First, I would like to thank you all for helping people like us and I would like say that I personally appreciate it.
As it is clear from my topic title, I am also one of the victims of this rootkit trojan. Eset NOD32, evidently, was not able to remove this trojan. I have tried using Malwarebytes anti-malware and ad aware. They did not change anything.
Checking the "Malware and Spyware Cleaning Guide", I have downloaded Rooter and OTListIT2 and got their results in the texts.
I hope you can help me as well. I believe this trojan has been downloading more and more trojans to my pc, even though NOD32 is preventing them from entering.
I am posting the logs below, I hope I haven't missed a step: (by the way, I do not know how one can read and understand these data, but if you see anything else wrong other than the Win32/Rootkit.Agent.ODG.trojan, still let me know please!)
Rooter log:
Microsoft Windows XP Home Edition (5.1.2600) Service Pack 3
C:\ [Fixed] - NTFS - (Total:76065 Mo/Free:856 Mo)
D:\ [CD-Rom] (Total:0 Mo/Free:0 Mo)
E:\ [Fixed] - NTFS - (Total:953867 Mo/Free:1908 Mo)
25.04.2009|17:20
----------------------\\ Processes..
--Locked-- [System Process]
---------- System
---------- \SystemRoot\System32\smss.exe
---------- \??\C:\WINDOWS\system32\csrss.exe
---------- \??\C:\WINDOWS\system32\winlogon.exe
---------- C:\WINDOWS\system32\services.exe
---------- C:\WINDOWS\system32\lsass.exe
---------- C:\WINDOWS\system32\Ati2evxx.exe
---------- C:\WINDOWS\system32\svchost.exe
---------- C:\WINDOWS\system32\svchost.exe
---------- C:\WINDOWS\System32\svchost.exe
---------- C:\WINDOWS\system32\svchost.exe
---------- C:\WINDOWS\system32\Ati2evxx.exe
---------- C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
---------- C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
---------- C:\WINDOWS\system32\svchost.exe
---------- C:\WINDOWS\system32\svchost.exe
---------- C:\WINDOWS\system32\spoolsv.exe
---------- C:\WINDOWS\Explorer.EXE
---------- C:\WINDOWS\system32\TDispVol.exe
---------- C:\WINDOWS\RTHDCPL.EXE
---------- C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
---------- C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
---------- C:\WINDOWS\system32\ctfmon.exe
---------- C:\WINDOWS\system32\svchost.exe
---------- C:\Program Files\Bonjour\mDNSResponder.exe
---------- C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
---------- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
---------- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
---------- C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
---------- C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
---------- C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
---------- C:\WINDOWS\system32\PnkBstrA.exe
---------- C:\WINDOWS\system32\PnkBstrB.exe
---------- C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
---------- C:\WINDOWS\system32\svchost.exe
---------- C:\Program Files\Toshiba\TOSHIBA Applet\TAPPSRV.exe
---------- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
---------- C:\WINDOWS\System32\alg.exe
---------- C:\WINDOWS\system32\wscntfy.exe
---------- C:\Program Files\Mozilla Firefox\firefox.exe
---------- C:\WINDOWS\system32\wuauclt.exe
---------- C:\Documents and Settings\xxxxxxxxx\Desktop\Rooter.exe
---------- C:\WINDOWS\system32\cmd.exe
---------- C:\Rooter$\RK.exe
----------------------\\ Search..
----------------------\\ ROOTKIT !!
HKLM\SYSTEM\ControlSet001\Enum\Root\LEGACY_TDSSSERV
1 - "C:\Rooter$\Rooter_1.txt" - 25.04.2009|17:13
2 - "C:\Rooter$\Rooter_2.txt" - 25.04.2009|17:20
----------------------\\ Scan completed at 17:20
OTLIST2 "OTLIST" LOG:
OTListIt logfile created on: 25.04.2009 17:23:36 - Run 2
OTListIt2 by OldTimer - Version 2.0.14.0 Folder = C:\Documents and Settings\xxxxxxxx\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 0000041F | Country: Türkiye | Language: TRK | Date Format: dd.MM.yyyy
2,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 100,00% Memory free
4,00 Gb Paging File | 4,00 Gb Available in Paging File | 100,00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092;
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74,28 Gb Total Space | 36,84 Gb Free Space | 49,59% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 931,51 Gb Total Space | 577,86 Gb Free Space | 62,04% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: EPHESUS
Current User Name: xxxxxxxxx
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Output = Minimal
File Age = 30 Days
Company Name Whitelist: On
========== Processes (SafeList) ==========
PRC - C:\WINDOWS\system32\Ati2evxx.exe (ATI Technologies Inc.)
PRC - C:\WINDOWS\system32\Ati2evxx.exe (ATI Technologies Inc.)
PRC - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe (Intel Corporation)
PRC - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe (Intel Corporation )
PRC - C:\WINDOWS\Explorer.EXE (Microsoft Corporation)
PRC - C:\WINDOWS\system32\TDispVol.exe (TOSHIBA Corporation)
PRC - C:\WINDOWS\RTHDCPL.EXE (Realtek Semiconductor Corp.)
PRC - C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe (ESET)
PRC - C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe (Microsoft Corporation)
PRC - C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc.)
PRC - C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe (InterVideo Inc.)
PRC - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe (TOSHIBA CORPORATION)
PRC - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe (Cisco Systems, Inc.)
PRC - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe (ESET)
PRC - C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE (Microsoft Corporation)
PRC - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe (Nero AG)
PRC - C:\WINDOWS\system32\PnkBstrA.exe ()
PRC - C:\WINDOWS\system32\PnkBstrB.exe ()
PRC - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe (Intel Corporation)
PRC - C:\Program Files\Toshiba\TOSHIBA Applet\TAPPSRV.exe (TOSHIBA Corp.)
PRC - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe (Ulead Systems, Inc.)
PRC - C:\WINDOWS\system32\wscntfy.exe (Microsoft Corporation)
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Documents and Settings\xxxxxxxxx\Desktop\OTListIt2.exe (OldTimer Tools)
========== Win32 Services (SafeList) ==========
SRV - (aspnet_state [On_Demand | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (Microsoft Corporation)
SRV - (Ati HotKey Poller [Auto | Running]) -- C:\WINDOWS\system32\Ati2evxx.exe (ATI Technologies Inc.)
SRV - (Bonjour Service [Auto | Running]) -- C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc.)
SRV - (Capture Device Service [Auto | Running]) -- C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe (InterVideo Inc.)
SRV - (CFSvcs [Auto | Running]) -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe (TOSHIBA CORPORATION)
SRV - (clr_optimization_v2.0.50727_32 [On_Demand | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (CVPND [Auto | Running]) -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe (Cisco Systems, Inc.)
SRV - (EhttpSrv [On_Demand | Stopped]) -- C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe (ESET)
SRV - (ekrn [Auto | Running]) -- C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe (ESET)
SRV - (EvtEng [Auto | Running]) -- C:\Program Files\Intel\Wireless\Bin\EvtEng.exe (Intel Corporation)
SRV - (FontCache3.0.0.0 [On_Demand | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe (Microsoft Corporation)
SRV - (gusvc [On_Demand | Stopped]) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (Google)
SRV - (helpsvc [Auto | Running]) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll (Microsoft Corporation)
SRV - (IDriverT [On_Demand | Stopped]) -- C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe (Macrovision Corporation)
SRV - (idsvc [Unknown | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe (Microsoft Corporation)
SRV - (iPod Service [On_Demand | Stopped]) -- C:\Program Files\iPod\bin\iPodService.exe (Apple Inc.)
SRV - (MDM [Auto | Running]) -- C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE (Microsoft Corporation)
SRV - (Microsoft Office Groove Audit Service [On_Demand | Stopped]) -- C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe (Microsoft Corporation)
SRV - (Nero BackItUp Scheduler 4.0 [Auto | Running]) -- C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe (Nero AG)
SRV - (NetTcpPortSharing [Disabled | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe (Microsoft Corporation)
SRV - (odserv [On_Demand | Stopped]) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE (Microsoft Corporation)
SRV - (ose [On_Demand | Stopped]) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)
SRV - (PnkBstrA [Auto | Running]) -- C:\WINDOWS\system32\PnkBstrA.exe ()
SRV - (PnkBstrB [Auto | Running]) -- C:\WINDOWS\system32\PnkBstrB.exe ()
SRV - (RegSrvc [Auto | Running]) -- C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe (Intel Corporation)
SRV - (S24EventMonitor [Auto | Running]) -- C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe (Intel Corporation )
SRV - (ServiceLayer [On_Demand | Stopped]) -- C:\Program Files\Nokia\PC Connectivity Solution\ServiceLayer.exe (Nokia.)
SRV - (TAPPSRV [Auto | Running]) -- C:\Program Files\Toshiba\TOSHIBA Applet\TAPPSRV.exe (TOSHIBA Corp.)
SRV - (UleadBurningHelper [Auto | Running]) -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe (Ulead Systems, Inc.)
SRV - (WLSetupSvc [On_Demand | Stopped]) -- C:\Program Files\Windows Live\installer\WLSetupSvc.exe (Microsoft Corporation)
SRV - (WMPNetworkSvc [On_Demand | Stopped]) -- C:\Program Files\Windows Media Player\WMPNetwk.exe (Microsoft Corporation)
========== Driver Services (SafeList) ==========
DRV - (AegisP [Auto | Running]) -- C:\WINDOWS\system32\DRIVERS\AegisP.sys (Meetinghouse Data Communications)
DRV - (AgereSoftModem [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\AGRSM.sys (Agere Systems)
DRV - (ati2mtag [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\ati2mtag.sys (ATI Technologies Inc.)
DRV - (camvid40 [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\camdrv41.sys (Philips Consumer Electronics)
DRV - (CVirtA [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\CVirtA.sys (Cisco Systems, Inc.)
DRV - (CVPNDRVA [Auto | Running]) -- C:\WINDOWS\system32\Drivers\CVPNDRVA.sys (Cisco Systems, Inc.)
DRV - (DLABOIOM [Auto | Running]) -- C:\WINDOWS\System32\DLA\DLABOIOM.SYS (Sonic Solutions)
DRV - (DLACDBHM [System | Running]) -- C:\WINDOWS\System32\Drivers\DLACDBHM.SYS (Sonic Solutions)
DRV - (DLADResN [Auto | Running]) -- C:\WINDOWS\System32\DLA\DLADResN.SYS (Sonic Solutions)
DRV - (DLAIFS_M [Auto | Running]) -- C:\WINDOWS\System32\DLA\DLAIFS_M.SYS (Sonic Solutions)
DRV - (DLAOPIOM [Auto | Running]) -- C:\WINDOWS\System32\DLA\DLAOPIOM.SYS (Sonic Solutions)
DRV - (DLAPoolM [Auto | Running]) -- C:\WINDOWS\System32\DLA\DLAPoolM.SYS (Sonic Solutions)
DRV - (DLARTL_N [System | Running]) -- C:\WINDOWS\System32\Drivers\DLARTL_N.SYS (Sonic Solutions)
DRV - (DLAUDFAM [Auto | Running]) -- C:\WINDOWS\System32\DLA\DLAUDFAM.SYS (Sonic Solutions)
DRV - (DLAUDF_M [Auto | Running]) -- C:\WINDOWS\System32\DLA\DLAUDF_M.SYS (Sonic Solutions)
DRV - (DNE [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\dne2000.sys (Deterministic Networks, Inc.)
DRV - (DRVMCDB [Boot | Running]) -- C:\WINDOWS\System32\Drivers\DRVMCDB.SYS (Sonic Solutions)
DRV - (DRVNDDM [Auto | Running]) -- C:\WINDOWS\System32\Drivers\DRVNDDM.SYS (Sonic Solutions)
DRV - (E100B [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\e100b325.sys (Intel Corporation)
DRV - (eamon [Auto | Running]) -- C:\WINDOWS\system32\DRIVERS\eamon.sys (ESET)
DRV - (ehdrv [System | Running]) -- C:\WINDOWS\system32\DRIVERS\ehdrv.sys (ESET)
DRV - (epfwtdir [System | Running]) -- C:\WINDOWS\system32\DRIVERS\epfwtdir.sys (ESET)
DRV - (GEARAspiWDM [On_Demand | Running]) -- C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV - (HDAudBus [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\HDAudBus.sys (Windows ® Server 2003 DDK provider)
DRV - (ialm [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\ialmnt5.sys (Intel Corporation)
DRV - (IntcAzAudAddService [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys (Realtek Semiconductor Corp.)
DRV - (lusbaudio [System | Stopped]) -- C:\WINDOWS\system32\drivers\OVSound2.sys (Microsoft Corporation)
DRV - (Netdevio [Auto | Running]) -- C:\WINDOWS\system32\DRIVERS\netdevio.sys (TOSHIBA Corporation.)
DRV - (NETw5x32 [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\NETw5x32.sys (Intel Corporation)
DRV - (nmwcd [On_Demand | Stopped]) -- C:\WINDOWS\system32\drivers\ccdcmb.sys (Nokia)
DRV - (nmwcdc [On_Demand | Stopped]) -- C:\WINDOWS\system32\drivers\ccdcmbo.sys (Nokia)
DRV - (nmwcdnsu [On_Demand | Stopped]) -- C:\WINDOWS\system32\drivers\nmwcdnsu.sys (Nokia)
DRV - (nmwcdnsuc [On_Demand | Stopped]) -- C:\WINDOWS\system32\drivers\nmwcdnsuc.sys (Nokia)
DRV - (NuidFltr [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\NuidFltr.sys (Microsoft Corporation)
DRV - (PnkBstrK [On_Demand | Stopped]) -- C:\WINDOWS\system32\drivers\PnkBstrK.sys ()
DRV - (Point32 [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\point32.sys (Microsoft Corporation)
DRV - (Ptilink [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\ptilink.sys (Parallel Technologies, Inc.)
DRV - (PxHelp20 [Boot | Running]) -- C:\WINDOWS\System32\Drivers\PxHelp20.sys (Sonic Solutions)
DRV - (QCAbsee [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\OVCA.sys (Microsoft Corporation)
DRV - (ROOTMODEM [On_Demand | Running]) -- C:\WINDOWS\System32\Drivers\RootMdm.sys (Microsoft Corporation)
DRV - (s24trans [Auto | Running]) -- C:\WINDOWS\system32\DRIVERS\s24trans.sys (Intel Corporation)
DRV - (Secdrv [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\secdrv.sys (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
DRV - (SynTP [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\SynTP.sys (Synaptics, Inc.)
DRV - (tifm21 [On_Demand | Stopped]) -- C:\WINDOWS\system32\drivers\tifm21.sys (Texas Instruments)
DRV - (toshidpt [On_Demand | Stopped]) -- C:\WINDOWS\system32\drivers\Toshidpt.sys (TOSHIBA Corporation.)
DRV - (tosporte [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\tosporte.sys (TOSHIBA Corporation)
DRV - (Tosrfbd [On_Demand | Stopped]) -- C:\WINDOWS\System32\Drivers\tosrfbd.sys (TOSHIBA CORPORATION)
DRV - (Tosrfbnp [On_Demand | Stopped]) -- C:\WINDOWS\System32\Drivers\tosrfbnp.sys (TOSHIBA Corporation)
DRV - (Tosrfcom [System | Running]) -- C:\WINDOWS\System32\Drivers\tosrfcom.sys (TOSHIBA Corporation)
DRV - (tosrfec [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\tosrfec.sys (TOSHIBA Corporation)
DRV - (Tosrfhid [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\Tosrfhid.sys (TOSHIBA Corporation.)
DRV - (tosrfnds [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\tosrfnds.sys (TOSHIBA Corporation.)
DRV - (TosRfSnd [On_Demand | Stopped]) -- C:\WINDOWS\system32\drivers\TosRfSnd.sys (TOSHIBA Corporation)
DRV - (Tosrfusb [On_Demand | Stopped]) -- C:\WINDOWS\System32\Drivers\tosrfusb.sys (TOSHIBA CORPORATION)
DRV - (TVALD [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\NBSMI.sys (Toshiba Corporation)
DRV - (Tvs [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\Tvs.sys (TOSHIBA Corporation)
DRV - (upperdev [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\usbser_lowerflt.sys (Windows ® Codename Longhorn DDK provider)
DRV - (usbaudio [On_Demand | Stopped]) -- C:\WINDOWS\system32\drivers\usbaudio.sys (Microsoft Corporation)
DRV - (usbser [On_Demand | Stopped]) -- C:\WINDOWS\system32\drivers\usbser.sys (Microsoft Corporation)
DRV - (UsbserFilt [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\usbser_lowerfltj.sys (Windows ® Codename Longhorn DDK provider)
DRV - (vsdatant [On_Demand | Stopped]) -- C:\WINDOWS\system32\vsdatant.sys (Zone Labs LLC)
DRV - (w39n51 [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\w39n51.sys (Intel® Corporation)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL =
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn...st/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn...st/srchasst.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
========== FireFox ==========
FF - prefs.js..browser.search.selectedEngine: "Wikipedia (en)"
FF - prefs.js..browser.search.update: false
FF - prefs.js..browser.startup.homepage: "www.google.co.uk"
FF - prefs.js..extensions.enabledItems: {19503e42-ca3c-4c27-b1e2-9cdb2170ee34}:1.1.8.6
FF - prefs.js..extensions.enabledItems: {20a82645-c095-46ed-80e3-08825760534b}:1.0
FF - prefs.js..extensions.enabledItems: {B13721C7-F507-4982-B2E5-502A71474FED}:2.2.0.102
FF - prefs.js..extensions.enabledItems: {19D6F1AB-D724-41EA-97CA-0758E16D12B7}:1.0
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.9
FF - prefs.js..extensions.enabledItems: {36C13C8F-54F1-412e-8177-2E411719162D}:3.3.7
FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION\ [2009.04.21 23:07:31 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.9\extensions\\Components: C:\PROGRAM FILES\MOZILLA FIREFOX\COMPONENTS [2009.04.25 15:49:00 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.9\extensions\\Plugins: C:\PROGRAM FILES\MOZILLA FIREFOX\PLUGINS [2009.04.23 19:01:15 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Thunderbird\Extensions\\[email protected]: C:\PROGRAM FILES\ESET\ESET NOD32 ANTIVIRUS\MOZILLA THUNDERBIRD
[2008.09.14 14:07:57 | 00,000,000 | ---D | M] -- C:\Documents and Settings\xxxxxxxx\Application Data\mozilla\Extensions
[2008.09.14 14:07:57 | 00,000,000 | ---D | M] -- C:\Documents and Settings\xxxxxxxx\Application Data\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009.04.22 08:14:20 | 00,000,000 | ---D | M] -- C:\Documents and Settings\xxxxxxxx\Application Data\mozilla\Firefox\Profiles\qlxl1e1p.default\extensions
[2009.04.22 08:14:20 | 00,000,000 | ---D | M] -- C:\Documents and Settings\xxxxxxxx\Application Data\mozilla\Firefox\Profiles\qlxl1e1p.default\extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}
[2009.02.01 16:04:06 | 00,000,000 | ---D | M] -- C:\Documents and Settings\xxxxxxxx\Application Data\mozilla\Firefox\Profiles\qlxl1e1p.default\extensions\{36C13C8F-54F1-412e-8177-2E411719162D}
[2009.04.25 17:06:16 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
[2009.04.21 21:50:33 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{19D6F1AB-D724-41EA-97CA-0758E16D12B7}
[2009.04.23 19:01:15 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2009.01.31 17:52:48 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}
[2009.04.23 19:01:05 | 00,023,032 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browserdirprovider.dll
[2009.04.23 19:01:05 | 00,134,648 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\brwsrcmp.dll
[2008.01.04 16:36:50 | 00,001,538 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazon-en-GB.xml
[2006.07.05 19:47:38 | 00,002,193 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\answers.xml
[2008.01.04 16:36:50 | 00,000,947 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\chambers-en-GB.xml
[2008.03.08 10:35:22 | 00,001,534 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml
[2008.11.14 18:58:45 | 00,000,759 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-en-GB.xml
[2008.04.16 05:08:20 | 00,001,706 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml
[2008.03.28 19:11:14 | 00,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia.xml
[2008.01.04 16:36:50 | 00,000,831 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-en-GB.xml
Hosts file not found
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (FGCatchUrl) - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll (www.flashget.com)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - Reg Error: Key error. File not found
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Windows Live Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (FlashGet GetFlash Class) - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll (www.flashget.com)
O3 - HKLM\..\Toolbar: (Mirar) - {DF3D3FFC-4404-457E-BA81-77BB7EA6FCF3} - Reg Error: Key error. File not found
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {C4069E3A-68F1-403E-B40E-20066696354B} - Reg Error: Key error. File not found
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - Reg Error: Key error. File not found
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {DF3D3FFC-4404-457E-BA81-77BB7EA6FCF3} - Reg Error: Key error. File not found
O4 - HKLM..\Run: [Alcmtr] ALCMTR.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice (ESET)
O4 - HKLM..\Run: [RTHDCPL] RTHDCPL.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [TDispVol] "C:\WINDOWS\system32\TDispVol.exe" (TOSHIBA Corporation)
O4 - HKCU..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background (Microsoft Corporation)
O4 - HKCU..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized (Skype Technologies S.A.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: &Download All with FlashGet - C:\Program Files\FlashGet\jc_all.htm ()
O8 - Extra context menu item: &Download with FlashGet - C:\Program Files\FlashGet\jc_link.htm ()
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\npjpi160_07.dll (Sun Microsystems, Inc.)
O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe (FlashGet.com)
O9 - Extra 'Tools' menuitem : FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe (FlashGet.com)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [mdnsNSP] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKCU\..Trusted Domains: microsoft.com ([*.update] http in Güvenilen siteler)
O15 - HKCU\..Trusted Domains: microsoft.com ([*.update] https in Güvenilen siteler)
O15 - HKCU\..Trusted Domains: microsoft.com ([update] http in Güvenilen siteler)
O15 - HKCU\..Trusted Domains: microsoft.com ([update] https in Güvenilen siteler)
O15 - HKCU\..Trusted Domains: microsoft.com ([windowsupdate] http in Güvenilen siteler)
O15 - HKCU\..Trusted Domains: microsoft.com ([www.update] http in Güvenilen siteler)
O15 - HKCU\..Trusted Sites: windowsupdate.com ([]http in Güvenilen siteler)
O15 - HKCU\..Trusted Domains: windowsupdate.com ([download] http in Güvenilen siteler)
O15 - HKCU\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebo...toUploader5.cab (Facebook Photo Uploader 5)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://fpdownload.ma...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} http://gfx1.hotmail....es/MSNPUpld.cab (MSN Photo Upload Tool)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.mi...b?1206185325921 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.mi...b?1206186201843 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...t/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0_04)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_06)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Interfaces\{7B6CC36C-1CA7-40D7-8C16-67A546ACC108}\\NameServer = 4.2.2.1
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\system32\Ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
O24 - Desktop Components:0 (Geçerli Giriş Sayfam) - About:Home
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 0
O32 - Autorun File - C:\AUTOEXEC.BAT () - [ NTFS ]
O32 - Autorun File - E:\autorun [2009.04.07 21:47:46 | 00,000,000 | RH-D | M] - [ NTFS ]
O32 - Autorun File - E:\autorun.inf () - [ NTFS ]
O33 - MountPoints2\{8959a6d4-0da5-11de-8adc-00a0d145bb90}\Shell\AutoRun\command - "" = explorer .
O33 - MountPoints2\{8959a6d4-0da5-11de-8adc-00a0d145bb90}\Shell\mobile\command - "" = G:\MobileLaunch.exe -- File not found
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found
========== Files/Folders - Created Within 30 Days ==========
[1 C:\*.tmp files]
[3 C:\WINDOWS\*.tmp files]
[2009.04.25 17:17:29 | 00,501,248 | ---- | C] (OldTimer Tools) -- C:\DOCUME~1\EFEAKA~1\Desktop\OTListIt2.exe
[2009.04.25 17:12:48 | 00,000,000 | ---D | C] -- C:\Rooter$
[2009.04.25 17:12:43 | 00,267,612 | ---- | C] () -- C:\DOCUME~1\EFEAKA~1\Desktop\Rooter.exe
[2009.04.25 16:31:08 | 00,000,000 | ---D | C] -- C:\Program Files\jv16 PowerTools 2009
[2009.04.25 15:24:44 | 00,051,200 | ---- | C] () -- C:\DOCUME~1\EFEAKA~1\Desktop\October 19 The Poisson Event Count Model.doc
[2009.04.24 23:20:04 | 00,000,000 | ---D | C] -- C:\Documents and Settings\xxxxxxxxx\Application Data\TrojanHunter
[2009.04.24 11:16:25 | 00,000,000 | ---D | C] -- C:\Program Files\Trojan Remover
[2009.04.24 11:02:01 | 00,059,392 | R--- | C] () -- C:\WINDOWS\System32\streamhlp.dll
[2009.04.24 11:02:01 | 00,000,000 | ---D | C] -- C:\Program Files\TrojanHunter 5.0
[2009.04.24 10:58:22 | 00,102,800 | ---- | C] (Trend Micro Inc.) -- C:\WINDOWS\System32\drivers\tmcomm.sys
[2009.04.23 23:44:25 | 00,000,867 | ---- | C] () -- C:\DOCUME~1\EFEAKA~1\Belgelerim\Ad-Aware.lnk
[2009.04.22 08:09:09 | 01,089,883 | ---- | C] () -- C:\WINDOWS\System32\dllcache\ntprint.cat
[2009.04.21 22:54:20 | 00,000,224 | ---- | C] () -- C:\WINDOWS\System32\spupdsvc.inf
[2009.04.21 22:51:26 | 00,000,000 | ---D | C] -- C:\WINDOWS\SxsCaPendDel
[2009.04.21 21:49:29 | 00,000,000 | ---D | C] -- C:\DOCUME~1\EFEAKA~1\Local Settings\Application Data\ESET
[2009.04.21 20:39:37 | 36,687,6914 | ---- | C] () -- C:\DOCUME~1\EFEAKA~1\Desktop\heroes.s03e24.hdtv.xvid-fqm.www.divxkurdu.com.DvX-TeaM.avi
[2009.04.18 16:56:10 | 00,139,895 | ---- | C] () -- C:\DOCUME~1\EFEAKA~1\Desktop\Grob-From_the_Dagger_to_the_Bomb.pdf
[2009.04.18 15:11:32 | 00,444,692 | ---- | C] () -- C:\DOCUME~1\EFEAKA~1\Desktop\477.pdf
[2009.04.18 12:22:25 | 00,275,475 | ---- | C] () -- C:\DOCUME~1\EFEAKA~1\Desktop\WP12.pdf
[2009.04.18 12:17:30 | 00,000,000 | ---D | C] -- C:\DOCUME~1\EFEAKA~1\Desktop\Research Design
[2009.04.15 21:05:00 | 00,227,840 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmiprvse.exe
[2009.04.15 21:04:53 | 00,283,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pdh.dll
[2009.04.15 21:04:53 | 00,111,104 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\services.exe
[2009.04.15 21:04:52 | 00,401,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rpcss.dll
[2009.04.15 21:04:51 | 00,473,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fastprox.dll
[2009.04.15 21:04:51 | 00,035,328 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sc.exe
[2009.04.15 21:04:49 | 00,682,496 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\advapi32.dll
[2009.04.15 21:04:48 | 00,728,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\lsasrv.dll
[2009.04.15 21:04:48 | 00,453,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmiprvsd.dll
[2009.04.15 21:04:47 | 00,710,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntdll.dll
[2009.04.15 21:03:14 | 01,203,922 | ---- | C] () -- C:\WINDOWS\System32\dllcache\sysmain.sdb
[2009.04.15 21:03:13 | 00,216,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wordpad.exe
[2009.04.14 12:34:26 | 11,735,11499 | ---- | C] () -- C:\DOCUME~1\EFEAKA~1\Desktop\Heroes.S03E23.720p.HDTV.X264-DIMENSION.mkv
[2009.04.13 16:03:36 | 00,000,000 | ---D | C] -- C:\DOCUME~1\EFEAKA~1\Desktop\RM
[2009.04.13 11:22:25 | 00,000,000 | ---D | C] -- C:\DOCUME~1\EFEAKA~1\Desktop\Research Methods
[2009.04.13 01:50:44 | 00,000,000 | ---D | C] -- C:\Program Files\ESET
[2009.04.13 01:50:44 | 00,000,000 | ---D | C] -- C:\DOCUME~1\ALLUSE~1\Application Data\ESET
[2009.04.13 01:42:24 | 00,278,528 | ---- | C] (Real Networks, Inc) -- C:\WINDOWS\System32\pncrt.dll
[2009.04.13 01:42:21 | 00,168,448 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2009.04.13 01:42:20 | 00,839,680 | ---- | C] (http://www.mp3dev.org/) -- C:\WINDOWS\System32\lameACM.acm
[2009.04.13 01:42:20 | 00,000,414 | ---- | C] () -- C:\WINDOWS\System32\lame_acm.xml
[2009.04.13 01:42:19 | 03,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2009.04.13 01:42:19 | 00,795,648 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2009.04.13 01:42:19 | 00,217,088 | ---- | C] (www.helixcommunity.org) -- C:\WINDOWS\System32\yv12vfw.dll
[2009.04.13 01:42:19 | 00,130,048 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2009.04.13 01:42:19 | 00,118,784 | ---- | C] (fccHandler) -- C:\WINDOWS\System32\ac3acm.acm
[2009.04.13 01:42:19 | 00,086,016 | ---- | C] (DivX, Inc.) -- C:\WINDOWS\System32\dpl100.dll
[2009.04.13 01:42:17 | 00,067,584 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2009.04.13 01:42:17 | 00,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest
[2009.04.13 01:42:16 | 00,060,273 | ---- | C] (Open Source Software community project) -- C:\WINDOWS\System32\pthreadGC2.dll
[2009.04.13 01:42:15 | 00,000,000 | ---D | C] -- C:\Documents and Settings\xxxxxxxxx\Application Data\Real
[2009.04.13 01:42:15 | 00,000,000 | ---D | C] -- C:\DOCUME~1\EFEAKA~1\Local Settings\Application Data\Real
[2009.04.13 01:42:15 | 00,000,000 | ---D | C] -- C:\DOCUME~1\ALLUSE~1\Application Data\Real
[2009.04.10 22:49:06 | 00,000,000 | ---D | C] -- C:\DOCUME~1\EFEAKA~1\Belgelerim\The KMPlayer
[2009.04.10 22:47:10 | 00,000,710 | ---- | C] () -- C:\DOCUME~1\EFEAKA~1\Belgelerim\KMPlayer.lnk
[2009.04.10 22:46:57 | 00,000,000 | ---D | C] -- C:\Program Files\The KMPlayer
[2009.04.10 22:40:18 | 00,000,000 | ---D | C] -- C:\Program Files\Haali
[2009.04.10 22:40:06 | 00,000,000 | ---D | C] -- C:\Program Files\CoreCodec
[2009.04.10 13:42:42 | 00,000,000 | ---D | C] -- C:\DOCUME~1\EFEAKA~1\Desktop\UN simulation
[2009.04.09 15:21:12 | 00,094,360 | ---- | C] (ESET) -- C:\WINDOWS\System32\drivers\epfwtdir.sys
[2009.04.09 15:18:02 | 00,107,256 | ---- | C] (ESET) -- C:\WINDOWS\System32\drivers\ehdrv.sys
[2009.04.09 15:10:30 | 00,113,960 | ---- | C] (ESET) -- C:\WINDOWS\System32\drivers\eamon.sys
[2009.04.06 14:26:42 | 00,000,000 | ---D | C] -- C:\DOCUME~1\EFEAKA~1\Belgelerim\Tekne Fotolar
[2009.04.05 13:52:46 | 00,044,498 | ---- | C] () -- C:\DOCUME~1\EFEAKA~1\Belgelerim\one.flew.over.the.cuckoos.nest.(1975).eng.1cd.(3373253).zip
[2009.04.04 16:56:15 | 00,104,848 | ---- | C] () -- C:\DOCUME~1\EFEAKA~1\Belgelerim\PMch1.pdf
[2009.04.03 18:36:33 | 59,071,765 | ---- | C] () -- C:\DOCUME~1\EFEAKA~1\Belgelerim\Duman-En_Guzel_Gunum_Gecem-2007.rar
[2009.04.03 00:42:39 | 00,300,540 | ---- | C] () -- C:\DOCUME~1\EFEAKA~1\Belgelerim\hydroptere_2_582.jpg
[2009.03.31 12:56:19 | 00,000,000 | ---D | C] -- C:\DOCUME~1\EFEAKA~1\Desktop\Terrorism Essay- Yes We Can
[2009.03.30 19:35:29 | 00,000,000 | ---D | C] -- C:\DOCUME~1\EFEAKA~1\Belgelerim\My Received Files
[2009.02.28 23:57:18 | 00,140,216 | ---- | C] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys
[2009.01.23 17:54:35 | 00,015,504 | ---- | C] () -- C:\WINDOWS\System32\msdx92.dll
[2009.01.14 10:22:27 | 00,001,024 | ---- | C] () -- C:\WINDOWS\System32\grcauth2.dll
[2009.01.14 10:22:27 | 00,001,024 | ---- | C] () -- C:\WINDOWS\System32\grcauth1.dll
[2009.01.14 10:22:27 | 00,000,100 | ---- | C] () -- C:\WINDOWS\System32\prsgrc.dll
[2009.01.14 10:07:23 | 00,001,025 | ---- | C] () -- C:\WINDOWS\System32\sysprs7.dll
[2009.01.14 10:07:23 | 00,000,205 | ---- | C] () -- C:\WINDOWS\System32\lsprst7.dll
[2008.12.30 15:52:50 | 00,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2008.12.24 14:39:42 | 00,004,767 | ---- | C] () -- C:\WINDOWS\Irremote.ini
[2008.06.25 22:22:48 | 00,308,736 | R--- | C] () -- C:\WINDOWS\System32\fpxlib.dll
[2008.06.25 22:22:48 | 00,091,136 | R--- | C] () -- C:\WINDOWS\System32\jpeglib.dll
[2008.05.23 07:48:33 | 00,000,000 | ---- | C] () -- C:\WINDOWS\tosOBEX.INI
[2008.05.23 07:35:50 | 00,000,098 | ---- | C] () -- C:\WINDOWS\WirelessFTP.INI
[2008.05.11 08:45:55 | 00,000,145 | ---- | C] () -- C:\WINDOWS\PR1V2.INI
[2007.04.03 16:18:26 | 00,197,672 | ---- | C] () -- C:\WINDOWS\System32\vpnapi.dll
[2007.04.03 16:18:06 | 00,193,576 | ---- | C] () -- C:\WINDOWS\System32\CSGina.dll
[2006.02.01 11:19:14 | 00,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2006.02.01 11:08:10 | 00,000,466 | ---- | C] () -- C:\WINDOWS\TBTdetect.ini
[2006.02.01 10:55:30 | 00,000,744 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006.02.01 10:42:00 | 00,000,216 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2006.02.01 10:38:07 | 00,210,456 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2006.02.01 10:38:07 | 00,206,360 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2006.02.01 10:38:07 | 00,198,168 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2006.02.01 10:38:07 | 00,198,168 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2006.02.01 10:38:07 | 00,194,072 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2006.02.01 10:38:07 | 00,026,136 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2006.02.01 10:33:55 | 00,045,056 | ---- | C] () -- C:\WINDOWS\System32\TDispVol.dll
[2006.02.01 10:30:55 | 00,000,000 | ---- | C] () -- C:\WINDOWS\NDSTray.INI
[2006.02.01 10:30:39 | 00,036,736 | ---- | C] () -- C:\WINDOWS\System32\drivers\CSIIDecoder_kern_i386.sys
[2006.02.01 10:30:39 | 00,029,184 | ---- | C] () -- C:\WINDOWS\System32\drivers\TSXT_kern_i386.sys
[2006.02.01 09:27:24 | 00,118,784 | ---- | C] () -- C:\WINDOWS\System32\TCtrlIO.dll
[2006.02.01 09:27:24 | 00,053,248 | ---- | C] ( ) -- C:\WINDOWS\System32\DLLVGA.dll
[2006.02.01 09:15:17 | 00,128,113 | ---- | C] () -- C:\WINDOWS\System32\csellang.ini
[2006.02.01 09:15:17 | 00,045,056 | ---- | C] () -- C:\WINDOWS\System32\csellang.dll
[2006.02.01 09:15:17 | 00,010,174 | ---- | C] () -- C:\WINDOWS\System32\tosmreg.ini
[2006.02.01 09:15:17 | 00,007,671 | ---- | C] () -- C:\WINDOWS\System32\cseltbl.ini
[2006.01.31 16:20:04 | 00,028,672 | ---- | C] () -- C:\WINDOWS\System32\ToshBIOS.dll
[2006.01.31 16:20:04 | 00,000,083 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2006.01.31 16:19:42 | 00,000,668 | ---- | C] () -- C:\WINDOWS\win.ini
[2006.01.31 16:19:39 | 00,000,827 | ---- | C] () -- C:\WINDOWS\system.ini
[2005.11.29 04:33:56 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2005.09.02 13:44:08 | 00,110,592 | ---- | C] () -- C:\WINDOWS\System32\TosBtAcc.dll
[2005.07.22 20:30:20 | 00,065,536 | ---- | C] () -- C:\WINDOWS\System32\TosCommAPI.dll
[2004.07.20 16:04:02 | 00,094,208 | ---- | C] () -- C:\WINDOWS\System32\TosBtHcrpAPI.dll
[2004.04.05 14:08:36 | 00,286,720 | ---- | C] () -- C:\WINDOWS\System32\ChtCodec.dll
[2004.01.15 13:43:28 | 00,114,688 | ---- | C] () -- C:\WINDOWS\System32\TBTMonUI.dll
[2004.01.14 02:46:00 | 00,172,032 | ---- | C] () -- C:\WINDOWS\System32\tifmicon.dll
========== Files - Modified Within 30 Days ==========
[1 C:\*.tmp files]
[4 C:\WINDOWS\System32\*.tmp files]
[3 C:\WINDOWS\*.tmp files]
[2009.04.25 17:17:30 | 00,501,248 | ---- | M] (OldTimer Tools) -- C:\DOCUME~1\EFEAKA~1\Desktop\OTListIt2.exe
[2009.04.25 17:12:43 | 00,267,612 | ---- | M] () -- C:\DOCUME~1\EFEAKA~1\Desktop\Rooter.exe
[2009.04.25 17:09:44 | 01,043,700 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009.04.25 17:09:44 | 00,444,362 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2009.04.25 17:09:44 | 00,431,542 | ---- | M] () -- C:\WINDOWS\System32\perfh01F.dat
[2009.04.25 17:09:44 | 00,082,308 | ---- | M] () -- C:\WINDOWS\System32\perfc01F.dat
[2009.04.25 17:09:44 | 00,072,238 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2009.04.25 17:05:22 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009.04.25 17:05:18 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009.04.25 17:05:15 | 32,191,81568 | -HS- | M] () -- C:\hiberfil.sys
[2009.04.25 16:59:13 | 00,195,584 | ---- | M] () -- C:\DOCUME~1\EFEAKA~1\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009.04.25 15:26:36 | 00,102,472 | ---- | M] () -- C:\DOCUME~1\EFEAKA~1\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2009.04.25 15:24:44 | 00,051,200 | ---- | M] () -- C:\DOCUME~1\EFEAKA~1\Desktop\October 19 The Poisson Event Count Model.doc
[2009.04.25 12:53:00 | 00,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2009.04.24 11:02:05 | 00,059,392 | R--- | M] () -- C:\WINDOWS\System32\streamhlp.dll
[2009.04.24 10:58:22 | 00,102,800 | ---- | M] (Trend Micro Inc.) -- C:\WINDOWS\System32\drivers\tmcomm.sys
[2009.04.23 23:44:25 | 00,000,867 | ---- | M] () -- C:\DOCUME~1\EFEAKA~1\Belgelerim\Ad-Aware.lnk
[2009.04.22 08:06:58 | 00,368,896 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009.04.21 23:31:56 | 00,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2009.04.21 22:54:20 | 00,000,224 | ---- | M] () -- C:\WINDOWS\System32\spupdsvc.inf
[2009.04.21 22:27:50 | 00,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009.04.21 22:10:24 | 00,011,168 | -H-- | M] () -- C:\WINDOWS\System32\zulenipe
[2009.04.21 21:55:24 | 00,050,688 | -HS- | M] () -- C:\WINDOWS\System32\gitisowe.exe
[2009.04.20 23:42:55 | 36,687,6914 | ---- | M] () -- C:\DOCUME~1\EFEAKA~1\Desktop\heroes.s03e24.hdtv.xvid-fqm.www.divxkurdu.com.DvX-TeaM.avi
[2009.04.19 18:03:52 | 00,002,433 | ---- | M] () -- C:\DOCUME~1\EFEAKA~1\Belgelerim\VPN Client.lnk
[2009.04.18 16:56:10 | 00,139,895 | ---- | M] () -- C:\DOCUME~1\EFEAKA~1\Desktop\Grob-From_the_Dagger_to_the_Bomb.pdf
[2009.04.18 16:55:51 | 00,444,692 | ---- | M] () -- C:\DOCUME~1\EFEAKA~1\Desktop\477.pdf
[2009.04.18 12:22:25 | 00,275,475 | ---- | M] () -- C:\DOCUME~1\EFEAKA~1\Desktop\WP12.pdf
[2009.04.13 21:18:00 | 00,000,478 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2009.04.13 21:16:48 | 11,735,11499 | ---- | M] () -- C:\DOCUME~1\EFEAKA~1\Desktop\Heroes.S03E23.720p.HDTV.X264-DIMENSION.mkv
[2009.04.10 22:47:10 | 00,000,710 | ---- | M] () -- C:\DOCUME~1\EFEAKA~1\Belgelerim\KMPlayer.lnk
[2009.04.09 15:21:12 | 00,094,360 | ---- | M] (ESET) -- C:\WINDOWS\System32\drivers\epfwtdir.sys
[2009.04.09 15:18:02 | 00,107,256 | ---- | M] (ESET) -- C:\WINDOWS\System32\drivers\ehdrv.sys
[2009.04.09 15:10:30 | 00,113,960 | ---- | M] (ESET) -- C:\WINDOWS\System32\drivers\eamon.sys
[2009.04.06 15:32:54 | 00,038,496 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009.04.06 15:32:46 | 00,015,504 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009.04.05 13:52:46 | 00,044,498 | ---- | M] () -- C:\DOCUME~1\EFEAKA~1\Belgelerim\one.flew.over.the.cuckoos.nest.(1975).eng.1cd.(3373253).zip
[2009.04.04 16:56:16 | 00,104,848 | ---- | M] () -- C:\DOCUME~1\EFEAKA~1\Belgelerim\PMch1.pdf
[2009.04.03 18:37:16 | 59,071,765 | ---- | M] () -- C:\DOCUME~1\EFEAKA~1\Belgelerim\Duman-En_Guzel_Gunum_Gecem-2007.rar
[2009.04.03 00:42:40 | 00,300,540 | ---- | M] () -- C:\DOCUME~1\EFEAKA~1\Belgelerim\hydroptere_2_582.jpg
[2009.04.02 11:33:00 | 00,184,958 | ---- | M] () -- C:\DOCUME~1\EFEAKA~1\Belgelerim\OC.jpg
[2009.03.27 12:45:56 | 00,015,817 | ---- | M] () -- C:\DOCUME~1\EFEAKA~1\Desktop\Yeni Microsoft Office Word Document.docx
[2009.03.27 07:48:52 | 01,203,922 | ---- | M] () -- C:\WINDOWS\System32\dllcache\sysmain.sdb
[2009.03.26 19:02:09 | 01,596,607 | ---- | M] () -- C:\DOCUME~1\EFEAKA~1\Belgelerim\189_1.jpg
========== Alternate Data Streams ==========
@Alternate Data Stream - 150 bytes -> C:\DOCUME~1\ALLUSE~1\Application Data\TEMP:CD060F93
@Alternate Data Stream - 124 bytes -> C:\DOCUME~1\ALLUSE~1\Application Data\TEMP:CB0AACC9
@Alternate Data Stream - 118 bytes -> C:\DOCUME~1\ALLUSE~1\Application Data\TEMP:5BB923A2
< End of report >
OTLIST "EXTRAS" LOG:
OTListIt Extras logfile created on: 25.04.2009 17:23:36 - Run 2
OTListIt2 by OldTimer - Version 2.0.14.0 Folder = C:\Documents and Settings\xxxxxxxx\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 0000041F | Country: Türkiye | Language: TRK | Date Format: dd.MM.yyyy
2,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 100,00% Memory free
4,00 Gb Paging File | 4,00 Gb Available in Paging File | 100,00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092;
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74,28 Gb Total Space | 36,84 Gb Free Space | 49,59% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 931,51 Gb Total Space | 577,86 Gb Free Space | 62,04% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: EPHESUS
Current User Name: xxx xxxxx
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Output = Minimal
File Age = 30 Days
Company Name Whitelist: On
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"UpdatesDisableNotify" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile
"EnableFirewall" = 1
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"21018:TCP" = 21018:TCP:*:Enabled:BitComet 21018 TCP
"21018:UDP" = 21018:UDP:*:Enabled:BitComet 21018 UDP
"18829:TCP" = 18829:TCP:*:Enabled:BitComet 18829 TCP
"18829:UDP" = 18829:UDP:*:Enabled:BitComet 18829 UDP
"60000:TCP" = 60000:TCP:*:Enabled:BitComet 60000 TCP
"60000:UDP" = 60000:UDP:*:Enabled:BitComet 60000 UDP
"22394:TCP" = 22394:TCP:*:Enabled:BitComet 22394 TCP
"22394:UDP" = 22394:UDP:*:Enabled:BitComet 22394 UDP
"3724:TCP" = 3724:TCP:*:Enabled:Blizzard Downloader
"6112:TCP" = 6112:TCP:*:Enabled:Blizzard Downloader
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 (Microsoft Corporation)
C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call (Microsoft Corporation)
C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync (Microsoft Corporation)
C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 (Microsoft Corporation)
C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour (Apple Inc.)
C:\WINDOWS\system32\drivers\svchost.exe:*:Enabled:svchost File not found
C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook (Microsoft Corporation)
C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove (Microsoft Corporation)
C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote (Microsoft Corporation)
C:\Program Files\Nokia\Nokia Software Updater\nsu_ui_client.exe:*:Enabled:Nokia Software Updater (Nokia Corporation)
C:\Program Files\Common Files\Nokia\Service Layer\A\nsl_host_process.exe:*:Enabled:Nokia Service Layer Host Process (Nokia Corporation)
C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes (Apple Inc.)
C:\Program Files\FlashGet\flashget.exe:*:Enabled:Flashget (FlashGet.com)
C:\Program Files\SPSSInc\SPSS16\spss.exe:*:Disabled:SPSS 16.0 for Windows (1033:exe) (SPSS Inc)
C:\Program Files\SPSSInc\SPSS16\spss.com:*:Disabled:SPSS 16.0 for Windows (1033:com) (SPSS Inc)
C:\Program Files\SPSSInc\SPSS16\ExportToPowerPoint.exe:*:Disabled:SPSS PowerPoint Export Utility (1033) (SPSS Inc.)
C:\Program Files\EA GAMES\Battlefield 2\BF2.exe:*:Enabled:Battlefield 2 ()
C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call (Microsoft Corporation)
C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync (Microsoft Corporation)
C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger (Microsoft Corporation)
C:\WINDOWS\explorer.exe:*:Enabled:Explorer (Microsoft Corporation)
C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype (Skype Technologies S.A.)
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{02627ee5-eaca-4742-a9cc-e687631773e4}" = Nero ShowTime
"{03528A01-7E5E-4C5F-94DF-1D8012E969EF}" = Nokia Map Loader
"{0456ebd7-5f67-4ab6-852e-63781e3f389c}" = Macromedia Flash Player
"{04858915-9F49-4B2A-AED4-DC49A7DE6A7B}" = Battlefield 2
"{086a7d8c-0a38-4c7f-819a-620275550d5c}" = Nero Burning ROM Help
"{0AAA9C97-74D4-47CE-B089-0B147EF3553C}" = Windows Live Messenger
"{0E2B0B41-7E08-4F9F-B21F-41C4133F43B7}" = mLogView
"{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}" = Sonic DLA
"{17BD85F9-3B88-4C85-BB47-4AB8DD68F8BB}" = Nokia Software Updater
"{1c00c7c5-e615-4139-b817-7f4003de68c0}" = Nero PhotoSnap Help
"{1D14373E-7970-4F2F-A467-ACA4F0EA21E3}" = Google Earth
"{20400dbd-e6db-45b8-9b6b-1dd7033818ec}" = Nero InfoTool
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2348b586-c9ae-46ce-936c-a68e9426e214}" = Nero StartSmart Help
"{23FB368F-1399-4EAC-817C-4B83ECBE3D83}" = mProSafe
"{2A0A6470-FD0F-4F45-9B11-85F3167DB943}" = Nokia Flashing Cable Driver
"{2B7BC7C5-CE5F-373A-A1E7-37A5B909D933}" = Microsoft .NET Framework 2.0 Service Pack 2 Language Pack - TRK
"{2D21ECE3-8EC1-4315-AE4E-1970FB3AF17A}" = Nokia Nseries Video Manager
"{301BEB64-7C38-4BB5-8F94-62E6160532C8}" = Nokia Download!
"{318AB667-3230-41B5-A617-CB3BF748D371}" = iTunes
"{32343DB6-9A52-40C9-87E4-5E7C79791C87}" = MSXML 4.0 SP2 and SOAP Toolkit 3.0
"{3248F0A8-6813-11D6-A77B-00B0D0150040}" = J2SE Runtime Environment 5.0 Update 4
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java 6 Update 5
"{3248F0A8-6813-11D6-A77B-00B0D0160060}" = Java 6 Update 6
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java 6 Update 7
"{33cf58f5-48d8-4575-83d6-96f574e4d83a}" = Nero DriveSpeed
"{350C941f-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{359cfc0a-beb1-440d-95ba-cf63a86da34f}" = Nero Recode
"{368ba326-73ad-4351-84ed-3c0a7a52cc53}" = Nero Rescue Agent
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3C52E7DA-C431-4239-B66B-1BF703D5B194}" = Windows Live Photo Gallery
"{3E9D596A-61D4-4239-BD19-2DB984D2A16F}" = mIWA
"{3EB6332B-AF02-457C-A31C-835458C5B48B}" = TOSHIBA El Kitapları
"{43e39830-1826-415d-8bae-86845787b54b}" = Nero Vision
"{4497AFF6-98C4-4F49-B073-F48F42BCBF9E}" = TIPCI
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{4A460FEA-AF9C-416F-BA6E-EE239609BD1D}" = ATI Catalyst Control Center
"{4DE3E3D9-AE81-45DE-9195-3015F7B1DBF3}" = Junk Mail filter update
"{521AAD14-5030-44BB-8B0E-5CE65FCE57E0}" = InterVideo DeviceService
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{595a3116-40bb-4e0f-a2e8-d7951da56270}" = NeroExpress
"{5A41F810-D0AF-4B50-8F11-C242C76F6D24}" = Nokia Nseries PC Suite
"{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}" = Skype™ 3.8
"{5d9be3c1-8ba4-4e7e-82fd-9f74fa6815d1}" = Nero Vision
"{5e08ecd1-c98e-4711-bf65-8fd736b3f969}" = Nero RescueAgent Help
"{60c731fb-c951-41ce-ad41-8e54c8594609}" = Nero Disc Copy Gadget Help
"{621025AE-3510-478E-BC27-1A647150976F}" = SPSS 16.0 for Windows
"{62ac81f6-bdd3-4110-9d36-3e9eaab40999}" = Nero CoverDesigner
"{63C1109E-D977-49ED-BCE3-D00D0BF187D6}" = Windows Live Mail
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6A92E5C5-0578-443D-91F3-92ECE5F2CAE2}" = Windows Live Writer
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{76756402-BF1E-4A0F-AFCC-0EE6CF58F58C}" = ESET NOD32 Antivirus
"{7748ac8c-18e3-43bb-959b-088faea16fb2}" = Nero StartSmart
"{77C9FF53-426F-4974-90CB-A43DD0938313}" = Web Camera System
"{77e33d87-255e-413e-9c8d-eed2a7f9bebf}" = Nero Live Help
"{7829db6f-a066-4e40-8912-cb07887c20bb}" = Nero BurnRights
"{7EE94A24-188A-4D98-9018-37857701996E}" = Nokia Photos
"{82C0BCC7-A3ED-4AD9-9C94-6E71CAFC939E}" = Nokia NSeries Application Installer
"{83202942-84b3-4c50-8622-b8c0aa2d2885}" = Nero Express Help
"{85243696-5e58-4357-9cf8-3498c609941d}" = NeroLiveGadget Help
"{869200db-287a-4dc0-b02b-2b6787fbcd4c}" = Nero DiscSpeed
"{89A33B7F-A5C2-4F18-AD71-AC29278507B7}" = Nokia NSeries One Touch Access
"{8A25392D-C5D2-4E79-A2BD-C15DDC5B0959}" = Bonjour
"{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}" = mPfMgr
"{8C5FAD77-F678-4758-A296-C12F08D179E0}" = Microsoft IntelliPoint 6.2
"{8C6BB412-D3A8-4AAE-A01B-35B681789D68}" = mHelp
"{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}" = Choice Guard
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{3EC77D26-799B-4CD8-914F-C1565E796173}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{430971B1-C31E-45DA-81E0-72C095BAB72C}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{F7A31780-33C4-4E39-951A-5EC9B91D7BF1}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{BEE75E01-DD3F-4D5F-B96C-609E6538D419}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{FAD8A83E-9BAC-4179-9268-A35948034D85}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{FAD8A83E-9BAC-4179-9268-A35948034D85}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90870373-8351-4F73-B5C1-73A9A01BAAEA}" = Nokia NSeries Content Copier
"{90B0D222-8C21-4B35-9262-53B042F18AF9}" = mPfWiz
"{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}" = InterVideo WinDVD for TOSHIBA
"{94658027-9F16-4509-BBD7-A59FE57C3023}" = mZConfig
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9541FED0-327F-4DF0-8B96-EF57EF622F19}" = Sonic RecordNow!
"{97B21A40-E5B6-4887-9CC4-38FB416A2998}" = Nokia NSeries System Utilities
"{98a67610-a3b5-4098-a423-3708040026d3}" = "Nero SoundTrax Help
"{99A40651-0BC2-4095-8F9A-A40FAB224FEF}" = PC Connectivity Solution
"{9CC89556-3578-48DD-8408-04E66EBEF401}" = mXML
"{9e82b934-9a25-445b-b8df-8012808074ac}" = Nero PhotoSnap
"{9e9fdde6-2c26-492a-85a0-05646b3f2795}" = NeroLiveGadget
"{A1BF9950-8CDB-468E-83FA-EACFB00EA7D5}" = Windows Live Sync
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{a209525b-3377-43f4-b886-32f6b6e7356f}" = Nero WaveEditor
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A43BF6A5-D5F0-4AAA-BF41-65995063EC44}" = MSXML 6.0 Parser
"{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress
"{AC76BA86-7AD7-1055-7B44-A70000000000}" = Adobe Reader 7.0 - Turkish
"{ACFD4C9A-931B-3CAB-9F72-78FDE810F394}" = Microsoft .NET Framework 3.5 Language Pack SP1 - trk
"{ad6bc5cc-2ef0-49c4-b33d-cdc8b2c4dc80}" = Nero Recode Help
"{b1adf008-e898-4fe2-8a1f-690d9a06acaf}" = DolbyFiles
"{b2ec4a38-b545-4a00-8214-13fe0e915e6d}" = Advertising Center
"{b78120a0-cf84-4366-a393-4d0a59bc546c}" = Menu Templates - Starter Kit
"{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation
"{bd5ca0da-71ad-43da-b19e-6eee0c9adc9a}" = Nero ControlCenter
"{BDD83DC9-BEE9-4654-A5DA-CC46C250088D}" = TOSHIBA ConfigFree
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C3F19A5F-35A8-4FDB-A6ED-0F4CE398DA48}" = Nokia Connectivity Cable Driver
"{C45F4811-31D5-4786-801D-F79CD06EDD85}" = SD Güvenli Modül
"{c5a7cb6c-e76d-408f-ba0e-85605420fe9d}" = SoundTrax
"{C6CA8874-5F22-4AF0-9BE3-016BF299C536}" = Windows Live Essentials
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{cc019e3f-59d2-4486-8d4b-878105b62a71}" = Nero DiscSpeed
"{CCBAA1F7-E5E1-48B2-9ED9-A79C6A37CE78}" = Cisco Systems VPN Client 5.0.00.0340
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{ce96f5a5-584d-4f8f-aa3e-9baed413db72}" = Nero CoverDesigner Help
"{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}" = Bluetooth Stack for Windows by Toshiba
"{d025a639-b9c9-417d-8531-208859000af8}" = NeroBurningROM
"{D428D88A-3128-42F2-BC0D-B028A5A43C6F}" = Microsoft .NET Framework 1.1 Turkish Language Pack
"{d9dcf92e-72eb-412d-ac71-3b01276e5f8b}" = Nero ShowTime
"{DF3D3FFC-4404-457E-BA81-77BB7EA6FCF3}" = Mirar
"{df6a95f5-adc1-406a-bdc6-2aa7cc0182aa}" = Nero Live
"{E1674673-0F0D-3D81-B2A0-9842A986C1D6}" = Microsoft .NET Framework 3.0 Service Pack 2 Language Pack - TRK
"{e498385e-1c51-459a-b45f-1721e37aa1a0}" = Movie Templates - Starter Kit
"{e5c7d048-f9b4-4219-b323-8bdb01a2563d}" = Nero DriveSpeed
"{E81667C6-2856-46D6-ABEA-6A2F42166779}" = mCore
"{e8631efb-6b9a-426c-b1ce-e7173ca26bf8}" = Nero WaveEditor Help
"{e8a80433-302b-4ff1-815d-fcc8eac482ff}" = Nero Installer
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}" = mMHouse
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{f1861f30-3419-44db-b2a1-c274825698b3}" = Nero Disc Copy Gadget
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{f4041dce-3fe1-4e18-8a9e-9de65231ee36}" = Nero ControlCenter
"{F6090A17-0967-4A8A-B3C3-422A1B514D49}" = mDrWiFi
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"{f6bdd7c5-89ed-4569-9318-469aa9732572}" = Nero BurnRights
"{F99F9E24-EE2F-47FD-AEB0-FDB82859B5C9}" = VideoStudio
"{fbcdfd61-7dcf-4e71-9226-873ba0053139}" = Nero InfoTool
"{FCA651F3-5BDA-4DDA-9E4A-5D87D6914CC4}" = mWlsSafe
"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"CoreAVC Professional Edition" = CoreAVC Professional Edition (remove only)
"doPDF 6 printer_is1" = doPDF 6.0 printer
"Driver Checker_is1" = Driver Checker v2.7.2
"ENTERPRISE" = Microsoft Office Enterprise 2007
"ExpressBurn" = Express Burn
"FlashGet" = FlashGet 1.9.6.1073
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"jv16 PowerTools 2009_is1" = jv16 PowerTools 2009
"KLiteCodecPack_is1" = K-Lite Mega Codec Pack 4.7.5
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 Language Pack SP1 - trk" = Microsoft .NET Framework 3.5 Dil Paketi SP1 - trk
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.0.9)" = Mozilla Firefox (3.0.9)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"Nokia NSeries Application Installer" = Nokia NSeries Application Installer 6.83.11
"Nokia NSeries Content Copier" = Nokia NSeries Content Copier 6.83.11
"Nokia NSeries One Touch Access" = Nokia NSeries One Touch Access 6.83.11
"Nokia NSeries System Utilities" = Nokia NSeries System Utilities 6.83.11
"Picasa2" = Picasa 2
"PROSet" = Intel® PRO Network Connections Drivers
"Registry Fix_is1" = RegistryFix v7.0
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"The KMPlayer" = The KMPlayer (remove only)
"Titledrome_is1" = Titledrome 3.0
"VLC media player" = VLC media player 0.9.8a
"VobSub" = VobSub v2.23 (Remove Only)
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"WIC" = Windows Imaging Component
"Windows Live OneCare safety scanner" = Windows Live OneCare safety scanner
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"World of Warcraft" = World of Warcraft
"Wudf01005" = Microsoft User-Mode Driver Framework Feature Pack 1.5
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0
"XPSEPSCLP" = XML Paper Specification Shared Components Language Pack 1.0
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"5f48e2ab41c5d005" = RapidShare Manager
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 24.04.2009 04:36:20 | Computer Name = EPHESUS | Source = WinMgmt | ID = 10
Description = "SELECT * FROM __InstanceOperationEvent WHERE TargetInstance ISA 'AntiVirusProduct'
OR TargetInstance ISA 'FirewallProduct'" sorgusunu kullanan olay süzgeci, "//./ROOT/SecurityCenter"
ad boşluğunda 0x80041010 hatası nedeniyle etkinleştirilemedi. Sorun giderilinceye
kadar bu süzgeç kullanılarak olaylar alınamaz.
Error - 24.04.2009 04:36:20 | Computer Name = EPHESUS | Source = SecurityCenter | ID = 1804
Description = Windows Güvenlik Merkezi Hizmeti WMI'dan AntiVirusProduct örneklerini
yükleyemedi.
Error - 25.04.2009 10:36:32 | Computer Name = EPHESUS | Source = WinMgmt | ID = 10
Description = "SELECT * FROM __InstanceOperationEvent WHERE TargetInstance ISA 'AntiVirusProduct'
OR TargetInstance ISA 'FirewallProduct'" sorgusunu kullanan olay süzgeci, "//./ROOT/SecurityCenter"
ad boşluğunda 0x80041010 hatası nedeniyle etkinleştirilemedi. Sorun giderilinceye
kadar bu süzgeç kullanılarak olaylar alınamaz.
Error - 25.04.2009 10:36:32 | Computer Name = EPHESUS | Source = SecurityCenter | ID = 1804
Description = Windows Güvenlik Merkezi Hizmeti WMI'dan AntiVirusProduct örneklerini
yükleyemedi.
Error - 25.04.2009 10:44:05 | Computer Name = EPHESUS | Source = WinMgmt | ID = 10
Description = "SELECT * FROM __InstanceOperationEvent WHERE TargetInstance ISA 'AntiVirusProduct'
OR TargetInstance ISA 'FirewallProduct'" sorgusunu kullanan olay süzgeci, "//./ROOT/SecurityCenter"
ad boşluğunda 0x80041010 hatası nedeniyle etkinleştirilemedi. Sorun giderilinceye
kadar bu süzgeç kullanılarak olaylar alınamaz.
Error - 25.04.2009 10:44:06 | Computer Name = EPHESUS | Source = SecurityCenter | ID = 1804
Description = Windows Güvenlik Merkezi Hizmeti WMI'dan AntiVirusProduct örneklerini
yükleyemedi.
Error - 25.04.2009 11:19:46 | Computer Name = EPHESUS | Source = Application Hang | ID = 1002
Description = Askıda kalan uygulama firefox.exe, sürüm 1.9.0.3384, askı modülü hungapp,
sürüm 0.0.0.0, askıda kalma adresi 0x00000000.
Error - 25.04.2009 11:59:20 | Computer Name = EPHESUS | Source = Application Error | ID = 1000
Description = Hata uygulaması explorer.exe, sürüm 6.0.2900.5512, hata modülü qedit.dll,
sürümü 6.5.2600.5512, hata adresi 0x0006674c.
Error - 25.04.2009 12:05:35 | Computer Name = EPHESUS | Source = WinMgmt | ID = 10
Description = "SELECT * FROM __InstanceOperationEvent WHERE TargetInstance ISA 'AntiVirusProduct'
OR TargetInstance ISA 'FirewallProduct'" sorgusunu kullanan olay süzgeci, "//./ROOT/SecurityCenter"
ad boşluğunda 0x80041010 hatası nedeniyle etkinleştirilemedi. Sorun giderilinceye
kadar bu süzgeç kullanılarak olaylar alınamaz.
Error - 25.04.2009 12:05:35 | Computer Name = EPHESUS | Source = SecurityCenter | ID = 1804
Description = Windows Güvenlik Merkezi Hizmeti WMI'dan AntiVirusProduct örneklerini
yükleyemedi.
[ System Events ]
Error - 21.04.2009 17:22:15 | Computer Name = EPHESUS | Source = Service Control Manager | ID = 7026
Description = Aşağıdaki önyükleme başlatma ya da sistem başlatma sürücüsü(sürücüleri)
yüklenemedi: IntelIde
Error - 22.04.2009 03:07:26 | Computer Name = EPHESUS | Source = Service Control Manager | ID = 7023
Description = HID Input Service hizmet aşağıdaki hata ile sona erdi: %%2
Error - 22.04.2009 15:58:55 | Computer Name = EPHESUS | Source = Service Control Manager | ID = 7023
Description = HID Input Service hizmet aşağıdaki hata ile sona erdi: %%2
Error - 22.04.2009 15:58:58 | Computer Name = EPHESUS | Source = Service Control Manager | ID = 7026
Description = Aşağıdaki önyükleme başlatma ya da sistem başlatma sürücüsü(sürücüleri)
yüklenemedi: IntelIde
Error - 23.04.2009 14:00:16 | Computer Name = EPHESUS | Source = Service Control Manager | ID = 7023
Description = HID Input Service hizmet aşağıdaki hata ile sona erdi: %%2
Error - 24.04.2009 04:36:21 | Computer Name = EPHESUS | Source = Service Control Manager | ID = 7023
Description = HID Input Service hizmet aşağıdaki hata ile sona erdi: %%2
Error - 25.04.2009 10:36:32 | Computer Name = EPHESUS | Source = Service Control Manager | ID = 7023
Description = HID Input Service hizmet aşağıdaki hata ile sona erdi: %%2
Error - 25.04.2009 10:36:36 | Computer Name = EPHESUS | Source = Service Control Manager | ID = 7026
Description = Aşağıdaki önyükleme başlatma ya da sistem başlatma sürücüsü(sürücüleri)
yüklenemedi: IntelIde
Error - 25.04.2009 10:44:06 | Computer Name = EPHESUS | Source = Service Control Manager | ID = 7023
Description = HID Input Service hizmet aşağıdaki hata ile sona erdi: %%2
Error - 25.04.2009 12:05:35 | Computer Name = EPHESUS | Source = Service Control Manager | ID = 7023
Description = HID Input Service hizmet aşağıdaki hata ile sona erdi: %%2
< End of report >
Thanks very much in advance guys,
Cheers,
xxx
Edited by CatByte, 15 June 2009 - 11:01 AM.