Radi detaljnijeg uvida u stanje računala i s ciljem bržeg pronalaženja uzroka problema, opisujemo način prikupljanja bitnih podataka.
Naravno, korisnikova je završna odluka hoće li i koje podatke proslijediti. Iskustvo kaže da više informacija dovodi do bržeg razumijevanja problema i nalaženja rješenja. Ove su datoteke koje najčešće pomažu pri otkrivanju problema, ali Qubisov odjel tehničke podrške će možda zatražiti dodatne podatke ako iz priloženih nešto nije vidljivo.
Za spremanje datoteka koristite neki privremeni direktorij, a mislimo da je najjednostavnije napraviti novi (npr: "c:\tmp\ZaQubis") samo za tu svrhu, kako biste ga na kraju jednostavno cijeloga komprimirali i poslali.


PRIPREMA DATOTEKA

EVENT LOG - Sve event baze
 - Pokrenite Event Viewer
   (Start --> Run --> EVENTVWR.EXE)
 - kliknite na jednu po jednu EventLog bazu / view
 - Action --> Save log file as ...
 - spremite u datoteku %tmp%\event-<nazivbaze>.evt
   (npr. event-application.evt, event-system.evt, ...)
 - Action --> Save log file as ...
 - spremite u datoteku %tmp%\event-<nazivbaze>.txt
   (npr. event-application.txt, event-system.txt, ...)
SYSTEM INFO
 - Pokrenite System Information
   (Start --> Run --> MSINFO32.EXE)
 - File --> Save ...
 - spremite u datoteku %tmp%\sysinfo.nfo
 - File --> Export ...
 - spremite u datoteku %tmp%\sysinfo.txt

REGISTRY
 - pokrenite regedit
   (Start --> Run --> REGEDIT.EXE)
 - postavite se na granu HKLM \ Software \ Sophos
 - File --> Export
 - spremite u datoteku %tmp%\hklmss.reg
 - File --> Export
 - spremite u datoteku %tmp%\hklmss.txt

GETSTART.TXT
 - preimenujte ju u GETSTART.BAT i pokrenite
 - prikupit će niz podataka o sustavu


SLANJE PRIKUPLJENIH DATOTEKA
Nekim programom za komprimiranje napravite ZIP / RAR / ARJ datoteku i u nju stavite sljedeće datoteke:

(-) %tmp%\event-*.*
(-) %tmp%\sysinfo.*
(-) %tmp%\hklmss*.reg
(-) sve datoteke *.LOG, *.CFG, *.REP i *.XML iz direktorija "%ProgramFiles%\Sophos Sweep for NT\" i ispod
    Primjer za prikupljanje navedenih datoteka programom Info-ZIP (http://www.info-zip.org/pub/infozip):
    zip  -v9Sr  %tmp%\ZaQubis  "c:\Program Files\Sophos SWEEP for NT" -i *.cfg *.log *.rep *.xml
(-) %WinDir%\SOPHOS.TXT

Ako mislite da postoji još datoteka ili podataka koji bi mogli ubrzati pronalaženje uzroka problema, slobodno ih priložite.

Objašnjenja:
HKLM ............. HKEY_Local_Machine
HKCU ............. HKEY_Current_User
%tmp% ............ je neki privremeni ('temporary') folder (npr. "c:\tmp\zaqubis")
%ProgramFiles% ... je direktorij u kojemu su aplikacije (najčešće "C:\Program Files")
%WinDir% ......... je direktorij u kojemu su instalirani Windowsi (najčešće "C:\Windows" ili "C:\WinNT")

Prema svim podacima prikupljenim na opisani način Qubis i Sophos se odnose kao prema poslovnoj tajni.

U nastavku donosimo kod GETSTART.TXT. Kopirajte ovaj tekst u praznu datoteku i preimenujte je u GETSTART.BAT.

@echo off

set OUTPUTFILE=%windir%\SOPHOS.TXT
set TEMPFILE=GETSTART.TMP
set OLDPATH=%path%
set PATH=%path%;%WINDIR%;%WINDIR%\system32;%WINDIR%\command

echo.
echo GETSTART.BAT -- Utility to collate Windows startup information
echo Version 2.15
echo Copyright (c) 2002, Sophos Plc, http://www.sophos.com
echo.

echo Gathering Startup Information...

echo -------------------- WINDOWS VERSION >%OUTPUTFILE%
ver >>%OUTPUTFILE%
echo. >>%OUTPUTFILE%

echo. >>%OUTPUTFILE%
echo -------------------- REGISTRY >>%OUTPUTFILE%
echo. >>%OUTPUTFILE%
regedit /e %TEMPFILE% HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\open\command
if exist %TEMPFILE% type %TEMPFILE% >>%OUTPUTFILE%
if exist %TEMPFILE% del %TEMPFILE%
regedit /e %TEMPFILE% HKEY_LOCAL_MACHINE\SOFTWARE\Classes\comfile\shell\open\command
if exist %TEMPFILE% type %TEMPFILE% >>%OUTPUTFILE%
if exist %TEMPFILE% del %TEMPFILE%
regedit /e %TEMPFILE% HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce
if exist %TEMPFILE% type %TEMPFILE% >>%OUTPUTFILE%
if exist %TEMPFILE% del %TEMPFILE%
regedit /e %TEMPFILE% HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices
if exist %TEMPFILE% type %TEMPFILE% >>%OUTPUTFILE%
if exist %TEMPFILE% del %TEMPFILE%
regedit /e %TEMPFILE% HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce
if exist %TEMPFILE% type %TEMPFILE% >>%OUTPUTFILE%
if exist %TEMPFILE% del %TEMPFILE%
regedit /e %TEMPFILE% HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx
if exist %TEMPFILE% type %TEMPFILE% >>%OUTPUTFILE%
if exist %TEMPFILE% del %TEMPFILE%
regedit /e %TEMPFILE% HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
if exist %TEMPFILE% type %TEMPFILE% >>%OUTPUTFILE%
if exist %TEMPFILE% del %TEMPFILE%
regedit /e %TEMPFILE% HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
if exist %TEMPFILE% type %TEMPFILE% >>%OUTPUTFILE%
if exist %TEMPFILE% del %TEMPFILE%
regedit /e %TEMPFILE% HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce
if exist %TEMPFILE% type %TEMPFILE% >>%OUTPUTFILE%
if exist %TEMPFILE% del %TEMPFILE%
regedit /e %TEMPFILE% HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnceEx
if exist %TEMPFILE% type %TEMPFILE% >>%OUTPUTFILE%
if exist %TEMPFILE% del %TEMPFILE%
regedit /e %TEMPFILE% HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows\Load
if exist %TEMPFILE% type %TEMPFILE% >>%OUTPUTFILE%
if exist %TEMPFILE% del %TEMPFILE%
regedit /e %TEMPFILE% HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows\Run
if exist %TEMPFILE% type %TEMPFILE% >>%OUTPUTFILE%
if exist %TEMPFILE% del %TEMPFILE%
regedit /e %TEMPFILE% HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsNT\CurrentVersion\Winlogon\Userinit
if exist %TEMPFILE% type %TEMPFILE% >>%OUTPUTFILE%
if exist %TEMPFILE% del %TEMPFILE%

regedit /e %TEMPFILE% HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce-
if exist %TEMPFILE% type %TEMPFILE% >>%OUTPUTFILE%
if exist %TEMPFILE% del %TEMPFILE%
regedit /e %TEMPFILE% HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices-
if exist %TEMPFILE% type %TEMPFILE% >>%OUTPUTFILE%
if exist %TEMPFILE% del %TEMPFILE%
regedit /e %TEMPFILE% HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run-
if exist %TEMPFILE% type %TEMPFILE% >>%OUTPUTFILE%
if exist %TEMPFILE% del %TEMPFILE%
regedit /e %TEMPFILE% HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run-
if exist %TEMPFILE% type %TEMPFILE% >>%OUTPUTFILE%
if exist %TEMPFILE% del %TEMPFILE%

move %OUTPUTFILE% %TEMPFILE%
find /v "REGEDIT4" <%TEMPFILE% >%OUTPUTFILE%
move %OUTPUTFILE% %TEMPFILE%
find /v "Windows Registry Editor Version 5.00" <%TEMPFILE% >%OUTPUTFILE%

echo. >>%OUTPUTFILE%
echo -------------------- AUTOEXEC.BAT >>%OUTPUTFILE%
echo. >>%OUTPUTFILE%
if exist %WINBOOTDIR%\autoexec.bat type %WINBOOTDIR%\autoexec.bat >>%OUTPUTFILE%

echo. >>%OUTPUTFILE%
echo -------------------- CONFIG.SYS >>%OUTPUTFILE%
echo. >>%OUTPUTFILE%
if exist %WINBOOTDIR%\config.sys type %WINBOOTDIR%\config.sys >>%OUTPUTFILE%

echo. >>%OUTPUTFILE%
echo -------------------- WIN.INI >>%OUTPUTFILE%
echo. >>%OUTPUTFILE%
if exist %WINDIR%\win.ini find "load=" <%WINDIR%\win.ini >>%OUTPUTFILE%
if exist %WINDIR%\win.ini find "run=" <%WINDIR%\win.ini >>%OUTPUTFILE%

echo. >>%OUTPUTFILE%
echo -------------------- WININIT.INI >>%OUTPUTFILE%
echo. >>%OUTPUTFILE%
if exist %WINDIR%\wininit.ini type %WINDIR%\wininit.ini >>%OUTPUTFILE%

echo. >>%OUTPUTFILE%
echo -------------------- STARTUP FOLDERS >>%OUTPUTFILE%
echo. >>%OUTPUTFILE%
attrib.exe /s "%WINDIR%\Start Menu\Programs\Startup\*.*" >>%OUTPUTFILE%
attrib.exe /s "%userprofile%\Start Menu\Programs\Startup\*.*" >>%OUTPUTFILE%
attrib.exe /s "%allusersprofile%\Start Menu\Programs\Startup\*.*" >>%OUTPUTFILE%

echo. >>%OUTPUTFILE%
echo -------------------- GETSTART COMPLETED >>%OUTPUTFILE%

:message
echo Completed.
echo.
echo Please send the file %OUTPUTFILE% to support@sophos.com
echo.

:end
rem Cleanup temporary files
if exist %TEMPFILE% del %TEMPFILE%

rem Cleanup environment variables
set path=%oldpath%
set OLDPATH=
set TEMPFILE=
set OUTPUTFILE=

echo.
echo.
pause