kenanorhan 1 Report post Posted July 30, 2012 if chorimium interests with google chrome yes i prepared it. and I established etype when I was trying to restore or recover my deleted pictures.... that day I established couple programmes and I tried to delete most of them. the 'babylon thing' get in my computer that day... Share this post Link to post Share on other sites
kenanorhan 1 Report post Posted July 30, 2012 but i dont need none of them except Google Chrome ) Share this post Link to post Share on other sites
CeciliaB 475 Report post Posted July 30, 2012 No need to delete folders that aren't malicious. Babylon toolbar usually comes together with another program, it is used as a way of the program developer to get paid for the work. 1. Please, upload the file c:\users\Kenan ve Deniz\AppData\Roaming\dclogs\2012-07-28-7.dc to the virustotal web page and post the link to the result. 2. Copy all lines in the box: [code] Killall:: ClearJavaCache:: DDS:: uStart Page = hxxp://search.babylon.com/?affID=112543&tt=3012_3&babsrc=HP_ss&mntrId=5611f8ee000000000000000000000030 mURLSearchHooks: Winamp Search Class: {57bca5fa-5dbb-45a2-b558-1755c3f6253b} - C:\Program Files (x86)\Winamp Toolbar\winamptb.dll TB: Babylon Toolbar: {98889811-442d-49dd-99d7-dc866be87dbc} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.29.1\BabylonToolbarTlbr.dll TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File TB: {91397D20-1446-11D4-8AF4-0040CA1127B6} - No File TB-X64: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File TB-X64: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File TB-X64: {91397D20-1446-11D4-8AF4-0040CA1127B6} - No File EB-X64: {555D4D79-4BD2-4094-A395-CFC534424A05} - No File uRun: [gtcllxcfnibemqjscko] C:\Users\Kenan ve Deniz\AppData\Roaming\gtcllxcfnibemqjscko.exe mExplorerRun: [63726] C:\PROGRA~3\LOCALS~1\Temp\mswartzai.cmd FF - ProfilePath - C:\Users\Kenan ve Deniz\AppData\Roaming\Mozilla\Firefox\Profiles\me9vxh6d.default\ FF - prefs.js: browser.startup.homepage - hxxp://search.babylon.com/?affID=112543&tt=3012_3&babsrc=HP_ss&mntrId=5611f8ee000000000000000000000030 FF - prefs.js: keyword.URL - hxxp://search.babylon.com/?affID=112543&tt=3012_3&babsrc=KW_ss&mntrId=5611f8ee000000000000000000000030&q= FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=112543&tt=3012_3 FF - user.js: extensions.BabylonToolbar_i.babExt - FF - user.js: extensions.BabylonToolbar_i.srcExt - ss FF - user.js: extensions.BabylonToolbar.tlbrSrchUrl - hxxp://www.google.com/search?babsrc=TB_ggl&q= FF - user.js: extensions.BabylonToolbar.id - 5611f8ee000000000000000000000030 FF - user.js: extensions.BabylonToolbar.instlDay - 15549 FF - user.js: extensions.BabylonToolbar.vrsn - 1.5.29.1 FF - user.js: extensions.BabylonToolbar.vrsni - 1.5.29.1 FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.29.14:24:30 FF - user.js: extensions.BabylonToolbar.prtnrId - babylon FF - user.js: extensions.BabylonToolbar.prdct - BabylonToolbar FF - user.js: extensions.BabylonToolbar.aflt - babsst FF - user.js: extensions.BabylonToolbar_i.smplGrp - none FF - user.js: extensions.BabylonToolbar.tlbrId - base FF - user.js: extensions.BabylonToolbar.instlRef - sst FF - user.js: extensions.BabylonToolbar.dfltLng - en FF - user.js: extensions.BabylonToolbar.excTlbr - false FF - user.js: extensions.BabylonToolbar.admin - false 2012-07-29 00:31:31 32072 ----a-w- C:\Users\Kenan ve Deniz\AppData\Roaming\gtcllxcfnibemqjscko.exe [/code] and paste into Notepad. Save the file on the desktop with the name CFScript and encoding ANSI (next to the save button). Prepare the computer according to the instructions for running ComboFix. Drag CFScript with the mouse and drop it on top of the ComboFix icon on the Desktop, the program will start in a special way. Paste the new ComboFix log into your answer. 1 Share this post Link to post Share on other sites
kenanorhan 1 Report post Posted July 30, 2012 (edited) ? Edited July 31, 2012 by kenanorhan Share this post Link to post Share on other sites
CeciliaB 475 Report post Posted July 30, 2012 Ok, not necessary to perform step 1. Please, perform step 2. 1 Share this post Link to post Share on other sites
kenanorhan 1 Report post Posted July 31, 2012 ComboFix 12-07-30.01 - Kenan ve Deniz 31.07.2012 2:48.3.4 - x64 Microsoft Windows 7 Home Premium 6.1.7601.1.1254.90.1055.18.3957.2734 [GMT 3:00] Running from: c:\users\Kenan ve Deniz\Desktop\vir³s programlar²\ComboFix.exe Command switches used :: c:\users\Kenan ve Deniz\Desktop\CFScript.txt AV: Lavasoft Ad-Aware *Enabled/Updated* {445B48C3-0FA4-6B16-8F07-6506F305D800} FW: Lavasoft Ad-Aware *Enabled* {7C60C9E6-45CB-6A4E-A458-CC330DD69F7B} SP: Lavasoft Ad-Aware *Enabled/Updated* {FF3AA927-299E-6498-B5B7-5E74888292BD} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\users\Kenan ve Deniz\AppData\Roaming\data.dat c:\users\Kenan ve Deniz\AppData\Roaming\gtcllxcfnibemqjscko.exe . . ((((((((((((((((((((((((( Files Created from 2012-06-28 to 2012-07-30 ))))))))))))))))))))))))))))))) . . 2012-07-30 23:54 . 2012-07-30 23:54 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\temp 2012-07-30 23:54 . 2012-07-30 23:54 -------- d-----w- c:\users\Default\AppData\Local\temp 2012-07-29 12:26 . 2012-07-29 12:26 -------- d-----w- c:\users\Kenan ve Deniz\AppData\Local\adaware 2012-07-29 12:26 . 2011-12-19 09:44 60536 ----a-w- c:\windows\system32\drivers\sbhips.sys 2012-07-29 12:26 . 2011-09-29 09:16 119416 ----a-w- c:\windows\system32\drivers\SbFwIm.sys 2012-07-29 12:26 . 2011-12-19 09:44 256632 ----a-w- c:\windows\system32\drivers\SbFw.sys 2012-07-29 12:25 . 2011-12-19 10:21 45936 ----a-w- c:\windows\system32\sbbd.exe 2012-07-29 12:25 . 2011-10-26 11:23 57976 ----a-w- c:\windows\system32\drivers\sbredrv.sys 2012-07-29 11:54 . 2012-07-29 11:54 -------- d-----w- c:\users\Kenan ve Deniz\AppData\Local\Downloaded Installations 2012-07-28 05:10 . 2012-07-30 14:43 -------- d-----w- c:\users\Kenan ve Deniz\AppData\Roaming\install 2012-07-28 02:53 . 2012-07-28 02:53 -------- d-----w- c:\users\Kenan ve Deniz\AppData\Roaming\R-TT 2012-07-28 01:24 . 2012-07-28 01:25 -------- d-----w- c:\users\Kenan ve Deniz\AppData\Roaming\eType 2012-07-28 01:24 . 2012-07-28 01:24 304 -c--a-w- C:\user.js 2012-07-28 01:14 . 2012-03-30 11:35 1918320 ----a-w- c:\windows\system32\drivers\tcpipreset 2012-07-28 01:13 . 2012-07-28 01:13 -------- d-----w- c:\users\Kenan ve Deniz\AppData\Local\Opera 2012-07-28 01:13 . 2012-07-28 01:13 -------- d-----w- c:\users\Kenan ve Deniz\AppData\Local\Comodo 2012-07-28 01:13 . 2012-07-28 01:13 -------- d-----w- c:\users\Kenan ve Deniz\AppData\Local\Bromium 2012-07-28 01:13 . 2012-07-28 01:13 -------- d-----w- c:\users\Kenan ve Deniz\AppData\Local\Chromium 2012-07-28 01:13 . 2012-07-28 01:13 -------- d-----w- c:\users\Kenan ve Deniz\AppData\Local\Nichrome 2012-07-28 01:13 . 2012-07-28 01:13 -------- d-----w- c:\users\Kenan ve Deniz\AppData\Local\Xpom 2012-07-28 01:04 . 2012-07-28 01:11 -------- d-----w- c:\users\Kenan ve Deniz\AppData\Roaming\dclogs 2012-07-26 13:25 . 2012-07-26 13:25 -------- d-----w- c:\program files (x86)\adawaretb 2012-07-26 13:25 . 2011-10-26 13:19 69376 ----a-w- c:\windows\system32\drivers\Lbd.sys 2012-07-26 00:14 . 2012-07-26 00:14 -------- d-----w- c:\program files (x86)\Oracle 2012-07-25 21:57 . 2012-07-25 21:57 -------- d-----w- c:\programdata\Local Settings 2012-07-11 11:07 . 2012-06-12 03:08 3148800 ----a-w- c:\windows\system32\win32k.sys 2012-07-03 03:12 . 2012-07-03 03:13 -------- d-----w- c:\users\Kenan ve Deniz\AppData\Local\Geekcorp 2012-07-01 12:09 . 2012-07-01 12:09 -------- d-sh--w- c:\windows\ftpcache . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-07-27 23:49 . 2012-04-10 17:44 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2012-07-27 23:49 . 2011-05-19 13:50 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2012-07-11 11:04 . 2010-06-04 19:30 59701280 ----a-w- c:\windows\system32\MRT.exe 2012-07-05 19:06 . 2012-05-28 11:05 772544 ----a-w- c:\windows\SysWow64\npDeployJava1.dll 2012-07-05 19:06 . 2012-05-28 11:05 687544 ----a-w- c:\windows\SysWow64\deployJava1.dll 2012-06-05 10:18 . 2011-03-28 15:36 19736 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll 2012-06-02 22:19 . 2012-06-21 07:01 38424 ----a-w- c:\windows\system32\wups.dll 2012-06-02 22:19 . 2012-06-21 07:01 2428952 ----a-w- c:\windows\system32\wuaueng.dll 2012-06-02 22:19 . 2012-06-21 07:01 57880 ----a-w- c:\windows\system32\wuauclt.exe 2012-06-02 22:19 . 2012-06-21 07:01 44056 ----a-w- c:\windows\system32\wups2.dll 2012-06-02 22:19 . 2012-06-21 07:01 701976 ----a-w- c:\windows\system32\wuapi.dll 2012-06-02 22:15 . 2012-06-21 07:01 2622464 ----a-w- c:\windows\system32\wucltux.dll 2012-06-02 22:15 . 2012-06-21 07:01 99840 ----a-w- c:\windows\system32\wudriver.dll 2012-06-02 12:19 . 2012-06-21 07:00 186752 ----a-w- c:\windows\system32\wuwebv.dll 2012-06-02 12:15 . 2012-06-21 07:00 36864 ----a-w- c:\windows\system32\wuapp.exe 2012-05-15 04:01 . 2012-06-15 16:35 1188864 ----a-w- c:\windows\system32\wininet.dll 2012-05-15 03:59 . 2012-06-15 16:35 64512 ----a-w- c:\windows\system32\jsproxy.dll 2012-05-15 03:03 . 2012-06-15 16:35 981504 ----a-w- c:\windows\SysWow64\wininet.dll 2012-05-04 11:06 . 2012-06-15 16:34 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe 2012-05-04 10:03 . 2012-06-15 16:34 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe 2012-05-04 10:03 . 2012-06-15 16:34 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe . . ((((((((((((((((((((((((((((( [email protected]_14.55.54 ))))))))))))))))))))))))))))))))))))))))) . + 2010-01-04 10:51 . 2012-07-30 23:15 60640 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin + 2009-07-14 05:10 . 2012-07-30 23:45 30242 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin + 2010-05-30 17:21 . 2012-07-30 23:45 22116 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3972443797-2272916507-3105240164-1001_UserData.bin + 2010-05-30 17:21 . 2012-07-30 23:57 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat - 2010-05-30 17:21 . 2012-07-30 14:54 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat - 2010-05-30 17:21 . 2012-07-30 14:54 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat + 2010-05-30 17:21 . 2012-07-30 23:57 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat + 2010-05-30 17:21 . 2012-07-30 23:57 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat - 2010-05-30 17:21 . 2012-07-30 14:54 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat - 2010-05-30 17:21 . 2012-07-30 14:54 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat + 2010-05-30 17:21 . 2012-07-30 23:57 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat + 2010-05-30 17:21 . 2012-07-30 23:57 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat - 2010-05-30 17:21 . 2012-07-30 14:54 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat + 2010-07-07 17:55 . 2012-07-30 18:15 4194 c:\windows\system32\wdi\ERCQueuedResolutions.dat - 2012-07-30 14:51 . 2012-07-30 14:51 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat + 2012-07-30 23:55 . 2012-07-30 23:55 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat + 2012-07-30 23:55 . 2012-07-30 23:55 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat - 2012-07-30 14:51 . 2012-07-30 14:51 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat + 2012-07-26 00:14 . 2012-06-26 22:43 227824 c:\windows\SysWOW64\javaws.exe - 2009-09-22 20:29 . 2012-06-15 22:13 619554 c:\windows\system32\perfh01F.dat + 2009-09-22 20:29 . 2012-07-30 18:23 619554 c:\windows\system32\perfh01F.dat - 2009-07-14 02:36 . 2012-06-15 22:13 617064 c:\windows\system32\perfh009.dat + 2009-07-14 02:36 . 2012-07-30 18:23 617064 c:\windows\system32\perfh009.dat + 2009-09-22 20:29 . 2012-07-30 18:23 121714 c:\windows\system32\perfc01F.dat - 2009-09-22 20:29 . 2012-06-15 22:13 121714 c:\windows\system32\perfc01F.dat - 2009-07-14 02:36 . 2012-06-15 22:13 106246 c:\windows\system32\perfc009.dat + 2009-07-14 02:36 . 2012-07-30 18:23 106246 c:\windows\system32\perfc009.dat - 2009-07-14 05:01 . 2012-07-30 14:50 389832 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat + 2009-07-14 05:01 . 2012-07-30 23:55 389832 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat - 2012-01-23 01:26 . 2012-07-30 14:32 1411404 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-3972443797-2272916507-3105240164-1001-12288.dat + 2012-01-23 01:26 . 2012-07-30 18:34 1411404 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-3972443797-2272916507-3105240164-1001-12288.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{6c97a91e-4524-4019-86af-2aa2d567bf5c}] 2011-10-21 09:10 87440 ----a-w- c:\program files (x86)\adawaretb\adawareDx.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar] "{6c97a91e-4524-4019-86af-2aa2d567bf5c}"= "c:\program files (x86)\adawaretb\adawareDx.dll" [2011-10-21 87440] . [HKEY_CLASSES_ROOT\clsid\{6c97a91e-4524-4019-86af-2aa2d567bf5c}] . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "TomTomHOME.exe"="c:\program files (x86)\TomTom HOME 2\TomTomHOMERunner.exe" [2011-03-09 247728] "audiodg_TR.exe"="c:\users\Kenan ve Deniz\Documents\audiodg_TR.exe" [2012-07-28 24064] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "Ad-Aware Antivirus"="c:\program files (x86)\Ad-Aware Antivirus\AdAwareLauncher --windows-run" [X] "StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-09-09 98304] "PDVDDXSrv"="c:\program files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2009-06-25 140520] "Desktop Disc Tool"="c:\program files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe" [2009-10-15 498160] "Dell Webcam Central"="c:\program files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" [2009-06-24 409744] "GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040] "AppleSyncNotifier"="c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-09-21 47904] "WinampAgent"="c:\program files (x86)\Winamp\winampa.exe" [2010-12-09 74752] "QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-11-29 421888] "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-06-07 421160] "Ad-Aware Browsing Protection"="c:\programdata\Ad-Aware Browsing Protection\adawarebp.exe" [2011-10-21 198032] "Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\Currentversion\policies\explorer\Run] "63726"="c:\progra~3\LOCALS~1\Temp\mswartzai.cmd" [BU] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2009-7-2 1079584] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 0 (0x0) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableLUA"= 0 (0x0) "EnableUIADesktopToggle"= 0 (0x0) "PromptOnSecureDesktop"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32] "aux2"=wdmaud.drv . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Ad-Aware Service] @="Ad-Aware Service" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SBAMSvc] @="Service" . R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R2 gupdate;Google Güncelleme Hizmeti (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [x] R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-27 250056] R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-04-01 183560] R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2009-07-01 35104] R3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files (x86)\Lavasoft\Ad-Aware\KernExplorer64.sys [x] R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-07-20 113120] R3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\DRIVERS\netaapl64.sys [2010-04-19 22528] R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2009-07-17 220672] R3 SBFWIMCL;GFI Software Firewall NDIS IM Filter Service;c:\windows\system32\DRIVERS\sbfwim.sys [2011-09-29 119416] R3 sbhips;sbhips;c:\windows\system32\drivers\sbhips.sys [2011-12-19 60536] R3 sbwtis;sbwtis;c:\windows\system32\DRIVERS\sbwtis.sys [2011-12-19 84600] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392] R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2011-05-10 51712] R3 WatAdminSvc;Windows Etkinleştirme Teknolojileri Hizmeti;c:\windows\system32\Wat\WatAdminSvc.exe [2010-06-02 1255736] R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184] S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [2011-10-26 69376] S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2009-07-09 55280] S1 SbFw;SbFw;c:\windows\system32\drivers\SbFw.sys [2011-12-19 256632] S1 SBRE;SBRE;c:\windows\system32\drivers\SBREdrv.sys [2011-10-26 57976] S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904] S2 Ad-Aware Service;Ad-Aware Service;c:\program files (x86)\Ad-Aware Antivirus\AdAwareService.exe [2012-05-03 1226096] S2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSr64.exe [2009-10-09 92160] S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-09-08 202752] S2 SBAMSvc;Ad-Aware;c:\program files (x86)\Ad-Aware Antivirus\SBAMSvc.exe [2011-12-19 3289032] S2 sbapifs;sbapifs;c:\windows\system32\DRIVERS\sbapifs.sys [2011-11-29 74872] S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys [2009-06-15 172704] S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2009-09-17 56344] S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [2009-10-12 151040] S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2009-08-20 239616] S3 SBFWIMCLMP;GFI Software Firewall NDIS IM Filter Miniport;c:\windows\system32\DRIVERS\SBFWIM.sys [2011-09-29 119416] . . Contents of the 'Scheduled Tasks' folder . 2012-07-30 c:\windows\Tasks\Ad-Aware Antivirus Scheduled Scan.job - c:\progra~2\AD-AWA~1\AdAwareLauncher.exe [2012-05-03 15:37] . 2012-07-30 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-10 23:49] . 2012-07-28 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3972443797-2272916507-3105240164-1001Core.job - c:\users\Kenan ve Deniz\AppData\Local\Google\Update\GoogleUpdate.exe [2012-06-05 12:49] . 2012-07-30 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3972443797-2272916507-3105240164-1001UA.job - c:\users\Kenan ve Deniz\AppData\Local\Google\Update\GoogleUpdate.exe [2012-06-05 12:49] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-10-09 8158240] "Broadcom Wireless Manager UI"="c:\program files\Dell\Dell Wireless WLAN Card\WLTRAY.exe" [2009-07-17 4968960] . ------- Supplementary Scan ------- . uLocal Page = c:\windows\system32\blank.htm mLocal Page = c:\windows\system32\blank.htm uInternet Settings,ProxyOverride = *.local uSearchAssistant = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://www.google.com/search?q=%s TCP: DhcpNameServer = 192.168.1.1 TCP: Interfaces\{6D32B774-FBB3-42D0-9F84-11DD7E168A15}: NameServer = 8.8.8.8,8.8.4.4 DPF: {D5D17C21-1719-4640-B0B2-4F3262419920} - hxxps://www.isbank.com.tr/Internet/lib/JaguarEdit4ISBv29.CAB FF - ProfilePath - c:\users\Kenan ve Deniz\AppData\Roaming\Mozilla\Firefox\Profiles\me9vxh6d.default\ FF - prefs.js: browser.search.selectedEngine - Google FF - prefs.js: browser.startup.homepage - hxxp://search.babylon.com/?affID=112543&tt=3012_3&babsrc=HP_ss&mntrId=5611f8ee000000000000000000000030 FF - prefs.js: keyword.URL - hxxp://search.babylon.com/?affID=112543&tt=3012_3&babsrc=KW_ss&mntrId=5611f8ee000000000000000000000030&q= FF - prefs.js: network.proxy.type - 0 FF - user.js: network.cookie.cookieBehavior - 0 FF - user.js: privacy.clearOnShutdown.cookies - false FF - user.js: security.warn_viewing_mixed - false FF - user.js: security.warn_viewing_mixed.show_once - false FF - user.js: security.warn_submit_insecure - false FF - user.js: security.warn_submit_insecure.show_once - false FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=112543&tt=3012_3 FF - user.js: extensions.BabylonToolbar_i.babExt - FF - user.js: extensions.BabylonToolbar_i.srcExt - ss FF - user.js: extensions.BabylonToolbar.tlbrSrchUrl - hxxp://www.google.com/search?babsrc=TB_ggl&q= FF - user.js: extensions.BabylonToolbar.id - 5611f8ee000000000000000000000030 FF - user.js: extensions.BabylonToolbar.instlDay - 15549 FF - user.js: extensions.BabylonToolbar.vrsn - 1.5.29.1 FF - user.js: extensions.BabylonToolbar.vrsni - 1.5.29.1 FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.29.14:24 FF - user.js: extensions.BabylonToolbar.prtnrId - babylon FF - user.js: extensions.BabylonToolbar.prdct - BabylonToolbar FF - user.js: extensions.BabylonToolbar.aflt - babsst FF - user.js: extensions.BabylonToolbar_i.smplGrp - none FF - user.js: extensions.BabylonToolbar.tlbrId - base FF - user.js: extensions.BabylonToolbar.instlRef - sst FF - user.js: extensions.BabylonToolbar.dfltLng - en FF - user.js: extensions.BabylonToolbar.excTlbr - false FF - user.js: extensions.BabylonToolbar.admin - false . - - - - ORPHANS REMOVED - - - - . Toolbar-Locked - (no file) Wow6432Node-HKLM-Run-SunJavaUpdateSched - c:\program files (x86)\Java\jre7\bin\jusched.exe . . . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_268_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_268_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_268.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.11" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_268.ocx, 1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_268.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_268.ocx, 1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}] @Denied: (A 2) (Everyone) @="IFlashBroker4" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . ------------------------ Other Running Processes ------------------------ . c:\program files (x86)\Bonjour\mDNSResponder.exe c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE . ************************************************************************** . Completion time: 2012-07-31 03:01:58 - machine was rebooted ComboFix-quarantined-files.txt 2012-07-31 00:01 ComboFix2.txt 2012-07-30 15:02 . Pre-Run: 21.302.284.288 bayt boş Post-Run: 21.183.340.544 bayt boş . - - End Of File - - EA69DA088A825D11EC2991B536649628 Share this post Link to post Share on other sites
kenanorhan 1 Report post Posted July 31, 2012 Hehe I understand what you mean in step 1st ))) [url="https://www.virustotal.com/file/9608e981aed0ccb19c910b39558b69b0a1922e7619da332d8fe02a7d3cfc8a7a/analysis/1343693377/"]https://www.virustotal.com/file/9608e981aed0ccb19c910b39558b69b0a1922e7619da332d8fe02a7d3cfc8a7a/analysis/1343693377/[/url] SHA256: 9608e981aed0ccb19c910b39558b69b0a1922e7619da332d8fe02a7d3cfc8a7a SHA1: 5200b083313385652cb90d91ca38f1c5d350a7b1 MD5: 737a6398d045622d88874d8b399147d0 File size: 32.8 KB ( 33633 bytes ) File name: 2012-07-28-7.dc File type: unknown Detection ratio: 0 / 41 Analysis date: 2012-07-31 00:09:37 UTC ( 0 dakika ago ) Share this post Link to post Share on other sites
CeciliaB 475 Report post Posted July 31, 2012 I think 2012-07-28-7.dc is a file some kind of key logger creates and stores information in until it is uploaded to a server. The file isn't malicious but it is used by a malicious program. ComboFix didn't succeed in removing Babylon from Firefox. Let us try another tool. Save OTL on the Desktop. [url=http://oldtimer.geekstogo.com/OTL.exe]http://oldtimer.geekstogo.com/OTL.exe[/url] Close all programs. Double-click OTL to run it. Click on [b]Quick Scan[/b] and do not use the computer while the program runs. When the program finishes two log files are created on the Desktop, OTL.txt och Extras.txt. Paste the contents of the log OTL.txt into your answer but attach Extras.txt (if you don't see how to attach files click the button "More Reply Options" ). 1 Share this post Link to post Share on other sites
kenanorhan 1 Report post Posted July 31, 2012 i deleted firefox and set up it again.... now firefox hasn't babylon. but explorer has still babylon problem... Share this post Link to post Share on other sites
kenanorhan 1 Report post Posted July 31, 2012 OTL logfile created on: 31.07.2012 15:08:30 - Run 1 OTL by OldTimer - Version 3.2.55.0 Folder = C:\Users\Kenan ve Deniz\Desktop 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 8.0.7601.17514) Locale: 0000041f | Country: Türkiye | Language: TRK | Date Format: dd.MM.yyyy 3,86 Gb Total Physical Memory | 2,63 Gb Available Physical Memory | 68,01% Memory free 7,73 Gb Paging File | 6,42 Gb Available in Paging File | 83,03% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 58,59 Gb Total Space | 19,59 Gb Free Space | 33,43% Space Free | Partition Type: NTFS Drive D: | 397,30 Gb Total Space | 397,20 Gb Free Space | 99,97% Space Free | Partition Type: NTFS Computer Name: KENANVEDENIZ | User Name: Kenan ve Deniz | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days [color=#E56717]========== Processes (SafeList) ==========[/color] PRC - [2012.07.31 15:06:03 | 000,597,504 | ---- | M] (OldTimer Tools) -- C:\Users\Kenan ve Deniz\Desktop\OTL.exe PRC - [2012.05.03 18:37:54 | 001,226,096 | ---- | M] (Lavasoft Limited) -- C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareService.exe PRC - [2012.05.03 18:37:50 | 020,221,792 | ---- | M] (Lavasoft Limited) -- C:\PROGRA~2\AD-AWA~1\AdAware.exe PRC - [2011.12.19 13:20:06 | 003,289,032 | ---- | M] (GFI Software) -- C:\Program Files (x86)\Ad-Aware Antivirus\SBAMSvc.exe PRC - [2011.10.21 12:09:36 | 000,198,032 | ---- | M] (Lavasoft) -- C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe PRC - [2011.03.28 11:21:16 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE PRC - [2011.03.09 15:30:08 | 000,247,728 | ---- | M] (TomTom) -- C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe PRC - [2010.12.09 13:45:58 | 000,074,752 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\Winamp\winampa.exe PRC - [2009.10.15 12:10:28 | 000,498,160 | ---- | M] () -- C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe PRC - [2009.06.25 05:19:50 | 000,140,520 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe PRC - [2009.06.25 01:21:38 | 000,409,744 | ---- | M] (Creative Technology Ltd) -- C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe [color=#E56717]========== Modules (No Company Name) ==========[/color] MOD - [2010.08.10 00:01:06 | 000,067,872 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll MOD - [2009.10.15 12:10:28 | 000,498,160 | ---- | M] () -- C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe [color=#E56717]========== Win32 Services (SafeList) ==========[/color] SRV:[b]64bit:[/b] - [2010.09.22 18:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc) SRV:[b]64bit:[/b] - [2009.10.09 16:52:16 | 000,092,160 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe -- (AERTFilters) SRV:[b]64bit:[/b] - [2009.09.08 19:56:00 | 000,202,752 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility) SRV:[b]64bit:[/b] - [2009.07.17 03:06:00 | 000,033,280 | ---- | M] () [Auto | Running] -- C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRYSVC.EXE -- (wltrysvc) SRV:[b]64bit:[/b] - [2009.07.02 03:54:02 | 000,864,032 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- c:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe -- (btwdins) SRV - [2012.07.28 02:49:51 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2012.07.14 03:13:54 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2012.05.03 18:37:54 | 001,226,096 | ---- | M] (Lavasoft Limited) [Auto | Running] -- C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareService.exe -- (Ad-Aware Service) SRV - [2011.12.19 13:20:06 | 003,289,032 | ---- | M] (GFI Software) [Auto | Running] -- C:\Program Files (x86)\Ad-Aware Antivirus\SBAMSvc.exe -- (SBAMSvc) SRV - [2011.04.01 11:14:30 | 000,183,560 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE -- (BBSvc) SRV - [2011.03.28 11:21:16 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE -- (SeaPort) SRV - [2010.03.18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2009.06.11 00:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) [color=#E56717]========== Driver Services (SafeList) ==========[/color] DRV:[b]64bit:[/b] - [2012.03.08 18:40:52 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr) DRV:[b]64bit:[/b] - [2012.03.01 09:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:[b]64bit:[/b] - [2011.12.19 12:44:24 | 000,256,632 | ---- | M] (GFI Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\SbFw.sys -- (SbFw) DRV:[b]64bit:[/b] - [2011.12.19 12:44:24 | 000,084,600 | ---- | M] (GFI Software) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\sbwtis.sys -- (sbwtis) DRV:[b]64bit:[/b] - [2011.12.19 12:44:24 | 000,060,536 | ---- | M] (GFI Software) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\sbhips.sys -- (sbhips) DRV:[b]64bit:[/b] - [2011.11.29 06:59:46 | 000,074,872 | ---- | M] (GFI Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\sbapifs.sys -- (sbapifs) DRV:[b]64bit:[/b] - [2011.10.26 16:19:22 | 000,069,376 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\Lbd.sys -- (Lbd) DRV:[b]64bit:[/b] - [2011.10.26 14:23:36 | 000,057,976 | ---- | M] (GFI Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\sbredrv.sys -- (SBRE) DRV:[b]64bit:[/b] - [2011.09.29 12:16:18 | 000,119,416 | ---- | M] (GFI Software) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SbFwIm.sys -- (SBFWIMCLMP) DRV:[b]64bit:[/b] - [2011.09.29 12:16:18 | 000,119,416 | ---- | M] (GFI Software) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SbFwIm.sys -- (SBFWIMCL) DRV:[b]64bit:[/b] - [2011.05.10 08:06:08 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64) DRV:[b]64bit:[/b] - [2011.03.11 09:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:[b]64bit:[/b] - [2011.03.11 09:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:[b]64bit:[/b] - [2010.11.20 16:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:[b]64bit:[/b] - [2010.11.20 14:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:[b]64bit:[/b] - [2010.11.20 13:43:57 | 000,032,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser.sys -- (usbser) DRV:[b]64bit:[/b] - [2010.04.19 20:29:18 | 000,022,528 | ---- | M] (Apple Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netaapl64.sys -- (Netaapl) DRV:[b]64bit:[/b] - [2009.10.12 15:00:52 | 000,151,040 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Impcd.sys -- (Impcd) DRV:[b]64bit:[/b] - [2009.09.17 23:54:00 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64) DRV:[b]64bit:[/b] - [2009.09.16 17:47:00 | 000,267,312 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Apfiltr.sys -- (ApfiltrService) DRV:[b]64bit:[/b] - [2009.09.08 20:31:00 | 006,204,928 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag) DRV:[b]64bit:[/b] - [2009.08.23 06:02:00 | 000,120,336 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService) DRV:[b]64bit:[/b] - [2009.08.20 20:05:00 | 000,239,616 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167) DRV:[b]64bit:[/b] - [2009.07.17 20:06:00 | 002,769,400 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX) DRV:[b]64bit:[/b] - [2009.07.17 07:14:00 | 000,220,672 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR) DRV:[b]64bit:[/b] - [2009.07.17 03:06:00 | 000,022,520 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\bcm42rly.sys -- (BCM42RLY) DRV:[b]64bit:[/b] - [2009.07.14 04:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:[b]64bit:[/b] - [2009.07.14 04:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:[b]64bit:[/b] - [2009.07.14 04:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:[b]64bit:[/b] - [2009.07.09 12:00:00 | 000,055,280 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64) DRV:[b]64bit:[/b] - [2009.07.02 01:26:34 | 000,132,648 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwavdt.sys -- (btwavdt) DRV:[b]64bit:[/b] - [2009.07.02 01:26:34 | 000,098,344 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwaudio.sys -- (btwaudio) DRV:[b]64bit:[/b] - [2009.07.02 01:26:34 | 000,035,104 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwl2cap.sys -- (btwl2cap) DRV:[b]64bit:[/b] - [2009.07.02 01:26:34 | 000,021,160 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwrchid.sys -- (btwrchid) DRV:[b]64bit:[/b] - [2009.06.15 22:06:42 | 000,172,704 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CtClsFlt.sys -- (CtClsFlt) DRV:[b]64bit:[/b] - [2009.06.10 23:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:[b]64bit:[/b] - [2009.06.10 23:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:[b]64bit:[/b] - [2009.06.10 23:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:[b]64bit:[/b] - [2009.06.10 23:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:[b]64bit:[/b] - [2009.05.18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM) DRV - [2011.10.26 14:23:40 | 000,101,112 | ---- | M] (GFI Software) [Kernel | System | Running] -- C:\Windows\SysWOW64\drivers\SBREDrv.sys -- (SBRE) DRV - [2009.07.14 04:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) [color=#E56717]========== Standard Registry (SafeList) ==========[/color] [color=#E56717]========== Internet Explorer ==========[/color] IE:[b]64bit:[/b] - HKLM\..\SearchScopes,DefaultScope = {4853B14E-F386-480C-A32E-9D9A9305E634} IE:[b]64bit:[/b] - HKLM\..\SearchScopes\{4853B14E-F386-480C-A32E-9D9A9305E634}: "URL" = http://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox IE - HKLM\..\URLSearchHook: {57BCA5FA-5DBB-45a2-B558-1755C3F6253B} - C:\Program Files (x86)\Winamp Toolbar\winamptb.dll (AOL LLC.) IE - HKLM\..\SearchScopes,DefaultScope = {63F75156-1900-4CCA-A711-37FF594613A1} IE - HKLM\..\SearchScopes\{63F75156-1900-4CCA-A711-37FF594613A1}: "URL" = http://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = tr IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKCU\..\SearchScopes\yandex.com.tr-041340: "URL" = http://safesearchr.lavasoft.com/?source=3336ca5f&tbp=rbox&toolbarid=adawaretb&u=&q={searchTerms} IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local [color=#E56717]========== FireFox ==========[/color] FF - user.js - File not found FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_268.dll File not found FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_268.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.1: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=8: C:\Program Files (x86)\Google\Update\1.2.183.39\npGoogleOneClick8.dll File not found FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Kenan ve Deniz\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Kenan ve Deniz\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.07.31 12:57:07 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.07.25 10:20:31 | 000,000,000 | ---D | M] [2012.07.31 12:54:46 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Kenan ve Deniz\AppData\Roaming\mozilla\Extensions [2011.01.09 18:37:01 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Kenan ve Deniz\AppData\Roaming\mozilla\Extensions\[email protected] [2010.06.27 16:22:39 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Kenan ve Deniz\AppData\Roaming\mozilla\Extensions\[email protected] [2012.07.31 12:57:07 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2012.07.14 03:15:45 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2010.12.09 13:47:06 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll [2012.03.06 22:16:56 | 000,000,596 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\adawaretb.xml [2012.07.28 04:24:18 | 000,002,349 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml [2010.09.14 15:48:25 | 000,002,506 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\BearShareWebSearch.xml [2012.07.14 05:01:33 | 000,001,182 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-tr.xml [2012.07.14 05:01:33 | 000,002,489 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yandex-tr.xml [color=#E56717]========== Chrome ==========[/color] CHR - homepage: http://www.google.com/ CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}, CHR - homepage: http://www.google.com/ CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Users\Kenan ve Deniz\AppData\Local\Google\Chrome\Application\20.0.1132.57\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Kenan ve Deniz\AppData\Local\Google\Chrome\Application\20.0.1132.57\pdf.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Kenan ve Deniz\AppData\Local\Google\Chrome\Application\20.0.1132.57\gcswf32.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\np-mswmp.dll CHR - plugin: 2007 Microsoft Office system (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\NPOFF12.DLL CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll CHR - plugin: Winamp Application Detector (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npwachk.dll CHR - plugin: Adobe Acrobat (Enabled) = c:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll CHR - plugin: Java(TM) Platform SE 7 U4 (Enabled) = C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll CHR - plugin: Java Deployment Toolkit 7.0.40.255 (Enabled) = C:\Windows\SysWOW64\npDeployJava1.dll CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll CHR - plugin: Google Update (Enabled) = C:\Users\Kenan ve Deniz\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll CHR - Extension: Supernova = C:\Users\Kenan ve Deniz\AppData\Local\Google\Chrome\User Data\Default\Extensions\gegpgpjbmbggplclldecdbpcmopmlbll\1_0\ O1 HOSTS File: ([2012.07.31 02:56:12 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2:[b]64bit:[/b] - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll File not found O2 - BHO: (Winamp Toolbar Loader) - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files (x86)\Winamp Toolbar\winamptb.dll (AOL LLC.) O2 - BHO: (Ad-Aware Security Toolbar) - {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files (x86)\adawaretb\adawareDx.dll () O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.) O3 - HKLM\..\Toolbar: (Ad-Aware Security Toolbar) - {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files (x86)\adawaretb\adawareDx.dll () O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.) O3 - HKLM\..\Toolbar: (Winamp Toolbar) - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files (x86)\Winamp Toolbar\winamptb.dll (AOL LLC.) O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (Winamp Toolbar) - {EBF2BA02-9094-4C5A-858B-BB198F3D8DE2} - C:\Program Files (x86)\Winamp Toolbar\winamptb.dll (AOL LLC.) O4:[b]64bit:[/b] - HKLM..\Run: [Broadcom Wireless Manager UI] C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRAY.EXE (Dell Inc.) O4:[b]64bit:[/b] - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4 - HKLM..\Run: [Ad-Aware Antivirus] C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareLauncher.exe (Lavasoft Limited) O4 - HKLM..\Run: [Ad-Aware Browsing Protection] C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe (Lavasoft) O4 - HKLM..\Run: [Dell Webcam Central] C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe (Creative Technology Ltd) O4 - HKLM..\Run: [Desktop Disc Tool] C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe () O4 - HKLM..\Run: [PDVDDXSrv] C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.) O4 - HKLM..\Run: [StartCCC] c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKLM..\Run: [WinampAgent] C:\Program Files (x86)\Winamp\winampa.exe (Nullsoft, Inc.) O4 - HKCU..\Run: [audiodg_TR.exe] C:\Users\Kenan ve Deniz\Documents\audiodg_TR.exe (Logitech inc) O4 - HKCU..\Run: [TomTomHOME.exe] C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe (TomTom) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Low Rights present O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run: 63726 = C:\PROGRA~3\LOCALS~1\Temp\mswartzai.cmd O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0 O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O9:[b]64bit:[/b] - Extra Button: @c:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9:[b]64bit:[/b] - Extra 'Tools' menuitem : @c:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra Button: OneNote'a Gönder - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MIF5BA~1\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : OneNote'a G&önder - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MIF5BA~1\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MIF5BA~1\Office12\REFIEBAR.DLL (Microsoft Corporation) O9 - Extra Button: Bluetooth'a Gönder - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra 'Tools' menuitem : &Bluetooth Aygıtına Gönder... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O10:[b]64bit:[/b] - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab (Java Plug-in 10.5.0) O16 - DPF: {CAFEEFAC-0017-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab (Java Plug-in 1.7.0_05) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab (Java Plug-in 1.7.0_05) O16 - DPF: {D5D17C21-1719-4640-B0B2-4F3262419920} https://www.isbank.com.tr/Internet/lib/JaguarEdit4ISBv29.CAB (GuvenlikCemberi3-ISBANK) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{66E038D8-3659-42FE-8B79-20B4A5026A87}: DhcpNameServer = 212.65.128.2 212.65.140.142 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6D32B774-FBB3-42D0-9F84-11DD7E168A15}: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6D32B774-FBB3-42D0-9F84-11DD7E168A15}: NameServer = 8.8.8.8,8.8.4.4 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6E5B96E3-5364-4179-972A-90BA9B474A7F}: DhcpNameServer = 13.35.0.1 13.35.0.2 O18:[b]64bit:[/b] - Protocol\Handler\grooveLocalGWS - No CLSID value found O18:[b]64bit:[/b] - Protocol\Handler\ms-help - No CLSID value found O18:[b]64bit:[/b] - Protocol\Handler\wlmailhtml - No CLSID value found O18:[b]64bit:[/b] - Protocol\Handler\wlpg - No CLSID value found O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20:[b]64bit:[/b] - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:[b]64bit:[/b] - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20:[b]64bit:[/b] - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation) O20:[b]64bit:[/b] - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O35:[b]64bit:[/b] - HKLM\..comfile [open] -- "%1" %* O35:[b]64bit:[/b] - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:[b]64bit:[/b] - HKLM\...com [@ = ComFile] -- "%1" %* O37:[b]64bit:[/b] - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) [color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color] [2012.07.31 15:07:36 | 000,597,504 | ---- | C] (OldTimer Tools) -- C:\Users\Kenan ve Deniz\Desktop\OTL.exe [2012.07.31 12:57:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Maintenance Service [2012.07.31 03:02:00 | 000,000,000 | ---D | C] -- C:\Windows\temp [2012.07.31 02:56:15 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN [2012.07.30 21:37:47 | 000,000,000 | ---D | C] -- C:\Users\Kenan ve Deniz\Desktop\virüs programları [2012.07.30 17:39:21 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe [2012.07.30 17:39:21 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe [2012.07.30 17:39:21 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe [2012.07.30 17:39:06 | 000,000,000 | ---D | C] -- C:\Qoobox [2012.07.30 17:38:39 | 000,000,000 | ---D | C] -- C:\Windows\erdnt [2012.07.29 22:33:29 | 000,000,000 | ---D | C] -- C:\Users\Kenan ve Deniz\AppData\Local\{F7105408-CB7A-409A-BC9C-D049858133E1} [2012.07.29 22:33:17 | 000,000,000 | ---D | C] -- C:\Users\Kenan ve Deniz\AppData\Local\{4A8F921E-5FFD-4BA1-BB73-6F0690923D9C} [2012.07.29 15:26:31 | 000,000,000 | ---D | C] -- C:\Users\Kenan ve Deniz\AppData\Local\adaware [2012.07.29 15:26:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ad-Aware Antivirus [2012.07.29 15:26:19 | 000,060,536 | ---- | C] (GFI Software) -- C:\Windows\SysNative\drivers\sbhips.sys [2012.07.29 15:26:06 | 000,119,416 | ---- | C] (GFI Software) -- C:\Windows\SysNative\drivers\SbFwIm.sys [2012.07.29 15:26:05 | 000,256,632 | ---- | C] (GFI Software) -- C:\Windows\SysNative\drivers\SbFw.sys [2012.07.29 15:25:21 | 000,057,976 | ---- | C] (GFI Software) -- C:\Windows\SysNative\drivers\sbredrv.sys [2012.07.29 15:25:21 | 000,045,936 | ---- | C] (GFI Software) -- C:\Windows\SysNative\sbbd.exe [2012.07.29 14:54:04 | 000,000,000 | ---D | C] -- C:\Users\Kenan ve Deniz\AppData\Local\Downloaded Installations [2012.07.28 05:53:34 | 000,000,000 | ---D | C] -- C:\Users\Kenan ve Deniz\Documents\R-TT [2012.07.28 04:29:38 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP [2012.07.28 04:13:37 | 000,000,000 | ---D | C] -- C:\Users\Kenan ve Deniz\AppData\Local\Nichrome [2012.07.28 04:13:33 | 000,000,000 | ---D | C] -- C:\Users\Kenan ve Deniz\AppData\Local\Xpom [2012.07.28 04:04:50 | 000,000,000 | ---D | C] -- C:\Users\Kenan ve Deniz\AppData\Roaming\dclogs [2012.07.26 16:25:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\adawaretb [2012.07.26 16:25:31 | 000,069,376 | ---- | C] (Lavasoft AB) -- C:\Windows\SysNative\drivers\Lbd.sys [2012.07.26 03:14:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Oracle [2012.07.26 00:57:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Local Settings [2012.07.03 06:12:07 | 000,000,000 | ---D | C] -- C:\Users\Kenan ve Deniz\AppData\Local\Geekcorp [2011.05.26 19:29:57 | 001,169,224 | ---- | C] (Microsoft Corporation) -- C:\Users\Kenan ve Deniz\AppData\Roaming\VFBEMFRZEW.exe [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] [color=#E56717]========== Files - Modified Within 30 Days ==========[/color] [2012.07.31 15:06:03 | 000,597,504 | ---- | M] (OldTimer Tools) -- C:\Users\Kenan ve Deniz\Desktop\OTL.exe [2012.07.31 15:01:00 | 000,001,066 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3972443797-2272916507-3105240164-1001UA.job [2012.07.31 14:49:00 | 000,000,814 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012.07.31 12:57:10 | 000,001,136 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk [2012.07.31 10:30:47 | 000,001,014 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3972443797-2272916507-3105240164-1001Core.job [2012.07.31 10:30:15 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.07.31 03:06:18 | 000,001,870 | ---- | M] () -- C:\Users\Public\Desktop\Ad-Aware Antivirus.lnk [2012.07.31 03:05:02 | 000,014,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.07.31 03:05:02 | 000,014,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.07.31 02:56:12 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts [2012.07.31 02:55:45 | 3111,534,592 | -HS- | M] () -- C:\hiberfil.sys [2012.07.31 02:30:06 | 000,001,226 | ---- | M] () -- C:\Users\Kenan ve Deniz\Desktop\ComboFix.exe - Kısayol.lnk [2012.07.30 21:23:15 | 001,459,026 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2012.07.30 21:23:15 | 000,619,554 | ---- | M] () -- C:\Windows\SysNative\perfh01F.dat [2012.07.30 21:23:15 | 000,617,064 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2012.07.30 21:23:15 | 000,121,714 | ---- | M] () -- C:\Windows\SysNative\perfc01F.dat [2012.07.30 21:23:15 | 000,106,246 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2012.07.30 17:40:56 | 000,014,017 | ---- | M] () -- C:\Users\Kenan ve Deniz\AppData\Roaming\l0g [2012.07.30 05:31:32 | 000,000,962 | ---- | M] () -- C:\Windows\tasks\Ad-Aware Antivirus Scheduled Scan.job [2012.07.30 02:15:18 | 000,252,104 | ---- | M] () -- C:\Users\Kenan ve Deniz\Desktop\lava.png [2012.07.28 04:24:37 | 000,000,304 | ---- | M] () -- C:\user.js [2012.07.28 03:28:16 | 000,967,260 | ---- | M] () -- C:\Users\Kenan ve Deniz\Desktop\MUSKA.rar [2012.07.26 16:24:29 | 000,001,139 | ---- | M] () -- C:\Users\Kenan ve Deniz\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Outlook.lnk [2012.07.25 10:20:31 | 000,002,016 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk [2012.07.12 20:55:32 | 000,002,331 | ---- | M] () -- C:\Users\Kenan ve Deniz\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk [2012.07.11 19:07:59 | 000,412,624 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] [color=#E56717]========== Files Created - No Company Name ==========[/color] [2012.07.31 12:57:10 | 000,001,148 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk [2012.07.31 12:57:10 | 000,001,136 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk [2012.07.31 02:29:58 | 000,001,226 | ---- | C] () -- C:\Users\Kenan ve Deniz\Desktop\ComboFix.exe - Kısayol.lnk [2012.07.30 17:39:21 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe [2012.07.30 17:39:21 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe [2012.07.30 17:39:21 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe [2012.07.30 17:39:21 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe [2012.07.30 17:39:21 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe [2012.07.30 02:15:18 | 000,252,104 | ---- | C] () -- C:\Users\Kenan ve Deniz\Desktop\lava.png [2012.07.29 15:26:22 | 000,001,870 | ---- | C] () -- C:\Users\Public\Desktop\Ad-Aware Antivirus.lnk [2012.07.29 15:02:59 | 000,000,962 | ---- | C] () -- C:\Windows\tasks\Ad-Aware Antivirus Scheduled Scan.job [2012.07.29 14:41:39 | 000,014,017 | ---- | C] () -- C:\Users\Kenan ve Deniz\AppData\Roaming\l0g [2012.07.28 04:24:36 | 000,000,304 | ---- | C] () -- C:\user.js [2012.07.28 03:28:14 | 000,967,260 | ---- | C] () -- C:\Users\Kenan ve Deniz\Desktop\MUSKA.rar [2012.07.25 10:20:31 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader 9.lnk [2012.07.25 10:20:31 | 000,002,016 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk [2012.07.05 19:13:05 | 005,700,890 | ---- | C] () -- C:\Users\Kenan ve Deniz\Desktop\Always.wma [2012.01.11 09:59:36 | 000,002,048 | -HS- | C] () -- C:\Windows\Installer\{678e0b4f-17c9-f768-10f6-97e8ee0ffbb1}\@ [2012.01.11 09:59:36 | 000,002,048 | -HS- | C] () -- C:\Users\Kenan ve Deniz\AppData\Local\{678e0b4f-17c9-f768-10f6-97e8ee0ffbb1}\@ [2011.11.29 09:38:17 | 000,000,044 | ---- | C] () -- C:\Windows\SysWow64\statistics.dat [2011.06.03 22:33:08 | 000,000,064 | ---- | C] () -- C:\Windows\SysWow64\rp_stats.dat [2011.06.03 22:33:08 | 000,000,044 | ---- | C] () -- C:\Windows\SysWow64\rp_rules.dat [2011.01.23 01:58:37 | 000,000,120 | ---- | C] () -- C:\Windows\wininit.ini [2010.08.15 22:54:15 | 001,551,346 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [color=#E56717]========== LOP Check ==========[/color] [2012.07.29 15:02:53 | 000,000,000 | ---D | M] -- C:\Users\Kenan ve Deniz\AppData\Roaming\Ad-Aware Antivirus [2012.03.22 00:24:32 | 000,000,000 | ---D | M] -- C:\Users\Kenan ve Deniz\AppData\Roaming\adawaretb [2012.04.11 03:27:27 | 000,000,000 | ---D | M] -- C:\Users\Kenan ve Deniz\AppData\Roaming\Agxagyc [2011.08.17 23:27:18 | 000,000,000 | ---D | M] -- C:\Users\Kenan ve Deniz\AppData\Roaming\Ambient Design [2012.04.16 19:38:26 | 000,000,000 | ---D | M] -- C:\Users\Kenan ve Deniz\AppData\Roaming\Azureus [2012.07.28 04:11:16 | 000,000,000 | ---D | M] -- C:\Users\Kenan ve Deniz\AppData\Roaming\dclogs [2010.07.18 16:15:11 | 000,000,000 | ---D | M] -- C:\Users\Kenan ve Deniz\AppData\Roaming\Leadertech [2012.03.21 20:44:30 | 000,000,000 | ---D | M] -- C:\Users\Kenan ve Deniz\AppData\Roaming\Saw [2012.06.22 21:48:20 | 000,000,000 | ---D | M] -- C:\Users\Kenan ve Deniz\AppData\Roaming\TeamViewer [2011.01.09 18:36:59 | 000,000,000 | ---D | M] -- C:\Users\Kenan ve Deniz\AppData\Roaming\TomTom [2012.07.30 05:31:32 | 000,000,962 | ---- | M] () -- C:\Windows\Tasks\Ad-Aware Antivirus Scheduled Scan.job [2012.06.15 19:21:50 | 000,032,688 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT [color=#E56717]========== Purity Check ==========[/color] [color=#E56717]========== Alternate Data Streams ==========[/color] @Alternate Data Stream - 146 bytes -> C:\ProgramData\TEMP:E8BE05FA < End of report > Share this post Link to post Share on other sites
kenanorhan 1 Report post Posted July 31, 2012 extra Share this post Link to post Share on other sites
CeciliaB 475 Report post Posted July 31, 2012 Close all programs including antivirus programs and other similar programs. Otherwise they might stop OTL. How? See http://www.bleepingcomputer.com/forums/topic114351.html Start the program OTL. Copy all the lines in the box: [code] :OTL IE - HKLM\..\URLSearchHook: {57BCA5FA-5DBB-45a2-B558-1755C3F6253B} - C:\Program Files (x86)\Winamp Toolbar\winamptb.dll (AOL LLC.) [2012.07.28 04:24:18 | 000,002,349 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml [2010.09.14 15:48:25 | 000,002,506 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\BearShareWebSearch.xml @Alternate Data Stream - 146 bytes -> C:\ProgramData\TEMP:E8BE05FA :Reg [-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] :Commands [CREATERESTOREPOINT] [REBOOT] [/code] Paste them into the field Custom Scans/Fixes. Click on Run Fix. If you are asked to restart the computer do that. Notepad will pop-up with a log. Copy it and paste it into your answer. If it is not pop-upped, you can find it in the folder c:\_OTL\Moved Files and its name contains the date and time for when OTL was run. Be sure that antivirus programs etc. are active before connecting to internet. Please, run DDS too and paste the content of DDS.txt (no need for Attach.txt). 1 Share this post Link to post Share on other sites
kenanorhan 1 Report post Posted July 31, 2012 ========== OTL ========== Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{57BCA5FA-5DBB-45a2-B558-1755C3F6253B} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{57BCA5FA-5DBB-45a2-B558-1755C3F6253B}\ deleted successfully. C:\Program Files (x86)\Winamp Toolbar\winamptb.dll moved successfully. C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml moved successfully. C:\Program Files (x86)\mozilla firefox\searchplugins\BearShareWebSearch.xml moved successfully. ADS C:\ProgramData\TEMP:E8BE05FA deleted successfully. ========== REGISTRY ========== Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\ deleted successfully. ========== COMMANDS ========== Restore point Set: OTL Restore Point OTL by OldTimer - Version 3.2.55.0 log created on 07312012_170926 Share this post Link to post Share on other sites
kenanorhan 1 Report post Posted July 31, 2012 DDS (Ver_2011-08-26.01) - NTFSAMD64 Internet Explorer: 8.0.7601.17514 BrowserJavaVersion: 10.5.1 Run by Kenan ve Deniz at 17:20:15 on 2012-07-31 Microsoft Windows 7 Home Premium 6.1.7601.1.1254.90.1055.18.3957.2445 [GMT 3:00] . AV: Lavasoft Ad-Aware *Enabled/Updated* {445B48C3-0FA4-6B16-8F07-6506F305D800} SP: Lavasoft Ad-Aware *Enabled/Updated* {FF3AA927-299E-6498-B5B7-5E74888292BD} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} FW: Lavasoft Ad-Aware *Enabled* {7C60C9E6-45CB-6A4E-A458-CC330DD69F7B} . ============== Running Processes =============== . C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k RPCSS C:\Windows\system32\atiesrxx.exe C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\atieclxx.exe C:\Windows\system32\svchost.exe -k NetworkService C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRYSVC.EXE C:\Program Files\Dell\Dell Wireless WLAN Card\bcmwltry.exe C:\Windows\system32\WLANExt.exe C:\Windows\system32\conhost.exe C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareService.exe C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe C:\Program Files (x86)\Bonjour\mDNSResponder.exe c:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Windows\System32\svchost.exe -k HPZ12 C:\Windows\System32\svchost.exe -k HPZ12 C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE C:\Windows\system32\svchost.exe -k imgsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe C:\Windows\system32\taskhost.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRAY.EXE C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe C:\Program Files (x86)\Winamp\winampa.exe C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe C:\Program Files (x86)\iTunes\iTunesHelper.exe C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe C:\Windows\system32\SearchIndexer.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files (x86)\Ad-Aware Antivirus\SBAMSvc.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Windows\system32\wbem\wmiprvse.exe C:\PROGRA~2\AD-AWA~1\AdAware.exe C:\Windows\System32\svchost.exe -k LocalServicePeerNet C:\Users\Kenan ve Deniz\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Kenan ve Deniz\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Kenan ve Deniz\AppData\Local\Google\Chrome\Application\chrome.exe C:\Windows\system32\DllHost.exe C:\Windows\servicing\TrustedInstaller.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\system32\vssvc.exe C:\Windows\System32\svchost.exe -k swprv C:\Windows\system32\SearchProtocolHost.exe C:\Windows\system32\SearchFilterHost.exe C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\conhost.exe C:\Windows\SysWOW64\cscript.exe . ============== Pseudo HJT Report =============== . uInternet Settings,ProxyOverride = *.local uSearchAssistant = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://www.google.com/search?q=%s mURLSearchHooks: Ad-Aware Security Toolbar: {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files (x86)\adawaretb\adawareDx.dll BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO: Winamp Toolbar Loader: {25cee8ec-5730-41bc-8b58-22ddc8ab8c20} - C:\Program Files (x86)\Winamp Toolbar\winamptb.dll BHO: Ad-Aware Security Toolbar: {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files (x86)\adawaretb\adawareDx.dll BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll BHO: Windows Live ID Oturum Açma Yardım Aracı: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll" TB: Winamp Toolbar: {ebf2ba02-9094-4c5a-858b-bb198f3d8de2} - C:\Program Files (x86)\Winamp Toolbar\winamptb.dll TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll" TB: Ad-Aware Security Toolbar: {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files (x86)\adawaretb\adawareDx.dll {555d4d79-4bd2-4094-a395-cfc534424a05} uRun: [TomTomHOME.exe] "C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe" uRun: [audiodg_TR.exe] C:\Users\Kenan ve Deniz\Documents\audiodg_TR.exe mRun: [StartCCC] "c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun mRun: [PDVDDXSrv] "C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe" mRun: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe" mRun: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2 mRun: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" mRun: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe mRun: [WinampAgent] "C:\Program Files (x86)\Winamp\winampa.exe" mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" mRun: [Ad-Aware Browsing Protection] "C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe" mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" mRun: [Ad-Aware Antivirus] "C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareLauncher" --windows-run mExplorerRun: [63726] C:\PROGRA~3\LOCALS~1\Temp\mswartzai.cmd StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\BLUETO~1.LNK - C:\Program Files (x86)\WIDCOMM\Bluetooth Software\BTTray.exe mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0) mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3) mPolicies-system: EnableLUA = 0 (0x0) mPolicies-system: EnableUIADesktopToggle = 0 (0x0) mPolicies-system: PromptOnSecureDesktop = 0 (0x0) IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MIF5BA~1\Office12\ONBttnIE.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MIF5BA~1\Office12\REFIEBAR.DLL DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab DPF: {CAFEEFAC-0017-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab DPF: {D5D17C21-1719-4640-B0B2-4F3262419920} - hxxps://www.isbank.com.tr/Internet/lib/JaguarEdit4ISBv29.CAB TCP: DhcpNameServer = 192.168.1.1 TCP: Interfaces\{66E038D8-3659-42FE-8B79-20B4A5026A87} : DhcpNameServer = 212.65.128.2 212.65.140.142 TCP: Interfaces\{6D32B774-FBB3-42D0-9F84-11DD7E168A15} : NameServer = 8.8.8.8,8.8.4.4 TCP: Interfaces\{6D32B774-FBB3-42D0-9F84-11DD7E168A15} : DhcpNameServer = 192.168.1.1 TCP: Interfaces\{6E5B96E3-5364-4179-972A-90BA9B474A7F} : DhcpNameServer = 13.35.0.1 13.35.0.2 Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll {18DF081C-E8AD-4283-A596-FA578C2EBDC3} {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} {6c97a91e-4524-4019-86af-2aa2d567bf5c} {72853161-30C5-4D22-B7F9-0BBC1D38A37E} {9030D464-4C02-4ABF-8ECC-5164760863C6} {9FDDE16B-836F-4806-AB1F-1455CBEFF289} {d2ce3e00-f94a-4740-988e-03dc2f38c34f} {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} {8dcb7100-df86-4384-8842-8fa844297b3f} {6c97a91e-4524-4019-86af-2aa2d567bf5c} EB-X64: {555D4D79-4BD2-4094-A395-CFC534424A05} - No File mRun-x64: [StartCCC] "c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun mRun-x64: [PDVDDXSrv] "C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe" mRun-x64: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe" mRun-x64: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2 mRun-x64: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" mRun-x64: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe mRun-x64: [WinampAgent] "C:\Program Files (x86)\Winamp\winampa.exe" mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" mRun-x64: [Ad-Aware Browsing Protection] "C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe" mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" mRun-x64: [Ad-Aware Antivirus] "C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareLauncher" --windows-run IE-X64: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm SEH-X64: {B5A7F190-DDA6-4420-B3BA-52453494E6CD}: Groove GFS Stub Execution Hook . ================= FIREFOX =================== . FF - ProfilePath - C:\Users\Kenan ve Deniz\AppData\Roaming\Mozilla\Firefox\Profiles\b65q0j4k.default\ FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrlui.dll FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npwachk.dll FF - plugin: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll FF - plugin: C:\Users\Kenan ve Deniz\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_268.dll FF - plugin: C:\Windows\SysWOW64\npDeployJava1.dll FF - plugin: C:\Windows\SysWOW64\npmproxy.dll . ============= SERVICES / DRIVERS =============== . R0 Lbd;Lbd;C:\Windows\system32\DRIVERS\Lbd.sys --> C:\Windows\system32\DRIVERS\Lbd.sys [?] R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?] R1 SbFw;SbFw;C:\Windows\system32\drivers\SbFw.sys --> C:\Windows\system32\drivers\SbFw.sys [?] R1 SBRE;SBRE;C:\Windows\System32\drivers\SBREDrv.sys [2011-10-26 101112] R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?] R2 Ad-Aware Service;Ad-Aware Service;C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareService.exe [2012-5-3 1226096] R2 AERTFilters;Andrea RT Filters Service;C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe [2009-10-9 92160] R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?] R2 SBAMSvc;Ad-Aware;C:\Program Files (x86)\Ad-Aware Antivirus\SBAMSvc.exe [2011-12-19 3289032] R2 sbapifs;sbapifs;C:\Windows\system32\DRIVERS\sbapifs.sys --> C:\Windows\system32\DRIVERS\sbapifs.sys [?] R3 CtClsFlt;Creative Camera Class Upper Filter Driver;C:\Windows\system32\DRIVERS\CtClsFlt.sys --> C:\Windows\system32\DRIVERS\CtClsFlt.sys [?] R3 HECIx64;Intel(R) Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?] R3 Impcd;Impcd;C:\Windows\system32\DRIVERS\Impcd.sys --> C:\Windows\system32\DRIVERS\Impcd.sys [?] R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?] R3 SBFWIMCLMP;GFI Software Firewall NDIS IM Filter Miniport;C:\Windows\system32\DRIVERS\SBFWIM.sys --> C:\Windows\system32\DRIVERS\SBFWIM.sys [?] R3 sbhips;sbhips;C:\Windows\system32\drivers\sbhips.sys --> C:\Windows\system32\drivers\sbhips.sys [?] R3 sbwtis;sbwtis;C:\Windows\system32\DRIVERS\sbwtis.sys --> C:\Windows\system32\DRIVERS\sbwtis.sys [?] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576] S2 gupdate;Google Güncelleme Hizmeti (gupdate);"C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /svc --> C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [?] S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-4-10 250056] S3 BBSvc;Bing Bar Update Service;C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-4-1 183560] S3 btwl2cap;Bluetooth L2CAP Service;C:\Windows\system32\DRIVERS\btwl2cap.sys --> C:\Windows\system32\DRIVERS\btwl2cap.sys [?] S3 fssfltr;fssfltr;C:\Windows\system32\DRIVERS\fssfltr.sys --> C:\Windows\system32\DRIVERS\fssfltr.sys [?] S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2012-3-8 1492840] S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-7-31 113120] S3 Netaapl;Apple Mobile Device Ethernet Service;C:\Windows\system32\DRIVERS\netaapl64.sys --> C:\Windows\system32\DRIVERS\netaapl64.sys [?] S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\system32\Drivers\RtsUStor.sys --> C:\Windows\system32\Drivers\RtsUStor.sys [?] S3 SBFWIMCL;GFI Software Firewall NDIS IM Filter Service;C:\Windows\system32\DRIVERS\sbfwim.sys --> C:\Windows\system32\DRIVERS\sbfwim.sys [?] S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?] S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?] S3 WatAdminSvc;Windows Etkinleştirme Teknolojileri Hizmeti;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?] S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184] . =============== Created Last 30 ================ . 2012-07-31 14:09:26 -------- dc----w- C:\_OTL 2012-07-30 23:56:15 -------- dc----w- C:\$RECYCLE.BIN 2012-07-30 14:39:21 98816 ----a-w- C:\Windows\sed.exe 2012-07-30 14:39:21 518144 ----a-w- C:\Windows\SWREG.exe 2012-07-30 14:39:21 256000 ----a-w- C:\Windows\PEV.exe 2012-07-30 14:39:21 208896 ----a-w- C:\Windows\MBR.exe 2012-07-29 19:33:29 -------- d-----w- C:\Users\Kenan ve Deniz\AppData\Local\{F7105408-CB7A-409A-BC9C-D049858133E1} 2012-07-29 19:33:17 -------- d-----w- C:\Users\Kenan ve Deniz\AppData\Local\{4A8F921E-5FFD-4BA1-BB73-6F0690923D9C} 2012-07-29 12:26:31 -------- d-----w- C:\Users\Kenan ve Deniz\AppData\Local\adaware 2012-07-29 12:26:19 60536 ----a-w- C:\Windows\System32\drivers\sbhips.sys 2012-07-29 12:26:06 119416 ----a-w- C:\Windows\System32\drivers\SbFwIm.sys 2012-07-29 12:26:05 256632 ----a-w- C:\Windows\System32\drivers\SbFw.sys 2012-07-29 12:25:21 57976 ----a-w- C:\Windows\System32\drivers\sbredrv.sys 2012-07-29 12:25:21 45936 ----a-w- C:\Windows\System32\sbbd.exe 2012-07-29 11:54:04 -------- d-----w- C:\Users\Kenan ve Deniz\AppData\Local\Downloaded Installations 2012-07-28 01:14:00 1918320 ----a-w- C:\Windows\System32\drivers\tcpipreset 2012-07-28 01:13:37 -------- d-----w- C:\Users\Kenan ve Deniz\AppData\Local\Nichrome 2012-07-28 01:13:33 -------- d-----w- C:\Users\Kenan ve Deniz\AppData\Local\Xpom 2012-07-28 01:04:50 -------- d-----w- C:\Users\Kenan ve Deniz\AppData\Roaming\dclogs 2012-07-26 13:25:36 -------- d-----w- C:\Program Files (x86)\adawaretb 2012-07-26 13:25:31 69376 ----a-w- C:\Windows\System32\drivers\Lbd.sys 2012-07-26 00:14:28 -------- d-----w- C:\Program Files (x86)\Oracle 2012-07-11 11:07:46 3148800 ----a-w- C:\Windows\System32\win32k.sys 2012-07-03 03:12:07 -------- d-----w- C:\Users\Kenan ve Deniz\AppData\Local\Geekcorp . ==================== Find3M ==================== . 2012-07-27 23:49:51 70344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl 2012-07-27 23:49:51 426184 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe 2012-07-05 19:06:30 772544 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll 2012-07-05 19:06:20 687544 ----a-w- C:\Windows\SysWow64\deployJava1.dll 2012-06-06 06:06:16 2004480 ----a-w- C:\Windows\System32\msxml6.dll 2012-06-06 06:06:16 1881600 ----a-w- C:\Windows\System32\msxml3.dll 2012-06-06 06:02:54 1133568 ----a-w- C:\Windows\System32\cdosys.dll 2012-06-06 05:05:52 1390080 ----a-w- C:\Windows\SysWow64\msxml6.dll 2012-06-06 05:05:52 1236992 ----a-w- C:\Windows\SysWow64\msxml3.dll 2012-06-06 05:03:06 805376 ----a-w- C:\Windows\SysWow64\cdosys.dll 2012-06-02 22:15:31 2622464 ----a-w- C:\Windows\System32\wucltux.dll 2012-06-02 22:15:08 99840 ----a-w- C:\Windows\System32\wudriver.dll 2012-06-02 12:19:42 186752 ----a-w- C:\Windows\System32\wuwebv.dll 2012-06-02 12:15:12 36864 ----a-w- C:\Windows\System32\wuapp.exe 2012-06-02 05:50:10 458704 ----a-w- C:\Windows\System32\drivers\cng.sys 2012-06-02 05:48:16 95600 ----a-w- C:\Windows\System32\drivers\ksecdd.sys 2012-06-02 05:48:16 151920 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys 2012-06-02 05:45:31 340992 ----a-w- C:\Windows\System32\schannel.dll 2012-06-02 05:44:21 307200 ----a-w- C:\Windows\System32\ncrypt.dll 2012-06-02 04:40:42 22016 ----a-w- C:\Windows\SysWow64\secur32.dll 2012-06-02 04:40:39 225280 ----a-w- C:\Windows\SysWow64\schannel.dll 2012-06-02 04:39:10 219136 ----a-w- C:\Windows\SysWow64\ncrypt.dll 2012-06-02 04:34:09 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll 2012-05-15 04:01:31 1188864 ----a-w- C:\Windows\System32\wininet.dll 2012-05-15 03:03:54 981504 ----a-w- C:\Windows\SysWow64\wininet.dll 2012-05-04 11:06:22 5559664 ----a-w- C:\Windows\System32\ntoskrnl.exe 2012-05-04 10:03:53 3968368 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe 2012-05-04 10:03:50 3913072 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe . ============= FINISH: 17:20:41,03 =============== Share this post Link to post Share on other sites
CeciliaB 475 Report post Posted July 31, 2012 Any remaining problems now? If not, I will give you instructions for how to uninstall OTL and the other special programs. 1 Share this post Link to post Share on other sites
kenanorhan 1 Report post Posted July 31, 2012 you are amazing )) i don't know how can i thank to you )) there is no babylon anymore even explorer i don't see 'how please check my exe' virus too ))) last time when i try to upload 10.2 i see blue screen... I hope this time when i update to 10.2 i don't see them. If i don't erase them (specially combofix) will it be problem??? 1 Share this post Link to post Share on other sites
CeciliaB 475 Report post Posted July 31, 2012 Thank you for all the kind words. Let us do one more check. Run an online scan with Eset http://www.eset.com/onlinescan/ To shorten the scanning time disable your antivirus program while scanning. Un-check "Remove found threats" Check "Scan Archives" Click "Advanced Settings" Check: Scan for potentially unwanted applications Scan for potentially unsafe applications Enable Anti-Stealth Technology Click Scan When the scan completes the log file C:\Program\Eset\Eset Online Scanner\log.txt is created. Open it in Notepad and paste its content in your answer. P.S. ComboFix is updated rather often so it shouldn't be saved. It should be downloaded every time it is needed. 1 Share this post Link to post Share on other sites
kenanorhan 1 Report post Posted July 31, 2012 [email protected] as downloader log: all ok # version=7 # OnlineScannerApp.exe=1.0.0.1 # OnlineScanner.ocx=1.0.0.6583 # api_version=3.0.2 # EOSSerial=62f60ceadd6261408900881fb23708ac # end=finished # remove_checked=false # archives_checked=true # unwanted_checked=true # unsafe_checked=true # antistealth_checked=true # utc_time=2012-07-31 04:18:57 # local_time=2012-07-31 07:18:57 (+0200, GTB Yaz Saati) # country="Turkey" # lang=1033 # osver=6.1.7601 NT Service Pack 1 # compatibility_mode=5893 16776574 100 35 36284565 54384155 0 0 # compatibility_mode=8192 67108863 100 0 506 506 0 0 # scanned=142284 # found=14 # cleaned=0 # scan_time=3667 C:\Qoobox\Quarantine\C\Rundll32.exe.vir a variant of MSIL/Injector.AKA trojan (unable to clean) 00000000000000000000000000000000 I C:\Qoobox\Quarantine\C\Users\Kenan ve Deniz\AppData\Roaming\brwcfj.exe.vir a variant of MSIL/Injector.AKA trojan (unable to clean) 00000000000000000000000000000000 I C:\Qoobox\Quarantine\C\Users\Kenan ve Deniz\AppData\Roaming\Orrirw.exe.vir a variant of Win32/Kryptik.AJBZ trojan (unable to clean) 00000000000000000000000000000000 I C:\Qoobox\Quarantine\C\Users\Kenan ve Deniz\AppData\Roaming\proclean.exe.vir a variant of MSIL/Injector.AKG trojan (unable to clean) 00000000000000000000000000000000 I C:\Qoobox\Quarantine\C\Users\Kenan ve Deniz\AppData\Roaming\proclean.zgy.vir a variant of MSIL/Injector.AKG trojan (unable to clean) 00000000000000000000000000000000 I C:\Qoobox\Quarantine\C\Users\Kenan ve Deniz\AppData\Roaming\rnbkwi.exe.vir a variant of Win32/Injector.Autoit.AF trojan (unable to clean) 00000000000000000000000000000000 I C:\Qoobox\Quarantine\C\Users\Kenan ve Deniz\AppData\Roaming\rqxkrl.exe.vir a variant of MSIL/Injector.AKG trojan (unable to clean) 00000000000000000000000000000000 I C:\Qoobox\Quarantine\C\Users\Kenan ve Deniz\AppData\Roaming\sccdlc.exe.vir a variant of MSIL/Injector.AKA trojan (unable to clean) 00000000000000000000000000000000 I C:\Qoobox\Quarantine\C\Users\Kenan ve Deniz\AppData\Roaming\vbccvbgfb.zgy.vir a variant of MSIL/Injector.AKG trojan (unable to clean) 00000000000000000000000000000000 I C:\Qoobox\Quarantine\C\Users\Kenan ve Deniz\AppData\Roaming\windowsand.zgy.vir a variant of MSIL/Injector.AKG trojan (unable to clean) 00000000000000000000000000000000 I C:\Qoobox\Quarantine\C\Users\Kenan ve Deniz\AppData\Roaming\wpjeqw.exe.vir Win32/Dorkbot.B worm (unable to clean) 00000000000000000000000000000000 I C:\Qoobox\Quarantine\C\Users\Kenan ve Deniz\AppData\Roaming\xllhol.exe.vir probably unknown NewHeur_PE virus (unable to clean) 00000000000000000000000000000000 I C:\Qoobox\Quarantine\C\Users\Kenan ve Deniz\AppData\Roaming\Microsoft\pdt__wpr_ridwsymbxnopd_kcoc_bsa.exe.vir a variant of MSIL/Spy.Agent.BW trojan (unable to clean) 00000000000000000000000000000000 I C:\Qoobox\Quarantine\D\Rundll32.exe.vir a variant of MSIL/Injector.AKA trojan (unable to clean) 00000000000000000000000000000000 I Share this post Link to post Share on other sites
CeciliaB 475 Report post Posted July 31, 2012 Thank you for liking my posts Good! All found in the quarantine of ComboFix. Please, run a full scan with Ad-Aware too. Before uninstalling the tools, Lavasoft would appreciate if you send the infected files to them. Do you know how to pack (zip) a folder? I would like you to zip C:\Qoobox\Quarantine and c:\_OTL\Moved Files. Please, start a new topic in http://www.lavasoftsupport.com/index.php?/forum/151-malware-uploads/ and attach the zipped folders. In the post you can paste a link to this topic. 1 Share this post Link to post Share on other sites
kenanorhan 1 Report post Posted July 31, 2012 Off course I'm gonna like your posts You are my best friend now ))) I don't know how can I uninstall and zip )) I'm just a computer user not a professional like you ))) Thank you again Share this post Link to post Share on other sites
kenanorhan 1 Report post Posted July 31, 2012 The new topic of the web page is Qoobox ))) I couldn't know which name shall I git it to the head )) [url="http://www.lavasoftsupport.com/index.php?/topic/32685-qoobox/"]http://www.lavasoftsupport.com/index.php?/topic/32685-qoobox/[/url] Share this post Link to post Share on other sites
kenanorhan 1 Report post Posted July 31, 2012 Esset is the uniqe program among The programs that you made me establish and run in the control panel the others on the desktop as a program symbols. Shall it enough to erase them from desktop? Share this post Link to post Share on other sites
kenanorhan 1 Report post Posted July 31, 2012 results of lavasoft full scan Share this post Link to post Share on other sites
kenanorhan 1 Report post Posted July 31, 2012 Dear Cecilia I have a bad news. Unfortuanetly we couldn't solve the 'babylon' problem yet. When I open the explorer the babylon aren't seemed but when I open a new tab here we go 'babylon' is there again. Another problem is that after second scan of first one ad aware detected 6 virus and going on to detect. I will send the detec report when it finish. In the second scan computer shut itself down. The problem are those for now thanks your efforts Share this post Link to post Share on other sites
kenanorhan 1 Report post Posted July 31, 2012 I scanned second times with Ad Aware. This time it detected 6 virus but it just deleted 1 of 6... Why this program doesn't delete the other 5??? Share this post Link to post Share on other sites
