[gingersonny]

Je li moguće kidnapovati this thread malo kao što sam ja točno jednak problem kao Mooseknuckle, Avast! kaže imam rootkit kao virus, uključujući SKYNETievebpws.dll u system32 folder sub ... mogu također slijediti korake post ovdje i detalje?

Bilo kakva pomoć dobrodošla

[evilfantasy]

Započnite ovdje http://www.computer-juice.com/forums...-posting-7476/

Post 3 logove kad završi.

[gingersonny]

Obavljanje scanova sada, međutim, ja sam samo u mogućnosti pokrenuti u sigurnom načinu rada s omogućenim umrežavanje u trenutku pa nisam posve siguran ako sve programe pokrenuti u sigurnom načinu rada. Mi ćemo ipak vidjeti ...

[evilfantasy]

Pokušajte sa sljedećeg jedan u normalnom načinu rada. Oni koji su učinkovitiji način.

[gingersonny]

Ja bih kad bih mogao, ali neće čizma gore na normalnom načinu rada u trenutku, kad sam to učiniti, ja prijaviti i ona ide na taj Vidik dobrodošao zaslon i smrzne se tamo za vrijeme, tako da je jedini način ja mogu prijaviti na moje računalo u sigurnom načinu rada nažalost = (

[evilfantasy]

Pokušajte sa sljedećeg jedan u normalnom načinu rada.

Ako ne onda da je u redu za sada, ali pokušajte.

[gingersonny]

Sam uspio napokon dobiti pristup normalan ja ponovno podizanje sustava i trenutno prikazuju na SAS scan ... Međutim, njegova se 2 sata i sada se čini da se skeniranja isto tako datoteke ili sto opet i opet još broje ih kao nove datoteke, ja pronaći ovo malo znatiželjni? To je i dalje prikazuju, ali našto JA ček tek sada je to još uvijek radimo iste datoteke ...

Bilo koji savjet stvarno zahvalno primili

[evilfantasy]

Preskoči na Malwarebytes upute.

[gingersonny]

U redu onda, evo skeniranje rezultate ...

SAS scan:
SUPERAntiSpyware Scan Prijava
http://www.superantispyware.com

Generirano 06/26/2009 at 08:30

Application Version: 4/26/1006

Core Pravila Database Version: 3958
Trace Pravila Database Version: 1900

Scan type: Cijela Scan
Ukupno Scan Vrijeme: 02:09:51

Memorija predmeta skenirane: 812
Memorija prijetnje otkrivena: 0
Registry stavke skenirane: 7764
Matični prijetnje otkrivena: 0
File skenirane podatke: 128575
File prijetnje otkrivena: 1

Trojan.Agent / Gen-FSG
FF7 \ CRICKET.SCORER.V5.0.1.INCL.KEYMAKER-zagrljaj \ CRICKET.SCORER.V5.0.1.INCL.KEYMAKER-zagrljaj \ KEYGEN.EXE


MalwareBytes Scan:

Malwarebytes' Anti-zaštita od zlonamjernih programa 1,38
Database Version: 2338
Windows 6.0.6001 Service Pack 1

26/06/2009 18:01:10
mbam-log-2009-06-26 (18-01-10). txt

Scan type: Full Scan (C: \ | D: \ |)
Objekti skenirane: 482026
Proteklo vrijeme: 1 sat (a), 27 minute (s), 51 Drugi (a / e)

Memory Processes zaraženih: 1
Memorijske module zaraženih: 0
Ključevi registra zaraženih: 6
Registry Values zaraženih: 2
Registry Data Items zaraženih: 2
Mape zaraženih: 1
Zaraženih datoteka: 4

Memory Processes zaraženih:
C: \ Windows \ System32 \ sdra64.exe (Trojan.FakeAlert) -> istovaren proces uspješno.

Memorijske module zaraženih:
(Nema stavki otkrivenih zlonamjernih)

Ključevi registra zaraženih:
HKEY_CURRENT_USER \ Software \ Microsoft \ Windows \ Curre ntVersion \ Explorer \ (19127ad2-394b-70f5-c650-b97867baa1f7) (Backdoor.Bot) -> karanteni i uspješno izbrisan.
HKEY_USERS \. DEFAULT \ SOFTWARE \ Microsoft \ Windows \ Cur rentVersion \ Explorer \ (19127ad2-394b-70f5-c650-b97867baa1f7) (Backdoor.Bot) -> karanteni i uspješno izbrisan.
HKEY_USERS \. DEFAULT \ SOFTWARE \ Microsoft \ Windows \ Cur rentVersion \ Explorer \ (43bf8cd1-c5d5-2230-7bb2-98f22c2b7dc6) (Backdoor.Bot) -> karanteni i uspješno izbrisan.
HKEY_USERS \ S-1-5-18 \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ Explo rer \ (19127ad2-394b-70f5-c650-b97867baa1f7) (Backdoor.Bot) -> karanteni i uspješno izbrisan.
HKEY_USERS \ S-1-5-18 \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ Explo rer \ (43bf8cd1-c5d5-2230-7bb2-98f22c2b7dc6) (Backdoor.Bot) -> karanteni i uspješno izbrisan.
HKEY_CURRENT_USER \ Software \ (NSINAME) (Trojan.Agent) -> karanteni i uspješno izbrisan.

Registry Values zaraženih:
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows NT \ CurrentVersion \ Network \ UID (Malware.Trace) -> karanteni i uspješno izbrisan.
HKEY_CURRENT_USER \ Software \ Microsoft \ Windows \ Curre ntVersion \ Run \ Userinit (Trojan.Agent) -> karanteni i uspješno izbrisan.

Registry Data Items zaraženih:
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows NT \ CurrentVersion \ Winlogon \ Userinit (Trojan.FakeAlert) -> Data: c: \ windows \ system32 \ sdra64.exe -> karanteni i uspješno izbrisan.
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows NT \ CurrentVersion \ Winlogon \ Userinit (Hijack.Userinit) -> Bad: (C: \ Windows \ system32 \ userinit.exe, C: \ Windows \ syste m32 \ sdra64.exe,) Good: (Userinit.exe) -> karanteni i uspješno izbrisan.

Mape zaraženih:
C: \ Windows \ System32 \ lowsec (Stolen.data) -> Delete na ponovno podizanje sustava.

Zaražene datoteke:
c: \ Windows \ System32 \ lowsec \ local.ds (Stolen.data) -> Delete na ponovno podizanje sustava.
c: \ Windows \ System32 \ lowsec \ user.ds (Stolen.data) -> Delete na ponovno podizanje sustava.
C: \ Windows \ System32 \ sdra64.exe (Trojan.FakeAlert) -> Delete na ponovno podizanje sustava.
C: \ Users \ sinčić \ AppData \ Roaming \ sdra64.exe (Trojan.Agent) -> karanteni i uspješno izbrisan.



HijackThis skeniranja:

Logfile of Trend Micro HijackThis v2.0.2
Scan spremljena u 20:54:54, dana 26/06/2009
Platforma: Windows Vista SP1 (Winnt 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18248)
Boot mode: Siguran način rada s mrežom podrške

Pokretanje procesa:
C: \ Windows \ Explorer.exe
C: \ Windows \ system32 \ wbem \ unsecapp.exe
C: \ Program Files \ Mozilla Firefox \ firefox.exe
C: \ Program Files \ Windows Live \ Messenger \ msnmsgr.exe
C: \ Windows \ explorer.exe
C: \ Program Files \ Trend Micro \ HijackThis \ juice.exe

R1 - HKCU \ Software \ Microsoft \ Internet Explorer \ Main, Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU \ Software \ Microsoft \ Internet Explorer \ Main, Start Page = http://www.vistaforums.com/Forum/Topic13079-9-3.aspx
R1 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TY...rio&pf=desktop
R1 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Start Page = http://ie.redirect.hp.com/svs/rdr?TY...rio&pf=desktop
R0 - HKLM \ Software \ Microsoft \ Internet Explorer \ Search, CustomizeSearch =
R1 - HKCU \ Software \ Microsoft \ Windows \ CurrentVersion \ Int ernet Postavke, ProxyServer = 83.218.164.193:8080
R0 - HKCU \ Software \ Microsoft \ Internet Explorer \ Toolbar, LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar - (EF99BD32-C1FB-11D2-892F-0090271D4F88) - C: \ Program Files \ Yahoo! \ Companion \ Instalira \ cpn \ yt.dll
O1 - Hosts::: 1 localhost
O2 - BHO: & Yahoo! Toolbar Helper - (02478D38-C3F9-4efb-9B51-7695ECA05670) - C: \ Program Files \ Yahoo! \ Companion \ Instalira \ cpn \ yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - (06849E9F-C8D7-4D59-B87D-784B7D6BE0B3) - C: \ Program Files \ Common Files \ Adobe \ Acrobat \ ActiveX \ AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - (3CA2F312-6F6E-4B53-A66E-4E65E497C8C0) - C: \ Program Files \ AVG \ AVG8 \ avgssie.dll (file missing)
O2 - BHO: (no name) - (7E853D72-626A-48EC-A868-BA8D5E23E045) - (no file)
O2 - BHO: Windows Live Sign-in Helper - (9030D464-4C02-4ABF-8ECC-5164760863C6) - C: \ Program Files \ Common Files \ Microsoft Shared \ Windows Live \ WindowsLiveLogin.dll
O2 - BHO: FDMIECookiesBHO Class - (CC59E0F9-7E43-44FA-9FAA-8377850BF205) - C: \ Program Files \ Free Download Manager \ iefdm2.dll
O2 - BHO: Java (tm) Plug-in 2 SSV Helper - (DBC80044-A445-435b-BC74-9C25C1C588A9) - C: \ Program Files \ Java \ jre6 \ bin \ jp2ssv.dll
O2 - BHO: SingleInstance Class - (FDAD4DA1-61A2-4FD8-9C17-86F7AC245081) - C: \ Program Files \ Yahoo! \ Companion \ Instalira \ cpn \ YTSingleInstan ce.dll
O3 - Toolbar: Yahoo! Toolbar - (EF99BD32-C1FB-11D2-892F-0090271D4F88) - C: \ Program Files \ Yahoo! \ Companion \ Instalira \ cpn \ yt.dll
O4 - HKLM \ .. \ Run: [hpsysdrv] c: \ hp \ SUPPORT \ hpsysdrv.exe
O4 - HKLM \ .. \ Run: [OsdMaestro] "C: \ Program Files \ Hewlett-Packard \ OSD na ekranu Indicator \ OSD.exe"
O4 - HKLM \ .. \ Run: [IAAnotif] "C: \ Program Files \ Intel \ Intel Matrix Storage Manager \ Iaanotif.exe"
O4 - HKLM \ .. \ Run: [CCUTRAYICON] FactoryMode
O4 - HKLM \ .. \ Run: [TkBellExe] "C: \ Program Files \ Common Files \ Real \ Update_OB \ realsched.exe"-osboot
O4 - HKLM \ .. \ Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM \ .. \ Run: [Symantec PIF AlertEng] "C: \ Program Files \ Common Files \ Symantec Shared \ PIF \ (B8E1DD85-8582-4c61-B58F-2F227FCA9A08) \ PIFSvc.exe" / a / m " C: \ Program Files \ Common Files \ Symantec Shared \ PIF \ (B8E1DD85-8582-4c61-B58F-2F227FCA9A08) \ AlertEng.dll "
O4 - HKLM \ .. \ Run: [4oD] "C: \ Program Files \ Kontiki \ KHost.exe"-all
O4 - HKLM \ .. \ Run: [StartCCC] "C: \ Program Files \ ATI Technologies \ ATI.ACE \ Core-Statični \ CLIStart.exe" MSRun
O4 - HKLM \ .. \ Run: [QuickTime Task] "C: \ Program Files \ QuickTime \ QTTask.exe"-atboottime
O4 - HKLM \ .. \ Run: [avast!] C: \ programa ~ 1 \ ALWILS ~ 1 \ Avast4 \ ashDisp.exe
O4 - HKCU \ .. \ Run: [Skype] "C: \ Program Files \ Skype \ Phone \ Skype.exe" / nosplash / minimizirane
O4 - HKCU \ .. \ Run: [Parna] "C: \ Program Files \ parni \ steam.exe" Nečujno -
O4 - HKCU \ .. \ Run: [MsnMsgr] "C: \ Program Files \ Windows Live \ Messenger \ MsnMsgr.Exe" / background
O4 - HKCU \ .. \ Run: [kdx] C: \ Program Files \ Kontiki \ KHost.exe-all
O4 - HKUS \ S-1-5-19 \ .. \ Run: [Sidebar]% ProgramFiles% \ Windows Sidebar \ Sidebar.exe / detectMem (User 'LOCAL SERVICE')
O4 - HKUS \ S-1-5-19 \ .. \ Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll, ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS \ S-1-5-20 \ .. \ Run: [Sidebar]% ProgramFiles% \ Windows Sidebar \ Sidebar.exe / detectMem (User 'NETWORK SERVICE')
O8 - Extra kontekst meni stavka: Download svih sa Free Download Manager - file: / / C: \ Program Files \ Free Download Manager \ dlall.htm
O8 - Extra kontekst meni stavka: Download odabrana sa Free Download Manager - file: / / C: \ Program Files \ Free Download Manager \ dlselected.htm
O8 - Extra kontekst meni stavka: Preuzmite video sa Free Download Manager - file: / / C: \ Program Files \ Free Download Manager \ dlfvideo.htm
O8 - Extra kontekst meni stavka: Download sa Free Download Manager - file: / / C: \ Program Files \ Free Download Manager \ dllink.htm
O8 - Extra kontekst meni stavka: E & zvezi u Microsoft Excel - res: / / C: \ programa ~ 1 \ MICROS ~ 3 \ Office12 \ EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - (2670000A-7350-4f3c-8081-5663EE0C6C49) - C: \ programa ~ 1 \ MICROS ~ 3 \ Office12 \ ONBttnIE.dll
O9 - Extra 'Tools' MENUITEM: S & kraj OneNote - (2670000A-7350-4f3c-8081-5663EE0C6C49) - C: \ programa ~ 1 \ MICROS ~ 3 \ Office12 \ ONBttnIE.dll
O9 - Extra button: Research - (92780B25-18CC-41C8-B9BE-3C9C571A8263) - C: \ programa ~ 1 \ MICROS ~ 3 \ Office12 \ REFIEBAR.DLL
O9 - Extra button: PartyPoker.com - (B7FE5D70-9AA2-40F1-9C6B-12A255F085E1) - C: \ Programs \ PartyGaming \ PartyPoker \ RunApp.exe
O9 - Extra 'Tools' MENUITEM: PartyPoker.com - (B7FE5D70-9AA2-40F1-9C6B-12A255F085E1) - C: \ Programs \ PartyGaming \ PartyPoker \ RunApp.exe
O9 - Extra button: Upload - (FD4E2FF8-973C-4A19-89BD-8E86B3CFCFE1) - C: \ Program Files \ Free Download Manager \ FUM \ fumiebtn.dll
O13 - smolastoga Prefiks:
O16 - DPF: (15AB0590-D322-4440-B129-BFC893FB3CC2) (AFCStarter_17FunTv Control) -- http://live.17funtv.com:8057/AFCStarter_17funtv.cab
O16 - DPF: (4E218431-2F07-40BD-A9D3-035324C1F13F) (DyynoX Class) -- http://webserver.dyyno.com/DyynoClient/DyynoCAB.CAB
O16 - DPF: (7E3C8EE9-0EA1-4ACA-A8A2-87B76A3A6BC4) (OpenTV_17FunTV Control) -- http://afocx.17funtv.com:9091/AFC_TW/OpenTV_17FunTV.cab
O16 - DPF: (A903E5AB-C67E-40FB-94F1-E1305982F6E0) (KooPlayer Control) -- http://www.ooxtv.com/livetv.ocx
O16 - DPF: (C8AEB218-8B7A-4E15-AC17-0EE8D99B80EB) (GameTap Web Updater) -- http://archives.gametap.com/static/c...WebUpdater.cab
O16 - DPF: (D4003189-95B1-4A2F-9A87-F2B03665960D) (Razred VodClient Control) -- http://www.tvucricket.com/player/vjocx-en-black.cab
O18 - Protocol: skype4com - (FFC8B962-9B40-4DFF-9458-1830C7DD7F5D) - C: \ programa ~ 1 \ UOBIČAJENA ~ 1 \ Skype \ SKYPE4 ~ 1.DLL
O18 - Protocol: symres - (AA1061FE-6C41-421F-9344-69640C9732AB) - C: \ Program Files \ Norton Internet Security \ Motor \ 16.5.0.135 \ coIEPlg.dll (file missing)
O20 - Winlogon Obavijesti:! SASWinLogon - C: \ Program Files \ SUPERAntiSpyware \ SASWINLO.dll
O23 - Service: Intel (R) Alert Service (AlertService) - Intel (R) Corporation - C: \ Program Files \ Intel \ IntelDH \ CCU \ AlertService.exe
O23 - Service: Apple Mobile Device - Apple Inc - C: \ Program Files \ Common Files \ Apple \ Mobile Device Support \ bin \ AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C: \ Program Files \ Alwil Software \ Avast4 \ aswUpdSv.exe
O23 - Service: ati External Event Utility - ATI Technologies Inc - C: \ Windows \ system32 \ Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C: \ Program Files \ Alwil Software \ Avast4 \ ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C: \ Program Files \ Alwil Software \ Avast4 \ ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C: \ Program Files \ Alwil Software \ Avast4 \ ashWebSv.exe
O23 - Service: Bonjour Service - Apple Inc - C: \ Program Files \ Bonjour \ mDNSResponder.exe
O23 - Service: Symantec Lic NetConnect usluga (CLTNetCnService) - Unknown vlasnika - C: \ Program Files \ Common Files \ Symantec Shared \ ccSvcHst.exe (file missing)
O23 - Service: DQLWinService - Unknown vlasnika - C: \ Program Files \ Common Files \ Intel \ IntelDH \ NMS \ AdpPlugins \ DQLWinService.e Xe
O23 - Service: Firebird Server - DefaultInstance (FirebirdServerDefaultInstance) - Firebird Project - C: \ Program Files \ Firebird \ Firebird_2_1 \ bin \ fb_inet_server.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd - C: \ Program Files \ Common Files \ Macrovision Shared \ FLEXnet Izdavač \ FNPLicensingService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - C: \ Program Files \ Hewlett-Packard \ HP Health Check \ hphc_service.exe
O23 - Service: Intel (R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C: \ Program Files \ Intel \ Intel Matrix Storage Manager \ Iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C: \ Program Files \ Common Files \ InstallShield \ Driver \ 11 \ Intel 32 \ IDriverT.exe
O23 - Service: Intel DH Service (IntelDHSvcConf) - Intel (R) Corporation - C: \ Program Files \ Intel \ IntelDH \ Intel Media Server \ Tools \ IntelDHSvcConf.exe
O23 - Service: iPod Service - Apple Inc - C: \ Program Files \ iPod \ bin \ iPodService.exe
O23 - Service: Intel (R) Software Services Manager (ISSM) - Intel (R) Corporation - C: \ Program Files \ Intel \ IntelDH \ Intel Media Server \ Media Server \ bin \ ISSM.exe
O23 - Service: KService - Kontiki Inc - C: \ Program Files \ Kontiki \ KService.exe
O23 - Service: LightScribeService Direct Disc Označavanje Service (LightScribeService) - Hewlett-Packard Company - C: \ Program Files \ Common Files \ LightScribe \ LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C: \ programa ~ 1 \ Symantec \ LIVEUP ~ 1 \ LUCOMS ~ 1.EXE
O23 - Service: Service Notice LiveUpdate Ex (LiveUpdate Obavijest Ex) - Unknown vlasnika - C: \ Program Files \ Common Files \ Symantec Shared \ ccSvcHst.exe (file missing)
O23 - Service: LiveUpdate Obavijest Service - Symantec Corporation - C: \ Program Files \ Common Files \ Symantec Shared \ PIF \ (B8E1DD85-8582-4c61-B58F-2F227FCA9A08) \ PIFSvc.exe
O23 - Service: Intel (R) Viiv (TM) Media Server (M1 Server) - Unknown vlasnika - C: \ Program Files \ Intel \ IntelDH \ Intel Media Server \ Media Server \ bin \ mediaserver.exe
O23 - Service: Intel (R) Primjena Tracker (MCLServiceATL) - Intel (R) Corporation - C: \ Program Files \ Intel \ IntelDH \ Intel Media Server \ školjki \ MCLServiceATL.exe
O23 - Service: PnkBstrA - Unknown vlasnika - C: \ Windows \ system32 \ PnkBstrA.exe
O23 - Service: Intel (R) Remoting Service (Usluga udaljene UI) - Intel (R) Corporation - C: \ Program Files \ Intel \ IntelDH \ Intel Media Server \ školjki \ Remote UI Service.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C: \ Program Files \ Common Files \ Roxio Shared \ 9,0 \ SharedCOM \ RoxMediaDB9.exe
O23 - Service: Parna Client Service - Ventil Corporation - C: \ Program Files \ Common Files \ Parna \ SteamService.exe
O23 - Service: stllssvr - MicroVision Development, Inc - c: \ Program Files \ Common Files \ SureThing Shared \ stllssvr.exe

--
End of file - 11060 bytes


Nažalost, od posljednjeg pokretanje sam prisiljen vratiti u safe modu opet = (Što se dogodilo je da je nekoliko dana prije moje računalo smrznuti na prazan zaslon i zavrsilo prikazuje poruku o pogrešci koja rekao 'Logon proces nije uspio da stvori sigurnosnih opcija dijalog. Neuspeh - Security Options'.

On je nastavio ovaj događaj, a zatim booting uzimajući stvarno sporo, čim sam pokušao da pokrenete program, a zatim zamrzavanje središnji kroz pokretanje procesa, pa čak i ne uzimajući prošlosti Vidik Dobrodošli ekrana. Pa sam totalno deinstaliran smeća Norton Internet Security i instaliran Avast! i to se boot skenirati i postaviti ovaj rootkit u nekoliko datoteka, ali nisu mogli učiniti ništa o njima, da li sam ga ukloniti ili karantena njima (ja sam ovaj puta skeniranja za provjeru).

I onda sam našao ovaj forum ... u svakom slučaju, nadamo se skeniranje trupaca pomoći i moja priča ima smisla =)

[evilfantasy]

Download ComboFix © by sUBs jedan od linkova ispod. Budite sigurni da ste na vrhu u Desktop.

Link # 1
Link # 2

** Napomena: Važno je da se sprema izravno na svoj Desktop

Zatvori otvoriti bilo koju web preglednicima. (Firefox, Internet Explorer, etc) prije početka ComboFix.

Privremeno onemogućiti tvoj AntiVirus i bilo koji protušpijunskih Zaštita u stvarnom vremenu prije obavlja scan. Kliknite ovaj link da biste vidjeli popis sigurnosne programe, koji bi trebao biti onemogućen i kako onemogućiti ih.

Dvaput kliknite combofix.exe i slijedite upute.
Vista korisnici Desnom tipkom miša kliknite na ComboFix.exe i odaberite Pokreni kao administrator (dobit ćete prompt UAC, molimo dopustiti)
Kada završite ComboFix će proizvesti prijava za vas.
Objaviti ComboFix log u sljedećem odgovoru.

Važno: Ne mouseclick ComboFix's prozor dok je pokrenut. Svibanj uzrokovati da ga zatajiti.

Ne zaboravite ponovo uključili vaš protuvirusni i protušpijunski ComboFix zaštita kada je završeno.

Ako imate problema s ComboFix upotrebe, pogledajte Kako koristiti ComboFix