CK-CA

Niemand die mij kan helpen?

Hoy

Ik heb een probleempje, waarbij ik Sharepod niet geopend krijg. Ik heb verschillende programma's geïnstalleerd, geen enkel programma vind mijn iPod terug. Behalve iTunes dan.

Dit is de foutmelding die ik krijg;

C:\ipod_control\iTunes\iTunesDB file is empty.

Please run iTunes with your iPod connected, then re-open SharePod.

Wie mij kan helpen:

Alvast bedankt

Zo. Ik heb het gedaan. Bedankt voor je hulp, Kape!

Hallo Kape,

Ik denk dat ik Combofix heb verwijderd, want ik vind 'm niet meer terug op de pc. MOET het volgens jou manier, of mocht het ook gewoon verwijdert zijn?

Ik laat je iets weten als ik met alles klaar ben

Scan voltooid. 0 uit 19 scanners vonden malware.

En daaronder onder 'Scanners' staat 'niets gevonden' .

Wil je hier eens kijken? Google

De 3de laatste link pakken.

Dus het probleem is dan opgelost?

C:\Windows is het. Staat in een lijst met andere kleine bestandjes.

Met pad bedoel je?

Dag Kweezie Wabbit,

Ik heb het net geprobeerd. Spijtig genoeg is het niet gelukt.

Ik heb de 2 mappen verwijdert. Ik kan steeds 'Winhelp' niet verwijderen. (Zie afbeelding.)

Oke, heb het gedaan.

Hier is het logje. ( Als ik het logje in een bijlage kon steken, dan waren hier de topics een stuk overzichtelijker)

ComboFix 10-08-17.04 - Cem Kilic 18/08/2010 19:54:36.1.2 - x86

Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.32.1043.18.3325.1940 [GMT 2:00]

Gestart vanuit: c:\users\Cem Kilic\Desktop\ComboFix.exe

.

(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\program files\RelevantKnowledge

c:\program files\RelevantKnowledge\MSVCP71.DLL

c:\program files\RelevantKnowledge\MSVCR71.DLL

c:\program files\RelevantKnowledge\rlls.dll

c:\program files\RelevantKnowledge\rlls64.dll

c:\program files\RelevantKnowledge\rloci.bin

c:\program files\RelevantKnowledge\rlservice.exe

c:\program files\RelevantKnowledge\rlvknlg.exe

c:\program files\RelevantKnowledge\rlvknlg64.exe

c:\users\Cem Kilic\AppData\Local\Windows Server

c:\users\Cem Kilic\AppData\Local\Windows Server\flags.ini

c:\users\Cem Kilic\AppData\Local\Windows Server\server.dat

c:\users\Cem Kilic\AppData\Local\Windows Server\uses32.dat

c:\users\Cem Kilic\AppData\Roaming\Microsoft\Windows\Templates\memory.tmp

c:\users\marazali\AppData\Roaming\020000001eb25202724C.manifest

c:\users\marazali\AppData\Roaming\020000001eb25202724O.manifest

c:\users\marazali\AppData\Roaming\020000001eb25202724P.manifest

c:\users\marazali\AppData\Roaming\020000001eb25202724S.manifest

c:\windows\system32\drivers\npf.sys

c:\windows\system32\Packet.dll

c:\windows\system32\pthreadVC.dll

c:\windows\system32\system

c:\windows\system32\wpcap.dll

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

-------\Legacy_NPF

-------\Service_NPF

-------\Service_RelevantKnowledge

(((((((((((((((((((( Bestanden Gemaakt van 2010-07-18 to 2010-08-18 ))))))))))))))))))))))))))))))

.

2010-08-18 17:48 . 2010-08-18 17:49 -------- d-----w- C:\32788R22FWJFW

2010-08-18 15:26 . 2010-08-18 15:26 -------- d-----w- c:\program files\QuickTime

2010-08-18 15:25 . 2010-08-18 15:25 -------- d-----w- c:\users\Cem Kilic\AppData\Local\Apple

2010-08-18 13:54 . 2010-08-18 13:54 310208 ----a-w- c:\users\Cem Kilic\AppData\Roaming\Azureus\plugins\mlab\ShaperProbeC.exe

2010-08-18 13:54 . 2010-08-18 16:41 -------- d-----w- c:\users\Cem Kilic\AppData\Roaming\Azureus

2010-08-18 13:52 . 2010-08-18 13:53 -------- d-----w- c:\program files\Vuze

2010-08-18 10:53 . 2010-08-18 10:53 -------- d-----w- c:\program files\SubSync

2010-08-18 10:53 . 2010-08-18 10:53 249856 ------w- c:\windows\Setup1.exe

2010-08-18 10:53 . 2010-08-18 10:53 73216 ----a-w- c:\windows\ST6UNST.EXE

2010-08-18 10:02 . 2010-08-18 10:02 -------- d-----w- c:\program files\MPEG Player

2010-08-17 16:04 . 2010-08-17 16:04 -------- d-----w- c:\program files\DFX

2010-08-17 10:44 . 2010-08-17 10:44 -------- d-----w- c:\users\Cem Kilic\AppData\Roaming\Malwarebytes

2010-08-17 10:44 . 2010-04-29 13:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2010-08-17 10:44 . 2010-08-17 10:44 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2010-08-17 10:44 . 2010-04-29 13:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys

2010-08-17 10:04 . 2010-08-17 10:04 388096 ----a-r- c:\users\Cem Kilic\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe

2010-08-16 14:26 . 2010-08-16 14:26 -------- d-----w- c:\program files\VS Revo Group

2010-08-16 09:33 . 2010-08-16 09:33 -------- d-----w- c:\program files\CCleaner

2010-08-15 19:23 . 2010-08-17 10:01 -------- d-----w- c:\users\Cem Kilic\AppData\Local\Windows

2010-08-15 17:26 . 2010-08-15 17:26 -------- d-----w- c:\users\Cem Kilic\.thinupload

2010-08-15 16:08 . 2010-08-15 16:08 105432 ----a-w- c:\users\Cem Kilic\AppData\Local\GDIPFONTCACHEV1.DAT

2010-08-15 14:42 . 2010-08-15 14:42 -------- d-----w- c:\program files\RapidShareManager

2010-08-15 14:37 . 2010-06-11 16:15 1248768 ----a-w- c:\windows\system32\msxml3.dll

2010-08-15 14:37 . 2010-06-18 15:04 302080 ----a-w- c:\windows\system32\drivers\srv.sys

2010-08-15 14:37 . 2010-06-18 15:04 144896 ----a-w- c:\windows\system32\drivers\srv2.sys

2010-08-15 14:37 . 2010-06-16 16:04 905088 ----a-w- c:\windows\system32\drivers\tcpip.sys

2010-08-15 13:12 . 2010-08-15 13:12 -------- d-----w- c:\users\Cem Kilic\AppData\Roaming\DivX

2010-08-15 13:11 . 2010-08-15 13:12 -------- d-----w- c:\users\Cem Kilic\AppData\Local\Adobe

2010-08-15 13:11 . 2010-08-15 13:11 29184 ----a-r- c:\users\Cem Kilic\AppData\Roaming\Microsoft\Installer\{21AE04E8-EBF6-40DB-9AA9-B7A80C5D057D}\Icon21AE04E8.exe

2010-08-15 11:47 . 2010-08-18 17:23 -------- d-----w- c:\users\Cem Kilic\Tracing

2010-08-15 10:27 . 2010-08-15 10:27 -------- d-----w- c:\users\Cem Kilic\AppData\Local\DFX

2010-08-15 10:25 . 2010-08-15 18:18 -------- d-----w- c:\users\Cem Kilic\AppData\Roaming\Apple Computer

2010-08-15 10:25 . 2010-08-15 10:25 -------- d-----w- c:\users\Cem Kilic\AppData\Local\Apple Computer

2010-08-15 10:24 . 2010-08-15 10:24 -------- d-----w- c:\users\Cem Kilic\AppData\Local\Mozilla

2010-08-14 22:40 . 2010-08-15 17:11 -------- d-----w- C:\found.003

2010-08-11 10:26 . 2010-08-11 10:26 -------- d-----w- c:\programdata\CenerTCPMessenger

2010-08-04 17:13 . 2010-08-04 17:13 -------- d-----w- c:\program files\mkv2vob

2010-07-28 21:58 . 2010-07-28 21:59 -------- d-----w- c:\programdata\ScreenVCR

2010-07-28 21:58 . 2010-07-28 21:58 -------- d-----w- c:\program files\TotalScreenRecorder_Gold

2010-07-26 19:08 . 2010-07-26 19:08 -------- d-----w- c:\program files\iPod

2010-07-26 19:06 . 2010-07-26 19:06 73000 ----a-w- c:\programdata\Apple Computer\Installer Cache\iTunes 9.2.1.5\SetupAdmin.exe

2010-07-26 13:17 . 2010-07-26 13:17 -------- d-----w- c:\programdata\Uniblue

2010-07-25 20:53 . 2010-07-26 15:39 -------- d-----w- c:\program files\Uniblue

2010-07-25 15:51 . 2010-07-25 15:51 -------- d-----w- c:\users\marazali\AppData\Roaming\Malwarebytes

2010-07-20 12:15 . 2010-07-26 14:25 -------- d-----w- c:\program files\iPod(2702)

.

((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-08-18 18:08 . 2010-04-24 10:41 71445 ----a-w- c:\programdata\nvModes.dat

2010-08-18 18:08 . 2009-05-29 00:08 682270 ----a-w- c:\windows\system32\perfh013.dat

2010-08-18 18:08 . 2009-05-29 00:08 131534 ----a-w- c:\windows\system32\perfc013.dat

2010-08-18 17:46 . 2009-11-10 18:00 0 ----a-w- c:\users\marazali\AppData\Local\prvlcl.dat

2010-08-18 10:44 . 2009-09-06 12:02 -------- d-----w- c:\program files\URUSoft

2010-08-17 10:44 . 2010-01-16 15:16 -------- d-----w- c:\program files\MALWAREBYTES ANTI-MALWARE

2010-08-15 14:43 . 2009-08-31 11:16 -------- d-----w- c:\programdata\Microsoft Help

2010-08-15 14:40 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail

2010-08-06 22:02 . 2010-03-31 16:59 -------- d-----w- c:\programdata\DFX

2010-08-04 17:12 . 2009-05-29 10:22 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard

2010-08-04 08:58 . 2009-08-26 15:51 105432 ----a-w- c:\users\marazali\AppData\Local\GDIPFONTCACHEV1.DAT

2010-08-03 15:52 . 2010-03-21 09:05 -------- d-----w- c:\programdata\DivX

2010-07-31 07:28 . 2010-06-14 14:54 -------- d-----w- c:\programdata\boost_interprocess

2010-07-29 15:49 . 2010-06-06 10:53 57344 ----a-w- c:\programdata\DivX\RunAsUser\RUNASUSERPROCESS.dll

2010-07-26 20:06 . 2010-02-12 13:38 -------- d-----w- c:\program files\LimeWire

2010-07-26 19:14 . 2009-09-12 18:01 -------- d-----w- c:\users\marazali\AppData\Roaming\LimeWire

2010-07-26 19:08 . 2010-03-31 15:31 -------- d-----w- c:\program files\iTunes

2010-07-26 19:08 . 2009-08-28 20:14 -------- d-----w- c:\program files\Common Files\Apple

2010-07-26 15:47 . 2010-01-26 18:29 -------- d-----w- c:\users\marazali\AppData\Roaming\BitTorrent

2010-07-26 14:25 . 2010-06-18 14:10 -------- d-----w- c:\program files\Bonjour

2010-07-26 14:08 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Photo Gallery

2010-07-26 14:08 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Journal

2010-07-26 14:08 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Defender

2010-07-26 14:08 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Collaboration

2010-07-26 14:08 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Calendar

2010-07-26 14:07 . 2006-11-02 12:37 -------- d-----w- c:\program files\Microsoft Games

2010-07-26 11:57 . 2010-07-09 20:23 -------- d-----w- c:\programdata\Mozilla Firefox

2010-07-18 19:18 . 2010-07-11 09:23 -------- d-----w- c:\programdata\WindSolutions

2010-07-18 19:17 . 2010-07-18 19:17 -------- d-----w- c:\program files\TVersity Codec Pack

2010-07-11 08:40 . 2010-04-06 07:42 -------- d-----w- c:\program files\LeKuSoft

2010-06-26 06:05 . 2010-08-15 14:38 916480 ----a-w- c:\windows\system32\wininet.dll

2010-06-26 06:02 . 2010-08-15 14:38 71680 ----a-w- c:\windows\system32\iesetup.dll

2010-06-26 06:02 . 2010-08-15 14:38 109056 ----a-w- c:\windows\system32\iesysprep.dll

2010-06-26 04:25 . 2010-08-15 14:38 133632 ----a-w- c:\windows\system32\ieUnatt.exe

2010-06-21 13:37 . 2010-08-15 14:38 2037760 ----a-w- c:\windows\system32\win32k.sys

2010-06-18 17:31 . 2010-08-15 14:38 36864 ----a-w- c:\windows\system32\rtutils.dll

2010-06-11 16:16 . 2010-08-15 14:38 274944 ----a-w- c:\windows\system32\schannel.dll

2010-06-08 17:35 . 2010-08-15 14:38 3548040 ----a-w- c:\windows\system32\ntoskrnl.exe

2010-06-08 17:35 . 2010-08-15 14:38 3600768 ----a-w- c:\windows\system32\ntkrnlpa.exe

2010-06-07 11:56 . 2010-06-14 14:54 192496 ----a-w- c:\windows\system32\hrfsnp.dll

2010-06-07 11:56 . 2010-06-14 14:54 144368 ----a-w- c:\windows\system32\drivers\hrfsmrx.sys

2010-05-31 06:19 . 2010-02-21 15:54 680 ----a-w- c:\users\marazali\AppData\Local\d3d9caps.dat

2010-05-27 20:08 . 2010-08-15 14:38 81920 ----a-w- c:\windows\system32\iccvid.dll

2010-05-26 17:06 . 2010-06-09 13:34 34304 ----a-w- c:\windows\system32\atmlib.dll

2010-05-26 14:47 . 2010-06-09 13:34 289792 ----a-w- c:\windows\system32\atmfd.dll

2010-05-22 17:53 . 2010-04-17 08:47 15944 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys

2010-05-21 12:14 . 2009-10-03 08:13 221568 ------w- c:\windows\system32\MpSigStub.exe

2009-03-11 14:14 . 2009-03-11 14:09 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT

.

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\HumyoConflict]

@="{7479C9AF-DA81-4944-92E5-23E49390BB2B}"

[HKEY_CLASSES_ROOT\CLSID\{7479C9AF-DA81-4944-92E5-23E49390BB2B}]

2010-06-07 11:56 757744 ----a-w- c:\program files\humyo SmartDrive\HrfsShellExtension.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\HumyoSynced]

@="{7479C9AF-DA81-4944-92E5-23E49390BB2A}"

[HKEY_CLASSES_ROOT\CLSID\{7479C9AF-DA81-4944-92E5-23E49390BB2A}]

2010-06-07 11:56 757744 ----a-w- c:\program files\humyo SmartDrive\HrfsShellExtension.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\HumyoSyncing]

@="{7479C9AF-DA81-4944-92E5-23E49390BB29}"

[HKEY_CLASSES_ROOT\CLSID\{7479C9AF-DA81-4944-92E5-23E49390BB29}]

2010-06-07 11:56 757744 ----a-w- c:\program files\humyo SmartDrive\HrfsShellExtension.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\HumyoUnavailable]

@="{06F5F772-99DF-4191-9AED-3037B0DF154B}"

[HKEY_CLASSES_ROOT\CLSID\{06F5F772-99DF-4191-9AED-3037B0DF154B}]

2010-06-07 11:56 757744 ----a-w- c:\program files\humyo SmartDrive\HrfsShellExtension.dll

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

ST6UNST Uninstaller.LNK - c:\windows\ST6UNST.EXE [2010-8-18 73216]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]

"AppInit_DLLs"=c:\windows\System32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"aux1"=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]

@="Service"

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^humyo SmartDrive.lnk]

backup=c:\windows\pss\humyo SmartDrive.lnk.CommonStartup

backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^Users^Cem & Olcay^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^LimeWire On Startup.lnk]

backup=c:\windows\pss\LimeWire On Startup.lnk.Startup

backupExtension=.Startup

[HKLM\~\startupfolder\C:^Users^Cem Kilic^AppData^Local^Windows^winhelp.exe]

path=c:\users\Cem Kilic\AppData\Local\Windows\winhelp.exe

backup=c:\windows\pss\winhelp.exe.Startup

backupExtension=.Startup

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CLMLServer

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DownloadAccelerator

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IncrediMail

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Magentic

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NokiaMServer]

c:\program files\Common Files\Nokia\MPlatform\NokiaMServer [X]

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NokiaMusic FastStart

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NokiaOviSuite2

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\uTorrent

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VeohPlugin

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Voipwise

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]

2010-06-09 08:06 976832 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]

2010-06-20 02:04 35760 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]

2010-06-03 00:50 1144104 ----a-w- c:\program files\DivX\DivX Update\DivXUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]

2010-07-21 13:53 141608 ----a-w- c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]

2010-04-16 20:12 3872080 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

2010-08-10 03:15 421888 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Uniblue RegistryBooster 2]

2007-08-16 07:02 99608 ----a-w- c:\program files\Uniblue\RegistryBooster 2\StartRegistryBooster.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Uniblue SpeedUpMyPC]

2007-08-16 07:02 202008 ----a-w- c:\program files\Uniblue\SpeedUpMyPC 3\StartSUMP2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Uniblue SpyEraser]

2007-08-16 07:03 1269000 ----a-w- c:\program files\Uniblue\SpyEraser\SpyEraser.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]

2008-01-21 02:23 1008184 ----a-w- c:\program files\Windows Defender\MSASCui.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]

"VistaSp2"=hex(:c2,a9,e1,08,66,31,ca,01

R3 hrfsmrx;hrfsmrx;c:\windows\System32\Drivers\hrfsmrx.sys [2010-06-07 144368]

R3 humyo.com;humyo.com;c:\program files\humyo SmartDrive\hrfscore.exe [2010-06-07 3174384]

R3 netr28u;RT2870 USB Wireless LAN Card Driver for Vista;c:\windows\system32\DRIVERS\netr28u.sys [2007-09-21 554496]

R4 sptd;sptd;c:\windows\system32\Drivers\sptd.sys [2010-01-02 691696]

S0 AVGIDSErHr;AVGIDSErHr;c:\windows\System32\Drivers\AVGIDSErHr.sys [2009-07-22 25608]

S0 AvgRkx86;avgrkx86.sys;c:\windows\System32\Drivers\avgrkx86.sys [2009-10-01 12552]

S1 Avgfwfd;AVG network filter service;c:\windows\system32\DRIVERS\avgfwd6x.sys [2009-10-01 23832]

S1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\System32\Drivers\avgldx86.sys [2009-10-01 335240]

S1 AvgTdiX;AVG8 Network Redirector;c:\windows\System32\Drivers\avgtdix.sys [2009-10-01 108552]

S2 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2009-10-01 297752]

S2 avgfws8;AVG8 Firewall;c:\progra~1\AVG\AVG8\avgfws8.exe [2009-10-01 1370488]

S2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG8\IdentityProtection\agent\Bin\AVGIDSAgent.exe AVGIDSAgent [x]

S2 AVGIDSWatcher;AVGIDSWatcher;c:\program files\AVG\AVG8\IdentityProtection\agent\Bin\AVGIDSWatcher.exe [2009-07-22 571912]

S3 AVGIDSDriver;AVGIDSDriver;c:\program files\AVG\AVG8\IdentityProtection\agent\driver\platform_VISTA\AVGIDSDriver.sys [2009-07-22 121352]

S3 AVGIDSFilter;AVGIDSFilter;c:\program files\AVG\AVG8\IdentityProtection\agent\driver\platform_VISTA\AVGIDSFilter.sys [2009-07-22 30216]

S3 AVGIDSShim;AVGIDSShim;c:\program files\AVG\AVG8\IdentityProtection\agent\driver\platform_VISTA\AVGIDSShim.sys [2009-07-22 29136]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache

.

Inhoud van de 'Gedeelde Taken' map

2010-07-26 c:\windows\Tasks\Uniblue SpyEraser.job

- c:\program files\Uniblue\SpyEraser\SpyEraser.exe [2010-07-26 07:03]

2010-08-18 c:\windows\Tasks\User_Feed_Synchronization-{39A30C60-5B4A-41BA-83DD-BE2EBF01574C}.job

- c:\windows\system32\msfeedssync.exe [2010-08-15 04:24]

2010-08-17 c:\windows\Tasks\User_Feed_Synchronization-{5EF769B8-4F9D-40B5-8A04-24005E323BB2}.job

- c:\windows\system32\msfeedssync.exe [2010-08-15 04:24]

.

.

------- Bijkomende Scan -------

.

IE: E&xporteren naar Microsoft Excel - c:\progra~1\MI1933~1\Office12\EXCEL.EXE/3000

IE: {{0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - eBay België

FF - ProfilePath - c:\users\Cem Kilic\AppData\Roaming\Mozilla\Firefox\Profiles\2ovacmyy.default\

FF - prefs.js: browser.startup.homepage - Google

FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll

FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll

FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll

FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll

FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----

c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type", 5);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true);

c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);

c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");

c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);

c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);

.

- - - - ORPHANS VERWIJDERD - - - -

MSConfigStartUp-AdobeCS4ServiceManager - c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe

AddRemove-{d08d9f98-1c78-4704-87e6-368b0023d831} - c:\program files\RelevantKnowledge\rlvknlg.exe

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover

Rootkit scan 2010-08-18 20:08

Windows 6.0.6002 Service Pack 2 NTFS

scannen van verborgen processen ...

scannen van verborgen autostart items ...

scannen van verborgen bestanden ...

c:\windows\system32\sys_drv.dat 7028 bytes

c:\windows\system32\sys_drv_2.dat 6024 bytes

c:\windows\system32\WinFLdrv.sys 10752 bytes executable

Scan succesvol afgerond

verborgen bestanden: 3

**************************************************************************

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\.NET CLR Data]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\.NET CLR Networking]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\.NET Data Provider for Oracle]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\.NET Data Provider for SqlServer]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\.NETFramework]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\ACPI]

"ImagePath"="system32\drivers\acpi.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\adfs]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\adp94xx]

"ImagePath"="\SystemRoot\system32\drivers\adp94xx.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\adpahci]

"ImagePath"="\SystemRoot\system32\drivers\adpahci.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\adpu160m]

"ImagePath"="\SystemRoot\system32\drivers\adpu160m.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\adpu320]

"ImagePath"="\SystemRoot\system32\drivers\adpu320.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\adsi]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\AeLookupSvc]

"ServiceDll"="%SystemRoot%\System32\aelupsvc.dll"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\AFD]

"ImagePath"="\SystemRoot\system32\drivers\afd.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\agp440]

"ImagePath"="\SystemRoot\system32\drivers\agp440.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\aic78xx]

"ImagePath"="\SystemRoot\system32\drivers\djsvs.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\ALG]

"ImagePath"="%SystemRoot%\System32\alg.exe"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\aliide]

"ImagePath"="\SystemRoot\system32\drivers\aliide.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\amdagp]

"ImagePath"="\SystemRoot\system32\drivers\amdagp.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\amdide]

"ImagePath"="\SystemRoot\system32\drivers\amdide.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\AmdK7]

"ImagePath"="\SystemRoot\system32\drivers\amdk7.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\AmdK8]

"ImagePath"="\SystemRoot\system32\drivers\amdk8.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Appinfo]

"ServiceDll"="%SystemRoot%\System32\appinfo.dll"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Apple Mobile Device]

"ImagePath"="\"c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe\""

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\AppMgmt]

"ServiceDll"="%SystemRoot%\System32\appmgmts.dll"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\arc]

"ImagePath"="\SystemRoot\system32\drivers\arc.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\arcsas]

"ImagePath"="\SystemRoot\system32\drivers\arcsas.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\AsyncMac]

"ImagePath"="system32\DRIVERS\asyncmac.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\atapi]

"ImagePath"="\SystemRoot\system32\drivers\atapi.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\AudioEndpointBuilder]

"ServiceDll"="%SystemRoot%\System32\Audiosrv.dll"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Audiosrv]

"ServiceDll"="%SystemRoot%\System32\Audiosrv.dll"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\AVG]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\avg8wd]

"ImagePath"="c:\progra~1\AVG\AVG8\avgwdsvc.exe"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Avgfwfd]

"ImagePath"="system32\DRIVERS\avgfwd6x.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\avgfws8]

"ImagePath"="c:\progra~1\AVG\AVG8\avgfws8.exe"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\AVGIDSAgent]

"ImagePath"="\"c:\program files\AVG\AVG8\IdentityProtection\agent\Bin\AVGIDSAgent.exe\" AVGIDSAgent"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\AVGIDSDriver]

"ImagePath"="\??\c:\program files\AVG\AVG8\IdentityProtection\agent\driver\platform_VISTA\AVGIDSDriver.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\AVGIDSErHr]

"ImagePath"="System32\Drivers\AVGIDSErHr.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\AVGIDSFilter]

"ImagePath"="\??\c:\program files\AVG\AVG8\IdentityProtection\agent\driver\platform_VISTA\AVGIDSFilter.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\AVGIDSShim]

"ImagePath"="\??\c:\program files\AVG\AVG8\IdentityProtection\agent\driver\platform_VISTA\AVGIDSShim.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\AVGIDSWatcher]

"ImagePath"="c:\program files\AVG\AVG8\IdentityProtection\agent\Bin\AVGIDSWatcher.exe"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\AvgLdx86]

"ImagePath"="\SystemRoot\System32\Drivers\avgldx86.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\AvgMfx86]

"ImagePath"="\SystemRoot\System32\Drivers\avgmfx86.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\AvgRkx86]

"ImagePath"="System32\Drivers\avgrkx86.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\AvgTdiX]

"ImagePath"="\SystemRoot\System32\Drivers\avgtdix.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\BattC]

"MofImagePath"="system32\drivers\battc.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Beep]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\BFE]

"ServiceDll"="%SystemRoot%\System32\bfe.dll"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\BITS]

"ServiceDll"="%systemroot%\system32\qmgr.dll"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\blbdrive]

"ImagePath"="\SystemRoot\system32\drivers\blbdrive.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Bonjour Service]

"ImagePath"="\"c:\program files\Bonjour\mDNSResponder.exe\""

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\bowser]

"ImagePath"="system32\DRIVERS\bowser.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\BrFiltLo]

"ImagePath"="\SystemRoot\system32\drivers\brfiltlo.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\BrFiltUp]

"ImagePath"="\SystemRoot\system32\drivers\brfiltup.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Browser]

"ServiceDll"="%SystemRoot%\System32\browser.dll"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Brserid]

"ImagePath"="\SystemRoot\system32\drivers\brserid.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\BrSerWdm]

"ImagePath"="\SystemRoot\system32\drivers\brserwdm.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\BrUsbMdm]

"ImagePath"="\SystemRoot\system32\drivers\brusbmdm.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\BrUsbSer]

"ImagePath"="\SystemRoot\system32\drivers\brusbser.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\BTHMODEM]

"ImagePath"="\SystemRoot\system32\drivers\bthmodem.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\BTHPORT]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\catchme]

"ImagePath"="\??\c:\users\CEMKIL~1\AppData\Local\Temp\catchme.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\cdfs]

"ImagePath"="system32\DRIVERS\cdfs.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\cdrom]

"ImagePath"="system32\DRIVERS\cdrom.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\CertPropSvc]

"ServiceDll"="%SystemRoot%\System32\certprop.dll"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\circlass]

"ImagePath"="\SystemRoot\system32\drivers\circlass.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\CLFS]

"ImagePath"="System32\CLFS.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\clr_optimization_v2.0.50727_32]

"ImagePath"="%systemroot%\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\cmdide]

"ImagePath"="\SystemRoot\system32\drivers\cmdide.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Compbatt]

"ImagePath"="\SystemRoot\system32\drivers\compbatt.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\COMSysApp]

"ImagePath"="%SystemRoot%\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235}"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\crcdisk]

"ImagePath"="system32\drivers\crcdisk.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Crusoe]

"ImagePath"="\SystemRoot\system32\drivers\crusoe.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\crypt32]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\CryptSvc]

"ServiceDll"="%SystemRoot%\system32\cryptsvc.dll"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\DCLocator]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\DcomLaunch]

"ServiceDll"="%SystemRoot%\system32\rpcss.dll"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\DfsC]

"ImagePath"="System32\Drivers\dfsc.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\DFSR]

"ImagePath"="%SystemRoot%\system32\DFSR.exe"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Dhcp]

"ServiceDll"="%SystemRoot%\system32\dhcpcsvc.dll"

--

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\disk]

"ImagePath"="system32\drivers\disk.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Dnscache]

"ServiceDll"="%SystemRoot%\System32\dnsrslvr.dll"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\dot3svc]

"ServiceDll"="%SystemRoot%\System32\dot3svc.dll"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\DPS]

"ServiceDll"="%SystemRoot%\system32\dps.dll"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\drmkaud]

"ImagePath"="system32\drivers\drmkaud.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\DXGKrnl]

"ImagePath"="\SystemRoot\System32\drivers\dxgkrnl.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\e1express]

"ImagePath"="system32\DRIVERS\e1e6032.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\E1G60]

"ImagePath"="system32\DRIVERS\E1G60I32.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EapHost]

"ServiceDll"="%SystemRoot%\System32\eapsvc.dll"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Ecache]

"ImagePath"="System32\drivers\ecache.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\ehRecvr]

"ImagePath"="%systemroot%\ehome\ehRecvr.exe"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\ehSched]

"ImagePath"="%systemroot%\ehome\ehsched.exe"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\ehstart]

"ServiceDll"="%SystemRoot%\ehome\ehstart.dll"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\elxstor]

"ImagePath"="\SystemRoot\system32\drivers\elxstor.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EmdCache]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EMDMgmt]

"ServiceDll"="%systemroot%\system32\emdmgmt.dll"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\ErrDev]

"ImagePath"="\SystemRoot\system32\drivers\errdev.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\ESENT]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog]

"ServiceDll"="%SystemRoot%\System32\wevtsvc.dll"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventSystem]

"ServiceDll"="%systemroot%\system32\es.dll"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\exfat]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\fastfat]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\fdc]

"ImagePath"="system32\DRIVERS\fdc.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\fdPHost]

"ServiceDll"="%SystemRoot%\system32\fdPHost.dll"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\FDResPub]

"ServiceDll"="%SystemRoot%\system32\fdrespub.dll"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\FileInfo]

"ImagePath"="system32\drivers\fileinfo.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Filetrace]

"ImagePath"="system32\drivers\filetrace.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\FLEXnet Licensing Service]

"ImagePath"="\"c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe\""

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\flpydisk]

"ImagePath"="system32\DRIVERS\flpydisk.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\FltMgr]

"ImagePath"="system32\drivers\fltmgr.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\FontCache]

"ServiceDll"="%SystemRoot%\system32\FntCache.dll"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\FontCache3.0.0.0]

"ImagePath"="%systemroot%\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Fs_Rec]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\gagp30kx]

"ImagePath"="\SystemRoot\system32\drivers\gagp30kx.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\GEARAspiWDM]

"ImagePath"="system32\DRIVERS\GEARAspiWDM.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\gpsvc]

"ServiceDll"="%SystemRoot%\System32\gpsvc.dll"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\HdAudAddService]

"ImagePath"="system32\drivers\HdAudio.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\HDAudBus]

"ImagePath"="system32\DRIVERS\HDAudBus.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\HidBth]

"ImagePath"="\SystemRoot\system32\drivers\hidbth.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\HidIr]

"ImagePath"="\SystemRoot\system32\drivers\hidir.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\hidserv]

"ServiceDll"="%SystemRoot%\System32\hidserv.dll"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\HidUsb]

"ImagePath"="system32\DRIVERS\hidusb.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\hkmsvc]

"ServiceDLL"="%SystemRoot%\system32\kmsvc.dll"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\HpCISSs]

"ImagePath"="\SystemRoot\system32\drivers\hpcisss.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\hrfsmrx]

"ImagePath"="\SystemRoot\System32\Drivers\hrfsmrx.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\HTTP]

"ImagePath"="system32\drivers\HTTP.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\humyo.com]

"ImagePath"="\"c:\program files\humyo SmartDrive\hrfscore.exe\""

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\i2omp]

"ImagePath"="\SystemRoot\system32\drivers\i2omp.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\i8042prt]

"ImagePath"="system32\DRIVERS\i8042prt.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\IAANTMON]

"ImagePath"="c:\program files\Intel\Intel Matrix Storage Manager\Iaantmon.exe"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\iaStor]

"ImagePath"="system32\DRIVERS\iaStor.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\iaStorV]

"ImagePath"="\SystemRoot\system32\drivers\iastorv.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\idsvc]

"ImagePath"="\"%systemroot%\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe\""

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\iirsp]

"ImagePath"="\SystemRoot\system32\drivers\iirsp.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\IKEEXT]

"ServiceDll"="%SystemRoot%\System32\ikeext.dll"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\inetaccs]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\IntcAzAudAddService]

"ImagePath"="system32\drivers\RTKVHDA.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\intelide]

"ImagePath"="\SystemRoot\system32\drivers\intelide.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\intelppm]

"ImagePath"="system32\DRIVERS\intelppm.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\IPBusEnum]

"ServiceDll"="%SystemRoot%\system32\ipbusenum.dll"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\IpFilterDriver]

"ImagePath"="system32\DRIVERS\ipfltdrv.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\iphlpsvc]

"ServiceDll"="%SystemRoot%\System32\iphlpsvc.dll"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\IpInIp]

"ImagePath"="system32\DRIVERS\ipinip.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\IPMIDRV]

"ImagePath"="\SystemRoot\system32\drivers\ipmidrv.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\IPNAT]

"ImagePath"="system32\DRIVERS\ipnat.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\iPod Service]

"ImagePath"="\"c:\program files\iPod\bin\iPodService.exe\""

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\IRENUM]

"ImagePath"="system32\drivers\irenum.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\isapnp]

"ImagePath"="\SystemRoot\system32\drivers\isapnp.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\iScsiPrt]

"ImagePath"="system32\DRIVERS\msiscsi.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\iteatapi]

"ImagePath"="\SystemRoot\system32\drivers\iteatapi.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\iteraid]

"ImagePath"="\SystemRoot\system32\drivers\iteraid.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\kbdclass]

"ImagePath"="system32\DRIVERS\kbdclass.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\kbdhid]

"ImagePath"="system32\DRIVERS\kbdhid.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\KeyIso]

"ImagePath"="%SystemRoot%\system32\lsass.exe"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\KSecDD]

"ImagePath"="System32\Drivers\ksecdd.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\KtmRm]

"ServiceDll"="%systemroot%\system32\msdtckrm.dll"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\LanmanServer]

"ServiceDll"="%SystemRoot%\System32\srvsvc.dll"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\LanmanWorkstation]

"ServiceDll"="%SystemRoot%\System32\wkssvc.dll"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\ldap]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\lltdio]

"ImagePath"="system32\DRIVERS\lltdio.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\lltdsvc]

"ServiceDll"="%SystemRoot%\System32\lltdsvc.dll"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\lmhosts]

"ServiceDll"="%SystemRoot%\System32\lmhsvc.dll"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Lsa]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\LSI_FC]

"ImagePath"="\SystemRoot\system32\drivers\lsi_fc.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\LSI_SAS]

"ImagePath"="\SystemRoot\system32\drivers\lsi_sas.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\LSI_SCSI]

"ImagePath"="\SystemRoot\system32\drivers\lsi_scsi.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\luafv]

"ImagePath"="\SystemRoot\system32\drivers\luafv.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Mcx2Svc]

"ServiceDll"="%SystemRoot%\system32\Mcx2Svc.dll"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\megasas]

"ImagePath"="\SystemRoot\system32\drivers\megasas.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\MegaSR]

"ImagePath"="\SystemRoot\system32\drivers\megasr.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\MMCSS]

"ServiceDll"="%SystemRoot%\system32\mmcss.dll"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Modem]

"ImagePath"="system32\drivers\modem.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\monitor]

"ImagePath"="system32\DRIVERS\monitor.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\mouclass]

"ImagePath"="system32\DRIVERS\mouclass.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\mouhid]

"ImagePath"="system32\DRIVERS\mouhid.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\MountMgr]

"ImagePath"="System32\drivers\mountmgr.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\mpio]

"ImagePath"="\SystemRoot\system32\drivers\mpio.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\mpsdrv]

"ImagePath"="System32\drivers\mpsdrv.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\MpsSvc]

"ServiceDll"="%SystemRoot%\system32\mpssvc.dll"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Mraid35x]

"ImagePath"="\SystemRoot\system32\drivers\mraid35x.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\MRxDAV]

"ImagePath"="\SystemRoot\system32\drivers\mrxdav.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\mrxsmb]

"ImagePath"="system32\DRIVERS\mrxsmb.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\mrxsmb10]

"ImagePath"="system32\DRIVERS\mrxsmb10.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\mrxsmb20]

"ImagePath"="system32\DRIVERS\mrxsmb20.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\msahci]

"ImagePath"="\SystemRoot\system32\drivers\msahci.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\msdsm]

"ImagePath"="\SystemRoot\system32\drivers\msdsm.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\MSDTC]

"ImagePath"="%SystemRoot%\System32\msdtc.exe"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\MSDTC Bridge 3.0.0.0]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Msfs]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\msisadrv]

"ImagePath"="system32\drivers\msisadrv.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\MSiSCSI]

"ServiceDll"="%systemroot%\system32\iscsiexe.dll"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\msiserver]

"ImagePath"="%systemroot%\system32\msiexec.exe /V"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\MSKSSRV]

"ImagePath"="system32\drivers\MSKSSRV.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\MSPCLOCK]

"ImagePath"="system32\drivers\MSPCLOCK.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\MSPQM]

"ImagePath"="system32\drivers\MSPQM.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\MsRPC]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\MSSCNTRS]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\mssmbios]

"ImagePath"="system32\DRIVERS\mssmbios.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\MSTEE]

"ImagePath"="system32\drivers\MSTEE.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Mup]

"ImagePath"="System32\Drivers\mup.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\napagent]

"ServiceDLL"="%SystemRoot%\system32\qagentRT.dll"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\NativeWifiP]

"ImagePath"="system32\DRIVERS\nwifi.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\NDIS]

"ImagePath"="system32\drivers\ndis.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\NdisTapi]

"ImagePath"="system32\DRIVERS\ndistapi.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Ndisuio]

"ImagePath"="system32\DRIVERS\ndisuio.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\NdisWan]

"ImagePath"="system32\DRIVERS\ndiswan.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\NDProxy]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\NetBIOS]

"ImagePath"="system32\DRIVERS\netbios.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\netbt]

"ImagePath"="System32\DRIVERS\netbt.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Netlogon]

"ImagePath"="%SystemRoot%\system32\lsass.exe"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Netman]

"ServiceDll"="%SystemRoot%\System32\netman.dll"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\netprofm]

"ServiceDll"="%SystemRoot%\System32\netprofm.dll"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\netr28u]

"ImagePath"="system32\DRIVERS\netr28u.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\NetTcpPortSharing]

"ImagePath"="\"%systemroot%\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe\""

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\nfrd960]

"ImagePath"="\SystemRoot\system32\drivers\nfrd960.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\NlaSvc]

"ServiceDll"="%SystemRoot%\System32\nlasvc.dll"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\nmwcd]

"ImagePath"="system32\drivers\ccdcmb.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\nmwcdc]

"ImagePath"="system32\drivers\ccdcmbo.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Npfs]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\nsi]

"ServiceDll"="%systemroot%\system32\nsisvc.dll"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\nsiproxy]

"ImagePath"="system32\drivers\nsiproxy.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\NTDS]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Ntfs]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\ntrigdigi]

"ImagePath"="\SystemRoot\system32\drivers\ntrigdigi.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Null]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\nvlddmkm]

"ImagePath"="system32\DRIVERS\nvlddmkm.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\nvraid]

"ImagePath"="\SystemRoot\system32\drivers\nvraid.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\nvstor]

"ImagePath"="\SystemRoot\system32\drivers\nvstor.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\nvsvc]

"ImagePath"="%SystemRoot%\system32\nvvsvc.exe"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\nv_agp]

"ImagePath"="\SystemRoot\system32\drivers\nv_agp.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\NwlnkFlt]

"ImagePath"="system32\DRIVERS\nwlnkflt.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\NwlnkFwd]

"ImagePath"="system32\DRIVERS\nwlnkfwd.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\odserv]

"ImagePath"="\"c:\program files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE\""

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\ohci1394]

"ImagePath"="system32\DRIVERS\ohci1394.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\ose]

"ImagePath"="\"c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE\""

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Outlook]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\p2pimsvc]

"ServiceDll"="%SystemRoot%\system32\p2psvc.dll"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\p2psvc]

"ServiceDll"="%SystemRoot%\system32\p2psvc.dll"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Parport]

"ImagePath"="\SystemRoot\system32\drivers\parport.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\partmgr]

"ImagePath"="System32\drivers\partmgr.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Parvdm]

"ImagePath"="\SystemRoot\system32\drivers\parvdm.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\PcaSvc]

"ServiceDll"="%SystemRoot%\System32\pcasvc.dll"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\pccsmcfd]

"ImagePath"="system32\DRIVERS\pccsmcfd.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\pci]

"ImagePath"="system32\drivers\pci.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\pciide]

"ImagePath"="\SystemRoot\system32\drivers\pciide.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\pcmcia]

"ImagePath"="\SystemRoot\system32\drivers\pcmcia.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\pcouffin]

"ImagePath"="System32\Drivers\pcouffin.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\PEAUTH]

"ImagePath"="system32\drivers\peauth.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\PerfDisk]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\PerfNet]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\PerfOS]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\PerfProc]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\pla]

"ServiceDll"="%systemroot%\system32\pla.dll"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\PlugPlay]

"ServiceDll"="%SystemRoot%\system32\umpnpmgr.dll"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\PNRPAutoReg]

"ServiceDll"="%SystemRoot%\system32\p2psvc.dll"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\PNRPsvc]

"ServiceDll"="%SystemRoot%\system32\p2psvc.dll"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\PolicyAgent]

"ServiceDll"="%SystemRoot%\System32\ipsecsvc.dll"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\PortProxy]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\PptpMiniport]

"ImagePath"="system32\DRIVERS\raspptp.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Processor]

"ImagePath"="\SystemRoot\system32\drivers\processr.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\ProfSvc]

"ServiceDll"="%systemroot%\system32\profsvc.dll"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\ProtectedStorage]

"ImagePath"="%SystemRoot%\system32\lsass.exe"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\PSched]

"ImagePath"="system32\DRIVERS\pacer.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\PSI_SVC_2]

"ImagePath"="\"c:\program files\Common Files\Protexis\License Service\PsiService_2.exe\""

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\ql2300]

"ImagePath"="\SystemRoot\system32\drivers\ql2300.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\ql40xx]

"ImagePath"="\SystemRoot\system32\drivers\ql40xx.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\QWAVE]

"ServiceDll"="%windir%\system32\qwave.dll"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\QWAVEdrv]

"ImagePath"="\SystemRoot\system32\drivers\qwavedrv.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\RasAcd]

"ImagePath"="System32\DRIVERS\rasacd.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\RasAuto]

"ServiceDll"="%SystemRoot%\System32\rasauto.dll"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Rasl2tp]

"ImagePath"="system32\DRIVERS\rasl2tp.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\RasMan]

"ServiceDll"="%SystemRoot%\System32\rasmans.dll"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\RasPppoe]

"ImagePath"="system32\DRIVERS\raspppoe.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\RasSstp]

"ImagePath"="system32\DRIVERS\rassstp.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\rdbss]

"ImagePath"="system32\DRIVERS\rdbss.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\RDPCDD]

"ImagePath"="System32\DRIVERS\RDPCDD.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\RDPDD]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\rdpdr]

"ImagePath"="\SystemRoot\system32\drivers\rdpdr.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\RDPENCDD]

"ImagePath"="system32\drivers\rdpencdd.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\RDPNP]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\RDPWD]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\RemoteAccess]

"ServiceDLL"="%SystemRoot%\System32\mprdim.dll"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\RemoteRegistry]

"ServiceDll"="%SystemRoot%\system32\regsvc.dll"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\rpcapd]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\RpcLocator]

"ImagePath"="%SystemRoot%\system32\locator.exe"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\RpcSs]

"ServiceDll"="%SystemRoot%\system32\rpcss.dll"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\rspndr]

"ImagePath"="system32\DRIVERS\rspndr.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SamSs]

"ImagePath"="%SystemRoot%\system32\lsass.exe"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sbp2port]

"ImagePath"="\SystemRoot\system32\drivers\sbp2port.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SCardSvr]

"ServiceDll"="%SystemRoot%\System32\SCardSvr.dll"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Schedule]

"ServiceDll"="%systemroot%\system32\schedsvc.dll"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SCPolicySvc]

"ServiceDll"="%SystemRoot%\System32\certprop.dll"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SDRSVC]

"ServiceDll"="%Systemroot%\System32\SDRSVC.dll"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\secdrv]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\seclogon]

"ServiceDll"="%windir%\system32\seclogon.dll"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SENS]

"ServiceDll"="%SystemRoot%\system32\sens.dll"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Serenum]

"ImagePath"="system32\DRIVERS\serenum.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Serial]

"ImagePath"="system32\DRIVERS\serial.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sermouse]

"ImagePath"="\SystemRoot\system32\drivers\sermouse.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\ServiceLayer]

"ImagePath"="\"c:\program files\PC Connectivity Solution\ServiceLayer.exe\""

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\ServiceModelEndpoint 3.0.0.0]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\ServiceModelOperation 3.0.0.0]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\ServiceModelService 3.0.0.0]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SessionEnv]

"ServiceDLL"="%SystemRoot%\system32\sessenv.dll"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sffdisk]

"ImagePath"="\SystemRoot\system32\drivers\sffdisk.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sffp_mmc]

"ImagePath"="\SystemRoot\system32\drivers\sffp_mmc.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sffp_sd]

"ImagePath"="\SystemRoot\system32\drivers\sffp_sd.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sfloppy]

"ImagePath"="\SystemRoot\system32\drivers\sfloppy.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess]

"ServiceDll"="%SystemRoot%\System32\ipnathlp.dll"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\ShellHWDetection]

"ServiceDll"="%SystemRoot%\System32\shsvcs.dll"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sisagp]

"ImagePath"="\SystemRoot\system32\drivers\sisagp.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SiSRaid2]

"ImagePath"="\SystemRoot\system32\drivers\sisraid2.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SiSRaid4]

"ImagePath"="\SystemRoot\system32\drivers\sisraid4.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\slsvc]

"ImagePath"="%SystemRoot%\system32\SLsvc.exe"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SLUINotify]

"ServiceDll"="%SystemRoot%\system32\SLUINotify.dll"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Smb]

"ImagePath"="system32\DRIVERS\smb.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SMSvcHost 3.0.0.0]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SNMPTRAP]

"ImagePath"="%SystemRoot%\System32\snmptrap.exe"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\spldr]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Spooler]

"ImagePath"="%SystemRoot%\System32\spoolsv.exe"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sptd]

"ImagePath"="System32\Drivers\sptd.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\srv]

"ImagePath"="System32\DRIVERS\srv.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\srv2]

"ImagePath"="System32\DRIVERS\srv2.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\srvnet]

"ImagePath"="System32\DRIVERS\srvnet.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SSDPSRV]

"ServiceDll"="%SystemRoot%\System32\ssdpsrv.dll"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SstpSvc]

"ServiceDll"="%SystemRoot%\system32\sstpsvc.dll"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\StarOpen]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\stisvc]

"ServiceDll"="%SystemRoot%\System32\wiaservc.dll"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\swenum]

"ImagePath"="system32\DRIVERS\swenum.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\swprv]

"ServiceDll"="%Systemroot%\System32\swprv.dll"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Symc8xx]

"ImagePath"="\SystemRoot\system32\drivers\symc8xx.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Sym_hi]

"ImagePath"="\SystemRoot\system32\drivers\sym_hi.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Sym_u3]

"ImagePath"="\SystemRoot\system32\drivers\sym_u3.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SysMain]

"ServiceDll"="%systemroot%\system32\sysmain.dll"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\TabletInputService]

"ServiceDll"="%SystemRoot%\System32\TabSvc.dll"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\tap0901]

"ImagePath"="system32\DRIVERS\tap0901.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\taphss]

"ImagePath"="system32\DRIVERS\taphss.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\TapiSrv]

"ServiceDll"="%SystemRoot%\System32\tapisrv.dll"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\TBS]

"ServiceDll"="%SystemRoot%\System32\tbssvc.dll"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip]

"ImagePath"="System32\drivers\tcpip.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip6]

"ImagePath"="system32\DRIVERS\tcpip.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\tcpipreg]

"ImagePath"="System32\drivers\tcpipreg.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\TDPIPE]

"ImagePath"="system32\drivers\tdpipe.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\TDTCP]

"ImagePath"="system32\drivers\tdtcp.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\tdx]

"ImagePath"="system32\DRIVERS\tdx.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\TermDD]

"ImagePath"="system32\DRIVERS\termdd.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\TermService]

"ServiceDll"="%SystemRoot%\System32\termsrv.dll"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Themes]

"ServiceDll"="%SystemRoot%\system32\shsvcs.dll"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\THREADORDER]

"ServiceDll"="%SystemRoot%\system32\mmcss.dll"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\TrkWks]

"ServiceDll"="%SystemRoot%\System32\trkwks.dll"

--

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\TrustedInstaller]

"ImagePath"="%SystemRoot%\servicing\TrustedInstaller.exe"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\TSDDD]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\tssecsrv]

"ImagePath"="System32\DRIVERS\tssecsrv.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\tunmp]

"ImagePath"="system32\DRIVERS\tunmp.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\tunnel]

"ImagePath"="system32\DRIVERS\tunnel.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\uagp35]

"ImagePath"="\SystemRoot\system32\drivers\uagp35.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\udfs]

"ImagePath"="system32\DRIVERS\udfs.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\UGatherer]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\UGTHRSVC]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\UI0Detect]

"ImagePath"="%SystemRoot%\system32\UI0Detect.exe"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\uliagpkx]

"ImagePath"="\SystemRoot\system32\drivers\uliagpkx.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\uliahci]

"ImagePath"="\SystemRoot\system32\drivers\uliahci.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\UlSata]

"ImagePath"="\SystemRoot\system32\drivers\ulsata.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\ulsata2]

"ImagePath"="\SystemRoot\system32\drivers\ulsata2.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\umbus]

"ImagePath"="system32\DRIVERS\umbus.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\upnphost]

"ServiceDll"="%SystemRoot%\System32\upnphost.dll"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\upperdev]

"ImagePath"="system32\DRIVERS\usbser_lowerflt.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\usb]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\USBAAPL]

"ImagePath"="System32\Drivers\usbaapl.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\usbaudio]

"ImagePath"="system32\drivers\usbaudio.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\usbccgp]

"ImagePath"="system32\DRIVERS\usbccgp.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\usbcir]

"ImagePath"="\SystemRoot\system32\drivers\usbcir.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\usbehci]

"ImagePath"="system32\DRIVERS\usbehci.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\usbhub]

"ImagePath"="system32\DRIVERS\usbhub.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\usbohci]

"ImagePath"="\SystemRoot\system32\drivers\usbohci.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\usbprint]

"ImagePath"="system32\DRIVERS\usbprint.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\usbscan]

"ImagePath"="system32\DRIVERS\usbscan.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\usbser]

"ImagePath"="system32\drivers\usbser.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\UsbserFilt]

"ImagePath"="system32\DRIVERS\usbser_lowerfltj.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\USBSTOR]

"ImagePath"="system32\DRIVERS\USBSTOR.SYS"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\usbuhci]

"ImagePath"="system32\DRIVERS\usbuhci.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\UxSms]

"ServiceDll"="%SystemRoot%\System32\uxsms.dll"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\vds]

"ImagePath"="%SystemRoot%\System32\vds.exe"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\vga]

"ImagePath"="system32\DRIVERS\vgapnp.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\VgaSave]

"ImagePath"="\SystemRoot\System32\drivers\vga.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\viaagp]

"ImagePath"="\SystemRoot\system32\drivers\viaagp.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\ViaC7]

"ImagePath"="\SystemRoot\system32\drivers\viac7.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\viaide]

"ImagePath"="\SystemRoot\system32\drivers\viaide.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\volmgr]

"ImagePath"="system32\drivers\volmgr.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\volmgrx]

"ImagePath"="System32\drivers\volmgrx.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\volsnap]

"ImagePath"="system32\drivers\volsnap.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\vsmraid]

"ImagePath"="\SystemRoot\system32\drivers\vsmraid.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\VSS]

"ImagePath"="%systemroot%\system32\vssvc.exe"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\W32Time]

"ServiceDll"="%systemroot%\system32\w32time.dll"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\W3SVC]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WacomPen]

"ImagePath"="\SystemRoot\system32\drivers\wacompen.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Wanarp]

"ImagePath"="system32\DRIVERS\wanarp.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Wanarpv6]

"ImagePath"="system32\DRIVERS\wanarp.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\wcncsvc]

"ServiceDll"="%SystemRoot%\System32\wcncsvc.dll"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WcsPlugInService]

"ServiceDll"="%SystemRoot%\System32\WcsPlugInService.dll"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Wd]

"ImagePath"="\SystemRoot\system32\drivers\wd.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Wdf01000]

"ImagePath"="system32\drivers\Wdf01000.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WdiServiceHost]

"ServiceDll"="%SystemRoot%\system32\wdi.dll"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WdiSystemHost]

"ServiceDll"="%SystemRoot%\system32\wdi.dll"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WebClient]

"ServiceDll"="%SystemRoot%\System32\webclnt.dll"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Wecsvc]

"ServiceDll"="%SystemRoot%\system32\wecsvc.dll"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\wercplsupport]

"ServiceDll"="%SystemRoot%\System32\wercplsupport.dll"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WerSvc]

"ServiceDll"="%SystemRoot%\System32\WerSvc.dll"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WinDefend]

"ServiceDll"="%ProgramFiles%\Windows Defender\mpsvc.dll"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Windows Workflow Foundation 3.0.0.0]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WinFLdrv]

"ImagePath"="system32\WinFLdrv.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WinHttpAutoProxySvc]

"ServiceDll"="winhttp.dll"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Winmgmt]

"ServiceDll"="%SystemRoot%\system32\wbem\WMIsvc.dll"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WinRM]

"ServiceDll"="%SystemRoot%\system32\WsmSvc.dll"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Winsock]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WinSock2]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WinVd32]

"ImagePath"="\??\c:\windows\system32\WinVd32.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Wlansvc]

"ServiceDll"="%SystemRoot%\System32\wlansvc.dll"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\wlidsvc]

"ImagePath"="\"c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE\""

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WmiAcpi]

"ImagePath"="\SystemRoot\system32\drivers\wmiacpi.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WmiApRpl]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\wmiApSrv]

"ImagePath"="%systemroot%\system32\wbem\WmiApSrv.exe"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WMPNetworkSvc]

"ImagePath"="\"%ProgramFiles%\Windows Media Player\wmpnetwk.exe\""

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WPCSvc]

"ServiceDll"="%SystemRoot%\System32\wpcsvc.dll"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WPDBusEnum]

"ServiceDll"="%SystemRoot%\system32\wpdbusenum.dll"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WpdUsb]

"ImagePath"="system32\DRIVERS\wpdusb.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\ws2ifsl]

"ImagePath"="\SystemRoot\system32\drivers\ws2ifsl.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\wscsvc]

"ServiceDll"="%SYSTEMROOT%\system32\wscsvc.dll"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WSearch]

"ImagePath"="%systemroot%\system32\SearchIndexer.exe /Embedding"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WSearchIdxPi]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\wuauserv]

"ServiceDll"="%systemroot%\system32\wuaueng.dll"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WUDFRd]

"ImagePath"="system32\DRIVERS\WUDFRd.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\wudfsvc]

"ServiceDll"="%SystemRoot%\System32\WUDFSvc.dll"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\xmlprov]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\{DDF1F56C-4F52-4489-9ECD-EFCF414CA4E6}]

.

--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

--------------------- DLLs Geladen Onder Lopende Processen ---------------------

- - - - - - - > 'Explorer.exe'(2840)

c:\program files\humyo SmartDrive\HrfsShellExtension.dll

c:\program files\WinRAR\rarext.dll

c:\program files\Malwarebytes' Anti-Malware\mbamext.dll

.

------------------------ Andere Aktieve Processen ------------------------

.

c:\windows\system32\nvvsvc.exe

c:\windows\system32\nvvsvc.exe

c:\program files\AVG\AVG8\IdentityProtection\agent\Bin\AVGIDSAgent.exe

c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

c:\program files\Bonjour\mDNSResponder.exe

c:\program files\Common Files\Protexis\License Service\PsiService_2.exe

c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

c:\progra~1\AVG\AVG8\avgam.exe

c:\progra~1\AVG\AVG8\avgrsx.exe

c:\progra~1\AVG\AVG8\avgnsx.exe

c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

c:\windows\system32\conime.exe

c:\program files\Intel\Intel Matrix Storage Manager\IAAnotif.exe

c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe

c:\program files\AVG\AVG8\avgtray.exe

c:\program files\AVG\AVG8\IdentityProtection\agent\Bin\AVGIDSUI.exe

c:\program files\Windows Sidebar\sidebar.exe

c:\program files\Windows Media Player\wmpnscfg.exe

c:\program files\AVG\AVG8\IdentityProtection\agent\Bin\AVGIDSMonitor.exe

c:\program files\Windows Sidebar\sidebar.exe

.

**************************************************************************

.

Voltooingstijd: 2010-08-18 20:11:53 - machine werd herstart

ComboFix-quarantined-files.txt 2010-08-18 18:11

Pre-Run: 283.560.235.008 bytes beschikbaar

Post-Run: 283.991.912.448 bytes beschikbaar

- - End Of File - - 4DF015D2C8BE4B35B20441C64B59E8DF

Niemand?

De items heb ik niet kunnen verwijderen, waarom weet ik zelf niet.

Ik krijg geen virusmeldingen meer binnen, maar de programma ' Winhelp' kan ik nog steeds niet verwijderen, en 'Winhelp' is een virus.

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

O9 - Extra button: eBay.be - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - eBay België (file missing)

O9 - Extra 'Tools' menuitem: eBay.be - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - eBay België (file missing)

Ghoho, t was zoeken naar de programfiles! Die link hierboven werkte niet Eindelijk, het is me gelukt, Kape. =)

Hijackthis logfile van vandaag,

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 18:45:37, on 17/08/2010

Platform: Windows Vista SP2 (WinNT 6.00.1906)

MSIE: Internet Explorer v8.00 (8.00.6001.18943)

Boot mode: Normal

Running processes:

C:\Windows\system32\taskeng.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe

C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe

C:\Program Files\AVG\AVG8\avgtray.exe

C:\Program Files\AVG\AVG8\IdentityProtection\agent\Bin\AVGIDSUI.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Program Files\Windows Media Player\wmpnscfg.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Program Files\AVG\AVG8\IdentityProtection\agent\Bin\AVGIDSMonitor.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\Mozilla Firefox\plugin-container.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Program Files\Trend Micro\HijackThis\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Welcome to ALDI

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Bing

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Welcome to ALDI

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Welcome to ALDI

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Hotmail, Messenger, nieuws en entertainment vind je op MSN.nl

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O4 - HKLM\..\Run: [iAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"

O4 - HKLM\..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe

O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe

O4 - HKLM\..\Run: [AVGIDS] "C:\Program Files\AVG\AVG8\IdentityProtection\agent\bin\AVGIDSUI.exe"

O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript

O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe

O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')

O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office12\EXCEL.EXE/3000

O9 - Extra button: eBay.be - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - eBay België (file missing)

O9 - Extra 'Tools' menuitem: eBay.be - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - eBay België (file missing)

O9 - Extra button: In weblog opnemen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: &In weblog opnemen met Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\Office12\REFIEBAR.DLL

O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll

O20 - AppInit_DLLs: avgrsstx.dll

O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll

O23 - Service: Mobiel Apple apparaat (Apple Mobile Device) - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe

O23 - Service: AVG8 Firewall (avgfws8) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgfws8.exe

O23 - Service: AVGIDSAgent - AVG - C:\Program Files\AVG\AVG8\IdentityProtection\agent\Bin\AVGIDSAgent.exe

O23 - Service: AVGIDSWatcher - AVG - C:\Program Files\AVG\AVG8\IdentityProtection\agent\Bin\AVGIDSWatcher.exe

O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: humyo.com - humyo.com Ltd. - C:\Program Files\humyo SmartDrive\hrfscore.exe

O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe

O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe

O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe

O23 - Service: ServiceLayer - Nokia - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

--

End of file - 5994 bytes

Ah oke.

Tja, en nu? Ik kan geen actueel log maken. Telkens zelfde datum!

Heb een klein probleempje. Hijackthis kan geen actueel log maken. Ik heb het gescand, logje komt tevoorschijn en staat zelfde uur en zelfde datum op.

PS. Als ik op ' Do a system scan and save a logfile ' - knopje druk, dan krijg ik een foutmelding. Zie de bijlage alstublieft.

Dag Kape,

Ik heb alles gedaan wat je vroeg. Behalve dit O20 - AppInit_DLLs: c:\progra~1\wi9130~1\datamngr\datamngr.dll avgrsstx.dll. Ik weet niet hoe het komt, hij stond gewoon niet in de lijst! Heel raar! ;p

Hier is het MBAM logje;

Malwarebytes' Anti-Malware 1.46

Malwarebytes

Databaseversie: 4439

Windows 6.0.6002 Service Pack 2

Internet Explorer 8.0.6001.18943

17/08/2010 12:55:49

mbam-log-2010-08-17 (12-55-49).txt

Scantype: Snelle scan

Objecten gescand: 144088

Verstreken tijd: 6 minuut/minuten, 51 seconde(n)

Geheugenprocessen geïnfecteerd: 0

Geheugenmodulen geïnfecteerd: 0

Registersleutels geïnfecteerd: 0

Registerwaarden geïnfecteerd: 0

Registerdata geïnfecteerd: 0

Mappen geïnfecteerd: 0

Bestanden geïnfecteerd: 4

Geheugenprocessen geïnfecteerd:

(Geen kwaadaardige objecten gedetecteerd)

Geheugenmodulen geïnfecteerd:

(Geen kwaadaardige objecten gedetecteerd)

Registersleutels geïnfecteerd:

(Geen kwaadaardige objecten gedetecteerd)

Registerwaarden geïnfecteerd:

(Geen kwaadaardige objecten gedetecteerd)

Registerdata geïnfecteerd:

(Geen kwaadaardige objecten gedetecteerd)

Mappen geïnfecteerd:

(Geen kwaadaardige objecten gedetecteerd)

Bestanden geïnfecteerd:

C:\Users\Cem Kilic\Local Settings\Application Data\Windows Server\admin.txt (Malware.Trace) -> Quarantined and deleted successfully.

C:\Windows\Tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\Windows\Tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\Windows\Tasks\{8C3FDD81-7AE0-4605-A46A-2488B179F2A3}.job (Trojan.Downloader) -> Quarantined and deleted successfully.

Hier is het Hijackthis logje;

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 14:58:04, on 25/07/2010

Platform: Windows Vista SP2 (WinNT 6.00.1906)

MSIE: Internet Explorer v8.00 (8.00.6001.18928)

Boot mode: Normal

Running processes:

C:\Windows\system32\taskeng.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe

C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe

C:\Program Files\AVG\AVG8\avgtray.exe

C:\Program Files\AVG\AVG8\IdentityProtection\agent\Bin\AVGIDSUI.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Windows\ehome\ehtray.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Program Files\Windows Live\Messenger\msnmsgr.exe

C:\Windows\ehome\ehmsas.exe

C:\Program Files\Windows Media Player\wmpnscfg.exe

C:\Program Files\AVG\AVG8\IdentityProtection\agent\Bin\AVGIDSMonitor.exe

C:\Program Files\Windows Live\Contacts\wlcomm.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\iTunes\iTunes.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceHelper.exe

C:\Program Files\Common Files\Apple\Apple Application Support\distnoted.exe

C:\Program Files\Mozilla Firefox\plugin-container.exe

C:\Windows\system32\SearchFilterHost.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Welcome to ALDI

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Welcome to ALDI

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Hotmail, Messenger, nieuws en entertainment vind je op MSN.nl

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O4 - HKLM\..\Run: [iAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"

O4 - HKLM\..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe

O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe

O4 - HKLM\..\Run: [AVGIDS] "C:\Program Files\AVG\AVG8\IdentityProtection\agent\bin\AVGIDSUI.exe"

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript

O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe

O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background

O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')

O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office12\EXCEL.EXE/3000

O9 - Extra button: eBay.be - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - eBay België (file missing)

O9 - Extra 'Tools' menuitem: eBay.be - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - eBay België (file missing)

O9 - Extra button: In weblog opnemen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: &In weblog opnemen met Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\Office12\REFIEBAR.DLL

O9 - Extra button: eBay.be - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - eBay België (file missing) (HKCU)

O9 - Extra 'Tools' menuitem: eBay.be - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - eBay België (file missing) (HKCU)

O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll

O13 - Gopher Prefix:

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab

O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab

O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll

O20 - AppInit_DLLs: c:\progra~1\wi9130~1\datamngr\datamngr.dll avgrsstx.dll

O23 - Service: Mobiel Apple apparaat (Apple Mobile Device) - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe

O23 - Service: AVG8 Firewall (avgfws8) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgfws8.exe

O23 - Service: AVGIDSAgent - AVG - C:\Program Files\AVG\AVG8\IdentityProtection\agent\Bin\AVGIDSAgent.exe

O23 - Service: AVGIDSWatcher - AVG - C:\Program Files\AVG\AVG8\IdentityProtection\agent\Bin\AVGIDSWatcher.exe

O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe

O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe

O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe

O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - C:\Program Files\WinPcap\rpcapd.exe (file missing)

O23 - Service: ServiceLayer - Nokia - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

O23 - Service: TVersityMediaServer - Unknown owner - C:\Users\Cem & Olcay\AppData\Local\TVersity\Media Server\MediaServer.exe

--

End of file - 8205 bytes

Dag Kape,

Bedankt voor je reactie!

Hier is het logje!

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 14:58:04, on 25/07/2010

Platform: Windows Vista SP2 (WinNT 6.00.1906)

MSIE: Internet Explorer v8.00 (8.00.6001.18928)

Boot mode: Normal

Running processes:

C:\Windows\system32\taskeng.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe

C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe

C:\Program Files\AVG\AVG8\avgtray.exe

C:\Program Files\AVG\AVG8\IdentityProtection\agent\Bin\AVGIDSUI.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Windows\ehome\ehtray.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Program Files\Windows Live\Messenger\msnmsgr.exe

C:\Windows\ehome\ehmsas.exe

C:\Program Files\Windows Media Player\wmpnscfg.exe

C:\Program Files\AVG\AVG8\IdentityProtection\agent\Bin\AVGIDSMonitor.exe

C:\Program Files\Windows Live\Contacts\wlcomm.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\iTunes\iTunes.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceHelper.exe

C:\Program Files\Common Files\Apple\Apple Application Support\distnoted.exe

C:\Program Files\Mozilla Firefox\plugin-container.exe

C:\Windows\system32\SearchFilterHost.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Welcome to ALDI

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Welcome to ALDI

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Hotmail, Messenger, nieuws en entertainment vind je op MSN.nl

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O4 - HKLM\..\Run: [iAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"

O4 - HKLM\..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe

O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe

O4 - HKLM\..\Run: [AVGIDS] "C:\Program Files\AVG\AVG8\IdentityProtection\agent\bin\AVGIDSUI.exe"

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript

O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe

O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background

O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')

O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office12\EXCEL.EXE/3000

O9 - Extra button: eBay.be - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - eBay België (file missing)

O9 - Extra 'Tools' menuitem: eBay.be - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - eBay België (file missing)

O9 - Extra button: In weblog opnemen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: &In weblog opnemen met Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\Office12\REFIEBAR.DLL

O9 - Extra button: eBay.be - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - eBay België (file missing) (HKCU)

O9 - Extra 'Tools' menuitem: eBay.be - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - eBay België (file missing) (HKCU)

O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll

O13 - Gopher Prefix:

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab

O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab

O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll

O20 - AppInit_DLLs: c:\progra~1\wi9130~1\datamngr\datamngr.dll avgrsstx.dll

O23 - Service: Mobiel Apple apparaat (Apple Mobile Device) - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe

O23 - Service: AVG8 Firewall (avgfws8) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgfws8.exe

O23 - Service: AVGIDSAgent - AVG - C:\Program Files\AVG\AVG8\IdentityProtection\agent\Bin\AVGIDSAgent.exe

O23 - Service: AVGIDSWatcher - AVG - C:\Program Files\AVG\AVG8\IdentityProtection\agent\Bin\AVGIDSWatcher.exe

O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe

O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe

O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe

O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - C:\Program Files\WinPcap\rpcapd.exe (file missing)

O23 - Service: ServiceLayer - Nokia - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

O23 - Service: TVersityMediaServer - Unknown owner - C:\Users\Cem & Olcay\AppData\Local\TVersity\Media Server\MediaServer.exe

--

End of file - 8205 bytes

Dag allemaal

Ik ga binnenkort een hoofdtelefoon kopen. Is een Sennheiser beter dan een Dr Dre Headphone? Want ik heb reviews gelezen, en ze zijn beiden heel goed. Kan ik ook zo'n hoofdtelefoon aan m'n iPod Nano aansluiten? En die Dre hoofdtelefoons zijn gemaakt voor Rap muziek, maar is het ook geschikt voor Pop/Dance? Welke zou jij mij aanraden? xD

Alvast bedankt.

Hallo

Sinds vandaag krijg ik heel veel Resident Shield waarschuwingen. Ik heb blijkbaar een Trojaans paard op mijn computer. De programma heet ' Winhelp'. Bij start zoek ik de programma op, en probeer het te verwijderen, maar dat lukt niet. Wie kan me helpen?

Alvast bedankt.