Kontrola

[self_defense]

http://www.virustotal.com/cs/analisis/4 ... 1270902687

[self_defense]

Antivirus Verze Poslední aktualizace Výsledek
a-squared 4.5.0.50 2010.04.10 -
AhnLab-V3 5.0.0.2 2010.04.10 -
AntiVir 7.10.6.55 2010.04.09 -
Antiy-AVL 2.0.3.7 2010.04.09 -
Authentium 5.2.0.5 2010.04.09 -
Avast 4.8.1351.0 2010.04.10 -
Avast5 5.0.332.0 2010.04.10 -
AVG 9.0.0.787 2010.04.10 -
BitDefender 7.2 2010.04.10 -
CAT-QuickHeal 10.00 2010.04.10 -
ClamAV 0.96.0.3-git 2010.04.10 -
Comodo 4555 2010.04.10 -
DrWeb 5.0.2.03300 2010.04.10 -
eTrust-Vet 35.2.7418 2010.04.09 -
F-Prot 4.5.1.85 2010.04.09 -
F-Secure 9.0.15370.0 2010.04.10 -
Fortinet 4.0.14.0 2010.04.10 -
GData 19 2010.04.10 -
Ikarus T3.1.1.80.0 2010.04.10 -
Jiangmin 13.0.900 2010.04.10 -
Kaspersky 7.0.0.125 2010.04.10 -
McAfee-GW-Edition 6.8.5 2010.04.09 -
Microsoft 1.5605 2010.04.10 -
NOD32 5014 2010.04.09 -
Norman 6.04.11 2010.04.10 -
nProtect 2009.1.8.0 2010.04.06 -
Panda 10.0.2.2 2010.04.09 -
PCTools 7.0.3.5 2010.04.10 -
Prevx 3.0 2010.04.10 -
Rising 22.42.04.03 2010.04.09 -
Sophos 4.52.0 2010.04.10 -
Sunbelt 6160 2010.04.10 -
Symantec 20091.2.0.41 2010.04.10 -
TheHacker 6.5.2.0.259 2010.04.10 -
TrendMicro 9.120.0.1004 2010.04.10 -
VBA32 3.12.12.4 2010.04.09 -
ViRobot 2010.4.10.2270 2010.04.10 -
VirusBuster 5.0.27.0 2010.04.09 -
Rozšiřující informace
File size: 506880 bytes
MD5...: bbb128d4d36d82a3588de37966acdab0
SHA1..: b08ad5421244377c0cc84f42163a86f2d12cde25
SHA256: 43eaf15102a463e554aea225f2d0f637781f7952315b85a21c4ebaf36a9fd4d3
ssdeep: 6144:k6O9Zl4K96awxmuHQiAFOhpuwBRMjbRn90S2bCrrFm5vwXVk/f+w11gtYTE
a:sJkmuHfUw3UbRnW7bCgxwC+W18
PEiD..: -
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x3e331
timedatestamp.....: 0x4678fcce (Wed Jun 20 10:09:18 2007)
machinetype.......: 0x14c (I386)

( 3 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x704fd 0x70600 6.80 cd061a171a963a12b747a7729906ff00
.data 0x72000 0x4e74 0x2000 6.28 027c432552f3c74fe4456b14ccf8bc81
.rsrc 0x77000 0x9038 0x9200 3.63 8eee8b971610c922fc22bac73ce357f9

( 20 imports )
> ADVAPI32.dll: ConvertStringSecurityDescriptorToSecurityDescriptorA, A_SHAInit, A_SHAUpdate, A_SHAFinal, LsaStorePrivateData, LsaRetrievePrivateData, LsaNtStatusToWinError, CryptGetUserKey, CryptGetKeyParam, CryptEncrypt, CryptSetProvParam, CryptSignHashW, CryptDeriveKey, CryptGetProvParam, RegOpenCurrentUser, RegDeleteKeyW, AddAccessAllowedAceEx, RegSetKeySecurity, I_ScSendTSMessage, MD5Init, MD5Update, MD5Final, SetFileSecurityA, AllocateLocallyUniqueId, LsaOpenPolicy, LsaQueryInformationPolicy, LsaFreeMemory, LsaClose, RegNotifyChangeKeyValue, QueryServiceConfigW, SetKernelObjectSecurity, ConvertStringSecurityDescriptorToSecurityDescriptorW, RegEnumKeyExW, GetCurrentHwProfileW, RegCloseKey, RegQueryValueExW, RegOpenKeyW, FreeSid, SetSecurityDescriptorDacl, InitializeSecurityDescriptor, AddAccessAllowedAce, InitializeAcl, GetLengthSid, AllocateAndInitializeSid, RegOpenKeyExW, CreateProcessAsUserW, DuplicateTokenEx, CloseServiceHandle, ControlService, StartServiceW, QueryServiceStatus, OpenServiceW, OpenSCManagerW, EqualSid, GetTokenInformation, RegSetValueExW, RegCreateKeyExW, CryptGenRandom, CryptImportKey, CryptAcquireContextW, CryptReleaseContext, CryptDestroyKey, CryptDestroyHash, CryptVerifySignatureW, CryptSetHashParam, CryptGetHashParam, CryptHashData, CryptCreateHash, CryptDecrypt, ReportEventW, RegisterEventSourceW, RegEnumValueW, RegQueryInfoKeyW, RegDeleteValueW, CredFree, CredDeleteW, CredEnumerateW, CopySid, GetSidLengthRequired, GetSidSubAuthority, GetSidSubAuthorityCount, GetUserNameW, OpenThreadToken, EnumServicesStatusW, ImpersonateLoggedOnUser, RegQueryValueExA, CheckTokenMembership, DeregisterEventSource, LsaGetUserName, RevertToSelf, LookupAccountSidW, IsValidSid, SetTokenInformation, LogonUserW, LookupAccountNameW, OpenProcessToken, SynchronizeWindows31FilesAndWindowsNTRegistry, QueryWindows31FilesMigration, AdjustTokenPrivileges, RegQueryInfoKeyA
> AUTHZ.dll: AuthzInitializeResourceManager, AuthzAccessCheck, AuthziFreeAuditEventType, AuthziInitializeAuditEvent, AuthziInitializeAuditParams, AuthziInitializeAuditEventType, AuthziLogAuditEvent, AuthzFreeAuditEvent, AuthzFreeResourceManager, AuthzFreeHandle
> CRYPT32.dll: CryptImportPublicKeyInfo, CryptVerifyMessageSignature, CertCreateCertificateContext, CertSetCertificateContextProperty, CertVerifyCertificateChainPolicy, CryptSignMessage, CertCloseStore, CertComparePublicKeyInfo, CryptExportPublicKeyInfo, CertFindExtension, CryptDecryptMessage, CertGetCertificateContextProperty, CertAddCertificateContextToStore, CertOpenStore, CertVerifySubjectCertificateContext, CertGetIssuerCertificateFromStore, CertDuplicateCertificateContext, CertFreeCertificateContext, CertEnumCertificatesInStore, CryptImportPublicKeyInfoEx
> GDI32.dll: RemoveFontResourceW, AddFontResourceW
> KERNEL32.dll: WTSGetActiveConsoleSessionId, GetTimeFormatW, GetUserDefaultLCID, FileTimeToSystemTime, FileTimeToLocalFileTime, GetProcAddress, LoadLibraryW, GetModuleHandleW, SystemTimeToFileTime, GetSystemTime, SetLastError, TerminateProcess, GetCurrentProcess, CreateTimerQueueTimer, CreateThread, lstrcpynW, GetShortPathNameW, GetProfileStringW, FreeLibrary, ReleaseSemaphore, CreateSemaphoreW, GetSystemInfo, GetComputerNameW, GetEnvironmentVariableW, WaitForSingleObjectEx, LoadResource, FindResourceW, SetThreadExecutionState, DeleteTimerQueueTimer, ResetEvent, GetSystemDirectoryW, TransactNamedPipe, SetNamedPipeHandleState, GetTickCount, CreateFileW, GlobalGetAtomNameW, VirtualLock, VirtualQuery, GetDriveTypeW, Beep, QueueUserWorkItem, ExpandEnvironmentStringsW, OpenMutexW, LeaveCriticalSection, EnterCriticalSection, DisconnectNamedPipe, SearchPathW, lstrcatW, LocalReAlloc, TerminateThread, ResumeThread, GetDiskFreeSpaceExW, GlobalMemoryStatusEx, DeleteFileW, WriteProfileStringW, ReadFile, FindVolumeClose, FindNextVolumeW, FindFirstVolumeW, FormatMessageW, SetPriorityClass, MoveFileExW, WaitForMultipleObjectsEx, GetExitCodeProcess, SleepEx, InterlockedExchange, FindClose, FindFirstFileW, GetWindowsDirectoryW, SetTimerQueueTimer, GetComputerNameA, GetVersionExW, VerSetConditionMask, WriteFile, WaitNamedPipeW, WaitForMultipleObjects, ConnectNamedPipe, DuplicateHandle, OpenProcess, GetOverlappedResult, GetVersionExA, lstrcmpW, SetEnvironmentVariableW, UnregisterWait, CreateNamedPipeW, CreateRemoteThread, CreateActCtxW, GetModuleFileNameW, ExitProcess, LoadLibraryExW, SetErrorMode, SetUnhandledExceptionFilter, GetPrivateProfileStringW, LocalSize, VirtualAlloc, VirtualQueryEx, DebugBreak, CreateFileA, InitializeCriticalSection, ProcessIdToSessionId, PostQueuedCompletionStatus, TerminateJobObject, PulseEvent, GetQueuedCompletionStatus, SetInformationJobObject, CreateIoCompletionPort, CreateJobObjectW, AssignProcessToJobObject, ActivateActCtx, DeactivateActCtx, InterlockedCompareExchange, LoadLibraryA, QueryPerformanceCounter, GetSystemTimeAsFileTime, UnhandledExceptionFilter, GetModuleHandleA, GetStartupInfoA, GetCurrentProcessId, SetThreadPriority, GetCurrentThreadId, lstrcmpiW, GetProfileIntW, LoadLibraryExA, lstrcpyW, lstrlenW, Sleep, LocalAlloc, CreateEventW, GetExitCodeThread, SetThreadAffinityMask, GetProcessAffinityMask, CreateWaitableTimerW, CreateMutexW, OpenEventW, RegisterWaitForSingleObject, WaitForSingleObject, CreateProcessW, SetWaitableTimer, ReleaseMutex, SetEvent, UnregisterWaitEx, CloseHandle, lstrlenA, lstrcpyA, MultiByteToWideChar, GetACP, WideCharToMultiByte, HeapAlloc, GetProcessHeap, HeapFree, lstrcpynA, UnmapViewOfFile, MapViewOfFile, CreateFileMappingW, lstrcmpiA, GetFileSize, SetFilePointer, GlobalAlloc, GlobalFree, GetLastError, LocalFree, lstrcatA, lstrcmpA, GetLogicalDriveStringsA, GetDriveTypeA, GetVolumeInformationW, GlobalMemoryStatus, CreateMutexA, FindResourceExW, LockResource, SizeofResource, VerifyVersionInfoW, GetSystemDirectoryA, GetCurrentThread, DelayLoadFailureHook, BaseInitAppcompatCacheSupport, OpenProfileUserMapping, CloseProfileUserMapping, BaseCleanupAppcompatCacheSupport, InitializeCriticalSectionAndSpinCount, VirtualProtect, CreateEventA, TlsSetValue, DeleteCriticalSection, TlsGetValue, TlsAlloc, VirtualFree, TlsFree
> msvcrt.dll: wcsncpy, wcslen, _snwprintf, wcsstr, atoi, wcstok, memmove, wcschr, swprintf, swscanf, _local_unwind2, _wcslwr, wcscmp, _vsnwprintf, malloc, _c_exit, _exit, _XcptFilter, _cexit, exit, _acmdln, __getmainargs, _initterm, __setusermatherr, _adjust_fdiv, __p__commode, __p__fmode, __3@YAXPAX@Z, __2@YAPAXI@Z, __CxxFrameHandler, _itow, _snprintf, _wtol, _strnicmp, sscanf, wcstombs, sprintf, strchr, strncmp, atof, _ftol, isspace, __set_app_type, wcscpy, _controlfp, wcsncmp, _wcsupr, ceil, wcscat, _except_handler3, free, _wcsicmp
> NDdeApi.dll: -, -, -, -
> ntdll.dll: NtPowerInformation, NtSetSystemPowerState, NtRaiseHardError, RtlAllocateHeap, RtlDeleteCriticalSection, NtOpenSymbolicLinkObject, NtReplyPort, NtCompleteConnectPort, NtReplyWaitReceivePort, NtAcceptConnectPort, NtCreatePort, RtlConvertSidToUnicodeString, RtlFreeUnicodeString, NtLockProductActivationKeys, RtlTimeToTimeFields, NtUnmapViewOfSection, NtMapViewOfSection, NtOpenSection, NtQuerySymbolicLinkObject, NtQueryVolumeInformationFile, NtSetSecurityObject, RtlAdjustPrivilege, NtOpenFile, NtFsControlFile, RtlAllocateAndInitializeSid, RtlDestroyEnvironment, RtlFreeHeap, NtQueryInformationToken, NtShutdownSystem, RtlEnterCriticalSection, RtlLeaveCriticalSection, RtlInitializeCriticalSection, RtlCreateEnvironment, RtlQueryEnvironmentVariable_U, RtlSetEnvironmentVariable, RtlInitUnicodeString, NtOpenKey, NtQueryValueKey, RtlSubAuthoritySid, RtlInitializeSid, RtlLengthRequiredSid, NtAllocateLocallyUniqueId, RtlGetDaclSecurityDescriptor, RtlCopySid, RtlLengthSid, NtSetInformationThread, NtDuplicateToken, NtDuplicateObject, RtlEqualSid, RtlSetDaclSecurityDescriptor, NtClose, RtlOpenCurrentUser, RtlCreateSecurityDescriptor, RtlAddAce, RtlCreateAcl, RtlNtStatusToDosError, NtOpenDirectoryObject, NtQuerySystemInformation, NtCreateEvent, NtCreatePagingFile, RtlDosPathNameToNtPathName_U, RtlRegisterWait, NtSetValueKey, NtCreateKey, RtlTimeToSecondsSince1980, NtQuerySystemTime, NtPrivilegeObjectAuditAlarm, NtPrivilegeCheck, NtOpenThreadToken, NtOpenProcessToken, RtlInitString, RtlUnhandledExceptionFilter, NtQueryInformationProcess, DbgBreakPoint, RtlCheckProcessParameters, RtlSetThreadIsCritical, RtlSetProcessIsCritical, NtInitiatePowerAction, DbgPrint, NtQueryInformationJobObject, NtFilterToken, NtOpenEvent, RtlGetAce, RtlQueryInformationAcl, NtQuerySecurityObject, RtlCompareUnicodeString, NtSetInformationProcess
> PROFMAP.dll: InitializeProfileMappingApi, RemapAndMoveUserW
> PSAPI.DLL: EnumProcesses, EnumProcessModules, GetModuleBaseNameW
> REGAPI.dll: RegDefaultUserConfigQueryW, RegUserConfigQuery
> RPCRT4.dll: RpcServerRegisterIfEx, RpcServerUseProtseqEpW, RpcImpersonateClient, I_RpcMapWin32Status, RpcServerRegisterIf, RpcGetAuthorizationContextForClient, RpcFreeAuthorizationContext, RpcServerListen, RpcRevertToSelf, NdrServerCall2, UuidCreate
> Secur32.dll: LsaCallAuthenticationPackage, GetUserNameExW, LsaLookupAuthenticationPackage, LsaRegisterLogonProcess
> SETUPAPI.dll: SetupDiDestroyDeviceInfoList, SetupDiEnumDeviceInfo, SetupDiGetClassDevsW, SetupDiGetDeviceRegistryPropertyW
> USER32.dll: SetFocus, EnumWindows, CreateWindowStationW, RegisterLogonProcess, RecordShutdownReason, LoadLocalFonts, UnhookWindowsHook, SetWindowsHookW, GetWindowTextW, CallNextHookEx, DialogBoxParamW, GetWindowPlacement, GetSystemMenu, DeleteMenu, SetWindowPlacement, SetUserObjectInformationW, GetAsyncKeyState, PostThreadMessageW, SetUserObjectSecurity, CreateDesktopW, GetMessageTime, SetTimer, SetLogonNotifyWindow, UnlockWindowStation, ReplyMessage, UnregisterHotKey, RegisterHotKey, OpenInputDesktop, GetUserObjectInformationW, CloseDesktop, RegisterDeviceNotificationW, SetThreadDesktop, CreateWindowExW, GetMessageW, TranslateMessage, RegisterWindowMessageW, RegisterClassW, SetCursor, FindWindowW, MessageBoxW, SendNotifyMessageW, PostQuitMessage, MsgWaitForMultipleObjects, GetWindowRect, GetSystemMetrics, PeekMessageW, DispatchMessageW, KillTimer, SetProcessWindowStation, UpdateWindow, ShowWindow, SetWindowPos, PostMessageW, ExitWindowsEx, EnumDisplayMonitors, SystemParametersInfoW, GetDlgItem, SendMessageW, CreateDialogParamW, DestroyWindow, GetWindowLongW, GetDlgItemTextW, EndDialog, SetWindowLongW, LoadStringW, SetWindowTextW, SetDlgItemTextW, wsprintfW, wsprintfA, LockWindowStation, MBToWCSEx, SetWindowStationUser, UpdatePerUserSystemParameters, DialogBoxIndirectParamW, wvsprintfW, SetLastErrorEx, LoadCursorW, CheckDlgButton, IsDlgButtonChecked, DefWindowProcW, CloseWindowStation, LoadImageW, GetParent, GetKeyState, GetDesktopWindow, SetForegroundWindow, SwitchDesktop, OpenDesktopW
> USERENV.dll: WaitForUserPolicyForegroundProcessing, GetAllUsersProfileDirectoryW, -, -, -, -, WaitForMachinePolicyForegroundProcessing, -, -, -, UnloadUserProfile, LoadUserProfileW, GetUserProfileDirectoryW, RegisterGPNotification, CreateEnvironmentBlock, DestroyEnvironmentBlock, UnregisterGPNotification, -
> VERSION.dll: GetFileVersionInfoSizeW, GetFileVersionInfoW, VerQueryValueW
> WINSTA.dll: WinStationRequestSessionsList, WinStationQueryLogonCredentialsW, WinStationIsHelpAssistantSession, WinStationAutoReconnect, _WinStationWaitForConnect, WinStationDisconnect, _WinStationCallback, WinStationNameFromLogonIdW, _WinStationFUSCanRemoteUserDisconnect, WinStationEnumerate_IndexedW, WinStationGetMachinePolicy, WinStationQueryInformationW, WinStationFreeMemory, WinStationReset, _WinStationNotifyDisconnectPipe, WinStationConnectW, WinStationSetInformationW, WinStationShutdownSystem, WinStationCheckLoopBack, _WinStationNotifyLogon, _WinStationNotifyLogoff
> WINTRUST.dll: CryptCATCatalogInfoFromContext, CryptCATAdminCalcHashFromFileHandle, CryptCATAdminAcquireContext, CryptCATAdminEnumCatalogFromHash, CryptCATAdminReleaseCatalogContext, WTHelperProvDataFromStateData, WinVerifyTrust, WTHelperGetProvSignerFromChain, CryptCATAdminReleaseContext
> WS2_32.dll: -, getaddrinfo, -

( 0 exports )
RDS...: NSRL Reference Data Set
-
pdfid.: -
trid..: Win64 Executable Generic (59.6%)
Win32 Executable MS Visual C++ (generic) (26.2%)
Win32 Executable Generic (5.9%)
Win32 Dynamic Link Library (generic) (5.2%)
Generic Win/DOS Executable (1.3%)
sigcheck:
publisher....: Microsoft Corporation
copyright....: (c) Microsoft Corporation. All rights reserved.
product......: Microsoft_ Windows_ Operating System
description..: Windows NT Logon Application
original name: WINLOGON.EXE
internal name: winlogon
file version.: 5.1.2600.3160 built by: xpsp_sp2_qfe(pavang)
comments.....: n/a
signers......: -
signing date.: -
verified.....: Unsigned

[Caroprd111]

Jak to vypadá s PC

[self_defense]

idem skusit ci to ta hra stale robi.

[Caroprd111]

OK

[self_defense]

Furt to robi to iste.

[Caroprd111]

Zkuste přeinstalovat hru a ovladače grafické karty.

[self_defense]

ok

[Caroprd111]

[self_defense]

Prosim vás, dneska sem zapnul PC a zacalo mi hrozne sekat. Vsecko ide pomalu a podivejne na plochu--->http://img.eg-sports.eu/data/459de5f687 ... 63f2a3.jpg

co s tim?

[Caroprd111]

Dejte log z RSIT.

[self_defense]

Logfile of random's system information tool 1.06 (written by random/random)
Run by Daiw at 2010-04-11 19:13:27
Systém Microsoft Windows XP Professional Service Pack 2
System drive C: has 17 GB (43%) free of 40 GB
Total RAM: 1023 MB (54% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:13:33, on 11. 4. 2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\windows\System32\smss.exe
C:\windows\system32\winlogon.exe
C:\windows\system32\services.exe
C:\windows\system32\lsass.exe
C:\windows\system32\svchost.exe
C:\windows\System32\svchost.exe
C:\windows\system32\spoolsv.exe
C:\windows\Explorer.EXE
C:\WINDOWS\TBPanel.exe
C:\windows\system32\RUNDLL32.EXE
C:\Program Files\Eset\nod32kui.exe
C:\windows\RTHDCPL.EXE
C:\program files\steam\steam.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Eset\nod32krn.exe
C:\windows\system32\nvsvc32.exe
C:\Program Files\VentriloMIX\Ventrilo 2.1.4.exe
C:\windows\system32\wuauclt.exe
C:\windows\system32\wscntfy.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Daiw\My Documents\Preberanie\RSIT.exe
C:\Program Files\trend micro\Daiw.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = "C:\Program Files\Outlook Express\msimn.exe"
O2 - BHO: PHPNukeEN Toolbar - {dd02a4eb-4afd-4d60-99d8-e67f964ca813} - C:\Program Files\PHPNukeEN\tbPHP0.dll
O3 - Toolbar: PHPNukeEN Toolbar - {dd02a4eb-4afd-4d60-99d8-e67f964ca813} - C:\Program Files\PHPNukeEN\tbPHP0.dll
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [Gainward] C:\WINDOWS\TBPanel.exe /A
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\windows\system32\nvsvc32.exe

--
End of file - 3440 bytes

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{dd02a4eb-4afd-4d60-99d8-e67f964ca813}]
PHPNukeEN Toolbar - C:\Program Files\PHPNukeEN\tbPHP0.dll [2010-02-14 2349080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{dd02a4eb-4afd-4d60-99d8-e67f964ca813} - PHPNukeEN Toolbar - C:\Program Files\PHPNukeEN\tbPHP0.dll [2010-02-14 2349080]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SkyTel"=C:\windows\SkyTel.EXE [2006-05-16 2879488]
"Gainward"=C:\WINDOWS\TBPanel.exe [2007-06-26 2173480]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2007-07-23 8466432]
"nwiz"=nwiz.exe /install []
"NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2007-07-23 81920]
"nod32kui"=C:\Program Files\Eset\nod32kui.exe [2005-11-15 921600]
"NeroFilterCheck"=C:\WINDOWS\system32\NeroCheck.exe [2001-07-09 155648]
"RTHDCPL"=C:\windows\RTHDCPL.EXE [2006-12-19 16062464]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Steam"=c:\program files\steam\steam.exe [2010-03-24 1217872]
"Skype"=C:\Program Files\Skype\Phone\Skype.exe [2010-03-09 26100520]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
WgaLogon.dll []

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{1a3e09be-1e45-494b-9174-d7385b45bbf5}]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=
"NoDrives"=
"HonorAutoRunSetting"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"D:\Lord of the ring 2\game.dat"="D:\Lord of the ring 2\game.dat:*:Enabled:The Battle for Middle-earth(tm) II"
"D:\Lord of the ring 2\patchget.dat"="D:\Lord of the ring 2\patchget.dat:*:Enabled:patchgrabber"
"C:\Program Files\Skype\Plugin Manager\skypePM.exe"="C:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager"
"C:\WINDOWS\system32\dpnsvr.exe"="C:\WINDOWS\system32\dpnsvr.exe:*:Enabled:Microsoft DirectPlay8 Server"
"C:\Program Files\Steam\steamapps\daiw8\counter-strike source\hl2.exe"="C:\Program Files\Steam\steamapps\daiw8\counter-strike source\hl2.exe:*:Enabled:hl2"
"C:\Program Files\Steam\Steam.exe"="C:\Program Files\Steam\Steam.exe:*:Enabled:Steam"
"C:\Program Files\TeamViewer\Version5\TeamViewer.exe"="C:\Program Files\TeamViewer\Version5\TeamViewer.exe:*:Enabled:Teamviewer Remote Control Application"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

======List of files/folders created in the last 1 months======

2010-04-11 18:22:57 ----D---- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
2010-04-11 18:09:40 ----HDC---- C:\windows\$NtUninstallKB978262$
2010-04-11 18:09:35 ----HDC---- C:\windows\$NtUninstallKB951376-v2$
2010-04-11 18:09:30 ----HDC---- C:\windows\$NtUninstallKB952954$
2010-04-11 18:09:23 ----HDC---- C:\windows\$NtUninstallKB959426$
2010-04-11 18:09:17 ----HDC---- C:\windows\$NtUninstallKB946648$
2010-04-11 18:09:04 ----HDC---- C:\windows\$NtUninstallKB956803$
2010-04-11 18:08:52 ----HDC---- C:\windows\$NtUninstallKB960859$
2010-04-11 18:08:46 ----HDC---- C:\windows\$NtUninstallKB971468$
2010-04-11 18:08:36 ----HDC---- C:\windows\$NtUninstallKB935448$
2010-04-11 18:08:30 ----HDC---- C:\windows\$NtUninstallKB958869$
2010-04-11 18:08:24 ----HDC---- C:\windows\$NtUninstallKB954155_WM9$
2010-04-11 18:08:18 ----HDC---- C:\windows\$NtUninstallKB955759$
2010-04-11 18:07:53 ----HDC---- C:\windows\$NtUninstallKB974318$
2010-04-11 18:07:45 ----HDC---- C:\windows\$NtUninstallKB969059$
2010-04-11 18:07:37 ----HDC---- C:\windows\$NtUninstallKB950974$
2010-04-11 18:07:31 ----HDC---- C:\windows\$NtUninstallKB978037$
2010-04-11 18:07:26 ----HDC---- C:\windows\$NtUninstallKB975713$
2010-04-11 18:07:20 ----HDC---- C:\windows\$NtUninstallKB971657$
2010-04-11 18:07:11 ----HDC---- C:\windows\$NtUninstallKB977165-v2$
2010-04-11 18:07:04 ----HDC---- C:\windows\$NtUninstallKB960225$
2010-04-11 18:06:58 ----HDC---- C:\windows\$NtUninstallKB972270$
2010-04-11 18:06:53 ----HDC---- C:\windows\$NtUninstallKB974112$
2010-04-11 18:06:35 ----HDC---- C:\windows\$NtUninstallKB956572$
2010-04-11 18:06:28 ----HDC---- C:\windows\$NtUninstallKB956844$
2010-04-11 18:06:23 ----HDC---- C:\windows\$NtUninstallKB961501$
2010-04-11 18:06:17 ----HDC---- C:\windows\$NtUninstallKB968816_WM9$
2010-04-11 18:06:04 ----HDC---- C:\windows\$NtUninstallKB975561$
2010-04-11 18:05:56 ----HDC---- C:\windows\$NtUninstallKB952069_WM9$
2010-04-11 18:05:51 ----HDC---- C:\windows\$NtUninstallKB978251$
2010-04-11 18:05:44 ----HDC---- C:\windows\$NtUninstallKB973869$
2010-04-11 18:05:38 ----HDC---- C:\windows\$NtUninstallKB975025$
2010-04-11 18:05:30 ----HDC---- C:\windows\$NtUninstallKB973540_WM9L$
2010-04-11 18:05:16 ----HDC---- C:\windows\$NtUninstallKB952004$
2010-04-11 18:05:08 ----HDC---- C:\windows\$NtUninstallKB974571$
2010-04-11 18:05:03 ----HDC---- C:\windows\$NtUninstallKB975560$
2010-04-11 18:04:52 ----HDC---- C:\windows\$NtUninstallKB973507$
2010-04-11 18:04:46 ----HDC---- C:\windows\$NtUninstallKB973687$
2010-04-11 18:04:40 ----HDC---- C:\windows\$NtUninstallKB950762$
2010-04-11 18:04:04 ----HDC---- C:\windows\$NtUninstallKB980182$
2010-04-11 18:03:54 ----HDC---- C:\windows\$NtUninstallKB952287$
2010-04-11 18:03:48 ----HDC---- C:\windows\$NtUninstallKB973354$
2010-04-11 18:03:42 ----HDC---- C:\windows\$NtUninstallKB973904$
2010-04-11 18:02:31 ----A---- C:\windows\system32\MRT.exe
2010-04-11 18:02:21 ----HDC---- C:\windows\$NtUninstallKB967715$
2010-04-11 18:02:16 ----HDC---- C:\windows\$NtUninstallKB950760$
2010-04-11 18:02:10 ----HDC---- C:\windows\$NtUninstallKB951066$
2010-04-11 18:02:05 ----HDC---- C:\windows\$NtUninstallKB974392$
2010-04-11 18:01:57 ----HDC---- C:\windows\$NtUninstallKB977914$
2010-04-11 18:01:38 ----HDC---- C:\windows\$NtUninstallKB951748$
2010-04-11 18:01:32 ----HDC---- C:\windows\$NtUninstallKB971961$
2010-04-11 18:01:27 ----HDC---- C:\windows\$NtUninstallKB970238$
2010-04-11 18:01:19 ----HDC---- C:\windows\$NtUninstallKB978706$
2010-04-11 18:00:51 ----D---- C:\windows\ServicePackFiles
2010-04-11 18:00:49 ----HDC---- C:\windows\$NtUninstallKB958470$
2010-04-11 18:00:43 ----HDC---- C:\windows\$NtUninstallKB960803$
2010-04-11 18:00:38 ----HDC---- C:\windows\$NtUninstallKB973815$
2010-04-11 18:00:23 ----HDC---- C:\windows\$NtUninstallKB971032$
2010-04-11 18:00:17 ----HDC---- C:\windows\$NtUninstallKB958644$
2010-04-11 18:00:12 ----HDC---- C:\windows\$NtUninstallKB955069$
2010-04-11 18:00:07 ----HDC---- C:\windows\$NtUninstallKB956802$
2010-04-11 18:00:02 ----HDC---- C:\windows\$NtUninstallKB979306$
2010-04-11 17:59:59 ----HDC---- C:\windows\$NtUninstallKB944338-v2$
2010-04-11 17:59:53 ----HDC---- C:\windows\$NtUninstallKB923561$
2010-04-11 17:59:47 ----HDC---- C:\windows\$NtUninstallKB975467$
2010-04-11 17:59:41 ----HDC---- C:\windows\$NtUninstallKB968389$
2010-04-11 17:59:27 ----HDC---- C:\windows\$NtUninstallKB969947$
2010-04-11 13:33:22 ----D---- C:\windows\system32\CatRoot_bak
2010-04-11 13:22:55 ----N---- C:\windows\system32\browserchoice.exe
2010-04-11 13:22:00 ----N---- C:\windows\system32\tzchange.exe
2010-04-11 13:21:01 ----D---- C:\windows\system32\PreInstall
2010-04-11 13:21:00 ----HDC---- C:\windows\$NtUninstallKB898461$
2010-04-11 10:30:17 ----D---- C:\windows\system32\SoftwareDistribution
2010-04-10 16:12:48 ----SHD---- C:\RECYCLER
2010-04-10 13:51:03 ----D---- C:\windows\temp
2010-04-10 13:51:02 ----A---- C:\ComboFix.txt
2010-04-10 13:44:59 ----A---- C:\windows\NIRCMD.exe
2010-04-10 13:44:59 ----A---- C:\windows\MBR.exe
2010-04-10 13:44:56 ----A---- C:\windows\PEV.exe
2010-04-10 13:44:55 ----A---- C:\windows\zip.exe
2010-04-10 13:44:55 ----A---- C:\windows\SWREG.exe
2010-04-10 13:44:55 ----A---- C:\windows\sed.exe
2010-04-10 13:44:55 ----A---- C:\windows\grep.exe
2010-04-10 13:44:54 ----A---- C:\windows\SWSC.exe
2010-04-10 13:44:53 ----A---- C:\windows\SWXCACLS.exe
2010-04-10 13:44:42 ----D---- C:\windows\ERDNT
2010-04-10 13:41:57 ----AD---- C:\Qoobox
2010-04-10 13:25:04 ----D---- C:\_OTL
2010-04-10 12:35:29 ----D---- C:\Program Files\trend micro
2010-04-10 12:35:28 ----D---- C:\rsit
2010-04-10 12:27:43 ----D---- C:\Documents and Settings\Daiw\Application Data\TeamViewer
2010-04-10 12:26:39 ----D---- C:\Program Files\TeamViewer
2010-03-27 20:48:26 ----D---- C:\Documents and Settings\Daiw\Application Data\Mumble
2010-03-27 20:47:48 ----D---- C:\Program Files\Mumble
2010-03-26 22:53:47 ----D---- C:\Documents and Settings\Daiw\Application Data\skypePM
2010-03-26 22:53:18 ----D---- C:\Documents and Settings\Daiw\Application Data\Skype
2010-03-26 22:53:07 ----D---- C:\Program Files\Common Files\Skype
2010-03-26 22:53:01 ----RD---- C:\Program Files\Skype
2010-03-25 12:22:37 ----A---- C:\windows\system32\XAudio2_6.dll
2010-03-25 12:22:37 ----A---- C:\windows\system32\XAPOFX1_4.dll
2010-03-25 12:22:36 ----A---- C:\windows\system32\xactengine3_6.dll
2010-03-25 12:22:35 ----A---- C:\windows\system32\X3DAudio1_7.dll
2010-03-25 12:21:59 ----D---- C:\Program Files\X-ray Anti-Cheat
2010-03-25 10:03:47 ----D---- C:\Documents and Settings\Daiw\Application Data\Ventrilo
2010-03-25 10:03:20 ----D---- C:\Program Files\VentriloMIX
2010-03-24 21:58:40 ----D---- C:\Documents and Settings\Daiw\Application Data\Ahead
2010-03-24 16:36:47 ----D---- C:\Program Files\Steam
2010-03-24 16:21:02 ----D---- C:\Documents and Settings\Daiw\Application Data\Macromedia
2010-03-24 16:21:02 ----D---- C:\Documents and Settings\Daiw\Application Data\Adobe
2010-03-24 16:20:17 ----D---- C:\Documents and Settings\Daiw\Application Data\Mozilla
2010-03-24 14:56:01 ----D---- C:\Documents and Settings\All Users\Application Data\Google
2010-03-24 14:43:04 ----D---- C:\Documents and Settings\Daiw\Application Data\Identities
2010-03-24 14:42:53 ----ASH---- C:\Documents and Settings\Daiw\Application Data\desktop.ini
2010-03-24 14:42:52 ----SD---- C:\Documents and Settings\Daiw\Application Data\Microsoft

======List of files/folders modified in the last 1 months======

2010-04-11 19:10:38 ----A---- C:\windows\DFC.INI
2010-04-11 19:03:06 ----RSHDC---- C:\windows\system32\dllcache
2010-04-11 19:03:06 ----D---- C:\windows\system32
2010-04-11 19:03:06 ----D---- C:\WINDOWS
2010-04-11 19:02:10 ----A---- C:\windows\SchedLgU.Txt
2010-04-11 18:42:33 ----D---- C:\windows\system32\CatRoot
2010-04-11 18:42:32 ----D---- C:\windows\system32\CatRoot2
2010-04-11 18:42:30 ----HD---- C:\windows\inf
2010-04-11 18:36:58 ----A---- C:\windows\PhotoSnapViewer.INI
2010-04-11 18:25:42 ----A---- C:\windows\system32\PerfStringBackup.INI
2010-04-11 18:23:20 ----SD---- C:\windows\Tasks
2010-04-11 18:22:33 ----D---- C:\windows\Prefetch
2010-04-11 18:21:09 ----D---- C:\windows\system32\wbem
2010-04-11 18:21:09 ----D---- C:\windows\system32\Setup
2010-04-11 18:21:09 ----D---- C:\windows\system32\drivers
2010-04-11 18:21:09 ----D---- C:\windows\AppPatch
2010-04-11 18:20:07 ----D---- C:\windows\security
2010-04-11 18:09:40 ----HD---- C:\windows\$hf_mig$
2010-04-11 18:09:38 ----A---- C:\windows\imsins.BAK
2010-04-11 18:09:18 ----D---- C:\Program Files\Messenger
2010-04-11 18:09:11 ----RD---- C:\Program Files
2010-04-11 18:09:11 ----D---- C:\Program Files\Windows Media Player
2010-04-11 18:08:30 ----D---- C:\windows\WinSxS
2010-04-11 18:06:06 ----D---- C:\Program Files\Movie Maker
2010-04-11 18:04:13 ----D---- C:\Program Files\Internet Explorer
2010-04-11 18:03:50 ----D---- C:\Program Files\Outlook Express
2010-04-11 10:30:26 ----D---- C:\windows\SoftwareDistribution
2010-04-11 10:30:24 ----D---- C:\windows\Help
2010-04-10 16:14:22 ----HD---- C:\Program Files\InstallShield Installation Information
2010-04-10 16:14:21 ----SHD---- C:\windows\Installer
2010-04-10 16:12:01 ----D---- C:\windows\UI
2010-04-10 13:50:15 ----A---- C:\windows\system.ini
2010-04-10 13:49:15 ----D---- C:\Program Files\Common Files
2010-04-10 13:46:09 ----D---- C:\Program Files\Eset
2010-04-10 13:27:12 ----D---- C:\windows\system32\Restore
2010-04-10 12:30:33 ----D---- C:\Program Files\DAEMON Tools Toolbar
2010-04-06 19:02:54 ----D---- C:\Program Files\Online Services
2010-04-06 12:06:54 ----D---- C:\Program Files\Mozilla Firefox
2010-04-02 18:07:50 ----A---- C:\windows\NeroDigital.ini
2010-03-26 22:53:01 ----D---- C:\Documents and Settings\All Users\Application Data\Skype
2010-03-25 12:22:37 ----D---- C:\windows\system32\DirectX
2010-03-24 14:56:01 ----D---- C:\Program Files\Google
2010-03-24 14:51:10 ----D---- C:\Program Files\Lavasoft
2010-03-24 14:43:07 ----A---- C:\windows\OEWABLog.txt
2010-03-24 14:42:52 ----D---- C:\Documents and Settings
2010-03-14 09:53:45 ----A---- C:\windows\wininit.ini

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 WS2IFSL;Prostredie podpory poskytovateľa služby Windows Socket 2.0 Non-IFS Service; C:\windows\System32\drivers\ws2ifsl.sys [2007-07-27 12032]
R2 AMON;AMON; \??\C:\WINDOWS\system32\drivers\amon.sys []
R2 TBPanel;TBPanel; C:\windows\system32\drivers\TBPanel.sys [2007-03-16 12256]
R3 hamachi;Hamachi Network Interface; C:\windows\system32\DRIVERS\hamachi.sys [2010-02-06 25280]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\windows\system32\DRIVERS\HDAudBus.sys [2005-01-07 138752]
R3 hidusb;Microsoft HID Class Driver; C:\windows\system32\DRIVERS\hidusb.sys [2007-07-27 9600]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\windows\system32\drivers\RtkHDAud.sys [2006-12-21 4405248]
R3 nv;nv; C:\windows\system32\DRIVERS\nv4_mini.sys [2007-07-23 6807328]
R3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:\windows\system32\DRIVERS\NVENETFD.sys [2006-07-11 57856]
R3 nvnetbus;NVIDIA Network Bus Enumerator; C:\windows\system32\DRIVERS\nvnetbus.sys [2006-07-11 20480]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\windows\system32\DRIVERS\usbehci.sys [2007-07-27 26624]
R3 usbhub;USB2 Enabled Hub; C:\windows\system32\DRIVERS\usbhub.sys [2007-07-27 57600]
R3 usbohci;Microsoft USB Open Host Controller Miniport Driver; C:\windows\system32\DRIVERS\usbohci.sys [2007-07-27 17024]
S1 kbdhid;Keyboard HID Driver; C:\windows\system32\DRIVERS\kbdhid.sys [2007-07-27 14848]
S3 asjiwz66;asjiwz66; C:\windows\system32\drivers\asjiwz66.sys []
S3 Bridge;MAC Bridge; C:\windows\system32\DRIVERS\bridge.sys [2007-07-27 71552]
S3 BridgeMP;MAC Bridge Miniport; C:\windows\system32\DRIVERS\bridge.sys [2007-07-27 71552]
S3 Cardex;Cardex; \??\C:\WINDOWS\system32\drivers\TBPANEL.SYS []
S3 catchme;catchme; \??\C:\DOCUME~1\Daiw\LOCALS~1\Temp\catchme.sys []
S3 GMSIPCI;GMSIPCI; \??\E:\INSTALL\GMSIPCI.SYS []
S3 mouhid;Mouse HID Driver; C:\windows\system32\DRIVERS\mouhid.sys [2007-07-27 12160]
S3 NTACCESS;NTACCESS; \??\E:\NTACCESS.sys []
S3 SetupNTGLM7X;SetupNTGLM7X; \??\E:\NTGLM7X.sys []
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\windows\system32\DRIVERS\usbccgp.sys [2004-08-04 31616]
S3 usbprint;Microsoft USB PRINTER Class; C:\windows\system32\DRIVERS\usbprint.sys [2004-08-04 25856]
S3 USBSTOR;USB Mass Storage Driver; C:\windows\system32\DRIVERS\USBSTOR.SYS [2004-08-04 26496]
S4 IntelIde;IntelIde; C:\windows\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 NOD32krn;NOD32 Kernel Service; C:\Program Files\Eset\nod32krn.exe [2005-11-15 495616]
R2 NVSvc;NVIDIA Display Driver Service; C:\windows\system32\nvsvc32.exe [2007-07-23 155716]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]

-----------------EOF-----------------

[Caroprd111]

Stáhněte a uložte, nejlépe na plochu http://download.bleepingcomputer.com/sUBs/ComboFix.exe

• Vypněte všechny rezidentní bezpečnostní programy - firewally, antiviry, antispywary
• Spusťte aplikaci pod účtem s oprávněním Administrátora (Správce), ihned po startu se zobrazí stránka s licenčními podmínkami, pokračujte stisknutím tlačítka "Ano"
• Dále postupujte dle pokynů, během scanu nespouštějte jiné aplikace a neklikejte do zobrazujícího se okna
• Scan by měl trvat okolo 5 - 10 minut, po dokončení Combofix zobrazí log C:\ComboFix.txt , který sem vložte.
• Během skenování může být počítač restartován.