.99.1
Scan saved at 5:42:56 AM, on 1/29/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\SMINST\RECGUARD.EXE
C:\WINDOWS\arservice.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\Program Files\Shareaza\Shareaza.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\Compaq Connections\5577497\Program\Compaq Connections.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\TechSmith\SnagIt 8\SnagIt32.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\TechSmith\SnagIt 8\TSCHelp.exe
C:\Program Files\TechSmith\SnagIt 8\SnagPriv.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Yahoo!\browser\ybrowser.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Compaq_Administrator\My Documents\My Received Files\PR4H.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=ie.....pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=ie.....pf=desktop
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://runonce.msn.com/?v=msgrv75
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://att.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/ie/defaults/sb/sbcydsl/*http://www.yahoo.com/search/ie.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/ie/defaults/sp/sbcydsl/*http://www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://att.yahoo.com
O2 - BHO: SnagIt Toolbar Loader - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 8\SnagItBHO.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRA~1\Yahoo!\Common\yiesrvc.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar5.dll
O2 - BHO: hpWebHelper Class - {AAAE832A-5FFF-4661-9C8F-369692D1DCB9} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\WebHelper.dll
O2 - BHO: SidebarAutoLaunch Class - {F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} - C:\Program Files\Yahoo!\browser\YSidebarIEBHO.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar5.dll
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 8\SnagItIEAddin.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [AlwaysReady Power Message APP] ARPWRMSG.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [Reminder] "C:\Windows\Creator\Remind_XP.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [YBrowser] C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Shareaza] "C:\Program Files\Shareaza\Shareaza.exe" -tray
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Compaq Connections.lnk = C:\Program Files\Compaq Connections\5577497\Program\Compaq Connections.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: SnagIt 8.lnk = C:\Program Files\TechSmith\SnagIt 8\SnagIt32.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra button: AT&T Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRA~1\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Compaq_Administrator\Start Menu\Programs\IMVU\Run IMVU.lnk
O9 - Extra button: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

03 Feb 2007 15:59 bobby Zaključavanje topica Razlog: : Javiti se na PP ukoliko je potrebno otkljucavanje teme  
Ko je trenutno na forumu
 

Ukupno su 432 korisnika na forumu :: 16 registrovanih, 6 sakrivenih i 410 gosta   ::   [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:
Korisnici trenutno na forumu: _Sale, A.R.Chafee.Jr., amaterSRB, Andrija357, Apok, caesar, dankisha, Dorcolac, helen1, kuntalo, nebkv, panonski mornar, ruseskij, sizif, stug, xJeremijAx