Op deze website gebruiken we cookies om content en advertenties te personaliseren, om functies voor social media te bieden en om ons websiteverkeer te analyseren. Ook delen we informatie over uw gebruik van onze site met onze partners voor social media, adverteren en analyse. Deze partners kunnen deze gegevens combineren met andere informatie die u aan ze heeft verstrekt of die ze hebben verzameld op basis van uw gebruik van hun services. Meer informatie.

Akkoord

Vraag & Antwoord

Beveiliging & privacy

Virus Gedetecteerd maar geen msconfig, virusscan en regedit

Anoniem
None
30 antwoorden
  • Hallo,

    Allereerst moet ik bekennen dat ik ongelooflijk dom ben geweest om een msn bestand te openen met de extensie .pif :roll:

    Gevolg: Virus

    Het werdt meteen gevonden door mcafee en ik dacht even scannen, en dan ben ik er vanaf. Nou is het probleem dat ik mijn virusscanner niet meer kan gebruiken. Een online virusscan leverde niks op. Net als een virusscan in veilige modus (er werdt wel een geinfecteerd bestand verwijdert, maar het probleem is er nog :( ) msconfig kan ik daar ook gebruiken, maar ik weet niet wat te verwijderen.

    Verder is mijn system32 map nergens te bekennen.

    Ik heb gekeken op verdachte processen maar dat leverde weining op. lsass.exe blijkt een windows process te zijn en Lsass een virus. Ik trof het eerste aan. Verder zie ik regelmatig wmplayer.exe terwijl ik al tijden winamp gebruik om muziek af te spelen.

    Wie kan mij helpen?

    Groeten,

    Bas
  • Post even een Hijackthis log, dan kunnen de experts er naar kijken.
  • Kijk even naar het volgende topic:
    http://forum.computertotaal.nl/phpBB/viewtopic.php?t=145106

    Ik ben er bijna zeker van dat je te maken hebt met dezelfde infectie, oplossing: HijackThis installeren, computer opstarten in veilige modus, daarna HijackThis starten en zoeken naar de volgende items:
    [b:1332b330b6]O4 - HKLM\..\Run: [Windows Workstation Service (32-bits)] wkssvc32.exe
    O4 - HKLM\..\RunServices: [Windows Workstation Service (32-bits)] wkssvc32.exe
    O4 - HKCU\..\Run: [Windows Workstation Service (32-bits)] wkssvc32.exe[/b:1332b330b6]
    Een vinkje plaatsen voor deze items en daarna drukken op de "Fix Checked" knop. Daarna HijackThis afsluiten en de computer herstarten in normale modus en HijackThis opnieuw runnen en een log maken en dat hier posten(mocht je deze items niet aantreffen dan nog niets doen en alleen maar een log posten).

    Wat betreft die System32 map, zorg dat verborgen bestanden en mappen weergegeven worden. De System32 map is nu waarschijnlijk wel te vinden, met rechtermuisklik kiezen voor "Eigenschappen" en daar het vinkje bij "Verborgen" weghalen.

    vr.gr.smeenk :wink:
  • dit is de log (ik kreeg eerst nog wel een foutmelding, maar daarna ging hij scannen):

    Logfile of HijackThis v1.99.1
    Scan saved at 16:30:58, on 2-6-2005
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\Documents and Settings\Hatseflats\Desktop\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/
    N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\Hatseflats\Application Data\Mozilla\Profiles\default
    ktfl9a6.slt\prefs.js)
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
    O2 - BHO: Idea2 SidebarBrowserMonitor Class - {45AD732C-2CE2-4666-B366-B2214AD57A49} - C:\Program Files\Desktop Sidebar\sbhelp.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O2 - BHO: Ipswitch.WsftpBrowserHelper - {601ED020-FB6C-11D3-87D8-0050DA59922B} - C:\Program Files\Ipswitch\WS_FTP Pro\wsbho2k0.dll
    O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
    O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
    O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
    O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
    O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\McUpdate.exe
    O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
    O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
    O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SB Live! 24-bit\Surround Mixer\CTSysVol.exe

    O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [BootSkin Startup Jobs] "C:\PROGRA~1\Stardock\WINCUS~1\BootSkin\BootSkin.exe" /StartupJobs
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
    O4 - HKLM\..\Run: [DataLayer] C:\PROGRA~1\COMMON~1\PCSuite\DATALA~1\DATALA~1.EXE
    O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033 -noicon
    O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\gnotify.exe
    O4 - HKLM\..\Run: [AsioReg] REGSVR32 /S CTASIO.DLL
    O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
    O4 - HKLM\..\Run: [DevconDefaultDB] C:\WINDOWS\READREG /PSCONV={NO}
    O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\Launch Application 2.exe -onlytray
    O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime
    O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
    O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
    O4 - HKLM\..\Run: [ChrisTV Agent] "C:\Program Files\ChrisTV Lite\ChrisTV_Agent.exe"
    O4 - HKLM\..\Run: [Windows Workstation Service (32-bits)] wkssvc32.exe
    O4 - HKLM\..\Run: [McRegWiz] C:\PROGRA~1\mcafee.com\agent\mcregwiz.exe /autorun
    O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
    O4 - HKLM\..\RunServices: [Windows Workstation Service (32-bits)] wkssvc32.exe
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [FUIClearHis] C:\Program Files\FreshDevices\FreshUI\freshui.exe 0 1 3 4 5 9 10 11 12 13 14 16 17
    O4 - HKCU\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
    O4 - HKCU\..\Run: [Windows Workstation Service (32-bits)] wkssvc32.exe
    O4 - Global Startup: ATI CATALYST System Tray.lnk = C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
    O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
    O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O8 - Extra context menu item: Subscribe in Desktop Sidebar - res://C:\Program Files\Desktop Sidebar\sbhelp.dll/menuhandler.html
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin
    pjpi150_02.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin
    pjpi150_02.dll
    O9 - Extra button: Subscribe in Desktop Sidebar - {09FE188B-6E85-479e-9411-51FB2220DF80} - C:\Program Files\Desktop Sidebar\sbhelp.dll
    O9 - Extra 'Tools' menuitem: Subscribe in Desktop Sidebar - {09FE188B-6E85-479e-9411-51FB2220DF80} - C:\Program Files\Desktop Sidebar\sbhelp.dll
    O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: RaptisoftGameLoader - http://www.miniclip.com/hamsterball
    aptisoftgameloader.cab
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://groups.msn.com/controls/PhotoUC/MsnPUpld.cab
    O16 - DPF: {6211AC26-A1B4-422A-AC52-1E70B7D24465} (FileSharingCtrl Class) - http://appdirectory.messenger.msn.com/AppDirectory/P4Apps/FileSharing/nl/filesharingctrl.cab
    O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
    O16 - DPF: {9059F30F-4EB1-4BD2-9FDC-36F43A218F4A} (Microsoft RDP Client Control (redist)) - http://www.e-rocu.nl/techniek/TSWEB/msrdp.cab
    O16 - DPF: {9A54032D-31F7-400D-B184-83B33BDE65FA} (MSN File Upload Control) - http://sc.groups.msn.com/controls/FileUC/MsnUpld.cab
    O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
    O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game11.zylomgames.com/activex/zylomgamesplayer.cab
    O16 - DPF: {C4925E65-7A1E-11D2-8BB4-00A0C9CC72C3} (Virtools WebPlayer Class) - http://a532.g.akamai.net/7/532/6712/6c5b0a1ae398e3/player.virtools.com/downloads/player/Install2.5/Installer.exe
    O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{6A64F30E-9579-423E-8397-26EFA2D7CED3}: NameServer = 192.168.7.1,194.98.0.1
    O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
    O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: Autodesk Licensing Service - Unknown owner - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
    O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
    O23 - Service: iPod-service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
    O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
    O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
    O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Networks Associates Technology, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
    O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
    O23 - Service: MySql - Unknown owner - C:/mysql/bin/mysqld-nt.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32
    vsvc32.exe
    O23 - Service: PHPGeekUtil - Unknown owner - c:\apache\APACHE.EXE" –ntservice (file missing)
    O23 - Service: Sandra Data Service (SandraDataSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2005.SR1\RpcDataSrv.exe
    O23 - Service: Sandra Service (SandraTheSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2005.SR1\RpcSandraSrv.exe
    O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Unknown owner - C:\WINDOWS\system32\UAService7.exe



    Ik had trouwens ook verborgen mappen zichtbaar, maar geen system32.

    Ik ga nu proberen die wkssvc32 dingen weg te halen





  • [quote:14ad076469="hatseflats"]C:\Documents and Settings\Hatseflats\Desktop\HijackThis.exe[/quote:14ad076469]Zet Hijackthis in een eigen map bijvoorbeeld C:\hijackthis in plaats van op je bureaublad, HijackThis maakt namelijk backups en die kunnen hier gemakkelijk verloren gaan.

    Deze mag je ook nog fixen met HijackThis:
    [b:14ad076469]O16 - DPF: {C4925E65-7A1E-11D2-8BB4-00A0C9CC72C3} (Virtools WebPlayer Class) - http://a532.g.akamai.net/7/532/6712/6c5b0a1ae398e3/player.virtools.com/downloads /player/Install2.5/Installer.exe[/b:14ad076469]

    Download en installeer CCleaner.

    [b:14ad076469]Het gebruik van Ccleaner:[/b:14ad076469]
    Ccleaner verwijderd ook cookies. Cookies zijn meestal gewoon nutteloos, soms zelfs kwaadaardig, maar er zijn er ook enkele die nodig zijn voor het inloggen op bepaalde websites.

    Ccleaner biedt je de mogelijkheid om in te stellen welke cookies je behouden wilt. Kijk hiervoor bij "Opties"en dan Cookies, selecteer de cookies die je behouden wilt en plaats die in de "Te behouden cookies" ruimte.
    Klik daarna op de knop "Opschonen".

    Post een nieuwe log die gemaakt is in normale modus, vermeld of je nog problemen ondervindt met bepaalde programma's en of de System32 map weer te vinden is. Probeer ook te zoeken naar wkssvc32.exe, als je deze vindt mag je deze scannen met http://virusscan.jotti.org vermeldt het resultaat hier dan ook en verwijder dit bestand ongeacht het resultaat van de scan.

    Ik ben vanavond niet meer online dus ik zal later gaan kijken of het gelukt is. Eventueel zullen anderen je verder helpen met de problemen.

    vr.gr.smeenk :wink:
  • Zou je een StartupList log van hijackthis kunnen posten.
    Start Hijackthis (zal dus in veilige mode moeten denk ik)
    Klik op "Open the Misc Tool section" , zet een vinkje bij "List also minor sections (full)" en klik op Generate StartupList log.

    Sla dit log op en post het (in normale mode).

    Sjaak
  • Er is al vooruitgang geboekt. Ik heb wat bestanden verwijderd (wkssvc) en in msconfig heb ik wkssvc.exe uitgezet (bij opstarten) Ik kan al scannen, msconfig en regedit bekijken, maar ik hou foutmeldingen. Windows update doet het niet evenals systeemherstel.\

    StartupList report, 2-6-2005, 23:17:42
    StartupList version: 1.52.2
    Started from : C:\Documents and Settings\Hatseflats\Desktop\HijackThis.EXE
    Detected: Windows XP SP2 (WinNT 5.01.2600)
    Detected: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    * Using default options
    * Showing rarely important sections
    ==================================================

    Running processes:

    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\Documents and Settings\Hatseflats\Desktop\HijackThis.exe

    ————————————————–

    Listing of startup folders:

    Shell folders Common Startup:
    [C:\Documents and Settings\All Users\Start Menu\Programs\Startup]
    ATI CATALYST System Tray.lnk = C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
    Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe

    ————————————————–

    Checking Windows NT UserInit:

    [HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    UserInit = C:\WINDOWS\system32\userinit.exe,

    ————————————————–

    Autorun entries from Registry:
    HKLM\Software\Microsoft\Windows\CurrentVersion\Run

    VSOCheckTask = "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
    VirusScan Online = "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
    MCAgentExe = c:\PROGRA~1\mcafee.com\agent\mcagent.exe
    MCUpdateExe = C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
    Logitech Utility = Logi_MwX.Exe
    MPFExe = C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
    CTSysVol = C:\Program Files\Creative\SB Live! 24-bit\Surround Mixer\CTSysVol.exe

    UpdReg = C:\WINDOWS\UpdReg.EXE
    NvCplDaemon = RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    NvMediaCenter = RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    BootSkin Startup Jobs = "C:\PROGRA~1\Stardock\WINCUS~1\BootSkin\BootSkin.exe" /StartupJobs
    QuickTime Task = "C:\Program Files\QuickTime\qttask.exe" -atboottime
    SunJavaUpdateSched = C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
    DataLayer = C:\PROGRA~1\COMMON~1\PCSuite\DATALA~1\DATALA~1.EXE
    DAEMON Tools-1033 = "C:\Program Files\D-Tools\daemon.exe" -lang 1033 -noicon
    {0228e555-4f9c-4e35-a3ec-b109a192b4c2} = C:\Program Files\Google\Gmail Notifier\gnotify.exe
    AsioReg = REGSVR32 /S CTASIO.DLL
    CTHelper = CTHELPER.EXE
    DevconDefaultDB = C:\WINDOWS\READREG /PSCONV={NO}
    PCSuiteTrayApplication = C:\Program Files\Nokia\Nokia PC Suite 6\Launch Application 2.exe -onlytray
    ATICCC = "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime
    KBD = C:\HP\KBD\KBD.EXE
    PS2 = C:\WINDOWS\system32\ps2.exe
    ChrisTV Agent = "C:\Program Files\ChrisTV Lite\ChrisTV_Agent.exe"
    Windows Workstation Service (32-bits) = wkssvc32.exe
    McRegWiz = C:\PROGRA~1\mcafee.com\agent\mcregwiz.exe /autorun

    ————————————————–

    Autorun entries from Registry:
    HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices

    Windows Workstation Service (32-bits) = wkssvc32.exe

    ————————————————–

    Autorun entries from Registry:
    HKCU\Software\Microsoft\Windows\CurrentVersion\Run

    CTFMON.EXE = C:\WINDOWS\system32\ctfmon.exe
    MsnMsgr = "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    FUIClearHis = C:\Program Files\FreshDevices\FreshUI\freshui.exe 0 1 3 4 5 9 10 11 12 13 14 16 17
    PcSync = C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
    Windows Workstation Service (32-bits) = wkssvc32.exe

    ————————————————–

    Enumerating Active Setup stub paths:
    HKLM\Software\Microsoft\Active Setup\Installed Components
    (* = disabled by HKCU twin)

    [>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
    StubPath = C:\WINDOWS\inf\unregmp2.exe /ShowWMP

    [>{26923b43-4d38-484f-9b9e-de460746276c}] *
    StubPath = %systemroot%\system32\shmgrate.exe OCInstallUserConfigIE

    [>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}] *
    StubPath = %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE

    [{2C7339CF-2B09-4501-B3F3-F3508C9228ED}] *
    StubPath = %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll

    [{44BBA840-CC51-11CF-AAFA-00AA00B6015C}] *
    StubPath = "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install

    [{7790769C-0471-11d2-AF11-00C04FA35D02}] *
    StubPath = "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install

    [{89820200-ECBD-11cf-8B85-00AA005B4340}] *
    StubPath = regsvr32.exe /s /n /i:U shell32.dll

    [{89820200-ECBD-11cf-8B85-00AA005B4383}] *
    StubPath = %SystemRoot%\system32\ie4uinit.exe

    [{89B4C1CD-B018-4511-B0A1-5476DBF70820}] *
    StubPath = C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install

    ————————————————–

    Shell & screensaver key from C:\WINDOWS\SYSTEM.INI:

    Shell=*INI file not found*
    SCRNSAVE.EXE=*INI file not found*
    drivers=*INI file not found*

    Shell & screensaver key from Registry:

    Shell=Explorer.exe
    SCRNSAVE.EXE=*Registry value not found*
    drivers=*Registry value not found*

    Policies Shell key:

    HKCU\..\Policies: Shell=*Registry key not found*
    HKLM\..\Policies: Shell=*Registry value not found*

    ————————————————–

    Checking for EXPLORER.EXE instances:

    C:\WINDOWS\Explorer.exe: PRESENT!

    C:\Explorer.exe: not present
    C:\WINDOWS\Explorer\Explorer.exe: not present
    C:\WINDOWS\System\Explorer.exe: not present
    C:\WINDOWS\System32\Explorer.exe: not present
    C:\WINDOWS\Command\Explorer.exe: not present
    C:\WINDOWS\Fonts\Explorer.exe: not present

    ————————————————–

    Checking for superhidden extensions:

    .lnk: HIDDEN! (arrow overlay: yes)
    .pif: *Registry value not found*
    .exe: not hidden
    .com: not hidden
    .bat: not hidden
    .hta: not hidden
    .scr: not hidden
    .shs: HIDDEN!
    .shb: HIDDEN!
    .vbs: not hidden
    .vbe: not hidden
    .wsh: not hidden
    .scf: HIDDEN! (arrow overlay: NO!)
    .url: HIDDEN! (arrow overlay: yes)
    .js: not hidden
    .jse: not hidden

    ————————————————–

    Enumerating Browser Helper Objects:

    (no name) - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
    Idea2 SidebarBrowserMonitor Class - C:\Program Files\Desktop Sidebar\sbhelp.dll - {45AD732C-2CE2-4666-B366-B2214AD57A49}
    (no name) - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll - {53707962-6F74-2D53-2644-206D7942484F}
    Ipswitch.WsftpBrowserHelper - C:\Program Files\Ipswitch\WS_FTP Pro\wsbho2k0.dll - {601ED020-FB6C-11D3-87D8-0050DA59922B}

    ————————————————–

    Enumerating Task Scheduler jobs:

    McAfee.com Update Check (BAS-Hatseflats).job
    shutdown.job

    ————————————————–

    Enumerating Download Program Files:

    [RaptisoftGameLoader]
    CODEBASE = http://www.miniclip.com/hamsterball
    aptisoftgameloader.cab
    OSD = C:\WINDOWS\Downloaded Program Files\OSD28E7.OSD

    [Shockwave ActiveX Control]
    InProcServer32 = C:\WINDOWS\system32\Macromed\Director\SwDir.dll
    CODEBASE = http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab

    [Office Update Installation Engine]
    InProcServer32 = C:\WINDOWS\opuc.dll
    CODEBASE = http://office.microsoft.com/officeupdate/content/opuc.cab

    [MSN Photo Upload Tool]
    InProcServer32 = C:\WINDOWS\Downloaded Program Files\MsnPUpld.dll
    CODEBASE = http://groups.msn.com/controls/PhotoUC/MsnPUpld.cab

    [FileSharingCtrl Class]
    InProcServer32 = C:\WINDOWS\Downloaded Program Files\fsmsngr-nl.dll
    CODEBASE = http://appdirectory.messenger.msn.com/AppDirectory/P4Apps/FileSharing/nl/filesharingctrl.cab

    [HouseCall Control]
    InProcServer32 = C:\WINDOWS\DOWNLO~1\xscan53.ocx
    CODEBASE = http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab

    [MessengerStatsClient Class]
    InProcServer32 = C:\WINDOWS\Downloaded Program Files\messengerstatsclient.dll
    CODEBASE = http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab

    [Microsoft RDP Client Control (redist)]
    InProcServer32 = C:\WINDOWS\DOWNLO~1\msrdp.ocx
    CODEBASE = http://www.e-rocu.nl/techniek/TSWEB/msrdp.cab

    [MSN File Upload Control]
    InProcServer32 = C:\WINDOWS\DOWNLO~1\MsnUpld.dll
    CODEBASE = http://sc.groups.msn.com/controls/FileUC/MsnUpld.cab

    [ZoneIntro Class]
    InProcServer32 = C:\WINDOWS\Downloaded Program Files\ZIntro.ocx
    CODEBASE = http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab

    [Zylom Games Player]
    InProcServer32 = C:\WINDOWS\Downloaded Program Files\zylomgamesplayer.dll
    CODEBASE = http://game11.zylomgames.com/activex/zylomgamesplayer.cab

    [Virtools WebPlayer Class]
    InProcServer32 = C:\Program Files\Virtools Web Player 2.5\WebPlayer.ocx
    CODEBASE = http://a532.g.akamai.net/7/532/6712/6c5b0a1ae398e3/player.virtools.com/downloads/player/Install2.5/Installer.exe

    [Shockwave Flash Object]
    InProcServer32 = C:\WINDOWS\system32\macromed\flash\Flash.ocx
    CODEBASE = http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

    [Solitaire Showdown Class]
    InProcServer32 = C:\WINDOWS\Downloaded Program Files\solitaireshowdown.dll
    CODEBASE = http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab

    ————————————————–

    Enumerating Windows NT/2000/XP services

    IPv6 Helper Service: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
    Acronis Scheduler2 Service: "C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe" (autostart)
    Ati HotKey Poller: %SystemRoot%\system32\Ati2evxx.exe (autostart)
    ATI Smart: C:\WINDOWS\system32\ati2sgag.exe (autostart)
    Windows Audio: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
    Autodesk Licensing Service: "C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe" (autostart)
    Computer Browser: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
    Creative Service for CDROM Access: C:\WINDOWS\system32\CTsvcCDA.exe (autostart)
    Cryptographic Services: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
    DCOM Server Process Launcher: %SystemRoot%\system32\svchost -k DcomLaunch (autostart)
    DriverLINX Port I/O Driver: SYSTEM32\DRIVERS\DLPortIO.sys (autostart)
    Logical Disk Manager: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
    DNS Client: %SystemRoot%\system32\svchost.exe -k NetworkService (autostart)
    Error Reporting Service: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
    Event Log: %SystemRoot%\system32\services.exe (autostart)
    Help and Support: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
    HID Input Service: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
    Server: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
    Workstation: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
    Realtek LANPkt Protocol: system32\DRIVERS\LANPkt.sys (autostart)
    TCP/IP NetBIOS Helper: %SystemRoot%\system32\svchost.exe -k LocalService (autostart)
    McAfee.com VirusScan Online Realtime Engine: c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe /Embedding (autostart)
    McAfee Personal Firewall Service: C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe (autostart)
    MySql: C:/mysql/bin/mysqld-nt.exe (autostart)
    NVIDIA Display Driver Service: %SystemRoot%\system32
    vsvc32.exe (autostart)
    NWLink IPX/SPX/NetBIOS Compatible Transport Protocol: system32\DRIVERS
    wlnkipx.sys (autostart)
    NWLink NetBIOS: system32\DRIVERS
    wlnknb.sys (autostart)
    NWLink SPX/SPXII Protocol: system32\DRIVERS
    wlnkspx.sys (autostart)
    PHPGeekUtil: "c:\apache\APACHE.EXE" –ntservice (autostart)
    Plug and Play: %SystemRoot%\system32\services.exe (autostart)
    IPSEC Services: %SystemRoot%\system32\lsass.exe (autostart)
    Protected Storage: %SystemRoot%\system32\lsass.exe (autostart)
    RadPciNT: \??\C:\WINDOWS\system32\Drivers\RadPciNT.sys (autostart)
    Remote Procedure Call (RPC): %SystemRoot%\system32\svchost -k rpcss (autostart)
    Security Accounts Manager: %SystemRoot%\system32\lsass.exe (autostart)
    Task Scheduler: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
    Secdrv: system32\DRIVERS\secdrv.sys (autostart)
    Secondary Logon: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
    System Event Notification: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
    Sentinel: \SystemRoot\System32\Drivers\SENTINEL.SYS (autostart)
    Shell Hardware Detection: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
    SNMP Service: %SystemRoot%\System32\snmp.exe (autostart)
    Print Spooler: %SystemRoot%\system32\spoolsv.exe (autostart)
    System Restore Service: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
    Themes: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
    Acronis TrueImage FS Filter: system32\DRIVERS\tifsfilt.sys (autostart)
    Distributed Link Tracking Client: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
    Windows User Mode Driver Framework: C:\WINDOWS\system32\wdfmgr.exe (autostart)
    SecuROM User Access Service (V7): C:\WINDOWS\system32\UAService7.exe (autostart)
    Windows Time: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
    WebClient: %SystemRoot%\system32\svchost.exe -k LocalService (autostart)
    Windows Management Instrumentation: %systemroot%\system32\svchost.exe -k netsvcs (autostart)
    WMDM PMSP Service: C:\WINDOWS\system32\MsPMSPSv.exe (autostart)
    Wireless Zero Configuration: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)


    ————————————————–

    Enumerating ShellServiceObjectDelayLoad items:

    PostBootReminder: C:\WINDOWS\system32\SHELL32.dll
    CDBurn: C:\WINDOWS\system32\SHELL32.dll
    WebCheck: C:\WINDOWS\system32\webcheck.dll
    SysTray: C:\WINDOWS\system32\stobject.dll
    UPnPMonitor: C:\WINDOWS\system32\upnpui.dll

    ————————————————–
    End of report, 14.742 bytes
    Report generated in 0,090 seconds

    Command line options:
    /verbose - to add additional info on each section
    /complete - to include empty sections and unsuspicious data
    /full - to include several rarely-important sections
    /force9x - to include Win9x-only startups even if running on WinNT
    /forcent - to include WinNT-only startups even if running on Win9x
    /forceall - to include all Win9x and WinNT startups, regardless of platform
    /history - to list version history only





  • Je hebt wkssvc.dll toch wel laten staan?

    Volg mijn instructies uit het volgende:
    http://forum.computertotaal.nl/phpBB2/viewtopic.php?p=982378#982378

    Plaats daarna een nieuw log in dit topic.

    Sjaak
  • Logfile of HijackThis v1.99.1
    Scan saved at 20:32:13, on 3-6-2005
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
    C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
    C:\WINDOWS\system32\CTsvcCDA.exe
    c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
    C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
    C:\mysql\bin\mysqld-nt.exe
    c:\apache\APACHE.EXE
    C:\WINDOWS\System32\snmp.exe
    c:\apache\APACHE.EXE
    C:\WINDOWS\system32\UAService7.exe
    C:\WINDOWS\system32\MsPMSPSv.exe
    c:\PROGRA~1\mcafee.com\vso\mcshield.exe
    C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
    C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
    C:\PROGRA~1\mcafee.com\agent\mcagent.exe
    c:\progra~1\mcafee.com\vso\mcvsescn.exe
    C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
    C:\Program Files\Creative\SB Live! 24-bit\Surround Mixer\CTSysVol.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
    C:\Program Files\Google\Gmail Notifier\gnotify.exe
    C:\Program Files\Nokia\Nokia PC Suite 6\Launch Application 2.exe
    C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
    C:\HP\KBD\KBD.EXE
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\MSN Messenger\MsnMsgr.Exe
    C:\PROGRA~1\COMMON~1\PCSuite\DATALA~1\DATALA~1.EXE
    C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
    C:\PROGRA~1\COMMON~1\PCSuite\Services\SERVIC~1.EXE
    C:\Program Files\Logitech\MouseWare\system\em_exec.exe
    c:\progra~1\mcafee.com\vso\mcvsftsn.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
    C:\Documents and Settings\Hatseflats\Desktop\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/
    N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\Hatseflats\Application Data\Mozilla\Profiles\default
    ktfl9a6.slt\prefs.js)
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
    O2 - BHO: Idea2 SidebarBrowserMonitor Class - {45AD732C-2CE2-4666-B366-B2214AD57A49} - C:\Program Files\Desktop Sidebar\sbhelp.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O2 - BHO: Ipswitch.WsftpBrowserHelper - {601ED020-FB6C-11D3-87D8-0050DA59922B} - C:\Program Files\Ipswitch\WS_FTP Pro\wsbho2k0.dll
    O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
    O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
    O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
    O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
    O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
    O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
    O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
    O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SB Live! 24-bit\Surround Mixer\CTSysVol.exe

    O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [BootSkin Startup Jobs] "C:\PROGRA~1\Stardock\WINCUS~1\BootSkin\BootSkin.exe" /StartupJobs
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
    O4 - HKLM\..\Run: [DataLayer] C:\PROGRA~1\COMMON~1\PCSuite\DATALA~1\DATALA~1.EXE
    O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033 -noicon
    O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\gnotify.exe
    O4 - HKLM\..\Run: [AsioReg] REGSVR32 /S CTASIO.DLL
    O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
    O4 - HKLM\..\Run: [DevconDefaultDB] C:\WINDOWS\READREG /PSCONV={NO}
    O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\Launch Application 2.exe -onlytray
    O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime
    O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
    O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [FUIClearHis] C:\Program Files\FreshDevices\FreshUI\freshui.exe 0 1 3 4 5 9 10 11 12 13 14 16 17
    O4 - HKCU\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
    O4 - Global Startup: ATI CATALYST System Tray.lnk = C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
    O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
    O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O8 - Extra context menu item: Subscribe in Desktop Sidebar - res://C:\Program Files\Desktop Sidebar\sbhelp.dll/menuhandler.html
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin
    pjpi150_02.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin
    pjpi150_02.dll
    O9 - Extra button: Subscribe in Desktop Sidebar - {09FE188B-6E85-479e-9411-51FB2220DF80} - C:\Program Files\Desktop Sidebar\sbhelp.dll
    O9 - Extra 'Tools' menuitem: Subscribe in Desktop Sidebar - {09FE188B-6E85-479e-9411-51FB2220DF80} - C:\Program Files\Desktop Sidebar\sbhelp.dll
    O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: RaptisoftGameLoader - http://www.miniclip.com/hamsterball
    aptisoftgameloader.cab
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://groups.msn.com/controls/PhotoUC/MsnPUpld.cab
    O16 - DPF: {6211AC26-A1B4-422A-AC52-1E70B7D24465} (FileSharingCtrl Class) - http://appdirectory.messenger.msn.com/AppDirectory/P4Apps/FileSharing/nl/filesharingctrl.cab
    O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
    O16 - DPF: {9059F30F-4EB1-4BD2-9FDC-36F43A218F4A} (Microsoft RDP Client Control (redist)) - http://www.e-rocu.nl/techniek/TSWEB/msrdp.cab
    O16 - DPF: {9A54032D-31F7-400D-B184-83B33BDE65FA} (MSN File Upload Control) - http://sc.groups.msn.com/controls/FileUC/MsnUpld.cab
    O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
    O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game11.zylomgames.com/activex/zylomgamesplayer.cab
    O16 - DPF: {C4925E65-7A1E-11D2-8BB4-00A0C9CC72C3} (Virtools WebPlayer Class) - http://a532.g.akamai.net/7/532/6712/6c5b0a1ae398e3/player.virtools.com/downloads/player/Install2.5/Installer.exe
    O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{6A64F30E-9579-423E-8397-26EFA2D7CED3}: NameServer = 192.168.7.1,194.98.0.1
    O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
    O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: Autodesk Licensing Service - Unknown owner - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
    O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
    O23 - Service: TurkSpy For RootKit (GencTurK RootKit) - Unknown owner - c:\system.exe (file missing)
    O23 - Service: iPod-service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
    O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
    O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
    O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Networks Associates Technology, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
    O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
    O23 - Service: MySql - Unknown owner - C:/mysql/bin/mysqld-nt.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32
    vsvc32.exe
    O23 - Service: PHPGeekUtil - Unknown owner - c:\apache\APACHE.EXE" –ntservice (file missing)
    O23 - Service: Sandra Data Service (SandraDataSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2005.SR1\RpcDataSrv.exe
    O23 - Service: Sandra Service (SandraTheSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2005.SR1\RpcSandraSrv.exe
    O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Unknown owner - C:\WINDOWS\system32\UAService7.exe


    [quote:a50a67827c] O23 - Service: TurkSpy For RootKit (GencTurK RootKit) - Unknown owner - c:\system.exe (file missing) [/quote:a50a67827c]

    moet deze misschien weg?





  • Download getservices: http://users.telenet.be/marcvn/tools/getservices.zip
    Unzip het, en dubbelklik op getservice.bat.

    Post de log.
  • PsService v1.1 - local and remote services viewer/controller
    Copyright (C) 2001-2003 Mark Russinovich
    Sysinternals - www.sysinternals.com

    SERVICE_NAME: 6to4
    Provides DDNS name registration and automatic IPv6 connectivity over an IPv4 network. If this service is stopped, other computers may not be able to reach it by name and the machine will only have IPv6 connectivity if it is connected to a native IPv6 network. If this service is disabled, any other services that explicitly depend on this service will fail to start.
    TYPE : 20 WIN32_SHARE_PROCESS
    START_TYPE : 2 AUTO_START
    ERROR_CONTROL : 1 NORMAL
    BINARY_PATH_NAME : C:\WINDOWS\system32\svchost.exe -k netsvcs
    LOAD_ORDER_GROUP :
    TAG : 0
    DISPLAY_NAME : IPv6 Helper Service
    DEPENDENCIES : RpcSS
    : tcpip6
    : winmgmt
    SERVICE_START_NAME: LocalSystem

    SERVICE_NAME: AcrSch2Svc
    Allows Acronis products to schedule automated tasks on this computer. If this service is stopped, these tasks will not be run at their scheduled times.
    TYPE : 110 WIN32_OWN_PROCESS INTERACTIVE_PROCESS
    START_TYPE : 2 AUTO_START
    ERROR_CONTROL : 1 NORMAL
    BINARY_PATH_NAME : "C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe"
    LOAD_ORDER_GROUP :
    TAG : 0
    DISPLAY_NAME : Acronis Scheduler2 Service
    DEPENDENCIES : RpcSs
    SERVICE_START_NAME: LocalSystem

    SERVICE_NAME: Adobe LM Service
    Adobe LM Service
    TYPE : 10 WIN32_OWN_PROCESS
    START_TYPE : 3 DEMAND_START
    ERROR_CONTROL : 1 NORMAL
    BINARY_PATH_NAME : "C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe"
    LOAD_ORDER_GROUP :
    TAG : 0
    DISPLAY_NAME : Adobe LM Service
    DEPENDENCIES :
    SERVICE_START_NAME: LocalSystem

    SERVICE_NAME: Alerter
    Notifies selected users and computers of administrative alerts. If the service is stopped, programs that use administrative alerts will not receive them. If this service is disabled, any services that explicitly depend on it will fail to start.
    TYPE : 20 WIN32_SHARE_PROCESS
    START_TYPE : 4 DISABLED
    ERROR_CONTROL : 1 NORMAL
    BINARY_PATH_NAME : C:\WINDOWS\system32\svchost.exe -k LocalService
    LOAD_ORDER_GROUP :
    TAG : 0
    DISPLAY_NAME : Alerter
    DEPENDENCIES : LanmanWorkstation
    SERVICE_START_NAME: NT AUTHORITY\LocalService

    SERVICE_NAME: ALG
    Provides support for 3rd party protocol plug-ins for Internet Connection Sharing and the Windows Firewall.
    TYPE : 10 WIN32_OWN_PROCESS
    START_TYPE : 3 DEMAND_START
    ERROR_CONTROL : 1 NORMAL
    BINARY_PATH_NAME : C:\WINDOWS\System32\alg.exe
    LOAD_ORDER_GROUP :
    TAG : 0
    DISPLAY_NAME : Application Layer Gateway Service
    DEPENDENCIES :
    SERVICE_START_NAME: NT AUTHORITY\LocalService

    SERVICE_NAME: AppMgmt
    Provides software installation services such as Assign, Publish, and Remove.
    TYPE : 20 WIN32_SHARE_PROCESS
    START_TYPE : 3 DEMAND_START
    ERROR_CONTROL : 1 NORMAL
    BINARY_PATH_NAME : C:\WINDOWS\system32\svchost.exe -k netsvcs
    LOAD_ORDER_GROUP :
    TAG : 0
    DISPLAY_NAME : Application Management
    DEPENDENCIES :
    SERVICE_START_NAME: LocalSystem

    SERVICE_NAME: aspnet_state
    Provides support for out-of-process session states for ASP.NET. If this service is stopped, out-of-process requests will not be processed. If this service is disabled, any services that explicitly depend on it will fail to start.
    TYPE : 10 WIN32_OWN_PROCESS
    START_TYPE : 3 DEMAND_START
    ERROR_CONTROL : 1 NORMAL
    BINARY_PATH_NAME : C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe
    LOAD_ORDER_GROUP :
    TAG : 0
    DISPLAY_NAME : ASP.NET State Service
    DEPENDENCIES :
    SERVICE_START_NAME: NT AUTHORITY\NetworkService

    SERVICE_NAME: Ati HotKey Poller
    (null)
    TYPE : 110 WIN32_OWN_PROCESS INTERACTIVE_PROCESS
    START_TYPE : 2 AUTO_START
    ERROR_CONTROL : 1 NORMAL
    BINARY_PATH_NAME : C:\WINDOWS\system32\Ati2evxx.exe
    LOAD_ORDER_GROUP : Event log
    TAG : 0
    DISPLAY_NAME : Ati HotKey Poller
    DEPENDENCIES :
    SERVICE_START_NAME: LocalSystem

    SERVICE_NAME: ATI Smart
    (null)
    TYPE : 110 WIN32_OWN_PROCESS INTERACTIVE_PROCESS
    START_TYPE : 2 AUTO_START
    ERROR_CONTROL : 1 NORMAL
    BINARY_PATH_NAME : C:\WINDOWS\system32\ati2sgag.exe
    LOAD_ORDER_GROUP :
    TAG : 0
    DISPLAY_NAME : ATI Smart
    DEPENDENCIES :
    SERVICE_START_NAME: LocalSystem

    SERVICE_NAME: AudioSrv
    Manages audio devices for Windows-based programs. If this service is stopped, audio devices and effects will not function properly. If this service is disabled, any services that explicitly depend on it will fail to start.
    TYPE : 20 WIN32_SHARE_PROCESS
    START_TYPE : 2 AUTO_START
    ERROR_CONTROL : 1 NORMAL
    BINARY_PATH_NAME : C:\WINDOWS\System32\svchost.exe -k netsvcs
    LOAD_ORDER_GROUP : AudioGroup
    TAG : 0
    DISPLAY_NAME : Windows Audio
    DEPENDENCIES : PlugPlay
    : RpcSs
    SERVICE_START_NAME: LocalSystem

    SERVICE_NAME: Autodesk Licensing Service
    Anchor service for Autodesk products licensed with SafeCast
    TYPE : 10 WIN32_OWN_PROCESS
    START_TYPE : 2 AUTO_START
    ERROR_CONTROL : 1 NORMAL
    BINARY_PATH_NAME : "C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe"
    LOAD_ORDER_GROUP :
    TAG : 0
    DISPLAY_NAME : Autodesk Licensing Service
    DEPENDENCIES :
    SERVICE_START_NAME: LocalSystem

    SERVICE_NAME: BITS
    Transfers data between clients and servers in the background. If BITS is disabled, features such as Windows Update will not work correctly.
    TYPE : 20 WIN32_SHARE_PROCESS
    START_TYPE : 2 AUTO_START
    ERROR_CONTROL : 1 NORMAL
    BINARY_PATH_NAME : C:\WINDOWS\system32\svchost.exe -k netsvcs
    LOAD_ORDER_GROUP :
    TAG : 0
    DISPLAY_NAME : Background Intelligent Transfer Service
    DEPENDENCIES : RpcSs
    SERVICE_START_NAME: LocalSystem
    FAIL_RESET_PERIOD : 0 seconds
    FAILURE_ACTIONS : Restart DELAY: 60000 seconds
    : Restart DELAY: 60000 seconds
    : Restart DELAY: 60000 seconds

    SERVICE_NAME: Browser
    Maintains an updated list of computers on the network and supplies this list to computers designated as browsers. If this service is stopped, this list will not be updated or maintained. If this service is disabled, any services that explicitly depend on it will fail to start.
    TYPE : 20 WIN32_SHARE_PROCESS
    START_TYPE : 2 AUTO_START
    ERROR_CONTROL : 1 NORMAL
    BINARY_PATH_NAME : C:\WINDOWS\system32\svchost.exe -k netsvcs
    LOAD_ORDER_GROUP :
    TAG : 0
    DISPLAY_NAME : Computer Browser
    DEPENDENCIES : LanmanWorkstation
    : LanmanServer
    SERVICE_START_NAME: LocalSystem

    SERVICE_NAME: CiSvc
    Indexes contents and properties of files on local and remote computers; provides rapid access to files through flexible querying language.
    TYPE : 20 WIN32_SHARE_PROCESS
    START_TYPE : 4 DISABLED
    ERROR_CONTROL : 1 NORMAL
    BINARY_PATH_NAME : C:\WINDOWS\system32\cisvc.exe
    LOAD_ORDER_GROUP :
    TAG : 0
    DISPLAY_NAME : Indexing Service
    DEPENDENCIES : RPCSS
    SERVICE_START_NAME: LocalSystem

    SERVICE_NAME: ClipSrv
    Enables ClipBook Viewer to store information and share it with remote computers. If the service is stopped, ClipBook Viewer will not be able to share information with remote computers. If this service is disabled, any services that explicitly depend on it will fail to start.
    TYPE : 10 WIN32_OWN_PROCESS
    START_TYPE : 4 DISABLED
    ERROR_CONTROL : 1 NORMAL
    BINARY_PATH_NAME : C:\WINDOWS\system32\clipsrv.exe
    LOAD_ORDER_GROUP :
    TAG : 0
    DISPLAY_NAME : ClipBook
    DEPENDENCIES : NetDDE
    SERVICE_START_NAME: LocalSystem

    SERVICE_NAME: COMSysApp

    Manages the configuration and tracking of Component Object Model (COM)+-based components. If the service is stopped, most COM+-based components will not function properly. If this service is disabled, any services that explicitly depend on it will fail to start.
    TYPE : 10 WIN32_OWN_PROCESS
    START_TYPE : 3 DEMAND_START
    ERROR_CONTROL : 1 NORMAL
    BINARY_PATH_NAME : C:\WINDOWS\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235}
    LOAD_ORDER_GROUP :
    TAG : 0
    DISPLAY_NAME : COM+ System Application
    DEPENDENCIES : rpcss
    SERVICE_START_NAME: LocalSystem
    FAIL_RESET_PERIOD : 30 seconds
    FAILURE_ACTIONS : Restart DELAY: 1000 seconds
    : Restart DELAY: 5000 seconds
    : None DELAY: 1000 seconds

    SERVICE_NAME: Creative Service for CDROM Access
    (null)
    TYPE : 10 WIN32_OWN_PROCESS
    START_TYPE : 2 AUTO_START
    ERROR_CONTROL : 1 NORMAL
    BINARY_PATH_NAME : C:\WINDOWS\system32\CTsvcCDA.exe
    LOAD_ORDER_GROUP :
    TAG : 0
    DISPLAY_NAME : Creative Service for CDROM Access
    DEPENDENCIES :
    SERVICE_START_NAME: LocalSystem

    SERVICE_NAME: CryptSvc
    Provides three management services: Catalog Database Service, which confirms the signatures of Windows files; Protected Root Service, which adds and removes Trusted Root Certification Authority certificates from this computer; and Key Service, which helps enroll this computer for certificates. If this service is stopped, these management services will not function properly. If this service is disabled, any services that explicitly depend on it will fail to start.
    TYPE : 20 WIN32_SHARE_PROCESS
    START_TYPE : 2 AUTO_START
    ERROR_CONTROL : 1 NORMAL
    BINARY_PATH_NAME : C:\WINDOWS\system32\svchost.exe -k netsvcs
    LOAD_ORDER_GROUP :
    TAG : 0
    DISPLAY_NAME : Cryptographic Services
    DEPENDENCIES : RpcSs
    SERVICE_START_NAME: LocalSystem

    SERVICE_NAME: DcomLaunch
    Provides launch functionality for DCOM services.
    TYPE : 20 WIN32_SHARE_PROCESS
    START_TYPE : 2 AUTO_START
    ERROR_CONTROL : 1 NORMAL
    BINARY_PATH_NAME : C:\WINDOWS\system32\svchost -k DcomLaunch
    LOAD_ORDER_GROUP : Event Log
    TAG : 0
    DISPLAY_NAME : DCOM Server Process Launcher
    DEPENDENCIES :
    SERVICE_START_NAME: LocalSystem
    FAIL_RESET_PERIOD : 0 seconds
    FAILURE_ACTIONS : Reboot DELAY: 60000 seconds

    SERVICE_NAME: Dhcp
    Manages network configuration by registering and updating IP addresses and DNS names.
    TYPE : 20 WIN32_SHARE_PROCESS
    START_TYPE : 4 DISABLED
    ERROR_CONTROL : 1 NORMAL
    BINARY_PATH_NAME : C:\WINDOWS\system32\svchost.exe -k netsvcs
    LOAD_ORDER_GROUP : TDI
    TAG : 0
    DISPLAY_NAME : DHCP Client
    DEPENDENCIES : Tcpip
    : Afd
    : NetBT
    SERVICE_START_NAME: LocalSystem

    SERVICE_NAME: dmadmin
    Configures hard disk drives and volumes. The service only runs for configuration processes and then stops.
    TYPE : 20 WIN32_SHARE_PROCESS
    START_TYPE : 3 DEMAND_START
    ERROR_CONTROL : 1 NORMAL
    BINARY_PATH_NAME : C:\WINDOWS\System32\dmadmin.exe /com
    LOAD_ORDER_GROUP :
    TAG : 0
    DISPLAY_NAME : Logical Disk Manager Administrative Service
    DEPENDENCIES : RpcSs
    : PlugPlay
    : DmServer
    SERVICE_START_NAME: LocalSystem

    SERVICE_NAME: dmserver
    Detects and monitors new hard disk drives and sends disk volume information to Logical Disk Manager Administrative Service for configuration. If this service is stopped, dynamic disk status and configuration information may become out of date. If this service is disabled, any services that explicitly depend on it will fail to start.
    TYPE : 20 WIN32_SHARE_PROCESS
    START_TYPE : 2 AUTO_START
    ERROR_CONTROL : 1 NORMAL
    BINARY_PATH_NAME : C:\WINDOWS\System32\svchost.exe -k netsvcs
    LOAD_ORDER_GROUP :
    TAG : 0
    DISPLAY_NAME : Logical Disk Manager
    DEPENDENCIES : RpcSs
    : PlugPlay
    SERVICE_START_NAME: LocalSystem

    SERVICE_NAME: Dnscache
    Resolves and caches Domain Name System (DNS) names for this computer. If this service is stopped, this computer will not be able to resolve DNS names and locate Active Directory domain controllers. If this service is disabled, any services that explicitly depend on it will fail to start.
    TYPE : 20 WIN32_SHARE_PROCESS
    START_TYPE : 2 AUTO_START
    ERROR_CONTROL : 1 NORMAL
    BINARY_PATH_NAME : C:\WINDOWS\system32\svchost.exe -k NetworkService
    LOAD_ORDER_GROUP : TDI
    TAG : 0
    DISPLAY_NAME : DNS Client
    DEPENDENCIES : Tcpip
    SERVICE_START_NAME: NT AUTHORITY\NetworkService

    SERVICE_NAME: ERSvc
    Allows error reporting for services and applictions running in non-standard environments.
    TYPE : 20 WIN32_SHARE_PROCESS
    START_TYPE : 2 AUTO_START
    ERROR_CONTROL : 0 IGNORE
    BINARY_PATH_NAME : C:\WINDOWS\System32\svchost.exe -k netsvcs
    LOAD_ORDER_GROUP :
    TAG : 0
    DISPLAY_NAME : Error Reporting Service
    DEPENDENCIES : RpcSs
    SERVICE_START_NAME: LocalSystem

    SERVICE_NAME: Eventlog
    Enables event log messages issued by Windows-based programs and components to be viewed in Event Viewer. This service cannot be stopped.
    TYPE : 20 WIN32_SHARE_PROCESS
    START_TYPE : 2 AUTO_START
    ERROR_CONTROL : 1 NORMAL
    BINARY_PATH_NAME : C:\WINDOWS\system32\services.exe
    LOAD_ORDER_GROUP : Event log
    TAG : 0
    DISPLAY_NAME : Event Log
    DEPENDENCIES :
    SERVICE_START_NAME: LocalSystem

    SERVICE_NAME: EventSystem
    Supports System Event Notification Service (SENS), which provides automatic distribution of events to subscribing Component Object Model (COM) components. If the service is stopped, SENS will close and will not be able to provide logon and logoff notifications. If this service is disabled, any services that explicitly depend on it will fail to start.
    TYPE : 20 WIN32_SHARE_PROCESS
    START_TYPE : 3 DEMAND_START
    ERROR_CONTROL : 1 NORMAL
    BINARY_PATH_NAME : C:\WINDOWS\system32\svchost.exe -k netsvcs
    LOAD_ORDER_GROUP : Network
    TAG : 0
    DISPLAY_NAME : COM+ Event System
    DEPENDENCIES : RPCSS
    SERVICE_START_NAME: LocalSystem

    SERVICE_NAME: FastUserSwitchingCompatibility
    Provides management for applications that require assistance in a multiple user environment.
    TYPE : 20 WIN32_SHARE_PROCESS
    START_TYPE : 3 DEMAND_START
    ERROR_CONTROL : 1 NORMAL
    BINARY_PATH_NAME : C:\WINDOWS\System32\svchost.exe -k netsvcs
    LOAD_ORDER_GROUP :
    TAG : 0
    DISPLAY_NAME : Fast User Switching Compatibility
    DEPENDENCIES : TermService
    SERVICE_START_NAME: LocalSystem

    SERVICE_NAME: GencTurK RootKit
    Nt Sistemler için RootKit
    TYPE : 10 WIN32_OWN_PROCESS
    START_TYPE : 2 AUTO_START
    ERROR_CONTROL : 0 IGNORE
    BINARY_PATH_NAME : c:\system.exe
    LOAD_ORDER_GROUP :
    TAG : 0
    DISPLAY_NAME : TurkSpy For RootKit
    DEPENDENCIES :
    SERVICE_START_NAME: LocalSystem

    SERVICE_NAME: helpsvc
    Enables Help and Support Center to run on this computer. If this service is stopped, Help and Support Center will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start.
    TYPE : 20 WIN32_SHARE_PROCESS
    START_TYPE : 2 AUTO_START
    ERROR_CONTROL : 1 NORMAL
    BINARY_PATH_NAME : C:\WINDOWS\System32\svchost.exe -k netsvcs
    LOAD_ORDER_GROUP :
    TAG : 0
    DISPLAY_NAME : Help and Support
    DEPENDENCIES : RPCSS
    SERVICE_START_NAME: LocalSystem
    FAIL_RESET_PERIOD : 86400 seconds
    FAILURE_ACTIONS : Restart DELAY: 100 seconds
    : Restart DELAY: 100 seconds
    : None DELAY: 100 seconds

    SERVICE_NAME: HidServ
    Enables generic input access to Human Interface Devices (HID), which activates and maintains the use of predefined hot buttons on keyboards, remote controls, and other multimedia devices. If this service is stopped, hot buttons controlled by this service will no longer function. If this service is disabled, any services that explicitly depend on it will fail to start.
    TYPE : 20 WIN32_SHARE_PROCESS
    START_TYPE : 2 AUTO_START
    ERROR_CONTROL : 1 NORMAL
    BINARY_PATH_NAME : C:\WINDOWS\System32\svchost.exe -k netsvcs
    LOAD_ORDER_GROUP :
    TAG : 0
    DISPLAY_NAME : HID Input Service
    DEPENDENCIES : RpcSs
    SERVICE_START_NAME: LocalSystem

    SERVICE_NAME: HTTPFilter
    This service implements the secure hypertext transfer protocol (HTTPS) for the HTTP service, using the Secure Socket Layer (SSL). If this service is disabled, any services that explicitly depend on it will fail to start.
    TYPE : 20 WIN32_SHARE_PROCESS
    START_TYPE : 3 DEMAND_START
    ERROR_CONTROL : 1 NORMAL
    BINARY_PATH_NAME : C:\WINDOWS\System32\svchost.exe -k HTTPFilter
    LOAD_ORDER_GROUP :
    TAG : 0
    DISPLAY_NAME : HTTP SSL
    DEPENDENCIES : HTTP
    SERVICE_START_NAME: LocalSystem

    SERVICE_NAME: ImapiService
    Manages CD recording using Image Mastering Applications Programming Interface (IMAPI). If this service is stopped, this computer will be unable to record CDs. If this service is disabled, any services that explicitly depend on it will fail to start.
    TYPE : 10 WIN32_OWN_PROCESS
    START_TYPE : 3 DEMAND_START
    ERROR_CONTROL : 1 NORMAL
    BINARY_PATH_NAME : C:\WINDOWS\system32\imapi.exe
    LOAD_ORDER_GROUP :
    TAG : 0
    DISPLAY_NAME : IMAPI CD-Burning COM Service
    DEPENDENCIES :
    SERVICE_START_NAME: LocalSystem

    SERVICE_NAME: iPodService
    Services voor iPod-hardwarebeheer
    TYPE : 10 WIN32_OWN_PROCESS
    START_TYPE : 3 DEMAND_START
    ERROR_CONTROL : 0 IGNORE
    BINARY_PATH_NAME : "C:\Program Files\iPod\bin\iPodService.exe"
    LOAD_ORDER_GROUP :
    TAG : 0
    DISPLAY_NAME : iPod-service
    DEPENDENCIES :
    SERVICE_START_NAME: LocalSystem

    SERVICE_NAME: lanmanserver
    Supports file, print, and named-pipe sharing over the network for this computer. If this service is stopped, these functions will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start.
    TYPE : 20 WIN32_SHARE_PROCESS
    START_TYPE : 2 AUTO_START
    ERROR_CONTROL : 1 NORMAL
    BINARY_PATH_NAME : C:\WINDOWS\system32\svchost.exe -k netsvcs
    LOAD_ORDER_GROUP :
    TAG : 0
    DISPLAY_NAME : Server
    DEPENDENCIES :
    SERVICE_START_NAME: LocalSystem

    SERVICE_NAME: lanmanworkstation
    Creates and maintains client network connections to remote servers. If this service is stopped, these connections will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start.
    TYPE : 20 WIN32_SHARE_PROCESS
    START_TYPE : 2 AUTO_START
    ERROR_CONTROL : 1 NORMAL
    BINARY_PATH_NAME : C:\WINDOWS\system32\svchost.exe -k netsvcs
    LOAD_ORDER_GROUP : NetworkProvider
    TAG : 0
    DISPLAY_NAME : Workstation
    DEPENDENCIES :
    SERVICE_START_NAME: LocalSystem

    SERVICE_NAME: LmHosts
    Enables support for NetBIOS over TCP/IP (NetBT) service and NetBIOS name resolution.
    TYPE : 20 WIN32_SHARE_PROCESS
    START_TYPE : 2 AUTO_START
    ERROR_CONTROL : 1 NORMAL
    BINARY_PATH_NAME : C:\WINDOWS\system32\svchost.exe -k LocalService
    LOAD_ORDER_GROUP : TDI
    TAG : 0
    DISPLAY_NAME : TCP/IP NetBIOS Helper
    DEPENDENCIES : NetBT
    : Afd
    SERVICE_START_NAME: NT AUTHORITY\LocalService

    SERVICE_NAME: LPDSVC
    Provides a TCP/IP-based printing service that uses the Line Printer protocol.
    TYPE : 20 WIN32_SHARE_PROCESS
    START_TYPE : 3 DEMAND_START
    ERROR_CONTROL : 1 NORMAL
    BINARY_PATH_NAME : C:\WINDOWS\system32\tcpsvcs.exe
    LOAD_ORDER_GROUP :
    TAG : 0
    DISPLAY_NAME : TCP/IP Print Server
    DEPENDENCIES : Tcpip
    : Spooler
    SERVICE_START_NAME: LocalSystem

    SERVICE_NAME: Macromedia Licensing Service
    Provides authentication services for Macromedia applications.
    TYPE : 10 WIN32_OWN_PROCESS
    START_TYPE : 3 DEMAND_START
    ERROR_CONTROL : 1 NORMAL
    BINARY_PATH_NAME : "C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe"
    LOAD_ORDER_GROUP :
    TAG : 0
    DISPLAY_NAME : Macromedia Licensing Service
    DEPENDENCIES :
    SERVICE_START_NAME: LocalSystem

    SERVICE_NAME: McShield
    (null)
    TYPE : 110 WIN32_OWN_PROCESS INTERACTIVE_PROCESS
    START_TYPE : 3 DEMAND_START
    ERROR_CONTROL : 1 NORMAL
    BINARY_PATH_NAME : c:\PROGRA~1\mcafee.com\vso\mcshield.exe
    LOAD_ORDER_GROUP :
    TAG : 0
    DISPLAY_NAME : McAfee.com McShield
    DEPENDENCIES : RPCSS
    SERVICE_START_NAME: LocalSystem

    SERVICE_NAME: mcupdmgr.exe
    (null)
    TYPE : 10 WIN32_OWN_PROCESS
    START_TYPE : 3 DEMAND_START
    ERROR_CONTROL : 1 NORMAL
    BINARY_PATH_NAME : C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
    LOAD_ORDER_GROUP :
    TAG : 0
    DISPLAY_NAME : McAfee SecurityCenter Update Manager
    DEPENDENCIES : RPCSS
    SERVICE_START_NAME: LocalSystem

    SERVICE_NAME: MCVSRte
    (null)
    TYPE : 110 WIN32_OWN_PROCESS INTERACTIVE_PROCESS
    START_TYPE : 2 AUTO_START
    ERROR_CONTROL : 1 NORMAL
    BINARY_PATH_NAME : c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe /Embedding
    LOAD_ORDER_GROUP :
    TAG : 0
    DISPLAY_NAME : McAfee.com VirusScan Online Realtime Engine
    DEPENDENCIES : RPCSS
    SERVICE_START_NAME: LocalSystem

    SERVICE_NAME: Messenger
    Transmits net send and Alerter service messages between clients and servers. This service is not related to Windows Messenger. If this service is stopped, Alerter messages will not be transmitted. If this service is disabled, any services that explicitly depend on it will fail to start.
    TYPE : 20 WIN32_SHARE_PROCESS
    START_TYPE : 4 DISABLED
    ERROR_CONTROL : 1 NORMAL
    BINARY_PATH_NAME : C:\WINDOWS\system32\svchost.exe -k netsvcs
    LOAD_ORDER_GROUP :
    TAG : 0
    DISPLAY_NAME : Messenger
    DEPENDENCIES : LanmanWorkstation
    : NetBIOS
    : PlugPlay
    : RpcSS
    SERVICE_START_NAME: LocalSystem

    SERVICE_NAME: mnmsrvc
    Enables an authorized user to access this computer remotely by using NetMeeting over a corporate intranet. If this service is stopped, remote desktop sharing will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start.
    TYPE : 110 WIN32_OWN_PROCESS INTERACTIVE_PROCESS
    START_TYPE : 3 DEMAND_START
    ERROR_CONTROL : 1 NORMAL
    BINARY_PATH_NAME : C:\WINDOWS\system32\mnmsrvc.exe
    LOAD_ORDER_GROUP :
    TAG : 0
    DISPLAY_NAME : NetMeeting Remote Desktop Sharing
    DEPENDENCIES :
    SERVICE_START_NAME: LocalSystem

    SERVICE_NAME: MpfService
    (null)
    TYPE : 10 WIN32_OWN_PROCESS
    START_TYPE : 2 AUTO_START
    ERROR_CONTROL : 1 NORMAL
    BINARY_PATH_NAME : C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
    LOAD_ORDER_GROUP :
    TAG : 0
    DISPLAY_NAME : McAfee Personal Firewall Service
    DEPENDENCIES :
    SERVICE_START_NAME: LocalSystem
    COMMAND : cAfee.com\PERSON~1\MPFSER~1.EXE" /servicecrash /fail=%1%
    FAIL_RESET_PERIOD : -1 seconds
    FAILURE_ACTIONS : Run command DELAY: 5000 seconds

    SERVICE_NAME: MSDTC
    Coordinates transactions that span multiple resource managers, such as databases, message queues, and file systems. If this service is stopped, these transactions will not occur. If this service is disabled, any services that explicitly depend on it will fail to start.
    TYPE : 10 WIN32_OWN_PROCESS
    START_TYPE : 4 DISABLED
    ERROR_CONTROL : 1 NORMAL
    BINARY_PATH_NAME : C:\WINDOWS\system32\msdtc.exe
    LOAD_ORDER_GROUP : MS Transactions
    TAG : 0
    DISPLAY_NAME : Distributed Transaction Coordinator
    DEPENDENCIES : RPCSS
    : SamSS
    SERVICE_START_NAME: NT AUTHORITY\NetworkService

    SERVICE_NAME: MSIServer
    Adds, modifies, and removes applications provided as a Windows Installer (*.msi) package. If this service is disabled, any services that explicitly depend on it will fail to start.
    TYPE : 20 WIN32_SHARE_PROCESS
    START_TYPE : 3 DEMAND_START
    ERROR_CONTROL : 1 NORMAL
    BINARY_PATH_NAME : C:\WINDOWS\system32\msiexec.exe /V
    LOAD_ORDER_GROUP :
    TAG : 0
    DISPLAY_NAME : Windows Installer
    DEPENDENCIES : RpcSs
    SERVICE_START_NAME: LocalSystem

    SERVICE_NAME: MySql
    (null)
    TYPE : 10 WIN32_OWN_PROCESS
    START_TYPE : 2 AUTO_START
    ERROR_CONTROL : 1 NORMAL
    BINARY_PATH_NAME : C:/mysql/bin/mysqld-nt.exe
    LOAD_ORDER_GROUP :
    TAG : 0
    DISPLAY_NAME : MySql
    DEPENDENCIES :
    SERVICE_START_NAME: LocalSystem

    SERVICE_NAME: Net139onrr
    (null)
    TYPE : 20 WIN32_SHARE_PROCESS
    START_TYPE : 3 DEMAND_START
    ERROR_CONTROL : 1 NORMAL
    BINARY_PATH_NAME :
    LOAD_ORDER_GROUP : NetBIOSGroup
    TAG : 1
    DISPLAY_NAME : Net139onrr
    DEPENDENCIES :
    SERVICE_START_NAME:

    SERVICE_NAME: NetDDE
    Provides network transport and security for Dynamic Data Exchange (DDE) for programs running on the same computer or on different computers. If this service is stopped, DDE transport and security will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start.
    TYPE : 20 WIN32_SHARE_PROCESS
    START_TYPE : 4 DISABLED
    ERROR_CONTROL : 1 NORMAL
    BINARY_PATH_NAME : C:\WINDOWS\system32
    etdde.exe
    LOAD_ORDER_GROUP : NetDDEGroup
    TAG : 0
    DISPLAY_NAME : Network DDE
    DEPENDENCIES : NetDDEDSDM
    SERVICE_START_NAME: LocalSystem

    SERVICE_NAME: NetDDEdsdm
    Manages Dynamic Data Exchange (DDE) network shares. If this service is stopped, DDE network shares will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start.
    TYPE : 20 WIN32_SHARE_PROCESS
    START_TYPE : 4 DISABLED
    ERROR_CONTROL : 1 NORMAL
    BINARY_PATH_NAME : C:\WINDOWS\system32
    etdde.exe
    LOAD_ORDER_GROUP :
    TAG : 0
    DISPLAY_NAME : Network DDE DSDM
    DEPENDENCIES :
    : EGrLocalSystem
    : Network DDE DSDM
    : etwork DDE
    : ª
    : 
    : 0U6
    : x6
    : Distribuƒ
    : 
    : T
    : a
    : 0U6
    : x6
    : Coordina€
    : 
    : ¬
    : 
    : 0U6
    : x6
    : ~
    : 
    : R
    : 
    : h6
    : h6
    : ges Dynamic Data Exchange (DDE) network shares. If this service is stopped, DDE network shares will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start.
    :
    : u
    : n
    : a
    : v
    : a
    : i
    : l
    : a
    : b
    : l
    : e
    : .
    :
    : I
    : f
    :
    : t
    : h
    : i
    : s
    :
    : s
    : e
    : r
    : v
    : i
    : c
    : e
    :
    : i
    : s
    :
    : d
    : i
    : s
    : a
    : b
    : l
    : e
    : d
    : ,
    :
    : a
    : n
    : y
    :
    : s
    : e
    : r
    : v
    : i
    : c
    : e
    : s
    :
    : t
    : h
    : a
    : t
    :
    : e
    : x
    : p
    : l
    : i
    : c
    : i
    : t
    : l
    : y
    :
    : d
    : e
    : p
    : e
    : n
    : d
    :
    : o
    : n
    :
    : i
    : t
    :
    : w
    : i
    : l
    : l
    :
    : f
    : a
    : i
    : l
    :
    : t
    : o
    :
    : s
    : t
    : a
    : r
    : t
    : .
    :
    SERVICE_START_NAME: LocalSystem

    SERVICE_NAME: Netlogon
    Supports pass-through authentication of account logon events for computers in a domain.
    TYPE : 20 WIN32_SHARE_PROCESS
    START_TYPE : 3 DEMAND_START
    ERROR_CONTROL : 1 NORMAL
    BINARY_PATH_NAME : C:\WINDOWS\system32\lsass.exe
    LOAD_ORDER_GROUP : RemoteValidation
    TAG : 0
    DISPLAY_NAME : Net Logon
    DEPENDENCIES : LanmanWorkstation
    SERVICE_START_NAME: LocalSystem

    SERVICE_NAME: Netman
    Manages objects in the Network and Dial-Up Connections folder, in which you can view both local area network and remote connections.
    TYPE : 120 WIN32_SHARE_PROCESS INTERACTIVE_PROCESS
    START_TYPE : 3 DEMAND_START
    ERROR_CONTROL : 1 NORMAL
    BINARY_PATH_NAME : C:\WINDOWS\System32\svchost.exe -k netsvcs
    LOAD_ORDER_GROUP :
    TAG : 0
    DISPLAY_NAME : Network Connections
    DEPENDENCIES : RpcSs
    SERVICE_START_NAME: LocalSystem

    SERVICE_NAME: Nla
    Collects and stores network configuration and location information, and notifies applications when this information changes.
    TYPE : 20 WIN32_SHARE_PROCESS
    START_TYPE : 3 DEMAND_START
    ERROR_CONTROL : 1 NORMAL
    BINARY_PATH_NAME : C:\WINDOWS\system32\svchost.exe -k netsvcs
    LOAD_ORDER_GROUP :
    TAG : 0
    DISPLAY_NAME : Network Location Awareness (NLA)
    DEPENDENCIES : Tcpip
    : Afd
    SERVICE_START_NAME: LocalSystem

    SERVICE_NAME: NtLmSsp
    Provides security to remote procedure call (RPC) programs that use transports other than named pipes.
    TYPE : 20 WIN32_SHARE_PROCESS
    START_TYPE : 3 DEMAND_START
    ERROR_CONTROL : 1 NORMAL
    BINARY_PATH_NAME : C:\WINDOWS\system32\lsass.exe
    LOAD_ORDER_GROUP :
    TAG : 0
    DISPLAY_NAME : NT LM Security Support Provider
    DEPENDENCIES :
    SERVICE_START_NAME: LocalSystem

    SERVICE_NAME: NtmsSvc
    (null)
    TYPE : 20 WIN32_SHARE_PROCESS
    START_TYPE : 3 DEMAND_START
    ERROR_CONTROL : 1 NORMAL
    BINARY_PATH_NAME : C:\WINDOWS\system32\svchost.exe -k netsvcs
    LOAD_ORDER_GROUP :
    TAG : 0
    DISPLAY_NAME : Removable Storage
    DEPENDENCIES : RpcSs
    SERVICE_START_NAME: LocalSystem

    SERVICE_NAME: NVSvc
    Provides system and desktop level support to the NVIDIA display driver
    TYPE : 10 WIN32_OWN_PROCESS
    START_TYPE : 2 AUTO_START
    ERROR_CONTROL : 1 NORMAL
    BINARY_PATH_NAME : C:\WINDOWS\system32
    vsvc32.exe
    LOAD_ORDER_GROUP :
    TAG : 0
    DISPLAY_NAME : NVIDIA Display Driver Service
    DEPENDENCIES :
    SERVICE_START_NAME: LocalSystem

    SERVICE_NAME: ose
    Hiermee worden de installatiebestanden opgeslagen die worden gebruikt voor het bijwerken en herstellen. Dit is vereist voor het downloaden van updates van Setup en van Watson-foutrapporten.
    TYPE : 10 WIN32_OWN_PROCESS
    START_TYPE : 3 DEMAND_START
    ERROR_CONTROL : 1 NORMAL
    BINARY_PATH_NAME : "C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE"
    LOAD_ORDER_GROUP :
    TAG : 0
    DISPLAY_NAME : Office Source Engine
    DEPENDENCIES :
    SERVICE_START_NAME: LocalSystem

    SERVICE_NAME: PHPGeekUtil
    Apache/1.3.23 (Win32)
    TYPE : 10 WIN32_OWN_PROCESS
    START_TYPE : 2 AUTO_START
    ERROR_CONTROL : 1 NORMAL
    BINARY_PATH_NAME : "c:\apache\APACHE.EXE" –ntservice
    LOAD_ORDER_GROUP :
    TAG : 0
    DISPLAY_NAME : PHPGeekUtil
    DEPENDENCIES : Tcpip
    : Afd
    SERVICE_START_NAME: LocalSystem

    SERVICE_NAME: PlugPlay
    Enables a computer to recognize and adapt to hardware changes with little or no user input. Stopping or disabling this service will result in system instability.
    TYPE : 20 WIN32_SHARE_PROCESS
    START_TYPE : 2 AUTO_START
    ERROR_CONTROL : 1 NORMAL
    BINARY_PATH_NAME : C:\WINDOWS\system32\services.exe
    LOAD_ORDER_GROUP : PlugPlay
    TAG : 0
    DISPLAY_NAME : Plug and Play
    DEPENDENCIES :
    SERVICE_START_NAME: LocalSystem

    SERVICE_NAME: PolicyAgent
    Manages IP security policy and starts the ISAKMP/Oakley (IKE) and the IP security driver.
    TYPE : 20 WIN32_SHARE_PROCESS
    START_TYPE : 2 AUTO_START
    ERROR_CONTROL : 1 NORMAL
    BINARY_PATH_NAME : C:\WINDOWS\system32\lsass.exe
    LOAD_ORDER_GROUP :
    TAG : 0
    DISPLAY_NAME : IPSEC Services
    DEPENDENCIES : RPCSS
    : Tcpip
    : IPSec
    SERVICE_START_NAME: LocalSystem

    SERVICE_NAME: ProtectedStorage
    Provides protected storage for sensitive data, such as private keys, to prevent access by unauthorized services, processes, or users.
    TYPE : 120 WIN32_SHARE_PROCESS INTERACTIVE_PROCESS
    START_TYPE : 2 AUTO_START
    ERROR_CONTROL : 1 NORMAL
    BINARY_PATH_NAME : C:\WINDOWS\system32\lsass.exe
    LOAD_ORDER_GROUP :
    TAG : 0
    DISPLAY_NAME : Protected Storage
    DEPENDENCIES : RpcSs
    SERVICE_START_NAME: LocalSystem

    SERVICE_NAME: RasAuto
    Creates a connection to a remote network whenever a program references a remote DNS or NetBIOS name or address.
    TYPE : 20 WIN32_SHARE_PROCESS
    START_TYPE : 3 DEMAND_START
    ERROR_CONTROL : 1 NORMAL
    BINARY_PATH_NAME : C:\WINDOWS\system32\svchost.exe -k netsvcs
    LOAD_ORDER_GROUP :
    TAG : 0
    DISPLAY_NAME : Remote Access Auto Connection Manager
    DEPENDENCIES : RasMan
    : Tapisrv
    SERVICE_START_NAME: LocalSystem

    SERVICE_NAME: RasMan
    Creates a network connection.
    TYPE : 20 WIN32_SHARE_PROCESS
    START_TYPE : 3 DEMAND_START
    ERROR_CONTROL : 1 NORMAL
    BINARY_PATH_NAME : C:\WINDOWS\system32\svchost.exe -k netsvcs
    LOAD_ORDER_GROUP :
    TAG : 0
    DISPLAY_NAME : Remote Access Connection Manager
    DEPENDENCIES : Tapisrv
    SERVICE_START_NAME: LocalSystem

    SERVICE_NAME: RDSessMgr
    Manages and controls Remote Assistance. If this service is stopped, Remote Assistance will be unavailable. Before stopping this service, see the Dependencies tab of the Properties dialog box.
    TYPE : 10 WIN32_OWN_PROCESS
    START_TYPE : 3 DEMAND_START
    ERROR_CONTROL : 1 NORMAL
    BINARY_PATH_NAME : C:\WINDOWS\system32\sessmgr.exe
    LOAD_ORDER_GROUP :
    TAG : 0
    DISPLAY_NAME : Remote Desktop Help Session Manager
    DEPENDENCIES : RPCSS
    SERVICE_START_NAME: LocalSystem

    SERVICE_NAME: RemoteAccess
    Offers routing services to businesses in local area and wide area network environments.
    TYPE : 20 WIN32_SHARE_PROCESS
    START_TYPE : 4 DISABLED
    ERROR_CONTROL : 1 NORMAL
    BINARY_PATH_NAME : C:\WINDOWS\system32\svchost.exe -k netsvcs
    LOAD_ORDER_GROUP :
    TAG : 0
    DISPLAY_NAME : Routing and Remote Access
    DEPENDENCIES : RpcSS
    : +NetBIOSGroup
    SERVICE_START_NAME: LocalSystem

    SERVICE_NAME: RemoteRegistry
    Enables remote users to modify registry settings on this computer. If this service is stopped, the registry can be modified only by users on this computer. If this service is disabled, any services that explicitly depend on it will fail to start.
    TYPE : 20 WIN32_SHARE_PROCESS
    START_TYPE : 4 DISABLED
    ERROR_CONTROL : 1 NORMAL
    BINARY_PATH_NAME : C:\WINDOWS\system32\svchost.exe -k LocalService
    LOAD_ORDER_GROUP :
    TAG : 0
    DISPLAY_NAME : Remote Registry
    DEPENDENCIES : RPCSS
    SERVICE_START_NAME: NT AUTHORITY\LocalService
    FAIL_RESET_PERIOD : 0 seconds
    FAILURE_ACTIONS : Restart DELAY: 1000 seconds

    SERVICE_NAME: RpcLocator
    Manages the RPC name service database.
    TYPE : 10 WIN32_OWN_PROCESS
    START_TYPE : 3 DEMAND_START
    ERROR_CONTROL : 1 NORMAL
    BINARY_PATH_NAME : C:\WINDOWS\system32\locator.exe
    LOAD_ORDER_GROUP :
    TAG : 0
    DISPLAY_NAME : Remote Procedure Call (RPC) Locator
    DEPENDENCIES : LanmanWorkstation
    SERVICE_START_NAME: NT AUTHORITY\NetworkService

    SERVICE_NAME: RpcSs
    Provides the endpoint mapper and other miscellaneous RPC services.
    TYPE : 20 WIN32_SHARE_PROCESS
    START_TYPE : 2 AUTO_START
    ERROR_CONTROL : 1 NORMAL
    BINARY_PATH_NAME : C:\WINDOWS\system32\svchost -k rpcss
    LOAD_ORDER_GROUP : COM Infrastructure
    TAG : 0
    DISPLAY_NAME : Remote Procedure Call (RPC)
    DEPENDENCIES :
    SERVICE_START_NAME: NT AUTHORITY\NetworkService
    FAIL_RESET_PERIOD : 0 seconds
    FAILURE_ACTIONS : Reboot DELAY: 60000 seconds

    SERVICE_NAME: RSVP
    Provides network signaling and local traffic control setup functionality for QoS-aware programs and control applets.
    TYPE : 10 WIN32_OWN_PROCESS
    START_TYPE : 3 DEMAND_START
    ERROR_CONTROL : 1 NORMAL
    BINARY_PATH_NAME : C:\WINDOWS\system32\rsvp.exe
    LOAD_ORDER_GROUP :
    TAG : 0
    DISPLAY_NAME : QoS RSVP
    DEPENDENCIES : TcpIp
    : Afd
    : RpcSs
    SERVICE_START_NAME: LocalSystem

    SERVICE_NAME: SamSs
    Stores security information for local user accounts.
    TYPE : 20 WIN32_SHARE_PROCESS
    START_TYPE : 2 AUTO_START
    ERROR_CONTROL : 1 NORMAL
    BINARY_PATH_NAME : C:\WINDOWS\system32\lsass.exe
    LOAD_ORDER_GROUP : LocalValidation
    TAG : 0
    DISPLAY_NAME : Security Accounts Manager
    DEPENDENCIES : RPCSS
    SERVICE_START_NAME: LocalSystem

    SERVICE_NAME: SandraDataSrv
    (null)
    TYPE : 110 WIN32_OWN_PROCESS INTERACTIVE_PROCESS
    START_TYPE : 3 DEMAND_START
    ERROR_CONTROL : 1 NORMAL
    BINARY_PATH_NAME : C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2005.SR1\RpcDataSrv.exe
    LOAD_ORDER_GROUP :
    TAG : 0
    DISPLAY_NAME : Sandra Data Service
    DEPENDENCIES : RPCSS
    SERVICE_START_NAME: LocalSystem

    SERVICE_NAME: SandraTheSrv
    (null)
    TYPE : 110 WIN32_OWN_PROCESS INTERACTIVE_PROCESS
    START_TYPE : 3 DEMAND_START
    ERROR_CONTROL : 1 NORMAL
    BINARY_PATH_NAME : C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2005.SR1\RpcSandraSrv.exe
    LOAD_ORDER_GROUP :
    TAG : 0
    DISPLAY_NAME : Sandra Service
    DEPENDENCIES : RPCSS
    SERVICE_START_NAME: LocalSystem

    SERVICE_NAME: SCardSvr
    Manages access to smart cards read by this computer. If this service is stopped, this computer will be unable to read smart cards. If this service is disabled, any services that explicitly depend on it will fail to start.
    TYPE : 20 WIN32_SHARE_PROCESS
    START_TYPE : 3 DEMAND_START
    ERROR_CONTROL : 0 IGNORE
    BINARY_PATH_NAME : C:\WINDOWS\System32\SCardSvr.exe
    LOAD_ORDER_GROUP : SmartCardGroup
    TAG : 0
    DISPLAY_NAME : Smart Card
    DEPENDENCIES : PlugPlay
    SERVICE_START_NAME: NT AUTHORITY\LocalService

    SERVICE_NAME: Schedule
    Enables a user to configure and schedule automated tasks on this computer. If this service is stopped, these tasks will not be run at their scheduled times. If this service is disabled, any services that explicitly depend on it will fail to start.
    TYPE : 20 WIN32_SHARE_PROCESS
    START_TYPE : 2 AUTO_START
    ERROR_CONTROL : 1 NORMAL
    BINARY_PATH_NAME : C:\WINDOWS\System32\svchost.exe -k netsvcs
    LOAD_ORDER_GROUP : SchedulerGroup
    TAG : 0
    DISPLAY_NAME : Task Scheduler
    DEPENDENCIES : RpcSs
    SERVICE_START_NAME: LocalSystem
    FAIL_RESET_PERIOD : 86400 seconds
    FAILURE_ACTIONS : Restart DELAY: 6000 seconds
    : Restart DELAY: 60000 seconds
    : None DELAY: 0 seconds

    SERVICE_NAME: seclogon
    Enables starting processes under alternate credentials. If this service is stopped, this type of logon access will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start.
    TYPE : 120 WIN32_SHARE_PROCESS INTERACTIVE_PROCESS
    START_TYPE : 2 AUTO_START
    ERROR_CONTROL : 0 IGNORE
    BINARY_PATH_NAME : C:\WINDOWS\System32\svchost.exe -k netsvcs
    LOAD_ORDER_GROUP :
    TAG : 0
    DISPLAY_NAME : Secondary Logon
    DEPENDENCIES :
    SERVICE_START_NAME: LocalSystem

    SERVICE_NAME: SENS
    Tracks system events such as Windows logon, network, and power events. Notifies COM+ Event System subscribers of these events.
    TYPE : 20 WIN32_SHARE_PROCESS
    START_TYPE : 2 AUTO_START
    ERROR_CONTROL : 1 NORMAL
    BINARY_PATH_NAME : C:\WINDOWS\system32\svchost.exe -k netsvcs
    LOAD_ORDER_GROUP : Network
    TAG : 0
    DISPLAY_NAME : System Event Notification
    DEPENDENCIES : EventSystem
    SERVICE_START_NAME: LocalSystem

    SERVICE_NAME: SharedAccess
    Provides network address translation, addressing, name resolution and/or intrusion prevention services for a home or small office network.
    TYPE : 20 WIN32_SHARE_PROCESS
    START_TYPE : 4 DISABLED
    ERROR_CONTROL : 1 NORMAL
    BINARY_PATH_NAME : C:\WINDOWS\system32\svchost.exe -k netsvcs
    LOAD_ORDER_GROUP :
    TAG : 0
    DISPLAY_NAME : Windows Firewall/Internet Connection Sharing (ICS)
    DEPENDENCIES : Netman
    : WinMgmt
    SERVICE_START_NAME: LocalSystem

    SERVICE_NAME: ShellHWDetection
    Provides notifications for AutoPlay hardware events.
    TYPE : 20 WIN32_SHARE_PROCESS
    START_TYPE : 2 AUTO_START
    ERROR_CONTROL : 0 IGNORE
    BINARY_PATH_NAME : C:\WINDOWS\System32\svchost.exe -k netsvcs
    LOAD_ORDER_GROUP : ShellSvcGroup
    TAG : 0
    DISPLAY_NAME : Shell Hardware Detection
    DEPENDENCIES : RpcSs
    SERVICE_START_NAME: LocalSystem

    SERVICE_NAME: SNMP
    Includes agents that monitor the activity in network devices and report to the network console workstation.
    TYPE : 10 WIN32_OWN_PROCESS
    START_TYPE : 2 AUTO_START
    ERROR_CONTROL : 1 NORMAL
    BINARY_PATH_NAME : C:\WINDOWS\System32\snmp.exe
    LOAD_ORDER_GROUP :
    TAG : 0
    DISPLAY_NAME : SNMP Service
    DEPENDENCIES : EventLog
    SERVICE_START_NAME: LocalSystem

    SERVICE_NAME: SNMPTRAP
    Receives trap messages generated by local or remote SNMP agents and forwards the messages to SNMP management programs running on this computer.
    TYPE : 10 WIN32_OWN_PROCESS
    START_TYPE : 3 DEMAND_START
    ERROR_CONTROL : 1 NORMAL
    BINARY_PATH_NAME : C:\WINDOWS\System32\snmptrap.exe
    LOAD_ORDER_GROUP :
    TAG : 0
    DISPLAY_NAME : SNMP Trap Service
    DEPENDENCIES : EventLog
    SERVICE_START_NAME: NT AUTHORITY\LocalService

    SERVICE_NAME: Spooler
    Loads files to memory for later printing.
    TYPE : 110 WIN32_OWN_PROCESS INTERACTIVE_PROCESS
    START_TYPE : 2 AUTO_START
    ERROR_CONTROL : 1 NORMAL
    BINARY_PATH_NAME : C:\WINDOWS\system32\spoolsv.exe
    LOAD_ORDER_GROUP : SpoolerGroup
    TAG : 0
    DISPLAY_NAME : Print Spooler
    DEPENDENCIES : RPCSS
    SERVICE_START_NAME: LocalSystem
    FAIL_RESET_PERIOD : 86400 seconds
    FAILURE_ACTIONS : Restart DELAY: 60000 seconds
    : Restart DELAY: 60000 seconds
    : None DELAY: 0 seconds

    SERVICE_NAME: srservice
    Performs system restore functions. To stop service, turn off System Restore from the System Restore tab in My Computer->Properties
    TYPE : 20 WIN32_SHARE_PROCESS
    START_TYPE : 2 AUTO_START
    ERROR_CONTROL : 1 NORMAL
    BINARY_PATH_NAME : C:\WINDOWS\system32\svchost.exe -k netsvcs
    LOAD_ORDER_GROUP :
    TAG : 0
    DISPLAY_NAME : System Restore Service
    DEPENDENCIES : RpcSs
    SERVICE_START_NAME: LocalSystem

    SERVICE_NAME: SSDPSRV
    Enables discovery of UPnP devices on your home network.
    TYPE : 20 WIN32_SHARE_PROCESS
    START_TYPE : 3 DEMAND_START
    ERROR_CONTROL : 1 NORMAL
    BINARY_PATH_NAME : C:\WINDOWS\system32\svchost.exe -k LocalService
    LOAD_ORDER_GROUP :
    TAG : 0
    DISPLAY_NAME : SSDP Discovery Service
    DEPENDENCIES : HTTP
    SERVICE_START_NAME: NT AUTHORITY\LocalService

    SERVICE_NAME: stisvc
    Provides image acquisition services for scanners and cameras.
    TYPE : 20 WIN32_SHARE_PROCESS
    START_TYPE : 3 DEMAND_START
    ERROR_CONTROL : 1 NORMAL
    BINARY_PATH_NAME : C:\WINDOWS\system32\svchost.exe -k imgsvc
    LOAD_ORDER_GROUP :
    TAG : 0
    DISPLAY_NAME : Windows Image Acquisition (WIA)
    DEPENDENCIES : RpcSs
    SERVICE_START_NAME: LocalSystem

    SERVICE_NAME: SwPrv
    Manages software-based volume shadow copies taken by the Volume Shadow Copy service. If this service is stopped, software-based volume shadow copies cannot be managed. If this service is disabled, any services that explicitly depend on it will fail to start.
    TYPE : 10 WIN32_OWN_PROCESS
    START_TYPE : 3 DEMAND_START
    ERROR_CONTROL : 0 IGNORE
    BINARY_PATH_NAME : C:\WINDOWS\system32\dllhost.exe /Processid:{BBC154A7-BE5C-41BA-82CB-8E4DAB33FE7C}
    LOAD_ORDER_GROUP :
    TAG : 0
    DISPLAY_NAME : MS Software Shadow Copy Provider
    DEPENDENCIES : rpcss
    SERVICE_START_NAME: LocalSystem

    SERVICE_NAME: SysmonLog
    Collects performance data from local or remote computers based on preconfigured schedule parameters, then writes the data to a log or triggers an alert. If this service is stopped, performance information will not be collected. If this service is disabled, any services that explicitly depend on it will fail to start.
    TYPE : 10 WIN32_OWN_PROCESS
    START_TYPE : 3 DEMAND_START
    ERROR_CONTROL : 1 NORMAL
    BINARY_PATH_NAME : C:\WINDOWS\system32\smlogsvc.exe
    LOAD_ORDER_GROUP :
    TAG : 0
    DISPLAY_NAME : Performance Logs and Alerts
    DEPENDENCIES :
    SERVICE_START_NAME: NT Authority\NetworkService

    SERVICE_NAME: TapiSrv
    Provides Telephony API (TAPI) support for programs that control telephony devices and IP based voice connections on the local computer and, through the LAN, on servers that are also running the service.
    TYPE : 20 WIN32_SHARE_PROCESS
    START_TYPE : 3 DEMAND_START
    ERROR_CONTROL : 1 NORMAL
    BINARY_PATH_NAME : C:\WINDOWS\System32\svchost.exe -k netsvcs
    LOAD_ORDER_GROUP :
    TAG : 0
    DISPLAY_NAME : Telephony
    DEPENDENCIES : PlugPlay
    : RpcSs
    SERVICE_START_NAME: LocalSystem

    SERVICE_NAME: TermService
    Allows multiple users to be connected interactively to a machine as well as the display of desktops and applications to remote computers. The underpinning of Remote Desktop (including RD for Administrators), Fast User Switching, Remote Assistance, and Terminal Server.
    TYPE : 20 WIN32_SHARE_PROCESS
    START_TYPE : 3 DEMAND_START
    ERROR_CONTROL : 1 NORMAL
    BINARY_PATH_NAME : C:\WINDOWS\System32\svchost -k DComLaunch
    LOAD_ORDER_GROUP :
    TAG : 0
    DISPLAY_NAME : Terminal Services
    DEPENDENCIES : RPCSS
    SERVICE_START_NAME: LocalSystem

    SERVICE_NAME: Themes
    Provides user experience theme management.
    TYPE : 20 WIN32_SHARE_PROCESS
    START_TYPE : 2 AUTO_START
    ERROR_CONTROL : 1 NORMAL
    BINARY_PATH_NAME : C:\WINDOWS\System32\svchost.exe -k netsvcs
    LOAD_ORDER_GROUP : UIGroup
    TAG : 0
    DISPLAY_NAME : Themes
    DEPENDENCIES :
    SERVICE_START_NAME: LocalSystem
    FAIL_RESET_PERIOD : 86400 seconds
    FAILURE_ACTIONS : Restart DELAY: 60000 seconds
    : Restart DELAY: 60000 seconds
    : None DELAY: 0 seconds

    SERVICE_NAME: TlntSvr
    Enables a remote user to log on to this computer and run programs, and supports various TCP/IP Telnet clients, including UNIX-based and Windows-based computers. If this service is stopped, remote user access to programs might be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start.
    TYPE : 10 WIN32_OWN_PROCESS
    START_TYPE : 4 DISABLED
    ERROR_CONTROL : 1 NORMAL
    BINARY_PATH_NAME : C:\WINDOWS\system32\tlntsvr.exe
    LOAD_ORDER_GROUP :
    TAG : 0
    DISPLAY_NAME : Telnet
    DEPENDENCIES : RPCSS
    : TCPIP
    : NTLMSSP
    SERVICE_START_NAME: LocalSystem

    SERVICE_NAME: TrkWks
    Maintains links between NTFS files within a computer or across computers in a network domain.
    TYPE : 20 WIN32_SHARE_PROCESS
    START_TYPE : 2 AUTO_START
    ERROR_CONTROL : 1 NORMAL
    BINARY_PATH_NAME : C:\WINDOWS\system32\svchost.exe -k netsvcs
    LOAD_ORDER_GROUP :
    TAG : 0

    DISPLAY_NAME : Distributed Link Tracking Client
    DEPENDENCIES : RpcSs
    SERVICE_START_NAME: LocalSystem

    SERVICE_NAME: UMWdf
    Activeert USD's (User Mode Drivers) voor Windows.
    TYPE : 10 WIN32_OWN_PROCESS
    START_TYPE : 2 AUTO_START
    ERROR_CONTROL : 1 NORMAL
    BINARY_PATH_NAME : C:\WINDOWS\system32\wdfmgr.exe
    LOAD_ORDER_GROUP :
    TAG : 0
    DISPLAY_NAME : Windows User Mode Driver Framework
    DEPENDENCIES : RpcSs
    SERVICE_START_NAME: NT AUTHORITY\LocalService

    SERVICE_NAME: upnphost
    Provides support to host Universal Plug and Play devices.
    TYPE : 20 WIN32_SHARE_PROCESS
    START_TYPE : 3 DEMAND_START
    ERROR_CONTROL : 1 NORMAL
    BINARY_PATH_NAME : C:\WINDOWS\system32\svchost.exe -k LocalService
    LOAD_ORDER_GROUP :
    TAG : 0
    DISPLAY_NAME : Universal Plug and Play Device Host
    DEPENDENCIES : SSDPSRV
    : HTTP
    SERVICE_START_NAME: NT AUTHORITY\LocalService
    FAIL_RESET_PERIOD : -1 seconds
    FAILURE_ACTIONS : Restart DELAY: 0 seconds

    SERVICE_NAME: UPS
    Manages an uninterruptible power supply (UPS) connected to the computer.
    TYPE : 10 WIN32_OWN_PROCESS
    START_TYPE : 3 DEMAND_START
    ERROR_CONTROL : 1 NORMAL
    BINARY_PATH_NAME : C:\WINDOWS\System32\ups.exe
    LOAD_ORDER_GROUP :
    TAG : 0
    DISPLAY_NAME : Uninterruptible Power Supply
    DEPENDENCIES :
    SERVICE_START_NAME: LocalSystem

    SERVICE_NAME: UserAccess7
    (null)
    TYPE : 10 WIN32_OWN_PROCESS
    START_TYPE : 2 AUTO_START
    ERROR_CONTROL : 1 NORMAL
    BINARY_PATH_NAME : C:\WINDOWS\system32\UAService7.exe
    LOAD_ORDER_GROUP :
    TAG : 0
    DISPLAY_NAME : SecuROM User Access Service (V7)
    DEPENDENCIES :
    SERVICE_START_NAME: LocalSystem

    SERVICE_NAME: VSS
    Manages and implements Volume Shadow Copies used for backup and other purposes. If this service is stopped, shadow copies will be unavailable for backup and the backup may fail. If this service is disabled, any services that explicitly depend on it will fail to start.
    TYPE : 10 WIN32_OWN_PROCESS
    START_TYPE : 3 DEMAND_START
    ERROR_CONTROL : 1 NORMAL
    BINARY_PATH_NAME : C:\WINDOWS\System32\vssvc.exe
    LOAD_ORDER_GROUP :
    TAG : 0
    DISPLAY_NAME : Volume Shadow Copy
    DEPENDENCIES : RPCSS
    SERVICE_START_NAME: LocalSystem

    SERVICE_NAME: W32Time
    Maintains date and time synchronization on all clients and servers in the network. If this service is stopped, date and time synchronization will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start.


    TYPE : 20 WIN32_SHARE_PROCESS
    START_TYPE : 2 AUTO_START
    ERROR_CONTROL : 1 NORMAL
    BINARY_PATH_NAME : C:\WINDOWS\System32\svchost.exe -k netsvcs
    LOAD_ORDER_GROUP :
    TAG : 0
    DISPLAY_NAME : Windows Time
    DEPENDENCIES :
    SERVICE_START_NAME: LocalSystem

    SERVICE_NAME: WebClient
    Enables Windows-based programs to create, access, and modify Internet-based files. If this service is stopped, these functions will not be available. If this service is disabled, any services that explicitly depend on it will fail to start.
    TYPE : 20 WIN32_SHARE_PROCESS
    START_TYPE : 2 AUTO_START
    ERROR_CONTROL : 1 NORMAL
    BINARY_PATH_NAME : C:\WINDOWS\system32\svchost.exe -k LocalService
    LOAD_ORDER_GROUP : NetworkProvider
    TAG : 0
    DISPLAY_NAME : WebClient
    DEPENDENCIES : MRxDAV
    SERVICE_START_NAME: NT AUTHORITY\LocalService

    SERVICE_NAME: winmgmt
    Provides a common interface and object model to access management information about operating system, devices, applications and services. If this service is stopped, most Windows-based software will not function properly. If this service is disabled, any services that explicitly depend on it will fail to start.
    TYPE : 20 WIN32_SHARE_PROCESS
    START_TYPE : 2 AUTO_START
    ERROR_CONTROL : 0 IGNORE
    BINARY_PATH_NAME : C:\WINDOWS\system32\svchost.exe -k netsvcs
    LOAD_ORDER_GROUP :
    TAG : 0
    DISPLAY_NAME : Windows Management Instrumentation
    DEPENDENCIES : RPCSS
    SERVICE_START_NAME: LocalSystem
    FAIL_RESET_PERIOD : 86400 seconds
    FAILURE_ACTIONS : Restart DELAY: 60000 seconds
    : Restart DELAY: 60000 seconds

    SERVICE_NAME: WMDM PMSP Service
    (null)
    TYPE : 10 WIN32_OWN_PROCESS
    START_TYPE : 2 AUTO_START
    ERROR_CONTROL : 1 NORMAL
    BINARY_PATH_NAME : C:\WINDOWS\system32\MsPMSPSv.exe
    LOAD_ORDER_GROUP :
    TAG : 0
    DISPLAY_NAME : WMDM PMSP Service
    DEPENDENCIES :
    SERVICE_START_NAME: LocalSystem

    SERVICE_NAME: WmdmPmSN
    Retrieves the serial number of any portable media player connected to this computer. If this service is stopped, protected content might not be down loaded to the device.
    TYPE : 20 WIN32_SHARE_PROCESS
    START_TYPE : 3 DEMAND_START
    ERROR_CONTROL : 1 NORMAL
    BINARY_PATH_NAME : C:\WINDOWS\System32\svchost.exe -k netsvcs
    LOAD_ORDER_GROUP :
    TAG : 0
    DISPLAY_NAME : Portable Media Serial Number Service
    DEPENDENCIES :
    SERVICE_START_NAME: LocalSystem

    SERVICE_NAME: Wmi
    Provides systems management information to and from drivers.
    TYPE : 20 WIN32_SHARE_PROCESS
    START_TYPE : 3 DEMAND_START
    ERROR_CONTROL : 1 NORMAL
    BINARY_PATH_NAME : C:\WINDOWS\System32\svchost.exe -k netsvcs
    LOAD_ORDER_GROUP :
    TAG : 0
    DISPLAY_NAME : Windows Management Instrumentation Driver Extensions
    DEPENDENCIES :
    SERVICE_START_NAME: LocalSystem

    SERVICE_NAME: WmiApSrv
    Provides performance library information from WMI HiPerf providers.
    TYPE : 10 WIN32_OWN_PROCESS
    START_TYPE : 3 DEMAND_START
    ERROR_CONTROL : 1 NORMAL
    BINARY_PATH_NAME : C:\WINDOWS\system32\wbem\wmiapsrv.exe
    LOAD_ORDER_GROUP :
    TAG : 0
    DISPLAY_NAME : WMI Performance Adapter
    DEPENDENCIES : RPCSS
    SERVICE_START_NAME: LocalSystem

    SERVICE_NAME: wscsvc
    Monitors system security settings and configurations.
    TYPE : 20 WIN32_SHARE_PROCESS
    START_TYPE : 4 DISABLED
    ERROR_CONTROL : 1 NORMAL
    BINARY_PATH_NAME : C:\WINDOWS\System32\svchost.exe -k netsvcs
    LOAD_ORDER_GROUP :
    TAG : 0
    DISPLAY_NAME : Security Center
    DEPENDENCIES : RpcSs
    : winmgmt
    SERVICE_START_NAME: LocalSystem

    SERVICE_NAME: wuauserv
    Enables the download and installation of Windows updates. If this service is disabled, this computer will not be able to use the Automatic Updates feature or the Windows Update Web site.
    TYPE : 20 WIN32_SHARE_PROCESS
    START_TYPE : 4 DISABLED
    ERROR_CONTROL : 1 NORMAL
    BINARY_PATH_NAME : C:\WINDOWS\system32\svchost.exe -k netsvcs
    LOAD_ORDER_GROUP :
    TAG : 0
    DISPLAY_NAME : Automatic Updates
    DEPENDENCIES :
    SERVICE_START_NAME: LocalSystem

    SERVICE_NAME: WZCSVC
    Provides automatic configuration for the 802.11 adapters
    TYPE : 20 WIN32_SHARE_PROCESS
    START_TYPE : 2 AUTO_START
    ERROR_CONTROL : 1 NORMAL
    BINARY_PATH_NAME : C:\WINDOWS\System32\svchost.exe -k netsvcs
    LOAD_ORDER_GROUP : TDI
    TAG : 0
    DISPLAY_NAME : Wireless Zero Configuration
    DEPENDENCIES : RpcSs
    : Ndisuio
    SERVICE_START_NAME: LocalSystem

    SERVICE_NAME: xmlprov
    Manages XML configuration files on a domain basis for automatic network provisioning.
    TYPE : 20 WIN32_SHARE_PROCESS
    START_TYPE : 3 DEMAND_START
    ERROR_CONTROL : 1 NORMAL
    BINARY_PATH_NAME : C:\WINDOWS\System32\svchost.exe -k netsvcs
    LOAD_ORDER_GROUP :
    TAG : 0
    DISPLAY_NAME : Network Provisioning Service
    DEPENDENCIES : RpcSs
    SERVICE_START_NAME: LocalSystem





    Ik heb inmiddels ook het wvssc.exe (.dll heb ik laten staan 8) ) verwijderd.

    Kan iemand mij helpen met windows update? :

    Windows Update cannot continue because a required service application is disabled. Windows Update requires the following services:
    Automatic Updates enables detection, downloading, and installation of critical updates for your computer.
    Background Intelligent Transfer Service (BITS) enables faster, restartable downloading of updates.
    Event Log logs Windows Update events for troubleshooting. To ensure that these services are enabled:

    1. Click Start, and then click Run.
    2. Type services.msc and then click OK.
    3. In the list of services, right-click the service name, and then click Properties.
    4. In the Startup type list, select Automatic.
    5. Verify that the service status is started.

    If this does not resolve the problem you may request help from one of the following resources.

    For self-help options:
    Windows Update Response Center
    Windows Update Troubleshooter
    Windows Update Newsgroups

    For assisted support options:
    Microsoft Online Assisted Support (no-cost for Windows Update issues)

    Read more about steps you can take to resolve this problem yourself.


  • Open een klablokbestand.
    Kopieer onderstaande code in dit kladblokbestand.
    Ga naar Bestand - Opslaan als.
    Bij "Opslaan in" kies je: Bureaublad
    Bij "Bestandsnaam" zet je: fix.reg
    Bij "Opslaan als type" selecteer je: Alle bestanden (*.*).
    Klik op de knop Opslaan.
    [code:1:a8ed16d0fc]REGEDIT4

    [-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\GencTurK RootKit Driver]

    [-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\GencTurK RootKit]

    [-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Safeboot\Minimal\GencTurK RootKit]

    [-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Safeboot\Network\GencTurK RootKit]

    [-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\GencTurk RootKit]

    [-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\GencTurk RootKit Driver]

    [-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Safeboot\Minimal\GencTurK RootKit]

    [-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Safeboot\Network\GencTurK RootKit]

    [-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\GencTurk RootKit]

    [-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\GencTurk RootKit Driver]

    [-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\Safeboot\Minimal\GencTurK RootKit]

    [-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\Safeboot\Network\GencTurK RootKit]

    [-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\GencTurk RootKit]

    [-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\GencTurk RootKit Driver]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wscsvc]
    "Start"=dword:00000002

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess]
    "Start"=dword:00000002

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv]
    "Start"=dword:00000002
    [/code:1:a8ed16d0fc]
    Dubbelklik op de fix.reg file en laat de wijzigingen aan het register toevoegen.


    Herstart de computer en maak een nieuwe hijackthislog. Post deze
  • Controleer of windows update werkt. Zou met de regfile opgelost moeten zijn.
  • Bedank (bijna) alles werkt nu!!! :D :D

    IEDEREEN BEDANKT VOOR DE HULP!!!

    Ik heb nog wel 2 vraagjes,

    Er zijn alweer 2 trojans onderschept door de virusscanner waaronder kelvin32(?), is het mogelijk dat er nog dingen op mijn pc staan (foute bestanden)?

    Toen ik via netwerk wat over wilde zetten op een ander pc kreeg ik geen verbinding met de werkgroep, wat ik een week geleden nog wel had, alle instellingen staan zoals ze horen, hebben jullie een oplossing?

    Hier nog het hijackthis log bestand:

    Logfile of HijackThis v1.99.1
    Scan saved at 23:43:56, on 3-6-2005
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
    C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
    C:\WINDOWS\system32\CTsvcCDA.exe
    c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
    C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
    C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
    c:\progra~1\mcafee.com\vso\mcvsescn.exe
    C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
    C:\Program Files\Creative\SB Live! 24-bit\Surround Mixer\CTSysVol.exe
    c:\program files\mcafee.com\agent\mcagent.exe
    C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
    C:\PROGRA~1\COMMON~1\PCSuite\DATALA~1\DATALA~1.EXE
    C:\Program Files\Google\Gmail Notifier\gnotify.exe
    C:\mysql\bin\mysqld-nt.exe
    C:\Program Files\Nokia\Nokia PC Suite 6\Launch Application 2.exe
    C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
    C:\HP\KBD\KBD.EXE
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\MSN Messenger\MsnMsgr.Exe
    C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
    c:\apache\APACHE.EXE
    c:\apache\APACHE.EXE
    C:\WINDOWS\System32\snmp.exe
    C:\Program Files\Logitech\MouseWare\system\em_exec.exe
    C:\PROGRA~1\COMMON~1\PCSuite\Services\SERVIC~1.EXE
    C:\WINDOWS\system32\UAService7.exe
    C:\WINDOWS\system32\MsPMSPSv.exe
    c:\PROGRA~1\mcafee.com\vso\mcshield.exe
    C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
    c:\progra~1\mcafee.com\vso\mcvsftsn.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\BitComet\BitComet.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    c:\program files\mcafee.com\vso\mcmnhdlr.exe
    c:\program files\mcafee.com\shared\mghtml.exe
    C:\Documents and Settings\Hatseflats\Desktop\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/
    N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\Hatseflats\Application Data\Mozilla\Profiles\default
    ktfl9a6.slt\prefs.js)
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
    O2 - BHO: Idea2 SidebarBrowserMonitor Class - {45AD732C-2CE2-4666-B366-B2214AD57A49} - C:\Program Files\Desktop Sidebar\sbhelp.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O2 - BHO: Ipswitch.WsftpBrowserHelper - {601ED020-FB6C-11D3-87D8-0050DA59922B} - C:\Program Files\Ipswitch\WS_FTP Pro\wsbho2k0.dll
    O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
    O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
    O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
    O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
    O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
    O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
    O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
    O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SB Live! 24-bit\Surround Mixer\CTSysVol.exe

    O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [BootSkin Startup Jobs] "C:\PROGRA~1\Stardock\WINCUS~1\BootSkin\BootSkin.exe" /StartupJobs
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
    O4 - HKLM\..\Run: [DataLayer] C:\PROGRA~1\COMMON~1\PCSuite\DATALA~1\DATALA~1.EXE
    O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033 -noicon
    O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\gnotify.exe
    O4 - HKLM\..\Run: [AsioReg] REGSVR32 /S CTASIO.DLL
    O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
    O4 - HKLM\..\Run: [DevconDefaultDB] C:\WINDOWS\READREG /PSCONV={NO}
    O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\Launch Application 2.exe -onlytray
    O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime
    O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
    O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [FUIClearHis] C:\Program Files\FreshDevices\FreshUI\freshui.exe 0 1 3 4 5 9 10 11 12 13 14 16 17
    O4 - HKCU\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
    O4 - Global Startup: ATI CATALYST System Tray.lnk = C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
    O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
    O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O8 - Extra context menu item: Subscribe in Desktop Sidebar - res://C:\Program Files\Desktop Sidebar\sbhelp.dll/menuhandler.html
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin
    pjpi150_02.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin
    pjpi150_02.dll
    O9 - Extra button: Subscribe in Desktop Sidebar - {09FE188B-6E85-479e-9411-51FB2220DF80} - C:\Program Files\Desktop Sidebar\sbhelp.dll
    O9 - Extra 'Tools' menuitem: Subscribe in Desktop Sidebar - {09FE188B-6E85-479e-9411-51FB2220DF80} - C:\Program Files\Desktop Sidebar\sbhelp.dll
    O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: RaptisoftGameLoader - http://www.miniclip.com/hamsterball
    aptisoftgameloader.cab
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://groups.msn.com/controls/PhotoUC/MsnPUpld.cab
    O16 - DPF: {6211AC26-A1B4-422A-AC52-1E70B7D24465} (FileSharingCtrl Class) - http://appdirectory.messenger.msn.com/AppDirectory/P4Apps/FileSharing/nl/filesharingctrl.cab
    O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
    O16 - DPF: {9059F30F-4EB1-4BD2-9FDC-36F43A218F4A} (Microsoft RDP Client Control (redist)) - http://www.e-rocu.nl/techniek/TSWEB/msrdp.cab
    O16 - DPF: {9A54032D-31F7-400D-B184-83B33BDE65FA} (MSN File Upload Control) - http://sc.groups.msn.com/controls/FileUC/MsnUpld.cab
    O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
    O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game11.zylomgames.com/activex/zylomgamesplayer.cab
    O16 - DPF: {C4925E65-7A1E-11D2-8BB4-00A0C9CC72C3} (Virtools WebPlayer Class) - http://a532.g.akamai.net/7/532/6712/6c5b0a1ae398e3/player.virtools.com/downloads/player/Install2.5/Installer.exe
    O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{6A64F30E-9579-423E-8397-26EFA2D7CED3}: NameServer = 192.168.7.1,194.98.0.1
    O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
    O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: Autodesk Licensing Service - Unknown owner - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
    O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
    O23 - Service: iPod-service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
    O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
    O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
    O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Networks Associates Technology, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
    O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
    O23 - Service: MySql - Unknown owner - C:/mysql/bin/mysqld-nt.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32
    vsvc32.exe
    O23 - Service: PHPGeekUtil - Unknown owner - c:\apache\APACHE.EXE" –ntservice (file missing)
    O23 - Service: Sandra Data Service (SandraDataSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2005.SR1\RpcDataSrv.exe
    O23 - Service: Sandra Service (SandraTheSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2005.SR1\RpcSandraSrv.exe
    O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Unknown owner - C:\WINDOWS\system32\UAService7.exe


    Wederom bedankt voor alle geweldige hulp!





  • Download WinsockFix
    Unzip het en plaats het op je bureaublad.
    Na downloaden Winsockfix.exe aanklikken en "Reg backup" klikken,
    je huidig register word nu opgeslaan in de map "ERDNT"
    Daarna klik je "Fix" de Winsockfix Utility doet dan het volgende:

    1) Controleert je Windows versie
    2) Releast uw IP-adress zodat je Offline bent
    3) Reset de TCP stack door Netsh.exe te gebruiken (Windows XP alleen)
    4) Verwijderd de huidige TCP en Winsock waardes in het register
    5) Nieuwe "werkende" waardes worden in de plaats gezet
    6) Uw huidig Host bestand word gebackupt
    7) Er word een standaard Host bestand geplaatst en de computer herstart.
  • Ik heb het geprobeerd, maar het backuppen mislukte, maar ik drukte toch op fix, maar daarna had ik helemaal geen internet verbinding meer :-?

    Ik heb toen dus maar een herstelpunt gebruikt.

    Steggel, Kan ik trouwens de map system32/software verwijderen, volgens de virusscanner was het malware en werdt het herkend als virus.
  • Ik had even moeten opletten bij de winsockfix.

    Dit programma herstelt de instellingen weer naar DCHP maar ik zie een regel O17 met 192.168.7.1,194.98.0.1

    192.168.7.1 hoort bij een lokaal netwerk dus hadden de netwerk instellingen nadien moeten worden gewijzigd.

    Goed, je hebt nu een herstelpunt terug kunnen zetten. Is dat een herstelpunt van voor de infectie?

    De directory C:\Windows\Sytem32\Software mag je geheel verwijderen.
    Er staan 269 bestanden in die de zelfde grootte hebben 107 of 108 kb.

    Zijn de netwerkshares ook hersteld?
    Ik ben druk bezig alle wijzigingen die door dit virus zijn gemaakt in kaart te brengen.

    Sjaak
  • Wat ik weet is dat het virus ook ginfecteerde herstelpunten aanmaakte. Deze heb ik dus moeten verwijderen en ik heb nadat alles het weer deed een herstelpunt gemaakt
  • Heb je ook nog een herstelpunt van voor de infectie?
    Er zijn namelijk wel erg veel instellingen in het register gewijzigd.

    Het is voor ons lastig om dit te herstellen omdat de oude waarden niet altijd bekend zijn.

    Sjaak
  • Klopt.
    Er wordt heel wat gewijzigd / toegvoegd in het register en volledig herstellen naar de oorspronkelijke staat wordt wel heel moeilijk bij deze infectie.

Beantwoord deze vraag

Dit is een gearchiveerde pagina. Antwoorden is niet meer mogelijk.