dilbert
14 Listopad 2007 19:41
#1
MAM PEŁNO OPROGRAMOWANIA SZPIEGOWSKIEGO< PRZYNAJMNIEJ TAK CZUJE. KOMP MI SIĘ ZWOLNIŁ. KIEDYŚ MIAŁEM TO SAMO PO SPRAWDZENIU LOGÓW BYŁO WSZYSTKO OK. MYŚLE ŻE TERAZ TEŻ POMOŻECIE
Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 20:36:50, on 2007-11-14 Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\ZoneLabs\vsmon.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\system32\svchost.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe C:\WINDOWS\system32\mmrtkrnl.exe C:\Program Files\Winamp\winampa.exe C:\Program Files\HP\HP Software Update\HPWuSchd2.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe D:\Gadu-Gadu\gg.exe C:\Program Files\Winamp\winamp.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.neostrada.pl R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: Winamp Toolbar BHO - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll O4 - HKLM…\Run: [ATICCC] “C:\Program Files\ATI Technologies\ATI.ACE\cli.exe” runtime -Delay O4 - HKLM…\Run: [Zone Labs Client] “C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe” O4 - HKLM…\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM…\Run: [GrooveMonitor] “C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe” O4 - HKLM…\Run: [Realtime Audio Engine] “mmrtkrnl.exe” /i O4 - HKLM…\Run: [WinampAgent] “C:\Program Files\Winamp\winampa.exe” O4 - HKLM…\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe O4 - HKCU…\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKUS\S-1-5-19…\RunOnce: [nlsf] cmd.exe /C move /Y “%SystemRoot%\System32\syssetub.dll” “%SystemRoot%\System32\syssetup.dll” (User ‘USŁUGA LOKALNA’) O4 - HKUS\S-1-5-19…\RunOnce: [nlhr] RunDll32.exe %SystemRoot%\System32\AdvPack.Dll,LaunchINFSection %SystemRoot%\inf\nlite.inf,C (User ‘USŁUGA LOKALNA’) O4 - HKUS\S-1-5-19…\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User ‘USŁUGA LOKALNA’) O4 - HKUS\S-1-5-20…\RunOnce: [nlsf] cmd.exe /C move /Y “%SystemRoot%\System32\syssetub.dll” “%SystemRoot%\System32\syssetup.dll” (User ‘USŁUGA SIECIOWA’) O4 - HKUS\S-1-5-18…\RunOnce: [nlsf] cmd.exe /C move /Y “%SystemRoot%\System32\syssetub.dll” “%SystemRoot%\System32\syssetup.dll” (User ‘SYSTEM’) O4 - HKUS.DEFAULT…\RunOnce: [nlsf] cmd.exe /C move /Y “%SystemRoot%\System32\syssetub.dll” “%SystemRoot%\System32\syssetup.dll” (User ‘Default user’) O4 - Startup: Internet ADSL.lnk = ? O4 - Startup: Tworzenie wycinków ekranu i uruchamianie programu OneNote 2007.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe O8 - Extra context menu item: &Winamp Toolbar Search - C:\Documents and Settings\All Users\Dane aplikacji\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html O8 - Extra context menu item: E&ksportuj do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: Wyślij do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra ‘Tools’ menuitem: Wyślij &do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\WINDOWS\system32\shdocvw.dll O9 - Extra ‘Tools’ menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\WINDOWS\system32\shdocvw.dll O10 - Broken Internet access because of LSP provider ‘c:\program files\bonjour\mdnsnsp.dll’ missing O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/ms … b31267.cab O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/Mi … b31267.cab O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/ES-ES/a-U … E_UNO1.cab O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me … b31267.cab O16 - DPF: {9122D757-5A4F-4768-82C5-B4171D8556A7} (PhotoPickConvert Class) - http://appdirectory.messenger.msn.com/A … tPkMSN.cab O17 - HKLM\System\CCS\Services\Tcpip…{7F638560-AF59-4758-B7EC-1622AC4F9D9F}: NameServer = 194.204.159.1 217.98.63.164 O17 - HKLM\System\CCS\Services\Tcpip…{FFA3DD19-5693-49AF-A486-1324EFBD2F81}: NameServer = 192.168.0.7 O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe O23 - Service: ##Id_String1 .6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Unknown owner - C:\Program Files\Bonjour\mDNSResponder.exe (file missing) O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe – End of file - 7780 bytes
COMBO FIX:
ComboFix 07-11-08.1 - xxxx 2007-11-14 21:19:55.4 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1250.1.1045.18.185 [GMT 1:00] Running from: C:\Documents and Settings\xxxx\Pulpit\ComboFix.exe * Created a new restore point . ADS - system32: deleted 12 bytes in 1 streams. ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\Documents and Settings\xxxx\Pulpit\internet.lnk . ((((((((((((((((((((((((( Files Created from 2007-10-14 to 2007-11-14 ))))))))))))))))))))))))))))))) . 2007-11-13 20:43 2007-11-13 20:42 2007-11-09 18:52 2007-11-04 10:31 2007-11-04 10:05 119,770 --a------ C:\WINDOWS\hpoins11.dat 2007-11-01 14:37 2007-11-01 14:37 2007-11-01 14:35 2007-10-30 16:26 2007-10-30 16:20 685,816 --a------ C:\WINDOWS\system32\drivers\sptd.sys 2007-10-28 19:24 78,085 --a------ C:\WINDOWS\system32\pattern.dat 2007-10-28 19:23 307,200 --a------ C:\WINDOWS\system32\drumpad.dll 2007-10-28 19:23 280,576 --a------ C:\WINDOWS\system32\pxd_kom.dll 2007-10-27 09:58 2007-10-27 09:58 307,200 --a------ C:\WINDOWS\vidcap32.Exe 2007-10-27 09:58 114,688 --a------ C:\WINDOWS\VM305Cap.exe 2007-10-27 09:58 81,920 --a------ C:\WINDOWS\system32\VM305Sti.dll 2007-10-27 09:57 2007-10-27 09:57 2007-10-27 09:57 392,316 --a------ C:\WINDOWS\system32\drivers\usbVM305.sys 2007-10-27 09:57 61,440 --a------ C:\WINDOWS\VM305_STI.exe 2007-10-27 09:57 53,248 --a------ C:\WINDOWS\Sti305.exe 2007-10-27 09:57 49,152 --a------ C:\WINDOWS\amcap.exe 2007-10-25 20:09 2007-10-20 09:38 88,560 -ra------ C:\WINDOWS\system32\drivers\w200mgmt.sys 2007-10-20 09:36 86,368 -ra------ C:\WINDOWS\system32\drivers\w200obex.sys 2007-10-20 09:34 97,056 -ra------ C:\WINDOWS\system32\drivers\w200mdm.sys 2007-10-20 09:34 61,504 -ra------ C:\WINDOWS\system32\drivers\w200bus.sys 2007-10-20 09:34 9,328 -ra------ C:\WINDOWS\system32\drivers\w200mdfl.sys 2007-10-20 09:34 6,208 -ra------ C:\WINDOWS\system32\drivers\w200cmnt.sys 2007-10-20 09:34 6,208 -ra------ C:\WINDOWS\system32\drivers\w200cm.sys 2007-10-20 09:34 5,840 -ra------ C:\WINDOWS\system32\drivers\w200whnt.sys 2007-10-20 09:34 5,840 -ra------ C:\WINDOWS\system32\drivers\w200wh.sys 2007-10-20 08:47 2007-10-20 08:47 2007-10-20 08:42 2007-10-20 08:42 2007-10-14 19:41 2007-10-14 19:40 2007-10-14 14:51 2007-10-14 12:37 2,463,976 --a------ C:\WINDOWS\system32\NPSWF32.dll 2007-10-14 12:37 190,696 --a------ C:\WINDOWS\system32\NPSWF32_FlashUtil.exe . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2007-11-14 19:09 --------- d-----w C:\Documents and Settings\xxxx\Dane aplikacji\Audacity 2007-11-14 15:22 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Microsoft Help 2007-11-14 14:17 --------- d-----w C:\Program Files\Native Instruments 2007-11-13 20:11 --------- d-----w C:\Documents and Settings\xxxx\Dane aplikacji\uTorrent 2007-11-13 19:40 --------- d-----w C:\Documents and Settings\xxxx\Dane aplikacji\Skype 2007-11-10 10:20 --------- d-----w C:\Documents and Settings\xxxx\Dane aplikacji\Image Zone Express 2007-11-09 15:42 --------- d–h--w C:\Program Files\InstallShield Installation Information 2007-11-09 15:42 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Ulead Systems 2007-11-04 09:32 --------- d-----w C:\Program Files\HP 2007-11-04 09:30 --------- d-----w C:\Program Files\Hewlett-Packard 2007-10-30 15:41 --------- d-----w C:\Program Files\Microsoft Works 2007-10-20 08:10 --------- d-----w C:\Program Files\SHOUTcast 2007-10-14 13:51 --------- d-----w C:\Program Files\Common Files\Adobe 2007-10-02 15:01 --------- d-----w C:\Program Files\MSBuild 2007-10-02 14:59 --------- d-----w C:\Program Files\Microsoft.NET 2007-09-29 12:38 --------- d-----w C:\Documents and Settings\xxxx\Dane aplikacji\Cream Software 2007-09-29 12:27 --------- d-----w C:\Documents and Settings\xxxx\Dane aplikacji\Ulead Systems 2007-09-29 12:25 --------- d-----w C:\Documents and Settings\xxxx\Dane aplikacji\Nvu 2007-09-06 10:09 801,144 ----a-w C:\WINDOWS\system32\aswBoot.exe 2007-09-06 10:00 95,608 ----a-w C:\WINDOWS\system32\AVASTSS.scr 2007-08-21 06:26 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll 2007-08-14 07:06 79,186 ----a-w C:\WINDOWS\system32\adssite-remove.exe 2001-11-23 04:08 712,704 -c–a-r C:\WINDOWS\inf\OTHER\AUDIO3D.DLL 2000-01-13 07:58 59,510 ------w C:\Program Files\setup.ins . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE~\Browser Helper Objects{25CEE8EC-5730-41bc-8B58-22DDC8AB8C20}] 2007-10-04 21:06 1135968 --a------ C:\Program Files\Winamp Toolbar\winamptb.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] “{EBF2BA02-9094-4c5a-858B-BB198F3D8DE2}”= C:\Program Files\Winamp Toolbar\winamptb.dll [2007-10-04 21:06 1135968] [HKEY_CLASSES_ROOT\CLSID{EBF2BA02-9094-4c5a-858B-BB198F3D8DE2}] [HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand.1] [HKEY_CLASSES_ROOT\TypeLib{538CD77C-BFDD-49b0-9562-77419CAB89D1}] [HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand] [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser] “{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}”= C:\Program Files\Winamp Toolbar\winamptb.dll [2007-10-04 21:06 1135968] [HKEY_CLASSES_ROOT\CLSID{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}] [HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand.1] [HKEY_CLASSES_ROOT\TypeLib{538CD77C-BFDD-49b0-9562-77419CAB89D1}] [HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] “ATICCC”=“C:\Program Files\ATI Technologies\ATI.ACE\cli.exe” [2006-01-02 16:41] “Zone Labs Client”=“C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe” [2006-08-23 23:38] “avast!”=“C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe” [2007-09-06 11:06] “GrooveMonitor”=“C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe” [2006-10-26 23:47] “Realtime Audio Engine”=“mmrtkrnl.exe” [2007-07-18 14:52 C:\WINDOWS\system32\mmrtkrnl.exe] “WinampAgent”=“C:\Program Files\Winamp\winampa.exe” [2007-10-10 06:28] “HP Software Update”=“C:\Program Files\HP\HP Software Update\HPWuSchd2.exe” [2006-02-19 02:41] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] “ctfmon.exe”=“C:\WINDOWS\system32\ctfmon.exe” [2004-08-03 23:44] [HKEY_USERS.default\software\microsoft\windows\currentversion\runonce] “nlsf”=cmd.exe /C move /Y “%SystemRoot%\System32\syssetub.dll” “%SystemRoot%\System32\syssetup.dll” “nlhr”=RunDll32.exe %SystemRoot%\System32\AdvPack.Dll,LaunchINFSection %SystemRoot%\inf\nlite.inf,C “tscuninstall”=%systemroot%\system32\tscupgrd.exe C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\ Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-24 06:05:26] DSLMON.lnk - C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe [2007-08-12 09:16:02] HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2006-02-19 04:21:22] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer] “NoShellSearchButton”=0 (0x0) [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] “NoUserNameInStartMenu”=0 (0x0) “NoTrayContextMenu”=0 (0x0) R0 viamraid;viamraid;C:\WINDOWS\system32\DRIVERS\viamraid.sys R1 papycpu;papycpu;C:\WINDOWS\system32\drivers\papycpu.sys R1 UserPort;UserPort;C:\WINDOWS\system32\Drivers\UserPort.sys R2 Vcs;Vcs support;??\C:\WINDOWS\system32\Drivers\Vcs.sys R3 e4usbaw;USB ADSL2 WAN Adapter;C:\WINDOWS\system32\DRIVERS\e4usbaw.sys S2 IKANLOADER2;General Purpose USB Driver (e4ldr.sys);C:\WINDOWS\system32\Drivers\e4ldr.sys S3 AvFlt;Antivirus Filter Driver;C:\WINDOWS\system32\drivers\av5flt.sys S3 CV2K1;CommView Network Monitor;C:\WINDOWS\system32\DRIVERS\cv2k1.sys S3 GVCplDrv;GVCplDrv;C:\WINDOWS\system32\drivers\GVCplDrv.sys S3 KS-959;Kingsun KS-959 USB Infrared Adapter;C:\WINDOWS\system32\DRIVERS\KS-959.sys S3 w200bus;Sony Ericsson W200 driver (WDM);C:\WINDOWS\system32\DRIVERS\w200bus.sys S3 w200mdfl;Sony Ericsson W200 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\w200mdfl.sys S3 w200mdm;Sony Ericsson W200 USB WMC Modem Driver;C:\WINDOWS\system32\DRIVERS\w200mdm.sys S3 w200mgmt;Sony Ericsson W200 USB WMC Device Management Drivers (WDM);C:\WINDOWS\system32\DRIVERS\w200mgmt.sys S3 w200obex;Sony Ericsson W200 USB WMC OBEX Interface;C:\WINDOWS\system32\DRIVERS\w200obex.sys . Contents of the ‘Scheduled Tasks’ folder “2007-10-30 13:55:00 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job” . ************************************************************************** catchme 0.3.1250 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2007-11-14 21:22:38 Windows 5.1.2600 Dodatek Service Pack 2 NTFS scanning hidden processes … scanning hidden autostart entries … scanning hidden files … scan completed successfully hidden files: 0 ************************************************************************** . Completion time: 2007-11-14 21:23:32 . — E O F —
Gutek
14 Listopad 2007 19:50
#2
Zastosuj się do tego Tematu
Pozdrawiam Gutek2222
Daj log z ComboFix
Gutek
14 Listopad 2007 21:02
#4
Wklej do Notatnika:
>>Plik>>Zapisz jako… >>> CFScript (najwygodniej będzie, jeśli zapiszesz w takiej lokalizacji, by ikonka CFScript.txt znalazła się obok ikonki ComboFix.exe )
Przeciągnij i upuść plik CFScript.txt na plik ComboFix.exe (czyli ikonkę CFScript.txt na ikonkę ComboFix.exe )
– podobnie jak na tym obrazku –>
(jeśli pojawi się pytanie " 1 or 2 " - to wpisz 1 i naciśnij ENTER) Ma się rozpocząć usuwanie. (i powstanie log)
Po restarcie usuń ręcznie folder C: * * Qoobox**.
Po tym nowy log z Combo
