Airco

ComboFix 12-12-02.01 - Anna 03-12-2012 16:52:06.4.4 - x64 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.31.1043.18.4008.2380 [GMT 1:00] Gestart vanuit: c:\users\Anna\Desktop\ComboFix.exe AV: AVG Anti-Virus Free Edition 2013 *Disabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9} AV: Microsoft Security Essentials *Disabled/Updated* {B140BF4E-23BB-4198-90AB-A51A4C60A69C} SP: AVG Anti-Virus Free Edition 2013 *Disabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664} SP: Microsoft Security Essentials *Disabled/Updated* {0A215EAA-0581-4E16-AA1B-9E6837E7EC21} SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} * Nieuw herstelpunt werd aangemaakt . . (((((((((((((((((((((((((((((((((( Andere Verwijderingen ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\programdata\Simio c:\programdata\Simio\Server.lic c:\programdata\Simio\Simio.Settings . . (((((((((((((((((((( Bestanden Gemaakt van 2012-11-03 to 2012-12-03 )))))))))))))))))))))))))))))) . . 2012-12-03 15:57 . 2012-12-03 15:57 -------- d-----w- c:\users\Default\AppData\Local\temp 2012-12-03 15:57 . 2012-12-03 15:57 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp 2012-12-03 15:20 . 2012-11-08 17:24 9125352 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{FAEE0A56-AF2C-4D3B-AD36-4A52F34E2B51}\mpengine.dll 2012-12-02 13:12 . 2012-11-08 17:24 9125352 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll 2012-11-29 21:38 . 2012-11-29 21:38 -------- d-----w- c:\users\Anna\DoctorWeb 2012-11-27 21:04 . 2012-11-27 21:04 -------- d-----w- c:\program files (x86)\ESET 2012-11-16 10:34 . 2012-07-26 07:49 2560 ----a-w- c:\windows\system32\drivers\nl-NL\wdf01000.sys.mui 2012-11-16 10:34 . 2012-07-26 04:55 785512 ----a-w- c:\windows\system32\drivers\Wdf01000.sys 2012-11-16 10:34 . 2012-07-26 04:55 54376 ----a-w- c:\windows\system32\drivers\WdfLdr.sys 2012-11-16 10:34 . 2012-07-26 02:36 9728 ----a-w- c:\windows\system32\Wdfres.dll 2012-11-16 10:22 . 2012-10-08 12:19 17811968 ----a-w- c:\windows\system32\mshtml.dll 2012-11-16 10:22 . 2012-10-08 11:42 10925568 ----a-w- c:\windows\system32\ieframe.dll 2012-11-16 10:17 . 2012-07-26 02:26 87040 ----a-w- c:\windows\system32\drivers\WUDFPf.sys 2012-11-16 10:17 . 2012-07-26 02:26 198656 ----a-w- c:\windows\system32\drivers\WUDFRd.sys 2012-11-16 10:17 . 2012-07-26 03:08 84992 ----a-w- c:\windows\system32\WUDFSvc.dll 2012-11-16 10:17 . 2012-07-26 03:08 194048 ----a-w- c:\windows\system32\WUDFPlatform.dll 2012-11-16 10:17 . 2012-07-26 03:08 229888 ----a-w- c:\windows\system32\WUDFHost.exe 2012-11-16 10:17 . 2012-07-26 03:08 744448 ----a-w- c:\windows\system32\WUDFx.dll 2012-11-16 10:17 . 2012-07-26 03:08 45056 ----a-w- c:\windows\system32\WUDFCoinstaller.dll 2012-11-15 15:26 . 2012-11-15 15:26 -------- d-----w- c:\users\Anna\AppData\Roaming\Malwarebytes 2012-11-15 15:26 . 2012-11-15 15:26 -------- d-----w- c:\programdata\Malwarebytes 2012-11-15 15:26 . 2012-11-15 15:26 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware 2012-11-15 15:26 . 2012-09-29 18:54 25928 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-11-15 10:06 . 2012-11-15 10:06 388096 ----a-r- c:\users\Anna\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe 2012-11-15 10:06 . 2012-11-15 10:06 -------- d-----w- c:\program files (x86)\Trend Micro 2012-11-12 10:55 . 2012-11-12 10:55 -------- d-----w- c:\program files\Common Files\Deterministic Networks 2012-11-12 10:55 . 2012-11-12 10:55 -------- d-----w- c:\program files (x86)\Cisco Systems 2012-11-12 10:20 . 2012-11-12 10:20 -------- d-----w- c:\users\Anna\AppData\Local\Simio_LLC 2012-11-12 10:20 . 2012-11-12 10:20 -------- d-----w- c:\users\Anna\AppData\Local\IsolatedStorage . . . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-11-21 10:07 . 2011-09-08 14:51 45056 ----a-w- c:\windows\system32\acovcnt.exe 2012-11-16 10:19 . 2011-10-04 13:30 66395536 ----a-w- c:\windows\system32\MRT.exe 2012-10-22 12:02 . 2012-10-22 12:02 154464 ----a-w- c:\windows\system32\drivers\avgidsdrivera.sys 2012-10-18 17:58 . 2011-04-13 03:18 5016872 ----a-w- c:\windows\system32\ETDUI.cpl 2012-10-18 17:58 . 2011-04-13 03:18 142632 ----a-w- c:\windows\system32\drivers\ETD.sys 2012-10-15 02:48 . 2012-10-15 02:48 63328 ----a-w- c:\windows\system32\drivers\avgidsha.sys 2012-10-05 02:32 . 2012-10-05 02:32 111456 ----a-w- c:\windows\system32\drivers\avgmfx64.sys 2012-10-04 11:33 . 2012-10-19 22:18 972192 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{F8504E6B-0F2E-4692-8E15-1D78CFF7B89B}\gapaengine.dll 2012-10-04 11:33 . 2011-10-11 22:10 972192 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll 2012-10-02 01:30 . 2012-10-02 01:30 185696 ----a-w- c:\windows\system32\drivers\avgldx64.sys 2012-09-21 01:46 . 2012-09-21 01:46 200032 ----a-w- c:\windows\system32\drivers\avgtdia.sys 2012-09-21 01:46 . 2012-09-21 01:46 225120 ----a-w- c:\windows\system32\drivers\avgloga.sys 2012-09-20 15:02 . 2012-09-20 15:02 1832760 ----a-w- c:\windows\system32\LogiLDA.DLL 2012-09-14 19:19 . 2012-10-10 09:49 2048 ----a-w- c:\windows\system32\tzres.dll 2012-09-14 18:28 . 2012-10-10 09:49 2048 ----a-w- c:\windows\SysWow64\tzres.dll 2012-09-14 01:05 . 2012-09-14 01:05 40800 ----a-w- c:\windows\system32\drivers\avgrkx64.sys 2012-09-07 09:19 . 2012-09-07 09:19 32768 ----a-w- c:\windows\system32\maplec.dll 2012-09-07 09:19 . 2012-09-07 09:19 281088 ----a-w- c:\windows\system32\WMIMPLEX.dll . . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond REGEDIT4 . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1] @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}] 2012-02-15 00:32 94208 ----a-w- c:\users\Anna\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2] @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}] 2012-02-15 00:32 94208 ----a-w- c:\users\Anna\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3] @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}] 2012-02-15 00:32 94208 ----a-w- c:\users\Anna\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Lingoes"="c:\program files (x86)\Lingoes\Translator2\Lingoes.exe" [2011-10-31 2375680] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "AVG_UI"="c:\program files (x86)\AVG\AVG2013\avgui.exe" [2012-11-06 3143800] "HControlUser"="c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe" [2009-06-19 105016] "SonicMasterTray"="c:\program files (x86)\ASUS\Sonic Focus\SonicFocusTray.exe" [2010-07-10 984400] "ASUSPRP"="c:\program files (x86)\ASUS\APRP\APRP.EXE" [2011-04-13 2018032] "ATKOSD2"="c:\program files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe" [2010-08-17 5732992] "ATKMEDIA"="c:\program files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe" [2010-10-07 170624] . c:\users\Anna\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ Dropbox.lnk - c:\users\Anna\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-5-24 27112840] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows] "LoadAppInit_DLLs"=1 (0x1) . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc] @="Service" . R2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2013\avgidsagent.exe [2012-11-06 5814392] R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-13 160944] R3 L1C;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20);c:\windows\system32\DRIVERS\L1C62x64.sys [2009-06-10 57344] R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [2011-05-02 340240] R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2012-08-30 128456] R3 NisSrv;Microsoft Netwerkinspectie;c:\program files\Microsoft Security Client\NisSrv.exe [2012-09-12 368896] R3 RSUSBVSTOR;RtsUVStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RTSUVSTOR.sys [2010-08-03 290920] R3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;c:\windows\system32\DRIVERS\SiSG664.sys [2009-06-10 56832] R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392] R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-20 31232] R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-02-15 52736] R3 WatAdminSvc;Windows Activation Technologies-service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-09-12 1255736] R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184] S0 AVGIDSHA;AVGIDSHA;c:\windows\system32\DRIVERS\avgidsha.sys [2012-10-15 63328] S0 Avgloga;AVG Logging Driver;c:\windows\system32\DRIVERS\avgloga.sys [2012-09-21 225120] S0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys [2012-10-05 111456] S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys [2012-09-14 40800] S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys [2011-05-10 25960] S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2011-11-03 56208] S1 ATKWMIACPIIO;ATKWMIACPI Driver;c:\program files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys [2010-07-26 17024] S1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdrivera.sys [2012-10-22 154464] S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys [2012-10-02 185696] S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys [2012-09-21 200032] S2 AFBAgent;AFBAgent;c:\windows\system32\FBAgent.exe [2011-03-03 379520] S2 ASMMAP64;ASMMAP64;c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [2009-07-03 15416] S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2013\avgwdsvc.exe [2012-10-22 196664] S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624] S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-09-29 399432] S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-09-29 676936] S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776] S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys [2010-04-16 13832] S2 TurboBoost;Intel® Turbo Boost Technology Monitor;c:\program files\Intel\TurboBoost\TurboBoost.exe [2010-04-16 134928] S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys [2012-10-18 142632] S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-10-14 317440] S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-09-29 25928] S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-01-13 413800] S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2011-10-01 764264] S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2011-10-01 268648] S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2011-10-01 25960] S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2011-10-01 22376] S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496] . . --- Andere Services/Drivers In Geheugen --- . *NewlyCreated* - DWPROT *Deregistered* - 60011031009CC . Inhoud van de 'Gedeelde Taken' map . 2012-12-01 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-04-13 02:33] . 2012-12-03 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-04-13 02:33] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_B] @="{6D4133E5-0742-4ADC-8A8C-9303440F7190}" [HKEY_CLASSES_ROOT\CLSID\{6D4133E5-0742-4ADC-8A8C-9303440F7190}] 2010-09-02 08:41 220160 ----a-w- c:\program files (x86)\ASUS\ASUS WebStorage\3.0.84.161\AsusWSShellExt64.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_O] @="{64174815-8D98-4CE6-8646-4C039977D808}" [HKEY_CLASSES_ROOT\CLSID\{64174815-8D98-4CE6-8646-4C039977D808}] 2010-09-02 08:41 220160 ----a-w- c:\program files (x86)\ASUS\ASUS WebStorage\3.0.84.161\AsusWSShellExt64.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1] @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}] 2012-02-15 00:32 97792 ----a-w- c:\users\Anna\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2] @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}] 2012-02-15 00:32 97792 ----a-w- c:\users\Anna\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3] @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}] 2012-02-15 00:32 97792 ----a-w- c:\users\Anna\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4] @="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}] 2012-02-15 00:32 97792 ----a-w- c:\users\Anna\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ETDCtrl"="c:\program files (x86)\Elantech\ETDCtrl.exe" [bU] "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-09-12 1289704] "Logitech Download Assistant"="c:\windows\System32\LogiLDA.dll" [2012-09-20 1832760] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "AppInit_DLLs"=c:\windows\System32\nvinitx.dll . ------- Bijkomende Scan ------- . uLocal Page = c:\windows\system32\blank.htm uStart Page = hxxp://asus.msn.com mStart Page = hxxp://asus.msn.com mLocal Page = c:\windows\SysWOW64\blank.htm uInternet Settings,ProxyOverride = *.local IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000 IE: Se&nd to OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105 TCP: DhcpNameServer = 192.168.1.1 FF - ProfilePath - c:\users\Anna\AppData\Roaming\Mozilla\Firefox\Profiles\3tjgyygu.default\ FF - prefs.js: browser.startup.homepage - about:newtab FF - ExtSQL: 2012-10-27 21:46; {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}; c:\program files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} . - - - - ORPHANS VERWIJDERD - - - - . Toolbar-Locked - (no file) WebBrowser-{87775FDB-6972-41F9-AE51-8326E38CB206} - (no file) AddRemove-Optimizer Pro_is1 - c:\program files (x86)\Optimizer Pro\unins000.exe AddRemove-SP_a6a8650b - c:\program files (x86)\WxDFast\uninstall.exe AddRemove-{088DF54D-6FFC-8C91-02D5-A461DCC2E652} - c:\programdata\wxDownload\uninstall.exe . . . --------------------- VERGRENDELDE REGISTER SLEUTELS --------------------- . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10k.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.10" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10k.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10k.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10k.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}] @Denied: (A 2) (Everyone) @="IFlashBroker4" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*] @="?????????????????? v1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*\CLSID] @="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*] @="?????????????????? v2" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*\CLSID] @="{9BE31822-FDAD-461B-AD51-BE1D1C159921}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}] @Denied: (A) (Everyone) "Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3] @Denied: (A) (Everyone) . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0] "Key"="ActionsPane3" "Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Voltooingstijd: 2012-12-03 17:00:17 ComboFix-quarantined-files.txt 2012-12-03 16:00 ComboFix2.txt 2012-11-23 15:45 ComboFix3.txt 2012-11-18 14:32 . Pre-Run: 73.714.442.240 bytes beschikbaar Post-Run: 73.673.404.416 bytes beschikbaar . - - End Of File - - FC38EF634B07D09C6F55717395360277 - - - Updated - - - Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 17:04:07, on 3-12-2012 Platform: Windows 7 SP1 (WinNT 6.00.3505) MSIE: Internet Explorer v9.00 (9.00.8112.16455) Boot mode: Normal Running processes: C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe C:\Program Files (x86)\Lingoes\Translator2\Lingoes.exe C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe C:\Program Files (x86)\AVG\AVG2013\avgui.exe C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe C:\Program Files (x86)\ASUS\Sonic Focus\SonicFocusTray.exe C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVH.EXE C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AcroRd32.exe C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AcroRd32.exe C:\Program Files (x86)\Mozilla Firefox\firefox.exe C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://asus.msn.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://asus.msn.com R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Trend Micro NSC BHO - {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - C:\Program Files\Trend Micro\AMSP\Module\20004\1.5.1381\6.5.1234\TmIEPlg32.dll (file missing) O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll O2 - BHO: Aanmeldhulp voor Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL O2 - BHO: TmBpIeBHO - {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} - C:\Program Files\Trend Micro\AMSP\Module\20002\6.5.1234\6.5.1234\TmBpIe32.dll (file missing) O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll O4 - HKLM\..\Run: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2013\avgui.exe" /TRAYONLY O4 - HKLM\..\Run: [HControlUser] C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe O4 - HKLM\..\Run: [sonicMasterTray] C:\Program Files (x86)\ASUS\Sonic Focus\SonicFocusTray.exe O4 - HKLM\..\Run: [ASUSPRP] "C:\Program Files (x86)\ASUS\APRP\APRP.EXE" O4 - HKLM\..\Run: [ATKOSD2] C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe O4 - HKLM\..\Run: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe O4 - HKCU\..\Run: [Lingoes] C:\Program Files (x86)\Lingoes\Translator2\Lingoes.exe -minimize O4 - Startup: Dropbox.lnk = Anna\AppData\Roaming\Dropbox\bin\Dropbox.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 O9 - Extra button: @C:\Program Files (x86)\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O9 - Extra 'Tools' menuitem: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL O18 - Protocol: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\Module\20002\6.5.1234\6.5.1234\TmBpIe32.dll (file missing) O18 - Protocol: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\Module\20004\1.5.1381\6.5.1234\TmIEPlg32.dll (file missing) O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe O23 - Service: AFBAgent - Unknown owner - C:\Windows\system32\FBAgent.exe (file missing) O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing) O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe O23 - Service: ASLDR Service (ASLDRService) - ASUS - C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe O23 - Service: ATKGFNEX Service (ATKGFNEXSrv) - ASUS - C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing) O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel® Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing) O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing) O23 - Service: Wireless PAN DHCP Server (MyWiFiDHCPDNS) - Unknown owner - C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: NVIDIA Driver Helper Service (NVSvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing) O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel® Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing) O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing) O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing) O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing) O23 - Service: SwitchBoard - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe O23 - Service: Intel® Turbo Boost Technology Monitor (TurboBoost) - Intel® Corporation - C:\Program Files\Intel\TurboBoost\TurboBoost.exe O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing) O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing) O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing) O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing) O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing) O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing) O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) -- End of file - 12493 bytes

Weet niet of ik het goed heb gedaan, maar hij zegt wachten op actie dus ik heb maar op zoeken geklikt # AdwCleaner v2.011 - Verslag gemaakt op 03/12/2012 om 16:45:28 # Geactualiseerd op 02/12/2012 door Xplode # Besturingssysteem : Windows 7 Home Premium Service Pack 1 (64 bits) # Gebruiker : Anna - ANNA-PC # Opstarten Modus : Normale modus # Gelanceerd vanaf : C:\Users\Anna\Desktop\adwcleaner.exe # Optie [Zoeken] ***** [Diensten] ***** ***** [Files / Mappen] ***** ***** [Register] ***** Sleutel Aanwezig : HKCU\Software\Conduit Sleutel Aanwezig : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1} Sleutel Aanwezig : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5} ***** [browsers] ***** -\\ Internet Explorer v9.0.8112.16455 [OK] Het register bevat geen enkele ongeoorloofde invoer. -\\ Mozilla Firefox v17.0.1 (en-US) Profielnaam : default File : C:\Users\Anna\AppData\Roaming\Mozilla\Firefox\Profiles\3tjgyygu.default\prefs.js [OK] De file bevat geen enkele ongeoorloofde invoer. -\\ Google Chrome v23.0.1271.95 File : C:\Users\Anna\AppData\Local\Google\Chrome\User Data\Default\Preferences [OK] De file bevat geen enkele ongeoorloofde invoer. ************************* AdwCleaner[R1].txt - [1390 octets] - [03/12/2012 16:31:27] AdwCleaner[R2].txt - [1260 octets] - [03/12/2012 16:45:28] AdwCleaner[s1].txt - [18288 octets] - [26/11/2012 16:18:23] ########## EOF - C:\AdwCleaner[R2].txt - [1381 octets] ##########

Malwarebytes Anti-Malware 1.65.1.1000 Malwarebytes : Free anti-malware download Databaseversie: v2012.11.28.01 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 Anna :: ANNA-PC [administrator] 3-12-2012 16:15:06 mbam-log-2012-12-03 (16-15-06).txt Scantype: Snelle scan Ingeschakelde scanopties: Geheugen | Opstartitems | Register | Bestanden en mappen | Heuristiek/Extra | Heuristiek/Shuriken | PUP | PUM Uitgeschakelde scanopties: P2P Objecten gescand: 231615 Verstreken tijd: 4 minuut/minuten, 45 seconde(n) Geheugenprocessen gedetecteerd: 0 (Geen kwaadaardige objecten gedetecteerd) Geheugenmodulen gedetecteerd: 0 (Geen kwaadaardige objecten gedetecteerd) Registersleutels gedetecteerd: 0 (Geen kwaadaardige objecten gedetecteerd) Registerwaarden gedetecteerd: 0 (Geen kwaadaardige objecten gedetecteerd) Registerdata gedetecteerd: 0 (Geen kwaadaardige objecten gedetecteerd) Mappen gedetecteerd: 0 (Geen kwaadaardige objecten gedetecteerd) Bestanden gedetecteerd: 0 (Geen kwaadaardige objecten gedetecteerd) (einde)

Iemand kwam op het idee om firefox te verwijderen en opnieuw te instaleren en volgens mij zijn die reclames weg. Volgens mijn computer was firefox ook 1,6 gb groot terwijl dit normaal 64 mb ofzo moet zijn dus misschien zaten die reclames daarin verstopt? Moet ik die andere scan nog doorlopen? Is mijn computer verder schoon nu?

die adobe kan ik niet meer gebruiken moet ik die verwijderen?

Oke, maar ik heb nog steeds die reclame hoe krijg ik die weg?

Jaa ik heb het nog steeds, dus ik weet niet wat ik nu nog moet doen? - - - Updated - - - Hoe kan ik die cracks weg krijgen dan? - - - Updated - - - en hoe kom ik aan die cracks? ik zie dat die in adobe staat?

ESETSmartInstaller@High as downloader log: all ok # version=7 # OnlineScannerApp.exe=1.0.0.1 # OnlineScanner.ocx=1.0.0.6583 # api_version=3.0.2 # EOSSerial=bc7207c40d53f14a9b232bf3c722b328 # end=finished # remove_checked=true # archives_checked=true # unwanted_checked=true # unsafe_checked=true # antistealth_checked=true # utc_time=2012-11-28 12:30:14 # local_time=2012-11-28 01:30:14 (+0100, West-Europa (standaardtijd)) # country="Netherlands" # lang=1033 # osver=6.1.7601 NT Service Pack 1 # compatibility_mode=1024 16777215 100 0 6239327 6239327 0 0 # compatibility_mode=5893 16776574 66 85 32494733 105680278 0 0 # compatibility_mode=8192 67108863 100 0 3738 3738 0 0 # scanned=292094 # found=5 # cleaned=5 # scan_time=12186 C:\Users\Anna\Desktop\Adobe CS6 Master Collection\Crack\Patch.rar a variant of Win32/HackTool.Patcher.A application (deleted - quarantined) 00000000000000000000000000000000 C C:\Users\Anna\Documents\random\YouTubeDownloaderSetup35.exe probably a variant of Win32/Toolbar.Widgi application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\Users\Anna\Downloads\iLividSetup.exe Win32/Toolbar.SearchSuite application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\Users\Anna\Downloads\SoftonicDownloader_voor_windows-media-player-plugin(1).exe a variant of Win32/SoftonicDownloader.E application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\Users\Anna\Downloads\SoftonicDownloader_voor_windows-media-player-plugin.exe a variant of Win32/SoftonicDownloader.D application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

Ja nog steeds die iphone reclame

# AdwCleaner v2.009 - Verslag gemaakt op 26/11/2012 om 16:18:23 # Geactualiseerd op 24/11/2012 door Xplode # Besturingssysteem : Windows 7 Home Premium Service Pack 1 (64 bits) # Gebruiker : Anna - ANNA-PC # Opstarten Modus : Normale modus # Gelanceerd vanaf : C:\Users\Anna\Desktop\adwcleaner.exe # Optie [Verwijderen] ***** [Diensten] ***** ***** [Files / Mappen] ***** Map Verwijdert : C:\Program Files (x86)\Conduit Map Verwijdert : C:\Program Files (x86)\wxDfast Map Verwijdert : C:\ProgramData\Partner Map Verwijdert : C:\Users\Anna\AppData\Local\Conduit Map Verwijdert : C:\Users\Anna\AppData\LocalLow\Conduit Map Verwijdert : C:\Users\Anna\AppData\LocalLow\PriceGong Map Verwijdert : C:\Users\Anna\AppData\Roaming\Mozilla\Firefox\Profiles\qxzi4cfm.default\ConduitCommon Map Verwijdert : C:\Users\Anna\AppData\Roaming\Mozilla\Firefox\Profiles\qxzi4cfm.default\CT2865317 Map Verwijdert : C:\Users\Anna\AppData\Roaming\Mozilla\Firefox\Profiles\qxzi4cfm.default\extensions\{87775fdb-6972-41f9-ae51-8326e38cb206} ***** [Register] ***** Sleutel Verwijdert : HKCU\Software\Conduit Sleutel Verwijdert : HKCU\Software\Softonic Sleutel Verwijdert : HKLM\SOFTWARE\Classes\Toolbar.CT2865317 Sleutel Verwijdert : HKLM\Software\Conduit ***** [browsers] ***** -\\ Internet Explorer v9.0.8112.16421 [OK] Het register bevat geen enkele ongeoorloofde invoer. -\\ Mozilla Firefox v15.0.1 (nl) Profielnaam : default File : C:\Users\Anna\AppData\Roaming\Mozilla\Firefox\Profiles\qxzi4cfm.default\prefs.js Verwijdert : user_pref("CT2865317..clientLogIsEnabled", true); Verwijdert : user_pref("CT2865317..clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.as[...] Verwijdert : user_pref("CT2865317..uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/Re[...] Verwijdert : user_pref("CT2865317.ALLOW_SHOWING_HIDDEN_TOOLBAR", false); Verwijdert : user_pref("CT2865317.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx"); Verwijdert : user_pref("CT2865317.AppTrackingLastCheckTime", "Thu Jun 21 2012 10:31:56 GMT+0200"); Verwijdert : user_pref("CT2865317.CTID", "CT2865317"); Verwijdert : user_pref("CT2865317.CurrentServerDate", "26-11-2012"); Verwijdert : user_pref("CT2865317.DSInstall", true); Verwijdert : user_pref("CT2865317.DialogsAlignMode", "LTR"); Verwijdert : user_pref("CT2865317.DialogsGetterLastCheckTime", "Mon Nov 26 2012 10:05:31 GMT+0100"); Verwijdert : user_pref("CT2865317.DownloadReferralCookieData", ""); Verwijdert : user_pref("CT2865317.EMailNotifierPollDate", "Mon Jul 23 2012 13:31:03 GMT+0200"); Verwijdert : user_pref("CT2865317.FeedLastCount5397019970362056034", 501); Verwijdert : user_pref("CT2865317.FeedPollDate2429156812186649977", "Mon Jul 23 2012 13:01:03 GMT+0200"); Verwijdert : user_pref("CT2865317.FeedPollDate2429156813040823546", "Mon Jul 23 2012 13:01:03 GMT+0200"); Verwijdert : user_pref("CT2865317.FeedPollDate2429156813130095866", "Mon Jul 23 2012 13:01:03 GMT+0200"); Verwijdert : user_pref("CT2865317.FeedPollDate2429156813224203613", "Mon Jul 23 2012 13:01:03 GMT+0200"); Verwijdert : user_pref("CT2865317.FeedPollDate2429156813230837251", "Mon Jul 23 2012 13:01:03 GMT+0200"); Verwijdert : user_pref("CT2865317.FeedPollDate2429156813454291735", "Mon Jul 23 2012 13:01:03 GMT+0200"); Verwijdert : user_pref("CT2865317.FeedPollDate2429156813729834876", "Mon Jul 23 2012 13:01:03 GMT+0200"); Verwijdert : user_pref("CT2865317.FeedPollDate2429156813860870021", "Mon Jul 23 2012 13:01:03 GMT+0200"); Verwijdert : user_pref("CT2865317.FeedPollDate2429156814264681793", "Mon Jul 23 2012 13:01:03 GMT+0200"); Verwijdert : user_pref("CT2865317.FeedPollDate2429156814863075366", "Mon Jul 23 2012 13:01:03 GMT+0200"); Verwijdert : user_pref("CT2865317.FeedPollDate2429156815257761081", "Mon Jul 23 2012 13:01:03 GMT+0200"); Verwijdert : user_pref("CT2865317.FeedTTL2429156813040823546", 15); Verwijdert : user_pref("CT2865317.FeedTTL2429156813130095866", 10); Verwijdert : user_pref("CT2865317.FeedTTL2429156813454291735", 5); Verwijdert : user_pref("CT2865317.FeedTTL2429156814264681793", 5); Verwijdert : user_pref("CT2865317.FirstServerDate", "26-9-2011"); Verwijdert : user_pref("CT2865317.FirstTime", true); Verwijdert : user_pref("CT2865317.FirstTimeFF3", true); Verwijdert : user_pref("CT2865317.FixPageNotFoundErrors", false); Verwijdert : user_pref("CT2865317.GroupingServerCheckInterval", 1440); Verwijdert : user_pref("CT2865317.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/"); Verwijdert : user_pref("CT2865317.HPInstall", false); Verwijdert : user_pref("CT2865317.HasUserGlobalKeys", true); Verwijdert : user_pref("CT2865317.HomePageProtectorEnabled", false); Verwijdert : user_pref("CT2865317.HomepageBeforeUnload", "hxxp://www.google.nl/|hxxps://blackboard.tudelft.nl/web[...] Verwijdert : user_pref("CT2865317.Initialize", true); Verwijdert : user_pref("CT2865317.InitializeCommonPrefs", true); Verwijdert : user_pref("CT2865317.InstallationAndCookieDataSentCount", 3); Verwijdert : user_pref("CT2865317.InstallationType", "UnknownIntegration"); Verwijdert : user_pref("CT2865317.InstalledDate", "Mon Sep 26 2011 08:57:37 GMT+0200"); Verwijdert : user_pref("CT2865317.IsAlertDBUpdated", true); Verwijdert : user_pref("CT2865317.IsGrouping", false); Verwijdert : user_pref("CT2865317.IsInitSetupIni", true); Verwijdert : user_pref("CT2865317.IsMulticommunity", false); Verwijdert : user_pref("CT2865317.IsOpenThankYouPage", true); Verwijdert : user_pref("CT2865317.IsOpenUninstallPage", false); Verwijdert : user_pref("CT2865317.LanguagePackLastCheckTime", "Mon Nov 26 2012 10:05:31 GMT+0100"); Verwijdert : user_pref("CT2865317.LanguagePackReloadIntervalMM", 1440); Verwijdert : user_pref("CT2865317.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx[...] Verwijdert : user_pref("CT2865317.LastLogin_3.10.0.1", "Tue Apr 17 2012 20:29:10 GMT+0200"); Verwijdert : user_pref("CT2865317.LastLogin_3.12.0.7", "Sat Apr 28 2012 10:41:26 GMT+0200"); Verwijdert : user_pref("CT2865317.LastLogin_3.12.2.3", "Thu May 31 2012 03:49:04 GMT+0200"); Verwijdert : user_pref("CT2865317.LastLogin_3.13.0.6", "Tue Jul 17 2012 20:42:33 GMT+0200"); Verwijdert : user_pref("CT2865317.LastLogin_3.14.1.0", "Sat Sep 08 2012 22:07:00 GMT+0200"); Verwijdert : user_pref("CT2865317.LastLogin_3.15.1.0", "Wed Nov 07 2012 10:29:06 GMT+0100"); Verwijdert : user_pref("CT2865317.LastLogin_3.16.0.3", "Mon Nov 26 2012 10:05:31 GMT+0100"); Verwijdert : user_pref("CT2865317.LastLogin_3.7.0.6", "Tue Nov 08 2011 22:25:06 GMT+0100"); Verwijdert : user_pref("CT2865317.LastLogin_3.8.0.8", "Tue Dec 06 2011 08:18:30 GMT+0100"); Verwijdert : user_pref("CT2865317.LastLogin_3.8.1.0", "Wed Jan 11 2012 20:05:27 GMT+0100"); Verwijdert : user_pref("CT2865317.LastLogin_3.9.0.3", "Thu Mar 08 2012 16:05:25 GMT+0100"); Verwijdert : user_pref("CT2865317.LatestVersion", "3.16.0.3"); Verwijdert : user_pref("CT2865317.Locale", "nl"); Verwijdert : user_pref("CT2865317.MCDetectTooltipHeight", "83"); Verwijdert : user_pref("CT2865317.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1"); Verwijdert : user_pref("CT2865317.MCDetectTooltipWidth", "295"); Verwijdert : user_pref("CT2865317.MyStuffEnabledAtInstallation", true); Verwijdert : user_pref("CT2865317.OriginalFirstVersion", "3.7.0.6"); Verwijdert : user_pref("CT2865317.SHRINK_TOOLBAR", 1); Verwijdert : user_pref("CT2865317.SearchBoxWidth", 150); Verwijdert : user_pref("CT2865317.SearchCaption", "uTorrentBar_NL Customized Web Search"); Verwijdert : user_pref("CT2865317.SearchEngineBeforeUnload", "chrome://browser-region/locale/region.properties"); Verwijdert : user_pref("CT2865317.SearchFromAddressBarIsInit", true); Verwijdert : user_pref("CT2865317.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT286[...] Verwijdert : user_pref("CT2865317.SearchInNewTabEnabled", true); Verwijdert : user_pref("CT2865317.SearchInNewTabIntervalMM", 1440); Verwijdert : user_pref("CT2865317.SearchInNewTabLastCheckTime", "Mon Nov 26 2012 10:05:30 GMT+0100"); Verwijdert : user_pref("CT2865317.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_T[...] Verwijdert : user_pref("CT2865317.SearchInNewTabUsageUrl", "hxxp://usage.hosting.toolbar.conduit-services.com/usa[...] Verwijdert : user_pref("CT2865317.SearchProtectorEnabled", false); Verwijdert : user_pref("CT2865317.SearchProtectorToolbarDisabled", false); Verwijdert : user_pref("CT2865317.SendProtectorDataViaLogin", true); Verwijdert : user_pref("CT2865317.ServiceMapLastCheckTime", "Mon Nov 26 2012 10:05:31 GMT+0100"); Verwijdert : user_pref("CT2865317.SettingsLastCheckTime", "Mon Nov 26 2012 10:05:28 GMT+0100"); Verwijdert : user_pref("CT2865317.SettingsLastUpdate", "1352142245"); Verwijdert : user_pref("CT2865317.TBHomePageUrl", "hxxp://search.conduit.com/?ctid=CT2865317&SearchSource=13"); Verwijdert : user_pref("CT2865317.ThirdPartyComponentsInterval", 504); Verwijdert : user_pref("CT2865317.ThirdPartyComponentsLastCheck", "Sat Jul 21 2012 22:55:45 GMT+0200"); Verwijdert : user_pref("CT2865317.ThirdPartyComponentsLastUpdate", "1331805997"); Verwijdert : user_pref("CT2865317.ToolbarShrinkedFromSetup", false); Verwijdert : user_pref("CT2865317.TrusteLinkUrl", "hxxp://trust.conduit.com/CT2865317"); Verwijdert : user_pref("CT2865317.TrustedApiDomains", "conduit.com,conduit-hosting.com,conduit-services.com,clien[...] Verwijdert : user_pref("CT2865317.UserID", "UN35204503704968894"); Verwijdert : user_pref("CT2865317.ValidationData_Search", 1); Verwijdert : user_pref("CT2865317.ValidationData_Toolbar", 2); Verwijdert : user_pref("CT2865317.WeatherNetwork", ""); Verwijdert : user_pref("CT2865317.WeatherPollDate", "Mon Jul 23 2012 13:31:05 GMT+0200"); Verwijdert : user_pref("CT2865317.WeatherUnit", "C"); Verwijdert : user_pref("CT2865317.alertChannelId", "1257316"); Verwijdert : user_pref("CT2865317.backendstorage.cb_experience_000", "3231"); Verwijdert : user_pref("CT2865317.backendstorage.cb_firstuse0100", "31"); Verwijdert : user_pref("CT2865317.backendstorage.cb_user_id_000", "43423133393538393136393637365F46697265666F78")[...] Verwijdert : user_pref("CT2865317.backendstorage.cbcountry_000", "434E"); Verwijdert : user_pref("CT2865317.backendstorage.cbcountry_001", "4E4C"); Verwijdert : user_pref("CT2865317.backendstorage.cbfirsttime", "5765642053657020323820323031312031303A32363A31312[...] Verwijdert : user_pref("CT2865317.backendstorage.pairingkey", "37413839363141423334343145393745313446323233414132[...] Verwijdert : user_pref("CT2865317.backendstorage.scriptsource", "687474703A2F2F3132372E302E302E313A31303030302F67[...] Verwijdert : user_pref("CT2865317.backendstorage.url_history", "687474703A2F2F626C313530772E626C753135302E6D61696[...] Verwijdert : user_pref("CT2865317.backendstorage.url_history0001", "687474703A2F2F7777772E7265736964656E746164766[...] Verwijdert : user_pref("CT2865317.backendstorage.uttorrents", "7B226275696C64223A32353830362C226C6162656C223A5B5D[...] Verwijdert : user_pref("CT2865317.generalConfigFromLogin", "{\"ApiMaxAlerts\":\"12\",\"SocialDomains\":\"social.c[...] Verwijdert : user_pref("CT2865317.globalFirstTimeInfoLastCheckTime", "Sat Jul 21 2012 22:55:46 GMT+0200"); Verwijdert : user_pref("CT2865317.homepageProtectorEnableByLogin", true); Verwijdert : user_pref("CT2865317.initDone", true); Verwijdert : user_pref("CT2865317.isAppTrackingManagerOn", true); Verwijdert : user_pref("CT2865317.myStuffEnabled", true); Verwijdert : user_pref("CT2865317.myStuffPublihserMinWidth", 400); Verwijdert : user_pref("CT2865317.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOr[...] Verwijdert : user_pref("CT2865317.myStuffServiceIntervalMM", 1440); Verwijdert : user_pref("CT2865317.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?Co[...] Verwijdert : user_pref("CT2865317.oldAppsList", "129363015615025603,129363015615338104,1000234,129791448105653660[...] Verwijdert : user_pref("CT2865317.revertSettingsEnabled", true); Verwijdert : user_pref("CT2865317.searchProtectorDialogDelayInSec", 10); Verwijdert : user_pref("CT2865317.searchProtectorEnableByLogin", true); Verwijdert : user_pref("CT2865317.testingCtid", ""); Verwijdert : user_pref("CT2865317.toolbarAppMetaDataLastCheckTime", "Mon Nov 26 2012 10:05:31 GMT+0100"); Verwijdert : user_pref("CT2865317.toolbarContextMenuLastCheckTime", "Sun Jul 15 2012 23:11:21 GMT+0200"); Verwijdert : user_pref("CT2865317.usagesFlag", 2); Verwijdert : user_pref("CommunityToolbar.ETag.hxxp://Settings.toolbar.search.conduit.com/root/CT2865317/CT2865317[...] Verwijdert : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/1257316/1252989/NL", "\"0\"[...] Verwijdert : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT2865317", [...] Verwijdert : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=GottenApps&lo[...] Verwijdert : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=OtherApps&loc[...] Verwijdert : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=SharedApps&lo[...] Verwijdert : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=Toolbar&local[...] Verwijdert : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.alert.conduit-services.com/alert/dlg.pkg", "\[...] Verwijdert : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.10[...] Verwijdert : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.12[...] Verwijdert : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.12[...] Verwijdert : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.13[...] Verwijdert : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.14[...] Verwijdert : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.15[...] Verwijdert : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.16[...] Verwijdert : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.7.[...] Verwijdert : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.8.[...] Verwijdert : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.8.[...] Verwijdert : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.9.[...] Verwijdert : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT2865317",[...] Verwijdert : user_pref("CommunityToolbar.ETag.hxxp://settings.toolbar.conduit-services.com/?ctid=CT2865317&octid=[...] Verwijdert : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=nl", "\"e22[...] Verwijdert : user_pref("CommunityToolbar.LatestLibsPath", "file:///C:\\Users\\Anna\\AppData\\Roaming\\Mozilla\\Fi[...] Verwijdert : user_pref("CommunityToolbar.LatestToolbarVersionInstalled", "3.14.1.0"); Verwijdert : user_pref("CommunityToolbar.MiniIPageGadgetSize.hxxp://listen.grooveshark.com/ ", "800x599"); Verwijdert : user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", ""); Verwijdert : user_pref("CommunityToolbar.ToolbarsList", "CT2865317"); Verwijdert : user_pref("CommunityToolbar.ToolbarsList2", "CT2865317"); Verwijdert : user_pref("CommunityToolbar.ToolbarsList4", "CT2865317"); Verwijdert : user_pref("CommunityToolbar.facebook.settingsLastCheckTime", "Tue Apr 17 2012 20:29:10 GMT+0200"); Verwijdert : user_pref("CommunityToolbar.globalUserId", "1c74ca3d-543c-403b-833d-13ace35d1c04"); Verwijdert : user_pref("CommunityToolbar.isAlertUrlAddedToFeedItemTable", true); Verwijdert : user_pref("CommunityToolbar.isClickActionAddedToFeedItemTable", true); Verwijdert : user_pref("CommunityToolbar.notifications.alertDialogsGetterLastCheckTime", "Fri Jul 20 2012 16:50:5[...] Verwijdert : user_pref("CommunityToolbar.notifications.alertInfoInterval", 1440); Verwijdert : user_pref("CommunityToolbar.notifications.alertInfoLastCheckTime", "Sun Jul 22 2012 23:29:59 GMT+020[...] Verwijdert : user_pref("CommunityToolbar.notifications.clientsServerUrl", "hxxp://alert.client.conduit.com"); Verwijdert : user_pref("CommunityToolbar.notifications.locale", "en"); Verwijdert : user_pref("CommunityToolbar.notifications.loginIntervalMin", 1440); Verwijdert : user_pref("CommunityToolbar.notifications.loginLastCheckTime", "Mon Jul 23 2012 10:01:05 GMT+0200"); Verwijdert : user_pref("CommunityToolbar.notifications.loginLastUpdateTime", "1313487611"); Verwijdert : user_pref("CommunityToolbar.notifications.messageShowTimeSec", 20); Verwijdert : user_pref("CommunityToolbar.notifications.servicesServerUrl", "hxxp://alert.services.conduit.com"); Verwijdert : user_pref("CommunityToolbar.notifications.showTrayIcon", false); Verwijdert : user_pref("CommunityToolbar.notifications.userCloseIntervalMin", 300); Verwijdert : user_pref("CommunityToolbar.notifications.userId", "6ebcd9ef-2ece-473d-b5d0-37dd60beb25c"); Verwijdert : user_pref("CommunityToolbar.originalHomepage", "hxxp://www.google.nl/|hxxps://blackboard.tudelft.nl/[...] Verwijdert : user_pref("CommunityToolbar.originalSearchEngine", "chrome://browser-region/locale/region.properties[...] Verwijdert : user_pref("extensions.508c0294eb946.scode", "(function(){try{if('aol.com,mail.google.com,mystart.inc[...] -\\ Google Chrome v [Onmogelijk de versie te verkrijgen] File : C:\Users\Anna\AppData\Local\Google\Chrome\User Data\Default\Preferences [OK] De file bevat geen enkele ongeoorloofde invoer. ************************* AdwCleaner[s1].txt - [18157 octets] - [26/11/2012 16:18:23] ########## EOF - C:\AdwCleaner[s1].txt - [18218 octets] ##########

jaa, ik heb van die snelkoppelingen, van die woorden die onderstreept staan, en als je er op klikt kom je op reclame sites PC Helpforum moderator bericht: Afbeelding niet bruikbaar zo ziet dat er dan uit, dus adressen is onderstreept, maar je gaat dan alleen als je er al met je muis op staat zie je al reclame en als je klikt ga je naar een reclame site

ComboFix 12-11-23.02 - Anna 23-11-2012 16:32:53.3.4 - x64 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.31.1043.18.4008.2164 [GMT 1:00] Gestart vanuit: c:\users\Anna\Desktop\ComboFix.exe gebruikte Opdracht switches :: c:\users\Anna\Desktop\CFScript.txt AV: AVG Anti-Virus Free Edition 2013 *Disabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9} AV: Microsoft Security Essentials *Disabled/Updated* {B140BF4E-23BB-4198-90AB-A51A4C60A69C} SP: AVG Anti-Virus Free Edition 2013 *Disabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664} SP: Microsoft Security Essentials *Disabled/Updated* {0A215EAA-0581-4E16-AA1B-9E6837E7EC21} SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . (((((((((((((((((((((((((((((((((( Andere Verwijderingen ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\program files (x86)\Optimizer Pro c:\program files (x86)\Optimizer Pro\English.ini c:\program files (x86)\Optimizer Pro\file_id.diz c:\program files (x86)\Optimizer Pro\OptimizerPro.chm c:\program files (x86)\Optimizer Pro\OptProLauncher.exe c:\program files (x86)\Optimizer Pro\OptProSchedule.exe c:\program files (x86)\Optimizer Pro\OptProSmartScan.exe c:\program files (x86)\Optimizer Pro\scan.gif c:\program files (x86)\Optimizer Pro\unins000.dat c:\programdata\InstallMate c:\programdata\InstallMate\CDF1A369\cfg\1.ini c:\programdata\InstallMate\CDF1A369\cfg\2.ini c:\programdata\InstallMate\CDF1A369\cfg\3.ini c:\programdata\InstallMate\CDF1A369\cfg\4_1.ini c:\programdata\InstallMate\CDF1A369\cfg\5.ini c:\programdata\InstallMate\CDF1A369\cfg\6.ini c:\programdata\InstallMate\CDF1A369\cfg\6_1.ini c:\programdata\InstallMate\CDF1A369\cfg\7.ini c:\programdata\InstallMate\CDF1A369\cfg\7_1.ini c:\users\Anna\AppData\Local\Microsoft\Windows\Temporary Internet Files\{D67ECC41-3392-4BB4-91F6-2BCF7D162373}.xps . . (((((((((((((((((((( Bestanden Gemaakt van 2012-10-23 to 2012-11-23 )))))))))))))))))))))))))))))) . . 2012-11-23 15:42 . 2012-11-23 15:42 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp 2012-11-23 15:42 . 2012-11-23 15:42 -------- d-----w- c:\users\Default\AppData\Local\temp 2012-11-23 13:59 . 2012-11-08 17:24 9125352 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{79B6EB69-EC4E-4A76-962A-ED31F0FF9198}\mpengine.dll 2012-11-22 12:43 . 2012-11-08 17:24 9125352 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll 2012-11-16 10:34 . 2012-07-26 07:49 2560 ----a-w- c:\windows\system32\drivers\nl-NL\wdf01000.sys.mui 2012-11-16 10:34 . 2012-07-26 04:55 785512 ----a-w- c:\windows\system32\drivers\Wdf01000.sys 2012-11-16 10:34 . 2012-07-26 04:55 54376 ----a-w- c:\windows\system32\drivers\WdfLdr.sys 2012-11-16 10:34 . 2012-07-26 02:36 9728 ----a-w- c:\windows\system32\Wdfres.dll 2012-11-16 10:22 . 2012-10-08 12:19 17811968 ----a-w- c:\windows\system32\mshtml.dll 2012-11-16 10:22 . 2012-10-08 11:42 10925568 ----a-w- c:\windows\system32\ieframe.dll 2012-11-16 10:17 . 2012-07-26 02:26 87040 ----a-w- c:\windows\system32\drivers\WUDFPf.sys 2012-11-16 10:17 . 2012-07-26 02:26 198656 ----a-w- c:\windows\system32\drivers\WUDFRd.sys 2012-11-16 10:17 . 2012-07-26 03:08 84992 ----a-w- c:\windows\system32\WUDFSvc.dll 2012-11-16 10:17 . 2012-07-26 03:08 194048 ----a-w- c:\windows\system32\WUDFPlatform.dll 2012-11-16 10:17 . 2012-07-26 03:08 229888 ----a-w- c:\windows\system32\WUDFHost.exe 2012-11-16 10:17 . 2012-07-26 03:08 744448 ----a-w- c:\windows\system32\WUDFx.dll 2012-11-16 10:17 . 2012-07-26 03:08 45056 ----a-w- c:\windows\system32\WUDFCoinstaller.dll 2012-11-15 15:26 . 2012-11-15 15:26 -------- d-----w- c:\users\Anna\AppData\Roaming\Malwarebytes 2012-11-15 15:26 . 2012-11-15 15:26 -------- d-----w- c:\programdata\Malwarebytes 2012-11-15 15:26 . 2012-11-15 15:26 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware 2012-11-15 15:26 . 2012-09-29 18:54 25928 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-11-15 10:06 . 2012-11-15 10:06 388096 ----a-r- c:\users\Anna\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe 2012-11-15 10:06 . 2012-11-15 10:06 -------- d-----w- c:\program files (x86)\Trend Micro 2012-11-12 10:55 . 2012-11-12 10:55 -------- d-----w- c:\program files\Common Files\Deterministic Networks 2012-11-12 10:55 . 2012-11-12 10:55 -------- d-----w- c:\program files (x86)\Cisco Systems 2012-11-12 10:20 . 2012-11-12 10:20 -------- d-----w- c:\users\Anna\AppData\Local\Simio_LLC 2012-11-12 10:20 . 2012-11-12 10:20 -------- d-----w- c:\users\Anna\AppData\Local\IsolatedStorage 2012-10-27 15:49 . 2012-10-27 15:52 -------- d-----w- c:\program files (x86)\WxDFast 2012-10-27 15:49 . 2012-10-27 15:52 -------- d-----w- c:\programdata\wxDownload 2012-10-25 11:25 . 2012-10-25 11:25 -------- d-----w- c:\users\Anna\AppData\Roaming\Lingoes 2012-10-25 11:25 . 2012-10-25 11:25 -------- d-----w- c:\users\Anna\AppData\Local\Lingoes 2012-10-25 11:25 . 2012-10-25 11:25 -------- d-----w- c:\programdata\Lingoes 2012-10-25 11:25 . 2012-10-25 11:25 -------- d-----w- c:\program files (x86)\Lingoes . . . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-11-21 10:07 . 2011-09-08 14:51 45056 ----a-w- c:\windows\system32\acovcnt.exe 2012-11-16 10:19 . 2011-10-04 13:30 66395536 ----a-w- c:\windows\system32\MRT.exe 2012-10-22 12:02 . 2012-10-22 12:02 154464 ----a-w- c:\windows\system32\drivers\avgidsdrivera.sys 2012-10-18 17:58 . 2011-04-13 03:18 5016872 ----a-w- c:\windows\system32\ETDUI.cpl 2012-10-18 17:58 . 2011-04-13 03:18 142632 ----a-w- c:\windows\system32\drivers\ETD.sys 2012-10-15 02:48 . 2012-10-15 02:48 63328 ----a-w- c:\windows\system32\drivers\avgidsha.sys 2012-10-05 02:32 . 2012-10-05 02:32 111456 ----a-w- c:\windows\system32\drivers\avgmfx64.sys 2012-10-04 11:33 . 2012-10-19 22:18 972192 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{F8504E6B-0F2E-4692-8E15-1D78CFF7B89B}\gapaengine.dll 2012-10-04 11:33 . 2011-10-11 22:10 972192 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll 2012-10-02 01:30 . 2012-10-02 01:30 185696 ----a-w- c:\windows\system32\drivers\avgldx64.sys 2012-09-21 01:46 . 2012-09-21 01:46 200032 ----a-w- c:\windows\system32\drivers\avgtdia.sys 2012-09-21 01:46 . 2012-09-21 01:46 225120 ----a-w- c:\windows\system32\drivers\avgloga.sys 2012-09-20 15:02 . 2012-09-20 15:02 1832760 ----a-w- c:\windows\system32\LogiLDA.DLL 2012-09-14 19:19 . 2012-10-10 09:49 2048 ----a-w- c:\windows\system32\tzres.dll 2012-09-14 18:28 . 2012-10-10 09:49 2048 ----a-w- c:\windows\SysWow64\tzres.dll 2012-09-14 01:05 . 2012-09-14 01:05 40800 ----a-w- c:\windows\system32\drivers\avgrkx64.sys 2012-09-07 09:19 . 2012-09-07 09:19 32768 ----a-w- c:\windows\system32\maplec.dll 2012-09-07 09:19 . 2012-09-07 09:19 281088 ----a-w- c:\windows\system32\WMIMPLEX.dll 2012-08-31 18:19 . 2012-10-10 09:50 1659760 ----a-w- c:\windows\system32\drivers\ntfs.sys 2012-08-30 20:03 . 2012-08-30 20:03 228768 ----a-w- c:\windows\system32\drivers\MpFilter.sys 2012-08-30 20:03 . 2011-04-27 13:25 128456 ----a-w- c:\windows\system32\drivers\NisDrvWFP.sys 2012-08-30 18:03 . 2012-10-10 09:50 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe 2012-08-30 17:12 . 2012-10-10 09:50 3968880 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe 2012-08-30 17:12 . 2012-10-10 09:50 3914096 ----a-w- c:\windows\SysWow64\ntoskrnl.exe . . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond REGEDIT4 . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1] @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}] 2012-02-15 00:32 94208 ----a-w- c:\users\Anna\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2] @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}] 2012-02-15 00:32 94208 ----a-w- c:\users\Anna\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3] @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}] 2012-02-15 00:32 94208 ----a-w- c:\users\Anna\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Lingoes"="c:\program files (x86)\Lingoes\Translator2\Lingoes.exe" [2011-10-31 2375680] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "AVG_UI"="c:\program files (x86)\AVG\AVG2013\avgui.exe" [2012-11-06 3143800] "HControlUser"="c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe" [2009-06-19 105016] "SonicMasterTray"="c:\program files (x86)\ASUS\Sonic Focus\SonicFocusTray.exe" [2010-07-10 984400] "ASUSPRP"="c:\program files (x86)\ASUS\APRP\APRP.EXE" [2011-04-13 2018032] "ATKOSD2"="c:\program files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe" [2010-08-17 5732992] "ATKMEDIA"="c:\program files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe" [2010-10-07 170624] . c:\users\Anna\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ Dropbox.lnk - c:\users\Anna\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-5-24 27112840] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows] "LoadAppInit_DLLs"=1 (0x1) . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc] @="Service" . R2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2013\avgidsagent.exe [2012-11-06 5814392] R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-13 160944] R3 L1C;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20);c:\windows\system32\DRIVERS\L1C62x64.sys [2009-06-10 57344] R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [2011-05-02 340240] R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2012-08-30 128456] R3 NisSrv;Microsoft Netwerkinspectie;c:\program files\Microsoft Security Client\NisSrv.exe [2012-09-12 368896] R3 RSUSBVSTOR;RtsUVStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RTSUVSTOR.sys [2010-08-03 290920] R3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;c:\windows\system32\DRIVERS\SiSG664.sys [2009-06-10 56832] R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392] R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-20 31232] R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-02-15 52736] R3 WatAdminSvc;Windows Activation Technologies-service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-09-12 1255736] R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184] S0 AVGIDSHA;AVGIDSHA;c:\windows\system32\DRIVERS\avgidsha.sys [2012-10-15 63328] S0 Avgloga;AVG Logging Driver;c:\windows\system32\DRIVERS\avgloga.sys [2012-09-21 225120] S0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys [2012-10-05 111456] S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys [2012-09-14 40800] S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys [2011-05-10 25960] S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2011-11-03 56208] S1 ATKWMIACPIIO;ATKWMIACPI Driver;c:\program files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys [2010-07-26 17024] S1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdrivera.sys [2012-10-22 154464] S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys [2012-10-02 185696] S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys [2012-09-21 200032] S2 AFBAgent;AFBAgent;c:\windows\system32\FBAgent.exe [2011-03-03 379520] S2 ASMMAP64;ASMMAP64;c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [2009-07-03 15416] S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2013\avgwdsvc.exe [2012-10-22 196664] S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624] S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-09-29 399432] S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-09-29 676936] S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776] S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys [2010-04-16 13832] S2 TurboBoost;Intel® Turbo Boost Technology Monitor;c:\program files\Intel\TurboBoost\TurboBoost.exe [2010-04-16 134928] S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys [2012-10-18 142632] S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-10-14 317440] S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-09-29 25928] S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-01-13 413800] S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2011-10-01 764264] S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2011-10-01 268648] S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2011-10-01 25960] S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2011-10-01 22376] S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496] . . Inhoud van de 'Gedeelde Taken' map . 2012-11-23 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-04-13 02:33] . 2012-11-23 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-04-13 02:33] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_B] @="{6D4133E5-0742-4ADC-8A8C-9303440F7190}" [HKEY_CLASSES_ROOT\CLSID\{6D4133E5-0742-4ADC-8A8C-9303440F7190}] 2010-09-02 08:41 220160 ----a-w- c:\program files (x86)\ASUS\ASUS WebStorage\3.0.84.161\AsusWSShellExt64.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_O] @="{64174815-8D98-4CE6-8646-4C039977D808}" [HKEY_CLASSES_ROOT\CLSID\{64174815-8D98-4CE6-8646-4C039977D808}] 2010-09-02 08:41 220160 ----a-w- c:\program files (x86)\ASUS\ASUS WebStorage\3.0.84.161\AsusWSShellExt64.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1] @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}] 2012-02-15 00:32 97792 ----a-w- c:\users\Anna\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2] @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}] 2012-02-15 00:32 97792 ----a-w- c:\users\Anna\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3] @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}] 2012-02-15 00:32 97792 ----a-w- c:\users\Anna\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4] @="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}] 2012-02-15 00:32 97792 ----a-w- c:\users\Anna\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ETDCtrl"="c:\program files (x86)\Elantech\ETDCtrl.exe" [bU] "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-09-12 1289704] "Logitech Download Assistant"="c:\windows\System32\LogiLDA.dll" [2012-09-20 1832760] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "AppInit_DLLs"=c:\windows\System32\nvinitx.dll . ------- Bijkomende Scan ------- . uLocal Page = c:\windows\system32\blank.htm uStart Page = hxxp://asus.msn.com mStart Page = hxxp://asus.msn.com mLocal Page = c:\windows\SysWOW64\blank.htm uInternet Settings,ProxyOverride = *.local IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000 IE: Se&nd to OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105 TCP: DhcpNameServer = 192.168.1.1 FF - ProfilePath - c:\users\Anna\AppData\Roaming\Mozilla\Firefox\Profiles\qxzi4cfm.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.google.nl/|https://blackboard.tudelft.nl/webapps/portal/frameset.jsp FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=937811&p= FF - ExtSQL: 2012-10-18 16:35; thepiratebay@mafiaafire.com; c:\users\Anna\AppData\Roaming\Mozilla\Firefox\Profiles\qxzi4cfm.default\extensions\thepiratebay@mafiaafire.com.xpi FF - ExtSQL: 2012-10-27 17:56; 508c0294eb89a@508c0294eb8d3.com; c:\users\Anna\AppData\Roaming\Mozilla\Firefox\Profiles\qxzi4cfm.default\extensions\508c0294eb89a@508c0294eb8d3.com . - - - - ORPHANS VERWIJDERD - - - - . Toolbar-Locked - (no file) Wow6432Node-HKCU-Run-AdobeBridge - (no file) WebBrowser-{87775FDB-6972-41F9-AE51-8326E38CB206} - (no file) AddRemove-Optimizer Pro_is1 - c:\program files (x86)\Optimizer Pro\unins000.exe AddRemove-SP_a6a8650b - c:\program files (x86)\WxDFast\uninstall.exe AddRemove-{088DF54D-6FFC-8C91-02D5-A461DCC2E652} - c:\programdata\wxDownload\uninstall.exe . . . --------------------- VERGRENDELDE REGISTER SLEUTELS --------------------- . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10k.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.10" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10k.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10k.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10k.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}] @Denied: (A 2) (Everyone) @="IFlashBroker4" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*] @="?????????????????? v1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*\CLSID] @="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*] @="?????????????????? v2" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*\CLSID] @="{9BE31822-FDAD-461B-AD51-BE1D1C159921}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}] @Denied: (A) (Everyone) "Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3] @Denied: (A) (Everyone) . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0] "Key"="ActionsPane3" "Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Voltooingstijd: 2012-11-23 16:45:40 ComboFix-quarantined-files.txt 2012-11-23 15:45 ComboFix2.txt 2012-11-18 14:32 . Pre-Run: 76.223.537.152 bytes beschikbaar Post-Run: 75.922.747.392 bytes beschikbaar . - - End Of File - - BB5A493C69EA3BBD8F915CD09F494619

. c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe c:\program files (x86)\Cisco Systems\VPN Client\cvpnd.exe c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe c:\program files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe c:\program files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe c:\program files (x86)\Lingoes\Translator2\Lingoes.exe c:\program files (x86)\AVG\AVG2013\avgui.exe c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe c:\program files (x86)\ASUS\Sonic Focus\SonicFocusTray.exe c:\program files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe . ************************************************************************** . Voltooingstijd: 2012-11-18 15:32:53 - machine werd herstart ComboFix-quarantined-files.txt 2012-11-18 14:32 . Pre-Run: 78.159.884.288 bytes beschikbaar Post-Run: 78.182.363.136 bytes beschikbaar . - - End Of File - - 0B9D31818607A03D605E687D88D87257

"ImagePath"="System32\drivers\mpsdrv.sys" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\MpsSvc] "ServiceDll"="%SystemRoot%\system32\mpssvc.dll" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\MRxDAV] "ImagePath"="\SystemRoot\system32\drivers\mrxdav.sys" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\mrxsmb] "ImagePath"="system32\DRIVERS\mrxsmb.sys" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\mrxsmb10] "ImagePath"="system32\DRIVERS\mrxsmb10.sys" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\mrxsmb20] "ImagePath"="system32\DRIVERS\mrxsmb20.sys" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\msahci] "ImagePath"="system32\drivers\msahci.sys" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\msdsm] "ImagePath"="\SystemRoot\system32\drivers\msdsm.sys" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\MSDTC] "ImagePath"="%SystemRoot%\System32\msdtc.exe" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\MSDTC Bridge 3.0.0.0] . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\MSDTC Bridge 4.0.0.0] . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Msfs] . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\mshidkmdf] "ImagePath"="\SystemRoot\System32\drivers\mshidkmdf.sys" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\msisadrv] "ImagePath"="system32\drivers\msisadrv.sys" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\MSiSCSI] "ServiceDll"="%systemroot%\system32\iscsiexe.dll" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\msiserver] "ImagePath"="%systemroot%\system32\msiexec.exe /V" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\MSKSSRV] "ImagePath"="system32\drivers\MSKSSRV.sys" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\MsMpSvc] "ImagePath"="\"c:\program files\Microsoft Security Client\MsMpEng.exe\"" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\MSPCLOCK] "ImagePath"="system32\drivers\MSPCLOCK.sys" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\MSPQM] "ImagePath"="system32\drivers\MSPQM.sys" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\MsRPC] . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\MSSCNTRS] . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\mssmbios] "ImagePath"="system32\DRIVERS\mssmbios.sys" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\MSTEE] "ImagePath"="system32\drivers\MSTEE.sys" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\MTConfig] "ImagePath"="\SystemRoot\system32\drivers\MTConfig.sys" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Mup] "ImagePath"="System32\Drivers\mup.sys" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\MyWiFiDHCPDNS] "ImagePath"="c:\program files\Intel\WiFi\bin\PanDhcpDns.exe" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\napagent] "ServiceDLL"="%SystemRoot%\system32\qagentRT.dll" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NativeWifiP] "ImagePath"="system32\DRIVERS\nwifi.sys" - - - Updated - - - . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NDIS] "ImagePath"="system32\drivers\ndis.sys" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NdisCap] "ImagePath"="system32\DRIVERS\ndiscap.sys" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NdisTapi] "ImagePath"="system32\DRIVERS\ndistapi.sys" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Ndisuio] "ImagePath"="system32\DRIVERS\ndisuio.sys" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NdisWan] "ImagePath"="system32\DRIVERS\ndiswan.sys" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NDProxy] . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NetBIOS] "ImagePath"="system32\DRIVERS\netbios.sys" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NetBT] "ImagePath"="System32\DRIVERS\netbt.sys" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Netlogon] "ImagePath"="%SystemRoot%\system32\lsass.exe" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Netman] "ServiceDll"="%SystemRoot%\System32\netman.dll" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\netprofm] "ServiceDll"="%SystemRoot%\System32\netprofm.dll" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NetTcpPortSharing] "ImagePath"="\"%systemroot%\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe\"" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NETwNs64] "ImagePath"="system32\DRIVERS\NETwNs64.sys" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\nfrd960] "ImagePath"="\SystemRoot\system32\drivers\nfrd960.sys" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NisDrv] "ImagePath"="system32\DRIVERS\NisDrvWFP.sys" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NisSrv] "ImagePath"="\"c:\program files\Microsoft Security Client\NisSrv.exe\"" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NlaSvc] "ServiceDll"="%SystemRoot%\System32\nlasvc.dll" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Npfs] . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\nsi] "ServiceDll"="%systemroot%\system32\nsisvc.dll" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\nsiproxy] "ImagePath"="system32\drivers\nsiproxy.sys" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NTDS] . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Ntfs] . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Null] . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\nvlddmkm] "ImagePath"="system32\DRIVERS\nvlddmkm.sys" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\nvpciflt] "ImagePath"="system32\DRIVERS\nvpciflt.sys" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\nvraid] "ImagePath"="\SystemRoot\system32\drivers\nvraid.sys" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\nvstor] "ImagePath"="\SystemRoot\system32\drivers\nvstor.sys" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NVSvc] "ImagePath"="%SystemRoot%\system32\nvvsvc.exe" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\nvUpdatusService] "ImagePath"="c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\nv_agp] "ImagePath"="\SystemRoot\system32\drivers\nv_agp.sys" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\ohci1394] "ImagePath"="\SystemRoot\system32\drivers\ohci1394.sys" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\ose] "ImagePath"="\"c:\program files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE\"" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\osppsvc] "ImagePath"="\"c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE\"" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Outlook] . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\p2pimsvc] "ServiceDll"="%SystemRoot%\system32\pnrpsvc.dll" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\p2psvc] "ServiceDll"="%SystemRoot%\system32\p2psvc.dll" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Parport] "ImagePath"="\SystemRoot\system32\drivers\parport.sys" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\partmgr] "ImagePath"="System32\drivers\partmgr.sys" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PcaSvc] "ServiceDll"="%SystemRoot%\System32\pcasvc.dll" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\pci] "ImagePath"="system32\drivers\pci.sys" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\pciide] "ImagePath"="system32\drivers\pciide.sys" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\pcmcia] "ImagePath"="\SystemRoot\system32\drivers\pcmcia.sys" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\pcw] "ImagePath"="System32\drivers\pcw.sys" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PEAUTH] "ImagePath"="system32\drivers\peauth.sys" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PerfDisk] . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PerfHost] "ImagePath"="%SystemRoot%\SysWow64\perfhost.exe" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PerfNet] . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PerfOS] . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PerfProc] . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Perf_iCrcPerfMonMgr] . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\pla] "ServiceDll"="%systemroot%\system32\pla.dll" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PlugPlay] "ServiceDll"="%SystemRoot%\system32\umpnpmgr.dll" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PNRPAutoReg] "ServiceDll"="%SystemRoot%\system32\pnrpauto.dll" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PNRPsvc] "ServiceDll"="%SystemRoot%\system32\pnrpsvc.dll" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PolicyAgent] "ServiceDll"="%SystemRoot%\System32\ipsecsvc.dll" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PortProxy] . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Power] "ServiceDll"="%SystemRoot%\system32\umpo.dll" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PptpMiniport] "ImagePath"="system32\DRIVERS\raspptp.sys" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Processor] "ImagePath"="\SystemRoot\system32\drivers\processr.sys" - - - Updated - - - . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\ProfSvc] "ServiceDll"="%systemroot%\system32\profsvc.dll" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\ProtectedStorage] "ImagePath"="%SystemRoot%\system32\lsass.exe" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Psched] "ImagePath"="system32\DRIVERS\pacer.sys" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PxHlpa64] "ImagePath"="System32\Drivers\PxHlpa64.sys" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\ql2300] "ImagePath"="\SystemRoot\system32\drivers\ql2300.sys" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\ql40xx] "ImagePath"="\SystemRoot\system32\drivers\ql40xx.sys" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\QWAVE] "ServiceDll"="%windir%\system32\qwave.dll" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\QWAVEdrv] "ImagePath"="\SystemRoot\system32\drivers\qwavedrv.sys" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\RasAcd] "ImagePath"="System32\DRIVERS\rasacd.sys" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\RasAgileVpn] "ImagePath"="system32\DRIVERS\AgileVpn.sys" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\RasAuto] "ServiceDll"="%SystemRoot%\System32\rasauto.dll" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Rasl2tp] "ImagePath"="system32\DRIVERS\rasl2tp.sys" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\RasMan] "ServiceDll"="%SystemRoot%\System32\rasmans.dll" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\RasPppoe] "ImagePath"="system32\DRIVERS\raspppoe.sys" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\RasSstp] "ImagePath"="system32\DRIVERS\rassstp.sys" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\rdbss] "ImagePath"="system32\DRIVERS\rdbss.sys" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\rdpbus] "ImagePath"="\SystemRoot\system32\drivers\rdpbus.sys" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\RDPCDD] "ImagePath"="System32\DRIVERS\RDPCDD.sys" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\RDPDD] . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\RDPENCDD] "ImagePath"="system32\drivers\rdpencdd.sys" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\RDPNP] . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\RDPREFMP] "ImagePath"="system32\drivers\rdprefmp.sys" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\RDPWD] . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\rdyboost] "ImagePath"="System32\drivers\rdyboost.sys" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\RegSrvc] "ImagePath"="c:\program files\Common Files\Intel\WirelessCommon\RegSrvc.exe" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\RemoteAccess] "ServiceDLL"="%SystemRoot%\System32\mprdim.dll" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\RemoteRegistry] "ServiceDll"="%SystemRoot%\system32\regsvc.dll" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\RFCOMM] "ImagePath"="system32\DRIVERS\rfcomm.sys" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\RpcEptMapper] "ServiceDll"="%SystemRoot%\System32\RpcEpMap.dll" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\RpcLocator] "ImagePath"="%SystemRoot%\system32\locator.exe" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\RpcSs] "ServiceDll"="%SystemRoot%\system32\rpcss.dll" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\rspndr] "ImagePath"="system32\DRIVERS\rspndr.sys" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\RSUSBVSTOR] "ImagePath"="System32\Drivers\RTSUVSTOR.sys" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\RTL8167] "ImagePath"="system32\DRIVERS\Rt64win7.sys" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SamSs] "ImagePath"="%SystemRoot%\system32\lsass.exe" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\sbp2port] "ImagePath"="\SystemRoot\system32\drivers\sbp2port.sys" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SCardSvr] "ServiceDll"="%SystemRoot%\System32\SCardSvr.dll" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\scfilter] "ImagePath"="System32\DRIVERS\scfilter.sys" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Schedule] "ServiceDll"="%systemroot%\system32\schedsvc.dll" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SCPolicySvc] "ServiceDll"="%SystemRoot%\System32\certprop.dll" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SDRSVC] "ServiceDll"="%Systemroot%\System32\SDRSVC.dll" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\secdrv] . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\seclogon] "ServiceDll"="%windir%\system32\seclogon.dll" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SENS] "ServiceDll"="%SystemRoot%\system32\sens.dll" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SensrSvc] "ServiceDll"="%SystemRoot%\system32\sensrsvc.dll" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Serenum] "ImagePath"="\SystemRoot\system32\drivers\serenum.sys" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Serial] "ImagePath"="\SystemRoot\system32\drivers\serial.sys" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\sermouse] "ImagePath"="\SystemRoot\system32\drivers\sermouse.sys" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\ServiceModelEndpoint 3.0.0.0] . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\ServiceModelOperation 3.0.0.0] . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\ServiceModelService 3.0.0.0] . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SessionEnv] "ServiceDLL"="%SystemRoot%\system32\sessenv.dll" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\sffdisk] "ImagePath"="\SystemRoot\system32\drivers\sffdisk.sys" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\sffp_mmc] "ImagePath"="\SystemRoot\system32\drivers\sffp_mmc.sys" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\sffp_sd] "ImagePath"="\SystemRoot\system32\drivers\sffp_sd.sys" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\sfloppy] "ImagePath"="\SystemRoot\system32\drivers\sfloppy.sys" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Sftfs] "ImagePath"="system32\DRIVERS\Sftfslh.sys" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\sftlist] "ImagePath"="\"c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe\"" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Sftplay] "ImagePath"="system32\DRIVERS\Sftplaylh.sys" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Sftredir] "ImagePath"="system32\DRIVERS\Sftredirlh.sys" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Sftvol] "ImagePath"="system32\DRIVERS\Sftvollh.sys" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\sftvsa] "ImagePath"="\"c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe\"" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SharedAccess] "ServiceDll"="%SystemRoot%\System32\ipnathlp.dll" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\ShellHWDetection] "ServiceDll"="%SystemRoot%\System32\shsvcs.dll" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SiSGbeLH] "ImagePath"="system32\DRIVERS\SiSG664.sys" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SiSRaid2] "ImagePath"="\SystemRoot\system32\drivers\SiSRaid2.sys" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SiSRaid4] "ImagePath"="\SystemRoot\system32\drivers\sisraid4.sys" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SkypeUpdate] "ImagePath"="\"c:\program files (x86)\Skype\Updater\Updater.exe\"" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Smb] "ImagePath"="system32\DRIVERS\smb.sys" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SMSvcHost 3.0.0.0] . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SMSvcHost 4.0.0.0] . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SNMPTRAP] "ImagePath"="%SystemRoot%\System32\snmptrap.exe" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\spldr] . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Spooler] "ImagePath"="%SystemRoot%\System32\spoolsv.exe" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\sppsvc] "ImagePath"="%SystemRoot%\system32\sppsvc.exe" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\sppuinotify] "ServiceDll"="%SystemRoot%\system32\sppuinotify.dll" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\srv] "ImagePath"="System32\DRIVERS\srv.sys" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\srv2] "ImagePath"="System32\DRIVERS\srv2.sys" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\srvnet] "ImagePath"="System32\DRIVERS\srvnet.sys" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SSDPSRV] "ServiceDll"="%SystemRoot%\System32\ssdpsrv.dll" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SstpSvc] "ServiceDll"="%SystemRoot%\system32\sstpsvc.dll" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\stexstor] "ImagePath"="\SystemRoot\system32\drivers\stexstor.sys" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\stisvc] "ServiceDll"="%SystemRoot%\System32\wiaservc.dll" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\swenum] "ImagePath"="system32\DRIVERS\swenum.sys" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SwitchBoard] "ImagePath"="\"c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe\"" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\swprv] "ServiceDll"="%Systemroot%\System32\swprv.dll" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SysMain] "ServiceDll"="%systemroot%\system32\sysmain.dll" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\TabletInputService] "ServiceDll"="%SystemRoot%\System32\TabSvc.dll" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\TapiSrv] "ServiceDll"="%SystemRoot%\System32\tapisrv.dll" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\TBS] "ServiceDll"="%SystemRoot%\System32\tbssvc.dll" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Tcpip] "ImagePath"="System32\drivers\tcpip.sys" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\TCPIP6] "ImagePath"="system32\DRIVERS\tcpip.sys" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\TCPIP6TUNNEL] . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\tcpipreg] "ImagePath"="System32\drivers\tcpipreg.sys" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\TCPIPTUNNEL] . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\TDPIPE] "ImagePath"="system32\drivers\tdpipe.sys" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\TDTCP] "ImagePath"="system32\drivers\tdtcp.sys" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\tdx] "ImagePath"="system32\DRIVERS\tdx.sys" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\TermDD] "ImagePath"="system32\DRIVERS\termdd.sys" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\TermService] "ServiceDll"="%SystemRoot%\System32\termsrv.dll" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Themes] "ServiceDll"="%SystemRoot%\system32\themeservice.dll" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\THREADORDER] "ServiceDll"="%SystemRoot%\system32\mmcss.dll" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\TrkWks] "ServiceDll"="%SystemRoot%\System32\trkwks.dll" -- . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\TrustedInstaller] "ImagePath"="%SystemRoot%\servicing\TrustedInstaller.exe" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\TSDDD] . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\tssecsrv] "ImagePath"="System32\DRIVERS\tssecsrv.sys" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\TsUsbFlt] "ImagePath"="system32\drivers\tsusbflt.sys" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\TsUsbGD] "ImagePath"="\SystemRoot\system32\drivers\TsUsbGD.sys" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\tunnel] "ImagePath"="system32\DRIVERS\tunnel.sys" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\TurboB] "ImagePath"="system32\DRIVERS\TurboB.sys" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\TurboBoost] "ImagePath"="\"c:\program files\Intel\TurboBoost\TurboBoost.exe\"" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\uagp35] "ImagePath"="\SystemRoot\system32\drivers\uagp35.sys" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\udfs] "ImagePath"="system32\DRIVERS\udfs.sys" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\UGatherer] . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\UGTHRSVC] . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\UI0Detect] "ImagePath"="%SystemRoot%\system32\UI0Detect.exe" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\uliagpkx] "ImagePath"="\SystemRoot\system32\drivers\uliagpkx.sys" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\umbus] "ImagePath"="system32\DRIVERS\umbus.sys" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\UmPass] "ImagePath"="\SystemRoot\system32\drivers\umpass.sys" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\upnphost] "ServiceDll"="%SystemRoot%\System32\upnphost.dll" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\USBAAPL64] "ImagePath"="System32\Drivers\usbaapl64.sys" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\usbccgp] "ImagePath"="system32\DRIVERS\usbccgp.sys" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\usbcir] "ImagePath"="\SystemRoot\system32\drivers\usbcir.sys" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\usbehci] "ImagePath"="\SystemRoot\system32\drivers\usbehci.sys" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\usbhub] "ImagePath"="system32\DRIVERS\usbhub.sys" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\usbohci] "ImagePath"="\SystemRoot\system32\drivers\usbohci.sys" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\usbprint] "ImagePath"="system32\DRIVERS\usbprint.sys" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\usbscan] "ImagePath"="system32\DRIVERS\usbscan.sys" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\USBSTOR] "ImagePath"="system32\DRIVERS\USBSTOR.SYS" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\usbuhci] "ImagePath"="\SystemRoot\system32\drivers\usbuhci.sys" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\usbvideo] "ImagePath"="System32\Drivers\usbvideo.sys" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\UxSms] "ServiceDll"="%SystemRoot%\System32\uxsms.dll" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VaultSvc] "ImagePath"="%SystemRoot%\system32\lsass.exe" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\vdrvroot] "ImagePath"="system32\drivers\vdrvroot.sys" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\vds] "ImagePath"="%SystemRoot%\System32\vds.exe" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\vga] "ImagePath"="system32\DRIVERS\vgapnp.sys" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VgaSave] "ImagePath"="\SystemRoot\System32\drivers\vga.sys" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\vhdmp] "ImagePath"="\SystemRoot\system32\drivers\vhdmp.sys" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\viaide] "ImagePath"="\SystemRoot\system32\drivers\viaide.sys" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\volmgr] "ImagePath"="system32\drivers\volmgr.sys" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\volmgrx] "ImagePath"="System32\drivers\volmgrx.sys" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\volsnap] "ImagePath"="system32\drivers\volsnap.sys" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\vsmraid] "ImagePath"="\SystemRoot\system32\drivers\vsmraid.sys" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS] "ImagePath"="%systemroot%\system32\vssvc.exe" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\vwifibus] "ImagePath"="system32\DRIVERS\vwifibus.sys" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\vwififlt] "ImagePath"="system32\DRIVERS\vwififlt.sys" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\vwifimp] "ImagePath"="system32\DRIVERS\vwifimp.sys" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\W32Time] "ServiceDll"="%systemroot%\system32\w32time.dll" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\W3SVC] . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WacomPen] "ImagePath"="\SystemRoot\system32\drivers\wacompen.sys" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WANARP] "ImagePath"="system32\DRIVERS\wanarp.sys" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Wanarpv6] "ImagePath"="system32\DRIVERS\wanarp.sys" - - - Updated - - - . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WatAdminSvc] "ImagePath"="%SystemRoot%\system32\Wat\WatAdminSvc.exe" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\wbengine] "ImagePath"="\"%systemroot%\system32\wbengine.exe\"" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WbioSrvc] "ServiceDll"="%SystemRoot%\System32\wbiosrvc.dll" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\wcncsvc] "ServiceDll"="%SystemRoot%\System32\wcncsvc.dll" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WcsPlugInService] "ServiceDll"="%SystemRoot%\System32\WcsPlugInService.dll" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Wd] "ImagePath"="\SystemRoot\system32\drivers\wd.sys" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Wdf01000] "ImagePath"="system32\drivers\Wdf01000.sys" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WdiServiceHost] "ServiceDll"="%SystemRoot%\system32\wdi.dll" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WdiSystemHost] "ServiceDll"="%SystemRoot%\system32\wdi.dll" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WebClient] "ServiceDll"="%SystemRoot%\System32\webclnt.dll" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Wecsvc] "ServiceDll"="%SystemRoot%\system32\wecsvc.dll" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\wercplsupport] "ServiceDll"="%SystemRoot%\System32\wercplsupport.dll" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WerSvc] "ServiceDll"="%SystemRoot%\System32\WerSvc.dll" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WfpLwf] "ImagePath"="system32\DRIVERS\wfplwf.sys" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WimFltr] "ImagePath"="system32\DRIVERS\wimfltr.sys" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WIMMount] "ImagePath"="system32\drivers\wimmount.sys" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WinDefend] "ServiceDll"="%ProgramFiles%\Windows Defender\mpsvc.dll" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Windows Workflow Foundation 3.0.0.0] . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WinHttpAutoProxySvc] "ServiceDll"="winhttp.dll" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Winmgmt] "ServiceDll"="%SystemRoot%\system32\wbem\WMIsvc.dll" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WinRM] "ServiceDll"="%SystemRoot%\system32\WsmSvc.dll" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Winsock] . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WinSock2] . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WinUsb] "ImagePath"="system32\DRIVERS\WinUsb.sys" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Wlansvc] "ServiceDll"="%SystemRoot%\System32\wlansvc.dll" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\wlcrasvc] "ImagePath"="\"c:\program files\Windows Live\Mesh\wlcrasvc.exe\"" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\wlidsvc] "ImagePath"="\"c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE\"" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WmiAcpi] "ImagePath"="system32\DRIVERS\wmiacpi.sys" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WmiApRpl] . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\wmiApSrv] "ImagePath"="%systemroot%\system32\wbem\WmiApSrv.exe" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WMPNetworkSvc] "ImagePath"="\"%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe\"" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WPCSvc] "ServiceDll"="%SystemRoot%\System32\wpcsvc.dll" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WPDBusEnum] "ServiceDll"="%SystemRoot%\system32\wpdbusenum.dll" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\ws2ifsl] "ImagePath"="\SystemRoot\system32\drivers\ws2ifsl.sys" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\wscsvc] "ServiceDll"="%SYSTEMROOT%\system32\wscsvc.dll" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WSearch] "ImagePath"="%systemroot%\system32\SearchIndexer.exe /Embedding" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WSearchIdxPi] . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\wuauserv] "ServiceDll"="%systemroot%\system32\wuaueng.dll" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WudfPf] "ImagePath"="system32\drivers\WudfPf.sys" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WUDFRd] "ImagePath"="system32\DRIVERS\WUDFRd.sys" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\wudfsvc] "ServiceDll"="%SystemRoot%\System32\WUDFSvc.dll" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WwanSvc] "ServiceDll"="%SystemRoot%\System32\wwansvc.dll" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\xmlprov] . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\{01B4EF1E-D133-4BBB-839F-3A8B12945027}] . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\{07171AC2-0D2A-427d-BCE5-B6C2D6C7058B}] . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\{4CC19276-8ED7-4AEF-86B4-73BB57A3F47A}] . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\{A23CD58C-4EE6-43B1-A951-FE604B8F5925}] . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\{C9B8FA03-9F88-4E09-95A6-6487CE2C33FC}] . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\{F6002899-2104-4479-A3C1-4FBAB4B0585D}] . --------------------- VERGRENDELDE REGISTER SLEUTELS --------------------- - - - Updated - - - . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10k.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.10" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10k.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10k.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10k.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}] @Denied: (A 2) (Everyone) @="IFlashBroker4" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*] @="?????????????????? v1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*\CLSID] @="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*] @="?????????????????? v2" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*\CLSID] @="{9BE31822-FDAD-461B-AD51-BE1D1C159921}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}] @Denied: (A) (Everyone) "Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3] @Denied: (A) (Everyone) . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0] "Key"="ActionsPane3" "Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . ------------------------ Andere Aktieve Processen ------------------------

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond REGEDIT4 . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1] @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}] 2012-02-15 00:32 94208 ----a-w- c:\users\Anna\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2] @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}] 2012-02-15 00:32 94208 ----a-w- c:\users\Anna\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3] @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}] 2012-02-15 00:32 94208 ----a-w- c:\users\Anna\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll . c:\users\Anna\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ Dropbox.lnk - c:\users\Anna\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-5-24 27112840] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows] "LoadAppInit_DLLs"=1 (0x1) . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc] @="Service" . R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-13 160944] R3 L1C;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20);c:\windows\system32\DRIVERS\L1C62x64.sys [2009-06-10 57344] R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [2011-05-02 340240] R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2012-08-30 128456] R3 NisSrv;Microsoft Netwerkinspectie;c:\program files\Microsoft Security Client\NisSrv.exe [2012-09-12 368896] R3 RSUSBVSTOR;RtsUVStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RTSUVSTOR.sys [2010-08-03 290920] R3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;c:\windows\system32\DRIVERS\SiSG664.sys [2009-06-10 56832] R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392] R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-20 31232] R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-02-15 52736] R3 WatAdminSvc;Windows Activation Technologies-service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-09-12 1255736] R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184] S0 AVGIDSHA;AVGIDSHA;c:\windows\system32\DRIVERS\avgidsha.sys [2012-10-15 63328] S0 Avgloga;AVG Logging Driver;c:\windows\system32\DRIVERS\avgloga.sys [2012-09-21 225120] S0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys [2012-10-05 111456] S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys [2012-09-14 40800] S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys [2011-05-10 25960] S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2011-11-03 56208] S1 ATKWMIACPIIO;ATKWMIACPI Driver;c:\program files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys [2010-07-26 17024] S1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdrivera.sys [2012-10-22 154464] S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys [2012-10-02 185696] S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys [2012-09-21 200032] S2 AFBAgent;AFBAgent;c:\windows\system32\FBAgent.exe [2011-03-03 379520] S2 ASMMAP64;ASMMAP64;c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [2009-07-03 15416] S2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2013\avgidsagent.exe [2012-11-06 5814392] S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2013\avgwdsvc.exe [2012-10-22 196664] S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624] S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-09-29 399432] S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-09-29 676936] S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776] S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys [2010-04-16 13832] S2 TurboBoost;Intel® Turbo Boost Technology Monitor;c:\program files\Intel\TurboBoost\TurboBoost.exe [2010-04-16 134928] S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys [2012-10-18 142632] S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-10-14 317440] S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-09-29 25928] S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-01-13 413800] S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2011-10-01 764264] S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2011-10-01 268648] S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2011-10-01 25960] S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2011-10-01 22376] S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496] . . --- Andere Services/Drivers In Geheugen --- . *NewlyCreated* - WS2IFSL . Inhoud van de 'Gedeelde Taken' map . 2012-11-18 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-04-13 02:33] . 2012-11-18 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-04-13 02:33] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_B] @="{6D4133E5-0742-4ADC-8A8C-9303440F7190}" [HKEY_CLASSES_ROOT\CLSID\{6D4133E5-0742-4ADC-8A8C-9303440F7190}] 2010-09-02 08:41 220160 ----a-w- c:\program files (x86)\ASUS\ASUS WebStorage\3.0.84.161\AsusWSShellExt64.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_O] @="{64174815-8D98-4CE6-8646-4C039977D808}" [HKEY_CLASSES_ROOT\CLSID\{64174815-8D98-4CE6-8646-4C039977D808}] 2010-09-02 08:41 220160 ----a-w- c:\program files (x86)\ASUS\ASUS WebStorage\3.0.84.161\AsusWSShellExt64.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1] @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}] 2012-02-15 00:32 97792 ----a-w- c:\users\Anna\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2] @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}] 2012-02-15 00:32 97792 ----a-w- c:\users\Anna\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3] @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}] 2012-02-15 00:32 97792 ----a-w- c:\users\Anna\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4] @="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}] 2012-02-15 00:32 97792 ----a-w- c:\users\Anna\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-09-12 1289704] "Logitech Download Assistant"="c:\windows\System32\LogiLDA.dll" [2012-09-20 1832760] "combofix"="c:\combofix\CF11436.3XE" [2010-11-20 345088] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "AppInit_DLLs"=c:\windows\System32\nvinitx.dll . ------- Bijkomende Scan ------- . uLocal Page = c:\windows\system32\blank.htm uStart Page = hxxp://asus.msn.com mStart Page = hxxp://asus.msn.com mLocal Page = c:\windows\SysWOW64\blank.htm uInternet Settings,ProxyOverride = *.local IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000 IE: Se&nd to OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105 TCP: DhcpNameServer = 192.168.1.1 FF - ProfilePath - c:\users\Anna\AppData\Roaming\Mozilla\Firefox\Profiles\qxzi4cfm.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.google.nl/|https://blackboard.tudelft.nl/webapps/portal/frameset.jsp FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=937811&p= FF - ExtSQL: 2012-10-18 16:35; thepiratebay@mafiaafire.com; c:\users\Anna\AppData\Roaming\Mozilla\Firefox\Profiles\qxzi4cfm.default\extensions\thepiratebay@mafiaafire.com.xpi FF - ExtSQL: 2012-10-27 17:56; 508c0294eb89a@508c0294eb8d3.com; c:\users\Anna\AppData\Roaming\Mozilla\Firefox\Profiles\qxzi4cfm.default\extensions\508c0294eb89a@508c0294eb8d3.com . - - - - ORPHANS VERWIJDERD - - - - . Toolbar-Locked - (no file) Toolbar-Locked - (no file) WebBrowser-{87775FDB-6972-41F9-AE51-8326E38CB206} - (no file) HKLM-Run-ETDCtrl - c:\program files (x86)\Elantech\ETDCtrl.exe AddRemove-Optimizer Pro_is1 - c:\program files (x86)\Optimizer Pro\unins000.exe AddRemove-SP_a6a8650b - c:\program files (x86)\WxDFast\uninstall.exe AddRemove-{088DF54D-6FFC-8C91-02D5-A461DCC2E652} - c:\programdata\wxDownload\uninstall.exe . . . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\.NET CLR Data] . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\.NET CLR Networking] . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\.NET CLR Networking 4.0.0.0] . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\.NET Data Provider for Oracle] . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\.NET Data Provider for SqlServer] . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\.NETFramework] . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\1394ohci] "ImagePath"="\SystemRoot\system32\drivers\1394ohci.sys" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\ACPI] "ImagePath"="system32\drivers\ACPI.sys" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\AcpiPmi] "ImagePath"="\SystemRoot\system32\drivers\acpipmi.sys" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\AdobeARMservice] "ImagePath"="\"c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe\"" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\adp94xx] "ImagePath"="\SystemRoot\system32\drivers\adp94xx.sys" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\adpahci] "ImagePath"="\SystemRoot\system32\drivers\adpahci.sys" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\adpu320] "ImagePath"="\SystemRoot\system32\drivers\adpu320.sys" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\adsi] . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\AeLookupSvc] "ServiceDll"="%SystemRoot%\System32\aelupsvc.dll" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\AFBAgent] "ImagePath"="\"c:\windows\system32\FBAgent.exe\"" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\AFD] "ImagePath"="\SystemRoot\system32\drivers\afd.sys" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\agp440] "ImagePath"="\SystemRoot\system32\drivers\agp440.sys" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\ALG] "ImagePath"="%SystemRoot%\System32\alg.exe" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\aliide] "ImagePath"="\SystemRoot\system32\drivers\aliide.sys" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\amdide] "ImagePath"="\SystemRoot\system32\drivers\amdide.sys" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\AmdK8] "ImagePath"="\SystemRoot\system32\drivers\amdk8.sys" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\AmdPPM] "ImagePath"="\SystemRoot\system32\drivers\amdppm.sys" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\amdsata] "ImagePath"="\SystemRoot\system32\drivers\amdsata.sys" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\amdsbs] "ImagePath"="\SystemRoot\system32\drivers\amdsbs.sys" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\amdxata] "ImagePath"="system32\drivers\amdxata.sys" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\AppID] "ImagePath"="\SystemRoot\system32\drivers\appid.sys" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\AppIDSvc] "ServiceDll"="%SystemRoot%\System32\appidsvc.dll" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Appinfo] "ServiceDll"="%SystemRoot%\System32\appinfo.dll" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Apple Mobile Device] "ImagePath"="\"c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe\"" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\AppMgmt] "ServiceDll"="%SystemRoot%\System32\appmgmts.dll" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\arc] "ImagePath"="\SystemRoot\system32\drivers\arc.sys" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\arcsas] "ImagePath"="\SystemRoot\system32\drivers\arcsas.sys" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\ASLDRService] "ImagePath"="c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\ASMMAP64] "ImagePath"="\??\c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\AsyncMac] "ImagePath"="system32\DRIVERS\asyncmac.sys" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\atapi] "ImagePath"="system32\drivers\atapi.sys" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\athr] "ImagePath"="system32\DRIVERS\athrx.sys" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\ATKGFNEXSrv] "ImagePath"="c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\ATKWMIACPIIO] "ImagePath"="\??\c:\program files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\AudioEndpointBuilder] "ServiceDll"="%SystemRoot%\System32\Audiosrv.dll" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\AudioSrv] "ServiceDll"="%SystemRoot%\System32\Audiosrv.dll" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Avg] . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\AVGIDSAgent] "ImagePath"="\"c:\program files (x86)\AVG\AVG2013\avgidsagent.exe\"" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\AVGIDSDriver] "ImagePath"="system32\DRIVERS\avgidsdrivera.sys" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\AVGIDSHA] "ImagePath"="system32\DRIVERS\avgidsha.sys" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Avgldx64] "ImagePath"="system32\DRIVERS\avgldx64.sys" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Avgloga] "ImagePath"="system32\DRIVERS\avgloga.sys" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Avgmfx64] "ImagePath"="system32\DRIVERS\avgmfx64.sys" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Avgrkx64] "ImagePath"="system32\DRIVERS\avgrkx64.sys" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Avgtdia] "ImagePath"="system32\DRIVERS\avgtdia.sys" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\avgwd] "ImagePath"="\"c:\program files (x86)\AVG\AVG2013\avgwdsvc.exe\"" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\AxInstSV] "ServiceDll"="%SystemRoot%\System32\AxInstSV.dll" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\b06bdrv] "ImagePath"="\SystemRoot\system32\drivers\bxvbda.sys" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\b57nd60a] "ImagePath"="system32\DRIVERS\b57nd60a.sys" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\BattC] "MofImagePath"="system32\drivers\battc.sys" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\BDESVC] "ServiceDll"="%SystemRoot%\System32\bdesvc.dll" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Beep] . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\BFE] "ServiceDll"="%SystemRoot%\System32\bfe.dll" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\BITS] "ServiceDll"="%systemroot%\system32\qmgr.dll" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\blbdrive] "ImagePath"="system32\DRIVERS\blbdrive.sys" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Bonjour Service] "ImagePath"="\"c:\program files\Bonjour\mDNSResponder.exe\"" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\bowser] "ImagePath"="system32\DRIVERS\bowser.sys" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\BrFiltLo] "ImagePath"="\SystemRoot\system32\drivers\BrFiltLo.sys" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\BrFiltUp] "ImagePath"="\SystemRoot\system32\drivers\BrFiltUp.sys" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\BridgeMP] "ImagePath"="system32\DRIVERS\bridge.sys" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Browser] "ServiceDll"="%SystemRoot%\System32\browser.dll" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Brserid] "ImagePath"="\SystemRoot\System32\Drivers\Brserid.sys" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\BrSerWdm] "ImagePath"="\SystemRoot\System32\Drivers\BrSerWdm.sys" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\BrUsbMdm] "ImagePath"="\SystemRoot\System32\Drivers\BrUsbMdm.sys" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\BrUsbSer] "ImagePath"="\SystemRoot\System32\Drivers\BrUsbSer.sys" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\BthEnum] "ImagePath"="\SystemRoot\system32\drivers\BthEnum.sys" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\BTHMODEM] "ImagePath"="\SystemRoot\system32\drivers\bthmodem.sys" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\BthPan] "ImagePath"="system32\DRIVERS\bthpan.sys" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\BTHPORT] "ImagePath"="\SystemRoot\System32\Drivers\BTHport.sys" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\bthserv] "ServiceDll"="%SystemRoot%\system32\bthserv.dll" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\BTHUSB] "ImagePath"="\SystemRoot\System32\Drivers\BTHUSB.sys" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\catchme] "ImagePath"="\??\c:\combofix\catchme.sys" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\cdfs] "ImagePath"="system32\DRIVERS\cdfs.sys" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\cdrom] "ImagePath"="system32\DRIVERS\cdrom.sys" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\CertPropSvc] "ServiceDll"="%SystemRoot%\System32\certprop.dll" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\circlass] "ImagePath"="\SystemRoot\system32\drivers\circlass.sys" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\CLFS] "ImagePath"="System32\CLFS.sys" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\clr_optimization_v2.0.50727_32] "ImagePath"="%systemroot%\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\clr_optimization_v2.0.50727_64] "ImagePath"="%systemroot%\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\clr_optimization_v4.0.30319_32] "ImagePath"="c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\clr_optimization_v4.0.30319_64] "ImagePath"="c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\CmBatt] "ImagePath"="system32\DRIVERS\CmBatt.sys" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\cmdide] "ImagePath"="\SystemRoot\system32\drivers\cmdide.sys" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\CNG] "ImagePath"="System32\Drivers\cng.sys" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Compbatt] "ImagePath"="system32\drivers\compbatt.sys" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\CompositeBus] "ImagePath"="system32\DRIVERS\CompositeBus.sys" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\COMSysApp] "ImagePath"="%SystemRoot%\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235}" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\crcdisk] "ImagePath"="\SystemRoot\system32\drivers\crcdisk.sys" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\crypt32] . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\CryptSvc] "ServiceDll"="%SystemRoot%\system32\cryptsvc.dll" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\cvhsvc] "ImagePath"="\"c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE\"" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\CVirtA] "ImagePath"="system32\DRIVERS\CVirtA64.sys" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\CVPND] "ImagePath"="\"c:\program files (x86)\Cisco Systems\VPN Client\cvpnd.exe\"" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\CVPNDRVA] "ImagePath"="\??\c:\windows\system32\Drivers\CVPNDRVA.sys" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\DCLocator] . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\DcomLaunch] "ServiceDll"="%SystemRoot%\system32\rpcss.dll" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\defragsvc] "ServiceDll"="%Systemroot%\System32\defragsvc.dll" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\DfsC] "ImagePath"="System32\Drivers\dfsc.sys" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dhcp] "ServiceDll"="%SystemRoot%\system32\dhcpcore.dll" -- . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\discache] "ImagePath"="System32\drivers\discache.sys" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Disk] "ImagePath"="system32\drivers\disk.sys" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\DNE] "ImagePath"="system32\DRIVERS\dne64x.sys" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache] "ServiceDll"="%SystemRoot%\System32\dnsrslvr.dll" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\dot3svc] "ServiceDll"="%SystemRoot%\System32\dot3svc.dll" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\DPS] "ServiceDll"="%SystemRoot%\system32\dps.dll" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\drmkaud] "ImagePath"="system32\drivers\drmkaud.sys" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\DXGKrnl] "ImagePath"="\SystemRoot\System32\drivers\dxgkrnl.sys" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\EapHost] "ServiceDll"="%SystemRoot%\System32\eapsvc.dll" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\ebdrv] "ImagePath"="\SystemRoot\system32\drivers\evbda.sys" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\EFS] "ImagePath"="%SystemRoot%\System32\lsass.exe" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\ehRecvr] "ImagePath"="%systemroot%\ehome\ehRecvr.exe" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\ehSched] "ImagePath"="%systemroot%\ehome\ehsched.exe" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Elantech] . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\elxstor] "ImagePath"="\SystemRoot\system32\drivers\elxstor.sys" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\ErrDev] "ImagePath"="\SystemRoot\system32\drivers\errdev.sys" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\ESENT] . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\ETD] "ImagePath"="system32\DRIVERS\ETD.sys" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\eventlog] "ServiceDll"="%SystemRoot%\System32\wevtsvc.dll" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\EventSystem] "ServiceDll"="%systemroot%\system32\es.dll" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\EvtEng] "ImagePath"="c:\program files\Intel\WiFi\bin\EvtEng.exe" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\exfat] . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\fastfat] . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Fax] "ImagePath"="%systemroot%\system32\fxssvc.exe" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\fdc] "ImagePath"="\SystemRoot\system32\drivers\fdc.sys" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\fdPHost] "ServiceDll"="%SystemRoot%\system32\fdPHost.dll" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\FDResPub] "ServiceDll"="%SystemRoot%\system32\fdrespub.dll" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\FileInfo] "ImagePath"="system32\drivers\fileinfo.sys" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Filetrace] "ImagePath"="system32\drivers\filetrace.sys" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\flpydisk] "ImagePath"="\SystemRoot\system32\drivers\flpydisk.sys" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\FltMgr] "ImagePath"="system32\drivers\fltmgr.sys" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\FontCache] "ServiceDll"="%SystemRoot%\system32\FntCache.dll" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\FontCache3.0.0.0] "ImagePath"="%systemroot%\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\FsDepends] "ImagePath"="System32\drivers\FsDepends.sys" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\fssfltr] "ImagePath"="system32\DRIVERS\fssfltr.sys" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\fsssvc] "ImagePath"="\"c:\program files (x86)\Windows Live\Family Safety\fsssvc.exe\"" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Fs_Rec] . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\fvevol] "ImagePath"="System32\DRIVERS\fvevol.sys" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\gagp30kx] "ImagePath"="\SystemRoot\system32\drivers\gagp30kx.sys" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\GEARAspiWDM] "ImagePath"="system32\DRIVERS\GEARAspiWDM.sys" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\gpsvc] "ServiceDll"="%SystemRoot%\System32\gpsvc.dll" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\gupdate] "ImagePath"="\"c:\program files (x86)\Google\Update\GoogleUpdate.exe\" /svc" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\gupdatem] "ImagePath"="\"c:\program files (x86)\Google\Update\GoogleUpdate.exe\" /medsvc" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\hcw85cir] "ImagePath"="\SystemRoot\system32\drivers\hcw85cir.sys" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\HdAudAddService] "ImagePath"="system32\drivers\HdAudio.sys" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\HDAudBus] "ImagePath"="system32\DRIVERS\HDAudBus.sys" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\HidBatt] "ImagePath"="\SystemRoot\system32\drivers\HidBatt.sys" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\HidBth] "ImagePath"="\SystemRoot\system32\drivers\hidbth.sys" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\HidIr] "ImagePath"="\SystemRoot\system32\drivers\hidir.sys" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\hidserv] "ServiceDll"="%SystemRoot%\System32\hidserv.dll" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\HidUsb] "ImagePath"="system32\DRIVERS\hidusb.sys" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\hkmsvc] "ServiceDLL"="%SystemRoot%\system32\kmsvc.dll" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\HomeGroupListener] "ServiceDll"="%SystemRoot%\system32\ListSvc.dll" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\HomeGroupProvider] "ServiceDll"="%SystemRoot%\system32\provsvc.dll" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\HpSAMD] "ImagePath"="\SystemRoot\system32\drivers\HpSAMD.sys" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\HTTP] "ImagePath"="system32\drivers\HTTP.sys" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\hwpolicy] "ImagePath"="System32\drivers\hwpolicy.sys" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\i8042prt] "ImagePath"="system32\DRIVERS\i8042prt.sys" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\ialm] . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\iaStor] "ImagePath"="system32\DRIVERS\iaStor.sys" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\iaStorV] "ImagePath"="\SystemRoot\system32\drivers\iaStorV.sys" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\idsvc] "ImagePath"="\"%systemroot%\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe\"" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\igfx] "ImagePath"="system32\DRIVERS\igdkmd64.sys" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\iirsp] "ImagePath"="\SystemRoot\system32\drivers\iirsp.sys" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\IKEEXT] "ServiceDll"="%SystemRoot%\System32\ikeext.dll" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\inetaccs] . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\IntcAzAudAddService] "ImagePath"="system32\drivers\RTKVHD64.sys" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\IntcDAud] "ImagePath"="system32\DRIVERS\IntcDAud.sys" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\intelide] "ImagePath"="\SystemRoot\system32\drivers\intelide.sys" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\intelppm] "ImagePath"="system32\DRIVERS\intelppm.sys" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\IPBusEnum] "ServiceDll"="%SystemRoot%\system32\ipbusenum.dll" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\IpFilterDriver] "ImagePath"="system32\DRIVERS\ipfltdrv.sys" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\iphlpsvc] "ServiceDll"="%SystemRoot%\System32\iphlpsvc.dll" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\IPMIDRV] "ImagePath"="\SystemRoot\system32\drivers\IPMIDrv.sys" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\IPNAT] "ImagePath"="System32\drivers\ipnat.sys" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\iPod Service] "ImagePath"="\"c:\program files\iPod\bin\iPodService.exe\"" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\IRENUM] "ImagePath"="system32\drivers\irenum.sys" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\isapnp] "ImagePath"="\SystemRoot\system32\drivers\isapnp.sys" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\iScsiPrt] "ImagePath"="\SystemRoot\system32\drivers\msiscsi.sys" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\kbdclass] "ImagePath"="system32\DRIVERS\kbdclass.sys" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\kbdhid] "ImagePath"="system32\DRIVERS\kbdhid.sys" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\kbfiltr] "ImagePath"="system32\DRIVERS\kbfiltr.sys" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\KeyIso] "ImagePath"="%SystemRoot%\system32\lsass.exe" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\KSecDD] "ImagePath"="System32\Drivers\ksecdd.sys" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\KSecPkg] "ImagePath"="System32\Drivers\ksecpkg.sys" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\ksthunk] "ImagePath"="\SystemRoot\system32\drivers\ksthunk.sys" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\KtmRm] "ServiceDll"="%systemroot%\system32\msdtckrm.dll" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\L1C] "ImagePath"="system32\DRIVERS\L1C62x64.sys" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\LanmanServer] "ServiceDll"="%SystemRoot%\System32\srvsvc.dll" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\LanmanWorkstation] "ServiceDll"="%SystemRoot%\System32\wkssvc.dll" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\ldap] . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\lltdio] "ImagePath"="system32\DRIVERS\lltdio.sys" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\lltdsvc] "ServiceDll"="%SystemRoot%\System32\lltdsvc.dll" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\lmhosts] "ServiceDll"="%SystemRoot%\System32\lmhsvc.dll" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Lsa] . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\LSI_FC] "ImagePath"="\SystemRoot\system32\drivers\lsi_fc.sys" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\LSI_SAS] "ImagePath"="\SystemRoot\system32\drivers\lsi_sas.sys" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\LSI_SAS2] "ImagePath"="\SystemRoot\system32\drivers\lsi_sas2.sys" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\LSI_SCSI] "ImagePath"="\SystemRoot\system32\drivers\lsi_scsi.sys" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\luafv] "ImagePath"="\SystemRoot\system32\drivers\luafv.sys" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\MAV Client PerfMon Provider] . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\MBAMProtector] "ImagePath"="\??\c:\windows\system32\drivers\mbam.sys" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\MBAMScheduler] "ImagePath"="\"c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe\"" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\MBAMService] "ImagePath"="\"c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe\"" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Mcx2Svc] "ServiceDll"="%SystemRoot%\system32\Mcx2Svc.dll" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\megasas] "ImagePath"="\SystemRoot\system32\drivers\megasas.sys" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\MegaSR] "ImagePath"="\SystemRoot\system32\drivers\MegaSR.sys" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\MEIx64] "ImagePath"="system32\DRIVERS\HECIx64.sys" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Microsoft SharePoint Workspace Audit Service] "ImagePath"="\"c:\program files (x86)\Microsoft Office\Office14\GROOVE.EXE\" /auditservice" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\MMCSS] "ServiceDll"="%SystemRoot%\system32\mmcss.dll" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Modem] "ImagePath"="system32\drivers\modem.sys" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\monitor] "ImagePath"="system32\DRIVERS\monitor.sys" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\mouclass] "ImagePath"="system32\DRIVERS\mouclass.sys" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\mouhid] "ImagePath"="system32\DRIVERS\mouhid.sys" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\mountmgr] "ImagePath"="System32\drivers\mountmgr.sys" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\MozillaMaintenance] "ImagePath"="c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\MpFilter] "ImagePath"="system32\DRIVERS\MpFilter.sys" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\mpio] "ImagePath"="\SystemRoot\system32\drivers\mpio.sys" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\mpsdrv]