kenanorhan

Members
  • Content Count

    52
  • Joined

  • Last visited

Community Reputation

1 Neutral

About kenanorhan

  • Rank
    Advanced Member
  1. I did everything you said. The other programs that we used... aswMBR MBR SystemLook
  2. sorry Windows can't find combofix file. Are you sure you write the name is right?
  3. IE 9 is fine there is no babylon anymore and here is the OTl result... This time is too short. What you think is it normal? ========== OTL ========== Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\\63726 deleted successfully. ========== COMMANDS ========== Restore point Set: OTL Restore Point OTL by OldTimer - Version 3.2.55.0 log created on 08012012_221154
  4. . DDS (Ver_2011-08-26.01) - NTFSAMD64 Internet Explorer: 8.0.7601.17514 BrowserJavaVersion: 10.5.1 Run by Kenan ve Deniz at 16:07:03 on 2012-08-01 Microsoft Windows 7 Home Premium 6.1.7601.1.1254.90.1055.18.3957.2484 [GMT 3:00] . AV: Lavasoft Ad-Aware *Enabled/Updated* {445B48C3-0FA4-6B16-8F07-6506F305D800} SP: Lavasoft Ad-Aware *Enabled/Updated* {FF3AA927-299E-6498-B5B7-5E74888292BD} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} FW: Lavasoft Ad-Aware *Enabled* {7C60C9E6-45CB-6A4E-A458-CC330DD69F7B} . ============== Running Processes =============== . C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k RPCSS C:\Windows\system32\atiesrxx.exe C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k NetworkService C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRYSVC.EXE C:\Windows\system32\WLANExt.exe C:\Windows\system32\conhost.exe C:\Program Files\Dell\Dell Wireless WLAN Card\bcmwltry.exe C:\Windows\system32\atieclxx.exe C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareService.exe C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe C:\Program Files (x86)\Bonjour\mDNSResponder.exe c:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Windows\System32\svchost.exe -k HPZ12 C:\Windows\System32\svchost.exe -k HPZ12 C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE C:\Windows\system32\svchost.exe -k imgsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe C:\Windows\system32\taskhost.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Windows\System32\rundll32.exe C:\Windows\system32\SearchIndexer.exe C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRAY.EXE C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe C:\Program Files (x86)\Winamp\winampa.exe C:\Program Files (x86)\iTunes\iTunesHelper.exe C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe C:\Program Files (x86)\Adobe\Reader 9.0\Reader\reader_sl.exe C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe C:\PROGRA~2\AD-AWA~1\AdAware.exe C:\Windows\system32\SearchProtocolHost.exe C:\Windows\system32\SearchFilterHost.exe C:\Program Files (x86)\Ad-Aware Antivirus\SBAMSvc.exe C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Windows\System32\svchost.exe -k LocalServicePeerNet C:\Users\Kenan ve Deniz\AppData\Local\Google\Chrome\Application\chrome.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\System32\svchost.exe -k WerSvcGroup C:\Windows\system32\DllHost.exe C:\Users\Kenan ve Deniz\AppData\Local\Google\Chrome\Application\chrome.exe C:\Windows\system32\sppsvc.exe C:\Users\Kenan ve Deniz\AppData\Local\Google\Chrome\Application\chrome.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\servicing\TrustedInstaller.exe C:\Windows\system32\DllHost.exe C:\Windows\system32\DllHost.exe C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\conhost.exe C:\Windows\SysWOW64\cscript.exe . ============== Pseudo HJT Report =============== . uStart Page = hxxp://www.google.com.tr/ uInternet Settings,ProxyOverride = *.local uSearchAssistant = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://www.google.com/search?q=%s mURLSearchHooks: Ad-Aware Security Toolbar: {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files (x86)\adawaretb\adawareDx.dll BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO: Winamp Toolbar Loader: {25cee8ec-5730-41bc-8b58-22ddc8ab8c20} - C:\Program Files (x86)\Winamp Toolbar\winamptb.dll BHO: Ad-Aware Security Toolbar: {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files (x86)\adawaretb\adawareDx.dll BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll BHO: Windows Live ID Oturum Açma Yardım Aracı: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll" TB: Winamp Toolbar: {ebf2ba02-9094-4c5a-858b-bb198f3d8de2} - C:\Program Files (x86)\Winamp Toolbar\winamptb.dll TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll" TB: Ad-Aware Security Toolbar: {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files (x86)\adawaretb\adawareDx.dll {555d4d79-4bd2-4094-a395-cfc534424a05} uRun: [TomTomHOME.exe] "C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe" mRun: [StartCCC] "c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun mRun: [PDVDDXSrv] "C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe" mRun: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe" mRun: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2 mRun: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" mRun: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe mRun: [WinampAgent] "C:\Program Files (x86)\Winamp\winampa.exe" mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" mRun: [Ad-Aware Browsing Protection] "C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe" mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" mRun: [Ad-Aware Antivirus] "C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareLauncher" --windows-run mExplorerRun: [63726] C:\PROGRA~3\LOCALS~1\Temp\mswartzai.cmd StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\BLUETO~1.LNK - C:\Program Files (x86)\WIDCOMM\Bluetooth Software\BTTray.exe mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3) mPolicies-system: EnableUIADesktopToggle = 0 (0x0) IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MIF5BA~1\Office12\ONBttnIE.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MIF5BA~1\Office12\REFIEBAR.DLL DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab DPF: {CAFEEFAC-0017-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab DPF: {D5D17C21-1719-4640-B0B2-4F3262419920} - hxxps://www.isbank.com.tr/Internet/lib/JaguarEdit4ISBv29.CAB TCP: DhcpNameServer = 192.168.1.1 TCP: Interfaces\{66E038D8-3659-42FE-8B79-20B4A5026A87} : DhcpNameServer = 212.65.128.2 212.65.140.142 TCP: Interfaces\{6D32B774-FBB3-42D0-9F84-11DD7E168A15} : NameServer = 8.8.8.8,8.8.4.4 TCP: Interfaces\{6D32B774-FBB3-42D0-9F84-11DD7E168A15} : DhcpNameServer = 192.168.1.1 TCP: Interfaces\{6E5B96E3-5364-4179-972A-90BA9B474A7F} : DhcpNameServer = 13.35.0.1 13.35.0.2 Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll {18DF081C-E8AD-4283-A596-FA578C2EBDC3} {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} {6c97a91e-4524-4019-86af-2aa2d567bf5c} {72853161-30C5-4D22-B7F9-0BBC1D38A37E} {9030D464-4C02-4ABF-8ECC-5164760863C6} {9FDDE16B-836F-4806-AB1F-1455CBEFF289} {d2ce3e00-f94a-4740-988e-03dc2f38c34f} {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} {8dcb7100-df86-4384-8842-8fa844297b3f} {6c97a91e-4524-4019-86af-2aa2d567bf5c} EB-X64: {555D4D79-4BD2-4094-A395-CFC534424A05} - No File mRun-x64: [StartCCC] "c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun mRun-x64: [PDVDDXSrv] "C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe" mRun-x64: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe" mRun-x64: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2 mRun-x64: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" mRun-x64: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe mRun-x64: [WinampAgent] "C:\Program Files (x86)\Winamp\winampa.exe" mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" mRun-x64: [Ad-Aware Browsing Protection] "C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe" mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" mRun-x64: [Ad-Aware Antivirus] "C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareLauncher" --windows-run IE-X64: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm SEH-X64: {B5A7F190-DDA6-4420-B3BA-52453494E6CD}: Groove GFS Stub Execution Hook . ================= FIREFOX =================== . FF - ProfilePath - C:\Users\Kenan ve Deniz\AppData\Roaming\Mozilla\Firefox\Profiles\b65q0j4k.default\ FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrlui.dll FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npwachk.dll FF - plugin: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll FF - plugin: C:\Users\Kenan ve Deniz\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_268.dll FF - plugin: C:\Windows\SysWOW64\npDeployJava1.dll FF - plugin: C:\Windows\SysWOW64\npmproxy.dll . ============= SERVICES / DRIVERS =============== . R0 Lbd;Lbd;C:\Windows\system32\DRIVERS\Lbd.sys --> C:\Windows\system32\DRIVERS\Lbd.sys [?] R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?] R1 SbFw;SbFw;C:\Windows\system32\drivers\SbFw.sys --> C:\Windows\system32\drivers\SbFw.sys [?] R1 SBRE;SBRE;C:\Windows\System32\drivers\SBREDrv.sys [2011-10-26 101112] R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?] R2 Ad-Aware Service;Ad-Aware Service;C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareService.exe [2012-5-3 1226096] R2 AERTFilters;Andrea RT Filters Service;C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe [2009-10-9 92160] R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?] R2 SBAMSvc;Ad-Aware;C:\Program Files (x86)\Ad-Aware Antivirus\SBAMSvc.exe [2011-12-19 3289032] R2 sbapifs;sbapifs;C:\Windows\system32\DRIVERS\sbapifs.sys --> C:\Windows\system32\DRIVERS\sbapifs.sys [?] R3 CtClsFlt;Creative Camera Class Upper Filter Driver;C:\Windows\system32\DRIVERS\CtClsFlt.sys --> C:\Windows\system32\DRIVERS\CtClsFlt.sys [?] R3 HECIx64;Intel(R) Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?] R3 Impcd;Impcd;C:\Windows\system32\DRIVERS\Impcd.sys --> C:\Windows\system32\DRIVERS\Impcd.sys [?] R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?] R3 SBFWIMCLMP;GFI Software Firewall NDIS IM Filter Miniport;C:\Windows\system32\DRIVERS\SBFWIM.sys --> C:\Windows\system32\DRIVERS\SBFWIM.sys [?] R3 sbhips;sbhips;C:\Windows\system32\drivers\sbhips.sys --> C:\Windows\system32\drivers\sbhips.sys [?] R3 sbwtis;sbwtis;C:\Windows\system32\DRIVERS\sbwtis.sys --> C:\Windows\system32\DRIVERS\sbwtis.sys [?] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576] S2 gupdate;Google Güncelleme Hizmeti (gupdate);"C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /svc --> C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [?] S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-4-10 250056] S3 BBSvc;Bing Bar Update Service;C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-4-1 183560] S3 btwl2cap;Bluetooth L2CAP Service;C:\Windows\system32\DRIVERS\btwl2cap.sys --> C:\Windows\system32\DRIVERS\btwl2cap.sys [?] S3 fssfltr;fssfltr;C:\Windows\system32\DRIVERS\fssfltr.sys --> C:\Windows\system32\DRIVERS\fssfltr.sys [?] S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2012-3-8 1492840] S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-7-31 113120] S3 Netaapl;Apple Mobile Device Ethernet Service;C:\Windows\system32\DRIVERS\netaapl64.sys --> C:\Windows\system32\DRIVERS\netaapl64.sys [?] S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\system32\Drivers\RtsUStor.sys --> C:\Windows\system32\Drivers\RtsUStor.sys [?] S3 SBFWIMCL;GFI Software Firewall NDIS IM Filter Service;C:\Windows\system32\DRIVERS\sbfwim.sys --> C:\Windows\system32\DRIVERS\sbfwim.sys [?] S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?] S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?] S3 WatAdminSvc;Windows Etkinleştirme Teknolojileri Hizmeti;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?] S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184] . =============== Created Last 30 ================ . 2012-07-31 14:09:26 -------- dc----w- C:\_OTL 2012-07-30 23:56:15 -------- dc----w- C:\$RECYCLE.BIN 2012-07-30 14:39:21 98816 ----a-w- C:\Windows\sed.exe 2012-07-30 14:39:21 518144 ----a-w- C:\Windows\SWREG.exe 2012-07-30 14:39:21 256000 ----a-w- C:\Windows\PEV.exe 2012-07-30 14:39:21 208896 ----a-w- C:\Windows\MBR.exe 2012-07-29 19:33:29 -------- d-----w- C:\Users\Kenan ve Deniz\AppData\Local\{F7105408-CB7A-409A-BC9C-D049858133E1} 2012-07-29 19:33:17 -------- d-----w- C:\Users\Kenan ve Deniz\AppData\Local\{4A8F921E-5FFD-4BA1-BB73-6F0690923D9C} 2012-07-29 12:26:31 -------- d-----w- C:\Users\Kenan ve Deniz\AppData\Local\adaware 2012-07-29 12:26:19 60536 ----a-w- C:\Windows\System32\drivers\sbhips.sys 2012-07-29 12:26:06 119416 ----a-w- C:\Windows\System32\drivers\SbFwIm.sys 2012-07-29 12:26:05 256632 ----a-w- C:\Windows\System32\drivers\SbFw.sys 2012-07-29 12:25:21 57976 ----a-w- C:\Windows\System32\drivers\sbredrv.sys 2012-07-29 12:25:21 45936 ----a-w- C:\Windows\System32\sbbd.exe 2012-07-29 11:54:04 -------- d-----w- C:\Users\Kenan ve Deniz\AppData\Local\Downloaded Installations 2012-07-28 01:14:00 1918320 ----a-w- C:\Windows\System32\drivers\tcpipreset 2012-07-28 01:13:37 -------- d-----w- C:\Users\Kenan ve Deniz\AppData\Local\Nichrome 2012-07-28 01:13:33 -------- d-----w- C:\Users\Kenan ve Deniz\AppData\Local\Xpom 2012-07-28 01:04:50 -------- d-----w- C:\Users\Kenan ve Deniz\AppData\Roaming\dclogs 2012-07-26 13:25:36 -------- d-----w- C:\Program Files (x86)\adawaretb 2012-07-26 13:25:31 69376 ----a-w- C:\Windows\System32\drivers\Lbd.sys 2012-07-26 00:14:28 -------- d-----w- C:\Program Files (x86)\Oracle 2012-07-11 11:07:46 3148800 ----a-w- C:\Windows\System32\win32k.sys 2012-07-03 03:12:07 -------- d-----w- C:\Users\Kenan ve Deniz\AppData\Local\Geekcorp . ==================== Find3M ==================== . 2012-07-27 23:49:51 70344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl 2012-07-27 23:49:51 426184 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe 2012-07-05 19:06:30 772544 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll 2012-07-05 19:06:20 687544 ----a-w- C:\Windows\SysWow64\deployJava1.dll 2012-06-06 06:06:16 2004480 ----a-w- C:\Windows\System32\msxml6.dll 2012-06-06 06:06:16 1881600 ----a-w- C:\Windows\System32\msxml3.dll 2012-06-06 06:02:54 1133568 ----a-w- C:\Windows\System32\cdosys.dll 2012-06-06 05:05:52 1390080 ----a-w- C:\Windows\SysWow64\msxml6.dll 2012-06-06 05:05:52 1236992 ----a-w- C:\Windows\SysWow64\msxml3.dll 2012-06-06 05:03:06 805376 ----a-w- C:\Windows\SysWow64\cdosys.dll 2012-06-02 22:15:31 2622464 ----a-w- C:\Windows\System32\wucltux.dll 2012-06-02 22:15:08 99840 ----a-w- C:\Windows\System32\wudriver.dll 2012-06-02 12:19:42 186752 ----a-w- C:\Windows\System32\wuwebv.dll 2012-06-02 12:15:12 36864 ----a-w- C:\Windows\System32\wuapp.exe 2012-06-02 05:50:10 458704 ----a-w- C:\Windows\System32\drivers\cng.sys 2012-06-02 05:48:16 95600 ----a-w- C:\Windows\System32\drivers\ksecdd.sys 2012-06-02 05:48:16 151920 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys 2012-06-02 05:45:31 340992 ----a-w- C:\Windows\System32\schannel.dll 2012-06-02 05:44:21 307200 ----a-w- C:\Windows\System32\ncrypt.dll 2012-06-02 04:40:42 22016 ----a-w- C:\Windows\SysWow64\secur32.dll 2012-06-02 04:40:39 225280 ----a-w- C:\Windows\SysWow64\schannel.dll 2012-06-02 04:39:10 219136 ----a-w- C:\Windows\SysWow64\ncrypt.dll 2012-06-02 04:34:09 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll 2012-05-15 04:01:31 1188864 ----a-w- C:\Windows\System32\wininet.dll 2012-05-15 03:03:54 981504 ----a-w- C:\Windows\SysWow64\wininet.dll 2012-05-04 11:06:22 5559664 ----a-w- C:\Windows\System32\ntoskrnl.exe 2012-05-04 10:03:53 3968368 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe 2012-05-04 10:03:50 3913072 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe . ============= FINISH: 16:09:27,33 ===============
  5. I got it this time correctly
  6. DDS (Ver_2011-08-26.01) - NTFSAMD64 Internet Explorer: 8.0.7601.17514 BrowserJavaVersion: 10.5.1 Run by Kenan ve Deniz at 8:13:07 on 2012-08-01 Microsoft Windows 7 Home Premium 6.1.7601.1.1254.90.1055.18.3957.2463 [GMT 3:00] . AV: Lavasoft Ad-Aware *Enabled/Updated* {445B48C3-0FA4-6B16-8F07-6506F305D800} SP: Lavasoft Ad-Aware *Enabled/Updated* {FF3AA927-299E-6498-B5B7-5E74888292BD} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} FW: Lavasoft Ad-Aware *Enabled* {7C60C9E6-45CB-6A4E-A458-CC330DD69F7B} . ============== Running Processes =============== . C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k RPCSS C:\Windows\system32\atiesrxx.exe C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\atieclxx.exe C:\Windows\system32\svchost.exe -k NetworkService C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRYSVC.EXE C:\Program Files\Dell\Dell Wireless WLAN Card\bcmwltry.exe C:\Windows\system32\WLANExt.exe C:\Windows\system32\conhost.exe C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareService.exe C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe C:\Program Files (x86)\Bonjour\mDNSResponder.exe c:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Windows\System32\svchost.exe -k HPZ12 C:\Windows\System32\svchost.exe -k HPZ12 C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe C:\Program Files (x86)\Ad-Aware Antivirus\SBAMSvc.exe C:\Windows\system32\taskhost.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRAY.EXE C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe C:\Program Files (x86)\Winamp\winampa.exe C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe C:\PROGRA~2\AD-AWA~1\AdAware.exe C:\Windows\system32\SearchIndexer.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Users\Kenan ve Deniz\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Kenan ve Deniz\AppData\Local\Google\Chrome\Application\chrome.exe C:\Windows\System32\svchost.exe -k LocalServicePeerNet C:\Windows\SysWOW64\rundll32.exe C:\Windows\system32\DllHost.exe C:\Users\Kenan ve Deniz\AppData\Local\Google\Chrome\Application\chrome.exe C:\Windows\SysWOW64\rundll32.exe C:\Users\Kenan ve Deniz\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Kenan ve Deniz\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Kenan ve Deniz\AppData\Local\Google\Chrome\Application\chrome.exe C:\Windows\system32\SearchProtocolHost.exe C:\Windows\system32\SearchFilterHost.exe C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\conhost.exe C:\Windows\SysWOW64\cscript.exe C:\Windows\system32\wbem\wmiprvse.exe . ============== Pseudo HJT Report =============== . uStart Page = hxxp://www.google.com.tr/ uInternet Settings,ProxyOverride = *.local uSearchAssistant = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://www.google.com/search?q=%s mURLSearchHooks: Ad-Aware Security Toolbar: {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files (x86)\adawaretb\adawareDx.dll BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO: Winamp Toolbar Loader: {25cee8ec-5730-41bc-8b58-22ddc8ab8c20} - C:\Program Files (x86)\Winamp Toolbar\winamptb.dll BHO: Ad-Aware Security Toolbar: {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files (x86)\adawaretb\adawareDx.dll BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll BHO: Windows Live ID Oturum Açma Yardım Aracı: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll" TB: Winamp Toolbar: {ebf2ba02-9094-4c5a-858b-bb198f3d8de2} - C:\Program Files (x86)\Winamp Toolbar\winamptb.dll TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll" TB: Ad-Aware Security Toolbar: {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files (x86)\adawaretb\adawareDx.dll {555d4d79-4bd2-4094-a395-cfc534424a05} uRun: [TomTomHOME.exe] "C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe" mRun: [StartCCC] "c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun mRun: [PDVDDXSrv] "C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe" mRun: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe" mRun: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2 mRun: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" mRun: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe mRun: [WinampAgent] "C:\Program Files (x86)\Winamp\winampa.exe" mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" mRun: [Ad-Aware Browsing Protection] "C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe" mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" mRun: [Ad-Aware Antivirus] "C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareLauncher" --windows-run mExplorerRun: [63726] C:\PROGRA~3\LOCALS~1\Temp\mswartzai.cmd StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\BLUETO~1.LNK - C:\Program Files (x86)\WIDCOMM\Bluetooth Software\BTTray.exe mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0) mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3) mPolicies-system: EnableLUA = 0 (0x0) mPolicies-system: EnableUIADesktopToggle = 0 (0x0) mPolicies-system: PromptOnSecureDesktop = 0 (0x0) IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MIF5BA~1\Office12\ONBttnIE.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MIF5BA~1\Office12\REFIEBAR.DLL DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab DPF: {CAFEEFAC-0017-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab DPF: {D5D17C21-1719-4640-B0B2-4F3262419920} - hxxps://www.isbank.com.tr/Internet/lib/JaguarEdit4ISBv29.CAB TCP: DhcpNameServer = 192.168.1.1 TCP: Interfaces\{66E038D8-3659-42FE-8B79-20B4A5026A87} : DhcpNameServer = 212.65.128.2 212.65.140.142 TCP: Interfaces\{6D32B774-FBB3-42D0-9F84-11DD7E168A15} : NameServer = 8.8.8.8,8.8.4.4 TCP: Interfaces\{6D32B774-FBB3-42D0-9F84-11DD7E168A15} : DhcpNameServer = 192.168.1.1 TCP: Interfaces\{6E5B96E3-5364-4179-972A-90BA9B474A7F} : DhcpNameServer = 13.35.0.1 13.35.0.2 Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll {18DF081C-E8AD-4283-A596-FA578C2EBDC3} {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} {6c97a91e-4524-4019-86af-2aa2d567bf5c} {72853161-30C5-4D22-B7F9-0BBC1D38A37E} {9030D464-4C02-4ABF-8ECC-5164760863C6} {9FDDE16B-836F-4806-AB1F-1455CBEFF289} {d2ce3e00-f94a-4740-988e-03dc2f38c34f} {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} {8dcb7100-df86-4384-8842-8fa844297b3f} {6c97a91e-4524-4019-86af-2aa2d567bf5c} EB-X64: {555D4D79-4BD2-4094-A395-CFC534424A05} - No File mRun-x64: [StartCCC] "c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun mRun-x64: [PDVDDXSrv] "C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe" mRun-x64: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe" mRun-x64: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2 mRun-x64: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" mRun-x64: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe mRun-x64: [WinampAgent] "C:\Program Files (x86)\Winamp\winampa.exe" mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" mRun-x64: [Ad-Aware Browsing Protection] "C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe" mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" mRun-x64: [Ad-Aware Antivirus] "C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareLauncher" --windows-run IE-X64: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm SEH-X64: {B5A7F190-DDA6-4420-B3BA-52453494E6CD}: Groove GFS Stub Execution Hook . ================= FIREFOX =================== . FF - ProfilePath - C:\Users\Kenan ve Deniz\AppData\Roaming\Mozilla\Firefox\Profiles\b65q0j4k.default\ FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrlui.dll FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npwachk.dll FF - plugin: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll FF - plugin: C:\Users\Kenan ve Deniz\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_268.dll FF - plugin: C:\Windows\SysWOW64\npDeployJava1.dll FF - plugin: C:\Windows\SysWOW64\npmproxy.dll . ============= SERVICES / DRIVERS =============== . R0 Lbd;Lbd;C:\Windows\system32\DRIVERS\Lbd.sys --> C:\Windows\system32\DRIVERS\Lbd.sys [?] R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?] R1 SbFw;SbFw;C:\Windows\system32\drivers\SbFw.sys --> C:\Windows\system32\drivers\SbFw.sys [?] R1 SBRE;SBRE;C:\Windows\System32\drivers\SBREDrv.sys [2011-10-26 101112] R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?] R2 Ad-Aware Service;Ad-Aware Service;C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareService.exe [2012-5-3 1226096] R2 AERTFilters;Andrea RT Filters Service;C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe [2009-10-9 92160] R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?] R2 SBAMSvc;Ad-Aware;C:\Program Files (x86)\Ad-Aware Antivirus\SBAMSvc.exe [2011-12-19 3289032] R2 sbapifs;sbapifs;C:\Windows\system32\DRIVERS\sbapifs.sys --> C:\Windows\system32\DRIVERS\sbapifs.sys [?] R3 CtClsFlt;Creative Camera Class Upper Filter Driver;C:\Windows\system32\DRIVERS\CtClsFlt.sys --> C:\Windows\system32\DRIVERS\CtClsFlt.sys [?] R3 HECIx64;Intel(R) Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?] R3 Impcd;Impcd;C:\Windows\system32\DRIVERS\Impcd.sys --> C:\Windows\system32\DRIVERS\Impcd.sys [?] R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?] R3 SBFWIMCLMP;GFI Software Firewall NDIS IM Filter Miniport;C:\Windows\system32\DRIVERS\SBFWIM.sys --> C:\Windows\system32\DRIVERS\SBFWIM.sys [?] R3 sbhips;sbhips;C:\Windows\system32\drivers\sbhips.sys --> C:\Windows\system32\drivers\sbhips.sys [?] R3 sbwtis;sbwtis;C:\Windows\system32\DRIVERS\sbwtis.sys --> C:\Windows\system32\DRIVERS\sbwtis.sys [?] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576] S2 gupdate;Google Güncelleme Hizmeti (gupdate);"C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /svc --> C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [?] S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-4-10 250056] S3 BBSvc;Bing Bar Update Service;C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-4-1 183560] S3 btwl2cap;Bluetooth L2CAP Service;C:\Windows\system32\DRIVERS\btwl2cap.sys --> C:\Windows\system32\DRIVERS\btwl2cap.sys [?] S3 fssfltr;fssfltr;C:\Windows\system32\DRIVERS\fssfltr.sys --> C:\Windows\system32\DRIVERS\fssfltr.sys [?] S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2012-3-8 1492840] S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-7-31 113120] S3 Netaapl;Apple Mobile Device Ethernet Service;C:\Windows\system32\DRIVERS\netaapl64.sys --> C:\Windows\system32\DRIVERS\netaapl64.sys [?] S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\system32\Drivers\RtsUStor.sys --> C:\Windows\system32\Drivers\RtsUStor.sys [?] S3 SBFWIMCL;GFI Software Firewall NDIS IM Filter Service;C:\Windows\system32\DRIVERS\sbfwim.sys --> C:\Windows\system32\DRIVERS\sbfwim.sys [?] S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?] S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?] S3 WatAdminSvc;Windows Etkinleştirme Teknolojileri Hizmeti;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?] S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184] . =============== Created Last 30 ================ . 2012-07-31 14:09:26 -------- dc----w- C:\_OTL 2012-07-30 23:56:15 -------- dc----w- C:\$RECYCLE.BIN 2012-07-30 14:39:21 98816 ----a-w- C:\Windows\sed.exe 2012-07-30 14:39:21 518144 ----a-w- C:\Windows\SWREG.exe 2012-07-30 14:39:21 256000 ----a-w- C:\Windows\PEV.exe 2012-07-30 14:39:21 208896 ----a-w- C:\Windows\MBR.exe 2012-07-29 19:33:29 -------- d-----w- C:\Users\Kenan ve Deniz\AppData\Local\{F7105408-CB7A-409A-BC9C-D049858133E1} 2012-07-29 19:33:17 -------- d-----w- C:\Users\Kenan ve Deniz\AppData\Local\{4A8F921E-5FFD-4BA1-BB73-6F0690923D9C} 2012-07-29 12:26:31 -------- d-----w- C:\Users\Kenan ve Deniz\AppData\Local\adaware 2012-07-29 12:26:19 60536 ----a-w- C:\Windows\System32\drivers\sbhips.sys 2012-07-29 12:26:06 119416 ----a-w- C:\Windows\System32\drivers\SbFwIm.sys 2012-07-29 12:26:05 256632 ----a-w- C:\Windows\System32\drivers\SbFw.sys 2012-07-29 12:25:21 57976 ----a-w- C:\Windows\System32\drivers\sbredrv.sys 2012-07-29 12:25:21 45936 ----a-w- C:\Windows\System32\sbbd.exe 2012-07-29 11:54:04 -------- d-----w- C:\Users\Kenan ve Deniz\AppData\Local\Downloaded Installations 2012-07-28 01:14:00 1918320 ----a-w- C:\Windows\System32\drivers\tcpipreset 2012-07-28 01:13:37 -------- d-----w- C:\Users\Kenan ve Deniz\AppData\Local\Nichrome 2012-07-28 01:13:33 -------- d-----w- C:\Users\Kenan ve Deniz\AppData\Local\Xpom 2012-07-28 01:04:50 -------- d-----w- C:\Users\Kenan ve Deniz\AppData\Roaming\dclogs 2012-07-26 13:25:36 -------- d-----w- C:\Program Files (x86)\adawaretb 2012-07-26 13:25:31 69376 ----a-w- C:\Windows\System32\drivers\Lbd.sys 2012-07-26 00:14:28 -------- d-----w- C:\Program Files (x86)\Oracle 2012-07-11 11:07:46 3148800 ----a-w- C:\Windows\System32\win32k.sys 2012-07-03 03:12:07 -------- d-----w- C:\Users\Kenan ve Deniz\AppData\Local\Geekcorp . ==================== Find3M ==================== . 2012-07-27 23:49:51 70344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl 2012-07-27 23:49:51 426184 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe 2012-07-05 19:06:30 772544 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll 2012-07-05 19:06:20 687544 ----a-w- C:\Windows\SysWow64\deployJava1.dll 2012-06-06 06:06:16 2004480 ----a-w- C:\Windows\System32\msxml6.dll 2012-06-06 06:06:16 1881600 ----a-w- C:\Windows\System32\msxml3.dll 2012-06-06 06:02:54 1133568 ----a-w- C:\Windows\System32\cdosys.dll 2012-06-06 05:05:52 1390080 ----a-w- C:\Windows\SysWow64\msxml6.dll 2012-06-06 05:05:52 1236992 ----a-w- C:\Windows\SysWow64\msxml3.dll 2012-06-06 05:03:06 805376 ----a-w- C:\Windows\SysWow64\cdosys.dll 2012-06-02 22:15:31 2622464 ----a-w- C:\Windows\System32\wucltux.dll 2012-06-02 22:15:08 99840 ----a-w- C:\Windows\System32\wudriver.dll 2012-06-02 12:19:42 186752 ----a-w- C:\Windows\System32\wuwebv.dll 2012-06-02 12:15:12 36864 ----a-w- C:\Windows\System32\wuapp.exe 2012-06-02 05:50:10 458704 ----a-w- C:\Windows\System32\drivers\cng.sys 2012-06-02 05:48:16 95600 ----a-w- C:\Windows\System32\drivers\ksecdd.sys 2012-06-02 05:48:16 151920 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys 2012-06-02 05:45:31 340992 ----a-w- C:\Windows\System32\schannel.dll 2012-06-02 05:44:21 307200 ----a-w- C:\Windows\System32\ncrypt.dll 2012-06-02 04:40:42 22016 ----a-w- C:\Windows\SysWow64\secur32.dll 2012-06-02 04:40:39 225280 ----a-w- C:\Windows\SysWow64\schannel.dll 2012-06-02 04:39:10 219136 ----a-w- C:\Windows\SysWow64\ncrypt.dll 2012-06-02 04:34:09 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll 2012-05-15 04:01:31 1188864 ----a-w- C:\Windows\System32\wininet.dll 2012-05-15 03:03:54 981504 ----a-w- C:\Windows\SysWow64\wininet.dll 2012-05-04 11:06:22 5559664 ----a-w- C:\Windows\System32\ntoskrnl.exe 2012-05-04 10:03:53 3968368 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe 2012-05-04 10:03:50 3913072 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe . ============= FINISH: 8:14:02,76 ===============
  7. finally at the three times
  8. I made two diffirent scan yesterday and which is of them belongs to 48 cause of them I put two of them as name 1lavasoftscan31072012 and 2lavasoftscan31072012...