Trojaans paard

CK-CA · 17 augustus 2010

Ghoho, t was zoeken naar de programfiles! Die link hierboven werkte niet Eindelijk, het is me gelukt, Kape. =)

Hijackthis logfile van vandaag,

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 18:45:37, on 17/08/2010

Platform: Windows Vista SP2 (WinNT 6.00.1906)

MSIE: Internet Explorer v8.00 (8.00.6001.18943)

Boot mode: Normal

Running processes:

C:\Windows\system32\taskeng.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe

C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe

C:\Program Files\AVG\AVG8\avgtray.exe

C:\Program Files\AVG\AVG8\IdentityProtection\agent\Bin\AVGIDSUI.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Program Files\Windows Media Player\wmpnscfg.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Program Files\AVG\AVG8\IdentityProtection\agent\Bin\AVGIDSMonitor.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\Mozilla Firefox\plugin-container.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Program Files\Trend Micro\HijackThis\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Welcome to ALDI

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Bing

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Welcome to ALDI

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Welcome to ALDI

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Hotmail, Messenger, nieuws en entertainment vind je op MSN.nl

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O4 - HKLM\..\Run: [iAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"

O4 - HKLM\..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe

O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe

O4 - HKLM\..\Run: [AVGIDS] "C:\Program Files\AVG\AVG8\IdentityProtection\agent\bin\AVGIDSUI.exe"

O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript

O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe

O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')

O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office12\EXCEL.EXE/3000

O9 - Extra button: eBay.be - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - eBay België (file missing)

O9 - Extra 'Tools' menuitem: eBay.be - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - eBay België (file missing)

O9 - Extra button: In weblog opnemen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: &In weblog opnemen met Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\Office12\REFIEBAR.DLL

O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll

O20 - AppInit_DLLs: avgrsstx.dll

O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll

O23 - Service: Mobiel Apple apparaat (Apple Mobile Device) - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe

O23 - Service: AVG8 Firewall (avgfws8) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgfws8.exe

O23 - Service: AVGIDSAgent - AVG - C:\Program Files\AVG\AVG8\IdentityProtection\agent\Bin\AVGIDSAgent.exe

O23 - Service: AVGIDSWatcher - AVG - C:\Program Files\AVG\AVG8\IdentityProtection\agent\Bin\AVGIDSWatcher.exe

O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: humyo.com - humyo.com Ltd. - C:\Program Files\humyo SmartDrive\hrfscore.exe

O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe

O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe

O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe

O23 - Service: ServiceLayer - Nokia - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

--

End of file - 5994 bytes

kape · 17 augustus 2010

Nog even dit :

Start Hijackthis op. Selecteer “Scan”. Selecteer alleen de items die hieronder zijn genoemd:

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

O9 - Extra button: eBay.be - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - eBay België (file missing)

O9 - Extra 'Tools' menuitem: eBay.be - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - eBay België (file missing)

Klik op 'Fix checked' om de items te verwijderen.

En bekijk dan eens wat het "Resident Shield" nog te vertellen heeft ?

CK-CA · 17 augustus 2010

De items heb ik niet kunnen verwijderen, waarom weet ik zelf niet.

Ik krijg geen virusmeldingen meer binnen, maar de programma ' Winhelp' kan ik nog steeds niet verwijderen, en 'Winhelp' is een virus.

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

O9 - Extra button: eBay.be - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - eBay België (file missing)

O9 - Extra 'Tools' menuitem: eBay.be - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - eBay België (file missing)

kape · 17 augustus 2010

Gaan we wat verder kijken :

Download ComboFix van één van deze locaties:

Link 1

Link 2

* BELANGRIJK !!! Sla ComboFix.exe op je Bureaublad op

Lees hier meer over correct gebruik van Combofix.

Schakel alle antivirus- en antispywareprogramma's uit, want anders kunnen ze misschien conflicteren met ComboFix. Hier is een handleiding over hoe je ze kan uitschakelen: Klik hier Als het je niet lukt om ze uit te schakelen, ga dan gewoon door naar de volgende stap.
Dubbelklik op ComboFix.exe en volg de meldingen op het scherm.
ComboFix zal controleren of dat de Microsoft Windows Recovery Console reeds is geïnstalleerd. Als deze Recovery Console al is geïnstalleerd zal ComboFix automatisch verder gaan met het scannen naar malware
Volg anders de meldingen op het scherm om ComboFix de Microsoft Windows Recovery Console te laten downloaden en installeren. Wanneer de Recovery Console succesvol is geïnstalleerd, klik je op “JA” om verder te gaan met het scannen naar malware.

NOTA: Wanneer ComboFix start, kan het zijn dat je een foutmelding krijgt dat “De inhoud van het ComboFix pakket werd gewijzigd”. Ga dan niet verder met de instructies, maar download ComboFix opnieuw. Deze melding kan verschijnen wanneer een file-infector (Virut) actief is op de computer. Blijf je die melding krijgen dan meld je dit.

Wanneer ComboFix klaar is, zal het het een logbestand voor je maken. Post de inhoud van dit logbestand (te vinden als C:\ComboFix.txt) in je volgende bericht.

CK-CA · 18 augustus 2010

Oke, heb het gedaan.

Hier is het logje. ( Als ik het logje in een bijlage kon steken, dan waren hier de topics een stuk overzichtelijker)

ComboFix 10-08-17.04 - Cem Kilic 18/08/2010 19:54:36.1.2 - x86

Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.32.1043.18.3325.1940 [GMT 2:00]

Gestart vanuit: c:\users\Cem Kilic\Desktop\ComboFix.exe

.

(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\program files\RelevantKnowledge

c:\program files\RelevantKnowledge\MSVCP71.DLL

c:\program files\RelevantKnowledge\MSVCR71.DLL

c:\program files\RelevantKnowledge\rlls.dll

c:\program files\RelevantKnowledge\rlls64.dll

c:\program files\RelevantKnowledge\rloci.bin

c:\program files\RelevantKnowledge\rlservice.exe

c:\program files\RelevantKnowledge\rlvknlg.exe

c:\program files\RelevantKnowledge\rlvknlg64.exe

c:\users\Cem Kilic\AppData\Local\Windows Server

c:\users\Cem Kilic\AppData\Local\Windows Server\flags.ini

c:\users\Cem Kilic\AppData\Local\Windows Server\server.dat

c:\users\Cem Kilic\AppData\Local\Windows Server\uses32.dat

c:\users\Cem Kilic\AppData\Roaming\Microsoft\Windows\Templates\memory.tmp

c:\users\marazali\AppData\Roaming\020000001eb25202724C.manifest

c:\users\marazali\AppData\Roaming\020000001eb25202724O.manifest

c:\users\marazali\AppData\Roaming\020000001eb25202724P.manifest

c:\users\marazali\AppData\Roaming\020000001eb25202724S.manifest

c:\windows\system32\drivers\npf.sys

c:\windows\system32\Packet.dll

c:\windows\system32\pthreadVC.dll

c:\windows\system32\system

c:\windows\system32\wpcap.dll

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

-------\Legacy_NPF

-------\Service_NPF

-------\Service_RelevantKnowledge

(((((((((((((((((((( Bestanden Gemaakt van 2010-07-18 to 2010-08-18 ))))))))))))))))))))))))))))))

.

2010-08-18 17:48 . 2010-08-18 17:49 -------- d-----w- C:\32788R22FWJFW

2010-08-18 15:26 . 2010-08-18 15:26 -------- d-----w- c:\program files\QuickTime

2010-08-18 15:25 . 2010-08-18 15:25 -------- d-----w- c:\users\Cem Kilic\AppData\Local\Apple

2010-08-18 13:54 . 2010-08-18 13:54 310208 ----a-w- c:\users\Cem Kilic\AppData\Roaming\Azureus\plugins\mlab\ShaperProbeC.exe

2010-08-18 13:54 . 2010-08-18 16:41 -------- d-----w- c:\users\Cem Kilic\AppData\Roaming\Azureus

2010-08-18 13:52 . 2010-08-18 13:53 -------- d-----w- c:\program files\Vuze

2010-08-18 10:53 . 2010-08-18 10:53 -------- d-----w- c:\program files\SubSync

2010-08-18 10:53 . 2010-08-18 10:53 249856 ------w- c:\windows\Setup1.exe

2010-08-18 10:53 . 2010-08-18 10:53 73216 ----a-w- c:\windows\ST6UNST.EXE

2010-08-18 10:02 . 2010-08-18 10:02 -------- d-----w- c:\program files\MPEG Player

2010-08-17 16:04 . 2010-08-17 16:04 -------- d-----w- c:\program files\DFX

2010-08-17 10:44 . 2010-08-17 10:44 -------- d-----w- c:\users\Cem Kilic\AppData\Roaming\Malwarebytes

2010-08-17 10:44 . 2010-04-29 13:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2010-08-17 10:44 . 2010-08-17 10:44 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2010-08-17 10:44 . 2010-04-29 13:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys

2010-08-17 10:04 . 2010-08-17 10:04 388096 ----a-r- c:\users\Cem Kilic\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe

2010-08-16 14:26 . 2010-08-16 14:26 -------- d-----w- c:\program files\VS Revo Group

2010-08-16 09:33 . 2010-08-16 09:33 -------- d-----w- c:\program files\CCleaner

2010-08-15 19:23 . 2010-08-17 10:01 -------- d-----w- c:\users\Cem Kilic\AppData\Local\Windows

2010-08-15 17:26 . 2010-08-15 17:26 -------- d-----w- c:\users\Cem Kilic\.thinupload

2010-08-15 16:08 . 2010-08-15 16:08 105432 ----a-w- c:\users\Cem Kilic\AppData\Local\GDIPFONTCACHEV1.DAT

2010-08-15 14:42 . 2010-08-15 14:42 -------- d-----w- c:\program files\RapidShareManager

2010-08-15 14:37 . 2010-06-11 16:15 1248768 ----a-w- c:\windows\system32\msxml3.dll

2010-08-15 14:37 . 2010-06-18 15:04 302080 ----a-w- c:\windows\system32\drivers\srv.sys

2010-08-15 14:37 . 2010-06-18 15:04 144896 ----a-w- c:\windows\system32\drivers\srv2.sys

2010-08-15 14:37 . 2010-06-16 16:04 905088 ----a-w- c:\windows\system32\drivers\tcpip.sys

2010-08-15 13:12 . 2010-08-15 13:12 -------- d-----w- c:\users\Cem Kilic\AppData\Roaming\DivX

2010-08-15 13:11 . 2010-08-15 13:12 -------- d-----w- c:\users\Cem Kilic\AppData\Local\Adobe

2010-08-15 13:11 . 2010-08-15 13:11 29184 ----a-r- c:\users\Cem Kilic\AppData\Roaming\Microsoft\Installer\{21AE04E8-EBF6-40DB-9AA9-B7A80C5D057D}\Icon21AE04E8.exe

2010-08-15 11:47 . 2010-08-18 17:23 -------- d-----w- c:\users\Cem Kilic\Tracing

2010-08-15 10:27 . 2010-08-15 10:27 -------- d-----w- c:\users\Cem Kilic\AppData\Local\DFX

2010-08-15 10:25 . 2010-08-15 18:18 -------- d-----w- c:\users\Cem Kilic\AppData\Roaming\Apple Computer

2010-08-15 10:25 . 2010-08-15 10:25 -------- d-----w- c:\users\Cem Kilic\AppData\Local\Apple Computer

2010-08-15 10:24 . 2010-08-15 10:24 -------- d-----w- c:\users\Cem Kilic\AppData\Local\Mozilla

2010-08-14 22:40 . 2010-08-15 17:11 -------- d-----w- C:\found.003

2010-08-11 10:26 . 2010-08-11 10:26 -------- d-----w- c:\programdata\CenerTCPMessenger

2010-08-04 17:13 . 2010-08-04 17:13 -------- d-----w- c:\program files\mkv2vob

2010-07-28 21:58 . 2010-07-28 21:59 -------- d-----w- c:\programdata\ScreenVCR

2010-07-28 21:58 . 2010-07-28 21:58 -------- d-----w- c:\program files\TotalScreenRecorder_Gold

2010-07-26 19:08 . 2010-07-26 19:08 -------- d-----w- c:\program files\iPod

2010-07-26 19:06 . 2010-07-26 19:06 73000 ----a-w- c:\programdata\Apple Computer\Installer Cache\iTunes 9.2.1.5\SetupAdmin.exe

2010-07-26 13:17 . 2010-07-26 13:17 -------- d-----w- c:\programdata\Uniblue

2010-07-25 20:53 . 2010-07-26 15:39 -------- d-----w- c:\program files\Uniblue

2010-07-25 15:51 . 2010-07-25 15:51 -------- d-----w- c:\users\marazali\AppData\Roaming\Malwarebytes

2010-07-20 12:15 . 2010-07-26 14:25 -------- d-----w- c:\program files\iPod(2702)

.

((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-08-18 18:08 . 2010-04-24 10:41 71445 ----a-w- c:\programdata\nvModes.dat

2010-08-18 18:08 . 2009-05-29 00:08 682270 ----a-w- c:\windows\system32\perfh013.dat

2010-08-18 18:08 . 2009-05-29 00:08 131534 ----a-w- c:\windows\system32\perfc013.dat

2010-08-18 17:46 . 2009-11-10 18:00 0 ----a-w- c:\users\marazali\AppData\Local\prvlcl.dat

2010-08-18 10:44 . 2009-09-06 12:02 -------- d-----w- c:\program files\URUSoft

2010-08-17 10:44 . 2010-01-16 15:16 -------- d-----w- c:\program files\MALWAREBYTES ANTI-MALWARE

2010-08-15 14:43 . 2009-08-31 11:16 -------- d-----w- c:\programdata\Microsoft Help

2010-08-15 14:40 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail

2010-08-06 22:02 . 2010-03-31 16:59 -------- d-----w- c:\programdata\DFX

2010-08-04 17:12 . 2009-05-29 10:22 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard

2010-08-04 08:58 . 2009-08-26 15:51 105432 ----a-w- c:\users\marazali\AppData\Local\GDIPFONTCACHEV1.DAT

2010-08-03 15:52 . 2010-03-21 09:05 -------- d-----w- c:\programdata\DivX

2010-07-31 07:28 . 2010-06-14 14:54 -------- d-----w- c:\programdata\boost_interprocess

2010-07-29 15:49 . 2010-06-06 10:53 57344 ----a-w- c:\programdata\DivX\RunAsUser\RUNASUSERPROCESS.dll

2010-07-26 20:06 . 2010-02-12 13:38 -------- d-----w- c:\program files\LimeWire

2010-07-26 19:14 . 2009-09-12 18:01 -------- d-----w- c:\users\marazali\AppData\Roaming\LimeWire

2010-07-26 19:08 . 2010-03-31 15:31 -------- d-----w- c:\program files\iTunes

2010-07-26 19:08 . 2009-08-28 20:14 -------- d-----w- c:\program files\Common Files\Apple

2010-07-26 15:47 . 2010-01-26 18:29 -------- d-----w- c:\users\marazali\AppData\Roaming\BitTorrent

2010-07-26 14:25 . 2010-06-18 14:10 -------- d-----w- c:\program files\Bonjour

2010-07-26 14:08 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Photo Gallery

2010-07-26 14:08 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Journal

2010-07-26 14:08 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Defender

2010-07-26 14:08 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Collaboration

2010-07-26 14:08 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Calendar

2010-07-26 14:07 . 2006-11-02 12:37 -------- d-----w- c:\program files\Microsoft Games

2010-07-26 11:57 . 2010-07-09 20:23 -------- d-----w- c:\programdata\Mozilla Firefox

2010-07-18 19:18 . 2010-07-11 09:23 -------- d-----w- c:\programdata\WindSolutions

2010-07-18 19:17 . 2010-07-18 19:17 -------- d-----w- c:\program files\TVersity Codec Pack

2010-07-11 08:40 . 2010-04-06 07:42 -------- d-----w- c:\program files\LeKuSoft

2010-06-26 06:05 . 2010-08-15 14:38 916480 ----a-w- c:\windows\system32\wininet.dll

2010-06-26 06:02 . 2010-08-15 14:38 71680 ----a-w- c:\windows\system32\iesetup.dll

2010-06-26 06:02 . 2010-08-15 14:38 109056 ----a-w- c:\windows\system32\iesysprep.dll

2010-06-26 04:25 . 2010-08-15 14:38 133632 ----a-w- c:\windows\system32\ieUnatt.exe

2010-06-21 13:37 . 2010-08-15 14:38 2037760 ----a-w- c:\windows\system32\win32k.sys

2010-06-18 17:31 . 2010-08-15 14:38 36864 ----a-w- c:\windows\system32\rtutils.dll

2010-06-11 16:16 . 2010-08-15 14:38 274944 ----a-w- c:\windows\system32\schannel.dll

2010-06-08 17:35 . 2010-08-15 14:38 3548040 ----a-w- c:\windows\system32\ntoskrnl.exe

2010-06-08 17:35 . 2010-08-15 14:38 3600768 ----a-w- c:\windows\system32\ntkrnlpa.exe

2010-06-07 11:56 . 2010-06-14 14:54 192496 ----a-w- c:\windows\system32\hrfsnp.dll

2010-06-07 11:56 . 2010-06-14 14:54 144368 ----a-w- c:\windows\system32\drivers\hrfsmrx.sys

2010-05-31 06:19 . 2010-02-21 15:54 680 ----a-w- c:\users\marazali\AppData\Local\d3d9caps.dat

2010-05-27 20:08 . 2010-08-15 14:38 81920 ----a-w- c:\windows\system32\iccvid.dll

2010-05-26 17:06 . 2010-06-09 13:34 34304 ----a-w- c:\windows\system32\atmlib.dll

2010-05-26 14:47 . 2010-06-09 13:34 289792 ----a-w- c:\windows\system32\atmfd.dll

2010-05-22 17:53 . 2010-04-17 08:47 15944 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys

2010-05-21 12:14 . 2009-10-03 08:13 221568 ------w- c:\windows\system32\MpSigStub.exe

2009-03-11 14:14 . 2009-03-11 14:09 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT

.

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))

.

*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\HumyoConflict]

@="{7479C9AF-DA81-4944-92E5-23E49390BB2B}"

[HKEY_CLASSES_ROOT\CLSID\{7479C9AF-DA81-4944-92E5-23E49390BB2B}]

2010-06-07 11:56 757744 ----a-w- c:\program files\humyo SmartDrive\HrfsShellExtension.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\HumyoSynced]

@="{7479C9AF-DA81-4944-92E5-23E49390BB2A}"

[HKEY_CLASSES_ROOT\CLSID\{7479C9AF-DA81-4944-92E5-23E49390BB2A}]

2010-06-07 11:56 757744 ----a-w- c:\program files\humyo SmartDrive\HrfsShellExtension.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\HumyoSyncing]

@="{7479C9AF-DA81-4944-92E5-23E49390BB29}"

[HKEY_CLASSES_ROOT\CLSID\{7479C9AF-DA81-4944-92E5-23E49390BB29}]

2010-06-07 11:56 757744 ----a-w- c:\program files\humyo SmartDrive\HrfsShellExtension.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\HumyoUnavailable]

@="{06F5F772-99DF-4191-9AED-3037B0DF154B}"

[HKEY_CLASSES_ROOT\CLSID\{06F5F772-99DF-4191-9AED-3037B0DF154B}]

2010-06-07 11:56 757744 ----a-w- c:\program files\humyo SmartDrive\HrfsShellExtension.dll

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

ST6UNST Uninstaller.LNK - c:\windows\ST6UNST.EXE [2010-8-18 73216]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]

"AppInit_DLLs"=c:\windows\System32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"aux1"=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]

@="Service"

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^humyo SmartDrive.lnk]

backup=c:\windows\pss\humyo SmartDrive.lnk.CommonStartup

backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^Users^Cem & Olcay^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^LimeWire On Startup.lnk]

backup=c:\windows\pss\LimeWire On Startup.lnk.Startup

backupExtension=.Startup

[HKLM\~\startupfolder\C:^Users^Cem Kilic^AppData^Local^Windows^winhelp.exe]

path=c:\users\Cem Kilic\AppData\Local\Windows\winhelp.exe

backup=c:\windows\pss\winhelp.exe.Startup

backupExtension=.Startup

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CLMLServer

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DownloadAccelerator

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IncrediMail

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Magentic

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NokiaMServer]

c:\program files\Common Files\Nokia\MPlatform\NokiaMServer [X]

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NokiaMusic FastStart

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NokiaOviSuite2

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\uTorrent

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VeohPlugin

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Voipwise

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]

2010-06-09 08:06 976832 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]

2010-06-20 02:04 35760 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]

2010-06-03 00:50 1144104 ----a-w- c:\program files\DivX\DivX Update\DivXUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]

2010-07-21 13:53 141608 ----a-w- c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]

2010-04-16 20:12 3872080 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

2010-08-10 03:15 421888 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Uniblue RegistryBooster 2]

2007-08-16 07:02 99608 ----a-w- c:\program files\Uniblue\RegistryBooster 2\StartRegistryBooster.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Uniblue SpeedUpMyPC]

2007-08-16 07:02 202008 ----a-w- c:\program files\Uniblue\SpeedUpMyPC 3\StartSUMP2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Uniblue SpyEraser]

2007-08-16 07:03 1269000 ----a-w- c:\program files\Uniblue\SpyEraser\SpyEraser.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]

2008-01-21 02:23 1008184 ----a-w- c:\program files\Windows Defender\MSASCui.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]

"VistaSp2"=hex(:c2,a9,e1,08,66,31,ca,01

R3 hrfsmrx;hrfsmrx;c:\windows\System32\Drivers\hrfsmrx.sys [2010-06-07 144368]

R3 humyo.com;humyo.com;c:\program files\humyo SmartDrive\hrfscore.exe [2010-06-07 3174384]

R3 netr28u;RT2870 USB Wireless LAN Card Driver for Vista;c:\windows\system32\DRIVERS\netr28u.sys [2007-09-21 554496]

R4 sptd;sptd;c:\windows\system32\Drivers\sptd.sys [2010-01-02 691696]

S0 AVGIDSErHr;AVGIDSErHr;c:\windows\System32\Drivers\AVGIDSErHr.sys [2009-07-22 25608]

S0 AvgRkx86;avgrkx86.sys;c:\windows\System32\Drivers\avgrkx86.sys [2009-10-01 12552]

S1 Avgfwfd;AVG network filter service;c:\windows\system32\DRIVERS\avgfwd6x.sys [2009-10-01 23832]

S1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\System32\Drivers\avgldx86.sys [2009-10-01 335240]

S1 AvgTdiX;AVG8 Network Redirector;c:\windows\System32\Drivers\avgtdix.sys [2009-10-01 108552]

S2 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2009-10-01 297752]

S2 avgfws8;AVG8 Firewall;c:\progra~1\AVG\AVG8\avgfws8.exe [2009-10-01 1370488]

S2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG8\IdentityProtection\agent\Bin\AVGIDSAgent.exe AVGIDSAgent [x]

S2 AVGIDSWatcher;AVGIDSWatcher;c:\program files\AVG\AVG8\IdentityProtection\agent\Bin\AVGIDSWatcher.exe [2009-07-22 571912]

S3 AVGIDSDriver;AVGIDSDriver;c:\program files\AVG\AVG8\IdentityProtection\agent\driver\platform_VISTA\AVGIDSDriver.sys [2009-07-22 121352]

S3 AVGIDSFilter;AVGIDSFilter;c:\program files\AVG\AVG8\IdentityProtection\agent\driver\platform_VISTA\AVGIDSFilter.sys [2009-07-22 30216]

S3 AVGIDSShim;AVGIDSShim;c:\program files\AVG\AVG8\IdentityProtection\agent\driver\platform_VISTA\AVGIDSShim.sys [2009-07-22 29136]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache

.

Inhoud van de 'Gedeelde Taken' map

2010-07-26 c:\windows\Tasks\Uniblue SpyEraser.job

- c:\program files\Uniblue\SpyEraser\SpyEraser.exe [2010-07-26 07:03]

2010-08-18 c:\windows\Tasks\User_Feed_Synchronization-{39A30C60-5B4A-41BA-83DD-BE2EBF01574C}.job

- c:\windows\system32\msfeedssync.exe [2010-08-15 04:24]

2010-08-17 c:\windows\Tasks\User_Feed_Synchronization-{5EF769B8-4F9D-40B5-8A04-24005E323BB2}.job

- c:\windows\system32\msfeedssync.exe [2010-08-15 04:24]

.

------- Bijkomende Scan -------

.

IE: E&xporteren naar Microsoft Excel - c:\progra~1\MI1933~1\Office12\EXCEL.EXE/3000

IE: {{0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - eBay België

FF - ProfilePath - c:\users\Cem Kilic\AppData\Roaming\Mozilla\Firefox\Profiles\2ovacmyy.default\

FF - prefs.js: browser.startup.homepage - Google

FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll

FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll

FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll

FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll

FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----

c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type", 5);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true);

c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);

c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");

c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);

c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);

.

- - - - ORPHANS VERWIJDERD - - - -

MSConfigStartUp-AdobeCS4ServiceManager - c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe

AddRemove-{d08d9f98-1c78-4704-87e6-368b0023d831} - c:\program files\RelevantKnowledge\rlvknlg.exe

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover

Rootkit scan 2010-08-18 20:08

Windows 6.0.6002 Service Pack 2 NTFS

scannen van verborgen processen ...

scannen van verborgen autostart items ...

scannen van verborgen bestanden ...

c:\windows\system32\sys_drv.dat 7028 bytes

c:\windows\system32\sys_drv_2.dat 6024 bytes

c:\windows\system32\WinFLdrv.sys 10752 bytes executable

Scan succesvol afgerond

verborgen bestanden: 3

**************************************************************************

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\.NET CLR Data]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\.NET CLR Networking]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\.NET Data Provider for Oracle]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\.NET Data Provider for SqlServer]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\.NETFramework]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\ACPI]

"ImagePath"="system32\drivers\acpi.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\adfs]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\adp94xx]

"ImagePath"="\SystemRoot\system32\drivers\adp94xx.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\adpahci]

"ImagePath"="\SystemRoot\system32\drivers\adpahci.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\adpu160m]

"ImagePath"="\SystemRoot\system32\drivers\adpu160m.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\adpu320]

"ImagePath"="\SystemRoot\system32\drivers\adpu320.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\adsi]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\AeLookupSvc]

"ServiceDll"="%SystemRoot%\System32\aelupsvc.dll"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\AFD]

"ImagePath"="\SystemRoot\system32\drivers\afd.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\agp440]

"ImagePath"="\SystemRoot\system32\drivers\agp440.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\aic78xx]

"ImagePath"="\SystemRoot\system32\drivers\djsvs.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\ALG]

"ImagePath"="%SystemRoot%\System32\alg.exe"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\aliide]

"ImagePath"="\SystemRoot\system32\drivers\aliide.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\amdagp]

"ImagePath"="\SystemRoot\system32\drivers\amdagp.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\amdide]

"ImagePath"="\SystemRoot\system32\drivers\amdide.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\AmdK7]

"ImagePath"="\SystemRoot\system32\drivers\amdk7.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\AmdK8]

"ImagePath"="\SystemRoot\system32\drivers\amdk8.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Appinfo]

"ServiceDll"="%SystemRoot%\System32\appinfo.dll"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Apple Mobile Device]

"ImagePath"="\"c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe\""

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\AppMgmt]

"ServiceDll"="%SystemRoot%\System32\appmgmts.dll"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\arc]

"ImagePath"="\SystemRoot\system32\drivers\arc.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\arcsas]

"ImagePath"="\SystemRoot\system32\drivers\arcsas.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\AsyncMac]

"ImagePath"="system32\DRIVERS\asyncmac.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\atapi]

"ImagePath"="\SystemRoot\system32\drivers\atapi.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\AudioEndpointBuilder]

"ServiceDll"="%SystemRoot%\System32\Audiosrv.dll"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Audiosrv]

"ServiceDll"="%SystemRoot%\System32\Audiosrv.dll"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\AVG]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\avg8wd]

"ImagePath"="c:\progra~1\AVG\AVG8\avgwdsvc.exe"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Avgfwfd]

"ImagePath"="system32\DRIVERS\avgfwd6x.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\avgfws8]

"ImagePath"="c:\progra~1\AVG\AVG8\avgfws8.exe"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\AVGIDSAgent]

"ImagePath"="\"c:\program files\AVG\AVG8\IdentityProtection\agent\Bin\AVGIDSAgent.exe\" AVGIDSAgent"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\AVGIDSDriver]

"ImagePath"="\??\c:\program files\AVG\AVG8\IdentityProtection\agent\driver\platform_VISTA\AVGIDSDriver.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\AVGIDSErHr]

"ImagePath"="System32\Drivers\AVGIDSErHr.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\AVGIDSFilter]

"ImagePath"="\??\c:\program files\AVG\AVG8\IdentityProtection\agent\driver\platform_VISTA\AVGIDSFilter.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\AVGIDSShim]

"ImagePath"="\??\c:\program files\AVG\AVG8\IdentityProtection\agent\driver\platform_VISTA\AVGIDSShim.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\AVGIDSWatcher]

"ImagePath"="c:\program files\AVG\AVG8\IdentityProtection\agent\Bin\AVGIDSWatcher.exe"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\AvgLdx86]

"ImagePath"="\SystemRoot\System32\Drivers\avgldx86.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\AvgMfx86]

"ImagePath"="\SystemRoot\System32\Drivers\avgmfx86.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\AvgRkx86]

"ImagePath"="System32\Drivers\avgrkx86.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\AvgTdiX]

"ImagePath"="\SystemRoot\System32\Drivers\avgtdix.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\BattC]

"MofImagePath"="system32\drivers\battc.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Beep]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\BFE]

"ServiceDll"="%SystemRoot%\System32\bfe.dll"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\BITS]

"ServiceDll"="%systemroot%\system32\qmgr.dll"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\blbdrive]

"ImagePath"="\SystemRoot\system32\drivers\blbdrive.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Bonjour Service]

"ImagePath"="\"c:\program files\Bonjour\mDNSResponder.exe\""

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\bowser]

"ImagePath"="system32\DRIVERS\bowser.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\BrFiltLo]

"ImagePath"="\SystemRoot\system32\drivers\brfiltlo.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\BrFiltUp]

"ImagePath"="\SystemRoot\system32\drivers\brfiltup.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Browser]

"ServiceDll"="%SystemRoot%\System32\browser.dll"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Brserid]

"ImagePath"="\SystemRoot\system32\drivers\brserid.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\BrSerWdm]

"ImagePath"="\SystemRoot\system32\drivers\brserwdm.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\BrUsbMdm]

"ImagePath"="\SystemRoot\system32\drivers\brusbmdm.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\BrUsbSer]

"ImagePath"="\SystemRoot\system32\drivers\brusbser.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\BTHMODEM]

"ImagePath"="\SystemRoot\system32\drivers\bthmodem.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\BTHPORT]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\catchme]

"ImagePath"="\??\c:\users\CEMKIL~1\AppData\Local\Temp\catchme.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\cdfs]

"ImagePath"="system32\DRIVERS\cdfs.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\cdrom]

"ImagePath"="system32\DRIVERS\cdrom.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\CertPropSvc]

"ServiceDll"="%SystemRoot%\System32\certprop.dll"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\circlass]

"ImagePath"="\SystemRoot\system32\drivers\circlass.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\CLFS]

"ImagePath"="System32\CLFS.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\clr_optimization_v2.0.50727_32]

"ImagePath"="%systemroot%\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\cmdide]

"ImagePath"="\SystemRoot\system32\drivers\cmdide.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Compbatt]

"ImagePath"="\SystemRoot\system32\drivers\compbatt.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\COMSysApp]

"ImagePath"="%SystemRoot%\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235}"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\crcdisk]

"ImagePath"="system32\drivers\crcdisk.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Crusoe]

"ImagePath"="\SystemRoot\system32\drivers\crusoe.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\crypt32]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\CryptSvc]

"ServiceDll"="%SystemRoot%\system32\cryptsvc.dll"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\DCLocator]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\DcomLaunch]

"ServiceDll"="%SystemRoot%\system32\rpcss.dll"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\DfsC]

"ImagePath"="System32\Drivers\dfsc.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\DFSR]

"ImagePath"="%SystemRoot%\system32\DFSR.exe"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Dhcp]

"ServiceDll"="%SystemRoot%\system32\dhcpcsvc.dll"

--

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\disk]

"ImagePath"="system32\drivers\disk.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Dnscache]

"ServiceDll"="%SystemRoot%\System32\dnsrslvr.dll"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\dot3svc]

"ServiceDll"="%SystemRoot%\System32\dot3svc.dll"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\DPS]

"ServiceDll"="%SystemRoot%\system32\dps.dll"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\drmkaud]

"ImagePath"="system32\drivers\drmkaud.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\DXGKrnl]

"ImagePath"="\SystemRoot\System32\drivers\dxgkrnl.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\e1express]

"ImagePath"="system32\DRIVERS\e1e6032.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\E1G60]

"ImagePath"="system32\DRIVERS\E1G60I32.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EapHost]

"ServiceDll"="%SystemRoot%\System32\eapsvc.dll"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Ecache]

"ImagePath"="System32\drivers\ecache.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\ehRecvr]

"ImagePath"="%systemroot%\ehome\ehRecvr.exe"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\ehSched]

"ImagePath"="%systemroot%\ehome\ehsched.exe"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\ehstart]

"ServiceDll"="%SystemRoot%\ehome\ehstart.dll"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\elxstor]

"ImagePath"="\SystemRoot\system32\drivers\elxstor.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EmdCache]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EMDMgmt]

"ServiceDll"="%systemroot%\system32\emdmgmt.dll"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\ErrDev]

"ImagePath"="\SystemRoot\system32\drivers\errdev.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\ESENT]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog]

"ServiceDll"="%SystemRoot%\System32\wevtsvc.dll"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventSystem]

"ServiceDll"="%systemroot%\system32\es.dll"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\exfat]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\fastfat]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\fdc]

"ImagePath"="system32\DRIVERS\fdc.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\fdPHost]

"ServiceDll"="%SystemRoot%\system32\fdPHost.dll"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\FDResPub]

"ServiceDll"="%SystemRoot%\system32\fdrespub.dll"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\FileInfo]

"ImagePath"="system32\drivers\fileinfo.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Filetrace]

"ImagePath"="system32\drivers\filetrace.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\FLEXnet Licensing Service]

"ImagePath"="\"c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe\""

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\flpydisk]

"ImagePath"="system32\DRIVERS\flpydisk.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\FltMgr]

"ImagePath"="system32\drivers\fltmgr.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\FontCache]

"ServiceDll"="%SystemRoot%\system32\FntCache.dll"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\FontCache3.0.0.0]

"ImagePath"="%systemroot%\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Fs_Rec]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\gagp30kx]

"ImagePath"="\SystemRoot\system32\drivers\gagp30kx.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\GEARAspiWDM]

"ImagePath"="system32\DRIVERS\GEARAspiWDM.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\gpsvc]

"ServiceDll"="%SystemRoot%\System32\gpsvc.dll"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\HdAudAddService]

"ImagePath"="system32\drivers\HdAudio.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\HDAudBus]

"ImagePath"="system32\DRIVERS\HDAudBus.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\HidBth]

"ImagePath"="\SystemRoot\system32\drivers\hidbth.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\HidIr]

"ImagePath"="\SystemRoot\system32\drivers\hidir.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\hidserv]

"ServiceDll"="%SystemRoot%\System32\hidserv.dll"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\HidUsb]

"ImagePath"="system32\DRIVERS\hidusb.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\hkmsvc]

"ServiceDLL"="%SystemRoot%\system32\kmsvc.dll"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\HpCISSs]

"ImagePath"="\SystemRoot\system32\drivers\hpcisss.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\hrfsmrx]

"ImagePath"="\SystemRoot\System32\Drivers\hrfsmrx.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\HTTP]

"ImagePath"="system32\drivers\HTTP.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\humyo.com]

"ImagePath"="\"c:\program files\humyo SmartDrive\hrfscore.exe\""

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\i2omp]

"ImagePath"="\SystemRoot\system32\drivers\i2omp.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\i8042prt]

"ImagePath"="system32\DRIVERS\i8042prt.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\IAANTMON]

"ImagePath"="c:\program files\Intel\Intel Matrix Storage Manager\Iaantmon.exe"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\iaStor]

"ImagePath"="system32\DRIVERS\iaStor.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\iaStorV]

"ImagePath"="\SystemRoot\system32\drivers\iastorv.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\idsvc]

"ImagePath"="\"%systemroot%\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe\""

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\iirsp]

"ImagePath"="\SystemRoot\system32\drivers\iirsp.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\IKEEXT]

"ServiceDll"="%SystemRoot%\System32\ikeext.dll"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\inetaccs]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\IntcAzAudAddService]

"ImagePath"="system32\drivers\RTKVHDA.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\intelide]

"ImagePath"="\SystemRoot\system32\drivers\intelide.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\intelppm]

"ImagePath"="system32\DRIVERS\intelppm.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\IPBusEnum]

"ServiceDll"="%SystemRoot%\system32\ipbusenum.dll"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\IpFilterDriver]

"ImagePath"="system32\DRIVERS\ipfltdrv.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\iphlpsvc]

"ServiceDll"="%SystemRoot%\System32\iphlpsvc.dll"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\IpInIp]

"ImagePath"="system32\DRIVERS\ipinip.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\IPMIDRV]

"ImagePath"="\SystemRoot\system32\drivers\ipmidrv.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\IPNAT]

"ImagePath"="system32\DRIVERS\ipnat.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\iPod Service]

"ImagePath"="\"c:\program files\iPod\bin\iPodService.exe\""

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\IRENUM]

"ImagePath"="system32\drivers\irenum.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\isapnp]

"ImagePath"="\SystemRoot\system32\drivers\isapnp.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\iScsiPrt]

"ImagePath"="system32\DRIVERS\msiscsi.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\iteatapi]

"ImagePath"="\SystemRoot\system32\drivers\iteatapi.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\iteraid]

"ImagePath"="\SystemRoot\system32\drivers\iteraid.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\kbdclass]

"ImagePath"="system32\DRIVERS\kbdclass.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\kbdhid]

"ImagePath"="system32\DRIVERS\kbdhid.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\KeyIso]

"ImagePath"="%SystemRoot%\system32\lsass.exe"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\KSecDD]

"ImagePath"="System32\Drivers\ksecdd.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\KtmRm]

"ServiceDll"="%systemroot%\system32\msdtckrm.dll"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\LanmanServer]

"ServiceDll"="%SystemRoot%\System32\srvsvc.dll"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\LanmanWorkstation]

"ServiceDll"="%SystemRoot%\System32\wkssvc.dll"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\ldap]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\lltdio]

"ImagePath"="system32\DRIVERS\lltdio.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\lltdsvc]

"ServiceDll"="%SystemRoot%\System32\lltdsvc.dll"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\lmhosts]

"ServiceDll"="%SystemRoot%\System32\lmhsvc.dll"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Lsa]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\LSI_FC]

"ImagePath"="\SystemRoot\system32\drivers\lsi_fc.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\LSI_SAS]

"ImagePath"="\SystemRoot\system32\drivers\lsi_sas.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\LSI_SCSI]

"ImagePath"="\SystemRoot\system32\drivers\lsi_scsi.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\luafv]

"ImagePath"="\SystemRoot\system32\drivers\luafv.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Mcx2Svc]

"ServiceDll"="%SystemRoot%\system32\Mcx2Svc.dll"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\megasas]

"ImagePath"="\SystemRoot\system32\drivers\megasas.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\MegaSR]

"ImagePath"="\SystemRoot\system32\drivers\megasr.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\MMCSS]

"ServiceDll"="%SystemRoot%\system32\mmcss.dll"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Modem]

"ImagePath"="system32\drivers\modem.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\monitor]

"ImagePath"="system32\DRIVERS\monitor.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\mouclass]

"ImagePath"="system32\DRIVERS\mouclass.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\mouhid]

"ImagePath"="system32\DRIVERS\mouhid.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\MountMgr]

"ImagePath"="System32\drivers\mountmgr.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\mpio]

"ImagePath"="\SystemRoot\system32\drivers\mpio.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\mpsdrv]

"ImagePath"="System32\drivers\mpsdrv.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\MpsSvc]

"ServiceDll"="%SystemRoot%\system32\mpssvc.dll"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Mraid35x]

"ImagePath"="\SystemRoot\system32\drivers\mraid35x.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\MRxDAV]

"ImagePath"="\SystemRoot\system32\drivers\mrxdav.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\mrxsmb]

"ImagePath"="system32\DRIVERS\mrxsmb.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\mrxsmb10]

"ImagePath"="system32\DRIVERS\mrxsmb10.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\mrxsmb20]

"ImagePath"="system32\DRIVERS\mrxsmb20.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\msahci]

"ImagePath"="\SystemRoot\system32\drivers\msahci.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\msdsm]

"ImagePath"="\SystemRoot\system32\drivers\msdsm.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\MSDTC]

"ImagePath"="%SystemRoot%\System32\msdtc.exe"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\MSDTC Bridge 3.0.0.0]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Msfs]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\msisadrv]

"ImagePath"="system32\drivers\msisadrv.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\MSiSCSI]

"ServiceDll"="%systemroot%\system32\iscsiexe.dll"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\msiserver]

"ImagePath"="%systemroot%\system32\msiexec.exe /V"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\MSKSSRV]

"ImagePath"="system32\drivers\MSKSSRV.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\MSPCLOCK]

"ImagePath"="system32\drivers\MSPCLOCK.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\MSPQM]

"ImagePath"="system32\drivers\MSPQM.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\MsRPC]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\MSSCNTRS]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\mssmbios]

"ImagePath"="system32\DRIVERS\mssmbios.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\MSTEE]

"ImagePath"="system32\drivers\MSTEE.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Mup]

"ImagePath"="System32\Drivers\mup.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\napagent]

"ServiceDLL"="%SystemRoot%\system32\qagentRT.dll"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\NativeWifiP]

"ImagePath"="system32\DRIVERS\nwifi.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\NDIS]

"ImagePath"="system32\drivers\ndis.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\NdisTapi]

"ImagePath"="system32\DRIVERS\ndistapi.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Ndisuio]

"ImagePath"="system32\DRIVERS\ndisuio.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\NdisWan]

"ImagePath"="system32\DRIVERS\ndiswan.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\NDProxy]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\NetBIOS]

"ImagePath"="system32\DRIVERS\netbios.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\netbt]

"ImagePath"="System32\DRIVERS\netbt.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Netlogon]

"ImagePath"="%SystemRoot%\system32\lsass.exe"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Netman]

"ServiceDll"="%SystemRoot%\System32\netman.dll"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\netprofm]

"ServiceDll"="%SystemRoot%\System32\netprofm.dll"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\netr28u]

"ImagePath"="system32\DRIVERS\netr28u.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\NetTcpPortSharing]

"ImagePath"="\"%systemroot%\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe\""

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\nfrd960]

"ImagePath"="\SystemRoot\system32\drivers\nfrd960.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\NlaSvc]

"ServiceDll"="%SystemRoot%\System32\nlasvc.dll"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\nmwcd]

"ImagePath"="system32\drivers\ccdcmb.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\nmwcdc]

"ImagePath"="system32\drivers\ccdcmbo.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Npfs]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\nsi]

"ServiceDll"="%systemroot%\system32\nsisvc.dll"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\nsiproxy]

"ImagePath"="system32\drivers\nsiproxy.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\NTDS]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Ntfs]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\ntrigdigi]

"ImagePath"="\SystemRoot\system32\drivers\ntrigdigi.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Null]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\nvlddmkm]

"ImagePath"="system32\DRIVERS\nvlddmkm.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\nvraid]

"ImagePath"="\SystemRoot\system32\drivers\nvraid.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\nvstor]

"ImagePath"="\SystemRoot\system32\drivers\nvstor.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\nvsvc]

"ImagePath"="%SystemRoot%\system32\nvvsvc.exe"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\nv_agp]

"ImagePath"="\SystemRoot\system32\drivers\nv_agp.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\NwlnkFlt]

"ImagePath"="system32\DRIVERS\nwlnkflt.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\NwlnkFwd]

"ImagePath"="system32\DRIVERS\nwlnkfwd.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\odserv]

"ImagePath"="\"c:\program files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE\""

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\ohci1394]

"ImagePath"="system32\DRIVERS\ohci1394.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\ose]

"ImagePath"="\"c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE\""

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Outlook]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\p2pimsvc]

"ServiceDll"="%SystemRoot%\system32\p2psvc.dll"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\p2psvc]

"ServiceDll"="%SystemRoot%\system32\p2psvc.dll"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Parport]

"ImagePath"="\SystemRoot\system32\drivers\parport.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\partmgr]

"ImagePath"="System32\drivers\partmgr.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Parvdm]

"ImagePath"="\SystemRoot\system32\drivers\parvdm.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\PcaSvc]

"ServiceDll"="%SystemRoot%\System32\pcasvc.dll"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\pccsmcfd]

"ImagePath"="system32\DRIVERS\pccsmcfd.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\pci]

"ImagePath"="system32\drivers\pci.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\pciide]

"ImagePath"="\SystemRoot\system32\drivers\pciide.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\pcmcia]

"ImagePath"="\SystemRoot\system32\drivers\pcmcia.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\pcouffin]

"ImagePath"="System32\Drivers\pcouffin.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\PEAUTH]

"ImagePath"="system32\drivers\peauth.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\PerfDisk]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\PerfNet]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\PerfOS]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\PerfProc]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\pla]

"ServiceDll"="%systemroot%\system32\pla.dll"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\PlugPlay]

"ServiceDll"="%SystemRoot%\system32\umpnpmgr.dll"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\PNRPAutoReg]

"ServiceDll"="%SystemRoot%\system32\p2psvc.dll"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\PNRPsvc]

"ServiceDll"="%SystemRoot%\system32\p2psvc.dll"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\PolicyAgent]

"ServiceDll"="%SystemRoot%\System32\ipsecsvc.dll"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\PortProxy]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\PptpMiniport]

"ImagePath"="system32\DRIVERS\raspptp.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Processor]

"ImagePath"="\SystemRoot\system32\drivers\processr.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\ProfSvc]

"ServiceDll"="%systemroot%\system32\profsvc.dll"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\ProtectedStorage]

"ImagePath"="%SystemRoot%\system32\lsass.exe"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\PSched]

"ImagePath"="system32\DRIVERS\pacer.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\PSI_SVC_2]

"ImagePath"="\"c:\program files\Common Files\Protexis\License Service\PsiService_2.exe\""

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\ql2300]

"ImagePath"="\SystemRoot\system32\drivers\ql2300.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\ql40xx]

"ImagePath"="\SystemRoot\system32\drivers\ql40xx.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\QWAVE]

"ServiceDll"="%windir%\system32\qwave.dll"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\QWAVEdrv]

"ImagePath"="\SystemRoot\system32\drivers\qwavedrv.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\RasAcd]

"ImagePath"="System32\DRIVERS\rasacd.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\RasAuto]

"ServiceDll"="%SystemRoot%\System32\rasauto.dll"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Rasl2tp]

"ImagePath"="system32\DRIVERS\rasl2tp.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\RasMan]

"ServiceDll"="%SystemRoot%\System32\rasmans.dll"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\RasPppoe]

"ImagePath"="system32\DRIVERS\raspppoe.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\RasSstp]

"ImagePath"="system32\DRIVERS\rassstp.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\rdbss]

"ImagePath"="system32\DRIVERS\rdbss.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\RDPCDD]

"ImagePath"="System32\DRIVERS\RDPCDD.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\RDPDD]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\rdpdr]

"ImagePath"="\SystemRoot\system32\drivers\rdpdr.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\RDPENCDD]

"ImagePath"="system32\drivers\rdpencdd.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\RDPNP]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\RDPWD]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\RemoteAccess]

"ServiceDLL"="%SystemRoot%\System32\mprdim.dll"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\RemoteRegistry]

"ServiceDll"="%SystemRoot%\system32\regsvc.dll"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\rpcapd]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\RpcLocator]

"ImagePath"="%SystemRoot%\system32\locator.exe"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\RpcSs]

"ServiceDll"="%SystemRoot%\system32\rpcss.dll"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\rspndr]

"ImagePath"="system32\DRIVERS\rspndr.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SamSs]

"ImagePath"="%SystemRoot%\system32\lsass.exe"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sbp2port]

"ImagePath"="\SystemRoot\system32\drivers\sbp2port.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SCardSvr]

"ServiceDll"="%SystemRoot%\System32\SCardSvr.dll"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Schedule]

"ServiceDll"="%systemroot%\system32\schedsvc.dll"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SCPolicySvc]

"ServiceDll"="%SystemRoot%\System32\certprop.dll"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SDRSVC]

"ServiceDll"="%Systemroot%\System32\SDRSVC.dll"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\secdrv]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\seclogon]

"ServiceDll"="%windir%\system32\seclogon.dll"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SENS]

"ServiceDll"="%SystemRoot%\system32\sens.dll"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Serenum]

"ImagePath"="system32\DRIVERS\serenum.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Serial]

"ImagePath"="system32\DRIVERS\serial.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sermouse]

"ImagePath"="\SystemRoot\system32\drivers\sermouse.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\ServiceLayer]

"ImagePath"="\"c:\program files\PC Connectivity Solution\ServiceLayer.exe\""

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\ServiceModelEndpoint 3.0.0.0]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\ServiceModelOperation 3.0.0.0]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\ServiceModelService 3.0.0.0]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SessionEnv]

"ServiceDLL"="%SystemRoot%\system32\sessenv.dll"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sffdisk]

"ImagePath"="\SystemRoot\system32\drivers\sffdisk.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sffp_mmc]

"ImagePath"="\SystemRoot\system32\drivers\sffp_mmc.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sffp_sd]

"ImagePath"="\SystemRoot\system32\drivers\sffp_sd.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sfloppy]

"ImagePath"="\SystemRoot\system32\drivers\sfloppy.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess]

"ServiceDll"="%SystemRoot%\System32\ipnathlp.dll"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\ShellHWDetection]

"ServiceDll"="%SystemRoot%\System32\shsvcs.dll"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sisagp]

"ImagePath"="\SystemRoot\system32\drivers\sisagp.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SiSRaid2]

"ImagePath"="\SystemRoot\system32\drivers\sisraid2.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SiSRaid4]

"ImagePath"="\SystemRoot\system32\drivers\sisraid4.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\slsvc]

"ImagePath"="%SystemRoot%\system32\SLsvc.exe"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SLUINotify]

"ServiceDll"="%SystemRoot%\system32\SLUINotify.dll"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Smb]

"ImagePath"="system32\DRIVERS\smb.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SMSvcHost 3.0.0.0]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SNMPTRAP]

"ImagePath"="%SystemRoot%\System32\snmptrap.exe"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\spldr]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Spooler]

"ImagePath"="%SystemRoot%\System32\spoolsv.exe"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sptd]

"ImagePath"="System32\Drivers\sptd.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\srv]

"ImagePath"="System32\DRIVERS\srv.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\srv2]

"ImagePath"="System32\DRIVERS\srv2.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\srvnet]

"ImagePath"="System32\DRIVERS\srvnet.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SSDPSRV]

"ServiceDll"="%SystemRoot%\System32\ssdpsrv.dll"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SstpSvc]

"ServiceDll"="%SystemRoot%\system32\sstpsvc.dll"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\StarOpen]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\stisvc]

"ServiceDll"="%SystemRoot%\System32\wiaservc.dll"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\swenum]

"ImagePath"="system32\DRIVERS\swenum.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\swprv]

"ServiceDll"="%Systemroot%\System32\swprv.dll"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Symc8xx]

"ImagePath"="\SystemRoot\system32\drivers\symc8xx.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Sym_hi]

"ImagePath"="\SystemRoot\system32\drivers\sym_hi.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Sym_u3]

"ImagePath"="\SystemRoot\system32\drivers\sym_u3.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SysMain]

"ServiceDll"="%systemroot%\system32\sysmain.dll"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\TabletInputService]

"ServiceDll"="%SystemRoot%\System32\TabSvc.dll"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\tap0901]

"ImagePath"="system32\DRIVERS\tap0901.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\taphss]

"ImagePath"="system32\DRIVERS\taphss.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\TapiSrv]

"ServiceDll"="%SystemRoot%\System32\tapisrv.dll"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\TBS]

"ServiceDll"="%SystemRoot%\System32\tbssvc.dll"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip]

"ImagePath"="System32\drivers\tcpip.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip6]

"ImagePath"="system32\DRIVERS\tcpip.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\tcpipreg]

"ImagePath"="System32\drivers\tcpipreg.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\TDPIPE]

"ImagePath"="system32\drivers\tdpipe.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\TDTCP]

"ImagePath"="system32\drivers\tdtcp.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\tdx]

"ImagePath"="system32\DRIVERS\tdx.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\TermDD]

"ImagePath"="system32\DRIVERS\termdd.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\TermService]

"ServiceDll"="%SystemRoot%\System32\termsrv.dll"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Themes]

"ServiceDll"="%SystemRoot%\system32\shsvcs.dll"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\THREADORDER]

"ServiceDll"="%SystemRoot%\system32\mmcss.dll"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\TrkWks]

"ServiceDll"="%SystemRoot%\System32\trkwks.dll"

--

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\TrustedInstaller]

"ImagePath"="%SystemRoot%\servicing\TrustedInstaller.exe"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\TSDDD]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\tssecsrv]

"ImagePath"="System32\DRIVERS\tssecsrv.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\tunmp]

"ImagePath"="system32\DRIVERS\tunmp.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\tunnel]

"ImagePath"="system32\DRIVERS\tunnel.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\uagp35]

"ImagePath"="\SystemRoot\system32\drivers\uagp35.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\udfs]

"ImagePath"="system32\DRIVERS\udfs.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\UGatherer]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\UGTHRSVC]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\UI0Detect]

"ImagePath"="%SystemRoot%\system32\UI0Detect.exe"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\uliagpkx]

"ImagePath"="\SystemRoot\system32\drivers\uliagpkx.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\uliahci]

"ImagePath"="\SystemRoot\system32\drivers\uliahci.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\UlSata]

"ImagePath"="\SystemRoot\system32\drivers\ulsata.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\ulsata2]

"ImagePath"="\SystemRoot\system32\drivers\ulsata2.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\umbus]

"ImagePath"="system32\DRIVERS\umbus.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\upnphost]

"ServiceDll"="%SystemRoot%\System32\upnphost.dll"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\upperdev]

"ImagePath"="system32\DRIVERS\usbser_lowerflt.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\usb]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\USBAAPL]

"ImagePath"="System32\Drivers\usbaapl.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\usbaudio]

"ImagePath"="system32\drivers\usbaudio.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\usbccgp]

"ImagePath"="system32\DRIVERS\usbccgp.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\usbcir]

"ImagePath"="\SystemRoot\system32\drivers\usbcir.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\usbehci]

"ImagePath"="system32\DRIVERS\usbehci.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\usbhub]

"ImagePath"="system32\DRIVERS\usbhub.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\usbohci]

"ImagePath"="\SystemRoot\system32\drivers\usbohci.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\usbprint]

"ImagePath"="system32\DRIVERS\usbprint.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\usbscan]

"ImagePath"="system32\DRIVERS\usbscan.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\usbser]

"ImagePath"="system32\drivers\usbser.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\UsbserFilt]

"ImagePath"="system32\DRIVERS\usbser_lowerfltj.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\USBSTOR]

"ImagePath"="system32\DRIVERS\USBSTOR.SYS"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\usbuhci]

"ImagePath"="system32\DRIVERS\usbuhci.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\UxSms]

"ServiceDll"="%SystemRoot%\System32\uxsms.dll"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\vds]

"ImagePath"="%SystemRoot%\System32\vds.exe"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\vga]

"ImagePath"="system32\DRIVERS\vgapnp.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\VgaSave]

"ImagePath"="\SystemRoot\System32\drivers\vga.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\viaagp]

"ImagePath"="\SystemRoot\system32\drivers\viaagp.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\ViaC7]

"ImagePath"="\SystemRoot\system32\drivers\viac7.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\viaide]

"ImagePath"="\SystemRoot\system32\drivers\viaide.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\volmgr]

"ImagePath"="system32\drivers\volmgr.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\volmgrx]

"ImagePath"="System32\drivers\volmgrx.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\volsnap]

"ImagePath"="system32\drivers\volsnap.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\vsmraid]

"ImagePath"="\SystemRoot\system32\drivers\vsmraid.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\VSS]

"ImagePath"="%systemroot%\system32\vssvc.exe"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\W32Time]

"ServiceDll"="%systemroot%\system32\w32time.dll"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\W3SVC]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WacomPen]

"ImagePath"="\SystemRoot\system32\drivers\wacompen.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Wanarp]

"ImagePath"="system32\DRIVERS\wanarp.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Wanarpv6]

"ImagePath"="system32\DRIVERS\wanarp.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\wcncsvc]

"ServiceDll"="%SystemRoot%\System32\wcncsvc.dll"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WcsPlugInService]

"ServiceDll"="%SystemRoot%\System32\WcsPlugInService.dll"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Wd]

"ImagePath"="\SystemRoot\system32\drivers\wd.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Wdf01000]

"ImagePath"="system32\drivers\Wdf01000.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WdiServiceHost]

"ServiceDll"="%SystemRoot%\system32\wdi.dll"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WdiSystemHost]

"ServiceDll"="%SystemRoot%\system32\wdi.dll"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WebClient]

"ServiceDll"="%SystemRoot%\System32\webclnt.dll"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Wecsvc]

"ServiceDll"="%SystemRoot%\system32\wecsvc.dll"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\wercplsupport]

"ServiceDll"="%SystemRoot%\System32\wercplsupport.dll"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WerSvc]

"ServiceDll"="%SystemRoot%\System32\WerSvc.dll"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WinDefend]

"ServiceDll"="%ProgramFiles%\Windows Defender\mpsvc.dll"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Windows Workflow Foundation 3.0.0.0]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WinFLdrv]

"ImagePath"="system32\WinFLdrv.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WinHttpAutoProxySvc]

"ServiceDll"="winhttp.dll"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Winmgmt]

"ServiceDll"="%SystemRoot%\system32\wbem\WMIsvc.dll"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WinRM]

"ServiceDll"="%SystemRoot%\system32\WsmSvc.dll"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Winsock]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WinSock2]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WinVd32]

"ImagePath"="\??\c:\windows\system32\WinVd32.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Wlansvc]

"ServiceDll"="%SystemRoot%\System32\wlansvc.dll"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\wlidsvc]

"ImagePath"="\"c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE\""

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WmiAcpi]

"ImagePath"="\SystemRoot\system32\drivers\wmiacpi.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WmiApRpl]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\wmiApSrv]

"ImagePath"="%systemroot%\system32\wbem\WmiApSrv.exe"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WMPNetworkSvc]

"ImagePath"="\"%ProgramFiles%\Windows Media Player\wmpnetwk.exe\""

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WPCSvc]

"ServiceDll"="%SystemRoot%\System32\wpcsvc.dll"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WPDBusEnum]

"ServiceDll"="%SystemRoot%\system32\wpdbusenum.dll"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WpdUsb]

"ImagePath"="system32\DRIVERS\wpdusb.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\ws2ifsl]

"ImagePath"="\SystemRoot\system32\drivers\ws2ifsl.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\wscsvc]

"ServiceDll"="%SYSTEMROOT%\system32\wscsvc.dll"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WSearch]

"ImagePath"="%systemroot%\system32\SearchIndexer.exe /Embedding"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WSearchIdxPi]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\wuauserv]

"ServiceDll"="%systemroot%\system32\wuaueng.dll"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WUDFRd]

"ImagePath"="system32\DRIVERS\WUDFRd.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\wudfsvc]

"ServiceDll"="%SystemRoot%\System32\WUDFSvc.dll"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\xmlprov]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\{DDF1F56C-4F52-4489-9ECD-EFCF414CA4E6}]

.

--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

--------------------- DLLs Geladen Onder Lopende Processen ---------------------

- - - - - - - > 'Explorer.exe'(2840)

c:\program files\humyo SmartDrive\HrfsShellExtension.dll

c:\program files\WinRAR\rarext.dll

c:\program files\Malwarebytes' Anti-Malware\mbamext.dll

.

------------------------ Andere Aktieve Processen ------------------------

.

c:\windows\system32\nvvsvc.exe

c:\program files\AVG\AVG8\IdentityProtection\agent\Bin\AVGIDSAgent.exe

c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

c:\program files\Bonjour\mDNSResponder.exe

c:\program files\Common Files\Protexis\License Service\PsiService_2.exe

c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

c:\progra~1\AVG\AVG8\avgam.exe

c:\progra~1\AVG\AVG8\avgrsx.exe

c:\progra~1\AVG\AVG8\avgnsx.exe

c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

c:\windows\system32\conime.exe

c:\program files\Intel\Intel Matrix Storage Manager\IAAnotif.exe

c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe

c:\program files\AVG\AVG8\avgtray.exe

c:\program files\AVG\AVG8\IdentityProtection\agent\Bin\AVGIDSUI.exe

c:\program files\Windows Sidebar\sidebar.exe

c:\program files\Windows Media Player\wmpnscfg.exe

c:\program files\AVG\AVG8\IdentityProtection\agent\Bin\AVGIDSMonitor.exe

c:\program files\Windows Sidebar\sidebar.exe

.

**************************************************************************

.

Voltooingstijd: 2010-08-18 20:11:53 - machine werd herstart

ComboFix-quarantined-files.txt 2010-08-18 18:11

Pre-Run: 283.560.235.008 bytes beschikbaar

Post-Run: 283.991.912.448 bytes beschikbaar

- - End Of File - - 4DF015D2C8BE4B35B20441C64B59E8DF

kape · 19 augustus 2010

Combofix heeft behoorlijk wat weggehaald. Verwijder nog deze twee vetgedrukte mappen :

C:\32788R22FWJFW

C:\found.003

... en laat dan eens weten hoe de toestand nu is ?

CK-CA · 19 augustus 2010

Ik heb de 2 mappen verwijdert. Ik kan steeds 'Winhelp' niet verwijderen. (Zie afbeelding.)

kweezie wabbit · 20 augustus 2010

Start de pc op in veilige modus, log in met de account "administrator" en probeer dan het bestand winhelp.ex te verwijderen.

CK-CA · 20 augustus 2010

Dag Kweezie Wabbit,

Ik heb het net geprobeerd. Spijtig genoeg is het niet gelukt.

kweezie wabbit · 20 augustus 2010

Kan je het pad naar dit bestand eens opgeven.

Inloggen

Trojaans paard

Aanbevolen berichten

Link naar reactie

Delen op andere sites

Beste reacties in dit topic

Populaire dagen

Beste reacties in dit topic

Populaire dagen

Geplaatste afbeeldingen

Link naar reactie

Delen op andere sites

Link naar reactie

Delen op andere sites

Link naar reactie

Delen op andere sites

Link naar reactie

Delen op andere sites

Link naar reactie

Delen op andere sites

Link naar reactie

Delen op andere sites

Link naar reactie

Delen op andere sites

Link naar reactie

Delen op andere sites

Link naar reactie

Delen op andere sites

Welkom op PC Helpforum

Leden statistieken

OVER ONS

SITEMAP

Belangrijke informatie