﻿Лог утилиты random's system information tool 1.16(автор: random/random)
Run by Администратор at 2017-09-05 23:39:27
Microsoft Windows Server 2012 R2 Standard 
Системный раздел C: размер 297 GB (35%) Свободно 848 GB
Total RAM: 8192 MB (64% free)
X64

Logfile of Trend Micro HijackThis v2.0.5
Scan saved at 23:39:27, on 05.09.2017
Platform: Unknown Windows (WinNT 6.02.1008)
MSIE: Internet Explorer v11.0 (11.00.9600.18123)


Boot mode: Normal

Running processes:
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\acrotray.exe
C:\Share\Новая папка\2m0op74r.exe
c:\users\администратор\appdata\local\temp\1\B1BF314D-661CA8E7-B68FD567-B2AF8F80\ANjj00BDh3kg.exe
c:\users\администратор\appdata\local\temp\1\B1BF314D-661CA8E7-B68FD567-B2AF8F80\Tcp4zH4Pw.exe
C:\Windows\sysWOW64\wbem\wmiprvse.exe
C:\Share\Логер\AutoLogger.exe
C:\Share\Логер\AutoLogger\AVZ\avz.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Share\Логер\AutoLogger\RSIT\Администратор_RSITx64.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = res://iesetup.dll/HardAdmin.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = res://iesetup.dll/HardAdmin.htm
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = res://iesetup.dll/HardAdmin.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: Adobe Acrobat Create PDF Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll
O3 - Toolbar: Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Acrotray.exe"
O10 - Broken Internet access because of LSP provider 'c:\users\администратор\windows\system32\napinsp.dll' missing
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O15 - ESC Trusted Zone: http://runonce.msn.com
O15 - ESC Trusted Zone: http://*.windowsupdate.com
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = set.office
O17 - HKLM\System\CCS\Services\Tcpip\..\{BC68E179-8F68-4214-9F03-D79330DD03EC}: NameServer = 192.168.10.248,8.8.8.8
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = set.office
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = set.office
O18 - Protocol: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files (x86)\Microsoft Office\Office15\MSOSB.DLL
O18 - Filter hijack: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE15\MSOXMLMF.DLL
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Genuine Software Integrity Service (AGSService) - Adobe Systems, Incorporated - C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: @%windir%\system32\inetsrv\iisres.dll,-30007 (IISADMIN) - Unknown owner - C:\Windows\system32\inetsrv\inetinfo.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\TieringEngineService.exe,-702 (TieringEngineService) - Unknown owner - C:\Windows\system32\TieringEngineService.exe (file missing)
O23 - Service: @%SystemRoot%\System32\tssdis.exe,-1026 (Tssdis) - Unknown owner - C:\Windows\System32\tssdis.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: VMware Alias Manager and Ticket Service (VGAuthService) - VMware, Inc. - C:\Program Files\VMware\VMware Tools\VMware VGAuth\VGAuthService.exe
O23 - Service: VMware Tools (VMTools) - VMware, Inc. - C:\Program Files\VMware\VMware Tools\vmtoolsd.exe
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)

--
End of file - 6920 bytes

====== Список процессов ======

C:\Windows\system32\wininit.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\dwm.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\System32\spoolsv.exe
"C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe"
"C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe"
C:\Windows\system32\svchost.exe -k apphost
C:\Windows\System32\svchost.exe -k utcsvc
C:\Windows\system32\inetsrv\inetinfo.exe
C:\Windows\system32\svchost.exe -k KpsSvcGroup
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe
"C:\Program Files\VMware\VMware Tools\VMware VGAuth\VGAuthService.exe"
"C:\Program Files\VMware\VMware Tools\vmtoolsd.exe"
C:\Windows\system32\svchost.exe -k iissvcs
C:\Windows\WID\Binn\sqlwriter.exe -w
C:\Windows\WID\Binn\sqlservr.exe -SMSWIN8.SQLWID -sMICROSOFT##WID
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\svchost.exe -k NetworkServiceRemoteDesktopPublishing
C:\Windows\System32\tssdis.exe
C:\Windows\System32\svchost.exe -k termsvcs
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235}
C:\Windows\System32\msdtc.exe
C:\Windows\system32\iashost.exe {48DA6741-1BF0-4A44-8325-293086C79077} -Embedding
C:\Windows\system32\svchost.exe -k RPCHTTPLBS
C:\Windows\system32\svchost.exe -k tsgateway
C:\Windows\system32\taskhostex.exe
C:\Windows\Explorer.EXE
"C:\Windows\system32\ServerManager.exe" 
"C:\Program Files\VMware\VMware Tools\vmtoolsd.exe" -n vmusr
"C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\acrotray.exe" 
"C:\Windows\system32\taskmgr.exe" /4
"C:\Share\Новая папка\2m0op74r.exe" 
"c:\users\администратор\appdata\local\temp\1\B1BF314D-661CA8E7-B68FD567-B2AF8F80\ANjj00BDh3kg.exe" -cmode:2D0069006E00740020002D00730069006C0065006E00740020002D006300750072006500690074002D007100720020002D00720070006300700072003A006E00700020002D00720070006300650070003A005C0070006900700065005C00320035004600370043004100300034004500390020002D0064006C006C002D0070006100740068003D00220063003A005C00750073006500720073005C00300434043C0438043D043804410442044004300442043E0440045C0061007000700064006100740061005C006C006F00630061006C005C00740065006D0070005C0031005C00420031004200460033003100340044002D00360036003100430041003800450037002D00420036003800460044003500360037002D00420032004100460038004600380030005C00390051003900310058004F00330051002E0064006C006C00220020002D00610072006B006400610065006D006F006E002D006E0061006D0065003A00540037006E0059006B005A0079004300490033003000790036002E0065007800650020002D00610072006B0064006C006C002D006E0061006D0065003A004C005A0054003500710074007600420038004E00480047006C002E0064006C006C0020002D00610072006B006400610065006D006F006E002D00650070003A005C0070006900700065005C003200350046003800330044003700380046003200
"c:\users\администратор\appdata\local\temp\1\B1BF314D-661CA8E7-B68FD567-B2AF8F80\Tcp4zH4Pw.exe" -rpcep:\pipe\25F7CA04E9 -rpcpr:np 
"c:\users\администратор\appdata\local\temp\1\B1BF314D-661CA8E7-B68FD567-B2AF8F80\T7nYkZyCI30y6.exe" -arkdll:LZT5qtvB8NHGl.dll -arkpipe:\pipe\25F83D78F21504600476 -cureitmode
C:\Windows\sysWOW64\wbem\wmiprvse.exe -Embedding
"C:\Share\Логер\AutoLogger.exe" 
"C:\Share\Логер\AutoLogger\AVZ\avz.exe" Script=AVZ\GeneralScript.txt HiddenMode=0
"C:\Program Files\Internet Explorer\IEXPLORE.EXE" http://google.ru
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:3572 CREDAT:275457 /prefetch:2
C:\Windows\system32\LogonUI.exe
C:\Share\Логер\AutoLogger\RSIT\RSITx64.exe /silent /m3 /autolog /logfolder "C:\Share\Логер\AutoLogger\RSIT\Log" /hjtp "C:\Share\Логер\AutoLogger\RSIT\HiJackThis.exe"

====== Папка назначенных заданий ======

C:\Windows\system32\tasks\Adobe Acrobat Update Task - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Windows\system32\tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask - %systemroot%\system32\sc.exe start osppsvc
C:\Windows\system32\tasks\Microsoft\Windows\WS\License Validation - rundll32.exe WSClient.dll,WSpTLR licensing
C:\Windows\system32\tasks\Microsoft\Windows\Workplace Join\Automatic-Workplace-Join - %SystemRoot%\System32\AutoWorkplace.exe join
C:\Windows\system32\tasks\Microsoft\Windows\WindowsUpdate\Scheduled Start - C:\Windows\system32\sc.exe start wuauserv
C:\Windows\system32\tasks\Microsoft\Windows\WindowsUpdate\Scheduled Start With Network - C:\Windows\system32\sc.exe start wuauserv
C:\Windows\system32\tasks\Microsoft\Windows\Windows Filtering Platform\BfeOnServiceStartTypeChange - %windir%\system32\rundll32.exe bfe.dll,BfeOnServiceStartTypeChange
C:\Windows\system32\tasks\Microsoft\Windows\Windows Error Reporting\QueueReporting - %windir%\system32\wermgr.exe -queuereporting
C:\Windows\system32\tasks\Microsoft\Windows\UPnP\UPnPHostConfig - sc.exe config upnphost start= auto
C:\Windows\system32\tasks\Microsoft\Windows\Time Zone\SynchronizeTimeZone - %windir%\system32\tzsync.exe
C:\Windows\system32\tasks\Microsoft\Windows\Time Synchronization\SynchronizeTime - %windir%\system32\sc.exe start w32time task_started
C:\Windows\system32\tasks\Microsoft\Windows\termsrv\licensing\TlsWarning - %windir%\system32\tlsbln.exe
C:\Windows\system32\tasks\Microsoft\Windows\Storage Tiers Management\Storage Tiers Optimization - %windir%\system32\defrag.exe -c -h -g -#
C:\Windows\system32\tasks\Microsoft\Windows\SpacePort\SpaceAgentTask - %windir%\system32\SpaceAgent.exe
C:\Windows\system32\tasks\Microsoft\Windows\Software Inventory Logging\Collection - %systemroot%\system32\cmd.exe /d /c %systemroot%\system32\silcollector.cmd publish
C:\Windows\system32\tasks\Microsoft\Windows\Software Inventory Logging\Configuration - %systemroot%\system32\cmd.exe /d /c %systemroot%\system32\silcollector.cmd configure
C:\Windows\system32\tasks\Microsoft\Windows\Server Manager\CleanupOldPerfLogs - %systemroot%\system32\cscript.exe /B /nologo %systemroot%\system32\calluxxprovider.vbs $(Arg0) $(Arg1) $(Arg2)
C:\Windows\system32\tasks\Microsoft\Windows\Server Manager\ServerManager - %windir%\system32\ServerManagerLauncher.exe
C:\Windows\system32\tasks\Microsoft\Windows\Plug and Play\Sysprep Generalize Drivers - %SystemRoot%\System32\drvinst.exe 6
C:\Windows\system32\tasks\Microsoft\Windows\PLA\Server Manager Performance Monitor - %systemroot%\system32\rundll32.exe %systemroot%\system32\pla.dll,PlaHost "Server Manager Performance Monitor" "$(Arg0)"
C:\Windows\system32\tasks\Microsoft\Windows\NetTrace\GatherNetworkInfo - %windir%\system32\gatherNetworkInfo.vbs
C:\Windows\system32\tasks\Microsoft\Windows\MUI\LPRemove - %windir%\system32\lpremove.exe
C:\Windows\system32\tasks\Microsoft\Windows\Defrag\ScheduledDefrag - %windir%\system32\defrag.exe -c -h -k -g -$
C:\Windows\system32\tasks\Microsoft\Windows\Customer Experience Improvement Program\Consolidator - %SystemRoot%\System32\wsqmcons.exe
C:\Windows\system32\tasks\Microsoft\Windows\Customer Experience Improvement Program\Server\ServerCeipAssistant - %windir%\system32\ceipdata.exe -id 1
C:\Windows\system32\tasks\Microsoft\Windows\Autochk\Proxy - %windir%\system32\rundll32.exe /d acproxy.dll,PerformAutochkOperations
C:\Windows\system32\tasks\Microsoft\Windows\AppxDeploymentClient\Pre-staged app cleanup - %windir%\system32\rundll32.exe %windir%\system32\AppxDeploymentClient.dll,AppxPreStageCleanupRunTask
C:\Windows\system32\tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState - %windir%\system32\rundll32.exe Windows.Storage.ApplicationData.dll,CleanupTemporaryState
C:\Windows\system32\tasks\Microsoft\Windows\Application Experience\AitAgent - aitagent /increment
C:\Windows\system32\tasks\Microsoft\Windows\Application Experience\ProgramDataUpdater - %windir%\system32\rundll32.exe %windir%\system32\invagent.dll,RunUpdate
C:\Windows\system32\tasks\Microsoft\Windows\AppID\PolicyConverter - %windir%\system32\appidpolicyconverter.exe
C:\Windows\system32\tasks\Microsoft\Windows\AppID\VerifiedPublisherCertStoreCheck - %windir%\system32\appidcertstorecheck.exe
C:\Windows\system32\tasks\Microsoft\Office\Office 15 Subscription Heartbeat - %ProgramFiles%\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe
C:\Windows\system32\tasks\Microsoft\Office\OfficeTelemetryAgentFallBack - "C:\Program Files\Microsoft Office\Office15\msoia.exe" scan upload mininterval:2880
C:\Windows\system32\tasks\Microsoft\Office\OfficeTelemetryAgentLogOn - "C:\Program Files\Microsoft Office\Office15\msoia.exe" scan upload

=========Google Chrome=========


[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\efaidnbmnnnibpcajpcglclefindmkaj]
"Path"=C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCChromeExtn\WCChromeExtn.crx


======Снимок реестра ======


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"={0633EE93-D776-472f-A0FF-E1416B8B2E3A}
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}]
"URL"=http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC


[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"={0633EE93-D776-472f-A0FF-E1416B8B2E3A}
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}]
"URL"=http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE7CD045-E861-484f-8273-0445EE161910}]
Adobe Acrobat Create PDF Helper - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll [2016-12-17 162528]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]
Office Document Cache Handler - C:\PROGRA~1\MICROS~1\Office14\URLREDIR.DLL [2013-03-06 690392]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF}]
Microsoft SkyDrive Pro Browser Helper - C:\PROGRA~1\MICROS~1\Office15\GROOVEEX.DLL [2017-02-23 2351920]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F4971EE7-DAA0-4053-9964-665D8EE6A077}]
Adobe Acrobat Create PDF from Selection - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll [2016-12-17 162528]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE7CD045-E861-484f-8273-0445EE161910}]
Adobe Acrobat Create PDF Helper - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2016-12-17 140512]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]
Office Document Cache Handler - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL [2013-03-06 562904]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F4971EE7-DAA0-4053-9964-665D8EE6A077}]
Adobe Acrobat Create PDF from Selection - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2016-12-17 140512]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{47833539-D0C5-4125-9FA8-0819E2EAAC93} - Adobe Acrobat Create PDF Toolbar - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll [2016-12-17 162528]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Internet Explorer\Toolbar]
{47833539-D0C5-4125-9FA8-0819E2EAAC93} - Adobe Acrobat Create PDF Toolbar - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2016-12-17 140512]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"VMware User Process"=C:\Program Files\VMware\VMware Tools\vmtoolsd.exe [2016-02-16 83016]
"AdobeAAMUpdater-1.0"=C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2016-01-07 508128]

[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
""= []
"Acrobat Assistant 8.0"=C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Acrotray.exe [2017-07-27 3500056]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED}

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"notification packages" = rassfm
scecli

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders" = credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppInfo]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppMgmt]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Base]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BasicDisplay.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BasicRender.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Boot Bus Extender]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Boot file system]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BrokerInfrastructure]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CryptSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\DcomLaunch]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\DeviceInstall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\dxgkrnl.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\EFS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\EventLog]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\File system]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Filter]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\FsDepends.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HelpSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\KeyIso]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\LSM]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Netlogon]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NTDS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PCI Configuration]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PlugPlay]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PNP Filter]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Power]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Primary disk]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ProfSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\RpcEptMapper]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\RpcSs]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sacsvr]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SCSI Class]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sermouse.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SWPRV]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\System Bus Extender]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SystemEventsBroker]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TabletInputService]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TBS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TrustedInstaller]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\VDS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vmms]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgr.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgrx.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinMgmt]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfPf]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfRd]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{36FC9E60-C465-11CF-8056-444553540000}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E965-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E967-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E969-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96A-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96B-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96F-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E977-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E97B-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E97D-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E980-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{71A27CDD-812A-11D0-BEC7-08002BE2092F}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{745A17A0-74D3-11D0-B6FE-00A0C90F57DA}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{9DA2B80F-F89F-4A49-A5C2-511B085B9E8A}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{A0A588A4-C46F-4B37-B7EA-C82FE89870C6}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AppInfo]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AppMgmt]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Base]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\BasicDisplay.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\BasicRender.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\BFE]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Boot Bus Extender]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Boot file system]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\bowser]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\BrokerInfrastructure]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Browser]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\CryptSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\DcomLaunch]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\DeviceInstall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\dfsc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Dhcp]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\DnsCache]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Dot3Svc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\dxgkrnl.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Eaphost]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\EFS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\EventLog]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\File system]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Filter]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\FsDepends.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\HelpSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\IKEEXT]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\ipnat.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\KeyIso]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\LanmanServer]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\LanmanWorkstation]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\LmHosts]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\LSM]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Messenger]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MPSDrv]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MPSSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mrxsmb]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mrxsmb10]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mrxsmb20]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\NativeWifiP]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\NDIS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\NDIS Wrapper]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\ndiscap]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Ndisuio]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\NetBIOS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\NetBIOSGroup]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\NetBT]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\NetDDEGroup]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Netlogon]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\NetMan]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\netprofm]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Network]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\NetworkProvider]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\NlaSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Nsi]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nsiproxy.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\NTDS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\PCI Configuration]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\PlugPlay]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\PNP Filter]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\PNP_TDI]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\PolicyAgent]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Power]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Primary disk]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\ProfSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\rdbss]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\rdpencdd.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\rdsessmgr]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\RpcEptMapper]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\RpcSs]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\sacsvr]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\SCardSvr]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\SCSI Class]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\sermouse.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\SharedAccess]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\SmartcardSimulator]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Streams Drivers]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\SWPRV]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\System Bus Extender]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\SystemEventsBroker]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\TabletInputService]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\TBS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Tcpip]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\TDI]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\TrustedInstaller]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\VaultSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\VDS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\VirtualSmartcardReader]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\vmms]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\volmgr.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\volmgrx.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wcmsvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WinMgmt]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wlansvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfPf]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfRd]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfUsbccidDriver]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{36FC9E60-C465-11CF-8056-444553540000}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{4D36E965-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{4D36E967-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{4D36E969-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{4D36E96A-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{4D36E96B-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{4D36E96F-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{4D36E972-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{4D36E973-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{4D36E974-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{4D36E975-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{4D36E977-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{4D36E97B-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{4D36E97D-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{4D36E980-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{50DD5230-BA8A-11D1-BF5D-0000F805F530}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{71A27CDD-812A-11D0-BEC7-08002BE2092F}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{745A17A0-74D3-11D0-B6FE-00A0C90F57DA}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{9DA2B80F-F89F-4A49-A5C2-511B085B9E8A}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{A0A588A4-C46F-4B37-B7EA-C82FE89870C6}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"DisableAutomaticRestartSignOn"=1
"DelayedDesktopSwitchTimeout"=0
"ConsentPromptBehaviorAdmin"=5
"EnableUIADesktopToggle"=0
"EnableCursorSuppression"=1
"ConsentPromptBehaviorUser"=3
"disablecad"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=0
"undockwithoutlogon"=1
"RunComputerPSScriptsFirst"=1
"RunUserPSScriptsFirst"=1

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"ForceActiveDesktopOn"=0
"NoActiveDesktopChanges"=1
"NoActiveDesktop"=1
"ShowSuperHidden"=1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]


[HKEY_LOCAL_MACHINE\Software\Microsoft\Active Setup\Installed Components\{A509B1A7-37EF-4b3f-8CFC-4F3A74704073}]
"StubPath" = "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iesetup.dll",IEHardenAdmin
[HKEY_LOCAL_MACHINE\Software\Microsoft\Active Setup\Installed Components\{A509B1A8-37EF-4b3f-8CFC-4F3A74704073}]
"StubPath" = "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iesetup.dll",IEHardenUser

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.yuy2"=msyuv.dll
"vidc.i420"=iyuv_32.dll
"msacm.msgsm610"=msgsm32.acm
"msacm.msg711"=msg711.acm
"vidc.yvyu"=msyuv.dll
"vidc.yvu9"=tsbyuv.dll
"wavemapper"=msacm32.drv
"midimapper"=midimap.dll
"vidc.uyvy"=msyuv.dll
"vidc.iyuv"=iyuv_32.dll
"vidc.mrle"=msrle32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msadpcm"=msadp32.acm
"vidc.msvc"=msvidc32.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm

====== Ассоциации файлов ======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

====== Список файлов и папок, созданных за последние 3 месяца ======

2017-09-05 14:00:12 ----D---- C:\KVRT_Data
2017-09-05 11:34:36 ----D---- C:\ProgramData\Doctor Web
2017-09-05 10:34:24 ----A---- C:\RannohDecryptor.1.9.6.1_05.09.2017_10.34.24_log.txt
2017-09-04 16:29:47 ----D---- C:\FRST
2017-09-04 16:18:55 ----D---- C:\Users\Администратор\AppData\Roaming\Adobe
2017-09-04 16:18:53 ----D---- C:\Users\Администратор\AppData\Roaming\Microsoft
2017-08-15 15:43:41 ----SHD---- C:\Config.Msi

====== Список файлов и папок, измененных за последние 3 месяца ======

2017-09-05 23:00:29 ----D---- C:\Windows\system32\drivers
2017-09-05 22:59:41 ----D---- C:\Windows\Temp
2017-09-05 13:34:18 ----D---- C:\Share
2017-09-05 11:34:36 ----HD---- C:\ProgramData
2017-09-05 05:20:33 ----D---- C:\Windows\Microsoft.NET
2017-09-04 16:30:45 ----D---- C:\Windows\Inf
2017-09-04 16:30:43 ----D---- C:\Windows
2017-09-04 16:23:37 ----D---- C:\Windows\System32
2017-09-04 16:23:37 ----A---- C:\Windows\system32\PerfStringBackup.INI
2017-09-04 16:18:53 ----RD---- C:\Users
2017-09-04 16:18:52 ----D---- C:\Profiles
2017-09-04 16:17:32 ----D---- C:\Windows\system32\inetsrv
2017-09-04 16:15:47 ----D---- C:\Windows\Registration
2017-09-04 13:15:35 ----D---- C:\Windows\system32\lserver
2017-08-31 10:38:18 ----SHD---- C:\Windows\Installer
2017-08-31 10:37:59 ----D---- C:\Windows\SysWOW64
2017-08-22 11:46:19 ----SHD---- C:\$Recycle.Bin
2017-08-15 15:50:25 ----D---- C:\Windows\system32\Tasks

File C:\Windows\system32\winlogon.exe is digitally signed
File C:\Windows\system32\wininit.exe is digitally signed
File C:\Windows\explorer.exe is digitally signed
File C:\Windows\SysWOW64\explorer.exe is digitally signed
File C:\Windows\system32\svchost.exe is digitally signed
File C:\Windows\SysWOW64\svchost.exe is digitally signed
File C:\Windows\system32\services.exe is digitally signed
File C:\Windows\system32\User32.dll is digitally signed
File C:\Windows\SysWOW64\User32.dll is digitally signed
File C:\Windows\system32\userinit.exe is digitally signed
File C:\Windows\SysWOW64\userinit.exe is digitally signed
File C:\Windows\system32\rpcss.dll is digitally signed
File C:\Windows\system32\Drivers\volsnap.sys is digitally signed

====== Список драйверов (тип запуска: R=Запущен, S=остановлен, 0=Загрузочный, 1=Системный, 2=Автоматически, 3=Вручную, 4=Отключено) ======

R0 3ware;3ware; C:\Windows\System32\drivers\3ware.sys [2013-08-22 108896]
R0 ACPI;@acpi.inf,%ACPI.SvcDesc%;Microsoft ACPI Driver; C:\Windows\System32\drivers\ACPI.sys [2014-11-21 533824]
R0 acpiex;Microsoft ACPIEx Driver; C:\Windows\System32\Drivers\acpiex.sys [2013-08-22 79712]
R0 ADP80XX;ADP80XX; C:\Windows\System32\drivers\ADP80XX.SYS [2013-08-22 782176]
R0 agp440;@machine.inf,%agp440_svcdesc%;Intel AGP Bus Filter; C:\Windows\System32\drivers\agp440.sys [2013-08-22 62304]
R0 amdsata;amdsata; C:\Windows\System32\drivers\amdsata.sys [2013-08-22 79200]
R0 amdsbs;amdsbs; C:\Windows\System32\drivers\amdsbs.sys [2013-08-22 259424]
R0 amdxata;amdxata; C:\Windows\System32\drivers\amdxata.sys [2013-08-22 25952]
R0 arcsas;@arcsas.inf,%arcsas_ServiceName%;Adaptec SAS/SATA-II RAID Storport's Miniport Driver; C:\Windows\System32\drivers\arcsas.sys [2013-08-22 114016]
R0 atapi;@mshdc.inf,%idechannel.DeviceDesc%;IDE Channel; C:\Windows\System32\drivers\atapi.sys [2013-08-22 26464]
R0 b06bdrv;@netbvbda.inf,%vbd_srv_desc%;Broadcom NetXtreme II VBD; C:\Windows\System32\drivers\bxvbda.sys [2013-08-22 531296]
R0 bfadfcoei;bfadfcoei; C:\Windows\System32\drivers\bfadfcoei.sys [2013-08-22 2265440]
R0 bfadi;bfadi; C:\Windows\System32\drivers\bfadi.sys [2013-08-22 2265440]
R0 bxfcoe;@bxfcoe.inf,%BXFCOE.SVCDESC%;Broadcom NetXtreme II Offload FCoE Driver; C:\Windows\System32\drivers\bxfcoe.sys [2013-08-22 187744]
R0 bxois;@bxois.inf,%BXOIS.SVCDESC%;Broadcom NetXtreme II Offload iSCSI Driver; C:\Windows\System32\drivers\bxois.sys [2013-08-22 560480]
R0 CLFS;@%SystemRoot%\system32\drivers\clfs.sys,-100; C:\Windows\System32\drivers\CLFS.sys [2016-11-17 377176]
R0 CNG;CNG; C:\Windows\System32\Drivers\cng.sys [2017-01-22 567152]
R0 disk;@disk.inf,%disk_ServiceDesc%;Disk Driver; C:\Windows\System32\drivers\disk.sys [2016-01-21 99672]
R0 ebdrv;@netevbda.inf,%vbd_srv_desc%;Broadcom NetXtreme II 10 GigE VBD; C:\Windows\System32\drivers\evbda.sys [2013-08-22 3357024]
R0 elxfcoe;elxfcoe; C:\Windows\System32\drivers\elxfcoe.sys [2013-08-22 712032]
R0 elxstor;elxstor; C:\Windows\System32\drivers\elxstor.sys [2013-08-22 712032]
R0 FltMgr;@%SystemRoot%\system32\drivers\fltmgr.sys,-10001; C:\Windows\system32\drivers\fltmgr.sys [2014-11-21 354112]
R0 gagp30kx;@machine.inf,%gagp30kx_svcdesc%;Microsoft универсальный AGPv3.0 фильтр для платформ с K8-процессорами; C:\Windows\System32\drivers\gagp30kx.sys [2013-08-22 65888]
R0 HpSAMD;HpSAMD; C:\Windows\System32\drivers\HpSAMD.sys [2013-08-22 64352]
R0 iaStorAV;@iastorav.inf,%iaStorAV.DeviceDesc%;Intel(R) SATA RAID Controller Windows; C:\Windows\System32\drivers\iaStorAV.sys [2013-08-10 651248]
R0 iaStorV;@iastorv.inf,%*PNP0600.DeviceDesc%;Intel RAID Controller Windows 7; C:\Windows\System32\drivers\iaStorV.sys [2013-08-22 412000]
R0 ibbus;@mlx4_bus.inf,%Ibbus.ServiceDesc%;Mellanox InfiniBand Bus/AL (Filter Driver); C:\Windows\System32\drivers\ibbus.sys [2013-08-22 463712]
R0 intelide;intelide; C:\Windows\System32\drivers\intelide.sys [2013-08-22 18272]
R0 isapnp;isapnp; C:\Windows\System32\drivers\isapnp.sys [2013-08-22 21856]
R0 KSecDD;KSecDD; C:\Windows\System32\Drivers\ksecdd.sys [2014-11-21 100672]
R0 KSecPkg;KSecPkg; C:\Windows\System32\Drivers\ksecpkg.sys [2016-05-19 178016]
R0 LSI_SAS;LSI_SAS; C:\Windows\System32\drivers\lsi_sas.sys [2013-08-22 109408]
R0 LSI_SAS2;LSI_SAS2; C:\Windows\System32\drivers\lsi_sas2.sys [2013-08-22 93536]
R0 LSI_SAS3;LSI_SAS3; C:\Windows\System32\drivers\lsi_sas3.sys [2013-08-22 81760]
R0 LSI_SSS;LSI_SSS; C:\Windows\System32\drivers\lsi_sss.sys [2013-08-22 82784]
R0 megasas;megasas; C:\Windows\System32\drivers\megasas.sys [2013-08-22 56672]
R0 megasr;megasr; C:\Windows\System32\drivers\megasr.sys [2013-08-22 575840]
R0 mlx4_bus;@mlx4_bus.inf,%MLX4BUS.ServiceDesc%;Mellanox ConnectX Bus Enumerator; C:\Windows\System32\drivers\mlx4_bus.sys [2013-08-22 426336]
R0 mountmgr;@%SystemRoot%\system32\drivers\mountmgr.sys,-100; C:\Windows\System32\drivers\mountmgr.sys [2016-07-09 101208]
R0 msisadrv;msisadrv; C:\Windows\System32\drivers\msisadrv.sys [2013-08-22 17248]
R0 Mup;@%systemroot%\system32\drivers\mup.sys,-101; C:\Windows\System32\Drivers\mup.sys [2016-04-07 114528]
R0 mvumis;mvumis; C:\Windows\System32\drivers\mvumis.sys [2013-08-22 63840]
R0 ndfltr;@mlx4_bus.inf,%ndfltr.ServiceDesc%;NetworkDirect Service; C:\Windows\System32\drivers\ndfltr.sys [2013-08-22 66400]
R0 NDIS;@%SystemRoot%\system32\drivers\ndis.sys,-200; C:\Windows\system32\drivers\ndis.sys [2017-01-19 1113944]
R0 nv_agp;@machine.inf,%agpnvidia_svcdesc%;NVIDIA nForce AGP Bus Filter; C:\Windows\System32\drivers\nv_agp.sys [2013-08-22 124768]
R0 nvraid;nvraid; C:\Windows\System32\drivers\nvraid.sys [2013-08-22 150368]
R0 nvstor;nvstor; C:\Windows\System32\drivers\nvstor.sys [2013-08-22 168288]
R0 partmgr;@%SystemRoot%\system32\drivers\partmgr.sys,-100; C:\Windows\System32\drivers\partmgr.sys [2014-11-21 88896]
R0 pci;@machine.inf,%pci_svcdesc%;Драйвер PCI шины; C:\Windows\System32\drivers\pci.sys [2014-11-21 280384]
R0 pciide;pciide; C:\Windows\System32\drivers\pciide.sys [2013-08-22 14688]
R0 pcmcia;pcmcia; C:\Windows\System32\drivers\pcmcia.sys [2013-08-22 114528]
R0 pcw;Performance Counters for Windows Driver; C:\Windows\System32\drivers\pcw.sys [2013-08-22 50016]
R0 pdc;@%SystemRoot%\system32\drivers\pdc.sys,-100; C:\Windows\system32\drivers\pdc.sys [2014-10-17 86336]
R0 ql2300i;@ql2300.inf,%ql2300i.DriverDesc%;QLogic Fibre Channel STOR Miniport Inbox Driver (wx64); C:\Windows\System32\drivers\ql2300i.sys [2013-08-22 1508704]
R0 ql40xx2i;@ql40xx2i.inf,%ql40xx2i.DriverDesc%;QLogic iSCSI Miniport Inbox Driver; C:\Windows\System32\drivers\ql40xx2i.sys [2013-08-22 475488]
R0 qlfcoei;@qlfcoei.inf,%qlfcoei.DriverDesc%;QLogic [FCoE] STOR Miniport Inbox Driver (wx64); C:\Windows\System32\drivers\qlfcoei.sys [2013-08-22 1300320]
R0 sbp2port;@sbp2.inf,%sbp2_ServiceDesc%;SBP-2 Transport/Protocol Bus Driver; C:\Windows\System32\drivers\sbp2port.sys [2013-08-22 107872]
R0 SiSRaid2;SiSRaid2; C:\Windows\System32\drivers\SiSRaid2.sys [2013-08-22 44896]
R0 SiSRaid4;SiSRaid4; C:\Windows\System32\drivers\sisraid4.sys [2013-08-22 81760]
R0 spaceport;@spaceport.inf,%Spaceport_ServiceDesc%;Storage Spaces Driver; C:\Windows\System32\drivers\spaceport.sys [2017-01-11 422744]
R0 stexstor;stexstor; C:\Windows\System32\drivers\stexstor.sys [2013-08-22 31072]
R0 storahci;@mshdc.inf,%storahci_ServiceDescription%;Microsoft Standard SATA AHCI Driver; C:\Windows\System32\drivers\storahci.sys [2013-08-22 107872]
R0 storflt;@%SystemRoot%\system32\vmstorfltres.dll,-1000; C:\Windows\System32\drivers\vmstorfl.sys [2014-11-21 49944]
R0 stornvme;@stornvme.inf,%StorNVMe_ServiceDesc%;Microsoft Standard NVM Express Driver; C:\Windows\System32\drivers\stornvme.sys [2016-06-11 57184]
R0 storvsc;storvsc; C:\Windows\System32\drivers\storvsc.sys [2013-08-22 45888]
R0 Tcpip;@%SystemRoot%\system32\tcpipcfg.dll,-50003; C:\Windows\System32\drivers\tcpip.sys [2016-09-21 2462040]
R0 uagp35;@machine.inf,%uagp35_svcdesc%;Microsoft AGPv3.5 фильтр; C:\Windows\System32\drivers\uagp35.sys [2013-08-22 64864]
R0 uliagpkx;@machine.inf,%uliagpkx_svcdesc%;Uli AGP Bus Filter; C:\Windows\System32\drivers\uliagpkx.sys [2013-08-22 65888]
R0 vdrvroot;@vdrvroot.inf,%vdrvroot_svcdesc%;Microsoft Virtual Drive Enumerator; C:\Windows\System32\drivers\vdrvroot.sys [2013-08-22 37728]
R0 viaide;viaide; C:\Windows\System32\drivers\viaide.sys [2013-08-22 19808]
R0 vmbus;@%SystemRoot%\system32\vmbusres.dll,-1000; C:\Windows\System32\drivers\vmbus.sys [2014-11-21 97048]
R0 vmci;@oem1.inf,%vmci.Service.DispName%;VMware VMCI Bus Driver; C:\Windows\System32\drivers\vmci.sys [2015-08-20 90816]
R0 volmgr;@volmgr.inf,%volmgr_svcdesc%;Volume Manager Driver; C:\Windows\System32\drivers\volmgr.sys [2016-04-11 74584]
R0 volmgrx;@%SystemRoot%\system32\drivers\volmgrx.sys,-100; C:\Windows\System32\drivers\volmgrx.sys [2013-08-22 377696]
R0 volsnap;@volume.inf,%VolumeClassName%;Storage volumes; C:\Windows\System32\drivers\volsnap.sys [2016-03-14 316760]
R0 vsmraid;vsmraid; C:\Windows\System32\drivers\vsmraid.sys [2013-08-22 168800]
R0 vsock;vSockets Driver; C:\Windows\system32\drivers\vsock.sys [2015-08-20 75512]
R0 VSTXRAID;@vstxraid.inf,%Driver.DeviceDesc%;VIA StorX Storage RAID Controller Windows Driver; C:\Windows\System32\drivers\vstxraid.sys [2013-08-22 305504]
R0 Wdf01000;@%SystemRoot%\system32\drivers\Wdf01000.sys,-1000; C:\Windows\system32\drivers\Wdf01000.sys [2013-08-22 839488]
R0 WFPLWFS;@%SystemRoot%\System32\drivers\wfplwfs.sys,-6000; C:\Windows\system32\DRIVERS\wfplwfs.sys [2014-11-10 136512]
R0 WinMad;@mlx4_bus.inf,%WinMad.ServiceDesc%;WinMad Service; C:\Windows\System32\drivers\winmad.sys [2013-08-22 28000]
R0 WinVerbs;@mlx4_bus.inf,%WinVerbs.ServiceDesc%;WinVerbs Service; C:\Windows\System32\drivers\winverbs.sys [2013-08-22 59744]
R1 AFD;@%systemroot%\system32\drivers\afd.sys,-1000; C:\Windows\system32\drivers\afd.sys [2015-10-13 559616]
R1 ahcache;@%systemroot%\system32\drivers\ahcache.sys,-102; C:\Windows\system32\DRIVERS\ahcache.sys [2014-12-12 75776]
R1 BasicDisplay;BasicDisplay; C:\Windows\System32\drivers\BasicDisplay.sys [2013-08-22 50688]
R1 BasicRender;BasicRender; C:\Windows\System32\drivers\BasicRender.sys [2017-03-12 33792]
R1 cdrom;@cdrom.inf,%cdrom_ServiceDesc%;CD-ROM Driver; C:\Windows\System32\drivers\cdrom.sys [2013-08-22 164352]
R1 Dfsc;@%systemroot%\system32\wkssvc.dll,-1008; C:\Windows\System32\Drivers\dfsc.sys [2017-01-11 138752]
R1 Msfs;Msfs; C:\Windows\system32\drivers\Msfs.sys [2013-08-22 30208]
R1 mssmbios;@mssmbios.inf,%mssmbios_svcdesc%;Microsoft System Management BIOS Driver; C:\Windows\System32\drivers\mssmbios.sys [2013-08-22 37728]
R1 NetBIOS;@netnb.inf,%NetBIOS_Desc%;NetBIOS Interface; C:\Windows\system32\DRIVERS\netbios.sys [2014-11-21 48128]
R1 NetBT;@%SystemRoot%\system32\drivers\netbt.sys,-2; C:\Windows\System32\DRIVERS\netbt.sys [2016-05-14 281088]
R1 Npfs;Npfs; C:\Windows\system32\drivers\Npfs.sys [2013-08-22 58880]
R1 npsvctrig;@npsvctrig.inf,%NPSVCTRIG.SvcDisplayName%;Named pipe service trigger provider; C:\Windows\System32\drivers\npsvctrig.sys [2013-08-22 23040]
R1 nsiproxy;@%SystemRoot%\system32\drivers\nsiproxy.sys,-2; C:\Windows\system32\drivers\nsiproxy.sys [2014-11-21 39424]
R1 Null;Null; C:\Windows\system32\drivers\Null.sys [2013-08-22 5632]
R1 Psched;@%SystemRoot%\System32\drivers\pacer.sys,-101; C:\Windows\system32\DRIVERS\pacer.sys [2014-11-21 151040]
R1 rdbss;@%systemroot%\system32\wkssvc.dll,-1000; C:\Windows\system32\DRIVERS\rdbss.sys [2016-04-06 402432]
R1 tdx;@%SystemRoot%\system32\tcpipcfg.dll,-50004; C:\Windows\system32\DRIVERS\tdx.sys [2015-10-13 108032]
R1 Wanarpv6;@%systemroot%\system32\rascfg.dll,-32012; C:\Windows\system32\DRIVERS\wanarp.sys [2015-01-06 80896]
R1 ws2ifsl;Среда Windows Socket 2.0 поддержки поставщиков не-IFS служб; C:\Windows\system32\drivers\ws2ifsl.sys [2013-08-22 21504]
R2 lltdio;@%SystemRoot%\system32\lltdres.dll,-6; C:\Windows\system32\DRIVERS\lltdio.sys [2013-08-22 59392]
R2 luafv;@%systemroot%\system32\drivers\luafv.sys,-100; C:\Windows\system32\drivers\luafv.sys [2014-11-21 124416]
R2 mrxsmb10;@%systemroot%\system32\wkssvc.dll,-1004; C:\Windows\system32\DRIVERS\mrxsmb10.sys [2017-03-11 285184]
R2 PEAUTH;PEAUTH; C:\Windows\system32\drivers\peauth.sys [2014-11-21 663040]
R2 rspndr;@%SystemRoot%\system32\lltdres.dll,-5; C:\Windows\system32\DRIVERS\rspndr.sys [2013-08-22 80384]
R2 srv;@%systemroot%\system32\srvsvc.dll,-102; C:\Windows\System32\DRIVERS\srv.sys [2017-04-02 414720]
R2 tcpipreg;TCP/IP Registry Compatibility; C:\Windows\System32\drivers\tcpipreg.sys [2014-11-21 49152]
R2 TSFairShare;@%SystemRoot%\system32\drivers\TSFairShare.sys,-1; C:\Windows\system32\drivers\TSFairShare.sys [2017-02-10 74752]
R2 VMMEMCTL;Memory Control Driver; \??\C:\Program Files\Common Files\VMware\Drivers\memctl\vmmemctl.sys [2016-02-16 32840]
R3 bowser;@%systemroot%\system32\browser.dll,-102; C:\Windows\system32\DRIVERS\bowser.sys [2016-10-04 101376]
R3 CmBatt;@cmbatt.inf,%CmBatt.SvcDesc%;Microsoft ACPI Control Method Battery Driver; C:\Windows\System32\drivers\CmBatt.sys [2013-08-22 25472]
R3 CompositeBus;@CompositeBus.inf,%CompositeBus.SVCDESC%;Composite Bus Enumerator Driver; C:\Windows\System32\drivers\CompositeBus.sys [2013-08-22 36352]
R3 condrv;Console Driver; C:\Windows\System32\drivers\condrv.sys [2013-08-22 43008]
R3 DXGKrnl;LDDM Graphics Subsystem; C:\Windows\System32\drivers\dxgkrnl.sys [2017-04-10 1548640]
R3 e1iexpress;@net1ix64.inf,%e1iExpress.Service.DispName%;Драйвер I сетевого подключения Intel(R) PRO/1000 PCI Express; C:\Windows\system32\DRIVERS\e1i63x64.sys [2013-06-18 460288]
R3 fdc;@fdc.inf,%fdc_ServiceDesc%;Floppy Disk Controller Driver; C:\Windows\System32\drivers\fdc.sys [2013-08-22 30720]
R3 flpydisk;@flpydisk.inf,%floppy_ServiceDesc%;Floppy Disk Driver; C:\Windows\System32\drivers\flpydisk.sys [2013-08-22 25088]
R3 FsDepends;@%SystemRoot%\system32\drivers\fsdepends.sys,-10001; C:\Windows\System32\drivers\FsDepends.sys [2014-11-21 61248]
R3 gencounter;@wgencounter.inf,%GenCounter.SVCDESC%;Счетчик создания Microsoft Hyper-V; C:\Windows\System32\drivers\vmgencounter.sys [2013-08-22 11264]
R3 HTTP;@%SystemRoot%\system32\drivers\http.sys,-1; C:\Windows\system32\drivers\HTTP.sys [2017-01-12 990040]
R3 i8042prt;@msmouse.inf,%i8042prt.SvcDesc%;Драйвер клавиатуры и мыши для порта PS/2; C:\Windows\System32\drivers\i8042prt.sys [2014-11-04 108544]
R3 intelppm;@cpu.inf,%IntelPPM.SvcDesc%;Intel Processor Driver; C:\Windows\System32\drivers\intelppm.sys [2013-08-22 98816]
R3 kbdclass;@keyboard.inf,%kbdclass.SvcDesc%;Драйвер класса клавиатуры; C:\Windows\System32\drivers\kbdclass.sys [2014-11-04 59712]
R3 kdnic;@kdnic.inf,%KdNic.Service.DispName%;Мини-порт сетевого адаптера с отладкой ядра (Майкрософт) (NDIS 6.20); C:\Windows\system32\DRIVERS\kdnic.sys [2013-08-22 19456]
R3 monitor;@monitor.inf,%Monitor.SVCDESC%;Microsoft Monitor Class Function Driver Service; C:\Windows\System32\drivers\monitor.sys [2013-08-22 30208]
R3 mouclass;@msmouse.inf,%mouclass.SvcDesc%;Драйвер класса мыши; C:\Windows\System32\drivers\mouclass.sys [2014-11-04 51008]
R3 mpsdrv;@%SystemRoot%\system32\FirewallAPI.dll,-23092; C:\Windows\System32\drivers\mpsdrv.sys [2014-11-21 74240]
R3 mrxsmb;@%systemroot%\system32\wkssvc.dll,-1002; C:\Windows\system32\DRIVERS\mrxsmb.sys [2017-03-11 401408]
R3 mrxsmb20;@%systemroot%\system32\wkssvc.dll,-1006; C:\Windows\system32\DRIVERS\mrxsmb20.sys [2017-03-11 201728]
R3 NdisTapi;@%systemroot%\system32\rascfg.dll,-32001; C:\Windows\system32\DRIVERS\ndistapi.sys [2014-11-08 24576]
R3 NdisVirtualBus;@%SystemRoot%\System32\drivers\NdisVirtualBus.sys,-200; C:\Windows\System32\drivers\NdisVirtualBus.sys [2013-08-22 16384]
R3 NdisWan;@%systemroot%\system32\rascfg.dll,-32002; C:\Windows\System32\drivers\ndiswan.sys [2016-04-06 205824]
R3 NDProxy;NDIS Proxy; C:\Windows\system32\drivers\NDProxy.sys [2015-01-06 72192]
R3 Ntfs;Ntfs; C:\Windows\system32\drivers\Ntfs.sys [2017-03-11 2017624]
R3 PptpMiniport;@%systemroot%\system32\rascfg.dll,-32006; C:\Windows\System32\drivers\raspptp.sys [2013-08-22 107520]
R3 RasAgileVpn;@netavpna.inf,%Svc-Mp-AgileVpn-DispName%;Мини-порт глобальной сети (IKEv2); C:\Windows\system32\DRIVERS\AgileVpn.sys [2016-07-08 95744]
R3 Rasl2tp;@%systemroot%\system32\rascfg.dll,-32005; C:\Windows\System32\drivers\rasl2tp.sys [2016-02-02 112640]
R3 RasPppoe;@%systemroot%\system32\rascfg.dll,-32007; C:\Windows\System32\drivers\raspppoe.sys [2013-08-22 84992]
R3 RasSstp;@%systemroot%\system32\sstpsvc.dll,-202; C:\Windows\system32\DRIVERS\rassstp.sys [2014-11-21 93696]
R3 rdpbus;@rdpbus.inf,%rdpbus_svcdesc%;Remote Desktop Device Redirector Bus Driver; C:\Windows\System32\drivers\rdpbus.sys [2013-08-22 22528]
R3 RDPDR;@%SystemRoot%\System32\DRIVERS\rdpdr.sys,-100; C:\Windows\System32\drivers\rdpdr.sys [2013-08-22 195584]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver; C:\Windows\System32\drivers\rdpvideominiport.sys [2014-11-21 27456]
R3 sdbus;sdbus; C:\Windows\System32\drivers\sdbus.sys [2015-03-13 239424]
R3 sdstor;@sdstor.inf,%sdstor_ServiceDesc%;SD Storage Port Driver; C:\Windows\System32\drivers\sdstor.sys [2014-11-21 79192]
R3 srv2;@%systemroot%\system32\srvsvc.dll,-104; C:\Windows\System32\DRIVERS\srv2.sys [2017-04-02 684544]
R3 srvnet;srvnet; C:\Windows\System32\DRIVERS\srvnet.sys [2016-08-03 243712]
R3 swenum;@swenum.inf,%SWENUM.SVCDESC%;Software Bus Driver; C:\Windows\System32\drivers\swenum.sys [2014-11-21 14144]
R3 tsusbhub;@tsusbhub.inf,%tsusbhub.SVCDESC%;Remote Desktop USB Hub; C:\Windows\System32\drivers\tsusbhub.sys [2016-01-31 111104]
R3 tunnel;@nettun.inf,%TUNNEL.Service.DisplayName%;Драйвер адаптера минипорта для туннеля Microsoft; C:\Windows\system32\DRIVERS\tunnel.sys [2015-09-04 154112]
R3 UASPStor;@uaspstor.inf,%UASPortName%;USB Attached SCSI (UAS) Driver; C:\Windows\System32\drivers\uaspstor.sys [2013-08-22 74080]
R3 UCX01000;USB Controller Extension; C:\Windows\System32\drivers\ucx01000.sys [2014-11-21 189248]
R3 umbus;@umbus.inf,%umbus.SVCDESC%;UMBus Enumerator Driver; C:\Windows\System32\drivers\umbus.sys [2013-08-22 46080]
R3 usbccgp;@usb.inf,%GenericParent.SvcDesc%;Microsoft USB Generic Parent Driver; C:\Windows\System32\drivers\usbccgp.sys [2014-11-21 143680]
R3 usbehci;@usbport.inf,%EHCIMP.SvcDesc%;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\Windows\System32\drivers\usbehci.sys [2016-01-09 91992]
R3 usbhub;@usbport.inf,%ROOTHUB.SvcDesc%;Microsoft USB Standard Hub Driver; C:\Windows\System32\drivers\usbhub.sys [2015-10-11 462168]
R3 USBHUB3;@usbhub3.inf,%UsbHub3.SVCDESC%;SuperSpeed Hub; C:\Windows\System32\drivers\UsbHub3.sys [2015-10-11 468824]
R3 USBSTOR;@usbstor.inf,%USBSTOR.SvcDesc%;USB Mass Storage Driver; C:\Windows\System32\drivers\USBSTOR.SYS [2016-01-31 148832]
R3 USBXHCI;@usbxhci.inf,%PCI\CC_0C0330.DeviceDesc%;USB xHCI Compliant Host Controller; C:\Windows\System32\drivers\USBXHCI.SYS [2015-04-16 325464]
R3 vhdmp;vhdmp; C:\Windows\System32\drivers\vhdmp.sys [2016-10-10 551256]
R3 vm3dmp;vm3dmp; C:\Windows\system32\DRIVERS\vm3dmp.sys [2016-02-16 219848]
R3 vmmouse;@oem5.inf,%VMMouse.SvcDesc%;VMware Pointing Device; C:\Windows\System32\drivers\vmmouse.sys [2016-02-16 25808]
S0 hwpolicy;@%systemroot%\system32\drivers\hwpolicy.sys,-101; C:\Windows\System32\drivers\hwpolicy.sys [2013-08-22 24416]
S0 sacdrv;sacdrv; C:\Windows\system32\DRIVERS\sacdrv.sys [2013-08-22 94048]
S3 1394ohci;@1394.inf,%PCI\CC_0C0010.DeviceDesc%;1394 OHCI Compliant Host Controller; C:\Windows\System32\drivers\1394ohci.sys [2013-08-22 231424]
S3 acpipagr;@acpipagr.inf,%SvcDesc%;ACPI Processor Aggregator Driver; C:\Windows\System32\drivers\acpipagr.sys [2013-08-22 10240]
S3 AcpiPmi;@acpipmi.inf,%AcpiPmi.SvcDesc%;ACPI Power Meter Driver; C:\Windows\System32\drivers\acpipmi.sys [2013-08-22 12288]
S3 acpitime;@acpitime.inf,%AcpiTime.SvcDesc%;ACPI Wake Alarm Driver; C:\Windows\System32\drivers\acpitime.sys [2013-08-22 10752]
S3 AmdK8;@cpu.inf,%AmdK8.SvcDesc%;AMD K8 Processor Driver; C:\Windows\System32\drivers\amdk8.sys [2013-08-22 95744]
S3 AmdPPM;@cpu.inf,%AmdPPM.SvcDesc%;AMD Processor Driver; C:\Windows\System32\drivers\amdppm.sys [2013-08-22 98816]
S3 AppID;@%systemroot%\system32\appidsvc.dll,-102; C:\Windows\system32\drivers\appid.sys [2014-11-21 82944]
S3 AsyncMac;@%systemroot%\system32\rascfg.dll,-32000; C:\Windows\System32\drivers\asyncmac.sys [2013-08-22 26624]
S3 Beep;Beep; C:\Windows\system32\drivers\Beep.sys [2013-08-22 7680]
S3 cht4vbd;@cht4vx64.inf,%cht4vbd.generic%;Chelsio T4 Virtual Bus Driver; C:\Windows\System32\drivers\cht4vx64.sys [2013-06-18 605672]
S3 dmvsc;dmvsc; C:\Windows\System32\drivers\dmvsc.sys [2013-08-22 29696]
S3 ErrDev;@errdev.inf,%ERRDEV.SvcDesc%;Microsoft Hardware Error Device Driver; C:\Windows\System32\drivers\errdev.sys [2013-08-22 10240]
S3 exfat;exFAT File System Driver; C:\Windows\system32\drivers\exfat.sys [2013-08-22 200704]
S3 fastfat;FAT12/16/32 File System Driver; C:\Windows\system32\drivers\fastfat.sys [2013-08-22 217952]
S3 fcvsc;fcvsc; C:\Windows\System32\drivers\fcvsc.sys [2013-08-22 32768]
S3 FileInfo;@%SystemRoot%\system32\drivers\fileinfo.sys,-100; C:\Windows\System32\drivers\fileinfo.sys [2014-11-21 79192]
S3 Filetrace;@%SystemRoot%\system32\drivers\filetrace.sys,-10001; C:\Windows\system32\drivers\filetrace.sys [2013-08-22 34816]
S3 FxPPM;@cpu.inf,%FxPPM.SvcDesc%;Power Framework Processor Driver; C:\Windows\System32\drivers\fxppm.sys [2013-08-22 27136]
S3 GPIOClx0101;Microsoft GPIO Class Extension Driver; C:\Windows\System32\Drivers\msgpioclx.sys [2014-11-21 146752]
S3 HDAudBus;@hdaudbus.inf,%HDAudBus.SVCDESC%;Microsoft UAA Bus Driver for High Definition Audio; C:\Windows\System32\drivers\HDAudBus.sys [2014-11-21 76800]
S3 HidBatt;@hidbatt.inf,%HidBatt.SvcDesc%;HID UPS Battery Driver; C:\Windows\System32\drivers\HidBatt.sys [2013-08-22 26624]
S3 HidUsb;@input.inf,%HID.SvcDesc%;Microsoft HID Class Driver; C:\Windows\System32\drivers\hidusb.sys [2016-05-14 32768]
S3 hyperkbd;hyperkbd; C:\Windows\System32\drivers\hyperkbd.sys [2013-08-22 13824]
S3 HyperVideo;HyperVideo; C:\Windows\system32\DRIVERS\HyperVideo.sys [2013-08-22 22016]
S3 IpFilterDriver;@%systemroot%\system32\rascfg.dll,-32013; C:\Windows\system32\DRIVERS\ipfltdrv.sys [2013-08-22 84992]
S3 IPMIDRV;IPMIDRV; C:\Windows\System32\drivers\IPMIDrv.sys [2016-02-03 80896]
S3 IPNAT;IP Network Address Translator; C:\Windows\System32\drivers\ipnat.sys [2014-11-21 142848]
S3 iScsiPrt;@iscsi.inf,%iScsiPortName%;iScsiPort Driver; C:\Windows\System32\drivers\msiscsi.sys [2017-03-11 275800]
S3 kbdhid;@keyboard.inf,%KBDHID.SvcDesc%;Keyboard HID Driver; C:\Windows\System32\drivers\kbdhid.sys [2014-11-04 32256]
S3 ksthunk;Kernel Streaming Thunks; C:\Windows\system32\drivers\ksthunk.sys [2013-08-22 21248]
S3 Modem;Modem; C:\Windows\system32\drivers\modem.sys [2013-08-22 40960]
S3 mouhid;@msmouse.inf,%MOUHID.SvcDesc%;Mouse HID Driver; C:\Windows\System32\drivers\mouhid.sys [2014-11-04 30208]
S3 MsBridge;@%SystemRoot%\system32\bridgeres.dll,-1; C:\Windows\system32\DRIVERS\bridge.sys [2014-11-21 115712]
S3 mshidkmdf;@%SystemRoot%\system32\drivers\mshidkmdf.sys,-100; C:\Windows\System32\drivers\mshidkmdf.sys [2013-08-22 8192]
S3 mshidumdf;@%SystemRoot%\system32\drivers\mshidumdf.sys,-100; C:\Windows\System32\drivers\mshidumdf.sys [2013-08-22 9728]
S3 MsLbfoProvider;@%SystemRoot%\System32\drivers\MsLbfoProvider.sys,-501; C:\Windows\system32\DRIVERS\MsLbfoProvider.sys [2016-07-09 117760]
S3 MsRPC;MsRPC; C:\Windows\system32\drivers\MsRPC.sys [2013-08-22 366432]
S3 MTConfig;@mtconfig.inf,%MTConfig.SVCDESC%;Microsoft Input Configuration Driver; C:\Windows\System32\drivers\MTConfig.sys [2013-08-22 13312]
S3 NdisCap;@%SystemRoot%\System32\drivers\ndiscap.sys,-5000; C:\Windows\system32\DRIVERS\ndiscap.sys [2014-11-21 43008]
S3 NdisImPlatform;@%SystemRoot%\System32\drivers\ndisimplatform.sys,-501; C:\Windows\system32\DRIVERS\NdisImPlatform.sys [2016-03-03 126464]
S3 Ndisuio;@ndisuio.inf,%NDISUIO_Desc%;NDIS Usermode I/O Protocol; C:\Windows\system32\DRIVERS\ndisuio.sys [2013-08-22 60416]
S3 NDISWANLEGACY;@%systemroot%\system32\rascfg.dll,-32014; C:\Windows\system32\DRIVERS\ndiswan.sys [2016-04-06 205824]
S3 netvsc;netvsc; C:\Windows\System32\drivers\netvsc63.sys [2014-11-21 87040]
S3 Parport;@msports.inf,%Parport.SVCDESC%;Parallel port driver; C:\Windows\System32\drivers\parport.sys [2016-08-11 96256]
S3 Processor;@cpu.inf,%Processor.SvcDesc%;Processor Driver; C:\Windows\System32\drivers\processr.sys [2013-08-22 92160]
S3 RasAcd;Remote Access Auto Connection Driver; C:\Windows\System32\DRIVERS\rasacd.sys [2014-11-21 17408]
S3 ReFS;ReFS; C:\Windows\system32\drivers\ReFS.sys [2016-10-13 922968]
S3 s3cap;s3cap; C:\Windows\System32\drivers\vms3cap.sys [2013-08-22 7168]
S3 scfilter;@%SystemRoot%\System32\drivers\scfilter.sys,-11; C:\Windows\System32\DRIVERS\scfilter.sys [2016-12-25 40960]
S3 SerCx;Serial UART Support Library; C:\Windows\system32\drivers\SerCx.sys [2013-08-22 69472]
S3 SerCx2;Serial UART Support Library; C:\Windows\system32\drivers\SerCx2.sys [2014-11-21 146776]
S3 Serenum;@msports.inf,%Serenum.SVCDESC%;Serenum Filter Driver; C:\Windows\System32\drivers\serenum.sys [2016-08-11 23040]
S3 Serial;@msports.inf,%Serial.SVCDESC%;Serial port driver; C:\Windows\System32\drivers\serial.sys [2016-08-11 83456]
S3 sermouse;@msmouse.inf,%sermouse.SvcDesc%;Serial Mouse Driver; C:\Windows\System32\drivers\sermouse.sys [2014-11-04 26112]
S3 sfloppy;@flpydisk.inf,%sfloppy_devdesc%;High-Capacity Floppy Disk Drive; C:\Windows\System32\drivers\sfloppy.sys [2013-08-22 17408]
S3 smbdirect;smbdirect; C:\Windows\System32\DRIVERS\smbdirect.sys [2014-11-21 145920]
S3 SpbCx;Simple Peripheral Bus Support Library; C:\Windows\system32\drivers\SpbCx.sys [2013-08-22 72032]
S3 storvsp;storvsp; C:\Windows\System32\drivers\storvsp.sys [2017-01-12 66560]
S3 TCPIP6;@netip6.inf,%MS_TCPIP6.TCPIP6.ServiceDescription%;Microsoft IPv6 Protocol Driver; C:\Windows\system32\DRIVERS\tcpip.sys [2016-09-21 2462040]
S3 terminpt;@termmou.inf,%TermInpt.SVCDESC%;Microsoft Remote Desktop Input Driver; C:\Windows\System32\drivers\terminpt.sys [2013-08-22 37216]
S3 TPM;@tpm.inf,%TPM%;TPM; C:\Windows\system32\drivers\tpm.sys [2015-09-29 155480]
S3 TsUsbFlt;TsUsbFlt; C:\Windows\system32\drivers\tsusbflt.sys [2013-08-22 56320]
S3 TsUsbGD;@tsgenericusbdriver.inf,%TsUsbGD.DeviceDesc.Generic%;Remote Desktop Generic USB Device; C:\Windows\System32\drivers\TsUsbGD.sys [2014-11-21 29696]
S3 UEFI;@uefi.inf,%UEFI.SvcDesc%;Microsoft UEFI Driver; C:\Windows\System32\drivers\UEFI.sys [2013-08-22 26976]
S3 UmPass;@umpass.inf,%UmPass.SVCDESC%;Microsoft UMPass Driver; C:\Windows\System32\drivers\umpass.sys [2013-08-22 11776]
S3 usbohci;@usbport.inf,%OHCIMP.SvcDesc%;Microsoft USB Open Host Controller Miniport Driver; C:\Windows\System32\drivers\usbohci.sys [2015-10-10 30208]
S3 usbprint;@usbprint.inf,%USBPRINT.SvcDesc%;Microsoft USB PRINTER Class; C:\Windows\System32\drivers\usbprint.sys [2013-08-22 26112]
S3 usbuhci;@usbport.inf,%UHCIMP.SvcDesc%;Microsoft USB Universal Host Controller Miniport Driver; C:\Windows\System32\drivers\usbuhci.sys [2015-10-10 37376]
S3 VerifierExt;@%SystemRoot%\system32\drivers\VerifierExt.sys,-1000; C:\Windows\system32\drivers\VerifierExt.sys [2014-11-21 175960]
S3 Vid;Vid; C:\Windows\System32\drivers\Vid.sys [2014-11-21 220672]
S3 VMBusHID;VMBusHID; C:\Windows\System32\drivers\VMBusHID.sys [2013-08-22 21760]
S3 vmbusr;@%SystemRoot%\system32\drivers\vmbusr.sys,-1001; C:\Windows\System32\drivers\vmbusr.sys [2014-11-21 129536]
S3 vpci;@wvpci.inf,%vpci.SVCDESC%;Microsoft Hyper-V Virtual PCI Bus; C:\Windows\System32\drivers\vpci.sys [2016-01-26 72024]
S3 vpcivsp;@wvpcivsp.inf,%vpcivsp.SVCDESC%;Microsoft Hyper-V PCI Server; C:\Windows\System32\drivers\vpcivsp.sys [2017-01-12 65536]
S3 WacomPen;@hiddigi.inf,%WacomPen.SVCDESC%;Wacom Serial Pen HID Driver; C:\Windows\System32\drivers\wacompen.sys [2013-08-22 26752]
S3 Wanarp;@%systemroot%\system32\rascfg.dll,-32011; C:\Windows\system32\DRIVERS\wanarp.sys [2015-01-06 80896]
S3 WIMMount;WIMMount; C:\Windows\system32\drivers\wimmount.sys [2014-11-21 33600]
S3 WinNat;@%SystemRoot%\system32\drivers\winnat.sys,-10001; C:\Windows\system32\drivers\winnat.sys [2016-02-02 177152]
S3 WmiAcpi;@wmiacpi.inf,%WMIMAP.SvcDesc%;Microsoft Windows Management Interface for ACPI; C:\Windows\System32\drivers\wmiacpi.sys [2013-08-22 16384]
S3 wtlmdrv;@wtlmdrv.inf,%WTLMDrv.DisplayName%;Microsoft iSCSI Target LocalMount Adapter; C:\Windows\System32\drivers\wtlmdrv.sys [2013-08-22 31232]
S3 WudfPf;@%SystemRoot%\system32\drivers\Wudfpf.sys,-1000; C:\Windows\system32\drivers\WudfPf.sys [2014-11-21 113664]
S3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2014-11-21 226304]
S4 cdfs;CD/DVD File System Reader; C:\Windows\system32\DRIVERS\cdfs.sys [2013-08-22 88576]
S4 secdrv;Security Driver; C:\Windows\system32\drivers\secdrv.sys [2013-08-22 23040]
S4 udfs;udfs; C:\Windows\system32\DRIVERS\udfs.sys [2015-03-13 316416]

====== Список служб (тип запуска: R=Запущена, S=остановлена, 0=Загрузочная, 1=Системная, 2=Автоматически, 3=Вручную, 4=Отключено) ======

R2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2017-07-19 83032]
R2 AGSService;Adobe Genuine Software Integrity Service; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2017-05-18 2246256]
R2 AppHostSvc;@%windir%\system32\inetsrv\iisres.dll,-30011; %windir%\system32\svchost.exe -k apphost;"ServiceDll" = %windir%\system32\inetsrv\apphostsvc.dll
R2 BFE;@%SystemRoot%\system32\bfe.dll,-1001; %systemroot%\system32\svchost.exe -k LocalServiceNoNetwork;"ServiceDll" = %SystemRoot%\System32\bfe.dll
R2 BrokerInfrastructure;@%windir%\system32\bisrv.dll,-100; %SystemRoot%\system32\svchost.exe -k DcomLaunch;"ServiceDll" = %SystemRoot%\System32\bisrv.dll
R2 CryptSvc;@%SystemRoot%\system32\cryptsvc.dll,-1001; %SystemRoot%\system32\svchost.exe -k NetworkService;"ServiceDll" = %SystemRoot%\system32\cryptsvc.dll
R2 DcomLaunch;@combase.dll,-5012; %SystemRoot%\system32\svchost.exe -k DcomLaunch;"ServiceDll" = %SystemRoot%\system32\rpcss.dll
R2 Dhcp;@%SystemRoot%\system32\dhcpcore.dll,-100; %SystemRoot%\system32\svchost.exe -k LocalServiceNetworkRestricted;"ServiceDll" = %SystemRoot%\system32\dhcpcore.dll
R2 DiagTrack;@%SystemRoot%\system32\UtcResources.dll,-3001; %SystemRoot%\System32\svchost.exe -k utcsvc;"ServiceDll" = %SystemRoot%\system32\diagtrack.dll
R2 Dnscache;@%SystemRoot%\System32\dnsapi.dll,-101; %SystemRoot%\system32\svchost.exe -k NetworkService;"ServiceDll" = %SystemRoot%\System32\dnsrslvr.dll
R2 DPS;@%systemroot%\system32\dps.dll,-500; %SystemRoot%\System32\svchost.exe -k LocalServiceNoNetwork;"ServiceDll" = %SystemRoot%\system32\dps.dll
R2 EventLog;@%SystemRoot%\system32\wevtsvc.dll,-200; %SystemRoot%\System32\svchost.exe -k LocalServiceNetworkRestricted;"ServiceDll" = 
R2 EventSystem;@comres.dll,-2450; %SystemRoot%\system32\svchost.exe -k LocalService;"ServiceDll" = %systemroot%\system32\es.dll
R2 FontCache;@%systemroot%\system32\FntCache.dll,-100; %SystemRoot%\system32\svchost.exe -k LocalService;"ServiceDll" = %SystemRoot%\system32\FntCache.dll
R2 gpsvc;@gpapi.dll,-112; %systemroot%\system32\svchost.exe -k netsvcs;"ServiceDll" = %SystemRoot%\System32\gpsvc.dll
R2 IAS;@%SystemRoot%\system32\ias.dll,-1000; %SystemRoot%\System32\svchost.exe -k netsvcs;"ServiceDll" = %SystemRoot%\System32\ias.dll
R2 IISADMIN;@%windir%\system32\inetsrv\iisres.dll,-30007; C:\Windows\system32\inetsrv\inetinfo.exe [2017-02-10 16896]
R2 IKEEXT;@%SystemRoot%\system32\ikeext.dll,-501; %systemroot%\system32\svchost.exe -k netsvcs;"ServiceDll" = %SystemRoot%\System32\ikeext.dll
R2 iphlpsvc;@%SystemRoot%\system32\iphlpsvc.dll,-500; %SystemRoot%\System32\svchost.exe -k NetSvcs;"ServiceDll" = %SystemRoot%\System32\iphlpsvc.dll
R2 KPSSVC;@%systemroot%\system32\kpssvc.dll,-100; %systemroot%\system32\svchost.exe -k KpsSvcGroup;"ServiceDll" = %systemroot%\system32\kpssvc.dll
R2 LanmanServer;@%systemroot%\system32\srvsvc.dll,-100; %SystemRoot%\system32\svchost.exe -k netsvcs;"ServiceDll" = %SystemRoot%\system32\srvsvc.dll
R2 LanmanWorkstation;@%systemroot%\system32\wkssvc.dll,-100; %SystemRoot%\System32\svchost.exe -k NetworkService;"ServiceDll" = %SystemRoot%\System32\wkssvc.dll
R2 lmhosts;@%SystemRoot%\system32\lmhsvc.dll,-101; %SystemRoot%\system32\svchost.exe -k LocalServiceNetworkRestricted;"ServiceDll" = %SystemRoot%\System32\lmhsvc.dll
R2 LSM;@%windir%\system32\lsm.dll,-1001; %SystemRoot%\system32\svchost.exe -k DcomLaunch;"ServiceDll" = %SystemRoot%\System32\lsm.dll
R2 MpsSvc;@%SystemRoot%\system32\FirewallAPI.dll,-23090; %SystemRoot%\system32\svchost.exe -k LocalServiceNoNetwork;"ServiceDll" = %SystemRoot%\system32\mpssvc.dll
R2 MSDTC;@comres.dll,-2797; C:\Windows\System32\msdtc.exe [2014-11-21 144384]
R2 Netlogon;@%SystemRoot%\System32\netlogon.dll,-102; C:\Windows\system32\lsass.exe [2014-11-21 47024]
R2 NlaSvc;@%SystemRoot%\System32\nlasvc.dll,-1; %SystemRoot%\System32\svchost.exe -k NetworkService;"ServiceDll" = %SystemRoot%\System32\nlasvc.dll
R2 nsi;@%SystemRoot%\system32\nsisvc.dll,-200; %systemroot%\system32\svchost.exe -k LocalService;"ServiceDll" = %systemroot%\system32\nsisvc.dll
R2 Power;@%SystemRoot%\system32\umpo.dll,-100; %SystemRoot%\system32\svchost.exe -k DcomLaunch;"ServiceDll" = %SystemRoot%\system32\umpo.dll
R2 ProfSvc;@%systemroot%\system32\profsvc.dll,-300; %systemroot%\system32\svchost.exe -k netsvcs;"ServiceDll" = %systemroot%\system32\profsvc.dll
R2 RDMS;@%SystemRoot%\System32\RDMS.dll,-1000; %SystemRoot%\system32\svchost.exe -k NetworkServiceRemoteDesktopPublishing;"ServiceDll" = %SystemRoot%\System32\RDMS.dll
R2 RpcEptMapper;@%windir%\system32\RpcEpMap.dll,-1001; %SystemRoot%\system32\svchost.exe -k RPCSS;"ServiceDll" = %SystemRoot%\System32\RpcEpMap.dll
R2 RpcSs;@combase.dll,-5010; %SystemRoot%\system32\svchost.exe -k rpcss;"ServiceDll" = %SystemRoot%\system32\rpcss.dll
R2 SamSs;@%SystemRoot%\system32\samsrv.dll,-1; C:\Windows\system32\lsass.exe [2014-11-21 47024]
R2 Schedule;@%SystemRoot%\system32\schedsvc.dll,-100; %systemroot%\system32\svchost.exe -k netsvcs;"ServiceDll" = %systemroot%\system32\schedsvc.dll
R2 SENS;@%SystemRoot%\system32\Sens.dll,-200; %SystemRoot%\system32\svchost.exe -k netsvcs;"ServiceDll" = %SystemRoot%\System32\sens.dll
R2 ShellHWDetection;@%SystemRoot%\System32\shsvcs.dll,-12288; %SystemRoot%\System32\svchost.exe -k netsvcs;"ServiceDll" = %SystemRoot%\System32\shsvcs.dll
R2 Spooler;@%systemroot%\system32\spoolsv.exe,-1; C:\Windows\System32\spoolsv.exe [2014-11-04 827392]
R2 SysMain;@%SystemRoot%\system32\sysmain.dll,-1000; %systemroot%\system32\svchost.exe -k LocalSystemNetworkRestricted;"ServiceDll" = %systemroot%\system32\sysmain.dll
R2 SystemEventsBroker;@%windir%\system32\SystemEventsBrokerServer.dll,-1001; %SystemRoot%\system32\svchost.exe -k DcomLaunch;"ServiceDll" = %SystemRoot%\System32\SystemEventsBrokerServer.dll
R2 TermServLicensing;@%SystemRoot%\System32\lserver.dll,-501; C:\Windows\system32\svchost -k TSLicensing []
R2 Themes;@%SystemRoot%\System32\themeservice.dll,-8192; %SystemRoot%\System32\svchost.exe -k netsvcs;"ServiceDll" = %SystemRoot%\system32\themeservice.dll
R2 TrkWks;@%SystemRoot%\system32\trkwks.dll,-1; %SystemRoot%\System32\svchost.exe -k LocalSystemNetworkRestricted;"ServiceDll" = %SystemRoot%\System32\trkwks.dll
R2 TScPubRPC;@%SystemRoot%\System32\TSCPUBSvr.dll,-109; %SystemRoot%\System32\svchost.exe -k NetworkServiceRemoteDesktopPublishing;"ServiceDll" = %SystemRoot%\system32\TSCPUBSvr.dll
R2 TSGateway;@%SystemRoot%\system32\aaedge.dll,-2002; %windir%\system32\svchost.exe -k tsgateway;"ServiceDll" = %SystemRoot%\system32\aaedge.dll
R2 Tssdis;@%SystemRoot%\System32\tssdis.exe,-1026; C:\Windows\System32\tssdis.exe [2016-03-05 809984]
R2 UALSVC;@%systemroot%\system32\ualsvc.dll,-102; %SystemRoot%\system32\svchost.exe -k LocalSystemNetworkRestricted;"ServiceDll" = %SystemRoot%\System32\ualsvc.dll
R2 VGAuthService;VMware Alias Manager and Ticket Service; C:\Program Files\VMware\VMware Tools\VMware VGAuth\VGAuthService.exe [2016-02-16 160768]
R2 VMTools;VMware Tools; C:\Program Files\VMware\VMware Tools\vmtoolsd.exe [2016-02-16 83016]
R2 W3SVC;@%windir%\system32\inetsrv\iisres.dll,-30003; %windir%\system32\svchost.exe -k iissvcs;"ServiceDll" = %windir%\system32\inetsrv\iisw3adm.dll
R2 Wcmsvc;@%SystemRoot%\System32\wcmsvc.dll,-4097; %SystemRoot%\system32\svchost.exe -k LocalServiceNetworkRestricted;"ServiceDll" = %SystemRoot%\System32\wcmsvc.dll
R2 Winmgmt;@%Systemroot%\system32\wbem\wmisvc.dll,-205; %systemroot%\system32\svchost.exe -k netsvcs;"ServiceDll" = %SystemRoot%\system32\wbem\WMIsvc.dll
R2 WinRM;@%Systemroot%\system32\wsmsvc.dll,-101; %SystemRoot%\System32\svchost.exe -k NetworkService;"ServiceDll" = %SystemRoot%\system32\WsmSvc.dll
R3 AeLookupSvc;@%SystemRoot%\system32\aelupsvc.dll,-1; %systemroot%\system32\svchost.exe -k netsvcs;"ServiceDll" = %SystemRoot%\System32\aelupsvc.dll
R3 Appinfo;@%systemroot%\system32\appinfo.dll,-100; %SystemRoot%\system32\svchost.exe -k netsvcs;"ServiceDll" = %SystemRoot%\System32\appinfo.dll
R3 BITS;@%SystemRoot%\system32\qmgr.dll,-1000; %SystemRoot%\System32\svchost.exe -k netsvcs;"ServiceDll" = %SystemRoot%\System32\qmgr.dll
R3 CertPropSvc;@%SystemRoot%\System32\certprop.dll,-11; %SystemRoot%\system32\svchost.exe -k netsvcs;"ServiceDll" = %SystemRoot%\System32\certprop.dll
R3 COMSysApp;@comres.dll,-947; C:\Windows\system32\dllhost.exe [2014-11-21 19264]
R3 KeyIso;@keyiso.dll,-100; C:\Windows\system32\lsass.exe [2014-11-21 47024]
R3 MSSQL$MICROSOFT##WID;@%systemroot%\WID\Binn\Resources\wid.rll,-2001; C:\Windows\WID\Binn\sqlservr.exe [2017-02-10 191064]
R3 Netman;@%SystemRoot%\system32\netman.dll,-109; %SystemRoot%\System32\svchost.exe -k LocalSystemNetworkRestricted;"ServiceDll" = %SystemRoot%\System32\netman.dll
R3 netprofm;@%SystemRoot%\system32\netprofmsvc.dll,-202; %SystemRoot%\System32\svchost.exe -k LocalService;"ServiceDll" = %SystemRoot%\System32\netprofmsvc.dll
R3 PlugPlay;@%SystemRoot%\system32\umpnpmgr.dll,-200; %SystemRoot%\system32\svchost.exe -k DcomLaunch;"ServiceDll" = %SystemRoot%\system32\umpnpmgr.dll
R3 PolicyAgent;@%SystemRoot%\System32\polstore.dll,-5010; %SystemRoot%\system32\svchost.exe -k NetworkServiceNetworkRestricted;"ServiceDll" = %SystemRoot%\System32\ipsecsvc.dll
R3 RPCHTTPLBS;@%systemroot%\system32\RpcProxy\RpcProxy.dll,-2; %SystemRoot%\system32\svchost.exe -k RPCHTTPLBS;"ServiceDll" = %SystemRoot%\System32\RpcProxy\LBService.dll
R3 seclogon;@%SystemRoot%\system32\seclogon.dll,-7001; %windir%\system32\svchost.exe -k netsvcs;"ServiceDll" = %windir%\system32\seclogon.dll
R3 SessionEnv;@%SystemRoot%\System32\SessEnv.dll,-1026; %SystemRoot%\System32\svchost.exe -k netsvcs;"ServiceDll" = %SystemRoot%\system32\sessenv.dll
R3 TermService;@%SystemRoot%\System32\termsrv.dll,-268; %SystemRoot%\System32\svchost.exe -k termsvcs;"ServiceDll" = %SystemRoot%\System32\termsrv.dll
R3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; %SystemRoot%\System32\svchost.exe -k LocalSystemNetworkRestricted;"ServiceDll" = %SystemRoot%\System32\umrdp.dll
R3 W32Time;@%SystemRoot%\system32\w32time.dll,-200; %SystemRoot%\system32\svchost.exe -k LocalService;"ServiceDll" = %systemroot%\system32\w32time.dll
R3 WAS;@%windir%\system32\inetsrv\iisres.dll,-30001; %windir%\system32\svchost.exe -k iissvcs;"ServiceDll" = %windir%\system32\inetsrv\iisw3adm.dll
R3 WIDWriter;@%systemroot%\WID\Binn\Resources\wid.rll,-2003; C:\Windows\WID\Binn\sqlwriter.exe [2017-02-10 129624]
S2 RemoteRegistry;@regsvc.dll,-1; %SystemRoot%\system32\svchost.exe -k localService;"ServiceDll" = %SystemRoot%\system32\regsvc.dll
S2 sppsvc;@%SystemRoot%\system32\sppsvc.exe,-101; C:\Windows\system32\sppsvc.exe [2016-06-10 6521800]
S3 ALG;@%SystemRoot%\system32\Alg.exe,-112; C:\Windows\System32\alg.exe [2014-11-21 96768]
S3 AppIDSvc;@%systemroot%\system32\appidsvc.dll,-100; %SystemRoot%\system32\svchost.exe -k LocalServiceNetworkRestricted;"ServiceDll" = %SystemRoot%\System32\appidsvc.dll
S3 AppMgmt;@appmgmts.dll,-3250; %SystemRoot%\system32\svchost.exe -k netsvcs;"ServiceDll" = %SystemRoot%\System32\appmgmts.dll
S3 AppReadiness;@%SystemRoot%\System32\AppReadiness.dll,-1000; %SystemRoot%\System32\svchost.exe -k AppReadiness;"ServiceDll" = %SystemRoot%\system32\AppReadiness.dll
S3 AppXSvc;@%SystemRoot%\system32\appxdeploymentserver.dll,-1; %systemroot%\system32\svchost.exe -k wsappx;"ServiceDll" = %SystemRoot%\system32\appxdeploymentserver.dll
S3 aspnet_state;@%SystemRoot%\Microsoft.NET\Framework64\v4.0.30319\aspnet_rc.dll,-1; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe [2016-11-30 51384]
S3 AudioEndpointBuilder;@%SystemRoot%\system32\AudioEndpointBuilder.dll,-204; %SystemRoot%\System32\svchost.exe -k LocalSystemNetworkRestricted;"ServiceDll" = %SystemRoot%\System32\AudioEndpointBuilder.dll
S3 Audiosrv;@%SystemRoot%\system32\audiosrv.dll,-200; %SystemRoot%\System32\svchost.exe -k LocalServiceNetworkRestricted;"ServiceDll" = %SystemRoot%\System32\Audiosrv.dll
S3 defragsvc;@%SystemRoot%\system32\defragsvc.dll,-101; %SystemRoot%\system32\svchost.exe -k defragsvc;"ServiceDll" = %Systemroot%\System32\defragsvc.dll
S3 DeviceAssociationService;@%SystemRoot%\system32\das.dll,-100; %SystemRoot%\system32\svchost.exe -k LocalSystemNetworkRestricted;"ServiceDll" = %SystemRoot%\system32\das.dll
S3 DeviceInstall;@%SystemRoot%\system32\umpnpmgr.dll,-100; %SystemRoot%\system32\svchost.exe -k DcomLaunch;"ServiceDll" = %SystemRoot%\system32\umpnpmgr.dll
S3 dot3svc;@%systemroot%\system32\dot3svc.dll,-1102; %SystemRoot%\system32\svchost.exe -k LocalSystemNetworkRestricted;"ServiceDll" = %SystemRoot%\System32\dot3svc.dll
S3 DsmSvc;@%SystemRoot%\system32\DeviceSetupManager.dll,-1000; %SystemRoot%\system32\svchost.exe -k netsvcs;"ServiceDll" = %SystemRoot%\System32\DeviceSetupManager.dll
S3 Eaphost;@%systemroot%\system32\eapsvc.dll,-1; %SystemRoot%\System32\svchost.exe -k netsvcs;"ServiceDll" = %SystemRoot%\System32\eapsvc.dll
S3 EFS;@%SystemRoot%\system32\efssvc.dll,-100; C:\Windows\System32\lsass.exe [2014-11-21 47024]
S3 fdPHost;@%systemroot%\system32\fdPHost.dll,-100; %SystemRoot%\system32\svchost.exe -k LocalService;"ServiceDll" = %SystemRoot%\system32\fdPHost.dll
S3 FDResPub;@%systemroot%\system32\fdrespub.dll,-100; %SystemRoot%\system32\svchost.exe -k LocalServiceAndNoImpersonation;"ServiceDll" = %SystemRoot%\system32\fdrespub.dll
S3 FontCache3.0.0.0;@%SystemRoot%\system32\PresentationHost.exe,-3309; C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe [2013-08-03 43696]
S3 hidserv;@%SystemRoot%\System32\hidserv.dll,-101; %SystemRoot%\system32\svchost.exe -k LocalSystemNetworkRestricted;"ServiceDll" = %SystemRoot%\system32\hidserv.dll
S3 hkmsvc;@%SystemRoot%\system32\kmsvc.dll,-6; %SystemRoot%\System32\svchost.exe -k netsvcs;"ServiceDll" = %SystemRoot%\system32\kmsvc.dll
S3 IEEtwCollectorService;@%SystemRoot%\system32\ieetwcollectorres.dll,-1000; C:\Windows\system32\IEEtwCollector.exe [2017-04-16 116224]
S3 KtmRm;@comres.dll,-2946; %SystemRoot%\System32\svchost.exe -k NetworkServiceAndNoImpersonation;"ServiceDll" = %systemroot%\system32\msdtckrm.dll
S3 lltdsvc;@%SystemRoot%\system32\lltdres.dll,-1; %SystemRoot%\System32\svchost.exe -k LocalService;"ServiceDll" = %SystemRoot%\System32\lltdsvc.dll
S3 MMCSS;@%systemroot%\system32\mmcss.dll,-100; %SystemRoot%\system32\svchost.exe -k netsvcs;"ServiceDll" = %SystemRoot%\system32\mmcss.dll
S3 MSiSCSI;@%SystemRoot%\system32\iscsidsc.dll,-5000; %systemroot%\system32\svchost.exe -k netsvcs;"ServiceDll" = %systemroot%\system32\iscsiexe.dll
S3 msiserver;@%SystemRoot%\system32\msimsg.dll,-27; C:\Windows\system32\msiexec.exe [2016-05-05 65024]
S3 napagent;@%SystemRoot%\system32\qagentrt.dll,-6; %SystemRoot%\System32\svchost.exe -k NetworkService;"ServiceDll" = %SystemRoot%\system32\qagentRT.dll
S3 NcaSvc;@%SystemRoot%\system32\ncasvc.dll,-3009; %SystemRoot%\System32\svchost.exe -k NetSvcs;"ServiceDll" = %SystemRoot%\System32\ncasvc.dll
S3 ose;Office  Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2014-01-23 150600]
S3 osppsvc;Office Software Protection Platform; C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
S3 PerfHost;@%systemroot%\sysWow64\perfhost.exe,-2; C:\Windows\SysWow64\perfhost.exe [2013-08-22 21504]
S3 pla;@%systemroot%\system32\pla.dll,-500; %SystemRoot%\System32\svchost.exe -k LocalServiceNoNetwork;"ServiceDll" = %systemroot%\system32\pla.dll
S3 PrintNotify;@C:\Windows\system32\spool\drivers\x64\3\PrintConfig.dll,-1; %SystemRoot%\system32\svchost.exe -k print;"ServiceDll" = C:\Windows\system32\spool\drivers\x64\3\PrintConfig.dll
S3 RasAuto;@%Systemroot%\system32\rasauto.dll,-200; %SystemRoot%\System32\svchost.exe -k netsvcs;"ServiceDll" = %SystemRoot%\System32\rasauto.dll
S3 RasMan;@%Systemroot%\system32\rasmans.dll,-200; %SystemRoot%\System32\svchost.exe -k netsvcs;"ServiceDll" = %SystemRoot%\System32\rasmans.dll
S3 RpcLocator;@%systemroot%\system32\Locator.exe,-2; C:\Windows\system32\locator.exe [2014-11-21 10240]
S3 RSoPProv;@gpapi.dll,-114; C:\Windows\system32\RSoPProv.exe [2013-08-22 85504]
S3 sacsvr;@%systemroot%\system32\sacsvr.dll,-500; %SystemRoot%\System32\svchost.exe -k netsvcs;"ServiceDll" = %SystemRoot%\system32\sacsvr.dll
S3 ScDeviceEnum;@%SystemRoot%\System32\ScDeviceEnum.dll,-100; %SystemRoot%\system32\svchost.exe -k LocalSystemNetworkRestricted;"ServiceDll" = %SystemRoot%\System32\ScDeviceEnum.dll
S3 SCPolicySvc;@%SystemRoot%\System32\certprop.dll,-13; %SystemRoot%\system32\svchost.exe -k netsvcs;"ServiceDll" = %SystemRoot%\System32\certprop.dll
S3 smphost;@%SystemRoot%\System32\smphost.dll,-102; %SystemRoot%\System32\svchost.exe -k smphost;"ServiceDll" = %Systemroot%\System32\smphost.dll
S3 SNMPTRAP;@%SystemRoot%\system32\snmptrap.exe,-3; C:\Windows\System32\snmptrap.exe [2014-11-21 14848]
S3 SstpSvc;@%SystemRoot%\system32\sstpsvc.dll,-200; %SystemRoot%\system32\svchost.exe -k LocalService;"ServiceDll" = %SystemRoot%\system32\sstpsvc.dll
S3 svsvc;@%SystemRoot%\system32\svsvc.dll,-101; %SystemRoot%\system32\svchost.exe -k LocalSystemNetworkRestricted;"ServiceDll" = %SystemRoot%\system32\svsvc.dll
S3 swprv;@%SystemRoot%\System32\swprv.dll,-103; %SystemRoot%\System32\svchost.exe -k swprv;"ServiceDll" = %Systemroot%\System32\swprv.dll
S3 TapiSrv;@%SystemRoot%\system32\tapisrv.dll,-10100; %SystemRoot%\System32\svchost.exe -k tapisrv;"ServiceDll" = %SystemRoot%\System32\tapisrv.dll
S3 THREADORDER;@%systemroot%\system32\mmcss.dll,-102; %SystemRoot%\system32\svchost.exe -k LocalService;"ServiceDll" = %SystemRoot%\system32\mmcss.dll
S3 TieringEngineService;@%SystemRoot%\system32\TieringEngineService.exe,-702; C:\Windows\system32\TieringEngineService.exe [2014-11-21 259072]
S3 TrustedInstaller;@%SystemRoot%\servicing\TrustedInstaller.exe,-100; C:\Windows\servicing\TrustedInstaller.exe [2014-11-21 106496]
S3 UI0Detect;@%SystemRoot%\system32\ui0detect.exe,-101; C:\Windows\system32\UI0Detect.exe [2014-11-21 41984]
S3 VaultSvc;@%SystemRoot%\system32\vaultsvc.dll,-1003; C:\Windows\system32\lsass.exe [2014-11-21 47024]
S3 vds;@%SystemRoot%\system32\vds.exe,-100; C:\Windows\System32\vds.exe [2014-11-21 1313792]
S3 vmicguestinterface;@%systemroot%\system32\vmicres.dll,-801; %systemroot%\system32\svchost.exe -k LocalSystemNetworkRestricted;"ServiceDll" = %SystemRoot%\System32\ICSvc.dll
S3 vmicheartbeat;@%systemroot%\system32\vmicres.dll,-101; %systemroot%\system32\svchost.exe -k ICService;"ServiceDll" = %SystemRoot%\System32\ICSvc.dll
S3 vmickvpexchange;@%systemroot%\system32\vmicres.dll,-201; %systemroot%\system32\svchost.exe -k LocalSystemNetworkRestricted;"ServiceDll" = %SystemRoot%\System32\ICSvc.dll
S3 vmicrdv;@%systemroot%\system32\vmicres.dll,-601; %systemroot%\system32\svchost.exe -k ICService;"ServiceDll" = %SystemRoot%\System32\ICSvc.dll
S3 vmicshutdown;@%systemroot%\system32\vmicres.dll,-301; %systemroot%\system32\svchost.exe -k LocalSystemNetworkRestricted;"ServiceDll" = %SystemRoot%\System32\ICSvc.dll
S3 vmictimesync;@%systemroot%\system32\vmicres.dll,-401; %systemroot%\system32\svchost.exe -k LocalServiceNetworkRestricted;"ServiceDll" = %SystemRoot%\System32\ICSvc.dll
S3 vmicvss;@%systemroot%\system32\vmicres.dll,-501; %systemroot%\system32\svchost.exe -k LocalSystemNetworkRestricted;"ServiceDll" = %SystemRoot%\System32\ICSvc.dll
S3 vmvss;VMware Snapshot Provider; C:\Windows\system32\dllhost.exe [2014-11-21 19264]
S3 VSS;@%systemroot%\system32\vssvc.exe,-102; C:\Windows\system32\vssvc.exe [2016-02-05 1455104]
S3 w3logsvc;@%windir%\system32\inetsrv\iisres.dll,-30014; %windir%\system32\svchost.exe -k apphost;"ServiceDll" = %windir%\system32\inetsrv\w3logsvc.dll
S3 WcsPlugInService;@%SystemRoot%\system32\WcsPlugInService.dll,-200; %SystemRoot%\system32\svchost.exe -k wcssvc;"ServiceDll" = %SystemRoot%\System32\WcsPlugInService.dll
S3 WdiServiceHost;@%systemroot%\system32\wdi.dll,-502; %SystemRoot%\System32\svchost.exe -k LocalService;"ServiceDll" = %SystemRoot%\system32\wdi.dll
S3 WdiSystemHost;@%systemroot%\system32\wdi.dll,-500; %SystemRoot%\System32\svchost.exe -k LocalSystemNetworkRestricted;"ServiceDll" = %SystemRoot%\system32\wdi.dll
S3 Wecsvc;@%SystemRoot%\system32\wecsvc.dll,-200; %SystemRoot%\system32\svchost.exe -k NetworkService;"ServiceDll" = %SystemRoot%\system32\wecsvc.dll
S3 WEPHOSTSVC;@%systemroot%\system32\wephostsvc.dll,-100; %systemroot%\system32\svchost.exe -k WepHostSvcGroup;"ServiceDll" = %systemroot%\system32\wephostsvc.dll
S3 wercplsupport;@%SystemRoot%\System32\wercplsupport.dll,-101; %SystemRoot%\System32\svchost.exe -k netsvcs;"ServiceDll" = %SystemRoot%\System32\wercplsupport.dll
S3 WerSvc;@%SystemRoot%\System32\wersvc.dll,-100; %SystemRoot%\System32\svchost.exe -k WerSvcGroup;"ServiceDll" = %SystemRoot%\System32\WerSvc.dll
S3 WinHttpAutoProxySvc;@%SystemRoot%\system32\winhttp.dll,-100; %SystemRoot%\system32\svchost.exe -k LocalService;"ServiceDll" = %SystemRoot%\system32\winhttp.dll
S3 wmiApSrv;@%Systemroot%\system32\wbem\wmiapsrv.exe,-110; C:\Windows\system32\wbem\WmiApSrv.exe [2014-11-21 201728]
S3 WPDBusEnum;@%SystemRoot%\system32\wpdbusenum.dll,-100; %SystemRoot%\system32\svchost.exe -k LocalSystemNetworkRestricted;"ServiceDll" = %SystemRoot%\system32\wpdbusenum.dll
S3 WSService;@%SystemRoot%\system32\WSService.dll,-103; %SystemRoot%\System32\svchost.exe -k wsappx;"ServiceDll" = %SystemRoot%\System32\WSService.dll
S3 wuauserv;@%systemroot%\system32\wuaueng.dll,-105; %systemroot%\system32\svchost.exe -k netsvcs;"ServiceDll" = %systemroot%\system32\wuaueng.dll
S3 wudfsvc;@%SystemRoot%\system32\wudfsvc.dll,-1000; %SystemRoot%\system32\svchost.exe -k LocalSystemNetworkRestricted;"ServiceDll" = %SystemRoot%\System32\WUDFSvc.dll
S4 Browser;@%systemroot%\system32\browser.dll,-100; %SystemRoot%\System32\svchost.exe -k netsvcs;"ServiceDll" = %SystemRoot%\System32\browser.dll
S4 NetTcpPortSharing;@%systemroot%\Microsoft.NET\Framework64\v4.0.30319\ServiceModelInstallRC.dll,-8201; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2013-08-10 139856]
S4 RemoteAccess;@%Systemroot%\system32\mprdim.dll,-200; %SystemRoot%\System32\svchost.exe -k netsvcs;"ServiceDll" = %SystemRoot%\System32\mprdim.dll
S4 SCardSvr;@%SystemRoot%\System32\SCardSvr.dll,-1; %SystemRoot%\system32\svchost.exe -k LocalServiceAndNoImpersonation;"ServiceDll" = %SystemRoot%\System32\SCardSvr.dll
S4 SharedAccess;@%SystemRoot%\system32\ipnathlp.dll,-106; %SystemRoot%\System32\svchost.exe -k netsvcs;"ServiceDll" = %SystemRoot%\System32\ipnathlp.dll
S4 SSDPSRV;@%systemroot%\system32\ssdpsrv.dll,-100; %SystemRoot%\system32\svchost.exe -k LocalServiceAndNoImpersonation;"ServiceDll" = %SystemRoot%\System32\ssdpsrv.dll
S4 upnphost;@%systemroot%\system32\upnphost.dll,-213; %SystemRoot%\system32\svchost.exe -k LocalServiceAndNoImpersonation;"ServiceDll" = %SystemRoot%\System32\upnphost.dll

-----------------EOF-----------------
