Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

I still have trojan.buzus.cqpb. Help!


  • Please log in to reply

#1
site:

site:

    New Member

  • Member
  • Pip
  • 1 posts
Hello everyone,
After performing a scan by Zone Alarm Extreme Security, It came out that I have trojan.buzus.cqpb.
The program quarantained it and after that, I deleted it from the quarantaine. After restarting the computer, and scanning once again, I had 112 infected files!
I did actions suggested by ZoneAlarm once again, and after restarting my computer again, I had no infected files. And I did the same actions again, and none infected. So I'm happy.
But I think the virus might be tricky since I saw 3 pages of threat about deleting it.
Unfortunately, I checked the quarataine now, and it still shows some files!
Trojan.Win32.Buzus.vqpb in AppData/Local/Temp/(011.exe - 989.exe) not all numbers but this is the way they'are named
Also, it shows one file infected by Trojan.Win32.Swisyn.pua
NEW: When I write in notepad or Excel, for e i see m,.--+<1234567890+'qwertzuiopżśasdfghjklłą˛óyxcvb (it changes as I press it) EDIT: the problem had gone (don't know how)
Can I possibly rescue my computer? I have made a 1:1 copy of my system but it was about 2 months ago. Many things has happened. But maybe it's the easiest way?
So I decided to post a log from ComboFix, here it is:






ComboFix 09-12-11.05 - Roboto 2009-12-19 16:22:12.1.2 - x86
Microsoft® Windows Vista™ Business 6.0.6002.2.1250.48.1033.18.3069.2180 [GMT 1:00]
Uruchomiony z: c:\users\Roboto\Desktop\ComboFix.exe
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((((( Usunięto )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\LOG.TXT
c:\recycler\S-1-5-21-1241255038-2186385322-028653525-6896

.
((((((((((((((((((((((((( Pliki utworzone od 2009-11-19 do 2009-12-19 )))))))))))))))))))))))))))))))
.

2009-12-14 21:12 . 2009-12-14 21:47 -------- d-----w- c:\users\Roboto\AppData\Local\LogMeIn Hamachi
2009-12-14 21:11 . 2009-12-14 21:11 -------- d-----w- c:\program files\LogMeIn Hamachi
2009-12-10 01:26 . 2009-11-09 12:31 24064 ----a-w- c:\windows\system32\nshhttp.dll
2009-12-10 01:26 . 2009-11-09 12:30 30720 ----a-w- c:\windows\system32\httpapi.dll
2009-12-10 01:26 . 2009-11-09 10:36 411648 ----a-w- c:\windows\system32\drivers\http.sys
2009-12-09 16:47 . 2009-10-07 11:36 243712 ----a-w- c:\windows\system32\rastls.dll
2009-12-01 20:11 . 2009-12-01 20:13 -------- d-----w- c:\users\Roboto\AppData\Roaming\PC Suite
2009-12-01 20:11 . 2009-12-01 20:23 -------- d-----w- c:\users\Roboto\AppData\Roaming\Nokia
2009-12-01 20:11 . 2009-12-01 20:13 -------- d-----w- c:\programdata\PC Suite
2009-12-01 20:10 . 2009-12-01 20:10 -------- d-----w- c:\program files\Common Files\PCSuite
2009-12-01 20:10 . 2009-12-01 20:10 -------- d-----w- c:\program files\Common Files\Nokia
2009-12-01 20:09 . 2009-12-01 20:12 -------- d-----w- c:\program files\DIFX
2009-12-01 20:09 . 2008-08-26 09:26 18816 ----a-w- c:\windows\system32\drivers\pccsmcfd.sys
2009-12-01 20:07 . 2009-12-01 20:09 -------- dc----w- c:\windows\system32\DRVSTORE
2009-12-01 20:07 . 2009-12-01 20:07 -------- d-----w- c:\program files\PC Connectivity Solution
2009-12-01 20:02 . 2009-02-09 07:37 91136 ----a-w- c:\windows\system32\nmwcdcls.dll
2009-12-01 20:02 . 2009-12-01 20:10 -------- d-----w- c:\program files\Nokia
2009-12-01 20:01 . 2009-12-01 19:57 33984304 ----a-w- c:\programdata\Installations\{3D39E775-DDDA-4327-B747-0BDC5F191331}\Nokia_PC_Suite_7_1_30_9_pol_web.exe
2009-12-01 20:01 . 2009-12-01 20:01 95232 ----a-w- c:\programdata\Installations\{3D39E775-DDDA-4327-B747-0BDC5F191331}\Installer\CommonCustomActions\pcswpcsi.exe
2009-12-01 20:01 . 2009-12-01 20:01 61440 ----a-w- c:\programdata\Installations\{3D39E775-DDDA-4327-B747-0BDC5F191331}\Installer\CommonCustomActions\UninstPCSFEMsi.exe
2009-12-01 20:01 . 2009-12-01 20:01 8192 ----a-w- c:\programdata\Installations\{3D39E775-DDDA-4327-B747-0BDC5F191331}\Installer\CommonCustomActions\UninstCCD.exe
2009-12-01 20:01 . 2009-12-01 20:01 10240 ----a-w- c:\programdata\Installations\{3D39E775-DDDA-4327-B747-0BDC5F191331}\Installer\CommonCustomActions\UninstPCS.exe
2009-12-01 20:00 . 2009-12-01 20:00 -------- d-----w- c:\programdata\Installations
2009-11-28 12:33 . 2009-11-28 12:33 -------- d-----w- c:\program files\Pytacz Master
2009-11-28 12:27 . 2009-11-28 12:27 -------- d-----w- c:\users\Roboto\AppData\Roaming\SalApp
2009-11-28 12:27 . 2009-11-28 12:27 -------- d-----w- c:\program files\SalApp
2009-11-26 21:15 . 2009-11-26 21:15 -------- d-----w- c:\programdata\FLEXnet
2009-11-26 20:51 . 2009-11-26 20:51 -------- d-----w- c:\program files\Common Files\Macrovision Shared
2009-11-26 20:50 . 2008-04-07 04:38 22872 ----a-r- c:\windows\system32\AdobePDFUI.dll
2009-11-25 14:09 . 2009-11-25 14:23 -------- d-----w- c:\program files\OPDI
2009-11-25 00:19 . 2009-10-29 09:17 2048 ----a-w- c:\windows\system32\tzres.dll
2009-11-25 00:00 . 2009-08-11 16:44 1401856 ----a-w- c:\windows\system32\msxml6.dll
2009-11-25 00:00 . 2009-08-11 16:44 1248768 ----a-w- c:\windows\system32\msxml3.dll
2009-11-24 13:47 . 2009-11-24 13:47 -------- d-----w- c:\programdata\vsosdk
2009-11-24 13:30 . 2009-11-25 14:49 -------- d-----w- c:\users\Roboto\AppData\Roaming\Vso
2009-11-24 13:28 . 2009-09-02 15:41 65602 ----a-w- c:\windows\system32\cook3260.dll
2009-11-24 13:28 . 2009-09-02 15:41 626688 ----a-w- c:\windows\system32\vp7vfw.dll
2009-11-24 13:28 . 2009-09-02 15:41 217127 ----a-w- c:\windows\system32\drv43260.dll
2009-11-24 13:28 . 2009-09-02 15:41 208935 ----a-w- c:\windows\system32\drv33260.dll
2009-11-24 13:28 . 2009-09-02 15:41 176165 ----a-w- c:\windows\system32\drv23260.dll
2009-11-24 13:28 . 2009-09-02 15:41 1184984 ----a-w- c:\windows\system32\wvc1dmod.dll
2009-11-24 13:28 . 2009-09-02 15:41 102439 ----a-w- c:\windows\system32\sipr3260.dll
2009-11-24 13:28 . 2009-11-24 13:28 -------- d-----w- c:\program files\VSO
2009-11-22 09:42 . 2009-11-22 09:43 -------- d-----w- c:\programdata\NOS
2009-11-22 09:42 . 2009-11-22 09:42 -------- d-----w- c:\program files\NOS

.
(((((((((((((((((((((((((((((((((((((((( Sekcja Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-12-19 15:12 . 2009-09-28 14:24 12 ----a-w- c:\windows\bthservsdp.dat
2009-12-19 14:02 . 2009-10-05 15:31 -------- d-----w- c:\users\Roboto\AppData\Roaming\#ISW.FS#
2009-12-19 13:20 . 2009-10-05 15:13 144 ----a-w- c:\windows\system32\pdfl.dat
2009-12-19 00:36 . 2009-09-30 19:09 -------- d-----w- c:\users\Roboto\AppData\Roaming\foobar2000
2009-12-16 19:15 . 2009-09-28 14:01 42654 ----a-w- c:\programdata\nvModes.dat
2009-12-11 18:56 . 2009-12-12 12:33 8704 ----a-w- c:\windows\Internet Logs\xDB9E25.tmp
2009-12-11 06:46 . 2009-12-11 18:56 324096 ----a-w- c:\windows\Internet Logs\xDBA71A.tmp
2009-12-11 00:55 . 2009-09-30 16:04 -------- d-----w- c:\users\Roboto\AppData\Roaming\uTorrent
2009-12-10 09:23 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2009-12-10 01:26 . 2009-09-30 18:01 -------- d-----w- c:\programdata\Microsoft Help
2009-12-08 00:02 . 2009-12-08 13:37 2673664 ----a-w- c:\windows\Internet Logs\xDBAF54.tmp
2009-12-08 00:02 . 2009-12-08 13:37 2309632 ----a-w- c:\windows\Internet Logs\xDBB1E8.tmp
2009-12-05 17:04 . 2009-10-24 09:47 -------- d-----w- c:\program files\Tibia
2009-12-02 22:50 . 2009-09-30 17:37 -------- d-----w- c:\users\Roboto\AppData\Roaming\Skype
2009-12-02 22:50 . 2009-09-30 17:39 -------- d-----w- c:\users\Roboto\AppData\Roaming\skypePM
2009-12-01 20:14 . 2009-12-01 20:14 0 ---ha-w- c:\windows\system32\drivers\Msft_User_PCCSWpdDriver_01_07_00.Wdf
2009-12-01 20:11 . 2009-12-01 20:11 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_ccdcmb_01007.Wdf
2009-11-27 13:11 . 2009-09-28 11:56 62952 ----a-w- c:\users\Roboto\AppData\Local\GDIPFONTCACHEV1.DAT
2009-11-27 13:08 . 2009-11-27 13:08 3180512 ----a-w- c:\windows\Internet Logs\tvDebug.Zip
2009-11-26 20:51 . 2009-10-01 19:35 -------- d-----w- c:\program files\Common Files\Adobe
2009-11-23 23:29 . 2009-11-08 17:08 -------- d-----w- c:\users\Roboto\AppData\Roaming\dBpoweramp
2009-11-23 23:29 . 2009-10-21 22:25 -------- d-----w- c:\users\Roboto\AppData\Roaming\AccurateRip
2009-11-22 10:11 . 2009-09-30 16:58 -------- d-----w- c:\program files\Nowe Gadu-Gadu
2009-11-21 06:40 . 2009-12-09 16:48 916480 ----a-w- c:\windows\system32\wininet.dll
2009-11-21 06:34 . 2009-12-09 16:48 71680 ----a-w- c:\windows\system32\iesetup.dll
2009-11-21 06:34 . 2009-12-09 16:48 109056 ----a-w- c:\windows\system32\iesysprep.dll
2009-11-21 04:59 . 2009-12-09 16:48 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2009-11-17 12:54 . 2009-11-17 12:54 -------- d-----w- c:\program files\Windows Portable Devices
2009-11-17 12:54 . 2006-11-02 10:25 665600 ----a-w- c:\windows\inf\drvindex.dat
2009-11-17 12:49 . 2009-11-17 12:49 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_07_00.Wdf
2009-11-17 12:48 . 2009-11-17 12:48 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_07_00.Wdf
2009-11-11 21:15 . 2009-11-11 21:11 -------- d-----w- c:\users\Roboto\AppData\Roaming\Synthesia
2009-11-11 21:11 . 2009-11-11 21:09 -------- d-----w- c:\program files\Synthesia
2009-11-09 21:08 . 2009-10-25 21:01 -------- d-----w- c:\program files\Java
2009-11-08 16:25 . 2009-11-08 16:24 -------- d-----w- c:\program files\Teamspeak2_RC2
2009-11-08 16:24 . 2009-11-08 16:24 -------- d-----w- c:\users\Roboto\AppData\Roaming\teamspeak2
2009-11-08 08:54 . 2009-11-08 08:54 -------- d-----w- c:\program files\COED11
2009-11-03 18:37 . 2009-11-03 18:37 -------- d-----w- c:\programdata\WindowsSearch
2009-11-02 19:42 . 2009-10-02 17:03 195456 ------w- c:\windows\system32\MpSigStub.exe
2009-10-31 17:01 . 2009-10-17 20:41 -------- d-----w- c:\program files\Diablo II
2009-10-26 20:32 . 2009-10-26 20:32 -------- d-----w- c:\users\Roboto\AppData\Roaming\Share-to-Web Upload Folder
2009-10-26 20:32 . 2009-10-26 20:30 -------- d-----w- c:\program files\Hewlett-Packard
2009-10-26 20:32 . 2009-09-28 12:58 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-10-26 20:30 . 2009-10-26 20:30 -------- d-----w- c:\program files\Common Files\Hewlett-Packard
2009-10-26 14:59 . 2009-09-30 17:01 -------- d-----w- c:\programdata\OpenFM
2009-10-25 02:13 . 2009-10-25 12:39 2701312 ----a-w- c:\windows\Internet Logs\xDB9C7F.tmp
2009-10-24 09:50 . 2009-10-24 09:48 -------- d-----w- c:\users\Roboto\AppData\Roaming\Tibia
2009-10-23 23:19 . 2009-10-24 09:39 2089472 ----a-w- c:\windows\Internet Logs\xDBA337.tmp
2009-10-22 21:42 . 2009-10-22 21:42 -------- d-----w- c:\program files\IDM
2009-10-22 21:36 . 2009-10-22 21:36 -------- d-----w- c:\program files\Macmillan Dictionaries
2009-10-21 22:30 . 2009-10-21 22:27 3012 ----a-w- c:\windows\system32\SpoonUninstall-dBpoweramp WavPack Codec.dat
2009-10-21 22:30 . 2009-10-21 22:27 1739 ----a-w- c:\windows\system32\SpoonUninstall-dBPowerAMP Mp2 and BwfMp2 codec.dat
2009-10-21 22:30 . 2009-10-21 22:27 1235 ----a-w- c:\windows\system32\SpoonUninstall-dBpoweramp Dalet Codec.dat
2009-10-21 22:30 . 2009-10-21 22:27 11406 ----a-w- c:\windows\system32\SpoonUninstall-dBPowerAMP Real Audio (Helix) Encoder.dat
2009-10-21 22:28 . 2009-10-21 22:24 433840 ----a-w- c:\windows\system32\SpoonUninstall.exe
2009-10-21 22:27 . 2009-10-21 22:27 1224 ----a-w- c:\windows\system32\SpoonUninstall-dBpoweramp Wave64 Codec.dat
2009-10-21 22:27 . 2009-10-21 22:27 2228 ----a-w- c:\windows\system32\SpoonUninstall-dBPoweramp tooLame MP2 codec.dat
2009-10-21 22:27 . 2009-10-21 22:27 2989 ----a-w- c:\windows\system32\SpoonUninstall-dBpoweramp FLAC Codec.dat
2009-10-21 22:27 . 2009-10-21 22:27 3065 ----a-w- c:\windows\system32\SpoonUninstall-dBpoweramp Ogg Vorbis Codec.dat
2009-10-21 22:26 . 2009-10-21 22:26 3153 ----a-w- c:\windows\system32\SpoonUninstall-dBpoweramp mp3 (Fraunhofer IIS) Codec.dat
2009-10-21 22:26 . 2009-10-21 22:26 3107 ----a-w- c:\windows\system32\SpoonUninstall-dBpoweramp Monkeys Audio Codec.dat
2009-10-21 22:26 . 2009-10-21 22:26 2843 ----a-w- c:\windows\system32\SpoonUninstall-dBpoweramp [Calculate Audio CRC] Codec.dat
2009-10-21 22:25 . 2009-10-21 22:25 11024 ----a-w- c:\windows\system32\SpoonUninstall-dBpoweramp DSP Effects.dat
2009-10-21 22:24 . 2009-10-21 22:24 15607 ----a-w- c:\windows\system32\SpoonUninstall-dBpoweramp Music Converter.dat
2009-10-21 22:24 . 2009-10-21 22:24 -------- d-----w- c:\program files\Illustrate
2009-10-20 18:45 . 2009-09-30 13:40 -------- d-----w- c:\program files\Mozilla Thunderbird
2009-10-20 18:45 . 2009-10-20 18:45 -------- d-----w- c:\program files\LizardTech
2009-10-17 22:15 . 2009-10-17 20:46 36562 ----a-w- c:\windows\DIIUnin.dat
2009-10-17 20:46 . 2009-10-17 20:46 94208 ----a-w- c:\windows\DIIUnin.exe
2009-10-17 20:46 . 2009-10-17 20:46 2829 ----a-w- c:\windows\DIIUnin.pif
2009-10-17 20:34 . 2009-10-04 14:38 691696 ----a-w- c:\windows\system32\drivers\sptd.sys
2009-10-16 12:19 . 2009-10-16 12:19 86016 ----a-w- c:\windows\system32\frapsvid.dll
2009-10-11 03:17 . 2009-10-25 21:02 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-10-08 21:08 . 2009-11-17 08:18 555520 ----a-w- c:\windows\system32\UIAutomationCore.dll
2009-10-08 21:08 . 2009-11-17 08:18 234496 ----a-w- c:\windows\system32\oleacc.dll
2009-10-08 21:07 . 2009-11-17 08:18 4096 ----a-w- c:\windows\system32\oleaccrc.dll
2009-10-06 16:08 . 2009-11-07 11:57 52224 ----a-w- c:\users\Roboto\AppData\Roaming\Mozilla\Firefox\Profiles\fyel4nsb.default\extensions\{e47d6d44-6479-461d-bfa3-dbd0dc5a9011}\components\FFExternalAlert.dll
2009-10-06 16:08 . 2009-11-07 11:57 114688 ----a-w- c:\users\Roboto\AppData\Roaming\Mozilla\Firefox\Profiles\fyel4nsb.default\extensions\{e47d6d44-6479-461d-bfa3-dbd0dc5a9011}\components\npmozax.dll
2009-10-06 15:30 . 2009-10-06 15:30 167769 ----a-w- c:\windows\Internet Logs\vsmon_2nd_2009_10_05_23_08_54_small.dmp.zip
2009-10-05 21:09 . 2009-10-06 15:25 342016 ----a-w- c:\windows\Internet Logs\xDBA18E.tmp
2009-10-05 21:09 . 2009-10-06 15:25 1806336 ----a-w- c:\windows\Internet Logs\xDBA2FA.tmp
2009-10-05 15:13 . 2009-10-05 15:13 80 ----a-w- c:\windows\system32\ibfl.dat
2009-10-05 15:13 . 2009-10-05 15:13 144 ----a-w- c:\windows\system32\lkfl.dat
2009-10-02 17:05 . 2009-10-02 17:05 0 ------w- c:\windows\qfe600A.tmp
2009-10-02 12:39 . 2009-10-02 12:39 48 ---h--w- c:\windows\system32\ezsidmv.dat
2009-10-01 16:41 . 2009-10-01 16:41 33536 ------w- c:\windows\system32\drivers\tvtfilter.sys
2009-10-01 16:38 . 2009-10-01 16:42 129784 ------w- c:\windows\system32\pxafs.dll
2009-10-01 16:38 . 2009-10-01 16:42 118520 ------w- c:\windows\system32\pxinsi64.exe
2009-10-01 16:38 . 2009-10-01 16:42 116472 ------w- c:\windows\system32\pxcpyi64.exe
2009-10-01 01:02 . 2009-11-17 08:19 2537472 ----a-w- c:\windows\system32\wpdshext.dll
2009-10-01 01:02 . 2009-11-17 08:19 30208 ----a-w- c:\windows\system32\WPDShextAutoplay.exe
2009-10-01 01:02 . 2009-11-17 08:19 334848 ----a-w- c:\windows\system32\PortableDeviceApi.dll
2009-10-01 01:02 . 2009-11-17 08:19 87552 ----a-w- c:\windows\system32\WPDShServiceObj.dll
2009-10-01 01:02 . 2009-11-17 08:19 31232 ----a-w- c:\windows\system32\BthMtpContextHandler.dll
2009-10-01 01:01 . 2009-11-17 08:19 546816 ----a-w- c:\windows\system32\wpd_ci.dll
2009-10-01 01:01 . 2009-11-17 08:19 160256 ----a-w- c:\windows\system32\PortableDeviceTypes.dll
2009-10-01 01:01 . 2009-11-17 08:19 60928 ----a-w- c:\windows\system32\PortableDeviceConnectApi.dll
2009-10-01 01:01 . 2009-11-17 08:19 350208 ----a-w- c:\windows\system32\WPDSp.dll
2009-10-01 01:01 . 2009-11-17 08:19 196608 ----a-w- c:\windows\system32\PortableDeviceWMDRM.dll
2009-10-01 01:01 . 2009-11-17 08:19 100864 ----a-w- c:\windows\system32\PortableDeviceClassExtension.dll
.

((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-11-15 13556256]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-02-19 1434920]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2007-12-07 1282048]
"TpShocks"="TpShocks.exe" [2009-03-05 185632]
"TPHOTKEY"="c:\program files\Lenovo\HOTKEY\TPOSDSVC.exe" [2009-03-13 68976]
"LENOVO.TPFNF6R"="c:\program files\Lenovo\HOTKEY\TPFNF6R.exe" [2009-08-20 62752]
"PWMTRV"="c:\progra~1\ThinkPad\UTILIT~1\PWMTR32V.DLL" [2009-07-28 709920]
"EZEJMNAP"="c:\progra~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe" [2008-10-08 256576]
"TVT Scheduler Proxy"="c:\program files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe" [2008-06-06 487424]
"ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2009-09-23 1011080]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-11 149280]
"Adobe Acrobat Speed Launcher"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2008-06-12 37232]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2008-06-11 640376]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer3"=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Bluetooth.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk
backup=c:\windows\pss\Bluetooth.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Device Detector 3.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Device Detector 3.lnk
backup=c:\windows\pss\Device Detector 3.lnk.CommonStartup
backupExtension=.CommonStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2009-02-27 15:10 35696 ------w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
2008-12-12 06:31 1840424 ----a-w- c:\program files\Common Files\Nero\Lib\NMIndexStoreSvr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
2008-11-15 07:17 92704 ------w- c:\windows\System32\nvmctray.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Share-to-Web Namespace Daemon]
2001-07-03 08:11 57344 ----a-w- c:\program files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):f7,b9,e3,0b,aa,ba,c9,01

R0 TPDIGIMN;TPDIGIMN;c:\windows\System32\drivers\ApsHM86.sys [2009-03-04 20520]
R1 lenovo.smi;Lenovo System Interface Driver;c:\windows\System32\drivers\smiif32.sys [2008-05-12 13480]
R2 Hamachi2Svc;LogMeIn Hamachi 2.0 Tunneling Engine;c:\program files\LogMeIn Hamachi\hamachi-2.exe [2009-10-29 1074568]
R2 ISWKL;ZoneAlarm ForceField ISWKL;c:\program files\CheckPoint\ZAForceField\ISWKL.sys [2009-09-23 25208]
R2 IswSvc;ZoneAlarm ForceField IswSvc;c:\program files\CheckPoint\ZAForceField\ISWSVC.exe [2009-09-23 439664]
R2 Power Manager DBC Service;Power Manager DBC Service;c:\program files\ThinkPad\Utilities\PWMDBSVC.exe [2009-09-28 75040]
R3 NETw5v32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\System32\drivers\NETw5v32.sys [2009-06-02 4232704]
R3 TVTI2C;Lenovo SM bus driver;c:\windows\System32\drivers\tvti2c.sys [2008-02-22 37312]
S0 sptd;sptd;c:\windows\System32\drivers\sptd.sys [2009-10-04 691696]
S1 tvtumon;tvtumon;c:\windows\System32\drivers\tvtumon.sys [2009-10-01 48192]
S2 LENOVO.MICMUTE;Lenovo Microphone Mute;c:\program files\Lenovo\HOTKEY\micmute.exe [2009-07-03 45424]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\System32\drivers\btwl2cap.sys [2009-09-28 29736]
S3 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-01-21 21504]
S3 icsak;icsak;c:\program files\CheckPoint\ZAForceField\AK\icsak.sys [2009-09-23 35448]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
bthsvcs REG_MULTI_SZ BthServ
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
getPlusHelper REG_MULTI_SZ getPlusHelper
.
------- Skan uzupełniający -------
.
IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&ksportuj do programu Microsoft Excel - c:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\users\Roboto\AppData\Roaming\Mozilla\Firefox\Profiles\fyel4nsb.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.pl/
FF - component: c:\program files\CheckPoint\ZAForceField\TrustChecker\components\MozillaDownload.dll
FF - component: c:\program files\CheckPoint\ZAForceField\TrustChecker\components\MozillaExtensions.dll
FF - component: c:\program files\CheckPoint\ZAForceField\TrustChecker\components\TrustCheckerMozillaPlugin.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npdjvu.dll
FF - plugin: c:\users\Roboto\AppData\Roaming\Nowe Gadu-Gadu\_userdata\npgg.1.dll
FF - plugin: c:\users\Roboto\AppData\Roaming\Nowe Gadu-Gadu\_userdata\nppl3260.dll
FF - plugin: c:\users\Roboto\AppData\Roaming\Nowe Gadu-Gadu\_userdata\npqtplugin.dll
FF - plugin: c:\users\Roboto\AppData\Roaming\Nowe Gadu-Gadu\_userdata\npqtplugin2.dll
FF - plugin: c:\users\Roboto\AppData\Roaming\Nowe Gadu-Gadu\_userdata\npqtplugin3.dll
FF - plugin: c:\users\Roboto\AppData\Roaming\Nowe Gadu-Gadu\_userdata\npqtplugin4.dll
FF - plugin: c:\users\Roboto\AppData\Roaming\Nowe Gadu-Gadu\_userdata\npqtplugin5.dll
FF - plugin: c:\users\Roboto\AppData\Roaming\Nowe Gadu-Gadu\_userdata\nprpjplug.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX - SPOSÓB POSTĘPOWANIA ----
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
.
- - - - USUNIĘTO PUSTE WPISY - - - -

AddRemove-DAEMON Tools Toolbar - c:\program files\DAEMON Tools Toolbar\uninst.exe



**************************************************************************
skanowanie ukrytych procesów ...

skanowanie ukrytych wpisów autostartu ...

skanowanie ukrytych plików ...

skanowanie pomyślnie ukończone
ukryte pliki:

**************************************************************************
.
--------------------- ZABLOKOWANE KLUCZE REJESTRU ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Czas ukończenia: 2009-12-19 16:37:40
ComboFix-quarantined-files.txt 2009-12-19 15:37

Przed: 295 921 233 920 bytes free
Po: 297 686 224 896 bytes free

Current=1 Default=1 Failed=0 LastKnownGood=18 Sets=1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18
- - End Of File - - 3741A1B2C7BD74686570577ACD809F0F









I would be very grateful for any help. Thanks in advance and sorry for my broken English (please correct me if I say something wrong :)

Edited by site:, 19 December 2009 - 11:28 AM.

  • 0

Advertisements







Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP