beebie_vanes
-
Items
21 -
Registratiedatum
-
Laatst bezocht
beebie_vanes's prestaties
-
idd
-
eum ik heb nog één van mijne oude pc ja .. k zal die er es op aansluiten...
-
hier ben ik weer :s vandaag toch weer t zelfde probleem gehad!
-
toch al een paar dagen geen probleem meer gehad! zal er ma een opgelost voor zetten nu hé! alvast ne dikke mercie hé! xxx
-
I know! ;-)
-
eum in blijde verwachting?? lol valt te zien hoe je t bekijkt hé ik hou jullie op de hoogte...
-
ok done! en nu nog ff afwachten zeker??
-
voorlopig nog niet moeten heropstarten om te kunnen typen!
-
ComboFix 10-09-08.03 - vanessa 10/09/2010 14:09:21.2.2 - x86 Microsoft® Windows Vista™ Home Basic 6.0.6002.2.1252.32.1043.18.1790.783 [GMT 2:00] Gestart vanuit: c:\users\vanessa\Desktop\ComboFix.exe gebruikte Opdracht switches :: c:\users\vanessa\Desktop\CFScript.txt..txt SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46} FILE :: "c:\windows\avastSS.scr" "c:\windows\system32\aswBoot.exe" "c:\windows\system32\drivers\aswFsBlk.sys" "c:\windows\system32\drivers\aswMonFlt.sys" "c:\windows\system32\drivers\aswRdr.sys" "c:\windows\system32\drivers\aswSP.sys" "c:\windows\system32\drivers\aswTdi.sys" "c:\windows\system32\drivers\hitmanpro3.sys" . (((((((((((((((((((((((((((((((((( Andere Verwijderingen ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\windows\avastSS.scr c:\windows\system32\aswBoot.exe c:\windows\system32\drivers\aswFsBlk.sys c:\windows\system32\drivers\aswMonFlt.sys c:\windows\system32\drivers\aswRdr.sys c:\windows\system32\drivers\aswSP.sys c:\windows\system32\drivers\aswTdi.sys . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_aswFsBlk -------\Legacy_aswMonFlt -------\Legacy_aswSP -------\Service_aswFsBlk -------\Service_aswMonFlt -------\Service_aswSP (((((((((((((((((((( Bestanden Gemaakt van 2010-08-10 to 2010-09-10 )))))))))))))))))))))))))))))) . 2010-09-10 12:25 . 2010-09-10 12:30 -------- d-----w- c:\users\vanessa\AppData\Local\temp 2010-09-10 12:25 . 2010-09-10 12:25 -------- d-----w- c:\users\Public\AppData\Local\temp 2010-09-10 12:25 . 2010-09-10 12:25 -------- d-----w- c:\users\Default\AppData\Local\temp 2010-09-08 15:30 . 2010-09-08 15:30 -------- d-----w- c:\programdata\TomTom 2010-09-08 15:30 . 2010-09-08 15:30 -------- d-----w- c:\users\vanessa\AppData\Roaming\TomTom 2010-09-08 15:30 . 2010-09-08 15:30 -------- d-----w- c:\users\vanessa\AppData\Local\TomTom 2010-09-08 15:30 . 2010-09-08 15:30 -------- d-----w- c:\program files\TomTom International B.V 2010-09-08 15:29 . 2010-09-08 15:29 -------- d-----w- c:\program files\TomTom HOME 2 2010-09-08 15:29 . 2010-09-08 15:29 -------- d-----w- c:\program files\TomTom DesktopSuite 2010-09-06 16:04 . 2010-09-06 16:04 -------- d-----w- c:\users\vanessa\AppData\Roaming\Malwarebytes 2010-09-06 16:04 . 2010-04-29 13:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-09-06 16:04 . 2010-09-06 16:04 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2010-09-06 16:04 . 2010-09-06 16:04 -------- d-----w- c:\programdata\Malwarebytes 2010-09-06 16:04 . 2010-04-29 13:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-09-05 15:18 . 2010-09-05 15:18 -------- d-----w- c:\program files\Trend Micro 2010-09-04 20:41 . 2010-09-04 20:41 -------- d-----w- c:\program files\CCleaner 2010-08-11 18:17 . 2010-06-26 06:05 916480 ----a-w- c:\windows\system32\wininet.dll 2010-08-11 18:15 . 2010-06-08 17:35 3548040 ----a-w- c:\windows\system32\ntoskrnl.exe 2010-08-11 18:14 . 2010-06-18 15:04 302080 ----a-w- c:\windows\system32\drivers\srv.sys 2010-08-11 18:14 . 2010-06-18 15:04 144896 ----a-w- c:\windows\system32\drivers\srv2.sys 2010-08-11 18:14 . 2010-06-11 16:15 1248768 ----a-w- c:\windows\system32\msxml3.dll 2010-08-11 18:14 . 2010-06-16 16:04 905088 ----a-w- c:\windows\system32\drivers\tcpip.sys . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-09-10 12:26 . 2008-08-18 15:08 3769 ----a-w- c:\windows\bthservsdp.dat 2010-09-08 16:15 . 2007-04-28 05:34 667352 ----a-w- c:\windows\system32\perfh013.dat 2010-09-08 16:15 . 2007-04-28 05:34 126854 ----a-w- c:\windows\system32\perfc013.dat 2010-09-08 15:33 . 2010-09-08 15:33 20332736 ----a-w- c:\users\vanessa\AppData\Roaming\TomTom\HOME\Profiles\o4vjyrjg.default\Updates\v2_7_6_2056_win.exe 2010-09-05 15:18 . 2010-09-05 15:18 388096 ----a-r- c:\users\vanessa\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe 2010-09-04 20:13 . 2009-01-09 13:16 -------- d-----w- c:\program files\Microsoft 2010-09-04 08:31 . 2010-04-23 18:24 -------- d-----w- c:\program files\MP3 Rocket 2010-09-04 08:30 . 2010-04-23 18:24 -------- d-----w- c:\users\vanessa\AppData\Roaming\MP3Rocket 2010-08-29 14:37 . 2008-08-13 16:00 41621 ----a-w- c:\users\vanessa\AppData\Roaming\nvModes.dat 2010-08-21 20:52 . 2010-02-07 11:23 -------- d-----w- c:\programdata\McAfee Security Scan 2010-08-12 20:27 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail 2010-08-11 21:23 . 2007-04-27 20:30 -------- d-----w- c:\program files\Microsoft Works 2010-06-26 06:02 . 2010-08-11 18:16 109056 ----a-w- c:\windows\system32\iesysprep.dll 2010-06-26 06:02 . 2010-08-11 18:16 71680 ----a-w- c:\windows\system32\iesetup.dll 2010-06-26 04:25 . 2010-08-11 18:16 133632 ----a-w- c:\windows\system32\ieUnatt.exe 2010-06-23 13:28 . 2010-06-23 13:28 501936 ----a-w- c:\programdata\Google\Google Toolbar\Update\gtbCDBC.tmp.exe 2010-06-21 13:37 . 2010-08-11 18:16 2037760 ----a-w- c:\windows\system32\win32k.sys 2010-06-19 16:55 . 2006-11-02 10:25 665600 ----a-w- c:\windows\inf\drvindex.dat 2010-06-18 17:31 . 2010-08-11 18:16 36864 ----a-w- c:\windows\system32\rtutils.dll 2010-06-14 14:55 . 2009-08-24 19:20 427376 ----a-w- c:\users\vanessa\AppData\Roaming\HiYo\Data\hiyo_install.exe 2007-04-28 05:44 . 2007-04-28 05:44 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SmpcSys"="c:\program files\Packard Bell\SetUpMyPC\SmpSys.exe" [2008-02-04 1038136] "IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" [2008-01-14 1688872] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-06-14 39408] "WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240] "TomTomHOME.exe"="c:\program files\TomTom HOME 2\TomTomHOMERunner.exe" [2010-08-24 247144] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184] "NvSvc"="c:\windows\system32\nvsvc.dll" [2007-09-19 86016] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-09-19 8497696] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-09-19 81920] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-02-09 845360] "CardReaderMonitor"="c:\program files\Realtek Semiconductor Corp.\Realtek Card Reader Monitor\CardReaderMonitor.exe" [2007-07-25 643072] "CarboniteSetupLite"="c:\program files\Packard Bell\Carbonite\CarboniteSetupLitePBPreInstaller.exe" [2008-04-07 306112] "PCMAgent"="c:\program files\CyberLink\PowerCinema\PCMAgent.exe" [2008-03-21 143360] "CLMLServer"="c:\program files\CyberLink\PowerCinema\Kernel\CLML\CLMLSvc.exe" [2008-04-11 196608] "PlayMovie"="c:\program files\CyberLink\PlayMovie\PMVService.exe" [2008-03-31 172032] "toolbar_eula_launcher"="c:\program files\Packard Bell\GOOGLE_EULA\EULALauncher.exe" [2007-02-20 28672] "Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-09-21 55824] "SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-09-28 185896] "OpwareSE4"="c:\program files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe" [2006-10-11 75304] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-11-10 136600] "fssui"="c:\program files\Windows Live\Family Safety\fsui.exe" [2009-08-05 647520] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-09-04 417792] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-09-08 305440] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832] "beid"="c:\program files\Belgium Identity Card\beid35gui.exe" [2010-02-05 2056192] "Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-04-29 1090952] c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2008-11-21 784912] McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableUIADesktopToggle"= 0 (0x0) [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager] BootExecute REG_MULTI_SZ autocheck autochk *\0bootdelete [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend] @="Service" [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc bthsvcs REG_MULTI_SZ BthServ LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs ezSharedSvc . Inhoud van de 'Gedeelde Taken' map 2010-09-10 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-02-01 17:18] 2010-09-10 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-02-01 17:18] 2010-08-28 c:\windows\Tasks\Norton Security Scan for vanessa.job - c:\program files\Norton Security Scan\Norton Security Scan\Engine\2.7.3.34\Nss.exe [2010-04-28 07:48] 2010-09-10 c:\windows\Tasks\Recovery DVD Creator-vanessa.job - c:\program files\Packard Bell\SetupMyPc\MCDCheck.exe [2007-04-27 09:13] 2010-09-10 c:\windows\Tasks\Uitgebreide garantie-vanessa.job - c:\program files\Packard Bell\SetupmyPC\PBCarNot.exe [2007-04-27 09:13] . . ------- Bijkomende Scan ------- . uStart Page = hxxp://www.google.be/ig?hl=nl uInternet Settings,ProxyOverride = *.local IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000 IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover Rootkit scan 2010-09-10 14:29 Windows 6.0.6002 Service Pack 2 NTFS scannen van verborgen processen ... scannen van verborgen autostart items ... scannen van verborgen bestanden ... Scan succesvol afgerond verborgen bestanden: 0 ************************************************************************** [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\.NET CLR Data] [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\.NET CLR Networking] [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\.NET Data Provider for Oracle] [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\.NET Data Provider for SqlServer] [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\.NETFramework] [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\ACPI] "ImagePath"="system32\drivers\acpi.sys" [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\AdobeActiveFileMonitor6.0] "ImagePath"="c:\program files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe" [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\adp94xx] "ImagePath"="\SystemRoot\system32\drivers\adp94xx.sys" [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\adpahci] "ImagePath"="\SystemRoot\system32\drivers\adpahci.sys" [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\adpu160m] "ImagePath"="\SystemRoot\system32\drivers\adpu160m.sys" [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\adpu320] "ImagePath"="\SystemRoot\system32\drivers\adpu320.sys" [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\adsi] [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\AeLookupSvc] "ServiceDll"="%SystemRoot%\System32\aelupsvc.dll" [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\AFD] "ImagePath"="\SystemRoot\system32\drivers\afd.sys" [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\agp440] "ImagePath"="\SystemRoot\system32\drivers\agp440.sys" [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\aic78xx] "ImagePath"="\SystemRoot\system32\drivers\djsvs.sys" [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\ALG] "ImagePath"="%SystemRoot%\System32\alg.exe" [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\aliide] "ImagePath"="\SystemRoot\system32\drivers\aliide.sys" [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\amdagp] "ImagePath"="\SystemRoot\system32\drivers\amdagp.sys" [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\amdide] "ImagePath"="\SystemRoot\system32\drivers\amdide.sys" [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\AmdK7] "ImagePath"="\SystemRoot\system32\drivers\amdk7.sys" [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\AmdK8] "ImagePath"="system32\DRIVERS\amdk8.sys" [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Appinfo] "ServiceDll"="%SystemRoot%\System32\appinfo.dll" [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Apple Mobile Device] "ImagePath"="\"c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe\"" [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\AppMgmt] "ServiceDll"="%SystemRoot%\System32\appmgmts.dll" [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\arc] "ImagePath"="\SystemRoot\system32\drivers\arc.sys" [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\arcsas] "ImagePath"="\SystemRoot\system32\drivers\arcsas.sys" [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\aswRdr] [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\aswTdi] [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\AsyncMac] "ImagePath"="system32\DRIVERS\asyncmac.sys" [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\atapi] "ImagePath"="system32\drivers\atapi.sys" [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\AudioEndpointBuilder] "ServiceDll"="%SystemRoot%\System32\Audiosrv.dll" [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Audiosrv] "ServiceDll"="%SystemRoot%\System32\Audiosrv.dll" [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\avast! Antivirus] "ImagePath"="\"c:\program files\Alwil Software\Avast5\AvastSvc.exe\"" [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\avast! Mail Scanner] "ImagePath"="\"c:\program files\Alwil Software\Avast5\AvastSvc.exe\"" [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\avast! Web Scanner] "ImagePath"="\"c:\program files\Alwil Software\Avast5\AvastSvc.exe\"" [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\BattC] "MofImagePath"="system32\drivers\battc.sys" [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Beep] [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\BFE] "ServiceDll"="%SystemRoot%\System32\bfe.dll" [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\BITS] "ServiceDll"="%systemroot%\system32\qmgr.dll" [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\blbdrive] "ImagePath"="\SystemRoot\system32\drivers\blbdrive.sys" [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Bonjour Service] "ImagePath"="\"c:\program files\Bonjour\mDNSResponder.exe\"" [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\bowser] "ImagePath"="system32\DRIVERS\bowser.sys" [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\BrFiltLo] "ImagePath"="\SystemRoot\system32\drivers\brfiltlo.sys" [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\BrFiltUp] "ImagePath"="\SystemRoot\system32\drivers\brfiltup.sys" [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Browser] "ServiceDll"="%SystemRoot%\System32\browser.dll" [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Brserid] "ImagePath"="\SystemRoot\system32\drivers\brserid.sys" [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\BrSerWdm] "ImagePath"="\SystemRoot\system32\drivers\brserwdm.sys" [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\BrUsbMdm] "ImagePath"="\SystemRoot\system32\drivers\brusbmdm.sys" [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\BrUsbSer] "ImagePath"="\SystemRoot\system32\drivers\brusbser.sys" [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\BthEnum] "ImagePath"="system32\DRIVERS\BthEnum.sys" [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\BTHMODEM] "ImagePath"="system32\DRIVERS\bthmodem.sys" [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\BthPan] "ImagePath"="system32\DRIVERS\bthpan.sys" [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\BTHPORT] "ImagePath"="System32\Drivers\BTHport.sys" [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\BthServ] "ServiceDll"="%SystemRoot%\System32\bthserv.dll" [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\BTHUSB] "ImagePath"="System32\Drivers\BTHUSB.sys" [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Ca533av] "ImagePath"="System32\Drivers\Ca533av.sys" [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Cam5603D] [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Cam5607] [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\catchme] "ImagePath"="\??\c:\users\vanessa\AppData\Local\Temp\catchme.sys" [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\cdfs] "ImagePath"="system32\DRIVERS\cdfs.sys" [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\cdrom] "ImagePath"="system32\DRIVERS\cdrom.sys" [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\CertPropSvc] "ServiceDll"="%SystemRoot%\System32\certprop.dll" [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\circlass] "ImagePath"="\SystemRoot\system32\drivers\circlass.sys" [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\CLFS] "ImagePath"="System32\CLFS.sys" [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\clr_optimization_v2.0.50727_32] "ImagePath"="%systemroot%\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe" [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\CmBatt] "ImagePath"="system32\DRIVERS\CmBatt.sys" [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\cmdide] "ImagePath"="\SystemRoot\system32\drivers\cmdide.sys" [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Compbatt] "ImagePath"="system32\DRIVERS\compbatt.sys" [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\COMSysApp] "ImagePath"="%SystemRoot%\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235}" [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\crcdisk] "ImagePath"="system32\drivers\crcdisk.sys" [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Crusoe] "ImagePath"="\SystemRoot\system32\drivers\crusoe.sys" [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\crypt32] [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\CryptSvc] "ServiceDll"="%SystemRoot%\system32\cryptsvc.dll" [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\DCLocator] [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\DcomLaunch] "ServiceDll"="%SystemRoot%\system32\rpcss.dll" [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\DfsC] "ImagePath"="System32\Drivers\dfsc.sys" [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\DFSR] "ImagePath"="%SystemRoot%\system32\DFSR.exe" [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Dhcp] "ServiceDll"="%SystemRoot%\system32\dhcpcsvc.dll" -- [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\disk] "ImagePath"="system32\drivers\disk.sys" [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Dnscache] "ServiceDll"="%SystemRoot%\System32\dnsrslvr.dll" [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\dot3svc] "ServiceDll"="%SystemRoot%\System32\dot3svc.dll" [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\DPS] "ServiceDll"="%SystemRoot%\system32\dps.dll" [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\drmkaud] "ImagePath"="system32\drivers\drmkaud.sys" [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\DXGKrnl] "ImagePath"="\SystemRoot\System32\drivers\dxgkrnl.sys" [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\E1G60] "ImagePath"="system32\DRIVERS\E1G60I32.sys" [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\EapHost] "ServiceDll"="%SystemRoot%\System32\eapsvc.dll" [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Ecache] "ImagePath"="System32\drivers\ecache.sys" [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\elxstor] "ImagePath"="\SystemRoot\system32\drivers\elxstor.sys" [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\EmdCache] [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\EMDMgmt] "ServiceDll"="%systemroot%\system32\emdmgmt.dll" [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\ErrDev] "ImagePath"="\SystemRoot\system32\drivers\errdev.sys" [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\ESENT] [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Eventlog] "ServiceDll"="%SystemRoot%\System32\wevtsvc.dll" [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\EventSystem] "ServiceDll"="%systemroot%\system32\es.dll" [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\exfat] [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\ezSharedSvc] "ServiceDll"="c:\windows\System32\ezsvc7.dll" [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\fastfat] [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\fdc] "ImagePath"="system32\DRIVERS\fdc.sys" [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\fdPHost] "ServiceDll"="%SystemRoot%\system32\fdPHost.dll" [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\FDResPub] "ServiceDll"="%SystemRoot%\system32\fdrespub.dll" [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\FileInfo] "ImagePath"="system32\drivers\fileinfo.sys" [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Filetrace] "ImagePath"="system32\drivers\filetrace.sys" [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\FLEXnet Licensing Service] "ImagePath"="\"c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe\"" [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\flpydisk] "ImagePath"="system32\DRIVERS\flpydisk.sys" [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\FltMgr] "ImagePath"="system32\drivers\fltmgr.sys" [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\FontCache] "ServiceDll"="%SystemRoot%\system32\FntCache.dll" [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\FontCache3.0.0.0] "ImagePath"="%systemroot%\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe" [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\fssfltr] "ImagePath"="system32\DRIVERS\fssfltr.sys" [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\fsssvc] "ImagePath"="\"c:\program files\Windows Live\Family Safety\fsssvc.exe\"" [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Fs_Rec] [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\gagp30kx] "ImagePath"="\SystemRoot\system32\drivers\gagp30kx.sys" [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\GEARAspiWDM] "ImagePath"="system32\DRIVERS\GEARAspiWDM.sys" [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\gpsvc] "ServiceDll"="%SystemRoot%\System32\gpsvc.dll" [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\gupdate] "ImagePath"="\"c:\program files\Google\Update\GoogleUpdate.exe\" /svc" [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\gusvc] "ImagePath"="\"c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe\"" [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\HdAudAddService] "ImagePath"="system32\drivers\CHDART.sys" [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\HDAudBus] "ImagePath"="system32\DRIVERS\HDAudBus.sys" [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\HidBth] "ImagePath"="system32\DRIVERS\hidbth.sys" [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\HidIr] "ImagePath"="\SystemRoot\system32\drivers\hidir.sys" [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\hidserv] "ServiceDll"="%SystemRoot%\System32\hidserv.dll" [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\HidUsb] "ImagePath"="system32\DRIVERS\hidusb.sys" [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\hitmanpro3] "ImagePath"="\??\c:\windows\system32\drivers\hitmanpro3.sys" [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\hkmsvc] "ServiceDLL"="%SystemRoot%\system32\kmsvc.dll" [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\HpCISSs] "ImagePath"="\SystemRoot\system32\drivers\hpcisss.sys" [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\HTTP] "ImagePath"="system32\drivers\HTTP.sys" [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\i2omp] "ImagePath"="\SystemRoot\system32\drivers\i2omp.sys" [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\i8042prt] "ImagePath"="system32\DRIVERS\i8042prt.sys" [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\iaStorV] "ImagePath"="\SystemRoot\system32\drivers\iastorv.sys" [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\idsvc] "ImagePath"="\"%systemroot%\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe\"" [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\iirsp] "ImagePath"="\SystemRoot\system32\drivers\iirsp.sys" [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\IKEEXT] "ServiceDll"="%SystemRoot%\System32\ikeext.dll" [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\inetaccs] [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\intelide] "ImagePath"="\SystemRoot\system32\drivers\intelide.sys" [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\intelppm] "ImagePath"="system32\DRIVERS\intelppm.sys" [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\IPBusEnum] "ServiceDll"="%SystemRoot%\system32\ipbusenum.dll" [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\IpFilterDriver] "ImagePath"="system32\DRIVERS\ipfltdrv.sys" [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\iphlpsvc] "ServiceDll"="%SystemRoot%\System32\iphlpsvc.dll" [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\IpInIp] "ImagePath"="system32\DRIVERS\ipinip.sys" [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\IPMIDRV] "ImagePath"="\SystemRoot\system32\drivers\ipmidrv.sys" [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\IPNAT] "ImagePath"="system32\DRIVERS\ipnat.sys" [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\iPod Service] "ImagePath"="\"c:\program files\iPod\bin\iPodService.exe\"" [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\IRENUM] "ImagePath"="system32\drivers\irenum.sys" [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\isapnp] "ImagePath"="\SystemRoot\system32\drivers\isapnp.sys" [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\iScsiPrt] "ImagePath"="system32\DRIVERS\msiscsi.sys" [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\iteatapi] "ImagePath"="\SystemRoot\system32\drivers\iteatapi.sys" [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\iteraid] "ImagePath"="\SystemRoot\system32\drivers\iteraid.sys" [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\kbdclass] "ImagePath"="system32\DRIVERS\kbdclass.sys" [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\kbdhid] "ImagePath"="system32\DRIVERS\kbdhid.sys" [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\KeyIso] "ImagePath"="%SystemRoot%\system32\lsass.exe" [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\KSecDD] "ImagePath"="System32\Drivers\ksecdd.sys" [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\KtmRm] "ServiceDll"="%systemroot%\system32\msdtckrm.dll" [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\LanmanServer] "ServiceDll"="%SystemRoot%\System32\srvsvc.dll" [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\LanmanWorkstation] "ServiceDll"="%SystemRoot%\System32\wkssvc.dll" [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\LBTServ] "ImagePath"="c:\program files\Common Files\LogiShrd\Bluetooth\LBTServ.exe" [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\ldap] [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\LHidFilt] "ImagePath"="system32\DRIVERS\LHidFilt.Sys" [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\LHidKe] [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\lltdio] "ImagePath"="system32\DRIVERS\lltdio.sys" [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\lltdsvc] "ServiceDll"="%SystemRoot%\System32\lltdsvc.dll" [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\lmhosts] "ServiceDll"="%SystemRoot%\System32\lmhsvc.dll" [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\LMouFilt] "ImagePath"="system32\DRIVERS\LMouFilt.Sys" [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Lsa] [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\LSI_FC] "ImagePath"="\SystemRoot\system32\drivers\lsi_fc.sys" [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\LSI_SAS] "ImagePath"="\SystemRoot\system32\drivers\lsi_sas.sys" [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\LSI_SCSI] "ImagePath"="\SystemRoot\system32\drivers\lsi_scsi.sys" [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\luafv] "ImagePath"="\SystemRoot\system32\drivers\luafv.sys" [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\McComponentHostService] "ImagePath"="\"c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe\"" [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\megasas] "ImagePath"="\SystemRoot\system32\drivers\megasas.sys" [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\MegaSR] "ImagePath"="\SystemRoot\system32\drivers\megasr.sys" [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\MMCSS] "ServiceDll"="%SystemRoot%\system32\mmcss.dll" [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Modem] "ImagePath"="system32\drivers\modem.sys" [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\monitor] "ImagePath"="system32\DRIVERS\monitor.sys" [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\mouclass] "ImagePath"="system32\DRIVERS\mouclass.sys" [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\mouhid] "ImagePath"="system32\DRIVERS\mouhid.sys" [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\MountMgr] "ImagePath"="System32\drivers\mountmgr.sys" [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\mpio] "ImagePath"="\SystemRoot\system32\drivers\mpio.sys" [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\mpsdrv] "ImagePath"="System32\drivers\mpsdrv.sys" [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\MpsSvc] "ServiceDll"="%SystemRoot%\system32\mpssvc.dll" [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Mraid35x] "ImagePath"="\SystemRoot\system32\drivers\mraid35x.sys" [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\MRxDAV] "ImagePath"="\SystemRoot\system32\drivers\mrxdav.sys" [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\mrxsmb] "ImagePath"="system32\DRIVERS\mrxsmb.sys" [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\mrxsmb10] "ImagePath"="system32\DRIVERS\mrxsmb10.sys" [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\mrxsmb20] "ImagePath"="system32\DRIVERS\mrxsmb20.sys" [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\msahci] "ImagePath"="\SystemRoot\system32\drivers\msahci.sys" [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\msdsm] "ImagePath"="\SystemRoot\system32\drivers\msdsm.sys" [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\MSDTC] "ImagePath"="%SystemRoot%\System32\msdtc.exe" [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\MSDTC Bridge 3.0.0.0] [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Msfs] [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\msisadrv] "ImagePath"="system32\drivers\msisadrv.sys" [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\MSiSCSI] "ServiceDll"="%systemroot%\system32\iscsiexe.dll" [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\msiserver] "ImagePath"="%systemroot%\system32\msiexec.exe /V" [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\MSKSSRV] "ImagePath"="system32\drivers\MSKSSRV.sys" [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\MSPCLOCK] "ImagePath"="system32\drivers\MSPCLOCK.sys" [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\MSPQM] "ImagePath"="system32\drivers\MSPQM.sys" [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\MsRPC] [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\MSSCNTRS] [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\mssmbios] "ImagePath"="system32\DRIVERS\mssmbios.sys" [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\MSTEE] "ImagePath"="system32\drivers\MSTEE.sys" [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Mup] "ImagePath"="System32\Drivers\mup.sys" [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\napagent] "ServiceDLL"="%SystemRoot%\system32\qagentRT.dll" [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\NativeWifiP] "ImagePath"="system32\DRIVERS\nwifi.sys" [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\NDIS] "ImagePath"="system32\drivers\ndis.sys" [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\NdisTapi] "ImagePath"="system32\DRIVERS\ndistapi.sys" [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Ndisuio] "ImagePath"="system32\DRIVERS\ndisuio.sys" [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\NdisWan] "ImagePath"="system32\DRIVERS\ndiswan.sys" [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\NDProxy] [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Nero BackItUp Scheduler 3] "ImagePath"="c:\program files\Nero\Nero8\Nero BackItUp\NBService.exe" [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\NetBIOS] "ImagePath"="system32\DRIVERS\netbios.sys" [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\netbt] "ImagePath"="System32\DRIVERS\netbt.sys" [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Netlogon] "ImagePath"="%SystemRoot%\system32\lsass.exe" [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Netman] "ServiceDll"="%SystemRoot%\System32\netman.dll" [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\netprofm] "ServiceDll"="%SystemRoot%\System32\netprofm.dll" [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\NetTcpPortSharing] "ImagePath"="\"%systemroot%\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe\"" [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\nfrd960] "ImagePath"="\SystemRoot\system32\drivers\nfrd960.sys" [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\NlaSvc] "ServiceDll"="%SystemRoot%\System32\nlasvc.dll" [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\NMIndexingService] "ImagePath"="\"c:\program files\Common Files\Nero\Lib\NMIndexingService.exe\"" [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Npfs] [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\nsi] "ServiceDll"="%systemroot%\system32\nsisvc.dll" [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\nsiproxy] "ImagePath"="system32\drivers\nsiproxy.sys" [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\NTDS] [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Ntfs] [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\ntrigdigi] "ImagePath"="\SystemRoot\system32\drivers\ntrigdigi.sys" [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Null] [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\NVENETFD] "ImagePath"="system32\DRIVERS\nvmfdx32.sys" [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\nvlddmkm] "ImagePath"="system32\DRIVERS\nvlddmkm.sys" [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\nvraid] "ImagePath"="\SystemRoot\system32\drivers\nvraid.sys" [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\nvsmu] "ImagePath"="system32\DRIVERS\nvsmu.sys" [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\nvstor] "ImagePath"="\SystemRoot\system32\drivers\nvstor.sys" [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\nv_agp] "ImagePath"="\SystemRoot\system32\drivers\nv_agp.sys" [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\NwlnkFlt] "ImagePath"="system32\DRIVERS\nwlnkflt.sys" [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\NwlnkFwd] "ImagePath"="system32\DRIVERS\nwlnkfwd.sys" [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\ohci1394] "ImagePath"="\SystemRoot\system32\drivers\ohci1394.sys" [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\ose] "ImagePath"="\"c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE\"" [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Outlook] [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\p2pimsvc] "ServiceDll"="%SystemRoot%\system32\p2psvc.dll" [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\p2psvc] "ServiceDll"="%SystemRoot%\system32\p2psvc.dll" [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Parport] "ImagePath"="\SystemRoot\system32\drivers\parport.sys" [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\partmgr] "ImagePath"="System32\drivers\partmgr.sys" [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Parvdm] "ImagePath"="\SystemRoot\system32\drivers\parvdm.sys" [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\PcaSvc] "ServiceDll"="%SystemRoot%\System32\pcasvc.dll" [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\pci] "ImagePath"="system32\drivers\pci.sys" [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\pciide] "ImagePath"="system32\drivers\pciide.sys" [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\pcmcia] "ImagePath"="\SystemRoot\system32\drivers\pcmcia.sys" [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\PEAUTH] "ImagePath"="system32\drivers\peauth.sys" [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\PerfDisk] [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\PerfNet] [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\PerfOS] [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\PerfProc] [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\pla] "ServiceDll"="%systemroot%\system32\pla.dll" [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\PLFlash DeviceIoControl Service] "ImagePath"="c:\windows\system32\IoctlSvc.exe" [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\PlugPlay] "ServiceDll"="%SystemRoot%\system32\umpnpmgr.dll" [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\PNRPAutoReg] "ServiceDll"="%SystemRoot%\system32\p2psvc.dll" [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\PNRPsvc] "ServiceDll"="%SystemRoot%\system32\p2psvc.dll" [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\PolicyAgent] "ServiceDll"="%SystemRoot%\System32\ipsecsvc.dll" [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\PortProxy] [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\PptpMiniport] "ImagePath"="system32\DRIVERS\raspptp.sys" [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Processor] "ImagePath"="\SystemRoot\system32\drivers\processr.sys" [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\ProfSvc] "ServiceDll"="%systemroot%\system32\profsvc.dll" [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\ProtectedStorage] "ImagePath"="%SystemRoot%\system32\lsass.exe" [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\PSched] "ImagePath"="system32\DRIVERS\pacer.sys" [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\PxHelp20] "ImagePath"="System32\Drivers\PxHelp20.sys" [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\ql2300] "ImagePath"="\SystemRoot\system32\drivers\ql2300.sys" [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\ql40xx] "ImagePath"="\SystemRoot\system32\drivers\ql40xx.sys" [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\QWAVE] "ServiceDll"="%windir%\system32\qwave.dll" [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\QWAVEdrv] "ImagePath"="\SystemRoot\system32\drivers\qwavedrv.sys" [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\RasAcd] "ImagePath"="System32\DRIVERS\rasacd.sys" [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\RasAuto] "ServiceDll"="%SystemRoot%\System32\rasauto.dll" [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Rasl2tp] "ImagePath"="system32\DRIVERS\rasl2tp.sys" [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\RasMan] "ServiceDll"="%SystemRoot%\System32\rasmans.dll" [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\RasPppoe] "ImagePath"="system32\DRIVERS\raspppoe.sys" [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\RasSstp] "ImagePath"="system32\DRIVERS\rassstp.sys" [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\rdbss] "ImagePath"="system32\DRIVERS\rdbss.sys" [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\RDPCDD] "ImagePath"="System32\DRIVERS\RDPCDD.sys" [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\RDPDD] [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\rdpdr] "ImagePath"="\SystemRoot\system32\drivers\rdpdr.sys" [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\RDPENCDD] "ImagePath"="system32\drivers\rdpencdd.sys" [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\RDPNP] [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\RDPWD] [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Realtek USB 2.0 Card Reader] [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\RemoteAccess] "ServiceDLL"="%SystemRoot%\System32\mprdim.dll" [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\RemoteRegistry] "ServiceDll"="%SystemRoot%\system32\regsvc.dll" [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\RFCOMM] "ImagePath"="system32\DRIVERS\rfcomm.sys" [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\RpcLocator] "ImagePath"="%SystemRoot%\system32\locator.exe" [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\RpcSs] "ServiceDll"="%SystemRoot%\system32\rpcss.dll" [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\rspndr] "ImagePath"="system32\DRIVERS\rspndr.sys" [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\RSUSBSTOR] "ImagePath"="System32\Drivers\RTS5121.sys" [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\RTL8187B] "ImagePath"="system32\DRIVERS\RTL8187B.sys" [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Rts516xIR] "ImagePath"="system32\DRIVERS\Rts516xIR.sys" [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\RTSTOR] "ImagePath"="system32\drivers\RTSTOR.SYS" [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\SamSs] "ImagePath"="%SystemRoot%\system32\lsass.exe" [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\sbp2port] "ImagePath"="\SystemRoot\system32\drivers\sbp2port.sys" [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\SCardSvr] "ServiceDll"="%SystemRoot%\System32\SCardSvr.dll" [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Schedule] "ServiceDll"="%systemroot%\system32\schedsvc.dll" [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\SCPolicySvc] "ServiceDll"="%SystemRoot%\System32\certprop.dll" [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\SDRSVC] "ServiceDll"="%Systemroot%\System32\SDRSVC.dll" [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\secdrv] [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\seclogon] "ServiceDll"="%windir%\system32\seclogon.dll" [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\SENS] "ServiceDll"="%SystemRoot%\system32\sens.dll" [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Serenum] "ImagePath"="\SystemRoot\system32\drivers\serenum.sys" [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Serial] "ImagePath"="\SystemRoot\system32\drivers\serial.sys" [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\sermouse] "ImagePath"="\SystemRoot\system32\drivers\sermouse.sys" [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\ServiceModelEndpoint 3.0.0.0] [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\ServiceModelOperation 3.0.0.0] [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\ServiceModelService 3.0.0.0] [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\SessionEnv] "ServiceDLL"="%SystemRoot%\system32\sessenv.dll" [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\sffdisk] "ImagePath"="\SystemRoot\system32\drivers\sffdisk.sys" [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\sffp_mmc] "ImagePath"="\SystemRoot\system32\drivers\sffp_mmc.sys" [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\sffp_sd] "ImagePath"="\SystemRoot\system32\drivers\sffp_sd.sys" [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\sfloppy] "ImagePath"="\SystemRoot\system32\drivers\sfloppy.sys" [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\SharedAccess] "ServiceDll"="%SystemRoot%\System32\ipnathlp.dll" [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\ShellHWDetection] "ServiceDll"="%SystemRoot%\System32\shsvcs.dll" [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\sisagp] "ImagePath"="\SystemRoot\system32\drivers\sisagp.sys" [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\SiSRaid2] "ImagePath"="\SystemRoot\system32\drivers\sisraid2.sys" [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\SiSRaid4] "ImagePath"="\SystemRoot\system32\drivers\sisraid4.sys" [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\slsvc] "ImagePath"="%SystemRoot%\system32\SLsvc.exe" [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\SLUINotify] "ServiceDll"="%SystemRoot%\system32\SLUINotify.dll" [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Smb] "ImagePath"="system32\DRIVERS\smb.sys" [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\SMSvcHost 3.0.0.0] [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\SNMPTRAP] "ImagePath"="%SystemRoot%\System32\snmptrap.exe" [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\spldr] [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Spooler] "ImagePath"="%SystemRoot%\System32\spoolsv.exe" [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\srv] "ImagePath"="System32\DRIVERS\srv.sys" [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\srv2] "ImagePath"="System32\DRIVERS\srv2.sys" [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\srvnet] "ImagePath"="System32\DRIVERS\srvnet.sys" [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\SSDPSRV] "ServiceDll"="%SystemRoot%\System32\ssdpsrv.dll" [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\SstpSvc] "ServiceDll"="%SystemRoot%\system32\sstpsvc.dll" [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\stisvc] "ServiceDll"="%SystemRoot%\System32\wiaservc.dll" [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\swenum] "ImagePath"="system32\DRIVERS\swenum.sys" [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\swprv] "ServiceDll"="%Systemroot%\System32\swprv.dll" [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Symc8xx] "ImagePath"="\SystemRoot\system32\drivers\symc8xx.sys" [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Sym_hi] "ImagePath"="\SystemRoot\system32\drivers\sym_hi.sys" [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Sym_u3] "ImagePath"="\SystemRoot\system32\drivers\sym_u3.sys" [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\SynTP] "ImagePath"="system32\DRIVERS\SynTP.sys" [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\SysMain] "ServiceDll"="%systemroot%\system32\sysmain.dll" [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\TabletInputService] "ServiceDll"="%SystemRoot%\System32\TabSvc.dll" [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\TapiSrv] "ServiceDll"="%SystemRoot%\System32\tapisrv.dll" [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\TBS] "ServiceDll"="%SystemRoot%\System32\tbssvc.dll" [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Tcpip] "ImagePath"="System32\drivers\tcpip.sys" [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Tcpip6] "ImagePath"="system32\DRIVERS\tcpip.sys" [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\tcpipreg] "ImagePath"="System32\drivers\tcpipreg.sys" [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\TDPIPE] "ImagePath"="system32\drivers\tdpipe.sys" [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\TDTCP] "ImagePath"="system32\drivers\tdtcp.sys" [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\tdx] "ImagePath"="system32\DRIVERS\tdx.sys" [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\TermDD] "ImagePath"="system32\DRIVERS\termdd.sys" [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\TermService] "ServiceDll"="%SystemRoot%\System32\termsrv.dll" [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Themes] "ServiceDll"="%SystemRoot%\system32\shsvcs.dll" [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\THREADORDER] "ServiceDll"="%SystemRoot%\system32\mmcss.dll" [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\TomTomHOMEService] "ImagePath"="c:\program files\TomTom HOME 2\TomTomHOMEService.exe" [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\TrkWks] "ServiceDll"="%SystemRoot%\System32\trkwks.dll" -- [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\TrustedInstaller] "ImagePath"="%SystemRoot%\servicing\TrustedInstaller.exe" [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\TSDDD] [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\tssecsrv] "ImagePath"="System32\DRIVERS\tssecsrv.sys" [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\tunmp] "ImagePath"="system32\DRIVERS\tunmp.sys" [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\tunnel] "ImagePath"="system32\DRIVERS\tunnel.sys" [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\uagp35] "ImagePath"="\SystemRoot\system32\drivers\uagp35.sys" [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\udfs] "ImagePath"="system32\DRIVERS\udfs.sys" [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\UGatherer] [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\UGTHRSVC] [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\UI0Detect] "ImagePath"="%SystemRoot%\system32\UI0Detect.exe" [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\uliagpkx] "ImagePath"="\SystemRoot\system32\drivers\uliagpkx.sys" [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\uliahci] "ImagePath"="\SystemRoot\system32\drivers\uliahci.sys" [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\UlSata] "ImagePath"="\SystemRoot\system32\drivers\ulsata.sys" [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\ulsata2] "ImagePath"="\SystemRoot\system32\drivers\ulsata2.sys" [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\umbus] "ImagePath"="system32\DRIVERS\umbus.sys" [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\upnphost] "ServiceDll"="%SystemRoot%\System32\upnphost.dll" [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\usb] [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\usbaudio] "ImagePath"="system32\drivers\usbaudio.sys" [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\USBCamera] "ImagePath"="System32\Drivers\Bulk533.sys" [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\usbccgp] "ImagePath"="system32\DRIVERS\usbccgp.sys" [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\USBCCID] "ImagePath"="system32\DRIVERS\Rts5161ccid.sys" [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\usbcir] "ImagePath"="\SystemRoot\system32\drivers\usbcir.sys" [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\usbehci] "ImagePath"="system32\DRIVERS\usbehci.sys" [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\usbhub] "ImagePath"="system32\DRIVERS\usbhub.sys" [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\usbohci] "ImagePath"="system32\DRIVERS\usbohci.sys" [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\usbprint] "ImagePath"="system32\DRIVERS\usbprint.sys" [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\usbscan] "ImagePath"="system32\DRIVERS\usbscan.sys" [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\USBSTOR] "ImagePath"="system32\DRIVERS\USBSTOR.SYS" [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\usbuhci] "ImagePath"="system32\DRIVERS\usbuhci.sys" [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\usbvideo] "ImagePath"="System32\Drivers\usbvideo.sys" [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\UxSms] "ServiceDll"="%SystemRoot%\System32\uxsms.dll" [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\vds] "ImagePath"="%SystemRoot%\System32\vds.exe" [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\vga] "ImagePath"="system32\DRIVERS\vgapnp.sys" [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\VgaSave] "ImagePath"="\SystemRoot\System32\drivers\vga.sys" [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\viaagp] "ImagePath"="\SystemRoot\system32\drivers\viaagp.sys" [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\ViaC7] "ImagePath"="\SystemRoot\system32\drivers\viac7.sys" [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\viaide] "ImagePath"="\SystemRoot\system32\drivers\viaide.sys" [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\vm331avs] "ImagePath"="System32\Drivers\vm331avs.sys" [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\volmgr] "ImagePath"="system32\drivers\volmgr.sys" [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\volmgrx] "ImagePath"="System32\drivers\volmgrx.sys" [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\volsnap] "ImagePath"="system32\drivers\volsnap.sys" [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\vsmraid] "ImagePath"="\SystemRoot\system32\drivers\vsmraid.sys" [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\VSS] "ImagePath"="%systemroot%\system32\vssvc.exe" [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\W32Time] "ServiceDll"="%systemroot%\system32\w32time.dll" [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\W3SVC] [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\WacomPen] "ImagePath"="\SystemRoot\system32\drivers\wacompen.sys" [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Wanarp] "ImagePath"="system32\DRIVERS\wanarp.sys" [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Wanarpv6] "ImagePath"="system32\DRIVERS\wanarp.sys" [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\wcncsvc] "ServiceDll"="%SystemRoot%\System32\wcncsvc.dll" [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\WcsPlugInService] "ServiceDll"="%SystemRoot%\System32\WcsPlugInService.dll" [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Wd] "ImagePath"="system32\drivers\wd.sys" [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Wdf01000] "ImagePath"="system32\drivers\Wdf01000.sys" [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\WdiServiceHost] "ServiceDll"="%SystemRoot%\system32\wdi.dll" [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\WdiSystemHost] "ServiceDll"="%SystemRoot%\system32\wdi.dll" [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\WebClient] "ServiceDll"="%SystemRoot%\System32\webclnt.dll" [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Wecsvc] "ServiceDll"="%SystemRoot%\system32\wecsvc.dll" [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\wercplsupport] "ServiceDll"="%SystemRoot%\System32\wercplsupport.dll" [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\WerSvc] "ServiceDll"="%SystemRoot%\System32\WerSvc.dll" [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\WinDefend] "ServiceDll"="%ProgramFiles%\Windows Defender\mpsvc.dll" [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Windows Workflow Foundation 3.0.0.0] [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\WinHttpAutoProxySvc] "ServiceDll"="winhttp.dll" [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Winmgmt] "ServiceDll"="%SystemRoot%\system32\wbem\WMIsvc.dll" [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\WinRM] "ServiceDll"="%SystemRoot%\system32\WsmSvc.dll" [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Winsock] [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\WinSock2] [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Wlansvc] "ServiceDll"="%SystemRoot%\System32\wlansvc.dll" [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\wlidsvc] "ImagePath"="\"c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE\"" [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\WmiAcpi] "ImagePath"="\SystemRoot\system32\drivers\wmiacpi.sys" [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\WmiApRpl] [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\wmiApSrv] "ImagePath"="%systemroot%\system32\wbem\WmiApSrv.exe" [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\WMPNetworkSvc] "ImagePath"="\"%ProgramFiles%\Windows Media Player\wmpnetwk.exe\"" [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\WPCSvc] "ServiceDll"="%SystemRoot%\System32\wpcsvc.dll" [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\WPDBusEnum] "ServiceDll"="%SystemRoot%\system32\wpdbusenum.dll" [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\WpdUsb] "ImagePath"="system32\DRIVERS\wpdusb.sys" [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\ws2ifsl] "ImagePath"="\SystemRoot\system32\drivers\ws2ifsl.sys" [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\wscsvc] "ServiceDll"="%SYSTEMROOT%\system32\wscsvc.dll" [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\WSearch] "ImagePath"="%systemroot%\system32\SearchIndexer.exe /Embedding" [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\WSearchIdxPi] [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\wuauserv] "ServiceDll"="%systemroot%\system32\wuaueng.dll" [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\WUDFRd] "ImagePath"="system32\DRIVERS\WUDFRd.sys" [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\wudfsvc] "ServiceDll"="%SystemRoot%\System32\WUDFSvc.dll" [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\xmlprov] [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\{34449EBA-23DF-4A4A-93F4-3467883D67A2}] [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\{36C7F515-3D43-4E08-B5DD-0D3277E13B79}] [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\{49DE1C67-83F8-4102-99E0-C16DCC7EEC796}] "ImagePath"="\??\c:\program files\CyberLink\PlayMovie\000.fcl" [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\{DC56D727-2AA2-4290-8079-E725172A3D7C}] [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\{EC382CD6-A562-461D-8D00-3E8BBF7EE785}] [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\{49DE1C67-83F8-4102-99E0-C16DCC7EEC796}] "ImagePath"="\??\c:\program files\CyberLink\PlayMovie\000.fcl" . --------------------- VERGRENDELDE REGISTER SLEUTELS --------------------- [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . --------------------- DLLs Geladen Onder Lopende Processen --------------------- - - - - - - - > 'Explorer.exe'(3940) c:\program files\Logitech\SetPoint\lgscroll.dll . ------------------------ Andere Aktieve Processen ------------------------ . c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe c:\program files\Bonjour\mDNSResponder.exe c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE c:\program files\Logitech\SetPoint\LBTWiz.exe c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe c:\windows\system32\conime.exe c:\windows\System32\rundll32.exe c:\windows\System32\rundll32.exe c:\program files\Realtek Semiconductor Corp\Realtek Card Reader Monitor\CardReaderMonitor.exe c:\program files\Windows Media Player\wmpnetwk.exe c:\program files\Common Files\Nero\Lib\NMIndexingService.exe c:\program files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE c:\program files\iPod\bin\iPodService.exe . ************************************************************************** . Voltooingstijd: 2010-09-10 14:38:57 - machine werd herstart ComboFix-quarantined-files.txt 2010-09-10 12:38 ComboFix2.txt 2010-09-09 20:33 Pre-Run: 48.565.387.264 bytes beschikbaar Post-Run: 48.281.550.848 bytes beschikbaar - - End Of File - - 4075865D1A5DE83461A919246612ED7B
-
ComboFix 10-09-08.03 - vanessa 09/09/2010 22:06:58.1.2 - x86 Microsoft® Windows Vista™ Home Basic 6.0.6002.2.1252.32.1043.18.1790.1059 [GMT 2:00] Gestart vanuit: c:\users\vanessa\Downloads\ComboFix.exe SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46} . (((((((((((((((((((((((((((((((((( Andere Verwijderingen ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\programdata\Microsoft\Network\Downloader\qmgr0.dat c:\programdata\Microsoft\Network\Downloader\qmgr1.dat . (((((((((((((((((((( Bestanden Gemaakt van 2010-08-09 to 2010-09-09 )))))))))))))))))))))))))))))) . 2010-09-09 20:26 . 2010-09-09 20:26 -------- d-----w- c:\users\vanessa\AppData\Local\temp 2010-09-09 20:26 . 2010-09-09 20:26 -------- d-----w- c:\users\Default\AppData\Local\temp 2010-09-08 15:33 . 2010-09-08 15:33 20332736 ----a-w- c:\users\vanessa\AppData\Roaming\TomTom\HOME\Profiles\o4vjyrjg.default\Updates\v2_7_6_2056_win.exe 2010-09-08 15:30 . 2010-09-08 15:30 -------- d-----w- c:\programdata\TomTom 2010-09-08 15:30 . 2010-09-08 15:30 -------- d-----w- c:\users\vanessa\AppData\Roaming\TomTom 2010-09-08 15:30 . 2010-09-08 15:30 -------- d-----w- c:\users\vanessa\AppData\Local\TomTom 2010-09-08 15:30 . 2010-09-08 15:30 -------- d-----w- c:\program files\TomTom International B.V 2010-09-08 15:29 . 2010-09-08 15:29 -------- d-----w- c:\program files\TomTom HOME 2 2010-09-08 15:29 . 2010-09-08 15:29 -------- d-----w- c:\program files\TomTom DesktopSuite 2010-09-06 16:04 . 2010-09-06 16:04 -------- d-----w- c:\users\vanessa\AppData\Roaming\Malwarebytes 2010-09-06 16:04 . 2010-04-29 13:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-09-06 16:04 . 2010-09-06 16:04 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2010-09-06 16:04 . 2010-09-06 16:04 -------- d-----w- c:\programdata\Malwarebytes 2010-09-06 16:04 . 2010-04-29 13:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-09-05 15:18 . 2010-09-05 15:18 388096 ----a-r- c:\users\vanessa\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe 2010-09-05 15:18 . 2010-09-05 15:18 -------- d-----w- c:\program files\Trend Micro 2010-09-04 20:41 . 2010-09-04 20:41 -------- d-----w- c:\program files\CCleaner 2010-08-11 18:17 . 2010-06-26 06:05 916480 ----a-w- c:\windows\system32\wininet.dll 2010-08-11 18:15 . 2010-06-08 17:35 3548040 ----a-w- c:\windows\system32\ntoskrnl.exe 2010-08-11 18:14 . 2010-06-18 15:04 302080 ----a-w- c:\windows\system32\drivers\srv.sys 2010-08-11 18:14 . 2010-06-18 15:04 144896 ----a-w- c:\windows\system32\drivers\srv2.sys 2010-08-11 18:14 . 2010-06-11 16:15 1248768 ----a-w- c:\windows\system32\msxml3.dll 2010-08-11 18:14 . 2010-06-16 16:04 905088 ----a-w- c:\windows\system32\drivers\tcpip.sys . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-09-09 18:43 . 2008-08-18 15:08 4833 ----a-w- c:\windows\bthservsdp.dat 2010-09-08 16:15 . 2007-04-28 05:34 667352 ----a-w- c:\windows\system32\perfh013.dat 2010-09-08 16:15 . 2007-04-28 05:34 126854 ----a-w- c:\windows\system32\perfc013.dat 2010-09-04 20:13 . 2009-01-09 13:16 -------- d-----w- c:\program files\Microsoft 2010-09-04 08:31 . 2010-04-23 18:24 -------- d-----w- c:\program files\MP3 Rocket 2010-09-04 08:30 . 2010-04-23 18:24 -------- d-----w- c:\users\vanessa\AppData\Roaming\MP3Rocket 2010-08-29 14:37 . 2008-08-13 16:00 41621 ----a-w- c:\users\vanessa\AppData\Roaming\nvModes.dat 2010-08-21 20:52 . 2010-02-07 11:23 -------- d-----w- c:\programdata\McAfee Security Scan 2010-08-12 20:27 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail 2010-08-11 21:23 . 2007-04-27 20:30 -------- d-----w- c:\program files\Microsoft Works 2010-06-28 20:57 . 2010-07-15 18:35 38848 ----a-w- c:\windows\avastSS.scr 2010-06-28 20:57 . 2008-11-16 17:35 165032 ----a-w- c:\windows\system32\aswBoot.exe 2010-06-28 20:37 . 2008-11-16 17:36 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys 2010-06-28 20:37 . 2008-11-16 17:35 165456 ----a-w- c:\windows\system32\drivers\aswSP.sys 2010-06-28 20:33 . 2008-11-16 17:36 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys 2010-06-28 20:32 . 2008-11-16 17:35 50256 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys 2010-06-28 20:32 . 2008-11-16 17:35 17744 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys 2010-06-26 06:02 . 2010-08-11 18:16 109056 ----a-w- c:\windows\system32\iesysprep.dll 2010-06-26 06:02 . 2010-08-11 18:16 71680 ----a-w- c:\windows\system32\iesetup.dll 2010-06-26 04:25 . 2010-08-11 18:16 133632 ----a-w- c:\windows\system32\ieUnatt.exe 2010-06-23 13:28 . 2010-06-23 13:28 501936 ----a-w- c:\programdata\Google\Google Toolbar\Update\gtbCDBC.tmp.exe 2010-06-21 13:37 . 2010-08-11 18:16 2037760 ----a-w- c:\windows\system32\win32k.sys 2010-06-19 16:55 . 2006-11-02 10:25 665600 ----a-w- c:\windows\inf\drvindex.dat 2010-06-18 17:31 . 2010-08-11 18:16 36864 ----a-w- c:\windows\system32\rtutils.dll 2010-06-14 14:55 . 2009-08-24 19:20 427376 ----a-w- c:\users\vanessa\AppData\Roaming\HiYo\Data\hiyo_install.exe 2007-04-28 05:44 . 2007-04-28 05:44 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SmpcSys"="c:\program files\Packard Bell\SetUpMyPC\SmpSys.exe" [2008-02-04 1038136] "IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" [2008-01-14 1688872] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-06-14 39408] "WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240] "TomTomHOME.exe"="c:\program files\TomTom HOME 2\TomTomHOMERunner.exe" [2010-08-24 247144] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184] "NvSvc"="c:\windows\system32\nvsvc.dll" [2007-09-19 86016] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-09-19 8497696] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-09-19 81920] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-02-09 845360] "CardReaderMonitor"="c:\program files\Realtek Semiconductor Corp.\Realtek Card Reader Monitor\CardReaderMonitor.exe" [2007-07-25 643072] "CarboniteSetupLite"="c:\program files\Packard Bell\Carbonite\CarboniteSetupLitePBPreInstaller.exe" [2008-04-07 306112] "PCMAgent"="c:\program files\CyberLink\PowerCinema\PCMAgent.exe" [2008-03-21 143360] "CLMLServer"="c:\program files\CyberLink\PowerCinema\Kernel\CLML\CLMLSvc.exe" [2008-04-11 196608] "PlayMovie"="c:\program files\CyberLink\PlayMovie\PMVService.exe" [2008-03-31 172032] "toolbar_eula_launcher"="c:\program files\Packard Bell\GOOGLE_EULA\EULALauncher.exe" [2007-02-20 28672] "Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-09-21 55824] "SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-09-28 185896] "OpwareSE4"="c:\program files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe" [2006-10-11 75304] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-11-10 136600] "fssui"="c:\program files\Windows Live\Family Safety\fsui.exe" [2009-08-05 647520] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-09-04 417792] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-09-08 305440] "avast5"="c:\progra~1\ALWILS~1\Avast5\avastUI.exe" [2010-06-28 2837864] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832] "beid"="c:\program files\Belgium Identity Card\beid35gui.exe" [2010-02-05 2056192] "Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-04-29 1090952] c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2008-11-21 784912] McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableUIADesktopToggle"= 0 (0x0) [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager] BootExecute REG_MULTI_SZ autocheck autochk *\0bootdelete [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend] @="Service" [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 R2 Ca533av;Icatch(IV) Video Camera Device;c:\windows\system32\Drivers\Ca533av.sys [x] R2 gupdate;Google Updateservice (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-02-01 135664] R3 hitmanpro3;Hitman Pro 3 Support Driver;c:\windows\system32\drivers\hitmanpro3.sys [x] R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-01-15 227232] R3 RSUSBSTOR;RTS5121.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RTS5121.sys [x] R3 Rts516xIR;Realtek IR Driver;c:\windows\system32\DRIVERS\Rts516xIR.sys [x] S1 aswSP;aswSP; [x] S2 {49DE1C67-83F8-4102-99E0-C16DCC7EEC796};{49DE1C67-83F8-4102-99E0-C16DCC7EEC796};c:\program files\CyberLink\PlayMovie\000.fcl [2008-03-31 41456] S2 aswFsBlk;aswFsBlk; [x] S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2010-06-28 50256] S2 ezSharedSvc;Easybits Shared Services for Windows;c:\windows\system32\svchost.exe [2008-01-21 21504] S2 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [2010-08-24 92008] S3 RTL8187B;Realtek RTL8187B Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\RTL8187B.sys [2007-10-05 288256] S3 vm331avs;Bison Webcam;c:\windows\system32\Drivers\vm331avs.sys [2007-09-07 943016] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc bthsvcs REG_MULTI_SZ BthServ LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs ezSharedSvc . Inhoud van de 'Gedeelde Taken' map 2010-09-09 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-02-01 17:18] 2010-09-09 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-02-01 17:18] 2010-08-28 c:\windows\Tasks\Norton Security Scan for vanessa.job - c:\program files\Norton Security Scan\Norton Security Scan\Engine\2.7.3.34\Nss.exe [2010-04-28 07:48] 2010-09-09 c:\windows\Tasks\Recovery DVD Creator-vanessa.job - c:\program files\Packard Bell\SetupMyPc\MCDCheck.exe [2007-04-27 09:13] 2010-09-09 c:\windows\Tasks\Uitgebreide garantie-vanessa.job - c:\program files\Packard Bell\SetupmyPC\PBCarNot.exe [2007-04-27 09:13] . . ------- Bijkomende Scan ------- . uStart Page = hxxp://www.google.be/ig?hl=nl uInternet Settings,ProxyOverride = *.local IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000 IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html . - - - - ORPHANS VERWIJDERD - - - - WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file) ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover Rootkit scan 2010-09-09 22:26 Windows 6.0.6002 Service Pack 2 NTFS scannen van verborgen processen ... scannen van verborgen autostart items ... scannen van verborgen bestanden ... Scan succesvol afgerond verborgen bestanden: 0 ************************************************************************** [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\{49DE1C67-83F8-4102-99E0-C16DCC7EEC796}] "ImagePath"="\??\c:\program files\CyberLink\PlayMovie\000.fcl" . --------------------- VERGRENDELDE REGISTER SLEUTELS --------------------- [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . Voltooingstijd: 2010-09-09 22:33:09 ComboFix-quarantined-files.txt 2010-09-09 20:33 Pre-Run: 48.722.042.880 bytes beschikbaar Post-Run: 48.669.679.616 bytes beschikbaar Current=1 Default=1 Failed=0 LastKnownGood=10 Sets=1,2,3,4,5,6,7,8,9,10 - - End Of File - - FC6D5DC0448A2EBE308F26803E367EAF
-
Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 18:56:16, on 9/09/2010 Platform: Windows Vista SP2 (WinNT 6.00.1906) MSIE: Internet Explorer v8.00 (8.00.6001.18943) Boot mode: Normal Running processes: C:\Windows\system32\Dwm.exe C:\Program Files\Logitech\SetPoint\LBTWiz.exe C:\Windows\Explorer.EXE C:\Windows\system32\taskeng.exe C:\Program Files\Windows Defender\MSASCui.exe C:\Windows\System32\rundll32.exe C:\Windows\System32\rundll32.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\Realtek Semiconductor Corp\Realtek Card Reader Monitor\CardReaderMonitor.exe C:\Program Files\CyberLink\PowerCinema\PCMAgent.exe C:\Program Files\CyberLink\PowerCinema\Kernel\CLML\CLMLSvc.exe C:\Program Files\CyberLink\PlayMovie\PMVService.exe C:\Program Files\ScanSoft\OmniPageSE4.0\OpWareSE4.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Alwil Software\Avast5\AvastUI.exe C:\Program Files\Belgium Identity Card\beid35gui.exe C:\Program Files\Packard Bell\SetUpMyPC\SmpSys.exe C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe C:\Program Files\Logitech\SetPoint\SetPoint.exe C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE C:\Windows\system32\Macromed\Flash\FlashUtil10h_ActiveX.exe C:\Program Files\Windows Mail\WinMail.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Google R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = iGoogle R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Hotmail, Messenger, nieuws en entertainment vind je op MSN.nl R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Hotmail, Messenger, nieuws en entertainment vind je op MSN.nl R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local O1 - Hosts: ::1 localhost O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Windows Live Family Safety Browser Helper - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Program Files\Windows Live\Family Safety\fssbho.dll O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.5126.1836\swg.dll O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Google\Google_BAE\BAE.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [CardReaderMonitor] C:\Program Files\Realtek Semiconductor Corp.\Realtek Card Reader Monitor\CardReaderMonitor.exe O4 - HKLM\..\Run: [CarboniteSetupLite] "C:\Program Files\Packard Bell\Carbonite\CarboniteSetupLitePBPreInstaller.exe" /preinstalled O4 - HKLM\..\Run: [PCMAgent] "C:\Program Files\CyberLink\PowerCinema\PCMAgent.exe" O4 - HKLM\..\Run: [CLMLServer] "C:\Program Files\CyberLink\PowerCinema\Kernel\CLML\CLMLSvc.exe" O4 - HKLM\..\Run: [PlayMovie] "C:\Program Files\CyberLink\PlayMovie\PMVService.exe" O4 - HKLM\..\Run: [toolbar_eula_launcher] C:\Program Files\Packard Bell\GOOGLE_EULA\EULALauncher.exe O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE O4 - HKLM\..\Run: [sSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot O4 - HKLM\..\Run: [OpwareSE4] "C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe" O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [fssui] "C:\Program Files\Windows Live\Family Safety\fsui.exe" -autorun O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [avast5] C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe /nogui O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [beid] "C:\Program Files\Belgium Identity Card\beid35gui.exe" /startup O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript O4 - HKCU\..\Run: [smpcSys] C:\Program Files\Packard Bell\SetUpMyPC\SmpSys.exe O4 - HKCU\..\Run: [indxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020 O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - HKCU\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe" O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE') O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe O4 - Global Startup: McAfee Security Scan Plus.lnk = ? O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html O9 - Extra button: In weblog opnemen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: &In weblog opnemen met Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w3/resources/VistaMSNPUpldnl-be.cab O16 - DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} (Image Uploader Control) - http://express.foto.com/ImageUploader5.cab O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/NL-BE/a-UNO1/GAME_UNO1.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1272735718199 O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} (Windows Live Hotmail Photo Upload Tool) - http://gfx1.hotmail.com/mail/w4/pr01/photouploadcontrol/VistaMSNPUpldnl-be.cab O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll O23 - Service: Adobe Active File Monitor V6 (AdobeActiveFileMonitor6.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe O23 - Service: Mobiel Apple apparaat (Apple Mobile Device) - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe O23 - Service: avast! Mail Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe O23 - Service: avast! Web Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: Google Updateservice (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\LogiShrd\Bluetooth\LBTServ.exe O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - McAfee, Inc. - C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\Windows\system32\IoctlSvc.exe O23 - Service: TomTomHOMEService - TomTom - C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe -- End of file - 11653 bytes
-
jammergenoeg had ik het daarjuist terug voor :s
-
hehe geloof u! maar als k nog es in de problemen zit dan zal k wel weer iets anders te zien krijgen!
-
ok heb dit gedaan! amaai heb veel dingen gezien da'k nog nooit gezien heb op diene pc zenne! zal nog paar dagen wachten en als ik het dan idd niet meer voor heb zal ik opgelost zetten! alvast ne dikke mercie zenne
-
ok heb die ook nog verwijderd.. de laatste twee dagen nog niet moeten heropstarten om te kunnen typen! dus hopelijk blijft het zo ....
