Błąd z services.exe

system · 6 Czerwiec 2007 21:06

Witam, ciągłe mi się pojawia błąd z services.exe . Nie wiem nawet czemu :(.

tutaj log :

Logfile of HijackThis v1.99.1 Scan saved at 23:05:06, on 2007-06-06 Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16441) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\usbtapnp.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\system32\drivers\CDAC11BA.EXE C:\Program Files\ewido anti-malware\ewidoctrl.exe C:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\WINDOWS\system32\devldr32.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Windows Live Toolbar\msn_sl.exe C:\Documents and Settings\KM\Pulpit\hijackthis\HijackThis.exe O1 - Hosts: 60.169.2.79 db.navyfield.co.kr O1 - Hosts: 60.169.2.79 missouri.navyfield.co.kr O1 - Hosts: 60.169.2.79 bismarck.navyfield.co.kr O1 - Hosts: 60.169.2.79 kiel.navyfield.co.kr O1 - Hosts: 60.169.2.79 http://www.sdenternet.co.kr O1 - Hosts: 60.169.2.79 nelson.navyfield.co.kr O1 - Hosts: 60.169.2.79 yamato.navyfield.co.kr O1 - Hosts: 60.169.2.79 update.navyfield.co.kr O1 - Hosts: 60.169.2.79 game1.nf2.com.cn O1 - Hosts: 60.169.2.79 update.fknf2.com O1 - Hosts: 60.169.2.79 seriver1.fknf2.com O1 - Hosts: 60.169.2.79 nf2.sbgbbs.com O3 - Toolbar: Peer2Mail Toolbar - {43F2A7F9-06F6-48a5-B0DC-8530BF29CE66} - C:\Program Files\Peer2Mail Toolbar\v2.0.0.0\Peer2Mail_Toolbar.dll (file missing) O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O4 - HKLM…\Run: [siSUSBRG] C:\WINDOWS\SiSUSBrg.exe O4 - HKLM…\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM…\Run: [iMJPMIG8.1] “C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE” /Spoil /RemAdvDef /Migration32 O4 - HKLM…\Run: [iMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE O4 - HKLM…\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC O4 - HKLM…\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC O4 - HKLM…\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName O4 - HKLM…\Run: [uSBTA] C:\WINDOWS\system32\usbtapnp.exe O4 - HKLM…\Run: [DAEMON Tools] “C:\Program Files\DAEMON Tools\daemon.exe” -lang 1033 O4 - HKLM…\Run: [ATICCC] “C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe” O4 - HKLM…\Run: [TkBellExe] “C:\Program Files\Common Files\Real\Update_OB\realsched.exe” -osboot O4 - HKLM…\Run: [QuickTime Task] “C:\Program Files\QuickTime\qttask.exe” -atboottime O4 - HKLM…\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe O4 - HKLM…\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM…\Run: [AutoSys] C:\WINDOWS\system32\autosys.exe O4 - HKLM…\Run: [j4251538] rundll32 C:\WINDOWS\system32\j4251538.dll sook O4 - HKLM…\Run: [ApachInc] rundll32.exe “C:\WINDOWS\system32\fcpcpnvi.dll”,realset O4 - HKCU…\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU…\Run: [msnmsgr] “C:\Program Files\MSN Messenger\msnmsgr.exe” /background O4 - HKCU…\Run: [VS Online] “C:\Program Files\VS Online\VSOnline.exe” /tray O4 - HKCU…\Run: [Gadu-Gadu] “C:\PROGRA~1\GADU-G~3\gg.exe” /tray O8 - Extra context menu item: &ICQ Toolbar Search - res://C:\Program Files\ICQToolbar\toolbaru.dll/SEARCH.HTML O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm O8 - Extra context menu item: Download All by FlashGet - C:\Program Files\FlashGet\jc_all.htm O8 - Extra context menu item: Download all links using BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm O8 - Extra context menu item: Download all videos using BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm O8 - Extra context menu item: Download link using &BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm O8 - Extra context menu item: Download using FlashGet - C:\Program Files\FlashGet\jc_link.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll O9 - Extra ‘Tools’ menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe O9 - Extra ‘Tools’ menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra ‘Tools’ menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra ‘Tools’ menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O11 - Options group: [iNTERNATIONAL] International* O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {5876CAD0-1636-42EA-AC50-4C06F3196089} - http://down.hangame.com/dist/activex/Ha … ugin19.cab O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resour … se8300.cab O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup … 9464707312 O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - “C:\PROGRA~1\MSNMES~1\msgrapp.dll” (file missing) O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing) O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing) O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE O23 - Service: Creative Service for CDROM Access - Unknown owner - C:\WINDOWS\system32\CTSvcCDA.exe (file missing) O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe O23 - Service: GuiHook - Unknown owner - C:\PROGRA~1\NETSUP~1\guihook.exe (file missing) O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe O23 - Service: mental ray 3.5 Satellite (32-bit) (mi-raysat_3dsmax9_32) - Unknown owner - C:\Program Files\Autodesk\3ds Max 9\mentalray\satellite\raysat_3dsmax9_32server.exe (file missing) O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe

qrczak13 · 6 Czerwiec 2007 21:09

W trybie awaryjnym użyj VundoFix, FixVundo, VirtmundoBeGone

Daj log z ComboFix

system · 6 Czerwiec 2007 21:21

Log z combofix:

“KM” - 2007-06-06 23:13:15 Dodatek Service Pack 2 NTFS ComboFix 07-06-3B - Running from: “C:\Documents and Settings\KM” Rootkit driver xpdt is present. … attempting disinfection xpdt … driver unloaded successfully. ((((((((((((((((((((((((( Files Created from 2007-05-06 to 2007-06-06 ))))))))))))))))))))))))))))))) 2007-06-06 23:05 55,316 --a------ C:\WINDOWS\system32\tbojmsbe.dll 2007-06-06 23:03 76,412 --a------ C:\WINDOWS\system32\mnoqastt.dll 2007-06-06 20:08 196,608 --a------ C:\WINDOWS\system32\ssleay32.dll 2007-06-06 20:08 1,040,384 --a------ C:\WINDOWS\system32\libeay32.dll 2007-06-06 18:36 76,412 --a------ C:\WINDOWS\system32\tywyyelr.dll 2007-06-06 18:34 76,412 --a------ C:\WINDOWS\system32\cipkdysv.dll 2007-06-05 22:22 2,580 --a------ C:\WINDOWS\system32\uiaocmaa.exe 2007-06-05 18:34 76,412 --a------ C:\WINDOWS\system32\qgegwdvb.dll 2007-06-05 18:34 14,868 --a------ C:\WINDOWS\system32\qgebqntu.exe 2007-06-05 18:34 131,124 --a------ C:\WINDOWS\system32\fcpcpnvi.dll 2007-06-05 18:34 10,752 --a------ C:\WINDOWS\system32\j4251538.dll 2007-06-05 14:06 2007-06-04 18:34 76,412 --a------ C:\WINDOWS\system32\syvacqov.dll 2007-06-04 18:34 2,580 --a------ C:\WINDOWS\system32\lkpeviyg.exe 2007-06-04 15:07 2007-06-03 18:35 76,412 --a------ C:\WINDOWS\system32\euwdtoul.dll 2007-06-03 18:35 2,580 --a------ C:\WINDOWS\system32\qpidtrut.exe 2007-06-02 18:34 76,412 --a------ C:\WINDOWS\system32\sqlgmukt.dll 2007-06-02 18:34 2,580 --a------ C:\WINDOWS\system32\tqfgrvex.exe 2007-06-02 10:09 2007-06-01 18:35 76,412 --a------ C:\WINDOWS\system32\icopyorl.dll 2007-06-01 18:35 76,412 --a------ C:\WINDOWS\system32\cbbtbuao.dll 2007-05-31 20:07 701,457 —hs---- C:\WINDOWS\system32\rttss.ini2 2007-05-31 18:35 76,412 --a------ C:\WINDOWS\system32\wslvelsu.dll 2007-05-31 18:33 50,740 --a------ C:\WINDOWS\system32\jckqdipo.dll 2007-05-30 17:49 76,412 --a------ C:\WINDOWS\system32\ejvplsiy.dll 2007-05-29 17:48 903,677 —hs---- C:\WINDOWS\system32\rttss.bak2 2007-05-29 17:48 76,412 --a------ C:\WINDOWS\system32\lryxlnjr.dll 2007-05-28 18:38 2007-05-28 18:38 2007-05-28 18:38 2007-05-28 18:38 2007-05-28 17:37 76,412 --a------ C:\WINDOWS\system32\tlqguvnd.dll 2007-05-28 17:37 682,553 —hs---- C:\WINDOWS\system32\rttss.bak1 2007-05-28 17:37 50,745 --a------ C:\WINDOWS\system32\etehtblq.dll 2007-05-28 17:37 263,220 —hs---- C:\WINDOWS\system32\ssttr.dll 2007-05-28 17:32 67,860 --a------ C:\WINDOWS\system32\xpdx.sys 2007-05-28 17:32 29,206 --a------ C:\WINDOWS\system32\hggebyw.dll 2007-05-26 12:12 60,574 --a------ C:\WINDOWS\system32\xpdt.sys 2007-05-26 12:12 6,144 --a------ C:\WINDOWS\system32\autosys.exe 2007-05-26 11:48 2007-05-25 21:06 2007-05-23 15:50 2007-05-22 15:37 2007-05-19 16:59 2007-05-14 21:07 2007-05-14 21:00 2007-05-13 19:30 2007-05-13 19:23 2007-05-13 18:31 2007-05-12 21:17 2007-05-10 18:55 2007-05-10 18:37 2007-05-10 17:23 2007-05-08 20:31 2007-05-06 12:41 (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) 2007-06-06 20:44:13 -------- d-----w C:\DOCUME~1\KM\DANEAP~1\Xfire 2007-06-06 18:57:00 -------- d-s—w C:\Program Files\Xfire 2007-06-06 18:24:57 -------- d-----w C:\DOCUME~1\KM\DANEAP~1\The Bat! 2007-06-06 16:42:16 24,576 ----a-w C:\WINDOWS\system32\qmdisp.dll 2007-06-06 13:45:50 -------- d-----w C:\Program Files\Rockstar Games 2007-06-06 13:45:47 -------- d–h--w C:\Program Files\InstallShield Installation Information 2007-06-03 04:16:10 -------- d-----w C:\Program Files\SpeedFan 2007-05-29 14:12:06 15,742 -c–a-w C:\WINDOWS\mozver.dat 2007-05-28 20:32:16 -------- d-----w C:\Program Files\eMule 2007-05-28 17:43:53 -------- d-----w C:\Program Files\Winamp 2007-05-25 17:15:56 -------- d-----w C:\Program Files\FTP Commander 2007-05-24 15:34:51 -------- d-----w C:\Program Files\SPSS 2007-05-23 13:52:26 42,138 -c–a-w C:\WINDOWS\scunin.dat 2007-05-23 13:52:23 967 ----a-w C:\WINDOWS\ScUnin.pif 2007-05-23 13:52:23 70,656 ----a-w C:\WINDOWS\ScUnin.exe 2007-05-14 19:04:57 98,304 ----a-w C:\WINDOWS\system32\CmdLineExt.dll 2007-05-13 17:21:49 -------- d-----w C:\Program Files\FlashGet 2007-05-13 02:20:30 -------- d-----w C:\Program Files\Gadu-GaduF 2007-05-06 10:25:25 -------- d-----w C:\Program Files\HD Tune 2007-05-05 12:19:29 -------- d-----w C:\Program Files\Electronic Arts 2007-05-05 11:49:28 -------- d-----w C:\Program Files\Helbreath 2007-05-05 11:48:40 -------- d-----w C:\Program Files\Google 2007-05-05 11:35:54 -------- d-----w C:\Program Files\Ubisoft 2007-05-05 11:31:15 -------- d-----w C:\Program Files\Microsoft Games 2007-05-04 20:06:52 43,520 ------w C:\WINDOWS\system32\CmdLineExt03.dll 2007-05-02 00:34:43 -------- d-----w C:\Program Files\EA GAMES 2007-05-01 23:41:04 -------- d-----w C:\DOCUME~1\KM\DANEAP~1\UseNeXT 2007-04-30 15:46:10 745,600 ----a-w C:\WINDOWS\system32\aswBoot.exe 2007-04-30 15:41:55 85,952 ------w C:\WINDOWS\system32\drivers\aswmon.sys 2007-04-30 15:41:42 94,552 ------w C:\WINDOWS\system32\drivers\aswmon2.sys 2007-04-30 15:39:41 23,416 ------w C:\WINDOWS\system32\drivers\aswRdr.sys 2007-04-30 15:38:51 43,176 ------w C:\WINDOWS\system32\drivers\aswTdi.sys 2007-04-30 15:37:23 26,888 ------w C:\WINDOWS\system32\drivers\aavmker4.sys 2007-04-30 15:35:28 95,872 ----a-w C:\WINDOWS\system32\AVASTSS.scr 2007-04-30 01:48:15 -------- d-----w C:\DOCUME~1\KM\DANEAP~1\SecondLife 2007-04-29 08:12:11 -------- d-----w C:\Program Files\Monte Cristo 2007-04-28 08:32:42 -------- d-----w C:\DOCUME~1\KM\DANEAP~1\Gadu-Gadu 2007-04-25 15:36:53 -------- d-----w C:\Program Files\Windows Live Safety Center 2007-04-24 18:50:06 -------- d-----w C:\DOCUME~1\KM\DANEAP~1\Ahead 2007-04-24 18:48:42 -------- d-----w C:\Program Files\Ahead 2007-04-24 18:48:31 -------- d-----w C:\Program Files\Common Files\LightScribe 2007-04-24 18:46:33 -------- d-----w C:\Program Files\Common Files\Nero 2007-04-24 14:47:54 -------- d-----w C:\DOCUME~1\KM\DANEAP~1\MusicIP 2007-04-23 15:46:19 -------- d-----w C:\DOCUME~1\KM\DANEAP~1\LEGO Company 2007-04-20 15:34:10 -------- d-----w C:\Program Files\Gimnazjum_testy_2007 2007-04-20 11:10:40 12 ------w C:\WINDOWS\system32\cid_store.dat 2007-04-18 16:14:32 2,854,400 ----a-w C:\WINDOWS\system32\msi.dll 2007-04-15 16:45:11 -------- d-----w C:\Program Files\AIDA32 - Enterprise System Information 2007-04-14 13:50:31 -------- d-----w C:\Program Files\Testy gimnazjalne 2006 2007-04-14 09:23:33 -------- d-----w C:\DOCUME~1\KM\DANEAP~1\uk.co.planetside 2007-04-12 16:38:42 -------- d-----w C:\Program Files\Gadu-Gadu2 2007-04-06 06:42:31 -------- d-----w C:\Program Files\NavyFIELD222 2007-04-06 06:36:46 -------- d-----w C:\Program Files\NavyFIELD22 2007-03-25 21:24:37 79,130 ------w C:\WINDOWS\system32\perfc015.dat 2007-03-25 21:24:37 457,558 ------w C:\WINDOWS\system32\perfh015.dat 2007-03-17 13:45:36 293,376 ----a-w C:\WINDOWS\system32\winsrv.dll 2007-03-08 15:38:47 579,072 ----a-w C:\WINDOWS\system32\user32.dll 2007-03-08 15:38:47 40,960 ----a-w C:\WINDOWS\system32\mf3216.dll 2007-03-08 15:38:47 281,600 ----a-w C:\WINDOWS\system32\gdi32.dll 2007-03-08 15:37:33 1,843,840 ----a-w C:\WINDOWS\system32\win32k.sys 2007-03-07 23:51:00 129,784 ------w C:\WINDOWS\system32\pxafs.dll 2001-09-03 10:21:20 309,453 -csh–w C:\WINDOWS\rsx.exe ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects] {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}=C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx [2001-03-02 12:02] {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60}=C:\Program Files\BitComet\tools\BitCometBHO.dll [2006-11-29 15:52] {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C}=C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL [2006-10-31 08:55] {4FB971C4-99FB-480d-BA3F-55B8263010FB}=C:\Program Files\Peer2Mail Toolbar\v2.0.0.0\Peer2Mail_Toolbar.dll [] {6B739D22-72FD-45EE-A83C-18BB7FFB24E6}=C:\WINDOWS\system32\ssttr.dll [2007-05-28 17:37] {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}=C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll [2006-11-09 16:21] {8071E65A-3F56-4426-8372-8667CD213057}=C:\WINDOWS\system32\hggebyw.dll [2007-05-28 17:32] {92A444D2-F945-4dd9-89A1-896A6C2D8D22}=C:\WINDOWS\system32\tbojmsbe.dll [2007-06-06 23:05] {A5366673-E8CA-11D3-9CD9-0090271D075B}=C:\PROGRA~1\FlashGet\jccatch.dll [] {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0}=C:\Program Files\Windows Live Toolbar\msntb.dll [2006-10-11 00:26] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] “SiSUSBRG”=“C:\WINDOWS\SiSUSBrg.exe” [2002-07-12 12:15] “ATIPTA”=“C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe” [2004-09-29 07:15] “IMJPMIG8.1”=“C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe” [2004-08-04 14:00] “IMEKRMIG6.1”=“C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE” [2004-08-04 14:00] “MSPY2002”=“C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe” [2004-08-04 14:00] “PHIME2002ASync”=“C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe” [2004-08-04 14:00] “PHIME2002A”=“C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe” [2004-08-04 14:00] “USBTA”=“C:\WINDOWS\system32\usbtapnp.exe” [2001-01-09 18:14] “DAEMON Tools”=“C:\Program Files\DAEMON Tools\daemon.exe” [2005-12-10 16:57] “ATICCC”=“C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe” [2006-05-10 11:12] “TkBellExe”=“C:\Program Files\Common Files\Real\Update_OB\realsched.exe” [2006-09-05 21:03] “QuickTime Task”=“C:\Program Files\QuickTime\qttask.exe” [2006-10-25 19:58] “WinampAgent”=“C:\Program Files\Winamp\winampa.exe” [] “NeroFilterCheck”=“C:\WINDOWS\system32\NeroCheck.exe” [2001-07-09 11:50] “AutoSys”=“C:\WINDOWS\system32\autosys.exe” [2007-05-26 12:12] “j4251538”=“C:\WINDOWS\system32\j4251538.dll” [2007-06-05 18:34] “ApachInc”=“C:\WINDOWS\system32\fcpcpnvi.dll” [2007-06-05 18:34] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] “CTFMON.EXE”=“C:\WINDOWS\system32\ctfmon.exe” [2004-08-04 14:00] “msnmsgr”=“C:\Program Files\MSN Messenger\msnmsgr.exe” [2006-01-24 21:29] “VS Online”=“C:\Program Files\VS Online\VSOnline.exe” [] “Gadu-Gadu”=“C:\PROGRA~1\GADU-G~3\gg.exe” [2007-05-10 16:36] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks] “{54D9498B-CF93-414F-8984-8CE7FDE0D391}”=“C:\Program Files\ewido anti-malware\shellhook.dll” [2004-09-30 14:21] “{8071E65A-3F56-4426-8372-8667CD213057}”=“C:\WINDOWS\system32\hggebyw.dll” [2007-05-28 17:32] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\hggebyw] hggebyw.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ssttr] C:\WINDOWS\system32\ssttr.dll [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^Adobe Gamma Loader.lnk] path=C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\Adobe Gamma Loader.lnk backup=C:\WINDOWS\pss\Adobe Gamma Loader.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^KM^Menu Start^Programy^Autostart^UniSpiker-2.6.lnk] path=C:\Documents and Settings\KM\Menu Start\Programy\Autostart\UniSpiker-2.6.lnk backup=C:\WINDOWS\pss\UniSpiker-2.6.lnkStartup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] “C:\Program Files\iTunes\iTunesHelper.exe” [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS] “C:\Program Files\Messenger\msmsgs.exe” /background [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr] “C:\Program Files\MSN Messenger\msnmsgr.exe” /background [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Odkurzacz-MCD] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCSuiteTrayApplication] C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] “C:\Program Files\QuickTime\qttask.exe” -atboottime [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Startup Cleaner] C:\Program Files\CM Data Software\CM DiskCleaner\Startup Cleaner.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam] “C:\Valve\Steam\Steam.exe” -silent [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] “C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe” [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent] C:\Program Files\Winamp\winampa.exe HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost *netsvcs* [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F] AutoRun\command- F:\Autorun.exe Contents of the ‘Scheduled Tasks’ folder 2007-05-31 08:13:00 C:\WINDOWS\tasks\AppleSoftwareUpdate.job 2007-06-06 20:59:00 C:\WINDOWS\tasks\Sprawd? aktualizacje paska narz?dzi Windows Live Toolbar.job 2007-06-06 20:00:00 C:\WINDOWS\tasks\Win_Update_Program.job ************************************************************************** catchme 0.3.692 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net Rootkit scan 2007-06-06 23:18:05 Windows 5.1.2600 Dodatek Service Pack 2 NTFS scanning hidden processes … scanning hidden autostart entries … scanning hidden files … scan completed successfully hidden files: 0 ************************************************************************** [HKEY_LOCAL_MACHINE\system\ControlSet002\Services.NET CLR Data] [HKEY_LOCAL_MACHINE\system\ControlSet002\Services.NET CLR Networking] [HKEY_LOCAL_MACHINE\system\ControlSet002\Services.NET Data Provider for Oracle] [HKEY_LOCAL_MACHINE\system\ControlSet002\Services.NET Data Provider for SqlServer] [HKEY_LOCAL_MACHINE\system\ControlSet002\Services.NETFramework] [HKEY_LOCAL_MACHINE\system\ControlSet002\Services\Aavmker4] [HKEY_LOCAL_MACHINE\system\ControlSet002\Services\Abiosdsk] [HKEY_LOCAL_MACHINE\system\ControlSet002\Services\abp480n5] [HKEY_LOCAL_MACHINE\system\ControlSet002\Services\ACEDRV06] “ImagePath”="??\C:\WINDOWS\system32\drivers\ACEDRV06.sys" [HKEY_LOCAL_MACHINE\system\ControlSet002\Services\ACPI] “ImagePath”=“system32\DRIVERS\ACPI.sys” [HKEY_LOCAL_MACHINE\system\ControlSet002\Services\ACPIEC] [HKEY_LOCAL_MACHINE\system\ControlSet002\Services\adpu160m] [HKEY_LOCAL_MACHINE\system\ControlSet002\Services\aeaudio] “ImagePath”=“system32\drivers\aeaudio.sys” [HKEY_LOCAL_MACHINE\system\ControlSet002\Services\aec] “ImagePath”=“system32\drivers\aec.sys” [HKEY_LOCAL_MACHINE\system\ControlSet002\Services\AFD] “ImagePath”="\SystemRoot\System32\drivers\afd.sys" [HKEY_LOCAL_MACHINE\system\ControlSet002\Services\Aha154x] [HKEY_LOCAL_MACHINE\system\ControlSet002\Services\aic78u2] [HKEY_LOCAL_MACHINE\system\ControlSet002\Services\aic78xx] [HKEY_LOCAL_MACHINE\system\ControlSet002\Services\Alerter] “ServiceDll”="%SystemRoot%\system32\alrsvc.dll" [HKEY_LOCAL_MACHINE\system\ControlSet002\Services\ALG] “ImagePath”="%SystemRoot%\System32\alg.exe" [HKEY_LOCAL_MACHINE\system\ControlSet002\Services\AliIde] [HKEY_LOCAL_MACHINE\system\ControlSet002\Services\amsint] [HKEY_LOCAL_MACHINE\system\ControlSet002\Services\AppMgmt] “ServiceDll”="%SystemRoot%\System32\appmgmts.dll" [HKEY_LOCAL_MACHINE\system\ControlSet002\Services\asc] [HKEY_LOCAL_MACHINE\system\ControlSet002\Services\asc3350p] [HKEY_LOCAL_MACHINE\system\ControlSet002\Services\asc3550] [HKEY_LOCAL_MACHINE\system\ControlSet002\Services\aslm75] “ImagePath”="??\C:\WINDOWS\system32\drivers\aslm75.sys" [HKEY_LOCAL_MACHINE\system\ControlSet002\Services\ASP.NET] [HKEY_LOCAL_MACHINE\system\ControlSet002\Services\ASP.NET_1.1.4322] [HKEY_LOCAL_MACHINE\system\ControlSet002\Services\ASP.NET_2.0.50727] [HKEY_LOCAL_MACHINE\system\ControlSet002\Services\aspnet_state] “ImagePath”="%SystemRoot%\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe" [HKEY_LOCAL_MACHINE\system\ControlSet002\Services\aswMon2] [HKEY_LOCAL_MACHINE\system\ControlSet002\Services\aswRdr] [HKEY_LOCAL_MACHINE\system\ControlSet002\Services\aswTdi] [HKEY_LOCAL_MACHINE\system\ControlSet002\Services\aswUpdSv] “ImagePath”="“C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe”" [HKEY_LOCAL_MACHINE\system\ControlSet002\Services\AsyncMac] “ImagePath”=“system32\DRIVERS\asyncmac.sys” [HKEY_LOCAL_MACHINE\system\ControlSet002\Services\atapi] “ImagePath”=“system32\DRIVERS\atapi.sys” [HKEY_LOCAL_MACHINE\system\ControlSet002\Services\Atdisk] [HKEY_LOCAL_MACHINE\system\ControlSet002\Services\Ati HotKey Poller] “ImagePath”="%SystemRoot%\system32\Ati2evxx.exe" [HKEY_LOCAL_MACHINE\system\ControlSet002\Services\ATI Smart] “ImagePath”=“C:\WINDOWS\system32\ati2sgag.exe” [HKEY_LOCAL_MACHINE\system\ControlSet002\Services\ati2mtag] “ImagePath”=“system32\DRIVERS\ati2mtag.sys” [HKEY_LOCAL_MACHINE\system\ControlSet002\Services\Atierecord] [HKEY_LOCAL_MACHINE\system\ControlSet002\Services\Atmarpc] “ImagePath”=“system32\DRIVERS\atmarpc.sys” [HKEY_LOCAL_MACHINE\system\ControlSet002\Services\AudioSrv] “ServiceDll”="%SystemRoot%\System32\audiosrv.dll" [HKEY_LOCAL_MACHINE\system\ControlSet002\Services\audstub] “ImagePath”=“system32\DRIVERS\audstub.sys” [HKEY_LOCAL_MACHINE\system\ControlSet002\Services\avast! Antivirus] “ImagePath”="“C:\Program Files\Alwil Software\Avast4\ashServ.exe”" [HKEY_LOCAL_MACHINE\system\ControlSet002\Services\avast! Mail Scanner] “ImagePath”="“C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe” /service" [HKEY_LOCAL_MACHINE\system\ControlSet002\Services\avast! Web Scanner] “ImagePath”="“C:\Program Files\Alwil Software\Avast4\ashWebSv.exe” /service" [HKEY_LOCAL_MACHINE\system\ControlSet002\Services\BattC] “MofImagePath”=“System32\Drivers\battc.sys” [HKEY_LOCAL_MACHINE\system\ControlSet002\Services\Beep] [HKEY_LOCAL_MACHINE\system\ControlSet002\Services\BITS] “ServiceDll”=“C:\WINDOWS\system32\qmgr.dll” [HKEY_LOCAL_MACHINE\system\ControlSet002\Services\Browser] “ServiceDll”="%SystemRoot%\System32\browser.dll" [HKEY_LOCAL_MACHINE\system\ControlSet002\Services\BUHCI] [HKEY_LOCAL_MACHINE\system\ControlSet002\Services\C-DillaCdaC11BA] “ImagePath”=“C:\WINDOWS\system32\drivers\CDAC11BA.EXE” [HKEY_LOCAL_MACHINE\system\ControlSet002\Services\cbidf2k] [HKEY_LOCAL_MACHINE\system\ControlSet002\Services\cd20xrnt] [HKEY_LOCAL_MACHINE\system\ControlSet002\Services\CdaC15BA] “ImagePath”="??\C:\WINDOWS\system32\drivers\CDAC15BA.SYS" [HKEY_LOCAL_MACHINE\system\ControlSet002\Services\Cdaudio] [HKEY_LOCAL_MACHINE\system\ControlSet002\Services\Cdfs] [HKEY_LOCAL_MACHINE\system\ControlSet002\Services\Cdrom] “ImagePath”=“system32\DRIVERS\cdrom.sys” [HKEY_LOCAL_MACHINE\system\ControlSet002\Services\Changer] [HKEY_LOCAL_MACHINE\system\ControlSet002\Services\CiSvc] “ImagePath”="%SystemRoot%\system32\cisvc.exe" [HKEY_LOCAL_MACHINE\system\ControlSet002\Services\ClipSrv] “ImagePath”="%SystemRoot%\system32\clipsrv.exe" [HKEY_LOCAL_MACHINE\system\ControlSet002\Services\clr_optimization_v2.0.50727_32] “ImagePath”=“C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe” [HKEY_LOCAL_MACHINE\system\ControlSet002\Services\CmdIde] [HKEY_LOCAL_MACHINE\system\ControlSet002\Services\COMSysApp] “ImagePath”=“C:\WINDOWS\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235}” [HKEY_LOCAL_MACHINE\system\ControlSet002\Services\ContentFilter] [HKEY_LOCAL_MACHINE\system\ControlSet002\Services\ContentIndex] [HKEY_LOCAL_MACHINE\system\ControlSet002\Services\Cpqarray] [HKEY_LOCAL_MACHINE\system\ControlSet002\Services\Creative Service for CDROM Access] “ImagePath”=“C:\WINDOWS\system32\CTSvcCDA.exe” [HKEY_LOCAL_MACHINE\system\ControlSet002\Services\CryptSvc] “ServiceDll”="%SystemRoot%\System32\cryptsvc.dll" [HKEY_LOCAL_MACHINE\system\ControlSet002\Services\ctljystk] “ImagePath”=“system32\DRIVERS\ctljystk.sys” [HKEY_LOCAL_MACHINE\system\ControlSet002\Services\ctlntsvc] [HKEY_LOCAL_MACHINE\system\ControlSet002\Services\dac2w2k] [HKEY_LOCAL_MACHINE\system\ControlSet002\Services\dac960nt] [HKEY_LOCAL_MACHINE\system\ControlSet002\Services\DcomLaunch] “ServiceDll”="%SystemRoot%\system32\rpcss.dll" [HKEY_LOCAL_MACHINE\system\ControlSet002\Services\Dhcp] “ServiceDll”="%SystemRoot%\System32\dhcpcsvc.dll" [HKEY_LOCAL_MACHINE\system\ControlSet002\Services\Disk] “ImagePath”=“system32\DRIVERS\disk.sys” [HKEY_LOCAL_MACHINE\system\ControlSet002\Services\dmadmin] “ImagePath”="%SystemRoot%\System32\dmadmin.exe /com" [HKEY_LOCAL_MACHINE\system\ControlSet002\Services\dmboot] “ImagePath”=“System32\drivers\dmboot.sys” [HKEY_LOCAL_MACHINE\system\ControlSet002\Services\dmio] “ImagePath”=“System32\drivers\dmio.sys” [HKEY_LOCAL_MACHINE\system\ControlSet002\Services\dmload] “ImagePath”=“System32\drivers\dmload.sys” [HKEY_LOCAL_MACHINE\system\ControlSet002\Services\dmserver] “ServiceDll”="%SystemRoot%\System32\dmserver.dll" [HKEY_LOCAL_MACHINE\system\ControlSet002\Services\DMusic] “ImagePath”=“system32\drivers\DMusic.sys” [HKEY_LOCAL_MACHINE\system\ControlSet002\Services\Dnscache] “ServiceDll”="%SystemRoot%\System32\dnsrslvr.dll" [HKEY_LOCAL_MACHINE\system\ControlSet002\Services\dpti2o] [HKEY_LOCAL_MACHINE\system\ControlSet002\Services\drmkaud] “ImagePath”=“system32\drivers\drmkaud.sys” [HKEY_LOCAL_MACHINE\system\ControlSet002\Services\dtscsi] “ImagePath”="\SystemRoot\System32\Drivers\dtscsi.sys" [HKEY_LOCAL_MACHINE\system\ControlSet002\Services\DUSBTAWAN] “ImagePath”=“system32\DRIVERS\musbwn2k.sys” [HKEY_LOCAL_MACHINE\system\ControlSet002\Services\emu10k] “ImagePath”=“system32\drivers\emu10k1m.sys” [HKEY_LOCAL_MACHINE\system\ControlSet002\Services\emu10k1] “ImagePath”=“system32\drivers\ctlfacem.sys” [HKEY_LOCAL_MACHINE\system\ControlSet002\Services\ERSvc] “ServiceDll”="%SystemRoot%\System32\ersvc.dll" [HKEY_LOCAL_MACHINE\system\ControlSet002\Services\Eventlog] “ImagePath”="%SystemRoot%\system32\services.exe" [HKEY_LOCAL_MACHINE\system\ControlSet002\Services\EventSystem] “ServiceDll”=“C:\WINDOWS\system32\es.dll” [HKEY_LOCAL_MACHINE\system\ControlSet002\Services\ewido security suite control] “ImagePath”=“C:\Program Files\ewido anti-malware\ewidoctrl.exe” [HKEY_LOCAL_MACHINE\system\ControlSet002\Services\ewido security suite driver] “ImagePath”="??\C:\Program Files\ewido anti-malware\guard.sys" [HKEY_LOCAL_MACHINE\system\ControlSet002\Services\ewido security suite guard] “ImagePath”=“C:\Program Files\ewido anti-malware\ewidoguard.exe” [HKEY_LOCAL_MACHINE\system\ControlSet002\Services\FakeWDMmdm] “ImagePath”=“system32\DRIVERS\dusbcomm.sys” [HKEY_LOCAL_MACHINE\system\ControlSet002\Services\Fastfat] [HKEY_LOCAL_MACHINE\system\ControlSet002\Services\FastUserSwitchingCompatibility] “ServiceDll”="%SystemRoot%\System32\shsvcs.dll" [HKEY_LOCAL_MACHINE\system\ControlSet002\Services\Fdc] “ImagePath”=“system32\DRIVERS\fdc.sys” [HKEY_LOCAL_MACHINE\system\ControlSet002\Services\Fips] [HKEY_LOCAL_MACHINE\system\ControlSet002\Services\Flpydisk] “ImagePath”=“system32\DRIVERS\flpydisk.sys” [HKEY_LOCAL_MACHINE\system\ControlSet002\Services\FltMgr] “ImagePath”=“system32\DRIVERS\fltMgr.sys” [HKEY_LOCAL_MACHINE\system\ControlSet002\Services\FsVga] “ImagePath”=“system32\DRIVERS\fsvga.sys” [HKEY_LOCAL_MACHINE\system\ControlSet002\Services\Fs_Rec] [HKEY_LOCAL_MACHINE\system\ControlSet002\Services\Ftdisk] “ImagePath”=“system32\DRIVERS\ftdisk.sys” [HKEY_LOCAL_MACHINE\system\ControlSet002\Services\gameenum] “ImagePath”=“system32\DRIVERS\gameenum.sys” [HKEY_LOCAL_MACHINE\system\ControlSet002\Services\giveio] “ImagePath”=“system32\giveio.sys” [HKEY_LOCAL_MACHINE\system\ControlSet002\Services\Gpc] “ImagePath”=“system32\DRIVERS\msgpc.sys” [HKEY_LOCAL_MACHINE\system\ControlSet002\Services\GuiHook] “ImagePath”=“C:\PROGRA~1\NETSUP~1\guihook.exe” [HKEY_LOCAL_MACHINE\system\ControlSet002\Services\hamachi] “ImagePath”=“system32\DRIVERS\hamachi.sys” [HKEY_LOCAL_MACHINE\system\ControlSet002\Services\helpsvc] “ServiceDll”="%WINDIR%\PCHealth\HelpCtr\Binaries\pchsvc.dll" [HKEY_LOCAL_MACHINE\system\ControlSet002\Services\HidServ] “ServiceDll”="%SystemRoot%\System32\hidserv.dll" [HKEY_LOCAL_MACHINE\system\ControlSet002\Services\hidusb] “ImagePath”=“system32\DRIVERS\hidusb.sys” [HKEY_LOCAL_MACHINE\system\ControlSet002\Services\hpn] [HKEY_LOCAL_MACHINE\system\ControlSet002\Services\HTTP] “ImagePath”=“System32\Drivers\HTTP.sys” [HKEY_LOCAL_MACHINE\system\ControlSet002\Services\HTTPFilter] “ServiceDll”="%SystemRoot%\System32\w3ssl.dll" [HKEY_LOCAL_MACHINE\system\ControlSet002\Services\i2omgmt] [HKEY_LOCAL_MACHINE\system\ControlSet002\Services\i2omp] [HKEY_LOCAL_MACHINE\system\ControlSet002\Services\i8042prt] “ImagePath”=“system32\DRIVERS\i8042prt.sys” [HKEY_LOCAL_MACHINE\system\ControlSet002\Services\IDriverT] “ImagePath”="“C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe”" [HKEY_LOCAL_MACHINE\system\ControlSet002\Services\Imapi] “ImagePath”=“system32\DRIVERS\imapi.sys” [HKEY_LOCAL_MACHINE\system\ControlSet002\Services\ImapiService] “ImagePath”=“C:\WINDOWS\system32\imapi.exe” [HKEY_LOCAL_MACHINE\system\ControlSet002\Services\iMSPQMn] “ImagePath”="??\C:\DOCUME~1\KM\USTAWI~1\Temp\iMSPQMn.sys" [HKEY_LOCAL_MACHINE\system\ControlSet002\Services\inetaccs] [HKEY_LOCAL_MACHINE\system\ControlSet002\Services\ini910u] [HKEY_LOCAL_MACHINE\system\ControlSet002\Services\Inport] [HKEY_LOCAL_MACHINE\system\ControlSet002\Services\IntelIde] [HKEY_LOCAL_MACHINE\system\ControlSet002\Services\intelppm] “ImagePath”=“system32\DRIVERS\intelppm.sys” [HKEY_LOCAL_MACHINE\system\ControlSet002\Services\Ip6Fw] “ImagePath”=“system32\DRIVERS\Ip6Fw.sys” [HKEY_LOCAL_MACHINE\system\ControlSet002\Services\IpFilterDriver] “ImagePath”=“system32\DRIVERS\ipfltdrv.sys” [HKEY_LOCAL_MACHINE\system\ControlSet002\Services\IpInIp] “ImagePath”=“system32\DRIVERS\ipinip.sys” [HKEY_LOCAL_MACHINE\system\ControlSet002\Services\IpNat] “ImagePath”=“system32\DRIVERS\ipnat.sys” [HKEY_LOCAL_MACHINE\system\ControlSet002\Services\IPSec] “ImagePath”=“system32\DRIVERS\ipsec.sys” [HKEY_LOCAL_MACHINE\system\ControlSet002\Services\IRENUM] “ImagePath”=“system32\DRIVERS\irenum.sys” [HKEY_LOCAL_MACHINE\system\ControlSet002\Services\ISAPISearch] [HKEY_LOCAL_MACHINE\system\ControlSet002\Services\isapnp] “ImagePath”=“system32\DRIVERS\isapnp.sys” [HKEY_LOCAL_MACHINE\system\ControlSet002\Services\Kbdclass] “ImagePath”=“system32\DRIVERS\kbdclass.sys” [HKEY_LOCAL_MACHINE\system\ControlSet002\Services\kmixer] “ImagePath”=“system32\drivers\kmixer.sys” [HKEY_LOCAL_MACHINE\system\ControlSet002\Services\KSecDD] [HKEY_LOCAL_MACHINE\system\ControlSet002\Services\lanmanserver] “ServiceDll”="%SystemRoot%\System32\srvsvc.dll" [HKEY_LOCAL_MACHINE\system\ControlSet002\Services\lanmanworkstation] “ServiceDll”="%SystemRoot%\System32\wkssvc.dll" [HKEY_LOCAL_MACHINE\system\ControlSet002\Services\lbrtfdc] [HKEY_LOCAL_MACHINE\system\ControlSet002\Services\ldap] [HKEY_LOCAL_MACHINE\system\ControlSet002\Services\LicenseService] [HKEY_LOCAL_MACHINE\system\ControlSet002\Services\LightScribeService] “ImagePath”="“C:\Program Files\Common Files\LightScribe\LSSrvc.exe”" [HKEY_LOCAL_MACHINE\system\ControlSet002\Services\LmHosts] “ServiceDll”="%SystemRoot%\System32\lmhsvc.dll" [HKEY_LOCAL_MACHINE\system\ControlSet002\Services\Macromedia Licensing Service] “ImagePath”="“C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe”" [HKEY_LOCAL_MACHINE\system\ControlSet002\Services\mDTA128] “ImagePath”=“system32\DRIVERS\musbta2k.sys” [HKEY_LOCAL_MACHINE\system\ControlSet002\Services\Messenger] “ServiceDll”="%SystemRoot%\System32\msgsvc.dll" [HKEY_LOCAL_MACHINE\system\ControlSet002\Services\mi-raysat_3dsmax9_32] “ImagePath”="“C:\Program Files\Autodesk\3ds Max 9\mentalray\satellite\raysat_3dsmax9_32server.exe”" [HKEY_LOCAL_MACHINE\system\ControlSet002\Services\mnmdd] [HKEY_LOCAL_MACHINE\system\ControlSet002\Services\mnmsrvc] “ImagePath”=“C:\WINDOWS\system32\mnmsrvc.exe” [HKEY_LOCAL_MACHINE\system\ControlSet002\Services\Modem] [HKEY_LOCAL_MACHINE\system\ControlSet002\Services\Mouclass] “ImagePath”=“system32\DRIVERS\mouclass.sys” [HKEY_LOCAL_MACHINE\system\ControlSet002\Services\mouhid] “ImagePath”=“system32\DRIVERS\mouhid.sys” [HKEY_LOCAL_MACHINE\system\ControlSet002\Services\MountMgr] [HKEY_LOCAL_MACHINE\system\ControlSet002\Services\mraid35x] [HKEY_LOCAL_MACHINE\system\ControlSet002\Services\MRxDAV] “ImagePath”=“system32\DRIVERS\mrxdav.sys” [HKEY_LOCAL_MACHINE\system\ControlSet002\Services\MRxSmb] “ImagePath”=“system32\DRIVERS\mrxsmb.sys” [HKEY_LOCAL_MACHINE\system\ControlSet002\Services\MSDTC] “ImagePath”=“C:\WINDOWS\system32\msdtc.exe” [HKEY_LOCAL_MACHINE\system\ControlSet002\Services\Msfs] [HKEY_LOCAL_MACHINE\system\ControlSet002\Services\MSIServer] “ImagePath”=“C:\WINDOWS\system32\msiexec.exe /V” [HKEY_LOCAL_MACHINE\system\ControlSet002\Services\MSKSSRV] “ImagePath”=“system32\drivers\MSKSSRV.sys” [HKEY_LOCAL_MACHINE\system\ControlSet002\Services\MSPCLOCK] “ImagePath”=“system32\drivers\MSPCLOCK.sys” [HKEY_LOCAL_MACHINE\system\ControlSet002\Services\MSPQM] “ImagePath”=“system32\drivers\MSPQM.sys” [HKEY_LOCAL_MACHINE\system\ControlSet002\Services\mssmbios] “ImagePath”=“system32\DRIVERS\mssmbios.sys” [HKEY_LOCAL_MACHINE\system\ControlSet002\Services\Mup] [HKEY_LOCAL_MACHINE\system\ControlSet002\Services\NDIS] [HKEY_LOCAL_MACHINE\system\ControlSet002\Services\NdisTapi] “ImagePath”=“system32\DRIVERS\ndistapi.sys” [HKEY_LOCAL_MACHINE\system\ControlSet002\Services\Ndisuio] “ImagePath”=“system32\DRIVERS\ndisuio.sys” [HKEY_LOCAL_MACHINE\system\ControlSet002\Services\NdisWan] “ImagePath”=“system32\DRIVERS\ndiswan.sys” [HKEY_LOCAL_MACHINE\system\ControlSet002\Services\NDProxy] [HKEY_LOCAL_MACHINE\system\ControlSet002\Services\NetBIOS] “ImagePath”=“system32\DRIVERS\netbios.sys” [HKEY_LOCAL_MACHINE\system\ControlSet002\Services\NetBT] “ImagePath”=“system32\DRIVERS\netbt.sys” [HKEY_LOCAL_MACHINE\system\ControlSet002\Services\NetDDE] “ImagePath”="%SystemRoot%\system32\netdde.exe" [HKEY_LOCAL_MACHINE\system\ControlSet002\Services\NetDDEdsdm] “ImagePath”="%SystemRoot%\system32\netdde.exe" [HKEY_LOCAL_MACHINE\system\ControlSet002\Services\Netlogon] “ImagePath”="%SystemRoot%\system32\lsass.exe" [HKEY_LOCAL_MACHINE\system\ControlSet002\Services\Netman] “ServiceDll”="%SystemRoot%\System32\netman.dll" [HKEY_LOCAL_MACHINE\system\ControlSet002\Services\Nla] “ServiceDll”="%SystemRoot%\System32\mswsock.dll" [HKEY_LOCAL_MACHINE\system\ControlSet002\Services\Nokia USB Generic] “ImagePath”=“system32\drivers\nmwcdc.sys” [HKEY_LOCAL_MACHINE\system\ControlSet002\Services\Nokia USB Modem] “ImagePath”=“system32\drivers\nmwcdcm.sys” [HKEY_LOCAL_MACHINE\system\ControlSet002\Services\Nokia USB Phone Parent] “ImagePath”=“system32\drivers\nmwcd.sys” [HKEY_LOCAL_MACHINE\system\ControlSet002\Services\Nokia USB Port] “ImagePath”=“system32\drivers\nmwcdcj.sys” [HKEY_LOCAL_MACHINE\system\ControlSet002\Services\Npfs] [HKEY_LOCAL_MACHINE\system\ControlSet002\Services\Ntfs] [HKEY_LOCAL_MACHINE\system\ControlSet002\Services\NtLmSsp] “ImagePath”="%SystemRoot%\system32\lsass.exe" [HKEY_LOCAL_MACHINE\system\ControlSet002\Services\NtmsSvc] “ServiceDll”="%SystemRoot%\system32\ntmssvc.dll" [HKEY_LOCAL_MACHINE\system\ControlSet002\Services\Null] [HKEY_LOCAL_MACHINE\system\ControlSet002\Services\NwlnkFlt] “ImagePath”=“system32\DRIVERS\nwlnkflt.sys” [HKEY_LOCAL_MACHINE\system\ControlSet002\Services\NwlnkFwd] “ImagePath”=“system32\DRIVERS\nwlnkfwd.sys” [HKEY_LOCAL_MACHINE\system\ControlSet002\Services\Parport] “ImagePath”=“system32\DRIVERS\parport.sys” [HKEY_LOCAL_MACHINE\system\ControlSet002\Services\PartMgr] [HKEY_LOCAL_MACHINE\system\ControlSet002\Services\ParVdm] [HKEY_LOCAL_MACHINE\system\ControlSet002\Services\PCANDIS5] “ImagePath”="??\C:\WINDOWS\system32\PCANDIS5.SYS" [HKEY_LOCAL_MACHINE\system\ControlSet002\Services\PCI] “ImagePath”=“system32\DRIVERS\pci.sys” [HKEY_LOCAL_MACHINE\system\ControlSet002\Services\PCIDump] [HKEY_LOCAL_MACHINE\system\ControlSet002\Services\PCIIde] “ImagePath”=“system32\DRIVERS\pciide.sys” [HKEY_LOCAL_MACHINE\system\ControlSet002\Services\Pcmcia] [HKEY_LOCAL_MACHINE\system\ControlSet002\Services\PDCOMP] [HKEY_LOCAL_MACHINE\system\ControlSet002\Services\PDFRAME] [HKEY_LOCAL_MACHINE\system\ControlSet002\Services\PDRELI] [HKEY_LOCAL_MACHINE\system\ControlSet002\Services\PDRFRAME] [HKEY_LOCAL_MACHINE\system\ControlSet002\Services\perc2] [HKEY_LOCAL_MACHINE\system\ControlSet002\Services\perc2hib] [HKEY_LOCAL_MACHINE\system\ControlSet002\Services\PerfDisk] [HKEY_LOCAL_MACHINE\system\ControlSet002\Services\PerfNet] [HKEY_LOCAL_MACHINE\system\ControlSet002\Services\PerfOS] [HKEY_LOCAL_MACHINE\system\ControlSet002\Services\PerfProc] [HKEY_LOCAL_MACHINE\system\ControlSet002\Services\PfModNT] “ImagePath”="??\C:\WINDOWS\system32\PfModNT.sys" [HKEY_LOCAL_MACHINE\system\ControlSet002\Services\PlugPlay] “ImagePath”="%SystemRoot%\system32\services.exe" [HKEY_LOCAL_MACHINE\system\ControlSet002\Services\PolicyAgent] “ImagePath”="%SystemRoot%\system32\lsass.exe" [HKEY_LOCAL_MACHINE\system\ControlSet002\Services\PptpMiniport] “ImagePath”=“system32\DRIVERS\raspptp.sys” [HKEY_LOCAL_MACHINE\system\ControlSet002\Services\PQNTDrv] [HKEY_LOCAL_MACHINE\system\ControlSet002\Services\ProtectedStorage] “ImagePath”="%SystemRoot%\system32\lsass.exe" [HKEY_LOCAL_MACHINE\system\ControlSet002\Services\PSched] “ImagePath”=“system32\DRIVERS\psched.sys” [HKEY_LOCAL_MACHINE\system\ControlSet002\Services\Ptilink] “ImagePath”=“system32\DRIVERS\ptilink.sys” [HKEY_LOCAL_MACHINE\system\ControlSet002\Services\PxHelp20] “ImagePath”=“System32\Drivers\PxHelp20.sys” [HKEY_LOCAL_MACHINE\system\ControlSet002\Services\ql1080] [HKEY_LOCAL_MACHINE\system\ControlSet002\Services\Ql10wnt] [HKEY_LOCAL_MACHINE\system\ControlSet002\Services\ql12160] [HKEY_LOCAL_MACHINE\system\ControlSet002\Services\ql1240] [HKEY_LOCAL_MACHINE\system\ControlSet002\Services\ql1280] [HKEY_LOCAL_MACHINE\system\ControlSet002\Services\RasAcd] “ImagePath”=“system32\DRIVERS\rasacd.sys” [HKEY_LOCAL_MACHINE\system\ControlSet002\Services\RasAuto] “ServiceDll”="%SystemRoot%\System32\rasauto.dll" [HKEY_LOCAL_MACHINE\system\ControlSet002\Services\Rasl2tp] “ImagePath”=“system32\DRIVERS\rasl2tp.sys” [HKEY_LOCAL_MACHINE\system\ControlSet002\Services\RasMan] “ServiceDll”="%SystemRoot%\System32\rasmans.dll" [HKEY_LOCAL_MACHINE\system\ControlSet002\Services\RasPppoe] “ImagePath”=“system32\DRIVERS\raspppoe.sys” [HKEY_LOCAL_MACHINE\system\ControlSet002\Services\Raspti] “ImagePath”=“system32\DRIVERS\raspti.sys” [HKEY_LOCAL_MACHINE\system\ControlSet002\Services\Rdbss] “ImagePath”=“system32\DRIVERS\rdbss.sys” [HKEY_LOCAL_MACHINE\system\ControlSet002\Services\RDPCDD] “ImagePath”=“System32\DRIVERS\RDPCDD.sys” [HKEY_LOCAL_MACHINE\system\ControlSet002\Services\Rdpclikcn] [HKEY_LOCAL_MACHINE\system\ControlSet002\Services\RDPDD] [HKEY_LOCAL_MACHINE\system\ControlSet002\Services\rdpdr] “ImagePath”=“system32\DRIVERS\rdpdr.sys” [HKEY_LOCAL_MACHINE\system\ControlSet002\Services\RDPNP] [HKEY_LOCAL_MACHINE\system\ControlSet002\Services\RDPWD] [HKEY_LOCAL_MACHINE\system\ControlSet002\Services\RDSessMgr] “ImagePath”=“C:\WINDOWS\system32\sessmgr.exe” [HKEY_LOCAL_MACHINE\system\ControlSet002\Services\redbook] “ImagePath”=“system32\DRIVERS\redbook.sys” [HKEY_LOCAL_MACHINE\system\ControlSet002\Services\RemoteAccess] “ServiceDll”="%SystemRoot%\System32\mprdim.dll" [HKEY_LOCAL_MACHINE\system\ControlSet002\Services\RemoteRegistry] “ServiceDll”="%SystemRoot%\system32\regsvc.dll" [HKEY_LOCAL_MACHINE\system\ControlSet002\Services\ROOTMODEM] “ImagePath”=“System32\Drivers\RootMdm.sys” [HKEY_LOCAL_MACHINE\system\ControlSet002\Services\RpcLocator] “ImagePath”="%SystemRoot%\system32\locator.exe" [HKEY_LOCAL_MACHINE\system\ControlSet002\Services\RpcSs] “ServiceDll”="%SystemRoot%\System32\rpcss.dll" [HKEY_LOCAL_MACHINE\system\ControlSet002\Services\RSVP] “ImagePath”="%SystemRoot%\system32\rsvp.exe" [HKEY_LOCAL_MACHINE\system\ControlSet002\Services\SamSs] “ImagePath”="%SystemRoot%\system32\lsass.exe" [HKEY_LOCAL_MACHINE\system\ControlSet002\Services\SCardSvr] “ImagePath”="%SystemRoot%\System32\SCardSvr.exe" [HKEY_LOCAL_MACHINE\system\ControlSet002\Services\Schedule] “ServiceDll”="%SystemRoot%\system32\schedsvc.dll" [HKEY_LOCAL_MACHINE\system\ControlSet002\Services\Secdrv] “ImagePath”=“system32\DRIVERS\secdrv.sys” [HKEY_LOCAL_MACHINE\system\ControlSet002\Services\seclogon] “ServiceDll”="%SystemRoot%\System32\seclogon.dll" [HKEY_LOCAL_MACHINE\system\ControlSet002\Services\SENS] “ServiceDll”="%SystemRoot%\system32\sens.dll" [HKEY_LOCAL_MACHINE\system\ControlSet002\Services\serenum] “ImagePath”=“system32\DRIVERS\serenum.sys” [HKEY_LOCAL_MACHINE\system\ControlSet002\Services\Serial] “ImagePath”=“system32\DRIVERS\serial.sys” [HKEY_LOCAL_MACHINE\system\ControlSet002\Services\ServiceLayer] “ImagePath”="“C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe”" [HKEY_LOCAL_MACHINE\system\ControlSet002\Services\sfcure01] “ImagePath”=“System32\drivers\sfcure01.sys” [HKEY_LOCAL_MACHINE\system\ControlSet002\Services\sfdrv01] “ImagePath”=“System32\drivers\sfdrv01.sys” [HKEY_LOCAL_MACHINE\system\ControlSet002\Services\sfhlp02] “ImagePath”=“System32\drivers\sfhlp02.sys” [HKEY_LOCAL_MACHINE\system\ControlSet002\Services\Sfloppy] [HKEY_LOCAL_MACHINE\system\ControlSet002\Services\sfman] “ImagePath”=“system32\drivers\sfmanm.sys” [HKEY_LOCAL_MACHINE\system\ControlSet002\Services\sfsync02] “ImagePath”=“System32\drivers\sfsync02.sys” [HKEY_LOCAL_MACHINE\system\ControlSet002\Services\S h a r e d : I] [HKEY_LOCAL_MACHINE\system\ControlSet002\Services\SharedAccess] “ServiceDll”="%SystemRoot%\System32\ipnathlp.dll" [HKEY_LOCAL_MACHINE\system\ControlSet002\Services\Shared`] [HKEY_LOCAL_MACHINE\system\ControlSet002\Services\ShellHWDetection] “ServiceDll”="%SystemRoot%\System32\shsvcs.dll" [HKEY_LOCAL_MACHINE\system\ControlSet002\Services\Simbad] [HKEY_LOCAL_MACHINE\system\ControlSet002\Services\SISAGP] “ImagePath”=“system32\DRIVERS\SISAGPX.sys” [HKEY_LOCAL_MACHINE\system\ControlSet002\Services\SiSide] “ImagePath”=“system32\DRIVERS\siside.sys” [HKEY_LOCAL_MACHINE\system\ControlSet002\Services\sisidex] “ImagePath”=“system32\drivers\sisidex.sys” [HKEY_LOCAL_MACHINE\system\ControlSet002\Services\SISNIC] “ImagePath”=“system32\DRIVERS\sisnic.sys” [HKEY_LOCAL_MACHINE\system\ControlSet002\Services\sisperf] “ImagePath”=“system32\drivers\sisperf.sys” [HKEY_LOCAL_MACHINE\system\ControlSet002\Services\SiSRaid] “ImagePath”=“system32\drivers\SiSRaid.sys” [HKEY_LOCAL_MACHINE\system\ControlSet002\Services\SMNT40] “ImagePath”="\SystemRoot\System32\drivers\SMNT40.SYS" [HKEY_LOCAL_MACHINE\system\ControlSet002\Services\smwdm] “ImagePath”=“system32\drivers\smwdm.sys” [HKEY_LOCAL_MACHINE\system\ControlSet002\Services\Sparrow] [HKEY_LOCAL_MACHINE\system\ControlSet002\Services\speedfan] “ImagePath”=“system32\speedfan.sys” [HKEY_LOCAL_MACHINE\system\ControlSet002\Services\splitter] “ImagePath”=“system32\drivers\splitter.sys” [HKEY_LOCAL_MACHINE\system\ControlSet002\Services\Spooler] “ImagePath”="%SystemRoot%\system32\spoolsv.exe" [HKEY_LOCAL_MACHINE\system\ControlSet002\Services\sptd] “ImagePath”=“System32\Drivers\sptd.sys” [HKEY_LOCAL_MACHINE\system\ControlSet002\Services\sr] “ImagePath”=“system32\DRIVERS\sr.sys” [HKEY_LOCAL_MACHINE\system\ControlSet002\Services\srservice] “ServiceDll”=“C:\WINDOWS\system32\srsvc.dll” [HKEY_LOCAL_MACHINE\system\ControlSet002\Services\Srv] “ImagePath”=“system32\DRIVERS\srv.sys” [HKEY_LOCAL_MACHINE\system\ControlSet002\Services\SSDPSRV] “ServiceDll”="%SystemRoot%\System32\ssdpsrv.dll" [HKEY_LOCAL_MACHINE\system\ControlSet002\Services\stisvc] “ServiceDll”="%SystemRoot%\system32\wiaservc.dll" [HKEY_LOCAL_MACHINE\system\ControlSet002\Services\swenum] “ImagePath”=“system32\DRIVERS\swenum.sys” [HKEY_LOCAL_MACHINE\system\ControlSet002\Services\swmidi] “ImagePath”=“system32\drivers\swmidi.sys” [HKEY_LOCAL_MACHINE\system\ControlSet002\Services\SwPrv] “ImagePath”=“C:\WINDOWS\system32\dllhost.exe /Processid:{CC59B37B-7862-44FA-8262-7F4271C4CFE8}” [HKEY_LOCAL_MACHINE\system\ControlSet002\Services\symc810] [HKEY_LOCAL_MACHINE\system\ControlSet002\Services\symc8xx] [HKEY_LOCAL_MACHINE\system\ControlSet002\Services\sym_hi] [HKEY_LOCAL_MACHINE\system\ControlSet002\Services\sym_u3] [HKEY_LOCAL_MACHINE\system\ControlSet002\Services\sysaudio] “ImagePath”=“system32\drivers\sysaudio.sys” [HKEY_LOCAL_MACHINE\system\ControlSet002\Services\SysmonLog] “ImagePath”="%SystemRoot%\system32\smlogsvc.exe" [HKEY_LOCAL_MACHINE\system\ControlSet002\Services\TapiSrv] “ServiceDll”="%SystemRoot%\System32\tapisrv.dll" [HKEY_LOCAL_MACHINE\system\ControlSet002\Services\Tcpip] “ImagePath”=“system32\DRIVERS\tcpip.sys” [HKEY_LOCAL_MACHINE\system\ControlSet002\Services\TDPIPE] [HKEY_LOCAL_MACHINE\system\ControlSet002\Services\TDTCP] [HKEY_LOCAL_MACHINE\system\ControlSet002\Services\TermDD] “ImagePath”=“system32\DRIVERS\termdd.sys” [HKEY_LOCAL_MACHINE\system\ControlSet002\Services\TermService] “ServiceDll”="%SystemRoot%\System32\termsrv.dll" [HKEY_LOCAL_MACHINE\system\ControlSet002\Services\Themes] “ServiceDll”="%SystemRoot%\System32\shsvcs.dll" [HKEY_LOCAL_MACHINE\system\ControlSet002\Services\TlntSvr] “ImagePath”=“C:\WINDOWS\system32\tlntsvr.exe” [HKEY_LOCAL_MACHINE\system\ControlSet002\Services\TosIde] [HKEY_LOCAL_MACHINE\system\ControlSet002\Services\TrkWks] “ServiceDll”="%SystemRoot%\system32\trkwks.dll" [HKEY_LOCAL_MACHINE\system\ControlSet002\Services\TSDDD] [HKEY_LOCAL_MACHINE\system\ControlSet002\Services\uagp35] “ImagePath”=“system32\DRIVERS\uagp35.sys” [HKEY_LOCAL_MACHINE\system\ControlSet002\Services\Udfs] [HKEY_LOCAL_MACHINE\system\ControlSet002\Services\ultra] [HKEY_LOCAL_MACHINE\system\ControlSet002\Services\UMWdf] “ImagePath”=“C:\WINDOWS\system32\wdfmgr.exe” [HKEY_LOCAL_MACHINE\system\ControlSet002\Services\Update] “ImagePath”=“system32\DRIVERS\update.sys” [HKEY_LOCAL_MACHINE\system\ControlSet002\Services\upnphost] “ServiceDll”="%SystemRoot%\System32\upnphost.dll" [HKEY_LOCAL_MACHINE\system\ControlSet002\Services\UPS] “ImagePath”="%SystemRoot%\System32\ups.exe" [HKEY_LOCAL_MACHINE\system\ControlSet002\Services\USB] [HKEY_LOCAL_MACHINE\system\ControlSet002\Services\usbaudio] “ImagePath”=“system32\drivers\usbaudio.sys” [HKEY_LOCAL_MACHINE\system\ControlSet002\Services\usbccgp] “ImagePath”=“system32\DRIVERS\usbccgp.sys” [HKEY_LOCAL_MACHINE\system\ControlSet002\Services\usbehci] “ImagePath”=“system32\DRIVERS\usbehci.sys” [HKEY_LOCAL_MACHINE\system\ControlSet002\Services\usbhub] “ImagePath”=“system32\DRIVERS\usbhub.sys” [HKEY_LOCAL_MACHINE\system\ControlSet002\Services\usbohci] “ImagePath”=“system32\DRIVERS\usbohci.sys” [HKEY_LOCAL_MACHINE\system\ControlSet002\Services\usbprint] “ImagePath”=“system32\DRIVERS\usbprint.sys” [HKEY_LOCAL_MACHINE\system\ControlSet002\Services\USBSTOR] “ImagePath”=“system32\DRIVERS\USBSTOR.SYS” [HKEY_LOCAL_MACHINE\system\ControlSet002\Services\VgaSave] “ImagePath”="\SystemRoot\System32\drivers\vga.sys" [HKEY_LOCAL_MACHINE\system\ControlSet002\Services\ViaIde] [HKEY_LOCAL_MACHINE\system\ControlSet002\Services\VolSnap] [HKEY_LOCAL_MACHINE\system\ControlSet002\Services\VSS] “ImagePath”="%SystemRoot%\System32\vssvc.exe" [HKEY_LOCAL_MACHINE\system\ControlSet002\Services\VXD] [HKEY_LOCAL_MACHINE\system\ControlSet002\Services\W32Time] “ServiceDll”=“C:\WINDOWS\system32\w32time.dll” [HKEY_LOCAL_MACHINE\system\ControlSet002\Services\W3SVC] [HKEY_LOCAL_MACHINE\system\ControlSet002\Services\Wanarp] “ImagePath”=“system32\DRIVERS\wanarp.sys” [HKEY_LOCAL_MACHINE\system\ControlSet002\Services\WDICA] [HKEY_LOCAL_MACHINE\system\ControlSet002\Services\wdmaud] “ImagePath”=“system32\drivers\wdmaud.sys” [HKEY_LOCAL_MACHINE\system\ControlSet002\Services\WebClient] “ServiceDll”="%SystemRoot%\System32\webclnt.dll" [HKEY_LOCAL_MACHINE\system\ControlSet002\Services\WIBUKEY] “ImagePath”=“SYSTEM32\DRIVERS\Wibukey.sys” [HKEY_LOCAL_MACHINE\system\ControlSet002\Services\WINIO] “ImagePath”="??\C:\Downloads\B-12XPUS\B-12繁体支持版\B-12繁体支持版\B-12繁体支持版2\winio.sys" [HKEY_LOCAL_MACHINE\system\ControlSet002\Services\winmgmt] “ServiceDll”="%SystemRoot%\system32\wbem\WMIsvc.dll" [HKEY_LOCAL_MACHINE\system\ControlSet002\Services\Winsock] [HKEY_LOCAL_MACHINE\system\ControlSet002\Services\WinSock2] [HKEY_LOCAL_MACHINE\system\ControlSet002\Services\WinTrust] [HKEY_LOCAL_MACHINE\system\ControlSet002\Services\WmcCds] “ImagePath”=“c:\program files\windows media connect\mswmccds.exe” [HKEY_LOCAL_MACHINE\system\ControlSet002\Services\WmcCdsLs] “ImagePath”=“C:\Program Files\Windows Media Connect\mswmcls.exe” [HKEY_LOCAL_MACHINE\system\ControlSet002\Services\WmdmPmSN] “ServiceDll”=“C:\WINDOWS\system32\MsPMSNSv.dll” [HKEY_LOCAL_MACHINE\system\ControlSet002\Services\Wmi] “ServiceDll”="%SystemRoot%\System32\advapi32.dll" [HKEY_LOCAL_MACHINE\system\ControlSet002\Services\WmiApRpl] [HKEY_LOCAL_MACHINE\system\ControlSet002\Services\WmiApSrv] “ImagePath”=“C:\WINDOWS\system32\wbem\wmiapsrv.exe” [HKEY_LOCAL_MACHINE\system\ControlSet002\Services\WS2IFSL] [HKEY_LOCAL_MACHINE\system\ControlSet002\Services\wscsvc] “ServiceDll”="%SYSTEMROOT%\system32\wscsvc.dll" [HKEY_LOCAL_MACHINE\system\ControlSet002\Services\wuauserv] “ServiceDll”=“C:\WINDOWS\system32\wuauserv.dll” [HKEY_LOCAL_MACHINE\system\ControlSet002\Services\WZCSVC] “ServiceDll”="%SystemRoot%\System32\wzcsvc.dll" [HKEY_LOCAL_MACHINE\system\ControlSet002\Services\xmlprov] “ServiceDll”="%SystemRoot%\System32\xmlprov.dll" [HKEY_LOCAL_MACHINE\system\ControlSet002\Services\xpdx] “ImagePath”="??\C:\WINDOWS\system32\xpdx.sys" [HKEY_LOCAL_MACHINE\system\ControlSet002\Services\ZDCndis5] “ImagePath”="??\C:\WINDOWS\system32\ZDCndis5.SYS" [HKEY_LOCAL_MACHINE\system\ControlSet002\Services\ZDPSp50] “ImagePath”=“System32\Drivers\ZDPSp50.sys” [HKEY_LOCAL_MACHINE\system\ControlSet002\Services\zntport] “ImagePath”="??\C:\WINDOWS\system32\zntport.sys" [HKEY_LOCAL_MACHINE\system\ControlSet002\Services{038B7652-3E90-4156-81EA-7F6E04D5D65A}] [HKEY_LOCAL_MACHINE\system\ControlSet002\Services{F03E916C-31FB-4E56-820E-48F31405A2C4}] Completion time: 2007-06-06 23:19:01 — E O F —

Gutek · 6 Czerwiec 2007 22:08

Pobierz The Avenger. Wypakuj => uruchom => zaznacz opcję Input script manually => kliknij w taką lupkę => w okienku, które się otworzy wklej:

Files to delete: C:\WINDOWS\system32\tbojmsbe.dll C:\WINDOWS\system32\mnoqastt.dll C:\WINDOWS\system32\ssleay32.dll C:\WINDOWS\system32\libeay32.dll C:\WINDOWS\system32\tywyyelr.dll C:\WINDOWS\system32\cipkdysv.dll C:\WINDOWS\system32\uiaocmaa.exe C:\WINDOWS\system32\qgegwdvb.dll C:\WINDOWS\system32\qgebqntu.exe C:\WINDOWS\system32\fcpcpnvi.dll C:\WINDOWS\system32\j4251538.dll C:\WINDOWS\system32\syvacqov.dll C:\WINDOWS\system32\lkpeviyg.exe C:\WINDOWS\system32\icopyorl.dll C:\WINDOWS\system32\cbbtbuao.dll C:\WINDOWS\system32\rttss.ini2 C:\WINDOWS\system32\wslvelsu.dll C:\WINDOWS\system32\jckqdipo.dll C:\WINDOWS\system32\ejvplsiy.dll C:\WINDOWS\system32\rttss.bak2 C:\WINDOWS\system32\lryxlnjr.dll C:\WINDOWS\system32\tlqguvnd.dll C:\WINDOWS\system32\rttss.bak1 C:\WINDOWS\system32\etehtblq.dll C:\WINDOWS\system32\ssttr.dll C:\WINDOWS\system32\xpdx.sys C:\WINDOWS\system32\hggebyw.dll C:\WINDOWS\system32\xpdt.sys

kliknij klawisz Done => teraz kliknij na zielone światełko => powinna pojawić się pewna informacja i kliknij OK (teraz restart).

Czyszczenie rejestru:

RegCleaner - http://www.dobreprogramy.pl/index.php?dz=2&t=29&id=177

możesz rejestr przelecieć albo

jv16 PowerTools - http://www.dobreprogramy.pl/index.php?dz=2&t=29&id=509

system · 7 Czerwiec 2007 07:23

Dzięki :mrgreen: . Jest jeszcze jedna sprawa, po załadowaniu windowsa, wchodzę na konto i wyskakują komunikaty o błędzie że nie znaleziono tego pliku (w tym wypadku te które usunąłem) :/.

PS. To te pliczki : system32\fcpcpnvi.dll i system32\j4251538.dll

adam9870 · 7 Czerwiec 2007 08:16

Wykonaj to, co napisał Gutek, a potem wklej nowy log z ComboFix’a plus dodatkowo dwa logi z Gmer’a wykonane przy takich ustawieniach:

Zakładka Rootkit >>> zaznaczone wszystko oprócz Pokazuj wszystko >>> kliknij Szukaj >>> czekaj cierpliwie aż skończy >>> Kopiuj >>> wklej do posta
Zakładka Rootkit >>> zaznaczone tylko Usługi i Pokazuj wszystko >>> kliknij Szukaj >>> czekaj cierpliwie aż skończy >>> Kopiuj >>> wklej do posta

Jeśli wszystkie logi nie zmieszczą się bezpośrednio do posta, to umieść je w jakimś serwisie hostingowym jako pliki *.txt, a tu tylko zlinkuj.