Witam mam problem 2 dni temu mój komp został zaatakowany przez trojana. Użyłem COMBOFIX’a wszystko wróciło do normy ale nie działa mi iPlus :(((. Wcześniej działał bezproblemowo. Oto log z COMBOFIX’a:
ComboFix 08-12-06.06 - Bimbollo 2008-12-08 15:24:32.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1250.1.1045.18.811 [GMT 1:00]
Uruchomiony z: I:\ComboFix.exe
* Utworzono nowy punkt przywracania
UWAGA - TEN KOMPUTER NIE MA ZAINSTALOWANEJ KONSOLI ODZYSKIWANIA
.
((((((((((((((((((((((((((((((((((((((( Usunięto )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Autorun.inf
E:\Autorun.inf
F:\autorun.inf
f:\windows\IE4 Error Log.txt
f:\windows\system32\h@tkeysh@@k.dll
f:\windows\system32\tmp70.tmp
f:\windows\system32\tmp71.tmp
G:\Autorun.inf
H:\Autorun.inf
I:\autorun.inf
.
((((((((((((((((((((((((( Pliki utworzone od 2008-11-08 do 2008-12-08 )))))))))))))))))))))))))))))))
.
2008-12-07 21:55 . 2008-12-07 21:55
2008-12-07 21:54 . 2008-12-07 21:55
2008-12-07 19:29 . 2008-12-07 19:29
2008-12-07 19:29 . 2008-12-08 15:33 1,978,400 --ahs---- f:\windows\system32\drivers\fidbox.dat
2008-12-07 19:29 . 2008-12-07 19:29 75,932 --a------ f:\windows\system32\drivers\klick.dat
2008-12-07 19:29 . 2008-12-07 19:29 74,396 --a------ f:\windows\system32\drivers\klin.dat
2008-12-07 19:29 . 2008-12-08 15:33 54,304 --ahs---- f:\windows\system32\drivers\fidbox2.dat
2008-12-07 19:29 . 2008-12-08 15:27 31,628 --ahs---- f:\windows\system32\drivers\fidbox.idx
2008-12-07 19:29 . 2008-12-08 15:27 10,268 --ahs---- f:\windows\system32\drivers\fidbox2.idx
2008-11-30 17:05 . 2008-05-30 14:11 3,850,760 --a------ f:\windows\system32\D3DX9_38.dll
2008-11-30 17:05 . 2008-05-30 14:11 1,491,992 --a------ f:\windows\system32\D3DCompiler_38.dll
2008-11-30 17:05 . 2008-05-30 14:19 507,400 --a------ f:\windows\system32\XAudio2_1.dll
2008-11-30 17:05 . 2008-05-30 14:11 467,984 --a------ f:\windows\system32\d3dx10_38.dll
2008-11-30 17:05 . 2008-05-30 14:18 238,088 --a------ f:\windows\system32\xactengine3_1.dll
2008-11-30 17:05 . 2008-05-30 14:17 65,032 --a------ f:\windows\system32\XAPOFX1_0.dll
2008-11-30 17:05 . 2008-05-30 14:17 25,608 --a------ f:\windows\system32\X3DAudio1_4.dll
2008-11-30 17:03 . 2008-11-30 17:03
2008-11-30 13:59 . 2008-11-30 13:59
2008-11-30 13:58 . 2005-10-20 16:25 12,416 --a------ f:\windows\system32\drivers\asusgsb32.sys
2008-11-30 13:48 . 2008-11-30 13:53
2008-11-30 13:47 . 2006-06-14 06:56 12,288 -ra------ f:\windows\system32\drivers\EIO.sys
2008-11-30 13:45 . 2006-09-08 14:28 2,515,656 -ra------ f:\windows\system32\ativvaxx.dat
2008-11-30 13:45 . 2006-08-23 10:27 655,842 -ra------ f:\windows\system32\drivers\ativcaxx.cpa
2008-11-30 13:45 . 2006-09-08 14:43 307,200 -ra------ f:\windows\system32\atiiiexx.dll
2008-11-30 13:45 . 2006-08-16 06:52 133,583 -ra------ f:\windows\system32\atiicdxx.dat
2008-11-30 13:45 . 2006-09-08 15:50 35,680 -ra------ f:\windows\system32\drivers\ativvpxx.vp
2008-11-30 13:45 . 2006-06-22 02:02 6,126 -ra------ f:\windows\system32\atifglpf.xml
2008-11-30 13:45 . 2006-08-23 10:26 2,096 -ra------ f:\windows\system32\drivers\ativdkxx.vp
2008-11-30 13:45 . 2006-08-23 10:26 2,096 -ra------ f:\windows\system32\drivers\ativckxx.vp
2008-11-30 13:45 . 2006-08-23 10:27 929 -ra------ f:\windows\system32\drivers\ativcaxx.vp
2008-11-18 21:52 . 2008-11-18 21:53
2008-11-18 21:50 . 2006-09-08 14:33 2,411,008 --a------ f:\windows\system32\ati3duag.dll
2008-11-18 21:50 . 2004-08-04 00:43 1,888,992 --a–c— f:\windows\system32\dllcache\ati3duag.dll
2008-11-18 21:50 . 2006-09-08 14:28 1,086,112 --a------ f:\windows\system32\ativvaxx.dll
2008-11-18 21:50 . 2004-08-04 00:43 516,768 --a–c— f:\windows\system32\dllcache\ativvaxx.dll
2008-11-18 21:50 . 2006-09-08 14:10 294,912 --a------ f:\windows\system32\ati2cqag.dll
2008-11-18 21:50 . 2004-08-04 00:43 229,376 --a–c— f:\windows\system32\dllcache\ati2cqag.dll
2008-11-18 20:17 . 2008-12-07 21:54
2008-11-17 20:31 . 2008-11-17 20:31
2008-11-17 20:31 . 2008-11-17 20:31
2008-11-15 15:51 . 2006-03-13 18:35 81,728 -ra------ f:\windows\system32\drivers\k750mgmt.sys
2008-11-15 15:51 . 2006-03-13 18:35 79,488 -ra------ f:\windows\system32\drivers\k750obex.sys
2008-11-15 15:50 . 2006-03-13 18:35 89,872 -ra------ f:\windows\system32\drivers\k750mdm.sys
2008-11-15 15:50 . 2006-03-13 18:35 55,216 -ra------ f:\windows\system32\drivers\k750bus.sys
2008-11-15 15:50 . 2006-03-13 18:35 6,576 -ra------ f:\windows\system32\drivers\k750mdfl.sys
2008-11-15 15:50 . 2006-03-13 18:35 6,144 -ra------ f:\windows\system32\drivers\k750cmnt.sys
2008-11-15 15:50 . 2006-03-13 18:35 5,744 -ra------ f:\windows\system32\drivers\k750whnt.sys
2008-11-15 09:20 . 2008-11-15 09:20
2008-11-10 15:55 . 2008-11-10 15:55
.
(((((((((((((((((((((((((((((((((((((((( Sekcja Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-07 20:55 --------- d-----w f:\program files\Common Files\Teleca Shared
2008-12-07 19:56 --------- d-----w f:\documents and settings\Bimbollo\Dane aplikacji\iPlus
2008-12-07 18:34 --------- d-----w f:\documents and settings\All Users\Dane aplikacji\Kaspersky Lab
2008-11-30 16:10 --------- d-----w f:\program files\GameFace Messenger
2008-11-30 16:08 --------- d-----w f:\documents and settings\Bimbollo\Dane aplikacji\wsInspector
2008-11-30 16:03 --------- d–h--w f:\program files\InstallShield Installation Information
2008-11-30 12:57 737,280 -c–a-w f:\windows\iun6002.exe
2008-11-18 19:24 21,672 ----a-w f:\windows\system32\drivers\ggsemc.sys
2008-11-18 19:24 13,352 ----a-w f:\windows\system32\drivers\ggflt.sys
2008-11-12 17:10 --------- d-----w f:\documents and settings\Bimbollo\Dane aplikacji\uTorrent
2008-11-07 16:18 --------- d-----w f:\documents and settings\Bimbollo\Dane aplikacji\GetRightToGo
2008-10-27 16:08 --------- d-----w f:\documents and settings\Bimbollo\Dane aplikacji\Creative
2008-10-27 16:02 --------- d-----w f:\documents and settings\Bimbollo\Dane aplikacji\CyberLink
2008-10-27 16:01 --------- d-----w f:\program files\Creative
2008-10-27 15:50 --------- d–h--w f:\program files\Creative Installation Information
2008-10-27 15:50 --------- d-----w f:\program files\Common Files\Creative
2008-10-27 15:38 --------- d-----w f:\documents and settings\All Users\Dane aplikacji\Creative
2008-10-20 15:03 --------- d-----w f:\documents and settings\Bimbollo\Dane aplikacji\Winampek
2008-10-17 19:41 --------- d-----w f:\program files\EA SPORTS
2007-07-05 13:42 1 -c–a-w f:\documents and settings\Bimbollo\SI.bin
2007-01-19 18:52 65 -c–a-w f:\program files\Common Files\appop.log
2004-10-01 13:00 40,960 ----a-w f:\program files\Uninstall_CDS.exe
2007-11-27 19:04 848 --sha-w f:\windows\system32\KGyGaAvL.sys
.
((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane
REGEDIT4
[HKEY_LOCAL_MACHINE~\Browser Helper Objects{0950B649-CBD8-4758-B4A2-1EDE5BE8B60C}]
2008-05-02 14:29 14848 --a------ f:\windows\system32\iedkcs42.dll
f:\documents and settings\All Users\Menu Start\Programy\Autostart\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 29696]
COMPANY_NAME WinCinema Manager.lnk - f:\program files\COMPANY_NAME\Common\Bin\WinCinemaMgr.exe [2007-01-19 229376]
InterVideo WinCinema Manager.lnk - f:\program files\COMPANY_NAME\Common\Bin\WinCinemaMgr.exe [2007-01-19 229376]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
“DisableTaskMgr”= 1
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
“NoLogOff”= 1
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
“UIHost”=“f:\Documents and Settings\All Users\Dane aplikacji\TuneUp Software\TuneUp Utilities\WinStyler\tu_logonui.exe”
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
“AppInit_DLLs”=f:\progra~1\KASPER~1\KASPER~2.0\adialhk.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
“vidc.asv2”= asusasv2.dll
“msacm.l3fhg”= mp3fhg.acm
“VIDC.X264”= x264vfw.dll
“VIDC.HFYU”= huffyuv.dll
“vidc.i263”= i263_32.drv
“msacm.divxa32”= divxa32.acm
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
“AntiVirusOverride”=dword:00000001
“FirewallOverride”=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
“DisableMonitoring”=dword:00000001
[HKLM~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
“c:\Program Files\BitTorrent\bittorrent.exe”=
“c:\Giery\S.T.A.L.K.E.R\bin\XR_3DA.exe”=
“c:\Giery\S.T.A.L.K.E.R\bin\dedicated\XR_3DA.exe”=
“f:\Program Files\Reality Pump\Earth 2160\Earth2160_NO_SSE.exe”=
“f:\Program Files\Reality Pump\Earth 2160\Earth2160_SSE.exe”=
“f:\Program Files\Messenger\msmsgs.exe”=
“c:\Program Files\Gadu-Gadu\gg.exe”=
“f:\Documents and Settings\Bimbollo\Ustawienia lokalne\Temp\ElectronicArts_Patcher_000.exe”=
“c:\Program Files\BearShare Applications\BearShare\BearShare.exe”=
“c:\Giery\Ghost Recon Advanced Warfighter\GRAW.exe”=
“e:\Giery\Knights’n’Merchants TPR\KM_TPR.exe”=
“c:\Giery\NN2BE\nwn2main.exe”=
“c:\Giery\NN2BE\nwn2main_amdxp.exe”=
“c:\Giery\NN2BE\nwupdate.exe”=
“c:\Giery\NN2BE\nwn2server.exe”=
“e:\Giery\Cod4\iw3mp.exe”=
“e:\Giery\nascar\NASCAR_Thunder_2004.exe”=
“c:\Program Files\Sony Ericsson\Update Service\Update Service.exe”=
“e:\Giery\DoW\W40kWA.exe”=
“e:\Giery\DoW\W40k.exe”=
“e:\Giery\DK\Dawn of War - Dark Crusade\DarkCrusade.exe”=
“f:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe”=
“e:\Giery\cs\hl.exe”=
“e:\Giery\EE\Empire Earth.exe”=
“e:\Giery\Empire\Empire Earth.exe”=
“c:\Program Files\IncrediMail\bin\IMApp.exe”=
“c:\Program Files\IncrediMail\bin\IncMail.exe”=
“c:\Program Files\IncrediMail\bin\ImpCnt.exe”=
“c:\Program Files\gg\gg.exe”=
“j:\CS Portable\Programs\CS USB\root\cstrike.exe”=
“c:\Obrazy\CS Portable\Programs\start\BORGChat\BORGChat.exe”=
“c:\Obrazy\CS Portable\Programs\CS USB\root\hl.exe”=
“c:\Obrazy\CS Portable\Programs\CS USB\root\cstrike.exe”=
“c:\Program Files\Strip Poker Exclusive 2\StripPokerExclusive2.exe”=
“c:\Program Files\Murator\INFORMATORROLNICZY 2008\INFORMATORY.exe”=
“c:\Giery\Grid\GRID.exe”=
“c:\Program Files\uTorrent\uTorrent.exe”=
“e:\Giery\Soulstorm\Soulstorm.exe”=
“f:\Program Files\Sony Ericsson\Update Service\Update Service.exe”=
“e:\Giery\Cod 5\CoDWaWmp.exe”=
“e:\Giery\Cod 5\CoDWaW.exe”=
[HKLM~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
“13012:TCP”= 13012:TCP:BitComet 13012 TCP
“13012:UDP”= 13012:UDP:BitComet 13012 UDP
“8461:TCP”= 8461:TCP:GoD High Port
“8462:TCP”= 8462:TCP:GoD Low Port
R0 ivicd;Ivi CDVD Filter Driver;f:\windows\system32\drivers\ivicd.sys [2007-01-19 38784]
R1 msikbd2k;Multimedia Keyboard Filter Driver;f:\windows\system32\DRIVERS\msikbd2k.sys [2007-01-20 6942]
R2 AMD64CA;AMD64CA;??\f:\windows\System32\Drivers\AMD64CAx86.sys [2008-07-23 2112]
R2 MSF32;MSF32;??\f:\program files\MySecretFolder XP\MSF32.SYS [2007-03-23 32128]
R2 nhksrv;Netropa NHK Server;f:\program files\Netropa\Multimedia Keyboard\nhksrv.exe [2007-01-20 28672]
R3 Amusbdev;A4Tech Wireless Desktop USB RF-Mouse filter driver;f:\windows\system32\DRIVERS\Amusbdev.sys [2004-08-25 7424]
S1 ShldDrv;Panda File Shield Driver; []
S2 PavProc;Panda Process Protection Driver; []
S3 AVPsys;AVPsys;??\f:\windows\system32\drivers\cdaudio.sys [2001-08-17 18688]
S3 ComFiltr;Panda Anti-Dialer; []
S3 ggflt;SEMC USB Flash Driver Filter;f:\windows\system32\DRIVERS\ggflt.sys [2007-11-13 13352]
S3 iviudf;iviudf;f:\windows\system32\drivers\IviUdf.sys [2007-01-19 126592]
S3 klim5;Kaspersky Anti-Virus NDIS Filter;f:\windows\system32\DRIVERS\klim5.sys []
S3 NPF;NetGroup Packet Filter Driver;f:\windows\system32\drivers\npf.sys [2005-08-02 32512]
S3 SEMWModem;Sony Ericsson SEMWModem; []
S3 SEMWWNIC;Sony Ericsson SEMWWNIC;f:\windows\system32\DRIVERS\GCXXNet.sys [2007-03-17 53248]
S3 Video3D;ASUS Video3D Service;f:\windows\system32\Drivers\Video3D32.sys []
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2{0aff4911-a7ea-11db-ad9e-806d6172696f}]
\Shell\AutoRun\command - f:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe pagefile.sys.vbs
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2{0aff4912-a7ea-11db-ad9e-806d6172696f}]
\Shell\AutoRun\command - f:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe pagefile.sys.vbs
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2{0d8df2e0-a55e-11dc-a234-94ff33404e23}]
\Shell\AutoRun\command - I:\CDCheck.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2{17c1e7a4-abbe-11db-a775-abc1de3da736}]
\Shell\AutoRun\command - I:\Autorun.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2{1adaaaac-a7ed-11db-a769-806d6172696f}]
\Shell\AutoRun\command - D:\start.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2{44e26d67-0703-11dd-9354-b98fe71c7ded}]
\Shell\AutoRun\command - f:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL copy.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2{44e26d69-0703-11dd-9354-b98fe71c7ded}]
\Shell\AutoRun\command - f:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL copy.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2{44e26d6a-0703-11dd-9354-b98fe71c7ded}]
\Shell\AutoRun\command - f:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL copy.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2{5067bf8e-012c-11dc-90bc-9ac9cea32d28}]
\Shell\AutoRun\command - i:\restore\S-1-5-21-1482476501-1644491937-682003330-1013\lin32.exe
\Shell\open\command - i:\restore\S-1-5-21-1482476501-1644491937-682003330-1013\lin32.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2{91f2f484-0f68-11dc-90f9-b5ae7f88fe19}]
\Shell\AutoRun\command - i:\restore\S-1-5-21-1482476501-1644491937-682003330-1013\lin32.exe
\Shell\open\command - i:\restore\S-1-5-21-1482476501-1644491937-682003330-1013\lin32.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2{9781a0df-34b5-11dd-8187-87df668b8420}]
\Shell\AutoRun\command - I:\b.exe
\Shell\explore\Command - I:\b.exe
\Shell\open\Command - I:\b.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2{cad0a9d2-a5cf-11dd-873f-d6c00e5aaa1f}]
\Shell\AutoRun\command - I:\ekugb3.bat
\Shell\explore\Command - I:\ekugb3.bat
\Shell\open\Command - I:\ekugb3.bat
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components{28ABC5C0-4FCB-11CF-AAX5-81CX1C635612}]
c:\restore\S-1-5-21-1482476501-1644491937-682003330-1013\lin32.exe
.
Zawartość folderu ‘Zaplanowane zadania’
2008-11-14 f:\windows\Tasks\1-Click Maintenance.job
- c:\program files\TuneUp Utilities 2006\SystemOptimizer.exe [2006-10-05 15:09]
.
-
-
-
- USUNIĘTO PUSTE WPISY - - - -
-
-
SafeBoot-procexp90.Sys
.
------- Skan uzupełniający -------
.
uStart Page = hxxp://google.incredimail.com/english
uSearchAssistant = hxxp://www.google.com/ie
IE: Dodaj do blokowanych banerów - f:\program files\Kaspersky Lab\Kaspersky Internet Security 7.0\ie_banner_deny.htm
IE: Eksport do programu Microsoft Excel - f:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O16 -: DirectAnimation Java Classes - file://f:\windows\Java\classes\dajava.cab
f:\windows\Downloaded Program Files\DirectAnimation Java Classes.osd
O16 -: Microsoft XML Parser for Java - file://f:\windows\Java\classes\xmldso.cab
f:\windows\Downloaded Program Files\Microsoft XML Parser for Java.osd
FireFox -: Profile - f:\documents and settings\Bimbollo\Dane aplikacji\Mozilla\Firefox\Profiles\si1w6ixr.default\
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.google.pl/
FF -: plugin - c:\program files\Adobe\Acrobat 7.0\Reader\browser\nppdf32.dll
FF -: plugin - f:\program files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll
FF -: plugin - f:\program files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-08 15:32:53
Windows 5.1.2600 Dodatek Service Pack 2 NTFS
skanowanie ukrytych procesów …
skanowanie ukrytych wpisów autostartu …
skanowanie ukrytych plików …
skanowanie pomyślnie ukończone
ukryte pliki: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet004\Services.NET CLR Data]
[HKEY_LOCAL_MACHINE\System\ControlSet004\Services.NET CLR Networking]
[HKEY_LOCAL_MACHINE\System\ControlSet004\Services.NET Data Provider for Oracle]
[HKEY_LOCAL_MACHINE\System\ControlSet004\Services.NET Data Provider for SqlServer]
[HKEY_LOCAL_MACHINE\System\ControlSet004\Services.NETFramework]
[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\Abiosdsk]
[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\abp480n5]
[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\acap2000]
[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\ACPI]
“ImagePath”=“System32\DRIVERS\ACPI.sys”
[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\ACPIEC]
[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\adpu160m]
[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\aec]
“ImagePath”=“system32\drivers\aec.sys”
[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\AFD]
“ImagePath”="\SystemRoot\System32\drivers\afd.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\Aha154x]
[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\aic78u2]
[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\aic78xx]
[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\Alerter]
“ServiceDll”="%SystemRoot%\system32\alrsvc.dll"
[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\ALG]
“ImagePath”="%SystemRoot%\System32\alg.exe"
[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\AliIde]
“ImagePath”=“System32\DRIVERS\aliide.sys”
[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\AMD64CA]
“ImagePath”="??\f:\windows\System32\Drivers\AMD64CAx86.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\AmdK8]
“ImagePath”=“System32\DRIVERS\AmdK8.sys”
[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\Amfilter]
“ImagePath”=“System32\DRIVERS\Amfilter.sys”
[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\amsint]
[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\Amusbdev]
“ImagePath”=“System32\DRIVERS\Amusbdev.sys”
[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\Amusbprt]
“ImagePath”=“System32\DRIVERS\Amusbprt.sys”
[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\AppMgmt]
“ServiceDll”="%SystemRoot%\System32\appmgmts.dll"
[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\Arp1394]
“ImagePath”=“System32\DRIVERS\arp1394.sys”
[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\asc]
[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\asc3350p]
[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\asc3550]
[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\ASP.NET]
[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\ASP.NET_1.1.4322]
[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\ASP.NET_2.0.50727]
[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\aspnet_state]
“ImagePath”="%SystemRoot%\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe"
[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\asusgsb]
“ImagePath”=“system32\drivers\asusgsb32.sys”
[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\asuskbnt]
“ImagePath”=“system32\drivers\atkkbnt.sys”
[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\AsyncMac]
“ImagePath”=“System32\DRIVERS\asyncmac.sys”
[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\atapi]
“ImagePath”=“System32\DRIVERS\atapi.sys”
[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\Atdisk]
[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\Ati HotKey Poller]
“ImagePath”="%SystemRoot%\system32\Ati2evxx.exe"
[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\ati2mtag]
“ImagePath”=“system32\DRIVERS\ati2mtag.sys”
[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\ATIAVAIW]
“ImagePath”=“System32\DRIVERS\atinavt2.sys”
[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\Atierecord]
[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\ATKKeyboardService]
“ImagePath”=“f:\windows\ATKKBService.exe”
[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\atksgt]
“ImagePath”=“system32\DRIVERS\atksgt.sys”
[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\Atmarpc]
“ImagePath”=“System32\DRIVERS\atmarpc.sys”
[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\AudioSrv]
“ServiceDll”="%SystemRoot%\System32\audiosrv.dll"
[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\audstub]
“ImagePath”=“System32\DRIVERS\audstub.sys”
[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\AVP]
“ImagePath”="“f:\program files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe” -r"
[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\AVPsys]
“ImagePath”="??\f:\windows\system32\drivers\cdaudio.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\basic2]
“ImagePath”=“System32\DRIVERS\HSF_BSC2.sys”
[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\BattC]
“MofImagePath”=“System32\Drivers\battc.sys”
[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\Beep]
[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\BITS]
“ServiceDll”=“f:\windows\System32\qmgr.dll”
[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\Browser]
“ServiceDll”="%SystemRoot%\System32\browser.dll"
[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\cbidf2k]
[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\CCDECODE]
“ImagePath”=“System32\DRIVERS\CCDECODE.sys”
[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\cd20xrnt]
[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\Cdaudio]
[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\Cdfs]
[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\Cdrom]
“ImagePath”=“System32\DRIVERS\cdrom.sys”
[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\Changer]
[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\CiSvc]
“ImagePath”="%SystemRoot%\system32\cisvc.exe"
[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\ClipSrv]
“ImagePath”="%SystemRoot%\system32\clipsrv.exe"
[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\clr_optimization_v2.0.50727_32]
“ImagePath”=“f:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe”
[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\CmdIde]
[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\ComFiltr]
[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\COMSysApp]
“ImagePath”=“f:\windows\System32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235}”
[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\ContentFilter]
[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\ContentIndex]
[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\Cpqarray]
[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\Creative Service for CDROM Access]
“ImagePath”=“f:\windows\system32\CTsvcCDA.exe”
[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\CryptSvc]
“ServiceDll”="%SystemRoot%\System32\cryptsvc.dll"
[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\ctac32k]
“ImagePath”=“system32\drivers\ctac32k.sys”
[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\ctaud2k]
“ImagePath”=“system32\drivers\ctaud2k.sys”
[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\ctdvda2k]
“ImagePath”=“system32\drivers\ctdvda2k.sys”
[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\ctprxy2k]
“ImagePath”=“system32\drivers\ctprxy2k.sys”
[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\ctsfm2k]
“ImagePath”=“system32\drivers\ctsfm2k.sys”
[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\dac2w2k]
[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\dac960nt]
[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\DcomLaunch]
“ServiceDll”="%SystemRoot%\system32\rpcss.dll"
[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\ddxgb]
[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\Dhcp]
“ServiceDll”="%SystemRoot%\System32\dhcpcsvc.dll"
[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\Disk]
“ImagePath”=“System32\DRIVERS\disk.sys”
[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\dmadmin]
“ImagePath”="%SystemRoot%\System32\dmadmin.exe /com"
[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\dmboot]
“ImagePath”=“System32\drivers\dmboot.sys”
[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\dmio]
“ImagePath”=“System32\drivers\dmio.sys”
[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\dmload]
“ImagePath”=“System32\drivers\dmload.sys”
[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\dmserver]
“ServiceDll”="%SystemRoot%\System32\dmserver.dll"
[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\DMusic]
“ImagePath”=“system32\drivers\DMusic.sys”
[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\Dnscache]
“ServiceDll”="%SystemRoot%\System32\dnsrslvr.dll"
[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\dpti2o]
[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\drmkaud]
“ImagePath”=“system32\drivers\drmkaud.sys”
[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\dtscsi]
[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\EIO]
“ImagePath”="??\f:\windows\system32\drivers\EIO.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\emupia]
“ImagePath”=“system32\drivers\emupia2k.sys”
[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\ENTECH]
“ImagePath”="??\f:\windows\system32\DRIVERS\ENTECH.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\ERSvc]
“ServiceDll”="%SystemRoot%\System32\ersvc.dll"
[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\Eventlog]
“ImagePath”="%SystemRoot%\system32\services.exe"
[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\EventSystem]
“ServiceDll”=“f:\windows\System32\es.dll”
[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\Fallback]
“ImagePath”=“System32\DRIVERS\HSF_FALL.sys”
[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\Fastfat]
[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\FastUserSwitchingCompatibility]
“ServiceDll”="%SystemRoot%\System32\shsvcs.dll"
[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\Fdc]
“ImagePath”=“System32\DRIVERS\fdc.sys”
[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\Fips]
[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\Flpydisk]
“ImagePath”=“System32\DRIVERS\flpydisk.sys”
[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\FltMgr]
“ImagePath”=“system32\drivers\fltmgr.sys”
[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\Fsks]
“ImagePath”=“System32\DRIVERS\HSF_FSKS.sys”
[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\Fs_Rec]
[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\FTDIBUS]
“ImagePath”=“system32\drivers\ftdibus.sys”
[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\Ftdisk]
“ImagePath”=“System32\DRIVERS\ftdisk.sys”
[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\FTSER2K]
“ImagePath”=“system32\drivers\ftser2k.sys”
[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\gameenum]
“ImagePath”=“System32\DRIVERS\gameenum.sys”
[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\ggflt]
“ImagePath”=“system32\DRIVERS\ggflt.sys”
[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\ggsemc]
“ImagePath”=“system32\DRIVERS\ggsemc.sys”
[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\Gpc]
“ImagePath”=“System32\DRIVERS\msgpc.sys”
[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\gusvc]
“ImagePath”="“f:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe”"
[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\GVCplDrv]
[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\ha20x2k]
“ImagePath”=“system32\drivers\ha20x2k.sys”
[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\HDAudBus]
“ImagePath”=“System32\DRIVERS\HDAudBus.sys”
[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\helpsvc]
“ServiceDll”="%WINDIR%\PCHealth\HelpCtr\Binaries\pchsvc.dll"
[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\HidServ]
“ServiceDll”="%SystemRoot%\System32\hidserv.dll"
[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\hidusb]
“ImagePath”=“System32\DRIVERS\hidusb.sys”
[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\hpn]
[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\HSFHWBS2]
“ImagePath”=“System32\DRIVERS\HSFBS2S2.sys”
[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\HSF_DP]
“ImagePath”=“System32\DRIVERS\HSFDPSP2.sys”
[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\hsf_msft]
“ImagePath”=“System32\DRIVERS\HSF_MSFT.sys”
[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\HTTP]
“ImagePath”=“System32\Drivers\HTTP.sys”
[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\HTTPFilter]
“ServiceDll”="%SystemRoot%\System32\w3ssl.dll"
[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\i2omgmt]
[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\i2omp]
[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\i8042prt]
[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\IDriverT]
“ImagePath”="“f:\program files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe”"
[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\Imapi]
“ImagePath”=“System32\DRIVERS\imapi.sys”
[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\ImapiService]
“ImagePath”=“f:\windows\System32\imapi.exe”
[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\InCDFs]
[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\InCDPass]
[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\InCDRm]
[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\inetaccs]
[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\ini910u]
[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\Inport]
[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\IntcAzAudAddService]
“ImagePath”=“system32\drivers\RtkHDAud.sys”
[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\IntelIde]
[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\ip6fw]
“ImagePath”=“system32\drivers\ip6fw.sys”
[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\IpFilterDriver]
“ImagePath”=“System32\DRIVERS\ipfltdrv.sys”
[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\IpInIp]
“ImagePath”=“System32\DRIVERS\ipinip.sys”
[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\IpNat]
“ImagePath”=“System32\DRIVERS\ipnat.sys”
[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\IPSec]
“ImagePath”=“System32\DRIVERS\ipsec.sys”
[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\IRENUM]
“ImagePath”=“System32\DRIVERS\irenum.sys”
[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\ISAPISearch]
[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\isapnp]
“ImagePath”=“System32\DRIVERS\isapnp.sys”
[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\Iviaspi]
“ImagePath”=“system32\drivers\iviaspi.sys”
[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\ivicd]
“ImagePath”=“system32\drivers\ivicd.sys”
[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\iviudf]
“ImagePath”=“system32\drivers\IviUdf.sys”
[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\K56]
“ImagePath”=“System32\DRIVERS\HSF_K56K.sys”
[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\k750bus]
“ImagePath”=“system32\DRIVERS\k750bus.sys”
[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\k750mdfl]
“ImagePath”=“system32\DRIVERS\k750mdfl.sys”
[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\k750mdm]
“ImagePath”=“system32\DRIVERS\k750mdm.sys”
[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\k750mgmt]
“ImagePath”=“system32\DRIVERS\k750mgmt.sys”
[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\k750obex]
“ImagePath”=“system32\DRIVERS\k750obex.sys”
[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\Kbdclass]
“ImagePath”=“System32\DRIVERS\kbdclass.sys”
[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\kbdhid]
“ImagePath”=“System32\DRIVERS\kbdhid.sys”
[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\kl1]
“ImagePath”=“system32\drivers\kl1.sys”
[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\klif]
“ImagePath”="??\f:\windows\system32\drivers\klif.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\klim5]
“ImagePath”=“system32\DRIVERS\klim5.sys”
[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\kmixer]
“ImagePath”=“system32\drivers\kmixer.sys”
[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\KSecDD]
[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\lanmanserver]
“ServiceDll”="%SystemRoot%\System32\srvsvc.dll"
[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\lanmanworkstation]
“ServiceDll”="%SystemRoot%\System32\wkssvc.dll"
[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\lbrtfdc]
[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\ldap]
[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\LicenseService]
[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\LightScribeService]
“ImagePath”="“f:\program files\Common Files\LightScribe\LSSrvc.exe”"
[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\lirsgt]
“ImagePath”=“system32\DRIVERS\lirsgt.sys”
[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\LmHosts]
“ServiceDll”="%SystemRoot%\System32\lmhsvc.dll"
[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\mcdbus]
[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\MDM]
“ImagePath”="“f:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE”"
[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\mdmxsdk]
“ImagePath”=“System32\DRIVERS\mdmxsdk.sys”
[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\Messenger]
“ServiceDll”="%SystemRoot%\System32\msgsvc.dll"
[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\mnmdd]
[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\mnmsrvc]
“ImagePath”=“f:\windows\System32\mnmsrvc.exe”
[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\Modem]
[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\Mouclass]
“ImagePath”=“System32\DRIVERS\mouclass.sys”
[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\mouhid]
“ImagePath”=“System32\DRIVERS\mouhid.sys”
[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\MountMgr]
[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\MPE]
“ImagePath”=“System32\DRIVERS\MPE.sys”
[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\mraid35x]
[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\MRxDAV]
“ImagePath”=“System32\DRIVERS\mrxdav.sys”
[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\MRxSmb]
“ImagePath”=“System32\DRIVERS\mrxsmb.sys”
[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\MSDTC]
“ImagePath”=“f:\windows\System32\msdtc.exe”
[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\MSF32]
“ImagePath”="??\f:\program files\MySecretFolder XP\MSF32.SYS"
[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\Msfs]
[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\msikbd2k]
“ImagePath”=“System32\DRIVERS\msikbd2k.sys”
[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\MSIServer]
“ImagePath”=“f:\windows\system32\msiexec.exe /V”
[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\MSKSSRV]
“ImagePath”=“system32\drivers\MSKSSRV.sys”
[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\MSPCLOCK]
“ImagePath”=“system32\drivers\MSPCLOCK.sys”
[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\MSPQM]
“ImagePath”=“system32\drivers\MSPQM.sys”
[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\mssmbios]
“ImagePath”=“System32\DRIVERS\mssmbios.sys”
[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\MSTEE]
“ImagePath”=“system32\drivers\MSTEE.sys”
[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\ms_mpu401]
“ImagePath”=“system32\drivers\msmpu401.sys”
[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\MTsensor]
“ImagePath”=“System32\DRIVERS\ASACPI.sys”
[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\Mup]
[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\NABTSFEC]
“ImagePath”=“System32\DRIVERS\NABTSFEC.sys”
[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\NDIS]
[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\NdisIP]
“ImagePath”=“System32\DRIVERS\NdisIP.sys”
[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\NdisTapi]
“ImagePath”=“System32\DRIVERS\ndistapi.sys”
[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\Ndisuio]
“ImagePath”=“System32\DRIVERS\ndisuio.sys”
[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\NdisWan]
“ImagePath”=“System32\DRIVERS\ndiswan.sys”
[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\NDProxy]
[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\NetBIOS]
“ImagePath”=“System32\DRIVERS\netbios.sys”
[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\NetBT]
“ImagePath”=“System32\DRIVERS\netbt.sys”
[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\NetDDE]
“ImagePath”="%SystemRoot%\system32\netdde.exe"
[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\NetDDEdsdm]
“ImagePath”="%SystemRoot%\system32\netdde.exe"