08-09-2008, 08:29 AM
|
#9 (permalink)
|
|
Registered User
Join Date: Apr 2006
Posts: 24
OS: XP
|
Re: something makes my computer run slower
ok. here's the report:
Quote:
ComboFix 08-08-08.07 - ersin 2008-08-09 17:14:00.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1254.1.1055.18.1639 [GMT 3:00]
Running from: C:\Documents and Settings\ersin\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\ersin\Desktop\CFScript.txt
* Created a new restore point
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_MCHINJDRV
((((((((((((((((((((((((( Files Created from 2008-07-09 to 2008-08-09 )))))))))))))))))))))))))))))))
.
2008-08-09 16:56 . 2008-08-09 16:56 <DIR> d-------- C:\Program Files\OpenAL
2008-08-09 16:56 . 2008-08-09 16:56 413,696 --a------ C:\WINDOWS\system32\wrap_oal.dll
2008-08-09 16:56 . 2008-08-09 16:56 110,592 --a------ C:\WINDOWS\system32\OpenAL32.dll
2008-08-08 21:15 . 2005-02-16 11:06 218,112 --a------ C:\Program Files\ersin.exe
2008-08-08 21:09 . 2008-08-08 21:09 <DIR> d-------- C:\Deckard
2008-08-03 11:15 . 2008-08-03 11:15 44,326 --a------ C:\Purrint002.png
2008-08-02 18:33 . 2008-08-02 18:33 <DIR> d-------- C:\Program Files\SpywareBlaster
2008-08-02 17:36 . 2008-08-02 17:36 <DIR> d-------- C:\Program Files\Uniblue
2008-08-02 17:36 . 2008-08-02 17:36 <DIR> d-------- C:\Documents and Settings\ersin\Application Data\Uniblue
2008-08-02 15:55 . 2008-06-19 17:24 28,544 --a------ C:\WINDOWS\system32\drivers\pavboot.sys
2008-08-02 15:54 . 2008-08-02 15:54 <DIR> d-------- C:\Program Files\Panda Security
2008-08-02 15:22 . 2008-08-02 15:54 <DIR> d-------- C:\Program Files\Security Task Manager
2008-07-28 16:17 . 2008-07-28 16:17 <DIR> d-------- C:\Documents and Settings\ersin\Application Data\dvdcss
2008-07-26 23:26 . 2008-05-06 09:01 45,056 --a------ C:\WINDOWS\system32\WNASPI32.DLL
2008-07-26 23:26 . 2008-05-06 09:01 16,512 --a------ C:\WINDOWS\system32\drivers\ASPI32.SYS
2008-07-26 15:18 . 2008-07-26 15:18 <DIR> d-------- C:\Program Files\Avira
2008-07-26 15:18 . 2008-07-26 15:18 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Avira
2008-07-18 23:59 . 2008-07-18 23:59 <DIR> d-------- C:\Program Files\GameSpy Arcade
2008-07-18 23:56 . 2008-07-18 23:56 <DIR> d-------- C:\Program Files\Microsoft Games
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-08-09 14:05 --------- d-----w C:\Documents and Settings\ersin\Application Data\DNA
2008-08-09 13:50 --------- d-----w C:\Documents and Settings\ersin\Application Data\BitTorrent
2008-08-09 07:03 6,194 ----a-w C:\Program Files\hijackthis.log
2008-08-04 08:05 --------- d-----w C:\Documents and Settings\All Users\Application Data\SecTaskMan
2008-08-02 12:28 6,602 ----a-w C:\WINDOWS\system32\drivers\stac97e.log
2008-08-02 09:28 --------- d-----w C:\Documents and Settings\All Users\Application Data\Google Updater
2008-07-27 08:49 --------- d-----w C:\Program Files\DB Commander 2000 PRO
2008-07-26 20:26 --------- d-----w C:\Program Files\Xilisoft
2008-07-26 11:50 --------- d-----w C:\Documents and Settings\All Users\Application Data\avg8
2008-07-23 22:03 --------- d-----w C:\Documents and Settings\All Users\Application Data\TrackMania
2008-07-22 20:05 --------- d-----w C:\Documents and Settings\ersin\Application Data\Hamachi
2008-07-10 06:43 --------- d-----w C:\Program Files\Java
2008-07-07 08:52 --------- d-----w C:\Program Files\Google
2008-07-05 09:35 --------- d-----w C:\Documents and Settings\ersin\Application Data\Imagenomic
2008-07-05 09:27 --------- d-----w C:\Program Files\Imagenomic
2008-06-26 18:06 286,720 ----a-w C:\WINDOWS\iun506.exe
2008-06-22 13:29 --------- d-----w C:\Program Files\Sony Ericsson
2008-06-20 19:29 --------- d-----w C:\Documents and Settings\All Users\Application Data\Zylom
2008-05-28 09:33 83,288 ----a-w C:\WINDOWS\system32\LMIRfsClientNP.dll
2008-05-28 09:33 24,608 ----a-w C:\WINDOWS\system32\LMIport.dll
2008-05-28 09:32 87,352 ----a-w C:\WINDOWS\system32\LMIinit.dll
2008-05-28 09:32 23,736 ----a-w C:\WINDOWS\system32\lmimirr.dll
2008-05-28 09:32 10,040 ----a-w C:\WINDOWS\system32\lmimirr2.dll
2008-05-16 08:58 12,632 ----a-w C:\WINDOWS\system32\lsdelete.exe
2005-02-16 08:06 218,112 ----a-w C:\Program Files\HijackThis.exe
2008-02-28 11:30 8,784 ----a-w C:\Program Files\mozilla firefox\plugins\ractrlkeyhook.dll
2008-02-28 11:33 245,408 ----a-w C:\Program Files\mozilla firefox\plugins\unicows.dll
2006-01-23 08:32 131,072 ----a-w C:\Program Files\internet explorer\plugins\LV80ActiveXControl.dll
2006-06-07 12:40 132,848 ----a-w C:\Program Files\internet explorer\plugins\LV82ActiveXControl.dll
.
((((((((((((((((((((((((((((( snapshot@2008-08-09_10.01.57.57 )))))))))))))))))))))))))))))))))))))))))
.
+ 2005-10-20 17:02:28 163,328 ----a-w C:\WINDOWS\ERDNT\subs\ERDNT.EXE
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DellSupport"="C:\Program Files\Dell Support\DSAgnt.exe" [2005-05-15 02:04 332800]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 15:00 15360]
"BitTorrent DNA"="C:\Program Files\DNA\btdna.exe" [2008-05-08 07:00 289088]
"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2007-09-18 17:16 171464]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="C:\Program Files\Apoint\Apoint.exe" [2005-10-07 14:13 176128]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-08-05 22:05 344064]
"Dell QuickSet"="C:\Program Files\Dell\QuickSet\quickset.exe" [2006-06-29 12:13 1032192]
"DMXLauncher"="C:\Program Files\Dell\Media Experience\DMXLauncher.exe" [2005-01-27 04:02 86016]
"ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 19:50 221184]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-27 19:50 81920]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 04:27 144784]
"dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [2005-05-31 06:33 122941]
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 14:28 266497]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-04 15:00 110592 C:\WINDOWS\system32\bthprops.cpl]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 15:00 15360]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "C:\Program Files\SUPERAntiSpyware\SASSEH.DLL" [2006-12-20 12:55 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2007-02-27 11:39 282624 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
2008-05-28 12:32 87352 C:\WINDOWS\system32\LMIinit.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.X264"= x264vfw.dll
"VIDC.3iv2"= 3ivxVfWCodec.dll
"VIDC.VP31"= vp31vfw.dll
"VIDC.FFDS"= ffdshow.ax
"msacm.l3fhg"= mp3fhg.acm
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programlar^Başlangıç^Adobe Reader Speed Launch.lnk]
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programlar^Başlangıç^Bluetooth Manager.lnk]
backup=C:\WINDOWS\pss\Bluetooth Manager.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programlar^Başlangıç^GetRight - Tray Icon.lnk]
backup=C:\WINDOWS\pss\GetRight - Tray Icon.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^ersin^Start Menu^Programlar^Başlangıç^YouTube Uploader.lnk]
backup=C:\WINDOWS\pss\YouTube Uploader.lnkStartup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdVantage
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ares
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\areslite
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SIA2006
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ZoneAlarm Client
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVDLauncher]
--------- 2005-02-23 19:19 53248 C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
--a----t- 2008-07-16 13:47 119280 C:\Documents and Settings\ersin\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelWireless]
--a------ 2006-08-02 00:32 696320 C:\Program Files\Intel\Wireless\Bin\iFrmewrk.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelZeroConfig]
--a------ 2006-08-02 00:38 802816 C:\Program Files\Intel\Wireless\Bin\ZCfgSvc.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogMeIn GUI]
--a------ 2008-02-28 15:31 63048 C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
--a------ 2007-01-19 12:55 5674352 C:\Program Files\MSN Messenger\msnmsgr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroCheck]
--a------ 2001-07-09 02:50 155648 C:\WINDOWS\system32\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
--a------ 2007-02-27 11:39 1310720 C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Uniblue RegistryBooster 2]
--a------ 2008-07-23 14:05 1927448 C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"avg8wd"=2 (0x2)
"avg8emc"=2 (0x2)
"lkTimeSync"=2 (0x2)
"lkClassAds"=2 (0x2)
"BthServ"=2 (0x2)
"WLANKEEPER"=2 (0x2)
"S24EventMonitor"=2 (0x2)
"RegSrvc"=2 (0x2)
"EvtEng"=2 (0x2)
"NIDomainService"=2 (0x2)
"aawservice"=3 (0x3)
"gusvc"=2 (0x2)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Activision\\Call of Duty 2\\CoD2MP_s.exe"=
"C:\\Program Files\\BearShare Applications\\BearShare\\BearShare.exe"=
"C:\\Program Files\\BitTorrent_DNA\\dna.exe"=
"C:\\Program Files\\BitTorrent\\bittorrent.exe"=
"C:\\Program Files\\Sports Interactive\\Football Manager 2008\\fm.exe"=
"C:\\Program Files\\SopCast\\SopCast.exe"=
"C:\\Program Files\\KONAMI\\Pro Evolution Soccer 2008\\PES2008.exe"=
"C:\\Program Files\\EA SPORTS\\NBA LIVE 08\\nbalive08.exe"=
"C:\\WINDOWS\\system32\\dpvsetup.exe"=
"C:\\Program Files\\SopCast\\adv\\SopAdver.exe"=
"C:\\Program Files\\DNA\\btdna.exe"=
"C:\\Program Files\\TmNationsForever\\TmForever.exe"=
"C:\\Program Files\\Sierra Online\\FreeStyle Street Basketball(TM)\\FreeStyle.exe"=
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"C:\\Program Files\\Microsoft Games\\Rise of Nations\\rise.exe"=
"C:\\Program Files\\Microsoft Games\\Rise of Nations\\nations.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)
R0 pavboot;pavboot;C:\WINDOWS\system32\drivers\pavboot.sys [2008-06-19 17:24]
R2 cvintdrv;cvintdrv;C:\WINDOWS\system32\drivers\cvintdrv.sys [2006-07-27 11:00]
R2 LMIInfo;LogMeIn Kernel Information Provider;C:\Program Files\LogMeIn\x86\RaInfo.sys [2008-02-28 15:31]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;C:\WINDOWS\system32\drivers\LMIRfsDriver.sys [2008-03-07 13:39]
S3 camvid20;Philips ToUcam Camera; Video;C:\WINDOWS\system32\DRIVERS\camdrv21.sys []
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-09 17:21:01
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\ati2evxx.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Apoint\hidfind.exe
C:\Program Files\Apoint\ApntEx.exe
C:\Program Files\Dell\QuickSet\NicConfigSvc.exe
C:\WINDOWS\system32\nisvcloc.exe
C:\WINDOWS\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2008-08-09 17:27:40 - machine was rebooted
ComboFix-quarantined-files.txt 2008-08-09 14:27:34
Pre-Run: 17,604,993,024 bayt boş
Post-Run: 17,519,493,120 bayt boŸ
205
|
|
|
|