Reclame virus op internet

Airco · 19 november 2012

Ik kan niks meer posten

- - - Updated - - -

ComboFix 12-11-16.02 - Anna 18-11-2012 15:09:20.2.4 - x64

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.31.1043.18.4008.2263 [GMT 1:00]

Gestart vanuit: c:\users\Anna\Downloads\ComboFix.exe

AV: AVG Anti-Virus Free Edition 2013 *Disabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}

AV: Microsoft Security Essentials *Disabled/Updated* {B140BF4E-23BB-4198-90AB-A51A4C60A69C}

SP: AVG Anti-Virus Free Edition 2013 *Disabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}

SP: Microsoft Security Essentials *Disabled/Updated* {0A215EAA-0581-4E16-AA1B-9E6837E7EC21}

SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

* Nieuw herstelpunt werd aangemaakt

.

(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\programdata\FullRemove.exe

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\vpngui.exe.lnk

c:\programdata\Roaming

c:\users\Anna\AppData\Local\Microsoft\Windows\Temporary Internet Files\{398E93D3-6A5A-466E-BA19-25B71DF447CF}.xps

c:\users\Anna\AppData\Local\Microsoft\Windows\Temporary Internet Files\{4174886E-9193-4F34-95C1-1F1EF7AEB729}.xps

c:\users\Anna\AppData\Local\Microsoft\Windows\Temporary Internet Files\{4E0978BE-F958-431A-A419-12A4F4ADF047}.xps

c:\users\Anna\AppData\Local\Microsoft\Windows\Temporary Internet Files\{736F4B63-63E8-4B12-BD7D-496F26D2D070}.xps

c:\users\Anna\AppData\Local\Microsoft\Windows\Temporary Internet Files\{9BD82E8A-285E-418E-8D17-C8478E6F51A3}.xps

c:\users\Anna\AppData\Local\Microsoft\Windows\Temporary Internet Files\{A3272EB7-D517-4612-87EC-CD24F2D412F4}.xps

c:\users\Anna\AppData\Local\Microsoft\Windows\Temporary Internet Files\{C5DEE53F-6511-4F4E-BD7D-C7321282FEC3}.xps

c:\users\Anna\AppData\Local\Microsoft\Windows\Temporary Internet Files\{D3CB85D1-C7B5-4E62-A848-324A417A3DCA}.xps

c:\users\Anna\AppData\Local\Microsoft\Windows\Temporary Internet Files\{E912967D-F931-4613-8F6D-00D7059DBA6E}.xps

c:\users\Anna\AppData\Local\Microsoft\Windows\Temporary Internet Files\{EBD31C18-C537-4687-BA2F-2579128F8CB6}.xps

c:\users\Anna\Documents\~WRL3775.tmp

c:\windows\msvcr71.dll

.

Besmet exemplaar van c:\windows\SysWow64\userinit.exe werd aangetroffen en gedesinfecteerd

Hersteld exemplaar van - c:\windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe

.

(((((((((((((((((((( Bestanden Gemaakt van 2012-10-18 to 2012-11-18 ))))))))))))))))))))))))))))))

.

- - - Updated - - -

2012-11-18 14:19 . 2012-11-18 14:19 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp

2012-11-18 14:19 . 2012-11-18 14:19 -------- d-----w- c:\users\Default\AppData\Local\temp

2012-11-16 10:56 . 2012-10-12 07:19 9291768 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{E113F180-D702-491E-B319-62EB6432BB0C}\mpengine.dll

2012-11-16 10:34 . 2012-07-26 07:49 2560 ----a-w- c:\windows\system32\drivers\nl-NL\wdf01000.sys.mui

2012-11-16 10:34 . 2012-07-26 04:55 785512 ----a-w- c:\windows\system32\drivers\Wdf01000.sys

2012-11-16 10:34 . 2012-07-26 04:55 54376 ----a-w- c:\windows\system32\drivers\WdfLdr.sys

2012-11-16 10:34 . 2012-07-26 02:36 9728 ----a-w- c:\windows\system32\Wdfres.dll

2012-11-16 10:22 . 2012-10-08 12:19 17811968 ----a-w- c:\windows\system32\mshtml.dll

2012-11-16 10:22 . 2012-10-08 11:42 10925568 ----a-w- c:\windows\system32\ieframe.dll

2012-11-16 10:17 . 2012-07-26 02:26 87040 ----a-w- c:\windows\system32\drivers\WUDFPf.sys

2012-11-16 10:17 . 2012-07-26 02:26 198656 ----a-w- c:\windows\system32\drivers\WUDFRd.sys

2012-11-16 10:17 . 2012-07-26 03:08 84992 ----a-w- c:\windows\system32\WUDFSvc.dll

2012-11-16 10:17 . 2012-07-26 03:08 194048 ----a-w- c:\windows\system32\WUDFPlatform.dll

2012-11-16 10:17 . 2012-07-26 03:08 229888 ----a-w- c:\windows\system32\WUDFHost.exe

2012-11-16 10:17 . 2012-07-26 03:08 744448 ----a-w- c:\windows\system32\WUDFx.dll

2012-11-16 10:17 . 2012-07-26 03:08 45056 ----a-w- c:\windows\system32\WUDFCoinstaller.dll

2012-11-15 15:26 . 2012-11-15 15:26 -------- d-----w- c:\users\Anna\AppData\Roaming\Malwarebytes

2012-11-15 15:26 . 2012-11-15 15:26 -------- d-----w- c:\programdata\Malwarebytes

2012-11-15 15:26 . 2012-11-15 15:26 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware

2012-11-15 15:26 . 2012-09-29 18:54 25928 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-11-15 10:06 . 2012-11-15 10:06 388096 ----a-r- c:\users\Anna\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe

2012-11-15 10:06 . 2012-11-15 10:06 -------- d-----w- c:\program files (x86)\Trend Micro

2012-11-14 14:32 . 2012-10-12 07:19 9291768 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll

2012-11-12 10:55 . 2012-11-12 10:55 -------- d-----w- c:\program files\Common Files\Deterministic Networks

2012-11-12 10:55 . 2012-11-12 10:55 -------- d-----w- c:\program files (x86)\Cisco Systems

2012-11-12 10:20 . 2012-11-12 10:20 -------- d-----w- c:\users\Anna\AppData\Local\Simio_LLC

2012-11-12 10:20 . 2012-11-12 10:20 -------- d-----w- c:\users\Anna\AppData\Local\IsolatedStorage

2012-10-27 15:49 . 2012-10-27 15:52 -------- d-----w- c:\program files (x86)\Optimizer Pro

2012-10-27 15:49 . 2012-10-27 15:52 -------- d-----w- c:\program files (x86)\WxDFast

2012-10-27 15:49 . 2012-10-27 15:52 -------- d-----w- c:\programdata\wxDownload

2012-10-27 15:48 . 2012-10-27 15:48 -------- d-----w- c:\programdata\InstallMate

2012-10-25 11:25 . 2012-10-25 11:25 -------- d-----w- c:\users\Anna\AppData\Roaming\Lingoes

2012-10-25 11:25 . 2012-10-25 11:25 -------- d-----w- c:\users\Anna\AppData\Local\Lingoes

2012-10-25 11:25 . 2012-10-25 11:25 -------- d-----w- c:\programdata\Lingoes

2012-10-25 11:25 . 2012-10-25 11:25 -------- d-----w- c:\program files (x86)\Lingoes

2012-10-22 12:02 . 2012-10-22 12:02 154464 ----a-w- c:\windows\system32\drivers\avgidsdrivera.sys

2012-10-19 22:18 . 2012-10-04 11:33 972192 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{F8504E6B-0F2E-4692-8E15-1D78CFF7B89B}\gapaengine.dll

.

((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-11-18 14:22 . 2011-09-08 14:51 45056 ----a-w- c:\windows\system32\acovcnt.exe

2012-11-16 10:19 . 2011-10-04 13:30 66395536 ----a-w- c:\windows\system32\MRT.exe

2012-10-18 17:58 . 2011-04-13 03:18 5016872 ----a-w- c:\windows\system32\ETDUI.cpl

2012-10-18 17:58 . 2011-04-13 03:18 142632 ----a-w- c:\windows\system32\drivers\ETD.sys

2012-10-15 02:48 . 2012-10-15 02:48 63328 ----a-w- c:\windows\system32\drivers\avgidsha.sys

2012-10-05 02:32 . 2012-10-05 02:32 111456 ----a-w- c:\windows\system32\drivers\avgmfx64.sys

2012-10-04 11:33 . 2011-10-11 22:10 972192 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll

2012-10-02 01:30 . 2012-10-02 01:30 185696 ----a-w- c:\windows\system32\drivers\avgldx64.sys

2012-09-21 01:46 . 2012-09-21 01:46 200032 ----a-w- c:\windows\system32\drivers\avgtdia.sys

2012-09-21 01:46 . 2012-09-21 01:46 225120 ----a-w- c:\windows\system32\drivers\avgloga.sys

2012-09-20 15:02 . 2012-09-20 15:02 1832760 ----a-w- c:\windows\system32\LogiLDA.DLL

2012-09-14 19:19 . 2012-10-10 09:49 2048 ----a-w- c:\windows\system32\tzres.dll

2012-09-14 18:28 . 2012-10-10 09:49 2048 ----a-w- c:\windows\SysWow64\tzres.dll

2012-09-14 01:05 . 2012-09-14 01:05 40800 ----a-w- c:\windows\system32\drivers\avgrkx64.sys

2012-09-07 09:19 . 2012-09-07 09:19 32768 ----a-w- c:\windows\system32\maplec.dll

2012-09-07 09:19 . 2012-09-07 09:19 281088 ----a-w- c:\windows\system32\WMIMPLEX.dll

2012-08-31 18:19 . 2012-10-10 09:50 1659760 ----a-w- c:\windows\system32\drivers\ntfs.sys

2012-08-30 20:03 . 2012-08-30 20:03 228768 ----a-w- c:\windows\system32\drivers\MpFilter.sys

2012-08-30 20:03 . 2011-04-27 13:25 128456 ----a-w- c:\windows\system32\drivers\NisDrvWFP.sys

2012-08-30 18:03 . 2012-10-10 09:50 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe

2012-08-30 17:12 . 2012-10-10 09:50 3968880 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe

2012-08-30 17:12 . 2012-10-10 09:50 3914096 ----a-w- c:\windows\SysWow64\ntoskrnl.exe

2012-08-24 18:05 . 2012-10-10 09:49 220160 ----a-w- c:\windows\system32\wintrust.dll

2012-08-24 16:57 . 2012-10-10 09:49 172544 ----a-w- c:\windows\SysWow64\wintrust.dll

2012-08-22 18:12 . 2012-09-12 09:19 950128 ----a-w- c:\windows\system32\drivers\ndis.sys

2012-08-22 18:12 . 2012-09-12 09:19 376688 ----a-w- c:\windows\system32\drivers\netio.sys

2012-08-22 18:12 . 2012-09-12 09:19 288624 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS

2012-08-21 21:01 . 2012-09-26 17:32 245760 ----a-w- c:\windows\system32\OxpsConverter.exe

2012-08-20 18:48 . 2012-10-10 09:49 243200 ----a-w- c:\windows\system32\wow64.dll

2012-08-20 18:48 . 2012-10-10 09:49 362496 ----a-w- c:\windows\system32\wow64win.dll

2012-08-20 18:48 . 2012-10-10 09:49 13312 ----a-w- c:\windows\system32\wow64cpu.dll

2012-08-20 18:48 . 2012-10-10 09:50 215040 ----a-w- c:\windows\system32\winsrv.dll

2012-08-20 18:48 . 2012-10-10 09:49 16384 ----a-w- c:\windows\system32\ntvdm64.dll

2012-08-20 18:48 . 2012-10-10 09:50 424448 ----a-w- c:\windows\system32\KernelBase.dll

2012-08-20 18:48 . 2012-10-10 09:50 1162240 ----a-w- c:\windows\system32\kernel32.dll

2012-08-20 18:46 . 2012-10-10 09:50 338432 ----a-w- c:\windows\system32\conhost.exe

2012-08-20 18:38 . 2012-10-10 09:49 4608 ---ha-w- c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll

2012-08-20 18:38 . 2012-10-10 09:49 4608 ---ha-w- c:\windows\system32\api-ms-win-core-processthreads-l1-1-0.dll

2012-08-20 18:38 . 2012-10-10 09:49 4096 ---ha-w- c:\windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll

2012-08-20 18:38 . 2012-10-10 09:49 3584 ---ha-w- c:\windows\system32\api-ms-win-core-memory-l1-1-0.dll

2012-08-20 18:38 . 2012-10-10 09:49 3072 ---ha-w- c:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll

2012-08-20 18:38 . 2012-10-10 09:49 4096 ---ha-w- c:\windows\system32\api-ms-win-core-synch-l1-1-0.dll

2012-08-20 18:38 . 2012-10-10 09:49 4096 ---ha-w- c:\windows\system32\api-ms-win-core-localregistry-l1-1-0.dll

2012-08-20 18:38 . 2012-10-10 09:49 3584 ---ha-w- c:\windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll

2012-08-20 18:38 . 2012-10-10 09:49 3584 ---ha-w- c:\windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll

2012-08-20 18:38 . 2012-10-10 09:49 3584 ---ha-w- c:\windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll

2012-08-20 18:38 . 2012-10-10 09:49 3584 ---ha-w- c:\windows\system32\api-ms-win-core-misc-l1-1-0.dll

2012-08-20 18:38 . 2012-10-10 09:49 3072 ---ha-w- c:\windows\system32\api-ms-win-core-util-l1-1-0.dll

2012-08-20 18:38 . 2012-10-10 09:49 3072 ---ha-w- c:\windows\system32\api-ms-win-core-string-l1-1-0.dll

2012-08-20 18:38 . 2012-10-10 09:49 3072 ---ha-w- c:\windows\system32\api-ms-win-core-profile-l1-1-0.dll

2012-08-20 18:38 . 2012-10-10 09:49 3584 ---ha-w- c:\windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll

2012-08-20 18:38 . 2012-10-10 09:49 6144 ---ha-w- c:\windows\system32\api-ms-win-security-base-l1-1-0.dll

2012-08-20 18:38 . 2012-10-10 09:49 4096 ---ha-w- c:\windows\system32\api-ms-win-core-localization-l1-1-0.dll

2012-08-20 18:38 . 2012-10-10 09:49 3584 ---ha-w- c:\windows\system32\api-ms-win-core-heap-l1-1-0.dll

2012-08-20 18:38 . 2012-10-10 09:49 5120 ---ha-w- c:\windows\system32\api-ms-win-core-file-l1-1-0.dll

2012-08-20 18:38 . 2012-10-10 09:49 3072 ---ha-w- c:\windows\system32\api-ms-win-core-io-l1-1-0.dll

2012-08-20 18:38 . 2012-10-10 09:49 3072 ---ha-w- c:\windows\system32\api-ms-win-core-interlocked-l1-1-0.dll

2012-08-20 18:38 . 2012-10-10 09:49 3072 ---ha-w- c:\windows\system32\api-ms-win-core-handle-l1-1-0.dll

2012-08-20 18:38 . 2012-10-10 09:49 3072 ---ha-w- c:\windows\system32\api-ms-win-core-fibers-l1-1-0.dll

2012-08-20 18:38 . 2012-10-10 09:49 3072 ---ha-w- c:\windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll

2012-08-20 18:38 . 2012-10-10 09:49 3072 ---ha-w- c:\windows\system32\api-ms-win-core-delayload-l1-1-0.dll

2012-08-20 18:38 . 2012-10-10 09:49 3072 ---ha-w- c:\windows\system32\api-ms-win-core-debug-l1-1-0.dll

2012-08-20 18:38 . 2012-10-10 09:49 3072 ---ha-w- c:\windows\system32\api-ms-win-core-datetime-l1-1-0.dll

2012-08-20 18:38 . 2012-10-10 09:49 3072 ---ha-w- c:\windows\system32\api-ms-win-core-console-l1-1-0.dll

2012-08-20 17:40 . 2012-10-10 09:49 14336 ----a-w- c:\windows\SysWow64\ntvdm64.dll

2012-08-20 17:38 . 2012-10-10 09:49 44032 ----a-w- c:\windows\apppatch\acwow64.dll

2012-08-20 17:38 . 2012-10-10 09:49 25600 ----a-w- c:\windows\SysWow64\setup16.exe

2012-08-20 17:37 . 2012-10-10 09:49 5120 ----a-w- c:\windows\SysWow64\wow32.dll

2012-08-20 17:37 . 2012-10-10 09:50 274944 ----a-w- c:\windows\SysWow64\KernelBase.dll

2012-08-20 17:32 . 2012-10-10 09:49 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll

2012-08-20 17:32 . 2012-10-10 09:49 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll

2012-08-20 17:32 . 2012-10-10 09:49 4608 ---ha-w- c:\windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll

2012-08-20 17:32 . 2012-10-10 09:49 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll

2012-08-20 17:32 . 2012-10-10 09:49 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll

2012-08-20 17:32 . 2012-10-10 09:49 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll

2012-08-20 17:32 . 2012-10-10 09:49 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll

2012-08-20 17:32 . 2012-10-10 09:49 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-string-l1-1-0.dll

2012-08-20 17:32 . 2012-10-10 09:49 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll

2012-08-20 17:32 . 2012-10-10 09:49 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll

2012-08-20 17:32 . 2012-10-10 09:49 5120 ---ha-w- c:\windows\SysWow64\api-ms-win-core-file-l1-1-0.dll

2012-08-20 17:32 . 2012-10-10 09:49 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll

2012-08-20 17:32 . 2012-10-10 09:49 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll

2012-08-20 17:32 . 2012-10-10 09:49 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll

2012-08-20 17:32 . 2012-10-10 09:49 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll

2012-08-20 17:32 . 2012-10-10 09:49 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-io-l1-1-0.dll

2012-08-20 17:32 . 2012-10-10 09:49 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll

2012-08-20 17:32 . 2012-10-10 09:49 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll

2012-08-20 17:32 . 2012-10-10 09:49 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll

2012-08-20 17:32 . 2012-10-10 09:49 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll

2012-08-20 17:32 . 2012-10-10 09:49 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll

2012-08-20 17:32 . 2012-10-10 09:49 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll

2012-08-20 17:32 . 2012-10-10 09:49 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll

2012-08-20 17:32 . 2012-10-10 09:49 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-console-l1-1-0.dll

2012-08-20 15:38 . 2012-10-10 09:49 7680 ----a-w- c:\windows\SysWow64\instnm.exe

2012-08-20 15:38 . 2012-10-10 09:49 2048 ----a-w- c:\windows\SysWow64\user.exe

2012-08-20 15:33 . 2012-10-10 09:49 6144 ---ha-w- c:\windows\SysWow64\api-ms-win-security-base-l1-1-0.dll

2012-08-20 15:33 . 2012-10-10 09:49 4608 ---ha-w- c:\windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll

2012-08-20 15:33 . 2012-10-10 09:49 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll

2012-08-20 15:33 . 2012-10-10 09:49 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-util-l1-1-0.dll

.

Airco · 19 november 2012

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))

.

*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

REGEDIT4

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]

@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]

2012-02-15 00:32 94208 ----a-w- c:\users\Anna\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]

@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]

2012-02-15 00:32 94208 ----a-w- c:\users\Anna\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]

@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]

2012-02-15 00:32 94208 ----a-w- c:\users\Anna\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

.

c:\users\Anna\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

Dropbox.lnk - c:\users\Anna\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-5-24 27112840]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]

"LoadAppInit_DLLs"=1 (0x1)

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

@="Service"

.

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-13 160944]

R3 L1C;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20);c:\windows\system32\DRIVERS\L1C62x64.sys [2009-06-10 57344]

R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [2011-05-02 340240]

R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2012-08-30 128456]

R3 NisSrv;Microsoft Netwerkinspectie;c:\program files\Microsoft Security Client\NisSrv.exe [2012-09-12 368896]

R3 RSUSBVSTOR;RtsUVStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RTSUVSTOR.sys [2010-08-03 290920]

R3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;c:\windows\system32\DRIVERS\SiSG664.sys [2009-06-10 56832]

R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]

R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-20 31232]

R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-02-15 52736]

R3 WatAdminSvc;Windows Activation Technologies-service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-09-12 1255736]

R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]

S0 AVGIDSHA;AVGIDSHA;c:\windows\system32\DRIVERS\avgidsha.sys [2012-10-15 63328]

S0 Avgloga;AVG Logging Driver;c:\windows\system32\DRIVERS\avgloga.sys [2012-09-21 225120]

S0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys [2012-10-05 111456]

S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys [2012-09-14 40800]

S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys [2011-05-10 25960]

S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2011-11-03 56208]

S1 ATKWMIACPIIO;ATKWMIACPI Driver;c:\program files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys [2010-07-26 17024]

S1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdrivera.sys [2012-10-22 154464]

S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys [2012-10-02 185696]

S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys [2012-09-21 200032]

S2 AFBAgent;AFBAgent;c:\windows\system32\FBAgent.exe [2011-03-03 379520]

S2 ASMMAP64;ASMMAP64;c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [2009-07-03 15416]

S2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2013\avgidsagent.exe [2012-11-06 5814392]

S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2013\avgwdsvc.exe [2012-10-22 196664]

S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624]

S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-09-29 399432]

S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-09-29 676936]

S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776]

S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys [2010-04-16 13832]

S2 TurboBoost;Intel® Turbo Boost Technology Monitor;c:\program files\Intel\TurboBoost\TurboBoost.exe [2010-04-16 134928]

S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys [2012-10-18 142632]

S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-10-14 317440]

S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-09-29 25928]

S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-01-13 413800]

S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2011-10-01 764264]

S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2011-10-01 268648]

S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2011-10-01 25960]

S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2011-10-01 22376]

S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496]

.

--- Andere Services/Drivers In Geheugen ---

.

*NewlyCreated* - WS2IFSL

.

Inhoud van de 'Gedeelde Taken' map

.

2012-11-18 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-04-13 02:33]

.

2012-11-18 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-04-13 02:33]

.

--------- X64 Entries -----------

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_B]

@="{6D4133E5-0742-4ADC-8A8C-9303440F7190}"

[HKEY_CLASSES_ROOT\CLSID\{6D4133E5-0742-4ADC-8A8C-9303440F7190}]

2010-09-02 08:41 220160 ----a-w- c:\program files (x86)\ASUS\ASUS WebStorage\3.0.84.161\AsusWSShellExt64.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_O]

@="{64174815-8D98-4CE6-8646-4C039977D808}"

[HKEY_CLASSES_ROOT\CLSID\{64174815-8D98-4CE6-8646-4C039977D808}]

2010-09-02 08:41 220160 ----a-w- c:\program files (x86)\ASUS\ASUS WebStorage\3.0.84.161\AsusWSShellExt64.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]

@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]

2012-02-15 00:32 97792 ----a-w- c:\users\Anna\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]

@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]

2012-02-15 00:32 97792 ----a-w- c:\users\Anna\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]

@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]

2012-02-15 00:32 97792 ----a-w- c:\users\Anna\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]

@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]

2012-02-15 00:32 97792 ----a-w- c:\users\Anna\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-09-12 1289704]

"Logitech Download Assistant"="c:\windows\System32\LogiLDA.dll" [2012-09-20 1832760]

"combofix"="c:\combofix\CF11436.3XE" [2010-11-20 345088]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"AppInit_DLLs"=c:\windows\System32\nvinitx.dll

.

------- Bijkomende Scan -------

.

uLocal Page = c:\windows\system32\blank.htm

uStart Page = hxxp://asus.msn.com

mStart Page = hxxp://asus.msn.com

mLocal Page = c:\windows\SysWOW64\blank.htm

uInternet Settings,ProxyOverride = *.local

IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000

IE: Se&nd to OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105

TCP: DhcpNameServer = 192.168.1.1

FF - ProfilePath - c:\users\Anna\AppData\Roaming\Mozilla\Firefox\Profiles\qxzi4cfm.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.google.nl/|https://blackboard.tudelft.nl/webapps/portal/frameset.jsp

FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=937811&p=

FF - ExtSQL: 2012-10-18 16:35; thepiratebay@mafiaafire.com; c:\users\Anna\AppData\Roaming\Mozilla\Firefox\Profiles\qxzi4cfm.default\extensions\thepiratebay@mafiaafire.com.xpi

FF - ExtSQL: 2012-10-27 17:56; 508c0294eb89a@508c0294eb8d3.com; c:\users\Anna\AppData\Roaming\Mozilla\Firefox\Profiles\qxzi4cfm.default\extensions\508c0294eb89a@508c0294eb8d3.com

.

- - - - ORPHANS VERWIJDERD - - - -

.

Toolbar-Locked - (no file)

WebBrowser-{87775FDB-6972-41F9-AE51-8326E38CB206} - (no file)

HKLM-Run-ETDCtrl - c:\program files (x86)\Elantech\ETDCtrl.exe

AddRemove-Optimizer Pro_is1 - c:\program files (x86)\Optimizer Pro\unins000.exe

AddRemove-SP_a6a8650b - c:\program files (x86)\WxDFast\uninstall.exe

AddRemove-{088DF54D-6FFC-8C91-02D5-A461DCC2E652} - c:\programdata\wxDownload\uninstall.exe

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\.NET CLR Data]

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\.NET CLR Networking]

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\.NET CLR Networking 4.0.0.0]

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\.NET Data Provider for Oracle]

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\.NET Data Provider for SqlServer]

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\.NETFramework]

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\1394ohci]

"ImagePath"="\SystemRoot\system32\drivers\1394ohci.sys"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\ACPI]

"ImagePath"="system32\drivers\ACPI.sys"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\AcpiPmi]

"ImagePath"="\SystemRoot\system32\drivers\acpipmi.sys"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\AdobeARMservice]

"ImagePath"="\"c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe\""

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\adp94xx]

"ImagePath"="\SystemRoot\system32\drivers\adp94xx.sys"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\adpahci]

"ImagePath"="\SystemRoot\system32\drivers\adpahci.sys"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\adpu320]

"ImagePath"="\SystemRoot\system32\drivers\adpu320.sys"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\adsi]

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\AeLookupSvc]

"ServiceDll"="%SystemRoot%\System32\aelupsvc.dll"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\AFBAgent]

"ImagePath"="\"c:\windows\system32\FBAgent.exe\""

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\AFD]

"ImagePath"="\SystemRoot\system32\drivers\afd.sys"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\agp440]

"ImagePath"="\SystemRoot\system32\drivers\agp440.sys"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\ALG]

"ImagePath"="%SystemRoot%\System32\alg.exe"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\aliide]

"ImagePath"="\SystemRoot\system32\drivers\aliide.sys"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\amdide]

"ImagePath"="\SystemRoot\system32\drivers\amdide.sys"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\AmdK8]

"ImagePath"="\SystemRoot\system32\drivers\amdk8.sys"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\AmdPPM]

"ImagePath"="\SystemRoot\system32\drivers\amdppm.sys"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\amdsata]

"ImagePath"="\SystemRoot\system32\drivers\amdsata.sys"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\amdsbs]

"ImagePath"="\SystemRoot\system32\drivers\amdsbs.sys"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\amdxata]

"ImagePath"="system32\drivers\amdxata.sys"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\AppID]

"ImagePath"="\SystemRoot\system32\drivers\appid.sys"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\AppIDSvc]

"ServiceDll"="%SystemRoot%\System32\appidsvc.dll"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Appinfo]

"ServiceDll"="%SystemRoot%\System32\appinfo.dll"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Apple Mobile Device]

"ImagePath"="\"c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe\""

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\AppMgmt]

"ServiceDll"="%SystemRoot%\System32\appmgmts.dll"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\arc]

"ImagePath"="\SystemRoot\system32\drivers\arc.sys"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\arcsas]

"ImagePath"="\SystemRoot\system32\drivers\arcsas.sys"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\ASLDRService]

"ImagePath"="c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\ASMMAP64]

"ImagePath"="\??\c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\AsyncMac]

"ImagePath"="system32\DRIVERS\asyncmac.sys"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\atapi]

"ImagePath"="system32\drivers\atapi.sys"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\athr]

"ImagePath"="system32\DRIVERS\athrx.sys"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\ATKGFNEXSrv]

"ImagePath"="c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\ATKWMIACPIIO]

"ImagePath"="\??\c:\program files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\AudioEndpointBuilder]

"ServiceDll"="%SystemRoot%\System32\Audiosrv.dll"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\AudioSrv]

"ServiceDll"="%SystemRoot%\System32\Audiosrv.dll"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Avg]

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\AVGIDSAgent]

"ImagePath"="\"c:\program files (x86)\AVG\AVG2013\avgidsagent.exe\""

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\AVGIDSDriver]

"ImagePath"="system32\DRIVERS\avgidsdrivera.sys"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\AVGIDSHA]

"ImagePath"="system32\DRIVERS\avgidsha.sys"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Avgldx64]

"ImagePath"="system32\DRIVERS\avgldx64.sys"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Avgloga]

"ImagePath"="system32\DRIVERS\avgloga.sys"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Avgmfx64]

"ImagePath"="system32\DRIVERS\avgmfx64.sys"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Avgrkx64]

"ImagePath"="system32\DRIVERS\avgrkx64.sys"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Avgtdia]

"ImagePath"="system32\DRIVERS\avgtdia.sys"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\avgwd]

"ImagePath"="\"c:\program files (x86)\AVG\AVG2013\avgwdsvc.exe\""

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\AxInstSV]

"ServiceDll"="%SystemRoot%\System32\AxInstSV.dll"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\b06bdrv]

"ImagePath"="\SystemRoot\system32\drivers\bxvbda.sys"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\b57nd60a]

"ImagePath"="system32\DRIVERS\b57nd60a.sys"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\BattC]

"MofImagePath"="system32\drivers\battc.sys"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\BDESVC]

"ServiceDll"="%SystemRoot%\System32\bdesvc.dll"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Beep]

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\BFE]

"ServiceDll"="%SystemRoot%\System32\bfe.dll"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\BITS]

"ServiceDll"="%systemroot%\system32\qmgr.dll"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\blbdrive]

"ImagePath"="system32\DRIVERS\blbdrive.sys"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Bonjour Service]

"ImagePath"="\"c:\program files\Bonjour\mDNSResponder.exe\""

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\bowser]

"ImagePath"="system32\DRIVERS\bowser.sys"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\BrFiltLo]

"ImagePath"="\SystemRoot\system32\drivers\BrFiltLo.sys"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\BrFiltUp]

"ImagePath"="\SystemRoot\system32\drivers\BrFiltUp.sys"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\BridgeMP]

"ImagePath"="system32\DRIVERS\bridge.sys"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Browser]

"ServiceDll"="%SystemRoot%\System32\browser.dll"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Brserid]

"ImagePath"="\SystemRoot\System32\Drivers\Brserid.sys"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\BrSerWdm]

"ImagePath"="\SystemRoot\System32\Drivers\BrSerWdm.sys"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\BrUsbMdm]

"ImagePath"="\SystemRoot\System32\Drivers\BrUsbMdm.sys"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\BrUsbSer]

"ImagePath"="\SystemRoot\System32\Drivers\BrUsbSer.sys"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\BthEnum]

"ImagePath"="\SystemRoot\system32\drivers\BthEnum.sys"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\BTHMODEM]

"ImagePath"="\SystemRoot\system32\drivers\bthmodem.sys"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\BthPan]

"ImagePath"="system32\DRIVERS\bthpan.sys"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\BTHPORT]

"ImagePath"="\SystemRoot\System32\Drivers\BTHport.sys"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\bthserv]

"ServiceDll"="%SystemRoot%\system32\bthserv.dll"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\BTHUSB]

"ImagePath"="\SystemRoot\System32\Drivers\BTHUSB.sys"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\catchme]

"ImagePath"="\??\c:\combofix\catchme.sys"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\cdfs]

"ImagePath"="system32\DRIVERS\cdfs.sys"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\cdrom]

"ImagePath"="system32\DRIVERS\cdrom.sys"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\CertPropSvc]

"ServiceDll"="%SystemRoot%\System32\certprop.dll"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\circlass]

"ImagePath"="\SystemRoot\system32\drivers\circlass.sys"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\CLFS]

"ImagePath"="System32\CLFS.sys"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\clr_optimization_v2.0.50727_32]

"ImagePath"="%systemroot%\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\clr_optimization_v2.0.50727_64]

"ImagePath"="%systemroot%\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\clr_optimization_v4.0.30319_32]

"ImagePath"="c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\clr_optimization_v4.0.30319_64]

"ImagePath"="c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\CmBatt]

"ImagePath"="system32\DRIVERS\CmBatt.sys"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\cmdide]

"ImagePath"="\SystemRoot\system32\drivers\cmdide.sys"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\CNG]

"ImagePath"="System32\Drivers\cng.sys"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Compbatt]

"ImagePath"="system32\drivers\compbatt.sys"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\CompositeBus]

"ImagePath"="system32\DRIVERS\CompositeBus.sys"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\COMSysApp]

"ImagePath"="%SystemRoot%\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235}"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\crcdisk]

"ImagePath"="\SystemRoot\system32\drivers\crcdisk.sys"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\crypt32]

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\CryptSvc]

"ServiceDll"="%SystemRoot%\system32\cryptsvc.dll"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\cvhsvc]

"ImagePath"="\"c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE\""

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\CVirtA]

"ImagePath"="system32\DRIVERS\CVirtA64.sys"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\CVPND]

"ImagePath"="\"c:\program files (x86)\Cisco Systems\VPN Client\cvpnd.exe\""

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\CVPNDRVA]

"ImagePath"="\??\c:\windows\system32\Drivers\CVPNDRVA.sys"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\DCLocator]

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\DcomLaunch]

"ServiceDll"="%SystemRoot%\system32\rpcss.dll"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\defragsvc]

"ServiceDll"="%Systemroot%\System32\defragsvc.dll"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\DfsC]

"ImagePath"="System32\Drivers\dfsc.sys"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dhcp]

"ServiceDll"="%SystemRoot%\system32\dhcpcore.dll"

--

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\discache]

"ImagePath"="System32\drivers\discache.sys"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Disk]

"ImagePath"="system32\drivers\disk.sys"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\DNE]

"ImagePath"="system32\DRIVERS\dne64x.sys"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache]

"ServiceDll"="%SystemRoot%\System32\dnsrslvr.dll"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\dot3svc]

"ServiceDll"="%SystemRoot%\System32\dot3svc.dll"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\DPS]

"ServiceDll"="%SystemRoot%\system32\dps.dll"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\drmkaud]

"ImagePath"="system32\drivers\drmkaud.sys"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\DXGKrnl]

"ImagePath"="\SystemRoot\System32\drivers\dxgkrnl.sys"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\EapHost]

"ServiceDll"="%SystemRoot%\System32\eapsvc.dll"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\ebdrv]

"ImagePath"="\SystemRoot\system32\drivers\evbda.sys"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\EFS]

"ImagePath"="%SystemRoot%\System32\lsass.exe"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\ehRecvr]

"ImagePath"="%systemroot%\ehome\ehRecvr.exe"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\ehSched]

"ImagePath"="%systemroot%\ehome\ehsched.exe"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Elantech]

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\elxstor]

"ImagePath"="\SystemRoot\system32\drivers\elxstor.sys"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\ErrDev]

"ImagePath"="\SystemRoot\system32\drivers\errdev.sys"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\ESENT]

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\ETD]

"ImagePath"="system32\DRIVERS\ETD.sys"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\eventlog]

"ServiceDll"="%SystemRoot%\System32\wevtsvc.dll"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\EventSystem]

"ServiceDll"="%systemroot%\system32\es.dll"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\EvtEng]

"ImagePath"="c:\program files\Intel\WiFi\bin\EvtEng.exe"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\exfat]

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\fastfat]

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Fax]

"ImagePath"="%systemroot%\system32\fxssvc.exe"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\fdc]

"ImagePath"="\SystemRoot\system32\drivers\fdc.sys"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\fdPHost]

"ServiceDll"="%SystemRoot%\system32\fdPHost.dll"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\FDResPub]

"ServiceDll"="%SystemRoot%\system32\fdrespub.dll"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\FileInfo]

"ImagePath"="system32\drivers\fileinfo.sys"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Filetrace]

"ImagePath"="system32\drivers\filetrace.sys"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\flpydisk]

"ImagePath"="\SystemRoot\system32\drivers\flpydisk.sys"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\FltMgr]

"ImagePath"="system32\drivers\fltmgr.sys"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\FontCache]

"ServiceDll"="%SystemRoot%\system32\FntCache.dll"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\FontCache3.0.0.0]

"ImagePath"="%systemroot%\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\FsDepends]

"ImagePath"="System32\drivers\FsDepends.sys"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\fssfltr]

"ImagePath"="system32\DRIVERS\fssfltr.sys"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\fsssvc]

"ImagePath"="\"c:\program files (x86)\Windows Live\Family Safety\fsssvc.exe\""

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Fs_Rec]

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\fvevol]

"ImagePath"="System32\DRIVERS\fvevol.sys"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\gagp30kx]

"ImagePath"="\SystemRoot\system32\drivers\gagp30kx.sys"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\GEARAspiWDM]

"ImagePath"="system32\DRIVERS\GEARAspiWDM.sys"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\gpsvc]

"ServiceDll"="%SystemRoot%\System32\gpsvc.dll"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\gupdate]

"ImagePath"="\"c:\program files (x86)\Google\Update\GoogleUpdate.exe\" /svc"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\gupdatem]

"ImagePath"="\"c:\program files (x86)\Google\Update\GoogleUpdate.exe\" /medsvc"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\hcw85cir]

"ImagePath"="\SystemRoot\system32\drivers\hcw85cir.sys"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\HdAudAddService]

"ImagePath"="system32\drivers\HdAudio.sys"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\HDAudBus]

"ImagePath"="system32\DRIVERS\HDAudBus.sys"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\HidBatt]

"ImagePath"="\SystemRoot\system32\drivers\HidBatt.sys"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\HidBth]

"ImagePath"="\SystemRoot\system32\drivers\hidbth.sys"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\HidIr]

"ImagePath"="\SystemRoot\system32\drivers\hidir.sys"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\hidserv]

"ServiceDll"="%SystemRoot%\System32\hidserv.dll"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\HidUsb]

"ImagePath"="system32\DRIVERS\hidusb.sys"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\hkmsvc]

"ServiceDLL"="%SystemRoot%\system32\kmsvc.dll"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\HomeGroupListener]

"ServiceDll"="%SystemRoot%\system32\ListSvc.dll"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\HomeGroupProvider]

"ServiceDll"="%SystemRoot%\system32\provsvc.dll"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\HpSAMD]

"ImagePath"="\SystemRoot\system32\drivers\HpSAMD.sys"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\HTTP]

"ImagePath"="system32\drivers\HTTP.sys"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\hwpolicy]

"ImagePath"="System32\drivers\hwpolicy.sys"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\i8042prt]

"ImagePath"="system32\DRIVERS\i8042prt.sys"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\ialm]

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\iaStor]

"ImagePath"="system32\DRIVERS\iaStor.sys"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\iaStorV]

"ImagePath"="\SystemRoot\system32\drivers\iaStorV.sys"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\idsvc]

"ImagePath"="\"%systemroot%\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe\""

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\igfx]

"ImagePath"="system32\DRIVERS\igdkmd64.sys"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\iirsp]

"ImagePath"="\SystemRoot\system32\drivers\iirsp.sys"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\IKEEXT]

"ServiceDll"="%SystemRoot%\System32\ikeext.dll"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\inetaccs]

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\IntcAzAudAddService]

"ImagePath"="system32\drivers\RTKVHD64.sys"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\IntcDAud]

"ImagePath"="system32\DRIVERS\IntcDAud.sys"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\intelide]

"ImagePath"="\SystemRoot\system32\drivers\intelide.sys"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\intelppm]

"ImagePath"="system32\DRIVERS\intelppm.sys"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\IPBusEnum]

"ServiceDll"="%SystemRoot%\system32\ipbusenum.dll"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\IpFilterDriver]

"ImagePath"="system32\DRIVERS\ipfltdrv.sys"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\iphlpsvc]

"ServiceDll"="%SystemRoot%\System32\iphlpsvc.dll"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\IPMIDRV]

"ImagePath"="\SystemRoot\system32\drivers\IPMIDrv.sys"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\IPNAT]

"ImagePath"="System32\drivers\ipnat.sys"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\iPod Service]

"ImagePath"="\"c:\program files\iPod\bin\iPodService.exe\""

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\IRENUM]

"ImagePath"="system32\drivers\irenum.sys"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\isapnp]

"ImagePath"="\SystemRoot\system32\drivers\isapnp.sys"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\iScsiPrt]

"ImagePath"="\SystemRoot\system32\drivers\msiscsi.sys"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\kbdclass]

"ImagePath"="system32\DRIVERS\kbdclass.sys"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\kbdhid]

"ImagePath"="system32\DRIVERS\kbdhid.sys"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\kbfiltr]

"ImagePath"="system32\DRIVERS\kbfiltr.sys"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\KeyIso]

"ImagePath"="%SystemRoot%\system32\lsass.exe"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\KSecDD]

"ImagePath"="System32\Drivers\ksecdd.sys"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\KSecPkg]

"ImagePath"="System32\Drivers\ksecpkg.sys"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\ksthunk]

"ImagePath"="\SystemRoot\system32\drivers\ksthunk.sys"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\KtmRm]

"ServiceDll"="%systemroot%\system32\msdtckrm.dll"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\L1C]

"ImagePath"="system32\DRIVERS\L1C62x64.sys"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\LanmanServer]

"ServiceDll"="%SystemRoot%\System32\srvsvc.dll"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\LanmanWorkstation]

"ServiceDll"="%SystemRoot%\System32\wkssvc.dll"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\ldap]

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\lltdio]

"ImagePath"="system32\DRIVERS\lltdio.sys"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\lltdsvc]

"ServiceDll"="%SystemRoot%\System32\lltdsvc.dll"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\lmhosts]

"ServiceDll"="%SystemRoot%\System32\lmhsvc.dll"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Lsa]

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\LSI_FC]

"ImagePath"="\SystemRoot\system32\drivers\lsi_fc.sys"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\LSI_SAS]

"ImagePath"="\SystemRoot\system32\drivers\lsi_sas.sys"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\LSI_SAS2]

"ImagePath"="\SystemRoot\system32\drivers\lsi_sas2.sys"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\LSI_SCSI]

"ImagePath"="\SystemRoot\system32\drivers\lsi_scsi.sys"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\luafv]

"ImagePath"="\SystemRoot\system32\drivers\luafv.sys"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\MAV Client PerfMon Provider]

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\MBAMProtector]

"ImagePath"="\??\c:\windows\system32\drivers\mbam.sys"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\MBAMScheduler]

"ImagePath"="\"c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe\""

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\MBAMService]

"ImagePath"="\"c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe\""

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Mcx2Svc]

"ServiceDll"="%SystemRoot%\system32\Mcx2Svc.dll"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\megasas]

"ImagePath"="\SystemRoot\system32\drivers\megasas.sys"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\MegaSR]

"ImagePath"="\SystemRoot\system32\drivers\MegaSR.sys"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\MEIx64]

"ImagePath"="system32\DRIVERS\HECIx64.sys"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Microsoft SharePoint Workspace Audit Service]

"ImagePath"="\"c:\program files (x86)\Microsoft Office\Office14\GROOVE.EXE\" /auditservice"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\MMCSS]

"ServiceDll"="%SystemRoot%\system32\mmcss.dll"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Modem]

"ImagePath"="system32\drivers\modem.sys"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\monitor]

"ImagePath"="system32\DRIVERS\monitor.sys"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\mouclass]

"ImagePath"="system32\DRIVERS\mouclass.sys"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\mouhid]

"ImagePath"="system32\DRIVERS\mouhid.sys"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\mountmgr]

"ImagePath"="System32\drivers\mountmgr.sys"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\MozillaMaintenance]

"ImagePath"="c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\MpFilter]

"ImagePath"="system32\DRIVERS\MpFilter.sys"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\mpio]

"ImagePath"="\SystemRoot\system32\drivers\mpio.sys"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\mpsdrv]

Airco · 19 november 2012

"ImagePath"="System32\drivers\mpsdrv.sys"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\MpsSvc]

"ServiceDll"="%SystemRoot%\system32\mpssvc.dll"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\MRxDAV]

"ImagePath"="\SystemRoot\system32\drivers\mrxdav.sys"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\mrxsmb]

"ImagePath"="system32\DRIVERS\mrxsmb.sys"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\mrxsmb10]

"ImagePath"="system32\DRIVERS\mrxsmb10.sys"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\mrxsmb20]

"ImagePath"="system32\DRIVERS\mrxsmb20.sys"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\msahci]

"ImagePath"="system32\drivers\msahci.sys"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\msdsm]

"ImagePath"="\SystemRoot\system32\drivers\msdsm.sys"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\MSDTC]

"ImagePath"="%SystemRoot%\System32\msdtc.exe"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\MSDTC Bridge 3.0.0.0]

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\MSDTC Bridge 4.0.0.0]

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Msfs]

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\mshidkmdf]

"ImagePath"="\SystemRoot\System32\drivers\mshidkmdf.sys"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\msisadrv]

"ImagePath"="system32\drivers\msisadrv.sys"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\MSiSCSI]

"ServiceDll"="%systemroot%\system32\iscsiexe.dll"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\msiserver]

"ImagePath"="%systemroot%\system32\msiexec.exe /V"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\MSKSSRV]

"ImagePath"="system32\drivers\MSKSSRV.sys"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\MsMpSvc]

"ImagePath"="\"c:\program files\Microsoft Security Client\MsMpEng.exe\""

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\MSPCLOCK]

"ImagePath"="system32\drivers\MSPCLOCK.sys"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\MSPQM]

"ImagePath"="system32\drivers\MSPQM.sys"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\MsRPC]

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\MSSCNTRS]

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\mssmbios]

"ImagePath"="system32\DRIVERS\mssmbios.sys"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\MSTEE]

"ImagePath"="system32\drivers\MSTEE.sys"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\MTConfig]

"ImagePath"="\SystemRoot\system32\drivers\MTConfig.sys"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Mup]

"ImagePath"="System32\Drivers\mup.sys"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\MyWiFiDHCPDNS]

"ImagePath"="c:\program files\Intel\WiFi\bin\PanDhcpDns.exe"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\napagent]

"ServiceDLL"="%SystemRoot%\system32\qagentRT.dll"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NativeWifiP]

"ImagePath"="system32\DRIVERS\nwifi.sys"

- - - Updated - - -

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NDIS]

"ImagePath"="system32\drivers\ndis.sys"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NdisCap]

"ImagePath"="system32\DRIVERS\ndiscap.sys"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NdisTapi]

"ImagePath"="system32\DRIVERS\ndistapi.sys"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Ndisuio]

"ImagePath"="system32\DRIVERS\ndisuio.sys"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NdisWan]

"ImagePath"="system32\DRIVERS\ndiswan.sys"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NDProxy]

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NetBIOS]

"ImagePath"="system32\DRIVERS\netbios.sys"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NetBT]

"ImagePath"="System32\DRIVERS\netbt.sys"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Netlogon]

"ImagePath"="%SystemRoot%\system32\lsass.exe"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Netman]

"ServiceDll"="%SystemRoot%\System32\netman.dll"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\netprofm]

"ServiceDll"="%SystemRoot%\System32\netprofm.dll"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NetTcpPortSharing]

"ImagePath"="\"%systemroot%\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe\""

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NETwNs64]

"ImagePath"="system32\DRIVERS\NETwNs64.sys"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\nfrd960]

"ImagePath"="\SystemRoot\system32\drivers\nfrd960.sys"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NisDrv]

"ImagePath"="system32\DRIVERS\NisDrvWFP.sys"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NisSrv]

"ImagePath"="\"c:\program files\Microsoft Security Client\NisSrv.exe\""

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NlaSvc]

"ServiceDll"="%SystemRoot%\System32\nlasvc.dll"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Npfs]

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\nsi]

"ServiceDll"="%systemroot%\system32\nsisvc.dll"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\nsiproxy]

"ImagePath"="system32\drivers\nsiproxy.sys"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NTDS]

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Ntfs]

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Null]

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\nvlddmkm]

"ImagePath"="system32\DRIVERS\nvlddmkm.sys"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\nvpciflt]

"ImagePath"="system32\DRIVERS\nvpciflt.sys"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\nvraid]

"ImagePath"="\SystemRoot\system32\drivers\nvraid.sys"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\nvstor]

"ImagePath"="\SystemRoot\system32\drivers\nvstor.sys"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NVSvc]

"ImagePath"="%SystemRoot%\system32\nvvsvc.exe"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\nvUpdatusService]

"ImagePath"="c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\nv_agp]

"ImagePath"="\SystemRoot\system32\drivers\nv_agp.sys"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\ohci1394]

"ImagePath"="\SystemRoot\system32\drivers\ohci1394.sys"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\ose]

"ImagePath"="\"c:\program files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE\""

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\osppsvc]

"ImagePath"="\"c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE\""

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Outlook]

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\p2pimsvc]

"ServiceDll"="%SystemRoot%\system32\pnrpsvc.dll"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\p2psvc]

"ServiceDll"="%SystemRoot%\system32\p2psvc.dll"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Parport]

"ImagePath"="\SystemRoot\system32\drivers\parport.sys"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\partmgr]

"ImagePath"="System32\drivers\partmgr.sys"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PcaSvc]

"ServiceDll"="%SystemRoot%\System32\pcasvc.dll"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\pci]

"ImagePath"="system32\drivers\pci.sys"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\pciide]

"ImagePath"="system32\drivers\pciide.sys"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\pcmcia]

"ImagePath"="\SystemRoot\system32\drivers\pcmcia.sys"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\pcw]

"ImagePath"="System32\drivers\pcw.sys"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PEAUTH]

"ImagePath"="system32\drivers\peauth.sys"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PerfDisk]

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PerfHost]

"ImagePath"="%SystemRoot%\SysWow64\perfhost.exe"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PerfNet]

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PerfOS]

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PerfProc]

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Perf_iCrcPerfMonMgr]

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\pla]

"ServiceDll"="%systemroot%\system32\pla.dll"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PlugPlay]

"ServiceDll"="%SystemRoot%\system32\umpnpmgr.dll"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PNRPAutoReg]

"ServiceDll"="%SystemRoot%\system32\pnrpauto.dll"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PNRPsvc]

"ServiceDll"="%SystemRoot%\system32\pnrpsvc.dll"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PolicyAgent]

"ServiceDll"="%SystemRoot%\System32\ipsecsvc.dll"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PortProxy]

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Power]

"ServiceDll"="%SystemRoot%\system32\umpo.dll"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PptpMiniport]

"ImagePath"="system32\DRIVERS\raspptp.sys"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Processor]

"ImagePath"="\SystemRoot\system32\drivers\processr.sys"

- - - Updated - - -

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\ProfSvc]

"ServiceDll"="%systemroot%\system32\profsvc.dll"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\ProtectedStorage]

"ImagePath"="%SystemRoot%\system32\lsass.exe"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Psched]

"ImagePath"="system32\DRIVERS\pacer.sys"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PxHlpa64]

"ImagePath"="System32\Drivers\PxHlpa64.sys"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\ql2300]

"ImagePath"="\SystemRoot\system32\drivers\ql2300.sys"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\ql40xx]

"ImagePath"="\SystemRoot\system32\drivers\ql40xx.sys"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\QWAVE]

"ServiceDll"="%windir%\system32\qwave.dll"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\QWAVEdrv]

"ImagePath"="\SystemRoot\system32\drivers\qwavedrv.sys"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\RasAcd]

"ImagePath"="System32\DRIVERS\rasacd.sys"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\RasAgileVpn]

"ImagePath"="system32\DRIVERS\AgileVpn.sys"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\RasAuto]

"ServiceDll"="%SystemRoot%\System32\rasauto.dll"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Rasl2tp]

"ImagePath"="system32\DRIVERS\rasl2tp.sys"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\RasMan]

"ServiceDll"="%SystemRoot%\System32\rasmans.dll"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\RasPppoe]

"ImagePath"="system32\DRIVERS\raspppoe.sys"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\RasSstp]

"ImagePath"="system32\DRIVERS\rassstp.sys"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\rdbss]

"ImagePath"="system32\DRIVERS\rdbss.sys"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\rdpbus]

"ImagePath"="\SystemRoot\system32\drivers\rdpbus.sys"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\RDPCDD]

"ImagePath"="System32\DRIVERS\RDPCDD.sys"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\RDPDD]

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\RDPENCDD]

"ImagePath"="system32\drivers\rdpencdd.sys"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\RDPNP]

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\RDPREFMP]

"ImagePath"="system32\drivers\rdprefmp.sys"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\RDPWD]

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\rdyboost]

"ImagePath"="System32\drivers\rdyboost.sys"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\RegSrvc]

"ImagePath"="c:\program files\Common Files\Intel\WirelessCommon\RegSrvc.exe"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\RemoteAccess]

"ServiceDLL"="%SystemRoot%\System32\mprdim.dll"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\RemoteRegistry]

"ServiceDll"="%SystemRoot%\system32\regsvc.dll"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\RFCOMM]

"ImagePath"="system32\DRIVERS\rfcomm.sys"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\RpcEptMapper]

"ServiceDll"="%SystemRoot%\System32\RpcEpMap.dll"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\RpcLocator]

"ImagePath"="%SystemRoot%\system32\locator.exe"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\RpcSs]

"ServiceDll"="%SystemRoot%\system32\rpcss.dll"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\rspndr]

"ImagePath"="system32\DRIVERS\rspndr.sys"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\RSUSBVSTOR]

"ImagePath"="System32\Drivers\RTSUVSTOR.sys"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\RTL8167]

"ImagePath"="system32\DRIVERS\Rt64win7.sys"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SamSs]

"ImagePath"="%SystemRoot%\system32\lsass.exe"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\sbp2port]

"ImagePath"="\SystemRoot\system32\drivers\sbp2port.sys"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SCardSvr]

"ServiceDll"="%SystemRoot%\System32\SCardSvr.dll"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\scfilter]

"ImagePath"="System32\DRIVERS\scfilter.sys"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Schedule]

"ServiceDll"="%systemroot%\system32\schedsvc.dll"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SCPolicySvc]

"ServiceDll"="%SystemRoot%\System32\certprop.dll"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SDRSVC]

"ServiceDll"="%Systemroot%\System32\SDRSVC.dll"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\secdrv]

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\seclogon]

"ServiceDll"="%windir%\system32\seclogon.dll"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SENS]

"ServiceDll"="%SystemRoot%\system32\sens.dll"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SensrSvc]

"ServiceDll"="%SystemRoot%\system32\sensrsvc.dll"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Serenum]

"ImagePath"="\SystemRoot\system32\drivers\serenum.sys"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Serial]

"ImagePath"="\SystemRoot\system32\drivers\serial.sys"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\sermouse]

"ImagePath"="\SystemRoot\system32\drivers\sermouse.sys"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\ServiceModelEndpoint 3.0.0.0]

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\ServiceModelOperation 3.0.0.0]

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\ServiceModelService 3.0.0.0]

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SessionEnv]

"ServiceDLL"="%SystemRoot%\system32\sessenv.dll"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\sffdisk]

"ImagePath"="\SystemRoot\system32\drivers\sffdisk.sys"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\sffp_mmc]

"ImagePath"="\SystemRoot\system32\drivers\sffp_mmc.sys"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\sffp_sd]

"ImagePath"="\SystemRoot\system32\drivers\sffp_sd.sys"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\sfloppy]

"ImagePath"="\SystemRoot\system32\drivers\sfloppy.sys"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Sftfs]

"ImagePath"="system32\DRIVERS\Sftfslh.sys"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\sftlist]

"ImagePath"="\"c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe\""

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Sftplay]

"ImagePath"="system32\DRIVERS\Sftplaylh.sys"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Sftredir]

"ImagePath"="system32\DRIVERS\Sftredirlh.sys"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Sftvol]

"ImagePath"="system32\DRIVERS\Sftvollh.sys"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\sftvsa]

"ImagePath"="\"c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe\""

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SharedAccess]

"ServiceDll"="%SystemRoot%\System32\ipnathlp.dll"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\ShellHWDetection]

"ServiceDll"="%SystemRoot%\System32\shsvcs.dll"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SiSGbeLH]

"ImagePath"="system32\DRIVERS\SiSG664.sys"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SiSRaid2]

"ImagePath"="\SystemRoot\system32\drivers\SiSRaid2.sys"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SiSRaid4]

"ImagePath"="\SystemRoot\system32\drivers\sisraid4.sys"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SkypeUpdate]

"ImagePath"="\"c:\program files (x86)\Skype\Updater\Updater.exe\""

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Smb]

"ImagePath"="system32\DRIVERS\smb.sys"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SMSvcHost 3.0.0.0]

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SMSvcHost 4.0.0.0]

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SNMPTRAP]

"ImagePath"="%SystemRoot%\System32\snmptrap.exe"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\spldr]

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Spooler]

"ImagePath"="%SystemRoot%\System32\spoolsv.exe"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\sppsvc]

"ImagePath"="%SystemRoot%\system32\sppsvc.exe"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\sppuinotify]

"ServiceDll"="%SystemRoot%\system32\sppuinotify.dll"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\srv]

"ImagePath"="System32\DRIVERS\srv.sys"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\srv2]

"ImagePath"="System32\DRIVERS\srv2.sys"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\srvnet]

"ImagePath"="System32\DRIVERS\srvnet.sys"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SSDPSRV]

"ServiceDll"="%SystemRoot%\System32\ssdpsrv.dll"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SstpSvc]

"ServiceDll"="%SystemRoot%\system32\sstpsvc.dll"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\stexstor]

"ImagePath"="\SystemRoot\system32\drivers\stexstor.sys"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\stisvc]

"ServiceDll"="%SystemRoot%\System32\wiaservc.dll"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\swenum]

"ImagePath"="system32\DRIVERS\swenum.sys"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SwitchBoard]

"ImagePath"="\"c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe\""

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\swprv]

"ServiceDll"="%Systemroot%\System32\swprv.dll"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SysMain]

"ServiceDll"="%systemroot%\system32\sysmain.dll"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\TabletInputService]

"ServiceDll"="%SystemRoot%\System32\TabSvc.dll"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\TapiSrv]

"ServiceDll"="%SystemRoot%\System32\tapisrv.dll"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\TBS]

"ServiceDll"="%SystemRoot%\System32\tbssvc.dll"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Tcpip]

"ImagePath"="System32\drivers\tcpip.sys"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\TCPIP6]

"ImagePath"="system32\DRIVERS\tcpip.sys"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\TCPIP6TUNNEL]

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\tcpipreg]

"ImagePath"="System32\drivers\tcpipreg.sys"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\TCPIPTUNNEL]

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\TDPIPE]

"ImagePath"="system32\drivers\tdpipe.sys"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\TDTCP]

"ImagePath"="system32\drivers\tdtcp.sys"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\tdx]

"ImagePath"="system32\DRIVERS\tdx.sys"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\TermDD]

"ImagePath"="system32\DRIVERS\termdd.sys"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\TermService]

"ServiceDll"="%SystemRoot%\System32\termsrv.dll"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Themes]

"ServiceDll"="%SystemRoot%\system32\themeservice.dll"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\THREADORDER]

"ServiceDll"="%SystemRoot%\system32\mmcss.dll"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\TrkWks]

"ServiceDll"="%SystemRoot%\System32\trkwks.dll"

--

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\TrustedInstaller]

"ImagePath"="%SystemRoot%\servicing\TrustedInstaller.exe"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\TSDDD]

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\tssecsrv]

"ImagePath"="System32\DRIVERS\tssecsrv.sys"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\TsUsbFlt]

"ImagePath"="system32\drivers\tsusbflt.sys"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\TsUsbGD]

"ImagePath"="\SystemRoot\system32\drivers\TsUsbGD.sys"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\tunnel]

"ImagePath"="system32\DRIVERS\tunnel.sys"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\TurboB]

"ImagePath"="system32\DRIVERS\TurboB.sys"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\TurboBoost]

"ImagePath"="\"c:\program files\Intel\TurboBoost\TurboBoost.exe\""

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\uagp35]

"ImagePath"="\SystemRoot\system32\drivers\uagp35.sys"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\udfs]

"ImagePath"="system32\DRIVERS\udfs.sys"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\UGatherer]

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\UGTHRSVC]

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\UI0Detect]

"ImagePath"="%SystemRoot%\system32\UI0Detect.exe"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\uliagpkx]

"ImagePath"="\SystemRoot\system32\drivers\uliagpkx.sys"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\umbus]

"ImagePath"="system32\DRIVERS\umbus.sys"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\UmPass]

"ImagePath"="\SystemRoot\system32\drivers\umpass.sys"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\upnphost]

"ServiceDll"="%SystemRoot%\System32\upnphost.dll"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\USBAAPL64]

"ImagePath"="System32\Drivers\usbaapl64.sys"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\usbccgp]

"ImagePath"="system32\DRIVERS\usbccgp.sys"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\usbcir]

"ImagePath"="\SystemRoot\system32\drivers\usbcir.sys"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\usbehci]

"ImagePath"="\SystemRoot\system32\drivers\usbehci.sys"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\usbhub]

"ImagePath"="system32\DRIVERS\usbhub.sys"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\usbohci]

"ImagePath"="\SystemRoot\system32\drivers\usbohci.sys"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\usbprint]

"ImagePath"="system32\DRIVERS\usbprint.sys"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\usbscan]

"ImagePath"="system32\DRIVERS\usbscan.sys"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\USBSTOR]

"ImagePath"="system32\DRIVERS\USBSTOR.SYS"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\usbuhci]

"ImagePath"="\SystemRoot\system32\drivers\usbuhci.sys"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\usbvideo]

"ImagePath"="System32\Drivers\usbvideo.sys"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\UxSms]

"ServiceDll"="%SystemRoot%\System32\uxsms.dll"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VaultSvc]

"ImagePath"="%SystemRoot%\system32\lsass.exe"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\vdrvroot]

"ImagePath"="system32\drivers\vdrvroot.sys"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\vds]

"ImagePath"="%SystemRoot%\System32\vds.exe"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\vga]

"ImagePath"="system32\DRIVERS\vgapnp.sys"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VgaSave]

"ImagePath"="\SystemRoot\System32\drivers\vga.sys"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\vhdmp]

"ImagePath"="\SystemRoot\system32\drivers\vhdmp.sys"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\viaide]

"ImagePath"="\SystemRoot\system32\drivers\viaide.sys"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\volmgr]

"ImagePath"="system32\drivers\volmgr.sys"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\volmgrx]

"ImagePath"="System32\drivers\volmgrx.sys"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\volsnap]

"ImagePath"="system32\drivers\volsnap.sys"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\vsmraid]

"ImagePath"="\SystemRoot\system32\drivers\vsmraid.sys"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS]

"ImagePath"="%systemroot%\system32\vssvc.exe"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\vwifibus]

"ImagePath"="system32\DRIVERS\vwifibus.sys"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\vwififlt]

"ImagePath"="system32\DRIVERS\vwififlt.sys"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\vwifimp]

"ImagePath"="system32\DRIVERS\vwifimp.sys"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\W32Time]

"ServiceDll"="%systemroot%\system32\w32time.dll"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\W3SVC]

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WacomPen]

"ImagePath"="\SystemRoot\system32\drivers\wacompen.sys"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WANARP]

"ImagePath"="system32\DRIVERS\wanarp.sys"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Wanarpv6]

"ImagePath"="system32\DRIVERS\wanarp.sys"

- - - Updated - - -

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WatAdminSvc]

"ImagePath"="%SystemRoot%\system32\Wat\WatAdminSvc.exe"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\wbengine]

"ImagePath"="\"%systemroot%\system32\wbengine.exe\""

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WbioSrvc]

"ServiceDll"="%SystemRoot%\System32\wbiosrvc.dll"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\wcncsvc]

"ServiceDll"="%SystemRoot%\System32\wcncsvc.dll"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WcsPlugInService]

"ServiceDll"="%SystemRoot%\System32\WcsPlugInService.dll"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Wd]

"ImagePath"="\SystemRoot\system32\drivers\wd.sys"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Wdf01000]

"ImagePath"="system32\drivers\Wdf01000.sys"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WdiServiceHost]

"ServiceDll"="%SystemRoot%\system32\wdi.dll"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WdiSystemHost]

"ServiceDll"="%SystemRoot%\system32\wdi.dll"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WebClient]

"ServiceDll"="%SystemRoot%\System32\webclnt.dll"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Wecsvc]

"ServiceDll"="%SystemRoot%\system32\wecsvc.dll"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\wercplsupport]

"ServiceDll"="%SystemRoot%\System32\wercplsupport.dll"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WerSvc]

"ServiceDll"="%SystemRoot%\System32\WerSvc.dll"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WfpLwf]

"ImagePath"="system32\DRIVERS\wfplwf.sys"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WimFltr]

"ImagePath"="system32\DRIVERS\wimfltr.sys"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WIMMount]

"ImagePath"="system32\drivers\wimmount.sys"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WinDefend]

"ServiceDll"="%ProgramFiles%\Windows Defender\mpsvc.dll"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Windows Workflow Foundation 3.0.0.0]

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WinHttpAutoProxySvc]

"ServiceDll"="winhttp.dll"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Winmgmt]

"ServiceDll"="%SystemRoot%\system32\wbem\WMIsvc.dll"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WinRM]

"ServiceDll"="%SystemRoot%\system32\WsmSvc.dll"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Winsock]

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WinSock2]

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WinUsb]

"ImagePath"="system32\DRIVERS\WinUsb.sys"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Wlansvc]

"ServiceDll"="%SystemRoot%\System32\wlansvc.dll"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\wlcrasvc]

"ImagePath"="\"c:\program files\Windows Live\Mesh\wlcrasvc.exe\""

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\wlidsvc]

"ImagePath"="\"c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE\""

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WmiAcpi]

"ImagePath"="system32\DRIVERS\wmiacpi.sys"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WmiApRpl]

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\wmiApSrv]

"ImagePath"="%systemroot%\system32\wbem\WmiApSrv.exe"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WMPNetworkSvc]

"ImagePath"="\"%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe\""

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WPCSvc]

"ServiceDll"="%SystemRoot%\System32\wpcsvc.dll"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WPDBusEnum]

"ServiceDll"="%SystemRoot%\system32\wpdbusenum.dll"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\ws2ifsl]

"ImagePath"="\SystemRoot\system32\drivers\ws2ifsl.sys"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\wscsvc]

"ServiceDll"="%SYSTEMROOT%\system32\wscsvc.dll"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WSearch]

"ImagePath"="%systemroot%\system32\SearchIndexer.exe /Embedding"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WSearchIdxPi]

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\wuauserv]

"ServiceDll"="%systemroot%\system32\wuaueng.dll"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WudfPf]

"ImagePath"="system32\drivers\WudfPf.sys"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WUDFRd]

"ImagePath"="system32\DRIVERS\WUDFRd.sys"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\wudfsvc]

"ServiceDll"="%SystemRoot%\System32\WUDFSvc.dll"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WwanSvc]

"ServiceDll"="%SystemRoot%\System32\wwansvc.dll"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\xmlprov]

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\{01B4EF1E-D133-4BBB-839F-3A8B12945027}]

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\{07171AC2-0D2A-427d-BCE5-B6C2D6C7058B}]

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\{4CC19276-8ED7-4AEF-86B4-73BB57A3F47A}]

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\{A23CD58C-4EE6-43B1-A951-FE604B8F5925}]

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\{C9B8FA03-9F88-4E09-95A6-6487CE2C33FC}]

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\{F6002899-2104-4479-A3C1-4FBAB4B0585D}]

.

--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------

- - - Updated - - -

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10k.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.10"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10k.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10k.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10k.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*]

@="?????????????????? v1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*\CLSID]

@="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*]

@="?????????????????? v2"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*\CLSID]

@="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]

@Denied: (A) (Everyone)

"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]

@Denied: (A) (Everyone)

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]

"Key"="ActionsPane3"

"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

------------------------ Andere Aktieve Processen ------------------------

Airco · 19 november 2012

.

c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

c:\program files (x86)\Cisco Systems\VPN Client\cvpnd.exe

c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe

c:\program files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe

c:\program files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe

c:\program files (x86)\Lingoes\Translator2\Lingoes.exe

c:\program files (x86)\AVG\AVG2013\avgui.exe

c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe

c:\program files (x86)\ASUS\Sonic Focus\SonicFocusTray.exe

c:\program files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe

.

**************************************************************************

.

Voltooingstijd: 2012-11-18 15:32:53 - machine werd herstart

ComboFix-quarantined-files.txt 2012-11-18 14:32

.

Pre-Run: 78.159.884.288 bytes beschikbaar

Post-Run: 78.182.363.136 bytes beschikbaar

.

- - End Of File - - 0B9D31818607A03D605E687D88D87257

kape · 20 november 2012

Open een kladblokbestand.

Kopieer en plak daarin de onderstaande vetgedrukte tekst.

Folder::

c:\program files (x86)\Optimizer Pro

c:\program files (x86)\WFast

c:\programdata\wownload

c:\programdata\InstallMate

Sla dit bestand op je bureaublad op als CFScript.

Sleep CFScript.txt in ComboFix.exe

Dit zal ComboFix doen herstarten. Start opnieuw op als dat gevraagd wordt.

Post na herstart de inhoud van de Combofix.txt in je volgende bericht.

Airco · 23 november 2012

ComboFix 12-11-23.02 - Anna 23-11-2012 16:32:53.3.4 - x64

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.31.1043.18.4008.2164 [GMT 1:00]

Gestart vanuit: c:\users\Anna\Desktop\ComboFix.exe

gebruikte Opdracht switches :: c:\users\Anna\Desktop\CFScript.txt

AV: AVG Anti-Virus Free Edition 2013 *Disabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}

AV: Microsoft Security Essentials *Disabled/Updated* {B140BF4E-23BB-4198-90AB-A51A4C60A69C}

SP: AVG Anti-Virus Free Edition 2013 *Disabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}

SP: Microsoft Security Essentials *Disabled/Updated* {0A215EAA-0581-4E16-AA1B-9E6837E7EC21}

SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\program files (x86)\Optimizer Pro

c:\program files (x86)\Optimizer Pro\English.ini

c:\program files (x86)\Optimizer Pro\file_id.diz

c:\program files (x86)\Optimizer Pro\OptimizerPro.chm

c:\program files (x86)\Optimizer Pro\OptProLauncher.exe

c:\program files (x86)\Optimizer Pro\OptProSchedule.exe

c:\program files (x86)\Optimizer Pro\OptProSmartScan.exe

c:\program files (x86)\Optimizer Pro\scan.gif

c:\program files (x86)\Optimizer Pro\unins000.dat

c:\programdata\InstallMate

c:\programdata\InstallMate\CDF1A369\cfg\1.ini

c:\programdata\InstallMate\CDF1A369\cfg\2.ini

c:\programdata\InstallMate\CDF1A369\cfg\3.ini

c:\programdata\InstallMate\CDF1A369\cfg\4_1.ini

c:\programdata\InstallMate\CDF1A369\cfg\5.ini

c:\programdata\InstallMate\CDF1A369\cfg\6.ini

c:\programdata\InstallMate\CDF1A369\cfg\6_1.ini

c:\programdata\InstallMate\CDF1A369\cfg\7.ini

c:\programdata\InstallMate\CDF1A369\cfg\7_1.ini

c:\users\Anna\AppData\Local\Microsoft\Windows\Temporary Internet Files\{D67ECC41-3392-4BB4-91F6-2BCF7D162373}.xps

.

(((((((((((((((((((( Bestanden Gemaakt van 2012-10-23 to 2012-11-23 ))))))))))))))))))))))))))))))

.

2012-11-23 15:42 . 2012-11-23 15:42 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp

2012-11-23 15:42 . 2012-11-23 15:42 -------- d-----w- c:\users\Default\AppData\Local\temp

2012-11-23 13:59 . 2012-11-08 17:24 9125352 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{79B6EB69-EC4E-4A76-962A-ED31F0FF9198}\mpengine.dll

2012-11-22 12:43 . 2012-11-08 17:24 9125352 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll