After performing a scan by Zone Alarm Extreme Security, It came out that I have trojan.buzus.cqpb.
The program quarantained it and after that, I deleted it from the quarantaine. After restarting the computer, and scanning once again, I had 112 infected files!
I did actions suggested by ZoneAlarm once again, and after restarting my computer again, I had no infected files. And I did the same actions again, and none infected. So I'm happy.
But I think the virus might be tricky since I saw 3 pages of threat about deleting it.
Unfortunately, I checked the quarataine now, and it still shows some files!
Trojan.Win32.Buzus.vqpb in AppData/Local/Temp/(011.exe - 989.exe) not all numbers but this is the way they'are named
Also, it shows one file infected by Trojan.Win32.Swisyn.pua
NEW: When I write in notepad or Excel, for e i see m,.--+<1234567890+'qwertzuiopżśasdfghjklłą˛óyxcvb (it changes as I press it) EDIT: the problem had gone (don't know how)
Can I possibly rescue my computer? I have made a 1:1 copy of my system but it was about 2 months ago. Many things has happened. But maybe it's the easiest way?
So I decided to post a log from ComboFix, here it is:
ComboFix 09-12-11.05 - Roboto 2009-12-19 16:22:12.1.2 - x86
Microsoft® Windows Vista™ Business 6.0.6002.2.1250.48.1033.18.3069.2180 [GMT 1:00]
Uruchomiony z: c:\users\Roboto\Desktop\ComboFix.exe
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.
((((((((((((((((((((((((((((((((((((((( Usunięto )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\LOG.TXT
c:\recycler\S-1-5-21-1241255038-2186385322-028653525-6896
.
((((((((((((((((((((((((( Pliki utworzone od 2009-11-19 do 2009-12-19 )))))))))))))))))))))))))))))))
.
2009-12-14 21:12 . 2009-12-14 21:47 -------- d-----w- c:\users\Roboto\AppData\Local\LogMeIn Hamachi
2009-12-14 21:11 . 2009-12-14 21:11 -------- d-----w- c:\program files\LogMeIn Hamachi
2009-12-10 01:26 . 2009-11-09 12:31 24064 ----a-w- c:\windows\system32\nshhttp.dll
2009-12-10 01:26 . 2009-11-09 12:30 30720 ----a-w- c:\windows\system32\httpapi.dll
2009-12-10 01:26 . 2009-11-09 10:36 411648 ----a-w- c:\windows\system32\drivers\http.sys
2009-12-09 16:47 . 2009-10-07 11:36 243712 ----a-w- c:\windows\system32\rastls.dll
2009-12-01 20:11 . 2009-12-01 20:13 -------- d-----w- c:\users\Roboto\AppData\Roaming\PC Suite
2009-12-01 20:11 . 2009-12-01 20:23 -------- d-----w- c:\users\Roboto\AppData\Roaming\Nokia
2009-12-01 20:11 . 2009-12-01 20:13 -------- d-----w- c:\programdata\PC Suite
2009-12-01 20:10 . 2009-12-01 20:10 -------- d-----w- c:\program files\Common Files\PCSuite
2009-12-01 20:10 . 2009-12-01 20:10 -------- d-----w- c:\program files\Common Files\Nokia
2009-12-01 20:09 . 2009-12-01 20:12 -------- d-----w- c:\program files\DIFX
2009-12-01 20:09 . 2008-08-26 09:26 18816 ----a-w- c:\windows\system32\drivers\pccsmcfd.sys
2009-12-01 20:07 . 2009-12-01 20:09 -------- dc----w- c:\windows\system32\DRVSTORE
2009-12-01 20:07 . 2009-12-01 20:07 -------- d-----w- c:\program files\PC Connectivity Solution
2009-12-01 20:02 . 2009-02-09 07:37 91136 ----a-w- c:\windows\system32\nmwcdcls.dll
2009-12-01 20:02 . 2009-12-01 20:10 -------- d-----w- c:\program files\Nokia
2009-12-01 20:01 . 2009-12-01 19:57 33984304 ----a-w- c:\programdata\Installations\{3D39E775-DDDA-4327-B747-0BDC5F191331}\Nokia_PC_Suite_7_1_30_9_pol_web.exe
2009-12-01 20:01 . 2009-12-01 20:01 95232 ----a-w- c:\programdata\Installations\{3D39E775-DDDA-4327-B747-0BDC5F191331}\Installer\CommonCustomActions\pcswpcsi.exe
2009-12-01 20:01 . 2009-12-01 20:01 61440 ----a-w- c:\programdata\Installations\{3D39E775-DDDA-4327-B747-0BDC5F191331}\Installer\CommonCustomActions\UninstPCSFEMsi.exe
2009-12-01 20:01 . 2009-12-01 20:01 8192 ----a-w- c:\programdata\Installations\{3D39E775-DDDA-4327-B747-0BDC5F191331}\Installer\CommonCustomActions\UninstCCD.exe
2009-12-01 20:01 . 2009-12-01 20:01 10240 ----a-w- c:\programdata\Installations\{3D39E775-DDDA-4327-B747-0BDC5F191331}\Installer\CommonCustomActions\UninstPCS.exe
2009-12-01 20:00 . 2009-12-01 20:00 -------- d-----w- c:\programdata\Installations
2009-11-28 12:33 . 2009-11-28 12:33 -------- d-----w- c:\program files\Pytacz Master
2009-11-28 12:27 . 2009-11-28 12:27 -------- d-----w- c:\users\Roboto\AppData\Roaming\SalApp
2009-11-28 12:27 . 2009-11-28 12:27 -------- d-----w- c:\program files\SalApp
2009-11-26 21:15 . 2009-11-26 21:15 -------- d-----w- c:\programdata\FLEXnet
2009-11-26 20:51 . 2009-11-26 20:51 -------- d-----w- c:\program files\Common Files\Macrovision Shared
2009-11-26 20:50 . 2008-04-07 04:38 22872 ----a-r- c:\windows\system32\AdobePDFUI.dll
2009-11-25 14:09 . 2009-11-25 14:23 -------- d-----w- c:\program files\OPDI
2009-11-25 00:19 . 2009-10-29 09:17 2048 ----a-w- c:\windows\system32\tzres.dll
2009-11-25 00:00 . 2009-08-11 16:44 1401856 ----a-w- c:\windows\system32\msxml6.dll
2009-11-25 00:00 . 2009-08-11 16:44 1248768 ----a-w- c:\windows\system32\msxml3.dll
2009-11-24 13:47 . 2009-11-24 13:47 -------- d-----w- c:\programdata\vsosdk
2009-11-24 13:30 . 2009-11-25 14:49 -------- d-----w- c:\users\Roboto\AppData\Roaming\Vso
2009-11-24 13:28 . 2009-09-02 15:41 65602 ----a-w- c:\windows\system32\cook3260.dll
2009-11-24 13:28 . 2009-09-02 15:41 626688 ----a-w- c:\windows\system32\vp7vfw.dll
2009-11-24 13:28 . 2009-09-02 15:41 217127 ----a-w- c:\windows\system32\drv43260.dll
2009-11-24 13:28 . 2009-09-02 15:41 208935 ----a-w- c:\windows\system32\drv33260.dll
2009-11-24 13:28 . 2009-09-02 15:41 176165 ----a-w- c:\windows\system32\drv23260.dll
2009-11-24 13:28 . 2009-09-02 15:41 1184984 ----a-w- c:\windows\system32\wvc1dmod.dll
2009-11-24 13:28 . 2009-09-02 15:41 102439 ----a-w- c:\windows\system32\sipr3260.dll
2009-11-24 13:28 . 2009-11-24 13:28 -------- d-----w- c:\program files\VSO
2009-11-22 09:42 . 2009-11-22 09:43 -------- d-----w- c:\programdata\NOS
2009-11-22 09:42 . 2009-11-22 09:42 -------- d-----w- c:\program files\NOS
.
(((((((((((((((((((((((((((((((((((((((( Sekcja Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-12-19 15:12 . 2009-09-28 14:24 12 ----a-w- c:\windows\bthservsdp.dat
2009-12-19 14:02 . 2009-10-05 15:31 -------- d-----w- c:\users\Roboto\AppData\Roaming\#ISW.FS#
2009-12-19 13:20 . 2009-10-05 15:13 144 ----a-w- c:\windows\system32\pdfl.dat
2009-12-19 00:36 . 2009-09-30 19:09 -------- d-----w- c:\users\Roboto\AppData\Roaming\foobar2000
2009-12-16 19:15 . 2009-09-28 14:01 42654 ----a-w- c:\programdata\nvModes.dat
2009-12-11 18:56 . 2009-12-12 12:33 8704 ----a-w- c:\windows\Internet Logs\xDB9E25.tmp
2009-12-11 06:46 . 2009-12-11 18:56 324096 ----a-w- c:\windows\Internet Logs\xDBA71A.tmp
2009-12-11 00:55 . 2009-09-30 16:04 -------- d-----w- c:\users\Roboto\AppData\Roaming\uTorrent
2009-12-10 09:23 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2009-12-10 01:26 . 2009-09-30 18:01 -------- d-----w- c:\programdata\Microsoft Help
2009-12-08 00:02 . 2009-12-08 13:37 2673664 ----a-w- c:\windows\Internet Logs\xDBAF54.tmp
2009-12-08 00:02 . 2009-12-08 13:37 2309632 ----a-w- c:\windows\Internet Logs\xDBB1E8.tmp
2009-12-05 17:04 . 2009-10-24 09:47 -------- d-----w- c:\program files\Tibia
2009-12-02 22:50 . 2009-09-30 17:37 -------- d-----w- c:\users\Roboto\AppData\Roaming\Skype
2009-12-02 22:50 . 2009-09-30 17:39 -------- d-----w- c:\users\Roboto\AppData\Roaming\skypePM
2009-12-01 20:14 . 2009-12-01 20:14 0 ---ha-w- c:\windows\system32\drivers\Msft_User_PCCSWpdDriver_01_07_00.Wdf
2009-12-01 20:11 . 2009-12-01 20:11 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_ccdcmb_01007.Wdf
2009-11-27 13:11 . 2009-09-28 11:56 62952 ----a-w- c:\users\Roboto\AppData\Local\GDIPFONTCACHEV1.DAT
2009-11-27 13:08 . 2009-11-27 13:08 3180512 ----a-w- c:\windows\Internet Logs\tvDebug.Zip
2009-11-26 20:51 . 2009-10-01 19:35 -------- d-----w- c:\program files\Common Files\Adobe
2009-11-23 23:29 . 2009-11-08 17:08 -------- d-----w- c:\users\Roboto\AppData\Roaming\dBpoweramp
2009-11-23 23:29 . 2009-10-21 22:25 -------- d-----w- c:\users\Roboto\AppData\Roaming\AccurateRip
2009-11-22 10:11 . 2009-09-30 16:58 -------- d-----w- c:\program files\Nowe Gadu-Gadu
2009-11-21 06:40 . 2009-12-09 16:48 916480 ----a-w- c:\windows\system32\wininet.dll
2009-11-21 06:34 . 2009-12-09 16:48 71680 ----a-w- c:\windows\system32\iesetup.dll
2009-11-21 06:34 . 2009-12-09 16:48 109056 ----a-w- c:\windows\system32\iesysprep.dll
2009-11-21 04:59 . 2009-12-09 16:48 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2009-11-17 12:54 . 2009-11-17 12:54 -------- d-----w- c:\program files\Windows Portable Devices
2009-11-17 12:54 . 2006-11-02 10:25 665600 ----a-w- c:\windows\inf\drvindex.dat
2009-11-17 12:49 . 2009-11-17 12:49 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_07_00.Wdf
2009-11-17 12:48 . 2009-11-17 12:48 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_07_00.Wdf
2009-11-11 21:15 . 2009-11-11 21:11 -------- d-----w- c:\users\Roboto\AppData\Roaming\Synthesia
2009-11-11 21:11 . 2009-11-11 21:09 -------- d-----w- c:\program files\Synthesia
2009-11-09 21:08 . 2009-10-25 21:01 -------- d-----w- c:\program files\Java
2009-11-08 16:25 . 2009-11-08 16:24 -------- d-----w- c:\program files\Teamspeak2_RC2
2009-11-08 16:24 . 2009-11-08 16:24 -------- d-----w- c:\users\Roboto\AppData\Roaming\teamspeak2
2009-11-08 08:54 . 2009-11-08 08:54 -------- d-----w- c:\program files\COED11
2009-11-03 18:37 . 2009-11-03 18:37 -------- d-----w- c:\programdata\WindowsSearch
2009-11-02 19:42 . 2009-10-02 17:03 195456 ------w- c:\windows\system32\MpSigStub.exe
2009-10-31 17:01 . 2009-10-17 20:41 -------- d-----w- c:\program files\Diablo II
2009-10-26 20:32 . 2009-10-26 20:32 -------- d-----w- c:\users\Roboto\AppData\Roaming\Share-to-Web Upload Folder
2009-10-26 20:32 . 2009-10-26 20:30 -------- d-----w- c:\program files\Hewlett-Packard
2009-10-26 20:32 . 2009-09-28 12:58 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-10-26 20:30 . 2009-10-26 20:30 -------- d-----w- c:\program files\Common Files\Hewlett-Packard
2009-10-26 14:59 . 2009-09-30 17:01 -------- d-----w- c:\programdata\OpenFM
2009-10-25 02:13 . 2009-10-25 12:39 2701312 ----a-w- c:\windows\Internet Logs\xDB9C7F.tmp
2009-10-24 09:50 . 2009-10-24 09:48 -------- d-----w- c:\users\Roboto\AppData\Roaming\Tibia
2009-10-23 23:19 . 2009-10-24 09:39 2089472 ----a-w- c:\windows\Internet Logs\xDBA337.tmp
2009-10-22 21:42 . 2009-10-22 21:42 -------- d-----w- c:\program files\IDM
2009-10-22 21:36 . 2009-10-22 21:36 -------- d-----w- c:\program files\Macmillan Dictionaries
2009-10-21 22:30 . 2009-10-21 22:27 3012 ----a-w- c:\windows\system32\SpoonUninstall-dBpoweramp WavPack Codec.dat
2009-10-21 22:30 . 2009-10-21 22:27 1739 ----a-w- c:\windows\system32\SpoonUninstall-dBPowerAMP Mp2 and BwfMp2 codec.dat
2009-10-21 22:30 . 2009-10-21 22:27 1235 ----a-w- c:\windows\system32\SpoonUninstall-dBpoweramp Dalet Codec.dat
2009-10-21 22:30 . 2009-10-21 22:27 11406 ----a-w- c:\windows\system32\SpoonUninstall-dBPowerAMP Real Audio (Helix) Encoder.dat
2009-10-21 22:28 . 2009-10-21 22:24 433840 ----a-w- c:\windows\system32\SpoonUninstall.exe
2009-10-21 22:27 . 2009-10-21 22:27 1224 ----a-w- c:\windows\system32\SpoonUninstall-dBpoweramp Wave64 Codec.dat
2009-10-21 22:27 . 2009-10-21 22:27 2228 ----a-w- c:\windows\system32\SpoonUninstall-dBPoweramp tooLame MP2 codec.dat
2009-10-21 22:27 . 2009-10-21 22:27 2989 ----a-w- c:\windows\system32\SpoonUninstall-dBpoweramp FLAC Codec.dat
2009-10-21 22:27 . 2009-10-21 22:27 3065 ----a-w- c:\windows\system32\SpoonUninstall-dBpoweramp Ogg Vorbis Codec.dat
2009-10-21 22:26 . 2009-10-21 22:26 3153 ----a-w- c:\windows\system32\SpoonUninstall-dBpoweramp mp3 (Fraunhofer IIS) Codec.dat
2009-10-21 22:26 . 2009-10-21 22:26 3107 ----a-w- c:\windows\system32\SpoonUninstall-dBpoweramp Monkeys Audio Codec.dat
2009-10-21 22:26 . 2009-10-21 22:26 2843 ----a-w- c:\windows\system32\SpoonUninstall-dBpoweramp [Calculate Audio CRC] Codec.dat
2009-10-21 22:25 . 2009-10-21 22:25 11024 ----a-w- c:\windows\system32\SpoonUninstall-dBpoweramp DSP Effects.dat
2009-10-21 22:24 . 2009-10-21 22:24 15607 ----a-w- c:\windows\system32\SpoonUninstall-dBpoweramp Music Converter.dat
2009-10-21 22:24 . 2009-10-21 22:24 -------- d-----w- c:\program files\Illustrate
2009-10-20 18:45 . 2009-09-30 13:40 -------- d-----w- c:\program files\Mozilla Thunderbird
2009-10-20 18:45 . 2009-10-20 18:45 -------- d-----w- c:\program files\LizardTech
2009-10-17 22:15 . 2009-10-17 20:46 36562 ----a-w- c:\windows\DIIUnin.dat
2009-10-17 20:46 . 2009-10-17 20:46 94208 ----a-w- c:\windows\DIIUnin.exe
2009-10-17 20:46 . 2009-10-17 20:46 2829 ----a-w- c:\windows\DIIUnin.pif
2009-10-17 20:34 . 2009-10-04 14:38 691696 ----a-w- c:\windows\system32\drivers\sptd.sys
2009-10-16 12:19 . 2009-10-16 12:19 86016 ----a-w- c:\windows\system32\frapsvid.dll
2009-10-11 03:17 . 2009-10-25 21:02 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-10-08 21:08 . 2009-11-17 08:18 555520 ----a-w- c:\windows\system32\UIAutomationCore.dll
2009-10-08 21:08 . 2009-11-17 08:18 234496 ----a-w- c:\windows\system32\oleacc.dll
2009-10-08 21:07 . 2009-11-17 08:18 4096 ----a-w- c:\windows\system32\oleaccrc.dll
2009-10-06 16:08 . 2009-11-07 11:57 52224 ----a-w- c:\users\Roboto\AppData\Roaming\Mozilla\Firefox\Profiles\fyel4nsb.default\extensions\{e47d6d44-6479-461d-bfa3-dbd0dc5a9011}\components\FFExternalAlert.dll
2009-10-06 16:08 . 2009-11-07 11:57 114688 ----a-w- c:\users\Roboto\AppData\Roaming\Mozilla\Firefox\Profiles\fyel4nsb.default\extensions\{e47d6d44-6479-461d-bfa3-dbd0dc5a9011}\components\npmozax.dll
2009-10-06 15:30 . 2009-10-06 15:30 167769 ----a-w- c:\windows\Internet Logs\vsmon_2nd_2009_10_05_23_08_54_small.dmp.zip
2009-10-05 21:09 . 2009-10-06 15:25 342016 ----a-w- c:\windows\Internet Logs\xDBA18E.tmp
2009-10-05 21:09 . 2009-10-06 15:25 1806336 ----a-w- c:\windows\Internet Logs\xDBA2FA.tmp
2009-10-05 15:13 . 2009-10-05 15:13 80 ----a-w- c:\windows\system32\ibfl.dat
2009-10-05 15:13 . 2009-10-05 15:13 144 ----a-w- c:\windows\system32\lkfl.dat
2009-10-02 17:05 . 2009-10-02 17:05 0 ------w- c:\windows\qfe600A.tmp
2009-10-02 12:39 . 2009-10-02 12:39 48 ---h--w- c:\windows\system32\ezsidmv.dat
2009-10-01 16:41 . 2009-10-01 16:41 33536 ------w- c:\windows\system32\drivers\tvtfilter.sys
2009-10-01 16:38 . 2009-10-01 16:42 129784 ------w- c:\windows\system32\pxafs.dll
2009-10-01 16:38 . 2009-10-01 16:42 118520 ------w- c:\windows\system32\pxinsi64.exe
2009-10-01 16:38 . 2009-10-01 16:42 116472 ------w- c:\windows\system32\pxcpyi64.exe
2009-10-01 01:02 . 2009-11-17 08:19 2537472 ----a-w- c:\windows\system32\wpdshext.dll
2009-10-01 01:02 . 2009-11-17 08:19 30208 ----a-w- c:\windows\system32\WPDShextAutoplay.exe
2009-10-01 01:02 . 2009-11-17 08:19 334848 ----a-w- c:\windows\system32\PortableDeviceApi.dll
2009-10-01 01:02 . 2009-11-17 08:19 87552 ----a-w- c:\windows\system32\WPDShServiceObj.dll
2009-10-01 01:02 . 2009-11-17 08:19 31232 ----a-w- c:\windows\system32\BthMtpContextHandler.dll
2009-10-01 01:01 . 2009-11-17 08:19 546816 ----a-w- c:\windows\system32\wpd_ci.dll
2009-10-01 01:01 . 2009-11-17 08:19 160256 ----a-w- c:\windows\system32\PortableDeviceTypes.dll
2009-10-01 01:01 . 2009-11-17 08:19 60928 ----a-w- c:\windows\system32\PortableDeviceConnectApi.dll
2009-10-01 01:01 . 2009-11-17 08:19 350208 ----a-w- c:\windows\system32\WPDSp.dll
2009-10-01 01:01 . 2009-11-17 08:19 196608 ----a-w- c:\windows\system32\PortableDeviceWMDRM.dll
2009-10-01 01:01 . 2009-11-17 08:19 100864 ----a-w- c:\windows\system32\PortableDeviceClassExtension.dll
.
((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-11-15 13556256]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-02-19 1434920]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2007-12-07 1282048]
"TpShocks"="TpShocks.exe" [2009-03-05 185632]
"TPHOTKEY"="c:\program files\Lenovo\HOTKEY\TPOSDSVC.exe" [2009-03-13 68976]
"LENOVO.TPFNF6R"="c:\program files\Lenovo\HOTKEY\TPFNF6R.exe" [2009-08-20 62752]
"PWMTRV"="c:\progra~1\ThinkPad\UTILIT~1\PWMTR32V.DLL" [2009-07-28 709920]
"EZEJMNAP"="c:\progra~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe" [2008-10-08 256576]
"TVT Scheduler Proxy"="c:\program files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe" [2008-06-06 487424]
"ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2009-09-23 1011080]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-11 149280]
"Adobe Acrobat Speed Launcher"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2008-06-12 37232]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2008-06-11 640376]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer3"=wdmaud.drv
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Bluetooth.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk
backup=c:\windows\pss\Bluetooth.lnk.CommonStartup
backupExtension=.CommonStartup
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Device Detector 3.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Device Detector 3.lnk
backup=c:\windows\pss\Device Detector 3.lnk.CommonStartup
backupExtension=.CommonStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2009-02-27 15:10 35696 ------w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
2008-12-12 06:31 1840424 ----a-w- c:\program files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
2008-11-15 07:17 92704 ------w- c:\windows\System32\nvmctray.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Share-to-Web Namespace Daemon]
2001-07-03 08:11 57344 ----a-w- c:\program files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):f7,b9,e3,0b,aa,ba,c9,01
R0 TPDIGIMN;TPDIGIMN;c:\windows\System32\drivers\ApsHM86.sys [2009-03-04 20520]
R1 lenovo.smi;Lenovo System Interface Driver;c:\windows\System32\drivers\smiif32.sys [2008-05-12 13480]
R2 Hamachi2Svc;LogMeIn Hamachi 2.0 Tunneling Engine;c:\program files\LogMeIn Hamachi\hamachi-2.exe [2009-10-29 1074568]
R2 ISWKL;ZoneAlarm ForceField ISWKL;c:\program files\CheckPoint\ZAForceField\ISWKL.sys [2009-09-23 25208]
R2 IswSvc;ZoneAlarm ForceField IswSvc;c:\program files\CheckPoint\ZAForceField\ISWSVC.exe [2009-09-23 439664]
R2 Power Manager DBC Service;Power Manager DBC Service;c:\program files\ThinkPad\Utilities\PWMDBSVC.exe [2009-09-28 75040]
R3 NETw5v32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\System32\drivers\NETw5v32.sys [2009-06-02 4232704]
R3 TVTI2C;Lenovo SM bus driver;c:\windows\System32\drivers\tvti2c.sys [2008-02-22 37312]
S0 sptd;sptd;c:\windows\System32\drivers\sptd.sys [2009-10-04 691696]
S1 tvtumon;tvtumon;c:\windows\System32\drivers\tvtumon.sys [2009-10-01 48192]
S2 LENOVO.MICMUTE;Lenovo Microphone Mute;c:\program files\Lenovo\HOTKEY\micmute.exe [2009-07-03 45424]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\System32\drivers\btwl2cap.sys [2009-09-28 29736]
S3 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-01-21 21504]
S3 icsak;icsak;c:\program files\CheckPoint\ZAForceField\AK\icsak.sys [2009-09-23 35448]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
bthsvcs REG_MULTI_SZ BthServ
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
getPlusHelper REG_MULTI_SZ getPlusHelper
.
------- Skan uzupełniający -------
.
IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&ksportuj do programu Microsoft Excel - c:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\users\Roboto\AppData\Roaming\Mozilla\Firefox\Profiles\fyel4nsb.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.pl/
FF - component: c:\program files\CheckPoint\ZAForceField\TrustChecker\components\MozillaDownload.dll
FF - component: c:\program files\CheckPoint\ZAForceField\TrustChecker\components\MozillaExtensions.dll
FF - component: c:\program files\CheckPoint\ZAForceField\TrustChecker\components\TrustCheckerMozillaPlugin.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npdjvu.dll
FF - plugin: c:\users\Roboto\AppData\Roaming\Nowe Gadu-Gadu\_userdata\npgg.1.dll
FF - plugin: c:\users\Roboto\AppData\Roaming\Nowe Gadu-Gadu\_userdata\nppl3260.dll
FF - plugin: c:\users\Roboto\AppData\Roaming\Nowe Gadu-Gadu\_userdata\npqtplugin.dll
FF - plugin: c:\users\Roboto\AppData\Roaming\Nowe Gadu-Gadu\_userdata\npqtplugin2.dll
FF - plugin: c:\users\Roboto\AppData\Roaming\Nowe Gadu-Gadu\_userdata\npqtplugin3.dll
FF - plugin: c:\users\Roboto\AppData\Roaming\Nowe Gadu-Gadu\_userdata\npqtplugin4.dll
FF - plugin: c:\users\Roboto\AppData\Roaming\Nowe Gadu-Gadu\_userdata\npqtplugin5.dll
FF - plugin: c:\users\Roboto\AppData\Roaming\Nowe Gadu-Gadu\_userdata\nprpjplug.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- FIREFOX - SPOSÓB POSTĘPOWANIA ----
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
.
- - - - USUNIĘTO PUSTE WPISY - - - -
AddRemove-DAEMON Tools Toolbar - c:\program files\DAEMON Tools Toolbar\uninst.exe
**************************************************************************
skanowanie ukrytych procesów ...
skanowanie ukrytych wpisów autostartu ...
skanowanie ukrytych plików ...
skanowanie pomyślnie ukończone
ukryte pliki:
**************************************************************************
.
--------------------- ZABLOKOWANE KLUCZE REJESTRU ---------------------
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Czas ukończenia: 2009-12-19 16:37:40
ComboFix-quarantined-files.txt 2009-12-19 15:37
Przed: 295 921 233 920 bytes free
Po: 297 686 224 896 bytes free
Current=1 Default=1 Failed=0 LastKnownGood=18 Sets=1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18
- - End Of File - - 3741A1B2C7BD74686570577ACD809F0F
I would be very grateful for any help. Thanks in advance and sorry for my broken English (please correct me if I say something wrong
Edited by site:, 19 December 2009 - 11:28 AM.