Oto i on.
ComboFix 08-08-30.03 - CIELAK 2008-08-31 11:41:53.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1250.1.1045.18.1672 [GMT 2:00]
Running from: C:\Documents and Settings\CIELAK\Pulpit\ComboFix.exe
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Autorun.inf
C:\Documents and Settings\Paweł\Dane aplikacji\macromedia\Flash Player#SharedObjects\PZ3PTEF3\www.broadcaster.com
C:\Documents and Settings\Paweł\Dane aplikacji\macromedia\Flash Player#SharedObjects\PZ3PTEF3\www.broadcaster.com\played_list.sol
C:\Documents and Settings\Paweł\Dane aplikacji\macromedia\Flash Player#SharedObjects\PZ3PTEF3\www.broadcaster.com\video_queue.sol
C:\Documents and Settings\Paweł\Dane aplikacji\macromedia\Flash Player\macromedia.com\support\flashplayer\sys#www.broadcaster.com
C:\Documents and Settings\Paweł\Dane aplikacji\macromedia\Flash Player\macromedia.com\support\flashplayer\sys#www.broadcaster.com\settings.sol
C:\Program Files\FunWebProducts
C:\Program Files\FunWebProducts\ScreenSaver\Images\02D4B3BE.urr
C:\WINDOWS\system32\amvo.exe
C:\WINDOWS\system32\amvo0.dll
E:\Autorun.inf
F:\Autorun.inf
G:\Autorun.inf
N:\Autorun.inf
.
((((((((((((((((((((((((( Files Created from 2008-07-28 to 2008-08-31 )))))))))))))))))))))))))))))))
.
2008-08-29 06:22 . 2007-07-02 19:36
2008-08-29 06:22 . 2007-07-02 19:36
2008-08-29 06:22 . 2007-07-02 17:44
2008-08-29 06:22 . 2007-07-02 19:36
2008-08-29 06:22 . 2007-07-02 19:36
2008-08-29 06:22 . 2007-07-02 19:36
2008-08-29 06:22 . 2007-07-02 19:36
2008-08-29 06:22 . 2008-08-29 06:22
2008-08-27 17:00 . 2008-03-16 01:28 101,140 -r-hs---- C:\3o.exe
2008-08-23 18:15 . 2008-08-23 18:15
2008-08-20 18:46 . 2008-08-20 18:46
2008-08-20 15:40 . 2008-08-20 15:40
2008-08-20 15:40 . 2008-08-20 15:40
2008-08-17 12:22 . 2008-08-17 12:22
2008-08-17 12:19 . 2008-08-17 12:21
2008-08-17 09:59 . 2008-08-17 12:23
2008-08-02 15:10 . 2008-05-30 14:11 3,850,760 --a------ C:\WINDOWS\system32\D3DX9_38.dll
2008-08-02 15:08 . 2008-08-02 15:08
2008-07-22 10:51 . 1999-07-07 22:01 171,967 --a------ C:\WINDOWS\system32\Odbcjet.hlp
2008-07-22 10:51 . 1999-07-07 22:02 7,348 --a------ C:\WINDOWS\system32\Odbcjet.cnt
2008-07-22 10:34 . 2008-07-22 10:48
2008-07-05 13:16 . 2008-07-05 13:16
2008-07-05 13:00 . 2008-07-05 13:00
2008-07-05 13:00 . 2008-07-05 13:00 356,352 --a------ C:\WINDOWS\eSellerateEngine.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-08-31 09:44 233,472 ----a-w C:\Documents and Settings\NetworkService.ZARZąDZANIE NT\NTUSER.DAT
2008-08-31 09:44 233,472 ----a-w C:\Documents and Settings\NetworkService.ZARZąDZANIE NT\NTUSER.DAT
2008-08-31 09:44 233,472 ----a-w C:\Documents and Settings\LocalService.ZARZąDZANIE NT\NTUSER.DAT
2008-08-31 09:44 233,472 ----a-w C:\Documents and Settings\LocalService.ZARZąDZANIE NT\NTUSER.DAT
2008-08-31 09:29 --------- d-----w C:\Documents and Settings\CIELAK\Dane aplikacji\uTorrent
2008-08-23 16:06 --------- d-----w C:\Program Files\Fraps
2008-08-23 16:06 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-08-21 04:21 --------- d—a-w C:\Documents and Settings\All Users.WINDOWS\Dane aplikacji\TEMP
2008-08-20 13:13 --------- d-----w C:\Program Files\RegCleaner
2008-08-20 13:03 --------- d–h--w C:\Program Files\InstallShield Installation Information
2008-07-14 10:54 --------- d-----w C:\Program Files\Kaspersky Lab
2008-07-14 10:54 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Dane aplikacji\Kaspersky Lab
2008-06-28 12:46 --------- d-----w C:\Program Files\Real Alternative
2005-07-05 14:49 755 ----a-w C:\Program Files\setup.ini
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
“msacm.divxa32”= divxa32.acm
“VIDC.X264”= x264vfw.dll
“VIDC.YV12”= yv12vfw.dll
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Odkurzacz-MCD
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PrevxOne
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
–a------ 2007-08-03 12:51 202024 C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Pro Agent]
–a------ 2007-09-06 15:08 136136 C:\Program Files\DAEMON Tools Pro\DTProAgent.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NortonAntiBot]
-ra------ 2007-11-12 22:59 1378840 C:\Program Files\Symantec\Norton AntiBot\agent\Bin\NortonAntiBot.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
–ah----- 2006-08-16 09:35 86016 C:\WINDOWS\system32\nvmctray.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sony Ericsson PC Suite]
-ra------ 2006-11-24 02:06 487424 C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
–ah----- 2006-08-16 09:35 1617920 C:\WINDOWS\system32\nwiz.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SkyTel]
–ah----- 2006-05-16 12:04 2879488 C:\WINDOWS\SkyTel.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
“ServiceLayer”=3 (0x3)
“StarWindService”=2 (0x2)
“NBService”=3 (0x3)
“PREVXAgent”=2 (0x2)
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
“AntiVirusDisableNotify”=dword:00000001
“FirewallDisableNotify”=dword:00000001
“UpdatesDisableNotify”=dword:00000001
[HKLM~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
“%windir%\system32\sessmgr.exe”=
“C:\Program Files\uTorrent\utorrent.exe”=
“C:\Program Files\GreedyTorrent\GTor.exe”=
“F:\Gry\NWN2\nwn2main.exe”=
“F:\Gry\NWN2\nwn2main_amdxp.exe”=
“F:\Gry\NWN2\nwupdate.exe”=
“F:\Gry\NWN2\nwn2server.exe”=
“C:\Program Files\Gadu-Gadu\gg.exe”=
“C:\Program Files\uTorrent2\utorrent.exe”=
“C:\Program Files\NAPI-PROJEKT\napisy.exe”=
“C:\Program Files\Mozilla Firefox\firefox.exe”=
“C:\Program Files\iolo\System Mechanic Professional 7\Personal Firewall\ioloFW.exe”=
“C:\Program Files\iolo\System Mechanic Professional 7\AntiVirus\ioloAV.exe”=
“C:\Program Files\iolo\System Mechanic Professional 7\AntiVirus\iAVEmailScanner.exe”=
“C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe”=
“C:\Program Files\Nokia\Nokia Software Updater\nsu_ui_client.exe”=
“C:\Program Files\Common Files\Nokia\Service Layer\A\nsl_host_process.exe”=
“F:\Gry\Assasin Creed\AssassinsCreed_Dx9.exe”=
“F:\Gry\Assasin Creed\AssassinsCreed_Dx10.exe”=
“F:\Gry\Assasin Creed\AssassinsCreed_Launcher.exe”=
“C:\Program Files\Nero\Nero8\Nero Home\NeroHome.exe”=
“F:\Gry\COD 4\iw3mp.exe”=
“C:\Program Files\Kaspersky Lab\setup.exe”=
R0 AFPAnsi;G-DATA Ukrywacz Ansi;C:\WINDOWS\system32\Drivers\AFPAnsi.sys [2002-10-09 14:53]
R0 FO_PAnt;FotoOffice VirtualDisc Driver;C:\WINDOWS\system32\Drivers\FO_PAnt.sys [2003-07-17 13:56]
R0 hotcore3;hotcore3;C:\WINDOWS\system32\drivers\hotcore3.sys [2008-01-17 19:30]
R1 kbfilter;Keyboard Filter Driver;C:\WINDOWS\system32\drivers\kbfilter.sys [2002-07-11 12:00]
S3 k510bus;Sony Ericsson K510 Driver driver (WDM);C:\WINDOWS\system32\DRIVERS\k510bus.sys [2006-02-17 21:34]
S3 k510mdfl;Sony Ericsson K510 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\k510mdfl.sys [2006-02-17 21:34]
S3 k510mdm;Sony Ericsson K510 USB WMC Modem Driver;C:\WINDOWS\system32\DRIVERS\k510mdm.sys [2006-02-17 21:34]
S3 k510mgmt;Sony Ericsson K510 USB WMC Device Management Drivers (WDM);C:\WINDOWS\system32\DRIVERS\k510mgmt.sys [2006-02-17 21:34]
S3 k510obex;Sony Ericsson K510 USB WMC OBEX Interface;C:\WINDOWS\system32\DRIVERS\k510obex.sys [2006-02-17 21:34]
S3 z530bus;Sony Ericsson Z530 Driver driver (WDM);C:\WINDOWS\system32\DRIVERS\z530bus.sys [2006-02-17 21:26]
S3 z530mdfl;Sony Ericsson Z530 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\z530mdfl.sys [2006-02-17 21:26]
S3 z530mdm;Sony Ericsson Z530 USB WMC Modem Driver;C:\WINDOWS\system32\DRIVERS\z530mdm.sys [2006-02-17 21:26]
S3 z530mgmt;Sony Ericsson Z530 USB WMC Device Management Drivers (WDM);C:\WINDOWS\system32\DRIVERS\z530mgmt.sys [2006-02-17 21:26]
S3 z530obex;Sony Ericsson Z530 USB WMC OBEX Interface;C:\WINDOWS\system32\DRIVERS\z530obex.sys [2006-02-17 21:26]
S4 GameConsoleService;GameConsoleService;C:\Program Files\WildGames\Game Console - WildGames\GameConsoleService.exe [2008-05-06 00:25]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\K]
\Shell\AutoRun\command - K:\Setup.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2{7d33cf1c-0284-11dd-abaa-000fea6503fa}]
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL copy.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2{7e0a4d02-4401-11dc-b6de-000fea6503fa}]
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL copy.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2{7e0a4d03-4401-11dc-b6de-000fea6503fa}]
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL copy.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2{8cdc921c-73f0-11dd-bd11-000fea6503fa}]
\Shell\AutoRun\command - H:\3o.exe
\Shell\explore\Command - H:\3o.exe
\Shell\open\Command - H:\3o.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2{9bf9af01-b533-11dc-8a83-000fea6503fa}]
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL copy.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2{b7d8cd41-08ac-11dd-abc2-000fea6503fa}]
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL copy.exe
.
-
-
-
- ORPHANS REMOVED - - - -
-
-
Notify-WgaLogon - (no file)
.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Documents and Settings\CIELAK\Dane aplikacji\Mozilla\Firefox\Profiles\rsh3vy7b.default\
FF -: plugin - C:\Program Files\Adobe\Acrobat 7.0\Reader\browser\nppdf32.dll
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-31 11:45:28
Windows 5.1.2600 Dodatek Service Pack 2 NTFS
scanning hidden processes …
scanning hidden autostart entries …
scanning hidden files …
scan completed successfully
hidden files: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet005\Services.NET CLR Data]
[HKEY_LOCAL_MACHINE\System\ControlSet005\Services.NET CLR Networking]
[HKEY_LOCAL_MACHINE\System\ControlSet005\Services.NET Data Provider for Oracle]
[HKEY_LOCAL_MACHINE\System\ControlSet005\Services.NET Data Provider for SqlServer]
[HKEY_LOCAL_MACHINE\System\ControlSet005\Services.NETFramework]
[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\Abiosdsk]
[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\abp480n5]
[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\ACPI]
“ImagePath”=“system32\DRIVERS\ACPI.sys”
[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\ACPIEC]
[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\adpu160m]
[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\aec]
“ImagePath”=“system32\drivers\aec.sys”
[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\AFD]
“ImagePath”="\SystemRoot\System32\drivers\afd.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\AFPAnsi]
“ImagePath”=“System32\Drivers\AFPAnsi.sys”
[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\Aha154x]
[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\aic78u2]
[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\aic78xx]
[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\Alerter]
“ServiceDll”="%SystemRoot%\system32\alrsvc.dll"
[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\ALG]
“ImagePath”="%SystemRoot%\System32\alg.exe"
[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\AliIde]
[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\AmdK8]
“ImagePath”=“system32\DRIVERS\AmdK8.sys”
[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\amsint]
[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\AppMgmt]
“ServiceDll”="%SystemRoot%\System32\appmgmts.dll"
[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\Arp1394]
“ImagePath”=“system32\DRIVERS\arp1394.sys”
[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\asc]
[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\asc3350p]
[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\asc3550]
[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\ASP.NET]
[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\ASP.NET_2.0.50727]
[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\aspnet_state]
“ImagePath”="%SystemRoot%\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe"
[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\AsyncMac]
“ImagePath”=“system32\DRIVERS\asyncmac.sys”
[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\atapi]
“ImagePath”=“system32\DRIVERS\atapi.sys”
[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\Atdisk]
[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\atksgt]
“ImagePath”=“system32\DRIVERS\atksgt.sys”
[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\Atmarpc]
“ImagePath”=“system32\DRIVERS\atmarpc.sys”
[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\AudioSrv]
“ServiceDll”="%SystemRoot%\System32\audiosrv.dll"
[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\audstub]
“ImagePath”=“system32\DRIVERS\audstub.sys”
[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\BattC]
“MofImagePath”=“System32\Drivers\battc.sys”
[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\Beep]
[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\BITS]
“ServiceDll”=“C:\WINDOWS\system32\qmgr.dll”
[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\Browser]
“ServiceDll”="%SystemRoot%\System32\browser.dll"
[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\catchme]
“ImagePath”="??\C:\ComboFix\catchme.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\cbidf2k]
[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\cd20xrnt]
[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\Cdaudio]
[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\Cdfs]
[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\Cdrom]
“ImagePath”=“system32\DRIVERS\cdrom.sys”
[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\Changer]
[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\CiSvc]
“ImagePath”="%SystemRoot%\system32\cisvc.exe"
[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\ClipSrv]
“ImagePath”="%SystemRoot%\system32\clipsrv.exe"
[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\clr_optimization_v2.0.50727_32]
“ImagePath”=“C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe”
[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\CmdIde]
[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\COMSysApp]
“ImagePath”=“C:\WINDOWS\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235}”
[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\ContentFilter]
[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\ContentIndex]
[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\Cpqarray]
[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\CryptSvc]
“ServiceDll”="%SystemRoot%\System32\cryptsvc.dll"
[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\dac2w2k]
[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\dac960nt]
[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\DcomLaunch]
“ServiceDll”="%SystemRoot%\system32\rpcss.dll"
[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\Dhcp]
“ServiceDll”="%SystemRoot%\System32\dhcpcsvc.dll"
[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\Disk]
“ImagePath”=“system32\DRIVERS\disk.sys”
[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\dmadmin]
“ImagePath”="%SystemRoot%\System32\dmadmin.exe /com"
[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\dmboot]
“ImagePath”=“System32\drivers\dmboot.sys”
[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\dmio]
“ImagePath”=“system32\DRIVERS\dmio.sys”
[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\dmload]
[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\dmserver]
“ServiceDll”="%SystemRoot%\System32\dmserver.dll"
[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\DMusic]
“ImagePath”=“system32\drivers\DMusic.sys”
[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\Dnscache]
“ServiceDll”="%SystemRoot%\System32\dnsrslvr.dll"
[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\dpti2o]
[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\drmkaud]
“ImagePath”=“system32\drivers\drmkaud.sys”
[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\ERSvc]
“ServiceDll”="%SystemRoot%\System32\ersvc.dll"
[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\Eventlog]
“ImagePath”="%SystemRoot%\system32\services.exe"
[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\EventSystem]
“ServiceDll”=“C:\WINDOWS\system32\es.dll”
[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\Fastfat]
[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\FastUserSwitchingCompatibility]
“ServiceDll”="%SystemRoot%\System32\shsvcs.dll"
[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\Fdc]
[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\Fips]
[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\Flpydisk]
[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\FltMgr]
“ImagePath”=“system32\DRIVERS\fltMgr.sys”
[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\FO_PAnt]
“ImagePath”=“System32\Drivers\FO_PAnt.sys”
[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\Fs_Rec]
[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\Ftdisk]
“ImagePath”=“system32\DRIVERS\ftdisk.sys”
[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\GameConsoleService]
“ImagePath”="“C:\Program Files\WildGames\Game Console - WildGames\GameConsoleService.exe”"
[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\GEARAspiWDM]
“ImagePath”=“SYSTEM32\DRIVERS\GEARAspiWDM.sys”
[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\Gpc]
“ImagePath”=“system32\DRIVERS\msgpc.sys”
[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\GVCplDrv]
[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\HDAudBus]
“ImagePath”=“system32\DRIVERS\HDAudBus.sys”
[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\helpsvc]
“ServiceDll”="%WINDIR%\PCHealth\HelpCtr\Binaries\pchsvc.dll"
[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\HidServ]
“ServiceDll”="%SystemRoot%\System32\hidserv.dll"
[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\HidUsb]
“ImagePath”=“system32\DRIVERS\hidusb.sys”
[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\hotcore3]
“ImagePath”=“system32\drivers\hotcore3.sys”
[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\hpn]
[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\HTTP]
“ImagePath”=“System32\Drivers\HTTP.sys”
[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\HTTPFilter]
“ServiceDll”="%SystemRoot%\System32\w3ssl.dll"
[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\i2omgmt]
[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\i2omp]
[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\i8042prt]
“ImagePath”=“system32\DRIVERS\i8042prt.sys”
[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\IDriverT]
“ImagePath”="“C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe”"
[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\imagedrv]
“ImagePath”=“System32\Drivers\imagedrv.sys”
[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\imagesrv]
“ImagePath”=“system32\DRIVERS\imagesrv.sys”
[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\Imapi]
“ImagePath”=“system32\DRIVERS\imapi.sys”
[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\ImapiService]
“ImagePath”=“C:\WINDOWS\system32\imapi.exe”
[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\inetaccs]
[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\ini910u]
[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\Inport]
[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\IntcAzAudAddService]
“ImagePath”=“system32\drivers\RtkHDAud.sys”
[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\IntelIde]
[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\Ip6Fw]
“ImagePath”=“system32\DRIVERS\Ip6Fw.sys”
[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\IpFilterDriver]
“ImagePath”=“system32\DRIVERS\ipfltdrv.sys”
[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\IpInIp]
“ImagePath”=“system32\DRIVERS\ipinip.sys”
[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\IpNat]
“ImagePath”=“system32\DRIVERS\ipnat.sys”
[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\IPSec]
“ImagePath”=“system32\DRIVERS\ipsec.sys”
[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\IRENUM]
“ImagePath”=“system32\DRIVERS\irenum.sys”
[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\ISAPISearch]
[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\isapnp]
“ImagePath”=“system32\DRIVERS\isapnp.sys”
[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\k510bus]
“ImagePath”=“system32\DRIVERS\k510bus.sys”
[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\k510mdfl]
“ImagePath”=“system32\DRIVERS\k510mdfl.sys”
[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\k510mdm]
“ImagePath”=“system32\DRIVERS\k510mdm.sys”
[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\k510mgmt]
“ImagePath”=“system32\DRIVERS\k510mgmt.sys”
[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\k510obex]
“ImagePath”=“system32\DRIVERS\k510obex.sys”
[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\Kbdclass]
“ImagePath”=“system32\DRIVERS\kbdclass.sys”
[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\kbdhid]
“ImagePath”=“system32\DRIVERS\kbdhid.sys”
[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\kbfilter]
[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\kl1]
[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\kmixer]
“ImagePath”=“system32\drivers\kmixer.sys”
[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\KSecDD]
[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\lanmanserver]
“ServiceDll”="%SystemRoot%\System32\srvsvc.dll"
[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\lanmanworkstation]
“ServiceDll”="%SystemRoot%\System32\wkssvc.dll"
[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\lbrtfdc]
[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\ldap]
[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\LicenseService]
[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\lirsgt]
“ImagePath”=“system32\DRIVERS\lirsgt.sys”
[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\LmHosts]
“ServiceDll”="%SystemRoot%\System32\lmhsvc.dll"
[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\Messenger]
“ServiceDll”="%SystemRoot%\System32\msgsvc.dll"
[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\mnmdd]
[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\mnmsrvc]
“ImagePath”=“C:\WINDOWS\system32\mnmsrvc.exe”
[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\Modem]
[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\Mouclass]
“ImagePath”=“system32\DRIVERS\mouclass.sys”
[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\mouhid]
“ImagePath”=“system32\DRIVERS\mouhid.sys”
[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\MountMgr]
[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\mraid35x]
[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\MRxDAV]
“ImagePath”=“system32\DRIVERS\mrxdav.sys”
[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\MRxSmb]
“ImagePath”=“system32\DRIVERS\mrxsmb.sys”
[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\MSDTC]
“ImagePath”=“C:\WINDOWS\system32\msdtc.exe”
[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\Msfs]
[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\MSIServer]
“ImagePath”=“C:\WINDOWS\system32\msiexec.exe /V”
[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\MSKSSRV]
“ImagePath”=“system32\drivers\MSKSSRV.sys”
[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\MSPCLOCK]
“ImagePath”=“system32\drivers\MSPCLOCK.sys”
[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\MSPQM]
“ImagePath”=“system32\drivers\MSPQM.sys”
[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\mssmbios]
“ImagePath”=“system32\DRIVERS\mssmbios.sys”
[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\Mup]
[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\NDIS]
[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\NdisTapi]
“ImagePath”=“system32\DRIVERS\ndistapi.sys”
[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\Ndisuio]
“ImagePath”=“system32\DRIVERS\ndisuio.sys”
[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\NdisWan]
“ImagePath”=“system32\DRIVERS\ndiswan.sys”
[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\NDProxy]
[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\Nero BackItUp Scheduler 3]
“ImagePath”=“C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe”
[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\NetBIOS]
“ImagePath”=“system32\DRIVERS\netbios.sys”
[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\NetBT]
“ImagePath”=“system32\DRIVERS\netbt.sys”
[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\NetDDE]
“ImagePath”="%SystemRoot%\system32\netdde.exe"
[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\NetDDEdsdm]
“ImagePath”="%SystemRoot%\system32\netdde.exe"
[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\Netlogon]
“ImagePath”="%SystemRoot%\system32\lsass.exe"
[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\Netman]
“ServiceDll”="%SystemRoot%\System32\netman.dll"
[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\NIC1394]
“ImagePath”=“system32\DRIVERS\nic1394.sys”
[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\Nla]
“ServiceDll”="%SystemRoot%\System32\mswsock.dll"
[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\nm]
[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\NMIndexingService]
“ImagePath”="“C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe”"
[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\Npfs]
[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\Ntfs]
[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\NtLmSsp]
“ImagePath”="%SystemRoot%\system32\lsass.exe"
[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\NtmsSvc]
“ServiceDll”="%SystemRoot%\system32\ntmssvc.dll"
[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\Null]
[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\nv]
“ImagePath”=“system32\DRIVERS\nv4_mini.sys”
[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\nvata]
“ImagePath”=“system32\DRIVERS\nvata.sys”
[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\NVENETFD]
“ImagePath”=“system32\DRIVERS\NVENETFD.sys”
[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\nvnetbus]
“ImagePath”=“system32\DRIVERS\nvnetbus.sys”
[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\NVSvc]
“ImagePath”="%SystemRoot%\system32\nvsvc32.exe"
[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\NwlnkFlt]
“ImagePath”=“system32\DRIVERS\nwlnkflt.sys”
[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\NwlnkFwd]
“ImagePath”=“system32\DRIVERS\nwlnkfwd.sys”
[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\NwlnkIpx]
“ImagePath”=“system32\DRIVERS\nwlnkipx.sys”
[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\NwlnkNb]
“ImagePath”=“system32\DRIVERS\nwlnknb.sys”
[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\NwlnkSpx]
“ImagePath”=“system32\DRIVERS\nwlnkspx.sys”
[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\ohci1394]
“ImagePath”=“system32\DRIVERS\ohci1394.sys”
[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\Parport]
“ImagePath”=“system32\DRIVERS\parport.sys”
[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\PartMgr]
[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\ParVdm]
[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\PCI]
“ImagePath”=“system32\DRIVERS\pci.sys”
[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\PCIDump]
[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\PCIIde]
“ImagePath”=“system32\DRIVERS\pciide.sys”
[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\Pcmcia]
[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\PDCOMP]
[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\PDFRAME]
[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\PDRELI]
[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\PDRFRAME]
[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\perc2]
[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\perc2hib]
[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\PerfDisk]
[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\PerfNet]
[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\PerfOS]
[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\PerfProc]
[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\PlugPlay]
“ImagePath”="%SystemRoot%\system32\services.exe"
[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\PolicyAgent]
“ImagePath”="%SystemRoot%\system32\lsass.exe"
[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\PptpMiniport]
“ImagePath”=“system32\DRIVERS\raspptp.sys”
[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\Processor]
“ImagePath”=“system32\DRIVERS\processr.sys”
[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\ProtectedStorage]
“ImagePath”="%SystemRoot%\system32\lsass.exe"
[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\PSched]
“ImagePath”=“system32\DRIVERS\psched.sys”
[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\Ptilink]
“ImagePath”=“system32\DRIVERS\ptilink.sys”
[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\pxcom]
[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\PxHelp20]
“ImagePath”=“System32\Drivers\PxHelp20.sys”
[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\ql1080]
[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\Ql10wnt]
[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\ql12160]
[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\ql1240]
[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\ql1280]
[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\RasAcd]
“ImagePath”=“system32\DRIVERS\rasacd.sys”
[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\RasAuto]
“ServiceDll”="%SystemRoot%\System32\rasauto.dll"
[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\Rasl2tp]
“ImagePath”=“system32\DRIVERS\rasl2tp.sys”
[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\RasMan]
“ServiceDll”="%SystemRoot%\System32\rasmans.dll"
[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\RasPppoe]
“ImagePath”=“system32\DRIVERS\raspppoe.sys”
[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\Raspti]
“ImagePath”=“system32\DRIVERS\raspti.sys”
[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\Rdbss]
“ImagePath”=“system32\DRIVERS\rdbss.sys”
[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\RDPCDD]
“ImagePath”=“System32\DRIVERS\RDPCDD.sys”
[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\RDPDD]
[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\rdpdr]
“ImagePath”=“system32\DRIVERS\rdpdr.sys”
[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\RDPNP]
[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\RDPWD]
[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\RDSessMgr]
“ImagePath”=“C:\WINDOWS\system32\sessmgr.exe”
[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\redbook]
“ImagePath”=“system32\DRIVERS\redbook.sys”
[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\RemoteAccess]
“ServiceDll”="%SystemRoot%\System32\mprdim.dll"
[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\RemoteRegistry]
“ServiceDll”="%SystemRoot%\system32\regsvc.dll"
[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\RpcLocator]
“ImagePath”="%SystemRoot%\system32\locator.exe"
[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\RpcSs]
“ServiceDll”="%SystemRoot%\system32\rpcss.dll"
[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\RSVP]
“ImagePath”="%SystemRoot%\system32\rsvp.exe"
[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\SamSs]
“ImagePath”="%SystemRoot%\system32\lsass.exe"
[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\SCardSvr]
“ImagePath”="%SystemRoot%\System32\SCardSvr.exe"
[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\SCDEmu]
[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\Schedule]
“ServiceDll”="%SystemRoot%\system32\schedsvc.dll"
[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\SE27bus]
“ImagePath”=“system32\DRIVERS\SE27bus.sys”
[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\SE27mdfl]
“ImagePath”=“system32\DRIVERS\SE27mdfl.sys”
[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\SE27mdm]
“ImagePath”=“system32\DRIVERS\SE27mdm.sys”
[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\SE27mgmt]
“ImagePath”=“system32\DRIVERS\SE27mgmt.sys”
[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\se27nd5]
“ImagePath”=“system32\DRIVERS\se27nd5.sys”
[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\SE27obex]
“ImagePath”=“system32\DRIVERS\SE27obex.sys”
[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\se27unic]
“ImagePath”=“system32\DRIVERS\se27unic.sys”
[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\Secdrv]
“ImagePath”=“system32\DRIVERS\secdrv.sys”
[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\seclogon]
“ServiceDll”="%SystemRoot%\System32\seclogon.dll"
[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\SENS]
“ServiceDll”="%SystemRoot%\system32\sens.dll"
[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\serenum]
“ImagePath”=“system32\DRIVERS\serenum.sys”
[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\Serial]
“ImagePath”=“system32\DRIVERS\serial.sys”
[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\SerialKeys]
“ImagePath”=“C:\WINDOWS\system32\skeys.exe”
[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\Sfloppy]
[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\SharedAccess]
“ServiceDll”="%SystemRoot%\System32\ipnathlp.dll"
[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\ShellHWDetection]
“ServiceDll”="%SystemRoot%\System32\shsvcs.dll"
[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\Simbad]
[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\Sparrow]
[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\splitter]
“ImagePath”=“system32\drivers\splitter.sys”
[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\Spooler]
“ImagePath”="%SystemRoot%\system32\spoolsv.exe"
[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\sptd]
“ImagePath”=“System32\Drivers\sptd.sys”
[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\sr]
“ImagePath”=“system32\DRIVERS\sr.sys”
[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\srservice]
“ServiceDll”=“C:\WINDOWS\system32\srsvc.dll”
[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\Srv]
“ImagePath”=“system32\DRIVERS\srv.sys”
[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\SSDPSRV]
“ServiceDll”="%SystemRoot%\System32\ssdpsrv.dll"
[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\StarWindService]
“ImagePath”=“C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe”
[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\stisvc]
“ServiceDll”="%SystemRoot%\system32\wiaservc.dll"
[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\swenum]
“ImagePath”=“system32\DRIVERS\swenum.sys”
[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\swmidi]
“ImagePath”=“system32\drivers\swmidi.sys”
[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\SwPrv]
“ImagePath”=“C:\WINDOWS\system32\dllhost.exe /Processid:{393FE7FC-C040-467B-AFF5-F4C68F5EF4BD}”
[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\SymantecAntiBotAgent]
“ImagePath”="“C:\Program Files\Symantec\Norton AntiBot\agent\Bin\NABAgent.exe” SymantecAntiBotAgent"
[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\SymantecAntiBotDriver]
“ImagePath”="??\C:\Program Files\Symantec\Norton AntiBot\agent\driver\AntiBotDriver.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\SymantecAntiBotFilter]
“ImagePath”="??\C:\Program Files\Symantec\Norton AntiBot\agent\driver\AntiBotFilter.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\SymantecAntiBotShim]
“ImagePath”="??\C:\Program Files\Symantec\Norton AntiBot\agent\driver\AntiBotShim.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\SymantecAntiBotWatcher]
“ImagePath”=“C:\Program Files\Symantec\Norton AntiBot\agent\Bin\NABWatcher.exe”
[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\symc810]
[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\symc8xx]
[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\sym_hi]
[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\sym_u3]
[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\sysaudio]
“ImagePath”=“system32\drivers\sysaudio.sys”
[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\SysmonLog]
“ImagePath”="%SystemRoot%\system32\smlogsvc.exe"
[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\TapiSrv]
“ServiceDll”="%SystemRoot%\System32\tapisrv.dll"
[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\Tcpip]
“ImagePath”=“system32\DRIVERS\tcpip.sys”
[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\TDPIPE]
[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\TDTCP]
[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\TermDD]
“ImagePath”=“system32\DRIVERS\termdd.sys”
[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\TermService]
“ServiceDll”="%SystemRoot%\System32\termsrv.dll"
[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\Themes]
“ServiceDll”="%SystemRoot%\System32\shsvcs.dll"
[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\TlntSvr]
“ImagePath”=“C:\WINDOWS\system32\tlntsvr.exe”
[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\TosIde]
[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\TrkWks]
“ServiceDll”="%SystemRoot%\system32\trkwks.dll"
[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\TSDDD]
[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\Udfs]
[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\UimBus]
“ImagePath”=“system32\DRIVERS\UimBus.sys”
[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\Uim_IM]
“ImagePath”=“System32\Drivers\Uim_IM.sys”
[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\ultra]
[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\UMWdf]
“ImagePath”=“C:\WINDOWS\system32\wdfmgr.exe”
[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\Update]
“ImagePath”=“system32\DRIVERS\update.sys”
[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\upnphost]
“ServiceDll”="%SystemRoot%\System32\upnphost.dll"
[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\UPS]
“ImagePath”="%SystemRoot%\System32\ups.exe"
[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\usbccgp]
“ImagePath”=“system32\DRIVERS\usbccgp.sys”
[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\usbehci]
“ImagePath”=“system32\DRIVERS\usbehci.sys”
[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\usbhub]
“ImagePath”=“system32\DRIVERS\usbhub.sys”
[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\usbohci]
“ImagePath”=“system32\DRIVERS\usbohci.sys”
[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\usbscan]
“ImagePath”=“system32\DRIVERS\usbscan.sys”
[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\USBSTOR]
“ImagePath”=“system32\DRIVERS\USBSTOR.SYS”
[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\Vax347b]
“ImagePath”=“system32\DRIVERS\Vax347b.sys”
[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\Vax347s]
“ImagePath”=“System32\Drivers\Vax347s.sys”
[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\VgaSave]
“ImagePath”="\SystemRoot\System32\drivers\vga.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\ViaIde]
[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\VolSnap]
[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\VSS]
“ImagePath”="%SystemRoot%\System32\vssvc.exe"
[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\W32Time]
“ServiceDll”=“C:\WINDOWS\system32\w32time.dll”
[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\W3SVC]
[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\w810bus]
“ImagePath”=“system32\DRIVERS\w810bus.sys”
[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\w810mdfl]
“ImagePath”=“system32\DRIVERS\w810mdfl.sys”
[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\w810mdm]
“ImagePath”=“system32\DRIVERS\w810mdm.sys”
[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\w810mgmt]
“ImagePath”=“system32\DRIVERS\w810mgmt.sys”
[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\w810obex]
“ImagePath”=“system32\DRIVERS\w810obex.sys”
[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\Wanarp]
“ImagePath”=“system32\DRIVERS\wanarp.sys”
[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\WDICA]
[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\wdmaud]
“ImagePath”=“system32\drivers\wdmaud.sys”
[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\WebClient]
“ServiceDll”="%SystemRoot%\System32\webclnt.dll"
[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\winmgmt]
“ServiceDll”="%SystemRoot%\system32\wbem\WMIsvc.dll"
[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\Winsock]
[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\WinSock2]
[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\WinTrust]
[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\WmdmPmSN]
“ServiceDll”=“C:\WINDOWS\system32\mspmsnsv.dll”
[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\Wmi]
“ServiceDll”="%SystemRoot%\System32\advapi32.dll"
[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\WmiApRpl]
[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\WmiApSrv]
“ImagePath”=“C:\WINDOWS\system32\wbem\wmiapsrv.exe”
[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\WS2IFSL]
“ImagePath”="\SystemRoot\System32\drivers\ws2ifsl.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\wscsvc]
“ServiceDll”="%SYSTEMROOT%\system32\wscsvc.dll"
[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\wuauserv]
“ServiceDll”=“C:\WINDOWS\system32\wuauserv.dll”
[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\WZCSVC]
“ServiceDll”="%SystemRoot%\System32\wzcsvc.dll"
[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\xmlprov]
“ServiceDll”="%SystemRoot%\System32\xmlprov.dll"
[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\z530bus]
“ImagePath”=“system32\DRIVERS\z530bus.sys”
[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\z530mdfl]
“ImagePath”=“system32\DRIVERS\z530mdfl.sys”
[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\z530mdm]
“ImagePath”=“system32\DRIVERS\z530mdm.sys”
[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\z530mgmt]
“ImagePath”=“system32\DRIVERS\z530mgmt.sys”
[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\z530obex]
“ImagePath”=“system32\DRIVERS\z530obex.sys”
[HKEY_LOCAL_MACHINE\System\ControlSet005\Services{4ED33FAA-93D3-442E-8ED5-7438DE695CA4}]
[HKEY_LOCAL_MACHINE\System\ControlSet005\Services{C16A21D0-5785-484A-AE77-2A94C153637F}]
[HKEY_LOCAL_MACHINE\System\ControlSet005\Services{FC0422BA-7E33-4688-B07A-845A394F5426}]
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\savedump.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\GreedyTorrent\GTor.exe
.
**************************************************************************
.
Completion time: 2008-08-31 11:50:00 - machine was rebooted
ComboFix-quarantined-files.txt 2008-08-31 09:49:58
Pre-Run: 10,932,645,888 bajtów wolnych
Post-Run: 11,175,272,448 bajt˘w wolnych
755 — E O F — 2008-04-20 01:20:17