problem sa virusima

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

po startovanju racunara sistem mi prijavljuje razne greske i racunar mi uspori...


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:04:21, on 22.3.2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\MSI\Desktop\New Folder\TR3.exe.exe

F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\system.exe
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Ask Toolbar BHO - {FE063DB1-4EC0-403e-8DD8-394C54984B2C} - C:\Program Files\AskTBar\bar\1.bin\ASKTBAR.DLL
O3 - Toolbar: Ask Toolbar - {FE063DB9-4EC0-403e-8DD8-394C54984B2C} - C:\Program Files\AskTBar\bar\1.bin\ASKTBAR.DLL
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [Advanced SystemCare 3] "C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe" /startup
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {33331111-1111-1111-1111-615111193427} -
O16 - DPF: {E cellSpacing=5 cellPadding=3 width=400} -
O17 - HKLM\System\CCS\Services\Tcpip\..\{386EC6AE-B61C-4364-8575-6A3FB313EED6}: NameServer = 195.66.160.1,195.66.160.2
O17 - HKLM\System\CCS\Services\Tcpip\..\{DCBD630E-DBC0-4719-8B47-8F90FAE20EAC}: NameServer = 195.66.160.1 195.66.160.2
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O24 - Desktop Component 0: (no name) - izaberipartizan.com/img/bg.gif

--
End of file - 4506 bytes

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

* Otvori Nod32 Control Center (Klik na njegovu tray ikonicu ( ) u donjem desnom uglu ekrana).
* Izaberi AMON iz Threat Protection grupe opcija.
* Na desnom panelu deštikliraj opciju File system monitor (AMON) enabled.
* Gašenje ove opcije pokazaće se kroz promenu boje Control Center-a iz zelene u crvenu.

Napomena: Ne zaboravi da uključiš ovu opciju po završetku čišćenja.


Skini ComboFix sa jedne od sledecih adresa na Desktop:
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
http://www.forospyware.com/sUBs/ComboFix.exe
http://subs.geekstogo.com/ComboFix.exe

Startuj ga i ne diraj prozor programa dok skenira.
Sledi uputstva na ekranu. Kada zavrsi pojavice se log (C:\ComboFix.txt) koji ces nam ovde iskopirati.

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

ComboFix 09-03-23.01 - MSI 2009-03-24 15:12:48.4 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1023.664 [GMT 1:00]
Running from: c:\documents and settings\MSI\Desktop\ComboFix.exe
AV: ESET NOD32 antivirus system 2.70 *On-access scanning disabled* (Updated)
FW: ZoneAlarm Pro Firewall *disabled*
* Created a new restore point
.

((((((((((((((((((((((((( Files Created from 2009-02-24 to 2009-03-24 )))))))))))))))))))))))))))))))
.

2009-03-22 20:19 . 2009-03-22 20:21 <DIR> d-------- c:\program files\uTorrent
2009-03-22 20:19 . 2009-03-22 22:31 <DIR> d-------- c:\documents and settings\MSI\Application Data\uTorrent
2009-03-18 09:34 . 2009-03-18 09:34 501 --a------ C:\niz.exe
2009-03-17 14:36 . 2009-03-17 14:36 114,688 -rahs---- c:\windows\system32\mxvrcu.dll
2009-02-26 14:59 . 2009-02-26 14:59 <DIR> d-------- c:\documents and settings\MSI\Application Data\Desktopicon
2009-02-26 14:58 . 2009-02-26 15:00 <DIR> d-------- c:\program files\Unlocker
2009-02-26 13:26 . 2009-02-26 13:26 <DIR> d-------- c:\program files\Enigma Software Group
2009-02-25 17:48 . 2009-02-27 20:29 7,451 --a------ C:\pe.exe
2009-02-25 10:17 . 2009-02-25 15:20 398 --a------ C:\pes.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-03-15 18:00 64,160 ----a-w c:\windows\system32\drivers\Lbd.sys
2009-03-13 10:16 449 ----a-w c:\program files\highscores.txt
2009-03-13 10:16 4,813 ----a-w c:\program files\debug.txt
2009-03-10 11:35 45,056 ----a-w c:\windows\NCUNINST.EXE
2009-02-25 18:18 --------- d-----w c:\program files\ESET
2009-02-01 17:57 --------- dc-h--w c:\documents and settings\All Users\Application Data\{83C91755-2546-441D-AC40-9A6B4B860800}
2009-02-01 17:57 --------- d-----w c:\program files\Lavasoft
2009-02-01 17:57 --------- d-----w c:\documents and settings\All Users\Application Data\Lavasoft
2009-02-01 17:55 --------- d-----w c:\program files\IObit
2009-02-01 17:55 --------- d-----w c:\documents and settings\MSI\Application Data\IObit
2009-02-01 17:54 --------- d-----w c:\program files\CCleaner
2009-02-01 12:07 352,256 ----a-w c:\windows\eSellerateEngine.dll
2009-02-01 12:07 --------- d-----w c:\program files\Raptisoft
2009-02-01 11:19 9,821 ----a-w c:\program files\Uninst.isu
2009-02-01 11:19 --------- d-----w c:\program files\Internet
2009-01-26 21:19 --------- d-----w c:\program files\Common Files\SWF Studio
2009-01-26 21:00 --------- d-----w c:\program files\KeyOPS
2009-01-26 20:32 --------- d-----w c:\program files\Phenomedia AG
2009-01-25 17:22 --------- d-----w c:\documents and settings\MSI\Application Data\Nokia Multimedia Player
2009-01-18 21:35 15,688 ----a-w c:\windows\system32\lsdelete.exe
2008-01-03 16:27 920 ---ha-w c:\documents and settings\MSI\setup.bin
2007-01-26 20:17 16,752 ----a-w c:\documents and settings\MSI\Application Data\GDIPFONTCACHEV1.DAT
2001-03-12 16:04 335,872 ------w c:\program files\MoorhuhnWinter.exe
2001-03-12 15:52 14,290,436 ------w c:\program files\moorhuhnwinter.dat
2001-03-08 13:05 674 ----a-w c:\program files\LiesMich.html
2001-03-08 13:00 610 ----a-w c:\program files\LiesMich.txt
2001-03-07 12:15 10,509 ----a-w c:\program files\FAQ.html
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-03 15360]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2006-11-16 139264]
"Advanced SystemCare 3"="c:\program files\IObit\Advanced SystemCare 3\AWC.exe" [2009-01-09 2262352]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2005-05-20 925696]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2005-10-10 7286784]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2005-10-10 86016]
"nod32kui"="c:\program files\Eset\nod32kui.exe" [2008-04-01 949376]
"Ad-Watch"="c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2009-03-15 515416]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2006-10-03 77824]
"High Definition Audio Property Page Shortcut"="HDAShCut.exe" [2004-10-27 c:\windows\system32\HdAShCut.exe]
"nwiz"="nwiz.exe" [2005-10-10 c:\windows\system32\nwiz.exe]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 nwprovau

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
c:\windows\system32\dumprep 0 -k [X]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DataLayer]
--a------ 2006-06-28 15:50 851456 c:\progra~1\COMMON~1\PCSuite\DATALA~1\DATALA~1.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LanguageShortcut]
--a------ 2006-05-18 10:29 49152 c:\program files\CyberLink\PowerDVD\Language\Language.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2006-01-12 14:40 155648 c:\program files\Common Files\Ahead\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCSuiteTrayApplication]
--a------ 2006-06-15 12:36 229376 c:\progra~1\Nokia\NOKIAP~1\LAUNCH~1.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PcSync]
--a------ 2006-06-27 16:21 1449984 c:\program files\Nokia\Nokia PC Suite 6\PcSync2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2006-10-03 20:29 77824 c:\program files\QuickTime\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
--------- 2005-12-07 21:57 30208 c:\program files\CyberLink\PowerDVD\PDVDServ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr]
-ra------ 2006-03-30 15:45 313472 c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
--a------ 2003-12-13 01:50 33792 c:\program files\Winamp\winampa.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
"AntiVirusOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\KONAMI\\Pro Evolution Soccer 2009\\pes2009.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-02-01 64160]
R1 nod32drv;nod32drv;c:\windows\system32\drivers\nod32drv.sys [2008-04-01 15424]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2009-01-18 951632]
S2 zvczls;zvczls;c:\windows\system32\svchost.exe -k netsvcs [2004-08-03 14336]
S3 doojt;doojt;\??\c:\windows\system32\01.tmp --> c:\windows\system32\01.tmp [?]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
zvczls

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{29f79d1b-e124-11dc-90f1-9773b73be2fe}]
\Shell\Auto\command - G:\Autorun.exe
\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Autorun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2af7bfe0-3170-11dc-9bf2-a1fe62189e1c}]
\Shell\Auto\command - G:\Autorun.exe
\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Autorun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3fafb2ca-e0c0-11dc-90f0-d994d8eba476}]
\Shell\Auto\command - G:\Autorun.exe
\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Autorun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a1db0643-e624-11dc-9107-eb9e4f3a9047}]
\Shell\AutoRun\command - G:\usdeiect.com
\Shell\explore\Command - G:\usdeiect.com
\Shell\open\Command - G:\usdeiect.com

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ac5a392c-04d3-11dd-9185-9c9c8d20f0c2}]
\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL nircmd.exe execmd CALL batexe\progstart.bat

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d16c1c21-5bf8-11dc-9ca6-c0b6b4a886dd}]
\Shell\Auto\command - G:\Autorun.exe
\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Autorun.exe
.
Contents of the 'Scheduled Tasks' folder

2009-03-23 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-03-15 18:59]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/webhp?hl=sr&lr=
uInternet Connection Wizard,ShellNext = iexplore
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
LSP: c:\windows\system32\imon.dll
TCP: {386EC6AE-B61C-4364-8575-6A3FB313EED6} = 195.66.160.1,195.66.160.2
TCP: {DCBD630E-DBC0-4719-8B47-8F90FAE20EAC} = 195.66.160.1 195.66.160.2
DPF: {33331111-1111-1111-1111-615111193427}
DPF: {E cellSpacing=5 cellPadding=3 width=400}
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net
Rootkit scan 2009-03-24 15:19:13
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


C:\sccfg.sys 20 bytes

scan completed successfully
hidden files: 1

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\doojt]
"ImagePath"="\??\c:\windows\system32\01.tmp"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'lsass.exe'(820)
c:\windows\system32\imon.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\ESET\nod32krn.exe
c:\windows\system32\nvsvc32.exe
c:\program files\CyberLink\Shared files\RichVideo.exe
c:\windows\system32\wdfmgr.exe
c:\windows\system32\wbem\unsecapp.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\rundll32.exe
c:\program files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
.
**************************************************************************
.
Completion time: 2009-03-24 15:22:35 - machine was rebooted
ComboFix-quarantined-files.txt 2009-03-24 14:22:30
ComboFix2.txt 2009-03-23 14:47:32
ComboFix3.txt 2009-03-22 21:40:11

Pre-Run: 23.193.616.384 bytes free
Post-Run: 23,263,268,864 bytes free

185

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Iskljuci privremeno antivirus program

Otvoriti Notepad i iskopirati sledeci tekst:

File::
c:\windows\system32\mxvrcu.dll
C:\pe.exe
C:\pes.exe
C:\niz.exe
c:\windows\system32\01.tmp

Driver::
zvczls
doojt

NetSvc::
zvczls

Registry::
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{29f79d1b-e124-11dc-90f1-9773b73be2fe}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2af7bfe0-3170-11dc-9bf2-a1fe62189e1c}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3fafb2ca-e0c0-11dc-90f0-d994d8eba476}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a1db0643-e624-11dc-9107-eb9e4f3a9047}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ac5a392c-04d3-11dd-9185-9c9c8d20f0c2}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d16c1c21-5bf8-11dc-9ca6-c0b6b4a886dd}]


Snimiti na Desktop fajl iz Notepada kao "CFScript"




Prevuci snimljeni skript/tekst na ComboFix ikonicu kao na slici.
Postaviti u sledecoj poruci log koji bude bio napravljen na kraju ciscenja/skeniranja.