Witam
Mam problem kolega zrobił sobie żarcik i wysłał mi taki programik ze widzie co ja pisze na gg i kto do mnie pisze.
Chciałem go usunąć wiec otworzyłem go notatnikiem i wszystko wykasowałem bo inaczej nie dało go sie wykasować ;]
Od tej pory wszystko otwiera sie notatnikiem i są w nim Hińskie znaki mogę otwierać programy tylko Uruchom jako.
Mówię że przywracanie systemu nie działa po przywracałem kilka razy i nic nie dale nadal to samo a w Start
Proszę o pomoc jak zreperować przyczynę.
Powiem wprost niezbyt rozumiem tantej rozmowy
Wykonaj instrukcje w ostatnim poście w wymienionym wyżej wątku.
Nie bardzo rozumiem wlasnie tego postu : zapisz jako plik.reg >> wszystkie pliki >> scal z rejestrem >> restart
To znaczy ze mam tanto wkleic do notatnika i zapisać jako> zaznaczyć wszystkie pliki>I zapisać pod tylułem “.reg” ?? Jeśli tak to to zrobilem 
Dokładnie tak miałeś to zrobić.
Wykonaj jeszcze restart i sprawdź działanie plików .exe
Niestety nie pomogło 
deFco247 nie wprowadzaj w błąd. Nie zapisujesz
tylko jako rozszerzenie dajesz *.reg czyli wklejasz tekst do notatnika, dajesz zapisz jako, zmieniasz z txt na wszystkie rozszerzenia i nazywasz swój plik np. “fix.reg” (bez cudzysłowu). Później 2x klikasz na tym i potwierdzasz ok dodanie do rejestru. (sorry że tak łopatologicznie);]
To nie ja napisałem o tym tytule. To był tylko cytat.
SpOLeM , ten plik miał nosić nazwę plik.reg
Zacytowałeś go i napisałeś
. Ja bym się zasugerował, że dobrze robiłem. Ale to już nieważne. Mam nadzieję, że ten fix rejestru pomógł:)
Windows Registry Editor Version 5.00
[HKEY_CLASSES_ROOT.exe]
@=“exefile”
[HKEY_CLASSES_ROOT\exefile\shell\open\command]
@=""%1" %*"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\open\command]
@=""%1" %*"
Wkleiłem to do notatnika zrobiłem : zapisz jako
Zrobiłem to co kazales nawet 2razy i nic nadal ten sam problem co włoncze to otwiera sie notatnik i HINSKIE znaki a jeszcze nie powiedziałem żę przy włonczeniu komputera też wyyskakują 23notatniki xDD z HINSKIMI znakami
Pobierz System Repair Engineer
http://www.cybertrash.pl/images/tata/System%20Repair/System%20Repair%20Engineer.html
przeskanuj daj log
2009-06-17,11:43:02
System Repair Engineer 2.7.0.1210
Smallfrogs (http://www.KZTechs.com)
Windows XP Professional Dodatek Service Pack 2 (Build 2600) - Administrative User - Completed Functions Allowed
Follow item(s) have been selected:
All Boot Items (Including Registry, Startup Folders, Services and so on)
Browser Add-ons
Running Processes (Including process model information)
File Associations
Winsock Provider
Autorun.Inf
HOSTS File
Process Privileges Scan
Scheduled Tasks
API HOOK
Hidden Process
Boot Items
Registry
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
[(Verified)Microsoft Windows Publisher]
<"C:\Program Files\Gadu-Gadu\gg.exe" /tray> [(Verified)Gadu-Gadu sp. z o.o.]
[File is missing]
<1qaw3edr5> []
<; "C:\Program Files\BitComet\BitComet.exe" /tray> [(Verified)Comet Network Technology Co Ltd.]
<; "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun> [(Verified)DAEMON Tools Code Signing Services]
<; "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized> [(Verified)Skype Technologies SA]
<; "E:\Nowy folder\Steam.exe" -silent> [File is missing]
<; C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe> [File is missing]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
[(Verified)Microsoft Windows Hardware Compatibility Publisher]
[(Verified)Microsoft Windows Hardware Compatibility Publisher]
<"C:\Program Files\Java\jre6\bin\jusched.exe"> [(Verified)"Sun Microsystems, Inc."]
[(Verified)Microsoft Windows Hardware Compatibility Publisher]
[PixArt Imaging Incorporation]
[Hewlett-Packard Co.]
[Ahead Software Gmbh]
<"C:\Program Files\QuickTime\QTTask.exe" -atboottime> [Apple Inc.]
[(Verified)"Vendio Services, Inc."]
[prolink]
[]
<"C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"> [(Verified)Microsoft Corporation]
<%systemroot%\system32\dumprep 0 -k> [File is missing]
[(Verified)ALWIL Software]
<1qaw3edr5> []
<; "C:\Program Files\iTunes\iTunesHelper.exe"> [(Verified)Apple Inc.]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run]
<1qaw3edr5> []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
[Microsoft Corporation]
[(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
<> [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
[Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
<{B5A7F190-DDA6-4420-B3BA-52453494E6CD}> [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
[(Verified)Microsoft Windows Component Publisher]
<%SystemRoot%\system32\SHELL32.dll> [(Verified)Microsoft Windows Component Publisher]
<%SystemRoot%\system32\SHELL32.dll> [(Verified)Microsoft Windows Component Publisher]
<%systemroot%\system32\stobject.dll> [Microsoft Corporation]
[(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain]
[(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet]
[(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll]
[(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp]
[(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule]
[(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy]
[(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn]
[(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv]
[(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon]
[(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
<{438755C2-A8BA-11D1-B96B-00A0C90312E1}><%SystemRoot%\system32\browseui.dll> [Microsoft Corporation]
<{8C7461EF-2B13-11d2-BE35-3078302C2030}><%SystemRoot%\system32\browseui.dll> [Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\<{12d0ed0d-0ee0-4f90-8827-78cefb8f4988}]
[(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
[(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{26923b43-4d38-484f-9b9e-de460746276c}]
[(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS]
[(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}]
<%systemroot%\system32\shmgrate.exe OCInstallUserConfigOE> [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}]
<%SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll> [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
[]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{7790769C-0471-11d2-AF11-00C04FA35D02}]
<"%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install> [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4340}]
[(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{89B4C1CD-B018-4511-B0A1-5476DBF70820}]
[Microsoft Corporation]
[HKEY_CURRENT_USER\Control Panel\Desktop]
[(Verified)Microsoft Windows Publisher]
==================================
Startup Folders
[BlueSoleil]
C:\PROGRA~1\IVTCOR~1\BLUESO~1\BLUESO~1.EXE [IVT Corporation.]>
[HP Digital Imaging Monitor]
C:\PROGRA~1\HP\DIGITA~1\bin\hpqtra08.exe [Hewlett-Packard Co.]>
[HP Image Zone - szybkie uruchamianie]
C:\PROGRA~1\HP\DIGITA~1\bin\hpqthb08.exe [Hewlett-Packard Co.]>
[Tworzenie wycinków ekranu i uruchamianie programu OneNote 2007]
C:\PROGRA~1\MICROS~1\Office12\ONENOTEM.EXE [Microsoft Corporation]>
[UniSpiker-2.6]
C:\PROGRA~1\ivo\UNISPI~1.6\UNI_SP~1.EXE [N/A]>
==================================
Services
[Apple Mobile Device / Apple Mobile Device][Running/Auto Start]
<"C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe">
[avast! iAVS4 Control Service / aswUpdSv][Running/Auto Start]
<"C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe">
[avast! Antivirus / avast! Antivirus][Running/Auto Start]
<"C:\Program Files\Alwil Software\Avast4\ashServ.exe">
[avast! Mail Scanner / avast! Mail Scanner][Running/Manual Start]
<"C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service>
[avast! Web Scanner / avast! Web Scanner][Running/Manual Start]
<"C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service>
[Usługa inteligentnego transferu w tle / BITS][Stopped/Auto Start]
<%fystemRoot%\system32\svchost.exe -k netsvcs-->%systemroot%\system32\qmgr.dll>
[Bonjour Service / Bonjour Service][Running/Auto Start]
<"C:\Program Files\Bonjour\mDNSResponder.exe">
[CiSvc / CiSvc][Stopped/Manual Start]
<(File is missing)>
[ERSvc / ERSvc][Stopped/Auto Start]
%SystemRoot%\System32\ersvc.dll>
[Windows Presentation Foundation Font Cache 3.0.0.0 / FontCache3.0.0.0][Stopped/Manual Start]
[Windows CardSpace / idsvc][Stopped/Manual Start]
<"C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe">
[Usługa iPod / iPod Service][Stopped/Manual Start]
<"C:\Program Files\iPod\bin\iPodService.exe">
[Java Quick Starter / JavaQuickStarterService][Running/Auto Start]
<"C:\Program Files\Java\jre6\bin\jqs.exe" -service -config "C:\Program Files\Java\jre6\lib\deploy\jqs\jqs.conf">
[Instalator Windows / MSIServer][Stopped/Manual Start]
[Net.Tcp Port Sharing Service / NetTcpPortSharing][Stopped/Disabled]
<"C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe">
[NVIDIA Display Driver Service / NVSvc][Running/Auto Start]
[Pml Driver HPZ12 / Pml Driver HPZ12][Running/Auto Start]
[PC Tools Auxiliary Service / sdAuxService][Stopped/Manual Start]
[PC Tools Security Service / sdCoreService][Stopped/Manual Start]
[StarWind AE Service / StarWindServiceAE][Running/Auto Start]
[Aktualizacje automatyczne / wuauserv][Stopped/Auto Start]
<%fystemroot%\system32\svchost.exe -k netsvcs-->C:\WINDOWS\system32\wuauserv.dll>
==================================
Drivers
[Service for Realtek AC97 Audio (WDM) / ALCXWDM][Running/Manual Start]
[AMD Athlon64 Processor Driver / AmdK8][Running/System Start]
[aswFsBlk / aswFsBlk][Running/Auto Start]
[Bluetooth Audio Service / BlueletAudio][Running/Manual Start]
[Bluetooth SCO Audio Service / BlueletSCOAudio][Running/Manual Start]
[Bluetooth PAN Network Adapter / BT][Running/Manual Start]
[BtCap, WDM Video Capture / BT848][Running/Auto Start]
[Bluetooth USB For Bluetooth Service / Btcsrusb][Stopped/Manual Start]
[Bluetooth HID Enumerator / BTHidEnum][Running/Boot Start]
<\SystemRoot\System32\Drivers\vbtenum.sys>
[Bluetooth HID Manager Service / BTHidMgr][Running/Boot Start]
<\SystemRoot\System32\Drivers\BTHidMgr.sys>
[BtTuner, WDM TV Tuner / BTTUNER][Running/Auto Start]
[BtXBar, WDM Crossbar / BTXBAR][Running/Auto Start]
[GEAR ASPI Filter Driver / GEARAspiWDM][Running/Manual Start]
[IEEE-1284.4 Driver HPZid412 / HPZid412][Stopped/Manual Start]
[Print Class Driver for IEEE-1284.4 HPZipr12 / HPZipr12][Stopped/Manual Start]
[USB to IEEE-1284.4 Translation Driver HPZius12 / HPZius12][Stopped/Manual Start]
[Motorola USB Composite Device Driver / motccgp][Stopped/Manual Start]
[MotCcgpFlService / motccgpfl][Stopped/Manual Start]
[Motorola Inc. USB Device / MotDev][Stopped/Manual Start]
[Motorola USB CDC ACM Driver / motmodem][Stopped/Manual Start]
[nv / nv][Running/Manual Start]
[PCTools KDS / PCTCore][Running/Boot Start]
<\SystemRoot\system32\drivers\PCTCore.sys>
[Sterownik bezpośredniego połączenia kablowego / Ptilink][Running/Manual Start]
[PxHelp20 / PxHelp20][Running/Boot Start]
<\SystemRoot\System32\Drivers\PxHelp20.sys>
[Secdrv / Secdrv][Stopped/Manual Start]
[SiS191/SiS190 Ethernet Device NDIS 5.1 Driver / SiSGbeXP][Running/Manual Start]
[SiSRaid2 / SiSRaid2][Running/Boot Start]
<\SystemRoot\system32\DRIVERS\SiSRaid2.sys>
[sptd / sptd][Running/Boot Start]
<\SystemRoot\System32\Drivers\sptd.sys>
[Motorola USB Modem Driver for MPT / usbsermpt][Stopped/Manual Start]
[Virtual Serial port driver / VComm][Running/Manual Start]
[Bluetooth VComm Manager Service / VcommMgr][Running/Manual Start]
[Bluetooth HID Device Service / VHidMinidrv][Stopped/Manual Start]
==================================
Browser Add-ons
[ToggleEN Toolbar]
{038cb5c7-48ea-4af9-94e0-a1646542e62b}
[AcroIEHlprObj Class]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
[BitComet Helper]
{39F7E362-828A-4B5A-BCAF-5B79BFDFEA60}
[Groove GFS Browser Helper]
{72853161-30C5-4D22-B7F9-0BBC1D38A37E}
[Java(tm) Plug-In SSV Helper]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}
[Java(tm) Plug-In 2 SSV Helper]
{DBC80044-A445-435b-BC74-9C25C1C588A9}
[JQSIEStartDetectorImpl Class]
{E7E6F031-17CE-4C07-BC86-EABFE594F69C}
[free-downloads.net Toolbar]
{ecdee021-0d17-467f-a1ff-c7a115230949}
[Send to OneNote from Internet Explorer button]
{2670000A-7350-4f3c-8081-5663EE0C6C49}
[&Poszukaj]
{92780B25-18CC-41C8-B9BE-3C9C571A8263}
[BitComet]
{D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} <, >
[]
{e2e2dd38-d088-4134-82b7-f2ba38496583} <%windir%\Network Diagnostic\xpnetdiag.exe, (Signed) N/A>
[ToggleEN Toolbar]
{038cb5c7-48ea-4af9-94e0-a1646542e62b}
[free-downloads.net Toolbar]
{ecdee021-0d17-467f-a1ff-c7a115230949}
[DAEMON Tools Toolbar]
{32099AAC-C132-4136-9E9A-4E364A424E17}
[MksSkanerOnline Class]
{68282C51-9459-467B-95BF-3C0E89627E55}
[Java Plug-in 1.6.0_11]
{8AD9C840-044E-11D1-B3E9-00805F499D93}
[Java Plug-in 1.6.0_11]
{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
[Java Plug-in 1.6.0_11]
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
[]
{00EF2092-6AC5-47C0-BD25-CF2D5D657FEB} <, >
[ToggleEN Toolbar]
{038CB5C7-48EA-4AF9-94E0-A1646542E62B}
[AcroIEHlprObj Class]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
[]
{2318C2B1-4965-11D4-9B18-009027A5CD4F} <, >
[]
{2670000A-7350-4F3C-8081-5663EE0C6C49} <, >
[DHTML Edit Control Safe for Scripting for IE5]
{2D360201-FFF5-11D1-8D03-00A0C959BC0A}
[DAEMON Tools Toolbar]
{32099AAC-C132-4136-9E9A-4E364A424E17}
[BitComet Helper]
{39F7E362-828A-4B5A-BCAF-5B79BFDFEA60}
[XML Document]
{48123BC4-99D9-11D1-A6B3-00C04FD91555}
[Groove GFS Browser Helper]
{72853161-30C5-4D22-B7F9-0BBC1D38A37E}
[Java(tm) Plug-In SSV Helper]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}
[XML HTTP 6.0]
{88d96a0a-f192-11d4-a65f-0040963251e5}
[]
{92780B25-18CC-41C8-B9BE-3C9C571A8263} <, >
[]
{AA58ED58-01DD-4D91-8333-CF10577473F7} <, >
[]
{AF69DE43-7D58-4638-B6FA-CE66B5AD205D} <, >
[]
{C84D72FE-E17D-4195-BB24-76C02E2E7C4E} <, >
[]
{D18A0B52-D63C-4ED0-AFC6-C1E3DC1AF43A} <, >
[Shockwave Flash Object]
{D27CDB6E-AE6D-11CF-96B8-444553540000}
[Java(tm) Plug-In 2 SSV Helper]
{DBC80044-A445-435B-BC74-9C25C1C588A9}
[]
{E2E2DD38-D088-4134-82B7-F2BA38496583} <, >
[JQSIEStartDetectorImpl Class]
{E7E6F031-17CE-4C07-BC86-EABFE594F69C}
[free-downloads.net Toolbar]
{ECDEE021-0D17-467F-A1FF-C7A115230949}
[XML HTTP]
{f6d90f16-9c73-11d3-b32e-00c04f990bb4}
[E&ksportuj do programu Microsoft Excel]
[pobierz wszystkie video za pomocą bitcomet]
[pobierz wszystko za pomocą bitcomet]
[pobierz za pomocą bitcomet]
==================================
Running Processes
[PID][\SystemRoot\System32\smss.exe] [(Verified) Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID][\??\C:\WINDOWS\system32\csrss.exe] [(Verified) Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C] [Microsoft Corporation, 5.1.2600.3103 (xpsp_sp2_qfe.070316-1308)]
[C] [Microsoft Corporation, 5.1.2600.3099 (xpsp_sp2_qfe.070308-0217)]
[PID][\??\C:\WINDOWS\system32\winlogon.exe] [(Verified) Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C] [Microsoft Corporation, 5.1.2600.3099 (xpsp_sp2_qfe.070308-0217)]
[C] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C] [Microsoft Corporation, 6.00.2900.3121 (xpsp_sp2_qfe.070418-1302)]
[C] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C] [Microsoft Corporation, 6.00.2900.2845 (xpsp.060210-1526)]
[PID][C] [(Verified) Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C] [Microsoft Corporation, 5.1.2600.3099 (xpsp_sp2_qfe.070308-0217)]
[C] [Microsoft Corporation, 6.00.2900.3121 (xpsp_sp2_qfe.070418-1302)]
[C] [Apple Inc., 1,0,5,11]
[C] [Microsoft Corporation, 6.00.2900.2845 (xpsp.060210-1526)]
[PID][C] [(Verified) Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C] [Microsoft Corporation, 5.1.2600.3099 (xpsp_sp2_qfe.070308-0217)]
[C] [Microsoft Corporation, 6.00.2900.3121 (xpsp_sp2_qfe.070418-1302)]
[C] [Microsoft Corporation, 6.00.2900.2845 (xpsp.060210-1526)]
[C] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID][C] [(Verified) Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C] [Microsoft Corporation, 5.1.2600.3099 (xpsp_sp2_qfe.070308-0217)]
[C] [Microsoft Corporation, 6.00.2900.3121 (xpsp_sp2_qfe.070418-1302)]
[C] [Microsoft Corporation, 6.00.2900.2845 (xpsp.060210-1526)]
[c] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID][C] [(Verified) Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C] [Microsoft Corporation, 5.1.2600.3099 (xpsp_sp2_qfe.070308-0217)]
[C] [Microsoft Corporation, 6.00.2900.3121 (xpsp_sp2_qfe.070418-1302)]
[C] [Microsoft Corporation, 6.00.2900.2845 (xpsp.060210-1526)]
[PID][C] [(Verified) Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C] [Microsoft Corporation, 5.1.2600.3099 (xpsp_sp2_qfe.070308-0217)]
[C] [Microsoft Corporation, 6.00.2900.3121 (xpsp_sp2_qfe.070418-1302)]
[C] [Microsoft Corporation, 6.00.2900.2845 (xpsp.060210-1526)]
[C] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[c] [Microsoft Corporation, 5.1.2600.2658 (xpsp.050419-1524)]
[c] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID][C] [(Verified) Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C] [Microsoft Corporation, 5.1.2600.3099 (xpsp_sp2_qfe.070308-0217)]
[C] [Microsoft Corporation, 6.00.2900.3121 (xpsp_sp2_qfe.070418-1302)]
[C] [Microsoft Corporation, 6.00.2900.2845 (xpsp.060210-1526)]
[PID][C] [(Verified) Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C] [Microsoft Corporation, 5.1.2600.3099 (xpsp_sp2_qfe.070308-0217)]
[C] [Microsoft Corporation, 6.00.2900.3121 (xpsp_sp2_qfe.070418-1302)]
[C] [Microsoft Corporation, 6.00.2900.2845 (xpsp.060210-1526)]
[PID][C] [ALWIL Software, 4, 8, 1335, 0]
[C] [ALWIL Software, 4, 8, 1335, 0]
[C] [ALWIL Software, 4, 8, 1335, 0]
[C] [Microsoft Corporation, 5.1.2600.3099 (xpsp_sp2_qfe.070308-0217)]
[C] [Microsoft Corporation, 7.10.3077.0]
[C] [Microsoft Corporation, 7.10.3052.4]
[C] [ALWIL Software, 4, 8, 1335, 0]
[PID][C] [ALWIL Software, 4, 8, 1335, 0]
[C] [ALWIL Software, 4, 8, 1335, 0]
[C] [Microsoft Corporation, 7.10.3077.0]
[C] [Microsoft Corporation, 7.10.3052.4]
[C] [ALWIL Software, 4, 8, 1335, 0]
[C] [ALWIL Software, 4, 8, 1335, 0]
[C] [Microsoft Corporation, 5.1.2600.3099 (xpsp_sp2_qfe.070308-0217)]
[C] [ALWIL Software, 4, 8, 1335, 0]
[C] [ALWIL Software, 4, 8, 1335, 0]
[C] [ALWIL Software, 4, 8, 1335, 0]
[C] [ALWIL Software, 4, 8, 1335, 0]
[C] [ALWIL Software, 4, 8, 1335, 0]
[C] [ALWIL Software, 4, 8, 1335, 0]
[C] [ALWIL Software, 4, 8, 1335, 0]
[C] [ALWIL Software, 4, 8, 1335, 0]
[C] [ALWIL Software, 4, 8, 1335, 0]
[C] [ALWIL Software, 4, 8, 1335, 0]
[C] [ALWIL Software, 4, 8, 1335, 0]
[C] [ALWIL Software, 4, 8, 1335, 0]
[C] [ALWIL Software, 4, 8, 1335, 0]
[C] [ALWIL Software, 4, 8, 1335, 0]
[C] [ALWIL Software, 4, 8, 1335, 0]
[C] [ALWIL Software, 4, 8, 1335, 0]
[C] [ALWIL Software, 4, 8, 1335, 0]
[C] [ALWIL Software, 4, 8, 1335, 0]
[C] [Microsoft Corporation, 6.00.2900.2845 (xpsp.060210-1526)]
[C] [Apple Inc., 1,0,5,11]
[PID][C] [Microsoft Corporation, 6.00.2900.2649 (xpsp.050406-1732)]
[C] [Microsoft Corporation, 6.00.2900.3157 (xpsp_sp2_qfe.070614-1244)]
[C] [Microsoft Corporation, 5.1.2600.3099 (xpsp_sp2_qfe.070308-0217)]
[C] [Microsoft Corporation, 6.00.2900.3121 (xpsp_sp2_qfe.070418-1302)]
[C] [Microsoft Corporation, 6.00.2900.3121 (xpsp_sp2_qfe.070418-1302)]
[C] [Microsoft Corporation, 6.00.2900.2845 (xpsp.060210-1526)]
[C] [Microsoft Corporation, 8.00.50727.762]
[C] [Microsoft Corporation, 8.00.50727.762]
[C] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[C] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C] [Microsoft Corporation, 5.1.2600.2658 (xpsp.050419-1524)]
[C] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[C] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[C] [Alexander Roshal, 3.80]
[C] [ALWIL Software, 4, 8, 1335, 0]
[C] [N/A,]
[C] [Sony DADC Austria AG., 1,1,225,0]
[C] [Gadu-Gadu S.A., 7,6,0,1578]
[C] [Adobe Systems Incorporated, 6.0.1.2003110300]
[C] [NVIDIA Corporation, 6.14.11.7824]
[C] [NVIDIA Corporation, 6.14.11.7824]
[C] [NVIDIA Corporation, 6.14.11.7824]
[C] [,]
[C] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[PID][C] [(Verified) Microsoft Corporation, 5.1.2600.2696 (xpsp.050610-1527)]
[C] [Microsoft Corporation, 5.1.2600.3099 (xpsp_sp2_qfe.070308-0217)]
[C] [Microsoft Corporation, 6.00.2900.3121 (xpsp_sp2_qfe.070418-1302)]
[C] [Microsoft Corporation, 6.00.2900.2845 (xpsp.060210-1526)]
[C] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C] [Hewlett Packard, 5.01.00.011]
[C] [Hewlett Packard, 2.01.00.001]
[C] [Microsoft Corporation, 5.01.00.011]
[C] [Hewlett Packard, 5.01.00.011]
[C] [HP, 2.335.5.0]
[C] [Microsoft Corporation, 8.00.50727.762]
[C] [Microsoft Corporation, 6.0.5824.16384 (winmain(wmbla).060911-0725)]
[C] [Apple Inc., 1,0,5,11]
[PID][C] [Apple Inc., 2.12.33.0]
[C] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C] [Microsoft Corporation, 5.1.2600.3099 (xpsp_sp2_qfe.070308-0217)]
[PID][C] [Apple Inc., 1,0,5,11]
[C] [Microsoft Corporation, 5.1.2600.3099 (xpsp_sp2_qfe.070308-0217)]
[C] [Microsoft Corporation, 6.00.2900.3121 (xpsp_sp2_qfe.070418-1302)]
[C] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID][C] [Sun Microsystems, Inc., 6.0.110.3]
[C] [Microsoft Corporation, 5.1.2600.3099 (xpsp_sp2_qfe.070308-0217)]
[C] [Microsoft Corporation, 7.10.3052.4]
[C] [Microsoft Corporation, 6.00.2900.3121 (xpsp_sp2_qfe.070418-1302)]
[C] [Microsoft Corporation, 1.1.4322.573]
[C] [Microsoft Corporation, 2.0.50727.42 (RTM.050727-4200)]
[C] [Microsoft Corporation, 2.0.50727.42 (RTM.050727-4200)]
[C] [Microsoft Corporation, 8.00.50727.762]
[C] [Microsoft Corporation, 2.0.50727.42 (RTM.050727-4200)]
[C] [Microsoft Corporation, 2.0.50727.42 (RTM.050727-4200)]
[C] [Microsoft Corporation, 2.0.50727.42 (RTM.050727-4200)]
[C] [Microsoft Corporation, 1.1.4322.2032]
[C] [Microsoft Corporation, 6.00.2900.2845 (xpsp.060210-1526)]
[C] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID][C] [NVIDIA Corporation, 6.14.11.7824]
[C] [Microsoft Corporation, 5.1.2600.3099 (xpsp_sp2_qfe.070308-0217)]
[C] [Microsoft Corporation, 6.00.2900.3121 (xpsp_sp2_qfe.070418-1302)]
[C] [NVIDIA Corporation, 6.14.11.7824]
[C] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C] [Microsoft Corporation, 6.00.2900.2845 (xpsp.060210-1526)]
[PID][C] [HP, 9, 0, 0, 0]
[C] [Microsoft Corporation, 5.1.2600.3099 (xpsp_sp2_qfe.070308-0217)]
[C] [Microsoft Corporation, 6.00.2900.2845 (xpsp.060210-1526)]
[PID][C] [Rocket Division Software, 3.2.3 Build 20070527]
[C] [Microsoft Corporation, 5.1.2600.3099 (xpsp_sp2_qfe.070308-0217)]
[C] [Microsoft Corporation, 6.00.2900.2845 (xpsp.060210-1526)]
[C] [Apple Inc., 1,0,5,11]
[C] [Microsoft Corporation, 6.00.2900.3121 (xpsp_sp2_qfe.070418-1302)]
[PID][C] [(Verified) Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C] [Microsoft Corporation, 5.1.2600.3099 (xpsp_sp2_qfe.070308-0217)]
[C] [Microsoft Corporation, 6.00.2900.3121 (xpsp_sp2_qfe.070418-1302)]
[C] [Microsoft Corporation, 6.00.2900.2845 (xpsp.060210-1526)]
[C] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID][C] [ALWIL Software, 4, 8, 1335, 0]
[C] [ALWIL Software, 4, 8, 1335, 0]
[C] [Microsoft Corporation, 5.1.2600.3099 (xpsp_sp2_qfe.070308-0217)]
[C] [Microsoft Corporation, 7.10.3077.0]
[C] [Microsoft Corporation, 7.10.3052.4]
[C] [ALWIL Software, 4, 8, 1335, 0]
[C] [ALWIL Software, 4, 8, 1335, 0]
[C] [ALWIL Software, 4, 8, 1335, 0]
[C] [ALWIL Software, 4, 8, 1335, 0]
[C] [ALWIL Software, 4, 8, 1335, 0]
[C] [ALWIL Software, 4, 8, 1335, 0]
[C] [ALWIL Software, 4, 8, 1335, 0]
[C] [ALWIL Software, 4, 8, 1335, 0]
[C] [ALWIL Software, 4, 8, 1335, 0]
[C] [ALWIL Software, 4, 8, 1335, 0]
[C] [ALWIL Software, 4, 8, 1335, 0]
[C] [Apple Inc., 1,0,5,11]
[C] [ALWIL Software, 4, 8, 1335, 0]
[C] [Microsoft Corporation, 7.10.3077.0]
[C] [Microsoft Corporation, 6.00.2900.3121 (xpsp_sp2_qfe.070418-1302)]
[C] [ALWIL Software, 4, 8, 1335, 0]
[C] [Microsoft Corporation, 6.00.2900.2845 (xpsp.060210-1526)]
[PID][C] [ALWIL Software, 4, 8, 1335, 0]
[C] [ALWIL Software, 4, 8, 1335, 0]
[C] [Microsoft Corporation, 5.1.2600.3099 (xpsp_sp2_qfe.070308-0217)]
[C] [Microsoft Corporation, 7.10.3077.0]
[C] [Microsoft Corporation, 7.10.3052.4]
[C] [ALWIL Software, 4, 8, 1335, 0]
[C] [ALWIL Software, 4, 8, 1335, 0]
[C] [ALWIL Software, 4, 8, 1335, 0]
[C] [ALWIL Software, 4, 8, 1335, 0]
[C] [ALWIL Software, 4, 8, 1335, 0]
[C] [ALWIL Software, 4, 8, 1335, 0]
[C] [ALWIL Software, 4, 8, 1335, 0]
[C] [ALWIL Software, 4, 8, 1335, 0]
[C] [ALWIL Software, 4, 8, 1335, 0]
[C] [ALWIL Software, 4, 8, 1335, 0]
[C] [ALWIL Software, 4, 8, 1335, 0]
[C] [ALWIL Software, 4, 8, 1335, 0]
[PID][C] [(Verified) Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C] [Microsoft Corporation, 5.1.2600.3099 (xpsp_sp2_qfe.070308-0217)]
[C] [Microsoft Corporation, 6.00.2900.3121 (xpsp_sp2_qfe.070418-1302)]
[C] [Microsoft Corporation, 6.00.2900.2845 (xpsp.060210-1526)]
[PID][C] [(Verified) Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C] [Microsoft Corporation, 5.1.2600.3099 (xpsp_sp2_qfe.070308-0217)]
[C] [Microsoft Corporation, 6.00.2900.3121 (xpsp_sp2_qfe.070418-1302)]
[C] [Microsoft Corporation, 6.00.2900.2845 (xpsp.060210-1526)]
[C] [Gadu-Gadu S.A., 7,6,0,1578]
[PID][C] [Gadu-Gadu S.A., 7,7,0,3746]
[C] [Microsoft Corporation, 6.00.2900.3121 (xpsp_sp2_qfe.070418-1302)]
[C] [Microsoft Corporation, 5.1.2600.3099 (xpsp_sp2_qfe.070308-0217)]
[C] [sms-express.com, 1, 0, 0, 0]
[C] [The OpenSSL Project, http://www.openssl.org/, 0.9.8e]
[C] [Microsoft Corporation, 7.10.6030.0]
[C] [The OpenSSL Project, http://www.openssl.org/, 0.9.8e]
[C] [Gadu-Gadu S.A., 7,6,0,1578]
[C] [Microsoft Corporation, 6.2.0013.1 (DbgBuild.030619-2209)]
[C] [N/A,]
[C] [The OpenSSL Project, http://www.openssl.org/, 0.9.8e]
[C] [Microsoft Corporation, 6.00.2900.2845 (xpsp.060210-1526)]
[C] [Gadu-Gadu S.A., 7,7,0,2976]
[C] [n0ne, 1, 0, 0, 2]
[C] [Gadu-Gadu S.A., 7,6,0,3433]
[C] [N/A,]
[C] [N/A,]
[C] [Apple Inc., 1,0,5,11]
[C] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C] [Adobe Systems, Inc., 9,0,124,0]
[PID][C] [(Verified) Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C] [Microsoft Corporation, 5.1.2600.3099 (xpsp_sp2_qfe.070308-0217)]
[C] [Microsoft Corporation, 6.00.2900.3121 (xpsp_sp2_qfe.070418-1302)]
[C] [Microsoft Corporation, 6.00.2900.2845 (xpsp.060210-1526)]
[PID][C] [(Verified) Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C] [Microsoft Corporation, 5.1.2600.3099 (xpsp_sp2_qfe.070308-0217)]
[C] [Microsoft Corporation, 6.00.2900.3121 (xpsp_sp2_qfe.070418-1302)]
[C] [Microsoft Corporation, 6.00.2900.2845 (xpsp.060210-1526)]
[C] [Gadu-Gadu S.A., 7,6,0,1578]
[PID][C] [Mozilla Corporation, 1.8.1.20: 2008121709]
[C] [Netscape Communications Corporation, 4.0]
[C] [Netscape Communications Corporation, 4.6.8]
[C] [Microsoft Corporation, 5.1.2600.3099 (xpsp_sp2_qfe.070308-0217)]
[C] [Mozilla Foundation, 1.8.1.20: 2008121709]
[C] [Netscape Communications Corporation, 4.6.8]
[C] [Netscape Communications Corporation, 4.6.8]
[C] [Microsoft Corporation, 6.00.2900.3121 (xpsp_sp2_qfe.070418-1302)]
[C] [Mozilla Foundation, 3.11.9.0 Basic ECC]
[C] [Mozilla Foundation, 3.11.9.0 Basic ECC]
[C] [Mozilla Foundation, 3.11.4 Basic ECC]
[C] [Mozilla Foundation, 3.11.9.0 Basic ECC]
[C] [Mozilla Foundation, 1.8.1.20: 2008121709]
[C] [Microsoft Corporation, 6.00.2900.2845 (xpsp.060210-1526)]
[C] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C] [Mozilla Foundation, 1.8.1.20: 2008121709]
[C] [N/A,]
[C] [Mozilla Foundation, 1.8.1.20: 2008121709]
[C] [Mozilla Foundation, 1.8.1.20: 2008121709]
[C] [Apple Inc., 1,0,5,11]
[C] [Gadu-Gadu S.A., 7,6,0,1578]
[C] [Softomate, 1, 0, 0, 10]
[C] [Skype Technologies, 1, 0, 1, 184]
[C] [Microsoft Corporation, 8.00.50727.762]
[C] [Microsoft Corporation, 8.00.50727.762]
[C] [Mozilla Foundation, 1.8.1.20: 2008121709]
[C] [, 1,0,7,0088]
[C] [Vendio Services, Inc., 1, 2, 0, 9]
[C] [Vendio Services, Inc., 1, 2, 0, 8]
[C] [Mozilla Foundation, 3.11.4 Basic ECC]
[C] [Mozilla Foundation, 1.65]
[C] [,]
[PID][C] [Smallfrogs Studio, 2.7.0.1210]
[C] [Microsoft Corporation, 5.1.2600.3099 (xpsp_sp2_qfe.070308-0217)]
[PID][C] [Smallfrogs Studio, 2.7.0.1210]
[C] [Microsoft Corporation, 5.1.2600.3099 (xpsp_sp2_qfe.070308-0217)]
[C] [Microsoft Corporation, 6.00.2900.3121 (xpsp_sp2_qfe.070418-1302)]
[C] [Microsoft Corporation, 6.00.2900.2845 (xpsp.060210-1526)]
[C] [Gadu-Gadu S.A., 7,6,0,1578]
[C] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C] [Smallfrogs Studio, 2, 1, 0, 15]
[C] [Apple Inc., 1,0,5,11]
[C] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
==================================
File Associations
.TXT OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE OK. ["%1" %*]
.COM OK. ["%1" %*]
.PIF OK. ["%1" %*]
.REG OK. [regedit.exe "%1"]
.BAT OK. ["%1" %*]
.SCR OK. ["%1" /S]
.CHM OK. ["C:\WINDOWS\hh.exe" %1]
.HLP OK. [%SystemRoot%\System32\winhlp32.exe %1]
.INI OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.INF OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.VBS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK OK. [{00021401-0000-0000-C000-000000000046}]
==================================
Winsock Provider
N/A
==================================
Autorun.Inf
N/A
==================================
HOSTS File
127.0.0.1 localhost
==================================
Process Privileges Scan
Special Privileges Enabled: SeLoadDriverPrivilege [PID = 1804, C:\WINDOWS\EXPLORER.EXE]
Special Privileges Enabled: SeLoadDriverPrivilege [PID = 2912, C:\DOCUMENTS AND SETTINGS\MASTERADMIN\PULPIT\NOWY FOLDER\SRENGLDR.EXE]
==================================
Scheduled Tasks
[Enabled] User_Feed_Synchronization-{83AF7F50-30B4-421F-B802-B6B18F7D9395}.job
C:\WINDOWS\system32\msfeedssync.exe
[Enabled] AppleSoftwareUpdate.job
C:\Program Files\Apple Software Update\SoftwareUpdate.exe
==================================
API HOOK
N/A
==================================
Hidden Process
N/A
==================================uruchom System Repair Engineer zakładka System Repair >> Browser Add-ons >> odszukaj i usuń
Pobierz Combofix http://www.searchengines.pl/index.php?s … ntry395642 ale nie włączaj.
Podczas pobierania i skanu Combofixem proszę wyłączyć wszelkie zapory i antywirusy
Otwórz notatnik i wklej
zapisz jako CFScript.txt (zapisz by ikonka CFScript.txt była obok ikonki ComboFix.exe) >> Przeciągnij i upuść ikonkę CFScript.txt na ikonkę ComboFix.exe
Powinno rozpocząć się usuwanie
Potem log z usuwania Combofix
niestety jak przeciagam plik do ComboFixa wlacza sie notatnik i nic sie nie dzieje…
Sprobowalem uruchomic samego Combofixa aby wywalil mi jakies smiecie (pliki .exe uruchamiam metoda “uruchom jako” - tylko w ten sposob moge je wlaczyc)
ponizej wklejam loga z programu moze cos na nim zobaczycie:
– Dodane 17.06.2009 (Śr) 22:27 –
ComboFix 09-06-16.05 - MasterAdmin 2009-06-17 22:16.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1250.48.1045.18.511.226 [GMT 2:00]
Uruchomiony z: c:\documents and settings\MasterAdmin\Pulpit\ComboFix.exe
.
((((((((((((((((((((((((((((((((((((((( Usunięto )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\system32\drivers\b716d26c.sys
c:\windows\system32\hattric
c:\documents and settings\MasterAdmin\Dane aplikacji\wiaserva.log
c:\windows\system32\IcyTowerv10.exe
.
((((((((((((((((((((((((((((((((((((((( Sterowniki/Usługi )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Service_b716d26c
((((((((((((((((((((((((( Pliki utworzone od 2009-05-17 do 2009-06-17 )))))))))))))))))))))))))))))))
.
2009-06-16 11:37 . 2009-06-16 11:38 -------- d-----w- c:\windows\system32\Adobe
2009-06-16 11:37 . 2009-06-16 11:38 681 ----a-w- c:\windows\mozver.dat
2009-06-14 19:57 . 2009-06-14 19:57 225 ----a-w- c:\documents and settings\MasterAdmin\plik.reg
2009-06-14 18:56 . 2009-06-14 18:56 225 ----a-w- c:\documents and settings\MasterAdmin.reg
2009-06-13 14:49 . 2009-06-13 14:49 -------- d-----w- c:\program files\Trend Micro
2009-06-06 06:46 . 2009-02-05 20:06 51376 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2009-06-06 06:46 . 2009-02-05 20:06 23152 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2009-06-06 06:46 . 2009-02-05 20:05 26944 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2009-06-06 06:46 . 2009-02-05 20:04 97480 ----a-w- c:\windows\system32\AvastSS.scr
2009-06-06 06:46 . 2009-02-05 20:08 93296 ----a-w- c:\windows\system32\drivers\aswmon.sys
2009-06-06 06:46 . 2009-02-05 20:08 94032 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2009-06-06 06:46 . 2009-02-05 20:07 114768 ----a-w- c:\windows\system32\drivers\aswSP.sys
2009-06-06 06:46 . 2009-02-05 20:07 20560 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2009-06-06 06:46 . 2009-02-05 20:11 1256296 ----a-w- c:\windows\system32\aswBoot.exe
2009-05-29 16:12 . 2004-08-03 22:44 21504 ----a-w- c:\windows\system32\hidserv.dll
2009-05-29 16:12 . 2004-08-03 22:44 21504 ----a-w- c:\windows\system32\dllcache\hidserv.dll
2009-05-27 08:21 . 2009-05-27 08:21 -------- d-----w- c:\program files\Password Spyer 2k
2009-05-27 08:20 . 2009-05-27 08:20 -------- d-----w- c:\program files\Password Solutions
2009-05-27 08:20 . 2009-05-27 08:20 -------- d-----w- c:\documents and settings\MasterAdmin\Dane aplikacji\Password Solutions
2009-05-26 20:36 . 2009-05-26 20:38 -------- d-----w- c:\documents and settings\MasterAdmin\Dane aplikacji\Passware
2009-05-26 20:36 . 2009-05-26 20:36 367686 ----a-r- c:\documents and settings\MasterAdmin\Dane aplikacji\Microsoft\Installer{F6E30EBA-2DFE-4793-BF0F-DB02F18B061F}\icon.exe
2009-05-26 20:24 . 2009-05-26 20:24 356352 ----a-w- c:\windows\eSellerateEngine.dll
2009-05-26 20:23 . 2009-05-26 20:28 -------- d-----w- c:\program files\Password Discovery
2009-05-26 20:18 . 2009-05-26 20:18 6518 ----a-r- c:\documents and settings\MasterAdmin\Dane aplikacji\Microsoft\Installer{0BB3FF9C-325E-40B8-A365-6337283F15BA}_5cb298.exe
2009-05-26 20:18 . 2009-05-26 20:18 6518 ----a-r- c:\documents and settings\MasterAdmin\Dane aplikacji\Microsoft\Installer{0BB3FF9C-325E-40B8-A365-6337283F15BA}_4d97265.exe
2009-05-26 20:18 . 2009-05-26 20:18 6518 ----a-r- c:\documents and settings\MasterAdmin\Dane aplikacji\Microsoft\Installer{0BB3FF9C-325E-40B8-A365-6337283F15BA}_28cc39ed.exe
2009-05-26 20:18 . 2009-05-26 20:18 -------- d-----w- c:\program files\XaviWare Password Recovery .MDB
2009-05-26 19:56 . 2009-05-26 20:36 -------- d-----w- c:\program files\Passware
2009-05-26 19:49 . 2009-05-26 20:05 -------- d-----w- c:\program files\SnadBoy’s Revelation v2
2009-05-26 14:42 . 2006-09-04 17:16 1970176 ----a-w- c:\windows\system32\d3dx9.dll
2009-05-26 14:42 . 2006-09-04 17:16 679936 ----a-w- c:\windows\system32\D3DX81ab.dll
2009-05-22 14:23 . 2009-05-22 14:23 -------- d-----w- C:\csdos
.
(((((((((((((((((((((((((((((((((((((((( Sekcja Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-15 17:43 . 2009-03-13 16:31 2226832 ----a-w- c:\documents and settings\LocalService\Ustawienia lokalne\Dane aplikacji\FontCache3.0.0.0.dat
2009-05-23 19:01 . 2009-01-08 13:47 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\Microsoft Help
2009-05-22 15:08 . 2009-03-13 12:54 -------- d-----w- c:\program files\free-downloads.net
2009-05-21 20:40 . 2008-11-28 13:55 -------- d-----w- c:\documents and settings\MasterAdmin\Dane aplikacji\Skype
2009-05-21 19:40 . 2008-11-28 13:56 -------- d-----w- c:\documents and settings\MasterAdmin\Dane aplikacji\skypePM
2009-05-16 19:37 . 2009-01-31 16:29 -------- d—a-w- c:\documents and settings\All Users\Dane aplikacji\TEMP
2009-05-08 15:32 . 2009-05-08 15:29 -------- d-----w- c:\program files\NeoSmart Technologies
2009-05-08 11:14 . 2009-05-08 11:14 121882 ----a-w- c:\windows\Help\ECC.EXE
2009-05-06 17:19 . 2009-05-06 17:19 -------- d-----w- c:\program files\Robster Productions
2009-04-28 16:57 . 2009-04-27 16:34 -------- d-----w- c:\documents and settings\SpOLeM\Dane aplikacji\Nowe Gadu-Gadu
2009-04-28 12:28 . 2009-04-28 12:28 -------- d-----w- c:\documents and settings\SpOLeM\Dane aplikacji\Apple Computer
2009-04-27 16:27 . 2009-04-27 16:27 -------- d-----w- c:\documents and settings\SpOLeM\Dane aplikacji\Search Settings
2009-04-27 15:46 . 2009-04-27 15:46 74712 ----a-w- c:\documents and settings\SpOLeM\Ustawienia lokalne\Dane aplikacji\GDIPFONTCACHEV1.DAT
2009-04-27 15:46 . 2009-04-27 15:46 131 ----a-w- c:\documents and settings\SpOLeM\Ustawienia lokalne\Dane aplikacji\fusioncache.dat
2009-04-12 14:24 . 2001-10-26 20:15 86834 ----a-w- c:\windows\system32\perfc015.dat
2009-04-12 14:24 . 2001-10-26 20:15 495270 ----a-w- c:\windows\system32\perfh015.dat
2009-04-05 19:32 . 2009-04-05 19:32 691712 ----a-w- c:\windows\isRS-000.tmp
2009-03-22 16:38 . 2009-03-22 16:38 107888 ----a-w- c:\windows\system32\CmdLineExt.dll
2008-12-19 19:52 . 2008-11-28 11:52 67688 ----a-w- c:\program files\mozilla firefox\components\jar50.dll
2008-12-19 19:52 . 2008-11-28 11:52 54368 ----a-w- c:\program files\mozilla firefox\components\jsd3250.dll
2008-12-19 19:52 . 2008-11-28 11:52 34944 ----a-w- c:\program files\mozilla firefox\components\myspell.dll
2008-12-19 19:52 . 2008-11-28 11:52 46712 ----a-w- c:\program files\mozilla firefox\components\spellchk.dll
2008-12-19 19:52 . 2008-11-28 11:52 172136 ----a-w- c:\program files\mozilla firefox\components\xpinstal.dll
.
------- Sigcheck -------
[-] 2008-04-14 17:20 580096 A435C5C069AFD901751AC323AD238793 c:\windows\SoftwareDistribution\Download\bb44941ebc6c98c13a74d1f65de46494\user32.dll
[-] 2007-07-10 13:06 642560 CE594E18FE0D0AF804F1F3694921CE62 c:\windows\system32\user32.dll
[-] 2009-01-27 19:55 642560 CE594E18FE0D0AF804F1F3694921CE62 c:\windows\system32\dllcache\user32.dll
[-] 2007-10-17 19:30 974848 16DF8A100E8966E48BA00C86F6C89972 c:\windows\explorer.exe
[-] 2008-04-14 17:21 1035264 C791ED9EAC5E76D9525E157B1D7A599A c:\windows\SoftwareDistribution\Download\bb44941ebc6c98c13a74d1f65de46494\explorer.exe
[-] 2008-04-14 17:20 1571840 A9ED600F08A92143253C10EDB5651ECF c:\windows\SoftwareDistribution\Download\bb44941ebc6c98c13a74d1f65de46494\sfcfiles.dll
[-] 2007-10-09 00:09 1548288 89878732D5EB0C845AD2356081142F2A c:\windows\system32\sfcfiles.dll
.
((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane
REGEDIT4
[HKEY_LOCAL_MACHINE~\Browser Helper Objects{038cb5c7-48ea-4af9-94e0-a1646542e62b}]
2009-05-26 20:31 2094616 ----a-w- c:\program files\ToggleEN\tbTog1.dll
[HKEY_LOCAL_MACHINE~\Browser Helper Objects{ecdee021-0d17-467f-a1ff-c7a115230949}]
2009-05-22 15:09 2094616 ----a-w- c:\program files\free-downloads.net\tbfre0.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
“ctfmon.exe”=“c:\windows\system32\ctfmon.exe” [2004-08-04 15360]
“Gadu-Gadu”=“c:\program files\Gadu-Gadu\gg.exe” [2008-03-20 2127296]
“BitComet”=“c:\program files\BitComet\BitComet.exe” [2008-11-12 2511672]
“DAEMON Tools Lite”=“c:\program files\DAEMON Tools Lite\daemon.exe” [2008-12-29 687560]
“Skype”=“c:\program files\Skype\Phone\Skype.exe” [2008-11-18 21633320]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
“NvMediaCenter”=“c:\windows\system32\NvMcTray.dll” [2008-10-07 86016]
“SunJavaUpdateSched”=“c:\program files\Java\jre6\bin\jusched.exe” [2008-12-30 136600]
“NvCplDaemon”=“c:\windows\system32\NvCpl.dll” [2008-10-07 13574144]
“Monitor”=“c:\windows\PixArt\PAC207\Monitor.exe” [2006-11-03 319488]
“HP Software Update”=“c:\program files\HP\HP Software Update\HPWuSchd2.exe” [2005-05-11 49152]
“NeroFilterCheck”=“c:\windows\system32\NeroCheck.exe” [2001-07-09 155648]
“QuickTime Task”=“c:\program files\QuickTime\QTTask.exe” [2009-01-05 413696]
“SearchSettings”=“c:\program files\Search Settings\SearchSettings.exe” [2008-06-12 991584]
“PowerS”=“c:\windows\PowerS.exe” [2001-08-03 159800]
“GrooveMonitor”=“c:\program files\Microsoft Office\Office12\GrooveMonitor.exe” [2006-10-26 31016]
“avast!”=“c:\progra~1\ALWILS~1\Avast4\ashDisp.exe” [2009-02-05 81000]
“iTunesHelper”=“c:\program files\iTunes\iTunesHelper.exe” [2009-01-06 290088]
“SoundMan”=“SOUNDMAN.EXE” - c:\windows\SOUNDMAN.EXE [2007-10-17 577536]
“nwiz”=“nwiz.exe” - c:\windows\system32\nwiz.exe [2006-11-17 1622016]
[HKEY_USERS.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
“CTFMON.EXE”=“c:\windows\system32\CTFMON.EXE” [2004-08-04 15360]
[HKEY_USERS.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
“nltide_2”=“shell32” [X]
“nltide_3”=“advpack.dll” - c:\windows\system32\advpack.dll [2008-12-20 124928]
c:\documents and settings\MasterAdmin\Menu Start\Programy\Autostart\
Tworzenie wycink˘w ekranu i uruchamianie programu OneNote 2007.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 98632]
UniSpiker-2.6.lnk - c:\program files\ivo\UniSpiker-2.6\uni_spiker-2.6.exe [2006-3-6 86018]
c:\documents and settings\All Users\Menu Start\Programy\Autostart\
BlueSoleil.lnk - c:\program files\IVT Corporation\BlueSoleil\BlueSoleil.exe [2007-5-17 661776]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2005-5-12 282624]
HP Image Zone - szybkie uruchamianie.lnk - c:\program files\HP\Digital Imaging\bin\hpqthb08.exe [2005-5-12 73728]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
“DisableStatusMessages”= 1 (0x1)
[HKEY_USERS.default\software\microsoft\windows\currentversion\policies\explorer]
“NoSMMyPictures”= 1 (0x1)
“NoSMConfigurePrograms”= 1 (0x1)
“NoSMHelp”= 1 (0x1)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]
@=""
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]
@=""
[HKLM~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
“%windir%\Network Diagnostic\xpnetdiag.exe”=
“%windir%\system32\sessmgr.exe”=
“c:\Program Files\BitComet\BitComet.exe”=
“c:\Program Files\Gadu-Gadu\gg.exe”=
“d:\Gry misada\metin2.bin”=
“d:\Gry misada\Game\TC2.exe”=
“c:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe”=
“c:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE”=
“c:\Program Files\Microsoft Office\Office12\GROOVE.EXE”=
“c:\Program Files\Microsoft Office\Office12\ONENOTE.EXE”=
“d:\Counter-Strike\hl.exe”=
“c:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe”=
“c:\Program Files\HP\Digital Imaging\bin\hpqste08.exe”=
“c:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe”=
“c:\Program Files\HP\Digital Imaging\bin\hposfx08.exe”=
“c:\Program Files\HP\Digital Imaging\bin\hposid01.exe”=
“c:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe”=
“c:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe”=
“c:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe”=
“c:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe”=
“c:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe”=
“c:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe”=
“c:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe”=
“c:\Program Files\HP\Digital Imaging\bin\hpoews01.exe”=
“c:\Program Files\Motorola\Software Update\msu.exe”=
“c:\Program Files\Bonjour\mDNSResponder.exe”=
“c:\Program Files\iTunes\iTunes.exe”=
“c:\Program Files\Nowe Gadu-Gadu\gg.exe”=
“e:\Program Files\Rockstar Games\Grand Theft Auto IV\LaunchGTAIV.exe”=
“c:\Program Files\Skype\Phone\Skype.exe”=
“c:\Program Files\Password Solutions\Office Password Recovery PRO\OfficePasswordRecoveryPRO.exe”=
[HKLM~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
“11605:TCP”= 11605:TCP:BitComet 11605 TCP
“11605:UDP”= 11605:UDP:BitComet 11605 UDP
“8461:TCP”= 8461:TCP:GoD High Port
“8462:TCP”= 8462:TCP:GoD Low Port
R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2009-04-05 130424]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2009-06-06 114768]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2009-06-06 20560]
R2 BT848;BtCap, WDM Video Capture;c:\windows\system32\drivers\BT848.SYS [2008-12-02 291768]
R2 BTTUNER;BtTuner, WDM TV Tuner;c:\windows\system32\drivers\BTTUNER.SYS [2008-12-02 21288]
R2 BTXBAR;BtXBar, WDM Crossbar;c:\windows\system32\drivers\BTXBAR.SYS [2008-12-02 12568]
S3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\DRIVERS\motccgp.sys --> c:\windows\system32\DRIVERS\motccgp.sys [?]
S3 motccgpfl;MotCcgpFlService;c:\windows\system32\DRIVERS\motccgpfl.sys --> c:\windows\system32\DRIVERS\motccgpfl.sys [?]
S3 MotDev;Motorola Inc. USB Device;c:\windows\system32\DRIVERS\motodrv.sys --> c:\windows\system32\DRIVERS\motodrv.sys [?]
S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [2009-04-05 348752]
.
Zawartość folderu ‘Zaplanowane zadania’
2009-06-13 c:\windows\Tasks\AppleSoftwareUpdate.job
2009-06-17 c:\windows\Tasks\User_Feed_Synchronization-{83AF7F50-30B4-421F-B802-B6B18F7D9395}.job
.
HKCU-Run-Hattric - c:\windows\system32\hattric\smss.exe
HKCU-Run-1qaw3edr5 - c:\windows\system32\IcyTowerv10.exe
HKCU-Run-Steam - e:\nowy folder\Steam.exe
HKCU-Run-swg - c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
HKLM-Run-1qaw3edr5 - c:\windows\system32\IcyTowerv10.exe
HKLM-Explorer_Run-1qaw3edr5 - c:\windows\system32\IcyTowerv10.exe
.
------- Skan uzupełniający -------
.
mStart Page = hxxp://www.msn.com
uInternet Connection Wizard,ShellNext = hxxp://gg.hit.gemius.pl/hitredir/id=ogW … 04GGBANNER
IE: E&ksportuj do programu Microsoft Excel - c:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000
IE: pobierz wszystkie video za pomocą bitcomet - c:\program files\BitComet\BitComet.exe/AddVideo.htm
IE: pobierz wszystko za pomocą bitcomet - c:\program files\BitComet\BitComet.exe/AddAllLink.htm
IE: pobierz za pomocą bitcomet - c:\program files\BitComet\BitComet.exe/AddLink.htm
Trusted Zone: mks.com.pl
DPF: {68282C51-9459-467B-95BF-3C0E89627E55} - hxxp://www.mks.com.pl/skaner/SkanerOnline.cab
FF - ProfilePath -
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-06-17 22:23
Windows 5.1.2600 Dodatek Service Pack 2 NTFS
skanowanie ukrytych procesów …
skanowanie ukrytych wpisów autostartu …
skanowanie ukrytych plików …
skanowanie pomyślnie ukończone
ukryte pliki: 0
**************************************************************************
.
--------------------- Pliki DLL ładowane pod uruchomionymi procesami ---------------------
c:\windows\system32\cscui.dll
c:\windows\system32\SHDOCVW.dll
c:\windows\system32\ntshrui.dll
c:\windows\system32\SETUPAPI.dll
c:\windows\system32\NETSHELL.dll
c:\windows\system32\credui.dll
c:\windows\system32\stobject.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Pozostałe uruchomione procesy ------------------------
.
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\program files\Alwil Software\Avast4\ashServ.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\HPZipm12.exe
c:\program files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
c:\program files\Alwil Software\Avast4\ashMaiSv.exe
c:\program files\Alwil Software\Avast4\ashWebSv.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\windows\system32\notepad.exe
c:\windows\system32\notepad.exe
c:\windows\system32\notepad.exe
c:\windows\system32\notepad.exe
c:\windows\system32\notepad.exe
c:\windows\system32\notepad.exe
c:\windows\system32\notepad.exe
c:\windows\system32\notepad.exe
c:\windows\system32\notepad.exe
c:\windows\system32\notepad.exe
c:\windows\system32\notepad.exe
c:\windows\system32\notepad.exe
c:\windows\system32\notepad.exe
c:\windows\system32\notepad.exe
c:\windows\system32\notepad.exe
c:\windows\system32\notepad.exe
c:\windows\system32\notepad.exe
c:\windows\system32\notepad.exe
c:\windows\system32\notepad.exe
c:\windows\system32\notepad.exe
.
**************************************************************************
.
Czas ukończenia: 2009-06-17 22:25 - komputer został uruchomiony ponownie
ComboFix-quarantined-files.txt 2009-06-17 20:25
Przed: 2 686 459 904 bajtów wolnych
Po: 2 800 070 656 bajtów wolnych
276 — E O F — 2009-04-12 14:28
trochę zostało usunięte
Otwórz notatnik i wklej
zapisz jako CFScript.txt (zapisz by ikonka CFScript.txt była obok ikonki ComboFix.exe) >> Przeciągnij i upuść ikonkę CFScript.txt na ikonkę ComboFix.exe
Powinno rozpocząć się usuwanie
Potem log z usuwania Combofix
Zrobiłem to co powiedziałeś ale jak przeciągne “CFScript.txt na ikonkę ComboFix.exe” To otwiera sie notatnik i Hińskie znaki i nic sie nie dzieje