Bigisiayarımdan şupheleniyorum

19-09-2019, 12:36:19

#1
MI6

Açık Profil bilgileri

Özel Mesaj Gönder

MI6 tarafından gönderilen tüm mesajları bul

MI6'ı arkadaş olarak ekle

Kayıtlı Üye
Merhabalar..
Gecen gun bir trojan girdi ve breraberinde altta devamlı acılan bir search penceresi..Manuel olarak aradım taradım regeditten kaydını buldum sildim sanırım firewall a yapışıp onu devre dışı bırakıyordu cunku hijackte close proxy ve firewall diye bir ibare gordum..bunun dışında doc.set ingte adını daha once hic duymadığım 3 klasor farkettim birinin adı raf global does dı her silişimde başka bir klasor olan hose.. lu birşey (ki silemiyordum sonunda guvenli kipte calıştırıp sildim) onu tekrar yukuyordu..son klasor ise adı move...la baslayan bir başka koasor..o da ilinmiyordu ama cd room un kapağını acıp silmeye kalkınca silebildim..Şimdi spysweeper ı kurdum gorunurde bir şey yok fakat makinem akşamdan beri yavaş..internet hızı normal sayılır fakat logumda s-da goreceksiniz epey bir service yuklu..Ben dalgınlıkla msconfigte diagnostic startup tıklamışım sonradan farkettim ama şimdi selective startup i aktif hale getirdiğim zaman hangilerini tıklayacağımı bilmiyorum..Hijack logum aşağıda Kaan yada başka bir arkadaş ilgilenirse cok sevinirim cunku arık son care olarak format olayına girmek istemiyorum..Bana kendi makinenize bakıp virus yada trojan yemeyecek şekilde hangi service ler acmam gerektiğini soylermisiniz birde logumda (benim gozume batan tuhaf bir nesne yok ama) aynı şeyi sizde soyleyebilirmisiniz?Yani benim bilmeyip (ki bu gayet normal) sizin bildiginiz bir absurtluk var mı?
Saygılar...

Logfile of Browser Hijack Recover(BHR) v1.01
http://www.browser-hijack.com/hijack
Log created on 30.08.2005 23:21:24
Microsoft Windows XP Professional Service Pack 2 (Build 2600)
Internet Explorer v6.0.2900.2180 Update Versions: ;SP2;

[Process Manager] - [Process]
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.ex e
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Browser Hijack Recover\bhr.exe

[Process Manager] - [NT Services]
Service Name: Microsoft ACPI Driver - Start Type: SERVICE_BOOT_START - Service Status: SERVICE_RUNNING - Binary path: C:\WINDOWS\system32\DRIVERS\ACPI.sys
Service Name: AFD - Start Type: SERVICE_SYSTEM_START - Service Status: SERVICE_RUNNING - Binary path: C:\WINDOWS\System32\drivers\afd.sys
Service Name: Service for Realtek AC97 Audio (WDM) - Start Type: SERVICE_DEMAND_START - Service Status: SERVICE_RUNNING - Binary path: C:\WINDOWS\drivers\ALCXWDM.SYS
Service Name: Application Layer Gateway Service - Start Type: SERVICE_DEMAND_START - Service Status: SERVICE_RUNNING - Binary path: C:\WINDOWS\System32\alg.exe
Service Name: AMD Processor Driver - Start Type: SERVICE_SYSTEM_START - Service Status: SERVICE_RUNNING - Binary path: C:\WINDOWS\DRIVERS\AmdK8.sys
Service Name: Aspi32 - Start Type: SERVICE_AUTO_START - Service Status: SERVICE_RUNNING - Binary path:
Service Name: Standard IDE/ESDI Hard Disk Controller - Start Type: SERVICE_BOOT_START - Service Status: SERVICE_RUNNING - Binary path: C:\WINDOWS\system32\DRIVERS\atapi.sys
Service Name: ati2mtag - Start Type: SERVICE_DEMAND_START - Service Status: SERVICE_RUNNING - Binary path: C:\WINDOWS\DRIVERS\ati2mtag.sys
Service Name: Windows Audio - Start Type: SERVICE_AUTO_START - Service Status: SERVICE_RUNNING - Binary path: C:\WINDOWS\System32\svchost.exe -k netsvcs
Service Name: Audio Stub Driver - Start Type: SERVICE_DEMAND_START - Service Status: SERVICE_RUNNING - Binary path: C:\WINDOWS\DRIVERS\audstub.sys
Service Name: Beep - Start Type: SERVICE_SYSTEM_START - Service Status: SERVICE_RUNNING - Binary path:
Service Name: Symantec Event Manager - Start Type: SERVICE_AUTO_START - Service Status: SERVICE_RUNNING - Binary path: C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
Service Name: Cdfs - Start Type: SERVICE_DISABLED - Service Status: SERVICE_RUNNING - Binary path:
Service Name: CD-ROM Driver - Start Type: SERVICE_SYSTEM_START - Service Status: SERVICE_RUNNING - Binary path: C:\WINDOWS\DRIVERS\cdrom.sys
Service Name: Creative Service for CDROM Access - Start Type: SERVICE_AUTO_START - Service Status: SERVICE_RUNNING - Binary path: C:\WINDOWS\system32\CTsvcCDA.EXE
Service Name: Cryptographic Services - Start Type: SERVICE_AUTO_START - Service Status: SERVICE_RUNNING - Binary path: C:\WINDOWS\system32\svchost.exe -k netsvcs
Service Name: Kodak Camera Proxy - Start Type: SERVICE_SYSTEM_START - Service Status: SERVICE_RUNNING - Binary path: C:\WINDOWS\DRIVERS\DcCam.sys
Service Name: Kodak DCFS2K Driver - Start Type: SERVICE_AUTO_START - Service Status: SERVICE_RUNNING - Binary path: C:\WINDOWS\drivers\dcfs2k.sys
Service Name: DCOM Server Process Launcher - Start Type: SERVICE_AUTO_START - Service Status: SERVICE_RUNNING - Binary path: C:\WINDOWS\system32\svchost -k DcomLaunch
Service Name: DHCP Client - Start Type: SERVICE_AUTO_START - Service Status: SERVICE_RUNNING - Binary path: C:\WINDOWS\system32\svchost.exe -k netsvcs
Service Name: Disk Driver - Start Type: SERVICE_BOOT_START - Service Status: SERVICE_RUNNING - Binary path: C:\WINDOWS\system32\DRIVERS\disk.sys
Service Name: Logical Disk Manager Driver - Start Type: SERVICE_BOOT_START - Service Status: SERVICE_RUNNING - Binary path: C:\WINDOWS\System32\drivers\dmio.sys
Service Name: dmload - Start Type: SERVICE_BOOT_START - Service Status: SERVICE_RUNNING - Binary path: C:\WINDOWS\System32\drivers\dmload.sys
Service Name: Logical Disk Manager - Start Type: SERVICE_AUTO_START - Service Status: SERVICE_RUNNING - Binary path: C:\WINDOWS\System32\svchost.exe -k netsvcs
Service Name: DNS Client - Start Type: SERVICE_AUTO_START - Service Status: SERVICE_RUNNING - Binary path: C:\WINDOWS\system32\svchost.exe -k NetworkService
Service Name: Error Reporting Service - Start Type: SERVICE_AUTO_START - Service Status: SERVICE_RUNNING - Binary path: C:\WINDOWS\System32\svchost.exe -k netsvcs
Service Name: Event Log - Start Type: SERVICE_AUTO_START - Service Status: SERVICE_RUNNING - Binary path: C:\WINDOWS\system32\services.exe
Service Name: COM+ Event System - Start Type: SERVICE_DEMAND_START - Service Status: SERVICE_RUNNING - Binary path: C:\WINDOWS\system32\svchost.exe -k netsvcs
Service Name: Fastfat - Start Type: SERVICE_DISABLED - Service Status: SERVICE_RUNNING - Binary path:
Service Name: Fast User Switching Compatibility - Start Type: SERVICE_DEMAND_START - Service Status: SERVICE_RUNNING - Binary path: C:\WINDOWS\System32\svchost.exe -k netsvcs
Service Name: Floppy Disk Controller Driver - Start Type: SERVICE_DEMAND_START - Service Status: SERVICE_RUNNING - Binary path: C:\WINDOWS\DRIVERS\fdc.sys
Service Name: Fips - Start Type: SERVICE_SYSTEM_START - Service Status: SERVICE_RUNNING - Binary path:
Service Name: Floppy Disk Driver - Start Type: SERVICE_DEMAND_START - Service Status: SERVICE_RUNNING - Binary path: C:\WINDOWS\DRIVERS\flpydisk.sys
Service Name: FltMgr - Start Type: SERVICE_BOOT_START - Service Status: SERVICE_RUNNING - Binary path: C:\WINDOWS\system32\DRIVERS\fltMgr.sys
Service Name: ForceWare Intelligent Application Manager (IAM) - Start Type: SERVICE_AUTO_START - Service Status: SERVICE_RUNNING - Binary path: C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.ex e
Service Name: Forceware Web Interface - Start Type: SERVICE_AUTO_START - Service Status: SERVICE_RUNNING - Binary path: C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe" -k runservice
Service Name: Volume Manager Driver - Start Type: SERVICE_BOOT_START - Service Status: SERVICE_RUNNING - Binary path: C:\WINDOWS\system32\DRIVERS\ftdisk.sys
Service Name: Game Port Enumerator - Start Type: SERVICE_DEMAND_START - Service Status: SERVICE_RUNNING - Binary path: C:\WINDOWS\DRIVERS\gameenum.sys
Service Name: GhostPciScanner - Start Type: SERVICE_SYSTEM_START - Service Status: SERVICE_RUNNING - Binary path: C:\Program Files\Norton SystemWorks\Norton Ghost\ghpciscan.sys
Service Name: Generic Packet Classifier - Start Type: SERVICE_DEMAND_START - Service Status: SERVICE_RUNNING - Binary path: C:\WINDOWS\DRIVERS\msgpc.sys
Service Name: Help and Support - Start Type: SERVICE_AUTO_START - Service Status: SERVICE_RUNNING - Binary path: C:\WINDOWS\System32\svchost.exe -k netsvcs
Service Name: HTTP - Start Type: SERVICE_DEMAND_START - Service Status: SERVICE_RUNNING - Binary path: C:\WINDOWS\Drivers\HTTP.sys
Service Name: i8042 Keyboard and PS/2 Mouse Port Driver - Start Type: SERVICE_SYSTEM_START - Service Status: SERVICE_RUNNING - Binary path: C:\WINDOWS\DRIVERS\i8042prt.sys
Service Name: CD-Burning Filter Driver - Start Type: SERVICE_SYSTEM_START - Service Status: SERVICE_RUNNING - Binary path: C:\WINDOWS\DRIVERS\imapi.sys
Service Name: IP Network Address Translator - Start Type: SERVICE_DEMAND_START - Service Status: SERVICE_RUNNING - Binary path: C:\WINDOWS\DRIVERS\ipnat.sys
Service Name: IPSEC driver - Start Type: SERVICE_SYSTEM_START - Service Status: SERVICE_RUNNING - Binary path: C:\WINDOWS\DRIVERS\ipsec.sys
Service Name: PnP ISA/EISA Bus Driver - Start Type: SERVICE_BOOT_START - Service Status: SERVICE_RUNNING - Binary path: C:\WINDOWS\system32\DRIVERS\isapnp.sys
Service Name: Keyboard Class Driver - Start Type: SERVICE_SYSTEM_START - Service Status: SERVICE_RUNNING - Binary path: C:\WINDOWS\DRIVERS\kbdclass.sys
Service Name: Microsoft Kernel Wave Audio Mixer - Start Type: SERVICE_DEMAND_START - Service Status: SERVICE_RUNNING - Binary path: C:\WINDOWS\drivers\kmixer.sys
Service Name: Kodak Camera Connection Software - Start Type: SERVICE_AUTO_START - Service Status: SERVICE_RUNNING - Binary path: C:\WINDOWS\system32\drivers\KodakCCS.exe
Service Name: KSecDD - Start Type: SERVICE_BOOT_START - Service Status: SERVICE_RUNNING - Binary path:
Service Name: Server - Start Type: SERVICE_AUTO_START - Service Status: SERVICE_RUNNING - Binary path: C:\WINDOWS\system32\svchost.exe -k netsvcs
Service Name: Workstation - Start Type: SERVICE_AUTO_START - Service Status: SERVICE_RUNNING - Binary path: C:\WINDOWS\system32\svchost.exe -k netsvcs
Service Name: TCP/IP NetBIOS Helper - Start Type: SERVICE_AUTO_START - Service Status: SERVICE_RUNNING - Binary path: C:\WINDOWS\system32\svchost.exe -k LocalService
Service Name: mnmdd - Start Type: SERVICE_SYSTEM_START - Service Status: SERVICE_RUNNING - Binary path:
Service Name: Mouse Class Driver - Start Type: SERVICE_SYSTEM_START - Service Status: SERVICE_RUNNING - Binary path: C:\WINDOWS\DRIVERS\mouclass.sys
Service Name: MountMgr - Start Type: SERVICE_BOOT_START - Service Status: SERVICE_RUNNING - Binary path:
Service Name: WebDav Client Redirector - Start Type: SERVICE_DEMAND_START - Service Status: SERVICE_RUNNING - Binary path: C:\WINDOWS\DRIVERS\mrxdav.sys
Service Name: MRXSMB - Start Type: SERVICE_SYSTEM_START - Service Status: SERVICE_RUNNING - Binary path: C:\WINDOWS\DRIVERS\mrxsmb.sys
Service Name: Msfs - Start Type: SERVICE_SYSTEM_START - Service Status: SERVICE_RUNNING - Binary path:
Service Name: Microsoft System Management BIOS Driver - Start Type: SERVICE_DEMAND_START - Service Status: SERVICE_RUNNING - Binary path: C:\WINDOWS\DRIVERS\mssmbios.sys
Service Name: Mup - Start Type: SERVICE_BOOT_START - Service Status: SERVICE_RUNNING - Binary path:
Service Name: Norton AntiVirus Auto Protect Service - Start Type: SERVICE_AUTO_START - Service Status: SERVICE_RUNNING - Binary path: C:\Program Files\Norton AntiVirus\navapsvc.exe
Service Name: NAVENG - Start Type: SERVICE_DEMAND_START - Service Status: SERVICE_RUNNING - Binary path: C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20050829.00 7\NAVENG.Sys
Service Name: NAVEX15 - Start Type: SERVICE_DEMAND_START - Service Status: SERVICE_RUNNING - Binary path: C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20050829.00 7\NavEx15.Sys
Service Name: NDIS System Driver - Start Type: SERVICE_BOOT_START - Service Status: SERVICE_RUNNING - Binary path:
Service Name: Remote Access NDIS TAPI Driver - Start Type: SERVICE_DEMAND_START - Service Status: SERVICE_RUNNING - Binary path: C:\WINDOWS\DRIVERS\ndistapi.sys
Service Name: NDIS Usermode I/O Protocol - Start Type: SERVICE_DEMAND_START - Service Status: SERVICE_RUNNING - Binary path: C:\WINDOWS\DRIVERS\ndisuio.sys
Service Name: Remote Access NDIS WAN Driver - Start Type: SERVICE_DEMAND_START - Service Status: SERVICE_RUNNING - Binary path: C:\WINDOWS\DRIVERS\ndiswan.sys
Service Name: NDIS Proxy - Start Type: SERVICE_DEMAND_START - Service Status: SERVICE_RUNNING - Binary path:
Service Name: NetBIOS Interface - Start Type: SERVICE_SYSTEM_START - Service Status: SERVICE_RUNNING - Binary path: C:\WINDOWS\DRIVERS\netbios.sys
Service Name: NetBT - Start Type: SERVICE_SYSTEM_START - Service Status: SERVICE_RUNNING - Binary path: C:\WINDOWS\DRIVERS\netbt.sys
Service Name: Network Connections - Start Type: SERVICE_DEMAND_START - Service Status: SERVICE_RUNNING - Binary path: C:\WINDOWS\System32\svchost.exe -k netsvcs
Service Name: Network Location Awareness (NLA) - Start Type: SERVICE_DEMAND_START - Service Status: SERVICE_RUNNING - Binary path: C:\WINDOWS\system32\svchost.exe -k netsvcs
Service Name: Norton Unerase Protection Driver - Start Type: SERVICE_DEMAND_START - Service Status: SERVICE_RUNNING - Binary path: C:\WINDOWS\system32\Drivers\NPDRIVER.SYS
Service Name: Npfs - Start Type: SERVICE_SYSTEM_START - Service Status: SERVICE_RUNNING - Binary path:
Service Name: Norton Unerase Protection - Start Type: SERVICE_AUTO_START - Service Status: SERVICE_RUNNING - Binary path: C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
Service Name: ForceWare IP service - Start Type: SERVICE_AUTO_START - Service Status: SERVICE_RUNNING - Binary path: C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
Service Name: ForceWare user log service - Start Type: SERVICE_AUTO_START - Service Status: SERVICE_RUNNING - Binary path: C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
Service Name: Ntfs - Start Type: SERVICE_DISABLED - Service Status: SERVICE_RUNNING - Binary path:
Service Name: Null - Start Type: SERVICE_SYSTEM_START - Service Status: SERVICE_RUNNING - Binary path:
Service Name: nvatabus - Start Type: SERVICE_BOOT_START - Service Status: SERVICE_RUNNING - Binary path: C:\WINDOWS\system32\DRIVERS\nvatabus.sys
Service Name: NVIDIA Disk Cache Filter Driver - Start Type: SERVICE_BOOT_START - Service Status: SERVICE_RUNNING - Binary path: C:\WINDOWS\system32\DRIVERS\nvcchflt.sys
Service Name: NVIDIA nForce Networking Controller Driver - Start Type: SERVICE_DEMAND_START - Service Status: SERVICE_RUNNING - Binary path: C:\WINDOWS\DRIVERS\NVENETFD.sys
Service Name: NVIDIA Network Bus Enumerator - Start Type: SERVICE_DEMAND_START - Service Status: SERVICE_RUNNING - Binary path: C:\WINDOWS\DRIVERS\nvnetbus.sys
Service Name: Parallel port driver - Start Type: SERVICE_DEMAND_START - Service Status: SERVICE_RUNNING - Binary path: C:\WINDOWS\DRIVERS\parport.sys
Service Name: PartMgr - Start Type: SERVICE_BOOT_START - Service Status: SERVICE_RUNNING - Binary path:
Service Name: ParVdm - Start Type: SERVICE_AUTO_START - Service Status: SERVICE_RUNNING - Binary path:
Service Name: PCI Bus Driver - Start Type: SERVICE_BOOT_START - Service Status: SERVICE_RUNNING - Binary path: C:\WINDOWS\system32\DRIVERS\pci.sys
Service Name: PCIIde - Start Type: SERVICE_BOOT_START - Service Status: SERVICE_RUNNING - Binary path: C:\WINDOWS\system32\DRIVERS\pciide.sys
Service Name: PfModNT - Start Type: SERVICE_AUTO_START - Service Status: SERVICE_RUNNING - Binary path: C:\WINDOWS\system32\drivers\PfModNT.sys
Service Name: Plug and Play - Start Type: SERVICE_AUTO_START - Service Status: SERVICE_RUNNING - Binary path: C:\WINDOWS\system32\services.exe
Service Name: Microsoft IntelliPoint Filter Driver - Start Type: SERVICE_DEMAND_START - Service Status: SERVICE_RUNNING - Binary path: C:\WINDOWS\DRIVERS\point32.sys
Service Name: IPSEC Services - Start Type: SERVICE_AUTO_START - Service Status: SERVICE_RUNNING - Binary path: C:\WINDOWS\system32\lsass.exe
Service Name: WAN Miniport (PPTP) - Start Type: SERVICE_DEMAND_START - Service Status: SERVICE_RUNNING - Binary path: C:\WINDOWS\DRIVERS\raspptp.sys
Service Name: Protected Storage - Start Type: SERVICE_AUTO_START - Service Status: SERVICE_RUNNING - Binary path: C:\WINDOWS\system32\lsass.exe
Service Name: QoS Packet Scheduler - Start Type: SERVICE_DEMAND_START - Service Status: SERVICE_RUNNING - Binary path: C:\WINDOWS\DRIVERS\psched.sys
Service Name: Direct Parallel Link Driver - Start Type: SERVICE_DEMAND_START - Service Status: SERVICE_RUNNING - Binary path: C:\WINDOWS\DRIVERS\ptilink.sys
Service Name: PxHelp20 - Start Type: SERVICE_BOOT_START - Service Status: SERVICE_RUNNING - Binary path: C:\WINDOWS\system32\DRIVERS\PxHelp20.sys
Service Name: Remote Access Auto Connection Driver - Start Type: SERVICE_SYSTEM_START - Service Status: SERVICE_RUNNING - Binary path: C:\WINDOWS\DRIVERS\rasacd.sys
Service Name: WAN Miniport (L2TP) - Start Type: SERVICE_DEMAND_START - Service Status: SERVICE_RUNNING - Binary path: C:\WINDOWS\DRIVERS\rasl2tp.sys
Service Name: Remote Access Connection Manager - Start Type: SERVICE_DEMAND_START - Service Status: SERVICE_RUNNING - Binary path: C:\WINDOWS\system32\svchost.exe -k netsvcs
Service Name: Remote Access PPPOE Driver - Start Type: SERVICE_DEMAND_START - Service Status: SERVICE_RUNNING - Binary path: C:\WINDOWS\DRIVERS\raspppoe.sys
Service Name: Direct Parallel - Start Type: SERVICE_DEMAND_START - Service Status: SERVICE_RUNNING - Binary path: C:\WINDOWS\DRIVERS\raspti.sys
Service Name: Rdbss - Start Type: SERVICE_SYSTEM_START - Service Status: SERVICE_RUNNING - Binary path: C:\WINDOWS\DRIVERS\rdbss.sys
Service Name: RDPCDD - Start Type: SERVICE_SYSTEM_START - Service Status: SERVICE_RUNNING - Binary path: C:\WINDOWS\DRIVERS\RDPCDD.sys
Service Name: Terminal Server Device Redirector Driver - Start Type: SERVICE_DEMAND_START - Service Status: SERVICE_RUNNING - Binary path: C:\WINDOWS\DRIVERS\rdpdr.sys
Service Name: Digital CD Audio Playback Filter Driver - Start Type: SERVICE_SYSTEM_START - Service Status: SERVICE_RUNNING - Binary path: C:\WINDOWS\DRIVERS\redbook.sys
Service Name: Remote Registry - Start Type: SERVICE_AUTO_START - Service Status: SERVICE_RUNNING - Binary path: C:\WINDOWS\system32\svchost.exe -k LocalService
Service Name: Remote Procedure Call (RPC) - Start Type: SERVICE_AUTO_START - Service Status: SERVICE_RUNNING - Binary path: C:\WINDOWS\system32\svchost -k rpcss
Service Name: Security Accounts Manager - Start Type: SERVICE_AUTO_START - Service Status: SERVICE_RUNNING - Binary path: C:\WINDOWS\system32\lsass.exe
Service Name: SAVRT - Start Type: SERVICE_DEMAND_START - Service Status: SERVICE_RUNNING - Binary path: C:\WINDOWS\system32\Drivers\SAVRT.SYS
Service Name: SAVRTPEL - Start Type: SERVICE_AUTO_START - Service Status: SERVICE_RUNNING - Binary path: C:\WINDOWS\system32\Drivers\SAVRTPEL.SYS
Service Name: Task Scheduler - Start Type: SERVICE_AUTO_START - Service Status: SERVICE_RUNNING - Binary path: C:\WINDOWS\System32\svchost.exe -k netsvcs
Service Name: Secondary Logon - Start Type: SERVICE_AUTO_START - Service Status: SERVICE_RUNNING - Binary path: C:\WINDOWS\System32\svchost.exe -k netsvcs
Service Name: System Event Notification - Start Type: SERVICE_AUTO_START - Service Status: SERVICE_RUNNING - Binary path: C:\WINDOWS\system32\svchost.exe -k netsvcs
Service Name: Serenum Filter Driver - Start Type: SERVICE_DEMAND_START - Service Status: SERVICE_RUNNING - Binary path: C:\WINDOWS\DRIVERS\serenum.sys
Service Name: Serial port driver - Start Type: SERVICE_SYSTEM_START - Service Status: SERVICE_RUNNING - Binary path: C:\WINDOWS\DRIVERS\serial.sys
Service Name: Windows Firewall/Internet Connection Sharing (ICS) - Start Type: SERVICE_AUTO_START - Service Status: SERVICE_RUNNING - Binary path: C:\WINDOWS\system32\svchost.exe -k netsvcs
Service Name: Shell Hardware Detection - Start Type: SERVICE_AUTO_START - Service Status: SERVICE_RUNNING - Binary path: C:\WINDOWS\System32\svchost.exe -k netsvcs
Service Name: Speed Disk service - Start Type: SERVICE_AUTO_START - Service Status: SERVICE_RUNNING - Binary path: C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe
Service Name: Print Spooler - Start Type: SERVICE_AUTO_START - Service Status: SERVICE_RUNNING - Binary path: C:\WINDOWS\system32\spoolsv.exe
Service Name: System Restore Filter Driver - Start Type: SERVICE_BOOT_START - Service Status: SERVICE_RUNNING - Binary path: C:\WINDOWS\system32\DRIVERS\sr.sys
Service Name: System Restore Service - Start Type: SERVICE_AUTO_START - Service Status: SERVICE_RUNNING - Binary path: C:\WINDOWS\system32\svchost.exe -k netsvcs
Service Name: Srv - Start Type: SERVICE_DEMAND_START - Service Status: SERVICE_RUNNING - Binary path: C:\WINDOWS\DRIVERS\srv.sys
Service Name: SSDP Discovery Service - Start Type: SERVICE_DEMAND_START - Service Status: SERVICE_RUNNING - Binary path: C:\WINDOWS\system32\svchost.exe -k LocalService
Service Name: Webroot Spy Sweeper Engine - Start Type: SERVICE_AUTO_START - Service Status: SERVICE_RUNNING - Binary path: C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
Service Name: Software Bus Driver - Start Type: SERVICE_DEMAND_START - Service Status: SERVICE_RUNNING - Binary path: C:\WINDOWS\DRIVERS\swenum.sys
Service Name: SymEvent - Start Type: SERVICE_DEMAND_START - Service Status: SERVICE_RUNNING - Binary path: C:\Program Files\Symantec\SYMEVENT.SYS
Service Name: SYMREDRV - Start Type: SERVICE_DEMAND_START - Service Status: SERVICE_RUNNING - Binary path: C:\WINDOWS\System32\Drivers\SYMREDRV.SYS
Service Name: SYMTDI - Start Type: SERVICE_SYSTEM_START - Service Status: SERVICE_RUNNING - Binary path: C:\WINDOWS\System32\Drivers\SYMTDI.SYS
Service Name: Microsoft Kernel System Audio Device - Start Type: SERVICE_DEMAND_START - Service Status: SERVICE_RUNNING - Binary path: C:\WINDOWS\drivers\sysaudio.sys
Service Name: Telephony - Start Type: SERVICE_DEMAND_START - Service Status: SERVICE_RUNNING - Binary path: C:\WINDOWS\System32\svchost.exe -k netsvcs
Service Name: TCP/IP Protocol Driver - Start Type: SERVICE_SYSTEM_START - Service Status: SERVICE_RUNNING - Binary path: C:\WINDOWS\DRIVERS\tcpip.sys
Service Name: Terminal Device Driver - Start Type: SERVICE_SYSTEM_START - Service Status: SERVICE_RUNNING - Binary path: C:\WINDOWS\DRIVERS\termdd.sys
Service Name: Terminal Services - Start Type: SERVICE_DEMAND_START - Service Status: SERVICE_RUNNING - Binary path: C:\WINDOWS\System32\svchost -k DComLaunch
Service Name: Themes - Start Type: SERVICE_AUTO_START - Service Status: SERVICE_RUNNING - Binary path: C:\WINDOWS\System32\svchost.exe -k netsvcs
Service Name: Distributed Link Tracking Client - Start Type: SERVICE_AUTO_START - Service Status: SERVICE_RUNNING - Binary path: C:\WINDOWS\system32\svchost.exe -k netsvcs
Service Name: Windows User Mode Driver Framework - Start Type: SERVICE_AUTO_START - Service Status: SERVICE_RUNNING - Binary path: C:\WINDOWS\system32\wdfmgr.exe
Service Name: Microcode Update Driver - Start Type: SERVICE_DEMAND_START - Service Status: SERVICE_RUNNING - Binary path: C:\WINDOWS\DRIVERS\update.sys
Service Name: Microsoft USB 2.0 Enhanced Host Controller Miniport Driver - Start Type: SERVICE_DEMAND_START - Service Status: SERVICE_RUNNING - Binary path: C:\WINDOWS\DRIVERS\usbehci.sys
Service Name: USB2 Enabled Hub - Start Type: SERVICE_DEMAND_START - Service Status: SERVICE_RUNNING - Binary path: C:\WINDOWS\DRIVERS\usbhub.sys
Service Name: Microsoft USB Open Host Controller Miniport Driver - Start Type: SERVICE_DEMAND_START - Service Status: SERVICE_RUNNING - Binary path: C:\WINDOWS\DRIVERS\usbohci.sys
Service Name: VgaSave - Start Type: SERVICE_SYSTEM_START - Service Status: SERVICE_RUNNING - Binary path: C:\WINDOWS\System32\drivers\vga.sys
Service Name: VolSnap - Start Type: SERVICE_BOOT_START - Service Status: SERVICE_RUNNING - Binary path:
Service Name: Windows Time - Start Type: SERVICE_AUTO_START - Service Status: SERVICE_RUNNING - Binary path: C:\WINDOWS\System32\svchost.exe -k netsvcs
Service Name: Remote Access IP ARP Driver - Start Type: SERVICE_DEMAND_START - Service Status: SERVICE_RUNNING - Binary path: C:\WINDOWS\DRIVERS\wanarp.sys
Service Name: Microsoft WINMM WDM Audio Compatibility Driver - Start Type: SERVICE_DEMAND_START - Service Status: SERVICE_RUNNING - Binary path: C:\WINDOWS\drivers\wdmaud.sys
Service Name: WebClient - Start Type: SERVICE_AUTO_START - Service Status: SERVICE_RUNNING - Binary path: C:\WINDOWS\system32\svchost.exe -k LocalService
Service Name: Windows Management Instrumentation - Start Type: SERVICE_AUTO_START - Service Status: SERVICE_RUNNING - Binary path: C:\WINDOWS\system32\svchost.exe -k netsvcs
Service Name: Windows Socket 2.0 Non-IFS Service Provider Support Environment - Start Type: SERVICE_SYSTEM_START - Service Status: SERVICE_RUNNING - Binary path: C:\WINDOWS\System32\drivers\ws2ifsl.sys
Service Name: Security Center - Start Type: SERVICE_AUTO_START - Service Status: SERVICE_RUNNING - Binary path: C:\WINDOWS\System32\svchost.exe -k netsvcs
Service Name: Automatic Updates - Start Type: SERVICE_AUTO_START - Service Status: SERVICE_RUNNING - Binary path: C:\WINDOWS\system32\svchost.exe -k netsvcs
Service Name: Wireless Zero Configuration - Start Type: SERVICE_AUTO_START - Service Status: SERVICE_RUNNING - Binary path: C:\WINDOWS\System32\svchost.exe -k netsvcs

[IE Options]
[IE Options] - [Normal]
R0 - HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
R0 - HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main,Window Title = mustafa
R1 - HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main,Search Page =

[IE Options] - [IE Menu]
O6 - HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Int ernet Explorer\Restrictions, NoBrowserSaveAs = 0
O6 - HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Int ernet Explorer\Restrictions, NoFileNew = 0
O6 - HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Int ernet Explorer\Restrictions, NoBrowserClose = 0
O6 - HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Int ernet Explorer\Restrictions, NoFileOpen = 0
O6 - HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Int ernet Explorer\Restrictions, NoTheaterMode = 0
O6 - HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Int ernet Explorer\Restrictions, NoViewSource = 0
O6 - HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Int ernet Explorer\Restrictions, NoBandCustomize = 0
O6 - HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Int ernet Explorer\Restrictions, NoToolbarCustomize = 0
O6 - HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Int ernet Explorer\Restrictions, NoFavorites = 0
O6 - HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Int ernet Explorer\Restrictions, NoAddingChannels = 0
O6 - HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Int ernet Explorer\Restrictions, NoBrowserOptions = 0
O6 - HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Int ernet Explorer\Restrictions, NoBrowserContextMenu = 0
O6 - HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Int ernet Explorer\Restrictions, NoOpeninNewWnd = 0
O6 - HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Int ernet Explorer\Restrictions, NoSplash = 0
O6 - HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Int ernet Explorer\Restrictions, NoJITSetup = 0

[IE Options] - [Internet Options]
O6 - HKEY_CURRENT_USER\Software\Policies\Microsoft\Inte rnet Explorer\Control Panel, GeneralTab = 0
O6 - HKEY_CURRENT_USER\Software\Policies\Microsoft\Inte rnet Explorer\Control Panel, HomePage = 0
O6 - HKEY_CURRENT_USER\Software\Policies\Microsoft\Inte rnet Explorer\Control Panel, Cache = 0
O6 - HKEY_CURRENT_USER\Software\Policies\Microsoft\Inte rnet Explorer\Control Panel, History = 0
O6 - HKEY_CURRENT_USER\Software\Policies\Microsoft\Inte rnet Explorer\Control Panel, Colors = 0
O6 - HKEY_CURRENT_USER\Software\Policies\Microsoft\Inte rnet Explorer\Control Panel, links = 0
O6 - HKEY_CURRENT_USER\Software\Policies\Microsoft\Inte rnet Explorer\Control Panel, Fonts = 0
O6 - HKEY_CURRENT_USER\Software\Policies\Microsoft\Inte rnet Explorer\Control Panel, Languages = 0
O6 - HKEY_CURRENT_USER\Software\Policies\Microsoft\Inte rnet Explorer\Control Panel, Accessibility = 0
O6 - HKEY_CURRENT_USER\Software\Policies\Microsoft\Inte rnet Explorer\Control Panel, SecurityTab = 0
O6 - HKEY_CURRENT_USER\Software\Policies\Microsoft\Inte rnet Explorer\Control Panel, ContentTab = 0
O6 - HKEY_CURRENT_USER\Software\Policies\Microsoft\Inte rnet Explorer\Control Panel, Ratings = 0
O6 - HKEY_CURRENT_USER\Software\Policies\Microsoft\Inte rnet Explorer\Control Panel, Certificates = 0
O6 - HKEY_CURRENT_USER\Software\Policies\Microsoft\Inte rnet Explorer\Control Panel, FormSuggest = 0
O6 - HKEY_CURRENT_USER\Software\Policies\Microsoft\Inte rnet Explorer\Control Panel, FormSuggest Passwords = 0
O6 - HKEY_CURRENT_USER\Software\Policies\Microsoft\Inte rnet Explorer\Control Panel, Profiles = 0
O6 - HKEY_CURRENT_USER\Software\Policies\Microsoft\Inte rnet Explorer\Control Panel, ConnectionsTab = 0
O6 - HKEY_CURRENT_USER\Software\Policies\Microsoft\Inte rnet Explorer\Control Panel, DialupAutodetect = 0
O6 - HKEY_CURRENT_USER\Software\Policies\Microsoft\Inte rnet Explorer\Control Panel, EnableAutoProxyResultCache = 0
O6 - HKEY_CURRENT_USER\Software\Policies\Microsoft\Inte rnet Explorer\Control Panel, Connection Settings = 0
O6 - HKEY_CURRENT_USER\Software\Policies\Microsoft\Inte rnet Explorer\Control Panel, Connwiz Admin Lock = 0
O6 - HKEY_CURRENT_USER\Software\Policies\Microsoft\Inte rnet Explorer\Control Panel, Proxy = 0

[IE Options] - [IE Search Hooks]

[IE Add-Ons] - [Toolbars]

[IE Add-Ons] - [Explorer Bars]

[IE Add-Ons] - [Context Menu]

[IE Add-Ons] - [BHOs]
O2 - BHO: CNavExtBho Class - - C:\Program Files\Norton AntiVirus\NavShExt.dll

[IE Add-Ons] - [Tools Menu]

[IE Add-Ons] - [Tools Button]

[System Options]

[AutoLoad]
04 - HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Curr entVersion\Run ccApp = C:\Program Files\Common Files\Symantec Shared\ccApp.exe
04 - HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Curr entVersion\Run nTrayFw = C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe
04 - HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Curr entVersion\Run SpySweeper = C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray
__________________