spustil se opět ten scan tady je nový log , změnilo se něco ? zmizel mě z plochy ten poznámkový blok
ComboFix 18-02-16.01 - CHRIS 09.03.2018 18:32:58.2.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1250.420.1029.18.1406.775 [GMT 1:00]
Spuštěný z: c:\documents and settings\CHRIS\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\CHRIS\Plocha\CFScript.txt.txt
AV: Avast Antivirus *Disabled/Updated* {7591db91-41f0-48a3-b128-1a293fd8233d}
FW: Norton Internet Worm Protection *Disabled* {990F9400-4CEE-43EA-A83A-D013ADD8EA6E}
.
VAROVÁNÍ - NA TOMTO POČÍTAČI NENÍ NAINSTALOVÁNA KONZOLA PRO ZOTAVENÍ !!
.
FILE ::
"c:\documents and settings\Administrator\Nabídka Start\Programy\Po spuštění\Thumbs.db"
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2018-02-09 do 2018-03-09 )))))))))))))))))))))))))))))))
.
.
2018-03-07 18:34 . 2018-03-07 18:34 -------- d-----w- C:\$AV_ASW
2018-03-06 14:55 . 2018-03-06 14:54 319392 ----a-w- c:\windows\system32\aswBoot.exe
2018-03-01 21:12 . 2018-03-01 21:12 -------- d-----w- C:\_OTM
2018-02-21 13:17 . 2018-02-21 13:17 -------- d---a-w- c:\windows\system32\runouce.exe
2018-02-21 13:06 . 2018-02-21 13:06 -------- d-----w- c:\program files\Common Files\MicroWorld
2018-02-20 06:01 . 2018-02-20 06:01 -------- d-----w- c:\documents and settings\All Users\Data aplikací\SWCUTemp
2018-02-18 07:49 . 2018-02-19 04:41 -------- d-----w- c:\program files\Security Task Manager
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2018-03-06 14:55 . 2017-06-17 05:30 205344 ----a-w- c:\windows\system32\drivers\aswStmXP.sys
2018-03-06 14:55 . 2017-06-17 05:30 310784 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2018-03-06 14:55 . 2017-06-17 05:30 391856 ----a-w- c:\windows\system32\drivers\aswSP.sys
2018-03-06 14:55 . 2017-06-17 05:30 70816 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2018-03-06 14:55 . 2017-11-17 16:24 167040 ----a-w- c:\windows\system32\drivers\aswArPot.sys
2018-03-06 14:55 . 2017-06-17 05:30 124392 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2018-03-06 14:55 . 2017-06-17 05:30 42808 ----a-w- c:\windows\system32\drivers\aswHwid.sys
2018-03-06 14:55 . 2017-06-17 05:30 70576 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2018-03-06 14:54 . 2017-06-17 05:30 783608 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2018-03-06 14:54 . 2018-01-01 21:03 169536 ----a-w- c:\windows\system32\drivers\aswHdsKe.sys
2018-03-06 14:54 . 2017-06-17 05:30 50336 ----a-w- c:\windows\system32\drivers\aswbunivx.sys
2018-03-06 14:54 . 2017-06-17 05:30 276688 ----a-w- c:\windows\system32\drivers\aswblogx.sys
2018-03-06 14:54 . 2017-06-17 05:30 157368 ----a-w- c:\windows\system32\drivers\aswbidshx.sys
2018-03-06 14:54 . 2017-06-17 05:30 185432 ----a-w- c:\windows\system32\drivers\aswbidsdriverx.sys
2018-02-14 08:47 . 2012-04-04 06:29 803328 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2018-02-14 08:47 . 2011-05-15 08:48 144896 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2018-02-06 16:23 . 2016-10-23 18:55 24688 ----a-w- c:\windows\system32\drivers\TrueSight.sys
2017-09-18 09:39 . 2017-09-18 09:36 176705440 ----a-w- c:\program files\Sophos Virus Removal Tool.exe
2017-06-17 05:21 . 2016-11-17 07:00 6919904 ----a-w- c:\program files\avast_free_antivirus_setup_online.exe
2014-02-15 20:48 . 2014-02-15 20:48 25777288 -c--a-w- c:\program files\wmp11-windowsxp-x86-CS-CZ.exe
2014-02-15 20:37 . 2014-02-15 20:37 318904 -c--a-w- c:\program files\wmpfirefoxplugin.exe
2013-07-13 06:29 . 2013-07-13 06:29 86521112 -c--a-w- c:\program files\msert.exe
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00asw]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2018-03-06 14:54 1370328 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvLaunch.exe" [2018-03-06 245608]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"FlashPlayerUpdate"="c:\windows\system32\Macromed\Flash\FlashUtil32_25_0_0_171_pepper.exe" [BU]
.
c:\documents and settings\Administrator\Nabídka Start\Programy\Po spuštění\
Thumbs.db [2009-12-24 7168]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"SoftwareSASGeneration"= 1 (0x1)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2012-04-07 113024]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^$McRebootA5E6DEAA56$.lnk]
path=c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\$McRebootA5E6DEAA56$.lnk
backup=c:\windows\pss\$McRebootA5E6DEAA56$.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Bluetooth.lnk]
path=c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\Bluetooth.lnk
backup=c:\windows\pss\Bluetooth.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Microsoft Office.lnk]
path=c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Windows Search.lnk]
path=c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\Windows Search.lnk
backup=c:\windows\pss\Windows Search.lnkCommon Startup
.
[HKLM\~\startupfolder\^hs_err_pid3888.log]
path=\hs_err_pid3888.log
backup=c:\windows\pss\hs_err_pid3888.logStartup
.
[HKLM\~\startupfolder\^ntuser.dat]
path=\ntuser.dat
backup=c:\windows\pss\ntuser.datStartup
.
[HKLM\~\startupfolder\^ntuser.dat.LOG]
path=\ntuser.dat.LOG
backup=c:\windows\pss\ntuser.dat.LOGStartup
.
[HKLM\~\startupfolder\^ntuser.ini]
path=\ntuser.ini
backup=c:\windows\pss\ntuser.iniStartup
.
[HKLM\~\startupfolder\^serverport]
path=\serverport
backup=c:\windows\pss\serverportStartup
.
[HKLM\~\startupfolder\^Thumbs.db]
path=\Thumbs.db
backup=c:\windows\pss\Thumbs.dbStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NokiaMServer]
c:\program files\Common Files\Nokia\MPlatform\NokiaMServer [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\20131121]
c:\program files\AVAST Software\Avast\setup\emupdate\09a50f51-517f-48d7-8a6a-4d62cf1d0e57.exe [BU]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2013-11-21 16:57 959904 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AGRSMMSG]
2006-03-18 06:22 89541 -c--a-w- c:\windows\agrsmmsg.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
2005-05-04 07:43 69632 -c--a-w- c:\windows\Alcmtr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Apoint]
2004-03-23 20:40 196608 -c--a-w- c:\program files\Apoint2K\Apoint.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIPTA]
2006-03-17 13:37 344064 -c--a-w- c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CCleaner Monitoring]
2018-02-07 17:47 8003664 ----a-w- c:\program files\CCleaner\CCleaner.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CeEKEY]
2006-03-16 11:27 634880 -c--a-w- c:\program files\TOSHIBA\E-KEY\CeEKey.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DDWMon]
2006-05-31 10:29 262144 -c--a-w- c:\program files\TOSHIBA\TOSHIBA Direct Disc Writer\DDWMon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXMediaServer]
2016-06-21 10:44 1010144 ----a-w- c:\program files\DivX\DivX Media Server\DivXMediaServer.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2008-03-25 19:27 49152 -c--a-w- c:\program files\HP\HP Software Update\hpwuSchd2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpqSRMon]
2008-03-13 07:34 81920 -c--a-w- c:\program files\HP\Digital Imaging\bin\HpqSRmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HWSetup]
2004-05-01 11:45 28672 -c--a-w- c:\program files\TOSHIBA\TOSHIBA Applet\HWSetup.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes' Anti-Malware]
c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe [BU]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Nero MediaHome 4]
2010-10-29 14:59 5178664 ----a-w- c:\program files\Nero\Nero MediaHome 4\NeroMediaHome.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PadTouch]
2005-12-22 08:12 1077328 -c--a-w- c:\program files\TOSHIBA\Touch and Launch\PadExe.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
2006-04-18 04:34 16143872 -c--a-w- c:\windows\RTHDCPL.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\seznam-listicka-distribuce]
2012-09-13 13:24 1009288 -c--a-w- c:\program files\Seznam.cz\distribution\szninstall.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2017-05-05 14:43 27716568 ----a-r- c:\program files\Skype\Phone\Skype.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SmoothView]
2005-05-12 12:22 118784 -c--a-w- c:\program files\TOSHIBA\Nástroj TOSHIBA Zooming Utility\SmoothView.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Spotify Web Helper]
c:\documents and settings\CHRISTOS\Data aplikací\Spotify\Data\SpotifyWebHelper.exe [BU]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SVPWUTIL]
2004-05-01 11:45 65536 -c--a-w- c:\program files\TOSHIBA\Windows Utilities\SVPWUTIL.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TOSCDSPD]
2005-04-12 08:31 65536 ----a-w- c:\program files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TPNF]
2006-04-04 12:57 53248 -c--a-w- c:\program files\TOSHIBA\TouchPad\TPTray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TPSMain]
2005-08-11 13:56 266240 ----a-w- c:\windows\system32\TPSMain.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Tvs]
2006-02-02 11:11 73728 -c--a-w- c:\program files\TOSHIBA\Tvs\TvsTray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UnlockerAssistant]
2010-07-04 19:51 17408 ----a-w- c:\program files\Unlocker\UnlockerAssistant.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VoipConnect]
2015-08-03 10:55 32417376 ----a-w- c:\program files\VoipConnect.com\VoipConnect\voipconnect.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
2009-02-04 18:06 204288 ------w- c:\program files\Windows Media Player\wmpnscfg.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Zooming]
2005-06-06 07:58 24576 -c--a-w- c:\windows\system32\ZoomingHook.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"hpqddsvc"=2 (0x2)
"seclogon"=2 (0x2)
"BthServ"=2 (0x2)
"TapiSrv"=3 (0x3)
"usnjsvc"=3 (0x3)
"Sony Ericsson PCCompanion"=3 (0x3)
"SkypeUpdate"=2 (0x2)
"ServiceLayer"=3 (0x3)
"ose"=3 (0x3)
"MozillaMaintenance"=3 (0x3)
"idsvc"=3 (0x3)
"IDriverT"=3 (0x3)
"gupdatem"=3 (0x3)
"gupdate"=2 (0x2)
"STI Simulator"=2 (0x2)
"NeroMediaHomeService.4"=2 (0x2)
"McAfee SiteAdvisor Service"=2 (0x2)
"btwdins"=2 (0x2)
"MBAMScheduler"=2 (0x2)
"AdobeFlashPlayerUpdateSvc"=3 (0x3)
"WsAppService"=2 (0x2)
"WMPNetworkSvc"=3 (0x3)
"TODDSrv"=2 (0x2)
"ss_conn_service"=3 (0x3)
"SeaPort"=2 (0x2)
"MBAMService"=2 (0x2)
"JavaQuickStarterService"=2 (0x2)
"CFSvcs"=2 (0x2)
"Ati HotKey Poller"=2 (0x2)
"ACS"=2 (0x2)
"!SASCORE"=2 (0x2)
"aswbIDSAgent"=3 (0x3)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"TkBellExe"="c:\program files\real\realplayer\update\realsched.exe" -osboot
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2016-04-11 23:12 1106072 ----a-w- c:\program files\Google\Chrome\Application\49.0.2623.112\Installer\chrmstp.exe
.
Obsah adresáře 'Naplánované úlohy'
.
2018-03-03 c:\windows\Tasks\Adobe Flash Player PPAPI Notifier.job
- c:\windows\system32\Macromed\Flash\FlashUtil32_28_0_0_161_pepper.exe [2018-02-10 23:51]
.
2018-03-09 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-04 08:47]
.
2018-03-09 c:\windows\Tasks\Avast Emergency Update.job
- c:\program files\AVAST Software\Avast\AvEmUpdate.exe [2018-03-06 14:54]
.
2018-03-09 c:\windows\Tasks\CCleaner Update.job
- c:\program files\CCleaner\CCUpdate.exe [2018-02-07 17:47]
.
2018-03-09 c:\windows\Tasks\DivXUpdate.job
- c:\program files\Common Files\DivX Shared\Qt4.8\DivXUpdate.exe [2016-06-03 18:00]
.
2018-03-08 c:\windows\Tasks\Měsíční oznamování konce poskytování služeb pro Microsoft Windows XP.job
- c:\windows\system32\xp_eos.exe [2014-03-08 23:28]
.
2018-03-09 c:\windows\Tasks\SafeZone scheduled Autoupdate 1497678048.job
- c:\program files\AVAST Software\SZBrowser\launcher.exe [2017-06-17 08:42]
.
2018-03-09 c:\windows\Tasks\User_Feed_Synchronization-{87D1AAE8-6D0B-487B-8825-48D8E6AF58CB}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 17:36]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://
www.seznam.cz/
mStart Page = hxxp://
www.yahoo.com
uInternet Connection Wizard,ShellNext = iexplore
IE: Send To &Bluetooth - c:\program files\Belkin\Bluetooth Software\btsendto_ie_ctx.htm
TCP: DhcpNameServer = 192.168.2.1 213.46.172.37 213.46.172.36
DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} - hxxp://
www.hellascams.gr/activex_2130/AxisCamControl.cab
FF - ProfilePath - c:\documents and settings\CHRIS\Data aplikací\Mozilla\Firefox\Profiles\rwi2u472.default-1405289423156\
FF - prefs.js: browser.startup.homepage - hxxps://
www.seznam.cz/
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.net
Rootkit scan 2018-03-09 18:51
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\!SASCORE]
"ImagePath"="\"c:\program files\SUPERAntiSpyware\SASCORE.EXE\""
.
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\.NET CLR Data]
.
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\.NET CLR Networking]
.
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\.NET CLR Networking 4.0.0.0]
.
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\.NET Data Provider for Oracle]
.
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\.NET Data Provider for SqlServer]
.
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\.NET Memory Cache 4.0]
.
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\.NETFramework]
.
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Abiosdsk]
.
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\abp480n5]
.
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\ACPI]
"ImagePath"="system32\DRIVERS\ACPI.sys"
.
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\ACPIEC]
"ImagePath"="system32\DRIVERS\ACPIEC.sys"
.
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\ACS]
"ImagePath"="c:\windows\system32\acs.exe"
.
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\AdobeFlashPlayerUpdateSvc]
"ImagePath"="c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe"
.
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\adpu160m]
.
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\aec]
"ImagePath"="system32\drivers\aec.sys"
.
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\AegisP]
"ImagePath"="system32\DRIVERS\AegisP.sys"
.
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\AFD]
"ImagePath"="\SystemRoot\System32\drivers\afd.sys"
.
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\AgereSoftModem]
"ImagePath"="system32\DRIVERS\AGRSM.sys"
.
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Aha154x]
.
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\aic78u2]
.
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\aic78xx]
.
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Alerter]
"ServiceDll"="%SystemRoot%\system32\alrsvc.dll"
.
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\ALG]
"ImagePath"="%SystemRoot%\System32\alg.exe"
.
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\AliIde]
.
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\amsint]
.
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\ApfiltrService]
"ImagePath"="system32\DRIVERS\Apfiltr.sys"
.
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\appliand]
"ImagePath"="system32\DRIVERS\appliand.sys"
.
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\appliandMP]
"ImagePath"="system32\DRIVERS\appliand.sys"
.
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\AppMgmt]
"ServiceDll"="%SystemRoot%\System32\appmgmts.dll"
.
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\AR5211]
"ImagePath"="system32\DRIVERS\ar5211.sys"
.
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Arp1394]
"ImagePath"="system32\DRIVERS\arp1394.sys"
.
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\asc]
.
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\asc3350p]
.
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\asc3550]
.
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\ASP.NET]
.
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\ASP.NET_1.1.4322]
.
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\ASP.NET_2.0.50727]
.
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\ASP.NET_4.0.30319]
.
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\aspnet_state]
"ImagePath"="%SystemRoot%\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe"
.
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\aswArPot]
"ImagePath"="system32\drivers\aswArPot.sys"
.
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\aswbIDSAgent]
"ImagePath"="\"c:\program files\AVAST Software\Avast\aswidsagent.exe\""
.
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\aswbidsdriver]
"ImagePath"="system32\drivers\aswbidsdriverx.sys"
.
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\aswbidsh]
"ImagePath"="system32\drivers\aswbidshx.sys"
.
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\aswblog]
"ImagePath"="system32\drivers\aswblogx.sys"
.
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\aswbuniv]
"ImagePath"="system32\drivers\aswbunivx.sys"
.
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\aswHdsKe]
"ImagePath"="system32\drivers\aswHdsKe.sys"
.
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\aswHwid]
"ImagePath"="system32\drivers\aswHwid.sys"
.
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\aswKbd]
"ImagePath"="\SystemRoot\system32\drivers\aswKbd.sys"
.
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\aswMonFlt]
"ImagePath"="system32\drivers\aswMonFlt.sys"
.
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\aswRdr]
"ImagePath"="system32\drivers\aswRdr.sys"
.
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\aswRvrt]
"ImagePath"="system32\drivers\aswRvrt.sys"
.
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\aswSnx]
"ImagePath"="system32\drivers\aswSnx.sys"
.
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\aswSP]
"ImagePath"="system32\drivers\aswSP.sys"
.
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\aswStmXP]
"ImagePath"="system32\drivers\aswStmXP.sys"
.
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\aswVmm]
"ImagePath"="system32\drivers\aswVmm.sys"
.
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\AsyncMac]
"ImagePath"="system32\DRIVERS\asyncmac.sys"
.
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\atapi]
"ImagePath"="system32\DRIVERS\atapi.sys"
.
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Atdisk]
.
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Ati HotKey Poller]
"ImagePath"="%SystemRoot%\system32\Ati2evxx.exe"
.
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\ati2mtag]
"ImagePath"="system32\DRIVERS\ati2mtag.sys"
.
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Atierecord]
.
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Atmarpc]
"ImagePath"="system32\DRIVERS\atmarpc.sys"
.
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\AudioSrv]
"ServiceDll"="%SystemRoot%\System32\audiosrv.dll"
.
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\audstub]
"ImagePath"="system32\DRIVERS\audstub.sys"
.
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\avast! Antivirus]
"ImagePath"="\"c:\program files\AVAST Software\Avast\AvastSvc.exe\""
.
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\BattC]
"MofImagePath"="System32\Drivers\battc.sys"
.
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Beep]
.
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\BITS]
"ServiceDll"="%systemroot%\system32\qmgr.dll"
.
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Browser]
"ServiceDll"="%SystemRoot%\System32\browser.dll"
.
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\btaudio]
"ImagePath"="system32\drivers\btaudio.sys"
.
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\BTDriver]
"ImagePath"="system32\DRIVERS\btport.sys"
.
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\BthEnum]
"ImagePath"="system32\DRIVERS\BthEnum.sys"
.
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\BthPan]
"ImagePath"="system32\DRIVERS\bthpan.sys"
.
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\BTHPORT]
"ImagePath"="System32\Drivers\BTHport.sys"
.
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\BthServ]
"ServiceDll"="%SystemRoot%\System32\bthserv.dll"
.
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\BTHUSB]
"ImagePath"="System32\Drivers\BTHUSB.sys"
.
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\BTKRNL]
"ImagePath"="system32\DRIVERS\btkrnl.sys"
.
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\BTSERIAL]
"ImagePath"="\??\c:\windows\system32\drivers\btserial.sys"
.
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\BTSLBCSP]
"ImagePath"="\??\c:\windows\system32\drivers\btslbcsp.sys"
.
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\btwdins]
"ImagePath"="c:\program files\Belkin\Bluetooth Software\bin\btwdins.exe"
.
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\BTWDNDIS]
"ImagePath"="system32\DRIVERS\btwdndis.sys"
.
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\btwhid]
"ImagePath"="system32\DRIVERS\btwhid.sys"
.
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\btwmodem]
"ImagePath"="system32\DRIVERS\btwmodem.sys"
.
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\BTWUSB]
"ImagePath"="System32\Drivers\btwusb.sys"
.
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\catchme]
"ImagePath"="\??\c:\docume~1\CHRISTOS\LOCALS~1\Temp\catchme.sys"
.
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\cbidf2k]
.
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\CCDECODE]
"ImagePath"="system32\DRIVERS\CCDECODE.sys"
.
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\cd20xrnt]
.
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Cdaudio]
.
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Cdfs]
.
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Cdrom]
"ImagePath"="system32\DRIVERS\cdrom.sys"
.
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\CFSvcs]
"ImagePath"="c:\program files\TOSHIBA\ConfigFree\CFSvcs.exe"
.
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Changer]
.
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\CiSvc]
"ImagePath"="%SystemRoot%\system32\cisvc.exe"
.
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\ClipSrv]
"ImagePath"="%SystemRoot%\system32\clipsrv.exe"
.
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\clr_optimization_v2.0.50727_32]
"ImagePath"="c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe"
.
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\clr_optimization_v4.0.30319_32]
"ImagePath"="c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe"
.
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\CmBatt]
"ImagePath"="system32\DRIVERS\CmBatt.sys"
.
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\CmdIde]
.
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Compbatt]
"ImagePath"="system32\DRIVERS\compbatt.sys"
.
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\COMSysApp]
"ImagePath"="%SystemRoot%\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235}"
.
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\ContentFilter]
.
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\ContentIndex]
.
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Cpqarray]
.
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\CryptSvc]
"ServiceDll"="%SystemRoot%\System32\cryptsvc.dll"
.
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\dac2w2k]
.
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\dac960nt]
.
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\DcomLaunch]
"ServiceDll"="%SystemRoot%\system32\rpcss.dll"
.
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\dg_ssudbus]
"ImagePath"="system32\DRIVERS\ssudbus.sys"
.
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Dhcp]
"ServiceDll"="%SystemRoot%\System32\dhcpcsvc.dll"
.
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Disk]
"ImagePath"="system32\DRIVERS\disk.sys"
.
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\dmadmin]
"ImagePath"="%SystemRoot%\System32\dmadmin.exe /com"
.
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\dmboot]
"ImagePath"="System32\drivers\dmboot.sys"
.
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\dmio]
"ImagePath"="System32\drivers\dmio.sys"
.
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\dmload]
"ImagePath"="System32\drivers\dmload.sys"
.
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\dmserver]
"ServiceDll"="%SystemRoot%\System32\dmserver.dll"
.
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\DMusic]
"ImagePath"="system32\drivers\DMusic.sys"
.
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Dnscache]
"ServiceDll"="%SystemRoot%\System32\dnsrslvr.dll"
.
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Dot3svc]
"ServiceDll"="%SystemRoot%\System32\dot3svc.dll"
.
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\dpti2o]
.
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\drmkaud]
"ImagePath"="system32\drivers\drmkaud.sys"
.
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\EapHost]
"ServiceDll"="%SystemRoot%\System32\eapsvc.dll"
.
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\ERSvc]
"ServiceDll"="%SystemRoot%\System32\ersvc.dll"
.
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Eventlog]
"ImagePath"="%SystemRoot%\system32\services.exe"
.
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\EventSystem]
"ServiceDll"="c:\windows\system32\es.dll"
.
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Fastfat]
.
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\FastUserSwitchingCompatibility]
"ServiceDll"="%SystemRoot%\System32\shsvcs.dll"
.
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Fdc]
.
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Fips]
.
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Flpydisk]
.
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\FltMgr]
"ImagePath"="system32\drivers\fltmgr.sys"
.
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\FontCache3.0.0.0]
"ImagePath"="c:\windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe"
.
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Fs_Rec]
.
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Ftdisk]
"ImagePath"="system32\DRIVERS\ftdisk.sys"
.
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\GEARAspiWDM]
"ImagePath"="System32\Drivers\GEARAspiWDM.sys"
.
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Gpc]
"ImagePath"="system32\DRIVERS\msgpc.sys"
.
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\HDAudBus]
"ImagePath"="system32\DRIVERS\HDAudBus.sys"
.
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\helpsvc]
"ServiceDll"="%WINDIR%\PCHealth\HelpCtr\Binaries\pchsvc.dll"
.
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\HidServ]
"ServiceDll"="%SystemRoot%\System32\hidserv.dll"
.
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\HidUsb]
"ImagePath"="system32\DRIVERS\hidusb.sys"
.
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\hkmsvc]
"ServiceDll"="%SystemRoot%\System32\kmsvc.dll"
.
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\hpn]
.
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\hpqcxs08]
"ServiceDll"="c:\program files\HP\Digital Imaging\bin\hpqcxs08.dll"
.
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\hpqddsvc]
"ServiceDll"="c:\program files\HP\Digital Imaging\bin\hpqddsvc.dll"
.
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\HPZid412]
"ImagePath"="system32\DRIVERS\HPZid412.sys"
.
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\HPZipr12]
"ImagePath"="system32\DRIVERS\HPZipr12.sys"
.
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\HPZius12]
"ImagePath"="system32\DRIVERS\HPZius12.sys"
.
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\HTTP]
"ImagePath"="System32\Drivers\HTTP.sys"
.
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\HTTPFilter]
"ServiceDll"="%SystemRoot%\System32\w3ssl.dll"
.
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\HWiNFO32]
"ImagePath"="\??\c:\windows\system32\drivers\HWiNFO32.SYS"
.
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\i2omgmt]
.
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\i2omp]
.
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\i8042prt]
"ImagePath"="system32\DRIVERS\i8042prt.sys"
.
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\IDriverT]
"ImagePath"="\"c:\program files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe\""
.
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\idsvc]
"ImagePath"="\"c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe\""
.
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Imapi]
"ImagePath"="system32\DRIVERS\imapi.sys"
.
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\ImapiService]
"ImagePath"="%systemroot%\system32\imapi.exe"
.
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\inetaccs]
.
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\ini910u]
.
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Inport]
.
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\IntcAzAudAddService]
"ImagePath"="system32\drivers\RtkHDAud.sys"
.
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\IntelIde]
.
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\intelppm]
"ImagePath"="system32\DRIVERS\intelppm.sys"
.
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Ip6Fw]
"ImagePath"="system32\drivers\ip6fw.sys"
.
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\IpFilterDriver]
"ImagePath"="system32\DRIVERS\ipfltdrv.sys"
.
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\IpInIp]
"ImagePath"="system32\DRIVERS\ipinip.sys"
.
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\IpNat]
"ImagePath"="system32\DRIVERS\ipnat.sys"
.
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\IPSec]
"ImagePath"="system32\DRIVERS\ipsec.sys"
.
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\IRENUM]
"ImagePath"="system32\DRIVERS\irenum.sys"
.
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\ISAPISearch]
.
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\isapnp]
"ImagePath"="system32\DRIVERS\isapnp.sys"
.
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Iviaspi]
"ImagePath"="system32\drivers\iviaspi.sys"
.
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\JavaQuickStarterService]
"ImagePath"="\"c:\program files\Java\jre6\bin\jqs.exe\" -service -config \"c:\program files\Java\jre6\lib\deploy\jqs\jqs.conf\""
.
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Kbdclass]
"ImagePath"="system32\DRIVERS\kbdclass.sys"
.
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\kbdhid]
"ImagePath"="system32\DRIVERS\kbdhid.sys"
.
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\kmixer]
"ImagePath"="system32\drivers\kmixer.sys"
.
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\KSecDD]
.
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\lanmanserver]
"ServiceDll"="%SystemRoot%\System32\srvsvc.dll"
.
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\lanmanworkstation]
"ServiceDll"="%SystemRoot%\System32\wkssvc.dll"
.
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\lbrtfdc]
.
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\ldap]
.
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\LicenseService]
.
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\LmHosts]
"ServiceDll"="%SystemRoot%\System32\lmhsvc.dll"
.
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Messenger]
"ServiceDll"="%SystemRoot%\System32\msgsvc.dll"
.
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\mnmdd]
.
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\mnmsrvc]
"ImagePath"="c:\windows\system32\mnmsrvc.exe"
.
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Modem]
.
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Mouclass]
"ImagePath"="system32\DRIVERS\mouclass.sys"
.
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\mouhid]
"ImagePath"="system32\DRIVERS\mouhid.sys"
.
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\MountMgr]
.
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\MozillaMaintenance]
"ImagePath"="\"c:\program files\Mozilla Maintenance Service\maintenanceservice.exe\""
.
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\mraid35x]
.
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\MRxDAV]
"ImagePath"="system32\DRIVERS\mrxdav.sys"
.
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\MRxSmb]
"ImagePath"="system32\DRIVERS\mrxsmb.sys"
.
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\MSDTC]
"ImagePath"="c:\windows\system32\msdtc.exe"
.
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\MSDTC Bridge 3.0.0.0]
.
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\MSDTC Bridge 4.0.0.0]
.
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Msfs]
.
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\MSIServer]
"ImagePath"="%systemroot%\system32\msiexec.exe /V"
.
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\MSKSSRV]
"ImagePath"="system32\drivers\MSKSSRV.sys"
.
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\MSPCLOCK]
"ImagePath"="system32\drivers\MSPCLOCK.sys"
.
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\MSPQM]
"ImagePath"="system32\drivers\MSPQM.sys"
.
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\MSSCNTRS]
.
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\mssmbios]
"ImagePath"="system32\DRIVERS\mssmbios.sys"
.
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Mup]
.
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\napagent]
"ServiceDll"="%SystemRoot%\System32\qagentrt.dll"
.
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\NDIS]
.
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\NdisTapi]
"ImagePath"="system32\DRIVERS\ndistapi.sys"
.
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Ndisuio]
"ImagePath"="system32\DRIVERS\ndisuio.sys"
.
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\NdisWan]
"ImagePath"="system32\DRIVERS\ndiswan.sys"
.
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\NDProxy]
.
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\NeroCd2k]
.
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\NeroMediaHomeService.4]
"ImagePath"="\"c:\program files\Nero\Nero MediaHome 4\NMMediaServerService.exe\""
.
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Net Driver HPZ12]
"ServiceDll"="c:\windows\system32\HPZinw12.dll"
.
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\NetBIOS]
"ImagePath"="system32\DRIVERS\netbios.sys"
.
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\NetBT]
"ImagePath"="system32\DRIVERS\netbt.sys"
.
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\NetDDE]
"ImagePath"="%SystemRoot%\system32\netdde.exe"
.
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\NetDDEdsdm]
"ImagePath"="%SystemRoot%\system32\netdde.exe"
.
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Netdevio]
"ImagePath"="system32\DRIVERS\netdevio.sys"
.
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Netlogon]
"ImagePath"="%SystemRoot%\system32\lsass.exe"
.
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Netman]
"ServiceDll"="%SystemRoot%\System32\netman.dll"
.
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\NetTcpPortSharing]
"ImagePath"="c:\windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe"
.
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\NIC1394]
"ImagePath"="system32\DRIVERS\nic1394.sys"
.
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Nla]
"ServiceDll"="%SystemRoot%\System32\mswsock.dll"
.
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\nmwcd]
"ImagePath"="system32\drivers\ccdcmb.sys"
.
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\nmwcdc]
"ImagePath"="system32\drivers\ccdcmbo.sys"
.
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\nmwcdnsu]
"ImagePath"="system32\drivers\nmwcdnsu.sys"
.
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\nmwcdnsuc]
"ImagePath"="system32\drivers\nmwcdnsuc.sys"
.
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Npfs]
.
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Ntfs]
.
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\NtLmSsp]
"ImagePath"="%SystemRoot%\system32\lsass.exe"
.
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\NtmsSvc]
"ServiceDll"="%SystemRoot%\system32\ntmssvc.dll"
.
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Null]
.
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\NwlnkFlt]
"ImagePath"="system32\DRIVERS\nwlnkflt.sys"
.
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\NwlnkFwd]
"ImagePath"="system32\DRIVERS\nwlnkfwd.sys"
.
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\ohci1394]
"ImagePath"="system32\DRIVERS\ohci1394.sys"
.
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\ose]
"ImagePath"="\"c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE\""
.
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\PAC207]
"ImagePath"="system32\DRIVERS\pfc027.sys"
.
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Parport]
.
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\PartMgr]
.
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\ParVdm]
.
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\pccsmcfd]
"ImagePath"="system32\DRIVERS\pccsmcfd.sys"
.
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\PCI]
"ImagePath"="system32\DRIVERS\pci.sys"
.
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\PCIDump]
.
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\PCIIde]
"ImagePath"="system32\DRIVERS\pciide.sys"
.
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Pcmcia]
"ImagePath"="system32\DRIVERS\pcmcia.sys"
.
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\PDCOMP]
.
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\PDFRAME]
.
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\PDRELI]
.
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\PDRFRAME]
.
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\perc2]
.
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\perc2hib]
.
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\PerfDisk]
.
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\PerfNet]
.
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\PerfOS]
.
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\PerfProc]
.
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Pfc]
"ImagePath"="system32\drivers\pfc.sys"
.
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\PlugPlay]
"ImagePath"="%SystemRoot%\system32\services.exe"
.
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Pml Driver HPZ12]
"ServiceDll"="c:\windows\system32\HPZipm12.dll"
.
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\PolicyAgent]
"ImagePath"="%SystemRoot%\system32\lsass.exe"
.
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\PptpMiniport]
"ImagePath"="system32\DRIVERS\raspptp.sys"
.
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\ProtectedStorage]
"ImagePath"="%SystemRoot%\system32\lsass.exe"
.
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\PSched]
"ImagePath"="system32\DRIVERS\psched.sys"
.
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Ptilink]
"ImagePath"="system32\DRIVERS\ptilink.sys"
.
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\PxHelp20]
"ImagePath"="System32\Drivers\PxHelp20.sys"
.
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\ql1080]
.
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Ql10wnt]
.
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\ql12160]
.
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\ql1240]
.
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\ql1280]
.
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\RasAcd]
"ImagePath"="system32\DRIVERS\rasacd.sys"
.
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\RasAuto]
"ServiceDll"="%SystemRoot%\System32\rasauto.dll"
.
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Rasl2tp]
"ImagePath"="system32\DRIVERS\rasl2tp.sys"
.
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\RasMan]
"ServiceDll"="%SystemRoot%\System32\rasmans.dll"
.
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\RasPppoe]
"ImagePath"="system32\DRIVERS\raspppoe.sys"
.
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Raspti]
"ImagePath"="system32\DRIVERS\raspti.sys"
.
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Rdbss]
"ImagePath"="system32\DRIVERS\rdbss.sys"
.
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\RDPCDD]
"ImagePath"="System32\DRIVERS\RDPCDD.sys"
.
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\RDPDD]
.
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\RDPNP]
.
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\RDPWD]
.
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\RDSessMgr]
"ImagePath"="c:\windows\system32\sessmgr.exe"
.
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\redbook]
"ImagePath"="system32\DRIVERS\redbook.sys"
.
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\RemoteAccess]
"ServiceDll"="%SystemRoot%\System32\mprdim.dll"
.
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\RFCOMM]
"ImagePath"="system32\DRIVERS\rfcomm.sys"
.
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\RpcLocator]
"ImagePath"="%SystemRoot%\system32\locator.exe"
.
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\RpcSs]
"ServiceDll"="%SystemRoot%\System32\rpcss.dll"
.
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\RSVP]
"ImagePath"="%SystemRoot%\system32\rsvp.exe"
.
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\RTL8023xp]
"ImagePath"="system32\DRIVERS\Rtlnicxp.sys"
.
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\rtl8139]
"ImagePath"="system32\DRIVERS\RTL8139.SYS"
.
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\s1018bus]
"ImagePath"="system32\DRIVERS\s1018bus.sys"
.
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\s1018mdfl]
"ImagePath"="system32\DRIVERS\s1018mdfl.sys"
.
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\s1018mdm]
"ImagePath"="system32\DRIVERS\s1018mdm.sys"
.
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\s1018mgmt]
"ImagePath"="system32\DRIVERS\s1018mgmt.sys"
.
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\s1018nd5]
"ImagePath"="system32\DRIVERS\s1018nd5.sys"
.
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\s1018obex]
"ImagePath"="system32\DRIVERS\s1018obex.sys"
.
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\s1018unic]
"ImagePath"="system32\DRIVERS\s1018unic.sys"
.
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\SamSs]
"ImagePath"="%SystemRoot%\system32\lsass.exe"
.
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\SASDIFSV]
"ImagePath"="\??\c:\program files\SUPERAntiSpyware\SASDIFSV.SYS"
.
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\SASENUM]
"ImagePath"="\??\c:\program files\SUPERAntiSpyware\SASENUM.SYS"
.
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\SASKUTIL]
"ImagePath"="\??\c:\program files\SUPERAntiSpyware\SASKUTIL.sys"
.
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\SCardSvr]
"ImagePath"="%SystemRoot%\System32\SCardSvr.exe"
.
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Schedule]
"ServiceDll"="%SystemRoot%\system32\schedsvc.dll"
.
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\ScsiPort]
"ImagePath"="%SystemRoot%\system32\drivers\scsiport.sys"
.
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Sdbus]
.
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\SeaPort]
"ImagePath"="\"c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe\""
.
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Secdrv]
"ImagePath"="system32\DRIVERS\secdrv.sys"
.
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\seclogon]
"ServiceDll"="%SystemRoot%\System32\seclogon.dll"
.
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\SENS]
"ServiceDll"="%SystemRoot%\system32\sens.dll"
.
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Serial]
.
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\ServiceLayer]
"ImagePath"="\"c:\program files\PC Connectivity Solution\ServiceLayer.exe\""
.
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\ServiceModelEndpoint 3.0.0.0]
.
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\ServiceModelEndpoint 4.0.0.0]
.
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\ServiceModelOperation 3.0.0.0]
.
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\ServiceModelOperation 4.0.0.0]
.
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\ServiceModelService 3.0.0.0]
.
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\ServiceModelService 4.0.0.0]
.
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Sfloppy]
.
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\SharedAccess]
"ServiceDll"="%SystemRoot%\System32\ipnathlp.dll"
.
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\ShellHWDetection]
"ServiceDll"="%SystemRoot%\System32\shsvcs.dll"
.
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Simbad]
.
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\SkypeUpdate]
"ImagePath"="\"c:\program files\Skype\Updater\Updater.exe\""
.
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\SLIP]
"ImagePath"="system32\DRIVERS\SLIP.sys"
.
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\SMSvcHost 3.0.0.0]
.
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\SMSvcHost 4.0.0.0]
.
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Sparrow]
.
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\splitter]
"ImagePath"="system32\drivers\splitter.sys"
.
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Spooler]
"ImagePath"="%SystemRoot%\system32\spoolsv.exe"
.
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\sr]
"ImagePath"="system32\DRIVERS\sr.sys"
.
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\srservice]
"ServiceDll"="%SystemRoot%\system32\srsvc.dll"
.
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Srv]
"ImagePath"="system32\DRIVERS\srv.sys"
.
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\SSDPSRV]
"ServiceDll"="%SystemRoot%\System32\ssdpsrv.dll"
.
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\ssudmdm]
"ImagePath"="system32\DRIVERS\ssudmdm.sys"
.
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\ss_bus]
"ImagePath"="system32\DRIVERS\ss_bus.sys"
.
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\ss_conn_service]
"ImagePath"="\"c:\program files\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe\""
.
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\ss_mdfl]
"ImagePath"="system32\DRIVERS\ss_mdfl.sys"
.
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\ss_mdm]
"ImagePath"="system32\DRIVERS\ss_mdm.sys"
.
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\StarOpen]
.
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\STI Simulator]
"ImagePath"="c:\windows\System32\PAStiSvc.exe"
.
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\stisvc]
"ServiceDll"="%SystemRoot%\system32\wiaservc.dll"
.
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\streamip]
"ImagePath"="system32\DRIVERS\StreamIP.sys"
.
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\swenum]
"ImagePath"="system32\DRIVERS\swenum.sys"
.
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\swmidi]
"ImagePath"="system32\drivers\swmidi.sys"
.
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\SwPrv]
"ImagePath"="c:\windows\system32\dllhost.exe /Processid:{8BF49545-EEB7-4410-95C8-A52EF3D10045}"
.
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\swwd]
.
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\symc810]
.
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\symc8xx]
.
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\sym_hi]
.
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\sym_u3]
.
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\sysaudio]
"ImagePath"="system32\drivers\sysaudio.sys"
.
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\SysmonLog]
"ImagePath"="%SystemRoot%\system32\smlogsvc.exe"
.
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\TapiSrv]
"ServiceDll"="%SystemRoot%\System32\tapisrv.dll"
.
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip]
"ImagePath"="system32\DRIVERS\tcpip.sys"
.
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\tdcmdpst]
"ImagePath"="system32\DRIVERS\tdcmdpst.sys"
.
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\TDPIPE]
.
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\TDTCP]
.
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\tdudf]
"ImagePath"="system32\DRIVERS\tdudf.sys"
.
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\TermDD]
"ImagePath"="system32\DRIVERS\termdd.sys"
.
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\TermService]
"ServiceDll"="%SystemRoot%\System32\termsrv.dll"
.
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Themes]
"ServiceDll"="%SystemRoot%\System32\shsvcs.dll"
.
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\TlntSvr]
.
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\TODDSrv]
"ImagePath"="c:\windows\system32\TODDSrv.exe"
.
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\TosIde]
.
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\TPwSav]
"ImagePath"="System32\Drivers\TPwSav.sys"
.
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\TrkWks]
"ServiceDll"="%SystemRoot%\system32\trkwks.dll"
.
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\TSDDD]
.
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tvs]
"ImagePath"="system32\DRIVERS\Tvs.sys"
.
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Udfs]
.
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\UGatherer]
.
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\UGTHRSVC]
.
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\ultra]
.
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Update]
"ImagePath"="system32\DRIVERS\update.sys"
.
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\upnphost]
"ServiceDll"="%SystemRoot%\System32\upnphost.dll"
.
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\upperdev]
"ImagePath"="system32\DRIVERS\usbser_lowerflt.sys"
.
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\UPS]
"ImagePath"="%SystemRoot%\System32\ups.exe"
.
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\usbccgp]
"ImagePath"="system32\DRIVERS\usbccgp.sys"
.
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\usbehci]
"ImagePath"="system32\DRIVERS\usbehci.sys"
.
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\usbhub]
"ImagePath"="system32\DRIVERS\usbhub.sys"
.
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\usbohci]
"ImagePath"="system32\DRIVERS\usbohci.sys"
.
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\usbprint]
"ImagePath"="system32\DRIVERS\usbprint.sys"
.
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\usbscan]
"ImagePath"="system32\DRIVERS\usbscan.sys"
.
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\usbser]
"ImagePath"="system32\drivers\usbser.sys"
.
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\UsbserFilt]
"ImagePath"="system32\DRIVERS\usbser_lowerfltj.sys"
.
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\USBSTOR]
"ImagePath"="system32\DRIVERS\USBSTOR.SYS"
.
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\VgaSave]
"ImagePath"="\SystemRoot\System32\drivers\vga.sys"
.
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\ViaIde]
.
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\VolSnap]
.
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\VSS]
"ImagePath"="%SystemRoot%\System32\vssvc.exe"
.
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\W32Time]
"ServiceDll"="%systemroot%\system32\w32time.dll"
.
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\W3SVC]
.
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Wanarp]
"ImagePath"="system32\DRIVERS\wanarp.sys"
.
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Wdf01000]
"ImagePath"="System32\Drivers\wdf01000.sys"
.
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\WDICA]
.
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\wdmaud]
"ImagePath"="system32\drivers\wdmaud.sys"
.
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\WebClient]
"ServiceDll"="%SystemRoot%\System32\webclnt.dll"
.
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Windows Workflow Foundation 3.0.0.0]
.
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Windows Workflow Foundation 4.0.0.0]
.
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\winmgmt]
"ServiceDll"="%SystemRoot%\system32\wbem\WMIsvc.dll"
.
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\WinRM]
"ServiceDll"="%SystemRoot%\system32\WsmSvc.dll"
.
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Winsock]
.
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\WinSock2]
.
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\WinTrust]
.
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\WmdmPmSN]
"ServiceDll"="c:\windows\system32\mspmsnsv.dll"
--
.
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Wmi]
.
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\WmiApRpl]
.
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\WmiApSrv]
"ImagePath"="c:\windows\system32\wbem\wmiapsrv.exe"
.
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\WMPNetworkSvc]
"ImagePath"="\"c:\program files\Windows Media Player\WMPNetwk.exe\""
.
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\WpdUsb]
"ImagePath"="system32\DRIVERS\wpdusb.sys"
.
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\WPFFontCache_v0400]
"ImagePath"="c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe"
.
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\WS2IFSL]
"ImagePath"="\SystemRoot\System32\drivers\ws2ifsl.sys"
.
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\wscsvc]
"ServiceDll"="%SYSTEMROOT%\system32\wscsvc.dll"
.
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\WSearch]
"ImagePath"="%systemroot%\system32\SearchIndexer.exe /Embedding"
.
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\WSearchIdxPi]
.
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\wuauserv]
"ServiceDll"="%systemroot%\system32\wuauserv.dll"
.
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\WudfPf]
"ImagePath"="system32\DRIVERS\WudfPf.sys"
.
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\WudfRd]
"ImagePath"="system32\DRIVERS\wudfrd.sys"
.
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\WudfSvc]
"ServiceDll"="%SystemRoot%\System32\WUDFSvc.dll"
.
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\WZCSVC]
"ServiceDll"="%SystemRoot%\System32\wzcsvc.dll"
.
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\xmlprov]
"ServiceDll"="%SystemRoot%\System32\xmlprov.dll"
.
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\ZAM_BootCleaner]
.
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\{04BAF865-921F-4169-BCFD-A48FEAFBE4D2}]
.
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\{42E2229B-914B-4D7E-809F-E16E716A390F}]
.
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\{5F8D2E4F-2A72-4EED-A46D-EC1E64E1ACA0}]
.
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\{6C81BA4A-AA0D-489B-AD93-8E009DE8F141}]
.
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\{6D97125A-1328-4509-AE0A-CEBFA144758F}]
.
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\{82929BB5-371A-41CE-80D3-A941E569790D}]
.
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\{90D87E92-06A7-44BF-A11E-7F8A332F7912}]
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_USERS\S-1-5-21-4172042773-96402592-4256802850-1006\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'winlogon.exe'(944)
c:\windows\system32\Ati2evxx.dll
.
- - - - - - - > 'explorer.exe'(1104)
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\api-ms-win-core-string-l1-1-0.dll
c:\windows\system32\msi.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\btncopy.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\windows\system32\SearchIndexer.exe
c:\windows\system32\wscntfy.exe
c:\program files\AVAST Software\Avast\AvastUI.exe
c:\program files\AVAST Software\Avast\aswidsagent.exe
.
**************************************************************************
.
Celkový čas: 2018-03-09 18:59:14 - počítač byl restartován
ComboFix-quarantined-files.txt 2018-03-09 17:59
ComboFix2.txt 2018-03-07 18:45
.
Před spuštěním: Volných bajtů: 73 379 000 320
Po spuštění: Volných bajtů: 73 368 584 192
.
- - End Of File - - 996E02941E2640A1D9B81300F5AF4A75
671B81004FDD1588FA9ED1331C9CECA9