Komp sie zacina i chyba złapałem exploita/keyloggera

Siemka :D.

Komp mi się strasznie tnie, nie wiem czym to jest spodowane. I chyba złapałem jakiegoś exploita/keyloggera, bo często jak włączam jakąs grę Tibia, Silkroad, CS to Firewall piszczy, że plik services.exe chce się połączyć z netem, to biore nie ale i tak działa, więc to chyba wirus ;p.

Log z HijackThis:

Logfile of Trend Micro HijackThis v2.0.0 (BETA)

Scan saved at 16:39:44, on 2007-07-02

Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)

Boot mode: Normal


Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Ahead\InCD\InCDsrv.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Eset\nod32kui.exe

C:\Program Files\Comodo\Firewall\CPF.exe

C:\Program Files\Comodo\Firewall\cmdagent.exe

C:\Program Files\Eset\nod32krn.exe

C:\Program Files\Opera\Opera.exe

C:\Program Files\Gadu-Gadu\gg.exe

C:\Documents and Settings\Danielek\Pulpit\HiJackThis_v2.exe


O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.3.28.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll

O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE

O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\Comodo\Firewall\CPF.exe" /background

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'USŁUGA LOKALNA')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'USŁUGA SIECIOWA')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')

O4 - Global Startup: Sygate Personal Firewall.lnk = C:\Program Files\Sygate\SPF\Smc.exe

O8 - Extra context menu item: Add to AMV Convert Tool... - C:\Program Files\MP3 Player Utilities 4.00\AMVConverter\grab.html

O8 - Extra context menu item: Download all links using BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm

O8 - Extra context menu item: Download all videos using BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm

O8 - Extra context menu item: Download link using &BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm

O8 - Extra context menu item: MediaManager tool grab multimedia file - C:\Program Files\MP3 Player Utilities 4.00\MediaManager\grab.html

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\Skype4COM.dll

O22 - SharedTaskScheduler: Moduł wstępnego ładowania interfejsu Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll

O22 - SharedTaskScheduler: Demon buforu kategorii składników - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll

O23 - Service: Ad-Aware 2007 Service (aawservice) - Unknown owner - C:\Program Files\Lavasoft\Ad-Aware Pro\aawservice.exe (file missing)

O23 - Service: Comodo Application Agent (CmdAgent) - COMODO - C:\Program Files\Comodo\Firewall\cmdagent.exe

O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe

O23 - Service: InCD Helper (read only) (InCDsrvR) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe

O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe


--

End of file - 3479 bytes

I Silent Runners:

"Silent Runners.vbs", revision R50, http://www.silentrunners.org/

Operating System: Windows XP SP2

Output limited to non-default values, except where indicated by "{++}"



Startup items buried in registry:

---------------------------------


HKLM\Software\Microsoft\Windows\CurrentVersion\Run\ {++}

"nod32kui" = ""C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE" ["Eset "]

"COMODO Firewall Pro" = ""C:\Program Files\Comodo\Firewall\CPF.exe" /background" ["COMODO"]


HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\

{39F7E362-828A-4B5A-BCAF-5B79BFDFEA60}\(Default) = "BitComet ClickCapture"

  -> {HKLM...CLSID} = "BitComet Helper"

                   \InProcServer32\(Default) = "C:\Program Files\BitComet\tools\BitCometBHO_1.1.3.28.dll" ["BitComet"]

{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\(Default) = (no title provided)

  -> {HKLM...CLSID} = "SSVHelper Class"

                   \InProcServer32\(Default) = "C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll" ["Sun Microsystems, Inc."]


HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\

"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "Rozszerzenie ikony HyperTerminalu"

  -> {HKLM...CLSID} = "HyperTerminal Icon Ext"

                   \InProcServer32\(Default) = "C:\WINDOWS\System32\hticons.dll" ["Hilgraeve, Inc."]

"{0006F045-0000-0000-C000-000000000046}" = "Microsoft Outlook Custom Icon Handler"

  -> {HKLM...CLSID} = "Rozszerzenie ikon plików programu Outlook"

                   \InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\Office\OLKFSTUB.DLL" [MS]

"{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension"

  -> {HKLM...CLSID} = "WinRAR"

                   \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]

"{FC9FB64A-1EB2-4CCF-AF5E-1A497A9B5C2D}" = "Messenger Sharing Folders"

  -> {HKLM...CLSID} = "Moje foldery udostępniania"

                   \InProcServer32\(Default) = "C:\Program Files\MSN Messenger\fsshext.8.1.0178.00.dll" [MS]

"{2B3453E4-49DF-11D3-8229-0080BE509050}" = "GMail Drive"

  -> {HKLM...CLSID} = "GMail Drive"

                   \InProcServer32\(Default) = "C:\WINDOWS\system32\ShellExt\GMailFS.dll" ["Bjarke Viksoe"]

"{2B3453E4-49DF-11D3-8229-0080BE509052}" = "GMailFS Property Sheet"

  -> {HKLM...CLSID} = "GMailFS Property Sheet"

                   \InProcServer32\(Default) = "C:\WINDOWS\system32\ShellExt\GMailFS.dll" ["Bjarke Viksoe"]

"{2B3453E4-49DF-11D3-8229-0080BE509054}" = "GMailFS Drop Handler"

  -> {HKLM...CLSID} = "GMailFS Drop Handler"

                   \InProcServer32\(Default) = "C:\WINDOWS\system32\ShellExt\GMailFS.dll" ["Bjarke Viksoe"]

"{2B3453E4-49DF-11D3-8229-0080BE509056}" = "GMailFS Context Menu"

  -> {HKLM...CLSID} = "GMailFS Context Menu"

                   \InProcServer32\(Default) = "C:\WINDOWS\system32\ShellExt\GMailFS.dll" ["Bjarke Viksoe"]

"{A70C977A-BF00-412C-90B7-034C51DA2439}" = "NvCpl DesktopContext Class"

  -> {HKLM...CLSID} = "DesktopContext Class"

                   \InProcServer32\(Default) = "C:\WINDOWS\system32\nvcpl.dll" ["NVIDIA Corporation"]

"{FFB699E0-306A-11d3-8BD1-00104B6F7516}" = "Play on my TV helper"

  -> {HKLM...CLSID} = "NVIDIA CPL Extension"

                   \InProcServer32\(Default) = "C:\WINDOWS\system32\nvcpl.dll" ["NVIDIA Corporation"]

"{1CDB2949-8F65-4355-8456-263E7C208A5D}" = "Desktop Explorer"

  -> {HKLM...CLSID} = "Desktop Explorer"

                   \InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"]

"{1E9B04FB-F9E5-4718-997B-B8DA88302A47}" = "Desktop Explorer Menu"

  -> {HKLM...CLSID} = (no title provided)

                   \InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"]

"{1E9B04FB-F9E5-4718-997B-B8DA88302A48}" = "nView Desktop Context Menu"

  -> {HKLM...CLSID} = "nView Desktop Context Menu"

                   \InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"]

"{B8323370-FF27-11D2-97B6-204C4F4F5020}" = "SmartFTP Copy Hook"

  -> {HKLM...CLSID} = "SmartFTP Copy Hook"

                   \InProcServer32\(Default) = "C:\Program Files\SmartFTP Client\smarthook.dll" ["SmartSoft Ltd."]

"{2F5AC606-70CF-461C-BFE1-734234536262}" = "WindowBlinds CPL Extension"

  -> {HKLM...CLSID} = "DisplayCplExt Class"

                   \InProcServer32\(Default) = "C:\Program Files\Stardock\Object Desktop\WindowBlinds\wbui.dll" [file not found]

"{950FF917-7A57-46BC-8017-59D9BF474000}" = "Shell Extension for CDRW"

  -> {HKLM...CLSID} = "Shell Extension for CDRW"

                   \InProcServer32\(Default) = "C:\Program Files\Ahead\InCD\incdshx.dll" ["Nero AG"]

"{B089FE88-FB52-11D3-BDF1-0050DA34150D}" = "NOD32 Context Menu Shell Extension"

  -> {HKLM...CLSID} = "NOD32 Context Menu Shell Extension"

                   \InProcServer32\(Default) = "C:\Program Files\Eset\nodshex.dll" [null data]


HKLM\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\

"WPDShServiceObj" = "{AAA288BA-9A4C-45B0-95D7-94D524869DB5}"

  -> {HKLM...CLSID} = "WPDShServiceObj Class"

                   \InProcServer32\(Default) = "C:\WINDOWS\system32\WPDShServiceObj.dll" [MS]


HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows\

<> "AppInit_DLLs" = "wbsys.dll" ["Stardock.Net, Inc"]


HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\

<> WBSrv\DLLName = "C:\PROGRA~1\Stardock\Object Desktop\WindowBlinds\wbsrv.dll" ["Stardock"]


HKLM\Software\Classes\*\shellex\ContextMenuHandlers\

NOD32 Context Menu Shell Extension\(Default) = "{B089FE88-FB52-11D3-BDF1-0050DA34150D}"

  -> {HKLM...CLSID} = "NOD32 Context Menu Shell Extension"

                   \InProcServer32\(Default) = "C:\Program Files\Eset\nodshex.dll" [null data]

WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"

  -> {HKLM...CLSID} = "WinRAR"

                   \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]


HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\

WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"

  -> {HKLM...CLSID} = "WinRAR"

                   \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]


HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\

NOD32 Context Menu Shell Extension\(Default) = "{B089FE88-FB52-11D3-BDF1-0050DA34150D}"

  -> {HKLM...CLSID} = "NOD32 Context Menu Shell Extension"

                   \InProcServer32\(Default) = "C:\Program Files\Eset\nodshex.dll" [null data]

WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"

  -> {HKLM...CLSID} = "WinRAR"

                   \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]



Group Policies {GPedit.msc branch and setting}:

-----------------------------------------------


Note: detected settings may not have any effect.


HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\


"ClearRecentDocsOnExit" = (REG_DWORD) hex:0x00000001

{unrecognized setting}


"DisallowRun" = (REG_DWORD) hex:0x00000001

{unrecognized setting}


"NoRecentDocsMenu" = (REG_DWORD) hex:0x00000001

{unrecognized setting}


"NoInstrumentation" = (REG_DWORD) hex:0x00000001

{unrecognized setting}


"StartMenuLogoff" = (REG_DWORD) hex:0x00000001

{unrecognized setting}


"MemCheckBoxInRunDlg" = (REG_DWORD) hex:0x00000000

{unrecognized setting}


"NoCDBurning" = (REG_DWORD) hex:0x00000001

{unrecognized setting}


"NoSaveSettings" = (REG_DWORD) hex:0x00000001

{User Configuration|Administrative Templates|Desktop|

Don't save settings at exit}


"NoRemoteRecursiveEvents" = (REG_DWORD) hex:0x00000001

{unrecognized setting}


"NoRecentDocsHistory" = (REG_DWORD) hex:0x00000001

{unrecognized setting}


"CDRAutoRun" = (REG_DWORD) hex:0x00000000

{unrecognized setting}


"NoLowDiskSpaceChecks" = (REG_DWORD) hex:0x00000001

{unrecognized setting}


"NoResolveSearch" = (REG_DWORD) hex:0x00000001

{unrecognized setting}


"NoResolveTrack" = (REG_DWORD) hex:0x00000001

{unrecognized setting}


"LinkResolveIgnoreLinkInfo" = (REG_DWORD) hex:0x00000001

{unrecognized setting}


"NoRecentDocsNetHood" = (REG_DWORD) hex:0x00000001

{unrecognized setting}


"NoDesktopCleanupWizard" = (REG_DWORD) hex:0x00000001

{unrecognized setting}


"NoSharedDocuments" = (REG_DWORD) hex:0x00000001

{User Configuration|Administrative Templates|Windows Components|Windows Explorer|

Remove Shared Documents from My Computer}


"NoThemesTab" = (REG_DWORD) hex:0x00000001

{unrecognized setting}


"NoWelcomeScreen" = (REG_DWORD) hex:0x00000001

{unrecognized setting}


"ForceClassicControlPanel" = (REG_DWORD) hex:0x00000001

{unrecognized setting}


"NoStartBanner" = (REG_BINARY) hex:01 00 00 00

{Remove "Click here to begin" from Start button}


HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\


"NoWelcomeScreen" = (REG_DWORD) hex:0x00000001

{unrecognized setting}


"NoSMHelp" = (REG_DWORD) hex:0x00000001

{unrecognized setting}


"NoRemoteRecursiveEvents" = (REG_DWORD) hex:0x00000001

{unrecognized setting}


"NoRecentDocsHistory" = (REG_DWORD) hex:0x00000001

{unrecognized setting}


"MaxRecentDocs" = (REG_DWORD) hex:0x0000000A

{unrecognized setting}


"NoCDBurning" = (REG_DWORD) hex:0x00000001

{unrecognized setting}


"NoStrCmpLogical" = (REG_DWORD) hex:0x00000001

{unrecognized setting}


"NoAutoTrayNotify" = (REG_DWORD) hex:0x00000000

{unrecognized setting}


HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System\


"NoDispAppearancePage" = (REG_DWORD) hex:0x00000000

{unrecognized setting}


"NoColorChoice" = (REG_DWORD) hex:0x00000000

{unrecognized setting}


"NoDispBackgroundPage" = (REG_DWORD) hex:0x00000000

{User Configuration|Administrative Templates|Control Panel|Display|

Hide Desktop tab}


"NoDispCPL" = (REG_DWORD) hex:0x00000000

{User Configuration|Administrative Templates|Control Panel|Display|

Remove Display in Control Panel}


"NoDispSettingsPage" = (REG_DWORD) hex:0x00000000

{unrecognized setting}


"NoDispScrSavPage" = (REG_DWORD) hex:0x00000000

{unrecognized setting}


"NoVisualStyleChoice" = (REG_DWORD) hex:0x00000000

{unrecognized setting}


"NoSizeChoice" = (REG_DWORD) hex:0x00000000

{unrecognized setting}


HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery\Restrictions\


"NoUpdateCheck" = (REG_DWORD) hex:0x00000001

{unrecognized setting}


HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System\


"shutdownwithoutlogon" = (REG_DWORD) hex:0x00000001

{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|

Shutdown: Allow system to be shut down without having to log on}


"undockwithoutlogon" = (REG_DWORD) hex:0x00000001

{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|

Devices: Allow undock without having to log on}


"DisableTaskMgr" = (REG_DWORD) hex:0x00000000

{unrecognized setting}


"RunStartupScriptSync" = (REG_DWORD) hex:0x00000000

{unrecognized setting}


"SynchronousMachineGroupPolicy" = (REG_DWORD) hex:0x00000000

{unrecognized setting}


"SynchronousUserGroupPolicy" = (REG_DWORD) hex:0x00000000

{unrecognized setting}



Active Desktop and Wallpaper:

-----------------------------


Active Desktop may be disabled at this entry:

HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState


Displayed if Active Desktop enabled and wallpaper not set by Group Policy:

HKCU\Software\Microsoft\Internet Explorer\Desktop\General\

"Wallpaper" = "C:\WINDOWS\BricoPack Wallpaper.bmp"


Displayed if Active Desktop disabled and wallpaper not set by Group Policy:

HKCU\Control Panel\Desktop\

"Wallpaper" = "C:\WINDOWS\BricoPack Wallpaper.bmp"



Enabled Screen Saver:

---------------------


HKCU\Control Panel\Desktop\

"SCRNSAVE.EXE" = "C:\WINDOWS\System32\logon.scr" [MS]



Startup items in "Danielek" & "All Users" startup folders:

----------------------------------------------------------


C:\Documents and Settings\All Users\Menu Start\Programy\Autostart

"Sygate Personal Firewall" -> shortcut to: "C:\Program Files\Sygate\SPF\Smc.exe -start" [file not found]



Winsock2 Service Provider DLLs:

-------------------------------


Namespace Service Providers


HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}

000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]

000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]

000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]


Transport Service Providers


HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}

0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:

C:\WINDOWS\system32\imon.dll ["Eset "], 01 - 05, 11

%SystemRoot%\system32\mswsock.dll [MS], 06 - 08, 12 - 19

%SystemRoot%\system32\rsvpsp.dll [MS], 09 - 10



Toolbars, Explorer Bars, Extensions:

------------------------------------


Toolbars


HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\

"{F2CF5485-4E02-4F68-819C-B92DE9277049}"

  -> {HKLM...CLSID} = "&Links"

                   \InProcServer32\(Default) = "C:\WINDOWS\system32\ieframe.dll" [MS]


Extensions (Tools menu items, main toolbar menu buttons)


HKLM\Software\Microsoft\Internet Explorer\Extensions\

{08B0E5C0-4FCB-11CF-AAA5-00401C608501}\

"MenuText" = "Sun Java Console"

"CLSIDExtension" = "{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBC}"

  -> {HKCU...CLSID} = "Java Plug-in 1.5.0_11"

                   \InProcServer32\(Default) = "C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll" ["Sun Microsystems, Inc."]

  -> {HKLM...CLSID} = "Java Plug-in 1.5.0_11"

                   \InProcServer32\(Default) = "C:\Program Files\Java\jre1.5.0_11\bin\npjpi150_11.dll" ["Sun Microsystems, Inc."]



Running Services (Display Name, Service Name, Path {Service DLL}):

------------------------------------------------------------------


Comodo Application Agent, CmdAgent, "C:\Program Files\Comodo\Firewall\cmdagent.exe" ["COMODO"]

InCD Helper, InCDsrv, "C:\Program Files\Ahead\InCD\InCDsrv.exe" ["Nero AG"]

NOD32 Kernel Service, NOD32krn, ""C:\Program Files\Eset\nod32krn.exe"" ["Eset "]



----------

<>: Suspicious data at a malware launch point.


+ This report excludes default entries except where indicated.

+ To see *everywhere* the script checks and *everything* it finds,

  launch it from a command prompt or a shortcut with the -all parameter.

+ To search all directories of local fixed drives for DESKTOP.INI

  DLL launch points, use the -supp parameter or answer "No" at the

  first message box and "Yes" at the second message box.

---------- (total run time: 59 seconds, including 2 seconds for message boxes)

Jest coś nie tak?!

Oba logi czyste.

Przypuszczam, że system spowalnia Ci najbardziej WindowBlinds. Jest to program przeznaczony dla osób pracujących na komputerach o bardzo dobrej konfiguracji sprzętowej. W przypadku nawet nieco słabszych komputerów jego obecność może w znacznym stopniu spowolnić system. Być może tak jest i w tym przypadku?

Zapoznaj się z czynnościami opisanymi w temacie Optymalizacja i odchudzanie Windowsa XP. Spróbuj wykonać przynajmniej część z przedstawionych tam porad.

W ostateczności w celu wykluczenia syfu wklej jeszcze log z ComboFix. Aby zrobić w nim log należy go uruchomić => nacisnąć klawisz Y => czekać cierpliwie i log powinien być w formie pliku .txt o nazwie combofix na partycji C.

@up

A jak usunać tego WindowsBlindsa, bo w Dodawanie lub usuwanie programów nie ma go tam !

spróbuj tym > http://dobreprogramy.pl/index.php?dz=2&t=29&id=149