Usuwanie wirusów

Usuwanie Trojana Vundo / Virtumonde

Trojan Vundo jest jednym z trudniejszych przypadków do usuwania.Charakteryzuje się pojawieniem dużej ilości pop-upów , które z regóły reklamują programy "czyszczące" są to oczywiście dobrze znane "fałszywe" programy takie jak WinFixer 2005/WinFixer 2006/WinAntiVirus Pro 2006/SystemDoctor2006Free i tp...System Wasz staje się bardzo niestabilny i pojawiają się problemy.
 

Tu macie  przykłady "fałszywek"

W logu z hijacka zobaczyć można charakterystyczne wpisy (02 i 020 ,choć nie musi wcale być takiego układu):

O2 - BHO: ADOUsefulNet Object - {7CB093AC-11DF-46D5-9343-CE4BD90C159C} - C:\WINDOWS\system32\iifcc.dll
O20 - Winlogon Notify: iifcc - C:\WINDOWS\system32\iifcc.dll
O2 - BHO: ADOUsefulNet Object - {80611854-49D7-47B4-9E5B-D8E56D77C6AB} - C:\WINDOWS\System32\geebc.dll
O20 - Winlogon Notify: geebc - C:\WINDOWS\System32\geebc.dll
O2 - BHO: ATLDistrib Object - {3FE36807-69ED-45D1-B9BE-85C0E3F75B6A} - C:\WINDOWS\system32\urqpo.dll
O20 - Winlogon Notify: urqpo - C:\WINDOWS\system32\urqpo.dll
O2 - BHO: ATLDistrib Object - {83A5F7B7-DC75-44CE-9195-264F41709FA9} – C:\WINDOWS\System32\awtsr.dll
O20 - Winlogon Notify: awtsr – C:\WINDOWS\System32\awtsr.dll
O2 - BHO: DosSpecFolder Object - {1AE6D7D5-0C28-4DB6-9FD1-33B870A4C5F2} - C:\WINDOWS\system32\mllmm.dll
O20 - Winlogon Notify: mllmm - C:\WINDOWS\system32\mllmm.dll
O2 - BHO: DosSpecFolder Object - {3E1BEA96-02D9-4992-B508-9B51819D9D86} - C:\WINDOWS\System32\hgggg.dll
O20 - Winlogon Notify: hgggg - C:\WINDOWS\System32\hgggg.dll
O2 - BHO: DPCUpdater Object - {E291663A-2D6F-4B56-B9DF-AE239AEF6A5B} - C:\WINDOWS\system32\vtutr.dll
O20 - Winlogon Notify: vtutr - C:\WINDOWS\system32\vtutr.dll
O2 - BHO: DPCUpdater Object - {E291663A-2D6F-4B56-B9DF-AE239AEF6A5B} - C:\WINDOWS\system32\wvwtu.dll
O20 - Winlogon Notify: wvwtu - C:\WINDOWS\system32\wvwtu.dll
O2 - BHO: InfoDocReader Object - {295BA105-3506-4D25-B0DD-54346320BDC5} - C:\WINDOWS\system32\vturr.dll
O20 - Winlogon Notify: vturr - C:\WINDOWS\system32\vturr.dll
O2 - BHO: InfoDocReader Object - {A5B00A5B-073E-4246-AFF0-CCAE0D5BF6D1} - C:\WINDOWS\system32\opnml.dll
O20 - Winlogon Notify: opnml - C:\WINDOWS\system32\opnml.dll
O2 - BHO: MFCOptimizeClass Object - {C25FA7CE-23EA-4271-A66D-06C4D5C22F78} - C:\WINDOWS\System32\ssqpm.dll
O20 - Winlogon Notify: ssqpm - C:\WINDOWS\System32\ssqpm.dll
O2 - BHO: MFCOptimizeClass Object - {A6CEA0E7-6B4D-4CD9-9932-D85705CBC1A9} - C:\WINDOWS\System32\jkhhf.dll
O20 - Winlogon Notify: jkhhf - C:\WINDOWS\System32\jkhhf.dll
O2 - BHO: MSEvents Object - {CE70731D-F28D-4D81-9D61-C8EE60378401} - C:\WINDOWS\System32\qopmj.dll
O20 - Winlogon Notify: qopmj - C:\WINDOWS\System32\qopmj.dll
O2 - BHO: MSEvents Object - {79A576C4-B7A9-47EC-B57C-2CE5CA6ECC6A} - C:\WINDOWS\System32\ssttr.dll
O20 - Winlogon Notify: ssttr - C:\WINDOWS\SYSTEM32\ssttr.dll
O2 - BHO: RawExecAction Object - {18898424-E3AB-4BA9-8E8D-5434B1CECA75} - C:\WINDOWS\system32\wvuur.dll
O20 - Winlogon Notify: wvuur – C:\WINDOWS\system32\wvuur.dll
O2 - BHO: RawExecAction Object - {18898424-E3AB-4BA9-8E8D-5434B1CECA75} - C:\WINDOWS\system32\ddabb.dll
O20 - Winlogon Notify: ddabb - C:\WINDOWS\system32\ddabb.dll
O2 - BHO: WTLHelper Object - {75DC57F8-D831-4AB8-86B7-4F826F4A0873} - C:\WINDOWS\system32\awtqp.dll
O20 - Winlogon Notify: awtqp - C:\WINDOWS\system32\awtqp.dll
O2 - BHO: WTLHelper Object - {BD6CD737-34E1-4864-8697-83EC081F1989} - C:\WINDOWS\system32\vtsqp.dll
O20 - Winlogon Notify: vtsqp - C:\WINDOWS\system32\vtsqp.dll
O2 - BHO: CIEPl Object - {F85E86D8-F796-4C97-AAA2-26664A98A42C} - C:\WINDOWS\system32\fdconfig.dll
O20 - Winlogon Notify: fdconfig - C:\WINDOWS\SYSTEM32\fdconfig.dll
O2 - BHO: CIEPl Object - {F85E86D8-F796-4C97-AAA2-26664A98A42C} - C:\WINDOWS\system32\setdrv32.dll
O20 - Winlogon Notify: setdrv32 - setdrv32.dll
O2 - BHO: (no name) - {6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C} - C:\WINDOWS\System32\awtttus.dll
O20 - Winlogon Notify: awtttus - C:\WINDOWS\SYSTEM32\awtttus.dll
O2 - BHO: (no name) - {6D794CB4-C7CD-4C6F-BFDC-9B77AFBDC02C} - C:\WINDOWS\System32\jkkhfdb.dll
O20 - Winlogon Notify: jkkhfdb - C:\WINDOWS\SYSTEM32\jkkhfdb.dll
O2 - BHO: (no name) - {A95B2816-1D7E-4561-A202-68C0DE02353A} - C:\WINDOWS\system32\gscmhxhu.dll
O3 - Toolbar: Security Toolbar - {11A69AE4-FBED-4832-A2BF-45AF82825583} - C:\WINDOWS\system32\gscmhxhu.dll
O20 - Winlogon Notify: gscmhxhu - C:\WINDOWS\SYSTEM32\gscmhxhu.dll

O2 - BHO: (no name) - {A95B2816-1D7E-4561-A202-68C0DE02353A} - C:\WINDOWS\system32\ysegjvui.dll
O3 - Toolbar: Security Toolbar - {11A69AE4-FBED-4832-A2BF-45AF82825583} - C:\WINDOWS\system32\ysegjvui.dll
O20 - Winlogon Notify: ysegjvui - C:\WINDOWS\SYSTEM32\ysegjvui.dll


Jak widzicie są pewne charakterystyczne cechy, układ i grupy nazewnictwa (zaznaczyłem je tu pogrubioną czcionką)

W logu silenta możecie zobaczyć coś takiego:

HKLM\Software\Microsoft\Windows\CurrentVersion\Run\ {++}
"SearchIndexer" = "rundll32.exe "C:\WINDOWS\system32\gonicwkq.dll",sitypnow" [MS]

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
{57FE162B-4900-4BC4-8F4D-3B58BCAE759F}\(Default) = (no title provided)
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\WINDOWS\system32\nnlih.dll" [null data]

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\
INFECTION WARNING! nnlih\DLLName = "C:\WINDOWS\system32\nnlih.dll" [null data]

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
{C47A9554-195A-4769-9B13-04F15B450A39}\(Default) = (no title provided)
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\WINDOWS\system32\tuvtusq.dll" [null data].

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\
<<!>> "{C47A9554-195A-4769-9B13-04F15B450A39}" = "*_" (unwritable string)
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\WINDOWS\system32\tuvtusq.dll" [null data]

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\
<<!>> tuvtusq\DLLName = "tuvtusq.dll" [null data]


W logu z combofixa możecie zobaczyć:


ComboFix 06.11.27 - Running from: "C:\Documents and Settings\Tommy\Desktop"
Command switches used :: /v mllmm urqolmm byhleltx wwtaqiwc jrifrlhc awtronn nnnollm etuntire ofytyklg mobgdcms

(((((((((((((((((((((((((((((((((((((((((((((((( Vundo Log )))))))))))))))))))))))))))))))))))))))))))))))))))))


C:\WINDOWS\system32\mllmm.dll
C:\WINDOWS\system32\urqolmm.dll
C:\WINDOWS\system32\byhleltx.dll
C:\WINDOWS\system32\wwtaqiwc.dll
C:\WINDOWS\system32\jrifrlhc.dll
C:\WINDOWS\system32\awtronn.dll
C:\WINDOWS\system32\nnnollm.dll
C:\WINDOWS\system32\etuntire.dll
C:\WINDOWS\system32\ofytyklg.dll
C:\WINDOWS\system32\mobgdcms.dll
C:\WINDOWS\system32\mmllm.bak1
C:\WINDOWS\system32\mmllm.ini
C:\WINDOWS\system32\eritnute.ini


* * * POST RUN FILES/FOLDERS * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *


Uwaga !!!
Ostatnio bardzo charakterystycznym znakiem infekcji Vundo jest wpis w hijacku  04 :

O4 - HKLM\..\Run: [2chkdsk]rundll32.exe "C:\WINDOWS\System32\ietbqscc.dll",setvm
O4 - HKLM\..\Run: [2chkdsk] rundll32.exe "C:\WINDOWS\system32\ujfflqjo.dll",setvm
O4 - HKLM\..\Run: [2chkdsk] rundll32.exe "C:\WINDOWS\system32\mxcnncfg.dll",setvm
O4 - HKLM\..\Run: [2chkdsk] rundll32.exe "C:\WINDOWS\system32\himuvhrs.dll",setvm
O4 - HKLM\..\Run: [2chkdsk] rundll32.exe "C:\WINNT\system32\mwvjnrxc.dll",setvm
O4 - HKLM\..\Run: [2chkdsk] "rundll32.exe" "C:\WINDOWS\system32\xvjycjti.dll",setvm
O4 - HKLM\..\Run: [2chkdsk] rundll32.exe "C:\WINDOWS\system32\oumpkpqk.dll",setvm
O4 - HKLM\..\Run: [2chkdsk] rundll32.exe "C:\WINDOWS\system32\ipnwatyq.dll",setvm
O4 - HKLM\..\Run: [2chkdsk] rundll32.exe "C:\WINDOWS\system32\cfjkevls.dll",setvm
O4 - HKLM\..\Run: [2chkdsk] rundll32.exe "C:\WINDOWS\system32\dnjrmkci.dll",setvm

Stała jest pozycja [2chkdsk] , natomiast pliki mają losowe 8 literowe nazwy.

Ostatnio pojawił się następny bardzo charakterystyczny wpis towarzyszący infekcji Vundo :

O4 - HKLM\..\Run: [SoundService] rundll32.exe "C:\WINDOWS\system32\pqtwxwbk.dll",setvm
O4 - HKLM\..\Run: [SoundService] rundll32.exe "C:\C\efccda.dll",setvm
O4 - HKLM\..\Run: [SoundService] rundll32.exe "C:\WINDOWS\byvuro.dll",setvm
O4 - HKLM\..\Run: [SoundService] rundll32.exe "C:\WINDOWS\system32\wafklmlv.dll",setvm
O4 - HKLM\..\Run: [SoundService] rundll32.exe "C:\WINNT\system32\akwmkxpj.dll",setvm
O4 - HKLM\..\Run: [SoundService] rundll32.exe "C:\WINDOWS\vtustq.dll",setvm
O4 - HKLM\..\Run: [SoundService] rundll32.exe "C:\WINDOWS\system32\pbrrpqqj.dll",setvm
O4 - HKLM\..\Run: [SoundService] rundll32.exe "C:\Windows\system32\memshoct.dll",setvm
O4 - HKLM\..\Run: [SoundService] rundll32.exe "C:\WINNT\geddba.dll",setvm
O4 - HKLM\..\Run: [SoundService] rundll32.exe "C:\WINDOWS\system32\ppjmlixu.dll",setvm

O4 - HKLM\..\Run: [PrintDrive] rundll32.exe "C:\WINDOWS\system32\ahdbmhjd.dll",setvm
O4 - HKLM\..\Run: [PrintDrive] rundll32.exe "C:\WINDOWS\system32\lnnoxhim.dll",setvm
O4 - HKLM\..\Run: [PrintDrive] rundll32.exe "C:\WINDOWS\System32\bvxdurlh.dll",setvm
O4 - HKLM\..\Run: [PrintDrive] rundll32.exe "C:\WINDOWS\system32\usrvrhgc.dll",setvm
O4 - HKLM\..\Run: [PrintDrive] rundll32.exe "C:\WINDOWS\system32\crvmjlym.dll",setvm
O4 - HKLM\..\Run: [PrintDrive] rundll32.exe "C:\WINDOWS\system32\vlljqgdk.dll",setvm
O4 - HKLM\..\Run: [PrintDrive] rundll32.exe "C:\WINDOWS\system32\xtbwjueb.dll",setvm
O4 - HKLM\..\Run: [PrintDrive] rundll32.exe "C:\WINDOWS\system32\urvfqsfp.dll",setvm
O4 - HKLM\..\Run: [PrintDrive] rundll32.exe "c:\windows\system32\ojqdpnph.dll",setvm
O4 - HKLM\..\Run: [PrintDrive] rundll32.exe "C:\WINDOWS\system32\oshoplmx.dll",setvm

O4 - HKLM\..\Run: [DllRunning] rundll32.exe "C:\WINDOWS\System32\bnpeftxm.dll",setvm
O4 - HKLM\..\Run: [DllRunning] rundll32.exe "C:\WINDOWS\system32\tsbonwhl.dll",setvm
O4 - HKLM\..\Run: [DllRunning] rundll32.exe "C:\WINDOWS\system32\nwplivvv.dll",setvm
O4 - HKLM\..\Run: [DllRunning] rundll32.exe "C:\WINDOWS\System32\evdgtngf.dll",setvm
O4 - HKLM\..\Run: [DllRunning] rundll32.exe "C:\WINDOWS\System32\nsqbjnvf.dll",setvm
O4 - HKLM\..\Run: [DllRunning] rundll32.exe "C:\WINDOWS\system32\apmrkfvy.dll",setvm
O4 - HKLM\..\Run: [DllRunning] rundll32.exe "C:\WINDOWS\system32\tpgtrypr.dll",setvm
O4 - HKLM\..\Run: [DllRunning] rundll32.exe "C:\WINDOWS\system32\sjcwhqfk.dll",setvm
O4 - HKLM\..\Run: [DllRunning] rundll32.exe "C:\WINDOWS\system32\wsfpxvfs.dll",setvm
O4 - HKLM\..\Run: [DllRunning] rundll32.exe "C:\WINDOWS\system32\jplgodea.dll",setvm

O4 - HKLM\..\Run: [BootService] rundll32.exe "C:\WINDOWS\jkjgda.dll",realset
O4 - HKLM\..\Run: [BootService] rundll32.exe "C:\WINDOWS\jkhihi.dll",realset
O4 - HKLM\..\Run: [BootService] rundll32.exe "C:\WINDOWS\mlkllj.dll",realset
O4 - HKLM\..\Run: [BootService] rundll32.exe "C:\WINDOWS\hgffgg.dll",realset
O4 - HKLM\..\Run: [BootService] rundll32.exe "C:\WINDOWS\hgdaax.dll",realset
O4 - HKLM\..\Run: [BootService] rundll32.exe "C:\WINNT\rqomjj.dll",realset
O4 - HKLM\..\Run: [BootService] rundll32.exe "C:\WINDOWS\bywwvt.dll",realset
O4 - HKLM\..\Run: [BootService] rundll32.exe "C:\WINDOWS\xxxwtq.dll",realset
O4 - HKLM\..\Run: [BootService] rundll32.exe "C:\WINDOWS\yabyvw.dll",realset
O4 - HKLM\..\Run: [BootService] rundll32.exe "C:\WINDOWS\awurss.dll",realset  

O4 - HKLM\..\Run: [InfoData] rundll32.exe "C:\WINDOWS\nnoopq.dll",realset
O4 - HKLM\..\Run: [InfoData] rundll32.exe "C:\WINDOWS\system32\aihapnkx.dll",realset
O4 - HKLM\..\Run: [InfoData] rundll32.exe "C:\WINDOWS\system32\amnacjrb.dll",realset
O4 - HKLM\..\Run: [InfoData] rundll32.exe "C:\WINDOWS\system32\evewualt.dll",realset
O4 - HKLM\..\Run: [InfoData] rundll32.exe "C:\WINDOWS\system32\funnjaqc.dll",realset
O4 - HKLM\..\Run: [InfoData] rundll32.exe "C:\WINDOWS\system32\fwursbps.dll",realset
O4 - HKLM\..\Run: [InfoData] rundll32.exe "C:\WINDOWS\System32\ieagkwva.dll",realset
O4 - HKLM\..\Run: [InfoData] rundll32.exe "C:\WINDOWS\system32\iukfmidr.dll",realset
O4 - HKLM\..\Run: [InfoData] rundll32.exe "C:\WINDOWS\system32\jbngltjx.dll",realset
O4 - HKLM\..\Run: [InfoData] rundll32.exe "C:\WINDOWS\system32\jvlkusep.dll",realset

O4 - HKLM\..\Run: [WindowsService] rundll32.exe "C:\WINDOWS\system32\nvqbfayx.dll",realset
O4 - HKLM\..\Run: [WindowsService] rundll32.exe "C:\WINDOWS\system32\axjpstla.dll",realset
O4 - HKLM\..\Run: [WindowsService] rundll32.exe "C:\WINDOWS\system32\blbhrvbd.dll",realset
O4 - HKLM\..\Run: [WindowsService] rundll32.exe "C:\WINDOWS\system32\dgpnfaub.dll",realset
O4 - HKLM\..\Run: [WindowsService] rundll32.exe "C:\WINDOWS\system32\llvcyypf.dll",realset
O4 - HKLM\..\Run: [WindowsService] rundll32.exe "C:\WINDOWS\system32\qbhdvidv.dll",realset
O4 - HKLM\..\Run: [WindowsService] rundll32.exe "C:\WINDOWS\system32\qfcictbw.dll",realset
O4 - HKLM\..\Run: [WindowsService] rundll32.exe "C:\WINDOWS\system32\wpbmpsni.dll",realset
O4 - HKLM\..\Run: [WindowsService] rundll32.exe "C:\WINNT\system32\njjkuyir.dll",realset
O4 - HKLM\..\Run: [WindowsService] rundll32.exe "C:\WINNT\system32\vohhnjny.dll",realset

O4 - HKLM\..\Run: [WindowsUpdate] rundll32.exe "C:\WINDOWS\system32\aifbdtps.dll",realset
O4 - HKLM\..\Run: [WindowsUpdate] rundll32.exe "C:\WINDOWS\system32\ewcwjwxp.dll",realset
O4 - HKLM\..\Run: [WindowsUpdate] rundll32.exe "C:\WINDOWS\system32\ayatkkbj.dll",realset
O4 - HKLM\..\Run: [WindowsUpdate] rundll32.exe "C:\WINDOWS\system32\bkqcnnia.dll",realset
O4 - HKLM\..\Run: [WindowsUpdate] rundll32.exe "C:\WINDOWS\system32\devirpaw.dll",realset
O4 - HKLM\..\Run: [WindowsUpdate] rundll32.exe "C:\WINDOWS\system32\dstgcmcr.dll",realset
O4 - HKLM\..\Run: [WindowsUpdate] rundll32.exe "C:\WINDOWS\system32\ecnagudp.dll",realset
O4 - HKLM\..\Run: [WindowsUpdate] rundll32.exe "C:\WINDOWS\system32\ejdxdwrg.dll",realset
O4 - HKLM\..\Run: [WindowsUpdate] rundll32.exe "C:\WINDOWS\system32\eoskciik.dll",realset
O4 - HKLM\..\Run: [WindowsUpdate] rundll32.exe "C:\WINDOWS\system32\eqsywbpb.dll",realset

O4 - HKLM\..\Run: [setup] rundll32.exe "C:\WINDOWS\bywxvw.dll",realset
O4 - HKLM\..\Run: [setup] rundll32.exe "C:\WINDOWS\system32\alyumudt.dll",realset
O4 - HKLM\..\Run: [setup] rundll32.exe "C:\WINDOWS\system32\bejwbwqe.dll",realset
O4 - HKLM\..\Run: [setup] rundll32.exe "C:\WINDOWS\system32\csusjfqu.dll",realset
O4 - HKLM\..\Run: [setup] rundll32.exe "C:\WINDOWS\system32\dacoohmu.dll",realset
O4 - HKLM\..\Run: [setup] rundll32.exe "C:\WINDOWS\System32\duvpkltn.dll",realset
O4 - HKLM\..\Run: [setup] rundll32.exe "C:\WINDOWS\system32\flsosoei.dll",realset
O4 - HKLM\..\Run: [setup] rundll32.exe "C:\WINDOWS\system32\fvawoqen.dll",realset
O4 - HKLM\..\Run: [setup] rundll32.exe "C:\WINDOWS\system32\gcxlkhat.dll",realset
O4 - HKLM\..\Run: [setup] rundll32.exe "C:\WINDOWS\system32\gpmutpom.dll",realset

O4 - HKLM\..\Run: [Genuine] rundll32.exe "C:\WINDOWS\system32\ceykfijk.dll",realset
O4 - HKLM\..\Run: [Genuine] rundll32.exe "C:\WINDOWS\system32\jooreysr.dll",realset
O4 - HKLM\..\Run: [Genuine] rundll32.exe "C:\WINDOWS\system32\klvrpjnv.dll",realset
O4 - HKLM\..\Run: [Genuine] rundll32.exe "C:\WINDOWS\system32\qxgatxhe.dll",realset
O4 - HKLM\..\Run: [Genuine] rundll32.exe "C:\WINDOWS\system32\rlqaadyb.dll",realset
O4 - HKLM\..\Run: [Genuine] rundll32.exe "C:\WINDOWS\system32\tkolakhk.dll",realset
O4 - HKLM\..\Run: [Genuine] rundll32.exe "C:\WINDOWS\system32\qxgatxhe.dll",realset
O4 - HKLM\..\Run: [Genuine] rundll32.exe "C:\WINDOWS\System32\suoflaoe.dll",realset
O4 - HKLM\..\Run: [Genuine] rundll32.exe "C:\WINDOWS\system32\mpwrkvrl.dll",realset
O4 - HKLM\..\Run: [Genuine] rundll32.exe "C:\WINDOWS\system32\wjmvditw.dll",realset

O4 - HKLM\..\Run: [ApachInc] rundll32.exe "C:\Windows\system32\lijtpvml.dll",realset
O4 - HKLM\..\Run: [ApachInc] rundll32.exe "C:\WINDOWS\system32\mujyvdvl.dll",realset
O4 - HKLM\..\Run: [ApachInc] rundll32.exe "C:\WINDOWS\system32\ldbxokcv.dll",realset
O4 - HKLM\..\Run: [ApachInc] rundll32.exe "C:\WINDOWS\System32\jipdrlxh.dll",realset
O4 - HKLM\..\Run: [ApachInc] rundll32.exe "C:\WINDOWS\system32\llhbjmgi.dll",realset
O4 - HKLM\..\Run: [ApachInc] rundll32.exe "C:\WINDOWS\system32\qrcnmrjh.dll",realset
O4 - HKLM\..\Run: [ApachInc] rundll32.exe "C:\WINDOWS\system32\tketubup.dll",realset
O4 - HKLM\..\Run: [ApachInc] rundll32.exe "C:\WINDOWS\system32\mliperkm.dll",realset
O4 - HKLM\..\Run: [ApachInc] rundll32.exe "C:\WINDOWS\system32\ajephglx.dll",realset
O4 - HKLM\..\Run: [ApachInc] rundll32.exe "C:\WINDOWS\system32\ldbxokcv.dll",realset

O4 - HKLM\..\Run: [GPLv3] rundll32.exe "C:\WINDOWS\system32\jqbnpxej.dll",realset
O4 - HKLM\..\Run: [GPLv3] rundll32.exe "C:\WINDOWS\system32\jkplpiri.dll",realset
O4 - HKLM\..\Run: [GPLv3] rundll32.exe "C:\WINDOWS\system32\fawpekeq.dll",realset
O4 - HKLM\..\Run: [GPLv3] rundll32.exe "C:\WINDOWS\system32\ajruwwgw.dll",realset
O4 - HKLM\..\Run: [GPLv3] rundll32.exe "C:\WINDOWS\System32\ugehbjih.dll",realset
O4 - HKLM\..\Run: [GPLv3] rundll32.exe "C:\WINDOWS\system32\fmrjjsfj.dll",realset
O4 - HKLM\..\Run: [GPLv3] rundll32.exe "C:\WINDOWS\system32\dcjxnmoh.dll",realset
O4 - HKLM\..\Run: [GPLv3] rundll32.exe "C:\WINDOWS\system32\rpkrwqmw.dll",realset
O4 - HKLM\..\Run: [GPLv3] rundll32.exe "C:\WINDOWS\system32\rauerfvl.dll",realset
O4 - HKLM\..\Run: [GPLv3] rundll32.exe "C:\WINDOWS\system32\metsvyxn.dll",realset

O4 - HKLM\..\Run: [winehq.org] rundll32.exe "C:\WINDOWS\cbyvus.dll",realset
O4 - HKLM\..\Run: [winehq.org] rundll32.exe "C:\WINDOWS\ssqrrq.dll",realset
O4 - HKLM\..\Run: [winehq.org] rundll32.exe "C:\WINDOWS\nnmjjj.dll",realset
O4 - HKLM\..\Run: [winehq.org] rundll32.exe "C:\WINDOWS\byywwv.dll",realset
O4 - HKLM\..\Run: [winehq.org] rundll32.exe "C:\WINDOWS\pmlmnm.dll",realset
O4 - HKLM\..\Run: [winehq.org] rundll32.exe "C:\WINDOWS\mlmlih.dll",realset
O4 - HKLM\..\Run: [winehq.org] rundll32.exe "C:\WINNT\byvuro.dll",realset
O4 - HKLM\..\Run: [winehq.org] rundll32.exe "C:\WINDOWS\opooml.dll",realset
O4 - HKLM\..\Run: [winehq.org] rundll32.exe "C:\WINDOWS\nnoopn.dll",realset
O4 - HKLM\..\Run: [winehq.org] rundll32.exe "C:\WINDOWS\byvwus.dll",realset

O4 - HKLM\..\Run: [icq.com] rundll32.exe "C:\WINDOWS\System32\svulkjay.dll",forkonce
O4 - HKLM\..\Run: [icq.com] rundll32.exe "C:\WINDOWS\system32\srargomg.dll",forkonce
O4 - HKLM\..\Run: [icq.com] rundll32.exe "C:\WINDOWS\system32\mpspxxks.dll",forkonce
O4 - HKLM\..\Run: [icq.com] rundll32.exe "C:\WINDOWS\system32\yveusdnu.dll",forkonce
O4 - HKLM\..\Run: [icq.com] rundll32.exe "C:\WINDOWS\system32\khoqjqvd.dll",forkonce
O4 - HKLM\..\Run: [icq.com] rundll32.exe "C:\WINDOWS\system32\obspqvae.dll",forkonce
O4 - HKCU\..\Run: [icq.com] rundll32.exe "C:\Users\Ravi\AppData\Local\Temp\jwbwpohy.dll",forkonce
O4 - HKLM\..\Run: [icq.com] rundll32.exe "C:\WINDOWS\system32\vujtbwks.dll",forkonce
O4 - HKLM\..\Run: [icq.com] rundll32.exe "C:\WINDOWS\system32\rvqvtrcf.dll",forkonce
O4 - HKLM\..\Run: [icq.com] rundll32.exe "C:\WINDOWS\system32\fmrdbtdk.dll",forkonce

O4 - HKLM\..\Run: [MemoryManager] rundll32.exe "C:\WINDOWS\system32\tgmfidhc.dll",forkonce
O4 - HKLM\..\Run: [MemoryManager] rundll32.exe "C:\WINDOWS\system32\ivgdpnon.dll",forkonce
O4 - HKLM\..\Run: [MemoryManager] rundll32.exe "C:\WINNT\System32\owmtvnnr.dll",sitypnow
O4 - HKLM\..\Run: [MemoryManager] rundll32.exe "C:\WINDOWS\System32\aduucjrj.dll",forkonce
O4 - HKLM\..\Run: [MemoryManager] "rundll32.exe" "C:\WINDOWS\system32\uckqmltn.dll",forkonce
O4 - HKLM\..\Run: [MemoryManager] rundll32.exe "C:\WINDOWS\system32\oicrpfyf.dll",forkonce
O4 - HKLM\..\Run: [MemoryManager] rundll32.exe "C:\WINDOWS\System32\bvkwqjob.dll",forkonce
O4 - HKLM\..\Run: [MemoryManager] rundll32.exe "C:\WINDOWS\system32\sjnltvhe.dll",forkonce
O4 - HKLM\..\Run: [MemoryManager] rundll32.exe "C:\WINDOWS\system32\udolxwvm.dll",forkonce
O4 - HKLM\..\Run: [MemoryManager] rundll32.exe "C:\WINDOWS\system32\xewnkmcb.dll",forkonce

O4 - HKLM\..\Run: [SystemOptimizer] rundll32.exe "C:\WINDOWS\system32\avqpcotb.dll",forkonce
O4 - HKLM\..\Run: [SystemOptimizer] rundll32.exe "C:\WINDOWS\system32\bjofupbp.dll",forkonce
O4 - HKLM\..\Run: [SystemOptimizer] rundll32.exe "C:\WINDOWS\system32\kbphysvo.dll",forkonce
O4 - HKLM\..\Run: [SystemOptimizer] rundll32.exe "C:\WINDOWS\system32\ougbjupu.dll",forkonce
O4 - HKLM\..\Run: [SystemOptimizer] rundll32.exe "C:\WINDOWS\system32\shafowho.dll",forkonce
O4 - HKLM\..\Run: [SystemOptimizer] rundll32.exe "C:\WINDOWS\system32\shmnpeqt.dll",forkonce
O4 - HKLM\..\Run: [SystemOptimizer] rundll32.exe "C:\WINDOWS\system32\svykljym.dll",forkonce
O4 - HKLM\..\Run: [SystemOptimizer] rundll32.exe "C:\WINDOWS\system32\xbhruhpl.dll",forkonce
O4 - HKLM\..\Run: [SystemOptimizer] rundll32.exe "C:\WINDOWS\system32\awrmsmdm.dll",forkonce
O4 - HKLM\..\Run: [SystemOptimizer] rundll32.exe "C:\WINDOWS\system32\qkhsccbt.dll",forkonce

O4 - HKLM\..\Run: [MSOffice] rundll32.exe "C:\WINDOWS\vtrstr.dll",sitypnow
O4 - HKLM\..\Run: [MSOffice] rundll32.exe "C:\WINDOWS\system32\vtbjedtc.dll",sitypnow
O4 - HKLM\..\Run: [MSOffice] rundll32.exe "C:\WINDOWS\System32\ysxljihw.dll ",sitypnow
O4 - HKLM\..\Run: [MSOffice] rundll32.exe "C:\WINDOWS\system32\ljogspem.dll",sitypnow
O4 - HKLM\..\Run: [MSOffice] rundll32.exe "C:\WINDOWS\wvvttr.dll",sitypnow
O4 - HKLM\..\Run: [MSOffice] rundll32.exe "C:\WINDOWS\system32\uebexket.dll",sitypnow
O4 - HKLM\..\Run: [MSOffice] rundll32.exe "C:\WINDOWS\system32\mmlgffgr.dll",sitypnow
O4 - HKLM\..\Run: [MSOffice] rundll32.exe "C:\WINDOWS\system32\nialqhoe.dll",sitypnow
O4 - HKLM\..\Run: [MSOffice] rundll32.exe "C:\WINDOWS\awutqp.dll",sitypnow
O4 - HKLM\..\Run: [MSOffice] rundll32.exe "C:\WINDOWS\mliigh.dll",sitypnow

O4 - HKLM\..\Run: [SystemRestoreStatus] rundll32.exe"C:\WINDOWS\system32\vabyuobk.dll",sitypnow
O4 - HKLM\..\Run: [SystemRestoreStatus] rundll32.exe "C:\WINDOWS\system32\vfavjthv.dll",sitypnow
O4 - HKLM\..\Run: [SystemRestoreStatus] rundll32.exe "C:\WINDOWS\system32\myfpapai.dll",sitypnow
O4 - HKLM\..\Run: [SystemRestoreStatus] rundll32.exe "C:\WINDOWS\system32\ehytfrdp.dll",sitypnow
O4 - HKLM\..\Run: [SystemRestoreStatus] rundll32.exe "C:\WINDOWS\system32\vkmtlpjg.dll",sitypnow
O4 - HKLM\..\Run: [SystemRestoreStatus] rundll32.exe "C:\WINDOWS\system32\wyfiyliq.dll",sitypnow
O4 - HKLM\..\Run: [SystemRestoreStatus] rundll32.exe "C:\WINDOWS\system32\kcntrxrq.dll",sitypnow
O4 - HKLM\..\Run: [SystemRestoreStatus] rundll32.exe "C:\WINDOWS\system32\bysvlcti.dll",sitypnow
O4 - HKLM\..\Run: [SystemRestoreStatus] rundll32.exe "C:\WINDOWS\system32\mkikaqae.dll",sitypnow
O4 - HKLM\..\Run: [SystemRestoreStatus] rundll32.exe "C:\WINDOWS\system32\pcfwvqoi.dll",sitypnow

O4 - HKLM\..\Run: [FolderView] rundll32.exe "C:\WINDOWS\System32\istewxsh.dll",sitypnow
O4 - HKLM\..\Run: [FolderView] rundll32.exe "C:\WINDOWS\system32\domufile.dll",sitypnow
O4 - HKLM\..\Run: [FolderView] rundll32.exe "C:\WINDOWS\system32\pipkrdrq.dll",sitypnow
O4 - HKLM\..\Run: [FolderView] rundll32.exe "C:\WINDOWS\system32\uxbgyaau.dll",sitypnow
O4 - HKLM\..\Run: [FolderView] rundll32.exe "C:\WINDOWS\system32\bgempfmp.dll",sitypnow
O4 - HKLM\..\Run: [FolderView] rundll32.exe "C:\WINDOWS\system32\llsngomr.dll",sitypnow
O4 - HKLM\..\Run: [FolderView] rundll32.exe "C:\WINDOWS\system32\cgctsycq.dll",sitypnow
O4 - HKLM\..\Run: [FolderView] rundll32.exe "C:\WINDOWS\system32\otxxesxh.dll",sitypnow
O4 - HKLM\..\Run: [FolderView] rundll32.exe "C:\WINDOWS\system32\oycwvkxy.dll",sitypnow
O4 - HKLM\..\Run: [FolderView] rundll32.exe "C:\WINDOWS\system32\eliogabn.dll",sitypnow

O4 - HKLM\..\Run: [SearchIndexer] rundll32.exe "C:\WINDOWS\system32\iragtclg.dll",sitypnow
O4 - HKLM\..\Run: [SearchIndexer] rundll32.exe "C:\WINNT\system32\abvdptlt.dll",sitypnow
O4 - HKLM\..\Run: [SearchIndexer] rundll32.exe "C:\WINDOWS\system32\cmrrtpgu.dll",sitypnow
O4 - HKLM\..\Run: [SearchIndexer] rundll32.exe "C:\WINDOWS\system32\hrfaibxx.dll",sitypnow
O4 - HKLM\..\Run: [SearchIndexer] rundll32.exe "C:\WINDOWS\System32\qpotlexd.dll",sitypnow
O4 - HKLM\..\Run: [SearchIndexer] rundll32.exe "C:\WINDOWS\system32\iejsxvww.dll",sitypnow
O4 - HKLM\..\Run: [SearchIndexer] rundll32.exe "C:\WINDOWS\system32\pklvcyma.dll",sitypnow
O4 - HKLM\..\Run: [SearchIndexer] rundll32.exe "C:\WINDOWS\system32\dnxsrfei.dll",sitypnow
O4 - HKLM\..\Run: [SearchIndexer] rundll32.exe "C:\WINDOWS\system32\uyynumjo.dll",sitypnow
O4 - HKLM\..\Run: [SearchIndexer] rundll32.exe "C:\WINDOWS\system32\mhqwggpc.dll",sitypnow

O4 - HKLM\..\Run: [f422ab53] rundll32.exe "C:\WINDOWS\system32\ervmstuv.dll",sitypnow
O4 - HKLM\..\Run: [c810868e] rundll32.exe "C:\WINDOWS\system32\bnkjlkrg.dll",sitypnow
O4 - HKLM\..\Run: [28734159] rundll32.exe "C:\WINDOWS\system32\jmammsyy.dll",sitypnow
O4 - HKLM\..\Run: [07d103b8] rundll32.exe "C:\WINDOWS\System32\oprtunuf.dll",sitypnow
O4 - HKLM\..\Run: [9cccaa8b] rundll32.exe "C:\WINDOWS\system32\pfrddxir.dll",sitypnow
O4 - HKLM\..\Run: [f0cf2a2e] rundll32.exe "C:\WINDOWS\system32\guhitmvp.dll",sitypnow
O4 - HKLM\..\Run: [07d304be] rundll32.exe "C:\WINNT\system32\ffjhirpd.dll",sitypnow
O4 - HKLM\..\Run: [5458b2ba] rundll32.exe "C:\WINDOWS\system32\qwskxykc.dll",sitypnow
O4 - HKLM\..\Run: [e46b0217] rundll32.exe "C:\WINNT\system32\hcmcvegx.dll",sitypnow
O4 - HKLM\..\Run: [5cf9917a] rundll32.exe "C:\WINDOWS\System32\myfcsqsk.dll",sitypnow

....."duszek" zrobił sobie lekki makijaż :) ...teraz występuje tak :

O4 - HKLM\..\Run: [ecb285d0] rundll32.exe "C:\WINDOWS\yabbab.dll",b
O4 - HKLM\..\Run: [3c1062d3] rundll32.exe "C:\WINDOWS\jkkjji.dll",b
O4 - HKLM\..\Run: [2ca1eb9c] rundll32.exe "C:\WINDOWS\system32\uftdotiv.dll",b
O4 - HKLM\..\Run: [203d0c55] rundll32.exe "C:\WINDOWS\system32\eximayxp.dll",b
O4 - HKLM\..\Run: [54074065] rundll32.exe "D:\WINDOWS\system32\xetuxfeg.dll",b
O4 - HKLM\..\Run: [481a62f7] rundll32.exe "C:\WINDOWS\system32\eknlixpw.dll",b
O4 - HKLM\..\Run: [44740f4c] rundll32.exe "C:\WINDOWS\fccddd.dll",b
O4 - HKLM\..\Run: [70826a30] rundll32.exe "C:\WINDOWS\system32\ipfbiajl.dll",b
O4 - HKLM\..\Run: [e494bdd1] rundll32.exe "C:\WINDOWS\system32\mjqksxcl.dll",b
O4 - HKLM\..\Run: [54a58e5f] rundll32.exe "C:\WINDOWS\system32\lkmsiaqw.dll",b

O4 - HKCU\..\Run: [cmds] rundll32.exe C:\Users\Soujirou\AppData\Local\Temp\vtUlMdCR.dll,c
O4 - HKCU\..\Run: [cmds] rundll32.exe C:\Users\Stephen\AppData\Local\Temp\ljjKEVLC.dll,c
O4 - HKCU\..\Run: [cmds] rundll32.exe C:\Users\TBULLS~1\AppData\Local\Temp\fcccbaAS.dll,c
O4 - HKCU\..\Run: [cmds] rundll32.exe C:\Users\teemu\AppData\Local\Temp\awtuTKcc.dll,c
O4 - HKCU\..\Run: [cmds] rundll32.exe C:\Users\Terry\AppData\Local\Temp\efcCvTJc.dll,c
O4 - HKCU\..\Run: [cmds] rundll32.exe C:\Users\Tommi\AppData\Local\Temp\rqRHyyWP.dll,c
O4 - HKCU\..\Run: [cmds] rundll32.exe C:\Users\USER\AppData\Local\Temp\wvUkJcAR.dll,c
O4 - HKCU\..\Run: [cmds] rundll32.exe C:\Users\VAIO\AppData\Local\Temp\ssqqNgEW.dll,c
O4 - HKCU\..\Run: [cmds] rundll32.exe C:\Users\Vasil\AppData\Local\Temp\rqRKEXoL.dll,c
O4 - HKCU\..\Run: [cmds] rundll32.exe C:Users\Andrew\AppDataLocal\Temp\yayyWnon.dll,c

O4 - HKLM\..\Run: [MSServer] rundll32.exe C:\Windows\system32\jkkHArSL.dll,#1
O4 - HKLM\..\Run: [MSServer] rundll32.exe C:\Windows\system32\fcyyw.dll,#1
O4 - HKLM\..\Run: [MSServer] rundll32.exe C:\Windows\system32\ljJAQJyW.dll,#1
O4 - HKCU\..\Run: [MSServer] rundll32.exe C:\Users\fq1376z\AppData\Local\Temp\tuvVNEur.dll,#1
O4 - HKCU\..\Run: [MSServer] rundll32.exe C:\Users\Tommi\AppData\Local\Temp\pmnmkkLC.dll,#1
O4 - HKCU\..\Run: [MSServer] rundll32.exe C:\Users\lslucero\AppData\Local\Temp\hGVMeFvS.dll,#1
O4 - HKCU\..\Run: [MSServer] rundll32.exe C:\Users\Robbie\AppData\Local\Temp\geBstrol.dll,#1
O4 - HKCU\..\Run: [MSServer] rundll32.exe C:\Users\Arpit\AppData\Local\Temp\rqRLeccB.dll,#1
O4 - HKCU\..\Run: [MSServer] rundll32.exe C:\Users\Mike\AppData\Local\Temp\awtsQJaA.dll,#1
O4 - HKCU\..\Run: [MSServer] rundll32.exe C:\Users\Amanda\AppData\Local\Temp\tustt.dll,#1

O4 - HKCU\..\Run: [BMef7c137b] Rundll32.exe "C:\WINDOWS\system32\rsjhwcxk.dll",s
O4 - HKLM\..\Run: [BM03444230] Rundll32.exe "C:\WINDOWS\system32\wsacsxna.dll",s
O4 - HKLM\..\Run: [BM0a7b2a37] Rundll32.exe "C:\WINDOWS\system32\jifxthmd.dll",s
O4 - HKLM\..\Run: [BM33cc6aa0]C:\WINDOWS\system32\rdtimseq.dll,s
O4 - HKLM\..\Run: [BM57247bb3] Rundll32.exe "C:\WINDOWS\system32\jwubnpee.dll",s
O4 - HKLM\..\Run: [BM33f97706] Rundll32.exe "C:\WINDOWS\system32\fpouykbx.dll",s
O4 - HKLM\..\Run: [BM07f8ea3f] Rundll32.exe "C:\WINDOWS\system32\irbuhkux.dll",s
O4 - HKLM\..\Run: [BM1f47bc0e] Rundll32.exe "C:\WINDOWS\system32\kbeyvtrs.dll",s
O4 - HKLM\..\Run: [BM7f4231a6] Rundll32.exe "C:\WINDOWS\system32\pbbocccg.dll",s
O4 - HKLM\..\Run: [BM0fb151ca] Rundll32.exe "C:\WINDOWS\system32\ufiexbwe.dll",s

O4 - HKCU\..\Run: [MS Juan] rundll32 "C:\Users\MAGDAI~1\AppData\Local\Temp\hfmcfqhk.dll",run
O4 - HKCU\..\Run: [MS Juan] rundll32 "C:\Users\StarBai\AppData\Local\Temp\amnyuvxu.dll",run
O4 - HKCU\..\Run: [MS Juan] rundll32 "C:\Users\Larry\AppData\Local\Temp\dhicovdi.dll",run
O4 - HKCU\..\Run: [MS Juan] rundll32 "C:\Users\danielvd\AppData\Local\Temp\nhrdovwk.dll",run
O4 - HKCU\..\Run: [MS Juan] rundll32 "C:\DOCUME~1\trevor\LOCALS~1\Temp\glygqxpq.dll",run
O4 - HKCU\..\Run: [MS Juan] rundll32 "C:\Users\Leroy\AppData\Local\Temp\vyavwgxh.dll",run
O4 - HKCU\..\Run: [MS Juan] rundll32 "C:\Users\Luke\AppData\Local\Temp\jkbpogpg.dll",run
O4 - HKCU\..\Run: [MS Juan] rundll32 "C:\Users\kapoo\AppData\Local\Temp\jehxdsfq.dll",run
O4 - HKCU\..\Run: [MS Juan] rundll32 "C:\Users\Czarek\AppData\Local\Temp\pgmgpdum.dll",run
O4 - HKCU\..\Run: [MS Juan] rundll32 "C:\Users\SANDYR~1\AppData\Local\Temp\vlradhac.dll",run

O4 - HKLM\..\Run: [MSDisp32] "rundll32.exe" C:\WINDOWS\System32\drvtah.dll,startup
O4 - HKLM\..\Run: [MSDisp32] "rundll32.exe" C:\WINDOWS\system32\drvmut.dll,startup
O4 - HKLM\..\Run: [MSDisp32] rundll32.exe C:\WINDOWS\System32\drvbeb.dll,startup
O4 - HKLM\..\Run: [MSDisp32] rundll32.exe C:\WINDOWS\system32\drvcaw.dll,startup
O4 - HKLM\..\Run: [MSDisp32] rundll32.exe C:\WINDOWS\system32\drvdoz.dll,startup
O4 - HKLM\..\Run: [MSDisp32] rundll32.exe C:\WINDOWS\System32\drvfob.dll,startup
O4 - HKLM\..\Run: [MSDisp32] rundll32.exe C:\WINDOWS\System32\drvfor.dll,startup
O4 - HKLM\..\Run: [MSDisp32] rundll32.exe C:\WINDOWS\system32\drvgil.dll,startup
O4 - HKLM\..\Run: [MSDisp32] rundll32.exe C:\WINDOWS\system32\drvjew.dll,startup
O4 - HKLM\..\Run: [MSDisp32] rundll32.exe C:\WINDOWS\system32\drvkob.dll,startup



O2 - BHO: (NO NAME) - {0676CC61-CDC5-447E-AAFC-9D886EC820EB} - C:\WINDOWS\SYSTEM32\TMP2.TMP.DLL

O2 - BHO: (NO NAME) - {E03C740E-BB24-4D3C-B92A-6F84DE1DD99C} - C:\WINDOWS\SYSTEM32\TMP9E39.TMP.DLL

O2 - BHO: (NO NAME) - {1F6581D5-AA53-4B73-A6F9-41420C6B61F1} - C:\WINDOWS\SYSTEM32\TMP2F.TMP.DLL

O2 - BHO: (NO NAME) - {D38439EC-4A7F-42B4-90C2-D810D7778FDD} - C:\WINDOWS\SYSTEM32\TMP82C1.TMP.DLL
O2 - BHO: (NO NAME) - {D38439EC-4A7F-42B4-90C2-D810D7778FDD} - C:\WINDOWS\SYSTEM32\TMP71.TMP.DLL
O2 - BHO: (NO NAME) - {D38439EC-4A7F-42B4-90C2-D810D7778FDD} - C:\WINDOWS\SYSTEM32\TMP1E.TMP.DLL
O2 - BHO: (NO NAME) - {D38439EC-4A7F-42B4-90C2-D810D7778FDD} - C:\C\SYSTEM32\TMP35.TMP.DLL

O2 - BHO: (NO NAME) - {67C55A8D-E808-4CAA-9EA7-F77102DE0BB6} - C:\WINDOWS\SYSTEM32\TMP92F.TMP.DLL
O2 - BHO: (NO NAME) - {67C55A8D-E808-4CAA-9EA7-F77102DE0BB6} - C:\WINDOWS\SYSTEM32\TMP1CF.TMP.DLL
O2 - BHO: (NO NAME) - {67C55A8D-E808-4CAA-9EA7-F77102DE0BB6} - C:\WINDOWS\SYSTEM32\XMSJQXBS.DLL

O2 - BHO: (NO NAME) - {57E218E6-5A80-4F0C-AB25-83598F25D7E9} - C:\WINDOWS\SYSTEM32\PPWLHWYN.DLL
O2 - BHO: (NO NAME) - {57E218E6-5A80-4F0C-AB25-83598F25D7E9} - C:\WINDOWS\SYSTEM32\JFMBODKR.DLL
O2 - BHO: (NO NAME) - {57E218E6-5A80-4F0C-AB25-83598F25D7E9} - C:\WINDOWS\SYSTEM32\TMP3.TMP.DLL
O2 - BHO: (NO NAME) - {57E218E6-5A80-4F0C-AB25-83598F25D7E9} - C:\WINDOWS\SYSTEM32\TMP77.TMP.DLL


Usuwanie:
Oczywiście w trybie awaryjnym z wyłączonym przywracaniem systemu zastosować  VundoFix  ,  ComboFix możecie też zastosować narzędzie symanteca FixVundo.exe  

Ostatnio coś Vundo stał się oporny...jeśli VundoFix go nie załatwił, proszę zastosować VirtumundoBegone   (nie wystraszcie się "Blue screena", to normalne zachowanie programu)



Valid HTML 4.01 Transitional