Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Register a free account to unlock additional features at BleepingComputer.com

Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Latest News: Kraken Cryptor Ransomware Connecting to BleepingComputer During Encryption

Featured Deal: Get The Pay What You Want: AWS Cloud Development Bundle Deal

Please help me with my computer. Very slow and hangs.

Started by krzos91 , Jun 30 2009 02:55 AM

This topic is locked

2 replies to this topic

#1 krzos91

Members
1 posts
OFFLINE

Local time:08:08 PM

Posted 30 June 2009 - 02:55 AM

Hi!
I'm from poland and I don't know English very well but I will try to understand your instructions if you of course help me. I've scaned my computer becouse it enoys me it's a rather new computer but it startedto be a very slow cow. It switches on about 5min ;/ I'll give my log please help me fixing my Computer. THX 4 All Krzos91

ComboFix 09-06-29.04 - Tadeusz 2009-06-30 8:26.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1250.48.1033.18.1014.351 [GMT 2:00]
Uruchomiony z: c:\documents and settings\Tadeusz\Desktop\ComboFix.exe
AV: Symantec AntiVirus Corporate Edition *On-access scanning enabled* (Updated) {FB06448E-52B8-493A-90F3-E43226D3305C}
FW: Norton Internet Worm Protection *disabled* {990F9400-4CEE-43EA-A83A-D013ADD8EA6E}
* Utworzono nowy punkt przywracania
.

((((((((((((((((((((((((((((((((((((((( Usunięto )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\restore\S-1-5-21-1482476501-1644491937-682003330-1013
c:\restore\S-1-5-21-1482476501-1644491937-682003330-1013\Desktop.ini
c:\windows\kb913800.exe
c:\windows\system32\setup.ini
c:\windows\TEMP\pdk-SYSTEM-3540\0a6b9f23e356336cc61530f586d0c66a.dll
c:\windows\TEMP\pdk-SYSTEM-3540\1aa2e9fd49d3ad8a9074589e9d34c09c.dll
c:\windows\TEMP\pdk-SYSTEM-3540\1ff4eae997b1753d848dbbc61d1b4345.dll
c:\windows\TEMP\pdk-SYSTEM-3540\31aa023220b46a62dd91739a3bf1cad4.dll
c:\windows\TEMP\pdk-SYSTEM-3540\36971e8ed4d19cc0a7051079b039c204.dll
c:\windows\TEMP\pdk-SYSTEM-3540\42db37dadb779dbfc5da8bdd7ec61c52.dll
c:\windows\TEMP\pdk-SYSTEM-3540\44abde5de65f3f034faac2c132713018.dll
c:\windows\TEMP\pdk-SYSTEM-3540\7aace6f21e4c397996b145b7fd777643.dll
c:\windows\TEMP\pdk-SYSTEM-3540\7acaa276f32e012922082aa697dfa218.dll
c:\windows\TEMP\pdk-SYSTEM-3540\804319663a3a667d3033c7ecbea8ea01.dll
c:\windows\TEMP\pdk-SYSTEM-3540\89f4ac43ba2b792785d9d472365e562b.dll
c:\windows\TEMP\pdk-SYSTEM-3540\8d3b343ab48cfb6b14fa9d0dc35ce9e6.dll
c:\windows\TEMP\pdk-SYSTEM-3540\b2774d247dfbf0abe8539e577ee59b4c.dll
D:\Autorun.inf
D:\Desktop.ini

.
((((((((((((((((((((((((( Pliki utworzone od 2009-05-28 do 2009-06-30 )))))))))))))))))))))))))))))))
.

2009-06-21 19:01 . 2007-10-23 07:27 110592 ----a-w- c:\documents and settings\Tadeusz\Application Data\U3\temp\cleanup.exe
2009-06-21 18:55 . 2008-05-02 08:41 3493888 ---ha-w- c:\documents and settings\Tadeusz\Application Data\U3\temp\Launchpad Removal.exe
2009-06-21 18:55 . 2009-06-28 15:00 -------- d-----w- c:\documents and settings\Tadeusz\Application Data\U3
2009-06-20 17:09 . 2009-06-20 17:09 -------- d-----w- c:\program files\Avanquest update
2009-06-20 17:00 . 2008-04-13 18:45 26112 ----a-w- c:\windows\system32\drivers\usbser.sys
2009-06-20 17:00 . 2008-04-13 18:45 26112 ----a-w- c:\windows\system32\dllcache\usbser.sys
2009-06-20 16:16 . 2007-06-18 13:18 23680 ----a-w- c:\windows\system32\drivers\motport.sys
2009-06-20 16:16 . 2009-06-20 16:17 -------- d-----w- c:\windows\system32\drivers\UMDF
2009-06-20 15:49 . 2008-03-03 14:03 23296 ----a-w- c:\windows\system32\drivers\Motousbnet.sys
2009-06-20 15:49 . 2007-11-02 13:51 6400 ----a-w- c:\windows\system32\drivers\motswch.sys
2009-06-20 15:49 . 2007-01-23 20:36 6016 ----a-w- c:\windows\system32\drivers\motfilt.sys
2009-06-20 15:49 . 2007-06-18 13:18 23680 ----a-w- c:\windows\system32\drivers\motmodem.sys
2009-06-20 15:49 . 2006-11-13 13:45 1419232 ----a-w- c:\windows\system32\wdfcoinstaller01005.dll
2009-06-20 15:47 . 2009-06-20 16:15 -------- d-----w- c:\program files\Common Files\Motorola Shared
2009-06-20 15:47 . 2009-06-20 15:47 -------- d-----w- c:\program files\Motorola
2009-06-20 15:44 . 2009-06-20 17:10 -------- d-----w- c:\program files\Motorola Phone Tools
2009-06-20 15:44 . 2009-06-20 17:06 -------- d-----w- c:\documents and settings\All Users\Application Data\BVRP Software
2009-06-20 15:43 . 2009-06-20 15:43 -------- d-----w- c:\documents and settings\Tadeusz\Application Data\InstallShield
2009-06-18 21:13 . 2009-06-18 21:13 390664 ----a-w- c:\documents and settings\Tadeusz\Application Data\Real\RealPlayer\Update\realplayer11gold.exe

.
(((((((((((((((((((((((((((((((((((((((( Sekcja Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-30 06:49 . 2007-08-31 11:16 -------- d-----w- c:\program files\SAV
2009-06-29 14:10 . 2007-01-05 17:30 -------- d--h--w- c:\program files\zip codecs
2009-06-28 16:00 . 2007-10-15 16:32 -------- d-----w- c:\program files\Norton Security Scan
2009-06-20 17:09 . 2006-12-22 09:25 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-06-20 16:54 . 2009-06-20 16:54 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_motport_01005.Wdf
2009-06-20 16:31 . 2006-12-22 09:25 -------- d-----w- c:\program files\Windows Media Connect 2
2009-06-20 16:19 . 2009-06-20 16:19 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_Motousbnet_01005.Wdf
2009-06-20 16:19 . 2009-06-20 16:19 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_motfilt_01005.Wdf
2009-06-20 16:19 . 2009-06-20 16:19 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_motmodem_01005.Wdf
2009-06-20 16:19 . 2009-06-20 16:19 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2009-06-03 19:05 . 2008-04-20 12:50 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer
2009-06-03 18:50 . 2007-08-14 17:36 -------- d-----w- c:\program files\eMule
2009-05-14 12:16 . 2008-03-10 17:33 -------- d-----w- c:\program files\Valve
2009-05-13 09:40 . 2009-05-13 09:40 -------- d-----w- c:\program files\D-Tools
2009-05-12 17:27 . 2009-02-28 21:59 -------- d-----w- c:\program files\Nowe Gadu-Gadu
2009-05-07 15:32 . 2006-03-16 04:00 345600 ----a-w- c:\windows\system32\localspl.dll
2009-04-29 04:56 . 2005-07-03 10:11 827392 ----a-w- c:\windows\system32\wininet.dll
2009-04-29 04:55 . 2006-03-16 04:00 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-04-20 18:26 . 2006-10-27 05:13 68952 ----a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-04-19 19:52 . 2009-04-19 19:52 1 ----a-w- c:\documents and settings\Tadeusz\Application Data\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2009-04-17 12:26 . 2006-03-16 04:00 1847168 ----a-w- c:\windows\system32\win32k.sys
2009-04-15 14:51 . 2006-03-16 04:00 585216 ----a-w- c:\windows\system32\rpcrt4.dll
2009-04-09 17:39 . 2009-04-09 17:39 152576 ----a-w- c:\documents and settings\Tadeusz\Application Data\Sun\Java\jre1.6.0_13\lzma.dll
2008-04-22 22:20 . 2008-04-22 22:20 16384 ----a-w- c:\program files\uik.dat
2008-04-22 22:19 . 2008-04-22 22:19 4 ----a-w- c:\program files\is.dat
2008-03-06 17:55 . 2008-03-06 17:51 2293848 ----a-w- c:\program files\FLV PlayerFCSetup.exe
2005-11-22 07:17 . 2008-11-06 19:25 79 ----a-w- c:\program files\Readme.txt
2005-11-19 22:09 . 2008-11-06 19:25 98 ----a-w- c:\program files\setup.reg
2005-11-19 22:09 . 2008-11-06 19:25 2438 ----a-w- c:\program files\setup.bat
2006-12-22 02:55 . 2006-12-22 02:55 22 --sha-w- c:\windows\SMINST\HPCD.sys
.

((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"H/PC Connection Agent"="c:\program files\Microsoft ActiveSync\wcescomm.exe" [2006-11-13 1289000]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-10 68856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-05 64512]
"hpWirelessAssistant"="c:\program files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [2006-05-03 458752]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2006-03-22 94208]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2006-03-22 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2006-03-22 118784]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-06-17 794713]
"QPService"="c:\program files\HP\QuickPlay\QPService.exe" [2006-07-19 102400]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2006-02-19 49152]
"QlbCtrl"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2006-06-19 163840]
"Cpqset"="c:\program files\Hewlett-Packard\Default Settings\cpqset.exe" [2006-06-19 40960]
"RecGuard"="c:\windows\SMINST\RecGuard.exe" [2005-10-11 1187840]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2006-03-07 53408]
"vptray"="c:\progra~1\SAV\VPTray.exe" [2006-04-21 125072]
"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-03-20 213936]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-03-28 413696]
"D500"="c:\progra~1\icon7\D500\D500.exe" [2007-09-17 55816]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-03-30 198160]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-09 148888]
"mumservice"="c:\program files\Motorola\Software Update\mumservice.exe" [2009-05-19 996608]
"MsmqIntCert"="mqrt.dll" - c:\windows\system32\mqrt.dll [2008-04-14 177152]
"AdslTaskBar"="stmctrl.dll" - c:\windows\system32\stmctrl.dll [2006-06-02 151552]
"High Definition Audio Property Page Shortcut"="CHDAudPropShortcut.exe" - c:\windows\system32\CHDAudPropShortcut.exe [2006-06-02 61952]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
BTTray.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2006-5-12 581693]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2006-2-19 288472]
HP Pavilion Webcam Tray Icon.lnk - c:\program files\Hewlett-Packard\HP Pavilion Webcam\HPWebcam.exe [2006-12-22 102400]
HP Photosmart Premier - Szybkie uruchomienie.lnk - c:\program files\HP\Digital Imaging\bin\hpqthb08.exe [2006-2-10 73728]
Service Manager.lnk - c:\program files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe [2005-5-3 81920]

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\mqsvc.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"c:\\Program Files\\eMule\\emule.exe"=
"c:\\Program Files\\Gadu-Gadu\\gg.exe"=
"c:\\Program Files\\NAPI-PROJEKT\\napisy.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"c:\\WINDOWS\\system32\\mmc.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Nowe Gadu-Gadu\\gg.exe"=
"c:\\Program Files\\BearShare\\BearShare.exe"=
"c:\\Program Files\\Valve\\Counter-Strike 1.6\\hl.exe"=
"c:\\Program Files\\Motorola\\Software Update\\msu.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"20253:TCP"= 20253:TCP:BitComet 20253 TCP
"20253:UDP"= 20253:UDP:BitComet 20253 UDP
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
"8461:TCP"= 8461:TCP:GoD High Port
"8462:TCP"= 8462:TCP:GoD Low Port

R2 Harmonogram automatycznej usługi LiveUpdate;Harmonogram automatycznej usługi LiveUpdate;c:\program files\Symantec\LiveUpdate\AluSchedulerSvc.exe [2006-12-22 100032]
R2 HMuFtI7D500;Dritek HID Mouse Filter for Icon7 D500;c:\windows\system32\drivers\HMuFtI7D500.sys [2007-08-09 33928]
R2 Reporting;Reporting Agents;c:\program files\Common Files\Symantec Shared\Reporting Agents\Win32\ReporterSvc.exe [2006-03-17 1324808]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\eengine\EraserUtilRebootDrv.sys [2009-05-03 101936]
R3 Stmatm;ATM/ADSL miniport;c:\windows\system32\drivers\stmatm.sys [2007-06-30 60255]
R3 TaurusUsb;ADSL Modem USB Service;c:\windows\system32\drivers\torususb.sys [2007-06-30 684265]
S3 BTCFilterService;USB Networking Driver Filter Service;c:\windows\system32\drivers\motfilt.sys [2009-06-20 6016]
S3 Motousbnet;Motorola USB Networking Driver Service;c:\windows\system32\drivers\Motousbnet.sys [2009-06-20 23296]
S3 motport;Motorola USB Diagnostic Port;c:\windows\system32\drivers\motport.sys [2009-06-20 23680]
S3 tap0801;TAP-Win32 Adapter V8;c:\windows\system32\drivers\tap0801.sys [2007-02-15 26624]
.
Zawartość folderu 'Zaplanowane zadania'

2009-06-28 c:\windows\Tasks\Norton Security Scan for Tadeusz.job
- c:\program files\Norton Security Scan\Nss.exe [2008-09-19 03:18]

2009-06-30 c:\windows\Tasks\Sprawdź aktualizacje paska narzędzi Windows Live Toolbar.job
- c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 10:20]
.
- - - - USUNIĘTO PUSTE WPISY - - - -

SSODL-bfrgnos-{E49356BC-7FA5-4364-AC8D-EACBA1CD4C4F} - (no file)

.
------- Skan uzupełniający -------
.
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}
uStart Page = hxxp://securityresponse.symantec.com/avcenter/fix_homepage/
IE: &Winamp Toolbar Search - c:\documents and settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
IE: &Windows Live Search - c:\program files\Windows Live Toolbar\msntb.dll/search.htm
IE: E&ksport do programu Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Wyślij do interfejsu &Bluetooth - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
TCP: {13C2A665-9F6B-4A4D-89BF-AAEBB121FCFB} = 194.204.159.1 217.98.63.164
TCP: {70267E75-67A0-42D7-849A-08CCA4836251} = 194.204.152.34,192.204.159.1
FF - ProfilePath - c:\documents and settings\Tadeusz\Application Data\Mozilla\Firefox\Profiles\e8r69hhp.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.interia.pl/
FF - component: c:\program files\Real\RealPlayer\browserrecord\components\nprpbrowserrecordplugin.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npdjvu.dll
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-06-30 08:48
Windows 5.1.2600 Service Pack 3 NTFS

skanowanie ukrytych procesów ...

skanowanie ukrytych wpisów autostartu ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Cpqset = c:\program files\Hewlett-Packard\Default Settings\cpqset.exe????????????L?@? ????e??????`?@?????L?@

skanowanie ukrytych plików ...

skanowanie pomyślnie ukończone
ukryte pliki: 0

**************************************************************************
.
--------------------- ZABLOKOWANE KLUCZE REJESTRU ---------------------

[HKEY_USERS\S-1-5-21-4002897829-2496056829-4134366152-1005\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
--------------------- Pliki DLL ładowane pod uruchomionymi procesami ---------------------

- - - - - - - > 'explorer.exe'(4812)
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\btncopy.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Pozostałe uruchomione procesy ------------------------
.
c:\program files\Common Files\Symantec Shared\ccSetMgr.exe
c:\program files\Common Files\Symantec Shared\ccEvtMgr.exe
c:\program files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
c:\windows\system32\rundll32.exe
c:\progra~1\MI3AA1~1\rapimgr.exe
c:\program files\HP\Digital Imaging\bin\hpqimzone.exe
c:\program files\HP\Digital Imaging\bin\hpqste08.exe
c:\windows\system32\msdtc.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
c:\program files\SAV\DefWatch.exe
c:\windows\ehome\ehrecvr.exe
c:\windows\ehome\ehSched.exe
c:\windows\system32\CBA\pds.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\progra~1\Symantec\SYMANT~1\NscTop.exe
c:\program files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
c:\program files\SAV\Rtvscan.exe
c:\program files\Common Files\YDP\UserAccessManager\useraccess.exe
c:\windows\ehome\mcrdsvc.exe
c:\windows\system32\mqsvc.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\program files\Hewlett-Packard\Shared\hpqwmiex.exe
c:\windows\system32\mqtgsvc.exe
c:\windows\system32\dllhost.exe
c:\windows\ehome\ehmsas.exe
.
**************************************************************************
.
Czas ukończenia: 2009-06-30 8:54 - komputer został uruchomiony ponownie
ComboFix-quarantined-files.txt 2009-06-30 06:54

Przed: 22 662 684 672 bytes free
Po: 22 714 875 904 bajtów wolnych

WindowsXP-KB310994-SP2-Pro-BootDisk-PLK.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Windows XP Media Center Edition" /noexecute=optin /fastdetect

284 --- E O F --- 2009-06-21 17:25

Attached Files

log.txt 19.56KB 11 downloads

Back to top

BC AdBot (Login to Remove)

BleepingComputer.com
Register to remove ads

#2 sempai

noypi

Malware Response Team
5,288 posts
OFFLINE

Gender:Male
Location:3 stars and a sun
Local time:02:08 AM

Posted 04 July 2009 - 12:58 AM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.

If you have already posted a DDS log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.

Thanks and again sorry for the delay.

We need to see some information about what is happening in your machine. Please perform the following scan:

Download DDS by sUBs from one of the following links. Save it to your desktop.
- DDS.scr
- DDS.pif
Double click on the DDS icon, allow it to run.
A small box will open, with an explaination about the tool. No input is needed, the scan is running.
Notepad will open with the results.
Follow the instructions that pop up for posting the results.
Close the program window, and delete the program from your desktop.

Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE

~Semp

You can help me continue the fight against malware by making a donation, Thank you.

If I am helping you and I didn't reply within 48 hours... Please send me a private message.
Topics that are not replied within 5 days will be close. Please don't PM asking for support, post on the Forums instead.
Member of UNITE (Unified Network of Instructors and Trained Eliminators)

Back to top

#3 Orange Blossom

OBleepin Investigator

Moderator
37,011 posts
OFFLINE

Gender:Not Telling
Location:Bloomington, IN
Local time:02:08 PM

Posted 11 July 2009 - 10:40 AM

Due to the lack of feedback, this Topic is now closed.

In case you still have problems, please send me a Private message to reopen this topic within the next 5 days. Beyond that point, please start a new topic.

Orange Blossom :thumbup2: