Inactive [A] Search results are redirecting to some unwanted sites.

Status
Not open for further replies.
M

MESUT UK

Hi!
This is my first time here. I had tried hijackthis and it helped three times before but now it doesn't work. It can not find anything wrong. I'm pasting the logs as instructed. Thank you.
Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org

Veritabanı sürümü: v2012.04.26.03

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 7.0.5730.13
Mesut ÜK :: MESUT-9DD1D88C9 [yönetici]

26.04.2012 18:16:03
mbam-log-2012-04-26 (18-16-03).txt

Tarama kipi: Hızlı tarama
Devrede olan tarama ayarları: Hafıza | Başlangıç | Kayıt defteri | Dosya Sistemi | Sezgisel/Ek | Sezgisel/Shuriken | PUP | PUM
Devre dışı olan tarama ayarları: P2P
Taranmış öğeler: 188155
Geçen süre: 9 dakika, 23 saniye

Bulunan Hafıza İşlemleri: 0
(Zararlı öğe tespit edilmedi)

Bulunan Hafıza Modülleri: 0
(Zararlı öğe tespit edilmedi)

Bulunan Kayıt Anahtarları: 0
(Zararlı öğe tespit edilmedi)

Bulunan Kayıt Değerleri: 0
(Zararlı öğe tespit edilmedi)

Bulunan Veri Öğeleri: 5
HKCU\SOFTWARE\Policies\Microsoft\Internet Explorer\control panel|HomePage (PUM.Hijack.HomePageControl) -> Kötü: (1) İyi: (0) -> Başarıyla karantinaya alınıp, onarıldı.
HKLM\SOFTWARE\Microsoft\Security Center|AntiVirusDisableNotify (PUM.Disabled.SecurityCenter) -> Kötü: (1) İyi: (0) -> Başarıyla karantinaya alınıp, onarıldı.
HKLM\SOFTWARE\Microsoft\Security Center|FirewallDisableNotify (PUM.Disabled.SecurityCenter) -> Kötü: (1) İyi: (0) -> Başarıyla karantinaya alınıp, onarıldı.
HKLM\SOFTWARE\Microsoft\Security Center|UpdatesDisableNotify (PUM.Disabled.SecurityCenter) -> Kötü: (1) İyi: (0) -> Başarıyla karantinaya alınıp, onarıldı.
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer\Control Panel|HomePage (PUM.Hijack.HomePageControl) -> Kötü: (1) İyi: (0) -> Başarıyla karantinaya alınıp, onarıldı.

Bulunan Klasörler: 0
(Zararlı öğe tespit edilmedi)

Bulunan Dosyalar: 0
(Zararlı öğe tespit edilmedi)

(son)

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2012-04-26 22:14:44
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-17 ST3160827AS rev.3.42
Running: si9bumj7.exe; Driver: C:\DOCUME~1\MESUTK~1\LOCALS~1\Temp\kfadqpow.sys


---- System - GMER 1.0.15 ----

SSDT F7F57DDC ZwClose
SSDT F7F57D96 ZwCreateKey
SSDT F7F57DE6 ZwCreateSection
SSDT F7F57D8C ZwCreateThread
SSDT F7F57D9B ZwDeleteKey
SSDT F7F57DA5 ZwDeleteValueKey
SSDT F7F57DD7 ZwDuplicateObject
SSDT F7F57DAA ZwLoadKey
SSDT F7F57D78 ZwOpenProcess
SSDT F7F57D7D ZwOpenThread
SSDT F7F57DFF ZwQueryValueKey
SSDT F7F57DB4 ZwReplaceKey
SSDT F7F57DF0 ZwRequestWaitReplyPort
SSDT F7F57DAF ZwRestoreKey
SSDT F7F57DEB ZwSetContextThread
SSDT F7F57DF5 ZwSetSecurityObject
SSDT F7F57DA0 ZwSetValueKey
SSDT F7F57DFA ZwSystemDebugControl
SSDT F7F57D87 ZwTerminateProcess

---- Kernel code sections - GMER 1.0.15 ----

init C:\WINDOWS\system32\drivers\ALCXSENS.SYS entry point in "init" section [0xF71F9900]

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\Opera\opera.exe[1304] USER32.dll!DialogBoxParamW 7E3747AB 5 Bytes JMP 00DDDC86
.text C:\Program Files\Opera\opera.exe[1304] USER32.dll!DrawTextExW 7E37B415 5 Bytes JMP 00DDEED3
.text C:\Program Files\Opera\opera.exe[1304] USER32.dll!DrawTextW 7E37D7E2 5 Bytes JMP 00DDED11
.text C:\Program Files\Opera\opera.exe[1304] USER32.dll!SetClipboardData 7E380F9E 5 Bytes JMP 00DDE987
.text C:\Program Files\Opera\opera.exe[1304] USER32.dll!DrawTextA 7E38C702 5 Bytes JMP 00DDEC36
.text C:\Program Files\Opera\opera.exe[1304] USER32.dll!DrawTextExA 7E38C739 5 Bytes JMP 00DDEDEC
.text C:\Program Files\Opera\opera.exe[1304] GDI32.dll!TextOutW 77F17EAC 5 Bytes JMP 00DDEB6A
.text C:\Program Files\Opera\opera.exe[1304] GDI32.dll!ExtTextOutW 77F18086 5 Bytes JMP 00DDF09E
.text C:\Program Files\Opera\opera.exe[1304] GDI32.dll!TextOutA 77F1BA4F 5 Bytes JMP 00DDEA9E
.text C:\Program Files\Opera\opera.exe[1304] GDI32.dll!ExtTextOutA 77F1D3FA 5 Bytes JMP 00DDEFBA
.text C:\Program Files\Opera\opera.exe[1304] GDI32.dll!GetGlyphIndicesA 77F3DFE3 5 Bytes JMP 00DDF45E
.text C:\Program Files\Opera\opera.exe[1304] GDI32.dll!GetGlyphIndicesW 77F52604 5 Bytes JMP 00DDF52B
.text C:\Program Files\Opera\opera.exe[1304] WS2_32.dll!getaddrinfo 71AA2A6F 5 Bytes JMP 00DDD7D7
.text C:\Program Files\Opera\opera.exe[1304] WS2_32.dll!closesocket 71AA3E2B 5 Bytes JMP 00DDE8E0
.text C:\Program Files\Opera\opera.exe[1304] WS2_32.dll!send 71AA4C27 5 Bytes JMP 00DDE455
.text C:\Program Files\Opera\opera.exe[1304] WS2_32.dll!WSARecv 71AA4CB5 5 Bytes JMP 00DDE67C
.text C:\Program Files\Opera\opera.exe[1304] WS2_32.dll!gethostbyname 71AA5355 5 Bytes JMP 00DDD716
.text C:\Program Files\Opera\opera.exe[1304] WS2_32.dll!recv 71AA676F 5 Bytes JMP 00DDE4FA
.text C:\Program Files\Opera\opera.exe[1304] WS2_32.dll!WSASend 71AA68FA 5 Bytes JMP 00DDE5A8
.text C:\Program Files\Opera\opera.exe[1304] WS2_32.dll!WSAAsyncGetHostByName 71AAE99D 5 Bytes JMP 00DDDBA7
.text C:\Program Files\Opera\opera.exe[1304] WININET.dll!InternetCrackUrlW 3FA53F0F 5 Bytes JMP 00DDF93A
.text C:\Program Files\Opera\opera.exe[1304] WININET.dll!InternetCrackUrlA 3FA80124 5 Bytes JMP 00DDF7F1

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager@PendingFileRenameOperations ??? ?&??? ??????????????C:\WINDOWS\system32\COMRES.DLL;C:\WINDOWS\system32\xpsp2res.dll?Fi??? ??????? ??????????? ????????&?????????????????????? ??????????????C:\WINDOWS\system32\COMRES.DLL;C:\WINDOWS\system32\xpsp2res.dll?dll???(??????????r??????????????? ???p?????????eon??C:\WINDOWS\system32\COMRES.DLL;C:\WINDOWS\system32\xpsp2res.dll?uo(?? ???????n??????tt??? ? ? ? ????? ??????? ??????????? ???????? ?8?????????????????8?? ????????????@?C:\WINDOWS\system32\msi.dll???(?????????????????????? ??????? ??????????? ???????? ?F?????????????????F?? ????????????P?%SystemRoot%\System32\xpsp2res.dll????(?????????????????????? ??????? ??????????? ???????? ?F?????????????F?? ????????????P?%SystemRoot%\System32\ntbackup.exe????(?????????????????????? ? ????? ??????? ??????????? ???????? ?B?????????????B?? ????????????H?%SystemRoot%\System32\oakley.dll??(?????????????????????? ? ????? ??????? ??????????? ???????? ?@??? ???????sc????@?? ????????????H?%SystemRoot%\System32\cscui.dll???H?????? ???????????? ?0x00000007?????

---- EOF - GMER 1.0.15 ----

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 25.06.2009 21:59:00
System Uptime: 26.04.2012 17:16:30 (5 hours ago)
.
Motherboard: Gigabyte Technology Co., Ltd. | | 8IPE775/-G
Processor: Intel(R) Pentium(R) 4 CPU 3.00GHz | Socket 775 | 3014/200mhz
.
==== Disk Partitions =========================
.
A: is Removable
C: is FIXED (NTFS) - 39 GiB total, 23,383 GiB free.
D: is FIXED (NTFS) - 110 GiB total, 91,669 GiB free.
F: is CDROM (CDFS)
G: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Realtek RTL8187B Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter
Device ID: USB\VID_0BDA&PID_8187\5&39FED2B0&0&6
Manufacturer: Realtek Semiconductor Corp.
Name: Realtek RTL8187B Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter
PNP Device ID: USB\VID_0BDA&PID_8187\5&39FED2B0&0&6
Service: RTL8187B
.
==== System Restore Points ===================
.
RP1: 04.03.2012 09:48:36 - Sistem Denetleme Noktası
RP2: 05.03.2012 12:09:48 - Sistem Denetleme Noktası
RP3: 06.03.2012 17:17:30 - Sistem Denetleme Noktası
RP4: 07.03.2012 17:51:24 - Sistem Denetleme Noktası
RP5: 08.03.2012 21:06:10 - Sistem Denetleme Noktası
RP6: 09.03.2012 22:07:09 - Sistem Denetleme Noktası
RP7: 13.03.2012 21:24:32 - Sistem Denetleme Noktası
RP8: 14.03.2012 22:45:08 - Sistem Denetleme Noktası
RP9: 15.03.2012 03:00:22 - Software Distribution Service 3.0
RP10: 16.03.2012 17:33:09 - Sistem Denetleme Noktası
RP11: 18.03.2012 10:31:56 - Software Distribution Service 3.0
RP12: 19.03.2012 20:32:36 - Sistem Denetleme Noktası
RP13: 21.03.2012 14:31:40 - Sistem Denetleme Noktası
RP14: 22.03.2012 17:00:40 - Sistem Denetleme Noktası
RP15: 23.03.2012 17:15:46 - Sistem Denetleme Noktası
RP16: 26.03.2012 12:53:10 - Sistem Denetleme Noktası
RP17: 27.03.2012 14:40:13 - Sistem Denetleme Noktası
RP18: 27.03.2012 22:39:57 - HP LaserJet Professional M1212nf MFP Yazıcı Sürücüsü Yüklendi
RP19: 27.03.2012 22:40:09 - HP LaserJet Professional M1210 MFP Ser Yazıcı Sürücüsü Yüklendi
RP20: 27.03.2012 22:40:17 - HP LaserJet Professional M1210 MFP Ser Yazıcı Sürücüsü Yüklendi
RP21: 27.03.2012 22:40:24 - HP LaserJet Professional M1212nf MFP Yazıcı Sürücüsü Yüklendi
RP22: 29.03.2012 09:43:42 - Software Distribution Service 3.0
RP23: 05.04.2012 17:49:01 - Sistem Denetleme Noktası
RP24: 09.04.2012 09:38:20 - Sistem Denetleme Noktası
RP25: 10.04.2012 11:15:49 - Sistem Denetleme Noktası
RP26: 11.04.2012 12:04:42 - Sistem Denetleme Noktası
RP27: 12.04.2012 12:31:19 - Sistem Denetleme Noktası
RP28: 13.04.2012 08:28:26 - Software Distribution Service 3.0
RP29: 14.04.2012 07:24:45 - Geri Yükleme İşlemi
RP30: 14.04.2012 07:28:24 - Software Distribution Service 3.0
RP31: 15.04.2012 13:46:38 - Software Distribution Service 3.0
RP32: 16.04.2012 16:02:26 - Sistem Denetleme Noktası
RP33: 18.04.2012 11:34:36 - Sistem Denetleme Noktası
RP34: 19.04.2012 12:15:03 - Sistem Denetleme Noktası
RP35: 19.04.2012 17:20:01 - Geri Yükleme İşlemi
RP36: 19.04.2012 17:27:16 - Geri Yükleme İşlemi
RP37: 19.04.2012 17:31:24 - Geri Yükleme İşlemi
RP38: 19.04.2012 17:37:24 - Geri Yükleme İşlemi
RP39: 20.04.2012 22:24:44 - Sistem Denetleme Noktası
RP40: 22.04.2012 15:24:20 - Sistem Denetleme Noktası
RP41: 23.04.2012 18:09:48 - Sistem Denetleme Noktası
RP42: 25.04.2012 14:46:06 - Sistem Denetleme Noktası
RP43: 26.04.2012 17:16:57 - Geri Yükleme İşlemi
RP44: 26.04.2012 17:40:29 - ARO 2012 - Before Installation
RP45: 26.04.2012 17:40:54 - ARO 2012 - FIRST RUN
.
==== Installed Programs ======================
.
.
Adobe Acrobat 5.0
Adobe Bridge 1.0
Adobe Common File Installer
Adobe Flash Player 10 ActiveX
Adobe Flash Player 11 Plugin
Adobe Help Center 1.0
Adobe Photoshop CS2
Adobe Reader 6.0
Adobe Stock Photos 1.0
Avira Free Antivirus
Combined Community Codec Pack 2011-11-11
Crazy Taxi 1.1.0
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
DVD Solution
Enable S3 for USB Device
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows XP (KB954550-v5)
hp deskjet 3500 series
HP LaserJet Professional M1130-M1210 MFP Series
HP LaserJet Professional M1210 MFP Series Fax Installer
Internet Explorer için Yandex.Bar 6.0
Java(TM) 6 Update 11
LimeWire 5.2.8
Malwarebytes Anti-Malware 1.61.0.1400 sürümü
Marvell Miniport Driver
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 İstemci Profili TRK Dil Paketi
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Client Profile TRK Language Pack
Microsoft .NET Framework 4 Extended
Microsoft .NET Framework 4 Extended TRK Language Pack
Microsoft .NET Framework 4 Genişletilmiş TRK Dil Paketi
Microsoft Application Error Reporting
Microsoft Choice Guard
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
Microsoft National Language Support Downlevel APIs
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office Access MUI (Turkish) 2010
Microsoft Office Excel MUI (Turkish) 2010
Microsoft Office Groove MUI (Turkish) 2010
Microsoft Office InfoPath MUI (Turkish) 2010
Microsoft Office OneNote MUI (Turkish) 2010
Microsoft Office Outlook MUI (Turkish) 2010
Microsoft Office PowerPoint MUI (Turkish) 2010
Microsoft Office Professional Plus 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (German) 2010
Microsoft Office Proof (Turkish) 2010
Microsoft Office Proofing (Turkish) 2010
Microsoft Office Publisher MUI (Turkish) 2010
Microsoft Office Shared MUI (Turkish) 2010
Microsoft Office Word MUI (Turkish) 2010
Microsoft Software Update for Web Folders (Turkish) 14
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Microsoft Windows (KB2564958) için Güvenlik Güncelleştirmesi
MSVC80_x86_v2
MSVC90_x86
MSVCRT
MyFreeCodec
Nero OEM
Nokia Connectivity Cable Driver
OGA Notifier 2.0.0048.0
Opera 11.62
Ovi Desktop Sync Engine
OviMPlatform
PC Connectivity Solution
Picasa 2
PowerDVD
PowerProducer
Realtek AC'97 Audio
Scan To
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Microsoft .NET Framework 4 İstemci Profili TRK Dil Paketi (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Security Update for Microsoft Office 2010 (KB2553091)
Security Update for Microsoft Office 2010 (KB2553096)
Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2598039) 32-Bit Edition
Security Update for Microsoft PowerPoint 2010 (KB2553185) 32-Bit Edition
Security Update for Microsoft SharePoint Workspace 2010 (KB2566445)
Security Update for Microsoft Visio Viewer 2010 (KB2597170) 32-Bit Edition
Segoe UI
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Excel 2010 (KB2553439) 32-Bit Edition
Update for Microsoft Office 2010 (KB2494150)
Update for Microsoft Office 2010 (KB2553065)
Update for Microsoft Office 2010 (KB2553092)
Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553385) 32-Bit Edition
Update for Microsoft Office 2010 (KB2566458)
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition
Update for Microsoft Office 2010 (KB2597091) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2553248) 32-Bit Edition
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition
WEB Partner
WebFldrs XP
Winamp
Winamp Toolbar
Windows Internet Explorer 7
Windows Internet Explorer 7 için Güncelleştirme (KB980182)
Windows Internet Explorer 7 için Güvenlik Güncelleştirmesi (KB2183461)
Windows Internet Explorer 7 için Güvenlik Güncelleştirmesi (KB2544521)
Windows Internet Explorer 7 için Güvenlik Güncelleştirmesi (KB2647516)
Windows Internet Explorer 7 için Güvenlik Güncelleştirmesi (KB2675157)
Windows Internet Explorer 7 için Güvenlik Güncelleştirmesi (KB938127-v2)
Windows Internet Explorer 7 için Güvenlik Güncelleştirmesi (KB976325)
Windows Internet Explorer 7 için Güvenlik Güncelleştirmesi (KB978207)
Windows Internet Explorer 7 için Güvenlik Güncelleştirmesi (KB982381)
Windows Live Call
Windows Live Communications Platform
Windows Live Karşıya Yükleme Aracı
Windows Live Messenger
Windows Live Oturum Açma Yardımcısı
Windows Live Temel Parçalar
Windows Media Format 11 runtime
Windows Media Player (KB2378111) için Güvenlik Güncelleştirmesi
Windows Media Player (KB952069) için Güvenlik Güncelleştirmesi
Windows Media Player (KB954155) için Güvenlik Güncelleştirmesi
Windows Media Player (KB968816) için Güvenlik Güncelleştirmesi
Windows Media Player (KB973540) için Güvenlik Güncelleştirmesi
Windows Media Player (KB975558) için Güvenlik Güncelleştirmesi
Windows Media Player (KB978695) için Güvenlik Güncelleştirmesi
Windows Media Player (KB979402) için Güvenlik Güncelleştirmesi
Windows Sürücü Paketi - Nokia pccsmcfd (08/22/2008 7.0.0.0)
Windows XP (KB941569) için Güvenlik Güncelleştirmesi
Windows XP için Düzeltme (KB2633952)
Windows XP için Düzeltme (KB952287)
Windows XP için Düzeltme (KB961118)
Windows XP için Düzeltme (KB970653-v3)
Windows XP için Düzeltme (KB976098-v2)
Windows XP için Düzeltme (KB979306)
Windows XP için Düzeltme (KB981793)
Windows XP için Güncelleştirme (KB2141007)
Windows XP için Güncelleştirme (KB2345886)
Windows XP için Güncelleştirme (KB2641690)
Windows XP için Güncelleştirme (KB951978)
Windows XP için Güncelleştirme (KB955759)
Windows XP için Güncelleştirme (KB955839)
Windows XP için Güncelleştirme (KB961503)
Windows XP için Güncelleştirme (KB967715)
Windows XP için Güncelleştirme (KB968389)
Windows XP için Güncelleştirme (KB971029)
Windows XP için Güncelleştirme (KB971737)
Windows XP için Güncelleştirme (KB973687)
Windows XP için Güncelleştirme (KB973815)
Windows XP için Güncelleştirme (KB976749)
Windows XP için Güvenlik Güncelleştirmesi (KB2079403)
Windows XP için Güvenlik Güncelleştirmesi (KB2115168)
Windows XP için Güvenlik Güncelleştirmesi (KB2121546)
Windows XP için Güvenlik Güncelleştirmesi (KB2160329)
Windows XP için Güvenlik Güncelleştirmesi (KB2229593)
Windows XP için Güvenlik Güncelleştirmesi (KB2259922)
Windows XP için Güvenlik Güncelleştirmesi (KB2286198)
Windows XP için Güvenlik Güncelleştirmesi (KB2296011)
Windows XP için Güvenlik Güncelleştirmesi (KB2347290)
Windows XP için Güvenlik Güncelleştirmesi (KB2360937)
Windows XP için Güvenlik Güncelleştirmesi (KB2387149)
Windows XP için Güvenlik Güncelleştirmesi (KB2393802)
Windows XP için Güvenlik Güncelleştirmesi (KB2412687)
Windows XP için Güvenlik Güncelleştirmesi (KB2419632)
Windows XP için Güvenlik Güncelleştirmesi (KB2423089)
Windows XP için Güvenlik Güncelleştirmesi (KB2440591)
Windows XP için Güvenlik Güncelleştirmesi (KB2443105)
Windows XP için Güvenlik Güncelleştirmesi (KB2476490)
Windows XP için Güvenlik Güncelleştirmesi (KB2478960)
Windows XP için Güvenlik Güncelleştirmesi (KB2478971)
Windows XP için Güvenlik Güncelleştirmesi (KB2479943)
Windows XP için Güvenlik Güncelleştirmesi (KB2481109)
Windows XP için Güvenlik Güncelleştirmesi (KB2483185)
Windows XP için Güvenlik Güncelleştirmesi (KB2485663)
Windows XP için Güvenlik Güncelleştirmesi (KB2491683)
Windows XP için Güvenlik Güncelleştirmesi (KB2506212)
Windows XP için Güvenlik Güncelleştirmesi (KB2507618)
Windows XP için Güvenlik Güncelleştirmesi (KB2507938)
Windows XP için Güvenlik Güncelleştirmesi (KB2508429)
Windows XP için Güvenlik Güncelleştirmesi (KB2509553)
Windows XP için Güvenlik Güncelleştirmesi (KB2510581)
Windows XP için Güvenlik Güncelleştirmesi (KB2535512)
Windows XP için Güvenlik Güncelleştirmesi (KB2536276-v2)
Windows XP için Güvenlik Güncelleştirmesi (KB2544893-v2)
Windows XP için Güvenlik Güncelleştirmesi (KB2566454)
Windows XP için Güvenlik Güncelleştirmesi (KB2570222)
Windows XP için Güvenlik Güncelleştirmesi (KB2570947)
Windows XP için Güvenlik Güncelleştirmesi (KB2584146)
Windows XP için Güvenlik Güncelleştirmesi (KB2585542)
Windows XP için Güvenlik Güncelleştirmesi (KB2592799)
Windows XP için Güvenlik Güncelleştirmesi (KB2598479)
Windows XP için Güvenlik Güncelleştirmesi (KB2603381)
Windows XP için Güvenlik Güncelleştirmesi (KB2618451)
Windows XP için Güvenlik Güncelleştirmesi (KB2619339)
Windows XP için Güvenlik Güncelleştirmesi (KB2620712)
Windows XP için Güvenlik Güncelleştirmesi (KB2621440)
Windows XP için Güvenlik Güncelleştirmesi (KB2624667)
Windows XP için Güvenlik Güncelleştirmesi (KB2631813)
Windows XP için Güvenlik Güncelleştirmesi (KB2633171)
Windows XP için Güvenlik Güncelleştirmesi (KB2641653)
Windows XP için Güvenlik Güncelleştirmesi (KB2646524)
Windows XP için Güvenlik Güncelleştirmesi (KB2647518)
Windows XP için Güvenlik Güncelleştirmesi (KB2653956)
Windows XP için Güvenlik Güncelleştirmesi (KB2660465)
Windows XP için Güvenlik Güncelleştirmesi (KB2661637)
Windows XP için Güvenlik Güncelleştirmesi (KB923561)
Windows XP için Güvenlik Güncelleştirmesi (KB923789)
Windows XP için Güvenlik Güncelleştirmesi (KB938464-v2)
Windows XP için Güvenlik Güncelleştirmesi (KB946648)
Windows XP için Güvenlik Güncelleştirmesi (KB950760)
Windows XP için Güvenlik Güncelleştirmesi (KB950762)
Windows XP için Güvenlik Güncelleştirmesi (KB950974)
Windows XP için Güvenlik Güncelleştirmesi (KB951066)
Windows XP için Güvenlik Güncelleştirmesi (KB951376-v2)
Windows XP için Güvenlik Güncelleştirmesi (KB951748)
Windows XP için Güvenlik Güncelleştirmesi (KB952004)
Windows XP için Güvenlik Güncelleştirmesi (KB952954)
Windows XP için Güvenlik Güncelleştirmesi (KB954459)
Windows XP için Güvenlik Güncelleştirmesi (KB954600)
Windows XP için Güvenlik Güncelleştirmesi (KB955069)
Windows XP için Güvenlik Güncelleştirmesi (KB956572)
Windows XP için Güvenlik Güncelleştirmesi (KB956744)
Windows XP için Güvenlik Güncelleştirmesi (KB956802)
Windows XP için Güvenlik Güncelleştirmesi (KB956803)
Windows XP için Güvenlik Güncelleştirmesi (KB956844)
Windows XP için Güvenlik Güncelleştirmesi (KB957097)
Windows XP için Güvenlik Güncelleştirmesi (KB958644)
Windows XP için Güvenlik Güncelleştirmesi (KB958687)
Windows XP için Güvenlik Güncelleştirmesi (KB958869)
Windows XP için Güvenlik Güncelleştirmesi (KB959426)
Windows XP için Güvenlik Güncelleştirmesi (KB960225)
Windows XP için Güvenlik Güncelleştirmesi (KB960803)
Windows XP için Güvenlik Güncelleştirmesi (KB960859)
Windows XP için Güvenlik Güncelleştirmesi (KB961371)
Windows XP için Güvenlik Güncelleştirmesi (KB961373)
Windows XP için Güvenlik Güncelleştirmesi (KB961501)
Windows XP için Güvenlik Güncelleştirmesi (KB968537)
Windows XP için Güvenlik Güncelleştirmesi (KB969059)
Windows XP için Güvenlik Güncelleştirmesi (KB969897)
Windows XP için Güvenlik Güncelleştirmesi (KB969898)
Windows XP için Güvenlik Güncelleştirmesi (KB969947)
Windows XP için Güvenlik Güncelleştirmesi (KB970238)
Windows XP için Güvenlik Güncelleştirmesi (KB970430)
Windows XP için Güvenlik Güncelleştirmesi (KB971468)
Windows XP için Güvenlik Güncelleştirmesi (KB971486)
Windows XP için Güvenlik Güncelleştirmesi (KB971557)
Windows XP için Güvenlik Güncelleştirmesi (KB971633)
Windows XP için Güvenlik Güncelleştirmesi (KB971657)
Windows XP için Güvenlik Güncelleştirmesi (KB971961)
Windows XP için Güvenlik Güncelleştirmesi (KB972260)
Windows XP için Güvenlik Güncelleştirmesi (KB972270)
Windows XP için Güvenlik Güncelleştirmesi (KB973346)
Windows XP için Güvenlik Güncelleştirmesi (KB973354)
Windows XP için Güvenlik Güncelleştirmesi (KB973507)
Windows XP için Güvenlik Güncelleştirmesi (KB973525)
Windows XP için Güvenlik Güncelleştirmesi (KB973869)
Windows XP için Güvenlik Güncelleştirmesi (KB973904)
Windows XP için Güvenlik Güncelleştirmesi (KB974112)
Windows XP için Güvenlik Güncelleştirmesi (KB974318)
Windows XP için Güvenlik Güncelleştirmesi (KB974392)
Windows XP için Güvenlik Güncelleştirmesi (KB974455)
Windows XP için Güvenlik Güncelleştirmesi (KB974571)
Windows XP için Güvenlik Güncelleştirmesi (KB975025)
Windows XP için Güvenlik Güncelleştirmesi (KB975467)
Windows XP için Güvenlik Güncelleştirmesi (KB975560)
Windows XP için Güvenlik Güncelleştirmesi (KB975561)
Windows XP için Güvenlik Güncelleştirmesi (KB975562)
Windows XP için Güvenlik Güncelleştirmesi (KB975713)
Windows XP için Güvenlik Güncelleştirmesi (KB977165)
Windows XP için Güvenlik Güncelleştirmesi (KB977816)
Windows XP için Güvenlik Güncelleştirmesi (KB977914)
Windows XP için Güvenlik Güncelleştirmesi (KB978037)
Windows XP için Güvenlik Güncelleştirmesi (KB978251)
Windows XP için Güvenlik Güncelleştirmesi (KB978262)
Windows XP için Güvenlik Güncelleştirmesi (KB978338)
Windows XP için Güvenlik Güncelleştirmesi (KB978542)
Windows XP için Güvenlik Güncelleştirmesi (KB978601)
Windows XP için Güvenlik Güncelleştirmesi (KB978706)
Windows XP için Güvenlik Güncelleştirmesi (KB979309)
Windows XP için Güvenlik Güncelleştirmesi (KB979482)
Windows XP için Güvenlik Güncelleştirmesi (KB979559)
Windows XP için Güvenlik Güncelleştirmesi (KB979683)
Windows XP için Güvenlik Güncelleştirmesi (KB979687)
Windows XP için Güvenlik Güncelleştirmesi (KB980195)
Windows XP için Güvenlik Güncelleştirmesi (KB980218)
Windows XP için Güvenlik Güncelleştirmesi (KB980232)
Windows XP için Güvenlik Güncelleştirmesi (KB980436)
Windows XP için Güvenlik Güncelleştirmesi (KB981322)
Windows XP için Güvenlik Güncelleştirmesi (KB981349)
Windows XP için Güvenlik Güncelleştirmesi (KB981852)
Windows XP için Güvenlik Güncelleştirmesi (KB981997)
Windows XP için Güvenlik Güncelleştirmesi (KB982132)
Windows XP için Güvenlik Güncelleştirmesi (KB982214)
Windows XP için Güvenlik Güncelleştirmesi (KB982665)
Windows XP için Güvenlik Güncelleştirmesi (KB982802)
Windows XP Service Pack 3
WinRAR arşiv yöneticisi
.
==== End Of File ===========================

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_11
Run by Mesut ÜK at 22:25:04 on 2012-04-26
Microsoft Windows XP Professional 5.1.2600.3.1254.90.1055.18.1023.572 [GMT 3:00]
.
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\HP\HP LaserJet M1210 MFP Series\ReceiveFaxUtility.exe
C:\WINDOWS\system32\HPSIsvc.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\Program Files\Opera\opera.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uDefault_Search_URL = hxxp://www.google.com/ie
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mStart Page = hxxp://www.arahemen.com
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
uURLSearchHooks: Winamp Search Class: {57bca5fa-5dbb-45a2-b558-1755c3f6253b} - c:\program files\winamp toolbar\winamptb.dll
mURLSearchHooks: Winamp Search Class: {57bca5fa-5dbb-45a2-b558-1755c3f6253b} - c:\program files\winamp toolbar\winamptb.dll
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 5.0\reader\activex\AcroIEHelper.ocx
BHO: Winamp Toolbar Loader: {25cee8ec-5730-41bc-8b58-22ddc8ab8c20} - c:\program files\winamp toolbar\winamptb.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\micros~2\office14\GROOVEEX.DLL
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Windows Live Oturum Açma Yardım Aracı: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - c:\progra~1\micros~2\office14\URLREDIR.DLL
BHO: Yer imleri: {c93f72a2-2162-4bba-a07a-f13663c297a6} - c:\program files\yandex\yandexbarie\fastdial.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Winamp Toolbar: {ebf2ba02-9094-4c5a-858b-bb198f3d8de2} - c:\program files\winamp toolbar\winamptb.dll
TB: Yandex.Bar: {91397d20-1446-11d4-8af4-0040ca1127b6} - c:\program files\yandex\yandexbarie\yndbar.dll
uRun: [CTFMON.EXE] c:\windows\system32\ctfmon.exe
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [KiesTrayAgent] c:\program files\samsung\kies\/\KiesTrayAgent.exe
uRun: [Mobile Partner] c:\program files\web partner\WEB Partner
mRun: [NeroFilterCheck] c:\windows\system32\NeroCheck.exe
mRun: [NokiaMServer] c:\program files\common files\nokia\mplatform\NokiaMServer /watchfiles startup
mRun: [BCSSync] "c:\program files\microsoft office\office14\BCSSync.exe" /DelayServices
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
mRunOnce: [Malwarebytes Anti-Malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
StartupFolder: c:\docume~1\mesutk~1\startm~1\progra~1\balang~1\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
IE: &Winamp Search - c:\documents and settings\all users\application data\winamp toolbar\ietoolbar\resources\en-us\local\search.html
IE: Microsoft Excel'e &Ver - c:\progra~1\micros~2\office14\EXCEL.EXE/3000
IE: Microsoft Excel'e Gö&nder - c:\progra~1\micros~2\office10\EXCEL.EXE/3000
IE: OneNote'a G&önder - c:\progra~1\micros~2\office14\ONBttnIE.dll/105
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
TCP: Interfaces\{41A994F1-5EF9-476F-82DB-311B9D412ED3} : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{A66D0EDC-CBEA-4EE9-9380-CCE6E9BA5DE6} : NameServer = 208.67.222.222,208.67.220.220
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\micros~2\office14\GROOVEEX.DLL
.
============= SERVICES / DRIVERS ===============
.
R1 avkmgr;avkmgr;c:\windows\system32\drivers\avkmgr.sys [2012-4-26 36000]
R2 AntiVirSchedulerService;Avira Zamanlayıcı;c:\program files\avira\antivir desktop\sched.exe [2012-4-26 86224]
R2 AntiVirService;Avira Realtime Protection;c:\program files\avira\antivir desktop\avguard.exe [2012-4-26 110032]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2012-4-26 74640]
R2 HPM1210RcvFaxSrvc;HP LaserJet Professional M1210 MFP Series Receive Fax Service;c:\program files\hp\hp laserjet m1210 mfp series\ReceiveFaxUtility.exe [2009-11-18 245760]
R2 HPSIService;HP SI Service;c:\windows\system32\HPSIsvc.exe [2012-3-27 99896]
R3 huawei_enumerator;huawei_enumerator;c:\windows\system32\drivers\ew_jubusenum.sys [2012-3-8 70656]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 dgderdrv;dgderdrv;c:\windows\system32\drivers\dgderdrv.sys --> c:\windows\system32\drivers\dgderdrv.sys [?]
S3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;c:\windows\system32\drivers\ew_hwusbdev.sys [2012-3-8 101504]
S3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\drivers\ewusbnet.sys [2012-3-8 117504]
S3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.Sys [2010-8-21 36640]
S3 HP1210FAX;HP1210MFP FAX;c:\windows\system32\drivers\HPM1210FAX.sys [2012-3-27 13824]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\microsoft office\office14\GROOVE.EXE [2011-6-12 31125880]
S3 mvusbews;USB EWS Device;c:\windows\system32\drivers\mvusbews.sys [2012-3-27 17408]
S3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2010-1-9 4640000]
S3 RTL8187B;Realtek RTL8187B Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\drivers\RTL8187B.sys [2012-2-16 341376]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
.
=============== Created Last 30 ================
.
2012-04-26 16:50:58 302592 ----a-w- c:\program files\5fq7mpmt.exe
2012-04-26 15:13:24 -------- d-----w- c:\documents and settings\mesut ük\application data\Malwarebytes
2012-04-26 15:13:17 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes
2012-04-26 15:13:16 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-04-26 15:13:16 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-04-26 15:00:49 -------- d-----w- c:\documents and settings\mesut ük\application data\Avira
2012-04-26 14:54:54 74640 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2012-04-26 14:54:54 36000 ----a-w- c:\windows\system32\drivers\avkmgr.sys
2012-04-26 14:54:53 -------- d-----w- c:\program files\Avira
2012-04-26 14:54:53 -------- d-----w- c:\documents and settings\all users\application data\Avira
2012-04-26 14:40:30 -------- d-----w- c:\program files\ARO 2012
2012-04-14 04:25:52 -------- d-----w- c:\windows\system32\wbem\repository\FS
2012-04-14 04:25:52 -------- d-----w- c:\windows\system32\wbem\Repository
2012-04-09 08:12:02 -------- d-----w- c:\documents and settings\all users\application data\Tarma Installer
2012-04-09 08:11:30 -------- d-----w- c:\program files\SweetIM
2012-04-09 08:11:30 -------- d-----w- c:\documents and settings\all users\application data\SweetIM
2012-04-09 08:10:51 -------- d-----w- c:\program files\fbphotozoom
2012-04-09 08:10:31 -------- d-----w- c:\program files\1ClickDownload
2012-03-27 19:41:33 -------- d-sh--w- c:\windows\ftpcache
2012-03-27 19:40:31 99896 ----a-w- c:\windows\system32\HPSIsvc.exe
2012-03-27 19:37:56 316416 ----a-r- c:\windows\system32\Difxapi.dll
2012-03-27 19:37:56 284160 ----a-w- c:\windows\system32\mvhlewsi.dll
2012-03-27 19:37:56 -------- d-----w- c:\program files\HP
.
==================== Find3M ====================
.
2012-03-03 22:01:51 88576 --sha-r- c:\windows\system32\eapp3hst6.dll
2012-03-01 01:15:14 832512 ----a-w- c:\windows\system32\wininet.dll
2012-03-01 01:15:13 1830912 ------w- c:\windows\system32\inetcpl.cpl
2012-03-01 01:15:12 78336 ----a-w- c:\windows\system32\ieencode.dll
2012-03-01 01:15:12 17408 ----a-w- c:\windows\system32\corpol.dll
2012-02-29 14:10:26 177664 ----a-w- c:\windows\system32\wintrust.dll
2012-02-29 14:10:26 148480 ----a-w- c:\windows\system32\imagehlp.dll
2012-02-22 17:26:46 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-02-14 09:09:44 1070352 ----a-w- c:\windows\system32\MSCOMCTL.OCX
2012-02-03 09:57:55 1860096 ----a-w- c:\windows\system32\win32k.sys
2004-03-11 10:27:22 40960 ----a-w- c:\program files\Uninstall_CDS.exe
.
============= FINISH: 22:25:37,46 ===============
 
Welcome aboard
yahooo.gif


Please, observe following rules:
  • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
  • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
  • Please refrain from running tools or applying updates other than those I suggest.
  • Never run more than one scan at a time.
  • Keep updating me regarding your computer behavior, good, or bad.
  • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
  • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
  • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

======================================================================

Download aswMBR to your desktop.
Double click the aswMBR.exe to run it.
If you see this question: Would you like to download latest Avast! virus definitions?" say "Yes".
Click the "Scan" button to start scan.
On completion of the scan click "Save log", save it to your desktop and post in your next reply.

NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.

=======================================================================

Download Bootkit Remover to your desktop.

  • Unzip downloaded file to your Desktop.
  • Double-click on boot_cleaner.exe to run the program (Vista/7 users,right click on boot_cleaner.exe and click Run As Administrator).
  • It will show a Black screen with some data on it.
  • Right click on the screen and click Select All.
  • Press CTRL+C
  • Open a Notepad and press CTRL+V
  • Post the output back here.
 
aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-04-26 23:33:16
-----------------------------
23:33:16.062 OS Version: Windows 5.1.2600 Service Pack 3
23:33:16.062 Number of processors: 2 586 0x304
23:33:16.062 ComputerName: MESUT-9DD1D88C9 UserName: Mesut ÜK
23:33:16.343 Initialize success
23:38:13.656 AVAST engine defs: 12042601
23:38:23.515 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-17
23:38:23.515 Disk 0 Vendor: ST3160827AS 3.42 Size: 152624MB BusType: 3
23:38:23.531 Disk 0 MBR read successfully
23:38:23.531 Disk 0 MBR scan
23:38:23.578 Disk 0 Windows XP default MBR code
23:38:23.578 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 39997 MB offset 63
23:38:23.609 Disk 0 Partition - 00 0F Extended LBA 112611 MB offset 81915435
23:38:23.640 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 112611 MB offset 81915498
23:38:23.656 Disk 0 scanning sectors +312544575
23:38:23.796 Disk 0 scanning C:\WINDOWS\system32\drivers
23:38:50.500 Service scanning
23:39:10.125 Modules scanning
23:39:30.812 Disk 0 trace - called modules:
23:39:30.828 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS
23:39:30.828 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86770ab8]
23:39:30.828 3 CLASSPNP.SYS[f786efd7] -> nt!IofCallDriver -> \Device\00000060[0x867c5970]
23:39:30.843 5 ACPI.sys[f77e5620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP1T0L0-17[0x8677b940]
23:39:30.968 AVAST engine scan C:\WINDOWS
23:39:51.093 AVAST engine scan C:\WINDOWS\system32
23:41:44.703 File: C:\WINDOWS\system32\eapp3hst6.dll **INFECTED** Win32:Diller-CK [Trj]
23:54:00.328 AVAST engine scan C:\WINDOWS\system32\drivers
23:55:23.984 AVAST engine scan C:\Documents and Settings\Mesut ÜK
00:06:48.609 AVAST engine scan C:\Documents and Settings\All Users
00:08:50.171 Scan finished successfully
00:24:50.453 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Mesut ÜK\Desktop\MBR.dat"
00:24:50.453 The log file has been saved successfully to "C:\Documents and Settings\Mesut ÜK\Desktop\aswMBR.txt"



Bootkit Remover
(c) 2009 Esage Lab
www.esagelab.com

Program version: 1.2.0.1
OS Version: Microsoft Windows XP Professional Service Pack 3 (build 2600)

System volume is \\.\C:
\\.\C: -> \\.\PhysicalDrive0 at offset 0x00000000`00007e00
Boot sector MD5 is: 8487dbc556ec759e457711b301eb1e4e

Size Device Name MBR Status
--------------------------------------------
149 GB \\.\PhysicalDrive0 Unknown boot code

Unknown boot code has been found on some of your physical disks.
To inspect the boot code manually, dump the master boot sector:
remover.exe dump <device_name> [output_file]
To disinfect the master boot sector, use the following command:
remover.exe fix <device_name>


Done;
Press any key to quit...
 
Please download ComboFix from Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
  • Never rename Combofix unless instructed.
  • Close any open browsers.
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
  • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
  • Close any open browsers.
  • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
  • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
  • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
  • Double click on combofix.exe & follow the prompts.

  • NOTE1. If Combofix asks you to install Recovery Console, please allow it.
    NOTE 2. If Combofix asks you to update the program, always do so.
  • When finished, it will produce a report for you.
  • Please post the "C:\ComboFix.txt"
**Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
**Note 2 for AVG and CA Internet Security users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
Use AppRemover to uninstall it: https://www.techspot.com/downloads/5514-appremover.html
We can reinstall it when we're done with CF.
**Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.
**Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.


Make sure, you re-enable your security programs, when you're done with Combofix.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

NOTE.
If, for some reason, Combofix refuses to run, try one of the following:

1. Run Combofix from Safe Mode.

2. Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
Do NOT run it yet.
Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.
There are 4 different versions. If one of them won't run then download and try to run the other one.
Vista and Win7 users need to right click Rkill and choose Run as Administrator
You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

* Rkill.com
* Rkill.scr
* Rkill.exe
  • Double-click on the Rkill icon to run the tool.
  • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
  • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
  • If not, delete the file, then download and use the one provided in Link 2.
  • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
  • Do not reboot until instructed.
  • If the tool does not run from any of the links provided, please let me know.
Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

If normal mode still doesn't work, run BOTH tools from safe mode.

In case #2, please post BOTH logs, rKill and Combofix.

DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
 
ComboFix 12-04-27.01 - Mesut ÜK 27.04.2012 8:54.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1254.90.1055.18.1023.608 [GMT 3:00]
Running from: d:\program\ComboFix.exe
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\system32\SET7.tmp
c:\windows\system32\SET8.tmp
c:\windows\system32\SET9.tmp
c:\windows\system32\SETA.tmp
.
.
((((((((((((((((((((((((( Files Created from 2012-03-27 to 2012-04-27 )))))))))))))))))))))))))))))))
.
.
2012-04-26 16:50 . 2012-04-26 16:50 302592 ----a-w- c:\program files\5fq7mpmt.exe
2012-04-26 15:13 . 2012-04-26 15:13 -------- d-----w- c:\documents and settings\Mesut ÜK\Application Data\Malwarebytes
2012-04-26 15:13 . 2012-04-26 15:13 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2012-04-26 15:13 . 2012-04-26 15:13 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-04-26 15:13 . 2012-04-04 12:56 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-04-26 15:00 . 2012-04-26 15:00 -------- d-----w- c:\documents and settings\Mesut ÜK\Application Data\Avira
2012-04-26 14:54 . 2012-02-03 12:30 74640 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2012-04-26 14:54 . 2012-02-03 12:30 36000 ----a-w- c:\windows\system32\drivers\avkmgr.sys
2012-04-26 14:54 . 2012-02-03 12:30 137416 ----a-w- c:\windows\system32\drivers\avipbb.sys
2012-04-26 14:54 . 2012-04-26 14:54 -------- d-----w- c:\program files\Avira
2012-04-26 14:54 . 2012-04-26 14:54 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira
2012-04-26 14:40 . 2012-04-26 15:05 -------- d-----w- c:\program files\ARO 2012
2012-04-14 04:25 . 2012-04-14 04:25 -------- d-----w- c:\windows\system32\wbem\Repository
2012-04-09 08:12 . 2012-04-09 08:12 -------- d-----w- c:\documents and settings\All Users\Application Data\Tarma Installer
2012-04-09 08:11 . 2012-04-09 08:11 -------- d-----w- c:\program files\SweetIM
2012-04-09 08:11 . 2012-04-09 08:11 -------- d-----w- c:\documents and settings\All Users\Application Data\SweetIM
2012-04-09 08:10 . 2012-04-09 08:10 -------- d-----w- c:\program files\fbphotozoom
2012-04-09 08:10 . 2012-04-14 04:25 -------- d-----w- c:\program files\1ClickDownload
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-03-01 01:15 . 2004-08-03 21:45 832512 ----a-w- c:\windows\system32\wininet.dll
2012-03-01 01:15 . 2004-08-03 21:45 1830912 ------w- c:\windows\system32\inetcpl.cpl
2012-03-01 01:15 . 2004-08-03 21:45 78336 ----a-w- c:\windows\system32\ieencode.dll
2012-03-01 01:15 . 2004-08-03 21:45 17408 ----a-w- c:\windows\system32\corpol.dll
2012-02-29 14:10 . 2004-08-03 21:45 177664 ----a-w- c:\windows\system32\wintrust.dll
2012-02-29 14:10 . 2004-08-03 21:45 148480 ----a-w- c:\windows\system32\imagehlp.dll
2012-02-22 17:26 . 2012-02-22 17:26 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-02-14 09:09 . 2012-02-14 09:09 1070352 ----a-w- c:\windows\system32\MSCOMCTL.OCX
2012-02-03 09:57 . 2004-08-03 21:38 1860096 ----a-w- c:\windows\system32\win32k.sys
2004-03-11 10:27 . 2009-07-01 21:15 40960 ----a-w- c:\program files\Uninstall_CDS.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{57BCA5FA-5DBB-45a2-B558-1755C3F6253B}"= "c:\program files\Winamp Toolbar\winamptb.dll" [2009-05-06 1262888]
.
[HKEY_CLASSES_ROOT\clsid\{57bca5fa-5dbb-45a2-b558-1755c3f6253b}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLTBSearch.1]
[HKEY_CLASSES_ROOT\TypeLib\{538CD77C-BFDD-49b0-9562-77419CAB89D1}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLTBSearch]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{91397D20-1446-11D4-8AF4-0040CA1127B6}"= "c:\program files\Yandex\YandexBarIE\yndbar.dll" [2011-11-25 12361016]
.
[HKEY_CLASSES_ROOT\clsid\{91397d20-1446-11d4-8af4-0040ca1127b6}]
[HKEY_CLASSES_ROOT\Yandex.Toolbar.1]
[HKEY_CLASSES_ROOT\TypeLib\{91397D13-1446-11D4-8AF4-0040CA1127B6}]
[HKEY_CLASSES_ROOT\Yandex.Toolbar]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Mobile Partner"="c:\program files\WEB Partner\WEB Partner" [X]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NokiaMServer"="c:\program files\Common Files\Nokia\MPlatform\NokiaMServer" [X]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2012-02-03 258512]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
c:\documents and settings\Mesut ÜK\Start Menu\Programlar\Başlangıç\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office14\\ONENOTE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office14\\OUTLOOK.EXE"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\Program Files\\Microsoft Office\\Office14\\GROOVE.EXE"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"2565:TCP"= 2565:TCP:Windows Core Service
.
R1 avkmgr;avkmgr;c:\windows\system32\drivers\avkmgr.sys [26.04.2012 17:54 36000]
R2 AntiVirSchedulerService;Avira Zamanlayıcı;c:\program files\Avira\AntiVir Desktop\sched.exe [26.04.2012 17:54 86224]
R2 HPM1210RcvFaxSrvc;HP LaserJet Professional M1210 MFP Series Receive Fax Service;c:\program files\HP\HP LaserJet M1210 MFP Series\ReceiveFaxUtility.exe [18.11.2009 11:18 245760]
R2 HPSIService;HP SI Service;c:\windows\system32\HPSIsvc.exe [27.03.2012 22:40 99896]
R3 huawei_enumerator;huawei_enumerator;c:\windows\system32\drivers\ew_jubusenum.sys [08.03.2012 10:32 70656]
R3 RTL8187B;Realtek RTL8187B Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\drivers\RTL8187B.sys [16.02.2012 16:17 341376]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [18.03.2010 14:16 130384]
S3 dgderdrv;dgderdrv;c:\windows\system32\drivers\dgderdrv.sys --> c:\windows\system32\drivers\dgderdrv.sys [?]
S3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;c:\windows\system32\drivers\ew_hwusbdev.sys [08.03.2012 10:32 101504]
S3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\drivers\ewusbnet.sys [08.03.2012 10:32 117504]
S3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.Sys [21.08.2010 14:20 36640]
S3 HP1210FAX;HP1210MFP FAX;c:\windows\system32\drivers\HPM1210FAX.sys [27.03.2012 22:39 13824]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [12.06.2011 12:15 31125880]
S3 mvusbews;USB EWS Device;c:\windows\system32\drivers\mvusbews.sys [27.03.2012 22:39 17408]
S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [09.01.2010 22:37 4640000]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [18.03.2010 14:16 753504]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - SSMDRV
.
Contents of the 'Scheduled Tasks' folder
.
2012-04-27 c:\windows\Tasks\AutoKMS.job
- c:\windows\AutoKMS\AutoKMS.exe [2012-03-16 08:14]
.
2012-04-27 c:\windows\Tasks\Bbnhzn.job
- c:\windows\system32\eapp3hst6.dll [2012-03-03 22:01]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://
uDefault_Search_URL = hxxp://www.google.com/ie
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mStart Page = hxxp://www.arahemen.com
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: &Winamp Search - c:\documents and settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
IE: Microsoft Excel'e &Ver - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: Microsoft Excel'e Gö&nder - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
IE: OneNote'a G&önder - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 192.168.1.1 192.168.1.1
TCP: Interfaces\{41A994F1-5EF9-476F-82DB-311B9D412ED3}: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{A66D0EDC-CBEA-4EE9-9380-CCE6E9BA5DE6}: NameServer = 208.67.222.222,208.67.220.220
.
- - - - ORPHANS REMOVED - - - -
.
HKCU-Run-KiesTrayAgent - c:\program files\Samsung\Kies\/\KiesTrayAgent.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-04-27 09:00
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
Completion time: 2012-04-27 09:02:24
ComboFix-quarantined-files.txt 2012-04-27 06:02
.
Pre-Run: 24.918.999.040 bayt boş
Post-Run: 25.616.216.064 bayt boş
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
.
- - End Of File - - 10F31EA4FDF1E8C0A64750D17755A35B
 
1. Please open Notepad (Start>All Programs>Accessories>Notepad).

2. Now copy/paste the entire content of the codebox below into the Notepad window:

Code: 
File::
c:\program files\5fq7mpmt.exe
c:\windows\Tasks\Bbnhzn.job
c:\windows\system32\eapp3hst6.dll

ClearJavaCache::


3. Save the above as CFScript.txt

4. Close/disable all anti virus and anti malware programs again, so they do not interfere with the running of ComboFix.

5. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

CFScript.gif



6. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:
  • Combofix.txt
 
Status
Not open for further replies.

Similar threads

wshknwntlprtmn
  • Locked
Inactive Not sure what's going on here....
Replies
12
Views
2K
Broni
Broni
L
Solved Unknown spyware/ Monitoring/ Hijacking of my devices
Replies
15
Views
3K
Broni
Broni
liltxkg
Inactive Cleanup Help - File Explorer Freezing
Replies
6
Views
2K
Broni
Broni

Latest posts

Back