Somoto en Bigseekpro probleem

anoniem · 1 november 2011

Als ik in Chrome iets in de titelbalk type knalt hij me door naar Somoto zoekmachine of een Bigseek zoekmachine. Denk dat het een spyware oid is. Hoe krijg ik dat weg? Heb al een scan gedaan met Adware. Hierbij de Hijack file. Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 0:56:52, on 2-11-2011 Platform: Windows Vista SP1 (WinNT 6.00.1905) MSIE: Internet Explorer v8.00 (8.00.6001.19088) Boot mode: Normal Running processes: C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files\NVIDIA Corporation\Display\nvtray.exe C:\Program Files\AVG\AVG10\avgtray.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe C:\Windows\system32\wbem\unsecapp.exe C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe C:\Program Files\Windows Live\Messenger\msnmsgr.exe C:\Program Files\Windows Live\Contacts\wlcomm.exe C:\Program Files\Xfire\Xfire.exe C:\Users\bigadje\AppData\Local\Google\Chrome\Application\chrome.exe C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe C:\Users\bigadje\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\bigadje\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\bigadje\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\bigadje\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\bigadje\AppData\Local\Google\Chrome\Application\chrome.exe C:\Windows\system32\DllHost.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://nl.msn.com/ R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=nl_nl&c=81&bd=Pavilion&pf=desktop R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R3 - URLSearchHook: (no name) - {1392b8d2-5c05-419f-a8f6-b9f15a596612} - (no file) R3 - URLSearchHook: (no name) - {5e5ab302-7f65-44cd-8211-c1d4caaccea3} - (no file) O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file) O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - (no file) O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG10\avgssie.dll O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O2 - BHO: (no name) - {ce18769b-c7fa-42d2-860d-17c4662c70ad} - (no file) O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - (no file) O3 - Toolbar: (no name) - {1392b8d2-5c05-419f-a8f6-b9f15a596612} - (no file) O4 - HKLM\..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG10\avgtray.exe O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000 O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Free YouTube Download - C:\Users\bigadje\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm O8 - Extra context menu item: Translate this web page with Babylon - res://C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/ActionTU.htm O8 - Extra context menu item: Translate with Babylon - res://C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/Action.htm O9 - Extra button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O9 - Extra 'Tools' menuitem: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\Microsoft Office\Office12\REFIEBAR.DLL O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programs\PartyGaming\PartyPoker\RunApp.exe (file missing) O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programs\PartyGaming\PartyPoker\RunApp.exe (file missing) O9 - Extra button: HP Slim selecteren - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/NL-NL/a-UNO1/GAME_UNO1.cab O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - http://download.divx.com/player/DivXBrowserPlugin.cab O16 - DPF: {888078C6-70B2-4F88-8EE7-1F50DDEA6120} (CeWe Color AG & Co. OHG Control) - https://as.photoprintit.de/ips-opdata/activex/ImageUploader6.cab O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game02.zylom.com/activex/zylomgamesplayer.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab O16 - DPF: {E55FD215-A32E-43FE-A777-A7E8F165F557} (Flatcast Viewer 5.0) - http://data.myflatcast.com/data/objects/NpFv501.dll O16 - DPF: {E6F480FC-BD44-4CBA-B74A-89AF7842937D} (SysInfo Class) - http://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_cyri_4.3.1.0.cab O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{DDCD2313-0166-4931-AD83-0B80E2A01BD5}: NameServer = 8.8.8.8,8.8.4.4 O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG10\avgpp.dll O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll O22 - SharedTaskScheduler: ObjectDockShellExt - {1984D045-52CF-49cd-DB77-08F378FEA4DB} - (no file) O23 - Service: Advanced SystemCare Service (AdvancedSystemCareService) - IObit - C:\Program Files\IObit\Advanced SystemCare 4\ASCService.exe O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG10\avgwdsvc.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: Google Update Service (gupdate1c9871e2dc4eb71) (gupdate1c9871e2dc4eb71) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe O23 - Service: HP Chasis Button Service (HPBtnSrv) - Unknown owner - c:\hp\HPEZBTN\HPBtnSrv.exe O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe O23 - Service: Lavasoft Ad-Aware Service - Lavasoft Limited - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe O23 - Service: Internet Pass-Through Service (PassThru Service) - Unknown owner - C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe O23 - Service: SupportSoft Sprocket Service (KPN) (sprtsvc_KPN) - SupportSoft, Inc. - C:\Program Files\KPN\bin\sprtsvc.exe O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe O23 - Service: TeamViewer 6 (TeamViewer6) - TeamViewer GmbH - C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe O23 - Service: TomTomHOMEService - TomTom - C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe -- End of file - 9948 bytes

anoniem · 2 november 2011

Hallo bigadje, probeer het tool [b:72a4f6cd00]Toolbar Cleaner[/b:72a4f6cd00]. Het probleem is namelijk dat Google's Chrome instellingen nog niet in logs vermeld worden! http://www.gratissoftwaresite.nl/downloads/taxonomy/term/543 He zal je duidelijk zijn, dat je de toolbars eerst aanvinkt die je kwijt wilt en dan op de knop Remove klikt. Laat me weten of dat tool doet wat het beloofd en post ook een nieuw Hijack This-log.

anoniem · 2 november 2011

Hallo, probleem is dat het geen toolbar is, tenminste niet zichtbaar in de balk boven. Hij stuurt je gewoon door naar de desbetreffende pagina. Groet Arnold

anoniem · 2 november 2011

Hallo Arnold, dan maar kijken of we via ComboFix er achter komen: [b:964a4af957]Welk programma[/b:964a4af957]: ComboFix [b:964a4af957]Waarvoor/waarom[/b:964a4af957]: Zeer specialistische scanner om Windows diepgaand te onderzoeken en zo mogelijk op te schonen. [b:964a4af957]Moeilijkheidsgraad[/b:964a4af957]: Min of meer lastige voorbereidingsfase, dus lees alles eerst goed. [b:964a4af957]Downloadlokatie[/b:964a4af957]: Dit programma absoluut naar het bureaublad downloaden! [b:964a4af957]Download ComboFix via één van deze locaties[/b:964a4af957]: [list:964a4af957][*:964a4af957][url=http://download.bleepingcomputer.com/sUBs/ComboFix.exe][b:964a4af957]Bleepingcomputer[/b:964a4af957][/url] [*:964a4af957][url=http://www.forospyware.com/sUBs/ComboFix.exe][b:964a4af957]ForoSpyware[/b:964a4af957][/url] [*:964a4af957][url=http://subs.geekstogo.com/ComboFix.exe][b:964a4af957]Geekstogo[/b:964a4af957][/url][/list:u:964a4af957] [url=http://www.bleepingcomputer.com/combofix/nl/hoe-dient-combofix-gebruikt-te-worden][b:964a4af957]Hier[/b:964a4af957][/url] zie je hoe je ComboFix moet gebruiken. Antivirusprogramma en actieve malwarescanners dienen al voor de ComboFix start gedeaktiveert zijn! [url=http://www.bleepingcomputer.com/forums/topic114351.html][b:964a4af957]Hier[/b:964a4af957][/url] en [url=http://www.techsupportforum.com/forums/f50/how-to-disable-your-security-applications-490111.html][b:964a4af957]hier[/b:964a4af957][/url] vindt je gegevens hoe antivirusprogramma's en spywarescanners te deaktiveren. [b:964a4af957]Voor alle duidelijkheid nogmaals[/b:964a4af957]: ComboFix dient vanaf het bureaublad gestart te worden. [b:964a4af957]Opmerkingen[/b:964a4af957]: [list:964a4af957][*:964a4af957] Bij gebruik van Windows XP zal er mogelijk gevraagd worden, om de "Recovery Console" te installeren! Sta dit dan toe (hiervoor is een actieve internet verbinding vereist). [*:964a4af957]Vista- en Windows 7 gebruikers starten Combofix op via rechtsklik met Administratorrechten. [*:964a4af957]Alle openstaande programma's en webpagina's dienen afgesloten te zijn.[/list:u:964a4af957] [b:964a4af957]ComboFix is opgestart[/b:964a4af957]: [list:964a4af957][*:964a4af957]Niet in het zwarte venster klikken, hierdoor kan ComboFix of zelfs Windows geheel "bevriezen"! [*:964a4af957]Combofix sluit tijdens de scan de internet verbinding – probeer deze tussentijds niet te herstellen! [*:964a4af957]Het kan voorkomen dat de computer meerdere malen opnieuw opgestart moet worden, dit is normaal. [*:964a4af957]Wanneer ComboFix gereed is, zal het het een logbestand voor je maken. [*:964a4af957]Post de inhoud van dit logbestand in je volgende bericht. [*:964a4af957]Indien het log niet opstart, is dit terug tevinden in C:\ComboFix.txt[/list:u:964a4af957] [b:964a4af957]Belangrijke opmerking[/b:964a4af957]: [list:964a4af957][*:964a4af957][b:964a4af957][color=Red:964a4af957]Indien na de scan bij het opstarten van programma's er een error wordt getoond met de melding:[/color:964a4af957][/b:964a4af957] [*:964a4af957][b:964a4af957][color=blue:964a4af957]Illegal operation attempted on a registery key that has been marked for deletion.[/color:964a4af957][/b:964a4af957] [*:964a4af957][b:964a4af957][color=Red:964a4af957]Start dan de computer opnieuw op.[/color:964a4af957][/b:964a4af957][/list:u:964a4af957]

anoniem · 2 november 2011

Logbestand ComboFix 11-11-02.03 - bigadje 03-11-2011 0:25.1.2 - x86 Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.31.1043.18.3071.1833 [GMT 1:00] Gestart vanuit: c:\users\bigadje\Desktop\ComboFix.exe AV: AVG Anti-Virus Free Edition 2011 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0} AV: Lavasoft Ad-Watch Live! Anti-Virus *Disabled/Updated* {9FF26384-70D4-CE6B-3ECB-E759A6A40116} SP: AVG Anti-Virus Free Edition 2011 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D} SP: Lavasoft Ad-Watch Live! *Disabled/Updated* {24938260-56EE-C1E5-047B-DC2BDD234BAB} SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . (((((((((((((((((((((((((((((((((( Andere Verwijderingen ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\programdata\3D3 c:\programdata\3D3\mm.db c:\programdata\3D3\thumbnail.db c:\programdata\Microsoft\Windows\Start Menu\Windows Live Messenger .lnk c:\users\bigadje\AppData\Local\log.txt c:\users\bigadje\AppData\Roaming\EurekaLog c:\users\bigadje\AppData\Roaming\EurekaLog\logivert\logivert_PC_BIG_ADJE.elf c:\users\bigadje\AppData\Roaming\Microsoft\~DFK3fed8a.tmp c:\users\bigadje\AppData\Roaming\Microsoft\1eaadjc.dll c:\users\bigadje\AppData\Roaming\Microsoft\bass.dll c:\users\bigadje\AppData\Roaming\Microsoft\kfgresk.dll c:\users\bigadje\AppData\Roaming\Microsoft\mjcriu.dll c:\users\bigadje\AppData\Roaming\Microsoft\peaadje.dll c:\users\bigadje\AppData\Roaming\Microsoft\qwadjb.dll c:\users\bigadje\AppData\Roaming\Microsoft\rsaadjd.dll c:\windows\iun6002.exe c:\windows\system32\CF25095.exe c:\windows\system32\ijl11.dll c:\windows\system32\jucheck.exe c:\windows\system32\uninstall.exe c:\windows\test . . (((((((((((((((((((( Bestanden Gemaakt van 2011-10-02 to 2011-11-02 )))))))))))))))))))))))))))))) . . 2175-05-27 23:15 . 2008-03-05 14:56 3786760 ----a-w- c:\windows\system32\d3dx9_37.dll 2011-11-02 23:35 . 2011-11-02 23:35 -------- d-----w- c:\users\bigadje\AppData\Local\temp 2011-11-02 23:35 . 2011-11-02 23:35 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\temp 2011-11-02 23:35 . 2011-11-02 23:35 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp 2011-11-02 09:41 . 2011-11-02 09:44 -------- d-----w- c:\program files\Toolbar Cleaner 2011-11-02 00:00 . 2011-11-02 00:00 -------- d-----w- c:\program files\Conduit 2011-11-02 00:00 . 2011-11-02 00:00 -------- d-----w- c:\users\bigadje\AppData\Local\Conduit 2011-11-01 23:59 . 2011-11-02 00:00 -------- d-----w- c:\program files\Freecorder 2011-11-01 17:37 . 2011-11-01 17:37 388096 ----a-r- c:\users\bigadje\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe 2011-11-01 17:37 . 2011-11-01 17:37 -------- d-----w- c:\program files\Trend Micro 2011-11-01 01:15 . 2011-10-31 23:40 16432 ----a-w- c:\windows\system32\lsdelete.exe 2011-10-31 23:36 . 2011-08-18 14:25 64512 ----a-w- c:\windows\system32\drivers\Lbd.sys 2011-10-31 23:36 . 2011-10-31 23:36 -------- d-----w- c:\program files\Lavasoft 2011-10-31 23:12 . 2011-10-31 23:14 -------- d-----w- c:\users\bigadje\AppData\Roaming\GetRightToGo 2011-10-31 22:51 . 2011-10-31 22:52 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2011-10-31 22:51 . 2011-08-31 16:00 22216 ----a-w- c:\windows\system32\drivers\mbam.sys 2011-10-31 18:07 . 2011-10-31 18:07 -------- d-----w- c:\users\bigadje\AppData\Roaming\MP4 to MP3 Converter 2011-10-31 18:06 . 2011-10-31 18:06 -------- d-----w- c:\program files\MP4 to MP3 Converter 2011-10-31 18:03 . 2011-10-31 18:03 -------- d-----w- c:\users\bigadje\AppData\Roaming\DVDVideoSoft 2011-10-29 10:48 . 2011-10-29 10:48 -------- d-----w- c:\users\bigadje\AppData\Roaming\Netscape 2011-10-29 10:48 . 2011-10-29 10:48 -------- d-----w- c:\users\bigadje\AppData\Local\Netscape 2011-10-26 17:47 . 2011-10-26 17:47 -------- d-----w- c:\program files\Lame For Audacity 2011-10-15 14:27 . 2011-11-01 15:59 -------- d-----w- C:\Spectrum 2011-10-13 20:29 . 2011-10-13 20:29 42392 ----a-w- c:\windows\system32\xfcodec.dll 2011-10-04 22:58 . 2011-10-04 22:58 -------- d-----w- c:\program files\TweetDeck 2011-10-04 22:57 . 2011-10-26 17:35 -------- d-----w- c:\program files\Audacity 1.3 Beta (Unicode) 2011-10-04 22:44 . 2011-10-04 22:44 -------- d-----w- c:\users\bigadje\AppData\Local\RadioSure 2011-10-04 17:42 . 2011-10-04 22:58 -------- d-----w- c:\users\bigadje\AppData\Roaming\TweetDeckFast.FFF259DC0CE2657847BBB4AFF0E62062EFC56543.1 . . . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-11-02 18:38 . 2008-12-04 18:56 137464 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys 2011-11-02 18:37 . 2009-03-07 10:31 214520 ----a-w- c:\windows\system32\PnkBstrB.xtr 2011-11-02 18:37 . 2008-12-04 18:55 214520 ----a-w- c:\windows\system32\PnkBstrB.exe 2011-11-02 18:37 . 2008-12-04 18:55 214520 ----a-w- c:\windows\system32\PnkBstrB.ex0 2011-10-31 23:40 . 2010-11-01 10:52 101720 ----a-w- c:\windows\system32\drivers\SBREDrv.sys 2011-10-23 21:25 . 2011-06-19 09:44 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2011-10-13 17:27 . 2008-02-09 11:22 75136 ----a-w- c:\windows\system32\PnkBstrA.exe 2011-08-19 14:33 . 2011-09-28 23:14 25944 ----a-w- c:\windows\system32\SmartDefragBootTime.exe 2011-09-29 07:28 . 2011-06-08 19:24 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll . . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond REGEDIT4 . [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks] "{1392b8d2-5c05-419f-a8f6-b9f15a596612}"= "c:\program files\Freecorder\prxtbFree.dll" [2011-01-17 175912] . [HKEY_CLASSES_ROOT\clsid\{1392b8d2-5c05-419f-a8f6-b9f15a596612}] . [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1392b8d2-5c05-419f-a8f6-b9f15a596612}] 2011-01-17 15:54 175912 ----a-w- c:\program files\Freecorder\prxtbFree.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{1392b8d2-5c05-419f-a8f6-b9f15a596612}"= "c:\program files\Freecorder\prxtbFree.dll" [2011-01-17 175912] . [HKEY_CLASSES_ROOT\clsid\{1392b8d2-5c05-419f-a8f6-b9f15a596612}] . [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser] "{1392B8D2-5C05-419F-A8F6-B9F15A596612}"= "c:\program files\Freecorder\prxtbFree.dll" [2011-01-17 175912] . [HKEY_CLASSES_ROOT\clsid\{1392b8d2-5c05-419f-a8f6-b9f15a596612}] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "AVG_TRAY"="c:\program files\AVG\AVG10\avgtray.exe" [2011-09-10 2338656] "TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2010-03-07 202256] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager] BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG10\avgchsvx.exe /sync\0c:\progra~1\AVG\AVG10\avgrsx.exe /sync /restart\0lsdelete . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service] @="Service" HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ad-Watch . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Easy Business Tools 5 Update Setup] 2010-05-26 12:24 3648607 -c--a-w- c:\users\bigadje\AppData\Local\{A354E2E1-A068-49E6-BCB4-C3433B40F33E}\setup_ebt5.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpsysdrv] 2007-04-18 15:01 65536 ----a-w- c:\hp\support\hpsysdrv.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KPN] 2007-10-23 10:36 198184 ----a-w- c:\program files\KPN\bin\sprtcmd.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes' Anti-Malware (reboot)] 2011-08-31 16:00 1047208 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbam.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SearchSettings] 2011-06-24 16:22 534880 ----a-w- c:\program files\Common Files\Spigot\Search Settings\SearchSettings.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe] 2010-03-07 14:51 202256 ----a-w- c:\program files\Common Files\Real\Update_OB\realsched.exe . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring] "DisableMonitoring"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc] "AntiVirusOverride"=dword:00000001 "AntiSpywareOverride"=dword:00000001 . R0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys [x] R0 TfSysMon;TfSysMon;c:\windows\system32\drivers\TfSysMon.sys [x] R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384] R2 gupdate1c9871e2dc4eb71;Google Update Service (gupdate1c9871e2dc4eb71);c:\program files\Google\Update\GoogleUpdate.exe [2009-02-04 133104] R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2011-10-31 2152152] R3 FlashUSB;Flash Loader utility driver;c:\windows\system32\Drivers\FlashUSB.sys [2008-01-25 15453] R3 FNETTHJM;Freecom Turbo USB 2.0;c:\windows\system32\drivers\fnetthjm.sys [2010-01-16 23936] R3 gupdatem;Google Update-service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2009-02-04 133104] R3 hitmanpro3;Hitman Pro 3 Support Driver; [x] R3 HPBtnSrv;HP Chasis Button Service;c:\hp\HPEZBTN\HPBtnSrv.exe [2007-05-29 198240] R3 HTCAND32;HTC Device Driver;c:\windows\system32\Drivers\ANDROIDUSB.sys [2009-06-09 24576] R3 htcnprot;HTC NDIS Protocol Driver;c:\windows\system32\DRIVERS\htcnprot.sys [2010-06-23 23040] R3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;c:\windows\system32\drivers\LGBusEnum.sys [x] R3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;c:\windows\system32\drivers\LGVirHid.sys [x] R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [x] R3 TfNetMon;TfNetMon;c:\windows\system32\drivers\TfNetMon.sys [x] R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504] S0 AVGIDSEH;AVGIDSEH;c:\windows\system32\DRIVERS\AVGIDSEH.Sys [2011-02-22 22992] S0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx86.sys [2011-03-16 32592] S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [2011-08-18 64512] S0 SmartDefragDriver;SmartDefragDriver;c:\windows\System32\Drivers\SmartDefragDriver.sys [2010-11-26 15672] S1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx86.sys [2011-01-07 248656] S1 Avgtdix;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdix.sys [2011-04-04 297168] S2 AdvancedSystemCareService;Advanced SystemCare Service;c:\program files\IObit\Advanced SystemCare 4\ASCService.exe [2011-04-21 352656] S2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe [2011-08-17 7390560] S2 avgwd;AVG WatchDog;c:\program files\AVG\AVG10\avgwdsvc.exe [2011-02-08 269520] S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-05-25 2214504] S2 PassThru Service;Internet Pass-Through Service;c:\program files\HTC\Internet Pass-Through\PassThruSvr.exe [2011-03-31 80896] S2 sprtsvc_KPN;SupportSoft Sprocket Service (KPN);c:\program files\KPN\bin\sprtsvc.exe [2007-10-23 202016] S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-05-20 378472] S2 TeamViewer6;TeamViewer 6;c:\program files\TeamViewer\Version6\TeamViewer_Service.exe [2011-01-14 2250616] S2 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [2011-04-22 92592] S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\AVGIDSDriver.Sys [2011-05-27 134480] S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\AVGIDSFilter.Sys [2011-02-10 24144] S3 AVGIDSShim;AVGIDSShim;c:\windows\system32\DRIVERS\AVGIDSShim.Sys [2011-02-10 28624] S3 camdrv41;Philips SPC 900NC PC Camera;c:\windows\system32\DRIVERS\camdrv41.sys [2007-04-23 1347584] S3 netr73;USB Wireless 802.11 b/g Adaptor Driver for Vista;c:\windows\system32\DRIVERS\netr73.sys [2008-02-26 493568] . . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc . Inhoud van de 'Gedeelde Taken' map . 2011-11-02 c:\windows\Tasks\Ad-Aware Update (Weekly).job - c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2011-08-18 23:40] . 2011-10-13 c:\windows\Tasks\GlaryInitialize.job - c:\program files\Glary Utilities\initialize.exe [2009-11-05 07:07] . 2011-10-20 c:\windows\Tasks\GoogleUpdateTaskMachineCore1cc8f396256b32e.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-02-04 23:13] . 2010-12-02 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-02-04 23:13] . 2011-05-28 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1250621424-1792265585-3911309756-1000Core1cc1d485e0b5565.job - c:\users\bigadje\AppData\Local\Google\Update\GoogleUpdate.exe [2010-12-02 08:57] . 2011-06-27 c:\windows\Tasks\Launch HTC Sync Loader.job - c:\program files\HTC\HTC Sync 3.0\htcUPCTLoader.exe [2011-04-26 15:22] . 2011-11-02 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1250621424-1792265585-3911309756-1000.job - c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-24 21:09] . 2010-12-11 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1250621424-1792265585-3911309756-1001.job - c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-24 21:09] . 2010-12-09 c:\windows\Tasks\RegistryBooster.job - c:\program files\Uniblue\RegistryBooster\rbmonitor.exe [2010-12-07 00:53] . 2010-12-09 c:\windows\Tasks\User_Feed_Synchronization-{64DE32D8-0311-4F7B-8E79-C8891A596F5E}.job - c:\windows\system32\msfeedssync.exe [2011-06-15 04:32] . 2011-10-03 c:\windows\Tasks\User_Feed_Synchronization-{F2FB0988-5A20-4CEB-A3A7-DC1F602DDBFF}.job - c:\windows\system32\msfeedssync.exe [2011-06-15 04:32] . 2011-07-27 c:\windows\Tasks\{995BB312-90A8-47F3-8112-804528967B5E}.job - c:\program files\Skype\Phone\Skype.exe [2011-06-15 13:02] . . ------- Bijkomende Scan ------- . uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT1060933 mStart Page = hxxp://www.bigseekpro.com/accmeware/{C008CB9D-135B-4A6F-B384-1185B6CF3F66} uInternet Settings,ProxyOverride = *.local IE: &Clean Traces IE: &Download with &DAP IE: &Download with AktivDownloadManager! IE: Download &all with DAP IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office10\EXCEL.EXE/3000 IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000 IE: Free YouTube Download - c:\users\bigadje\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm IE: Translate this web page with Babylon - c:\program files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/ActionTU.htm IE: Translate with Babylon - c:\program files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/Action.htm TCP: DhcpNameServer = 192.168.1.254 TCP: Interfaces\{DDCD2313-0166-4931-AD83-0B80E2A01BD5}: NameServer = 8.8.8.8,8.8.4.4 DPF: {888078C6-70B2-4F88-8EE7-1F50DDEA6120} - hxxps://as.photoprintit.de/ips-opdata/activex/ImageUploader6.cab DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} - hxxp://game02.zylom.com/activex/zylomgamesplayer.cab FF - ProfilePath - c:\users\bigadje\AppData\Roaming\Mozilla\Firefox\Profiles\92e0uyta.default\ FF - prefs.js: browser.search.defaulturl - hxxp://search.babylon.com/web/{searchTerms}?babsrc=browsersearch&AF=14542 FF - prefs.js: browser.search.selectedEngine - Yahoo FF - prefs.js: browser.startup.homepage - hxxp://search.babylon.com/home?AF=14542 FF - prefs.js: keyword.URL - hxxp://nl.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&type=382950&p= FF - user.js: yahoo.homepage.dontask - true . - - - - ORPHANS VERWIJDERD - - - - . URLSearchHooks-{5e5ab302-7f65-44cd-8211-c1d4caaccea3} - (no file) BHO-{201f27d4-3704-41d6-89c1-aa35e39143ed} - (no file) BHO-{ce18769b-c7fa-42d2-860d-17c4662c70ad} - (no file) Toolbar-{3041d03e-fd4b-44e0-b742-2d9b88305f98} - (no file) WebBrowser-{5E5AB302-7F65-44CD-8211-C1D4CAACCEA3} - (no file) SharedTaskScheduler-{1984D045-52CF-49cd-DB77-08F378FEA4DB} - (no file) MSConfigStartUp-Easy Business Tools 5 Update Setup for All Users - c:\programdata\{A354E2E1-A068-49E6-BCB4-C3433B40F33E}\setup_ebt5.exe . . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2011-11-03 00:35 Windows 6.0.6001 Service Pack 1 NTFS . scannen van verborgen processen ... . scannen van verborgen autostart items ... . scannen van verborgen bestanden ... . Scan succesvol afgerond verborgen bestanden: 0 . ************************************************************************** . Voltooingstijd: 2011-11-03 00:39:33 ComboFix-quarantined-files.txt 2011-11-02 23:39 . Pre-Run: 252.325.736.448 bytes beschikbaar Post-Run: 254.842.548.224 bytes beschikbaar . - - End Of File - - 4F085690E7B12829F28427784A41E8F5

anoniem · 3 november 2011

Hoi Arnold, ik wil ComboFix een hoop laten verwijderen. O.a. ook Iobit Advanced SystemCare 4. Waarom: Iobit is een Chinese softwareverspreider. En de softwareprodukten bestaan uit gestolen en geleende onderdelen van andere softwaremakers. Dat tool in jouw Windows bestaat o.a. uit onderdelen van MBAM en twee westerse antivirussoftwaremakers! Zie ook: http://www.nationaalcomputerforum.nl/showthread.php?t=67376 - verwijdering ervan zal ook AVG beter laten presteren. En verwijder ook Lavasoft AdAware, het zelfde verhaal - de antivirussektie in dat tool colllideert met AVG. Ik denk dat je het meteen zal merken dat beide tools verwijderd zijn!

anoniem · 3 november 2011

Het werkte niet! Maar ik heb het probleem zelf opgelost, was eenvoudiger dan ik had gedacht. In Google Chrome ga je naar "opties" > zoeken > zoekmachines beheren. Daar stond bij de "standaard zoekmachines" de Big zeek URL. Deze verwijderd, en weg is het probleem. Dank vor je hulp. Groet Arnold

anoniem · 3 november 2011

Begrijp ik goed dat jij het niet meer nodig acht verder te gaan?

anoniem · 3 november 2011

Aha, ik zie dus nog wat over het hoofd. Ik hoor graag van je wat er nog meer moet gebeuren. Groet Arnold

anoniem · 3 november 2011

Zie dan ook mijn bericht van Geplaatst: do nov 03, 2011 9:43 am en laat weten wat jij wil!

anoniem · 3 november 2011

Adaware en Advanced SystemCare 4. heb ik verwijderd.

anoniem · 3 november 2011

Mooi zo. Er zit nog veel trackingware en ook nog spyware software in jouw Windows! Open een nieuw kladblok bestand, via "Start\Alle programma’s\Bureau-accessoires\[b:f46bb66802]Kladblok[/b:f46bb66802]". Kopieer en plak de volgende (vetgedrukte, blauwe tekst) in het lege kladblokvenstervenster [b:f46bb66802][color=Blue:f46bb66802]KILLALL:: Folder:: c:\windows\system32\config\systemprofile c:\program files\Conduit c:\program files\Freecorder c:\program files\Common Files\Spigot c:\program files\Spigot c:\program files\IObit\Advanced SystemCare 4 C:\Program Files\Babylon [/color:f46bb66802][/b:f46bb66802] Sla dit kladblokbestand op je bureaublad op als [b:f46bb66802]CFScript.txt[/b:f46bb66802]. [b:f46bb66802][color=Red:f46bb66802]Nu eerst de antivirus deaktiveren![/color:f46bb66802][/b:f46bb66802] Sleep CFScript.txt in ComboFix.exe [img:f46bb66802]http://img.photobucket.com/albums/v666/sUBs/CFScriptB-4.gif[/img:f46bb66802] Dit zal ComboFix doen herstarten. Start opnieuw op als dat gevraagd wordt. Post het Combofix log dat na het opnieuw starten wordt getoond!

anoniem · 3 november 2011

ComboFix 11-11-02.03 - bigadje 03-11-2011 23:54:47.2.2 - x86 Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.31.1043.18.3071.1942 [GMT 1:00] Gestart vanuit: c:\users\bigadje\Desktop\ComboFix.exe gebruikte Opdracht switches :: c:\users\bigadje\Desktop\CFScript.txt AV: AVG Anti-Virus Free Edition 2011 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0} SP: AVG Anti-Virus Free Edition 2011 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D} SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . (((((((((((((((((((((((((((((((((( Andere Verwijderingen ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\program files\Common Files\Spigot c:\program files\Common Files\Spigot\Search Settings\config.ini c:\program files\Common Files\Spigot\Search Settings\SearchSettings.exe c:\program files\Common Files\Spigot\Search Settings\yahoo_ff.xml c:\program files\Common Files\Spigot\Search Settings\yahoo_ie.xml c:\program files\Common Files\Spigot\wtxpcom\chrome.manifest c:\program files\Common Files\Spigot\wtxpcom\components\IFBHOHelperWidgiToolbar.xpt c:\program files\Common Files\Spigot\wtxpcom\components\IFBHOWidgiToolbar.xpt c:\program files\Common Files\Spigot\wtxpcom\install.rdf . . (((((((((((((((((((( Bestanden Gemaakt van 2011-10-03 to 2011-11-03 )))))))))))))))))))))))))))))) . . 2175-05-27 23:15 . 2008-03-05 14:56 3786760 ----a-w- c:\windows\system32\d3dx9_37.dll 2011-11-03 23:02 . 2011-11-03 23:07 -------- d-----w- c:\users\bigadje\AppData\Local\temp 2011-11-03 23:02 . 2011-11-03 23:02 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\temp 2011-11-03 23:02 . 2011-11-03 23:02 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp 2011-11-02 09:41 . 2011-11-02 09:44 -------- d-----w- c:\program files\Toolbar Cleaner 2011-11-01 17:37 . 2011-11-01 17:37 388096 ----a-r- c:\users\bigadje\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe 2011-11-01 17:37 . 2011-11-01 17:37 -------- d-----w- c:\program files\Trend Micro 2011-10-31 23:12 . 2011-10-31 23:14 -------- d-----w- c:\users\bigadje\AppData\Roaming\GetRightToGo 2011-10-31 18:07 . 2011-10-31 18:07 -------- d-----w- c:\users\bigadje\AppData\Roaming\MP4 to MP3 Converter 2011-10-31 18:06 . 2011-10-31 18:06 -------- d-----w- c:\program files\MP4 to MP3 Converter 2011-10-31 18:03 . 2011-10-31 18:03 -------- d-----w- c:\users\bigadje\AppData\Roaming\DVDVideoSoft 2011-10-29 10:48 . 2011-10-29 10:48 -------- d-----w- c:\users\bigadje\AppData\Roaming\Netscape 2011-10-29 10:48 . 2011-10-29 10:48 -------- d-----w- c:\users\bigadje\AppData\Local\Netscape 2011-10-26 17:47 . 2011-10-26 17:47 -------- d-----w- c:\program files\Lame For Audacity 2011-10-15 14:27 . 2011-11-01 15:59 -------- d-----w- C:\Spectrum 2011-10-13 20:29 . 2011-10-13 20:29 42392 ----a-w- c:\windows\system32\xfcodec.dll . . . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-11-03 18:09 . 2008-12-04 18:56 138160 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys 2011-11-03 18:08 . 2008-12-04 18:55 271200 ----a-w- c:\windows\system32\PnkBstrB.exe 2011-11-03 18:06 . 2008-12-04 18:55 202040 ----a-w- c:\windows\system32\PnkBstrB.ex0 2011-11-03 00:07 . 2009-03-07 10:31 271200 ----a-w- c:\windows\system32\PnkBstrB.xtr 2011-10-31 23:40 . 2010-11-01 10:52 101720 ----a-w- c:\windows\system32\drivers\SBREDrv.sys 2011-10-23 21:25 . 2011-06-19 09:44 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2011-10-13 17:27 . 2008-02-09 11:22 75136 ----a-w- c:\windows\system32\PnkBstrA.exe 2011-08-19 14:33 . 2011-09-28 23:14 25944 ----a-w- c:\windows\system32\SmartDefragBootTime.exe 2011-09-29 07:28 . 2011-06-08 19:24 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll . . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond REGEDIT4 . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager] BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG10\avgchsvx.exe /sync\0c:\progra~1\AVG\AVG10\avgrsx.exe /sync /restart HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes' Anti-Malware (reboot) . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpsysdrv] 2007-04-18 15:01 65536 ----a-w- c:\hp\support\hpsysdrv.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KPN] 2007-10-23 10:36 198184 ----a-w- c:\program files\KPN\bin\sprtcmd.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe] 2010-03-07 14:51 202256 ----a-w- c:\program files\Common Files\Real\Update_OB\realsched.exe . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring] "DisableMonitoring"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc] "AntiVirusOverride"=dword:00000001 "AntiSpywareOverride"=dword:00000001 . R0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [x] R0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys [x] R0 TfSysMon;TfSysMon;c:\windows\system32\drivers\TfSysMon.sys [x] R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384] R2 gupdate1c9871e2dc4eb71;Google Update Service (gupdate1c9871e2dc4eb71);c:\program files\Google\Update\GoogleUpdate.exe [2009-02-04 133104] R3 FlashUSB;Flash Loader utility driver;c:\windows\system32\Drivers\FlashUSB.sys [2008-01-25 15453] R3 FNETTHJM;Freecom Turbo USB 2.0;c:\windows\system32\drivers\fnetthjm.sys [2010-01-16 23936] R3 gupdatem;Google Update-service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2009-02-04 133104] R3 hitmanpro3;Hitman Pro 3 Support Driver; [x] R3 HPBtnSrv;HP Chasis Button Service;c:\hp\HPEZBTN\HPBtnSrv.exe [2007-05-29 198240] R3 HTCAND32;HTC Device Driver;c:\windows\system32\Drivers\ANDROIDUSB.sys [2009-06-09 24576] R3 htcnprot;HTC NDIS Protocol Driver;c:\windows\system32\DRIVERS\htcnprot.sys [2010-06-23 23040] R3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;c:\windows\system32\drivers\LGBusEnum.sys [x] R3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;c:\windows\system32\drivers\LGVirHid.sys [x] R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [x] R3 TfNetMon;TfNetMon;c:\windows\system32\drivers\TfNetMon.sys [x] R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504] S0 AVGIDSEH;AVGIDSEH;c:\windows\system32\DRIVERS\AVGIDSEH.Sys [2011-02-22 22992] S0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx86.sys [2011-03-16 32592] S0 SmartDefragDriver;SmartDefragDriver;c:\windows\System32\Drivers\SmartDefragDriver.sys [2010-11-26 15672] S1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx86.sys [2011-01-07 248656] S1 Avgtdix;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdix.sys [2011-04-04 297168] S2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe [2011-08-17 7390560] S2 avgwd;AVG WatchDog;c:\program files\AVG\AVG10\avgwdsvc.exe [2011-02-08 269520] S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-05-25 2214504] S2 PassThru Service;Internet Pass-Through Service;c:\program files\HTC\Internet Pass-Through\PassThruSvr.exe [2011-03-31 80896] S2 sprtsvc_KPN;SupportSoft Sprocket Service (KPN);c:\program files\KPN\bin\sprtsvc.exe [2007-10-23 202016] S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-05-20 378472] S2 TeamViewer6;TeamViewer 6;c:\program files\TeamViewer\Version6\TeamViewer_Service.exe [2011-01-14 2250616] S2 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [2011-04-22 92592] S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\AVGIDSDriver.Sys [2011-05-27 134480] S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\AVGIDSFilter.Sys [2011-02-10 24144] S3 AVGIDSShim;AVGIDSShim;c:\windows\system32\DRIVERS\AVGIDSShim.Sys [2011-02-10 28624] S3 camdrv41;Philips SPC 900NC PC Camera;c:\windows\system32\DRIVERS\camdrv41.sys [2007-04-23 1347584] S3 netr73;USB Wireless 802.11 b/g Adaptor Driver for Vista;c:\windows\system32\DRIVERS\netr73.sys [2008-02-26 493568] . . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc . Inhoud van de 'Gedeelde Taken' map . 2011-10-13 c:\windows\Tasks\GlaryInitialize.job - c:\program files\Glary Utilities\initialize.exe [2009-11-05 07:07] . 2011-10-20 c:\windows\Tasks\GoogleUpdateTaskMachineCore1cc8f396256b32e.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-02-04 23:13] . 2010-12-02 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-02-04 23:13] . 2011-05-28 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1250621424-1792265585-3911309756-1000Core1cc1d485e0b5565.job - c:\users\bigadje\AppData\Local\Google\Update\GoogleUpdate.exe [2010-12-02 08:57] . 2011-06-27 c:\windows\Tasks\Launch HTC Sync Loader.job - c:\program files\HTC\HTC Sync 3.0\htcUPCTLoader.exe [2011-04-26 15:22] . 2011-11-02 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1250621424-1792265585-3911309756-1000.job - c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-24 21:09] . 2010-12-11 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1250621424-1792265585-3911309756-1001.job - c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-24 21:09] . 2010-12-09 c:\windows\Tasks\RegistryBooster.job - c:\program files\Uniblue\RegistryBooster\rbmonitor.exe [2010-12-07 00:53] . 2010-12-09 c:\windows\Tasks\User_Feed_Synchronization-{64DE32D8-0311-4F7B-8E79-C8891A596F5E}.job - c:\windows\system32\msfeedssync.exe [2011-06-15 04:32] . 2011-10-03 c:\windows\Tasks\User_Feed_Synchronization-{F2FB0988-5A20-4CEB-A3A7-DC1F602DDBFF}.job - c:\windows\system32\msfeedssync.exe [2011-06-15 04:32] . 2011-07-27 c:\windows\Tasks\{995BB312-90A8-47F3-8112-804528967B5E}.job - c:\program files\Skype\Phone\Skype.exe [2011-06-15 13:02] . . ------- Bijkomende Scan ------- . uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT1060933 mStart Page = hxxp://www.bigseekpro.com/accmeware/{C008CB9D-135B-4A6F-B384-1185B6CF3F66} uInternet Settings,ProxyOverride = *.local IE: &Clean Traces IE: &Download with &DAP IE: &Download with AktivDownloadManager! IE: Download &all with DAP IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office10\EXCEL.EXE/3000 IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000 IE: Free YouTube Download - c:\users\bigadje\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm IE: Translate this web page with Babylon - c:\program files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/ActionTU.htm IE: Translate with Babylon - c:\program files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/Action.htm TCP: DhcpNameServer = 192.168.1.254 TCP: Interfaces\{DDCD2313-0166-4931-AD83-0B80E2A01BD5}: NameServer = 8.8.8.8,8.8.4.4 DPF: {888078C6-70B2-4F88-8EE7-1F50DDEA6120} - hxxps://as.photoprintit.de/ips-opdata/activex/ImageUploader6.cab DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} - hxxp://game02.zylom.com/activex/zylomgamesplayer.cab FF - ProfilePath - c:\users\bigadje\AppData\Roaming\Mozilla\Firefox\Profiles\92e0uyta.default\ FF - prefs.js: browser.search.defaulturl - hxxp://search.babylon.com/web/{searchTerms}?babsrc=browsersearch&AF=14542 FF - prefs.js: browser.search.selectedEngine - Yahoo FF - prefs.js: browser.startup.homepage - hxxp://search.babylon.com/home?AF=14542 FF - prefs.js: keyword.URL - hxxp://nl.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&type=382950&p= FF - user.js: yahoo.homepage.dontask - true . - - - - ORPHANS VERWIJDERD - - - - . URLSearchHooks-{1392b8d2-5c05-419f-a8f6-b9f15a596612} - (no file) Toolbar-{1392b8d2-5c05-419f-a8f6-b9f15a596612} - (no file) WebBrowser-{1392B8D2-5C05-419F-A8F6-B9F15A596612} - (no file) MSConfigStartUp-Easy Business Tools 5 Update Setup - c:\users\bigadje\AppData\Local\{A354E2E1-A068-49E6-BCB4-C3433B40F33E}\setup_ebt5.exe MSConfigStartUp-SearchSettings - c:\program files\Common Files\Spigot\Search Settings\SearchSettings.exe . . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2011-11-04 00:09 Windows 6.0.6001 Service Pack 1 NTFS . scannen van verborgen processen ... . scannen van verborgen autostart items ... . scannen van verborgen bestanden ... . Scan succesvol afgerond verborgen bestanden: 0 . ************************************************************************** . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\.NET CLR Data] . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\.NET CLR Networking] . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\.NET CLR Networking 4.0.0.0] . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\.NET Data Provider for Oracle] . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\.NET Data Provider for SqlServer] . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\.NETFramework] . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\61883] "ImagePath"="system32\DRIVERS\61883.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\ACPI] "ImagePath"="system32\drivers\acpi.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\adp94xx] "ImagePath"="\SystemRoot\system32\drivers\adp94xx.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\adpahci] "ImagePath"="\SystemRoot\system32\drivers\adpahci.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\adpu160m] "ImagePath"="\SystemRoot\system32\drivers\adpu160m.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\adpu320] "ImagePath"="\SystemRoot\system32\drivers\adpu320.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\adsi] . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\aec] . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\AeLookupSvc] "ServiceDll"="%SystemRoot%\System32\aelupsvc.dll" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\AFD] "ImagePath"="\SystemRoot\system32\drivers\afd.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\agp440] "ImagePath"="\SystemRoot\system32\drivers\agp440.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\aic78xx] "ImagePath"="\SystemRoot\system32\drivers\djsvs.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\ALG] "ImagePath"="%SystemRoot%\System32\alg.exe" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\aliide] "ImagePath"="\SystemRoot\system32\drivers\aliide.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\amdagp] "ImagePath"="\SystemRoot\system32\drivers\amdagp.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\amdide] "ImagePath"="\SystemRoot\system32\drivers\amdide.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\AmdK7] "ImagePath"="\SystemRoot\system32\drivers\amdk7.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\AmdK8] "ImagePath"="\SystemRoot\system32\drivers\amdk8.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Appinfo] "ServiceDll"="%SystemRoot%\System32\appinfo.dll" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\AppMgmt] "ServiceDll"="%SystemRoot%\System32\appmgmts.dll" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\arc] "ImagePath"="\SystemRoot\system32\drivers\arc.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\arcsas] "ImagePath"="\SystemRoot\system32\drivers\arcsas.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\ASP.NET_1.1.4322] . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\ASPI32] . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\AsyncMac] "ImagePath"="system32\DRIVERS\asyncmac.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\atapi] "ImagePath"="\SystemRoot\system32\drivers\atapi.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Ati External Event Utility] "ImagePath"="%SystemRoot%\system32\Ati2evxx.exe" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Atierecord] . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\atikmdag] "ImagePath"="system32\DRIVERS\atikmdag.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\AudioEndpointBuilder] "ServiceDll"="%SystemRoot%\System32\Audiosrv.dll" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Audiosrv] "ServiceDll"="%SystemRoot%\System32\Audiosrv.dll" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Avc] "ImagePath"="system32\DRIVERS\avc.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Avg] . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\AVGIDSAgent] "ImagePath"="\"c:\program files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe\"" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\AVGIDSDriver] "ImagePath"="system32\DRIVERS\AVGIDSDriver.Sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\AVGIDSEH] "ImagePath"="system32\DRIVERS\AVGIDSEH.Sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\AVGIDSFilter] "ImagePath"="system32\DRIVERS\AVGIDSFilter.Sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\AVGIDSShim] "ImagePath"="system32\DRIVERS\AVGIDSShim.Sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Avgldx86] "ImagePath"="system32\DRIVERS\avgldx86.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Avgmfx86] "ImagePath"="system32\DRIVERS\avgmfx86.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Avgrkx86] "ImagePath"="system32\DRIVERS\avgrkx86.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Avgtdix] "ImagePath"="system32\DRIVERS\avgtdix.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\avgwd] "ImagePath"="\"c:\program files\AVG\AVG10\avgwdsvc.exe\"" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\BattC] "MofImagePath"="system32\drivers\battc.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Beep] . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\BFE] "ServiceDll"="%SystemRoot%\System32\bfe.dll" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\BITS] "ServiceDll"="%systemroot%\system32\qmgr.dll" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\blbdrive] "ImagePath"="\SystemRoot\system32\drivers\blbdrive.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\bowser] "ImagePath"="system32\DRIVERS\bowser.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\BrFiltLo] "ImagePath"="\SystemRoot\system32\drivers\brfiltlo.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\BrFiltUp] "ImagePath"="\SystemRoot\system32\drivers\brfiltup.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Browser] "ServiceDll"="%SystemRoot%\System32\browser.dll" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Brserid] "ImagePath"="\SystemRoot\system32\drivers\brserid.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\BrSerWdm] "ImagePath"="\SystemRoot\system32\drivers\brserwdm.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\BrUsbMdm] "ImagePath"="\SystemRoot\system32\drivers\brusbmdm.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\BrUsbSer] "ImagePath"="\SystemRoot\system32\drivers\brusbser.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\BTHMODEM] "ImagePath"="\SystemRoot\system32\drivers\bthmodem.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\camdrv41] "ImagePath"="system32\DRIVERS\camdrv41.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\catchme] "ImagePath"="\??\c:\combofix\catchme.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\cdfs] "ImagePath"="system32\DRIVERS\cdfs.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\cdrom] "ImagePath"="system32\DRIVERS\cdrom.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\CertPropSvc] "ServiceDll"="%SystemRoot%\System32\certprop.dll" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\circlass] "ImagePath"="system32\DRIVERS\circlass.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\CLFS] "ImagePath"="System32\CLFS.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\clr_optimization_v2.0.50727_32] "ImagePath"="%systemroot%\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\clr_optimization_v4.0.30319_32] "ImagePath"="c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\cmdide] "ImagePath"="\SystemRoot\system32\drivers\cmdide.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Compbatt] "ImagePath"="\SystemRoot\system32\drivers\compbatt.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\COMSysApp] "ImagePath"="%SystemRoot%\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235}" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\crcdisk] "ImagePath"="system32\drivers\crcdisk.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Crusoe] "ImagePath"="\SystemRoot\system32\drivers\crusoe.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\crypt32] . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\CryptSvc] "ServiceDll"="%SystemRoot%\system32\cryptsvc.dll" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\CscService] . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\DCLocator] . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\DcomLaunch] "ServiceDll"="%SystemRoot%\system32\rpcss.dll" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\DfsC] "ImagePath"="System32\Drivers\dfsc.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\DFSR] "ImagePath"="%SystemRoot%\system32\DFSR.exe" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Dhcp] "ServiceDll"="%SystemRoot%\system32\dhcpcsvc.dll" -- . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\disk] "ImagePath"="system32\drivers\disk.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Dnscache] "ServiceDll"="%SystemRoot%\System32\dnsrslvr.dll" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\dot3svc] "ServiceDll"="%SystemRoot%\System32\dot3svc.dll" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\DPS] "ServiceDll"="%SystemRoot%\system32\dps.dll" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\drmkaud] "ImagePath"="system32\drivers\drmkaud.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\DXGKrnl] "ImagePath"="\SystemRoot\System32\drivers\dxgkrnl.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\E1G60] "ImagePath"="system32\DRIVERS\E1G60I32.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\EapHost] "ServiceDll"="%SystemRoot%\System32\eapsvc.dll" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Ecache] "ImagePath"="System32\drivers\ecache.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\ehRecvr] "ImagePath"="%systemroot%\ehome\ehRecvr.exe" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\ehSched] "ImagePath"="%systemroot%\ehome\ehsched.exe" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\ehstart] "ServiceDll"="%SystemRoot%\ehome\ehstart.dll" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\elxstor] "ImagePath"="\SystemRoot\system32\drivers\elxstor.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\EmdCache] . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\EMDMgmt] "ServiceDll"="%systemroot%\system32\emdmgmt.dll" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\ESENT] . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Eventlog] "ServiceDll"="%SystemRoot%\System32\wevtsvc.dll" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\EventSystem] "ServiceDll"="%systemroot%\system32\es.dll" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\exfat] . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\fastfat] . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\fdc] "ImagePath"="system32\DRIVERS\fdc.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\fdPHost] "ServiceDll"="%SystemRoot%\system32\fdPHost.dll" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\FDResPub] "ServiceDll"="%SystemRoot%\system32\fdrespub.dll" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\FileInfo] "ImagePath"="system32\drivers\fileinfo.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Filetrace] "ImagePath"="system32\drivers\filetrace.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\FlashUSB] "ImagePath"="System32\Drivers\FlashUSB.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\FLASH_USBDRV] . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\FLEXnet Licensing Service] "ImagePath"="\"c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe\"" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\flpydisk] "ImagePath"="system32\DRIVERS\flpydisk.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\FltMgr] "ImagePath"="system32\drivers\fltmgr.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\FNETTHJM] "ImagePath"="system32\drivers\fnetthjm.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\FontCache3.0.0.0] "ImagePath"="%systemroot%\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Fs_Rec] . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\gagp30kx] "ImagePath"="\SystemRoot\system32\drivers\gagp30kx.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\gpsvc] "ServiceDll"="%SystemRoot%\System32\gpsvc.dll" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\gupdate1c9871e2dc4eb71] "ImagePath"="c:\program files\Google\Update\GoogleUpdate.exe /svc" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\gupdatem] "ImagePath"="c:\program files\Google\Update\GoogleUpdate.exe /medsvc" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\HdAudAddService] "ImagePath"="system32\drivers\HdAudio.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\HDAudBus] "ImagePath"="system32\DRIVERS\HDAudBus.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\HidBth] "ImagePath"="\SystemRoot\system32\drivers\hidbth.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\HidIr] "ImagePath"="system32\DRIVERS\hidir.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\hidserv] "ServiceDll"="%SystemRoot%\System32\hidserv.dll" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\HidUsb] "ImagePath"="system32\DRIVERS\hidusb.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\hitmanpro3] . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\hkmsvc] "ServiceDLL"="%SystemRoot%\system32\kmsvc.dll" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\HP Health Check Service] "ImagePath"="\"c:\program files\Hewlett-Packard\HP Health Check\hphc_service.exe\"" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\HPBtnSrv] "ImagePath"="c:\hp\HPEZBTN\HPBtnSrv.exe" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\HpCISSs] "ImagePath"="\SystemRoot\system32\drivers\hpcisss.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\hpqcxs08] "ServiceDll"="c:\program files\HP\Digital Imaging\bin\hpqcxs08.dll" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\hpqddsvc] "ServiceDll"="c:\program files\HP\Digital Imaging\bin\hpqddsvc.dll" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\HTCAND32] "ImagePath"="System32\Drivers\ANDROIDUSB.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\htcnprot] "ImagePath"="system32\DRIVERS\htcnprot.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\HTTP] "ImagePath"="system32\drivers\HTTP.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\i2omp] "ImagePath"="\SystemRoot\system32\drivers\i2omp.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\i8042prt] "ImagePath"="system32\DRIVERS\i8042prt.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\IAANTMON] "ImagePath"="c:\program files\Intel\Intel Matrix Storage Manager\Iaantmon.exe" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\iaStor] "ImagePath"="system32\drivers\iastor.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\iaStorV] "ImagePath"="\SystemRoot\system32\drivers\iastorv.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\idsvc] "ImagePath"="\"%systemroot%\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe\"" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\iirsp] "ImagePath"="\SystemRoot\system32\drivers\iirsp.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\IKEEXT] "ServiceDll"="%SystemRoot%\System32\ikeext.dll" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\inetaccs] . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\IntcAzAudAddService] "ImagePath"="system32\drivers\RTKVHDA.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\intelide] "ImagePath"="\SystemRoot\system32\drivers\intelide.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\intelppm] "ImagePath"="system32\DRIVERS\intelppm.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\IPBusEnum] "ServiceDll"="%SystemRoot%\system32\ipbusenum.dll" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\IpFilterDriver] "ImagePath"="system32\DRIVERS\ipfltdrv.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\iphlpsvc] "ServiceDll"="%SystemRoot%\System32\iphlpsvc.dll" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\IpInIp] "ImagePath"="system32\DRIVERS\ipinip.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\IPMIDRV] "ImagePath"="\SystemRoot\system32\drivers\ipmidrv.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\IPNAT] "ImagePath"="system32\DRIVERS\ipnat.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\IRENUM] "ImagePath"="system32\drivers\irenum.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\isapnp] "ImagePath"="\SystemRoot\system32\drivers\isapnp.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\iScsiPrt] "ImagePath"="system32\DRIVERS\msiscsi.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\iteatapi] "ImagePath"="\SystemRoot\system32\drivers\iteatapi.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\iteraid] "ImagePath"="\SystemRoot\system32\drivers\iteraid.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\kbdclass] "ImagePath"="system32\DRIVERS\kbdclass.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\kbdhid] "ImagePath"="system32\DRIVERS\kbdhid.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\KeyIso] "ImagePath"="%SystemRoot%\system32\lsass.exe" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\KSecDD] "ImagePath"="System32\Drivers\ksecdd.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\KtmRm] "ServiceDll"="%systemroot%\system32\msdtckrm.dll" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\LanmanServer] "ServiceDll"="%SystemRoot%\System32\srvsvc.dll" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\LanmanWorkstation] "ServiceDll"="%SystemRoot%\System32\wkssvc.dll" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Lbd] "ImagePath"="system32\DRIVERS\Lbd.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\LBTServ] "ImagePath"="c:\program files\Common Files\LogiShrd\Bluetooth\lbtserv.exe" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\ldap] . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\LGBusEnum] "ImagePath"="system32\drivers\LGBusEnum.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\LGVirHid] "ImagePath"="system32\drivers\LGVirHid.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\LHidFilt] "ImagePath"="system32\DRIVERS\LHidFilt.Sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\LHidKe] . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\LightScribeService] "ImagePath"="\"c:\program files\Common Files\LightScribe\LSSrvc.exe\"" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\lltdio] "ImagePath"="system32\DRIVERS\lltdio.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\lltdsvc] "ServiceDll"="%SystemRoot%\System32\lltdsvc.dll" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\lmhosts] "ServiceDll"="%SystemRoot%\System32\lmhsvc.dll" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\LMouFilt] "ImagePath"="system32\DRIVERS\LMouFilt.Sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Lsa] . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\LSI_FC] "ImagePath"="\SystemRoot\system32\drivers\lsi_fc.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\LSI_SAS] "ImagePath"="\SystemRoot\system32\drivers\lsi_sas.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\LSI_SCSI] "ImagePath"="\SystemRoot\system32\drivers\lsi_scsi.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\luafv] "ImagePath"="\SystemRoot\system32\drivers\luafv.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\LUsbFilt] "ImagePath"="System32\Drivers\LUsbFilt.Sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\MBAMSwissArmy] "ImagePath"="\??\c:\windows\system32\drivers\mbamswissarmy.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Mcx2Svc] "ServiceDll"="%SystemRoot%\system32\Mcx2Svc.dll" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\megasas] "ImagePath"="\SystemRoot\system32\drivers\megasas.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\MMCSS] "ServiceDll"="%SystemRoot%\system32\mmcss.dll" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Modem] "ImagePath"="system32\drivers\modem.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\monitor] "ImagePath"="system32\DRIVERS\monitor.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\mouclass] "ImagePath"="system32\DRIVERS\mouclass.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\mouhid] "ImagePath"="system32\DRIVERS\mouhid.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\MountMgr] "ImagePath"="System32\drivers\mountmgr.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\mpio] "ImagePath"="\SystemRoot\system32\drivers\mpio.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\mpsdrv] "ImagePath"="System32\drivers\mpsdrv.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\MpsSvc] "ServiceDll"="%SystemRoot%\system32\mpssvc.dll" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Mraid35x] "ImagePath"="\SystemRoot\system32\drivers\mraid35x.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\MRxDAV] "ImagePath"="\SystemRoot\system32\drivers\mrxdav.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\mrxsmb] "ImagePath"="system32\DRIVERS\mrxsmb.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\mrxsmb10] "ImagePath"="system32\DRIVERS\mrxsmb10.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\mrxsmb20] "ImagePath"="system32\DRIVERS\mrxsmb20.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\msahci] "ImagePath"="\SystemRoot\system32\drivers\msahci.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\msdsm] "ImagePath"="\SystemRoot\system32\drivers\msdsm.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\MSDTC] "ImagePath"="%SystemRoot%\System32\msdtc.exe" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\MSDTC Bridge 3.0.0.0] . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\MSDTC Bridge 4.0.0.0] . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\MSDV] "ImagePath"="system32\DRIVERS\msdv.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Msfs] . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\msisadrv] "ImagePath"="system32\drivers\msisadrv.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\MSiSCSI] "ServiceDll"="%systemroot%\system32\iscsiexe.dll" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\msiserver] "ImagePath"="%systemroot%\system32\msiexec.exe /V" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\MSKSSRV] "ImagePath"="system32\drivers\MSKSSRV.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\MSPCLOCK] "ImagePath"="system32\drivers\MSPCLOCK.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\MSPQM] "ImagePath"="system32\drivers\MSPQM.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\MsRPC] . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\MSSCNTRS] . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\mssmbios] "ImagePath"="system32\DRIVERS\mssmbios.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\MSTEE] "ImagePath"="system32\drivers\MSTEE.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Mup] "ImagePath"="System32\Drivers\mup.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\napagent] "ServiceDLL"="%SystemRoot%\system32\qagentRT.dll" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\NativeWifiP] "ImagePath"="system32\DRIVERS\nwifi.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\NDIS] "ImagePath"="system32\drivers\ndis.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\NdisTapi] "ImagePath"="system32\DRIVERS\ndistapi.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Ndisuio] "ImagePath"="system32\DRIVERS\ndisuio.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\NdisWan] "ImagePath"="system32\DRIVERS\ndiswan.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\NDProxy] . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\NetBIOS] "ImagePath"="system32\DRIVERS\netbios.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\netbt] "ImagePath"="System32\DRIVERS\netbt.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Netlogon] "ImagePath"="%SystemRoot%\system32\lsass.exe" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Netman] "ServiceDll"="%SystemRoot%\System32\netman.dll" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\netprofm] "ServiceDll"="%SystemRoot%\System32\netprofm.dll" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\netr73] "ImagePath"="system32\DRIVERS\netr73.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\NetTcpPortSharing] "ImagePath"="\"%systemroot%\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe\"" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\nfrd960] "ImagePath"="\SystemRoot\system32\drivers\nfrd960.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\NlaSvc] "ServiceDll"="%SystemRoot%\System32\nlasvc.dll" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\NMIndexingService] . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\NMSAccess] . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\NMSAccessU] "ImagePath"="c:\program files\CDBurnerXP\NMSAccessU.exe" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Nokia Music] . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Npfs] . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\nsi] "ServiceDll"="%systemroot%\system32\nsisvc.dll" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\nsiproxy] "ImagePath"="system32\drivers\nsiproxy.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\NTDS] . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Ntfs] . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\ntrigdigi] "ImagePath"="\SystemRoot\system32\drivers\ntrigdigi.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Null] . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\nvlddmkm] "ImagePath"="system32\DRIVERS\nvlddmkm.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\nvraid] "ImagePath"="\SystemRoot\system32\drivers\nvraid.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\nvstor] "ImagePath"="\SystemRoot\system32\drivers\nvstor.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\nvsvc] "ImagePath"="c:\windows\system32\nvvsvc.exe" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\nvUpdatusService] "ImagePath"="c:\program files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\nv_agp] "ImagePath"="\SystemRoot\system32\drivers\nv_agp.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\NwlnkFlt] "ImagePath"="system32\DRIVERS\nwlnkflt.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\NwlnkFwd] "ImagePath"="system32\DRIVERS\nwlnkfwd.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\odserv] "ImagePath"="\"c:\program files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE\"" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\ohci1394] "ImagePath"="system32\DRIVERS\ohci1394.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\ose] "ImagePath"="\"c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE\"" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Outlook] . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\p2pimsvc] "ServiceDll"="%SystemRoot%\system32\p2psvc.dll" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\p2psvc] "ServiceDll"="%SystemRoot%\system32\p2psvc.dll" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Parport] "ImagePath"="\SystemRoot\system32\drivers\parport.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\partmgr] "ImagePath"="System32\drivers\partmgr.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Parvdm] "ImagePath"="\SystemRoot\system32\drivers\parvdm.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\PassThru Service] "ImagePath"="c:\program files\HTC\Internet Pass-Through\PassThruSvr.exe" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\PcaSvc] "ServiceDll"="%SystemRoot%\System32\pcasvc.dll" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\PcdrNdisuio] "ImagePath"="system32\DRIVERS\pcdrndisuio.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\pci] "ImagePath"="system32\drivers\pci.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\pciide] "ImagePath"="\SystemRoot\system32\drivers\pciide.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\pcmcia] "ImagePath"="\SystemRoot\system32\drivers\pcmcia.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\PEAUTH] "ImagePath"="system32\drivers\peauth.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\PerfDisk] . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\PerfNet] . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\PerfOS] . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\PerfProc] . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\pla] "ServiceDll"="%systemroot%\system32\pla.dll" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\PlugPlay] "ServiceDll"="%SystemRoot%\system32\umpnpmgr.dll" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\PnkBstrA] "ImagePath"="c:\windows\system32\PnkBstrA.exe" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\PNRPAutoReg] "ServiceDll"="%SystemRoot%\system32\p2psvc.dll" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\PNRPsvc] "ServiceDll"="%SystemRoot%\system32\p2psvc.dll" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\PolicyAgent] "ServiceDll"="%SystemRoot%\System32\ipsecsvc.dll" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\PortProxy] . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\PptpMiniport] "ImagePath"="system32\DRIVERS\raspptp.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Processor] "ImagePath"="\SystemRoot\system32\drivers\processr.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\ProfSvc] "ServiceDll"="%systemroot%\system32\profsvc.dll" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\ProtectedStorage] "ImagePath"="%SystemRoot%\system32\lsass.exe" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\PSched] "ImagePath"="system32\DRIVERS\pacer.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\PxHelp20] "ImagePath"="System32\Drivers\PxHelp20.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\ql2300] "ImagePath"="\SystemRoot\system32\drivers\ql2300.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\ql40xx] "ImagePath"="\SystemRoot\system32\drivers\ql40xx.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\QWAVE] "ServiceDll"="%windir%\system32\qwave.dll" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\QWAVEdrv] "ImagePath"="\SystemRoot\system32\drivers\qwavedrv.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\RasAcd] "ImagePath"="System32\DRIVERS\rasacd.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\RasAuto] "ServiceDll"="%SystemRoot%\System32\rasauto.dll" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Rasl2tp] "ImagePath"="system32\DRIVERS\rasl2tp.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\RasMan] "ServiceDll"="%SystemRoot%\System32\rasmans.dll" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\RasPppoe] "ImagePath"="system32\DRIVERS\raspppoe.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\RasSstp] "ImagePath"="system32\DRIVERS\rassstp.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\rdbss] "ImagePath"="system32\DRIVERS\rdbss.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\RDPCDD] "ImagePath"="System32\DRIVERS\RDPCDD.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\RDPDD] . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\rdpdr] "ImagePath"="\SystemRoot\system32\drivers\rdpdr.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\RDPENCDD] "ImagePath"="system32\drivers\rdpencdd.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\RDPNP] . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\RDPWD] . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\RemoteAccess] "ServiceDLL"="%SystemRoot%\System32\mprdim.dll" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\RemoteRegistry] "ServiceDll"="%SystemRoot%\system32\regsvc.dll" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\RpcLocator] "ImagePath"="%SystemRoot%\system32\locator.exe" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\RpcSs] "ServiceDll"="%SystemRoot%\system32\rpcss.dll" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\rspndr] "ImagePath"="system32\DRIVERS\rspndr.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\RTL8169] "ImagePath"="system32\DRIVERS\Rtlh86.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\RTSTOR] "ImagePath"="system32\drivers\RTSTOR.SYS" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\SamSs] "ImagePath"="%SystemRoot%\system32\lsass.exe" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\sbp2port] "ImagePath"="\SystemRoot\system32\drivers\sbp2port.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\SCardSvr] "ServiceDll"="%SystemRoot%\System32\SCardSvr.dll" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Schedule] "ServiceDll"="%systemroot%\system32\schedsvc.dll" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\SCPolicySvc] "ServiceDll"="%SystemRoot%\System32\certprop.dll" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\SDRSVC] "ServiceDll"="%Systemroot%\System32\SDRSVC.dll" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\secdrv] . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\seclogon] "ServiceDll"="%windir%\system32\seclogon.dll" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\SENS] "ServiceDll"="%SystemRoot%\system32\sens.dll" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Serenum] "ImagePath"="\SystemRoot\system32\drivers\serenum.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Serial] "ImagePath"="\SystemRoot\system32\drivers\serial.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\sermouse] "ImagePath"="\SystemRoot\system32\drivers\sermouse.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\ServiceModelEndpoint 3.0.0.0] . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\ServiceModelOperation 3.0.0.0] . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\ServiceModelService 3.0.0.0] . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\SessionEnv] "ServiceDLL"="%SystemRoot%\system32\sessenv.dll" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\sffdisk] "ImagePath"="\SystemRoot\system32\drivers\sffdisk.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\sffp_mmc] "ImagePath"="\SystemRoot\system32\drivers\sffp_mmc.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\sffp_sd] "ImagePath"="\SystemRoot\system32\drivers\sffp_sd.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\sfloppy] "ImagePath"="\SystemRoot\system32\drivers\sfloppy.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\SharedAccess] "ServiceDll"="%SystemRoot%\System32\ipnathlp.dll" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\ShellHWDetection] "ServiceDll"="%SystemRoot%\System32\shsvcs.dll" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\sisagp] "ImagePath"="\SystemRoot\system32\drivers\sisagp.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\SiSRaid2] "ImagePath"="\SystemRoot\system32\drivers\sisraid2.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\SiSRaid4] "ImagePath"="\SystemRoot\system32\drivers\sisraid4.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\slsvc] "ImagePath"="%SystemRoot%\system32\SLsvc.exe" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\SLUINotify] "ServiceDll"="%SystemRoot%\system32\SLUINotify.dll" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\SmartDefragBootTime] . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\SmartDefragDriver] "ImagePath"="System32\Drivers\SmartDefragDriver.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Smb] "ImagePath"="system32\DRIVERS\smb.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\SMSvcHost 3.0.0.0] . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\SMSvcHost 4.0.0.0] . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\SNMPTRAP] "ImagePath"="%SystemRoot%\System32\snmptrap.exe" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\spldr] . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\splitter] . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Spooler] "ImagePath"="%SystemRoot%\System32\spoolsv.exe" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\sprtsvc_KPN] "ImagePath"="\"c:\program files\KPN\bin\sprtsvc.exe\" /service /p KPN" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\srv] "ImagePath"="System32\DRIVERS\srv.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\srv2] "ImagePath"="System32\DRIVERS\srv2.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\srvnet] "ImagePath"="System32\DRIVERS\srvnet.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\SSDPSRV] "ServiceDll"="%SystemRoot%\System32\ssdpsrv.dll" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\SstpSvc] "ServiceDll"="%SystemRoot%\system32\sstpsvc.dll" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\StarOpen] . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Steam Client Service] "ImagePath"="c:\program files\Common Files\Steam\SteamService.exe /RunAsService" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Stereo Service] "ImagePath"="c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\stisvc] "ServiceDll"="%SystemRoot%\System32\wiaservc.dll" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\swenum] "ImagePath"="system32\DRIVERS\swenum.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\swmidi] . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\swprv] "ServiceDll"="%Systemroot%\System32\swprv.dll" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Symc8xx] "ImagePath"="\SystemRoot\system32\drivers\symc8xx.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\SymIM] "ImagePath"="system32\DRIVERS\SymIM.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\SymIMMP] "ImagePath"="system32\DRIVERS\SymIM.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Sym_hi] "ImagePath"="\SystemRoot\system32\drivers\sym_hi.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Sym_u3] "ImagePath"="\SystemRoot\system32\drivers\sym_u3.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\SysMain] "ServiceDll"="%systemroot%\system32\sysmain.dll" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\TabletInputService] "ServiceDll"="%SystemRoot%\System32\TabSvc.dll" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\TapiSrv] "ServiceDll"="%SystemRoot%\System32\tapisrv.dll" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\TBPanel] . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\TBS] "ServiceDll"="%SystemRoot%\System32\tbssvc.dll" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Tcpip] "ImagePath"="System32\drivers\tcpip.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Tcpip6] "ImagePath"="system32\DRIVERS\tcpip.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\tcpipreg] "ImagePath"="System32\drivers\tcpipreg.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\TDPIPE] "ImagePath"="system32\drivers\tdpipe.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\TDTCP] "ImagePath"="system32\drivers\tdtcp.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\tdx] "ImagePath"="system32\DRIVERS\tdx.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\TeamViewer6] "ImagePath"="c:\program files\TeamViewer\Version6\TeamViewer_Service.exe" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\TermDD] "ImagePath"="system32\DRIVERS\termdd.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\TermService] "ServiceDll"="%SystemRoot%\System32\termsrv.dll" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\TfFsMon] "ImagePath"="system32\drivers\TfFsMon.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\TfNetMon] "ImagePath"="\??\c:\windows\system32\drivers\TfNetMon.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\TfSysMon] "ImagePath"="system32\drivers\TfSysMon.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Themes] "ServiceDll"="%SystemRoot%\system32\shsvcs.dll" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\THREADORDER] "ServiceDll"="%SystemRoot%\system32\mmcss.dll" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\TomTomHOMEService] "ImagePath"="c:\program files\TomTom HOME 2\TomTomHOMEService.exe" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\TrkWks] "ServiceDll"="%SystemRoot%\System32\trkwks.dll" -- . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\TrustedInstaller] "ImagePath"="%SystemRoot%\servicing\TrustedInstaller.exe" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\TSDDD] . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\tssecsrv] "ImagePath"="System32\DRIVERS\tssecsrv.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\tunmp] "ImagePath"="system32\DRIVERS\tunmp.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\tunnel] "ImagePath"="system32\DRIVERS\tunnel.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\uagp35] "ImagePath"="\SystemRoot\system32\drivers\uagp35.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\udfs] "ImagePath"="system32\DRIVERS\udfs.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\UGatherer] . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\UGTHRSVC] . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\UI0Detect] "ImagePath"="%SystemRoot%\system32\UI0Detect.exe" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\uliagpkx] "ImagePath"="\SystemRoot\system32\drivers\uliagpkx.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\uliahci] "ImagePath"="\SystemRoot\system32\drivers\uliahci.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\UlSata] "ImagePath"="\SystemRoot\system32\drivers\ulsata.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\ulsata2] "ImagePath"="\SystemRoot\system32\drivers\ulsata2.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\umbus] "ImagePath"="system32\DRIVERS\umbus.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\UmRdpService] . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\upnphost] "ServiceDll"="%SystemRoot%\System32\upnphost.dll" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\usb] . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\usbaudio] "ImagePath"="system32\drivers\usbaudio.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\usbbus] "ImagePath"="system32\DRIVERS\lgusbbus.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\usbccgp] "ImagePath"="system32\DRIVERS\usbccgp.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\usbcir] "ImagePath"="system32\DRIVERS\usbcir.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\UsbDiag] "ImagePath"="system32\DRIVERS\lgusbdiag.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\usbehci] "ImagePath"="system32\DRIVERS\usbehci.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\usbhub] "ImagePath"="system32\DRIVERS\usbhub.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\USBModem] "ImagePath"="system32\DRIVERS\lgusbmodem.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\usbohci] "ImagePath"="\SystemRoot\system32\drivers\usbohci.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\usbprint] "ImagePath"="system32\DRIVERS\usbprint.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\usbscan] "ImagePath"="system32\DRIVERS\usbscan.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\USBSTOR

anoniem · 4 november 2011

Hoi, niet om het even, maar ComboFix geeft niet aan dat er iets nieuws is geïnstalleerd, maar schijnbaar is er van alles wat betreft netwerksoftware erbij hekomen?

anoniem · 4 november 2011

Ik heb gedaan zoals je het beschreef, en er is geen software bij gekomen. Wel kon ik na het scannen geen programma's meer starten, kreeg een foutmelding. Denk dat het daar mee te maken heeft. Na het opnieuw opstarten van de pc deed alles het weer. Wat nu?

anoniem · 4 november 2011

Doe het volgende: [b:64a051d7d3][url=http://www.eset.com/onlinescan/]Doe de ESET online scan (Klik).[/url][/b:64a051d7d3] [list:64a051d7d3] [*:64a051d7d3]Klik op de knop [b:64a051d7d3]ESET Online Scanner[/b:64a051d7d3] [*:64a051d7d3]Zet een vinkje bij [b:64a051d7d3]YES, I accept the Terms of Use[/b:64a051d7d3] [*:64a051d7d3]Klik op [b:64a051d7d3]Start[/b:64a051d7d3] [*:64a051d7d3]Sta het ActiveX control toe om te installeren. [*:64a051d7d3]Zet een vinkje bij de volgende opties: [list:64a051d7d3][*:64a051d7d3][b:64a051d7d3]Remove found threats[/b:64a051d7d3] [*:64a051d7d3][b:64a051d7d3]Scan archives[/b:64a051d7d3][/list:u:64a051d7d3] [*:64a051d7d3]Klik vervolgens op [b:64a051d7d3][color=#0000FF:64a051d7d3]"Advanced Settings"[/color:64a051d7d3][/b:64a051d7d3] [list:64a051d7d3][*:64a051d7d3][b:64a051d7d3]Scan for potentially unwanted applications[/b:64a051d7d3] [*:64a051d7d3][b:64a051d7d3]Scan for potentially unsafe applications[/b:64a051d7d3] [*:64a051d7d3][b:64a051d7d3]Enable Anti-Stealth technology [/b:64a051d7d3][/list:u:64a051d7d3] [*:64a051d7d3]Klik op [b:64a051d7d3]Start[/b:64a051d7d3] [*:64a051d7d3]De computer wordt nu gescand. Dit kan best lang duren, heb dus geduld. [*:64a051d7d3]is de scan klaar, klik dan op [b:64a051d7d3][color=#0000FF:64a051d7d3]> List of found threats[/color:64a051d7d3][/b:64a051d7d3] [*:64a051d7d3]Klik vervolgens op [color=#0000FF:64a051d7d3][b:64a051d7d3]> Export to text file....[/b:64a051d7d3][/color:64a051d7d3] [*:64a051d7d3]Als opslaglokatie Bureaublad en geef het kladblokbestand een duidelijke titel. [*:64a051d7d3]Daarna mag jij het venster sluiten omdat de scan klaar is. [*:64a051d7d3]Open vervolgens het log dat op je bureaublad staat. [*:64a051d7d3]En kopieer en plak dan de inhoud van dit log in je volgende bericht.[/list:u:64a051d7d3] N.B.: deaktiveer tijdelijk je eigen antivirus tijdens de scan, dan is de onlinescan sneller!

anoniem · 7 november 2011

C:\Program Files\Uniblue\RegistryBooster\decryptor_module.dll Win32/RegistryBooster application cleaned by deleting - quarantined C:\Program Files\Uniblue\RegistryBooster\Launcher.exe Win32/RegistryBooster application cleaned by deleting - quarantined C:\Program Files\Uniblue\RegistryBooster\rbmonitor.exe Win32/RegistryBooster application cleaned by deleting - quarantined C:\Program Files\Uniblue\RegistryBooster\rbnotifier.exe Win32/RegistryBooster application cleaned by deleting - quarantined C:\Program Files\Uniblue\RegistryBooster\rb_move_serial.exe Win32/RegistryBooster application cleaned by deleting - quarantined C:\Program Files\Uniblue\RegistryBooster\rb_track_install.exe Win32/RegistryBooster application cleaned by deleting - quarantined C:\Program Files\Uniblue\RegistryBooster\registrybooster.exe Win32/RegistryBooster application cleaned by deleting - quarantined C:\ProgramData\{F03307B7-E779-4F5E-A32E-9A73D8D6E0F2}\rbia.exe Win32/RegistryBooster application cleaned by deleting - quarantined C:\Qoobox\Quarantine\C\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe.vir a variant of Win32/Adware.Toolbar.Dealio application cleaned by deleting - quarantined C:\Users\bigadje\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00c1c7 Win32/OpenCandy application deleted - quarantined C:\Users\bigadje\Documents\Muziek\Incomplete\T-3545425-westerhaar.mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan cleaned - quarantined C:\Users\bigadje\Downloads\cnet_netscape-navigator-9_0_0_6_exe.exe a variant of Win32/InstallCore.D application cleaned by deleting - quarantined C:\Users\bigadje\Downloads\CNET_TechTracker_2_0_4_Setup.exe Win32/OpenCandy application deleted - quarantined

anoniem · 7 november 2011

Hoi, had jij RegistyBooster soms illegitiem in gebruik? Op zich heb ik er overigens geen probleem mee ook dat het tool verwijderd is! http://www.youtube.com/watch?v=KCFCUQ_P0rk

anoniem · 7 november 2011

Nee hoor, niet dat ik weet. Dan neem ik aand at verder alles oke is. Dank voor je hulp. Groet Arnold

anoniem · 7 november 2011

Hallo Arnold, ik vertrouw het nog niet helemaal. Doe daarom het volgende: Download de [b:8a5fe8e0ab][url=http://download11.emsisoft.com/EmsisoftEmergencyKit.zip][color=#FF0000:8a5fe8e0ab]Emsisoft Emergency Kit[/color:8a5fe8e0ab][/url][/b:8a5fe8e0ab] naar het bureaublad en pak het [b:8a5fe8e0ab]ZIP[/b:8a5fe8e0ab] bestand uit. [list:8a5fe8e0ab] [*:8a5fe8e0ab] Open de map "[b:8a5fe8e0ab]EmsisoftEmergencyKit[/b:8a5fe8e0ab]" en dubbelklik op "[b:8a5fe8e0ab]Start.exe[/b:8a5fe8e0ab]" [*:8a5fe8e0ab] Klik nu op "[b:8a5fe8e0ab]Emergency Kit Scanner[/b:8a5fe8e0ab]" u krijg nu een melding dat het is aanbevolen om eerst te updaten sta dit toe door te klikken op "[b:8a5fe8e0ab]Ja[/b:8a5fe8e0ab]" [img:8a5fe8e0ab]http://i1103.photobucket.com/albums/g476/pcwebplus/EmsisoftEK11.jpg[/img:8a5fe8e0ab] [*:8a5fe8e0ab] Als de update gereed is en de melding "[b:8a5fe8e0ab]Update process is succesvol afgerond[/b:8a5fe8e0ab]" verschijnt klikt u op "[b:8a5fe8e0ab]menu[/b:8a5fe8e0ab]" en dan op "[b:8a5fe8e0ab]Scan PC[/b:8a5fe8e0ab]" [*:8a5fe8e0ab] Selecteer de optie "[b:8a5fe8e0ab]Diep[/b:8a5fe8e0ab]" als deze niet standaard al zo is ingesteld. [*:8a5fe8e0ab] Klik Nu op de knop "[b:8a5fe8e0ab]Scan[/b:8a5fe8e0ab]" en doe verder niets op de computer tijdens het scannen, deze scan kan een geruime tijd in beslag nemen dus wacht dit geduldig af. [*:8a5fe8e0ab] Het venster met de waarschuwing over een verhoogd risico kunt u sluiten als de scan gereed is. [*:8a5fe8e0ab] Zorg ervoor dat alle gevonden items zijn aangevinkt en druk dan op de knop "[b:8a5fe8e0ab]verwijder geselecteerde[/b:8a5fe8e0ab]" u zal nu de volgende melding krijgen maar klik hier op "[b:8a5fe8e0ab]Ja[/b:8a5fe8e0ab]" [img:8a5fe8e0ab]http://i1103.photobucket.com/albums/g476/pcwebplus/EmsisoftEK2.jpg[/img:8a5fe8e0ab] [*:8a5fe8e0ab] Als het verwijderen gereed is klikt u op de knop "[b:8a5fe8e0ab]View report[/b:8a5fe8e0ab]" en selecteert u het tekstbestand van deze scan met de naam zoals: [b:8a5fe8e0ab]a2scan_110730-111615.txt[/b:8a5fe8e0ab] [*:8a5fe8e0ab] Plaats de inhoud van dit LOG bestand straks in uw volgende bericht. [*:8a5fe8e0ab] Herstart nu de computer.[/list:u:8a5fe8e0ab]

anoniem · 8 november 2011

Emsisoft Emergency Kit - Versie 1.0 Laatste Update: 8-11-2011 1:47:45 Scaninstellingen: Scantype: Diepe Scan Objecten: Geheugen, Sporen, Cookies, C:\, D:\ Scan archieven: Aan Heuristieken: Uit ADS Scan: Aan Scan gestart: 8-11-2011 1:48:37 c:\program files\GameSpy Arcade Ontdekt: Trace.Directory.GameSpy Arcade!A2 c:\program files\GameSpy Arcade\Custom Ontdekt: Trace.Directory.GameSpy Arcade!A2 c:\program files\GameSpy Arcade\Custom\cstrike Ontdekt: Trace.Directory.GameSpy Arcade!A2 c:\program files\GameSpy Arcade\Custom\cstrike\frontline Ontdekt: Trace.Directory.GameSpy Arcade!A2 c:\program files\GameSpy Arcade\Custom\halflife Ontdekt: Trace.Directory.GameSpy Arcade!A2 c:\program files\GameSpy Arcade\Custom\halflife\action Ontdekt: Trace.Directory.GameSpy Arcade!A2 c:\program files\GameSpy Arcade\Custom\halflife\cstrike Ontdekt: Trace.Directory.GameSpy Arcade!A2 c:\program files\GameSpy Arcade\Custom\halflife\firearms Ontdekt: Trace.Directory.GameSpy Arcade!A2 c:\program files\GameSpy Arcade\Custom\halflife\frontline Ontdekt: Trace.Directory.GameSpy Arcade!A2 c:\program files\GameSpy Arcade\Custom\halflife\gearbox Ontdekt: Trace.Directory.GameSpy Arcade!A2 c:\program files\GameSpy Arcade\Custom\halflife\tfc Ontdekt: Trace.Directory.GameSpy Arcade!A2 c:\program files\GameSpy Arcade\Custom\quake2 Ontdekt: Trace.Directory.GameSpy Arcade!A2 c:\program files\GameSpy Arcade\Custom\quake2\aq2 Ontdekt: Trace.Directory.GameSpy Arcade!A2 c:\program files\GameSpy Arcade\Custom\quake2\battle Ontdekt: Trace.Directory.GameSpy Arcade!A2 c:\program files\GameSpy Arcade\Custom\quake2\chaosdm Ontdekt: Trace.Directory.GameSpy Arcade!A2 c:\program files\GameSpy Arcade\Custom\quake2\duel Ontdekt: Trace.Directory.GameSpy Arcade!A2 c:\program files\GameSpy Arcade\Custom\quake2\freeze Ontdekt: Trace.Directory.GameSpy Arcade!A2 c:\program files\GameSpy Arcade\Custom\quake2\gloom Ontdekt: Trace.Directory.GameSpy Arcade!A2 c:\program files\GameSpy Arcade\Custom\quake2\gxmod Ontdekt: Trace.Directory.GameSpy Arcade!A2 c:\program files\GameSpy Arcade\Custom\quake2\holywars Ontdekt: Trace.Directory.GameSpy Arcade!A2 c:\program files\GameSpy Arcade\Custom\quake2\jail Ontdekt: Trace.Directory.GameSpy Arcade!A2 c:\program files\GameSpy Arcade\Custom\quake2\kots Ontdekt: Trace.Directory.GameSpy Arcade!A2 c:\program files\GameSpy Arcade\Custom\quake2\lfiredm Ontdekt: Trace.Directory.GameSpy Arcade!A2 c:\program files\GameSpy Arcade\Custom\quake2\lithium2 Ontdekt: Trace.Directory.GameSpy Arcade!A2 c:\program files\GameSpy Arcade\Custom\quake2\LMCTF Ontdekt: Trace.Directory.GameSpy Arcade!A2 c:\program files\GameSpy Arcade\Custom\quake2\pball Ontdekt: Trace.Directory.GameSpy Arcade!A2 c:\program files\GameSpy Arcade\Custom\quake2\q2comp Ontdekt: Trace.Directory.GameSpy Arcade!A2 c:\program files\GameSpy Arcade\Custom\quake2\QPong Ontdekt: Trace.Directory.GameSpy Arcade!A2 c:\program files\GameSpy Arcade\Custom\quake2\ra2 Ontdekt: Trace.Directory.GameSpy Arcade!A2 c:\program files\GameSpy Arcade\Custom\quake2\requiem Ontdekt: Trace.Directory.GameSpy Arcade!A2 c:\program files\GameSpy Arcade\Custom\quake2\sconfig Ontdekt: Trace.Directory.GameSpy Arcade!A2 c:\program files\GameSpy Arcade\Custom\quake2\tourney Ontdekt: Trace.Directory.GameSpy Arcade!A2 c:\program files\GameSpy Arcade\Custom\quake2\wf Ontdekt: Trace.Directory.GameSpy Arcade!A2 c:\program files\GameSpy Arcade\Custom\quake2\wod Ontdekt: Trace.Directory.GameSpy Arcade!A2 c:\program files\GameSpy Arcade\Custom\quake3 Ontdekt: Trace.Directory.GameSpy Arcade!A2 c:\program files\GameSpy Arcade\Custom\quake3\alliance Ontdekt: Trace.Directory.GameSpy Arcade!A2 c:\program files\GameSpy Arcade\Custom\quake3\beryllium Ontdekt: Trace.Directory.GameSpy Arcade!A2 c:\program files\GameSpy Arcade\Custom\quake3\excessive Ontdekt: Trace.Directory.GameSpy Arcade!A2 c:\program files\GameSpy Arcade\Custom\quake3\instagib Ontdekt: Trace.Directory.GameSpy Arcade!A2 c:\program files\GameSpy Arcade\Custom\quake3\jailbreak Ontdekt: Trace.Directory.GameSpy Arcade!A2 c:\program files\GameSpy Arcade\Custom\quake3\matchmod Ontdekt: Trace.Directory.GameSpy Arcade!A2 c:\program files\GameSpy Arcade\Custom\quake3\osp Ontdekt: Trace.Directory.GameSpy Arcade!A2 c:\program files\GameSpy Arcade\Custom\quake3\q3comp Ontdekt: Trace.Directory.GameSpy Arcade!A2 c:\program files\GameSpy Arcade\Custom\quake3\q3f Ontdekt: Trace.Directory.GameSpy Arcade!A2 c:\program files\GameSpy Arcade\Custom\quake3\q3ut2 Ontdekt: Trace.Directory.GameSpy Arcade!A2 c:\program files\GameSpy Arcade\Custom\quake3\requiem Ontdekt: Trace.Directory.GameSpy Arcade!A2 c:\program files\GameSpy Arcade\Custom\quake3\rocketarena3 Ontdekt: Trace.Directory.GameSpy Arcade!A2 c:\program files\GameSpy Arcade\Custom\quake3\wfa Ontdekt: Trace.Directory.GameSpy Arcade!A2 c:\program files\GameSpy Arcade\Custom\tribes Ontdekt: Trace.Directory.GameSpy Arcade!A2 c:\program files\GameSpy Arcade\Custom\tribes\Arena Ontdekt: Trace.Directory.GameSpy Arcade!A2 c:\program files\GameSpy Arcade\Custom\tribes\ch Ontdekt: Trace.Directory.GameSpy Arcade!A2 c:\program files\GameSpy Arcade\Custom\tribes\CTF Ontdekt: Trace.Directory.GameSpy Arcade!A2 c:\program files\GameSpy Arcade\Custom\tribes\CTFb Ontdekt: Trace.Directory.GameSpy Arcade!A2 c:\program files\GameSpy Arcade\Custom\tribes\CTFplus Ontdekt: Trace.Directory.GameSpy Arcade!A2 c:\program files\GameSpy Arcade\Custom\tribes\DD Ontdekt: Trace.Directory.GameSpy Arcade!A2 c:\program files\GameSpy Arcade\Custom\tribes\DM Ontdekt: Trace.Directory.GameSpy Arcade!A2 c:\program files\GameSpy Arcade\Custom\tribes\Duel Ontdekt: Trace.Directory.GameSpy Arcade!A2 c:\program files\GameSpy Arcade\Custom\tribes\Fr Ontdekt: Trace.Directory.GameSpy Arcade!A2 c:\program files\GameSpy Arcade\Custom\tribes\MT Ontdekt: Trace.Directory.GameSpy Arcade!A2 c:\program files\GameSpy Arcade\Custom\tribes\Open Cal Ontdekt: Trace.Directory.GameSpy Arcade!A2 c:\program files\GameSpy Arcade\Custom\tribes\RPG Ontdekt: Trace.Directory.GameSpy Arcade!A2 c:\program files\GameSpy Arcade\Custom\tribes\TAC Ontdekt: Trace.Directory.GameSpy Arcade!A2 c:\program files\GameSpy Arcade\Custom\ut Ontdekt: Trace.Directory.GameSpy Arcade!A2 c:\program files\GameSpy Arcade\Custom\ut\Excessive Ontdekt: Trace.Directory.GameSpy Arcade!A2 c:\program files\GameSpy Arcade\Custom\ut\RocketArena Ontdekt: Trace.Directory.GameSpy Arcade!A2 c:\program files\GameSpy Arcade\Custom\ut\Swat Ontdekt: Trace.Directory.GameSpy Arcade!A2 c:\program files\GameSpy Arcade\Images Ontdekt: Trace.Directory.GameSpy Arcade!A2 c:\program files\GameSpy Arcade\Images\portraits Ontdekt: Trace.Directory.GameSpy Arcade!A2 c:\program files\GameSpy Arcade\Profiles Ontdekt: Trace.Directory.GameSpy Arcade!A2 c:\program files\GameSpy Arcade\Profiles\(default) Ontdekt: Trace.Directory.GameSpy Arcade!A2 c:\program files\GameSpy Arcade\Services Ontdekt: Trace.Directory.GameSpy Arcade!A2 c:\program files\GameSpy Arcade\Services\_common Ontdekt: Trace.Directory.GameSpy Arcade!A2 c:\program files\GameSpy Arcade\Services\_demospy Ontdekt: Trace.Directory.GameSpy Arcade!A2 c:\program files\GameSpy Arcade\Services\_fplanet Ontdekt: Trace.Directory.GameSpy Arcade!A2 c:\program files\GameSpy Arcade\Services\_gnews Ontdekt: Trace.Directory.GameSpy Arcade!A2 c:\program files\GameSpy Arcade\Services\_gspyder Ontdekt: Trace.Directory.GameSpy Arcade!A2 c:\program files\GameSpy Arcade\Services\_news Ontdekt: Trace.Directory.GameSpy Arcade!A2 c:\program files\GameSpy Arcade\Services\_support Ontdekt: Trace.Directory.GameSpy Arcade!A2 c:\program files\GameSpy Arcade\Skins Ontdekt: Trace.Directory.GameSpy Arcade!A2 c:\program files\GameSpy Arcade\Sounds Ontdekt: Trace.Directory.GameSpy Arcade!A2 c:\program files\GameSpy Arcade\Sounds\(default) Ontdekt: Trace.Directory.GameSpy Arcade!A2 c:\program files\GameSpy Arcade\Sounds\classic Ontdekt: Trace.Directory.GameSpy Arcade!A2 c:\users\bigadje\appdata\roaming\microsoft\windows\start menu\programs\GameSpy Arcade Ontdekt: Trace.Directory.GameSpy Arcade!A2 c:\users\bigadje\appdata\roaming\microsoft\windows\start menu\programs\WAV to MP3 Encoder Ontdekt: Trace.Directory.WAV to MP3 Encoder 1.0!A2 c:\users\bigadje\appdata\roaming\DaCamYoWebcam Ontdekt: Trace.Directory.DaCamYo !A2 Value: HKEY_CLASSES_ROOT\CLSID\{9A5ED012-B192-11d3-9382-0000B4BDB148}\InprocServer32 --> ThreadingModel Ontdekt: Trace.Registry.HackerWacker 2.6!A2 Value: HKEY_CLASSES_ROOT\CLSID\{9A5ED015-B192-11d3-9382-0000B4BDB148}\InprocServer32 --> ThreadingModel Ontdekt: Trace.Registry.HackerWacker 2.6!A2 Value: HKEY_CLASSES_ROOT\CLSID\{9A5ED016-B192-11d3-9382-0000B4BDB148}\InprocServer32 --> ThreadingModel Ontdekt: Trace.Registry.HackerWacker 2.6!A2 Value: HKEY_CLASSES_ROOT\CLSID\{9A5ED017-B192-11d3-9382-0000B4BDB148}\InprocServer32 --> ThreadingModel Ontdekt: Trace.Registry.HackerWacker 2.6!A2 Value: HKEY_CLASSES_ROOT\CLSID\{9A5ED018-B192-11d3-9382-0000B4BDB148}\InprocServer32 --> ThreadingModel Ontdekt: Trace.Registry.HackerWacker 2.6!A2 Value: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9A5ED012-B192-11d3-9382-0000B4BDB148}\InprocServer32 --> ThreadingModel Ontdekt: Trace.Registry.HackerWacker 2.6!A2 Value: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9A5ED015-B192-11d3-9382-0000B4BDB148}\InprocServer32 --> ThreadingModel Ontdekt: Trace.Registry.HackerWacker 2.6!A2 Value: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9A5ED016-B192-11d3-9382-0000B4BDB148}\InprocServer32 --> ThreadingModel Ontdekt: Trace.Registry.HackerWacker 2.6!A2 Value: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9A5ED017-B192-11d3-9382-0000B4BDB148}\InprocServer32 --> ThreadingModel Ontdekt: Trace.Registry.HackerWacker 2.6!A2 Value: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9A5ED018-B192-11d3-9382-0000B4BDB148}\InprocServer32 --> ThreadingModel Ontdekt: Trace.Registry.HackerWacker 2.6!A2 c:\program files\GameSpy Arcade\4dca9208.dat Ontdekt: Trace.File.GameSpy Arcade!A2 c:\program files\GameSpy Arcade\Aphex.exe Ontdekt: Trace.File.GameSpy Arcade!A2 c:\program files\GameSpy Arcade\ArcRes.dll Ontdekt: Trace.File.GameSpy Arcade!A2 c:\program files\GameSpy Arcade\dat.bmp Ontdekt: Trace.File.GameSpy Arcade!A2 c:\program files\GameSpy Arcade\def_banner.gif Ontdekt: Trace.File.GameSpy Arcade!A2 c:\program files\GameSpy Arcade\def_banner.html Ontdekt: Trace.File.GameSpy Arcade!A2 c:\program files\GameSpy Arcade\def_bannerbg.jpg Ontdekt: Trace.File.GameSpy Arcade!A2 c:\program files\GameSpy Arcade\def_loading.gif Ontdekt: Trace.File.GameSpy Arcade!A2 c:\program files\GameSpy Arcade\def_logo.jpg Ontdekt: Trace.File.GameSpy Arcade!A2 c:\program files\GameSpy Arcade\def_news.html Ontdekt: Trace.File.GameSpy Arcade!A2 c:\program files\GameSpy Arcade\fpupdate.exe Ontdekt: Trace.File.GameSpy Arcade!A2 c:\program files\GameSpy Arcade\GameSpy Arcade - Debug.lnk Ontdekt: Trace.File.GameSpy Arcade!A2 c:\program files\GameSpy Arcade\GameSpy Arcade Help.url Ontdekt: Trace.File.GameSpy Arcade!A2 c:\program files\GameSpy Arcade\GameSpy Arcade Website.url Ontdekt: Trace.File.GameSpy Arcade!A2 c:\program files\GameSpy Arcade\GameSpy Arcade.lnk Ontdekt: Trace.File.GameSpy Arcade!A2 c:\program files\GameSpy Arcade\GameSpy.com Gaming's Homepage.url Ontdekt: Trace.File.GameSpy Arcade!A2 c:\program files\GameSpy Arcade\GSAPak.exe Ontdekt: Trace.File.GameSpy Arcade!A2 c:\program files\GameSpy Arcade\gslan.dll Ontdekt: Trace.File.GameSpy Arcade!A2 c:\program files\GameSpy Arcade\gsws.dll Ontdekt: Trace.File.GameSpy Arcade!A2 c:\program files\GameSpy Arcade\INSTALL.LOG Ontdekt: Trace.File.GameSpy Arcade!A2 c:\program files\GameSpy Arcade\pw32.dll Ontdekt: Trace.File.GameSpy Arcade!A2 c:\program files\GameSpy Arcade\readme.html Ontdekt: Trace.File.GameSpy Arcade!A2 c:\program files\GameSpy Arcade\Register GameSpy Arcade.url Ontdekt: Trace.File.GameSpy Arcade!A2 c:\program files\GameSpy Arcade\RptCrash.exe Ontdekt: Trace.File.GameSpy Arcade!A2 c:\program files\GameSpy Arcade\Services\_news\rsrc.dir Ontdekt: Trace.File.GameSpy Arcade!A2 c:\program files\GameSpy Arcade\Services\_news\service_tab.psd Ontdekt: Trace.File.GameSpy Arcade!A2 c:\program files\GameSpy Arcade\Services\_news\service_tab+.tga Ontdekt: Trace.File.GameSpy Arcade!A2 c:\program files\GameSpy Arcade\Services\_support\rsrc.dir Ontdekt: Trace.File.GameSpy Arcade!A2 c:\program files\GameSpy Arcade\Services\_support\service_tab.psd Ontdekt: Trace.File.GameSpy Arcade!A2 c:\program files\GameSpy Arcade\ws_default.html Ontdekt: Trace.File.GameSpy Arcade!A2 c:\windows\ss3unstl.exe Ontdekt: Trace.File.Ocean Screensaver!A2 Value: HKEY_CURRENT_USER\Software\GameSpy\GameSpy Arcade --> InstDir Ontdekt: Trace.Registry.GameSpy Arcade!A2 Value: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\GameSpy Arcade --> DisplayName Ontdekt: Trace.Registry.GameSpy Arcade!A2 Value: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\GameSpy Arcade --> UninstallString Ontdekt: Trace.Registry.GameSpy Arcade!A2 Value: HKEY_CURRENT_USER\Software\iMesh\Player\Downloaded --> Repeat Ontdekt: Trace.Registry.iMesh MediaBar!A2 Value: HKEY_CURRENT_USER\Software\iMesh\Player\Library --> Repeat Ontdekt: Trace.Registry.iMesh MediaBar!A2 Value: HKEY_CURRENT_USER\Software\iMesh\Player\Purchased --> Repeat Ontdekt: Trace.Registry.iMesh MediaBar!A2 Value: HKEY_CURRENT_USER\Software\iMesh\Player\QuickPlay --> Repeat Ontdekt: Trace.Registry.iMesh MediaBar!A2 Value: HKEY_CURRENT_USER\Software\iMesh\Player\Top25 --> Repeat Ontdekt: Trace.Registry.iMesh MediaBar!A2 Value: HKEY_CURRENT_USER\Software\iMesh\Player --> Volume Ontdekt: Trace.Registry.iMesh MediaBar!A2 Value: HKEY_CURRENT_USER\Software\iMesh\Preferences\PortablePlayers\0 --> AutoSync Ontdekt: Trace.Registry.iMesh MediaBar!A2 Value: HKEY_CURRENT_USER\Software\iMesh\Preferences\PortablePlayers\0 --> NoRemove Ontdekt: Trace.Registry.iMesh MediaBar!A2 Value: HKEY_CURRENT_USER\Software\iMesh\Preferences\PortablePlayers\0 --> SerialNumber Ontdekt: Trace.Registry.iMesh MediaBar!A2 Value: HKEY_CURRENT_USER\Software\iMesh\Preferences\PortablePlayers\0 --> Usages Ontdekt: Trace.Registry.iMesh MediaBar!A2 Value: HKEY_CURRENT_USER\Software\iMesh\Preferences\PortablePlayers --> Devices Ontdekt: Trace.Registry.iMesh MediaBar!A2 Value: HKEY_CURRENT_USER\Software\iMesh\General --> AppData Ontdekt: Trace.Registry.iMesh!A2 Value: HKEY_CURRENT_USER\Software\iMesh\General --> DownloadLimit Ontdekt: Trace.Registry.iMesh!A2 Value: HKEY_CURRENT_USER\Software\iMesh\General --> DSUniqueID Ontdekt: Trace.Registry.iMesh!A2 Value: HKEY_CURRENT_USER\Software\iMesh\General --> LanguageCode Ontdekt: Trace.Registry.iMesh!A2 Value: HKEY_CURRENT_USER\Software\iMesh\General --> LimitTime Ontdekt: Trace.Registry.iMesh!A2 Value: HKEY_CURRENT_USER\Software\iMesh\General --> Login Ontdekt: Trace.Registry.iMesh!A2 Value: HKEY_CURRENT_USER\Software\iMesh\General --> MNEnabled Ontdekt: Trace.Registry.iMesh!A2 Value: HKEY_CURRENT_USER\Software\iMesh\General --> NetworkPaneShow Ontdekt: Trace.Registry.iMesh!A2 Value: HKEY_CURRENT_USER\Software\iMesh\General --> OKHashes Ontdekt: Trace.Registry.iMesh!A2 Value: HKEY_CURRENT_USER\Software\iMesh\Network\IM2Net --> AccessUploading Ontdekt: Trace.Registry.iMesh!A2 Value: HKEY_CURRENT_USER\Software\iMesh\Network\IM2Net --> AntPort Ontdekt: Trace.Registry.iMesh!A2 Value: HKEY_CURRENT_USER\Software\iMesh\Network\IM2Net --> ConnectIp Ontdekt: Trace.Registry.iMesh!A2 Value: HKEY_CURRENT_USER\Software\iMesh\Network\IM2Net --> EnableLocalConnections Ontdekt: Trace.Registry.iMesh!A2 Value: HKEY_CURRENT_USER\Software\iMesh\Network\IM2Net --> MaxConnForFile Ontdekt: Trace.Registry.iMesh!A2 Value: HKEY_CURRENT_USER\Software\iMesh\Network\IM2Net --> MaxDownload Ontdekt: Trace.Registry.iMesh!A2 Value: HKEY_CURRENT_USER\Software\iMesh\Network\IM2Net --> MaxDownloadSpeed Ontdekt: Trace.Registry.iMesh!A2 Value: HKEY_CURRENT_USER\Software\iMesh\Network\IM2Net --> MaxUpload Ontdekt: Trace.Registry.iMesh!A2 Value: HKEY_CURRENT_USER\Software\iMesh\Network\IM2Net --> MaxUploadSpeed Ontdekt: Trace.Registry.iMesh!A2 Value: HKEY_CURRENT_USER\Software\iMesh\Network\IM2Net --> PreviewPort Ontdekt: Trace.Registry.iMesh!A2 Value: HKEY_CURRENT_USER\Software\iMesh\Network\IM2Net --> ReassignSlowSources Ontdekt: Trace.Registry.iMesh!A2 Value: HKEY_CURRENT_USER\Software\iMesh\Network\IM2Net --> SmartTraffic Ontdekt: Trace.Registry.iMesh!A2 Value: HKEY_CURRENT_USER\Software\iMesh\Network\IM2Net --> StatusUploadPort Ontdekt: Trace.Registry.iMesh!A2 Value: HKEY_CURRENT_USER\Software\iMesh\Network\IM2Net --> TimeLibraryReportSent Ontdekt: Trace.Registry.iMesh!A2 Value: HKEY_CURRENT_USER\Software\iMesh\Network\IM2Net --> TimeUploadPort Ontdekt: Trace.Registry.iMesh!A2 Value: HKEY_CURRENT_USER\Software\iMesh\Network\Proxy --> Enabled Ontdekt: Trace.Registry.iMesh!A2 Value: HKEY_CURRENT_USER\Software\iMesh\Network\Proxy --> Password Ontdekt: Trace.Registry.iMesh!A2 Value: HKEY_CURRENT_USER\Software\iMesh\Network\Proxy --> ServerAddress Ontdekt: Trace.Registry.iMesh!A2 Value: HKEY_CURRENT_USER\Software\iMesh\Network\Proxy --> ServerPort Ontdekt: Trace.Registry.iMesh!A2 Value: HKEY_CURRENT_USER\Software\iMesh\Network\Proxy --> Type Ontdekt: Trace.Registry.iMesh!A2 Value: HKEY_CURRENT_USER\Software\iMesh\Network\Proxy --> UseAuthentication Ontdekt: Trace.Registry.iMesh!A2 Value: HKEY_CURRENT_USER\Software\iMesh\Network\Proxy --> Username Ontdekt: Trace.Registry.iMesh!A2 Value: HKEY_CURRENT_USER\Software\iMesh\Preferences\Artwork --> ThumbnailArtwork Ontdekt: Trace.Registry.iMesh!A2 Value: HKEY_CURRENT_USER\Software\iMesh\Preferences\Bubbles --> BMCountArtistPageEntry Ontdekt: Trace.Registry.iMesh!A2 Value: HKEY_CURRENT_USER\Software\iMesh\Preferences\Bubbles --> BMCountDiscoveryEntry Ontdekt: Trace.Registry.iMesh!A2 Value: HKEY_CURRENT_USER\Software\iMesh\Preferences\Bubbles --> BMCountDownloadsAdded Ontdekt: Trace.Registry.iMesh!A2 Value: HKEY_CURRENT_USER\Software\iMesh\Preferences\Bubbles --> BMCountDPShowsUp Ontdekt: Trace.Registry.iMesh!A2 Value: HKEY_CURRENT_USER\Software\iMesh\Preferences\Bubbles --> BMCountHidingIMWindow Ontdekt: Trace.Registry.iMesh!A2 Value: HKEY_CURRENT_USER\Software\iMesh\Preferences\Bubbles --> BMCountPeopleHomeEntry Ontdekt: Trace.Registry.iMesh!A2 Value: HKEY_CURRENT_USER\Software\iMesh\Preferences\Bubbles --> BMCountPlaySong Ontdekt: Trace.Registry.iMesh!A2 Value: HKEY_CURRENT_USER\Software\iMesh\Preferences\Bubbles --> BMCountPlaySongMN Ontdekt: Trace.Registry.iMesh!A2 Value: HKEY_CURRENT_USER\Software\iMesh\Preferences\Bubbles --> BMCountProfilePageEntry Ontdekt: Trace.Registry.iMesh!A2 Value: HKEY_CURRENT_USER\Software\iMesh\Preferences\Bubbles --> BMCountSearch Ontdekt: Trace.Registry.iMesh!A2 Value: HKEY_CURRENT_USER\Software\iMesh\Preferences\Bubbles --> BMCountSearchEntry Ontdekt: Trace.Registry.iMesh!A2 Value: HKEY_CURRENT_USER\Software\iMesh\Preferences\Bubbles --> BMCountShownLogin Ontdekt: Trace.Registry.iMesh!A2 Value: HKEY_CURRENT_USER\Software\iMesh\Preferences\Bubbles --> BMCountUserListOpened Ontdekt: Trace.Registry.iMesh!A2 Value: HKEY_CURRENT_USER\Software\iMesh\Preferences\Bubbles --> BMDiscoveryGenreEntry Ontdekt: Trace.Registry.iMesh!A2 Value: HKEY_CURRENT_USER\Software\iMesh\Preferences\Bubbles --> BMDiscoveryMoodsEntry Ontdekt: Trace.Registry.iMesh!A2 Value: HKEY_CURRENT_USER\Software\iMesh\Preferences\Bubbles --> BMUsedInvite Ontdekt: Trace.Registry.iMesh!A2 Value: HKEY_CURRENT_USER\Software\iMesh\Preferences\Bubbles --> BMUsedSearch Ontdekt: Trace.Registry.iMesh!A2 Value: HKEY_CURRENT_USER\Software\iMesh\Preferences\FileList --> DeleteFromDisk Ontdekt: Trace.Registry.iMesh!A2 Value: HKEY_CURRENT_USER\Software\iMesh\Preferences\FileList --> MediaTypeFilter Ontdekt: Trace.Registry.iMesh!A2 Value: HKEY_CURRENT_USER\Software\iMesh\Preferences\IEHomepage --> DontShowIEHomepageOffer Ontdekt: Trace.Registry.iMesh!A2 Value: HKEY_CURRENT_USER\Software\iMesh\Preferences\IEHomepage --> DontShowIEHomepageOfferNever Ontdekt: Trace.Registry.iMesh!A2 Value: HKEY_CURRENT_USER\Software\iMesh\Preferences\IEHomepage --> IEHomepage Ontdekt: Trace.Registry.iMesh!A2 Value: HKEY_CURRENT_USER\Software\iMesh\Preferences\IEHomepage --> LastHomepageCheck Ontdekt: Trace.Registry.iMesh!A2 Value: HKEY_CURRENT_USER\Software\iMesh\Preferences\Invite --> DownloadCount Ontdekt: Trace.Registry.iMesh!A2 Value: HKEY_CURRENT_USER\Software\iMesh\Preferences\Invite --> InviteShowCount Ontdekt: Trace.Registry.iMesh!A2 Value: HKEY_CURRENT_USER\Software\iMesh\Preferences\Invite --> PlayCount Ontdekt: Trace.Registry.iMesh!A2 Value: HKEY_CURRENT_USER\Software\iMesh\Preferences\Search --> MaxResultsCount Ontdekt: Trace.Registry.iMesh!A2 Value: HKEY_CURRENT_USER\Software\iMesh\Preferences\Search --> MediaTypeFilter Ontdekt: Trace.Registry.iMesh!A2 Value: HKEY_CURRENT_USER\Software\iMesh\Preferences\Search --> PremiumEnabled Ontdekt: Trace.Registry.iMesh!A2 Value: HKEY_CURRENT_USER\Software\iMesh\Preferences\Security --> DoNotShare Ontdekt: Trace.Registry.iMesh!A2 Value: HKEY_CURRENT_USER\Software\iMesh\Preferences\Security --> Password Ontdekt: Trace.Registry.iMesh!A2 Value: HKEY_CURRENT_USER\Software\iMesh\Preferences --> AUDeclineDate Ontdekt: Trace.Registry.iMesh!A2 Value: HKEY_CURRENT_USER\Software\iMesh\Preferences --> AutoResetPlayCount Ontdekt: Trace.Registry.iMesh!A2 Value: HKEY_CURRENT_USER\Software\iMesh\Preferences --> CopyFromRemovable Ontdekt: Trace.Registry.iMesh!A2 Value: HKEY_CURRENT_USER\Software\iMesh\Preferences --> Crossfade Ontdekt: Trace.Registry.iMesh!A2 Value: HKEY_CURRENT_USER\Software\iMesh\Preferences --> IMPictureFolderPath Ontdekt: Trace.Registry.iMesh!A2 Value: HKEY_CURRENT_USER\Software\iMesh\Preferences --> IsAddSongsToQP Ontdekt: Trace.Registry.iMesh!A2 Value: HKEY_CURRENT_USER\Software\iMesh\Preferences --> IsAutoVolume Ontdekt: Trace.Registry.iMesh!A2 Value: HKEY_CURRENT_USER\Software\iMesh\Preferences --> IsCrossfadeEnable Ontdekt: Trace.Registry.iMesh!A2 Value: HKEY_CURRENT_USER\Software\iMesh\Preferences --> IsIMAlertContacts Ontdekt: Trace.Registry.iMesh!A2 Value: HKEY_CURRENT_USER\Software\iMesh\Preferences --> IsIMAlertMessages Ontdekt: Trace.Registry.iMesh!A2 Value: HKEY_CURRENT_USER\Software\iMesh\Preferences --> IsIMDontPlayWhenPlaying Ontdekt: Trace.Registry.iMesh!A2 Value: HKEY_CURRENT_USER\Software\iMesh\Preferences --> IsIMEveryone Ontdekt: Trace.Registry.iMesh!A2 Value: HKEY_CURRENT_USER\Software\iMesh\Preferences --> IsIMPlayWhenSign Ontdekt: Trace.Registry.iMesh!A2 Value: HKEY_CURRENT_USER\Software\iMesh\Preferences --> IsIMSpecialAlers Ontdekt: Trace.Registry.iMesh!A2 Value: HKEY_CURRENT_USER\Software\iMesh\Preferences --> IsNeedUpdateHisory Ontdekt: Trace.Registry.iMesh!A2 Value: HKEY_CURRENT_USER\Software\iMesh\Preferences --> IsNotPresentAnyVideo Ontdekt: Trace.Registry.iMesh!A2 Value: HKEY_CURRENT_USER\Software\iMesh\Preferences --> IsNotPresentMusic Ontdekt: Trace.Registry.iMesh!A2 Value: HKEY_CURRENT_USER\Software\iMesh\Preferences --> IsNotPresentVideo Ontdekt: Trace.Registry.iMesh!A2 Value: HKEY_CURRENT_USER\Software\iMesh\Preferences --> IsNotShowNick Ontdekt: Trace.Registry.iMesh!A2 Value: HKEY_CURRENT_USER\Software\iMesh\Preferences --> IsPlayDownloadSound Ontdekt: Trace.Registry.iMesh!A2 Value: HKEY_CURRENT_USER\Software\iMesh\Preferences --> IsSearchAutoSuggest Ontdekt: Trace.Registry.iMesh!A2 Value: HKEY_CURRENT_USER\Software\iMesh\Preferences --> IsSecurityLock Ontdekt: Trace.Registry.iMesh!A2 Value: HKEY_CURRENT_USER\Software\iMesh\Preferences --> IsShowCRQDialog Ontdekt: Trace.Registry.iMesh!A2 Value: HKEY_CURRENT_USER\Software\iMesh\Preferences --> IsShowDownloadTray Ontdekt: Trace.Registry.iMesh!A2 Value: HKEY_CURRENT_USER\Software\iMesh\Preferences --> IsShowFTPDialog Ontdekt: Trace.Registry.iMesh!A2 Value: HKEY_CURRENT_USER\Software\iMesh\Preferences --> IsShowLQDialog Ontdekt: Trace.Registry.iMesh!A2 Value: HKEY_CURRENT_USER\Software\iMesh\Preferences --> IsShowToday Ontdekt: Trace.Registry.iMesh!A2 Value: HKEY_CURRENT_USER\Software\iMesh\Preferences --> ReceiveLooking Ontdekt: Trace.Registry.iMesh!A2 Value: HKEY_CURRENT_USER\Software\iMesh\Preferences --> RootLicenseDate Ontdekt: Trace.Registry.iMesh!A2 Value: HKEY_CURRENT_USER\Software\iMesh\Preferences --> SendLooking Ontdekt: Trace.Registry.iMesh!A2 Value: HKEY_CURRENT_USER\Software\iMesh\Preferences --> ShowNILWarning Ontdekt: Trace.Registry.iMesh!A2 Value: HKEY_CURRENT_USER\Software\iMesh\Preferences --> SubsType Ontdekt: Trace.Registry.iMesh!A2 Value: HKEY_CURRENT_USER\Software\iMesh\Preferences --> UsedMNPortable Ontdekt: Trace.Registry.iMesh!A2 Value: HKEY_CURRENT_USER\Software\iMesh\Preferences --> UsedPortable Ontdekt: Trace.Registry.iMesh!A2 Value: HKEY_CURRENT_USER\Software\iMesh\Preferences --> VideoRegime Ontdekt: Trace.Registry.iMesh!A2 Value: HKEY_CURRENT_USER\Software\iMesh\Preferences --> VisualEnabled Ontdekt: Trace.Registry.iMesh!A2 Value: HKEY_CURRENT_USER\Software\iMesh\Preferences --> VisualRegime Ontdekt: Trace.Registry.iMesh!A2 Key: HKEY_CURRENT_USER\software\imesh Ontdekt: Trace.Registry.IMesh!A2 Value: HKEY_CURRENT_USER\Software\iMesh --> LastOpenFileDir Ontdekt: Trace.Registry.iMesh!A2 Key: HKEY_LOCAL_MACHINE\software\imesh Ontdekt: Trace.Registry.IMesh!A2 Value: HKEY_CURRENT_USER\Software\Kazaa\Advanced --> Status Ontdekt: Trace.Registry.Kazaa!A2 Key: HKEY_CURRENT_USER\software\kazaa Ontdekt: Trace.Registry.KaZaA!A2 Value: HKEY_CURRENT_USER\Software\EffeTech\MSN Sniffer 2\process --> id Ontdekt: Trace.Registry.MsnSniffer 2.1!A2 Value: HKEY_CURRENT_USER\Software\EffeTech\MSN Sniffer 2\Reg --> SetupTime Ontdekt: Trace.Registry.MsnSniffer 2.1!A2 Value: HKEY_CURRENT_USER\Software\PartyGaming\PartyPoker --> 1 Ontdekt: Trace.Registry.PartyPoker!A2 Value: HKEY_CURRENT_USER\Software\PartyGaming\PartyPoker --> 10 Ontdekt: Trace.Registry.PartyPoker!A2 Value: HKEY_CURRENT_USER\Software\PartyGaming\PartyPoker --> 2 Ontdekt: Trace.Registry.PartyPoker!A2 Value: HKEY_CURRENT_USER\Software\PartyGaming\PartyPoker --> 4 Ontdekt: Trace.Registry.PartyPoker!A2 Value: HKEY_CURRENT_USER\Software\PartyGaming\PartyPoker --> 5 Ontdekt: Trace.Registry.PartyPoker!A2 Value: HKEY_CURRENT_USER\Software\PartyGaming\PartyPoker --> 6 Ontdekt: Trace.Registry.PartyPoker!A2 Value: HKEY_CURRENT_USER\Software\PartyGaming\PartyPoker --> 7 Ontdekt: Trace.Registry.PartyPoker!A2 Value: HKEY_CURRENT_USER\Software\PartyGaming\PartyPoker --> 9 Ontdekt: Trace.Registry.PartyPoker!A2 Value: HKEY_CURRENT_USER\Software\PartyGaming\PartyPoker --> AdsLastKnownState Ontdekt: Trace.Registry.PartyPoker!A2 Value: HKEY_CURRENT_USER\Software\PartyGaming\PartyPoker --> id Ontdekt: Trace.Registry.PartyPoker!A2 Value: HKEY_CURRENT_USER\Software\PartyGaming\PartyPoker --> InitialPort Ontdekt: Trace.Registry.PartyPoker!A2 Value: HKEY_CURRENT_USER\Software\PartyGaming\PartyPoker --> InstallState Ontdekt: Trace.Registry.PartyPoker!A2 Value: HKEY_CURRENT_USER\Software\PartyGaming\PartyPoker --> SL Ontdekt: Trace.Registry.PartyPoker!A2 Value: HKEY_CURRENT_USER\Software\PartyGaming\PartyPoker --> TableType Ontdekt: Trace.Registry.PartyPoker!A2 Value: HKEY_CURRENT_USER\Software\PartyGaming\PartyPoker --> useCount Ontdekt: Trace.Registry.PartyPoker!A2 Value: HKEY_CURRENT_USER\Software\PartyGaming --> AutoLoginToOtherGames Ontdekt: Trace.Registry.PartyPoker!A2 Value: HKEY_CURRENT_USER\Software\PartyGaming --> CFDialogShown Ontdekt: Trace.Registry.PartyPoker!A2 Value: HKEY_CURRENT_USER\Software\PartyGaming --> FreshInstall Ontdekt: Trace.Registry.PartyPoker!A2 Value: HKEY_CURRENT_USER\Software\PartyGaming --> OldCFformat Ontdekt: Trace.Registry.PartyPoker!A2 Value: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} --> ButtonText Ontdekt: Trace.Registry.PartyPoker!A2 Value: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} --> CLSID Ontdekt: Trace.Registry.PartyPoker!A2 Value: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} --> Default Visible Ontdekt: Trace.Registry.PartyPoker!A2 Value: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} --> Exec Ontdekt: Trace.Registry.PartyPoker!A2 Value: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} --> HotIcon Ontdekt: Trace.Registry.PartyPoker!A2 Value: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} --> Icon Ontdekt: Trace.Registry.PartyPoker!A2 Value: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} --> MenuStatusBar Ontdekt: Trace.Registry.PartyPoker!A2 Value: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} --> MenuText Ontdekt: Trace.Registry.PartyPoker!A2 Value: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} --> Path Ontdekt: Trace.Registry.PartyPoker!A2 Value: HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\control panel\extended properties\{305ca226-d286-468e-b848-2b2e8e697b74} 2 --> %systemroot%\system32\p2p networking v126.cpl Ontdekt: Trace.Registry.PeerEnabler!A2 C:\Users\bigadje\Desktop\ComboFix.exe/$0\List.bat Ontdekt: Virus.Win32.HTML!IK C:\Users\bigadje\Documents\Cosmos\Scoop\telescope-2.8.5.EXE/Installer.exe Ontdekt: Trojan-Downloader.Win32.Delf!IK C:\Users\bigadje\Documents\Cosmos\Scoop\telescope-2.8.5.zip/Installer.exe Ontdekt: Trojan-Downloader.Win32.Delf!IK C:\Users\bigadje\Documents\Cosmos\Scoop\telescope-2.8.5.zip/telescope2.8.5.msi Ontdekt: Trojan-Downloader.Win32.Delf!IK C:\Users\bigadje\Downloads\ComboFix.exe/$0\List.bat Ontdekt: Virus.Win32.HTML!IK Gescand Bestanden: 608021 Sporen: 438894 Cookies: 99 Processen: 60 Gevonden Bestanden: 5 Sporen: 276 Cookies: 0 Processen: 0 Registersleutels: 0 Scan Geëindigd: 8-11-2011 5:40:14 Scantijd: 3:51:37

Somoto en Bigseekpro probleem

Vraag

Link naar reactie

27 antwoorden op deze vraag

Aanbevolen berichten

Link naar reactie

Link naar reactie

Link naar reactie

Link naar reactie

Link naar reactie

Link naar reactie

Link naar reactie

Link naar reactie

Link naar reactie

Link naar reactie

Link naar reactie

Link naar reactie

Link naar reactie

Link naar reactie

Link naar reactie

Link naar reactie

Link naar reactie

Link naar reactie

Link naar reactie

Link naar reactie

Om een reactie te plaatsen, moet je eerst inloggen

Populaire leden

Leden

Recente topics