Zasfyfiony system koleżanki, TrustedAntyvirus

Piwollo · 2 Grudzień 2007 15:29

Witam. Wczoraj moja koleżanka została zainfenkowana “czymś” co za chiny nie chce sie usunąc…

System chodzi jak zwariowany, cały czas wyskakują pop-upy, ściągają się jakieś programy.

Prosze o spr. loga:

Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 15:23:35, on 02/12/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Gadu-Gadu\gg.exe C:\WINDOWS\system32\wpabaln.exe C:\WINDOWS\explorer.exe C:\Program Files\Common Files\TrustedAntivirus\ugcw.exe C:\Program Files\Common Files\TrustedAntivirus\bm.exe C:\Program Files\TrustedAntivirus\pgs.exe C:\Program Files\YourPrivacyGuard\UGDCcw.exe C:\Program Files\Common Files\YourPrivacyGuard\mc.exe C:\Program Files\YourPrivacyGuard\GDC.exe C:\Program Files\SystemErrorFixer\ucookw.exe C:\Program Files\Common Files\SystemErrorFixer\strpmon.exe C:\Program Files\SystemErrorFixer\SysRep.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.pl/ O2 - BHO: MSVPS System - {5EF40AC5-1BBE-4436-A9E3-F129C0D605D8} - C:\WINDOWS\vipextoxn.dll O2 - BHO: IEFW Object - {FAAD2038-C371-473D-86F1-5B11D39C3775} - C:\Program Files\TrustedAntivirus\Tools\IEFWBHO.dll O3 - Toolbar: The voipwet - {D4170A6E-8CE3-444B-ACA4-B3A0AF12C55C} - C:\WINDOWS\voipwet.dll O4 - HKLM…\Run: [TrustedAntivirus] C:\Program Files\TrustedAntivirus\pgs.exe O4 - HKLM…\Run: [ugcw] “C:\PROGRA~1\COMMON~1\TRUSTE~1\ugcw.exe” -start O4 - HKLM…\Run: [salestart] “C:\Program Files\Common Files\TrustedAntivirus\bm.exe” dm=http://trustedantivirus.com;’>http://trustedantivirus.com; ad=http://trustedantivirus.com O4 - HKLM…\Run: [YourPrivacyGuard] C:\Program Files\YourPrivacyGuard\GDC.exe O4 - HKLM…\Run: [ugdccw] “C:\PROGRA~1\YOURPR~1\UGDCcw.exe” -start O4 - HKLM…\Run: [salestart(1)] “C:\Program Files\Common Files\YourPrivacyGuard\mc.exe” dm=http://yourprivacyguard.com ad=http://yourprivacyguard.com sd=http://ilp.yourprivacyguard.com O4 - HKLM…\Run: [rtasks] C:\Program Files\TrustedAntivirus\rtasks.exe O4 - HKLM…\Run: [systemErrorFixer] C:\Program Files\SystemErrorFixer\SysRep.exe O4 - HKLM…\Run: [ucookw] “C:\PROGRA~1\SYSTEM~1\ucookw.exe” -start O4 - HKLM…\Run: [salestart(2)] “C:\Program Files\Common Files\SystemErrorFixer\strpmon.exe” dm=http://systemerrorfixer.com ad=http://systemerrorfixer.com sd=http://inspaid.systemerrorfixer.com O4 - HKLM…\RunOnce: [freinst] “C:\Program Files\TrustedAntivirus\pgs.exe” /empty O4 - HKUS\S-1-5-19…\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User ‘LOCAL SERVICE’) O4 - HKUS\S-1-5-20…\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User ‘NETWORK SERVICE’) O4 - HKUS\S-1-5-18…\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User ‘SYSTEM’) O4 - HKUS.DEFAULT…\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User ‘Default user’) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra ‘Tools’ menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O21 - SSODL: kopmet - {139CF7E5-A58F-42D6-B0D7-4CCD166001BE} - C:\WINDOWS\kopmet.dll O21 - SSODL: jetctrl - {728FB3E7-0244-4782-BDCA-768968AE6F95} - C:\WINDOWS\jetctrl.dll – End of file - 3399 bytes

“Silent Runners.vbs”, revision 52, http://www.silentrunners.org/ Operating System: Windows XP SP2 Output limited to non-default values, except where indicated by “{++}” Startup items buried in registry: --------------------------------- HKLM\Software\Microsoft\Windows\CurrentVersion\Run\ {++} “TrustedAntivirus” = “C:\Program Files\TrustedAntivirus\pgs.exe” [“LocusSoftware, Inc.”] “ugcw” = ““C:\PROGRA~1\COMMON~1\TRUSTE~1\ugcw.exe” -start” [null data] “Salestart” = ““C:\Program Files\Common Files\TrustedAntivirus\bm.exe” dm=http://trustedantivirus.com;’>http://trustedantivirus.com; ad=http://trustedantivirus.com” [null data] “YourPrivacyGuard” = “C:\Program Files\YourPrivacyGuard\GDC.exe” [“Locus Software Inc.”] “ugdccw” = ““C:\PROGRA~1\YOURPR~1\UGDCcw.exe” -start” [null data] “Salestart(1)” = ““C:\Program Files\Common Files\YourPrivacyGuard\mc.exe” dm=http://yourprivacyguard.com ad=http://yourprivacyguard.com sd=http://ilp.yourprivacyguard.com” [null data] “rtasks” = “C:\Program Files\TrustedAntivirus\rtasks.exe” [null data] “SystemErrorFixer” = “C:\Program Files\SystemErrorFixer\SysRep.exe” [null data] “ucookw” = ““C:\PROGRA~1\SYSTEM~1\ucookw.exe” -start” [null data] “Salestart(2)” = ““C:\Program Files\Common Files\SystemErrorFixer\strpmon.exe” dm=http://systemerrorfixer.com ad=http://systemerrorfixer.com sd=http://inspaid.systemerrorfixer.com” [null data] HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce\ {++} “freinst” = ““C:\Program Files\TrustedAntivirus\pgs.exe” /empty” [“LocusSoftware, Inc.”] HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ {5EF40AC5-1BBE-4436-A9E3-F129C0D605D8}(Default) = (no title provided) -> {HKLM…CLSID} = “MSVPS System” \InProcServer32(Default) = “C:\WINDOWS\vipextoxn.dll” [empty string] {FAAD2038-C371-473D-86F1-5B11D39C3775}(Default) = (no title provided) -> {HKLM…CLSID} = “IEFW Object” \InProcServer32(Default) = “C:\Program Files\TrustedAntivirus\Tools\IEFWBHO.dll” [“LocusSoftware, Inc.”] HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\ “{42071714-76d4-11d1-8b24-00a0c9068ff3}” = “Display Panning CPL Extension” -> {HKLM…CLSID} = “Display Panning CPL Extension” \InProcServer32(Default) = “deskpan.dll” [file not found] “{88895560-9AA2-1069-930E-00AA0030EBC8}” = “HyperTerminal Icon Ext” -> {HKLM…CLSID} = “HyperTerminal Icon Ext” \InProcServer32(Default) = “C:\WINDOWS\system32\hticons.dll” [“Hilgraeve, Inc.”] “{B41DB860-8EE4-11D2-9906-E49FADC173CA}” = “WinRAR shell extension” -> {HKLM…CLSID} = “WinRAR” \InProcServer32(Default) = “C:\Program Files\WinRAR\rarext.dll” [null data] “{B33DE756-DEEE-4D7A-87DB-1D905BA2AA21}” = “secure_del” -> {HKLM…CLSID} = “secure_del” \InProcServer32(Default) = “C:\Program Files\YourPrivacyGuard\secure_del.dll” [null data] HKLM\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\ “kopmet” = “{139CF7E5-A58F-42D6-B0D7-4CCD166001BE}” -> {HKLM…CLSID} = (no title provided) \InProcServer32(Default) = “C:\WINDOWS\kopmet.dll” [null data] “jetctrl” = “{728FB3E7-0244-4782-BDCA-768968AE6F95}” -> {HKLM…CLSID} = (no title provided) \InProcServer32(Default) = “C:\WINDOWS\jetctrl.dll” [null data] HKLM\Software\Classes*\shellex\ContextMenuHandlers\ secure_del(Default) = “{B33DE756-DEEE-4D7A-87DB-1D905BA2AA21}” -> {HKLM…CLSID} = “secure_del” \InProcServer32(Default) = “C:\Program Files\YourPrivacyGuard\secure_del.dll” [null data] WinRAR(Default) = “{B41DB860-8EE4-11D2-9906-E49FADC173CA}” -> {HKLM…CLSID} = “WinRAR” \InProcServer32(Default) = “C:\Program Files\WinRAR\rarext.dll” [null data] HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\ secure_del(Default) = “{B33DE756-DEEE-4D7A-87DB-1D905BA2AA21}” -> {HKLM…CLSID} = “secure_del” \InProcServer32(Default) = “C:\Program Files\YourPrivacyGuard\secure_del.dll” [null data] WinRAR(Default) = “{B41DB860-8EE4-11D2-9906-E49FADC173CA}” -> {HKLM…CLSID} = “WinRAR” \InProcServer32(Default) = “C:\Program Files\WinRAR\rarext.dll” [null data] HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\ secure_del(Default) = “{B33DE756-DEEE-4D7A-87DB-1D905BA2AA21}” -> {HKLM…CLSID} = “secure_del” \InProcServer32(Default) = “C:\Program Files\YourPrivacyGuard\secure_del.dll” [null data] WinRAR(Default) = “{B41DB860-8EE4-11D2-9906-E49FADC173CA}” -> {HKLM…CLSID} = “WinRAR” \InProcServer32(Default) = “C:\Program Files\WinRAR\rarext.dll” [null data] Group Policies {policy setting}: -------------------------------- Note: detected settings may not have any effect. HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System\ “shutdownwithoutlogon” = (REG_DWORD) hex:0x00000001 {Shutdown: Allow system to be shut down without having to log on} “undockwithoutlogon” = (REG_DWORD) hex:0x00000001 {Devices: Allow undock without having to log on} Active Desktop and Wallpaper: ----------------------------- Active Desktop may be disabled at this entry: HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState Winsock2 Service Provider DLLs: ------------------------------- Namespace Service Providers HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++} 000000000001\LibraryPath = “%SystemRoot%\System32\mswsock.dll” [MS] 000000000002\LibraryPath = “%SystemRoot%\System32\winrnr.dll” [MS] 000000000003\LibraryPath = “%SystemRoot%\System32\mswsock.dll” [MS] Transport Service Providers HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++} 0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range: %SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 11 %SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05 Toolbars, Explorer Bars, Extensions: ------------------------------------ Toolbars HKLM\Software\Microsoft\Internet Explorer\Toolbar\ “{D4170A6E-8CE3-444B-ACA4-B3A0AF12C55C}” = (no title provided) -> {HKLM…CLSID} = “The voipwet” \InProcServer32(Default) = “C:\WINDOWS\voipwet.dll” [null data] Extensions (Tools menu items, main toolbar menu buttons) HKLM\Software\Microsoft\Internet Explorer\Extensions\ {FB5F1910-F110-11D2-BB9E-00C04F795683}\ “ButtonText” = “Messenger” “MenuText” = “Windows Messenger” “Exec” = “C:\Program Files\Messenger\msmsgs.exe” [MS] ---------- (launch time: 2007-12-02 15:27:47) + This report excludes default entries except where indicated. + To see *everywhere* the script checks and *everything* it finds, launch it from a command prompt or a shortcut with the -all parameter. + The search for DESKTOP.INI DLL launch points on all local fixed drives took 6 seconds. ---------- (total run time: 62 seconds)

Gutek · 2 Grudzień 2007 17:30

Użyj SmitFraudFix wybierz opcji nr 2 , oczywiście w trybie awaryjnym i po tym - Daj log z ComboFix

Piwollo · 2 Grudzień 2007 20:05

SmitFraudFix v2.257 Scan done at 20:03:51.45, 02/12/2007 Run from C:\Documents and Settings\marta\Desktop\SmitfraudFix\SmitfraudFix OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT The filesystem type is NTFS Fix run in normal mode »»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Before SmitFraudFix !Attention, following keys are not inevitably infected! SrchSTS.exe by S!Ri Search SharedTaskScheduler’s .dll »»»»»»»»»»»»»»»»»»»»»»»» Killing process »»»»»»»»»»»»»»»»»»»»»»»» hosts 127.0.0.1 localhost »»»»»»»»»»»»»»»»»»»»»»»» Winsock2 Fix S!Ri’s WS2Fix: LSP not Found. »»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix GenericRenosFix by S!Ri »»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files »»»»»»»»»»»»»»»»»»»»»»»» DNS Description: AMD PCNET Family PCI Ethernet Adapter - Packet Scheduler Miniport DNS Server Search Order: 10.0.2.3 HKLM\SYSTEM\CCS\Services\Tcpip…{3442FC89-0D0C-416F-BCA4-512010290647}: DhcpNameServer=10.0.2.3 HKLM\SYSTEM\CS1\Services\Tcpip…{3442FC89-0D0C-416F-BCA4-512010290647}: DhcpNameServer=10.0.2.3 HKLM\SYSTEM\CS2\Services\Tcpip…{3442FC89-0D0C-416F-BCA4-512010290647}: DhcpNameServer=10.0.2.3 HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=10.0.2.3 HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=10.0.2.3 HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=10.0.2.3 »»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files »»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System !Attention, following keys are not inevitably infected! [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] “System”="" »»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning Registry Cleaning done. »»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler After SmitFraudFix !Attention, following keys are not inevitably infected! SrchSTS.exe by S!Ri Search SharedTaskScheduler’s .dll »»»»»»»»»»»»»»»»»»»»»»»» End ComboFix 07-12-02.5 - marta 2007-12-02 19:56:02.1 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.2.1250.48.1033.18.36 [GMT 0:00] Running from: C:\Documents and Settings\marta\Desktop\ComboFix.exe * Created a new restore point . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\Documents and Settings\All Users\Application Data.\salesmonitor C:\Documents and Settings\marta\Application Data\install_en[1].exe C:\Documents and Settings\marta\Application Data\installer_en[1].exe C:\Documents and Settings\marta\Application Data\setup_en[1].exe C:\Documents and Settings\marta\ResErrors.log C:\Program Files\FunWebProducts C:\Program Files\FunWebProducts\ScreenSaver\Images\0007AEF8.urr C:\Program Files\FunWebProducts\Shared\Cache\CursorManiaBtn.html C:\Program Files\FunWebProducts\Shared\Cache\SmileyCentralBtn.html C:\Program Files\internet explorer\msimg32.dll C:\Program Files\MyWebSearch\bar\1.bin\F3BKGERR.JPG C:\Program Files\MyWebSearch\bar\1.bin\F3BROVLY.DLL C:\Program Files\MyWebSearch\bar\1.bin\F3CJPEG.DLL C:\Program Files\MyWebSearch\bar\1.bin\F3DTACTL.DLL C:\Program Files\MyWebSearch\bar\1.bin\F3HISTSW.DLL C:\Program Files\MyWebSearch\bar\1.bin\F3HTMLMU.DLL C:\Program Files\MyWebSearch\bar\1.bin\F3HTTPCT.DLL C:\Program Files\MyWebSearch\bar\1.bin\F3IMSTUB.DLL C:\Program Files\MyWebSearch\bar\1.bin\F3POPSWT.DLL C:\Program Files\MyWebSearch\bar\1.bin\F3PSSAVR.SCR C:\Program Files\MyWebSearch\bar\1.bin\F3REPROX.DLL C:\Program Files\MyWebSearch\bar\1.bin\F3RESTUB.DLL C:\Program Files\MyWebSearch\bar\1.bin\F3SCHMON.EXE C:\Program Files\MyWebSearch\bar\1.bin\F3SCRCTR.DLL C:\Program Files\MyWebSearch\bar\1.bin\F3SHLLVW.DLL C:\Program Files\MyWebSearch\bar\1.bin\F3SPACER.WMV C:\Program Files\MyWebSearch\bar\1.bin\F3WALLPP.DAT C:\Program Files\MyWebSearch\bar\1.bin\F3WPHOOK.DLL C:\Program Files\MyWebSearch\bar\1.bin\M3FFXTBR.JAR C:\Program Files\MyWebSearch\bar\1.bin\M3FFXTBR.MANIFEST C:\Program Files\MyWebSearch\bar\1.bin\M3HTML.DLL C:\Program Files\MyWebSearch\bar\1.bin\M3IDLE.DLL C:\Program Files\MyWebSearch\bar\1.bin\M3IMPIPE.EXE C:\Program Files\MyWebSearch\bar\1.bin\M3MSG.DLL C:\Program Files\MyWebSearch\bar\1.bin\M3NTSTBR.JAR C:\Program Files\MyWebSearch\bar\1.bin\M3NTSTBR.MANIFEST C:\Program Files\MyWebSearch\bar\1.bin\M3OUTLCN.DLL C:\Program Files\MyWebSearch\bar\1.bin\M3PLUGIN.DLL C:\Program Files\MyWebSearch\bar\1.bin\M3SKIN.DLL C:\Program Files\MyWebSearch\bar\1.bin\M3SKPLAY.EXE C:\Program Files\MyWebSearch\bar\1.bin\M3SLSRCH.EXE C:\Program Files\MyWebSearch\bar\1.bin\M3SRCHMN.EXE C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL C:\Program Files\MyWebSearch\bar\1.bin\MWSOEMON.EXE C:\Program Files\MyWebSearch\bar\1.bin\MWSOEPLG.DLL C:\Program Files\MyWebSearch\bar\1.bin\MWSOESTB.DLL C:\Program Files\MyWebSearch\bar\1.bin\NPMYWEBS.DLL C:\Program Files\MyWebSearch\bar\Avatar\COMMON.F3S C:\Program Files\MyWebSearch\bar\Cache\0007BC26 C:\Program Files\MyWebSearch\bar\Cache\0007C287 C:\Program Files\MyWebSearch\bar\Cache\0007C453.bin C:\Program Files\MyWebSearch\bar\Cache\0007D178.bin C:\Program Files\MyWebSearch\bar\Cache\0007DE9D.bin C:\Program Files\MyWebSearch\bar\Cache\0007DFA1.bin C:\Program Files\MyWebSearch\bar\Cache\files.ini C:\Program Files\MyWebSearch\bar\Game\CHECKERS.F3S C:\Program Files\MyWebSearch\bar\Game\CHESS.F3S C:\Program Files\MyWebSearch\bar\Game\REVERSI.F3S C:\Program Files\MyWebSearch\bar\History\search2 C:\Program Files\MyWebSearch\bar\icons\CM.ICO C:\Program Files\MyWebSearch\bar\icons\MFC.ICO C:\Program Files\MyWebSearch\bar\icons\PSS.ICO C:\Program Files\MyWebSearch\bar\icons\SMILEY.ICO C:\Program Files\MyWebSearch\bar\icons\WB.ICO C:\Program Files\MyWebSearch\bar\icons\ZWINKY.ICO C:\Program Files\MyWebSearch\bar\Message\COMMON.F3S C:\Program Files\MyWebSearch\bar\Notifier\COMMON.F3S C:\Program Files\MyWebSearch\bar\Notifier\DOG.F3S C:\Program Files\MyWebSearch\bar\Notifier\FISH.F3S C:\Program Files\MyWebSearch\bar\Notifier\KUNGFU.F3S C:\Program Files\MyWebSearch\bar\Notifier\LIFEGARD.F3S C:\Program Files\MyWebSearch\bar\Notifier\MAID.F3S C:\Program Files\MyWebSearch\bar\Notifier\MAILBOX.F3S C:\Program Files\MyWebSearch\bar\Notifier\OPERA.F3S C:\Program Files\MyWebSearch\bar\Notifier\ROBOT.F3S C:\Program Files\MyWebSearch\bar\Notifier\SEDUCT.F3S C:\Program Files\MyWebSearch\bar\Notifier\SURFER.F3S C:\Program Files\MyWebSearch\bar\Settings\prevcfg2.htm C:\Program Files\MyWebSearch\bar\Settings\s_pid.dat C:\Program Files\MyWebSearch\bar\Settings\setting2.htm C:\Program Files\MyWebSearch\bar\Settings\settings.dat C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL C:\WINDOWS\dat.txt C:\WINDOWS\rs.txt C:\WINDOWS\search_res.txt C:\WINDOWS\system32\drivers\fmtr.sys C:\WINDOWS\system32\f3PSSavr.scr C:\Program Files\MyWebSearch . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\LEGACY_FMTR -------\fmtr ((((((((((((((((((((((((( Files Created from 2007-11-02 to 2007-12-02 ))))))))))))))))))))))))))))))) . 2007-12-02 19:59 . 2007-12-02 19:59 2007-12-02 19:51 . 2007-09-05 23:22 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe 2007-12-02 19:51 . 2006-04-27 16:49 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe 2007-12-02 19:51 . 2003-06-05 20:13 53,248 --a------ C:\WINDOWS\system32\Process.exe 2007-12-02 19:51 . 2004-07-31 17:50 51,200 --a------ C:\WINDOWS\system32\dumphive.exe 2007-12-02 19:51 . 2007-10-03 23:36 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe 2007-12-02 19:51 . 2007-12-02 19:51 2,308 --a------ C:\WINDOWS\system32\tmp.reg 2007-12-02 15:26 . 2007-12-02 15:26 2007-12-02 15:24 . 2007-12-02 15:24 2007-12-02 15:23 . 2007-12-02 15:23 2007-12-02 15:21 . 2007-12-02 15:21 2007-12-02 15:21 . 2007-12-02 15:21 2007-12-02 15:21 . 2007-12-02 15:21 2007-12-02 15:19 . 2007-12-02 15:19 2007-12-02 15:19 . 2007-12-02 19:58 2007-12-02 15:19 . 2007-12-02 15:19 2007-12-02 15:19 . 2007-12-02 15:19 2007-12-02 15:19 . 2007-02-13 08:09 388,126 --a------ C:\WINDOWS\system32\sqlite3.dll 2007-12-02 15:18 . 2007-12-02 19:54 2007-12-02 15:18 . 2007-12-02 15:18 2007-12-02 15:18 . 2007-12-02 15:19 2007-12-02 15:18 . 2004-10-07 13:39 1,060,864 --a------ C:\WINDOWS\system32\mfc71.dll 2007-12-02 15:18 . 2004-10-07 13:39 499,712 --a------ C:\WINDOWS\system32\msvcp71.dll 2007-12-02 15:18 . 2004-10-07 13:39 348,160 --a------ C:\WINDOWS\system32\msvcr71.dll 2007-12-02 15:18 . 2004-10-07 13:39 89,088 --a------ C:\WINDOWS\system32\atl71.dll 2007-12-02 15:18 . 2001-03-08 18:30 24,064 --a------ C:\WINDOWS\system32\msxml3a.dll 2007-12-02 15:01 . 2007-12-02 15:01 2007-12-02 15:01 . 2007-12-02 15:02 . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2007-12-02 14:46 --------- d-----w C:\Program Files\microsoft frontpage . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries legit default entries are not shown [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] “TrustedAntivirus”=“C:\Program Files\TrustedAntivirus\pgs.exe” [2007-10-02 15:54] “YourPrivacyGuard”=“C:\Program Files\YourPrivacyGuard\GDC.exe” [2007-11-08 14:46] “Salestart(1)”=“C:\Program Files\Common Files\YourPrivacyGuard\mc.exe” [2007-11-07 18:12] “SystemErrorFixer”=“C:\Program Files\SystemErrorFixer\SysRep.exe” [2007-11-19 13:38] “ucookw”=“C:\PROGRA~1\SYSTEM~1\ucookw.exe” [2007-08-14 16:01] “Salestart(2)”=“C:\Program Files\Common Files\SystemErrorFixer\strpmon.exe” [2007-11-21 15:18] [HKEY_USERS.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] “CTFMON.EXE”=“C:\WINDOWS\system32\CTFMON.EXE” [2004-08-04 12:00] . ************************************************************************** catchme 0.3.1318 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2007-12-02 19:59:56 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes … scanning hidden autostart entries … scanning hidden files … scan completed successfully hidden files: 0 ************************************************************************** . Completion time: 2007-12-02 20:00:30 - machine was rebooted . — E O F —

Gutek · 2 Grudzień 2007 21:31

Wklej do Notatnika:

>>Plik>>Zapisz jako… >>> CFScript (najwygodniej będzie, jeśli zapiszesz w takiej lokalizacji, by ikonka CFScript.txt znalazła się obok ikonki ComboFix.exe )

Przeciągnij i upuść plik CFScript.txt na plik ComboFix.exe (czyli ikonkę CFScript.txt na ikonkę ComboFix.exe )

– podobnie jak na tym obrazku –>

(jeśli pojawi się pytanie " 1 or 2" - to wpisz 1 i naciśnij ENTER) Ma się rozpocząć usuwanie. (i powstanie log)

Po restarcie usuń ręcznie folder C: ** Qoobox**.

Po tym nowy log z Combo

Użyj jeszcze RogueRemover - http://www.snapfiles.com/download/dlrogueremover.html

Piwollo · 3 Grudzień 2007 20:57

Trusted antywirus wywaliło, ale jest jeszcze SystemErrorFixer i YourPrivacyGuard ;/

Rouge wywala błąd po aktualizacji, proszę log z Combo:

ComboFix 07-12-02.5 - marta 2007-12-03 20:49:26.2 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.2.1250.48.1033.18.127 [GMT 0:00] Running from: C:\Documents and Settings\marta\Desktop\ComboFix.exe Command switches used :: C:\Documents and Settings\marta\Desktop\CFScript.txt * Created a new restore point . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\Documents and Settings\All Users\Application Data.\salesmonitor C:\Documents and Settings\marta\Application Data\TrustedAntivirus C:\Documents and Settings\marta\Application Data\TrustedAntivirus\avtasks.dat C:\Documents and Settings\marta\Application Data\TrustedAntivirus\Logs\av.log C:\Documents and Settings\marta\Application Data\TrustedAntivirus\Logs\ga6Support.log C:\Documents and Settings\marta\Application Data\TrustedAntivirus\Logs\update.log C:\Documents and Settings\marta\Application Data\TrustedAntivirus\PGE.dat C:\Documents and Settings\marta\ResErrors.log C:\Program Files\Common Files\TrustedAntivirus C:\Program Files\Common Files\TrustedAntivirus\bm.exe C:\Program Files\Common Files\TrustedAntivirus\ugcw.exe C:\Program Files\TrustedAntivirus C:\Program Files\TrustedAntivirus\Activate.exe C:\Program Files\TrustedAntivirus\Config\pgs.xml C:\Program Files\TrustedAntivirus\Dat\Activate.dat C:\Program Files\TrustedAntivirus\Dat\BkSites.dat C:\Program Files\TrustedAntivirus\Dat\bnlink.dat C:\Program Files\TrustedAntivirus\Dat\incmp.dat C:\Program Files\TrustedAntivirus\Dat\index.dat C:\Program Files\TrustedAntivirus\Dat\PGUpLst.dat C:\Program Files\TrustedAntivirus\Dat\pv.dat C:\Program Files\TrustedAntivirus\Engines\AWBase\database\enemies.dat C:\Program Files\TrustedAntivirus\Engines\AWBase\vbpv.dat C:\Program Files\TrustedAntivirus\Engines\PGBase\vbpv.dat C:\Program Files\TrustedAntivirus\Engines\plugins\BORLNDMM.DLL C:\Program Files\TrustedAntivirus\Engines\plugins\SCANADWR.DLL C:\Program Files\TrustedAntivirus\Engines\plugins\SCANBCDR.DLL C:\Program Files\TrustedAntivirus\Engines\plugins\SCANDLDR.DLL C:\Program Files\TrustedAntivirus\Engines\plugins\SCANDOS1.DLL C:\Program Files\TrustedAntivirus\Engines\plugins\SCANEMUL.DLL C:\Program Files\TrustedAntivirus\Engines\plugins\SCANFUNC.DLL C:\Program Files\TrustedAntivirus\Engines\plugins\SCANKRNL.DLL C:\Program Files\TrustedAntivirus\Engines\plugins\SCANMCR1.DLL C:\Program Files\TrustedAntivirus\Engines\plugins\SCANOTHR.DLL C:\Program Files\TrustedAntivirus\Engines\plugins\SCANSCR.DLL C:\Program Files\TrustedAntivirus\Engines\plugins\SCANTOOL.DLL C:\Program Files\TrustedAntivirus\Engines\plugins\SCANTROJ.DLL C:\Program Files\TrustedAntivirus\Engines\plugins\SCANWIN1.DLL C:\Program Files\TrustedAntivirus\Engines\plugins\UNACPU.DLL C:\Program Files\TrustedAntivirus\Engines\plugins\UNADBX.DLL C:\Program Files\TrustedAntivirus\Engines\plugins\unamscan.dll C:\Program Files\TrustedAntivirus\Engines\plugins\UNMIME.DLL C:\Program Files\TrustedAntivirus\Engines\plugins\UNPACK.DLL C:\Program Files\TrustedAntivirus\Engines\plugins\UNPACKS.DLL C:\Program Files\TrustedAntivirus\Engines\plugins\UNPACKS2.DLL C:\Program Files\TrustedAntivirus\Engines\plugins\UNPEPACK.DLL C:\Program Files\TrustedAntivirus\Engines\plugins\UpDate\UA27601.DLL C:\Program Files\TrustedAntivirus\Engines\plugins\UpDate\UA27602.DLL C:\Program Files\TrustedAntivirus\Engines\plugins\UpDate\UA27603.DLL C:\Program Files\TrustedAntivirus\Engines\plugins\UpDate\UA27604.DLL C:\Program Files\TrustedAntivirus\Engines\plugins\UpDate\UADAILY.DLL C:\Program Files\TrustedAntivirus\Engines\plugins\vbpv.dat C:\Program Files\TrustedAntivirus\FMTR.sys C:\Program Files\TrustedAntivirus\fopnl.dll C:\Program Files\TrustedAntivirus\FWSettings.bin C:\Program Files\TrustedAntivirus\Graphics\cross.gif C:\Program Files\TrustedAntivirus\Graphics\ga6p.gif C:\Program Files\TrustedAntivirus\Graphics\kb.url C:\Program Files\TrustedAntivirus\Graphics\main.ico C:\Program Files\TrustedAntivirus\Graphics\mini.ico C:\Program Files\TrustedAntivirus\Graphics\Online.url C:\Program Files\TrustedAntivirus\Graphics\rm.url C:\Program Files\TrustedAntivirus\Graphics\support.ico C:\Program Files\TrustedAntivirus\Graphics\Support.url C:\Program Files\TrustedAntivirus\Graphics\uninstall.ico C:\Program Files\TrustedAntivirus\history.db C:\Program Files\TrustedAntivirus\LA\lapv.dat C:\Program Files\TrustedAntivirus\LA\License.rtf C:\Program Files\TrustedAntivirus\pgs.exe C:\Program Files\TrustedAntivirus\ResErrors.log C:\Program Files\TrustedAntivirus\Restart.exe C:\Program Files\TrustedAntivirus\rpt.dll C:\Program Files\TrustedAntivirus\RTasks.exe C:\Program Files\TrustedAntivirus\scnkrnl.dll C:\Program Files\TrustedAntivirus\settings.ini C:\Program Files\TrustedAntivirus\sqlite3.dll C:\Program Files\TrustedAntivirus\sr.log C:\Program Files\TrustedAntivirus\Tools\IEFWBHO.dll C:\Program Files\TrustedAntivirus\Tools\pg.dll C:\Program Files\TrustedAntivirus\unins000.dat C:\Program Files\TrustedAntivirus\unins000.exe C:\Program Files\TrustedAntivirus\Up\ASupdater.dat C:\Program Files\TrustedAntivirus\Up\diagnosis.dat C:\Program Files\TrustedAntivirus\Up\gup.exe C:\Program Files\TrustedAntivirus\Up\PGupdater.dat C:\Program Files\TrustedAntivirus\Up\UBupdater.dat C:\Program Files\TrustedAntivirus\Up\up.dat C:\Program Files\TrustedAntivirus\Up\updater.dat C:\UGA6P . ((((((((((((((((((((((((( Files Created from 2007-11-03 to 2007-12-03 ))))))))))))))))))))))))))))))) . 2007-12-03 20:51 . 2007-12-03 20:51 2007-12-02 19:51 . 2007-09-05 23:22 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe 2007-12-02 19:51 . 2006-04-27 16:49 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe 2007-12-02 19:51 . 2003-06-05 20:13 53,248 --a------ C:\WINDOWS\system32\Process.exe 2007-12-02 19:51 . 2004-07-31 17:50 51,200 --a------ C:\WINDOWS\system32\dumphive.exe 2007-12-02 19:51 . 2007-10-03 23:36 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe 2007-12-02 19:51 . 2007-12-02 20:04 1,464 --a------ C:\WINDOWS\system32\tmp.reg 2007-12-02 15:26 . 2007-12-02 15:26 2007-12-02 15:24 . 2007-12-02 15:24 2007-12-02 15:23 . 2007-12-02 15:23 2007-12-02 15:21 . 2007-12-02 15:21 2007-12-02 15:21 . 2007-12-02 15:21 2007-12-02 15:21 . 2007-12-02 15:21 2007-12-02 15:19 . 2007-12-02 19:58 2007-12-02 15:19 . 2007-12-02 15:19 2007-12-02 15:19 . 2007-12-02 15:19 2007-12-02 15:19 . 2007-02-13 08:09 388,126 --a------ C:\WINDOWS\system32\sqlite3.dll 2007-12-02 15:18 . 2004-10-07 13:39 1,060,864 --a------ C:\WINDOWS\system32\mfc71.dll 2007-12-02 15:18 . 2004-10-07 13:39 499,712 --a------ C:\WINDOWS\system32\msvcp71.dll 2007-12-02 15:18 . 2004-10-07 13:39 348,160 --a------ C:\WINDOWS\system32\msvcr71.dll 2007-12-02 15:18 . 2004-10-07 13:39 89,088 --a------ C:\WINDOWS\system32\atl71.dll 2007-12-02 15:18 . 2001-03-08 18:30 24,064 --a------ C:\WINDOWS\system32\msxml3a.dll 2007-12-02 15:01 . 2007-12-02 15:01 2007-12-02 15:01 . 2007-12-02 15:02 . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2007-12-02 14:46 --------- d-----w C:\Program Files\microsoft frontpage . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] “YourPrivacyGuard”=“C:\Program Files\YourPrivacyGuard\GDC.exe” [2007-11-08 14:46] “Salestart(1)”=“C:\Program Files\Common Files\YourPrivacyGuard\mc.exe” [2007-11-07 18:12] “SystemErrorFixer”=“C:\Program Files\SystemErrorFixer\SysRep.exe” [2007-11-19 13:38] “ucookw”=“C:\PROGRA~1\SYSTEM~1\ucookw.exe” [2007-08-14 16:01] “Salestart(2)”=“C:\Program Files\Common Files\SystemErrorFixer\strpmon.exe” [2007-11-21 15:18] [HKEY_USERS.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] “CTFMON.EXE”=“C:\WINDOWS\system32\CTFMON.EXE” [2004-08-04 12:00] . ************************************************************************** catchme 0.3.1318 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2007-12-03 20:51:32 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes … scanning hidden autostart entries … scanning hidden files … scan completed successfully hidden files: 0 ************************************************************************** . Completion time: 2007-12-03 20:52:00 - machine was rebooted C:\ComboFix2.txt … 2007-12-02 20:03 . — E O F —

Gutek · 3 Grudzień 2007 21:16

Coś te automaty szwankują

Wklej do Notatnika:

>>Plik>>Zapisz jako… >>> CFScript (najwygodniej będzie, jeśli zapiszesz w takiej lokalizacji, by ikonka CFScript.txt znalazła się obok ikonki ComboFix.exe )

Przeciągnij i upuść plik CFScript.txt na plik ComboFix.exe (czyli ikonkę CFScript.txt na ikonkę ComboFix.exe )

– podobnie jak na tym obrazku –>

(jeśli pojawi się pytanie " 1 or 2" - to wpisz 1 i naciśnij ENTER) Ma się rozpocząć usuwanie. (i powstanie log)

Po restarcie usuń ręcznie folder C: ** Qoobox**.

Po tym nowy log z Combo

Piwollo · 3 Grudzień 2007 21:51

Tym razem Ci się udało, jesteś najlepszy

ComboFix 07-12-02.5 - marta 2007-12-03 21:45:10.3 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.2.1250.48.1033.18.100 [GMT 0:00] Running from: C:\Documents and Settings\marta\Desktop\ComboFix.exe Command switches used :: C:\Documents and Settings\marta\Desktop\CFScript.txt * Created a new restore point FILE C:\PROGRA~1\SYSTEM~1\ucookw.exe . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\Documents and Settings\All Users\Application Data.\salesmonitor C:\Documents and Settings\marta\Application Data\systemerrorfixer C:\Documents and Settings\marta\Application Data\systemerrorfixer\Logs\update.log C:\Documents and Settings\marta\Application Data\YourPrivacyGuard C:\Documents and Settings\marta\Application Data\YourPrivacyGuard\Logs\update.log C:\PROGRA~1\SYSTEM~1\ucookw.exe C:\Program Files\Common Files\SystemErrorFixer C:\Program Files\Common Files\SystemErrorFixer\strpmon.exe C:\Program Files\Common Files\YourPrivacyGuard C:\Program Files\Common Files\YourPrivacyGuard\mc.exe C:\Program Files\SystemErrorFixer C:\Program Files\SystemErrorFixer\atl71.dll C:\Program Files\SystemErrorFixer\License.rtf C:\Program Files\SystemErrorFixer\mfc71.dll C:\Program Files\SystemErrorFixer\msvcp71.dll C:\Program Files\SystemErrorFixer\msvcr71.dll C:\Program Files\SystemErrorFixer\Readme.rtf C:\Program Files\SystemErrorFixer\Res\Main.ico C:\Program Files\SystemErrorFixer\Res\RecycleBin.ico C:\Program Files\SystemErrorFixer\rm.url C:\Program Files\SystemErrorFixer\sr.log C:\Program Files\SystemErrorFixer\swupd.log C:\Program Files\SystemErrorFixer\SysRep.exe C:\Program Files\SystemErrorFixer\SysRep.exe.cer C:\Program Files\SystemErrorFixer\SysRep.exe.Log C:\Program Files\SystemErrorFixer\SysRep.exe.xml C:\Program Files\SystemErrorFixer\SysRep.url C:\Program Files\SystemErrorFixer\transpaid.exe C:\Program Files\SystemErrorFixer\ucookw.exe C:\Program Files\SystemErrorFixer\unins000.dat C:\Program Files\SystemErrorFixer\unins000.exe C:\Program Files\SystemErrorFixer\urls.ini C:\Program Files\YourPrivacyGuard C:\Program Files\YourPrivacyGuard\config.ini C:\Program Files\YourPrivacyGuard\data\application\7-Zip Compression Pgm.scr C:\Program Files\YourPrivacyGuard\data\application\AbsoluteFTP.scr C:\Program Files\YourPrivacyGuard\data\application\ACDSee32.scr C:\Program Files\YourPrivacyGuard\data\application\Acoustica CD Label Maker.scr C:\Program Files\YourPrivacyGuard\data\application\Ad-aware SE.scr C:\Program Files\YourPrivacyGuard\data\application\Adaptec’s Audio CD.scr C:\Program Files\YourPrivacyGuard\data\application\Adaptec Easy CD Creator v4.scr C:\Program Files\YourPrivacyGuard\data\application\Addsoft.scr C:\Program Files\YourPrivacyGuard\data\application\AddWeb 3.0.scr C:\Program Files\YourPrivacyGuard\data\application\Adobe Acrobat Reader v3.0.scr C:\Program Files\YourPrivacyGuard\data\application\Adobe Acrobat Reader v3.1.scr C:\Program Files\YourPrivacyGuard\data\application\Adobe Acrobat Reader v4.0.scr C:\Program Files\YourPrivacyGuard\data\application\Adobe Acrobat Reader v5.0.scr C:\Program Files\YourPrivacyGuard\data\application\Adobe Acrobat Reader v6.0.scr C:\Program Files\YourPrivacyGuard\data\application\Adobe Acrobat Reader v7.0.scr C:\Program Files\YourPrivacyGuard\data\application\Adobe Photoshop v5.0 LE.scr C:\Program Files\YourPrivacyGuard\data\application\Adobe Photoshop v5.5.scr C:\Program Files\YourPrivacyGuard\data\application\Adobe Photoshop v6.0.scr C:\Program Files\YourPrivacyGuard\data\application\Adobe Photoshop v7.0.scr C:\Program Files\YourPrivacyGuard\data\application\Advanced Disk Catalog.scr C:\Program Files\YourPrivacyGuard\data\application\Advanced MP3 Catalog.scr C:\Program Files\YourPrivacyGuard\data\application\Advanced Password Recovery.scr C:\Program Files\YourPrivacyGuard\data\application\ahead cover designer.scr C:\Program Files\YourPrivacyGuard\data\application\Albatros ADGaspect.scr C:\Program Files\YourPrivacyGuard\data\application\Albatros ADGpano.scr C:\Program Files\YourPrivacyGuard\data\application\Albatros ADGview.scr C:\Program Files\YourPrivacyGuard\data\application\Alcohol MRU List.scr C:\Program Files\YourPrivacyGuard\data\application\Animation Shop 1.x.scr C:\Program Files\YourPrivacyGuard\data\application\Animation Shop 3.x.scr C:\Program Files\YourPrivacyGuard\data\application\AOL - Spool.scr C:\Program Files\YourPrivacyGuard\data\application\ASPack.scr C:\Program Files\YourPrivacyGuard\data\application\Avant Browser.scr C:\Program Files\YourPrivacyGuard\data\application\AX-Icons 4.x.scr C:\Program Files\YourPrivacyGuard\data\application\Axialis Icon Workshop 5.x.scr C:\Program Files\YourPrivacyGuard\data\application\Axialis Media Browser.scr C:\Program Files\YourPrivacyGuard\data\application\Babylon Builder 2.2.scr C:\Program Files\YourPrivacyGuard\data\application\Babylon Translator.scr C:\Program Files\YourPrivacyGuard\data\application\BlazeDVD 2.0.scr C:\Program Files\YourPrivacyGuard\data\application\Bookreader.scr C:\Program Files\YourPrivacyGuard\data\application\C++ Builder.scr C:\Program Files\YourPrivacyGuard\data\application\Cabinet Manager.scr C:\Program Files\YourPrivacyGuard\data\application\Chameleon Web Browser.scr C:\Program Files\YourPrivacyGuard\data\application\Classify 98.scr C:\Program Files\YourPrivacyGuard\data\application\Clicktionary 2000.scr C:\Program Files\YourPrivacyGuard\data\application\CoffeeCup DirectFTP.scr C:\Program Files\YourPrivacyGuard\data\application\CoffeeCup GIF Animator.scr C:\Program Files\YourPrivacyGuard\data\application\Cool Edit 2000 1.1.scr C:\Program Files\YourPrivacyGuard\data\application\Cool Edit Pro.scr C:\Program Files\YourPrivacyGuard\data\application\Corel PhotoPaint 8.scr C:\Program Files\YourPrivacyGuard\data\application\CrissCross.scr C:\Program Files\YourPrivacyGuard\data\application\CRT 2.x.scr C:\Program Files\YourPrivacyGuard\data\application\Cute FTP v3.0.scr C:\Program Files\YourPrivacyGuard\data\application\Cute FTP v4.0.scr C:\Program Files\YourPrivacyGuard\data\application\Cute MX.scr C:\Program Files\YourPrivacyGuard\data\application\CuteFTP.scr C:\Program Files\YourPrivacyGuard\data\application\CuteHTML.scr C:\Program Files\YourPrivacyGuard\data\application\DataRescue_IDA.scr C:\Program Files\YourPrivacyGuard\data\application\Delphi v3.scr C:\Program Files\YourPrivacyGuard\data\application\Delphi v4.scr C:\Program Files\YourPrivacyGuard\data\application\Delphi v5.scr C:\Program Files\YourPrivacyGuard\data\application\Delphi v7.scr C:\Program Files\YourPrivacyGuard\data\application\Disk Explorer Professional 3.scr C:\Program Files\YourPrivacyGuard\data\application\Diskeeper 5.0.scr C:\Program Files\YourPrivacyGuard\data\application\DivX Player.scr C:\Program Files\YourPrivacyGuard\data\application\Download Accelerator.scr C:\Program Files\YourPrivacyGuard\data\application\Ebay Toolbar.scr C:\Program Files\YourPrivacyGuard\data\application\EditPad.scr C:\Program Files\YourPrivacyGuard\data\application\EditPlus 2.scr C:\Program Files\YourPrivacyGuard\data\application\edonkey2000.scr C:\Program Files\YourPrivacyGuard\data\application\eMule.scr C:\Program Files\YourPrivacyGuard\data\application\Enfish Onespace.scr C:\Program Files\YourPrivacyGuard\data\application\Enigma Browser.scr C:\Program Files\YourPrivacyGuard\data\application\F-Secure SSH 2.x.scr C:\Program Files\YourPrivacyGuard\data\application\Fix-It 2000.scr C:\Program Files\YourPrivacyGuard\data\application\FlashGet.scr C:\Program Files\YourPrivacyGuard\data\application\FotoCanvas 2.0.scr C:\Program Files\YourPrivacyGuard\data\application\Fotostation 4.0.scr C:\Program Files\YourPrivacyGuard\data\application\foxit reader.scr C:\Program Files\YourPrivacyGuard\data\application\Free Download Manager 1.x.scr C:\Program Files\YourPrivacyGuard\data\application\FTP Explorer.scr C:\Program Files\YourPrivacyGuard\data\application\FTP Voyager.scr C:\Program Files\YourPrivacyGuard\data\application\Fun CD.scr C:\Program Files\YourPrivacyGuard\data\application\Gator.scr C:\Program Files\YourPrivacyGuard\data\application\GeoVid Video to Flash Batch Converter.scr C:\Program Files\YourPrivacyGuard\data\application\GetRight ExplorerBar.scr C:\Program Files\YourPrivacyGuard\data\application\GetRight.scr C:\Program Files\YourPrivacyGuard\data\application\Go!Zilla.scr C:\Program Files\YourPrivacyGuard\data\application\Google Deskbar.scr C:\Program Files\YourPrivacyGuard\data\application\Google Desktop Search History.scr C:\Program Files\YourPrivacyGuard\data\application\Google Toolbar.scr C:\Program Files\YourPrivacyGuard\data\application\Google Video Player 1.x.scr C:\Program Files\YourPrivacyGuard\data\application\GoZilla.scr C:\Program Files\YourPrivacyGuard\data\application\Gravity Newsreader.scr C:\Program Files\YourPrivacyGuard\data\application\hardcopy.scr C:\Program Files\YourPrivacyGuard\data\application\Helios TextPad v3.scr C:\Program Files\YourPrivacyGuard\data\application\Helios TextPad v4.scr C:\Program Files\YourPrivacyGuard\data\application\HelpWriter.scr C:\Program Files\YourPrivacyGuard\data\application\hexworkshop.scr C:\Program Files\YourPrivacyGuard\data\application\Homesite 4.0.scr C:\Program Files\YourPrivacyGuard\data\application\Hotbar 3.0.scr C:\Program Files\YourPrivacyGuard\data\application\HotJava Browser.scr C:\Program Files\YourPrivacyGuard\data\application\HTML Help Workshop.scr C:\Program Files\YourPrivacyGuard\data\application\Icon Extractor.scr C:\Program Files\YourPrivacyGuard\data\application\iMesh.scr C:\Program Files\YourPrivacyGuard\data\application\InoculatelT PE Antivirus.scr C:\Program Files\YourPrivacyGuard\data\application\InstallShield Express.scr C:\Program Files\YourPrivacyGuard\data\application\InterQuick.scr C:\Program Files\YourPrivacyGuard\data\application\Irfanview.scr C:\Program Files\YourPrivacyGuard\data\application\Iso Buster.scr C:\Program Files\YourPrivacyGuard\data\application\Jasc Animation Shop 3.scr C:\Program Files\YourPrivacyGuard\data\application\JASC Paintshop Pro v5.scr C:\Program Files\YourPrivacyGuard\data\application\JASC Paintshop Pro v6.scr C:\Program Files\YourPrivacyGuard\data\application\JASC Paintshop Pro v7.scr C:\Program Files\YourPrivacyGuard\data\application\JASC Paintshop Pro v8.scr C:\Program Files\YourPrivacyGuard\data\application\Jet Photo Shell.scr C:\Program Files\YourPrivacyGuard\data\application\juno.scr C:\Program Files\YourPrivacyGuard\data\application\K-Lite Codec Pack.scr C:\Program Files\YourPrivacyGuard\data\application\Kazaa Media Desktop.scr C:\Program Files\YourPrivacyGuard\data\application\Kodak Imaging.scr C:\Program Files\YourPrivacyGuard\data\application\LeapFTP 2.6.scr C:\Program Files\YourPrivacyGuard\data\application\LeechFTP.scr C:\Program Files\YourPrivacyGuard\data\application\Letterbox.scr C:\Program Files\YourPrivacyGuard\data\application\LViewPro 2.x.scr C:\Program Files\YourPrivacyGuard\data\application\Macromedia Dreamweaver MX.scr C:\Program Files\YourPrivacyGuard\data\application\Macromedia Dreamweaver Ultradev 4.scr C:\Program Files\YourPrivacyGuard\data\application\Macromedia Firework MX.scr C:\Program Files\YourPrivacyGuard\data\application\Macromedia Fireworks 3.scr C:\Program Files\YourPrivacyGuard\data\application\Macromedia Flash MX.scr C:\Program Files\YourPrivacyGuard\data\application\Macromedia Flash Player.scr C:\Program Files\YourPrivacyGuard\data\application\Macromedia Flash v4.0.scr C:\Program Files\YourPrivacyGuard\data\application\Magic ISO Maker 4.6.scr C:\Program Files\YourPrivacyGuard\data\application\mapinfo mapmarker.scr C:\Program Files\YourPrivacyGuard\data\application\Mass Download.scr C:\Program Files\YourPrivacyGuard\data\application\MasterSplitter v2.1.scr C:\Program Files\YourPrivacyGuard\data\application\McAfee Virus Scan.scr C:\Program Files\YourPrivacyGuard\data\application\MEDA MP3 Splitter.scr C:\Program Files\YourPrivacyGuard\data\application\Metapad.scr C:\Program Files\YourPrivacyGuard\data\application\MGI PHOTOSUITE SE 1.x.scr C:\Program Files\YourPrivacyGuard\data\application\MGUSOFT Setup Builder.scr C:\Program Files\YourPrivacyGuard\data\application\Microangelo 98.scr C:\Program Files\YourPrivacyGuard\data\application\MicroAngelo.scr C:\Program Files\YourPrivacyGuard\data\application\Micrografx Picture Publisher v7.scr C:\Program Files\YourPrivacyGuard\data\application\Micrografx Picture Publisher v8.scr C:\Program Files\YourPrivacyGuard\data\application\Microsoft FrontPage Express.scr C:\Program Files\YourPrivacyGuard\data\application\Microsoft FrontPage.scr C:\Program Files\YourPrivacyGuard\data\application\Microsoft Help Workshop.scr C:\Program Files\YourPrivacyGuard\data\application\Microsoft HTML Help.scr C:\Program Files\YourPrivacyGuard\data\application\Microsoft Imaging.scr C:\Program Files\YourPrivacyGuard\data\application\Microsoft Managemant Console.scr C:\Program Files\YourPrivacyGuard\data\application\Microsoft Netmeeting.scr C:\Program Files\YourPrivacyGuard\data\application\Microsoft Office 2000.scr C:\Program Files\YourPrivacyGuard\data\application\Microsoft Office 2003.scr C:\Program Files\YourPrivacyGuard\data\application\Microsoft Office 97.scr C:\Program Files\YourPrivacyGuard\data\application\Microsoft Office InfoPath 2003.scr C:\Program Files\YourPrivacyGuard\data\application\Microsoft Office XP.scr C:\Program Files\YourPrivacyGuard\data\application\Microsoft Office.scr C:\Program Files\YourPrivacyGuard\data\application\Microsoft Outlook Express 5.0.scr C:\Program Files\YourPrivacyGuard\data\application\Microsoft Photo Editor 3.x.scr C:\Program Files\YourPrivacyGuard\data\application\MicroSoft PhotoDraw.scr C:\Program Files\YourPrivacyGuard\data\application\Microsoft Picture It Publishing.scr C:\Program Files\YourPrivacyGuard\data\application\Microsoft Publisher 2000.scr C:\Program Files\YourPrivacyGuard\data\application\Microsoft Visual Studio 6.scr C:\Program Files\YourPrivacyGuard\data\application\Microsoft Windows Paint.scr C:\Program Files\YourPrivacyGuard\data\application\Microsoft Windows WordPad.scr C:\Program Files\YourPrivacyGuard\data\application\Microsoft Word 2000.scr C:\Program Files\YourPrivacyGuard\data\application\Microsoft Word Backup Files.scr C:\Program Files\YourPrivacyGuard\data\application\Microsoft Works 4.0.scr C:\Program Files\YourPrivacyGuard\data\application\Mijenix Powerdesk 4.0.scr C:\Program Files\YourPrivacyGuard\data\application\MIRC.scr C:\Program Files\YourPrivacyGuard\data\application\miroMEDIA PCTV.scr C:\Program Files\YourPrivacyGuard\data\application\mixmeister.scr C:\Program Files\YourPrivacyGuard\data\application\Morpheus.scr C:\Program Files\YourPrivacyGuard\data\application\MovieXone 1.0.scr C:\Program Files\YourPrivacyGuard\data\application\Mozart 4.0.scr C:\Program Files\YourPrivacyGuard\data\application\ms autoroute express.scr C:\Program Files\YourPrivacyGuard\data\application\MS WORD.scr C:\Program Files\YourPrivacyGuard\data\application\MSE.scr C:\Program Files\YourPrivacyGuard\data\application\MSN Toolbar.scr C:\Program Files\YourPrivacyGuard\data\application\Music Match Jukebox.scr C:\Program Files\YourPrivacyGuard\data\application\MyWay Advertising.scr C:\Program Files\YourPrivacyGuard\data\application\Napster Music Community.scr C:\Program Files\YourPrivacyGuard\data\application\Naviscope.scr C:\Program Files\YourPrivacyGuard\data\application\NEATO Labels.scr C:\Program Files\YourPrivacyGuard\data\application\nero burning rom.scr C:\Program Files\YourPrivacyGuard\data\application\Nero Vision.scr C:\Program Files\YourPrivacyGuard\data\application\Net Vampire 3.x.scr C:\Program Files\YourPrivacyGuard\data\application\netants.scr C:\Program Files\YourPrivacyGuard\data\application\NetCaptor.scr C:\Program Files\YourPrivacyGuard\data\application\netmeeting.scr C:\Program Files\YourPrivacyGuard\data\application\Netsonic.scr C:\Program Files\YourPrivacyGuard\data\application\Netzip Download Demon 3.x.scr C:\Program Files\YourPrivacyGuard\data\application\NewsBin Pro 4.scr C:\Program Files\YourPrivacyGuard\data\application\Norton AntiVirus 2000 (v6).scr C:\Program Files\YourPrivacyGuard\data\application\Norton AntiVirus 2003.scr C:\Program Files\YourPrivacyGuard\data\application\Norton Commander.scr C:\Program Files\YourPrivacyGuard\data\application\Norton File Manager.scr C:\Program Files\YourPrivacyGuard\data\application\Norton Firewall.scr C:\Program Files\YourPrivacyGuard\data\application\Norton Internet Security.scr C:\Program Files\YourPrivacyGuard\data\application\Norton LiveUpdate.scr C:\Program Files\YourPrivacyGuard\data\application\Norton Utilities 2000.scr C:\Program Files\YourPrivacyGuard\data\application\NotePad Plus.scr C:\Program Files\YourPrivacyGuard\data\application\notetab lite.scr C:\Program Files\YourPrivacyGuard\data\application\NoteTab Pro.scr C:\Program Files\YourPrivacyGuard\data\application\Object Rescue.scr C:\Program Files\YourPrivacyGuard\data\application\OmniPage 10.0.scr C:\Program Files\YourPrivacyGuard\data\application\OnTrack Powerdesk 4.scr C:\Program Files\YourPrivacyGuard\data\application\Ontrack PowerDesk 5.scr C:\Program Files\YourPrivacyGuard\data\application\PackageForTheWeb.scr C:\Program Files\YourPrivacyGuard\data\application\Paint Shop Pro 5.0.scr C:\Program Files\YourPrivacyGuard\data\application\Paint Shop Pro 7.0.scr C:\Program Files\YourPrivacyGuard\data\application\Password Safe.scr C:\Program Files\YourPrivacyGuard\data\application\PE Explorer 1.95.scr C:\Program Files\YourPrivacyGuard\data\application\Personal Ancestral File.scr C:\Program Files\YourPrivacyGuard\data\application\photo magic 4.0.scr C:\Program Files\YourPrivacyGuard\data\application\PhotoCanvas 2.0.scr C:\Program Files\YourPrivacyGuard\data\application\Photodex Compupic Pro.scr C:\Program Files\YourPrivacyGuard\data\application\PhotoDraw 2000.scr C:\Program Files\YourPrivacyGuard\data\application\PhotoImpact 8.0.scr C:\Program Files\YourPrivacyGuard\data\application\PhotoImpact Viewer 4.0.scr C:\Program Files\YourPrivacyGuard\data\application\PicoZip.scr C:\Program Files\YourPrivacyGuard\data\application\PictureIt Digital Image Pro 7.0.scr C:\Program Files\YourPrivacyGuard\data\application\PKZip for Windows v2.60.03+.scr C:\Program Files\YourPrivacyGuard\data\application\PolyView.scr C:\Program Files\YourPrivacyGuard\data\application\Popup Purger.scr C:\Program Files\YourPrivacyGuard\data\application\PopUpCop.scr C:\Program Files\YourPrivacyGuard\data\application\Power archiver.scr C:\Program Files\YourPrivacyGuard\data\application\PowerArc.scr C:\Program Files\YourPrivacyGuard\data\application\PowerDVD.scr C:\Program Files\YourPrivacyGuard\data\application\PowerZip.scr C:\Program Files\YourPrivacyGuard\data\application\Privacy Eraser Pro.scr C:\Program Files\YourPrivacyGuard\data\application\Putty hostkeys.scr C:\Program Files\YourPrivacyGuard\data\application\PYTHON.scr C:\Program Files\YourPrivacyGuard\data\application\QuickTime.scr C:\Program Files\YourPrivacyGuard\data\application\Real Audio Player v6 v7 v8.scr C:\Program Files\YourPrivacyGuard\data\application\Real Download v4.scr C:\Program Files\YourPrivacyGuard\data\application\RealNetworks Real Download.scr C:\Program Files\YourPrivacyGuard\data\application\RealOne & RealPlayer.scr C:\Program Files\YourPrivacyGuard\data\application\RealVNC.scr C:\Program Files\YourPrivacyGuard\data\application\RegEdit.scr C:\Program Files\YourPrivacyGuard\data\application\Roxio Easy CD Creator.scr C:\Program Files\YourPrivacyGuard\data\application\Save Now.scr C:\Program Files\YourPrivacyGuard\data\application\Scour Exchange.scr C:\Program Files\YourPrivacyGuard\data\application\Seal Module Mlayer.scr C:\Program Files\YourPrivacyGuard\data\application\SearchAndBrowse.scr C:\Program Files\YourPrivacyGuard\data\application\SearchAnt.scr C:\Program Files\YourPrivacyGuard\data\application\SearchV.scr C:\Program Files\YourPrivacyGuard\data\application\SearchWolf.scr C:\Program Files\YourPrivacyGuard\data\application\SearchWWW.scr C:\Program Files\YourPrivacyGuard\data\application\SideStep.scr C:\Program Files\YourPrivacyGuard\data\application\Skype.scr C:\Program Files\YourPrivacyGuard\data\application\Smart Explorer.scr C:\Program Files\YourPrivacyGuard\data\application\SmartDraw 6.scr C:\Program Files\YourPrivacyGuard\data\application\smartftp.scr C:\Program Files\YourPrivacyGuard\data\application\SmartPops.scr C:\Program Files\YourPrivacyGuard\data\application\Sonic Foundry’s Acid 2.0.scr C:\Program Files\YourPrivacyGuard\data\application\Sonique Player.scr C:\Program Files\YourPrivacyGuard\data\application\Spinner Plus.scr C:\Program Files\YourPrivacyGuard\data\application\SpotOn Browser plugin.scr C:\Program Files\YourPrivacyGuard\data\application\Staff-FTP.scr C:\Program Files\YourPrivacyGuard\data\application\Star Downloader.scr C:\Program Files\YourPrivacyGuard\data\application\Stardialer.scr C:\Program Files\YourPrivacyGuard\data\application\StarOffice 5.x.scr C:\Program Files\YourPrivacyGuard\data\application\SubmitWolf Pro.scr C:\Program Files\YourPrivacyGuard\data\application\Sun Java Cache.scr C:\Program Files\YourPrivacyGuard\data\application\SureThing CD Labeler.scr C:\Program Files\YourPrivacyGuard\data\application\SVAPlayer.scr C:\Program Files\YourPrivacyGuard\data\application\SWiSH 2.0.scr C:\Program Files\YourPrivacyGuard\data\application\Teleport Pro.scr C:\Program Files\YourPrivacyGuard\data\application\Telnet.scr C:\Program Files\YourPrivacyGuard\data\application\Text Pad 4.x.scr C:\Program Files\YourPrivacyGuard\data\application\The Playa.scr C:\Program Files\YourPrivacyGuard\data\application\Third Voice 1.x.scr C:\Program Files\YourPrivacyGuard\data\application\Thumbs Plus 4.scr C:\Program Files\YourPrivacyGuard\data\application\Timesink.scr C:\Program Files\YourPrivacyGuard\data\application\TinyBar.scr C:\Program Files\YourPrivacyGuard\data\application\TOPicks.scr C:\Program Files\YourPrivacyGuard\data\application\Total Commander.scr C:\Program Files\YourPrivacyGuard\data\application\transponder.scr C:\Program Files\YourPrivacyGuard\data\application\Trellians Classify 98.scr C:\Program Files\YourPrivacyGuard\data\application\Tribal Voice’s PowWow.scr C:\Program Files\YourPrivacyGuard\data\application\Trojan Remover.scr C:\Program Files\YourPrivacyGuard\data\application\TSADBOT.scr C:\Program Files\YourPrivacyGuard\data\application\UCmore toolbar.scr C:\Program Files\YourPrivacyGuard\data\application\Ulead Gif Animator v4.0.scr C:\Program Files\YourPrivacyGuard\data\application\Ulead GIF Animator v5.0.scr C:\Program Files\YourPrivacyGuard\data\application\Ulead Photo Explorer v4.2.scr C:\Program Files\YourPrivacyGuard\data\application\Ulead Photo Express.scr C:\Program Files\YourPrivacyGuard\data\application\Ulead PhotoImpact v5.scr C:\Program Files\YourPrivacyGuard\data\application\Ulead VideoStudio 4.0.scr C:\Program Files\YourPrivacyGuard\data\application\Ultimate Paint.scr C:\Program Files\YourPrivacyGuard\data\application\ULTImate Technology BV v5.5.scr C:\Program Files\YourPrivacyGuard\data\application\UltraEdit v4.scr C:\Program Files\YourPrivacyGuard\data\application\UltraEdit v7.scr C:\Program Files\YourPrivacyGuard\data\application\UltraEdit.scr C:\Program Files\YourPrivacyGuard\data\application\UltraISO 7.x.scr C:\Program Files\YourPrivacyGuard\data\application\uTorrent 1.x.scr C:\Program Files\YourPrivacyGuard\data\application\VBoxEdit.scr C:\Program Files\YourPrivacyGuard\data\application\VirtualDub.scr C:\Program Files\YourPrivacyGuard\data\application\VMWARE.scr C:\Program Files\YourPrivacyGuard\data\application\Vueprint.scr C:\Program Files\YourPrivacyGuard\data\application\VX2 Respondmiter.scr C:\Program Files\YourPrivacyGuard\data\application\W32Dasm.scr C:\Program Files\YourPrivacyGuard\data\application\Web Ferret v3.scr C:\Program Files\YourPrivacyGuard\data\application\WebFerret.scr C:\Program Files\YourPrivacyGuard\data\application\webhancer.scr C:\Program Files\YourPrivacyGuard\data\application\Wildstylz.scr C:\Program Files\YourPrivacyGuard\data\application\WildTangent.scr C:\Program Files\YourPrivacyGuard\data\application\WinAce.scr C:\Program Files\YourPrivacyGuard\data\application\winamp.scr C:\Program Files\YourPrivacyGuard\data\application\Windows Commander.scr C:\Program Files\YourPrivacyGuard\data\application\WinHTTrack Website Copier.scr C:\Program Files\YourPrivacyGuard\data\application\WinOnCD.scr C:\Program Files\YourPrivacyGuard\data\application\WinRar.scr C:\Program Files\YourPrivacyGuard\data\application\Winshow.scr C:\Program Files\YourPrivacyGuard\data\application\WinUAE.scr C:\Program Files\YourPrivacyGuard\data\application\Winupie.scr C:\Program Files\YourPrivacyGuard\data\application\WinVNC.scr C:\Program Files\YourPrivacyGuard\data\application\WinZip v8.scr C:\Program Files\YourPrivacyGuard\data\application\Wise Installer.scr C:\Program Files\YourPrivacyGuard\data\application\Worm.Sobig.scr C:\Program Files\YourPrivacyGuard\data\application\WurldMedia.scr C:\Program Files\YourPrivacyGuard\data\application\Xara 3D v4.x.scr C:\Program Files\YourPrivacyGuard\data\application\Xara Webstyle.scr C:\Program Files\YourPrivacyGuard\data\application\XDialer.scr C:\Program Files\YourPrivacyGuard\data\application\XING MP3 PLAYER.scr C:\Program Files\YourPrivacyGuard\data\application\XLoader.scr C:\Program Files\YourPrivacyGuard\data\application\Xolox.scr C:\Program Files\YourPrivacyGuard\data\application\Xrenoder.scr C:\Program Files\YourPrivacyGuard\data\application\Xupiter toolbar.scr C:\Program Files\YourPrivacyGuard\data\application\Xzoomy.scr C:\Program Files\YourPrivacyGuard\data\application\Yahoo Player.scr C:\Program Files\YourPrivacyGuard\data\application\Yahoo! Toolbar.scr C:\Program Files\YourPrivacyGuard\data\application\Yamaha S-YXG100.scr C:\Program Files\YourPrivacyGuard\data\application\ZeroPopup.scr C:\Program Files\YourPrivacyGuard\data\application\ZipMagic 2000.scr C:\Program Files\YourPrivacyGuard\data\application\Zone Alarm.scr C:\Program Files\YourPrivacyGuard\data\brand.dat C:\Program Files\YourPrivacyGuard\data\firefox\firefox - cache.scr C:\Program Files\YourPrivacyGuard\data\firefox\firefox - cookies.scr C:\Program Files\YourPrivacyGuard\data\firefox\firefox - history.scr C:\Program Files\YourPrivacyGuard\data\ie\ie cookies.scr C:\Program Files\YourPrivacyGuard\data\ie\ie internet cache.scr C:\Program Files\YourPrivacyGuard\data\ie\ie privacy history.scr C:\Program Files\YourPrivacyGuard\data\ie\ie typed urls.scr C:\Program Files\YourPrivacyGuard\data\ie\ie url history.scr C:\Program Files\YourPrivacyGuard\data\ie\windows autocomplete.scr C:\Program Files\YourPrivacyGuard\data\ie\windows downloaded files.scr C:\Program Files\YourPrivacyGuard\data\ie\windows favorites order.scr C:\Program Files\YourPrivacyGuard\data\ie\windows passwords.scr C:\Program Files\YourPrivacyGuard\data\messanger\aim.scr C:\Program Files\YourPrivacyGuard\data\messanger\AOL Bart.scr C:\Program Files\YourPrivacyGuard\data\messanger\AOL Instant Messenger.scr C:\Program Files\YourPrivacyGuard\data\messanger\aolim.scr C:\Program Files\YourPrivacyGuard\data\messanger\icq - download.scr C:\Program Files\YourPrivacyGuard\data\messanger\icq - logs.scr C:\Program Files\YourPrivacyGuard\data\messanger\Miranda ICQ.scr C:\Program Files\YourPrivacyGuard\data\messanger\MSN Messenger User Account.scr C:\Program Files\YourPrivacyGuard\data\messanger\Trillian cache.scr C:\Program Files\YourPrivacyGuard\data\messanger\trillian downloads.scr C:\Program Files\YourPrivacyGuard\data\messanger\trillian logs.scr C:\Program Files\YourPrivacyGuard\data\messanger\yahoo messenger logs.scr C:\Program Files\YourPrivacyGuard\data\messanger\Yahoo! Messenger.scr C:\Program Files\YourPrivacyGuard\data\mozilla\mozilla - autocomplete.scr C:\Program Files\YourPrivacyGuard\data\mozilla\mozilla - cache.scr C:\Program Files\YourPrivacyGuard\data\mozilla\mozilla - cookies.scr C:\Program Files\YourPrivacyGuard\data\mozilla\Mozilla - history.scr C:\Program Files\YourPrivacyGuard\data\mozilla\mozilla - saved passwords.scr C:\Program Files\YourPrivacyGuard\data\mozilla\Mozilla - typed urls.scr C:\Program Files\YourPrivacyGuard\data\netscape\netscape - cache.scr C:\Program Files\YourPrivacyGuard\data\netscape\netscape - cookies.scr C:\Program Files\YourPrivacyGuard\data\netscape\netscape - history.scr C:\Program Files\YourPrivacyGuard\data\netscape\Netscape Navigator - last trusted apps.scr C:\Program Files\YourPrivacyGuard\data\opera\Opera Browser - cache.scr C:\Program Files\YourPrivacyGuard\data\opera\Opera Browser - cookies.scr C:\Program Files\YourPrivacyGuard\data\opera\Opera Browser - Download.scr C:\Program Files\YourPrivacyGuard\data\opera\Opera Browser - history.scr C:\Program Files\YourPrivacyGuard\data\opera\Opera Browser - misc.scr C:\Program Files\YourPrivacyGuard\data\opera\Opera Browser - mru.scr C:\Program Files\YourPrivacyGuard\data\opera\Opera Browser - visited.scr C:\Program Files\YourPrivacyGuard\data\sfl.dat C:\Program Files\YourPrivacyGuard\data\skin.skn C:\Program Files\YourPrivacyGuard\data\srl.dat C:\Program Files\YourPrivacyGuard\data\windows\Direct Draw.scr C:\Program Files\YourPrivacyGuard\data\windows\direct input.scr C:\Program Files\YourPrivacyGuard\data\windows\last files.scr C:\Program Files\YourPrivacyGuard\data\windows\Microsoft Send-To Extensions.scr C:\Program Files\YourPrivacyGuard\data\windows\windows applog.scr C:\Program Files\YourPrivacyGuard\data\windows\windows documents.scr C:\Program Files\YourPrivacyGuard\data\windows\Windows Downloaded Installations.scr C:\Program Files\YourPrivacyGuard\data\windows\windows empty recylcing bin.scr C:\Program Files\YourPrivacyGuard\data\windows\Windows Explorer User Assistant history.scr C:\Program Files\YourPrivacyGuard\data\windows\windows findfile.scr C:\Program Files\YourPrivacyGuard\data\windows\Windows FTP Accounts.scr C:\Program Files\YourPrivacyGuard\data\windows\windows hotfix uninstall.scr C:\Program Files\YourPrivacyGuard\data\windows\windows logfiles.scr C:\Program Files\YourPrivacyGuard\data\windows\Windows Mapped Drives.scr C:\Program Files\YourPrivacyGuard\data\windows\windows media player 7.scr C:\Program Files\YourPrivacyGuard\data\windows\windows minidump.scr C:\Program Files\YourPrivacyGuard\data\windows\windows MUICache.scr C:\Program Files\YourPrivacyGuard\data\windows\windows network links.scr C:\Program Files\YourPrivacyGuard\data\windows\windows opensave.scr C:\Program Files\YourPrivacyGuard\data\windows\windows openwith.scr C:\Program Files\YourPrivacyGuard\data\windows\windows prefetch.scr C:\Program Files\YourPrivacyGuard\data\windows\windows reg history.scr C:\Program Files\YourPrivacyGuard\data\windows\windows run history.scr C:\Program Files\YourPrivacyGuard\data\windows\windows search.scr C:\Program Files\YourPrivacyGuard\data\windows\windows start menu order.scr C:\Program Files\YourPrivacyGuard\data\windows\windows stream history.scr C:\Program Files\YourPrivacyGuard\data\windows\windows temp.scr C:\Program Files\YourPrivacyGuard\data\windows\windows update.scr C:\Program Files\YourPrivacyGuard\data\windows\Windows XP Unread Mail Count.scr C:\Program Files\YourPrivacyGuard\default.ini C:\Program Files\YourPrivacyGuard\diagnosis.dat C:\Program Files\YourPrivacyGuard\GDC.exe C:\Program Files\YourPrivacyGuard\GDC.url C:\Program Files\YourPrivacyGuard\GDCPatch.exe C:\Program Files\YourPrivacyGuard\gfx\button_arrow.bmp C:\Program Files\YourPrivacyGuard\gfx\button_arrow2.bmp C:\Program Files\YourPrivacyGuard\gfx\buy.bmp C:\Program Files\YourPrivacyGuard\gfx\checked.bmp C:\Program Files\YourPrivacyGuard\gfx\custom.bmp C:\Program Files\YourPrivacyGuard\gfx\customcleanup.bmp C:\Program Files\YourPrivacyGuard\gfx\header.bmp C:\Program Files\YourPrivacyGuard\gfx\icon.ico C:\Program Files\YourPrivacyGuard\gfx\icon_about.ico C:\Program Files\YourPrivacyGuard\gfx\icon_checked.ico C:\Program Files\YourPrivacyGuard\gfx\icon_grayed.ico C:\Program Files\YourPrivacyGuard\gfx\icon_link.ico C:\Program Files\YourPrivacyGuard\gfx\icon_manual.ico C:\Program Files\YourPrivacyGuard\gfx\icon_quit.ico C:\Program Files\YourPrivacyGuard\gfx\icon_support.ico C:\Program Files\YourPrivacyGuard\gfx\icon_unchecked.ico C:\Program Files\YourPrivacyGuard\gfx\icon_uncheked.ico C:\Program Files\YourPrivacyGuard\gfx\icon_uninstall.ico C:\Program Files\YourPrivacyGuard\gfx\icon_update.ico C:\Program Files\YourPrivacyGuard\gfx\log.bmp C:\Program Files\YourPrivacyGuard\gfx\logo.bmp C:\Program Files\YourPrivacyGuard\gfx\register.bmp C:\Program Files\YourPrivacyGuard\gfx\settings.bmp C:\Program Files\YourPrivacyGuard\gfx\sign_green.bmp C:\Program Files\YourPrivacyGuard\gfx\sign_green_big.bmp C:\Program Files\YourPrivacyGuard\gfx\sign_red.bmp C:\Program Files\YourPrivacyGuard\gfx\sign_red_big.bmp C:\Program Files\YourPrivacyGuard\gfx\sign_yellow.bmp C:\Program Files\YourPrivacyGuard\gfx\splash.bmp C:\Program Files\YourPrivacyGuard\gfx\status_good.bmp C:\Program Files\YourPrivacyGuard\gfx\status_risk.bmp C:\Program Files\YourPrivacyGuard\gfx\support.bmp C:\Program Files\YourPrivacyGuard\gfx\sys_shield.bmp C:\Program Files\YourPrivacyGuard\gfx\sys_update.bmp C:\Program Files\YourPrivacyGuard\gfx\sysstatus.bmp C:\Program Files\YourPrivacyGuard\gfx\unchecked.bmp C:\Program Files\YourPrivacyGuard\gfx\update.bmp C:\Program Files\YourPrivacyGuard\IH.exe C:\Program Files\YourPrivacyGuard\lang\Arabic.lng C:\Program Files\YourPrivacyGuard\lang\Brazilian.lng C:\Program Files\YourPrivacyGuard\lang\Catalan.lng C:\Program Files\YourPrivacyGuard\lang\Chinese.lng C:\Program Files\YourPrivacyGuard\lang\Czech.lng C:\Program Files\YourPrivacyGuard\lang\Danish.lng C:\Program Files\YourPrivacyGuard\lang\Dutch.lng C:\Program Files\YourPrivacyGuard\lang\English.lng C:\Program Files\YourPrivacyGuard\lang\Finnish.lng C:\Program Files\YourPrivacyGuard\lang\French.lng C:\Program Files\YourPrivacyGuard\lang\German.lng C:\Program Files\YourPrivacyGuard\lang\Greek.lng C:\Program Files\YourPrivacyGuard\lang\Hebrew.lng C:\Program Files\YourPrivacyGuard\lang\Italian.lng C:\Program Files\YourPrivacyGuard\lang\Japanese.lng C:\Program Files\YourPrivacyGuard\lang\Malayan.lng C:\Program Files\YourPrivacyGuard\lang\Norwegian.lng C:\Program Files\YourPrivacyGuard\lang\Polish.lng C:\Program Files\YourPrivacyGuard\lang\Portuguese.lng C:\Program Files\YourPrivacyGuard\lang\Russian.lng C:\Program Files\YourPrivacyGuard\lang\Slovenian.lng C:\Program Files\YourPrivacyGuard\lang\Spanish.lng C:\Program Files\YourPrivacyGuard\lang\Swedish.lng C:\Program Files\YourPrivacyGuard\lang\Thai.lng C:\Program Files\YourPrivacyGuard\lang\Turkish.lng C:\Program Files\YourPrivacyGuard\License.rtf C:\Program Files\YourPrivacyGuard\Readme.rtf C:\Program Files\YourPrivacyGuard\secure_del.dll C:\Program Files\YourPrivacyGuard\sr.log C:\Program Files\YourPrivacyGuard\support.url C:\Program Files\YourPrivacyGuard\UGDCcw.exe C:\Program Files\YourPrivacyGuard\unins000.dat C:\Program Files\YourPrivacyGuard\unins000.exe C:\Program Files\YourPrivacyGuard\updater.dat C:\Program Files\YourPrivacyGuard\updater.exe C:\Program Files\YourPrivacyGuard\ver.dat . ((((((((((((((((((((((((( Files Created from 2007-11-03 to 2007-12-03 ))))))))))))))))))))))))))))))) . 2007-12-03 20:54 . 2007-12-03 21:00 2007-12-02 19:51 . 2007-09-05 23:22 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe 2007-12-02 19:51 . 2006-04-27 16:49 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe 2007-12-02 19:51 . 2003-06-05 20:13 53,248 --a------ C:\WINDOWS\system32\Process.exe 2007-12-02 19:51 . 2004-07-31 17:50 51,200 --a------ C:\WINDOWS\system32\dumphive.exe 2007-12-02 19:51 . 2007-10-03 23:36 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe 2007-12-02 19:51 . 2007-12-02 20:04 1,464 --a------ C:\WINDOWS\system32\tmp.reg 2007-12-02 15:23 . 2007-12-02 15:23 2007-12-02 15:21 . 2007-12-02 15:21 2007-12-02 15:19 . 2007-12-02 15:19 2007-12-02 15:19 . 2007-02-13 08:09 388,126 --a------ C:\WINDOWS\system32\sqlite3.dll 2007-12-02 15:18 . 2004-10-07 13:39 1,060,864 --a------ C:\WINDOWS\system32\mfc71.dll 2007-12-02 15:18 . 2004-10-07 13:39 499,712 --a------ C:\WINDOWS\system32\msvcp71.dll 2007-12-02 15:18 . 2004-10-07 13:39 348,160 --a------ C:\WINDOWS\system32\msvcr71.dll 2007-12-02 15:18 . 2004-10-07 13:39 89,088 --a------ C:\WINDOWS\system32\atl71.dll 2007-12-02 15:18 . 2001-03-08 18:30 24,064 --a------ C:\WINDOWS\system32\msxml3a.dll 2007-12-02 15:01 . 2007-12-02 15:01 2007-12-02 15:01 . 2007-12-02 15:02 . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2007-12-02 14:46 --------- d-----w C:\Program Files\microsoft frontpage . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown [HKEY_USERS.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] “CTFMON.EXE”=“C:\WINDOWS\system32\CTFMON.EXE” [2004-08-04 12:00] . ************************************************************************** catchme 0.3.1318 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2007-12-03 21:49:09 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes … scanning hidden autostart entries … scanning hidden files … scan completed successfully hidden files: 0 ************************************************************************** . Completion time: 2007-12-03 21:49:40 - machine was rebooted C:\ComboFix2.txt … 2007-12-03 20:55 C:\ComboFix3.txt … 2007-12-02 20:03 . — E O F —

Dawać jeszcze jakieś logi?

Gutek · 3 Grudzień 2007 22:06

Wklej do Notatnika:

>>Plik>>Zapisz jako… >>> CFScript (najwygodniej będzie, jeśli zapiszesz w takiej lokalizacji, by ikonka CFScript.txt znalazła się obok ikonki ComboFix.exe )

Przeciągnij i upuść plik CFScript.txt na plik ComboFix.exe (czyli ikonkę CFScript.txt na ikonkę ComboFix.exe )

– podobnie jak na tym obrazku –>

(jeśli pojawi się pytanie " 1 or 2" - to wpisz 1 i naciśnij ENTER) Ma się rozpocząć usuwanie. (i powstanie log)

Po restarcie usuń ręcznie folder C: ** Qoobox**.

Po tym nowy log z Combo

Piwollo · 3 Grudzień 2007 22:12

ComboFix 07-12-02.5 - marta 2007-12-03 22:09:25.4 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.2.1250.48.1033.18.144 [GMT 0:00] Running from: C:\Documents and Settings\marta\Desktop\ComboFix.exe Command switches used :: C:\Documents and Settings\marta\Desktop\CFScript.txt * Created a new restore point . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\Documents and Settings\All Users\Application Data\systemerrorfixer C:\Documents and Settings\All Users\Application Data\systemerrorfixer\Data\ac C:\Documents and Settings\All Users\Application Data\systemerrorfixer\Data\em C:\Documents and Settings\All Users\Application Data\systemerrorfixer\Data\oid C:\Documents and Settings\All Users\Application Data\systemerrorfixer\Data\user C:\Documents and Settings\All Users\Application Data\YourPrivacyGuard C:\Documents and Settings\All Users\Application Data\YourPrivacyGuard\Abbr C:\Documents and Settings\All Users\Application Data\YourPrivacyGuard\ProdCode . ((((((((((((((((((((((((( Files Created from 2007-11-03 to 2007-12-03 ))))))))))))))))))))))))))))))) . 2007-12-03 21:54 . 2007-12-03 21:54 2007-12-02 19:51 . 2007-09-05 23:22 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe 2007-12-02 19:51 . 2006-04-27 16:49 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe 2007-12-02 19:51 . 2003-06-05 20:13 53,248 --a------ C:\WINDOWS\system32\Process.exe 2007-12-02 19:51 . 2004-07-31 17:50 51,200 --a------ C:\WINDOWS\system32\dumphive.exe 2007-12-02 19:51 . 2007-10-03 23:36 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe 2007-12-02 19:51 . 2007-12-02 20:04 1,464 --a------ C:\WINDOWS\system32\tmp.reg 2007-12-02 15:23 . 2007-12-02 15:23 2007-12-02 15:19 . 2007-02-13 08:09 388,126 --a------ C:\WINDOWS\system32\sqlite3.dll 2007-12-02 15:18 . 2004-10-07 13:39 1,060,864 --a------ C:\WINDOWS\system32\mfc71.dll 2007-12-02 15:18 . 2004-10-07 13:39 499,712 --a------ C:\WINDOWS\system32\msvcp71.dll 2007-12-02 15:18 . 2004-10-07 13:39 348,160 --a------ C:\WINDOWS\system32\msvcr71.dll 2007-12-02 15:18 . 2004-10-07 13:39 89,088 --a------ C:\WINDOWS\system32\atl71.dll 2007-12-02 15:18 . 2001-03-08 18:30 24,064 --a------ C:\WINDOWS\system32\msxml3a.dll 2007-12-02 15:01 . 2007-12-02 15:01 2007-12-02 15:01 . 2007-12-02 15:02 . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2007-12-02 14:46 --------- d-----w C:\Program Files\microsoft frontpage . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown [HKEY_USERS.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] “CTFMON.EXE”=“C:\WINDOWS\system32\CTFMON.EXE” [2004-08-04 12:00] . ************************************************************************** catchme 0.3.1318 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2007-12-03 22:10:26 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes … scanning hidden autostart entries … scanning hidden files … scan completed successfully hidden files: 0 ************************************************************************** . Completion time: 2007-12-03 22:10:53 . — E O F —

Teraz musi , być czysto

Gutek · 3 Grudzień 2007 22:22

Już powinnio być Ok

Piwollo · 3 Grudzień 2007 22:23

Dzięki Ci wielkie, jak również w imieniu mojej koleżanki

Pozdrawiam.