HijackThis. Performans + Güvenlik! (Virüslerden kurtulun). 500.000+ (482. sayfa)

Logfile of Trend Micro HijackThis v2.0.2 
  Scan saved at 12:35:24, on 05.05.2010 
  Platform: Windows XP SP3 (WinNT 5.01.2600) 
  MSIE: Internet Explorer v8.00 (8.00.6001.18702) 
  Boot mode: Normal 
   
  Running processes: 
  C:\WINDOWS\System32\smss.exe 
  C:\WINDOWS\system32\winlogon.exe 
  C:\WINDOWS\system32\services.exe 
  C:\WINDOWS\system32\lsass.exe 
  C:\WINDOWS\system32\Ati2evxx.exe 
  C:\WINDOWS\system32\svchost.exe 
  C:\Program Files\Windows Defender\MsMpEng.exe 
  C:\WINDOWS\System32\svchost.exe 
  C:\WINDOWS\system32\Ati2evxx.exe 
  C:\WINDOWS\system32\spoolsv.exe 
  C:\WINDOWS\Explorer.EXE 
  C:\Program Files\ESET\ESET Smart Security\egui.exe 
  C:\WINDOWS\system32\ctfmon.exe 
  C:\Program Files\Bonjour\mDNSResponder.exe 
  C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe 
  C:\Program Files\ESET\ESET Smart Security\ekrn.exe 
  C:\Program Files\Java\jre6\bin\jqs.exe 
  C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe 
  C:\WINDOWS\system32\svchost.exe 
  C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe 
  C:\WINDOWS\system32\mqsvc.exe 
  C:\Program Files\Canon\CAL\CALMAIN.exe 
  C:\WINDOWS\system32\mqtgsvc.exe 
  C:\WINDOWS\system32\wbem\wmiapsrv.exe 
  C:\Program Files\uTorrent\uTorrent.exe 
  C:\Program Files\Mozilla Firefox\firefox.exe 
  C:\Documents and Settings\Işıl & Alper\Desktop\HiJackThis.exe 
   
  R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank 
  R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =http://www.yahoo.com/?fr=fp-yma3 
  R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =http://go.microsoft.com/fwlink/?LinkId=54896 
  R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =http://go.microsoft.com/fwlink/?LinkId=54896 
  R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =http://www.yahoo.com/?fr=fp-yma3 
  R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext =http://www.hp.com/ 
  R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local 
  R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Bağlantılar 
  O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file) 
  O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll 
  O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) 
  O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll 
  O2 - BHO: Windows Live Oturum Açma Yardım Aracı - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll 
  O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll 
  O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll 
  O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll 
  O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll 
  O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice 
  O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe 
  O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe" 
  O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE') 
  O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE') 
  O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') 
  O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') 
  O8 - Extra context menu item: Microsoft Excel'e Gö&nder - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000 
  O9 - Extra button: Bunu Bloga Al - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll 
  O9 - Extra 'Tools' menuitem: Windows Live Writer içinde &Bunu Web Günlüğüne Al - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll 
  O9 - Extra button: Araştır - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL 
  O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe 
  O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe 
  O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe 
  O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe 
  O14 - IERESET.INF: START_PAGE_URL=http://www.hp.com 
  O16 - DPF: {0FC8B38E-9293-424C-9D0E-CE60775679CF} (SubClassEditCtrlContainer Class) -https://sube.garanti.com.tr/lib/JaguarEditControl.CAB 
  O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1243936722865 
  O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) -http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1244008155421 
  O16 - DPF: {BD966829-738E-471C-AB53-2A0008D161E7} (TebEdit Control) -https://esube.teb.com.tr/bireysel/TebEdit.cab 
  O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) -http://wwwimages.adobe.com/www.adobe.com/products/acrobat/nos/gp.cab 
  O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe 
  O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe 
  O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe 
  O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe 
  O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe 
  O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe 
  O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe 
  O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe 
  O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - c:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe 
  O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe 
  O23 - Service: PC Angel (PCA) - SoftThinks - C:\WINDOWS\SMINST\PCAngel.exe 
   
  -- 
  End of file - 7068 bytes 
  

 
  Logfile of Trend Micro HijackThis v2.0.2 
  Scan saved at 11:21:10, on 5/7/2010 
  Platform: Windows XP SP2 (WinNT 5.01.2600) 
  MSIE: Internet Explorer v8.00 (8.00.6001.18702) 
  Boot mode: Normal 
   
  Running processes: 
  C:\WINDOWS\System32\smss.exe 
  C:\WINDOWS\system32\winlogon.exe 
  C:\WINDOWS\system32\services.exe 
  C:\WINDOWS\system32\lsass.exe 
  C:\WINDOWS\system32\Ati2evxx.exe 
  C:\WINDOWS\system32\svchost.exe 
  C:\WINDOWS\System32\svchost.exe 
  C:\Program Files\Intel\Wireless\Bin\EvtEng.exe 
  C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe 
  C:\WINDOWS\system32\spoolsv.exe 
  C:\WINDOWS\system32\ASWLSVC.exe 
  C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe 
  C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe 
  C:\Program Files\Intel\Wireless\Bin\OProtSvc.exe 
  C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe 
  C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe 
  C:\WINDOWS\system32\svchost.exe 
  C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe 
  C:\WINDOWS\system32\Ati2evxx.exe 
  C:\WINDOWS\Explorer.EXE 
  C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe 
  C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe 
  C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe 
  C:\Program Files\Analog Devices\SoundMAX\Smax4.exe 
  C:\WINDOWS\AGRSMMSG.exe 
  C:\Program Files\Synaptics\SynTP\SynTPLpr.exe 
  C:\Program Files\Synaptics\SynTP\SynTPEnh.exe 
  C:\Program Files\ASUS\WLAN Card Utilities\Center.exe 
  C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe 
  C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe 
  C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe 
  C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe 
  C:\WINDOWS\system32\ctfmon.exe 
  C:\WINDOWS\system32\taskmgr.exe 
  C:\WINDOWS\system32\wscntfy.exe 
  C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe 
  C:\Program Files\Mozilla Firefox\firefox.exe 
  C:\WINDOWS\system32\rundll32.exe 
  C:\WINDOWS\system32\defrag.exe 
  C:\Documents and Settings\ss\Belgelerim\Karşıdan Yüklenenler\HiJackThis.exe 
   
  R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =http://go.microsoft.com/fwlink/?LinkId=69157 
  R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =http://go.microsoft.com/fwlink/?LinkId=54896 
  R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =http://go.microsoft.com/fwlink/?LinkId=54896 
  R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =http://go.microsoft.com/fwlink/?LinkId=69157 
  R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Bağlantılar 
  O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll 
  O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) 
  O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll 
  O2 - BHO: Windows Live Oturum Açma Yardım Aracı - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll 
  O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll 
  O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll 
  O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll 
  O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe 
  O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe 
  O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray 
  O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe 
  O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe 
  O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe 
  O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe 
  O4 - HKLM\..\Run: [Control Center] C:\Program Files\ASUS\WLAN Card Utilities\Center.exe 
  O4 - HKLM\..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless 
  O4 - HKLM\..\Run: [EOUApp] C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe 
  O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" 
  O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice 
  O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" 
  O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe 
  O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background 
  O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe 
  O4 - HKCU\..\Run: [SMSNews] C:\Program Files\SMS Makinesi\SMS Makinesi\SMSMakinesiINFO.exe 
  O4 - HKCU\..\Run: [AUTOSMS] C:\Program Files\SMS Makinesi\SMS Makinesi\SMSMakinesiOTOMSG.exe 
  O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html 
  O8 - Extra context menu item: Microsoft Excel'e &Ver - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 
  O8 - Extra context menu item: Microsoft Excel'e Gö&nder - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 
  O9 - Extra button: OneNote'a Gönder - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll 
  O9 - Extra 'Tools' menuitem: OneNote'a G&önder - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll 
  O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL 
  O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1260863944733 
  O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) -http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1271681998845 
  O16 - DPF: {D5D17C21-1719-4640-B0B2-4F3262419920} (JaguarEditControl-ISBANK) -https://www.isbank.com.tr/Internet/lib/JaguarEdit4ISBv27.CAB 
  O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} -http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab 
  O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} (Windows Live Hotmail Photo Upload Tool) -http://gfx1.hotmail.com/mail/w4/pr01/photouploadcontrol/MSNPUpld.cab 
  O17 - HKLM\System\CCS\Services\Tcpip\..\{7E964D74-D3B2-49C3-8CF6-23A05EFF4121}: NameServer = 4.2.2.4,4.2.2.2 
  O17 - HKLM\System\CCS\Services\Tcpip\..\{AD75C857-4B56-492F-8341-0FAE4BDB84C9}: NameServer = 4.2.2.3,4.2.2.4 
  O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll 
  O23 - Service: ASWLSVC - Unknown owner - C:\WINDOWS\system32\ASWLSVC.exe 
  O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe 
  O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe 
  O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe 
  O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe 
  O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe 
  O23 - Service: OwnershipProtocol - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\OProtSvc.exe 
  O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe 
  O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation  - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe 
  O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe 
   
  -- 
  End of file - 8026 bytes 
   
  

 
  a-squared Ücretsiz - Sürüm 4.5 
  En son güncelleme: 5/7/2010 13:03:29 
   
  Tarama ayarları: 
   
  Tarama türü: Derin Tarama 
  Nesneler: Hafıza, İzler, Çerezler, C:\ 
  Tarama arşivi: Açık 
  Yöntemler: Kapalı 
  ADS Tara: Açık 
   
  Tarama başlangıcı:	5/7/2010 13:06:11 
   
  c:\documents and settings\networkservice\local settings\temp\perflib_perfdata_288.dat 	Algılandı: Trace.File.StarwareToolbar!A2 
  Value: HKEY_CLASSES_ROOT\CLSID\{0C1F87AE-AE62-11D3-911C-00105A17B608}\InprocServer32 --> ThreadingModel 	Algılandı: Trace.Registry.SpyPc 8.0!A2 
  Value: HKEY_CLASSES_ROOT\CLSID\{371D0743-7A57-11D2-AD5A-00105A17B608}\InprocServer32 --> ThreadingModel 	Algılandı: Trace.Registry.SpyPc 8.0!A2 
  Value: HKEY_CLASSES_ROOT\CLSID\{4F99A075-5227-11D2-AD06-00105A17B608}\InprocServer32 --> ThreadingModel 	Algılandı: Trace.Registry.SpyPc 8.0!A2 
  Value: HKEY_CLASSES_ROOT\CLSID\{B22FE43C-D1E8-432A-A862-9F83D5F04732}\InprocServer32 --> ThreadingModel 	Algılandı: Trace.Registry.SpyPc 8.0!A2 
  Value: HKEY_CLASSES_ROOT\CLSID\{CA4FC24B-C65C-11D1-AA6F-000000000000}\InprocServer32 --> ThreadingModel 	Algılandı: Trace.Registry.SpyPc 8.0!A2 
  Value: HKEY_CLASSES_ROOT\CLSID\{DDD136CE-517B-11D2-AD03-00105A17B608}\InprocServer32 --> ThreadingModel 	Algılandı: Trace.Registry.SpyPc 8.0!A2 
  Value: HKEY_CLASSES_ROOT\CLSID\{E9D55102-9683-11D2-BA68-0040053687FE}\InprocServer32 --> ThreadingModel 	Algılandı: Trace.Registry.SpyPc 8.0!A2 
  Value: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0C1F87AE-AE62-11D3-911C-00105A17B608}\InprocServer32 --> ThreadingModel 	Algılandı: Trace.Registry.SpyPc 8.0!A2 
  Value: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{371D0743-7A57-11D2-AD5A-00105A17B608}\InprocServer32 --> ThreadingModel 	Algılandı: Trace.Registry.SpyPc 8.0!A2 
  Value: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4F99A075-5227-11D2-AD06-00105A17B608}\InprocServer32 --> ThreadingModel 	Algılandı: Trace.Registry.SpyPc 8.0!A2 
  Value: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B22FE43C-D1E8-432A-A862-9F83D5F04732}\InprocServer32 --> ThreadingModel 	Algılandı: Trace.Registry.SpyPc 8.0!A2 
  Value: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CA4FC24B-C65C-11D1-AA6F-000000000000}\InprocServer32 --> ThreadingModel 	Algılandı: Trace.Registry.SpyPc 8.0!A2 
  Value: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DDD136CE-517B-11D2-AD03-00105A17B608}\InprocServer32 --> ThreadingModel 	Algılandı: Trace.Registry.SpyPc 8.0!A2 
  Value: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E9D55102-9683-11D2-BA68-0040053687FE}\InprocServer32 --> ThreadingModel 	Algılandı: Trace.Registry.SpyPc 8.0!A2 
  C:\Documents and Settings\ss\Cookies\ss@247realmedia[1].txt 	Algılandı: Trace.TrackingCookie.247realmedia!A2 
  C:\Documents and Settings\ss\Cookies\ss@2o7[2].txt 	Algılandı: Trace.TrackingCookie.2o7!A2 
  C:\Documents and Settings\ss\Cookies\ss@2o7[3].txt 	Algılandı: Trace.TrackingCookie.2o7!A2 
  C:\Documents and Settings\ss\Cookies\ss@adtech[1].txt 	Algılandı: Trace.TrackingCookie.adtech!A2 
  C:\Documents and Settings\ss\Cookies\ss@advertising[1].txt 	Algılandı: Trace.TrackingCookie.advertising!A2 
  C:\Documents and Settings\ss\Cookies\ss@advertising[3].txt 	Algılandı: Trace.TrackingCookie.advertising!A2 
  C:\Documents and Settings\ss\Cookies\ss@atn.com[2].txt 	Algılandı: Trace.TrackingCookie.atn.com!A2 
  C:\Documents and Settings\ss\Cookies\ss@bluestreak[2].txt 	Algılandı: Trace.TrackingCookie.bluestreak!A2 
  C:\Documents and Settings\ss\Cookies\ss@bluestreak[3].txt 	Algılandı: Trace.TrackingCookie.bluestreak!A2 
  C:\Documents and Settings\ss\Cookies\ss@bs.serving-sys[2].txt 	Algılandı: Trace.TrackingCookie.bs.serving-sys!A2 
  C:\Documents and Settings\ss\Cookies\ss@burstnet[2].txt 	Algılandı: Trace.TrackingCookie.burstnet!A2 
  C:\Documents and Settings\ss\Cookies\ss@doubleclick[1].txt 	Algılandı: Trace.TrackingCookie.doubleclick!A2 
  C:\Documents and Settings\ss\Cookies\ss@doubleclick[2].txt 	Algılandı: Trace.TrackingCookie.doubleclick!A2 
  C:\Documents and Settings\ss\Cookies\ss@ehg-cisco.hitbox[1].txt 	Algılandı: Trace.TrackingCookie.ehg-cisco.hitbox!A2 
  C:\Documents and Settings\ss\Cookies\ss@ehg-nokiafin.hitbox[2].txt 	Algılandı: Trace.TrackingCookie.ehg-nokiafin.hitbox!A2 
  C:\Documents and Settings\ss\Cookies\ss@fastclick[1].txt 	Algılandı: Trace.TrackingCookie.fastclick!A2 
  C:\Documents and Settings\ss\Cookies\ss@fastclick[2].txt 	Algılandı: Trace.TrackingCookie.fastclick!A2 
  C:\Documents and Settings\ss\Cookies\ss@google.com[1].txt 	Algılandı: Trace.TrackingCookie.google.com!A2 
  C:\Documents and Settings\ss\Cookies\ss@google.com[2].txt 	Algılandı: Trace.TrackingCookie.google.com!A2 
  C:\Documents and Settings\ss\Cookies\ss@google.com[3].txt 	Algılandı: Trace.TrackingCookie.google.com!A2 
  C:\Documents and Settings\ss\Cookies\ss@google.com[4].txt 	Algılandı: Trace.TrackingCookie.google.com!A2 
  C:\Documents and Settings\ss\Cookies\ss@google.com[5].txt 	Algılandı: Trace.TrackingCookie.google.com!A2 
  C:\Documents and Settings\ss\Cookies\ss@google.com[6].txt 	Algılandı: Trace.TrackingCookie.google.com!A2 
  C:\Documents and Settings\ss\Cookies\ss@google.com[8].txt 	Algılandı: Trace.TrackingCookie.google.com!A2 
  C:\Documents and Settings\ss\Cookies\ss@hitbox[1].txt 	Algılandı: Trace.TrackingCookie.hitbox!A2 
  C:\Documents and Settings\ss\Cookies\ss@mediaplex[2].txt 	Algılandı: Trace.TrackingCookie.mediaplex!A2 
  C:\Documents and Settings\ss\Cookies\ss@mediaplex[3].txt 	Algılandı: Trace.TrackingCookie.mediaplex!A2 
  C:\Documents and Settings\ss\Cookies\ss@pointroll[1].txt 	Algılandı: Trace.TrackingCookie.pointroll!A2 
  C:\Documents and Settings\ss\Cookies\ss@pointroll[2].txt 	Algılandı: Trace.TrackingCookie.pointroll!A2 
  C:\Documents and Settings\ss\Cookies\ss@pro-market[2].txt 	Algılandı: Trace.TrackingCookie.pro-market!A2 
  C:\Documents and Settings\ss\Cookies\ss@questionmarket[2].txt 	Algılandı: Trace.TrackingCookie.questionmarket!A2 
  C:\Documents and Settings\ss\Cookies\ss@serving-sys[1].txt 	Algılandı: Trace.TrackingCookie.serving-sys!A2 
  C:\Documents and Settings\ss\Cookies\ss@serving-sys[2].txt 	Algılandı: Trace.TrackingCookie.serving-sys!A2 
  C:\Documents and Settings\ss\Cookies\ss@serving-sys[4].txt 	Algılandı: Trace.TrackingCookie.serving-sys!A2 
  C:\Documents and Settings\ss\Cookies\ss@smartadserver[1].txt 	Algılandı: Trace.TrackingCookie.smartadserver!A2 
  C:\Documents and Settings\ss\Cookies\ss@smartadserver[2].txt 	Algılandı: Trace.TrackingCookie.smartadserver!A2 
  C:\Documents and Settings\ss\Cookies\ss@specificclick[1].txt 	Algılandı: Trace.TrackingCookie.specificclick!A2 
  C:\Documents and Settings\ss\Cookies\ss@specificclick[2].txt 	Algılandı: Trace.TrackingCookie.specificclick!A2 
  C:\Documents and Settings\ss\Cookies\ss@statcounter[1].txt 	Algılandı: Trace.TrackingCookie.statcounter!A2 
  C:\Documents and Settings\ss\Cookies\ss@statcounter[3].txt 	Algılandı: Trace.TrackingCookie.statcounter!A2 
  C:\Documents and Settings\ss\Cookies\ss@statse.webtrendslive[2].txt 	Algılandı: Trace.TrackingCookie.statse.webtrendslive!A2 
  C:\Documents and Settings\ss\Cookies\ss@tradedoubler[2].txt 	Algılandı: Trace.TrackingCookie.tradedoubler!A2 
  C:\Documents and Settings\ss\Cookies\ss@tribalfusion[1].txt 	Algılandı: Trace.TrackingCookie.tribalfusion!A2 
  C:\Documents and Settings\ss\Cookies\ss@tribalfusion[3].txt 	Algılandı: Trace.TrackingCookie.tribalfusion!A2 
  C:\Documents and Settings\ss\Cookies\ss@windowsmedia[1].txt 	Algılandı: Trace.TrackingCookie.windowsmedia!A2 
  C:\Documents and Settings\ss\Application Data\Mozilla\Firefox\Profiles\vg4mqwkf.default\cookies.sqlite:1250109041102024 	Algılandı: Trace.TrackingCookie.adbrite.com!A2 
  C:\Documents and Settings\ss\Application Data\Mozilla\Firefox\Profiles\vg4mqwkf.default\cookies.sqlite:1250109041102025 	Algılandı: Trace.TrackingCookie.adbrite.com!A2 
  C:\Documents and Settings\ss\Application Data\Mozilla\Firefox\Profiles\vg4mqwkf.default\cookies.sqlite:1250109041102026 	Algılandı: Trace.TrackingCookie.adbrite.com!A2 
  C:\Documents and Settings\ss\Application Data\Mozilla\Firefox\Profiles\vg4mqwkf.default\cookies.sqlite:1250109041102073 	Algılandı: Trace.TrackingCookie.doubleclick.net!A2 
  C:\Documents and Settings\ss\Application Data\Mozilla\Firefox\Profiles\vg4mqwkf.default\cookies.sqlite:1273219598961000 	Algılandı: Trace.TrackingCookie.ad.e-kolay.net!A2 
  C:\System Volume Information\_restore{6753F5E9-0ABF-4D1E-81F7-3F00B59BAC30}\RP172\A0051568.exe 	Algılandı: HackTool.Win32.Jakuz!IK 
  C:\System Volume Information\_restore{6753F5E9-0ABF-4D1E-81F7-3F00B59BAC30}\RP177\A0051844.exe 	Algılandı: HackTool.Win32.Jakuz!IK 
  C:\System Volume Information\_restore{6753F5E9-0ABF-4D1E-81F7-3F00B59BAC30}\RP177\A0051877.exe/bad_cd_repair_pro_install.exe 	Algılandı: Riskware.AdTool.Win32.WhenU!IK 
  C:\System Volume Information\_restore{6753F5E9-0ABF-4D1E-81F7-3F00B59BAC30}\RP177\A0051905.exe 	Algılandı: Trojan.Win32.Refroso!IK 
  C:\System Volume Information\_restore{6753F5E9-0ABF-4D1E-81F7-3F00B59BAC30}\RP177\A0051977.exe/cd_install_247.exe 	Algılandı: Application.Cydoor!IK 
   
  Tarandı 
   
  Dosyalar: 	106319 
  İzler: 	675221 
  Çerezler: 	1650 
  İşlemler: 	47 
   
  Bulundu 
   
  Dosyalar: 	6 
  İzler: 	15 
  Çerezler: 	50 
  İşlemler: 	0 
  Kayıt anahtarları: 	0 
   
  Tarama sonu:	5/7/2010 17:55:59 
  Tarama süresi:	4:49:48 
   
  C:\System Volume Information\_restore{6753F5E9-0ABF-4D1E-81F7-3F00B59BAC30}\RP177\A0051977.exe/cd_install_247.exe	Karantinada Application.Cydoor!IK 
  C:\System Volume Information\_restore{6753F5E9-0ABF-4D1E-81F7-3F00B59BAC30}\RP177\A0051905.exe	Karantinada Trojan.Win32.Refroso!IK 
  C:\System Volume Information\_restore{6753F5E9-0ABF-4D1E-81F7-3F00B59BAC30}\RP172\A0051568.exe	Karantinada HackTool.Win32.Jakuz!IK 
  C:\System Volume Information\_restore{6753F5E9-0ABF-4D1E-81F7-3F00B59BAC30}\RP177\A0051844.exe	Karantinada HackTool.Win32.Jakuz!IK 
   
  Karantinada 
   
  Dosyalar: 	4 
  İzler: 	0 
  Çerezler: 	0 
   
  

Logfile of Trend Micro HijackThis v2.0.2 
  Scan saved at 13:06:27, on 08.05.2010 
  Platform: Windows XP SP3 (WinNT 5.01.2600) 
  MSIE: Internet Explorer v8.00 (8.00.6001.18702) 
  Boot mode: Normal 
   
  Running processes: 
  C:\WINDOWS\System32\smss.exe 
  C:\WINDOWS\system32\winlogon.exe 
  C:\WINDOWS\system32\services.exe 
  C:\WINDOWS\system32\lsass.exe 
  C:\WINDOWS\system32\svchost.exe 
  C:\WINDOWS\System32\svchost.exe 
  C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe 
  C:\WINDOWS\system32\svchost.exe 
  C:\WINDOWS\system32\spoolsv.exe 
  C:\Program Files\Avira\AntiVir Desktop\sched.exe 
  C:\WINDOWS\System32\svchost.exe 
  C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe 
  C:\Program Files\Java\jre6\bin\jqs.exe 
  C:\Program Files\RALINK\Common\RalinkRegistryWriter.exe 
  C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe 
  C:\WINDOWS\system32\wbem\wmiapsrv.exe 
  C:\WINDOWS\Explorer.EXE 
  C:\Program Files\EeePC\ACPI\AsTray.exe 
  C:\WINDOWS\RTHDCPL.EXE 
  C:\WINDOWS\system32\igfxext.exe 
  C:\WINDOWS\system32\igfxsrvc.exe 
  C:\Program Files\EeePC\ACPI\AsEPCMon.exe 
  C:\Program Files\EeePC\ACPI\AsAcpiSvr.exe 
  C:\Program Files\Avira\AntiVir Desktop\avgnt.exe 
  C:\WINDOWS\system32\ctfmon.exe 
  C:\Documents and Settings\Kutay Can Ağır\Local Settings\Application Data\Google\Chrome\Application\chrome.exe 
  C:\Documents and Settings\Kutay Can Ağır\Local Settings\Application Data\Google\Chrome\Application\chrome.exe 
  C:\Documents and Settings\Kutay Can Ağır\Local Settings\Application Data\Google\Chrome\Application\chrome.exe 
  C:\Program Files\Avira\AntiVir Desktop\avfwsvc.exe 
  C:\Program Files\Avira\AntiVir Desktop\avguard.exe 
  C:\Program Files\Avira\AntiVir Desktop\avshadow.exe 
  C:\Program Files\Avira\AntiVir Desktop\avmailc.exe 
  C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE 
  C:\Program Files\Avira\AntiVir Desktop\avscan.exe 
  C:\Program Files\Asus\2Ghz Overclocker\eeectl.exe 
  C:\WINDOWS\System32\vssvc.exe 
  C:\WINDOWS\system32\dllhost.exe 
  C:\WINDOWS\system32\dllhost.exe 
  C:\Documents and Settings\Kutay Can Ağır\Local Settings\Application Data\Google\Chrome\Application\chrome.exe 
  C:\Documents and Settings\Kutay Can Ağır\Local Settings\Application Data\Google\Chrome\Application\chrome.exe 
  C:\Documents and Settings\Kutay Can Ağır\Local Settings\Application Data\Google\Chrome\Application\chrome.exe 
  C:\Documents and Settings\Kutay Can Ağır\Local Settings\Application Data\Google\Chrome\Application\chrome.exe 
  C:\Documents and Settings\Kutay Can Ağır\Belgelerim\Downloads\HiJackThis.exe 
   
  R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =http://go.microsoft.com/fwlink/?LinkId=54896 
  R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank 
  R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =http://go.microsoft.com/fwlink/?LinkId=69157 
  R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =http://go.microsoft.com/fwlink/?LinkId=54896 
  R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =http://go.microsoft.com/fwlink/?LinkId=54896 
  R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =http://go.microsoft.com/fwlink/?LinkId=69157 
  R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =  
  R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =  
  R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =  
  R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =  
  R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local 
  R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Bağlantılar 
  O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file) 
  O2 - BHO: Adobe PDF Reader Bağı Yardımı - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll 
  O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll 
  O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) 
  O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll 
  O2 - BHO: Windows Live Oturum Açma Yardım Aracı - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll 
  O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll 
  O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll 
  O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll 
  O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll 
  O4 - HKLM\..\Run: [AsusTray] C:\Program Files\EeePC\ACPI\AsTray.exe 
  O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE 
  O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE 
  O4 - HKLM\..\Run: [AsusEPCMonitor] C:\Program Files\EeePC\ACPI\AsEPCMon.exe 
  O4 - HKLM\..\Run: [AsusACPIServer] C:\Program Files\EeePC\ACPI\AsAcpiSvr.exe 
  O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min 
  O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe 
  O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE') 
  O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE') 
  O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') 
  O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') 
  O8 - Extra context menu item: Download using LeechGet - file://C:\Program Files\LeechGet 2009\\AddUrl.html 
  O8 - Extra context menu item: Download using LeechGet Wizard - file://C:\Program Files\LeechGet 2009\\Wizard.html 
  O8 - Extra context menu item: Parse with LeechGet - file://C:\Program Files\LeechGet 2009\\Parser.html 
  O9 - Extra button: Bunu Bloga Al - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll 
  O9 - Extra 'Tools' menuitem: Windows Live Writer içinde &Bunu Web Günlüğüne Al - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll 
  O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll 
  O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm 
  O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm 
  O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe 
  O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe 
  O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe 
  O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe 
  O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) -http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab 
  O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1229862858625 
  O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) -http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1229862547906 
  O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) -http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab 
  O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) -http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab 
  O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) -http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab 
  O17 - HKLM\System\CCS\Services\Tcpip\..\{7D3A3FDF-2013-48F4-8B66-2F5BC43A66A4}: NameServer = 8.8.8.8,8.8.4.4 
  O17 - HKLM\System\CS3\Services\Tcpip\Parameters: NameServer = 85.255.116.148,85.255.112.10 
  O17 - HKLM\System\CS3\Services\Tcpip\..\{28AE57B6-4FE5-4475-83A0-544709BBB98E}: NameServer = 85.255.116.148,85.255.112.10 
  O17 - HKLM\System\CS4\Services\Tcpip\Parameters: NameServer = 85.255.114.34,85.255.112.9 
  O17 - HKLM\System\CS5\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222  
  O17 - HKLM\System\CS6\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222  
  O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222  
  O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL 
  O23 - Service: Avira Firewall (AntiVirFirewallService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avfwsvc.exe 
  O23 - Service: Avira AntiVir MailGuard (AntiVirMailService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avmailc.exe 
  O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe 
  O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe 
  O23 - Service: Avira AntiVir WebGuard (AntiVirWebService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE 
  O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe 
  O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe 
  O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe 
  O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\WINDOWS\system32\GameMon.des.exe (file missing) 
  O23 - Service: Ralink Registry Writer (RalinkRegistryWriter) - Ralink Technology, Corp. - C:\Program Files\RALINK\Common\RalinkRegistryWriter.exe 
   
  -- 
  End of file - 10346 bytes

 
  Logfile of Trend Micro HijackThis v2.0.2 
  Scan saved at 16:00 Mehmet, on 08.05.2010 
  Platform: Windows Vista  (WinNT 6.00.1904) 
  MSIE: Internet Explorer v7.00 (7.00.6000.16386) 
  Boot mode: Normal 
   
  Running processes: 
  C:\Windows\system32\Dwm.exe 
  C:\Windows\system32\taskeng.exe 
  C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe 
  C:\Program Files\Mozilla Firefox\firefox.exe 
  C:\Windows\system32\igfxsrvc.exe 
  C:\Windows\system32\rserver30\FamItrfc.Exe 
  C:\Windows\system32\Taskmgr.exe 
  C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtblfs.exe 
  C:\Program Files\Windows Media Player\wmpnscfg.exe 
  C:\Users\ramazan\Desktop\HiJackThis.exe 
   
  R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =http://go.microsoft.com/fwlink/?LinkId=54896 
  R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =http://go.microsoft.com/fwlink/?LinkId=69157 
  R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =http://go.microsoft.com/fwlink/?LinkId=54896 
  R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =http://go.microsoft.com/fwlink/?LinkId=54896 
  R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =http://go.microsoft.com/fwlink/?LinkId=69157 
  R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =  
  R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =  
  R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http= 
  R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local 
  R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =  
  O1 - Hosts: s127.0.0.1 localhost 
  O1 - Hosts: Youtube Jacker 4 :) 
  O1 - Hosts: 209.85.229.100 www.youtube.com 
  O1 - Hosts: 209.85.229.100 youtube.com 
  O1 - Hosts: 209.85.229.100 tr.youtube.com 
  O1 - Hosts: 209.85.229.100 fr.youtube.com 
  O1 - Hosts: 209.85.229.100 au.youtube.com 
  O1 - Hosts: 209.85.229.100 ca.youtube.com 
  O1 - Hosts: 208.117.236.71 m.youtube.com 
  O1 - Hosts: 74.125.65.118 img.youtube.com 
  O1 - Hosts: 209.85.165.102 gdata.youtube.com 
  O1 - Hosts: 208.117.236.71 ru.youtube.com 
  O1 - Hosts: 208.117.236.70 youtube.com 
  O1 - Hosts: 74.125.65.118 img.youtube.com 
  O1 - Hosts: 88.255.41.21 fr.youtube.com 
  O1 - Hosts: 88.255.41.21 www.fr.youtube.com 
  O1 - Hosts: 74.125.95.138 de.youtube.com 
  O1 - Hosts: 209.85.129.104 help.youtube.com 
  O1 - Hosts: 209.85.129.104 www.help.youtube.com 
  O1 - Hosts: 74.125.13.80 v1.lscache1.c.youtube.com 
  O1 - Hosts: 74.125.0.147 v2.lscache1.c.youtube.com 
  O1 - Hosts: 74.125.13.86 v3.lscache1.c.youtube.com 
  O1 - Hosts: 74.125.13.89 v4.lscache1.c.youtube.com 
  O1 - Hosts: 74.125.13.92 v5.lscache1.c.youtube.com 
  O1 - Hosts: 74.125.13.95 v6.lscache1.c.youtube.com 
  O1 - Hosts: 74.125.13.98 v7.lscache1.c.youtube.com 
  O1 - Hosts: 74.125.13.101 v8.lscache1.c.youtube.com 
  O1 - Hosts: 74.125.97.17 v9.lscache1.c.youtube.com 
  O1 - Hosts: 74.125.97.84 v10.lscache1.c.youtube.com 
  O1 - Hosts: 74.125.13.87 v11.lscache1.c.youtube.com 
  O1 - Hosts: 74.125.13.90 v12.lscache1.c.youtube.com 
  O1 - Hosts: 74.125.13.93 v13.lscache1.c.youtube.com 
  O1 - Hosts: 74.125.13.96 v14.lscache1.c.youtube.com 
  O1 - Hosts: 74.125.13.99 v15.lscache1.c.youtube.com 
  O1 - Hosts: 74.125.97.38 v16.lscache1.c.youtube.com 
  O1 - Hosts: 74.125.13.82 v17.lscache1.c.youtube.com 
  O1 - Hosts: 74.125.13.85 v18.lscache1.c.youtube.com 
  O1 - Hosts: 74.125.13.88 v19.lscache1.c.youtube.com 
  O1 - Hosts: 74.125.13.91 v20.lscache1.c.youtube.com 
  O1 - Hosts: 74.125.13.94 v21.lscache1.c.youtube.com 
  O1 - Hosts: 74.125.13.97 v22.lscache1.c.youtube.com 
  O1 - Hosts: 74.125.13.100 v23.lscache1.c.youtube.com 
  O1 - Hosts: 74.125.13.103 v24.lscache1.c.youtube.com 
  O1 - Hosts: 74.125.13.80 v1.lscache2.c.youtube.com 
  O1 - Hosts: 74.125.13.83 v2.lscache2.c.youtube.com 
  O1 - Hosts: 74.125.13.86 v3.lscache2.c.youtube.com 
  O1 - Hosts: 74.125.13.89 v4.lscache2.c.youtube.com 
  O1 - Hosts: 74.125.13.92 v5.lscache2.c.youtube.com 
  O1 - Hosts: 74.125.13.95 v6.lscache2.c.youtube.com 
  O1 - Hosts: 74.125.13.98 v7.lscache2.c.youtube.com 
  O1 - Hosts: 74.125.13.101 v8.lscache2.c.youtube.com 
  O1 - Hosts: 74.125.13.81 v9.lscache2.c.youtube.com 
  O1 - Hosts: 74.125.13.84 v10.lscache2.c.youtube.com 
  O1 - Hosts: 74.125.13.87 v11.lscache2.c.youtube.com 
  O1 - Hosts: 74.125.13.90 v12.lscache2.c.youtube.com 
  O1 - Hosts: 74.125.13.93 v13.lscache2.c.youtube.com 
  O1 - Hosts: 74.125.13.96 v14.lscache2.c.youtube.com 
  O1 - Hosts: 74.125.13.99 v15.lscache2.c.youtube.com 
  O1 - Hosts: 74.125.13.102 v16.lscache2.c.youtube.com 
  O1 - Hosts: 74.125.13.82 v17.lscache2.c.youtube.com 
  O1 - Hosts: 74.125.13.85 v18.lscache2.c.youtube.com 
  O1 - Hosts: 74.125.13.88 v19.lscache2.c.youtube.com 
  O1 - Hosts: 74.125.13.91 v20.lscache2.c.youtube.com 
  O1 - Hosts: 74.125.13.94 v21.lscache2.c.youtube.com 
  O1 - Hosts: 74.125.13.97 v22.lscache2.c.youtube.com 
  O1 - Hosts: 74.125.13.100 v23.lscache2.c.youtube.com 
  O1 - Hosts: 74.125.13.103 v24.lscache2.c.youtube.com 
  O1 - Hosts: 74.125.99.80 v1.lscache3.c.youtube.com 
  O1 - Hosts: 74.125.99.83 v2.lscache3.c.youtube.com 
  O1 - Hosts: 74.125.99.86 v3.lscache3.c.youtube.com 
  O1 - Hosts: 74.125.99.89 v4.lscache3.c.youtube.com 
  O1 - Hosts: 74.125.99.92 v5.lscache3.c.youtube.com 
  O1 - Hosts: 74.125.99.95 v6.lscache3.c.youtube.com 
  O1 - Hosts: 74.125.99.98 v7.lscache3.c.youtube.com 
  O1 - Hosts: 74.125.99.101 v8.lscache3.c.youtube.com 
  O1 - Hosts: 74.125.99.81 v9.lscache3.c.youtube.com 
  O1 - Hosts: 74.125.99.84 v10.lscache3.c.youtube.com 
  O1 - Hosts: 74.125.99.87 v11.lscache3.c.youtube.com 
  O1 - Hosts: 74.125.99.90 v12.lscache3.c.youtube.com 
  O1 - Hosts: 74.125.99.93 v13.lscache3.c.youtube.com 
  O1 - Hosts: 74.125.97.32 v14.lscache3.c.youtube.com 
  O1 - Hosts: 74.125.99.99 v15.lscache3.c.youtube.com 
  O1 - Hosts: 74.125.99.102 v16.lscache3.c.youtube.com 
  O1 - Hosts: 74.125.99.82 v17.lscache3.c.youtube.com 
  O1 - Hosts: 74.125.99.85 v18.lscache3.c.youtube.com 
  O1 - Hosts: 74.125.99.88 v19.lscache3.c.youtube.com 
  O1 - Hosts: 74.125.99.91 v20.lscache3.c.youtube.com 
  O1 - Hosts: 74.125.99.94 v21.lscache3.c.youtube.com 
  O1 - Hosts: 74.125.99.97 v22.lscache3.c.youtube.com 
  O1 - Hosts: 74.125.99.100 v23.lscache3.c.youtube.com 
  O1 - Hosts: 74.125.99.103 v24.lscache3.c.youtube.com 
  O1 - Hosts: 74.125.99.80 v1.lscache4.c.youtube.com 
  O1 - Hosts: 74.125.99.83 v2.lscache4.c.youtube.com 
  O1 - Hosts: 74.125.99.86 v3.lscache4.c.youtube.com 
  O1 - Hosts: 74.125.99.89 v4.lscache4.c.youtube.com 
  O1 - Hosts: 74.125.99.92 v5.lscache4.c.youtube.com 
  O1 - Hosts: 74.125.99.95 v6.lscache4.c.youtube.com 
  O1 - Hosts: 74.125.99.98 v7.lscache4.c.youtube.com 
  O1 - Hosts: 74.125.99.101 v8.lscache4.c.youtube.com 
  O1 - Hosts: 74.125.99.81 v9.lscache4.c.youtube.com 
  O1 - Hosts: 74.125.99.84 v10.lscache4.c.youtube.com 
  O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll 
  O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll 
  O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.3.7.16.dll 
  O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\ievkbd.dll 
  O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) 
  O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll 
  O2 - BHO: Windows Live Oturum Açma Yardım Aracı - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll 
  O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll 
  O2 - BHO: link filter bho - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll 
  O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll 
  O2 - BHO: Hotspot Shield Class - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Program Files\Hotspot Shield\hssie\HssIE.dll 
  O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll 
  O4 - HKLM\..\Run: [MSConfig] "C:\Windows\system32\msconfig.exe" /auto 
  O4 - HKLM\..\Run: [avp] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe" 
  O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE') 
  O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE') 
  O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE') 
  O8 - Extra context menu item: &Download All with FlashGet - C:\Program Files\FlashGet\jc_all.htm 
  O8 - Extra context menu item: &Download with FlashGet - C:\Program Files\FlashGet\jc_link.htm 
  O8 - Extra context menu item: Download link using &BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm 
  O8 - Extra context menu item: Microsoft Excel'e Gö&nder - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 
  O8 - Extra context menu item: Reklam Başlığı Engelleyicisine ekle - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\ie_banner_deny.htm 
  O8 - Extra context menu item: Sothink SWF Catcher - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm 
  O8 - Extra context menu item: Tüm Linkleri BitComet Kullanarak İndir - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm 
  O8 - Extra context menu item: Tüm Videoları BitComet Kullanarak İndir - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm 
  O9 - Extra button: iOpus iMacros - {0483894E-2422-45E0-8384-021AFF1AF3CD} - C:\Program Files\iMacros\imacros.dll 
  O9 - Extra 'Tools' menuitem: iMacros Web Automation - {0483894E-2422-45E0-8384-021AFF1AF3CD} - C:\Program Files\iMacros\imacros.dll 
  O9 - Extra button: &Sanal klavye - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll 
  O9 - Extra button: FlashCapture - {753BBC4B-CC73-4fb8-A5B5-CA09C804C1DD} - C:\Program Files\FlashCapture\fciext.dll (file missing) 
  O9 - Extra button: Araştır - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL 
  O9 - Extra button: URL ko&ntrolü - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll 
  O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.3.7.16.dll/206 (file missing) 
  O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe 
  O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe 
  O9 - Extra button: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm 
  O9 - Extra 'Tools' menuitem: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm 
  O13 - Gopher Prefix:  
  O16 - DPF: {6F0892F7-0D44-41C3-BF07-7599873FAA04} (Crystal ActiveX Report Viewer Control 11.5) -http://reporteokul.meb.gov.tr/crystalreportviewers115/ActiveXControls/activexviewer.cab 
  O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) -http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab 
  O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) -http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab 
  O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) -http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab 
  O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1.0\r3hook.dll C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll,C:\PROGRA~1\KASPER~1\KASPER~2\mzvkbd3.dll,C:\PROGRA~1\KASPER~1\KASPER~2\kloehk.dll 
  O23 - Service: ArGoSoft Mail Server for .NET (ArGoSoftMailServerNet) - ArGo Software Design - C:\Program Files\ArGo Software Design\ArGoSoft Mail Server .NET\AGMSService.exe 
  O23 - Service: Kaspersky Internet Security (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe 
  O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe 
  O23 - Service: eLock Service (eLockService) - Acer Inc. - C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe 
  O23 - Service: eNet Service - Acer Inc. - C:\Acer\Empowering Technology\eNet\eNet Service.exe 
  O23 - Service: eSettings Service (eSettingsService) - Unknown owner - C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe 
  O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe 
  O23 - Service: Hotspot Shield Service (HotspotShieldService) - Unknown owner - C:\Program Files\Hotspot Shield\bin\openvpnas.exe 
  O23 - Service: Hotspot Shield Routing Service (HssSrv) - AnchorFree Inc. - C:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe 
  O23 - Service: Hotspot Shield Tray Service (HssTrayService) - Unknown owner - C:\Program Files\Hotspot Shield\bin\HssTrayService.EXE 
  O23 - Service: Hotspot Shield Monitoring Service (HssWd) - Unknown owner - C:\Program Files\Hotspot Shield\bin\hsswd.exe 
  O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe 
  O23 - Service: MobilityService - Unknown owner - C:\Acer\Mobility Center\MobilityService.exe 
  O23 - Service: Radmin Server V3 (RServer3) - Famatech International Corp. - C:\Windows\system32\rserver30\RServer3.exe 
  O23 - Service: ePower Service (WMIService) - acer - C:\Acer\Empowering Technology\ePower\ePowerSvc.exe 
   
  -- 
  End of file - 14166 bytes