Landuss

W logach nie widać niczego podejrzanego choć logi z OTL powinny wyjść dwa. Zabrakło loga extras.txt. Opcja "Rejestr - skan dodatkowy" powinna być zaznaczona na "Użyj filtrowania". Dołącz jeszcze ten log.

Infekcja pomyślnie usunięta. Wykonaj sprawy końcowe: 1. Wklej do OTL skrypt kosmetyczny o takiej zawartości: :OTL NetSvcs: axaqmkg - File not found Klik w Wykonaj skrypt. Restartu nie będzie, logów już nie pokazujesz. W zamian za to użyj opcji Sprzątanie z OTL. 2. Odinstaluj poprawnie ComboFix - Start > Uruchom > wklej i wywołaj polecenie "C:\Documents and Settings\a\Pulpit\ComboFix.exe" /uninstall 3. Zaktualizuj obowiązkowo Internet Explorer, Java i Adobe Reader 9.4.5: KLIK. To by było na tyle. .

Uruchom OTL i w oknie Własne opcje skanowania/Skrypt wklej następujący tekst: :OTL IE - HKU\S-1-5-21-1283103087-3267178232-140050314-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = "http://www.qooqlle.com/" FF - prefs.js..browser.search.selectedEngine: "qooqlle" FF - prefs.js..browser.startup.homepage: "http://www.qooqlle.com/" [2011-07-13 19:00:44 | 000,001,860 | ---- | M] () -- C:\Users\Rabażyński\AppData\Roaming\Mozilla\Firefox\Profiles\p9phfvvw.default\searchplugins\search.xml O4 - HKLM..\Run: [csrs] C:\ProgramData\csrs.exe (Created with WinAutomation ("http://www.WinAutomation.com")) O4 - HKLM..\Run: [svhost] C:\Program Files\Common Files\svhost.exe () O4 - HKLM..\Run: [winloqon] C:\ProgramData\winloqon.exe (Created with WinAutomation ("http://www.WinAutomation.com")) :Commands [emptyflash] [emptytemp] Kliknij w Wykonaj skrypt. Zatwierdź restart komputera. Następnie uruchamiasz OTL ponownie, tym razem wywołujesz opcję Skanuj. Pokazujesz nowe logi z OTL.

W logach brak śladu aktywnej infekcji więc raczej nie tędy droga, choć nie dałeś obowiązkowego loga z Gmer. Temat jedzie do działu Visty. Jeśli chodzi o logi: 1. Z panelu usuwania programów odinstaluj spyware My Global Search Bar 2. Następnie wklej do Notatnika taki tekst: Windows Registry Editor Version 5.00 [-HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0974BA1E-64EC-11DE-B2A5-E43756D89593}] [-HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{74322BF9-DF26-493f-B0DA-6D2FC5E6429E}] [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser] "{043C5167-00BB-4324-AF7E-62013FAEDACF}"=- [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar] "{0974BA1E-64EC-11DE-B2A5-E43756D89593}"=- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "DisableS3S4"=- "Windows Defender"=- [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinDefend] "Start"=dword:00000004 Z menu Notatnika >>> Plik >>> Zapisz jako >>> Ustaw rozszerzenie na Wszystkie pliki >>> Zapisz jako FIX.REG >>> uruchom ten plik 3. Jeśli chodzi o spowolnienie podejrzanym wydaje się być Kaspersky. Na próbę odinstaluj go i sprawdź efekty. Deinstalację popraw narzędziem Kaspersky Remover

Uruchom OTL i w oknie Własne opcje skanowania/Skrypt wklej następujący tekst: :OTL O4 - HKLM..\Run: [s6000Mnt] File not found O4 - HKU\S-1-5-21-1907411925-681764103-101265881-1006..\Run: [4008810627] C:\Documents and Settings\user\Ustawienia lokalne\Dane aplikacji\kux.exe () O35 - HKU\S-1-5-21-1907411925-681764103-101265881-1006..exefile [open] -- "C:\Documents and Settings\user\Ustawienia lokalne\Dane aplikacji\kux.exe" -a "%1" %* () O37 - HKU\S-1-5-21-1907411925-681764103-101265881-1006\...exe [@ = exefile] -- "C:\Documents and Settings\user\Ustawienia lokalne\Dane aplikacji\kux.exe" -a "%1" %* () [2011-06-22 19:05:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\Ustawienia lokalne\Dane aplikacji\OpenCandy [2011-06-22 19:05:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\Dane aplikacji\OpenCandy [2011-07-06 18:38:52 | 000,019,134 | -HS- | M] () -- C:\Documents and Settings\user\Ustawienia lokalne\Dane aplikacji\18x1526j3f7ax [2011-07-06 18:38:52 | 000,019,134 | -HS- | M] () -- C:\Documents and Settings\All Users\Dane aplikacji\18x1526j3f7ax :Commands [emptyflash] [emptytemp] Kliknij w Wykonaj skrypt. Zatwierdź restart komputera. Następnie uruchamiasz OTL ponownie, tym razem wywołujesz opcję Skanuj. Pokazujesz nowe logi z OTL.

Rozpocznij od wykonania i wklejenia tutaj logów z narzędzi OTL + GMER

Rzeczywiście widać infekcję Conficker. Natomiast był tu używany bezsensownie ComboFix i ani słowa o tym nie ma. 1. Uruchom OTL i w oknie Własne opcje skanowania/Skrypt wklej następujący tekst: :Files C:\WINDOWS\system32\rnmlqarw.dll :Services axaqmkg :Reg [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List] "6695:TCP"=- :OTL O4 - HKLM..\Run: [KernelFaultCheck] File not found O4 - HKLM..\Run: [userFaultCheck] File not found :Commands [emptyflash] [emptytemp] 2. Kliknij w Wykonaj skrypt. Zatwierdź restart komputera. 3. Uruchom ponownie OTL i tym razem w pole Własne opcje skanowania/Skrypt wpisz netsvcs i kliknij w Skanuj (nie w Wykonaj skrypt) 4. Pokazujesz nowe logi z OTL oraz brakujący log z GMER

Możliwe, że masz wersję qooqlle blokującą OTL bo taka jest. Pobierz program OTH, ułóż go obok OTL, w programie wybierz opcję zabicia wszystkich procesów oraz startu OTL w celu wytworzenia logów i pokazania go nam tutaj.

Skrypt się wykonał i problemy powinny zniknąć. Wykonaj czynności końcowe: 1. Użyj opcji Sprzątanie z OTL oraz usuń z dysku szczątek po Ad Aware: C:\Windows\Tasks\Ad-Aware Update (Daily).job 2. Zaktualizuj do najnowszej wersji Java (JRE). 3. Opróżnij folder Przywracania systemu: KLIK. .

Logi nie wskazują na infekcję i temat prawdopodobnie zmieni dział. Na początek odinstaluj zbędny pasek sponsoringowy IObit Toolbar v4.5. Sugeruję też odinstalowanie oprogramowania Advanced SystemCare 4 gdyż generalnie programy od IObit nie są u nas polecane ze względu na kradzież sygnatur Malwarebytes. W kwestii spowolnienie należy sprawdzić zachowanie systemu w trybie awaryjnym oraz na czystym rozruchu: KLIK. Niewykluczone, że problem może leżeć po stronie samego AVG...

W logach nie widać żadnej infekcji choć powinieneś wkleić jeszcze log z Gmer zamiast niepotrzebnie powielać log z RSIT. Na początek wyczyścić należy drobne śmieci. 1. Uruchom OTL i w oknie Własne opcje skanowania/Skrypt wklej następujący tekst: :Files C:\Users\sylw\AppData\Local\Temp*.html :OTL FF - prefs.js..browser.search.order.1: "Crawler Search" [2011-02-25 20:29:01 | 000,000,000 | ---D | M] ("Ask Toolbar for Firefox") -- C:\Users\sylw\AppData\Roaming\mozilla\Firefox\Profiles\8kltk89w.default\extensions\{E9A1DEE0-C623-4439-8932-001E7D17607D} O2 - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No CLSID value found. O2 - BHO: (no name) - {F5CC7F02-6F4E-4462-B5B1-394A57FD3E0D} - No CLSID value found. O3 - HKLM\..\Toolbar: (no name) - - No CLSID value found. O3 - HKLM\..\Toolbar: (no name) - {10EDB994-47F8-43F7-AE96-F2EA63E9F90F} - No CLSID value found. O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found. O3 - HKU\S-1-5-21-4205598588-1710335893-2078542008-1000\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found. O3 - HKU\S-1-5-21-4205598588-1710335893-2078542008-1000\..\Toolbar\WebBrowser: (no name) - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - No CLSID value found. O3 - HKU\S-1-5-21-4205598588-1710335893-2078542008-1000\..\Toolbar\WebBrowser: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found. :Reg [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2] :Commands [emptyflash] [emptytemp] Kliknij w Wykonaj skrypt. Zatwierdź restart komputera. 2. Z panelu usuwania programów odinstaluj zbędne paski - Pasek narzędzi AOL 5.0 / Ask Toolbar 3. Następnie uruchamiasz OTL ponownie, tym razem wywołujesz opcję Skanuj. Pokazujesz nowe logi z OTL. W kwestii powłoki spróbuj następującej rzeczy - spróbuj sprawdzić rozszerzenia explorera. W tym celu skorzystaj z narzędzia ShellExView a następnie wyłącz wszystkie pozycje zaznaczone na kolor różowy. Restart komputera i sprawdź efekty.

Uruchom OTL i w oknie Własne opcje skanowania/Skrypt wklej następujący tekst: :OTL SRV - File not found [On_Demand | Stopped] -- -- (nosGetPlusHelper) SRV - File not found [Auto | Stopped] -- -- (Lavasoft Ad-Aware Service) O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKU\S-1-5-21-973436937-1761095272-684487950-500\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found. O27 - HKLM IFEO\~1.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\~2.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\a.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\aAvgApi.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\About.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\advxdwin.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\AdwarePrj.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\agent.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\agentsvr.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\agentw.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\alertsvc.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\alevir.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\alogserv.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\AlphaAV: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\AlphaAV.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\AluSchedulerSvc.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\amon9x.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\AntispywarXP2009.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\Anti-Virus Professional.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\antivirus.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\AntiVirus_Pro.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\AntivirusPlus: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\AntivirusPlus.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\AntivirusPro_2010.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\AntivirusXP: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\AntivirusXP.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\antivirusxppro2009.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\ants.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\apimonitor.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\aplica32.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\arr.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\Arrakis3.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\ashAvast.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\ashBug.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\ashChest.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\ashCnsnt.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\ashDisp.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\ashLogV.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\ashMaiSv.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\ashPopWz.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\ashQuick.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\ashServ.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\ashSimp2.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\ashSimpl.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\ashSkPcc.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\ashSkPck.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\ashUpd.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\ashWebSv.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\aswChLic.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\aswRegSvr.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\aswRunDll.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\aswUpdSv.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\atcon.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\atguard.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\atro55en.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\atupdater.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\atwatch.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\au.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\aupdate.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\auto-protect.nav80try.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\autotrace.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\autoupdate.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\av360.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\avadmin.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\AVCare.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\avcenter.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\avciman.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\avconfig.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\AVENGINE.EXE: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\avgcc32.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\avgchk.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\avgcmgr.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\avgcsrvx.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\avgdumpx.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\avgemc.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\avgiproxy.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\avgnsx.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\avgnt.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\avgrsx.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\avgscanx.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\avgserv.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\avgserv9.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\avgsrmax.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\avgtray.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\avgui.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\avgupd.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\avgw.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\avgwdsvc.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\avkpop.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\avkservice.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\avkwctl9.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\avltmain.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\avmailc.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\avmcdlg.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\avnotify.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\avsynmgr.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\avupgsvc.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\AVWEBGRD.EXE: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\avwin.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\avwinnt.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\avwsc.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\avwupd.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\avwupsrv.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\avxmonitor9x.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\avxmonitornt.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\avxquar.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\b.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\backweb.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\bargains.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\bd_professional.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\bdagent.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\bdfvcl.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\bdfvwiz.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\BDInProcPatch.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\bdmcon.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\BDMsnScan.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\bdreinit.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\bdsubwiz.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\BDSurvey.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\bdtkexec.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\bdwizreg.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\beagle.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\belt.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\bidef.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\bidserver.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\bipcp.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\bipcpevalsetup.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\bisp.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\blink.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\blss.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\bootconf.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\bootwarn.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\borg2.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\bpc.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\brasil.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\brastk.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\brw.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\bs120.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\bspatch.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\bundle.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\bvt.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\c.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\cavscan.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\ccapp.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\ccevtmgr.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\ccpxysvc.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\ccSvcHst.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\cdp.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\cfd.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\cfgwiz.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\cfp.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\cfpconfg.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\cfplogvw.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\cfpupdat.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\Cl.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\clean.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\cleanIELow.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\cleanpc.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\click.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\cmd32.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\cmdagent.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\cmesys.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\cmgrdian.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\cmon016.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\connectionmonitor.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\control: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\cpd.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\cpf9x206.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\cpfnt206.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\crashrep.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\csc.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\cssconfg.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\cssupdat.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\cssurf.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\ctrl.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\cv.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\cwnb181.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\cwntdwmo.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\d.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\datemanager.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\dcomx.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\defalert.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\defscangui.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\defwatch.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\deloeminfs.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\deputy.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\divx.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\dllcache.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\dllreg.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\doors.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\dop.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\dpf.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\dpfsetup.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\dpps2.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\driverctrl.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\drwatson.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\drweb32.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\drwebupw.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\dssagent.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\efpeadm.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\emsw.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\ent.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\escanhnt.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\escanv95.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\espwatch.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\ethereal.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\etrustcipe.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\evpn.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\exantivirus-cnet.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\exe.avxw.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\expert.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\explore.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\fact.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\fameh32.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\fast.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\fch32.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\fih32.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\firewall.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\fixcfg.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\fixfp.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\fnrb32.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\fp-win_trial.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\frmwrk32.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\fsav.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\fsav32.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\fsav530stbyb.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\fsav530wtbyb.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\fsav95.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\fsgk32.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\fsm32.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\fsma32.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\fsmb32.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\fsaa.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\gator.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\gav.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\gbmenu.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\gbn976rl.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\gbpoll.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\generics.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\gmt.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\guard.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\guarddog.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\guardgui.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\hacktracersetup.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\hbinst.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\hbsrv.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\History.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\homeav2010.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\hotactio.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\hotpatch.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\htlog.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\htpatch.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\hwpe.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\hxdl.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\hxiul.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\iamstats.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\Identity.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\idle.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\iedll.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\iedriver.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\IEShow.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\ifw2000.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\inetlnfo.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\infus.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\infwin.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\init.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\init32.exe : Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\install.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\install[1].exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\install[2].exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\install[3].exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\install[4].exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\install[5].exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\intdel.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\intren.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\istsvc.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\jammer.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\jdbgmrg.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\JsRcGen.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\kavlite40eng.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\kavpers40eng.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\kavpf.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\kazza.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\keenvalue.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\kerio-pf-213-en-win.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\kerio-wrl-421-en-win.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\kerio-wrp-421-en-win.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\killprocesssetup161.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\ldnetmon.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\ldpro.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\ldpromenu.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\ldscan.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\licmgr.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\livesrv.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\lnetinfo.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\loader.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\localnet.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\lockdown.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\lordpe.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\lsetup.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\luau.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\lucomserver.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\luinit.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\luspt.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\MalwareRemoval.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\mapisvc32.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\mcagent.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\mcmnhdlr.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\mcmscsvc.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\mcnasvc.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\mcproxy.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\McSACore.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\mcshell.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\mcshield.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\mcsysmon.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\mctool.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\mcupdate.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\mcvsrte.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\mcvsshld.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\md.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\mfin32.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\mfw2en.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\mfweng3.02d30.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\mgavrtcl.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\mgavrte.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\mghtml.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\mgui.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\minilog.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\mmod.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\monitor.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\mostat.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\mpfagent.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\mpfservice.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\MPFSrv.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\mrflux.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\mrt.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\msa.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\msapp.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\MSASCui.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\msbb.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\msblast.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\mscache.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\msccn32.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\mscman.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\msconfig: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\msdm.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\msdos.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\msiexec16.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\mslaugh.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\msmgt.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\msmsgri32.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\msseces.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\mssmmc32.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\mssys.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\msvxd.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\mu0311ad.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\mwatch.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\nav.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\navap.navapsvc.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\navdx.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\navstub.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\nc2000.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\ncinst4.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\ndd32.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\neomonitor.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\neowatchlog.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\netarmor.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\netd32.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\netinfo.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\netmon.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\netscanpro.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\netspyhunter-1.2.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\netutils.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\nisserv.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\nod32.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\norton_internet_secu_3.0_407.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\notstart.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\npf40_tw_98_nt_me_2k.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\npfmessenger.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\nprotect.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\npscheck.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\npssvc.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\nsched32.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\nssys32.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\nstask32.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\nsupdate.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\nt.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\ntrtscan.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\ntvdm.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\ntxconfig.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\nui.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\nvarch16.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\nvsvc32.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\nwinst4.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\nwservice.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\nwtool16.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\OAcat.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\OAhlp.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\OAReg.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\oasrv.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\oaui.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\oaview.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\ODSW.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\ollydbg.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\onsrvr.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\optimize.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\ostronet.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\otfix.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\outpost.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\outpostinstall.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\outpostproinstall.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\ozn695m5.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\padmin.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\panixk.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\patch.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\pav.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\PavFnSvr.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\pavproxy.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\pavprsrv.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\pavsrv51.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\pc.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\PC_Antispyware2010.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\pcip10117_0.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\pcscan.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\pctsAuxs.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\pctsGui.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\pctsSvc.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\pctsTray.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\pdfndr.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\pdsetup.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\PerAvir.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\periscope.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\personalguard: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\personalguard.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\perswf.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\pf2.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\pfwadmin.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\pgmonitr.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\pingscan.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\platin.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\pop3trap.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\poproxy.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\popscan.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\portdetective.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\portmonitor.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\powerscan.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\ppinupdt.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\pptbc.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\ppvstop.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\prizesurfer.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\prmt.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\prmvr.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\procdump.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\processmonitor.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\procexplorerv1.0.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\programauditor.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\proport.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\protector.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\protectx.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\PSANCU.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\PSANHost.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\PSANToManager.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\PsCtrls.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\PsImSvc.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\PskSvc.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\pspf.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\PSUNMain.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\purge.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\qconsole.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\qh.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\qserver.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\Quick Heal.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\QuickHealCleaner.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\rapapp.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\rav8win32eng.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\ray.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\rb32.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\rcsync.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\realmon.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\reged.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\regedt32.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\rescue.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\rescue32.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\rrguard.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\rscdwld.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\rshell.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\rtvscan.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\rtvscn95.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\rulaunch.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\rwg: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\rwg.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\SafetyKeeper.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\sahagent.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\Save.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\SaveArmor.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\SaveDefense.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\SaveKeep.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\savenow.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\sbserv.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\sc.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\scam32.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\seccenter.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\Secure Veteran.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\secureveteran.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\Security Center.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\SecurityFighter.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\securitysoldier.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\setloadorder.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\setup_flowprotector_us.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\setupvameeval.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\sgssfw32.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\sh.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\shellspyinstall.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\shield.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\shn.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\showbehind.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\signcheck.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\smart.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\smartprotector.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\smrtdefp.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\sms.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\smss32.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\snetcfg.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\soap.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\sofi.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\SoftSafeness.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\sperm.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\spf.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\spoler.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\spoolcv.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\spoolsv32.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\spywarexpguard.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\spyxx.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\srexe.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\srng.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\ss3edit.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\ssg_4104.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\ssgrate.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\st2.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\start.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\stcloader.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\supftrl.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\support.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\supporter5.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\svc.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\svchostc.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\svchosts.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\svshost.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\sweepnet.sweepsrv.sys.swnetsup.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\symlcsvc.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\symproxysvc.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\symtray.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\system.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\system32.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\sysupd.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\tapinstall.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\taumon.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\tc.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\tcm.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\tds-3.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\teekids.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\tfak.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\tfak5.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\tgbob.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\titanin.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\titaninxp.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\TPSrv.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\trickler.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\trjscan.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\trjsetup.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\trojantrap3.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\TrustWarrior.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\tsadbot.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\tsc.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\tvmd.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\tvtmd.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\uiscan.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\undoboot.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\updat.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\upgrad.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\upgrepl.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\utpost.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\vbcmserv.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\vbcons.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\vbust.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\vbwin9x.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\vbwinntw.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\vcsetup.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\vet32.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\vfsetup.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\vir-help.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\virusmdpersonalfirewall.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\VisthAux.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\VisthLic.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\VisthUpd.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\vnlan300.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\vnpc3000.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\vpc32.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\vpc42.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\vpfw30s.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\vptray.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\vscenu6.02d30.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\vsched.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\vsisetup.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\vsmain.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\vsmon.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\vsserv.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\vswin9xe.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\vswinntse.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\vswinperse.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\w32dsm89.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\W3asbas.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\w9x.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\watchdog.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\webdav.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\WebProxy.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\webtrap.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\whoswatchingme.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\wimmun32.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\win32.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\win32us.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\winactive.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\winav.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\win-bugsfix.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\windll32.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\window.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\windows Police Pro.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\windows.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\wininetd.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\wininitx.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\winlogin.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\winmain.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\winppr32.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\winrecon.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\winservn.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\winssk32.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\winstart.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\winstart001.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\wintsk32.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\winupdate.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\wkufind.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\wnad.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\wnt.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\wradmin.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\wrctrl.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\wsbgate.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\wscfxas.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\wscfxav.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\wscfxfw.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\wsctool.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\wupdater.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\wupdt.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\wyvernworksfirewall.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\xp_antispyware.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\xpdeluxe.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\xpf202en.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\zapro.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\zapsetup3001.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\zatutor.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\zonalm2601.exe: Debugger - svchost.exe (Microsoft Corporation) :Commands [emptyflash] [emptytemp] Kliknij w Wykonaj skrypt. Zatwierdź restart komputera. Następnie uruchamiasz OTL ponownie, tym razem wywołujesz opcję Skanuj. Pokazujesz nowe logi z OTL.

W takim razie użyj opcji Sprzątanie z OTL oraz opróżnij folder przywracania systemu: KLIK Z apletu usuwania programów opcjonalnie odinstaluj zbędny pasek QuickStores-Toolbar 1.1.0. Zaktualizuj sobie do najnowszej wersji Firefox.

Według tego co pokazuje OTL pliku teraz już nie było na dysku więc coś go musiało usunąć wcześniej. To lecimy dalej. 1. Użyj opcji Sprzątanie z OTL. 2. Do wykonania aktualizacja IE (to jest ważne) - Internet Explorer 8 3. Opróżnij folder przywracania systemu: KLIK

W poprzednim logu nadal widać ten plik od infekcji: [2010-06-04 21:19:00 | 000,018,666 | -H-- | C] () -- C:\WINDOWS\System32\wmimgr32.dl_ Przepuść kolejny skrypt przez OTL: :Files C:\WINDOWS\System32\wmimgr32.dl_ Do wglądu nowy log z OTl (otl.txt)

Spróbuj w trybie awaryjnym, jeśli nie pójdzie wklej nowe logi ze skanu bo może coś się wykonało. Najwyżej dam inną metodę.

Spróbuj pobrać OTL z linka zastępczego: KLIK

Skrypt się wykonał i w logach infekcji już nie widać. Ale nie piszesz co z SalityKiller? Wykrył coś? I napisz też czy problem z pustym pulpitem ustąpił bo powinien. Jeśli tak przejdziemy do dalszych działań na koniec.

Skrypt wykonany i można przystąpić do czynności końcowych: 1. Wklej do OTL skrypt kosmetyczny: :OTL O3:64bit: - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - File not found O3 - HKU\S-1-5-21-1346515533-1771426830-382901885-1000\..\Toolbar\WebBrowser: (no name) - {14F6A182-4C6F-45AE-9F5A-AA3CCBB1CFA3} - No CLSID value found. O3 - HKU\S-1-5-21-1346515533-1771426830-382901885-1000\..\Toolbar\WebBrowser: (no name) - {30F9B915-B755-4826-820B-08FBA6BD249D} - No CLSID value found. O3:64bit: - HKU\S-1-5-21-1346515533-1771426830-382901885-1000\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - File not found Kliknij w Wykonaj skrypt. Restartu nie będzie, logów już nie pokazujesz. Używasz opcji Sprzątanie z OTL. 2. Wykonaj aktualizacje. System uzupełnij o SP1+IE9 i zaktualizuj Java oraz Adobe Reader: KLIK. 3. Opróżnij folder przywracania systemu: KLIK

Podaj dokładną ścieżkę do pliku i jego nazwę bo w logach tego nie widzę. W katalogu SysWOW64 ma być svchost.exe i jest to jeden z komponentów systemu dlatego napisz dokładnie gdzie to jest i jaką ma nazwę.

qooqlle usunięte więc można przejść do czynności końcowych. 1. Użyj opcji Sprzątanie z OTL. 2. Do aktualizacji wszystko co poniżej: 64bit- Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 8.0.7600.16385) Windows 7 Service Pack 1 + Internet Explorer 9 3. Opróżnij folder przywracania systemu: KLIK

Nie wygląda by tu była jakaś infekcja. Temat wędruje do innego działu. Wstępnie sprawdź czy problem występuje na czystym rozruchu: KLIK

Wygląda na to, że infekcja została usunięta i problemy powinny minąć. Wykonaj pozostałe czynności: 1. Wklej do OTL taki końcowy skrypt: :OTL O3 - HKU\S-1-5-21-583907252-1060284298-839522115-1004\..\Toolbar\WebBrowser: (no name) - {043C5167-00BB-4324-AF7E-62013FAEDACF} - No CLSID value found. O3 - HKU\S-1-5-21-583907252-1060284298-839522115-1004\..\Toolbar\WebBrowser: (no name) - {32099AAC-C132-4136-9E9A-4E364A424E17} - No CLSID value found. O3 - HKU\S-1-5-21-583907252-1060284298-839522115-1004\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found. O33 - MountPoints2\{5b7f1bb8-1930-11de-800a-001a9272e2f1}\Shell\AutoRun\command - "" = K:\xsia.bat O33 - MountPoints2\{5b7f1bb8-1930-11de-800a-001a9272e2f1}\Shell\open\Command - "" = K:\xsia.bat Klik w Wykonaj skrypt. Restartu teraz nie będzie a ty już logów nie pokazujesz. W zamian za to użyj opcji Sprzątanie z OTL. 2. Wykonaj ważne aktualizacje: Internet Explorer (Version = 7.0.5730.13) "{26A24AE4-039D-4CA4-87B4-2F83216010FF}" = Java 6 Update 15 "{AC76BA86-7AD7-1045-7B44-A93000000001}" = Adobe Reader 9.3.2 - Polish "Mozilla Firefox (3.5.19)" = Mozilla Firefox (3.5.19) Szczegóły aktualizacyjne w tym temacie: KLIK. 3. Opróżnij folder Przywracania systemu: KLIK

Co to znaczy, że ci nie działa i nie możesz pobrać? Jeśli błąd to jaki? Podaj konkretnie bo trudno coś tu powiedzieć.

Wszystko wskazuje na to, że naprawdę tu może być Sality bo są ślady infekcji z dysków przenośnych a taką drogą Sality wchodzi najczęściej. 1. Wykonaj skan dysku za pomocą SalityKiller i skanuj dotąd dopóki nic nie wykryje. 2. Uruchom OTL i w oknie Własne opcje skanowania/Skrypt wklej następujący tekst: :Files RECYCLER /alldrives C:\Program Files\Conduit c:\windows\system32\wmimgr32.dl_ C:\Documents and Settings\pc\csrss.exe C:\Documents and Settings\pc\Ustawienia lokalne\Dane aplikacji\Conduit :Reg [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] "TaskMan"=- [HKEY_USERS\S-1-5-21-746137067-1957994488-1801674531-1003\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] "Shell"="explorer.exe" [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2] :OTL SRV - File not found [Auto | Stopped] -- -- (hglylx) IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = "http://start.facemoods.com/?a=ddr&s={searchTerms}&f=4" IE - HKU\S-1-5-21-746137067-1957994488-1801674531-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = "http://search.conduit.com?SearchSource=10&ctid=CT1098640" FF - prefs.js..browser.search.defaultenginename: "Winamp Search" FF - prefs.js..browser.search.defaultthis.engineName: "free-downloads.net Customized Web Search" FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT1098640&SearchSource=3&q={searchTerms}" FF - prefs.js..browser.startup.homepage: "http://search.conduit.com/?ctid=CT1098640&SearchSource=13" FF - prefs.js..extensions.enabledItems: DTToolbar@toolbarnet.com:1.1.1.0014 FF - prefs.js..extensions.enabledItems: ffxtlbr@Facemoods.com:1.2.1 FF - prefs.js..keyword.URL: "http://start.facemoods.com/results.php?f=5&a=ddr&q=" [2010-02-03 21:15:43 | 000,000,000 | ---D | M] (Winamp Toolbar) -- C:\Documents and Settings\pc\Dane aplikacji\Mozilla\Firefox\Profiles\7aekjsue.default\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f} [2011-06-15 15:05:19 | 000,000,000 | ---D | M] (free-downloads.net Community Toolbar) -- C:\Documents and Settings\pc\Dane aplikacji\Mozilla\Firefox\Profiles\7aekjsue.default\extensions\{ecdee021-0d17-467f-a1ff-c7a115230949} [2011-07-02 10:40:22 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\pc\Dane aplikacji\Mozilla\Firefox\Profiles\7aekjsue.default\extensions\DTToolbar@toolbarnet.com [2011-06-15 15:05:19 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Documents and Settings\pc\Dane aplikacji\Mozilla\Firefox\Profiles\7aekjsue.default\extensions\engine@conduit.com [2011-04-09 12:56:17 | 000,000,000 | ---D | M] (Facemoods) -- C:\Documents and Settings\pc\Dane aplikacji\Mozilla\Firefox\Profiles\7aekjsue.default\extensions\ffxtlbr@Facemoods.com [2011-05-25 16:55:54 | 000,000,939 | ---- | M] () -- C:\Documents and Settings\pc\Dane aplikacji\Mozilla\Firefox\Profiles\7aekjsue.default\searchplugins\conduit.xml [2010-02-25 08:44:22 | 000,002,055 | ---- | M] () -- C:\Documents and Settings\pc\Dane aplikacji\Mozilla\Firefox\Profiles\7aekjsue.default\searchplugins\daemon-search.xml [2010-02-03 21:40:20 | 000,001,201 | ---- | M] () -- C:\Documents and Settings\pc\Dane aplikacji\Mozilla\Firefox\Profiles\7aekjsue.default\searchplugins\winamp-search.xml [2010-12-13 14:36:54 | 000,002,035 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\fcmdSrchddr.xml O3 - HKU\S-1-5-21-746137067-1957994488-1801674531-1003\..\Toolbar\WebBrowser: (no name) - {32099AAC-C132-4136-9E9A-4E364A424E17} - No CLSID value found. O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [4StoryPrePatch] File not found :Commands [emptyflash] [emptytemp] Kliknij w Wykonaj skrypt. Zatwierdź restart komputera. 3. Z panelu usuwania programów odinstaluj pozycję facemoods 4. Następnie uruchamiasz OTL ponownie, tym razem wywołujesz opcję Skanuj. Pokazujesz nowe logi z OTL. Możesz załączyć też raport z SalityKillera.