bład c 000021a{b

[kaza2 0]

witam

 

mam taki problem polega on na tym iż przy wyłączaniu komputera na samym końcu wyskauje mi taki bład bład c 000021a{b.

 

 

d Krytyczny Systemu}

Proces Systemowy Windows Logon Process zakończył sie niespodziewanie ze stanem 0x00000000 (0x00000000 0x00000000)

System został zamkniety."

 

Pojawia on ,się na niebieskim ekranie

 

 

 

to jest log z combofixa

 

 

ComboFix 10-07-26.04 - damian 2010-07-27 19:38:08.2.1 - x86

Microsoft Windows XP Professional 5.1.2600.2.1250.48.1045.18.1023.656 [GMT 2:00]

Uruchomiony z: c:\documents and settings\damian\Moje dokumenty\Pobieranie\ComboFix.exe

FW: AVG Firewall *disabled* {8decf618-9569-4340-b34a-d78d28969b66}

* Utworzono nowy punkt przywracania

.

 

((((((((((((((((((((((((((((((((((((((( Usunięto )))))))))))))))))))))))))))))))))))))))))))))))))

.

 

c:\windows\daemon.dll

 

.

((((((((((((((((((((((((( Pliki utworzone od 2010-06-27 do 2010-07-27 )))))))))))))))))))))))))))))))

.

 

2010-07-19 17:52 . 2010-07-19 17:52 -------- d-----w- c:\program files\D-Tools

2010-07-09 14:21 . 2010-07-18 14:08 -------- d---a-w- c:\documents and settings\All Users\Dane aplikacji\Sports Interactive

2010-07-09 13:58 . 2010-07-09 20:59 -------- d-----w- c:\program files\Odkurzacz

2010-07-09 12:43 . 2010-07-09 12:43 -------- d-----w- c:\program files\CCleaner

2010-07-08 21:39 . 2010-07-08 21:39 24576 ---ha-w- C:\SZKGFS.dat

2010-07-08 21:34 . 2010-07-08 21:34 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\SITEguard

2010-07-08 21:32 . 2010-07-08 21:32 -------- d-----w- c:\program files\STOPzilla!

2010-07-08 21:32 . 2010-07-08 21:32 -------- d-----w- c:\program files\Common Files\iS3

2010-07-08 21:32 . 2010-07-27 17:38 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\STOPzilla!

2010-07-08 21:19 . 2001-10-26 14:48 9600 -c--a-w- c:\windows\system32\dllcache\ntapm.sys

2010-07-08 21:19 . 2001-10-26 14:48 9600 ----a-w- c:\windows\system32\drivers\NtApm.sys

2010-07-07 22:01 . 2010-07-26 20:11 -------- d-----w- c:\program files\Steam

2010-07-05 08:17 . 2010-07-05 08:17 62464 ----a-w- c:\windows\system32\wineay32.dll

 

.

(((((((((((((((((((((((((((((((((((((((( Sekcja Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-07-27 17:38 . 2010-07-27 17:37 1096 ----a-w- c:\windows\system32\drivers\kgpcpy.cfg

2010-07-27 16:35 . 2010-04-13 07:10 -------- d-----w- c:\documents and settings\damian\Dane aplikacji\Skype

2010-07-27 16:13 . 2010-04-08 16:15 -------- d-----w- c:\program files\Gadu-Gadu 10

2010-07-27 14:57 . 2010-04-13 17:41 -------- d-----w- c:\documents and settings\damian\Dane aplikacji\skypePM

2010-07-26 20:11 . 2010-04-12 19:41 -------- d-----w- c:\program files\Real Alternative

2010-07-09 15:59 . 2010-05-26 20:49 -------- d-----w- c:\program files\VirtualDJ

2010-07-09 14:46 . 2010-04-10 11:37 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\OpenFM

2010-07-09 14:21 . 2010-04-16 19:06 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\Symantec

2010-07-09 14:21 . 2010-04-16 19:06 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\Norton

2010-07-09 14:21 . 2010-05-20 17:48 -------- d-----w- c:\documents and settings\damian\Dane aplikacji\Sports Interactive

2010-07-09 13:05 . 2010-04-12 08:54 -------- d-----w- c:\program files\AIMP2

2010-07-09 12:51 . 2010-06-20 17:31 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\Spybot - Search & Destroy

2010-07-01 18:49 . 2010-05-26 13:27 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\FLEXnet

2010-07-01 18:01 . 2010-04-08 19:02 -------- d-----w- c:\documents and settings\damian\Dane aplikacji\Gadu-Gadu 10

2010-06-28 08:56 . 2010-06-07 07:33 -------- d-----w- c:\program files\MaxUp Video Downloader

2010-06-27 08:22 . 2010-06-27 08:22 -------- d-----w- c:\program files\Free PDF to Word Doc Converter

2010-06-27 08:21 . 2010-06-27 08:15 -------- d-----w- c:\program files\ABC Amber PDF Converter

2010-06-20 17:48 . 2010-06-20 17:31 -------- d-----w- c:\program files\Spybot - Search & Destroy

2010-06-18 10:01 . 2010-06-12 05:27 -------- d-----w- c:\program files\pdfforge Toolbar

2010-06-18 08:16 . 2010-06-18 08:16 -------- d-----w- c:\program files\ESET

2010-06-14 16:54 . 2010-06-14 16:54 -------- d-----w- c:\program files\Audacity

2010-06-14 14:18 . 2010-06-14 14:18 -------- d-----w- c:\program files\AvRack

2010-06-14 14:18 . 2010-04-08 16:05 -------- d--h--w- c:\program files\InstallShield Installation Information

2010-06-14 13:57 . 2010-05-30 18:16 -------- d-----w- c:\program files\Creative

2010-06-12 05:56 . 2010-06-12 05:56 -------- d-----w- c:\documents and settings\damian\Dane aplikacji\Search Settings

2010-06-12 05:56 . 2010-06-12 05:56 -------- d-----w- c:\documents and settings\damian\Dane aplikacji\pdfforge

2010-06-12 05:28 . 2010-06-12 05:27 -------- d-----w- c:\program files\PDFCreator

2010-06-12 05:27 . 2010-06-12 05:27 -------- d-----w- c:\windows\system32\config\systemprofile\Dane aplikacji\Application Updater

2010-06-12 05:27 . 2010-06-12 05:27 -------- d-----w- c:\program files\Application Updater

2010-06-10 05:34 . 2010-06-10 05:34 107888 ----a-w- c:\windows\system32\CmdLineExt.dll

2010-06-09 14:04 . 2010-06-09 14:04 -------- d-----w- c:\documents and settings\damian\Dane aplikacji\Leadertech

2010-06-07 07:37 . 2010-06-07 07:33 -------- d-----w- c:\documents and settings\damian\Dane aplikacji\maxup

2010-06-02 07:59 . 2010-06-02 07:55 -------- d-----w- c:\documents and settings\damian\Dane aplikacji\Ahead

2010-06-02 07:58 . 2010-06-01 15:34 -------- d-----w- c:\program files\MoorHunt

2010-06-02 07:54 . 2010-06-02 07:54 -------- d-----w- c:\program files\Common Files\Ahead

2010-06-02 07:54 . 2010-06-02 07:54 -------- d-----w- c:\program files\Nero

2010-05-30 16:38 . 2010-04-08 19:40 42936 ----a-w- c:\documents and settings\damian\Ustawienia lokalne\Dane aplikacji\GDIPFONTCACHEV1.DAT

2010-05-26 16:54 . 2010-04-08 19:02 1324 ----a-w- c:\windows\system32\d3d9caps.dat

2010-05-03 20:33 . 2001-10-26 18:15 79386 ----a-w- c:\windows\system32\perfc015.dat

2010-05-03 20:33 . 2001-10-26 18:15 457230 ----a-w- c:\windows\system32\perfh015.dat

2010-04-29 17:32 . 2010-04-29 17:32 54272 ----a-w- c:\documents and settings\damian\Dane aplikacji\GanymedeNet\Online Games\Common\ielauncher.exe

2010-04-29 17:32 . 2010-04-29 17:32 4 ----a-w- c:\windows\system32\proc-220146841.bin

2004-08-03 22:44 . 2004-08-03 22:44 165610 --sha-r- c:\windows\system32\mwdbx.dll

.

 

((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane

REGEDIT4

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Gadu-Gadu"="c:\program files\Gadu-Gadu\gg.exe" [2008-03-20 2127296]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"DAEMON Tools-1033"="c:\program files\D-Tools\daemon.exe" [2002-06-22 73728]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-03 15360]

"ATICCC"="c:\program files\ATI Technologies\ATI.ACE\cli.exe" [2004-08-25 28672]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\wineay32]

2010-07-05 08:17 62464 ----a-w- c:\windows\system32\wineay32.dll

 

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^ATI CATALYST System Tray.lnk]

 

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^BlueSoleil.lnk]

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ADSTOP

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]

2010-06-09 08:06 976832 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]

2010-04-04 05:42 36272 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS4ServiceManager]

2008-08-14 05:58 611712 ----a-w- c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATICCC]

2004-08-25 12:25 28672 ----a-w- c:\program files\ATI Technologies\ATI.ACE\CLI.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIPTA]

2004-08-25 10:52 339968 ----a-w- c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]

2005-12-16 10:57 94208 ----a-w- c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools-1033]

2002-06-22 13:04 73728 ----a-w- c:\program files\D-Tools\daemon.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Gadu-Gadu]

2008-03-20 10:04 2127296 ----a-w- c:\program files\Gadu-Gadu\gg.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MaxUp Video Downloader]

2010-02-11 21:26 30720 ----a-w- c:\program files\MaxUp Video Downloader\maxup.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]

2004-08-03 22:55 1667584 ------w- c:\program files\Messenger\msmsgs.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]

2010-04-06 00:27 26102056 ----a-r- c:\program files\Skype\Phone\Skype.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]

2003-08-15 07:34 57344 ------w- c:\windows\soundman.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

2010-01-11 13:21 246504 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\Gadu-Gadu 10\\gg.exe"=

"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=

"c:\\Program Files\\Gadu-Gadu\\gg.exe"=

"c:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil_.exe"=

"d:\\Program Files\\Sports Interactive\\Football Manager 2010\\fm.exe"=

"c:\\Program Files\\Common Files\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"=

"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=

"c:\\Program Files\\Steam\\Steam.exe"=

"c:\\Program Files\\Steam\\steamapps\\common\\football manager 2009\\fm.exe"=

"c:\\WINDOWS\\system32\\winver.exe"=

"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"5353:TCP"= 5353:TCP:Adobe CSI CS4

"6010:TCP"= 6010:TCP:lnlap

 

R0 Stlth317;Stlth317;c:\windows\system32\drivers\stlth317.sys [2002-08-07 83360]

R0 szkg5;szkg5;c:\windows\system32\drivers\SZKG.sys [2009-12-07 61328]

R0 szkgfs;szkgfs;c:\windows\system32\drivers\SZKGFS.sys [2010-02-24 173328]

R2 Application Updater;Application Updater;c:\program files\Application Updater\ApplicationUpdater.exe [2010-01-08 380928]

R3 ip100xp;ASUS NX1001 Network Adapter NT Driver;c:\windows\system32\drivers\ipfnd51.sys [2010-03-22 26752]

S0 is3srv;is3srv;c:\windows\system32\drivers\is3srv.sys [2009-12-07 61328]

S2 iythfhkg;Monitor Boot;c:\windows\system32\svchost.exe -k netsvcs [2004-08-04 14336]

S3 bnsqsjeel;bnsqsjeel;\??\c:\windows\system32\04.tmp --> c:\windows\system32\04.tmp [?]

S3 NtApm;Sterownik interfejsu NT Apm/Legacy;c:\windows\system32\drivers\NtApm.sys [2010-07-08 9600]

 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs

iythfhkg

.

.

------- Skan uzupełniający -------

.

uStart Page = wyborcza.pl/0,0.html?p=030

uInternet Connection Wizard,ShellNext = iexplore

IE: E&ksport do programu Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

TCP: {87D52A02-64D4-4FC5-90E2-8B4D66ECA5B6} = 10.1.2.1

FF - ProfilePath - c:\documents and settings\damian\Dane aplikacji\Mozilla\Firefox\Profiles\hh8anj7i.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.google.pl/

FF - component: c:\program files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}\components\SkypeFfComponent.dll

FF - component: c:\program files\pdfforge Toolbar\FF\components\pdfforgeToolbarFF.dll

FF - plugin: c:\program files\Mozilla Firefox\plugins\NPNAVY.dll

 

---- FIREFOX - SPOSÓB POSTĘPOWANIA ----

c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type", 5);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true);

c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);

c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");

c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);

c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);

.

- - - - USUNIĘTO PUSTE WPISY - - - -

 

Notify-TPSvc - TPSvc.dll

AddRemove-Enable S3 for USB Device - c:\program files\Gigabyte\Enable S3 for USB Device\Uninst.isu

 

 

 

**************************************************************************

 

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2010-07-27 19:44

Windows 5.1.2600 Dodatek Service Pack 2 NTFS

 

skanowanie ukrytych procesów ...

 

skanowanie ukrytych wpisów autostartu ...

 

skanowanie ukrytych plików ...

 

skanowanie pomyślnie ukończone

ukryte pliki: 0

 

**************************************************************************

 

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

 

device: opened successfully

user: MBR read successfully

called modules: ntoskrnl.exe catchme.sys CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x86210E68]<<

kernel: MBR read successfully

detected MBR rootkit hooks:

\Driver\Disk -> CLASSPNP.SYS @ 0xf7892fc3

\Driver\ACPI -> ACPI.sys @ 0xf77bbcb8

IoDeviceObjectType -> DeleteProcedure -> ntoskrnl.exe @ 0x805a1afe

ParseProcedure -> ntoskrnl.exe @ 0x80570a6e

\Device\Harddisk0\DR0 -> DeleteProcedure -> ntoskrnl.exe @ 0x805a1afe

ParseProcedure -> ntoskrnl.exe @ 0x80570a6e

NDIS: ASUS NX1001 Network Adapter -> SendCompleteHandler -> NDIS.sys @ 0xf7616bc3

PacketIndicateHandler -> NDIS.sys @ 0xf7622b21

SendHandler -> NDIS.sys @ 0xf7616d33

user & kernel MBR OK

 

**************************************************************************

 

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\bnsqsjeel]

"ImagePath"="\??\c:\windows\system32\04.tmp"

 

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\iythfhkg]

"ServiceDll"="c:\windows\system32\mwdbx.dll"

.

--------------------- Pliki DLL ładowane pod uruchomionymi procesami ---------------------

 

- - - - - - - > 'winlogon.exe'(604)

c:\windows\system32\Ati2evxx.dll

c:\windows\system32\wineay32.dll

.

Czas ukończenia: 2010-07-27 19:47:20

ComboFix-quarantined-files.txt 2010-07-27 17:47

ComboFix2.txt 2010-07-08 05:53

 

Przed: 81 371 856 896 bajtów wolnych

Po: 81 387 241 472 bajtów wolnych

 

- - End Of File - - CCEBFB5EF275A5473F072BA5FA026DBE

[tehawanka 0]

Wklej do systemowego notatnika:

File::

c:\windows\system32\04.tmp

c:\windows\system32\mwdbx.dll

c:\windows\system32\wineay32.dll

 

Folder::

c:\program files\Application Updater

c:\windows\system32\config\systemprofile\Dane aplikacji\Application Updater

 

Registry::

[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\wineay32]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"6010:TCP"=-

 

Driver::

Application Updater

iythfhkg

bnsqsjeel

 

NetSvcs::

iythfhkg

Plik zapisz pod nazwą CFScript

Teraz plik przeciągnij i upuść na ikonę ComboFix:

 

Log umieść tutaj i podaj link.

[kaza2 0]

http://wklej.org/id/369602/

 

 

prosze

[tehawanka 0]

Utwórz nowy CFScript i przeciągnij na ComboFix:

File::

c:\windows\system32\xjdhw.dll

c:\windows\system32\mwdbx.dll

 

Registry::

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]

"UstwqPm"=-

 

Driver::

rmqepa

 

NetSvcs::

rmqepa

Pokaż nowy log.

[kaza2 0]

Utwórz nowy CFScript i przeciągnij na ComboFix:

 

Pokaż nowy log.

c a to już w czwartek vbo mnie nie ma na kompie u siebie jakbyś mógł mojej dziewczyny sprawdzić

http://forum.pclab.pl/topic/608798-poprosze-osprawdzenie-loga/page__p__8319987entry8319987

 

dzięki

[tehawanka 0]

Log wygląda OK.

Skasuj kwarantannę od ComboFix - C:\Qoobox

Wyłącz na chwilę przywracanie systemu (punkt 19) - Klik

Foldery tymczasowe wyczyść za pomocą TFC

Dysk przeskanuj Malwarebytes' Anti-Malware

 

Jeżeli chodzi o poprzedni komputer to zainstaluj niezbędne poprawki: Klik Klik

Zamknij porty Windows Worms Doors Cleaner lub Seconfig XP punkt 16

[kaza2 0]

http://wklejtekst.pl/xn

 

 

log po skanie

[tehawanka 0]

Chyba wiesz do czego służą pliki od Photoshop i Assassins Creed i sam zdecyduj o ich usunięciu.

Wszystkie pozostałe są do usunęcia, po zakończeniu skanowania kliknij Usuń zaznaczone.