TR/ATRAPS.Gen2 virus

• 1Ovo se svidja korisniku: mcrule
  
  Registruj se da bi pohvalio/la poruku!

Uloguj se preko Facebooka da bi skinuo fajl:

Napisano: 04 Jun 2012 23:20

Ovaj virus mi se pojavio a Avira ne moze da ga obrise sta da radim?

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 9.0.8112.16421
Run by Boris at 23:09:14 on 2012-06-04
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.2037.1118 [GMT 2:00]
.
AV: Avira Desktop *Enabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Enabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskhost.exe
C:\Windows\Explorer.EXE
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Gigabyte\EasySaver\ESSVR.EXE
C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Program Files\CyberLink\PowerDVD10\PDVD10Serv.exe
C:\Program Files\CyberLink\Shared files\brs.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Vimicro Corporation\VMUVC\VMonitor.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
D:\uTorrent\uTorrent.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Skype\Phone\Skype.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uURLSearchHooks: DeviceVM Url Search Hook: {0063bf63-bfff-4b8f-9d26-4267df7f17dd} - c:\windows\system32\dvmurl.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\micros~2\office12\GR469A~1.DLL
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
uRun: [uTorrent] "d:\utorrent\uTorrent.exe" /MINIMIZED
mRun: [RtHDVCpl] c:\program files\realtek\audio\hda\RtHDVCpl.exe
mRun: [Skytel] c:\program files\realtek\audio\hda\Skytel.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [RemoteControl10] "c:\program files\cyberlink\powerdvd10\PDVD10Serv.exe"
mRun: [BDRegion] c:\program files\cyberlink\shared files\brs.exe
mRun: [WinampAgent] "c:\program files\winamp\winampa.exe"
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [VMonitorVMUVC] "c:\program files\vimicro corporation\vmuvc\VMonitor.exe" VMUVC
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
TCP: DhcpNameServer = 89.216.1.40 89.216.1.50
TCP: Interfaces\{79DC8D92-019E-4A94-8F91-3F1CC53E2DFC} : DhcpNameServer = 89.216.1.40 89.216.1.50
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\progra~1\micros~2\office12\GRA32A~1.DLL
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
Notify: igfxcui - igfxdev.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\micros~2\office12\GR469A~1.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\boris\appdata\roaming\mozilla\firefox\profiles\tq1etcya.default\
FF - prefs.js: browser.startup.homepage - www.google.com
FF - component: c:\program files\mozilla firefox\extensions\{82af8dca-6de9-405d-bd5e-43525bdad38a}\components\SkypeFfComponent.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: c:\program files\microsoft silverlight\4.1.10329.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npwachk.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_2_202_235.dll
.
============= SERVICES / DRIVERS ===============
.
R1 avkmgr;avkmgr;c:\windows\system32\drivers\avkmgr.sys [2012-5-25 36000]
R2 {1BA31E5A-C098-42d8-8F88-3C9F78A2FDDC};Power Control [2012/04/21 20:02:53];c:\program files\cyberlink\powerdvd10\navfilter\000.fcl [2010-3-13 87536]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2012-5-25 83392]
R3 BthAvrcp;Bluetooth AVRCP Profile;c:\windows\system32\drivers\BthAvrcp.sys [2009-8-13 22528]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2009-6-10 139776]
R3 VMUVC;Vimicro Camera Service VMUVC;c:\windows\system32\drivers\VMUVC.sys [2012-4-21 256512]
R3 vvftUVC;Vimicro Camera Filter Service VMUVC;c:\windows\system32\drivers\vvftUVC.sys [2012-4-21 398720]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-14 229888]
.
=============== Created Last 30 ================
.
2012-06-03 18:58:57 719872 ----a-w- c:\windows\system32\devil.dll
2012-06-03 18:58:57 70656 ----a-w- c:\windows\system32\i420vfw.dll
2012-06-03 18:58:57 369152 ----a-w- c:\windows\system32\avisynth.dll
2012-06-03 18:58:57 32256 ----a-w- c:\windows\system32\AVSredirect.dll
2012-06-03 18:58:54 -------- d-----w- c:\program files\AviSynth 2.5
2012-06-01 05:54:08 6737808 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{128c5d09-5c11-4bcd-9c37-a9b948d3d8df}\mpengine.dll
2012-05-28 08:58:45 -------- d-----w- c:\users\boris\appdata\roaming\uTorrent
2012-05-26 07:45:33 -------- d-----w- c:\users\boris\appdata\local\{CA9A95B7-ADD3-4408-BF0B-C39B3929AD8E}
2012-05-26 07:45:28 -------- d-----w- c:\users\boris\appdata\local\{45202387-D79B-4061-BF55-1204DA8D84A0}
2012-05-25 18:57:17 -------- d-----w- c:\users\boris\appdata\roaming\Avira
2012-05-25 18:51:44 83392 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2012-05-25 18:51:44 36000 ----a-w- c:\windows\system32\drivers\avkmgr.sys
2012-05-25 18:51:40 -------- d-----w- c:\programdata\Avira
2012-05-25 18:51:40 -------- d-----w- c:\program files\Avira
2012-05-23 15:16:32 -------- d-----w- c:\users\boris\appdata\local\{BAF274C4-F8E6-4FA3-8826-06800FFD635F}
2012-05-23 15:16:29 -------- d-----w- c:\users\boris\appdata\local\{65D32298-0FCD-4FF0-A3C6-F41D0EB4AE2D}
2012-05-19 20:33:33 -------- d-----w- c:\users\boris\appdata\local\{8B1CAF35-E4A0-408D-BEF4-8682D6E3E470}
2012-05-19 20:33:30 -------- d-----w- c:\users\boris\appdata\local\{A80ECC70-3152-437B-A1F3-400D50E17C9D}
2012-05-19 05:57:54 -------- d-----w- c:\users\boris\appdata\local\{B6873037-E24E-4D08-B185-B07849A672EB}
2012-05-19 05:57:52 -------- d-----w- c:\users\boris\appdata\local\{E426A70B-C2B1-4B5B-B8E5-B5B138F39F19}
2012-05-16 10:32:30 -------- d-----w- c:\users\boris\appdata\local\{56F04E7D-DA06-4D7F-9CA5-BF318CAC2AA7}
2012-05-16 10:32:27 -------- d-----w- c:\users\boris\appdata\local\{2F1BF0D6-6007-4270-887B-02F341E26491}
2012-05-14 09:56:34 -------- d-----w- c:\users\boris\appdata\local\{63B3E7ED-FB29-45D4-88F1-F2961BE0C624}
2012-05-14 09:56:32 -------- d-----w- c:\users\boris\appdata\local\{7E437570-C481-4AB0-A14B-ACB9EA9B48E5}
2012-05-14 06:45:53 685816 ----a-w- c:\windows\system32\drivers\sptd.sys
2012-05-12 12:03:21 -------- d-----w- c:\users\boris\appdata\local\{4849CD94-6CC3-43C0-92D3-EDB18640C37B}
2012-05-12 12:03:19 -------- d-----w- c:\users\boris\appdata\local\{D7FC1E66-475E-4132-A775-6679B7FA6618}
2012-05-11 10:29:30 -------- d-----w- c:\users\boris\appdata\local\{BAC5D7B2-955D-4054-B95B-AFD758AC3131}
2012-05-11 10:29:28 -------- d-----w- c:\users\boris\appdata\local\{CA0EC607-81F5-4ECE-9227-1E4DA420EBC8}
2012-05-11 10:29:02 -------- d-----w- c:\users\boris\appdata\local\{E2C3EE90-2A95-4345-B492-B7EDF30A69E5}
2012-05-11 10:28:58 -------- d-----w- c:\users\boris\appdata\local\{CECA781E-867B-422B-BB72-FEA9331BEFCC}
2012-05-10 08:48:28 -------- d-----w- c:\users\boris\appdata\local\{342E2014-6C4F-4CA9-84FE-FE70E4D0D4D5}
2012-05-10 08:48:25 -------- d-----w- c:\users\boris\appdata\local\{EB763644-D427-45E2-9550-AE5CD6ABBF4D}
2012-05-09 05:05:16 1287024 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-05-09 05:05:11 936960 ----a-w- c:\program files\common files\microsoft shared\ink\journal.dll
2012-05-09 05:05:10 989184 ----a-w- c:\program files\windows journal\JNTFiltr.dll
2012-05-09 05:05:10 969216 ----a-w- c:\program files\windows journal\JNWDRV.dll
2012-05-09 05:05:10 1221632 ----a-w- c:\program files\windows journal\NBDoc.DLL
2012-05-09 05:05:00 3902320 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-05-09 05:04:59 3958128 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-05-09 05:04:58 2342400 ----a-w- c:\windows\system32\win32k.sys
2012-05-09 05:04:57 56688 ----a-w- c:\windows\system32\drivers\partmgr.sys
2012-05-09 05:04:56 739840 ----a-w- c:\windows\system32\d2d1.dll
2012-05-09 05:04:56 1074176 ----a-w- c:\windows\system32\DWrite.dll
2012-05-09 05:04:55 218624 ----a-w- c:\windows\system32\d3d10_1core.dll
2012-05-09 05:04:55 161792 ----a-w- c:\windows\system32\d3d10_1.dll
2012-05-09 05:04:55 1170944 ----a-w- c:\windows\system32\d3d10warp.dll
2012-05-08 18:40:53 -------- d-----w- c:\users\boris\appdata\local\{2174536C-3407-4D0F-BBBC-C3FC552894C3}
2012-05-08 18:40:51 -------- d-----w- c:\users\boris\appdata\local\{8E4FE846-8457-447C-954A-A54660FF0E97}
.
==================== Find3M ====================
.
2012-06-04 20:22:24 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-06-04 20:22:24 419488 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-06-04 19:00:47 16608 ----a-w- c:\windows\gdrv.sys
2012-04-21 19:48:13 801792 ----a-w- c:\windows\system32\FntCache.dll
2012-04-21 19:48:13 1619456 ----a-w- c:\windows\system32\WMVDECOD.DLL
2012-04-21 19:48:13 1495040 ----a-w- c:\windows\system32\ExplorerFrame.dll
2012-04-21 19:48:13 135168 ----a-w- c:\windows\system32\XpsRasterService.dll
2012-04-21 19:48:12 3181568 ----a-w- c:\windows\system32\mf.dll
2012-04-21 19:48:12 196608 ----a-w- c:\windows\system32\mfreadwrite.dll
2012-04-21 18:01:02 505128 ----a-w- c:\windows\system32\msvcp71.dll
2012-04-21 18:01:02 353576 ----a-w- c:\windows\system32\msvcr71.dll
2012-04-21 18:01:02 29480 ----a-w- c:\windows\system32\msxml3a.dll
2012-04-21 17:47:27 319456 ----a-w- c:\windows\DIFxAPI.dll
2012-03-08 16:37:20 302448 ----a-w- c:\windows\WLXPGSS.SCR
2006-05-03 10:06:54 163328 --sha-r- c:\windows\system32\flvDX.dll
2007-02-21 11:47:16 31232 --sha-r- c:\windows\system32\msfDX.dll
2008-03-16 13:30:52 216064 --sha-r- c:\windows\system32\nbDX.dll
2010-01-06 22:00:00 107520 --sha-r- c:\windows\system32\TAKDSDecoder.dll
.
============= FINISH: 23:10:19.76 ===============



Attach
https://www.mycity.rs/must-login.png

Dopuna: 04 Jun 2012 23:25

RootRepeal mi ne radi a kad pokrenem GMER resetuje komp ,tako da moze da mi obori sistem...

Dopuna: 04 Jun 2012 23:40

ROOTREPEAL CRASH REPORT
-------------------------
Windows Version: Windows Vista SP0
Exception Code: 0xc0000005
Exception Address: 0x00422bf2
Attempt to read from address: 0x00000004

• 1Ovo se svidja korisniku: mcrule
  
  Registruj se da bi pohvalio/la poruku!

Pozdrav...

Možeš li napisati koji fajl Avira detektuje ili okačiti screenshot poruke o detekciji.

http://www.mycity.rs/Pitanja-i-predlozi/Pravljenje-screenshota.html





Preuzmi Rootkit Unhooker na Desktop.

Dvoklikom pokreni program;

odaberi Report karticu;

klikni Scan i u prozoru koji se otvori štrikliraj stavke:

SSDT
Shadow SSDT
Processes
Drivers
Stealth Code
Files
Code Hooks
klikni OK i sačekaj završetak skeniranja.

Kada skeniranje bude završeno, klikni File > Save Report i sačuvaj izvještaj.

Izvještaj programa Rootkit Unhooker priloži uz poruku korišćenjem opcije Prikači fajl.

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Uloguj se preko Facebooka da bi skinuo fajl:

Moram da napomenem da sam u medjuvremenu izbrisao Aviru i instalirao AVG ,skenirao komp i nisam nasao viruse,ipak evo izvestaja..


https://www.mycity.rs/must-login.png

• 1Ovo se svidja korisniku: mcrule
  
  Registruj se da bi pohvalio/la poruku!

Ne sjećam se da sam ti rekao da deinstaliraš Aviru i instaliraš AVG.
Moraš precizno pratiti moja uputstva.


Korak 1

Deinstaliraj AVG jer će ometati rad CF-a u drugom koraku. To obavezno uradi kroz Start -> Control Panel -> Programs and Features.



Korak 2

Preuzmi sUBs-ov ComboFix sa sljedeće adrese na Desktop:


Bleeping Computer
Klikni desnim tasterom na link i odaberi opciju Save Target As... (Save Link As..., Save Linked Content As... ili sličnu);
Kada se otvori dijalog za izbor lokacije na kojoj treba sačuvati fajl, odaberi Desktop i klikni Save.



Kada preuzimanje programa bude završeno:
deaktiviraj zaštitni softver (uputstvo);
zatvori pokrenute programe;
dvoklikom pokreni program ComboFix;
u prozoru koji se otvori klikni "I Agree".
U toku rada, ComboFix će:provjeriti postoji li novija verzija programa:
klikni Yes ako bude ponuđeno preuzimanje iste.ako Recovery Console nije instalirana, ponuditi instalaciju:
obavezno prihvati klikom na Yes i isprati postupak.postaviti/dati određeni broj upita/obaveštenja:
prihvati klikom na Yes ili OK.po potrebi, restartovati Windows (više puta);
na kraju rada, otvoriti Notepad sa izveštajem o skeniranju.

Iskopiraj izvještaj koji je ComboFix napravio u temu na forumu:
klikni desnim tasterom miša u prozor Notepad-a i izaberi Select All;
klikni desnim tasterom miša na obilježeni tekst i izaberi Copy;
klikni desnim tasterom miša u polje za pisanje poruke i izaberi Paste.

Napomena:Izvještaj će biti sačuvan pod nazivom ComboFix.txt na sistemskoj particiji (tipična lokacija: C:\ComboFix.txt);
Ukoliko nakon slanja poruke primjetiš da izvještaj nije kompletan, iskoristi opciju Prikači fajl za prilaganje fajla C:\ComboFix.txt uz poruku.

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Napisano: 05 Jun 2012 6:23

Obrisao AVG ,skinuo combo on krene pa se iskljuci zasto?

Dopuna: 05 Jun 2012 10:29

Odrade dovde i to je sve...

• 1Ovo se svidja korisniku: mcrule
  
  Registruj se da bi pohvalio/la poruku!

Pokreni sistem u Safe Mode režimu i odatle pokušaj pokrenuti ComboFix.

http://www.mycity.rs/MyCity-Laboratorija/Kako-uci-u-Safe-Mode-2.html

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Napisano: 05 Jun 2012 13:56

Ne mogu da dobijem meni za safe mode pritiskam F8 ko lud on i dalje ucitava Windows ,tako nekoliko puta..

Dopuna: 05 Jun 2012 14:02

nema sanse ne moze

Dopuna: 05 Jun 2012 14:06

Jos da dodam od kad sam pokrenuo combo ne mogu da vidim slike na kompu i plus firefox zeza nesto..

evo kako mi pokazuje ikone slika

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Nisi mi postavio izvještaj ComboFix-a.

Prikači uz poruku C:\ComboFix.txt.

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Pa ne moze da odradi combo fix zato nema izvestaj

• 1Ovo se svidja korisniku: mcrule
  
  Registruj se da bi pohvalio/la poruku!

Onda CF nije uzrok nemogućnosti problema koji imaš sa slikama. Koliko puta si pokušao ComboFix u normalnom režimu?

Preuzmi svježu kopiju CF-a sa sljedeće adrese na Desktop:

Bleeping Computer



Ponovo ga pokušaj pokrenuti u normalnom režimu. Ukoliko ga ni onda ne uspiješ pokrenuti to je zbog infekcije koju vjerovatno imaš na sistemu i stoga moraš više puta pokušati pokrenuti ComboFix.

Ukoliko se ComboFix ne pokrene ni nakon dvadesetog pokušaja, napiši u poruci i sačekaj dalja uputstva.


Kada ga uspiješ pokrenuti:

u prozoru koji se otvori klikni "I Agree".
U toku rada, ComboFix će:provjeriti postoji li novija verzija programa:
klikni Yes ako bude ponuđeno preuzimanje iste.ako Recovery Console nije instalirana, ponuditi instalaciju:
obavezno prihvati klikom na Yes i isprati postupak.postaviti/dati određeni broj upita/obaveštenja:
prihvati klikom na Yes ili OK.po potrebi, restartovati Windows (više puta);
na kraju rada, otvoriti Notepad sa izveštajem o skeniranju.

Iskopiraj izvještaj koji je ComboFix napravio u temu na forumu:
klikni desnim tasterom miša u prozor Notepad-a i izaberi Select All;
klikni desnim tasterom miša na obilježeni tekst i izaberi Copy;
klikni desnim tasterom miša u polje za pisanje poruke i izaberi Paste.

Napomena:Izvještaj će biti sačuvan pod nazivom ComboFix.txt na sistemskoj particiji (tipična lokacija: C:\ComboFix.txt);
Ukoliko nakon slanja poruke primjetiš da izvještaj nije kompletan, iskoristi opciju Prikači fajl za prilaganje fajla C:\ComboFix.txt uz poruku.