Bundespolitzei

[kape]

Start Hijackthis op. Selecteer “Scan”. Selecteer alleen de items die hieronder zijn genoemd:

F3 - REG:win.ini: load=C:\Users\steve\LOCALS~1\Temp\msevah.exe

Klik op 'Fix checked' om de items te verwijderen.

Let op : Windows Vista & 7 gebruikers dienen HijackThis als “administrator” uit te voeren via rechtermuisknop “als administrator uitvoeren". Indien dit via de snelkoppeling niet lukt voer je HijackThis als administrator uit in de volgende map : C:\Program Files\Trend Micro\HiJackThis of C:\Program Files (x86)\Trend Micro\HiJackThis.

Download CCleaner

Klik op “Download Latest Version” en dan start de download van CCleaner automatisch en gratis op.

Installeer het en start CCleaner op. Klik in de linkse kolom op “Cleaner”. Klik achtereenvolgens op ‘Analyseren’ en 'Schoonmaken'. Soms is 1 analyse niet voldoende. Deze procedure mag je herhalen tot de analyse geen fouten meer aangeeft. Klik vervolgens in de linkse kolom op “Register” en klik op ‘Scan naar problemen”. Als er fouten gevonden worden klik je op ”Herstel geselecteerde problemen” en ”OK”. Dan krijg je de vraag om een back-up te maken. Klik op “JA”. Kies dan “Herstel alle geselecteerde fouten”. Sluit hierna CCleaner terug af.

Wil je dit uitgebreid in beeld bekijken, klik dan hier voor de handleiding.

En hang daarna een nieuw logje van HijackThis in je volgende bericht.

[tulp85]

ik geloof dat het er uit is maar nu krijg ik alleen deze melding could not load or run c:\users\steve\locals-1\Temp\msevah.exe specified in the registry

[kape]

Typ regedit in de zoekbalk onderaan. Zo ga je naar het register. Scan daar via "zoeken" eens naar msevah en laat even weten of die daar gevonden wordt ?

[tulp85]

ja hij staat er in

de volgende fout maakt mijn brouwser ook als ik een een web page wil afsluiten relaod hij hem telkens een keer of 4 en dan sluit hij hem af.

7 maart 2012 aangepast door tulp85
niet volledig

[kape]

Verwijder dan alle lijnen waarin hij voorkomt in het register.

[tulp85]

is niet mogelijk om te verwijderen (unable to delete all specified values)

[kape]

Probeer hetzelfde eens in "veilige modus".

[tulp85]

gaat ook niet in veilige mode

[kape]

Download ComboFix van één van deze locaties:

Link 1

Link 2

* BELANGRIJK !!! Sla ComboFix.exe op je Bureaublad op

1. Schakel alle antivirus- en antispywareprogramma's uit, want anders kunnen ze misschien conflicteren met ComboFix. Hier is een handleiding over hoe je ze kan uitschakelen:

Klik hier

2. Het kan voorkomen dat de computer meerdere malen opnieuw gestart moet worden, dit is normaal.

3. Dubbelklik op "Combofix.exe" om de tool te starten.

4. Klik niet in het scherm van Combofix als deze actief is, hierdoor kan de 'tool' vastlopen.

Noot !!! Als er een error wordt getoond met de melding "Illegal operation attempted on a registery key that has been marked for deletion", herstart dan de computer.

5. Wanneer ComboFix klaar is, zal het het een logbestand voor je maken. Post de inhoud van dit logbestand (te vinden als C:\ComboFix.txt) in je volgende bericht.

[tulp85]

ik moet het in 3 delen sturen

ComboFix 12-03-07.05 - steve 08/03/2012 0:00.1.2 - x86

Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.65.1033.18.3069.1703 [GMT 8:00]

Running from: c:\users\steve\Desktop\ComboFix.exe

AV: AVG Internet Security 2011 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}

FW: AVG Firewall *Enabled* {621CC794-9486-F902-D092-0484E8EA828B}

SP: AVG Internet Security 2011 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}

SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

C:\DFR5113.tmp

c:\program files\Dealio Toolbar

c:\program files\Dealio Toolbar\IE\5.0\config.ini

c:\program files\Dealio Toolbar\Res\amazon.gif

c:\program files\Dealio Toolbar\Res\apple.gif

c:\program files\Dealio Toolbar\Res\barnes.gif

c:\program files\Dealio Toolbar\Res\bestbuy.gif

c:\program files\Dealio Toolbar\Res\dealio_logo.gif

c:\program files\Dealio Toolbar\Res\dealio_logo_hover.gif

c:\program files\Dealio Toolbar\Res\ebay.gif

c:\program files\Dealio Toolbar\Res\facebook.gif

c:\program files\Dealio Toolbar\Res\googleplus.gif

c:\program files\Dealio Toolbar\Res\icon_settings.gif

c:\program files\Dealio Toolbar\Res\Lang\res1031.ini

c:\program files\Dealio Toolbar\Res\Lang\res1033.ini

c:\program files\Dealio Toolbar\Res\Lang\res1034.ini

c:\program files\Dealio Toolbar\Res\Lang\res1036.ini

c:\program files\Dealio Toolbar\Res\Lang\res1040.ini

c:\program files\Dealio Toolbar\Res\macys.gif

c:\program files\Dealio Toolbar\Res\newegg.gif

c:\program files\Dealio Toolbar\Res\overstock.gif

c:\program files\Dealio Toolbar\Res\radio-close.gif

c:\program files\Dealio Toolbar\Res\radio-minimize.gif

c:\program files\Dealio Toolbar\Res\radiobeta.gif

c:\program files\Dealio Toolbar\Res\search-button-hover.gif

c:\program files\Dealio Toolbar\Res\search-button.gif

c:\program files\Dealio Toolbar\Res\search-chevron-hover.gif

c:\program files\Dealio Toolbar\Res\search-chevron.gif

c:\program files\Dealio Toolbar\Res\search_amazon.gif

c:\program files\Dealio Toolbar\Res\search_baidu.gif

c:\program files\Dealio Toolbar\Res\search_dealio.gif

c:\program files\Dealio Toolbar\Res\search_ebay.gif

c:\program files\Dealio Toolbar\Res\search_yahoo.gif

c:\program files\Dealio Toolbar\Res\search_yandex.gif

c:\program files\Dealio Toolbar\Res\target.gif

c:\program files\Dealio Toolbar\Res\twitter.gif

c:\program files\Dealio Toolbar\Res\walmart.gif

c:\program files\Dealio Toolbar\Res\widgets.xml

c:\program files\Dealio Toolbar\WidgiHelper.exe

c:\program files\facemoods.com

c:\program files\facemoods.com\facemoods\1.4.17.6\facemoods.crx

c:\program files\facemoods.com\facemoods\1.4.17.6\facemoods.png

c:\program files\facemoods.com\facemoods\1.4.17.6\facemoodsApp.dll

c:\program files\facemoods.com\facemoods\1.4.17.6\facemoodsEng.dll

c:\program files\facemoods.com\facemoods\1.4.17.6\facemoodssrv.exe

c:\program files\facemoods.com\facemoods\1.4.17.6\facemoodsTlbr.dll

c:\program files\facemoods.com\facemoods\1.4.17.6\uninstall.exe

c:\programdata\ntuser.dat

c:\programdata\Tarma Installer

c:\programdata\Tarma Installer\{2E1037EA-038A-425F-86B9-6CD19B8497E9}\_Setup.dll

c:\programdata\Tarma Installer\{2E1037EA-038A-425F-86B9-6CD19B8497E9}\_Setupx.dll

c:\programdata\Tarma Installer\{2E1037EA-038A-425F-86B9-6CD19B8497E9}\Setup.dat

c:\programdata\Tarma Installer\{2E1037EA-038A-425F-86B9-6CD19B8497E9}\Setup.exe

c:\programdata\Tarma Installer\{2E1037EA-038A-425F-86B9-6CD19B8497E9}\Setup.ico

c:\programdata\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\_Setup.dll

c:\programdata\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\_Setupx.dll

c:\programdata\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\Setup.dat

c:\programdata\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\Setup.exe

c:\programdata\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\Setup.ico

c:\programdata\Tarma Installer\{DA00D550-BB91-4A26-AAE5-9172D626CAAE}\_Setup.dll

c:\programdata\Tarma Installer\{DA00D550-BB91-4A26-AAE5-9172D626CAAE}\_Setupx.dll

c:\programdata\Tarma Installer\{DA00D550-BB91-4A26-AAE5-9172D626CAAE}\Setup.dat

c:\programdata\Tarma Installer\{DA00D550-BB91-4A26-AAE5-9172D626CAAE}\Setup.exe

c:\programdata\Tarma Installer\{DA00D550-BB91-4A26-AAE5-9172D626CAAE}\Setup.ico

c:\users\steve\Taskmgr.exe

c:\windows\system32\KBL.LOG

.

.

((((((((((((((((((((((((( Files Created from 2012-02-07 to 2012-03-07 )))))))))))))))))))))))))))))))

.

.

2012-03-07 16:15 . 2012-03-07 16:15 -------- d-----w- c:\users\Default\AppData\Local\temp

2012-03-06 19:58 . 2012-03-06 19:58 -------- d-----w- c:\program files\CCleaner

2012-03-03 04:28 . 2012-03-03 04:28 -------- d-----w- c:\program files\Application Updater

2012-03-03 04:28 . 2012-03-03 04:28 -------- d-----w- c:\program files\Common Files\Spigot

2012-03-03 03:51 . 2012-03-03 04:17 -------- d-----w- c:\program files\GridinSoft Trojan Killer

2012-03-03 03:21 . 2012-03-03 03:31 -------- d-----w- C:\hitat

2012-03-03 03:05 . 2012-03-03 03:05 -------- d-----w- c:\users\steve\AppData\Roaming\Malwarebytes

2012-03-03 03:05 . 2012-03-07 10:13 -------- d-----w- c:\programdata\Malwarebytes

2012-03-03 03:05 . 2012-03-03 15:03 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2012-03-03 03:05 . 2011-12-10 07:24 20464 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-03-03 01:46 . 2012-03-03 01:46 -------- d-----w- c:\users\steve\AppData\Roaming\kodak

2012-02-21 17:52 . 2012-02-21 17:52 -------- d-----w- c:\programdata\Trymedia

2012-02-21 17:48 . 2012-02-21 17:48 -------- d-----w- c:\users\steve\AppData\Roaming\Jenkat

2012-02-21 17:43 . 2012-02-21 17:43 -------- d-----w- c:\program files\PriceGong

2012-02-10 04:29 . 2012-02-10 09:37 -------- d-----w- c:\program files\Real

2012-02-07 18:19 . 2012-03-07 16:16 -------- d-----w- c:\programdata\GameXN

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-02-10 04:29 . 2003-03-19 01:14 499712 ----a-w- c:\windows\system32\msvcp71.dll

2012-01-25 18:00 . 2012-02-04 00:45 79360 ----a-w- c:\windows\system32\ff_vfw.dll

2012-01-04 14:28 . 2012-01-04 14:28 16128 ----a-w- c:\windows\system32\drivers\gtkdrv.sys

2012-01-04 00:48 . 2012-01-04 00:48 354176 ----a-w- c:\windows\system32\DivXControlPanelApplet.cpl

2011-12-21 18:14 . 2012-02-04 00:45 151552 ----a-w- c:\windows\system32\ac3acm.acm

2011-12-12 00:17 . 2011-12-12 00:17 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]

2012-01-26 15:59 1811296 ----a-w- c:\program files\AVG Secure Search\10.0.0.7\AVG Secure Search_toolbar.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

"{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files\AVG Secure Search\10.0.0.7\AVG Secure Search_toolbar.dll" [2012-01-26 1811296]

.

[HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]

[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1]

[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_CURRENT_USER\software\microsoft\windows nt\currentversion\windows]

"Load"=c:\users\steve\LOCALS~1\Temp\msevah.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]

"AppInit_DLLs"=c:\progra~1\Bandoo\BndHook.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"aux"=wdmaud.drv

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]

BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG10\avgchsvx.exe /sync\0c:\progra~1\AVG\AVG10\avgrsx.exe /sync /restart

SetupExecute REG_MULTI_SZ \0

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Notification Packages REG_MULTI_SZ scecli DPPWDFLT

.

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]

"WindowsWelcomeCenter"=rundll32.exe oobefldr.dll,ShowWelcomeCenter

"LightScribe Control Panel"=c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden

"ehTray.exe"=c:\windows\ehome\ehTray.exe

"Skype"="c:\program files\Skype\Phone\Skype.exe" /nosplash /minimized

"WMPNSCFG"=c:\program files\Windows Media Player\WMPNSCFG.exe

"Sidebar"=c:\program files\Windows Sidebar\sidebar.exe /autoRun

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]

"HP Software Update"=c:\program files\Hp\HP Software Update\HPWuSchd2.exe

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe"

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

"BabylonToolbar"="c:\program files\BabylonToolbar\BabylonToolbar\1.4.19.19\BabylonToolbarsrv.exe" /md I

"ContentTransferWMDetector.exe"=c:\program files\Sony\Content Transfer\ContentTransferWMDetector.exe

"DpAgent"=c:\program files\DigitalPersona\Bin\dpagent.exe

"hpqSRMon"=c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe

"QPService"="c:\program files\HP\QuickPlay\QPService.exe"

"hpWirelessAssistant"=c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe

"NvMediaCenter"=RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit

"UCam_Menu"="c:\program files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "c:\program files\CyberLink\YouCam" update "Software\CyberLink\YouCam\1.0"

"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]

"DisableMonitoring"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

"DisableMonitoring"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

"DisableMonitoring"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

bthsvcs REG_MULTI_SZ BthServ

HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12

LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache

.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs

UxTuneUp

.

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]

2007-08-23 09:34 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe

.

Contents of the 'Scheduled Tasks' folder

.

2012-03-07 c:\windows\Tasks\FinalTorrent Update Checker.job

- c:\program files\FinalTorrent\FTCheckForUpdates.exe [2011-09-16 07:24]

.

2012-02-25 c:\windows\Tasks\HPCeeScheduleForsteve.job

- c:\program files\Hewlett-Packard\SDP\Ceement\HPCEE.exe [2008-03-07 19:58]

.

2012-03-06 c:\windows\Tasks\User_Feed_Synchronization-{E5780BE7-AE92-40D4-B551-0E0FC5CD97B6}.job

- c:\windows\system32\msfeedssync.exe [2012-02-16 04:44]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.google.com/

uDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_sg&c=81&bd=Pavilion&pf=laptop

mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_sg&c=81&bd=Pavilion&pf=laptop

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000

IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm

IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\Common Files\AVG Secure Search\ViProtocolInstaller\10.0.6\ViProtocol.dll

DPF: {8C922C73-FFFA-45A3-B2C2-BC1E30074267} - hxxp://www.sony.be/bravia/RegistrationAgent.cab

.

- - - - ORPHANS REMOVED - - - -

.

Toolbar-10 - (no file)

WebBrowser-{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - (no file)

AddRemove-FoxTab FLV Player - c:\program files\FoxTabFLVPlayer\Uninstall\Uninstall.exe

.

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2012-03-08 00:17

Windows 6.0.6002 Service Pack 2 NTFS

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

scanning hidden files ...

.

scan completed successfully

hidden files: 0

.

**************************************************************************

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\.NET CLR Data]

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\.NET CLR Networking]

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\.NET CLR Networking 4.0.0.0]

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\.NET Data Provider for Oracle]

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\.NET Data Provider for SqlServer]

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\.NETFramework]

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\ACPI]

"ImagePath"="system32\drivers\acpi.sys"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\adp94xx]

"ImagePath"="\SystemRoot\system32\drivers\adp94xx.sys"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\adpahci]

"ImagePath"="\SystemRoot\system32\drivers\adpahci.sys"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\adpu160m]

"ImagePath"="\SystemRoot\system32\drivers\adpu160m.sys"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\adpu320]

"ImagePath"="\SystemRoot\system32\drivers\adpu320.sys"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\adsi]

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\AeLookupSvc]

"ServiceDll"="%SystemRoot%\System32\aelupsvc.dll"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\AFD]

"ImagePath"="\SystemRoot\system32\drivers\afd.sys"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\agp440]

"ImagePath"="\SystemRoot\system32\drivers\agp440.sys"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\aic78xx]

"ImagePath"="\SystemRoot\system32\drivers\djsvs.sys"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\ALG]

"ImagePath"="%SystemRoot%\System32\alg.exe"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\aliide]

"ImagePath"="\SystemRoot\system32\drivers\aliide.sys"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\amdagp]

"ImagePath"="\SystemRoot\system32\drivers\amdagp.sys"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\amdide]

"ImagePath"="\SystemRoot\system32\drivers\amdide.sys"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\AmdK7]

"ImagePath"="\SystemRoot\system32\drivers\amdk7.sys"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\AmdK8]

"ImagePath"="system32\DRIVERS\amdk8.sys"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\ApfiltrService]

"ImagePath"="system32\DRIVERS\Apfiltr.sys"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Appinfo]

"ServiceDll"="%SystemRoot%\System32\appinfo.dll"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Application Updater]

"ImagePath"="\"c:\program files\Application Updater\ApplicationUpdater.exe\""

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\AppMgmt]

"ServiceDll"="%SystemRoot%\System32\appmgmts.dll"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\arc]

"ImagePath"="\SystemRoot\system32\drivers\arc.sys"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\arcsas]

"ImagePath"="\SystemRoot\system32\drivers\arcsas.sys"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\AsyncMac]

"ImagePath"="system32\DRIVERS\asyncmac.sys"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\atapi]

"ImagePath"="system32\drivers\atapi.sys"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\ATSWPDRV]

"ImagePath"="system32\DRIVERS\ATSwpDrv.sys"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\AudioEndpointBuilder]

"ServiceDll"="%SystemRoot%\System32\Audiosrv.dll"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Audiosrv]

"ServiceDll"="%SystemRoot%\System32\Audiosrv.dll"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Avg]

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\AVG Security Toolbar Service]

"ImagePath"="c:\program files\AVG\AVG10\Toolbar\ToolbarBroker.exe"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Avgfwfd]

"ImagePath"="system32\DRIVERS\avgfwd6x.sys"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\avgfws]

"ImagePath"="\"c:\program files\AVG\AVG10\avgfws.exe\""

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\AVGIDSAgent]

"ImagePath"="\"c:\program files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe\""

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\AVGIDSDriver]

"ImagePath"="system32\DRIVERS\AVGIDSDriver.Sys"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\AVGIDSEH]

"ImagePath"="system32\DRIVERS\AVGIDSEH.Sys"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\AVGIDSFilter]

"ImagePath"="system32\DRIVERS\AVGIDSFilter.Sys"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\AVGIDSShim]

"ImagePath"="system32\DRIVERS\AVGIDSShim.Sys"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Avgldx86]

"ImagePath"="system32\DRIVERS\avgldx86.sys"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Avgmfx86]

"ImagePath"="system32\DRIVERS\avgmfx86.sys"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Avgrkx86]

"ImagePath"="system32\DRIVERS\avgrkx86.sys"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Avgtdix]

"ImagePath"="system32\DRIVERS\avgtdix.sys"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\avgwd]

"ImagePath"="\"c:\program files\AVG\AVG10\avgwdsvc.exe\""

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Bandoo Coordinator]

"ImagePath"="\"c:\program files\Bandoo\Bandoo.exe\""

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\BattC]

"MofImagePath"="system32\drivers\battc.sys"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\BBSvc]

"ImagePath"="\"c:\program files\Microsoft\BingBar\BBSvc.EXE\""

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\BCM43XV]

"ImagePath"="system32\DRIVERS\bcmwl6.sys"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\BcmSqlStartupSvc]

"ImagePath"="\"c:\program files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe\""

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Beep]

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\BFE]

"ServiceDll"="%SystemRoot%\System32\bfe.dll"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\BITS]

"ServiceDll"="%systemroot%\system32\qmgr.dll"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\blbdrive]

"ImagePath"="\SystemRoot\system32\drivers\blbdrive.sys"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\bowser]

"ImagePath"="system32\DRIVERS\bowser.sys"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\BrFiltLo]

"ImagePath"="\SystemRoot\system32\drivers\brfiltlo.sys"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\BrFiltUp]

"ImagePath"="\SystemRoot\system32\drivers\brfiltup.sys"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Browser]

"ServiceDll"="%SystemRoot%\System32\browser.dll"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Brserid]

"ImagePath"="\SystemRoot\system32\drivers\brserid.sys"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\BrSerWdm]

"ImagePath"="\SystemRoot\system32\drivers\brserwdm.sys"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\BrUsbMdm]

"ImagePath"="\SystemRoot\system32\drivers\brusbmdm.sys"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\BrUsbSer]

"ImagePath"="\SystemRoot\system32\drivers\brusbser.sys"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\BthEnum]

"ImagePath"="system32\DRIVERS\BthEnum.sys"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\BTHMODEM]

"ImagePath"="system32\DRIVERS\bthmodem.sys"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\BthPan]

"ImagePath"="system32\DRIVERS\bthpan.sys"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\BTHPORT]

"ImagePath"="System32\Drivers\BTHport.sys"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\BthServ]

"ServiceDll"="%SystemRoot%\System32\bthserv.dll"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\BTHUSB]

"ImagePath"="System32\Drivers\BTHUSB.sys"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\BTKRNL]

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\btwaudio]

"ImagePath"="system32\drivers\btwaudio.sys"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\btwavdt]

"ImagePath"="system32\drivers\btwavdt.sys"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\btwrchid]

"ImagePath"="system32\DRIVERS\btwrchid.sys"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\catchme]

"ImagePath"="\??\c:\users\steve\AppData\Local\Temp\catchme.sys"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\cdfs]

"ImagePath"="system32\DRIVERS\cdfs.sys"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\cdrom]

"ImagePath"="system32\DRIVERS\cdrom.sys"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\CertPropSvc]

"ServiceDll"="%SystemRoot%\System32\certprop.dll"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\circlass]

"ImagePath"="\SystemRoot\system32\drivers\circlass.sys"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\CLFS]

"ImagePath"="System32\CLFS.sys"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\clr_optimization_v2.0.50727_32]

"ImagePath"="%systemroot%\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\clr_optimization_v4.0.30319_32]

"ImagePath"="c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\CmBatt]

"ImagePath"="system32\DRIVERS\CmBatt.sys"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\cmdide]

"ImagePath"="\SystemRoot\system32\drivers\cmdide.sys"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\CnxtHdAudService]

"ImagePath"="system32\drivers\CHDRT32.sys"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Com4Qlb]

"ImagePath"="\"c:\program files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe\""

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Compbatt]

"ImagePath"="system32\DRIVERS\compbatt.sys"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\COMSysApp]

"ImagePath"="%SystemRoot%\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235}"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\crcdisk]

"ImagePath"="system32\drivers\crcdisk.sys"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Crusoe]

"ImagePath"="\SystemRoot\system32\drivers\crusoe.sys"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\crypt32]

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\CryptSvc]

"ServiceDll"="%SystemRoot%\system32\cryptsvc.dll"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\DCLocator]

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\DcomLaunch]

"ServiceDll"="%SystemRoot%\system32\rpcss.dll"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\DfsC]

"ImagePath"="System32\Drivers\dfsc.sys"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\DFSR]

"ImagePath"="%SystemRoot%\system32\DFSR.exe"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Dhcp]

"ServiceDll"="%SystemRoot%\system32\dhcpcsvc.dll"

--

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\disk]

"ImagePath"="system32\drivers\disk.sys"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Dnscache]

"ServiceDll"="%SystemRoot%\System32\dnsrslvr.dll"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\dot3svc]

"ServiceDll"="%SystemRoot%\System32\dot3svc.dll"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\dot4]

"ImagePath"="system32\DRIVERS\Dot4.sys"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Dot4Print]

"ImagePath"="system32\DRIVERS\Dot4Prt.sys"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\dot4usb]

"ImagePath"="system32\DRIVERS\dot4usb.sys"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\DpHost]

"ImagePath"="c:\program files\DigitalPersona\Bin\DpHostW.exe"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\DPS]

"ServiceDll"="%SystemRoot%\system32\dps.dll"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\drmkaud]

"ImagePath"="system32\drivers\drmkaud.sys"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\DXGKrnl]

"ImagePath"="\SystemRoot\System32\drivers\dxgkrnl.sys"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\E1G60]

"ImagePath"="system32\DRIVERS\E1G60I32.sys"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\eabfiltr]

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\eabusb]

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EapHost]

"ServiceDll"="%SystemRoot%\System32\eapsvc.dll"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Ecache]

"ImagePath"="System32\drivers\ecache.sys"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\ehRecvr]

"ImagePath"="%systemroot%\ehome\ehRecvr.exe"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\ehSched]

"ImagePath"="%systemroot%\ehome\ehsched.exe"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\ehstart]

"ServiceDll"="%SystemRoot%\ehome\ehstart.dll"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\elxstor]

"ImagePath"="\SystemRoot\system32\drivers\elxstor.sys"

7 maart 2012 aangepast door tulp85