Amvo.exe - mam loga, jak usunac?

moraw11 · 27 Luty 2008 13:05

Tutaj jest moj log, ktory wykonal program ComboFix. Co teraz powinienem zrobic, zeby usunac wirusa? Z gory dziekuje za odpowiedzi

ComboFix 08-02-25.3 - Tomek 2008-02-27 13:34:31.1 - NTFSx86

Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1250.1.1045.18.1070 [GMT 1:00]

Running from: C:\ComboFix2.exe

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

C:\Autorun.inf

C:\Windows\system32\amvo.exe

C:\Windows\system32\amvo0.dll

C:\Windows\system32\KBL.LOG

D:\Autorun.inf

.

((((((((((((((((((((((((( Files Created from 2008-01-27 to 2008-02-27 )))))))))))))))))))))))))))))))

.

2008-02-27 13:24 . 2008-02-27 13:24 1,573,742 --a------ C:\ComboFix2.exe

2008-02-26 22:05 . 2008-02-26 21:48 107,475 -r-hs---- C:\u2.cmd

2008-02-26 17:53 . 2008-02-27 11:57

2008-02-26 17:53 . 2008-02-26 17:58

2008-02-23 13:37 . 2008-02-23 13:47

2008-02-21 16:22 . 2008-02-21 16:22

2008-02-19 17:21 . 2008-02-19 17:21

2008-02-19 13:31 . 2008-02-19 13:31

2008-02-18 18:41 . 2008-02-18 18:41

2008-02-18 18:36 . 2008-02-18 18:36

2008-02-18 18:36 . 2008-02-15 19:13 60,273 --a------ C:\Windows\System32\pthreadGC2.dll

2008-02-18 18:36 . 2008-02-15 19:13 7,680 --a------ C:\Windows\System32\ff_vfw.dll

2008-02-18 18:36 . 2008-02-15 19:13 547 --a------ C:\Windows\System32\ff_vfw.dll.manifest

2008-02-18 16:57 . 2008-02-18 16:57

2008-02-18 16:20 . 2008-02-18 16:21

2008-02-18 16:20 . 2008-02-19 17:13

2008-02-16 23:50 . 2008-02-18 16:24

2008-02-16 23:45 . 2008-02-16 23:54

2008-02-16 23:45 . 2008-02-16 23:45

2008-02-16 23:45 . 2008-02-18 18:43 2,505 --a------ C:\Windows\VPlayer.INI

2008-02-16 23:45 . 2008-02-18 18:43 63 --a------ C:\Windows\VplayerINI.vpl

2008-02-16 19:42 . 2008-02-17 01:36

2008-02-16 17:47 . 2008-02-16 17:48

2008-02-16 17:47 . 2008-02-17 00:17

2008-02-16 17:47 . 2007-03-08 00:51 129,784 --------- C:\Windows\System32\pxafs.dll

2008-02-16 12:07 . 2003-06-19 01:31 17,920 --a------ C:\Windows\System32\mdimon.dll

2008-02-16 12:07 . 2008-02-16 12:07 412 --a------ C:\Windows\ODBC.INI

2008-02-16 12:05 . 2008-02-16 12:05

2008-02-16 12:01 . 2008-02-16 12:01

2008-02-16 11:58 . 2008-02-16 11:58

2008-02-16 11:49 . 2008-02-26 18:23 27,335 --a------ C:\Users\Tomek\AppData\Roaming\nvModes.dat

2008-02-16 02:16 . 2008-02-16 12:32

2008-02-16 02:05 . 2008-02-16 02:05

2008-02-16 02:01 . 2008-02-16 02:01 1,158 --a------ C:\Windows\mozver.dat

2008-02-16 01:57 . 2008-02-16 01:57 0 --a------ C:\Windows\nsreg.dat

2008-02-16 01:39 . 2008-02-16 01:39

2008-02-16 01:39 . 2008-02-16 02:05

2008-02-16 01:39 . 2008-02-19 13:31

2008-02-16 01:39 . 2008-02-16 01:39

2008-02-16 00:25 . 2008-02-16 00:25 194,560 --a------ C:\Windows\System32\WebClnt.dll

2008-02-16 00:25 . 2008-02-16 00:25 110,080 --a------ C:\Windows\System32\drivers\mrxdav.sys

2008-02-15 23:14 . 2008-02-15 23:14

2008-02-15 23:05 . 2008-02-15 23:05 8,147,968 --a------ C:\Windows\System32\wmploc.DLL

2008-02-15 23:05 . 2008-02-15 23:05 7,680 --a------ C:\Windows\System32\spwmp.dll

2008-02-15 23:03 . 2008-02-15 23:03 4,247,552 --a------ C:\Windows\System32\GameUXLegacyGDFs.dll

2008-02-15 23:03 . 2008-02-15 23:03 1,686,528 --a------ C:\Windows\System32\gameux.dll

2008-02-15 23:03 . 2008-02-15 23:03 1,327,104 --a------ C:\Windows\System32\quartz.dll

2008-02-15 23:03 . 2008-02-15 23:03 803,328 --a------ C:\Windows\System32\drivers\tcpip.sys

2008-02-15 23:03 . 2008-02-15 23:03 223,232 --a------ C:\Windows\System32\WMASF.DLL

2008-02-15 23:03 . 2008-02-15 23:03 216,632 --a------ C:\Windows\System32\drivers\netio.sys

2008-02-15 23:03 . 2008-02-15 23:03 167,424 --a------ C:\Windows\System32\tcpipcfg.dll

2008-02-15 23:03 . 2008-02-15 23:03 24,064 --a------ C:\Windows\System32\netcfg.exe

2008-02-15 23:03 . 2008-02-15 23:03 22,016 --a------ C:\Windows\System32\netiougc.exe

2008-02-15 23:03 . 2008-02-15 23:03 9,728 --a------ C:\Windows\System32\LAPRXY.DLL

2008-02-15 23:03 . 2008-02-15 23:03 2,048 --a------ C:\Windows\System32\asferror.dll

2008-02-15 23:02 . 2008-02-15 23:02 737,792 --a------ C:\Windows\System32\inetcomm.dll

2008-02-15 23:02 . 2008-02-15 23:02 84,480 --a------ C:\Windows\System32\INETRES.dll

2008-02-15 23:02 . 2008-02-15 23:02 11,776 --a------ C:\Windows\System32\sbunattend.exe

2008-02-15 23:01 . 2008-02-15 23:01 788,992 --a------ C:\Windows\System32\rpcrt4.dll

2008-02-15 23:01 . 2008-02-15 23:01 130,048 --a------ C:\Windows\System32\drivers\srv2.sys

2008-02-15 23:01 . 2008-02-15 23:01 101,888 --a------ C:\Windows\System32\drivers\mrxsmb.sys

2008-02-15 23:01 . 2008-02-15 23:01 84,992 --a------ C:\Windows\System32\drivers\srvnet.sys

2008-02-15 23:01 . 2008-02-15 23:01 58,368 --a------ C:\Windows\System32\drivers\mrxsmb20.sys

2008-02-15 23:00 . 2008-02-15 23:00

2008-02-15 22:59 . 2008-02-15 22:59 2,048 --a------ C:\Windows\System32\tzres.dll

2008-02-15 22:56 . 2008-02-15 22:56 1,244,672 --a------ C:\Windows\System32\mcmde.dll

2008-02-15 22:38 . 2008-02-15 22:38 1,712,984 --a------ C:\Windows\System32\wuaueng.dll

2008-02-15 22:38 . 2008-02-15 22:38 1,524,224 --a------ C:\Windows\System32\wucltux.dll

2008-02-15 22:38 . 2008-02-15 22:38 53,080 --a------ C:\Windows\System32\wuauclt.exe

2008-02-15 22:38 . 2008-02-15 22:38 43,352 --a------ C:\Windows\System32\wups2.dll

2008-02-15 22:37 . 2008-02-15 22:37 549,720 --a------ C:\Windows\System32\wuapi.dll

2008-02-15 22:37 . 2008-02-15 22:37 163,000 --a------ C:\Windows\System32\wuwebv.dll

2008-02-15 22:37 . 2008-02-15 22:37 80,896 --a------ C:\Windows\System32\wudriver.dll

2008-02-15 22:37 . 2008-02-15 22:37 33,624 --a------ C:\Windows\System32\wups.dll

2008-02-15 22:37 . 2008-02-15 22:37 31,232 --a------ C:\Windows\System32\wuapp.exe

2008-02-15 20:28 . 2008-02-15 20:28 81 --a------ C:\Windows\System32\LOG

2008-02-15 20:28 . 2008-02-15 20:28 44 --a------ C:\Windows\system\hpsysdrv.dat

2008-02-15 20:18 . 2008-02-16 12:06

2008-02-15 20:16 . 2008-02-15 20:17

2008-02-15 20:15 . 2008-02-15 20:15

2008-02-15 20:13 . 2008-02-15 20:13 0 -rahs---- C:\Windows\System32\drivers\103C_HP_cNB_Pavilion dv6700 Notebook PC_Y5335KV_0U_QCNF801C7MX_E459053-241_4A_I30D0_SQuanta_V85.24_F.25_T071129_WV3-0_L415_M2047_J160_7AMD_8F82_91.90_#071122_N10DE0450;168C001C_(KM007EA#AKD)_XMOBILE_CN10_Z.MRK

2008-02-15 20:12 . 2008-02-16 01:45

2008-02-15 20:02 . 2008-02-15 20:02

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-02-16 11:32 --------- d-----w C:\ProgramData\CyberLink

2008-02-16 00:31 --------- d-----w C:\Program Files\Common Files\Symantec Shared

2008-02-16 00:27 --------- d-----w C:\ProgramData\Symantec

2008-02-15 23:24 943,800 ----a-w C:\Windows\System32\winload.exe

2008-02-15 23:22 --------- d-----w C:\Program Files\Windows Mail

2008-02-15 23:04 --------- d-----w C:\Program Files\Windows Sidebar

2008-02-15 22:03 537,600 ----a-w C:\Windows\AppPatch\AcLayers.dll

2008-02-15 22:03 449,536 ----a-w C:\Windows\AppPatch\AcSpecfc.dll

2008-02-15 22:03 2,144,256 ----a-w C:\Windows\AppPatch\AcGenral.dll

2008-02-15 22:03 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll

2008-02-15 21:57 824,832 ----a-w C:\Windows\System32\wininet.dll

2008-02-15 21:57 56,320 ----a-w C:\Windows\System32\iesetup.dll

2008-02-15 21:57 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll

2008-02-15 21:57 26,624 ----a-w C:\Windows\System32\ieUnatt.exe

2008-02-15 19:30 --------- d-----w C:\ProgramData\NVIDIA

2008-02-15 19:15 --------- d-----w C:\Program Files\HPQ

2008-02-15 19:14 --------- d-----w C:\Program Files\HP

2008-02-15 19:13 0 --sha-r C:\Windows\system32\drivers\103C_HP_cNB_Pavilion dv6700 Notebook PC_Y5335KV_0U_QCNF801C7MX_E459053-241_4A_I30D0_SQuanta_V85.24_F.25_T071129_WV3-0_L415_M2047_J160_7AMD_8F82_91.90_#071122_N10DE0450;168C001C_(KM007EA#AKD)_XMOBILE_CN10_Z.MRK

2008-02-15 19:02 --------- d-sh–w C:\ProgramData\Ulubione

2008-02-15 19:02 --------- d-sh–w C:\ProgramData\Szablony

2008-02-15 19:02 --------- d-sh–w C:\ProgramData\Pulpit

2008-02-15 19:02 --------- d-sh–w C:\ProgramData\Menu Start

2008-02-15 19:02 --------- d-sh–w C:\ProgramData\Dokumenty

2008-02-15 19:02 --------- d-sh–w C:\ProgramData\Dane aplikacji

2008-01-14 11:12 --------- d–h--w C:\Program Files\InstallShield Installation Information

2008-01-14 11:12 --------- d-----w C:\ProgramData\Macrovision

2008-01-14 11:12 --------- d-----w C:\Program Files\DigitalPersona

2008-01-14 11:11 --------- d-----w C:\Program Files\CyberLink

2008-01-14 11:06 --------- d-----w C:\Program Files\Hewlett-Packard

2008-01-14 11:02 --------- d-----w C:\ProgramData\Hewlett-Packard

2008-01-14 10:58 --------- d-----w C:\ProgramData\Atheros

2008-01-14 10:58 --------- d-----w C:\Program Files\WinTV

2008-01-14 10:58 --------- d-----w C:\Program Files\Atheros

2008-01-14 10:57 --------- d-----w C:\Program Files\CONEXANT

2008-01-14 10:55 --------- d-----w C:\Program Files\NetWaiting

2008-01-14 10:55 --------- d-----w C:\Program Files\Fingerprint Sensor

2008-01-14 10:54 0 —ha-w C:\Windows\system32\drivers\Msft_Kernel_SynTP_01000.Wdf

2008-01-14 10:54 --------- d-----w C:\Program Files\Synaptics

2007-11-22 03:44 174 --sha-w C:\Program Files\desktop.ini

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

“Sidebar”=“C:\Program Files\Windows Sidebar\sidebar.exe” [2008-02-15 23:02 1232896]

“MsnMsgr”=“C:\Program Files\MSN Messenger\MsnMsgr.exe” []

“ISUSPM”=“C:\ProgramData\Macrovision\FLEXnet Connect\6\ISUSPM.exe” [2007-03-29 15:41 222128]

“Gadu-Gadu”=“C:\Program Files\Gadu-Gadu\gg.exe” [2005-03-31 10:18 790528]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

“NvSvc”=“C:\Windows\system32\nvsvc.dll” [2007-09-19 21:05 86016]

“NvCplDaemon”=“C:\Windows\system32\NvCpl.dll” [2007-09-19 21:05 8497696]

“NvMediaCenter”=“C:\Windows\system32\NvMcTray.dll” [2007-09-19 21:05 81920]

“SynTPStart”=“C:\Program Files\Synaptics\SynTP\SynTPStart.exe” [2007-09-15 09:29 102400]

“QPService”=“C:\Program Files\HP\QuickPlay\QPService.exe” [2007-09-30 19:34 181544]

“QlbCtrl”=“C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe” [2007-09-19 14:31 202032]

“OnScreenDisplay”=“C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe” [2007-09-04 13:54 554320]

“UCam_Menu”=“C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe” [2007-08-16 23:13 218408]

“DpAgent”=“C:\Program Files\DigitalPersona\Bin\dpagent.exe” [2007-09-20 11:12 671744]

“Windows Defender”=“C:\Program Files\Windows Defender\MSASCui.exe” [2007-11-22 04:06 1006264]

“HP Health Check Scheduler”="[ProgramFilesFolder]Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" []

“hpWirelessAssistant”=“C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe” [2007-09-13 08:47 480560]

“WAWifiMessage”=“C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe” [2007-01-08 15:53 311296]

“SunJavaUpdateSched”=“C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe” [2007-07-12 04:00 132496]

“HP Software Update”=“C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe” [2005-02-16 23:11 49152]

“Adobe Reader Speed Launcher”=“C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe” [2007-05-11 13:06 40048]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

“EnableLUA”= 0 (0x0)

[HKLM~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]

“{25A58860-6C8E-4A69-BF35-778A6D081443}”= C:\Program Files\Cyberlink\PowerDirector\PDR.EXE:CyberLink PowerDirector|Desc=CyberLink PowerDirector

“{44B85228-BA2C-4F12-8E9A-932B64AE5936}”= C:\Program Files\HP\QuickPlay\QP.exe:Quick Play|Desc=Quick Play

“{5BC2A226-07B0-4786-9B96-42A70F5218E8}”= C:\Program Files\HP\QuickPlay\QPService.exe:Quick Play Resident Program|Desc=Quick Play Resident Program

“{4DAB04F3-8C05-43AE-979D-5E639A9ECF97}”= C:\Program Files\MSN Messenger\livecall.exe:Windows Live Messenger 8.1 (Phone)|Edge=TRUE|

“TCP Query User{CDD44593-37C2-4367-8C9A-483432686755}C:\program files\gadu-gadu\gg.exe”= UDP:C:\program files\gadu-gadu\gg.exe:Gadu-Gadu - program glowny|Desc=Gadu-Gadu - program glowny

“UDP Query User{1495D276-EC7B-4A6D-82B0-C7F1968D2A6A}C:\program files\gadu-gadu\gg.exe”= TCP:C:\program files\gadu-gadu\gg.exe:Gadu-Gadu - program glowny|Desc=Gadu-Gadu - program glowny

“TCP Query User{5F8AB58F-A158-42F9-A287-BDBA1614BF5F}C:\program files\bearshare\bearshare.exe”= UDP:C:\program files\bearshare\bearshare.exe:BearShare|Desc=BearShare

“UDP Query User{9209BA29-E143-4377-8C0F-67FD9AC89D73}C:\program files\bearshare\bearshare.exe”= TCP:C:\program files\bearshare\bearshare.exe:BearShare|Desc=BearShare

“TCP Query User{5F4AF8C1-F47A-44F2-9998-38A623961BD7}C:\program files\bearshare\bearshare.exe”= UDP:C:\program files\bearshare\bearshare.exe:BearShare|Desc=BearShare

“UDP Query User{A250E5C8-5764-4578-886B-D55E826DDD57}C:\program files\bearshare\bearshare.exe”= TCP:C:\program files\bearshare\bearshare.exe:BearShare|Desc=BearShare

“TCP Query User{4B395D85-2BC4-41E5-BE1B-A9FC39228466}C:\program files\gadu-gadu\gg.exe”= UDP:C:\program files\gadu-gadu\gg.exe:Gadu-Gadu - program glowny|Desc=Gadu-Gadu - program glowny

“UDP Query User{44DD78B3-D3D4-4CBD-8A30-1C3A7B6E2377}C:\program files\gadu-gadu\gg.exe”= TCP:C:\program files\gadu-gadu\gg.exe:Gadu-Gadu - program glowny|Desc=Gadu-Gadu - program glowny

“TCP Query User{CDFA11D6-6AB4-4ADB-9FBC-F5761E4B486B}C:\program files\sopcast\adv\sopadver.exe”= UDP:C:\program files\sopcast\adv\sopadver.exe:SopCast Adver|Desc=SopCast Adver

“UDP Query User{DA4AE158-1BE3-4D02-BB52-EA700E0164E1}C:\program files\sopcast\adv\sopadver.exe”= TCP:C:\program files\sopcast\adv\sopadver.exe:SopCast Adver|Desc=SopCast Adver

“TCP Query User{3E589B6C-369D-4297-B3AD-909645EBA492}C:\program files\sopcast\sopcast.exe”= UDP:C:\program files\sopcast\sopcast.exe:SopCast Main Application|Desc=SopCast Main Application

“UDP Query User{0AD76FB7-5A53-43C9-85BE-464E28640854}C:\program files\sopcast\sopcast.exe”= TCP:C:\program files\sopcast\sopcast.exe:SopCast Main Application|Desc=SopCast Main Application

“{C27FB026-46F7-4FE6-9BCB-454073AD6F4C}”= UDP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent

“{E63D55DF-2E8E-4C94-9391-D1C7B0627596}”= TCP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent

[HKLM~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]

“DFSR-1”= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|

R2 QPCapSvc;QuickPlay Background Capture Service (QBCS);“C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe” [2007-09-30 19:34]

R2 QPSched;QuickPlay Task Scheduler (QTS);“C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe” [2007-09-30 19:34]

R2 XAudio;XAudio;C:\Windows\system32\DRIVERS\xaudio.sys [2007-07-10 15:27]

R3 athr;Atheros Extensible Wireless LAN device driver;C:\Windows\system32\DRIVERS\athr.sys [2007-05-30 15:40]

R3 HpqRemHid;HP Remote Control HID Device;C:\Windows\system32\DRIVERS\HpqRemHid.sys [2007-07-11 10:30]

R3 nvsmu;nvsmu;C:\Windows\system32\DRIVERS\nvsmu.sys [2007-02-16 22:50]

S3 BCM43XV;Broadcom Extensible 802.11 Network Adapter Driver;C:\Windows\system32\DRIVERS\bcmwl6.sys [2006-11-02 08:30]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2{8fcd8e6e-e49b-11dc-ac10-001e68052646}]

\shell\AutoRun\command - F:\u2.cmd

\shell\explore\Command - F:\u2.cmd

\shell\open\Command - F:\u2.cmd

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components{10880D85-AAD9-4558-ABDC-2AB1552D831F}]

“C:\Program Files\Common Files\LightScribe\LSRunOnce.exe”

.

Contents of the ‘Scheduled Tasks’ folder

“2008-02-27 12:40:00 C:\Windows\Tasks\User_Feed_Synchronization-{53E02083-4C75-4C26-B471-520B0BB1AE16}.job”

C:\Windows\system32\msfeedssync.exe

.

**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-02-27 13:41:35

Windows 6.0.6000 NTFS

scanning hidden processes …

scanning hidden autostart entries …

scanning hidden files …

scan completed successfully

hidden files: 0

**************************************************************************

.

------------------------ Other Running Processes ------------------------

.

C:\Windows\servicing\TrustedInstaller.exe

C:\Program Files\DigitalPersona\Bin\DpHostW.exe

C:\Program Files\Common Files\LightScribe\LSSrvc.exe

C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\Program Files\CyberLink\Shared Files\RichVideo.exe

C:\Windows\system32\DRIVERS\xaudio.exe

C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe

c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe

C:\Windows\system32\conime.exe

C:\Windows\System32\rundll32.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe

.

**************************************************************************

.

Completion time: 2008-02-27 13:43:11 - machine was rebooted [Tomek]

ComboFix-quarantined-files.txt 2008-02-27 12:43:08

.

2008-02-15 23:26:22 — E O F —

Gutek · 27 Luty 2008 21:56

Wklej do Notatnika:

File::

C:\u2.cmd


Registry::

[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2]

>>Plik>>Zapisz jako… >>> CFScript (najwygodniej będzie, jeśli zapiszesz w takiej lokalizacji, by ikonka CFScript.txt znalazła się obok ikonki ComboFix.exe )

Przeciągnij i upuść plik CFScript.txt na plik ComboFix.exe (czyli ikonkę CFScript.txt na ikonkę ComboFix.exe )

– podobnie jak na tym obrazku –>

(jeśli pojawi się pytanie " 1 or 2" - to wpisz 1 i naciśnij ENTER) Ma się rozpocząć usuwanie. (i powstanie log)

Po restarcie usuń ręcznie folder C: ** Qoobox**.

Po tym nowy log z Combo

Zmiana zasad wklejania logów na forum - viewtopic.php?f=16t=213350