jessica

Otwórz Notatnik i wklej w nim:

BHO: No Name -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} ->  No File

BHO-x32: No Name -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} ->  No File

Plik zapisz pod nazwą fixlist.txt i umieść obok narzędzia FRST. Uruchom FRST i kliknij w Fix.

>Google Chrome

> Naciśnij klawisze: lewy Alt+F i kliknij przycisk Ustawienia >

> Sekcja: Po uruchomieniu > wybierz: Otwórz konkretną stronę lub zestaw stron >

> Kliknij: Wybierz strony >

> Usuń: sweet-page.com, wpisz nowy adres strony głównej i kliknij przycisk OK.

Zgłosiłam już Moderatorom, że temat jest do przesunięcia.

jessi

Temat pewnie zostanie przesunięty do działu Windows 7, ale najpierw musimy usunąć śmieci:

1. Odinstaluj MyFreeCodec.

2. Użyj AdwCleaner. Najpierw kliknij na SZUKAJ, a dopiero po zakończeniu skanowania, gdy uaktywni się przycisk USUŃ, to kliknij na niego. Pokaż raport z niego.

3. Otwórz Notatnik i wklej w nim:

C:\ProgramData\IePluginServices\PluginService.exe

C:\ProgramData\IePluginServices

C:\ProgramData\WindowsMangerProtect

Reg: reg delete "HKU\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes" /f

Reg: reg delete "HKU\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes" /f

Reg: reg delete "HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes" /f

C:\Users\Czarek\AppData\Local\Temp\AxSFADownloader.exe

C:\Users\Czarek\AppData\Local\Temp\downloader_for_getskype-wlm.exe

C:\Users\Czarek\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpdzhy6x.dll

C:\Users\Czarek\AppData\Local\Temp\ICReinstall_downloader_for_getskype-wlm.exe

C:\Users\Czarek\Downloads\FRST-OlderVersion

C:\ProgramData\374311380

Reboot:

Plik zapisz pod nazwą fixlist.txt i umieść obok narzędzia FRST. Uruchom FRST i kliknij w Fix. Powstanie plik fixlog.txt. Daj ten log.

4. Zrób nowe logi z FRST.

jessi

Restart routera rozwiąże mój problem?

Ta wersja infekcji najczęściej wykorzystuje router, więc najpierw wykonaj Fix.Reg, który podałam, a jeśli to nie pomoże, to zresetujesz router.

jeśli nie wiesz,jak go zresetować, to skontaktuj się ze swoim dostawcą internetu.

jessi

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 5.175.225.136 8.8.8.8

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1DC05097-F115-4528-98ED-E86941FBA218}: DhcpNameServer = 5.175.225.136 8.8.8.8

Mam nadzieję, że nie korzystasz z routera! Jeśli tak, to trzeba go będzie zresetować.

Jeśli nie korzystasz z routera, to:

Do Notatnika wklej:

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{1DC05097-F115-4528-98ED-E86941FBA218}]
"NameServer"=-

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{1DC05097-F115-4528-98ED-E86941FBA218}]
"NameServer"="8.8.8.8"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters]
"DhcpNameServer"=-

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters]
"DhcpNameServer"="8.8.8.8"

plik uruchom (dwuklik i OK).

Zrestartuj komputer.

Nie przeglądałam dokładniej logów!

jessi

Zrób sobie log z OTL, i sprawdź, czy nadal są w nim te wpisy:

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 5.175.225.136 8.8.8.8
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4B847115-4C3C-4F41-9BCA-46D37E0BF5D7}: DhcpNameServer = 5.175.225.136 8.8.8.8

 

jessi

@Pyziulka

Możesz spróbować najpierw usunąć niemiecki serwer

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 5.175.225.136 8.8.8.8
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4B847115-4C3C-4F41-9BCA-46D37E0BF5D7}: DhcpNameServer = 5.175.225.136 8.8.8.8

Do Notatnika wklej:

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{4B847115-4C3C-4F41-9BCA-46D37E0BF5D7}]
"NameServer"=-

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{4B847115-4C3C-4F41-9BCA-46D37E0BF5D7}]
"NameServer"="8.8.8.8"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters]
"DhcpNameServer"=-

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters]
"DhcpNameServer"="8.8.8.8"

Z Menu Notatnika >> Plik >> Zapisz jako >> Ustaw rozszerzenie na Wszystkie pliki >> Zapisz jako> FIX.REG >>
plik uruchom (dwuklik i OK).
Zrestartuj komputer.

Skrypt pasuje tylko do komputera @Pyziulka, u innych Użytkowników będą inne dane!

jessi

Chyba możemy kończyć"

Otwórz Notatnik i wklej w nim:

DeleteQuarantine:

jessi

W logach nic nie wskazuje na istnienie jakiejkolwiek infekcji.

Otwórz Notatnik i wklej w nim:

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sleeping Dogs\Sleeping Dogs.lnk -> G:\Sleeping Dogs\HKShip.exe (No File)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sleeping Dogs\Uninstall the game.lnk -> G:\Sleeping Dogs\unins000.exe (No File)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Rockstar Games\Max Payne 3\Max Payne 3 Deinstalacja.lnk -> G:\Max Payne 3\Uninstall\unins000.exe (No File)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Rockstar Games\Max Payne 3\Max Payne 3.lnk -> G:\Max Payne 3\MaxPayne3.exe (No File)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Allied Intent Xtended\AIX 2.0.lnk -> G:\Battlefield 2\BF2.exe (No File)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Allied Intent Xtended\Uninstall.lnk -> G:\Battlefield 2\AIXuninstaller.exe (No File)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Allied Intent Xtended\Website.lnk -> G:\Battlefield 2\Allied Intent Xtended.url (No File)
Shortcut: C:\ProgramData\Microsoft\Windows\GameExplorer\{0F0D298B-FC3C-4CD7-81CA-1BFB6B1FD67C}\PlayTasks\3\Detection.exe.lnk -> G:\Tom Clancy's Rainbow Six Vegas 2\Binaries\Detection.exe (No File)
Shortcut: C:\ProgramData\Microsoft\Windows\GameExplorer\{0F0D298B-FC3C-4CD7-81CA-1BFB6B1FD67C}\PlayTasks\2\Game Manual.lnk -> G:\Tom Clancy's Rainbow Six Vegas 2\Support\Manual\R6Vegas2.pdf (No File)
Shortcut: C:\ProgramData\Microsoft\Windows\GameExplorer\{0F0D298B-FC3C-4CD7-81CA-1BFB6B1FD67C}\PlayTasks\1\ReadMe.txt.lnk -> G:\Tom Clancy's Rainbow Six Vegas 2\Support\ReadMe\ReadMe.txt (No File)
Shortcut: C:\ProgramData\Microsoft\Windows\GameExplorer\{0F0D298B-FC3C-4CD7-81CA-1BFB6B1FD67C}\PlayTasks\0\Play.lnk -> G:\Tom Clancy's Rainbow Six Vegas 2\Binaries\R6Vegas2_Launcher.exe (No File)
Shortcut: C:\Users\Sebasian\Desktop\Pulpit2\BF2SPCC.lnk -> G:\Battlefield 2\BF2SPCC.exe (No File)
Shortcut: C:\Users\Sebasian\Desktop\Pulpit2\Graj w Battlefield 2 w sieci!.lnk -> G:\Battlefield 2\BF2.exe (No File)
SearchScopes: HKLM - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL =
Reboot:

jessi

1) Odinstaluj:

"ToggleMark" = ToggleMark

2) Otwórz Notatnik i wklej w nim:

C:\Program Files\ToggleMark\updateToggleMark.exe
C:\Program Files\ToggleMark\bin\utilToggleMark.exe
C:\Program Files\ToggleMark\bin\ToggleMark.PurBrowse.exe
C:\Program Files\ToggleMark\bin\ToggleMark.BrowserAdapter.exe
C:\Program Files\ToggleMark
MSCONFIG\startupreg: mobilegeni daemon => C:\Program Files\Mobogenie\DaemonProcess.exe
C:\Program Files\Mobogenie
C:\Users\wangzhisong
C:\Users\Ania\AppData\Local\Genesis_06271645
C:\Windows\System32\drivers\{af16abf4-eac1-49b4-93fc-58f6ca799135}Gw.sys
HKLM\...\Run: [fst_pl_143] => [X]
SearchScopes: HKLM - Backup.Old.DefaultScope {EEE7E0A3-AE64-4dc8-84D1-F5D7BAF2DB0C}
SearchScopes: HKLM - {23FA443D-A205-CD28-13CF-679F27AB67E0} URL = http://slirsredirect.search.aol.com/redirector/sredir?sredir=2685&query={searchTerms}&invocationType=tb50-ie-winamp-chromesbox-en-us&tb_uuid=20120322181946311&tb_oid=22-03-2012&tb_mrud=22-03-2012
SearchScopes: HKCU - Backup.Old.DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86}
SearchScopes: HKCU - {23FA443D-A205-CD28-13CF-679F27AB67E0} URL =
BHO: ToggleMark - {24ac098d-eb44-41b3-abaa-f4bc67d4d64d} - C:\Program Files\ToggleMark\ToggleMarkBHO.dll (ToggleMark)
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_39-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0039-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_39-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_39-windows-i586.cab
FF Extension: ToggleMark - C:\Users\Ania\AppData\Roaming\Mozilla\Firefox\Profiles\8ybmlq4q.default-1403958785376\Extensions\{af16abf4-eac1-49b4-93fc-58f6ca799135}.xpi [2014-06-28]
R2 Update ToggleMark; C:\Program Files\ToggleMark\updateToggleMark.exe [318752 2014-06-29] ()
R2 Util ToggleMark; C:\Program Files\ToggleMark\bin\utilToggleMark.exe [318752 2014-06-29] ()
R1 {af16abf4-eac1-49b4-93fc-58f6ca799135}Gw; C:\Windows\System32\drivers\{af16abf4-eac1-49b4-93fc-58f6ca799135}Gw.sys [52928 2014-06-09] (StdLib)
C:\Users\Ania\AppData\Local\temp\f.exe
C:\Users\Ania\AppData\Local\temp\ICReinstall_AdwCleaner 3.213.exe
Reboot:

3) Zrób nowe logi z FRST - już bez SHORTCUT.

jessi

HKLM\SYSTEM\CurrentControlSet\services\WinHttpAudoProxySvc

Locked "WinHttpAudoProxySvc" service could not be unlocked. <===== ATTENTION

 

No tak, ta usługa jest zablokowana, wiec nie da się jej usunąć.

Pliki tej usługi (Systemowe!) nie są zablokowane,ale ich nie wolno usuwać; zresztą ich usunięcie w niczym by nie pomogło.

Gdyby @Picasso była w stanie pomagać (jest chora), to pewnie znalazła by sposób na odblokowanie tej usługi, i potem usunięcie.

Ja nie jestem aż tak zaawansowana.

jessi

Otwórz Notatnik i wklej w nim:

DeleteQuarantine:

W Adw-Cleaner kliknij na przycisk Odinstaluj (UNINSTALL)

W OTL kliknij na przycisk Sprzątanie - to go usunie razem z jego Kwarantanną.
Jednocześnie zniknie GMER.

jessi

Otwórz Notatnik i wklej w nim:

Toolbar: HKLM - Avira SearchFree Toolbar - {41564952-412D-5637-00A7-7A786E7484D7} - "C:\Program Files (x86)\AskPartnerNetwork\Toolbar\AVIRA-V7\Passport_x64.dll" No File
Toolbar: HKLM-x32 - Avira SearchFree Toolbar - {41564952-412D-5637-00A7-7A786E7484D7} - "C:\Program Files (x86)\AskPartnerNetwork\Toolbar\AVIRA-V7\Passport.dll" No File
Toolbar: HKCU - Avira SearchFree Toolbar - {41564952-412D-5637-00A7-7A786E7484D7} - "C:\Program Files (x86)\AskPartnerNetwork\Toolbar\AVIRA-V7\Passport_x64.dll" No File
C:\Users\Vip\AppData\Local\Temp\avgnt.exe
Reboot:

Napisz, jak oceniasz sytuację z wyskakującymi reklamami?

jessi

Nie wiem, kiedy @Picasso będzie w stanie znów pomagać.

1) Odinstaluj:

Greener Web (HKLM\...\Greener Web) (Version: 2014.06.21.141109 - Greener Web) <==== ATTENTION

2) Użyj >Adw-cleaner
najpierw kliknij na SZUKAJ, a dopiero po zakończeniu skanowania, gdy uaktywni się przycisk USUŃ, to kliknij na niego.
Pokaż raport z niego C:\AdwCleaner\AdwCleaner.txt

3) Otwórz Notatnik i wklej w nim:

C:\Program Files (x86)\Greener Web\bin\utilGreenerWeb.exe
C:\Program Files (x86)\Greener Web\bin\GreenerWeb.BrowserAdapter.exe
C:\Program Files (x86)\Greener Web\bin\GreenerWeb.PurBrowse64.exe
C:\Program Files (x86)\Greener Web\updateGreenerWeb.exe
C:\Program Files (x86)\Greener Web\bin\GreenerWebBAApp.dll
Reg: reg delete "HKU\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes" /f
Reg: reg delete "HKU\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes" /f
Reg: reg delete "HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes" /f
R2 Update Greener Web; C:\Program Files (x86)\Greener Web\updateGreenerWeb.exe [318752 2014-06-29] ()
R2 Util Greener Web; C:\Program Files (x86)\Greener Web\bin\utilGreenerWeb.exe [318752 2014-06-29] ()
R1 {a3f28269-ad17-41a8-b032-3e0313ef8979}Gw64; C:\Windows\System32\drivers\{a3f28269-ad17-41a8-b032-3e0313ef8979}Gw64.sys [61120 2014-06-20] (StdLib)
C:\Windows\System32\drivers\{a3f28269-ad17-41a8-b032-3e0313ef8979}Gw64.sys
S3 massfilter; system32\DRIVERS\massfilter.sys [X]
S3 ZTEusbmdm6k; system32\DRIVERS\ZTEusbmdm6k.sys [X]
S3 ZTEusbnet; system32\DRIVERS\ZTEusbnet.sys [X]
S3 ZTEusbnmea; system32\DRIVERS\ZTEusbnmea.sys [X]
S3 ZTEusbser6k; system32\DRIVERS\ZTEusbser6k.sys [X]
C:\Users\Vip\AppData\Local\Temp\avgnt.exe
C:\Users\Vip\AppData\Local\Temp\odk_setup.exe
Reboot:

4) Zrób nowe logi z FRST (już bez SHORTCUT)

jessi

Wciąż czekam na instrukcje, sytuacja ostatnio pogorszyła się jeszcze bardziej. Nie mogę normalnie użyć żadnej aplikacji bo mam straszne spadki fpsów lub przycięcia.

Na wszelki wypadek zrób wszystkie nowe logi.

Choć najprawdopodobniej problem nie ma nic wspólnego z "wirusami".

jessi

Otwórz Notatnik i wklej w nim:

CHR Plugin: (globalUpdate Update) - C:\Program Files\globalUpdate\Update\1.3.25.0\npGoogleUpdate4.dll No File
Reboot:

Raportu z tego już nie dawaj.

Kończymy:

W Adw-Cleaner kliknij na przycisk Odinstaluj (UNINSTALL)

Otwórz Notatnik i wklej w nim:

DeleteQuarantine:

jessi

Nie wiem, czy dziś @Picasso będzie juz pomagać, - jesli nie będzie, to wykonasz to:

1) Użyj >Adw-cleaner
najpierw kliknij na SZUKAJ, a dopiero po zakończeniu skanowania, gdy uaktywni się przycisk USUŃ, to kliknij na niego.
Pokaż raport z niego C:\AdwCleaner\AdwCleaner.txt

2) Otwórz Notatnik i wklej w nim:

Task: {0B0444A2-D132-4D76-A1A6-80FBC1151DDD} - System32\Tasks\96431e5d-5723-4d78-ae7b-7096d51b336b-6 => C:\Program Files\Plus-HD-V1.4\Plus-HD-V1.4-novainstaller.exe <==== ATTENTION
Task: {750665D6-1A2D-486B-BD8E-063B3F5BF252} - System32\Tasks\96431e5d-5723-4d78-ae7b-7096d51b336b-4 => C:\Program Files\Plus-HD-V1.4\96431e5d-5723-4d78-ae7b-7096d51b336b-4.exe <==== ATTENTION
Task: {89E22D4E-D5DD-4F61-9F24-30CE6DD4A502} - System32\Tasks\96431e5d-5723-4d78-ae7b-7096d51b336b-11 => C:\Program Files\Plus-HD-V1.4\96431e5d-5723-4d78-ae7b-7096d51b336b-11.exe <==== ATTENTION
Task: {9D6F2B2B-D6D6-464C-849D-9D15F3556F65} - System32\Tasks\globalUpdateUpdateTaskMachineCore => C:\Program Files\globalUpdate\Update\GoogleUpdate.exe [2014-06-19] (globalUpdate) <==== ATTENTION
Task: {A6ED7CC5-8259-4A0D-8966-65F95EECE72F} - System32\Tasks\96431e5d-5723-4d78-ae7b-7096d51b336b-3 => C:\Program Files\Plus-HD-V1.4\96431e5d-5723-4d78-ae7b-7096d51b336b-3.exe <==== ATTENTION
Task: {A7764CAA-F090-4086-83B4-411DCADAC9C5} - System32\Tasks\96431e5d-5723-4d78-ae7b-7096d51b336b-7 => C:\Program Files\Plus-HD-V1.4\Plus-HD-V1.4-nova.exe [2014-06-19] (Plus HD) <==== ATTENTION
Task: {D81A45A5-A7F4-460A-A707-7D01523AD9B7} - System32\Tasks\96431e5d-5723-4d78-ae7b-7096d51b336b-1 => C:\Program Files\Plus-HD-V1.4\Plus-HD-V1.4-codedownloader.exe <==== ATTENTION
Task: {E2F1F438-4E2A-4B53-96BA-852247A3E678} - System32\Tasks\96431e5d-5723-4d78-ae7b-7096d51b336b-5 => C:\Program Files\Plus-HD-V1.4\96431e5d-5723-4d78-ae7b-7096d51b336b-5.exe <==== ATTENTION
Task: C:\Windows\Tasks\96431e5d-5723-4d78-ae7b-7096d51b336b-1.job => C:\Program Files\Plus-HD-V1.4\Plus-HD-V1.4-codedownloader.exe <==== ATTENTION
Task: C:\Windows\Tasks\96431e5d-5723-4d78-ae7b-7096d51b336b-11.job => C:\Program Files\Plus-HD-V1.4\96431e5d-5723-4d78-ae7b-7096d51b336b-11.exe <==== ATTENTION
Task: C:\Windows\Tasks\96431e5d-5723-4d78-ae7b-7096d51b336b-3.job => C:\Program Files\Plus-HD-V1.4\96431e5d-5723-4d78-ae7b-7096d51b336b-3.exe <==== ATTENTION
Task: C:\Windows\Tasks\96431e5d-5723-4d78-ae7b-7096d51b336b-4.job => C:\Program Files\Plus-HD-V1.4\96431e5d-5723-4d78-ae7b-7096d51b336b-4.exe <==== ATTENTION
Task: C:\Windows\Tasks\96431e5d-5723-4d78-ae7b-7096d51b336b-5.job => C:\Program Files\Plus-HD-V1.4\96431e5d-5723-4d78-ae7b-7096d51b336b-5.exe <==== ATTENTION
Task: C:\Windows\Tasks\96431e5d-5723-4d78-ae7b-7096d51b336b-6.job => C:\Program Files\Plus-HD-V1.4\Plus-HD-V1.4-novainstaller.exe <==== ATTENTION
Task: C:\Windows\Tasks\96431e5d-5723-4d78-ae7b-7096d51b336b-7.job => C:\Program Files\Plus-HD-V1.4\Plus-HD-V1.4-nova.exe <==== ATTENTION
Task: C:\Windows\Tasks\globalUpdateUpdateTaskMachineCore.job => C:\Program Files\globalUpdate\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\globalUpdateUpdateTaskMachineUA.job => C:\Program Files\globalUpdate\Update\GoogleUpdate.exe
C:\Program Files\Plus-HD-V1.4\Plus-HD-V1.4-nova.dll
HKLM\...\RunOnce: [CleanSetup] - cmd /C rmdir /S /Q "C:\Users\User\AppData\Local\Temp\nro.tmp\" [0 2014-06-28] ()
IFEO\bitguard.exe: [Debugger] tasklist.exe
IFEO\bprotect.exe: [Debugger] tasklist.exe
IFEO\bpsvc.exe: [Debugger] tasklist.exe
IFEO\browserdefender.exe: [Debugger] tasklist.exe
IFEO\browserprotect.exe: [Debugger] tasklist.exe
IFEO\browsersafeguard.exe: [Debugger] tasklist.exe
IFEO\dprotectsvc.exe: [Debugger] tasklist.exe
IFEO\jumpflip: [Debugger] tasklist.exe
IFEO\protectedsearch.exe: [Debugger] tasklist.exe
IFEO\searchinstaller.exe: [Debugger] tasklist.exe
IFEO\searchprotection.exe: [Debugger] tasklist.exe
IFEO\searchprotector.exe: [Debugger] tasklist.exe
IFEO\searchsettings.exe: [Debugger] tasklist.exe
IFEO\searchsettings64.exe: [Debugger] tasklist.exe
IFEO\snapdo.exe: [Debugger] tasklist.exe
IFEO\stinst32.exe: [Debugger] tasklist.exe
IFEO\stinst64.exe: [Debugger] tasklist.exe
IFEO\umbrella.exe: [Debugger] tasklist.exe
IFEO\utiljumpflip.exe: [Debugger] tasklist.exe
IFEO\volaro: [Debugger] tasklist.exe
IFEO\vonteera: [Debugger] tasklist.exe
IFEO\websteroids.exe: [Debugger] tasklist.exe
IFEO\websteroidsservice.exe: [Debugger] tasklist.exe
HKLM\...\AppCertDlls: [x64] -> systemk\x64\sysapcrt.dll
c:\program files\settings manager\
CHR Plugin: (globalUpdate Update) - C:\Program Files\globalUpdate\Update\1.3.25.0\npGoogleUpdate4.dll (globalUpdate)
CHR Extension: (Plus-HD-V1.4) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\ciagpekplgpbepdgggflgmahnjgiaced [2014-06-22]
S2 globalUpdate; C:\Program Files\globalUpdate\Update\GoogleUpdate.exe [68608 2014-06-19] (globalUpdate) [File not signed]
S3 globalUpdatem; C:\Program Files\globalUpdate\Update\GoogleUpdate.exe [68608 2014-06-19] (globalUpdate) [File not signed]
C:\Windows\Tasks\96431e5d-5723-4d78-ae7b-7096d51b336b-5.job
C:\Windows\Tasks\96431e5d-5723-4d78-ae7b-7096d51b336b-7.job
C:\Windows\Tasks\96431e5d-5723-4d78-ae7b-7096d51b336b-11.job
C:\Windows\Tasks\96431e5d-5723-4d78-ae7b-7096d51b336b-4.job
C:\Windows\Tasks\96431e5d-5723-4d78-ae7b-7096d51b336b-3.job
C:\Windows\Tasks\96431e5d-5723-4d78-ae7b-7096d51b336b-6.job
C:\Windows\Tasks\96431e5d-5723-4d78-ae7b-7096d51b336b-1.job
C:\Windows\Tasks\globalUpdateUpdateTaskMachineUA.job
C:\Windows\Tasks\globalUpdateUpdateTaskMachineCore.job
C:\Users\User\AppData\Local\globalUpdate
C:\Program Files\globalUpdate
C:\Program Files\Plus-HD-V1.4
Reg: reg delete "HKU\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes" /f
Reg: reg delete "HKU\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes" /f
Reg: reg delete "HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes" /f
Reboot:

3) Zrób nowe logi z FRST (już bez Addition)

jessi

 mam problem odnośnie internetu ponieważ jak wpisze google czy bling to te adressy nie działają , pisze ze this page can't be displayed

Nie wiem, czym to jest spowodowane.

SearchScopes: HKLM-x32 - DefaultScope value is missing.

SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =

 

Do Notatnika wklej:

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}]
"URL"="http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC"

plik uruchom (dwuklik i OK).

jessi

@Picasso zacznie znów pomagać jutro albo w sobotę.

Infekcji tu żadnej nie widzę, ale są za to szkodliwe śmieci.

1) Użyj >Adw-cleaner
najpierw kliknij na SZUKAJ, a dopiero po zakończeniu skanowania, gdy uaktywni się przycisk USUŃ, to kliknij na niego.
Pokaż raport z niego C:\AdwCleaner\AdwCleaner.txt

2) Otwórz Notatnik i wklej w nim:

MSCONFIG\startupreg: vProt => "C:\Program Files (x86)\AVG Secure Search\vprot.exe"
Reg: reg delete "HKU\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes" /f
Reg: reg delete "HKU\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes" /f
Reg: reg delete "HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes" /f
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://findgala.com/?&uid=2300&q={searchTerms}
HKU\S-1-5-21-3543806110-3392153129-2015654010-1001\...\Policies\Explorer\DisallowRun: [0] msseces.exe
HKU\S-1-5-21-3543806110-3392153129-2015654010-1001\...\Policies\Explorer\DisallowRun: [1] MSASCui.exe
HKU\S-1-5-21-3543806110-3392153129-2015654010-1001\...\Policies\Explorer\DisallowRun: [4] avgnt.exe
HKU\S-1-5-21-3543806110-3392153129-2015654010-1001\...\Policies\Explorer\DisallowRun: [5] avcenter.exe
HKU\S-1-5-21-3543806110-3392153129-2015654010-1001\...\Policies\Explorer\DisallowRun: [6] avscan.exe
HKU\S-1-5-21-3543806110-3392153129-2015654010-1001\...\Policies\Explorer\DisallowRun: [7] avgfrw.exe
HKU\S-1-5-21-3543806110-3392153129-2015654010-1001\...\Policies\Explorer\DisallowRun: [8] avgui.exe
HKU\S-1-5-21-3543806110-3392153129-2015654010-1001\...\Policies\Explorer\DisallowRun: [9] avgtray.exe
HKU\S-1-5-21-3543806110-3392153129-2015654010-1001\...\Policies\Explorer\DisallowRun: [10] avgscanx.exe
HKU\S-1-5-21-3543806110-3392153129-2015654010-1001\...\Policies\Explorer\DisallowRun: [11] avgcfgex.exe
HKU\S-1-5-21-3543806110-3392153129-2015654010-1001\...\Policies\Explorer\DisallowRun: [12] avgemc.exe
HKU\S-1-5-21-3543806110-3392153129-2015654010-1001\...\Policies\Explorer\DisallowRun: [13] avgchsvx.exe
HKU\S-1-5-21-3543806110-3392153129-2015654010-1001\...\Policies\Explorer\DisallowRun: [14] avgcmgr.exe
HKU\S-1-5-21-3543806110-3392153129-2015654010-1001\...\Policies\Explorer\DisallowRun: [15] avgwdsvc.exe
HKU\S-1-5-21-3543806110-3392153129-2015654010-1001\...\Policies\Explorer: [DisallowRun] 1
IFEO: [Debugger] svchost.exe
IFEO\a.exe: [Debugger] svchost.exe
IFEO\aAvgApi.exe: [Debugger] svchost.exe
IFEO\AAWTray.exe: [Debugger] svchost.exe
IFEO\About.exe: [Debugger] svchost.exe
IFEO\ackwin32.exe: [Debugger] svchost.exe
IFEO\Ad-Aware.exe: [Debugger] svchost.exe
IFEO\adaware.exe: [Debugger] svchost.exe
IFEO\advxdwin.exe: [Debugger] svchost.exe
IFEO\AdwarePrj.exe: [Debugger] svchost.exe
IFEO\agent.exe: [Debugger] svchost.exe
IFEO\agentsvr.exe: [Debugger] svchost.exe
IFEO\agentw.exe: [Debugger] svchost.exe
IFEO\alertsvc.exe: [Debugger] svchost.exe
IFEO\alevir.exe: [Debugger] svchost.exe
IFEO\alogserv.exe: [Debugger] svchost.exe
IFEO\AlphaAV: [Debugger] svchost.exe
IFEO\AlphaAV.exe: [Debugger] svchost.exe
IFEO\AluSchedulerSvc.exe: [Debugger] svchost.exe
IFEO\amon9x.exe: [Debugger] svchost.exe
IFEO\anti-trojan.exe: [Debugger] svchost.exe
IFEO\Anti-Virus Professional.exe: [Debugger] svchost.exe
IFEO\AntispywarXP2009.exe: [Debugger] svchost.exe
IFEO\antivirus.exe: [Debugger] svchost.exe
IFEO\AntivirusPlus: [Debugger] svchost.exe
IFEO\AntivirusPlus.exe: [Debugger] svchost.exe
IFEO\AntivirusPro_2010.exe: [Debugger] svchost.exe
IFEO\AntivirusXP: [Debugger] svchost.exe
IFEO\AntivirusXP.exe: [Debugger] svchost.exe
IFEO\antivirusxppro2009.exe: [Debugger] svchost.exe
IFEO\AntiVirus_Pro.exe: [Debugger] svchost.exe
IFEO\ants.exe: [Debugger] svchost.exe
IFEO\apimonitor.exe: [Debugger] svchost.exe
IFEO\aplica32.exe: [Debugger] svchost.exe
IFEO\apvxdwin.exe: [Debugger] svchost.exe
IFEO\arr.exe: [Debugger] svchost.exe
IFEO\Arrakis3.exe: [Debugger] svchost.exe
IFEO\ashAvast.exe: [Debugger] svchost.exe
IFEO\ashBug.exe: [Debugger] svchost.exe
IFEO\ashChest.exe: [Debugger] svchost.exe
IFEO\ashCnsnt.exe: [Debugger] svchost.exe
IFEO\ashDisp.exe: [Debugger] svchost.exe
IFEO\ashLogV.exe: [Debugger] svchost.exe
IFEO\ashMaiSv.exe: [Debugger] svchost.exe
IFEO\ashPopWz.exe: [Debugger] svchost.exe
IFEO\ashQuick.exe: [Debugger] svchost.exe
IFEO\ashServ.exe: [Debugger] svchost.exe
IFEO\ashSimp2.exe: [Debugger] svchost.exe
IFEO\ashSimpl.exe: [Debugger] svchost.exe
IFEO\ashSkPcc.exe: [Debugger] svchost.exe
IFEO\ashSkPck.exe: [Debugger] svchost.exe
IFEO\ashUpd.exe: [Debugger] svchost.exe
IFEO\ashWebSv.exe: [Debugger] svchost.exe
IFEO\aswChLic.exe: [Debugger] svchost.exe
IFEO\aswRegSvr.exe: [Debugger] svchost.exe
IFEO\aswRunDll.exe: [Debugger] svchost.exe
IFEO\aswUpdSv.exe: [Debugger] svchost.exe
IFEO\atcon.exe: [Debugger] svchost.exe
IFEO\atguard.exe: [Debugger] svchost.exe
IFEO\atro55en.exe: [Debugger] svchost.exe
IFEO\atupdater.exe: [Debugger] svchost.exe
IFEO\atwatch.exe: [Debugger] svchost.exe
IFEO\au.exe: [Debugger] svchost.exe
IFEO\aupdate.exe: [Debugger] svchost.exe
IFEO\auto-protect.nav80try.exe: [Debugger] svchost.exe
IFEO\autodown.exe: [Debugger] svchost.exe
IFEO\autotrace.exe: [Debugger] svchost.exe
IFEO\autoupdate.exe: [Debugger] svchost.exe
IFEO\av360.exe: [Debugger] svchost.exe
IFEO\avadmin.exe: [Debugger] svchost.exe
IFEO\AVCare.exe: [Debugger] svchost.exe
IFEO\avcenter.exe: [Debugger] svchost.exe
IFEO\avciman.exe: [Debugger] svchost.exe
IFEO\avconfig.exe: [Debugger] svchost.exe
IFEO\avconsol.exe: [Debugger] svchost.exe
IFEO\ave32.exe: [Debugger] svchost.exe
IFEO\AVENGINE.EXE: [Debugger] svchost.exe
IFEO\avgcc32.exe: [Debugger] svchost.exe
IFEO\avgchk.exe: [Debugger] svchost.exe
IFEO\avgcmgr.exe: [Debugger] svchost.exe
IFEO\avgcsrvx.exe: [Debugger] svchost.exe
IFEO\avgctrl.exe: [Debugger] svchost.exe
IFEO\avgdumpx.exe: [Debugger] svchost.exe
IFEO\avgemc.exe: [Debugger] svchost.exe
IFEO\avgiproxy.exe: [Debugger] svchost.exe
IFEO\avgnsx.exe: [Debugger] svchost.exe
IFEO\avgnt.exe: [Debugger] svchost.exe
IFEO\avgrsx.exe: [Debugger] svchost.exe
IFEO\avgscanx.exe: [Debugger] svchost.exe
IFEO\avgserv.exe: [Debugger] svchost.exe
IFEO\avgserv9.exe: [Debugger] svchost.exe
IFEO\avgsrmax.exe: [Debugger] svchost.exe
IFEO\avgtray.exe: [Debugger] svchost.exe
IFEO\avgui.exe: [Debugger] svchost.exe
IFEO\avgupd.exe: [Debugger] svchost.exe
IFEO\avgw.exe: [Debugger] svchost.exe
IFEO\avgwdsvc.exe: [Debugger] svchost.exe
IFEO\avkpop.exe: [Debugger] svchost.exe
IFEO\avkserv.exe: [Debugger] svchost.exe
IFEO\avkservice.exe: [Debugger] svchost.exe
IFEO\avkwctl9.exe: [Debugger] svchost.exe
IFEO\avltmain.exe: [Debugger] svchost.exe
IFEO\avmailc.exe: [Debugger] svchost.exe
IFEO\avmcdlg.exe: [Debugger] svchost.exe
IFEO\avnotify.exe: [Debugger] svchost.exe
IFEO\avnt.exe: [Debugger] svchost.exe
IFEO\avp32.exe: [Debugger] svchost.exe
IFEO\avpcc.exe: [Debugger] svchost.exe
IFEO\avpdos32.exe: [Debugger] svchost.exe
IFEO\avpm.exe: [Debugger] svchost.exe
IFEO\avptc32.exe: [Debugger] svchost.exe
IFEO\avpupd.exe: [Debugger] svchost.exe
IFEO\avsched32.exe: [Debugger] svchost.exe
IFEO\avsynmgr.exe: [Debugger] svchost.exe
IFEO\avupgsvc.exe: [Debugger] svchost.exe
IFEO\AVWEBGRD.EXE: [Debugger] svchost.exe
IFEO\avwin.exe: [Debugger] svchost.exe
IFEO\avwin95.exe: [Debugger] svchost.exe
IFEO\avwinnt.exe: [Debugger] svchost.exe
IFEO\avwsc.exe: [Debugger] svchost.exe
IFEO\avwupd.exe: [Debugger] svchost.exe
IFEO\avwupd32.exe: [Debugger] svchost.exe
IFEO\avwupsrv.exe: [Debugger] svchost.exe
IFEO\avxmonitor9x.exe: [Debugger] svchost.exe
IFEO\avxmonitornt.exe: [Debugger] svchost.exe
IFEO\avxquar.exe: [Debugger] svchost.exe
IFEO\b.exe: [Debugger] svchost.exe
IFEO\backweb.exe: [Debugger] svchost.exe
IFEO\bargains.exe: [Debugger] svchost.exe
IFEO\bdagent.exe: [Debugger] svchost.exe
IFEO\bdfvcl.exe: [Debugger] svchost.exe
IFEO\bdfvwiz.exe: [Debugger] svchost.exe
IFEO\BDInProcPatch.exe: [Debugger] svchost.exe
IFEO\bdmcon.exe: [Debugger] svchost.exe
IFEO\BDMsnScan.exe: [Debugger] svchost.exe
IFEO\bdreinit.exe: [Debugger] svchost.exe
IFEO\bdsubwiz.exe: [Debugger] svchost.exe
IFEO\BDSurvey.exe: [Debugger] svchost.exe
IFEO\bdtkexec.exe: [Debugger] svchost.exe
IFEO\bdwizreg.exe: [Debugger] svchost.exe
IFEO\bd_professional.exe: [Debugger] svchost.exe
IFEO\beagle.exe: [Debugger] svchost.exe
IFEO\belt.exe: [Debugger] svchost.exe
IFEO\bidef.exe: [Debugger] svchost.exe
IFEO\bidserver.exe: [Debugger] svchost.exe
IFEO\bipcp.exe: [Debugger] svchost.exe
IFEO\bipcpevalsetup.exe: [Debugger] svchost.exe
IFEO\bisp.exe: [Debugger] svchost.exe
IFEO\blackd.exe: [Debugger] svchost.exe
IFEO\blackice.exe: [Debugger] svchost.exe
IFEO\blink.exe: [Debugger] svchost.exe
IFEO\blss.exe: [Debugger] svchost.exe
IFEO\bootconf.exe: [Debugger] svchost.exe
IFEO\bootwarn.exe: [Debugger] svchost.exe
IFEO\borg2.exe: [Debugger] svchost.exe
IFEO\bpc.exe: [Debugger] svchost.exe
IFEO\brasil.exe: [Debugger] svchost.exe
IFEO\brastk.exe: [Debugger] svchost.exe
IFEO\brw.exe: [Debugger] svchost.exe
IFEO\bs120.exe: [Debugger] svchost.exe
IFEO\bspatch.exe: [Debugger] svchost.exe
IFEO\bundle.exe: [Debugger] svchost.exe
IFEO\bvt.exe: [Debugger] svchost.exe
IFEO\c.exe: [Debugger] svchost.exe
IFEO\cavscan.exe: [Debugger] svchost.exe
IFEO\ccapp.exe: [Debugger] svchost.exe
IFEO\ccevtmgr.exe: [Debugger] svchost.exe
IFEO\ccpxysvc.exe: [Debugger] svchost.exe
IFEO\ccSvcHst.exe: [Debugger] svchost.exe
IFEO\cdp.exe: [Debugger] svchost.exe
IFEO\cfd.exe: [Debugger] svchost.exe
IFEO\cfgwiz.exe: [Debugger] svchost.exe
IFEO\cfiadmin.exe: [Debugger] svchost.exe
IFEO\cfiaudit.exe: [Debugger] svchost.exe
IFEO\cfinet.exe: [Debugger] svchost.exe
IFEO\cfinet32.exe: [Debugger] svchost.exe
IFEO\cfp.exe: [Debugger] svchost.exe
IFEO\cfpconfg.exe: [Debugger] svchost.exe
IFEO\cfplogvw.exe: [Debugger] svchost.exe
IFEO\cfpupdat.exe: [Debugger] svchost.exe
IFEO\Cl.exe: [Debugger] svchost.exe
IFEO\claw95.exe: [Debugger] svchost.exe
IFEO\claw95cf.exe: [Debugger] svchost.exe
IFEO\clean.exe: [Debugger] svchost.exe
IFEO\cleaner.exe: [Debugger] svchost.exe
IFEO\cleaner3.exe: [Debugger] svchost.exe
IFEO\cleanIELow.exe: [Debugger] svchost.exe
IFEO\cleanpc.exe: [Debugger] svchost.exe
IFEO\click.exe: [Debugger] svchost.exe
IFEO\cmd32.exe: [Debugger] svchost.exe
IFEO\cmdagent.exe: [Debugger] svchost.exe
IFEO\cmesys.exe: [Debugger] svchost.exe
IFEO\cmgrdian.exe: [Debugger] svchost.exe
IFEO\cmon016.exe: [Debugger] svchost.exe
IFEO\connectionmonitor.exe: [Debugger] svchost.exe
IFEO\control: [Debugger] svchost.exe
IFEO\cpd.exe: [Debugger] svchost.exe
IFEO\cpf9x206.exe: [Debugger] svchost.exe
IFEO\cpfnt206.exe: [Debugger] svchost.exe
IFEO\crashrep.exe: [Debugger] svchost.exe
IFEO\csc.exe: [Debugger] svchost.exe
IFEO\cssconfg.exe: [Debugger] svchost.exe
IFEO\cssupdat.exe: [Debugger] svchost.exe
IFEO\cssurf.exe: [Debugger] svchost.exe
IFEO\ctrl.exe: [Debugger] svchost.exe
IFEO\cv.exe: [Debugger] svchost.exe
IFEO\cwnb181.exe: [Debugger] svchost.exe
IFEO\cwntdwmo.exe: [Debugger] svchost.exe
IFEO\d.exe: [Debugger] svchost.exe
IFEO\datemanager.exe: [Debugger] svchost.exe
IFEO\dcomx.exe: [Debugger] svchost.exe
IFEO\defalert.exe: [Debugger] svchost.exe
IFEO\defscangui.exe: [Debugger] svchost.exe
IFEO\defwatch.exe: [Debugger] svchost.exe
IFEO\deloeminfs.exe: [Debugger] svchost.exe
IFEO\deputy.exe: [Debugger] svchost.exe
IFEO\divx.exe: [Debugger] svchost.exe
IFEO\dllcache.exe: [Debugger] svchost.exe
IFEO\dllreg.exe: [Debugger] svchost.exe
IFEO\doors.exe: [Debugger] svchost.exe
IFEO\dop.exe: [Debugger] svchost.exe
IFEO\dpf.exe: [Debugger] svchost.exe
IFEO\dpfsetup.exe: [Debugger] svchost.exe
IFEO\dpps2.exe: [Debugger] svchost.exe
IFEO\driverctrl.exe: [Debugger] svchost.exe
IFEO\drwatson.exe: [Debugger] svchost.exe
IFEO\drweb32.exe: [Debugger] svchost.exe
IFEO\drwebupw.exe: [Debugger] svchost.exe
IFEO\dssagent.exe: [Debugger] svchost.exe
IFEO\dvp95.exe: [Debugger] svchost.exe
IFEO\dvp95_0.exe: [Debugger] svchost.exe
IFEO\ecengine.exe: [Debugger] svchost.exe
IFEO\efpeadm.exe: [Debugger] svchost.exe
IFEO\egui.exe: [Debugger] svchost.exe
IFEO\ekrn.exe: [Debugger] svchost.exe
IFEO\emsw.exe: [Debugger] svchost.exe
IFEO\ent.exe: [Debugger] svchost.exe
IFEO\esafe.exe: [Debugger] svchost.exe
IFEO\escanhnt.exe: [Debugger] svchost.exe
IFEO\escanv95.exe: [Debugger] svchost.exe
IFEO\espwatch.exe: [Debugger] svchost.exe
IFEO\ethereal.exe: [Debugger] svchost.exe
IFEO\etrustcipe.exe: [Debugger] svchost.exe
IFEO\evpn.exe: [Debugger] svchost.exe
IFEO\exantivirus-cnet.exe: [Debugger] svchost.exe
IFEO\exe.avxw.exe: [Debugger] svchost.exe
IFEO\expert.exe: [Debugger] svchost.exe
IFEO\explore.exe: [Debugger] svchost.exe
IFEO\f-agnt95.exe: [Debugger] svchost.exe
IFEO\f-prot.exe: [Debugger] svchost.exe
IFEO\f-prot95.exe: [Debugger] svchost.exe
IFEO\f-stopw.exe: [Debugger] svchost.exe
IFEO\fact.exe: [Debugger] svchost.exe
IFEO\fameh32.exe: [Debugger] svchost.exe
IFEO\fast.exe: [Debugger] svchost.exe
IFEO\fch32.exe: [Debugger] svchost.exe
IFEO\fih32.exe: [Debugger] svchost.exe
IFEO\findviru.exe: [Debugger] svchost.exe
IFEO\firewall.exe: [Debugger] svchost.exe
IFEO\fixcfg.exe: [Debugger] svchost.exe
IFEO\fixfp.exe: [Debugger] svchost.exe
IFEO\fnrb32.exe: [Debugger] svchost.exe
IFEO\fp-win.exe: [Debugger] svchost.exe
IFEO\fp-win_trial.exe: [Debugger] svchost.exe
IFEO\fprot.exe: [Debugger] svchost.exe
IFEO\frmwrk32.exe: [Debugger] svchost.exe
IFEO\frw.exe: [Debugger] svchost.exe
IFEO\fsaa.exe: [Debugger] svchost.exe
IFEO\fsav.exe: [Debugger] svchost.exe
IFEO\fsav32.exe: [Debugger] svchost.exe
IFEO\fsav530stbyb.exe: [Debugger] svchost.exe
IFEO\fsav530wtbyb.exe: [Debugger] svchost.exe
IFEO\fsav95.exe: [Debugger] svchost.exe
IFEO\fsgk32.exe: [Debugger] svchost.exe
IFEO\fsm32.exe: [Debugger] svchost.exe
IFEO\fsma32.exe: [Debugger] svchost.exe
IFEO\fsmb32.exe: [Debugger] svchost.exe
IFEO\gator.exe: [Debugger] svchost.exe
IFEO\gav.exe: [Debugger] svchost.exe
IFEO\gbmenu.exe: [Debugger] svchost.exe
IFEO\gbn976rl.exe: [Debugger] svchost.exe
IFEO\gbpoll.exe: [Debugger] svchost.exe
IFEO\generics.exe: [Debugger] svchost.exe
IFEO\gmt.exe: [Debugger] svchost.exe
IFEO\guard.exe: [Debugger] svchost.exe
IFEO\guarddog.exe: [Debugger] svchost.exe
IFEO\guardgui.exe: [Debugger] svchost.exe
IFEO\hacktracersetup.exe: [Debugger] svchost.exe
IFEO\hbinst.exe: [Debugger] svchost.exe
IFEO\hbsrv.exe: [Debugger] svchost.exe
IFEO\History.exe: [Debugger] svchost.exe
IFEO\homeav2010.exe: [Debugger] svchost.exe
IFEO\hotactio.exe: [Debugger] svchost.exe
IFEO\hotpatch.exe: [Debugger] svchost.exe
IFEO\htlog.exe: [Debugger] svchost.exe
IFEO\htpatch.exe: [Debugger] svchost.exe
IFEO\hwpe.exe: [Debugger] svchost.exe
IFEO\hxdl.exe: [Debugger] svchost.exe
IFEO\hxiul.exe: [Debugger] svchost.exe
IFEO\iamapp.exe: [Debugger] svchost.exe
IFEO\iamserv.exe: [Debugger] svchost.exe
IFEO\iamstats.exe: [Debugger] svchost.exe
IFEO\ibmasn.exe: [Debugger] svchost.exe
IFEO\ibmavsp.exe: [Debugger] svchost.exe
IFEO\icload95.exe: [Debugger] svchost.exe
IFEO\icloadnt.exe: [Debugger] svchost.exe
IFEO\icmon.exe: [Debugger] svchost.exe
IFEO\icsupp95.exe: [Debugger] svchost.exe
IFEO\icsuppnt.exe: [Debugger] svchost.exe
IFEO\Identity.exe: [Debugger] svchost.exe
IFEO\idle.exe: [Debugger] svchost.exe
IFEO\iedll.exe: [Debugger] svchost.exe
IFEO\iedriver.exe: [Debugger] svchost.exe
IFEO\IEShow.exe: [Debugger] svchost.exe
IFEO\iface.exe: [Debugger] svchost.exe
IFEO\ifw2000.exe: [Debugger] svchost.exe
IFEO\inetlnfo.exe: [Debugger] svchost.exe
IFEO\infus.exe: [Debugger] svchost.exe
IFEO\infwin.exe: [Debugger] svchost.exe
IFEO\init.exe: [Debugger] svchost.exe
IFEO\init32.exe : [Debugger] svchost.exe
IFEO\install.exe: [Debugger] svchost.exe
IFEO\install[1].exe: [Debugger] svchost.exe
IFEO\install[2].exe: [Debugger] svchost.exe
IFEO\install[3].exe: [Debugger] svchost.exe
IFEO\install[4].exe: [Debugger] svchost.exe
IFEO\install[5].exe: [Debugger] svchost.exe
IFEO\intdel.exe: [Debugger] svchost.exe
IFEO\intren.exe: [Debugger] svchost.exe
IFEO\iomon98.exe: [Debugger] svchost.exe
IFEO\istsvc.exe: [Debugger] svchost.exe
IFEO\jammer.exe: [Debugger] svchost.exe
IFEO\jdbgmrg.exe: [Debugger] svchost.exe
IFEO\jedi.exe: [Debugger] svchost.exe
IFEO\JsRcGen.exe: [Debugger] svchost.exe
IFEO\kavlite40eng.exe: [Debugger] svchost.exe
IFEO\kavpers40eng.exe: [Debugger] svchost.exe
IFEO\kavpf.exe: [Debugger] svchost.exe
IFEO\kazza.exe: [Debugger] svchost.exe
IFEO\keenvalue.exe: [Debugger] svchost.exe
IFEO\kerio-pf-213-en-win.exe: [Debugger] svchost.exe
IFEO\kerio-wrl-421-en-win.exe: [Debugger] svchost.exe
IFEO\kerio-wrp-421-en-win.exe: [Debugger] svchost.exe
IFEO\killprocesssetup161.exe: [Debugger] svchost.exe
IFEO\ldnetmon.exe: [Debugger] svchost.exe
IFEO\ldpro.exe: [Debugger] svchost.exe
IFEO\ldpromenu.exe: [Debugger] svchost.exe
IFEO\ldscan.exe: [Debugger] svchost.exe
IFEO\licmgr.exe: [Debugger] svchost.exe
IFEO\livesrv.exe: [Debugger] svchost.exe
IFEO\lnetinfo.exe: [Debugger] svchost.exe
IFEO\loader.exe: [Debugger] svchost.exe
IFEO\localnet.exe: [Debugger] svchost.exe
IFEO\lockdown.exe: [Debugger] svchost.exe
IFEO\lockdown2000.exe: [Debugger] svchost.exe
IFEO\lookout.exe: [Debugger] svchost.exe
IFEO\lordpe.exe: [Debugger] svchost.exe
IFEO\lsetup.exe: [Debugger] svchost.exe
IFEO\luall.exe: [Debugger] svchost.exe
IFEO\luau.exe: [Debugger] svchost.exe
IFEO\lucomserver.exe: [Debugger] svchost.exe
IFEO\luinit.exe: [Debugger] svchost.exe
IFEO\luspt.exe: [Debugger] svchost.exe
IFEO\MalwareRemoval.exe: [Debugger] svchost.exe
IFEO\mapisvc32.exe: [Debugger] svchost.exe
IFEO\mcagent.exe: [Debugger] svchost.exe
IFEO\mcmnhdlr.exe: [Debugger] svchost.exe
IFEO\mcmscsvc.exe: [Debugger] svchost.exe
IFEO\mcnasvc.exe: [Debugger] svchost.exe
IFEO\mcproxy.exe: [Debugger] svchost.exe
IFEO\McSACore.exe: [Debugger] svchost.exe
IFEO\mcshell.exe: [Debugger] svchost.exe
IFEO\mcshield.exe: [Debugger] svchost.exe
IFEO\mcsysmon.exe: [Debugger] svchost.exe
IFEO\mctool.exe: [Debugger] svchost.exe
IFEO\mcupdate.exe: [Debugger] svchost.exe
IFEO\mcvsrte.exe: [Debugger] svchost.exe
IFEO\mcvsshld.exe: [Debugger] svchost.exe
IFEO\md.exe: [Debugger] svchost.exe
IFEO\mfin32.exe: [Debugger] svchost.exe
IFEO\mfw2en.exe: [Debugger] svchost.exe
IFEO\mfweng3.02d30.exe: [Debugger] svchost.exe
IFEO\mgavrtcl.exe: [Debugger] svchost.exe
IFEO\mgavrte.exe: [Debugger] svchost.exe
IFEO\mghtml.exe: [Debugger] svchost.exe
IFEO\mgui.exe: [Debugger] svchost.exe
IFEO\minilog.exe: [Debugger] svchost.exe
IFEO\mmod.exe: [Debugger] svchost.exe
IFEO\monitor.exe: [Debugger] svchost.exe
IFEO\moolive.exe: [Debugger] svchost.exe
IFEO\mostat.exe: [Debugger] svchost.exe
IFEO\mpfagent.exe: [Debugger] svchost.exe
IFEO\mpfservice.exe: [Debugger] svchost.exe
IFEO\MPFSrv.exe: [Debugger] svchost.exe
IFEO\mpftray.exe: [Debugger] svchost.exe
IFEO\mrflux.exe: [Debugger] svchost.exe
IFEO\mrt.exe: [Debugger] svchost.exe
IFEO\msa.exe: [Debugger] svchost.exe
IFEO\msapp.exe: [Debugger] svchost.exe
IFEO\MSASCui.exe: [Debugger] svchost.exe
IFEO\msbb.exe: [Debugger] svchost.exe
IFEO\msblast.exe: [Debugger] svchost.exe
IFEO\mscache.exe: [Debugger] svchost.exe
IFEO\msccn32.exe: [Debugger] svchost.exe
IFEO\mscman.exe: [Debugger] svchost.exe
IFEO\msconfig: [Debugger] svchost.exe
IFEO\msdm.exe: [Debugger] svchost.exe
IFEO\msdos.exe: [Debugger] svchost.exe
IFEO\msiexec16.exe: [Debugger] svchost.exe
IFEO\mslaugh.exe: [Debugger] svchost.exe
IFEO\msmgt.exe: [Debugger] svchost.exe
IFEO\msmsgri32.exe: [Debugger] svchost.exe
IFEO\msseces.exe: [Debugger] svchost.exe
IFEO\mssmmc32.exe: [Debugger] svchost.exe
IFEO\mssys.exe: [Debugger] svchost.exe
IFEO\msvxd.exe: [Debugger] svchost.exe
IFEO\mu0311ad.exe: [Debugger] svchost.exe
IFEO\mwatch.exe: [Debugger] svchost.exe
IFEO\n32scanw.exe: [Debugger] svchost.exe
IFEO\nav.exe: [Debugger] svchost.exe
IFEO\navap.navapsvc.exe: [Debugger] svchost.exe
IFEO\navapsvc.exe: [Debugger] svchost.exe
IFEO\navapw32.exe: [Debugger] svchost.exe
IFEO\navdx.exe: [Debugger] svchost.exe
IFEO\navlu32.exe: [Debugger] svchost.exe
IFEO\navnt.exe: [Debugger] svchost.exe
IFEO\navstub.exe: [Debugger] svchost.exe
IFEO\navw32.exe: [Debugger] svchost.exe
IFEO\navwnt.exe: [Debugger] svchost.exe
IFEO\nc2000.exe: [Debugger] svchost.exe
IFEO\ncinst4.exe: [Debugger] svchost.exe
IFEO\ndd32.exe: [Debugger] svchost.exe
IFEO\neomonitor.exe: [Debugger] svchost.exe
IFEO\neowatchlog.exe: [Debugger] svchost.exe
IFEO\netarmor.exe: [Debugger] svchost.exe
IFEO\netd32.exe: [Debugger] svchost.exe
IFEO\netinfo.exe: [Debugger] svchost.exe
IFEO\netmon.exe: [Debugger] svchost.exe
IFEO\netscanpro.exe: [Debugger] svchost.exe
IFEO\netspyhunter-1.2.exe: [Debugger] svchost.exe
IFEO\netutils.exe: [Debugger] svchost.exe
IFEO\nisserv.exe: [Debugger] svchost.exe
IFEO\nisum.exe: [Debugger] svchost.exe
IFEO\nmain.exe: [Debugger] svchost.exe
IFEO\nod32.exe: [Debugger] svchost.exe
IFEO\normist.exe: [Debugger] svchost.exe
IFEO\norton_internet_secu_3.0_407.exe: [Debugger] svchost.exe
IFEO\notstart.exe: [Debugger] svchost.exe
IFEO\npf40_tw_98_nt_me_2k.exe: [Debugger] svchost.exe
IFEO\npfmessenger.exe: [Debugger] svchost.exe
IFEO\nprotect.exe: [Debugger] svchost.exe
IFEO\npscheck.exe: [Debugger] svchost.exe
IFEO\npssvc.exe: [Debugger] svchost.exe
IFEO\nsched32.exe: [Debugger] svchost.exe
IFEO\nssys32.exe: [Debugger] svchost.exe
IFEO\nstask32.exe: [Debugger] svchost.exe
IFEO\nsupdate.exe: [Debugger] svchost.exe
IFEO\nt.exe: [Debugger] svchost.exe
IFEO\ntrtscan.exe: [Debugger] svchost.exe
IFEO\ntvdm.exe: [Debugger] svchost.exe
IFEO\ntxconfig.exe: [Debugger] svchost.exe
IFEO\nui.exe: [Debugger] svchost.exe
IFEO\nupgrade.exe: [Debugger] svchost.exe
IFEO\nvarch16.exe: [Debugger] svchost.exe
IFEO\nvc95.exe: [Debugger] svchost.exe
IFEO\nvsvc32.exe: [Debugger] svchost.exe
IFEO\nwinst4.exe: [Debugger] svchost.exe
IFEO\nwservice.exe: [Debugger] svchost.exe
IFEO\nwtool16.exe: [Debugger] svchost.exe
IFEO\OAcat.exe: [Debugger] svchost.exe
IFEO\OAhlp.exe: [Debugger] svchost.exe
IFEO\OAReg.exe: [Debugger] svchost.exe
IFEO\oasrv.exe: [Debugger] svchost.exe
IFEO\oaui.exe: [Debugger] svchost.exe
IFEO\oaview.exe: [Debugger] svchost.exe
IFEO\ODSW.exe: [Debugger] svchost.exe
IFEO\ollydbg.exe: [Debugger] svchost.exe
IFEO\OLT.exe: [Debugger] svchost.exe
IFEO\onsrvr.exe: [Debugger] svchost.exe
IFEO\optimize.exe: [Debugger] svchost.exe
IFEO\ostronet.exe: [Debugger] svchost.exe
IFEO\otfix.exe: [Debugger] svchost.exe
IFEO\outpost.exe: [Debugger] svchost.exe
IFEO\outpostinstall.exe: [Debugger] svchost.exe
IFEO\outpostproinstall.exe: [Debugger] svchost.exe
IFEO\ozn695m5.exe: [Debugger] svchost.exe
IFEO\padmin.exe: [Debugger] svchost.exe
IFEO\panixk.exe: [Debugger] svchost.exe
IFEO\patch.exe: [Debugger] svchost.exe
IFEO\pav.exe: [Debugger] svchost.exe
IFEO\pavcl.exe: [Debugger] svchost.exe
IFEO\PavFnSvr.exe: [Debugger] svchost.exe
IFEO\pavproxy.exe: [Debugger] svchost.exe
IFEO\pavprsrv.exe: [Debugger] svchost.exe
IFEO\pavsched.exe: [Debugger] svchost.exe
IFEO\pavsrv51.exe: [Debugger] svchost.exe
IFEO\pavw.exe: [Debugger] svchost.exe
IFEO\pc.exe: [Debugger] svchost.exe
IFEO\pccwin98.exe: [Debugger] svchost.exe
IFEO\pcfwallicon.exe: [Debugger] svchost.exe
IFEO\pcip10117_0.exe: [Debugger] svchost.exe
IFEO\pcscan.exe: [Debugger] svchost.exe
IFEO\pctsAuxs.exe: [Debugger] svchost.exe
IFEO\pctsGui.exe: [Debugger] svchost.exe
IFEO\pctsSvc.exe: [Debugger] svchost.exe
IFEO\pctsTray.exe: [Debugger] svchost.exe
IFEO\PC_Antispyware2010.exe: [Debugger] svchost.exe
IFEO\pdfndr.exe: [Debugger] svchost.exe
IFEO\pdsetup.exe: [Debugger] svchost.exe
IFEO\PerAvir.exe: [Debugger] svchost.exe
IFEO\periscope.exe: [Debugger] svchost.exe
IFEO\persfw.exe: [Debugger] svchost.exe
IFEO\personalguard: [Debugger] svchost.exe
IFEO\personalguard.exe: [Debugger] svchost.exe
IFEO\perswf.exe: [Debugger] svchost.exe
IFEO\pf2.exe: [Debugger] svchost.exe
IFEO\pfwadmin.exe: [Debugger] svchost.exe
IFEO\pgmonitr.exe: [Debugger] svchost.exe
IFEO\pingscan.exe: [Debugger] svchost.exe
IFEO\platin.exe: [Debugger] svchost.exe
IFEO\pop3trap.exe: [Debugger] svchost.exe
IFEO\poproxy.exe: [Debugger] svchost.exe
IFEO\popscan.exe: [Debugger] svchost.exe
IFEO\portdetective.exe: [Debugger] svchost.exe
IFEO\portmonitor.exe: [Debugger] svchost.exe
IFEO\powerscan.exe: [Debugger] svchost.exe
IFEO\ppinupdt.exe: [Debugger] svchost.exe
IFEO\pptbc.exe: [Debugger] svchost.exe
IFEO\ppvstop.exe: [Debugger] svchost.exe
IFEO\prizesurfer.exe: [Debugger] svchost.exe
IFEO\prmt.exe: [Debugger] svchost.exe
IFEO\prmvr.exe: [Debugger] svchost.exe
IFEO\procdump.exe: [Debugger] svchost.exe
IFEO\processmonitor.exe: [Debugger] svchost.exe
IFEO\procexplorerv1.0.exe: [Debugger] svchost.exe
IFEO\programauditor.exe: [Debugger] svchost.exe
IFEO\proport.exe: [Debugger] svchost.exe
IFEO\protector.exe: [Debugger] svchost.exe
IFEO\protectx.exe: [Debugger] svchost.exe
IFEO\PSANCU.exe: [Debugger] svchost.exe
IFEO\PSANHost.exe: [Debugger] svchost.exe
IFEO\PSANToManager.exe: [Debugger] svchost.exe
IFEO\PsCtrls.exe: [Debugger] svchost.exe
IFEO\PsImSvc.exe: [Debugger] svchost.exe
IFEO\PskSvc.exe: [Debugger] svchost.exe
IFEO\pspf.exe: [Debugger] svchost.exe
IFEO\PSUNMain.exe: [Debugger] svchost.exe
IFEO\purge.exe: [Debugger] svchost.exe
IFEO\qconsole.exe: [Debugger] svchost.exe
IFEO\qh.exe: [Debugger] svchost.exe
IFEO\qserver.exe: [Debugger] svchost.exe
IFEO\Quick Heal.exe: [Debugger] svchost.exe
IFEO\QuickHealCleaner.exe: [Debugger] svchost.exe
IFEO\rapapp.exe: [Debugger] svchost.exe
IFEO\rav7.exe: [Debugger] svchost.exe
IFEO\rav7win.exe: [Debugger] svchost.exe
IFEO\rav8win32eng.exe: [Debugger] svchost.exe
IFEO\ray.exe: [Debugger] svchost.exe
IFEO\rb32.exe: [Debugger] svchost.exe
IFEO\rcsync.exe: [Debugger] svchost.exe
IFEO\realmon.exe: [Debugger] svchost.exe
IFEO\reged.exe: [Debugger] svchost.exe
IFEO\regedt32.exe: [Debugger] svchost.exe
IFEO\rescue.exe: [Debugger] svchost.exe
IFEO\rescue32.exe: [Debugger] svchost.exe
IFEO\rrguard.exe: [Debugger] svchost.exe
IFEO\rscdwld.exe: [Debugger] svchost.exe
IFEO\rshell.exe: [Debugger] svchost.exe
IFEO\rtvscan.exe: [Debugger] svchost.exe
IFEO\rtvscn95.exe: [Debugger] svchost.exe
IFEO\rulaunch.exe: [Debugger] svchost.exe
IFEO\rwg: [Debugger] svchost.exe
IFEO\rwg.exe: [Debugger] svchost.exe
IFEO\SafetyKeeper.exe: [Debugger] svchost.exe
IFEO\safeweb.exe: [Debugger] svchost.exe
IFEO\sahagent.exe: [Debugger] svchost.exe
IFEO\Save.exe: [Debugger] svchost.exe
IFEO\SaveArmor.exe: [Debugger] svchost.exe
IFEO\SaveDefense.exe: [Debugger] svchost.exe
IFEO\SaveKeep.exe: [Debugger] svchost.exe
IFEO\savenow.exe: [Debugger] svchost.exe
IFEO\sbserv.exe: [Debugger] svchost.exe
IFEO\sc.exe: [Debugger] svchost.exe
IFEO\scam32.exe: [Debugger] svchost.exe
IFEO\scan32.exe: [Debugger] svchost.exe
IFEO\scan95.exe: [Debugger] svchost.exe
IFEO\scanpm.exe: [Debugger] svchost.exe
IFEO\scrscan.exe: [Debugger] svchost.exe
IFEO\seccenter.exe: [Debugger] svchost.exe
IFEO\Secure Veteran.exe: [Debugger] svchost.exe
IFEO\secureveteran.exe: [Debugger] svchost.exe
IFEO\Security Center.exe: [Debugger] svchost.exe
IFEO\SecurityFighter.exe: [Debugger] svchost.exe
IFEO\securitysoldier.exe: [Debugger] svchost.exe
IFEO\serv95.exe: [Debugger] svchost.exe
IFEO\setloadorder.exe: [Debugger] svchost.exe
IFEO\setupvameeval.exe: [Debugger] svchost.exe
IFEO\setup_flowprotector_us.exe: [Debugger] svchost.exe
IFEO\sgssfw32.exe: [Debugger] svchost.exe
IFEO\sh.exe: [Debugger] svchost.exe
IFEO\shellspyinstall.exe: [Debugger] svchost.exe
IFEO\shield.exe: [Debugger] svchost.exe
IFEO\shn.exe: [Debugger] svchost.exe
IFEO\showbehind.exe: [Debugger] svchost.exe
IFEO\signcheck.exe: [Debugger] svchost.exe
IFEO\smart.exe: [Debugger] svchost.exe
IFEO\smartprotector.exe: [Debugger] svchost.exe
IFEO\smc.exe: [Debugger] svchost.exe
IFEO\smrtdefp.exe: [Debugger] svchost.exe
IFEO\sms.exe: [Debugger] svchost.exe
IFEO\smss32.exe: [Debugger] svchost.exe
IFEO\snetcfg.exe: [Debugger] svchost.exe
IFEO\soap.exe: [Debugger] svchost.exe
IFEO\sofi.exe: [Debugger] svchost.exe
IFEO\SoftSafeness.exe: [Debugger] svchost.exe
IFEO\sperm.exe: [Debugger] svchost.exe
IFEO\spf.exe: [Debugger] svchost.exe
IFEO\sphinx.exe: [Debugger] svchost.exe
IFEO\spoler.exe: [Debugger] svchost.exe
IFEO\spoolcv.exe: [Debugger] svchost.exe
IFEO\spoolsv32.exe: [Debugger] svchost.exe
IFEO\spywarexpguard.exe: [Debugger] svchost.exe
IFEO\spyxx.exe: [Debugger] svchost.exe
IFEO\srexe.exe: [Debugger] svchost.exe
IFEO\srng.exe: [Debugger] svchost.exe
IFEO\ss3edit.exe: [Debugger] svchost.exe
IFEO\ssgrate.exe: [Debugger] svchost.exe
IFEO\ssg_4104.exe: [Debugger] svchost.exe
IFEO\st2.exe: [Debugger] svchost.exe
IFEO\start.exe: [Debugger] svchost.exe
IFEO\stcloader.exe: [Debugger] svchost.exe
IFEO\supftrl.exe: [Debugger] svchost.exe
IFEO\support.exe: [Debugger] svchost.exe
IFEO\supporter5.exe: [Debugger] svchost.exe
IFEO\svc.exe: [Debugger] svchost.exe
IFEO\svchostc.exe: [Debugger] svchost.exe
IFEO\svchosts.exe: [Debugger] svchost.exe
IFEO\svshost.exe: [Debugger] svchost.exe
IFEO\sweep95.exe: [Debugger] svchost.exe
IFEO\sweepnet.sweepsrv.sys.swnetsup.exe: [Debugger] svchost.exe
IFEO\symlcsvc.exe: [Debugger] svchost.exe
IFEO\symproxysvc.exe: [Debugger] svchost.exe
IFEO\symtray.exe: [Debugger] svchost.exe
IFEO\system.exe: [Debugger] svchost.exe
IFEO\system32.exe: [Debugger] svchost.exe
IFEO\sysupd.exe: [Debugger] svchost.exe
IFEO\tapinstall.exe: [Debugger] svchost.exe
IFEO\taskmgr.exe: [Debugger] svchost.exe
IFEO\taumon.exe: [Debugger] svchost.exe
IFEO\tbscan.exe: [Debugger] svchost.exe
IFEO\tc.exe: [Debugger] svchost.exe
IFEO\tca.exe: [Debugger] svchost.exe
IFEO\tcm.exe: [Debugger] svchost.exe
IFEO\tds-3.exe: [Debugger] svchost.exe
IFEO\tds2-98.exe: [Debugger] svchost.exe
IFEO\tds2-nt.exe: [Debugger] svchost.exe
IFEO\teekids.exe: [Debugger] svchost.exe
IFEO\tfak.exe: [Debugger] svchost.exe
IFEO\tfak5.exe: [Debugger] svchost.exe
IFEO\tgbob.exe: [Debugger] svchost.exe
IFEO\titanin.exe: [Debugger] svchost.exe
IFEO\titaninxp.exe: [Debugger] svchost.exe
IFEO\TPSrv.exe: [Debugger] svchost.exe
IFEO\trickler.exe: [Debugger] svchost.exe
IFEO\trjscan.exe: [Debugger] svchost.exe
IFEO\trjsetup.exe: [Debugger] svchost.exe
IFEO\trojantrap3.exe: [Debugger] svchost.exe
IFEO\TrustWarrior.exe: [Debugger] svchost.exe
IFEO\tsadbot.exe: [Debugger] svchost.exe
IFEO\tsc.exe: [Debugger] svchost.exe
IFEO\tvmd.exe: [Debugger] svchost.exe
IFEO\tvtmd.exe: [Debugger] svchost.exe
IFEO\uiscan.exe: [Debugger] svchost.exe
IFEO\undoboot.exe: [Debugger] svchost.exe
IFEO\updat.exe: [Debugger] svchost.exe
IFEO\upgrad.exe: [Debugger] svchost.exe
IFEO\upgrepl.exe: [Debugger] svchost.exe
IFEO\utpost.exe: [Debugger] svchost.exe
IFEO\vbcmserv.exe: [Debugger] svchost.exe
IFEO\vbcons.exe: [Debugger] svchost.exe
IFEO\vbust.exe: [Debugger] svchost.exe
IFEO\vbwin9x.exe: [Debugger] svchost.exe
IFEO\vbwinntw.exe: [Debugger] svchost.exe
IFEO\vcsetup.exe: [Debugger] svchost.exe
IFEO\vet32.exe: [Debugger] svchost.exe
IFEO\vet95.exe: [Debugger] svchost.exe
IFEO\vettray.exe: [Debugger] svchost.exe
IFEO\vfsetup.exe: [Debugger] svchost.exe
IFEO\vir-help.exe: [Debugger] svchost.exe
IFEO\virusmdpersonalfirewall.exe: [Debugger] svchost.exe
IFEO\VisthAux.exe: [Debugger] svchost.exe
IFEO\VisthLic.exe: [Debugger] svchost.exe
IFEO\VisthUpd.exe: [Debugger] svchost.exe
IFEO\vnlan300.exe: [Debugger] svchost.exe
IFEO\vnpc3000.exe: [Debugger] svchost.exe
IFEO\vpc32.exe: [Debugger] svchost.exe
IFEO\vpc42.exe: [Debugger] svchost.exe
IFEO\vpfw30s.exe: [Debugger] svchost.exe
IFEO\vptray.exe: [Debugger] svchost.exe
IFEO\vscan40.exe: [Debugger] svchost.exe
IFEO\vscenu6.02d30.exe: [Debugger] svchost.exe
IFEO\vsched.exe: [Debugger] svchost.exe
IFEO\vsecomr.exe: [Debugger] svchost.exe
IFEO\vshwin32.exe: [Debugger] svchost.exe
IFEO\vsisetup.exe: [Debugger] svchost.exe
IFEO\vsmain.exe: [Debugger] svchost.exe
IFEO\vsmon.exe: [Debugger] svchost.exe
IFEO\vsserv.exe: [Debugger] svchost.exe
IFEO\vsstat.exe: [Debugger] svchost.exe
IFEO\vswin9xe.exe: [Debugger] svchost.exe
IFEO\vswinntse.exe: [Debugger] svchost.exe
IFEO\vswinperse.exe: [Debugger] svchost.exe
IFEO\w32dsm89.exe: [Debugger] svchost.exe
IFEO\W3asbas.exe: [Debugger] svchost.exe
IFEO\w9x.exe: [Debugger] svchost.exe
IFEO\watchdog.exe: [Debugger] svchost.exe
IFEO\webdav.exe: [Debugger] svchost.exe
IFEO\WebProxy.exe: [Debugger] svchost.exe
IFEO\webscanx.exe: [Debugger] svchost.exe
IFEO\webtrap.exe: [Debugger] svchost.exe
IFEO\wfindv32.exe: [Debugger] svchost.exe
IFEO\whoswatchingme.exe: [Debugger] svchost.exe
IFEO\wimmun32.exe: [Debugger] svchost.exe
IFEO\win-bugsfix.exe: [Debugger] svchost.exe
IFEO\win32.exe: [Debugger] svchost.exe
IFEO\win32us.exe: [Debugger] svchost.exe
IFEO\winactive.exe: [Debugger] svchost.exe
IFEO\winav.exe: [Debugger] svchost.exe
IFEO\windll32.exe: [Debugger] svchost.exe
IFEO\window.exe: [Debugger] svchost.exe
IFEO\windows Police Pro.exe: [Debugger] svchost.exe
IFEO\windows.exe: [Debugger] svchost.exe
IFEO\wininetd.exe: [Debugger] svchost.exe
IFEO\wininitx.exe: [Debugger] svchost.exe
IFEO\winlogin.exe: [Debugger] svchost.exe
IFEO\winmain.exe: [Debugger] svchost.exe
IFEO\winppr32.exe: [Debugger] svchost.exe
IFEO\winrecon.exe: [Debugger] svchost.exe
IFEO\winservn.exe: [Debugger] svchost.exe
IFEO\winssk32.exe: [Debugger] svchost.exe
IFEO\winstart.exe: [Debugger] svchost.exe
IFEO\winstart001.exe: [Debugger] svchost.exe
IFEO\wintsk32.exe: [Debugger] svchost.exe
IFEO\winupdate.exe: [Debugger] svchost.exe
IFEO\wkufind.exe: [Debugger] svchost.exe
IFEO\wnad.exe: [Debugger] svchost.exe
IFEO\wnt.exe: [Debugger] svchost.exe
IFEO\wradmin.exe: [Debugger] svchost.exe
IFEO\wrctrl.exe: [Debugger] svchost.exe
IFEO\wsbgate.exe: [Debugger] svchost.exe
IFEO\wscfxas.exe: [Debugger] svchost.exe
IFEO\wscfxav.exe: [Debugger] svchost.exe
IFEO\wscfxfw.exe: [Debugger] svchost.exe
IFEO\wsctool.exe: [Debugger] svchost.exe
IFEO\wupdater.exe: [Debugger] svchost.exe
IFEO\wupdt.exe: [Debugger] svchost.exe
IFEO\wyvernworksfirewall.exe: [Debugger] svchost.exe
IFEO\xpdeluxe.exe: [Debugger] svchost.exe
IFEO\xpf202en.exe: [Debugger] svchost.exe
IFEO\xp_antispyware.exe: [Debugger] svchost.exe
IFEO\zapro.exe: [Debugger] svchost.exe
IFEO\zapsetup3001.exe: [Debugger] svchost.exe
IFEO\zatutor.exe: [Debugger] svchost.exe
IFEO\zonalm2601.exe: [Debugger] svchost.exe
IFEO\zonealarm.exe: [Debugger] svchost.exe
IFEO\_avp32.exe: [Debugger] svchost.exe
IFEO\_avpcc.exe: [Debugger] svchost.exe
IFEO\_avpm.exe: [Debugger] svchost.exe
IFEO\~1.exe: [Debugger] svchost.exe
IFEO\~2.exe: [Debugger] svchost.exe
SearchScopes: HKCU - DefaultScope {95B7759C-8C7F-4BF1-B163-73684A933233} URL = http://findgala.com/?&uid=2300&q={searchTerms}
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://findgala.com/?&uid=2300&q={searchTerms}
SearchScopes: HKCU - {171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E} URL = http://websearch.ask.com/redirect?client=ie&tb=WBG&o=15136&src=kw&q={searchTerms}&locale=en_US&apn_ptnrs=RS&apn_dtid=YYYYYYYYUS&apn_uid=5B3ED350-33F2-48DC-A5F6-B4B166F2D289&apn_sauid=02902701-9A59-415B-B03B-39724D057FDD
SearchScopes: HKCU - {95B7759C-8C7F-4BF1-B163-73684A933233} URL = http://findgala.com/?&uid=2300&q={searchTerms}
BHO: No Name - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} -  No File
BHO-x32: No Name - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} -  No File
BHO-x32: No Name - {5C255C8A-E604-49b4-9D64-90988571CECB} -  No File
BHO-x32: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\8.0.0.40\AVG Secure Search_toolbar.dll ()
Toolbar: HKLM-x32 - No Name - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} -  No File
Toolbar: HKLM-x32 - AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\8.0.0.40\AVG Secure Search_toolbar.dll ()
Toolbar: HKCU - No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} -  No File
Toolbar: HKCU - No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} -  No File
Toolbar: HKCU - No Name - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} -  No File
C:\Users\marian\AppData\Local\Temp\setup.exe
Reboot:

Plik zapisz pod nazwą fixlist.txt i umieść obok narzędzia FRST. Uruchom FRST i kliknij w Fix. Powstanie plik fixlog.txt. Daj ten log.

3) Zrób reset pliku HOSTS narzędziem Fix-it: >http://support.microsoft.com/kb/972034/pl

4) Zrób nowe logi z FRST.

jessi

Sądząc po nowych logach, to jest już OK.

Otwórz Notatnik i wklej w nim:

DeleteQuarantine:

W Adw-Cleaner kliknij na przycisk Odinstaluj (UNINSTALL)

Java 7 Update 25 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83217025FF}) (Version: 7.0.250 - Oracle)

 

Zainstaluj nowszą, bezpieczniejszą wersję Javy:
>http://www.oracle.com/technetwork/java/javase/downloads/jre7-downloads-1880261.html (wybierz: Windows x86 Offline)

jessi

@Picasso teraz pomaga tylko 2-3 razy w miesiącu, czyli średnio co 12 dni.
https://www.fixitpc.pl/topic/23357-picasso/

1) Odinstaluj:

BitGuard (HKLM\...\{15D2D75C-9CB2-4efd-BAD7-B9B4CB4BC693}) (Version:  - MediaTechSoft Inc.) <==== ATTENTION

DiVapton 1.0.0 (HKLM\...\DiVapton) (Version: 1.0.0 - DiVapton) <==== ATTENTION

Search-Gol Chrome Toolbar (HKLM\...\Search-Gol Chrome Toolbar) (Version:  - Search-Gol) <==== ATTENTION
searchgol toolbar   (HKLM\...\searchgol) (Version: 1.8.16.19 - searchgol) <==== ATTENTION

2) Użyj >Adw-cleaner
najpierw kliknij na SZUKAJ, a dopiero po zakończeniu skanowania, gdy uaktywni się przycisk USUŃ, to kliknij na niego.
Pokaż raport z niego C:\AdwCleaner\AdwCleaner.txt

3) Otwórz Notatnik i wklej w nim:

Task: C:\WINDOWS\Tasks\EPUpdater.job => C:\DOCUME~1\user\DANEAP~1\BABSOL~1\Shared\BabMaint.exe
Reg: reg delete "HKU\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes" /f
Reg: reg delete "HKU\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes" /f
Reg: reg delete "HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes" /f
c:\Documents and Settings\All Users\Dane aplikacji\BitGuard\2.7.1832.68\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\BitGuard.dll
C:\Documents and Settings\All Users\Dane aplikacji\BitGuard\2.7.1832.68\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\BitGuard.exe
c:\Documents and Settings\All Users\Dane aplikacji\BitGuard
C:\Program Files\DiVapton\updateDiVapton.exe
C:\Program Files\DiVapton\bin\utilDiVapton.exe
C:\Program Files\DiVapton\bin\DiVapton.BrowserAdapter.exe
C:\Program Files\DiVapton\bin\DiVapton.PurBrowse.exe
C:\Program Files\DiVapton
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{1a3e09be-1e45-494b-9174-d7385b45bbf5} => ""=""
AppInit_DLLs: c:\docume~1\alluse~1\daneap~1\bitguard\271832~1.68\{c16c1~1\bitguard.dll => c:\Documents and Settings\All Users\Dane aplikacji\BitGuard\2.7.1832.68\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\BitGuard.dll [3618304 2013-11-18] ()
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.searchgol.com/?babsrc=HP_ss&mntrId=1882002421A1CF0F&affID=125032&tsp=5035
HKCU\Software\Microsoft\Internet Explorer\Main,bProtector Start Page = http://www.searchgol.com/?babsrc=HP_ss&mntrId=1882002421A1CF0F&affID=125032&tsp=5035
URLSearchHook: HKCU - UsProvider Class - {539F76FD-084E-4858-86D5-62F02F54AE86} - C:\Program Files\Minibar\Minibar.dll (KangoExtensions)
SearchScopes: HKCU - DefaultScope {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = http://www.searchgol.com/?q={searchTerms}&babsrc=SP_ss&mntrId=1882002421A1CF0F&affID=125032&tsp=5035
SearchScopes: HKCU - bProtectorDefaultScope {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
SearchScopes: HKCU - {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = http://www.searchgol.com/?q={searchTerms}&babsrc=SP_ss&mntrId=1882002421A1CF0F&affID=125032&tsp=5035
SearchScopes: HKCU - {483830EE-A4CD-4b71-B0A3-3D82E62A6909} URL =
BHO: searchgol Helper Object - {8F547BDD-FCD4-48F8-A06F-573D6F404A3C} - C:\Program Files\searchgol\searchgol\1.8.16.19\bh\searchgol.dll (Montera Technologeis LTD)
Toolbar: HKLM - searchgol Toolbar - {00078E95-3A4A-4137-8DE7-2824908D1C17} - C:\Program Files\searchgol\searchgol\1.8.16.19\searchgolTlbr.dll (Montera Technologeis LTD)
R2 BitGuard; C:\Documents and Settings\All Users\Dane aplikacji\BitGuard\2.7.1832.68\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\BitGuard.exe [3780064 2013-11-18] ()
R2 Update DiVapton; C:\Program Files\DiVapton\updateDiVapton.exe [317672 2014-06-21] ()
R2 Util DiVapton; C:\Program Files\DiVapton\bin\utilDiVapton.exe [317672 2014-06-21] ()
R1 {ded74ddd-282b-4cdf-9d98-f616f14bf3af}t; C:\WINDOWS\System32\drivers\{ded74ddd-282b-4cdf-9d98-f616f14bf3af}t.sys [55224 2014-05-13] (StdLib)
S1 iSafeNetFilter; \??\C:\Program Files\iSafe\iSafeNetFilter.sys [X]
C:\Documents and Settings\user\Ustawienia lokalne\Temp\appshat-distribution.exe
C:\Documents and Settings\user\Ustawienia lokalne\Temp\bitool.dll
C:\Documents and Settings\user\Ustawienia lokalne\Temp\DiVapton_sm.exe
C:\Documents and Settings\user\Ustawienia lokalne\Temp\drm_dialogs.dll
C:\Documents and Settings\user\Ustawienia lokalne\Temp\SkypeSetup.exe
C:\Documents and Settings\user\Ustawienia lokalne\Temp\uninst1.exe
Reboot:

4) Zrób nowe logi z FRST (już bez Shortcut).

jessi

Tak, nie było.

W nowych logach nie było już niczego podejrzanego, więc chyba możemy kończyć:

Otwórz Notatnik i wklej w nim:

DeleteQuarantine:

W Adw-Cleaner kliknij na przycisk Odinstaluj (UNINSTALL)

W OTL kliknij na przycisk Sprzątanie - to go usunie razem z jego Kwarantanną.
Jednocześnie zniknie GMER.

jessi

Folder Usunięto : C:\Users\Maciek\AppData\Local\Mobogenie

Folder Usunięto : C:\Users\Maciek\Documents\Mobogenie

Skoro był Mobogenie, to może być zainstalowany dodatkowy niechciany Użytkownik.

Na wszelki wypadek:

Otwórz Notatnik i wklej w nim:

C:\Users\wangzhisong

Reboot:

Plik zapisz pod nazwą fixlist.txt i umieść obok narzędzia FRST. Uruchom FRST i kliknij w Fix. Powstanie plik fixlog.txt. Daj ten log.

jessi

@Picasso teraz pomaga tylko 2-3 razy w miesiącu, czyli średnio co 12 dni.
https://www.fixitpc.pl/topic/23357-picasso/

1) Odinstaluj:

webget (HKLM\...\webget) (Version: 2014.05.09.010018 - webget) <==== ATTENTION

2) Użyj >Adw-cleaner
najpierw kliknij na SZUKAJ, a dopiero po zakończeniu skanowania, gdy uaktywni się przycisk USUŃ, to kliknij na niego.
Pokaż raport z niego C:\AdwCleaner\AdwCleaner.txt

3) Otwórz Notatnik i wklej w nim:

C:\Program Files\webget\updatewebget.exe
C:\Program Files\webget\bin\utilwebget.exe
C:\Program Files\webget\bin\webget.PurBrowse.exe
C:\Program Files\webget\bin\webget.BrowserAdapter.exe
C:\Program Files\webget
Reg: reg delete "HKU\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes" /f
Reg: reg delete "HKU\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes" /f
Reg: reg delete "HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes" /f
R2 Update webget; C:\Program Files\webget\updatewebget.exe [317720 2014-06-25] ()
R2 Util webget; C:\Program Files\webget\bin\utilwebget.exe [317720 2014-06-25] ()
R1 wStLibG; C:\Windows\System32\drivers\wStLibG.sys [52928 2014-04-24] (StdLib)
R1 {55685567-4840-4a91-962b-49a412e9485a}w; C:\Windows\System32\drivers\{55685567-4840-4a91-962b-49a412e9485a}w.sys [52920 2014-05-26] (StdLib)
R1 {9edd0ea8-2819-47c2-8320-b007d5996f8a}w; C:\Windows\System32\drivers\{9edd0ea8-2819-47c2-8320-b007d5996f8a}w.sys [52920 2014-04-28] (StdLib)
R1 {b99c8534-7800-48fa-bd71-519a46cdc7e1}w; C:\Windows\System32\drivers\{b99c8534-7800-48fa-bd71-519a46cdc7e1}w.sys [52928 2014-04-24] (StdLib)
S3 onbbkwzq; No ImagePath
C:\Windows\system32\Drivers\{55685567-4840-4a91-962b-49a412e9485a}w.sys
Reboot:

4) Zrób nowe log z FRST (już bez Shortcut)

jessi

@Picasso teraz pomaga tylko 2-3 razy w miesiącu, czyli średnio co 12 dni.
https://www.fixitpc.pl/topic/23357-picasso/

Bluescreeny to najprawdopodobniej problem sprzętowy, więc to nie do tego działu Forum.

1) Odinstaluj:

"{5347542D-5637-006A-76A7-A758B70C0F00}" = Ask Toolbar

2) Użyj >Adw-cleaner
najpierw kliknij na SZUKAJ, a dopiero po zakończeniu skanowania, gdy uaktywni się przycisk USUŃ, to kliknij na niego.
Pokaż raport z niego C:\AdwCleaner\AdwCleaner.txt

3) Uruchom OTL i w oknie Własne opcje skanowania/Skrypt wklej to:

:OTL
[2014-05-19 10:12:56 | 000,000,000 | ---D | M] -- C:\Users\Damian\AppData\Roaming\Systweak
[2014-05-31 13:33:47 | 000,000,000 | ---D | C] -- C:\ProgramData\AskPartnerNetwork
[2014-05-31 13:33:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AskPartnerNetwork
[2014-05-31 13:33:34 | 000,000,000 | ---D | C] -- C:\ProgramData\APN
[2014-06-24 19:27:58 | 000,000,000 | ---D | C] -- C:\Users\Damian\AppData\Local\AskPartnerNetwork
O36 - AppCertDlls: x64 - (C:\Program Files (x86)\Settings Manager\systemk\x64\sysapcrt.dll) -  File not found
O36 - AppCertDlls: x86 - (C:\Program Files (x86)\Settings Manager\systemk\sysapcrt.dll) -  File not found
O27:64bit: - HKLM IFEO\bitguard.exe: Debugger - C:\Windows\SysNative\tasklist.exe (Microsoft Corporation)
O27:64bit: - HKLM IFEO\bprotect.exe: Debugger - C:\Windows\SysNative\tasklist.exe (Microsoft Corporation)
O27:64bit: - HKLM IFEO\bpsvc.exe: Debugger - C:\Windows\SysNative\tasklist.exe (Microsoft Corporation)
O27:64bit: - HKLM IFEO\browserdefender.exe: Debugger - C:\Windows\SysNative\tasklist.exe (Microsoft Corporation)
O27:64bit: - HKLM IFEO\browserprotect.exe: Debugger - C:\Windows\SysNative\tasklist.exe (Microsoft Corporation)
O27:64bit: - HKLM IFEO\browsersafeguard.exe: Debugger - C:\Windows\SysNative\tasklist.exe (Microsoft Corporation)
O27:64bit: - HKLM IFEO\dprotectsvc.exe: Debugger - C:\Windows\SysNative\tasklist.exe (Microsoft Corporation)
O27:64bit: - HKLM IFEO\jumpflip: Debugger - C:\Windows\SysNative\tasklist.exe (Microsoft Corporation)
O27:64bit: - HKLM IFEO\protectedsearch.exe: Debugger - C:\Windows\SysNative\tasklist.exe (Microsoft Corporation)
O27:64bit: - HKLM IFEO\searchinstaller.exe: Debugger - C:\Windows\SysNative\tasklist.exe (Microsoft Corporation)
O27:64bit: - HKLM IFEO\searchprotection.exe: Debugger - C:\Windows\SysNative\tasklist.exe (Microsoft Corporation)
O27:64bit: - HKLM IFEO\searchprotector.exe: Debugger - C:\Windows\SysNative\tasklist.exe (Microsoft Corporation)
O27:64bit: - HKLM IFEO\searchsettings.exe: Debugger - C:\Windows\SysNative\tasklist.exe (Microsoft Corporation)
O27:64bit: - HKLM IFEO\searchsettings64.exe: Debugger - C:\Windows\SysNative\tasklist.exe (Microsoft Corporation)
O27:64bit: - HKLM IFEO\snapdo.exe: Debugger - C:\Windows\SysNative\tasklist.exe (Microsoft Corporation)
O27:64bit: - HKLM IFEO\stinst32.exe: Debugger - C:\Windows\SysNative\tasklist.exe (Microsoft Corporation)
O27:64bit: - HKLM IFEO\stinst64.exe: Debugger - C:\Windows\SysNative\tasklist.exe (Microsoft Corporation)
O27:64bit: - HKLM IFEO\umbrella.exe: Debugger - C:\Windows\SysNative\tasklist.exe (Microsoft Corporation)
O27:64bit: - HKLM IFEO\utiljumpflip.exe: Debugger - C:\Windows\SysNative\tasklist.exe (Microsoft Corporation)
O27:64bit: - HKLM IFEO\volaro: Debugger - C:\Windows\SysNative\tasklist.exe (Microsoft Corporation)
O27:64bit: - HKLM IFEO\vonteera: Debugger - C:\Windows\SysNative\tasklist.exe (Microsoft Corporation)
O27:64bit: - HKLM IFEO\websteroids.exe: Debugger - C:\Windows\SysNative\tasklist.exe (Microsoft Corporation)
O27:64bit: - HKLM IFEO\websteroidsservice.exe: Debugger - C:\Windows\SysNative\tasklist.exe (Microsoft Corporation)
O27 - HKLM IFEO\bitguard.exe: Debugger - C:\Windows\SysWow64\tasklist.exe (Microsoft Corporation)
O27 - HKLM IFEO\bprotect.exe: Debugger - C:\Windows\SysWow64\tasklist.exe (Microsoft Corporation)
O27 - HKLM IFEO\bpsvc.exe: Debugger - C:\Windows\SysWow64\tasklist.exe (Microsoft Corporation)
O27 - HKLM IFEO\browserdefender.exe: Debugger - C:\Windows\SysWow64\tasklist.exe (Microsoft Corporation)
O27 - HKLM IFEO\browserprotect.exe: Debugger - C:\Windows\SysWow64\tasklist.exe (Microsoft Corporation)
O27 - HKLM IFEO\browsersafeguard.exe: Debugger - C:\Windows\SysWow64\tasklist.exe (Microsoft Corporation)
O27 - HKLM IFEO\dprotectsvc.exe: Debugger - C:\Windows\SysWow64\tasklist.exe (Microsoft Corporation)
O27 - HKLM IFEO\jumpflip: Debugger - C:\Windows\SysWow64\tasklist.exe (Microsoft Corporation)
O27 - HKLM IFEO\protectedsearch.exe: Debugger - C:\Windows\SysWow64\tasklist.exe (Microsoft Corporation)
O27 - HKLM IFEO\searchinstaller.exe: Debugger - C:\Windows\SysWow64\tasklist.exe (Microsoft Corporation)
O27 - HKLM IFEO\searchprotection.exe: Debugger - C:\Windows\SysWow64\tasklist.exe (Microsoft Corporation)
O27 - HKLM IFEO\searchprotector.exe: Debugger - C:\Windows\SysWow64\tasklist.exe (Microsoft Corporation)
O27 - HKLM IFEO\searchsettings.exe: Debugger - C:\Windows\SysWow64\tasklist.exe (Microsoft Corporation)
O27 - HKLM IFEO\searchsettings64.exe: Debugger - C:\Windows\SysWow64\tasklist.exe (Microsoft Corporation)
O27 - HKLM IFEO\snapdo.exe: Debugger - C:\Windows\SysWow64\tasklist.exe (Microsoft Corporation)
O27 - HKLM IFEO\stinst32.exe: Debugger - C:\Windows\SysWow64\tasklist.exe (Microsoft Corporation)
O27 - HKLM IFEO\stinst64.exe: Debugger - C:\Windows\SysWow64\tasklist.exe (Microsoft Corporation)
O27 - HKLM IFEO\umbrella.exe: Debugger - C:\Windows\SysWow64\tasklist.exe (Microsoft Corporation)
O27 - HKLM IFEO\utiljumpflip.exe: Debugger - C:\Windows\SysWow64\tasklist.exe (Microsoft Corporation)
O27 - HKLM IFEO\volaro: Debugger - C:\Windows\SysWow64\tasklist.exe (Microsoft Corporation)
O27 - HKLM IFEO\vonteera: Debugger - C:\Windows\SysWow64\tasklist.exe (Microsoft Corporation)
O27 - HKLM IFEO\websteroids.exe: Debugger - C:\Windows\SysWow64\tasklist.exe (Microsoft Corporation)
O27 - HKLM IFEO\websteroidsservice.exe: Debugger - C:\Windows\SysWow64\tasklist.exe (Microsoft Corporation)
O9 - Extra Button: Site Finder - {CCC7B152-1D8C-11E3-B2AD-F3EF3D58318D} - Reg Error: Key error. File not found
O3:64bit: - HKLM\..\Toolbar: (Ask Toolbar) - {5347542D-5637-006A-76A7-7A786E7484D7} - C:\Program Files (x86)\AskPartnerNetwork\Toolbar\SGT-V7\Passport_x64.dll (APN LLC.)
O3:64bit: - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {5347542D-5637-006A-76A7-7A786E7484D7} - C:\Program Files (x86)\AskPartnerNetwork\Toolbar\SGT-V7\Passport.dll (APN LLC.)
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3:64bit: - HKU\S-1-5-21-3351400152-3467265720-1739697130-1000\..\Toolbar\WebBrowser: (Ask Toolbar) - {5347542D-5637-006A-76A7-7A786E7484D7} - C:\Program Files (x86)\AskPartnerNetwork\Toolbar\SGT-V7\Passport_x64.dll (APN LLC.)
O3 - HKU\S-1-5-21-3351400152-3467265720-1739697130-1000\..\Toolbar\WebBrowser: (Ask Toolbar) - {5347542D-5637-006A-76A7-7A786E7484D7} - C:\Program Files (x86)\AskPartnerNetwork\Toolbar\SGT-V7\Passport.dll (APN LLC.)
O2:64bit: - BHO: (Ask Toolbar) - {5347542D-5637-006A-76A7-7A786E7484D7} - C:\Program Files (x86)\AskPartnerNetwork\Toolbar\SGT-V7\Passport_x64.dll (APN LLC.)
O2 - BHO: (Ask Toolbar) - {5347542D-5637-006A-76A7-7A786E7484D7} - C:\Program Files (x86)\AskPartnerNetwork\Toolbar\SGT-V7\Passport.dll (APN LLC.)
IE - HKU\S-1-5-21-3351400152-3467265720-1739697130-1000\..\URLSearchHook: {D8278076-BC68-4484-9233-6E7F1628B56C} - C:\Program Files (x86)\AskPartnerNetwork\Toolbar\searchhook.dll (APN LLC.)
IE - HKLM\..\URLSearchHook:  - No CLSID value found
SRV - [2014-06-14 22:06:45 | 000,165,784 | ---- | M] (APN LLC.) [Auto | Stopped] -- C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe -- (APNMCP)

:Files
C:\Program Files (x86)\Settings Manager

:Reg
[-HKEY_USERS\S-1-5-21-3351400152-3467265720-1739697130-1000\Software\Microsoft\Internet Explorer\SearchScopes\{8122436D-883E-456B-9278-880B2CED6BB6}]

:Commands
[emptytemp]

4) Zrób wymagane logi, wg https://www.fixitpc.pl/forum-38/announcement-3-wa%C5%BCne-zak%C5%82adanie-tematu-obowi%C4%85zkowe-logi/

jessi

Może to głupie pytanie, ale jak? Przeszukałem regedit i nie znalazlem takiego wpisu w rejestrze, w Dodaj/Usuń nie ma Bitguard`a.

Było (to BitGuard):

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{15D2D75C-9CB2-4EFD-BAD7-B9B4CB4BC693}

Adw-Cleaner już to usunął z listy programów.

W nowych logach nie widzę już niczego podejrzanego.

Jeśli @Picasso nie poda jeszcze jakichś zaleceń, to będziemy kończyć:

Otwórz Notatnik i wklej w nim:

DeleteQuarantine:

Plik zapisz pod nazwą fixlist.txt i umieść obok narzędzia FRST. Uruchom FRST i kliknij w Fix.

przez SHIFT+DEL usuń pozostały folder C:\FRST

W Adw-Cleaner kliknij na przycisk Odinstaluj (UNINSTALL)

Mam nadzieję, że to choć trochę poprawiło sytuację.

jesso