Proszę o sprawdzenie loga


(Cielak1) #1

Oto i on.

ComboFix 08-08-30.03 - CIELAK 2008-08-31 11:41:53.1 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.2.1250.1.1045.18.1672 [GMT 2:00]

Running from: C:\Documents and Settings\CIELAK\Pulpit\ComboFix.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED!!

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

C:\Autorun.inf

C:\Documents and Settings\Paweł\Dane aplikacji\macromedia\Flash Player#SharedObjects\PZ3PTEF3\www.broadcaster.com

C:\Documents and Settings\Paweł\Dane aplikacji\macromedia\Flash Player#SharedObjects\PZ3PTEF3\www.broadcaster.com\played_list.sol

C:\Documents and Settings\Paweł\Dane aplikacji\macromedia\Flash Player#SharedObjects\PZ3PTEF3\www.broadcaster.com\video_queue.sol

C:\Documents and Settings\Paweł\Dane aplikacji\macromedia\Flash Player\macromedia.com\support\flashplayer\sys#www.broadcaster.com

C:\Documents and Settings\Paweł\Dane aplikacji\macromedia\Flash Player\macromedia.com\support\flashplayer\sys#www.broadcaster.com\settings.sol

C:\Program Files\FunWebProducts

C:\Program Files\FunWebProducts\ScreenSaver\Images\02D4B3BE.urr

C:\WINDOWS\system32\amvo.exe

C:\WINDOWS\system32\amvo0.dll

E:\Autorun.inf

F:\Autorun.inf

G:\Autorun.inf

N:\Autorun.inf

.

((((((((((((((((((((((((( Files Created from 2008-07-28 to 2008-08-31 )))))))))))))))))))))))))))))))

.

2008-08-29 06:22 . 2007-07-02 19:36

2008-08-29 06:22 . 2007-07-02 19:36

2008-08-29 06:22 . 2007-07-02 17:44

2008-08-29 06:22 . 2007-07-02 19:36

2008-08-29 06:22 . 2007-07-02 19:36

2008-08-29 06:22 . 2007-07-02 19:36

2008-08-29 06:22 . 2007-07-02 19:36

2008-08-29 06:22 . 2008-08-29 06:22

2008-08-27 17:00 . 2008-03-16 01:28 101,140 -r-hs---- C:\3o.exe

2008-08-23 18:15 . 2008-08-23 18:15

2008-08-20 18:46 . 2008-08-20 18:46

2008-08-20 15:40 . 2008-08-20 15:40

2008-08-20 15:40 . 2008-08-20 15:40

2008-08-17 12:22 . 2008-08-17 12:22

2008-08-17 12:19 . 2008-08-17 12:21

2008-08-17 09:59 . 2008-08-17 12:23

2008-08-02 15:10 . 2008-05-30 14:11 3,850,760 --a------ C:\WINDOWS\system32\D3DX9_38.dll

2008-08-02 15:08 . 2008-08-02 15:08

2008-07-22 10:51 . 1999-07-07 22:01 171,967 --a------ C:\WINDOWS\system32\Odbcjet.hlp

2008-07-22 10:51 . 1999-07-07 22:02 7,348 --a------ C:\WINDOWS\system32\Odbcjet.cnt

2008-07-22 10:34 . 2008-07-22 10:48

2008-07-05 13:16 . 2008-07-05 13:16

2008-07-05 13:00 . 2008-07-05 13:00

2008-07-05 13:00 . 2008-07-05 13:00 356,352 --a------ C:\WINDOWS\eSellerateEngine.dll

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-08-31 09:44 233,472 ----a-w C:\Documents and Settings\NetworkService.ZARZąDZANIE NT\NTUSER.DAT

2008-08-31 09:44 233,472 ----a-w C:\Documents and Settings\NetworkService.ZARZąDZANIE NT\NTUSER.DAT

2008-08-31 09:44 233,472 ----a-w C:\Documents and Settings\LocalService.ZARZąDZANIE NT\NTUSER.DAT

2008-08-31 09:44 233,472 ----a-w C:\Documents and Settings\LocalService.ZARZąDZANIE NT\NTUSER.DAT

2008-08-31 09:29 --------- d-----w C:\Documents and Settings\CIELAK\Dane aplikacji\uTorrent

2008-08-23 16:06 --------- d-----w C:\Program Files\Fraps

2008-08-23 16:06 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard

2008-08-21 04:21 --------- d---a-w C:\Documents and Settings\All Users.WINDOWS\Dane aplikacji\TEMP

2008-08-20 13:13 --------- d-----w C:\Program Files\RegCleaner

2008-08-20 13:03 --------- d--h--w C:\Program Files\InstallShield Installation Information

2008-07-14 10:54 --------- d-----w C:\Program Files\Kaspersky Lab

2008-07-14 10:54 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Dane aplikacji\Kaspersky Lab

2008-06-28 12:46 --------- d-----w C:\Program Files\Real Alternative

2005-07-05 14:49 755 ----a-w C:\Program Files\setup.ini

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries legit default entries are not shown

REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"msacm.divxa32"= divxa32.acm

"VIDC.X264"= x264vfw.dll

"VIDC.YV12"= yv12vfw.dll

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Odkurzacz-MCD

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PrevxOne

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]

--a------ 2007-08-03 12:51 202024 C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Pro Agent]

--a------ 2007-09-06 15:08 136136 C:\Program Files\DAEMON Tools Pro\DTProAgent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NortonAntiBot]

-ra------ 2007-11-12 22:59 1378840 C:\Program Files\Symantec\Norton AntiBot\agent\Bin\NortonAntiBot.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]

--ah----- 2006-08-16 09:35 86016 C:\WINDOWS\system32\nvmctray.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sony Ericsson PC Suite]

-ra------ 2006-11-24 02:06 487424 C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]

--ah----- 2006-08-16 09:35 1617920 C:\WINDOWS\system32\nwiz.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SkyTel]

--ah----- 2006-05-16 12:04 2879488 C:\WINDOWS\SkyTel.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]

"ServiceLayer"=3 (0x3)

"StarWindService"=2 (0x2)

"NBService"=3 (0x3)

"PREVXAgent"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusDisableNotify"=dword:00000001

"FirewallDisableNotify"=dword:00000001

"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\system32\sessmgr.exe"=

"C:\Program Files\uTorrent\utorrent.exe"=

"C:\Program Files\GreedyTorrent\GTor.exe"=

"F:\Gry\NWN2\nwn2main.exe"=

"F:\Gry\NWN2\nwn2main_amdxp.exe"=

"F:\Gry\NWN2\nwupdate.exe"=

"F:\Gry\NWN2\nwn2server.exe"=

"C:\Program Files\Gadu-Gadu\gg.exe"=

"C:\Program Files\uTorrent2\utorrent.exe"=

"C:\Program Files\NAPI-PROJEKT\napisy.exe"=

"C:\Program Files\Mozilla Firefox\firefox.exe"=

"C:\Program Files\iolo\System Mechanic Professional 7\Personal Firewall\ioloFW.exe"=

"C:\Program Files\iolo\System Mechanic Professional 7\AntiVirus\ioloAV.exe"=

"C:\Program Files\iolo\System Mechanic Professional 7\AntiVirus\iAVEmailScanner.exe"=

"C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe"=

"C:\Program Files\Nokia\Nokia Software Updater\nsu_ui_client.exe"=

"C:\Program Files\Common Files\Nokia\Service Layer\A\nsl_host_process.exe"=

"F:\Gry\Assasin Creed\AssassinsCreed_Dx9.exe"=

"F:\Gry\Assasin Creed\AssassinsCreed_Dx10.exe"=

"F:\Gry\Assasin Creed\AssassinsCreed_Launcher.exe"=

"C:\Program Files\Nero\Nero8\Nero Home\NeroHome.exe"=

"F:\Gry\COD 4\iw3mp.exe"=

"C:\Program Files\Kaspersky Lab\setup.exe"=

R0 AFPAnsi;G-DATA Ukrywacz Ansi;C:\WINDOWS\system32\Drivers\AFPAnsi.sys [2002-10-09 14:53]

R0 FO_PAnt;FotoOffice VirtualDisc Driver;C:\WINDOWS\system32\Drivers\FO_PAnt.sys [2003-07-17 13:56]

R0 hotcore3;hotcore3;C:\WINDOWS\system32\drivers\hotcore3.sys [2008-01-17 19:30]

R1 kbfilter;Keyboard Filter Driver;C:\WINDOWS\system32\drivers\kbfilter.sys [2002-07-11 12:00]

S3 k510bus;Sony Ericsson K510 Driver driver (WDM);C:\WINDOWS\system32\DRIVERS\k510bus.sys [2006-02-17 21:34]

S3 k510mdfl;Sony Ericsson K510 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\k510mdfl.sys [2006-02-17 21:34]

S3 k510mdm;Sony Ericsson K510 USB WMC Modem Driver;C:\WINDOWS\system32\DRIVERS\k510mdm.sys [2006-02-17 21:34]

S3 k510mgmt;Sony Ericsson K510 USB WMC Device Management Drivers (WDM);C:\WINDOWS\system32\DRIVERS\k510mgmt.sys [2006-02-17 21:34]

S3 k510obex;Sony Ericsson K510 USB WMC OBEX Interface;C:\WINDOWS\system32\DRIVERS\k510obex.sys [2006-02-17 21:34]

S3 z530bus;Sony Ericsson Z530 Driver driver (WDM);C:\WINDOWS\system32\DRIVERS\z530bus.sys [2006-02-17 21:26]

S3 z530mdfl;Sony Ericsson Z530 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\z530mdfl.sys [2006-02-17 21:26]

S3 z530mdm;Sony Ericsson Z530 USB WMC Modem Driver;C:\WINDOWS\system32\DRIVERS\z530mdm.sys [2006-02-17 21:26]

S3 z530mgmt;Sony Ericsson Z530 USB WMC Device Management Drivers (WDM);C:\WINDOWS\system32\DRIVERS\z530mgmt.sys [2006-02-17 21:26]

S3 z530obex;Sony Ericsson Z530 USB WMC OBEX Interface;C:\WINDOWS\system32\DRIVERS\z530obex.sys [2006-02-17 21:26]

S4 GameConsoleService;GameConsoleService;C:\Program Files\WildGames\Game Console - WildGames\GameConsoleService.exe [2008-05-06 00:25]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\K]

\Shell\AutoRun\command - K:\Setup.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2{7d33cf1c-0284-11dd-abaa-000fea6503fa}]

\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL copy.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2{7e0a4d02-4401-11dc-b6de-000fea6503fa}]

\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL copy.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2{7e0a4d03-4401-11dc-b6de-000fea6503fa}]

\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL copy.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2{8cdc921c-73f0-11dd-bd11-000fea6503fa}]

\Shell\AutoRun\command - H:\3o.exe

\Shell\explore\Command - H:\3o.exe

\Shell\open\Command - H:\3o.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2{9bf9af01-b533-11dc-8a83-000fea6503fa}]

\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL copy.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2{b7d8cd41-08ac-11dd-abc2-000fea6503fa}]

\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL copy.exe

.

  • ORPHANS REMOVED - - - -

Notify-WgaLogon - (no file)

.

------- Supplementary Scan -------

.

FireFox -: Profile - C:\Documents and Settings\CIELAK\Dane aplikacji\Mozilla\Firefox\Profiles\rsh3vy7b.default\

FF -: plugin - C:\Program Files\Adobe\Acrobat 7.0\Reader\browser\nppdf32.dll

.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-08-31 11:45:28

Windows 5.1.2600 Dodatek Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully

hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet005\Services.NET CLR Data]

[HKEY_LOCAL_MACHINE\System\ControlSet005\Services.NET CLR Networking]

[HKEY_LOCAL_MACHINE\System\ControlSet005\Services.NET Data Provider for Oracle]

[HKEY_LOCAL_MACHINE\System\ControlSet005\Services.NET Data Provider for SqlServer]

[HKEY_LOCAL_MACHINE\System\ControlSet005\Services.NETFramework]

[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\Abiosdsk]

[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\abp480n5]

[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\ACPI]

"ImagePath"="system32\DRIVERS\ACPI.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\ACPIEC]

[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\adpu160m]

[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\aec]

"ImagePath"="system32\drivers\aec.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\AFD]

"ImagePath"="\SystemRoot\System32\drivers\afd.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\AFPAnsi]

"ImagePath"="System32\Drivers\AFPAnsi.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\Aha154x]

[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\aic78u2]

[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\aic78xx]

[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\Alerter]

"ServiceDll"="%SystemRoot%\system32\alrsvc.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\ALG]

"ImagePath"="%SystemRoot%\System32\alg.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\AliIde]

[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\AmdK8]

"ImagePath"="system32\DRIVERS\AmdK8.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\amsint]

[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\AppMgmt]

"ServiceDll"="%SystemRoot%\System32\appmgmts.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\Arp1394]

"ImagePath"="system32\DRIVERS\arp1394.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\asc]

[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\asc3350p]

[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\asc3550]

[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\ASP.NET]

[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\ASP.NET_2.0.50727]

[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\aspnet_state]

"ImagePath"="%SystemRoot%\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\AsyncMac]

"ImagePath"="system32\DRIVERS\asyncmac.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\atapi]

"ImagePath"="system32\DRIVERS\atapi.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\Atdisk]

[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\atksgt]

"ImagePath"="system32\DRIVERS\atksgt.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\Atmarpc]

"ImagePath"="system32\DRIVERS\atmarpc.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\AudioSrv]

"ServiceDll"="%SystemRoot%\System32\audiosrv.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\audstub]

"ImagePath"="system32\DRIVERS\audstub.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\BattC]

"MofImagePath"="System32\Drivers\battc.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\Beep]

[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\BITS]

"ServiceDll"="C:\WINDOWS\system32\qmgr.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\Browser]

"ServiceDll"="%SystemRoot%\System32\browser.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\catchme]

"ImagePath"="\??\C:\ComboFix\catchme.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\cbidf2k]

[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\cd20xrnt]

[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\Cdaudio]

[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\Cdfs]

[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\Cdrom]

"ImagePath"="system32\DRIVERS\cdrom.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\Changer]

[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\CiSvc]

"ImagePath"="%SystemRoot%\system32\cisvc.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\ClipSrv]

"ImagePath"="%SystemRoot%\system32\clipsrv.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\clr_optimization_v2.0.50727_32]

"ImagePath"="C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\CmdIde]

[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\COMSysApp]

"ImagePath"="C:\WINDOWS\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235}"

[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\ContentFilter]

[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\ContentIndex]

[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\Cpqarray]

[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\CryptSvc]

"ServiceDll"="%SystemRoot%\System32\cryptsvc.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\dac2w2k]

[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\dac960nt]

[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\DcomLaunch]

"ServiceDll"="%SystemRoot%\system32\rpcss.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\Dhcp]

"ServiceDll"="%SystemRoot%\System32\dhcpcsvc.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\Disk]

"ImagePath"="system32\DRIVERS\disk.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\dmadmin]

"ImagePath"="%SystemRoot%\System32\dmadmin.exe /com"

[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\dmboot]

"ImagePath"="System32\drivers\dmboot.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\dmio]

"ImagePath"="system32\DRIVERS\dmio.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\dmload]

[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\dmserver]

"ServiceDll"="%SystemRoot%\System32\dmserver.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\DMusic]

"ImagePath"="system32\drivers\DMusic.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\Dnscache]

"ServiceDll"="%SystemRoot%\System32\dnsrslvr.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\dpti2o]

[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\drmkaud]

"ImagePath"="system32\drivers\drmkaud.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\ERSvc]

"ServiceDll"="%SystemRoot%\System32\ersvc.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\Eventlog]

"ImagePath"="%SystemRoot%\system32\services.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\EventSystem]

"ServiceDll"="C:\WINDOWS\system32\es.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\Fastfat]

[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\FastUserSwitchingCompatibility]

"ServiceDll"="%SystemRoot%\System32\shsvcs.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\Fdc]

[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\Fips]

[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\Flpydisk]

[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\FltMgr]

"ImagePath"="system32\DRIVERS\fltMgr.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\FO_PAnt]

"ImagePath"="System32\Drivers\FO_PAnt.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\Fs_Rec]

[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\Ftdisk]

"ImagePath"="system32\DRIVERS\ftdisk.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\GameConsoleService]

"ImagePath"="\"C:\Program Files\WildGames\Game Console - WildGames\GameConsoleService.exe\""

[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\GEARAspiWDM]

"ImagePath"="SYSTEM32\DRIVERS\GEARAspiWDM.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\Gpc]

"ImagePath"="system32\DRIVERS\msgpc.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\GVCplDrv]

[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\HDAudBus]

"ImagePath"="system32\DRIVERS\HDAudBus.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\helpsvc]

"ServiceDll"="%WINDIR%\PCHealth\HelpCtr\Binaries\pchsvc.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\HidServ]

"ServiceDll"="%SystemRoot%\System32\hidserv.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\HidUsb]

"ImagePath"="system32\DRIVERS\hidusb.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\hotcore3]

"ImagePath"="system32\drivers\hotcore3.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\hpn]

[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\HTTP]

"ImagePath"="System32\Drivers\HTTP.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\HTTPFilter]

"ServiceDll"="%SystemRoot%\System32\w3ssl.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\i2omgmt]

[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\i2omp]

[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\i8042prt]

"ImagePath"="system32\DRIVERS\i8042prt.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\IDriverT]

"ImagePath"="\"C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe\""

[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\imagedrv]

"ImagePath"="System32\Drivers\imagedrv.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\imagesrv]

"ImagePath"="system32\DRIVERS\imagesrv.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\Imapi]

"ImagePath"="system32\DRIVERS\imapi.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\ImapiService]

"ImagePath"="C:\WINDOWS\system32\imapi.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\inetaccs]

[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\ini910u]

[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\Inport]

[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\IntcAzAudAddService]

"ImagePath"="system32\drivers\RtkHDAud.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\IntelIde]

[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\Ip6Fw]

"ImagePath"="system32\DRIVERS\Ip6Fw.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\IpFilterDriver]

"ImagePath"="system32\DRIVERS\ipfltdrv.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\IpInIp]

"ImagePath"="system32\DRIVERS\ipinip.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\IpNat]

"ImagePath"="system32\DRIVERS\ipnat.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\IPSec]

"ImagePath"="system32\DRIVERS\ipsec.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\IRENUM]

"ImagePath"="system32\DRIVERS\irenum.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\ISAPISearch]

[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\isapnp]

"ImagePath"="system32\DRIVERS\isapnp.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\k510bus]

"ImagePath"="system32\DRIVERS\k510bus.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\k510mdfl]

"ImagePath"="system32\DRIVERS\k510mdfl.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\k510mdm]

"ImagePath"="system32\DRIVERS\k510mdm.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\k510mgmt]

"ImagePath"="system32\DRIVERS\k510mgmt.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\k510obex]

"ImagePath"="system32\DRIVERS\k510obex.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\Kbdclass]

"ImagePath"="system32\DRIVERS\kbdclass.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\kbdhid]

"ImagePath"="system32\DRIVERS\kbdhid.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\kbfilter]

[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\kl1]

[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\kmixer]

"ImagePath"="system32\drivers\kmixer.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\KSecDD]

[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\lanmanserver]

"ServiceDll"="%SystemRoot%\System32\srvsvc.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\lanmanworkstation]

"ServiceDll"="%SystemRoot%\System32\wkssvc.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\lbrtfdc]

[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\ldap]

[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\LicenseService]

[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\lirsgt]

"ImagePath"="system32\DRIVERS\lirsgt.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\LmHosts]

"ServiceDll"="%SystemRoot%\System32\lmhsvc.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\Messenger]

"ServiceDll"="%SystemRoot%\System32\msgsvc.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\mnmdd]

[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\mnmsrvc]

"ImagePath"="C:\WINDOWS\system32\mnmsrvc.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\Modem]

[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\Mouclass]

"ImagePath"="system32\DRIVERS\mouclass.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\mouhid]

"ImagePath"="system32\DRIVERS\mouhid.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\MountMgr]

[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\mraid35x]

[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\MRxDAV]

"ImagePath"="system32\DRIVERS\mrxdav.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\MRxSmb]

"ImagePath"="system32\DRIVERS\mrxsmb.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\MSDTC]

"ImagePath"="C:\WINDOWS\system32\msdtc.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\Msfs]

[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\MSIServer]

"ImagePath"="C:\WINDOWS\system32\msiexec.exe /V"

[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\MSKSSRV]

"ImagePath"="system32\drivers\MSKSSRV.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\MSPCLOCK]

"ImagePath"="system32\drivers\MSPCLOCK.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\MSPQM]

"ImagePath"="system32\drivers\MSPQM.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\mssmbios]

"ImagePath"="system32\DRIVERS\mssmbios.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\Mup]

[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\NDIS]

[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\NdisTapi]

"ImagePath"="system32\DRIVERS\ndistapi.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\Ndisuio]

"ImagePath"="system32\DRIVERS\ndisuio.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\NdisWan]

"ImagePath"="system32\DRIVERS\ndiswan.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\NDProxy]

[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\Nero BackItUp Scheduler 3]

"ImagePath"="C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\NetBIOS]

"ImagePath"="system32\DRIVERS\netbios.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\NetBT]

"ImagePath"="system32\DRIVERS\netbt.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\NetDDE]

"ImagePath"="%SystemRoot%\system32\netdde.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\NetDDEdsdm]

"ImagePath"="%SystemRoot%\system32\netdde.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\Netlogon]

"ImagePath"="%SystemRoot%\system32\lsass.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\Netman]

"ServiceDll"="%SystemRoot%\System32\netman.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\NIC1394]

"ImagePath"="system32\DRIVERS\nic1394.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\Nla]

"ServiceDll"="%SystemRoot%\System32\mswsock.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\nm]

[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\NMIndexingService]

"ImagePath"="\"C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe\""

[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\Npfs]

[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\Ntfs]

[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\NtLmSsp]

"ImagePath"="%SystemRoot%\system32\lsass.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\NtmsSvc]

"ServiceDll"="%SystemRoot%\system32\ntmssvc.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\Null]

[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\nv]

"ImagePath"="system32\DRIVERS\nv4_mini.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\nvata]

"ImagePath"="system32\DRIVERS\nvata.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\NVENETFD]

"ImagePath"="system32\DRIVERS\NVENETFD.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\nvnetbus]

"ImagePath"="system32\DRIVERS\nvnetbus.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\NVSvc]

"ImagePath"="%SystemRoot%\system32\nvsvc32.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\NwlnkFlt]

"ImagePath"="system32\DRIVERS\nwlnkflt.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\NwlnkFwd]

"ImagePath"="system32\DRIVERS\nwlnkfwd.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\NwlnkIpx]

"ImagePath"="system32\DRIVERS\nwlnkipx.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\NwlnkNb]

"ImagePath"="system32\DRIVERS\nwlnknb.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\NwlnkSpx]

"ImagePath"="system32\DRIVERS\nwlnkspx.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\ohci1394]

"ImagePath"="system32\DRIVERS\ohci1394.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\Parport]

"ImagePath"="system32\DRIVERS\parport.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\PartMgr]

[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\ParVdm]

[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\PCI]

"ImagePath"="system32\DRIVERS\pci.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\PCIDump]

[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\PCIIde]

"ImagePath"="system32\DRIVERS\pciide.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\Pcmcia]

[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\PDCOMP]

[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\PDFRAME]

[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\PDRELI]

[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\PDRFRAME]

[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\perc2]

[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\perc2hib]

[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\PerfDisk]

[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\PerfNet]

[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\PerfOS]

[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\PerfProc]

[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\PlugPlay]

"ImagePath"="%SystemRoot%\system32\services.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\PolicyAgent]

"ImagePath"="%SystemRoot%\system32\lsass.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\PptpMiniport]

"ImagePath"="system32\DRIVERS\raspptp.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\Processor]

"ImagePath"="system32\DRIVERS\processr.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\ProtectedStorage]

"ImagePath"="%SystemRoot%\system32\lsass.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\PSched]

"ImagePath"="system32\DRIVERS\psched.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\Ptilink]

"ImagePath"="system32\DRIVERS\ptilink.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\pxcom]

[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\PxHelp20]

"ImagePath"="System32\Drivers\PxHelp20.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\ql1080]

[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\Ql10wnt]

[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\ql12160]

[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\ql1240]

[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\ql1280]

[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\RasAcd]

"ImagePath"="system32\DRIVERS\rasacd.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\RasAuto]

"ServiceDll"="%SystemRoot%\System32\rasauto.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\Rasl2tp]

"ImagePath"="system32\DRIVERS\rasl2tp.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\RasMan]

"ServiceDll"="%SystemRoot%\System32\rasmans.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\RasPppoe]

"ImagePath"="system32\DRIVERS\raspppoe.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\Raspti]

"ImagePath"="system32\DRIVERS\raspti.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\Rdbss]

"ImagePath"="system32\DRIVERS\rdbss.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\RDPCDD]

"ImagePath"="System32\DRIVERS\RDPCDD.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\RDPDD]

[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\rdpdr]

"ImagePath"="system32\DRIVERS\rdpdr.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\RDPNP]

[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\RDPWD]

[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\RDSessMgr]

"ImagePath"="C:\WINDOWS\system32\sessmgr.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\redbook]

"ImagePath"="system32\DRIVERS\redbook.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\RemoteAccess]

"ServiceDll"="%SystemRoot%\System32\mprdim.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\RemoteRegistry]

"ServiceDll"="%SystemRoot%\system32\regsvc.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\RpcLocator]

"ImagePath"="%SystemRoot%\system32\locator.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\RpcSs]

"ServiceDll"="%SystemRoot%\system32\rpcss.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\RSVP]

"ImagePath"="%SystemRoot%\system32\rsvp.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\SamSs]

"ImagePath"="%SystemRoot%\system32\lsass.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\SCardSvr]

"ImagePath"="%SystemRoot%\System32\SCardSvr.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\SCDEmu]

[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\Schedule]

"ServiceDll"="%SystemRoot%\system32\schedsvc.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\SE27bus]

"ImagePath"="system32\DRIVERS\SE27bus.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\SE27mdfl]

"ImagePath"="system32\DRIVERS\SE27mdfl.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\SE27mdm]

"ImagePath"="system32\DRIVERS\SE27mdm.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\SE27mgmt]

"ImagePath"="system32\DRIVERS\SE27mgmt.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\se27nd5]

"ImagePath"="system32\DRIVERS\se27nd5.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\SE27obex]

"ImagePath"="system32\DRIVERS\SE27obex.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\se27unic]

"ImagePath"="system32\DRIVERS\se27unic.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\Secdrv]

"ImagePath"="system32\DRIVERS\secdrv.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\seclogon]

"ServiceDll"="%SystemRoot%\System32\seclogon.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\SENS]

"ServiceDll"="%SystemRoot%\system32\sens.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\serenum]

"ImagePath"="system32\DRIVERS\serenum.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\Serial]

"ImagePath"="system32\DRIVERS\serial.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\SerialKeys]

"ImagePath"="C:\WINDOWS\system32\skeys.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\Sfloppy]

[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\SharedAccess]

"ServiceDll"="%SystemRoot%\System32\ipnathlp.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\ShellHWDetection]

"ServiceDll"="%SystemRoot%\System32\shsvcs.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\Simbad]

[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\Sparrow]

[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\splitter]

"ImagePath"="system32\drivers\splitter.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\Spooler]

"ImagePath"="%SystemRoot%\system32\spoolsv.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\sptd]

"ImagePath"="System32\Drivers\sptd.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\sr]

"ImagePath"="system32\DRIVERS\sr.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\srservice]

"ServiceDll"="C:\WINDOWS\system32\srsvc.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\Srv]

"ImagePath"="system32\DRIVERS\srv.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\SSDPSRV]

"ServiceDll"="%SystemRoot%\System32\ssdpsrv.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\StarWindService]

"ImagePath"="C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\stisvc]

"ServiceDll"="%SystemRoot%\system32\wiaservc.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\swenum]

"ImagePath"="system32\DRIVERS\swenum.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\swmidi]

"ImagePath"="system32\drivers\swmidi.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\SwPrv]

"ImagePath"="C:\WINDOWS\system32\dllhost.exe /Processid:{393FE7FC-C040-467B-AFF5-F4C68F5EF4BD}"

[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\SymantecAntiBotAgent]

"ImagePath"="\"C:\Program Files\Symantec\Norton AntiBot\agent\Bin\NABAgent.exe\" SymantecAntiBotAgent"

[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\SymantecAntiBotDriver]

"ImagePath"="\??\C:\Program Files\Symantec\Norton AntiBot\agent\driver\AntiBotDriver.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\SymantecAntiBotFilter]

"ImagePath"="\??\C:\Program Files\Symantec\Norton AntiBot\agent\driver\AntiBotFilter.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\SymantecAntiBotShim]

"ImagePath"="\??\C:\Program Files\Symantec\Norton AntiBot\agent\driver\AntiBotShim.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\SymantecAntiBotWatcher]

"ImagePath"="C:\Program Files\Symantec\Norton AntiBot\agent\Bin\NABWatcher.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\symc810]

[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\symc8xx]

[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\sym_hi]

[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\sym_u3]

[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\sysaudio]

"ImagePath"="system32\drivers\sysaudio.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\SysmonLog]

"ImagePath"="%SystemRoot%\system32\smlogsvc.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\TapiSrv]

"ServiceDll"="%SystemRoot%\System32\tapisrv.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\Tcpip]

"ImagePath"="system32\DRIVERS\tcpip.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\TDPIPE]

[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\TDTCP]

[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\TermDD]

"ImagePath"="system32\DRIVERS\termdd.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\TermService]

"ServiceDll"="%SystemRoot%\System32\termsrv.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\Themes]

"ServiceDll"="%SystemRoot%\System32\shsvcs.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\TlntSvr]

"ImagePath"="C:\WINDOWS\system32\tlntsvr.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\TosIde]

[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\TrkWks]

"ServiceDll"="%SystemRoot%\system32\trkwks.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\TSDDD]

[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\Udfs]

[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\UimBus]

"ImagePath"="system32\DRIVERS\UimBus.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\Uim_IM]

"ImagePath"="System32\Drivers\Uim_IM.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\ultra]

[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\UMWdf]

"ImagePath"="C:\WINDOWS\system32\wdfmgr.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\Update]

"ImagePath"="system32\DRIVERS\update.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\upnphost]

"ServiceDll"="%SystemRoot%\System32\upnphost.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\UPS]

"ImagePath"="%SystemRoot%\System32\ups.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\usbccgp]

"ImagePath"="system32\DRIVERS\usbccgp.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\usbehci]

"ImagePath"="system32\DRIVERS\usbehci.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\usbhub]

"ImagePath"="system32\DRIVERS\usbhub.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\usbohci]

"ImagePath"="system32\DRIVERS\usbohci.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\usbscan]

"ImagePath"="system32\DRIVERS\usbscan.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\USBSTOR]

"ImagePath"="system32\DRIVERS\USBSTOR.SYS"

[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\Vax347b]

"ImagePath"="system32\DRIVERS\Vax347b.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\Vax347s]

"ImagePath"="System32\Drivers\Vax347s.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\VgaSave]

"ImagePath"="\SystemRoot\System32\drivers\vga.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\ViaIde]

[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\VolSnap]

[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\VSS]

"ImagePath"="%SystemRoot%\System32\vssvc.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\W32Time]

"ServiceDll"="C:\WINDOWS\system32\w32time.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\W3SVC]

[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\w810bus]

"ImagePath"="system32\DRIVERS\w810bus.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\w810mdfl]

"ImagePath"="system32\DRIVERS\w810mdfl.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\w810mdm]

"ImagePath"="system32\DRIVERS\w810mdm.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\w810mgmt]

"ImagePath"="system32\DRIVERS\w810mgmt.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\w810obex]

"ImagePath"="system32\DRIVERS\w810obex.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\Wanarp]

"ImagePath"="system32\DRIVERS\wanarp.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\WDICA]

[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\wdmaud]

"ImagePath"="system32\drivers\wdmaud.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\WebClient]

"ServiceDll"="%SystemRoot%\System32\webclnt.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\winmgmt]

"ServiceDll"="%SystemRoot%\system32\wbem\WMIsvc.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\Winsock]

[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\WinSock2]

[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\WinTrust]

[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\WmdmPmSN]

"ServiceDll"="C:\WINDOWS\system32\mspmsnsv.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\Wmi]

"ServiceDll"="%SystemRoot%\System32\advapi32.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\WmiApRpl]

[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\WmiApSrv]

"ImagePath"="C:\WINDOWS\system32\wbem\wmiapsrv.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\WS2IFSL]

"ImagePath"="\SystemRoot\System32\drivers\ws2ifsl.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\wscsvc]

"ServiceDll"="%SYSTEMROOT%\system32\wscsvc.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\wuauserv]

"ServiceDll"="C:\WINDOWS\system32\wuauserv.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\WZCSVC]

"ServiceDll"="%SystemRoot%\System32\wzcsvc.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\xmlprov]

"ServiceDll"="%SystemRoot%\System32\xmlprov.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\z530bus]

"ImagePath"="system32\DRIVERS\z530bus.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\z530mdfl]

"ImagePath"="system32\DRIVERS\z530mdfl.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\z530mdm]

"ImagePath"="system32\DRIVERS\z530mdm.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\z530mgmt]

"ImagePath"="system32\DRIVERS\z530mgmt.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\z530obex]

"ImagePath"="system32\DRIVERS\z530obex.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet005\Services{4ED33FAA-93D3-442E-8ED5-7438DE695CA4}]

[HKEY_LOCAL_MACHINE\System\ControlSet005\Services{C16A21D0-5785-484A-AE77-2A94C153637F}]

[HKEY_LOCAL_MACHINE\System\ControlSet005\Services{FC0422BA-7E33-4688-B07A-845A394F5426}]

.

------------------------ Other Running Processes ------------------------

.

C:\WINDOWS\system32\savedump.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\Program Files\GreedyTorrent\GTor.exe

.

**************************************************************************

.

Completion time: 2008-08-31 11:50:00 - machine was rebooted

ComboFix-quarantined-files.txt 2008-08-31 09:49:58

Pre-Run: 10,932,645,888 bajtów wolnych

Post-Run: 11,175,272,448 bajt˘w wolnych

755 --- E O F --- 2008-04-20 01:20:17


(huber2t) #2

Do wyleczenia pendrive z wirusów użyj

Perlovg Removal Tool

Flash Disinfector

lub format

Pobierz ComboFix, ale nie uruchamiaj

Otwórz notatnik i wklej do niego:

File::

C:\3o.exe


Registry::

[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2]

Plik -> zapisz jako -> CFScript.txt.

Przeciągnij i upuść ikonkę CFScript.txt na ikonkę ComboFix.exe tak jak tu->

cfscript10uc2.gif

Rozpocznie się usuwanie i powstanie log, który dasz na forum.

Logi dajesz na http://wklej.eu lub na http://wklej.org a w poście dajesz tylko link


(Cielak1) #3

Dobra zrobiłem jak kazałeś z tym że Combofixa miałem już wcześniej i zrobiłem scan zanim napisałem posta. Wyłączyłem też przywracanie systemu na wszystkich dyskach. oto link do loga==>http://wklej.eu/index.php?id=83f4802f5c


(Leon$) #4

Otwórz notatnik i wklej

zapisz jako plik.reg >> wszystkie pliki >> scal z rejestrem >> restart

b57f17008275c957m.jpg

powstanie plik o takiej ikonie

062aec4c9b51c033m.jpg

w który dwa razy klikniesz potwierdzisz chęć dodania do rejestru potem restart

Pobierz CCleaner http://www.filehippo.com/download_ccleaner/

przeskanuj nim i wyczyść rejestr.

zrób optymalizacje uruchamiania

http://cybertrash.netarteria.pl/cyber/i ... 378.0.html

usuń ręcznie folder C: \Qoobox usuń instalkę Combofix z dysku.

Wyłącz I włącz przywracanie systemu na wszystkich dyskach.http://support.microsoft.com/kb/310405/pl

przeskanuj obszar Mój komputer http://www.kaspersky.pl/virusscanner.html pokaż raport stronę uruchomić przez IE

lub

Dr.WEB CureIt! http://dobreprogramy.pl/index.php?dz=2 ... It!+4.44.5

:slight_smile:


(Cielak1) #5

Po sprawdzeniu skanerem online==>http://wklej.org/id/2247/

Jakieś pomysły??


(Gutek) #6

AnyDVD.&.AnyDVD.HD.6.1.8.2.Beta.Incl.Crack-&-Uninstaller-ABW bez komentarza zamykam !