Vraag & Antwoord

Beveiliging & privacy

Somoto en Bigseekpro probleem

28 antwoorden
  • Als ik in Chrome iets in de titelbalk type knalt hij me door naar Somoto zoekmachine of een Bigseek zoekmachine. Denk dat het een spyware oid is. Hoe krijg ik dat weg? Heb al een scan gedaan met Adware. Hierbij de Hijack file. Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 0:56:52, on 2-11-2011 Platform: Windows Vista SP1 (WinNT 6.00.1905) MSIE: Internet Explorer v8.00 (8.00.6001.19088) Boot mode: Normal Running processes: C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files\NVIDIA Corporation\Display\nvtray.exe C:\Program Files\AVG\AVG10\avgtray.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe C:\Windows\system32\wbem\unsecapp.exe C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe C:\Program Files\Windows Live\Messenger\msnmsgr.exe C:\Program Files\Windows Live\Contacts\wlcomm.exe C:\Program Files\Xfire\Xfire.exe C:\Users\bigadje\AppData\Local\Google\Chrome\Application\chrome.exe C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe C:\Users\bigadje\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\bigadje\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\bigadje\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\bigadje\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\bigadje\AppData\Local\Google\Chrome\Application\chrome.exe C:\Windows\system32\DllHost.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://nl.msn.com/ R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=nl_nl&c=81&bd=Pavilion&pf=desktop R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R3 - URLSearchHook: (no name) - {1392b8d2-5c05-419f-a8f6-b9f15a596612} - (no file) R3 - URLSearchHook: (no name) - {5e5ab302-7f65-44cd-8211-c1d4caaccea3} - (no file) O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file) O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - (no file) O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG10\avgssie.dll O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O2 - BHO: (no name) - {ce18769b-c7fa-42d2-860d-17c4662c70ad} - (no file) O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - (no file) O3 - Toolbar: (no name) - {1392b8d2-5c05-419f-a8f6-b9f15a596612} - (no file) O4 - HKLM\..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG10\avgtray.exe O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000 O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Free YouTube Download - C:\Users\bigadje\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm O8 - Extra context menu item: Translate this web page with Babylon - res://C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/ActionTU.htm O8 - Extra context menu item: Translate with Babylon - res://C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/Action.htm O9 - Extra button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O9 - Extra 'Tools' menuitem: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\Microsoft Office\Office12\REFIEBAR.DLL O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programs\PartyGaming\PartyPoker\RunApp.exe (file missing) O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programs\PartyGaming\PartyPoker\RunApp.exe (file missing) O9 - Extra button: HP Slim selecteren - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/NL-NL/a-UNO1/GAME_UNO1.cab O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - http://download.divx.com/player/DivXBrowserPlugin.cab O16 - DPF: {888078C6-70B2-4F88-8EE7-1F50DDEA6120} (CeWe Color AG & Co. OHG Control) - https://as.photoprintit.de/ips-opdata/activex/ImageUploader6.cab O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game02.zylom.com/activex/zylomgamesplayer.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab O16 - DPF: {E55FD215-A32E-43FE-A777-A7E8F165F557} (Flatcast Viewer 5.0) - http://data.myflatcast.com/data/objects/NpFv501.dll O16 - DPF: {E6F480FC-BD44-4CBA-B74A-89AF7842937D} (SysInfo Class) - http://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_cyri_4.3.1.0.cab O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{DDCD2313-0166-4931-AD83-0B80E2A01BD5}: NameServer = 8.8.8.8,8.8.4.4 O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG10\avgpp.dll O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll O22 - SharedTaskScheduler: ObjectDockShellExt - {1984D045-52CF-49cd-DB77-08F378FEA4DB} - (no file) O23 - Service: Advanced SystemCare Service (AdvancedSystemCareService) - IObit - C:\Program Files\IObit\Advanced SystemCare 4\ASCService.exe O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG10\avgwdsvc.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: Google Update Service (gupdate1c9871e2dc4eb71) (gupdate1c9871e2dc4eb71) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe O23 - Service: HP Chasis Button Service (HPBtnSrv) - Unknown owner - c:\hp\HPEZBTN\HPBtnSrv.exe O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe O23 - Service: Lavasoft Ad-Aware Service - Lavasoft Limited - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe O23 - Service: Internet Pass-Through Service (PassThru Service) - Unknown owner - C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe O23 - Service: SupportSoft Sprocket Service (KPN) (sprtsvc_KPN) - SupportSoft, Inc. - C:\Program Files\KPN\bin\sprtsvc.exe O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe O23 - Service: TeamViewer 6 (TeamViewer6) - TeamViewer GmbH - C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe O23 - Service: TomTomHOMEService - TomTom - C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe -- End of file - 9948 bytes
  • Hallo bigadje, probeer het tool [b:72a4f6cd00]Toolbar Cleaner[/b:72a4f6cd00]. Het probleem is namelijk dat Google's Chrome instellingen nog niet in logs vermeld worden! http://www.gratissoftwaresite.nl/downloads/taxonomy/term/543 He zal je duidelijk zijn, dat je de toolbars eerst aanvinkt die je kwijt wilt en dan op de knop Remove klikt. Laat me weten of dat tool doet wat het beloofd en post ook een nieuw Hijack This-log.
  • Hallo, probleem is dat het geen toolbar is, tenminste niet zichtbaar in de balk boven. Hij stuurt je gewoon door naar de desbetreffende pagina. Groet Arnold
  • Hallo Arnold, dan maar kijken of we via ComboFix er achter komen: [b:964a4af957]Welk programma[/b:964a4af957]: ComboFix [b:964a4af957]Waarvoor/waarom[/b:964a4af957]: Zeer specialistische scanner om Windows diepgaand te onderzoeken en zo mogelijk op te schonen. [b:964a4af957]Moeilijkheidsgraad[/b:964a4af957]: Min of meer lastige voorbereidingsfase, dus lees alles eerst goed. [b:964a4af957]Downloadlokatie[/b:964a4af957]: Dit programma absoluut naar het bureaublad downloaden! [b:964a4af957]Download ComboFix via één van deze locaties[/b:964a4af957]: [list:964a4af957][*:964a4af957][url=http://download.bleepingcomputer.com/sUBs/ComboFix.exe][b:964a4af957]Bleepingcomputer[/b:964a4af957][/url] [*:964a4af957][url=http://www.forospyware.com/sUBs/ComboFix.exe][b:964a4af957]ForoSpyware[/b:964a4af957][/url] [*:964a4af957][url=http://subs.geekstogo.com/ComboFix.exe][b:964a4af957]Geekstogo[/b:964a4af957][/url][/list:u:964a4af957] [url=http://www.bleepingcomputer.com/combofix/nl/hoe-dient-combofix-gebruikt-te-worden][b:964a4af957]Hier[/b:964a4af957][/url] zie je hoe je ComboFix moet gebruiken. Antivirusprogramma en actieve malwarescanners dienen al voor de ComboFix start gedeaktiveert zijn! [url=http://www.bleepingcomputer.com/forums/topic114351.html][b:964a4af957]Hier[/b:964a4af957][/url] en [url=http://www.techsupportforum.com/forums/f50/how-to-disable-your-security-applications-490111.html][b:964a4af957]hier[/b:964a4af957][/url] vindt je gegevens hoe antivirusprogramma's en spywarescanners te deaktiveren. [b:964a4af957]Voor alle duidelijkheid nogmaals[/b:964a4af957]: ComboFix dient vanaf het bureaublad gestart te worden. [b:964a4af957]Opmerkingen[/b:964a4af957]: [list:964a4af957][*:964a4af957] Bij gebruik van Windows XP zal er mogelijk gevraagd worden, om de "Recovery Console" te installeren! Sta dit dan toe (hiervoor is een actieve internet verbinding vereist). [*:964a4af957]Vista- en Windows 7 gebruikers starten Combofix op via rechtsklik met Administratorrechten. [*:964a4af957]Alle openstaande programma's en webpagina's dienen afgesloten te zijn.[/list:u:964a4af957] [b:964a4af957]ComboFix is opgestart[/b:964a4af957]: [list:964a4af957][*:964a4af957]Niet in het zwarte venster klikken, hierdoor kan ComboFix of zelfs Windows geheel "bevriezen"! [*:964a4af957]Combofix sluit tijdens de scan de internet verbinding – probeer deze tussentijds niet te herstellen! [*:964a4af957]Het kan voorkomen dat de computer meerdere malen opnieuw opgestart moet worden, dit is normaal. [*:964a4af957]Wanneer ComboFix gereed is, zal het het een logbestand voor je maken. [*:964a4af957]Post de inhoud van dit logbestand in je volgende bericht. [*:964a4af957]Indien het log niet opstart, is dit terug tevinden in C:\ComboFix.txt[/list:u:964a4af957] [b:964a4af957]Belangrijke opmerking[/b:964a4af957]: [list:964a4af957][*:964a4af957][b:964a4af957][color=Red:964a4af957]Indien na de scan bij het opstarten van programma's er een error wordt getoond met de melding:[/color:964a4af957][/b:964a4af957] [*:964a4af957][b:964a4af957][color=blue:964a4af957]Illegal operation attempted on a registery key that has been marked for deletion.[/color:964a4af957][/b:964a4af957] [*:964a4af957][b:964a4af957][color=Red:964a4af957]Start dan de computer opnieuw op.[/color:964a4af957][/b:964a4af957][/list:u:964a4af957]
  • Logbestand ComboFix 11-11-02.03 - bigadje 03-11-2011 0:25.1.2 - x86 Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.31.1043.18.3071.1833 [GMT 1:00] Gestart vanuit: c:\users\bigadje\Desktop\ComboFix.exe AV: AVG Anti-Virus Free Edition 2011 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0} AV: Lavasoft Ad-Watch Live! Anti-Virus *Disabled/Updated* {9FF26384-70D4-CE6B-3ECB-E759A6A40116} SP: AVG Anti-Virus Free Edition 2011 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D} SP: Lavasoft Ad-Watch Live! *Disabled/Updated* {24938260-56EE-C1E5-047B-DC2BDD234BAB} SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . (((((((((((((((((((((((((((((((((( Andere Verwijderingen ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\programdata\3D3 c:\programdata\3D3\mm.db c:\programdata\3D3\thumbnail.db c:\programdata\Microsoft\Windows\Start Menu\Windows Live Messenger .lnk c:\users\bigadje\AppData\Local\log.txt c:\users\bigadje\AppData\Roaming\EurekaLog c:\users\bigadje\AppData\Roaming\EurekaLog\logivert\logivert_PC_BIG_ADJE.elf c:\users\bigadje\AppData\Roaming\Microsoft\~DFK3fed8a.tmp c:\users\bigadje\AppData\Roaming\Microsoft\1eaadjc.dll c:\users\bigadje\AppData\Roaming\Microsoft\bass.dll c:\users\bigadje\AppData\Roaming\Microsoft\kfgresk.dll c:\users\bigadje\AppData\Roaming\Microsoft\mjcriu.dll c:\users\bigadje\AppData\Roaming\Microsoft\peaadje.dll c:\users\bigadje\AppData\Roaming\Microsoft\qwadjb.dll c:\users\bigadje\AppData\Roaming\Microsoft\rsaadjd.dll c:\windows\iun6002.exe c:\windows\system32\CF25095.exe c:\windows\system32\ijl11.dll c:\windows\system32\jucheck.exe c:\windows\system32\uninstall.exe c:\windows\test . . (((((((((((((((((((( Bestanden Gemaakt van 2011-10-02 to 2011-11-02 )))))))))))))))))))))))))))))) . . 2175-05-27 23:15 . 2008-03-05 14:56 3786760 ----a-w- c:\windows\system32\d3dx9_37.dll 2011-11-02 23:35 . 2011-11-02 23:35 -------- d-----w- c:\users\bigadje\AppData\Local\temp 2011-11-02 23:35 . 2011-11-02 23:35 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\temp 2011-11-02 23:35 . 2011-11-02 23:35 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp 2011-11-02 09:41 . 2011-11-02 09:44 -------- d-----w- c:\program files\Toolbar Cleaner 2011-11-02 00:00 . 2011-11-02 00:00 -------- d-----w- c:\program files\Conduit 2011-11-02 00:00 . 2011-11-02 00:00 -------- d-----w- c:\users\bigadje\AppData\Local\Conduit 2011-11-01 23:59 . 2011-11-02 00:00 -------- d-----w- c:\program files\Freecorder 2011-11-01 17:37 . 2011-11-01 17:37 388096 ----a-r- c:\users\bigadje\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe 2011-11-01 17:37 . 2011-11-01 17:37 -------- d-----w- c:\program files\Trend Micro 2011-11-01 01:15 . 2011-10-31 23:40 16432 ----a-w- c:\windows\system32\lsdelete.exe 2011-10-31 23:36 . 2011-08-18 14:25 64512 ----a-w- c:\windows\system32\drivers\Lbd.sys 2011-10-31 23:36 . 2011-10-31 23:36 -------- d-----w- c:\program files\Lavasoft 2011-10-31 23:12 . 2011-10-31 23:14 -------- d-----w- c:\users\bigadje\AppData\Roaming\GetRightToGo 2011-10-31 22:51 . 2011-10-31 22:52 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2011-10-31 22:51 . 2011-08-31 16:00 22216 ----a-w- c:\windows\system32\drivers\mbam.sys 2011-10-31 18:07 . 2011-10-31 18:07 -------- d-----w- c:\users\bigadje\AppData\Roaming\MP4 to MP3 Converter 2011-10-31 18:06 . 2011-10-31 18:06 -------- d-----w- c:\program files\MP4 to MP3 Converter 2011-10-31 18:03 . 2011-10-31 18:03 -------- d-----w- c:\users\bigadje\AppData\Roaming\DVDVideoSoft 2011-10-29 10:48 . 2011-10-29 10:48 -------- d-----w- c:\users\bigadje\AppData\Roaming\Netscape 2011-10-29 10:48 . 2011-10-29 10:48 -------- d-----w- c:\users\bigadje\AppData\Local\Netscape 2011-10-26 17:47 . 2011-10-26 17:47 -------- d-----w- c:\program files\Lame For Audacity 2011-10-15 14:27 . 2011-11-01 15:59 -------- d-----w- C:\Spectrum 2011-10-13 20:29 . 2011-10-13 20:29 42392 ----a-w- c:\windows\system32\xfcodec.dll 2011-10-04 22:58 . 2011-10-04 22:58 -------- d-----w- c:\program files\TweetDeck 2011-10-04 22:57 . 2011-10-26 17:35 -------- d-----w- c:\program files\Audacity 1.3 Beta (Unicode) 2011-10-04 22:44 . 2011-10-04 22:44 -------- d-----w- c:\users\bigadje\AppData\Local\RadioSure 2011-10-04 17:42 . 2011-10-04 22:58 -------- d-----w- c:\users\bigadje\AppData\Roaming\TweetDeckFast.FFF259DC0CE2657847BBB4AFF0E62062EFC56543.1 . . . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-11-02 18:38 . 2008-12-04 18:56 137464 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys 2011-11-02 18:37 . 2009-03-07 10:31 214520 ----a-w- c:\windows\system32\PnkBstrB.xtr 2011-11-02 18:37 . 2008-12-04 18:55 214520 ----a-w- c:\windows\system32\PnkBstrB.exe 2011-11-02 18:37 . 2008-12-04 18:55 214520 ----a-w- c:\windows\system32\PnkBstrB.ex0 2011-10-31 23:40 . 2010-11-01 10:52 101720 ----a-w- c:\windows\system32\drivers\SBREDrv.sys 2011-10-23 21:25 . 2011-06-19 09:44 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2011-10-13 17:27 . 2008-02-09 11:22 75136 ----a-w- c:\windows\system32\PnkBstrA.exe 2011-08-19 14:33 . 2011-09-28 23:14 25944 ----a-w- c:\windows\system32\SmartDefragBootTime.exe 2011-09-29 07:28 . 2011-06-08 19:24 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll . . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond REGEDIT4 . [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks] "{1392b8d2-5c05-419f-a8f6-b9f15a596612}"= "c:\program files\Freecorder\prxtbFree.dll" [2011-01-17 175912] . [HKEY_CLASSES_ROOT\clsid\{1392b8d2-5c05-419f-a8f6-b9f15a596612}] . [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1392b8d2-5c05-419f-a8f6-b9f15a596612}] 2011-01-17 15:54 175912 ----a-w- c:\program files\Freecorder\prxtbFree.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{1392b8d2-5c05-419f-a8f6-b9f15a596612}"= "c:\program files\Freecorder\prxtbFree.dll" [2011-01-17 175912] . [HKEY_CLASSES_ROOT\clsid\{1392b8d2-5c05-419f-a8f6-b9f15a596612}] . [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser] "{1392B8D2-5C05-419F-A8F6-B9F15A596612}"= "c:\program files\Freecorder\prxtbFree.dll" [2011-01-17 175912] . [HKEY_CLASSES_ROOT\clsid\{1392b8d2-5c05-419f-a8f6-b9f15a596612}] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "AVG_TRAY"="c:\program files\AVG\AVG10\avgtray.exe" [2011-09-10 2338656] "TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2010-03-07 202256] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager] BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG10\avgchsvx.exe /sync\0c:\progra~1\AVG\AVG10\avgrsx.exe /sync /restart\0lsdelete . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service] @="Service" HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ad-Watch . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Easy Business Tools 5 Update Setup] 2010-05-26 12:24 3648607 -c--a-w- c:\users\bigadje\AppData\Local\{A354E2E1-A068-49E6-BCB4-C3433B40F33E}\setup_ebt5.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpsysdrv] 2007-04-18 15:01 65536 ----a-w- c:\hp\support\hpsysdrv.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KPN] 2007-10-23 10:36 198184 ----a-w- c:\program files\KPN\bin\sprtcmd.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes' Anti-Malware (reboot)] 2011-08-31 16:00 1047208 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbam.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SearchSettings] 2011-06-24 16:22 534880 ----a-w- c:\program files\Common Files\Spigot\Search Settings\SearchSettings.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe] 2010-03-07 14:51 202256 ----a-w- c:\program files\Common Files\Real\Update_OB\realsched.exe . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring] "DisableMonitoring"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc] "AntiVirusOverride"=dword:00000001 "AntiSpywareOverride"=dword:00000001 . R0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys [x] R0 TfSysMon;TfSysMon;c:\windows\system32\drivers\TfSysMon.sys [x] R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384] R2 gupdate1c9871e2dc4eb71;Google Update Service (gupdate1c9871e2dc4eb71);c:\program files\Google\Update\GoogleUpdate.exe [2009-02-04 133104] R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2011-10-31 2152152] R3 FlashUSB;Flash Loader utility driver;c:\windows\system32\Drivers\FlashUSB.sys [2008-01-25 15453] R3 FNETTHJM;Freecom Turbo USB 2.0;c:\windows\system32\drivers\fnetthjm.sys [2010-01-16 23936] R3 gupdatem;Google Update-service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2009-02-04 133104] R3 hitmanpro3;Hitman Pro 3 Support Driver; [x] R3 HPBtnSrv;HP Chasis Button Service;c:\hp\HPEZBTN\HPBtnSrv.exe [2007-05-29 198240] R3 HTCAND32;HTC Device Driver;c:\windows\system32\Drivers\ANDROIDUSB.sys [2009-06-09 24576] R3 htcnprot;HTC NDIS Protocol Driver;c:\windows\system32\DRIVERS\htcnprot.sys [2010-06-23 23040] R3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;c:\windows\system32\drivers\LGBusEnum.sys [x] R3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;c:\windows\system32\drivers\LGVirHid.sys [x] R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [x] R3 TfNetMon;TfNetMon;c:\windows\system32\drivers\TfNetMon.sys [x] R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504] S0 AVGIDSEH;AVGIDSEH;c:\windows\system32\DRIVERS\AVGIDSEH.Sys [2011-02-22 22992] S0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx86.sys [2011-03-16 32592] S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [2011-08-18 64512] S0 SmartDefragDriver;SmartDefragDriver;c:\windows\System32\Drivers\SmartDefragDriver.sys [2010-11-26 15672] S1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx86.sys [2011-01-07 248656] S1 Avgtdix;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdix.sys [2011-04-04 297168] S2 AdvancedSystemCareService;Advanced SystemCare Service;c:\program files\IObit\Advanced SystemCare 4\ASCService.exe [2011-04-21 352656] S2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe [2011-08-17 7390560] S2 avgwd;AVG WatchDog;c:\program files\AVG\AVG10\avgwdsvc.exe [2011-02-08 269520] S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-05-25 2214504] S2 PassThru Service;Internet Pass-Through Service;c:\program files\HTC\Internet Pass-Through\PassThruSvr.exe [2011-03-31 80896] S2 sprtsvc_KPN;SupportSoft Sprocket Service (KPN);c:\program files\KPN\bin\sprtsvc.exe [2007-10-23 202016] S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-05-20 378472] S2 TeamViewer6;TeamViewer 6;c:\program files\TeamViewer\Version6\TeamViewer_Service.exe [2011-01-14 2250616] S2 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [2011-04-22 92592] S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\AVGIDSDriver.Sys [2011-05-27 134480] S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\AVGIDSFilter.Sys [2011-02-10 24144] S3 AVGIDSShim;AVGIDSShim;c:\windows\system32\DRIVERS\AVGIDSShim.Sys [2011-02-10 28624] S3 camdrv41;Philips SPC 900NC PC Camera;c:\windows\system32\DRIVERS\camdrv41.sys [2007-04-23 1347584] S3 netr73;USB Wireless 802.11 b/g Adaptor Driver for Vista;c:\windows\system32\DRIVERS\netr73.sys [2008-02-26 493568] . . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc . Inhoud van de 'Gedeelde Taken' map . 2011-11-02 c:\windows\Tasks\Ad-Aware Update (Weekly).job - c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2011-08-18 23:40] . 2011-10-13 c:\windows\Tasks\GlaryInitialize.job - c:\program files\Glary Utilities\initialize.exe [2009-11-05 07:07] . 2011-10-20 c:\windows\Tasks\GoogleUpdateTaskMachineCore1cc8f396256b32e.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-02-04 23:13] . 2010-12-02 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-02-04 23:13] . 2011-05-28 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1250621424-1792265585-3911309756-1000Core1cc1d485e0b5565.job - c:\users\bigadje\AppData\Local\Google\Update\GoogleUpdate.exe [2010-12-02 08:57] . 2011-06-27 c:\windows\Tasks\Launch HTC Sync Loader.job - c:\program files\HTC\HTC Sync 3.0\htcUPCTLoader.exe [2011-04-26 15:22] . 2011-11-02 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1250621424-1792265585-3911309756-1000.job - c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-24 21:09] . 2010-12-11 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1250621424-1792265585-3911309756-1001.job - c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-24 21:09] . 2010-12-09 c:\windows\Tasks\RegistryBooster.job - c:\program files\Uniblue\RegistryBooster\rbmonitor.exe [2010-12-07 00:53] . 2010-12-09 c:\windows\Tasks\User_Feed_Synchronization-{64DE32D8-0311-4F7B-8E79-C8891A596F5E}.job - c:\windows\system32\msfeedssync.exe [2011-06-15 04:32] . 2011-10-03 c:\windows\Tasks\User_Feed_Synchronization-{F2FB0988-5A20-4CEB-A3A7-DC1F602DDBFF}.job - c:\windows\system32\msfeedssync.exe [2011-06-15 04:32] . 2011-07-27 c:\windows\Tasks\{995BB312-90A8-47F3-8112-804528967B5E}.job - c:\program files\Skype\Phone\Skype.exe [2011-06-15 13:02] . . ------- Bijkomende Scan ------- . uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT1060933 mStart Page = hxxp://www.bigseekpro.com/accmeware/{C008CB9D-135B-4A6F-B384-1185B6CF3F66} uInternet Settings,ProxyOverride = *.local IE: &Clean Traces IE: &Download with &DAP IE: &Download with AktivDownloadManager! IE: Download &all with DAP IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office10\EXCEL.EXE/3000 IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000 IE: Free YouTube Download - c:\users\bigadje\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm IE: Translate this web page with Babylon - c:\program files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/ActionTU.htm IE: Translate with Babylon - c:\program files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/Action.htm TCP: DhcpNameServer = 192.168.1.254 TCP: Interfaces\{DDCD2313-0166-4931-AD83-0B80E2A01BD5}: NameServer = 8.8.8.8,8.8.4.4 DPF: {888078C6-70B2-4F88-8EE7-1F50DDEA6120} - hxxps://as.photoprintit.de/ips-opdata/activex/ImageUploader6.cab DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} - hxxp://game02.zylom.com/activex/zylomgamesplayer.cab FF - ProfilePath - c:\users\bigadje\AppData\Roaming\Mozilla\Firefox\Profiles\92e0uyta.default\ FF - prefs.js: browser.search.defaulturl - hxxp://search.babylon.com/web/{searchTerms}?babsrc=browsersearch&AF=14542 FF - prefs.js: browser.search.selectedEngine - Yahoo FF - prefs.js: browser.startup.homepage - hxxp://search.babylon.com/home?AF=14542 FF - prefs.js: keyword.URL - hxxp://nl.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&type=382950&p= FF - user.js: yahoo.homepage.dontask - true . - - - - ORPHANS VERWIJDERD - - - - . URLSearchHooks-{5e5ab302-7f65-44cd-8211-c1d4caaccea3} - (no file) BHO-{201f27d4-3704-41d6-89c1-aa35e39143ed} - (no file) BHO-{ce18769b-c7fa-42d2-860d-17c4662c70ad} - (no file) Toolbar-{3041d03e-fd4b-44e0-b742-2d9b88305f98} - (no file) WebBrowser-{5E5AB302-7F65-44CD-8211-C1D4CAACCEA3} - (no file) SharedTaskScheduler-{1984D045-52CF-49cd-DB77-08F378FEA4DB} - (no file) MSConfigStartUp-Easy Business Tools 5 Update Setup for All Users - c:\programdata\{A354E2E1-A068-49E6-BCB4-C3433B40F33E}\setup_ebt5.exe . . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2011-11-03 00:35 Windows 6.0.6001 Service Pack 1 NTFS . scannen van verborgen processen ... . scannen van verborgen autostart items ... . scannen van verborgen bestanden ... . Scan succesvol afgerond verborgen bestanden: 0 . ************************************************************************** . Voltooingstijd: 2011-11-03 00:39:33 ComboFix-quarantined-files.txt 2011-11-02 23:39 . Pre-Run: 252.325.736.448 bytes beschikbaar Post-Run: 254.842.548.224 bytes beschikbaar . - - End Of File - - 4F085690E7B12829F28427784A41E8F5
  • Hoi Arnold, ik wil ComboFix een hoop laten verwijderen. O.a. ook Iobit Advanced SystemCare 4. Waarom: Iobit is een Chinese softwareverspreider. En de softwareprodukten bestaan uit gestolen en geleende onderdelen van andere softwaremakers. Dat tool in jouw Windows bestaat o.a. uit onderdelen van MBAM en twee westerse antivirussoftwaremakers! Zie ook: http://www.nationaalcomputerforum.nl/showthread.php?t=67376 - verwijdering ervan zal ook AVG beter laten presteren. En verwijder ook Lavasoft AdAware, het zelfde verhaal - de antivirussektie in dat tool colllideert met AVG. Ik denk dat je het meteen zal merken dat beide tools verwijderd zijn!
  • Het werkte niet! Maar ik heb het probleem zelf opgelost, was eenvoudiger dan ik had gedacht. In Google Chrome ga je naar "opties" > zoeken > zoekmachines beheren. Daar stond bij de "standaard zoekmachines" de Big zeek URL. Deze verwijderd, en weg is het probleem. Dank vor je hulp. Groet Arnold
  • Begrijp ik goed dat jij het niet meer nodig acht verder te gaan?
  • Aha, ik zie dus nog wat over het hoofd. Ik hoor graag van je wat er nog meer moet gebeuren. Groet Arnold
  • Zie dan ook mijn bericht van Geplaatst: do nov 03, 2011 9:43 am en laat weten wat jij wil!
  • Adaware en Advanced SystemCare 4. heb ik verwijderd.
  • Mooi zo. Er zit nog veel trackingware en ook nog spyware software in jouw Windows! Open een nieuw kladblok bestand, via "Start\Alle programma’s\Bureau-accessoires\[b:f46bb66802]Kladblok[/b:f46bb66802]". Kopieer en plak de volgende (vetgedrukte, blauwe tekst) in het lege kladblokvenstervenster [b:f46bb66802][color=Blue:f46bb66802]KILLALL:: Folder:: c:\windows\system32\config\systemprofile c:\program files\Conduit c:\program files\Freecorder c:\program files\Common Files\Spigot c:\program files\Spigot c:\program files\IObit\Advanced SystemCare 4 C:\Program Files\Babylon [/color:f46bb66802][/b:f46bb66802] Sla dit kladblokbestand op je bureaublad op als [b:f46bb66802]CFScript.txt[/b:f46bb66802]. [b:f46bb66802][color=Red:f46bb66802]Nu eerst de antivirus deaktiveren![/color:f46bb66802][/b:f46bb66802] Sleep CFScript.txt in ComboFix.exe [img:f46bb66802]http://img.photobucket.com/albums/v666/sUBs/CFScriptB-4.gif[/img:f46bb66802] Dit zal ComboFix doen herstarten. Start opnieuw op als dat gevraagd wordt. Post het Combofix log dat na het opnieuw starten wordt getoond!
  • ComboFix 11-11-02.03 - bigadje 03-11-2011 23:54:47.2.2 - x86 Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.31.1043.18.3071.1942 [GMT 1:00] Gestart vanuit: c:\users\bigadje\Desktop\ComboFix.exe gebruikte Opdracht switches :: c:\users\bigadje\Desktop\CFScript.txt AV: AVG Anti-Virus Free Edition 2011 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0} SP: AVG Anti-Virus Free Edition 2011 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D} SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . (((((((((((((((((((((((((((((((((( Andere Verwijderingen ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\program files\Common Files\Spigot c:\program files\Common Files\Spigot\Search Settings\config.ini c:\program files\Common Files\Spigot\Search Settings\SearchSettings.exe c:\program files\Common Files\Spigot\Search Settings\yahoo_ff.xml c:\program files\Common Files\Spigot\Search Settings\yahoo_ie.xml c:\program files\Common Files\Spigot\wtxpcom\chrome.manifest c:\program files\Common Files\Spigot\wtxpcom\components\IFBHOHelperWidgiToolbar.xpt c:\program files\Common Files\Spigot\wtxpcom\components\IFBHOWidgiToolbar.xpt c:\program files\Common Files\Spigot\wtxpcom\install.rdf . . (((((((((((((((((((( Bestanden Gemaakt van 2011-10-03 to 2011-11-03 )))))))))))))))))))))))))))))) . . 2175-05-27 23:15 . 2008-03-05 14:56 3786760 ----a-w- c:\windows\system32\d3dx9_37.dll 2011-11-03 23:02 . 2011-11-03 23:07 -------- d-----w- c:\users\bigadje\AppData\Local\temp 2011-11-03 23:02 . 2011-11-03 23:02 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\temp 2011-11-03 23:02 . 2011-11-03 23:02 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp 2011-11-02 09:41 . 2011-11-02 09:44 -------- d-----w- c:\program files\Toolbar Cleaner 2011-11-01 17:37 . 2011-11-01 17:37 388096 ----a-r- c:\users\bigadje\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe 2011-11-01 17:37 . 2011-11-01 17:37 -------- d-----w- c:\program files\Trend Micro 2011-10-31 23:12 . 2011-10-31 23:14 -------- d-----w- c:\users\bigadje\AppData\Roaming\GetRightToGo 2011-10-31 18:07 . 2011-10-31 18:07 -------- d-----w- c:\users\bigadje\AppData\Roaming\MP4 to MP3 Converter 2011-10-31 18:06 . 2011-10-31 18:06 -------- d-----w- c:\program files\MP4 to MP3 Converter 2011-10-31 18:03 . 2011-10-31 18:03 -------- d-----w- c:\users\bigadje\AppData\Roaming\DVDVideoSoft 2011-10-29 10:48 . 2011-10-29 10:48 -------- d-----w- c:\users\bigadje\AppData\Roaming\Netscape 2011-10-29 10:48 . 2011-10-29 10:48 -------- d-----w- c:\users\bigadje\AppData\Local\Netscape 2011-10-26 17:47 . 2011-10-26 17:47 -------- d-----w- c:\program files\Lame For Audacity 2011-10-15 14:27 . 2011-11-01 15:59 -------- d-----w- C:\Spectrum 2011-10-13 20:29 . 2011-10-13 20:29 42392 ----a-w- c:\windows\system32\xfcodec.dll . . . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-11-03 18:09 . 2008-12-04 18:56 138160 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys 2011-11-03 18:08 . 2008-12-04 18:55 271200 ----a-w- c:\windows\system32\PnkBstrB.exe 2011-11-03 18:06 . 2008-12-04 18:55 202040 ----a-w- c:\windows\system32\PnkBstrB.ex0 2011-11-03 00:07 . 2009-03-07 10:31 271200 ----a-w- c:\windows\system32\PnkBstrB.xtr 2011-10-31 23:40 . 2010-11-01 10:52 101720 ----a-w- c:\windows\system32\drivers\SBREDrv.sys 2011-10-23 21:25 . 2011-06-19 09:44 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2011-10-13 17:27 . 2008-02-09 11:22 75136 ----a-w- c:\windows\system32\PnkBstrA.exe 2011-08-19 14:33 . 2011-09-28 23:14 25944 ----a-w- c:\windows\system32\SmartDefragBootTime.exe 2011-09-29 07:28 . 2011-06-08 19:24 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll . . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond REGEDIT4 . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager] BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG10\avgchsvx.exe /sync\0c:\progra~1\AVG\AVG10\avgrsx.exe /sync /restart HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes' Anti-Malware (reboot) . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpsysdrv] 2007-04-18 15:01 65536 ----a-w- c:\hp\support\hpsysdrv.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KPN] 2007-10-23 10:36 198184 ----a-w- c:\program files\KPN\bin\sprtcmd.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe] 2010-03-07 14:51 202256 ----a-w- c:\program files\Common Files\Real\Update_OB\realsched.exe . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring] "DisableMonitoring"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc] "AntiVirusOverride"=dword:00000001 "AntiSpywareOverride"=dword:00000001 . R0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [x] R0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys [x] R0 TfSysMon;TfSysMon;c:\windows\system32\drivers\TfSysMon.sys [x] R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384] R2 gupdate1c9871e2dc4eb71;Google Update Service (gupdate1c9871e2dc4eb71);c:\program files\Google\Update\GoogleUpdate.exe [2009-02-04 133104] R3 FlashUSB;Flash Loader utility driver;c:\windows\system32\Drivers\FlashUSB.sys [2008-01-25 15453] R3 FNETTHJM;Freecom Turbo USB 2.0;c:\windows\system32\drivers\fnetthjm.sys [2010-01-16 23936] R3 gupdatem;Google Update-service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2009-02-04 133104] R3 hitmanpro3;Hitman Pro 3 Support Driver; [x] R3 HPBtnSrv;HP Chasis Button Service;c:\hp\HPEZBTN\HPBtnSrv.exe [2007-05-29 198240] R3 HTCAND32;HTC Device Driver;c:\windows\system32\Drivers\ANDROIDUSB.sys [2009-06-09 24576] R3 htcnprot;HTC NDIS Protocol Driver;c:\windows\system32\DRIVERS\htcnprot.sys [2010-06-23 23040] R3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;c:\windows\system32\drivers\LGBusEnum.sys [x] R3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;c:\windows\system32\drivers\LGVirHid.sys [x] R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [x] R3 TfNetMon;TfNetMon;c:\windows\system32\drivers\TfNetMon.sys [x] R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504] S0 AVGIDSEH;AVGIDSEH;c:\windows\system32\DRIVERS\AVGIDSEH.Sys [2011-02-22 22992] S0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx86.sys [2011-03-16 32592] S0 SmartDefragDriver;SmartDefragDriver;c:\windows\System32\Drivers\SmartDefragDriver.sys [2010-11-26 15672] S1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx86.sys [2011-01-07 248656] S1 Avgtdix;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdix.sys [2011-04-04 297168] S2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe [2011-08-17 7390560] S2 avgwd;AVG WatchDog;c:\program files\AVG\AVG10\avgwdsvc.exe [2011-02-08 269520] S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-05-25 2214504] S2 PassThru Service;Internet Pass-Through Service;c:\program files\HTC\Internet Pass-Through\PassThruSvr.exe [2011-03-31 80896] S2 sprtsvc_KPN;SupportSoft Sprocket Service (KPN);c:\program files\KPN\bin\sprtsvc.exe [2007-10-23 202016] S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-05-20 378472] S2 TeamViewer6;TeamViewer 6;c:\program files\TeamViewer\Version6\TeamViewer_Service.exe [2011-01-14 2250616] S2 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [2011-04-22 92592] S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\AVGIDSDriver.Sys [2011-05-27 134480] S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\AVGIDSFilter.Sys [2011-02-10 24144] S3 AVGIDSShim;AVGIDSShim;c:\windows\system32\DRIVERS\AVGIDSShim.Sys [2011-02-10 28624] S3 camdrv41;Philips SPC 900NC PC Camera;c:\windows\system32\DRIVERS\camdrv41.sys [2007-04-23 1347584] S3 netr73;USB Wireless 802.11 b/g Adaptor Driver for Vista;c:\windows\system32\DRIVERS\netr73.sys [2008-02-26 493568] . . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc . Inhoud van de 'Gedeelde Taken' map . 2011-10-13 c:\windows\Tasks\GlaryInitialize.job - c:\program files\Glary Utilities\initialize.exe [2009-11-05 07:07] . 2011-10-20 c:\windows\Tasks\GoogleUpdateTaskMachineCore1cc8f396256b32e.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-02-04 23:13] . 2010-12-02 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-02-04 23:13] . 2011-05-28 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1250621424-1792265585-3911309756-1000Core1cc1d485e0b5565.job - c:\users\bigadje\AppData\Local\Google\Update\GoogleUpdate.exe [2010-12-02 08:57] . 2011-06-27 c:\windows\Tasks\Launch HTC Sync Loader.job - c:\program files\HTC\HTC Sync 3.0\htcUPCTLoader.exe [2011-04-26 15:22] . 2011-11-02 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1250621424-1792265585-3911309756-1000.job - c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-24 21:09] . 2010-12-11 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1250621424-1792265585-3911309756-1001.job - c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-24 21:09] . 2010-12-09 c:\windows\Tasks\RegistryBooster.job - c:\program files\Uniblue\RegistryBooster\rbmonitor.exe [2010-12-07 00:53] . 2010-12-09 c:\windows\Tasks\User_Feed_Synchronization-{64DE32D8-0311-4F7B-8E79-C8891A596F5E}.job - c:\windows\system32\msfeedssync.exe [2011-06-15 04:32] . 2011-10-03 c:\windows\Tasks\User_Feed_Synchronization-{F2FB0988-5A20-4CEB-A3A7-DC1F602DDBFF}.job - c:\windows\system32\msfeedssync.exe [2011-06-15 04:32] . 2011-07-27 c:\windows\Tasks\{995BB312-90A8-47F3-8112-804528967B5E}.job - c:\program files\Skype\Phone\Skype.exe [2011-06-15 13:02] . . ------- Bijkomende Scan ------- . uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT1060933 mStart Page = hxxp://www.bigseekpro.com/accmeware/{C008CB9D-135B-4A6F-B384-1185B6CF3F66} uInternet Settings,ProxyOverride = *.local IE: &Clean Traces IE: &Download with &DAP IE: &Download with AktivDownloadManager! IE: Download &all with DAP IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office10\EXCEL.EXE/3000 IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000 IE: Free YouTube Download - c:\users\bigadje\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm IE: Translate this web page with Babylon - c:\program files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/ActionTU.htm IE: Translate with Babylon - c:\program files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/Action.htm TCP: DhcpNameServer = 192.168.1.254 TCP: Interfaces\{DDCD2313-0166-4931-AD83-0B80E2A01BD5}: NameServer = 8.8.8.8,8.8.4.4 DPF: {888078C6-70B2-4F88-8EE7-1F50DDEA6120} - hxxps://as.photoprintit.de/ips-opdata/activex/ImageUploader6.cab DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} - hxxp://game02.zylom.com/activex/zylomgamesplayer.cab FF - ProfilePath - c:\users\bigadje\AppData\Roaming\Mozilla\Firefox\Profiles\92e0uyta.default\ FF - prefs.js: browser.search.defaulturl - hxxp://search.babylon.com/web/{searchTerms}?babsrc=browsersearch&AF=14542 FF - prefs.js: browser.search.selectedEngine - Yahoo FF - prefs.js: browser.startup.homepage - hxxp://search.babylon.com/home?AF=14542 FF - prefs.js: keyword.URL - hxxp://nl.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&type=382950&p= FF - user.js: yahoo.homepage.dontask - true . - - - - ORPHANS VERWIJDERD - - - - . URLSearchHooks-{1392b8d2-5c05-419f-a8f6-b9f15a596612} - (no file) Toolbar-{1392b8d2-5c05-419f-a8f6-b9f15a596612} - (no file) WebBrowser-{1392B8D2-5C05-419F-A8F6-B9F15A596612} - (no file) MSConfigStartUp-Easy Business Tools 5 Update Setup - c:\users\bigadje\AppData\Local\{A354E2E1-A068-49E6-BCB4-C3433B40F33E}\setup_ebt5.exe MSConfigStartUp-SearchSettings - c:\program files\Common Files\Spigot\Search Settings\SearchSettings.exe . . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2011-11-04 00:09 Windows 6.0.6001 Service Pack 1 NTFS . scannen van verborgen processen ... . scannen van verborgen autostart items ... . scannen van verborgen bestanden ... . Scan succesvol afgerond verborgen bestanden: 0 . ************************************************************************** . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\.NET CLR Data] . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\.NET CLR Networking] . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\.NET CLR Networking 4.0.0.0] . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\.NET Data Provider for Oracle] . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\.NET Data Provider for SqlServer] . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\.NETFramework] . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\61883] "ImagePath"="system32\DRIVERS\61883.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\ACPI] "ImagePath"="system32\drivers\acpi.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\adp94xx] "ImagePath"="\SystemRoot\system32\drivers\adp94xx.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\adpahci] "ImagePath"="\SystemRoot\system32\drivers\adpahci.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\adpu160m] "ImagePath"="\SystemRoot\system32\drivers\adpu160m.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\adpu320] "ImagePath"="\SystemRoot\system32\drivers\adpu320.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\adsi] . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\aec] . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\AeLookupSvc] "ServiceDll"="%SystemRoot%\System32\aelupsvc.dll" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\AFD] "ImagePath"="\SystemRoot\system32\drivers\afd.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\agp440] "ImagePath"="\SystemRoot\system32\drivers\agp440.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\aic78xx] "ImagePath"="\SystemRoot\system32\drivers\djsvs.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\ALG] "ImagePath"="%SystemRoot%\System32\alg.exe" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\aliide] "ImagePath"="\SystemRoot\system32\drivers\aliide.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\amdagp] "ImagePath"="\SystemRoot\system32\drivers\amdagp.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\amdide] "ImagePath"="\SystemRoot\system32\drivers\amdide.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\AmdK7] "ImagePath"="\SystemRoot\system32\drivers\amdk7.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\AmdK8] "ImagePath"="\SystemRoot\system32\drivers\amdk8.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Appinfo] "ServiceDll"="%SystemRoot%\System32\appinfo.dll" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\AppMgmt] "ServiceDll"="%SystemRoot%\System32\appmgmts.dll" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\arc] "ImagePath"="\SystemRoot\system32\drivers\arc.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\arcsas] "ImagePath"="\SystemRoot\system32\drivers\arcsas.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\ASP.NET_1.1.4322] . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\ASPI32] . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\AsyncMac] "ImagePath"="system32\DRIVERS\asyncmac.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\atapi] "ImagePath"="\SystemRoot\system32\drivers\atapi.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Ati External Event Utility] "ImagePath"="%SystemRoot%\system32\Ati2evxx.exe" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Atierecord] . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\atikmdag] "ImagePath"="system32\DRIVERS\atikmdag.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\AudioEndpointBuilder] "ServiceDll"="%SystemRoot%\System32\Audiosrv.dll" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Audiosrv] "ServiceDll"="%SystemRoot%\System32\Audiosrv.dll" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Avc] "ImagePath"="system32\DRIVERS\avc.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Avg] . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\AVGIDSAgent] "ImagePath"="\"c:\program files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe\"" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\AVGIDSDriver] "ImagePath"="system32\DRIVERS\AVGIDSDriver.Sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\AVGIDSEH] "ImagePath"="system32\DRIVERS\AVGIDSEH.Sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\AVGIDSFilter] "ImagePath"="system32\DRIVERS\AVGIDSFilter.Sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\AVGIDSShim] "ImagePath"="system32\DRIVERS\AVGIDSShim.Sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Avgldx86] "ImagePath"="system32\DRIVERS\avgldx86.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Avgmfx86] "ImagePath"="system32\DRIVERS\avgmfx86.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Avgrkx86] "ImagePath"="system32\DRIVERS\avgrkx86.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Avgtdix] "ImagePath"="system32\DRIVERS\avgtdix.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\avgwd] "ImagePath"="\"c:\program files\AVG\AVG10\avgwdsvc.exe\"" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\BattC] "MofImagePath"="system32\drivers\battc.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Beep] . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\BFE] "ServiceDll"="%SystemRoot%\System32\bfe.dll" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\BITS] "ServiceDll"="%systemroot%\system32\qmgr.dll" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\blbdrive] "ImagePath"="\SystemRoot\system32\drivers\blbdrive.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\bowser] "ImagePath"="system32\DRIVERS\bowser.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\BrFiltLo] "ImagePath"="\SystemRoot\system32\drivers\brfiltlo.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\BrFiltUp] "ImagePath"="\SystemRoot\system32\drivers\brfiltup.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Browser] "ServiceDll"="%SystemRoot%\System32\browser.dll" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Brserid] "ImagePath"="\SystemRoot\system32\drivers\brserid.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\BrSerWdm] "ImagePath"="\SystemRoot\system32\drivers\brserwdm.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\BrUsbMdm] "ImagePath"="\SystemRoot\system32\drivers\brusbmdm.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\BrUsbSer] "ImagePath"="\SystemRoot\system32\drivers\brusbser.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\BTHMODEM] "ImagePath"="\SystemRoot\system32\drivers\bthmodem.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\camdrv41] "ImagePath"="system32\DRIVERS\camdrv41.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\catchme] "ImagePath"="\??\c:\combofix\catchme.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\cdfs] "ImagePath"="system32\DRIVERS\cdfs.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\cdrom] "ImagePath"="system32\DRIVERS\cdrom.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\CertPropSvc] "ServiceDll"="%SystemRoot%\System32\certprop.dll" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\circlass] "ImagePath"="system32\DRIVERS\circlass.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\CLFS] "ImagePath"="System32\CLFS.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\clr_optimization_v2.0.50727_32] "ImagePath"="%systemroot%\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\clr_optimization_v4.0.30319_32] "ImagePath"="c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\cmdide] "ImagePath"="\SystemRoot\system32\drivers\cmdide.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Compbatt] "ImagePath"="\SystemRoot\system32\drivers\compbatt.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\COMSysApp] "ImagePath"="%SystemRoot%\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235}" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\crcdisk] "ImagePath"="system32\drivers\crcdisk.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Crusoe] "ImagePath"="\SystemRoot\system32\drivers\crusoe.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\crypt32] . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\CryptSvc] "ServiceDll"="%SystemRoot%\system32\cryptsvc.dll" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\CscService] . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\DCLocator] . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\DcomLaunch] "ServiceDll"="%SystemRoot%\system32\rpcss.dll" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\DfsC] "ImagePath"="System32\Drivers\dfsc.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\DFSR] "ImagePath"="%SystemRoot%\system32\DFSR.exe" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Dhcp] "ServiceDll"="%SystemRoot%\system32\dhcpcsvc.dll" -- . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\disk] "ImagePath"="system32\drivers\disk.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Dnscache] "ServiceDll"="%SystemRoot%\System32\dnsrslvr.dll" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\dot3svc] "ServiceDll"="%SystemRoot%\System32\dot3svc.dll" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\DPS] "ServiceDll"="%SystemRoot%\system32\dps.dll" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\drmkaud] "ImagePath"="system32\drivers\drmkaud.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\DXGKrnl] "ImagePath"="\SystemRoot\System32\drivers\dxgkrnl.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\E1G60] "ImagePath"="system32\DRIVERS\E1G60I32.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\EapHost] "ServiceDll"="%SystemRoot%\System32\eapsvc.dll" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Ecache] "ImagePath"="System32\drivers\ecache.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\ehRecvr] "ImagePath"="%systemroot%\ehome\ehRecvr.exe" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\ehSched] "ImagePath"="%systemroot%\ehome\ehsched.exe" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\ehstart] "ServiceDll"="%SystemRoot%\ehome\ehstart.dll" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\elxstor] "ImagePath"="\SystemRoot\system32\drivers\elxstor.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\EmdCache] . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\EMDMgmt] "ServiceDll"="%systemroot%\system32\emdmgmt.dll" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\ESENT] . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Eventlog] "ServiceDll"="%SystemRoot%\System32\wevtsvc.dll" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\EventSystem] "ServiceDll"="%systemroot%\system32\es.dll" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\exfat] . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\fastfat] . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\fdc] "ImagePath"="system32\DRIVERS\fdc.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\fdPHost] "ServiceDll"="%SystemRoot%\system32\fdPHost.dll" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\FDResPub] "ServiceDll"="%SystemRoot%\system32\fdrespub.dll" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\FileInfo] "ImagePath"="system32\drivers\fileinfo.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Filetrace] "ImagePath"="system32\drivers\filetrace.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\FlashUSB] "ImagePath"="System32\Drivers\FlashUSB.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\FLASH_USBDRV] . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\FLEXnet Licensing Service] "ImagePath"="\"c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe\"" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\flpydisk] "ImagePath"="system32\DRIVERS\flpydisk.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\FltMgr] "ImagePath"="system32\drivers\fltmgr.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\FNETTHJM] "ImagePath"="system32\drivers\fnetthjm.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\FontCache3.0.0.0] "ImagePath"="%systemroot%\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Fs_Rec] . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\gagp30kx] "ImagePath"="\SystemRoot\system32\drivers\gagp30kx.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\gpsvc] "ServiceDll"="%SystemRoot%\System32\gpsvc.dll" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\gupdate1c9871e2dc4eb71] "ImagePath"="c:\program files\Google\Update\GoogleUpdate.exe /svc" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\gupdatem] "ImagePath"="c:\program files\Google\Update\GoogleUpdate.exe /medsvc" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\HdAudAddService] "ImagePath"="system32\drivers\HdAudio.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\HDAudBus] "ImagePath"="system32\DRIVERS\HDAudBus.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\HidBth] "ImagePath"="\SystemRoot\system32\drivers\hidbth.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\HidIr] "ImagePath"="system32\DRIVERS\hidir.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\hidserv] "ServiceDll"="%SystemRoot%\System32\hidserv.dll" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\HidUsb] "ImagePath"="system32\DRIVERS\hidusb.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\hitmanpro3] . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\hkmsvc] "ServiceDLL"="%SystemRoot%\system32\kmsvc.dll" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\HP Health Check Service] "ImagePath"="\"c:\program files\Hewlett-Packard\HP Health Check\hphc_service.exe\"" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\HPBtnSrv] "ImagePath"="c:\hp\HPEZBTN\HPBtnSrv.exe" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\HpCISSs] "ImagePath"="\SystemRoot\system32\drivers\hpcisss.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\hpqcxs08] "ServiceDll"="c:\program files\HP\Digital Imaging\bin\hpqcxs08.dll" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\hpqddsvc] "ServiceDll"="c:\program files\HP\Digital Imaging\bin\hpqddsvc.dll" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\HTCAND32] "ImagePath"="System32\Drivers\ANDROIDUSB.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\htcnprot] "ImagePath"="system32\DRIVERS\htcnprot.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\HTTP] "ImagePath"="system32\drivers\HTTP.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\i2omp] "ImagePath"="\SystemRoot\system32\drivers\i2omp.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\i8042prt] "ImagePath"="system32\DRIVERS\i8042prt.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\IAANTMON] "ImagePath"="c:\program files\Intel\Intel Matrix Storage Manager\Iaantmon.exe" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\iaStor] "ImagePath"="system32\drivers\iastor.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\iaStorV] "ImagePath"="\SystemRoot\system32\drivers\iastorv.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\idsvc] "ImagePath"="\"%systemroot%\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe\"" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\iirsp] "ImagePath"="\SystemRoot\system32\drivers\iirsp.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\IKEEXT] "ServiceDll"="%SystemRoot%\System32\ikeext.dll" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\inetaccs] . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\IntcAzAudAddService] "ImagePath"="system32\drivers\RTKVHDA.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\intelide] "ImagePath"="\SystemRoot\system32\drivers\intelide.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\intelppm] "ImagePath"="system32\DRIVERS\intelppm.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\IPBusEnum] "ServiceDll"="%SystemRoot%\system32\ipbusenum.dll" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\IpFilterDriver] "ImagePath"="system32\DRIVERS\ipfltdrv.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\iphlpsvc] "ServiceDll"="%SystemRoot%\System32\iphlpsvc.dll" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\IpInIp] "ImagePath"="system32\DRIVERS\ipinip.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\IPMIDRV] "ImagePath"="\SystemRoot\system32\drivers\ipmidrv.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\IPNAT] "ImagePath"="system32\DRIVERS\ipnat.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\IRENUM] "ImagePath"="system32\drivers\irenum.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\isapnp] "ImagePath"="\SystemRoot\system32\drivers\isapnp.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\iScsiPrt] "ImagePath"="system32\DRIVERS\msiscsi.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\iteatapi] "ImagePath"="\SystemRoot\system32\drivers\iteatapi.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\iteraid] "ImagePath"="\SystemRoot\system32\drivers\iteraid.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\kbdclass] "ImagePath"="system32\DRIVERS\kbdclass.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\kbdhid] "ImagePath"="system32\DRIVERS\kbdhid.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\KeyIso] "ImagePath"="%SystemRoot%\system32\lsass.exe" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\KSecDD] "ImagePath"="System32\Drivers\ksecdd.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\KtmRm] "ServiceDll"="%systemroot%\system32\msdtckrm.dll" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\LanmanServer] "ServiceDll"="%SystemRoot%\System32\srvsvc.dll" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\LanmanWorkstation] "ServiceDll"="%SystemRoot%\System32\wkssvc.dll" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Lbd] "ImagePath"="system32\DRIVERS\Lbd.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\LBTServ] "ImagePath"="c:\program files\Common Files\LogiShrd\Bluetooth\lbtserv.exe" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\ldap] . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\LGBusEnum] "ImagePath"="system32\drivers\LGBusEnum.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\LGVirHid] "ImagePath"="system32\drivers\LGVirHid.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\LHidFilt] "ImagePath"="system32\DRIVERS\LHidFilt.Sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\LHidKe] . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\LightScribeService] "ImagePath"="\"c:\program files\Common Files\LightScribe\LSSrvc.exe\"" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\lltdio] "ImagePath"="system32\DRIVERS\lltdio.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\lltdsvc] "ServiceDll"="%SystemRoot%\System32\lltdsvc.dll" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\lmhosts] "ServiceDll"="%SystemRoot%\System32\lmhsvc.dll" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\LMouFilt] "ImagePath"="system32\DRIVERS\LMouFilt.Sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Lsa] . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\LSI_FC] "ImagePath"="\SystemRoot\system32\drivers\lsi_fc.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\LSI_SAS] "ImagePath"="\SystemRoot\system32\drivers\lsi_sas.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\LSI_SCSI] "ImagePath"="\SystemRoot\system32\drivers\lsi_scsi.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\luafv] "ImagePath"="\SystemRoot\system32\drivers\luafv.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\LUsbFilt] "ImagePath"="System32\Drivers\LUsbFilt.Sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\MBAMSwissArmy] "ImagePath"="\??\c:\windows\system32\drivers\mbamswissarmy.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Mcx2Svc] "ServiceDll"="%SystemRoot%\system32\Mcx2Svc.dll" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\megasas] "ImagePath"="\SystemRoot\system32\drivers\megasas.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\MMCSS] "ServiceDll"="%SystemRoot%\system32\mmcss.dll" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Modem] "ImagePath"="system32\drivers\modem.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\monitor] "ImagePath"="system32\DRIVERS\monitor.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\mouclass] "ImagePath"="system32\DRIVERS\mouclass.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\mouhid] "ImagePath"="system32\DRIVERS\mouhid.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\MountMgr] "ImagePath"="System32\drivers\mountmgr.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\mpio] "ImagePath"="\SystemRoot\system32\drivers\mpio.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\mpsdrv] "ImagePath"="System32\drivers\mpsdrv.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\MpsSvc] "ServiceDll"="%SystemRoot%\system32\mpssvc.dll" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Mraid35x] "ImagePath"="\SystemRoot\system32\drivers\mraid35x.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\MRxDAV] "ImagePath"="\SystemRoot\system32\drivers\mrxdav.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\mrxsmb] "ImagePath"="system32\DRIVERS\mrxsmb.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\mrxsmb10] "ImagePath"="system32\DRIVERS\mrxsmb10.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\mrxsmb20] "ImagePath"="system32\DRIVERS\mrxsmb20.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\msahci] "ImagePath"="\SystemRoot\system32\drivers\msahci.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\msdsm] "ImagePath"="\SystemRoot\system32\drivers\msdsm.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\MSDTC] "ImagePath"="%SystemRoot%\System32\msdtc.exe" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\MSDTC Bridge 3.0.0.0] . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\MSDTC Bridge 4.0.0.0] . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\MSDV] "ImagePath"="system32\DRIVERS\msdv.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Msfs] . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\msisadrv] "ImagePath"="system32\drivers\msisadrv.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\MSiSCSI] "ServiceDll"="%systemroot%\system32\iscsiexe.dll" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\msiserver] "ImagePath"="%systemroot%\system32\msiexec.exe /V" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\MSKSSRV] "ImagePath"="system32\drivers\MSKSSRV.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\MSPCLOCK] "ImagePath"="system32\drivers\MSPCLOCK.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\MSPQM] "ImagePath"="system32\drivers\MSPQM.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\MsRPC] . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\MSSCNTRS] . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\mssmbios] "ImagePath"="system32\DRIVERS\mssmbios.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\MSTEE] "ImagePath"="system32\drivers\MSTEE.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Mup] "ImagePath"="System32\Drivers\mup.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\napagent] "ServiceDLL"="%SystemRoot%\system32\qagentRT.dll" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\NativeWifiP] "ImagePath"="system32\DRIVERS\nwifi.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\NDIS] "ImagePath"="system32\drivers\ndis.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\NdisTapi] "ImagePath"="system32\DRIVERS\ndistapi.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Ndisuio] "ImagePath"="system32\DRIVERS\ndisuio.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\NdisWan] "ImagePath"="system32\DRIVERS\ndiswan.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\NDProxy] . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\NetBIOS] "ImagePath"="system32\DRIVERS\netbios.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\netbt] "ImagePath"="System32\DRIVERS\netbt.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Netlogon] "ImagePath"="%SystemRoot%\system32\lsass.exe" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Netman] "ServiceDll"="%SystemRoot%\System32\netman.dll" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\netprofm] "ServiceDll"="%SystemRoot%\System32\netprofm.dll" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\netr73] "ImagePath"="system32\DRIVERS\netr73.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\NetTcpPortSharing] "ImagePath"="\"%systemroot%\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe\"" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\nfrd960] "ImagePath"="\SystemRoot\system32\drivers\nfrd960.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\NlaSvc] "ServiceDll"="%SystemRoot%\System32\nlasvc.dll" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\NMIndexingService] . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\NMSAccess] . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\NMSAccessU] "ImagePath"="c:\program files\CDBurnerXP\NMSAccessU.exe" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Nokia Music] . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Npfs] . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\nsi] "ServiceDll"="%systemroot%\system32\nsisvc.dll" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\nsiproxy] "ImagePath"="system32\drivers\nsiproxy.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\NTDS] . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Ntfs] . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\ntrigdigi] "ImagePath"="\SystemRoot\system32\drivers\ntrigdigi.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Null] . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\nvlddmkm] "ImagePath"="system32\DRIVERS\nvlddmkm.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\nvraid] "ImagePath"="\SystemRoot\system32\drivers\nvraid.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\nvstor] "ImagePath"="\SystemRoot\system32\drivers\nvstor.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\nvsvc] "ImagePath"="c:\windows\system32\nvvsvc.exe" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\nvUpdatusService] "ImagePath"="c:\program files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\nv_agp] "ImagePath"="\SystemRoot\system32\drivers\nv_agp.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\NwlnkFlt] "ImagePath"="system32\DRIVERS\nwlnkflt.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\NwlnkFwd] "ImagePath"="system32\DRIVERS\nwlnkfwd.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\odserv] "ImagePath"="\"c:\program files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE\"" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\ohci1394] "ImagePath"="system32\DRIVERS\ohci1394.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\ose] "ImagePath"="\"c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE\"" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Outlook] . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\p2pimsvc] "ServiceDll"="%SystemRoot%\system32\p2psvc.dll" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\p2psvc] "ServiceDll"="%SystemRoot%\system32\p2psvc.dll" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Parport] "ImagePath"="\SystemRoot\system32\drivers\parport.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\partmgr] "ImagePath"="System32\drivers\partmgr.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Parvdm] "ImagePath"="\SystemRoot\system32\drivers\parvdm.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\PassThru Service] "ImagePath"="c:\program files\HTC\Internet Pass-Through\PassThruSvr.exe" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\PcaSvc] "ServiceDll"="%SystemRoot%\System32\pcasvc.dll" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\PcdrNdisuio] "ImagePath"="system32\DRIVERS\pcdrndisuio.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\pci] "ImagePath"="system32\drivers\pci.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\pciide] "ImagePath"="\SystemRoot\system32\drivers\pciide.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\pcmcia] "ImagePath"="\SystemRoot\system32\drivers\pcmcia.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\PEAUTH] "ImagePath"="system32\drivers\peauth.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\PerfDisk] . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\PerfNet] . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\PerfOS] . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\PerfProc] . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\pla] "ServiceDll"="%systemroot%\system32\pla.dll" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\PlugPlay] "ServiceDll"="%SystemRoot%\system32\umpnpmgr.dll" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\PnkBstrA] "ImagePath"="c:\windows\system32\PnkBstrA.exe" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\PNRPAutoReg] "ServiceDll"="%SystemRoot%\system32\p2psvc.dll" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\PNRPsvc] "ServiceDll"="%SystemRoot%\system32\p2psvc.dll" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\PolicyAgent] "ServiceDll"="%SystemRoot%\System32\ipsecsvc.dll" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\PortProxy] . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\PptpMiniport] "ImagePath"="system32\DRIVERS\raspptp.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Processor] "ImagePath"="\SystemRoot\system32\drivers\processr.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\ProfSvc] "ServiceDll"="%systemroot%\system32\profsvc.dll" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\ProtectedStorage] "ImagePath"="%SystemRoot%\system32\lsass.exe" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\PSched] "ImagePath"="system32\DRIVERS\pacer.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\PxHelp20] "ImagePath"="System32\Drivers\PxHelp20.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\ql2300] "ImagePath"="\SystemRoot\system32\drivers\ql2300.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\ql40xx] "ImagePath"="\SystemRoot\system32\drivers\ql40xx.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\QWAVE] "ServiceDll"="%windir%\system32\qwave.dll" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\QWAVEdrv] "ImagePath"="\SystemRoot\system32\drivers\qwavedrv.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\RasAcd] "ImagePath"="System32\DRIVERS\rasacd.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\RasAuto] "ServiceDll"="%SystemRoot%\System32\rasauto.dll" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Rasl2tp] "ImagePath"="system32\DRIVERS\rasl2tp.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\RasMan] "ServiceDll"="%SystemRoot%\System32\rasmans.dll" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\RasPppoe] "ImagePath"="system32\DRIVERS\raspppoe.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\RasSstp] "ImagePath"="system32\DRIVERS\rassstp.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\rdbss] "ImagePath"="system32\DRIVERS\rdbss.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\RDPCDD] "ImagePath"="System32\DRIVERS\RDPCDD.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\RDPDD] . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\rdpdr] "ImagePath"="\SystemRoot\system32\drivers\rdpdr.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\RDPENCDD] "ImagePath"="system32\drivers\rdpencdd.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\RDPNP] . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\RDPWD] . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\RemoteAccess] "ServiceDLL"="%SystemRoot%\System32\mprdim.dll" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\RemoteRegistry] "ServiceDll"="%SystemRoot%\system32\regsvc.dll" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\RpcLocator] "ImagePath"="%SystemRoot%\system32\locator.exe" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\RpcSs] "ServiceDll"="%SystemRoot%\system32\rpcss.dll" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\rspndr] "ImagePath"="system32\DRIVERS\rspndr.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\RTL8169] "ImagePath"="system32\DRIVERS\Rtlh86.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\RTSTOR] "ImagePath"="system32\drivers\RTSTOR.SYS" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\SamSs] "ImagePath"="%SystemRoot%\system32\lsass.exe" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\sbp2port] "ImagePath"="\SystemRoot\system32\drivers\sbp2port.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\SCardSvr] "ServiceDll"="%SystemRoot%\System32\SCardSvr.dll" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Schedule] "ServiceDll"="%systemroot%\system32\schedsvc.dll" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\SCPolicySvc] "ServiceDll"="%SystemRoot%\System32\certprop.dll" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\SDRSVC] "ServiceDll"="%Systemroot%\System32\SDRSVC.dll" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\secdrv] . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\seclogon] "ServiceDll"="%windir%\system32\seclogon.dll" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\SENS] "ServiceDll"="%SystemRoot%\system32\sens.dll" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Serenum] "ImagePath"="\SystemRoot\system32\drivers\serenum.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Serial] "ImagePath"="\SystemRoot\system32\drivers\serial.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\sermouse] "ImagePath"="\SystemRoot\system32\drivers\sermouse.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\ServiceModelEndpoint 3.0.0.0] . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\ServiceModelOperation 3.0.0.0] . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\ServiceModelService 3.0.0.0] . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\SessionEnv] "ServiceDLL"="%SystemRoot%\system32\sessenv.dll" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\sffdisk] "ImagePath"="\SystemRoot\system32\drivers\sffdisk.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\sffp_mmc] "ImagePath"="\SystemRoot\system32\drivers\sffp_mmc.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\sffp_sd] "ImagePath"="\SystemRoot\system32\drivers\sffp_sd.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\sfloppy] "ImagePath"="\SystemRoot\system32\drivers\sfloppy.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\SharedAccess] "ServiceDll"="%SystemRoot%\System32\ipnathlp.dll" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\ShellHWDetection] "ServiceDll"="%SystemRoot%\System32\shsvcs.dll" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\sisagp] "ImagePath"="\SystemRoot\system32\drivers\sisagp.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\SiSRaid2] "ImagePath"="\SystemRoot\system32\drivers\sisraid2.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\SiSRaid4] "ImagePath"="\SystemRoot\system32\drivers\sisraid4.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\slsvc] "ImagePath"="%SystemRoot%\system32\SLsvc.exe" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\SLUINotify] "ServiceDll"="%SystemRoot%\system32\SLUINotify.dll" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\SmartDefragBootTime] . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\SmartDefragDriver] "ImagePath"="System32\Drivers\SmartDefragDriver.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Smb] "ImagePath"="system32\DRIVERS\smb.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\SMSvcHost 3.0.0.0] . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\SMSvcHost 4.0.0.0] . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\SNMPTRAP] "ImagePath"="%SystemRoot%\System32\snmptrap.exe" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\spldr] . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\splitter] . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Spooler] "ImagePath"="%SystemRoot%\System32\spoolsv.exe" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\sprtsvc_KPN] "ImagePath"="\"c:\program files\KPN\bin\sprtsvc.exe\" /service /p KPN" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\srv] "ImagePath"="System32\DRIVERS\srv.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\srv2] "ImagePath"="System32\DRIVERS\srv2.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\srvnet] "ImagePath"="System32\DRIVERS\srvnet.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\SSDPSRV] "ServiceDll"="%SystemRoot%\System32\ssdpsrv.dll" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\SstpSvc] "ServiceDll"="%SystemRoot%\system32\sstpsvc.dll" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\StarOpen] . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Steam Client Service] "ImagePath"="c:\program files\Common Files\Steam\SteamService.exe /RunAsService" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Stereo Service] "ImagePath"="c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\stisvc] "ServiceDll"="%SystemRoot%\System32\wiaservc.dll" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\swenum] "ImagePath"="system32\DRIVERS\swenum.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\swmidi] . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\swprv] "ServiceDll"="%Systemroot%\System32\swprv.dll" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Symc8xx] "ImagePath"="\SystemRoot\system32\drivers\symc8xx.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\SymIM] "ImagePath"="system32\DRIVERS\SymIM.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\SymIMMP] "ImagePath"="system32\DRIVERS\SymIM.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Sym_hi] "ImagePath"="\SystemRoot\system32\drivers\sym_hi.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Sym_u3] "ImagePath"="\SystemRoot\system32\drivers\sym_u3.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\SysMain] "ServiceDll"="%systemroot%\system32\sysmain.dll" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\TabletInputService] "ServiceDll"="%SystemRoot%\System32\TabSvc.dll" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\TapiSrv] "ServiceDll"="%SystemRoot%\System32\tapisrv.dll" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\TBPanel] . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\TBS] "ServiceDll"="%SystemRoot%\System32\tbssvc.dll" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Tcpip] "ImagePath"="System32\drivers\tcpip.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Tcpip6] "ImagePath"="system32\DRIVERS\tcpip.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\tcpipreg] "ImagePath"="System32\drivers\tcpipreg.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\TDPIPE] "ImagePath"="system32\drivers\tdpipe.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\TDTCP] "ImagePath"="system32\drivers\tdtcp.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\tdx] "ImagePath"="system32\DRIVERS\tdx.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\TeamViewer6] "ImagePath"="c:\program files\TeamViewer\Version6\TeamViewer_Service.exe" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\TermDD] "ImagePath"="system32\DRIVERS\termdd.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\TermService] "ServiceDll"="%SystemRoot%\System32\termsrv.dll" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\TfFsMon] "ImagePath"="system32\drivers\TfFsMon.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\TfNetMon] "ImagePath"="\??\c:\windows\system32\drivers\TfNetMon.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\TfSysMon] "ImagePath"="system32\drivers\TfSysMon.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Themes] "ServiceDll"="%SystemRoot%\system32\shsvcs.dll" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\THREADORDER] "ServiceDll"="%SystemRoot%\system32\mmcss.dll" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\TomTomHOMEService] "ImagePath"="c:\program files\TomTom HOME 2\TomTomHOMEService.exe" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\TrkWks] "ServiceDll"="%SystemRoot%\System32\trkwks.dll" -- . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\TrustedInstaller] "ImagePath"="%SystemRoot%\servicing\TrustedInstaller.exe" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\TSDDD] . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\tssecsrv] "ImagePath"="System32\DRIVERS\tssecsrv.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\tunmp] "ImagePath"="system32\DRIVERS\tunmp.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\tunnel] "ImagePath"="system32\DRIVERS\tunnel.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\uagp35] "ImagePath"="\SystemRoot\system32\drivers\uagp35.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\udfs] "ImagePath"="system32\DRIVERS\udfs.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\UGatherer] . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\UGTHRSVC] . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\UI0Detect] "ImagePath"="%SystemRoot%\system32\UI0Detect.exe" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\uliagpkx] "ImagePath"="\SystemRoot\system32\drivers\uliagpkx.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\uliahci] "ImagePath"="\SystemRoot\system32\drivers\uliahci.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\UlSata] "ImagePath"="\SystemRoot\system32\drivers\ulsata.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\ulsata2] "ImagePath"="\SystemRoot\system32\drivers\ulsata2.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\umbus] "ImagePath"="system32\DRIVERS\umbus.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\UmRdpService] . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\upnphost] "ServiceDll"="%SystemRoot%\System32\upnphost.dll" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\usb] . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\usbaudio] "ImagePath"="system32\drivers\usbaudio.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\usbbus] "ImagePath"="system32\DRIVERS\lgusbbus.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\usbccgp] "ImagePath"="system32\DRIVERS\usbccgp.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\usbcir] "ImagePath"="system32\DRIVERS\usbcir.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\UsbDiag] "ImagePath"="system32\DRIVERS\lgusbdiag.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\usbehci] "ImagePath"="system32\DRIVERS\usbehci.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\usbhub] "ImagePath"="system32\DRIVERS\usbhub.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\USBModem] "ImagePath"="system32\DRIVERS\lgusbmodem.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\usbohci] "ImagePath"="\SystemRoot\system32\drivers\usbohci.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\usbprint] "ImagePath"="system32\DRIVERS\usbprint.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\usbscan] "ImagePath"="system32\DRIVERS\usbscan.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\USBSTOR
  • Hoi, niet om het even, maar ComboFix geeft niet aan dat er iets nieuws is geïnstalleerd, maar schijnbaar is er van alles wat betreft netwerksoftware erbij hekomen?
  • Ik heb gedaan zoals je het beschreef, en er is geen software bij gekomen. Wel kon ik na het scannen geen programma's meer starten, kreeg een foutmelding. Denk dat het daar mee te maken heeft. Na het opnieuw opstarten van de pc deed alles het weer. Wat nu?
  • Doe het volgende: [b:64a051d7d3][url=http://www.eset.com/onlinescan/]Doe de ESET online scan (Klik).[/url][/b:64a051d7d3] [list:64a051d7d3] [*:64a051d7d3]Klik op de knop [b:64a051d7d3]ESET Online Scanner[/b:64a051d7d3] [*:64a051d7d3]Zet een vinkje bij [b:64a051d7d3]YES, I accept the Terms of Use[/b:64a051d7d3] [*:64a051d7d3]Klik op [b:64a051d7d3]Start[/b:64a051d7d3] [*:64a051d7d3]Sta het ActiveX control toe om te installeren. [*:64a051d7d3]Zet een vinkje bij de volgende opties: [list:64a051d7d3][*:64a051d7d3][b:64a051d7d3]Remove found threats[/b:64a051d7d3] [*:64a051d7d3][b:64a051d7d3]Scan archives[/b:64a051d7d3][/list:u:64a051d7d3] [*:64a051d7d3]Klik vervolgens op [b:64a051d7d3][color=#0000FF:64a051d7d3]"Advanced Settings"[/color:64a051d7d3][/b:64a051d7d3] [list:64a051d7d3][*:64a051d7d3][b:64a051d7d3]Scan for potentially unwanted applications[/b:64a051d7d3] [*:64a051d7d3][b:64a051d7d3]Scan for potentially unsafe applications[/b:64a051d7d3] [*:64a051d7d3][b:64a051d7d3]Enable Anti-Stealth technology [/b:64a051d7d3][/list:u:64a051d7d3] [*:64a051d7d3]Klik op [b:64a051d7d3]Start[/b:64a051d7d3] [*:64a051d7d3]De computer wordt nu gescand. Dit kan best lang duren, heb dus geduld. [*:64a051d7d3]is de scan klaar, klik dan op [b:64a051d7d3][color=#0000FF:64a051d7d3]> List of found threats[/color:64a051d7d3][/b:64a051d7d3] [*:64a051d7d3]Klik vervolgens op [color=#0000FF:64a051d7d3][b:64a051d7d3]> Export to text file....[/b:64a051d7d3][/color:64a051d7d3] [*:64a051d7d3]Als opslaglokatie Bureaublad en geef het kladblokbestand een duidelijke titel. [*:64a051d7d3]Daarna mag jij het venster sluiten omdat de scan klaar is. [*:64a051d7d3]Open vervolgens het log dat op je bureaublad staat. [*:64a051d7d3]En kopieer en plak dan de inhoud van dit log in je volgende bericht.[/list:u:64a051d7d3] N.B.: deaktiveer tijdelijk je eigen antivirus tijdens de scan, dan is de onlinescan sneller!
  • C:\Program Files\Uniblue\RegistryBooster\decryptor_module.dll Win32/RegistryBooster application cleaned by deleting - quarantined C:\Program Files\Uniblue\RegistryBooster\Launcher.exe Win32/RegistryBooster application cleaned by deleting - quarantined C:\Program Files\Uniblue\RegistryBooster\rbmonitor.exe Win32/RegistryBooster application cleaned by deleting - quarantined C:\Program Files\Uniblue\RegistryBooster\rbnotifier.exe Win32/RegistryBooster application cleaned by deleting - quarantined C:\Program Files\Uniblue\RegistryBooster\rb_move_serial.exe Win32/RegistryBooster application cleaned by deleting - quarantined C:\Program Files\Uniblue\RegistryBooster\rb_track_install.exe Win32/RegistryBooster application cleaned by deleting - quarantined C:\Program Files\Uniblue\RegistryBooster\registrybooster.exe Win32/RegistryBooster application cleaned by deleting - quarantined C:\ProgramData\{F03307B7-E779-4F5E-A32E-9A73D8D6E0F2}\rbia.exe Win32/RegistryBooster application cleaned by deleting - quarantined C:\Qoobox\Quarantine\C\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe.vir a variant of Win32/Adware.Toolbar.Dealio application cleaned by deleting - quarantined C:\Users\bigadje\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00c1c7 Win32/OpenCandy application deleted - quarantined C:\Users\bigadje\Documents\Muziek\Incomplete\T-3545425-westerhaar.mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan cleaned - quarantined C:\Users\bigadje\Downloads\cnet_netscape-navigator-9_0_0_6_exe.exe a variant of Win32/InstallCore.D application cleaned by deleting - quarantined C:\Users\bigadje\Downloads\CNET_TechTracker_2_0_4_Setup.exe Win32/OpenCandy application deleted - quarantined
  • Hoi, had jij RegistyBooster soms illegitiem in gebruik? Op zich heb ik er overigens geen probleem mee ook dat het tool verwijderd is! http://www.youtube.com/watch?v=KCFCUQ_P0rk
  • Nee hoor, niet dat ik weet. Dan neem ik aand at verder alles oke is. Dank voor je hulp. Groet Arnold
  • Hallo Arnold, ik vertrouw het nog niet helemaal. Doe daarom het volgende: Download de [b:8a5fe8e0ab][url=http://download11.emsisoft.com/EmsisoftEmergencyKit.zip][color=#FF0000:8a5fe8e0ab]Emsisoft Emergency Kit[/color:8a5fe8e0ab][/url][/b:8a5fe8e0ab] naar het bureaublad en pak het [b:8a5fe8e0ab]ZIP[/b:8a5fe8e0ab] bestand uit. [list:8a5fe8e0ab] [*:8a5fe8e0ab] Open de map "[b:8a5fe8e0ab]EmsisoftEmergencyKit[/b:8a5fe8e0ab]" en dubbelklik op "[b:8a5fe8e0ab]Start.exe[/b:8a5fe8e0ab]" [*:8a5fe8e0ab] Klik nu op "[b:8a5fe8e0ab]Emergency Kit Scanner[/b:8a5fe8e0ab]" u krijg nu een melding dat het is aanbevolen om eerst te updaten sta dit toe door te klikken op "[b:8a5fe8e0ab]Ja[/b:8a5fe8e0ab]" [img:8a5fe8e0ab]http://i1103.photobucket.com/albums/g476/pcwebplus/EmsisoftEK11.jpg[/img:8a5fe8e0ab] [*:8a5fe8e0ab] Als de update gereed is en de melding "[b:8a5fe8e0ab]Update process is succesvol afgerond[/b:8a5fe8e0ab]" verschijnt klikt u op "[b:8a5fe8e0ab]menu[/b:8a5fe8e0ab]" en dan op "[b:8a5fe8e0ab]Scan PC[/b:8a5fe8e0ab]" [*:8a5fe8e0ab] Selecteer de optie "[b:8a5fe8e0ab]Diep[/b:8a5fe8e0ab]" als deze niet standaard al zo is ingesteld. [*:8a5fe8e0ab] Klik Nu op de knop "[b:8a5fe8e0ab]Scan[/b:8a5fe8e0ab]" en doe verder niets op de computer tijdens het scannen, deze scan kan een geruime tijd in beslag nemen dus wacht dit geduldig af. [*:8a5fe8e0ab] Het venster met de waarschuwing over een verhoogd risico kunt u sluiten als de scan gereed is. [*:8a5fe8e0ab] Zorg ervoor dat alle gevonden items zijn aangevinkt en druk dan op de knop "[b:8a5fe8e0ab]verwijder geselecteerde[/b:8a5fe8e0ab]" u zal nu de volgende melding krijgen maar klik hier op "[b:8a5fe8e0ab]Ja[/b:8a5fe8e0ab]" [img:8a5fe8e0ab]http://i1103.photobucket.com/albums/g476/pcwebplus/EmsisoftEK2.jpg[/img:8a5fe8e0ab] [*:8a5fe8e0ab] Als het verwijderen gereed is klikt u op de knop "[b:8a5fe8e0ab]View report[/b:8a5fe8e0ab]" en selecteert u het tekstbestand van deze scan met de naam zoals: [b:8a5fe8e0ab]a2scan_110730-111615.txt[/b:8a5fe8e0ab] [*:8a5fe8e0ab] Plaats de inhoud van dit LOG bestand straks in uw volgende bericht. [*:8a5fe8e0ab] Herstart nu de computer.[/list:u:8a5fe8e0ab]

Beantwoord deze vraag

Weet jij het antwoord op deze vraag? Registreer of meld je aan met je account

Dit is een gearchiveerde pagina. Antwoorden is niet meer mogelijk.