Kan na een tijdje niet meer typen! toetsenbord doet niets meer

[kape]

Dit ziet er nog allemaal even netjes uit. Dan gaan we eens wat dieper kijken om malware volkomen te kunnen uitsluiten.

Download ComboFix van één van deze locaties:

Link 1

Link 2

* BELANGRIJK !!! Sla ComboFix.exe op je Bureaublad op

Lees hier meer over correct gebruik van Combofix.

• Schakel alle antivirus- en antispywareprogramma's uit, want anders kunnen ze misschien conflicteren met ComboFix. Hier is een handleiding over hoe je ze kan uitschakelen: Klik hier Als het je niet lukt om ze uit te schakelen, ga dan gewoon door naar de volgende stap.
  
• Dubbelklik op ComboFix.exe en volg de meldingen op het scherm.
  
• ComboFix zal controleren of dat de Microsoft Windows Recovery Console reeds is geïnstalleerd. Als deze Recovery Console al is geïnstalleerd zal ComboFix automatisch verder gaan met het scannen naar malware
  
• Volg anders de meldingen op het scherm om ComboFix de Microsoft Windows Recovery Console te laten downloaden en installeren. Wanneer de Recovery Console succesvol is geïnstalleerd, klik je op “JA” om verder te gaan met het scannen naar malware.
  

NOTA: Wanneer ComboFix start, kan het zijn dat je een foutmelding krijgt dat “De inhoud van het ComboFix pakket werd gewijzigd”. Ga dan niet verder met de instructies, maar download ComboFix opnieuw. Deze melding kan verschijnen wanneer een file-infector (Virut) actief is op de computer. Blijf je die melding krijgen dan meld je dit.

Wanneer ComboFix klaar is, zal het het een logbestand voor je maken. Post de inhoud van dit logbestand (te vinden als C:\ComboFix.txt) in je volgende bericht.

[beebie_vanes]

ComboFix 10-09-08.03 - vanessa 09/09/2010 22:06:58.1.2 - x86

Microsoft® Windows Vista™ Home Basic 6.0.6002.2.1252.32.1043.18.1790.1059 [GMT 2:00]

Gestart vanuit: c:\users\vanessa\Downloads\ComboFix.exe

SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

.

(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\programdata\Microsoft\Network\Downloader\qmgr0.dat

c:\programdata\Microsoft\Network\Downloader\qmgr1.dat

.

(((((((((((((((((((( Bestanden Gemaakt van 2010-08-09 to 2010-09-09 ))))))))))))))))))))))))))))))

.

2010-09-09 20:26 . 2010-09-09 20:26 -------- d-----w- c:\users\vanessa\AppData\Local\temp

2010-09-09 20:26 . 2010-09-09 20:26 -------- d-----w- c:\users\Default\AppData\Local\temp

2010-09-08 15:33 . 2010-09-08 15:33 20332736 ----a-w- c:\users\vanessa\AppData\Roaming\TomTom\HOME\Profiles\o4vjyrjg.default\Updates\v2_7_6_2056_win.exe

2010-09-08 15:30 . 2010-09-08 15:30 -------- d-----w- c:\programdata\TomTom

2010-09-08 15:30 . 2010-09-08 15:30 -------- d-----w- c:\users\vanessa\AppData\Roaming\TomTom

2010-09-08 15:30 . 2010-09-08 15:30 -------- d-----w- c:\users\vanessa\AppData\Local\TomTom

2010-09-08 15:30 . 2010-09-08 15:30 -------- d-----w- c:\program files\TomTom International B.V

2010-09-08 15:29 . 2010-09-08 15:29 -------- d-----w- c:\program files\TomTom HOME 2

2010-09-08 15:29 . 2010-09-08 15:29 -------- d-----w- c:\program files\TomTom DesktopSuite

2010-09-06 16:04 . 2010-09-06 16:04 -------- d-----w- c:\users\vanessa\AppData\Roaming\Malwarebytes

2010-09-06 16:04 . 2010-04-29 13:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2010-09-06 16:04 . 2010-09-06 16:04 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2010-09-06 16:04 . 2010-09-06 16:04 -------- d-----w- c:\programdata\Malwarebytes

2010-09-06 16:04 . 2010-04-29 13:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys

2010-09-05 15:18 . 2010-09-05 15:18 388096 ----a-r- c:\users\vanessa\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe

2010-09-05 15:18 . 2010-09-05 15:18 -------- d-----w- c:\program files\Trend Micro

2010-09-04 20:41 . 2010-09-04 20:41 -------- d-----w- c:\program files\CCleaner

2010-08-11 18:17 . 2010-06-26 06:05 916480 ----a-w- c:\windows\system32\wininet.dll

2010-08-11 18:15 . 2010-06-08 17:35 3548040 ----a-w- c:\windows\system32\ntoskrnl.exe

2010-08-11 18:14 . 2010-06-18 15:04 302080 ----a-w- c:\windows\system32\drivers\srv.sys

2010-08-11 18:14 . 2010-06-18 15:04 144896 ----a-w- c:\windows\system32\drivers\srv2.sys

2010-08-11 18:14 . 2010-06-11 16:15 1248768 ----a-w- c:\windows\system32\msxml3.dll

2010-08-11 18:14 . 2010-06-16 16:04 905088 ----a-w- c:\windows\system32\drivers\tcpip.sys

.

((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-09-09 18:43 . 2008-08-18 15:08 4833 ----a-w- c:\windows\bthservsdp.dat

2010-09-08 16:15 . 2007-04-28 05:34 667352 ----a-w- c:\windows\system32\perfh013.dat

2010-09-08 16:15 . 2007-04-28 05:34 126854 ----a-w- c:\windows\system32\perfc013.dat

2010-09-04 20:13 . 2009-01-09 13:16 -------- d-----w- c:\program files\Microsoft

2010-09-04 08:31 . 2010-04-23 18:24 -------- d-----w- c:\program files\MP3 Rocket

2010-09-04 08:30 . 2010-04-23 18:24 -------- d-----w- c:\users\vanessa\AppData\Roaming\MP3Rocket

2010-08-29 14:37 . 2008-08-13 16:00 41621 ----a-w- c:\users\vanessa\AppData\Roaming\nvModes.dat

2010-08-21 20:52 . 2010-02-07 11:23 -------- d-----w- c:\programdata\McAfee Security Scan

2010-08-12 20:27 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail

2010-08-11 21:23 . 2007-04-27 20:30 -------- d-----w- c:\program files\Microsoft Works

2010-06-28 20:57 . 2010-07-15 18:35 38848 ----a-w- c:\windows\avastSS.scr

2010-06-28 20:57 . 2008-11-16 17:35 165032 ----a-w- c:\windows\system32\aswBoot.exe

2010-06-28 20:37 . 2008-11-16 17:36 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys

2010-06-28 20:37 . 2008-11-16 17:35 165456 ----a-w- c:\windows\system32\drivers\aswSP.sys

2010-06-28 20:33 . 2008-11-16 17:36 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys

2010-06-28 20:32 . 2008-11-16 17:35 50256 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys

2010-06-28 20:32 . 2008-11-16 17:35 17744 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys

2010-06-26 06:02 . 2010-08-11 18:16 109056 ----a-w- c:\windows\system32\iesysprep.dll

2010-06-26 06:02 . 2010-08-11 18:16 71680 ----a-w- c:\windows\system32\iesetup.dll

2010-06-26 04:25 . 2010-08-11 18:16 133632 ----a-w- c:\windows\system32\ieUnatt.exe

2010-06-23 13:28 . 2010-06-23 13:28 501936 ----a-w- c:\programdata\Google\Google Toolbar\Update\gtbCDBC.tmp.exe

2010-06-21 13:37 . 2010-08-11 18:16 2037760 ----a-w- c:\windows\system32\win32k.sys

2010-06-19 16:55 . 2006-11-02 10:25 665600 ----a-w- c:\windows\inf\drvindex.dat

2010-06-18 17:31 . 2010-08-11 18:16 36864 ----a-w- c:\windows\system32\rtutils.dll

2010-06-14 14:55 . 2009-08-24 19:20 427376 ----a-w- c:\users\vanessa\AppData\Roaming\HiYo\Data\hiyo_install.exe

2007-04-28 05:44 . 2007-04-28 05:44 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT

.

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SmpcSys"="c:\program files\Packard Bell\SetUpMyPC\SmpSys.exe" [2008-02-04 1038136]

"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" [2008-01-14 1688872]

"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-06-14 39408]

"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]

"TomTomHOME.exe"="c:\program files\TomTom HOME 2\TomTomHOMERunner.exe" [2010-08-24 247144]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]

"NvSvc"="c:\windows\system32\nvsvc.dll" [2007-09-19 86016]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-09-19 8497696]

"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-09-19 81920]

"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-02-09 845360]

"CardReaderMonitor"="c:\program files\Realtek Semiconductor Corp.\Realtek Card Reader Monitor\CardReaderMonitor.exe" [2007-07-25 643072]

"CarboniteSetupLite"="c:\program files\Packard Bell\Carbonite\CarboniteSetupLitePBPreInstaller.exe" [2008-04-07 306112]

"PCMAgent"="c:\program files\CyberLink\PowerCinema\PCMAgent.exe" [2008-03-21 143360]

"CLMLServer"="c:\program files\CyberLink\PowerCinema\Kernel\CLML\CLMLSvc.exe" [2008-04-11 196608]

"PlayMovie"="c:\program files\CyberLink\PlayMovie\PMVService.exe" [2008-03-31 172032]

"toolbar_eula_launcher"="c:\program files\Packard Bell\GOOGLE_EULA\EULALauncher.exe" [2007-02-20 28672]

"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-09-21 55824]

"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-09-28 185896]

"OpwareSE4"="c:\program files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe" [2006-10-11 75304]

"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-11-10 136600]

"fssui"="c:\program files\Windows Live\Family Safety\fsui.exe" [2009-08-05 647520]

"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-09-04 417792]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-09-08 305440]

"avast5"="c:\progra~1\ALWILS~1\Avast5\avastUI.exe" [2010-06-28 2837864]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]

"beid"="c:\program files\Belgium Identity Card\beid35gui.exe" [2010-02-05 2056192]

"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-04-29 1090952]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2008-11-21 784912]

McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableUIADesktopToggle"= 0 (0x0)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]

BootExecute REG_MULTI_SZ autocheck autochk *\0bootdelete

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]

@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]

"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

"DisableMonitoring"=dword:00000001

R2 Ca533av;Icatch(IV) Video Camera Device;c:\windows\system32\Drivers\Ca533av.sys [x]

R2 gupdate;Google Updateservice (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-02-01 135664]

R3 hitmanpro3;Hitman Pro 3 Support Driver;c:\windows\system32\drivers\hitmanpro3.sys [x]

R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-01-15 227232]

R3 RSUSBSTOR;RTS5121.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RTS5121.sys [x]

R3 Rts516xIR;Realtek IR Driver;c:\windows\system32\DRIVERS\Rts516xIR.sys [x]

S1 aswSP;aswSP; [x]

S2 {49DE1C67-83F8-4102-99E0-C16DCC7EEC796};{49DE1C67-83F8-4102-99E0-C16DCC7EEC796};c:\program files\CyberLink\PlayMovie\000.fcl [2008-03-31 41456]

S2 aswFsBlk;aswFsBlk; [x]

S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2010-06-28 50256]

S2 ezSharedSvc;Easybits Shared Services for Windows;c:\windows\system32\svchost.exe [2008-01-21 21504]

S2 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [2010-08-24 92008]

S3 RTL8187B;Realtek RTL8187B Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\RTL8187B.sys [2007-10-05 288256]

S3 vm331avs;Bison Webcam;c:\windows\system32\Drivers\vm331avs.sys [2007-09-07 943016]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc

bthsvcs REG_MULTI_SZ BthServ

LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs

ezSharedSvc

.

Inhoud van de 'Gedeelde Taken' map

2010-09-09 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-01 17:18]

2010-09-09 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-01 17:18]

2010-08-28 c:\windows\Tasks\Norton Security Scan for vanessa.job

- c:\program files\Norton Security Scan\Norton Security Scan\Engine\2.7.3.34\Nss.exe [2010-04-28 07:48]

2010-09-09 c:\windows\Tasks\Recovery DVD Creator-vanessa.job

- c:\program files\Packard Bell\SetupMyPc\MCDCheck.exe [2007-04-27 09:13]

2010-09-09 c:\windows\Tasks\Uitgebreide garantie-vanessa.job

- c:\program files\Packard Bell\SetupmyPC\PBCarNot.exe [2007-04-27 09:13]

.

.

------- Bijkomende Scan -------

.

uStart Page = hxxp://www.google.be/ig?hl=nl

uInternet Settings,ProxyOverride = *.local

IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000

IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html

.

- - - - ORPHANS VERWIJDERD - - - -

WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover

Rootkit scan 2010-09-09 22:26

Windows 6.0.6002 Service Pack 2 NTFS

scannen van verborgen processen ...

scannen van verborgen autostart items ...

scannen van verborgen bestanden ...

Scan succesvol afgerond

verborgen bestanden: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\{49DE1C67-83F8-4102-99E0-C16DCC7EEC796}]

"ImagePath"="\??\c:\program files\CyberLink\PlayMovie\000.fcl"

.

--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

Voltooingstijd: 2010-09-09 22:33:09

ComboFix-quarantined-files.txt 2010-09-09 20:33

Pre-Run: 48.722.042.880 bytes beschikbaar

Post-Run: 48.669.679.616 bytes beschikbaar

Current=1 Default=1 Failed=0 LastKnownGood=10 Sets=1,2,3,4,5,6,7,8,9,10

- - End Of File - - FC6D5DC0448A2EBE308F26803E367EAF

[kape]

Open een kladblokbestand.

Kopieer en plak daarin de onderstaande vetgedrukte tekst.

File::

c:\windows\avastSS.scr

c:\windows\system32\aswBoot.exe

c:\windows\system32\drivers\aswTdi.sys

c:\windows\system32\drivers\aswSP.sys

c:\windows\system32\drivers\aswRdr.sys

c:\windows\system32\drivers\aswMonFlt.sys

c:\windows\system32\drivers\aswFsBlk.sys

c:\windows\system32\drivers\hitmanpro3.sys

Driver::

aswRdr.sys

aswSP.sys

aswTdi.sys

aswMonFlt.sys

aswFsBlk.sys

hitmanpro3.sys

Registry::

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"avast5"=-

[-HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

[-HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

Sla dit bestand op je bureaublad op als CFScript.txt.

Sleep CFScript.txt in ComboFix.exe

Dit zal ComboFix doen herstarten. Start opnieuw op als dat gevraagd wordt.

Post na herstart de inhoud van de Combofix.txt in je volgende bericht.

[beebie_vanes]

ComboFix 10-09-08.03 - vanessa 10/09/2010 14:09:21.2.2 - x86

Microsoft® Windows Vista™ Home Basic 6.0.6002.2.1252.32.1043.18.1790.783 [GMT 2:00]

Gestart vanuit: c:\users\vanessa\Desktop\ComboFix.exe

gebruikte Opdracht switches :: c:\users\vanessa\Desktop\CFScript.txt..txt

SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

FILE ::

"c:\windows\avastSS.scr"

"c:\windows\system32\aswBoot.exe"

"c:\windows\system32\drivers\aswFsBlk.sys"

"c:\windows\system32\drivers\aswMonFlt.sys"

"c:\windows\system32\drivers\aswRdr.sys"

"c:\windows\system32\drivers\aswSP.sys"

"c:\windows\system32\drivers\aswTdi.sys"

"c:\windows\system32\drivers\hitmanpro3.sys"

.

(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\windows\avastSS.scr

c:\windows\system32\aswBoot.exe

c:\windows\system32\drivers\aswFsBlk.sys

c:\windows\system32\drivers\aswMonFlt.sys

c:\windows\system32\drivers\aswRdr.sys

c:\windows\system32\drivers\aswSP.sys

c:\windows\system32\drivers\aswTdi.sys

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

-------\Legacy_aswFsBlk

-------\Legacy_aswMonFlt

-------\Legacy_aswSP

-------\Service_aswFsBlk

-------\Service_aswMonFlt

-------\Service_aswSP

(((((((((((((((((((( Bestanden Gemaakt van 2010-08-10 to 2010-09-10 ))))))))))))))))))))))))))))))

.

2010-09-10 12:25 . 2010-09-10 12:30 -------- d-----w- c:\users\vanessa\AppData\Local\temp

2010-09-10 12:25 . 2010-09-10 12:25 -------- d-----w- c:\users\Public\AppData\Local\temp

2010-09-10 12:25 . 2010-09-10 12:25 -------- d-----w- c:\users\Default\AppData\Local\temp

2010-09-08 15:30 . 2010-09-08 15:30 -------- d-----w- c:\programdata\TomTom

2010-09-08 15:30 . 2010-09-08 15:30 -------- d-----w- c:\users\vanessa\AppData\Roaming\TomTom

2010-09-08 15:30 . 2010-09-08 15:30 -------- d-----w- c:\users\vanessa\AppData\Local\TomTom

2010-09-08 15:30 . 2010-09-08 15:30 -------- d-----w- c:\program files\TomTom International B.V

2010-09-08 15:29 . 2010-09-08 15:29 -------- d-----w- c:\program files\TomTom HOME 2

2010-09-08 15:29 . 2010-09-08 15:29 -------- d-----w- c:\program files\TomTom DesktopSuite

2010-09-06 16:04 . 2010-09-06 16:04 -------- d-----w- c:\users\vanessa\AppData\Roaming\Malwarebytes

2010-09-06 16:04 . 2010-04-29 13:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2010-09-06 16:04 . 2010-09-06 16:04 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2010-09-06 16:04 . 2010-09-06 16:04 -------- d-----w- c:\programdata\Malwarebytes

2010-09-06 16:04 . 2010-04-29 13:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys

2010-09-05 15:18 . 2010-09-05 15:18 -------- d-----w- c:\program files\Trend Micro

2010-09-04 20:41 . 2010-09-04 20:41 -------- d-----w- c:\program files\CCleaner

2010-08-11 18:17 . 2010-06-26 06:05 916480 ----a-w- c:\windows\system32\wininet.dll

2010-08-11 18:15 . 2010-06-08 17:35 3548040 ----a-w- c:\windows\system32\ntoskrnl.exe

2010-08-11 18:14 . 2010-06-18 15:04 302080 ----a-w- c:\windows\system32\drivers\srv.sys

2010-08-11 18:14 . 2010-06-18 15:04 144896 ----a-w- c:\windows\system32\drivers\srv2.sys

2010-08-11 18:14 . 2010-06-11 16:15 1248768 ----a-w- c:\windows\system32\msxml3.dll

2010-08-11 18:14 . 2010-06-16 16:04 905088 ----a-w- c:\windows\system32\drivers\tcpip.sys

.

((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-09-10 12:26 . 2008-08-18 15:08 3769 ----a-w- c:\windows\bthservsdp.dat

2010-09-08 16:15 . 2007-04-28 05:34 667352 ----a-w- c:\windows\system32\perfh013.dat

2010-09-08 16:15 . 2007-04-28 05:34 126854 ----a-w- c:\windows\system32\perfc013.dat

2010-09-08 15:33 . 2010-09-08 15:33 20332736 ----a-w- c:\users\vanessa\AppData\Roaming\TomTom\HOME\Profiles\o4vjyrjg.default\Updates\v2_7_6_2056_win.exe

2010-09-05 15:18 . 2010-09-05 15:18 388096 ----a-r- c:\users\vanessa\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe

2010-09-04 20:13 . 2009-01-09 13:16 -------- d-----w- c:\program files\Microsoft

2010-09-04 08:31 . 2010-04-23 18:24 -------- d-----w- c:\program files\MP3 Rocket

2010-09-04 08:30 . 2010-04-23 18:24 -------- d-----w- c:\users\vanessa\AppData\Roaming\MP3Rocket

2010-08-29 14:37 . 2008-08-13 16:00 41621 ----a-w- c:\users\vanessa\AppData\Roaming\nvModes.dat

2010-08-21 20:52 . 2010-02-07 11:23 -------- d-----w- c:\programdata\McAfee Security Scan

2010-08-12 20:27 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail

2010-08-11 21:23 . 2007-04-27 20:30 -------- d-----w- c:\program files\Microsoft Works

2010-06-26 06:02 . 2010-08-11 18:16 109056 ----a-w- c:\windows\system32\iesysprep.dll

2010-06-26 06:02 . 2010-08-11 18:16 71680 ----a-w- c:\windows\system32\iesetup.dll

2010-06-26 04:25 . 2010-08-11 18:16 133632 ----a-w- c:\windows\system32\ieUnatt.exe

2010-06-23 13:28 . 2010-06-23 13:28 501936 ----a-w- c:\programdata\Google\Google Toolbar\Update\gtbCDBC.tmp.exe

2010-06-21 13:37 . 2010-08-11 18:16 2037760 ----a-w- c:\windows\system32\win32k.sys

2010-06-19 16:55 . 2006-11-02 10:25 665600 ----a-w- c:\windows\inf\drvindex.dat

2010-06-18 17:31 . 2010-08-11 18:16 36864 ----a-w- c:\windows\system32\rtutils.dll

2010-06-14 14:55 . 2009-08-24 19:20 427376 ----a-w- c:\users\vanessa\AppData\Roaming\HiYo\Data\hiyo_install.exe

2007-04-28 05:44 . 2007-04-28 05:44 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT

.

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SmpcSys"="c:\program files\Packard Bell\SetUpMyPC\SmpSys.exe" [2008-02-04 1038136]

"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" [2008-01-14 1688872]

"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-06-14 39408]

"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]

"TomTomHOME.exe"="c:\program files\TomTom HOME 2\TomTomHOMERunner.exe" [2010-08-24 247144]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]

"NvSvc"="c:\windows\system32\nvsvc.dll" [2007-09-19 86016]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-09-19 8497696]

"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-09-19 81920]

"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-02-09 845360]

"CardReaderMonitor"="c:\program files\Realtek Semiconductor Corp.\Realtek Card Reader Monitor\CardReaderMonitor.exe" [2007-07-25 643072]

"CarboniteSetupLite"="c:\program files\Packard Bell\Carbonite\CarboniteSetupLitePBPreInstaller.exe" [2008-04-07 306112]

"PCMAgent"="c:\program files\CyberLink\PowerCinema\PCMAgent.exe" [2008-03-21 143360]

"CLMLServer"="c:\program files\CyberLink\PowerCinema\Kernel\CLML\CLMLSvc.exe" [2008-04-11 196608]

"PlayMovie"="c:\program files\CyberLink\PlayMovie\PMVService.exe" [2008-03-31 172032]

"toolbar_eula_launcher"="c:\program files\Packard Bell\GOOGLE_EULA\EULALauncher.exe" [2007-02-20 28672]

"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-09-21 55824]

"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-09-28 185896]

"OpwareSE4"="c:\program files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe" [2006-10-11 75304]

"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-11-10 136600]

"fssui"="c:\program files\Windows Live\Family Safety\fsui.exe" [2009-08-05 647520]

"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-09-04 417792]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-09-08 305440]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]

"beid"="c:\program files\Belgium Identity Card\beid35gui.exe" [2010-02-05 2056192]

"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-04-29 1090952]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2008-11-21 784912]

McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableUIADesktopToggle"= 0 (0x0)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]

BootExecute REG_MULTI_SZ autocheck autochk *\0bootdelete

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]

@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]

"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc

bthsvcs REG_MULTI_SZ BthServ

LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs

ezSharedSvc

.

Inhoud van de 'Gedeelde Taken' map

2010-09-10 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-01 17:18]

2010-09-10 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-01 17:18]

2010-08-28 c:\windows\Tasks\Norton Security Scan for vanessa.job

- c:\program files\Norton Security Scan\Norton Security Scan\Engine\2.7.3.34\Nss.exe [2010-04-28 07:48]

2010-09-10 c:\windows\Tasks\Recovery DVD Creator-vanessa.job

- c:\program files\Packard Bell\SetupMyPc\MCDCheck.exe [2007-04-27 09:13]

2010-09-10 c:\windows\Tasks\Uitgebreide garantie-vanessa.job

- c:\program files\Packard Bell\SetupmyPC\PBCarNot.exe [2007-04-27 09:13]

.

.

------- Bijkomende Scan -------

.

uStart Page = hxxp://www.google.be/ig?hl=nl

uInternet Settings,ProxyOverride = *.local

IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000

IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html

.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover

Rootkit scan 2010-09-10 14:29

Windows 6.0.6002 Service Pack 2 NTFS

scannen van verborgen processen ...

scannen van verborgen autostart items ...

scannen van verborgen bestanden ...

Scan succesvol afgerond

verborgen bestanden: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\.NET CLR Data]

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\.NET CLR Networking]

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\.NET Data Provider for Oracle]

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\.NET Data Provider for SqlServer]

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\.NETFramework]

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\ACPI]

"ImagePath"="system32\drivers\acpi.sys"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\AdobeActiveFileMonitor6.0]

"ImagePath"="c:\program files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\adp94xx]

"ImagePath"="\SystemRoot\system32\drivers\adp94xx.sys"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\adpahci]

"ImagePath"="\SystemRoot\system32\drivers\adpahci.sys"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\adpu160m]

"ImagePath"="\SystemRoot\system32\drivers\adpu160m.sys"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\adpu320]

"ImagePath"="\SystemRoot\system32\drivers\adpu320.sys"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\adsi]

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\AeLookupSvc]

"ServiceDll"="%SystemRoot%\System32\aelupsvc.dll"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\AFD]

"ImagePath"="\SystemRoot\system32\drivers\afd.sys"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\agp440]

"ImagePath"="\SystemRoot\system32\drivers\agp440.sys"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\aic78xx]

"ImagePath"="\SystemRoot\system32\drivers\djsvs.sys"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\ALG]

"ImagePath"="%SystemRoot%\System32\alg.exe"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\aliide]

"ImagePath"="\SystemRoot\system32\drivers\aliide.sys"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\amdagp]

"ImagePath"="\SystemRoot\system32\drivers\amdagp.sys"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\amdide]

"ImagePath"="\SystemRoot\system32\drivers\amdide.sys"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\AmdK7]

"ImagePath"="\SystemRoot\system32\drivers\amdk7.sys"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\AmdK8]

"ImagePath"="system32\DRIVERS\amdk8.sys"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Appinfo]

"ServiceDll"="%SystemRoot%\System32\appinfo.dll"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Apple Mobile Device]

"ImagePath"="\"c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe\""

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\AppMgmt]

"ServiceDll"="%SystemRoot%\System32\appmgmts.dll"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\arc]

"ImagePath"="\SystemRoot\system32\drivers\arc.sys"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\arcsas]

"ImagePath"="\SystemRoot\system32\drivers\arcsas.sys"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\aswRdr]

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\aswTdi]

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\AsyncMac]

"ImagePath"="system32\DRIVERS\asyncmac.sys"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\atapi]

"ImagePath"="system32\drivers\atapi.sys"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\AudioEndpointBuilder]

"ServiceDll"="%SystemRoot%\System32\Audiosrv.dll"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Audiosrv]

"ServiceDll"="%SystemRoot%\System32\Audiosrv.dll"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\avast! Antivirus]

"ImagePath"="\"c:\program files\Alwil Software\Avast5\AvastSvc.exe\""

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\avast! Mail Scanner]

"ImagePath"="\"c:\program files\Alwil Software\Avast5\AvastSvc.exe\""

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\avast! Web Scanner]

"ImagePath"="\"c:\program files\Alwil Software\Avast5\AvastSvc.exe\""

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\BattC]

"MofImagePath"="system32\drivers\battc.sys"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Beep]

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\BFE]

"ServiceDll"="%SystemRoot%\System32\bfe.dll"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\BITS]

"ServiceDll"="%systemroot%\system32\qmgr.dll"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\blbdrive]

"ImagePath"="\SystemRoot\system32\drivers\blbdrive.sys"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Bonjour Service]

"ImagePath"="\"c:\program files\Bonjour\mDNSResponder.exe\""

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\bowser]

"ImagePath"="system32\DRIVERS\bowser.sys"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\BrFiltLo]

"ImagePath"="\SystemRoot\system32\drivers\brfiltlo.sys"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\BrFiltUp]

"ImagePath"="\SystemRoot\system32\drivers\brfiltup.sys"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Browser]

"ServiceDll"="%SystemRoot%\System32\browser.dll"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Brserid]

"ImagePath"="\SystemRoot\system32\drivers\brserid.sys"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\BrSerWdm]

"ImagePath"="\SystemRoot\system32\drivers\brserwdm.sys"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\BrUsbMdm]

"ImagePath"="\SystemRoot\system32\drivers\brusbmdm.sys"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\BrUsbSer]

"ImagePath"="\SystemRoot\system32\drivers\brusbser.sys"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\BthEnum]

"ImagePath"="system32\DRIVERS\BthEnum.sys"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\BTHMODEM]

"ImagePath"="system32\DRIVERS\bthmodem.sys"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\BthPan]

"ImagePath"="system32\DRIVERS\bthpan.sys"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\BTHPORT]

"ImagePath"="System32\Drivers\BTHport.sys"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\BthServ]

"ServiceDll"="%SystemRoot%\System32\bthserv.dll"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\BTHUSB]

"ImagePath"="System32\Drivers\BTHUSB.sys"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Ca533av]

"ImagePath"="System32\Drivers\Ca533av.sys"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Cam5603D]

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Cam5607]

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\catchme]

"ImagePath"="\??\c:\users\vanessa\AppData\Local\Temp\catchme.sys"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\cdfs]

"ImagePath"="system32\DRIVERS\cdfs.sys"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\cdrom]

"ImagePath"="system32\DRIVERS\cdrom.sys"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\CertPropSvc]

"ServiceDll"="%SystemRoot%\System32\certprop.dll"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\circlass]

"ImagePath"="\SystemRoot\system32\drivers\circlass.sys"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\CLFS]

"ImagePath"="System32\CLFS.sys"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\clr_optimization_v2.0.50727_32]

"ImagePath"="%systemroot%\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\CmBatt]

"ImagePath"="system32\DRIVERS\CmBatt.sys"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\cmdide]

"ImagePath"="\SystemRoot\system32\drivers\cmdide.sys"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Compbatt]

"ImagePath"="system32\DRIVERS\compbatt.sys"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\COMSysApp]

"ImagePath"="%SystemRoot%\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235}"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\crcdisk]

"ImagePath"="system32\drivers\crcdisk.sys"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Crusoe]

"ImagePath"="\SystemRoot\system32\drivers\crusoe.sys"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\crypt32]

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\CryptSvc]

"ServiceDll"="%SystemRoot%\system32\cryptsvc.dll"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\DCLocator]

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\DcomLaunch]

"ServiceDll"="%SystemRoot%\system32\rpcss.dll"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\DfsC]

"ImagePath"="System32\Drivers\dfsc.sys"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\DFSR]

"ImagePath"="%SystemRoot%\system32\DFSR.exe"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Dhcp]

"ServiceDll"="%SystemRoot%\system32\dhcpcsvc.dll"

--

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\disk]

"ImagePath"="system32\drivers\disk.sys"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Dnscache]

"ServiceDll"="%SystemRoot%\System32\dnsrslvr.dll"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\dot3svc]

"ServiceDll"="%SystemRoot%\System32\dot3svc.dll"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\DPS]

"ServiceDll"="%SystemRoot%\system32\dps.dll"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\drmkaud]

"ImagePath"="system32\drivers\drmkaud.sys"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\DXGKrnl]

"ImagePath"="\SystemRoot\System32\drivers\dxgkrnl.sys"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\E1G60]

"ImagePath"="system32\DRIVERS\E1G60I32.sys"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\EapHost]

"ServiceDll"="%SystemRoot%\System32\eapsvc.dll"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Ecache]

"ImagePath"="System32\drivers\ecache.sys"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\elxstor]

"ImagePath"="\SystemRoot\system32\drivers\elxstor.sys"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\EmdCache]

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\EMDMgmt]

"ServiceDll"="%systemroot%\system32\emdmgmt.dll"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\ErrDev]

"ImagePath"="\SystemRoot\system32\drivers\errdev.sys"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\ESENT]

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Eventlog]

"ServiceDll"="%SystemRoot%\System32\wevtsvc.dll"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\EventSystem]

"ServiceDll"="%systemroot%\system32\es.dll"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\exfat]

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\ezSharedSvc]

"ServiceDll"="c:\windows\System32\ezsvc7.dll"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\fastfat]

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\fdc]

"ImagePath"="system32\DRIVERS\fdc.sys"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\fdPHost]

"ServiceDll"="%SystemRoot%\system32\fdPHost.dll"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\FDResPub]

"ServiceDll"="%SystemRoot%\system32\fdrespub.dll"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\FileInfo]

"ImagePath"="system32\drivers\fileinfo.sys"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Filetrace]

"ImagePath"="system32\drivers\filetrace.sys"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\FLEXnet Licensing Service]

"ImagePath"="\"c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe\""

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\flpydisk]

"ImagePath"="system32\DRIVERS\flpydisk.sys"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\FltMgr]

"ImagePath"="system32\drivers\fltmgr.sys"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\FontCache]

"ServiceDll"="%SystemRoot%\system32\FntCache.dll"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\FontCache3.0.0.0]

"ImagePath"="%systemroot%\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\fssfltr]

"ImagePath"="system32\DRIVERS\fssfltr.sys"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\fsssvc]

"ImagePath"="\"c:\program files\Windows Live\Family Safety\fsssvc.exe\""

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Fs_Rec]

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\gagp30kx]

"ImagePath"="\SystemRoot\system32\drivers\gagp30kx.sys"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\GEARAspiWDM]

"ImagePath"="system32\DRIVERS\GEARAspiWDM.sys"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\gpsvc]

"ServiceDll"="%SystemRoot%\System32\gpsvc.dll"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\gupdate]

"ImagePath"="\"c:\program files\Google\Update\GoogleUpdate.exe\" /svc"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\gusvc]

"ImagePath"="\"c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe\""

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\HdAudAddService]

"ImagePath"="system32\drivers\CHDART.sys"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\HDAudBus]

"ImagePath"="system32\DRIVERS\HDAudBus.sys"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\HidBth]

"ImagePath"="system32\DRIVERS\hidbth.sys"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\HidIr]

"ImagePath"="\SystemRoot\system32\drivers\hidir.sys"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\hidserv]

"ServiceDll"="%SystemRoot%\System32\hidserv.dll"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\HidUsb]

"ImagePath"="system32\DRIVERS\hidusb.sys"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\hitmanpro3]

"ImagePath"="\??\c:\windows\system32\drivers\hitmanpro3.sys"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\hkmsvc]

"ServiceDLL"="%SystemRoot%\system32\kmsvc.dll"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\HpCISSs]

"ImagePath"="\SystemRoot\system32\drivers\hpcisss.sys"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\HTTP]

"ImagePath"="system32\drivers\HTTP.sys"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\i2omp]

"ImagePath"="\SystemRoot\system32\drivers\i2omp.sys"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\i8042prt]

"ImagePath"="system32\DRIVERS\i8042prt.sys"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\iaStorV]

"ImagePath"="\SystemRoot\system32\drivers\iastorv.sys"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\idsvc]

"ImagePath"="\"%systemroot%\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe\""

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\iirsp]

"ImagePath"="\SystemRoot\system32\drivers\iirsp.sys"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\IKEEXT]

"ServiceDll"="%SystemRoot%\System32\ikeext.dll"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\inetaccs]

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\intelide]

"ImagePath"="\SystemRoot\system32\drivers\intelide.sys"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\intelppm]

"ImagePath"="system32\DRIVERS\intelppm.sys"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\IPBusEnum]

"ServiceDll"="%SystemRoot%\system32\ipbusenum.dll"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\IpFilterDriver]

"ImagePath"="system32\DRIVERS\ipfltdrv.sys"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\iphlpsvc]

"ServiceDll"="%SystemRoot%\System32\iphlpsvc.dll"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\IpInIp]

"ImagePath"="system32\DRIVERS\ipinip.sys"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\IPMIDRV]

"ImagePath"="\SystemRoot\system32\drivers\ipmidrv.sys"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\IPNAT]

"ImagePath"="system32\DRIVERS\ipnat.sys"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\iPod Service]

"ImagePath"="\"c:\program files\iPod\bin\iPodService.exe\""

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\IRENUM]

"ImagePath"="system32\drivers\irenum.sys"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\isapnp]

"ImagePath"="\SystemRoot\system32\drivers\isapnp.sys"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\iScsiPrt]

"ImagePath"="system32\DRIVERS\msiscsi.sys"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\iteatapi]

"ImagePath"="\SystemRoot\system32\drivers\iteatapi.sys"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\iteraid]

"ImagePath"="\SystemRoot\system32\drivers\iteraid.sys"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\kbdclass]

"ImagePath"="system32\DRIVERS\kbdclass.sys"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\kbdhid]

"ImagePath"="system32\DRIVERS\kbdhid.sys"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\KeyIso]

"ImagePath"="%SystemRoot%\system32\lsass.exe"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\KSecDD]

"ImagePath"="System32\Drivers\ksecdd.sys"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\KtmRm]

"ServiceDll"="%systemroot%\system32\msdtckrm.dll"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\LanmanServer]

"ServiceDll"="%SystemRoot%\System32\srvsvc.dll"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\LanmanWorkstation]

"ServiceDll"="%SystemRoot%\System32\wkssvc.dll"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\LBTServ]

"ImagePath"="c:\program files\Common Files\LogiShrd\Bluetooth\LBTServ.exe"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\ldap]

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\LHidFilt]

"ImagePath"="system32\DRIVERS\LHidFilt.Sys"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\LHidKe]

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\lltdio]

"ImagePath"="system32\DRIVERS\lltdio.sys"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\lltdsvc]

"ServiceDll"="%SystemRoot%\System32\lltdsvc.dll"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\lmhosts]

"ServiceDll"="%SystemRoot%\System32\lmhsvc.dll"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\LMouFilt]

"ImagePath"="system32\DRIVERS\LMouFilt.Sys"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Lsa]

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\LSI_FC]

"ImagePath"="\SystemRoot\system32\drivers\lsi_fc.sys"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\LSI_SAS]

"ImagePath"="\SystemRoot\system32\drivers\lsi_sas.sys"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\LSI_SCSI]

"ImagePath"="\SystemRoot\system32\drivers\lsi_scsi.sys"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\luafv]

"ImagePath"="\SystemRoot\system32\drivers\luafv.sys"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\McComponentHostService]

"ImagePath"="\"c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe\""

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\megasas]

"ImagePath"="\SystemRoot\system32\drivers\megasas.sys"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\MegaSR]

"ImagePath"="\SystemRoot\system32\drivers\megasr.sys"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\MMCSS]

"ServiceDll"="%SystemRoot%\system32\mmcss.dll"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Modem]

"ImagePath"="system32\drivers\modem.sys"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\monitor]

"ImagePath"="system32\DRIVERS\monitor.sys"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\mouclass]

"ImagePath"="system32\DRIVERS\mouclass.sys"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\mouhid]

"ImagePath"="system32\DRIVERS\mouhid.sys"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\MountMgr]

"ImagePath"="System32\drivers\mountmgr.sys"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\mpio]

"ImagePath"="\SystemRoot\system32\drivers\mpio.sys"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\mpsdrv]

"ImagePath"="System32\drivers\mpsdrv.sys"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\MpsSvc]

"ServiceDll"="%SystemRoot%\system32\mpssvc.dll"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Mraid35x]

"ImagePath"="\SystemRoot\system32\drivers\mraid35x.sys"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\MRxDAV]

"ImagePath"="\SystemRoot\system32\drivers\mrxdav.sys"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\mrxsmb]

"ImagePath"="system32\DRIVERS\mrxsmb.sys"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\mrxsmb10]

"ImagePath"="system32\DRIVERS\mrxsmb10.sys"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\mrxsmb20]

"ImagePath"="system32\DRIVERS\mrxsmb20.sys"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\msahci]

"ImagePath"="\SystemRoot\system32\drivers\msahci.sys"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\msdsm]

"ImagePath"="\SystemRoot\system32\drivers\msdsm.sys"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\MSDTC]

"ImagePath"="%SystemRoot%\System32\msdtc.exe"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\MSDTC Bridge 3.0.0.0]

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Msfs]

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\msisadrv]

"ImagePath"="system32\drivers\msisadrv.sys"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\MSiSCSI]

"ServiceDll"="%systemroot%\system32\iscsiexe.dll"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\msiserver]

"ImagePath"="%systemroot%\system32\msiexec.exe /V"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\MSKSSRV]

"ImagePath"="system32\drivers\MSKSSRV.sys"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\MSPCLOCK]

"ImagePath"="system32\drivers\MSPCLOCK.sys"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\MSPQM]

"ImagePath"="system32\drivers\MSPQM.sys"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\MsRPC]

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\MSSCNTRS]

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\mssmbios]

"ImagePath"="system32\DRIVERS\mssmbios.sys"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\MSTEE]

"ImagePath"="system32\drivers\MSTEE.sys"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Mup]

"ImagePath"="System32\Drivers\mup.sys"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\napagent]

"ServiceDLL"="%SystemRoot%\system32\qagentRT.dll"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\NativeWifiP]

"ImagePath"="system32\DRIVERS\nwifi.sys"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\NDIS]

"ImagePath"="system32\drivers\ndis.sys"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\NdisTapi]

"ImagePath"="system32\DRIVERS\ndistapi.sys"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Ndisuio]

"ImagePath"="system32\DRIVERS\ndisuio.sys"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\NdisWan]

"ImagePath"="system32\DRIVERS\ndiswan.sys"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\NDProxy]

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Nero BackItUp Scheduler 3]

"ImagePath"="c:\program files\Nero\Nero8\Nero BackItUp\NBService.exe"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\NetBIOS]

"ImagePath"="system32\DRIVERS\netbios.sys"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\netbt]

"ImagePath"="System32\DRIVERS\netbt.sys"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Netlogon]

"ImagePath"="%SystemRoot%\system32\lsass.exe"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Netman]

"ServiceDll"="%SystemRoot%\System32\netman.dll"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\netprofm]

"ServiceDll"="%SystemRoot%\System32\netprofm.dll"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\NetTcpPortSharing]

"ImagePath"="\"%systemroot%\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe\""

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\nfrd960]

"ImagePath"="\SystemRoot\system32\drivers\nfrd960.sys"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\NlaSvc]

"ServiceDll"="%SystemRoot%\System32\nlasvc.dll"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\NMIndexingService]

"ImagePath"="\"c:\program files\Common Files\Nero\Lib\NMIndexingService.exe\""

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Npfs]

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\nsi]

"ServiceDll"="%systemroot%\system32\nsisvc.dll"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\nsiproxy]

"ImagePath"="system32\drivers\nsiproxy.sys"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\NTDS]

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Ntfs]

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\ntrigdigi]

"ImagePath"="\SystemRoot\system32\drivers\ntrigdigi.sys"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Null]

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\NVENETFD]

"ImagePath"="system32\DRIVERS\nvmfdx32.sys"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\nvlddmkm]

"ImagePath"="system32\DRIVERS\nvlddmkm.sys"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\nvraid]

"ImagePath"="\SystemRoot\system32\drivers\nvraid.sys"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\nvsmu]

"ImagePath"="system32\DRIVERS\nvsmu.sys"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\nvstor]

"ImagePath"="\SystemRoot\system32\drivers\nvstor.sys"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\nv_agp]

"ImagePath"="\SystemRoot\system32\drivers\nv_agp.sys"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\NwlnkFlt]

"ImagePath"="system32\DRIVERS\nwlnkflt.sys"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\NwlnkFwd]

"ImagePath"="system32\DRIVERS\nwlnkfwd.sys"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\ohci1394]

"ImagePath"="\SystemRoot\system32\drivers\ohci1394.sys"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\ose]

"ImagePath"="\"c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE\""

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Outlook]

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\p2pimsvc]

"ServiceDll"="%SystemRoot%\system32\p2psvc.dll"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\p2psvc]

"ServiceDll"="%SystemRoot%\system32\p2psvc.dll"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Parport]

"ImagePath"="\SystemRoot\system32\drivers\parport.sys"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\partmgr]

"ImagePath"="System32\drivers\partmgr.sys"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Parvdm]

"ImagePath"="\SystemRoot\system32\drivers\parvdm.sys"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\PcaSvc]

"ServiceDll"="%SystemRoot%\System32\pcasvc.dll"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\pci]

"ImagePath"="system32\drivers\pci.sys"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\pciide]

"ImagePath"="system32\drivers\pciide.sys"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\pcmcia]

"ImagePath"="\SystemRoot\system32\drivers\pcmcia.sys"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\PEAUTH]

"ImagePath"="system32\drivers\peauth.sys"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\PerfDisk]

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\PerfNet]

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\PerfOS]

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\PerfProc]

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\pla]

"ServiceDll"="%systemroot%\system32\pla.dll"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\PLFlash DeviceIoControl Service]

"ImagePath"="c:\windows\system32\IoctlSvc.exe"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\PlugPlay]

"ServiceDll"="%SystemRoot%\system32\umpnpmgr.dll"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\PNRPAutoReg]

"ServiceDll"="%SystemRoot%\system32\p2psvc.dll"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\PNRPsvc]

"ServiceDll"="%SystemRoot%\system32\p2psvc.dll"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\PolicyAgent]

"ServiceDll"="%SystemRoot%\System32\ipsecsvc.dll"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\PortProxy]

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\PptpMiniport]

"ImagePath"="system32\DRIVERS\raspptp.sys"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Processor]

"ImagePath"="\SystemRoot\system32\drivers\processr.sys"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\ProfSvc]

"ServiceDll"="%systemroot%\system32\profsvc.dll"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\ProtectedStorage]

"ImagePath"="%SystemRoot%\system32\lsass.exe"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\PSched]

"ImagePath"="system32\DRIVERS\pacer.sys"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\PxHelp20]

"ImagePath"="System32\Drivers\PxHelp20.sys"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\ql2300]

"ImagePath"="\SystemRoot\system32\drivers\ql2300.sys"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\ql40xx]

"ImagePath"="\SystemRoot\system32\drivers\ql40xx.sys"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\QWAVE]

"ServiceDll"="%windir%\system32\qwave.dll"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\QWAVEdrv]

"ImagePath"="\SystemRoot\system32\drivers\qwavedrv.sys"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\RasAcd]

"ImagePath"="System32\DRIVERS\rasacd.sys"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\RasAuto]

"ServiceDll"="%SystemRoot%\System32\rasauto.dll"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Rasl2tp]

"ImagePath"="system32\DRIVERS\rasl2tp.sys"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\RasMan]

"ServiceDll"="%SystemRoot%\System32\rasmans.dll"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\RasPppoe]

"ImagePath"="system32\DRIVERS\raspppoe.sys"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\RasSstp]

"ImagePath"="system32\DRIVERS\rassstp.sys"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\rdbss]

"ImagePath"="system32\DRIVERS\rdbss.sys"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\RDPCDD]

"ImagePath"="System32\DRIVERS\RDPCDD.sys"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\RDPDD]

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\rdpdr]

"ImagePath"="\SystemRoot\system32\drivers\rdpdr.sys"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\RDPENCDD]

"ImagePath"="system32\drivers\rdpencdd.sys"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\RDPNP]

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\RDPWD]

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Realtek USB 2.0 Card Reader]

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\RemoteAccess]

"ServiceDLL"="%SystemRoot%\System32\mprdim.dll"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\RemoteRegistry]

"ServiceDll"="%SystemRoot%\system32\regsvc.dll"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\RFCOMM]

"ImagePath"="system32\DRIVERS\rfcomm.sys"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\RpcLocator]

"ImagePath"="%SystemRoot%\system32\locator.exe"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\RpcSs]

"ServiceDll"="%SystemRoot%\system32\rpcss.dll"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\rspndr]

"ImagePath"="system32\DRIVERS\rspndr.sys"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\RSUSBSTOR]

"ImagePath"="System32\Drivers\RTS5121.sys"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\RTL8187B]

"ImagePath"="system32\DRIVERS\RTL8187B.sys"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Rts516xIR]

"ImagePath"="system32\DRIVERS\Rts516xIR.sys"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\RTSTOR]

"ImagePath"="system32\drivers\RTSTOR.SYS"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\SamSs]

"ImagePath"="%SystemRoot%\system32\lsass.exe"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\sbp2port]

"ImagePath"="\SystemRoot\system32\drivers\sbp2port.sys"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\SCardSvr]

"ServiceDll"="%SystemRoot%\System32\SCardSvr.dll"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Schedule]

"ServiceDll"="%systemroot%\system32\schedsvc.dll"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\SCPolicySvc]

"ServiceDll"="%SystemRoot%\System32\certprop.dll"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\SDRSVC]

"ServiceDll"="%Systemroot%\System32\SDRSVC.dll"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\secdrv]

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\seclogon]

"ServiceDll"="%windir%\system32\seclogon.dll"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\SENS]

"ServiceDll"="%SystemRoot%\system32\sens.dll"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Serenum]

"ImagePath"="\SystemRoot\system32\drivers\serenum.sys"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Serial]

"ImagePath"="\SystemRoot\system32\drivers\serial.sys"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\sermouse]

"ImagePath"="\SystemRoot\system32\drivers\sermouse.sys"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\ServiceModelEndpoint 3.0.0.0]

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\ServiceModelOperation 3.0.0.0]

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\ServiceModelService 3.0.0.0]

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\SessionEnv]

"ServiceDLL"="%SystemRoot%\system32\sessenv.dll"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\sffdisk]

"ImagePath"="\SystemRoot\system32\drivers\sffdisk.sys"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\sffp_mmc]

"ImagePath"="\SystemRoot\system32\drivers\sffp_mmc.sys"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\sffp_sd]

"ImagePath"="\SystemRoot\system32\drivers\sffp_sd.sys"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\sfloppy]

"ImagePath"="\SystemRoot\system32\drivers\sfloppy.sys"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\SharedAccess]

"ServiceDll"="%SystemRoot%\System32\ipnathlp.dll"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\ShellHWDetection]

"ServiceDll"="%SystemRoot%\System32\shsvcs.dll"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\sisagp]

"ImagePath"="\SystemRoot\system32\drivers\sisagp.sys"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\SiSRaid2]

"ImagePath"="\SystemRoot\system32\drivers\sisraid2.sys"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\SiSRaid4]

"ImagePath"="\SystemRoot\system32\drivers\sisraid4.sys"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\slsvc]

"ImagePath"="%SystemRoot%\system32\SLsvc.exe"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\SLUINotify]

"ServiceDll"="%SystemRoot%\system32\SLUINotify.dll"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Smb]

"ImagePath"="system32\DRIVERS\smb.sys"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\SMSvcHost 3.0.0.0]

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\SNMPTRAP]

"ImagePath"="%SystemRoot%\System32\snmptrap.exe"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\spldr]

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Spooler]

"ImagePath"="%SystemRoot%\System32\spoolsv.exe"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\srv]

"ImagePath"="System32\DRIVERS\srv.sys"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\srv2]

"ImagePath"="System32\DRIVERS\srv2.sys"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\srvnet]

"ImagePath"="System32\DRIVERS\srvnet.sys"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\SSDPSRV]

"ServiceDll"="%SystemRoot%\System32\ssdpsrv.dll"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\SstpSvc]

"ServiceDll"="%SystemRoot%\system32\sstpsvc.dll"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\stisvc]

"ServiceDll"="%SystemRoot%\System32\wiaservc.dll"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\swenum]

"ImagePath"="system32\DRIVERS\swenum.sys"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\swprv]

"ServiceDll"="%Systemroot%\System32\swprv.dll"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Symc8xx]

"ImagePath"="\SystemRoot\system32\drivers\symc8xx.sys"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Sym_hi]

"ImagePath"="\SystemRoot\system32\drivers\sym_hi.sys"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Sym_u3]

"ImagePath"="\SystemRoot\system32\drivers\sym_u3.sys"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\SynTP]

"ImagePath"="system32\DRIVERS\SynTP.sys"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\SysMain]

"ServiceDll"="%systemroot%\system32\sysmain.dll"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\TabletInputService]

"ServiceDll"="%SystemRoot%\System32\TabSvc.dll"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\TapiSrv]

"ServiceDll"="%SystemRoot%\System32\tapisrv.dll"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\TBS]

"ServiceDll"="%SystemRoot%\System32\tbssvc.dll"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Tcpip]

"ImagePath"="System32\drivers\tcpip.sys"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Tcpip6]

"ImagePath"="system32\DRIVERS\tcpip.sys"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\tcpipreg]

"ImagePath"="System32\drivers\tcpipreg.sys"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\TDPIPE]

"ImagePath"="system32\drivers\tdpipe.sys"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\TDTCP]

"ImagePath"="system32\drivers\tdtcp.sys"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\tdx]

"ImagePath"="system32\DRIVERS\tdx.sys"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\TermDD]

"ImagePath"="system32\DRIVERS\termdd.sys"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\TermService]

"ServiceDll"="%SystemRoot%\System32\termsrv.dll"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Themes]

"ServiceDll"="%SystemRoot%\system32\shsvcs.dll"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\THREADORDER]

"ServiceDll"="%SystemRoot%\system32\mmcss.dll"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\TomTomHOMEService]

"ImagePath"="c:\program files\TomTom HOME 2\TomTomHOMEService.exe"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\TrkWks]

"ServiceDll"="%SystemRoot%\System32\trkwks.dll"

--

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\TrustedInstaller]

"ImagePath"="%SystemRoot%\servicing\TrustedInstaller.exe"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\TSDDD]

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\tssecsrv]

"ImagePath"="System32\DRIVERS\tssecsrv.sys"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\tunmp]

"ImagePath"="system32\DRIVERS\tunmp.sys"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\tunnel]

"ImagePath"="system32\DRIVERS\tunnel.sys"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\uagp35]

"ImagePath"="\SystemRoot\system32\drivers\uagp35.sys"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\udfs]

"ImagePath"="system32\DRIVERS\udfs.sys"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\UGatherer]

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\UGTHRSVC]

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\UI0Detect]

"ImagePath"="%SystemRoot%\system32\UI0Detect.exe"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\uliagpkx]

"ImagePath"="\SystemRoot\system32\drivers\uliagpkx.sys"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\uliahci]

"ImagePath"="\SystemRoot\system32\drivers\uliahci.sys"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\UlSata]

"ImagePath"="\SystemRoot\system32\drivers\ulsata.sys"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\ulsata2]

"ImagePath"="\SystemRoot\system32\drivers\ulsata2.sys"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\umbus]

"ImagePath"="system32\DRIVERS\umbus.sys"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\upnphost]

"ServiceDll"="%SystemRoot%\System32\upnphost.dll"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\usb]

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\usbaudio]

"ImagePath"="system32\drivers\usbaudio.sys"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\USBCamera]

"ImagePath"="System32\Drivers\Bulk533.sys"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\usbccgp]

"ImagePath"="system32\DRIVERS\usbccgp.sys"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\USBCCID]

"ImagePath"="system32\DRIVERS\Rts5161ccid.sys"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\usbcir]

"ImagePath"="\SystemRoot\system32\drivers\usbcir.sys"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\usbehci]

"ImagePath"="system32\DRIVERS\usbehci.sys"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\usbhub]

"ImagePath"="system32\DRIVERS\usbhub.sys"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\usbohci]

"ImagePath"="system32\DRIVERS\usbohci.sys"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\usbprint]

"ImagePath"="system32\DRIVERS\usbprint.sys"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\usbscan]

"ImagePath"="system32\DRIVERS\usbscan.sys"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\USBSTOR]

"ImagePath"="system32\DRIVERS\USBSTOR.SYS"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\usbuhci]

"ImagePath"="system32\DRIVERS\usbuhci.sys"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\usbvideo]

"ImagePath"="System32\Drivers\usbvideo.sys"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\UxSms]

"ServiceDll"="%SystemRoot%\System32\uxsms.dll"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\vds]

"ImagePath"="%SystemRoot%\System32\vds.exe"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\vga]

"ImagePath"="system32\DRIVERS\vgapnp.sys"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\VgaSave]

"ImagePath"="\SystemRoot\System32\drivers\vga.sys"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\viaagp]

"ImagePath"="\SystemRoot\system32\drivers\viaagp.sys"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\ViaC7]

"ImagePath"="\SystemRoot\system32\drivers\viac7.sys"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\viaide]

"ImagePath"="\SystemRoot\system32\drivers\viaide.sys"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\vm331avs]

"ImagePath"="System32\Drivers\vm331avs.sys"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\volmgr]

"ImagePath"="system32\drivers\volmgr.sys"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\volmgrx]

"ImagePath"="System32\drivers\volmgrx.sys"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\volsnap]

"ImagePath"="system32\drivers\volsnap.sys"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\vsmraid]

"ImagePath"="\SystemRoot\system32\drivers\vsmraid.sys"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\VSS]

"ImagePath"="%systemroot%\system32\vssvc.exe"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\W32Time]

"ServiceDll"="%systemroot%\system32\w32time.dll"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\W3SVC]

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\WacomPen]

"ImagePath"="\SystemRoot\system32\drivers\wacompen.sys"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Wanarp]

"ImagePath"="system32\DRIVERS\wanarp.sys"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Wanarpv6]

"ImagePath"="system32\DRIVERS\wanarp.sys"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\wcncsvc]

"ServiceDll"="%SystemRoot%\System32\wcncsvc.dll"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\WcsPlugInService]

"ServiceDll"="%SystemRoot%\System32\WcsPlugInService.dll"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Wd]

"ImagePath"="system32\drivers\wd.sys"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Wdf01000]

"ImagePath"="system32\drivers\Wdf01000.sys"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\WdiServiceHost]

"ServiceDll"="%SystemRoot%\system32\wdi.dll"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\WdiSystemHost]

"ServiceDll"="%SystemRoot%\system32\wdi.dll"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\WebClient]

"ServiceDll"="%SystemRoot%\System32\webclnt.dll"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Wecsvc]

"ServiceDll"="%SystemRoot%\system32\wecsvc.dll"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\wercplsupport]

"ServiceDll"="%SystemRoot%\System32\wercplsupport.dll"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\WerSvc]

"ServiceDll"="%SystemRoot%\System32\WerSvc.dll"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\WinDefend]

"ServiceDll"="%ProgramFiles%\Windows Defender\mpsvc.dll"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Windows Workflow Foundation 3.0.0.0]

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\WinHttpAutoProxySvc]

"ServiceDll"="winhttp.dll"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Winmgmt]

"ServiceDll"="%SystemRoot%\system32\wbem\WMIsvc.dll"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\WinRM]

"ServiceDll"="%SystemRoot%\system32\WsmSvc.dll"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Winsock]

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\WinSock2]

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Wlansvc]

"ServiceDll"="%SystemRoot%\System32\wlansvc.dll"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\wlidsvc]

"ImagePath"="\"c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE\""

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\WmiAcpi]

"ImagePath"="\SystemRoot\system32\drivers\wmiacpi.sys"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\WmiApRpl]

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\wmiApSrv]

"ImagePath"="%systemroot%\system32\wbem\WmiApSrv.exe"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\WMPNetworkSvc]

"ImagePath"="\"%ProgramFiles%\Windows Media Player\wmpnetwk.exe\""

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\WPCSvc]

"ServiceDll"="%SystemRoot%\System32\wpcsvc.dll"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\WPDBusEnum]

"ServiceDll"="%SystemRoot%\system32\wpdbusenum.dll"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\WpdUsb]

"ImagePath"="system32\DRIVERS\wpdusb.sys"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\ws2ifsl]

"ImagePath"="\SystemRoot\system32\drivers\ws2ifsl.sys"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\wscsvc]

"ServiceDll"="%SYSTEMROOT%\system32\wscsvc.dll"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\WSearch]

"ImagePath"="%systemroot%\system32\SearchIndexer.exe /Embedding"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\WSearchIdxPi]

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\wuauserv]

"ServiceDll"="%systemroot%\system32\wuaueng.dll"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\WUDFRd]

"ImagePath"="system32\DRIVERS\WUDFRd.sys"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\wudfsvc]

"ServiceDll"="%SystemRoot%\System32\WUDFSvc.dll"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\xmlprov]

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\{34449EBA-23DF-4A4A-93F4-3467883D67A2}]

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\{36C7F515-3D43-4E08-B5DD-0D3277E13B79}]

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\{49DE1C67-83F8-4102-99E0-C16DCC7EEC796}]

"ImagePath"="\??\c:\program files\CyberLink\PlayMovie\000.fcl"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\{DC56D727-2AA2-4290-8079-E725172A3D7C}]

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\{EC382CD6-A562-461D-8D00-3E8BBF7EE785}]

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\{49DE1C67-83F8-4102-99E0-C16DCC7EEC796}]

"ImagePath"="\??\c:\program files\CyberLink\PlayMovie\000.fcl"

.

--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

--------------------- DLLs Geladen Onder Lopende Processen ---------------------

- - - - - - - > 'Explorer.exe'(3940)

c:\program files\Logitech\SetPoint\lgscroll.dll

.

------------------------ Andere Aktieve Processen ------------------------

.

c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

c:\program files\Bonjour\mDNSResponder.exe

c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

c:\program files\Logitech\SetPoint\LBTWiz.exe

c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

c:\windows\system32\conime.exe

c:\windows\System32\rundll32.exe

c:\windows\System32\rundll32.exe

c:\program files\Realtek Semiconductor Corp\Realtek Card Reader Monitor\CardReaderMonitor.exe

c:\program files\Windows Media Player\wmpnetwk.exe

c:\program files\Common Files\Nero\Lib\NMIndexingService.exe

c:\program files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE

c:\program files\iPod\bin\iPodService.exe

.

**************************************************************************

.

Voltooingstijd: 2010-09-10 14:38:57 - machine werd herstart

ComboFix-quarantined-files.txt 2010-09-10 12:38

ComboFix2.txt 2010-09-09 20:33

Pre-Run: 48.565.387.264 bytes beschikbaar

Post-Run: 48.281.550.848 bytes beschikbaar

- - End Of File - - 4075865D1A5DE83461A919246612ED7B

[kape]

En hoe is de toestand nu ?

[beebie_vanes]

voorlopig nog niet moeten heropstarten om te kunnen typen!

[kape]

OK, dan mag je Combofix weer verwijderen.

Verwijder Combofix: Start -> Uitvoeren en typ: ComboFix /Uninstall

Dit zal Combofix verwijderen + gerelateerde mappen en bestanden, herstelt de klokinstellingen opnieuw, verbergt de bestandsextensies, gaat verborgen bestanden en systeembestanden terug verbergen en maakt een nieuw herstelpunt.

Indien aanwezig mag je de map C:\Qoobox manueel verwijderen.

[beebie_vanes]

ok done! en nu nog ff afwachten zeker??

[kape]

ok done! en nu nog ff afwachten zeker??

Inderdaad ... dat wordt het opnieuw. We zijn weer "in blijde verwachting" ?

[beebie_vanes]

eum in blijde verwachting?? lol valt te zien hoe je t bekijkt hé ik hou jullie op de hoogte...