SAYGINER Posted May 3, 2012 Share Posted May 3, 2012 Merhaba arkadaşlar.İki gündür Zemana AntiLogger v1.9.2.819 programını autoit ile katılımsız yapmaya çalışıyorum.Programın sessiz kurulum parametresi yok.Bir türlü olmadı.Kayıt defteri değişikliklerini izleyip yapayım dedim ama Regshot programını kullandım bana ~res.txt adlı dosya oluşturdu.Fakat dosyada çok fazla değer var.Ben bunlardan hangilerini kullanmam gerekir.Dosyadaki başlıklar şöyle. Anahtarlar silinmi?8 Anahtarlar eklenmi?16 Değerler silinmi?92 Dosyalar?eklenmi?4 Dosyaların özellikleri değiştirilmi?9 Klasörler eklenmi?1 Tüm değişiklikler:286 Bunlardan hangi vaya hangilerini kullanmam gerekir.Bir de Total-Uninstal programını kullanayım dedim o da bir çok kayıt çıkartıyor.Hangilerini almam gerektiğini bulamadım.Saygılarımla. Quote Link to comment Share on other sites More sharing options...
blackman12 Posted May 3, 2012 Share Posted May 3, 2012 Onun yerine res.txt içeriğini verseydin ya. Quote Link to comment Share on other sites More sharing options...
SAYGINER Posted May 3, 2012 Author Share Posted May 3, 2012 (edited) [quote name='blackman12' date='03 May 2012 - 13:19 ' timestamp='1336040355' post='1195850'] Onun yerine res.txt içeriğini verseydin ya. [/quote] Çok uzun olduğu için göndermemiştim.Buyrun Regshot 1.8.2 Açıklamalar: Zaman:2012/5/2 06:55:02 , 2012/5/2 06:56:06 ---------------------------------- Anahtarlar silinmi?8 ---------------------------------- HKU\.DEFAULT\Software\Classes\Local Settings\MuiCache\7F HKU\.DEFAULT\Software\Classes\Local Settings\MuiCache\7F\8F259D79 HKU\S-1-5-21-2364720041-329696966-366428550-1000\Software\Classes\Local Settings\MuiCache\7F HKU\S-1-5-21-2364720041-329696966-366428550-1000\Software\Classes\Local Settings\MuiCache\7F\8F259D79 HKU\S-1-5-21-2364720041-329696966-366428550-1000_Classes\Local Settings\MuiCache\7F HKU\S-1-5-21-2364720041-329696966-366428550-1000_Classes\Local Settings\MuiCache\7F\8F259D79 HKU\S-1-5-18\Software\Classes\Local Settings\MuiCache\7F HKU\S-1-5-18\Software\Classes\Local Settings\MuiCache\7F\8F259D79 ---------------------------------- Anahtarlar eklenmi?16 ---------------------------------- HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AntiLogger HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{014534FF-1D46-4A77-9B48-29EFD145995B} HKLM\SOFTWARE\MimarSinan\InstallAware\Ident.Cache\{014534FF-1D46-4A77-9B48-29EFD145995B} HKLM\SOFTWARE\Classes\Installer\Features\FF43541064D177A4B98492FE1D5499B5 HKLM\SOFTWARE\Classes\Installer\Products\FF43541064D177A4B98492FE1D5499B5 HKLM\SOFTWARE\Classes\Installer\Products\FF43541064D177A4B98492FE1D5499B5\SourceList HKLM\SOFTWARE\Classes\Installer\Products\FF43541064D177A4B98492FE1D5499B5\SourceList\Media HKLM\SOFTWARE\Classes\Installer\Products\FF43541064D177A4B98492FE1D5499B5\SourceList\Net HKLM\SOFTWARE\Classes\Installer\UpgradeCodes\A56396B7B7E641342B6C6F5AC648A414 HKLM\SOFTWARE\Zemana HKU\.DEFAULT\Software\Classes\Local Settings\MuiCache\80 HKU\S-1-5-21-2364720041-329696966-366428550-1000\Software\Classes\Local Settings\MuiCache\80 HKU\S-1-5-21-2364720041-329696966-366428550-1000\Software\Classes\Local Settings\MuiCache\80\8F259D79 HKU\S-1-5-21-2364720041-329696966-366428550-1000_Classes\Local Settings\MuiCache\80 HKU\S-1-5-21-2364720041-329696966-366428550-1000_Classes\Local Settings\MuiCache\80\8F259D79 HKU\S-1-5-18\Software\Classes\Local Settings\MuiCache\80 ---------------------------------- Değerler silinmi?92 ---------------------------------- HKU\.DEFAULT\Software\Classes\Local Settings\MuiCache\7F\8F259D79\LanguageList: 'tr-TR tr en-US en' HKU\.DEFAULT\Software\Classes\Local Settings\MuiCache\7F\8F259D79\@%SystemRoot%\system32\p2pcollab.dll,-8042: "Eşler Arası Güven" HKU\.DEFAULT\Software\Classes\Local Settings\MuiCache\7F\8F259D79\@%SystemRoot%\system32\qagentrt.dll,-10: "Sistem Durumu Kimlik Doğrulaması" HKU\.DEFAULT\Software\Classes\Local Settings\MuiCache\7F\8F259D79\@%SystemRoot%\system32\dnsapi.dll,-103: "Etki Alanı Adı Sistemi (DNS) Sunucu Güveni" HKU\.DEFAULT\Software\Classes\Local Settings\MuiCache\7F\8F259D79\@%SystemRoot%\System32\fveui.dll,-843: "BitLocker Sürücü Şifrelemesi" HKU\.DEFAULT\Software\Classes\Local Settings\MuiCache\7F\8F259D79\@%SystemRoot%\System32\fveui.dll,-844: "BitLocker Veri Kurtarma Aracısı" HKU\S-1-5-21-2364720041-329696966-366428550-1000\Software\Classes\Local Settings\MuiCache\7F\8F259D79\LanguageList: 'tr-TR tr en-US en' HKU\S-1-5-21-2364720041-329696966-366428550-1000\Software\Classes\Local Settings\MuiCache\7F\8F259D79\@"%windir%\System32\ie4uinit.exe",-732: "Internet'te bilgi ve Web sitesi bulur ve görüntüler." HKU\S-1-5-21-2364720041-329696966-366428550-1000\Software\Classes\Local Settings\MuiCache\7F\8F259D79\@C:\Windows\System32\ie4uinit.exe,-734: "Internet Explorer" HKU\S-1-5-21-2364720041-329696966-366428550-1000\Software\Classes\Local Settings\MuiCache\7F\8F259D79\@C:\Windows\system32\unregmp2.exe,-4: "Windows Media Player" HKU\S-1-5-21-2364720041-329696966-366428550-1000\Software\Classes\Local Settings\MuiCache\7F\8F259D79\@C:\Windows\system32\DeviceCenter.dll,-1000: "Aygıtlar ve Yazıcılar" HKU\S-1-5-21-2364720041-329696966-366428550-1000\Software\Classes\Local Settings\MuiCache\7F\8F259D79\@C:\Windows\system32\sud.dll,-1: "Varsayılan Programlar" HKU\S-1-5-21-2364720041-329696966-366428550-1000\Software\Classes\Local Settings\MuiCache\7F\8F259D79\@C:\Windows\explorer.exe,-7021: "Yardım ve Destek" HKU\S-1-5-21-2364720041-329696966-366428550-1000\Software\Classes\Local Settings\MuiCache\7F\8F259D79\@%SystemRoot%\system32\p2pcollab.dll,-8042: "Eşler Arası Güven" HKU\S-1-5-21-2364720041-329696966-366428550-1000\Software\Classes\Local Settings\MuiCache\7F\8F259D79\@%SystemRoot%\system32\dnsapi.dll,-103: "Etki Alanı Adı Sistemi (DNS) Sunucu Güveni" HKU\S-1-5-21-2364720041-329696966-366428550-1000\Software\Classes\Local Settings\MuiCache\7F\8F259D79\@zipfldr.dll,-10148: "Sıkıştırılmış klasör" HKU\S-1-5-21-2364720041-329696966-366428550-1000\Software\Classes\Local Settings\MuiCache\7F\8F259D79\@sendmail.dll,-4: "Posta alıcısı" HKU\S-1-5-21-2364720041-329696966-366428550-1000\Software\Classes\Local Settings\MuiCache\7F\8F259D79\@C:\Windows\system32\FXSRESM.dll,-120: "Faks alıcısı" HKU\S-1-5-21-2364720041-329696966-366428550-1000\Software\Classes\Local Settings\MuiCache\7F\8F259D79\@sendmail.dll,-21: "Masaüstü (kısayol oluştur)" HKU\S-1-5-21-2364720041-329696966-366428550-1000\Software\Classes\Local Settings\MuiCache\7F\8F259D79\@C:\Windows\system32\ntshrui.dll,-103: "Bununl&a paylaş" HKU\S-1-5-21-2364720041-329696966-366428550-1000\Software\Classes\Local Settings\MuiCache\7F\8F259D79\@C:\Windows\system32\ntshrui.dll,-5112: "Seçili öğeleri ağdaki diğer kişilerle paylaşın." HKU\S-1-5-21-2364720041-329696966-366428550-1000\Software\Classes\Local Settings\MuiCache\7F\8F259D79\@C:\Windows\system32\NetworkExplorer.dll,-1: "Ağ" HKU\S-1-5-21-2364720041-329696966-366428550-1000\Software\Classes\Local Settings\MuiCache\7F\8F259D79\@C:\Windows\regedit.exe,-309: "Kayıt Girdileri" HKU\S-1-5-21-2364720041-329696966-366428550-1000\Software\Classes\Local Settings\MuiCache\7F\8F259D79\@"%systemroot%\system32\windowspowershell\v1.0\powershell.exe",-111: "Performs object-based (command-line) functions" HKU\S-1-5-21-2364720041-329696966-366428550-1000\Software\Classes\Local Settings\MuiCache\7F\8F259D79\@"%windir%\System32\ie4uinit.exe",-738: "Internet Explorer'ı ActiveX denetimleri veya tarayıcı uzantıları olmadan başlat." HKU\S-1-5-21-2364720041-329696966-366428550-1000\Software\Classes\Local Settings\MuiCache\7F\8F259D79\@C:\Windows\system32\unregmp2.exe,-9800: "&Windows Media Player listesine ekle" HKU\S-1-5-21-2364720041-329696966-366428550-1000\Software\Classes\Local Settings\MuiCache\7F\8F259D79\@C:\Windows\system32\unregmp2.exe,-9801: "Windows &Media Player ile Yürüt" HKU\S-1-5-21-2364720041-329696966-366428550-1000\Software\Classes\Local Settings\MuiCache\7F\8F259D79\@C:\Windows\system32\notepad.exe,-469: "Metin Belgesi" HKU\S-1-5-21-2364720041-329696966-366428550-1000\Software\Classes\Local Settings\MuiCache\7F\8F259D79\@C:\Windows\regedit.exe,-310: "&Birleştir" HKU\S-1-5-21-2364720041-329696966-366428550-1000\Software\Classes\Local Settings\MuiCache\7F\8F259D79\@C:\Windows\System32\ie4uinit.exe,-735: "Internet Explorer (64 bit)" HKU\S-1-5-21-2364720041-329696966-366428550-1000\Software\Classes\Local Settings\MuiCache\7F\8F259D79\@C:\Windows\ehome\ehres.dll,-100: "Windows Media Center" HKU\S-1-5-21-2364720041-329696966-366428550-1000\Software\Classes\Local Settings\MuiCache\7F\8F259D79\@C:\Program Files\Windows Sidebar\sidebar.exe,-1005: "Masaüstü Araç Galerisi" HKU\S-1-5-21-2364720041-329696966-366428550-1000\Software\Classes\Local Settings\MuiCache\7F\8F259D79\@C:\Windows\system32\wucltux.dll,-1: "Windows Update" HKU\S-1-5-21-2364720041-329696966-366428550-1000\Software\Classes\Local Settings\MuiCache\7F\8F259D79\@C:\Windows\system32\XpsRchVw.exe,-102: "XPS Görüntüleyicisi" HKU\S-1-5-21-2364720041-329696966-366428550-1000\Software\Classes\Local Settings\MuiCache\7F\8F259D79\@%systemroot%\ehome\ehres.dll,-116: "TV, filmler, müzik ve resimler dahil olmak üzere dijital ve istendiğinde medya için ev eğlence seçeneğini açar." HKU\S-1-5-21-2364720041-329696966-366428550-1000\Software\Classes\Local Settings\MuiCache\7F\8F259D79\@%systemroot%\syswow64\unregmp2.exe,-155: "Müzik, video, CD, ve DVD'leri içeren dijital medyaları yürütür." HKU\S-1-5-21-2364720041-329696966-366428550-1000\Software\Classes\Local Settings\MuiCache\7F\8F259D79\@%systemroot%\system32\XpsRchVw.exe,-103: "XPS belgelerini görüntüleyin, dijital olarak imzalayın ve ilgili izinleri ayarlayın" HKU\S-1-5-21-2364720041-329696966-366428550-1000\Software\Classes\Local Settings\MuiCache\7F\8F259D79\@C:\Program Files\Common Files\Microsoft Shared\Ink\mip.exe,-291: "Matematiksel Giriş Paneli" HKU\S-1-5-21-2364720041-329696966-366428550-1000\Software\Classes\Local Settings\MuiCache\7F\8F259D79\@C:\Windows\system32\displayswitch.exe,-320: "Projektöre Bağlan" HKU\S-1-5-21-2364720041-329696966-366428550-1000\Software\Classes\Local Settings\MuiCache\7F\8F259D79\@C:\Windows\system32\mstsc.exe,-4000: "Uzak Masaüstü Bağlantısı" HKU\S-1-5-21-2364720041-329696966-366428550-1000\Software\Classes\Local Settings\MuiCache\7F\8F259D79\@C:\Windows\system32\OobeFldr.dll,-33056: "Başlarken" HKU\S-1-5-21-2364720041-329696966-366428550-1000\Software\Classes\Local Settings\MuiCache\7F\8F259D79\@C:\Windows\System32\SyncCenter.dll,-3000: "Eşitleme Merkezi" HKU\S-1-5-21-2364720041-329696966-366428550-1000\Software\Classes\Local Settings\MuiCache\7F\8F259D79\@C:\Program Files\windows journal\journal.exe,-62005: "Tablet PC" HKU\S-1-5-21-2364720041-329696966-366428550-1000\Software\Classes\Local Settings\MuiCache\7F\8F259D79\@%windir%\system32\mstsc.exe,-4001: "Başka bir yerde bulunan bilgisayara bağlanmak ve program çalıştırıp dosyalara erişmek için bilgisayarınızı kullanın." HKU\S-1-5-21-2364720041-329696966-366428550-1000\Software\Classes\Local Settings\MuiCache\7F\8F259D79\@%windir%\system32\displayswitch.exe,-321: "Bilgisayarınızı ekran kablosuyla bir projektöre bağlayın." HKU\S-1-5-21-2364720041-329696966-366428550-1000\Software\Classes\Local Settings\MuiCache\7F\8F259D79\@%CommonProgramFiles%\Microsoft Shared\Ink\mip.exe,-292: "Matematiksel Giriş Paneli" HKU\S-1-5-21-2364720041-329696966-366428550-1000_Classes\Local Settings\MuiCache\7F\8F259D79\LanguageList: 'tr-TR tr en-US en' HKU\S-1-5-21-2364720041-329696966-366428550-1000_Classes\Local Settings\MuiCache\7F\8F259D79\@"%windir%\System32\ie4uinit.exe",-732: "Internet'te bilgi ve Web sitesi bulur ve görüntüler." HKU\S-1-5-21-2364720041-329696966-366428550-1000_Classes\Local Settings\MuiCache\7F\8F259D79\@C:\Windows\System32\ie4uinit.exe,-734: "Internet Explorer" HKU\S-1-5-21-2364720041-329696966-366428550-1000_Classes\Local Settings\MuiCache\7F\8F259D79\@C:\Windows\system32\unregmp2.exe,-4: "Windows Media Player" HKU\S-1-5-21-2364720041-329696966-366428550-1000_Classes\Local Settings\MuiCache\7F\8F259D79\@C:\Windows\system32\DeviceCenter.dll,-1000: "Aygıtlar ve Yazıcılar" HKU\S-1-5-21-2364720041-329696966-366428550-1000_Classes\Local Settings\MuiCache\7F\8F259D79\@C:\Windows\system32\sud.dll,-1: "Varsayılan Programlar" HKU\S-1-5-21-2364720041-329696966-366428550-1000_Classes\Local Settings\MuiCache\7F\8F259D79\@C:\Windows\explorer.exe,-7021: "Yardım ve Destek" HKU\S-1-5-21-2364720041-329696966-366428550-1000_Classes\Local Settings\MuiCache\7F\8F259D79\@%SystemRoot%\system32\p2pcollab.dll,-8042: "Eşler Arası Güven" HKU\S-1-5-21-2364720041-329696966-366428550-1000_Classes\Local Settings\MuiCache\7F\8F259D79\@%SystemRoot%\system32\dnsapi.dll,-103: "Etki Alanı Adı Sistemi (DNS) Sunucu Güveni" HKU\S-1-5-21-2364720041-329696966-366428550-1000_Classes\Local Settings\MuiCache\7F\8F259D79\@zipfldr.dll,-10148: "Sıkıştırılmış klasör" HKU\S-1-5-21-2364720041-329696966-366428550-1000_Classes\Local Settings\MuiCache\7F\8F259D79\@sendmail.dll,-4: "Posta alıcısı" HKU\S-1-5-21-2364720041-329696966-366428550-1000_Classes\Local Settings\MuiCache\7F\8F259D79\@C:\Windows\system32\FXSRESM.dll,-120: "Faks alıcısı" HKU\S-1-5-21-2364720041-329696966-366428550-1000_Classes\Local Settings\MuiCache\7F\8F259D79\@sendmail.dll,-21: "Masaüstü (kısayol oluştur)" HKU\S-1-5-21-2364720041-329696966-366428550-1000_Classes\Local Settings\MuiCache\7F\8F259D79\@C:\Windows\system32\ntshrui.dll,-103: "Bununl&a paylaş" HKU\S-1-5-21-2364720041-329696966-366428550-1000_Classes\Local Settings\MuiCache\7F\8F259D79\@C:\Windows\system32\ntshrui.dll,-5112: "Seçili öğeleri ağdaki diğer kişilerle paylaşın." HKU\S-1-5-21-2364720041-329696966-366428550-1000_Classes\Local Settings\MuiCache\7F\8F259D79\@C:\Windows\system32\NetworkExplorer.dll,-1: "Ağ" HKU\S-1-5-21-2364720041-329696966-366428550-1000_Classes\Local Settings\MuiCache\7F\8F259D79\@C:\Windows\regedit.exe,-309: "Kayıt Girdileri" HKU\S-1-5-21-2364720041-329696966-366428550-1000_Classes\Local Settings\MuiCache\7F\8F259D79\@"%systemroot%\system32\windowspowershell\v1.0\powershell.exe",-111: "Performs object-based (command-line) functions" HKU\S-1-5-21-2364720041-329696966-366428550-1000_Classes\Local Settings\MuiCache\7F\8F259D79\@"%windir%\System32\ie4uinit.exe",-738: "Internet Explorer'ı ActiveX denetimleri veya tarayıcı uzantıları olmadan başlat." HKU\S-1-5-21-2364720041-329696966-366428550-1000_Classes\Local Settings\MuiCache\7F\8F259D79\@C:\Windows\system32\unregmp2.exe,-9800: "&Windows Media Player listesine ekle" HKU\S-1-5-21-2364720041-329696966-366428550-1000_Classes\Local Settings\MuiCache\7F\8F259D79\@C:\Windows\system32\unregmp2.exe,-9801: "Windows &Media Player ile Yürüt" HKU\S-1-5-21-2364720041-329696966-366428550-1000_Classes\Local Settings\MuiCache\7F\8F259D79\@C:\Windows\system32\notepad.exe,-469: "Metin Belgesi" HKU\S-1-5-21-2364720041-329696966-366428550-1000_Classes\Local Settings\MuiCache\7F\8F259D79\@C:\Windows\regedit.exe,-310: "&Birleştir" HKU\S-1-5-21-2364720041-329696966-366428550-1000_Classes\Local Settings\MuiCache\7F\8F259D79\@C:\Windows\System32\ie4uinit.exe,-735: "Internet Explorer (64 bit)" HKU\S-1-5-21-2364720041-329696966-366428550-1000_Classes\Local Settings\MuiCache\7F\8F259D79\@C:\Windows\ehome\ehres.dll,-100: "Windows Media Center" HKU\S-1-5-21-2364720041-329696966-366428550-1000_Classes\Local Settings\MuiCache\7F\8F259D79\@C:\Program Files\Windows Sidebar\sidebar.exe,-1005: "Masaüstü Araç Galerisi" HKU\S-1-5-21-2364720041-329696966-366428550-1000_Classes\Local Settings\MuiCache\7F\8F259D79\@C:\Windows\system32\wucltux.dll,-1: "Windows Update" HKU\S-1-5-21-2364720041-329696966-366428550-1000_Classes\Local Settings\MuiCache\7F\8F259D79\@C:\Windows\system32\XpsRchVw.exe,-102: "XPS Görüntüleyicisi" HKU\S-1-5-21-2364720041-329696966-366428550-1000_Classes\Local Settings\MuiCache\7F\8F259D79\@%systemroot%\ehome\ehres.dll,-116: "TV, filmler, müzik ve resimler dahil olmak üzere dijital ve istendiğinde medya için ev eğlence seçeneğini açar." HKU\S-1-5-21-2364720041-329696966-366428550-1000_Classes\Local Settings\MuiCache\7F\8F259D79\@%systemroot%\syswow64\unregmp2.exe,-155: "Müzik, video, CD, ve DVD'leri içeren dijital medyaları yürütür." HKU\S-1-5-21-2364720041-329696966-366428550-1000_Classes\Local Settings\MuiCache\7F\8F259D79\@%systemroot%\system32\XpsRchVw.exe,-103: "XPS belgelerini görüntüleyin, dijital olarak imzalayın ve ilgili izinleri ayarlayın" HKU\S-1-5-21-2364720041-329696966-366428550-1000_Classes\Local Settings\MuiCache\7F\8F259D79\@C:\Program Files\Common Files\Microsoft Shared\Ink\mip.exe,-291: "Matematiksel Giriş Paneli" HKU\S-1-5-21-2364720041-329696966-366428550-1000_Classes\Local Settings\MuiCache\7F\8F259D79\@C:\Windows\system32\displayswitch.exe,-320: "Projektöre Bağlan" HKU\S-1-5-21-2364720041-329696966-366428550-1000_Classes\Local Settings\MuiCache\7F\8F259D79\@C:\Windows\system32\mstsc.exe,-4000: "Uzak Masaüstü Bağlantısı" HKU\S-1-5-21-2364720041-329696966-366428550-1000_Classes\Local Settings\MuiCache\7F\8F259D79\@C:\Windows\system32\OobeFldr.dll,-33056: "Başlarken" HKU\S-1-5-21-2364720041-329696966-366428550-1000_Classes\Local Settings\MuiCache\7F\8F259D79\@C:\Windows\System32\SyncCenter.dll,-3000: "Eşitleme Merkezi" HKU\S-1-5-21-2364720041-329696966-366428550-1000_Classes\Local Settings\MuiCache\7F\8F259D79\@C:\Program Files\windows journal\journal.exe,-62005: "Tablet PC" HKU\S-1-5-21-2364720041-329696966-366428550-1000_Classes\Local Settings\MuiCache\7F\8F259D79\@%windir%\system32\mstsc.exe,-4001: "Başka bir yerde bulunan bilgisayara bağlanmak ve program çalıştırıp dosyalara erişmek için bilgisayarınızı kullanın." HKU\S-1-5-21-2364720041-329696966-366428550-1000_Classes\Local Settings\MuiCache\7F\8F259D79\@%windir%\system32\displayswitch.exe,-321: "Bilgisayarınızı ekran kablosuyla bir projektöre bağlayın." HKU\S-1-5-21-2364720041-329696966-366428550-1000_Classes\Local Settings\MuiCache\7F\8F259D79\@%CommonProgramFiles%\Microsoft Shared\Ink\mip.exe,-292: "Matematiksel Giriş Paneli" HKU\S-1-5-18\Software\Classes\Local Settings\MuiCache\7F\8F259D79\LanguageList: 'tr-TR tr en-US en' HKU\S-1-5-18\Software\Classes\Local Settings\MuiCache\7F\8F259D79\@%SystemRoot%\system32\p2pcollab.dll,-8042: "Eşler Arası Güven" HKU\S-1-5-18\Software\Classes\Local Settings\MuiCache\7F\8F259D79\@%SystemRoot%\system32\qagentrt.dll,-10: "Sistem Durumu Kimlik Doğrulaması" HKU\S-1-5-18\Software\Classes\Local Settings\MuiCache\7F\8F259D79\@%SystemRoot%\system32\dnsapi.dll,-103: "Etki Alanı Adı Sistemi (DNS) Sunucu Güveni" HKU\S-1-5-18\Software\Classes\Local Settings\MuiCache\7F\8F259D79\@%SystemRoot%\System32\fveui.dll,-843: "BitLocker Sürücü Şifrelemesi" HKU\S-1-5-18\Software\Classes\Local Settings\MuiCache\7F\8F259D79\@%SystemRoot%\System32\fveui.dll,-844: "BitLocker Veri Kurtarma Aracısı" ---------------------------------- Değerler eklenmi?130 ---------------------------------- HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\AntiLogger: ""C:\Program Files (x86)\AntiLogger\AntiLogger.exe" /minimized" HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AntiLogger\DisplayIcon: "C:\ProgramData\{2954F7C6-7A4E-4504-8DC4-C1DC7D251C94}\Zemana_AntiLogger_Setup.exe" HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AntiLogger\DisplayName: "AntiLogger" HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AntiLogger\UninstallString: ""C:\ProgramData\{2954F7C6-7A4E-4504-8DC4-C1DC7D251C94}\Zemana_AntiLogger_Setup.exe" REMOVE=TRUE MODIFY=FALSE" HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AntiLogger\ModifyPath: "C:\ProgramData\{2954F7C6-7A4E-4504-8DC4-C1DC7D251C94}\Zemana_AntiLogger_Setup.exe" HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AntiLogger\Publisher: "Zemana Ltd." HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AntiLogger\Contact: "[email protected]" HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AntiLogger\HelpLink: "http://www.zemana.com" HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AntiLogger\URLUpdateInfo: "http://www.zemana.com" HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AntiLogger\Comments: "All rights reserved." HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AntiLogger\InstallLocation: "C:\Program Files (x86)\AntiLogger" HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{014534FF-1D46-4A77-9B48-29EFD145995B}\AuthorizedCDFPrefix: "" HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{014534FF-1D46-4A77-9B48-29EFD145995B}\Comments: "" HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{014534FF-1D46-4A77-9B48-29EFD145995B}\Contact: "" HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{014534FF-1D46-4A77-9B48-29EFD145995B}\DisplayVersion: "1.9.2.819" HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{014534FF-1D46-4A77-9B48-29EFD145995B}\HelpLink: "" HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{014534FF-1D46-4A77-9B48-29EFD145995B}\HelpTelephone: "" HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{014534FF-1D46-4A77-9B48-29EFD145995B}\InstallDate: "20120502" HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{014534FF-1D46-4A77-9B48-29EFD145995B}\InstallLocation: "C:\Program Files (x86)\AntiLogger" HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{014534FF-1D46-4A77-9B48-29EFD145995B}\InstallSource: "C:\Users\3-C\AppData\Local\Temp\mia4\" HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{014534FF-1D46-4A77-9B48-29EFD145995B}\NoModify: 0x00000001 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{014534FF-1D46-4A77-9B48-29EFD145995B}\NoRemove: 0x00000001 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{014534FF-1D46-4A77-9B48-29EFD145995B}\NoRepair: 0x00000001 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{014534FF-1D46-4A77-9B48-29EFD145995B}\Publisher: "Zemana Ltd." HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{014534FF-1D46-4A77-9B48-29EFD145995B}\Readme: "" HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{014534FF-1D46-4A77-9B48-29EFD145995B}\Size: "" HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{014534FF-1D46-4A77-9B48-29EFD145995B}\EstimatedSize: 0x000014F5 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{014534FF-1D46-4A77-9B48-29EFD145995B}\SystemComponent: 0x00000001 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{014534FF-1D46-4A77-9B48-29EFD145995B}\URLInfoAbout: "" HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{014534FF-1D46-4A77-9B48-29EFD145995B}\URLUpdateInfo: "" HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{014534FF-1D46-4A77-9B48-29EFD145995B}\VersionMajor: 0x00000001 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{014534FF-1D46-4A77-9B48-29EFD145995B}\VersionMinor: 0x00000009 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{014534FF-1D46-4A77-9B48-29EFD145995B}\WindowsInstaller: 0x00000001 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{014534FF-1D46-4A77-9B48-29EFD145995B}\Version: 0x01090002 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{014534FF-1D46-4A77-9B48-29EFD145995B}\Language: 0x00000409 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{014534FF-1D46-4A77-9B48-29EFD145995B}\DisplayName: "AntiLogger" HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{014534FF-1D46-4A77-9B48-29EFD145995B}\UninstallString: "C:\ProgramData\{2954F7C6-7A4E-4504-8DC4-C1DC7D251C94}\Zemana_AntiLogger_Setup.exe" HKLM\SOFTWARE\MimarSinan\InstallAware\Ident.Cache\{014534FF-1D46-4A77-9B48-29EFD145995B}\: "C:\ProgramData\{2954F7C6-7A4E-4504-8DC4-C1DC7D251C94}\" HKLM\SOFTWARE\Classes\Installer\Features\FF43541064D177A4B98492FE1D5499B5\FEATURE_ID: "" HKLM\SOFTWARE\Classes\Installer\Features\FF43541064D177A4B98492FE1D5499B5\FB95EE170: "" HKLM\SOFTWARE\Classes\Installer\Features\FF43541064D177A4B98492FE1D5499B5\F9A7C88B3: "" HKLM\SOFTWARE\Classes\Installer\Features\FF43541064D177A4B98492FE1D5499B5\F1DE8F811: "" HKLM\SOFTWARE\Classes\Installer\Features\FF43541064D177A4B98492FE1D5499B5\F171F7AE7: "" HKLM\SOFTWARE\Classes\Installer\Features\FF43541064D177A4B98492FE1D5499B5\F5F5F999B: "" HKLM\SOFTWARE\Classes\Installer\Features\FF43541064D177A4B98492FE1D5499B5\F44B80218: "" HKLM\SOFTWARE\Classes\Installer\Features\FF43541064D177A4B98492FE1D5499B5\F85EFC7C2: "" HKLM\SOFTWARE\Classes\Installer\Features\FF43541064D177A4B98492FE1D5499B5\FAF1EECB4: "" HKLM\SOFTWARE\Classes\Installer\Features\FF43541064D177A4B98492FE1D5499B5\F387A124: "" HKLM\SOFTWARE\Classes\Installer\Features\FF43541064D177A4B98492FE1D5499B5\FCB63A3FC: "" HKLM\SOFTWARE\Classes\Installer\Features\FF43541064D177A4B98492FE1D5499B5\FB5F8F61: "" HKLM\SOFTWARE\Classes\Installer\Features\FF43541064D177A4B98492FE1D5499B5\F77A4B0E6: "" HKLM\SOFTWARE\Classes\Installer\Features\FF43541064D177A4B98492FE1D5499B5\FF0F09FF5: "" HKLM\SOFTWARE\Classes\Installer\Features\FF43541064D177A4B98492FE1D5499B5\F83E44E21: "" HKLM\SOFTWARE\Classes\Installer\Features\FF43541064D177A4B98492FE1D5499B5\FF42FCC6: "" HKLM\SOFTWARE\Classes\Installer\Features\FF43541064D177A4B98492FE1D5499B5\FD7CD8679: "" HKLM\SOFTWARE\Classes\Installer\Features\FF43541064D177A4B98492FE1D5499B5\F709E792D: "" HKLM\SOFTWARE\Classes\Installer\Features\FF43541064D177A4B98492FE1D5499B5\F59BFBC4B: "" HKLM\SOFTWARE\Classes\Installer\Features\FF43541064D177A4B98492FE1D5499B5\FCEB44D2E: "" HKLM\SOFTWARE\Classes\Installer\Features\FF43541064D177A4B98492FE1D5499B5\FD182C781: "" HKLM\SOFTWARE\Classes\Installer\Features\FF43541064D177A4B98492FE1D5499B5\F3775E5F1: "" HKLM\SOFTWARE\Classes\Installer\Features\FF43541064D177A4B98492FE1D5499B5\F4DA06D22: "" HKLM\SOFTWARE\Classes\Installer\Features\FF43541064D177A4B98492FE1D5499B5\FF6E33BE1: "" HKLM\SOFTWARE\Classes\Installer\Features\FF43541064D177A4B98492FE1D5499B5\FF96B0154: "" HKLM\SOFTWARE\Classes\Installer\Features\FF43541064D177A4B98492FE1D5499B5\F16AB24B7: "" HKLM\SOFTWARE\Classes\Installer\Features\FF43541064D177A4B98492FE1D5499B5\F936CABCB: "" HKLM\SOFTWARE\Classes\Installer\Features\FF43541064D177A4B98492FE1D5499B5\FEA6C7D4E: "" HKLM\SOFTWARE\Classes\Installer\Features\FF43541064D177A4B98492FE1D5499B5\F3406812B: "" HKLM\SOFTWARE\Classes\Installer\Features\FF43541064D177A4B98492FE1D5499B5\FC44C4700: "" HKLM\SOFTWARE\Classes\Installer\Features\FF43541064D177A4B98492FE1D5499B5\F3D59225: "" HKLM\SOFTWARE\Classes\Installer\Features\FF43541064D177A4B98492FE1D5499B5\FBEBFAB51: "" HKLM\SOFTWARE\Classes\Installer\Features\FF43541064D177A4B98492FE1D5499B5\FF9E0ECB3: "" HKLM\SOFTWARE\Classes\Installer\Features\FF43541064D177A4B98492FE1D5499B5\FD0939126: "" HKLM\SOFTWARE\Classes\Installer\Features\FF43541064D177A4B98492FE1D5499B5\FB134DF82: "" HKLM\SOFTWARE\Classes\Installer\Features\FF43541064D177A4B98492FE1D5499B5\FDF1A9A0A: "" HKLM\SOFTWARE\Classes\Installer\Features\FF43541064D177A4B98492FE1D5499B5\F6E0F55B5: "" HKLM\SOFTWARE\Classes\Installer\Features\FF43541064D177A4B98492FE1D5499B5\F103DD6D7: "" HKLM\SOFTWARE\Classes\Installer\Features\FF43541064D177A4B98492FE1D5499B5\FA478C9DD: "" HKLM\SOFTWARE\Classes\Installer\Features\FF43541064D177A4B98492FE1D5499B5\FEF9D20C4: "" HKLM\SOFTWARE\Classes\Installer\Features\FF43541064D177A4B98492FE1D5499B5\F196DB702: "" HKLM\SOFTWARE\Classes\Installer\Features\FF43541064D177A4B98492FE1D5499B5\F3B8558D8: "" HKLM\SOFTWARE\Classes\Installer\Features\FF43541064D177A4B98492FE1D5499B5\FE3EE1372: "" HKLM\SOFTWARE\Classes\Installer\Features\FF43541064D177A4B98492FE1D5499B5\FE40BB62C: "" HKLM\SOFTWARE\Classes\Installer\Products\FF43541064D177A4B98492FE1D5499B5\SourceList\Net\1: "C:\Users\3-C\AppData\Local\Temp\mia82F6.tmp\data\" HKLM\SOFTWARE\Classes\Installer\Products\FF43541064D177A4B98492FE1D5499B5\SourceList\Net\2: "C:\Users\3-C\AppData\Local\Temp\mia4" HKLM\SOFTWARE\Classes\Installer\Products\FF43541064D177A4B98492FE1D5499B5\SourceList\Media\MediaPackage: "\Users\3-C\AppData\Local\Temp\mia82F6.tmp\" HKLM\SOFTWARE\Classes\Installer\Products\FF43541064D177A4B98492FE1D5499B5\SourceList\Media\1: ";" HKLM\SOFTWARE\Classes\Installer\Products\FF43541064D177A4B98492FE1D5499B5\SourceList\PackageName: "Zemana_AntiLogger_Setup.msi" HKLM\SOFTWARE\Classes\Installer\Products\FF43541064D177A4B98492FE1D5499B5\SourceList\LastUsedSource: "n;1;C:\Users\3-C\AppData\Local\Temp\mia82F6.tmp\data\" HKLM\SOFTWARE\Classes\Installer\Products\FF43541064D177A4B98492FE1D5499B5\ProductName: "AntiLogger" HKLM\SOFTWARE\Classes\Installer\Products\FF43541064D177A4B98492FE1D5499B5\PackageCode: "6C7F4592E4A74054D84C1CCDD752C149" HKLM\SOFTWARE\Classes\Installer\Products\FF43541064D177A4B98492FE1D5499B5\Language: 0x00000409 HKLM\SOFTWARE\Classes\Installer\Products\FF43541064D177A4B98492FE1D5499B5\Version: 0x01090002 HKLM\SOFTWARE\Classes\Installer\Products\FF43541064D177A4B98492FE1D5499B5\Assignment: 0x00000001 HKLM\SOFTWARE\Classes\Installer\Products\FF43541064D177A4B98492FE1D5499B5\AdvertiseFlags: 0x00000184 HKLM\SOFTWARE\Classes\Installer\Products\FF43541064D177A4B98492FE1D5499B5\InstanceType: 0x00000000 HKLM\SOFTWARE\Classes\Installer\Products\FF43541064D177A4B98492FE1D5499B5\AuthorizedLUAApp: 0x00000000 HKLM\SOFTWARE\Classes\Installer\Products\FF43541064D177A4B98492FE1D5499B5\DeploymentFlags: 0x00000002 HKLM\SOFTWARE\Classes\Installer\Products\FF43541064D177A4B98492FE1D5499B5\Clients: ':' HKLM\SOFTWARE\Classes\Installer\UpgradeCodes\A56396B7B7E641342B6C6F5AC648A414\FF43541064D177A4B98492FE1D5499B5: "" HKLM\SOFTWARE\Zemana\ZAL-SessionId: 0x5EB23EF7 HKU\S-1-5-21-2364720041-329696966-366428550-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\StartPage\NewShortcuts\C:\Users\3-C\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AntiLogger\AntiLogger.lnk: 0x00000001 HKU\S-1-5-21-2364720041-329696966-366428550-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\StartPage\NewShortcuts\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AntiLogger\AntiLogger.lnk: 0x00000001 HKU\S-1-5-21-2364720041-329696966-366428550-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\Count\P:\Hfref\3-P\NccQngn\Ybpny\Grzc\zvn82S6.gzc\Mrznan_NagvYbttre_Frghc.rkr: 00 00 00 00 00 00 00 00 02 00 00 00 65 15 00 00 00 00 80 BF 00 00 80 BF 00 00 80 BF 00 00 80 BF 00 00 80 BF 00 00 80 BF 00 00 80 BF 00 00 80 BF 00 00 80 BF 00 00 80 BF FF FF FF FF 00 00 00 00 00 00 00 00 00 00 00 00 HKU\S-1-5-21-2364720041-329696966-366428550-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\Count\{7P5N40RS-N0SO-4OSP-874N-P0S2R0O9SN8R}\NagvYbttre\NagvYbttre.rkr: 00 00 00 00 00 00 00 00 03 00 00 00 AC 11 00 00 00 00 80 BF 00 00 80 BF 00 00 80 BF 00 00 80 BF 00 00 80 BF 00 00 80 BF 00 00 80 BF 00 00 80 BF 00 00 80 BF 00 00 80 BF FF FF FF FF 00 00 00 00 00 00 00 00 00 00 00 00 HKU\S-1-5-21-2364720041-329696966-366428550-1000\Software\Classes\Local Settings\MuiCache\80\8F259D79\LanguageList: 'tr-TR tr en-US en' HKU\S-1-5-21-2364720041-329696966-366428550-1000\Software\Classes\Local Settings\MuiCache\80\8F259D79\@"%windir%\System32\ie4uinit.exe",-732: "Internet'te bilgi ve Web sitesi bulur ve görüntüler." HKU\S-1-5-21-2364720041-329696966-366428550-1000\Software\Classes\Local Settings\MuiCache\80\8F259D79\@C:\Windows\regedit.exe,-309: "Kayıt Girdileri" HKU\S-1-5-21-2364720041-329696966-366428550-1000\Software\Classes\Local Settings\MuiCache\80\8F259D79\@C:\Windows\system32\notepad.exe,-469: "Metin Belgesi" HKU\S-1-5-21-2364720041-329696966-366428550-1000\Software\Classes\Local Settings\MuiCache\80\8F259D79\@C:\Windows\system32\ntshrui.dll,-103: "Bununl&a paylaş" HKU\S-1-5-21-2364720041-329696966-366428550-1000\Software\Classes\Local Settings\MuiCache\80\8F259D79\@C:\Windows\system32\ntshrui.dll,-5112: "Seçili öğeleri ağdaki diğer kişilerle paylaşın." HKU\S-1-5-21-2364720041-329696966-366428550-1000\Software\Classes\Local Settings\MuiCache\80\8F259D79\@C:\Windows\System32\ie4uinit.exe,-734: "Internet Explorer" HKU\S-1-5-21-2364720041-329696966-366428550-1000\Software\Classes\Local Settings\MuiCache\80\8F259D79\@C:\Windows\system32\unregmp2.exe,-4: "Windows Media Player" HKU\S-1-5-21-2364720041-329696966-366428550-1000\Software\Classes\Local Settings\MuiCache\80\8F259D79\@C:\Windows\system32\DeviceCenter.dll,-1000: "Aygıtlar ve Yazıcılar" HKU\S-1-5-21-2364720041-329696966-366428550-1000\Software\Classes\Local Settings\MuiCache\80\8F259D79\@C:\Windows\system32\sud.dll,-1: "Varsayılan Programlar" HKU\S-1-5-21-2364720041-329696966-366428550-1000\Software\Classes\Local Settings\MuiCache\80\8F259D79\@C:\Windows\explorer.exe,-7021: "Yardım ve Destek" HKU\S-1-5-21-2364720041-329696966-366428550-1000\Software\Classes\Local Settings\MuiCache\80\8F259D79\@%SystemRoot%\system32\p2pcollab.dll,-8042: "Eşler Arası Güven" HKU\S-1-5-21-2364720041-329696966-366428550-1000\Software\Classes\Local Settings\MuiCache\80\8F259D79\@%SystemRoot%\system32\dnsapi.dll,-103: "Etki Alanı Adı Sistemi (DNS) Sunucu Güveni" HKU\S-1-5-21-2364720041-329696966-366428550-1000_Classes\Local Settings\MuiCache\80\8F259D79\LanguageList: 'tr-TR tr en-US en' HKU\S-1-5-21-2364720041-329696966-366428550-1000_Classes\Local Settings\MuiCache\80\8F259D79\@"%windir%\System32\ie4uinit.exe",-732: "Internet'te bilgi ve Web sitesi bulur ve görüntüler." HKU\S-1-5-21-2364720041-329696966-366428550-1000_Classes\Local Settings\MuiCache\80\8F259D79\@C:\Windows\regedit.exe,-309: "Kayıt Girdileri" HKU\S-1-5-21-2364720041-329696966-366428550-1000_Classes\Local Settings\MuiCache\80\8F259D79\@C:\Windows\system32\notepad.exe,-469: "Metin Belgesi" HKU\S-1-5-21-2364720041-329696966-366428550-1000_Classes\Local Settings\MuiCache\80\8F259D79\@C:\Windows\system32\ntshrui.dll,-103: "Bununl&a paylaş" HKU\S-1-5-21-2364720041-329696966-366428550-1000_Classes\Local Settings\MuiCache\80\8F259D79\@C:\Windows\system32\ntshrui.dll,-5112: "Seçili öğeleri ağdaki diğer kişilerle paylaşın." HKU\S-1-5-21-2364720041-329696966-366428550-1000_Classes\Local Settings\MuiCache\80\8F259D79\@C:\Windows\System32\ie4uinit.exe,-734: "Internet Explorer" HKU\S-1-5-21-2364720041-329696966-366428550-1000_Classes\Local Settings\MuiCache\80\8F259D79\@C:\Windows\system32\unregmp2.exe,-4: "Windows Media Player" HKU\S-1-5-21-2364720041-329696966-366428550-1000_Classes\Local Settings\MuiCache\80\8F259D79\@C:\Windows\system32\DeviceCenter.dll,-1000: "Aygıtlar ve Yazıcılar" HKU\S-1-5-21-2364720041-329696966-366428550-1000_Classes\Local Settings\MuiCache\80\8F259D79\@C:\Windows\system32\sud.dll,-1: "Varsayılan Programlar" HKU\S-1-5-21-2364720041-329696966-366428550-1000_Classes\Local Settings\MuiCache\80\8F259D79\@C:\Windows\explorer.exe,-7021: "Yardım ve Destek" HKU\S-1-5-21-2364720041-329696966-366428550-1000_Classes\Local Settings\MuiCache\80\8F259D79\@%SystemRoot%\system32\p2pcollab.dll,-8042: "Eşler Arası Güven" HKU\S-1-5-21-2364720041-329696966-366428550-1000_Classes\Local Settings\MuiCache\80\8F259D79\@%SystemRoot%\system32\dnsapi.dll,-103: "Etki Alanı Adı Sistemi (DNS) Sunucu Güveni" Değerler değiştirilmi?26 ---------------------------------- HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\explorer\GlobalAssocChangedCounter: 0x000000D6 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\explorer\GlobalAssocChangedCounter: 0x000000D7 HKU\S-1-5-21-2364720041-329696966-366428550-1000\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx: 1D 00 00 00 14 00 00 00 03 00 00 00 2C 00 00 00 24 00 00 00 00 00 00 00 29 00 00 00 2A 00 00 00 01 00 00 00 0F 00 00 00 2B 00 00 00 1A 00 00 00 02 00 00 00 04 00 00 00 23 00 00 00 28 00 00 00 20 00 00 00 1B 00 00 00 19 00 00 00 16 00 00 00 0C 00 00 00 07 00 00 00 12 00 00 00 13 00 00 00 27 00 00 00 21 00 00 00 26 00 00 00 25 00 00 00 11 00 00 00 22 00 00 00 1F 00 00 00 06 00 00 00 1E 00 00 00 1C 00 00 00 0D 00 00 00 18 00 00 00 10 00 00 00 17 00 00 00 15 00 00 00 0E 00 00 00 0B 00 00 00 08 00 00 00 09 00 00 00 0A 00 00 00 05 00 00 00 FF FF FF FF HKU\S-1-5-21-2364720041-329696966-366428550-1000\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx: 2C 00 00 00 1D 00 00 00 14 00 00 00 03 00 00 00 24 00 00 00 00 00 00 00 29 00 00 00 2A 00 00 00 01 00 00 00 0F 00 00 00 2B 00 00 00 1A 00 00 00 02 00 00 00 04 00 00 00 23 00 00 00 28 00 00 00 20 00 00 00 1B 00 00 00 19 00 00 00 16 00 00 00 0C 00 00 00 07 00 00 00 12 00 00 00 13 00 00 00 27 00 00 00 21 00 00 00 26 00 00 00 25 00 00 00 11 00 00 00 22 00 00 00 1F 00 00 00 06 00 00 00 1E 00 00 00 1C 00 00 00 0D 00 00 00 18 00 00 00 10 00 00 00 17 00 00 00 15 00 00 00 0E 00 00 00 0B 00 00 00 08 00 00 00 09 00 00 00 0A 00 00 00 05 00 00 00 FF FF FF FF HKU\S-1-5-21-2364720041-329696966-366428550-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx: 1D 00 00 00 14 00 00 00 03 00 00 00 2C 00 00 00 24 00 00 00 00 00 00 00 29 00 00 00 2A 00 00 00 01 00 00 00 0F 00 00 00 2B 00 00 00 1A 00 00 00 02 00 00 00 04 00 00 00 23 00 00 00 28 00 00 00 20 00 00 00 1B 00 00 00 19 00 00 00 16 00 00 00 0C 00 00 00 07 00 00 00 12 00 00 00 13 00 00 00 27 00 00 00 21 00 00 00 26 00 00 00 25 00 00 00 11 00 00 00 22 00 00 00 1F 00 00 00 06 00 00 00 1E 00 00 00 1C 00 00 00 0D 00 00 00 18 00 00 00 10 00 00 00 17 00 00 00 15 00 00 00 0E 00 00 00 0B 00 00 00 08 00 00 00 09 00 00 00 0A 00 00 00 05 00 00 00 FF FF FF FF HKU\S-1-5-21-2364720041-329696966-366428550-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx: 2C 00 00 00 1D 00 00 00 14 00 00 00 03 00 00 00 24 00 00 00 00 00 00 00 29 00 00 00 2A 00 00 00 01 00 00 00 0F 00 00 00 2B 00 00 00 1A 00 00 00 02 00 00 00 04 00 00 00 23 00 00 00 28 00 00 00 20 00 00 00 1B 00 00 00 19 00 00 00 16 00 00 00 0C 00 00 00 07 00 00 00 12 00 00 00 13 00 00 00 27 00 00 00 21 00 00 00 26 00 00 00 25 00 00 00 11 00 00 00 22 00 00 00 1F 00 00 00 06 00 00 00 1E 00 00 00 1C 00 00 00 0D 00 00 00 18 00 00 00 10 00 00 00 17 00 00 00 15 00 00 00 0E 00 00 00 0B 00 00 00 08 00 00 00 09 00 00 00 0A 00 00 00 05 00 00 00 FF FF FF FF ---------------------------------- Dosyalar?eklenmi?4 ---------------------------------- C:\WINDOWS\Installer\52a441.msi C:\WINDOWS\Installer\{014534FF-1D46-4A77-9B48-29EFD145995B}\ty5c0.0.0.05cImages5cIcons5.ico C:\WINDOWS\Prefetch\SVCHOST.EXE-80F4A784.pf C:\WINDOWS\Prefetch\ZEMANA_ANTILOGGER_SETUP.EXE-42B9A713.pf ---------------------------------- Dosyaların özellikleri değiştirilmi?9 ---------------------------------- C:\WINDOWS\Prefetch\ANTILOGGER.EXE-2BCDB1F1.pf C:\WINDOWS\Prefetch\IEXPLORE.EXE-4B6C9213.pf C:\WINDOWS\Prefetch\INSHLPR.EXE-4C2E94E5.pf C:\WINDOWS\Prefetch\INSHLPR.EXE-FD90CE13.pf C:\WINDOWS\Prefetch\KEYGEN.EXE-32D2E697.pf C:\WINDOWS\Prefetch\MSIEXEC.EXE-A2D55CB6.pf C:\WINDOWS\Prefetch\MSIEXEC.EXE-E09A077A.pf C:\WINDOWS\Prefetch\SEARCHFILTERHOST.EXE-77482212.pf C:\WINDOWS\Prefetch\ZEMANA_ANTILOGGER_1.9.2.819.E-A0CF78B6.pf ---------------------------------- Klasörler eklenmi?1 ---------------------------------- C:\WINDOWS\Installer\{014534FF-1D46-4A77-9B48-29EFD145995B} ---------------------------------- Tüm değişiklikler:286 yardımlarınızı bekliyorum Edited May 3, 2012 by SAYGINER Quote Link to comment Share on other sites More sharing options...
SAYGINER Posted May 3, 2012 Author Share Posted May 3, 2012 Zemana AntiLogger v1.9.2.819 şu kodlarla kurmaya çalıştım fakat lisanslayamadım. Lisans kodu bu F77012C8E6416F8FFB299B03D23530A3 fakat reg kayıtlarında çıkmıyorBu arada yazdığım ilk mesaja cevap alamayınca reg kaydını WinINSTALL LE. adlı programla almaya çalıştım. Run('Zemana_AntiLogger_1.9.2.819.exe') _WinWaitActivate("Select Setup Language","&Cancel") Send("{ENTER}") _WinWaitActivate("AntiLogger - InstallAware Wizard","&Next >") Send("{ENTER}") _WinWaitActivate("AntiLogger - InstallAware Wizard","I &accept the terms ") Send("{ENTER}") _WinWaitActivate("AntiLogger - InstallAware Wizard","C:\Program Files\Ant") Send("{ENTER}") _WinWaitActivate("AntiLogger - InstallAware Wizard","< &Back") Send("{ENTER}") _WinWaitActivate("AntiLogger - InstallAware Wizard","&Run AntiLogger now") Send("{ENTER}") ProcessClose("Zemana AntiLogger 1.9.2.819") RegWrite('HKCR\Installer\Products\FF43541064D177A4B98492FE1D5499B5', 'AdvertiseFlags', 'REG_DWORD', '388') RegWrite('HKCR\Installer\Products\FF43541064D177A4B98492FE1D5499B5', 'Assignment', 'REG_DWORD', '1') RegWrite('HKCR\Installer\Products\FF43541064D177A4B98492FE1D5499B5', 'AuthorizedLUAApp', 'REG_DWORD', '0') RegWrite('HKCR\Installer\Products\FF43541064D177A4B98492FE1D5499B5', 'InstanceType', 'REG_DWORD', '0') RegWrite('HKCR\Installer\Products\FF43541064D177A4B98492FE1D5499B5', 'Language', 'REG_DWORD', '1033') RegWrite('HKCR\Installer\Products\FF43541064D177A4B98492FE1D5499B5', 'PackageCode', 'REG_SZ','[color="#FF0000"]6C7F4592E4A74054D84C1CCDD752C149[/color]') RegWrite('HKCR\Installer\Products\FF43541064D177A4B98492FE1D5499B5', 'ProductName', 'REG_SZ','AntiLogger') RegWrite('HKCR\Installer\Products\FF43541064D177A4B98492FE1D5499B5', 'Version', 'REG_DWORD', '17367042') RegWrite('HKCR\Installer\Products\FF43541064D177A4B98492FE1D5499B5\SourceList\Media', '1', 'REG_SZ',';') RegWrite('HKCR\Installer\Products\FF43541064D177A4B98492FE1D5499B5\SourceList\Media', 'MediaPackage', 'REG_SZ','\DOCUME~1\AKREP\LOCALS~1\Temp\mia35.tmp\') RegWrite('HKCR\Installer\Products\FF43541064D177A4B98492FE1D5499B5\SourceList\Net') RegWrite('HKCR\Installer\UpgradeCodes\A56396B7B7E641342B6C6F5AC648A414', 'FF43541064D177A4B98492FE1D5499B5', 'REG_SZ','') RegWrite('HKCU\SessionInformation', 'ProgramCount', 'REG_DWORD', '4') RegWrite('HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D27CDB6E-AE6D-11CF-96B8-444553540000}\iexplore', 'Count', 'REG_DWORD', '3974') RegWrite('HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D27CDB6E-AE6D-11CF-96B8-444553540000}\iexplore', 'Time', 'REG_BINARY', Binary('0xdc0705000400030010002e0013000300')) RegWrite('HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run', 'AntiLogger', 'REG_SZ','"@ProgFiles\AntiLogger\AntiLogger.exe" /minimized') RegWrite('HKLM\SOFTWARE\MimarSinan\InstallAware\Ident.Cache\{014534FF-1D46-4A77-9B48-29EFD145995B}', '', 'REG_SZ','@CommonAppData\{2954F7C6-7A4E-4504-8DC4-C1DC7D251C94}\') RegWrite('HKLM\SOFTWARE\Zemana', 'ZAL-SessionId', 'REG_DWORD', '1588739831') ; ===================== !!! Incorrect Data !!! ===================== ; HKEY_CLASSES_ROOT\Installer\Products\FF43541064D177A4B98492FE1D5499B5 ==> Clients"=MultiSZ:":"," ; HKEY_CLASSES_ROOT\Installer\Products\FF43541064D177A4B98492FE1D5499B5\SourceList ==> LastUsedSource"=ExpandSZ:"n;1;@ShortDriveC\DOCUME~1\AKREP\LOCALS~1\Temp\mia35.tmp\data\ ; HKEY_CLASSES_ROOT\Installer\Products\FF43541064D177A4B98492FE1D5499B5\SourceList\Net ==> 1"=ExpandSZ:"@ShortDriveC\DOCUME~1\AKREP\LOCALS~1\Temp\mia35.tmp\data\ ; HKEY_CLASSES_ROOT\Installer\Products\FF43541064D177A4B98492FE1D5499B5\SourceList\Net ==> 2"=ExpandSZ:"@ShortDriveC\DOCUME~1\AKREP\LOCALS~1\Temp\mia2 Func _WinWaitActivate($title,$text,$timeout=0) WinWait($title,$text,$timeout) If Not WinActive($title,$text) Then WinActivate($title,$text) WinWaitActive($title,$text,$timeout) EndFunc Saygılar. Quote Link to comment Share on other sites More sharing options...
blackman12 Posted May 3, 2012 Share Posted May 3, 2012 Kullandığın yöntem doğru ama izleme stilin yanlış, kurulum anından itibaren izletirsen eline çok kabarık bir res.txt geçer. onun yerine programı kur lisanslama ekranını aç lisans bilgilerini inputlara gir ama okeye basma. sonra regshotla ilk capture ı al sonra okeye bas ve ikinci captureı alıp res.txt yi elde et. çok daha sade bir sonuç çıkacak ortaya. birde HKU (HKEY_USERS) ta çıkan verileri kaale alma direk onları silebilirsin, çünkü her makinede SID numaraları farklıdır. Son olarak REGSHOT kullan, gördüğüm kadarıyla sen THINSTALL gibi bir program kullanıyorsun dosyaları da takip ettirmişsin çünkü Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.