HijackThis. Performans + Güvenlik! (Virüslerden kurtulun). 500.000+ (448. sayfa)

Logfile of Trend Micro HijackThis v2.0.2 
  Scan saved at 16:19:11, on 14.11.2009 
  Platform: Unknown Windows (WinNT 6.01.3504) 
  MSIE: Internet Explorer v8.00 (8.00.7600.16385) 
  Boot mode: Normal 
   
  Running processes: 
  C:\Windows\system32\taskhost.exe 
  C:\Windows\system32\Dwm.exe 
  C:\Windows\Explorer.EXE 
  C:\Program Files\Java\jre6\bin\jusched.exe 
  C:\Program Files\Windows Sidebar\sidebar.exe 
  C:\Program Files\Mozilla Firefox\firefox.exe 
  C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtblfs.exe 
  C:\Users\AsiYakar\Desktop\oyunlokali101(2).exe 
  C:\Users\AsiYakar\Desktop\HiJackThis.exe 
   
  R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =http://go.microsoft.com/fwlink/?LinkId=54896 
  R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank 
  R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =http://go.microsoft.com/fwlink/?LinkId=69157 
  R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =http://go.microsoft.com/fwlink/?LinkId=54896 
  R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =http://go.microsoft.com/fwlink/?LinkId=54896 
  R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank 
  R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =  
  R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =  
  R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =  
  R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =  
  R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local 
  R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =  
  O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\ievkbd.dll 
  O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) 
  O2 - BHO: Windows Live Oturum Açma Yardım Aracı - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll 
  O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll 
  O2 - BHO: link filter bho - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll 
  O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" 
  O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe" 
  O4 - HKLM\..\Run: [CircleVirtualCD] C:\Program Files\Circle\VirtualCD\HvcdUI.exe 
  O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE 
  O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun 
  O4 - HKCU\..\Run: [uTorrent] "D:\Program Files\torent\uTorrent.exe" 
  O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background 
  O8 - Extra context menu item: Açılır Pencere Engelleyicisine ekle - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\ie_banner_deny.htm 
  O9 - Extra button: &Virtual keyboard - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll 
  O9 - Extra button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll 
  O13 - Gopher Prefix:  
  O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) -http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab 
  O17 - HKLM\System\CCS\Services\Tcpip\..\{029CD298-C3FC-4C99-81F5-A835BF1BE16B}: NameServer = 208.67.222.222,208.67.220.220 
  O17 - HKLM\System\CS1\Services\Tcpip\..\{029CD298-C3FC-4C99-81F5-A835BF1BE16B}: NameServer = 208.67.222.222,208.67.220.220 
  O17 - HKLM\System\CS2\Services\Tcpip\..\{029CD298-C3FC-4C99-81F5-A835BF1BE16B}: NameServer = 208.67.222.222,208.67.220.220 
  O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll,C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll 
  O23 - Service: Eset Trial Reset (.EsetTrialReset) - Unknown owner - C:\WINDOWS\reset.exe 
  O23 - Service: Kaspersky Internet Security (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe 
  O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe 
   
  -- 
  End of file - 4391 bytes 
  

Logfile of Trend Micro HijackThis v2.0.2 
  Scan saved at 18:11:36, on 14.11.2009 
  Platform: Windows XP SP3 (WinNT 5.01.2600) 
  MSIE: Internet Explorer v8.00 (8.00.6001.18702) 
  Boot mode: Normal 
   
  Running processes: 
  C:\WINDOWS\System32\smss.exe 
  C:\WINDOWS\system32\winlogon.exe 
  C:\WINDOWS\system32\services.exe 
  C:\WINDOWS\system32\lsass.exe 
  C:\WINDOWS\system32\Ati2evxx.exe 
  C:\WINDOWS\system32\svchost.exe 
  C:\WINDOWS\System32\svchost.exe 
  C:\WINDOWS\system32\spoolsv.exe 
  C:\WINDOWS\system32\Ati2evxx.exe 
  C:\WINDOWS\Explorer.EXE 
  C:\WINDOWS\RTHDCPL.EXE 
  C:\Program Files\Winamp\winampa.exe 
  C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe 
  C:\Program Files\Java\jre6\bin\jusched.exe 
  C:\WINDOWS\system32\ctfmon.exe 
  C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe 
  C:\Documents and Settings\EmperoR\Local Settings\Application Data\Google\Update\1.2.183.13\GoogleCrashHandler.exe 
  C:\Program Files\Orbitdownloader\orbitdm.exe 
  C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe 
  C:\Program Files\4t Tray Minimizer\4t-min.exe 
  C:\Program Files\Orbitdownloader\orbitnet.exe 
  C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe 
  C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe 
  C:\Program Files\Gigabyte\EasySaver\ESSVR.EXE 
  C:\Program Files\Java\jre6\bin\jqs.exe 
  C:\Program Files\CDBurnerXP\NMSAccessU.exe 
  C:\WINDOWS\system32\PnkBstrA.exe 
  C:\WINDOWS\system32\wscntfy.exe 
  C:\WINDOWS\system32\wbem\wmiapsrv.exe 
  C:\WINDOWS\System32\svchost.exe 
  C:\Program Files\Steam\Steam.exe 
  C:\Program Files\Mozilla Firefox\firefox.exe 
  C:\Documents and Settings\EmperoR\Desktop\HiJackThis.exe 
   
  R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =http://search.localstrike.com.ar/ 
  R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =http://search.localstrike.com.ar/ 
  R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =http://search.localstrike.com.ar/ 
  R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =http://search.localstrike.com.ar/ 
  R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =http://search.localstrike.com.ar/ 
  R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =http://search.localstrike.com.ar/ 
  R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Bağlantılar 
  R3 - URLSearchHook: DeviceVM Url Search Hook - {0063BF63-BFFF-4B8F-9D26-4267DF7F17DD} - C:\WINDOWS\system32\dvmurl.dll 
  O1 - Hosts: 5.150.113.84 pes09pcgate-e.winning-eleven.net 
  O1 - Hosts: 5.150.113.84 pes2009web.winning-eleven.net 
  O1 - Hosts: 5.150.113.84 pes7stun-e.winning-eleven.net 
  O1 - Hosts: 5.150.113.84 pes09pcgate-e.winning-eleven.net 
  O1 - Hosts: 5.150.113.84 pes2009web.winning-eleven.net 
  O1 - Hosts: localhost pes7stun-e.winning-eleven.net 
  O1 - Hosts: 5.150.113.84 pes09pcgate-e.winning-eleven.net 
  O1 - Hosts: 5.150.113.84 pes2009web.winning-eleven.net 
  O1 - Hosts: localhost pes7stun-e.winning-eleven.net 
  O1 - Hosts: 5.150.113.84 pes09pcgate-e.winning-eleven.net 
  O1 - Hosts: 5.150.113.84 pes2009web.winning-eleven.net 
  O1 - Hosts: localhost pes7stun-e.winning-eleven.net 
  O1 - Hosts: 5.150.113.84 pes09pcgate-e.winning-eleven.net 
  O1 - Hosts: 5.150.113.84 pes2009web.winning-eleven.net 
  O1 - Hosts: localhost pes7stun-e.winning-eleven.net 
  O1 - Hosts: 5.150.113.84 pes09pcgate-e.winning-eleven.net 
  O1 - Hosts: 5.150.113.84 pes2009web.winning-eleven.net 
  O1 - Hosts: 5.150.113.84 pes7stun-e.winning-eleven.net 
  O1 - Hosts: 5.150.113.84 pes09pcgate-e.winning-eleven.net 
  O1 - Hosts: 5.150.113.84 pes2009web.winning-eleven.net 
  O1 - Hosts: localhost pes7stun-e.winning-eleven.net 
  O1 - Hosts: 5.150.113.84 pes09pcgate-e.winning-eleven.net 
  O1 - Hosts: 5.150.113.84 pes2009web.winning-eleven.net 
  O1 - Hosts: localhost pes7stun-e.winning-eleven.net 
  O1 - Hosts: 5.150.113.84 pes09pcgate-e.winning-eleven.net 
  O1 - Hosts: 5.150.113.84 pes2009web.winning-eleven.net 
  O1 - Hosts: localhost pes7stun-e.winning-eleven.net 
  O1 - Hosts: 5.150.113.84 pes09pcgate-e.winning-eleven.net 
  O1 - Hosts: 5.150.113.84 pes2009web.winning-eleven.net 
  O1 - Hosts: localhost pes7stun-e.winning-eleven.net 
  O1 - Hosts: localhost pes7stun-e.winning-eleven.net 
  O1 - Hosts: 5.150.113.84 pes09pcgate-e.winning-eleven.net 
  O1 - Hosts: 5.150.113.84 pes2009web.winning-eleven.net 
  O1 - Hosts: localhost pes7stun-e.winning-eleven.net 
  O1 - Hosts: 5.150.113.84 pes09pcgate-e.winning-eleven.net 
  O1 - Hosts: 5.150.113.84 pes2009web.winning-eleven.net 
  O1 - Hosts: localhost pes7stun-e.winning-eleven.net 
  O1 - Hosts: 5.150.113.84 pes09pcgate-e.winning-eleven.net 
  O1 - Hosts: 5.150.113.84 pes2009web.winning-eleven.net 
  O1 - Hosts: localhost pes7stun-e.winning-eleven.net 
  O1 - Hosts: 5.150.113.84 pes09pcgate-e.winning-eleven.net 
  O1 - Hosts: 5.150.113.84 pes2009web.winning-eleven.net 
  O1 - Hosts: localhost pes7stun-e.winning-eleven.net 
  O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files\Orbitdownloader\orbitcth.dll 
  O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll 
  O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) 
  O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll 
  O2 - BHO: Windows Live Oturum Açma Yardım Aracı - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll 
  O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll 
  O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.3.4501.1418\swg.dll 
  O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll 
  O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll 
  O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll 
  O3 - Toolbar: Grab Pro - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files\Orbitdownloader\GrabPro.dll 
  O3 - Toolbar: &Save Flash - {4064EA35-578D-4073-A834-C96D82CBCF40} - C:\Program Files\Save Flash\SaveFlash.dll 
  O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll 
  O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE 
  O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE 
  O4 - HKLM\..\Run: [GEST] m|\ü 
  O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe" 
  O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice 
  O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime 
  O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" 
  O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" 
  O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun 
  O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe 
  O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background 
  O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" 
  O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\EmperoR\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c 
  O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent 
  O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE') 
  O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') 
  O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') 
  O4 - Startup: 4t Tray Minimizer.lnk = C:\Program Files\4t Tray Minimizer\4t-min.exe 
  O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe 
  O4 - Startup: Cs Serverlar.lnk = E:\GAMES\Valve\platform\Cs Serverlar.url 
  O4 - Startup: OtomatikServerList.lnk = C:\Program Files\Valve\platform\baslangic_serverlist.exe 
  O4 - Global Startup: Orbit.lnk = C:\Program Files\Orbitdownloader\orbitdm.exe 
  O8 - Extra context menu item: &Download by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/201 
  O8 - Extra context menu item: &Grab video by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/204 
  O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/203 
  O8 - Extra context menu item: Down&load all by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/202 
  O8 - Extra context menu item: Microsoft Excel'e Gö&nder - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000 
  O9 - Extra button: Araştır - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL 
  O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe 
  O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe 
  O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe 
  O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe 
  O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) -http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab 
  O17 - HKLM\System\CCS\Services\Tcpip\..\{4089DC2F-E32C-4077-9720-59A4C3FCA00F}: NameServer = 208.67.222.222,208.67.220.220 
  O17 - HKLM\System\CCS\Services\Tcpip\..\{CF2EAFD9-F24B-4D6F-9C88-CE43E02E95CB}: NameServer = 208.67.222.222,208.67.220.220 
  O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe 
  O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe 
  O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe 
  O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe 
  O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe 
  O23 - Service: ES lite Service for program management. (ES lite Service) - Unknown owner - C:\Program Files\Gigabyte\EasySaver\ESSVR.EXE 
  O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe 
  O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe 
  O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe 
  O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe 
   
  -- 
  End of file - 11061 bytes

 
  Logfile of Trend Micro HijackThis v2.0.2 
  Scan saved at 19:09:32, on 14.11.2009 
  Platform: Windows XP SP3 (WinNT 5.01.2600) 
  MSIE: Internet Explorer v8.00 (8.00.6001.18702) 
  Boot mode: Normal 
   
  Running processes: 
  C:\WINDOWS\System32\smss.exe 
  C:\WINDOWS\system32\winlogon.exe 
  C:\WINDOWS\system32\services.exe 
  C:\WINDOWS\system32\lsass.exe 
  C:\WINDOWS\system32\nvsvc32.exe 
  C:\WINDOWS\system32\svchost.exe 
  C:\WINDOWS\System32\svchost.exe 
  C:\WINDOWS\system32\spoolsv.exe 
  C:\WINDOWS\Explorer.EXE 
  C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe 
  C:\WINDOWS\system32\bgsvcgen.exe 
  C:\Program Files\GameTracker\GSInGameService.exe 
  C:\WINDOWS\System32\svchost.exe 
  c:\program files\mouse recorder\MacroService.exe 
  C:\WINDOWS\System32\dmadmin.exe 
  c:\program files\mouse recorder\MacroServiceWnd.exe 
  C:\Program Files\Analog Devices\Core\smax4pnp.exe 
  C:\Program Files\A4Tech\Mouse\Amoumain.exe 
  C:\WINDOWS\system32\UnlockerAssistant.exe 
  C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe 
  C:\WINDOWS\system32\RUNDLL32.EXE 
  C:\WINDOWS\system32\ctfmon.exe 
  C:\Program Files\Taskbar Shuffle\taskbarshuffle.exe 
  C:\Program Files\DAEMON Tools Lite\daemon.exe 
  C:\Program Files\Evidence Eliminator\ee.exe 
  C:\Program Files\Internet Download Manager\IDMan.exe 
  C:\Program Files\Internet Download Manager\IEMonitor.exe 
  C:\WINDOWS\system32\svchost.exe 
  C:\Program Files\Mozilla Firefox 3.6 Beta 1\firefox.exe 
  C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtblfs.exe 
  C:\Documents and Settings\Administrator\Belgelerim\Karşıdan Yüklenenler\HiJackThis.exe 
   
  R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =http://go.microsoft.com/fwlink/?LinkId=54896 
  R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =http://go.microsoft.com/fwlink/?LinkId=69157 
  R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =http://go.microsoft.com/fwlink/?LinkId=54896 
  R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =http://go.microsoft.com/fwlink/?LinkId=54896 
  R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =http://go.microsoft.com/fwlink/?LinkId=69157 
  R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Bağlantılar 
  O1 - Hosts: s127.0.0.1 localhost 
  O1 - Hosts: Youtube Jacker 4 :) 
  O1 - Hosts: 209.85.229.100 www.youtube.com 
  O1 - Hosts: 209.85.229.100 youtube.com 
  O1 - Hosts: 209.85.229.100 tr.youtube.com 
  O1 - Hosts: 209.85.229.100 fr.youtube.com 
  O1 - Hosts: 209.85.229.100 au.youtube.com 
  O1 - Hosts: 209.85.229.100 ca.youtube.com 
  O1 - Hosts: 208.117.236.71 m.youtube.com 
  O1 - Hosts: 74.125.65.118 img.youtube.com 
  O1 - Hosts: 209.85.165.102 gdata.youtube.com 
  O1 - Hosts: 208.117.236.71 ru.youtube.com 
  O1 - Hosts: 208.117.236.70 youtube.com 
  O1 - Hosts: 74.125.65.118 img.youtube.com 
  O1 - Hosts: 88.255.41.21 fr.youtube.com 
  O1 - Hosts: 88.255.41.21 www.fr.youtube.com 
  O1 - Hosts: 74.125.95.138 de.youtube.com 
  O1 - Hosts: 209.85.129.104 help.youtube.com 
  O1 - Hosts: 209.85.129.104 www.help.youtube.com 
  O1 - Hosts: 74.125.13.80 v1.lscache1.c.youtube.com 
  O1 - Hosts: 74.125.0.147 v2.lscache1.c.youtube.com 
  O1 - Hosts: 74.125.13.86 v3.lscache1.c.youtube.com 
  O1 - Hosts: 74.125.13.89 v4.lscache1.c.youtube.com 
  O1 - Hosts: 74.125.13.92 v5.lscache1.c.youtube.com 
  O1 - Hosts: 74.125.13.95 v6.lscache1.c.youtube.com 
  O1 - Hosts: 74.125.13.98 v7.lscache1.c.youtube.com 
  O1 - Hosts: 74.125.13.101 v8.lscache1.c.youtube.com 
  O1 - Hosts: 74.125.97.17 v9.lscache1.c.youtube.com 
  O1 - Hosts: 74.125.97.84 v10.lscache1.c.youtube.com 
  O1 - Hosts: 74.125.13.87 v11.lscache1.c.youtube.com 
  O1 - Hosts: 74.125.13.90 v12.lscache1.c.youtube.com 
  O1 - Hosts: 74.125.13.93 v13.lscache1.c.youtube.com 
  O1 - Hosts: 74.125.13.96 v14.lscache1.c.youtube.com 
  O1 - Hosts: 74.125.13.99 v15.lscache1.c.youtube.com 
  O1 - Hosts: 74.125.97.38 v16.lscache1.c.youtube.com 
  O1 - Hosts: 74.125.13.82 v17.lscache1.c.youtube.com 
  O1 - Hosts: 74.125.13.85 v18.lscache1.c.youtube.com 
  O1 - Hosts: 74.125.13.88 v19.lscache1.c.youtube.com 
  O1 - Hosts: 74.125.13.91 v20.lscache1.c.youtube.com 
  O1 - Hosts: 74.125.13.94 v21.lscache1.c.youtube.com 
  O1 - Hosts: 74.125.13.97 v22.lscache1.c.youtube.com 
  O1 - Hosts: 74.125.13.100 v23.lscache1.c.youtube.com 
  O1 - Hosts: 74.125.13.103 v24.lscache1.c.youtube.com 
  O1 - Hosts: 74.125.13.80 v1.lscache2.c.youtube.com 
  O1 - Hosts: 74.125.13.83 v2.lscache2.c.youtube.com 
  O1 - Hosts: 74.125.13.86 v3.lscache2.c.youtube.com 
  O1 - Hosts: 74.125.13.89 v4.lscache2.c.youtube.com 
  O1 - Hosts: 74.125.13.92 v5.lscache2.c.youtube.com 
  O1 - Hosts: 74.125.13.95 v6.lscache2.c.youtube.com 
  O1 - Hosts: 74.125.13.98 v7.lscache2.c.youtube.com 
  O1 - Hosts: 74.125.13.101 v8.lscache2.c.youtube.com 
  O1 - Hosts: 74.125.13.81 v9.lscache2.c.youtube.com 
  O1 - Hosts: 74.125.13.84 v10.lscache2.c.youtube.com 
  O1 - Hosts: 74.125.13.87 v11.lscache2.c.youtube.com 
  O1 - Hosts: 74.125.13.90 v12.lscache2.c.youtube.com 
  O1 - Hosts: 74.125.13.93 v13.lscache2.c.youtube.com 
  O1 - Hosts: 74.125.13.96 v14.lscache2.c.youtube.com 
  O1 - Hosts: 74.125.13.99 v15.lscache2.c.youtube.com 
  O1 - Hosts: 74.125.13.102 v16.lscache2.c.youtube.com 
  O1 - Hosts: 74.125.13.82 v17.lscache2.c.youtube.com 
  O1 - Hosts: 74.125.13.85 v18.lscache2.c.youtube.com 
  O1 - Hosts: 74.125.13.88 v19.lscache2.c.youtube.com 
  O1 - Hosts: 74.125.13.91 v20.lscache2.c.youtube.com 
  O1 - Hosts: 74.125.13.94 v21.lscache2.c.youtube.com 
  O1 - Hosts: 74.125.13.97 v22.lscache2.c.youtube.com 
  O1 - Hosts: 74.125.13.100 v23.lscache2.c.youtube.com 
  O1 - Hosts: 74.125.13.103 v24.lscache2.c.youtube.com 
  O1 - Hosts: 74.125.99.80 v1.lscache3.c.youtube.com 
  O1 - Hosts: 74.125.99.83 v2.lscache3.c.youtube.com 
  O1 - Hosts: 74.125.99.86 v3.lscache3.c.youtube.com 
  O1 - Hosts: 74.125.99.89 v4.lscache3.c.youtube.com 
  O1 - Hosts: 74.125.99.92 v5.lscache3.c.youtube.com 
  O1 - Hosts: 74.125.99.95 v6.lscache3.c.youtube.com 
  O1 - Hosts: 74.125.99.98 v7.lscache3.c.youtube.com 
  O1 - Hosts: 74.125.99.101 v8.lscache3.c.youtube.com 
  O1 - Hosts: 74.125.99.81 v9.lscache3.c.youtube.com 
  O1 - Hosts: 74.125.99.84 v10.lscache3.c.youtube.com 
  O1 - Hosts: 74.125.99.87 v11.lscache3.c.youtube.com 
  O1 - Hosts: 74.125.99.90 v12.lscache3.c.youtube.com 
  O1 - Hosts: 74.125.99.93 v13.lscache3.c.youtube.com 
  O1 - Hosts: 74.125.97.32 v14.lscache3.c.youtube.com 
  O1 - Hosts: 74.125.99.99 v15.lscache3.c.youtube.com 
  O1 - Hosts: 74.125.99.102 v16.lscache3.c.youtube.com 
  O1 - Hosts: 74.125.99.82 v17.lscache3.c.youtube.com 
  O1 - Hosts: 74.125.99.85 v18.lscache3.c.youtube.com 
  O1 - Hosts: 74.125.99.88 v19.lscache3.c.youtube.com 
  O1 - Hosts: 74.125.99.91 v20.lscache3.c.youtube.com 
  O1 - Hosts: 74.125.99.94 v21.lscache3.c.youtube.com 
  O1 - Hosts: 74.125.99.97 v22.lscache3.c.youtube.com 
  O1 - Hosts: 74.125.99.100 v23.lscache3.c.youtube.com 
  O1 - Hosts: 74.125.99.103 v24.lscache3.c.youtube.com 
  O1 - Hosts: 74.125.99.80 v1.lscache4.c.youtube.com 
  O1 - Hosts: 74.125.99.83 v2.lscache4.c.youtube.com 
  O1 - Hosts: 74.125.99.86 v3.lscache4.c.youtube.com 
  O1 - Hosts: 74.125.99.89 v4.lscache4.c.youtube.com 
  O1 - Hosts: 74.125.99.92 v5.lscache4.c.youtube.com 
  O1 - Hosts: 74.125.99.95 v6.lscache4.c.youtube.com 
  O1 - Hosts: 74.125.99.98 v7.lscache4.c.youtube.com 
  O1 - Hosts: 74.125.99.101 v8.lscache4.c.youtube.com 
  O1 - Hosts: 74.125.99.81 v9.lscache4.c.youtube.com 
  O1 - Hosts: 74.125.99.84 v10.lscache4.c.youtube.com 
  O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll 
  O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\ievkbd.dll 
  O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) 
  O2 - BHO: Windows Live Oturum Açma Yardım Aracı - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll 
  O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll 
  O2 - BHO: link filter bho - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll 
  O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe 
  O4 - HKLM\..\Run: [WheelMouse] C:\Program Files\A4Tech\Mouse\Amoumain.exe 
  O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k 
  O4 - HKLM\..\Run: [UnlockerAssistant] "C:\WINDOWS\system32\UnlockerAssistant.exe" 
  O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe" 
  O4 - HKLM\..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe /install 
  O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup 
  O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit 
  O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe 
  O4 - HKCU\..\Run: [Taskbar Shuffle] C:\Program Files\Taskbar Shuffle\taskbarshuffle.exe 
  O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun 
  O4 - HKCU\..\Run: [Evidence Eliminator] C:\Program Files\Evidence Eliminator\ee.exe /m 
  O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot 
  O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE') 
  O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') 
  O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') 
  O8 - Extra context menu item: Açılır Pencere Engelleyicisine ekle - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\ie_banner_deny.htm 
  O8 - Extra context menu item: Bütün linkleri IDM ile indir - C:\Program Files\Internet Download Manager\IEGetAll.htm 
  O8 - Extra context menu item: FLV video içeriğini IDM ile indir - C:\Program Files\Internet Download Manager\IEGetVL.htm 
  O8 - Extra context menu item: IDM ile indir - C:\Program Files\Internet Download Manager\IEExt.htm 
  O8 - Extra context menu item: Microsoft Excel'e Gö&nder - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 
  O9 - Extra button: &Virtual keyboard - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll 
  O9 - Extra button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll 
  O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe 
  O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe 
  O17 - HKLM\System\CCS\Services\Tcpip\..\{B23870ED-13F2-4FA2-979A-0F6C1A9728CB}: NameServer = 4.2.2.1,4.2.2.3 
  O23 - Service: Kaspersky Internet Security (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe 
  O23 - Service: B's Recorder GOLD Library General Service (bgsvcgen) - B.H.A Corporation - C:\WINDOWS\system32\bgsvcgen.exe 
  O23 - Service: GS In-Game Service - ClanServers Hosting LLC - C:\Program Files\GameTracker\GSInGameService.exe 
  O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe 
  O23 - Service: Macro Expert - Grass Software - c:\program files\mouse recorder\MacroService.exe 
  O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe 
   
  -- 
  End of file - 11613 bytes

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =http://go.microsoft.com/fwlink/?LinkId=54896 
  R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =http://go.microsoft.com/fwlink/?LinkId=69157 
  R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =http://go.microsoft.com/fwlink/?LinkId=54896 
  R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =http://go.microsoft.com/fwlink/?LinkId=54896 
  R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =http://go.microsoft.com/fwlink/?LinkId=69157 
  R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Sık Kullanılanlar 
  O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) 
  O2 - BHO: Windows Live Oturum Açma Yardım Aracı - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll 
  O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll 
  O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll 

Logfile of Trend Micro HijackThis v2.0.2 
  Scan saved at 23:30:24, on 19.11.2009 
  Platform: Windows XP SP3 (WinNT 5.01.2600) 
  MSIE: Internet Explorer v8.00 (8.00.6001.18702) 
  Boot mode: Normal 
   
  Running processes: 
  C:\WINDOWS\System32\smss.exe 
  C:\WINDOWS\system32\winlogon.exe 
  C:\WINDOWS\system32\services.exe 
  C:\WINDOWS\system32\lsass.exe 
  C:\WINDOWS\system32\nvsvc32.exe 
  C:\WINDOWS\system32\svchost.exe 
  C:\WINDOWS\System32\svchost.exe 
  C:\WINDOWS\system32\svchost.exe 
  C:\WINDOWS\system32\spoolsv.exe 
  C:\WINDOWS\Explorer.EXE 
  C:\Program Files\Eset\nod32kui.exe 
  C:\WINDOWS\RTHDCPL.EXE 
  C:\WINDOWS\SOUNDMAN.EXE 
  C:\Program Files\Norton Ghost\Agent\VProTray.exe 
  C:\WINDOWS\system32\RUNDLL32.EXE 
  C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe 
  C:\Program Files\cFosSpeed\cFosSpeed.exe 
  C:\Program Files\iTunes\iTunesHelper.exe 
  C:\Program Files\Java\jre6\bin\jusched.exe 
  C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe 
  C:\WINDOWS\system32\ctfmon.exe 
  C:\Program Files\DNA\btdna.exe 
  C:\Program Files\Internet Download Manager\IDMan.exe 
  C:\Documents and Settings\Ev\Application Data\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe 
  C:\Program Files\Pando Networks\Media Booster\PMB.exe 
  C:\program files\steam\steam.exe 
  C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe 
  C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe 
  C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe 
  C:\Program Files\Bonjour\mDNSResponder.exe 
  C:\Program Files\cFosSpeed\spd.exe 
  C:\Program Files\GIGABYTE\EnergySaver\GSvr.exe 
  C:\Program Files\LogMeIn Hamachi\hamachi-2.exe 
  C:\Program Files\Java\jre6\bin\jqs.exe 
  C:\Program Files\Microsoft LifeCam\MSCamS32.exe 
  C:\Program Files\Eset\nod32krn.exe 
  C:\Program Files\Norton Ghost\Agent\VProSvc.exe 
  C:\WINDOWS\system32\PnkBstrA.exe 
  C:\WINDOWS\system32\svchost.exe 
  C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe 
  C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe 
  C:\Program Files\PC Connectivity Solution\ServiceLayer.exe 
  C:\Program Files\iPod\bin\iPodService.exe 
  C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe 
  C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe 
  C:\WINDOWS\system32\wbem\wmiapsrv.exe 
  C:\Program Files\Internet Download Manager\IEMonitor.exe 
  C:\WINDOWS\System32\svchost.exe 
  C:\WINDOWS\system32\wscntfy.exe 
  C:\Program Files\Microsoft LifeCam\LifeTray.exe 
  C:\WINDOWS\system32\PnkBstrB.exe 
  C:\Program Files\Mozilla Firefox\firefox.exe 
  D:\Programlar\HijackThis.exe 
   
  R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =http://go.microsoft.com/fwlink/?LinkId=69157 
  R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =http://go.microsoft.com/fwlink/?LinkId=54896 
  R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =http://go.microsoft.com/fwlink/?LinkId=54896 
  R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = wmplayer.exe //ICWLaunch 
  R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local 
  O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll 
  O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll 
  O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE 
  O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe 
  O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE 
  O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE 
  O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE 
  O4 - HKLM\..\Run: [Norton Ghost 12.0] "C:\Program Files\Norton Ghost\Agent\VProTray.exe" 
  O4 - HKLM\..\Run: [LifeCam] "C:\Program Files\Microsoft LifeCam\LifeExp.exe" 
  O4 - HKLM\..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe /install 
  O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup 
  O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit 
  O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" 
  O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime 
  O4 - HKLM\..\Run: [cFosSpeed] C:\Program Files\cFosSpeed\cFosSpeed.exe 
  O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" 
  O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" 
  O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" 
  O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe 
  O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe" 
  O4 - HKCU\..\Run: [EPSON Stylus DX8400 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICEE.EXE /FU "C:\WINDOWS\TEMP\E_S6F.tmp" /EF "HKCU" 
  O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot 
  O4 - HKCU\..\Run: [Octoshape Streaming Services] "C:\Documents and Settings\Ev\Application Data\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe" -inv:bootrun 
  O4 - HKCU\..\Run: [Pando Media Booster] C:\Program Files\Pando Networks\Media Booster\PMB.exe 
  O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent 
  O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray 
  O4 - Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe 
  O8 - Extra context menu item: Bütün linkleri IDM ile indir - C:\Program Files\Internet Download Manager\IEGetAll.htm 
  O8 - Extra context menu item: FLV video içeriğini IDM ile indir - C:\Program Files\Internet Download Manager\IEGetVL.htm 
  O8 - Extra context menu item: IDM ile indir - C:\Program Files\Internet Download Manager\IEExt.htm 
  O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\ssv.dll 
  O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\ssv.dll 
  O9 - Extra button: OneNote'a Gönder - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll 
  O9 - Extra 'Tools' menuitem: OneNote'a G&önder - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll 
  O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL 
  O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe 
  O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe 
  O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) -http://www.systemrequirementslab.com/srl_bin/sysreqlab_srl.cab 
  O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} (System Requirements Lab) -http://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab 
  O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) -http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1251470904984 
  O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) -http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab 
  O17 - HKLM\System\CCS\Services\Tcpip\..\{72D8E278-20CF-455E-9CBB-358937289715}: NameServer = 208.67.222.222,208.67.220.220 
  O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll 
  O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe 
  O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe 
  O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe 
  O23 - Service: cFosSpeed System Service (cFosSpeedS) - cFos Software GmbH - C:\Program Files\cFosSpeed\spd.exe 
  O23 - Service: GEST Service for program management. (GEST Service) - Unknown owner - C:\Program Files\GIGABYTE\EnergySaver\GSvr.exe 
  O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe 
  O23 - Service: LogMeIn Hamachi 2.0 Tunneling Engine (Hamachi2Svc) - LogMeIn Inc. - C:\Program Files\LogMeIn Hamachi\hamachi-2.exe 
  O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe 
  O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe 
  O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe 
  O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE 
  O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe 
  O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe 
  O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset  - C:\Program Files\Eset\nod32krn.exe 
  O23 - Service: Norton Ghost - Symantec Corporation - C:\Program Files\Norton Ghost\Agent\VProSvc.exe 
  O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\WINDOWS\system32\GameMon.des.exe (file missing) 
  O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe 
  O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe 
  O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe 
  O23 - Service: ServiceLayer - Nokia - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe 
   
  -- 
  End of file - 9877 bytes 
  

Logfile of Trend Micro HijackThis v2.0.2 
  Scan saved at 15:36:18, on 20.11.2009 
  Platform: Windows XP SP3 (WinNT 5.01.2600) 
  MSIE: Internet Explorer v8.00 (8.00.6001.18702) 
  Boot mode: Normal 
   
  Running processes: 
  C:\WINDOWS\System32\smss.exe 
  C:\WINDOWS\system32\winlogon.exe 
  C:\WINDOWS\system32\services.exe 
  C:\WINDOWS\system32\lsass.exe 
  C:\WINDOWS\system32\svchost.exe 
  C:\WINDOWS\System32\svchost.exe 
  C:\WINDOWS\system32\spoolsv.exe 
  C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe 
  C:\Program Files\Intel\AMT\atchksrv.exe 
  C:\WINDOWS\etlisrv.exe 
  C:\Program Files\Java\jre6\bin\jqs.exe 
  C:\Program Files\Common Files\LightScribe\LSSrvc.exe 
  C:\Program Files\Intel\AMT\LMS.exe 
  C:\Program Files\Google\Update\1.2.183.13\GoogleCrashHandler.exe 
  C:\Program Files\CheckPoint\SecuRemote\bin\SR_Service.exe 
  C:\Program Files\CheckPoint\SecuRemote\bin\SR_WatchDog.exe 
  C:\WINDOWS\system32\svchost.exe 
  C:\Program Files\Intel\AMT\UNS.exe 
  C:\WINDOWS\Explorer.EXE 
  C:\Program Files\CheckPoint\SecuRemote\bin\SR_GUI.Exe 
  C:\Program Files\Analog Devices\Core\smax4pnp.exe 
  C:\WINDOWS\system32\igfxtray.exe 
  C:\WINDOWS\system32\hkcmd.exe 
  C:\WINDOWS\system32\igfxsrvc.exe 
  C:\WINDOWS\system32\igfxpers.exe 
  C:\Program Files\Intel\AMT\atchk.exe 
  C:\Program Files\Winamp\winampa.exe 
  C:\WINDOWS\VMSnap3.exe 
  C:\WINDOWS\Domino.exe 
  C:\Program Files\Java\jre6\bin\jusched.exe 
  C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe 
  C:\Program Files\Microsoft ActiveSync\wcescomm.exe 
  C:\Program Files\DAEMON Tools Lite\daemon.exe 
  C:\PROGRA~1\MICROS~3\rapimgr.exe 
  C:\Documents and Settings\term1\Local Settings\Application Data\Google\Update\1.2.183.13\GoogleCrashHandler.exe 
  C:\WINDOWS\system32\etlitr50.exe 
  M:\Tiger2\LENGINE1.EXE 
  C:\WINDOWS\system32\ctfmon.exe 
  C:\Program Files\Windows Live\Messenger\msnmsgr.exe 
  C:\Program Files\Windows Live\Contacts\wlcomm.exe 
  C:\Program Files\Internet Explorer\iexplore.exe 
  C:\Program Files\Internet Explorer\iexplore.exe 
  C:\Program Files\Internet Explorer\iexplore.exe 
  C:\Program Files\Trend Micro\HijackThis\HijackThis.exe 
   
  R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank 
  R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =http://go.microsoft.com/fwlink/?LinkId=69157 
  R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =http://go.microsoft.com/fwlink/?LinkId=54896 
  R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =http://go.microsoft.com/fwlink/?LinkId=54896 
  R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =http://go.microsoft.com/fwlink/?LinkId=69157 
  R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local 
  R3 - URLSearchHook: TurkeyForum Yeni Toolbar - {954155f1-68a2-4246-8ba7-3165a4eb213f} - C:\Program Files\TurkeyForum_Yeni\tbTur1.dll 
  O1 - Hosts: 193.202.221.20 webserver 
  O1 - Hosts: 193.202.221.20 webserver.ho.u2638.unilever.com 
  O1 - Hosts: 193.202.221.36 ulpa1_boot 
  O1 - Hosts: 193.202.221.94 ulpdb ulpvip 
  O1 - Hosts: 193.202.221.100 ulpdb_boot 
  O1 - Hosts: 193.202.221.101 ulpa1 
  O1 - Hosts: 193.202.221.103 ulpa2 
  O1 - Hosts: 193.202.221.104 ulpa3 
  O1 - Hosts: 193.202.221.105 ulpa4 
  O1 - Hosts: 193.202.221.221 ulpa5 
  O1 - Hosts: 193.202.221.252 ulpa6 
  O1 - Hosts: 193.202.221.93 ulpa7 
  O1 - Hosts: 193.202.221.118 ulpa8 
  O1 - Hosts: 193.202.221.116 ulpa9 
  O1 - Hosts: 193.202.221.119 ulpa10 
  O1 - Hosts: 193.202.221.124 ulpa11 
  O1 - Hosts: 193.202.221.133 ulpa12 
  O1 - Hosts: 194.27.120.6 bogazici 
  O1 - Hosts: 194.27.120.7 portland 
  O1 - Hosts: 145.55.45.7 cgiu029a.eu.unilever.com 
  O1 - Hosts: 145.55.45.7 cgiu029a 
  O1 - Hosts: 145.55.68.64 ar1s002a.eu.unilever.com 
  O1 - Hosts: 145.55.68.64 ar1d002a.eu.unilever.com 
  O1 - Hosts: 145.55.68.64 ar1q002a.eu.unilever.com 
  O1 - Hosts: 145.55.68.65 ab2d002a.eu.unilever.com 
  O1 - Hosts: 145.55.64.71 ab2p002a.eu.unilever.com 
  O1 - Hosts: 145.55.68.65 ab2q002a.eu.unilever.com 
  O1 - Hosts: 145.55.68.64 ar1r002a.eu.unilever.com 
  O1 - Hosts: 145.55.64.73 ar1p002a.eu.unilever.com 
  O1 - Hosts: 145.55.68.64 psiu014a.eu.unilever.com 
  O1 - Hosts: 152.109.232.234 istsemb20001 
  O1 - Hosts: 152.109.232.234 istsemb20001.s2.ms.unilever.com 
  O1 - Hosts: 193.202.205.182 univpn 
  O1 - Hosts: 193.202.205.182 univpn.ho.u2638.unilever.com 
  O1 - Hosts: 193.202.205.182 istsapp20002 
  O1 - Hosts: 193.202.205.182 istsapp20002.s2.ms.unilever.com 
  O1 - Hosts: 145.17.109.233 istsapp20015 
  O1 - Hosts: 145.17.109.233 istsapp20015.s2.ms.unilever.com 
  O1 - Hosts: 161.193.116.238 im.unilever.com 
  O1 - Hosts: 194.133.173.159 istsapp20009 
  O1 - Hosts: 194.133.173.159 istsapp20009.s2.ms.unilever.com 
  O1 - Hosts: 193.202.205.177 istsapp20022 
  O1 - Hosts: 193.202.205.177 istsapp20022.s2.ms.unilever.com 
  O1 - Hosts: 193.202.221.126 unisat 
  O1 - Hosts: 193.202.221.126 unisat.ho.u2638.unilever.com 
  O1 - Hosts: 193.202.221.220 pera 
  O1 - Hosts: 193.202.221.220 pera.ho.u2638.unilever.com 
  O1 - Hosts: 193.202.221.126 istsapp20008 
  O1 - Hosts: 193.202.221.126 istsapp20008.s2.ms.unilever.com 
  O1 - Hosts: 193.202.221.220 istsapp20004 
  O1 - Hosts: 193.202.221.220 istsapp20004.s2.ms.unilever.com 
  O1 - Hosts: 193.202.221.20 creditcards 
  O1 - Hosts: 193.202.221.20 creditcards.ho.u2638.unilever.com 
  O1 - Hosts: 193.202.221.31 ist-cmi 
  O1 - Hosts: 193.202.221.31 ist-fci 
  O1 - Hosts: 193.202.221.31 ist-fusion 
  O1 - Hosts: 193.202.221.31 ist-genesis 
  O1 - Hosts: 193.202.221.31 ist-hukuk 
  O1 - Hosts: 193.202.221.31 ist-imagesolutions 
  O1 - Hosts: 193.202.221.31 ist-mc 
  O1 - Hosts: 193.202.221.31 ist-merchandising 
  O1 - Hosts: 193.202.221.31 ist-npibuying 
  O1 - Hosts: 193.202.221.31 ist-sctr 
  O1 - Hosts: 193.202.221.31 ist-taxnotes 
  O1 - Hosts: 193.202.221.31 ist-teknoport 
  O1 - Hosts: 193.202.221.31 ist-ufsportal 
  O1 - Hosts: 193.202.221.31 ist-universe 
  O1 - Hosts: 193.202.221.31 univert 
  O1 - Hosts: 193.202.221.20 uniselweb 
  O1 - Hosts: 193.202.221.20 uniselweb.ho.u2638.unilever.com 
  O1 - Hosts: 193.202.221.102 mevlana 
  O1 - Hosts: 193.202.221.20 pmstr 
  O1 - Hosts: 193.202.221.20 pmstr.ho.u2638.unilever.com 
  O2 - BHO: (no name) - {04DE8C6E-B6BF-405E-ACAB-9877068E35Ad} - C:\WINDOWS\System32\ddeml32.dll 
  O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll 
  O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll 
  O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ievkbd.dll 
  O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) 
  O2 - BHO: Windows Live Oturum Açma Yardım Aracı - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll 
  O2 - BHO: TurkeyForum Yeni Toolbar - {954155f1-68a2-4246-8ba7-3165a4eb213f} - C:\Program Files\TurkeyForum_Yeni\tbTur1.dll 
  O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll 
  O2 - BHO: Google Gears Helper - {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.33.0\gears.dll 
  O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\PROGRA~1\FlashFXP\IEFlash.dll (file missing) 
  O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll 
  O3 - Toolbar: TurkeyForum Yeni Toolbar - {954155f1-68a2-4246-8ba7-3165a4eb213f} - C:\Program Files\TurkeyForum_Yeni\tbTur1.dll 
  O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe 
  O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe 
  O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe 
  O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe 
  O4 - HKLM\..\Run: [LayoutM] KLayMgr.exe 
  O4 - HKLM\..\Run: [atchk] "C:\Program Files\Intel\AMT\atchk.exe" 
  O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe" 
  O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" 
  O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe" 
  O4 - HKLM\..\Run: [VMSnap3] C:\WINDOWS\VMSnap3.exe 
  O4 - HKLM\..\Run: [Domino] C:\WINDOWS\Domino.exe 
  O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" 
  O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" 
  O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden 
  O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\term1\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c 
  O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe" 
  O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun 
  O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe 
  O4 - HKCU\..\RunOnce: [Shockwave Updater] C:\WINDOWS\system32\Adobe\Shockwave 11\SwHelper_1151601.exe -Update -1151601 -"Mozilla/5.0_(Windows;_U;_Windows_NT_5.1;_en-US)_AppleWebKit/532.0_(KHTML,_like_Gecko)_Chrome/3.0.195.27_Safari/532.0" -"http://www.miniclip.com/games/masters-of-wrestling/en/master_of_wrestling.dcr" 
  O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') 
  O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') 
  O4 - Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe 
  O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe 
  O4 - Global Startup: Entrust.lnk = C:\WINDOWS\system32\etlitr50.exe 
  O4 - Global Startup: EPSON Status Monitor 3 Environment Check 2.lnk = C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV02.EXE 
  O8 - Extra context menu item: Banner Ad Blocker’a ekle - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ie_banner_deny.htm 
  O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 
  O9 - Extra button: (no name) - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.33.0\gears.dll 
  O9 - Extra 'Tools' menuitem: &Gears Settings - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.33.0\gears.dll 
  O9 - Extra button: (no name) - {0F7195C2-6713-4d93-A1BC-DA5FA33F0A65} - C:\WINDOWS\system32\shdocvw.dll 
  O9 - Extra 'Tools' menuitem: My kikin - {0F7195C2-6713-4d93-A1BC-DA5FA33F0A65} - C:\WINDOWS\system32\shdocvw.dll 
  O9 - Extra button: Web trafiği koruması istatistikleri - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\SCIEPlgn.dll 
  O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll 
  O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll 
  O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll 
  O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL 
  O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe 
  O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe 
  O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe 
  O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe 
  O16 - DPF: {0FC8B38E-9293-424C-9D0E-CE60775679CF} (SubClassEditCtrlContainer Class) -https://sube.garanti.com.tr/lib/JaguarEditControl.CAB 
  O16 - DPF: {41861299-EAB2-4DCC-986C-802AE12AC499} (RSClientPrint 2005 Class) -http://pera/Reserved.ReportViewerWebControl.axd?ReportSession=fmyqfxmvoetneu555zwpyj45&ControlID=b7a636084f784c4bbb18811b0a783059&Culture=1055&UICulture=1055&ReportStack=1&OpType=PrintCab 
  O16 - DPF: {62789780-B744-11D0-986B-00609731A21D} (Autodesk MapGuide ActiveX Control) -http://88.247.223.172:8090/webgis/adapazari/activex/mgaxctrl.cab 
  O16 - DPF: {C5E28B9D-0A68-4B50-94E9-E8F6B4697516} (NsvPlayX Control) -http://www.yayindayiz.biz/codec/nsvplayx_vp6_mp3.cab 
  O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) -http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab 
  O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} -http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab 
  O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) -http://pdl.stream.aol.com/downloads/aol/unagi/ampx_en_dl.cab 
  O23 - Service: Intel(R) Active Management Technology System Status Service (atchksrv) - Intel Corporation - C:\Program Files\Intel\AMT\atchksrv.exe 
  O23 - Service: Kaspersky Internet Security (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe 
  O23 - Service: Entrust Login Interface (ELIService) - Entrust(R) - C:\WINDOWS\etlisrv.exe 
  O23 - Service: EpsonBidirectionalService - Unknown owner - C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe 
  O23 - Service: Google Update Service (gupdate1c9a9624c8f6588) (gupdate1c9a9624c8f6588) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe 
  O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - c:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe 
  O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe 
  O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe 
  O23 - Service: Intel(R) Active Management Technology Local Management Service (LMS) - Intel - C:\Program Files\Intel\AMT\LMS.exe 
  O23 - Service: Check Point SecuRemote Service (SR_Service) - Check Point Software Technologies - C:\Program Files\CheckPoint\SecuRemote\bin\SR_Service.exe 
  O23 - Service: Check Point SecuRemote WatchDog (SR_WatchDog) - Check Point Software Technologies - C:\Program Files\CheckPoint\SecuRemote\bin\SR_WatchDog.exe 
  O23 - Service: Intel(R) Active Management Technology User Notification Service (UNS) - Intel - C:\Program Files\Intel\AMT\UNS.exe 
   
  -- 
  End of file - 14709 bytes 
  

ComboFix 09-11-19.05 - Term1 20.11.2009 13:35.2.2 - x86 
  Microsoft Windows XP Professional  5.1.2600.3.1254.90.1033.18.2002.1534 [GMT 2:00] 
  Running from: c:\documents and settings\term1\My Documents\New Programs\Anti virüs\ComboFix.exe 
  AV: Kaspersky Internet Security *On-access scanning disabled* (Updated) {2C4D4BC6-0793-4956-A9F9-E252435469C0} 
  FW: Kaspersky Internet Security *disabled* {2C4D4BC6-0793-4956-A9F9-E252435469C0} 
  . 
   
  (((((((((((((((((((((((((((((((((((((((   Other Deletions   ))))))))))))))))))))))))))))))))))))))))))))))))) 
  . 
   
  c:\windows\system32\LocalService 
  . 
  ---- Previous Run ------- 
  . 
  c:\documents and settings\All Users\Start Menu\Programs\Spyware Cease\Spyware Cease on the Web.lnk 
  c:\documents and settings\All Users\Start Menu\Programs\Spyware Cease\Spyware Cease.lnk 
  c:\documents and settings\All Users\Start Menu\Programs\Spyware Cease\Uninstall Spyware Cease.lnk 
  c:\documents and settings\term1\Application Data\02000000ff2ed2ed684C.manifest 
  c:\documents and settings\term1\Application Data\02000000ff2ed2ed684O.manifest 
  c:\documents and settings\term1\Application Data\02000000ff2ed2ed684P.manifest 
  c:\documents and settings\term1\Application Data\02000000ff2ed2ed684S.manifest 
  c:\program files\Spyware Cease\AutoUpdate.exe 
  c:\program files\Spyware Cease\bmgac 
  c:\program files\Spyware Cease\dxddd 
  c:\program files\Spyware Cease\fp.fpl 
  c:\program files\Spyware Cease\hrdb.hrl 
  c:\program files\Spyware Cease\idamx 
  c:\program files\Spyware Cease\iflee 
  c:\program files\Spyware Cease\LSR.lsr 
  c:\program files\Spyware Cease\md5.dll 
  c:\program files\Spyware Cease\mtools.dll 
  c:\program files\Spyware Cease\networkdll.dll 
  c:\program files\Spyware Cease\opfile.dll 
  c:\program files\Spyware Cease\QAreaDLL.dll 
  c:\program files\Spyware Cease\rgp.tmp 
  c:\program files\Spyware Cease\RkHitApi.dll 
  c:\program files\Spyware Cease\sctools.dll 
  c:\program files\Spyware Cease\spkdll.dll 
  c:\program files\Spyware Cease\SpywareCease.chm 
  c:\program files\Spyware Cease\SpywareCease.exe 
  c:\program files\Spyware Cease\SpywareCease.url 
  c:\program files\Spyware Cease\tmp5 
  c:\program files\Spyware Cease\udefend.dll 
  c:\program files\Spyware Cease\unins000.dat 
  c:\program files\Spyware Cease\unins000.exe 
  c:\program files\Spyware Cease\update\Update.ini 
  c:\program files\Spyware Cease\update\uplist.up 
  c:\program files\Spyware Cease\update1 
  c:\program files\Spyware Cease\update2 
  c:\program files\Spyware Cease\update3 
  c:\program files\Spyware Cease\ussafe.dll 
  c:\program files\Spyware Cease\vf 
  c:\program files\Spyware Cease\vsn.lst 
  c:\program files\Spyware Cease\wl.swl 
  c:\program files\Spyware Cease\xxcum 
  c:\program files\Spyware Cease\zlib1.dll 
  c:\windows\system32\D3D8THK32.DLL 
  c:\windows\system32\drivers\RKHit.sys 
  c:\windows\system32\GroupPolicy000.dat 
  c:\windows\system32\Ijl11.dll 
  c:\windows\system32\LocalService\329.crack.zip 
  c:\windows\system32\LocalService\329.crack.zip.kwd 
  c:\windows\system32\LocalService\330.keygen.zip 
  c:\windows\system32\LocalService\330.keygen.zip.kwd 
  c:\windows\system32\LocalService\331.serial.zip 
  c:\windows\system32\LocalService\331.serial.zip.kwd 
  c:\windows\system32\LocalService\332.setup.zip 
  c:\windows\system32\LocalService\332.setup.zip.kwd 
  c:\windows\system32\LocalService\333.music.au 
  c:\windows\system32\LocalService\333.music.au.kwd 
  c:\windows\system32\LocalService\334.music2.au 
  c:\windows\system32\LocalService\334.music2.au.kwd 
  c:\windows\system32\LocalService\335.music3.au 
  c:\windows\system32\LocalService\335.music3.au.kwd 
  c:\windows\system32\LocalService\336.music4.au 
  c:\windows\system32\LocalService\336.music4.au.kwd 
   
  . 
  (((((((((((((((((((((((((((((((((((((((   Drivers/Services   ))))))))))))))))))))))))))))))))))))))))))))))))) 
  . 
   
  -------\Legacy_RKHIT 
  -------\Service_RkHit 
   
   
  (((((((((((((((((((((((((   Files Created from 2009-10-20 to 2009-11-20  ))))))))))))))))))))))))))))))) 
  . 
   
  2009-11-20 11:35 . 2008-04-13 18:40	96512	-c--a-w-	c:\windows\system32\dllcache\atapi.sys 
  2009-11-20 11:35 . 2008-04-13 18:40	96512	----a-w-	c:\windows\system32\drivers\atapi.sys 
  2009-11-20 07:28 . 2009-11-20 07:28	187904	----a-w-	c:\windows\system32\ddeml32.dll 
  2009-11-19 14:51 . 2009-11-19 14:51	187904	----a-w-	c:\windows\system32\hccoin32.dll 
  2009-11-19 14:45 . 2009-11-19 14:45	187904	----a-w-	c:\windows\system32\etmimres32.dll 
  2009-11-19 10:40 . 2009-11-19 10:40	187904	----a-w-	c:\windows\system32\dpnwsock32.dll 
  2009-11-19 07:35 . 2009-11-19 07:35	187904	----a-w-	c:\windows\system32\dxtmeta232.dll 
  2009-11-18 15:10 . 2009-11-18 15:10	187904	----a-w-	c:\windows\system32\drmclien32.dll 
  2009-11-18 07:38 . 2009-11-18 07:38	187904	----a-w-	c:\windows\system32\etdsk32.dll 
  2009-11-17 09:13 . 2009-11-17 09:13	187904	----a-w-	c:\windows\system32\d3drm32.dll 
  2009-11-17 08:51 . 2009-11-18 12:15	--------	d-----w-	c:\program files\Loaris Trojan Remover 
  2009-11-17 07:59 . 2009-11-17 07:59	187904	----a-w-	c:\windows\system32\esent32.dll 
  2009-11-17 07:39 . 2009-11-17 07:39	187904	----a-w-	c:\windows\system32\dot3cfg32.dll 
  2009-11-16 09:01 . 2009-11-16 09:01	187904	----a-w-	c:\windows\system32\cryptdlg32.dll 
  2009-11-14 07:45 . 2006-09-16 17:44	314368	----a-w-	c:\windows\system32\avisynth.dll 
  2009-11-14 07:45 . 2004-05-26 19:37	719872	----a-w-	c:\windows\system32\devil.dll 
  2009-11-14 07:45 . 2009-11-14 07:46	--------	d-----w-	c:\program files\Video Convert Master 
  2009-11-04 07:42 . 2009-11-04 07:42	152576	----a-w-	c:\documents and settings\term1\Application Data\Sun\Java\jre1.6.0_17\lzma.dll 
  2009-11-04 07:33 . 2009-11-04 07:34	--------	d-----w-	c:\documents and settings\NetworkService\Local Settings\Application Data\Temp 
  2009-11-03 14:23 . 2009-11-03 14:23	--------	d-----w-	c:\documents and settings\term1\Local Settings\Application Data\IsolatedStorage 
  2009-11-03 09:52 . 2009-11-03 09:52	--------	d-----w-	c:\windows\system32\wbem\Repository 
  2009-11-02 14:47 . 2009-11-14 08:05	--------	d-----w-	c:\program files\PDF Password Remover v3.1 
  2009-11-02 14:32 . 2009-11-14 08:06	--------	d-----w-	c:\program files\ElcomSoft 
  2009-11-02 13:37 . 2009-11-02 13:37	--------	d-----w-	c:\program files\Your Uninstaller 
  2009-10-31 15:14 . 2009-10-31 15:15	1455930	----a-w-	c:\documents and settings\term1\Application Data\Move Networks\MoveMediaPlayerWinSilent_071504000001.exe 
  2009-10-31 15:13 . 2009-10-31 15:13	127872	----a-w-	c:\documents and settings\term1\Application Data\Move Networks\uninstall.exe 
  2009-10-31 15:13 . 2009-11-02 12:16	--------	d-----w-	c:\documents and settings\term1\Application Data\Move Networks 
  2009-10-24 11:44 . 2009-10-24 11:44	--------	d-----w-	c:\program files\NCT 
  2009-10-24 11:43 . 2009-10-24 11:50	--------	d-----w-	c:\program files\Text to Speech Maker 
   
  . 
  ((((((((((((((((((((((((((((((((((((((((   Find3M Report   )))))))))))))))))))))))))))))))))))))))))))))))))))) 
  . 
  2009-11-20 11:25 . 2009-08-25 14:26	--------	d-----w-	c:\documents and settings\All Users\Application Data\Kaspersky Lab 
  2009-11-20 11:22 . 2009-08-25 14:26	630816	--sha-w-	c:\windows\system32\drivers\fidbox2.dat 
  2009-11-20 11:22 . 2009-08-25 14:26	3236	--sha-w-	c:\windows\system32\drivers\fidbox2.idx 
  2009-11-20 11:22 . 2009-08-25 14:26	2569760	--sha-w-	c:\windows\system32\drivers\fidbox.dat 
  2009-11-20 11:22 . 2009-08-25 14:26	21156	--sha-w-	c:\windows\system32\drivers\fidbox.idx 
  2009-11-19 14:50 . 2009-04-06 15:06	--------	d---a-w-	c:\documents and settings\All Users\Application Data\TEMP 
  2009-11-19 14:44 . 2009-10-07 10:29	--------	d-----w-	c:\program files\kikin 
  2009-11-16 09:01 . 2009-11-16 09:01	0	----a-w-	c:\windows\system32\21.tmp 
  2009-11-16 07:38 . 2009-11-16 07:38	0	----a-w-	c:\windows\system32\5.tmp 
  2009-11-14 07:45 . 2009-04-25 06:34	--------	d-----w-	c:\documents and settings\term1\Application Data\Vso 
  2009-11-14 07:45 . 2009-04-25 06:34	81920	----a-w-	c:\documents and settings\term1\Application Data\ezpinst.exe 
  2009-11-14 07:45 . 2009-04-25 06:34	81920	----a-w-	c:\documents and settings\term1\Application Data\ezpinst.exe 
  2009-11-14 07:45 . 2009-04-25 06:34	47360	----a-w-	c:\windows\system32\drivers\pcouffin.sys 
  2009-11-14 07:45 . 2009-04-25 06:34	47360	----a-w-	c:\documents and settings\term1\Application Data\pcouffin.sys 
  2009-11-14 07:45 . 2009-04-25 06:34	47360	----a-w-	c:\documents and settings\term1\Application Data\pcouffin.sys 
  2009-11-14 05:10 . 2009-11-14 05:10	0	----a-w-	c:\windows\system32\1AD.tmp 
  2009-11-09 07:56 . 2008-11-29 12:24	--------	d-----w-	c:\program files\Messenger Plus! Live 
  2009-11-04 07:43 . 2008-12-29 11:53	--------	d-----w-	c:\program files\Java 
  2009-11-04 07:35 . 2009-03-20 13:46	--------	d-----w-	c:\program files\Google 
  2009-11-02 13:34 . 2009-06-10 08:01	--------	d-----w-	c:\program files\Your Uninstaller 2008 
  2009-11-02 12:23 . 2008-11-25 07:36	--------	d-----w-	c:\program files\Opera 
  2009-10-31 15:13 . 2009-06-16 06:35	4183416	----a-w-	c:\documents and settings\term1\Application Data\Move Networks\plugins\npqmp071503000010.dll 
  2009-10-22 07:29 . 2008-01-23 14:14	--------	d-----w-	c:\program files\Common Files\Adobe 
  2009-10-14 13:31 . 2009-08-25 14:27	95259	----a-w-	c:\windows\system32\drivers\klick.dat 
  2009-10-14 13:31 . 2009-08-25 14:27	108059	----a-w-	c:\windows\system32\drivers\klin.dat 
  2009-10-11 02:17 . 2008-12-29 11:53	411368	----a-w-	c:\windows\system32\deploytk.dll 
  2009-10-10 15:51 . 2009-10-10 15:51	--------	d-----w-	c:\program files\ConvertHelper 
  2009-10-07 13:04 . 2009-10-07 10:29	--------	d-----w-	c:\documents and settings\term1\Application Data\kikin 
  2009-10-07 06:26 . 2009-09-04 14:51	--------	d-----w-	c:\program files\Spreng- und Abriss-Simulator 
  2009-10-06 15:05 . 2009-10-06 14:49	--------	d-----w-	c:\documents and settings\term1\Application Data\LimeWire 
  2009-10-06 15:03 . 2009-10-06 15:03	0	----a-w-	c:\windows\system32\BF.tmp 
  2009-10-06 14:51 . 2009-10-06 14:51	7680	----a-w-	c:\documents and settings\term1\Application Data\Thinstall\LimeWire PRO 5.3.6\10000001000003i\ipconfig.exe 
  2009-10-05 15:08 . 2009-10-05 15:08	--------	d-----w-	c:\program files\WatermarkSoftware 
  2009-09-30 11:18 . 2009-09-30 11:18	--------	d-----w-	c:\program files\Microsoft 
  2009-09-25 16:31 . 2009-09-16 09:02	--------	d-----w-	c:\program files\Landwirtschafts-Simulator 2009 Demo 
  2009-09-25 16:03 . 2009-09-25 16:03	--------	d-----w-	c:\documents and settings\term1\Application Data\DAEMON Tools Pro 
  2009-09-23 07:10 . 2009-09-23 07:10	--------	d-----w-	c:\documents and settings\All Users\Application Data\Office Genuine Advantage 
  2009-09-23 07:10 . 2009-09-23 07:10	--------	d-----w-	c:\documents and settings\term1\Application Data\Office Genuine Advantage 
  2009-09-22 14:13 . 2009-03-16 14:09	--------	d-----w-	c:\documents and settings\term1\Application Data\Winamp 
  2009-09-22 13:52 . 2009-09-22 13:52	--------	d-----w-	c:\program files\Aiseesoft Studio 
  2009-09-22 13:34 . 2008-12-12 15:39	--------	d-----w-	c:\program files\XnView 
  2009-09-22 13:26 . 2009-03-18 15:01	--------	d-----w-	c:\program files\FlashFXP 
  2009-09-22 13:26 . 2009-01-31 13:55	--------	d-----w-	c:\program files\GoldWave 
  2009-09-22 13:25 . 2009-08-25 13:29	--------	d-----w-	c:\program files\Audacity 
  2009-09-22 13:23 . 2008-12-22 12:45	--------	d-----w-	c:\program files\Image Mender 
  2009-09-22 13:17 . 2009-09-22 12:28	--------	d-----w-	c:\documents and settings\term1\Application Data\Leawo 
  2009-09-22 13:10 . 2009-09-22 12:28	--------	d-----w-	c:\program files\Leawo 
  2009-09-11 14:18 . 1980-01-01 00:00	136192	----a-w-	c:\windows\system32\msv1_0.dll 
  2009-09-04 21:03 . 1980-01-01 00:00	58880	----a-w-	c:\windows\system32\msasn1.dll 
  2009-09-04 14:50 . 2009-09-04 14:50	268048	----a-w-	c:\windows\system32\dxtmeta2.dll 
  2009-09-04 14:45 . 2009-09-04 14:45	721904	----a-w-	c:\windows\system32\drivers\sptd.sys 
  2009-09-03 12:56 . 2009-09-03 12:56	2560	----a-w-	c:\windows\_MSRSTRT.EXE 
  2009-08-29 08:08 . 1980-01-01 00:00	916480	----a-w-	c:\windows\system32\wininet.dll 
  2009-08-26 08:00 . 1980-01-01 00:00	247326	----a-w-	c:\windows\system32\strmdll.dll 
  2009-08-25 14:43 . 2008-01-29 14:29	33808	----a-w-	c:\windows\system32\drivers\klbg.sys 
  2009-08-25 14:43 . 2009-08-25 14:43	109072	----a-w-	c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP8\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav8exec\8.0.0.506\mzvkbd3.dll 
  2009-08-25 14:43 . 2009-08-25 14:43	59920	----a-w-	c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP8\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav8exec\8.0.0.506\mzvkbd.dll 
  2009-08-25 14:43 . 2009-08-25 14:43	33808	----a-w-	c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP8\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav8exec\8.0.0.506\klbg.sys 
  2009-08-25 14:43 . 2009-08-25 14:43	208616	----a-w-	c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP8\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav8exec\8.0.0.506\avp.exe 
  2009-08-25 14:43 . 2009-08-25 14:43	226832	----a-w-	c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP8\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav8exec\8.0.0.506\XP\klif.sys 
  . 
   
  (((((((((((((((((((((((((((((((((((((   Reg Loading Points   )))))))))))))))))))))))))))))))))))))))))))))))))) 
  . 
  . 
  *Note* empty entries & legit default entries are not shown  
  REGEDIT4 
   
  [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks] 
  "{954155f1-68a2-4246-8ba7-3165a4eb213f}"= "c:\program files\TurkeyForum_Yeni\tbTur1.dll" [2009-11-03 2166296] 
   
  [HKEY_CLASSES_ROOT\clsid\{954155f1-68a2-4246-8ba7-3165a4eb213f}] 
   
  [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{04DE8C6E-B6BF-405E-ACAB-9877068E35Ad}] 
  2009-11-20 07:28	187904	----a-w-	c:\windows\system32\ddeml32.dll 
   
  [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{954155f1-68a2-4246-8ba7-3165a4eb213f}] 
  2009-11-03 10:38	2166296	----a-w-	c:\program files\TurkeyForum_Yeni\tbTur1.dll 
   
  [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] 
  "{954155f1-68a2-4246-8ba7-3165a4eb213f}"= "c:\program files\TurkeyForum_Yeni\tbTur1.dll" [2009-11-03 2166296] 
   
  [HKEY_CLASSES_ROOT\clsid\{954155f1-68a2-4246-8ba7-3165a4eb213f}] 
   
  [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser] 
  "{954155F1-68A2-4246-8BA7-3165A4EB213F}"= "c:\program files\TurkeyForum_Yeni\tbTur1.dll" [2009-11-03 2166296] 
   
  [HKEY_CLASSES_ROOT\clsid\{954155f1-68a2-4246-8ba7-3165a4eb213f}] 
   
  [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 
  "LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2007-11-19 2295072] 
  "Google Update"="c:\documents and settings\term1\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2009-06-30 133104] 
  "H/PC Connection Agent"="c:\program files\Microsoft ActiveSync\wcescomm.exe" [2006-06-26 1207080] 
  "DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2009-04-23 691656] 
   
  [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] 
  "Shockwave Updater"="c:\windows\system32\Adobe\Shockwave 11\SwHelper_1151601.exe" [2009-07-31 468408] 
   
  [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 
  "SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2007-07-10 1036288] 
  "IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-09-07 141848] 
  "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-09-07 166424] 
  "Persistence"="c:\windows\system32\igfxpers.exe" [2007-09-07 137752] 
  "atchk"="c:\program files\Intel\AMT\atchk.exe" [2007-06-07 408344] 
  "WinampAgent"="c:\program files\Winamp\winampa.exe" [2009-01-22 36352] 
  "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696] 
  "AVP"="c:\program files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe" [2009-08-25 208616] 
  "VMSnap3"="c:\windows\VMSnap3.exe" [2006-07-18 49152] 
  "Domino"="c:\windows\Domino.exe" [2006-07-04 49152] 
  "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288] 
  "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-11 149280] 
  "LayoutM"="KLayMgr.exe" - c:\windows\KLayMgr.exe [2004-08-26 45056] 
   
  [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] 
  "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360] 
   
  [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ckpNotify] 
  2004-07-13 20:14	24673	----a-w-	c:\windows\system32\ckpNotify.dll 
   
  [HKEY_LOCAL_MACHINE\software\microsoft\security center] 
  "AntiVirusOverride"=dword:00000001 
  "FirewallOverride"=dword:00000001 
   
  [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus] 
  "DisableMonitoring"=dword:00000001 
   
  [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] 
  "EnableFirewall"= 0 (0x0) 
   
  [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] 
  "c:\\Program Files\\CheckPoint\\SecuRemote\\bin\\SR_GUI.exe"= 
  "c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager 
  "c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager 
  "c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application 
  "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= 
   
  [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] 
  "3389:TCP"= 3389:TCP:*:Disabled:@xpsp2res.dll,-22009 
  "26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service 
   
  R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [29.01.2008 16:29 33808] 
  R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [04.09.2009 16:45 721904] 
  R1 Asapi;Asapi;c:\windows\system32\drivers\asapi.sys [12.01.2009 09:30 11264] 
  R2 Scap;SecureClient Application Policy Module;c:\windows\system32\drivers\scap.sys [23.01.2008 16:20 17456] 
  R2 UNS;Intel(R) Active Management Technology User Notification Service;c:\program files\Intel\AMT\UNS.exe [25.01.2008 08:21 2521880] 
  R2 VPN-1;VPN-1 Module;c:\windows\system32\drivers\vpn.sys [23.01.2008 16:20 670128] 
  R3 FW1;SecuRemote Miniport;c:\windows\system32\drivers\fw.sys [23.01.2008 16:21 2041904] 
  R3 KLFLTDEV;Kaspersky Lab KLFltDev;c:\windows\system32\drivers\klfltdev.sys [13.03.2008 17:02 26640] 
  R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [30.04.2008 16:06 24592] 
  S2 gupdate1c9a9624c8f6588;Google Update Service (gupdate1c9a9624c8f6588);c:\program files\Google\Update\GoogleUpdate.exe [20.03.2009 15:46 133104] 
  S3 HPKBCCID;HP Keyboard Smart Card Driver;c:\windows\system32\drivers\HPKBCCID.sys [25.01.2008 08:12 46976] 
  S3 OMVA;VPN-1 SecureClient Adapter;c:\windows\system32\drivers\OMVA.sys [23.01.2008 16:21 14924] 
  S3 STC2DFU;STCII DFU Adapter;c:\windows\system32\drivers\Stc2Dfu.sys [25.10.2004 00:04 7796] 
  S3 vvftav303;vvftav303;c:\windows\system32\drivers\vvftav303.sys [03.10.2009 15:02 480128] 
  S3 ZSMC0303;A4 TECH PC Camera H;c:\windows\system32\Drivers\usbVM303.sys --> c:\windows\system32\Drivers\usbVM303.sys [?] 
   
  --- Other Services/Drivers In Memory --- 
   
  *NewlyCreated* - CLASSPNP_2 
  *Deregistered* - CLASSPNP_2 
   
  [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}] 
  "c:\program files\Common Files\LightScribe\LSRunOnce.exe" 
  . 
  Contents of the 'Scheduled Tasks' folder 
   
  2009-11-20 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job 
  - c:\program files\Google\Update\GoogleUpdate.exe [2009-03-20 13:46] 
   
  2009-11-20 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job 
  - c:\program files\Google\Update\GoogleUpdate.exe [2009-03-20 13:46] 
   
  2009-11-20 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1960408961-1078145449-725345543-1003Core.job 
  - c:\documents and settings\term1\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-08-08 11:23] 
   
  2009-11-20 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1960408961-1078145449-725345543-1003UA.job 
  - c:\documents and settings\term1\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-08-08 11:23] 
  . 
  . 
  ------- Supplementary Scan ------- 
  . 
  uStart Page = about:blank 
  uInternet Settings,ProxyOverride = local 
  IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 
  IE: {{0F7195C2-6713-4d93-A1BC-DA5FA33F0A65} - {E601996F-E400-41CA-804B-CD6373A7EEE2} - c:\program files\kikin\ie_kikin.dll 
  DPF: {0FC8B38E-9293-424C-9D0E-CE60775679CF} - hxxps://sube.garanti.com.tr/lib/JaguarEditControl.CAB 
  DPF: {41861299-EAB2-4DCC-986C-802AE12AC499} - hxxp://pera/Reserved.ReportViewerWebControl.axd?ReportSession=fmyqfxmvoetneu555zwpyj45&ControlID=b7a636084f784c4bbb18811b0a783059&Culture=1055&UICulture=1055&ReportStack=1&OpType=PrintCab 
  . 
  - - - - ORPHANS REMOVED - - - - 
   
  BHO-{E601996F-E400-41CA-804B-CD6373A7EEE2} - c:\program files\kikin\ie_kikin.dll 
  HKCU-Run-DLD.EXE - c:\program files\Download Direct\DLD.exe 
  HKLM-Run-SpywareCease.exe - c:\program files\Spyware Cease\SpywareCease.exe 
  Notify-6cae463d684 - c:\windows\System32\d3d8thk32.dll 
  AddRemove-DAEMON Tools Toolbar - c:\program files\DAEMON Tools Toolbar\uninst.exe 
   
   
   
  ************************************************************************** 
   
  catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,http://www.gmer.net 
  Rootkit scan 2009-11-20 13:38 
  Windows 5.1.2600 Service Pack 3 NTFS 
   
  scanning hidden processes ...   
   
  scanning hidden autostart entries ...  
   
  scanning hidden files ...   
   
  scan completed successfully 
  hidden files: 0 
   
  ************************************************************************** 
   
  Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer,http://www.gmer.net 
   
  device: opened successfully 
  user: MBR read successfully 
  called modules: ntkrnlpa.exe catchme.sys CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys spvb.sys >>UNKNOWN [0x8A5D0938]<<  
  kernel: MBR read successfully 
  detected MBR rootkit hooks: 
  \Driver\Disk -> CLASSPNP.SYS @ 0xba0ecf28 
  \Driver\ACPI -> ACPI.sys @ 0xb9e66cb8 
  \Driver\atapi -> atapi.sys @ 0xb9dfbb40 
  IoDeviceObjectType -> DeleteProcedure -> ntkrnlpa.exe @ 0x805836a8 
   ParseProcedure -> ntkrnlpa.exe @ 0x805827e8 
  \Device\Harddisk0\DR0 -> DeleteProcedure -> ntkrnlpa.exe @ 0x805836a8 
   ParseProcedure -> ntkrnlpa.exe @ 0x805827e8 
  NDIS:  -> SendCompleteHandler -> 0x0 
   PacketIndicateHandler -> 0x0 
   SendHandler -> 0x0 
  user & kernel MBR OK  
  Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer,http://www.gmer.net 
   
  atapi.sys @ 0x0 0x0 bytes 
   
  \Driver\atapi [ IRP_MJ_CREATE ] 0xA6F2 != 0xB9DFBB40 atapi.sys 
  \Driver\atapi [ IRP_MJ_CLOSE ] 0xA6F2 != 0xB9DFBB40 atapi.sys 
  \Driver\atapi [ IRP_MJ_DEVICE_CONTROL ] 0xA712 != 0xB9DFBB40 atapi.sys 
  \Driver\atapi [ IRP_MJ_INTERNAL_DEVICE_CONTROL ] 0x6852 != 0xB9DFBB40 atapi.sys 
  \Driver\atapi [ IRP_MJ_POWER ] 0xA73C != 0xB9DFBB40 atapi.sys 
  \Driver\atapi [ IRP_MJ_SYSTEM_CONTROL ] 0x11336 != 0xB9DFBB40 atapi.sys 
  \Driver\atapi IRP hooks detected ! 
   
  ************************************************************************** 
  . 
  --------------------- LOCKED REGISTRY KEYS --------------------- 
   
  [HKEY_USERS\S-1-5-21-1960408961-1078145449-725345543-1003\Software\Local AppWizard-Generated Applications\S*T*B*L*i*n*k*_*2*.*0*1* *D*ü*z*e*n*l*e*m*e* *v*e* *Ç*e*v*i*r*i*:*T*a*s*a*r*1
m*"!\Recent File List] 
  "File1"="c:\\Documents and Settings\\term1\\My Documents\\yedek\\My Documents\\next ye 2000 cx s.plus\\PROGRAM\\UserDataBase_12042008_2.UDB" 
  "File2"="c:\\Documents and Settings\\term1\\My Documents\\yedek\\My Documents\\next ye 2000 cx s.plus\\PROGRAM\\UserDataBase_12042008_1.UDB" 
  . 
  --------------------- DLLs Loaded Under Running Processes --------------------- 
   
  - - - - - - - > 'explorer.exe'(3332) 
  c:\windows\system32\WININET.dll 
  c:\windows\system32\ieframe.dll 
  c:\windows\system32\webcheck.dll 
  . 
  Completion time: 2009-11-20 13:40 
  ComboFix-quarantined-files.txt  2009-11-20 11:40 
   
  Pre-Run: 131.032.530.944 bytes free 
  Post-Run: 130.987.986.944 bytes free 
   
  WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe 
  [boot loader] 
  timeout=2 
  default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS 
  [operating systems] 
  c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons 
  multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect 
   
  - - End Of File - - 2FB367F2CEB40F213376AFAA26302212