• Presuň ComboFix na plochu,
• Otvor si poznámkový blok a skopíruj doňho:

KillAll::

File::
C:\Windows\tasks\Adobe Flash Player Updater.job
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
c:\users\Petr_2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 2.0.lnk

Folder::
c:\programdata\Spybot - Search & Destroy
c:\program files (x86)\Spybot - Search & Destroy
c:\programdata\Spywareterminator
c:\program files (x86)\Spywareterminator
c:\programdata\Spywarefighter
c:\program files (x86)\Spywarefighter

Registry::
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Windows Mobile Device Center"=-
"AdobeAAMUpdater-1.0"=-
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"LaunchList"=-
"AdobeBridge"=-
[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"SwitchBoard"=-
"AdobeCS6ServiceManager"=-
"ioTablet"=-
"SunJavaUpdateSched"=-
""=-
[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\RunOnce]
"InstallShieldSetup"=-
"InstallShieldSetup1"=-
"InstallShieldSetup2"=-

DDS::
uStart Page = hxxp://www.google.com
mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0405&m=aspire_m5910&r=17360911c106pe415v155w5721u069
mDefault_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0405&m=aspire_m5910&r=17360911c106pe415v155w5721u069
mSearchAssistant = hxxp://www.google.com
SSODL: WebCheck - <orphaned>
x64-mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0405&m=aspire_m5910&r=17360911c106pe415v155w5721u069
x64-Run: [Windows Mobile Device Center] C:\Windows\WindowsMobile\wmdc.exe
x64-Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
x64-Run: [SpywareTerminatorShield] C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorShield.exe
x64-Run: [SpywareTerminatorUpdater] C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorUpdate.exe
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-SSODL: WebCheck - <orphaned>

Firefox::
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&type=937811&p=

RegLock::
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]

• Ulož na plochu ako CFScript.txt,
• Potiahni CFScript nad ikonu ComboFixu.
• ComboFix vykoná príkazy zo skriptu, a pravdepodobne reštartuje PC.
• Následne vyskočí log, jeho obsah sem skopíruj.
----

• Stiahni SystemLook:
32 bit: http://jpshortstuff.247fixes.com/SystemLook.exe
64 bit: http://jpshortstuff.247fixes.com/SystemLook_x64.ex e
• Do bieleho okna skopíruj:

:filefind
*ask*
*apn*
*facemoods*

:folderfind
*ask*
*apn*
*facemoods*

:regfind
ask
apn
facemoods

• Klikni na Look,
• Prebehne sken a vyskočí log, jeho obsah sem skopíruj.
----

• Prehrieva sa ti grafika a disk, skús povysávať PC od prachu.
• Ten EVEREST stále nejde? V tom HWMonitor logu to neni vidno a na speedfan nieje 100% spoľahlivosť.