Sisteminizde Çalışan Tüm Uygulamaların Dökümünü Alın

Programlama dilleri konusunda bilgi paylaşım alanıdır.
Cevapla
Kullanıcı avatarı
trwe
Petabyte3
Petabyte3
Mesajlar: 7263
Kayıt: 25 Eyl 2013, 13:38
cinsiyet: Erkek
Konum: Türkiye Cumhuriyeti

Sisteminizde Çalışan Tüm Uygulamaların Dökümünü Alın

Mesaj gönderen trwe » 14 Şub 2019, 01:58

Merhabalar

Bu sefer sizlere sunacağım betik ile kullandığınız sistem de arkaplanda çalışan ne varsa hepsini birer text dosyasına yazdırıp betiğin bulunduğu konuma kayıt eden bir Microsoft VBS'dir bu.....Özellikle sisteminizde bir gariplik sezerseniz bunu çalıştırıp arkaplan da gizli-aşikar tüm işlemleri tek seferde görüntüleyebilirsiniz.Özellikle rootkitlere karşı başarılı bu scprit.....Ama sitenin 60 bin karakter sınırlaması olduğundan betik'i buraya aktarman imkansız(500 bin karaktere sahip bir betik) Onun için indirme bağlantısını vereceğim.Bu betik Antirüssel türünün tek örneği bunu da bilin......!

İndirme (Gizli Çalışanları Göster.vbs.tar.gz 110.05 KB): https://www.dosyaupload.com/ag82

Örnek Bir Çıktı (TRWE_2012'in Windows 7 Ultimate (MSDN'li) SP1 x86 (i386) Sisteminden)

Kod: Tümünü seç

"Silent Runners.vbs", revision 63, http://www.silentrunners.org/
Operating System: Windows 7 SP1
Output limited to non-default values, except where indicated by "{++}"


Startup items buried in registry:
---------------------------------

HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++}
"StartupDelayer" = ""D:\PORTABLE PROGRAM FİLES X86\GENEL\R2 Studios Startup Delayer\Startup Launcher.exe" /LaunchType=Auto /LaunchApps=Local" [null data]
"AtomicAlarmClock6" = "D:\PORTABLE PROGRAM FİLES X86\PROGRAM FİLES x86\Atomic Alarm Clock\AtomicAlarmClock.exe" ["Drive Software Company"]
"DAEMON Tools Pro Agent" = ""D:\PORTABLE PROGRAM FİLES X86\DVD_CD\DAEMON Tools Pro 7\DTAgent.exe" -autorun" ["DT Soft Ltd"]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
"Classic Start Menu" = ""C:\Program Files\Classic Shell\ClassicStartMenu.exe" -autorun" ["IvoSoft"]
"0wl" = "D:\PORTABLE PROGRAM FİLES X86\SİSTEM\GÜVENLİK\WinLockPro\winlock.exe" ["Crystal Office Systems"]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\

{449D0D6E-2412-4E61-B68F-1CB625CD9E52}\(Default) = (no title provided)
  -> {HKLM...CLSID} = "ExplorerBHO Class"
                   \InProcServer32\(Default) = "C:\Program Files\Classic Shell\ClassicExplorer32.dll" ["IvoSoft"]

{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\(Default) = (no title provided)
  -> {HKLM...CLSID} = "Java(tm) Plug-In SSV Helper"
                   \InProcServer32\(Default) = "C:\Program Files\Java\jre1.8.0_74\bin\ssv.dll" ["Oracle Corporation"]

{DBC80044-A445-435b-BC74-9C25C1C588A9}\(Default) = (no title provided)
  -> {HKLM...CLSID} = "Java(tm) Plug-In 2 SSV Helper"
                   \InProcServer32\(Default) = "C:\Program Files\Java\jre1.8.0_74\bin\jp2ssv.dll" ["Oracle Corporation"]

{EA801577-E6AD-4BD5-8F71-4BE0154331A4}\(Default) = (no title provided)
  -> {HKLM...CLSID} = "ClassicIEBHO Class"
                   \InProcServer32\(Default) = "C:\Program Files\Classic Shell\ClassicIEDLL_32.dll" ["IvoSoft"]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\

ShareOverlay\(Default) = "{594D4122-1F87-41E2-96C7-825FB4796516}"
  -> {HKLM...CLSID} = "ShareOverlay Class"
                   \InProcServer32\(Default) = "C:\Program Files\Classic Shell\ClassicExplorer32.dll" ["IvoSoft"]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\

"{23170F69-40C1-278A-1000-000100020000}" = "7-Zip Shell Extension"
  -> {HKLM...CLSID} = "7-Zip Shell Extension"
                   \InProcServer32\(Default) = "D:\PORTABLE PROGRAM FİLES X86\OFİS\ARŞİVLEME\7Zip v18\7-zip.dll" ["Igor Pavlov"]

"{47CAF5E1-782D-4AB4-9A30-72C8F7FD4E7B}" = "Vopt Context Menu"
  -> {HKCU...CLSID} = "Vopt Context Menu"
                   \InProcServer32\(Default) = "C:\Program Files\Golden Bow\Vopt 9\VoptSX.dll" ["Golden Bow Systems"]
  -> {HKLM...CLSID} = "Vopt Context Menu"
                   \InProcServer32\(Default) = "C:\Program Files\Golden Bow\Vopt 9\VoptSx.dll" ["Golden Bow Systems"]

"{A7005AF0-D6E8-48AF-8DFA-023B1CF660A7}" = "TeraCopy"
  -> {HKLM...CLSID} = (no title provided)
                   \InProcServer32\(Default) = "D:\PORTABLE PROGRAM FİLES X86\SİSTEM\GENEL\TeraCopy\TeraCopy.dll" [null data]

"{A8005AF0-D6E8-48AF-8DFA-023B1CF660A7}" = "TeraCopy"
  -> {HKLM...CLSID} = (no title provided)
                   \InProcServer32\(Default) = "D:\PORTABLE PROGRAM FİLES X86\SİSTEM\GENEL\TeraCopy\TeraCopyExt.dll" [null data]

"{42042206-2D85-11D3-8CFF-005004838597}" = "Microsoft Office HTML Icon Handler"
  -> {HKLM...CLSID} = (no title provided)
                   \InProcServer32\(Default) = "C:\Program Files\Microsoft Office\Office12\msohevi.dll" [MS]

"{AB4F43CA-ADCD-4384-B9AF-3CECEA7D6544}" = "Web Sites"
  -> {HKLM...CLSID} = "Web Sites"
                   \InProcServer32\(Default) = "C:\PROGRA~1\COMMON~1\MICROS~1\WEBSER~1\12\BIN\FPNSE.DLL" [MS]

"{E81FFB23-40E2-431C-A041-76AEA0E4B04C}" = "Nameext"
  -> {HKLM...CLSID} = "Enterprise Projects"
                   \InProcServer32\(Default) = "C:\PROGRA~1\MICROS~3\Office12\NAMEEXT.DLL" [MS]

"{087B3AE3-E237-4467-B8DB-5A38AB959AC9}" = "LibreOffice Infotip Handler"
  -> {HKLM...CLSID} = (no title provided)
                   \InProcServer32\(Default) = "C:\Program Files\LibreOffice\program\shlxthdl\shlxthdl.dll" ["The Document Foundation"]

"{3B092F0C-7696-40E3-A80F-68D74DA84210}" = "LibreOffice Thumbnail Viewer"
  -> {HKLM...CLSID} = (no title provided)
                   \InProcServer32\(Default) = "C:\Program Files\LibreOffice\program\shlxthdl\shlxthdl.dll" ["The Document Foundation"]

"{63542C48-9552-494A-84F7-73AA6A7C99C1}" = "LibreOffice Property Sheet Handler"
  -> {HKLM...CLSID} = (no title provided)
                   \InProcServer32\(Default) = "C:\Program Files\LibreOffice\program\shlxthdl\shlxthdl.dll" ["The Document Foundation"]

"{AE424E85-F6DF-4910-A6A9-438797986431}" = "LibreOffice Property Handler"
  -> {HKLM...CLSID} = "LibreOffice Property Handler"
                   \InProcServer32\(Default) = "C:\Program Files\LibreOffice\program\shlxthdl\propertyhdl.dll" ["The Document Foundation"]

"{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}" = "LibreOffice Column Handler"
  -> {HKLM...CLSID} = (no title provided)
                   \InProcServer32\(Default) = "C:\Program Files\LibreOffice\program\shlxthdl\shlxthdl.dll" ["The Document Foundation"]

"{43723C2F-6A55-48BD-8BF9-4B017087D8AE}" = "UpOneLevel Extension"
  -> {HKLM...CLSID} = "UpOneLevelExt Class"
                   \InProcServer32\(Default) = "C:\Windows\System32\BirSeviyeYukari.dll" [empty string]

"{D8E899D8-A7B3-449C-BFDF-761FC5826313}" = "FileExtToggle Extension"
  -> {HKLM...CLSID} = "FileExtToggleExt Class"
                   \InProcServer32\(Default) = "C:\Windows\System32\FileExtensionToggle.dll" [empty string]

"{8A56567E-A333-4843-B6E1-C3A262E41D8C}" = "HashTab Property Page"
  -> {HKLM...CLSID} = "HashPage Class"
                   \InProcServer32\(Default) = "C:\Windows\System32\HashBilgisiSekmesi.dll" ["Beeblebrox.org"]

"{AC67E92C-D916-4058-A7B8-0913746592F4}" = "HiddenFilesToggle Extension"
  -> {HKLM...CLSID} = "HiddenFilesToggleExt Class"
                   \InProcServer32\(Default) = "C:\Windows\System32\HiddenFilesToggle.dll" [empty string]

"{C38C9EFF-166C-11D4-98D6-204C4F4F5020}" = "Kopyalama Sepeti"
  -> {HKLM...CLSID} = "Basket Class"
                   \InProcServer32\(Default) = "C:\Windows\System32\KopyalamaSepeti.dll" ["Conceptworld Corporation"]

"{0A435D73-6459-4b87-971D-0EEBFD2495BA}" = "ContextAttrib"
  -> {HKLM...CLSID} = "ContextAttrib"
                   \InProcServer32\(Default) = "C:\Windows\System32\NitelikDegistirici.dll" ["FiestaXP"]

"{e0515e57-7dc3-11d3-8340-444553540000}" = "pmChangeExt"
  -> {HKLM...CLSID} = "pmChangeExt"
                   \InProcServer32\(Default) = "c:\windows\system32\uzantidegistir.dll" ["Mobile Hacker Orhan"]

"{DDE4BEEB-DDE6-48fd-8EB5-035C09923F83}" = "UnlockerShellExtension"
  -> {HKLM...CLSID} = "UnlockerShellExtension"
                   \InProcServer32\(Default) = "C:\Program Files\Unlocker\UnlockerCOM.dll" [null data]

"{8BE13461-936F-11D1-A87D-444553540000}" = "Eraser Shell Extension"
  -> {HKLM...CLSID} = "Eraser Shell Extension"
                   \InProcServer32\(Default) = "C:\Windows\system32\erasext.dll" ["-"]

"{c5aec3ec-e812-4677-a9a7-4fee1f9aa000}" = "Icaros Thumbnail Provider"
  -> {HKLM...CLSID} = "Icaros Thumbnail Provider"
                   \InProcServer32\(Default) = "C:\Program Files\Win7codecs\Tools\IcarosThumbnailProvider.dll" ["Tabibito Technology"]

"{0c08e2bb-d10b-4cc9-b1b3-701f5be9d6ec}" = "IcarosPropertyHandler"
  -> {HKLM...CLSID} = "IcarosPropertyHandler.IcarosPropertyHandler"
                   \InProcServer32\(Default) = "mscoree.dll" [MS]

"{1532B32D-3A75-4A4D-9B38-5A6000EA7045}" = "FreeArc"
  -> {HKLM...CLSID} = "FreeArc"
                   \InProcServer32\(Default) = "D:\PORTABLE PROGRAM FİLES X86\OFİS\ARŞİVLEME\FreeArc\bin\ArcShellExt\ArcShellExt.dll" ["freearc.org"]

"{2C7DDECF-7A8E-48A5-A744-8F45D20FB1A9}" = "Image Catalog"
  -> {HKLM...CLSID} = "Image Catalog"
                   \InProcServer32\(Default) = "D:\PORTABLE PROGRAM FİLES X86\DVD_CD\DAEMON Tools Pro 7\DTShl32.dll" ["DT Soft Ltd"]

"{C1B2C38F-3DCA-4E3D-BC34-D5B87B636543}" = "FileMenuTools"
  -> {HKLM...CLSID} = "FileMenuTools"
                   \InProcServer32\(Default) = "D:\PORTABLE PROGRAM FİLES X86\GENEL\LopeSoft FileMenu Tools\FileMenuTools.dll" ["LopeSoft"]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\

<<!>> "{E31004D1-A431-41B8-826F-E902F9D95C81}" = "Windows DreamScene"
  -> {HKLM...CLSID} = "Windows DreamScene"
                   \InProcServer32\(Default) = "C:\Windows\System32\DreamScene.dll" [MS]

HKLM\SOFTWARE\Classes\PROTOCOLS\Filter\

<<!>> text/xml\CLSID = "{807563E5-5146-11D5-A672-00B0D022E945}"
  -> {HKLM...CLSID} = "Microsoft Office InfoPath XML Mime Filter"
                   \InProcServer32\(Default) = "C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL" [MS]

HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\

<<!>> grooveLocalGWS\CLSID = "{88FED34C-F0CA-4636-A375-3CB6248B04CD}"
  -> {HKLM...CLSID} = "Local Groove Web Services Protocol"
                   \InProcServer32\(Default) = "C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll" [MS]

<<!>> ms-help\CLSID = "{314111c7-a502-11d2-bbca-00c04f8ec294}"
  -> {HKLM...CLSID} = "HxProtocol Class"
                   \InProcServer32\(Default) = "C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll" [MS]

HKLM\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\

7-Zip\(Default) = "{23170F69-40C1-278A-1000-000100020000}"
  -> {HKLM...CLSID} = "7-Zip Shell Extension"
                   \InProcServer32\(Default) = "D:\PORTABLE PROGRAM FİLES X86\OFİS\ARŞİVLEME\7Zip v18\7-zip.dll" ["Igor Pavlov"]

DaemonShellExtImage\(Default) = "{40966797-8FFE-46C8-9EF8-7003F33CCF0F}"
  -> {HKLM...CLSID} = "DaemonShellExtImage Class"
                   \InProcServer32\(Default) = "D:\PORTABLE PROGRAM FİLES X86\DVD_CD\DAEMON Tools Pro 7\DTShl32.dll" ["DT Soft Ltd"]

Erasext\(Default) = "{8BE13461-936F-11D1-A87D-444553540000}"
  -> {HKLM...CLSID} = "Eraser Shell Extension"
                   \InProcServer32\(Default) = "C:\Windows\system32\erasext.dll" ["-"]

FreeArc\(Default) = "{1532B32D-3A75-4A4D-9B38-5A6000EA7045}"
  -> {HKLM...CLSID} = "FreeArc"
                   \InProcServer32\(Default) = "D:\PORTABLE PROGRAM FİLES X86\OFİS\ARŞİVLEME\FreeArc\bin\ArcShellExt\ArcShellExt.dll" ["freearc.org"]

pmChangeExt\(Default) = "{e0515e57-7dc3-11d3-8340-444553540000}"
  -> {HKLM...CLSID} = "pmChangeExt"
                   \InProcServer32\(Default) = "c:\windows\system32\uzantidegistir.dll" ["Mobile Hacker Orhan"]

TeraCopy\(Default) = "{A8005AF0-D6E8-48AF-8DFA-023B1CF660A7}"
  -> {HKLM...CLSID} = (no title provided)
                   \InProcServer32\(Default) = "D:\PORTABLE PROGRAM FİLES X86\SİSTEM\GENEL\TeraCopy\TeraCopyExt.dll" [null data]

HKLM\SOFTWARE\Classes\*\shellex\DragDropHandlers\

TeraCopy\(Default) = "{A7005AF0-D6E8-48AF-8DFA-023B1CF660A7}"
  -> {HKLM...CLSID} = (no title provided)
                   \InProcServer32\(Default) = "D:\PORTABLE PROGRAM FİLES X86\SİSTEM\GENEL\TeraCopy\TeraCopy.dll" [null data]

HKLM\SOFTWARE\Classes\*\shellex\PropertySheetHandlers\

HashTab\(Default) = "{8A56567E-A333-4843-B6E1-C3A262E41D8C}"
  -> {HKLM...CLSID} = "HashPage Class"
                   \InProcServer32\(Default) = "C:\Windows\System32\HashBilgisiSekmesi.dll" ["Beeblebrox.org"]

HKLM\SOFTWARE\Classes\AllFilesystemObjects\shellex\ContextMenuHandlers\

ContextAttrib\(Default) = "{0A435D73-6459-4b87-971D-0EEBFD2495BA}"
  -> {HKLM...CLSID} = "ContextAttrib"
                   \InProcServer32\(Default) = "C:\Windows\System32\NitelikDegistirici.dll" ["FiestaXP"]

FileMenuTools\(Default) = "{C1B2C38F-3DCA-4E3D-BC34-D5B87B636543}"
  -> {HKLM...CLSID} = "FileMenuTools"
                   \InProcServer32\(Default) = "D:\PORTABLE PROGRAM FİLES X86\GENEL\LopeSoft FileMenu Tools\FileMenuTools.dll" ["LopeSoft"]

UnlockerShellExtension\(Default) = "{DDE4BEEB-DDE6-48fd-8EB5-035C09923F83}"
  -> {HKLM...CLSID} = "UnlockerShellExtension"
                   \InProcServer32\(Default) = "C:\Program Files\Unlocker\UnlockerCOM.dll" [null data]

HKLM\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\

7-Zip\(Default) = "{23170F69-40C1-278A-1000-000100020000}"
  -> {HKLM...CLSID} = "7-Zip Shell Extension"
                   \InProcServer32\(Default) = "D:\PORTABLE PROGRAM FİLES X86\OFİS\ARŞİVLEME\7Zip v18\7-zip.dll" ["Igor Pavlov"]

FileMenuTools\(Default) = "{C1B2C38F-3DCA-4E3D-BC34-D5B87B636543}"
  -> {HKLM...CLSID} = "FileMenuTools"
                   \InProcServer32\(Default) = "D:\PORTABLE PROGRAM FİLES X86\GENEL\LopeSoft FileMenu Tools\FileMenuTools.dll" ["LopeSoft"]

TeraCopy\(Default) = "{A8005AF0-D6E8-48AF-8DFA-023B1CF660A7}"
  -> {HKLM...CLSID} = (no title provided)
                   \InProcServer32\(Default) = "D:\PORTABLE PROGRAM FİLES X86\SİSTEM\GENEL\TeraCopy\TeraCopyExt.dll" [null data]

HKLM\SOFTWARE\Classes\Directory\shellex\DragDropHandlers\

7-Zip\(Default) = "{23170F69-40C1-278A-1000-000100020000}"
  -> {HKLM...CLSID} = "7-Zip Shell Extension"
                   \InProcServer32\(Default) = "D:\PORTABLE PROGRAM FİLES X86\OFİS\ARŞİVLEME\7Zip v18\7-zip.dll" ["Igor Pavlov"]

ClassicCopyExt\(Default) = "{8C83ACB1-75C3-45D2-882C-EFA32333491C}"
  -> {HKLM...CLSID} = "ClassicCopyExt Class"
                   \InProcServer32\(Default) = "C:\Program Files\Classic Shell\ClassicExplorer32.dll" ["IvoSoft"]

TeraCopy\(Default) = "{A7005AF0-D6E8-48AF-8DFA-023B1CF660A7}"
  -> {HKLM...CLSID} = (no title provided)
                   \InProcServer32\(Default) = "D:\PORTABLE PROGRAM FİLES X86\SİSTEM\GENEL\TeraCopy\TeraCopy.dll" [null data]

HKLM\SOFTWARE\Classes\Directory\Background\shellex\ContextMenuHandlers\

DreamScene\(Default) = "{BE800AEB-A440-4B63-94CD-AA6B43647DF9}"
  -> {HKLM...CLSID} = "Windows DreamScene Shell Extension"
                   \InProcServer32\(Default) = "C:\Windows\System32\DreamScene.dll" [MS]

FileExtToggleExtension\(Default) = "{D8E899D8-A7B3-449C-BFDF-761FC5826313}"
  -> {HKLM...CLSID} = "FileExtToggleExt Class"
                   \InProcServer32\(Default) = "C:\Windows\System32\FileExtensionToggle.dll" [empty string]

FileMenuTools\(Default) = "{C1B2C38F-3DCA-4E3D-BC34-D5B87B636543}"
  -> {HKLM...CLSID} = "FileMenuTools"
                   \InProcServer32\(Default) = "D:\PORTABLE PROGRAM FİLES X86\GENEL\LopeSoft FileMenu Tools\FileMenuTools.dll" ["LopeSoft"]

HiddenFilesToggleExtension\(Default) = "{AC67E92C-D916-4058-A7B8-0913746592F4}"
  -> {HKLM...CLSID} = "HiddenFilesToggleExt Class"
                   \InProcServer32\(Default) = "C:\Windows\System32\HiddenFilesToggle.dll" [empty string]

igfxcui\(Default) = "{3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4}"
  -> {HKLM...CLSID} = "GraphicsShellExt Class"
                   \InProcServer32\(Default) = "C:\Windows\system32\igfxpph.dll" ["Intel Corporation"]

TeraCopy\(Default) = "{A8005AF0-D6E8-48AF-8DFA-023B1CF660A7}"
  -> {HKLM...CLSID} = (no title provided)
                   \InProcServer32\(Default) = "D:\PORTABLE PROGRAM FİLES X86\SİSTEM\GENEL\TeraCopy\TeraCopyExt.dll" [null data]

UpOneLevelExtension\(Default) = "{43723C2F-6A55-48BD-8BF9-4B017087D8AE}"
  -> {HKLM...CLSID} = "UpOneLevelExt Class"
                   \InProcServer32\(Default) = "C:\Windows\System32\BirSeviyeYukari.dll" [empty string]

HKLM\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\

{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}\(Default) = "LibreOffice Column Handler"
  -> {HKLM...CLSID} = (no title provided)
                   \InProcServer32\(Default) = "C:\Program Files\LibreOffice\program\shlxthdl\shlxthdl.dll" ["The Document Foundation"]

HKLM\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\

7-Zip\(Default) = "{23170F69-40C1-278A-1000-000100020000}"
  -> {HKLM...CLSID} = "7-Zip Shell Extension"
                   \InProcServer32\(Default) = "D:\PORTABLE PROGRAM FİLES X86\OFİS\ARŞİVLEME\7Zip v18\7-zip.dll" ["Igor Pavlov"]

Erasext\(Default) = "{8BE13461-936F-11D1-A87D-444553540000}"
  -> {HKLM...CLSID} = "Eraser Shell Extension"
                   \InProcServer32\(Default) = "C:\Windows\system32\erasext.dll" ["-"]

FileMenuTools\(Default) = "{C1B2C38F-3DCA-4E3D-BC34-D5B87B636543}"
  -> {HKLM...CLSID} = "FileMenuTools"
                   \InProcServer32\(Default) = "D:\PORTABLE PROGRAM FİLES X86\GENEL\LopeSoft FileMenu Tools\FileMenuTools.dll" ["LopeSoft"]

FreeArc\(Default) = "{1532B32D-3A75-4A4D-9B38-5A6000EA7045}"
  -> {HKLM...CLSID} = "FreeArc"
                   \InProcServer32\(Default) = "D:\PORTABLE PROGRAM FİLES X86\OFİS\ARŞİVLEME\FreeArc\bin\ArcShellExt\ArcShellExt.dll" ["freearc.org"]

TeraCopy\(Default) = "{A8005AF0-D6E8-48AF-8DFA-023B1CF660A7}"
  -> {HKLM...CLSID} = (no title provided)
                   \InProcServer32\(Default) = "D:\PORTABLE PROGRAM FİLES X86\SİSTEM\GENEL\TeraCopy\TeraCopyExt.dll" [null data]

UnlockerShellExtension\(Default) = "{DDE4BEEB-DDE6-48fd-8EB5-035C09923F83}"
  -> {HKLM...CLSID} = "UnlockerShellExtension"
                   \InProcServer32\(Default) = "C:\Program Files\Unlocker\UnlockerCOM.dll" [null data]

HKLM\SOFTWARE\Classes\Folder\shellex\DragDropHandlers\

ClassicCopyExt\(Default) = "{8C83ACB1-75C3-45D2-882C-EFA32333491C}"
  -> {HKLM...CLSID} = "ClassicCopyExt Class"
                   \InProcServer32\(Default) = "C:\Program Files\Classic Shell\ClassicExplorer32.dll" ["IvoSoft"]

Erasext\(Default) = "{8BE13461-936F-11D1-A87D-444553540000}"
  -> {HKLM...CLSID} = "Eraser Shell Extension"
                   \InProcServer32\(Default) = "C:\Windows\system32\erasext.dll" ["-"]

TeraCopy\(Default) = "{A7005AF0-D6E8-48AF-8DFA-023B1CF660A7}"
  -> {HKLM...CLSID} = (no title provided)
                   \InProcServer32\(Default) = "D:\PORTABLE PROGRAM FİLES X86\SİSTEM\GENEL\TeraCopy\TeraCopy.dll" [null data]


Group Policies {GPedit.msc branch and setting}:
-----------------------------------------------

Note: detected settings may not have any effect.

HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop\

"NoHTMLWallPaper" = (REG_DWORD) dword:0x00000000
{unrecognized setting}

"NoChangingWallPaper" = (REG_DWORD) dword:0x00000000
{User Configuration|Administrative Templates|Control Panel|Display|
Disable changing wallpaper}

HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\

"NoRun" = (REG_DWORD) dword:0x00000000
{User Configuration|Administrative Templates|Start Menu and Taskbar|
Remove Run menu from Start Menu}

"NoClose" = (REG_DWORD) dword:0x00000000
{User Configuration|Administrative Templates|Start Menu and Taskbar|
Remove and prevent access to the Shut Down, Restart, Sleep, and Hibernate commands}

"NoSetTaskBar" = (REG_DWORD) dword:0x00000000
{User Configuration|Administrative Templates|Start Menu and Taskbar|
Prevent changes to Taskbar and Start Menu Settings}

"NoLogoff" = (REG_DWORD) dword:0x00000000
{User Configuration|Administrative Templates|System|Logon/Logoff|
Disable Logoff}

"StartMenuLogOff" = (REG_DWORD) dword:0x00000000
{unrecognized setting}

"NoDrives" = (REG_DWORD) dword:0x00000000
{unrecognized setting}

"NoViewOnDrive" = (REG_DWORD) dword:0x00000000
{unrecognized setting}

"NoFind" = (REG_DWORD) dword:0x00000000
{unrecognized setting}

"NoTrayContextMenu" = (REG_DWORD) dword:0x00000000
{unrecognized setting}

"NoFileMenu" = (REG_DWORD) dword:0x00000000
{unrecognized setting}

"NoNetConnectDisconnect" = (REG_DWORD) dword:0x00000000
{unrecognized setting}

"NoViewContextMenu" = (REG_DWORD) dword:0x00000000
{unrecognized setting}

"NoDesktop" = (REG_DWORD) dword:0x00000000
{unrecognized setting}

"NoDesktopUpdate" = (REG_DWORD) dword:0x00000000
{unrecognized setting}

"NoControlPanel" = (REG_DWORD) dword:0x00000000
{unrecognized setting}

"NoSMHelp" = (REG_DWORD) dword:0x00000000
{User Configuration|Administrative Templates|Start Menu and Taskbar|
Remove Help menu from Start Menu}

"NoSetFolders" = (REG_DWORD) dword:0x00000000
{unrecognized setting}

"NoRecentDocsMenu" = (REG_DWORD) dword:0x00000000
{unrecognized setting}

"NoActiveDesktop" = (REG_DWORD) dword:0x00000000
{User Configuration|Administrative Templates|Desktop|Desktop / Active Desktop|
Disable Active Desktop}

"NoSetActiveDesktop" = (REG_DWORD) dword:0x00000000
{unrecognized setting}

"NoSaveSettings" = (REG_DWORD) dword:0x00000000
{User Configuration|Administrative Templates|Desktop|
Don't save settings at exit}

"NoCloseDragDropBands" = (REG_DWORD) dword:0x00000000
{unrecognized setting}

"NoWindowsUpdate" = (REG_DWORD) dword:0x00000000
{User Configuration|Administrative Templates|Start Menu and Taskbar|
Remove links and access to Windows Update}

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\

"NoFolderOptions" = (REG_DWORD) dword:0x00000000
{unrecognized setting}

"NoDrives" = (REG_DWORD) dword:0x00000000
{unrecognized setting}

"NoSetTaskBar" = (REG_DWORD) dword:0x00000000
{unrecognized setting}

"NoViewContextMenu" = (REG_DWORD) dword:0x00000000
{unrecognized setting}

"NoTrayContextMenu" = (REG_DWORD) dword:0x00000000
{unrecognized setting}

"NoControlPanel" = (REG_DWORD) dword:0x00000000
{unrecognized setting}

"NoRun" = (REG_DWORD) dword:0x00000000
{unrecognized setting}

"NoFind" = (REG_DWORD) dword:0x00000000
{unrecognized setting}

"NoLogoff" = (REG_DWORD) dword:0x00000000
{unrecognized setting}

"NoClose" = (REG_DWORD) dword:0x00000000
{unrecognized setting}

"NoSMHelp" = (REG_DWORD) dword:0x00000000
{unrecognized setting}

"NoRecentDocsMenu" = (REG_DWORD) dword:0x00000000
{unrecognized setting}

HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System\

"WRP" = (REG_DWORD) dword:0x00000000
{unrecognized setting}

"DisableTaskMgr" = (REG_DWORD) dword:0x00000000
{unrecognized setting}

"DisableRegistryTools" = (REG_DWORD) dword:0x00000000
{User Configuration|Administrative Templates|System|
Prevent access to registry editing tools}

"DisableChangePassword" = (REG_DWORD) dword:0x00000000
{unrecognized setting}

"DisableLockWorkstation" = (REG_DWORD) dword:0x00000000
{unrecognized setting}

"NoDispCpl" = (REG_DWORD) dword:0x00000000
{User Configuration|Administrative Templates|Control Panel|Display|
Disable the Display Control Panel}

HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Uninstall\

"NoAddRemovePrograms" = (REG_DWORD) dword:0x00000000
{User Configuration|Administrative Templates|Control Panel|Add or Remove Programs|
Remove Add or Remove Programs}

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer\Restrictions\

"NoFileNew" = (REG_DWORD) dword:0x00000000
{unrecognized setting}

"NoFileOpen" = (REG_DWORD) dword:0x00000000
{unrecognized setting}

"NoBrowserSaveAs" = (REG_DWORD) dword:0x00000000
{unrecognized setting}

"NoSelectDownloadDir" = (REG_DWORD) dword:0x00000000
{unrecognized setting}

"NoBrowserClose" = (REG_DWORD) dword:0x00000000
{unrecognized setting}

"NoPrinting" = (REG_DWORD) dword:0x00000000
{unrecognized setting}

"NoFindFiles" = (REG_DWORD) dword:0x00000000
{unrecognized setting}

"NoViewSource" = (REG_DWORD) dword:0x00000000
{unrecognized setting}

"NoFavorites" = (REG_DWORD) dword:0x00000000
{unrecognized setting}

"NoBrowserOptions" = (REG_DWORD) dword:0x00000000
{Computer Configuration|Administrative Templates|Windows Components|Internet Explorer|Browser Menus|
Tools menu: Disable Internet Options... menu option}

"NoBrowserContextMenu" = (REG_DWORD) dword:0x00000000
{unrecognized setting}

"NoTheaterMode" = (REG_DWORD) dword:0x00000000
{unrecognized setting}

"NoNavButtons" = (REG_DWORD) dword:0x00000000
{unrecognized setting}

HKCU\Software\Policies\Microsoft\Windows\System\

"DisableCMD" = (REG_DWORD) dword:0x00000000
{User Configuration|Administrative Templates|System|
Prevent access to the command prompt}

HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\

"DisableAntiSpyware" = (REG_DWORD) dword:0x00000001
{Computer Configuration|Administrative Templates|Windows Components|Windows Defender|
Turn off Windows Defender}

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\

"ConsentPromptBehaviorAdmin" = (REG_DWORD) dword:0x00000000
{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
User Account Control: Behavior Of The Elevation Prompt For Administrators In Admin Approval Mode}

"EnableLUA" = (REG_DWORD) dword:0x00000000
{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
User Account Control: Run All Administrators In Admin Approval Mode}

"DisableLockWorkstation" = (REG_DWORD) dword:0x00000000
{unrecognized setting}


Active Desktop and Wallpaper:
-----------------------------

Active Desktop may be disabled at this entry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState

Displayed if Active Desktop disabled and wallpaper not set by Group Policy:
HKCU\Control Panel\Desktop\
"Wallpaper" = "C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg"


Windows Portable Device AutoPlay Handlers
-----------------------------------------

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\

ASHAshampoo_Burning_Studio_2012BURNONARRIVAL\
"Provider" = "Ashampoo Burning Studio 2012"
"InvokeProgID" = "Ashampoo.BurningStudio2012"
"InvokeVerb" = "autoplay-burn"
HKLM\SOFTWARE\Classes\Ashampoo.BurningStudio2012\shell\autoplay-burn\Command\(Default) = ""C:\Program Files\Ashampoo\Ashampoo Burning Studio 2012\burningstudio2012.exe" -autoplay -selectdrive "%l"" ["Ashampoo"]

ASHAshampoo_Burning_Studio_2012COPYONARRIVAL\
"Provider" = "Ashampoo Burning Studio 2012"
"InvokeProgID" = "Ashampoo.BurningStudio2012"
"InvokeVerb" = "autoplay-copy"
HKLM\SOFTWARE\Classes\Ashampoo.BurningStudio2012\shell\autoplay-copy\Command\(Default) = ""C:\Program Files\Ashampoo\Ashampoo Burning Studio 2012\burningstudio2012.exe" -autoplay -selectdrive "%l" -copy" ["Ashampoo"]

ASHAshampoo_Burning_Studio_2012RIPONARRIVAL\
"Provider" = "Ashampoo Burning Studio 2012"
"InvokeProgID" = "Ashampoo.BurningStudio2012"
"InvokeVerb" = "autoplay-rip"
HKLM\SOFTWARE\Classes\Ashampoo.BurningStudio2012\shell\autoplay-rip\Command\(Default) = ""C:\Program Files\Ashampoo\Ashampoo Burning Studio 2012\burningstudio2012.exe" -autoplay -selectdrive "%l" -rip" ["Ashampoo"]

ImgBurnBluRayBurningOnArrival_BuildImage\
"Provider" = "ImgBurn"
"InvokeProgID" = "ImgBurn.AutoPlay.1"
"InvokeVerb" = "HandleBluRayBurningOnArrival_BuildImage"
HKLM\SOFTWARE\Classes\ImgBurn.AutoPlay.1\shell\HandleBluRayBurningOnArrival_BuildImage\Command\(Default) = ""D:\PORTABLE PROGRAM FİLES X86\DVD_CD\ImgBurn\ImgBurn.exe" /MODE BUILD /BUILDMODE DEVICE /DEST "%1"" ["LIGHTNING UK!"]

ImgBurnBluRayBurningOnArrival_BurnImage\
"Provider" = "ImgBurn"
"InvokeProgID" = "ImgBurn.AutoPlay.1"
"InvokeVerb" = "HandleBluRayBurningOnArrival_BurnImage"
HKLM\SOFTWARE\Classes\ImgBurn.AutoPlay.1\shell\HandleBluRayBurningOnArrival_BurnImage\Command\(Default) = ""D:\PORTABLE PROGRAM FİLES X86\DVD_CD\ImgBurn\ImgBurn.exe" /MODE WRITE /DEST "%1"" ["LIGHTNING UK!"]

ImgBurnCDBurningOnArrival_BuildImage\
"Provider" = "ImgBurn"
"InvokeProgID" = "ImgBurn.AutoPlay.1"
"InvokeVerb" = "HandleCDBurningOnArrival_BuildImage"
HKLM\SOFTWARE\Classes\ImgBurn.AutoPlay.1\shell\HandleCDBurningOnArrival_BuildImage\Command\(Default) = ""D:\PORTABLE PROGRAM FİLES X86\DVD_CD\ImgBurn\ImgBurn.exe" /MODE BUILD /BUILDMODE DEVICE /DEST "%1"" ["LIGHTNING UK!"]

ImgBurnCDBurningOnArrival_BurnImage\
"Provider" = "ImgBurn"
"InvokeProgID" = "ImgBurn.AutoPlay.1"
"InvokeVerb" = "HandleCDBurningOnArrival_BurnImage"
HKLM\SOFTWARE\Classes\ImgBurn.AutoPlay.1\shell\HandleCDBurningOnArrival_BurnImage\Command\(Default) = ""D:\PORTABLE PROGRAM FİLES X86\DVD_CD\ImgBurn\ImgBurn.exe" /MODE WRITE /DEST "%1"" ["LIGHTNING UK!"]

ImgBurnDVDBurningOnArrival_BuildImage\
"Provider" = "ImgBurn"
"InvokeProgID" = "ImgBurn.AutoPlay.1"
"InvokeVerb" = "HandleDVDBurningOnArrival_BuildImage"
HKLM\SOFTWARE\Classes\ImgBurn.AutoPlay.1\shell\HandleDVDBurningOnArrival_BuildImage\Command\(Default) = ""D:\PORTABLE PROGRAM FİLES X86\DVD_CD\ImgBurn\ImgBurn.exe" /MODE BUILD /BUILDMODE DEVICE /DEST "%1"" ["LIGHTNING UK!"]

ImgBurnDVDBurningOnArrival_BurnImage\
"Provider" = "ImgBurn"
"InvokeProgID" = "ImgBurn.AutoPlay.1"
"InvokeVerb" = "HandleDVDBurningOnArrival_BurnImage"
HKLM\SOFTWARE\Classes\ImgBurn.AutoPlay.1\shell\HandleDVDBurningOnArrival_BurnImage\Command\(Default) = ""D:\PORTABLE PROGRAM FİLES X86\DVD_CD\ImgBurn\ImgBurn.exe" /MODE WRITE /DEST "%1"" ["LIGHTNING UK!"]

ImgBurnHDDVDBurningOnArrival_BuildImage\
"Provider" = "ImgBurn"
"InvokeProgID" = "ImgBurn.AutoPlay.1"
"InvokeVerb" = "HandleHDDVDBurningOnArrival_BuildImage"
HKLM\SOFTWARE\Classes\ImgBurn.AutoPlay.1\shell\HandleHDDVDBurningOnArrival_BuildImage\Command\(Default) = ""D:\PORTABLE PROGRAM FİLES X86\DVD_CD\ImgBurn\ImgBurn.exe" /MODE BUILD /BUILDMODE DEVICE /DEST "%1"" ["LIGHTNING UK!"]

ImgBurnHDDVDBurningOnArrival_BurnImage\
"Provider" = "ImgBurn"
"InvokeProgID" = "ImgBurn.AutoPlay.1"
"InvokeVerb" = "HandleHDDVDBurningOnArrival_BurnImage"
HKLM\SOFTWARE\Classes\ImgBurn.AutoPlay.1\shell\HandleHDDVDBurningOnArrival_BurnImage\Command\(Default) = ""D:\PORTABLE PROGRAM FİLES X86\DVD_CD\ImgBurn\ImgBurn.exe" /MODE WRITE /DEST "%1"" ["LIGHTNING UK!"]

ImgBurnPlayBluRayOnArrival_ReadDisc\
"Provider" = "ImgBurn"
"InvokeProgID" = "ImgBurn.AutoPlay.1"
"InvokeVerb" = "PlayBluRayOnArrival_ReadDisc"
HKLM\SOFTWARE\Classes\ImgBurn.AutoPlay.1\shell\PlayBluRayOnArrival_ReadDisc\Command\(Default) = ""D:\PORTABLE PROGRAM FİLES X86\DVD_CD\ImgBurn\ImgBurn.exe" /MODE READ /SRC "%1"" ["LIGHTNING UK!"]

ImgBurnPlayCDAudioOnArrival_ReadDisc\
"Provider" = "ImgBurn"
"InvokeProgID" = "ImgBurn.AutoPlay.1"
"InvokeVerb" = "PlayCDAudioOnArrival_ReadDisc"
HKLM\SOFTWARE\Classes\ImgBurn.AutoPlay.1\shell\PlayCDAudioOnArrival_ReadDisc\Command\(Default) = ""D:\PORTABLE PROGRAM FİLES X86\DVD_CD\ImgBurn\ImgBurn.exe" /MODE READ /SRC "%1"" ["LIGHTNING UK!"]

ImgBurnPlayDVDMovieOnArrival_ReadDisc\
"Provider" = "ImgBurn"
"InvokeProgID" = "ImgBurn.AutoPlay.1"
"InvokeVerb" = "PlayDVDMovieOnArrival_ReadDisc"
HKLM\SOFTWARE\Classes\ImgBurn.AutoPlay.1\shell\PlayDVDMovieOnArrival_ReadDisc\Command\(Default) = ""D:\PORTABLE PROGRAM FİLES X86\DVD_CD\ImgBurn\ImgBurn.exe" /MODE READ /SRC "%1"" ["LIGHTNING UK!"]

ImgBurnPlayHDDVDOnArrival_ReadDisc\
"Provider" = "ImgBurn"
"InvokeProgID" = "ImgBurn.AutoPlay.1"
"InvokeVerb" = "PlayHDDVDOnArrival_ReadDisc"
HKLM\SOFTWARE\Classes\ImgBurn.AutoPlay.1\shell\PlayHDDVDOnArrival_ReadDisc\Command\(Default) = ""D:\PORTABLE PROGRAM FİLES X86\DVD_CD\ImgBurn\ImgBurn.exe" /MODE READ /SRC "%1"" ["LIGHTNING UK!"]

MSWMEncVCArrival\
"Provider" = "Windows Media Kodlayıcısı 9 Series"
"ProgID" = "Shell.HWEventHandlerShellExecute"
"InitCmdLine" = "C:\Program Files\Windows Media Components\Encoder\WMEnc.exe"
HKLM\SOFTWARE\Classes\Shell.HWEventHandlerShellExecute\CLSID\(Default) = "{FFB8655F-81B9-4fce-B89C-9A6BA76D13E7}"
  -> {HKLM...CLSID} = "Shell Execute Hardware Event Handler"
                   \LocalServer32\(Default) = "C:\Windows\System32\rundll32.exe shell32.dll,SHCreateLocalServerRunDll {FFB8655F-81B9-4fce-B89C-9A6BA76D13E7}" [MS]

WIA_{5DD24746-352D-43FC-8D21-D9C1F852D3CE}\
"Provider" = "Microsoft Office Document Scanning"
"CLSID" = "{A55803CC-4D53-404c-8557-FD63DBA95D24}"
"InitCmdLine" = "/WiaCmd;C:\Program Files\Common Files\Microsoft Shared\MODI\12.0\MSPSCAN.EXE;"
  -> {HKLM...CLSID} = "WPDShextAutoplay"
                   \LocalServer32\(Default) = "C:\Windows\system32\WPDShextAutoplay.exe" [MS]

WIA_{D3A1F1C2-5C68-4436-90D3-AE004884C2D5}\
"Provider" = "Microsoft Office Word"
"CLSID" = "{A55803CC-4D53-404c-8557-FD63DBA95D24}"
"InitCmdLine" = "/WiaCmd;C:\Program Files\Microsoft Office\Office12\WINWORD.EXE /IMG_WIA;"
  -> {HKLM...CLSID} = "WPDShextAutoplay"
                   \LocalServer32\(Default) = "C:\Windows\system32\WPDShextAutoplay.exe" [MS]


Windows Sidebar Gadgets:
------------------------

C:\Users\Administrator\AppData\Local\Microsoft\Windows Sidebar\Settings.ini
"C:%5CProgram%20Files%5CWindows%20Sidebar%5CGadgets%5Carkaplan%20değiştirme.Gadget"
"C:%5CProgram%20Files%5CWindows%20Sidebar%5CShared%20Gadgets%5CLiveClock.Gadget"
"C:%5CProgram%20Files%5CWindows%20Sidebar%5CGadgets%5CCalendar.Gadget"
"C:%5CProgram%20Files%5CWindows%20Sidebar%5CGadgets%5CMultiMeterS120.Gadget"
"C:%5CProgram%20Files%5CWindows%20Sidebar%5CGadgets%5CVistaCalculator201.Gadget"


Non-disabled Scheduled Tasks:
-----------------------------

C:\Windows\System32\Tasks
"Game_Booster_AutoUpdate" ->  launches: "C:\Program Files\IObit\Game Booster 3\AutoUpdate.exe /AUTORUN" ["IObit"]
"Geri Yükleme Noktası" ->  launches: ""D:\PORTABLE PROGRAM FİLES X86\GENEL\SordumNet\Microsoft (R) Windows Based Script\GeriYüklemeNoktasıOluşturma\GeriYüklemeNoktası.vbs" /AUTORUN" [null data]


Winsock2 Service Provider DLLs:
-------------------------------

Namespace Service Providers

HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}
000000000001\LibraryPath = "%SystemRoot%\system32\NLAapi.dll" [MS]
000000000002\LibraryPath = "%SystemRoot%\system32\napinsp.dll" [MS]
000000000003\LibraryPath = "%SystemRoot%\system32\pnrpnsp.dll" [MS]
000000000004\LibraryPath = "%SystemRoot%\system32\pnrpnsp.dll" [MS]
000000000005\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
000000000006\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]

Transport Service Providers

HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}
0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:
%SystemRoot%\system32\mswsock.dll [MS], 01 - 22


Toolbars, Explorer Bars, Extensions:
------------------------------------

Toolbars

HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\
"{553891B7-A0D5-4526-BE18-D3CE461D6310}" = (no title provided)
  -> {HKLM...CLSID} = "Classic Explorer Bar"
                   \InProcServer32\(Default) = "C:\Program Files\Classic Shell\ClassicExplorer32.dll" ["IvoSoft"]

Explorer Bars

HKLM\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\

HKLM\SOFTWARE\Classes\CLSID\{2A541AE1-5BF6-4665-A8A3-CFA9672E4291}\(Default) = "Groove Folder Synchronization"
Implemented Categories\{00021493-0000-0000-C000-000000000046}\ [vertical bar]
InProcServer32\(Default) = "C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll" [MS]

HKLM\SOFTWARE\Classes\CLSID\{FF059E31-CC5A-4E2E-BF3B-96E929D65503}\(Default) = "&Araştır"
Implemented Categories\{00021493-0000-0000-C000-000000000046}\ [vertical bar]
InProcServer32\(Default) = "C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL" [MS]

Extensions (Tools menu items, main toolbar menu buttons)

HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\
{56753E59-AF1D-4FBA-9E15-31557124ADA2}\
"MenuText" = "Classic IE Settings"
"Exec" = "C:\Program Files\Classic Shell\ClassicIE_32.exe" ["IvoSoft"]

{92780B25-18CC-41C8-B9BE-3C9C571A8263}\
"ButtonText" = "Research"


HOSTS file
----------

C:\Windows\System32\drivers\etc\HOSTS

maps: 56 domain names to IP addresses,
      12 of the IP addresses are *not* localhost!


Running Services (Display Name, Service Name, Path {Service DLL}):
------------------------------------------------------------------

Ext2Fsd Service Manager, Ext2Srv, "C:\Windows\System32\Ext2Srv.EXE" ["www.ext2fsd.com"]
XAudioService, XAudioService, "C:\Windows\system32\DRIVERS\xaudio.exe" ["Conexant Systems, Inc."]


Print Monitors:
---------------

HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors\
Microsoft Document Imaging Writer Monitor\Driver = "mdimon.dll" [MS]
Send To Microsoft OneNote Monitor\Driver = "msonpmon.dll" [MS]


---------- (launch time: 2019-02-14 00:47:36)
<<!>>: Suspicious data at a malware launch point.

+ This report excludes default entries except where indicated.
+ To see *everywhere* the script checks and *everything* it finds,
  launch it from a command prompt or a shortcut with the -all parameter.
+ To search all directories of local fixed drives for DESKTOP.INI
  DLL launch points, use the -supp parameter or answer "No" at the
  first message box and "Yes" at the second message box.
---------- (total run time: 81 seconds, including 17 seconds for message boxes)
TRWE_2016
FEDAKARLIK OLMADAN ZAFER OLMAZ....!
-----------------------------
LINUXMASTER 2018
ZAFER'E GİDEN YOL,FEDAKARLIKTAN GEÇER...!
-----------------------------
BATTALGAZİ 2023
Heaven to My Friend, Hell to My Enemy ....!



Kullanıcı avatarı
velociraptor
Yottabyte4
Yottabyte4
Mesajlar: 30096
Kayıt: 14 Mar 2006, 02:33
cinsiyet: Erkek

Re: Sisteminizde Çalışan Tüm Uygulamaların Dökümünü Alın

Mesaj gönderen velociraptor » 14 Şub 2019, 12:28

Paylaşım için teşekürler
Knowledge determines destiny, And ye shall know the Truth and the Truth shall make you free

Cevapla