Problem z usunięciem Vundo

Dla specjalistów Bezpieczeństwo
#1

Chyba zalapalem podobny syf co kolega. Czy moge prosic o pomoc?

Podaje loga

ComboFix 07-11-08.1 - Aga i Pat 2007-11-09 23:45:37.1 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.2.1250.1.1045.18.501 [GMT 1:00]

Running from: F:\Programy\czyszczenie śmieci\ComboFix.exe

* Created a new restore point

.

Unable to gain System Privileges

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

C:\Documents and Settings\Aga i Pat\Pulpit\Live Safety Center.lnk

C:\Documents and Settings\Aga i Pat\Pulpit\Online Security Guide.lnk

C:\Documents and Settings\Aga i Pat\Ulubione\Online Security Guide.lnk

C:\Documents and Settings\All Users\Menu Start\Live Safety Center.lnk

C:\Documents and Settings\All Users\Menu Start\Online Security Guide.lnk

C:\Program Files\Temporary

C:\Program Files\Temporary\wininstall.exe

C:\Program Files\WinAble

C:\Temp\1cb

C:\Temp\1cb\syscheck.log

C:\WINDOWS\b122.exe

C:\WINDOWS\cookies.ini

C:\WINDOWS\system32\busyzzho.dllbox

C:\WINDOWS\system32\cbeeg.bak1

C:\WINDOWS\system32\cbeeg.bak2

C:\WINDOWS\system32\cbeeg.ini

C:\WINDOWS\system32\Cfx32.lic

C:\WINDOWS\system32\cfx32.ocx

C:\WINDOWS\system32\drivers\fmtr.sys

C:\WINDOWS\system32\geebc.dll

C:\WINDOWS\system32\m2

C:\WINDOWS\system32\o1

C:\WINDOWS\system32\o1\wr31drs.exe

C:\WINDOWS\system32\pac.txt

C:\WINDOWS\system32\v4

C:\WINDOWS\system32\vllgysfh.dllbox

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

-------\LEGACY_DOMAINSERVICE

-------\DomainService

((((((((((((((((((((((((( Files Created from 2007-10-09 to 2007-11-09 )))))))))))))))))))))))))))))))

.

2007-11-09 23:45 51,200 --a------ C:\WINDOWS\NirCmd.exe

2007-11-09 22:33

2007-11-09 21:39 88,128 --a------ C:\WINDOWS\system32\usttyecc.dll

2007-11-09 21:36 77,888 --a------ C:\WINDOWS\system32\vikvltal.dll

2007-11-09 21:30 71,232 --a------ C:\WINDOWS\system32\vyryurpk.exe

2007-11-09 14:32 3,354 --a------ C:\WINDOWS\system32\tmp.reg

2007-11-08 21:33 80,448 --a------ C:\WINDOWS\system32\lwfumbau.dll

2007-11-08 21:31 145,984 --a------ C:\WINDOWS\system32\vllgysfh.dll

2007-11-08 21:31 71,232 --a------ C:\WINDOWS\system32\fuurqopc.exe

2007-11-08 21:30 145,984 --a------ C:\WINDOWS\system32\ybpksfav.dll

2007-11-07 18:23 71,232 --a------ C:\WINDOWS\system32\mfbibnru.exe

2007-11-07 16:51

2007-11-07 16:51

2007-11-07 09:37 86,080 --a------ C:\WINDOWS\system32\oxxkhuab.dll

2007-11-07 09:34 79,936 --a------ C:\WINDOWS\system32\curqxkoy.dll

2007-11-07 09:28 145,984 --a------ C:\WINDOWS\system32\faewhhmu.dll

2007-11-07 09:28 145,984 --a------ C:\WINDOWS\system32\busyzzho.dll

2007-11-06 09:17 87,104 --------- C:\WINDOWS\system32\tkfudmwf.dll

2007-11-06 09:14 81,472 --a------ C:\WINDOWS\system32\tfoqqypj.dll

2007-11-05 19:13 24,064 --a------ C:\WINDOWS\system32\msxml3a.dll

2007-11-05 19:01 35,840 --a------ C:\WINDOWS\mrofinu1000106.exe

2007-11-05 19:00 36,352 --a------ C:\WINDOWS\system32\yaywtqr.dll

2007-11-05 19:00 1,024 --a------ C:\WINDOWS\system32\pwdremover.dat

2007-11-05 18:58

2007-11-05 18:58

2007-11-05 18:58

2007-11-05 18:58 36,352 --a------ C:\WINDOWS\system32\cbxwtqp.dll

2007-11-05 18:58 35,840 --a------ C:\WINDOWS\mrofinu572.exe

2007-11-04 14:45

2007-11-04 14:45

2007-10-30 22:45

2007-10-30 22:45

2007-10-30 22:13

2007-10-20 20:28

2007-10-20 20:27

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2007-11-09 13:59 --------- d-----w C:\Program Files\FlashGet

2007-11-08 21:38 --------- d-----w C:\Program Files\Registry Clean Expert

2007-11-08 19:28 --------- d-----w C:\Program Files\NAPI-PROJEKT

2007-11-04 13:45 --------- d-----w C:\Program Files\Winamp

2007-10-08 08:59 --------- d-----w C:\Program Files\Gadu-Gadu

2007-10-06 21:05 --------- d-----w C:\Program Files\AutoCAD 2007

2007-09-30 19:42 --------- d-----w C:\Documents and Settings\Aga i Pat\Dane aplikacji\Autodesk

2007-09-30 19:39 --------- d-----w C:\Program Files\Common Files\Autodesk Shared

2007-09-30 19:39 --------- d-----w C:\Program Files\AnswerWorks 4.0

2007-09-30 19:37 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Autodesk

2007-09-30 19:35 --------- d-----w C:\Program Files\Autodesk

2007-09-28 17:46 3,532 ----a-w C:\drmHeader.bin

2007-09-27 20:54 249,298 ----a-w C:\WINDOWS\Alcohol_Toolbar_Uninstaller_2812.exe

2007-09-27 20:54 223,128 ----a-w C:\WINDOWS\system32\drivers\vaxscsi.sys

2007-09-27 20:54 --------- d-----w C:\Program Files\Alcohol Toolbar

2007-09-27 20:54 --------- d-----w C:\Program Files\Alcohol Soft

2007-09-26 21:09 --------- d-----w C:\Documents and Settings\Aga i Pat\Dane aplikacji\Cream Software

2007-09-26 15:43 --------- d-----w C:\Program Files\PDFCreator

2007-09-26 15:43 --------- d-----w C:\Documents and Settings\Aga i Pat\Dane aplikacji\PDFCreator

2007-09-10 21:04 --------- d-----w C:\Program Files\English Translator 3

2007-09-10 11:25 639,224 ----a-w C:\WINDOWS\system32\drivers\sptd.sys

2004-10-01 13:00 40,960 ----a-w C:\Program Files\Uninstall_CDS.exe

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE~\Browser Helper Objects{25CEE8EC-5730-41bc-8B58-22DDC8AB8C20}]

2007-10-04 21:06 1135968 --a------ C:\Program Files\Winamp Toolbar\winamptb.dll

[HKEY_LOCAL_MACHINE~\Browser Helper Objects{45FBE6A9-F332-4FC7-A92A-B745E9FE7B61}]

C:\Program Files\Windows NT\mevoxC:\WINDOWS\system32\v4\caws83122.exe.dll

[HKEY_LOCAL_MACHINE~\Browser Helper Objects{634BBAB7-3F60-4426-944F-A62B9007F67F}]

2007-11-05 18:58 36352 --a------ C:\WINDOWS\system32\cbxwtqp.dll

[HKEY_LOCAL_MACHINE~\Browser Helper Objects{A95B2816-1D7E-4561-A202-68C0DE02353A}]

2007-11-08 21:31 145984 --a------ C:\WINDOWS\system32\vllgysfh.dll

[HKEY_LOCAL_MACHINE~\Browser Helper Objects{d0834cce-8c32-4db5-bd17-5c4e0b77fe53}]

2007-11-09 21:36 77888 --a------ C:\WINDOWS\system32\vikvltal.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

“{EBF2BA02-9094-4c5a-858B-BB198F3D8DE2}”= C:\Program Files\Winamp Toolbar\winamptb.dll [2007-10-04 21:06 1135968]

“{11A69AE4-FBED-4832-A2BF-45AF82825583}”= C:\WINDOWS\system32\vllgysfh.dll [2007-11-08 21:31 145984]

[HKEY_CLASSES_ROOT\CLSID{EBF2BA02-9094-4c5a-858B-BB198F3D8DE2}]

[HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand.1]

[HKEY_CLASSES_ROOT\TypeLib{538CD77C-BFDD-49b0-9562-77419CAB89D1}]

[HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand]

[HKEY_CLASSES_ROOT\CLSID{11A69AE4-FBED-4832-A2BF-45AF82825583}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

“nForce Tray Options”=“sstray.exe” [2002-11-13 08:34 C:\WINDOWS\system32\sstray.exe]

“NeroFilterCheck”=“C:\WINDOWS\system32\NeroCheck.exe” [2001-07-09 09:50]

“SunJavaUpdateSched”=“C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe” [2007-07-12 03:00]

“NvCplDaemon”=“C:\WINDOWS\system32\NvCpl.dll” [2006-10-22 11:22]

“nwiz”=“nwiz.exe” [2006-10-22 11:22 C:\WINDOWS\system32\nwiz.exe]

“NvMediaCenter”=“NvMCTray.dll” [2006-10-22 11:22 C:\WINDOWS\system32\nvmctray.dll]

“AtiPTA”=“C:\WINDOWS\SYSTEM32\ATIPTAXX.EXE” [2006-02-22 01:05]

“avast!”=“C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe” [2007-09-06 11:06]

“HPDJ Taskbar Utility”=“C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe” [2001-10-15 13:30]

“604c2739”=“C:\WINDOWS\system32\usttyecc.dll” [2007-11-09 21:39]

“MSConfig”=“C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe” [2004-08-03 23:44]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

“PowerBar”="" []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]

“{634BBAB7-3F60-4426-944F-A62B9007F67F}”= C:\WINDOWS\system32\cbxwtqp.dll [2007-11-05 18:58 36352]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\cbxwtqp]

cbxwtqp.dll 2007-11-05 18:58 36352 C:\WINDOWS\system32\cbxwtqp.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\vllgysfh]

vllgysfh.dll 2007-11-08 21:31 145984 C:\WINDOWS\system32\vllgysfh.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

“Authentication Packages”= msv1_0 C:\WINDOWS\system32\geebc.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^Adobe Reader Speed Launch.lnk]

path=C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\Adobe Reader Speed Launch.lnk

backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^Microsoft Office.lnk]

path=C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\Microsoft Office.lnk

backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^Przyspieszenie uruchomienia programu AutoCAD.lnk]

path=C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\Przyspieszenie uruchomienia programu AutoCAD.lnk

backup=C:\WINDOWS\pss\Przyspieszenie uruchomienia programu AutoCAD.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Flashget]

C:\Program Files\FlashGet\flashget.exe /min

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]

“C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe”

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\runner1]

C:\WINDOWS\mrofinu1000106.exe 61A847B5BBF72813329B385772FF01F0B3E35B6638993F4661AA4EBD86D67C56389B284534F310

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]

“C:\Program Files\Common Files\Real\Update_OB\realsched.exe” -osboot

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinAble]

C:\Program Files\WinAble\winable.exe

.

**************************************************************************

catchme 0.3.1250 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2007-11-09 23:49:24

Windows 5.1.2600 Dodatek Service Pack 2 NTFS

scanning hidden processes …

scanning hidden autostart entries …

scanning hidden files …

scan completed successfully

hidden files: 0

**************************************************************************

.

Completion time: 2007-11-09 23:50:19 - machine was rebooted

.

— E O F —

#2

Wklej do Notatnika:

>>Plik>>Zapisz jako… >>> CFScript (najwygodniej będzie, jeśli zapiszesz w takiej lokalizacji, by ikonka CFScript.txt znalazła się obok ikonki ComboFix.exe )

Przeciągnij i upuść plik CFScript.txt na plik ComboFix.exe (czyli ikonkę CFScript.txt na ikonkę ComboFix.exe )

– podobnie jak na tym obrazku –>88953CFScript-createdbyMiekiemoes.gif

(jeśli pojawi się pytanie " 1 or 2" - to wpisz 1 i naciśnij ENTER) Ma się rozpocząć usuwanie. (i powstanie log)

Po restarcie usuń ręcznie folder C: ** Qoobox**.

Po tym nowy log z Combo

Uwaga: Jak wklejasz loga to obejmuj go znacznikiem (tagiem) CODE lub QUOTE

Nie podpinaj się pod cudzy temat wydzielam!

Pozdrawiam Gutek2222

#3

Wilekie dzieki! !!

Komputer chodzi jak ta lala. Z tym, ze podczas pierwszego wlaczenia po czyszczeniu zapytalo mnie o haslo. Restart i wlaczenie z ostatnio poprawnymi ustawieniami ponowny restart i muzyka gra. Wklejam ponizej log po czyszczeniu

#4

Wklej do Notatnika:

>>Plik>>Zapisz jako… >>> CFScript (najwygodniej będzie, jeśli zapiszesz w takiej lokalizacji, by ikonka CFScript.txt znalazła się obok ikonki ComboFix.exe )

Przeciągnij i upuść plik CFScript.txt na plik ComboFix.exe (czyli ikonkę CFScript.txt na ikonkę ComboFix.exe )

– podobnie jak na tym obrazku –>88953CFScript-createdbyMiekiemoes.gif

(jeśli pojawi się pytanie " 1 or 2" - to wpisz 1 i naciśnij ENTER) Ma się rozpocząć usuwanie. (i powstanie log)

Po restarcie usuń ręcznie folder C: ** Qoobox**.

Po tym nowy log z Combo oraz

Pobierz program SDFix

#5

Czy koniecznie muszę wykonywać powyższe operacje? Komputer juz chodzi sprawnie.

#6

Tak :slight_smile:

#7

Dobra zrobilem wszystko wedlug instrukcji. Ponizej zamieszczam logi z combo i SDFixa:

ComboFix 07-11-08.1 - Aga i Pat 2007-11-15 18:00:08.3 - NTFSx86 

Microsoft Windows XP Professional 5.1.2600.2.1250.1.1045.18.396 [GMT 1:00]

Running from: F:\Programy\czyszczenie śmieci\ComboFix.exe

Command switches used :: F:\Programy\czyszczenie śmieci\CFScript.txt

 * Created a new restore point


FILE

C:\WINDOWS\system32\ldewpldh.dll

C:\WINDOWS\system32\mfbibnru.exe

C:\WINDOWS\system32\ttvxibfc.exe

C:\WINDOWS\system32\wadawmak.dll

.


((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.


C:\WINDOWS\system32\ldewpldh.dll

C:\WINDOWS\system32\mfbibnru.exe

C:\WINDOWS\system32\ttvxibfc.exe

C:\WINDOWS\system32\wadawmak.dll


.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))


.

-------\LEGACY_DOMAINSERVICE

-------\DomainService



((((((((((((((((((((((((( Files Created from 2007-10-15 to 2007-11-15 )))))))))))))))))))))))))))))))

.


2007-11-12 23:44	




SDFix

[code] SDFix: Version 1.114 Run by Aga i Pat on 2007-11-15 at 18:22 Microsoft Windows XP [Wersja 5.1.2600] Running From: C:\SDFix Safe Mode: Checking Services: Restoring Windows Registry Values Restoring Windows Default Hosts File Rebooting… Normal Mode: Checking Files: Trojan Files Found: C:\WINDOWS\mrofinu572.exe.tmp - Deleted Removing Temp Files… ADS Check: C:\WINDOWS No streams found. C:\WINDOWS\system32 No streams found. C:\WINDOWS\system32\svchost.exe No streams found. C:\WINDOWS\system32\ntoskrnl.exe No streams found. Final Check: catchme 0.3.1262.1 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2007-11-15 18:25:57 Windows 5.1.2600 Dodatek Service Pack 2 NTFS scanning hidden processes … scanning hidden services & system hive … [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04] “p0”=“C:\Program Files\Alcohol Soft\Alcohol 52” “h0”=dword:00000001 “ujdew”=hex:09,2c,8e,6f,76,3d,78,7c,2c,3f,2b,ab,e3,4d,09,77,3f,0d,fe,98,10,… [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4] “h0”=dword:00000000 “khjeh”=hex:6e,dc,6e,97,24,07,16,b6,98,82,30,6e,00,24,34,3e,76,b9,81,0d,9a,… [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg] “s1”=dword:c23c09ad “s2”=dword:48f27a80 “h0”=dword:00000002 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04] “p0”=“C:\Program Files\Alcohol Soft\Alcohol 52” “h0”=dword:00000001 “ujdew”=hex:09,2c,8e,6f,76,3d,78,7c,2c,3f,2b,ab,e3,4d,09,77,3f,0d,fe,98,10,… [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4] “h0”=dword:00000000 “khjeh”=hex:6e,dc,6e,97,24,07,16,b6,98,82,30,6e,00,24,34,3e,76,b9,81,0d,9a,… [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces{6E4328F6-2F62-4333-90CE-14A9E40590D1}] “DhcpRetryStatus”=dword:00000002 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04] “p0”=“C:\Program Files\Alcohol Soft\Alcohol 52” “h0”=dword:00000001 “ujdew”=hex:09,2c,8e,6f,76,3d,78,7c,2c,3f,2b,ab,e3,4d,09,77,3f,0d,fe,98,10,… [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4] “h0”=dword:00000000 “khjeh”=hex:6e,dc,6e,97,24,07,16,b6,98,82,30,6e,00,24,34,3e,76,b9,81,0d,9a,… [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04] “p0”=“C:\Program Files\Alcohol Soft\Alcohol 52” “h0”=dword:00000001 “ujdew”=hex:09,2c,8e,6f,76,3d,78,7c,2c,3f,2b,ab,e3,4d,09,77,3f,0d,fe,98,10,… [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4] “h0”=dword:00000000 “khjeh”=hex:6e,dc,6e,97,24,07,16,b6,98,82,30,6e,00,24,34,3e,76,b9,81,0d,9a,… scanning hidden registry entries … [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\A\1\5\1c] “Order”=hex:08,00,00,00,02,00,00,00,b8,01,00,00,01,00,00,00,04,00,00,00,8c,… scanning hidden files … scan completed successfully hidden processes: 0 hidden services: 0 hidden files: 0 Remaining Services: ------------------ Authorized Application Key Export: [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] Remaining Files: --------------- File Backups: - C:\SDFix\backups\backups.zip Files with Hidden Attributes: Tue 3 Aug 2004 93,184 A.SH. — “C:\Program Files\Internet Explorer\iexplore.exe” Wed 13 Oct 2004 1,694,208 …H. — “C:\Program Files\Messenger\msmsgs.exe” Tue 3 Aug 2004 60,928 A.SH. — “C:\Program Files\Outlook Express\msimn.exe” Tue 3 Aug 2004 4,639 A.SH. — “C:\Program Files\Windows Media Player\mplayer2.exe” Tue 3 Aug 2004 73,728 A.SH. — “C:\Program Files\Windows Media Player\wmplayer.exe” Tue 15 Nov 2005 78,104 …SHR — “C:\Program Files\Autodesk\Autodesk DWF Viewer\Setup.exe” Tue 15 Nov 2005 12,912 A.SHR — “C:\Program Files\Autodesk\Autodesk DWF Viewer_Setupx.dll” Thu 15 Nov 2007 0 A…H. — “C:\WINDOWS\SoftwareDistribution\Download\1738c621b33e51e95e7a1d6339d42049\BIT2.tmp” Fri 2 Nov 2007 3,125,288 A…H. — “C:\WINDOWS\SoftwareDistribution\Download\ce6ce445a88a6f40117b1bf83ba65bc4\BIT11D.tmp” Wed 7 Nov 2007 980,992 …H. — “C:\Documents and Settings\Aga i Pat\Dane aplikacji\Microsoft\Word~WRL0003.tmp” Mon 27 Aug 2007 49,152 …H. — “C:\Documents and Settings\Aga i Pat\Dane aplikacji\Microsoft\Word~WRL0135.tmp” Mon 27 Aug 2007 46,592 …H. — “C:\Documents and Settings\Aga i Pat\Dane aplikacji\Microsoft\Word~WRL0930.tmp” Mon 27 Aug 2007 46,592 …H. — “C:\Documents and Settings\Aga i Pat\Dane aplikacji\Microsoft\Word~WRL1072.tmp” Mon 27 Aug 2007 47,104 …H. — “C:\Documents and Settings\Aga i Pat\Dane aplikacji\Microsoft\Word~WRL1711.tmp” Finished!

#8

Wklej do Notatnika:

>>Plik>>Zapisz jako… >>> CFScript (najwygodniej będzie, jeśli zapiszesz w takiej lokalizacji, by ikonka CFScript.txt znalazła się obok ikonki ComboFix.exe )

Przeciągnij i upuść plik CFScript.txt na plik ComboFix.exe (czyli ikonkę CFScript.txt na ikonkę ComboFix.exe )

– podobnie jak na tym obrazku –>88953CFScript-createdbyMiekiemoes.gif

(jeśli pojawi się pytanie " 1 or 2" - to wpisz 1 i naciśnij ENTER) Ma się rozpocząć usuwanie. (i powstanie log)

Po restarcie usuń ręcznie folder C: ** Qoobox**.

Po tym nowy log z Combo