Ga naar inhoud

CK-CA

Lid
  • Items

    19
  • Registratiedatum

  • Laatst bezocht

Over CK-CA

  • Verjaardag 03-01-1992

CK-CA's prestaties

  1. Hoy Ik heb een probleempje, waarbij ik Sharepod niet geopend krijg. Ik heb verschillende programma's geïnstalleerd, geen enkel programma vind mijn iPod terug. Behalve iTunes dan. Dit is de foutmelding die ik krijg; C:\ipod_control\iTunes\iTunesDB file is empty. Please run iTunes with your iPod connected, then re-open SharePod. Wie mij kan helpen: Alvast bedankt
  2. Zo. Ik heb het gedaan. Bedankt voor je hulp, Kape!
  3. Hallo Kape, Ik denk dat ik Combofix heb verwijderd, want ik vind 'm niet meer terug op de pc. MOET het volgens jou manier, of mocht het ook gewoon verwijdert zijn? Ik laat je iets weten als ik met alles klaar ben
  4. Scan voltooid. 0 uit 19 scanners vonden malware. En daaronder onder 'Scanners' staat 'niets gevonden' . Wil je hier eens kijken? Google De 3de laatste link pakken. Dus het probleem is dan opgelost?
  5. C:\Windows is het. Staat in een lijst met andere kleine bestandjes.
  6. Dag Kweezie Wabbit, Ik heb het net geprobeerd. Spijtig genoeg is het niet gelukt.
  7. Ik heb de 2 mappen verwijdert. Ik kan steeds 'Winhelp' niet verwijderen. (Zie afbeelding.)
  8. Oke, heb het gedaan. Hier is het logje. ( Als ik het logje in een bijlage kon steken, dan waren hier de topics een stuk overzichtelijker) ComboFix 10-08-17.04 - Cem Kilic 18/08/2010 19:54:36.1.2 - x86 Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.32.1043.18.3325.1940 [GMT 2:00] Gestart vanuit: c:\users\Cem Kilic\Desktop\ComboFix.exe . (((((((((((((((((((((((((((((((((( Andere Verwijderingen ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\program files\RelevantKnowledge c:\program files\RelevantKnowledge\MSVCP71.DLL c:\program files\RelevantKnowledge\MSVCR71.DLL c:\program files\RelevantKnowledge\rlls.dll c:\program files\RelevantKnowledge\rlls64.dll c:\program files\RelevantKnowledge\rloci.bin c:\program files\RelevantKnowledge\rlservice.exe c:\program files\RelevantKnowledge\rlvknlg.exe c:\program files\RelevantKnowledge\rlvknlg64.exe c:\users\Cem Kilic\AppData\Local\Windows Server c:\users\Cem Kilic\AppData\Local\Windows Server\flags.ini c:\users\Cem Kilic\AppData\Local\Windows Server\server.dat c:\users\Cem Kilic\AppData\Local\Windows Server\uses32.dat c:\users\Cem Kilic\AppData\Roaming\Microsoft\Windows\Templates\memory.tmp c:\users\marazali\AppData\Roaming\020000001eb25202724C.manifest c:\users\marazali\AppData\Roaming\020000001eb25202724O.manifest c:\users\marazali\AppData\Roaming\020000001eb25202724P.manifest c:\users\marazali\AppData\Roaming\020000001eb25202724S.manifest c:\windows\system32\drivers\npf.sys c:\windows\system32\Packet.dll c:\windows\system32\pthreadVC.dll c:\windows\system32\system c:\windows\system32\wpcap.dll . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_NPF -------\Service_NPF -------\Service_RelevantKnowledge (((((((((((((((((((( Bestanden Gemaakt van 2010-07-18 to 2010-08-18 )))))))))))))))))))))))))))))) . 2010-08-18 17:48 . 2010-08-18 17:49 -------- d-----w- C:\32788R22FWJFW 2010-08-18 15:26 . 2010-08-18 15:26 -------- d-----w- c:\program files\QuickTime 2010-08-18 15:25 . 2010-08-18 15:25 -------- d-----w- c:\users\Cem Kilic\AppData\Local\Apple 2010-08-18 13:54 . 2010-08-18 13:54 310208 ----a-w- c:\users\Cem Kilic\AppData\Roaming\Azureus\plugins\mlab\ShaperProbeC.exe 2010-08-18 13:54 . 2010-08-18 16:41 -------- d-----w- c:\users\Cem Kilic\AppData\Roaming\Azureus 2010-08-18 13:52 . 2010-08-18 13:53 -------- d-----w- c:\program files\Vuze 2010-08-18 10:53 . 2010-08-18 10:53 -------- d-----w- c:\program files\SubSync 2010-08-18 10:53 . 2010-08-18 10:53 249856 ------w- c:\windows\Setup1.exe 2010-08-18 10:53 . 2010-08-18 10:53 73216 ----a-w- c:\windows\ST6UNST.EXE 2010-08-18 10:02 . 2010-08-18 10:02 -------- d-----w- c:\program files\MPEG Player 2010-08-17 16:04 . 2010-08-17 16:04 -------- d-----w- c:\program files\DFX 2010-08-17 10:44 . 2010-08-17 10:44 -------- d-----w- c:\users\Cem Kilic\AppData\Roaming\Malwarebytes 2010-08-17 10:44 . 2010-04-29 13:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-08-17 10:44 . 2010-08-17 10:44 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2010-08-17 10:44 . 2010-04-29 13:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-08-17 10:04 . 2010-08-17 10:04 388096 ----a-r- c:\users\Cem Kilic\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe 2010-08-16 14:26 . 2010-08-16 14:26 -------- d-----w- c:\program files\VS Revo Group 2010-08-16 09:33 . 2010-08-16 09:33 -------- d-----w- c:\program files\CCleaner 2010-08-15 19:23 . 2010-08-17 10:01 -------- d-----w- c:\users\Cem Kilic\AppData\Local\Windows 2010-08-15 17:26 . 2010-08-15 17:26 -------- d-----w- c:\users\Cem Kilic\.thinupload 2010-08-15 16:08 . 2010-08-15 16:08 105432 ----a-w- c:\users\Cem Kilic\AppData\Local\GDIPFONTCACHEV1.DAT 2010-08-15 14:42 . 2010-08-15 14:42 -------- d-----w- c:\program files\RapidShareManager 2010-08-15 14:37 . 2010-06-11 16:15 1248768 ----a-w- c:\windows\system32\msxml3.dll 2010-08-15 14:37 . 2010-06-18 15:04 302080 ----a-w- c:\windows\system32\drivers\srv.sys 2010-08-15 14:37 . 2010-06-18 15:04 144896 ----a-w- c:\windows\system32\drivers\srv2.sys 2010-08-15 14:37 . 2010-06-16 16:04 905088 ----a-w- c:\windows\system32\drivers\tcpip.sys 2010-08-15 13:12 . 2010-08-15 13:12 -------- d-----w- c:\users\Cem Kilic\AppData\Roaming\DivX 2010-08-15 13:11 . 2010-08-15 13:12 -------- d-----w- c:\users\Cem Kilic\AppData\Local\Adobe 2010-08-15 13:11 . 2010-08-15 13:11 29184 ----a-r- c:\users\Cem Kilic\AppData\Roaming\Microsoft\Installer\{21AE04E8-EBF6-40DB-9AA9-B7A80C5D057D}\Icon21AE04E8.exe 2010-08-15 11:47 . 2010-08-18 17:23 -------- d-----w- c:\users\Cem Kilic\Tracing 2010-08-15 10:27 . 2010-08-15 10:27 -------- d-----w- c:\users\Cem Kilic\AppData\Local\DFX 2010-08-15 10:25 . 2010-08-15 18:18 -------- d-----w- c:\users\Cem Kilic\AppData\Roaming\Apple Computer 2010-08-15 10:25 . 2010-08-15 10:25 -------- d-----w- c:\users\Cem Kilic\AppData\Local\Apple Computer 2010-08-15 10:24 . 2010-08-15 10:24 -------- d-----w- c:\users\Cem Kilic\AppData\Local\Mozilla 2010-08-14 22:40 . 2010-08-15 17:11 -------- d-----w- C:\found.003 2010-08-11 10:26 . 2010-08-11 10:26 -------- d-----w- c:\programdata\CenerTCPMessenger 2010-08-04 17:13 . 2010-08-04 17:13 -------- d-----w- c:\program files\mkv2vob 2010-07-28 21:58 . 2010-07-28 21:59 -------- d-----w- c:\programdata\ScreenVCR 2010-07-28 21:58 . 2010-07-28 21:58 -------- d-----w- c:\program files\TotalScreenRecorder_Gold 2010-07-26 19:08 . 2010-07-26 19:08 -------- d-----w- c:\program files\iPod 2010-07-26 19:06 . 2010-07-26 19:06 73000 ----a-w- c:\programdata\Apple Computer\Installer Cache\iTunes 9.2.1.5\SetupAdmin.exe 2010-07-26 13:17 . 2010-07-26 13:17 -------- d-----w- c:\programdata\Uniblue 2010-07-25 20:53 . 2010-07-26 15:39 -------- d-----w- c:\program files\Uniblue 2010-07-25 15:51 . 2010-07-25 15:51 -------- d-----w- c:\users\marazali\AppData\Roaming\Malwarebytes 2010-07-20 12:15 . 2010-07-26 14:25 -------- d-----w- c:\program files\iPod(2702) . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-08-18 18:08 . 2010-04-24 10:41 71445 ----a-w- c:\programdata\nvModes.dat 2010-08-18 18:08 . 2009-05-29 00:08 682270 ----a-w- c:\windows\system32\perfh013.dat 2010-08-18 18:08 . 2009-05-29 00:08 131534 ----a-w- c:\windows\system32\perfc013.dat 2010-08-18 17:46 . 2009-11-10 18:00 0 ----a-w- c:\users\marazali\AppData\Local\prvlcl.dat 2010-08-18 10:44 . 2009-09-06 12:02 -------- d-----w- c:\program files\URUSoft 2010-08-17 10:44 . 2010-01-16 15:16 -------- d-----w- c:\program files\MALWAREBYTES ANTI-MALWARE 2010-08-15 14:43 . 2009-08-31 11:16 -------- d-----w- c:\programdata\Microsoft Help 2010-08-15 14:40 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail 2010-08-06 22:02 . 2010-03-31 16:59 -------- d-----w- c:\programdata\DFX 2010-08-04 17:12 . 2009-05-29 10:22 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard 2010-08-04 08:58 . 2009-08-26 15:51 105432 ----a-w- c:\users\marazali\AppData\Local\GDIPFONTCACHEV1.DAT 2010-08-03 15:52 . 2010-03-21 09:05 -------- d-----w- c:\programdata\DivX 2010-07-31 07:28 . 2010-06-14 14:54 -------- d-----w- c:\programdata\boost_interprocess 2010-07-29 15:49 . 2010-06-06 10:53 57344 ----a-w- c:\programdata\DivX\RunAsUser\RUNASUSERPROCESS.dll 2010-07-26 20:06 . 2010-02-12 13:38 -------- d-----w- c:\program files\LimeWire 2010-07-26 19:14 . 2009-09-12 18:01 -------- d-----w- c:\users\marazali\AppData\Roaming\LimeWire 2010-07-26 19:08 . 2010-03-31 15:31 -------- d-----w- c:\program files\iTunes 2010-07-26 19:08 . 2009-08-28 20:14 -------- d-----w- c:\program files\Common Files\Apple 2010-07-26 15:47 . 2010-01-26 18:29 -------- d-----w- c:\users\marazali\AppData\Roaming\BitTorrent 2010-07-26 14:25 . 2010-06-18 14:10 -------- d-----w- c:\program files\Bonjour 2010-07-26 14:08 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Photo Gallery 2010-07-26 14:08 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Journal 2010-07-26 14:08 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Defender 2010-07-26 14:08 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Collaboration 2010-07-26 14:08 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Calendar 2010-07-26 14:07 . 2006-11-02 12:37 -------- d-----w- c:\program files\Microsoft Games 2010-07-26 11:57 . 2010-07-09 20:23 -------- d-----w- c:\programdata\Mozilla Firefox 2010-07-18 19:18 . 2010-07-11 09:23 -------- d-----w- c:\programdata\WindSolutions 2010-07-18 19:17 . 2010-07-18 19:17 -------- d-----w- c:\program files\TVersity Codec Pack 2010-07-11 08:40 . 2010-04-06 07:42 -------- d-----w- c:\program files\LeKuSoft 2010-06-26 06:05 . 2010-08-15 14:38 916480 ----a-w- c:\windows\system32\wininet.dll 2010-06-26 06:02 . 2010-08-15 14:38 71680 ----a-w- c:\windows\system32\iesetup.dll 2010-06-26 06:02 . 2010-08-15 14:38 109056 ----a-w- c:\windows\system32\iesysprep.dll 2010-06-26 04:25 . 2010-08-15 14:38 133632 ----a-w- c:\windows\system32\ieUnatt.exe 2010-06-21 13:37 . 2010-08-15 14:38 2037760 ----a-w- c:\windows\system32\win32k.sys 2010-06-18 17:31 . 2010-08-15 14:38 36864 ----a-w- c:\windows\system32\rtutils.dll 2010-06-11 16:16 . 2010-08-15 14:38 274944 ----a-w- c:\windows\system32\schannel.dll 2010-06-08 17:35 . 2010-08-15 14:38 3548040 ----a-w- c:\windows\system32\ntoskrnl.exe 2010-06-08 17:35 . 2010-08-15 14:38 3600768 ----a-w- c:\windows\system32\ntkrnlpa.exe 2010-06-07 11:56 . 2010-06-14 14:54 192496 ----a-w- c:\windows\system32\hrfsnp.dll 2010-06-07 11:56 . 2010-06-14 14:54 144368 ----a-w- c:\windows\system32\drivers\hrfsmrx.sys 2010-05-31 06:19 . 2010-02-21 15:54 680 ----a-w- c:\users\marazali\AppData\Local\d3d9caps.dat 2010-05-27 20:08 . 2010-08-15 14:38 81920 ----a-w- c:\windows\system32\iccvid.dll 2010-05-26 17:06 . 2010-06-09 13:34 34304 ----a-w- c:\windows\system32\atmlib.dll 2010-05-26 14:47 . 2010-06-09 13:34 289792 ----a-w- c:\windows\system32\atmfd.dll 2010-05-22 17:53 . 2010-04-17 08:47 15944 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys 2010-05-21 12:14 . 2009-10-03 08:13 221568 ------w- c:\windows\system32\MpSigStub.exe 2009-03-11 14:14 . 2009-03-11 14:09 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond REGEDIT4 [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\HumyoConflict] @="{7479C9AF-DA81-4944-92E5-23E49390BB2B}" [HKEY_CLASSES_ROOT\CLSID\{7479C9AF-DA81-4944-92E5-23E49390BB2B}] 2010-06-07 11:56 757744 ----a-w- c:\program files\humyo SmartDrive\HrfsShellExtension.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\HumyoSynced] @="{7479C9AF-DA81-4944-92E5-23E49390BB2A}" [HKEY_CLASSES_ROOT\CLSID\{7479C9AF-DA81-4944-92E5-23E49390BB2A}] 2010-06-07 11:56 757744 ----a-w- c:\program files\humyo SmartDrive\HrfsShellExtension.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\HumyoSyncing] @="{7479C9AF-DA81-4944-92E5-23E49390BB29}" [HKEY_CLASSES_ROOT\CLSID\{7479C9AF-DA81-4944-92E5-23E49390BB29}] 2010-06-07 11:56 757744 ----a-w- c:\program files\humyo SmartDrive\HrfsShellExtension.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\HumyoUnavailable] @="{06F5F772-99DF-4191-9AED-3037B0DF154B}" [HKEY_CLASSES_ROOT\CLSID\{06F5F772-99DF-4191-9AED-3037B0DF154B}] 2010-06-07 11:56 757744 ----a-w- c:\program files\humyo SmartDrive\HrfsShellExtension.dll c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ ST6UNST Uninstaller.LNK - c:\windows\ST6UNST.EXE [2010-8-18 73216] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableUIADesktopToggle"= 0 (0x0) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=c:\windows\System32\avgrsstx.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "aux1"=wdmaud.drv [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend] @="Service" [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^humyo SmartDrive.lnk] backup=c:\windows\pss\humyo SmartDrive.lnk.CommonStartup backupExtension=.CommonStartup [HKLM\~\startupfolder\C:^Users^Cem & Olcay^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^LimeWire On Startup.lnk] backup=c:\windows\pss\LimeWire On Startup.lnk.Startup backupExtension=.Startup [HKLM\~\startupfolder\C:^Users^Cem Kilic^AppData^Local^Windows^winhelp.exe] path=c:\users\Cem Kilic\AppData\Local\Windows\winhelp.exe backup=c:\windows\pss\winhelp.exe.Startup backupExtension=.Startup HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CLMLServer HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DownloadAccelerator HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IncrediMail HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Magentic [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NokiaMServer] c:\program files\Common Files\Nokia\MPlatform\NokiaMServer [X] HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NokiaMusic FastStart HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NokiaOviSuite2 HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\uTorrent HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VeohPlugin HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Voipwise [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM] 2010-06-09 08:06 976832 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher] 2010-06-20 02:04 35760 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate] 2010-06-03 00:50 1144104 ----a-w- c:\program files\DivX\DivX Update\DivXUpdate.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] 2010-07-21 13:53 141608 ----a-w- c:\program files\iTunes\iTunesHelper.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr] 2010-04-16 20:12 3872080 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] 2010-08-10 03:15 421888 ----a-w- c:\program files\QuickTime\QTTask.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Uniblue RegistryBooster 2] 2007-08-16 07:02 99608 ----a-w- c:\program files\Uniblue\RegistryBooster 2\StartRegistryBooster.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Uniblue SpeedUpMyPC] 2007-08-16 07:02 202008 ----a-w- c:\program files\Uniblue\SpeedUpMyPC 3\StartSUMP2.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Uniblue SpyEraser] 2007-08-16 07:03 1269000 ----a-w- c:\program files\Uniblue\SpyEraser\SpyEraser.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender] 2008-01-21 02:23 1008184 ----a-w- c:\program files\Windows Defender\MSASCui.exe [HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc] "VistaSp2"=hex(:c2,a9,e1,08,66,31,ca,01 R3 hrfsmrx;hrfsmrx;c:\windows\System32\Drivers\hrfsmrx.sys [2010-06-07 144368] R3 humyo.com;humyo.com;c:\program files\humyo SmartDrive\hrfscore.exe [2010-06-07 3174384] R3 netr28u;RT2870 USB Wireless LAN Card Driver for Vista;c:\windows\system32\DRIVERS\netr28u.sys [2007-09-21 554496] R4 sptd;sptd;c:\windows\system32\Drivers\sptd.sys [2010-01-02 691696] S0 AVGIDSErHr;AVGIDSErHr;c:\windows\System32\Drivers\AVGIDSErHr.sys [2009-07-22 25608] S0 AvgRkx86;avgrkx86.sys;c:\windows\System32\Drivers\avgrkx86.sys [2009-10-01 12552] S1 Avgfwfd;AVG network filter service;c:\windows\system32\DRIVERS\avgfwd6x.sys [2009-10-01 23832] S1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\System32\Drivers\avgldx86.sys [2009-10-01 335240] S1 AvgTdiX;AVG8 Network Redirector;c:\windows\System32\Drivers\avgtdix.sys [2009-10-01 108552] S2 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2009-10-01 297752] S2 avgfws8;AVG8 Firewall;c:\progra~1\AVG\AVG8\avgfws8.exe [2009-10-01 1370488] S2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG8\IdentityProtection\agent\Bin\AVGIDSAgent.exe AVGIDSAgent [x] S2 AVGIDSWatcher;AVGIDSWatcher;c:\program files\AVG\AVG8\IdentityProtection\agent\Bin\AVGIDSWatcher.exe [2009-07-22 571912] S3 AVGIDSDriver;AVGIDSDriver;c:\program files\AVG\AVG8\IdentityProtection\agent\driver\platform_VISTA\AVGIDSDriver.sys [2009-07-22 121352] S3 AVGIDSFilter;AVGIDSFilter;c:\program files\AVG\AVG8\IdentityProtection\agent\driver\platform_VISTA\AVGIDSFilter.sys [2009-07-22 30216] S3 AVGIDSShim;AVGIDSShim;c:\program files\AVG\AVG8\IdentityProtection\agent\driver\platform_VISTA\AVGIDSShim.sys [2009-07-22 29136] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache . Inhoud van de 'Gedeelde Taken' map 2010-07-26 c:\windows\Tasks\Uniblue SpyEraser.job - c:\program files\Uniblue\SpyEraser\SpyEraser.exe [2010-07-26 07:03] 2010-08-18 c:\windows\Tasks\User_Feed_Synchronization-{39A30C60-5B4A-41BA-83DD-BE2EBF01574C}.job - c:\windows\system32\msfeedssync.exe [2010-08-15 04:24] 2010-08-17 c:\windows\Tasks\User_Feed_Synchronization-{5EF769B8-4F9D-40B5-8A04-24005E323BB2}.job - c:\windows\system32\msfeedssync.exe [2010-08-15 04:24] . . ------- Bijkomende Scan ------- . IE: E&xporteren naar Microsoft Excel - c:\progra~1\MI1933~1\Office12\EXCEL.EXE/3000 IE: {{0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - eBay België FF - ProfilePath - c:\users\Cem Kilic\AppData\Roaming\Mozilla\Firefox\Profiles\2ovacmyy.default\ FF - prefs.js: browser.startup.homepage - Google FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ ---- FIREFOX POLICIES ---- c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type", 5); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.count", 24); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096); c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45); c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false); c:\program files\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", ""); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false); . - - - - ORPHANS VERWIJDERD - - - - MSConfigStartUp-AdobeCS4ServiceManager - c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe AddRemove-{d08d9f98-1c78-4704-87e6-368b0023d831} - c:\program files\RelevantKnowledge\rlvknlg.exe ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover Rootkit scan 2010-08-18 20:08 Windows 6.0.6002 Service Pack 2 NTFS scannen van verborgen processen ... scannen van verborgen autostart items ... scannen van verborgen bestanden ... c:\windows\system32\sys_drv.dat 7028 bytes c:\windows\system32\sys_drv_2.dat 6024 bytes c:\windows\system32\WinFLdrv.sys 10752 bytes executable Scan succesvol afgerond verborgen bestanden: 3 ************************************************************************** [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\.NET CLR Data] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\.NET CLR Networking] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\.NET Data Provider for Oracle] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\.NET Data Provider for SqlServer] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\.NETFramework] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\ACPI] "ImagePath"="system32\drivers\acpi.sys" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\adfs] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\adp94xx] "ImagePath"="\SystemRoot\system32\drivers\adp94xx.sys" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\adpahci] "ImagePath"="\SystemRoot\system32\drivers\adpahci.sys" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\adpu160m] "ImagePath"="\SystemRoot\system32\drivers\adpu160m.sys" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\adpu320] "ImagePath"="\SystemRoot\system32\drivers\adpu320.sys" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\adsi] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\AeLookupSvc] "ServiceDll"="%SystemRoot%\System32\aelupsvc.dll" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\AFD] "ImagePath"="\SystemRoot\system32\drivers\afd.sys" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\agp440] "ImagePath"="\SystemRoot\system32\drivers\agp440.sys" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\aic78xx] "ImagePath"="\SystemRoot\system32\drivers\djsvs.sys" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\ALG] "ImagePath"="%SystemRoot%\System32\alg.exe" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\aliide] "ImagePath"="\SystemRoot\system32\drivers\aliide.sys" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\amdagp] "ImagePath"="\SystemRoot\system32\drivers\amdagp.sys" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\amdide] "ImagePath"="\SystemRoot\system32\drivers\amdide.sys" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\AmdK7] "ImagePath"="\SystemRoot\system32\drivers\amdk7.sys" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\AmdK8] "ImagePath"="\SystemRoot\system32\drivers\amdk8.sys" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Appinfo] "ServiceDll"="%SystemRoot%\System32\appinfo.dll" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Apple Mobile Device] "ImagePath"="\"c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe\"" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\AppMgmt] "ServiceDll"="%SystemRoot%\System32\appmgmts.dll" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\arc] "ImagePath"="\SystemRoot\system32\drivers\arc.sys" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\arcsas] "ImagePath"="\SystemRoot\system32\drivers\arcsas.sys" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\AsyncMac] "ImagePath"="system32\DRIVERS\asyncmac.sys" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\atapi] "ImagePath"="\SystemRoot\system32\drivers\atapi.sys" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\AudioEndpointBuilder] "ServiceDll"="%SystemRoot%\System32\Audiosrv.dll" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Audiosrv] "ServiceDll"="%SystemRoot%\System32\Audiosrv.dll" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\AVG] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\avg8wd] "ImagePath"="c:\progra~1\AVG\AVG8\avgwdsvc.exe" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Avgfwfd] "ImagePath"="system32\DRIVERS\avgfwd6x.sys" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\avgfws8] "ImagePath"="c:\progra~1\AVG\AVG8\avgfws8.exe" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\AVGIDSAgent] "ImagePath"="\"c:\program files\AVG\AVG8\IdentityProtection\agent\Bin\AVGIDSAgent.exe\" AVGIDSAgent" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\AVGIDSDriver] "ImagePath"="\??\c:\program files\AVG\AVG8\IdentityProtection\agent\driver\platform_VISTA\AVGIDSDriver.sys" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\AVGIDSErHr] "ImagePath"="System32\Drivers\AVGIDSErHr.sys" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\AVGIDSFilter] "ImagePath"="\??\c:\program files\AVG\AVG8\IdentityProtection\agent\driver\platform_VISTA\AVGIDSFilter.sys" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\AVGIDSShim] "ImagePath"="\??\c:\program files\AVG\AVG8\IdentityProtection\agent\driver\platform_VISTA\AVGIDSShim.sys" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\AVGIDSWatcher] "ImagePath"="c:\program files\AVG\AVG8\IdentityProtection\agent\Bin\AVGIDSWatcher.exe" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\AvgLdx86] "ImagePath"="\SystemRoot\System32\Drivers\avgldx86.sys" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\AvgMfx86] "ImagePath"="\SystemRoot\System32\Drivers\avgmfx86.sys" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\AvgRkx86] "ImagePath"="System32\Drivers\avgrkx86.sys" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\AvgTdiX] "ImagePath"="\SystemRoot\System32\Drivers\avgtdix.sys" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\BattC] "MofImagePath"="system32\drivers\battc.sys" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Beep] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\BFE] "ServiceDll"="%SystemRoot%\System32\bfe.dll" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\BITS] "ServiceDll"="%systemroot%\system32\qmgr.dll" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\blbdrive] "ImagePath"="\SystemRoot\system32\drivers\blbdrive.sys" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Bonjour Service] "ImagePath"="\"c:\program files\Bonjour\mDNSResponder.exe\"" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\bowser] "ImagePath"="system32\DRIVERS\bowser.sys" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\BrFiltLo] "ImagePath"="\SystemRoot\system32\drivers\brfiltlo.sys" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\BrFiltUp] "ImagePath"="\SystemRoot\system32\drivers\brfiltup.sys" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Browser] "ServiceDll"="%SystemRoot%\System32\browser.dll" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Brserid] "ImagePath"="\SystemRoot\system32\drivers\brserid.sys" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\BrSerWdm] "ImagePath"="\SystemRoot\system32\drivers\brserwdm.sys" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\BrUsbMdm] "ImagePath"="\SystemRoot\system32\drivers\brusbmdm.sys" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\BrUsbSer] "ImagePath"="\SystemRoot\system32\drivers\brusbser.sys" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\BTHMODEM] "ImagePath"="\SystemRoot\system32\drivers\bthmodem.sys" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\BTHPORT] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\catchme] "ImagePath"="\??\c:\users\CEMKIL~1\AppData\Local\Temp\catchme.sys" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\cdfs] "ImagePath"="system32\DRIVERS\cdfs.sys" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\cdrom] "ImagePath"="system32\DRIVERS\cdrom.sys" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\CertPropSvc] "ServiceDll"="%SystemRoot%\System32\certprop.dll" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\circlass] "ImagePath"="\SystemRoot\system32\drivers\circlass.sys" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\CLFS] "ImagePath"="System32\CLFS.sys" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\clr_optimization_v2.0.50727_32] "ImagePath"="%systemroot%\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\cmdide] "ImagePath"="\SystemRoot\system32\drivers\cmdide.sys" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Compbatt] "ImagePath"="\SystemRoot\system32\drivers\compbatt.sys" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\COMSysApp] "ImagePath"="%SystemRoot%\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235}" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\crcdisk] "ImagePath"="system32\drivers\crcdisk.sys" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Crusoe] "ImagePath"="\SystemRoot\system32\drivers\crusoe.sys" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\crypt32] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\CryptSvc] "ServiceDll"="%SystemRoot%\system32\cryptsvc.dll" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\DCLocator] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\DcomLaunch] "ServiceDll"="%SystemRoot%\system32\rpcss.dll" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\DfsC] "ImagePath"="System32\Drivers\dfsc.sys" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\DFSR] "ImagePath"="%SystemRoot%\system32\DFSR.exe" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Dhcp] "ServiceDll"="%SystemRoot%\system32\dhcpcsvc.dll" -- [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\disk] "ImagePath"="system32\drivers\disk.sys" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Dnscache] "ServiceDll"="%SystemRoot%\System32\dnsrslvr.dll" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\dot3svc] "ServiceDll"="%SystemRoot%\System32\dot3svc.dll" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\DPS] "ServiceDll"="%SystemRoot%\system32\dps.dll" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\drmkaud] "ImagePath"="system32\drivers\drmkaud.sys" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\DXGKrnl] "ImagePath"="\SystemRoot\System32\drivers\dxgkrnl.sys" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\e1express] "ImagePath"="system32\DRIVERS\e1e6032.sys" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\E1G60] "ImagePath"="system32\DRIVERS\E1G60I32.sys" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EapHost] "ServiceDll"="%SystemRoot%\System32\eapsvc.dll" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Ecache] "ImagePath"="System32\drivers\ecache.sys" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\ehRecvr] "ImagePath"="%systemroot%\ehome\ehRecvr.exe" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\ehSched] "ImagePath"="%systemroot%\ehome\ehsched.exe" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\ehstart] "ServiceDll"="%SystemRoot%\ehome\ehstart.dll" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\elxstor] "ImagePath"="\SystemRoot\system32\drivers\elxstor.sys" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EmdCache] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EMDMgmt] "ServiceDll"="%systemroot%\system32\emdmgmt.dll" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\ErrDev] "ImagePath"="\SystemRoot\system32\drivers\errdev.sys" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\ESENT] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog] "ServiceDll"="%SystemRoot%\System32\wevtsvc.dll" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventSystem] "ServiceDll"="%systemroot%\system32\es.dll" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\exfat] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\fastfat] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\fdc] "ImagePath"="system32\DRIVERS\fdc.sys" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\fdPHost] "ServiceDll"="%SystemRoot%\system32\fdPHost.dll" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\FDResPub] "ServiceDll"="%SystemRoot%\system32\fdrespub.dll" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\FileInfo] "ImagePath"="system32\drivers\fileinfo.sys" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Filetrace] "ImagePath"="system32\drivers\filetrace.sys" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\FLEXnet Licensing Service] "ImagePath"="\"c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe\"" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\flpydisk] "ImagePath"="system32\DRIVERS\flpydisk.sys" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\FltMgr] "ImagePath"="system32\drivers\fltmgr.sys" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\FontCache] "ServiceDll"="%SystemRoot%\system32\FntCache.dll" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\FontCache3.0.0.0] "ImagePath"="%systemroot%\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Fs_Rec] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\gagp30kx] "ImagePath"="\SystemRoot\system32\drivers\gagp30kx.sys" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\GEARAspiWDM] "ImagePath"="system32\DRIVERS\GEARAspiWDM.sys" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\gpsvc] "ServiceDll"="%SystemRoot%\System32\gpsvc.dll" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\HdAudAddService] "ImagePath"="system32\drivers\HdAudio.sys" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\HDAudBus] "ImagePath"="system32\DRIVERS\HDAudBus.sys" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\HidBth] "ImagePath"="\SystemRoot\system32\drivers\hidbth.sys" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\HidIr] "ImagePath"="\SystemRoot\system32\drivers\hidir.sys" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\hidserv] "ServiceDll"="%SystemRoot%\System32\hidserv.dll" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\HidUsb] "ImagePath"="system32\DRIVERS\hidusb.sys" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\hkmsvc] "ServiceDLL"="%SystemRoot%\system32\kmsvc.dll" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\HpCISSs] "ImagePath"="\SystemRoot\system32\drivers\hpcisss.sys" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\hrfsmrx] "ImagePath"="\SystemRoot\System32\Drivers\hrfsmrx.sys" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\HTTP] "ImagePath"="system32\drivers\HTTP.sys" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\humyo.com] "ImagePath"="\"c:\program files\humyo SmartDrive\hrfscore.exe\"" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\i2omp] "ImagePath"="\SystemRoot\system32\drivers\i2omp.sys" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\i8042prt] "ImagePath"="system32\DRIVERS\i8042prt.sys" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\IAANTMON] "ImagePath"="c:\program files\Intel\Intel Matrix Storage Manager\Iaantmon.exe" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\iaStor] "ImagePath"="system32\DRIVERS\iaStor.sys" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\iaStorV] "ImagePath"="\SystemRoot\system32\drivers\iastorv.sys" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\idsvc] "ImagePath"="\"%systemroot%\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe\"" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\iirsp] "ImagePath"="\SystemRoot\system32\drivers\iirsp.sys" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\IKEEXT] "ServiceDll"="%SystemRoot%\System32\ikeext.dll" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\inetaccs] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\IntcAzAudAddService] "ImagePath"="system32\drivers\RTKVHDA.sys" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\intelide] "ImagePath"="\SystemRoot\system32\drivers\intelide.sys" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\intelppm] "ImagePath"="system32\DRIVERS\intelppm.sys" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\IPBusEnum] "ServiceDll"="%SystemRoot%\system32\ipbusenum.dll" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\IpFilterDriver] "ImagePath"="system32\DRIVERS\ipfltdrv.sys" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\iphlpsvc] "ServiceDll"="%SystemRoot%\System32\iphlpsvc.dll" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\IpInIp] "ImagePath"="system32\DRIVERS\ipinip.sys" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\IPMIDRV] "ImagePath"="\SystemRoot\system32\drivers\ipmidrv.sys" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\IPNAT] "ImagePath"="system32\DRIVERS\ipnat.sys" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\iPod Service] "ImagePath"="\"c:\program files\iPod\bin\iPodService.exe\"" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\IRENUM] "ImagePath"="system32\drivers\irenum.sys" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\isapnp] "ImagePath"="\SystemRoot\system32\drivers\isapnp.sys" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\iScsiPrt] "ImagePath"="system32\DRIVERS\msiscsi.sys" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\iteatapi] "ImagePath"="\SystemRoot\system32\drivers\iteatapi.sys" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\iteraid] "ImagePath"="\SystemRoot\system32\drivers\iteraid.sys" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\kbdclass] "ImagePath"="system32\DRIVERS\kbdclass.sys" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\kbdhid] "ImagePath"="system32\DRIVERS\kbdhid.sys" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\KeyIso] "ImagePath"="%SystemRoot%\system32\lsass.exe" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\KSecDD] "ImagePath"="System32\Drivers\ksecdd.sys" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\KtmRm] "ServiceDll"="%systemroot%\system32\msdtckrm.dll" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\LanmanServer] "ServiceDll"="%SystemRoot%\System32\srvsvc.dll" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\LanmanWorkstation] "ServiceDll"="%SystemRoot%\System32\wkssvc.dll" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\ldap] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\lltdio] "ImagePath"="system32\DRIVERS\lltdio.sys" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\lltdsvc] "ServiceDll"="%SystemRoot%\System32\lltdsvc.dll" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\lmhosts] "ServiceDll"="%SystemRoot%\System32\lmhsvc.dll" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Lsa] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\LSI_FC] "ImagePath"="\SystemRoot\system32\drivers\lsi_fc.sys" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\LSI_SAS] "ImagePath"="\SystemRoot\system32\drivers\lsi_sas.sys" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\LSI_SCSI] "ImagePath"="\SystemRoot\system32\drivers\lsi_scsi.sys" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\luafv] "ImagePath"="\SystemRoot\system32\drivers\luafv.sys" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Mcx2Svc] "ServiceDll"="%SystemRoot%\system32\Mcx2Svc.dll" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\megasas] "ImagePath"="\SystemRoot\system32\drivers\megasas.sys" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\MegaSR] "ImagePath"="\SystemRoot\system32\drivers\megasr.sys" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\MMCSS] "ServiceDll"="%SystemRoot%\system32\mmcss.dll" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Modem] "ImagePath"="system32\drivers\modem.sys" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\monitor] "ImagePath"="system32\DRIVERS\monitor.sys" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\mouclass] "ImagePath"="system32\DRIVERS\mouclass.sys" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\mouhid] "ImagePath"="system32\DRIVERS\mouhid.sys" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\MountMgr] "ImagePath"="System32\drivers\mountmgr.sys" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\mpio] "ImagePath"="\SystemRoot\system32\drivers\mpio.sys" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\mpsdrv] "ImagePath"="System32\drivers\mpsdrv.sys" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\MpsSvc] "ServiceDll"="%SystemRoot%\system32\mpssvc.dll" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Mraid35x] "ImagePath"="\SystemRoot\system32\drivers\mraid35x.sys" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\MRxDAV] "ImagePath"="\SystemRoot\system32\drivers\mrxdav.sys" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\mrxsmb] "ImagePath"="system32\DRIVERS\mrxsmb.sys" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\mrxsmb10] "ImagePath"="system32\DRIVERS\mrxsmb10.sys" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\mrxsmb20] "ImagePath"="system32\DRIVERS\mrxsmb20.sys" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\msahci] "ImagePath"="\SystemRoot\system32\drivers\msahci.sys" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\msdsm] "ImagePath"="\SystemRoot\system32\drivers\msdsm.sys" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\MSDTC] "ImagePath"="%SystemRoot%\System32\msdtc.exe" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\MSDTC Bridge 3.0.0.0] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Msfs] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\msisadrv] "ImagePath"="system32\drivers\msisadrv.sys" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\MSiSCSI] "ServiceDll"="%systemroot%\system32\iscsiexe.dll" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\msiserver] "ImagePath"="%systemroot%\system32\msiexec.exe /V" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\MSKSSRV] "ImagePath"="system32\drivers\MSKSSRV.sys" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\MSPCLOCK] "ImagePath"="system32\drivers\MSPCLOCK.sys" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\MSPQM] "ImagePath"="system32\drivers\MSPQM.sys" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\MsRPC] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\MSSCNTRS] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\mssmbios] "ImagePath"="system32\DRIVERS\mssmbios.sys" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\MSTEE] "ImagePath"="system32\drivers\MSTEE.sys" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Mup] "ImagePath"="System32\Drivers\mup.sys" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\napagent] "ServiceDLL"="%SystemRoot%\system32\qagentRT.dll" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\NativeWifiP] "ImagePath"="system32\DRIVERS\nwifi.sys" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\NDIS] "ImagePath"="system32\drivers\ndis.sys" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\NdisTapi] "ImagePath"="system32\DRIVERS\ndistapi.sys" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Ndisuio] "ImagePath"="system32\DRIVERS\ndisuio.sys" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\NdisWan] "ImagePath"="system32\DRIVERS\ndiswan.sys" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\NDProxy] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\NetBIOS] "ImagePath"="system32\DRIVERS\netbios.sys" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\netbt] "ImagePath"="System32\DRIVERS\netbt.sys" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Netlogon] "ImagePath"="%SystemRoot%\system32\lsass.exe" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Netman] "ServiceDll"="%SystemRoot%\System32\netman.dll" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\netprofm] "ServiceDll"="%SystemRoot%\System32\netprofm.dll" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\netr28u] "ImagePath"="system32\DRIVERS\netr28u.sys" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\NetTcpPortSharing] "ImagePath"="\"%systemroot%\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe\"" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\nfrd960] "ImagePath"="\SystemRoot\system32\drivers\nfrd960.sys" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\NlaSvc] "ServiceDll"="%SystemRoot%\System32\nlasvc.dll" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\nmwcd] "ImagePath"="system32\drivers\ccdcmb.sys" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\nmwcdc] "ImagePath"="system32\drivers\ccdcmbo.sys" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Npfs] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\nsi] "ServiceDll"="%systemroot%\system32\nsisvc.dll" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\nsiproxy] "ImagePath"="system32\drivers\nsiproxy.sys" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\NTDS] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Ntfs] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\ntrigdigi] "ImagePath"="\SystemRoot\system32\drivers\ntrigdigi.sys" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Null] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\nvlddmkm] "ImagePath"="system32\DRIVERS\nvlddmkm.sys" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\nvraid] "ImagePath"="\SystemRoot\system32\drivers\nvraid.sys" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\nvstor] "ImagePath"="\SystemRoot\system32\drivers\nvstor.sys" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\nvsvc] "ImagePath"="%SystemRoot%\system32\nvvsvc.exe" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\nv_agp] "ImagePath"="\SystemRoot\system32\drivers\nv_agp.sys" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\NwlnkFlt] "ImagePath"="system32\DRIVERS\nwlnkflt.sys" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\NwlnkFwd] "ImagePath"="system32\DRIVERS\nwlnkfwd.sys" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\odserv] "ImagePath"="\"c:\program files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE\"" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\ohci1394] "ImagePath"="system32\DRIVERS\ohci1394.sys" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\ose] "ImagePath"="\"c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE\"" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Outlook] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\p2pimsvc] "ServiceDll"="%SystemRoot%\system32\p2psvc.dll" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\p2psvc] "ServiceDll"="%SystemRoot%\system32\p2psvc.dll" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Parport] "ImagePath"="\SystemRoot\system32\drivers\parport.sys" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\partmgr] "ImagePath"="System32\drivers\partmgr.sys" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Parvdm] "ImagePath"="\SystemRoot\system32\drivers\parvdm.sys" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\PcaSvc] "ServiceDll"="%SystemRoot%\System32\pcasvc.dll" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\pccsmcfd] "ImagePath"="system32\DRIVERS\pccsmcfd.sys" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\pci] "ImagePath"="system32\drivers\pci.sys" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\pciide] "ImagePath"="\SystemRoot\system32\drivers\pciide.sys" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\pcmcia] "ImagePath"="\SystemRoot\system32\drivers\pcmcia.sys" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\pcouffin] "ImagePath"="System32\Drivers\pcouffin.sys" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\PEAUTH] "ImagePath"="system32\drivers\peauth.sys" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\PerfDisk] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\PerfNet] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\PerfOS] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\PerfProc] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\pla] "ServiceDll"="%systemroot%\system32\pla.dll" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\PlugPlay] "ServiceDll"="%SystemRoot%\system32\umpnpmgr.dll" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\PNRPAutoReg] "ServiceDll"="%SystemRoot%\system32\p2psvc.dll" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\PNRPsvc] "ServiceDll"="%SystemRoot%\system32\p2psvc.dll" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\PolicyAgent] "ServiceDll"="%SystemRoot%\System32\ipsecsvc.dll" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\PortProxy] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\PptpMiniport] "ImagePath"="system32\DRIVERS\raspptp.sys" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Processor] "ImagePath"="\SystemRoot\system32\drivers\processr.sys" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\ProfSvc] "ServiceDll"="%systemroot%\system32\profsvc.dll" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\ProtectedStorage] "ImagePath"="%SystemRoot%\system32\lsass.exe" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\PSched] "ImagePath"="system32\DRIVERS\pacer.sys" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\PSI_SVC_2] "ImagePath"="\"c:\program files\Common Files\Protexis\License Service\PsiService_2.exe\"" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\ql2300] "ImagePath"="\SystemRoot\system32\drivers\ql2300.sys" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\ql40xx] "ImagePath"="\SystemRoot\system32\drivers\ql40xx.sys" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\QWAVE] "ServiceDll"="%windir%\system32\qwave.dll" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\QWAVEdrv] "ImagePath"="\SystemRoot\system32\drivers\qwavedrv.sys" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\RasAcd] "ImagePath"="System32\DRIVERS\rasacd.sys" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\RasAuto] "ServiceDll"="%SystemRoot%\System32\rasauto.dll" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Rasl2tp] "ImagePath"="system32\DRIVERS\rasl2tp.sys" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\RasMan] "ServiceDll"="%SystemRoot%\System32\rasmans.dll" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\RasPppoe] "ImagePath"="system32\DRIVERS\raspppoe.sys" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\RasSstp] "ImagePath"="system32\DRIVERS\rassstp.sys" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\rdbss] "ImagePath"="system32\DRIVERS\rdbss.sys" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\RDPCDD] "ImagePath"="System32\DRIVERS\RDPCDD.sys" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\RDPDD] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\rdpdr] "ImagePath"="\SystemRoot\system32\drivers\rdpdr.sys" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\RDPENCDD] "ImagePath"="system32\drivers\rdpencdd.sys" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\RDPNP] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\RDPWD] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\RemoteAccess] "ServiceDLL"="%SystemRoot%\System32\mprdim.dll" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\RemoteRegistry] "ServiceDll"="%SystemRoot%\system32\regsvc.dll" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\rpcapd] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\RpcLocator] "ImagePath"="%SystemRoot%\system32\locator.exe" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\RpcSs] "ServiceDll"="%SystemRoot%\system32\rpcss.dll" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\rspndr] "ImagePath"="system32\DRIVERS\rspndr.sys" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SamSs] "ImagePath"="%SystemRoot%\system32\lsass.exe" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sbp2port] "ImagePath"="\SystemRoot\system32\drivers\sbp2port.sys" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SCardSvr] "ServiceDll"="%SystemRoot%\System32\SCardSvr.dll" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Schedule] "ServiceDll"="%systemroot%\system32\schedsvc.dll" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SCPolicySvc] "ServiceDll"="%SystemRoot%\System32\certprop.dll" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SDRSVC] "ServiceDll"="%Systemroot%\System32\SDRSVC.dll" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\secdrv] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\seclogon] "ServiceDll"="%windir%\system32\seclogon.dll" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SENS] "ServiceDll"="%SystemRoot%\system32\sens.dll" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Serenum] "ImagePath"="system32\DRIVERS\serenum.sys" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Serial] "ImagePath"="system32\DRIVERS\serial.sys" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sermouse] "ImagePath"="\SystemRoot\system32\drivers\sermouse.sys" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\ServiceLayer] "ImagePath"="\"c:\program files\PC Connectivity Solution\ServiceLayer.exe\"" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\ServiceModelEndpoint 3.0.0.0] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\ServiceModelOperation 3.0.0.0] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\ServiceModelService 3.0.0.0] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SessionEnv] "ServiceDLL"="%SystemRoot%\system32\sessenv.dll" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sffdisk] "ImagePath"="\SystemRoot\system32\drivers\sffdisk.sys" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sffp_mmc] "ImagePath"="\SystemRoot\system32\drivers\sffp_mmc.sys" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sffp_sd] "ImagePath"="\SystemRoot\system32\drivers\sffp_sd.sys" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sfloppy] "ImagePath"="\SystemRoot\system32\drivers\sfloppy.sys" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess] "ServiceDll"="%SystemRoot%\System32\ipnathlp.dll" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\ShellHWDetection] "ServiceDll"="%SystemRoot%\System32\shsvcs.dll" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sisagp] "ImagePath"="\SystemRoot\system32\drivers\sisagp.sys" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SiSRaid2] "ImagePath"="\SystemRoot\system32\drivers\sisraid2.sys" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SiSRaid4] "ImagePath"="\SystemRoot\system32\drivers\sisraid4.sys" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\slsvc] "ImagePath"="%SystemRoot%\system32\SLsvc.exe" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SLUINotify] "ServiceDll"="%SystemRoot%\system32\SLUINotify.dll" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Smb] "ImagePath"="system32\DRIVERS\smb.sys" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SMSvcHost 3.0.0.0] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SNMPTRAP] "ImagePath"="%SystemRoot%\System32\snmptrap.exe" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\spldr] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Spooler] "ImagePath"="%SystemRoot%\System32\spoolsv.exe" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sptd] "ImagePath"="System32\Drivers\sptd.sys" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\srv] "ImagePath"="System32\DRIVERS\srv.sys" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\srv2] "ImagePath"="System32\DRIVERS\srv2.sys" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\srvnet] "ImagePath"="System32\DRIVERS\srvnet.sys" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SSDPSRV] "ServiceDll"="%SystemRoot%\System32\ssdpsrv.dll" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SstpSvc] "ServiceDll"="%SystemRoot%\system32\sstpsvc.dll" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\StarOpen] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\stisvc] "ServiceDll"="%SystemRoot%\System32\wiaservc.dll" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\swenum] "ImagePath"="system32\DRIVERS\swenum.sys" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\swprv] "ServiceDll"="%Systemroot%\System32\swprv.dll" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Symc8xx] "ImagePath"="\SystemRoot\system32\drivers\symc8xx.sys" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Sym_hi] "ImagePath"="\SystemRoot\system32\drivers\sym_hi.sys" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Sym_u3] "ImagePath"="\SystemRoot\system32\drivers\sym_u3.sys" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SysMain] "ServiceDll"="%systemroot%\system32\sysmain.dll" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\TabletInputService] "ServiceDll"="%SystemRoot%\System32\TabSvc.dll" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\tap0901] "ImagePath"="system32\DRIVERS\tap0901.sys" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\taphss] "ImagePath"="system32\DRIVERS\taphss.sys" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\TapiSrv] "ServiceDll"="%SystemRoot%\System32\tapisrv.dll" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\TBS] "ServiceDll"="%SystemRoot%\System32\tbssvc.dll" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip] "ImagePath"="System32\drivers\tcpip.sys" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip6] "ImagePath"="system32\DRIVERS\tcpip.sys" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\tcpipreg] "ImagePath"="System32\drivers\tcpipreg.sys" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\TDPIPE] "ImagePath"="system32\drivers\tdpipe.sys" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\TDTCP] "ImagePath"="system32\drivers\tdtcp.sys" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\tdx] "ImagePath"="system32\DRIVERS\tdx.sys" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\TermDD] "ImagePath"="system32\DRIVERS\termdd.sys" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\TermService] "ServiceDll"="%SystemRoot%\System32\termsrv.dll" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Themes] "ServiceDll"="%SystemRoot%\system32\shsvcs.dll" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\THREADORDER] "ServiceDll"="%SystemRoot%\system32\mmcss.dll" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\TrkWks] "ServiceDll"="%SystemRoot%\System32\trkwks.dll" -- [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\TrustedInstaller] "ImagePath"="%SystemRoot%\servicing\TrustedInstaller.exe" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\TSDDD] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\tssecsrv] "ImagePath"="System32\DRIVERS\tssecsrv.sys" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\tunmp] "ImagePath"="system32\DRIVERS\tunmp.sys" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\tunnel] "ImagePath"="system32\DRIVERS\tunnel.sys" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\uagp35] "ImagePath"="\SystemRoot\system32\drivers\uagp35.sys" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\udfs] "ImagePath"="system32\DRIVERS\udfs.sys" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\UGatherer] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\UGTHRSVC] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\UI0Detect] "ImagePath"="%SystemRoot%\system32\UI0Detect.exe" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\uliagpkx] "ImagePath"="\SystemRoot\system32\drivers\uliagpkx.sys" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\uliahci] "ImagePath"="\SystemRoot\system32\drivers\uliahci.sys" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\UlSata] "ImagePath"="\SystemRoot\system32\drivers\ulsata.sys" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\ulsata2] "ImagePath"="\SystemRoot\system32\drivers\ulsata2.sys" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\umbus] "ImagePath"="system32\DRIVERS\umbus.sys" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\upnphost] "ServiceDll"="%SystemRoot%\System32\upnphost.dll" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\upperdev] "ImagePath"="system32\DRIVERS\usbser_lowerflt.sys" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\usb] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\USBAAPL] "ImagePath"="System32\Drivers\usbaapl.sys" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\usbaudio] "ImagePath"="system32\drivers\usbaudio.sys" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\usbccgp] "ImagePath"="system32\DRIVERS\usbccgp.sys" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\usbcir] "ImagePath"="\SystemRoot\system32\drivers\usbcir.sys" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\usbehci] "ImagePath"="system32\DRIVERS\usbehci.sys" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\usbhub] "ImagePath"="system32\DRIVERS\usbhub.sys" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\usbohci] "ImagePath"="\SystemRoot\system32\drivers\usbohci.sys" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\usbprint] "ImagePath"="system32\DRIVERS\usbprint.sys" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\usbscan] "ImagePath"="system32\DRIVERS\usbscan.sys" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\usbser] "ImagePath"="system32\drivers\usbser.sys" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\UsbserFilt] "ImagePath"="system32\DRIVERS\usbser_lowerfltj.sys" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\USBSTOR] "ImagePath"="system32\DRIVERS\USBSTOR.SYS" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\usbuhci] "ImagePath"="system32\DRIVERS\usbuhci.sys" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\UxSms] "ServiceDll"="%SystemRoot%\System32\uxsms.dll" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\vds] "ImagePath"="%SystemRoot%\System32\vds.exe" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\vga] "ImagePath"="system32\DRIVERS\vgapnp.sys" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\VgaSave] "ImagePath"="\SystemRoot\System32\drivers\vga.sys" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\viaagp] "ImagePath"="\SystemRoot\system32\drivers\viaagp.sys" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\ViaC7] "ImagePath"="\SystemRoot\system32\drivers\viac7.sys" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\viaide] "ImagePath"="\SystemRoot\system32\drivers\viaide.sys" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\volmgr] "ImagePath"="system32\drivers\volmgr.sys" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\volmgrx] "ImagePath"="System32\drivers\volmgrx.sys" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\volsnap] "ImagePath"="system32\drivers\volsnap.sys" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\vsmraid] "ImagePath"="\SystemRoot\system32\drivers\vsmraid.sys" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\VSS] "ImagePath"="%systemroot%\system32\vssvc.exe" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\W32Time] "ServiceDll"="%systemroot%\system32\w32time.dll" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\W3SVC] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WacomPen] "ImagePath"="\SystemRoot\system32\drivers\wacompen.sys" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Wanarp] "ImagePath"="system32\DRIVERS\wanarp.sys" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Wanarpv6] "ImagePath"="system32\DRIVERS\wanarp.sys" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\wcncsvc] "ServiceDll"="%SystemRoot%\System32\wcncsvc.dll" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WcsPlugInService] "ServiceDll"="%SystemRoot%\System32\WcsPlugInService.dll" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Wd] "ImagePath"="\SystemRoot\system32\drivers\wd.sys" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Wdf01000] "ImagePath"="system32\drivers\Wdf01000.sys" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WdiServiceHost] "ServiceDll"="%SystemRoot%\system32\wdi.dll" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WdiSystemHost] "ServiceDll"="%SystemRoot%\system32\wdi.dll" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WebClient] "ServiceDll"="%SystemRoot%\System32\webclnt.dll" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Wecsvc] "ServiceDll"="%SystemRoot%\system32\wecsvc.dll" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\wercplsupport] "ServiceDll"="%SystemRoot%\System32\wercplsupport.dll" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WerSvc] "ServiceDll"="%SystemRoot%\System32\WerSvc.dll" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WinDefend] "ServiceDll"="%ProgramFiles%\Windows Defender\mpsvc.dll" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Windows Workflow Foundation 3.0.0.0] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WinFLdrv] "ImagePath"="system32\WinFLdrv.sys" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WinHttpAutoProxySvc] "ServiceDll"="winhttp.dll" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Winmgmt] "ServiceDll"="%SystemRoot%\system32\wbem\WMIsvc.dll" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WinRM] "ServiceDll"="%SystemRoot%\system32\WsmSvc.dll" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Winsock] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WinSock2] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WinVd32] "ImagePath"="\??\c:\windows\system32\WinVd32.sys" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Wlansvc] "ServiceDll"="%SystemRoot%\System32\wlansvc.dll" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\wlidsvc] "ImagePath"="\"c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE\"" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WmiAcpi] "ImagePath"="\SystemRoot\system32\drivers\wmiacpi.sys" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WmiApRpl] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\wmiApSrv] "ImagePath"="%systemroot%\system32\wbem\WmiApSrv.exe" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WMPNetworkSvc] "ImagePath"="\"%ProgramFiles%\Windows Media Player\wmpnetwk.exe\"" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WPCSvc] "ServiceDll"="%SystemRoot%\System32\wpcsvc.dll" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WPDBusEnum] "ServiceDll"="%SystemRoot%\system32\wpdbusenum.dll" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WpdUsb] "ImagePath"="system32\DRIVERS\wpdusb.sys" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\ws2ifsl] "ImagePath"="\SystemRoot\system32\drivers\ws2ifsl.sys" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\wscsvc] "ServiceDll"="%SYSTEMROOT%\system32\wscsvc.dll" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WSearch] "ImagePath"="%systemroot%\system32\SearchIndexer.exe /Embedding" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WSearchIdxPi] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\wuauserv] "ServiceDll"="%systemroot%\system32\wuaueng.dll" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WUDFRd] "ImagePath"="system32\DRIVERS\WUDFRd.sys" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\wudfsvc] "ServiceDll"="%SystemRoot%\System32\WUDFSvc.dll" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\xmlprov] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\{DDF1F56C-4F52-4489-9ECD-EFCF414CA4E6}] . --------------------- VERGRENDELDE REGISTER SLEUTELS --------------------- [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . --------------------- DLLs Geladen Onder Lopende Processen --------------------- - - - - - - - > 'Explorer.exe'(2840) c:\program files\humyo SmartDrive\HrfsShellExtension.dll c:\program files\WinRAR\rarext.dll c:\program files\Malwarebytes' Anti-Malware\mbamext.dll . ------------------------ Andere Aktieve Processen ------------------------ . c:\windows\system32\nvvsvc.exe c:\windows\system32\nvvsvc.exe c:\program files\AVG\AVG8\IdentityProtection\agent\Bin\AVGIDSAgent.exe c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe c:\program files\Bonjour\mDNSResponder.exe c:\program files\Common Files\Protexis\License Service\PsiService_2.exe c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE c:\progra~1\AVG\AVG8\avgam.exe c:\progra~1\AVG\AVG8\avgrsx.exe c:\progra~1\AVG\AVG8\avgnsx.exe c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe c:\windows\system32\conime.exe c:\program files\Intel\Intel Matrix Storage Manager\IAAnotif.exe c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe c:\program files\AVG\AVG8\avgtray.exe c:\program files\AVG\AVG8\IdentityProtection\agent\Bin\AVGIDSUI.exe c:\program files\Windows Sidebar\sidebar.exe c:\program files\Windows Media Player\wmpnscfg.exe c:\program files\AVG\AVG8\IdentityProtection\agent\Bin\AVGIDSMonitor.exe c:\program files\Windows Sidebar\sidebar.exe . ************************************************************************** . Voltooingstijd: 2010-08-18 20:11:53 - machine werd herstart ComboFix-quarantined-files.txt 2010-08-18 18:11 Pre-Run: 283.560.235.008 bytes beschikbaar Post-Run: 283.991.912.448 bytes beschikbaar - - End Of File - - 4DF015D2C8BE4B35B20441C64B59E8DF
  9. De items heb ik niet kunnen verwijderen, waarom weet ik zelf niet. Ik krijg geen virusmeldingen meer binnen, maar de programma ' Winhelp' kan ik nog steeds niet verwijderen, en 'Winhelp' is een virus. O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) O9 - Extra button: eBay.be - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - eBay België (file missing) O9 - Extra 'Tools' menuitem: eBay.be - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - eBay België (file missing)
  10. Ghoho, t was zoeken naar de programfiles! Die link hierboven werkte niet Eindelijk, het is me gelukt, Kape. =) Hijackthis logfile van vandaag, Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 18:45:37, on 17/08/2010 Platform: Windows Vista SP2 (WinNT 6.00.1906) MSIE: Internet Explorer v8.00 (8.00.6001.18943) Boot mode: Normal Running processes: C:\Windows\system32\taskeng.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe C:\Program Files\AVG\AVG8\avgtray.exe C:\Program Files\AVG\AVG8\IdentityProtection\agent\Bin\AVGIDSUI.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Program Files\AVG\AVG8\IdentityProtection\agent\Bin\AVGIDSMonitor.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\plugin-container.exe C:\Windows\system32\SearchFilterHost.exe C:\Program Files\Trend Micro\HijackThis\HiJackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Welcome to ALDI R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Welcome to ALDI R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Welcome to ALDI R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Hotmail, Messenger, nieuws en entertainment vind je op MSN.nl O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O4 - HKLM\..\Run: [iAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" O4 - HKLM\..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe O4 - HKLM\..\Run: [AVGIDS] "C:\Program Files\AVG\AVG8\IdentityProtection\agent\bin\AVGIDSUI.exe" O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE') O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office12\EXCEL.EXE/3000 O9 - Extra button: eBay.be - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - eBay België (file missing) O9 - Extra 'Tools' menuitem: eBay.be - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - eBay België (file missing) O9 - Extra button: In weblog opnemen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: &In weblog opnemen met Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\Office12\REFIEBAR.DLL O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll O20 - AppInit_DLLs: avgrsstx.dll O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll O23 - Service: Mobiel Apple apparaat (Apple Mobile Device) - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe O23 - Service: AVG8 Firewall (avgfws8) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgfws8.exe O23 - Service: AVGIDSAgent - AVG - C:\Program Files\AVG\AVG8\IdentityProtection\agent\Bin\AVGIDSAgent.exe O23 - Service: AVGIDSWatcher - AVG - C:\Program Files\AVG\AVG8\IdentityProtection\agent\Bin\AVGIDSWatcher.exe O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: humyo.com - humyo.com Ltd. - C:\Program Files\humyo SmartDrive\hrfscore.exe O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe O23 - Service: ServiceLayer - Nokia - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- End of file - 5994 bytes
  11. Ah oke. Tja, en nu? Ik kan geen actueel log maken. Telkens zelfde datum!
  12. Heb een klein probleempje. Hijackthis kan geen actueel log maken. Ik heb het gescand, logje komt tevoorschijn en staat zelfde uur en zelfde datum op. PS. Als ik op ' Do a system scan and save a logfile ' - knopje druk, dan krijg ik een foutmelding. Zie de bijlage alstublieft.
×
×
  • Nieuwe aanmaken...

Belangrijke informatie

We hebben cookies geplaatst op je toestel om deze website voor jou beter te kunnen maken. Je kunt de cookie instellingen aanpassen, anders gaan we er van uit dat het goed is om verder te gaan.