ویروسی که دو تا سطل زباله ایجاد میکنه.

[kazme_gheyz]

اینم جزئیات کمبو

[اینم جزئیات کمبو

  محتوای مخفی: log 

ComboFix 10-09-15.01 - majid 09/16/2010 0:37.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1622 [GMT -7:00]
Running from: c:\documents and settings\Administrator\Desktop\ComboFix.exe
AV: Kaspersky Internet Security *On-access scanning enabled* (Updated) {2C4D4BC6-0793-4956-A9F9-E252435469C0}
FW: Kaspersky Internet Security *enabled* {2C4D4BC6-0793-4956-A9F9-E252435469C0}

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((( Files Created from 2010-08-16 to 2010-09-16 )))))))))))))))))))))))))))))))
.

2010-09-16 04:45 . 2010-09-16 04:45 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Identities
2010-09-16 04:43 . 2010-09-16 04:43 -------- d--h--w- c:\windows\PIF
2010-09-16 04:30 . 2010-09-16 04:30 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Microsoft
2010-09-16 04:30 . 2010-09-16 04:52 -------- d-sh--w- c:\documents and settings\LocalService
2010-09-16 04:24 . 2010-09-16 04:24 -------- d-----w- c:\documents and settings\Default User
2010-09-16 04:14 . 2001-08-17 20:57 16128 -c--a-w- c:\windows\system32\dllcache\modemcsa.sys
2010-09-16 04:14 . 2001-08-17 20:57 16128 ----a-w- c:\windows\system32\drivers\MODEMCSA.sys
2010-09-16 04:14 . 2010-09-16 04:14 -------- d-----w- c:\program files\Motorola
2010-09-16 04:14 . 2006-11-22 21:05 982272 ----a-w- c:\windows\system32\drivers\smserial.sys
2010-09-16 04:14 . 2006-11-22 21:01 196608 ----a-w- c:\windows\system32\sm56co6a.dll
2010-09-16 03:21 . 2010-09-16 03:21 134464 ----a-w- c:\windows\system32\LnkProtect.dll
2010-09-16 03:16 . 2010-09-16 03:16 12872 ----a-w- c:\windows\system32\bootdelete.exe
2010-09-16 02:54 . 2010-09-16 03:22 16968 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys
2010-09-16 02:46 . 2010-09-16 03:15 -------- d-----w- c:\documents and settings\All Users\Application Data\Hitman Pro
2010-09-16 02:46 . 2010-09-16 02:46 -------- d-----w- c:\program files\Hitman Pro 3.5
2010-09-16 01:55 . 2010-07-22 05:57 5120 ----a-w- c:\windows\system32\xpsp4res.dll
2010-09-16 01:53 . 2010-02-24 13:11 455680 -c----w- c:\windows\system32\dllcache\mrxsmb.sys
2010-09-16 01:46 . 2010-04-28 02:25 2189952 -c----w- c:\windows\system32\dllcache\ntoskrnl.exe
2010-09-16 01:46 . 2010-04-27 13:59 2146304 -c----w- c:\windows\system32\dllcache\ntkrnlmp.exe
2010-09-16 01:46 . 2010-04-27 13:05 2024448 -c----w- c:\windows\system32\dllcache\ntkrpamp.exe
2010-09-16 01:46 . 2010-04-27 13:05 2066816 -c----w- c:\windows\system32\dllcache\ntkrnlpa.exe
2010-09-16 01:26 . 2008-06-13 11:05 272128 -c----w- c:\windows\system32\dllcache\bthport.sys
2010-09-16 01:26 . 2008-06-13 11:05 272128 ------w- c:\windows\system32\drivers\bthport.sys
2010-09-15 04:35 . 2010-09-15 04:35 32038 ----a-r- c:\documents and settings\Administrator\Application Data\Microsoft\Installer\{FE74C184-4939-4FFA-B8C9-8E0CD6A6AA57}\ARPPRODUCTICON.exe
2010-09-15 03:57 . 2010-09-15 03:57 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\{DD4E68DA-DBCD-4C1F-B85E-FF8A7BEBE383}
2010-09-15 02:47 . 2010-09-15 02:47 -------- d-----w- c:\program files\MSBuild
2010-09-15 02:45 . 2010-09-15 02:45 -------- d-----w- c:\windows\system32\XPSViewer
2010-09-15 02:45 . 2010-09-15 02:45 -------- d-----w- c:\program files\Reference Assemblies
2010-09-15 02:45 . 2006-10-14 23:43 27648 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\filterpi pelineprintproc.dll
2010-09-15 02:45 . 2006-06-29 20:07 14048 ------w- c:\windows\system32\spmsg2.dll
2010-09-15 00:58 . 2010-09-15 00:58 -------- d-----w- c:\documents and settings\Administrator\Application Data\FDRLab
2010-09-15 00:57 . 2010-09-15 00:57 -------- d-----w- c:\documents and settings\Administrator\Application Data\URSoft
2010-09-14 23:15 . 2010-09-14 23:15 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\TechSmith
2010-09-14 23:05 . 2010-09-15 04:36 27264 ----a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-09-14 22:55 . 2010-09-14 22:55 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Opera
2010-09-14 22:12 . 2010-09-14 22:13 -------- d-----w- c:\documents and settings\Administrator\Application Data\PC Suite
2010-09-14 21:55 . 2010-09-14 21:55 -------- d-----w- c:\documents and settings\Administrator\Application Data\TuneUp Software
2010-09-14 21:49 . 2010-09-14 21:49 989880 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP11\Data\Updater\Temporary Files\rollback\patch\AutoPatches\kav11\11.0.1.400\ updater.dll
2010-09-14 21:49 . 2010-09-14 21:49 84664 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP11\Data\Updater\Temporary Files\rollback\patch\AutoPatches\kav11\11.0.1.400\ libola.dll
2010-09-14 21:49 . 2010-09-14 21:49 482392 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP11\Data\Updater\Temporary Files\rollback\patch\AutoPatches\kav11\11.0.1.400\ sys\i386\5.1\klif.sys
2010-09-14 21:49 . 2010-09-14 21:49 391864 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP11\Data\Updater\Temporary Files\rollback\patch\AutoPatches\kav11\11.0.1.400\ klifpp.dll
2010-09-14 21:49 . 2010-09-14 21:49 357096 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP11\Data\Updater\Temporary Files\rollback\patch\AutoPatches\kav11\11.0.1.400\ avp.exe
2010-09-14 21:49 . 2010-09-14 21:49 146104 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP11\Data\Updater\Temporary Files\rollback\patch\AutoPatches\kav11\11.0.1.400\ threatsmanager.dll
2010-09-14 21:49 . 2010-09-14 21:49 117432 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP11\Data\Updater\Temporary Files\rollback\patch\AutoPatches\kav11\11.0.1.400\ dumpwriter.dll
2010-09-14 21:47 . 2010-09-14 21:49 989880 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP11\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav11\11.0.1.400 \updater.dll
2010-09-14 21:47 . 2010-09-14 21:47 146104 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP11\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav11\11.0.1.400 \threatsmanager.dll
2010-09-14 21:44 . 2010-09-14 21:44 84664 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP11\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav11\11.0.1.400 \libola.dll
2010-09-14 21:44 . 2010-09-14 21:44 395960 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP11\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav11\11.0.1.400 \klifpp.dll
2010-09-14 21:44 . 2010-09-14 21:44 117432 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP11\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav11\11.0.1.400 \dumpwriter.dll
2010-09-14 21:33 . 2010-09-14 21:34 352976 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP11\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav11\11.0.1.400 \avp.exe
2010-09-14 21:28 . 2010-09-14 21:30 475736 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP11\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav11\11.0.1.400 \sys\i386\5.1\klif.sys
2010-09-14 21:24 . 2007-07-28 06:11 26488 ----a-w- c:\windows\system32\spupdsvc.exe
2010-09-14 21:24 . 2010-09-16 04:28 -------- d--h--w- c:\windows\$hf_mig$
2010-09-14 21:23 . 2010-09-14 21:23 -------- d-----w- c:\documents and settings\All Users\Application Data\TVU Networks
2010-09-14 21:23 . 2010-09-14 21:23 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\TVU Networks
2010-09-14 21:23 . 2010-09-14 21:23 -------- d-----w- c:\documents and settings\Administrator\LocalLow
2010-09-14 20:57 . 2010-09-14 20:57 -------- d-----w- c:\documents and settings\Administrator\Phone Browser
2010-09-14 18:33 . 2010-09-14 18:33 -------- d-----w- c:\documents and settings\All Users\Application Data\TechSmith
2010-09-14 18:23 . 2006-08-01 22:02 49152 ----a-w- c:\windows\system32\ChCfg.exe
2010-09-14 18:22 . 2008-04-14 07:09 4992 -c--a-w- c:\windows\system32\dllcache\mspqm.sys
2010-09-14 07:14 . 2010-09-14 07:14 73728 ----a-w- c:\windows\ALCFDRTM.EXE
2010-09-14 07:14 . 2010-09-14 07:14 -------- d-----w- c:\windows\system32\Lang

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2010-09-16 07:41 . 2008-09-05 12:24 -------- d-----w- c:\documents and settings\All Users\Application Data\Kaspersky Lab
2010-09-16 06:00 . 2008-09-03 03:06 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-09-14 18:31 . 2008-09-01 21:43 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2010-09-14 18:22 . 2010-09-14 18:22 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-09-14 18:22 . 2010-09-14 18:22 -------- d-----w- c:\program files\Realtek
2010-09-14 18:22 . 2010-09-14 18:22 315392 ----a-w- c:\windows\HideWin.exe
2010-09-14 18:22 . 2010-09-14 18:22 -------- d-----w- c:\program files\Common Files\InstallShield
2010-08-17 13:17 . 2008-04-14 11:00 58880 ----a-w- c:\windows\system32\spoolsv.exe
2010-07-22 15:49 . 2008-04-14 11:00 590848 ----a-w- c:\windows\system32\rpcrt4.dll
2010-07-02 04:35 . 2010-07-02 04:35 228024 ----a-w- c:\windows\system32\klogon.dll
2010-07-01 18:22 . 2010-07-01 18:22 92816 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab Setup Files\Kaspersky Anti-Virus 2011 11.0.1.400\English\setup.exe
2010-07-01 15:06 . 2010-07-01 15:06 1037648 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP11\Bases\klavasyswatch.dll
2010-06-30 14:06 . 2010-06-30 14:06 271696 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP11\Bases\sys_critical_obj.dll
2010-06-30 12:31 . 2008-04-14 11:00 149504 ----a-w- c:\windows\system32\schannel.dll
2010-06-23 13:44 . 2008-04-14 11:00 1851904 ----a-w- c:\windows\system32\win32k.sys
2010-06-21 15:27 . 2008-04-14 11:00 354304 ----a-w- c:\windows\system32\drivers\srv.sys
2010-06-18 17:45 . 2008-04-14 11:00 293376 ----a-w- c:\windows\system32\winsrv.dll
.

------- Sigcheck -------

[-] 2008-05-25 . 362BC5AF8EAF712832C58CC13AE05750 . 1614848 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Opera\\opera.exe"=

R1 BIOS;BIOS;c:\windows\system32\drivers\BIOS.sys [9/5/2008 9:26 AM 13696]
R1 kl2;kl2;c:\windows\system32\drivers\kl2.sys [6/9/2010 5:43 PM 11352]
R2 SuperRam;SuperRam Memory Service;h:\program files\PGWARE\SuperRam\SuperRamService.exe [9/14/2010 4:18 PM 1906368]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [5/7/2010 12:06 PM 32856]
R3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\drivers\klmouflt.sys [11/2/2009 8:27 PM 19472]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Contents of the 'Scheduled Tasks' folder

2008-09-01 c:\windows\Tasks\1-Click Maintenance.job
- c:\program files\TuneUp Utilities 2007\SystemOptimizer.exe [2006-12-19 23:53]
.
.
------- Supplementary Scan -------
.
IE: Add to Anti-Banner - h:\program files\Kaspersky Lab\Kaspersky Anti-Virus 2011\ie_banner_deny.htm
.
- - - - ORPHANS REMOVED - - - -

WebBrowser-{8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - (no file)
AddRemove-Nokia PC Suite - c:\documents and settings\All Users\Application Data\Installations\{57A48477-92F0-4C1F-ADF9-4806C4EC3CF2}\setup.exe



************************************************** ************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,

کد:

برای مشاهده محتوا ، لطفا وارد شوید یا ثبت نام کنید

Rootkit scan 2010-09-16 00:42
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

************************************************** ************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\. NET CLR Data]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\. NET CLR Networking]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\. NET Data Provider for Oracle]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\. NET Data Provider for SqlServer]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\. NETFramework]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\A biosdsk]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\a bp480n5]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\A CPI]
"ImagePath"="system32\DRIVERS\ACPI.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\A CPIEC]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\a dpu160m]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\a ec]
"ImagePath"="system32\drivers\aec.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\A FD]
"ImagePath"="\SystemRoot\System32\drivers\afd. sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\A ha154x]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\a ic78u2]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\a ic78xx]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\A lerter]
"ServiceDll"="%SystemRoot%\system32\alrsvc.dll "

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\A LG]
"ImagePath"="%SystemRoot%\System32\alg.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\A liIde]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\a msint]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\A ppMgmt]
"ServiceDll"="%SystemRoot%\System32\appmgmts.d ll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\a sc]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\a sc3350p]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\a sc3550]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\A SP.NET]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\A SP.NET_2.0.50727]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\a spnet_state]
"ImagePath"="%SystemRoot%\Microsoft.NET\Framework\ v2.0.50727\aspnet_state.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\A syncMac]
"ImagePath"="system32\DRIVERS\asyncmac.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\a tapi]
"ImagePath"="system32\DRIVERS\atapi.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\A tdisk]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\A tmarpc]
"ImagePath"="system32\DRIVERS\atmarpc.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\A udioSrv]
"ServiceDll"="%SystemRoot%\System32\audiosrv.d ll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\a udstub]
"ImagePath"="system32\DRIVERS\audstub.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\A VP]
"ImagePath"="\"h:\program files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe\" -r"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\B attC]
"MofImagePath"="System32\Drivers\battc.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\B eep]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\B IOS]
"ImagePath"="\??\c:\windows\system32\drivers\BIOS. sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\B ITS]
"ServiceDll"="%systemroot%\system32\qmgr.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\B rowser]
"ServiceDll"="%SystemRoot%\System32\browser.dl l"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\c atchme]
"ImagePath"="\??\c:\docume~1\ADMINI~1\LOCALS~1\Tem p\catchme.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\c bidf2k]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\c d20xrnt]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\C daudio]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\C dfs]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\C drom]
"ImagePath"="system32\DRIVERS\cdrom.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\C hanger]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\C iSvc]
"ImagePath"="%SystemRoot%\system32\cisvc.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\C lipSrv]
"ImagePath"="%SystemRoot%\system32\clipsrv.exe "

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\c lr_optimization_v2.0.50727_32]
"ImagePath"="c:\windows\Microsoft.NET\Framework\v2 .0.50727\mscorsvw.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\C mdIde]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\C OMSysApp]
"ImagePath"="c:\windows\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235}"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\C ontentFilter]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\C ontentIndex]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\C pqarray]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\C ryptSvc]
"ServiceDll"="%SystemRoot%\System32\cryptsvc.d ll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\d ac2w2k]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\d ac960nt]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\D comLaunch]
"ServiceDll"="%SystemRoot%\system32\rpcss.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\D hcp]
"ServiceDll"="%SystemRoot%\System32\dhcpcsvc.d ll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\D isk]
"ImagePath"="system32\DRIVERS\disk.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\d madmin]
"ImagePath"="%SystemRoot%\System32\dmadmin.exe /com"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\d mboot]
"ImagePath"="System32\drivers\dmboot.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\d mio]
"ImagePath"="System32\drivers\dmio.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\d mload]
"ImagePath"="System32\drivers\dmload.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\d mserver]
"ServiceDll"="%SystemRoot%\System32\dmserver.d ll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\D Music]
"ImagePath"="system32\drivers\DMusic.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\D nscache]
"ServiceDll"="%SystemRoot%\System32\dnsrslvr.d ll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\D ot3svc]
"ServiceDll"="%SystemRoot%\System32\dot3svc.dl l"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\d pti2o]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\d rmkaud]
"ImagePath"="system32\drivers\drmkaud.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\E apHost]
"ServiceDll"="%SystemRoot%\System32\eapsvc.dll "

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\E RSvc]
"ServiceDll"="%SystemRoot%\System32\ersvc.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\E ventlog]
"ImagePath"="%SystemRoot%\system32\services.ex e"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\E ventSystem]
"ServiceDll"="c:\windows\system32\es.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\F astfat]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\F astUserSwitchingCompatibility]
"ServiceDll"="%SystemRoot%\System32\shsvcs.dll "

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\F dc]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\F ips]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\F lpydisk]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\F ltMgr]
"ImagePath"="system32\DRIVERS\fltMgr.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\F ontCache3.0.0.0]
"ImagePath"="c:\windows\Microsoft.Net\Framework\v3 .0\WPF\PresentationFontCache.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\F s_Rec]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\F tdisk]
"ImagePath"="system32\DRIVERS\ftdisk.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\G pc]
"ImagePath"="system32\DRIVERS\msgpc.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\H DAudBus]
"ImagePath"="system32\DRIVERS\HDAudBus.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\h elpsvc]
"ServiceDll"="%WINDIR%\PCHealth\HelpCtr\Binaries\p chsvc.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\H idServ]
"ServiceDll"=" %SystemRoot%\System32\hidserv.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\h idusb]
"ImagePath"="system32\DRIVERS\hidusb.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\h kmsvc]
"ServiceDll"="%SystemRoot%\System32\kmsvc.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\h pn]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\H TTP]
"ImagePath"="System32\Drivers\HTTP.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\H TTPFilter]
"ServiceDll"="%SystemRoot%\System32\w3ssl.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\i 2omgmt]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\i 2omp]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\i 8042prt]
"ImagePath"="system32\DRIVERS\i8042prt.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\i dsvc]
"ImagePath"="\"c:\windows\Microsoft.NET\Framework\ v3.0\Windows Communication Foundation\infocard.exe\""

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\I mapi]
"ImagePath"="system32\DRIVERS\imapi.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\I mapiService]
"ImagePath"="%systemroot%\system32\imapi.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\i netaccs]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\i ni910u]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\I nport]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\I ntcAzAudAddService]
"ImagePath"="system32\drivers\RtkHDAud.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\I ntelIde]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\i ntelppm]
"ImagePath"="system32\DRIVERS\intelppm.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\I p6Fw]
"ImagePath"="system32\DRIVERS\Ip6Fw.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\I pFilterDriver]
"ImagePath"="system32\DRIVERS\ipfltdrv.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\I pInIp]
"ImagePath"="system32\DRIVERS\ipinip.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\I pNat]
"ImagePath"="system32\DRIVERS\ipnat.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\I PSec]
"ImagePath"="system32\DRIVERS\ipsec.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\I RENUM]
"ImagePath"="system32\DRIVERS\irenum.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\I SAPISearch]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\i sapnp]
"ImagePath"="system32\DRIVERS\isapnp.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\K bdclass]
"ImagePath"="system32\DRIVERS\kbdclass.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\K L1]
"ImagePath"="system32\DRIVERS\kl1.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\k l2]
"ImagePath"="system32\DRIVERS\kl2.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\K LIF]
"ImagePath"="system32\DRIVERS\klif.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\k lim5]
"ImagePath"="system32\DRIVERS\klim5.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\k lmouflt]
"ImagePath"="system32\DRIVERS\klmouflt.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\k mixer]
"ImagePath"="system32\drivers\kmixer.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\K SecDD]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\L anmanServer]
"ServiceDll"="%SystemRoot%\System32\srvsvc.dll "

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\l anmanworkstation]
"ServiceDll"="%SystemRoot%\System32\wkssvc.dll "

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\l brtfdc]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\l dap]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\L icenseService]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\L mHosts]
"ServiceDll"="%SystemRoot%\System32\lmhsvc.dll "

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\M essenger]
"ServiceDll"="%SystemRoot%\System32\msgsvc.dll "

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\m nmdd]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\m nmsrvc]
"ImagePath"="c:\windows\system32\mnmsrvc.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\M odem]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\M ODEMCSA]
"ImagePath"="system32\drivers\MODEMCSA.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\M ouclass]
"ImagePath"="system32\DRIVERS\mouclass.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\m ouhid]
"ImagePath"="system32\DRIVERS\mouhid.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\M ountMgr]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\m raid35x]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\M RxDAV]
"ImagePath"="system32\DRIVERS\mrxdav.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\M RxSmb]
"ImagePath"="system32\DRIVERS\mrxsmb.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\M SDTC]
"ImagePath"="c:\windows\system32\msdtc.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\M SDTC Bridge 3.0.0.0]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\M sfs]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\M SIServer]
"ImagePath"="%systemroot%\system32\msiexec.exe /V"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\M SKSSRV]
"ImagePath"="system32\drivers\MSKSSRV.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\M SPCLOCK]
"ImagePath"="system32\drivers\MSPCLOCK.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\M SPQM]
"ImagePath"="system32\drivers\MSPQM.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\m ssmbios]
"ImagePath"="system32\DRIVERS\mssmbios.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\M up]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\n apagent]
"ServiceDll"="%SystemRoot%\System32\qagentrt.d ll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\N DIS]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\N disTapi]
"ImagePath"="system32\DRIVERS\ndistapi.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\N disuio]
"ImagePath"="system32\DRIVERS\ndisuio.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\N disWan]
"ImagePath"="system32\DRIVERS\ndiswan.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\N DProxy]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\N etBIOS]
"ImagePath"="system32\DRIVERS\netbios.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\N etBT]
"ImagePath"="system32\DRIVERS\netbt.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\N etDDE]
"ImagePath"="%SystemRoot%\system32\netdde.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\N etDDEdsdm]
"ImagePath"="%SystemRoot%\system32\netdde.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\N etlogon]
"ImagePath"="%SystemRoot%\system32\lsass.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\N etman]
"ServiceDll"="%SystemRoot%\System32\netman.dll "

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\N etTcpPortSharing]
"ImagePath"="\"c:\windows\Microsoft.NET\Framework\ v3.0\Windows Communication Foundation\SMSvcHost.exe\""

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\N la]
"ServiceDll"="%SystemRoot%\System32\mswsock.dl l"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\n mwcd]
"ImagePath"="system32\drivers\nmwcd.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\n mwcdc]
"ImagePath"="system32\drivers\nmwcdc.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\n mwcdcj]
"ImagePath"="system32\drivers\nmwcdcj.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\n mwcdcm]
"ImagePath"="system32\drivers\nmwcdcm.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\N pfs]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\N tfs]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\N tLmSsp]
"ImagePath"="%SystemRoot%\system32\lsass.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\N tmsSvc]
"ServiceDll"="%SystemRoot%\system32\ntmssvc.dl l"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\N ull]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\n v]
"ImagePath"="system32\DRIVERS\nv4_mini.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\N VSvc]
"ImagePath"="%SystemRoot%\system32\nvsvc32.exe "

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\N wlnkFlt]
"ImagePath"="system32\DRIVERS\nwlnkflt.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\N wlnkFwd]
"ImagePath"="system32\DRIVERS\nwlnkfwd.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\P arport]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\P artMgr]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\P arVdm]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\P CI]
"ImagePath"="system32\DRIVERS\pci.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\P CIDump]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\P CIIde]
"ImagePath"="system32\DRIVERS\pciide.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\P cmcia]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\P DCOMP]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\P DFRAME]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\P DRELI]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\P DRFRAME]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\p erc2]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\p erc2hib]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\P erfDisk]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\P erfNet]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\P erfOS]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\P erfProc]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\P lugPlay]
"ImagePath"="%SystemRoot%\system32\services.ex e"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\P olicyAgent]
"ImagePath"="%SystemRoot%\system32\lsass.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\P ptpMiniport]
"ImagePath"="system32\DRIVERS\raspptp.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\P rotectedStorage]
"ImagePath"="%SystemRoot%\system32\lsass.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\P Sched]
"ImagePath"="system32\DRIVERS\psched.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\P tilink]
"ImagePath"="system32\DRIVERS\ptilink.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\q l1080]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Q l10wnt]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\q l12160]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\q l1240]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\q l1280]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\R asAcd]
"ImagePath"="system32\DRIVERS\rasacd.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\R asAuto]
"ServiceDll"="%SystemRoot%\System32\rasauto.dl l"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\R asl2tp]
"ImagePath"="system32\DRIVERS\rasl2tp.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\R asMan]
"ServiceDll"="%SystemRoot%\System32\rasmans.dl l"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\R asPppoe]
"ImagePath"="system32\DRIVERS\raspppoe.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\R aspti]
"ImagePath"="system32\DRIVERS\raspti.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\R dbss]
"ImagePath"="system32\DRIVERS\rdbss.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\R DPCDD]
"ImagePath"="System32\DRIVERS\RDPCDD.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\R DPDD]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\r dpdr]
"ImagePath"="system32\DRIVERS\rdpdr.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\R DPNP]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\R DPWD]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\R DSessMgr]
"ImagePath"="c:\windows\system32\sessmgr.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\r edbook]
"ImagePath"="system32\DRIVERS\redbook.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\R emoteAccess]
"ServiceDll"="%SystemRoot%\System32\mprdim.dll "

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\R emoteRegistry]
"ServiceDll"="%SystemRoot%\system32\regsvc.dll "

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\R pcLocator]
"ImagePath"="%SystemRoot%\system32\locator.exe "

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\R pcSs]
"ServiceDll"="%SystemRoot%\System32\rpcss.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\R SVP]
"ImagePath"="%SystemRoot%\system32\rsvp.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\S amSs]
"ImagePath"="%SystemRoot%\system32\lsass.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\S CardSvr]
"ImagePath"="%SystemRoot%\System32\SCardSvr.ex e"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\S chedule]
"ServiceDll"="%SystemRoot%\system32\schedsvc.d ll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\S ecdrv]
"ImagePath"="system32\DRIVERS\secdrv.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\s eclogon]
"ServiceDll"="%SystemRoot%\System32\seclogon.d ll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\S ENS]
"ServiceDll"="%SystemRoot%\system32\sens.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\s erenum]
"ImagePath"="system32\DRIVERS\serenum.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\S erial]
"ImagePath"="system32\DRIVERS\serial.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\S erviceLayer]
"ImagePath"="\"c:\program files\PC Connectivity Solution\ServiceLayer.exe\""

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\S erviceModelEndpoint 3.0.0.0]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\S erviceModelOperation 3.0.0.0]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\S erviceModelService 3.0.0.0]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\S floppy]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\S haredAccess]
"ServiceDll"="%SystemRoot%\System32\ipnathlp.d ll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\S hellHWDetection]
"ServiceDll"="%SystemRoot%\System32\shsvcs.dll "

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\S imbad]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\s mserial]
"ImagePath"="system32\DRIVERS\smserial.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\S MSvcHost 3.0.0.0]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\S parrow]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\s plitter]
"ImagePath"="system32\drivers\splitter.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\S pooler]
"ImagePath"="%SystemRoot%\system32\spoolsv.exe "

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\s r]
"ImagePath"="system32\DRIVERS\sr.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\s rservice]
"ServiceDll"="%SystemRoot%\system32\srsvc.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\S rv]
"ImagePath"="system32\DRIVERS\srv.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\S SDPSRV]
"ServiceDll"="%SystemRoot%\System32\ssdpsrv.dl l"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\s tisvc]
"ServiceDll"="%SystemRoot%\system32\wiaservc.d ll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\S uperRam]
"ImagePath"="h:\program files\PGWARE\SuperRam\SuperRamService.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\s wenum]
"ImagePath"="system32\DRIVERS\swenum.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\s wmidi]
"ImagePath"="system32\drivers\swmidi.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\S wPrv]
"ImagePath"="c:\windows\system32\dllhost.exe /Processid:{4D51DDE9-02D4-4B49-80F3-AB74853CC293}"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\s ymc810]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\s ymc8xx]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\s ym_hi]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\s ym_u3]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\s ysaudio]
"ImagePath"="system32\drivers\sysaudio.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\S ysmonLog]
"ImagePath"="%SystemRoot%\system32\smlogsvc.ex e"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\T apiSrv]
"ServiceDll"="%SystemRoot%\System32\tapisrv.dl l"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\T cpip]
"ImagePath"="system32\DRIVERS\tcpip.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\T DPIPE]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\T DTCP]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\T ermDD]
"ImagePath"="system32\DRIVERS\termdd.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\T ermService]
"ServiceDll"="%SystemRoot%\System32\termsrv.dl l"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\T hemes]
"ServiceDll"="%SystemRoot%\System32\shsvcs.dll "

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\T lntSvr]
"ImagePath"="c:\windows\system32\tlntsvr.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\T osIde]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\T rkWks]
"ServiceDll"="%SystemRoot%\system32\trkwks.dll "

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\T SDDD]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\U dfs]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\u ltra]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\U pdate]
"ImagePath"="system32\DRIVERS\update.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\u pnphost]
"ServiceDll"="%SystemRoot%\System32\upnphost.d ll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\U PS]
"ImagePath"="%SystemRoot%\System32\ups.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\u sbehci]
"ImagePath"="system32\DRIVERS\usbehci.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\u sbhub]
"ImagePath"="system32\DRIVERS\usbhub.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\U SBSTOR]
"ImagePath"="system32\DRIVERS\USBSTOR.SYS"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\u sbuhci]
"ImagePath"="system32\DRIVERS\usbuhci.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\U xTuneUp]
"ServiceDll"="%SystemRoot%\System32\uxtuneup.d ll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\V gaSave]
"ImagePath"="\SystemRoot\System32\drivers\vga. sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\V iaIde]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\V olSnap]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\V SS]
"ImagePath"="%SystemRoot%\System32\vssvc.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\W 32Time]
"ServiceDll"="%systemroot%\system32\w32time.dl l"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\W 3SVC]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\W anarp]
"ImagePath"="system32\DRIVERS\wanarp.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\W DICA]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\w dmaud]
"ImagePath"="system32\drivers\wdmaud.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\W ebClient]
"ServiceDll"="%SystemRoot%\System32\webclnt.dl l"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\W indows Workflow Foundation 3.0.0.0]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\w inmgmt]
"ServiceDll"="%SystemRoot%\system32\wbem\WMIsvc.dl l"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\W insock]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\W inSock2]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\W inTrust]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\W mdmPmSN]
"ServiceDll"="c:\windows\system32\mspmsnsv.dll "

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\W mi]
"ServiceDll"="%SystemRoot%\System32\advapi32.d ll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\W miApRpl]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\W miApSrv]
"ImagePath"="c:\windows\system32\wbem\wmiapsrv.exe "

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\W S2IFSL]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\w scsvc]
"ServiceDll"="%SYSTEMROOT%\system32\wscsvc.dll "

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\w uauserv]
"ServiceDll"="c:\windows\system32\wuauserv.dll "

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\W ZCSVC]
"ServiceDll"="%SystemRoot%\System32\wzcsvc.dll "

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\x mlprov]
"ServiceDll"="%SystemRoot%\System32\xmlprov.dl l"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(344)
c:\windows\system32\msi.dll
c:\windows\system32\OneX.DLL
c:\windows\system32\eappprxy.dll
.
------------------------ Other Running Processes ------------------------
.
h:\program files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe
c:\windows\system32\nvsvc32.exe
h:\program files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
h:\program files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe
c:\windows\RTHDCPL.EXE
c:\windows\system32\RUNDLL32.EXE
h:\program files\PGWARE\SuperRam\SuperRamTray.exe
c:\program files\Motorola\SMSERIAL\sm56hlpr.exe
h:\program files\WinTools Software\RAM Saver Professional\ramsaverpro.exe
c:\windows\ALCFDRTM.EXE
c:\program files\PC Connectivity Solution\ServiceLayer.exe
c:\windows\system32\drwtsn32.exe
c:\windows\system32\dwwin.exe
.
************************************************** ************************
.
Completion time: 2010-09-16 0002 - machine was rebooted
ComboFix-quarantined-files.txt 2010-09-16 07:43

Pre-Run: 22,728,876,032 bytes free
Post-Run: 22,862,069,760 bytes free

- - End Of File - - AD6BF6A5EEB1D30B857E48E5EF541DC3

خوب اون سالیتی های دیگرو از کجا بیارم؟
فایل خام ویروس؟!!

خوب اون سالیتی های دیگرو از کجا بیارم؟
فایل خام ویروس؟!!

lمگر نمیتونی شو هیدن کنی؟ و از یکی از دریاو هات یکیشو فشرده کنی و اپلود کنی؟
اگر نمیتونی شو هیدن کنی
اینو اجرا کن:

کد:

برای مشاهده محتوا ، لطفا وارد شوید یا ثبت نام کنید

حالا میتونی پوشه های مخفی رو ببنی تویه یکی از دروایو هات ویورس رو بردار و فشرده کن و اپلود

[majidlovio]

وقتی نمیدونم ویروس کدومه اسمش چیه چطوری اینکارو بکنم؟

[kazme_gheyz]

وقتی نمیدونم ویروس کدومه اسمش چیه چطوری اینکارو بکنم؟

همون سطل زباله رو هم اپلود کن
اونو که بهت دادم دانلود کن اجرا کن همه فایل ها شو میشن و از هیدن در میان

[majidlovio]

همون سطل زباله رو هم اپلود کن
اونو که بهت دادم دانلود کن اجرا کن همه فایل ها شو میشن و از هیدن در میان

Service Unavailable

[kazme_gheyz]

Service Unavailable

یعنی نمیتونی فایل رو که دادم اجرا کنی؟
مسئله ای نیست
یکی از سطل ها رو که البته ویروس نیست یا دوتاش رو تویه یه پوشه کپی کنید و اپلود کنید

[majidlovio]

نه درسته تونستم دانلود و اجرا کنم.
حالا اونارو اینجا اپلود کنم ؟
من گزینه اپلود ندارم
اگه تو سایتهای سازنده انتی ویروس اپ کنم چی میشه یا بعد باید چیکار کنم؟

[mshow]

سلام
ببين دوست عزيز من از ويروس ساليتي ضربه ي مهلكي خوردم كه يادم نميره.توي ارسال هاي قبلي خوندم كه دوستان ويروس شما رو ساليتي تشخيص داده بودند.من چند سال پيش اين ويروس رو بدون هيچ آنتي ويروسي از بين بردم.حالا به شما مي گم چطوري با يك تعويض ويندوز از شر اين ويروس خلاص بشي.

اول بايد هرچي فايل اجرايي *.exe روي هاردت،فلشت داري حذف كني.اين رو جدي مي گم اين نوع ويروس ها مخصوصا ساليتي به هيچ وجه جدا نميشن.اگه يك فايل رو باقي بزاري كه بعدا ازش استفاده كني كارت تمومه و دوباره ويروسي مي شي.

بعد از اين كه فايل هاي اجراييت رو از روي هاردت(به جز درايو ويندوز) پاك كردي بايد ويندوزت رو عوض كني.به اين بخش خوب توجه كن:
قبل از نصب ويندوز فلشت رو هم به سيستم وصل كن(دليل داره=درايورش قبل از اتمام نصب ويندوز نصب ميشه و آتورانش اجرا نمي شه).ويندوزت رو همراه با فرمت كردن پارتيشن مورد نظر نصب كن.بعد از اتمام نصب ويندوز دست به هيچ چي نزن:

ويندوز(XP) كه بالا اومد وارد "Control Panel" شو "Folder Options" رو باز كن امكان مشاهده فايل هاي مخفي و فوق مخفي سيستمت رو همراه با امكان مشاهده پسوند فايل ها رو فعال كن به اين صورت:

تيك گزينه "show hidden files and folders" زده باشه
تيك گزينه "Hide extensions for known file types" برداشته باشه.
تيك گزينه زيريش يعني گزينه "hide protected operating system files(Recommended " برداشته باشه.

حالا روي ok كليك كن و اعمال زير رو انجام بده.

وارد "My Computer" شو بعد از همين پنجره روي كليد "Folders" كليك كن(كنار Search) تا ساختار درختي پوشه ها و درايو ها نشون داده بشه بعد از همين منوي كنار روي درايو اول كليك كنيد تاكيد مي كنم از همين منوي كنار وارد درايو ها بشيد. بعد در همون پوشه درايو(شاخه اصلي درايو)همه فايل هاي .exe‌ و autorun.inf رو پاك كنيد(اين كه مي گم همه ي فايل ها از اين جهته كه سيستم ممكنه چند نوع ويروس آتوران داشته باشه).درضمن توي پاك كردن فايل هاي درايو ويندوز دقت كن كه همون پسوند هايي رو كه گفتم پاك كني.
دقت كن درايوي رو جا نندازي همه درايو ها و به خصوص فلشت رو هم چك كن.

هشدار: اگه يكي از مراحلي رو كه گفتم جابندازي يا انجامش ندي همه كارهايي كه انجام دادي بيهوده مي شه.

هشدار2:آنتي ويروس Nod 32 نصب كن كه مهارت خاصي در زمينه ويروس هاي فلش و آتوران داره(با آپديت).

اگه نرم افزاري يا فايل اجرايي .exe اي رو هنگامي كه ويروسي بودي ريختي روي دي وي دي يا سي دي فراموششون كن.
هر چي خواستي نصب كني يا باز كني(براي بار اول) اول با آنتي ويروس چك كن ببين آلوده نباشه.اگه نبود بازش كن اگه بود نكن.

در ضمن تا يكي دو ساعت ديگه يه سري به وبلاگم بزن پاك كردن اين ويروس رو با مثال توضيح ميدم+فايل هاي مورد نياز.

[majidlovio]

خوب اگه من میخواستم از این حرکتا بکنم هاردو در میاوردم میدادم جایی یا خودم یک فرمت کلی میکردم!

[mshow]

ببين دوست من،من نگفتم كه هاردتو فرمت كن، من گفتم شما فقط فايل هاي .exe روي هاردت رو پاك كن.

وقتي شما مي گي هارد رو فرمت كنم يعني اين كه هرچي عكس و فيلم و مقاله و هزار جور چيز ديگه هم داري پاك مي كني.كه اين كار اصلا لزومي نداره.

حالا مگه شما چند تا فايل اجرايي مهم روي هاردت داري؟

بازي داري؟=دوباره از روي ديسكش نصب كن.
نرم افزار داري؟=مي توني از روي يه ديسك پيداش كني.
پروژه هاي كامپايل شده برنامه نويسي داري؟=دوباره كامپايل كن.
دانلود كردي؟بازي بوده؟==فقط كركش رو دوباره بگير.(اگه ايميج بوده و داريش يا فايل فشرده خيالت راحت)
دانلود كردي؟نرم افزار بوده؟==حتما به صورت فايل فشرده بوده كه داريش خيالت راحت كه ويروس به اون ها دسترسي نداره.

در مورد تعمير فايل هاتون هم مي تونيد به پيغام خصوصي كه بهتون دادم مراجعه كنيد.

[mshow]

يه مطلب گير آوردم درمورد تمعير فايل ها ببين به دردت مي خوره.

فكر كنم مشكلت حل شه.فقط ويندوزه رو بايد اون طوري كه گفتم عوض كني.

بيا اينم لينك مطلب:
[ برای مشاهده لینک ، با نام کاربری خود وارد شوید یا ثبت نام کنید ]