Prosím o preventivní kontrolu logu

[Nius]

Soubor 932B60D780432FF0A0DD1B44B4D83100226610E2.sys přijatý 2010.01.23 07:53:41 (UTC)
Současný stav: Dokončeno
Výsledek: 0/40 (0.00%)
Formátované Formátované
Vytisknout výsledky Vytisknout výsledky
Antivirus Verze Poslední aktualizace Výsledek
a-squared 4.5.0.50 2010.01.23 -
AhnLab-V3 5.0.0.2 2010.01.22 -
AntiVir 7.9.1.146 2010.01.22 -
Antiy-AVL 2.0.3.7 2010.01.22 -
Authentium 5.2.0.5 2010.01.23 -
Avast 4.8.1351.0 2010.01.22 -
AVG 9.0.0.730 2010.01.22 -
BitDefender 7.2 2010.01.23 -
CAT-QuickHeal 10.00 2010.01.22 -
ClamAV 0.94.1 2010.01.22 -
Comodo 3677 2010.01.23 -
DrWeb 5.0.1.12222 2010.01.23 -
eSafe 7.0.17.0 2010.01.21 -
eTrust-Vet 35.2.7255 2010.01.22 -
F-Prot 4.5.1.85 2010.01.22 -
F-Secure 9.0.15370.0 2010.01.23 -
Fortinet 4.0.14.0 2010.01.23 -
GData 19 2010.01.23 -
Ikarus T3.1.1.80.0 2010.01.23 -
Jiangmin 13.0.900 2010.01.23 -
K7AntiVirus 7.10.952 2010.01.22 -
Kaspersky 7.0.0.125 2010.01.23 -
McAfee 5869 2010.01.22 -
McAfee+Artemis 5869 2010.01.22 -
McAfee-GW-Edition 6.8.5 2010.01.23 -
Microsoft 1.5405 2010.01.22 -
NOD32 4798 2010.01.22 -
Norman 6.04.03 2010.01.22 -
nProtect 2009.1.8.0 2010.01.22 -
Panda 10.0.2.2 2010.01.22 -
PCTools 7.0.3.5 2010.01.23 -
Rising 22.31.04.04 2010.01.22 -
Sophos 4.50.0 2010.01.23 -
Sunbelt 3.2.1858.2 2010.01.23 -
Symantec 20091.2.0.41 2010.01.23 -
TheHacker 6.5.0.9.160 2010.01.23 -
TrendMicro 9.120.0.1004 2010.01.23 -
VBA32 3.12.12.1 2010.01.21 -
ViRobot 2010.1.22.2151 2010.01.22 -
VirusBuster 5.0.21.0 2010.01.22 -
Rozšiřující informace
File size: 1810560 bytes
MD5 : 31d64f244916bb367c158218d47dfadf
SHA1 : 0d8568512a8538665523a8946d6ec94b19a1b394
SHA256: 78ad72aa93f763f2a85698891f87c99260dd0f3420b7d6ef3dcbb835a869ba8c
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0xD3440
timedatestamp.....: 0x4A532A76 (Tue Jul 7 12:59:02 2009)
machinetype.......: 0x14C (Intel I386)

( 10 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x500 0x9F286 0x9F300 6.57 daa41aae14a949cab15d5f33a025c43f
page 0x9F800 0x33B7C 0x33B80 6.45 3970fed1eb14cd57803f08e359ddf883
init 0xD3380 0x340 0x380 5.64 3ccc79d6f4454285d3d778f0b83e6b87
.rdata 0xD3700 0x1DF14 0x1DF80 5.93 3c75b96f79ace59aa81617d972db4153
.data 0xF1680 0x631E0 0x63200 4.34 515a74918d8fe8833f9b63ca904a54bc
init 0x154880 0x8C 0x100 2.64 b8c68280a60540773b195edf7ffe1357
_PDATA 0x154980 0x54A08 0x54A80 6.51 9cb1e627c2a3290ec3e5b97578456089
INIT 0x1A9400 0x796 0x800 5.37 608fb06c30542444a4e3d81dfa37dda0
.rsrc 0x1A9C00 0x2B8 0x300 3.01 50c957b25cff28412c47621971f94762
.reloc 0x1A9F00 0x10128 0x10180 6.42 251029e53174246fe7c4ad6ee8d41355

( 3 imports )

> hal.dll: KeQueryPerformanceCounter
> ks.sys: KsCreatePin
> ntoskrnl.exe: RtlStringFromGUID, KeReleaseSemaphore, ObfDereferenceObject, KeSetEvent, ObReferenceObjectByHandle, ExEventObjectType, InterlockedIncrement, InterlockedDecrement, _purecall, RtlCompareUnicodeString, RtlCompareMemory, KeInitializeMutex, KeGetCurrentThread, KeWaitForSingleObject, KeReleaseMutex, ZwClose, IofCallDriver, IoBuildDeviceIoControlRequest, KeInitializeEvent, ZwCreateFile, KeResetEvent, InterlockedExchange, KeCancelTimer, KeClearEvent, InterlockedCompareExchange, KeSetTimer, PsTerminateSystemThread, RtlFreeUnicodeString, KeWaitForMultipleObjects, KeSetPriorityThread, PsCreateSystemThread, MmBuildMdlForNonPagedPool, IoAllocateMdl, ExFreePool, IoFreeIrp, IoFreeMdl, MmUnlockPages, MmMapLockedPages, MmProbeAndLockPages, _except_handler3, IoGetDeviceProperty, IofCompleteRequest, IoReleaseCancelSpinLock, IoDeleteDevice, IoDetachDevice, PoCallDriver, PoStartNextPowerIrp, IoAttachDeviceToDeviceStack, IoCreateDevice, IoWMIRegistrationControl, KeQuerySystemTime, _allmul, _aulldiv, MmMapLockedPagesSpecifyCache, KeInitializeTimer, RtlEqualUnicodeString, _vsnwprintf, wcslen, RtlInitUnicodeString, IoGetDeviceInterfaces, swprintf, ZwQueryValueKey, ZwSetValueKey, ZwDeleteValueKey, ZwCreateKey, ZwOpenKey, IoIsWdmVersionAvailable, KeDelayExecutionThread, IoAllocateIrp, ExAllocatePoolWithTag, RtlRaiseException, KeBugCheckEx, sprintf, memmove, strncpy

( 0 exports )
TrID : File type identification
Clipper DOS Executable (33.3%)
Generic Win/DOS Executable (33.0%)
DOS Executable Generic (33.0%)
VXD Driver (0.5%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.1%)
ssdeep: 24576:+JHRCU/liAQeXwaE4eYqL/7Lkev6Ho+ZqUgzARQS3wN6XeO+Nuqp:8HRCOlibeXwHnLjLkeCHpgkQWYGeu
PEiD : -
RDS : NSRL Reference Data Set
-

[Caroprd111]

Pokud nemáte, přesuňte Combofix na plochu
-otevřete si Poznámkový blok a zkopírujte do něj text z bílého okénka.

Kód: Vybrat vše

Driver::
NOD32FiXTemDono

File::
c:\windows\system32\regedt32.exe

-uložte Vámi vytvořený TXT soubor jako CFScript.txt na plochu
-po uložení uchopte vámi vytvořený skript levým myšítkem a přesuňte ho nad ikonu Combofixu, kde ho upustíte:



-po aplikaci na Vás vypadne další log,vložte ho sem


Jak to vypadá s PC

[Nius]

ComboFix 10-01-29.09 - Musilovi 2010-01-31 0:18.14.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1250.1.1029.18.2047.1646 [GMT 1:00]
Spuštěný z: c:\documents and settings\Musilovi\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\Musilovi\Plocha\CFScript.txt.txt
AV: avast! antivirus 4.8.1368 [VPS 100130-1] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

FILE ::
"c:\windows\system32\regedt32.exe"
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\regedt32.exe

.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_NOD32FiXTemDono


((((((((((((((((((((((((( Soubory vytvořené od 2009-12-28 do 2010-01-30 )))))))))))))))))))))))))))))))
.

2010-01-30 22:33 . 2010-01-30 22:33 -------- d-----w- C:\rsit
2010-01-30 22:19 . 2009-11-24 23:49 48560 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2010-01-30 22:19 . 2009-11-24 23:48 23120 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-01-30 22:19 . 2009-11-24 23:47 27408 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2010-01-30 22:19 . 2009-11-24 23:47 97480 ----a-w- c:\windows\system32\AvastSS.scr
2010-01-30 22:19 . 2009-11-24 23:51 93424 ----a-w- c:\windows\system32\drivers\aswmon.sys
2010-01-30 22:19 . 2009-11-24 23:50 94160 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2010-01-30 22:19 . 2009-11-24 23:50 114768 ----a-w- c:\windows\system32\drivers\aswSP.sys
2010-01-30 22:19 . 2009-11-24 23:50 20560 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-01-30 22:19 . 2009-11-24 23:54 1280480 ----a-w- c:\windows\system32\aswBoot.exe
2010-01-13 17:25 . 2009-11-21 16:03 471552 -c----w- c:\windows\system32\dllcache\aclayers.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-30 22:14 . 2008-03-27 20:16 -------- d-----w- c:\program files\Mozilla Thunderbird
2010-01-26 19:22 . 2008-03-28 20:53 138384 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2010-01-26 19:21 . 2008-03-28 20:53 215128 ----a-w- c:\windows\system32\PnkBstrB.exe
2009-12-27 20:05 . 2001-10-25 12:00 526198 ----a-w- c:\windows\system32\perfh005.dat
2009-12-27 20:05 . 2001-10-25 12:00 110244 ----a-w- c:\windows\system32\perfc005.dat
2009-12-21 22:00 . 2008-03-26 18:14 -------- d-----w- c:\program files\Windows Media Connect 2
2009-12-21 19:08 . 2006-06-23 12:27 916480 ------w- c:\windows\system32\wininet.dll
2009-12-10 19:43 . 2008-03-25 20:09 691696 ----a-w- c:\windows\system32\drivers\sptd.sys
2009-12-07 14:52 . 2009-12-07 14:51 5740566 ----a-w- c:\windows\REGBK09.ZIP
2009-12-07 14:40 . 2008-09-09 17:03 626688 ----a-w- c:\windows\system32\msvcr80.dll
2009-12-03 15:14 . 2009-03-24 15:42 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-12-03 15:13 . 2009-03-24 15:42 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-11-21 16:03 . 2002-09-20 17:03 471552 ----a-w- c:\windows\AppPatch\aclayers.dll
2009-11-10 18:39 . 2009-11-10 18:38 5609356 ----a-w- c:\windows\REGBK08.ZIP
.

------- Sigcheck -------

[7] 2008-06-20 . AD978A1B783B5719720CFF204B666C8E . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys
[7] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3GDR\tcpip.sys
[7] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\system32\dllcache\tcpip.sys
[-] 2008-06-20 . CBEEBEB899E31EF52B962CB31FC8CA5C . 361600 . . [5.1.2600.5625] . . c:\windows\system32\drivers\tcpip.sys
[7] 2008-06-20 . 2A5554FC5B1E04E131230E3CE035C3F9 . 360320 . . [5.1.2600.3394] . . c:\windows\$NtServicePackUninstall$\tcpip.sys
[7] 2008-06-20 . 744E57C99232201AE98C49168B918F48 . 360960 . . [5.1.2600.3394] . . c:\windows\$hf_mig$\KB951748\SP2QFE\tcpip.sys
[7] 2008-04-13 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\tcpip.sys
[-] 2007-10-30 . 64798ECFA43D78C7178375FCDD16D8C8 . 360832 . . [5.1.2600.3244] . . c:\windows\$hf_mig$\KB941644\SP2QFE\tcpip.sys
[-] 2006-04-20 . B2220C618B42A2212A59D91EBD6FC4B4 . 360576 . . [5.1.2600.2892] . . c:\windows\$hf_mig$\KB917953\SP2QFE\tcpip.sys
[-] 2006-04-20 . 1DBF125862891817F374F407626967F4 . 359808 . . [5.1.2600.2892] . . c:\windows\$hf_mig$\KB917953\SP2GDR\tcpip.sys
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SDM4500P"="d:\program files\SWT2000\HCM.exe" [2003-03-12 974921]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-05-03 13529088]
"avast!"="d:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-11-24 81000]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0OODBS

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"SpybotSD TeaTimer"=d:\program files\Spybot - Search & Destroy\TeaTimer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Malwarebytes' Anti-Malware"="e:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
"NvCplDaemon"=RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"d:\\Program files\\BitLord\\BitLord.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"d:\\Program files\\EA GAMES\\Battlefield 2\\BF2.exe"=
"e:\\Program files\\CZDC++\\CZDC.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"d:\\Program files\\uTorrent\\utorrent.exe"=
"e:\\Program files\\Ubisoft\\Crytek\\Far Cry\\Bin32\\FarCry.exe"=
"c:\\WINDOWS\\system32\\mmc.exe"=
"e:\\Program files\\Pinnacle\\Studio 11\\programs\\RM.exe"=
"e:\\Program files\\Pinnacle\\Studio 11\\programs\\Studio.exe"=
"e:\\Program files\\Pinnacle\\Studio 11\\programs\\PMSRegisterFile.exe"=
"e:\\Program files\\Pinnacle\\Studio 11\\programs\\umi.exe"=
"e:\\Program files\\Ubisoft\\Far Cry 2\\bin\\FarCry2.exe"=
"d:\\Program files\\EA GAMES\\Battlefield 2\\BF2VoipServer.exe"=
"d:\\Program files\\EA GAMES\\Battlefield 2\\BF2VoipServer_w32ded.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R0 pe3ah4nc;DiRT Environment Driver (pe3ah4nc);c:\windows\system32\drivers\pe3ah4nc.sys [2007-05-18 64880]
R0 ps6ah4nc;DiRT Synchronization Driver (ps6ah4nc);c:\windows\system32\drivers\ps6ah4nc.sys [2007-05-18 55160]
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [2008-03-25 691696]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2010-01-30 114768]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2010-01-30 20560]
R2 MBAMService;MBAMService;e:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2009-03-24 276816]
R3 LachesisFltr;Lachesis Mouse Driver;c:\windows\system32\drivers\Lachesis.sys [2008-12-18 12032]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2009-03-24 19160]
S2 pr2ah4nc;DiRT Drivers Auto Removal (pr2ah4nc);c:\windows\system32\pr2ah4nc.exe svc --> c:\windows\system32\pr2ah4nc.exe svc [?]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [2009-03-25 1684736]
S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2009-11-02 79360]
S3 Ctafilt;Ctafilt;c:\windows\system32\drivers\Ctafilt.SYS [2009-11-02 1810560]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
uInternet Connection Wizard,ShellNext = iexplore
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: {{7E6A20FB-153F-402c-A84B-1A64E1955D3D} - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - c:\documents and settings\All Users\Data aplikací\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748449} - {CC963627-B1DC-40E0-B52A-CF21EE748449} - c:\documents and settings\All Users\Data aplikací\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748450} - {CC963627-B1DC-40E0-B52A-CF21EE748450} - c:\documents and settings\All Users\Data aplikací\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748451} - {CC963627-B1DC-40E0-B52A-CF21EE748451} - c:\documents and settings\All Users\Data aplikací\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748452} - {CC963627-B1DC-40E0-B52A-CF21EE748452} - c:\documents and settings\All Users\Data aplikací\LangSoft\WebIE.dll
Trusted Zone: com.tw\asia.msi
Trusted Zone: com.tw\global.msi
Trusted Zone: com.tw\www.msi
DPF: {8167C273-DF59-4416-B647-C8BB2C7EE83E} - hxxp://liveupdate.msi.com.tw/autobios/LOnline/install.cab
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -

AddRemove-Eset NOD32 v3.0.642 FiX1.2 by TemDono_is1 - c:\program files\ESET\ESET NOD32 Antivirus\unins000.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-01-31 00:24
Windows 5.1.2600 Service Pack 3 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntoskrnl.exe CLASSPNP.SYS disk.sys atapi.sys spht.sys hal.dll >>UNKNOWN [0x8A760938]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xf763bf28
\Driver\ACPI -> ACPI.sys @ 0xf74a3cb8
\Driver\atapi -> atapi.sys @ 0xf7837b40
IoDeviceObjectType -> SecurityProcedure -> ntoskrnl.exe @ 0x805d96a1
\Device\Harddisk0\DR0 -> SecurityProcedure -> ntoskrnl.exe @ 0x805d96a1
NDIS: Realtek RTL8168/8111 PCI-E Gigabit Ethernet NIC -> SendCompleteHandler -> NDIS.sys @ 0xf7a20bb0
PacketIndicateHandler -> NDIS.sys @ 0xf7a2da21
SendHandler -> NDIS.sys @ 0xf7a0b87b
user & kernel MBR OK

**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_USERS\S-1-5-21-1454471165-1659004503-725345543-1004\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:1a,db,4d,db,9b,18,8f,32,6b,f9,b3,3b,0d,fd,9c,ca,3a,d9,af,cc,b0,21,97,
81,b8,d2,f6,1a,cb,92,98,b3,5e,7e,2d,f6,39,be,b2,f2,e9,5c,a1,6b,ab,54,fc,b5,\
"??"=hex:6c,25,4a,62,36,54,5c,8c,d5,63,ab,68,21,1c,e9,b1

[HKEY_USERS\S-1-5-21-1454471165-1659004503-725345543-1004\Software\SecuROM\License information*]
"datasecu"=hex:38,17,41,c7,ab,6b,86,63,c6,27,30,d3,aa,ef,62,0c,d8,b1,67,1f,1f,
3e,54,4b,95,e9,7f,74,bb,bd,f4,28,cd,d3,1d,fd,7f,71,43,a2,3a,ca,fa,d0,e5,69,\
"rkeysecu"=hex:76,bf,da,18,5f,79,8e,98,4d,a3,6c,20,87,bd,0a,c4
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'explorer.exe'(2852)
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
d:\program files\Alwil Software\Avast4\aswUpdSv.exe
d:\program files\Alwil Software\Avast4\ashServ.exe
c:\program files\Creative\Shared Files\CTAudSvc.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\oodag.exe
c:\windows\system32\PnkBstrA.exe
c:\windows\system32\PnkBstrB.exe
d:\program files\Alwil Software\Avast4\ashMaiSv.exe
d:\program files\Alwil Software\Avast4\ashWebSv.exe
c:\windows\System32\wbem\wmiapsrv.exe
.
**************************************************************************
.
Celkový čas: 2010-01-31 00:27:03 - počítač byl restartován
ComboFix-quarantined-files.txt 2010-01-30 23:27
ComboFix2.txt 2010-01-30 21:48

Před spuštěním: 4,117,413,888
Po spuštění: 4,017,201,152

Current=2 Default=2 Failed=1 LastKnownGood=4 Sets=1,2,3,4
- - End Of File - - 5D0D6CFDD94400533DC5C33778CC04C8

[Caroprd111]

Jak se chová PC

[Nius]

chová se dobře musím vyzkoušet to zamrzání pokaždé to neudělalo tak budu vidět
zatím moc děkuji

[Caroprd111]

Odinstalujte ComboFix přes:
Start >> Spustit, zkopírujte do okénka:
ComboFix /Uninstall

stiskněte Enter

Stáhněte T-Cleaner
http://sweb.cz/Marinus/T-Cleaner.exe

- Spusťte, pro potvrzení volby mačkejte klávesu A, Enter
- Po použití program vymažte. Pozor,antiviry ho mohou falešně označit za vir.


Pokud bude problém přetrvávat, tak se ozvěte.

Nemáte zač