olmarik.zc virusproblem

18 november, 2010

Här kommer loggen från combofix:

ComboFix 10-11-17.04 - JIMMY 2010-11-18 18:57:48.4.4 - x86

Microsoft Windows 7 Home Premium 6.1.7600.0.1252.46.1053.18.3061.2101 [GMT 1:00]

Körs från: c:\users\JIMMY\Desktop\ComboFix.exe

Använda kommandoväxlar :: c:\users\JIMMY\Desktop\CFScript.txt

* Resident AV is active

.

(((((((((((((((((((((((( Filer Skapade från 2010-10-18 till 2010-11-18 ))))))))))))))))))))))))))))))

.

2010-11-18 18:01 . 2010-11-18 18:01 -------- d-----w- c:\users\ZANDRA\AppData\Local\temp

2010-11-18 18:01 . 2010-11-18 18:01 -------- d-----w- c:\users\Default\AppData\Local\temp

2010-11-17 18:27 . 2010-11-17 18:27 -------- d-----w- c:\program files\7-Zip

2010-11-17 18:12 . 2010-11-17 18:13 -------- d-----w- c:\programdata\WinZip

2010-11-17 17:25 . 2010-10-07 23:21 6146896 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{9F0B7322-D20F-4BC8-A973-F76E914C9036}\mpengine.dll

2010-11-14 19:03 . 2010-11-18 18:01 -------- d-----w- c:\users\JIMMY\AppData\Local\temp

2010-11-14 11:31 . 2010-11-14 11:31 -------- d-----w- c:\users\JIMMY\AppData\Roaming\Malwarebytes

2010-11-14 11:31 . 2010-04-29 14:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2010-11-14 11:31 . 2010-11-14 11:31 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2010-11-14 11:31 . 2010-11-14 11:31 -------- d-----w- c:\programdata\Malwarebytes

2010-11-14 11:31 . 2010-04-29 14:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys

2010-11-08 17:08 . 2010-11-08 17:08 -------- d-----w- C:\Antivirus REMOVAL TOOLS 2010

2010-11-07 10:48 . 2010-11-07 10:48 -------- d-----w- c:\users\JIMMY\AppData\Local\ESET

2010-11-06 10:37 . 2010-11-06 10:37 103864 ----a-w- c:\program files\Mozilla Firefox\plugins\nppdf32.dll

2010-11-06 10:37 . 2010-11-06 10:37 103864 ----a-w- c:\program files\Internet Explorer\PLUGINS\nppdf32.dll

2010-11-04 11:25 . 2010-11-04 11:26 -------- d-----w- c:\users\ZANDRA\AppData\Roaming\Winamp

2010-11-04 11:19 . 2010-11-04 11:23 -------- d-----w- c:\users\ZANDRA\AppData\Roaming\Azureus

2010-10-29 10:17 . 2010-08-04 06:18 641536 ----a-w- c:\windows\system32\CPFilters.dll

2010-10-29 10:17 . 2010-08-04 06:17 417792 ----a-w- c:\windows\system32\msdri.dll

2010-10-29 10:17 . 2010-08-04 06:15 204288 ----a-w- c:\windows\system32\MSNP.ax

2010-10-29 10:17 . 2010-08-04 06:15 199680 ----a-w- c:\windows\system32\mpg2splt.ax

2010-10-29 10:17 . 2010-07-13 05:22 26504 ----a-w- c:\windows\system32\drivers\Diskdump.sys

2010-10-24 11:24 . 2010-10-24 11:24 48648 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\Markup.dll

2010-10-24 11:24 . 2010-10-24 11:24 346944 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll

2010-10-23 12:14 . 2010-10-23 12:16 -------- d-----w- c:\program files\AdvancedDVDPlayer

.

(((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-11-17 18:28 . 2010-11-17 18:14 3451223 ----a-w- C:\Qoobox.zip

2010-11-05 21:25 . 2010-02-07 20:19 48648 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\Markup.dll

2010-10-19 09:41 . 2010-02-12 08:00 222080 ------w- c:\windows\system32\MpSigStub.exe

2010-09-15 02:50 . 2010-09-28 18:29 472808 ----a-w- c:\windows\system32\deployJava1.dll

2010-09-08 04:30 . 2010-10-13 16:00 978432 ----a-w- c:\windows\system32\wininet.dll

2010-09-08 04:28 . 2010-10-13 16:00 44544 ----a-w- c:\windows\system32\licmgr10.dll

2010-09-08 03:22 . 2010-10-13 16:00 386048 ----a-w- c:\windows\system32\html.iec

2010-09-08 02:48 . 2010-10-13 16:00 1638912 ----a-w- c:\windows\system32\mshtml.tlb

2010-09-02 07:05 . 2010-09-02 07:05 1247744 ----a-w- c:\windows\system32\drivers\athr.sys

2010-09-01 04:23 . 2010-10-13 16:00 12625408 ----a-w- c:\windows\system32\wmploc.DLL

2010-09-01 02:34 . 2010-10-13 16:00 2327552 ----a-w- c:\windows\system32\win32k.sys

2010-08-31 04:32 . 2010-10-13 16:00 954752 ----a-w- c:\windows\system32\mfc40.dll

2010-08-31 04:32 . 2010-10-13 16:00 954288 ----a-w- c:\windows\system32\mfc40u.dll

2010-08-27 05:46 . 2010-10-13 16:00 168448 ----a-w- c:\windows\system32\srvsvc.dll

2010-08-27 03:31 . 2010-10-13 16:00 310784 ----a-w- c:\windows\system32\drivers\srv.sys

2010-08-27 03:30 . 2010-10-13 16:00 308736 ----a-w- c:\windows\system32\drivers\srv2.sys

2010-08-27 03:30 . 2010-10-13 16:00 113664 ----a-w- c:\windows\system32\drivers\srvnet.sys

2010-08-26 04:39 . 2010-10-13 16:00 109056 ----a-w- c:\windows\system32\t2embed.dll

2010-08-21 05:36 . 2010-10-13 15:59 738816 ----a-w- c:\windows\system32\wmpmde.dll

2010-08-21 05:36 . 2010-10-13 16:00 224256 ----a-w- c:\windows\system32\schannel.dll

2010-08-21 05:33 . 2010-10-13 16:00 530432 ----a-w- c:\windows\system32\comctl32.dll

2010-08-21 05:32 . 2010-09-19 11:42 316928 ----a-w- c:\windows\system32\spoolsv.exe

2008-08-16 16:42 . 2008-08-16 16:42 13112 ----a-w- c:\program files\mozilla firefox\plugins\cgpcfg.dll

2008-08-16 16:42 . 2008-08-16 16:42 70456 ----a-w- c:\program files\mozilla firefox\plugins\CgpCore.dll

2008-08-16 16:42 . 2008-08-16 16:42 91448 ----a-w- c:\program files\mozilla firefox\plugins\confmgr.dll

2008-08-16 16:42 . 2008-08-16 16:42 20800 ----a-w- c:\program files\mozilla firefox\plugins\ctxlogging.dll

2008-08-16 16:43 . 2008-08-16 16:43 206136 ----a-w- c:\program files\mozilla firefox\plugins\ctxmui.dll

2008-08-16 16:42 . 2008-08-16 16:42 31032 ----a-w- c:\program files\mozilla firefox\plugins\icafile.dll

2008-08-16 16:42 . 2008-08-16 16:42 40248 ----a-w- c:\program files\mozilla firefox\plugins\icalogon.dll

2008-05-21 07:41 . 2008-05-21 07:41 479232 ----a-w- c:\program files\mozilla firefox\plugins\msvcm80.dll

2008-05-21 07:41 . 2008-05-21 07:41 548864 ----a-w- c:\program files\mozilla firefox\plugins\msvcp80.dll

2008-05-21 07:41 . 2008-05-21 07:41 626688 ----a-w- c:\program files\mozilla firefox\plugins\msvcr80.dll

2008-06-05 12:58 . 2008-06-05 12:58 648504 ----a-w- c:\program files\mozilla firefox\plugins\sslsdk_b.dll

2008-08-16 16:42 . 2008-08-16 16:42 23864 ----a-w- c:\program files\mozilla firefox\plugins\TcpPServ.dll

.

(((((((((((((((((((((((((((((((((( Startpunkter i registret )))))))))))))))))))))))))))))))))))))))))))))))

.

*Not* Tomma poster & legitima standardposter visas inte.

REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]

"{ba14329e-9550-4989-b3f2-9732e92d17cc}"= "c:\program files\Vuze_Remote\tbVuze.dll" [2009-12-31 2349080]

[HKEY_CLASSES_ROOT\clsid\{ba14329e-9550-4989-b3f2-9732e92d17cc}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ba14329e-9550-4989-b3f2-9732e92d17cc}]

2009-12-31 10:53 2349080 ----a-w- c:\program files\Vuze_Remote\tbVuze.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

"{ba14329e-9550-4989-b3f2-9732e92d17cc}"= "c:\program files\Vuze_Remote\tbVuze.dll" [2009-12-31 2349080]

[HKEY_CLASSES_ROOT\clsid\{ba14329e-9550-4989-b3f2-9732e92d17cc}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]

"{BA14329E-9550-4989-B3F2-9732E92D17CC}"= "c:\program files\Vuze_Remote\tbVuze.dll" [2009-12-31 2349080]

[HKEY_CLASSES_ROOT\clsid\{ba14329e-9550-4989-b3f2-9732e92d17cc}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Steam"="c:\program files\steam\steam.exe" [2010-11-17 1242448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-12-15 8120864]

"UpdateLBPShortCut"="c:\program files\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" [2009-05-19 222504]

"CLMLServer"="c:\program files\CyberLink\Power2Go\CLMLSvc.exe" [2009-06-03 103720]

"UpdateP2GoShortCut"="c:\program files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2009-05-19 222504]

"UpdatePDRShortCut"="c:\program files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" [2008-01-04 222504]

"RemoteControl8"="c:\program files\CyberLink\PowerDVD8\PDVD8Serv.exe" [2009-04-15 91432]

"PDVD8LanguageShortcut"="c:\program files\CyberLink\PowerDVD8\Language\Language.exe" [2009-04-15 50472]

"UpdatePPShortCut"="c:\program files\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe" [2008-12-03 218408]

"UpdatePSTShortCut"="c:\program files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe" [2009-07-21 210216]

"APLangApp"="c:\program files\AnyPC Client\APLangApp.exe" [2009-11-20 13312]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-11-04 13830760]

"UCam_Menu"="c:\program files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2009-05-19 222504]

"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]

"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2010-05-18 202256]

"AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]

"CanonSolutionMenu"="c:\program files\Canon\SolutionMenu\CNSLMAIN.exe" [2008-03-10 689488]

"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2008-03-17 1848648]

"IJNetworkScanUtility"="c:\program files\Canon\Canon IJ Network Scan Utility\CNMNSUT.EXE" [2007-05-20 124512]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-20 932288]

"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2009-09-29 2054360]

c:\users\ZANDRA\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2009-10-2 795936]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 0 (0x0)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableLUA"= 0 (0x0)

"EnableUIADesktopToggle"= 0 (0x0)

"PromptOnSecureDesktop"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"mixer9"=wdmaud.drv

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]

@="Service"

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

R2 gupdate;Tjänsten Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-02-08 135664]

R3 hwusbdev;Huawei DataCard USB PNP Device;c:\windows\system32\DRIVERS\ewusbdev.sys [2009-07-24 101248]

R3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [2009-10-26 125696]

R3 KMWDFILTERx86;HIDServiceDesc;c:\windows\system32\DRIVERS\KMWDFILTER.sys [2009-04-29 25088]

R3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2010-02-12 1181328]

R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2009-07-13 139776]

R3 WatAdminSvc;Aktiveringsteknologier för Windows-tjänst;c:\windows\system32\Wat\WatAdminSvc.exe [2010-05-21 1343400]

S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [2009-09-23 64288]

S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [2009-09-29 108792]

S1 SABI;SAMSUNG Kernel Driver For Windows 7;c:\windows\system32\Drivers\SABI.sys [2009-05-28 10752]

S2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [2009-09-29 735960]

S2 epfwwfpr;epfwwfpr;c:\windows\system32\DRIVERS\epfwwfpr.sys [2009-09-29 95896]

S2 OberonGameConsoleService;Oberon Media Game Console service;c:\program files\Samsung Casual Games\GameConsole\OberonGameConsoleService.exe [2009-08-13 44312]

S2 Rezip;Rezip;c:\windows\SYSTEM32\Rezip.exe [2009-03-05 311296]

S2 waclient;Portwise Access Client Driver;c:\windows\system32\drivers\waclient.sys [2010-08-05 34296]

S3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys [2009-07-01 43944]

S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2009-04-07 29472]

S3 KMWDFilter1X;KM DRIVER;c:\windows\system32\DRIVERS\RP24GV1.sys [2009-10-28 16896]

S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [2009-06-27 66080]

S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x86.sys [2010-02-15 322336]

.

Innehållet i mappen 'Schemalagda aktiviteter':

2010-11-18 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-08 19:42]

2010-11-18 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-08 19:42]

.

------- Extra genomsökning -------

.

uStart Page = hxxp://www.google.se/

IE: E&xportera till Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000

IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html

IE: Skicka bild till &Bluetooth-enhet... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm

IE: Skicka sida till &Bluetooth-enhet... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

DPF: {3195CF7C-E9E2-49B2-8B61-14F285298E1C} - hxxps://molnet.tranas.se/wa/AccessClientLoader.cab

FF - ProfilePath - c:\users\JIMMY\AppData\Roaming\Mozilla\Firefox\Profiles\fv4rxgmc.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.google.se/

FF - component: c:\programdata\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext\components\nprpffbrowserrecordext.dll

FF - component: c:\users\JIMMY\AppData\Roaming\Mozilla\Firefox\Profiles\fv4rxgmc.default\extensions\flashcatch-amo@flashcatch.com\components\FlashCatch.dll

FF - component: c:\users\JIMMY\AppData\Roaming\Mozilla\Firefox\Profiles\fv4rxgmc.default\extensions\flashcatch-amo@flashcatch.com\components\FlashCatch191.dll

FF - component: c:\users\JIMMY\AppData\Roaming\Mozilla\Firefox\Profiles\fv4rxgmc.default\extensions\flashcatch-amo@flashcatch.com\components\FlashCatch192.dll

---- FIREFOX POLICY ----

c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".se");

.

--------------------- LÅSTA REGISTERNYCKLAR ---------------------

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\windows\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\windows\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

--------------------- DLLer som "laddats" under processer som körs ---------------------

- - - - - - - > 'Explorer.exe'(3704)

c:\program files\WIDCOMM\Bluetooth Software\btmmhook.dll

.

Sluttid: 2010-11-18 19:03:31

ComboFix-quarantined-files.txt 2010-11-18 18:03

ComboFix2.txt 2010-11-16 20:44

ComboFix3.txt 2010-11-14 19:03

Före genomsökningen: 64 302 546 944 byte ledigt

Efter genomsökningen: 64 239 042 560 byte ledigt

- - End Of File - - E3417CA8BFC521638C0115FB5ACA53D6

18 november, 2010

Har du en länk till DDS?

18 november, 2010

Förlåt det hade ju blivit fel i CFScript. En gång till med tre rader:

Kopiera alla rader i rutan:

RegLock::
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}][HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

och klistra in i Anteckningar. Kontrollera att det ser exakt likadant ut, t ex när det gäller radbrytningar.

Spara filen på Skrivbordet med namnet CFScript.

Förbered datorn på samma sätt som tidigare för ComboFix.

Dra CFScript med musen och släpp den ovanpå ComboFix-ikonen på Skrivbordet så startar programmet på ett särskilt sätt.

Klistra in loggen som kommer ut.

18 november, 2010

Spara DDS på Skrivbordet.

http://download.bleepingcomputer.com/sUBs/dds.scr

Starta programmet genom att dubbelklicka på det.

Tryck Yes/Ja om frågan om Optional Scan dyker upp.

I ditt svar klistrar du in loggen DSS.txt. Medan du bifogar Attach.txt som en fil (klicka på Använd full redigerare).

18 november, 2010

HÄR kommer logg 2!

Med combofix 3rader

ComboFix 10-11-17.04 - JIMMY 2010-11-18 19:30:16.5.4 - x86

Microsoft Windows 7 Home Premium 6.1.7600.0.1252.46.1053.18.3061.2123 [GMT 1:00]

Körs från: c:\users\JIMMY\Desktop\ComboFix.exe

Använda kommandoväxlar :: c:\users\JIMMY\Desktop\CFScript.txt

* Resident AV is active

.

(((((((((((((((((((((((( Filer Skapade från 2010-10-18 till 2010-11-18 ))))))))))))))))))))))))))))))

.

2010-11-18 18:34 . 2010-11-18 18:34 -------- d-----w- c:\users\ZANDRA\AppData\Local\temp

2010-11-18 18:34 . 2010-11-18 18:34 -------- d-----w- c:\users\Default\AppData\Local\temp

2010-11-17 18:27 . 2010-11-17 18:27 -------- d-----w- c:\program files\7-Zip

2010-11-17 18:12 . 2010-11-17 18:13 -------- d-----w- c:\programdata\WinZip

2010-11-17 17:25 . 2010-10-07 23:21 6146896 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{9F0B7322-D20F-4BC8-A973-F76E914C9036}\mpengine.dll

2010-11-14 19:03 . 2010-11-18 18:34 -------- d-----w- c:\users\JIMMY\AppData\Local\temp