windows security center log

[fari23]

Logfile of HijackThis v1.99.1
Scan saved at 15:41:10, on 2008-05-16
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:WINDOWSSystem32smss.exe
C:WINDOWSsystem32winlogon.exe
C:WINDOWSsystem32services.exe
C:WINDOWSsystem32lsass.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSSystem32svchost.exe
Crogram FilesAlwil SoftwareAvast4ashServ.exe
C:WINDOWSsystem32spoolsv.exe
C:WINDOWSsystem32svchost.exe
Crogram FilesAlwil SoftwareAvast4ashMaiSv.exe
Crogram FilesAlwil SoftwareAvast4ashWebSv.exe
C:WINDOWSExplorer.EXE
C:WINDOWSsystem32wmsdkns.exe
C:WINDOWSsystem32VTTimer.exe
C:WINDOWSsystem32VTtrayp.exe
C:WINDOWSsm56hlpr.exe
Crogram FilesThomson SpeedTouchST330diagnosticsdiagnostics.exe
Crogram FilesCommon FilesSymantec SharedPIF{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}PIFSvc.exe
D:skanerHP Software UpdateHPWuSchd2.exe
Crogram FilesHPhpcoretechhpcmpmgr.exe
CROGRA~1ALWILS~1Avast4ashDisp.exe
C:WINDOWSsystem32Rundll32.exe
Crogram FilesAutoConnectAutoConnect.exe
D:skanerDigital Imagingbinhpqgalry.exe
Crogram FilesCommon FilesTeleca SharedGeneric.exe
Crogram FilesSony EricssonMobile2Mobile Phone Monitorepmworker.exe
C:WINDOWSsystem32wuauclt.exe
C:WINDOWSSystem32svchost.exe
C:WINDOWSSystem32svchost.exe
C:WINDOWSSystem32svchost.exe
C:WINDOWSsystem32wuauclt.exe
Crogram FilesAlwil SoftwareAvast4setupavast.setup
Crogram FilesMozilla Firefoxfirefox.exe
D:HijackThis.exe

R1 - HKCUSoftwareMicrosoftInternet ExplorerMain,SearchAssistant =

[Aby zobaczyć linki, zarejestruj się tutaj]

R0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page =

[Aby zobaczyć linki, zarejestruj się tutaj]

R0 - HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName = Łącza
F3 - REG:win.ini: load=C:WINDOWSsvchost.exe
F2 - REG:system.ini: UserInit=C:WINDOWSsystem32userinit.exe,C:WINDOWSsystem32wmsdkns.exe,
O2 - BHO: (no name) - {00000250-0320-4dd4-be4f-7566d2314352} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - e:ReaderActiveXAcroIEHelper.ocx
O2 - BHO: (no name) - {13197ace-6851-45c3-a7ff-c281324d5489} - (no file)
O2 - BHO: (no name) - {15651c7c-e812-44a2-a9ac-b467a2233e7d} - (no file)
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - E:programyzainstalowanejccatch.dll
O2 - BHO: (no name) - {439872BC-24A1-4699-9CEE-A9D03A12AD35} - C:WINDOWSsystem32opnOihFw.dll
O2 - BHO: (no name) - {4e1075f4-eec4-4a86-add7-cd5f52858c31} - (no file)
O2 - BHO: (no name) - {4e7bd74f-2b8d-469e-92c6-ce7eb590a94d} - (no file)
O2 - BHO: (no name) - {5929cd6e-2062-44a4-b2c5-2c7e78fbab38} - (no file)
O2 - BHO: (no name) - {5dafd089-24b1-4c5e-bd42-8ca72550717b} - (no file)
O2 - BHO: (no name) - {5fa6752a-c4a0-4222-88c2-928ae5ab4966} - (no file)
O2 - BHO: (no name) - {622cc208-b014-4fe0-801b-874a5e5e403a} - (no file)
O2 - BHO: (no name) - {6c23ab0c-0244-4b01-8253-bee724d0d2ec} - C:WINDOWSsystem32rqRLfEVp.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - Crogram FilesJavajre1.5.0_06binssv.dll
O2 - BHO: (no name) - {8674aea0-9d3d-11d9-99dc-00600f9a01f1} - (no file)
O2 - BHO: (no name) - {965a592f-8efa-4250-8630-7960230792f1} - (no file)
O2 - BHO: (no name) - {9c5b2f29-1f46-4639-a6b4-828942301d3e} - (no file)
O2 - BHO: (no name) - {cf021f40-3e14-23a5-cba2-717765728274} - (no file)
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - E:programyzainstalowanegetflash.dll
O2 - BHO: (no name) - {fc3a74e5-f281-4f10-ae1e-733078684f3c} - (no file)
O2 - BHO: (no name) - {ffff0001-0002-101a-a3c9-08002b2f49fb} - (no file)
O4 - HKLM..Run: [VTTimer]VTTimer.exe
O4 - HKLM..Run: [VTTrayp]VTtrayp.exe
O4 - HKLM..Run: [SMSERIAL]sm56hlpr.exe
O4 - HKLM..Run: [diagnostics]"Crogram Files/Thomson SpeedTouch/ST330/diagnostics/diagnostics.exe" /icon -l:pl
O4 - HKLM..Run: [Symantec PIF AlertEng]"Crogram FilesCommon FilesSymantec SharedPIF{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}PIFSvc.exe" /a /m "Crogram FilesCommon FilesSymantec SharedPIF{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}AlertEng.dll"
O4 - HKLM..Run: [AHQInit]e:programyzainstalowaneProgramAHQInit.exe
O4 - HKLM..Run: [NeroFilterCheck]C:WINDOWSsystem32NeroCheck.exe
O4 - HKLM..Run: [HP Software Update]"D:skanerHP Software UpdateHPWuSchd2.exe"
O4 - HKLM..Run: [HP Component Manager]"Crogram FilesHPhpcoretechhpcmpmgr.exe"
O4 - HKLM..Run: [Adobe Photo Downloader]"Crogram FilesAdobePhotoshop Album Starter Edition3.0Appsapdproxy.exe"
O4 - HKLM..Run: [Picasa Media Detector]Crogram FilesPicasa2PicasaMediaDetector.exe
O4 - HKLM..Run: [avast!]CROGRA~1ALWILS~1Avast4ashDisp.exe
O4 - HKLM..Run: [PCSuiteTrayApplication]Crogram FilesNokiaNokia PC Suite 6LaunchApplication.exe -startup
O4 - HKLM..Run: [Super Audio Grabber 3.0]"Crogram FilesBlueSpriteSuper Audio Grabber 3.0SAGrab.exe"/a
O4 - HKLM..Run: [Sony Ericsson PC Suite]"Crogram FilesSony EricssonMobile2Application LauncherApplication Launcher.exe" /startoptions
O4 - HKLM..Run: [runner1]C:WINDOWSmrofinu801.exe 61A847B5BBF7281A329A284503996897C881250221C8670836AC4FA7C8833201749139
O4 - HKLM..Run: [MSConfig]C:WINDOWSPCHealthHelpCtrBinariesMSConfig.exe /auto
O4 - HKLM..Run: [BM1f15f514]Rundll32.exe "C:WINDOWSsystem32ejdctbsf.dll",s
O4 - HKCU..Run: [Gadu-Gadu]"E:programyzainstalowaneGadu-Gadugg.exe" /tray
O4 - HKCU..Run: [Skype]"Crogram FilesSkypePhoneSkype.exe" /nosplash /minimized
O4 - HKCU..Run: [HUAWEI 3G Data Card MTS]Crogram FilesHuawei technologiesHuawei UMTS Data CardHUAWEI Mobile Connect.exe
O4 - HKCU..Run: [Super Audio Grabber 3.0]"Crogram FilesBlueSpriteSuper Audio Grabber 3.0SAGrab.exe"/a
O4 - HKCU..Run: [AutoConnect]Crogram FilesAutoConnectAutoConnect.exe
O4 - Startup: Adobe Gamma.lnk = Crogram FilesCommon FilesAdobeCalibrationAdobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = Crogram FilesAdobeAcrobat 7.0Readerreader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = D:skanerDigital Imagingbinhpqtra08.exe
O4 - Global Startup: HP Image Zone - szybkie uruchamianie.lnk = D:skanerDigital Imagingbinhpqthb08.exe
O8 - Extra context menu item: &Ściągnij przy pomocy FlashGet''a - E:programyzainstalowanejc_link.htm
O8 - Extra context menu item: &Ściągnij wszystko przy pomocy FlashGet''a - E:programyzainstalowanejc_all.htm
O8 - Extra context menu item: E&ksport do programu Microsoft Excel -

[Aby zobaczyć linki, zarejestruj się tutaj]

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - Crogram FilesJavajre1.5.0_06binssv.dll
O9 - Extra ''Tools'' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - Crogram FilesJavajre1.5.0_06binssv.dll
O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - CROGRA~1MICROS~2OFFICE11REFIEBAR.DLL
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - E:programyzainstalowaneFlashGet.exe
O9 - Extra ''Tools'' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - E:programyzainstalowaneFlashGet.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - Crogram FilesMessengermsmsgs.exe
O9 - Extra ''Tools'' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - Crogram FilesMessengermsmsgs.exe
O12 - Plugin for .spop: Crogram FilesInternet ExplorerPluginsNPDocBox.dll
O17 - HKLMSystemCCSServicesTcpip..{3AE6F1B9-6A9B-4615-A656-CABB92CCA439}: NameServer = 194.204.159.1 217.98.63.164
O17 - HKLMSystemCS2ServicesTcpip..{3AE6F1B9-6A9B-4615-A656-CABB92CCA439}: NameServer = 194.204.159.1 217.98.63.164
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - CROGRA~1COMMON~1SkypeSKYPE4~1.DLL
O20 - Winlogon Notify: rqRLfEVp - C:WINDOWSSYSTEM32rqRLfEVp.dll
O20 - Winlogon Notify: WinNt32 - C:WINDOWSSYSTEM32WinNt32.dll
O23 - Service: avast! Antivirus - ALWIL Software - Crogram FilesAlwil SoftwareAvast4ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - Crogram FilesAlwil SoftwareAvast4ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - Crogram FilesAlwil SoftwareAvast4ashWebSv.exe" /service (file missing)

[Serafin]

Po pierwsze zapoznaj się z

[Aby zobaczyć linki, zarejestruj się tutaj]

tematem. Logi wklejamy w tagach code. Na początek dajemy logi z hijackthis i Silent runners.
Wstaw do posta opis swojego problemu

F3 - REG:win.ini: load=C:WINDOWSsvchost.exe
F2 - REG:system.ini: UserInit=C:WINDOWSsystem32userinit.exe,C:WINDOWSsystem32wmsdkns.exe,
O2 - BHO: (no name) - {00000250-0320-4dd4-be4f-7566d2314352} - (no file)
O2 - BHO: (no name) - {13197ace-6851-45c3-a7ff-c281324d5489} - (no file)
O2 - BHO: (no name) - {15651c7c-e812-44a2-a9ac-b467a2233e7d} - (no file)
O2 - BHO: (no name) - {439872BC-24A1-4699-9CEE-A9D03A12AD35} - C:WINDOWSsystem32opnOihFw.dll
O2 - BHO: (no name) - {4e1075f4-eec4-4a86-add7-cd5f52858c31} - (no file)
O2 - BHO: (no name) - {4e7bd74f-2b8d-469e-92c6-ce7eb590a94d} - (no file)
O2 - BHO: (no name) - {5929cd6e-2062-44a4-b2c5-2c7e78fbab38} - (no file)
O2 - BHO: (no name) - {5dafd089-24b1-4c5e-bd42-8ca72550717b} - (no file)
O2 - BHO: (no name) - {5fa6752a-c4a0-4222-88c2-928ae5ab4966} - (no file)
O2 - BHO: (no name) - {622cc208-b014-4fe0-801b-874a5e5e403a} - (no file)
O2 - BHO: (no name) - {6c23ab0c-0244-4b01-8253-bee724d0d2ec} - C:WINDOWSsystem32rqRLfEVp.dll
O2 - BHO: (no name) - {8674aea0-9d3d-11d9-99dc-00600f9a01f1} - (no file)
O2 - BHO: (no name) - {965a592f-8efa-4250-8630-7960230792f1} - (no file)
O2 - BHO: (no name) - {9c5b2f29-1f46-4639-a6b4-828942301d3e} - (no file)
O2 - BHO: (no name) - {cf021f40-3e14-23a5-cba2-717765728274} - (no file)
O2 - BHO: (no name) - {fc3a74e5-f281-4f10-ae1e-733078684f3c} - (no file)
O2 - BHO: (no name) - {ffff0001-0002-101a-a3c9-08002b2f49fb} - (no file)
O4 - HKLM..Run: [runner1]C:WINDOWSmrofinu801.exe 61A847B5BBF7281A329A284503996897C881250221C8670836AC4FA7C8833201749139
O4 - HKLM..Run: [BM1f15f514]Rundll32.exe "C:WINDOWSsystem32ejdctbsf.dll",s
O20 - Winlogon Notify: rqRLfEVp - C:WINDOWSSYSTEM32rqRLfEVp.dll
O20 - Winlogon Notify: WinNt32 - C:WINDOWSSYSTEM32WinNt32.dll

Skasuj te wpisy w hijacku w trybie awaryjnym i wyłączonym przywracaniem systemu.

Zastosuj

[Aby zobaczyć linki, zarejestruj się tutaj]

[Aby zobaczyć linki, zarejestruj się tutaj]

[Aby zobaczyć linki, zarejestruj się tutaj]

Pobierz program

[Aby zobaczyć linki, zarejestruj się tutaj]

* Dwuklik na SDFix.exe następnie program wypakuje się na dysk systemowy (standardowo C:SDFix)
* Zrestartuj komputer i wejdź do trybu awaryjnego (klawisz F8 przed bootem Windowsa)
* Wejdź do folderu z SDFix kliknij dwa razy na plik RunThis.bat
* Wciśnij Ynastąpi proces usuwania.
* Kiedy usuwanie się ukończy wciśnij dowolny klawisz (Any Key). Nastąpi restart komputera.
* Po restarcie SDFix uruchomi się ponownie, żeby dokończyć proces usuwania kiedy pojawi się w oknie programu Finished, wciśnij dowolny klawisz do zakończenia scryptu i załadowania ikon na pulpicie.
* Pokaż Report.txt znajdujący się w folderze SDFix.

Po zabiegach dajesz nowe logi z hijacka log z

[Aby zobaczyć linki, zarejestruj się tutaj]

oraz raport z SDFix

[fari23]

jak chce wlaczyc combofix odrazu jest restart ogolnie to tlo mam niebieskie z napisami po angielsku nie moge wlaczyc menadzera zadan (pisze ze zostal wylaczony przez administratora czego nie robilem) nie moge kozystac z internetu (pisze z drugfiego kompa!) muli sie wlancza 20 minut mam win xp i jest to lap do programow zastosuje sie w najblizszym czasie

[Serafin]

Skoro nie możesz dać loga z Combofix to daj loga z

[Aby zobaczyć linki, zarejestruj się tutaj]

Otwórz notatnik i wklej w nim to:

Kod:

Windows Registry Editor Version 5.00

[HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionPoliciesSystem]
"DisableTaskMgr"=dword:00000000

[HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionGroup Policy ObjectsLocalUserSoftwareMicrosoftWindowsCurrentVersionPoliciesSystem]
"DisableTaskMgr"=dword:00000000
"**del.DisableTaskMgr"=" "

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionpoliciessystem]
"DisableTaskMgr"=dword:00000000

Plik>zapisz jako...>zmień rozszerzenie na: wszystkie pliki>zapisz pod nazwą FIX.REG
Uruchom plik FIX.REG w trybie awaryjnym i wyłączonym przywracaniem systemu.

[fari23]

Kod:

ComboFix 08-05-15.3 - wicherki 2008-05-173:35:33.2 - NTFSx86 MINIMAL
Microsoft Windows XP Home Edition5.1.2600.2.1250.1.1045.18.760 [GMT 2:00]
Running from: G:ComboFix.exe

[color=red][b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b][/color]
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

C:Documents and SettingsLocalServiceDane aplikacjiNetMon
C:Documents and SettingsLocalServiceDane aplikacjiNetMondomains.txt
C:Documents and SettingsLocalServiceDane aplikacjiNetMonlog.txt
C:Program FilesHelper
C:Program Filesnetwork monitor
C:Program Fileswebhancer
C:Program FileswebhancerProgramslicense.txt
C:Program FileswebhancerProgramsreadme.txt
C:Program FileswebhancerProgramssporder.dll
C:Program FileswebhancerProgramswhagent.ini
C:Temp1cb
C:Temp1cbsyscheck.log
C:WINDOWS123messenger.per
C:WINDOWS2020search.dll
C:WINDOWS2020search2.dll
C:WINDOWSapphelp32.dll
C:WINDOWSasferror32.dll
C:WINDOWSasycfilt32.dll
C:WINDOWSathprxy32.dll
C:WINDOWSati2dvaa32.dll
C:WINDOWSati2dvag32.dll
C:WINDOWSaudiosrv32.dll
C:WINDOWSautodisc32.dll
C:WINDOWSavifile32.dll
C:WINDOWSavisynthex32.dll
C:WINDOWSaviwrap32.dll
C:WINDOWSb2new.exe
C:WINDOWSbjam.dll
C:WINDOWSbokja.exe
C:WINDOWSbrowserad.dll
C:WINDOWScdsm32.dll
C:WINDOWSchangeurl_30.dll
C:WINDOWSdefault.htm
C:WINDOWSdidduid.ini
C:WINDOWSlfn.exe
C:WINDOWSlicencia.txt
C:WINDOWSmainms.vpi
C:WINDOWSmegavid.cdt
C:WINDOWSmsa64chk.dll
C:WINDOWSmsapasrc.dll
C:WINDOWSmspphe.dll
C:WINDOWSmssvr.exe
C:WINDOWSmuotr.so
C:WINDOWSntnut.exe
C:WINDOWSpskt.ini
C:WINDOWSsaiemod.dll
C:WINDOWSshdocpe.dll
C:WINDOWSshdocpl.dll
C:WINDOWSstcloader.exe
C:WINDOWSswin32.dll
C:WINDOWSsystem32crypts.dll
C:WINDOWSsystem32driverstcpsr.sys
C:WINDOWSsystem32iiffDUnl.dll
C:WINDOWSsystem32MSINET.oca
C:WINDOWSsystem32pac.txt
C:WINDOWSsystem32pkwcylsm.exe
C:WINDOWSsystem32sft.res
C:WINDOWSsystem32wFhiOnpo.ini
C:WINDOWSsystem32wFhiOnpo.ini2
C:WINDOWSsystem32winfrun32.bin
C:WINDOWSsystem32WinNt32.dll
C:WINDOWSsystem32WLCtrl32.dll
C:WINDOWSsystem32wmsdkns.exe
C:WINDOWStelefonos.txt
C:WINDOWStextos.txt
C:WINDOWSvoiceip.dll
C:WINDOWSwinsb.dll
D:Autorun.inf
E:Autorun.inf
G:autorun.inf
G:host.exe

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------Legacy_TCPSR
-------Service_tcpsr
-------Service_Binary file SvcDump matches


((((((((((((((((((((((((( Files Created from 2008-04-17 to 2008-05-17)))))))))))))))))))))))))))))))
.

2008-05-17 03:39 . 2008-05-17 03:39    22    --a------    C:WINDOWSpskt.ini
2008-05-16 20:47 . 2008-05-16 20:47    1,024    --ah-----    C:WINDOWSsystem32configsystemprofilentuser.dat.LOG
2008-05-15 17:09 . 2007-07-11 23:06    <DIR>    d--h-----    C:Documents and SettingsAdministratorUstawienia lokalne
2008-05-15 17:09 . 2008-05-15 17:35    <DIR>    d--------    C:Documents and SettingsAdministratorUlubione
2008-05-15 17:09 . 2007-07-11 21:10    <DIR>    d--h-----    C:Documents and SettingsAdministratorSzablony
2008-05-15 17:09 . 2007-07-11 21:18    <DIR>    d--------    C:Documents and SettingsAdministratorPulpit
2008-05-15 17:09 . 2007-07-11 23:06    <DIR>    d--------    C:Documents and SettingsAdministratorMoje dokumenty
2008-05-15 17:09 . 2007-07-11 23:06    <DIR>    dr-------    C:Documents and SettingsAdministratorMenu Start
2008-05-15 17:09 . 2007-07-11 23:06    <DIR>    dr-h-----    C:Documents and SettingsAdministratorDane aplikacji
2008-05-15 17:09 . 2008-05-15 17:09    <DIR>    d--------    C:Documents and SettingsAdministrator
2008-05-15 17:09 . 2008-05-16 21:24    1,024    --ah-----    C:Documents and SettingsAdministratorNtUser.dat.LOG
2008-05-14 15:06 . 2008-05-14 15:06    124,480    --a------    C:WINDOWSsystem32ejdctbsf.dll
2008-05-14 15:06 . 2008-05-17 03:39    109,807    --a------    C:WINDOWSBM1f15f514.xml
2008-05-14 15:04 . 2008-05-14 15:05    371,200    --a------    C:WINDOWSsystem32opnOihFw.dll
2008-05-14 15:03 . 2008-05-14 15:03    57,344    --a------    C:WINDOWSsystem32iifcCrpm.dll
2008-05-14 15:01 . 2008-05-15 18:38    <DIR>    d--hs----    C:WINDOWSd2ljaGVy
2008-05-14 15:01 . 2008-05-14 15:01    687,592    --a------    C:WINDOWSsystem32atmtd.dll._
2008-05-14 15:01 . 2008-05-14 15:01    687,592    --a------    C:WINDOWSsystem32atmtd.dll
2008-05-14 15:01 . 2006-01-03 17:45    1,989    --a------    C:WINDOWSuninstall_nmon.vbs
2008-05-14 15:01 . 2008-05-14 15:01    578    --a------    C:WINDOWSindex.html
2008-05-14 15:00 . 2008-05-15 18:45    <DIR>    d--------    C:WINDOWSsystem32zDB
2008-05-14 15:00 . 2008-05-14 15:00    <DIR>    d--------    C:WINDOWSsystem32dFrnx06
2008-05-14 15:00 . 2008-05-14 15:01    <DIR>    d--------    C:WINDOWSsystem32cs5
2008-05-14 15:00 . 2008-05-14 15:01    <DIR>    d--------    C:Temptmpvc14
2008-05-14 15:00 . 2008-05-14 15:00    <DIR>    dr-------    C:Documents and SettingsLocalServiceUlubione
2008-05-14 15:00 . 2008-05-14 15:00    80,384    --a------    C:tqkyec.exe
2008-05-14 15:00 . 2008-05-15 16:48    68,018    --a------    C:WINDOWSsystem32iuzqpaf.sys
2008-05-14 15:00 . 2008-05-14 15:00    67,085    --a------    C:TempdOdll2100.exe
2008-05-14 15:00 . 2008-05-16 15:39    27,136    --a------    C:WINDOWSsystem32driversAdh47.sys
2008-05-14 15:00 . 2008-05-14 15:00    2    --a------    C:472303143
2008-05-14 14:59 . 2008-05-14 15:00    72,192    --a------    C:lrohjo.exe
2008-05-14 14:59 . 2008-05-14 14:59    57,344    --a------    C:WINDOWSsystem32rqRLfEVp.dll
2008-05-04 11:44 . 2008-05-04 11:44    <DIR>    d--------    C:Program FilesMp3 Knife
2008-05-02 18:13 . 2008-05-11 08:41    3,264    --a------    C:drmHeader.bin
2008-05-02 10:10 . 2008-05-17 03:40    <DIR>    d--------    C:Program FilesAutoConnect
2008-05-01 07:31 . 2008-05-01 07:33    <DIR>    d--------    C:Program FilesSimTractor 3.5
2008-04-29 22:28 . 2008-04-29 22:29    <DIR>    d--------    C:Program FilesPITy2007
2008-04-29 22:14 . 2008-04-29 22:14    <DIR>    d--------    C:Program FilesElfin

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-16 18:53    ---------    d-----w    C:Documents and SettingswicherkiDane aplikacjiSkype
2008-05-16 15:05    ---------    d-----w    C:Program FilesAskTBar
2008-05-16 08:30    ---------    d-----w    C:Program FilesGoogle
2008-05-15 17:34    ---------    d-----w    C:Program FilesGanymede
2008-05-15 17:34    ---------    d-----w    C:Program FilesDVDVIDEOSOFT
2008-05-14 13:13    ---------    d-----w    C:Documents and SettingswicherkiDane aplikacjiAzureus
2008-04-30 23:30    ---------    d-----w    C:Program FilesAzureus
2008-04-29 19:46    ---------    d--h--w    C:Program FilesInstallShield Installation Information
2008-04-25 23:56    ---------    d-----w    C:Program Filesneostrada tp
2008-03-29 10:37    ---------    d-----w    C:Program FilesCommon FilesAdobe Systems Shared
2008-03-29 10:37    ---------    d-----w    C:Program FilesCommon FilesAdobe
2008-03-26 18:32    ---------    d-----w    C:Program FilesMicrosoft Digital Image 2006
2008-03-26 17:57    ---------    d-----w    C:Program FilesStudioLine Photo Basic
2008-03-26 13:30    ---------    d-----w    C:Documents and SettingswicherkiDane aplikacjiAhead
2008-03-25 04:52    621,344    ----a-w    C:WINDOWSsystem32mswstr10.dll
2008-03-25 04:52    178,976    ----a-w    C:WINDOWSsystem32msjint40.dll
2008-03-21 20:12    ---------    d-----w    C:Documents and SettingswicherkiDane aplikacjiGanymedeNet
2008-03-20 08:09    1,845,504    ----a-w    C:WINDOWSsystem32win32k.sys
2008-02-20 06:51    282,624    ----a-w    C:WINDOWSsystem32gdi32.dll
2008-02-20 05:38    45,568    ----a-w    C:WINDOWSsystem32dnsrslvr.dll
2007-10-25 17:15    0    ----a-w    C:Documents and SettingswicherkiEmails.dat
2007-10-18 20:13    10    ----a-w    C:Documents and Settingswicherkiuser.dat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE~Browser Helper Objects{439872BC-24A1-4699-9CEE-A9D03A12AD35}]
2008-05-14 15:05    371200    --a------    C:WINDOWSsystem32opnOihFw.dll

[HKEY_LOCAL_MACHINE~Browser Helper Objects{6C23AB0C-0244-4B01-8253-BEE724D0D2EC}]
2008-05-14 14:59    57344    --a------    C:WINDOWSsystem32rqRLfEVp.dll

[HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionRun]
"Gadu-Gadu"="E:programyzainstalowaneGadu-Gadugg.exe" [2007-05-10 16:36 2111176]
"Skype"="C:Program FilesSkypePhoneSkype.exe" [2007-09-13 13:31 22880040]
"HUAWEI 3G Data Card MTS"="C:Program FilesHuawei technologiesHuawei UMTS Data CardHUAWEI Mobile Connect.exe" [2007-05-17 11:22 331776]
"Super Audio Grabber 3.0"="C:Program FilesBlueSpriteSuper Audio Grabber 3.0SAGrab.exe/a" [ ]
"AutoConnect"="C:Program FilesAutoConnectAutoConnect.exe" [2004-08-28 20:27 295424]

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun]
"VTTimer"="VTTimer.exe" [2005-03-08 03:33 53248 C:WINDOWSsystem32VTTimer.exe]
"VTTrayp"="VTtrayp.exe" [2005-11-01 04:15 163840 C:WINDOWSsystem32VTTrayp.exe]
"SMSERIAL"="sm56hlpr.exe" [2005-11-10 04:44 557056 C:WINDOWSsm56hlpr.exe]
"diagnostics"="C:Program Files/Thomson SpeedTouch/ST330/diagnostics/diagnostics.exe" [2007-07-11 21:54 557149]
"Symantec PIF AlertEng"="C:Program FilesCommon FilesSymantec SharedPIF{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}PIFSvc.exe" [2007-03-12 11:22 517768]
"AHQInit"="e:programyzainstalowaneProgramAHQInit.exe" [2001-05-10 18:49 102400]
"NeroFilterCheck"="C:WINDOWSsystem32NeroCheck.exe" [2001-07-09 10:50 155648]
"HP Software Update"="D:skanerHP Software UpdateHPWuSchd2.exe" [2004-02-12 13:38 49152]
"HP Component Manager"="C:Program FilesHPhpcoretechhpcmpmgr.exe" [2004-05-12 15:18 241664]
"Adobe Photo Downloader"="C:Program FilesAdobePhotoshop Album Starter Edition3.0Appsapdproxy.exe" [2005-06-06 23:46 57344]
"Picasa Media Detector"="C:Program FilesPicasa2PicasaMediaDetector.exe" [2006-04-20 01:17 421888]
"avast!"="C:PROGRA~1ALWILS~1Avast4ashDisp.exe" [2008-03-29 19:37 79224]
"PCSuiteTrayApplication"="C:Program FilesNokiaNokia PC Suite 6LaunchApplication.exe" [2007-03-23 14:20 227328]
"Super Audio Grabber 3.0"="C:Program FilesBlueSpriteSuper Audio Grabber 3.0SAGrab.exe/a" [ ]
"Sony Ericsson PC Suite"="C:Program FilesSony EricssonMobile2Application LauncherApplication Launcher.exe" [2005-10-26 17:17 159744]
"BM1f15f514"="C:WINDOWSsystem32ejdctbsf.dll" [2008-05-14 15:06 124480]

[HKEY_USERS.DEFAULTSoftwareMicrosoftWindowsCurrentVersionRun]
"CTFMON.EXE"="C:WINDOWSsystem32CTFMON.EXE" [2004-08-04 14:00 15360]
"Nokia.PCSync"="C:Program FilesNokiaNokia PC Suite 6PcSync2.exe" [2007-03-27 16:58 1744896]

C:Documents and SettingswicherkiMenu StartProgramyAutostart
Adobe Gamma.lnk - C:Program FilesCommon FilesAdobeCalibrationAdobe Gamma Loader.exe [2005-03-16 20:16:50 113664]

C:Documents and SettingsAll UsersMenu StartProgramyAutostart
Adobe Reader Speed Launch.lnk - C:Program FilesAdobeAcrobat 7.0Readerreader_sl.exe [2005-09-23 23:05:26 29696]
HP Digital Imaging Monitor.lnk - D:skanerDigital Imagingbinhpqtra08.exe [2004-05-28 22:31:38 241664]
HP Image Zone - szybkie uruchamianie.lnk - D:skanerDigital Imagingbinhpqthb08.exe [2004-05-28 23:06:36 53248]

[hkey_local_machinesoftwaremicrosoftwindowscurrentversionexplorershellexecutehooks]
"{6C23AB0C-0244-4B01-8253-BEE724D0D2EC}"= C:WINDOWSsystem32rqRLfEVp.dll [2008-05-14 14:59 57344]

[HKEY_LOCAL_MACHINEsoftwaremicrosoftwindows ntcurrentversionwinlogonnotifyrqRLfEVp]
rqRLfEVp.dll 2008-05-14 14:59 57344 C:WINDOWSsystem32rqRLfEVp.dll

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregNBJ]

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregSoundMan]

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregSunJavaUpdateSched]

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregswg]

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregUpdReg]

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigservices]
"st330service"=2 (0x2)
"ServiceLayer"=3 (0x3)
"Pml Driver HPZ12"=3 (0x3)
"ose"=3 (0x3)
"NMSAccessU"=2 (0x2)
"LiveUpdate Notice Service"=2 (0x2)
"LiveUpdate Notice Ex"=2 (0x2)
"LiveUpdate"=3 (0x3)
"IDriverT"=3 (0x3)
"Harmonogram automatycznej usługi LiveUpdate"=2 (0x2)
"gusvc"=3 (0x3)
"GoogleDesktopManager"=3 (0x3)
"CLTNetCnService"=2 (0x2)
"avast! Web Scanner"=3 (0x3)
"avast! Mail Scanner"=3 (0x3)
"avast! Antivirus"=2 (0x2)
"aswUpdSv"=2 (0x2)
"Adobe LM Service"=3 (0x3)

[HKEY_LOCAL_MACHINEsoftwaremicrosoftsecurity center]
"AntiVirusOverride"=dword:00000001

[HKEY_LOCAL_MACHINEsoftwaremicrosoftsecurity centerMonitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINEsoftwaremicrosoftsecurity centerMonitoringSymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINEsoftwaremicrosoftsecurity centerMonitoringSymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM~servicessharedaccessparametersfirewallpolicystandardprofileAuthorizedApplicationsList]
"%windir%\system32\sessmgr.exe"=
"C:\Program Files\Thomson SpeedTouch\ST330\WebInstaller\STHIW\stInstall.exe"=
"C:\Program Files\Thomson SpeedTouch\ST330\service\st330service.exe"=
"E:\programy\zainstalowane\flashget.exe"=
"C:\Program Files\Huawei technologies\Huawei UMTS Data Card\HUAWEI Mobile Connect.exe"=
"E:\programy\zainstalowane\Gadu-Gadu\gg.exe"=
"C:\Program Files\Azureus\Azureus.exe"=
"C:\Program Files\Azureus\Azureus\Azureus.exe"=
"C:\Program Files\Skype\Phone\Skype.exe"=

R1 aswSP;avast! Self Protection;C:WINDOWSsystem32driversaswSP.sys [2008-03-29 19:31]
R2 aswFsBlk;aswFsBlk;C:WINDOWSsystem32DRIVERSaswFsBlk.sys [2008-03-29 19:35]
R3 EKBfltr;ENE Keyboard Controller;C:WINDOWSsystem32DRIVERSEKBfltr.sys [2005-01-14 17:22]
S2 IcRecUsb;IC Recorder Driver;C:WINDOWSsystem32DriversIcRecUsb.sys [2001-10-02 09:37]
S2 IKANLOADER2;General Purpose USB Driver (e4ldr.sys);C:WINDOWSsystem32Driverse4ldr.sys [2006-09-15 11:07]
S3 e4usbaw;USB ADSL2 WAN Adapter;C:WINDOWSsystem32DRIVERSe4usbaw.sys [2006-09-19 11:03]
S3 P0630VID;Creative WebCam Live!;C:WINDOWSsystem32DRIVERSP0630Vid.sys [2004-07-30 03:55]
S3 ST330;ST330;C:WINDOWSsystem32driversst330.sys [2007-07-11 21:54]
S3 STBUS;STBUS;C:WINDOWSsystem32driversstbus.sys [2007-07-11 21:54]
S3 stppp;Speedtouch PPP Adapter Adapter;C:WINDOWSsystem32DRIVERSstppp.sys [2007-07-11 21:54]
S3 w200bus;Sony Ericsson W200 driver (WDM);C:WINDOWSsystem32DRIVERSw200bus.sys [2006-11-07 10:42]
S3 w200mdfl;Sony Ericsson W200 USB WMC Modem Filter;C:WINDOWSsystem32DRIVERSw200mdfl.sys [2006-11-07 10:42]
S3 w200mdm;Sony Ericsson W200 USB WMC Modem Driver;C:WINDOWSsystem32DRIVERSw200mdm.sys [2006-11-07 10:42]
S3 w200mgmt;Sony Ericsson W200 USB WMC Device Management Drivers (WDM);C:WINDOWSsystem32DRIVERSw200mgmt.sys [2006-11-07 10:42]
S3 w200obex;Sony Ericsson W200 USB WMC OBEX Interface;C:WINDOWSsystem32DRIVERSw200obex.sys [2006-11-07 10:42]
S4 Harmonogram automatycznej usługi LiveUpdate;Harmonogram automatycznej usługi LiveUpdate;"C:Program FilesSymantecLiveUpdateALUSchedulerSvc.exe" [2006-09-13 14:54]

[HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2D]
ShellAutoRuncommand - C:WINDOWSsystem32RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL copy.exe

[HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2E]
ShellAutoRuncommand - C:WINDOWSsystem32RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL copy.exe

.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-17 03:39:06
Windows 5.1.2600 Dodatek Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINESystemControlSet002Servicesst330service]
"ImagePath"="C:Program Files/Thomson SpeedTouch/ST330/service/st330service.exe -service"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:WINDOWSsystem32winlogon.exe
-> C:WINDOWSsystem32rqRLfEVp.dll
-> C:WINDOWSsystem32WinNt32.dll

PROCESS: C:WINDOWSexplorer.exe
-> C:WINDOWSsystem32ejdctbsf.dll
.
------------------------ Other Running Processes ------------------------
.
C:Program FilesAlwil SoftwareAvast4ashServ.exe
C:Program FilesAlwil SoftwareAvast4ashMaiSv.exe
C:Program FilesAlwil SoftwareAvast4ashWebSv.exe
C:WINDOWSsystem32rundll32.exe
C:Program FilesCommon FilesTeleca SharedCapabilityManager.exe
D:skanerDigital Imagingbinhpqgalry.exe
C:Program FilesCommon FilesTeleca SharedGeneric.exe
C:Program FilesSony EricssonMobile2Mobile Phone Monitorepmworker.exe
C:WINDOWSSoftwareDistributionDownloadInstallWindows-KB890830-V1.41-delta.exe
C:c2569c91ba084523c1c0b5mrtstub.exe
C:WINDOWSsystem32MRT.exe
.
**************************************************************************
.
Completion time: 2008-05-173:43:26 - machine was rebooted
ComboFix-quarantined-files.txt2008-05-17 01:43:20

Pre-Run: 6,831,616,000 bajtów wolnych
Post-Run: 7,194,951,680 bajt˘w wolnych

298    --- E O F ---    2008-05-16 08:33:11

[fari23]

Kod:

hijackthis po combofix

Logfile of HijackThis v1.99.1
Scan saved at 03:53:05, on 2008-05-17
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:WINDOWSSystem32smss.exe
C:WINDOWSsystem32winlogon.exe
C:WINDOWSsystem32services.exe
C:WINDOWSsystem32lsass.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSExplorer.EXE
D:HijackThis.exe

R0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page =
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Local Page =
R0 - HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName =
R3 - Default URLSearchHook is missing
O4 - HKLM..Run: [VTTimer] VTTimer.exe
O4 - HKLM..Run: [VTTrayp] VTtrayp.exe
O4 - HKLM..Run: [SMSERIAL] sm56hlpr.exe
O4 - HKLM..Run: [diagnostics] "C:Program Files/Thomson SpeedTouch/ST330/diagnostics/diagnostics.exe" /icon -l:pl
O4 - HKLM..Run: [Symantec PIF AlertEng] "C:Program FilesCommon FilesSymantec SharedPIF{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}PIFSvc.exe" /a /m "C:Program FilesCommon FilesSymantec SharedPIF{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}AlertEng.dll"
O4 - HKLM..Run: [AHQInit] e:programyzainstalowaneProgramAHQInit.exe
O4 - HKLM..Run: [NeroFilterCheck] C:WINDOWSsystem32NeroCheck.exe
O4 - HKLM..Run: [HP Software Update] "D:skanerHP Software UpdateHPWuSchd2.exe"
O4 - HKLM..Run: [HP Component Manager] "C:Program FilesHPhpcoretechhpcmpmgr.exe"
O4 - HKLM..Run: [Adobe Photo Downloader] "C:Program FilesAdobePhotoshop Album Starter Edition3.0Appsapdproxy.exe"
O4 - HKLM..Run: [Picasa Media Detector] C:Program FilesPicasa2PicasaMediaDetector.exe
O4 - HKLM..Run: [avast!] C:PROGRA~1ALWILS~1Avast4ashDisp.exe
O4 - HKLM..Run: [PCSuiteTrayApplication] C:Program FilesNokiaNokia PC Suite 6LaunchApplication.exe -startup
O4 - HKLM..Run: [Super Audio Grabber 3.0] "C:Program FilesBlueSpriteSuper Audio Grabber 3.0SAGrab.exe"/a
O4 - HKLM..Run: [Sony Ericsson PC Suite] "C:Program FilesSony EricssonMobile2Application LauncherApplication Launcher.exe" /startoptions
O4 - HKLM..Run: [BM1f15f514] Rundll32.exe "C:WINDOWSsystem32ejdctbsf.dll",s
O4 - HKCU..Run: [CTFMON.EXE] C:WINDOWSsystem32CTFMON.EXE
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:Program FilesAdobeAcrobat 7.0Readerreader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = D:skanerDigital Imagingbinhpqtra08.exe
O4 - Global Startup: HP Image Zone - szybkie uruchamianie.lnk = D:skanerDigital Imagingbinhpqthb08.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:Program FilesJavajre1.5.0_06binnpjpi150_06.dll
O9 - Extra ''Tools'' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:Program FilesJavajre1.5.0_06binnpjpi150_06.dll
O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:PROGRA~1MICROS~2OFFICE11REFIEBAR.DLL
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - E:programyzainstalowaneFlashGet.exe
O9 - Extra ''Tools'' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - E:programyzainstalowaneFlashGet.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:Program FilesMessengermsmsgs.exe
O9 - Extra ''Tools'' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:Program FilesMessengermsmsgs.exe
O12 - Plugin for .spop: C:Program FilesInternet ExplorerPluginsNPDocBox.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:PROGRA~1COMMON~1SkypeSKYPE4~1.DLL
O23 - Service: avast! Antivirus - ALWIL Software - C:Program FilesAlwil SoftwareAvast4ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:Program FilesAlwil SoftwareAvast4ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:Program FilesAlwil SoftwareAvast4ashWebSv.exe" /service (file missing)

po combofixie jest lepiej moge normalnie wlaczyc kompa ale wirus nadal siedzi zastosuje sie do podanych wskazowek

[Serafin]

Zastosuj

[Aby zobaczyć linki, zarejestruj się tutaj]

w trybie awaryjnym i wyłączonym przywracaniem systemu.

Pobierz program

[Aby zobaczyć linki, zarejestruj się tutaj]

* Dwuklik na SDFix.exe następnie program wypakuje się na dysk systemowy (standardowo C:SDFix)
* Zrestartuj komputer i wejdź do trybu awaryjnego (klawisz F8 przed bootem Windowsa)
* Wejdź do folderu z SDFix kliknij dwa razy na plik RunThis.bat
* Wciśnij Ynastąpi proces usuwania.
* Kiedy usuwanie się ukończy wciśnij dowolny klawisz (Any Key). Nastąpi restart komputera.
* Po restarcie SDFix uruchomi się ponownie, żeby dokończyć proces usuwania kiedy pojawi się w oknie programu Finished, wciśnij dowolny klawisz do zakończenia scryptu i załadowania ikon na pulpicie.
* Pokaż Report.txt znajdujący się w folderze SDFix.

Po zabiegach dajesz nowe logi z hijacka log z

[Aby zobaczyć linki, zarejestruj się tutaj]

, raport z SDFix oraz raport z fixwareout