Yeni Kayıt
Konudaki Resimler
önceki
|
|
_____________________________
|
Bildirim
HijackThis. Performans + Güvenlik! (Virüslerden kurtulun). 500.000+ (412. sayfa)
Sıcak Fırsatlarda Tıklananlar
Editörün Seçtiği Fırsatlar
Daha Fazla 
Bu Konudaki Kullanıcılar:
Daha Az 
6 Misafir (2 Mobil) - 4 Masaüstü, 
2 Mobil
2 Mobil
Giriş
Mesaj
-
-
quote:
Orijinalden alıntı: KnowLedgeabLe
Harici HDD'mi taktığım zaman hızlı biçimlendir yapamıyorum. Ve, Bilgisayarım > Sağ Tık > Yönet > Disk Yönetimi'ne geldiğimde hiçbir HDD o bölümde ekrana gelmiyor.
http://img41.imageshack.us/i/kucukss.png/
baslat - calistir - services.msc yazip entera basin
Tak Çalıştır - Otomatik olarak ayarlayin ve Baslatin.
Mantıksal Disk Yöneticisi ve Mantıksal Disk Yöneticisi Yönetim Hizmetleri de ayni sekilde yapin._____________________________ -
quote:
Orijinalden alıntı: fbaycan
Malwarebytes Antimalware adlı programı indirin.
http://www.buraksonmez.com/dosyalar/mbam-setup.exe
* Programı kurmak için mbam-setup.exe üzerine çift tıklayın ve programı kurun.
* Malwarebytes Antimalware Güncelle ve Malwarebytes Programını Çalıştır seçeneklerini işaretleyip Finish tıklayın.
* Eğer bir güncelleştirme bulunursa, program otomatik olarak indirip güncelleştirecektir.
* Program yüklendiğinde Tam Tarama seçip Taramaya Başla butonuna tıklayın.
* Tarama işlemi biraz zaman alabilir, o yüzden lütfen biraz sabırlı olun.
* Tarama işlemi bittiğinde, Tamam tıklayın ve Sonuçları Göster tıklayın.
* Herşeyin işaretli olduğundan emin olun ve Seçilileri Temizle tıklayın.
* Temizleme işlemi bittiğinde bir notdefteri penceresi açılacaktır. (Bilgisayarınızı yeniden başlatmanız gerekebilir.)
* Notdefteri dosyasını kaydedip mesajınıza ekleyerek bize gönderin.
NOT: Eğer temizleme işlemi sırasında program bilgisayarı yeniden başlatmanızı isterse Tamam tıklayarak bilgisayarızı yeniden başlatın._____________________________
-
quote:
Orijinalden alıntı: serji
Hangi klasore iniyor tam olarak eger onu soylersen yardimci olabilirim sanirim.
Ko'nun klosörüne, normal knightonline.exe gibi.. normal dosyaların dışında Knightempire.exe yüklenio..
Çok teşekkür ederim ilgilendiğin için.._____________________________ KO FoReVeR -
Benim sorunum şöyle herhangi bir virüs tarayıcısı ile tarama yaptığımda (Özellikle Avira) belli bi yerden sonra rapor dosyası kaydedilemedi diyor bilgisyar kitleniyor görev yöneticisini açmaya çalıştığımda çeşitli hatalar veriyor ve ben restart atmadan düzelmiyor. Önce donanımsal olduğunu düşündüm ama birçok programla sürücülerimi test ettim hiçbirinde sorun yok.
Hijackthis Raporum;
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:05:10, on 04.08.2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2900.5512)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
E:\Program Files\Comodo\COMODO Internet Security\cmdagent.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
E:\Program Files\Avira\AntiVir Desktop\sched.exe
e:\Program Files\a-squared Anti-Malware\a2service.exe
E:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\oodag.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\System32\svchost.exe
e:\Program Files\ThreatFire\TFService.exe
C:\WINDOWS\System32\TUProgSt.exe
C:\WINDOWS\RTHDCPL.EXE
E:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE
E:\Program Files\Avira\AntiVir Desktop\avgnt.exe
E:\Program Files\Comodo\COMODO Internet Security\cfp.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Java\jre6\bin\jusched.exe
E:\Program Files\ThreatFire\TFTray.exe
C:\WINDOWS\system32\ctfmon.exe
E:\Program Files\DAEMON Tools Lite\daemon.exe
C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
E:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =http://go.microsoft.com/fwlink/?LinkId=54896
O1 - Hosts: 208.117.236.70 youtube.com
O1 - Hosts: 208.117.236.70 www.youtube.com
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - E:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Windows Live Oturum Açma Yardım Aracı - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Sobee.ICFLauncherIE.Launcher - {95a0101d-f8f8-4063-9545-0edd223b7819} - mscoree.dll (file missing)
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - e:\Program Files\Free Download Manager\iefdm2.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [avgnt] "E:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [COMODO Internet Security] "E:\Program Files\Comodo\COMODO Internet Security\cfp.exe" -h
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [ThreatFire] e:\Program Files\ThreatFire\TFTray.exe
O4 - HKLM\..\Run: [a-squared] "e:\Program Files\a-squared Anti-Malware\a2guard.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "E:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: RocketDock.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
O8 - Extra context menu item: Bütün linkleri IDM ile indir - E:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: FLV video içeriğini IDM ile indir - E:\Program Files\Internet Download Manager\IEGetVL.htm
O8 - Extra context menu item: Free Download Manager ile indir - file://e:\Program Files\Free Download Manager\dllink.htm
O8 - Extra context menu item: Free Download Manager ile seçileni indir - file://e:\Program Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Free Download Manager ile tümünü indir - file://e:\Program Files\Free Download Manager\dlall.htm
O8 - Extra context menu item: IDM ile indir - E:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: Videoyu Free Download Manager ile indir - file://e:\Program Files\Free Download Manager\dlfvideo.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{BB5E7FD7-EB85-49F2-8613-B563BCCE9BF6}: NameServer = 209.67.222.222,208.67.220.220
O17 - HKLM\System\CCS\Services\Tcpip\..\{F58F905C-D548-41DB-A0A0-476040E2204A}: NameServer = 209.67.222.222,208.67.220.220
O23 - Service: a-squared Anti-Malware Service (a2AntiMalware) - Emsi Software GmbH - e:\Program Files\a-squared Anti-Malware\a2service.exe
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - E:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - E:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Avira AntiVir WebGuard (AntiVirWebService) - Avira GmbH - E:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - COMODO - E:\Program Files\Comodo\COMODO Internet Security\cmdagent.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: ThreatFire - PC Tools - e:\Program Files\ThreatFire\TFService.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software - C:\WINDOWS\System32\TuneUpDefragService.exe
O23 - Service: TuneUp Program Statistics Service (TuneUp.ProgramStatisticsSvc) - TuneUp Software - C:\WINDOWS\System32\TUProgSt.exe
--
End of file - 7004 bytes
Combofix raporum;
ComboFix 09-08-03.A2 - Ertuğrul 04.08.2009 15:54.1.4 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1254.90.1033.18.2046.1493 [GMT 3:00]
Running from: c:\documents and settings\Ertuğrul\Desktop\ComboFix.exe
AV: a-squared Anti-Malware *On-access scanning enabled* (Updated) {0F8591BB-342B-4493-91C3-4E948ED21255}
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {C19476D9-52BC-4E93-8AF3-CCF59F7AE8FE}
FW: COMODO Firewall *disabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B}
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\install.exe
c:\windows\Installer\15ec7.msi
c:\windows\Installer\52016.msi
c:\windows\system32\mfc45.dll
.
((((((((((((((((((((((((( Files Created from 2009-07-04 to 2009-08-04 )))))))))))))))))))))))))))))))
.
2009-08-04 09:46 . 1997-12-17 15:33 304128 ----a-w- c:\windows\IsUninst.exe
2009-07-29 17:45 . 2009-07-29 17:45 -------- d-----w- C:\RecoveredByFlobo
2009-07-21 21:44 . 2009-07-21 21:44 -------- d-----w- c:\windows\NU_DATA
2009-07-19 21:57 . 2009-06-19 11:37 46864 ----a-w- c:\windows\system32\drivers\TfSysMon.sys
2009-07-19 21:57 . 2009-06-19 11:37 33552 ----a-w- c:\windows\system32\drivers\TfNetMon.sys
2009-07-19 21:57 . 2009-06-19 11:37 51984 ----a-w- c:\windows\system32\drivers\TfFsMon.sys
2009-07-19 18:36 . 2009-07-19 18:36 -------- d-----w- c:\windows\system32\wbem\Repository
2009-07-19 18:16 . 2009-06-10 08:22 2838438 -c----w- c:\documents and settings\All Users\Application Data\{C4C0E335-EDDF-46A0-A57D-F3802AE44275}\speedupmypc2009.exe
2009-07-19 18:16 . 2009-07-19 18:42 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{C4C0E335-EDDF-46A0-A57D-F3802AE44275}
2009-07-10 20:55 . 2008-04-14 02:42 151552 -c--a-w- c:\windows\system32\dllcache\irftp.exe
2009-07-10 20:55 . 2008-04-14 02:42 151552 ----a-w- c:\windows\system32\irftp.exe
2009-07-10 20:55 . 2008-04-14 02:42 8192 -c--a-w- c:\windows\system32\dllcache\wshirda.dll
2009-07-10 20:55 . 2008-04-14 02:42 8192 ----a-w- c:\windows\system32\wshirda.dll
2009-07-10 20:55 . 2008-04-14 02:41 28160 -c--a-w- c:\windows\system32\dllcache\irmon.dll
2009-07-10 20:55 . 2008-04-14 02:41 28160 ----a-w- c:\windows\system32\irmon.dll
2009-07-07 12:31 . 2009-07-07 12:31 -------- d-----w- c:\documents and settings\All Users\Application Data\ATI
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-08-04 12:41 . 2008-07-10 18:18 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-07-24 09:32 . 2008-07-10 15:53 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-07-21 21:49 . 2008-07-10 18:14 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-07-19 22:09 . 2008-10-29 15:36 2734904 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2009-07-19 21:57 . 2008-09-07 09:03 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Tools
2009-07-18 10:40 . 2008-07-10 18:04 -------- d-----w- c:\program files\Java
2009-07-17 17:40 . 2009-06-03 14:03 3775176 ----a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2009-07-13 10:36 . 2009-04-09 10:56 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-07-13 10:36 . 2009-04-09 10:56 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-07-09 06:32 . 2008-12-30 16:37 179792 ----a-w- c:\windows\system32\guard32.dll
2009-07-09 06:31 . 2008-12-30 16:37 132040 ----a-w- c:\windows\system32\drivers\cmdguard.sys
2009-07-08 07:45 . 2008-07-10 18:39 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-07-07 12:28 . 2008-10-28 11:48 -------- d-----w- c:\program files\ATI Technologies
2009-07-07 11:59 . 2009-06-30 07:48 -------- d-----w- c:\program files\Lavasoft
2009-07-07 11:59 . 2008-07-10 18:40 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
2009-07-07 11:59 . 2009-03-29 18:02 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}
2009-07-04 20:30 . 2008-12-30 16:37 86976 ----a-w- c:\windows\system32\drivers\inspect.sys
2009-07-04 20:30 . 2008-12-30 16:37 25160 ----a-w- c:\windows\system32\drivers\cmdhlp.sys
2009-07-03 13:51 . 2009-07-03 13:51 -------- d-----w- c:\documents and settings\All Users\Application Data\Tages
2009-07-03 13:48 . 2008-07-24 22:41 281760 ----a-w- c:\windows\system32\drivers\atksgt.sys
2009-07-03 13:48 . 2008-07-24 22:41 25888 ----a-w- c:\windows\system32\drivers\lirsgt.sys
2009-06-29 16:41 . 2009-06-29 16:41 -------- d-----w- c:\program files\Marvell
2009-06-29 06:41 . 2009-06-29 06:41 -------- d-----w- c:\program files\Common Files\Vbox
2009-06-22 16:35 . 2008-07-10 18:06 -------- d-----w- c:\program files\Common Files\Adobe
2009-06-22 15:33 . 2009-06-22 15:33 -------- d-----w- c:\program files\Ontrack
2009-06-18 06:19 . 2009-06-18 06:19 -------- d-----w- c:\program files\DAEMON Tools Toolbar
2009-06-18 06:03 . 2008-07-24 22:23 721904 ----a-w- c:\windows\system32\drivers\sptd.sys
2009-06-05 08:50 . 2009-06-05 08:50 604416 ----a-w- c:\windows\system32\TUProgSt.exe
2009-06-05 08:50 . 2009-06-05 08:50 361216 ----a-w- c:\windows\system32\TuneUpDefragService.exe
2009-05-21 08:33 . 2008-11-02 08:29 410984 ----a-w- c:\windows\system32\deploytk.dll
2009-05-16 03:58 . 2008-07-10 15:44 4069888 ----a-w- c:\windows\system32\drivers\ati2mtag.sys
2009-05-16 03:39 . 2009-01-14 04:49 442368 ----a-w- c:\windows\system32\ATIDEMGX.dll
2009-05-16 03:38 . 2008-07-10 15:44 335872 ----a-w- c:\windows\system32\ati2dvag.dll
2009-05-16 03:18 . 2009-01-14 04:36 204800 ----a-w- c:\windows\system32\atipdlxx.dll
2009-05-16 03:17 . 2009-01-14 04:36 155648 ----a-w- c:\windows\system32\Oemdspif.dll
2009-05-16 03:17 . 2009-01-14 04:36 26112 ----a-w- c:\windows\system32\Ati2mdxx.exe
2009-05-16 03:17 . 2009-01-14 04:35 43520 ----a-w- c:\windows\system32\ati2edxx.dll
2009-05-16 03:17 . 2009-01-14 04:35 155648 ----a-w- c:\windows\system32\ati2evxx.dll
2009-05-16 03:15 . 2009-01-14 04:34 602112 ----a-w- c:\windows\system32\ati2evxx.exe
2009-05-16 03:14 . 2009-01-14 04:32 53248 ----a-w- c:\windows\system32\ATIDDC.DLL
2009-05-16 03:07 . 2008-07-10 15:44 2987136 ----a-w- c:\windows\system32\ati3duag.dll
2009-05-16 02:55 . 2009-01-14 05:46 11423744 ----a-w- c:\windows\system32\atioglxx.dll
2009-05-16 02:54 . 2008-07-10 15:44 2122624 ----a-w- c:\windows\system32\ativvaxx.dll
2009-05-16 02:54 . 2009-01-14 04:05 887724 ----a-w- c:\windows\system32\ativva6x.dat
2009-05-16 02:54 . 2009-01-14 04:05 3 ----a-w- c:\windows\system32\ativva5x.dat
2009-05-16 02:51 . 2009-01-14 03:37 311296 ----a-w- c:\windows\system32\atiiiexx.dll
2009-05-16 02:38 . 2009-03-16 19:40 49664 ----a-w- c:\windows\system32\atimpc32.dll
2009-05-16 02:38 . 2009-01-14 03:50 49664 ----a-w- c:\windows\system32\amdpcom32.dll
2009-05-16 02:33 . 2009-01-14 03:45 479232 ----a-w- c:\windows\system32\atikvmag.dll
2009-05-16 02:31 . 2009-01-14 03:44 139264 ----a-w- c:\windows\system32\atiadlxx.dll
2009-05-16 02:31 . 2009-01-14 03:44 17408 ----a-w- c:\windows\system32\atitvo32.dll
2009-05-16 02:30 . 2009-01-14 03:43 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll
2009-05-16 02:26 . 2009-01-14 04:53 376832 ----a-w- c:\windows\system32\atiok3x2.dll
2009-05-16 02:24 . 2008-07-10 15:44 651264 ----a-w- c:\windows\system32\ati2cqag.dll
2009-05-16 01:35 . 2009-02-04 02:43 45056 ----a-w- c:\windows\system32\aticalrt.dll
2009-05-16 01:34 . 2009-02-04 02:42 45056 ----a-w- c:\windows\system32\aticalcl.dll
2009-05-16 01:33 . 2009-02-04 02:40 3158016 ----a-w- c:\windows\system32\aticaldd.dll
2009-05-15 18:05 . 2009-01-29 13:06 593920 ------w- c:\windows\system32\ati2sgag.exe
2009-08-04 02:13 . 2009-02-12 09:06 137208 ----a-w- c:\program files\mozilla firefox\components\brwsrcmp.dll
2009-07-13 13:47 . 2009-07-13 16:33 174592 ----a-w- c:\program files\mozilla firefox\plugins\libcurl.dll
2008-12-30 16:39 . 2008-12-30 14:27 982048 --sha-w- c:\windows\system32\drivers\fidbox.dat
2008-12-30 16:39 . 2008-12-30 14:27 278560 --sha-w- c:\windows\system32\drivers\fidbox2.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{95a0101d-f8f8-4063-9545-0edd223b7819}]
2008-07-25 09:16 282112 ----a-w- c:\windows\system32\mscoree.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"DAEMON Tools Lite"="e:\program files\DAEMON Tools Lite\daemon.exe" [2009-04-23 691656]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avgnt"="e:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-20 209153]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-05-20 98304]
"COMODO Internet Security"="e:\program files\Comodo\COMODO Internet Security\cfp.exe" [2009-07-04 1793808]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-05-21 148888]
"ThreatFire"="e:\program files\ThreatFire\TFTray.exe" [2009-06-19 259344]
"a-squared"="e:\program files\a-squared Anti-Malware\a2guard.exe" [2009-07-23 3208848]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.EXE [2008-10-28 17331200]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]
c:\documents and settings\Ertu§rul\Start Menu\Programs\Startup\
RocketDock.lnk - c:\windows\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe [2007-3-19 630784]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0OODBS
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, digest32.dll
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"IDMan"=e:\program files\Internet Download Manager\IDMan.exe /onboot
"ctfmon.exe"=c:\windows\system32\ctfmon.exe
"Steam"="e:\program files\Steam\Steam.exe" -silent
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe"
"KernelFaultCheck"=%systemroot%\system32\dumprep 0 -k
"OODefragTray"=c:\windows\system32\oodtray.exe
"Adobe Reader Speed Launcher"="e:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"e:\\Program Files\\uTorrent\\uTorrent.exe"=
"e:\\Program Files\\Rosetta Stone\\Rosetta Stone Version 3\\support\\bin\\win\\RosettaStoneLtdServices.exe"=
"e:\\Program Files\\Rosetta Stone\\Rosetta Stone Version 3\\RosettaStoneVersion3.exe"=
"d:\\Program Files\\Sports Interactive\\Football Manager 2009\\fm.exe"=
"c:\\WINDOWS\\system32\\svchost.exe"=
"e:\\Program Files\\Avira\\AntiVir Desktop\\sched.exe"=
"c:\\WINDOWS\\System32\\wbem\\wmiprvse.exe"=
"d:\\Program Files\\Activision\\Call of Duty - World at War\\CoDWaW.exe"=
"d:\\Program Files\\Activision\\Call of Duty - World at War\\CoDWaWmp.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"e:\\Program Files\\KONAMI\\Pro Evolution Soccer 2009\\pes2009.exe"=
"e:\\Program Files\\EA GAMES\\Battlefield 2\\BF2.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"d:\\Program Files\\Ubisoft\\Techland\\Call of Juarez - Bound in Blood\\CoJBiBGame_x86.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"4719:TCP"= 4719:TCP:4719
R0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys [7/20/2009 12:57 AM 51984]
R0 TfSysMon;TfSysMon;c:\windows\system32\drivers\TfSysMon.sys [7/20/2009 12:57 AM 46864]
R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\drivers\cmdguard.sys [12/30/2008 7:37 PM 132040]
R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [12/30/2008 7:37 PM 25160]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;e:\program files\Avira\AntiVir Desktop\sched.exe [3/20/2009 4:20 PM 108289]
R2 AntiVirWebService;Avira AntiVir WebGuard;e:\program files\Avira\AntiVir Desktop\avwebgrd.exe [3/20/2009 4:20 PM 434945]
R2 ThreatFire;ThreatFire;e:\program files\ThreatFire\TFService.exe service --> e:\program files\ThreatFire\TFService.exe service [?]
R2 TuneUp.ProgramStatisticsSvc;TuneUp Program Statistics Service;c:\windows\system32\TUProgSt.exe [6/5/2009 11:50 AM 604416]
R3 TfNetMon;TfNetMon;c:\windows\system32\drivers\TfNetMon.sys [7/20/2009 12:57 AM 33552]
R3 ZYXEL750;ZyAir G-260 Driver;c:\windows\system32\drivers\WLANUTG.SYS [4/12/2009 7:00 PM 494848]
S3 ABIT-IO;ABIT-IO;\??\e:\program files\U-ABIT\abitEQ\ABIT-IO.sys --> e:\program files\U-ABIT\abitEQ\ABIT-IO.sys [?]
S3 AtiHdmiService;ATI Function Driver for HDMI Service;c:\windows\system32\drivers\AtiHdmi.sys --> c:\windows\system32\drivers\AtiHdmi.sys [?]
S3 cpuz130;cpuz130;\??\c:\docume~1\ERTURU~1\LOCALS~1\Temp\cpuz130\cpuz_x32.sys --> c:\docume~1\ERTURU~1\LOCALS~1\Temp\cpuz130\cpuz_x32.sys [?]
S3 EverestDriver;Lavalys EVEREST Kernel Driver;e:\program files\Lavalys\EVEREST Ultimate Edition\kerneld.wnt [7/2/2009 11:18 AM 26736]
S4 AntiVirMailService;Avira AntiVir MailGuard;e:\program files\Avira\AntiVir Desktop\avmailc.exe [3/20/2009 4:20 PM 194817]
S4 getPlus(R) Helper;getPlus(R) Helper;c:\program files\NOS\bin\getPlus_HelperSvc.exe [12/13/2008 4:16 PM 33752]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Contents of the 'Scheduled Tasks' folder
2009-06-05 c:\windows\Tasks\1-Click Maintenance.job
- e:\program files\TuneUp Utilities 2009\OneClickStarter.exe [2009-04-27 12:37]
.
.
------- Supplementary Scan -------
.
IE: Bütün linkleri IDM ile indir - e:\program files\Internet Download Manager\IEGetAll.htm
IE: FLV video içeriğini IDM ile indir - e:\program files\Internet Download Manager\IEGetVL.htm
IE: Free Download Manager ile indir - file://e:\program files\Free Download Manager\dllink.htm
IE: Free Download Manager ile seçileni indir - file://e:\program files\Free Download Manager\dlselected.htm
IE: Free Download Manager ile tümünü indir - file://e:\program files\Free Download Manager\dlall.htm
IE: IDM ile indir - e:\program files\Internet Download Manager\IEExt.htm
IE: Videoyu Free Download Manager ile indir - file://e:\program files\Free Download Manager\dlfvideo.htm
LSP: e:\program files\Avira\AntiVir Desktop\avsda.dll
TCP: {BB5E7FD7-EB85-49F2-8613-B563BCCE9BF6} = 209.67.222.222,208.67.220.220
TCP: {F58F905C-D548-41DB-A0A0-476040E2204A} = 209.67.222.222,208.67.220.220
FF - ProfilePath - c:\documents and settings\Ertuğrul\Application Data\Mozilla\Firefox\Profiles\5v2ikjk1.default\
FF - component: c:\documents and settings\Ertuğrul\Application Data\IDM\idmmzcc3\components\idmmzcc.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPSobeeICFLauncherMOZ.dll
FF - plugin: e:\program files\Adobe\Reader 9.0\Reader\browser\nppdf32.dll
FF - plugin: e:\program files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll
FF - plugin: e:\program files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll
FF - plugin: e:\program files\Opera\program\plugins\npdsplay.dll
FF - plugin: e:\program files\Opera\program\plugins\npwmsdrm.dll
---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.cache_size", 51200);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.ogg.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.wave.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.autoplay.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess");
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.storage.default_quota", 5120);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("content.sink.event_probe_rate", 3);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.dpi", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("geo.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.history", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json");
.
.
------- File Associations -------
.
JSEFile=NOTEPAD.EXE %1
VBEFile=NOTEPAD.EXE %1
VBSFile=NOTEPAD.EXE %1
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,http://www.gmer.net
Rootkit scan 2009-08-04 15:57
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\EverestDriver]
"ImagePath"="\??\e:\program files\Lavalys\EVEREST Ultimate Edition\kerneld.wnt"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_USERS\S-1-5-21-583907252-2049760794-725345543-1003\Software\G*e*n*i*e*"!\FM Genie Scout 2008]
"ScreenshotsDir"="c:\\Documents and Settings\\Ertuğrul\\Desktop"
"Language"="English"
"LoadLangDB"=dword:00000001
"CompressHistoryPoints"=dword:00000000
"HighlightedAttributes"=dword:00000000
"MinCondition"=dword:00000050
"SkinID"=dword:00000001
"LastUpdateCheck"=dword:00000000
"HighQualityGUI"=dword:00000001
"AutomaticallyUpdateCheck"=dword:00000001
"AdvancedGeneration"=dword:00000000
"TranslateStaffSkills"=dword:00000001
"TranslatePlayerSkills"=dword:00000001
"TranslatePositions"=dword:00000001
"ShowHistory"=dword:00000001
"WindowState"=dword:00000000
"Currency"=dword:00000056
"WindowHeight"=dword:0000026b
"WindowWidth"=dword:000003fc
"WindowLeft"=dword:0000006b
"WindowTop"=dword:0000002c
"UseProxy"=dword:00000000
"ProxyHost"=""
"ProxyPort"=""
"UseAuthentication"=dword:00000000
"UserName"=""
"UserPassword"=""
[HKEY_USERS\S-1-5-21-583907252-2049760794-725345543-1003\Software\G*e*n*i*e*"!\FM Genie Scout 2008\Columns\Clubs]
"Position0"=dword:00000000
"Visible0"=dword:00000001
"Width0"=dword:0000007d
"Position1"=dword:00000001
"Visible1"=dword:00000001
"Width1"=dword:00000064
"Position2"=dword:00000002
"Visible2"=dword:00000001
"Width2"=dword:00000064
"Position3"=dword:00000003
"Visible3"=dword:00000001
"Width3"=dword:00000032
"Position4"=dword:00000004
"Visible4"=dword:00000001
"Width4"=dword:00000032
"Position5"=dword:00000005
"Visible5"=dword:00000001
"Width5"=dword:00000050
"Position6"=dword:00000006
"Visible6"=dword:00000001
"Width6"=dword:00000050
"Position7"=dword:00000007
"Visible7"=dword:00000001
"Width7"=dword:00000050
"Position8"=dword:00000008
"Visible8"=dword:00000000
"Width8"=dword:00000050
"Position9"=dword:00000009
"Visible9"=dword:00000000
"Width9"=dword:0000002d
"Position10"=dword:0000000a
"Visible10"=dword:00000000
"Width10"=dword:0000001e
"Position11"=dword:0000000b
"Visible11"=dword:00000000
"Width11"=dword:0000001e
"Position12"=dword:0000000c
"Visible12"=dword:00000000
"Width12"=dword:0000001e
"Position13"=dword:0000000d
"Visible13"=dword:00000001
"Width13"=dword:0000003c
"Position14"=dword:0000000e
"Visible14"=dword:00000000
"Width14"=dword:00000032
"Position15"=dword:0000000f
"Visible15"=dword:00000000
"Width15"=dword:00000032
"Position16"=dword:00000010
"Visible16"=dword:00000000
"Width16"=dword:00000032
"Position17"=dword:00000011
"Visible17"=dword:00000001
"Width17"=dword:00000050
"Position18"=dword:00000012
"Visible18"=dword:00000001
"Width18"=dword:00000050
"Position19"=dword:00000013
"Visible19"=dword:00000000
"Width19"=dword:00000050
[HKEY_USERS\S-1-5-21-583907252-2049760794-725345543-1003\Software\G*e*n*i*e*"!\FM Genie Scout 2008\Columns\Players]
"Position0"=dword:00000000
"Visible0"=dword:00000001
"Width0"=dword:0000007d
"Position1"=dword:00000001
"Visible1"=dword:00000001
"Width1"=dword:00000064
"Position2"=dword:00000002
"Visible2"=dword:00000001
"Width2"=dword:00000064
"Position3"=dword:00000003
"Visible3"=dword:00000001
"Width3"=dword:00000037
"Position4"=dword:00000008
"Visible4"=dword:00000001
"Width4"=dword:00000023
"Position5"=dword:00000009
"Visible5"=dword:00000001
"Width5"=dword:00000028
"Position6"=dword:0000000a
"Visible6"=dword:00000001
"Width6"=dword:00000028
"Position7"=dword:0000000c
"Visible7"=dword:00000001
"Width7"=dword:0000004b
"Position8"=dword:0000000d
"Visible8"=dword:00000001
"Width8"=dword:0000004b
"Position9"=dword:0000000e
"Visible9"=dword:00000001
"Width9"=dword:00000050
"Position10"=dword:00000010
"Visible10"=dword:00000000
"Width10"=dword:00000050
"Position11"=dword:00000011
"Visible11"=dword:00000000
"Width11"=dword:0000004b
"Position12"=dword:00000012
"Visible12"=dword:00000000
"Width12"=dword:0000002d
"Position13"=dword:00000013
"Visible13"=dword:00000000
"Width13"=dword:0000003c
"Position14"=dword:00000014
"Visible14"=dword:00000000
"Width14"=dword:0000004b
"Position15"=dword:00000015
"Visible15"=dword:00000000
"Width15"=dword:00000064
"Position16"=dword:00000016
"Visible16"=dword:00000000
"Width16"=dword:00000064
"Position17"=dword:00000017
"Visible17"=dword:00000000
"Width17"=dword:0000004b
"Position18"=dword:00000018
"Visible18"=dword:00000000
"Width18"=dword:00000064
"Position19"=dword:00000019
"Visible19"=dword:00000000
"Width19"=dword:0000003c
"Position20"=dword:0000001a
"Visible20"=dword:00000000
"Width20"=dword:0000004b
"Position21"=dword:0000001b
"Visible21"=dword:00000000
"Width21"=dword:00000050
"Position22"=dword:0000001c
"Visible22"=dword:00000000
"Width22"=dword:00000073
"Position23"=dword:0000001d
"Visible23"=dword:00000000
"Width23"=dword:00000050
"Position24"=dword:0000001e
"Visible24"=dword:00000000
"Width24"=dword:0000005a
"Position25"=dword:0000001f
"Visible25"=dword:00000000
"Width25"=dword:0000006e
"Position26"=dword:00000020
"Visible26"=dword:00000000
"Width26"=dword:00000064
"Position27"=dword:00000021
"Visible27"=dword:00000000
"Width27"=dword:00000087
"Position28"=dword:00000022
"Visible28"=dword:00000000
"Width28"=dword:00000064
"Position29"=dword:00000023
"Visible29"=dword:00000000
"Width29"=dword:00000064
"Position30"=dword:00000024
"Visible30"=dword:00000000
"Width30"=dword:00000046
"Position31"=dword:00000025
"Visible31"=dword:00000000
"Width31"=dword:0000004b
"Position32"=dword:00000026
"Visible32"=dword:00000000
"Width32"=dword:00000046
"Position33"=dword:00000027
"Visible33"=dword:00000000
"Width33"=dword:0000004b
"Position34"=dword:00000028
"Visible34"=dword:00000000
"Width34"=dword:0000003c
"Position35"=dword:0000002a
"Visible35"=dword:00000000
"Width35"=dword:00000064
"Position36"=dword:0000002e
"Visible36"=dword:00000000
"Width36"=dword:00000073
"Position37"=dword:00000030
"Visible37"=dword:00000000
"Width37"=dword:0000005f
"Position38"=dword:00000033
"Visible38"=dword:00000000
"Width38"=dword:00000091
"Position39"=dword:00000035
"Visible39"=dword:00000000
"Width39"=dword:0000003c
"Position40"=dword:0000002c
"Visible40"=dword:00000000
"Width40"=dword:0000005a
"Position41"=dword:00000036
"Visible41"=dword:00000000
"Width41"=dword:00000041
"Position42"=dword:00000029
"Visible42"=dword:00000000
"Width42"=dword:00000050
"Position43"=dword:0000002b
"Visible43"=dword:00000000
"Width43"=dword:00000055
"Position44"=dword:0000002d
"Visible44"=dword:00000000
"Width44"=dword:0000005f
"Position45"=dword:00000037
"Visible45"=dword:00000000
"Width45"=dword:00000050
"Position46"=dword:00000038
"Visible46"=dword:00000000
"Width46"=dword:0000004b
"Position47"=dword:00000039
"Visible47"=dword:00000000
"Width47"=dword:0000004b
"Position48"=dword:0000003a
"Visible48"=dword:00000000
"Width48"=dword:00000046
"Position49"=dword:0000003b
"Visible49"=dword:00000000
"Width49"=dword:00000032
"Position50"=dword:0000003c
"Visible50"=dword:00000000
"Width50"=dword:0000003c
"Position51"=dword:0000003d
"Visible51"=dword:00000000
"Width51"=dword:0000004b
"Position52"=dword:0000003e
"Visible52"=dword:00000000
"Width52"=dword:0000003c
"Position53"=dword:0000003f
"Visible53"=dword:00000000
"Width53"=dword:00000037
"Position54"=dword:00000040
"Visible54"=dword:00000000
"Width54"=dword:00000069
"Position55"=dword:00000041
"Visible55"=dword:00000000
"Width55"=dword:0000005a
"Position56"=dword:00000044
"Visible56"=dword:00000000
"Width56"=dword:0000004b
"Position57"=dword:00000045
"Visible57"=dword:00000000
"Width57"=dword:0000004b
"Position58"=dword:00000046
"Visible58"=dword:00000000
"Width58"=dword:00000037
"Position59"=dword:00000047
"Visible59"=dword:00000000
"Width59"=dword:0000003c
"Position60"=dword:00000048
"Visible60"=dword:00000000
"Width60"=dword:0000003c
"Position61"=dword:00000049
"Visible61"=dword:00000000
"Width61"=dword:00000041
"Position62"=dword:0000004a
"Visible62"=dword:00000000
"Width62"=dword:00000055
"Position63"=dword:0000004b
"Visible63"=dword:00000000
"Width63"=dword:0000003c
"Position64"=dword:0000004c
"Visible64"=dword:00000000
"Width64"=dword:0000003c
"Position65"=dword:0000004d
"Visible65"=dword:00000000
"Width65"=dword:0000004b
"Position66"=dword:0000004e
"Visible66"=dword:00000000
"Width66"=dword:0000003c
"Position67"=dword:0000004f
"Visible67"=dword:00000000
"Width67"=dword:00000046
"Position68"=dword:00000050
"Visible68"=dword:00000000
"Width68"=dword:00000028
"Position69"=dword:00000051
"Visible69"=dword:00000000
"Width69"=dword:00000041
"Position70"=dword:00000052
"Visible70"=dword:00000000
"Width70"=dword:0000003c
"Position71"=dword:00000053
"Visible71"=dword:00000000
"Width71"=dword:00000069
"Position72"=dword:00000054
"Visible72"=dword:00000000
"Width72"=dword:00000041
"Position73"=dword:00000055
"Visible73"=dword:00000000
"Width73"=dword:0000005f
"Position74"=dword:00000056
"Visible74"=dword:00000000
"Width74"=dword:0000003c
"Position75"=dword:00000057
"Visible75"=dword:00000000
"Width75"=dword:00000037
"Position76"=dword:00000058
"Visible76"=dword:00000000
"Width76"=dword:0000004b
"Position77"=dword:00000059
"Visible77"=dword:00000000
"Width77"=dword:00000050
"Position78"=dword:0000005a
"Visible78"=dword:00000000
"Width78"=dword:00000037
"Position79"=dword:0000005b
"Visible79"=dword:00000000
"Width79"=dword:00000037
"Position80"=dword:0000005c
"Visible80"=dword:00000000
"Width80"=dword:0000005a
"Position81"=dword:0000005d
"Visible81"=dword:00000000
"Width81"=dword:0000004b
"Position82"=dword:0000005e
"Visible82"=dword:00000000
"Width82"=dword:00000055
"Position83"=dword:0000005f
"Visible83"=dword:00000000
"Width83"=dword:0000002d
"Position84"=dword:00000060
"Visible84"=dword:00000000
"Width84"=dword:00000037
"Position85"=dword:00000061
"Visible85"=dword:00000000
"Width85"=dword:0000003c
"Position86"=dword:00000062
"Visible86"=dword:00000000
"Width86"=dword:00000046
"Position87"=dword:00000063
"Visible87"=dword:00000000
"Width87"=dword:0000003c
"Position88"=dword:00000064
"Visible88"=dword:00000000
"Width88"=dword:0000005a
"Position89"=dword:00000065
"Visible89"=dword:00000000
"Width89"=dword:0000003c
"Position90"=dword:00000066
"Visible90"=dword:00000000
"Width90"=dword:00000050
"Position91"=dword:00000067
"Visible91"=dword:00000000
"Width91"=dword:00000046
"Position92"=dword:00000068
"Visible92"=dword:00000000
"Width92"=dword:0000005a
"Position93"=dword:00000069
"Visible93"=dword:00000000
"Width93"=dword:00000037
"Position94"=dword:0000006a
"Visible94"=dword:00000000
"Width94"=dword:0000003c
"Position95"=dword:0000006b
"Visible95"=dword:00000000
"Width95"=dword:0000003c
"Position96"=dword:0000006c
"Visible96"=dword:00000000
"Width96"=dword:00000046
"Position97"=dword:0000006d
"Visible97"=dword:00000000
"Width97"=dword:00000046
"Position98"=dword:0000006e
"Visible98"=dword:00000000
"Width98"=dword:00000055
"Position99"=dword:0000006f
"Visible99"=dword:00000000
"Width99"=dword:00000073
"Position100"=dword:00000042
"Visible100"=dword:00000000
"Width100"=dword:00000041
"Position101"=dword:00000070
"Visible101"=dword:00000000
"Width101"=dword:0000003c
"Position102"=dword:00000071
"Visible102"=dword:00000000
"Width102"=dword:0000003c
"Position103"=dword:00000072
"Visible103"=dword:00000000
"Width103"=dword:00000046
"Position104"=dword:00000073
"Visible104"=dword:00000000
"Width104"=dword:0000003c
"Position105"=dword:00000074
"Visible105"=dword:00000000
"Width105"=dword:00000041
"Position106"=dword:0000000f
"Visible106"=dword:00000001
"Width106"=dword:00000050
"Position107"=dword:0000000b
"Visible107"=dword:00000001
"Width107"=dword:00000028
"Position108"=dword:00000043
"Visible108"=dword:00000000
"Width108"=dword:00000050
"Position109"=dword:0000002f
"Visible109"=dword:00000000
"Width109"=dword:00000050
"Position110"=dword:00000031
"Visible110"=dword:00000000
"Width110"=dword:00000055
"Position111"=dword:00000032
"Visible111"=dword:00000000
"Width111"=dword:00000082
"Position112"=dword:00000034
"Visible112"=dword:00000000
"Width112"=dword:00000087
"Position113"=dword:00000075
"Visible113"=dword:00000000
"Width113"=dword:00000050
"Position114"=dword:00000076
"Visible114"=dword:00000000
"Width114"=dword:00000050
"Position115"=dword:00000077
"Visible115"=dword:00000000
"Width115"=dword:00000050
"Position116"=dword:00000078
"Visible116"=dword:00000000
"Width116"=dword:00000050
"Position117"=dword:00000079
"Visible117"=dword:00000000
"Width117"=dword:00000050
"Position118"=dword:0000007a
"Visible118"=dword:00000000
"Width118"=dword:00000050
"Position119"=dword:0000007b
"Visible119"=dword:00000000
"Width119"=dword:00000050
"Position120"=dword:0000007c
"Visible120"=dword:00000000
"Width120"=dword:00000050
"Position121"=dword:0000007d
"Visible121"=dword:00000000
"Width121"=dword:00000050
"Position122"=dword:0000007e
"Visible122"=dword:00000000
"Width122"=dword:00000050
"Position123"=dword:0000007f
"Visible123"=dword:00000000
"Width123"=dword:00000050
"Position124"=dword:00000080
"Visible124"=dword:00000000
"Width124"=dword:00000050
"Position125"=dword:00000081
"Visible125"=dword:00000000
"Width125"=dword:00000050
"Position126"=dword:00000082
"Visible126"=dword:00000000
"Width126"=dword:00000050
"Position127"=dword:00000083
"Visible127"=dword:00000000
"Width127"=dword:00000050
"Position128"=dword:00000084
"Visible128"=dword:00000000
"Width128"=dword:00000050
"Position129"=dword:00000085
"Visible129"=dword:00000000
"Width129"=dword:00000050
"Position130"=dword:00000086
"Visible130"=dword:00000000
"Width130"=dword:00000050
"Position131"=dword:00000087
"Visible131"=dword:00000000
"Width131"=dword:00000050
"Position132"=dword:00000088
"Visible132"=dword:00000000
"Width132"=dword:00000050
"Position133"=dword:00000089
"Visible133"=dword:00000000
"Width133"=dword:00000050
"Position134"=dword:0000008a
"Visible134"=dword:00000000
"Width134"=dword:00000050
"Position135"=dword:0000008b
"Visible135"=dword:00000000
"Width135"=dword:00000050
"Position136"=dword:0000008c
"Visible136"=dword:00000000
"Width136"=dword:00000050
"Position137"=dword:0000008d
"Visible137"=dword:00000000
"Width137"=dword:00000050
"Position138"=dword:0000008e
"Visible138"=dword:00000000
"Width138"=dword:00000050
"Position139"=dword:0000008f
"Visible139"=dword:00000000
"Width139"=dword:00000050
"Position140"=dword:00000090
"Visible140"=dword:00000000
"Width140"=dword:00000050
"Position141"=dword:00000091
"Visible141"=dword:00000000
"Width141"=dword:00000050
"Position142"=dword:00000092
"Visible142"=dword:00000000
"Width142"=dword:00000050
"Position143"=dword:00000093
"Visible143"=dword:00000000
"Width143"=dword:00000050
"Position144"=dword:00000094
"Visible144"=dword:00000000
"Width144"=dword:00000050
"Position145"=dword:00000095
"Visible145"=dword:00000000
"Width145"=dword:00000050
"Position146"=dword:00000004
"Visible146"=dword:00000000
"Width146"=dword:00000037
"Position147"=dword:00000005
"Visible147"=dword:00000000
"Width147"=dword:00000028
"Position148"=dword:00000006
"Visible148"=dword:00000000
"Width148"=dword:00000037
"Position149"=dword:00000007
"Visible149"=dword:00000001
"Width149"=dword:00000028
[HKEY_USERS\S-1-5-21-583907252-2049760794-725345543-1003\Software\G*e*n*i*e*"!\FM Genie Scout 2008\Columns\Staff]
"Position0"=dword:00000000
"Visible0"=dword:00000001
"Width0"=dword:0000007d
"Position1"=dword:00000001
"Visible1"=dword:00000001
"Width1"=dword:00000064
"Position2"=dword:00000002
"Visible2"=dword:00000001
"Width2"=dword:00000064
"Position3"=dword:00000003
"Visible3"=dword:00000001
"Width3"=dword:00000069
"Position4"=dword:00000005
"Visible4"=dword:00000001
"Width4"=dword:00000028
"Position5"=dword:00000006
"Visible5"=dword:00000001
"Width5"=dword:00000028
"Position6"=dword:00000004
"Visible6"=dword:00000001
"Width6"=dword:00000028
"Position7"=dword:00000007
"Visible7"=dword:00000001
"Width7"=dword:00000050
"Position8"=dword:00000008
"Visible8"=dword:00000000
"Width8"=dword:00000050
"Position9"=dword:00000009
"Visible9"=dword:00000000
"Width9"=dword:0000004b
"Position10"=dword:0000000a
"Visible10"=dword:00000000
"Width10"=dword:0000002d
"Position11"=dword:0000000b
"Visible11"=dword:00000000
"Width11"=dword:0000003c
"Position12"=dword:0000000c
"Visible12"=dword:00000000
"Width12"=dword:0000004b
"Position13"=dword:0000000d
"Visible13"=dword:00000000
"Width13"=dword:00000064
"Position14"=dword:0000000e
"Visible14"=dword:00000000
"Width14"=dword:00000064
"Position15"=dword:0000000f
"Visible15"=dword:00000000
"Width15"=dword:0000004b
"Position16"=dword:00000010
"Visible16"=dword:00000000
"Width16"=dword:00000064
"Position17"=dword:00000011
"Visible17"=dword:00000000
"Width17"=dword:0000003c
"Position18"=dword:00000012
"Visible18"=dword:00000000
"Width18"=dword:0000004b
"Position19"=dword:00000013
"Visible19"=dword:00000000
"Width19"=dword:00000050
"Position20"=dword:00000014
"Visible20"=dword:00000000
"Width20"=dword:00000046
"Position21"=dword:00000015
"Visible21"=dword:00000000
"Width21"=dword:0000004b
"Position22"=dword:00000016
"Visible22"=dword:00000000
"Width22"=dword:00000046
"Position23"=dword:00000017
"Visible23"=dword:00000000
"Width23"=dword:00000046
"Position24"=dword:00000018
"Visible24"=dword:00000000
"Width24"=dword:0000003c
"Position25"=dword:00000019
"Visible25"=dword:00000000
"Width25"=dword:00000041
"Position26"=dword:0000001a
"Visible26"=dword:00000000
"Width26"=dword:0000003c
"Position27"=dword:0000001b
"Visible27"=dword:00000000
"Width27"=dword:00000055
"Position28"=dword:0000001c
"Visible28"=dword:00000000
"Width28"=dword:00000069
"Position29"=dword:0000001d
"Visible29"=dword:00000000
"Width29"=dword:0000006e
"Position30"=dword:0000001e
"Visible30"=dword:00000000
"Width30"=dword:00000064
"Position31"=dword:0000001f
"Visible31"=dword:00000000
"Width31"=dword:00000078
"Position32"=dword:00000020
"Visible32"=dword:00000000
"Width32"=dword:00000064
"Position33"=dword:00000021
"Visible33"=dword:00000000
"Width33"=dword:00000087
"Position34"=dword:00000022
"Visible34"=dword:00000000
"Width34"=dword:00000069
"Position35"=dword:00000023
"Visible35"=dword:00000000
"Width35"=dword:0000006e
"Position36"=dword:00000024
"Visible36"=dword:00000000
"Width36"=dword:00000073
"Position37"=dword:00000025
"Visible37"=dword:00000000
"Width37"=dword:0000004b
"Position38"=dword:00000026
"Visible38"=dword:00000000
"Width38"=dword:0000002d
"Position39"=dword:00000027
"Visible39"=dword:00000000
"Width39"=dword:00000055
"Position40"=dword:00000028
"Visible40"=dword:00000000
"Width40"=dword:00000046
"Position41"=dword:00000029
"Visible41"=dword:00000000
"Width41"=dword:0000004b
"Position42"=dword:0000002a
"Visible42"=dword:00000000
"Width42"=dword:0000003c
"Position43"=dword:0000002b
"Visible43"=dword:00000000
"Width43"=dword:00000046
"Position44"=dword:0000002c
"Visible44"=dword:00000000
"Width44"=dword:00000073
"Position45"=dword:0000002d
"Visible45"=dword:00000000
"Width45"=dword:0000004b
"Position46"=dword:0000002e
"Visible46"=dword:00000000
"Width46"=dword:00000073
"Position47"=dword:0000002f
"Visible47"=dword:00000000
"Width47"=dword:0000007d
"Position48"=dword:00000030
"Visible48"=dword:00000000
"Width48"=dword:0000006e
"Position49"=dword:00000031
"Visible49"=dword:00000000
"Width49"=dword:00000037
"Position50"=dword:00000032
"Visible50"=dword:00000000
"Width50"=dword:00000064
"Position51"=dword:00000033
"Visible51"=dword:00000000
"Width51"=dword:00000037
"Position52"=dword:00000034
"Visible52"=dword:00000000
"Width52"=dword:0000004b
"Position53"=dword:00000035
"Visible53"=dword:00000000
"Width53"=dword:00000046
"Position54"=dword:00000036
"Visible54"=dword:00000000
"Width54"=dword:00000037
"Position55"=dword:00000037
"Visible55"=dword:00000000
"Width55"=dword:0000003c
"Position56"=dword:00000038
"Visible56"=dword:00000000
"Width56"=dword:00000055
"Position57"=dword:00000039
"Visible57"=dword:00000000
"Width57"=dword:0000003c
"Position58"=dword:0000003a
"Visible58"=dword:00000000
"Width58"=dword:0000003c
"Position59"=dword:0000003b
"Visible59"=dword:00000000
"Width59"=dword:00000055
"Position60"=dword:0000003c
"Visible60"=dword:00000000
"Width60"=dword:00000046
"Position61"=dword:0000003d
"Visible61"=dword:00000000
"Width61"=dword:0000004b
"Position62"=dword:0000003e
"Visible62"=dword:00000000
"Width62"=dword:00000055
"Position63"=dword:0000003f
"Visible63"=dword:00000000
"Width63"=dword:0000005a
"Position64"=dword:00000040
"Visible64"=dword:00000000
"Width64"=dword:0000006e
"Position65"=dword:00000041
"Visible65"=dword:00000000
"Width65"=dword:00000050
"Position66"=dword:00000042
"Visible66"=dword:00000000
"Width66"=dword:00000032
"Position67"=dword:00000043
"Visible67"=dword:00000000
"Width67"=dword:00000064
"Position68"=dword:00000044
"Visible68"=dword:00000000
"Width68"=dword:0000004b
"Position69"=dword:00000045
"Visible69"=dword:00000000
"Width69"=dword:0000002d
"Position70"=dword:00000046
"Visible70"=dword:00000000
"Width70"=dword:0000004b
"Position71"=dword:00000047
"Visible71"=dword:00000000
"Width71"=dword:0000005a
"Position72"=dword:00000048
"Visible72"=dword:00000000
"Width72"=dword:0000005a
"Position73"=dword:00000049
"Visible73"=dword:00000000
"Width73"=dword:00000050
"Position74"=dword:0000004a
"Visible74"=dword:00000000
"Width74"=dword:0000004b
"Position75"=dword:0000004b
"Visible75"=dword:00000000
"Width75"=dword:00000050
"Position76"=dword:0000004c
"Visible76"=dword:00000000
"Width76"=dword:0000005a
"Position77"=dword:0000004d
"Visible77"=dword:00000000
"Width77"=dword:00000041
"Position78"=dword:0000004e
"Visible78"=dword:00000000
"Width78"=dword:00000041
"Position79"=dword:0000004f
"Visible79"=dword:00000000
"Width79"=dword:00000041
"Position80"=dword:00000050
"Visible80"=dword:00000000
"Width80"=dword:00000041
"Position81"=dword:00000051
"Visible81"=dword:00000000
"Width81"=dword:00000041
"Position82"=dword:00000052
"Visible82"=dword:00000000
"Width82"=dword:00000041
"Position83"=dword:00000053
"Visible83"=dword:00000000
"Width83"=dword:00000041
"Position84"=dword:00000054
"Visible84"=dword:00000000
"Width84"=dword:00000041
"Position85"=dword:00000055
"Visible85"=dword:00000000
"Width85"=dword:00000041
"Position86"=dword:00000056
"Visible86"=dword:00000000
"Width86"=dword:00000050
[HKEY_USERS\S-1-5-21-583907252-2049760794-725345543-1003\Software\G*e*n*i*e*"!\FM Genie Scout 2008\Rating Coefficients]
"GKWeightCoef"=dword:00000064
"GKCurrentAbilityCoef"=dword:00000000
"GKCornersCoef"=dword:00000000
"GKCrossingCoef"=dword:00000000
"GKDribblingCoef"=dword:00000000
"GKFinishingCoef"=dword:00000000
"GKFirstTouchCoef"=dword:00000000
"GKFreeKicksCoef"=dword:00000000
"GKHeadingCoef"=dword:00000000
"GKLongShotsCoef"=dword:00000000
"GKLongThrowsCoef"=dword:00000000
"GKMarkingCoef"=dword:00000000
"GKPassingCoef"=dword:00000000
"GKPenaltiesCoef"=dword:00000000
"GKTacklingCoef"=dword:00000005
"GKTechniqueCoef"=dword:00000000
"GKLeftFootCoef"=dword:00000000
"GKRightFootCoef"=dword:00000000
"GKAggressionCoef"=dword:0000000a
"GKAnticipationCoef"=dword:00000005
"GKBraveryCoef"=dword:00000014
"GKComposureCoef"=dword:00000014
"GKConcentrationCoef"=dword:0000000a
"GKConsistencyCoef"=dword:0000000a
"GKCreativityCoef"=dword:00000000
"GKDecisionsCoef"=dword:00000014
"GKDeterminationCoef"=dword:0000000a
"GKDirtinessCoef"=dword:fffffffb
"GKFlairCoef"=dword:00000000
"GKImportantMatchesCoef"=dword:0000000a
"GKInfluenceCoef"=dword:0000000a
"GKOffTheBallCoef"=dword:00000000
"GKPositioningCoef"=dword:00000050
"GKTeamworkCoef"=dword:00000005
"GKWorkRateCoef"=dword:00000000
"GKAccelerationCoef"=dword:00000005
"GKAgilityCoef"=dword:0000000a
"GKBalanceCoef"=dword:0000000a
"GKInjuryPronenessCoef"=dword:fffffffb
"GKJumpingCoef"=dword:00000050
"GKNaturalFitnessCoef"=dword:00000005
"GKPaceCoef"=dword:00000000
"GKStaminaCoef"=dword:00000000
"GKStrengthCoef"=dword:0000000a
"GKVersatilityCoef"=dword:00000000
"GKAerialAbilityCoef"=dword:00000032
"GKCommandOfAreaCoef"=dword:00000014
"GKCommunicationCoef"=dword:00000032
"GKEccentricityCoef"=dword:ffffffec
"GKHandlingCoef"=dword:00000064
"GKKickingCoef"=dword:0000000a
"GKOneOnOnesCoef"=dword:00000032
"GKReflexesCoef"=dword:00000064
"GKRushingOutCoef"=dword:00000014
"GKTendencyToPunchCoef"=dword:fffffff6
"GKThrowingCoef"=dword:0000000a
"GKAdaptabilityCoef"=dword:00000005
"GKAmbitionCoef"=dword:0000000a
"GKControversyCoef"=dword:fffffffb
"GKLoyalityCoef"=dword:00000005
"GKPressureCoef"=dword:00000005
"GKProfessionalismCoef"=dword:00000005
"GKSportsmanshipCoef"=dword:00000005
"GKTemperamentCoef"=dword:00000005
"SWWeightCoef"=dword:00000066
"SWCurrentAbilityCoef"=dword:00000000
"SWCornersCoef"=dword:00000000
"SWCrossingCoef"=dword:00000000
"SWDribblingCoef"=dword:00000000
"SWFinishingCoef"=dword:00000000
"SWFirstTouchCoef"=dword:00000014
"SWFreeKicksCoef"=dword:0000000a
"SWHeadingCoef"=dword:00000064
"SWLongShotsCoef"=dword:0000000a
"SWLongThrowsCoef"=dword:00000000
"SWMarkingCoef"=dword:00000064
"SWPassingCoef"=dword:0000000a
"SWPenaltiesCoef"=dword:00000005
"SWTacklingCoef"=dword:00000064
"SWTechniqueCoef"=dword:0000000a
"SWLeftFootCoef"=dword:00000005
"SWRightFootCoef"=dword:00000005
"SWAggressionCoef"=dword:00000014
"SWAnticipationCoef"=dword:00000014
"SWBraveryCoef"=dword:00000028
"SWComposureCoef"=dword:00000028
"SWConcentrationCoef"=dword:0000003c
"SWConsistencyCoef"=dword:0000000a
"SWCreativityCoef"=dword:0000000a
"SWDecisionsCoef"=dword:00000014
"SWDeterminationCoef"=dword:0000000a
"SWDirtinessCoef"=dword:ffffffe7
"SWFlairCoef"=dword:00000000
"SWImportantMatchesCoef"=dword:0000000a
"SWInfluenceCoef"=dword:0000000a
"SWOffTheBallCoef"=dword:0000000a
"SWPositioningCoef"=dword:00000064
"SWTeamworkCoef"=dword:00000028
"SWWorkRateCoef"=dword:00000014
"SWAccelerationCoef"=dword:0000001e
"SWAgilityCoef"=dword:0000000a
"SWBalanceCoef"=dword:00000014
"SWInjuryPronenessCoef"=dword:fffffffb
"SWJumpingCoef"=dword:00000064
"SWNaturalFitnessCoef"=dword:00000005
"SWPaceCoef"=dword:00000014
"SWStaminaCoef"=dword:0000000a
"SWStrengthCoef"=dword:00000050
"SWVersatilityCoef"=dword:00000005
"SWAerialAbilityCoef"=dword:00000000
"SWCommandOfAreaCoef"=dword:00000000
"SWCommunicationCoef"=dword:00000000
"SWEccentricityCoef"=dword:00000000
"SWHandlingCoef"=dword:00000000
"SWKickingCoef"=dword:00000000
"SWOneOnOnesCoef"=dword:00000005
"SWReflexesCoef"=dword:00000005
"SWRushingOutCoef"=dword:00000000
"SWTendencyToPunchCoef"=dword:00000000
"SWThrowingCoef"=dword:00000000
"SWAdaptabilityCoef"=dword:00000005
"SWAmbitionCoef"=dword:0000000a
"SWControversyCoef"=dword:fffffffb
"SWLoyalityCoef"=dword:00000005
"SWPressureCoef"=dword:00000005
"SWProfessionalismCoef"=dword:00000005
"SWSportsmanshipCoef"=dword:00000005
"SWTemperamentCoef"=dword:00000005
"CBWeightCoef"=dword:00000064
"CBCurrentAbilityCoef"=dword:00000000
"CBCornersCoef"=dword:00000000
"CBCrossingCoef"=dword:00000000
"CBDribblingCoef"=dword:00000000
"CBFinishingCoef"=dword:00000000
"CBFirstTouchCoef"=dword:00000014
"CBFreeKicksCoef"=dword:0000000a
"CBHeadingCoef"=dword:00000064
"CBLongShotsCoef"=dword:0000000a
"CBLongThrowsCoef"=dword:00000000
"CBMarkingCoef"=dword:00000050
"CBPassingCoef"=dword:00000014
"CBPenaltiesCoef"=dword:00000005
"CBTacklingCoef"=dword:00000064
"CBTechniqueCoef"=dword:0000000a
"CBLeftFootCoef"=dword:00000005
"CBRightFootCoef"=dword:00000005
"CBAggressionCoef"=dword:00000014
"CBAnticipationCoef"=dword:00000014
"CBBraveryCoef"=dword:00000028
"CBComposureCoef"=dword:00000014
"CBConcentrationCoef"=dword:00000028
"CBConsistencyCoef"=dword:0000000a
"CBCreativityCoef"=dword:0000000a
"CBDecisionsCoef"=dword:00000014
"CBDeterminationCoef"=dword:0000000a
"CBDirtinessCoef"=dword:ffffffec
"CBFlairCoef"=dword:00000000
"CBImportantMatchesCoef"=dword:0000000a
"CBInfluenceCoef"=dword:0000000a
"CBOffTheBallCoef"=dword:0000000a
"CBPositioningCoef"=dword:00000050
"CBTeamworkCoef"=dword:00000028
"CBWorkRateCoef"=dword:00000014
"CBAccelerationCoef"=dword:00000028
"CBAgilityCoef"=dword:0000000a
"CBBalanceCoef"=dword:00000014
"CBInjuryPronenessCoef"=dword:fffffffb
"CBJumpingCoef"=dword:00000064
"CBNaturalFitnessCoef"=dword:00000005
"CBPaceCoef"=dword:0000001e
"CBStaminaCoef"=dword:0000000a
"CBStrengthCoef"=dword:0000003c
"CBVersatilityCoef"=dword:00000005
"CBAerialAbilityCoef"=dword:00000000
"CBCommandOfAreaCoef"=dword:00000000
"CBCommunicationCoef"=dword:00000000
"CBEccentricityCoef"=dword:00000000
"CBHandlingCoef"=dword:00000000
"CBKickingCoef"=dword:00000000
"CBOneOnOnesCoef"=dword:00000005
"CBReflexesCoef"=dword:00000005
"CBRushingOutCoef"=dword:00000000
"CBTendencyToPunchCoef"=dword:00000000
"CBThrowingCoef"=dword:00000000
"CBAdaptabilityCoef"=dword:00000005
"CBAmbitionCoef"=dword:0000000a
"CBControversyCoef"=dword:fffffffb
"CBLoyalityCoef"=dword:00000005
"CBPressureCoef"=dword:00000005
"CBProfessionalismCoef"=dword:00000005
"CBSportsmanshipCoef"=dword:00000005
"CBTemperamentCoef"=dword:00000005
"FBWeightCoef"=dword:00000069
"FBCurrentAbilityCoef"=dword:00000000
"FBCornersCoef"=dword:0000000a
"FBCrossingCoef"=dword:0000001e
"FBDribblingCoef"=dword:00000014
"FBFinishingCoef"=dword:00000000
"FBFirstTouchCoef"=dword:00000014
"FBFreeKicksCoef"=dword:0000000a
"FBHeadingCoef"=dword:0000003c
"FBLongShotsCoef"=dword:0000000a
"FBLongThrowsCoef"=dword:0000000a
"FBMarkingCoef"=dword:0000003c
"FBPassingCoef"=dword:0000001e
"FBPenaltiesCoef"=dword:00000005
"FBTacklingCoef"=dword:00000064
"FBTechniqueCoef"=dword:00000014
"FBLeftFootCoef"=dword:00000005
"FBRightFootCoef"=dword:00000005
"FBAggressionCoef"=dword:0000000f
"FBAnticipationCoef"=dword:00000050
"FBBraveryCoef"=dword:00000014
"FBComposureCoef"=dword:0000000a
"FBConcentrationCoef"=dword:0000001e
"FBConsistencyCoef"=dword:0000000a
"FBCreativityCoef"=dword:0000000a
"FBDecisionsCoef"=dword:00000014
"FBDeterminationCoef"=dword:0000000a
"FBDirtinessCoef"=dword:fffffff6
"FBFlairCoef"=dword:00000005
"FBImportantMatchesCoef"=dword:0000000a
"FBInfluenceCoef"=dword:0000000a
"FBOffTheBallCoef"=dword:00000014
"FBPositioningCoef"=dword:00000064
"FBTeamworkCoef"=dword:00000014
"FBWorkRateCoef"=dword:00000014
"FBAccelerationCoef"=dword:0000003c
"FBAgilityCoef"=dword:0000000a
"FBBalanceCoef"=dword:00000014
"FBInjuryPronenessCoef"=dword:fffffffb
"FBJumpingCoef"=dword:0000003c
"FBNaturalFitnessCoef"=dword:00000005
"FBPaceCoef"=dword:00000050
"FBStaminaCoef"=dword:0000003c
"FBStrengthCoef"=dword:00000028
"FBVersatilityCoef"=dword:00000005
"FBAerialAbilityCoef"=dword:00000000
"FBCommandOfAreaCoef"=dword:00000000
"FBCommunicationCoef"=dword:00000000
"FBEccentricityCoef"=dword:00000000
"FBHandlingCoef"=dword:00000000
"FBKickingCoef"=dword:00000000
"FBOneOnOnesCoef"=dword:00000005
"FBReflexesCoef"=dword:00000005
"FBRushingOutCoef"=dword:00000000
"FBTendencyToPunchCoef"=dword:00000000
"FBThrowingCoef"=dword:00000000
"FBAdaptabilityCoef"=dword:00000005
"FBAmbitionCoef"=dword:0000000a
"FBControversyCoef"=dword:fffffffb
"FBLoyalityCoef"=dword:00000005
"FBPressureCoef"=dword:00000005
"FBProfessionalismCoef"=dword:00000005
"FBSportsmanshipCoef"=dword:00000005
"FBTemperamentCoef"=dword:00000005
"WBWeightCoef"=dword:0000006c
"WBCurrentAbilityCoef"=dword:00000000
"WBCornersCoef"=dword:0000000a
"WBCrossingCoef"=dword:0000003c
"WBDribblingCoef"=dword:00000028
"WBFinishingCoef"=dword:0000000a
"WBFirstTouchCoef"=dword:00000014
"WBFreeKicksCoef"=dword:0000000a
"WBHeadingCoef"=dword:00000028
"WBLongShotsCoef"=dword:00000014
"WBLongThrowsCoef"=dword:0000000a
"WBMarkingCoef"=dword:0000003c
"WBPassingCoef"=dword:00000028
"WBPenaltiesCoef"=dword:00000005
"WBTacklingCoef"=dword:00000064
"WBTechniqueCoef"=dword:00000028
"WBLeftFootCoef"=dword:00000005
"WBRightFootCoef"=dword:00000005
"WBAggressionCoef"=dword:0000000a
"WBAnticipationCoef"=dword:00000050
"WBBraveryCoef"=dword:0000000a
"WBComposureCoef"=dword:0000000a
"WBConcentrationCoef"=dword:00000014
"WBConsistencyCoef"=dword:0000000a
"WBCreativityCoef"=dword:00000014
"WBDecisionsCoef"=dword:00000014
"WBDeterminationCoef"=dword:0000000a
"WBDirtinessCoef"=dword:fffffff6
"WBFlairCoef"=dword:0000000a
"WBImportantMatchesCoef"=dword:0000000a
"WBInfluenceCoef"=dword:0000000a
"WBOffTheBallCoef"=dword:00000014
"WBPositioningCoef"=dword:00000064
"WBTeamworkCoef"=dword:00000014
"WBWorkRateCoef"=dword:00000028
"WBAccelerationCoef"=dword:00000050
"WBAgilityCoef"=dword:0000000a
"WBBalanceCoef"=dword:00000014
"WBInjuryPronenessCoef"=dword:fffffffb
"WBJumpingCoef"=dword:00000014
"WBNaturalFitnessCoef"=dword:00000005
"WBPaceCoef"=dword:00000064
"WBStaminaCoef"=dword:00000050
"WBStrengthCoef"=dword:00000028
"WBVersatilityCoef"=dword:00000005
"WBAerialAbilityCoef"=dword:00000000
"WBCommandOfAreaCoef"=dword:00000000
"WBCommunicationCoef"=dword:00000000
"WBEccentricityCoef"=dword:00000000
"WBHandlingCoef"=dword:00000000
"WBKickingCoef"=dword:00000000
"WBOneOnOnesCoef"=dword:00000005
"WBReflexesCoef"=dword:00000005
"WBRushingOutCoef"=dword:00000000
"WBTendencyToPunchCoef"=dword:00000000
"WBThrowingCoef"=dword:00000000
"WBAdaptabilityCoef"=dword:00000005
"WBAmbitionCoef"=dword:0000000a
"WBControversyCoef"=dword:fffffffb
"WBLoyalityCoef"=dword:00000005
"WBPressureCoef"=dword:00000005
"WBProfessionalismCoef"=dword:00000005
"WBSportsmanshipCoef"=dword:00000005
"WBTemperamentCoef"=dword:00000005
"DMWeightCoef"=dword:00000067
"DMCurrentAbilityCoef"=dword:00000000
"DMCornersCoef"=dword:0000000a
"DMCrossingCoef"=dword:0000001e
"DMDribblingCoef"=dword:00000014
"DMFinishingCoef"=dword:0000000a
"DMFirstTouchCoef"=dword:0000001e
"DMFreeKicksCoef"=dword:0000000a
"DMHeadingCoef"=dword:00000028
"DMLongShotsCoef"=dword:00000014
"DMLongThrowsCoef"=dword:00000005
"DMMarkingCoef"=dword:0000003c
"DMPassingCoef"=dword:00000028
"DMPenaltiesCoef"=dword:00000005
"DMTacklingCoef"=dword:00000064
"DMTechniqueCoef"=dword:0000001e
"DMLeftFootCoef"=dword:00000005
"DMRightFootCoef"=dword:00000005
"DMAggressionCoef"=dword:00000028
"DMAnticipationCoef"=dword:00000028
"DMBraveryCoef"=dword:00000014
"DMComposureCoef"=dword:0000000a
"DMConcentrationCoef"=dword:00000014
"DMConsistencyCoef"=dword:0000000a
"DMCreativityCoef"=dword:00000014
"DMDecisionsCoef"=dword:00000014
"DMDeterminationCoef"=dword:0000000a
"DMDirtinessCoef"=dword:fffffff6
"DMFlairCoef"=dword:0000000a
"DMImportantMatchesCoef"=dword:0000000a
"DMInfluenceCoef"=dword:0000000a
"DMOffTheBallCoef"=dword:0000001e
"DMPositioningCoef"=dword:00000050
"DMTeamworkCoef"=dword:00000028
"DMWorkRateCoef"=dword:00000050
"DMAccelerationCoef"=dword:00000028
"DMAgilityCoef"=dword:0000000a
"DMBalanceCoef"=dword:0000000a
"DMInjuryPronenessCoef"=dword:fffffffb
"DMJumpingCoef"=dword:00000028
"DMNaturalFitnessCoef"=dword:00000005
"DMPaceCoef"=dword:00000028
"DMStaminaCoef"=dword:0000003c
"DMStrengthCoef"=dword:00000028
"DMVersatilityCoef"=dword:00000005
"DMAerialAbilityCoef"=dword:00000000
"DMCommandOfAreaCoef"=dword:00000000
"DMCommunicationCoef"=dword:00000000
"DMEccentricityCoef"=dword:00000000
"DMHandlingCoef"=dword:00000000
"DMKickingCoef"=dword:00000000
"DMOneOnOnesCoef"=dword:00000005
"DMReflexesCoef"=dword:00000005
"DMRushingOutCoef"=dword:00000000
"DMTendencyToPunchCoef"=dword:00000000
"DMThrowingCoef"=dword:00000000
"DMAdaptabilityCoef"=dword:00000005
"DMAmbitionCoef"=dword:0000000a
"DMControversyCoef"=dword:fffffffb
"DMLoyalityCoef"=dword:00000005
"DMPressureCoef"=dword:00000005
"DMProfessionalismCoef"=dword:00000005
"DMSportsmanshipCoef"=dword:00000005
"DMTemperamentCoef"=dword:00000005
"MWeightCoef"=dword:00000068
"MCurrentAbilityCoef"=dword:00000000
"MCornersCoef"=dword:0000000a
"MCrossingCoef"=dword:00000028
"MDribblingCoef"=dword:00000032
"MFinishingCoef"=dword:00000014
"MFirstTouchCoef"=dword:0000001e
"MFreeKicksCoef"=dword:0000000a
"MHeadingCoef"=dword:0000001e
"MLongShotsCoef"=dword:00000014
"MLongThrowsCoef"=dword:00000005
"MMarkingCoef"=dword:00000028
"MPassingCoef"=dword:00000046
"MPenaltiesCoef"=dword:00000005
"MTacklingCoef"=dword:0000003c
"MTechniqueCoef"=dword:00000032
"MLeftFootCoef"=dword:00000005
"MRightFootCoef"=dword:00000005
"MAggressionCoef"=dword:0000001e
"MAnticipationCoef"=dword:00000028
"MBraveryCoef"=dword:0000000a
"MComposureCoef"=dword:0000000a
"MConcentrationCoef"=dword:0000000a
"MConsistencyCoef"=dword:0000000a
"MCreativityCoef"=dword:0000003c
"MDecisionsCoef"=dword:0000001e
"MDeterminationCoef"=dword:0000000a
"MDirtinessCoef"=dword:fffffffb
"MFlairCoef"=dword:0000000a
"MImportantMatchesCoef"=dword:0000000a
"MInfluenceCoef"=dword:0000000a
"MOffTheBallCoef"=dword:00000028
"MPositioningCoef"=dword:00000028
"MTeamworkCoef"=dword:00000032
"MWorkRateCoef"=dword:00000032
"MAccelerationCoef"=dword:00000032
"MAgilityCoef"=dword:0000000a
"MBalanceCoef"=dword:0000000a
"MInjuryPronenessCoef"=dword:fffffffb
"MJumpingCoef"=dword:00000028
"MNaturalFitnessCoef"=dword:00000005
"MPaceCoef"=dword:00000028
"MStaminaCoef"=dword:0000003c
"MStrengthCoef"=dword:0000001e
"MVersatilityCoef"=dword:00000005
"MAerialAbilityCoef"=dword:00000000
"MCommandOfAreaCoef"=dword:00000000
"MCommunicationCoef"=dword:00000000
"MEccentricityCoef"=dword:00000000
"MHandlingCoef"=dword:00000000
"MKickingCoef"=dword:00000000
"MOneOnOnesCoef"=dword:00000005
"MReflexesCoef"=dword:00000005
"MRushingOutCoef"=dword:00000000
"MTendencyToPunchCoef"=dword:00000000
"MThrowingCoef"=dword:00000000
"MAdaptabilityCoef"=dword:00000005
"MAmbitionCoef"=dword:0000000a
"MControversyCoef"=dword:fffffffb
"MLoyalityCoef"=dword:00000005
"MPressureCoef"=dword:00000005
"MProfessionalismCoef"=dword:00000005
"MSportsmanshipCoef"=dword:00000005
"MTemperamentCoef"=dword:00000005
"AMWeightCoef"=dword:00000068
"AMCurrentAbilityCoef"=dword:00000000
"AMCornersCoef"=dword:0000000a
"AMCrossingCoef"=dword:0000003c
"AMDribblingCoef"=dword:00000050
"AMFinishingCoef"=dword:00000028
"AMFirstTouchCoef"=dword:0000001e
"AMFreeKicksCoef"=dword:0000000a
"AMHeadingCoef"=dword:00000014
"AMLongShotsCoef"=dword:00000014
"AMLongThrowsCoef"=dword:00000005
"AMMarkingCoef"=dword:0000000a
"AMPassingCoef"=dword:00000064
"AMPenaltiesCoef"=dword:00000005
"AMTacklingCoef"=dword:0000000a
"AMTechniqueCoef"=dword:00000050
"AMLeftFootCoef"=dword:00000005
"AMRightFootCoef"=dword:00000005
"AMAggressionCoef"=dword:0000000a
"AMAnticipationCoef"=dword:0000001e
"AMBraveryCoef"=dword:0000000a
"AMComposureCoef"=dword:0000000a
"AMConcentrationCoef"=dword:0000000a
"AMConsistencyCoef"=dword:0000000a
"AMCreativityCoef"=dword:00000064
"AMDecisionsCoef"=dword:00000028
"AMDeterminationCoef"=dword:0000000a
"AMDirtinessCoef"=dword:fffffffb
"AMFlairCoef"=dword:00000014
"AMImportantMatchesCoef"=dword:0000000a
"AMInfluenceCoef"=dword:0000000a
"AMOffTheBallCoef"=dword:0000003c
"AMPositioningCoef"=dword:00000014
"AMTeamworkCoef"=dword:0000003c
"AMWorkRateCoef"=dword:00000014
"AMAccelerationCoef"=dword:0000003c
"AMAgilityCoef"=dword:0000000a
"AMBalanceCoef"=dword:0000000a
"AMInjuryPronenessCoef"=dword:fffffffb
"AMJumpingCoef"=dword:00000014
"AMNaturalFitnessCoef"=dword:00000005
"AMPaceCoef"=dword:0000003c
"AMStaminaCoef"=dword:0000003c
"AMStrengthCoef"=dword:00000014
"AMVersatilityCoef"=dword:00000005
"AMAerialAbilityCoef"=dword:00000000
"AMCommandOfAreaCoef"=dword:00000000
"AMCommunicationCoef"=dword:00000000
"AMEccentricityCoef"=dword:00000000
"AMHandlingCoef"=dword:00000000
"AMKickingCoef"=dword:00000000
"AMOneOnOnesCoef"=dword:00000005
"AMReflexesCoef"=dword:00000005
"AMRushingOutCoef"=dword:00000000
"AMTendencyToPunchCoef"=dword:00000000
"AMThrowingCoef"=dword:00000000
"AMAdaptabilityCoef"=dword:00000005
"AMAmbitionCoef"=dword:0000000a
"AMControversyCoef"=dword:fffffffb
"AMLoyalityCoef"=dword:00000005
"AMPressureCoef"=dword:00000005
"AMProfessionalismCoef"=dword:00000005
"AMSportsmanshipCoef"=dword:00000005
"AMTemperamentCoef"=dword:00000005
"WWeightCoef"=dword:00000069
"WCurrentAbilityCoef"=dword:00000000
"WCornersCoef"=dword:0000000a
"WCrossingCoef"=dword:00000064
"WDribblingCoef"=dword:00000064
"WFinishingCoef"=dword:0000003c
"WFirstTouchCoef"=dword:0000001e
"WFreeKicksCoef"=dword:0000000a
"WHeadingCoef"=dword:00000014
"WLongShotsCoef"=dword:00000014
"WLongThrowsCoef"=dword:00000005
"WMarkingCoef"=dword:0000000a
"WPassingCoef"=dword:0000003c
"WPenaltiesCoef"=dword:00000005
"WTacklingCoef"=dword:0000000a
"WTechniqueCoef"=dword:00000050
"WLeftFootCoef"=dword:00000005
"WRightFootCoef"=dword:00000005
"WAggressionCoef"=dword:0000000a
"WAnticipationCoef"=dword:00000014
"WBraveryCoef"=dword:0000000a
"WComposureCoef"=dword:0000000a
"WConcentrationCoef"=dword:0000000a
"WConsistencyCoef"=dword:0000000a
"WCreativityCoef"=dword:0000003c
"WDecisionsCoef"=dword:00000014
"WDeterminationCoef"=dword:0000000a
"WDirtinessCoef"=dword:fffffffb
"WFlairCoef"=dword:0000000a
"WImportantMatchesCoef"=dword:00000014
"WInfluenceCoef"=dword:0000000a
"WOffTheBallCoef"=dword:0000003c
"WPositioningCoef"=dword:00000014
"WTeamworkCoef"=dword:0000001e
"WWorkRateCoef"=dword:0000001e
"WAccelerationCoef"=dword:00000050
"WAgilityCoef"=dword:00000014
"WBalanceCoef"=dword:0000000a
"WInjuryPronenessCoef"=dword:fffffffb
"WJumpingCoef"=dword:00000014
"WNaturalFitnessCoef"=dword:00000005
"WPaceCoef"=dword:00000064
"WStaminaCoef"=dword:0000003c
"WStrengthCoef"=dword:00000014
"WVersatilityCoef"=dword:00000005
"WAerialAbilityCoef"=dword:00000000
"WCommandOfAreaCoef"=dword:00000000
"WCommunicationCoef"=dword:00000000
"WEccentricityCoef"=dword:00000000
"WHandlingCoef"=dword:00000000
"WKickingCoef"=dword:00000000
"WOneOnOnesCoef"=dword:00000005
"WReflexesCoef"=dword:00000005
"WRushingOutCoef"=dword:00000000
"WTendencyToPunchCoef"=dword:00000000
"WThrowingCoef"=dword:00000000
"WAdaptabilityCoef"=dword:00000005
"WAmbitionCoef"=dword:0000000a
"WControversyCoef"=dword:fffffffb
"WLoyalityCoef"=dword:00000005
"WPressureCoef"=dword:00000005
"WProfessionalismCoef"=dword:00000005
"WSportsmanshipCoef"=dword:00000005
"WTemperamentCoef"=dword:00000005
"FSTWeightCoef"=dword:00000067
"FSTCurrentAbilityCoef"=dword:00000000
"FSTCornersCoef"=dword:0000000a
"FSTCrossingCoef"=dword:0000000a
"FSTDribblingCoef"=dword:00000050
"FSTFinishingCoef"=dword:00000064
"FSTFirstTouchCoef"=dword:00000028
"FSTFreeKicksCoef"=dword:0000000a
"FSTHeadingCoef"=dword:00000028
"FSTLongShotsCoef"=dword:00000014
"FSTLongThrowsCoef"=dword:00000000
"FSTMarkingCoef"=dword:00000000
"FSTPassingCoef"=dword:00000028
"FSTPenaltiesCoef"=dword:00000005
"FSTTacklingCoef"=dword:00000000
"FSTTechniqueCoef"=dword:00000050
"FSTLeftFootCoef"=dword:00000005
"FSTRightFootCoef"=dword:00000005
"FSTAggressionCoef"=dword:0000000a
"FSTAnticipationCoef"=dword:0000000a
"FSTBraveryCoef"=dword:0000000a
"FSTComposureCoef"=dword:0000000a
"FSTConcentrationCoef"=dword:0000000a
"FSTConsistencyCoef"=dword:0000000a
"FSTCreativityCoef"=dword:00000028
"FSTDecisionsCoef"=dword:0000000a
"FSTDeterminationCoef"=dword:0000000a
"FSTDirtinessCoef"=dword:fffffffb
"FSTFlairCoef"=dword:0000000a
"FSTImportantMatchesCoef"=dword:0000000a
"FSTInfluenceCoef"=dword:0000000a
"FSTOffTheBallCoef"=dword:00000050
"FSTPositioningCoef"=dword:0000000a
"FSTTeamworkCoef"=dword:0000000a
"FSTWorkRateCoef"=dword:0000000a
"FSTAccelerationCoef"=dword:00000064
"FSTAgilityCoef"=dword:00000028
"FSTBalanceCoef"=dword:0000000a
"FSTInjuryPronenessCoef"=dword:fffffffb
"FSTJumpingCoef"=dword:00000014
"FSTNaturalFitnessCoef"=dword:00000005
"FSTPaceCoef"=dword:00000064
"FSTStaminaCoef"=dword:00000028
"FSTStrengthCoef"=dword:00000014
"FSTVersatilityCoef"=dword:00000005
"FSTAerialAbilityCoef"=dword:00000000
"FSTCommandOfAreaCoef"=dword:00000000
"FSTCommunicationCoef"=dword:00000000
"FSTEccentricityCoef"=dword:00000000
"FSTHandlingCoef"=dword:00000000
"FSTKickingCoef"=dword:00000000
"FSTOneOnOnesCoef"=dword:00000005
"FSTReflexesCoef"=dword:00000005
"FSTRushingOutCoef"=dword:00000000
"FSTTendencyToPunchCoef"=dword:00000000
"FSTThrowingCoef"=dword:00000000
"FSTAdaptabilityCoef"=dword:00000005
"FSTAmbitionCoef"=dword:0000000a
"FSTControversyCoef"=dword:fffffffb
"FSTLoyalityCoef"=dword:00000005
"FSTPressureCoef"=dword:00000005
"FSTProfessionalismCoef"=dword:00000005
"FSTSportsmanshipCoef"=dword:00000005
"FSTTemperamentCoef"=dword:00000005
"TSTWeightCoef"=dword:00000067
"TSTCurrentAbilityCoef"=dword:00000000
"TSTCornersCoef"=dword:00000000
"TSTCrossingCoef"=dword:0000000a
"TSTDribblingCoef"=dword:0000003c
"TSTFinishingCoef"=dword:00000050
"TSTFirstTouchCoef"=dword:0000001e
"TSTFreeKicksCoef"=dword:0000000a
"TSTHeadingCoef"=dword:00000064
"TSTLongShotsCoef"=dword:00000014
"TSTLongThrowsCoef"=dword:00000000
"TSTMarkingCoef"=dword:00000000
"TSTPassingCoef"=dword:00000028
"TSTPenaltiesCoef"=dword:00000005
"TSTTacklingCoef"=dword:00000000
"TSTTechniqueCoef"=dword:00000028
"TSTLeftFootCoef"=dword:00000005
"TSTRightFootCoef"=dword:00000005
"TSTAggressionCoef"=dword:00000014
"TSTAnticipationCoef"=dword:0000000a
"TSTBraveryCoef"=dword:00000014
"TSTComposureCoef"=dword:0000000a
"TSTConcentrationCoef"=dword:0000000a
"TSTConsistencyCoef"=dword:0000000a
"TSTCreativityCoef"=dword:00000014
"TSTDecisionsCoef"=dword:0000000a
"TSTDeterminationCoef"=dword:0000000a
"TSTDirtinessCoef"=dword:fffffffb
"TSTFlairCoef"=dword:0000000a
"TSTImportantMatchesCoef"=dword:0000000a
"TSTInfluenceCoef"=dword:0000000a
"TSTOffTheBallCoef"=dword:00000050
"TSTPositioningCoef"=dword:00000014
"TSTTeamworkCoef"=dword:0000000a
"TSTWorkRateCoef"=dword:0000000a
"TSTAccelerationCoef"=dword:00000028
"TSTAgilityCoef"=dword:00000014
"TSTBalanceCoef"=dword:00000014
"TSTInjuryPronenessCoef"=dword:fffffffb
"TSTJumpingCoef"=dword:00000064
"TSTNaturalFitnessCoef"=dword:00000005
"TSTPaceCoef"=dword:00000028
"TSTStaminaCoef"=dword:00000014
"TSTStrengthCoef"=dword:00000050
"TSTVersatilityCoef"=dword:00000005
"TSTAerialAbilityCoef"=dword:00000000
"TSTCommandOfAreaCoef"=dword:00000000
"TSTCommunicationCoef"=dword:00000000
"TSTEccentricityCoef"=dword:00000000
"TSTHandlingCoef"=dword:00000000
"TSTKickingCoef"=dword:00000000
"TSTOneOnOnesCoef"=dword:00000005
"TSTReflexesCoef"=dword:00000005
"TSTRushingOutCoef"=dword:00000000
"TSTTendencyToPunchCoef"=dword:00000000
"TSTThrowingCoef"=dword:00000000
"TSTAdaptabilityCoef"=dword:00000005
"TSTAmbitionCoef"=dword:0000000a
"TSTControversyCoef"=dword:fffffffb
"TSTLoyalityCoef"=dword:00000005
"TSTPressureCoef"=dword:00000005
"TSTProfessionalismCoef"=dword:00000005
"TSTSportsmanshipCoef"=dword:00000005
"TSTTemperamentCoef"=dword:00000005
[HKEY_USERS\S-1-5-21-583907252-2049760794-725345543-1003\Software\G*e*n*i*e*"!\FM Genie Scout 2009]
"GameDir"="c:\\Documents and Settings\\Ertuğrul\\My Documents\\Sports Interactive\\Football Manager 2009\\games"
"ScreenshotsDir"="c:\\Documents and Settings\\Ertuğrul\\My Documents\\Sports Interactive\\Football Manager 2009"
"SaveDir"="c:\\Documents and Settings\\Ertuğrul\\My Documents\\Sports Interactive\\Football Manager 2009\\"
"LangDB"="d:\\Program Files\\Sports Interactive\\Football Manager 2009\\data\\updates\\update-910\\db\\910\\lang_db.dat"
"Language"="English"
"LoadLangDB"=dword:00000001
"CompressHistoryPoints"=dword:00000000
"HighlightedAttributes"=dword:00000000
"MinCondition"=dword:00000050
"SkinName"="Champions League"
"LastUpdateCheck"=dword:00009b72
"HighQualityGUI"=dword:00000001
"AutomaticallyUpdateCheck"=dword:00000001
"AdvancedGeneration"=dword:00000000
"TranslateStaffSkills"=dword:00000001
"TranslatePlayerSkills"=dword:00000001
"TranslatePositions"=dword:00000001
"ShowHistory"=dword:00000001
"Version"=dword:00000062
"UniqueID"="7A-F5C5-2E23"
"Currency"=dword:00000056
"UseProxy"=dword:00000000
"ProxyHost"=""
"ProxyPort"=""
"UseAuthentication"=dword:00000000
"UserName"=""
"UserPassword"=""
[HKEY_USERS\S-1-5-21-583907252-2049760794-725345543-1003\Software\G*e*n*i*e*"!\FM Genie Scout 2009 XE]
"GameDir"="c:\\Documents and Settings\\Ertuğrul\\My Documents\\Sports Interactive\\Football Manager 2009\\games"
"ScreenshotsDir"="c:\\Documents and Settings\\Ertuğrul\\My Documents\\Sports Interactive\\Football Manager 2009"
"SaveDir"="c:\\Documents and Settings\\Ertuğrul\\My Documents\\Sports Interactive\\Football Manager 2009\\"
"LangDB"="d:\\Program Files\\Sports Interactive\\Football Manager 2009\\data\\updates\\update-910\\db\\910\\lang_db.dat"
"Language"="English"
"LoadLangDB"=dword:00000001
"CompressHistoryPoints"=dword:00000000
"HighlightedAttributes"=dword:00000001
"MinCondition"=dword:00000050
"SkinName"="FM 2009"
"LastUpdateCheck"=dword:00000000
"HighQualityGUI"=dword:00000001
"AutomaticallyUpdateCheck"=dword:00000001
"AdvancedGeneration"=dword:00000000
"TranslateStaffSkills"=dword:00000001
"TranslatePlayerSkills"=dword:00000001
"TranslatePositions"=dword:00000001
"ShowHistory"=dword:00000001
"Version"=dword:00000067
"UniqueID"="74-A500-EE2F"
"UseProxy"=dword:00000000
"ProxyHost"=""
"ProxyPort"=""
"UseAuthentication"=dword:00000000
"UserName"=""
"UserPassword"=""
"Currency"=dword:00000057
"ShortlistDir"=""
"LastSaveGame"="c:\\Documents and Settings\\Ertuğrul\\My Documents\\Sports Interactive\\Football Manager 2009\\games\\prm.fm"
"GraphStep"=dword:00000000
"HistoryDir"="e:\\FM Genie Scout 2009 XE\\History Points"
[HKEY_USERS\S-1-5-21-583907252-2049760794-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{A5F654A6-D37E-702C-F77A-CBDC0752A684}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"abndlhejehnceeoeamolmjabianagdpacg"=hex:61,62,6c,61,65,64,68,6c,69,6a,64,6f,
64,63,61,68,6a,67,63,6e,61,6d,6d,6d,63,6f,62,70,68,67,64,63,6d,6b,00,00
"bbndlhejehnceeoeamnlpjhbfhnbnjnjeiio"=hex:61,62,6f,61,6d,64,70,67,6c,61,6f,62,
6b,61,67,66,64,62,6e,61,6c,70,61,6f,6b,6b,6f,6a,6f,62,63,69,67,70,00,00
[HKEY_USERS\S-1-5-21-583907252-2049760794-725345543-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:46,1e,02,32,2a,36,d6,b0,a8,80,11,81,1f,31,87,70,19,b1,c5,e0,e2,82,24,
4a,87,4b,f6,6f,61,e7,7c,de,54,8f,32,e7,c7,02,b3,da,9f,94,53,56,8a,15,32,9f,\
"??"=hex:93,8c,84,65,13,08,60,23,25,2d,1b,ac,9d,d3,44,25
[HKEY_USERS\S-1-5-21-583907252-2049760794-725345543-1003\Software\SecuROM\License information*]
"datasecu"=hex:3a,28,28,67,76,b8,71,45,20,dd,79,20,2b,4c,fc,b6,f5,23,82,cb,b8,
58,70,04,b0,04,9c,15,36,c3,72,97,1b,25,10,4b,9f,56,31,c7,51,47,63,9f,22,f5,\
"rkeysecu"=hex:ab,9d,fc,ee,d8,0d,00,1f,ce,d1,05,61,4f,b0,80,e9
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}]
@Denied: (Full) (Everyone)
"scansk"=hex(0):0b,07,42,3f,26,79,41,05,04,8c,d9,f3,97,68,e2,c8,eb,1b,54,37,c0,
f5,5f,41,8d,56,d7,c1,84,f4,47,c1,52,e5,84,aa,5e,5b,1e,48,00,00,00,00,00,00,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{f78bf59d-3d52-419a-a62c-99b038915f61}]
@Denied: (Full) (Everyone)
"Model"=dword:0000001e
"Therad"=dword:00000021
"MData"=hex(0):73,d5,cf,b8,a4,07,89,80,31,e4,35,6b,2a,ca,fe,43,98,07,ff,fc,5d,
df,1c,2f,3b,8a,0a,32,11,89,01,b5,02,cd,6b,86,15,cb,7d,ed,7d,6c,6e,d5,d4,88,\
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]
"OODEFRAG11.00.00.01WORKSTATION"="21B31E3B4182DA0DC74AE63A4928BD2579A67C00CA084F2E24B1809E9A083817D64D32AC0E5464CF1DABEDAACBF833BF38338C7CE90677BDA2EA8BE956D34B236503803B92C8AEE7B965E6DCC633745101D6B49497B109B1092BC54DD53400B61C8616E4F902F1C56AB0411D70D2B1EBBDF66708B7FE4A5E7C204C964B344E06FC6D51AA6043FC9E2F2CC4BCF3F72D660ADAF098A28611DAD7DA0B9BDB86C409C1B06810D977B26CBCD908146FE3BE59B82D6E0D23844A81A9CDC6321FFD84FC542E609DE92D896B7BA079F8F57ED1A450FD51AF7A57FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC7933A6A0AC4980AC7933A6A0AC4980AC79335D575E7D6A3B98081AF1036807C4DB04EE3B455BB8D6D32D6130529CC22703EC34A73260AFA67214216B2CE2FCB95F2D47E1418FB36E16E6EDCE6BACD1481C0A909C35A4840F320CC3C31ED2AB399AA2E5334D6A39E6BA709A4E96E4D15C83BFA17ED1874D2731CD715179F6F737D6242DA426543220B983E0E64E7451D87DDD1465DB23DE942362AA2C90EF9B28D49414F0BD975D04007CCB93C0F034B543592BAD6073E0002EF588B1EDC5A20646F9A715B7E44D7B6CD87C135052AF6C81CB3AF79FD94E96E9DC32834E626E4ED280055571CE66F4D3BE27E793F44F7D5A712B278D1DF808660C67062013328294F5E0B574CCE2637D75935B569A72EDE1AC7B644FE5030AA59D79E30A0CF7A81C4D028184BBCFBE27E89D7595E44A44227F3C9AC2C064D31D4FD08863639C4A6B9F44469658907FFE29B78804DDDF0C1615937BF5A0E8A336826526B912D0F4F9249557D3C75925AA69632609720CD5B03AB8F9AD5A31B951BD46314CF799B9B13CF94A1B12B4B3C002BA253EF17E34575EF94F60A6AF59BDAB966310D64E3073EA09F87C20012FCDEF6921F212B93FE197B9F5B9A3AC4C43980CB9ADD49CEE91556E81BD44EE2551D02FF9A9E814139B1F6C3019D2455F1BF6EFF402FC0617D1C868C559B084A2C0E962D11875B9CEC9D11B81931AE663F25D239A1D3DDEC7F0324B6DFBFA9BB9822468102917A7969DAE6231EEC0D62CED8494F3C46850279CA4FC6107A1E20273883FDFFB11321142DCF44CA7F5AD13A14BCC8EEEB556DFF95879CF10825B96644A77B0620E7FE955A49722EB4B54F397B3E4BA4A3D411E9D27502A61E0591518BAB435E2198AD2E472A3C721B40DB0CE638C0EB77FB69593902528F76489214653AEE43822A07DF8D78694DE0C6BADB8238461495DAFF85BB6AE43069867609CAF33FB51FE67218809C125ED905652BAE22552499EF88466E037B970ECC6FD3A0F2177CFE6537B82DEE85AD0628A0D30B3564135EB32759E7A1F8D50344B28B2556D9B0C77304BC557A6D6"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(1040)
c:\windows\system32\guard32.dll
c:\windows\system32\Ati2evxx.dll
e:\program files\ThreatFire\TFWAH.dll
e:\program files\ThreatFire\TFNI.dll
e:\program files\ThreatFire\TFMon.dll
e:\program files\ThreatFire\TFRK.dll
- - - - - - - > 'lsass.exe'(1096)
c:\windows\system32\guard32.dll
e:\program files\ThreatFire\TFWAH.dll
.
Completion time: 2009-08-04 15:59
ComboFix-quarantined-files.txt 2009-08-04 12:59
Pre-Run: 33.642.315.776 bytes free
Post-Run: 33.607.008.256 bytes free
1889
_____________________________
-
quote:
Orijinalden alıntı: mturhan
Ko'nun klosörüne, normal knightonline.exe gibi.. normal dosyaların dışında Knightempire.exe yüklenio..
Çok teşekkür ederim ilgilendiğin için..
Klasorun yerini ve dosyanin adini tam olarak belirtir misin?
C:\Program Files\Knight\dosya.exe seklinde.
quote:
Orijinalden alıntı: *Revenge*
Benim sorunum şöyle herhangi bir virüs tarayıcısı ile tarama yaptığımda (Özellikle Avira) belli bi yerden sonra rapor dosyası kaydedilemedi diyor bilgisyar kitleniyor görev yöneticisini açmaya çalıştığımda çeşitli hatalar veriyor ve ben restart atmadan düzelmiyor. Önce donanımsal olduğunu düşündüm ama birçok programla sürücülerimi test ettim hiçbirinde sorun yok.
Malwarebytes Antimalware adlı programı indirin.
http://www.buraksonmez.com/dosyalar/mbam-setup.exe
* Programı kurmak için mbam-setup.exe üzerine çift tıklayın ve programı kurun.
* Malwarebytes Antimalware Güncelle ve Malwarebytes Programını Çalıştır seçeneklerini işaretleyip Finish tıklayın.
* Eğer bir güncelleştirme bulunursa, program otomatik olarak indirip güncelleştirecektir.
* Program yüklendiğinde Tam Tarama seçip Taramaya Başla butonuna tıklayın.
* Tarama işlemi biraz zaman alabilir, o yüzden lütfen biraz sabırlı olun.
* Tarama işlemi bittiğinde, Tamam tıklayın ve Sonuçları Göster tıklayın.
* Herşeyin işaretli olduğundan emin olun ve Seçilileri Temizle tıklayın.
* Temizleme işlemi bittiğinde bir notdefteri penceresi açılacaktır. (Bilgisayarınızı yeniden başlatmanız gerekebilir.)
* Notdefteri dosyasını kaydedip mesajınıza ekleyerek bize gönderin.
NOT: Eğer temizleme işlemi sırasında program bilgisayarı yeniden başlatmanızı isterse Tamam tıklayarak bilgisayarızı yeniden başlatın._____________________________
-
quote:
Orijinalden alıntı: serji
quote:
Orijinalden alıntı: *Revenge*
Benim sorunum şöyle herhangi bir virüs tarayıcısı ile tarama yaptığımda (Özellikle Avira) belli bi yerden sonra rapor dosyası kaydedilemedi diyor bilgisyar kitleniyor görev yöneticisini açmaya çalıştığımda çeşitli hatalar veriyor ve ben restart atmadan düzelmiyor. Önce donanımsal olduğunu düşündüm ama birçok programla sürücülerimi test ettim hiçbirinde sorun yok.
Malwarebytes Antimalware adlı programı indirin.
http://www.buraksonmez.com/dosyalar/mbam-setup.exe
* Programı kurmak için mbam-setup.exe üzerine çift tıklayın ve programı kurun.
* Malwarebytes Antimalware Güncelle ve Malwarebytes Programını Çalıştır seçeneklerini işaretleyip Finish tıklayın.
* Eğer bir güncelleştirme bulunursa, program otomatik olarak indirip güncelleştirecektir.
* Program yüklendiğinde Tam Tarama seçip Taramaya Başla butonuna tıklayın.
* Tarama işlemi biraz zaman alabilir, o yüzden lütfen biraz sabırlı olun.
* Tarama işlemi bittiğinde, Tamam tıklayın ve Sonuçları Göster tıklayın.
* Herşeyin işaretli olduğundan emin olun ve Seçilileri Temizle tıklayın.
* Temizleme işlemi bittiğinde bir notdefteri penceresi açılacaktır. (Bilgisayarınızı yeniden başlatmanız gerekebilir.)
* Notdefteri dosyasını kaydedip mesajınıza ekleyerek bize gönderin.
NOT: Eğer temizleme işlemi sırasında program bilgisayarı yeniden başlatmanızı isterse Tamam tıklayarak bilgisayarızı yeniden başlatın.
Malwarebytes' Anti-Malware 1.40
Veritabanı sürümü: 2558
Windows 5.1.2600 Service Pack 3
04.08.2009 17:53:49
mbam-log-2009-08-04 (17-53-49).txt
Tarama biçimi: Gelişmiş Tarama (C:\|D:\|E:\|I:\|)
Taranan öğeler: 306907
Geçen süre: 48 minute(s), 0 second(s)
Etkilenmiş Hafıza İşlemleri: 0
Etkilenmiş Hafıza Modülleri: 0
Etkilenmiş Kayıt Anahtarları: 0
Etkilenmiş Kayıt Değerleri: 0
Etkilenmiş Kayıt Verisi Öğeleri: 0
Etkilenmiş Klasörler: 0
Etkilenmiş Dosyalar: 0
Etkilenmiş Hafıza İşlemleri:
(Herhangi bir tehlikeli öğe bulunmadı)
Etkilenmiş Hafıza Modülleri:
(Herhangi bir tehlikeli öğe bulunmadı)
Etkilenmiş Kayıt Anahtarları:
(Herhangi bir tehlikeli öğe bulunmadı)
Etkilenmiş Kayıt Değerleri:
(Herhangi bir tehlikeli öğe bulunmadı)
Etkilenmiş Kayıt Verisi Öğeleri:
(Herhangi bir tehlikeli öğe bulunmadı)
Etkilenmiş Klasörler:
(Herhangi bir tehlikeli öğe bulunmadı)
Etkilenmiş Dosyalar:
(Herhangi bir tehlikeli öğe bulunmadı)
_____________________________
-
sevgili serji log bakarmısın bir problem varmı die ?
saygılar..
ComboFix 09-07-31.04 - uğur 01.08.2009 21:30.1.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1254.90.1055.18.1023.610 [GMT 3:00]
Running from: c:\documents and settings\uğur\Desktop\ComboFix.exe
* Resident AV is active
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\program files\MoreRelevantAdvertisingProgram
c:\program files\MoreRelevantAdvertisingProgram\uninstall.exe
c:\program files\PlayMP3z
c:\program files\PlayMP3z\PlayMP3.exe
c:\program files\PlayMP3z\uninstall.exe
c:\windows\Installer\1005873.msp
c:\windows\Installer\10585e3.msp
c:\windows\Installer\106c132.msp
c:\windows\Installer\107ed6.msp
c:\windows\Installer\10fee61.msp
c:\windows\Installer\1171e1a.msp
c:\windows\Installer\1172a9d.msp
c:\windows\Installer\11c43ca.msp
c:\windows\Installer\11f7b27.msp
c:\windows\Installer\1207e01.msp
c:\windows\Installer\1208c2a.msp
c:\windows\Installer\12ae97.msp
c:\windows\Installer\13200f9.msp
c:\windows\Installer\1323567.msp
c:\windows\Installer\13d7539.msp
c:\windows\Installer\15e9bd.msp
c:\windows\Installer\164f2f7.msp
c:\windows\Installer\16572d6.msp
c:\windows\Installer\1762417.msp
c:\windows\Installer\17b1336.msp
c:\windows\Installer\17c1aa.msp
c:\windows\Installer\181ff6.msp
c:\windows\Installer\182248.msp
c:\windows\Installer\183c672.msp
c:\windows\Installer\197be33.msp
c:\windows\Installer\1a27d7b.msp
c:\windows\Installer\1a88ca1.msp
c:\windows\Installer\1a89cbe.msp
c:\windows\Installer\1b2b14f.msp
c:\windows\Installer\1b695b5.msp
c:\windows\Installer\1bc4a4.msp
c:\windows\Installer\1be78e.msp
c:\windows\Installer\1c8b0b8.msp
c:\windows\Installer\1cee3f0.msp
c:\windows\Installer\1d13d9.msp
c:\windows\Installer\1e42894.msp
c:\windows\Installer\1fa97.msp
c:\windows\Installer\1fd2ba.msp
c:\windows\Installer\1febe.msp
c:\windows\Installer\202e4.msp
c:\windows\Installer\20380.msp
c:\windows\Installer\20555.msp
c:\windows\Installer\20768.msp
c:\windows\Installer\207f5.msp
c:\windows\Installer\20833.msp
c:\windows\Installer\2090e.msp
c:\windows\Installer\20a95.msp
c:\windows\Installer\20c360f.msp
c:\windows\Installer\21478.msp
c:\windows\Installer\2175eb.msp
c:\windows\Installer\21cf07.msp
c:\windows\Installer\21ec63.msp
c:\windows\Installer\220828.msp
c:\windows\Installer\225f41.msp
c:\windows\Installer\22a42.msp
c:\windows\Installer\22d11.msp
c:\windows\Installer\22d7e.msp
c:\windows\Installer\22e3a.msp
c:\windows\Installer\22f24.msp
c:\windows\Installer\22fa1.msp
c:\windows\Installer\2328f.msp
c:\windows\Installer\2333b.msp
c:\windows\Installer\2334b.msp
c:\windows\Installer\23399.msp
c:\windows\Installer\23464.msp
c:\windows\Installer\2356e.msp
c:\windows\Installer\235ac.msp
c:\windows\Installer\23658.msp
c:\windows\Installer\23669f.msp
c:\windows\Installer\237fe.msp
c:\windows\Installer\2383c.msp
c:\windows\Installer\2384c.msp
c:\windows\Installer\238c9.msp
c:\windows\Installer\2395ec.msp
c:\windows\Installer\23a9e.msp
c:\windows\Installer\23cd0.msp
c:\windows\Installer\23d4d.msp
c:\windows\Installer\23e28.msp
c:\windows\Installer\240c8.msp
c:\windows\Installer\24135.msp
c:\windows\Installer\241a3.msp
c:\windows\Installer\2423f.msp
c:\windows\Installer\2455c.msp
c:\windows\Installer\246f2.msp
c:\windows\Installer\24929c.msp
c:\windows\Installer\24c41.msp
c:\windows\Installer\2500a.msp
c:\windows\Installer\25127a.msp
c:\windows\Installer\252cb9.msp
c:\windows\Installer\253f2.msp
c:\windows\Installer\258940.msp
c:\windows\Installer\25d1a4.msp
c:\windows\Installer\25d49.msp
c:\windows\Installer\268b3.msp
c:\windows\Installer\26c664.msp
c:\windows\Installer\26d131.msp
c:\windows\Installer\2726b4.msp
c:\windows\Installer\27569e.msp
c:\windows\Installer\27572fa.msp
c:\windows\Installer\27ee1b.msp
c:\windows\Installer\29783.msp
c:\windows\Installer\2a57d.msp
c:\windows\Installer\2b15f7.msp
c:\windows\Installer\2b79e2.msp
c:\windows\Installer\2bcc47.msp
c:\windows\Installer\2be7ed.msp
c:\windows\Installer\2d2252.msp
c:\windows\Installer\2d7d8.msp
c:\windows\Installer\2f43ea.msp
c:\windows\Installer\311f80.msp
c:\windows\Installer\318b1b.msp
c:\windows\Installer\31cf96.msp
c:\windows\Installer\33ad2fe.msp
c:\windows\Installer\35ec23.msp
c:\windows\Installer\369c49.msp
c:\windows\Installer\36eb43.msp
c:\windows\Installer\377dbf.msp
c:\windows\Installer\38468e.msp
c:\windows\Installer\387dea.msp
c:\windows\Installer\38eb69.msp
c:\windows\Installer\391c6c.msp
c:\windows\Installer\393f4.msp
c:\windows\Installer\3979ed.msp
c:\windows\Installer\3b976e.msp
c:\windows\Installer\3cfc2e.msp
c:\windows\Installer\3cfda5.msp
c:\windows\Installer\3d0af.msp
c:\windows\Installer\3dbf9e.msp
c:\windows\Installer\3f9e2.msp
c:\windows\Installer\40fc0c.msp
c:\windows\Installer\41c3b1.msp
c:\windows\Installer\425717.msp
c:\windows\Installer\427ee3.msp
c:\windows\Installer\429d87.msp
c:\windows\Installer\4350ba.msp
c:\windows\Installer\44838d.msp
c:\windows\Installer\44ac52.msp
c:\windows\Installer\475df5.msp
c:\windows\Installer\491077.msp
c:\windows\Installer\496696.msp
c:\windows\Installer\4a43d7.msp
c:\windows\Installer\4af4b8.msp
c:\windows\Installer\4bab95.msp
c:\windows\Installer\4bdd63.msp
c:\windows\Installer\4c3612.msp
c:\windows\Installer\4e85ed.msp
c:\windows\Installer\4ef31e.msp
c:\windows\Installer\529bd3.msp
c:\windows\Installer\5461ed.msp
c:\windows\Installer\561c01.msp
c:\windows\Installer\58761e.msp
c:\windows\Installer\594f19.msp
c:\windows\Installer\599f9a.msp
c:\windows\Installer\5ad9a1.msp
c:\windows\Installer\5c5eaa.msp
c:\windows\Installer\5db011.msp
c:\windows\Installer\5e7a18.msp
c:\windows\Installer\5e7c4b.msp
c:\windows\Installer\601990.msp
c:\windows\Installer\6259ac.msp
c:\windows\Installer\62b0e4.msp
c:\windows\Installer\66e81d.msp
c:\windows\Installer\684f20.msp
c:\windows\Installer\693624.msp
c:\windows\Installer\6a4fa3.msp
c:\windows\Installer\6b486a.msp
c:\windows\Installer\6cb299.msp
c:\windows\Installer\6cca09.msp
c:\windows\Installer\6cd072.msp
c:\windows\Installer\6d091.msp
c:\windows\Installer\6d49d8.msp
c:\windows\Installer\6d7368.msp
c:\windows\Installer\6d8db7.msp
c:\windows\Installer\6dd1d4.msp
c:\windows\Installer\6e5618.msp
c:\windows\Installer\7000ab.msp
c:\windows\Installer\709d87.msp
c:\windows\Installer\72207d.msp
c:\windows\Installer\730c83.msp
c:\windows\Installer\737158.msp
c:\windows\Installer\75091e.msp
c:\windows\Installer\75a53.msp
c:\windows\Installer\762201.msp
c:\windows\Installer\76c06.msp
c:\windows\Installer\773b9e.msp
c:\windows\Installer\77531e.msp
c:\windows\Installer\79e310.msp
c:\windows\Installer\7aca9.msp
c:\windows\Installer\7af309.msp
c:\windows\Installer\7afb17.msp
c:\windows\Installer\7b5ba6.msp
c:\windows\Installer\7d25b8.msp
c:\windows\Installer\7f4953.msp
c:\windows\Installer\807754.msp
c:\windows\Installer\87519.msp
c:\windows\Installer\892e58.msp
c:\windows\Installer\8bd702.msp
c:\windows\Installer\8c404.msp
c:\windows\Installer\9037fb.msp
c:\windows\Installer\90b6e.msp
c:\windows\Installer\923c28.msp
c:\windows\Installer\94413f.msp
c:\windows\Installer\96a510.msp
c:\windows\Installer\985783.msp
c:\windows\Installer\989da4.msp
c:\windows\Installer\98d8c8.msp
c:\windows\Installer\9a9b39.msp
c:\windows\Installer\9bbc68.msp
c:\windows\Installer\9c44d2.msp
c:\windows\Installer\9f65a.msp
c:\windows\Installer\9f9b31.msp
c:\windows\Installer\aabae8.msp
c:\windows\Installer\ab3614.msp
c:\windows\Installer\ad0b02.msp
c:\windows\Installer\ad911b.msp
c:\windows\Installer\ae3673.msp
c:\windows\Installer\b3237f.msp
c:\windows\Installer\b9bff0.msp
c:\windows\Installer\bce08a.msp
c:\windows\Installer\bdaf53.msp
c:\windows\Installer\c22887.msp
c:\windows\Installer\c2d4f.msp
c:\windows\Installer\c2e474.msp
c:\windows\Installer\c9460f.msp
c:\windows\Installer\cc885.msp
c:\windows\Installer\cd0450.msp
c:\windows\Installer\cdc3c.msp
c:\windows\Installer\d6c7d3.msp
c:\windows\Installer\d9b4f8.msp
c:\windows\Installer\da06c2.msp
c:\windows\Installer\da500f.msp
c:\windows\Installer\dcafe9.msp
c:\windows\Installer\e08b75.msp
c:\windows\Installer\e5d6d.msp
c:\windows\Installer\e62c9f.msp
c:\windows\Installer\e80d94.msp
c:\windows\Installer\eb36d.msp
c:\windows\Installer\f1fad6.msp
c:\windows\Installer\f24889.msp
c:\windows\Installer\f27d93.msp
c:\windows\Installer\f51044.msp
c:\windows\Installer\fafdb9.msp
c:\windows\Installer\fe5c3.msp
c:\windows\system32\__c001150E.dat
c:\windows\system32\__c0066699.dat
c:\windows\system32\__c0099710.dat
c:\windows\system32\__c00D3D14.dat
c:\windows\system32\7tEWUJ6N.exe.a_a
c:\windows\system32\scrrntr.dll
c:\windows\system32\SI3E4Co8.exe.a_a
c:\windows\system32\x5ul5sF3.exe.a_a
c:\windows\wiaserviv.log
c:\windows\winsys.ini
C:\xcrashdump.dat
.
((((((((((((((((((((((((( Files Created from 2009-07-01 to 2009-08-01 )))))))))))))))))))))))))))))))
.
2009-07-28 16:20 . 2009-07-28 16:20 -------- d-----w- c:\windows\system32\LogFiles
2009-07-12 13:09 . 2009-07-16 19:26 -------- d-----w- c:\program files\Common Files\DivX Shared
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-08-01 18:39 . 2008-02-05 22:42 -------- d-----w- c:\program files\lg_fwupdate
2009-07-23 00:22 . 2009-04-21 21:40 -------- d-----w- c:\program files\Common Files\DVDVideoSoft
2009-07-23 00:22 . 2008-03-18 20:29 -------- d-----w- c:\program files\DivX
2009-07-12 16:35 . 2008-11-07 20:38 -------- d-----w- c:\program files\FrostWire
2009-06-29 06:52 . 2001-11-22 11:00 72466 ----a-w- c:\windows\system32\perfc01F.dat
2009-06-29 06:52 . 2001-11-22 11:00 389852 ----a-w- c:\windows\system32\perfh01F.dat
2009-06-26 16:18 . 2004-08-03 21:45 658944 ----a-w- c:\windows\system32\wininet.dll
2009-06-26 16:18 . 2004-08-03 21:45 81920 ----a-w- c:\windows\system32\ieencode.dll
2009-06-16 14:54 . 2004-08-03 21:45 119808 ----a-w- c:\windows\system32\t2embed.dll
2009-06-16 14:54 . 2001-11-22 11:00 82432 ----a-w- c:\windows\system32\fontsub.dll
2009-06-03 19:26 . 2004-08-03 21:45 1290752 ----a-w- c:\windows\system32\quartz.dll
2009-05-07 15:42 . 2009-06-10 23:50 343552 ----a-w- c:\windows\system32\localspl.dll
2009-07-29 18:14 . 2009-03-06 16:16 134648 ----a-w- c:\program files\mozilla firefox\components\brwsrcmp.dll
.
------- Sigcheck -------
[-] 2008-04-14 16:00 579072 DBC887B627B9CA423270C951F9E88F0E c:\windows\SoftwareDistribution\Download\7967ea10e135cbe2c175c5648b36ae99\user32.dll
[-] 2008-11-20 23:15 577536 C1E4B51B6F2F834DFC0C12A2FFF62314 c:\windows\system32\user32.DLL
[-] 2008-11-20 23:15 577536 C1E4B51B6F2F834DFC0C12A2FFF62314 c:\windows\system32\dllcache\user32.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-11-23 68856]
"Google Update"="c:\documents and settings\uğur\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2009-05-21 133104]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ShStatEXE"="c:\program files\McAfee\VirusScan Enterprise\SHSTAT.EXE" [2006-11-30 112216]
"McAfeeUpdaterUI"="c:\program files\McAfee\Common Framework\UdaterUI.exe" [2006-11-17 136768]
"{0228e555-4f9c-4e35-a3ec-b109a192b4c2}"="c:\program files\Google\Gmail Notifier\gnotify.exe" [2005-07-15 479232]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"InCD"="c:\program files\Ahead\InCD\InCD.exe" [2004-09-07 1400944]
"LGODDFU"="c:\program files\lg_fwupdate\fwupdate.exe" [2005-04-12 229376]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2003-12-08 32768]
"High Definition Audio Property Page Shortcut"="HDAShCut.exe" - c:\windows\system32\HdAShCut.exe [2005-01-07 61952]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ati0ilxx.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ati0itxx.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ati0kjxx.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ati0oaxx.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ati0poxx.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ati0uxxx.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ati0vxxx.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ati1epxx.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ati1pwxx.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ati1qcxx.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ati1smxx.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ati1tnxx.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ati2byxx.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ati2oaxx.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ati3suxx.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ati3yjxx.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ati4cnxx.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ati4ykxx.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ati5buxx.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ati5xjxx.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ati6buxx.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ati6cmxx.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ati6cnxx.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ati7buxx.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ati7fqxx.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ati7grxx.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ati8alxx.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ati8mxxx.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ati8vyxx.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001
"AntiVirusOverride"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\McAfee\\Common Framework\\FrameworkService.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Documents and Settings\\uğur\\Belgelerim\\Alınan Dosyalarım\\SuperOkey.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\KONAMI\\Pro Evolution Soccer 2009\\pes2009.exe"=
"c:\\WINDOWS\\system32\\mmc.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [05.05.2009 23:09 55152]
S0 ati0ilxx;ati0ilxx;c:\windows\system32\Drivers\ati0ilxx.sys --> c:\windows\system32\Drivers\ati0ilxx.sys [?]
S0 ati0itxx;ati0itxx;c:\windows\system32\Drivers\ati0itxx.sys --> c:\windows\system32\Drivers\ati0itxx.sys [?]
S0 ati0kjxx;ati0kjxx;c:\windows\system32\Drivers\ati0kjxx.sys --> c:\windows\system32\Drivers\ati0kjxx.sys [?]
S0 ati0oaxx;ati0oaxx;c:\windows\system32\Drivers\ati0oaxx.sys --> c:\windows\system32\Drivers\ati0oaxx.sys [?]
S0 ati0poxx;ati0poxx;c:\windows\system32\Drivers\ati0poxx.sys --> c:\windows\system32\Drivers\ati0poxx.sys [?]
S0 ati0uxxx;ati0uxxx;c:\windows\system32\Drivers\ati0uxxx.sys --> c:\windows\system32\Drivers\ati0uxxx.sys [?]
S0 ati0vxxx;ati0vxxx;c:\windows\system32\Drivers\ati0vxxx.sys --> c:\windows\system32\Drivers\ati0vxxx.sys [?]
S0 ati1epxx;ati1epxx;c:\windows\system32\Drivers\ati1epxx.sys --> c:\windows\system32\Drivers\ati1epxx.sys [?]
S0 ati1pwxx;ati1pwxx;c:\windows\system32\Drivers\ati1pwxx.sys --> c:\windows\system32\Drivers\ati1pwxx.sys [?]
S0 ati1qcxx;ati1qcxx;c:\windows\system32\Drivers\ati1qcxx.sys --> c:\windows\system32\Drivers\ati1qcxx.sys [?]
S0 ati1smxx;ati1smxx;c:\windows\system32\Drivers\ati1smxx.sys --> c:\windows\system32\Drivers\ati1smxx.sys [?]
S0 ati1tnxx;ati1tnxx;c:\windows\system32\Drivers\ati1tnxx.sys --> c:\windows\system32\Drivers\ati1tnxx.sys [?]
S0 ati2byxx;ati2byxx;c:\windows\system32\Drivers\ati2byxx.sys --> c:\windows\system32\Drivers\ati2byxx.sys [?]
S0 ati2oaxx;ati2oaxx;c:\windows\system32\Drivers\ati2oaxx.sys --> c:\windows\system32\Drivers\ati2oaxx.sys [?]
S0 ati3suxx;ati3suxx;c:\windows\system32\Drivers\ati3suxx.sys --> c:\windows\system32\Drivers\ati3suxx.sys [?]
S0 ati3yjxx;ati3yjxx;c:\windows\system32\Drivers\ati3yjxx.sys --> c:\windows\system32\Drivers\ati3yjxx.sys [?]
S0 ati4cnxx;ati4cnxx;c:\windows\system32\Drivers\ati4cnxx.sys --> c:\windows\system32\Drivers\ati4cnxx.sys [?]
S0 ati4ykxx;ati4ykxx;c:\windows\system32\Drivers\ati4ykxx.sys --> c:\windows\system32\Drivers\ati4ykxx.sys [?]
S0 ati5buxx;ati5buxx;c:\windows\system32\Drivers\ati5buxx.sys --> c:\windows\system32\Drivers\ati5buxx.sys [?]
S0 ati5xjxx;ati5xjxx;c:\windows\system32\Drivers\ati5xjxx.sys --> c:\windows\system32\Drivers\ati5xjxx.sys [?]
S0 ati6buxx;ati6buxx;c:\windows\system32\Drivers\ati6buxx.sys --> c:\windows\system32\Drivers\ati6buxx.sys [?]
S0 ati6cmxx;ati6cmxx;c:\windows\system32\Drivers\ati6cmxx.sys --> c:\windows\system32\Drivers\ati6cmxx.sys [?]
S0 ati6cnxx;ati6cnxx;c:\windows\system32\Drivers\ati6cnxx.sys --> c:\windows\system32\Drivers\ati6cnxx.sys [?]
S0 ati7buxx;ati7buxx;c:\windows\system32\Drivers\ati7buxx.sys --> c:\windows\system32\Drivers\ati7buxx.sys [?]
S0 ati7fqxx;ati7fqxx;c:\windows\system32\Drivers\ati7fqxx.sys --> c:\windows\system32\Drivers\ati7fqxx.sys [?]
S0 ati7grxx;ati7grxx;c:\windows\system32\Drivers\ati7grxx.sys --> c:\windows\system32\Drivers\ati7grxx.sys [?]
S0 ati8alxx;ati8alxx;c:\windows\system32\Drivers\ati8alxx.sys --> c:\windows\system32\Drivers\ati8alxx.sys [?]
S0 ati8mxxx;ati8mxxx;c:\windows\system32\Drivers\ati8mxxx.sys --> c:\windows\system32\Drivers\ati8mxxx.sys [?]
S0 ati8vyxx;ati8vyxx;c:\windows\system32\Drivers\ati8vyxx.sys --> c:\windows\system32\Drivers\ati8vyxx.sys [?]
S3 ATE_PROCMON;ATE_PROCMON;\??\c:\program files\Anti Trojan Elite\ATEPMon.sys --> c:\program files\Anti Trojan Elite\ATEPMon.sys [?]
S3 fsssvc;Windows Live Aile Koruması;c:\program files\Windows Live\Family Safety\fsssvc.exe [06.02.2009 18:08 533360]
.
Contents of the 'Scheduled Tasks' folder
2009-08-01 c:\windows\Tasks\WGASetup.job
- c:\windows\system32\KB905474\wgasetup.exe [2009-05-23 19:18]
.
- - - - ORPHANS REMOVED - - - -
WebBrowser-{3041D03E-FD4B-44E0-B742-2D9B88305F98} - c:\program files\AskBarDis\bar\bin\askBar.dll
HKLM-Run-Anti Trojan Elite - c:\program files\Anti Trojan Elite\TJEnder.exe
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com.tr/
uInternet Connection Wizard,ShellNext = iexplore
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
FF - ProfilePath - c:\documents and settings\uğur\Application Data\Mozilla\Firefox\Profiles\rmog1vgz.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.live.com/results.aspx?FORM=IEFM1&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://ogame.com.tr/
FF - prefs.js: keyword.URL - hxxp://search.live.com/results.aspx?FORM=IEFM1&q=
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NpFv41629.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,http://www.gmer.net
Rootkit scan 2009-08-01 21:39
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_USERS\S-1-5-21-790525478-1532298954-725345543-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:69,e0,9e,f9,95,e9,a0,4c,e3,36,e7,81,9d,f6,03,ae,5c,2c,02,89,3b,df,cb,
d9,98,e8,95,2d,0b,f9,98,2e,90,fb,29,34,3a,91,da,ff,75,d2,ee,a1,17,4c,40,57,\
"??"=hex:fb,4d,37,ca,50,6e,b3,f7,21,34,f6,b4,9e,e0,cb,ea
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(664)
c:\windows\system32\Ati2evxx.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\ati2evxx.exe
c:\program files\Ahead\InCD\InCDsrv.exe
c:\windows\system32\ati2evxx.exe
c:\program files\McAfee\VirusScan Enterprise\Mcshield.exe
c:\program files\McAfee\VirusScan Enterprise\VsTskMgr.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\windows\system32\wdfmgr.exe
c:\program files\McAfee\Common Framework\Mctray.exe
.
**************************************************************************
.
Completion time: 2009-08-01 21:42 - machine was rebooted
ComboFix-quarantined-files.txt 2009-08-01 18:42
Pre-Run: 25.409.179.648 bayt boş
Post-Run: 25.661.517.824 bayt boş
476 --- E O F --- 2009-08-01 15:32_____________________________
-
quote:
Orijinalden alıntı: *Revenge*
Burada bir sorun cikmadi. Hata verdigi zaman hatayi tam olarak yazarsan belki daha cok yardimci olabilirim.
quote:
Orijinalden alıntı: elarist
sevgili serji log bakarmısın bir problem varmı die ?
saygılar..
Evet bayagi bir problem var gibi gozukuyor. Ama cozecegiz.
The Avenger adlı programı masaüstünüze indirin.
http://www.buraksonmez.com/dosyalar/avenger.exe
1. Aşağıda renkli yazılmış olan yazıların tamamını seçip CTRL+C basın ve kopyalayın.
Drivers to disable:
ati8vyxx
ati8mxxx
ati8alxx
ati7grxx
ati7fqxx
ati7buxx
ati6cnxx
ati6cmxx
ati6buxx
ati5xjxx
ati5buxx
ati4ykxx
ati4cnxx
ati3yjxx
ati3suxx
ati2oaxx
ati2byxx
ati1tnxx
ati1smxx
ati1qcxx
ati1pwxx
ati1epxx
ati0vxxx
ati0uxxx
ati0poxx
ati0oaxx
ati0kjxx
ati0itxx
ati0ilxx
Drivers to delete:
ati8vyxx
ati8mxxx
ati8alxx
ati7grxx
ati7fqxx
ati7buxx
ati6cnxx
ati6cmxx
ati6buxx
ati5xjxx
ati5buxx
ati4ykxx
ati4cnxx
ati3yjxx
ati3suxx
ati2oaxx
ati2byxx
ati1tnxx
ati1smxx
ati1qcxx
ati1pwxx
ati1epxx
ati0vxxx
ati0uxxx
ati0poxx
ati0oaxx
ati0kjxx
ati0itxx
ati0ilxx
2. Program ikonunun üzerine çift tıklayarak programı çalıştırın.
* Load Script altında Paste from Clipboard seçin.
* Execute butonuna basın.
* Program soru sorarsa Evet tıklayın.
3. Bilgisayarınız yeniden başlayacak. (2 kez yeniden başlayabilir) Daha sonra bir takım işlemler yapılacaktır.
4. Tarama işlemi bittikten sonra C:\avenger.txt olarak bir log dosyası yaratılacaktır. (Yedekleriniz C:\avenger\backup.zip dizininde olacaktır.)
5. C:\avenger.txt dosyasını mesajınıza ekleyerek bize gönderin._____________________________
-
Malwarebytes' Anti-Malware 1.40
Veritabanı sürümü: 2560
Windows 6.0.6001 Service Pack 1
05.08.2009 01:41:04
mbam-log-2009-08-05 (01-41-04).txt
Tarama biçimi: Gelişmiş Tarama (C:\|D:\|E:\|)
Taranan öğeler: 202002
Geçen süre: 1 hour(s), 3 minute(s), 59 second(s)
Etkilenmiş Hafıza İşlemleri: 0
Etkilenmiş Hafıza Modülleri: 0
Etkilenmiş Kayıt Anahtarları: 3
Etkilenmiş Kayıt Değerleri: 0
Etkilenmiş Kayıt Verisi Öğeleri: 0
Etkilenmiş Klasörler: 2
Etkilenmiş Dosyalar: 1
Etkilenmiş Hafıza İşlemleri:
(Herhangi bir tehlikeli öğe bulunmadı)
Etkilenmiş Hafıza Modülleri:
(Herhangi bir tehlikeli öğe bulunmadı)
Etkilenmiş Kayıt Anahtarları:
HKEY_CLASSES_ROOT\slidershow.slidershowctrl (Adware.LuckyTender) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\slidershow.slidershowctrl.1 (Adware.LuckyTender) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\luckytender (Adware.LuckyTender) -> Quarantined and deleted successfully.
Etkilenmiş Kayıt Değerleri:
(Herhangi bir tehlikeli öğe bulunmadı)
Etkilenmiş Kayıt Verisi Öğeleri:
(Herhangi bir tehlikeli öğe bulunmadı)
Etkilenmiş Klasörler:
C:\Program Files\LuckyTender (Adware.LuckyTender) -> Quarantined and deleted successfully.
C:\Program Files\LuckyTender\1.3.1 (Adware.LuckyTender) -> Quarantined and deleted successfully.
Etkilenmiş Dosyalar:
C:\Program Files\LuckyTender\uninst.exe (Adware.LuckyTender) -> Quarantined and deleted successfully.
quote:
Orijinalden alıntı: serji
quote:
Orijinalden alıntı: fbaycan
Malwarebytes Antimalware adlı programı indirin.
http://www.buraksonmez.com/dosyalar/mbam-setup.exe
* Programı kurmak için mbam-setup.exe üzerine çift tıklayın ve programı kurun.
* Malwarebytes Antimalware Güncelle ve Malwarebytes Programını Çalıştır seçeneklerini işaretleyip Finish tıklayın.
* Eğer bir güncelleştirme bulunursa, program otomatik olarak indirip güncelleştirecektir.
* Program yüklendiğinde Tam Tarama seçip Taramaya Başla butonuna tıklayın.
* Tarama işlemi biraz zaman alabilir, o yüzden lütfen biraz sabırlı olun.
* Tarama işlemi bittiğinde, Tamam tıklayın ve Sonuçları Göster tıklayın.
* Herşeyin işaretli olduğundan emin olun ve Seçilileri Temizle tıklayın.
* Temizleme işlemi bittiğinde bir notdefteri penceresi açılacaktır. (Bilgisayarınızı yeniden başlatmanız gerekebilir.)
* Notdefteri dosyasını kaydedip mesajınıza ekleyerek bize gönderin.
NOT: Eğer temizleme işlemi sırasında program bilgisayarı yeniden başlatmanızı isterse Tamam tıklayarak bilgisayarızı yeniden başlatın.
_____________________________
-
Bende de problem var gibi, bu aralar çok yavaşladı bilgisayar... Bi bakabilir misiniz ? Teşekkürler şimdiden.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 08:46:28, on 05.08.2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18294)
Boot mode: Normal
Running processes:
C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe
C:\Program Files\Sony\VAIO Wireless Wizard\AutoLaunchWLASU.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files (x86)\Java\jre6\bin\jusched.exe
C:\Program Files (x86)\Winamp\winampa.exe
C:\Program Files\Sony Corporation\SmartWi Connection Utility\CCP.exe
C:\Program Files\Sony Corporation\SmartWi Connection Utility\PowerManager.exe
C:\Program Files\Sony Corporation\SmartWi Connection Utility\ThirdPartyAppMgr.exe
C:\Program Files\Sony Corporation\SmartWi Connection Utility\UIManager.exe
C:\Program Files\Sony Corporation\SmartWi Connection Utility\SmartWi.exe
C:\Program Files (x86)\Internet Explorer\ieuser.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\SysWow64\Macromed\Flash\FlashUtil10c.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Users\OZAN\Desktop\HiJackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =http://www.sony.com/vaiopeople_f08
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =http://www.sony.com/vaiopeople_f08
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O1 - Hosts: 212.175.252.253www.divxm.com
O1 - Hosts: 89.149.239.114www.divxplanet.net
O1 - Hosts: 208.117.236.70 youtube.com
O1 - Hosts: 208.117.236.70www.youtube.com
O1 - Hosts: 74.125.65.118 img.youtube.com
O1 - Hosts: 74.125.13.80 v1.lscache1.c.youtube.com
O1 - Hosts: 74.125.13.83 v2.lscache1.c.youtube.com
O1 - Hosts: 74.125.13.86 v3.lscache1.c.youtube.com
O1 - Hosts: 74.125.13.89 v4.lscache1.c.youtube.com
O1 - Hosts: 74.125.13.92 v5.lscache1.c.youtube.com
O1 - Hosts: 74.125.13.95 v6.lscache1.c.youtube.com
O1 - Hosts: 74.125.13.98 v7.lscache1.c.youtube.com
O1 - Hosts: 74.125.13.101 v8.lscache1.c.youtube.com
O1 - Hosts: 74.125.97.17 v9.lscache1.c.youtube.com
O1 - Hosts: 74.125.97.84 v10.lscache1.c.youtube.com
O1 - Hosts: 74.125.13.87 v11.lscache1.c.youtube.com
O1 - Hosts: 74.125.13.90 v12.lscache1.c.youtube.com
O1 - Hosts: 74.125.13.93 v13.lscache1.c.youtube.com
O1 - Hosts: 74.125.13.96 v14.lscache1.c.youtube.com
O1 - Hosts: 74.125.13.99 v15.lscache1.c.youtube.com
O1 - Hosts: 74.125.97.38 v16.lscache1.c.youtube.com
O1 - Hosts: 74.125.13.82 v17.lscache1.c.youtube.com
O1 - Hosts: 74.125.13.85 v18.lscache1.c.youtube.com
O1 - Hosts: 74.125.13.88 v19.lscache1.c.youtube.com
O1 - Hosts: 74.125.13.91 v20.lscache1.c.youtube.com
O1 - Hosts: 74.125.13.94 v21.lscache1.c.youtube.com
O1 - Hosts: 74.125.13.97 v22.lscache1.c.youtube.com
O1 - Hosts: 74.125.13.100 v23.lscache1.c.youtube.com
O1 - Hosts: 74.125.13.103 v24.lscache1.c.youtube.com
O1 - Hosts: 74.125.13.80 v1.lscache2.c.youtube.com
O1 - Hosts: 74.125.13.83 v2.lscache2.c.youtube.com
O1 - Hosts: 74.125.13.86 v3.lscache2.c.youtube.com
O1 - Hosts: 74.125.13.89 v4.lscache2.c.youtube.com
O1 - Hosts: 74.125.13.92 v5.lscache2.c.youtube.com
O1 - Hosts: 74.125.13.95 v6.lscache2.c.youtube.com
O1 - Hosts: 74.125.13.98 v7.lscache2.c.youtube.com
O1 - Hosts: 74.125.13.101 v8.lscache2.c.youtube.com
O1 - Hosts: 74.125.13.81 v9.lscache2.c.youtube.com
O1 - Hosts: 74.125.13.84 v10.lscache2.c.youtube.com
O1 - Hosts: 74.125.13.87 v11.lscache2.c.youtube.com
O1 - Hosts: 74.125.13.90 v12.lscache2.c.youtube.com
O1 - Hosts: 74.125.13.93 v13.lscache2.c.youtube.com
O1 - Hosts: 74.125.13.96 v14.lscache2.c.youtube.com
O1 - Hosts: 74.125.13.99 v15.lscache2.c.youtube.com
O1 - Hosts: 74.125.13.102 v16.lscache2.c.youtube.com
O1 - Hosts: 74.125.13.82 v17.lscache2.c.youtube.com
O1 - Hosts: 74.125.13.85 v18.lscache2.c.youtube.com
O1 - Hosts: 74.125.13.88 v19.lscache2.c.youtube.com
O1 - Hosts: 74.125.13.91 v20.lscache2.c.youtube.com
O1 - Hosts: 74.125.13.94 v21.lscache2.c.youtube.com
O1 - Hosts: 74.125.13.97 v22.lscache2.c.youtube.com
O1 - Hosts: 74.125.13.100 v23.lscache2.c.youtube.com
O1 - Hosts: 74.125.13.103 v24.lscache2.c.youtube.com
O1 - Hosts: 74.125.99.80 v1.lscache3.c.youtube.com
O1 - Hosts: 74.125.99.83 v2.lscache3.c.youtube.com
O1 - Hosts: 74.125.99.86 v3.lscache3.c.youtube.com
O1 - Hosts: 74.125.99.89 v4.lscache3.c.youtube.com
O1 - Hosts: 74.125.99.92 v5.lscache3.c.youtube.com
O1 - Hosts: 74.125.99.95 v6.lscache3.c.youtube.com
O1 - Hosts: 74.125.99.98 v7.lscache3.c.youtube.com
O1 - Hosts: 74.125.99.101 v8.lscache3.c.youtube.com
O1 - Hosts: 74.125.99.81 v9.lscache3.c.youtube.com
O1 - Hosts: 74.125.99.84 v10.lscache3.c.youtube.com
O1 - Hosts: 74.125.99.87 v11.lscache3.c.youtube.com
O1 - Hosts: 74.125.99.90 v12.lscache3.c.youtube.com
O1 - Hosts: 74.125.99.93 v13.lscache3.c.youtube.com
O1 - Hosts: 74.125.97.32 v14.lscache3.c.youtube.com
O1 - Hosts: 74.125.99.99 v15.lscache3.c.youtube.com
O1 - Hosts: 74.125.99.102 v16.lscache3.c.youtube.com
O1 - Hosts: 74.125.99.82 v17.lscache3.c.youtube.com
O1 - Hosts: 74.125.99.85 v18.lscache3.c.youtube.com
O1 - Hosts: 74.125.99.88 v19.lscache3.c.youtube.com
O1 - Hosts: 74.125.99.91 v20.lscache3.c.youtube.com
O1 - Hosts: 74.125.99.94 v21.lscache3.c.youtube.com
O1 - Hosts: 74.125.99.97 v22.lscache3.c.youtube.com
O1 - Hosts: 74.125.99.100 v23.lscache3.c.youtube.com
O1 - Hosts: 74.125.99.103 v24.lscache3.c.youtube.com
O1 - Hosts: 74.125.99.80 v1.lscache4.c.youtube.com
O1 - Hosts: 74.125.99.83 v2.lscache4.c.youtube.com
O1 - Hosts: 74.125.99.86 v3.lscache4.c.youtube.com
O1 - Hosts: 74.125.99.89 v4.lscache4.c.youtube.com
O1 - Hosts: 74.125.99.92 v5.lscache4.c.youtube.com
O1 - Hosts: 74.125.99.95 v6.lscache4.c.youtube.com
O1 - Hosts: 74.125.99.98 v7.lscache4.c.youtube.com
O1 - Hosts: 74.125.99.101 v8.lscache4.c.youtube.com
O1 - Hosts: 74.125.99.81 v9.lscache4.c.youtube.com
O1 - Hosts: 74.125.99.84 v10.lscache4.c.youtube.com
O1 - Hosts: 74.125.99.87 v11.lscache4.c.youtube.com
O1 - Hosts: 74.125.99.90 v12.lscache4.c.youtube.com
O1 - Hosts: 74.125.99.93 v13.lscache4.c.youtube.com
O1 - Hosts: 74.125.99.96 v14.lscache4.c.youtube.com
O1 - Hosts: 74.125.99.99 v15.lscache4.c.youtube.com
O1 - Hosts: 74.125.99.102 v16.lscache4.c.youtube.com
O1 - Hosts: 74.125.99.82 v17.lscache4.c.youtube.com
O1 - Hosts: 74.125.99.85 v18.lscache4.c.youtube.com
O1 - Hosts: 74.125.99.88 v19.lscache4.c.youtube.com
O1 - Hosts: 74.125.99.91 v20.lscache4.c.youtube.com
O1 - Hosts: 74.125.99.94 v21.lscache4.c.youtube.com
O1 - Hosts: 74.125.99.97 v22.lscache4.c.youtube.com
O1 - Hosts: 74.125.99.100 v23.lscache4.c.youtube.com
O1 - Hosts: 74.125.99.103 v24.lscache4.c.youtube.com
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: EmailBHO - {647FD14A-C4F1-46F4-8FC3-0B40F54226F7} - C:\Program Files (x86)\jZip\WebmailPlugin.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files (x86)\Windows Live Toolbar\msntb.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files (x86)\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [ISBMgr.exe] "C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe"
O4 - HKLM\..\Run: [SmartWiHelper] "C:\Program Files\Sony Corporation\SmartWi Connection Utility\SmartWiHelper.exe" /WindowsStartup
O4 - HKLM\..\Run: [VAIORegistration] "C:\Program Files\Sony\First Experience\WelcomeLauncher.exe"
O4 - HKLM\..\Run: [VAIOSurvey] "C:\Program Files (x86)\Sony\VAIO Survey\VAIO Sat Survey.exe"
O4 - HKLM\..\Run: [VWLASU] "C:\Program Files\Sony\VAIO Wireless Wizard\AutoLaunchWLASU.exe"
O4 - HKLM\..\Run: [AML] "C:\Program Files (x86)\Sony\VAIO Launcher\AML.exe" InitApp
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files (x86)\Winamp\winampa.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
O4 - HKUS\S-1-5-18\..\Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background (User 'Default user')
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files (x86)\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites -http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O13 - Gopher Prefix:
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) -http://www.srtest.com/srl_bin/sysreqlab_srl.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} -http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{3AE47831-50C4-43BA-85E3-B03AF6C6AE1D}: NameServer = 4.2.2.4,4.2.2.5
O17 - HKLM\System\CS1\Services\Tcpip\..\{3AE47831-50C4-43BA-85E3-B03AF6C6AE1D}: NameServer = 4.2.2.4,4.2.2.5
O17 - HKLM\System\CS2\Services\Tcpip\..\{3AE47831-50C4-43BA-85E3-B03AF6C6AE1D}: NameServer = 4.2.2.4,4.2.2.5
O18 - Protocol: intu-help-qb1 - {9B0F96C7-2E4B-433E-ABF3-043BA1B54AE3} - C:\Program Files (x86)\Intuit\QuickBooks 2008\HelpAsyncPluggableProtocol.dll
O18 - Protocol: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - mscoree.dll (file missing)
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: @dfsrres.dll,-101 (DFSR) - Unknown owner - C:\Windows\system32\DFSR.exe (file missing)
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel(R) Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe
O23 - Service: Google Update Service (gupdate1c9862930bf4b25) (gupdate1c9862930bf4b25) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: IviRegMgr - InterVideo - C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files (x86)\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files (x86)\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: QBCFMonitorService - Intuit - C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
O23 - Service: Intuit QuickBooks FCS (QBFCService) - Intuit Inc. - C:\Program Files (x86)\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel(R) Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: Realtek Audio Service (RtkAudioService) - Realtek Semiconductor - C:\Windows\RtkAudioService.exe
O23 - Service: Intel(R) Sample Collector (SampleCollector) - Intel Corporation - C:\Program Files\Sony\VAIO Care\collsvc.exe
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\Windows\system32\SLsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: VAIO Media plus Content Importer (SOHCImp) - Sony Corporation - C:\Program Files (x86)\Sony\VAIO Media plus\SOHCImp.exe
O23 - Service: VAIO Media plus Digital Media Server (SOHDms) - Sony Corporation - C:\Program Files (x86)\Sony\VAIO Media plus\SOHDms.exe
O23 - Service: VAIO Media plus Device Searcher (SOHDs) - Sony Corporation - C:\Program Files (x86)\Sony\VAIO Media plus\SOHDs.exe
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files (x86)\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: CamMonitor (uCamMonitor) - ArcSoft, Inc. - C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects\uCamMonitor.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: VAIO Entertainment TV Device Arbitration Service - Sony Corporation - C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VzHardwareResourceManager\VzHardwareResourceManager\VzHardwareResourceManager.exe
O23 - Service: VAIO Event Service - Sony Corporation - C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe
O23 - Service: VAIO Power Management - Sony Corporation - C:\Program Files\Sony\VAIO Power Management\SPMService.exe
O23 - Service: VAIO Content Folder Watcher (VCFw) - Sony Corporation - C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe
O23 - Service: VAIO Content Metadata Intelligent Analyzing Manager (VcmIAlzMgr) - Sony Corporation - C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe
O23 - Service: VAIO Content Metadata XML Interface (VcmXmlIfHelper) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe
O23 - Service: VAIO Entertainment UPnP Client Adapter (Vcsw) - Sony Corporation - C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: VAIO Entertainment Database Service (VzCdbSvc) - Sony Corporation - C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: XAudioService - Unknown owner - C:\Windows\system32\DRIVERS\xaudio64.exe (file missing)
--
End of file - 18155 bytes_____________________________ ***Gölge doğuşunu ışığa borçludur.***
-
quote:
Orijinalden alıntı: fbaycan
Su anda bir sorun gozukmuyor. Problemler deavm ediyor mu*
quote:
Orijinalden alıntı: 02AN
Bende de problem var gibi, bu aralar çok yavaşladı bilgisayar... Bi bakabilir misiniz ? Teşekkürler şimdiden.
* HijackThis adlı programı açın.
* Do a system scan only seçeneğine tıklayın.
* Aşağıdaki satırları işaretleyin.
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =http://www.sony.com/vaiopeople_f08
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =http://www.sony.com/vaiopeople_f08
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: EmailBHO - {647FD14A-C4F1-46F4-8FC3-0B40F54226F7} - C:\Program Files (x86)\jZip\WebmailPlugin.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files (x86)\Windows Live Toolbar\msntb.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files (x86)\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files (x86)\Winamp\winampa.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files (x86)\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites -http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000
* CTRL+ALT+DEL basıp işlemler sekmesine gelin. Kullanıcı adınızın karşısındaki HijackThis.exe ve explorer.exe hariç tüm işlemleri sonlandırın. (Yalnızca kullanıcı adınızın karşısındaki işlemleri sonlandırın. Local Service, network, system olanlara dokunmayın). HijackThis hariç tüm programları, pencereleri kapatın ve Fix Checked butonuna tıklayın. Ardından bilgisayarınızı hemen yeniden başlatın.
ComboFix adlı programı masaüstünüze indirin.
http://www.buraksonmez.com/dosyalar/ComboFix.exe
1. Tüm açık pencerelerinizi ve programlarınızı kapatın.
2. Antivirüs ve Antispyware programlarınızı geçici olarak kapatın veya devre dışı bırakın.
3. ComboFix.exe üzerine çift tıklayın ve programı açın. Programı açtıktan sonra kesinlikle hiç bir işlem yapmayın. 1-2 dakikalık bir mola verin.
4. ComboFix çalışmaya başladıktan sonra Evet butonuna tıklayın.
5. ComboFix olası bir aksilik durumunda sistemizi geri yükleyebilmek amacıyla Kayıt Defterinizin bir yedeğini alacak ve bir sistem geri yükleme noktası oluşturacaktır.
6. Bu işlemler sırasında internet bağlantınız kesilecek ve masaüstünüz kaybolacaktır. Bunlar normaldir. Ayrıca sistem saatiniz de değişecektir. Fakat tüm bunlar geçicidir. İşlemler bittikten sonra hepsi orjinal haline geri döndürülecektir.
7. Biraz sabırlı olmanız gerekebilir çünkü tam 50 aşama söz konusudur.
8. Son olarak ComboFix işlemlerin sonucunu içeren bir rapor hazırlayacaktır. Bu sırada masaüstünüz kaybolabilir. Fakat kısa sürede geri yüklenecektir. İşlemler bittikten sonra ComboFix kapanacak ve size bir rapor açılacaktır. Bu raporu C:\ComboFix.txt bulabilirsiniz.
9. C:\ComboFix.txt dosyasını mesajınıza ekleyerek bize gönderin._____________________________
-
tesekkurler saol :)
Orijinalden alıntı: serji
Orijinalden alıntı: fbaycan
Su anda bir sorun gozukmuyor. Problemler deavm ediyor mu*_____________________________ -
quote:
Orijinalden alıntı: fbaycan
tesekkurler saol :)
Rica ederim kolay gelsin._____________________________ -
Serji yardımına ihtiyacım var, sistemim bir süredirağırlaştı, sence burada sorun gözüküyor mu? ne yapmam gerekir?
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:15:59, on 05.08.2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Eset\nod32krn.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ASUS Security Center\ASUS Security Protect Manager\Bin\AsGHost.exe
C:\Program Files\ASUS\ATK Media\DMEDIA.EXE
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
C:\Program Files\Wireless Console 2\wcourier.exe
C:\Program Files\Eset\nod32kui.exe
C:\WINDOWS\ATK0100\HControl.exe
C:\Program Files\Babylon\Babylon-Pro\Babylon.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\PowerForPhone\PowerForPhone\PowerForPhone.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
C:\WINDOWS\ATK0100\ATKOSD.exe
C:\Program Files\ASUS\Asus MultiFrame\MultiFrame.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Documents and Settings\Emre\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Emre\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Emre\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
E:\YILMAZ\Downloads\Geçici İndirme\HiJackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Bağlantılar
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Windows Live Oturum Açma Yardım Aracı - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: ASUS Security Protect Manager - {DF21F1DB-80C6-11D3-9483-B03D0EC10000} - C:\Program Files\ASUS Security Center\ASUS Security Protect Manager\Bin\ItIEAddIn.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Babylon - {965B54B0-71E0-4611-8DE7-F73FA0B20E26} - C:\Program Files\Babylon\Babylon Toolbar\BabylonIEToolBar.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [ATKMEDIA] C:\Program Files\ASUS\ATK Media\DMEDIA.EXE
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
O4 - HKLM\..\Run: [CognizanceTS] rundll32.exe C:\PROGRA~1\ASUSSE~1\ASUSSE~1\Bin\ASTSVCC.dll,RegisterModule
O4 - HKLM\..\Run: [ACMON] C:\Program Files\ASUS\Splendid\ACMON.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
O4 - HKLM\..\Run: [Wireless Console 2] C:\Program Files\Wireless Console 2\wcourier.exe
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [HControl] C:\WINDOWS\ATK0100\HControl.exe
O4 - HKLM\..\Run: [Babylon Client] C:\Program Files\Babylon\Babylon-Pro\Babylon.exe -AutoStart
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [PowerForPhone] C:\Program Files\PowerForPhone\PowerForPhone\PowerForPhone.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [AWMON] "C:\Program Files\Lavasoft\Ad-Aware SE Professional\Ad-Watch.exe"
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Bluetooth Manager.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: MultiFrame.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Translate with &Babylon - res://C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/Translate.htm
O9 - Extra button: ASUS Security Protect Manager e-Wallet - {1009C944-97D5-44A9-9E32-DFF54F498968} - C:\Program Files\ASUS Security Center\ASUS Security Protect Manager\Bin\ASWallet.dll
O9 - Extra 'Tools' menuitem: ASUS Security Protect Manager e-&Wallet - {1009C944-97D5-44A9-9E32-DFF54F498968} - C:\Program Files\ASUS Security Center\ASUS Security Protect Manager\Bin\ASWallet.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone:http://www.gamyun.net
O15 - Trusted Zone:www.yayinonline.com
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) -http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
O16 - DPF: {0D41B8C5-2599-4893-8183-00195EC8D5F9} (asusTek_sysctrl Class) -http://support.asus.com/common/asusTek_sys_ctrl.cab
O16 - DPF: {0FC8B38E-9293-424C-9D0E-CE60775679CF} (SubClassEditCtrlContainer Class) -https://sube.garanti.com.tr/lib/JaguarEditControl.CAB
O16 - DPF: {4975D552-DB29-4E77-BFDA-84B6E8B16304} (RTNetLauncher Control) -http://www.yapikrediyatirim.com.tr/RealTrade/RTNetLauncher.cab
O16 - DPF: {58EF1388-AF07-4D13-A069-D107671B8819} -http://www.gamegarden.net/v4/ggsecure.cab
O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) -http://www.radyotvonline.com/play/ampx_en_dl.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: APSHook.dll
O20 - Winlogon Notify: OneCard - C:\Program Files\ASUS Security Center\ASUS Security Protect Manager\Bin\ASWLNPkg.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
--
End of file - 9810 bytes_____________________________
-
quote:
Orijinalden alıntı: yeyilmaz
Serji yardımına ihtiyacım var, sistemim bir süredirağırlaştı, sence burada sorun gözüküyor mu? ne yapmam gerekir?
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Bağlantılar
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Windows Live Oturum Açma Yardım Aracı - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Babylon - {965B54B0-71E0-4611-8DE7-F73FA0B20E26} - C:\Program Files\Babylon\Babylon Toolbar\BabylonIEToolBar.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
ComboFix adlı programı masaüstünüze indirin.
http://www.buraksonmez.com/dosyalar/ComboFix.exe
1. Tüm açık pencerelerinizi ve programlarınızı kapatın.
2. Antivirüs ve Antispyware programlarınızı geçici olarak kapatın veya devre dışı bırakın.
3. ComboFix.exe üzerine çift tıklayın ve programı açın. Programı açtıktan sonra kesinlikle hiç bir işlem yapmayın. 1-2 dakikalık bir mola verin.
4. ComboFix çalışmaya başladıktan sonra Evet butonuna tıklayın.
5. ComboFix olası bir aksilik durumunda sistemizi geri yükleyebilmek amacıyla Kayıt Defterinizin bir yedeğini alacak ve bir sistem geri yükleme noktası oluşturacaktır.
6. Bu işlemler sırasında internet bağlantınız kesilecek ve masaüstünüz kaybolacaktır. Bunlar normaldir. Ayrıca sistem saatiniz de değişecektir. Fakat tüm bunlar geçicidir. İşlemler bittikten sonra hepsi orjinal haline geri döndürülecektir.
7. Biraz sabırlı olmanız gerekebilir çünkü tam 50 aşama söz konusudur.
8. Son olarak ComboFix işlemlerin sonucunu içeren bir rapor hazırlayacaktır. Bu sırada masaüstünüz kaybolabilir. Fakat kısa sürede geri yüklenecektir. İşlemler bittikten sonra ComboFix kapanacak ve size bir rapor açılacaktır. Bu raporu C:\ComboFix.txt bulabilirsiniz.
9. C:\ComboFix.txt dosyasını mesajınıza ekleyerek bize gönderin._____________________________
-
üstad bilgisayarımda fazlasıyla anlık kasmalar mevcut.başlat çubuğunu açarken dosyaları çift tıklayıp açarken(avi,mp3,jpeg vsvs).dosya özelliklerine bakarken,klasörler arasında gezinirken çok yavaş pc vede kasıyor.kis yüklü bilgisayarımda güvenlik önlemi olarka altta da logum var şimdiden teşekkürler.
quote:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:28:01, on 05.08.2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.20815)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\VistaDrive\VistaDrive.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe
C:\Program Files\Nero\Nero 7\InCD\InCD.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\Common Files\Teleca Shared\Generic.exe
C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Documents and Settings\Administrator\Belgelerim\Downloads\HiJackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext =https://msnia.login.live.com/ppsecure/sha1auth.srf?lc=1055
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Bağlantılar
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\ievkbd.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Oturum Açma Yardım Aracı - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: link filter bho - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [VistaDrive] C:\WINDOWS\VistaDrive\VistaDrive.exe
O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\WINDOWS\JM\JMInsIDE.exe
O4 - HKLM\..\Run: [36X Raid Configurer] C:\WINDOWS\system32\JMRaidSetup.exe boot
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [SecurDisc] C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Nero\Nero 7\InCD\InCD.exe
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ares ultra] "C:\Program Files\Ares Ultra\Ares Ultra.exe" -h
O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')
O8 - Extra context menu item: Add to Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\ie_banner_deny.htm
O8 - Extra context menu item: Microsoft Excel'e Gö&nder - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: &Virtual keyboard - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll
O9 - Extra button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) -http://gfx2.hotmail.com/mail/w3/resources/MSNPUpld.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{04B97F92-1EF9-4E56-B973-74E597D3744D}: NameServer = 4.2.2.4,4.2.2.5
O17 - HKLM\System\CS1\Services\Tcpip\..\{04B97F92-1EF9-4E56-B973-74E597D3744D}: NameServer = 4.2.2.4,4.2.2.5
O17 - HKLM\System\CS2\Services\Tcpip\..\{04B97F92-1EF9-4E56-B973-74E597D3744D}: NameServer = 4.2.2.4,4.2.2.5
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd.dll,C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll,C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Kaspersky Internet Security (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
--
End of file - 7298 bytes
_____________________________ Izmir University Of Economics - Logistic Management
-
ALakasız gibi olacak ama en çok buraya girildiğini görünce buraya yazdım. Bilgisayarımdan griirlen heryeri görmek istiyorum. Windows XP'de bunu cookiesden yapıyordum ama vistada britürlü yapamadım. Yardımcı olursanınz yada ilgigli sayfaya yönlendirirseniz sevinirim -
quote:
Orijinalden alıntı: drakin
üstad bilgisayarımda fazlasıyla anlık kasmalar mevcut.başlat çubuğunu açarken dosyaları çift tıklayıp açarken(avi,mp3,jpeg vsvs).dosya özelliklerine bakarken,klasörler arasında gezinirken çok yavaş pc vede kasıyor.kis yüklü bilgisayarımda güvenlik önlemi olarka altta da logum var şimdiden teşekkürler.
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext =https://msnia.login.live.com/ppsecure/sha1auth.srf?lc=1055
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Bağlantılar
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Oturum Açma Yardım Aracı - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [ares ultra] "C:\Program Files\Ares Ultra\Ares Ultra.exe" -h
O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h
ComboFix adlı programı masaüstünüze indirin.
http://www.buraksonmez.com/dosyalar/ComboFix.exe
1. Tüm açık pencerelerinizi ve programlarınızı kapatın.
2. Antivirüs ve Antispyware programlarınızı geçici olarak kapatın veya devre dışı bırakın.
3. ComboFix.exe üzerine çift tıklayın ve programı açın. Programı açtıktan sonra kesinlikle hiç bir işlem yapmayın. 1-2 dakikalık bir mola verin.
4. ComboFix çalışmaya başladıktan sonra Evet butonuna tıklayın.
5. ComboFix olası bir aksilik durumunda sistemizi geri yükleyebilmek amacıyla Kayıt Defterinizin bir yedeğini alacak ve bir sistem geri yükleme noktası oluşturacaktır.
6. Bu işlemler sırasında internet bağlantınız kesilecek ve masaüstünüz kaybolacaktır. Bunlar normaldir. Ayrıca sistem saatiniz de değişecektir. Fakat tüm bunlar geçicidir. İşlemler bittikten sonra hepsi orjinal haline geri döndürülecektir.
7. Biraz sabırlı olmanız gerekebilir çünkü tam 50 aşama söz konusudur.
8. Son olarak ComboFix işlemlerin sonucunu içeren bir rapor hazırlayacaktır. Bu sırada masaüstünüz kaybolabilir. Fakat kısa sürede geri yüklenecektir. İşlemler bittikten sonra ComboFix kapanacak ve size bir rapor açılacaktır. Bu raporu C:\ComboFix.txt bulabilirsiniz.
9. C:\ComboFix.txt dosyasını mesajınıza ekleyerek bize gönderin.
quote:
Orijinalden alıntı: volvo76
ALakasız gibi olacak ama en çok buraya girildiğini görünce buraya yazdım. Bilgisayarımdan griirlen heryeri görmek istiyorum. Windows XP'de bunu cookiesden yapıyordum ama vistada britürlü yapamadım. Yardımcı olursanınz yada ilgigli sayfaya yönlendirirseniz sevinirim
Yine cookielerden olmasi gerek aslinda. Hic denemedigim icin tahmini konusuyorum. Eger o da olmazsa yazilimlar var bunun icin. Biraz arastirirsaniz googleda bulabilirsiniz._____________________________
-
ComboFix 09-08-04.04 - Administrator 06.08.2009 2:05.1.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1254.90.1055.18.2046.1609 [GMT 3:00]
Running from: c:\documents and settings\Administrator\Desktop\ComboFix.exe
AV: Kaspersky Internet Security *On-access scanning disabled* (Updated) {2C4D4BC6-0793-4956-A9F9-E252435469C0}
FW: Kaspersky Internet Security *disabled* {2C4D4BC6-0793-4956-A9F9-E252435469C0}
* Created a new restore point
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\system32\scrrntr.dll
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_NPF
-------\Service_NPF
((((((((((((((((((((((((( Files Created from 2009-07-05 to 2009-08-05 )))))))))))))))))))))))))))))))
.
2009-08-05 23:09 . 2009-08-05 23:09 -------- d-----w- c:\windows\system32\xircom
2009-08-05 23:09 . 2009-08-05 23:09 -------- d-----w- c:\windows\system32\wbem\snmp
2009-08-05 23:09 . 2009-08-05 23:09 -------- d-----w- c:\program files\microsoft frontpage
2009-08-05 18:19 . 2009-08-05 18:30 -------- d-----w- c:\program files\ApexDC++
2009-08-04 14:26 . 2009-08-05 18:08 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-08-03 22:21 . 2009-08-03 22:21 -------- d-----w- c:\documents and settings\LocalService\Application Data\Sony Ericsson
2009-08-03 21:59 . 2009-08-03 22:01 -------- d-----w- c:\program files\Vuze
2009-08-03 21:53 . 2009-08-03 21:53 -------- d-----w- c:\program files\Java
2009-07-30 16:38 . 2009-07-30 16:38 25214 ----a-r- c:\documents and settings\Administrator\Application Data\Microsoft\Installer\{9509674F-3972-11DE-806D-005056806466}\UNINST_Uninstall_G_408FFBEED62349E08B232864A94D2864.exe
2009-07-30 16:38 . 2009-07-30 16:38 25214 ----a-r- c:\documents and settings\Administrator\Application Data\Microsoft\Installer\{9509674F-3972-11DE-806D-005056806466}\ShortcutOGL_EB071909B9884F8CBF3D6115D4ADEE5E.exe
2009-07-30 16:38 . 2009-07-30 16:38 25214 ----a-r- c:\documents and settings\Administrator\Application Data\Microsoft\Installer\{9509674F-3972-11DE-806D-005056806466}\ShortcutDX_EB071909B9884F8CBF3D6115D4ADEE5E.exe
2009-07-30 16:38 . 2009-07-30 16:38 25214 ----a-r- c:\documents and settings\Administrator\Application Data\Microsoft\Installer\{9509674F-3972-11DE-806D-005056806466}\googleearth.exe1_407B9B5CDAC54F44A756B57CAB4E6A8B.exe
2009-07-30 16:38 . 2009-07-30 16:38 25214 ----a-r- c:\documents and settings\Administrator\Application Data\Microsoft\Installer\{9509674F-3972-11DE-806D-005056806466}\googleearth.exe_407B9B5CDAC54F44A756B57CAB4E6A8B.exe
2009-07-30 16:38 . 2009-07-30 16:38 25214 ----a-r- c:\documents and settings\Administrator\Application Data\Microsoft\Installer\{9509674F-3972-11DE-806D-005056806466}\ARPPRODUCTICON.exe
2009-07-30 16:35 . 2009-08-04 15:01 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Temp
2009-07-30 11:16 . 2009-08-04 15:01 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Google
2009-07-20 20:47 . 2009-08-05 20:52 -------- d-----w- C:\Lyrics
2009-07-20 20:46 . 2009-08-05 22:49 -------- d-----w- c:\program files\Minilyrics
2009-07-20 16:35 . 2009-07-20 16:35 -------- d-----w- c:\program files\ConvertHelper
2009-07-20 15:32 . 2009-07-20 16:32 -------- d-----w- c:\documents and settings\Administrator\dwhelper
2009-07-19 23:51 . 2005-11-21 10:48 45056 ----a-w- c:\windows\system32\WNASPI32.DLL
2009-07-19 23:51 . 2005-11-21 10:48 16512 ----a-w- c:\windows\system32\drivers\ASPI32.SYS
2009-07-19 23:51 . 2009-07-19 23:57 -------- d-----w- C:\temp
2009-07-19 23:18 . 2009-07-19 23:18 -------- d-----w- c:\program files\Active Media Software
2009-07-19 23:17 . 2009-07-19 23:18 -------- d-----w- C:\videooutput
2009-07-19 23:17 . 2009-05-19 15:32 758018 ----a-w- c:\windows\system32\xvidcore.dll
2009-07-19 23:17 . 2008-12-04 18:46 180224 ----a-w- c:\windows\system32\xvidvfw.dll
2009-07-19 23:02 . 2009-07-19 23:02 -------- d-----w- c:\program files\Total Video Converter
2009-07-19 22:37 . 2009-07-19 22:37 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Ares
2009-07-19 22:17 . 2009-07-19 22:17 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Ares Ultra
2009-07-19 09:31 . 2003-11-04 12:10 69632 ----a-w- c:\windows\system32\lfgif13n.dll
2009-07-19 09:31 . 2004-05-14 13:53 462848 ----a-w- c:\windows\system32\ltkrn13n.dll
2009-07-19 09:31 . 2004-05-14 13:53 450560 ----a-w- c:\windows\system32\ltimg13n.dll
2009-07-19 09:31 . 2004-05-14 13:53 299008 ----a-w- c:\windows\system32\ltdis13n.dll
2009-07-19 09:31 . 2004-05-14 13:53 163840 ----a-w- c:\windows\system32\ltfil13n.dll
2009-07-19 09:31 . 2004-05-14 13:53 57344 ----a-w- c:\windows\system32\lfbmp13n.dll
2009-07-19 09:31 . 2004-05-14 13:53 401408 ----a-w- c:\windows\system32\lfcmp13n.dll
2009-07-19 09:31 . 2004-01-11 23:09 206336 ----a-w- c:\windows\system32\ltefx13n.dll
2009-07-18 19:12 . 2009-07-18 19:12 932368 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP9\Data\KasFlt\Plugins\profiles-1-6.dll
2009-07-18 19:12 . 2009-07-18 19:12 678416 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP9\Data\KasFlt\Plugins\content_interpreter-1-1.dll
2009-07-17 16:04 . 2009-07-17 16:04 -------- d-----w- c:\program files\Lavalys
2009-07-16 19:53 . 2009-07-16 19:53 -------- d-----w- c:\program files\YouTube Downloader
2009-07-08 13:22 . 2007-04-24 08:33 100488 ----a-r- c:\windows\system32\drivers\s125mgmt.sys
2009-07-08 13:07 . 2007-04-24 08:33 98696 ----a-r- c:\windows\system32\drivers\s125obex.sys
2009-07-08 13:07 . 2007-04-24 08:33 108680 ----a-r- c:\windows\system32\drivers\s125mdm.sys
2009-07-08 13:07 . 2007-04-24 08:33 15112 ----a-r- c:\windows\system32\drivers\s125mdfl.sys
2009-07-08 13:07 . 2007-04-24 08:33 12424 ----a-r- c:\windows\system32\drivers\s125cmnt.sys
2009-07-08 13:07 . 2007-04-24 08:33 12424 ----a-r- c:\windows\system32\drivers\s125cm.sys
2009-07-08 13:07 . 2007-04-24 08:33 12424 ----a-r- c:\windows\system32\drivers\s125whnt.sys
2009-07-08 13:07 . 2007-04-24 08:33 12424 ----a-r- c:\windows\system32\drivers\s125wh.sys
2009-07-08 13:07 . 2007-04-24 08:33 83336 ----a-r- c:\windows\system32\drivers\s125bus.sys
2009-07-08 12:17 . 2009-07-08 12:17 -------- d-----w- c:\documents and settings\Administrator\Application Data\Teleca
2009-07-07 16:15 . 2009-07-07 16:15 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Sony Ericsson
2009-07-07 16:14 . 2009-07-07 16:14 -------- d-----w- c:\documents and settings\Administrator\Application Data\Sony Ericsson
2009-07-07 16:14 . 2009-07-07 16:14 -------- d-----w- c:\program files\Common Files\Sony Ericsson Shared
2009-07-07 16:14 . 2009-07-07 16:15 -------- d-----w- c:\program files\Common Files\Teleca Shared
2009-07-07 16:14 . 2009-07-07 16:14 -------- d-----w- c:\program files\Sony Ericsson
2009-07-07 16:13 . 2009-07-07 16:13 -------- d-----w- c:\windows\Downloaded Installations
2009-07-07 16:07 . 2009-07-07 16:14 -------- d-----w- c:\documents and settings\All Users\Application Data\Teleca
2009-07-07 16:07 . 2009-07-07 16:14 -------- d-----w- c:\documents and settings\All Users\Application Data\Sony Ericsson
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-08-05 22:42 . 2009-07-18 19:02 -------- d-----w- c:\documents and settings\All Users\Application Data\Kaspersky Lab
2009-08-05 19:48 . 2009-07-06 19:55 -------- d-----w- c:\documents and settings\Administrator\Application Data\Azureus
2009-08-03 21:53 . 2009-07-03 14:17 410984 ----a-w- c:\windows\system32\deploytk.dll
2009-08-03 21:52 . 2009-07-03 18:18 152576 ----a-w- c:\documents and settings\Administrator\Application Data\Sun\Java\jre1.6.0_14\lzma.dll
2009-07-20 09:37 . 2009-07-03 13:06 37656 ----a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-07-18 19:12 . 2009-07-18 19:12 604688 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP9\Data\KasFlt\Plugins\gsg-3-9.dll
2009-07-18 19:12 . 2009-07-18 19:12 522768 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP9\Data\KasFlt\Plugins\database-1-5.dll
2009-07-18 19:12 . 2009-07-18 19:12 1096208 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP9\Data\KasFlt\Plugins\filtration-4-6.dll
2009-07-18 19:12 . 2009-07-18 19:12 296976 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP9\Data\Updater\Temporary Files\rollback\patch\AutoPatches\kav9exec\9.0.0.459\sys\i386\5.1\klif.sys
2009-07-18 19:12 . 2009-07-18 19:12 128016 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP9\Data\Updater\Temporary Files\rollback\patch\AutoPatches\kav9exec\9.0.0.459\sys\i386\kl1.sys
2009-07-18 19:12 . 2009-05-24 12:30 128016 ----a-w- c:\windows\system32\drivers\kl1.sys
2009-07-18 19:11 . 2009-07-18 19:11 296976 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP9\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav9exec\9.0.0.459\sys\i386\5.1\klif.sys
2009-07-18 19:11 . 2009-07-18 19:11 128016 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP9\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav9exec\9.0.0.459\sys\i386\kl1.sys
2009-07-18 19:04 . 2009-07-18 19:04 604140 --sha-w- c:\windows\system32\drivers\ISwift3.dat
2009-07-18 19:02 . 2009-07-18 19:02 94643 ----a-w- c:\windows\system32\drivers\klick.dat
2009-07-18 19:02 . 2009-07-18 19:02 105395 ----a-w- c:\windows\system32\drivers\klin.dat
2009-07-18 19:02 . 2009-07-18 19:02 -------- d-----w- c:\program files\Kaspersky Lab
2009-07-18 19:01 . 2009-07-03 15:08 -------- d-----w- c:\documents and settings\All Users\Application Data\Kaspersky Lab Setup Files
2009-07-17 14:27 . 2009-07-03 13:06 -------- d-----w- c:\program files\Messenger Plus! Live
2009-07-06 20:01 . 2009-07-03 18:47 -------- d-----w- c:\program files\Winamp
2009-07-06 19:55 . 2009-07-06 19:55 -------- d-----w- c:\documents and settings\All Users\Application Data\Azureus
2009-07-05 13:47 . 2009-07-05 13:47 -------- d-----w- c:\program files\Zoom
2009-07-05 13:47 . 2009-07-03 13:14 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-07-05 13:38 . 2009-07-05 13:36 -------- d-----w- c:\documents and settings\Administrator\Application Data\Winamp
2009-07-04 23:36 . 2009-07-03 12:50 86327 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-07-03 15:44 . 2009-07-03 15:44 0 ----a-w- c:\windows\ativpsrm.bin
2009-07-03 14:35 . 2009-07-03 13:07 167376 ----a-w- c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\a7z1j6vc.default\FlashGot.exe
2009-07-03 14:03 . 2009-07-03 14:02 -------- d-----w- c:\documents and settings\Administrator\Application Data\Media Player Classic
2009-07-03 13:43 . 2009-07-03 13:42 -------- d-----w- c:\documents and settings\Administrator\Application Data\Ahead
2009-07-03 13:40 . 2009-07-03 13:40 -------- d-----w- c:\documents and settings\All Users\Application Data\Ahead
2009-07-03 13:40 . 2009-07-03 13:38 -------- d-----w- c:\program files\Common Files\Ahead
2009-07-03 13:38 . 2009-07-03 13:38 -------- d-----w- c:\program files\Nero
2009-07-03 13:38 . 2009-07-03 13:38 -------- d-----w- c:\documents and settings\All Users\Application Data\Nero
2009-07-03 13:34 . 2009-07-03 13:34 -------- d-----w- c:\documents and settings\All Users\Application Data\ATI
2009-07-03 13:31 . 2009-07-03 13:19 -------- d-----w- c:\program files\ATI Technologies
2009-07-03 13:23 . 2009-07-03 13:23 -------- d-----w- c:\documents and settings\Administrator\Application Data\ATI
2009-07-03 13:23 . 2009-07-03 13:23 -------- d-----w- c:\documents and settings\All Users\Application Data\Messenger Plus!
2009-07-03 13:19 . 2009-07-03 13:14 -------- d-----w- c:\program files\Common Files\InstallShield
2009-07-03 13:16 . 2008-04-15 12:00 81688 ----a-w- c:\windows\system32\perfc01F.dat
2009-07-03 13:16 . 2008-04-15 12:00 428510 ----a-w- c:\windows\system32\perfh01F.dat
2009-07-03 13:14 . 2009-07-03 13:14 -------- d-----w- c:\program files\Marvell
2009-07-03 13:14 . 2009-07-03 13:14 -------- d-----w- c:\program files\Realtek
2009-07-03 13:14 . 2009-07-03 13:10 0 ----a-w- c:\windows\gdrv.sys
2009-07-03 13:13 . 2009-07-03 13:13 -------- d-----w- c:\program files\Intel
2009-07-03 13:10 . 2009-07-03 13:06 -------- d-----w- c:\program files\The KMPlayer
2009-07-03 13:06 . 2009-07-03 13:06 -------- d-----w- c:\program files\Windows Live
2009-07-03 13:06 . 2009-07-03 13:06 0 ----a-w- c:\windows\nsreg.dat
2009-07-03 13:05 . 2009-07-03 13:05 -------- d-----w- c:\program files\K-Lite Codec Pack
2009-07-03 13:03 . 2009-07-03 13:03 -------- d-----w- c:\program files\Foxit Software
2009-07-03 12:54 . 2009-07-03 12:54 64200 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2009-07-03 12:54 . 2009-07-03 12:54 -------- d-----w- c:\program files\MSBuild
2009-07-03 12:54 . 2009-07-03 12:54 -------- d-----w- c:\program files\Reference Assemblies
2009-07-03 12:48 . 2009-07-03 12:48 -------- d-----w- c:\documents and settings\All Users\Application Data\GroupPolicy
2009-07-03 12:48 . 2009-07-03 12:48 21736 ----a-w- c:\windows\system32\emptyregdb.dat
2009-07-03 12:48 . 2009-07-03 12:48 -------- d-----w- c:\program files\Microsoft Silverlight
2009-07-03 12:47 . 2009-07-03 12:47 -------- d-----w- c:\program files\Windows Media Connect 2
2009-07-03 12:47 . 2009-07-03 12:47 -------- d-----w- c:\program files\LiraConv
2009-06-04 16:00 . 2009-06-04 16:00 59992 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab Setup Files\Kaspersky Internet Security 2010 9.0.0.459\English\setup.exe
2009-05-25 02:21 . 2009-05-25 02:21 219664 ----a-w- c:\windows\system32\klogon.dll
2009-05-25 02:18 . 2009-05-25 02:18 27507 ----a-w- c:\windows\system32\drivers\klopp.dat
2009-05-16 17:59 . 2009-05-16 17:59 19472 ----a-w- c:\windows\system32\drivers\klmouflt.sys
2009-05-13 14:46 . 2009-05-13 14:46 31760 ----a-w- c:\windows\system32\drivers\klim5.sys
.
------- Sigcheck -------
[-] 2008-06-30 21:25 361344 030DC4D48CC2B894FEE2F390D8E66AD5 c:\windows\system32\drivers\tcpip.sys
[-] 2008-04-15 12:00 2186752 1729BC7C63C3C4C86CEB685034A73CBA c:\windows\system32\ntkrnlpa.exe
[-] 2008-06-08 23:46 2308096 D5F432C6FF207F403A3B17FF20254893 c:\windows\system32\ntoskrnl.exe
[-] 2008-05-20 17:04 1139200 356A9AA52B02AF8C6E0E2CC4B6C73998 c:\windows\explorer.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2008-05-02 5724184]
"Google Update"="c:\documents and settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2009-07-30 133104]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"VistaDrive"="c:\windows\VistaDrive\VistaDrive.exe" [2006-10-05 280779]
"JMB36X IDE Setup"="c:\windows\JM\JMInsIDE.exe" [2006-10-31 36864]
"36X Raid Configurer"="c:\windows\system32\JMRaidSetup.exe" [2006-11-17 1953792]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 61440]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136]
"SecurDisc"="c:\program files\Nero\Nero 7\InCD\NBHGui.exe" [2007-05-15 1628208]
"InCD"="c:\program files\Nero\Nero 7\InCD\InCD.exe" [2007-05-15 1057328]
"Sony Ericsson PC Suite"="c:\program files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2007-06-13 528384]
"avp"="c:\program files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe" [2009-05-25 303376]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.exe [2006-11-14 16270848]
"SkyTel"="SkyTel.EXE" - c:\windows\SkyTel.exe [2006-05-16 2879488]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-15 15360]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"ShowDeskFix"="shell32" [X]
"nltide_3"="advpack.dll" - c:\windows\system32\advpack.dll [2008-04-23 124928]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSMMyPictures"= 1 (0x1)
"NoResolveTrack"= 1 (0x1)
"NoSMConfigurePrograms"= 1 (0x1)
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoSMMyPictures"= 1 (0x1)
"NoResolveTrack"= 1 (0x1)
"NoSMConfigurePrograms"= 1 (0x1)
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [15.12.2008 20:41 33808]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [13.05.2009 17:46 31760]
R3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\drivers\klmouflt.sys [16.05.2009 20:59 19472]
.
Contents of the 'Scheduled Tasks' folder
2009-08-04 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1343024091-963894560-1801674531-500Core.job
- c:\documents and settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-07-30 11:16]
2009-08-05 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1343024091-963894560-1801674531-500UA.job
- c:\documents and settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-07-30 11:16]
.
.
------- Supplementary Scan -------
.
IE: Microsoft Excel'e Gö&nder - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
TCP: {04B97F92-1EF9-4E56-B973-74E597D3744D} = 4.2.2.4,4.2.2.5
FF - ProfilePath - c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\a7z1j6vc.default\
FF - component: c:\program files\Mozilla Firefox\extensions\linkfilter@kaspersky.ru\components\KavLinkFilter.dll
FF - plugin: c:\documents and settings\Administrator\Local Settings\Application Data\Google\Update\1.2.183.7\npGoogleOneClick8.dll
---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.cache_size", 51200);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.ogg.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.wave.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.autoplay.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess");
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.storage.default_quota", 5120);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("content.sink.event_probe_rate", 3);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.dpi", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("geo.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.history", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json");
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,http://www.gmer.net
Rootkit scan 2009-08-06 02:10
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(1056)
c:\windows\system32\Ati2evxx.dll
- - - - - - - > 'explorer.exe'(1764)
c:\windows\system32\msi.dll
c:\windows\system32\wpdshserviceobj.dll
c:\windows\system32\portabledevicetypes.dll
c:\windows\system32\portabledeviceapi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\ati2evxx.exe
c:\windows\system32\ati2evxx.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
c:\program files\Nero\Nero 7\InCD\InCDsrv.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Teleca Shared\Generic.exe
c:\program files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
c:\windows\system32\wbem\wmiapsrv.exe
.
**************************************************************************
.
Completion time: 2009-08-05 2:11 - machine was rebooted
ComboFix-quarantined-files.txt 2009-08-05 23:11
Pre-Run: 130.636.505.088 bayt boş
Post-Run: 130.789.371.904 bayt boş
296
_____________________________ Izmir University Of Economics - Logistic Management
Ip işlemleri
Bu mesaj IP'si ile atılan mesajları ara Bu kullanıcının son IP'si ile atılan mesajları ara Bu mesaj IP'si ile kullanıcı ara Bu kullanıcının son IP'si ile kullanıcı ara
KAPAT X
Bu mesaj IP'si ile atılan mesajları ara Bu kullanıcının son IP'si ile atılan mesajları ara Bu mesaj IP'si ile kullanıcı ara Bu kullanıcının son IP'si ile kullanıcı ara
KAPAT X
