Problem z iPlus'em :(


(Andrzew) #1

Witam mam problem 2 dni temu mój komp został zaatakowany przez trojana. Użyłem COMBOFIX'a wszystko wróciło do normy ale nie działa mi iPlus :(((. Wcześniej działał bezproblemowo. Oto log z COMBOFIX'a:

ComboFix 08-12-06.06 - Bimbollo 2008-12-08 15:24:32.3 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.2.1250.1.1045.18.811 [GMT 1:00]

Uruchomiony z: I:\ComboFix.exe

* Utworzono nowy punkt przywracania

UWAGA - TEN KOMPUTER NIE MA ZAINSTALOWANEJ KONSOLI ODZYSKIWANIA!!

.

((((((((((((((((((((((((((((((((((((((( Usunięto )))))))))))))))))))))))))))))))))))))))))))))))))

.

C:\Autorun.inf

E:\Autorun.inf

F:\autorun.inf

f:\windows\IE4 Error Log.txt

f:\windows\system32\h@tkeysh@@k.dll

f:\windows\system32\tmp70.tmp

f:\windows\system32\tmp71.tmp

G:\Autorun.inf

H:\Autorun.inf

I:\autorun.inf

.

((((((((((((((((((((((((( Pliki utworzone od 2008-11-08 do 2008-12-08 )))))))))))))))))))))))))))))))

.

2008-12-07 21:55 . 2008-12-07 21:55

2008-12-07 21:54 . 2008-12-07 21:55

2008-12-07 19:29 . 2008-12-07 19:29

2008-12-07 19:29 . 2008-12-08 15:33 1,978,400 --ahs---- f:\windows\system32\drivers\fidbox.dat

2008-12-07 19:29 . 2008-12-07 19:29 75,932 --a------ f:\windows\system32\drivers\klick.dat

2008-12-07 19:29 . 2008-12-07 19:29 74,396 --a------ f:\windows\system32\drivers\klin.dat

2008-12-07 19:29 . 2008-12-08 15:33 54,304 --ahs---- f:\windows\system32\drivers\fidbox2.dat

2008-12-07 19:29 . 2008-12-08 15:27 31,628 --ahs---- f:\windows\system32\drivers\fidbox.idx

2008-12-07 19:29 . 2008-12-08 15:27 10,268 --ahs---- f:\windows\system32\drivers\fidbox2.idx

2008-11-30 17:05 . 2008-05-30 14:11 3,850,760 --a------ f:\windows\system32\D3DX9_38.dll

2008-11-30 17:05 . 2008-05-30 14:11 1,491,992 --a------ f:\windows\system32\D3DCompiler_38.dll

2008-11-30 17:05 . 2008-05-30 14:19 507,400 --a------ f:\windows\system32\XAudio2_1.dll

2008-11-30 17:05 . 2008-05-30 14:11 467,984 --a------ f:\windows\system32\d3dx10_38.dll

2008-11-30 17:05 . 2008-05-30 14:18 238,088 --a------ f:\windows\system32\xactengine3_1.dll

2008-11-30 17:05 . 2008-05-30 14:17 65,032 --a------ f:\windows\system32\XAPOFX1_0.dll

2008-11-30 17:05 . 2008-05-30 14:17 25,608 --a------ f:\windows\system32\X3DAudio1_4.dll

2008-11-30 17:03 . 2008-11-30 17:03

2008-11-30 13:59 . 2008-11-30 13:59

2008-11-30 13:58 . 2005-10-20 16:25 12,416 --a------ f:\windows\system32\drivers\asusgsb32.sys

2008-11-30 13:48 . 2008-11-30 13:53

2008-11-30 13:47 . 2006-06-14 06:56 12,288 -ra------ f:\windows\system32\drivers\EIO.sys

2008-11-30 13:45 . 2006-09-08 14:28 2,515,656 -ra------ f:\windows\system32\ativvaxx.dat

2008-11-30 13:45 . 2006-08-23 10:27 655,842 -ra------ f:\windows\system32\drivers\ativcaxx.cpa

2008-11-30 13:45 . 2006-09-08 14:43 307,200 -ra------ f:\windows\system32\atiiiexx.dll

2008-11-30 13:45 . 2006-08-16 06:52 133,583 -ra------ f:\windows\system32\atiicdxx.dat

2008-11-30 13:45 . 2006-09-08 15:50 35,680 -ra------ f:\windows\system32\drivers\ativvpxx.vp

2008-11-30 13:45 . 2006-06-22 02:02 6,126 -ra------ f:\windows\system32\atifglpf.xml

2008-11-30 13:45 . 2006-08-23 10:26 2,096 -ra------ f:\windows\system32\drivers\ativdkxx.vp

2008-11-30 13:45 . 2006-08-23 10:26 2,096 -ra------ f:\windows\system32\drivers\ativckxx.vp

2008-11-30 13:45 . 2006-08-23 10:27 929 -ra------ f:\windows\system32\drivers\ativcaxx.vp

2008-11-18 21:52 . 2008-11-18 21:53

2008-11-18 21:50 . 2006-09-08 14:33 2,411,008 --a------ f:\windows\system32\ati3duag.dll

2008-11-18 21:50 . 2004-08-04 00:43 1,888,992 --a--c--- f:\windows\system32\dllcache\ati3duag.dll

2008-11-18 21:50 . 2006-09-08 14:28 1,086,112 --a------ f:\windows\system32\ativvaxx.dll

2008-11-18 21:50 . 2004-08-04 00:43 516,768 --a--c--- f:\windows\system32\dllcache\ativvaxx.dll

2008-11-18 21:50 . 2006-09-08 14:10 294,912 --a------ f:\windows\system32\ati2cqag.dll

2008-11-18 21:50 . 2004-08-04 00:43 229,376 --a--c--- f:\windows\system32\dllcache\ati2cqag.dll

2008-11-18 20:17 . 2008-12-07 21:54

2008-11-17 20:31 . 2008-11-17 20:31

2008-11-17 20:31 . 2008-11-17 20:31

2008-11-15 15:51 . 2006-03-13 18:35 81,728 -ra------ f:\windows\system32\drivers\k750mgmt.sys

2008-11-15 15:51 . 2006-03-13 18:35 79,488 -ra------ f:\windows\system32\drivers\k750obex.sys

2008-11-15 15:50 . 2006-03-13 18:35 89,872 -ra------ f:\windows\system32\drivers\k750mdm.sys

2008-11-15 15:50 . 2006-03-13 18:35 55,216 -ra------ f:\windows\system32\drivers\k750bus.sys

2008-11-15 15:50 . 2006-03-13 18:35 6,576 -ra------ f:\windows\system32\drivers\k750mdfl.sys

2008-11-15 15:50 . 2006-03-13 18:35 6,144 -ra------ f:\windows\system32\drivers\k750cmnt.sys

2008-11-15 15:50 . 2006-03-13 18:35 5,744 -ra------ f:\windows\system32\drivers\k750whnt.sys

2008-11-15 09:20 . 2008-11-15 09:20

2008-11-10 15:55 . 2008-11-10 15:55

.

(((((((((((((((((((((((((((((((((((((((( Sekcja Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-12-07 20:55 --------- d-----w f:\program files\Common Files\Teleca Shared

2008-12-07 19:56 --------- d-----w f:\documents and settings\Bimbollo\Dane aplikacji\iPlus

2008-12-07 18:34 --------- d-----w f:\documents and settings\All Users\Dane aplikacji\Kaspersky Lab

2008-11-30 16:10 --------- d-----w f:\program files\GameFace Messenger

2008-11-30 16:08 --------- d-----w f:\documents and settings\Bimbollo\Dane aplikacji\wsInspector

2008-11-30 16:03 --------- d--h--w f:\program files\InstallShield Installation Information

2008-11-30 12:57 737,280 -c--a-w f:\windows\iun6002.exe

2008-11-18 19:24 21,672 ----a-w f:\windows\system32\drivers\ggsemc.sys

2008-11-18 19:24 13,352 ----a-w f:\windows\system32\drivers\ggflt.sys

2008-11-12 17:10 --------- d-----w f:\documents and settings\Bimbollo\Dane aplikacji\uTorrent

2008-11-07 16:18 --------- d-----w f:\documents and settings\Bimbollo\Dane aplikacji\GetRightToGo

2008-10-27 16:08 --------- d-----w f:\documents and settings\Bimbollo\Dane aplikacji\Creative

2008-10-27 16:02 --------- d-----w f:\documents and settings\Bimbollo\Dane aplikacji\CyberLink

2008-10-27 16:01 --------- d-----w f:\program files\Creative

2008-10-27 15:50 --------- d--h--w f:\program files\Creative Installation Information

2008-10-27 15:50 --------- d-----w f:\program files\Common Files\Creative

2008-10-27 15:38 --------- d-----w f:\documents and settings\All Users\Dane aplikacji\Creative

2008-10-20 15:03 --------- d-----w f:\documents and settings\Bimbollo\Dane aplikacji\Winampek

2008-10-17 19:41 --------- d-----w f:\program files\EA SPORTS

2007-07-05 13:42 1 -c--a-w f:\documents and settings\Bimbollo\SI.bin

2007-01-19 18:52 65 -c--a-w f:\program files\Common Files\appop.log

2004-10-01 13:00 40,960 ----a-w f:\program files\Uninstall_CDS.exe

2007-11-27 19:04 848 --sha-w f:\windows\system32\KGyGaAvL.sys

.

((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane

REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects{0950B649-CBD8-4758-B4A2-1EDE5BE8B60C}]

2008-05-02 14:29 14848 --a------ f:\windows\system32\iedkcs42.dll

f:\documents and settings\All Users\Menu Start\Programy\Autostart\

Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 29696]

COMPANY_NAME WinCinema Manager.lnk - f:\program files\COMPANY_NAME\Common\Bin\WinCinemaMgr.exe [2007-01-19 229376]

InterVideo WinCinema Manager.lnk - f:\program files\COMPANY_NAME\Common\Bin\WinCinemaMgr.exe [2007-01-19 229376]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]

"DisableTaskMgr"= 1

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]

"NoLogOff"= 1

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]

"UIHost"="f:\Documents and Settings\All Users\Dane aplikacji\TuneUp Software\TuneUp Utilities\WinStyler\tu_logonui.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]

"AppInit_DLLs"=f:\progra~1\KASPER~1\KASPER~2.0\adialhk.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"vidc.asv2"= asusasv2.dll

"msacm.l3fhg"= mp3fhg.acm

"VIDC.X264"= x264vfw.dll

"VIDC.HFYU"= huffyuv.dll

"vidc.i263"= i263_32.drv

"msacm.divxa32"= divxa32.acm

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusOverride"=dword:00000001

"FirewallOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]

"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"c:\Program Files\BitTorrent\bittorrent.exe"=

"c:\Giery\S.T.A.L.K.E.R\bin\XR_3DA.exe"=

"c:\Giery\S.T.A.L.K.E.R\bin\dedicated\XR_3DA.exe"=

"f:\Program Files\Reality Pump\Earth 2160\Earth2160_NO_SSE.exe"=

"f:\Program Files\Reality Pump\Earth 2160\Earth2160_SSE.exe"=

"f:\Program Files\Messenger\msmsgs.exe"=

"c:\Program Files\Gadu-Gadu\gg.exe"=

"f:\Documents and Settings\Bimbollo\Ustawienia lokalne\Temp\ElectronicArts_Patcher_000.exe"=

"c:\Program Files\BearShare Applications\BearShare\BearShare.exe"=

"c:\Giery\Ghost Recon Advanced Warfighter\GRAW.exe"=

"e:\Giery\Knights'n'Merchants TPR\KM_TPR.exe"=

"c:\Giery\NN2BE\nwn2main.exe"=

"c:\Giery\NN2BE\nwn2main_amdxp.exe"=

"c:\Giery\NN2BE\nwupdate.exe"=

"c:\Giery\NN2BE\nwn2server.exe"=

"e:\Giery\Cod4\iw3mp.exe"=

"e:\Giery\nascar\NASCAR_Thunder_2004.exe"=

"c:\Program Files\Sony Ericsson\Update Service\Update Service.exe"=

"e:\Giery\DoW\W40kWA.exe"=

"e:\Giery\DoW\W40k.exe"=

"e:\Giery\DK\Dawn of War - Dark Crusade\DarkCrusade.exe"=

"f:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe"=

"e:\Giery\cs\hl.exe"=

"e:\Giery\EE\Empire Earth.exe"=

"e:\Giery\Empire\Empire Earth.exe"=

"c:\Program Files\IncrediMail\bin\IMApp.exe"=

"c:\Program Files\IncrediMail\bin\IncMail.exe"=

"c:\Program Files\IncrediMail\bin\ImpCnt.exe"=

"c:\Program Files\gg\gg.exe"=

"j:\CS Portable\Programs\CS USB\root\cstrike.exe"=

"c:\Obrazy\CS Portable\Programs\start\BORGChat\BORGChat.exe"=

"c:\Obrazy\CS Portable\Programs\CS USB\root\hl.exe"=

"c:\Obrazy\CS Portable\Programs\CS USB\root\cstrike.exe"=

"c:\Program Files\Strip Poker Exclusive 2\StripPokerExclusive2.exe"=

"c:\Program Files\Murator\INFORMATORROLNICZY 2008\INFORMATORY.exe"=

"c:\Giery\Grid\GRID.exe"=

"c:\Program Files\uTorrent\uTorrent.exe"=

"e:\Giery\Soulstorm\Soulstorm.exe"=

"f:\Program Files\Sony Ericsson\Update Service\Update Service.exe"=

"e:\Giery\Cod 5\CoDWaWmp.exe"=

"e:\Giery\Cod 5\CoDWaW.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"13012:TCP"= 13012:TCP:BitComet 13012 TCP

"13012:UDP"= 13012:UDP:BitComet 13012 UDP

"8461:TCP"= 8461:TCP:GoD High Port

"8462:TCP"= 8462:TCP:GoD Low Port

R0 ivicd;Ivi CDVD Filter Driver;f:\windows\system32\drivers\ivicd.sys [2007-01-19 38784]

R1 msikbd2k;Multimedia Keyboard Filter Driver;f:\windows\system32\DRIVERS\msikbd2k.sys [2007-01-20 6942]

R2 AMD64CA;AMD64CA;\??\f:\windows\System32\Drivers\AMD64CAx86.sys [2008-07-23 2112]

R2 MSF32;MSF32;\??\f:\program files\MySecretFolder XP\MSF32.SYS [2007-03-23 32128]

R2 nhksrv;Netropa NHK Server;f:\program files\Netropa\Multimedia Keyboard\nhksrv.exe [2007-01-20 28672]

R3 Amusbdev;A4Tech Wireless Desktop USB RF-Mouse filter driver;f:\windows\system32\DRIVERS\Amusbdev.sys [2004-08-25 7424]

S1 ShldDrv;Panda File Shield Driver; []

S2 PavProc;Panda Process Protection Driver; []

S3 AVPsys;AVPsys;\??\f:\windows\system32\drivers\cdaudio.sys [2001-08-17 18688]

S3 ComFiltr;Panda Anti-Dialer; []

S3 ggflt;SEMC USB Flash Driver Filter;f:\windows\system32\DRIVERS\ggflt.sys [2007-11-13 13352]

S3 iviudf;iviudf;f:\windows\system32\drivers\IviUdf.sys [2007-01-19 126592]

S3 klim5;Kaspersky Anti-Virus NDIS Filter;f:\windows\system32\DRIVERS\klim5.sys []

S3 NPF;NetGroup Packet Filter Driver;f:\windows\system32\drivers\npf.sys [2005-08-02 32512]

S3 SEMWModem;Sony Ericsson SEMWModem; []

S3 SEMWWNIC;Sony Ericsson SEMWWNIC;f:\windows\system32\DRIVERS\GCXXNet.sys [2007-03-17 53248]

S3 Video3D;ASUS Video3D Service;f:\windows\system32\Drivers\Video3D32.sys []

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs

UxTuneUp

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2{0aff4911-a7ea-11db-ad9e-806d6172696f}]

\Shell\AutoRun\command - f:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe pagefile.sys.vbs

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2{0aff4912-a7ea-11db-ad9e-806d6172696f}]

\Shell\AutoRun\command - f:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe pagefile.sys.vbs

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2{0d8df2e0-a55e-11dc-a234-94ff33404e23}]

\Shell\AutoRun\command - I:\CDCheck.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2{17c1e7a4-abbe-11db-a775-abc1de3da736}]

\Shell\AutoRun\command - I:\Autorun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2{1adaaaac-a7ed-11db-a769-806d6172696f}]

\Shell\AutoRun\command - D:\start.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2{44e26d67-0703-11dd-9354-b98fe71c7ded}]

\Shell\AutoRun\command - f:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL copy.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2{44e26d69-0703-11dd-9354-b98fe71c7ded}]

\Shell\AutoRun\command - f:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL copy.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2{44e26d6a-0703-11dd-9354-b98fe71c7ded}]

\Shell\AutoRun\command - f:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL copy.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2{5067bf8e-012c-11dc-90bc-9ac9cea32d28}]

\Shell\AutoRun\command - i:\restore\S-1-5-21-1482476501-1644491937-682003330-1013\lin32.exe

\Shell\open\command - i:\restore\S-1-5-21-1482476501-1644491937-682003330-1013\lin32.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2{91f2f484-0f68-11dc-90f9-b5ae7f88fe19}]

\Shell\AutoRun\command - i:\restore\S-1-5-21-1482476501-1644491937-682003330-1013\lin32.exe

\Shell\open\command - i:\restore\S-1-5-21-1482476501-1644491937-682003330-1013\lin32.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2{9781a0df-34b5-11dd-8187-87df668b8420}]

\Shell\AutoRun\command - I:\b.exe

\Shell\explore\Command - I:\b.exe

\Shell\open\Command - I:\b.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2{cad0a9d2-a5cf-11dd-873f-d6c00e5aaa1f}]

\Shell\AutoRun\command - I:\ekugb3.bat

\Shell\explore\Command - I:\ekugb3.bat

\Shell\open\Command - I:\ekugb3.bat

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components{28ABC5C0-4FCB-11CF-AAX5-81CX1C635612}]

c:\restore\S-1-5-21-1482476501-1644491937-682003330-1013\lin32.exe

.

Zawartość folderu 'Zaplanowane zadania'

2008-11-14 f:\windows\Tasks\1-Click Maintenance.job

  • c:\program files\TuneUp Utilities 2006\SystemOptimizer.exe [2006-10-05 15:09]

.

  • USUNIĘTO PUSTE WPISY - - - -

SafeBoot-procexp90.Sys

.

------- Skan uzupełniający -------

.

uStart Page = hxxp://google.incredimail.com/english

uSearchAssistant = hxxp://www.google.com/ie

IE: Dodaj do blokowanych banerów - f:\program files\Kaspersky Lab\Kaspersky Internet Security 7.0\ie_banner_deny.htm

IE: Eksport do programu Microsoft Excel - f:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O16 -: DirectAnimation Java Classes - file://f:\windows\Java\classes\dajava.cab

f:\windows\Downloaded Program Files\DirectAnimation Java Classes.osd

O16 -: Microsoft XML Parser for Java - file://f:\windows\Java\classes\xmldso.cab

f:\windows\Downloaded Program Files\Microsoft XML Parser for Java.osd

FireFox -: Profile - f:\documents and settings\Bimbollo\Dane aplikacji\Mozilla\Firefox\Profiles\si1w6ixr.default\

FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.google.pl/

FF -: plugin - c:\program files\Adobe\Acrobat 7.0\Reader\browser\nppdf32.dll

FF -: plugin - f:\program files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll

FF -: plugin - f:\program files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll

.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-12-08 15:32:53

Windows 5.1.2600 Dodatek Service Pack 2 NTFS

skanowanie ukrytych procesów ...

skanowanie ukrytych wpisów autostartu ...

skanowanie ukrytych plików ...

skanowanie pomyślnie ukończone

ukryte pliki: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services.NET CLR Data]

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services.NET CLR Networking]

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services.NET Data Provider for Oracle]

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services.NET Data Provider for SqlServer]

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services.NETFramework]

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\Abiosdsk]

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\abp480n5]

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\acap2000]

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\ACPI]

"ImagePath"="System32\DRIVERS\ACPI.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\ACPIEC]

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\adpu160m]

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\aec]

"ImagePath"="system32\drivers\aec.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\AFD]

"ImagePath"="\SystemRoot\System32\drivers\afd.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\Aha154x]

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\aic78u2]

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\aic78xx]

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\Alerter]

"ServiceDll"="%SystemRoot%\system32\alrsvc.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\ALG]

"ImagePath"="%SystemRoot%\System32\alg.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\AliIde]

"ImagePath"="System32\DRIVERS\aliide.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\AMD64CA]

"ImagePath"="\??\f:\windows\System32\Drivers\AMD64CAx86.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\AmdK8]

"ImagePath"="System32\DRIVERS\AmdK8.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\Amfilter]

"ImagePath"="System32\DRIVERS\Amfilter.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\amsint]

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\Amusbdev]

"ImagePath"="System32\DRIVERS\Amusbdev.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\Amusbprt]

"ImagePath"="System32\DRIVERS\Amusbprt.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\AppMgmt]

"ServiceDll"="%SystemRoot%\System32\appmgmts.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\Arp1394]

"ImagePath"="System32\DRIVERS\arp1394.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\asc]

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\asc3350p]

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\asc3550]

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\ASP.NET]

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\ASP.NET_1.1.4322]

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\ASP.NET_2.0.50727]

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\aspnet_state]

"ImagePath"="%SystemRoot%\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\asusgsb]

"ImagePath"="system32\drivers\asusgsb32.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\asuskbnt]

"ImagePath"="system32\drivers\atkkbnt.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\AsyncMac]

"ImagePath"="System32\DRIVERS\asyncmac.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\atapi]

"ImagePath"="System32\DRIVERS\atapi.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\Atdisk]

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\Ati HotKey Poller]

"ImagePath"="%SystemRoot%\system32\Ati2evxx.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\ati2mtag]

"ImagePath"="system32\DRIVERS\ati2mtag.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\ATIAVAIW]

"ImagePath"="System32\DRIVERS\atinavt2.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\Atierecord]

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\ATKKeyboardService]

"ImagePath"="f:\windows\ATKKBService.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\atksgt]

"ImagePath"="system32\DRIVERS\atksgt.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\Atmarpc]

"ImagePath"="System32\DRIVERS\atmarpc.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\AudioSrv]

"ServiceDll"="%SystemRoot%\System32\audiosrv.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\audstub]

"ImagePath"="System32\DRIVERS\audstub.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\AVP]

"ImagePath"="\"f:\program files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe\" -r"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\AVPsys]

"ImagePath"="\??\f:\windows\system32\drivers\cdaudio.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\basic2]

"ImagePath"="System32\DRIVERS\HSF_BSC2.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\BattC]

"MofImagePath"="System32\Drivers\battc.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\Beep]

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\BITS]

"ServiceDll"="f:\windows\System32\qmgr.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\Browser]

"ServiceDll"="%SystemRoot%\System32\browser.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\cbidf2k]

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\CCDECODE]

"ImagePath"="System32\DRIVERS\CCDECODE.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\cd20xrnt]

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\Cdaudio]

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\Cdfs]

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\Cdrom]

"ImagePath"="System32\DRIVERS\cdrom.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\Changer]

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\CiSvc]

"ImagePath"="%SystemRoot%\system32\cisvc.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\ClipSrv]

"ImagePath"="%SystemRoot%\system32\clipsrv.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\clr_optimization_v2.0.50727_32]

"ImagePath"="f:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\CmdIde]

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\ComFiltr]

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\COMSysApp]

"ImagePath"="f:\windows\System32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235}"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\ContentFilter]

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\ContentIndex]

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\Cpqarray]

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\Creative Service for CDROM Access]

"ImagePath"="f:\windows\system32\CTsvcCDA.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\CryptSvc]

"ServiceDll"="%SystemRoot%\System32\cryptsvc.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\ctac32k]

"ImagePath"="system32\drivers\ctac32k.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\ctaud2k]

"ImagePath"="system32\drivers\ctaud2k.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\ctdvda2k]

"ImagePath"="system32\drivers\ctdvda2k.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\ctprxy2k]

"ImagePath"="system32\drivers\ctprxy2k.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\ctsfm2k]

"ImagePath"="system32\drivers\ctsfm2k.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\dac2w2k]

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\dac960nt]

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\DcomLaunch]

"ServiceDll"="%SystemRoot%\system32\rpcss.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\ddxgb]

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\Dhcp]

"ServiceDll"="%SystemRoot%\System32\dhcpcsvc.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\Disk]

"ImagePath"="System32\DRIVERS\disk.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\dmadmin]

"ImagePath"="%SystemRoot%\System32\dmadmin.exe /com"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\dmboot]

"ImagePath"="System32\drivers\dmboot.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\dmio]

"ImagePath"="System32\drivers\dmio.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\dmload]

"ImagePath"="System32\drivers\dmload.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\dmserver]

"ServiceDll"="%SystemRoot%\System32\dmserver.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\DMusic]

"ImagePath"="system32\drivers\DMusic.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\Dnscache]

"ServiceDll"="%SystemRoot%\System32\dnsrslvr.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\dpti2o]

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\drmkaud]

"ImagePath"="system32\drivers\drmkaud.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\dtscsi]

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\EIO]

"ImagePath"="\??\f:\windows\system32\drivers\EIO.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\emupia]

"ImagePath"="system32\drivers\emupia2k.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\ENTECH]

"ImagePath"="\??\f:\windows\system32\DRIVERS\ENTECH.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\ERSvc]

"ServiceDll"="%SystemRoot%\System32\ersvc.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\Eventlog]

"ImagePath"="%SystemRoot%\system32\services.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\EventSystem]

"ServiceDll"="f:\windows\System32\es.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\Fallback]

"ImagePath"="System32\DRIVERS\HSF_FALL.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\Fastfat]

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\FastUserSwitchingCompatibility]

"ServiceDll"="%SystemRoot%\System32\shsvcs.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\Fdc]

"ImagePath"="System32\DRIVERS\fdc.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\Fips]

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\Flpydisk]

"ImagePath"="System32\DRIVERS\flpydisk.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\FltMgr]

"ImagePath"="system32\drivers\fltmgr.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\Fsks]

"ImagePath"="System32\DRIVERS\HSF_FSKS.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\Fs_Rec]

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\FTDIBUS]

"ImagePath"="system32\drivers\ftdibus.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\Ftdisk]

"ImagePath"="System32\DRIVERS\ftdisk.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\FTSER2K]

"ImagePath"="system32\drivers\ftser2k.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\gameenum]

"ImagePath"="System32\DRIVERS\gameenum.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\ggflt]

"ImagePath"="system32\DRIVERS\ggflt.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\ggsemc]

"ImagePath"="system32\DRIVERS\ggsemc.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\Gpc]

"ImagePath"="System32\DRIVERS\msgpc.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\gusvc]

"ImagePath"="\"f:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe\""

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\GVCplDrv]

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\ha20x2k]

"ImagePath"="system32\drivers\ha20x2k.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\HDAudBus]

"ImagePath"="System32\DRIVERS\HDAudBus.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\helpsvc]

"ServiceDll"="%WINDIR%\PCHealth\HelpCtr\Binaries\pchsvc.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\HidServ]

"ServiceDll"="%SystemRoot%\System32\hidserv.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\hidusb]

"ImagePath"="System32\DRIVERS\hidusb.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\hpn]

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\HSFHWBS2]

"ImagePath"="System32\DRIVERS\HSFBS2S2.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\HSF_DP]

"ImagePath"="System32\DRIVERS\HSFDPSP2.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\hsf_msft]

"ImagePath"="System32\DRIVERS\HSF_MSFT.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\HTTP]

"ImagePath"="System32\Drivers\HTTP.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\HTTPFilter]

"ServiceDll"="%SystemRoot%\System32\w3ssl.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\i2omgmt]

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\i2omp]

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\i8042prt]

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\IDriverT]

"ImagePath"="\"f:\program files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe\""

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\Imapi]

"ImagePath"="System32\DRIVERS\imapi.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\ImapiService]

"ImagePath"="f:\windows\System32\imapi.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\InCDFs]

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\InCDPass]

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\InCDRm]

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\inetaccs]

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\ini910u]

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\Inport]

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\IntcAzAudAddService]

"ImagePath"="system32\drivers\RtkHDAud.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\IntelIde]

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\ip6fw]

"ImagePath"="system32\drivers\ip6fw.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\IpFilterDriver]

"ImagePath"="System32\DRIVERS\ipfltdrv.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\IpInIp]

"ImagePath"="System32\DRIVERS\ipinip.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\IpNat]

"ImagePath"="System32\DRIVERS\ipnat.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\IPSec]

"ImagePath"="System32\DRIVERS\ipsec.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\IRENUM]

"ImagePath"="System32\DRIVERS\irenum.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\ISAPISearch]

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\isapnp]

"ImagePath"="System32\DRIVERS\isapnp.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\Iviaspi]

"ImagePath"="system32\drivers\iviaspi.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\ivicd]

"ImagePath"="system32\drivers\ivicd.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\iviudf]

"ImagePath"="system32\drivers\IviUdf.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\K56]

"ImagePath"="System32\DRIVERS\HSF_K56K.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\k750bus]

"ImagePath"="system32\DRIVERS\k750bus.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\k750mdfl]

"ImagePath"="system32\DRIVERS\k750mdfl.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\k750mdm]

"ImagePath"="system32\DRIVERS\k750mdm.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\k750mgmt]

"ImagePath"="system32\DRIVERS\k750mgmt.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\k750obex]

"ImagePath"="system32\DRIVERS\k750obex.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\Kbdclass]

"ImagePath"="System32\DRIVERS\kbdclass.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\kbdhid]

"ImagePath"="System32\DRIVERS\kbdhid.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\kl1]

"ImagePath"="system32\drivers\kl1.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\klif]

"ImagePath"="\??\f:\windows\system32\drivers\klif.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\klim5]

"ImagePath"="system32\DRIVERS\klim5.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\kmixer]

"ImagePath"="system32\drivers\kmixer.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\KSecDD]

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\lanmanserver]

"ServiceDll"="%SystemRoot%\System32\srvsvc.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\lanmanworkstation]

"ServiceDll"="%SystemRoot%\System32\wkssvc.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\lbrtfdc]

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\ldap]

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\LicenseService]

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\LightScribeService]

"ImagePath"="\"f:\program files\Common Files\LightScribe\LSSrvc.exe\""

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\lirsgt]

"ImagePath"="system32\DRIVERS\lirsgt.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\LmHosts]

"ServiceDll"="%SystemRoot%\System32\lmhsvc.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\mcdbus]

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\MDM]

"ImagePath"="\"f:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE\""

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\mdmxsdk]

"ImagePath"="System32\DRIVERS\mdmxsdk.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\Messenger]

"ServiceDll"="%SystemRoot%\System32\msgsvc.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\mnmdd]

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\mnmsrvc]

"ImagePath"="f:\windows\System32\mnmsrvc.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\Modem]

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\Mouclass]

"ImagePath"="System32\DRIVERS\mouclass.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\mouhid]

"ImagePath"="System32\DRIVERS\mouhid.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\MountMgr]

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\MPE]

"ImagePath"="System32\DRIVERS\MPE.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\mraid35x]

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\MRxDAV]

"ImagePath"="System32\DRIVERS\mrxdav.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\MRxSmb]

"ImagePath"="System32\DRIVERS\mrxsmb.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\MSDTC]

"ImagePath"="f:\windows\System32\msdtc.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\MSF32]

"ImagePath"="\??\f:\program files\MySecretFolder XP\MSF32.SYS"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\Msfs]

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\msikbd2k]

"ImagePath"="System32\DRIVERS\msikbd2k.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\MSIServer]

"ImagePath"="f:\windows\system32\msiexec.exe /V"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\MSKSSRV]

"ImagePath"="system32\drivers\MSKSSRV.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\MSPCLOCK]

"ImagePath"="system32\drivers\MSPCLOCK.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\MSPQM]

"ImagePath"="system32\drivers\MSPQM.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\mssmbios]

"ImagePath"="System32\DRIVERS\mssmbios.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\MSTEE]

"ImagePath"="system32\drivers\MSTEE.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\ms_mpu401]

"ImagePath"="system32\drivers\msmpu401.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\MTsensor]

"ImagePath"="System32\DRIVERS\ASACPI.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\Mup]

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\NABTSFEC]

"ImagePath"="System32\DRIVERS\NABTSFEC.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\NDIS]

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\NdisIP]

"ImagePath"="System32\DRIVERS\NdisIP.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\NdisTapi]

"ImagePath"="System32\DRIVERS\ndistapi.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\Ndisuio]

"ImagePath"="System32\DRIVERS\ndisuio.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\NdisWan]

"ImagePath"="System32\DRIVERS\ndiswan.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\NDProxy]

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\NetBIOS]

"ImagePath"="System32\DRIVERS\netbios.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\NetBT]

"ImagePath"="System32\DRIVERS\netbt.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\NetDDE]

"ImagePath"="%SystemRoot%\system32\netdde.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\NetDDEdsdm]

"ImagePath"="%SystemRoot%\system32\netdde.exe"


(Andrzew) #2

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\Netlogon]

"ImagePath"="%SystemRoot%\System32\lsass.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\Netman]

"ServiceDll"="%SystemRoot%\System32\netman.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\nhksrv]

"ImagePath"="f:\program files\Netropa\Multimedia Keyboard\nhksrv.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\NIC1394]

"ImagePath"="System32\DRIVERS\nic1394.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\Nla]

"ServiceDll"="%SystemRoot%\System32\mswsock.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\nm]

"ImagePath"="system32\DRIVERS\NMnt.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\NPF]

"ImagePath"="system32\drivers\npf.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\Npfs]

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\Ntfs]

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\NtLmSsp]

"ImagePath"="%SystemRoot%\System32\lsass.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\NtmsSvc]

"ServiceDll"="%SystemRoot%\system32\ntmssvc.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\Null]

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\NwlnkFlt]

"ImagePath"="System32\DRIVERS\nwlnkflt.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\NwlnkFwd]

"ImagePath"="System32\DRIVERS\nwlnkfwd.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\ohci1394]

"ImagePath"="System32\DRIVERS\ohci1394.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\ose]

"ImagePath"="\"f:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE\""

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\ossrv]

"ImagePath"="system32\drivers\ctoss2k.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\Outlook]

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\Parport]

"ImagePath"="System32\DRIVERS\parport.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\PartMgr]

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\ParVdm]

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\PavProc]

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\PavPrSrv]

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\PCI]

"ImagePath"="System32\DRIVERS\pci.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\PCIDump]

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\PCIIde]

"ImagePath"="System32\DRIVERS\pciide.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\Pcmcia]

"ImagePath"="system32\DRIVERS\pcmcia.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\PDCOMP]

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\PDFRAME]

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\PDRELI]

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\PDRFRAME]

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\perc2]

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\perc2hib]

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\PerfDisk]

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\PerfNet]

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\PerfOS]

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\PerfProc]

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\Pfc]

"ImagePath"="system32\drivers\pfc.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\PlugPlay]

"ImagePath"="%SystemRoot%\system32\services.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\PolicyAgent]

"ImagePath"="%SystemRoot%\System32\lsass.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\PptpMiniport]

"ImagePath"="System32\DRIVERS\raspptp.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\Processor]

"ImagePath"="System32\DRIVERS\processr.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\ProtectedStorage]

"ImagePath"="%SystemRoot%\system32\lsass.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\PSched]

"ImagePath"="System32\DRIVERS\psched.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\Ptilink]

"ImagePath"="System32\DRIVERS\ptilink.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\PxHelp20]

"ImagePath"="System32\DRIVERS\PxHelp20.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\ql1080]

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\Ql10wnt]

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\ql12160]

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\ql1240]

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\ql1280]

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\RasAcd]

"ImagePath"="System32\DRIVERS\rasacd.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\RasAuto]

"ServiceDll"="%SystemRoot%\System32\rasauto.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\Rasl2tp]

"ImagePath"="System32\DRIVERS\rasl2tp.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\RasMan]

"ServiceDll"="%SystemRoot%\System32\rasmans.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\RasPppoe]

"ImagePath"="System32\DRIVERS\raspppoe.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\Raspti]

"ImagePath"="System32\DRIVERS\raspti.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\Rdbss]

"ImagePath"="System32\DRIVERS\rdbss.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\RDPCDD]

"ImagePath"="System32\DRIVERS\RDPCDD.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\RDPDD]

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\rdpdr]

"ImagePath"="System32\DRIVERS\rdpdr.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\RDPNP]

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\RDPWD]

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\RDSessMgr]

"ImagePath"="f:\windows\system32\sessmgr.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\redbook]

"ImagePath"="System32\DRIVERS\redbook.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\RemoteAccess]

"ServiceDll"="%SystemRoot%\System32\mprdim.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\RemoteRegistry]

"ServiceDll"="%SystemRoot%\system32\regsvc.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\Rksample]

"ImagePath"="System32\DRIVERS\HSF_SAMP.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\ROOTMODEM]

"ImagePath"="System32\Drivers\RootMdm.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\rpcapd]

"ImagePath"="\"%ProgramFiles%\WinPcap\rpcapd.exe\" -d -f \"%ProgramFiles%\WinPcap\rpcapd.ini\""

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\RpcLocator]

"ImagePath"="%SystemRoot%\System32\locator.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\RpcSs]

"ServiceDll"="%SystemRoot%\system32\rpcss.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\RSVP]

"ImagePath"="%SystemRoot%\System32\rsvp.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\SamSs]

"ImagePath"="%SystemRoot%\system32\lsass.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\SCardSvr]

"ImagePath"="%SystemRoot%\System32\SCardSvr.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\SCDEmu]

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\Schedule]

"ServiceDll"="%SystemRoot%\system32\schedsvc.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\ScsiPort]

"ImagePath"="%SystemRoot%\system32\drivers\scsiport.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\SE26bus]

"ImagePath"="system32\DRIVERS\SE26bus.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\SE26mdfl]

"ImagePath"="system32\DRIVERS\SE26mdfl.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\SE26mdm]

"ImagePath"="system32\DRIVERS\SE26mdm.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\SE26mgmt]

"ImagePath"="system32\DRIVERS\SE26mgmt.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\se26nd5]

"ImagePath"="system32\DRIVERS\se26nd5.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\SE26obex]

"ImagePath"="system32\DRIVERS\SE26obex.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\se26unic]

"ImagePath"="system32\DRIVERS\se26unic.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\Secdrv]

"ImagePath"="System32\DRIVERS\secdrv.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\seclogon]

"ServiceDll"="%SystemRoot%\System32\seclogon.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\SEMWModem]

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\SEMWWNIC]

"ImagePath"="system32\DRIVERS\GCXXNet.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\SENS]

"ServiceDll"="%SystemRoot%\system32\sens.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\serenum]

"ImagePath"="System32\DRIVERS\serenum.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\Serial]

"ImagePath"="System32\DRIVERS\serial.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\sermouse]

"ImagePath"="System32\DRIVERS\sermouse.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\sfdrv01]

"ImagePath"="System32\drivers\sfdrv01.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\sfhlp02]

"ImagePath"="System32\drivers\sfhlp02.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\Sfloppy]

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\sfsync02]

"ImagePath"="System32\drivers\sfsync02.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\sfvfs02]

"ImagePath"="System32\drivers\sfvfs02.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\SharedAccess]

"ServiceDll"="%SystemRoot%\System32\ipnathlp.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\ShellHWDetection]

"ServiceDll"="%SystemRoot%\System32\shsvcs.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\ShldDrv]

"ImagePath"="f:\windows\system32\DRIVERS\ShldDrv.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\SI3132]

"ImagePath"="System32\DRIVERS\SI3132.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\SiFilter]

"ImagePath"="System32\DRIVERS\SiWinAcc.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\Simbad]

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\SLIP]

"ImagePath"="System32\DRIVERS\SLIP.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\SNMP]

"ImagePath"="%SystemRoot%\System32\snmp.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\SNMPTRAP]

"ImagePath"="%SystemRoot%\System32\snmptrap.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\SoftFax]

"ImagePath"="System32\DRIVERS\HSF_FAXX.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\Sparrow]

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\splitter]

"ImagePath"="system32\drivers\splitter.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\Spooler]

"ImagePath"="%SystemRoot%\system32\spoolsv.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\sptd]

"ImagePath"="System32\Drivers\sptd.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\sr]

"ImagePath"="System32\DRIVERS\sr.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\srservice]

"ServiceDll"="f:\windows\System32\srsvc.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\Srv]

"ImagePath"="System32\DRIVERS\srv.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\SSDPSRV]

"ServiceDll"="%SystemRoot%\System32\ssdpsrv.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\stisvc]

"ServiceDll"="%SystemRoot%\system32\wiaservc.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\streamip]

"ImagePath"="System32\DRIVERS\StreamIP.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\swenum]

"ImagePath"="System32\DRIVERS\swenum.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\swmidi]

"ImagePath"="system32\drivers\swmidi.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\SwPrv]

"ImagePath"="f:\windows\System32\dllhost.exe /Processid:{0103449C-CFD6-47FB-9905-DB1ACB442CF3}"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\swwd]

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\symc810]

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\symc8xx]

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\sym_hi]

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\sym_u3]

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\sysaudio]

"ImagePath"="system32\drivers\sysaudio.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\SysmonLog]

"ImagePath"="%SystemRoot%\system32\smlogsvc.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\TapiSrv]

"ServiceDll"="%SystemRoot%\System32\tapisrv.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\Tcpip]

"ImagePath"="System32\DRIVERS\tcpip.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\TDPIPE]

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\TDTCP]

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\TermDD]

"ImagePath"="System32\DRIVERS\termdd.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\TermService]

"ServiceDll"="%SystemRoot%\System32\termsrv.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\Themes]

"ServiceDll"="%SystemRoot%\System32\shsvcs.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\TlntSvr]

"ImagePath"="f:\windows\System32\tlntsvr.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\Tones]

"ImagePath"="System32\DRIVERS\HSF_TONE.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\TosIde]

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\TrkWks]

"ServiceDll"="%SystemRoot%\system32\trkwks.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\TSDDD]

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\udffsrec]

"ImagePath"="system32\drivers\udffsrec.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\Udfs]

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\ultra]

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\Update]

"ImagePath"="System32\DRIVERS\update.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\upnphost]

"ServiceDll"="%SystemRoot%\System32\upnphost.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\UPS]

"ImagePath"="%SystemRoot%\System32\ups.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\usbccgp]

"ImagePath"="System32\DRIVERS\usbccgp.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\usbehci]

"ImagePath"="System32\DRIVERS\usbehci.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\usbhub]

"ImagePath"="System32\DRIVERS\usbhub.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\usbohci]

"ImagePath"="System32\DRIVERS\usbohci.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\usbscan]

"ImagePath"="system32\DRIVERS\usbscan.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\USBSTOR]

"ImagePath"="system32\DRIVERS\USBSTOR.SYS"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\UxTuneUp]

"ServiceDll"="%SystemRoot%\System32\uxtuneup.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\V124]

"ImagePath"="System32\DRIVERS\HSF_V124.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\VgaSave]

"ImagePath"="\SystemRoot\System32\drivers\vga.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\ViaIde]

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\Video3D]

"ImagePath"="System32\Drivers\Video3D32.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\VolSnap]

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\VSS]

"ImagePath"="%SystemRoot%\System32\vssvc.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\VxD]

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\W32Time]

"ServiceDll"="f:\windows\System32\w32time.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\W3SVC]

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\Wanarp]

"ImagePath"="System32\DRIVERS\wanarp.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\Wdf01000]

"ImagePath"="system32\DRIVERS\Wdf01000.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\WDICA]

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\wdmaud]

"ImagePath"="system32\drivers\wdmaud.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\WebClient]

"ServiceDll"="%SystemRoot%\System32\webclnt.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\winachsf]

"ImagePath"="System32\DRIVERS\HSFCXTS2.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\winmgmt]

"ServiceDll"="%SystemRoot%\system32\wbem\WMIsvc.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\Winsock]

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\WinSock2]

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\WinTrust]

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\WmdmPmSN]

"ServiceDll"="f:\windows\system32\MsPMSNSv.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\Wmi]

"ServiceDll"="%SystemRoot%\System32\advapi32.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\WmiApRpl]

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\WmiApSrv]

"ImagePath"="f:\windows\System32\wbem\wmiapsrv.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\WS2IFSL]

"ImagePath"="\SystemRoot\System32\drivers\ws2ifsl.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\wscsvc]

"ServiceDll"="%SYSTEMROOT%\system32\wscsvc.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\WSTCODEC]

"ImagePath"="System32\DRIVERS\WSTCODEC.SYS"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\wuauserv]

"ServiceDll"="f:\windows\system32\wuauserv.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\WZCSVC]

"ServiceDll"="%SystemRoot%\System32\wzcsvc.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\xmlprov]

"ServiceDll"="%SystemRoot%\System32\xmlprov.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\yukonwxp]

"ImagePath"="System32\DRIVERS\yk51x86.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services{2007D17A-907B-427A-9F05-536978AD44B8}]

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services{60F8C6EB-59E1-47A4-840F-1C9A312EF25B}]

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services{9486AE69-BC2A-477C-8983-27E4A9E9706B}]

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services{F15A4EB6-B7BC-4DA2-BE9E-9A7B3EDF03B9}]

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services{F1A83494-9C92-41F7-8FB5-0FF436336579}]

.

--------------------- Pliki DLL ładowane pod uruchomionymi procesami ---------------------

  • > 'winlogon.exe'(512)

f:\windows\system32\Ati2evxx.dll

.

------------------------ Pozostałe uruchomione procesy ------------------------

.

f:\windows\system32\ati2evxx.exe

f:\windows\system32\ati2evxx.exe

f:\program files\Common Files\LightScribe\LSSrvc.exe

f:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

f:\windows\system32\snmp.exe

f:\program files\InterVideo\Common\Bin\WinCinemaMgr.exe

f:\program files\Netropa\Multimedia Keyboard\MMKeybd.exe

f:\progra~1\MYSECR~1\MSFMON.exe

f:\program files\Java\jre1.6.0_05\bin\jusched.exe

c:\program files\PowerISO\PWRISOVM.EXE

c:\progra~1\A4Tech\Keyboard\Ikeymain.exe

f:\program files\CyberLink\PowerDVD\PDVDServ.exe

c:\program files\Winampek\winampa.exe

f:\windows\CTHELPER.EXE

f:\windows\system32\CTXFIHLP.EXE

c:\program files\X-Fi\DVDAudio\CTDVDDET.exe

f:\program files\Creative\Shared Files\Module Loader\DLLML.exe

f:\program files\Netropa\Onscreen Display\osd.exe

f:\windows\system32\CTXFISPI.EXE

c:\program files\X-Fi\Volume Panel\VolPanlu.exe

f:\program files\Creative\Shared Files\CTSched.exe

f:\program files\COMPANY_NAME\Disc Master 2.5\DirectCD.exe

f:\program files\ATI Technologies\ATI.ACE\CLI.exe

c:\iplus manager\iPlusChecker.exe

f:\program files\CursorXP\CursorXP.exe

f:\program files\Messenger\msmsgs.exe

c:\program files\X-Fi\Entertainment Center\EAXLoadr.exe

c:\program files\DAEMON Tools Pro\DTProAgent.exe

c:\program files\Picasa2\PicasaMediaDetector.exe

f:\program files\Common Files\Teleca Shared\CapabilityManager.exe

c:\program files\gg\gg.exe

f:\program files\ATI Technologies\ATI.ACE\CLI.exe

f:\program files\ATI Technologies\ATI.ACE\CLI.exe

.

**************************************************************************

.

Czas ukończenia: 2008-12-08 15:35:02 - komputer został uruchomiony ponownie

ComboFix-quarantined-files.txt 2008-12-08 14:34:50

Przed: 5 328 519 168 bajtów wolnych

Po: 5,264,019,456 bajtów wolnych

985 --- E O F --- 2008-06-21 14:34:01

PROSZĘ O POMOC !!


(Agatonster) #3

Bimbollo ,

Popraw tytuł na konkretny, mówiący o problemie. W celu dokonania zaleconej korekty - proszę użyć przycisku ac7a4cd89050aa6e.gif