Restart komputera po skanowaniu - log Combofix

zaba007 · 28 Grudzień 2007 21:26

Witajcie,

Na wstępnie od razu zaznaczam, ze jestem kompletnym laikiem, do tego kobietą ;-), więc przepraszam, za nie fachowe słownictwo.

Po skanowaniu (np. ad aware) następuje restart. Przy użyciu jakiegoś innego programu (chyba spybota, czy coś takiego) na liście pojawiają się jakieś trojany, ale nie można ich usunąć

Na forum przeczytałam, że do diagnozy niezbędny jest log (cokolwiek by to było ) więc wydaje mi się, że tą część zadania zrobiłam poprawnie. Zobaczymy, czy poradzę sobie dalej. Będę wdzięczna za pomoc.

ComboFix 07-12-21.4 - Kris 2007-12-28 21:59:33.1 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.2.1250.1.1045.18.92 [GMT 1:00] Running from: C:\Documents and Settings\Kris\Pulpit\ComboFix.exe * Created a new restore point . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\Documents and Settings\Administrator\Ulubione\Online Security Guide.lnk C:\Documents and Settings\Tusia\Ulubione\Online Security Guide.lnk C:\Program Files\Temporary C:\WINDOWS\cookies.ini C:\WINDOWS\mrofinu904.exe C:\WINDOWS\system32\cnfjyjdl.dll C:\WINDOWS\system32\cpeniaui.exe C:\WINDOWS\system32\dcujdijn.dll C:\WINDOWS\system32\dgillgxv.exe C:\WINDOWS\system32\dljbejvg.exe C:\WINDOWS\system32\eilmflxy.exe C:\WINDOWS\system32\emgbirxv.dll C:\WINDOWS\system32\evodelqk.dllbox C:\WINDOWS\system32\fbpgjdto.dll C:\WINDOWS\system32\feyehqwr.ini C:\WINDOWS\system32\ftiynvlw.exe C:\WINDOWS\system32\gabvghlw.exe C:\WINDOWS\system32\gkwfoopb.exe C:\WINDOWS\system32\gpquvrtg.dll C:\WINDOWS\system32\gpswxvms.exe C:\WINDOWS\system32\hekttwfi.dll C:\WINDOWS\system32\hojddxbc.dll C:\WINDOWS\system32\hqnmumck.exe C:\WINDOWS\system32\hsbahnmk.dll C:\WINDOWS\system32\itnmqmjt.dll C:\WINDOWS\system32\jcnfjbvg.exe C:\WINDOWS\system32\jeugwfum.exe C:\WINDOWS\system32\joxdxeht.exe C:\WINDOWS\system32\kkpmmekr.exe C:\WINDOWS\system32\lnquuclh.dll C:\WINDOWS\system32\mcxljvwj.exe C:\WINDOWS\system32\mljkhgg.dll C:\WINDOWS\system32\pajrmnog.dll C:\WINDOWS\system32\pmbdamwq.exe C:\WINDOWS\system32\qispsbwr.exe C:\WINDOWS\system32\qtvnuwtj.dll C:\WINDOWS\system32\rhlahkvq.dll C:\WINDOWS\system32\rwqheyef.dll C:\WINDOWS\system32\smnlxvcj.dll C:\WINDOWS\system32\srqss.ini C:\WINDOWS\system32\srqss.ini2 C:\WINDOWS\system32\ssqrs.dll C:\WINDOWS\system32\tembqjig.exe C:\WINDOWS\system32\tgcwaqhh.dll C:\WINDOWS\system32\tjmqmnti.ini C:\WINDOWS\system32\vdlgemqa.dll C:\WINDOWS\system32\vrscdkow.ini C:\WINDOWS\system32\wdgcgrli.dll C:\WINDOWS\system32\wiyreeeg.dll C:\WINDOWS\system32\wokdcsrv.dll C:\WINDOWS\system32\xktpxnid.exe . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\LEGACY_DOMAINSERVICE -------\DomainService ((((((((((((((((((((((((( Files Created from 2007-11-28 to 2007-12-28 ))))))))))))))))))))))))))))))) . 2007-12-26 19:47 . 2007-12-27 19:48 770,812 —hs---- C:\WINDOWS\system32\mdbafgfi.ini 2007-12-21 23:29 . 2007-12-26 19:42 960,073 —hs---- C:\WINDOWS\system32\ivfeseym.ini 2007-12-19 21:19 . 2007-12-21 23:21 841,464 —hs---- C:\WINDOWS\system32\pppeyeai.ini 2007-12-18 20:55 . 2007-12-19 21:18 793,232 —hs---- C:\WINDOWS\system32\weujftjm.ini 2007-12-17 20:53 . 2007-12-18 20:53 788,608 —hs---- C:\WINDOWS\system32\hcdomppo.ini 2007-12-16 11:25 . 2007-12-17 20:47 764,941 —hs---- C:\WINDOWS\system32\yqahhegd.ini 2007-12-14 17:10 . 2007-12-16 11:22 768,383 —hs---- C:\WINDOWS\system32\irqdlfch.ini 2007-12-12 18:51 . 2007-12-14 17:07 874,610 —hs---- C:\WINDOWS\system32\ijmeetsi.ini 2007-12-12 17:54 . 2007-12-12 17:55 784,903 —hs---- C:\WINDOWS\system32\kqhmsjjd.ini 2007-12-10 18:59 . 2007-12-12 17:49 918,380 —hs---- C:\WINDOWS\system32\mqanatrc.ini 2007-12-09 18:21 . 2007-12-10 18:54 921,379 —hs---- C:\WINDOWS\system32\tkdnkegx.ini 2007-12-05 20:23 . 2007-12-09 18:15 875,704 —hs---- C:\WINDOWS\system32\tjconwqr.ini 2007-12-04 19:25 . 2007-12-05 20:22 807,648 —hs---- C:\WINDOWS\system32\ksrxdowq.ini 2007-12-03 23:27 . 2007-12-03 23:20 507,904 --a------ C:\MoveOnBoot.msi 2007-12-03 23:19 . 2007-12-28 22:06 2007-12-03 23:19 . 2007-12-28 22:04 2007-12-03 23:19 . 2006-10-14 09:39 2007-12-03 23:19 . 2007-12-03 23:22 2007-12-03 23:19 . 2006-10-14 10:33 2007-12-03 23:19 . 2006-10-14 10:33 2007-12-03 23:19 . 2006-10-14 10:33 2007-12-03 23:08 . 2007-12-03 23:08 2007-12-03 21:33 . 2007-12-03 21:33 2007-12-03 21:31 . 2007-12-03 21:31 2007-12-03 21:07 . 2007-12-03 21:07 45,768 --a------ C:\WINDOWS\system32\drivers\MiniIcpt.sys 2007-12-03 20:48 . 2007-12-03 22:11 2007-12-03 20:42 . 2007-12-03 20:42 2007-12-02 23:24 . 2007-12-10 19:55 143 --a------ C:\WINDOWS\system32\mcrh.tmp 2007-12-02 20:33 . 2007-12-02 22:26 . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2007-12-28 14:57 --------- d-----w C:\Documents and Settings\Kris\Dane aplikacji\Skype 2007-12-27 20:18 --------- d-----w C:\Program Files\NAPI-PROJEKT 2007-12-27 11:16 --------- d-----w C:\Program Files\Winamp 2007-12-18 06:44 --------- d-----w C:\Program Files\Common Files\Adobe 2007-12-12 19:41 --------- d-----w C:\Program Files\LEX 2007-12-05 20:03 --------- d-----w C:\Documents and Settings\Kris\Dane aplikacji\Lavasoft 2007-12-03 21:00 --------- d-----w C:\Program Files\Google 2007-12-03 20:57 --------- d-----w C:\Program Files\Yahoo! 2007-12-03 19:44 --------- d–h--w C:\Program Files\InstallShield Installation Information 2007-12-02 21:26 --------- d-----w C:\Documents and Settings\Kris\Dane aplikacji\uTorrent 2007-12-02 19:53 --------- d-----w C:\Program Files\Gadu-Gadu 2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] “ctfmon.exe”=“C:\WINDOWS\system32\ctfmon.exe” [2004-08-03 23:44] “Gadu-Gadu”=“C:\Program Files\Gadu-Gadu\gg.exe” [2006-10-03 12:55] “Skype”=“C:\Program Files\Skype\Phone\Skype.exe” [2006-06-12 16:33] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] “NvCplDaemon”=“RUNDLL32.exe” [2004-08-03 23:44 C:\WINDOWS\system32\rundll32.exe] “nwiz”=“nwiz.exe” [2003-09-11 13:43 C:\WINDOWS\system32\nwiz.exe] [HKEY_USERS.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] “CTFMON.EXE”=“C:\WINDOWS\System32\CTFMON.EXE” [2004-08-03 23:44] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\evodelqk] evodelqk.dll [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^Adobe Reader Speed Launch.lnk] path=C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\Adobe Reader Speed Launch.lnk backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^WinZip Quick Pick.lnk] path=C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\WinZip Quick Pick.lnk backup=C:\WINDOWS\pss\WinZip Quick Pick.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader] 2005-06-06 23:46 57344 --a------ C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] 2005-10-28 15:25 94208 --a------ C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\c4ff68d3] rundll32.exe C:\WINDOWS\system32\wokdcsrv.dll,b [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Gadu-Gadu] C:\Program Files\Gadu-Gadu\gg.exe /tray [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] 2001-07-09 09:50 155648 --a------ C:\WINDOWS\system32\NeroCheck.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NVIEW] rundll32.exe nview.dll,nViewLoadHook [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] C:\Program Files\QuickTime\qttask.exe -atboottime [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl] 2003-10-31 18:42 32768 --a------ C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype] C:\Program Files\Skype\Phone\Skype.exe /nosplash /minimized [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] 2005-11-10 12:03 36975 --a------ C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg] 2007-06-17 18:37 68856 --a------ C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UserFaultCheck] C:\WINDOWS\system32\dumprep 0 -u R2 ECBatteryDRV;ECBatteryDRV;C:\WINDOWS\system32\drivers\ECBatteryDRV.sys [2003-03-19 07:37] R2 ECMonitorDRV;ECMonitorDRV;C:\WINDOWS\system32\drivers\ECMonitorDRV.sys [2003-01-29 04:03] R2 ECUtilityDRV;ECUtilityDRV;C:\WINDOWS\system32\drivers\ECUtilityDRV.sys [2003-01-29 04:03] R2 HotCPUDRV;HotCPUDRV;C:\WINDOWS\system32\drivers\HotCPUDRV.sys [2003-01-29 04:03] R2 WinBootDRV;WinBootDRV;C:\WINDOWS\system32\drivers\WinBootDRV.sys [2003-01-29 04:02] R3 DP83815;National Semiconductor Corp. DP83815/816 NDIS 5.0 Miniport Driver;C:\WINDOWS\system32\DRIVERS\DP83815.SYS [2003-02-13 08:29] S3 FA312;Sterownik karty NETGEAR FA330/FA312/FA311 Fast Ethernet;C:\WINDOWS\system32\DRIVERS\FA312nd5.sys [2001-08-17 20:12] . ************************************************************************** catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2007-12-28 22:08:51 Windows 5.1.2600 Dodatek Service Pack 2 NTFS scanning hidden processes … scanning hidden autostart entries … scanning hidden files … scan completed successfully hidden files: 0 ************************************************************************** . Completion time: 2007-12-28 22:09:56 - machine was rebooted . 2007-12-14 16:17:33 — E O F —

Gutek · 28 Grudzień 2007 21:54

Wklej do Notatnika:

File::

C:\WINDOWS\system32\mdbafgfi.ini

C:\WINDOWS\system32\ivfeseym.ini

C:\WINDOWS\system32\pppeyeai.ini

C:\WINDOWS\system32\weujftjm.ini

C:\WINDOWS\system32\hcdomppo.ini

C:\WINDOWS\system32\yqahhegd.ini

C:\WINDOWS\system32\irqdlfch.ini

C:\WINDOWS\system32\ijmeetsi.ini

C:\WINDOWS\system32\kqhmsjjd.ini

C:\WINDOWS\system32\mqanatrc.ini

C:\WINDOWS\system32\tkdnkegx.ini

C:\WINDOWS\system32\tjconwqr.ini

C:\WINDOWS\system32\ksrxdowq.ini

C:\WINDOWS\system32\mcrh.tmp

C:\WINDOWS\system32\wokdcsrv.dll


Registry::

[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\evodelqk]

[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\c4ff68d3]

>>Plik>>Zapisz jako… >>> CFScript (najwygodniej będzie, jeśli zapiszesz w takiej lokalizacji, by ikonka CFScript.txt znalazła się obok ikonki ComboFix.exe )

Przeciągnij i upuść plik CFScript.txt na plik ComboFix.exe (czyli ikonkę CFScript.txt na ikonkę ComboFix.exe )

– podobnie jak na tym obrazku –>

(jeśli pojawi się pytanie " 1 or 2" - to wpisz 1 i naciśnij ENTER) Ma się rozpocząć usuwanie. (i powstanie log)

Po restarcie usuń ręcznie folder C: ** Qoobox**.

Po tym nowy log z Combo

zaba007 · 28 Grudzień 2007 22:11

ComboFix 07-12-21.4 - Kris 2007-12-28 23:03:10.3 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.2.1250.1.1045.18.73 [GMT 1:00] Running from: C:\Documents and Settings\Kris\Pulpit\ComboFix.exe . ((((((((((((((((((((((((( Files Created from 2007-11-28 to 2007-12-28 ))))))))))))))))))))))))))))))) . 2007-12-03 23:27 . 2007-12-03 23:20 507,904 --a------ C:\MoveOnBoot.msi 2007-12-03 23:19 . 2007-12-28 23:00 2007-12-03 23:19 . 2007-12-28 22:04 2007-12-03 23:19 . 2006-10-14 09:39 2007-12-03 23:19 . 2007-12-03 23:22 2007-12-03 23:19 . 2006-10-14 10:33 2007-12-03 23:19 . 2006-10-14 10:33 2007-12-03 23:19 . 2006-10-14 10:33 2007-12-03 23:08 . 2007-12-03 23:08 2007-12-03 21:33 . 2007-12-03 21:33 2007-12-03 21:31 . 2007-12-03 21:31 2007-12-03 21:07 . 2007-12-03 21:07 45,768 --a------ C:\WINDOWS\system32\drivers\MiniIcpt.sys 2007-12-03 20:48 . 2007-12-03 22:11 2007-12-03 20:42 . 2007-12-03 20:42 2007-12-02 20:33 . 2007-12-02 22:26 . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2007-12-28 14:57 --------- d-----w C:\Documents and Settings\Kris\Dane aplikacji\Skype 2007-12-27 20:18 --------- d-----w C:\Program Files\NAPI-PROJEKT 2007-12-27 11:16 --------- d-----w C:\Program Files\Winamp 2007-12-18 06:44 --------- d-----w C:\Program Files\Common Files\Adobe 2007-12-12 19:41 --------- d-----w C:\Program Files\LEX 2007-12-05 20:03 --------- d-----w C:\Documents and Settings\Kris\Dane aplikacji\Lavasoft 2007-12-03 21:00 --------- d-----w C:\Program Files\Google 2007-12-03 20:57 --------- d-----w C:\Program Files\Yahoo! 2007-12-03 19:44 --------- d–h--w C:\Program Files\InstallShield Installation Information 2007-12-02 21:26 --------- d-----w C:\Documents and Settings\Kris\Dane aplikacji\uTorrent 2007-12-02 19:53 --------- d-----w C:\Program Files\Gadu-Gadu 2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys 2007-10-29 22:44 1,291,264 ----a-w C:\WINDOWS\system32\quartz.dll 2007-10-20 05:01 227,328 ----a-w C:\WINDOWS\system32\wmasf.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] “ctfmon.exe”=“C:\WINDOWS\system32\ctfmon.exe” [2004-08-03 23:44] “Gadu-Gadu”=“C:\Program Files\Gadu-Gadu\gg.exe” [2006-10-03 12:55] “Skype”=“C:\Program Files\Skype\Phone\Skype.exe” [2006-06-12 16:33] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] “NvCplDaemon”=“RUNDLL32.exe” [2004-08-03 23:44 C:\WINDOWS\system32\rundll32.exe] “nwiz”=“nwiz.exe” [2003-09-11 13:43 C:\WINDOWS\system32\nwiz.exe] [HKEY_USERS.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] “CTFMON.EXE”=“C:\WINDOWS\System32\CTFMON.EXE” [2004-08-03 23:44] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^Adobe Reader Speed Launch.lnk] path=C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\Adobe Reader Speed Launch.lnk backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^WinZip Quick Pick.lnk] path=C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\WinZip Quick Pick.lnk backup=C:\WINDOWS\pss\WinZip Quick Pick.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader] 2005-06-06 23:46 57344 --a------ C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] 2005-10-28 15:25 94208 --a------ C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Gadu-Gadu] C:\Program Files\Gadu-Gadu\gg.exe /tray [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] 2001-07-09 09:50 155648 --a------ C:\WINDOWS\system32\NeroCheck.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NVIEW] rundll32.exe nview.dll,nViewLoadHook [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] C:\Program Files\QuickTime\qttask.exe -atboottime [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl] 2003-10-31 18:42 32768 --a------ C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype] C:\Program Files\Skype\Phone\Skype.exe /nosplash /minimized [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] 2005-11-10 12:03 36975 --a------ C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg] 2007-06-17 18:37 68856 --a------ C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UserFaultCheck] C:\WINDOWS\system32\dumprep 0 -u R2 ECBatteryDRV;ECBatteryDRV;C:\WINDOWS\system32\drivers\ECBatteryDRV.sys [2003-03-19 07:37] R2 ECMonitorDRV;ECMonitorDRV;C:\WINDOWS\system32\drivers\ECMonitorDRV.sys [2003-01-29 04:03] R2 ECUtilityDRV;ECUtilityDRV;C:\WINDOWS\system32\drivers\ECUtilityDRV.sys [2003-01-29 04:03] R2 HotCPUDRV;HotCPUDRV;C:\WINDOWS\system32\drivers\HotCPUDRV.sys [2003-01-29 04:03] R2 WinBootDRV;WinBootDRV;C:\WINDOWS\system32\drivers\WinBootDRV.sys [2003-01-29 04:02] R3 DP83815;National Semiconductor Corp. DP83815/816 NDIS 5.0 Miniport Driver;C:\WINDOWS\system32\DRIVERS\DP83815.SYS [2003-02-13 08:29] S3 FA312;Sterownik karty NETGEAR FA330/FA312/FA311 Fast Ethernet;C:\WINDOWS\system32\DRIVERS\FA312nd5.sys [2001-08-17 20:12] . ************************************************************************** catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2007-12-28 23:04:38 Windows 5.1.2600 Dodatek Service Pack 2 NTFS scanning hidden processes … scanning hidden autostart entries … scanning hidden files … scan completed successfully hidden files: 0 ************************************************************************** . Completion time: 2007-12-28 23:05:22 C:\ComboFix2.txt … 2007-12-28 23:00 C:\ComboFix3.txt … 2007-12-28 22:09 . 2007-12-14 16:17:33 — E O F —

Gutek · 28 Grudzień 2007 22:20

Już powinno być Ok

zaba007 · 28 Grudzień 2007 22:43

Przeskanowałam - nie restartuje się :lol: Pięknie dziękuję za pomoc. Jestem naprawdę wdzięczna Pozdrawiam serdecznie