combofix log

lknn
26-12-2009, 16:20   |  #1  
OP Taze Üye
Teşekkür Sayısı: 0
6 mesaj
Kayıt Tarihi:Kayıt: Ara 2009

Selam, bilgisayarımda yavaşlama var. Combofix log dosyama bakabilirseniz sevinirim

ComboFix 09-12-25.02 - Owner 25.12.2009  22:57:13.2.2 - x86
Microsoft Windows XP Home Edition  5.1.2600.3.1254.90.1055.18.511.179 [GMT 2:00]
Running from: c:\documents and settings\Owner\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.

(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
c:\documents and settings\All Users\Application Data\Downloaded Installations\{282B5224-698C-4638-96F7-6B2B184DC429}\1033.MST
c:\documents and settings\All Users\Application Data\Downloaded Installations\{282B5224-698C-4638-96F7-6B2B184DC429}\AVGIDP_setup.msi
c:\documents and settings\All Users\Application Data\Downloaded Installations\{70ADDA88-7F88-46A1-A9C4-5BD9EA9934A1}\1033.MST
c:\documents and settings\All Users\Application Data\Downloaded Installations\{70ADDA88-7F88-46A1-A9C4-5BD9EA9934A1}\AVGIDP_setup.msi
c:\windows\180ax.exe
c:\windows\default.htm
c:\windows\hosts
c:\windows\mssvr.exe
c:\windows\swin32.dll
c:\windows\system32\drivers\4_stars.gif
c:\windows\system32\drivers\5_stars.gif
c:\windows\system32\drivers\alert_icon.gif
c:\windows\system32\drivers\buy_btn.gif
c:\windows\system32\drivers\close_icon.gif
c:\windows\system32\drivers\detect.htm
c:\windows\system32\drivers\download_btn.gif
c:\windows\system32\drivers\features.gif
c:\windows\system32\drivers\header_bg.gif
c:\windows\system32\drivers\icon_warning.gif
c:\windows\system32\drivers\logo_bg.gif
c:\windows\system32\drivers\perfect_cleaner_box.jpg
c:\windows\system32\drivers\perfect_cleaner_box_small.jpg
c:\windows\system32\drivers\perfect_cleaner_header.gif
c:\windows\system32\drivers\perfect_cleaner_header_small.gif
c:\windows\system32\drivers\protect.gif
c:\windows\system32\drivers\pt.htm
c:\windows\system32\drivers\remove_spyware_button.gif
c:\windows\system32\drivers\s_detect.htm
c:\windows\system32\drivers\secuity_center_logo.gif
c:\windows\system32\drivers\spy_away_box.jpg
c:\windows\system32\drivers\spy_away_box_small.jpg
c:\windows\system32\drivers\spy_away_header.gif
c:\windows\system32\drivers\spy_away_header_small.gif
c:\windows\system32\drivers\users_rating.gif
c:\windows\system32\drivers\v.gif
c:\windows\system32\drivers\x.gif
c:\windows\system32\gtv_sd.bin
c:\windows\system32\lclcfg32.ini
c:\windows\system32\lfd32.ini
c:\windows\system32\ntSVc.ocx
c:\windows\system32\scrrntr.dll
c:\windows\system32\sl.bin
c:\windows\system32\stfv.bin
c:\windows\system32\wer8274.dll
c:\windows\voiceip.dll

.
(((((((((((((((((((((((((   Files Created from 2009-11-25 to 2009-12-25  )))))))))))))))))))))))))))))))
.

2009-12-25 16:31 . 2009-12-25 17:04    --------    d-----w-    c:\documents and settings\All Users\Application Data\WinZip
2009-12-25 00:11 . 2009-12-25 00:11    --------    d-----w-    c:\documents and settings\Owner\Application Data\AVG8
2009-12-22 16:42 . 2009-12-14 20:47    3776280    ----a-w-    c:\documents and settings\All Users\Application Data\avg9\update\backup\setup.exe
2009-12-22 16:42 . 2009-12-14 20:47    4043032    ----a-w-    c:\documents and settings\All Users\Application Data\avg9\update\backup\avgui.exe
2009-12-22 16:42 . 2009-12-14 20:47    916248    ----a-w-    c:\documents and settings\All Users\Application Data\avg9\update\backup\avgcfgx.dll
2009-12-18 14:47 . 2009-12-21 01:50    294656    ----a-w-    c:\documents and settings\All Users\Application Data\avg9\update\backup\avglngx.dll
2009-12-14 20:57 . 2009-12-14 20:57    --------    d-----w-    c:\documents and settings\All Users\Application Data\AVG IDS
2009-12-14 20:47 . 2009-12-14 20:47    360584    ----a-w-    c:\windows\system32\drivers\avgtdix.sys
2009-12-14 20:47 . 2009-12-14 20:47    12464    ----a-w-    c:\windows\system32\avgrsstx.dll
2009-12-14 20:47 . 2009-12-14 20:47    333192    ----a-w-    c:\windows\system32\drivers\avgldx86.sys
2009-12-14 20:47 . 2009-12-14 20:47    28424    ----a-w-    c:\windows\system32\drivers\avgmfx86.sys
2009-12-14 20:47 . 2009-12-25 17:25    --------    d-----w-    c:\windows\system32\drivers\Avg
2009-12-14 17:35 . 2009-12-14 17:35    --------    d-----w-    c:\documents and settings\LocalService\Application Data\ESET
2009-12-14 16:03 . 2009-12-14 16:03    --------    d-----w-    c:\documents and settings\Owner\Application Data\ESET
2009-12-11 18:38 . 2009-12-20 22:36    2352920    ----a-w-    c:\documents and settings\All Users\Application Data\avg9\update\backup\avgresf.dll

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-12-25 20:53 . 2007-01-25 18:28    --------    d-----w-    c:\program files\Google
2009-12-25 20:46 . 2007-07-01 11:45    --------    d-----w-    c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-12-25 17:24 . 2009-10-22 17:09    --------    d-----w-    c:\documents and settings\All Users\Application Data\avg9
2009-12-25 17:15 . 2009-10-23 00:41    0    ----a-w-    c:\documents and settings\Owner\Local Settings\Application Data\prvlcl.dat
2009-12-25 00:10 . 2005-10-12 13:46    --------    d--h--w-    c:\program files\InstallShield Installation Information
2009-12-14 20:47 . 2009-11-12 17:14    3967256    ----a-w-    c:\documents and settings\All Users\Application Data\avg9\update\backup\avgcorex.dll
2009-12-14 17:46 . 2007-07-15 14:33    --------    d-----w-    c:\program files\ESET
2009-12-14 16:02 . 2008-03-12 17:13    --------    d-----w-    c:\documents and settings\All Users\Application Data\ESET
2009-12-10 13:07 . 2004-08-04 12:00    62518    ----a-w-    c:\windows\system32\perfc01F.dat
2009-12-10 13:07 . 2004-08-04 12:00    372014    ----a-w-    c:\windows\system32\perfh01F.dat
2009-12-10 13:07 . 2009-05-10 21:10    62206    ----a-w-    c:\windows\system32\perfc041.dat
2009-12-10 13:07 . 2009-05-10 21:10    371308    ----a-w-    c:\windows\system32\perfh041.dat
2009-11-22 16:59 . 2009-01-11 16:41    --------    d-----w-    c:\program files\AVG
2009-11-15 13:47 . 2009-11-14 14:57    --------    d-----w-    c:\program files\DivX
2009-11-14 14:59 . 2009-11-14 14:59    --------    d-----w-    c:\documents and settings\Owner\Application Data\DivX
2009-10-29 07:41 . 2004-08-04 12:00    916480    ----a-w-    c:\windows\system32\wininet.dll
2009-10-21 05:39 . 2004-08-04 12:00    75776    ----a-w-    c:\windows\system32\strmfilt.dll
2009-10-21 05:39 . 2004-08-04 12:00    25088    ----a-w-    c:\windows\system32\httpapi.dll
2009-10-20 16:20 . 2004-08-04 12:00    265728    ----a-w-    c:\windows\system32\drivers\http.sys
2009-10-13 10:33 . 2004-08-04 12:00    270848    ----a-w-    c:\windows\system32\oakley.dll
2009-10-12 13:39 . 2004-08-04 12:00    79872    ----a-w-    c:\windows\system32\raschap.dll
2009-10-12 13:39 . 2004-08-04 12:00    150016    ----a-w-    c:\windows\system32\rastls.dll
2009-10-09 13:02 . 2009-10-09 13:02    74760    ----a-w-    c:\windows\system32\drivers\UniversalDD.sys
2009-10-09 13:02 . 2009-10-09 13:02    25608    ----a-w-    c:\windows\system32\drivers\AVGIDSEH.sys
.

(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-25 68856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2005-07-20 7110656]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"AVG9_TRAY"="c:\progra~1\AVG\AVG9\avgtray.exe" [2009-12-14 2033432]
"AVGIDS"="c:\program files\AVG\Identity Protection\agent\bin\AVGIDSUI.exe" [2009-10-09 1640968]
"Easy-PrintToolBox"="c:\program files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE" [2004-01-14 409600]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2004-11-02 126976]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2004-11-02 155648]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-01-06 290088]
"Logitech Utility"="Logi_MwX.Exe" [2003-11-07 19968]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2005-07-20 86016]
"nwiz"="nwiz.exe" [2005-07-20 1519616]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-05-26 413696]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2003-12-08 32768]
"SoundMan"="SOUNDMAN.EXE" [2005-04-15 77824]
"zBrowser Launcher"="c:\program files\Logitech\iTouch\iTouch.exe" [2003-12-01 892928]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"UIHost"=hex(2):6c,6f,67,6f,6e,75,69,2e,65,78,65,00,00

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"d:\\Emule\\emule.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgemc.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgnsx.exe"=

R0 AVGIDSErHr;AVGIDSErHr;c:\windows\system32\drivers\AVGIDSEH.sys [09.10.2009 15:02 25608]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [14.12.2009 22:47 333192]
R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [14.12.2009 22:47 360584]
R2 avg9emc;AVG Free E-mail Scanner;c:\program files\AVG\AVG9\avgemc.exe [14.12.2009 22:47 906520]
R2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [14.12.2009 22:47 285392]
R2 AVGIDSWatcher;AVGIDSWatcher;c:\program files\AVG\Identity Protection\agent\Bin\AVGIDSWatcher.exe [09.10.2009 15:02 559624]
R3 AVGIDSDriver;AVGIDSDriver;c:\program files\AVG\Identity Protection\agent\driver\platform_XP\AVGIDSDriver.sys [09.10.2009 15:02 122376]
R3 AVGIDSFilter;AVGIDSFilter;c:\program files\AVG\Identity Protection\agent\driver\platform_XP\AVGIDSFilter.sys [09.10.2009 15:02 30216]
R3 AVGIDSShim;AVGIDSShim;c:\program files\AVG\Identity Protection\agent\driver\platform_XP\AVGIDSShim.sys [09.10.2009 15:02 25736]
S2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\Identity Protection\agent\Bin\AVGIDSAgent.exe [09.10.2009 15:02 5832712]
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com.tr/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Easy-WebPrint Add To Print List - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
IE: Easy-WebPrint High Speed Print - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
IE: Easy-WebPrint Preview - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
IE: Easy-WebPrint Print - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
IE: Microsoft Excel'e &Ver - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Microsoft Excel'e Gö&nder - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
LSP: c:\progra~1\KATKAT~1\sliplsp.dll
TCP: {DC791C56-4D91-4348-B5C9-067BEBFC051A} = 4.2.2.1,4.2.2.2
DPF: {D9A98D08-9B09-465D-97A0-687A27399092} - hxxp://www.viewtec.ch/downloads/TerrainViewWebOCX.cab
FF - ProfilePath - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\1gibfphg.defaultFF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - component: c:\program files\AVG\AVG9\Firefox\components\avgssff.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npOGAPlugin.dll
.
- - - - ORPHANS REMOVED - - - -

Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
HKCU-Run-Spyware Cleaner - c:\program files\Spyware Cleaner\SpywareCleaner.Exe
HKLM-Run-SpySpotter System Defender - c:\program files\SpySpotter3\Defender.exe
HKLM-Run-Sony Ericsson PC Suite - c:\program files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
Notify-avgrsstarter - (no file)
Notify-crypt32chain - (no file)
Notify-cryptnet - (no file)
Notify-cscdll - (no file)
Notify-igfxcui - (no file)
Notify-ScCertProp - (no file)
Notify-Schedule - (no file)
Notify-sclgntfy - (no file)
Notify-SensLogn - (no file)
Notify-termsrv - (no file)
Notify-WgaLogon - (no file)
Notify-wlballoon - (no file)
AddRemove-Adobe SVG Viewer - c:\program files\Common Files\Adobe\SVG Viewer 3.0\Uninstall\Winstall.exe

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-12-25 23:01
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...  

scanning hidden autostart entries ...

scanning hidden files ...  

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'lsass.exe'(564)
c:\progra~1\KATKAT~1\sliplsp.dll

- - - - - - - > 'explorer.exe'(1228)
c:\windows\system32\WININET.dll
c:\program files\Logitech\MouseWare\System\LgWndHk.dll
c:\program files\Logitech\iTouch\iTchHk.dll
c:\program files\Common Files\Logitech\Scrolling\LgMsgHk.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2009-12-25  23:03:20
ComboFix-quarantined-files.txt  2009-12-25 21:03

Pre-Run: 1.180.811.264 bayt boş
Post-Run: 1.144.176.640 bayt boş

- - End Of File - - 83EDB840D3F1BFC5EA53EDAFB6583C15

Son Düzenleme: lknn ~ 26 Aralık 2009 16:20