nono Публикувано Октомври 30, 2011 Report Share Публикувано Октомври 30, 2011 Здравейте!Немога от известно време да вляза в игрите във фейсбук.Прилагам снимка с това , което ми пише!Какви може да са вариантите ? Благодаря! Цитирай Link to comment Сподели другаде More sharing options...
Гост newnickname Публикувано Октомври 30, 2011 Report Share Публикувано Октомври 30, 2011 1. Операционна система? Windows XP/Vista/7 ?????2. Какъв браузер използваш?3. Иначе, други приложения: игри, късметчета, виртуални сърчица, ала-бала, имаш ли достъп до тях?4. Можеш ли да гледаш клипчета в Youtube, Vbox7? Цитирай Link to comment Сподели другаде More sharing options...
s.feradov Публикувано Октомври 30, 2011 Report Share Публикувано Октомври 30, 2011 Проблемът съществува ли при други браузъри освен Mozilla Firefox? Проблемът предхождан ли е от някакаква специфична дейност, свързана с операционната дейност, в частност - web браузърите? Може да опитате изчистване кеша (cache) на браузъра. За да направите това в Mozilla Firefox:Стартирайте Mozilla Firefox;Меню Tools -> Options -> Advanced -> таб Network;Натиснете бутона Clear Now, намиращ се срещу подменю Offline Storage;Подобни проблеми са често срещано явление, особено, ако се отнася до игри, като FarmVille и CityVille. Цитирай Link to comment Сподели другаде More sharing options...
Гост newnickname Публикувано Октомври 30, 2011 Report Share Публикувано Октомври 30, 2011 Абе май си е вирус.Чудих се отде ми е познато питането, а то...имало такава тема Цитирай Link to comment Сподели другаде More sharing options...
s.feradov Публикувано Октомври 30, 2011 Report Share Публикувано Октомври 30, 2011 Споменатият в темата вирус, блокира влизането в самия сайт на Facebook. Проблемът на потребителя е свързан със стартиране на приложение от Facebook. Цитирай Link to comment Сподели другаде More sharing options...
Гост newnickname Публикувано Октомври 30, 2011 Report Share Публикувано Октомври 30, 2011 ...има вируси, които блокират приложения, в това число игрите във фейсбук и тяхното стартиране.Най-добре е да се скенира за зловреден код Цитирай Link to comment Сподели другаде More sharing options...
Night_Raven Публикувано Октомври 31, 2011 Report Share Публикувано Октомври 31, 2011 Сканирай с Malwarebytes' Anti-Malware. Ако тепърва инсталираш програмата, в края инсталацията ще има отметка за автоматична актуализация, не я премахвай. В противен случай обнови дефинициите й ръчно. Ако вече имаш програмата, провери дали имаш последната версия и ако нямаш, премахни твоята и инсталирай най-новата, като в края на инсталацията остави отметката за актуализация на дефинициите. Инструкции за сканиране:- стартирай програмата;- избери Perform quick scan (Бързо сканиране) и кликни бутон Scan (Сканиране);- след като приключи сканирането, ако не са открити заплахи, ще се отвори автоматично текстов файл (който можеш да затвориш) и програмата ще те уведоми, че не е открила нищо, след което можеш да кликнеш бутон OK и да я затвориш;- ако са открити заплахи, кликни бутон OK и после Show results (Покажи резултатите);- кликни бутон Remove Selected (Премахни избраните);Ако е нужен рестарт, се съгласи и рестартирай веднага. След рестарта стартирай отново програмата, иди на подпорозиорец Logs (Дневници), маркирай последния дневник, кликни бутон Open (Отвори) и му копирай съдържанието тук. Ако не е бил нужен рестарт, трябва да се появи текстов файл - копирай му съдържанието тук. Цитирай Link to comment Сподели другаде More sharing options...
ali_93_burgas Публикувано Юни 4, 2012 Report Share Публикувано Юни 4, 2012 от тази зима имам проблем с Facebook защото не ми отваряше facebook и установих че имам вируси в компютъра след което компютъра стана изключително бавен но си изтеглих програмата Malwarebytes Anti-Malware и намери вируси и аз ги изтрих ама не съм сигурен дали се получи но след като го пуснах втори път нищо не откри и така след много рестарта си изчистих компютъра но пак не можех да вляза в facebook но в мрежата открих друг facebook на имe http://www.beta.facebook.com/ което не е www.facebook.com но пак си влизах и всичко си правех освен игрите обаче срокът на програмата Malwarebytes Anti-Malware и аз се опитах да го подновя но все ми излизаха долари че трябва да си го купя и аз го оставих така тя не работеше цяла зима но компютъра нямаше проблеми до вчера когато ми изчезна и чата а без чат за какво ми е facebook.Затова хора умолявам ви ако можете помогнете и за игрите и за чата.Благодаря ви предварително! да не забравя не мога да вляза в www.facebook.com и от Google chrome и от Internet Explorer и от Mozila Firefox докато не стане по сериозно искам да го отстраня проблема за това HELP! Цитирай Link to comment Сподели другаде More sharing options...
s.feradov Публикувано Юни 4, 2012 Report Share Публикувано Юни 4, 2012 Изтеглете Malwarebytes' Anti-Malware Free.Стартирайте инсталационния файл и инсталирайте програмата.Уверете се, че са поставени отметки пред Update Malwarebytes' Anti-Malware и Launch Malwarebytes'Anti-Malware.Програмата ще изтегли и инсталира автоматично наличните обновявания.Стартирайте програмата.Изберете Perform Quick Scan-> Scan.След края на сканирането, натиснете бутон OKНатиснете бутона Show Results, за да видите резултата от сканирането.Уверете се, че има отметки на всеки ред.Натиснете бутона Remove Selected.В Notepad ще бъде отворен лог -файл. Моля, публикувайте съдържанието му в следващия Ви коментар. Забележка: MalwareBytes' Anti-Malware може да поиска да рестартира Вашата система. При подобно запитване от страна на програмата се съгласете и позволете рестартирането на системата. Изтеглете OTL Запазете файла на Вашия десктоп.Стартирайте инструмента.Уверете се, че процесът на сканиране няма да бъде прекъснат.В главния прозорец на програмата сложете отметка пред Scan All Users.В полето Standart Registry изберете All.Сложете отметки пред LOP Check и Purity Check.От падащото меню File Age изберете 90 days.Уверете се, че има отметкa пред Skip Microsoft Files.В полето Custom Scans/Fixes поставете следния текст:netsvcs msconfig safebootminimal safebootnetwork "%WinDir%\$NtUninstallKB*$." /30 C:\Program Files\Common Files\ComObjects\*.* /s %SYSTEMDRIVE%\*.* %USERPROFILE%\*.* %USERPROFILE%\Application Data\*.* %USERPROFILE%\Local Settings\Application Data\*.* %AllUsersProfile%\*.* %AllUsersProfile%\Application Data\*.* %USERPROFILE%\My Documents\*.* %CommonProgramFiles%\*.* %PROGRAMFILES%\*.* %systemroot%\system32\config\systemprofile\*.* %windir%\ServiceProfiles\LocalService\AppData\Local\Temp\*.* %windir%\ServiceProfiles\NetworkService\AppData\Local\Temp\*.* %windir%\temp*.* %windir%\system32\*. %Temp%\smtmp\1\*.* %Temp%\smtmp\2\*.* %Temp%\smtmp\3\*.* %Temp%\smtmp\4\*.* %systemroot%\system32\DBBK\*.* /s %systemroot%\system32\*.dll /lockedfiles %systemroot%\Tasks\*.job /lockedfiles %systemroot%\system32\drivers\*.sys /90 %systemroot%\system32\drivers\*.sys /lockedfiles %systemroot%\system32\Spool\prtprocs\w32x86\*.dll %systemroot%\*. /rp /s %systemroot%\assembly\tmp\*.* /S /MD5 %systemroot%\assembly\temp\*.* /S /MD5 %systemroot%\assembly\GAC_32\*.* /S /MD5 %systemroot%\assembly\GAC_MSIL\*.* /S /MD5 >C:\commands.txt echo list vol /raw /hide /c /wait >C:\DiskReport.txt diskpart /s C:\commands.txt /raw /hide /c /wait type c:\diskreport.txt /c /wait erase c:\commands.txt /hide /c /wait erase c:\diskreport.txt /hide /c /md5start smss.exe winlogon.exe services.exe lsass.exe svchost.exe explorer.exe userinit.exe atapi.sys iaStor.sys serial.sys disk.sys volsnap.sys redbook.sys i8042prt.sys afd.sys netbt.sys tcpip.sys ipsec.sys hlp.dat /md5stop Копирайте кода точно както е даден. Уверете се, че всяка от командите е на нов ред, както е в полето. Натиснете бутона Run Scan. Ще започне сканиране, което няма да продължи дълго.Когато сканирането приключи автоматично ще се отворят два Notepad лог-файла - OTL.txt и Extras.txt. Моля, прикачете тези два файла към следващия Ви коментар. Цитирай Link to comment Сподели другаде More sharing options...
ali_93_burgas Публикувано Юни 4, 2012 Report Share Публикувано Юни 4, 2012 резултати от сканирането на Malwarebytes Anti-Malware Malwarebytes Anti-Malware (Trial) 1.61.0.1400www.malwarebytes.org Database version: v2012.06.04.07 Windows XP Service Pack 3 x86 NTFSInternet Explorer 8.0.6001.18702Ali & Serkan :: SERKAN-1F3191E0 [administrator] Protection: Enabled 6/5/2012 22:25:49mbam-log-2012-06-05 (22-25-49).txt Scan type: Quick scanScan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUMScan options disabled: P2PObjects scanned: 208526Time elapsed: 12 minute(s), 50 second(s) Memory Processes Detected: 0(No malicious items detected) Memory Modules Detected: 0(No malicious items detected) Registry Keys Detected: 0(No malicious items detected) Registry Values Detected: 0(No malicious items detected) Registry Data Items Detected: 0(No malicious items detected) Folders Detected: 0(No malicious items detected) Files Detected: 1E:\Documents and Settings\Ali & Serkan\Local Settings\Temp\KMP_3.2.0.0.exe (PUP.ToolbarDownloader) -> Quarantined and deleted successfully. (end) ето и резултатите от програмата ОТL Extras.txt OTL Extras logfile created on: 6.5.2012 22:54:19 - Run 1OTL by OldTimer - Version 3.2.46.0 Folder = C:\Downloads\ПрограммыWindows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstationInternet Explorer (Version = 8.0.6001.18702)Locale: 00000402 | Country: Bulgaria | Language: BGR | Date Format: M/d/yyyy 3,00 Gb Total Physical Memory | 1,97 Gb Available Physical Memory | 65,62% Memory free4,84 Gb Paging File | 3,76 Gb Available in Paging File | 77,66% Paging File freePaging file location(s): E:\pagefile.sys 2046 4092 [binary data] %SystemDrive% = E: | %SystemRoot% = E:\WINDOWS | %ProgramFiles% = E:\Program FilesDrive C: | 146,73 Gb Total Space | 128,21 Gb Free Space | 87,38% Space Free | Partition Type: NTFSDrive E: | 319,02 Gb Total Space | 200,85 Gb Free Space | 62,96% Space Free | Partition Type: NTFS Computer Name: SERKAN-1F3191E0 | User Name: Ali & Serkan | Logged in as Administrator.Boot Mode: Normal | Scan Mode: All usersCompany Name Whitelist: Off | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 90 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>].cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%* [HKEY_USERS\S-1-5-21-1078081533-1960408961-1417001333-1003\SOFTWARE\Classes\<extension>].html [@ = ChromeHTML] -- Reg Error: Key error. File not found ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]batfile [open] -- "%1" %*cmdfile [open] -- "%1" %*comfile [open] -- "%1" %*cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*exefile [open] -- "%1" %*piffile [open] -- "%1" %*regfile [merge] -- Reg Error: Key error.scrfile [config] -- "%1"scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %lscrfile [open] -- "%1" /Stxtfile [edit] -- Reg Error: Key error.Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1Directory [AddToPlaylistVLC] -- "E:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)Directory [PlayWithVLC] -- "E:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]"FirstRunDisabled" = 1"AntiVirusDisableNotify" = 0"FirewallDisableNotify" = 0"UpdatesDisableNotify" = 0"AntiVirusOverride" = 1"FirewallOverride" = 0"DisableThumbnailCache" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall] ========== System Restore Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]"DisableSR" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]"Start" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]"Start" = 2 ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008"10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service"10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service"10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service"10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service"10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service"10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]"2706:TCP" = 2706:TCP:*:Enabled:Inhatch P2P Streaming"2707:TCP" = 2707:TCP:*:Enabled:Inhatch P2P Streaming"2708:TCP" = 2708:TCP:*:Enabled:Inhatch P2P Streaming"2709:TCP" = 2709:TCP:*:Enabled:Inhatch P2P Streaming"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008"10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service"10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service"10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service"10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service"10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service"10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service"10950:TCP" = 10950:TCP:*:Enabled:Inhatch P2P Streaming"10951:TCP" = 10951:TCP:*:Enabled:Inhatch P2P Streaming"10952:TCP" = 10952:TCP:*:Enabled:Inhatch P2P Streaming"10953:TCP" = 10953:TCP:*:Enabled:Inhatch P2P Streaming"49780:UDP" = 49780:UDP:*:Enabled:Inhatch P2P Streaming ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)"E:\Program Files\iMesh Applications\iMesh\iMesh.exe" = E:\Program Files\iMesh Applications\iMesh\iMesh.exe:*:Enabled:iMesh"E:\Program Files\Windows Live\Messenger\wlcsdk.exe" = E:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)"E:\Program Files\Windows Live\Messenger\msnmsgr.exe" = E:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger -- (Microsoft Corporation)"E:\Program Files\Windows Live\Sync\WindowsLiveSync.exe" = E:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync -- (Microsoft Corporation)"E:\Program Files\Dragon Age 2\bin_ship\DragonAge2.exe" = E:\Program Files\Dragon Age 2\bin_ship\DragonAge2.exe:*:Enabled:Dragon Age II"E:\Program Files\Dragon Age 2\DragonAge2Launcher.exe" = E:\Program Files\Dragon Age 2\DragonAge2Launcher.exe:*:Enabled:Dragon Age II Launcher [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)"C:\Games\CSSv34\hl2.exe" = C:\Games\CSSv34\hl2.exe:*:Enabled:hl2 -- ()"E:\WINDOWS\system32\PnkBstrB.exe" = E:\WINDOWS\system32\PnkBstrB.exe:*:Enabled:PnkBstrB -- ()"E:\Program Files\Counter-Strike\cstrike.exe" = E:\Program Files\Counter-Strike\cstrike.exe:*:Disabled:Half-Life Launcher"E:\Program Files\EA SPORTS\FIFA 11\Game\fifa.exe" = E:\Program Files\EA SPORTS\FIFA 11\Game\fifa.exe:*:Enabled:FIFA 11 -- (Electronic Arts)"E:\Program Files\Google\Google Earth\client\googleearth.exe" = E:\Program Files\Google\Google Earth\client\googleearth.exe:*:Enabled:Google Earth -- (Google)"E:\Program Files\Electronic Arts\SHIFT 2 UNLEASHED\shift2u.exe" = E:\Program Files\Electronic Arts\SHIFT 2 UNLEASHED\shift2u.exe:*:Enabled:SHIFT 2 UNLEASHED™ -- (Electronic Arts Inc.)"E:\Program Files\Electronic Arts\Need for Speed Hot Pursuit\Launcher.exe" = E:\Program Files\Electronic Arts\Need for Speed Hot Pursuit\Launcher.exe:*:Enabled:Need for Speed Hot Pursuit -- (Electronic Arts)"E:\Program Files\Electronic Arts\Need for Speed Hot Pursuit\NFS11.exe" = E:\Program Files\Electronic Arts\Need for Speed Hot Pursuit\NFS11.exe:*:Enabled:Need for Speed Hot Pursuit Application -- (Electronic Arts)"E:\Program Files\Windows Live\Messenger\msnmsgr.exe" = E:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger -- (Microsoft Corporation)"E:\Program Files\Windows Live\Sync\WindowsLiveSync.exe" = E:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync -- (Microsoft Corporation)"E:\Program Files\Counter-Strike\hl.exe" = E:\Program Files\Counter-Strike\hl.exe:*:Enabled:Half-Life Launcher"E:\Program Files\Electronic Arts\Crytek\Crysis 2\bin32\Crysis2.exe" = E:\Program Files\Electronic Arts\Crytek\Crysis 2\bin32\Crysis2.exe:*:Enabled:Crysis2"E:\Program Files\Counter-Strike\hlds.exe" = E:\Program Files\Counter-Strike\hlds.exe:*:Enabled:HLDS Launcher"E:\Program Files\Codemasters\F1 2011\F1_2011.exe" = E:\Program Files\Codemasters\F1 2011\F1_2011.exe:*:Enabled:F1 2011"E:\Program Files\EA SPORTS\FIFA 12\Game\fifa.exe" = E:\Program Files\EA SPORTS\FIFA 12\Game\fifa.exe:*:Enabled:FIFA 12 -- (Electronic Arts)"E:\Program Files\Windows iLivid Toolbar\Datamngr\ToolBar\dtUser.exe" = E:\Program Files\Windows iLivid Toolbar\Datamngr\ToolBar\dtUser.exe:*:Enabled:DTX broker -- (Visicom Media Inc.)"E:\Program Files\2K Sports\NBA 2K12\nba2k12.exe" = E:\Program Files\2K Sports\NBA 2K12\nba2k12.exe:*:Enabled:NBA 2K12 -- (2K Sports)"E:\Documents and Settings\Ali & Serkan\Desktop\utorrent.exe" = E:\Documents and Settings\Ali & Serkan\Desktop\utorrent.exe:*:Enabled:µTorrent"E:\Documents and Settings\Ali & Serkan\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" = E:\Documents and Settings\Ali & Serkan\Local Settings\Application Data\Google\Chrome\Application\chrome.exe:*:Enabled:Google Chrome -- (Google Inc.)"E:\Program Files\Skype\Phone\Skype.exe" = E:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype -- (Skype Technologies S.A.)"E:\Documents and Settings\All Users\Application Data\Electronic Arts\Need For Speed World\Data\nfsw.exe" = E:\Documents and Settings\All Users\Application Data\Electronic Arts\Need For Speed World\Data\nfsw.exe:*:Enabled:Need for Speed World -- (Electronic Arts)"E:\Program Files\uTorrent\uTorrent.exe" = E:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent -- (BitTorrent, Inc.)"E:\Program Files\Counter-Strike 1.6\hl.exe" = E:\Program Files\Counter-Strike 1.6\hl.exe:*:Enabled:Half-Life Launcher -- (Valve)"E:\Program Files\SoftnyxGame\WolfTeamTS\Wolfteam.bin" = E:\Program Files\SoftnyxGame\WolfTeamTS\Wolfteam.bin:*:Enabled:WolfTeam -- (Softnyx Co., Ltd.)"E:\Program Files\GameSpy Arcade\Aphex.exe" = E:\Program Files\GameSpy Arcade\Aphex.exe:*:Enabled:GameSpy Arcade -- (GameSpy Industries, Inc.)"E:\Program Files\Need for Speed 3 - Hot Pursuit\nfs3.exe" = E:\Program Files\Need for Speed 3 - Hot Pursuit\nfs3.exe:*:Enabled:Need For Speed III for Win32"E:\Program Files\Agrar Simulator 2012\iupdate.dll" = E:\Program Files\Agrar Simulator 2012\iupdate.dll:*:Enabled:Agricultural Simulator 2012"E:\Program Files\Agrar Simulator 2012\farm2012.dll" = E:\Program Files\Agrar Simulator 2012\farm2012.dll:*:Enabled:Agricultural Simulator 2012"E:\Program Files\Farming Simulator 2011\FarmingSimulator2011.exe" = E:\Program Files\Farming Simulator 2011\FarmingSimulator2011.exe:*:Enabled:Farming Simulator 2011 -- (GIANTS Software GmbH)"E:\Program Files\Farming Simulator 2011\game.exe" = E:\Program Files\Farming Simulator 2011\game.exe:*:Enabled:Farming Simulator 2011 -- (GIANTS Software GmbH) ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148"{04E9B02B-4F85-4B73-B865-27B9B8B35877}" = NBA 2K12"{06A395CE-60A6-471E-A73C-73634310EDB3}" = Windows Live Sync"{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID Sign-in Assistant"{1111706F-666A-4037-7777-210328764D10}" = JavaFX 2.1.0"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319"{19CC7A03-BDBB-4EFB-B8C9-86FD2FB95334}" = Windows Live Messenger"{1D301950-EA2F-4882-9AA0-49467756842A}" = SweetIM for Messenger 3.3"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool"{20D4A895-748C-4D88-871C-FDB1695B0169}" = Platform"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer"{26A24AE4-039D-4CA4-87B4-2F83217004FF}" = Java 7 Update 4"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform"{31874D00-F3E1-44CE-A79A-492CFBD585E8}" = Windows Live Writer"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP"{3F5C371F-8EA2-4F25-9D3D-D0B4526E3AEA}" = NVIDIA PhysX"{3FEA6CD1-EA13-4CE7-A74E-A74A4A0A7B5C}" = FIFA 11"{434D0831-3E0C-4D03-A5D4-5E1000008400}" = F1 2010"{434D0FA1-3E0C-4D03-A5D4-5E1000008100}" = F1 2011"{47E582E4-482B-47D2-B578-FE7F83F6CED4}" = Windows Live Mail"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater"{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace"{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Земя"{5F14EAD6-1FF2-4059-9AF9-82AE944DD8BF}_is1" = WolfTeam Turkiye"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin"{6CD0E03A-7E99-4FDE-9D7F-D0F457DB4192}" = Фотогалерия на Windows Live"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053"{7B2CC3DF-64FA-44AE-8F57-B0F915147E4F}_is1" = Need For Speed™ World"{7F34A21F-2DEB-4598-BB19-611D6BD24271}" = Managed DirectX (0901)"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable"{83A606F5-BF6F-42ED-9F33-B9F74297CDED}" = Need for Speed Hot Pursuit"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)"{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161"{9FD6F1A8-5550-46AF-8509-271DF0E768B5}" = Dual-Core Optimizer"{A0EB195B-5876-48E6-879D-33D4B2102610}" = SonicStage 4.3"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2"{A7631C52-DC0C-435C-8802-9FA032084D6B}" = Семейна безопасност на Windows Live"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper"{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.5"{ADE91A13-434D-4229-00BC-182BAD607303}" = Need for Speed™ Most Wanted"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call"{BBF0A67B-5DBA-452F-9D2E-6F168BC226E4}" = Need for Speed™ SHIFT"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2"{CCD663AE-610D-4BDF-AAB0-E914B044527D}" = OpenMG Secure Module 4.7.00"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1"{E6158D07-2637-4ECF-B576-37C489669174}" = Windows Live Call"{E8C37E27-5205-4C8A-BECB-B00533045AAE}" = SHIFT 2 UNLEASHED™"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.8"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard"{F2508213-9989-4E85-A078-72BE483917EF}" = Microsoft Games for Windows - LIVE Redistributable"{F2E23139-3404-4E3C-9855-7724415D62A5}" = Dragon Age II"{F8DBD826-2387-43C5-94AD-ACA7EB55F049}" = Windows Live Essentials"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin"Adobe Shockwave Player" = Adobe Shockwave Player"AIMP3" = AIMP3"avast!" = avast! Antivirus"conduitEngine" = Conduit Engine"DAEMON Tools Lite" = DAEMON Tools Lite"Download Master_is1" = Download Master 5.12.7.1307"EADM" = EA Download Manager"Electronic Arts Game Updater" = Electronic Arts Game Updater"FarmingSimulator2009EN_is1" = Farming-Simulator 2009"FarmingSimulator2011_PLATINUMEN_is1" = Farming Simulator 2011"GameSpy Arcade" = GameSpy Arcade"GFWL_{434D0831-3E0C-4D03-A5D4-5E1000008400}" = F1 2010"GFWL_{434D0FA1-3E0C-4D03-A5D4-5E1000008100}" = F1 2011"iMesh 1 MediaBar" = MediaBar"ImgBurn" = ImgBurn"Inhatch web plugins" = Inhatch web plugins"InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}" = VIA п»ї"InstallShield_{CCD663AE-610D-4BDF-AAB0-E914B044527D}" = OpenMG Secure Module 4.7.00"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware, версия 1.61.0.1400"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1"Mozilla Firefox 7.0.1 (x86 bg)" = Mozilla Firefox 7.0.1 (x86 bg)"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP"MSNINST" = MSN"nGlide" = nGlide 0.98"NVIDIA Drivers" = NVIDIA Drivers"NVIDIA nView Desktop Manager" = NVIDIA nView Desktop Manager"Ogg Vorbis Redistributable V 1.0b (vorbis1_0_pub~343AD259_is1" = Ogg Vorbis Redistributable V 1.0b (vorbis1_0_public_release)"OpenMG HotFix4.7-07-13-22-01" = OpenMG Limited Patch 4.7-07-14-05-01"PunkBusterSvc" = PunkBuster Services"SkypeLauncher" = SkypeLauncher"The KMPlayer" = The KMPlayer (remove only)"uTorrent" = µTorrent"uTorrentBar Toolbar" = uTorrentBar Toolbar"VLC media player" = VLC media player 2.0.0"Windows Media Format Runtime" = Windows Media Format 11 runtime"Windows Media Player" = Windows Media Player 11"Windows Searchqu Toolbar" = Windows iLivid Toolbar"WinLiveSuite_Wave3" = Windows Live Essentials"WinRAR archiver" = WinRAR 4.10 (32-bit)"WMFDist11" = Windows Media Format 11 runtime"wmp11" = Windows Media Player 11"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0 ========== HKEY_USERS Uninstall List ========== [HKEY_USERS\S-1-5-21-1078081533-1960408961-1417001333-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]"{DFFE2B1F-07E0-45A9-8801-CD8514CAA876}" = Prince of Persia T2T"FoxTab FLV Player" = FoxTab FLV Player"Google Chrome" = Google Chrome ========== Last 10 Event Log Errors ========== [ Antivirus Events ]Error - 5.23.2012 23:29:51 | Computer Name = SERKAN-1F3191E0 | Source = avast! | ID = 33554522Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of E:\Documents and Settings\Ali & Serkan\My Documents\Downloads\BATTLEFIELD.COMPLETE.PC.MEGAPACK\Battlefield_2142-Razor1911\rzr-2142.iso failed, 00000083. Error - 5.24.2012 00:04:07 | Computer Name = SERKAN-1F3191E0 | Source = avast! | ID = 33554522Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of E:\Documents and Settings\Ali & Serkan\My Documents\Downloads\BATTLEFIELD.COMPLETE.PC.MEGAPACK\Battlefield 2 Special Forces (PC)\Battlefield 2 Special Forces - Keygen - Crack\BFSF-MINI.mdf failed, 00000084. Error - 5.24.2012 01:11:52 | Computer Name = SERKAN-1F3191E0 | Source = avast! | ID = 33554522Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of E:\Documents and Settings\Ali & Serkan\My Documents\Downloads\BATTLEFIELD.COMPLETE.PC.MEGAPACK\Battlefield_2142-Razor1911\rzr-2142.iso failed, 00000083. Error - 5.24.2012 01:31:17 | Computer Name = SERKAN-1F3191E0 | Source = avast! | ID = 33554522Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of E:\Documents and Settings\Ali & Serkan\My Documents\Downloads\BATTLEFIELD.COMPLETE.PC.MEGAPACK\Battlefield_2142-Razor1911\rzr-2142.iso failed, 00000083. Error - 5.24.2012 15:38:08 | Computer Name = SERKAN-1F3191E0 | Source = avast! | ID = 33554522Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of E:\Documents and Settings\Ali & Serkan\My Documents\Downloads\BATTLEFIELD.COMPLETE.PC.MEGAPACK\Battlefield.Bad.Company.2-RELOADED\rld-bbc2.iso failed, 00000083. Error - 6.5.2012 01:17:39 | Computer Name = SERKAN-1F3191E0 | Source = avast! | ID = 33554522Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of E:\WINDOWS\SYSTEM32\MSCOMCTLX.dll failed, 00000005. Error - 6.5.2012 01:41:16 | Computer Name = SERKAN-1F3191E0 | Source = avast! | ID = 33554522Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of E:\WINDOWS\SYSTEM32\MSCOMCTLX.dll failed, 00000005. Error - 6.5.2012 19:39:03 | Computer Name = SERKAN-1F3191E0 | Source = avast! | ID = 33554522Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of E:\WINDOWS\SYSTEM32\MSCOMCTLX.dll failed, 00000005. Error - 6.6.2012 01:28:27 | Computer Name = SERKAN-1F3191E0 | Source = avast! | ID = 33554522Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of E:\WINDOWS\SYSTEM32\MSCOMCTLX.dll failed, 00000005. Error - 6.6.2012 02:00:59 | Computer Name = SERKAN-1F3191E0 | Source = avast! | ID = 33554522Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of E:\WINDOWS\System32\MSCOMCTLX.dll failed, 00000005. [ Application Events ]Error - 5.27.2012 14:17:12 | Computer Name = SERKAN-1F3191E0 | Source = Application Error | ID = 1000Description = Faulting application Setup.exe, version 0.0.0.0, faulting module msvcrt.dll, version 7.0.2600.5512, fault address 0x00036fa3. Error - 5.27.2012 14:17:42 | Computer Name = SERKAN-1F3191E0 | Source = Application Error | ID = 1000Description = Faulting application Setup.exe, version 0.0.0.0, faulting module msvcrt.dll, version 7.0.2600.5512, fault address 0x00036fa3. Error - 5.27.2012 14:17:43 | Computer Name = SERKAN-1F3191E0 | Source = Application Error | ID = 1000Description = Faulting application Setup.exe, version 0.0.0.0, faulting module msvcrt.dll, version 7.0.2600.5512, fault address 0x00036fa3. Error - 5.27.2012 14:17:46 | Computer Name = SERKAN-1F3191E0 | Source = Application Error | ID = 1000Description = Faulting application Setup.exe, version 0.0.0.0, faulting module msvcrt.dll, version 7.0.2600.5512, fault address 0x00036fa3. Error - 5.27.2012 14:17:48 | Computer Name = SERKAN-1F3191E0 | Source = Application Error | ID = 1000Description = Faulting application Setup.exe, version 0.0.0.0, faulting module msvcrt.dll, version 7.0.2600.5512, fault address 0x00036fa3. Error - 5.27.2012 14:17:49 | Computer Name = SERKAN-1F3191E0 | Source = Application Error | ID = 1000Description = Faulting application Setup.exe, version 0.0.0.0, faulting module msvcrt.dll, version 7.0.2600.5512, fault address 0x00036fa3. Error - 5.27.2012 14:17:50 | Computer Name = SERKAN-1F3191E0 | Source = Application Error | ID = 1000Description = Faulting application Setup.exe, version 0.0.0.0, faulting module msvcrt.dll, version 7.0.2600.5512, fault address 0x00036fa3. Error - 5.27.2012 14:20:32 | Computer Name = SERKAN-1F3191E0 | Source = .NET Runtime 2.0 Error Reporting | ID = 5000Description = EventType clr20r3, P1 crack.exe, P2 0.0.0.0, P3 4eb9c010, P4 mscorlib, P5 2.0.0.0, P6 4ef6c16f, P7 1c19, P8 2, P9 system.badimageformatexception, P10 NIL. Error - 6.5.2012 00:48:58 | Computer Name = SERKAN-1F3191E0 | Source = Application Error | ID = 1000Description = Faulting application kmplayer.exe, version 3.0.0.1439, faulting module kmplayer.exe, version 3.0.0.1439, fault address 0x000175f6. Error - 6.5.2012 00:49:45 | Computer Name = SERKAN-1F3191E0 | Source = MsiInstaller | ID = 1013Description = Product: Kaspersky Internet Security 2011 -- Attention! Some software on your computer is incompatible with Kaspersky Internet Security 2011. To proceed with the installation, remove these applications. [ System Events ]Error - 5.30.2012 08:58:43 | Computer Name = SERKAN-1F3191E0 | Source = Dhcp | ID = 1000Description = Your computer has lost the lease to its IP address 192.168.150.93 on the Network Card with network address 002511CBBE60. Error - 5.30.2012 16:25:45 | Computer Name = SERKAN-1F3191E0 | Source = Dhcp | ID = 1000Description = Your computer has lost the lease to its IP address 192.168.150.93 on the Network Card with network address 002511CBBE60. Error - 5.31.2012 01:02:32 | Computer Name = SERKAN-1F3191E0 | Source = Dhcp | ID = 1000Description = Your computer has lost the lease to its IP address 192.168.150.93 on the Network Card with network address 002511CBBE60. Error - 5.31.2012 18:56:17 | Computer Name = SERKAN-1F3191E0 | Source = Dhcp | ID = 1000Description = Your computer has lost the lease to its IP address 192.168.150.93 on the Network Card with network address 002511CBBE60. Error - 5.31.2012 18:56:24 | Computer Name = SERKAN-1F3191E0 | Source = W32Time | ID = 39452689Description = Time Provider NtpClient: An error occurred during DNS lookup of the manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 15 minutes. The error was: A socket operation was attempted to an unreachable host. (0x80072751) Error - 5.31.2012 18:56:24 | Computer Name = SERKAN-1F3191E0 | Source = W32Time | ID = 39452701Description = The time provider NtpClient is configured to acquire time from one or more time sources, however none of the sources are currently accessible. No attempt to contact a source will be made for 14 minutes. NtpClient has no source of accurate time. Error - 5.31.2012 18:56:41 | Computer Name = SERKAN-1F3191E0 | Source = W32Time | ID = 39452706Description = The time service has detected that the system time needs to be changed by -122561 seconds. The time service will not change the system time by more than -54000 seconds. Verify that your time and time zone are correct, and that the time source time.windows.com (ntp.m|0x1|192.168.150.93:123->65.55.21.15:123) is working properly. Error - 6.2.2012 01:17:12 | Computer Name = SERKAN-1F3191E0 | Source = Dhcp | ID = 1000Description = Your computer has lost the lease to its IP address 192.168.150.93 on the Network Card with network address 002511CBBE60. Error - 6.4.2012 18:10:12 | Computer Name = SERKAN-1F3191E0 | Source = Dhcp | ID = 1000Description = Your computer has lost the lease to its IP address 192.168.150.93 on the Network Card with network address 002511CBBE60. Error - 6.5.2012 23:45:32 | Computer Name = SERKAN-1F3191E0 | Source = Dhcp | ID = 1000Description = Your computer has lost the lease to its IP address 192.168.150.93 on the Network Card with network address 002511CBBE60. < End of report > резултатите от програмата OTL OTL.txt OTL logfile created on: 6.5.2012 22:54:19 - Run 1OTL by OldTimer - Version 3.2.46.0 Folder = C:\Downloads\ПрограммыWindows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstationInternet Explorer (Version = 8.0.6001.18702)Locale: 00000402 | Country: Bulgaria | Language: BGR | Date Format: M/d/yyyy 3,00 Gb Total Physical Memory | 1,97 Gb Available Physical Memory | 65,62% Memory free4,84 Gb Paging File | 3,76 Gb Available in Paging File | 77,66% Paging File freePaging file location(s): E:\pagefile.sys 2046 4092 [binary data] %SystemDrive% = E: | %SystemRoot% = E:\WINDOWS | %ProgramFiles% = E:\Program FilesDrive C: | 146,73 Gb Total Space | 128,21 Gb Free Space | 87,38% Space Free | Partition Type: NTFSDrive E: | 319,02 Gb Total Space | 200,85 Gb Free Space | 62,96% Space Free | Partition Type: NTFS Computer Name: SERKAN-1F3191E0 | User Name: Ali & Serkan | Logged in as Administrator.Boot Mode: Normal | Scan Mode: All usersCompany Name Whitelist: Off | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 90 Days ========== Processes (SafeList) ========== PRC - [2012.06.05 22:48:59 | 000,596,480 | ---- | M] (OldTimer Tools) -- E:\Documents and Settings\Ali & Serkan\Desktop\OTL 2.exePRC - [2012.06.05 22:48:59 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Downloads\Программы\OTL 2.exePRC - [2012.05.24 12:20:10 | 000,738,168 | ---- | M] (BitTorrent, Inc.) -- E:\Program Files\uTorrent\uTorrent.exePRC - [2012.05.22 18:56:51 | 001,240,088 | ---- | M] (Google Inc.) -- E:\Documents and Settings\Ali & Serkan\Local Settings\Application Data\Google\Chrome\Application\chrome.exePRC - [2012.05.16 15:45:15 | 003,906,944 | ---- | M] (SUPERAntiSpyware.com) -- E:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exePRC - [2012.05.11 16:49:08 | 004,188,224 | ---- | M] (WestByte) -- E:\Program Files\Download Master\dmaster.exePRC - [2012.04.09 11:20:30 | 003,063,968 | ---- | M] (Skype Technologies S.A.) -- E:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exePRC - [2012.04.04 18:47:32 | 000,161,664 | ---- | M] (Oracle Corporation) -- E:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exePRC - [2012.04.04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) -- E:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exePRC - [2012.04.04 15:56:38 | 000,462,408 | ---- | M] (Malwarebytes Corporation) -- E:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exePRC - [2011.08.11 16:38:07 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) -- E:\Program Files\SUPERAntiSpyware\SASCore.exePRC - [2011.01.25 05:24:44 | 001,116,080 | ---- | M] (iMesh, Inc) -- E:\Program Files\iMesh Applications\MediaBar\Datamngr\datamngrUI.exePRC - [2011.01.20 02:20:12 | 001,305,408 | ---- | M] (DT Soft Ltd) -- E:\Program Files\DAEMON Tools Lite\DTLite.exePRC - [2008.04.14 04:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) -- E:\WINDOWS\explorer.exePRC - [2006.04.27 11:47:13 | 000,102,448 | ---- | M] () -- E:\Program Files\Alwil Software\Avast4\ashDisp.exePRC - [2006.04.27 11:47:10 | 000,102,448 | ---- | M] () -- E:\Program Files\Alwil Software\Avast4\ashServ.exePRC - [2006.04.27 11:46:54 | 000,245,808 | ---- | M] (ALWIL Software) -- E:\Program Files\Alwil Software\Avast4\ashMaiSv.exePRC - [2006.04.27 11:46:48 | 000,364,592 | ---- | M] (ALWIL Software) -- E:\Program Files\Alwil Software\Avast4\ashWebSv.exePRC - [2006.04.27 11:38:54 | 000,053,248 | ---- | M] () -- E:\Program Files\Alwil Software\Avast4\aswUpdSv.exe ========== Modules (No Company Name) ========== MOD - [2012.06.05 22:43:57 | 000,052,736 | ---- | M] () -- E:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10007.dllMOD - [2012.06.05 22:43:56 | 000,065,024 | ---- | M] () -- E:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dllMOD - [2012.06.05 17:01:22 | 000,117,760 | ---- | M] () -- E:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLLMOD - [2012.06.05 17:01:22 | 000,052,224 | ---- | M] () -- E:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dllMOD - [2012.05.22 18:56:50 | 000,441,880 | ---- | M] () -- E:\Documents and Settings\Ali & Serkan\Local Settings\Application Data\Google\Chrome\Application\19.0.1084.52\ppgooglenaclpluginchrome.dllMOD - [2012.05.22 18:56:49 | 003,922,456 | ---- | M] () -- E:\Documents and Settings\Ali & Serkan\Local Settings\Application Data\Google\Chrome\Application\19.0.1084.52\pdf.dllMOD - [2012.05.22 18:55:24 | 000,134,696 | ---- | M] () -- E:\Documents and Settings\Ali & Serkan\Local Settings\Application Data\Google\Chrome\Application\19.0.1084.52\avutil-51.dllMOD - [2012.05.22 18:55:23 | 000,250,408 | ---- | M] () -- E:\Documents and Settings\Ali & Serkan\Local Settings\Application Data\Google\Chrome\Application\19.0.1084.52\avformat-54.dllMOD - [2012.05.22 18:55:21 | 002,375,720 | ---- | M] () -- E:\Documents and Settings\Ali & Serkan\Local Settings\Application Data\Google\Chrome\Application\19.0.1084.52\avcodec-54.dllMOD - [2012.05.22 18:06:23 | 008,743,584 | ---- | M] () -- E:\Documents and Settings\Ali & Serkan\Local Settings\Application Data\Google\Chrome\Application\19.0.1084.52\gcswf32.dllMOD - [2012.05.13 21:13:21 | 000,100,864 | ---- | M] () -- E:\Documents and Settings\Ali & Serkan\Local Settings\Application Data\Google\Chrome\User Data\SwiftShader\1.0.0.2\libEGL.dllMOD - [2012.05.13 21:13:20 | 004,050,944 | ---- | M] () -- E:\Documents and Settings\Ali & Serkan\Local Settings\Application Data\Google\Chrome\User Data\SwiftShader\1.0.0.2\libGLESv2.dllMOD - [2012.01.09 20:44:20 | 000,166,912 | ---- | M] () -- E:\Program Files\WinRAR\RarExt.dllMOD - [2011.11.03 08:28:36 | 001,292,288 | ---- | M] () -- E:\WINDOWS\system32\quartz.dllMOD - [2009.08.06 00:39:02 | 000,473,632 | ---- | M] () -- E:\Program Files\NVIDIA Corporation\nView\nvShell.dllMOD - [2008.06.15 18:40:48 | 000,080,384 | ---- | M] () -- E:\Program Files\Download Master\unrar.dllMOD - [2008.04.14 04:00:00 | 000,059,904 | ---- | M] () -- E:\WINDOWS\system32\devenum.dllMOD - [2008.04.14 04:00:00 | 000,014,336 | ---- | M] () -- E:\WINDOWS\system32\msdmo.dllMOD - [2006.04.27 11:47:13 | 000,102,448 | ---- | M] () -- E:\Program Files\Alwil Software\Avast4\ashDisp.exeMOD - [2006.04.27 11:47:10 | 000,102,448 | ---- | M] () -- E:\Program Files\Alwil Software\Avast4\ashServ.exeMOD - [2006.04.27 11:45:06 | 000,032,768 | ---- | M] () -- e:\Program Files\Alwil Software\Avast4\AhRuiJs.dllMOD - [2006.04.27 11:38:54 | 000,053,248 | ---- | M] () -- E:\Program Files\Alwil Software\Avast4\aswUpdSv.exeMOD - [2005.07.01 07:29:48 | 000,075,776 | ---- | M] () -- E:\Program Files\Alwil Software\Avast4\unacev2.dll ========== Win32 Services (SafeList) ========== SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ)SRV - [2012.04.09 11:20:30 | 003,063,968 | ---- | M] (Skype Technologies S.A.) [Auto | Running] -- E:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service)SRV - [2012.04.04 18:47:32 | 000,161,664 | ---- | M] (Oracle Corporation) [Auto | Running] -- E:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe -- (JavaQuickStarterService)SRV - [2012.04.04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- E:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)SRV - [2012.02.29 08:50:48 | 000,158,856 | R--- | M] (Skype Technologies) [Auto | Stopped] -- E:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)SRV - [2011.08.11 16:38:07 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- E:\Program Files\SUPERAntiSpyware\SASCore.exe -- (!SASCORE)SRV - [2008.07.29 20:16:38 | 000,132,096 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- e:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing)SRV - [2008.04.14 04:00:00 | 000,111,104 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- E:\WINDOWS\system32\netdde.exe -- (NetDDEdsdm)SRV - [2008.04.14 04:00:00 | 000,111,104 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- E:\WINDOWS\system32\netdde.exe -- (NetDDE)SRV - [2008.04.14 04:00:00 | 000,080,896 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- E:\WINDOWS\system32\wscsvc.dll -- (wscsvc)SRV - [2008.04.14 04:00:00 | 000,073,216 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- E:\WINDOWS\system32 lntsvr.exe -- (TlntSvr)SRV - [2008.04.14 04:00:00 | 000,059,904 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- E:\WINDOWS\system32\regsvc.dll -- (RemoteRegistry)SRV - [2008.04.14 04:00:00 | 000,053,248 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- E:\WINDOWS\system32\mprdim.dll -- (RemoteAccess)SRV - [2008.04.14 04:00:00 | 000,033,792 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- E:\WINDOWS\system32\msgsvc.dll -- (Messenger)SRV - [2008.04.14 04:00:00 | 000,033,280 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- E:\WINDOWS\system32\clipsrv.exe -- (ClipSrv)SRV - [2008.04.14 04:00:00 | 000,017,408 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- E:\WINDOWS\system32\alrsvc.dll -- (Alerter)SRV - [2007.02.05 10:11:18 | 000,075,320 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- E:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe -- (SSScsiSV)SRV - [2007.02.05 10:11:16 | 000,112,184 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- E:\Program Files\Common Files\Sony Shared\AVLib\SsBeSvc.exe -- (SonicStage Back-End Service)SRV - [2006.12.14 02:21:20 | 000,045,056 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- E:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe -- (MSCSPTISRV)SRV - [2006.12.14 02:02:08 | 000,069,632 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- E:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe -- (SPTISRV)SRV - [2006.12.14 01:46:16 | 000,057,344 | ---- | M] () [On_Demand | Stopped] -- E:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe -- (PACSPTISVR)SRV - [2006.04.27 11:47:10 | 000,102,448 | ---- | M] () [Auto | Running] -- E:\Program Files\Alwil Software\Avast4\ashServ.exe -- (avast! Antivirus)SRV - [2006.04.27 11:46:54 | 000,245,808 | ---- | M] (ALWIL Software) [On_Demand | Running] -- E:\Program Files\Alwil Software\Avast4\ashMaiSv.exe -- (avast! Mail Scanner)SRV - [2006.04.27 11:46:48 | 000,364,592 | ---- | M] (ALWIL Software) [On_Demand | Running] -- E:\Program Files\Alwil Software\Avast4\ashWebSv.exe -- (avast! Web Scanner)SRV - [2006.04.27 11:38:54 | 000,053,248 | ---- | M] () [Auto | Running] -- E:\Program Files\Alwil Software\Avast4\aswUpdSv.exe -- (aswUpdSv) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)DRV - File not found [Kernel | System | Stopped] -- -- (Changer)DRV - File not found [Kernel | On_Demand | Unknown] -- -- (av6ldlv3)DRV - File not found [Kernel | On_Demand | Unknown] -- -- (a8gl8n9r)DRV - [2012.04.04 15:56:40 | 000,022,344 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- E:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)DRV - [2011.07.22 09:27:02 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- E:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)DRV - [2011.07.12 14:55:22 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- E:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)DRV - [2011.06.17 09:58:10 | 000,010,872 | ---- | M] () [Kernel | On_Demand | Stopped] -- E:\Program Files\SoftnyxGame\WolfTeamTS\apf001.sys -- (apf001)DRV - [2011.01.31 16:43:44 | 000,431,672 | ---- | M] () [Kernel | Boot | Running] -- E:\WINDOWS\system32\drivers\sptd.sys -- (sptd)DRV - [2010.04.28 07:44:02 | 000,054,760 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- E:\WINDOWS\system32\drivers\fssfltr_tdi.sys -- (fssfltr)DRV - [2009.08.11 15:19:20 | 000,056,992 | R--- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- E:\WINDOWS\system32\drivers\nvhda32.sys -- (NVHDA)DRV - [2009.05.08 11:22:28 | 001,358,720 | R--- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Running] -- E:\WINDOWS\system32\drivers\viahduaa.sys -- (VIAHdAudAddService)DRV - [2008.10.16 08:14:00 | 000,030,720 | R--- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- E:\WINDOWS\system32\drivers\l251x86.sys -- (AtcL002)DRV - [2008.04.14 04:00:00 | 000,799,744 | ---- | M] (Microsoft Corp., Veritas Software) [Kernel | Disabled | Stopped] -- E:\WINDOWS\system32\drivers\dmboot.sys -- (dmboot)DRV - [2008.04.14 04:00:00 | 000,143,744 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- E:\WINDOWS\System32\drivers\fastfat.sys -- (Fastfat)DRV - [2008.04.14 04:00:00 | 000,120,192 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- E:\WINDOWS\System32\drivers\pcmcia.sys -- (Pcmcia)DRV - [2008.04.14 04:00:00 | 000,066,048 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- E:\WINDOWS\System32\drivers\udfs.sys -- (Udfs)DRV - [2008.04.14 04:00:00 | 000,013,952 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- E:\WINDOWS\System32\drivers\cbidf2k.sys -- (cbidf2k)DRV - [2008.04.14 04:00:00 | 000,012,032 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- E:\WINDOWS\system32\drivers\ws2ifsl.sys -- (WS2IFSL)DRV - [2008.04.14 04:00:00 | 000,011,648 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- E:\WINDOWS\System32\drivers\acpiec.sys -- (ACPIEC)DRV - [2008.02.14 14:12:00 | 001,389,056 | R--- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- E:\WINDOWS\system32\drivers\monfilt.sys -- (monfilt)DRV - [2007.06.29 15:47:34 | 000,034,304 | ---- | M] (AMD, Inc.) [Kernel | On_Demand | Running] -- E:\WINDOWS\system32\drivers\AmdLLD.sys -- (AmdLLD)DRV - [2006.04.27 20:44:00 | 000,087,424 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- E:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)DRV - [2006.04.27 11:44:58 | 000,016,352 | ---- | M] (ALWIL Software) [Kernel | On_Demand | Running] -- E:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr)DRV - [2006.04.27 11:44:40 | 000,036,176 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- E:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)DRV - [2006.04.27 11:43:33 | 000,024,304 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- E:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)DRV - [2005.11.03 07:40:07 | 000,063,488 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- E:\WINDOWS\system32\drivers\sfvfs02.sys -- (sfvfs02) StarForce Protection VFS Driver (version 2.x)DRV - [2005.08.10 05:44:04 | 000,050,688 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- E:\WINDOWS\system32\drivers\sfdrv01.sys -- (sfdrv01) StarForce Protection Environment Driver (version 1.x)DRV - [2005.05.16 06:20:39 | 000,006,656 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- E:\WINDOWS\system32\drivers\sfhlp02.sys -- (sfhlp02) StarForce Protection Helper Driver (version 2.x) ========== Standard Registry (All) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-onsIE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = E:\WINDOWS\system32\blank.htmIE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.toggle.com/en/index.php?rvs=googleIE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRiskIE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.kralyeri.comIE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = about:blankIE - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = http://dts.search-results.com/sr?src=ieb&appid=113&systemid=406&sr=0&q={searchTerms}IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2A59}: "URL" = http://search.imesh.com/web?src=ieb&systemid=1&q={searchTerms}IE - HKLM\..\SearchScopes\{B97F452B-91F5-43A4-B1FA-FF9C0636B31B}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-1078081533-1960408961-1417001333-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = E:\WINDOWS\system32\blank.htmIE - HKU\S-1-5-21-1078081533-1960408961-1417001333-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.toggle.com/en/index.php?rvs=googleIE - HKU\S-1-5-21-1078081533-1960408961-1417001333-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.babylon.com/?AF=100888&babsrc=HP_ss&mntrId=90518dd8000000000000002511cbbe60IE - HKU\S-1-5-21-1078081533-1960408961-1417001333-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehpIE - HKU\S-1-5-21-1078081533-1960408961-1417001333-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = bgIE - HKU\S-1-5-21-1078081533-1960408961-1417001333-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 50 07 86 0B D2 B7 CC 01 [binary data]IE - HKU\S-1-5-21-1078081533-1960408961-1417001333-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Restore = http://google.bg/IE - HKU\S-1-5-21-1078081533-1960408961-1417001333-1003\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - E:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)IE - HKU\S-1-5-21-1078081533-1960408961-1417001333-1003\..\SearchScopes,DefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}IE - HKU\S-1-5-21-1078081533-1960408961-1417001333-1003\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?FORM=IEFM1&q={searchTerms}&src={referrer:source?}IE - HKU\S-1-5-21-1078081533-1960408961-1417001333-1003\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://search.babylon.com/?q={searchTerms}&AF=100888&babsrc=SP_ss&mntrId=90518dd8000000000000002511cbbe60IE - HKU\S-1-5-21-1078081533-1960408961-1417001333-1003\..\SearchScopes\{12995981-2FD6-4BEE-9FB0-B1674E8E5E7E}: "URL" = http://websearch.4shared.com/results?q={searchTerms}IE - HKU\S-1-5-21-1078081533-1960408961-1417001333-1003\..\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}: "URL" = http://websearch.ask.com/redirect?client=ie&tb=PTV2&o=15851&src=crm&q={searchTerms}&locale=en_EU&apn_ptnrs=H3&apn_dtid=YYYYYYYYBG&apn_uid=D9186080-44B8-447C-B2BF-16EF45C046EB&apn_sauid=8A439500-0BB6-4BC6-AABD-AC6ED0FDC3B7IE - HKU\S-1-5-21-1078081533-1960408961-1417001333-1003\..\SearchScopes\{1F096B29-E9DA-4D64-8D63-936BE7762CC5}: "URL" = http://search.babylon.com/?babsrc=SP_ss&q={searchTerms}&mntrId=90518dd8000000000000002511cbbe60&tlver=1.4.19.19&affID=17161IE - HKU\S-1-5-21-1078081533-1960408961-1417001333-1003\..\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}: "URL" = http://search.yahoo.com/search?fr=chr-panda&q={searchTerms}&ei=UTF-8&type=PCAFSI1190IE - HKU\S-1-5-21-1078081533-1960408961-1417001333-1003\..\SearchScopes\{5AA2BA46-9913-4DC7-9620-69AB0FA17AE7}: "URL" = http://search.alot.com/web?q={searchTerms}IE - HKU\S-1-5-21-1078081533-1960408961-1417001333-1003\..\SearchScopes\{5F970FDE-702B-4ef9-920C-5F2848A5AF26}: "URL" = http://www.astroburn-search.com/search/web?q={searchTerms}IE - HKU\S-1-5-21-1078081533-1960408961-1417001333-1003\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = http://isearch.avg.com/search?cid={CAD969FE-23FB-46A9-842A-D739EA0B9DFE}&mid=c8709a06714b47d183a5d16c572f5793-ad1491be2ce6c122f6b66faa90e70c2decf7d34c&lang=en&ds=tt014&pr=sa&d=2012-01-14 21:20:23&v=8.0.0.34&sap=dsp&q={searchTerms}IE - HKU\S-1-5-21-1078081533-1960408961-1417001333-1003\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = http://dts.search-results.com/sr?src=ieb&appid=113&systemid=406&sr=0&q={searchTerms}IE - HKU\S-1-5-21-1078081533-1960408961-1417001333-1003\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2A59}: "URL" = http://search.imesh.com/web?src=ieb&systemid=1&q={searchTerms}IE - HKU\S-1-5-21-1078081533-1960408961-1417001333-1003\..\SearchScopes\{9D557097-8D4B-20F7-EB58-340F7AE21494}: "URL" = http://bksly.startya.com/s/?q={searchTerms}&iesrc=IE-SearchBox&site=Yahoo&cfg=2-564-0-0IE - HKU\S-1-5-21-1078081533-1960408961-1417001333-1003\..\SearchScopes\{AD22EBAF-0D18-4fc7-90CC-5EA0ABBE9EB8}: "URL" = http://www.daemon-search.com/search/web?q={searchTerms}IE - HKU\S-1-5-21-1078081533-1960408961-1417001333-1003\..\SearchScopes\{AD22EBAF-0D18-4fc7-90CC-5EA0ABBE9EB9}: "URL" = http://www.daemon-search.com/search?q={searchTerms}IE - HKU\S-1-5-21-1078081533-1960408961-1417001333-1003\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://yandex.ru/yandsearch?clid=165534&text={searchTerms}IE - HKU\S-1-5-21-1078081533-1960408961-1417001333-1003\..\SearchScopes\{B97F452B-91F5-43A4-B1FA-FF9C0636B31B}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7RNRN_bgIE - HKU\S-1-5-21-1078081533-1960408961-1417001333-1003\..\SearchScopes\Moikrug: "URL" = http://moikrug.ru/persons/?clid=165534&charset=utf-8&keywords={searchTerms}&submitted=1IE - HKU\S-1-5-21-1078081533-1960408961-1417001333-1003\..\SearchScopes\Yandex: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT1060933IE - HKU\S-1-5-21-1078081533-1960408961-1417001333-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "Search the web (Babylon)"FF - prefs.js..browser.search.defaultthis.engineName: "Freecorder Customized Web Search"FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT1060933&SearchSource=3&q={searchTerms}"FF - prefs.js..browser.search.order.1: "Search the web (Babylon)"FF - prefs.js..browser.search.selectedEngine: "Freecorder Customized Web Search"FF - prefs.js..browser.startup.homepage: "http://search.imesh.com/"FF - prefs.js..extensions.enabledItems: DTToolbar@toolbarnet.com:1.1.4.0024FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:14.0.2FF - prefs.js..extensions.enabledItems: {B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4}:2.0FF - prefs.js..extensions.enabledItems: widgetruntime@surfsecret.com:1.0FF - prefs.js..extensions.enabledItems: engine@conduit.com:3.2.5.2FF - prefs.js..extensions.enabledItems: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}:3.2.5.2FF - prefs.js..extensions.enabledItems: {038cb5c7-48ea-4af9-94e0-a1646542e62b}:3.2.5.2FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6.13FF - prefs.js..keyword.URL: "http://search.conduit.com/ResultsExt.aspx?ctid=CT1060933&SearchSource=2&q=" FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: E:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: E:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)FF - HKLM\Software\MozillaPlugins\@inhatch.com,version=0.7.5: File not foundFF - HKLM\Software\MozillaPlugins\@inhatch.com,version=0.7.61: E:\Program Files\InhatchTeam\Inhatch\npinhatch.dll (Inhatch)FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.4.1: E:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.4.1: E:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: e:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: E:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: e:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: E:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: E:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.0: E:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)FF - HKLM\Software\MozillaPlugins\Adobe Reader: E:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: E:\Documents and Settings\Ali & Serkan\Local Settings\Application Data\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: E:\Documents and Settings\Ali & Serkan\Local Settings\Application Data\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: E:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2011.02.05 00:20:02 | 000,000,000 | ---D | M]FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\widgetruntime@surfsecret.com: E:\Program Files\Panda Security\Panda ID Protect\FirefoxFF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Components: E:\Program Files\Mozilla Firefox\components [2011.10.15 20:59:34 | 000,000,000 | ---D | M]FF - HKEY_CURRENT_USER\software\mozilla\SeaMonkey\Extensions\\mozilla_cc@internetdownloadmanager.com: E:\Documents and Settings\Ali & Serkan\Application Data\IDM\idmmzcc5 [2011.01.28 14:25:36 | 000,000,000 | ---D | M] (No name found) -- E:\Documents and Settings\Ali & Serkan\Application Data\Mozilla\Extensions[2011.01.28 14:25:36 | 000,000,000 | ---D | M] (No name found) -- E:\Documents and Settings\Ali & Serkan\Application Data\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}[2012.05.26 08:41:09 | 000,000,000 | ---D | M] (No name found) -- E:\Documents and Settings\Ali & Serkan\Application Data\Mozilla\Firefox\Profiles\cibf59it.default\extensions[2012.05.26 08:40:59 | 000,000,000 | ---D | M] (ToggleEN Community Toolbar) -- E:\Documents and Settings\Ali & Serkan\Application Data\Mozilla\Firefox\Profiles\cibf59it.default\extensions\{038cb5c7-48ea-4af9-94e0-a1646542e62b}[2012.05.26 08:41:04 | 000,000,000 | ---D | M] (Freecorder Community Toolbar) -- E:\Documents and Settings\Ali & Serkan\Application Data\Mozilla\Firefox\Profiles\cibf59it.default\extensions\{1392b8d2-5c05-419f-a8f6-b9f15a596612}[2012.01.08 11:40:51 | 000,000,000 | ---D | M] (Searchqu Toolbar) -- E:\Documents and Settings\Ali & Serkan\Application Data\Mozilla\Firefox\Profiles\cibf59it.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}[2011.02.04 19:20:15 | 000,000,000 | ---D | M] (Panda Security Toolbar) -- E:\Documents and Settings\Ali & Serkan\Application Data\Mozilla\Firefox\Profiles\cibf59it.default\extensions\{B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4}[2012.05.26 08:41:09 | 000,000,000 | ---D | M] (uTorrentBar Community Toolbar) -- E:\Documents and Settings\Ali & Serkan\Application Data\Mozilla\Firefox\Profiles\cibf59it.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}[2011.12.24 16:00:18 | 000,000,000 | ---D | M] (Browser Companion Helper) -- E:\Documents and Settings\Ali & Serkan\Application Data\Mozilla\Firefox\Profiles\cibf59it.default\extensions\bbrs_002@blabbers.com[2011.10.22 22:47:13 | 000,000,000 | ---D | M] (Microsoft Choice Guard) -- E:\Documents and Settings\Ali & Serkan\Application Data\Mozilla\Firefox\Profiles\cibf59it.default\extensions\ChoiceGuard@Microsoft[2012.01.22 10:53:34 | 000,000,000 | ---D | M] (Download Master Toolbar) -- E:\Documents and Settings\Ali & Serkan\Application Data\Mozilla\Firefox\Profiles\cibf59it.default\extensions\dmbarff@westbyte.com[2012.01.22 10:53:32 | 000,000,000 | ---D | M] (Download Master Plugin) -- E:\Documents and Settings\Ali & Serkan\Application Data\Mozilla\Firefox\Profiles\cibf59it.default\extensions\dmpluginff@westbyte.com[2012.01.22 10:53:34 | 000,000,000 | ---D | M] (Download Master Remote Download) -- E:\Documents and Settings\Ali & Serkan\Application Data\Mozilla\Firefox\Profiles\cibf59it.default\extensions\dmremote@westbyte.com[2011.12.24 16:00:22 | 000,000,000 | ---D | M] (Babylon) -- E:\Documents and Settings\Ali & Serkan\Application Data\Mozilla\Firefox\Profiles\cibf59it.default\extensions\ffxtlbr@babylon.com[2012.04.20 15:30:35 | 000,000,000 | ---D | M] (Bflix extension) -- E:\Documents and Settings\Ali & Serkan\Application Data\Mozilla\Firefox\Profiles\cibf59it.default\extensions\info@thebflix.com[2012.05.26 08:40:54 | 000,000,000 | ---D | M] (Яндекс.Бар) -- E:\Documents and Settings\Ali & Serkan\Application Data\Mozilla\Firefox\Profiles\cibf59it.default\extensions\yasearch@yandex.ru[2011.02.04 23:46:53 | 000,002,071 | ---- | M] () -- E:\Documents and Settings\Ali & Serkan\Application Data\Mozilla\Firefox\Profiles\cibf59it.default\searchplugins\absearch-search.xml[2011.12.18 11:29:38 | 000,000,923 | ---- | M] () -- E:\Documents and Settings\Ali & Serkan\Application Data\Mozilla\Firefox\Profiles\cibf59it.default\searchplugins\conduit.xml[2012.01.08 11:40:47 | 000,002,519 | ---- | M] () -- E:\Documents and Settings\Ali & Serkan\Application Data\Mozilla\Firefox\Profiles\cibf59it.default\searchplugins\Search_Results.xml[2012.05.26 08:41:28 | 000,002,167 | ---- | M] () -- E:\Documents and Settings\Ali & Serkan\Application Data\Mozilla\Firefox\Profiles\cibf59it.default\searchplugins\ybqs-yandex.xml[2011.12.11 00:01:04 | 000,000,000 | ---D | M] (No name found) -- E:\Program Files\Mozilla Firefox\extensions[2012.05.25 19:25:43 | 000,000,000 | ---D | M] (Skype Click to Call) -- E:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}[2011.10.15 20:59:34 | 000,000,000 | ---D | M] (Default) -- E:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}[2011.12.24 16:09:33 | 000,061,854 | ---- | M] () (No name found) -- E:\DOCUMENTS AND SETTINGS\ALI & SERKAN\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\CIBF59IT.DEFAULT\EXTENSIONS\YTVDW@PGPORT.COM.XPI[2011.09.29 00:06:01 | 000,134,104 | ---- | M] (Mozilla Foundation) -- E:\Program Files\mozilla firefox\components\browsercomps.dll[2007.04.10 17:21:08 | 000,163,256 | ---- | M] (Microsoft Corporation) -- E:\Program Files\mozilla firefox\plugins\np-mswmp.dll[2011.09.28 18:10:32 | 000,001,083 | ---- | M] () -- E:\Program Files\mozilla firefox\searchplugins\911bg.xml[2011.09.28 17:48:01 | 000,001,394 | ---- | M] () -- E:\Program Files\mozilla firefox\searchplugins\amazondotcom.xml[2012.03.20 09:24:01 | 000,003,768 | ---- | M] () -- E:\Program Files\mozilla firefox\searchplugins\avg-secure-search.xml[2012.01.22 00:40:45 | 000,002,310 | ---- | M] () -- E:\Program Files\mozilla firefox\searchplugins\babylon.xml[2011.09.28 18:10:32 | 000,002,442 | ---- | M] () -- E:\Program Files\mozilla firefox\searchplugins\diribg.xml[2011.09.28 17:48:01 | 000,002,364 | ---- | M] () -- E:\Program Files\mozilla firefox\searchplugins\google.xml[2011.09.28 18:10:32 | 000,001,515 | ---- | M] () -- E:\Program Files\mozilla firefox\searchplugins\pe-bg.xml[2011.09.28 18:10:32 | 000,001,857 | ---- | M] () -- E:\Program Files\mozilla firefox\searchplugins\portalbgdict.xml[2012.01.08 11:40:47 | 000,002,519 | ---- | M] () -- E:\Program Files\mozilla firefox\searchplugins\Search_Results.xml[2011.09.28 18:10:32 | 000,001,220 | ---- | M] () -- E:\Program Files\mozilla firefox\searchplugins\wikipedia-bg.xml ========== Chrome ========== CHR - default_search_provider: Google (Enabled)CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewerCHR - plugin: Native Client (Enabled) = E:\Documents and Settings\Ali & Serkan\Local Settings\Application Data\Google\Chrome\Application\19.0.1084.52\ppGoogleNaClPluginChrome.dllCHR - plugin: Chrome PDF Viewer (Enabled) = E:\Documents and Settings\Ali & Serkan\Local Settings\Application Data\Google\Chrome\Application\19.0.1084.52\pdf.dllCHR - plugin: Shockwave Flash (Enabled) = E:\Documents and Settings\Ali & Serkan\Local Settings\Application Data\Google\Chrome\Application\19.0.1084.52\gcswf32.dllCHR - plugin: Shockwave Flash (Disabled) = E:\Documents and Settings\Ali & Serkan\Local Settings\Application Data\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dllCHR - plugin: Shockwave Flash (Enabled) = E:\WINDOWS\system32\Macromed\Flash\NPSWF32.dllCHR - plugin: Download Master integration plugin (Enabled) = E:\Documents and Settings\Ali & Serkan\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ehfanjejklfmnldbbclpocdbceaeemkn\1.2_0\npDownloadMasterPlugin.dllCHR - plugin: Skype Toolbars (Enabled) = E:\Documents and Settings\Ali & Serkan\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.9.0.9216_0\npSkypeChromePlugin.dllCHR - plugin: Download Master click monitoring plug-in (Enabled) = E:\Documents and Settings\Ali & Serkan\Local Settings\Application Data\Google\Chrome\Application\plugins\npdm.dllCHR - plugin: Adobe Acrobat (Disabled) = E:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dllCHR - plugin: Microsoft\u00AE DRM (Enabled) = E:\Program Files\Windows Media Player\npdrmv2.dllCHR - plugin: Microsoft\u00AE DRM (Enabled) = E:\Program Files\Windows Media Player\npwmsdrm.dllCHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = E:\Program Files\Windows Media Player\npdsplay.dllCHR - plugin: Google Update (Enabled) = E:\Documents and Settings\Ali & Serkan\Local Settings\Application Data\Google\Update\1.3.21.111\npGoogleUpdate3.dllCHR - plugin: Google Earth Plugin (Enabled) = E:\Program Files\Google\Google Earth\plugin\npgeplugin.dllCHR - plugin: VLC Web Plugin (Enabled) = E:\Program Files\VideoLAN\VLC\npvlc.dllCHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = E:\Program Files\Windows Live\Photo Gallery\NPWLPG.dllCHR - plugin: Silverlight Plug-In (Enabled) = e:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dllCHR - plugin: Windows Presentation Foundation (Enabled) = e:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dllCHR - Extension: YouTube = E:\Documents and Settings\Ali & Serkan\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\CHR - Extension: Google \u0422\u044A\u0440\u0441\u0435\u043D\u0435 = E:\Documents and Settings\Ali & Serkan\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\CHR - Extension: Download Master = E:\Documents and Settings\Ali & Serkan\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ehfanjejklfmnldbbclpocdbceaeemkn\1.2_0\CHR - Extension: Apps-O-Rama = E:\Documents and Settings\Ali & Serkan\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\klchkbnfbdenjlpfaobajgmibkdiaejo\2.3.4.2_0\CHR - Extension: Skype Click to Call = E:\Documents and Settings\Ali & Serkan\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.11.0.9874_0\CHR - Extension: Gmail = E:\Documents and Settings\Ali & Serkan\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\ O1 HOSTS File: ([2011.08.25 10:20:49 | 000,202,984 | -H-- | M]) - E:\WINDOWS\system32\drivers\etc\hostsO1 - Hosts: 127.0.0.1 localhostO1 - Hosts: 127.0.0.1 facebook.comO1 - Hosts: 127.0.0.1 www.facebook.comO1 - Hosts: 127.0.0.1 af-za.facebook.comO1 - Hosts: 127.0.0.1 az-az.facebook.comO1 - Hosts: 127.0.0.1 id-id.facebook.comO1 - Hosts: 127.0.0.1 ms-my.facebook.comO1 - Hosts: 127.0.0.1 bs-ba.facebook.comO1 - Hosts: 127.0.0.1 ca-es.facebook.comO1 - Hosts: 127.0.0.1 cs-cz.facebook.comO1 - Hosts: 127.0.0.1 cy-gb.facebook.comO1 - Hosts: 127.0.0.1 da-dk.facebook.comO1 - Hosts: 127.0.0.1 de-de.facebook.comO1 - Hosts: 127.0.0.1 et-ee.facebook.comO1 - Hosts: 127.0.0.1 en-gb.facebook.comO1 - Hosts: 127.0.0.1 es-la.facebook.comO1 - Hosts: 127.0.0.1 eo-eo.facebook.comO1 - Hosts: 127.0.0.1 eu-es.facebook.comO1 - Hosts: 127.0.0.1 tl-ph.facebook.comO1 - Hosts: 127.0.0.1 fo-fo.facebook.comO1 - Hosts: 127.0.0.1 fr-fr.facebook.comO1 - Hosts: 127.0.0.1 fy-nl.facebook.comO1 - Hosts: 127.0.0.1 ga-ie.facebook.comO1 - Hosts: 127.0.0.1 gl-es.facebook.comO1 - Hosts: 127.0.0.1 ko-kr.facebook.comO1 - Hosts: 50053 more lines...O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - E:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)O2 - BHO: (MediaBar) - {28387537-e3f9-4ed7-860c-11e69af4a8a0} - E:\Program Files\iMesh Applications\MediaBar\ToolBar\imeshdtxmltbpi.dll ()O2 - BHO: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - E:\Program Files\ConduitEngine\ConduitEngin0.dll File not foundO2 - BHO: (UrlHelper Class) - {474597C5-AB09-49d6-A4D5-2E8D7341384E} - E:\Program Files\iMesh Applications\MediaBar\Datamngr\IEBHO.dll (iMesh, Inc)O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - E:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - e:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)O2 - BHO: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - E:\Program Files\Windows iLivid Toolbar\Datamngr\ToolBar\searchqudtx.dll ()O2 - BHO: (IE 4.x-6.x BHO for Download Master) - {9961627E-4059-41B4-8E0E-A7D6B3854ADF} - E:\Program Files\Download Master\dmiehlp.dll (WestByte)O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - E:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - E:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - E:\Program Files\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll (Google Inc.)O2 - BHO: (uTorrentBar Toolbar) - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - E:\Program Files\uTorrentBar\prxtbuTo0.dll (Conduit Ltd.)O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - E:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)O3 - HKLM\..\Toolbar: (DM Bar) - {0E1230F8-EA50-42A9-983C-D22ABC2EED3C} - E:\Program Files\Download Master\dmbar.dll (WestByte Software)O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - E:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)O3 - HKLM\..\Toolbar: (MediaBar) - {28387537-e3f9-4ed7-860c-11e69af4a8a0} - E:\Program Files\iMesh Applications\MediaBar\ToolBar\imeshdtxmltbpi.dll ()O3 - HKLM\..\Toolbar: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - E:\Program Files\ConduitEngine\ConduitEngin0.dll File not foundO3 - HKLM\..\Toolbar: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - E:\Program Files\Windows iLivid Toolbar\Datamngr\ToolBar\searchqudtx.dll ()O3 - HKLM\..\Toolbar: (no name) - {B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4} - No CLSID value found.O3 - HKLM\..\Toolbar: (uTorrentBar Toolbar) - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - E:\Program Files\uTorrentBar\prxtbuTo0.dll (Conduit Ltd.)O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.O3 - HKU\S-1-5-21-1078081533-1960408961-1417001333-1003\..\Toolbar\ShellBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - E:\WINDOWS\system32\browseui.dll (Microsoft Corporation)O3 - HKU\S-1-5-21-1078081533-1960408961-1417001333-1003\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - E:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)O3 - HKU\S-1-5-21-1078081533-1960408961-1417001333-1003\..\Toolbar\WebBrowser: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - E:\Program Files\ConduitEngine\ConduitEngin0.dll File not foundO3 - HKU\S-1-5-21-1078081533-1960408961-1417001333-1003\..\Toolbar\WebBrowser: (uTorrentBar Toolbar) - {BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - E:\Program Files\uTorrentBar\prxtbuTo0.dll (Conduit Ltd.)O4 - HKLM..\Run: [Adobe ARM] E:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)O4 - HKLM..\Run: [amd_dc_opt] E:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe (AMD)O4 - HKLM..\Run: [avast!] E:\Program Files\Alwil Software\Avast4\ashDisp.exe ()O4 - HKLM..\Run: [DATAMNGR] E:\Program Files\iMesh Applications\MediaBar\Datamngr\datamngrUI.exe (iMesh, Inc)O4 - HKLM..\Run: [HDAudDeck] E:\Program Files\VIA\VIAudioi\HDADeck\HDeck.exe (VIA Technologies, Inc.)O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] E:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)O4 - HKLM..\Run: [NvCplDaemon] E:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)O4 - HKLM..\Run: [NvMediaCenter] E:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation)O4 - HKLM..\Run: [nwiz] E:\Program Files\NVIDIA Corporation\nView\nwiz.exe ()O4 - HKLM..\Run: [ROC_roc_dec12] "E:\Program Files\AVG Secure Search\ROC_roc_dec12.exe" /PROMPT /CMPID=roc_dec12 File not foundO4 - HKLM..\Run: [sunJavaUpdateSched] E:\Program Files\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)O4 - HKU\.DEFAULT..\Run: [CTFMON.EXE] E:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation)O4 - HKU\S-1-5-18..\Run: [CTFMON.EXE] E:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation)O4 - HKU\S-1-5-19..\Run: [CTFMON.EXE] E:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation)O4 - HKU\S-1-5-20..\Run: [CTFMON.EXE] E:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation)O4 - HKU\S-1-5-21-1078081533-1960408961-1417001333-1003..\Run: [CTFMON.EXE] E:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation)O4 - HKU\S-1-5-21-1078081533-1960408961-1417001333-1003..\Run: [DAEMON Tools Lite] E:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)O4 - HKU\S-1-5-21-1078081533-1960408961-1417001333-1003..\Run: [Download Master] E:\Program Files\Download Master\dmaster.exe (WestByte)O4 - HKU\S-1-5-21-1078081533-1960408961-1417001333-1003..\Run: [Google Update] E:\Documents and Settings\Ali & Serkan\Local Settings\Application Data\Google\Update\GoogleUpdate.exe (Google Inc.)O4 - HKU\S-1-5-21-1078081533-1960408961-1417001333-1003..\Run: [msnmsgr] E:\Program Files\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation)O4 - HKU\S-1-5-21-1078081533-1960408961-1417001333-1003..\Run: [skype] E:\Program Files\Skype\Phone\Skype.exe (Skype Technologies S.A.)O4 - HKU\S-1-5-21-1078081533-1960408961-1417001333-1003..\Run: [sUPERAntiSpyware] E:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)O4 - HKU\S-1-5-21-1078081533-1960408961-1417001333-1003..\Run: [swg] E:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)O4 - HKU\S-1-5-21-1078081533-1960408961-1417001333-1003..\Run: [uTorrent] E:\Program Files\uTorrent\uTorrent.exe (BitTorrent, Inc.)O4 - HKU\S-1-5-21-1078081533-1960408961-1417001333-1003..\Run: [WMPNSCFG] E:\Program Files\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)O4 - Startup: E:\Documents and Settings\Ali & Serkan\Start Menu\Programs\Startup\Ubisoft register.lnk = E:\Program Files\Ubisoft\Register\schedule.exe (Ubisoft)O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel presentO6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Low Rights presentO6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption = O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext = O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 0O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel presentO7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel presentO7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel presentO7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel presentO7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145O7 - HKU\S-1-5-21-1078081533-1960408961-1417001333-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel presentO7 - HKU\S-1-5-21-1078081533-1960408961-1417001333-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145O7 - HKU\S-1-5-21-1078081533-1960408961-1417001333-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0O8 - Extra context menu item: E&xport to Microsoft Excel - E:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation)O8 - Extra context menu item: Закачать ВСЕ при помощи Download Master - E:\Program Files\Download Master\dmieall.htm ()O8 - Extra context menu item: Закачать при помощи Download Master - E:\Program Files\Download Master\dmie.htm ()O8 - Extra context menu item: Передать на удаленную закачку DM - E:\Program Files\Download Master\remdown.htm ()O9 - Extra Button: Публикуване на това в блог - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - E:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)O9 - Extra 'Tools' menuitem : &Публикуване на това в блог в Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - E:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - E:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - E:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)O9 - Extra Button: Download Master - {8DAE90AD-4583-4977-9DD4-4360F7A45C74} - E:\Program Files\Download Master\dmaster.exe (WestByte)O9 - Extra 'Tools' menuitem : &Download Master - {8DAE90AD-4583-4977-9DD4-4360F7A45C74} - E:\Program Files\Download Master\dmaster.exe (WestByte)O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - E:\Program Files\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - E:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe File not foundO9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe File not foundO10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - E:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - E:\WINDOWS\system32\winrnr.dll (Microsoft Corporation)O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - E:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - E:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - E:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - E:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - E:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation)O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - E:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation)O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - E:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - E:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - E:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - E:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - E:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - E:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - E:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - E:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)O13 - gopher Prefix: missingO17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 84.54.128.6 84.54.128.8O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{25B8363C-FDC5-4AD4-8741-DA7068A8DA66}: DhcpNameServer = 84.54.128.6 84.54.128.8O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - E:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - E:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - E:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - E:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - E:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)O18 - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - E:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - E:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - E:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - E:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - E:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - E:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - E:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)O18 - Protocol\Handler\ipp - No CLSID value foundO18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - E:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - E:\WINDOWS\system32\itss.dll (Microsoft Corporation)O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - E:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - E:\Program Files\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - E:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - E:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - E:\WINDOWS\system32\inetcomm.dll (Microsoft Corporation)O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - E:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)O18 - Protocol\Handler\msdaipp - No CLSID value foundO18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - E:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - E:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - E:\WINDOWS\system32\itss.dll (Microsoft Corporation)O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - E:\Program Files\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - E:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - E:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - E:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - E:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)O18 - Protocol\Handler v {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - E:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - E:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)O18 - Protocol\Handler\wia {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - E:\WINDOWS\system32\wiascr.dll (Microsoft Corporation)O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - E:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - E:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - E:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - E:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - E:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - E:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)O18 - Protocol\Filter ext/webviewhtml {733AC4CB-F1A4-11d0-B951-00A0C90312E1} - E:\WINDOWS\system32\shell32.dll (Microsoft Corporation)O18 - Protocol\Filter ext/xml {807553E5-5146-11D5-A672-00B0D022E945} - E:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)O20 - AppInit_DLLs: (E:\PROGRA~1\IMESHA~1\MediaBar\Datamngr\datamngr.dll) - E:\Program Files\iMesh Applications\MediaBar\Datamngr\datamngr.dll (iMesh, Inc)O20 - AppInit_DLLs: (E:\PROGRA~1\IMESHA~1\MediaBar\Datamngr\IEBHO.dll) - E:\Program Files\iMesh Applications\MediaBar\Datamngr\IEBHO.dll (iMesh, Inc)O20 - HKLM Winlogon: Shell - (Explorer.exe) - E:\WINDOWS\explorer.exe (Microsoft Corporation)O20 - HKLM Winlogon: UserInit - (e:\windows\system32\userinit.exe) - E:\WINDOWS\system32\userinit.exe (Microsoft Corporation)O20 - HKLM Winlogon: UIHost - (logonui.exe) - E:\WINDOWS\System32\logonui.exe (Microsoft Corporation)O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - E:\WINDOWS\System32\shell32.dll (Microsoft Corporation)O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - E:\WINDOWS\System32\sysdm.cpl (Microsoft Corporation)O20 - Winlogon\Notify\!SASWinLogon: DllName - (E:\Program Files\SUPERAntiSpyware\SASWINLO.DLL) - E:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)O20 - Winlogon\Notify\crypt32chain: DllName - (crypt32.dll) - E:\WINDOWS\System32\crypt32.dll (Microsoft Corporation)O20 - Winlogon\Notify\cryptnet: DllName - (cryptnet.dll) - E:\WINDOWS\System32\cryptnet.dll (Microsoft Corporation)O20 - Winlogon\Notify\cscdll: DllName - (cscdll.dll) - E:\WINDOWS\System32\cscdll.dll (Microsoft Corporation)O20 - Winlogon\Notify\dimsntfy: DllName - (%SystemRoot%\System32\dimsntfy.dll) - E:\WINDOWS\system32\dimsntfy.dll (Microsoft Corporation)O20 - Winlogon\Notify\ScCertProp: DllName - (wlnotify.dll) - E:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)O20 - Winlogon\Notify\Schedule: DllName - (wlnotify.dll) - E:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)O20 - Winlogon\Notify\sclgntfy: DllName - (sclgntfy.dll) - E:\WINDOWS\System32\sclgntfy.dll (Microsoft Corporation)O20 - Winlogon\Notify\SensLogn: DllName - (WlNotify.dll) - E:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)O20 - Winlogon\Notify ermsrv: DllName - (wlnotify.dll) - E:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)O20 - Winlogon\Notify\WgaLogon: DllName - (WgaLogon.dll) - E:\WINDOWS\System32\WgaLogon.dll (Microsoft Corporation)O20 - Winlogon\Notify\wlballoon: DllName - (wlnotify.dll) - E:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - E:\WINDOWS\system32\shell32.dll (Microsoft Corporation)O21 - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - E:\WINDOWS\system32\shell32.dll (Microsoft Corporation)O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - E:\WINDOWS\system32\stobject.dll (Microsoft Corporation)O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - E:\WINDOWS\system32\webcheck.dll (Microsoft Corporation)O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - E:\WINDOWS\system32\WPDShServiceObj.dll (Microsoft Corporation)O22 - SharedTaskScheduler: {438755C2-A8BA-11D1-B96B-00A0C90312E1} - Browseui preloader - E:\WINDOWS\system32\browseui.dll (Microsoft Corporation)O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - E:\WINDOWS\system32\browseui.dll (Microsoft Corporation)O24 - Desktop Components:0 (Моята текуща начална страница) - About:HomeO24 - Desktop WallPaper: E:\Documents and Settings\Ali & Serkan\Local Settings\Application Data\Microsoft\Wallpaper1.bmpO24 - Desktop BackupWallPaper: E:\Documents and Settings\Ali & Serkan\Local Settings\Application Data\Microsoft\Wallpaper1.bmpO28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - E:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)O29 - HKLM SecurityProviders - (msapsspc.dll) - E:\WINDOWS\System32\msapsspc.dll (Microsoft Corporation)O29 - HKLM SecurityProviders - (schannel.dll) - E:\WINDOWS\System32\schannel.dll (Microsoft Corporation)O29 - HKLM SecurityProviders - (digest.dll) - E:\WINDOWS\System32\digest.dll (Microsoft Corporation)O29 - HKLM SecurityProviders - (msnsspc.dll) - E:\WINDOWS\System32\msnsspc.dll (Microsoft Corporation)O30 - LSA: Authentication Packages - (msv1_0) - E:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)O30 - LSA: Security Packages - (kerberos) - E:\WINDOWS\System32\kerberos.dll (Microsoft Corporation)O30 - LSA: Security Packages - (msv1_0) - E:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)O30 - LSA: Security Packages - (schannel) - E:\WINDOWS\System32\schannel.dll (Microsoft Corporation)O30 - LSA: Security Packages - (wdigest) - E:\WINDOWS\System32\wdigest.dll (Microsoft Corporation)O31 - SafeBoot: AlternateShell - cmd.exeO32 - HKLM CDRom: AutoRun - 1O32 - AutoRun File - [2011.01.08 23:26:56 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]O33 - MountPoints2\G\Shell - "" = AutoRunO33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\setup.exe /autorunO34 - HKLM BootExecute: (autocheck autochk *)O35 - HKLM\..comfile [open] -- "%1" %*O35 - HKLM\..exefile [open] -- "%1" %*O37 - HKLM\...com [@ = comfile] -- "%1" %*O37 - HKLM\...exe [@ = exefile] -- "%1" %*O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) NetSvcs: 6to4 - File not foundNetSvcs: HidServ - %SystemRoot%\System32\hidserv.dll File not foundNetSvcs: Ias - File not foundNetSvcs: Iprip - File not foundNetSvcs: Irmon - File not foundNetSvcs: NWCWorkstation - File not foundNetSvcs: Nwsapagent - File not foundNetSvcs: WmdmPmSp - File not found SafeBootMin: !SASCORE - E:\Program Files\SUPERAntiSpyware\SASCore.exe (SUPERAntiSpyware.com)SafeBootMin: Base - Driver GroupSafeBootMin: Boot Bus Extender - Driver GroupSafeBootMin: Boot file system - Driver GroupSafeBootMin: File system - Driver GroupSafeBootMin: Filter - Driver GroupSafeBootMin: PCI Configuration - Driver GroupSafeBootMin: PNP Filter - Driver GroupSafeBootMin: Primary disk - Driver GroupSafeBootMin: SCSI Class - Driver GroupSafeBootMin: sermouse.sys - DriverSafeBootMin: System Bus Extender - Driver GroupSafeBootMin: vga.sys - DriverSafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllersSafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM DriveSafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDriveSafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controllerSafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - HdcSafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - KeyboardSafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - MouseSafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA AdaptersSafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapterSafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - SystemSafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk driveSafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - VolumeSafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet: !SASCORE - E:\Program Files\SUPERAntiSpyware\SASCore.exe (SUPERAntiSpyware.com)SafeBootNet: Base - Driver GroupSafeBootNet: Boot Bus Extender - Driver GroupSafeBootNet: Boot file system - Driver GroupSafeBootNet: File system - Driver GroupSafeBootNet: Filter - Driver GroupSafeBootNet: NDIS Wrapper - Driver GroupSafeBootNet: NetBIOSGroup - Driver GroupSafeBootNet: NetDDEGroup - Driver GroupSafeBootNet: Network - Driver GroupSafeBootNet: NetworkProvider - Driver GroupSafeBootNet: PCI Configuration - Driver GroupSafeBootNet: PNP Filter - Driver GroupSafeBootNet: PNP_TDI - Driver GroupSafeBootNet: Primary disk - Driver GroupSafeBootNet: SCSI Class - Driver GroupSafeBootNet: sermouse.sys - DriverSafeBootNet: Streams Drivers - Driver GroupSafeBootNet: System Bus Extender - Driver GroupSafeBootNet: TDI - Driver GroupSafeBootNet: vga.sys - DriverSafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllersSafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM DriveSafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDriveSafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controllerSafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - HdcSafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - KeyboardSafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - MouseSafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - NetSafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClientSafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetServiceSafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTransSafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA AdaptersSafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapterSafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - SystemSafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk driveSafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - VolumeSafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices ========== Files/Folders - Created Within 90 Days ========== [2012.06.05 22:49:25 | 000,596,480 | ---- | C] (OldTimer Tools) -- E:\Documents and Settings\Ali & Serkan\Desktop\OTL 2.exe[2012.06.05 17:01:10 | 000,000,000 | ---D | C] -- E:\Documents and Settings\Ali & Serkan\Application Data\SUPERAntiSpyware.com[2012.06.05 17:00:56 | 000,000,000 | ---D | C] -- E:\Documents and Settings\All Users\Start Menu\Programs\SUPERAntiSpyware[2012.06.05 17:00:53 | 000,000,000 | ---D | C] -- E:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com[2012.06.05 17:00:53 | 000,000,000 | ---D | C] -- E:\Program Files\SUPERAntiSpyware[2012.06.04 22:14:08 | 000,000,000 | ---D | C] -- E:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware[2012.06.04 22:14:07 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- E:\WINDOWS\System32\drivers\mbam.sys[2012.06.04 22:14:07 | 000,000,000 | ---D | C] -- E:\Program Files\Malwarebytes' Anti-Malware[2012.06.04 21:49:31 | 000,000,000 | ---D | C] -- E:\Documents and Settings\Ali & Serkan\Desktop\Kaspersky 2011 skins[2012.06.04 21:49:19 | 000,000,000 | ---D | C] -- E:\Documents and Settings\Ali & Serkan\Desktop\Kaspersky activation[2012.06.04 21:49:18 | 000,000,000 | ---D | C] -- E:\Program Files\Kaspersky Lab[2012.05.31 18:16:09 | 000,000,000 | ---D | C] -- E:\Documents and Settings\Ali & Serkan\Desktop\dokumenti[2012.05.30 22:21:15 | 000,000,000 | ---D | C] -- E:\Documents and Settings\Ali & Serkan\Desktop\Неизползвани клавишни комбинации на работния плот[2012.05.30 14:40:34 | 000,000,000 | ---D | C] -- E:\Documents and Settings\Ali & Serkan\Desktop\bal snimka[2012.05.30 13:28:49 | 000,000,000 | ---D | C] -- E:\Documents and Settings\Ali & Serkan\Desktop\snimki[2012.05.27 11:22:22 | 000,000,000 | ---D | C] -- E:\Documents and Settings\All Users\Start Menu\Programs\Farming Simulator 2011[2012.05.27 11:20:43 | 000,000,000 | ---D | C] -- E:\Program Files\Farming Simulator 2011[2012.05.27 11:15:09 | 000,000,000 | ---D | C] -- E:\Documents and Settings\All Users\Start Menu\Programs\Farming-Simulator 2009[2012.05.27 11:14:41 | 000,000,000 | ---D | C] -- E:\Program Files\Farming-Simulator 2009[2012.05.26 21:40:25 | 000,000,000 | ---D | C] -- E:\Documents and Settings\Ali & Serkan\My Documents\my games[2012.05.26 21:22:34 | 000,000,000 | ---D | C] -- E:\Documents and Settings\Ali & Serkan\My Documents\TowerSim[2012.05.26 12:08:46 | 000,000,000 | ---D | C] -- E:\Documents and Settings\All Users\Start Menu\Programs\nGlide[2012.05.25 09:02:34 | 000,000,000 | ---D | C] -- E:\Documents and Settings\Ali & Serkan\Desktop\Нова папка[2012.05.24 16:29:59 | 000,000,000 | ---D | C] -- E:\Documents and Settings\Ali & Serkan\Start Menu\Programs\GameSpy Arcade[2012.05.23 18:25:05 | 000,000,000 | ---D | C] -- E:\1a321a97e172fc7b29dd2e[2012.05.22 10:35:22 | 000,000,000 | ---D | C] -- E:\Documents and Settings\Ali & Serkan\Start Menu\Programs\Counter-Strike 1.6[2012.05.22 10:32:41 | 000,000,000 | ---D | C] -- E:\Program Files\Counter-Strike 1.6[2012.05.21 19:46:10 | 000,000,000 | ---D | C] -- E:\WINDOWS\Sun[2012.05.21 12:31:48 | 000,000,000 | ---D | C] -- E:\Documents and Settings\Ali & Serkan\My Documents\Need for Speed World[2012.05.20 21:41:53 | 000,000,000 | ---D | C] -- E:\Program Files\InhatchTeam[2012.05.20 21:25:32 | 000,000,000 | ---D | C] -- E:\Documents and Settings\All Users\Start Menu\Programs\Download Master[2012.05.20 18:44:46 | 000,000,000 | ---D | C] -- E:\Documents and Settings\Ali & Serkan\Local Settings\Application Data\Sun[2012.05.20 18:30:30 | 000,000,000 | ---D | C] -- E:\Documents and Settings\Ali & Serkan\Application Data\uTorrent[2012.05.20 12:22:19 | 000,000,000 | ---D | C] -- E:\Documents and Settings\All Users\Application Data\Sun[2012.05.20 12:22:18 | 000,000,000 | ---D | C] -- E:\Program Files\Common Files\Java[2012.05.20 12:21:34 | 000,000,000 | ---D | C] -- E:\Program Files\Oracle[2012.05.20 12:21:26 | 000,000,000 | ---D | C] -- E:\Documents and Settings\Ali & Serkan\Application Data\Oracle[2012.05.20 12:21:21 | 000,772,504 | ---- | C] (Oracle Corporation) -- E:\WINDOWS\System32\npDeployJava1.dll[2012.05.20 12:21:21 | 000,687,504 | ---- | C] (Oracle Corporation) -- E:\WINDOWS\System32\deployJava1.dll[2012.05.20 12:21:21 | 000,227,720 | ---- | C] (Oracle Corporation) -- E:\WINDOWS\System32\javaws.exe[2012.05.20 12:21:21 | 000,143,872 | ---- | C] (Oracle Corporation) -- E:\WINDOWS\System32\javacpl.cpl[2012.05.20 12:21:02 | 000,174,024 | ---- | C] (Oracle Corporation) -- E:\WINDOWS\System32\javaw.exe[2012.05.20 12:21:02 | 000,174,024 | ---- | C] (Oracle Corporation) -- E:\WINDOWS\System32\java.exe[2012.05.20 12:20:49 | 000,000,000 | ---D | C] -- E:\Program Files\Java[2012.05.20 12:20:03 | 000,000,000 | ---D | C] -- E:\Documents and Settings\Ali & Serkan\Application Data\Sun[2012.05.19 19:52:40 | 000,000,000 | ---D | C] -- E:\Documents and Settings\Ali & Serkan\Application Data\Need for Speed World[2012.05.19 19:26:04 | 000,000,000 | ---D | C] -- E:\Documents and Settings\Ali & Serkan\Local Settings\Application Data\Electronic_Arts_Inc[2012.05.16 18:33:15 | 000,000,000 | ---D | C] -- E:\Program Files\Common Files\Skype[2012.05.07 10:20:23 | 000,000,000 | ---D | C] -- E:\Documents and Settings\Ali & Serkan\My Documents\Sports Interactive[2012.04.09 23:12:39 | 000,000,000 | -HSD | C] -- E:\Documents and Settings\All Users\Application Data\SecuROM[2012.04.09 23:12:26 | 000,000,000 | ---D | C] -- E:\Documents and Settings\Ali & Serkan\Local Settings\Application Data\Rockstar Games[2012.04.09 23:07:46 | 000,000,000 | ---D | C] -- E:\Documents and Settings\All Users\Start Menu\Programs\Black_Box[2012.04.08 16:35:56 | 000,000,000 | ---D | C] -- E:\Documents and Settings\All Users\Start Menu\Programs\AIMP3[2012.03.25 15:20:52 | 000,000,000 | ---D | C] -- E:\Documents and Settings\Ali & Serkan\Desktop eleviziya[2012.03.19 02:21:38 | 000,000,000 | -HSD | C] -- E:\Config.Msi[2012.03.19 02:21:32 | 000,000,000 | ---D | C] -- E:\c450f9abec7eb1b4a1a245faae[2012.03.18 21:06:15 | 000,000,000 | ---D | C] -- E:\Documents and Settings\Ali & Serkan\Application Data\vlc[2012.03.18 21:05:54 | 000,000,000 | ---D | C] -- E:\Documents and Settings\All Users\Start Menu\Programs\VideoLAN[2 E:\WINDOWS\*.tmp files -> E:\WINDOWS\*.tmp -> ][13 E:\WINDOWS\System32\*.tmp files -> E:\WINDOWS\System32\*.tmp -> ][1 E:\Documents and Settings\Ali & Serkan\*.tmp files -> E:\Documents and Settings\Ali & Serkan\*.tmp -> ] ========== Files - Modified Within 90 Days ========== [2012.06.05 22:56:01 | 000,000,998 | ---- | M] () -- E:\WINDOWS asks\GoogleUpdateTaskMachineUA.job[2012.06.05 22:56:00 | 000,000,994 | ---- | M] () -- E:\WINDOWS asks\GoogleUpdateTaskMachineCore.job[2012.06.05 22:48:59 | 000,596,480 | ---- | M] (OldTimer Tools) -- E:\Documents and Settings\Ali & Serkan\Desktop\OTL 2.exe[2012.06.05 22:43:11 | 000,248,739 | ---- | M] () -- E:\WINDOWS\System32\NvApps.xml[2012.06.05 22:42:08 | 000,002,206 | ---- | M] () -- E:\WINDOWS\System32\wpa.dbl[2012.06.05 22:41:54 | 000,000,324 | ---- | M] () -- E:\WINDOWS asks\Xjblth.job[2012.06.05 22:41:52 | 000,002,048 | --S- | M] () -- E:\WINDOWS\bootstat.dat[2012.06.05 22:18:49 | 000,000,784 | ---- | M] () -- E:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk[2012.06.05 22:09:00 | 000,001,106 | ---- | M] () -- E:\WINDOWS asks\GoogleUpdateTaskUserS-1-5-21-1078081533-1960408961-1417001333-1003UA.job[2012.06.05 22:09:00 | 000,001,054 | ---- | M] () -- E:\WINDOWS asks\GoogleUpdateTaskUserS-1-5-21-1078081533-1960408961-1417001333-1003Core.job[2012.06.05 17:25:02 | 000,001,110 | ---- | M] () -- E:\Documents and Settings\Ali & Serkan\Start Menu\Programs\Startup\Ubisoft register.lnk[2012.06.05 17:01:13 | 000,000,524 | ---- | M] () -- E:\WINDOWS asks\SUPERAntiSpyware Scheduled Task bcf94961-53ca-4ab6-ab60-bdafc19d02e0.job[2012.06.05 17:01:12 | 000,000,524 | ---- | M] () -- E:\WINDOWS asks\SUPERAntiSpyware Scheduled Task 6509104d-4e3f-403e-8362-bbb1e05f2e9e.job[2012.06.05 17:00:57 | 000,001,678 | ---- | M] () -- E:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Professional.lnk[2012.06.04 21:49:17 | 000,000,847 | ---- | M] () -- E:\Documents and Settings\Ali & Serkan\Desktop\Kaspersky Internet Security 2011.lnk[2012.06.04 21:48:53 | 000,077,824 | ---- | M] () -- E:\Documents and Settings\Ali & Serkan\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini[2012.06.03 09:01:09 | 000,000,664 | ---- | M] () -- E:\WINDOWS\System32\d3d9caps.dat[2012.05.26 12:08:46 | 000,048,547 | ---- | M] () -- E:\WINDOWS\System32\nglide_uninst.exe[2012.05.25 14:13:23 | 000,002,337 | ---- | M] () -- E:\Documents and Settings\Ali & Serkan\Desktop\Google Chrome.lnk[2012.05.25 14:13:23 | 000,002,315 | ---- | M] () -- E:\Documents and Settings\Ali & Serkan\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk[2012.05.24 16:30:00 | 000,000,701 | ---- | M] () -- E:\Documents and Settings\Ali & Serkan\Application Data\Microsoft\Internet Explorer\Quick Launch\GameSpy Arcade.lnk[2012.05.24 12:20:10 | 000,000,648 | ---- | M] () -- E:\Documents and Settings\Ali & Serkan\Application Data\Microsoft\Internet Explorer\Quick Launch\µTorrent.lnk[2012.05.24 12:20:10 | 000,000,630 | ---- | M] () -- E:\Documents and Settings\All Users\Desktop\µTorrent.lnk[2012.05.22 12:55:37 | 000,001,753 | ---- | M] () -- E:\Documents and Settings\Ali & Serkan\Desktop\WolfTeam Turkiye.lnk[2012.05.22 10:35:22 | 000,001,646 | ---- | M] () -- E:\Documents and Settings\Ali & Serkan\Desktop\Counter-Strike 1.6.lnk[2012.05.20 12:20:52 | 000,174,024 | ---- | M] (Oracle Corporation) -- E:\WINDOWS\System32\javaw.exe[2012.05.20 12:20:52 | 000,174,024 | ---- | M] (Oracle Corporation) -- E:\WINDOWS\System32\java.exe[2012.05.20 07:00:05 | 000,966,554 | ---- | M] () -- E:\WINDOWS\System32\perfh009.dat[2012.05.20 07:00:05 | 000,329,554 | ---- | M] () -- E:\WINDOWS\System32\perfc009.dat[2012.05.19 19:25:50 | 000,001,876 | ---- | M] () -- E:\Documents and Settings\Ali & Serkan\Application Data\Microsoft\Internet Explorer\Quick Launch\Need For Speed World.lnk[2012.05.19 19:25:50 | 000,001,858 | ---- | M] () -- E:\Documents and Settings\All Users\Desktop\Need For Speed World.lnk[2012.05.16 18:30:33 | 000,118,152 | ---- | M] () -- E:\WINDOWS\System32\FNTCACHE.DAT[2012.05.16 18:15:35 | 000,001,374 | ---- | M] () -- E:\WINDOWS\imsins.BAK[2012.04.09 23:07:46 | 000,001,936 | ---- | M] () -- E:\Documents and Settings\Ali & Serkan\Application Data\Microsoft\Internet Explorer\Quick Launch\Grand Theft Auto IV.lnk[2012.04.09 23:07:46 | 000,001,826 | ---- | M] () -- E:\Documents and Settings\Ali & Serkan\Application Data\Microsoft\Internet Explorer\Quick Launch\EFLC.lnk[2012.04.09 12:01:07 | 000,143,360 | RHS- | M] () -- E:\WINDOWS\System32\MSCOMCTLX.dll[2012.04.08 16:35:56 | 000,000,592 | ---- | M] () -- E:\Documents and Settings\Ali & Serkan\Desktop\AIMP3.lnk[2012.04.08 16:21:00 | 000,000,406 | RHS- | M] () -- E:\Documents and Settings\All Users\ntuser.pol[2012.04.04 18:47:36 | 000,143,872 | ---- | M] (Oracle Corporation) -- E:\WINDOWS\System32\javacpl.cpl[2012.04.04 18:47:24 | 000,227,720 | ---- | M] (Oracle Corporation) -- E:\WINDOWS\System32\javaws.exe[2012.04.04 18:47:08 | 000,772,504 | ---- | M] (Oracle Corporation) -- E:\WINDOWS\System32\npDeployJava1.dll[2012.04.04 18:47:02 | 000,687,504 | ---- | M] (Oracle Corporation) -- E:\WINDOWS\System32\deployJava1.dll[2012.04.04 15:56:40 | 000,022,344 | ---- | M] (Malwarebytes Corporation) -- E:\WINDOWS\System32\drivers\mbam.sys[2012.03.18 21:05:54 | 000,000,719 | ---- | M] () -- E:\Documents and Settings\Ali & Serkan\Desktop\VLC media player.lnk[2 E:\WINDOWS\*.tmp files -> E:\WINDOWS\*.tmp -> ][13 E:\WINDOWS\System32\*.tmp files -> E:\WINDOWS\System32\*.tmp -> ][1 E:\Documents and Settings\Ali & Serkan\*.tmp files -> E:\Documents and Settings\Ali & Serkan\*.tmp -> ] ========== Files Created - No Company Name ========== [2012.06.05 17:25:02 | 000,001,110 | ---- | C] () -- E:\Documents and Settings\Ali & Serkan\Start Menu\Programs\Startup\Ubisoft register.lnk[2012.06.05 17:01:12 | 000,000,524 | ---- | C] () -- E:\WINDOWS asks\SUPERAntiSpyware Scheduled Task bcf94961-53ca-4ab6-ab60-bdafc19d02e0.job[2012.06.05 17:01:12 | 000,000,524 | ---- | C] () -- E:\WINDOWS asks\SUPERAntiSpyware Scheduled Task 6509104d-4e3f-403e-8362-bbb1e05f2e9e.job[2012.06.05 17:00:57 | 000,001,678 | ---- | C] () -- E:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Professional.lnk[2012.06.04 22:14:08 | 000,000,784 | ---- | C] () -- E:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk[2012.06.04 21:49:17 | 000,000,847 | ---- | C] () -- E:\Documents and Settings\Ali & Serkan\Desktop\Kaspersky Internet Security 2011.lnk[2012.05.26 12:08:46 | 000,048,547 | ---- | C] () -- E:\WINDOWS\System32\nglide_uninst.exe[2012.05.24 16:30:00 | 000,000,701 | ---- | C] () -- E:\Documents and Settings\Ali & Serkan\Application Data\Microsoft\Internet Explorer\Quick Launch\GameSpy Arcade.lnk[2012.05.22 12:55:37 | 000,001,753 | ---- | C] () -- E:\Documents and Settings\Ali & Serkan\Desktop\WolfTeam Turkiye.lnk[2012.05.22 10:35:22 | 000,001,646 | ---- | C] () -- E:\Documents and Settings\Ali & Serkan\Desktop\Counter-Strike 1.6.lnk[2012.05.20 18:31:20 | 000,000,648 | ---- | C] () -- E:\Documents and Settings\Ali & Serkan\Application Data\Microsoft\Internet Explorer\Quick Launch\µTorrent.lnk[2012.05.20 18:31:20 | 000,000,630 | ---- | C] () -- E:\Documents and Settings\All Users\Desktop\µTorrent.lnk[2012.05.19 19:25:50 | 000,001,876 | ---- | C] () -- E:\Documents and Settings\Ali & Serkan\Application Data\Microsoft\Internet Explorer\Quick Launch\Need For Speed World.lnk[2012.05.19 19:25:50 | 000,001,858 | ---- | C] () -- E:\Documents and Settings\All Users\Desktop\Need For Speed World.lnk[2012.05.08 22:10:39 | 000,000,664 | ---- | C] () -- E:\WINDOWS\System32\d3d9caps.dat[2012.04.09 23:07:46 | 000,001,936 | ---- | C] () -- E:\Documents and Settings\Ali & Serkan\Application Data\Microsoft\Internet Explorer\Quick Launch\Grand Theft Auto IV.lnk[2012.04.09 23:07:46 | 000,001,826 | ---- | C] () -- E:\Documents and Settings\Ali & Serkan\Application Data\Microsoft\Internet Explorer\Quick Launch\EFLC.lnk[2012.04.09 12:01:07 | 000,143,360 | RHS- | C] () -- E:\WINDOWS\System32\MSCOMCTLX.dll[2012.04.09 12:01:07 | 000,000,324 | ---- | C] () -- E:\WINDOWS asks\Xjblth.job[2012.04.08 16:31:49 | 000,000,592 | ---- | C] () -- E:\Documents and Settings\Ali & Serkan\Desktop\AIMP3.lnk[2012.04.08 07:55:59 | 000,819,200 | -HS- | C] () -- E:\WINDOWS\System32\xvidcore.dll[2012.04.08 07:55:59 | 000,180,224 | -HS- | C] () -- E:\WINDOWS\System32\xvidvfw.dll[2012.03.18 23:14:15 | 000,003,072 | ---- | C] () -- E:\WINDOWS\System32\iacenc.dll[2012.03.18 23:14:15 | 000,003,072 | ---- | C] () -- E:\WINDOWS\System32\dllcache\iacenc.dll[2012.03.18 21:05:54 | 000,000,719 | ---- | C] () -- E:\Documents and Settings\Ali & Serkan\Desktop\VLC media player.lnk[2012.01.04 20:26:49 | 000,069,632 | R--- | C] () -- E:\WINDOWS\System32\xmltok.dll[2012.01.04 20:26:49 | 000,036,864 | R--- | C] () -- E:\WINDOWS\System32\xmlparse.dll[2011.12.31 17:22:57 | 000,010,240 | ---- | C] () -- E:\WINDOWS\System32\vidx16.dll[2011.12.11 00:05:08 | 000,597,504 | ---- | C] () -- E:\WINDOWS\System32\aswBoot.exe[2011.11.19 10:17:26 | 001,290,240 | ---- | C] () -- E:\WINDOWS\System32\glide3x.dll[2011.11.04 10:40:28 | 000,053,248 | ---- | C] () -- E:\WINDOWS\System32\nglide_config.exe[2011.08.31 13:00:03 | 000,054,016 | ---- | C] () -- E:\WINDOWS\System32\drivers\qntrvlti.sys[2011.08.29 16:11:20 | 000,000,181 | ---- | C] () -- E:\WINDOWS\wininit.ini[2011.08.27 22:16:15 | 000,012,920 | ---- | C] () -- E:\WINDOWS\System32\apl001.sys[2011.08.27 22:16:15 | 000,010,872 | ---- | C] () -- E:\WINDOWS\System32\apf001.sys[2011.08.22 14:40:13 | 000,246,272 | ---- | C] () -- E:\WINDOWS\unrar.exe[2011.08.22 14:35:05 | 000,000,000 | ---- | C] () -- E:\WINDOWS\loader2.exe_ok[2011.08.18 21:48:58 | 000,532,480 | ---- | C] () -- E:\WINDOWS\System32\CddbPlaylist2Sony.dll[2011.04.29 19:22:41 | 000,000,572 | ---- | C] () -- E:\WINDOWS\eReg.dat[2011.04.09 19:55:28 | 000,179,261 | ---- | C] () -- E:\WINDOWS\System32\xlive.dll.cat[2011.02.09 17:42:11 | 000,138,056 | ---- | C] () -- E:\WINDOWS\System32\drivers\PnkBstrK.sys[2011.02.09 17:42:10 | 000,138,056 | ---- | C] () -- E:\Documents and Settings\Ali & Serkan\Application Data\PnkBstrK.sys[2011.02.09 17:41:53 | 000,189,248 | ---- | C] () -- E:\WINDOWS\System32\PnkBstrB.exe[2011.02.09 17:41:52 | 000,075,064 | ---- | C] () -- E:\WINDOWS\System32\PnkBstrA.exe[2011.02.09 17:41:51 | 002,434,856 | ---- | C] () -- E:\WINDOWS\System32\pbsvc_bc2.exe[2011.02.02 23:00:24 | 000,307,200 | ---- | C] () -- E:\WINDOWS\System32\HCPSTool.dll[2011.02.02 23:00:24 | 000,086,016 | ---- | C] () -- E:\WINDOWS\System32\HCPS98Tool.dll[2011.02.01 22:54:43 | 000,000,056 | -H-- | C] () -- E:\WINDOWS\System32\ezsidmv.dat[2011.01.31 17:33:39 | 000,354,816 | ---- | C] () -- E:\WINDOWS\System32\psisdecd.dll[2011.01.31 17:07:15 | 000,004,096 | ---- | C] () -- E:\WINDOWS\d3dx.dat[2011.01.28 14:25:36 | 000,000,000 | ---- | C] () -- E:\WINDOWS\nsreg.dat[2011.01.09 00:16:18 | 000,000,376 | ---- | C] () -- E:\WINDOWS\ODBC.INI[2011.01.09 00:04:46 | 000,077,824 | ---- | C] () -- E:\Documents and Settings\Ali & Serkan\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini[2011.01.08 23:50:24 | 000,000,552 | ---- | C] () -- E:\WINDOWS\System32\d3d8caps.dat[2011.01.08 23:30:18 | 000,002,048 | --S- | C] () -- E:\WINDOWS\bootstat.dat[2011.01.08 23:24:21 | 000,021,640 | ---- | C] () -- E:\WINDOWS\System32\emptyregdb.dat[2011.01.08 15:16:57 | 000,004,161 | ---- | C] () -- E:\WINDOWS\ODBCINST.INI[2011.01.08 15:15:51 | 000,118,152 | ---- | C] () -- E:\WINDOWS\System32\FNTCACHE.DAT ========== LOP Check ========== [2012.01.16 13:57:32 | 000,000,000 | ---D | M] -- E:\Documents and Settings\Ali & Serkan\Application Data\2K Sports[2012.06.05 20:46:01 | 000,000,000 | ---D | M] -- E:\Documents and Settings\Ali & Serkan\Application Data\AIMP3[2011.01.26 20:39:55 | 000,000,000 | ---D | M] -- E:\Documents and Settings\Ali & Serkan\Application Data\Auslogics[2011.12.24 16:00:14 | 000,000,000 | ---D | M] -- E:\Documents and Settings\Ali & Serkan\Application Data\Babylon[2011.08.04 21:05:57 | 000,000,000 | ---D | M] -- E:\Documents and Settings\Ali & Serkan\Application Data\Capcom[2011.01.31 14:21:37 | 000,000,000 | ---D | M] -- E:\Documents and Settings\Ali & Serkan\Application Data\DAEMON Tools[2011.01.31 17:22:31 | 000,000,000 | ---D | M] -- E:\Documents and Settings\Ali & Serkan\Application Data\DAEMON Tools Lite[2011.01.31 14:16:12 | 000,000,000 | ---D | M] -- E:\Documents and Settings\Ali & Serkan\Application Data\DAEMON Tools Pro[2011.12.21 13:38:56 | 000,000,000 | ---D | M] -- E:\Documents and Settings\Ali & Serkan\Application Data\DMCache[2011.12.26 01:10:01 | 000,000,000 | ---D | M] -- E:\Documents and Settings\Ali & Serkan\Application Data\Download Master[2011.12.03 17:02:36 | 000,000,000 | ---D | M] -- E:\Documents and Settings\Ali & Serkan\Application Data\eType[2011.01.31 18:02:36 | 000,000,000 | ---D | M] -- E:\Documents and Settings\Ali & Serkan\Application Data\FarmingSimulator2008[2011.02.14 04:10:53 | 000,000,000 | ---D | M] -- E:\Documents and Settings\Ali & Serkan\Application Data\Fighters[2011.01.31 12:40:28 | 000,000,000 | ---D | M] -- E:\Documents and Settings\Ali & Serkan\Application Data\GetRightToGo[2012.01.03 12:17:54 | 000,000,000 | ---D | M] -- E:\Documents and Settings\Ali & Serkan\Application Data\go[2011.02.18 19:45:09 | 000,000,000 | ---D | M] -- E:\Documents and Settings\Ali & Serkan\Application Data\Groove Games[2011.12.26 00:53:25 | 000,000,000 | ---D | M] -- E:\Documents and Settings\Ali & Serkan\Application Data\IDM[2011.02.06 05:38:35 | 000,000,000 | ---D | M] -- E:\Documents and Settings\Ali & Serkan\Application Data\imeshbandmltbpi[2012.02.09 20:16:49 | 000,000,000 | ---D | M] -- E:\Documents and Settings\Ali & Serkan\Application Data\ImgBurn[2011.02.21 04:21:36 | 000,000,000 | ---D | M] -- E:\Documents and Settings\Ali & Serkan\Application Data\Leadertech[2011.02.07 14:12:11 | 000,000,000 | ---D | M] -- E:\Documents and Settings\Ali & Serkan\Application Data\mediabarim[2011.02.06 09:55:00 | 000,000,000 | ---D | M] -- E:\Documents and Settings\Ali & Serkan\Application Data\MSNInstaller[2012.05.19 19:52:40 | 000,000,000 | ---D | M] -- E:\Documents and Settings\Ali & Serkan\Application Data\Need for Speed World[2011.08.20 16:15:34 | 000,000,000 | ---D | M] -- E:\Documents and Settings\Ali & Serkan\Application Data\OpenCandy[2011.12.26 00:59:12 | 000,000,000 | ---D | M] -- E:\Documents and Settings\Ali & Serkan\Application Data\Opera[2012.05.20 12:21:26 | 000,000,000 | ---D | M] -- E:\Documents and Settings\Ali & Serkan\Application Data\Oracle[2011.01.09 00:23:26 | 000,000,000 | ---D | M] -- E:\Documents and Settings\Ali & Serkan\Application Data\Panda Security[2011.02.04 19:21:38 | 000,000,000 | ---D | M] -- E:\Documents and Settings\Ali & Serkan\Application Data\pandasecuritytb[2011.08.22 20:24:49 | 000,000,000 | ---D | M] -- E:\Documents and Settings\Ali & Serkan\Application Data\PriceGong[2012.01.22 10:53:38 | 000,000,000 | ---D | M] -- E:\Documents and Settings\Ali & Serkan\Application Data\searchquband[2012.02.12 13:00:34 | 000,000,000 | ---D | M] -- E:\Documents and Settings\Ali & Serkan\Application Data\searchqutoolbar[2012.01.15 16:17:00 | 000,000,000 | ---D | M] -- E:\Documents and Settings\Ali & Serkan\Application Data\Simraceway[2012.01.07 17:51:24 | 000,000,000 | ---D | M] -- E:\Documents and Settings\Ali & Serkan\Application Data\Sports Interactive[2011.02.04 19:20:42 | 000,000,000 | ---D | M] -- E:\Documents and Settings\Ali & Serkan\Application Data\SurfSecret Privacy Suite[2012.01.08 19:07:26 | 000,000,000 | ---D | M] -- E:\Documents and Settings\Ali & Serkan\Application Data\TeamViewer[2012.01.14 22:19:58 | 000,000,000 | ---D | M] -- E:\Documents and Settings\Ali & Serkan\Application Data\TuneUp Software[2011.01.31 13:35:27 | 000,000,000 | ---D | M] -- E:\Documents and Settings\Ali & Serkan\Application Data\Uniblue[2012.06.05 23:03:41 | 000,000,000 | ---D | M] -- E:\Documents and Settings\Ali & Serkan\Application Data\uTorrent[2011.01.31 17:07:15 | 000,000,000 | ---D | M] -- E:\Documents and Settings\Ali & Serkan\Application Data\Wildfire[2012.05.25 19:25:44 | 000,000,000 | ---D | M] -- E:\Documents and Settings\Ali & Serkan\Application Data\Yandex[2012.01.04 16:32:59 | 000,000,000 | ---D | M] -- E:\Documents and Settings\All Users\Application Data\4Sync[2011.02.04 23:46:54 | 000,000,000 | ---D | M] -- E:\Documents and Settings\All Users\Application Data\Astroburn Lite[2011.08.24 21:01:26 | 000,000,000 | ---D | M] -- E:\Documents and Settings\All Users\Application Data\AVAST Software[2011.12.24 16:00:14 | 000,000,000 | ---D | M] -- E:\Documents and Settings\All Users\Application Data\Babylon[2012.06.05 22:46:24 | 000,000,000 | ---D | M] -- E:\Documents and Settings\All Users\Application Data\boost_interprocess[2011.12.12 15:25:51 | 000,000,000 | ---D | M] -- E:\Documents and Settings\All Users\Application Data\Codemasters[2012.01.14 22:20:16 | 000,000,000 | -H-D | M] -- E:\Documents and Settings\All Users\Application Data\Common Files[2012.05.29 10:51:40 | 000,000,000 | ---D | M] -- E:\Documents and Settings\All Users\Application Data\DAEMON Tools Lite[2011.01.31 14:16:44 | 000,000,000 | ---D | M] -- E:\Documents and Settings\All Users\Application Data\DAEMON Tools Pro[2011.02.05 12:11:09 | 000,000,000 | ---D | M] -- E:\Documents and Settings\All Users\Application Data\EA Core[2011.06.30 22:22:22 | 000,000,000 | ---D | M] -- E:\Documents and Settings\All Users\Application Data\Easybits GO[2012.05.19 19:25:49 | 000,000,000 | ---D | M] -- E:\Documents and Settings\All Users\Application Data\Electronic Arts[2011.01.11 21:13:18 | 000,000,000 | ---D | M] -- E:\Documents and Settings\All Users\Application Data\FarmFrenzy-PizzaParty[2011.01.11 21:10:35 | 000,000,000 | ---D | M] -- E:\Documents and Settings\All Users\Application Data\FarmFrenzy2[2011.02.01 17:31:07 | 000,000,000 | ---D | M] -- E:\Documents and Settings\All Users\Application Data\FarmFrenzy3[2011.02.14 04:11:04 | 000,000,000 | ---D | M] -- E:\Documents and Settings\All Users\Application Data\Fighters[2012.02.05 20:48:05 | 000,000,000 | ---D | M] -- E:\Documents and Settings\All Users\Application Data\Graboid Inc[2012.01.22 00:40:33 | 000,000,000 | ---D | M] -- E:\Documents and Settings\All Users\Application Data\InstallMate[2011.01.26 20:35:28 | 000,000,000 | ---D | M] -- E:\Documents and Settings\All Users\Application Data\MotionDSP[2011.08.25 11:08:32 | 000,000,000 | ---D | M] -- E:\Documents and Settings\All Users\Application Data\Panda Security[2011.10.09 21:33:24 | 000,000,000 | ---D | M] -- E:\Documents and Settings\All Users\Application Data\Premium[2011.01.26 20:35:21 | 000,000,000 | ---D | M] -- E:\Documents and Settings\All Users\Application Data\TEMP[2012.01.14 22:20:41 | 000,000,000 | ---D | M] -- E:\Documents and Settings\All Users\Application Data\TuneUp Software[2012.01.14 22:19:15 | 000,000,000 | -HSD | M] -- E:\Documents and Settings\All Users\Application Data\{32364CEA-7855-4A3C-B674-53D8E9B97936}[2011.02.12 20:56:11 | 000,000,000 | ---D | M] -- E:\Documents and Settings\LocalService\Application Data\Fighters[2012.01.21 22:58:08 | 000,000,000 | ---D | M] -- E:\Documents and Settings\LocalService\Application Data\TuneUp Software[2012.06.05 17:01:12 | 000,000,524 | ---- | M] () -- E:\WINDOWS\Tasks\SUPERAntiSpyware Scheduled Task 6509104d-4e3f-403e-8362-bbb1e05f2e9e.job[2012.06.05 17:01:13 | 000,000,524 | ---- | M] () -- E:\WINDOWS\Tasks\SUPERAntiSpyware Scheduled Task bcf94961-53ca-4ab6-ab60-bdafc19d02e0.job[2012.06.05 22:41:54 | 000,000,324 | ---- | M] () -- E:\WINDOWS\Tasks\Xjblth.job ========== Purity Check ========== ========== Custom Scans ========== < "%WinDir%\$NtUninstallKB*$." /30 > < C:\Program Files\Common Files\ComObjects\*.* /s > < %SYSTEMDRIVE%\*.* >[2011.12.31 17:25:51 | 000,000,003 | ---- | M] () -- E:\Bbvn.afp[2011.12.31 17:25:51 | 000,000,003 | ---- | M] () -- E:\Btbw.afp[2012.01.15 16:17:15 | 000,001,668 | ---- | M] () -- E:\Documents[2011.12.31 17:25:51 | 000,000,003 | ---- | M] () -- E:\Etao.afp[2007.11.07 09:00:40 | 000,017,734 | ---- | M] () -- E:\eula.1028.txt[2007.11.07 09:00:40 | 000,017,734 | ---- | M] () -- E:\eula.1031.txt[2007.11.07 09:00:40 | 000,010,134 | ---- | M] () -- E:\eula.1033.txt[2007.11.07 09:00:40 | 000,017,734 | ---- | M] () -- E:\eula.1036.txt[2007.11.07 09:00:40 | 000,017,734 | ---- | M] () -- E:\eula.1040.txt[2007.11.07 09:00:40 | 000,000,118 | ---- | M] () -- E:\eula.1041.txt[2007.11.07 09:00:40 | 000,017,734 | ---- | M] () -- E:\eula.1042.txt[2007.11.07 09:00:40 | 000,017,734 | ---- | M] () -- E:\eula.2052.txt[2007.11.07 09:00:40 | 000,017,734 | ---- | M] () -- E:\eula.3082.txt[2007.11.07 09:00:40 | 000,001,110 | ---- | M] () -- E:\globdata.ini[2007.11.07 09:03:18 | 000,562,688 | ---- | M] (Microsoft Corporation) -- E:\install.exe[2007.11.07 09:00:40 | 000,000,843 | ---- | M] () -- E:\install.ini[2007.11.07 09:03:18 | 000,076,304 | ---- | M] (Microsoft Corporation) -- E:\install.res.1028.dll[2007.11.07 09:03:18 | 000,096,272 | ---- | M] (Microsoft Corporation) -- E:\install.res.1031.dll[2007.11.07 09:03:18 | 000,091,152 | ---- | M] (Microsoft Corporation) -- E:\install.res.1033.dll[2007.11.07 09:03:18 | 000,097,296 | ---- | M] (Microsoft Corporation) -- E:\install.res.1036.dll[2007.11.07 09:03:18 | 000,095,248 | ---- | M] (Microsoft Corporation) -- E:\install.res.1040.dll[2007.11.07 09:03:18 | 000,081,424 | ---- | M] (Microsoft Corporation) -- E:\install.res.1041.dll[2007.11.07 09:03:18 | 000,079,888 | ---- | M] (Microsoft Corporation) -- E:\install.res.1042.dll[2007.11.07 09:03:18 | 000,075,792 | ---- | M] (Microsoft Corporation) -- E:\install.res.2052.dll[2007.11.07 09:03:18 | 000,096,272 | ---- | M] (Microsoft Corporation) -- E:\install.res.3082.dll[2012.06.05 22:41:50 | 2145,386,496 | -HS- | M] () -- E:\pagefile.sys[2011.12.31 17:25:51 | 000,000,003 | ---- | M] () -- E:\Tbtp.afp[2012.01.22 00:40:53 | 000,000,474 | ---- | M] () -- E:\user.js[2007.11.07 09:00:40 | 000,005,686 | ---- | M] () -- E:\vcredist.bmp[2007.11.07 09:09:22 | 001,442,522 | ---- | M] () -- E:\VC_RED.cab[2007.11.07 09:12:28 | 000,232,960 | ---- | M] () -- E:\VC_RED.MSI < %USERPROFILE%\*.* >[2012.06.05 22:41:13 | 014,417,920 | -H-- | M] () -- E:\Documents and Settings\Ali & Serkan\NTUSER.DAT[2012.06.05 23:03:59 | 000,001,024 | -H-- | M] () -- E:\Documents and Settings\Ali & Serkan\NTUSER.DAT.LOG[2012.06.05 22:41:13 | 000,000,278 | -HS- | M] () -- E:\Documents and Settings\Ali & Serkan\ntuser.ini[1 E:\Documents and Settings\Ali & Serkan\*.tmp files -> E:\Documents and Settings\Ali & Serkan\*.tmp -> ] < %USERPROFILE%\Application Data\*.* >[2011.01.08 15:16:25 | 000,000,062 | -HS- | M] () -- E:\Documents and Settings\Ali & Serkan\Application Data\desktop.ini[2011.02.09 17:42:10 | 000,138,056 | ---- | M] () -- E:\Documents and Settings\Ali & Serkan\Application Data\PnkBstrK.sys < %USERPROFILE%\Local Settings\Application Data\*.* >[2012.06.04 21:48:53 | 000,077,824 | ---- | M] () -- E:\Documents and Settings\Ali & Serkan\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini[2011.12.12 14:26:01 | 000,018,832 | ---- | M] () -- E:\Documents and Settings\Ali & Serkan\Local Settings\Application Data\GDIPFONTCACHEV1.DAT[2012.05.29 02:05:19 | 004,241,582 | -H-- | M] () -- E:\Documents and Settings\Ali & Serkan\Local Settings\Application Data\IconCache.db < %AllUsersProfile%\*.* >[2011.10.09 17:57:38 | 000,001,024 | -H-- | M] () -- E:\Documents and Settings\All Users\NTUSER.DAT.LOG[2012.04.08 16:21:00 | 000,000,406 | RHS- | M] () -- E:\Documents and Settings\All Users\ntuser.pol < %AllUsersProfile%\Application Data\*.* >[2011.01.08 15:16:25 | 000,000,062 | -HS- | M] () -- E:\Documents and Settings\All Users\Application Data\desktop.ini < %USERPROFILE%\My Documents\*.* >[2012.01.02 02:18:48 | 000,142,413 | ---- | M] () -- E:\Documents and Settings\Ali & Serkan\My Documents\100.JPG[2012.01.02 02:17:45 | 000,148,549 | ---- | M] () -- E:\Documents and Settings\Ali & Serkan\My Documents\102.JPG[2011.01.08 23:33:05 | 000,000,083 | -HS- | M] () -- E:\Documents and Settings\Ali & Serkan\My Documents\desktop.ini[2011.01.31 16:42:35 | 011,193,664 | ---- | M] (DT Soft Ltd.) -- E:\Documents and Settings\Ali & Serkan\My Documents\DTLite4402-0131.exe[2012.01.02 02:31:01 | 003,059,018 | ---- | M] () -- E:\Documents and Settings\Ali & Serkan\My Documents\nita 317.JPG[2012.01.02 02:31:29 | 003,353,948 | ---- | M] () -- E:\Documents and Settings\Ali & Serkan\My Documents\nita 318.JPG[2012.01.02 02:19:28 | 000,143,845 | ---- | M] () -- E:\Documents and Settings\Ali & Serkan\My Documents\nita 532.JPG[2012.01.15 13:34:21 | 000,027,648 | -HS- | M] () -- E:\Documents and Settings\Ali & Serkan\My Documents\Thumbs.db < %CommonProgramFiles%\*.* > < %PROGRAMFILES%\*.* > < %systemroot%\system32\config\systemprofile\*.* >[2011.08.24 21:01:23 | 000,262,144 | ---- | M] () -- E:\WINDOWS\system32\config\systemprofile\NtUser.dat[2012.01.08 19:11:25 | 000,001,024 | -H-- | M] () -- E:\WINDOWS\system32\config\systemprofile\NtUser.dat.LOG[1 E:\WINDOWS\system32\config\systemprofile\*.tmp files -> E:\WINDOWS\system32\config\systemprofile\*.tmp -> ] < %windir%\ServiceProfiles\LocalService\AppData\Local\Temp\*.* > < %windir%\ServiceProfiles\NetworkService\AppData\Local\Temp\*.* > < %windir% emp*.* >[2 E:\WINDOWS\*.tmp files -> E:\WINDOWS\*.tmp -> ] < %windir%\system32\*. >[2011.01.08 15:12:44 | 000,000,000 | ---D | M] -- E:\WINDOWS\system32\1025[2011.01.08 15:12:44 | 000,000,000 | ---D | M] -- E:\WINDOWS\system32\1028[2011.01.08 15:12:44 | 000,000,000 | ---D | M] -- E:\WINDOWS\system32\1031[2011.01.08 15:13:12 | 000,000,000 | ---D | M] -- E:\WINDOWS\system32\1033[2011.01.08 15:12:44 | 000,000,000 | ---D | M] -- E:\WINDOWS\system32\1037[2011.01.08 15:12:44 | 000,000,000 | ---D | M] -- E:\WINDOWS\system32\1041[2011.01.08 15:12:44 | 000,000,000 | ---D | M] -- E:\WINDOWS\system32\1042[2011.01.08 15:12:44 | 000,000,000 | ---D | M] -- E:\WINDOWS\system32\1054[2011.01.08 15:12:44 | 000,000,000 | ---D | M] -- E:\WINDOWS\system32\2052[2011.01.08 15:12:44 | 000,000,000 | ---D | M] -- E:\WINDOWS\system32\3076[2011.01.08 15:12:44 | 000,000,000 | ---D | M] -- E:\WINDOWS\system32\3com_dmi[2011.02.05 12:39:13 | 000,000,000 | ---D | M] -- E:\WINDOWS\system32\appmgmt[2011.01.08 23:28:45 | 000,000,000 | ---D | M] -- E:\WINDOWS\system32\bg-Bg[2012.03.20 09:24:07 | 000,000,000 | ---D | M] -- E:\WINDOWS\system32\cache[2012.02.05 20:52:54 | 000,000,000 | ---D | M] -- E:\WINDOWS\system32\CatRoot[2012.06.05 22:44:04 | 000,000,000 | ---D | M] -- E:\WINDOWS\system32\CatRoot2[2011.01.08 23:24:22 | 000,000,000 | ---D | M] -- E:\WINDOWS\system32\Com[2012.01.14 22:20:39 | 000,000,000 | ---D | M] -- E:\WINDOWS\system32\config[2011.01.08 15:12:44 | 000,000,000 | ---D | M] -- E:\WINDOWS\system32\dhcp[2012.05.27 11:22:30 | 000,000,000 | ---D | M] -- E:\WINDOWS\system32\DirectX[2012.05.16 18:13:05 | 000,000,000 | RHSD | M] -- E:\WINDOWS\system32\dllcache[2012.06.05 22:41:41 | 000,000,000 | ---D | M] -- E:\WINDOWS\system32\drivers[2011.10.22 22:45:59 | 000,000,000 | ---D | M] -- E:\WINDOWS\system32\DRVSTORE[2011.01.08 15:14:17 | 000,000,000 | ---D | M] -- E:\WINDOWS\system32\en[2011.02.03 15:23:28 | 000,000,000 | ---D | M] -- E:\WINDOWS\system32\en-US[2011.01.08 15:12:44 | 000,000,000 | ---D | M] -- E:\WINDOWS\system32\export[2011.08.01 12:13:44 | 000,000,000 | -H-D | M] -- E:\WINDOWS\system32\GroupPolicy[2011.01.08 23:26:35 | 000,000,000 | ---D | M] -- E:\WINDOWS\system32\ias[2011.01.08 15:13:30 | 000,000,000 | ---D | M] -- E:\WINDOWS\system32\icsxml[2011.01.08 15:12:44 | 000,000,000 | ---D | M] -- E:\WINDOWS\system32\IME[2011.01.08 15:12:44 | 000,000,000 | ---D | M] -- E:\WINDOWS\system32\inetsrv[2011.02.09 17:41:45 | 000,000,000 | ---D | M] -- E:\WINDOWS\system32\LogFiles[2011.02.05 14:07:08 | 000,000,000 | ---D | M] -- E:\WINDOWS\system32\Macromed[2011.01.08 23:31:12 | 000,000,000 | --SD | M] -- E:\WINDOWS\system32\Microsoft[2011.01.08 23:24:09 | 000,000,000 | ---D | M] -- E:\WINDOWS\system32\MsDtc[2011.02.03 15:22:03 | 000,000,000 | ---D | M] -- E:\WINDOWS\system32\mui[2011.01.08 15:14:26 | 000,000,000 | ---D | M] -- E:\WINDOWS\system32\npp[2011.01.08 23:28:09 | 000,000,000 | ---D | M] -- E:\WINDOWS\system32\oobe[2011.01.08 15:12:44 | 000,000,000 | ---D | M] -- E:\WINDOWS\system32\PreInstall[2011.01.08 15:13:35 | 000,000,000 | ---D | M] -- E:\WINDOWS\system32\ras[2011.07.04 14:00:40 | 000,000,000 | ---D | M] -- E:\WINDOWS\system32\ReinstallBackups[2012.04.10 09:58:08 | 000,000,000 | ---D | M] -- E:\WINDOWS\system32\Restore[2011.01.08 15:14:52 | 000,000,000 | ---D | M] -- E:\WINDOWS\system32\scripting[2011.01.08 23:29:51 | 000,000,000 | ---D | M] -- E:\WINDOWS\system32\Setup[2011.01.08 15:12:44 | 000,000,000 | ---D | M] -- E:\WINDOWS\system32\ShellExt[2011.01.30 19:32:59 | 000,000,000 | ---D | M] -- E:\WINDOWS\system32\SoftwareDistribution[2011.02.03 15:23:12 | 000,000,000 | ---D | M] -- E:\WINDOWS\system32\spool[2011.01.08 23:54:22 | 000,000,000 | ---D | M] -- E:\WINDOWS\system32\Tools[2011.01.08 15:15:04 | 000,000,000 | ---D | M] -- E:\WINDOWS\system32\usmt[2011.01.11 21:37:46 | 000,000,000 | ---D | M] -- E:\WINDOWS\system32\wbem[2011.01.08 15:12:44 | 000,000,000 | ---D | M] -- E:\WINDOWS\system32\wins[2011.01.08 23:29:00 | 000,000,000 | ---D | M] -- E:\WINDOWS\system32\xircom[2011.07.31 16:14:38 | 000,000,000 | ---D | M] -- E:\WINDOWS\system32\xlive[2012.05.16 18:19:00 | 000,000,000 | ---D | M] -- E:\WINDOWS\system32\XPSViewer < %Temp%\smtmp\1\*.* > < %Temp%\smtmp\2\*.* > < %Temp%\smtmp\3\*.* > < %Temp%\smtmp\4\*.* > < %systemroot%\system32\DBBK\*.* /s > < %systemroot%\system32\*.dll /lockedfiles >[2012.04.09 12:01:07 | 000,143,360 | RHS- | M] () Unable to obtain MD5 -- E:\WINDOWS\system32\MSCOMCTLX.dll[13 E:\WINDOWS\system32\*.tmp files -> E:\WINDOWS\system32\*.tmp -> ] < %systemroot%\Tasks\*.job /lockedfiles > < %systemroot%\system32\drivers\*.sys /90 >[2012.04.04 15:56:40 | 000,022,344 | ---- | M] (Malwarebytes Corporation) -- E:\WINDOWS\system32\drivers\mbam.sys < %systemroot%\system32\drivers\*.sys /lockedfiles >[2011.01.31 16:43:44 | 000,431,672 | ---- | M] () Unable to obtain MD5 -- E:\WINDOWS\system32\drivers\sptd.sys < %systemroot%\system32\Spool\prtprocs\w32x86\*.dll >[2008.07.06 05:06:10 | 000,089,088 | ---- | M] (Microsoft Corporation) -- E:\WINDOWS\system32\Spool\prtprocs\w32x86\filterpipelineprintproc.dll < %systemroot%\*. /rp /s > < %systemroot%\assembly mp\*.* /S /MD5 >[2011.02.03 15:23:26 | 001,245,184 | ---- | M] () MD5=64B09796E91430982C3C2A2B17BC2FA1 -- E:\WINDOWS\assembly mp\01EFS567\WindowsBase.dll[2011.02.03 15:23:28 | 000,094,208 | ---- | M] () MD5=E205A79EA6C06F91EA08BBE59FE83503 -- E:\WINDOWS\assembly mp\01EFS56J\WindowsFormsIntegration.dll[2011.02.03 15:23:29 | 000,864,256 | ---- | M] () MD5=428D3714C85BACE55476C91E0D90E495 -- E:\WINDOWS\assembly mp\01ERGT67\PresentationUI.dll[2011.02.03 15:23:29 | 000,163,840 | ---- | M] () MD5=D1E117EDDEFEB220351BE0C7B27A4646 -- E:\WINDOWS\assembly mp\0PQRGTU7\PresentationFramework.Royale.dll[2011.02.03 15:23:28 | 000,385,024 | ---- | M] () MD5=09658EF5F16F2ABD74FE577D50C0D155 -- E:\WINDOWS\assembly mp\45IJW9AN\UIAutomationClientsideProviders.dll[2011.02.03 15:23:30 | 000,126,976 | ---- | M] () MD5=311A345681A73C66D3EE49C5157A473B -- E:\WINDOWS\assembly mp\89MN012R\System.IdentityModel.Selectors.dll[2011.02.03 15:23:23 | 000,131,072 | ---- | M] () MD5=80E67BFFD101CC6312B489BEE255430D -- E:\WINDOWS\assembly mp\8XYBO1ER\System.IO.Log.dll[2011.02.03 15:23:27 | 000,540,672 | ---- | M] () MD5=6623152B2FB7DC650C6A8FE01AF71F44 -- E:\WINDOWS\assembly mp\C1EFS567\System.Workflow.Runtime.dll[2011.02.03 15:23:28 | 000,688,128 | ---- | M] () MD5=31588B867657A7DF046AC1908550D73C -- E:\WINDOWS\assembly mp\CD2RG5I7\System.Speech.dll[2011.02.03 15:23:29 | 000,139,264 | ---- | M] () MD5=DA8417F8973EC51F0F1859CA0B334FC5 -- E:\WINDOWS\assembly mp\CP2FS567\PresentationFramework.Classic.dll[2011.02.03 15:23:26 | 000,368,640 | ---- | M] () MD5=34FA631FAA4B2DF8C0A92B7B5AD9D6E1 -- E:\WINDOWS\assembly mp\CP2FSHUV\System.Printing.dll[2011.02.03 15:23:23 | 000,966,656 | ---- | M] () MD5=FEF363534B2E325A1AE11DE7B12441E3 -- E:\WINDOWS\assembly mp\GT6JW9AN\System.Runtime.Serialization.dll[2011.02.03 15:23:28 | 000,046,104 | ---- | M] () MD5=8BA7C024070F2B7FDD98ED8A4BA41789 -- E:\WINDOWS\assembly mp\GT6JW9MZ\PresentationFontCache.exe[2011.02.03 15:23:25 | 000,032,768 | ---- | M] () MD5=43920F2E0EF924094796AFF2CE6279AD -- E:\WINDOWS\assembly mp\GTI7WLAB\System.ServiceModel.WasHosting.dll[2011.02.03 15:23:27 | 000,598,016 | ---- | M] () MD5=28595FA306E58AACD7DAFF001F430703 -- E:\WINDOWS\assembly mp\KLAZO12R\PresentationBuildTasks.dll[2011.02.03 15:23:28 | 000,167,936 | ---- | M] () MD5=F303A07A6EF37B8B6DD928D97A016B75 -- E:\WINDOWS\assembly mp\KLAZOD23\UIAutomationClient.dll[2011.02.03 15:23:29 | 005,283,840 | ---- | M] () MD5=DCC01F2F3B12AB72C5663E22140DA209 -- E:\WINDOWS\assembly mp\KLYBO1EF\PresentationFramework.dll[2011.02.03 15:23:25 | 004,210,688 | ---- | M] () MD5=A9D42B0504EAE68C4D45692F019B543A -- E:\WINDOWS\assembly mp\KLYBO1ER\PresentationCore.dll[2011.02.03 15:23:26 | 000,040,960 | ---- | M] () MD5=A93561FB224FA8539357C74065403630 -- E:\WINDOWS\assembly mp\KXAN0DQ3\UIAutomationProvider.dll[2011.02.03 15:23:27 | 001,138,688 | ---- | M] () MD5=A96933F3898290AA509080A90E0C7C5F -- E:\WINDOWS\assembly mp\KXYN0PE3\System.Workflow.Activities.dll[2011.02.03 15:23:25 | 000,032,768 | ---- | M] () MD5=93F9CC2360815D8EF955407CF92B38AA -- E:\WINDOWS\assembly mp\ODQ3GT67\PresentationCFFRasterizer.dll[2011.02.03 15:23:24 | 005,931,008 | ---- | M] () MD5=3E284E5922C7D3D63D8B985526AE39EE -- E:\WINDOWS\assembly mp\OP2FS56J\System.ServiceModel.dll[2011.02.03 15:23:27 | 001,630,208 | ---- | M] () MD5=C4503F6EADC2638D6898514290A7A60B -- E:\WINDOWS\assembly mp\S56VWXAN\System.Workflow.ComponentModel.dll[2011.02.03 15:23:26 | 000,098,304 | ---- | M] () MD5=5BE33FC308914C1AE6577A908D97A4FF -- E:\WINDOWS\assembly mp\SHIVW9AB\UIAutomationTypes.dll[2011.02.03 15:23:28 | 000,196,608 | ---- | M] () MD5=0C488A21B5A63055CB7736E3E0C75B1F -- E:\WINDOWS\assembly mp\SHU7KLYB\PresentationFramework.Aero.dll[2011.02.03 15:23:25 | 000,528,384 | ---- | M] () MD5=A37D01E48B3908330E780466312D54A6 -- E:\WINDOWS\assembly mp\ST6J89AB\ReachFramework.dll[2011.02.03 15:23:25 | 000,073,728 | ---- | M] () MD5=A80F41C8B2168E8B3ADD0AA4FCBDDC93 -- E:\WINDOWS\assembly mp\W9AZCP2R\System.ServiceModel.Install.dll[2011.02.03 15:23:29 | 000,397,312 | ---- | M] () MD5=7E61032F4F2BAB036B859D3B22D26DD0 -- E:\WINDOWS\assembly mp\WLYZOD2R\PresentationFramework.Luna.dll < %systemroot%\assembly emp\*.* /S /MD5 > < %systemroot%\assembly\GAC_32\*.* /S /MD5 >[2012.05.16 18:17:22 | 000,069,120 | ---- | M] () MD5=DC426A365577F27187F99EB506ECD5D1 -- E:\WINDOWS\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll[2012.05.16 18:17:30 | 000,072,192 | ---- | M] () MD5=29B35A999E341A37BE67771BE01CC275 -- E:\WINDOWS\assembly\GAC_32\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll[2011.02.03 15:23:22 | 000,163,840 | ---- | M] () MD5=36BDD82A92AA704034475C2DEF7FBD29 -- E:\WINDOWS\assembly\GAC_32\Microsoft.Transactions.Bridge.Dtc\3.0.0.0__b03f5f7f11d50a3a\Microsoft.Transactions.Bridge.Dtc.dll[2012.05.16 18:17:37 | 000,066,728 | ---- | M] () MD5=C01B81BB10AD14DBC5C4ECD350638096 -- E:\WINDOWS\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\big5.nlp[2012.05.16 18:17:37 | 000,082,172 | ---- | M] () MD5=EE1F60F8774D74BED8B13498F3FE737A -- E:\WINDOWS\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\bopomofo.nlp[2012.05.16 18:17:37 | 000,116,756 | ---- | M] () MD5=F6DFDA5A31162D848634504565F6D321 -- E:\WINDOWS\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\ksc.nlp[2012.05.16 18:17:37 | 004,550,656 | ---- | M] () MD5=3BDAE07DA44654FA393A2A2BA242EA41 -- E:\WINDOWS\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll[2012.05.16 18:17:37 | 000,059,342 | ---- | M] () MD5=DA5748A89E22A3932387E65694B25BBB -- E:\WINDOWS\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\normidna.nlp[2012.05.16 18:17:37 | 000,045,794 | ---- | M] () MD5=3831A5E217D6FA828CCE1011DA26E677 -- E:\WINDOWS\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\normnfc.nlp[2012.05.16 18:17:37 | 000,039,284 | ---- | M] () MD5=DBDE664E0BA4BACD0A6A04AE2232B205 -- E:\WINDOWS\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\normnfd.nlp[2012.05.16 18:17:37 | 000,066,384 | ---- | M] () MD5=C9B88B759FE81D59CE8EBF5A0A8EB75A -- E:\WINDOWS\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\normnfkc.nlp[2012.05.16 18:17:37 | 000,060,294 | ---- | M] () MD5=3CAB6AB66759FCDF73B61EE262C9ACF4 -- E:\WINDOWS\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\normnfkd.nlp[2012.05.16 18:17:37 | 000,083,748 | ---- | M] () MD5=54144F43EDF5AA8F504A30E7C1D1A7B5 -- E:\WINDOWS\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\prc.nlp[2012.05.16 18:17:37 | 000,083,748 | ---- | M] () MD5=901863C68E6523336CAC602FE9320ABC -- E:\WINDOWS\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\prcp.nlp[2012.05.16 18:17:37 | 000,262,148 | ---- | M] () MD5=FB59D247F7143C3B9683A547E808A88B -- E:\WINDOWS\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sortkey.nlp[2012.05.16 18:17:37 | 000,020,320 | ---- | M] () MD5=FF13BA175F0013D2311827E0D438C60B -- E:\WINDOWS\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sorttbls.nlp[2012.05.16 18:17:37 | 000,028,288 | ---- | M] () MD5=09E420F90A329BDA68477FA4AF43CB28 -- E:\WINDOWS\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\xjis.nlp[2012.05.16 18:14:58 | 004,214,784 | ---- | M] () MD5=E0EB0BDC866E2C0CC792B83BD2422501 -- E:\WINDOWS\assembly\GAC_32\PresentationCore\3.0.0.0__31bf3856ad364e35\PresentationCore.dll[2012.05.16 18:17:44 | 000,486,400 | ---- | M] () MD5=759FD3779911F89C450CCAE06B92AE3A -- E:\WINDOWS\assembly\GAC_32\System.Data.OracleClient\2.0.0.0__b77a5c561934e089\System.Data.OracleClient.dll[2012.05.16 18:17:45 | 002,933,248 | ---- | M] () MD5=16F96C1496CBD0965285AB19A9271D02 -- E:\WINDOWS\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll[2012.05.16 18:17:33 | 000,258,048 | ---- | M] () MD5=9631B15DB7C43C267636FF43C3075E07 -- E:\WINDOWS\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll[2012.05.16 18:17:33 | 000,113,664 | ---- | M] () MD5=E786C33D35D39C5CCB523AECC18D7BD7 -- E:\WINDOWS\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll[2012.05.16 18:14:59 | 000,368,640 | ---- | M] () MD5=E915933B0E68B61A6AC22E06BD1AD651 -- E:\WINDOWS\assembly\GAC_32\System.Printing\3.0.0.0__31bf3856ad364e35\System.Printing.dll[2012.05.16 18:17:32 | 000,261,632 | ---- | M] () MD5=F054572A92573CA32D5F3AA8C15D2BAC -- E:\WINDOWS\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll[2012.05.16 18:17:15 | 005,246,976 | ---- | M] () MD5=661268A6BEEF1C1B0D1B9137F530A9FD -- E:\WINDOWS\assembly\GAC_32\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dll < %systemroot%\assembly\GAC_MSIL\*.* /S /MD5 >[2012.05.16 18:17:26 | 000,010,752 | ---- | M] () MD5=A5A56B4957BD59D324821522FE14F751 -- E:\WINDOWS\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll[2012.05.16 18:17:16 | 000,507,904 | ---- | M] () MD5=B8FE2350B2236EE3D1CECA34E0C0FF17 -- E:\WINDOWS\assembly\GAC_MSIL\AspNetMMCExt\2.0.0.0__b03f5f7f11d50a3a\AspNetMMCExt.dll[2012.05.16 18:17:22 | 000,013,312 | ---- | M] () MD5=107F49F1BF0FB27A6CD758EB8C4D95A0 -- E:\WINDOWS\assembly\GAC_MSIL\cscompmgd\8.0.0.0__b03f5f7f11d50a3a\cscompmgd.dll[2011.02.04 19:20:59 | 000,053,248 | ---- | M] () MD5=A6D870C3E8D93E8197BE9B264E63FBB1 -- E:\WINDOWS\assembly\GAC_MSIL\diCrSysAPINet\4.2.0.37021__6ab76b58d88c4cc4\diCrSysAPINet.dll[2011.02.04 19:20:42 | 000,200,704 | ---- | M] () MD5=76E5274C40DCC1D4DAD91B616D53579B -- E:\WINDOWS\assembly\GAC_MSIL\ICSharpCode.SharpZipLib\0.85.1.271__1b03e6acf1164f73\ICSharpCode.SharpZipLib.dll[2012.05.16 18:17:23 | 000,008,192 | ---- | M] () MD5=6CD7461E06CB8BAEE3B16C3D7F637CD0 -- E:\WINDOWS\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a\IEExecRemote.dll[2012.05.16 18:17:24 | 000,077,824 | ---- | M] () MD5=24F0385D06BD86A97412B8905483313E -- E:\WINDOWS\assembly\GAC_MSIL\IEHost\2.0.0.0__b03f5f7f11d50a3a\IEHost.dll[2012.05.16 18:17:25 | 000,006,656 | ---- | M] () MD5=11F3AC2D47E566615819F5BF0DD18379 -- E:\WINDOWS\assembly\GAC_MSIL\IIEHost\2.0.0.0__b03f5f7f11d50a3a\IIEHost.dll[2011.02.04 19:20:49 | 000,139,264 | ---- | M] () MD5=1DA2D67104F7889A88AF3A06E778928D -- E:\WINDOWS\assembly\GAC_MSIL\Interop.SHDocVw\1.1.0.0__d7e6797a04c5c135\Interop.SHDocVw.dll[2011.02.04 19:20:46 | 000,028,672 | ---- | M] () MD5=3426FD5780DA7DE689A27BD1477DF3BE -- E:\WINDOWS\assembly\GAC_MSIL\Interop.SurfSecret_FormFiller\1.0.0.0__d7e6797a04c5c135\Interop.SurfSecret_FormFiller.dll[2011.02.03 16:49:28 | 000,106,496 | ---- | M] () MD5=29CED3B606BA7E2B49E52931C5CB53B7 -- E:\WINDOWS\assembly\GAC_MSIL\Microsoft.Build.Conversion.v3.5\3.5.0.0__b03f5f7f11d50a3a\Microsoft.Build.Conversion.v3.5.dll[2012.05.16 18:17:34 | 000,348,160 | ---- | M] () MD5=996AAEEC01C734347DE8A72542FD1C12 -- E:\WINDOWS\assembly\GAC_MSIL\Microsoft.Build.Engine\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Engine.dll[2011.02.03 16:49:29 | 000,733,184 | ---- | M] () MD5=31C6E94759BF4D2FBE3239FFA717967D -- E:\WINDOWS\assembly\GAC_MSIL\Microsoft.Build.Engine\3.5.0.0__b03f5f7f11d50a3a\Microsoft.Build.Engine.dll[2012.05.16 18:17:35 | 000,036,864 | ---- | M] () MD5=D2A1C3150E43738BAB3D0AD9921B3E50 -- E:\WINDOWS\assembly\GAC_MSIL\Microsoft.Build.Framework\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll[2011.02.03 16:49:29 | 000,036,864 | ---- | M] () MD5=17C6F3F73858732DE59D6D957958E9AF -- E:\WINDOWS\assembly\GAC_MSIL\Microsoft.Build.Framework\3.5.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll[2011.02.03 16:49:29 | 000,802,816 | ---- | M] () MD5=37F17D4698086C90127BBD90E73D7FE2 -- E:\WINDOWS\assembly\GAC_MSIL\Microsoft.Build.Tasks.v3.5\3.5.0.0__b03f5f7f11d50a3a\Microsoft.Build.Tasks.v3.5.dll[2012.05.16 18:17:36 | 000,655,360 | ---- | M] () MD5=8A3F5B72C3F402C8D33027A4C77F55AC -- E:\WINDOWS\assembly\GAC_MSIL\Microsoft.Build.Tasks\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Tasks.dll[2011.02.03 16:49:29 | 000,094,208 | ---- | M] () MD5=E32A06F647517D0DEA80F29B459E8FA2 -- E:\WINDOWS\assembly\GAC_MSIL\Microsoft.Build.Utilities.v3.5\3.5.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.v3.5.dll[2012.05.16 18:17:37 | 000,077,824 | ---- | M] () MD5=640BF6BB259B53BEFF59135645C63B18 -- E:\WINDOWS\assembly\GAC_MSIL\Microsoft.Build.Utilities\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.dll[2012.05.16 18:17:31 | 000,749,568 | ---- | M] () MD5=EB535D00C508119EEE4042B737165A3B -- E:\WINDOWS\assembly\GAC_MSIL\Microsoft.JScript\8.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll[2011.02.03 15:23:22 | 000,397,312 | ---- | M] () MD5=66F6B3248D6C39CEFA49174133A694FE -- E:\WINDOWS\assembly\GAC_MSIL\Microsoft.Transactions.Bridge\3.0.0.0__b03f5f7f11d50a3a\Microsoft.Transactions.Bridge.dll[2012.05.16 18:17:29 | 000,110,592 | ---- | M] () MD5=D676BC7C829F86A215676281A1032C6B -- E:\WINDOWS\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll[2012.05.16 18:17:28 | 000,372,736 | ---- | M] () MD5=226956F70AEBBBF5ACBC9ADA6522B6F6 -- E:\WINDOWS\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll[2012.05.16 18:17:31 | 000,028,672 | ---- | M] () MD5=3D61BFCBE13C2DC8F5AE20BF02145322 -- E:\WINDOWS\assembly\GAC_MSIL\Microsoft.VisualBasic.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Vsa.dll[2012.05.16 18:17:27 | 000,659,456 | ---- | M] () MD5=EFC806A1C4C6CE9F69AECE0AB72C1E34 -- E:\WINDOWS\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll[2011.02.03 16:49:28 | 000,041,984 | ---- | M] () MD5=9F065BF574C956B85DB355C32E7E995E -- E:\WINDOWS\assembly\GAC_MSIL\Microsoft.VisualC.STLCLR\1.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.STLCLR.dll[2012.05.16 18:17:43 | 000,005,632 | ---- | M] () MD5=7E50D25F9A5BC75F22CA7AEB52176CA2 -- E:\WINDOWS\assembly\GAC_MSIL\Microsoft.VisualC\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll[2012.05.16 18:17:32 | 000,012,800 | ---- | M] () MD5=B27AA2EA41728FAF5E9642CFD2958FB9 -- E:\WINDOWS\assembly\GAC_MSIL\Microsoft.Vsa.Vb.CodeDOMProcessor\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.Vb.CodeDOMProcessor.dll[2012.05.16 18:17:26 | 000,032,768 | ---- | M] () MD5=D251A67B7D6DE2194F6E264055E020FB -- E:\WINDOWS\assembly\GAC_MSIL\Microsoft.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.dll[2012.05.16 18:17:24 | 000,007,168 | ---- | M] () MD5=9659028AFA77387D6D2BF4280C10AB94 -- E:\WINDOWS\assembly\GAC_MSIL\Microsoft_VsaVb\8.0.0.0__b03f5f7f11d50a3a\Microsoft_VsaVb.dll[2011.02.03 16:49:02 | 000,598,016 | ---- | M] () MD5=28595FA306E58AACD7DAFF001F430703 -- E:\WINDOWS\assembly\GAC_MSIL\PresentationBuildTasks\3.0.0.0__31bf3856ad364e35\PresentationBuildTasks.dll[2011.02.03 16:49:00 | 000,032,768 | ---- | M] () MD5=93F9CC2360815D8EF955407CF92B38AA -- E:\WINDOWS\assembly\GAC_MSIL\PresentationCFFRasterizer\3.0.0.0__31bf3856ad364e35\PresentationCFFRasterizer.dll[2011.02.03 16:49:02 | 000,046,104 | ---- | M] () MD5=8BA7C024070F2B7FDD98ED8A4BA41789 -- E:\WINDOWS\assembly\GAC_MSIL\PresentationFontCache\3.0.0.0__31bf3856ad364e35\PresentationFontCache.exe[2011.02.03 16:49:02 | 000,196,608 | ---- | M] () MD5=0C488A21B5A63055CB7736E3E0C75B1F -- E:\WINDOWS\assembly\GAC_MSIL\PresentationFramework.Aero\3.0.0.0__31bf3856ad364e35\PresentationFramework.Aero.dll[2011.02.03 16:49:02 | 000,139,264 | ---- | M] () MD5=DA8417F8973EC51F0F1859CA0B334FC5 -- E:\WINDOWS\assembly\GAC_MSIL\PresentationFramework.Classic\3.0.0.0__31bf3856ad364e35\PresentationFramework.Classic.dll[2011.02.03 16:49:03 | 000,397,312 | ---- | M] () MD5=7E61032F4F2BAB036B859D3B22D26DD0 -- E:\WINDOWS\assembly\GAC_MSIL\PresentationFramework.Luna\3.0.0.0__31bf3856ad364e35\PresentationFramework.Luna.dll[2011.02.03 16:49:03 | 000,163,840 | ---- | M] () MD5=D1E117EDDEFEB220351BE0C7B27A4646 -- E:\WINDOWS\assembly\GAC_MSIL\PresentationFramework.Royale\3.0.0.0__31bf3856ad364e35\PresentationFramework.Royale.dll[2012.05.16 18:14:59 | 005,283,840 | ---- | M] () MD5=2CFE88EE740380F4B594B2DE58AA933D -- E:\WINDOWS\assembly\GAC_MSIL\PresentationFramework\3.0.0.0__31bf3856ad364e35\PresentationFramework.dll[2011.02.03 16:49:03 | 000,864,256 | ---- | M] () MD5=428D3714C85BACE55476C91E0D90E495 -- E:\WINDOWS\assembly\GAC_MSIL\PresentationUI\3.0.0.0__31bf3856ad364e35\PresentationUI.dll[2012.05.16 18:14:59 | 000,532,480 | ---- | M] () MD5=E785AE3CC6341D63346B5F899B6FE7AC -- E:\WINDOWS\assembly\GAC_MSIL\ReachFramework\3.0.0.0__31bf3856ad364e35\ReachFramework.dll[2011.02.03 16:49:30 | 000,005,632 | ---- | M] () MD5=807B70A78ACE7D01F769FE502A769E67 -- E:\WINDOWS\assembly\GAC_MSIL\Sentinel.v3.5Client\3.5.0.0__b03f5f7f11d50a3a\Sentinel.v3.5Client.dll[2011.02.05 00:16:52 | 000,110,592 | ---- | M] () MD5=BD6B60E0F4FA84FF4E3089EDF9B81C9A -- E:\WINDOWS\assembly\GAC_MSIL\SMDiagnostics\3.0.0.0__b77a5c561934e089\SMdiagnostics.dll[2012.05.16 18:17:43 | 000,110,592 | ---- | M] () MD5=0AD1C94AB2D36B79B9F2B54EADEB300A -- E:\WINDOWS\assembly\GAC_MSIL\sysglobl\2.0.0.0__b03f5f7f11d50a3a\sysglobl.dll[2011.02.03 16:49:30 | 000,045,056 | ---- | M] () MD5=B34B75256D536385B927193FB1DCBB81 -- E:\WINDOWS\assembly\GAC_MSIL\System.AddIn.Contract\2.0.0.0__b03f5f7f11d50a3a\System.AddIn.Contract.dll[2012.05.16 18:18:45 | 000,163,840 | ---- | M] () MD5=AA647B387E4086FDE32C8E976732F635 -- E:\WINDOWS\assembly\GAC_MSIL\System.AddIn\3.5.0.0__b77a5c561934e089\System.AddIn.dll[2011.02.03 16:49:34 | 000,057,344 | ---- | M] () MD5=34AAEA0DCF908A7D3C1D8C2132B0E4D4 -- E:\WINDOWS\assembly\GAC_MSIL\System.ComponentModel.DataAnnotations\3.5.0.0__31bf3856ad364e35\System.ComponentModel.DataAnnotations.dll[2012.05.16 18:17:44 | 000,081,920 | ---- | M] () MD5=41BC941761FB3D1E21826C3C0E3CEEEE -- E:\WINDOWS\assembly\GAC_MSIL\System.Configuration.Install\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll[2012.05.16 18:17:45 | 000,425,984 | ---- | M] () MD5=C1C4025B5F5311AC8BCC318B0C244D58 -- E:\WINDOWS\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.configuration.dll[2011.02.03 16:49:31 | 000,667,648 | ---- | M] () MD5=6617F24759BB1F3873C88AD9E0DF0435 -- E:\WINDOWS\assembly\GAC_MSIL\System.Core\3.5.0.0__b77a5c561934e089\System.Core.dll[2011.02.03 16:49:31 | 000,053,248 | ---- | M] () MD5=1FDC244EEDD9B7804C7829DA11F1522E -- E:\WINDOWS\assembly\GAC_MSIL\System.Data.DataSetExtensions\3.5.0.0__b77a5c561934e089\System.Data.DataSetExtensions.dll[2011.02.03 16:49:31 | 000,229,376 | ---- | M] () MD5=3FE6C3CDB01F039110152B1B0AE4980F -- E:\WINDOWS\assembly\GAC_MSIL\System.Data.Entity.Design\3.5.0.0__b77a5c561934e089\System.Data.Entity.Design.dll[2011.02.03 16:49:32 | 002,879,488 | ---- | M] () MD5=CB45DFC6F9E1F954A718769D02D9C312 -- E:\WINDOWS\assembly\GAC_MSIL\System.Data.Entity\3.5.0.0__b77a5c561934e089\System.Data.Entity.dll[2011.02.03 16:49:28 | 000,684,032 | ---- | M] () MD5=DDFB10C4A14ADD5D0A6C96E6DC3D29DF -- E:\WINDOWS\assembly\GAC_MSIL\System.Data.Linq\3.5.0.0__b77a5c561934e089\System.Data.Linq.dll[2011.02.03 16:51:28 | 000,294,912 | ---- | M] () MD5=2F69FF4ED483D3FF399534F99BD4694A -- E:\WINDOWS\assembly\GAC_MSIL\System.Data.Services.Client\3.5.0.0__b77a5c561934e089\System.Data.Services.Client.dll[2011.02.03 16:49:27 | 000,114,688 | ---- | M] () MD5=0A7F3B1C1A9CC722F48A7A16394F61C4 -- E:\WINDOWS\assembly\GAC_MSIL\System.Data.Services.Design\3.5.0.0__b77a5c561934e089\System.Data.Services.Design.dll[2011.02.03 16:51:29 | 000,442,368 | ---- | M] () MD5=AE975C122A442146D7D5A6A996C42F91 -- E:\WINDOWS\assembly\GAC_MSIL\System.Data.Services\3.5.0.0__b77a5c561934e089\System.Data.Services.dll[2011.10.22 22:44:45 | 000,236,392 | ---- | M] () MD5=A200E7209B42BAA18F438695CE45B0B9 -- E:\WINDOWS\assembly\GAC_MSIL\System.Data.SqlServerCe\9.0.242.0__89845dcd8080cc91\System.Data.SqlServerCe.dll[2012.05.16 18:17:45 | 000,745,472 | ---- | M] () MD5=6388F9A7AA6E22DDA2E0D84E5BCE537C -- E:\WINDOWS\assembly\GAC_MSIL\System.Data.SqlXml\2.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll[2012.05.16 18:17:46 | 000,970,752 | ---- | M] () MD5=97DDAFB2A7B33DC3F746EF35C9EDF892 -- E:\WINDOWS\assembly\GAC_MSIL\System.Deployment\2.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll[2012.05.16 18:17:17 | 005,062,656 | ---- | M] () MD5=5C368BEBD58562133856B35BDCEFEADA -- E:\WINDOWS\assembly\GAC_MSIL\System.Design\2.0.0.0__b03f5f7f11d50a3a\System.Design.dll[2011.02.03 16:49:28 | 000,286,720 | ---- | M] () MD5=4C6FBCBB7E7D4E3B0CAAA42043B6A01F -- E:\WINDOWS\assembly\GAC_MSIL\System.DirectoryServices.AccountManagement\3.5.0.0__b77a5c561934e089\System.DirectoryServices.AccountManagement.dll[2012.05.16 18:17:21 | 000,188,416 | ---- | M] () MD5=F0D4CE77F1F9D9A7468335B1CE4C061B -- E:\WINDOWS\assembly\GAC_MSIL\System.DirectoryServices.Protocols\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll[2012.05.16 18:17:25 | 000,401,408 | ---- | M] () MD5=F485CF34C45F850B25A7E38B08A7C435 -- E:\WINDOWS\assembly\GAC_MSIL\System.DirectoryServices\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll[2012.05.16 18:17:16 | 000,081,920 | ---- | M] () MD5=36ABC218228871A981027174216A2DA8 -- E:\WINDOWS\assembly\GAC_MSIL\System.Drawing.Design\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.Design.dll[2012.05.16 18:17:35 | 000,630,784 | ---- | M] () MD5=DD110208ACE51F9AAC2FFC949CB6D937 -- E:\WINDOWS\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll[2011.02.03 16:49:03 | 000,126,976 | ---- | M] () MD5=311A345681A73C66D3EE49C5157A473B -- E:\WINDOWS\assembly\GAC_MSIL\System.IdentityModel.Selectors\3.0.0.0__b77a5c561934e089\System.IdentityModel.Selectors.dll[2011.02.05 00:16:52 | 000,438,272 | ---- | M] () MD5=DB076F159D89B90924C465222BA128FE -- E:\WINDOWS\assembly\GAC_MSIL\System.IdentityModel\3.0.0.0__b77a5c561934e089\System.IdentityModel.dll[2011.02.03 16:48:59 | 000,131,072 | ---- | M] () MD5=80E67BFFD101CC6312B489BEE255430D -- E:\WINDOWS\assembly\GAC_MSIL\System.IO.Log\3.0.0.0__b03f5f7f11d50a3a\System.IO.Log.dll[2011.02.03 16:49:32 | 000,143,360 | ---- | M] () MD5=217A1E1DED132261C825313A7FB2616C -- E:\WINDOWS\assembly\GAC_MSIL\System.Management.Instrumentation\3.5.0.0__b77a5c561934e089\System.Management.Instrumentation.dll[2012.05.16 18:17:36 | 000,372,736 | ---- | M] () MD5=EBAADBBFB6C455E54EB6A0E47267D33C -- E:\WINDOWS\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll[2012.05.16 18:17:35 | 000,258,048 | ---- | M] () MD5=7F9F1F17D368EE1EEA7E246FD934B9EC -- E:\WINDOWS\assembly\GAC_MSIL\System.Messaging\2.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll[2011.02.03 16:49:34 | 000,233,472 | ---- | M] () MD5=2E66DE31546A6AB3A8160CE337E1C6BC -- E:\WINDOWS\assembly\GAC_MSIL\System.Net\3.5.0.0__b03f5f7f11d50a3a\System.Net.dll[2012.05.16 18:17:34 | 000,303,104 | ---- | M] () MD5=2849F13593D2712CCB97FFBDD3C1232E -- E:\WINDOWS\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll[2012.05.16 18:17:33 | 000,131,072 | ---- | M] () MD5=C415D86079D431E7E1E32D0835A3FE81 -- E:\WINDOWS\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll[2011.02.05 00:16:53 | 000,970,752 | ---- | M] () MD5=2CF02DF42A90A054D546BF3A85409DC4 -- E:\WINDOWS\assembly\GAC_MSIL\System.Runtime.Serialization\3.0.0.0__b77a5c561934e089\System.Runtime.Serialization.dll[2011.02.04 15:45:25 | 000,258,048 | ---- | M] () MD5=0DFCD96DED6DB52064203C07B927357E -- E:\WINDOWS\assembly\GAC_MSIL\System.Security\2.0.0.0__b03f5f7f11d50a3a\System.Security.dll[2011.02.03 16:49:00 | 000,073,728 | ---- | M] () MD5=A80F41C8B2168E8B3ADD0AA4FCBDDC93 -- E:\WINDOWS\assembly\GAC_MSIL\System.ServiceModel.Install\3.0.0.0__b77a5c561934e089\System.ServiceModel.Install.dll[2011.02.05 00:16:54 | 000,032,768 | ---- | M] () MD5=764E1A3E53C5885976F2EE6E206208EF -- E:\WINDOWS\assembly\GAC_MSIL\System.ServiceModel.WasHosting\3.0.0.0__b77a5c561934e089\System.ServiceModel.WasHosting.dll[2011.02.03 16:49:27 | 000,569,344 | ---- | M] () MD5=1565B7FAFDFA6EEE16101388E57E749F -- E:\WINDOWS\assembly\GAC_MSIL\System.ServiceModel.Web\3.5.0.0__31bf3856ad364e35\System.ServiceModel.Web.dll[2011.02.05 00:16:53 | 005,967,872 | ---- | M] () MD5=4120A37565491CA998E226BCBE8EF6E8 -- E:\WINDOWS\assembly\GAC_MSIL\System.ServiceModel\3.0.0.0__b77a5c561934e089\System.ServiceModel.dll[2012.05.16 18:17:28 | 000,114,688 | ---- | M] () MD5=50D2943D426BA91771AD87FDEC802AC3 -- E:\WINDOWS\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll[2011.02.03 16:49:02 | 000,688,128 | ---- | M] () MD5=31588B867657A7DF046AC1908550D73C -- E:\WINDOWS\assembly\GAC_MSIL\System.Speech\3.0.0.0__31bf3856ad364e35\System.Speech.dll[2011.02.03 16:49:35 | 000,077,824 | ---- | M] () MD5=2C3559C513F7CD6F95DC382F31A6A22D -- E:\WINDOWS\assembly\GAC_MSIL\System.Web.Abstractions\3.5.0.0__31bf3856ad364e35\System.Web.Abstractions.dll[2011.02.03 16:49:35 | 000,032,768 | ---- | M] () MD5=9E0D101B086297D5E166E03A8ACBF260 -- E:\WINDOWS\assembly\GAC_MSIL\System.Web.DynamicData.Design\3.5.0.0__31bf3856ad364e35\System.Web.DynamicData.Design.dll[2011.02.03 16:51:29 | 000,229,376 | ---- | M] () MD5=CC8D03C33986926A68696DAAAB5FF2F8 -- E:\WINDOWS\assembly\GAC_MSIL\System.Web.DynamicData\3.5.0.0__31bf3856ad364e35\System.Web.DynamicData.dll[2011.02.03 16:49:32 | 000,131,072 | ---- | M] () MD5=A6A5297AAD0A9BA8829D20B1CBD68D32 -- E:\WINDOWS\assembly\GAC_MSIL\System.Web.Entity.Design\3.5.0.0__b77a5c561934e089\System.Web.Entity.Design.dll[2011.02.03 16:51:29 | 000,139,264 | ---- | M] () MD5=E42797003722BD930D83AB26998394D8 -- E:\WINDOWS\assembly\GAC_MSIL\System.Web.Entity\3.5.0.0__b77a5c561934e089\System.Web.Entity.dll[2011.02.03 16:49:36 | 000,335,872 | ---- | M] () MD5=7E83B8040233DDCDE03CF7F0A5F2837B -- E:\WINDOWS\assembly\GAC_MSIL\System.Web.Extensions.Design\3.5.0.0__31bf3856ad364e35\System.Web.Extensions.Design.dll[2012.01.01 14:17:51 | 001,277,952 | ---- | M] () MD5=821B0AAB24CB11417381F8AE881309A2 -- E:\WINDOWS\assembly\GAC_MSIL\System.Web.Extensions\3.5.0.0__31bf3856ad364e35\System.Web.Extensions.dll[2012.05.16 18:17:20 | 000,835,584 | ---- | M] () MD5=C22D59F4EAC00510D1A86061A428C633 -- E:\WINDOWS\assembly\GAC_MSIL\System.Web.Mobile\2.0.0.0__b03f5f7f11d50a3a\System.Web.Mobile.dll[2012.05.16 18:17:21 | 000,077,824 | ---- | M] () MD5=F27A80887F125661CAC1A6039107428F -- E:\WINDOWS\assembly\GAC_MSIL\System.Web.RegularExpressions\2.0.0.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll[2011.02.03 16:49:37 | 000,061,440 | ---- | M] () MD5=5B7868DF14D71D328EE8C1213F852393 -- E:\WINDOWS\assembly\GAC_MSIL\System.Web.Routing\3.5.0.0__31bf3856ad364e35\System.Web.Routing.dll[2012.05.16 18:17:17 | 000,839,680 | ---- | M] () MD5=A89DFA6DB0C3D00559F770A214962A60 -- E:\WINDOWS\assembly\GAC_MSIL\System.Web.Services\2.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll[2012.05.16 18:17:18 | 005,025,792 | ---- | M] () MD5=7A3C1F1942074D251CCFA44D4815AD33 -- E:\WINDOWS\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll[2011.02.03 16:49:33 | 000,012,288 | ---- | M] () MD5=044C3400A836E5FB60D4A49EAEC24544 -- E:\WINDOWS\assembly\GAC_MSIL\System.Windows.Presentation\3.5.0.0__b77a5c561934e089\System.Windows.Presentation.dll[2011.02.03 16:49:01 | 001,138,688 | ---- | M] () MD5=A96933F3898290AA509080A90E0C7C5F -- E:\WINDOWS\assembly\GAC_MSIL\System.Workflow.Activities\3.0.0.0__31bf3856ad364e35\System.Workflow.Activities.dll[2011.02.03 16:49:01 | 001,630,208 | ---- | M] () MD5=C4503F6EADC2638D6898514290A7A60B -- E:\WINDOWS\assembly\GAC_MSIL\System.Workflow.ComponentModel\3.0.0.0__31bf3856ad364e35\System.Workflow.ComponentModel.dll[2011.02.03 16:49:02 | 000,540,672 | ---- | M] () MD5=6623152B2FB7DC650C6A8FE01AF71F44 -- E:\WINDOWS\assembly\GAC_MSIL\System.Workflow.Runtime\3.0.0.0__31bf3856ad364e35\System.Workflow.Runtime.dll[2011.02.03 16:49:27 | 000,507,904 | ---- | M] () MD5=E249D1B3114088C0D390A60643BF2BBC -- E:\WINDOWS\assembly\GAC_MSIL\System.WorkflowServices\3.5.0.0__31bf3856ad364e35\System.WorkflowServices.dll[2011.02.03 16:49:33 | 000,139,264 | ---- | M] () MD5=64925CC79EA9E8245A4F18703CCABEC4 -- E:\WINDOWS\assembly\GAC_MSIL\System.Xml.Linq\3.5.0.0__b77a5c561934e089\System.Xml.Linq.dll[2012.05.16 18:17:31 | 002,048,000 | ---- | M] () MD5=EB97291E3C9E0035B47B45DBB1AF710D -- E:\WINDOWS\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.XML.dll[2012.05.16 18:17:46 | 003,186,688 | ---- | M] () MD5=6D37DFFE4B89AB1E17367FEEF2327B34 -- E:\WINDOWS\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll[2011.02.03 16:49:02 | 000,167,936 | ---- | M] () MD5=F303A07A6EF37B8B6DD928D97A016B75 -- E:\WINDOWS\assembly\GAC_MSIL\UIAutomationClient\3.0.0.0__31bf3856ad364e35\UIAutomationClient.dll[2011.02.03 16:49:02 | 000,385,024 | ---- | M] () MD5=09658EF5F16F2ABD74FE577D50C0D155 -- E:\WINDOWS\assembly\GAC_MSIL\UIAutomationClientsideProviders\3.0.0.0__31bf3856ad364e35\UIAutomationClientsideProviders.dll[2011.02.03 16:49:01 | 000,040,960 | ---- | M] () MD5=A93561FB224FA8539357C74065403630 -- E:\WINDOWS\assembly\GAC_MSIL\UIAutomationProvider\3.0.0.0__31bf3856ad364e35\UIAutomationProvider.dll[2011.02.03 16:49:01 | 000,098,304 | ---- | M] () MD5=5BE33FC308914C1AE6577A908D97A4FF -- E:\WINDOWS\assembly\GAC_MSIL\UIAutomationTypes\3.0.0.0__31bf3856ad364e35\UIAutomationTypes.dll[2012.05.16 18:15:00 | 001,249,280 | ---- | M] () MD5=D91A6B3FDF14C0319333FC583D969126 -- E:\WINDOWS\assembly\GAC_MSIL\WindowsBase\3.0.0.0__31bf3856ad364e35\WindowsBase.dll[2011.02.03 16:49:02 | 000,094,208 | ---- | M] () MD5=E205A79EA6C06F91EA08BBE59FE83503 -- E:\WINDOWS\assembly\GAC_MSIL\WindowsFormsIntegration\3.0.0.0__31bf3856ad364e35\WindowsFormsIntegration.dll < type c:\diskreport.txt /c >No captured output from command...No captured output from command...No captured output from command... < MD5 for: AFD.SYS >[2011.08.17 06:49:54 | 000,138,496 | ---- | M] (Microsoft Corporation) MD5=1E44BC1E83D8FD2305F8D452DB109CF9 -- E:\WINDOWS\system32\dllcache\afd.sys[2011.08.17 06:49:54 | 000,138,496 | ---- | M] (Microsoft Corporation) MD5=1E44BC1E83D8FD2305F8D452DB109CF9 -- E:\WINDOWS\system32\drivers\afd.sys[2011.02.16 06:22:48 | 000,138,496 | ---- | M] (Microsoft Corporation) MD5=355556D9E580915118CD7EF736653A89 -- E:\WINDOWS\$NtUninstallKB2592799$\afd.sys[2008.10.16 08:07:58 | 000,138,496 | ---- | M] (Microsoft Corporation) MD5=38D7B715504DA4741DF35E3594FE2099 -- E:\WINDOWS\$hf_mig$\KB2509553\SP3QFE\afd.sys[2008.10.16 07:43:01 | 000,138,496 | ---- | M] (Microsoft Corporation) MD5=7618D5218F2A614672EC61A80D854A37 -- E:\WINDOWS\$NtUninstallKB2503665$\afd.sys[2010.03.12 11:03:23 | 000,138,496 | ---- | M] (Microsoft Corporation) MD5=7E775010EF291DA96AD17CA4B17137D7 -- E:\WINDOWS\$NtUninstallKB2509553$\afd.sys[2011.02.16 06:25:05 | 000,138,496 | ---- | M] (Microsoft Corporation) MD5=8D499B1276012EB907E7A9E0F4D8FDA4 -- E:\WINDOWS\$hf_mig$\KB2503665\SP3QFE\afd.sys[2011.08.17 06:41:46 | 000,138,496 | ---- | M] (Microsoft Corporation) MD5=F6B7B1ECD7B41736BDB6FF4B092BCB79 -- E:\WINDOWS\$hf_mig$\KB2592799\SP3QFE\afd.sys < MD5 for: ATAPI.SYS >[2010.03.12 11:26:00 | 017,778,412 | ---- | M] () .cab file -- E:\Documents and Settings\Ali & Serkan\Desktop\windovs XP\I386\sp3.cab:atapi.sys[2010.03.12 11:26:00 | 017,778,412 | ---- | M] () .cab file -- E:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys[2008.04.13 22:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- E:\WINDOWS\system32\dllcache\atapi.sys[2008.04.13 22:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- E:\WINDOWS\system32\drivers\atapi.sys[2008.04.13 23:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- E:\WINDOWS\system32\ReinstallBackups\0001\DriverFiles\i386\atapi.sys[2008.04.13 22:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- E:\WINDOWS\system32\ReinstallBackups\0002\DriverFiles\i386\atapi.sys < MD5 for: DISK.SYS >[2010.03.12 11:26:00 | 017,778,412 | ---- | M] () .cab file -- E:\Documents and Settings\Ali & Serkan\Desktop\windovs XP\I386\sp3.cab:disk.sys[2010.03.12 11:26:00 | 017,778,412 | ---- | M] () .cab file -- E:\WINDOWS\Driver Cache\i386\sp3.cab:disk.sys[2008.04.14 04:00:00 | 000,036,352 | ---- | M] (Microsoft Corporation) MD5=044452051F3E02E7963599FC8F4F3E25 -- E:\WINDOWS\system32\drivers\disk.sys < MD5 for: EXPLORER.EXE >[2008.04.14 04:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- E:\WINDOWS\explorer.exe[2008.04.14 04:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- E:\WINDOWS\system32\dllcache\explorer.exe < MD5 for: I8042PRT.SYS >[2010.03.12 11:26:00 | 017,778,412 | ---- | M] () .cab file -- E:\Documents and Settings\Ali & Serkan\Desktop\windovs XP\I386\sp3.cab:i8042prt.sys[2010.03.12 11:26:00 | 017,778,412 | ---- | M] () .cab file -- E:\WINDOWS\Driver Cache\i386\sp3.cab:i8042prt.sys[2008.04.14 04:00:00 | 000,052,480 | ---- | M] (Microsoft Corporation) MD5=4A0B06AA8943C1E332520F7440C0AA30 -- E:\WINDOWS\system32\drivers\i8042prt.sys < MD5 for: IPSEC.SYS >[2008.04.14 04:00:00 | 000,075,264 | ---- | M] (Microsoft Corporation) MD5=23C74D75E36E7158768DD63D92789A91 -- E:\WINDOWS\system32\dllcache\ipsec.sys[2008.04.14 04:00:00 | 000,075,264 | ---- | M] (Microsoft Corporation) MD5=23C74D75E36E7158768DD63D92789A91 -- E:\WINDOWS\system32\drivers\ipsec.sys < MD5 for: LSASS.EXE >[2008.04.14 04:00:00 | 000,013,312 | ---- | M] (Microsoft Corporation) MD5=BF2466B3E18E970D8A976FB95FC1CA85 -- E:\WINDOWS\system32\dllcache\lsass.exe[2008.04.14 04:00:00 | 000,013,312 | ---- | M] (Microsoft Corporation) MD5=BF2466B3E18E970D8A976FB95FC1CA85 -- E:\WINDOWS\system32\lsass.exe < MD5 for: NETBT.SYS >[2008.04.14 04:00:00 | 000,162,816 | ---- | M] (Microsoft Corporation) MD5=74B2B2F5BEA5E9A3DC021D685551BD3D -- E:\WINDOWS\system32\dllcache\netbt.sys[2008.04.14 04:00:00 | 000,162,816 | ---- | M] (Microsoft Corporation) MD5=74B2B2F5BEA5E9A3DC021D685551BD3D -- E:\WINDOWS\system32\drivers\netbt.sys < MD5 for: REDBOOK.SYS >[2010.03.12 11:26:00 | 017,778,412 | ---- | M] () .cab file -- E:\Documents and Settings\Ali & Serkan\Desktop\windovs XP\I386\sp3.cab:redbook.sys[2010.03.12 11:26:00 | 017,778,412 | ---- | M] () .cab file -- E:\WINDOWS\Driver Cache\i386\sp3.cab:redbook.sys[2008.04.13 15:10:28 | 000,057,600 | ---- | M] (Microsoft Corporation) MD5=F828DD7E1419B6653894A8F97A0094C5 -- E:\WINDOWS\system32\drivers\redbook.sys < MD5 for: SERIAL.SYS >[2010.03.12 11:26:00 | 017,778,412 | ---- | M] () .cab file -- E:\Documents and Settings\Ali & Serkan\Desktop\windovs XP\I386\sp3.cab:serial.sys[2010.03.12 11:26:00 | 017,778,412 | ---- | M] () .cab file -- E:\WINDOWS\Driver Cache\i386\sp3.cab:serial.sys[2008.04.14 04:00:00 | 000,064,512 | ---- | M] (Microsoft Corporation) MD5=CCA207A8896D4C6A0C9CE29A4AE411A7 -- E:\WINDOWS\system32\drivers\serial.sys < MD5 for: SERVICES.EXE >[2010.03.12 11:06:47 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=65DF52F5B8B6E9BBD183505225C37315 -- E:\WINDOWS\system32\dllcache\services.exe[2010.03.12 11:06:47 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=65DF52F5B8B6E9BBD183505225C37315 -- E:\WINDOWS\system32\services.exe < MD5 for: SMSS.EXE >[2008.04.14 04:00:00 | 000,470,016 | ---- | M] (Microsoft Corporation) MD5=3C3393C92A73A3006C7B706DAC54A812 -- E:\Documents and Settings\Ali & Serkan\Desktop\windovs XP\I386\SYSTEM32\SMSS.EXE[2008.04.14 04:00:00 | 000,050,688 | ---- | M] (Microsoft Corporation) MD5=5F816C1F539266D2D4C78694239DA0B5 -- E:\WINDOWS\system32\dllcache\smss.exe[2008.04.14 04:00:00 | 000,050,688 | ---- | M] (Microsoft Corporation) MD5=5F816C1F539266D2D4C78694239DA0B5 -- E:\WINDOWS\system32\smss.exe < MD5 for: SVCHOST.EXE >[2012.04.04 15:56:38 | 000,199,240 | ---- | M] () MD5=097D0E812D7A9A3101CE46CB2BE0474D -- E:\Program Files\Malwarebytes' Anti-Malware\Chameleon\svchost.exe[2008.04.14 04:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- E:\WINDOWS\system32\dllcache\svchost.exe[2008.04.14 04:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- E:\WINDOWS\system32\svchost.exe < MD5 for: TCPIP.SYS >[2010.03.12 11:07:19 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=9AEFA14BD6B182D61E3119FA5F436D3D -- E:\WINDOWS\system32\dllcache cpip.sys[2010.03.12 11:07:19 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=9AEFA14BD6B182D61E3119FA5F436D3D -- E:\WINDOWS\system32\drivers cpip.sys[2008.06.20 04:59:02 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=AD978A1B783B5719720CFF204B666C8E -- E:\WINDOWS\$hf_mig$\KB2509553\SP3QFE cpip.sys < MD5 for: USERINIT.EXE >[2008.04.14 04:00:00 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- E:\WINDOWS\system32\dllcache\userinit.exe[2008.04.14 04:00:00 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- E:\WINDOWS\system32\userinit.exe < MD5 for: VOLSNAP.SYS >[2008.04.14 04:00:00 | 000,052,352 | ---- | M] (Microsoft Corporation) MD5=4C8FCB5CC53AAB716D810740FE59D025 -- E:\WINDOWS\system32\dllcache\volsnap.sys[2008.04.14 04:00:00 | 000,052,352 | ---- | M] (Microsoft Corporation) MD5=4C8FCB5CC53AAB716D810740FE59D025 -- E:\WINDOWS\system32\drivers\volsnap.sys < MD5 for: WINLOGON.EXE >[2012.04.04 15:56:38 | 000,199,240 | ---- | M] () MD5=097D0E812D7A9A3101CE46CB2BE0474D -- E:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe[2008.04.14 04:00:00 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- E:\WINDOWS\system32\dllcache\winlogon.exe[2008.04.14 04:00:00 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- E:\WINDOWS\system32\winlogon.exe ========== Hard Links - Junction Points - Mount Points - Symbolic Links ==========[E:\WINDOWS\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a] -> E:\WINDOWS\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790 -> Junction[E:\WINDOWS\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a] -> E:\WINDOWS\WinSxS\MSIL_IEExecRemote_b03f5f7f11d50a3a_2.0.0.0_x-ww_6e57c34e -> Junction ========== Alternate Data Streams ========== @Alternate Data Stream - 132 bytes -> E:\Documents and Settings\All Users\Application Data\TEMP:EC889888 < End of report > мерси предварително !!!!!!!!!!!!!!!!! Цитирай Link to comment Сподели другаде More sharing options...
s.feradov Публикувано Юни 4, 2012 Report Share Публикувано Юни 4, 2012 Стартирайте отново OTL. В полето Custom Scans/Fixes поставете следния текст: :OTL IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.toggle.co....php?rvs=google IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.kralyeri.com IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?} IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = http://dts.search-re...q={searchTerms} IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2A59}: "URL" = http://search.imesh....q={searchTerms} IE - HKLM\..\SearchScopes\{B97F452B-91F5-43A4-B1FA-FF9C0636B31B}: "URL" = http://www.google.co...g}&sourceid=ie7 IE - HKU\S-1-5-21-1078081533-1960408961-1417001333-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.toggle.co....php?rvs=google IE - HKU\S-1-5-21-1078081533-1960408961-1417001333-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.babylo...000002511cbbe60 IE - HKU\S-1-5-21-1078081533-1960408961-1417001333-1003\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ferrer:source?} IE - HKU\S-1-5-21-1078081533-1960408961-1417001333-1003\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://search.babylo...000002511cbbe60 IE - HKU\S-1-5-21-1078081533-1960408961-1417001333-1003\..\SearchScopes\{12995981-2FD6-4BEE-9FB0-B1674E8E5E7E}: "URL" = http://websearch.4sh...q={searchTerms} IE - HKU\S-1-5-21-1078081533-1960408961-1417001333-1003\..\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}: "URL" = http://websearch.ask...BD-AC6ED0FDC3B7 IE - HKU\S-1-5-21-1078081533-1960408961-1417001333-1003\..\SearchScopes\{1F096B29-E9DA-4D64-8D63-936BE7762CC5}: "URL" = http://search.babylo....19&affID=17161 IE - HKU\S-1-5-21-1078081533-1960408961-1417001333-1003\..\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}: "URL" = http://search.yahoo....type=PCAFSI1190 IE - HKU\S-1-5-21-1078081533-1960408961-1417001333-1003\..\SearchScopes\{5AA2BA46-9913-4DC7-9620-69AB0FA17AE7}: "URL" = http://search.alot.c...q={searchTerms} IE - HKU\S-1-5-21-1078081533-1960408961-1417001333-1003\..\SearchScopes\{5F970FDE-702B-4ef9-920C-5F2848A5AF26}: "URL" = http://www.astroburn...q={searchTerms} IE - HKU\S-1-5-21-1078081533-1960408961-1417001333-1003\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = http://isearch.avg.c...sa&d=2012-01-14 21:20:23&v=8.0.0.34&sap=dsp&q={searchTerms} IE - HKU\S-1-5-21-1078081533-1960408961-1417001333-1003\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = http://dts.search-re...q={searchTerms} IE - HKU\S-1-5-21-1078081533-1960408961-1417001333-1003\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2A59}: "URL" = http://search.imesh....q={searchTerms} IE - HKU\S-1-5-21-1078081533-1960408961-1417001333-1003\..\SearchScopes\{9D557097-8D4B-20F7-EB58-340F7AE21494}: "URL" = http://bksly.startya...o&cfg=2-564-0-0 IE - HKU\S-1-5-21-1078081533-1960408961-1417001333-1003\..\SearchScopes\{AD22EBAF-0D18-4fc7-90CC-5EA0ABBE9EB8}: "URL" = http://www.daemon-se...q={searchTerms} IE - HKU\S-1-5-21-1078081533-1960408961-1417001333-1003\..\SearchScopes\{AD22EBAF-0D18-4fc7-90CC-5EA0ABBE9EB9}: "URL" = http://www.daemon-se...q={searchTerms} IE - HKU\S-1-5-21-1078081533-1960408961-1417001333-1003\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://yandex.ru/yan...t={searchTerms} IE - HKU\S-1-5-21-1078081533-1960408961-1417001333-1003\..\SearchScopes\{B97F452B-91F5-43A4-B1FA-FF9C0636B31B}: "URL" = http://www.google.co...&rlz=1I7RNRN_bg IE - HKU\S-1-5-21-1078081533-1960408961-1417001333-1003\..\SearchScopes\Moikrug: "URL" = http://moikrug.ru/pe...ms}&submitted=1 IE - HKU\S-1-5-21-1078081533-1960408961-1417001333-1003\..\SearchScopes\Yandex: "URL" = http://search.condui...&ctid=CT1060933 FF - prefs.js..browser.search.defaultenginename: "Search the web (Babylon)" FF - prefs.js..browser.search.defaultthis.engineName: "Freecorder Customized Web Search" FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT1060933&SearchSource=3&q={searchTerms}" FF - prefs.js..browser.search.order.1: "Search the web (Babylon)" FF - prefs.js..browser.search.selectedEngine: "Freecorder Customized Web Search" FF - prefs.js..browser.startup.homepage: "http://search.imesh.com/" FF - prefs.js..extensions.enabledItems: DTToolbar@toolbarnet.com:1.1.4.0024 FF - prefs.js..extensions.enabledItems: widgetruntime@surfsecret.com:1.0 FF - prefs.js..extensions.enabledItems: engine@conduit.com:3.2.5.2 FF - prefs.js..keyword.URL: "http://search.conduit.com/ResultsExt.aspx?ctid=CT1060933&SearchSource=2&q=" FF - HKLM\Software\MozillaPlugins\@inhatch.com,version=0.7.5: File not found [2011.09.28 18:10:32 | 000,001,083 | ---- | M] () -- E:\Program Files\mozilla firefox\searchplugins\911bg.xml [2012.03.20 09:24:01 | 000,003,768 | ---- | M] () -- E:\Program Files\mozilla firefox\searchplugins\avg-secure-search.xml [2012.01.22 00:40:45 | 000,002,310 | ---- | M] () -- E:\Program Files\mozilla firefox\searchplugins\babylon.xml [2011.09.28 18:10:32 | 000,002,442 | ---- | M] () -- E:\Program Files\mozilla firefox\searchplugins\diribg.xml [2011.09.28 18:10:32 | 000,001,515 | ---- | M] () -- E:\Program Files\mozilla firefox\searchplugins\pe-bg.xml [2011.09.28 18:10:32 | 000,001,857 | ---- | M] () -- E:\Program Files\mozilla firefox\searchplugins\portalbgdict.xml [2012.01.08 11:40:47 | 000,002,519 | ---- | M] () -- E:\Program Files\mozilla firefox\searchplugins\Search_Results.xml O2 - BHO: (MediaBar) - {28387537-e3f9-4ed7-860c-11e69af4a8a0} - E:\Program Files\iMesh Applications\MediaBar\ToolBar\imeshdtxmltbpi.dll () O2 - BHO: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - E:\Program Files\ConduitEngine\ConduitEngin0.dll File not found O2 - BHO: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - E:\Program Files\Windows iLivid Toolbar\Datamngr\ToolBar\searchqudtx.dll () O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - E:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - E:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - E:\Program Files\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll (Google Inc.) O2 - BHO: (uTorrentBar Toolbar) - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - E:\Program Files\uTorrentBar\prxtbuTo0.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (DM Bar) - {0E1230F8-EA50-42A9-983C-D22ABC2EED3C} - E:\Program Files\Download Master\dmbar.dll (WestByte Software) O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - E:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) O3 - HKLM\..\Toolbar: (MediaBar) - {28387537-e3f9-4ed7-860c-11e69af4a8a0} - E:\Program Files\iMesh Applications\MediaBar\ToolBar\imeshdtxmltbpi.dll () O3 - HKLM\..\Toolbar: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - E:\Program Files\ConduitEngine\ConduitEngin0.dll File not found O3 - HKLM\..\Toolbar: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - E:\Program Files\Windows iLivid Toolbar\Datamngr\ToolBar\searchqudtx.dll () O3 - HKLM\..\Toolbar: (no name) - {B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4} - No CLSID value found. O3 - HKLM\..\Toolbar: (uTorrentBar Toolbar) - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - E:\Program Files\uTorrentBar\prxtbuTo0.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found. O3 - HKU\S-1-5-21-1078081533-1960408961-1417001333-1003\..\Toolbar\ShellBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - E:\WINDOWS\system32\browseui.dll (Microsoft Corporation) O3 - HKU\S-1-5-21-1078081533-1960408961-1417001333-1003\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - E:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) O3 - HKU\S-1-5-21-1078081533-1960408961-1417001333-1003\..\Toolbar\WebBrowser: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - E:\Program Files\ConduitEngine\ConduitEngin0.dll File not found O3 - HKU\S-1-5-21-1078081533-1960408961-1417001333-1003\..\Toolbar\WebBrowser: (uTorrentBar Toolbar) - {BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - E:\Program Files\uTorrentBar\prxtbuTo0.dll (Conduit Ltd.) O4 - HKLM..\Run: [ROC_roc_dec12] "E:\Program Files\AVG Secure Search\ROC_roc_dec12.exe" /PROMPT /CMPID=roc_dec12 File not found O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 0 O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - E:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O33 - MountPoints2\G\Shell - "" = AutoRun O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\setup.exe /autorun @Alternate Data Stream - 132 bytes -> E:\Documents and Settings\All Users\Application Data\TEMP:EC8898887 :Commands [emptytemp] [resethosts] Копирайте кода точно както е даден. Уверете се, че не изтървате някое от двуеточията в началото. Уверете се също така, че всяка от командите е на нов ред, както е в полето. След въвеждане на кода в полето Custom Scans/Fixes, натиснете бутона Run Fix. Потвърдете съобщението за рестартиране на системата. След рестартирането на системата, ще се появи лог-файл, намиращ се в C:\_OTL\Moved Files. Моля, прикачете съответния лог -файл към следващия Ви коментар. Цитирай Link to comment Сподели другаде More sharing options...
ali_93_burgas Публикувано Юни 6, 2012 Report Share Публикувано Юни 6, 2012 първият път като го пуснах започна но на 25-та минута ми излезе eror но пак си продължаваше да зарежда така скучно чаках го 1 час нищо не стана оставих го цели 2 часа и 10 минути и все едно и също все едно не зарежда пишеше killing procesеs........... и аз сам му дадох рестарт но пак си работеше както преди все едно нищо не съм му направил.Пробвах втори път със същият код но този път пък изобщо не тръгна а на третия път пак зареди дълго и пак го спряхняма ли някоя друга програма щото май компютъра ми го изпържи! не знам! но чата ми се пооправи но пак не мога да вляза в facebook нормално чрез www.facebook.com и не мога да играя игрички!!!!!!!!!!!!!!!!!!!!!! Цитирай Link to comment Сподели другаде More sharing options...
s.feradov Публикувано Юни 6, 2012 Report Share Публикувано Юни 6, 2012 Изтеглете ComboFix от BleepingComputer.Затворете всички работещи приложения и програми работещи във фонов режим. Спрете временно защитата в реално време на антивирусната програма и на другите програми за сигурност. За повече информация погледнете: How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs.Стартирайте Combofix.exe.В новопоявилия се прозорец изберете YES.Внимание! - По време на работата на ComboFix не бива да се движи мишката и да се натискат клавиши от клавиатурата. Просто оставете ComboFix да си свърши работата, без да използвате компютъра за други цели.ComboFix ще спре временно Интернет връзката, но след като приключи работата на програмата тази връзка ще бъде възстановена автоматично.ComboFix ще сканира за проблеми и за заразени файлове, като това може да отнеме известно време. Моля да бъдете търпеливи. Ако има проблем с Интернет връзката след приключване на работата на софтуера, моля да прочетете това: Manually restoring the Internet connection section.Когато работата на ComboFix приключи, ще се появи лог-файл в Notepad.Забележка: Ако получавате следната грешка – “Illegal operation on a registry key that has been marked for deletion”, при стартиране на приложения след работа с ComboFix, рестартирайте системата. Прикачете въпросния файл към следващия Ви коментар. Цитирай Link to comment Сподели другаде More sharing options...
ali_93_burgas Публикувано Юни 6, 2012 Report Share Публикувано Юни 6, 2012 резултати от сканирането на Combo fix ComboFix 12-06-06.02 - Ali & Serkan 06/07/2012 22:10:04.2.2 - x86Microsoft Windows XP Professional 5.1.2600.3.1251.359.1033.18.3071.2560 [GMT -7:00]Running from: c:\downloads\Программы\ComboFix.exeAV: avast! antivirus 4.7.826 [VPS 0617-2] *Enabled/Outdated* {7591DB91-41F0-48A3-B128-1A293FD8233D}..((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))..---- Previous Run -------.e:\docume~1\ALI&SE~1\LOCALS~1\Temp\SAS32.tmpe:\documents and settings\Ali & Serkan\Local Settings\Temp\SAS32.tmpE:\DocumentsE:\Install.exee:\windows\av_ico\ico_avast_desktop.icoe:\windows\av_ico\ico_avast_start.icoe:\windows\btc_client_iplist.txte:\windows\front_ip_list.txte:\windows\geoipliste:\windows\geoiplist.rare:\windows\iecheck_iplist.txte:\windows\info1e:\windows\iplist.txte:\windows\loader2.exe_oke:\windows\phoenix.rare:\windows\phoenix\kernels\phatk\__init__.pye:\windows\phoenix\kernels\phatk\__init__.pyce:\windows\phoenix\kernels\phatk\BFIPatcher.pye:\windows\phoenix\kernels\phatk\kernel.cle:\windows\phoenix\kernels\poclbm\__init__.pye:\windows\phoenix\kernels\poclbm\__init__.pyce:\windows\phoenix\kernels\poclbm\BFIPatcher.pye:\windows\phoenix\kernels\poclbm\kernel.cle:\windows\phoenix\phoenix.exee:\windows\proc_list1.loge:\windows\rpcminer.rare:\windows\system32\Cache\04ba8cf61829deb0.fbe:\windows\system32\Cache\272512937d9e61a4.fbe:\windows\system32\Cache\287204568329e189.fbe:\windows\system32\Cache\28bc8f716fd76a47.fbe:\windows\system32\Cache\2c53092c95605355.fbe:\windows\system32\Cache\3917078cb68ec657.fbe:\windows\system32\Cache\590ba23ce359fd0c.fbe:\windows\system32\Cache\610289e025a3ee9a.fbe:\windows\system32\Cache\651c5d3cdbfb8bd1.fbe:\windows\system32\Cache\6c59ac5e7e7a3ad0.fbe:\windows\system32\Cache\77f4a4ff781e75e0.fbe:\windows\system32\Cache\a669305b0afd38c9.fbe:\windows\system32\Cache\a8556537add6dfc5.fbe:\windows\system32\Cache\ad10a52aff5e038d.fbe:\windows\system32\Cache\c4d28dca2e7648be.fbe:\windows\system32\Cache\d201ef9910cd39de.fbe:\windows\system32\Cache\d2e94710a5708128.fbe:\windows\system32\Cache\d79b9dfe81484ec4.fbe:\windows\system32\Cache\e0de16f883bea794.fbe:\windows\system32\drivers\etc\HSTS~1e:\windows\system32\drivers\etc\hоstse:\windows\system32\SET1DC.tmpe:\windows\system32\SET358.tmpe:\windows\system32\SET4CC.tmpe:\windows\system32\SET4E7.tmpe:\windows\system32\SET4E9.tmpe:\windows\system32\SET4F7.tmpe:\windows\system32\SETD.tmpe:\windows\system32 mp20E.tmpe:\windows\system32 mp20F.tmpe:\windows\system32 mp223.tmpe:\windows\system32 mp329.tmpe:\windows\system32 mp32A.tmpe:\windows\ufa.rare:\windows\winlog-dirs.txte:\windows\winlog-ids.txte:\windows\winsetupapi.log..((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))..-------\Legacy_DDSERVICE-------\Legacy_SRVBTCCLIENT-------\Legacy_SRVIECHECK-------\Legacy_WXPDRIVERS-------\Legacy_Skype_C2C_Service-------\Service_Skype C2C Service..((((((((((((((((((((((((( Files Created from 2012-05-08 to 2012-06-08 )))))))))))))))))))))))))))))))..2012-06-06 20:58 . 2012-06-06 20:58 -------- d-----w- E:\_OTL2012-06-05 04:49 . 2012-06-05 04:49 -------- d-----w- e:\program files\Kaspersky Lab2012-05-27 18:20 . 2012-05-27 18:26 -------- d-----w- e:\program files\Farming Simulator 20112012-05-27 18:14 . 2012-05-27 18:15 -------- d-----w- e:\program files\Farming-Simulator 20092012-05-27 04:39 . 2012-05-27 04:39 -------- d-----w- e:\windows\1C4551A64743409391E41477CD655043.TMP2012-05-26 19:08 . 2012-05-26 19:08 48547 ----a-w- e:\windows\system32\nglide_uninst.exe2012-05-24 23:16 . 2004-10-22 09:18 749568 ----a-w- e:\program files\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\iKernel.dll2012-05-24 23:16 . 2004-10-22 09:17 69715 ----a-w- e:\program files\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\ctor.dll2012-05-24 23:16 . 2004-10-22 09:17 274432 ----a-w- e:\program files\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\iscript.dll2012-05-24 23:16 . 2004-10-22 09:16 180224 ----a-w- e:\program files\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\iuser.dll2012-05-24 23:16 . 2004-10-22 09:16 5632 ----a-w- e:\program files\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\DotNetInstaller.exe2012-05-24 23:16 . 2012-05-24 23:16 323716 ----a-w- e:\program files\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\setup.dll2012-05-24 23:16 . 2012-05-24 23:16 192644 ----a-w- e:\program files\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\iGdi.dll2012-05-24 01:25 . 2012-05-24 01:25 -------- d-----w- E:\1a321a97e172fc7b29dd2e2012-05-22 17:32 . 2012-05-26 15:25 -------- d-----w- e:\program files\Counter-Strike 1.62012-05-22 02:46 . 2012-05-22 02:46 -------- d-----w- e:\windows\Sun2012-05-21 04:41 . 2012-05-21 04:41 -------- d-----w- e:\program files\InhatchTeam2012-05-21 01:44 . 2012-05-21 01:44 -------- d-----w- e:\documents and settings\Ali & Serkan\Local Settings\Application Data\Sun2012-05-21 01:30 . 2012-06-08 05:12 -------- d-----w- e:\documents and settings\Ali & Serkan\Application Data\uTorrent2012-05-20 19:22 . 2012-05-20 19:22 -------- d-----w- e:\program files\Common Files\Java2012-05-20 19:21 . 2012-05-20 19:21 -------- d-----w- e:\program files\Oracle2012-05-20 19:21 . 2012-05-20 19:21 -------- d-----w- e:\documents and settings\Ali & Serkan\Application Data\Oracle2012-05-20 19:21 . 2012-04-05 01:47 143872 ----a-w- e:\windows\system32\javacpl.cpl2012-05-20 19:21 . 2012-04-05 01:47 772504 ----a-w- e:\windows\system32\npDeployJava1.dll2012-05-20 19:21 . 2012-04-05 01:47 687504 ----a-w- e:\windows\system32\deployJava1.dll2012-05-20 19:20 . 2012-05-20 19:20 -------- d-----w- e:\program files\Java2012-05-20 02:52 . 2012-05-20 02:52 -------- d-----w- e:\documents and settings\Ali & Serkan\Application Data\Need for Speed World2012-05-20 02:26 . 2012-05-20 02:26 -------- d-----w- e:\documents and settings\Ali & Serkan\Local Settings\Application Data\Electronic_Arts_Inc2012-05-17 01:33 . 2012-05-17 01:33 -------- d-----w- e:\program files\Common Files\Skype...(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))).2012-05-31 13:22 . 2008-04-14 11:00 599040 ----a-w- e:\windows\system32\crypt32.dll2012-04-11 13:14 . 2010-03-12 18:06 2148352 ----a-w- e:\windows\system32\ntoskrnl.exe2012-04-11 13:12 . 2010-03-12 18:07 1862272 ----a-w- e:\windows\system32\win32k.sys2012-04-11 12:35 . 2009-12-08 18:43 2026496 ----a-w- e:\windows\system32\ntkrnlpa.exe2011-09-29 07:06 . 2011-10-16 03:59 134104 ----a-w- e:\program files\mozilla firefox\components\browsercomps.dll2010-08-03 18:11 819200 --sha-w- e:\windows\system32\xvidcore.dll2010-08-03 18:11 180224 --sha-w- e:\windows\system32\xvidvfw.dll..((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))..*Note* empty entries & legit default entries are not shown REGEDIT4.[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{28387537-e3f9-4ed7-860c-11e69af4a8a0}]2011-01-24 15:45 89008 ----a-w- e:\progra~1\IMESHA~1\MediaBar\ToolBar\imeshdtxmltbpi.dll.[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{474597C5-AB09-49d6-A4D5-2E8D7341384E}]2011-01-25 12:24 721288 ----a-w- e:\progra~1\IMESHA~1\MediaBar\Datamngr\IEBHO.dll.[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]2011-05-09 09:49 176936 ----a-w- e:\program files\uTorrentBar\prxtbuTo0.dll.[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]"{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}"= "e:\program files\uTorrentBar\prxtbuTo0.dll" [2011-05-09 176936]"{28387537-e3f9-4ed7-860c-11e69af4a8a0}"= "e:\progra~1\IMESHA~1\MediaBar\ToolBar\imeshdtxmltbpi.dll" [2011-01-24 89008].[HKEY_CLASSES_ROOT\clsid\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}].[HKEY_CLASSES_ROOT\clsid\{28387537-e3f9-4ed7-860c-11e69af4a8a0}].[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]"{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC}"= "e:\program files\uTorrentBar\prxtbuTo0.dll" [2011-05-09 176936].[HKEY_CLASSES_ROOT\clsid\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}].[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"swg"="e:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2011-02-03 39408]"DAEMON Tools Lite"="e:\program files\DAEMON Tools Lite\DTLite.exe" [2011-01-20 1305408]"Download Master"="e:\program files\Download Master\dmaster.exe" [2012-05-11 4188224]"WMPNSCFG"="e:\program files\Windows Media Player\WMPNSCFG.exe" [2009-02-05 204288]"Skype"="e:\program files\Skype\Phone\Skype.exe" [2012-02-29 17148552]"uTorrent"="e:\program files\uTorrent\uTorrent.exe" [2012-05-24 738168].[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"HDAudDeck"="e:\program files\VIA\VIAudioi\HDADeck\HDeck.exe" [2009-05-14 33624064]"nwiz"="e:\program files\NVIDIA Corporation\nView\nwiz.exe" [2009-08-06 1657376]"NvMediaCenter"="e:\windows\system32\NvMcTray.dll" [2009-08-06 86016]"NvCplDaemon"="e:\windows\system32\NvCpl.dll" [2009-08-06 13877248]"Adobe ARM"="e:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]"amd_dc_opt"="e:\program files\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2008-07-22 77824]"SunJavaUpdateSched"="e:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296].[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]"CTFMON.EXE"="e:\windows\system32\CTFMON.EXE" [2008-04-14 15360].e:\documents and settings\Ali & Serkan\Start Menu\Programs\Startup\Ubisoft register.lnk - e:\program files\Ubisoft\Register\schedule.exe [2012-1-4 28672].[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]"EnableSecureUIAPaths"= 0 (0x0).[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]"Adobe Reader Speed Launcher"="e:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe".[HKEY_LOCAL_MACHINE\software\microsoft\security center]"AntiVirusOverride"=dword:00000001"DisableThumbnailCache"=dword:00000001.[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\system32\\sessmgr.exe"="c:\\Games\\CSSv34\\hl2.exe"="e:\\WINDOWS\\system32\\PnkBstrB.exe"="e:\\Program Files\\EA SPORTS\\FIFA 11\\Game\\fifa.exe"="e:\\Program Files\\Google\\Google Earth\\client\\googleearth.exe"="e:\\Program Files\\Electronic Arts\\SHIFT 2 UNLEASHED\\shift2u.exe"="e:\\Program Files\\Electronic Arts\\Need for Speed Hot Pursuit\\Launcher.exe"="e:\\Program Files\\Electronic Arts\\Need for Speed Hot Pursuit\\NFS11.exe"="e:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="e:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"="e:\\Program Files\\EA SPORTS\\FIFA 12\\Game\\fifa.exe"="e:\\Program Files\\Windows iLivid Toolbar\\Datamngr\\ToolBar\\dtUser.exe"="e:\\Program Files\\2K Sports\\NBA 2K12\\nba2k12.exe"="e:\\Documents and Settings\\Ali & Serkan\\Local Settings\\Application Data\\Google\\Chrome\\Application\\chrome.exe"="e:\\Program Files\\Skype\\Phone\\Skype.exe"="e:\\Documents and Settings\\All Users\\Application Data\\Electronic Arts\\Need For Speed World\\Data\\nfsw.exe"="e:\\Program Files\\uTorrent\\uTorrent.exe"="e:\\Program Files\\Counter-Strike 1.6\\hl.exe"="e:\\Program Files\\SoftnyxGame\\WolfTeamTS\\Wolfteam.bin"="e:\\Program Files\\GameSpy Arcade\\Aphex.exe"="e:\\Program Files\\Farming Simulator 2011\\FarmingSimulator2011.exe"="e:\\Program Files\\Farming Simulator 2011\\game.exe"=.[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]"2706:TCP"= 2706:TCP:Inhatch P2P Streaming"2707:TCP"= 2707:TCP:Inhatch P2P Streaming"2708:TCP"= 2708:TCP:Inhatch P2P Streaming"2709:TCP"= 2709:TCP:Inhatch P2P Streaming"10950:TCP"= 10950:TCP:Inhatch P2P Streaming"10951:TCP"= 10951:TCP:Inhatch P2P Streaming"10952:TCP"= 10952:TCP:Inhatch P2P Streaming"10953:TCP"= 10953:TCP:Inhatch P2P Streaming"49780:UDP"= 49780:UDP:Inhatch P2P Streaming.R0 sptd;sptd;\SystemRoot\\SystemRoot\System32\Drivers\sptd.sys --> \SystemRoot\\SystemRoot\System32\Drivers\sptd.sys [?]R3 NVHDA;Service for NVIDIA High Definition Audio Driver;e:\windows\system32\drivers\nvhda32.sys [1/9/2011 00:09 56992]R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;e:\windows\system32\drivers\viahduaa.sys [1/8/2011 23:58 1358720]S2 gupdate;Услуга Google Update (gupdate);e:\program files\Google\Update\GoogleUpdate.exe [2/3/2011 01:15 136176]S2 SkypeUpdate;Skype Updater;e:\program files\Skype\Updater\Updater.exe [2/29/2012 08:50 158856]S3 apf001;apf001;e:\program files\SoftnyxGame\WolfTeamTS\apf001.sys [5/22/2012 12:53 10872]S3 gupdatem;Услуга на Google Актуализация (gupdatem);e:\program files\Google\Update\GoogleUpdate.exe [2/3/2011 01:15 136176].Contents of the 'Scheduled Tasks' folder.2012-06-08 e:\windows\Tasks\GoogleUpdateTaskMachineCore.job- e:\program files\Google\Update\GoogleUpdate.exe [2011-02-03 08:15].2012-06-08 e:\windows\Tasks\GoogleUpdateTaskMachineUA.job- e:\program files\Google\Update\GoogleUpdate.exe [2011-02-03 08:15].2012-06-08 e:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1078081533-1960408961-1417001333-1003Core.job- e:\documents and settings\Ali & Serkan\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-06-28 10:25].2012-06-08 e:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1078081533-1960408961-1417001333-1003UA.job- e:\documents and settings\Ali & Serkan\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-06-28 10:25].2012-06-08 e:\windows\Tasks\Xjblth.job- e:\windows\system32\MSCOMCTLX.dll [2012-04-09 19:01]..------- Supplementary Scan -------.uStart Page = hxxp://search.babylon.com/?AF=100888&babsrc=HP_ss&mntrId=90518dd8000000000000002511cbbe60mStart Page = hxxp://www.kralyeri.comIE: E&xport to Microsoft Excel - e:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000IE: Закачать ВСЕ при помощи Download Master - e:\program files\Download Master\dmieall.htmIE: Закачать при помощи Download Master - e:\program files\Download Master\dmie.htmIE: Передать на удаленную закачку DM - e:\program files\Download Master\remdown.htmTCP: DhcpNameServer = 84.54.128.6 84.54.128.8FF - ProfilePath - e:\documents and settings\Ali & Serkan\Application Data\Mozilla\Firefox\Profiles\cibf59it.default\FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1060933&SearchSource=3&q={searchTerms}FF - prefs.js: browser.search.selectedEngine - Freecorder Customized Web SearchFF - prefs.js: browser.startup.homepage - hxxp://search.imesh.com/FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1060933&SearchSource=2&q=FF - user.js: extensions.BabylonToolbar_i.id - 90518dd8000000000000002511cbbe60FF - user.js: extensions.BabylonToolbar_i.hardId - 90518dd8000000000000002511cbbe60FF - user.js: extensions.BabylonToolbar_i.instlDay - 15361FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.1723:40FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylonFF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbarFF - user.js: extensions.BabylonToolbar_i.aflt - babsstFF - user.js: extensions.BabylonToolbar_i.smplGrp - noneFF - user.js: extensions.BabylonToolbar_i.tlbrId - baseFF - user.js: extensions.BabylonToolbar_i.newTab - falseFF - user.js: extensions.BabylonToolbar_i.babTrack - affID=100888FF - user.js: extensions.BabylonToolbar_i.babExt - FF - user.js: extensions.BabylonToolbar_i.srcExt - ssFF - user.js: extensions.BabylonToolbar_i.instlRef - sst.- - - - ORPHANS REMOVED - - - -.BHO-{30F9B915-B755-4826-820B-08FBA6BD249D} - e:\program files\ConduitEngine\ConduitEngin0.dllToolbar-{30F9B915-B755-4826-820B-08FBA6BD249D} - e:\program files\ConduitEngine\ConduitEngin0.dllToolbar-{B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4} - (no file)Toolbar-10 - (no file)WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)WebBrowser-{30F9B915-B755-4826-820B-08FBA6BD249D} - e:\program files\ConduitEngine\ConduitEngin0.dllShellIconOverlayIdentifiers-{2012DE06-50C0-48BD-ACDE-88F95D4CAD1F} - (no file)ShellIconOverlayIdentifiers-{C72C6188-BEF2-46E5-A89A-52F0ED75219E} - (no file)ShellIconOverlayIdentifiers-{C92F6BC2-AF61-4C0E-80E0-939B8282DDB7} - (no file)ShellIconOverlayIdentifiers-{CB1EFEF8-D5E0-49D1-B768-41B48B1D7803} - (no file)ShellIconOverlayIdentifiers-{F5D1CF73-C196-48F8-AAAC-B9181E22B4E6} - (no file)ShellIconOverlayIdentifiers-{9AE343CB-BA45-4618-AF6A-0230EE6FC793} - (no file)HKLM-Run-ROC_roc_dec12 - e:\program files\AVG Secure Search\ROC_roc_dec12.exeAddRemove-conduitEngine - e:\program files\ConduitEngine\ConduitEngineUninstall.exe...**************************************************************************.catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.netRootkit scan 2012-06-07 22:15Windows 5.1.2600 Service Pack 3 NTFS.scanning hidden processes ... .scanning hidden autostart entries ... .HKLM\Software\Microsoft\Windows\CurrentVersion\Run HDAudDeck = e:\program files\VIA\VIAudioi\HDADeck\HDeck.exe 1???????????????????????????????????????????????? .scanning hidden files ... .scan completed successfullyhidden files: 0.**************************************************************************.--------------------- LOCKED REGISTRY KEYS ---------------------.[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{067c751f-9175-4883-9a3d-1c16cd298bd4}]@Denied: (Full) (Everyone)"Model"=dword:0000003f"Therad"=dword:0000001e"MData"=hex(0):2b,8f,78,29,5a,0c,ce,ec,48,d4,68,e5,9f,6a,96,3e,ab,de,c5,81,26, 38,95,44,7c,a3,58,23,ec,af,2d,15,15,ef,a1,46,54,19,6c,0d,35,95,e0,f3,7c,6d,\.[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{3e22be51-8fb6-4159-8579-7c7bb8e50224}]@Denied: (Full) (Everyone)"Model"=dword:000000c0"Therad"=dword:00000015"MData"=hex(0):73,d5,cf,b8,a4,07,89,80,31,e4,35,6b,2a,ca,fe,43,b6,1f,81,1f,5a, 1b,4d,36,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,\.[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}]@Denied: (Full) (Everyone)"scansk"=hex(0):1e,dd,17,96,37,f8,24,12,de,43,f3,25,3d,43,c5,db,3e,b4,4f,73,f2, 2e,c8,98,7f,df,66,9d,b9,77,d4,28,9e,45,3c,20,b4,32,23,b8,00,00,00,00,00,00,\.[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}]@Denied: (Full) (Everyone)"scansk"=hex(0):88,ea,cf,17,3e,8b,18,71,27,18,07,e6,e6,2d,04,de,4c,8d,e9,10,cd, 28,40,73,28,cb,9e,15,65,e5,6e,08,83,60,a8,73,7e,25,a4,fb,00,00,00,00,00,00,\.--------------------- DLLs Loaded Under Running Processes ---------------------.- - - - - - - > 'explorer.exe'(2936)e:\windows\system32\WININET.dlle:\windows\system32\ieframe.dlle:\windows\system32\webcheck.dlle:\windows\system32\WPDShServiceObj.dlle:\windows\system32\PortableDeviceTypes.dlle:\windows\system32\PortableDeviceApi.dlle:\program files\Internet Explorer\mui\0402\browselc.dlle:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dlle:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\MSVCR80.dlle:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dlle:\program files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLLe:\program files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dlle:\program files\Common Files\Microsoft Shared\Windows Live\msidcrl40.dlle:\progra~1\DOWNLO~1\dmiehlp.dlle:\windows\system32\wpdshext.dll.Completion time: 2012-06-07 22:17:23ComboFix-quarantined-files.txt 2012-06-08 05:17.Pre-Run: 221 743 190 016 bytes freePost-Run: 221 697 990 656 bytes free.- - End Of File - - 4DF376B3F9A9DB0F8F6CE6D1B515438A Цитирай Link to comment Сподели другаде More sharing options...
s.feradov Публикувано Юни 7, 2012 Report Share Публикувано Юни 7, 2012 Лог-файлът изглежда чист. Колко пъти стартирахте ComboFix? Изпълнете следното: Изтеглете Microsoft Fix it 50267Запазете файла на Вашия десктоп.Стартирайте MicrosoftFixit50267.msi и следвайте стъпките за инсталацията на fix-а.Ще получите запитване за рестартиране на системата.Рестартирайте системата.Проверете дали проблемът с достъпа до Facebook е налице. Цитирай Link to comment Сподели другаде More sharing options...
Препоръчан пост
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.