TechSpot

[A] Search results are redirecting to some unwanted sites.

By MESUT UK
Apr 26, 2012
  1. Hi!
    This is my first time here. I had tried hijackthis and it helped three times before but now it doesn't work. It can not find anything wrong. I'm pasting the logs as instructed. Thank you.
    Malwarebytes Anti-Malware 1.61.0.1400
    www.malwarebytes.org

    Veritabanı sürümü: v2012.04.26.03

    Windows XP Service Pack 3 x86 NTFS
    Internet Explorer 7.0.5730.13
    Mesut ÜK :: MESUT-9DD1D88C9 [yönetici]

    26.04.2012 18:16:03
    mbam-log-2012-04-26 (18-16-03).txt

    Tarama kipi: Hızlı tarama
    Devrede olan tarama ayarları: Hafıza | Başlangıç | Kayıt defteri | Dosya Sistemi | Sezgisel/Ek | Sezgisel/Shuriken | PUP | PUM
    Devre dışı olan tarama ayarları: P2P
    Taranmış öğeler: 188155
    Geçen süre: 9 dakika, 23 saniye

    Bulunan Hafıza İşlemleri: 0
    (Zararlı öğe tespit edilmedi)

    Bulunan Hafıza Modülleri: 0
    (Zararlı öğe tespit edilmedi)

    Bulunan Kayıt Anahtarları: 0
    (Zararlı öğe tespit edilmedi)

    Bulunan Kayıt Değerleri: 0
    (Zararlı öğe tespit edilmedi)

    Bulunan Veri Öğeleri: 5
    HKCU\SOFTWARE\Policies\Microsoft\Internet Explorer\control panel|HomePage (PUM.Hijack.HomePageControl) -> Kötü: (1) İyi: (0) -> Başarıyla karantinaya alınıp, onarıldı.
    HKLM\SOFTWARE\Microsoft\Security Center|AntiVirusDisableNotify (PUM.Disabled.SecurityCenter) -> Kötü: (1) İyi: (0) -> Başarıyla karantinaya alınıp, onarıldı.
    HKLM\SOFTWARE\Microsoft\Security Center|FirewallDisableNotify (PUM.Disabled.SecurityCenter) -> Kötü: (1) İyi: (0) -> Başarıyla karantinaya alınıp, onarıldı.
    HKLM\SOFTWARE\Microsoft\Security Center|UpdatesDisableNotify (PUM.Disabled.SecurityCenter) -> Kötü: (1) İyi: (0) -> Başarıyla karantinaya alınıp, onarıldı.
    HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer\Control Panel|HomePage (PUM.Hijack.HomePageControl) -> Kötü: (1) İyi: (0) -> Başarıyla karantinaya alınıp, onarıldı.

    Bulunan Klasörler: 0
    (Zararlı öğe tespit edilmedi)

    Bulunan Dosyalar: 0
    (Zararlı öğe tespit edilmedi)

    (son)

    GMER 1.0.15.15641 - http://www.gmer.net
    Rootkit scan 2012-04-26 22:14:44
    Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-17 ST3160827AS rev.3.42
    Running: si9bumj7.exe; Driver: C:\DOCUME~1\MESUTK~1\LOCALS~1\Temp\kfadqpow.sys


    ---- System - GMER 1.0.15 ----

    SSDT F7F57DDC ZwClose
    SSDT F7F57D96 ZwCreateKey
    SSDT F7F57DE6 ZwCreateSection
    SSDT F7F57D8C ZwCreateThread
    SSDT F7F57D9B ZwDeleteKey
    SSDT F7F57DA5 ZwDeleteValueKey
    SSDT F7F57DD7 ZwDuplicateObject
    SSDT F7F57DAA ZwLoadKey
    SSDT F7F57D78 ZwOpenProcess
    SSDT F7F57D7D ZwOpenThread
    SSDT F7F57DFF ZwQueryValueKey
    SSDT F7F57DB4 ZwReplaceKey
    SSDT F7F57DF0 ZwRequestWaitReplyPort
    SSDT F7F57DAF ZwRestoreKey
    SSDT F7F57DEB ZwSetContextThread
    SSDT F7F57DF5 ZwSetSecurityObject
    SSDT F7F57DA0 ZwSetValueKey
    SSDT F7F57DFA ZwSystemDebugControl
    SSDT F7F57D87 ZwTerminateProcess

    ---- Kernel code sections - GMER 1.0.15 ----

    init C:\WINDOWS\system32\drivers\ALCXSENS.SYS entry point in "init" section [0xF71F9900]

    ---- User code sections - GMER 1.0.15 ----

    .text C:\Program Files\Opera\opera.exe[1304] USER32.dll!DialogBoxParamW 7E3747AB 5 Bytes JMP 00DDDC86
    .text C:\Program Files\Opera\opera.exe[1304] USER32.dll!DrawTextExW 7E37B415 5 Bytes JMP 00DDEED3
    .text C:\Program Files\Opera\opera.exe[1304] USER32.dll!DrawTextW 7E37D7E2 5 Bytes JMP 00DDED11
    .text C:\Program Files\Opera\opera.exe[1304] USER32.dll!SetClipboardData 7E380F9E 5 Bytes JMP 00DDE987
    .text C:\Program Files\Opera\opera.exe[1304] USER32.dll!DrawTextA 7E38C702 5 Bytes JMP 00DDEC36
    .text C:\Program Files\Opera\opera.exe[1304] USER32.dll!DrawTextExA 7E38C739 5 Bytes JMP 00DDEDEC
    .text C:\Program Files\Opera\opera.exe[1304] GDI32.dll!TextOutW 77F17EAC 5 Bytes JMP 00DDEB6A
    .text C:\Program Files\Opera\opera.exe[1304] GDI32.dll!ExtTextOutW 77F18086 5 Bytes JMP 00DDF09E
    .text C:\Program Files\Opera\opera.exe[1304] GDI32.dll!TextOutA 77F1BA4F 5 Bytes JMP 00DDEA9E
    .text C:\Program Files\Opera\opera.exe[1304] GDI32.dll!ExtTextOutA 77F1D3FA 5 Bytes JMP 00DDEFBA
    .text C:\Program Files\Opera\opera.exe[1304] GDI32.dll!GetGlyphIndicesA 77F3DFE3 5 Bytes JMP 00DDF45E
    .text C:\Program Files\Opera\opera.exe[1304] GDI32.dll!GetGlyphIndicesW 77F52604 5 Bytes JMP 00DDF52B
    .text C:\Program Files\Opera\opera.exe[1304] WS2_32.dll!getaddrinfo 71AA2A6F 5 Bytes JMP 00DDD7D7
    .text C:\Program Files\Opera\opera.exe[1304] WS2_32.dll!closesocket 71AA3E2B 5 Bytes JMP 00DDE8E0
    .text C:\Program Files\Opera\opera.exe[1304] WS2_32.dll!send 71AA4C27 5 Bytes JMP 00DDE455
    .text C:\Program Files\Opera\opera.exe[1304] WS2_32.dll!WSARecv 71AA4CB5 5 Bytes JMP 00DDE67C
    .text C:\Program Files\Opera\opera.exe[1304] WS2_32.dll!gethostbyname 71AA5355 5 Bytes JMP 00DDD716
    .text C:\Program Files\Opera\opera.exe[1304] WS2_32.dll!recv 71AA676F 5 Bytes JMP 00DDE4FA
    .text C:\Program Files\Opera\opera.exe[1304] WS2_32.dll!WSASend 71AA68FA 5 Bytes JMP 00DDE5A8
    .text C:\Program Files\Opera\opera.exe[1304] WS2_32.dll!WSAAsyncGetHostByName 71AAE99D 5 Bytes JMP 00DDDBA7
    .text C:\Program Files\Opera\opera.exe[1304] WININET.dll!InternetCrackUrlW 3FA53F0F 5 Bytes JMP 00DDF93A
    .text C:\Program Files\Opera\opera.exe[1304] WININET.dll!InternetCrackUrlA 3FA80124 5 Bytes JMP 00DDF7F1

    ---- Devices - GMER 1.0.15 ----

    AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

    ---- Registry - GMER 1.0.15 ----

    Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager@PendingFileRenameOperations ??? ?&??? ??????????????C:\WINDOWS\system32\COMRES.DLL;C:\WINDOWS\system32\xpsp2res.dll?Fi??? ??????? ??????????? ????????&?????????????????????? ??????????????C:\WINDOWS\system32\COMRES.DLL;C:\WINDOWS\system32\xpsp2res.dll?dll???(??????????r??????????????? ???p?????????eon??C:\WINDOWS\system32\COMRES.DLL;C:\WINDOWS\system32\xpsp2res.dll?uo(?? ???????n??????tt??? ? ? ? ????? ??????? ??????????? ???????? ?8?????????????????8?? ????????????@?C:\WINDOWS\system32\msi.dll???(?????????????????????? ??????? ??????????? ???????? ?F?????????????????F?? ????????????P?%SystemRoot%\System32\xpsp2res.dll????(?????????????????????? ??????? ??????????? ???????? ?F?????????????F?? ????????????P?%SystemRoot%\System32\ntbackup.exe????(?????????????????????? ? ????? ??????? ??????????? ???????? ?B?????????????B?? ????????????H?%SystemRoot%\System32\oakley.dll??(?????????????????????? ? ????? ??????? ??????????? ???????? ?@??? ???????sc????@?? ????????????H?%SystemRoot%\System32\cscui.dll???H?????? ???????????? ?0x00000007?????

    ---- EOF - GMER 1.0.15 ----

    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2011-08-26.01)
    .
    Microsoft Windows XP Professional
    Boot Device: \Device\HarddiskVolume1
    Install Date: 25.06.2009 21:59:00
    System Uptime: 26.04.2012 17:16:30 (5 hours ago)
    .
    Motherboard: Gigabyte Technology Co., Ltd. | | 8IPE775/-G
    Processor: Intel(R) Pentium(R) 4 CPU 3.00GHz | Socket 775 | 3014/200mhz
    .
    ==== Disk Partitions =========================
    .
    A: is Removable
    C: is FIXED (NTFS) - 39 GiB total, 23,383 GiB free.
    D: is FIXED (NTFS) - 110 GiB total, 91,669 GiB free.
    F: is CDROM (CDFS)
    G: is CDROM ()
    .
    ==== Disabled Device Manager Items =============
    .
    Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
    Description: Realtek RTL8187B Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter
    Device ID: USB\VID_0BDA&PID_8187\5&39FED2B0&0&6
    Manufacturer: Realtek Semiconductor Corp.
    Name: Realtek RTL8187B Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter
    PNP Device ID: USB\VID_0BDA&PID_8187\5&39FED2B0&0&6
    Service: RTL8187B
    .
    ==== System Restore Points ===================
    .
    RP1: 04.03.2012 09:48:36 - Sistem Denetleme Noktası
    RP2: 05.03.2012 12:09:48 - Sistem Denetleme Noktası
    RP3: 06.03.2012 17:17:30 - Sistem Denetleme Noktası
    RP4: 07.03.2012 17:51:24 - Sistem Denetleme Noktası
    RP5: 08.03.2012 21:06:10 - Sistem Denetleme Noktası
    RP6: 09.03.2012 22:07:09 - Sistem Denetleme Noktası
    RP7: 13.03.2012 21:24:32 - Sistem Denetleme Noktası
    RP8: 14.03.2012 22:45:08 - Sistem Denetleme Noktası
    RP9: 15.03.2012 03:00:22 - Software Distribution Service 3.0
    RP10: 16.03.2012 17:33:09 - Sistem Denetleme Noktası
    RP11: 18.03.2012 10:31:56 - Software Distribution Service 3.0
    RP12: 19.03.2012 20:32:36 - Sistem Denetleme Noktası
    RP13: 21.03.2012 14:31:40 - Sistem Denetleme Noktası
    RP14: 22.03.2012 17:00:40 - Sistem Denetleme Noktası
    RP15: 23.03.2012 17:15:46 - Sistem Denetleme Noktası
    RP16: 26.03.2012 12:53:10 - Sistem Denetleme Noktası
    RP17: 27.03.2012 14:40:13 - Sistem Denetleme Noktası
    RP18: 27.03.2012 22:39:57 - HP LaserJet Professional M1212nf MFP Yazıcı Sürücüsü Yüklendi
    RP19: 27.03.2012 22:40:09 - HP LaserJet Professional M1210 MFP Ser Yazıcı Sürücüsü Yüklendi
    RP20: 27.03.2012 22:40:17 - HP LaserJet Professional M1210 MFP Ser Yazıcı Sürücüsü Yüklendi
    RP21: 27.03.2012 22:40:24 - HP LaserJet Professional M1212nf MFP Yazıcı Sürücüsü Yüklendi
    RP22: 29.03.2012 09:43:42 - Software Distribution Service 3.0
    RP23: 05.04.2012 17:49:01 - Sistem Denetleme Noktası
    RP24: 09.04.2012 09:38:20 - Sistem Denetleme Noktası
    RP25: 10.04.2012 11:15:49 - Sistem Denetleme Noktası
    RP26: 11.04.2012 12:04:42 - Sistem Denetleme Noktası
    RP27: 12.04.2012 12:31:19 - Sistem Denetleme Noktası
    RP28: 13.04.2012 08:28:26 - Software Distribution Service 3.0
    RP29: 14.04.2012 07:24:45 - Geri Yükleme İşlemi
    RP30: 14.04.2012 07:28:24 - Software Distribution Service 3.0
    RP31: 15.04.2012 13:46:38 - Software Distribution Service 3.0
    RP32: 16.04.2012 16:02:26 - Sistem Denetleme Noktası
    RP33: 18.04.2012 11:34:36 - Sistem Denetleme Noktası
    RP34: 19.04.2012 12:15:03 - Sistem Denetleme Noktası
    RP35: 19.04.2012 17:20:01 - Geri Yükleme İşlemi
    RP36: 19.04.2012 17:27:16 - Geri Yükleme İşlemi
    RP37: 19.04.2012 17:31:24 - Geri Yükleme İşlemi
    RP38: 19.04.2012 17:37:24 - Geri Yükleme İşlemi
    RP39: 20.04.2012 22:24:44 - Sistem Denetleme Noktası
    RP40: 22.04.2012 15:24:20 - Sistem Denetleme Noktası
    RP41: 23.04.2012 18:09:48 - Sistem Denetleme Noktası
    RP42: 25.04.2012 14:46:06 - Sistem Denetleme Noktası
    RP43: 26.04.2012 17:16:57 - Geri Yükleme İşlemi
    RP44: 26.04.2012 17:40:29 - ARO 2012 - Before Installation
    RP45: 26.04.2012 17:40:54 - ARO 2012 - FIRST RUN
    .
    ==== Installed Programs ======================
    .
    .
    Adobe Acrobat 5.0
    Adobe Bridge 1.0
    Adobe Common File Installer
    Adobe Flash Player 10 ActiveX
    Adobe Flash Player 11 Plugin
    Adobe Help Center 1.0
    Adobe Photoshop CS2
    Adobe Reader 6.0
    Adobe Stock Photos 1.0
    Avira Free Antivirus
    Combined Community Codec Pack 2011-11-11
    Crazy Taxi 1.1.0
    Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
    DVD Solution
    Enable S3 for USB Device
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
    Hotfix for Windows Media Format 11 SDK (KB929399)
    Hotfix for Windows XP (KB954550-v5)
    hp deskjet 3500 series
    HP LaserJet Professional M1130-M1210 MFP Series
    HP LaserJet Professional M1210 MFP Series Fax Installer
    Internet Explorer için Yandex.Bar 6.0
    Java(TM) 6 Update 11
    LimeWire 5.2.8
    Malwarebytes Anti-Malware 1.61.0.1400 sürümü
    Marvell Miniport Driver
    Microsoft .NET Framework 2.0 Service Pack 2
    Microsoft .NET Framework 3.0 Service Pack 2
    Microsoft .NET Framework 3.5 SP1
    Microsoft .NET Framework 4 İstemci Profili TRK Dil Paketi
    Microsoft .NET Framework 4 Client Profile
    Microsoft .NET Framework 4 Client Profile TRK Language Pack
    Microsoft .NET Framework 4 Extended
    Microsoft .NET Framework 4 Extended TRK Language Pack
    Microsoft .NET Framework 4 Genişletilmiş TRK Dil Paketi
    Microsoft Application Error Reporting
    Microsoft Choice Guard
    Microsoft Internationalized Domain Names Mitigation APIs
    Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
    Microsoft National Language Support Downlevel APIs
    Microsoft Office 2010 Service Pack 1 (SP1)
    Microsoft Office Access MUI (Turkish) 2010
    Microsoft Office Excel MUI (Turkish) 2010
    Microsoft Office Groove MUI (Turkish) 2010
    Microsoft Office InfoPath MUI (Turkish) 2010
    Microsoft Office OneNote MUI (Turkish) 2010
    Microsoft Office Outlook MUI (Turkish) 2010
    Microsoft Office PowerPoint MUI (Turkish) 2010
    Microsoft Office Professional Plus 2010
    Microsoft Office Proof (English) 2010
    Microsoft Office Proof (French) 2010
    Microsoft Office Proof (German) 2010
    Microsoft Office Proof (Turkish) 2010
    Microsoft Office Proofing (Turkish) 2010
    Microsoft Office Publisher MUI (Turkish) 2010
    Microsoft Office Shared MUI (Turkish) 2010
    Microsoft Office Word MUI (Turkish) 2010
    Microsoft Software Update for Web Folders (Turkish) 14
    Microsoft User-Mode Driver Framework Feature Pack 1.0
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
    Microsoft Windows (KB2564958) için Güvenlik Güncelleştirmesi
    MSVC80_x86_v2
    MSVC90_x86
    MSVCRT
    MyFreeCodec
    Nero OEM
    Nokia Connectivity Cable Driver
    OGA Notifier 2.0.0048.0
    Opera 11.62
    Ovi Desktop Sync Engine
    OviMPlatform
    PC Connectivity Solution
    Picasa 2
    PowerDVD
    PowerProducer
    Realtek AC'97 Audio
    Scan To
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
    Security Update for Microsoft .NET Framework 4 İstemci Profili TRK Dil Paketi (KB2518870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
    Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
    Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
    Security Update for Microsoft Office 2010 (KB2553091)
    Security Update for Microsoft Office 2010 (KB2553096)
    Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition
    Security Update for Microsoft Office 2010 (KB2598039) 32-Bit Edition
    Security Update for Microsoft PowerPoint 2010 (KB2553185) 32-Bit Edition
    Security Update for Microsoft SharePoint Workspace 2010 (KB2566445)
    Security Update for Microsoft Visio Viewer 2010 (KB2597170) 32-Bit Edition
    Segoe UI
    Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
    Update for Microsoft Excel 2010 (KB2553439) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2494150)
    Update for Microsoft Office 2010 (KB2553065)
    Update for Microsoft Office 2010 (KB2553092)
    Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2553385) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2566458)
    Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2597091) 32-Bit Edition
    Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition
    Update for Microsoft Outlook 2010 (KB2553248) 32-Bit Edition
    Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition
    WEB Partner
    WebFldrs XP
    Winamp
    Winamp Toolbar
    Windows Internet Explorer 7
    Windows Internet Explorer 7 için Güncelleştirme (KB980182)
    Windows Internet Explorer 7 için Güvenlik Güncelleştirmesi (KB2183461)
    Windows Internet Explorer 7 için Güvenlik Güncelleştirmesi (KB2544521)
    Windows Internet Explorer 7 için Güvenlik Güncelleştirmesi (KB2647516)
    Windows Internet Explorer 7 için Güvenlik Güncelleştirmesi (KB2675157)
    Windows Internet Explorer 7 için Güvenlik Güncelleştirmesi (KB938127-v2)
    Windows Internet Explorer 7 için Güvenlik Güncelleştirmesi (KB976325)
    Windows Internet Explorer 7 için Güvenlik Güncelleştirmesi (KB978207)
    Windows Internet Explorer 7 için Güvenlik Güncelleştirmesi (KB982381)
    Windows Live Call
    Windows Live Communications Platform
    Windows Live Karşıya Yükleme Aracı
    Windows Live Messenger
    Windows Live Oturum Açma Yardımcısı
    Windows Live Temel Parçalar
    Windows Media Format 11 runtime
    Windows Media Player (KB2378111) için Güvenlik Güncelleştirmesi
    Windows Media Player (KB952069) için Güvenlik Güncelleştirmesi
    Windows Media Player (KB954155) için Güvenlik Güncelleştirmesi
    Windows Media Player (KB968816) için Güvenlik Güncelleştirmesi
    Windows Media Player (KB973540) için Güvenlik Güncelleştirmesi
    Windows Media Player (KB975558) için Güvenlik Güncelleştirmesi
    Windows Media Player (KB978695) için Güvenlik Güncelleştirmesi
    Windows Media Player (KB979402) için Güvenlik Güncelleştirmesi
    Windows Sürücü Paketi - Nokia pccsmcfd (08/22/2008 7.0.0.0)
    Windows XP (KB941569) için Güvenlik Güncelleştirmesi
    Windows XP için Düzeltme (KB2633952)
    Windows XP için Düzeltme (KB952287)
    Windows XP için Düzeltme (KB961118)
    Windows XP için Düzeltme (KB970653-v3)
    Windows XP için Düzeltme (KB976098-v2)
    Windows XP için Düzeltme (KB979306)
    Windows XP için Düzeltme (KB981793)
    Windows XP için Güncelleştirme (KB2141007)
    Windows XP için Güncelleştirme (KB2345886)
    Windows XP için Güncelleştirme (KB2641690)
    Windows XP için Güncelleştirme (KB951978)
    Windows XP için Güncelleştirme (KB955759)
    Windows XP için Güncelleştirme (KB955839)
    Windows XP için Güncelleştirme (KB961503)
    Windows XP için Güncelleştirme (KB967715)
    Windows XP için Güncelleştirme (KB968389)
    Windows XP için Güncelleştirme (KB971029)
    Windows XP için Güncelleştirme (KB971737)
    Windows XP için Güncelleştirme (KB973687)
    Windows XP için Güncelleştirme (KB973815)
    Windows XP için Güncelleştirme (KB976749)
    Windows XP için Güvenlik Güncelleştirmesi (KB2079403)
    Windows XP için Güvenlik Güncelleştirmesi (KB2115168)
    Windows XP için Güvenlik Güncelleştirmesi (KB2121546)
    Windows XP için Güvenlik Güncelleştirmesi (KB2160329)
    Windows XP için Güvenlik Güncelleştirmesi (KB2229593)
    Windows XP için Güvenlik Güncelleştirmesi (KB2259922)
    Windows XP için Güvenlik Güncelleştirmesi (KB2286198)
    Windows XP için Güvenlik Güncelleştirmesi (KB2296011)
    Windows XP için Güvenlik Güncelleştirmesi (KB2347290)
    Windows XP için Güvenlik Güncelleştirmesi (KB2360937)
    Windows XP için Güvenlik Güncelleştirmesi (KB2387149)
    Windows XP için Güvenlik Güncelleştirmesi (KB2393802)
    Windows XP için Güvenlik Güncelleştirmesi (KB2412687)
    Windows XP için Güvenlik Güncelleştirmesi (KB2419632)
    Windows XP için Güvenlik Güncelleştirmesi (KB2423089)
    Windows XP için Güvenlik Güncelleştirmesi (KB2440591)
    Windows XP için Güvenlik Güncelleştirmesi (KB2443105)
    Windows XP için Güvenlik Güncelleştirmesi (KB2476490)
    Windows XP için Güvenlik Güncelleştirmesi (KB2478960)
    Windows XP için Güvenlik Güncelleştirmesi (KB2478971)
    Windows XP için Güvenlik Güncelleştirmesi (KB2479943)
    Windows XP için Güvenlik Güncelleştirmesi (KB2481109)
    Windows XP için Güvenlik Güncelleştirmesi (KB2483185)
    Windows XP için Güvenlik Güncelleştirmesi (KB2485663)
    Windows XP için Güvenlik Güncelleştirmesi (KB2491683)
    Windows XP için Güvenlik Güncelleştirmesi (KB2506212)
    Windows XP için Güvenlik Güncelleştirmesi (KB2507618)
    Windows XP için Güvenlik Güncelleştirmesi (KB2507938)
    Windows XP için Güvenlik Güncelleştirmesi (KB2508429)
    Windows XP için Güvenlik Güncelleştirmesi (KB2509553)
    Windows XP için Güvenlik Güncelleştirmesi (KB2510581)
    Windows XP için Güvenlik Güncelleştirmesi (KB2535512)
    Windows XP için Güvenlik Güncelleştirmesi (KB2536276-v2)
    Windows XP için Güvenlik Güncelleştirmesi (KB2544893-v2)
    Windows XP için Güvenlik Güncelleştirmesi (KB2566454)
    Windows XP için Güvenlik Güncelleştirmesi (KB2570222)
    Windows XP için Güvenlik Güncelleştirmesi (KB2570947)
    Windows XP için Güvenlik Güncelleştirmesi (KB2584146)
    Windows XP için Güvenlik Güncelleştirmesi (KB2585542)
    Windows XP için Güvenlik Güncelleştirmesi (KB2592799)
    Windows XP için Güvenlik Güncelleştirmesi (KB2598479)
    Windows XP için Güvenlik Güncelleştirmesi (KB2603381)
    Windows XP için Güvenlik Güncelleştirmesi (KB2618451)
    Windows XP için Güvenlik Güncelleştirmesi (KB2619339)
    Windows XP için Güvenlik Güncelleştirmesi (KB2620712)
    Windows XP için Güvenlik Güncelleştirmesi (KB2621440)
    Windows XP için Güvenlik Güncelleştirmesi (KB2624667)
    Windows XP için Güvenlik Güncelleştirmesi (KB2631813)
    Windows XP için Güvenlik Güncelleştirmesi (KB2633171)
    Windows XP için Güvenlik Güncelleştirmesi (KB2641653)
    Windows XP için Güvenlik Güncelleştirmesi (KB2646524)
    Windows XP için Güvenlik Güncelleştirmesi (KB2647518)
    Windows XP için Güvenlik Güncelleştirmesi (KB2653956)
    Windows XP için Güvenlik Güncelleştirmesi (KB2660465)
    Windows XP için Güvenlik Güncelleştirmesi (KB2661637)
    Windows XP için Güvenlik Güncelleştirmesi (KB923561)
    Windows XP için Güvenlik Güncelleştirmesi (KB923789)
    Windows XP için Güvenlik Güncelleştirmesi (KB938464-v2)
    Windows XP için Güvenlik Güncelleştirmesi (KB946648)
    Windows XP için Güvenlik Güncelleştirmesi (KB950760)
    Windows XP için Güvenlik Güncelleştirmesi (KB950762)
    Windows XP için Güvenlik Güncelleştirmesi (KB950974)
    Windows XP için Güvenlik Güncelleştirmesi (KB951066)
    Windows XP için Güvenlik Güncelleştirmesi (KB951376-v2)
    Windows XP için Güvenlik Güncelleştirmesi (KB951748)
    Windows XP için Güvenlik Güncelleştirmesi (KB952004)
    Windows XP için Güvenlik Güncelleştirmesi (KB952954)
    Windows XP için Güvenlik Güncelleştirmesi (KB954459)
    Windows XP için Güvenlik Güncelleştirmesi (KB954600)
    Windows XP için Güvenlik Güncelleştirmesi (KB955069)
    Windows XP için Güvenlik Güncelleştirmesi (KB956572)
    Windows XP için Güvenlik Güncelleştirmesi (KB956744)
    Windows XP için Güvenlik Güncelleştirmesi (KB956802)
    Windows XP için Güvenlik Güncelleştirmesi (KB956803)
    Windows XP için Güvenlik Güncelleştirmesi (KB956844)
    Windows XP için Güvenlik Güncelleştirmesi (KB957097)
    Windows XP için Güvenlik Güncelleştirmesi (KB958644)
    Windows XP için Güvenlik Güncelleştirmesi (KB958687)
    Windows XP için Güvenlik Güncelleştirmesi (KB958869)
    Windows XP için Güvenlik Güncelleştirmesi (KB959426)
    Windows XP için Güvenlik Güncelleştirmesi (KB960225)
    Windows XP için Güvenlik Güncelleştirmesi (KB960803)
    Windows XP için Güvenlik Güncelleştirmesi (KB960859)
    Windows XP için Güvenlik Güncelleştirmesi (KB961371)
    Windows XP için Güvenlik Güncelleştirmesi (KB961373)
    Windows XP için Güvenlik Güncelleştirmesi (KB961501)
    Windows XP için Güvenlik Güncelleştirmesi (KB968537)
    Windows XP için Güvenlik Güncelleştirmesi (KB969059)
    Windows XP için Güvenlik Güncelleştirmesi (KB969897)
    Windows XP için Güvenlik Güncelleştirmesi (KB969898)
    Windows XP için Güvenlik Güncelleştirmesi (KB969947)
    Windows XP için Güvenlik Güncelleştirmesi (KB970238)
    Windows XP için Güvenlik Güncelleştirmesi (KB970430)
    Windows XP için Güvenlik Güncelleştirmesi (KB971468)
    Windows XP için Güvenlik Güncelleştirmesi (KB971486)
    Windows XP için Güvenlik Güncelleştirmesi (KB971557)
    Windows XP için Güvenlik Güncelleştirmesi (KB971633)
    Windows XP için Güvenlik Güncelleştirmesi (KB971657)
    Windows XP için Güvenlik Güncelleştirmesi (KB971961)
    Windows XP için Güvenlik Güncelleştirmesi (KB972260)
    Windows XP için Güvenlik Güncelleştirmesi (KB972270)
    Windows XP için Güvenlik Güncelleştirmesi (KB973346)
    Windows XP için Güvenlik Güncelleştirmesi (KB973354)
    Windows XP için Güvenlik Güncelleştirmesi (KB973507)
    Windows XP için Güvenlik Güncelleştirmesi (KB973525)
    Windows XP için Güvenlik Güncelleştirmesi (KB973869)
    Windows XP için Güvenlik Güncelleştirmesi (KB973904)
    Windows XP için Güvenlik Güncelleştirmesi (KB974112)
    Windows XP için Güvenlik Güncelleştirmesi (KB974318)
    Windows XP için Güvenlik Güncelleştirmesi (KB974392)
    Windows XP için Güvenlik Güncelleştirmesi (KB974455)
    Windows XP için Güvenlik Güncelleştirmesi (KB974571)
    Windows XP için Güvenlik Güncelleştirmesi (KB975025)
    Windows XP için Güvenlik Güncelleştirmesi (KB975467)
    Windows XP için Güvenlik Güncelleştirmesi (KB975560)
    Windows XP için Güvenlik Güncelleştirmesi (KB975561)
    Windows XP için Güvenlik Güncelleştirmesi (KB975562)
    Windows XP için Güvenlik Güncelleştirmesi (KB975713)
    Windows XP için Güvenlik Güncelleştirmesi (KB977165)
    Windows XP için Güvenlik Güncelleştirmesi (KB977816)
    Windows XP için Güvenlik Güncelleştirmesi (KB977914)
    Windows XP için Güvenlik Güncelleştirmesi (KB978037)
    Windows XP için Güvenlik Güncelleştirmesi (KB978251)
    Windows XP için Güvenlik Güncelleştirmesi (KB978262)
    Windows XP için Güvenlik Güncelleştirmesi (KB978338)
    Windows XP için Güvenlik Güncelleştirmesi (KB978542)
    Windows XP için Güvenlik Güncelleştirmesi (KB978601)
    Windows XP için Güvenlik Güncelleştirmesi (KB978706)
    Windows XP için Güvenlik Güncelleştirmesi (KB979309)
    Windows XP için Güvenlik Güncelleştirmesi (KB979482)
    Windows XP için Güvenlik Güncelleştirmesi (KB979559)
    Windows XP için Güvenlik Güncelleştirmesi (KB979683)
    Windows XP için Güvenlik Güncelleştirmesi (KB979687)
    Windows XP için Güvenlik Güncelleştirmesi (KB980195)
    Windows XP için Güvenlik Güncelleştirmesi (KB980218)
    Windows XP için Güvenlik Güncelleştirmesi (KB980232)
    Windows XP için Güvenlik Güncelleştirmesi (KB980436)
    Windows XP için Güvenlik Güncelleştirmesi (KB981322)
    Windows XP için Güvenlik Güncelleştirmesi (KB981349)
    Windows XP için Güvenlik Güncelleştirmesi (KB981852)
    Windows XP için Güvenlik Güncelleştirmesi (KB981997)
    Windows XP için Güvenlik Güncelleştirmesi (KB982132)
    Windows XP için Güvenlik Güncelleştirmesi (KB982214)
    Windows XP için Güvenlik Güncelleştirmesi (KB982665)
    Windows XP için Güvenlik Güncelleştirmesi (KB982802)
    Windows XP Service Pack 3
    WinRAR arşiv yöneticisi
    .
    ==== End Of File ===========================

    .
    DDS (Ver_2011-08-26.01) - NTFSx86
    Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_11
    Run by Mesut ÜK at 22:25:04 on 2012-04-26
    Microsoft Windows XP Professional 5.1.2600.3.1254.90.1055.18.1023.572 [GMT 3:00]
    .
    .
    ============== Running Processes ===============
    .
    C:\WINDOWS\system32\svchost -k DcomLaunch
    svchost.exe
    C:\WINDOWS\System32\svchost.exe -k netsvcs
    C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
    svchost.exe
    svchost.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\WINDOWS\system32\spoolsv.exe
    svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\HP\HP LaserJet M1210 MFP Series\ReceiveFaxUtility.exe
    C:\WINDOWS\system32\HPSIsvc.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\WINDOWS\system32\svchost.exe -k imgsvc
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\Avira\AntiVir Desktop\sched.exe
    C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
    C:\Program Files\Avira\AntiVir Desktop\avguard.exe
    C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
    C:\Program Files\Opera\opera.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://
    uSearch Page = hxxp://www.google.com
    uSearch Bar = hxxp://www.google.com/ie
    uDefault_Search_URL = hxxp://www.google.com/ie
    uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
    mStart Page = hxxp://www.arahemen.com
    uSearchAssistant = hxxp://www.google.com/ie
    uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
    uURLSearchHooks: Winamp Search Class: {57bca5fa-5dbb-45a2-b558-1755c3f6253b} - c:\program files\winamp toolbar\winamptb.dll
    mURLSearchHooks: Winamp Search Class: {57bca5fa-5dbb-45a2-b558-1755c3f6253b} - c:\program files\winamp toolbar\winamptb.dll
    BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 5.0\reader\activex\AcroIEHelper.ocx
    BHO: Winamp Toolbar Loader: {25cee8ec-5730-41bc-8b58-22ddc8ab8c20} - c:\program files\winamp toolbar\winamptb.dll
    BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\micros~2\office14\GROOVEEX.DLL
    BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
    BHO: Windows Live Oturum Açma Yardım Aracı: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
    BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - c:\progra~1\micros~2\office14\URLREDIR.DLL
    BHO: Yer imleri: {c93f72a2-2162-4bba-a07a-f13663c297a6} - c:\program files\yandex\yandexbarie\fastdial.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
    BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    TB: Winamp Toolbar: {ebf2ba02-9094-4c5a-858b-bb198f3d8de2} - c:\program files\winamp toolbar\winamptb.dll
    TB: Yandex.Bar: {91397d20-1446-11d4-8af4-0040ca1127b6} - c:\program files\yandex\yandexbarie\yndbar.dll
    uRun: [CTFMON.EXE] c:\windows\system32\ctfmon.exe
    uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
    uRun: [KiesTrayAgent] c:\program files\samsung\kies\/\KiesTrayAgent.exe
    uRun: [Mobile Partner] c:\program files\web partner\WEB Partner
    mRun: [NeroFilterCheck] c:\windows\system32\NeroCheck.exe
    mRun: [NokiaMServer] c:\program files\common files\nokia\mplatform\NokiaMServer /watchfiles startup
    mRun: [BCSSync] "c:\program files\microsoft office\office14\BCSSync.exe" /DelayServices
    mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
    mRunOnce: [Malwarebytes Anti-Malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent
    dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
    StartupFolder: c:\docume~1\mesutk~1\startm~1\progra~1\balang~1\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
    IE: &Winamp Search - c:\documents and settings\all users\application data\winamp toolbar\ietoolbar\resources\en-us\local\search.html
    IE: Microsoft Excel'e &Ver - c:\progra~1\micros~2\office14\EXCEL.EXE/3000
    IE: Microsoft Excel'e Gö&nder - c:\progra~1\micros~2\office10\EXCEL.EXE/3000
    IE: OneNote'a G&önder - c:\progra~1\micros~2\office14\ONBttnIE.dll/105
    IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
    IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll
    IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
    DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
    TCP: Interfaces\{41A994F1-5EF9-476F-82DB-311B9D412ED3} : DhcpNameServer = 192.168.1.1
    TCP: Interfaces\{A66D0EDC-CBEA-4EE9-9380-CCE6E9BA5DE6} : NameServer = 208.67.222.222,208.67.220.220
    Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL
    SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
    SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\micros~2\office14\GROOVEEX.DLL
    .
    ============= SERVICES / DRIVERS ===============
    .
    R1 avkmgr;avkmgr;c:\windows\system32\drivers\avkmgr.sys [2012-4-26 36000]
    R2 AntiVirSchedulerService;Avira Zamanlayıcı;c:\program files\avira\antivir desktop\sched.exe [2012-4-26 86224]
    R2 AntiVirService;Avira Realtime Protection;c:\program files\avira\antivir desktop\avguard.exe [2012-4-26 110032]
    R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2012-4-26 74640]
    R2 HPM1210RcvFaxSrvc;HP LaserJet Professional M1210 MFP Series Receive Fax Service;c:\program files\hp\hp laserjet m1210 mfp series\ReceiveFaxUtility.exe [2009-11-18 245760]
    R2 HPSIService;HP SI Service;c:\windows\system32\HPSIsvc.exe [2012-3-27 99896]
    R3 huawei_enumerator;huawei_enumerator;c:\windows\system32\drivers\ew_jubusenum.sys [2012-3-8 70656]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S3 dgderdrv;dgderdrv;c:\windows\system32\drivers\dgderdrv.sys --> c:\windows\system32\drivers\dgderdrv.sys [?]
    S3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;c:\windows\system32\drivers\ew_hwusbdev.sys [2012-3-8 101504]
    S3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\drivers\ewusbnet.sys [2012-3-8 117504]
    S3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.Sys [2010-8-21 36640]
    S3 HP1210FAX;HP1210MFP FAX;c:\windows\system32\drivers\HPM1210FAX.sys [2012-3-27 13824]
    S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\microsoft office\office14\GROOVE.EXE [2011-6-12 31125880]
    S3 mvusbews;USB EWS Device;c:\windows\system32\drivers\mvusbews.sys [2012-3-27 17408]
    S3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2010-1-9 4640000]
    S3 RTL8187B;Realtek RTL8187B Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\drivers\RTL8187B.sys [2012-2-16 341376]
    S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
    .
    =============== Created Last 30 ================
    .
    2012-04-26 16:50:58 302592 ----a-w- c:\program files\5fq7mpmt.exe
    2012-04-26 15:13:24 -------- d-----w- c:\documents and settings\mesut ük\application data\Malwarebytes
    2012-04-26 15:13:17 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes
    2012-04-26 15:13:16 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
    2012-04-26 15:13:16 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2012-04-26 15:00:49 -------- d-----w- c:\documents and settings\mesut ük\application data\Avira
    2012-04-26 14:54:54 74640 ----a-w- c:\windows\system32\drivers\avgntflt.sys
    2012-04-26 14:54:54 36000 ----a-w- c:\windows\system32\drivers\avkmgr.sys
    2012-04-26 14:54:53 -------- d-----w- c:\program files\Avira
    2012-04-26 14:54:53 -------- d-----w- c:\documents and settings\all users\application data\Avira
    2012-04-26 14:40:30 -------- d-----w- c:\program files\ARO 2012
    2012-04-14 04:25:52 -------- d-----w- c:\windows\system32\wbem\repository\FS
    2012-04-14 04:25:52 -------- d-----w- c:\windows\system32\wbem\Repository
    2012-04-09 08:12:02 -------- d-----w- c:\documents and settings\all users\application data\Tarma Installer
    2012-04-09 08:11:30 -------- d-----w- c:\program files\SweetIM
    2012-04-09 08:11:30 -------- d-----w- c:\documents and settings\all users\application data\SweetIM
    2012-04-09 08:10:51 -------- d-----w- c:\program files\fbphotozoom
    2012-04-09 08:10:31 -------- d-----w- c:\program files\1ClickDownload
    2012-03-27 19:41:33 -------- d-sh--w- c:\windows\ftpcache
    2012-03-27 19:40:31 99896 ----a-w- c:\windows\system32\HPSIsvc.exe
    2012-03-27 19:37:56 316416 ----a-r- c:\windows\system32\Difxapi.dll
    2012-03-27 19:37:56 284160 ----a-w- c:\windows\system32\mvhlewsi.dll
    2012-03-27 19:37:56 -------- d-----w- c:\program files\HP
    .
    ==================== Find3M ====================
    .
    2012-03-03 22:01:51 88576 --sha-r- c:\windows\system32\eapp3hst6.dll
    2012-03-01 01:15:14 832512 ----a-w- c:\windows\system32\wininet.dll
    2012-03-01 01:15:13 1830912 ------w- c:\windows\system32\inetcpl.cpl
    2012-03-01 01:15:12 78336 ----a-w- c:\windows\system32\ieencode.dll
    2012-03-01 01:15:12 17408 ----a-w- c:\windows\system32\corpol.dll
    2012-02-29 14:10:26 177664 ----a-w- c:\windows\system32\wintrust.dll
    2012-02-29 14:10:26 148480 ----a-w- c:\windows\system32\imagehlp.dll
    2012-02-22 17:26:46 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2012-02-14 09:09:44 1070352 ----a-w- c:\windows\system32\MSCOMCTL.OCX
    2012-02-03 09:57:55 1860096 ----a-w- c:\windows\system32\win32k.sys
    2004-03-11 10:27:22 40960 ----a-w- c:\program files\Uninstall_CDS.exe
    .
    ============= FINISH: 22:25:37,46 ===============
     
  2. Broni

    Broni Malware Annihilator Posts: 52,898   +344

    Welcome aboard [​IMG]

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running tools or applying updates other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

    ======================================================================

    Download aswMBR to your desktop.
    Double click the aswMBR.exe to run it.
    If you see this question: Would you like to download latest Avast! virus definitions?" say "Yes".
    Click the "Scan" button to start scan.
    On completion of the scan click "Save log", save it to your desktop and post in your next reply.

    NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.

    =======================================================================

    Download Bootkit Remover to your desktop.

    • Unzip downloaded file to your Desktop.
    • Double-click on boot_cleaner.exe to run the program (Vista/7 users,right click on boot_cleaner.exe and click Run As Administrator).
    • It will show a Black screen with some data on it.
    • Right click on the screen and click Select All.
    • Press CTRL+C
    • Open a Notepad and press CTRL+V
    • Post the output back here.
     
  3. MESUT UK

    MESUT UK TS Rookie Topic Starter

    aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
    Run date: 2012-04-26 23:33:16
    -----------------------------
    23:33:16.062 OS Version: Windows 5.1.2600 Service Pack 3
    23:33:16.062 Number of processors: 2 586 0x304
    23:33:16.062 ComputerName: MESUT-9DD1D88C9 UserName: Mesut ÜK
    23:33:16.343 Initialize success
    23:38:13.656 AVAST engine defs: 12042601
    23:38:23.515 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-17
    23:38:23.515 Disk 0 Vendor: ST3160827AS 3.42 Size: 152624MB BusType: 3
    23:38:23.531 Disk 0 MBR read successfully
    23:38:23.531 Disk 0 MBR scan
    23:38:23.578 Disk 0 Windows XP default MBR code
    23:38:23.578 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 39997 MB offset 63
    23:38:23.609 Disk 0 Partition - 00 0F Extended LBA 112611 MB offset 81915435
    23:38:23.640 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 112611 MB offset 81915498
    23:38:23.656 Disk 0 scanning sectors +312544575
    23:38:23.796 Disk 0 scanning C:\WINDOWS\system32\drivers
    23:38:50.500 Service scanning
    23:39:10.125 Modules scanning
    23:39:30.812 Disk 0 trace - called modules:
    23:39:30.828 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS
    23:39:30.828 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86770ab8]
    23:39:30.828 3 CLASSPNP.SYS[f786efd7] -> nt!IofCallDriver -> \Device\00000060[0x867c5970]
    23:39:30.843 5 ACPI.sys[f77e5620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP1T0L0-17[0x8677b940]
    23:39:30.968 AVAST engine scan C:\WINDOWS
    23:39:51.093 AVAST engine scan C:\WINDOWS\system32
    23:41:44.703 File: C:\WINDOWS\system32\eapp3hst6.dll **INFECTED** Win32:Diller-CK [Trj]
    23:54:00.328 AVAST engine scan C:\WINDOWS\system32\drivers
    23:55:23.984 AVAST engine scan C:\Documents and Settings\Mesut ÜK
    00:06:48.609 AVAST engine scan C:\Documents and Settings\All Users
    00:08:50.171 Scan finished successfully
    00:24:50.453 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Mesut ÜK\Desktop\MBR.dat"
    00:24:50.453 The log file has been saved successfully to "C:\Documents and Settings\Mesut ÜK\Desktop\aswMBR.txt"



    Bootkit Remover
    (c) 2009 Esage Lab
    www.esagelab.com

    Program version: 1.2.0.1
    OS Version: Microsoft Windows XP Professional Service Pack 3 (build 2600)

    System volume is \\.\C:
    \\.\C: -> \\.\PhysicalDrive0 at offset 0x00000000`00007e00
    Boot sector MD5 is: 8487dbc556ec759e457711b301eb1e4e

    Size Device Name MBR Status
    --------------------------------------------
    149 GB \\.\PhysicalDrive0 Unknown boot code

    Unknown boot code has been found on some of your physical disks.
    To inspect the boot code manually, dump the master boot sector:
    remover.exe dump <device_name> [output_file]
    To disinfect the master boot sector, use the following command:
    remover.exe fix <device_name>


    Done;
    Press any key to quit...
     
  4. Broni

    Broni Malware Annihilator Posts: 52,898   +344

    Please download ComboFix from Here or Here to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
    • Never rename Combofix unless instructed.
    • Close any open browsers.
    • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
    • Double click on combofix.exe & follow the prompts.

    • NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.
    • When finished, it will produce a report for you.
    • Please post the "C:\ComboFix.txt"
    **Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
    **Note 2 for AVG and CA Internet Security users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
    Use AppRemover to uninstall it: http://www.appremover.com/
    We can reinstall it when we're done with CF.
    **Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.
    **Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.


    Make sure, you re-enable your security programs, when you're done with Combofix.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    NOTE.
    If, for some reason, Combofix refuses to run, try one of the following:

    1. Run Combofix from Safe Mode.

    2. Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
    Do NOT run it yet.
    Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.
    There are 4 different versions. If one of them won't run then download and try to run the other one.
    Vista and Win7 users need to right click Rkill and choose Run as Administrator
    You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

    * Rkill.com
    * Rkill.scr
    * Rkill.exe
    • Double-click on the Rkill icon to run the tool.
    • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If not, delete the file, then download and use the one provided in Link 2.
    • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
    • Do not reboot until instructed.
    • If the tool does not run from any of the links provided, please let me know.
    Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

    If normal mode still doesn't work, run BOTH tools from safe mode.

    In case #2, please post BOTH logs, rKill and Combofix.

    DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
     
  5. MESUT UK

    MESUT UK TS Rookie Topic Starter

    ComboFix 12-04-27.01 - Mesut ÜK 27.04.2012 8:54.1.2 - x86
    Microsoft Windows XP Professional 5.1.2600.3.1254.90.1055.18.1023.608 [GMT 3:00]
    Running from: d:\program\ComboFix.exe
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\windows\system32\SET7.tmp
    c:\windows\system32\SET8.tmp
    c:\windows\system32\SET9.tmp
    c:\windows\system32\SETA.tmp
    .
    .
    ((((((((((((((((((((((((( Files Created from 2012-03-27 to 2012-04-27 )))))))))))))))))))))))))))))))
    .
    .
    2012-04-26 16:50 . 2012-04-26 16:50 302592 ----a-w- c:\program files\5fq7mpmt.exe
    2012-04-26 15:13 . 2012-04-26 15:13 -------- d-----w- c:\documents and settings\Mesut ÜK\Application Data\Malwarebytes
    2012-04-26 15:13 . 2012-04-26 15:13 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
    2012-04-26 15:13 . 2012-04-26 15:13 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2012-04-26 15:13 . 2012-04-04 12:56 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
    2012-04-26 15:00 . 2012-04-26 15:00 -------- d-----w- c:\documents and settings\Mesut ÜK\Application Data\Avira
    2012-04-26 14:54 . 2012-02-03 12:30 74640 ----a-w- c:\windows\system32\drivers\avgntflt.sys
    2012-04-26 14:54 . 2012-02-03 12:30 36000 ----a-w- c:\windows\system32\drivers\avkmgr.sys
    2012-04-26 14:54 . 2012-02-03 12:30 137416 ----a-w- c:\windows\system32\drivers\avipbb.sys
    2012-04-26 14:54 . 2012-04-26 14:54 -------- d-----w- c:\program files\Avira
    2012-04-26 14:54 . 2012-04-26 14:54 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira
    2012-04-26 14:40 . 2012-04-26 15:05 -------- d-----w- c:\program files\ARO 2012
    2012-04-14 04:25 . 2012-04-14 04:25 -------- d-----w- c:\windows\system32\wbem\Repository
    2012-04-09 08:12 . 2012-04-09 08:12 -------- d-----w- c:\documents and settings\All Users\Application Data\Tarma Installer
    2012-04-09 08:11 . 2012-04-09 08:11 -------- d-----w- c:\program files\SweetIM
    2012-04-09 08:11 . 2012-04-09 08:11 -------- d-----w- c:\documents and settings\All Users\Application Data\SweetIM
    2012-04-09 08:10 . 2012-04-09 08:10 -------- d-----w- c:\program files\fbphotozoom
    2012-04-09 08:10 . 2012-04-14 04:25 -------- d-----w- c:\program files\1ClickDownload
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2012-03-01 01:15 . 2004-08-03 21:45 832512 ----a-w- c:\windows\system32\wininet.dll
    2012-03-01 01:15 . 2004-08-03 21:45 1830912 ------w- c:\windows\system32\inetcpl.cpl
    2012-03-01 01:15 . 2004-08-03 21:45 78336 ----a-w- c:\windows\system32\ieencode.dll
    2012-03-01 01:15 . 2004-08-03 21:45 17408 ----a-w- c:\windows\system32\corpol.dll
    2012-02-29 14:10 . 2004-08-03 21:45 177664 ----a-w- c:\windows\system32\wintrust.dll
    2012-02-29 14:10 . 2004-08-03 21:45 148480 ----a-w- c:\windows\system32\imagehlp.dll
    2012-02-22 17:26 . 2012-02-22 17:26 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2012-02-14 09:09 . 2012-02-14 09:09 1070352 ----a-w- c:\windows\system32\MSCOMCTL.OCX
    2012-02-03 09:57 . 2004-08-03 21:38 1860096 ----a-w- c:\windows\system32\win32k.sys
    2004-03-11 10:27 . 2009-07-01 21:15 40960 ----a-w- c:\program files\Uninstall_CDS.exe
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
    "{57BCA5FA-5DBB-45a2-B558-1755C3F6253B}"= "c:\program files\Winamp Toolbar\winamptb.dll" [2009-05-06 1262888]
    .
    [HKEY_CLASSES_ROOT\clsid\{57bca5fa-5dbb-45a2-b558-1755c3f6253b}]
    [HKEY_CLASSES_ROOT\WINAMPTB.AOLTBSearch.1]
    [HKEY_CLASSES_ROOT\TypeLib\{538CD77C-BFDD-49b0-9562-77419CAB89D1}]
    [HKEY_CLASSES_ROOT\WINAMPTB.AOLTBSearch]
    .
    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
    "{91397D20-1446-11D4-8AF4-0040CA1127B6}"= "c:\program files\Yandex\YandexBarIE\yndbar.dll" [2011-11-25 12361016]
    .
    [HKEY_CLASSES_ROOT\clsid\{91397d20-1446-11d4-8af4-0040ca1127b6}]
    [HKEY_CLASSES_ROOT\Yandex.Toolbar.1]
    [HKEY_CLASSES_ROOT\TypeLib\{91397D13-1446-11D4-8AF4-0040CA1127B6}]
    [HKEY_CLASSES_ROOT\Yandex.Toolbar]
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Mobile Partner"="c:\program files\WEB Partner\WEB Partner" [X]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "NokiaMServer"="c:\program files\Common Files\Nokia\MPlatform\NokiaMServer" [X]
    "NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
    "BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
    "avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2012-02-03 258512]
    .
    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
    .
    c:\documents and settings\Mesut ÜK\Start Menu\Programlar\Başlangıç\
    Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
    @="Driver"
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\security center]
    "AntiVirusOverride"=dword:00000001
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall"= 0 (0x0)
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\Program Files\\Messenger\\msmsgs.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "c:\\Program Files\\LimeWire\\LimeWire.exe"=
    "c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
    "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
    "c:\\Program Files\\Microsoft Office\\Office14\\ONENOTE.EXE"=
    "c:\\Program Files\\Microsoft Office\\Office14\\OUTLOOK.EXE"=
    "c:\\Program Files\\Opera\\opera.exe"=
    "c:\\Program Files\\Microsoft Office\\Office14\\GROOVE.EXE"=
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "2565:TCP"= 2565:TCP:Windows Core Service
    .
    R1 avkmgr;avkmgr;c:\windows\system32\drivers\avkmgr.sys [26.04.2012 17:54 36000]
    R2 AntiVirSchedulerService;Avira Zamanlayıcı;c:\program files\Avira\AntiVir Desktop\sched.exe [26.04.2012 17:54 86224]
    R2 HPM1210RcvFaxSrvc;HP LaserJet Professional M1210 MFP Series Receive Fax Service;c:\program files\HP\HP LaserJet M1210 MFP Series\ReceiveFaxUtility.exe [18.11.2009 11:18 245760]
    R2 HPSIService;HP SI Service;c:\windows\system32\HPSIsvc.exe [27.03.2012 22:40 99896]
    R3 huawei_enumerator;huawei_enumerator;c:\windows\system32\drivers\ew_jubusenum.sys [08.03.2012 10:32 70656]
    R3 RTL8187B;Realtek RTL8187B Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\drivers\RTL8187B.sys [16.02.2012 16:17 341376]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [18.03.2010 14:16 130384]
    S3 dgderdrv;dgderdrv;c:\windows\system32\drivers\dgderdrv.sys --> c:\windows\system32\drivers\dgderdrv.sys [?]
    S3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;c:\windows\system32\drivers\ew_hwusbdev.sys [08.03.2012 10:32 101504]
    S3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\drivers\ewusbnet.sys [08.03.2012 10:32 117504]
    S3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.Sys [21.08.2010 14:20 36640]
    S3 HP1210FAX;HP1210MFP FAX;c:\windows\system32\drivers\HPM1210FAX.sys [27.03.2012 22:39 13824]
    S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [12.06.2011 12:15 31125880]
    S3 mvusbews;USB EWS Device;c:\windows\system32\drivers\mvusbews.sys [27.03.2012 22:39 17408]
    S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [09.01.2010 22:37 4640000]
    S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [18.03.2010 14:16 753504]
    .
    --- Other Services/Drivers In Memory ---
    .
    *NewlyCreated* - SSMDRV
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2012-04-27 c:\windows\Tasks\AutoKMS.job
    - c:\windows\AutoKMS\AutoKMS.exe [2012-03-16 08:14]
    .
    2012-04-27 c:\windows\Tasks\Bbnhzn.job
    - c:\windows\system32\eapp3hst6.dll [2012-03-03 22:01]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://
    uDefault_Search_URL = hxxp://www.google.com/ie
    uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
    mStart Page = hxxp://www.arahemen.com
    uSearchAssistant = hxxp://www.google.com/ie
    uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
    IE: &Winamp Search - c:\documents and settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
    IE: Microsoft Excel'e &Ver - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
    IE: Microsoft Excel'e Gö&nder - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
    IE: OneNote'a G&önder - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
    TCP: DhcpNameServer = 192.168.1.1 192.168.1.1
    TCP: Interfaces\{41A994F1-5EF9-476F-82DB-311B9D412ED3}: DhcpNameServer = 192.168.1.1
    TCP: Interfaces\{A66D0EDC-CBEA-4EE9-9380-CCE6E9BA5DE6}: NameServer = 208.67.222.222,208.67.220.220
    .
    - - - - ORPHANS REMOVED - - - -
    .
    HKCU-Run-KiesTrayAgent - c:\program files\Samsung\Kies\/\KiesTrayAgent.exe
    .
    .
    .
    **************************************************************************
    .
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2012-04-27 09:00
    Windows 5.1.2600 Service Pack 3 NTFS
    .
    scanning hidden processes ...
    .
    scanning hidden autostart entries ...
    .
    scanning hidden files ...
    .
    scan completed successfully
    hidden files: 0
    .
    **************************************************************************
    .
    Completion time: 2012-04-27 09:02:24
    ComboFix-quarantined-files.txt 2012-04-27 06:02
    .
    Pre-Run: 24.918.999.040 bayt boş
    Post-Run: 25.616.216.064 bayt boş
    .
    WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
    [boot loader]
    timeout=2
    default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
    [operating systems]
    c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
    UnsupportedDebug="do not select this" /debug
    multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
    .
    - - End Of File - - 10F31EA4FDF1E8C0A64750D17755A35B
     
  6. Broni

    Broni Malware Annihilator Posts: 52,898   +344

    1. Please open Notepad (Start>All Programs>Accessories>Notepad).

    2. Now copy/paste the entire content of the codebox below into the Notepad window:

    Code:
    File::
    c:\program files\5fq7mpmt.exe
    c:\windows\Tasks\Bbnhzn.job
    c:\windows\system32\eapp3hst6.dll
    
    ClearJavaCache::
    

    3. Save the above as CFScript.txt

    4. Close/disable all anti virus and anti malware programs again, so they do not interfere with the running of ComboFix.

    5. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

    [​IMG]


    6. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:
    • Combofix.txt
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...