Op deze website gebruiken we cookies om content en advertenties te personaliseren, om functies voor social media te bieden en om ons websiteverkeer te analyseren. Ook delen we informatie over uw gebruik van onze site met onze partners voor social media, adverteren en analyse. Deze partners kunnen deze gegevens combineren met andere informatie die u aan ze heeft verstrekt of die ze hebben verzameld op basis van uw gebruik van hun services. Meer informatie.

Akkoord

Vraag & Antwoord

Beveiliging & privacy

Somoto en Bigseekpro probleem

None
28 antwoorden
  • Als ik in Chrome iets in de titelbalk type knalt hij me door naar Somoto zoekmachine of een Bigseek zoekmachine. Denk dat het een spyware oid is. Hoe krijg ik dat weg? Heb al een scan gedaan met Adware. Hierbij de Hijack file.


    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 0:56:52, on 2-11-2011
    Platform: Windows Vista SP1 (WinNT 6.00.1905)
    MSIE: Internet Explorer v8.00 (8.00.6001.19088)
    Boot mode: Normal

    Running processes:
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Program Files\NVIDIA Corporation\Display
    vtray.exe
    C:\Program Files\AVG\AVG10\avgtray.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe
    C:\Windows\system32\wbem\unsecapp.exe
    C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
    C:\Program Files\Windows Live\Messenger\msnmsgr.exe
    C:\Program Files\Windows Live\Contacts\wlcomm.exe
    C:\Program Files\Xfire\Xfire.exe
    C:\Users\bigadje\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe
    C:\Users\bigadje\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\bigadje\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\bigadje\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\bigadje\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\bigadje\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Windows\system32\DllHost.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://nl.msn.com/
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs
    dr?TYPE=3&tp=iehome&locale=nl_nl&c=81&bd=Pavilion&pf=desktop
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R3 - URLSearchHook: (no name) - {1392b8d2-5c05-419f-a8f6-b9f15a596612} - (no file)
    R3 - URLSearchHook: (no name) - {5e5ab302-7f65-44cd-8211-c1d4caaccea3} - (no file)
    O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
    O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - (no file)
    O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG10\avgssie.dll
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
    O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    O2 - BHO: (no name) - {ce18769b-c7fa-42d2-860d-17c4662c70ad} - (no file)
    O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
    O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - (no file)
    O3 - Toolbar: (no name) - {1392b8d2-5c05-419f-a8f6-b9f15a596612} - (no file)
    O4 - HKLM\..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG10\avgtray.exe
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
    O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
    O8 - Extra context menu item: Free YouTube Download - C:\Users\bigadje\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm
    O8 - Extra context menu item: Translate this web page with Babylon - res://C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/ActionTU.htm
    O8 - Extra context menu item: Translate with Babylon - res://C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/Action.htm
    O9 - Extra button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    O9 - Extra 'Tools' menuitem: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\Microsoft Office\Office12\REFIEBAR.DLL
    O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programs\PartyGaming\PartyPoker\RunApp.exe (file missing)
    O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programs\PartyGaming\PartyPoker\RunApp.exe (file missing)
    O9 - Extra button: HP Slim selecteren - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
    O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab
    O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
    O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab
    O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/NL-NL/a-UNO1/GAME_UNO1.cab
    O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - http://download.divx.com/player/DivXBrowserPlugin.cab
    O16 - DPF: {888078C6-70B2-4F88-8EE7-1F50DDEA6120} (CeWe Color AG & Co. OHG Control) - https://as.photoprintit.de/ips-opdata/activex/ImageUploader6.cab
    O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game02.zylom.com/activex/zylomgamesplayer.cab
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
    O16 - DPF: {E55FD215-A32E-43FE-A777-A7E8F165F557} (Flatcast Viewer 5.0) - http://data.myflatcast.com/data/objects/NpFv501.dll
    O16 - DPF: {E6F480FC-BD44-4CBA-B74A-89AF7842937D} (SysInfo Class) - http://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_cyri_4.3.1.0.cab
    O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{DDCD2313-0166-4931-AD83-0B80E2A01BD5}: NameServer = 8.8.8.8,8.8.4.4
    O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG10\avgpp.dll
    O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
    O22 - SharedTaskScheduler: ObjectDockShellExt - {1984D045-52CF-49cd-DB77-08F378FEA4DB} - (no file)
    O23 - Service: Advanced SystemCare Service (AdvancedSystemCareService) - IObit - C:\Program Files\IObit\Advanced SystemCare 4\ASCService.exe
    O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
    O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
    O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG10\avgwdsvc.exe
    O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    O23 - Service: Google Update Service (gupdate1c9871e2dc4eb71) (gupdate1c9871e2dc4eb71) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
    O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
    O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
    O23 - Service: HP Chasis Button Service (HPBtnSrv) - Unknown owner - c:\hp\HPEZBTN\HPBtnSrv.exe
    O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
    O23 - Service: Lavasoft Ad-Aware Service - Lavasoft Limited - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
    O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
    O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe
    O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32
    vvsvc.exe
    O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
    O23 - Service: Internet Pass-Through Service (PassThru Service) - Unknown owner - C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe
    O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
    O23 - Service: SupportSoft Sprocket Service (KPN) (sprtsvc_KPN) - SupportSoft, Inc. - C:\Program Files\KPN\bin\sprtsvc.exe
    O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
    O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\3D Vision
    vSCPAPISvr.exe
    O23 - Service: TeamViewer 6 (TeamViewer6) - TeamViewer GmbH - C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe
    O23 - Service: TomTomHOMEService - TomTom - C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe


    End of file - 9948 bytes



  • Hallo bigadje, probeer het tool [b:72a4f6cd00]Toolbar Cleaner[/b:72a4f6cd00].

    Het probleem is namelijk dat Google's Chrome instellingen nog niet in logs vermeld worden!

    http://www.gratissoftwaresite.nl/downloads/taxonomy/term/543

    He zal je duidelijk zijn, dat je de toolbars eerst aanvinkt die je kwijt wilt en dan op de knop Remove klikt.

    Laat me weten of dat tool doet wat het beloofd en post ook een nieuw Hijack This-log.
  • Hallo,

    probleem is dat het geen toolbar is, tenminste niet zichtbaar in de balk boven. Hij stuurt je gewoon door naar de desbetreffende pagina.

    Groet
    Arnold
  • Hallo Arnold, dan maar kijken of we via ComboFix er achter komen:

    [b:964a4af957]Welk programma[/b:964a4af957]: ComboFix
    [b:964a4af957]Waarvoor/waarom[/b:964a4af957]: Zeer specialistische scanner om Windows diepgaand te onderzoeken
    en zo mogelijk op te schonen.
    [b:964a4af957]Moeilijkheidsgraad[/b:964a4af957]: Min of meer lastige voorbereidingsfase, dus lees alles eerst goed.
    [b:964a4af957]Downloadlokatie[/b:964a4af957]: Dit programma absoluut naar het bureaublad downloaden!
    [b:964a4af957]Download ComboFix via één van deze locaties[/b:964a4af957]:
    [list:964a4af957][*:964a4af957][b:964a4af957]Bleepingcomputer[/b:964a4af957]
    [*:964a4af957][b:964a4af957]ForoSpyware[/b:964a4af957]
    [*:964a4af957][b:964a4af957]Geekstogo[/b:964a4af957][/list:u:964a4af957]
    [b:964a4af957]Hier[/b:964a4af957] zie je hoe je ComboFix moet gebruiken.

    Antivirusprogramma en actieve malwarescanners dienen al voor de ComboFix start gedeaktiveert zijn!
    [b:964a4af957]Hier[/b:964a4af957] en [b:964a4af957]hier[/b:964a4af957] vindt je gegevens hoe antivirusprogramma's en spywarescanners te deaktiveren.

    [b:964a4af957]Voor alle duidelijkheid nogmaals[/b:964a4af957]: ComboFix dient vanaf het bureaublad gestart te worden.

    [b:964a4af957]Opmerkingen[/b:964a4af957]:
    [list:964a4af957][*:964a4af957] Bij gebruik van Windows XP zal er mogelijk gevraagd worden, om de "Recovery Console" te installeren! Sta dit dan toe (hiervoor is een actieve internet verbinding vereist).
    [*:964a4af957]Vista- en Windows 7 gebruikers starten Combofix op via rechtsklik met Administratorrechten.
    [*:964a4af957]Alle openstaande programma's en webpagina's dienen afgesloten te zijn.[/list:u:964a4af957]
    [b:964a4af957]ComboFix is opgestart[/b:964a4af957]:
    [list:964a4af957][*:964a4af957]Niet in het zwarte venster klikken, hierdoor kan ComboFix of zelfs Windows geheel "bevriezen"!
    [*:964a4af957]Combofix sluit tijdens de scan de internet verbinding – probeer deze tussentijds niet te herstellen!
    [*:964a4af957]Het kan voorkomen dat de computer meerdere malen opnieuw opgestart moet worden, dit is normaal.
    [*:964a4af957]Wanneer ComboFix gereed is, zal het het een logbestand voor je maken.
    [*:964a4af957]Post de inhoud van dit logbestand in je volgende bericht.
    [*:964a4af957]Indien het log niet opstart, is dit terug tevinden in C:\ComboFix.txt[/list:u:964a4af957]
    [b:964a4af957]Belangrijke opmerking[/b:964a4af957]:
    [list:964a4af957][*:964a4af957][b:964a4af957]
  • Logbestand

    ComboFix 11-11-02.03 - bigadje 03-11-2011 0:25.1.2 - x86
    Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.31.1043.18.3071.1833 [GMT 1:00]
    Gestart vanuit: c:\users\bigadje\Desktop\ComboFix.exe
    AV: AVG Anti-Virus Free Edition 2011 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
    AV: Lavasoft Ad-Watch Live! Anti-Virus *Disabled/Updated* {9FF26384-70D4-CE6B-3ECB-E759A6A40116}
    SP: AVG Anti-Virus Free Edition 2011 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
    SP: Lavasoft Ad-Watch Live! *Disabled/Updated* {24938260-56EE-C1E5-047B-DC2BDD234BAB}
    SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    .
    (((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\programdata\3D3
    c:\programdata\3D3\mm.db
    c:\programdata\3D3\thumbnail.db
    c:\programdata\Microsoft\Windows\Start Menu\Windows Live Messenger .lnk
    c:\users\bigadje\AppData\Local\log.txt
    c:\users\bigadje\AppData\Roaming\EurekaLog
    c:\users\bigadje\AppData\Roaming\EurekaLog\logivert\logivert_PC_BIG_ADJE.elf
    c:\users\bigadje\AppData\Roaming\Microsoft\~DFK3fed8a.tmp
    c:\users\bigadje\AppData\Roaming\Microsoft\1eaadjc.dll
    c:\users\bigadje\AppData\Roaming\Microsoft\bass.dll
    c:\users\bigadje\AppData\Roaming\Microsoft\kfgresk.dll
    c:\users\bigadje\AppData\Roaming\Microsoft\mjcriu.dll
    c:\users\bigadje\AppData\Roaming\Microsoft\peaadje.dll
    c:\users\bigadje\AppData\Roaming\Microsoft\qwadjb.dll
    c:\users\bigadje\AppData\Roaming\Microsoft\rsaadjd.dll
    c:\windows\iun6002.exe
    c:\windows\system32\CF25095.exe
    c:\windows\system32\ijl11.dll
    c:\windows\system32\jucheck.exe
    c:\windows\system32\uninstall.exe
    c:\windows\test
    .
    .
    (((((((((((((((((((( Bestanden Gemaakt van 2011-10-02 to 2011-11-02 ))))))))))))))))))))))))))))))
    .
    .
    2175-05-27 23:15 . 2008-03-05 14:56 3786760 —-a-w- c:\windows\system32\d3dx9_37.dll
    2011-11-02 23:35 . 2011-11-02 23:35 ——– d—–w- c:\users\bigadje\AppData\Local\temp
    2011-11-02 23:35 . 2011-11-02 23:35 ——– d—–w- c:\windows\system32\config\systemprofile\AppData\Local\temp
    2011-11-02 23:35 . 2011-11-02 23:35 ——– d—–w- c:\users\UpdatusUser\AppData\Local\temp
    2011-11-02 09:41 . 2011-11-02 09:44 ——– d—–w- c:\program files\Toolbar Cleaner
    2011-11-02 00:00 . 2011-11-02 00:00 ——– d—–w- c:\program files\Conduit
    2011-11-02 00:00 . 2011-11-02 00:00 ——– d—–w- c:\users\bigadje\AppData\Local\Conduit
    2011-11-01 23:59 . 2011-11-02 00:00 ——– d—–w- c:\program files\Freecorder
    2011-11-01 17:37 . 2011-11-01 17:37 388096 —-a-r- c:\users\bigadje\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
    2011-11-01 17:37 . 2011-11-01 17:37 ——– d—–w- c:\program files\Trend Micro
    2011-11-01 01:15 . 2011-10-31 23:40 16432 —-a-w- c:\windows\system32\lsdelete.exe
    2011-10-31 23:36 . 2011-08-18 14:25 64512 —-a-w- c:\windows\system32\drivers\Lbd.sys
    2011-10-31 23:36 . 2011-10-31 23:36 ——– d—–w- c:\program files\Lavasoft
    2011-10-31 23:12 . 2011-10-31 23:14 ——– d—–w- c:\users\bigadje\AppData\Roaming\GetRightToGo
    2011-10-31 22:51 . 2011-10-31 22:52 ——– d—–w- c:\program files\Malwarebytes' Anti-Malware
    2011-10-31 22:51 . 2011-08-31 16:00 22216 —-a-w- c:\windows\system32\drivers\mbam.sys
    2011-10-31 18:07 . 2011-10-31 18:07 ——– d—–w- c:\users\bigadje\AppData\Roaming\MP4 to MP3 Converter
    2011-10-31 18:06 . 2011-10-31 18:06 ——– d—–w- c:\program files\MP4 to MP3 Converter
    2011-10-31 18:03 . 2011-10-31 18:03 ——– d—–w- c:\users\bigadje\AppData\Roaming\DVDVideoSoft
    2011-10-29 10:48 . 2011-10-29 10:48 ——– d—–w- c:\users\bigadje\AppData\Roaming\Netscape
    2011-10-29 10:48 . 2011-10-29 10:48 ——– d—–w- c:\users\bigadje\AppData\Local\Netscape
    2011-10-26 17:47 . 2011-10-26 17:47 ——– d—–w- c:\program files\Lame For Audacity
    2011-10-15 14:27 . 2011-11-01 15:59 ——– d—–w- C:\Spectrum
    2011-10-13 20:29 . 2011-10-13 20:29 42392 —-a-w- c:\windows\system32\xfcodec.dll
    2011-10-04 22:58 . 2011-10-04 22:58 ——– d—–w- c:\program files\TweetDeck
    2011-10-04 22:57 . 2011-10-26 17:35 ——– d—–w- c:\program files\Audacity 1.3 Beta (Unicode)
    2011-10-04 22:44 . 2011-10-04 22:44 ——– d—–w- c:\users\bigadje\AppData\Local\RadioSure
    2011-10-04 17:42 . 2011-10-04 22:58 ——– d—–w- c:\users\bigadje\AppData\Roaming\TweetDeckFast.FFF259DC0CE2657847BBB4AFF0E62062EFC56543.1
    .
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2011-11-02 18:38 . 2008-12-04 18:56 137464 —-a-w- c:\windows\system32\drivers\PnkBstrK.sys
    2011-11-02 18:37 . 2009-03-07 10:31 214520 —-a-w- c:\windows\system32\PnkBstrB.xtr
    2011-11-02 18:37 . 2008-12-04 18:55 214520 —-a-w- c:\windows\system32\PnkBstrB.exe
    2011-11-02 18:37 . 2008-12-04 18:55 214520 —-a-w- c:\windows\system32\PnkBstrB.ex0
    2011-10-31 23:40 . 2010-11-01 10:52 101720 —-a-w- c:\windows\system32\drivers\SBREDrv.sys
    2011-10-23 21:25 . 2011-06-19 09:44 414368 —-a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2011-10-13 17:27 . 2008-02-09 11:22 75136 —-a-w- c:\windows\system32\PnkBstrA.exe
    2011-08-19 14:33 . 2011-09-28 23:14 25944 —-a-w- c:\windows\system32\SmartDefragBootTime.exe
    2011-09-29 07:28 . 2011-06-08 19:24 134104 —-a-w- c:\program files\mozilla firefox\components\browsercomps.dll
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
    REGEDIT4
    .
    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
    "{1392b8d2-5c05-419f-a8f6-b9f15a596612}"= "c:\program files\Freecorder\prxtbFree.dll" [2011-01-17 175912]
    .
    [HKEY_CLASSES_ROOT\clsid\{1392b8d2-5c05-419f-a8f6-b9f15a596612}]
    .
    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1392b8d2-5c05-419f-a8f6-b9f15a596612}]
    2011-01-17 15:54 175912 —-a-w- c:\program files\Freecorder\prxtbFree.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    "{1392b8d2-5c05-419f-a8f6-b9f15a596612}"= "c:\program files\Freecorder\prxtbFree.dll" [2011-01-17 175912]
    .
    [HKEY_CLASSES_ROOT\clsid\{1392b8d2-5c05-419f-a8f6-b9f15a596612}]
    .
    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
    "{1392B8D2-5C05-419F-A8F6-B9F15A596612}"= "c:\program files\Freecorder\prxtbFree.dll" [2011-01-17 175912]
    .
    [HKEY_CLASSES_ROOT\clsid\{1392b8d2-5c05-419f-a8f6-b9f15a596612}]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "AVG_TRAY"="c:\program files\AVG\AVG10\avgtray.exe" [2011-09-10 2338656]
    "TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2010-03-07 202256]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "EnableUIADesktopToggle"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
    BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG10\avgchsvx.exe /sync\0c:\progra~1\AVG\AVG10\avgrsx.exe /sync
    estart\0lsdelete
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
    @="Service"
    HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ad-Watch
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Easy Business Tools 5 Update Setup]
    2010-05-26 12:24 3648607 -c–a-w- c:\users\bigadje\AppData\Local\{A354E2E1-A068-49E6-BCB4-C3433B40F33E}\setup_ebt5.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpsysdrv]
    2007-04-18 15:01 65536 —-a-w- c:\hp\support\hpsysdrv.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KPN]
    2007-10-23 10:36 198184 —-a-w- c:\program files\KPN\bin\sprtcmd.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes' Anti-Malware (reboot)]
    2011-08-31 16:00 1047208 —-a-w- c:\program files\Malwarebytes' Anti-Malware\mbam.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SearchSettings]
    2011-06-24 16:22 534880 —-a-w- c:\program files\Common Files\Spigot\Search Settings\SearchSettings.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
    2010-03-07 14:51 202256 —-a-w- c:\program files\Common Files\Real\Update_OB\realsched.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
    "DisableMonitoring"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
    "DisableMonitoring"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
    "DisableMonitoring"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
    "AntiVirusOverride"=dword:00000001
    "AntiSpywareOverride"=dword:00000001
    .
    R0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys [x]
    R0 TfSysMon;TfSysMon;c:\windows\system32\drivers\TfSysMon.sys [x]
    R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
    R2 gupdate1c9871e2dc4eb71;Google Update Service (gupdate1c9871e2dc4eb71);c:\program files\Google\Update\GoogleUpdate.exe [2009-02-04 133104]
    R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2011-10-31 2152152]
    R3 FlashUSB;Flash Loader utility driver;c:\windows\system32\Drivers\FlashUSB.sys [2008-01-25 15453]
    R3 FNETTHJM;Freecom Turbo USB 2.0;c:\windows\system32\drivers\fnetthjm.sys [2010-01-16 23936]
    R3 gupdatem;Google Update-service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2009-02-04 133104]
    R3 hitmanpro3;Hitman Pro 3 Support Driver; [x]
    R3 HPBtnSrv;HP Chasis Button Service;c:\hp\HPEZBTN\HPBtnSrv.exe [2007-05-29 198240]
    R3 HTCAND32;HTC Device Driver;c:\windows\system32\Drivers\ANDROIDUSB.sys [2009-06-09 24576]
    R3 htcnprot;HTC NDIS Protocol Driver;c:\windows\system32\DRIVERS\htcnprot.sys [2010-06-23 23040]
    R3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;c:\windows\system32\drivers\LGBusEnum.sys [x]
    R3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;c:\windows\system32\drivers\LGVirHid.sys [x]
    R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [x]
    R3 TfNetMon;TfNetMon;c:\windows\system32\drivers\TfNetMon.sys [x]
    R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
    S0 AVGIDSEH;AVGIDSEH;c:\windows\system32\DRIVERS\AVGIDSEH.Sys [2011-02-22 22992]
    S0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx86.sys [2011-03-16 32592]
    S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [2011-08-18 64512]
    S0 SmartDefragDriver;SmartDefragDriver;c:\windows\System32\Drivers\SmartDefragDriver.sys [2010-11-26 15672]
    S1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx86.sys [2011-01-07 248656]
    S1 Avgtdix;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdix.sys [2011-04-04 297168]
    S2 AdvancedSystemCareService;Advanced SystemCare Service;c:\program files\IObit\Advanced SystemCare 4\ASCService.exe [2011-04-21 352656]
    S2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe [2011-08-17 7390560]
    S2 avgwd;AVG WatchDog;c:\program files\AVG\AVG10\avgwdsvc.exe [2011-02-08 269520]
    S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-05-25 2214504]
    S2 PassThru Service;Internet Pass-Through Service;c:\program files\HTC\Internet Pass-Through\PassThruSvr.exe [2011-03-31 80896]
    S2 sprtsvc_KPN;SupportSoft Sprocket Service (KPN);c:\program files\KPN\bin\sprtsvc.exe [2007-10-23 202016]
    S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\NVIDIA Corporation\3D Vision
    vSCPAPISvr.exe [2011-05-20 378472]
    S2 TeamViewer6;TeamViewer 6;c:\program files\TeamViewer\Version6\TeamViewer_Service.exe [2011-01-14 2250616]
    S2 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [2011-04-22 92592]
    S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\AVGIDSDriver.Sys [2011-05-27 134480]
    S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\AVGIDSFilter.Sys [2011-02-10 24144]
    S3 AVGIDSShim;AVGIDSShim;c:\windows\system32\DRIVERS\AVGIDSShim.Sys [2011-02-10 28624]
    S3 camdrv41;Philips SPC 900NC PC Camera;c:\windows\system32\DRIVERS\camdrv41.sys [2007-04-23 1347584]
    S3 netr73;USB Wireless 802.11 b/g Adaptor Driver for Vista;c:\windows\system32\DRIVERS
    etr73.sys [2008-02-26 493568]
    .
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
    .
    Inhoud van de 'Gedeelde Taken' map
    .
    2011-11-02 c:\windows\Tasks\Ad-Aware Update (Weekly).job
    - c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2011-08-18 23:40]
    .
    2011-10-13 c:\windows\Tasks\GlaryInitialize.job
    - c:\program files\Glary Utilities\initialize.exe [2009-11-05 07:07]
    .
    2011-10-20 c:\windows\Tasks\GoogleUpdateTaskMachineCore1cc8f396256b32e.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2009-02-04 23:13]
    .
    2010-12-02 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2009-02-04 23:13]
    .
    2011-05-28 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1250621424-1792265585-3911309756-1000Core1cc1d485e0b5565.job
    - c:\users\bigadje\AppData\Local\Google\Update\GoogleUpdate.exe [2010-12-02 08:57]
    .
    2011-06-27 c:\windows\Tasks\Launch HTC Sync Loader.job
    - c:\program files\HTC\HTC Sync 3.0\htcUPCTLoader.exe [2011-04-26 15:22]
    .
    2011-11-02 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1250621424-1792265585-3911309756-1000.job
    - c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-24 21:09]
    .
    2010-12-11 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1250621424-1792265585-3911309756-1001.job
    - c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-24 21:09]
    .
    2010-12-09 c:\windows\Tasks\RegistryBooster.job
    - c:\program files\Uniblue\RegistryBooster\rbmonitor.exe [2010-12-07 00:53]
    .
    2010-12-09 c:\windows\Tasks\User_Feed_Synchronization-{64DE32D8-0311-4F7B-8E79-C8891A596F5E}.job
    - c:\windows\system32\msfeedssync.exe [2011-06-15 04:32]
    .
    2011-10-03 c:\windows\Tasks\User_Feed_Synchronization-{F2FB0988-5A20-4CEB-A3A7-DC1F602DDBFF}.job
    - c:\windows\system32\msfeedssync.exe [2011-06-15 04:32]
    .
    2011-07-27 c:\windows\Tasks\{995BB312-90A8-47F3-8112-804528967B5E}.job
    - c:\program files\Skype\Phone\Skype.exe [2011-06-15 13:02]
    .
    .
    ——- Bijkomende Scan ——-
    .
    uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT1060933
    mStart Page = hxxp://www.bigseekpro.com/accmeware/{C008CB9D-135B-4A6F-B384-1185B6CF3F66}
    uInternet Settings,ProxyOverride = *.local
    IE: &Clean Traces
    IE: &Download with &DAP
    IE: &Download with AktivDownloadManager!
    IE: Download &all with DAP
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office10\EXCEL.EXE/3000
    IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
    IE: Free YouTube Download - c:\users\bigadje\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm
    IE: Translate this web page with Babylon - c:\program files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/ActionTU.htm
    IE: Translate with Babylon - c:\program files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/Action.htm
    TCP: DhcpNameServer = 192.168.1.254
    TCP: Interfaces\{DDCD2313-0166-4931-AD83-0B80E2A01BD5}: NameServer = 8.8.8.8,8.8.4.4
    DPF: {888078C6-70B2-4F88-8EE7-1F50DDEA6120} - hxxps://as.photoprintit.de/ips-opdata/activex/ImageUploader6.cab
    DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} - hxxp://game02.zylom.com/activex/zylomgamesplayer.cab
    FF - ProfilePath - c:\users\bigadje\AppData\Roaming\Mozilla\Firefox\Profiles\92e0uyta.default\
    FF - prefs.js: browser.search.defaulturl - hxxp://search.babylon.com/web/{searchTerms}?babsrc=browsersearch&AF=14542
    FF - prefs.js: browser.search.selectedEngine - Yahoo
    FF - prefs.js: browser.startup.homepage - hxxp://search.babylon.com/home?AF=14542
    FF - prefs.js: keyword.URL - hxxp://nl.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&type=382950&p=
    FF - user.js: yahoo.homepage.dontask - true
    .
    - - - - ORPHANS VERWIJDERD - - - -
    .
    URLSearchHooks-{5e5ab302-7f65-44cd-8211-c1d4caaccea3} - (no file)
    BHO-{201f27d4-3704-41d6-89c1-aa35e39143ed} - (no file)
    BHO-{ce18769b-c7fa-42d2-860d-17c4662c70ad} - (no file)
    Toolbar-{3041d03e-fd4b-44e0-b742-2d9b88305f98} - (no file)
    WebBrowser-{5E5AB302-7F65-44CD-8211-C1D4CAACCEA3} - (no file)
    SharedTaskScheduler-{1984D045-52CF-49cd-DB77-08F378FEA4DB} - (no file)
    MSConfigStartUp-Easy Business Tools 5 Update Setup for All Users - c:\programdata\{A354E2E1-A068-49E6-BCB4-C3433B40F33E}\setup_ebt5.exe
    .
    .
    .
    **************************************************************************
    .
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2011-11-03 00:35
    Windows 6.0.6001 Service Pack 1 NTFS
    .
    scannen van verborgen processen …
    .
    scannen van verborgen autostart items …
    .
    scannen van verborgen bestanden …
    .
    Scan succesvol afgerond
    verborgen bestanden: 0
    .
    **************************************************************************
    .
    Voltooingstijd: 2011-11-03 00:39:33
    ComboFix-quarantined-files.txt 2011-11-02 23:39
    .
    Pre-Run: 252.325.736.448 bytes beschikbaar
    Post-Run: 254.842.548.224 bytes beschikbaar
    .
    - - End Of File - - 4F085690E7B12829F28427784A41E8F5


  • Hoi Arnold, ik wil ComboFix een hoop laten verwijderen.

    O.a. ook Iobit Advanced SystemCare 4.

    Waarom: Iobit is een Chinese softwareverspreider.
    En de softwareprodukten bestaan uit gestolen en geleende onderdelen van andere softwaremakers.

    Dat tool in jouw Windows bestaat o.a. uit onderdelen van MBAM en twee westerse antivirussoftwaremakers!

    Zie ook: http://www.nationaalcomputerforum.nl/showthread.php?t=67376

    - verwijdering ervan zal ook AVG beter laten presteren.
    En verwijder ook Lavasoft AdAware, het zelfde verhaal - de antivirussektie in dat tool colllideert met AVG.

    Ik denk dat je het meteen zal merken dat beide tools verwijderd zijn!
  • Het werkte niet! Maar ik heb het probleem zelf opgelost, was eenvoudiger dan ik had gedacht.

    In Google Chrome ga je naar "opties" > zoeken > zoekmachines beheren.
    Daar stond bij de "standaard zoekmachines" de Big zeek URL.
    Deze verwijderd, en weg is het probleem.

    Dank vor je hulp.

    Groet
    Arnold
  • Begrijp ik goed dat jij het niet meer nodig acht verder te gaan?
  • Aha, ik zie dus nog wat over het hoofd. Ik hoor graag van je wat er nog meer moet gebeuren.

    Groet
    Arnold
  • Zie dan ook mijn bericht van Geplaatst: do nov 03, 2011 9:43 am en laat weten wat jij wil!
  • Adaware en Advanced SystemCare 4. heb ik verwijderd.
  • Mooi zo.

    Er zit nog veel trackingware en ook nog spyware software in jouw Windows!

    Open een nieuw kladblok bestand, via "Start\Alle programma’s\Bureau-accessoires\[b:f46bb66802]Kladblok[/b:f46bb66802]".


    Kopieer en plak de volgende (vetgedrukte, blauwe tekst) in het lege kladblokvenstervenster


    [b:f46bb66802]
  • ComboFix 11-11-02.03 - bigadje 03-11-2011 23:54:47.2.2 - x86
    Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.31.1043.18.3071.1942 [GMT 1:00]
    Gestart vanuit: c:\users\bigadje\Desktop\ComboFix.exe
    gebruikte Opdracht switches :: c:\users\bigadje\Desktop\CFScript.txt
    AV: AVG Anti-Virus Free Edition 2011 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
    SP: AVG Anti-Virus Free Edition 2011 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
    SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    .
    (((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\program files\Common Files\Spigot
    c:\program files\Common Files\Spigot\Search Settings\config.ini
    c:\program files\Common Files\Spigot\Search Settings\SearchSettings.exe
    c:\program files\Common Files\Spigot\Search Settings\yahoo_ff.xml
    c:\program files\Common Files\Spigot\Search Settings\yahoo_ie.xml
    c:\program files\Common Files\Spigot\wtxpcom\chrome.manifest
    c:\program files\Common Files\Spigot\wtxpcom\components\IFBHOHelperWidgiToolbar.xpt
    c:\program files\Common Files\Spigot\wtxpcom\components\IFBHOWidgiToolbar.xpt
    c:\program files\Common Files\Spigot\wtxpcom\install.rdf
    .
    .
    (((((((((((((((((((( Bestanden Gemaakt van 2011-10-03 to 2011-11-03 ))))))))))))))))))))))))))))))
    .
    .
    2175-05-27 23:15 . 2008-03-05 14:56 3786760 —-a-w- c:\windows\system32\d3dx9_37.dll
    2011-11-03 23:02 . 2011-11-03 23:07 ——– d—–w- c:\users\bigadje\AppData\Local\temp
    2011-11-03 23:02 . 2011-11-03 23:02 ——– d—–w- c:\windows\system32\config\systemprofile\AppData\Local\temp
    2011-11-03 23:02 . 2011-11-03 23:02 ——– d—–w- c:\users\UpdatusUser\AppData\Local\temp
    2011-11-02 09:41 . 2011-11-02 09:44 ——– d—–w- c:\program files\Toolbar Cleaner
    2011-11-01 17:37 . 2011-11-01 17:37 388096 —-a-r- c:\users\bigadje\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
    2011-11-01 17:37 . 2011-11-01 17:37 ——– d—–w- c:\program files\Trend Micro
    2011-10-31 23:12 . 2011-10-31 23:14 ——– d—–w- c:\users\bigadje\AppData\Roaming\GetRightToGo
    2011-10-31 18:07 . 2011-10-31 18:07 ——– d—–w- c:\users\bigadje\AppData\Roaming\MP4 to MP3 Converter
    2011-10-31 18:06 . 2011-10-31 18:06 ——– d—–w- c:\program files\MP4 to MP3 Converter
    2011-10-31 18:03 . 2011-10-31 18:03 ——– d—–w- c:\users\bigadje\AppData\Roaming\DVDVideoSoft
    2011-10-29 10:48 . 2011-10-29 10:48 ——– d—–w- c:\users\bigadje\AppData\Roaming\Netscape
    2011-10-29 10:48 . 2011-10-29 10:48 ——– d—–w- c:\users\bigadje\AppData\Local\Netscape
    2011-10-26 17:47 . 2011-10-26 17:47 ——– d—–w- c:\program files\Lame For Audacity
    2011-10-15 14:27 . 2011-11-01 15:59 ——– d—–w- C:\Spectrum
    2011-10-13 20:29 . 2011-10-13 20:29 42392 —-a-w- c:\windows\system32\xfcodec.dll
    .
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2011-11-03 18:09 . 2008-12-04 18:56 138160 —-a-w- c:\windows\system32\drivers\PnkBstrK.sys
    2011-11-03 18:08 . 2008-12-04 18:55 271200 —-a-w- c:\windows\system32\PnkBstrB.exe
    2011-11-03 18:06 . 2008-12-04 18:55 202040 —-a-w- c:\windows\system32\PnkBstrB.ex0
    2011-11-03 00:07 . 2009-03-07 10:31 271200 —-a-w- c:\windows\system32\PnkBstrB.xtr
    2011-10-31 23:40 . 2010-11-01 10:52 101720 —-a-w- c:\windows\system32\drivers\SBREDrv.sys
    2011-10-23 21:25 . 2011-06-19 09:44 414368 —-a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2011-10-13 17:27 . 2008-02-09 11:22 75136 —-a-w- c:\windows\system32\PnkBstrA.exe
    2011-08-19 14:33 . 2011-09-28 23:14 25944 —-a-w- c:\windows\system32\SmartDefragBootTime.exe
    2011-09-29 07:28 . 2011-06-08 19:24 134104 —-a-w- c:\program files\mozilla firefox\components\browsercomps.dll
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "EnableUIADesktopToggle"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
    BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG10\avgchsvx.exe /sync\0c:\progra~1\AVG\AVG10\avgrsx.exe /sync
    estart
    HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes' Anti-Malware (reboot)
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpsysdrv]
    2007-04-18 15:01 65536 —-a-w- c:\hp\support\hpsysdrv.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KPN]
    2007-10-23 10:36 198184 —-a-w- c:\program files\KPN\bin\sprtcmd.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
    2010-03-07 14:51 202256 —-a-w- c:\program files\Common Files\Real\Update_OB\realsched.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
    "DisableMonitoring"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
    "DisableMonitoring"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
    "DisableMonitoring"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
    "AntiVirusOverride"=dword:00000001
    "AntiSpywareOverride"=dword:00000001
    .
    R0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [x]
    R0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys [x]
    R0 TfSysMon;TfSysMon;c:\windows\system32\drivers\TfSysMon.sys [x]
    R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
    R2 gupdate1c9871e2dc4eb71;Google Update Service (gupdate1c9871e2dc4eb71);c:\program files\Google\Update\GoogleUpdate.exe [2009-02-04 133104]
    R3 FlashUSB;Flash Loader utility driver;c:\windows\system32\Drivers\FlashUSB.sys [2008-01-25 15453]
    R3 FNETTHJM;Freecom Turbo USB 2.0;c:\windows\system32\drivers\fnetthjm.sys [2010-01-16 23936]
    R3 gupdatem;Google Update-service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2009-02-04 133104]
    R3 hitmanpro3;Hitman Pro 3 Support Driver; [x]
    R3 HPBtnSrv;HP Chasis Button Service;c:\hp\HPEZBTN\HPBtnSrv.exe [2007-05-29 198240]
    R3 HTCAND32;HTC Device Driver;c:\windows\system32\Drivers\ANDROIDUSB.sys [2009-06-09 24576]
    R3 htcnprot;HTC NDIS Protocol Driver;c:\windows\system32\DRIVERS\htcnprot.sys [2010-06-23 23040]
    R3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;c:\windows\system32\drivers\LGBusEnum.sys [x]
    R3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;c:\windows\system32\drivers\LGVirHid.sys [x]
    R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [x]
    R3 TfNetMon;TfNetMon;c:\windows\system32\drivers\TfNetMon.sys [x]
    R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
    S0 AVGIDSEH;AVGIDSEH;c:\windows\system32\DRIVERS\AVGIDSEH.Sys [2011-02-22 22992]
    S0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx86.sys [2011-03-16 32592]
    S0 SmartDefragDriver;SmartDefragDriver;c:\windows\System32\Drivers\SmartDefragDriver.sys [2010-11-26 15672]
    S1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx86.sys [2011-01-07 248656]
    S1 Avgtdix;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdix.sys [2011-04-04 297168]
    S2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe [2011-08-17 7390560]
    S2 avgwd;AVG WatchDog;c:\program files\AVG\AVG10\avgwdsvc.exe [2011-02-08 269520]
    S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-05-25 2214504]
    S2 PassThru Service;Internet Pass-Through Service;c:\program files\HTC\Internet Pass-Through\PassThruSvr.exe [2011-03-31 80896]
    S2 sprtsvc_KPN;SupportSoft Sprocket Service (KPN);c:\program files\KPN\bin\sprtsvc.exe [2007-10-23 202016]
    S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\NVIDIA Corporation\3D Vision
    vSCPAPISvr.exe [2011-05-20 378472]
    S2 TeamViewer6;TeamViewer 6;c:\program files\TeamViewer\Version6\TeamViewer_Service.exe [2011-01-14 2250616]
    S2 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [2011-04-22 92592]
    S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\AVGIDSDriver.Sys [2011-05-27 134480]
    S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\AVGIDSFilter.Sys [2011-02-10 24144]
    S3 AVGIDSShim;AVGIDSShim;c:\windows\system32\DRIVERS\AVGIDSShim.Sys [2011-02-10 28624]
    S3 camdrv41;Philips SPC 900NC PC Camera;c:\windows\system32\DRIVERS\camdrv41.sys [2007-04-23 1347584]
    S3 netr73;USB Wireless 802.11 b/g Adaptor Driver for Vista;c:\windows\system32\DRIVERS
    etr73.sys [2008-02-26 493568]
    .
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
    .
    Inhoud van de 'Gedeelde Taken' map
    .
    2011-10-13 c:\windows\Tasks\GlaryInitialize.job
    - c:\program files\Glary Utilities\initialize.exe [2009-11-05 07:07]
    .
    2011-10-20 c:\windows\Tasks\GoogleUpdateTaskMachineCore1cc8f396256b32e.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2009-02-04 23:13]
    .
    2010-12-02 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2009-02-04 23:13]
    .
    2011-05-28 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1250621424-1792265585-3911309756-1000Core1cc1d485e0b5565.job
    - c:\users\bigadje\AppData\Local\Google\Update\GoogleUpdate.exe [2010-12-02 08:57]
    .
    2011-06-27 c:\windows\Tasks\Launch HTC Sync Loader.job
    - c:\program files\HTC\HTC Sync 3.0\htcUPCTLoader.exe [2011-04-26 15:22]
    .
    2011-11-02 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1250621424-1792265585-3911309756-1000.job
    - c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-24 21:09]
    .
    2010-12-11 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1250621424-1792265585-3911309756-1001.job
    - c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-24 21:09]
    .
    2010-12-09 c:\windows\Tasks\RegistryBooster.job
    - c:\program files\Uniblue\RegistryBooster\rbmonitor.exe [2010-12-07 00:53]
    .
    2010-12-09 c:\windows\Tasks\User_Feed_Synchronization-{64DE32D8-0311-4F7B-8E79-C8891A596F5E}.job
    - c:\windows\system32\msfeedssync.exe [2011-06-15 04:32]
    .
    2011-10-03 c:\windows\Tasks\User_Feed_Synchronization-{F2FB0988-5A20-4CEB-A3A7-DC1F602DDBFF}.job
    - c:\windows\system32\msfeedssync.exe [2011-06-15 04:32]
    .
    2011-07-27 c:\windows\Tasks\{995BB312-90A8-47F3-8112-804528967B5E}.job
    - c:\program files\Skype\Phone\Skype.exe [2011-06-15 13:02]
    .
    .
    ——- Bijkomende Scan ——-
    .
    uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT1060933
    mStart Page = hxxp://www.bigseekpro.com/accmeware/{C008CB9D-135B-4A6F-B384-1185B6CF3F66}
    uInternet Settings,ProxyOverride = *.local
    IE: &Clean Traces
    IE: &Download with &DAP
    IE: &Download with AktivDownloadManager!
    IE: Download &all with DAP
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office10\EXCEL.EXE/3000
    IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
    IE: Free YouTube Download - c:\users\bigadje\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm
    IE: Translate this web page with Babylon - c:\program files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/ActionTU.htm
    IE: Translate with Babylon - c:\program files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/Action.htm
    TCP: DhcpNameServer = 192.168.1.254
    TCP: Interfaces\{DDCD2313-0166-4931-AD83-0B80E2A01BD5}: NameServer = 8.8.8.8,8.8.4.4
    DPF: {888078C6-70B2-4F88-8EE7-1F50DDEA6120} - hxxps://as.photoprintit.de/ips-opdata/activex/ImageUploader6.cab
    DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} - hxxp://game02.zylom.com/activex/zylomgamesplayer.cab
    FF - ProfilePath - c:\users\bigadje\AppData\Roaming\Mozilla\Firefox\Profiles\92e0uyta.default\
    FF - prefs.js: browser.search.defaulturl - hxxp://search.babylon.com/web/{searchTerms}?babsrc=browsersearch&AF=14542
    FF - prefs.js: browser.search.selectedEngine - Yahoo
    FF - prefs.js: browser.startup.homepage - hxxp://search.babylon.com/home?AF=14542
    FF - prefs.js: keyword.URL - hxxp://nl.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&type=382950&p=
    FF - user.js: yahoo.homepage.dontask - true
    .
    - - - - ORPHANS VERWIJDERD - - - -
    .
    URLSearchHooks-{1392b8d2-5c05-419f-a8f6-b9f15a596612} - (no file)
    Toolbar-{1392b8d2-5c05-419f-a8f6-b9f15a596612} - (no file)
    WebBrowser-{1392B8D2-5C05-419F-A8F6-B9F15A596612} - (no file)
    MSConfigStartUp-Easy Business Tools 5 Update Setup - c:\users\bigadje\AppData\Local\{A354E2E1-A068-49E6-BCB4-C3433B40F33E}\setup_ebt5.exe
    MSConfigStartUp-SearchSettings - c:\program files\Common Files\Spigot\Search Settings\SearchSettings.exe
    .
    .
    .
    **************************************************************************
    .
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2011-11-04 00:09
    Windows 6.0.6001 Service Pack 1 NTFS
    .
    scannen van verborgen processen …
    .
    scannen van verborgen autostart items …
    .
    scannen van verborgen bestanden …
    .
    Scan succesvol afgerond
    verborgen bestanden: 0
    .
    **************************************************************************
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\.NET CLR Data]
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\.NET CLR Networking]
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\.NET CLR Networking 4.0.0.0]
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\.NET Data Provider for Oracle]
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\.NET Data Provider for SqlServer]
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\.NETFramework]
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\61883]
    "ImagePath"="system32\DRIVERS\61883.sys"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\ACPI]
    "ImagePath"="system32\drivers\acpi.sys"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\adp94xx]
    "ImagePath"="\SystemRoot\system32\drivers\adp94xx.sys"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\adpahci]
    "ImagePath"="\SystemRoot\system32\drivers\adpahci.sys"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\adpu160m]
    "ImagePath"="\SystemRoot\system32\drivers\adpu160m.sys"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\adpu320]
    "ImagePath"="\SystemRoot\system32\drivers\adpu320.sys"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\adsi]
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\aec]
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\AeLookupSvc]
    "ServiceDll"="%SystemRoot%\System32\aelupsvc.dll"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\AFD]
    "ImagePath"="\SystemRoot\system32\drivers\afd.sys"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\agp440]
    "ImagePath"="\SystemRoot\system32\drivers\agp440.sys"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\aic78xx]
    "ImagePath"="\SystemRoot\system32\drivers\djsvs.sys"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\ALG]
    "ImagePath"="%SystemRoot%\System32\alg.exe"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\aliide]
    "ImagePath"="\SystemRoot\system32\drivers\aliide.sys"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\amdagp]
    "ImagePath"="\SystemRoot\system32\drivers\amdagp.sys"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\amdide]
    "ImagePath"="\SystemRoot\system32\drivers\amdide.sys"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\AmdK7]
    "ImagePath"="\SystemRoot\system32\drivers\amdk7.sys"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\AmdK8]
    "ImagePath"="\SystemRoot\system32\drivers\amdk8.sys"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Appinfo]
    "ServiceDll"="%SystemRoot%\System32\appinfo.dll"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\AppMgmt]
    "ServiceDll"="%SystemRoot%\System32\appmgmts.dll"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\arc]
    "ImagePath"="\SystemRoot\system32\drivers\arc.sys"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\arcsas]
    "ImagePath"="\SystemRoot\system32\drivers\arcsas.sys"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\ASP.NET_1.1.4322]
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\ASPI32]
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\AsyncMac]
    "ImagePath"="system32\DRIVERS\asyncmac.sys"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\atapi]
    "ImagePath"="\SystemRoot\system32\drivers\atapi.sys"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Ati External Event Utility]
    "ImagePath"="%SystemRoot%\system32\Ati2evxx.exe"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Atierecord]
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\atikmdag]
    "ImagePath"="system32\DRIVERS\atikmdag.sys"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\AudioEndpointBuilder]
    "ServiceDll"="%SystemRoot%\System32\Audiosrv.dll"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Audiosrv]
    "ServiceDll"="%SystemRoot%\System32\Audiosrv.dll"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Avc]
    "ImagePath"="system32\DRIVERS\avc.sys"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Avg]
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\AVGIDSAgent]
    "ImagePath"="\"c:\program files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe\""
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\AVGIDSDriver]
    "ImagePath"="system32\DRIVERS\AVGIDSDriver.Sys"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\AVGIDSEH]
    "ImagePath"="system32\DRIVERS\AVGIDSEH.Sys"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\AVGIDSFilter]
    "ImagePath"="system32\DRIVERS\AVGIDSFilter.Sys"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\AVGIDSShim]
    "ImagePath"="system32\DRIVERS\AVGIDSShim.Sys"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Avgldx86]
    "ImagePath"="system32\DRIVERS\avgldx86.sys"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Avgmfx86]
    "ImagePath"="system32\DRIVERS\avgmfx86.sys"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Avgrkx86]
    "ImagePath"="system32\DRIVERS\avgrkx86.sys"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Avgtdix]
    "ImagePath"="system32\DRIVERS\avgtdix.sys"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\avgwd]
    "ImagePath"="\"c:\program files\AVG\AVG10\avgwdsvc.exe\""
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\BattC]
    "MofImagePath"="system32\drivers\battc.sys"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Beep]
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\BFE]
    "ServiceDll"="%SystemRoot%\System32\bfe.dll"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\BITS]
    "ServiceDll"="%systemroot%\system32\qmgr.dll"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\blbdrive]
    "ImagePath"="\SystemRoot\system32\drivers\blbdrive.sys"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\bowser]
    "ImagePath"="system32\DRIVERS\bowser.sys"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\BrFiltLo]
    "ImagePath"="\SystemRoot\system32\drivers\brfiltlo.sys"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\BrFiltUp]
    "ImagePath"="\SystemRoot\system32\drivers\brfiltup.sys"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Browser]
    "ServiceDll"="%SystemRoot%\System32\browser.dll"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Brserid]
    "ImagePath"="\SystemRoot\system32\drivers\brserid.sys"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\BrSerWdm]
    "ImagePath"="\SystemRoot\system32\drivers\brserwdm.sys"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\BrUsbMdm]
    "ImagePath"="\SystemRoot\system32\drivers\brusbmdm.sys"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\BrUsbSer]
    "ImagePath"="\SystemRoot\system32\drivers\brusbser.sys"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\BTHMODEM]
    "ImagePath"="\SystemRoot\system32\drivers\bthmodem.sys"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\camdrv41]
    "ImagePath"="system32\DRIVERS\camdrv41.sys"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\catchme]
    "ImagePath"="\??\c:\combofix\catchme.sys"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\cdfs]
    "ImagePath"="system32\DRIVERS\cdfs.sys"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\cdrom]
    "ImagePath"="system32\DRIVERS\cdrom.sys"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\CertPropSvc]
    "ServiceDll"="%SystemRoot%\System32\certprop.dll"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\circlass]
    "ImagePath"="system32\DRIVERS\circlass.sys"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\CLFS]
    "ImagePath"="System32\CLFS.sys"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\clr_optimization_v2.0.50727_32]
    "ImagePath"="%systemroot%\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\clr_optimization_v4.0.30319_32]
    "ImagePath"="c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\cmdide]
    "ImagePath"="\SystemRoot\system32\drivers\cmdide.sys"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Compbatt]
    "ImagePath"="\SystemRoot\system32\drivers\compbatt.sys"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\COMSysApp]
    "ImagePath"="%SystemRoot%\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235}"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\crcdisk]
    "ImagePath"="system32\drivers\crcdisk.sys"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Crusoe]
    "ImagePath"="\SystemRoot\system32\drivers\crusoe.sys"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\crypt32]
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\CryptSvc]
    "ServiceDll"="%SystemRoot%\system32\cryptsvc.dll"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\CscService]
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\DCLocator]
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\DcomLaunch]
    "ServiceDll"="%SystemRoot%\system32\rpcss.dll"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\DfsC]
    "ImagePath"="System32\Drivers\dfsc.sys"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\DFSR]
    "ImagePath"="%SystemRoot%\system32\DFSR.exe"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Dhcp]
    "ServiceDll"="%SystemRoot%\system32\dhcpcsvc.dll"

    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\disk]
    "ImagePath"="system32\drivers\disk.sys"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Dnscache]
    "ServiceDll"="%SystemRoot%\System32\dnsrslvr.dll"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\dot3svc]
    "ServiceDll"="%SystemRoot%\System32\dot3svc.dll"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\DPS]
    "ServiceDll"="%SystemRoot%\system32\dps.dll"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\drmkaud]
    "ImagePath"="system32\drivers\drmkaud.sys"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\DXGKrnl]
    "ImagePath"="\SystemRoot\System32\drivers\dxgkrnl.sys"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\E1G60]
    "ImagePath"="system32\DRIVERS\E1G60I32.sys"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\EapHost]
    "ServiceDll"="%SystemRoot%\System32\eapsvc.dll"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Ecache]
    "ImagePath"="System32\drivers\ecache.sys"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\ehRecvr]
    "ImagePath"="%systemroot%\ehome\ehRecvr.exe"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\ehSched]
    "ImagePath"="%systemroot%\ehome\ehsched.exe"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\ehstart]
    "ServiceDll"="%SystemRoot%\ehome\ehstart.dll"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\elxstor]
    "ImagePath"="\SystemRoot\system32\drivers\elxstor.sys"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\EmdCache]
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\EMDMgmt]
    "ServiceDll"="%systemroot%\system32\emdmgmt.dll"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\ESENT]
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Eventlog]
    "ServiceDll"="%SystemRoot%\System32\wevtsvc.dll"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\EventSystem]
    "ServiceDll"="%systemroot%\system32\es.dll"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\exfat]
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\fastfat]
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\fdc]
    "ImagePath"="system32\DRIVERS\fdc.sys"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\fdPHost]
    "ServiceDll"="%SystemRoot%\system32\fdPHost.dll"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\FDResPub]
    "ServiceDll"="%SystemRoot%\system32\fdrespub.dll"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\FileInfo]
    "ImagePath"="system32\drivers\fileinfo.sys"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Filetrace]
    "ImagePath"="system32\drivers\filetrace.sys"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\FlashUSB]
    "ImagePath"="System32\Drivers\FlashUSB.sys"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\FLASH_USBDRV]
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\FLEXnet Licensing Service]
    "ImagePath"="\"c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe\""
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\flpydisk]
    "ImagePath"="system32\DRIVERS\flpydisk.sys"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\FltMgr]
    "ImagePath"="system32\drivers\fltmgr.sys"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\FNETTHJM]
    "ImagePath"="system32\drivers\fnetthjm.sys"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\FontCache3.0.0.0]
    "ImagePath"="%systemroot%\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Fs_Rec]
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\gagp30kx]
    "ImagePath"="\SystemRoot\system32\drivers\gagp30kx.sys"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\gpsvc]
    "ServiceDll"="%SystemRoot%\System32\gpsvc.dll"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\gupdate1c9871e2dc4eb71]
    "ImagePath"="c:\program files\Google\Update\GoogleUpdate.exe /svc"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\gupdatem]
    "ImagePath"="c:\program files\Google\Update\GoogleUpdate.exe /medsvc"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\HdAudAddService]
    "ImagePath"="system32\drivers\HdAudio.sys"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\HDAudBus]
    "ImagePath"="system32\DRIVERS\HDAudBus.sys"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\HidBth]
    "ImagePath"="\SystemRoot\system32\drivers\hidbth.sys"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\HidIr]
    "ImagePath"="system32\DRIVERS\hidir.sys"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\hidserv]
    "ServiceDll"="%SystemRoot%\System32\hidserv.dll"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\HidUsb]
    "ImagePath"="system32\DRIVERS\hidusb.sys"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\hitmanpro3]
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\hkmsvc]
    "ServiceDLL"="%SystemRoot%\system32\kmsvc.dll"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\HP Health Check Service]
    "ImagePath"="\"c:\program files\Hewlett-Packard\HP Health Check\hphc_service.exe\""
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\HPBtnSrv]
    "ImagePath"="c:\hp\HPEZBTN\HPBtnSrv.exe"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\HpCISSs]
    "ImagePath"="\SystemRoot\system32\drivers\hpcisss.sys"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\hpqcxs08]
    "ServiceDll"="c:\program files\HP\Digital Imaging\bin\hpqcxs08.dll"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\hpqddsvc]
    "ServiceDll"="c:\program files\HP\Digital Imaging\bin\hpqddsvc.dll"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\HTCAND32]
    "ImagePath"="System32\Drivers\ANDROIDUSB.sys"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\htcnprot]
    "ImagePath"="system32\DRIVERS\htcnprot.sys"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\HTTP]
    "ImagePath"="system32\drivers\HTTP.sys"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\i2omp]
    "ImagePath"="\SystemRoot\system32\drivers\i2omp.sys"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\i8042prt]
    "ImagePath"="system32\DRIVERS\i8042prt.sys"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\IAANTMON]
    "ImagePath"="c:\program files\Intel\Intel Matrix Storage Manager\Iaantmon.exe"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\iaStor]
    "ImagePath"="system32\drivers\iastor.sys"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\iaStorV]
    "ImagePath"="\SystemRoot\system32\drivers\iastorv.sys"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\idsvc]
    "ImagePath"="\"%systemroot%\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe\""
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\iirsp]
    "ImagePath"="\SystemRoot\system32\drivers\iirsp.sys"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\IKEEXT]
    "ServiceDll"="%SystemRoot%\System32\ikeext.dll"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\inetaccs]
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\IntcAzAudAddService]
    "ImagePath"="system32\drivers\RTKVHDA.sys"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\intelide]
    "ImagePath"="\SystemRoot\system32\drivers\intelide.sys"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\intelppm]
    "ImagePath"="system32\DRIVERS\intelppm.sys"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\IPBusEnum]
    "ServiceDll"="%SystemRoot%\system32\ipbusenum.dll"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\IpFilterDriver]
    "ImagePath"="system32\DRIVERS\ipfltdrv.sys"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\iphlpsvc]
    "ServiceDll"="%SystemRoot%\System32\iphlpsvc.dll"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\IpInIp]
    "ImagePath"="system32\DRIVERS\ipinip.sys"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\IPMIDRV]
    "ImagePath"="\SystemRoot\system32\drivers\ipmidrv.sys"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\IPNAT]
    "ImagePath"="system32\DRIVERS\ipnat.sys"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\IRENUM]
    "ImagePath"="system32\drivers\irenum.sys"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\isapnp]
    "ImagePath"="\SystemRoot\system32\drivers\isapnp.sys"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\iScsiPrt]
    "ImagePath"="system32\DRIVERS\msiscsi.sys"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\iteatapi]
    "ImagePath"="\SystemRoot\system32\drivers\iteatapi.sys"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\iteraid]
    "ImagePath"="\SystemRoot\system32\drivers\iteraid.sys"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\kbdclass]
    "ImagePath"="system32\DRIVERS\kbdclass.sys"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\kbdhid]
    "ImagePath"="system32\DRIVERS\kbdhid.sys"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\KeyIso]
    "ImagePath"="%SystemRoot%\system32\lsass.exe"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\KSecDD]
    "ImagePath"="System32\Drivers\ksecdd.sys"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\KtmRm]
    "ServiceDll"="%systemroot%\system32\msdtckrm.dll"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\LanmanServer]
    "ServiceDll"="%SystemRoot%\System32\srvsvc.dll"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\LanmanWorkstation]
    "ServiceDll"="%SystemRoot%\System32\wkssvc.dll"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Lbd]
    "ImagePath"="system32\DRIVERS\Lbd.sys"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\LBTServ]
    "ImagePath"="c:\program files\Common Files\LogiShrd\Bluetooth\lbtserv.exe"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\ldap]
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\LGBusEnum]
    "ImagePath"="system32\drivers\LGBusEnum.sys"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\LGVirHid]
    "ImagePath"="system32\drivers\LGVirHid.sys"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\LHidFilt]
    "ImagePath"="system32\DRIVERS\LHidFilt.Sys"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\LHidKe]
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\LightScribeService]
    "ImagePath"="\"c:\program files\Common Files\LightScribe\LSSrvc.exe\""
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\lltdio]
    "ImagePath"="system32\DRIVERS\lltdio.sys"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\lltdsvc]
    "ServiceDll"="%SystemRoot%\System32\lltdsvc.dll"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\lmhosts]
    "ServiceDll"="%SystemRoot%\System32\lmhsvc.dll"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\LMouFilt]
    "ImagePath"="system32\DRIVERS\LMouFilt.Sys"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Lsa]
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\LSI_FC]
    "ImagePath"="\SystemRoot\system32\drivers\lsi_fc.sys"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\LSI_SAS]
    "ImagePath"="\SystemRoot\system32\drivers\lsi_sas.sys"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\LSI_SCSI]
    "ImagePath"="\SystemRoot\system32\drivers\lsi_scsi.sys"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\luafv]
    "ImagePath"="\SystemRoot\system32\drivers\luafv.sys"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\LUsbFilt]
    "ImagePath"="System32\Drivers\LUsbFilt.Sys"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\MBAMSwissArmy]
    "ImagePath"="\??\c:\windows\system32\drivers\mbamswissarmy.sys"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Mcx2Svc]
    "ServiceDll"="%SystemRoot%\system32\Mcx2Svc.dll"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\megasas]
    "ImagePath"="\SystemRoot\system32\drivers\megasas.sys"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\MMCSS]
    "ServiceDll"="%SystemRoot%\system32\mmcss.dll"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Modem]
    "ImagePath"="system32\drivers\modem.sys"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\monitor]
    "ImagePath"="system32\DRIVERS\monitor.sys"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\mouclass]
    "ImagePath"="system32\DRIVERS\mouclass.sys"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\mouhid]
    "ImagePath"="system32\DRIVERS\mouhid.sys"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\MountMgr]
    "ImagePath"="System32\drivers\mountmgr.sys"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\mpio]
    "ImagePath"="\SystemRoot\system32\drivers\mpio.sys"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\mpsdrv]
    "ImagePath"="System32\drivers\mpsdrv.sys"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\MpsSvc]
    "ServiceDll"="%SystemRoot%\system32\mpssvc.dll"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Mraid35x]
    "ImagePath"="\SystemRoot\system32\drivers\mraid35x.sys"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\MRxDAV]
    "ImagePath"="\SystemRoot\system32\drivers\mrxdav.sys"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\mrxsmb]
    "ImagePath"="system32\DRIVERS\mrxsmb.sys"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\mrxsmb10]
    "ImagePath"="system32\DRIVERS\mrxsmb10.sys"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\mrxsmb20]
    "ImagePath"="system32\DRIVERS\mrxsmb20.sys"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\msahci]
    "ImagePath"="\SystemRoot\system32\drivers\msahci.sys"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\msdsm]
    "ImagePath"="\SystemRoot\system32\drivers\msdsm.sys"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\MSDTC]
    "ImagePath"="%SystemRoot%\System32\msdtc.exe"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\MSDTC Bridge 3.0.0.0]
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\MSDTC Bridge 4.0.0.0]
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\MSDV]
    "ImagePath"="system32\DRIVERS\msdv.sys"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Msfs]
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\msisadrv]
    "ImagePath"="system32\drivers\msisadrv.sys"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\MSiSCSI]
    "ServiceDll"="%systemroot%\system32\iscsiexe.dll"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\msiserver]
    "ImagePath"="%systemroot%\system32\msiexec.exe /V"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\MSKSSRV]
    "ImagePath"="system32\drivers\MSKSSRV.sys"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\MSPCLOCK]
    "ImagePath"="system32\drivers\MSPCLOCK.sys"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\MSPQM]
    "ImagePath"="system32\drivers\MSPQM.sys"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\MsRPC]
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\MSSCNTRS]
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\mssmbios]
    "ImagePath"="system32\DRIVERS\mssmbios.sys"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\MSTEE]
    "ImagePath"="system32\drivers\MSTEE.sys"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Mup]
    "ImagePath"="System32\Drivers\mup.sys"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services
    apagent]
    "ServiceDLL"="%SystemRoot%\system32\qagentRT.dll"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\NativeWifiP]
    "ImagePath"="system32\DRIVERS
    wifi.sys"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\NDIS]
    "ImagePath"="system32\drivers
    dis.sys"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\NdisTapi]
    "ImagePath"="system32\DRIVERS
    distapi.sys"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Ndisuio]
    "ImagePath"="system32\DRIVERS
    disuio.sys"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\NdisWan]
    "ImagePath"="system32\DRIVERS
    diswan.sys"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\NDProxy]
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\NetBIOS]
    "ImagePath"="system32\DRIVERS
    etbios.sys"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services
    etbt]
    "ImagePath"="System32\DRIVERS
    etbt.sys"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Netlogon]
    "ImagePath"="%SystemRoot%\system32\lsass.exe"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Netman]
    "ServiceDll"="%SystemRoot%\System32
    etman.dll"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services
    etprofm]
    "ServiceDll"="%SystemRoot%\System32
    etprofm.dll"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services
    etr73]
    "ImagePath"="system32\DRIVERS
    etr73.sys"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\NetTcpPortSharing]
    "ImagePath"="\"%systemroot%\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe\""
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services
    frd960]
    "ImagePath"="\SystemRoot\system32\drivers
    frd960.sys"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\NlaSvc]
    "ServiceDll"="%SystemRoot%\System32
    lasvc.dll"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\NMIndexingService]
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\NMSAccess]
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\NMSAccessU]
    "ImagePath"="c:\program files\CDBurnerXP\NMSAccessU.exe"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Nokia Music]
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Npfs]
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services
    si]
    "ServiceDll"="%systemroot%\system32
    sisvc.dll"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services
    siproxy]
    "ImagePath"="system32\drivers
    siproxy.sys"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\NTDS]
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Ntfs]
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services
    trigdigi]
    "ImagePath"="\SystemRoot\system32\drivers
    trigdigi.sys"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Null]
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services
    vlddmkm]
    "ImagePath"="system32\DRIVERS
    vlddmkm.sys"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services
    vraid]
    "ImagePath"="\SystemRoot\system32\drivers
    vraid.sys"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services
    vstor]
    "ImagePath"="\SystemRoot\system32\drivers
    vstor.sys"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services
    vsvc]
    "ImagePath"="c:\windows\system32
    vvsvc.exe"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services
    vUpdatusService]
    "ImagePath"="c:\program files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services
    v_agp]
    "ImagePath"="\SystemRoot\system32\drivers
    v_agp.sys"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\NwlnkFlt]
    "ImagePath"="system32\DRIVERS
    wlnkflt.sys"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\NwlnkFwd]
    "ImagePath"="system32\DRIVERS
    wlnkfwd.sys"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\odserv]
    "ImagePath"="\"c:\program files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE\""
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\ohci1394]
    "ImagePath"="system32\DRIVERS\ohci1394.sys"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\ose]
    "ImagePath"="\"c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE\""
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Outlook]
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\p2pimsvc]
    "ServiceDll"="%SystemRoot%\system32\p2psvc.dll"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\p2psvc]
    "ServiceDll"="%SystemRoot%\system32\p2psvc.dll"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Parport]
    "ImagePath"="\SystemRoot\system32\drivers\parport.sys"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\partmgr]
    "ImagePath"="System32\drivers\partmgr.sys"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Parvdm]
    "ImagePath"="\SystemRoot\system32\drivers\parvdm.sys"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\PassThru Service]
    "ImagePath"="c:\program files\HTC\Internet Pass-Through\PassThruSvr.exe"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\PcaSvc]
    "ServiceDll"="%SystemRoot%\System32\pcasvc.dll"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\PcdrNdisuio]
    "ImagePath"="system32\DRIVERS\pcdrndisuio.sys"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\pci]
    "ImagePath"="system32\drivers\pci.sys"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\pciide]
    "ImagePath"="\SystemRoot\system32\drivers\pciide.sys"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\pcmcia]
    "ImagePath"="\SystemRoot\system32\drivers\pcmcia.sys"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\PEAUTH]
    "ImagePath"="system32\drivers\peauth.sys"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\PerfDisk]
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\PerfNet]
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\PerfOS]
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\PerfProc]
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\pla]
    "ServiceDll"="%systemroot%\system32\pla.dll"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\PlugPlay]
    "ServiceDll"="%SystemRoot%\system32\umpnpmgr.dll"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\PnkBstrA]
    "ImagePath"="c:\windows\system32\PnkBstrA.exe"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\PNRPAutoReg]
    "ServiceDll"="%SystemRoot%\system32\p2psvc.dll"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\PNRPsvc]
    "ServiceDll"="%SystemRoot%\system32\p2psvc.dll"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\PolicyAgent]
    "ServiceDll"="%SystemRoot%\System32\ipsecsvc.dll"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\PortProxy]
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\PptpMiniport]
    "ImagePath"="system32\DRIVERS\raspptp.sys"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Processor]
    "ImagePath"="\SystemRoot\system32\drivers\processr.sys"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\ProfSvc]
    "ServiceDll"="%systemroot%\system32\profsvc.dll"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\ProtectedStorage]
    "ImagePath"="%SystemRoot%\system32\lsass.exe"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\PSched]
    "ImagePath"="system32\DRIVERS\pacer.sys"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\PxHelp20]
    "ImagePath"="System32\Drivers\PxHelp20.sys"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\ql2300]
    "ImagePath"="\SystemRoot\system32\drivers\ql2300.sys"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\ql40xx]
    "ImagePath"="\SystemRoot\system32\drivers\ql40xx.sys"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\QWAVE]
    "ServiceDll"="%windir%\system32\qwave.dll"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\QWAVEdrv]
    "ImagePath"="\SystemRoot\system32\drivers\qwavedrv.sys"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\RasAcd]
    "ImagePath"="System32\DRIVERS\rasacd.sys"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\RasAuto]
    "ServiceDll"="%SystemRoot%\System32\rasauto.dll"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Rasl2tp]
    "ImagePath"="system32\DRIVERS\rasl2tp.sys"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\RasMan]
    "ServiceDll"="%SystemRoot%\System32\rasmans.dll"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\RasPppoe]
    "ImagePath"="system32\DRIVERS\raspppoe.sys"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\RasSstp]
    "ImagePath"="system32\DRIVERS\rassstp.sys"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\rdbss]
    "ImagePath"="system32\DRIVERS\rdbss.sys"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\RDPCDD]
    "ImagePath"="System32\DRIVERS\RDPCDD.sys"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\RDPDD]
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\rdpdr]
    "ImagePath"="\SystemRoot\system32\drivers\rdpdr.sys"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\RDPENCDD]
    "ImagePath"="system32\drivers\rdpencdd.sys"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\RDPNP]
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\RDPWD]
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\RemoteAccess]
    "ServiceDLL"="%SystemRoot%\System32\mprdim.dll"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\RemoteRegistry]
    "ServiceDll"="%SystemRoot%\system32\regsvc.dll"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\RpcLocator]
    "ImagePath"="%SystemRoot%\system32\locator.exe"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\RpcSs]
    "ServiceDll"="%SystemRoot%\system32\rpcss.dll"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\rspndr]
    "ImagePath"="system32\DRIVERS\rspndr.sys"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\RTL8169]
    "ImagePath"="system32\DRIVERS\Rtlh86.sys"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\RTSTOR]
    "ImagePath"="system32\drivers\RTSTOR.SYS"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\SamSs]
    "ImagePath"="%SystemRoot%\system32\lsass.exe"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\sbp2port]
    "ImagePath"="\SystemRoot\system32\drivers\sbp2port.sys"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\SCardSvr]
    "ServiceDll"="%SystemRoot%\System32\SCardSvr.dll"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Schedule]
    "ServiceDll"="%systemroot%\system32\schedsvc.dll"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\SCPolicySvc]
    "ServiceDll"="%SystemRoot%\System32\certprop.dll"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\SDRSVC]
    "ServiceDll"="%Systemroot%\System32\SDRSVC.dll"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\secdrv]
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\seclogon]
    "ServiceDll"="%windir%\system32\seclogon.dll"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\SENS]
    "ServiceDll"="%SystemRoot%\system32\sens.dll"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Serenum]
    "ImagePath"="\SystemRoot\system32\drivers\serenum.sys"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Serial]
    "ImagePath"="\SystemRoot\system32\drivers\serial.sys"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\sermouse]
    "ImagePath"="\SystemRoot\system32\drivers\sermouse.sys"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\ServiceModelEndpoint 3.0.0.0]
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\ServiceModelOperation 3.0.0.0]
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\ServiceModelService 3.0.0.0]
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\SessionEnv]
    "ServiceDLL"="%SystemRoot%\system32\sessenv.dll"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\sffdisk]
    "ImagePath"="\SystemRoot\system32\drivers\sffdisk.sys"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\sffp_mmc]
    "ImagePath"="\SystemRoot\system32\drivers\sffp_mmc.sys"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\sffp_sd]
    "ImagePath"="\SystemRoot\system32\drivers\sffp_sd.sys"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\sfloppy]
    "ImagePath"="\SystemRoot\system32\drivers\sfloppy.sys"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\SharedAccess]
    "ServiceDll"="%SystemRoot%\System32\ipnathlp.dll"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\ShellHWDetection]
    "ServiceDll"="%SystemRoot%\System32\shsvcs.dll"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\sisagp]
    "ImagePath"="\SystemRoot\system32\drivers\sisagp.sys"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\SiSRaid2]
    "ImagePath"="\SystemRoot\system32\drivers\sisraid2.sys"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\SiSRaid4]
    "ImagePath"="\SystemRoot\system32\drivers\sisraid4.sys"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\slsvc]
    "ImagePath"="%SystemRoot%\system32\SLsvc.exe"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\SLUINotify]
    "ServiceDll"="%SystemRoot%\system32\SLUINotify.dll"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\SmartDefragBootTime]
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\SmartDefragDriver]
    "ImagePath"="System32\Drivers\SmartDefragDriver.sys"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Smb]
    "ImagePath"="system32\DRIVERS\smb.sys"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\SMSvcHost 3.0.0.0]
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\SMSvcHost 4.0.0.0]
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\SNMPTRAP]
    "ImagePath"="%SystemRoot%\System32\snmptrap.exe"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\spldr]
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\splitter]
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Spooler]
    "ImagePath"="%SystemRoot%\System32\spoolsv.exe"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\sprtsvc_KPN]
    "ImagePath"="\"c:\program files\KPN\bin\sprtsvc.exe\" /service /p KPN"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\srv]
    "ImagePath"="System32\DRIVERS\srv.sys"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\srv2]
    "ImagePath"="System32\DRIVERS\srv2.sys"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\srvnet]
    "ImagePath"="System32\DRIVERS\srvnet.sys"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\SSDPSRV]
    "ServiceDll"="%SystemRoot%\System32\ssdpsrv.dll"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\SstpSvc]
    "ServiceDll"="%SystemRoot%\system32\sstpsvc.dll"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\StarOpen]
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Steam Client Service]
    "ImagePath"="c:\program files\Common Files\Steam\SteamService.exe /RunAsService"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Stereo Service]
    "ImagePath"="c:\program files\NVIDIA Corporation\3D Vision
    vSCPAPISvr.exe"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\stisvc]
    "ServiceDll"="%SystemRoot%\System32\wiaservc.dll"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\swenum]
    "ImagePath"="system32\DRIVERS\swenum.sys"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\swmidi]
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\swprv]
    "ServiceDll"="%Systemroot%\System32\swprv.dll"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Symc8xx]
    "ImagePath"="\SystemRoot\system32\drivers\symc8xx.sys"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\SymIM]
    "ImagePath"="system32\DRIVERS\SymIM.sys"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\SymIMMP]
    "ImagePath"="system32\DRIVERS\SymIM.sys"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Sym_hi]
    "ImagePath"="\SystemRoot\system32\drivers\sym_hi.sys"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Sym_u3]
    "ImagePath"="\SystemRoot\system32\drivers\sym_u3.sys"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\SysMain]
    "ServiceDll"="%systemroot%\system32\sysmain.dll"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\TabletInputService]
    "ServiceDll"="%SystemRoot%\System32\TabSvc.dll"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\TapiSrv]
    "ServiceDll"="%SystemRoot%\System32\tapisrv.dll"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\TBPanel]
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\TBS]
    "ServiceDll"="%SystemRoot%\System32\tbssvc.dll"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Tcpip]
    "ImagePath"="System32\drivers\tcpip.sys"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Tcpip6]
    "ImagePath"="system32\DRIVERS\tcpip.sys"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\tcpipreg]
    "ImagePath"="System32\drivers\tcpipreg.sys"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\TDPIPE]
    "ImagePath"="system32\drivers\tdpipe.sys"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\TDTCP]
    "ImagePath"="system32\drivers\tdtcp.sys"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\tdx]
    "ImagePath"="system32\DRIVERS\tdx.sys"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\TeamViewer6]
    "ImagePath"="c:\program files\TeamViewer\Version6\TeamViewer_Service.exe"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\TermDD]
    "ImagePath"="system32\DRIVERS\termdd.sys"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\TermService]
    "ServiceDll"="%SystemRoot%\System32\termsrv.dll"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\TfFsMon]
    "ImagePath"="system32\drivers\TfFsMon.sys"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\TfNetMon]
    "ImagePath"="\??\c:\windows\system32\drivers\TfNetMon.sys"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\TfSysMon]
    "ImagePath"="system32\drivers\TfSysMon.sys"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Themes]
    "ServiceDll"="%SystemRoot%\system32\shsvcs.dll"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\THREADORDER]
    "ServiceDll"="%SystemRoot%\system32\mmcss.dll"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\TomTomHOMEService]
    "ImagePath"="c:\program files\TomTom HOME 2\TomTomHOMEService.exe"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\TrkWks]
    "ServiceDll"="%SystemRoot%\System32\trkwks.dll"

    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\TrustedInstaller]
    "ImagePath"="%SystemRoot%\servicing\TrustedInstaller.exe"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\TSDDD]
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\tssecsrv]
    "ImagePath"="System32\DRIVERS\tssecsrv.sys"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\tunmp]
    "ImagePath"="system32\DRIVERS\tunmp.sys"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\tunnel]
    "ImagePath"="system32\DRIVERS\tunnel.sys"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\uagp35]
    "ImagePath"="\SystemRoot\system32\drivers\uagp35.sys"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\udfs]
    "ImagePath"="system32\DRIVERS\udfs.sys"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\UGatherer]
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\UGTHRSVC]
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\UI0Detect]
    "ImagePath"="%SystemRoot%\system32\UI0Detect.exe"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\uliagpkx]
    "ImagePath"="\SystemRoot\system32\drivers\uliagpkx.sys"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\uliahci]
    "ImagePath"="\SystemRoot\system32\drivers\uliahci.sys"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\UlSata]
    "ImagePath"="\SystemRoot\system32\drivers\ulsata.sys"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\ulsata2]
    "ImagePath"="\SystemRoot\system32\drivers\ulsata2.sys"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\umbus]
    "ImagePath"="system32\DRIVERS\umbus.sys"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\UmRdpService]
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\upnphost]
    "ServiceDll"="%SystemRoot%\System32\upnphost.dll"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\usb]
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\usbaudio]
    "ImagePath"="system32\drivers\usbaudio.sys"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\usbbus]
    "ImagePath"="system32\DRIVERS\lgusbbus.sys"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\usbccgp]
    "ImagePath"="system32\DRIVERS\usbccgp.sys"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\usbcir]
    "ImagePath"="system32\DRIVERS\usbcir.sys"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\UsbDiag]
    "ImagePath"="system32\DRIVERS\lgusbdiag.sys"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\usbehci]
    "ImagePath"="system32\DRIVERS\usbehci.sys"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\usbhub]
    "ImagePath"="system32\DRIVERS\usbhub.sys"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\USBModem]
    "ImagePath"="system32\DRIVERS\lgusbmodem.sys"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\usbohci]
    "ImagePath"="\SystemRoot\system32\drivers\usbohci.sys"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\usbprint]
    "ImagePath"="system32\DRIVERS\usbprint.sys"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\usbscan]
    "ImagePath"="system32\DRIVERS\usbscan.sys"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\USBSTOR







































  • Hoi, niet om het even, maar ComboFix geeft niet aan dat er iets nieuws is geïnstalleerd, maar schijnbaar is er van alles wat betreft netwerksoftware erbij hekomen?
  • Ik heb gedaan zoals je het beschreef, en er is geen software bij gekomen. Wel kon ik na het scannen geen programma's meer starten, kreeg een foutmelding. Denk dat het daar mee te maken heeft. Na het opnieuw opstarten van de pc deed alles het weer. Wat nu?
  • Doe het volgende:

    [b:64a051d7d3]Doe de ESET online scan (Klik).[/b:64a051d7d3]
    [list:64a051d7d3]
    [*:64a051d7d3]Klik op de knop [b:64a051d7d3]ESET Online Scanner[/b:64a051d7d3]
    [*:64a051d7d3]Zet een vinkje bij [b:64a051d7d3]YES, I accept the Terms of Use[/b:64a051d7d3]
    [*:64a051d7d3]Klik op [b:64a051d7d3]Start[/b:64a051d7d3]
    [*:64a051d7d3]Sta het ActiveX control toe om te installeren.
    [*:64a051d7d3]Zet een vinkje bij de volgende opties:
    [list:64a051d7d3][*:64a051d7d3][b:64a051d7d3]Remove found threats[/b:64a051d7d3]
    [*:64a051d7d3][b:64a051d7d3]Scan archives[/b:64a051d7d3][/list:u:64a051d7d3]
    [*:64a051d7d3]Klik vervolgens op [b:64a051d7d3]
  • C:\Program Files\Uniblue\RegistryBooster\decryptor_module.dll Win32/RegistryBooster application cleaned by deleting - quarantined
    C:\Program Files\Uniblue\RegistryBooster\Launcher.exe Win32/RegistryBooster application cleaned by deleting - quarantined
    C:\Program Files\Uniblue\RegistryBooster\rbmonitor.exe Win32/RegistryBooster application cleaned by deleting - quarantined
    C:\Program Files\Uniblue\RegistryBooster\rbnotifier.exe Win32/RegistryBooster application cleaned by deleting - quarantined
    C:\Program Files\Uniblue\RegistryBooster\rb_move_serial.exe Win32/RegistryBooster application cleaned by deleting - quarantined
    C:\Program Files\Uniblue\RegistryBooster\rb_track_install.exe Win32/RegistryBooster application cleaned by deleting - quarantined
    C:\Program Files\Uniblue\RegistryBooster\registrybooster.exe Win32/RegistryBooster application cleaned by deleting - quarantined
    C:\ProgramData\{F03307B7-E779-4F5E-A32E-9A73D8D6E0F2}\rbia.exe Win32/RegistryBooster application cleaned by deleting - quarantined
    C:\Qoobox\Quarantine\C\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe.vir a variant of Win32/Adware.Toolbar.Dealio application cleaned by deleting - quarantined
    C:\Users\bigadje\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00c1c7 Win32/OpenCandy application deleted - quarantined
    C:\Users\bigadje\Documents\Muziek\Incomplete\T-3545425-westerhaar.mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan cleaned - quarantined
    C:\Users\bigadje\Downloads\cnet_netscape-navigator-9_0_0_6_exe.exe a variant of Win32/InstallCore.D application cleaned by deleting - quarantined
    C:\Users\bigadje\Downloads\CNET_TechTracker_2_0_4_Setup.exe Win32/OpenCandy application deleted - quarantined
  • Hoi, had jij RegistyBooster soms illegitiem in gebruik?

    Op zich heb ik er overigens geen probleem mee ook dat het tool verwijderd is!

    http://www.youtube.com/watch?v=KCFCUQ_P0rk
  • Nee hoor, niet dat ik weet. Dan neem ik aand at verder alles oke is.

    Dank voor je hulp.

    Groet
    Arnold
  • Hallo Arnold, ik vertrouw het nog niet helemaal.

    Doe daarom het volgende:

    Download de [b:8a5fe8e0ab][/b:8a5fe8e0ab] naar het bureaublad en pak het [b:8a5fe8e0ab]ZIP[/b:8a5fe8e0ab] bestand uit.
    [list:8a5fe8e0ab]
    [*:8a5fe8e0ab] Open de map "[b:8a5fe8e0ab]EmsisoftEmergencyKit[/b:8a5fe8e0ab]" en dubbelklik op "[b:8a5fe8e0ab]Start.exe[/b:8a5fe8e0ab]"
    [*:8a5fe8e0ab] Klik nu op "[b:8a5fe8e0ab]Emergency Kit Scanner[/b:8a5fe8e0ab]" u krijg nu een melding dat het is aanbevolen om eerst te updaten sta dit toe door te klikken op "[b:8a5fe8e0ab]Ja[/b:8a5fe8e0ab]"
    [img:8a5fe8e0ab]http://i1103.photobucket.com/albums/g476/pcwebplus/EmsisoftEK11.jpg[/img:8a5fe8e0ab]
    [*:8a5fe8e0ab] Als de update gereed is en de melding "[b:8a5fe8e0ab]Update process is succesvol afgerond[/b:8a5fe8e0ab]" verschijnt klikt u op "[b:8a5fe8e0ab]menu[/b:8a5fe8e0ab]" en dan op "[b:8a5fe8e0ab]Scan PC[/b:8a5fe8e0ab]"
    [*:8a5fe8e0ab] Selecteer de optie "[b:8a5fe8e0ab]Diep[/b:8a5fe8e0ab]" als deze niet standaard al zo is ingesteld.
    [*:8a5fe8e0ab] Klik Nu op de knop "[b:8a5fe8e0ab]Scan[/b:8a5fe8e0ab]" en doe verder niets op de computer tijdens het scannen, deze scan kan een geruime tijd in beslag nemen dus wacht dit geduldig af.
    [*:8a5fe8e0ab] Het venster met de waarschuwing over een verhoogd risico kunt u sluiten als de scan gereed is.
    [*:8a5fe8e0ab] Zorg ervoor dat alle gevonden items zijn aangevinkt en druk dan op de knop "[b:8a5fe8e0ab]verwijder geselecteerde[/b:8a5fe8e0ab]" u zal nu de volgende melding krijgen maar klik hier op "[b:8a5fe8e0ab]Ja[/b:8a5fe8e0ab]"
    [img:8a5fe8e0ab]http://i1103.photobucket.com/albums/g476/pcwebplus/EmsisoftEK2.jpg[/img:8a5fe8e0ab]
    [*:8a5fe8e0ab] Als het verwijderen gereed is klikt u op de knop "[b:8a5fe8e0ab]View report[/b:8a5fe8e0ab]" en selecteert u het tekstbestand van deze scan met de naam zoals: [b:8a5fe8e0ab]a2scan_110730-111615.txt[/b:8a5fe8e0ab]
    [*:8a5fe8e0ab] Plaats de inhoud van dit LOG bestand straks in uw volgende bericht.
    [*:8a5fe8e0ab] Herstart nu de computer.[/list:u:8a5fe8e0ab]

Beantwoord deze vraag

Dit is een gearchiveerde pagina. Antwoorden is niet meer mogelijk.