Wszystkie aplikacje otwieraja się w notatniku

SpOLeM · 22 Czerwiec 2009 11:00

To nie dziala gdy wpisuje to “msconfig” to wyskakuje “System Windows nie może odnaleźć pliku “msconfig” . Upewnij sie, że wpisana nazwa jest poprawna i spróbuj ponownie .Aby wyszukac plik. kliknij przycisk Start, a nastepnie kliknij polecenie Wyszukaj.”

To nic nie daje Prosze o pomoc lub zle pan napisal komende.

Leon1 · 22 Czerwiec 2009 16:50

opuść to i rób dalsze zalecenia

wyłączysz to Ccleanerem CC >> narzędzia >> autostart

Piotr_P · 22 Czerwiec 2009 17:03

Wykonaj to z systemie lub uruchom w tybie awaryjnym

Wklej do notatnika tresc zawartą pomiedzy liniami -----------------

[Version]

Signature="$Chicago$"

Provider=Symantec

[DefaultInstall]

AddReg=UnhookRegKey

[unhookRegKey]

HKLM, Software\CLASSES\batfile\shell\open\command,"""%1"" %*"

HKLM, Software\CLASSES\comfile\shell\open\command,"""%1"" %*"

HKLM, Software\CLASSES\exefile\shell\open\command,"""%1"" %*"

HKLM, Software\CLASSES\piffile\shell\open\command,"""%1"" %*"

HKLM, Software\CLASSES\regfile\shell\open\command,“regedit.exe “”%1"”"

HKLM, Software\CLASSES\scrfile\shell\open\command,"""%1"" %*"

HKCU,

Software\Microsoft\Windows\CurrentVersion\Policies\System,DisableRegistryTools,0x00000020,0

Zapisz jako plik.inf - teraz prawy przycisk myszki i kliknij Zainstaluj.

Teraz wejdź do rejestru i usun wszystko co jest przypisane do klucza:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts.lnk

SpOLeM · 22 Czerwiec 2009 20:34

“Piotr P.” Twoj planik nie wypalil zrobilem co napisales wcisnolem Zainstaluj i otwozyl sie notatnik i Hinskie znaki

– Dodane 23.06.2009 (Wt) 1:07 –

Komenda w Starrrrrt>> uruchom "Hinskie Znaki

Gdy to zrobilem “Moj komputerWlasciwosci” To HINSKIE znaki

Skorzystalem ze skanera " http://www.mks.com.pl/skaner/ " Nie udało mi sie skopiować raportu ale przeskanowało:127594plikow, a liczba zainfekowanych plikow :9 Zainfekowane pliki skasowałem.

– Dodane 23.06.2009 (Wt) 11:13 –

Tu wklejam proces skanowania z “SDFix”

SDFix: Version 1.240

Run by MasterAdmin on 2009-06-23 at 11:02

Microsoft Windows XP [Wersja 5.1.2600]

Running From: C:\SDFix

Checking Services :

Restoring Default Security Values

Restoring Default Hosts File

Rebooting

Checking Files :

No Trojan Files Found

Removing Temp Files

ADS Check :

Final Check :

catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-06-23 11:07:57

Windows 5.1.2600 Dodatek Service Pack 2 NTFS

scanning hidden processes …

scanning hidden services system hive …

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg]

“s1”=dword:2df9c43f

“s2”=dword:110480d0

“h0”=dword:00000002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04]

“h0”=dword:00000000

“ujdew”=hex:ea,27,82,8e,dd,49,75,10,3a,65,ef,11,12,c7,e7,18,eb,52,8e,34,43,…

“p0”=“C:\Program Files\Alcohol Soft\Alcohol 120”

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]

“p0”=“C:\Program Files\DAEMON Tools Lite”

“h0”=dword:00000001

“khjeh”=hex:8e,f4,9d,2e,ff,95,4c,1a,bf,d1,e7,0d,44,a7,b3,85,08,d9,a0,8a,d9,…

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]

“a0”=hex:20,01,00,00,e1,79,5d,77,ee,8d,e7,01,09,c9,8c,75,ff,93,03,0d,67,…

“khjeh”=hex:83,75,d6,9e,69,c4,6f,0e,d2,02,0e,88,3a,96,fc,36,f5,e5,b7,f2,bc,…

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]

“khjeh”=hex:64,60,fe,27,8d,9a,d4,7b,4e,56,0e,59,5a,4f,0b,d5,a0,82,a0,fd,63,…

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04]

“h0”=dword:00000000

“ujdew”=hex:ea,27,82,8e,dd,49,75,10,3a,65,ef,11,12,c7,e7,18,eb,52,8e,34,43,…

“p0”=“C:\Program Files\Alcohol Soft\Alcohol 120”

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]

“p0”=“C:\Program Files\DAEMON Tools Lite”

“h0”=dword:00000001

“khjeh”=hex:8e,f4,9d,2e,ff,95,4c,1a,bf,d1,e7,0d,44,a7,b3,85,08,d9,a0,8a,d9,…

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]

“a0”=hex:20,01,00,00,e1,79,5d,77,ee,8d,e7,01,09,c9,8c,75,ff,93,03,0d,67,…

“khjeh”=hex:83,75,d6,9e,69,c4,6f,0e,d2,02,0e,88,3a,96,fc,36,f5,e5,b7,f2,bc,…

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]

“khjeh”=hex:64,60,fe,27,8d,9a,d4,7b,4e,56,0e,59,5a,4f,0b,d5,a0,82,a0,fd,63,…

scanning hidden registry entries …

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Prefetcher]

“TracesProcessed”=dword:000000ad

“TracesSuccessful”=dword:00000002

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

“DeviceNotSelectedTimeout”=“15”

“GDIProcessHandleQuota”=dword:00002710

“Spooler”=“yes”

“swapdisk”=""

“TransmissionRetryTimeout”=“90”

“USERProcessHandleQuota”=dword:00002710

scanning hidden files …

scan completed successfully

hidden processes: 0

hidden services: 0

hidden files: 0

Remaining Services :

Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

“%windir%\Network Diagnostic\xpnetdiag.exe”="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

“%windir%\system32\sessmgr.exe”="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

“C:\Program Files\BitComet\BitComet.exe”=“C:\Program Files\BitComet\BitComet.exe:*:Enabled:BitComet - a BitTorrent Client”

“C:\Program Files\Gadu-Gadu\gg.exe”=“C:\Program Files\Gadu-Gadu\gg.exe:*:Enabled:Gadu-Gadu - program główny”

“D:\Gry misada\metin2.bin”=“D:\Gry misada\metin2.bin:*:Enabled:metin2”

“D:\Gry misada\Game\TC2.exe”=“D:\Gry misada\Game\TC2.exe:*:Enabled:TC2”

“C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe”=“C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe:*:Enabled:BlueSoleil”

“C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE”=“C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook”

“C:\Program Files\Microsoft Office\Office12\GROOVE.EXE”=“C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove”

“C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE”=“C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote”

“D:\Counter-Strike\hl.exe”=“D:\Counter-Strike\hl.exe:*:Enabled:Half-Life Launcher”

“C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe”=“C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe”

“C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe”=“C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe”

“C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe”=“C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe”

“C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe”=“C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe”

“C:\Program Files\HP\Digital Imaging\bin\hposid01.exe”=“C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe”

“C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe”=“C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe:*:Enabled:hpqscnvw.exe”

“C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe”=“C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe”

“C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe”=“C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe:*:Enabled:hpqcopy.exe”

“C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe”=“C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe:*:Enabled:hpfccopy.exe”

“C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe”=“C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe”

“C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe”=“C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe:*:Enabled:hpqphunl.exe”

“C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe”=“C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe:*:Enabled:hpqdia.exe”

“C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe”=“C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe”

“C:\Program Files\Motorola\Software Update\msu.exe”=“C:\Program Files\Motorola\Software Update\msu.exe:*:Enabled:msu”

“C:\Program Files\Bonjour\mDNSResponder.exe”=“C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour”

“C:\Program Files\iTunes\iTunes.exe”=“C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes”

“C:\Program Files\Nowe Gadu-Gadu\gg.exe”=“C:\Program Files\Nowe Gadu-Gadu\gg.exe:*:Enabled:Nowe Gadu-Gadu”

“E:\Program Files\Rockstar Games\Grand Theft Auto IV\LaunchGTAIV.exe”=“E:\Program Files\Rockstar Games\Grand Theft Auto IV\LaunchGTAIV.exe:*:Enabled:Grand Theft Auto IV”

“C:\Program Files\Skype\Phone\Skype.exe”=“C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype”

“C:\Program Files\Password Solutions\Office Password Recovery PRO\OfficePasswordRecoveryPRO.exe”=“C:\Program Files\Password Solutions\Office Password Recovery PRO\OfficePasswordRecoveryPRO.exe:*:Enabled:Office Password Recovery PRO”

“D:\Gry misada\System\SplinterCell3.exe”=“D:\Gry misada\System\SplinterCell3.exe:*:Enabled:SplinterCell3”

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

“%windir%\Network Diagnostic\xpnetdiag.exe”="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

“%windir%\system32\sessmgr.exe”="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

Remaining Files :

Files with Hidden Attributes :

Fri 19 Dec 2008 4,348 A.SH. — “C:\Documents and Settings\All Users\DRM\DRMv1.bak”

Mon 13 Nov 2006 319,456 A…H. — “C:\Program Files\Common Files\Motorola Shared\MotPCSDrivers\difxapi.dll”

Sun 22 Mar 2009 444 …HR — “C:\Documents and Settings\MasterAdmin\Dane aplikacji\SecuROM\UserData\securom_v7_01.bak”

Finished!

Leon1 · 23 Czerwiec 2009 13:33

start >> uruchom >> cmd

sc stop sdAuxService >> Enter

sc delete sdAuxService >> Enter

start >> uruchom >> regedit

rozwiń plusikami klucze usuń pogrubione

usuń plik

bo nie wiem czy to zrobiłeś

usuń folder

SpOLeM · 23 Czerwiec 2009 15:25

Nie dziala gdy wpisywalem w Start >> uruchom to wyskoczyl notatnik i Hinskie znaki

Tego nie mam ale cos mi sie przypomina ze to usunolem przedtem chyba ty mi kazales.

A ten ostatni usunolem.

patrx95 · 23 Czerwiec 2009 17:29

spróbuj jeszcze tak:

Panel Sterowania -> Opcje Folderów -> Typy plików -> rozszerzenie exe -> i ustawiasz akcję jako exefile

SpOLeM · 23 Czerwiec 2009 19:12

Dzieki dla was wszystkich za pomoc

Najbardziej dzięki dla " Leon$ "

Wkurzyłem sie na ten komputer i przeinstalowalem Windows i wszystko jest GIT 8) 8) 8)

Pozdro