Sign in to follow this  
kenanorhan

I don't know problem

Recommended Posts

if chorimium interests with google chrome yes i prepared it.
and I established etype when I was trying to restore or recover my deleted pictures....
that day I established couple programmes and I tried to delete most of them.
the 'babylon thing' get in my computer that day...

Share this post


Link to post
Share on other sites
No need to delete folders that aren't malicious. :)

Babylon toolbar usually comes together with another program, it is used as a way of the program developer to get paid for the work.

1.
Please, upload the file c:\users\Kenan ve Deniz\AppData\Roaming\dclogs\2012-07-28-7.dc to the virustotal web page and post the link to the result.

2.
Copy all lines in the box:
[code]
Killall::
ClearJavaCache::
DDS::
uStart Page = hxxp://search.babylon.com/?affID=112543&tt=3012_3&babsrc=HP_ss&mntrId=5611f8ee000000000000000000000030
mURLSearchHooks: Winamp Search Class: {57bca5fa-5dbb-45a2-b558-1755c3f6253b} - C:\Program Files (x86)\Winamp Toolbar\winamptb.dll
TB: Babylon Toolbar: {98889811-442d-49dd-99d7-dc866be87dbc} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.29.1\BabylonToolbarTlbr.dll
TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
TB: {91397D20-1446-11D4-8AF4-0040CA1127B6} - No File
TB-X64: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
TB-X64: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
TB-X64: {91397D20-1446-11D4-8AF4-0040CA1127B6} - No File
EB-X64: {555D4D79-4BD2-4094-A395-CFC534424A05} - No File
uRun: [gtcllxcfnibemqjscko] C:\Users\Kenan ve Deniz\AppData\Roaming\gtcllxcfnibemqjscko.exe
mExplorerRun: [63726] C:\PROGRA~3\LOCALS~1\Temp\mswartzai.cmd
FF - ProfilePath - C:\Users\Kenan ve Deniz\AppData\Roaming\Mozilla\Firefox\Profiles\me9vxh6d.default\
FF - prefs.js: browser.startup.homepage - hxxp://search.babylon.com/?affID=112543&tt=3012_3&babsrc=HP_ss&mntrId=5611f8ee000000000000000000000030
FF - prefs.js: keyword.URL - hxxp://search.babylon.com/?affID=112543&tt=3012_3&babsrc=KW_ss&mntrId=5611f8ee000000000000000000000030&q=
FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=112543&tt=3012_3
FF - user.js: extensions.BabylonToolbar_i.babExt -
FF - user.js: extensions.BabylonToolbar_i.srcExt - ss
FF - user.js: extensions.BabylonToolbar.tlbrSrchUrl - hxxp://www.google.com/search?babsrc=TB_ggl&q=
FF - user.js: extensions.BabylonToolbar.id - 5611f8ee000000000000000000000030
FF - user.js: extensions.BabylonToolbar.instlDay - 15549
FF - user.js: extensions.BabylonToolbar.vrsn - 1.5.29.1
FF - user.js: extensions.BabylonToolbar.vrsni - 1.5.29.1
FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.29.14:24:30
FF - user.js: extensions.BabylonToolbar.prtnrId - babylon
FF - user.js: extensions.BabylonToolbar.prdct - BabylonToolbar
FF - user.js: extensions.BabylonToolbar.aflt - babsst
FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
FF - user.js: extensions.BabylonToolbar.tlbrId - base
FF - user.js: extensions.BabylonToolbar.instlRef - sst
FF - user.js: extensions.BabylonToolbar.dfltLng - en
FF - user.js: extensions.BabylonToolbar.excTlbr - false
FF - user.js: extensions.BabylonToolbar.admin - false
2012-07-29 00:31:31 32072 ----a-w- C:\Users\Kenan ve Deniz\AppData\Roaming\gtcllxcfnibemqjscko.exe
[/code]
and paste into Notepad.
Save the file on the desktop with the name CFScript and encoding ANSI (next to the save button).

Prepare the computer according to the instructions for running ComboFix.
Drag CFScript with the mouse and drop it on top of the ComboFix icon on the Desktop, the program will start in a special way.
Paste the new ComboFix log into your answer.
  • Like 1

Share this post


Link to post
Share on other sites
Ok, not necessary to perform step 1. Please, perform step 2.
  • Like 1

Share this post


Link to post
Share on other sites
ComboFix 12-07-30.01 - Kenan ve Deniz 31.07.2012 2:48.3.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1254.90.1055.18.3957.2734 [GMT 3:00]
Running from: c:\users\Kenan ve Deniz\Desktop\vir³s programlar²\ComboFix.exe
Command switches used :: c:\users\Kenan ve Deniz\Desktop\CFScript.txt
AV: Lavasoft Ad-Aware *Enabled/Updated* {445B48C3-0FA4-6B16-8F07-6506F305D800}
FW: Lavasoft Ad-Aware *Enabled* {7C60C9E6-45CB-6A4E-A458-CC330DD69F7B}
SP: Lavasoft Ad-Aware *Enabled/Updated* {FF3AA927-299E-6498-B5B7-5E74888292BD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Kenan ve Deniz\AppData\Roaming\data.dat
c:\users\Kenan ve Deniz\AppData\Roaming\gtcllxcfnibemqjscko.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-06-28 to 2012-07-30 )))))))))))))))))))))))))))))))
.
.
2012-07-30 23:54 . 2012-07-30 23:54 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\temp
2012-07-30 23:54 . 2012-07-30 23:54 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-07-29 12:26 . 2012-07-29 12:26 -------- d-----w- c:\users\Kenan ve Deniz\AppData\Local\adaware
2012-07-29 12:26 . 2011-12-19 09:44 60536 ----a-w- c:\windows\system32\drivers\sbhips.sys
2012-07-29 12:26 . 2011-09-29 09:16 119416 ----a-w- c:\windows\system32\drivers\SbFwIm.sys
2012-07-29 12:26 . 2011-12-19 09:44 256632 ----a-w- c:\windows\system32\drivers\SbFw.sys
2012-07-29 12:25 . 2011-12-19 10:21 45936 ----a-w- c:\windows\system32\sbbd.exe
2012-07-29 12:25 . 2011-10-26 11:23 57976 ----a-w- c:\windows\system32\drivers\sbredrv.sys
2012-07-29 11:54 . 2012-07-29 11:54 -------- d-----w- c:\users\Kenan ve Deniz\AppData\Local\Downloaded Installations
2012-07-28 05:10 . 2012-07-30 14:43 -------- d-----w- c:\users\Kenan ve Deniz\AppData\Roaming\install
2012-07-28 02:53 . 2012-07-28 02:53 -------- d-----w- c:\users\Kenan ve Deniz\AppData\Roaming\R-TT
2012-07-28 01:24 . 2012-07-28 01:25 -------- d-----w- c:\users\Kenan ve Deniz\AppData\Roaming\eType
2012-07-28 01:24 . 2012-07-28 01:24 304 -c--a-w- C:\user.js
2012-07-28 01:14 . 2012-03-30 11:35 1918320 ----a-w- c:\windows\system32\drivers\tcpipreset
2012-07-28 01:13 . 2012-07-28 01:13 -------- d-----w- c:\users\Kenan ve Deniz\AppData\Local\Opera
2012-07-28 01:13 . 2012-07-28 01:13 -------- d-----w- c:\users\Kenan ve Deniz\AppData\Local\Comodo
2012-07-28 01:13 . 2012-07-28 01:13 -------- d-----w- c:\users\Kenan ve Deniz\AppData\Local\Bromium
2012-07-28 01:13 . 2012-07-28 01:13 -------- d-----w- c:\users\Kenan ve Deniz\AppData\Local\Chromium
2012-07-28 01:13 . 2012-07-28 01:13 -------- d-----w- c:\users\Kenan ve Deniz\AppData\Local\Nichrome
2012-07-28 01:13 . 2012-07-28 01:13 -------- d-----w- c:\users\Kenan ve Deniz\AppData\Local\Xpom
2012-07-28 01:04 . 2012-07-28 01:11 -------- d-----w- c:\users\Kenan ve Deniz\AppData\Roaming\dclogs
2012-07-26 13:25 . 2012-07-26 13:25 -------- d-----w- c:\program files (x86)\adawaretb
2012-07-26 13:25 . 2011-10-26 13:19 69376 ----a-w- c:\windows\system32\drivers\Lbd.sys
2012-07-26 00:14 . 2012-07-26 00:14 -------- d-----w- c:\program files (x86)\Oracle
2012-07-25 21:57 . 2012-07-25 21:57 -------- d-----w- c:\programdata\Local Settings
2012-07-11 11:07 . 2012-06-12 03:08 3148800 ----a-w- c:\windows\system32\win32k.sys
2012-07-03 03:12 . 2012-07-03 03:13 -------- d-----w- c:\users\Kenan ve Deniz\AppData\Local\Geekcorp
2012-07-01 12:09 . 2012-07-01 12:09 -------- d-sh--w- c:\windows\ftpcache
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-27 23:49 . 2012-04-10 17:44 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-07-27 23:49 . 2011-05-19 13:50 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-07-11 11:04 . 2010-06-04 19:30 59701280 ----a-w- c:\windows\system32\MRT.exe
2012-07-05 19:06 . 2012-05-28 11:05 772544 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
2012-07-05 19:06 . 2012-05-28 11:05 687544 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-06-05 10:18 . 2011-03-28 15:36 19736 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2012-06-02 22:19 . 2012-06-21 07:01 38424 ----a-w- c:\windows\system32\wups.dll
2012-06-02 22:19 . 2012-06-21 07:01 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 22:19 . 2012-06-21 07:01 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 22:19 . 2012-06-21 07:01 44056 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 22:19 . 2012-06-21 07:01 701976 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 22:15 . 2012-06-21 07:01 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-06-02 22:15 . 2012-06-21 07:01 99840 ----a-w- c:\windows\system32\wudriver.dll
2012-06-02 12:19 . 2012-06-21 07:00 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-02 12:15 . 2012-06-21 07:00 36864 ----a-w- c:\windows\system32\wuapp.exe
2012-05-15 04:01 . 2012-06-15 16:35 1188864 ----a-w- c:\windows\system32\wininet.dll
2012-05-15 03:59 . 2012-06-15 16:35 64512 ----a-w- c:\windows\system32\jsproxy.dll
2012-05-15 03:03 . 2012-06-15 16:35 981504 ----a-w- c:\windows\SysWow64\wininet.dll
2012-05-04 11:06 . 2012-06-15 16:34 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-05-04 10:03 . 2012-06-15 16:34 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-05-04 10:03 . 2012-06-15 16:34 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
.
.
((((((((((((((((((((((((((((( [email protected]_14.55.54 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-01-04 10:51 . 2012-07-30 23:15 60640 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-07-30 23:45 30242 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2010-05-30 17:21 . 2012-07-30 23:45 22116 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3972443797-2272916507-3105240164-1001_UserData.bin
+ 2010-05-30 17:21 . 2012-07-30 23:57 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-05-30 17:21 . 2012-07-30 14:54 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-05-30 17:21 . 2012-07-30 14:54 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2010-05-30 17:21 . 2012-07-30 23:57 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2010-05-30 17:21 . 2012-07-30 23:57 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2010-05-30 17:21 . 2012-07-30 14:54 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2010-05-30 17:21 . 2012-07-30 14:54 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-05-30 17:21 . 2012-07-30 23:57 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-05-30 17:21 . 2012-07-30 23:57 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2010-05-30 17:21 . 2012-07-30 14:54 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-07-07 17:55 . 2012-07-30 18:15 4194 c:\windows\system32\wdi\ERCQueuedResolutions.dat
- 2012-07-30 14:51 . 2012-07-30 14:51 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-07-30 23:55 . 2012-07-30 23:55 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-07-30 23:55 . 2012-07-30 23:55 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2012-07-30 14:51 . 2012-07-30 14:51 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2012-07-26 00:14 . 2012-06-26 22:43 227824 c:\windows\SysWOW64\javaws.exe
- 2009-09-22 20:29 . 2012-06-15 22:13 619554 c:\windows\system32\perfh01F.dat
+ 2009-09-22 20:29 . 2012-07-30 18:23 619554 c:\windows\system32\perfh01F.dat
- 2009-07-14 02:36 . 2012-06-15 22:13 617064 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2012-07-30 18:23 617064 c:\windows\system32\perfh009.dat
+ 2009-09-22 20:29 . 2012-07-30 18:23 121714 c:\windows\system32\perfc01F.dat
- 2009-09-22 20:29 . 2012-06-15 22:13 121714 c:\windows\system32\perfc01F.dat
- 2009-07-14 02:36 . 2012-06-15 22:13 106246 c:\windows\system32\perfc009.dat
+ 2009-07-14 02:36 . 2012-07-30 18:23 106246 c:\windows\system32\perfc009.dat
- 2009-07-14 05:01 . 2012-07-30 14:50 389832 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 05:01 . 2012-07-30 23:55 389832 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2012-01-23 01:26 . 2012-07-30 14:32 1411404 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-3972443797-2272916507-3105240164-1001-12288.dat
+ 2012-01-23 01:26 . 2012-07-30 18:34 1411404 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-3972443797-2272916507-3105240164-1001-12288.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{6c97a91e-4524-4019-86af-2aa2d567bf5c}]
2011-10-21 09:10 87440 ----a-w- c:\program files (x86)\adawaretb\adawareDx.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{6c97a91e-4524-4019-86af-2aa2d567bf5c}"= "c:\program files (x86)\adawaretb\adawareDx.dll" [2011-10-21 87440]
.
[HKEY_CLASSES_ROOT\clsid\{6c97a91e-4524-4019-86af-2aa2d567bf5c}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TomTomHOME.exe"="c:\program files (x86)\TomTom HOME 2\TomTomHOMERunner.exe" [2011-03-09 247728]
"audiodg_TR.exe"="c:\users\Kenan ve Deniz\Documents\audiodg_TR.exe" [2012-07-28 24064]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Ad-Aware Antivirus"="c:\program files (x86)\Ad-Aware Antivirus\AdAwareLauncher --windows-run" [X]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-09-09 98304]
"PDVDDXSrv"="c:\program files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2009-06-25 140520]
"Desktop Disc Tool"="c:\program files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe" [2009-10-15 498160]
"Dell Webcam Central"="c:\program files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" [2009-06-24 409744]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"AppleSyncNotifier"="c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-09-21 47904]
"WinampAgent"="c:\program files (x86)\Winamp\winampa.exe" [2010-12-09 74752]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-11-29 421888]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-06-07 421160]
"Ad-Aware Browsing Protection"="c:\programdata\Ad-Aware Browsing Protection\adawarebp.exe" [2011-10-21 198032]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\Currentversion\policies\explorer\Run]
"63726"="c:\progra~3\LOCALS~1\Temp\mswartzai.cmd" [BU]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2009-7-2 1079584]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux2"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Ad-Aware Service]
@="Ad-Aware Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SBAMSvc]
@="Service"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Güncelleme Hizmeti (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [x]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-27 250056]
R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-04-01 183560]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2009-07-01 35104]
R3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files (x86)\Lavasoft\Ad-Aware\KernExplorer64.sys [x]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-07-20 113120]
R3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\DRIVERS\netaapl64.sys [2010-04-19 22528]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2009-07-17 220672]
R3 SBFWIMCL;GFI Software Firewall NDIS IM Filter Service;c:\windows\system32\DRIVERS\sbfwim.sys [2011-09-29 119416]
R3 sbhips;sbhips;c:\windows\system32\drivers\sbhips.sys [2011-12-19 60536]
R3 sbwtis;sbwtis;c:\windows\system32\DRIVERS\sbwtis.sys [2011-12-19 84600]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2011-05-10 51712]
R3 WatAdminSvc;Windows Etkinleştirme Teknolojileri Hizmeti;c:\windows\system32\Wat\WatAdminSvc.exe [2010-06-02 1255736]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [2011-10-26 69376]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2009-07-09 55280]
S1 SbFw;SbFw;c:\windows\system32\drivers\SbFw.sys [2011-12-19 256632]
S1 SBRE;SBRE;c:\windows\system32\drivers\SBREdrv.sys [2011-10-26 57976]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 Ad-Aware Service;Ad-Aware Service;c:\program files (x86)\Ad-Aware Antivirus\AdAwareService.exe [2012-05-03 1226096]
S2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSr64.exe [2009-10-09 92160]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-09-08 202752]
S2 SBAMSvc;Ad-Aware;c:\program files (x86)\Ad-Aware Antivirus\SBAMSvc.exe [2011-12-19 3289032]
S2 sbapifs;sbapifs;c:\windows\system32\DRIVERS\sbapifs.sys [2011-11-29 74872]
S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys [2009-06-15 172704]
S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2009-09-17 56344]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [2009-10-12 151040]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2009-08-20 239616]
S3 SBFWIMCLMP;GFI Software Firewall NDIS IM Filter Miniport;c:\windows\system32\DRIVERS\SBFWIM.sys [2011-09-29 119416]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-07-30 c:\windows\Tasks\Ad-Aware Antivirus Scheduled Scan.job
- c:\progra~2\AD-AWA~1\AdAwareLauncher.exe [2012-05-03 15:37]
.
2012-07-30 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-10 23:49]
.
2012-07-28 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3972443797-2272916507-3105240164-1001Core.job
- c:\users\Kenan ve Deniz\AppData\Local\Google\Update\GoogleUpdate.exe [2012-06-05 12:49]
.
2012-07-30 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3972443797-2272916507-3105240164-1001UA.job
- c:\users\Kenan ve Deniz\AppData\Local\Google\Update\GoogleUpdate.exe [2012-06-05 12:49]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-10-09 8158240]
"Broadcom Wireless Manager UI"="c:\program files\Dell\Dell Wireless WLAN Card\WLTRAY.exe" [2009-07-17 4968960]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\system32\blank.htm
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{6D32B774-FBB3-42D0-9F84-11DD7E168A15}: NameServer = 8.8.8.8,8.8.4.4
DPF: {D5D17C21-1719-4640-B0B2-4F3262419920} - hxxps://www.isbank.com.tr/Internet/lib/JaguarEdit4ISBv29.CAB
FF - ProfilePath - c:\users\Kenan ve Deniz\AppData\Roaming\Mozilla\Firefox\Profiles\me9vxh6d.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://search.babylon.com/?affID=112543&tt=3012_3&babsrc=HP_ss&mntrId=5611f8ee000000000000000000000030
FF - prefs.js: keyword.URL - hxxp://search.babylon.com/?affID=112543&tt=3012_3&babsrc=KW_ss&mntrId=5611f8ee000000000000000000000030&q=
FF - prefs.js: network.proxy.type - 0
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=112543&tt=3012_3
FF - user.js: extensions.BabylonToolbar_i.babExt -
FF - user.js: extensions.BabylonToolbar_i.srcExt - ss
FF - user.js: extensions.BabylonToolbar.tlbrSrchUrl - hxxp://www.google.com/search?babsrc=TB_ggl&q=
FF - user.js: extensions.BabylonToolbar.id - 5611f8ee000000000000000000000030
FF - user.js: extensions.BabylonToolbar.instlDay - 15549
FF - user.js: extensions.BabylonToolbar.vrsn - 1.5.29.1
FF - user.js: extensions.BabylonToolbar.vrsni - 1.5.29.1
FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.29.14:24
FF - user.js: extensions.BabylonToolbar.prtnrId - babylon
FF - user.js: extensions.BabylonToolbar.prdct - BabylonToolbar
FF - user.js: extensions.BabylonToolbar.aflt - babsst
FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
FF - user.js: extensions.BabylonToolbar.tlbrId - base
FF - user.js: extensions.BabylonToolbar.instlRef - sst
FF - user.js: extensions.BabylonToolbar.dfltLng - en
FF - user.js: extensions.BabylonToolbar.excTlbr - false
FF - user.js: extensions.BabylonToolbar.admin - false
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Wow6432Node-HKLM-Run-SunJavaUpdateSched - c:\program files (x86)\Java\jre7\bin\jusched.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_268_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_268_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_268.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_268.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_268.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_268.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Bonjour\mDNSResponder.exe
c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE
.
**************************************************************************
.
Completion time: 2012-07-31 03:01:58 - machine was rebooted
ComboFix-quarantined-files.txt 2012-07-31 00:01
ComboFix2.txt 2012-07-30 15:02
.
Pre-Run: 21.302.284.288 bayt boş
Post-Run: 21.183.340.544 bayt boş
.
- - End Of File - - EA69DA088A825D11EC2991B536649628

Share this post


Link to post
Share on other sites
Hehe :) I understand what you mean in step 1st :))))

[url="https://www.virustotal.com/file/9608e981aed0ccb19c910b39558b69b0a1922e7619da332d8fe02a7d3cfc8a7a/analysis/1343693377/"]https://www.virustotal.com/file/9608e981aed0ccb19c910b39558b69b0a1922e7619da332d8fe02a7d3cfc8a7a/analysis/1343693377/[/url]


SHA256: 9608e981aed0ccb19c910b39558b69b0a1922e7619da332d8fe02a7d3cfc8a7a SHA1: 5200b083313385652cb90d91ca38f1c5d350a7b1 MD5: 737a6398d045622d88874d8b399147d0 File size: 32.8 KB ( 33633 bytes ) File name: 2012-07-28-7.dc File type: unknown Detection ratio: 0 / 41 Analysis date: 2012-07-31 00:09:37 UTC ( 0 dakika ago )

Share this post


Link to post
Share on other sites
I think 2012-07-28-7.dc is a file some kind of key logger creates and stores information in until it is uploaded to a server. The file isn't malicious but it is used by a malicious program.

ComboFix didn't succeed in removing Babylon from Firefox. Let us try another tool.

Save OTL on the Desktop. [url=http://oldtimer.geekstogo.com/OTL.exe]http://oldtimer.geekstogo.com/OTL.exe[/url]
Close all programs.
Double-click OTL to run it.

Click on [b]Quick Scan[/b] and do not use the computer while the program runs.

When the program finishes two log files are created on the Desktop, OTL.txt och Extras.txt. Paste the contents of the log OTL.txt into your answer but attach Extras.txt (if you don't see how to attach files click the button "More Reply Options" ).
  • Like 1

Share this post


Link to post
Share on other sites
OTL logfile created on: 31.07.2012 15:08:30 - Run 1
OTL by OldTimer - Version 3.2.55.0 Folder = C:\Users\Kenan ve Deniz\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 0000041f | Country: Türkiye | Language: TRK | Date Format: dd.MM.yyyy

3,86 Gb Total Physical Memory | 2,63 Gb Available Physical Memory | 68,01% Memory free
7,73 Gb Paging File | 6,42 Gb Available in Paging File | 83,03% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 58,59 Gb Total Space | 19,59 Gb Free Space | 33,43% Space Free | Partition Type: NTFS
Drive D: | 397,30 Gb Total Space | 397,20 Gb Free Space | 99,97% Space Free | Partition Type: NTFS

Computer Name: KENANVEDENIZ | User Name: Kenan ve Deniz | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

[color=#E56717]========== Processes (SafeList) ==========[/color]

PRC - [2012.07.31 15:06:03 | 000,597,504 | ---- | M] (OldTimer Tools) -- C:\Users\Kenan ve Deniz\Desktop\OTL.exe
PRC - [2012.05.03 18:37:54 | 001,226,096 | ---- | M] (Lavasoft Limited) -- C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareService.exe
PRC - [2012.05.03 18:37:50 | 020,221,792 | ---- | M] (Lavasoft Limited) -- C:\PROGRA~2\AD-AWA~1\AdAware.exe
PRC - [2011.12.19 13:20:06 | 003,289,032 | ---- | M] (GFI Software) -- C:\Program Files (x86)\Ad-Aware Antivirus\SBAMSvc.exe
PRC - [2011.10.21 12:09:36 | 000,198,032 | ---- | M] (Lavasoft) -- C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe
PRC - [2011.03.28 11:21:16 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
PRC - [2011.03.09 15:30:08 | 000,247,728 | ---- | M] (TomTom) -- C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe
PRC - [2010.12.09 13:45:58 | 000,074,752 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\Winamp\winampa.exe
PRC - [2009.10.15 12:10:28 | 000,498,160 | ---- | M] () -- C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe
PRC - [2009.06.25 05:19:50 | 000,140,520 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe
PRC - [2009.06.25 01:21:38 | 000,409,744 | ---- | M] (Creative Technology Ltd) -- C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe


[color=#E56717]========== Modules (No Company Name) ==========[/color]

MOD - [2010.08.10 00:01:06 | 000,067,872 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2009.10.15 12:10:28 | 000,498,160 | ---- | M] () -- C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe


[color=#E56717]========== Win32 Services (SafeList) ==========[/color]

SRV:[b]64bit:[/b] - [2010.09.22 18:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:[b]64bit:[/b] - [2009.10.09 16:52:16 | 000,092,160 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe -- (AERTFilters)
SRV:[b]64bit:[/b] - [2009.09.08 19:56:00 | 000,202,752 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:[b]64bit:[/b] - [2009.07.17 03:06:00 | 000,033,280 | ---- | M] () [Auto | Running] -- C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRYSVC.EXE -- (wltrysvc)
SRV:[b]64bit:[/b] - [2009.07.02 03:54:02 | 000,864,032 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- c:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe -- (btwdins)
SRV - [2012.07.28 02:49:51 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012.07.14 03:13:54 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.05.03 18:37:54 | 001,226,096 | ---- | M] (Lavasoft Limited) [Auto | Running] -- C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareService.exe -- (Ad-Aware Service)
SRV - [2011.12.19 13:20:06 | 003,289,032 | ---- | M] (GFI Software) [Auto | Running] -- C:\Program Files (x86)\Ad-Aware Antivirus\SBAMSvc.exe -- (SBAMSvc)
SRV - [2011.04.01 11:14:30 | 000,183,560 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)
SRV - [2011.03.28 11:21:16 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE -- (SeaPort)
SRV - [2010.03.18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009.06.11 00:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


[color=#E56717]========== Driver Services (SafeList) ==========[/color]

DRV:[b]64bit:[/b] - [2012.03.08 18:40:52 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
DRV:[b]64bit:[/b] - [2012.03.01 09:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:[b]64bit:[/b] - [2011.12.19 12:44:24 | 000,256,632 | ---- | M] (GFI Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\SbFw.sys -- (SbFw)
DRV:[b]64bit:[/b] - [2011.12.19 12:44:24 | 000,084,600 | ---- | M] (GFI Software) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\sbwtis.sys -- (sbwtis)
DRV:[b]64bit:[/b] - [2011.12.19 12:44:24 | 000,060,536 | ---- | M] (GFI Software) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\sbhips.sys -- (sbhips)
DRV:[b]64bit:[/b] - [2011.11.29 06:59:46 | 000,074,872 | ---- | M] (GFI Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\sbapifs.sys -- (sbapifs)
DRV:[b]64bit:[/b] - [2011.10.26 16:19:22 | 000,069,376 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\Lbd.sys -- (Lbd)
DRV:[b]64bit:[/b] - [2011.10.26 14:23:36 | 000,057,976 | ---- | M] (GFI Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\sbredrv.sys -- (SBRE)
DRV:[b]64bit:[/b] - [2011.09.29 12:16:18 | 000,119,416 | ---- | M] (GFI Software) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SbFwIm.sys -- (SBFWIMCLMP)
DRV:[b]64bit:[/b] - [2011.09.29 12:16:18 | 000,119,416 | ---- | M] (GFI Software) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SbFwIm.sys -- (SBFWIMCL)
DRV:[b]64bit:[/b] - [2011.05.10 08:06:08 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:[b]64bit:[/b] - [2011.03.11 09:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:[b]64bit:[/b] - [2011.03.11 09:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:[b]64bit:[/b] - [2010.11.20 16:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:[b]64bit:[/b] - [2010.11.20 14:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:[b]64bit:[/b] - [2010.11.20 13:43:57 | 000,032,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser.sys -- (usbser)
DRV:[b]64bit:[/b] - [2010.04.19 20:29:18 | 000,022,528 | ---- | M] (Apple Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netaapl64.sys -- (Netaapl)
DRV:[b]64bit:[/b] - [2009.10.12 15:00:52 | 000,151,040 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Impcd.sys -- (Impcd)
DRV:[b]64bit:[/b] - [2009.09.17 23:54:00 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64)
DRV:[b]64bit:[/b] - [2009.09.16 17:47:00 | 000,267,312 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Apfiltr.sys -- (ApfiltrService)
DRV:[b]64bit:[/b] - [2009.09.08 20:31:00 | 006,204,928 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:[b]64bit:[/b] - [2009.08.23 06:02:00 | 000,120,336 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV:[b]64bit:[/b] - [2009.08.20 20:05:00 | 000,239,616 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:[b]64bit:[/b] - [2009.07.17 20:06:00 | 002,769,400 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX)
DRV:[b]64bit:[/b] - [2009.07.17 07:14:00 | 000,220,672 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV:[b]64bit:[/b] - [2009.07.17 03:06:00 | 000,022,520 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\bcm42rly.sys -- (BCM42RLY)
DRV:[b]64bit:[/b] - [2009.07.14 04:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:[b]64bit:[/b] - [2009.07.14 04:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:[b]64bit:[/b] - [2009.07.14 04:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:[b]64bit:[/b] - [2009.07.09 12:00:00 | 000,055,280 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:[b]64bit:[/b] - [2009.07.02 01:26:34 | 000,132,648 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwavdt.sys -- (btwavdt)
DRV:[b]64bit:[/b] - [2009.07.02 01:26:34 | 000,098,344 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwaudio.sys -- (btwaudio)
DRV:[b]64bit:[/b] - [2009.07.02 01:26:34 | 000,035,104 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwl2cap.sys -- (btwl2cap)
DRV:[b]64bit:[/b] - [2009.07.02 01:26:34 | 000,021,160 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwrchid.sys -- (btwrchid)
DRV:[b]64bit:[/b] - [2009.06.15 22:06:42 | 000,172,704 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CtClsFlt.sys -- (CtClsFlt)
DRV:[b]64bit:[/b] - [2009.06.10 23:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:[b]64bit:[/b] - [2009.06.10 23:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:[b]64bit:[/b] - [2009.06.10 23:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:[b]64bit:[/b] - [2009.06.10 23:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:[b]64bit:[/b] - [2009.05.18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV - [2011.10.26 14:23:40 | 000,101,112 | ---- | M] (GFI Software) [Kernel | System | Running] -- C:\Windows\SysWOW64\drivers\SBREDrv.sys -- (SBRE)
DRV - [2009.07.14 04:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


[color=#E56717]========== Standard Registry (SafeList) ==========[/color]


[color=#E56717]========== Internet Explorer ==========[/color]

IE:[b]64bit:[/b] - HKLM\..\SearchScopes,DefaultScope = {4853B14E-F386-480C-A32E-9D9A9305E634}
IE:[b]64bit:[/b] - HKLM\..\SearchScopes\{4853B14E-F386-480C-A32E-9D9A9305E634}: "URL" = http://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox
IE - HKLM\..\URLSearchHook: {57BCA5FA-5DBB-45a2-B558-1755C3F6253B} - C:\Program Files (x86)\Winamp Toolbar\winamptb.dll (AOL LLC.)
IE - HKLM\..\SearchScopes,DefaultScope = {63F75156-1900-4CCA-A711-37FF594613A1}
IE - HKLM\..\SearchScopes\{63F75156-1900-4CCA-A711-37FF594613A1}: "URL" = http://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = tr
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\yandex.com.tr-041340: "URL" = http://safesearchr.lavasoft.com/?source=3336ca5f&tbp=rbox&toolbarid=adawaretb&u=&q={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

[color=#E56717]========== FireFox ==========[/color]

FF - user.js - File not found

FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_268.dll File not found
FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_268.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.1: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=8: C:\Program Files (x86)\Google\Update\1.2.183.39\npGoogleOneClick8.dll File not found
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Kenan ve Deniz\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Kenan ve Deniz\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.07.31 12:57:07 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.07.25 10:20:31 | 000,000,000 | ---D | M]

[2012.07.31 12:54:46 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Kenan ve Deniz\AppData\Roaming\mozilla\Extensions
[2011.01.09 18:37:01 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Kenan ve Deniz\AppData\Roaming\mozilla\Extensions\[email protected]
[2010.06.27 16:22:39 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Kenan ve Deniz\AppData\Roaming\mozilla\Extensions\[email protected]
[2012.07.31 12:57:07 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2012.07.14 03:15:45 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2010.12.09 13:47:06 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll
[2012.03.06 22:16:56 | 000,000,596 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\adawaretb.xml
[2012.07.28 04:24:18 | 000,002,349 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml
[2010.09.14 15:48:25 | 000,002,506 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\BearShareWebSearch.xml
[2012.07.14 05:01:33 | 000,001,182 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-tr.xml
[2012.07.14 05:01:33 | 000,002,489 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yandex-tr.xml

[color=#E56717]========== Chrome ==========[/color]

CHR - homepage: http://www.google.com/
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms},
CHR - homepage: http://www.google.com/
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Kenan ve Deniz\AppData\Local\Google\Chrome\Application\20.0.1132.57\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Kenan ve Deniz\AppData\Local\Google\Chrome\Application\20.0.1132.57\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Kenan ve Deniz\AppData\Local\Google\Chrome\Application\20.0.1132.57\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll
CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\np-mswmp.dll
CHR - plugin: 2007 Microsoft Office system (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\NPOFF12.DLL
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Winamp Application Detector (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npwachk.dll
CHR - plugin: Adobe Acrobat (Enabled) = c:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll
CHR - plugin: Java(TM) Platform SE 7 U4 (Enabled) = C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll
CHR - plugin: Java Deployment Toolkit 7.0.40.255 (Enabled) = C:\Windows\SysWOW64\npDeployJava1.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Google Update (Enabled) = C:\Users\Kenan ve Deniz\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
CHR - Extension: Supernova = C:\Users\Kenan ve Deniz\AppData\Local\Google\Chrome\User Data\Default\Extensions\gegpgpjbmbggplclldecdbpcmopmlbll\1_0\

O1 HOSTS File: ([2012.07.31 02:56:12 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2:[b]64bit:[/b] - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll File not found
O2 - BHO: (Winamp Toolbar Loader) - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files (x86)\Winamp Toolbar\winamptb.dll (AOL LLC.)
O2 - BHO: (Ad-Aware Security Toolbar) - {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files (x86)\adawaretb\adawareDx.dll ()
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (Ad-Aware Security Toolbar) - {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files (x86)\adawaretb\adawareDx.dll ()
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (Winamp Toolbar) - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files (x86)\Winamp Toolbar\winamptb.dll (AOL LLC.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Winamp Toolbar) - {EBF2BA02-9094-4C5A-858B-BB198F3D8DE2} - C:\Program Files (x86)\Winamp Toolbar\winamptb.dll (AOL LLC.)
O4:[b]64bit:[/b] - HKLM..\Run: [Broadcom Wireless Manager UI] C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRAY.EXE (Dell Inc.)
O4:[b]64bit:[/b] - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [Ad-Aware Antivirus] C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareLauncher.exe (Lavasoft Limited)
O4 - HKLM..\Run: [Ad-Aware Browsing Protection] C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe (Lavasoft)
O4 - HKLM..\Run: [Dell Webcam Central] C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [Desktop Disc Tool] C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe ()
O4 - HKLM..\Run: [PDVDDXSrv] C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [StartCCC] c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [WinampAgent] C:\Program Files (x86)\Winamp\winampa.exe (Nullsoft, Inc.)
O4 - HKCU..\Run: [audiodg_TR.exe] C:\Users\Kenan ve Deniz\Documents\audiodg_TR.exe (Logitech inc)
O4 - HKCU..\Run: [TomTomHOME.exe] C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe (TomTom)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Low Rights present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run: 63726 = C:\PROGRA~3\LOCALS~1\Temp\mswartzai.cmd
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9:[b]64bit:[/b] - Extra Button: @c:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:[b]64bit:[/b] - Extra 'Tools' menuitem : @c:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: OneNote'a Gönder - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MIF5BA~1\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote'a G&önder - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MIF5BA~1\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MIF5BA~1\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: Bluetooth'a Gönder - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : &Bluetooth Aygıtına Gönder... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O10:[b]64bit:[/b] - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab (Java Plug-in 10.5.0)
O16 - DPF: {CAFEEFAC-0017-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab (Java Plug-in 1.7.0_05)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab (Java Plug-in 1.7.0_05)
O16 - DPF: {D5D17C21-1719-4640-B0B2-4F3262419920} https://www.isbank.com.tr/Internet/lib/JaguarEdit4ISBv29.CAB (GuvenlikCemberi3-ISBANK)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{66E038D8-3659-42FE-8B79-20B4A5026A87}: DhcpNameServer = 212.65.128.2 212.65.140.142
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6D32B774-FBB3-42D0-9F84-11DD7E168A15}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6D32B774-FBB3-42D0-9F84-11DD7E168A15}: NameServer = 8.8.8.8,8.8.4.4
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6E5B96E3-5364-4179-972A-90BA9B474A7F}: DhcpNameServer = 13.35.0.1 13.35.0.2
O18:[b]64bit:[/b] - Protocol\Handler\grooveLocalGWS - No CLSID value found
O18:[b]64bit:[/b] - Protocol\Handler\ms-help - No CLSID value found
O18:[b]64bit:[/b] - Protocol\Handler\wlmailhtml - No CLSID value found
O18:[b]64bit:[/b] - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20:[b]64bit:[/b] - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:[b]64bit:[/b] - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:[b]64bit:[/b] - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:[b]64bit:[/b] - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:[b]64bit:[/b] - HKLM\..comfile [open] -- "%1" %*
O35:[b]64bit:[/b] - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:[b]64bit:[/b] - HKLM\...com [@ = ComFile] -- "%1" %*
O37:[b]64bit:[/b] - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]

[2012.07.31 15:07:36 | 000,597,504 | ---- | C] (OldTimer Tools) -- C:\Users\Kenan ve Deniz\Desktop\OTL.exe
[2012.07.31 12:57:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Maintenance Service
[2012.07.31 03:02:00 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012.07.31 02:56:15 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN
[2012.07.30 21:37:47 | 000,000,000 | ---D | C] -- C:\Users\Kenan ve Deniz\Desktop\virüs programları
[2012.07.30 17:39:21 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012.07.30 17:39:21 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012.07.30 17:39:21 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012.07.30 17:39:06 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012.07.30 17:38:39 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2012.07.29 22:33:29 | 000,000,000 | ---D | C] -- C:\Users\Kenan ve Deniz\AppData\Local\{F7105408-CB7A-409A-BC9C-D049858133E1}
[2012.07.29 22:33:17 | 000,000,000 | ---D | C] -- C:\Users\Kenan ve Deniz\AppData\Local\{4A8F921E-5FFD-4BA1-BB73-6F0690923D9C}
[2012.07.29 15:26:31 | 000,000,000 | ---D | C] -- C:\Users\Kenan ve Deniz\AppData\Local\adaware
[2012.07.29 15:26:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ad-Aware Antivirus
[2012.07.29 15:26:19 | 000,060,536 | ---- | C] (GFI Software) -- C:\Windows\SysNative\drivers\sbhips.sys
[2012.07.29 15:26:06 | 000,119,416 | ---- | C] (GFI Software) -- C:\Windows\SysNative\drivers\SbFwIm.sys
[2012.07.29 15:26:05 | 000,256,632 | ---- | C] (GFI Software) -- C:\Windows\SysNative\drivers\SbFw.sys
[2012.07.29 15:25:21 | 000,057,976 | ---- | C] (GFI Software) -- C:\Windows\SysNative\drivers\sbredrv.sys
[2012.07.29 15:25:21 | 000,045,936 | ---- | C] (GFI Software) -- C:\Windows\SysNative\sbbd.exe
[2012.07.29 14:54:04 | 000,000,000 | ---D | C] -- C:\Users\Kenan ve Deniz\AppData\Local\Downloaded Installations
[2012.07.28 05:53:34 | 000,000,000 | ---D | C] -- C:\Users\Kenan ve Deniz\Documents\R-TT
[2012.07.28 04:29:38 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP
[2012.07.28 04:13:37 | 000,000,000 | ---D | C] -- C:\Users\Kenan ve Deniz\AppData\Local\Nichrome
[2012.07.28 04:13:33 | 000,000,000 | ---D | C] -- C:\Users\Kenan ve Deniz\AppData\Local\Xpom
[2012.07.28 04:04:50 | 000,000,000 | ---D | C] -- C:\Users\Kenan ve Deniz\AppData\Roaming\dclogs
[2012.07.26 16:25:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\adawaretb
[2012.07.26 16:25:31 | 000,069,376 | ---- | C] (Lavasoft AB) -- C:\Windows\SysNative\drivers\Lbd.sys
[2012.07.26 03:14:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Oracle
[2012.07.26 00:57:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Local Settings
[2012.07.03 06:12:07 | 000,000,000 | ---D | C] -- C:\Users\Kenan ve Deniz\AppData\Local\Geekcorp
[2011.05.26 19:29:57 | 001,169,224 | ---- | C] (Microsoft Corporation) -- C:\Users\Kenan ve Deniz\AppData\Roaming\VFBEMFRZEW.exe
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

[color=#E56717]========== Files - Modified Within 30 Days ==========[/color]

[2012.07.31 15:06:03 | 000,597,504 | ---- | M] (OldTimer Tools) -- C:\Users\Kenan ve Deniz\Desktop\OTL.exe
[2012.07.31 15:01:00 | 000,001,066 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3972443797-2272916507-3105240164-1001UA.job
[2012.07.31 14:49:00 | 000,000,814 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.07.31 12:57:10 | 000,001,136 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012.07.31 10:30:47 | 000,001,014 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3972443797-2272916507-3105240164-1001Core.job
[2012.07.31 10:30:15 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.07.31 03:06:18 | 000,001,870 | ---- | M] () -- C:\Users\Public\Desktop\Ad-Aware Antivirus.lnk
[2012.07.31 03:05:02 | 000,014,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.07.31 03:05:02 | 000,014,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.07.31 02:56:12 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2012.07.31 02:55:45 | 3111,534,592 | -HS- | M] () -- C:\hiberfil.sys
[2012.07.31 02:30:06 | 000,001,226 | ---- | M] () -- C:\Users\Kenan ve Deniz\Desktop\ComboFix.exe - Kısayol.lnk
[2012.07.30 21:23:15 | 001,459,026 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.07.30 21:23:15 | 000,619,554 | ---- | M] () -- C:\Windows\SysNative\perfh01F.dat
[2012.07.30 21:23:15 | 000,617,064 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.07.30 21:23:15 | 000,121,714 | ---- | M] () -- C:\Windows\SysNative\perfc01F.dat
[2012.07.30 21:23:15 | 000,106,246 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.07.30 17:40:56 | 000,014,017 | ---- | M] () -- C:\Users\Kenan ve Deniz\AppData\Roaming\l0g
[2012.07.30 05:31:32 | 000,000,962 | ---- | M] () -- C:\Windows\tasks\Ad-Aware Antivirus Scheduled Scan.job
[2012.07.30 02:15:18 | 000,252,104 | ---- | M] () -- C:\Users\Kenan ve Deniz\Desktop\lava.png
[2012.07.28 04:24:37 | 000,000,304 | ---- | M] () -- C:\user.js
[2012.07.28 03:28:16 | 000,967,260 | ---- | M] () -- C:\Users\Kenan ve Deniz\Desktop\MUSKA.rar
[2012.07.26 16:24:29 | 000,001,139 | ---- | M] () -- C:\Users\Kenan ve Deniz\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Outlook.lnk
[2012.07.25 10:20:31 | 000,002,016 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2012.07.12 20:55:32 | 000,002,331 | ---- | M] () -- C:\Users\Kenan ve Deniz\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2012.07.11 19:07:59 | 000,412,624 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

[color=#E56717]========== Files Created - No Company Name ==========[/color]

[2012.07.31 12:57:10 | 000,001,148 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2012.07.31 12:57:10 | 000,001,136 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012.07.31 02:29:58 | 000,001,226 | ---- | C] () -- C:\Users\Kenan ve Deniz\Desktop\ComboFix.exe - Kısayol.lnk
[2012.07.30 17:39:21 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012.07.30 17:39:21 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012.07.30 17:39:21 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012.07.30 17:39:21 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012.07.30 17:39:21 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012.07.30 02:15:18 | 000,252,104 | ---- | C] () -- C:\Users\Kenan ve Deniz\Desktop\lava.png
[2012.07.29 15:26:22 | 000,001,870 | ---- | C] () -- C:\Users\Public\Desktop\Ad-Aware Antivirus.lnk
[2012.07.29 15:02:59 | 000,000,962 | ---- | C] () -- C:\Windows\tasks\Ad-Aware Antivirus Scheduled Scan.job
[2012.07.29 14:41:39 | 000,014,017 | ---- | C] () -- C:\Users\Kenan ve Deniz\AppData\Roaming\l0g
[2012.07.28 04:24:36 | 000,000,304 | ---- | C] () -- C:\user.js
[2012.07.28 03:28:14 | 000,967,260 | ---- | C] () -- C:\Users\Kenan ve Deniz\Desktop\MUSKA.rar
[2012.07.25 10:20:31 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader 9.lnk
[2012.07.25 10:20:31 | 000,002,016 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2012.07.05 19:13:05 | 005,700,890 | ---- | C] () -- C:\Users\Kenan ve Deniz\Desktop\Always.wma
[2012.01.11 09:59:36 | 000,002,048 | -HS- | C] () -- C:\Windows\Installer\{678e0b4f-17c9-f768-10f6-97e8ee0ffbb1}\@
[2012.01.11 09:59:36 | 000,002,048 | -HS- | C] () -- C:\Users\Kenan ve Deniz\AppData\Local\{678e0b4f-17c9-f768-10f6-97e8ee0ffbb1}\@
[2011.11.29 09:38:17 | 000,000,044 | ---- | C] () -- C:\Windows\SysWow64\statistics.dat
[2011.06.03 22:33:08 | 000,000,064 | ---- | C] () -- C:\Windows\SysWow64\rp_stats.dat
[2011.06.03 22:33:08 | 000,000,044 | ---- | C] () -- C:\Windows\SysWow64\rp_rules.dat
[2011.01.23 01:58:37 | 000,000,120 | ---- | C] () -- C:\Windows\wininit.ini
[2010.08.15 22:54:15 | 001,551,346 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI

[color=#E56717]========== LOP Check ==========[/color]

[2012.07.29 15:02:53 | 000,000,000 | ---D | M] -- C:\Users\Kenan ve Deniz\AppData\Roaming\Ad-Aware Antivirus
[2012.03.22 00:24:32 | 000,000,000 | ---D | M] -- C:\Users\Kenan ve Deniz\AppData\Roaming\adawaretb
[2012.04.11 03:27:27 | 000,000,000 | ---D | M] -- C:\Users\Kenan ve Deniz\AppData\Roaming\Agxagyc
[2011.08.17 23:27:18 | 000,000,000 | ---D | M] -- C:\Users\Kenan ve Deniz\AppData\Roaming\Ambient Design
[2012.04.16 19:38:26 | 000,000,000 | ---D | M] -- C:\Users\Kenan ve Deniz\AppData\Roaming\Azureus
[2012.07.28 04:11:16 | 000,000,000 | ---D | M] -- C:\Users\Kenan ve Deniz\AppData\Roaming\dclogs
[2010.07.18 16:15:11 | 000,000,000 | ---D | M] -- C:\Users\Kenan ve Deniz\AppData\Roaming\Leadertech
[2012.03.21 20:44:30 | 000,000,000 | ---D | M] -- C:\Users\Kenan ve Deniz\AppData\Roaming\Saw
[2012.06.22 21:48:20 | 000,000,000 | ---D | M] -- C:\Users\Kenan ve Deniz\AppData\Roaming\TeamViewer
[2011.01.09 18:36:59 | 000,000,000 | ---D | M] -- C:\Users\Kenan ve Deniz\AppData\Roaming\TomTom
[2012.07.30 05:31:32 | 000,000,962 | ---- | M] () -- C:\Windows\Tasks\Ad-Aware Antivirus Scheduled Scan.job
[2012.06.15 19:21:50 | 000,032,688 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

[color=#E56717]========== Purity Check ==========[/color]



[color=#E56717]========== Alternate Data Streams ==========[/color]

@Alternate Data Stream - 146 bytes -> C:\ProgramData\TEMP:E8BE05FA

< End of report >

Share this post


Link to post
Share on other sites
Close all programs including antivirus programs and other similar programs. Otherwise they might stop OTL.
How? See http://www.bleepingcomputer.com/forums/topic114351.html

Start the program OTL.
Copy all the lines in the box:
[code]
:OTL
IE - HKLM\..\URLSearchHook: {57BCA5FA-5DBB-45a2-B558-1755C3F6253B} - C:\Program Files (x86)\Winamp Toolbar\winamptb.dll (AOL LLC.)
[2012.07.28 04:24:18 | 000,002,349 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml
[2010.09.14 15:48:25 | 000,002,506 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\BearShareWebSearch.xml
@Alternate Data Stream - 146 bytes -> C:\ProgramData\TEMP:E8BE05FA
:Reg
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
:Commands
[CREATERESTOREPOINT]
[REBOOT]
[/code]
Paste them into the field Custom Scans/Fixes.
Click on Run Fix.

If you are asked to restart the computer do that.

Notepad will pop-up with a log. Copy it and paste it into your answer.
If it is not pop-upped, you can find it in the folder c:\_OTL\Moved Files and its name contains the date and time for when OTL was run.

Be sure that antivirus programs etc. are active before connecting to internet.

Please, run DDS too and paste the content of DDS.txt (no need for Attach.txt).
  • Like 1

Share this post


Link to post
Share on other sites
========== OTL ==========
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{57BCA5FA-5DBB-45a2-B558-1755C3F6253B} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{57BCA5FA-5DBB-45a2-B558-1755C3F6253B}\ deleted successfully.
C:\Program Files (x86)\Winamp Toolbar\winamptb.dll moved successfully.
C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml moved successfully.
C:\Program Files (x86)\mozilla firefox\searchplugins\BearShareWebSearch.xml moved successfully.
ADS C:\ProgramData\TEMP:E8BE05FA deleted successfully.
========== REGISTRY ==========
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\ deleted successfully.
========== COMMANDS ==========
Restore point Set: OTL Restore Point

OTL by OldTimer - Version 3.2.55.0 log created on 07312012_170926

Share this post


Link to post
Share on other sites
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 8.0.7601.17514 BrowserJavaVersion: 10.5.1
Run by Kenan ve Deniz at 17:20:15 on 2012-07-31
Microsoft Windows 7 Home Premium 6.1.7601.1.1254.90.1055.18.3957.2445 [GMT 3:00]
.
AV: Lavasoft Ad-Aware *Enabled/Updated* {445B48C3-0FA4-6B16-8F07-6506F305D800}
SP: Lavasoft Ad-Aware *Enabled/Updated* {FF3AA927-299E-6498-B5B7-5E74888292BD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Lavasoft Ad-Aware *Enabled* {7C60C9E6-45CB-6A4E-A458-CC330DD69F7B}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRYSVC.EXE
C:\Program Files\Dell\Dell Wireless WLAN Card\bcmwltry.exe
C:\Windows\system32\WLANExt.exe
C:\Windows\system32\conhost.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareService.exe
C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
C:\Program Files (x86)\Bonjour\mDNSResponder.exe
c:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRAY.EXE
C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe
c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe
C:\Program Files (x86)\Winamp\winampa.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files (x86)\Ad-Aware Antivirus\SBAMSvc.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\PROGRA~2\AD-AWA~1\AdAware.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Users\Kenan ve Deniz\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Kenan ve Deniz\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Kenan ve Deniz\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\DllHost.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\vssvc.exe
C:\Windows\System32\svchost.exe -k swprv
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
.
============== Pseudo HJT Report ===============
.
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mURLSearchHooks: Ad-Aware Security Toolbar: {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files (x86)\adawaretb\adawareDx.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Winamp Toolbar Loader: {25cee8ec-5730-41bc-8b58-22ddc8ab8c20} - C:\Program Files (x86)\Winamp Toolbar\winamptb.dll
BHO: Ad-Aware Security Toolbar: {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files (x86)\adawaretb\adawareDx.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO: Windows Live ID Oturum Açma Yardım Aracı: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
TB: Winamp Toolbar: {ebf2ba02-9094-4c5a-858b-bb198f3d8de2} - C:\Program Files (x86)\Winamp Toolbar\winamptb.dll
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
TB: Ad-Aware Security Toolbar: {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files (x86)\adawaretb\adawareDx.dll
{555d4d79-4bd2-4094-a395-cfc534424a05}
uRun: [TomTomHOME.exe] "C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe"
uRun: [audiodg_TR.exe] C:\Users\Kenan ve Deniz\Documents\audiodg_TR.exe
mRun: [StartCCC] "c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [PDVDDXSrv] "C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
mRun: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe"
mRun: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2
mRun: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
mRun: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
mRun: [WinampAgent] "C:\Program Files (x86)\Winamp\winampa.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [Ad-Aware Browsing Protection] "C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe"
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [Ad-Aware Antivirus] "C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareLauncher" --windows-run
mExplorerRun: [63726] C:\PROGRA~3\LOCALS~1\Temp\mswartzai.cmd
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\BLUETO~1.LNK - C:\Program Files (x86)\WIDCOMM\Bluetooth Software\BTTray.exe
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MIF5BA~1\Office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MIF5BA~1\Office12\REFIEBAR.DLL
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab
DPF: {D5D17C21-1719-4640-B0B2-4F3262419920} - hxxps://www.isbank.com.tr/Internet/lib/JaguarEdit4ISBv29.CAB
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{66E038D8-3659-42FE-8B79-20B4A5026A87} : DhcpNameServer = 212.65.128.2 212.65.140.142
TCP: Interfaces\{6D32B774-FBB3-42D0-9F84-11DD7E168A15} : NameServer = 8.8.8.8,8.8.4.4
TCP: Interfaces\{6D32B774-FBB3-42D0-9F84-11DD7E168A15} : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{6E5B96E3-5364-4179-972A-90BA9B474A7F} : DhcpNameServer = 13.35.0.1 13.35.0.2
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
{18DF081C-E8AD-4283-A596-FA578C2EBDC3}
{25CEE8EC-5730-41bc-8B58-22DDC8AB8C20}
{6c97a91e-4524-4019-86af-2aa2d567bf5c}
{72853161-30C5-4D22-B7F9-0BBC1D38A37E}
{9030D464-4C02-4ABF-8ECC-5164760863C6}
{9FDDE16B-836F-4806-AB1F-1455CBEFF289}
{d2ce3e00-f94a-4740-988e-03dc2f38c34f}
{EBF2BA02-9094-4c5a-858B-BB198F3D8DE2}
{8dcb7100-df86-4384-8842-8fa844297b3f}
{6c97a91e-4524-4019-86af-2aa2d567bf5c}
EB-X64: {555D4D79-4BD2-4094-A395-CFC534424A05} - No File
mRun-x64: [StartCCC] "c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun-x64: [PDVDDXSrv] "C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
mRun-x64: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe"
mRun-x64: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2
mRun-x64: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
mRun-x64: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
mRun-x64: [WinampAgent] "C:\Program Files (x86)\Winamp\winampa.exe"
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun-x64: [Ad-Aware Browsing Protection] "C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe"
mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [Ad-Aware Antivirus] "C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareLauncher" --windows-run
IE-X64: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
SEH-X64: {B5A7F190-DDA6-4420-B3BA-52453494E6CD}: Groove GFS Stub Execution Hook
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Kenan ve Deniz\AppData\Roaming\Mozilla\Firefox\Profiles\b65q0j4k.default\
FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npwachk.dll
FF - plugin: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Users\Kenan ve Deniz\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_268.dll
FF - plugin: C:\Windows\SysWOW64\npDeployJava1.dll
FF - plugin: C:\Windows\SysWOW64\npmproxy.dll
.
============= SERVICES / DRIVERS ===============
.
R0 Lbd;Lbd;C:\Windows\system32\DRIVERS\Lbd.sys --> C:\Windows\system32\DRIVERS\Lbd.sys [?]
R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?]
R1 SbFw;SbFw;C:\Windows\system32\drivers\SbFw.sys --> C:\Windows\system32\drivers\SbFw.sys [?]
R1 SBRE;SBRE;C:\Windows\System32\drivers\SBREDrv.sys [2011-10-26 101112]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 Ad-Aware Service;Ad-Aware Service;C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareService.exe [2012-5-3 1226096]
R2 AERTFilters;Andrea RT Filters Service;C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe [2009-10-9 92160]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]
R2 SBAMSvc;Ad-Aware;C:\Program Files (x86)\Ad-Aware Antivirus\SBAMSvc.exe [2011-12-19 3289032]
R2 sbapifs;sbapifs;C:\Windows\system32\DRIVERS\sbapifs.sys --> C:\Windows\system32\DRIVERS\sbapifs.sys [?]
R3 CtClsFlt;Creative Camera Class Upper Filter Driver;C:\Windows\system32\DRIVERS\CtClsFlt.sys --> C:\Windows\system32\DRIVERS\CtClsFlt.sys [?]
R3 HECIx64;Intel(R) Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?]
R3 Impcd;Impcd;C:\Windows\system32\DRIVERS\Impcd.sys --> C:\Windows\system32\DRIVERS\Impcd.sys [?]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
R3 SBFWIMCLMP;GFI Software Firewall NDIS IM Filter Miniport;C:\Windows\system32\DRIVERS\SBFWIM.sys --> C:\Windows\system32\DRIVERS\SBFWIM.sys [?]
R3 sbhips;sbhips;C:\Windows\system32\drivers\sbhips.sys --> C:\Windows\system32\drivers\sbhips.sys [?]
R3 sbwtis;sbwtis;C:\Windows\system32\DRIVERS\sbwtis.sys --> C:\Windows\system32\DRIVERS\sbwtis.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Güncelleme Hizmeti (gupdate);"C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /svc --> C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [?]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-4-10 250056]
S3 BBSvc;Bing Bar Update Service;C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-4-1 183560]
S3 btwl2cap;Bluetooth L2CAP Service;C:\Windows\system32\DRIVERS\btwl2cap.sys --> C:\Windows\system32\DRIVERS\btwl2cap.sys [?]
S3 fssfltr;fssfltr;C:\Windows\system32\DRIVERS\fssfltr.sys --> C:\Windows\system32\DRIVERS\fssfltr.sys [?]
S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2012-3-8 1492840]
S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-7-31 113120]
S3 Netaapl;Apple Mobile Device Ethernet Service;C:\Windows\system32\DRIVERS\netaapl64.sys --> C:\Windows\system32\DRIVERS\netaapl64.sys [?]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\system32\Drivers\RtsUStor.sys --> C:\Windows\system32\Drivers\RtsUStor.sys [?]
S3 SBFWIMCL;GFI Software Firewall NDIS IM Filter Service;C:\Windows\system32\DRIVERS\sbfwim.sys --> C:\Windows\system32\DRIVERS\sbfwim.sys [?]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
S3 WatAdminSvc;Windows Etkinleştirme Teknolojileri Hizmeti;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2012-07-31 14:09:26 -------- dc----w- C:\_OTL
2012-07-30 23:56:15 -------- dc----w- C:\$RECYCLE.BIN
2012-07-30 14:39:21 98816 ----a-w- C:\Windows\sed.exe
2012-07-30 14:39:21 518144 ----a-w- C:\Windows\SWREG.exe
2012-07-30 14:39:21 256000 ----a-w- C:\Windows\PEV.exe
2012-07-30 14:39:21 208896 ----a-w- C:\Windows\MBR.exe
2012-07-29 19:33:29 -------- d-----w- C:\Users\Kenan ve Deniz\AppData\Local\{F7105408-CB7A-409A-BC9C-D049858133E1}
2012-07-29 19:33:17 -------- d-----w- C:\Users\Kenan ve Deniz\AppData\Local\{4A8F921E-5FFD-4BA1-BB73-6F0690923D9C}
2012-07-29 12:26:31 -------- d-----w- C:\Users\Kenan ve Deniz\AppData\Local\adaware
2012-07-29 12:26:19 60536 ----a-w- C:\Windows\System32\drivers\sbhips.sys
2012-07-29 12:26:06 119416 ----a-w- C:\Windows\System32\drivers\SbFwIm.sys
2012-07-29 12:26:05 256632 ----a-w- C:\Windows\System32\drivers\SbFw.sys
2012-07-29 12:25:21 57976 ----a-w- C:\Windows\System32\drivers\sbredrv.sys
2012-07-29 12:25:21 45936 ----a-w- C:\Windows\System32\sbbd.exe
2012-07-29 11:54:04 -------- d-----w- C:\Users\Kenan ve Deniz\AppData\Local\Downloaded Installations
2012-07-28 01:14:00 1918320 ----a-w- C:\Windows\System32\drivers\tcpipreset
2012-07-28 01:13:37 -------- d-----w- C:\Users\Kenan ve Deniz\AppData\Local\Nichrome
2012-07-28 01:13:33 -------- d-----w- C:\Users\Kenan ve Deniz\AppData\Local\Xpom
2012-07-28 01:04:50 -------- d-----w- C:\Users\Kenan ve Deniz\AppData\Roaming\dclogs
2012-07-26 13:25:36 -------- d-----w- C:\Program Files (x86)\adawaretb
2012-07-26 13:25:31 69376 ----a-w- C:\Windows\System32\drivers\Lbd.sys
2012-07-26 00:14:28 -------- d-----w- C:\Program Files (x86)\Oracle
2012-07-11 11:07:46 3148800 ----a-w- C:\Windows\System32\win32k.sys
2012-07-03 03:12:07 -------- d-----w- C:\Users\Kenan ve Deniz\AppData\Local\Geekcorp
.
==================== Find3M ====================
.
2012-07-27 23:49:51 70344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-07-27 23:49:51 426184 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-07-05 19:06:30 772544 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll
2012-07-05 19:06:20 687544 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2012-06-06 06:06:16 2004480 ----a-w- C:\Windows\System32\msxml6.dll
2012-06-06 06:06:16 1881600 ----a-w- C:\Windows\System32\msxml3.dll
2012-06-06 06:02:54 1133568 ----a-w- C:\Windows\System32\cdosys.dll
2012-06-06 05:05:52 1390080 ----a-w- C:\Windows\SysWow64\msxml6.dll
2012-06-06 05:05:52 1236992 ----a-w- C:\Windows\SysWow64\msxml3.dll
2012-06-06 05:03:06 805376 ----a-w- C:\Windows\SysWow64\cdosys.dll
2012-06-02 22:15:31 2622464 ----a-w- C:\Windows\System32\wucltux.dll
2012-06-02 22:15:08 99840 ----a-w- C:\Windows\System32\wudriver.dll
2012-06-02 12:19:42 186752 ----a-w- C:\Windows\System32\wuwebv.dll
2012-06-02 12:15:12 36864 ----a-w- C:\Windows\System32\wuapp.exe
2012-06-02 05:50:10 458704 ----a-w- C:\Windows\System32\drivers\cng.sys
2012-06-02 05:48:16 95600 ----a-w- C:\Windows\System32\drivers\ksecdd.sys
2012-06-02 05:48:16 151920 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys
2012-06-02 05:45:31 340992 ----a-w- C:\Windows\System32\schannel.dll
2012-06-02 05:44:21 307200 ----a-w- C:\Windows\System32\ncrypt.dll
2012-06-02 04:40:42 22016 ----a-w- C:\Windows\SysWow64\secur32.dll
2012-06-02 04:40:39 225280 ----a-w- C:\Windows\SysWow64\schannel.dll
2012-06-02 04:39:10 219136 ----a-w- C:\Windows\SysWow64\ncrypt.dll
2012-06-02 04:34:09 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
2012-05-15 04:01:31 1188864 ----a-w- C:\Windows\System32\wininet.dll
2012-05-15 03:03:54 981504 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-05-04 11:06:22 5559664 ----a-w- C:\Windows\System32\ntoskrnl.exe
2012-05-04 10:03:53 3968368 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2012-05-04 10:03:50 3913072 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
.
============= FINISH: 17:20:41,03 ===============

Share this post


Link to post
Share on other sites
Any remaining problems now?
If not, I will give you instructions for how to uninstall OTL and the other special programs.
  • Like 1

Share this post


Link to post
Share on other sites
you are amazing :)))
i don't know how can i thank to you :)))
there is no babylon anymore even explorer :)
i don't see 'how please check my exe' virus too :))))
last time when i try to upload 10.2 i see blue screen... I hope this time when i update to 10.2 i don't see them.
If i don't erase them (specially combofix) will it be problem???
  • Like 1

Share this post


Link to post
Share on other sites
Thank you for all the kind words.

Let us do one more check. Run an online scan with Eset http://www.eset.com/onlinescan/
To shorten the scanning time disable your antivirus program while scanning.

Un-check "Remove found threats"
Check "Scan Archives"

Click "Advanced Settings"
Check:
Scan for potentially unwanted applications
Scan for potentially unsafe applications
Enable Anti-Stealth Technology

Click Scan

When the scan completes the log file C:\Program\Eset\Eset Online Scanner\log.txt is created. Open it in Notepad and paste its content in your answer.

P.S.
ComboFix is updated rather often so it shouldn't be saved. It should be downloaded every time it is needed.
  • Like 1

Share this post


Link to post
Share on other sites
[email protected] as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=62f60ceadd6261408900881fb23708ac
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2012-07-31 04:18:57
# local_time=2012-07-31 07:18:57 (+0200, GTB Yaz Saati)
# country="Turkey"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=5893 16776574 100 35 36284565 54384155 0 0
# compatibility_mode=8192 67108863 100 0 506 506 0 0
# scanned=142284
# found=14
# cleaned=0
# scan_time=3667
C:\Qoobox\Quarantine\C\Rundll32.exe.vir a variant of MSIL/Injector.AKA trojan (unable to clean) 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\Users\Kenan ve Deniz\AppData\Roaming\brwcfj.exe.vir a variant of MSIL/Injector.AKA trojan (unable to clean) 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\Users\Kenan ve Deniz\AppData\Roaming\Orrirw.exe.vir a variant of Win32/Kryptik.AJBZ trojan (unable to clean) 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\Users\Kenan ve Deniz\AppData\Roaming\proclean.exe.vir a variant of MSIL/Injector.AKG trojan (unable to clean) 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\Users\Kenan ve Deniz\AppData\Roaming\proclean.zgy.vir a variant of MSIL/Injector.AKG trojan (unable to clean) 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\Users\Kenan ve Deniz\AppData\Roaming\rnbkwi.exe.vir a variant of Win32/Injector.Autoit.AF trojan (unable to clean) 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\Users\Kenan ve Deniz\AppData\Roaming\rqxkrl.exe.vir a variant of MSIL/Injector.AKG trojan (unable to clean) 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\Users\Kenan ve Deniz\AppData\Roaming\sccdlc.exe.vir a variant of MSIL/Injector.AKA trojan (unable to clean) 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\Users\Kenan ve Deniz\AppData\Roaming\vbccvbgfb.zgy.vir a variant of MSIL/Injector.AKG trojan (unable to clean) 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\Users\Kenan ve Deniz\AppData\Roaming\windowsand.zgy.vir a variant of MSIL/Injector.AKG trojan (unable to clean) 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\Users\Kenan ve Deniz\AppData\Roaming\wpjeqw.exe.vir Win32/Dorkbot.B worm (unable to clean) 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\Users\Kenan ve Deniz\AppData\Roaming\xllhol.exe.vir probably unknown NewHeur_PE virus (unable to clean) 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\Users\Kenan ve Deniz\AppData\Roaming\Microsoft\pdt__wpr_ridwsymbxnopd_kcoc_bsa.exe.vir a variant of MSIL/Spy.Agent.BW trojan (unable to clean) 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\D\Rundll32.exe.vir a variant of MSIL/Injector.AKA trojan (unable to clean) 00000000000000000000000000000000 I

Share this post


Link to post
Share on other sites
Thank you for liking my posts :)

Good! All found in the quarantine of ComboFix.

Please, run a full scan with Ad-Aware too.

Before uninstalling the tools, Lavasoft would appreciate if you send the infected files to them. Do you know how to pack (zip) a folder?
I would like you to zip C:\Qoobox\Quarantine and c:\_OTL\Moved Files. Please, start a new topic in http://www.lavasoftsupport.com/index.php?/forum/151-malware-uploads/ and attach the zipped folders. In the post you can paste a link to this topic.
  • Like 1

Share this post


Link to post
Share on other sites
Off course I'm gonna like your posts :)

You are my best friend now :))))

I don't know how can I uninstall and zip :)))
I'm just a computer user not a professional like you :))))

Thank you again

Share this post


Link to post
Share on other sites
The new topic of the web page is Qoobox :)))) I couldn't know which name shall I git it to the head :)))

[url="http://www.lavasoftsupport.com/index.php?/topic/32685-qoobox/"]http://www.lavasoftsupport.com/index.php?/topic/32685-qoobox/[/url]

Share this post


Link to post
Share on other sites
Esset is the uniqe program among The programs that you made me establish and run in the control panel :)
the others on the desktop as a program symbols.
Shall it enough to erase them from desktop?

Share this post


Link to post
Share on other sites
Dear Cecilia I have a bad news.

Unfortuanetly we couldn't solve the 'babylon' problem yet.
When I open the explorer the babylon aren't seemed but when I open a new tab here we go 'babylon' is there again.

Another problem is that after second scan of first one ad aware detected 6 virus and going on to detect. I will send the detec report when it finish.
In the second scan computer shut itself down.

The problem are those for now :)

thanks your efforts

Share this post


Link to post
Share on other sites
I scanned second times with Ad Aware.
This time it detected 6 virus but it just deleted 1 of 6...

Why this program doesn't delete the other 5???

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.
Sign in to follow this