Publicité
Publicité
Format du document : text/plain
Prévisualisation
ComboFix 15-12-16.01 - TO 22/12/2015 16:15:02.2.1 - x86
Lancé depuis: c:\users\TO\Desktop\ComboFix.exe
.
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\TO\AppData\Local\Temp\_MEI37362\_ctypes.pyd
c:\users\TO\AppData\Local\Temp\_MEI37362\_elementtree.pyd
c:\users\TO\AppData\Local\Temp\_MEI37362\_hashlib.pyd
c:\users\TO\AppData\Local\Temp\_MEI37362\_multiprocessing.pyd
c:\users\TO\AppData\Local\Temp\_MEI37362\_psutil_windows.pyd
c:\users\TO\AppData\Local\Temp\_MEI37362\_socket.pyd
c:\users\TO\AppData\Local\Temp\_MEI37362\_ssl.pyd
c:\users\TO\AppData\Local\Temp\_MEI37362\_yappi.pyd
c:\users\TO\AppData\Local\Temp\_MEI37362\common.time34.pyd
c:\users\TO\AppData\Local\Temp\_MEI37362\hashobjs_ext.pyd
c:\users\TO\AppData\Local\Temp\_MEI37362\pyexpat.pyd
c:\users\TO\AppData\Local\Temp\_MEI37362\pysqlite2._sqlite.pyd
c:\users\TO\AppData\Local\Temp\_MEI37362\python27.dll
c:\users\TO\AppData\Local\Temp\_MEI37362\pythoncom27.dll
c:\users\TO\AppData\Local\Temp\_MEI37362\PyWinTypes27.dll
c:\users\TO\AppData\Local\Temp\_MEI37362\select.pyd
c:\users\TO\AppData\Local\Temp\_MEI37362\thumbnails_ext.pyd
c:\users\TO\AppData\Local\Temp\_MEI37362\unicodedata.pyd
c:\users\TO\AppData\Local\Temp\_MEI37362\usb_ext.pyd
c:\users\TO\AppData\Local\Temp\_MEI37362\win32api.pyd
c:\users\TO\AppData\Local\Temp\_MEI37362\win32com.shell.shell.pyd
c:\users\TO\AppData\Local\Temp\_MEI37362\win32crypt.pyd
c:\users\TO\AppData\Local\Temp\_MEI37362\win32event.pyd
c:\users\TO\AppData\Local\Temp\_MEI37362\win32file.pyd
c:\users\TO\AppData\Local\Temp\_MEI37362\win32gui.pyd
c:\users\TO\AppData\Local\Temp\_MEI37362\win32inet.pyd
c:\users\TO\AppData\Local\Temp\_MEI37362\win32pdh.pyd
c:\users\TO\AppData\Local\Temp\_MEI37362\win32pipe.pyd
c:\users\TO\AppData\Local\Temp\_MEI37362\win32process.pyd
c:\users\TO\AppData\Local\Temp\_MEI37362\win32profile.pyd
c:\users\TO\AppData\Local\Temp\_MEI37362\win32security.pyd
c:\users\TO\AppData\Local\Temp\_MEI37362\win32ts.pyd
c:\users\TO\AppData\Local\Temp\_MEI37362\windows._lib_cacheinvalidation.pyd
c:\users\TO\AppData\Local\Temp\_MEI37362\wx._animate.pyd
c:\users\TO\AppData\Local\Temp\_MEI37362\wx._controls_.pyd
c:\users\TO\AppData\Local\Temp\_MEI37362\wx._core_.pyd
c:\users\TO\AppData\Local\Temp\_MEI37362\wx._gdi_.pyd
c:\users\TO\AppData\Local\Temp\_MEI37362\wx._html2.pyd
c:\users\TO\AppData\Local\Temp\_MEI37362\wx._misc_.pyd
c:\users\TO\AppData\Local\Temp\_MEI37362\wx._windows_.pyd
c:\users\TO\AppData\Local\Temp\_MEI37362\wx._wizard.pyd
c:\users\TO\AppData\Local\Temp\_MEI37362\wxbase30u_net_vc90.dll
c:\users\TO\AppData\Local\Temp\_MEI37362\wxbase30u_vc90.dll
c:\users\TO\AppData\Local\Temp\_MEI37362\wxmsw30u_adv_vc90.dll
c:\users\TO\AppData\Local\Temp\_MEI37362\wxmsw30u_core_vc90.dll
c:\users\TO\AppData\Local\Temp\_MEI37362\wxmsw30u_html_vc90.dll
c:\users\TO\AppData\Local\Temp\_MEI37362\wxmsw30u_webview_vc90.dll
c:\windows\system32\AdobePDF.dll
c:\windows\system32\MailBee.dll
.
---- Exécution préalable -------
.
C:\install.exe
c:\program files\ma-config.com\config.xml
c:\program files\ma-config.com\CPUID\cpuidsdk.dll
c:\program files\ma-config.com\Drivers\driverhardwarev2.sys
c:\program files\ma-config.com\Drivers\driverhardwarev2ia64.sys
c:\program files\ma-config.com\Drivers\driverhardwarev2x64.cat
c:\program files\ma-config.com\Drivers\driverhardwarev2x64.sys
c:\program files\ma-config.com\Drivers\matos9x.vxd
c:\program files\ma-config.com\HardwareDetection.ocx
c:\program files\ma-config.com\Langues\LangueMC_en.dll
c:\program files\ma-config.com\Langues\LangueMC_fr.dll
c:\program files\ma-config.com\ma-config.html
c:\program files\ma-config.com\maconfservice.exe
c:\program files\ma-config.com\MCBCL.dll
c:\program files\ma-config.com\mcnoyau.dll
c:\program files\ma-config.com\mcrypt.dll
c:\program files\ma-config.com\mcsettings.exe
c:\program files\ma-config.com\nphardwaredetection.dll
c:\program files\ma-config.com\sqlite3.dll
c:\programdata\ma-config.com\Logs\maconfservice.txt
c:\programdata\ma-config.com\Logs\npapi.txt
c:\programdata\ma-config.com\mcbase.db
c:\programdata\ma-config.com\Temp\mc_BE62.tmp
c:\users\TO\AppData\Local\Temp\_MEI29162\_ctypes.pyd
c:\users\TO\AppData\Local\Temp\_MEI29162\_elementtree.pyd
c:\users\TO\AppData\Local\Temp\_MEI29162\_hashlib.pyd
c:\users\TO\AppData\Local\Temp\_MEI29162\_multiprocessing.pyd
c:\users\TO\AppData\Local\Temp\_MEI29162\_psutil_windows.pyd
c:\users\TO\AppData\Local\Temp\_MEI29162\_socket.pyd
c:\users\TO\AppData\Local\Temp\_MEI29162\_ssl.pyd
c:\users\TO\AppData\Local\Temp\_MEI29162\_yappi.pyd
c:\users\TO\AppData\Local\Temp\_MEI29162\common.time34.pyd
c:\users\TO\AppData\Local\Temp\_MEI29162\hashobjs_ext.pyd
c:\users\TO\AppData\Local\Temp\_MEI29162\pyexpat.pyd
c:\users\TO\AppData\Local\Temp\_MEI29162\pysqlite2._sqlite.pyd
c:\users\TO\AppData\Local\Temp\_MEI29162\python27.dll
c:\users\TO\AppData\Local\Temp\_MEI29162\pythoncom27.dll
c:\users\TO\AppData\Local\Temp\_MEI29162\PyWinTypes27.dll
c:\users\TO\AppData\Local\Temp\_MEI29162\select.pyd
c:\users\TO\AppData\Local\Temp\_MEI29162\thumbnails_ext.pyd
c:\users\TO\AppData\Local\Temp\_MEI29162\unicodedata.pyd
c:\users\TO\AppData\Local\Temp\_MEI29162\usb_ext.pyd
c:\users\TO\AppData\Local\Temp\_MEI29162\win32api.pyd
c:\users\TO\AppData\Local\Temp\_MEI29162\win32com.shell.shell.pyd
c:\users\TO\AppData\Local\Temp\_MEI29162\win32crypt.pyd
c:\users\TO\AppData\Local\Temp\_MEI29162\win32event.pyd
c:\users\TO\AppData\Local\Temp\_MEI29162\win32file.pyd
c:\users\TO\AppData\Local\Temp\_MEI29162\win32gui.pyd
c:\users\TO\AppData\Local\Temp\_MEI29162\win32inet.pyd
c:\users\TO\AppData\Local\Temp\_MEI29162\win32pdh.pyd
c:\users\TO\AppData\Local\Temp\_MEI29162\win32pipe.pyd
c:\users\TO\AppData\Local\Temp\_MEI29162\win32process.pyd
c:\users\TO\AppData\Local\Temp\_MEI29162\win32profile.pyd
c:\users\TO\AppData\Local\Temp\_MEI29162\win32security.pyd
c:\users\TO\AppData\Local\Temp\_MEI29162\win32ts.pyd
c:\users\TO\AppData\Local\Temp\_MEI29162\windows._lib_cacheinvalidation.pyd
c:\users\TO\AppData\Local\Temp\_MEI29162\wx._animate.pyd
c:\users\TO\AppData\Local\Temp\_MEI29162\wx._controls_.pyd
c:\users\TO\AppData\Local\Temp\_MEI29162\wx._core_.pyd
c:\users\TO\AppData\Local\Temp\_MEI29162\wx._gdi_.pyd
c:\users\TO\AppData\Local\Temp\_MEI29162\wx._html2.pyd
c:\users\TO\AppData\Local\Temp\_MEI29162\wx._misc_.pyd
c:\users\TO\AppData\Local\Temp\_MEI29162\wx._windows_.pyd
c:\users\TO\AppData\Local\Temp\_MEI29162\wx._wizard.pyd
c:\users\TO\AppData\Local\Temp\_MEI29162\wxbase30u_net_vc90.dll
c:\users\TO\AppData\Local\Temp\_MEI29162\wxbase30u_vc90.dll
c:\users\TO\AppData\Local\Temp\_MEI29162\wxmsw30u_adv_vc90.dll
c:\users\TO\AppData\Local\Temp\_MEI29162\wxmsw30u_core_vc90.dll
c:\users\TO\AppData\Local\Temp\_MEI29162\wxmsw30u_html_vc90.dll
c:\users\TO\AppData\Local\Temp\_MEI29162\wxmsw30u_webview_vc90.dll
c:\users\TO\AppData\Roaming\1&1\1&1 EasyLogin\EasyLogin.log
c:\users\TO\AppData\Roaming\1&1\1&1 EasyLogin\update\ConnexionDirecte_setup.exe
c:\users\TO\ZHPDiag3.exe
c:\windows\system32\~GLH0002.TMP
.
.
((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_driverhardwarev2
-------\Legacy_driverhardwarev2
-------\Service_driverhardwarev2
-------\Service_maconfservice
-------\Service_driverhardwarev2
-------\Service_maconfservice
.
.
((((((((((((((((((((((((((((( Fichiers créés du 2015-11-22 au 2015-12-22 ))))))))))))))))))))))))))))))))))))
.
.
2015-12-22 15:31 . 2015-12-22 15:31 -------- d-----w- c:\users\TEMP\AppData\Local\temp
2015-12-22 15:31 . 2015-12-22 15:31 -------- d-----w- c:\users\McAfeeMVSUser\AppData\Local\temp
2015-12-22 15:31 . 2015-12-22 15:31 -------- d-----w- c:\users\Default\AppData\Local\temp
2015-12-22 11:20 . 2015-12-22 11:20 -------- d-----w- C:\OneDriveTemp
2015-12-19 10:46 . 2015-12-22 11:51 -------- d-----w- C:\FRST
2015-12-19 08:13 . 2015-12-19 08:13 -------- d-----w- c:\programdata\AVG Security Toolbar
2015-12-19 08:13 . 2015-12-22 11:33 -------- d-----w- c:\users\TO\AppData\Local\AVG Web TuneUp
2015-12-19 08:12 . 2015-12-19 08:12 -------- d-----w- c:\programdata\AVG Secure Search
2015-12-19 08:12 . 2015-12-19 08:12 -------- d-----w- c:\program files\Common Files\AVG Secure Search
2015-12-19 08:12 . 2015-12-19 08:13 -------- d-----w- c:\programdata\AVG Web TuneUp
2015-12-19 08:11 . 2015-12-19 08:12 -------- d-----w- c:\program files\AVG Web TuneUp
2015-12-18 14:54 . 2015-08-13 14:15 304640 ----a-w- c:\windows\system32\drivers\srv.sys
2015-12-18 14:54 . 2015-08-13 14:15 102912 ----a-w- c:\windows\system32\drivers\srvnet.sys
2015-12-18 14:52 . 2015-07-21 16:07 56256 ----a-w- c:\windows\system32\drivers\mountmgr.sys
2015-12-18 14:52 . 2015-07-21 16:07 140224 ----a-w- c:\windows\system32\drivers\ecache.sys
2015-12-18 14:52 . 2015-07-21 16:03 10752 ----a-w- c:\windows\system32\msmmsp.dll
2015-12-18 14:52 . 2015-07-21 16:03 564224 ----a-w- c:\windows\system32\emdmgmt.dll
2015-12-18 14:50 . 2015-07-03 16:04 1316864 ----a-w- c:\windows\system32\ole32.dll
2015-12-18 14:48 . 2015-07-31 19:27 103120 ----a-w- c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
2015-12-18 14:46 . 2015-06-17 15:09 73216 ----a-w- c:\windows\system32\msiexec.exe
2015-12-18 14:46 . 2015-06-17 16:50 2264576 ----a-w- c:\windows\system32\msi.dll
2015-12-18 14:45 . 2015-06-12 16:01 298496 ----a-w- c:\windows\system32\gdi32.dll
2015-12-18 14:43 . 2015-04-24 15:54 532480 ----a-w- c:\windows\system32\comctl32.dll
2015-12-18 14:41 . 2015-07-10 19:37 2067968 ----a-w- c:\windows\system32\mstscax.dll
2015-12-18 14:23 . 2015-03-05 02:32 244152 ----a-w- c:\windows\system32\clfs.sys
2015-12-18 14:23 . 2015-03-05 02:23 57344 ----a-w- c:\windows\system32\clfsw32.dll
2015-12-18 14:22 . 2015-11-06 16:32 219648 ----a-w- c:\windows\system32\d3d10_1core.dll
2015-12-18 14:22 . 2015-11-06 16:32 189952 ----a-w- c:\windows\system32\d3d10core.dll
2015-12-18 14:22 . 2015-11-06 16:32 160768 ----a-w- c:\windows\system32\d3d10_1.dll
2015-12-18 14:22 . 2015-11-06 15:27 1172480 ----a-w- c:\windows\system32\d3d10warp.dll
2015-12-18 14:22 . 2015-11-06 15:26 486400 ----a-w- c:\windows\system32\d3d10level9.dll
2015-12-18 14:22 . 2015-11-06 15:20 682496 ----a-w- c:\windows\system32\d2d1.dll
2015-12-18 14:22 . 2015-11-06 17:05 627712 ----a-w- c:\windows\system32\user32.dll
2015-12-18 14:22 . 2015-11-06 16:32 1029120 ----a-w- c:\windows\system32\d3d10.dll
2015-12-18 14:22 . 2015-11-06 15:24 2068480 ----a-w- c:\windows\system32\win32k.sys
2015-12-18 14:22 . 2015-11-06 15:20 1073152 ----a-w- c:\windows\system32\DWrite.dll
2015-12-18 14:22 . 2015-11-06 15:19 802304 ----a-w- c:\windows\system32\FntCache.dll
2015-12-18 14:06 . 2015-10-13 14:31 273408 ----a-w- c:\windows\system32\drivers\afd.sys
2015-12-18 14:06 . 2015-10-13 14:31 72192 ----a-w- c:\windows\system32\drivers\tdx.sys
2015-12-18 14:05 . 2015-11-02 17:04 179200 ----a-w- c:\windows\system32\els.dll
2015-12-18 14:01 . 2015-10-17 16:01 501248 ----a-w- c:\windows\system32\kerberos.dll
2015-12-18 13:56 . 2015-07-18 16:03 68608 ----a-w- c:\windows\system32\basesrv.dll
2015-12-18 13:49 . 2015-09-02 21:26 34304 ----a-w- c:\windows\system32\atmlib.dll
2015-12-18 13:49 . 2015-09-02 19:54 297472 ----a-w- c:\windows\system32\atmfd.dll
2015-12-18 13:27 . 2015-08-05 15:59 602112 ----a-w- c:\windows\system32\schedsvc.dll
2015-12-18 13:24 . 2015-10-14 20:22 1206192 ----a-w- c:\windows\system32\ntdll.dll
2015-12-18 13:24 . 2015-07-21 16:03 49664 ----a-w- c:\windows\system32\csrsrv.dll
2015-12-18 13:24 . 2015-10-14 16:01 3606464 ----a-w- c:\windows\system32\ntkrnlpa.exe
2015-12-18 13:24 . 2015-10-14 16:01 3554752 ----a-w- c:\windows\system32\ntoskrnl.exe
2015-12-18 13:21 . 2015-10-01 16:03 940032 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\journal.dll
2015-12-18 12:44 . 2015-07-10 19:37 1402368 ----a-w- c:\windows\system32\msxml6.dll
2015-12-18 12:44 . 2015-07-10 19:37 1253376 ----a-w- c:\windows\system32\msxml3.dll
2015-12-18 12:43 . 2015-05-31 08:11 225792 ----a-w- c:\windows\system32\cewmdm.dll
2015-12-18 12:23 . 2015-04-10 23:22 279552 ----a-w- c:\windows\system32\services.exe
2015-12-18 12:10 . 2014-09-04 23:27 143360 ----a-w- c:\windows\system32\drivers\fastfat.sys
2015-12-18 11:50 . 2015-10-10 16:02 526272 ----a-w- c:\windows\system32\drivers\ndis.sys
2015-12-18 11:25 . 2015-07-01 15:57 199680 ----a-w- c:\windows\system32\WebClnt.dll
2015-12-18 11:24 . 2015-07-09 14:25 151040 ----a-w- c:\windows\system32\notepad.exe
2015-12-18 11:24 . 2015-07-09 14:25 151040 ----a-w- c:\windows\notepad.exe
2015-12-18 11:24 . 2015-11-10 17:03 1208832 ----a-w- c:\windows\system32\comsvcs.dll
2015-12-18 11:24 . 2015-11-10 17:03 488448 ----a-w- c:\windows\system32\catsrvut.dll
2015-12-18 11:23 . 2015-11-05 07:34 113664 ----a-w- c:\windows\system32\drivers\rmcast.sys
2015-12-18 11:22 . 2015-05-04 22:50 7680 ----a-w- c:\windows\system32\spwmp.dll
2015-12-18 11:21 . 2015-05-04 22:50 4096 ----a-w- c:\windows\system32\msdxm.ocx
2015-12-18 11:21 . 2015-05-04 22:50 4096 ----a-w- c:\windows\system32\dxmasf.dll
2015-12-18 11:21 . 2015-05-04 21:21 107520 ----a-w- c:\program files\Windows Media Player\wmpconfig.exe
2015-12-18 11:21 . 2015-05-04 21:21 168960 ----a-w- c:\program files\Windows Media Player\wmplayer.exe
2015-12-18 11:21 . 2015-05-04 21:21 107520 ----a-w- c:\program files\Windows Media Player\wmpshare.exe
2015-12-18 11:21 . 2015-05-04 21:21 8147456 ----a-w- c:\windows\system32\wmploc.DLL
2015-12-18 11:18 . 2015-06-27 16:02 218112 ----a-w- c:\windows\system32\msv1_0.dll
2015-12-18 11:18 . 2015-06-27 14:21 217088 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2015-12-18 11:18 . 2015-06-27 14:21 81408 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2015-12-18 11:18 . 2015-01-09 00:17 107008 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2015-12-18 11:18 . 2015-09-26 16:04 206336 ----a-w- c:\windows\system32\ncrypt.dll
2015-12-18 11:18 . 2015-09-26 16:05 281600 ----a-w- c:\windows\system32\schannel.dll
2015-12-18 11:18 . 2015-06-27 16:03 783872 ----a-w- c:\windows\system32\rpcrt4.dll
2015-12-18 11:18 . 2015-06-27 16:01 801280 ----a-w- c:\windows\system32\advapi32.dll
2015-12-18 11:18 . 2015-09-26 13:21 274432 ----a-w- c:\windows\system32\bcrypt.dll
2015-12-18 11:18 . 2015-09-22 13:11 440768 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2015-12-17 17:19 . 2015-12-22 15:39 -------- d-----r- c:\users\TO\Google Drive
2015-12-17 17:16 . 2015-12-17 17:16 -------- d-----w- c:\program files\Microsoft OneDrive
2015-12-17 17:16 . 2015-12-22 15:38 -------- d-----r- c:\users\TO\OneDrive
2015-12-17 17:14 . 2015-12-17 17:14 -------- d-----w- c:\programdata\Microsoft OneDrive
2015-12-15 20:18 . 2015-12-18 13:15 -------- d-----w- c:\program files\ZHPFix
2015-12-15 07:10 . 2015-12-15 07:10 -------- d-----w- c:\users\TO\AppData\Local\Avg
2015-12-14 23:59 . 2015-01-29 01:35 369664 ----a-w- c:\windows\system32\WMPhoto.dll
2015-12-14 23:59 . 2015-01-29 01:35 975360 ----a-w- c:\windows\system32\WindowsCodecs.dll
2015-12-14 23:57 . 2014-06-13 18:22 81560 ----a-w- c:\windows\system32\mscories.dll
2015-12-14 23:57 . 2014-06-13 18:22 156824 ----a-w- c:\windows\system32\mscorier.dll
2015-12-14 23:57 . 2014-06-15 22:18 1131664 ----a-w- c:\windows\system32\dfshim.dll
2015-12-14 23:52 . 2014-10-10 01:00 146432 ----a-w- c:\windows\system32\msaudite.dll
2015-12-14 23:52 . 2014-10-09 23:22 619520 ----a-w- c:\windows\system32\adtschema.dll
2015-12-14 23:52 . 2014-10-10 01:01 449536 ----a-w- c:\windows\system32\termsrv.dll
2015-12-14 23:51 . 2014-12-19 00:25 115200 ----a-w- c:\windows\system32\drivers\mrxdav.sys
2015-12-14 23:40 . 2014-08-27 00:55 2048 ----a-w- c:\windows\system32\msxml3r.dll
2015-12-14 23:39 . 2014-10-24 01:04 67072 ----a-w- c:\windows\system32\packager.dll
2015-12-14 23:38 . 2015-01-09 00:18 64000 ----a-w- c:\windows\system32\smss.exe
2015-12-14 23:37 . 2015-01-21 02:02 807936 ----a-w- c:\windows\system32\msctf.dll
2015-12-14 23:37 . 2014-08-12 02:25 729600 ----a-w- c:\windows\system32\IMJP10K.DLL
2015-12-14 23:35 . 2014-10-10 01:00 1259008 ----a-w- c:\windows\system32\lsasrv.dll
2015-12-14 23:35 . 2014-10-03 01:17 316928 ----a-w- c:\windows\system32\audiosrv.dll
2015-12-14 23:35 . 2014-10-03 01:18 274432 ----a-w- c:\windows\system32\AUDIOKSE.dll
2015-12-14 23:35 . 2014-10-03 01:17 170496 ----a-w- c:\windows\system32\EncDump.dll
2015-12-14 23:35 . 2014-10-03 01:17 396800 ----a-w- c:\windows\system32\AudioEng.dll
2015-12-14 23:34 . 2014-12-06 03:14 48640 ----a-w- c:\windows\system32\nlaapi.dll
2015-12-14 23:34 . 2014-12-06 03:14 174080 ----a-w- c:\windows\system32\nlasvc.dll
2015-12-14 23:34 . 2014-12-06 03:14 93184 ----a-w- c:\windows\system32\ncsi.dll
2015-12-14 23:33 . 2014-10-18 01:08 564224 ----a-w- c:\windows\system32\oleaut32.dll
2015-12-14 23:32 . 2014-12-08 01:59 306176 ----a-w- c:\windows\system32\scesrv.dll
2015-12-14 19:23 . 2015-12-14 19:24 170200 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2015-12-14 19:14 . 2015-10-05 08:50 51928 ----a-w- c:\windows\system32\drivers\mwac.sys
2015-12-14 19:14 . 2015-10-05 08:50 94936 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2015-12-14 19:14 . 2015-10-05 08:50 23256 ----a-w- c:\windows\system32\drivers\mbam.sys
2015-12-14 19:14 . 2015-12-14 19:15 -------- d-----w- c:\program files\Malwarebytes Anti-Malware
2015-12-14 15:43 . 2015-12-14 15:43 -------- d-----w- c:\users\TO\AppData\Local\Dropbox
2015-12-14 15:43 . 2015-12-14 15:43 -------- d-----w- c:\programdata\Dropbox
.
.
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-12-14 17:05 . 2013-11-18 22:47 796864 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2015-12-14 17:05 . 2013-11-18 22:47 142528 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2015-10-19 11:38 . 2015-10-19 11:38 252336 ----a-w- c:\windows\system32\drivers\avgidsdriverx.sys
2013-10-12 01:38 . 2013-10-12 01:38 50053120 ----a-w- c:\program files\GUTCB89.tmp
2009-04-17 20:47 . 2009-04-17 20:46 19875528 ----a-w- c:\program files\coolpaie_SP_3.3.0.68.exe
2009-04-17 20:23 . 2009-04-17 20:23 7869591 ----a-w- c:\program files\Podmailing_Setup_0_11_2.exe
.
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]
2015-12-19 08:10 2410896 ----a-w- c:\program files\AVG Web TuneUp\4.2.4.155\AVG Web TuneUp.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ GoogleDriveBlacklisted]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]
2015-11-04 13:01 576840 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ GoogleDriveSynced]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]
2015-11-04 13:01 576840 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ GoogleDriveSyncing]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]
2015-11-04 13:01 576840 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ OneDrive1]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2015-12-17 17:15 1587912 ----a-w- c:\users\TO\AppData\Local\Microsoft\OneDrive\17.3.6281.1202\FileSyncShell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ OneDrive2]
@="{5AB7172C-9C11-405C-8DD5-AF20F3606282}"
[HKEY_CLASSES_ROOT\CLSID\{5AB7172C-9C11-405C-8DD5-AF20F3606282}]
2015-12-17 17:15 1587912 ----a-w- c:\users\TO\AppData\Local\Microsoft\OneDrive\17.3.6281.1202\FileSyncShell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ OneDrive3]
@="{A78ED123-AB77-406B-9962-2A5D9D2F7F30}"
[HKEY_CLASSES_ROOT\CLSID\{A78ED123-AB77-406B-9962-2A5D9D2F7F30}]
2015-12-17 17:15 1587912 ----a-w- c:\users\TO\AppData\Local\Microsoft\OneDrive\17.3.6281.1202\FileSyncShell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ OneDrive4]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2015-12-17 17:15 1587912 ----a-w- c:\users\TO\AppData\Local\Microsoft\OneDrive\17.3.6281.1202\FileSyncShell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ OneDrive5]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2015-12-17 17:15 1587912 ----a-w- c:\users\TO\AppData\Local\Microsoft\OneDrive\17.3.6281.1202\FileSyncShell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2015-12-08 21:33 199488 ----a-w- c:\users\TO\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2015-12-08 21:33 199488 ----a-w- c:\users\TO\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2015-12-08 21:33 199488 ----a-w- c:\users\TO\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2015-12-08 21:33 199488 ----a-w- c:\users\TO\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoWinKeys"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\DeviceNP]
2007-06-08 17:04 49152 ------w- c:\windows\System32\DeviceNP.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^Users^TO^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dropbox.lnk]
path=c:\users\TO\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
backup=c:\windows\pss\Dropbox.lnk.Startup
backupExtension=.Startup
.
[HKLM\~\startupfolder\C:^Users^TO^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.4.1.lnk]
path=c:\users\TO\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk
backup=c:\windows\pss\OpenOffice.org 3.4.1.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2013-04-04 08:36 958576 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2013-05-08 21:20 41056 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]
2013-04-21 20:43 59720 ----a-w- c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Photosmart 5520 series (NET)]
2012-10-17 03:05 1837672 ----a-w- c:\program files\HP\HP Photosmart 5520 series\Bin\ScanToPCActivationApp.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2011-10-28 11:18 49208 ----a-w- c:\program files\HP\HP Software Update\hpwuschd2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpWirelessAssistant]
2008-04-15 22:51 488752 ----a-w- c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QlbCtrl.exe]
2008-05-14 19:26 177456 ----a-w- c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2014-01-17 14:24 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sidebar]
2009-04-11 06:28 1233920 ----a-w- c:\program files\Windows Sidebar\sidebar.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2014-07-25 10:29 256896 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
2008-03-27 19:05 1045800 ----a-w- c:\program files\Synaptics\SynTP\SynTPEnh.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
2008-01-21 02:33 1008184 ----a-w- c:\program files\Windows Defender\MSASCui.exe
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"LightScribe Control Panel"=c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"HP Health Check Scheduler"=c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
"AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
"IgfxTray"=c:\windows\system32\igfxtray.exe
"Persistence"=c:\windows\system32\igfxpers.exe
"HotKeysCmds"=c:\windows\system32\hkcmd.exe
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime
"PTHOSTTR"=c:\program files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE /Start
"PDF Complete"="c:\program files\PDF Complete\pdfsty.exe"
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe"
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
"HP Software Update"=c:\program files\Hp\HP Software Update\HPWuSchd2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-1091579693-3492347612-461701170-1004]
"EnableNotifications"=dword:00000001
"EnableNotificationsRef"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2008-03-18 01:56 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2015-12-17 17:04 1000264 ----a-w- c:\program files\Google\Chrome\Application\47.0.2526.106\Installer\chrmstp.exe
.
Contenu du dossier 'Tâches planifiées'
.
2015-12-22 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-11-18 17:05]
.
2015-12-22 c:\windows\Tasks\DropboxUpdateTaskUserS-1-5-21-1091579693-3492347612-461701170-1004Core.job
- c:\users\TO\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-12-14 15:43]
.
2015-12-22 c:\windows\Tasks\DropboxUpdateTaskUserS-1-5-21-1091579693-3492347612-461701170-1004UA.job
- c:\users\TO\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-12-14 15:43]
.
2015-12-22 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2014-06-11 16:34]
.
2015-12-22 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2014-06-11 16:34]
.
2014-03-30 c:\windows\Tasks\Maintenance en 1 clic.job
- c:\program files\TuneUp Utilities 2009\OneClickStarter.exe [2008-12-12 14:04]
.
.
------- Examen supplémentaire -------
.
uStart Page = https://mysearch.avg.com/?cid={064384DA-8DCF-4D82-9692-42DEB88B38C6}&mid=811bc8c512f847d39699d16b22605fcb-70287c5c0e557a6f5c90d94a5c94205cb086d5a9&lang=fr&ds=AVG&coid=avgtbavg&cmpid=1215av&pr=fr&d=2015-12-19 09:12&v=4.2.4.155&pid=wtu&sg=&sap=hp
mStart Page = hxxp://www.google.com
IE: &Envoyer à OneNote - c:\progra~1\MICROS~4\Office14\ONBttnIE.dll/105
IE: Convertir les liens sélectionnés en fichier Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~4\Office14\EXCEL.EXE/3000
IE: Envoyer à &Bluetooth - c:\program files\WIDCOMM\Logiciel Bluetooth\btsendto_ie_ctx.htm
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
FF - ProfilePath - c:\users\TO\AppData\Roaming\Mozilla\Firefox\Profiles\4stolb28.default-1384451292283\
.
- - - - ORPHELINS SUPPRIMES - - - -
.
MSConfigStartUp-BCSSync - c:\program files\Microsoft Office\Office14\BCSSync.exe
MSConfigStartUp-iTunesHelper - c:\program files\iTunes\iTunesHelper.exe
MSConfigStartUp-SoundMAXPnP - c:\program files\Analog Devices\Core\smax4pnp.exe
MSConfigStartUp-TkBellExe - c:\program files\Common Files\Real\Update_OB\realsched.exe
MSConfigStartUp-VirtualCloneDrive - c:\program files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2015-12-22 16:36
Windows 6.0.6002 Service Pack 2 NTFS
.
Recherche de processus cachés ...
.
Recherche d'éléments en démarrage automatique cachés ...
.
Recherche de fichiers cachés ...
.
Scan terminé avec succès
Fichiers cachés: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\pdfcDispatcher]
"ImagePath"="c:\program files\PDF Complete\pdfsvc.exe /startedbyscm:66B66708-40E2BE4D-pdfcService"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\TrueSight]
"ImagePath"="\??\"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\.NET CLR Data]
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\.NET CLR Networking]
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\.NET CLR Networking 4.0.0.0]
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\.NET Data Provider for Oracle]
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\.NET Data Provider for SqlServer]
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\.NET Memory Cache 4.0]
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\.NETFramework]
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\ACPI]
"ImagePath"="system32\drivers\acpi.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\adfs]
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\ADIHdAudAddService]
"ImagePath"="system32\drivers\ADIHdAud.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\AdobeDriveCS4_NP]
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\AdobeFlashPlayerUpdateSvc]
"ImagePath"="c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\adp94xx]
"ImagePath"="system32\drivers\adp94xx.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\adpahci]
"ImagePath"="system32\drivers\adpahci.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\adpu160m]
"ImagePath"="system32\drivers\adpu160m.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\adpu320]
"ImagePath"="system32\drivers\adpu320.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\adsi]
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\AEADIFilters]
"ImagePath"="%SystemRoot%\system32\AEADISRV.EXE"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\AeLookupSvc]
"ServiceDll"="%SystemRoot%\System32\aelupsvc.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\AFD]
"ImagePath"="\SystemRoot\system32\drivers\afd.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\AgereModemAudio]
"ImagePath"="c:\windows\system32\agrsmsvc.exe"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\AgereSoftModem]
"ImagePath"="system32\DRIVERS\AGRSM.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\agp440]
"ImagePath"="\SystemRoot\system32\drivers\agp440.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\aic78xx]
"ImagePath"="system32\drivers\djsvs.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\ALG]
"ImagePath"="%SystemRoot%\System32\alg.exe"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\aliide]
"ImagePath"="system32\drivers\aliide.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\amdagp]
"ImagePath"="\SystemRoot\system32\drivers\amdagp.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\amdide]
"ImagePath"="system32\drivers\amdide.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\AmdK7]
"ImagePath"="\SystemRoot\system32\drivers\amdk7.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\AmdK8]
"ImagePath"="system32\DRIVERS\amdk8.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Appinfo]
"ServiceDll"="%SystemRoot%\System32\appinfo.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\AppMgmt]
"ServiceDll"="%SystemRoot%\System32\appmgmts.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\arc]
"ImagePath"="system32\drivers\arc.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\arcsas]
"ImagePath"="system32\drivers\arcsas.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\ASP.NET]
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\ASP.NET_1.1.4322]
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\ASP.NET_2.0.50727]
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\ASP.NET_4.0.30319]
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Aspi32]
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\aspnet_state]
"ImagePath"="%SystemRoot%\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\AsyncMac]
"ImagePath"="system32\DRIVERS\asyncmac.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\atapi]
"ImagePath"="system32\drivers\atapi.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\athrusb]
"ImagePath"="system32\DRIVERS\athrusb.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\atksgt]
"ImagePath"="system32\DRIVERS\atksgt.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\AudioEndpointBuilder]
"ServiceDll"="%SystemRoot%\System32\Audiosrv.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Audiosrv]
"ServiceDll"="%SystemRoot%\System32\Audiosrv.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Avg]
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Avgdiskx]
"ImagePath"="system32\DRIVERS\avgdiskx.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\AVGIDSAgent]
"ImagePath"="\"c:\program files\AVG\AVG2015\avgidsagent.exe\""
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\AVGIDSDriver]
"ImagePath"="system32\DRIVERS\avgidsdriverx.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\AVGIDSHX]
"ImagePath"="system32\DRIVERS\avgidshx.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\AVGIDSShim]
"ImagePath"="system32\DRIVERS\avgidsshimx.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Avgldx86]
"ImagePath"="system32\DRIVERS\avgldx86.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Avglogx]
"ImagePath"="system32\DRIVERS\avglogx.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Avgmfx86]
"ImagePath"="system32\DRIVERS\avgmfx86.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Avgrkx86]
"ImagePath"="system32\DRIVERS\avgrkx86.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Avgtdix]
"ImagePath"="system32\DRIVERS\avgtdix.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\avgwd]
"ImagePath"="\"c:\program files\AVG\AVG2015\avgwdsvc.exe\""
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\b57nd60x]
"ImagePath"="system32\DRIVERS\b57nd60x.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\BattC]
"MofImagePath"="system32\drivers\battc.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\BCM43XX]
"ImagePath"="system32\DRIVERS\bcmwl6.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Beep]
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\BFE]
"ServiceDll"="%SystemRoot%\System32\bfe.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\BITS]
"ServiceDll"="%systemroot%\system32\qmgr.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\blbdrive]
"ImagePath"="\SystemRoot\system32\drivers\blbdrive.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\bowser]
"ImagePath"="system32\DRIVERS\bowser.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\BrFiltLo]
"ImagePath"="\SystemRoot\system32\drivers\brfiltlo.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\BrFiltUp]
"ImagePath"="\SystemRoot\system32\drivers\brfiltup.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Browser]
"ServiceDll"="%SystemRoot%\System32\browser.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Brserid]
"ImagePath"="\SystemRoot\system32\drivers\brserid.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\BrSerWdm]
"ImagePath"="\SystemRoot\system32\drivers\brserwdm.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\BrUsbMdm]
"ImagePath"="\SystemRoot\system32\drivers\brusbmdm.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\BrUsbSer]
"ImagePath"="\SystemRoot\system32\drivers\brusbser.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\btaudio]
"ImagePath"="system32\drivers\btaudio.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\BTDriver]
"ImagePath"="system32\DRIVERS\btport.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\BTHMODEM]
"ImagePath"="\SystemRoot\system32\drivers\bthmodem.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\BTHPORT]
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\BTKRNL]
"ImagePath"="system32\DRIVERS\btkrnl.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\catchme]
"ImagePath"="\??\c:\users\TO\AppData\Local\Temp\catchme.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\cdfs]
"ImagePath"="system32\DRIVERS\cdfs.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\cdrom]
"ImagePath"="system32\DRIVERS\cdrom.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\CertPropSvc]
"ServiceDll"="%SystemRoot%\System32\certprop.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\circlass]
"ImagePath"="\SystemRoot\system32\drivers\circlass.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\CLFS]
"ImagePath"="System32\CLFS.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\clr_optimization_v2.0.50727_32]
"ImagePath"="%systemroot%\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\clr_optimization_v4.0.30319_32]
"ImagePath"="c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\CmBatt]
"ImagePath"="system32\DRIVERS\CmBatt.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\cmdide]
"ImagePath"="system32\drivers\cmdide.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Com4QLBEx]
"ImagePath"="\"c:\program files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe\""
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Compbatt]
"ImagePath"="system32\DRIVERS\compbatt.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\COMSysApp]
"ImagePath"="%SystemRoot%\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235}"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\crcdisk]
"ImagePath"="system32\drivers\crcdisk.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Crusoe]
"ImagePath"="\SystemRoot\system32\drivers\crusoe.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\crypt32]
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\CryptSvc]
"ServiceDll"="%SystemRoot%\system32\cryptsvc.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\DAMDrv]
"ImagePath"="system32\DRIVERS\DAMDrv.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\DCLocator]
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\DcomLaunch]
"ServiceDll"="%SystemRoot%\system32\rpcss.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\DfsC]
"ImagePath"="System32\Drivers\dfsc.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\DFSR]
"ImagePath"="%SystemRoot%\system32\DFSR.exe"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Dhcp]
"ServiceDll"="%SystemRoot%\system32\dhcpcsvc.dll"
--
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\disk]
"ImagePath"="system32\drivers\disk.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Dnscache]
"ServiceDll"="%SystemRoot%\System32\dnsrslvr.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\dot3svc]
"ServiceDll"="%SystemRoot%\System32\dot3svc.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\dot4]
"ImagePath"="system32\DRIVERS\Dot4.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Dot4Print]
"ImagePath"="system32\DRIVERS\Dot4Prt.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Dot4Scan]
"ImagePath"="system32\DRIVERS\Dot4Scan.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\dot4usb]
"ImagePath"="system32\DRIVERS\dot4usb.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\DPS]
"ServiceDll"="%SystemRoot%\system32\dps.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\drmkaud]
"ImagePath"="system32\drivers\drmkaud.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\DXGKrnl]
"ImagePath"="\SystemRoot\System32\drivers\dxgkrnl.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\e1express]
"ImagePath"="system32\DRIVERS\e1e6032.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\E1G60]
"ImagePath"="system32\DRIVERS\E1G60I32.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\EapHost]
"ServiceDll"="%SystemRoot%\System32\eapsvc.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Ecache]
"ImagePath"="System32\drivers\ecache.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\elxstor]
"ImagePath"="system32\drivers\elxstor.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\EmdCache]
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\EMDMgmt]
"ServiceDll"="%systemroot%\system32\emdmgmt.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\ErrDev]
"ImagePath"="\SystemRoot\system32\drivers\errdev.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\ESENT]
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Eventlog]
"ServiceDll"="%SystemRoot%\System32\wevtsvc.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\EventSystem]
"ServiceDll"="%systemroot%\system32\es.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\ewusbnet]
"ImagePath"="system32\DRIVERS\ewusbnet.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\ew_hwusbdev]
"ImagePath"="system32\DRIVERS\ew_hwusbdev.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\exfat]
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\fastfat]
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\fdc]
"ImagePath"="system32\DRIVERS\fdc.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\fdPHost]
"ServiceDll"="%SystemRoot%\system32\fdPHost.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\FDResPub]
"ServiceDll"="%SystemRoot%\system32\fdrespub.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\FileInfo]
"ImagePath"="system32\drivers\fileinfo.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Filetrace]
"ImagePath"="system32\drivers\filetrace.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\FLCDLOCK]
"ImagePath"="c:\windows\system32\flcdlock.exe"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\FLEXnet Licensing Service]
"ImagePath"="\"c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe\""
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\flpydisk]
"ImagePath"="system32\DRIVERS\flpydisk.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\FltMgr]
"ImagePath"="system32\drivers\fltmgr.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\FontCache]
"ServiceDll"="%SystemRoot%\system32\FntCache.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\FontCache3.0.0.0]
"ImagePath"="%systemroot%\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Fs_Rec]
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\gagp30kx]
"ImagePath"="\SystemRoot\system32\drivers\gagp30kx.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\gpsvc]
"ServiceDll"="%SystemRoot%\System32\gpsvc.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\gupdate]
"ImagePath"="\"c:\program files\Google\Update\GoogleUpdate.exe\" /svc"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\gupdatem]
"ImagePath"="\"c:\program files\Google\Update\GoogleUpdate.exe\" /medsvc"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\HBtnKey]
"ImagePath"="system32\DRIVERS\cpqbttn.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\HdAudAddService]
"ImagePath"="system32\drivers\HdAudio.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\HDAudBus]
"ImagePath"="system32\DRIVERS\HDAudBus.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\HidBth]
"ImagePath"="\SystemRoot\system32\drivers\hidbth.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\HidIr]
"ImagePath"="\SystemRoot\system32\drivers\hidir.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\hidserv]
"ServiceDll"="%SystemRoot%\System32\hidserv.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\HidUsb]
"ImagePath"="system32\DRIVERS\hidusb.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\hkmsvc]
"ServiceDLL"="%SystemRoot%\system32\kmsvc.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\HP Health Check Service]
"ImagePath"="\"c:\program files\Hewlett-Packard\HP Health Check\hphc_service.exe\""
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\HpCISSs]
"ImagePath"="system32\drivers\hpcisss.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\HpqKbFiltr]
"ImagePath"="system32\DRIVERS\HpqKbFiltr.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\hpqwmiex]
"ImagePath"="\"c:\program files\Hewlett-Packard\Shared\hpqWmiEx.exe\""
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\HTTP]
"ImagePath"="system32\drivers\HTTP.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\huawei_enumerator]
"ImagePath"="system32\DRIVERS\ew_jubusenum.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\huawei_update]
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\hwcdcmdm0]
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\hwdatacard]
"ImagePath"="system32\DRIVERS\ewusbmdm.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\HWHandSet]
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\hwusbapp]
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\hwusbdev]
"ImagePath"="system32\DRIVERS\ewusbdev.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\hwusbser]
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\hw_usbdev]
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\i2omp]
"ImagePath"="system32\drivers\i2omp.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\i8042prt]
"ImagePath"="system32\DRIVERS\i8042prt.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\IAANTMON]
"ImagePath"="c:\program files\Intel\Intel Matrix Storage Manager\IAANTMon.exe"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\ialm]
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\iaStor]
"ImagePath"="system32\drivers\iastor.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\iaStorV]
"ImagePath"="system32\drivers\iastorv.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\IDriverT]
"ImagePath"="\"c:\program files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe\""
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\idsvc]
"ImagePath"="\"%systemroot%\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe\""
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\igfx]
"ImagePath"="system32\DRIVERS\igdkmd32.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\iirsp]
"ImagePath"="system32\drivers\iirsp.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\IKEEXT]
"ServiceDll"="%SystemRoot%\System32\ikeext.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\inetaccs]
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\intelide]
"ImagePath"="system32\drivers\intelide.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\intelppm]
"ImagePath"="system32\DRIVERS\intelppm.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\IPBusEnum]
"ServiceDll"="%SystemRoot%\system32\ipbusenum.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\IpFilterDriver]
"ImagePath"="system32\DRIVERS\ipfltdrv.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\iphlpsvc]
"ServiceDll"="%SystemRoot%\System32\iphlpsvc.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\IpInIp]
"ImagePath"="system32\DRIVERS\ipinip.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\IPMIDRV]
"ImagePath"="\SystemRoot\system32\drivers\ipmidrv.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\IPNAT]
"ImagePath"="system32\DRIVERS\ipnat.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\IRENUM]
"ImagePath"="system32\drivers\irenum.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\isapnp]
"ImagePath"="system32\drivers\isapnp.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\iScsiPrt]
"ImagePath"="system32\DRIVERS\msiscsi.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\iteatapi]
"ImagePath"="system32\drivers\iteatapi.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\iteraid]
"ImagePath"="system32\drivers\iteraid.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\IviRegMgr]
"ImagePath"="c:\program files\Common Files\InterVideo\RegMgr\iviRegMgr.exe"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\kbdclass]
"ImagePath"="system32\DRIVERS\kbdclass.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\kbdhid]
"ImagePath"="system32\DRIVERS\kbdhid.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\KeyIso]
"ImagePath"="%SystemRoot%\system32\lsass.exe"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\KMWDFILTER]
"ImagePath"="system32\DRIVERS\KMWDFILTER.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\KSecDD]
"ImagePath"="System32\Drivers\ksecdd.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\KtmRm]
"ServiceDll"="%systemroot%\system32\msdtckrm.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\LanmanServer]
"ServiceDll"="%SystemRoot%\System32\srvsvc.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\LanmanWorkstation]
"ServiceDll"="%SystemRoot%\System32\wkssvc.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\ldap]
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\LightScribeService]
"ImagePath"="\"c:\program files\Common Files\LightScribe\LSSrvc.exe\""
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\lirsgt]
"ImagePath"="system32\DRIVERS\lirsgt.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\lltdio]
"ImagePath"="system32\DRIVERS\lltdio.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\lltdsvc]
"ServiceDll"="%SystemRoot%\System32\lltdsvc.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\lmhosts]
"ServiceDll"="%SystemRoot%\System32\lmhsvc.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Lsa]
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\LSI_FC]
"ImagePath"="system32\drivers\lsi_fc.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\LSI_SAS]
"ImagePath"="system32\drivers\lsi_sas.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\LSI_SCSI]
"ImagePath"="system32\drivers\lsi_scsi.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\luafv]
"ImagePath"="\SystemRoot\system32\drivers\luafv.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\mamotou]
"ImagePath"="system32\DRIVERS\mamotou.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\MaVctrl]
"ImagePath"="system32\DRIVERS\MaVc2K.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\MBAMProtector]
"ImagePath"="\??\c:\windows\system32\drivers\mbam.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\MBAMService]
"ImagePath"="\"c:\program files\Malwarebytes Anti-Malware\mbamservice.exe\""
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\MBAMWebAccessControl]
"ImagePath"="\??\c:\windows\system32\drivers\mwac.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\mcdbus]
"ImagePath"="system32\DRIVERS\mcdbus.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\megasas]
"ImagePath"="system32\drivers\megasas.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\MegaSR]
"ImagePath"="system32\drivers\megasr.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\MMCSS]
"ServiceDll"="%SystemRoot%\system32\mmcss.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Modem]
"ImagePath"="system32\drivers\modem.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\monitor]
"ImagePath"="system32\DRIVERS\monitor.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\motmodem]
"ImagePath"="system32\DRIVERS\motmodem.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\mouclass]
"ImagePath"="system32\DRIVERS\mouclass.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\mouhid]
"ImagePath"="system32\DRIVERS\mouhid.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\MountMgr]
"ImagePath"="System32\drivers\mountmgr.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\MozillaMaintenance]
"ImagePath"="\"c:\program files\Mozilla Maintenance Service\maintenanceservice.exe\""
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\mpio]
"ImagePath"="system32\drivers\mpio.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\mpsdrv]
"ImagePath"="System32\drivers\mpsdrv.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\MpsSvc]
"ServiceDll"="%SystemRoot%\system32\mpssvc.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Mraid35x]
"ImagePath"="system32\drivers\mraid35x.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\MRxDAV]
"ImagePath"="\SystemRoot\system32\drivers\mrxdav.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\mrxsmb]
"ImagePath"="system32\DRIVERS\mrxsmb.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\mrxsmb10]
"ImagePath"="system32\DRIVERS\mrxsmb10.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\mrxsmb20]
"ImagePath"="system32\DRIVERS\mrxsmb20.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\msahci]
"ImagePath"="system32\drivers\msahci.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\msdsm]
"ImagePath"="system32\drivers\msdsm.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\MSDTC]
"ImagePath"="%SystemRoot%\System32\msdtc.exe"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\MSDTC Bridge 3.0.0.0]
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\MSDTC Bridge 4.0.0.0]
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Msfs]
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\msisadrv]
"ImagePath"="system32\drivers\msisadrv.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\MSiSCSI]
"ServiceDll"="%systemroot%\system32\iscsiexe.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\msiserver]
"ImagePath"="%systemroot%\system32\msiexec.exe /V"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\MSKSSRV]
"ImagePath"="system32\drivers\MSKSSRV.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\MSPCLOCK]
"ImagePath"="system32\drivers\MSPCLOCK.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\MSPQM]
"ImagePath"="system32\drivers\MSPQM.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\MsRPC]
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\MSSCNTRS]
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\mssmbios]
"ImagePath"="system32\DRIVERS\mssmbios.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\MSTEE]
"ImagePath"="system32\drivers\MSTEE.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Mup]
"ImagePath"="System32\Drivers\mup.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\napagent]
"ServiceDLL"="%SystemRoot%\system32\qagentRT.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\NativeWifiP]
"ImagePath"="system32\DRIVERS\nwifi.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\NDIS]
"ImagePath"="system32\drivers\ndis.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\NdisTapi]
"ImagePath"="system32\DRIVERS\ndistapi.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Ndisuio]
"ImagePath"="system32\DRIVERS\ndisuio.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\NdisWan]
"ImagePath"="system32\DRIVERS\ndiswan.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\NDProxy]
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Net Driver HPZ12]
"ServiceDll"="c:\windows\system32\HPZinw12.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\NetBIOS]
"ImagePath"="system32\DRIVERS\netbios.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\netbt]
"ImagePath"="System32\DRIVERS\netbt.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Netlogon]
"ImagePath"="%SystemRoot%\system32\lsass.exe"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Netman]
"ServiceDll"="%SystemRoot%\System32\netman.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\NetMsmqActivator]
"ImagePath"="\"c:\windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe\" -NetMsmqActivator"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\NetPipeActivator]
"ImagePath"="c:\windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\netprofm]
"ServiceDll"="%SystemRoot%\System32\netprofm.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\NetTcpActivator]
"ImagePath"="c:\windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\NetTcpPortSharing]
"ImagePath"="c:\windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\nfrd960]
"ImagePath"="system32\drivers\nfrd960.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\NlaSvc]
"ServiceDll"="%SystemRoot%\System32\nlasvc.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Npfs]
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\nsi]
"ServiceDll"="%systemroot%\system32\nsisvc.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\nsiproxy]
"ImagePath"="system32\drivers\nsiproxy.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\NTDS]
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Ntfs]
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\ntrigdigi]
"ImagePath"="\SystemRoot\system32\drivers\ntrigdigi.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Null]
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\nvraid]
"ImagePath"="system32\drivers\nvraid.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\nvstor]
"ImagePath"="system32\drivers\nvstor.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\nv_agp]
"ImagePath"="\SystemRoot\system32\drivers\nv_agp.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\NwlnkFlt]
"ImagePath"="system32\DRIVERS\nwlnkflt.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\NwlnkFwd]
"ImagePath"="system32\DRIVERS\nwlnkfwd.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\ohci1394]
"ImagePath"="system32\DRIVERS\ohci1394.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\ose]
"ImagePath"="\"c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE\""
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\osppsvc]
"ImagePath"="\"c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE\""
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Outlook]
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\p2pimsvc]
"ServiceDll"="%SystemRoot%\system32\p2psvc.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\p2psvc]
"ServiceDll"="%SystemRoot%\system32\p2psvc.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Parport]
"ImagePath"="system32\DRIVERS\parport.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\partmgr]
"ImagePath"="System32\drivers\partmgr.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Parvdm]
"ImagePath"="system32\DRIVERS\parvdm.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\PcaSvc]
"ServiceDll"="%SystemRoot%\System32\pcasvc.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\pci]
"ImagePath"="system32\drivers\pci.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\pciide]
"ImagePath"="system32\DRIVERS\pciide.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\pcmcia]
"ImagePath"="system32\DRIVERS\pcmcia.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\pdfcDispatcher]
"ImagePath"="c:\program files\PDF Complete\pdfsvc.exe /startedbyscm:66B66708-40E2BE4D-pdfcService"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\PEAUTH]
"ImagePath"="system32\drivers\peauth.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\PerfDisk]
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\PerfNet]
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\PerfOS]
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\PerfProc]
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\pla]
"ServiceDll"="%systemroot%\system32\pla.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\PlugPlay]
"ServiceDll"="%SystemRoot%\system32\umpnpmgr.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Pml Driver HPZ12]
"ServiceDll"="c:\windows\system32\HPZipm12.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\PNRPAutoReg]
"ServiceDll"="%SystemRoot%\system32\p2psvc.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\PNRPsvc]
"ServiceDll"="%SystemRoot%\system32\p2psvc.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\PolicyAgent]
"ServiceDll"="%SystemRoot%\System32\ipsecsvc.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\PortProxy]
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\PptpMiniport]
"ImagePath"="system32\DRIVERS\raspptp.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Processor]
"ImagePath"="\SystemRoot\system32\drivers\processr.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\ProfSvc]
"ServiceDll"="%systemroot%\system32\profsvc.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\ProtectedStorage]
"ImagePath"="%SystemRoot%\system32\lsass.exe"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\PSched]
"ImagePath"="system32\DRIVERS\pacer.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\ql2300]
"ImagePath"="system32\drivers\ql2300.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\ql40xx]
"ImagePath"="system32\drivers\ql40xx.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\QWAVE]
"ServiceDll"="%windir%\system32\qwave.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\QWAVEdrv]
"ImagePath"="\SystemRoot\system32\drivers\qwavedrv.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\RasAcd]
"ImagePath"="System32\DRIVERS\rasacd.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\RasAuto]
"ServiceDll"="%SystemRoot%\System32\rasauto.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Rasl2tp]
"ImagePath"="system32\DRIVERS\rasl2tp.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\RasMan]
"ServiceDll"="%SystemRoot%\System32\rasmans.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\RasPppoe]
"ImagePath"="system32\DRIVERS\raspppoe.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\RasSstp]
"ImagePath"="system32\DRIVERS\rassstp.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\rdbss]
"ImagePath"="system32\DRIVERS\rdbss.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\RDPCDD]
"ImagePath"="System32\DRIVERS\RDPCDD.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\RDPDD]
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\rdpdr]
"ImagePath"="\SystemRoot\system32\drivers\rdpdr.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\RDPENCDD]
"ImagePath"="system32\drivers\rdpencdd.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\RDPNP]
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\RDPWD]
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\RemoteAccess]
"ServiceDLL"="%SystemRoot%\System32\mprdim.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\RemoteRegistry]
"ServiceDll"="%SystemRoot%\system32\regsvc.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\RpcLocator]
"ImagePath"="%SystemRoot%\system32\locator.exe"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\RpcSs]
"ServiceDll"="%SystemRoot%\system32\rpcss.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\rspndr]
"ImagePath"="system32\DRIVERS\rspndr.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\RVIEGVST]
"ImagePath"="\??\c:\program files\Roland\Virtual Sound Canvas VST\RVIEg01VST.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\SamSs]
"ImagePath"="%SystemRoot%\system32\lsass.exe"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\sbp2port]
"ImagePath"="system32\drivers\sbp2port.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\SCardSvr]
"ServiceDll"="%SystemRoot%\System32\SCardSvr.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Schedule]
"ServiceDll"="%systemroot%\system32\schedsvc.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\SCPolicySvc]
"ServiceDll"="%SystemRoot%\System32\certprop.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\SDRSVC]
"ServiceDll"="%Systemroot%\System32\SDRSVC.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\secdrv]
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\seclogon]
"ServiceDll"="%windir%\system32\seclogon.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\SENS]
"ServiceDll"="%SystemRoot%\system32\sens.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Serenum]
"ImagePath"="\SystemRoot\system32\drivers\serenum.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Serial]
"ImagePath"="\SystemRoot\system32\drivers\serial.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\sermouse]
"ImagePath"="\SystemRoot\system32\drivers\sermouse.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\ServiceModelEndpoint 3.0.0.0]
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\ServiceModelOperation 3.0.0.0]
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\ServiceModelService 3.0.0.0]
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\SessionEnv]
"ServiceDLL"="%SystemRoot%\system32\sessenv.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\sffdisk]
"ImagePath"="\SystemRoot\system32\drivers\sffdisk.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\sffp_mmc]
"ImagePath"="\SystemRoot\system32\drivers\sffp_mmc.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\sffp_sd]
"ImagePath"="\SystemRoot\system32\drivers\sffp_sd.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\sfloppy]
"ImagePath"="\SystemRoot\system32\drivers\sfloppy.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\SharedAccess]
"ServiceDll"="%SystemRoot%\System32\ipnathlp.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\ShellHWDetection]
"ServiceDll"="%SystemRoot%\System32\shsvcs.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\sisagp]
"ImagePath"="\SystemRoot\system32\drivers\sisagp.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\SiSRaid2]
"ImagePath"="system32\drivers\sisraid2.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\SiSRaid4]
"ImagePath"="system32\drivers\sisraid4.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\SkypeUpdate]
"ImagePath"="\"c:\program files\Skype\Updater\Updater.exe\""
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\slsvc]
"ImagePath"="%SystemRoot%\system32\SLsvc.exe"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\SLUINotify]
"ServiceDll"="%SystemRoot%\system32\SLUINotify.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Smb]
"ImagePath"="system32\DRIVERS\smb.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\SMSvcHost 3.0.0.0]
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\SMSvcHost 4.0.0.0]
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\SNMPTRAP]
"ImagePath"="%SystemRoot%\System32\snmptrap.exe"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\spldr]
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Spooler]
"ImagePath"="%SystemRoot%\System32\spoolsv.exe"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\sptd]
"ImagePath"="\SystemRoot\System32\Drivers\sptd.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\srv]
"ImagePath"="System32\DRIVERS\srv.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\srv2]
"ImagePath"="System32\DRIVERS\srv2.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\srvnet]
"ImagePath"="System32\DRIVERS\srvnet.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\SSDPSRV]
"ServiceDll"="%SystemRoot%\System32\ssdpsrv.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\SstpSvc]
"ServiceDll"="%SystemRoot%\system32\sstpsvc.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\StillCam]
"ImagePath"="system32\DRIVERS\serscan.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\stisvc]
"ServiceDll"="%SystemRoot%\System32\wiaservc.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\swenum]
"ImagePath"="system32\DRIVERS\swenum.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\swprv]
"ServiceDll"="%Systemroot%\System32\swprv.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Symc8xx]
"ImagePath"="system32\drivers\symc8xx.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Sym_hi]
"ImagePath"="system32\drivers\sym_hi.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Sym_u3]
"ImagePath"="system32\drivers\sym_u3.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\synasusb]
"ImagePath"="System32\Drivers\synasusb.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\SynTP]
"ImagePath"="system32\DRIVERS\SynTP.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\SysMain]
"ServiceDll"="%systemroot%\system32\sysmain.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\TabletInputService]
"ServiceDll"="%SystemRoot%\System32\TabSvc.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\TapiSrv]
"ServiceDll"="%SystemRoot%\System32\tapisrv.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\TASCAM_US122144]
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\TBS]
"ServiceDll"="%SystemRoot%\System32\tbssvc.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Tcpip]
"ImagePath"="System32\drivers\tcpip.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Tcpip6]
"ImagePath"="system32\DRIVERS\tcpip.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\tcpipreg]
"ImagePath"="System32\drivers\tcpipreg.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\TDPIPE]
"ImagePath"="system32\drivers\tdpipe.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\TDTCP]
"ImagePath"="system32\drivers\tdtcp.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\tdx]
"ImagePath"="system32\DRIVERS\tdx.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\teamviewervpn]
"ImagePath"="system32\DRIVERS\teamviewervpn.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\TermDD]
"ImagePath"="system32\DRIVERS\termdd.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\TermService]
"ServiceDll"="%SystemRoot%\System32\termsrv.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Themes]
"ServiceDll"="%SystemRoot%\system32\shsvcs.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\THREADORDER]
"ServiceDll"="%SystemRoot%\system32\mmcss.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\TPM]
"ImagePath"="system32\drivers\tpm.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\TrkWks]
"ServiceDll"="%SystemRoot%\System32\trkwks.dll"
--
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\TrueSight]
"ImagePath"="\??\"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\TrustedInstaller]
"ImagePath"="%SystemRoot%\servicing\TrustedInstaller.exe"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\TSDDD]
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\tssecsrv]
"ImagePath"="System32\DRIVERS\tssecsrv.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\TuneUp.Defrag]
"ImagePath"="%SystemRoot%\System32\TuneUpDefragService.exe"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\TuneUp.ProgramStatisticsSvc]
"ImagePath"="%SystemRoot%\System32\TUProgSt.exe"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\tunmp]
"ImagePath"="system32\DRIVERS\tunmp.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\tunnel]
"ImagePath"="system32\DRIVERS\tunnel.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\uagp35]
"ImagePath"="\SystemRoot\system32\drivers\uagp35.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\udfs]
"ImagePath"="system32\DRIVERS\udfs.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\UGatherer]
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\UGTHRSVC]
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\UI0Detect]
"ImagePath"="%SystemRoot%\system32\UI0Detect.exe"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\uliagpkx]
"ImagePath"="\SystemRoot\system32\drivers\uliagpkx.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\uliahci]
"ImagePath"="system32\drivers\uliahci.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\UlSata]
"ImagePath"="system32\drivers\ulsata.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\ulsata2]
"ImagePath"="system32\drivers\ulsata2.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\umbus]
"ImagePath"="system32\DRIVERS\umbus.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\upnphost]
"ServiceDll"="%SystemRoot%\System32\upnphost.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\US122]
"ImagePath"="System32\Drivers\US122.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\US122DL]
"ImagePath"="System32\Drivers\US122DL.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Us122WdmService]
"ImagePath"="System32\Drivers\US122Wdm.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\usb]
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\USBAAPL]
"ImagePath"="System32\Drivers\usbaapl.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\usbaudio]
"ImagePath"="system32\drivers\usbaudio.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\usbccgp]
"ImagePath"="system32\DRIVERS\usbccgp.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\usbcir]
"ImagePath"="\SystemRoot\system32\drivers\usbcir.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\usbehci]
"ImagePath"="system32\DRIVERS\usbehci.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\usbhub]
"ImagePath"="system32\DRIVERS\usbhub.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\usbohci]
"ImagePath"="system32\DRIVERS\usbohci.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\usbprint]
"ImagePath"="system32\DRIVERS\usbprint.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\usbscan]
"ImagePath"="system32\DRIVERS\usbscan.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\USBSTOR]
"ImagePath"="system32\DRIVERS\USBSTOR.SYS"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\usbuhci]
"ImagePath"="system32\DRIVERS\usbuhci.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\UxSms]
"ServiceDll"="%SystemRoot%\System32\uxsms.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\UxTuneUp]
"ServiceDll"="%SystemRoot%\System32\uxtuneup.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\vds]
"ImagePath"="%SystemRoot%\System32\vds.exe"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\vga]
"ImagePath"="system32\DRIVERS\vgapnp.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\VgaSave]
"ImagePath"="\SystemRoot\System32\drivers\vga.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\viaagp]
"ImagePath"="\SystemRoot\system32\drivers\viaagp.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\ViaC7]
"ImagePath"="\SystemRoot\system32\drivers\viac7.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\viaide]
"ImagePath"="system32\drivers\viaide.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\volmgr]
"ImagePath"="system32\drivers\volmgr.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\volmgrx]
"ImagePath"="System32\drivers\volmgrx.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\volsnap]
"ImagePath"="system32\drivers\volsnap.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\vsmraid]
"ImagePath"="system32\drivers\vsmraid.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\VSS]
"ImagePath"="%systemroot%\system32\vssvc.exe"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\vToolbarUpdater40.2.4]
"ImagePath"="\"c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\40.2.4\ToolbarUpdater.exe\""
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\W32Time]
"ServiceDll"="%systemroot%\system32\w32time.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\W3SVC]
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\WacomPen]
"ImagePath"="\SystemRoot\system32\drivers\wacompen.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Wanarp]
"ImagePath"="system32\DRIVERS\wanarp.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Wanarpv6]
"ImagePath"="system32\DRIVERS\wanarp.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\wcncsvc]
"ServiceDll"="%SystemRoot%\System32\wcncsvc.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\WcsPlugInService]
"ServiceDll"="%SystemRoot%\System32\WcsPlugInService.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Wd]
"ImagePath"="system32\drivers\wd.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Wdf01000]
"ImagePath"="system32\drivers\Wdf01000.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\WdiServiceHost]
"ServiceDll"="%SystemRoot%\system32\wdi.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\WdiSystemHost]
"ServiceDll"="%SystemRoot%\system32\wdi.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\WebClient]
"ServiceDll"="%SystemRoot%\System32\webclnt.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Wecsvc]
"ServiceDll"="%SystemRoot%\system32\wecsvc.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\wercplsupport]
"ServiceDll"="%SystemRoot%\System32\wercplsupport.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\WerSvc]
"ServiceDll"="%SystemRoot%\System32\WerSvc.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\WinDefend]
"ServiceDll"="%ProgramFiles%\Windows Defender\mpsvc.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Windows Workflow Foundation 3.0.0.0]
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Windows Workflow Foundation 4.0.0.0]
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\WinHttpAutoProxySvc]
"ServiceDll"="winhttp.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Winmgmt]
"ServiceDll"="%SystemRoot%\system32\wbem\WMIsvc.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\WinRM]
"ServiceDll"="%SystemRoot%\system32\WsmSvc.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Winsock]
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\WinSock2]
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\WinUSB]
"ImagePath"="system32\DRIVERS\WinUSB.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Wlansvc]
"ServiceDll"="%SystemRoot%\System32\wlansvc.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\WmiAcpi]
"ImagePath"="system32\DRIVERS\wmiacpi.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\WmiApRpl]
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\wmiApSrv]
"ImagePath"="%systemroot%\system32\wbem\WmiApSrv.exe"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\WMPNetworkSvc]
"ImagePath"="\"%ProgramFiles%\Windows Media Player\wmpnetwk.exe\""
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\WPCSvc]
"ServiceDll"="%SystemRoot%\System32\wpcsvc.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\WPDBusEnum]
"ServiceDll"="%SystemRoot%\system32\wpdbusenum.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\WpdUsb]
"ImagePath"="system32\DRIVERS\wpdusb.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\WPFFontCache_v0400]
"ImagePath"="c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\ws2ifsl]
"ImagePath"="\SystemRoot\system32\drivers\ws2ifsl.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\WSearch]
"ImagePath"="%systemroot%\system32\SearchIndexer.exe /Embedding"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\WSearchIdxPi]
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\WtuSystemSupport]
"ImagePath"="\"c:\program files\AVG Web TuneUp\WtuSystemSupport.exe\""
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\wuauserv]
"ServiceDll"="%systemroot%\system32\wuaueng.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\WUDFRd]
"ImagePath"="system32\DRIVERS\WUDFRd.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\wudfsvc]
"ServiceDll"="%SystemRoot%\System32\WUDFSvc.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\xmlprov]
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\{07171AC2-0D2A-427d-BCE5-B6C2D6C7058B}]
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\{59421C86-6535-4C3E-AECD-5BBC619CB297}]
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\{657796CE-13CE-4CA5-B067-6948B809C90F}]
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\{79B55CDF-6B23-4DFA-80F3-64D0D20A4920}]
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\{DC2E157A-852A-4EE3-9150-4DCEDAFEB5D3}]
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- DLLs chargées dans les processus actifs ---------------------
.
- - - - - - - > 'Explorer.exe'(5592)
c:\program files\Common Files\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll
.
------------------------ Autres processus actifs ------------------------
.
c:\progra~1\AVG\AVG2015\avgrsx.exe
c:\program files\AVG\AVG2015\avgcsrvx.exe
c:\program files\AVG Web TuneUp\WtuSystemSupport.exe
c:\windows\system32\WLANExt.exe
c:\program files\Google\Update\1.3.29.1\GoogleCrashHandler.exe
c:\windows\system32\AEADISRV.EXE
c:\program files\AVG\AVG2015\avgidsagent.exe
c:\program files\AVG\AVG2015\avgwdsvc.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\PDF Complete\pdfsvc.exe
c:\program files\AVG\AVG2015\avgnsx.exe
c:\program files\AVG\AVG2015\avgemcx.exe
c:\windows\System32\TUProgSt.exe
c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\40.2.4\ToolbarUpdater.exe
c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\40.2.4\loggingserver.exe
c:\windows\system32\conime.exe
c:\program files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
c:\program files\AVG\AVG2015\avgui.exe
c:\program files\AVG Web TuneUp\vprot.exe
c:\program files\Google\Drive\googledrivesync.exe
c:\users\TO\AppData\Local\Microsoft\OneDrive\OneDrive.exe
c:\users\TO\AppData\Roaming\Dropbox\bin\Dropbox.exe
c:\windows\system32\wbem\unsecapp.exe
c:\program files\Hewlett-Packard\HP Health Check\hphc_service.exe
c:\program files\Google\Drive\googledrivesync.exe
c:\windows\system32\RacAgent.exe
.
**************************************************************************
.
Heure de fin: 2015-12-22 16:58:23 - La machine a redémarré
ComboFix-quarantined-files.txt 2015-12-22 15:57
.
Avant-CF: 9 453 379 584 octets libres
Après-CF: 8 970 833 920 octets libres
.
- - End Of File - - A3119C3F9F7567A84CFEF28236013A3A
5C616939100B85E558DA92B899A0FC36
Lancé depuis: c:\users\TO\Desktop\ComboFix.exe
.
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\TO\AppData\Local\Temp\_MEI37362\_ctypes.pyd
c:\users\TO\AppData\Local\Temp\_MEI37362\_elementtree.pyd
c:\users\TO\AppData\Local\Temp\_MEI37362\_hashlib.pyd
c:\users\TO\AppData\Local\Temp\_MEI37362\_multiprocessing.pyd
c:\users\TO\AppData\Local\Temp\_MEI37362\_psutil_windows.pyd
c:\users\TO\AppData\Local\Temp\_MEI37362\_socket.pyd
c:\users\TO\AppData\Local\Temp\_MEI37362\_ssl.pyd
c:\users\TO\AppData\Local\Temp\_MEI37362\_yappi.pyd
c:\users\TO\AppData\Local\Temp\_MEI37362\common.time34.pyd
c:\users\TO\AppData\Local\Temp\_MEI37362\hashobjs_ext.pyd
c:\users\TO\AppData\Local\Temp\_MEI37362\pyexpat.pyd
c:\users\TO\AppData\Local\Temp\_MEI37362\pysqlite2._sqlite.pyd
c:\users\TO\AppData\Local\Temp\_MEI37362\python27.dll
c:\users\TO\AppData\Local\Temp\_MEI37362\pythoncom27.dll
c:\users\TO\AppData\Local\Temp\_MEI37362\PyWinTypes27.dll
c:\users\TO\AppData\Local\Temp\_MEI37362\select.pyd
c:\users\TO\AppData\Local\Temp\_MEI37362\thumbnails_ext.pyd
c:\users\TO\AppData\Local\Temp\_MEI37362\unicodedata.pyd
c:\users\TO\AppData\Local\Temp\_MEI37362\usb_ext.pyd
c:\users\TO\AppData\Local\Temp\_MEI37362\win32api.pyd
c:\users\TO\AppData\Local\Temp\_MEI37362\win32com.shell.shell.pyd
c:\users\TO\AppData\Local\Temp\_MEI37362\win32crypt.pyd
c:\users\TO\AppData\Local\Temp\_MEI37362\win32event.pyd
c:\users\TO\AppData\Local\Temp\_MEI37362\win32file.pyd
c:\users\TO\AppData\Local\Temp\_MEI37362\win32gui.pyd
c:\users\TO\AppData\Local\Temp\_MEI37362\win32inet.pyd
c:\users\TO\AppData\Local\Temp\_MEI37362\win32pdh.pyd
c:\users\TO\AppData\Local\Temp\_MEI37362\win32pipe.pyd
c:\users\TO\AppData\Local\Temp\_MEI37362\win32process.pyd
c:\users\TO\AppData\Local\Temp\_MEI37362\win32profile.pyd
c:\users\TO\AppData\Local\Temp\_MEI37362\win32security.pyd
c:\users\TO\AppData\Local\Temp\_MEI37362\win32ts.pyd
c:\users\TO\AppData\Local\Temp\_MEI37362\windows._lib_cacheinvalidation.pyd
c:\users\TO\AppData\Local\Temp\_MEI37362\wx._animate.pyd
c:\users\TO\AppData\Local\Temp\_MEI37362\wx._controls_.pyd
c:\users\TO\AppData\Local\Temp\_MEI37362\wx._core_.pyd
c:\users\TO\AppData\Local\Temp\_MEI37362\wx._gdi_.pyd
c:\users\TO\AppData\Local\Temp\_MEI37362\wx._html2.pyd
c:\users\TO\AppData\Local\Temp\_MEI37362\wx._misc_.pyd
c:\users\TO\AppData\Local\Temp\_MEI37362\wx._windows_.pyd
c:\users\TO\AppData\Local\Temp\_MEI37362\wx._wizard.pyd
c:\users\TO\AppData\Local\Temp\_MEI37362\wxbase30u_net_vc90.dll
c:\users\TO\AppData\Local\Temp\_MEI37362\wxbase30u_vc90.dll
c:\users\TO\AppData\Local\Temp\_MEI37362\wxmsw30u_adv_vc90.dll
c:\users\TO\AppData\Local\Temp\_MEI37362\wxmsw30u_core_vc90.dll
c:\users\TO\AppData\Local\Temp\_MEI37362\wxmsw30u_html_vc90.dll
c:\users\TO\AppData\Local\Temp\_MEI37362\wxmsw30u_webview_vc90.dll
c:\windows\system32\AdobePDF.dll
c:\windows\system32\MailBee.dll
.
---- Exécution préalable -------
.
C:\install.exe
c:\program files\ma-config.com\config.xml
c:\program files\ma-config.com\CPUID\cpuidsdk.dll
c:\program files\ma-config.com\Drivers\driverhardwarev2.sys
c:\program files\ma-config.com\Drivers\driverhardwarev2ia64.sys
c:\program files\ma-config.com\Drivers\driverhardwarev2x64.cat
c:\program files\ma-config.com\Drivers\driverhardwarev2x64.sys
c:\program files\ma-config.com\Drivers\matos9x.vxd
c:\program files\ma-config.com\HardwareDetection.ocx
c:\program files\ma-config.com\Langues\LangueMC_en.dll
c:\program files\ma-config.com\Langues\LangueMC_fr.dll
c:\program files\ma-config.com\ma-config.html
c:\program files\ma-config.com\maconfservice.exe
c:\program files\ma-config.com\MCBCL.dll
c:\program files\ma-config.com\mcnoyau.dll
c:\program files\ma-config.com\mcrypt.dll
c:\program files\ma-config.com\mcsettings.exe
c:\program files\ma-config.com\nphardwaredetection.dll
c:\program files\ma-config.com\sqlite3.dll
c:\programdata\ma-config.com\Logs\maconfservice.txt
c:\programdata\ma-config.com\Logs\npapi.txt
c:\programdata\ma-config.com\mcbase.db
c:\programdata\ma-config.com\Temp\mc_BE62.tmp
c:\users\TO\AppData\Local\Temp\_MEI29162\_ctypes.pyd
c:\users\TO\AppData\Local\Temp\_MEI29162\_elementtree.pyd
c:\users\TO\AppData\Local\Temp\_MEI29162\_hashlib.pyd
c:\users\TO\AppData\Local\Temp\_MEI29162\_multiprocessing.pyd
c:\users\TO\AppData\Local\Temp\_MEI29162\_psutil_windows.pyd
c:\users\TO\AppData\Local\Temp\_MEI29162\_socket.pyd
c:\users\TO\AppData\Local\Temp\_MEI29162\_ssl.pyd
c:\users\TO\AppData\Local\Temp\_MEI29162\_yappi.pyd
c:\users\TO\AppData\Local\Temp\_MEI29162\common.time34.pyd
c:\users\TO\AppData\Local\Temp\_MEI29162\hashobjs_ext.pyd
c:\users\TO\AppData\Local\Temp\_MEI29162\pyexpat.pyd
c:\users\TO\AppData\Local\Temp\_MEI29162\pysqlite2._sqlite.pyd
c:\users\TO\AppData\Local\Temp\_MEI29162\python27.dll
c:\users\TO\AppData\Local\Temp\_MEI29162\pythoncom27.dll
c:\users\TO\AppData\Local\Temp\_MEI29162\PyWinTypes27.dll
c:\users\TO\AppData\Local\Temp\_MEI29162\select.pyd
c:\users\TO\AppData\Local\Temp\_MEI29162\thumbnails_ext.pyd
c:\users\TO\AppData\Local\Temp\_MEI29162\unicodedata.pyd
c:\users\TO\AppData\Local\Temp\_MEI29162\usb_ext.pyd
c:\users\TO\AppData\Local\Temp\_MEI29162\win32api.pyd
c:\users\TO\AppData\Local\Temp\_MEI29162\win32com.shell.shell.pyd
c:\users\TO\AppData\Local\Temp\_MEI29162\win32crypt.pyd
c:\users\TO\AppData\Local\Temp\_MEI29162\win32event.pyd
c:\users\TO\AppData\Local\Temp\_MEI29162\win32file.pyd
c:\users\TO\AppData\Local\Temp\_MEI29162\win32gui.pyd
c:\users\TO\AppData\Local\Temp\_MEI29162\win32inet.pyd
c:\users\TO\AppData\Local\Temp\_MEI29162\win32pdh.pyd
c:\users\TO\AppData\Local\Temp\_MEI29162\win32pipe.pyd
c:\users\TO\AppData\Local\Temp\_MEI29162\win32process.pyd
c:\users\TO\AppData\Local\Temp\_MEI29162\win32profile.pyd
c:\users\TO\AppData\Local\Temp\_MEI29162\win32security.pyd
c:\users\TO\AppData\Local\Temp\_MEI29162\win32ts.pyd
c:\users\TO\AppData\Local\Temp\_MEI29162\windows._lib_cacheinvalidation.pyd
c:\users\TO\AppData\Local\Temp\_MEI29162\wx._animate.pyd
c:\users\TO\AppData\Local\Temp\_MEI29162\wx._controls_.pyd
c:\users\TO\AppData\Local\Temp\_MEI29162\wx._core_.pyd
c:\users\TO\AppData\Local\Temp\_MEI29162\wx._gdi_.pyd
c:\users\TO\AppData\Local\Temp\_MEI29162\wx._html2.pyd
c:\users\TO\AppData\Local\Temp\_MEI29162\wx._misc_.pyd
c:\users\TO\AppData\Local\Temp\_MEI29162\wx._windows_.pyd
c:\users\TO\AppData\Local\Temp\_MEI29162\wx._wizard.pyd
c:\users\TO\AppData\Local\Temp\_MEI29162\wxbase30u_net_vc90.dll
c:\users\TO\AppData\Local\Temp\_MEI29162\wxbase30u_vc90.dll
c:\users\TO\AppData\Local\Temp\_MEI29162\wxmsw30u_adv_vc90.dll
c:\users\TO\AppData\Local\Temp\_MEI29162\wxmsw30u_core_vc90.dll
c:\users\TO\AppData\Local\Temp\_MEI29162\wxmsw30u_html_vc90.dll
c:\users\TO\AppData\Local\Temp\_MEI29162\wxmsw30u_webview_vc90.dll
c:\users\TO\AppData\Roaming\1&1\1&1 EasyLogin\EasyLogin.log
c:\users\TO\AppData\Roaming\1&1\1&1 EasyLogin\update\ConnexionDirecte_setup.exe
c:\users\TO\ZHPDiag3.exe
c:\windows\system32\~GLH0002.TMP
.
.
((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_driverhardwarev2
-------\Legacy_driverhardwarev2
-------\Service_driverhardwarev2
-------\Service_maconfservice
-------\Service_driverhardwarev2
-------\Service_maconfservice
.
.
((((((((((((((((((((((((((((( Fichiers créés du 2015-11-22 au 2015-12-22 ))))))))))))))))))))))))))))))))))))
.
.
2015-12-22 15:31 . 2015-12-22 15:31 -------- d-----w- c:\users\TEMP\AppData\Local\temp
2015-12-22 15:31 . 2015-12-22 15:31 -------- d-----w- c:\users\McAfeeMVSUser\AppData\Local\temp
2015-12-22 15:31 . 2015-12-22 15:31 -------- d-----w- c:\users\Default\AppData\Local\temp
2015-12-22 11:20 . 2015-12-22 11:20 -------- d-----w- C:\OneDriveTemp
2015-12-19 10:46 . 2015-12-22 11:51 -------- d-----w- C:\FRST
2015-12-19 08:13 . 2015-12-19 08:13 -------- d-----w- c:\programdata\AVG Security Toolbar
2015-12-19 08:13 . 2015-12-22 11:33 -------- d-----w- c:\users\TO\AppData\Local\AVG Web TuneUp
2015-12-19 08:12 . 2015-12-19 08:12 -------- d-----w- c:\programdata\AVG Secure Search
2015-12-19 08:12 . 2015-12-19 08:12 -------- d-----w- c:\program files\Common Files\AVG Secure Search
2015-12-19 08:12 . 2015-12-19 08:13 -------- d-----w- c:\programdata\AVG Web TuneUp
2015-12-19 08:11 . 2015-12-19 08:12 -------- d-----w- c:\program files\AVG Web TuneUp
2015-12-18 14:54 . 2015-08-13 14:15 304640 ----a-w- c:\windows\system32\drivers\srv.sys
2015-12-18 14:54 . 2015-08-13 14:15 102912 ----a-w- c:\windows\system32\drivers\srvnet.sys
2015-12-18 14:52 . 2015-07-21 16:07 56256 ----a-w- c:\windows\system32\drivers\mountmgr.sys
2015-12-18 14:52 . 2015-07-21 16:07 140224 ----a-w- c:\windows\system32\drivers\ecache.sys
2015-12-18 14:52 . 2015-07-21 16:03 10752 ----a-w- c:\windows\system32\msmmsp.dll
2015-12-18 14:52 . 2015-07-21 16:03 564224 ----a-w- c:\windows\system32\emdmgmt.dll
2015-12-18 14:50 . 2015-07-03 16:04 1316864 ----a-w- c:\windows\system32\ole32.dll
2015-12-18 14:48 . 2015-07-31 19:27 103120 ----a-w- c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
2015-12-18 14:46 . 2015-06-17 15:09 73216 ----a-w- c:\windows\system32\msiexec.exe
2015-12-18 14:46 . 2015-06-17 16:50 2264576 ----a-w- c:\windows\system32\msi.dll
2015-12-18 14:45 . 2015-06-12 16:01 298496 ----a-w- c:\windows\system32\gdi32.dll
2015-12-18 14:43 . 2015-04-24 15:54 532480 ----a-w- c:\windows\system32\comctl32.dll
2015-12-18 14:41 . 2015-07-10 19:37 2067968 ----a-w- c:\windows\system32\mstscax.dll
2015-12-18 14:23 . 2015-03-05 02:32 244152 ----a-w- c:\windows\system32\clfs.sys
2015-12-18 14:23 . 2015-03-05 02:23 57344 ----a-w- c:\windows\system32\clfsw32.dll
2015-12-18 14:22 . 2015-11-06 16:32 219648 ----a-w- c:\windows\system32\d3d10_1core.dll
2015-12-18 14:22 . 2015-11-06 16:32 189952 ----a-w- c:\windows\system32\d3d10core.dll
2015-12-18 14:22 . 2015-11-06 16:32 160768 ----a-w- c:\windows\system32\d3d10_1.dll
2015-12-18 14:22 . 2015-11-06 15:27 1172480 ----a-w- c:\windows\system32\d3d10warp.dll
2015-12-18 14:22 . 2015-11-06 15:26 486400 ----a-w- c:\windows\system32\d3d10level9.dll
2015-12-18 14:22 . 2015-11-06 15:20 682496 ----a-w- c:\windows\system32\d2d1.dll
2015-12-18 14:22 . 2015-11-06 17:05 627712 ----a-w- c:\windows\system32\user32.dll
2015-12-18 14:22 . 2015-11-06 16:32 1029120 ----a-w- c:\windows\system32\d3d10.dll
2015-12-18 14:22 . 2015-11-06 15:24 2068480 ----a-w- c:\windows\system32\win32k.sys
2015-12-18 14:22 . 2015-11-06 15:20 1073152 ----a-w- c:\windows\system32\DWrite.dll
2015-12-18 14:22 . 2015-11-06 15:19 802304 ----a-w- c:\windows\system32\FntCache.dll
2015-12-18 14:06 . 2015-10-13 14:31 273408 ----a-w- c:\windows\system32\drivers\afd.sys
2015-12-18 14:06 . 2015-10-13 14:31 72192 ----a-w- c:\windows\system32\drivers\tdx.sys
2015-12-18 14:05 . 2015-11-02 17:04 179200 ----a-w- c:\windows\system32\els.dll
2015-12-18 14:01 . 2015-10-17 16:01 501248 ----a-w- c:\windows\system32\kerberos.dll
2015-12-18 13:56 . 2015-07-18 16:03 68608 ----a-w- c:\windows\system32\basesrv.dll
2015-12-18 13:49 . 2015-09-02 21:26 34304 ----a-w- c:\windows\system32\atmlib.dll
2015-12-18 13:49 . 2015-09-02 19:54 297472 ----a-w- c:\windows\system32\atmfd.dll
2015-12-18 13:27 . 2015-08-05 15:59 602112 ----a-w- c:\windows\system32\schedsvc.dll
2015-12-18 13:24 . 2015-10-14 20:22 1206192 ----a-w- c:\windows\system32\ntdll.dll
2015-12-18 13:24 . 2015-07-21 16:03 49664 ----a-w- c:\windows\system32\csrsrv.dll
2015-12-18 13:24 . 2015-10-14 16:01 3606464 ----a-w- c:\windows\system32\ntkrnlpa.exe
2015-12-18 13:24 . 2015-10-14 16:01 3554752 ----a-w- c:\windows\system32\ntoskrnl.exe
2015-12-18 13:21 . 2015-10-01 16:03 940032 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\journal.dll
2015-12-18 12:44 . 2015-07-10 19:37 1402368 ----a-w- c:\windows\system32\msxml6.dll
2015-12-18 12:44 . 2015-07-10 19:37 1253376 ----a-w- c:\windows\system32\msxml3.dll
2015-12-18 12:43 . 2015-05-31 08:11 225792 ----a-w- c:\windows\system32\cewmdm.dll
2015-12-18 12:23 . 2015-04-10 23:22 279552 ----a-w- c:\windows\system32\services.exe
2015-12-18 12:10 . 2014-09-04 23:27 143360 ----a-w- c:\windows\system32\drivers\fastfat.sys
2015-12-18 11:50 . 2015-10-10 16:02 526272 ----a-w- c:\windows\system32\drivers\ndis.sys
2015-12-18 11:25 . 2015-07-01 15:57 199680 ----a-w- c:\windows\system32\WebClnt.dll
2015-12-18 11:24 . 2015-07-09 14:25 151040 ----a-w- c:\windows\system32\notepad.exe
2015-12-18 11:24 . 2015-07-09 14:25 151040 ----a-w- c:\windows\notepad.exe
2015-12-18 11:24 . 2015-11-10 17:03 1208832 ----a-w- c:\windows\system32\comsvcs.dll
2015-12-18 11:24 . 2015-11-10 17:03 488448 ----a-w- c:\windows\system32\catsrvut.dll
2015-12-18 11:23 . 2015-11-05 07:34 113664 ----a-w- c:\windows\system32\drivers\rmcast.sys
2015-12-18 11:22 . 2015-05-04 22:50 7680 ----a-w- c:\windows\system32\spwmp.dll
2015-12-18 11:21 . 2015-05-04 22:50 4096 ----a-w- c:\windows\system32\msdxm.ocx
2015-12-18 11:21 . 2015-05-04 22:50 4096 ----a-w- c:\windows\system32\dxmasf.dll
2015-12-18 11:21 . 2015-05-04 21:21 107520 ----a-w- c:\program files\Windows Media Player\wmpconfig.exe
2015-12-18 11:21 . 2015-05-04 21:21 168960 ----a-w- c:\program files\Windows Media Player\wmplayer.exe
2015-12-18 11:21 . 2015-05-04 21:21 107520 ----a-w- c:\program files\Windows Media Player\wmpshare.exe
2015-12-18 11:21 . 2015-05-04 21:21 8147456 ----a-w- c:\windows\system32\wmploc.DLL
2015-12-18 11:18 . 2015-06-27 16:02 218112 ----a-w- c:\windows\system32\msv1_0.dll
2015-12-18 11:18 . 2015-06-27 14:21 217088 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2015-12-18 11:18 . 2015-06-27 14:21 81408 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2015-12-18 11:18 . 2015-01-09 00:17 107008 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2015-12-18 11:18 . 2015-09-26 16:04 206336 ----a-w- c:\windows\system32\ncrypt.dll
2015-12-18 11:18 . 2015-09-26 16:05 281600 ----a-w- c:\windows\system32\schannel.dll
2015-12-18 11:18 . 2015-06-27 16:03 783872 ----a-w- c:\windows\system32\rpcrt4.dll
2015-12-18 11:18 . 2015-06-27 16:01 801280 ----a-w- c:\windows\system32\advapi32.dll
2015-12-18 11:18 . 2015-09-26 13:21 274432 ----a-w- c:\windows\system32\bcrypt.dll
2015-12-18 11:18 . 2015-09-22 13:11 440768 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2015-12-17 17:19 . 2015-12-22 15:39 -------- d-----r- c:\users\TO\Google Drive
2015-12-17 17:16 . 2015-12-17 17:16 -------- d-----w- c:\program files\Microsoft OneDrive
2015-12-17 17:16 . 2015-12-22 15:38 -------- d-----r- c:\users\TO\OneDrive
2015-12-17 17:14 . 2015-12-17 17:14 -------- d-----w- c:\programdata\Microsoft OneDrive
2015-12-15 20:18 . 2015-12-18 13:15 -------- d-----w- c:\program files\ZHPFix
2015-12-15 07:10 . 2015-12-15 07:10 -------- d-----w- c:\users\TO\AppData\Local\Avg
2015-12-14 23:59 . 2015-01-29 01:35 369664 ----a-w- c:\windows\system32\WMPhoto.dll
2015-12-14 23:59 . 2015-01-29 01:35 975360 ----a-w- c:\windows\system32\WindowsCodecs.dll
2015-12-14 23:57 . 2014-06-13 18:22 81560 ----a-w- c:\windows\system32\mscories.dll
2015-12-14 23:57 . 2014-06-13 18:22 156824 ----a-w- c:\windows\system32\mscorier.dll
2015-12-14 23:57 . 2014-06-15 22:18 1131664 ----a-w- c:\windows\system32\dfshim.dll
2015-12-14 23:52 . 2014-10-10 01:00 146432 ----a-w- c:\windows\system32\msaudite.dll
2015-12-14 23:52 . 2014-10-09 23:22 619520 ----a-w- c:\windows\system32\adtschema.dll
2015-12-14 23:52 . 2014-10-10 01:01 449536 ----a-w- c:\windows\system32\termsrv.dll
2015-12-14 23:51 . 2014-12-19 00:25 115200 ----a-w- c:\windows\system32\drivers\mrxdav.sys
2015-12-14 23:40 . 2014-08-27 00:55 2048 ----a-w- c:\windows\system32\msxml3r.dll
2015-12-14 23:39 . 2014-10-24 01:04 67072 ----a-w- c:\windows\system32\packager.dll
2015-12-14 23:38 . 2015-01-09 00:18 64000 ----a-w- c:\windows\system32\smss.exe
2015-12-14 23:37 . 2015-01-21 02:02 807936 ----a-w- c:\windows\system32\msctf.dll
2015-12-14 23:37 . 2014-08-12 02:25 729600 ----a-w- c:\windows\system32\IMJP10K.DLL
2015-12-14 23:35 . 2014-10-10 01:00 1259008 ----a-w- c:\windows\system32\lsasrv.dll
2015-12-14 23:35 . 2014-10-03 01:17 316928 ----a-w- c:\windows\system32\audiosrv.dll
2015-12-14 23:35 . 2014-10-03 01:18 274432 ----a-w- c:\windows\system32\AUDIOKSE.dll
2015-12-14 23:35 . 2014-10-03 01:17 170496 ----a-w- c:\windows\system32\EncDump.dll
2015-12-14 23:35 . 2014-10-03 01:17 396800 ----a-w- c:\windows\system32\AudioEng.dll
2015-12-14 23:34 . 2014-12-06 03:14 48640 ----a-w- c:\windows\system32\nlaapi.dll
2015-12-14 23:34 . 2014-12-06 03:14 174080 ----a-w- c:\windows\system32\nlasvc.dll
2015-12-14 23:34 . 2014-12-06 03:14 93184 ----a-w- c:\windows\system32\ncsi.dll
2015-12-14 23:33 . 2014-10-18 01:08 564224 ----a-w- c:\windows\system32\oleaut32.dll
2015-12-14 23:32 . 2014-12-08 01:59 306176 ----a-w- c:\windows\system32\scesrv.dll
2015-12-14 19:23 . 2015-12-14 19:24 170200 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2015-12-14 19:14 . 2015-10-05 08:50 51928 ----a-w- c:\windows\system32\drivers\mwac.sys
2015-12-14 19:14 . 2015-10-05 08:50 94936 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2015-12-14 19:14 . 2015-10-05 08:50 23256 ----a-w- c:\windows\system32\drivers\mbam.sys
2015-12-14 19:14 . 2015-12-14 19:15 -------- d-----w- c:\program files\Malwarebytes Anti-Malware
2015-12-14 15:43 . 2015-12-14 15:43 -------- d-----w- c:\users\TO\AppData\Local\Dropbox
2015-12-14 15:43 . 2015-12-14 15:43 -------- d-----w- c:\programdata\Dropbox
.
.
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-12-14 17:05 . 2013-11-18 22:47 796864 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2015-12-14 17:05 . 2013-11-18 22:47 142528 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2015-10-19 11:38 . 2015-10-19 11:38 252336 ----a-w- c:\windows\system32\drivers\avgidsdriverx.sys
2013-10-12 01:38 . 2013-10-12 01:38 50053120 ----a-w- c:\program files\GUTCB89.tmp
2009-04-17 20:47 . 2009-04-17 20:46 19875528 ----a-w- c:\program files\coolpaie_SP_3.3.0.68.exe
2009-04-17 20:23 . 2009-04-17 20:23 7869591 ----a-w- c:\program files\Podmailing_Setup_0_11_2.exe
.
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]
2015-12-19 08:10 2410896 ----a-w- c:\program files\AVG Web TuneUp\4.2.4.155\AVG Web TuneUp.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ GoogleDriveBlacklisted]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]
2015-11-04 13:01 576840 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ GoogleDriveSynced]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]
2015-11-04 13:01 576840 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ GoogleDriveSyncing]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]
2015-11-04 13:01 576840 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ OneDrive1]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2015-12-17 17:15 1587912 ----a-w- c:\users\TO\AppData\Local\Microsoft\OneDrive\17.3.6281.1202\FileSyncShell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ OneDrive2]
@="{5AB7172C-9C11-405C-8DD5-AF20F3606282}"
[HKEY_CLASSES_ROOT\CLSID\{5AB7172C-9C11-405C-8DD5-AF20F3606282}]
2015-12-17 17:15 1587912 ----a-w- c:\users\TO\AppData\Local\Microsoft\OneDrive\17.3.6281.1202\FileSyncShell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ OneDrive3]
@="{A78ED123-AB77-406B-9962-2A5D9D2F7F30}"
[HKEY_CLASSES_ROOT\CLSID\{A78ED123-AB77-406B-9962-2A5D9D2F7F30}]
2015-12-17 17:15 1587912 ----a-w- c:\users\TO\AppData\Local\Microsoft\OneDrive\17.3.6281.1202\FileSyncShell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ OneDrive4]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2015-12-17 17:15 1587912 ----a-w- c:\users\TO\AppData\Local\Microsoft\OneDrive\17.3.6281.1202\FileSyncShell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ OneDrive5]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2015-12-17 17:15 1587912 ----a-w- c:\users\TO\AppData\Local\Microsoft\OneDrive\17.3.6281.1202\FileSyncShell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2015-12-08 21:33 199488 ----a-w- c:\users\TO\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2015-12-08 21:33 199488 ----a-w- c:\users\TO\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2015-12-08 21:33 199488 ----a-w- c:\users\TO\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2015-12-08 21:33 199488 ----a-w- c:\users\TO\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoWinKeys"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\DeviceNP]
2007-06-08 17:04 49152 ------w- c:\windows\System32\DeviceNP.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^Users^TO^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dropbox.lnk]
path=c:\users\TO\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
backup=c:\windows\pss\Dropbox.lnk.Startup
backupExtension=.Startup
.
[HKLM\~\startupfolder\C:^Users^TO^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.4.1.lnk]
path=c:\users\TO\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk
backup=c:\windows\pss\OpenOffice.org 3.4.1.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2013-04-04 08:36 958576 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2013-05-08 21:20 41056 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]
2013-04-21 20:43 59720 ----a-w- c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Photosmart 5520 series (NET)]
2012-10-17 03:05 1837672 ----a-w- c:\program files\HP\HP Photosmart 5520 series\Bin\ScanToPCActivationApp.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2011-10-28 11:18 49208 ----a-w- c:\program files\HP\HP Software Update\hpwuschd2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpWirelessAssistant]
2008-04-15 22:51 488752 ----a-w- c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QlbCtrl.exe]
2008-05-14 19:26 177456 ----a-w- c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2014-01-17 14:24 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sidebar]
2009-04-11 06:28 1233920 ----a-w- c:\program files\Windows Sidebar\sidebar.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2014-07-25 10:29 256896 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
2008-03-27 19:05 1045800 ----a-w- c:\program files\Synaptics\SynTP\SynTPEnh.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
2008-01-21 02:33 1008184 ----a-w- c:\program files\Windows Defender\MSASCui.exe
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"LightScribe Control Panel"=c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"HP Health Check Scheduler"=c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
"AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
"IgfxTray"=c:\windows\system32\igfxtray.exe
"Persistence"=c:\windows\system32\igfxpers.exe
"HotKeysCmds"=c:\windows\system32\hkcmd.exe
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime
"PTHOSTTR"=c:\program files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE /Start
"PDF Complete"="c:\program files\PDF Complete\pdfsty.exe"
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe"
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
"HP Software Update"=c:\program files\Hp\HP Software Update\HPWuSchd2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-1091579693-3492347612-461701170-1004]
"EnableNotifications"=dword:00000001
"EnableNotificationsRef"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2008-03-18 01:56 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2015-12-17 17:04 1000264 ----a-w- c:\program files\Google\Chrome\Application\47.0.2526.106\Installer\chrmstp.exe
.
Contenu du dossier 'Tâches planifiées'
.
2015-12-22 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-11-18 17:05]
.
2015-12-22 c:\windows\Tasks\DropboxUpdateTaskUserS-1-5-21-1091579693-3492347612-461701170-1004Core.job
- c:\users\TO\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-12-14 15:43]
.
2015-12-22 c:\windows\Tasks\DropboxUpdateTaskUserS-1-5-21-1091579693-3492347612-461701170-1004UA.job
- c:\users\TO\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-12-14 15:43]
.
2015-12-22 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2014-06-11 16:34]
.
2015-12-22 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2014-06-11 16:34]
.
2014-03-30 c:\windows\Tasks\Maintenance en 1 clic.job
- c:\program files\TuneUp Utilities 2009\OneClickStarter.exe [2008-12-12 14:04]
.
.
------- Examen supplémentaire -------
.
uStart Page = https://mysearch.avg.com/?cid={064384DA-8DCF-4D82-9692-42DEB88B38C6}&mid=811bc8c512f847d39699d16b22605fcb-70287c5c0e557a6f5c90d94a5c94205cb086d5a9&lang=fr&ds=AVG&coid=avgtbavg&cmpid=1215av&pr=fr&d=2015-12-19 09:12&v=4.2.4.155&pid=wtu&sg=&sap=hp
mStart Page = hxxp://www.google.com
IE: &Envoyer à OneNote - c:\progra~1\MICROS~4\Office14\ONBttnIE.dll/105
IE: Convertir les liens sélectionnés en fichier Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~4\Office14\EXCEL.EXE/3000
IE: Envoyer à &Bluetooth - c:\program files\WIDCOMM\Logiciel Bluetooth\btsendto_ie_ctx.htm
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
FF - ProfilePath - c:\users\TO\AppData\Roaming\Mozilla\Firefox\Profiles\4stolb28.default-1384451292283\
.
- - - - ORPHELINS SUPPRIMES - - - -
.
MSConfigStartUp-BCSSync - c:\program files\Microsoft Office\Office14\BCSSync.exe
MSConfigStartUp-iTunesHelper - c:\program files\iTunes\iTunesHelper.exe
MSConfigStartUp-SoundMAXPnP - c:\program files\Analog Devices\Core\smax4pnp.exe
MSConfigStartUp-TkBellExe - c:\program files\Common Files\Real\Update_OB\realsched.exe
MSConfigStartUp-VirtualCloneDrive - c:\program files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2015-12-22 16:36
Windows 6.0.6002 Service Pack 2 NTFS
.
Recherche de processus cachés ...
.
Recherche d'éléments en démarrage automatique cachés ...
.
Recherche de fichiers cachés ...
.
Scan terminé avec succès
Fichiers cachés: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\pdfcDispatcher]
"ImagePath"="c:\program files\PDF Complete\pdfsvc.exe /startedbyscm:66B66708-40E2BE4D-pdfcService"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\TrueSight]
"ImagePath"="\??\"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\.NET CLR Data]
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\.NET CLR Networking]
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\.NET CLR Networking 4.0.0.0]
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\.NET Data Provider for Oracle]
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\.NET Data Provider for SqlServer]
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\.NET Memory Cache 4.0]
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\.NETFramework]
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\ACPI]
"ImagePath"="system32\drivers\acpi.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\adfs]
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\ADIHdAudAddService]
"ImagePath"="system32\drivers\ADIHdAud.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\AdobeDriveCS4_NP]
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\AdobeFlashPlayerUpdateSvc]
"ImagePath"="c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\adp94xx]
"ImagePath"="system32\drivers\adp94xx.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\adpahci]
"ImagePath"="system32\drivers\adpahci.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\adpu160m]
"ImagePath"="system32\drivers\adpu160m.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\adpu320]
"ImagePath"="system32\drivers\adpu320.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\adsi]
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\AEADIFilters]
"ImagePath"="%SystemRoot%\system32\AEADISRV.EXE"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\AeLookupSvc]
"ServiceDll"="%SystemRoot%\System32\aelupsvc.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\AFD]
"ImagePath"="\SystemRoot\system32\drivers\afd.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\AgereModemAudio]
"ImagePath"="c:\windows\system32\agrsmsvc.exe"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\AgereSoftModem]
"ImagePath"="system32\DRIVERS\AGRSM.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\agp440]
"ImagePath"="\SystemRoot\system32\drivers\agp440.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\aic78xx]
"ImagePath"="system32\drivers\djsvs.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\ALG]
"ImagePath"="%SystemRoot%\System32\alg.exe"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\aliide]
"ImagePath"="system32\drivers\aliide.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\amdagp]
"ImagePath"="\SystemRoot\system32\drivers\amdagp.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\amdide]
"ImagePath"="system32\drivers\amdide.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\AmdK7]
"ImagePath"="\SystemRoot\system32\drivers\amdk7.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\AmdK8]
"ImagePath"="system32\DRIVERS\amdk8.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Appinfo]
"ServiceDll"="%SystemRoot%\System32\appinfo.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\AppMgmt]
"ServiceDll"="%SystemRoot%\System32\appmgmts.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\arc]
"ImagePath"="system32\drivers\arc.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\arcsas]
"ImagePath"="system32\drivers\arcsas.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\ASP.NET]
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\ASP.NET_1.1.4322]
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\ASP.NET_2.0.50727]
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\ASP.NET_4.0.30319]
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Aspi32]
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\aspnet_state]
"ImagePath"="%SystemRoot%\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\AsyncMac]
"ImagePath"="system32\DRIVERS\asyncmac.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\atapi]
"ImagePath"="system32\drivers\atapi.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\athrusb]
"ImagePath"="system32\DRIVERS\athrusb.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\atksgt]
"ImagePath"="system32\DRIVERS\atksgt.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\AudioEndpointBuilder]
"ServiceDll"="%SystemRoot%\System32\Audiosrv.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Audiosrv]
"ServiceDll"="%SystemRoot%\System32\Audiosrv.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Avg]
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Avgdiskx]
"ImagePath"="system32\DRIVERS\avgdiskx.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\AVGIDSAgent]
"ImagePath"="\"c:\program files\AVG\AVG2015\avgidsagent.exe\""
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\AVGIDSDriver]
"ImagePath"="system32\DRIVERS\avgidsdriverx.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\AVGIDSHX]
"ImagePath"="system32\DRIVERS\avgidshx.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\AVGIDSShim]
"ImagePath"="system32\DRIVERS\avgidsshimx.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Avgldx86]
"ImagePath"="system32\DRIVERS\avgldx86.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Avglogx]
"ImagePath"="system32\DRIVERS\avglogx.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Avgmfx86]
"ImagePath"="system32\DRIVERS\avgmfx86.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Avgrkx86]
"ImagePath"="system32\DRIVERS\avgrkx86.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Avgtdix]
"ImagePath"="system32\DRIVERS\avgtdix.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\avgwd]
"ImagePath"="\"c:\program files\AVG\AVG2015\avgwdsvc.exe\""
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\b57nd60x]
"ImagePath"="system32\DRIVERS\b57nd60x.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\BattC]
"MofImagePath"="system32\drivers\battc.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\BCM43XX]
"ImagePath"="system32\DRIVERS\bcmwl6.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Beep]
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\BFE]
"ServiceDll"="%SystemRoot%\System32\bfe.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\BITS]
"ServiceDll"="%systemroot%\system32\qmgr.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\blbdrive]
"ImagePath"="\SystemRoot\system32\drivers\blbdrive.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\bowser]
"ImagePath"="system32\DRIVERS\bowser.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\BrFiltLo]
"ImagePath"="\SystemRoot\system32\drivers\brfiltlo.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\BrFiltUp]
"ImagePath"="\SystemRoot\system32\drivers\brfiltup.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Browser]
"ServiceDll"="%SystemRoot%\System32\browser.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Brserid]
"ImagePath"="\SystemRoot\system32\drivers\brserid.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\BrSerWdm]
"ImagePath"="\SystemRoot\system32\drivers\brserwdm.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\BrUsbMdm]
"ImagePath"="\SystemRoot\system32\drivers\brusbmdm.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\BrUsbSer]
"ImagePath"="\SystemRoot\system32\drivers\brusbser.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\btaudio]
"ImagePath"="system32\drivers\btaudio.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\BTDriver]
"ImagePath"="system32\DRIVERS\btport.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\BTHMODEM]
"ImagePath"="\SystemRoot\system32\drivers\bthmodem.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\BTHPORT]
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\BTKRNL]
"ImagePath"="system32\DRIVERS\btkrnl.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\catchme]
"ImagePath"="\??\c:\users\TO\AppData\Local\Temp\catchme.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\cdfs]
"ImagePath"="system32\DRIVERS\cdfs.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\cdrom]
"ImagePath"="system32\DRIVERS\cdrom.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\CertPropSvc]
"ServiceDll"="%SystemRoot%\System32\certprop.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\circlass]
"ImagePath"="\SystemRoot\system32\drivers\circlass.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\CLFS]
"ImagePath"="System32\CLFS.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\clr_optimization_v2.0.50727_32]
"ImagePath"="%systemroot%\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\clr_optimization_v4.0.30319_32]
"ImagePath"="c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\CmBatt]
"ImagePath"="system32\DRIVERS\CmBatt.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\cmdide]
"ImagePath"="system32\drivers\cmdide.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Com4QLBEx]
"ImagePath"="\"c:\program files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe\""
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Compbatt]
"ImagePath"="system32\DRIVERS\compbatt.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\COMSysApp]
"ImagePath"="%SystemRoot%\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235}"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\crcdisk]
"ImagePath"="system32\drivers\crcdisk.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Crusoe]
"ImagePath"="\SystemRoot\system32\drivers\crusoe.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\crypt32]
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\CryptSvc]
"ServiceDll"="%SystemRoot%\system32\cryptsvc.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\DAMDrv]
"ImagePath"="system32\DRIVERS\DAMDrv.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\DCLocator]
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\DcomLaunch]
"ServiceDll"="%SystemRoot%\system32\rpcss.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\DfsC]
"ImagePath"="System32\Drivers\dfsc.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\DFSR]
"ImagePath"="%SystemRoot%\system32\DFSR.exe"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Dhcp]
"ServiceDll"="%SystemRoot%\system32\dhcpcsvc.dll"
--
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\disk]
"ImagePath"="system32\drivers\disk.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Dnscache]
"ServiceDll"="%SystemRoot%\System32\dnsrslvr.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\dot3svc]
"ServiceDll"="%SystemRoot%\System32\dot3svc.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\dot4]
"ImagePath"="system32\DRIVERS\Dot4.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Dot4Print]
"ImagePath"="system32\DRIVERS\Dot4Prt.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Dot4Scan]
"ImagePath"="system32\DRIVERS\Dot4Scan.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\dot4usb]
"ImagePath"="system32\DRIVERS\dot4usb.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\DPS]
"ServiceDll"="%SystemRoot%\system32\dps.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\drmkaud]
"ImagePath"="system32\drivers\drmkaud.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\DXGKrnl]
"ImagePath"="\SystemRoot\System32\drivers\dxgkrnl.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\e1express]
"ImagePath"="system32\DRIVERS\e1e6032.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\E1G60]
"ImagePath"="system32\DRIVERS\E1G60I32.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\EapHost]
"ServiceDll"="%SystemRoot%\System32\eapsvc.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Ecache]
"ImagePath"="System32\drivers\ecache.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\elxstor]
"ImagePath"="system32\drivers\elxstor.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\EmdCache]
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\EMDMgmt]
"ServiceDll"="%systemroot%\system32\emdmgmt.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\ErrDev]
"ImagePath"="\SystemRoot\system32\drivers\errdev.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\ESENT]
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Eventlog]
"ServiceDll"="%SystemRoot%\System32\wevtsvc.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\EventSystem]
"ServiceDll"="%systemroot%\system32\es.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\ewusbnet]
"ImagePath"="system32\DRIVERS\ewusbnet.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\ew_hwusbdev]
"ImagePath"="system32\DRIVERS\ew_hwusbdev.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\exfat]
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\fastfat]
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\fdc]
"ImagePath"="system32\DRIVERS\fdc.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\fdPHost]
"ServiceDll"="%SystemRoot%\system32\fdPHost.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\FDResPub]
"ServiceDll"="%SystemRoot%\system32\fdrespub.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\FileInfo]
"ImagePath"="system32\drivers\fileinfo.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Filetrace]
"ImagePath"="system32\drivers\filetrace.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\FLCDLOCK]
"ImagePath"="c:\windows\system32\flcdlock.exe"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\FLEXnet Licensing Service]
"ImagePath"="\"c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe\""
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\flpydisk]
"ImagePath"="system32\DRIVERS\flpydisk.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\FltMgr]
"ImagePath"="system32\drivers\fltmgr.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\FontCache]
"ServiceDll"="%SystemRoot%\system32\FntCache.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\FontCache3.0.0.0]
"ImagePath"="%systemroot%\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Fs_Rec]
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\gagp30kx]
"ImagePath"="\SystemRoot\system32\drivers\gagp30kx.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\gpsvc]
"ServiceDll"="%SystemRoot%\System32\gpsvc.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\gupdate]
"ImagePath"="\"c:\program files\Google\Update\GoogleUpdate.exe\" /svc"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\gupdatem]
"ImagePath"="\"c:\program files\Google\Update\GoogleUpdate.exe\" /medsvc"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\HBtnKey]
"ImagePath"="system32\DRIVERS\cpqbttn.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\HdAudAddService]
"ImagePath"="system32\drivers\HdAudio.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\HDAudBus]
"ImagePath"="system32\DRIVERS\HDAudBus.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\HidBth]
"ImagePath"="\SystemRoot\system32\drivers\hidbth.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\HidIr]
"ImagePath"="\SystemRoot\system32\drivers\hidir.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\hidserv]
"ServiceDll"="%SystemRoot%\System32\hidserv.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\HidUsb]
"ImagePath"="system32\DRIVERS\hidusb.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\hkmsvc]
"ServiceDLL"="%SystemRoot%\system32\kmsvc.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\HP Health Check Service]
"ImagePath"="\"c:\program files\Hewlett-Packard\HP Health Check\hphc_service.exe\""
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\HpCISSs]
"ImagePath"="system32\drivers\hpcisss.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\HpqKbFiltr]
"ImagePath"="system32\DRIVERS\HpqKbFiltr.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\hpqwmiex]
"ImagePath"="\"c:\program files\Hewlett-Packard\Shared\hpqWmiEx.exe\""
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\HTTP]
"ImagePath"="system32\drivers\HTTP.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\huawei_enumerator]
"ImagePath"="system32\DRIVERS\ew_jubusenum.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\huawei_update]
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\hwcdcmdm0]
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\hwdatacard]
"ImagePath"="system32\DRIVERS\ewusbmdm.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\HWHandSet]
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\hwusbapp]
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\hwusbdev]
"ImagePath"="system32\DRIVERS\ewusbdev.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\hwusbser]
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\hw_usbdev]
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\i2omp]
"ImagePath"="system32\drivers\i2omp.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\i8042prt]
"ImagePath"="system32\DRIVERS\i8042prt.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\IAANTMON]
"ImagePath"="c:\program files\Intel\Intel Matrix Storage Manager\IAANTMon.exe"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\ialm]
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\iaStor]
"ImagePath"="system32\drivers\iastor.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\iaStorV]
"ImagePath"="system32\drivers\iastorv.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\IDriverT]
"ImagePath"="\"c:\program files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe\""
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\idsvc]
"ImagePath"="\"%systemroot%\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe\""
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\igfx]
"ImagePath"="system32\DRIVERS\igdkmd32.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\iirsp]
"ImagePath"="system32\drivers\iirsp.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\IKEEXT]
"ServiceDll"="%SystemRoot%\System32\ikeext.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\inetaccs]
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\intelide]
"ImagePath"="system32\drivers\intelide.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\intelppm]
"ImagePath"="system32\DRIVERS\intelppm.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\IPBusEnum]
"ServiceDll"="%SystemRoot%\system32\ipbusenum.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\IpFilterDriver]
"ImagePath"="system32\DRIVERS\ipfltdrv.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\iphlpsvc]
"ServiceDll"="%SystemRoot%\System32\iphlpsvc.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\IpInIp]
"ImagePath"="system32\DRIVERS\ipinip.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\IPMIDRV]
"ImagePath"="\SystemRoot\system32\drivers\ipmidrv.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\IPNAT]
"ImagePath"="system32\DRIVERS\ipnat.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\IRENUM]
"ImagePath"="system32\drivers\irenum.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\isapnp]
"ImagePath"="system32\drivers\isapnp.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\iScsiPrt]
"ImagePath"="system32\DRIVERS\msiscsi.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\iteatapi]
"ImagePath"="system32\drivers\iteatapi.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\iteraid]
"ImagePath"="system32\drivers\iteraid.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\IviRegMgr]
"ImagePath"="c:\program files\Common Files\InterVideo\RegMgr\iviRegMgr.exe"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\kbdclass]
"ImagePath"="system32\DRIVERS\kbdclass.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\kbdhid]
"ImagePath"="system32\DRIVERS\kbdhid.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\KeyIso]
"ImagePath"="%SystemRoot%\system32\lsass.exe"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\KMWDFILTER]
"ImagePath"="system32\DRIVERS\KMWDFILTER.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\KSecDD]
"ImagePath"="System32\Drivers\ksecdd.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\KtmRm]
"ServiceDll"="%systemroot%\system32\msdtckrm.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\LanmanServer]
"ServiceDll"="%SystemRoot%\System32\srvsvc.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\LanmanWorkstation]
"ServiceDll"="%SystemRoot%\System32\wkssvc.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\ldap]
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\LightScribeService]
"ImagePath"="\"c:\program files\Common Files\LightScribe\LSSrvc.exe\""
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\lirsgt]
"ImagePath"="system32\DRIVERS\lirsgt.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\lltdio]
"ImagePath"="system32\DRIVERS\lltdio.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\lltdsvc]
"ServiceDll"="%SystemRoot%\System32\lltdsvc.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\lmhosts]
"ServiceDll"="%SystemRoot%\System32\lmhsvc.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Lsa]
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\LSI_FC]
"ImagePath"="system32\drivers\lsi_fc.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\LSI_SAS]
"ImagePath"="system32\drivers\lsi_sas.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\LSI_SCSI]
"ImagePath"="system32\drivers\lsi_scsi.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\luafv]
"ImagePath"="\SystemRoot\system32\drivers\luafv.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\mamotou]
"ImagePath"="system32\DRIVERS\mamotou.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\MaVctrl]
"ImagePath"="system32\DRIVERS\MaVc2K.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\MBAMProtector]
"ImagePath"="\??\c:\windows\system32\drivers\mbam.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\MBAMService]
"ImagePath"="\"c:\program files\Malwarebytes Anti-Malware\mbamservice.exe\""
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\MBAMWebAccessControl]
"ImagePath"="\??\c:\windows\system32\drivers\mwac.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\mcdbus]
"ImagePath"="system32\DRIVERS\mcdbus.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\megasas]
"ImagePath"="system32\drivers\megasas.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\MegaSR]
"ImagePath"="system32\drivers\megasr.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\MMCSS]
"ServiceDll"="%SystemRoot%\system32\mmcss.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Modem]
"ImagePath"="system32\drivers\modem.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\monitor]
"ImagePath"="system32\DRIVERS\monitor.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\motmodem]
"ImagePath"="system32\DRIVERS\motmodem.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\mouclass]
"ImagePath"="system32\DRIVERS\mouclass.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\mouhid]
"ImagePath"="system32\DRIVERS\mouhid.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\MountMgr]
"ImagePath"="System32\drivers\mountmgr.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\MozillaMaintenance]
"ImagePath"="\"c:\program files\Mozilla Maintenance Service\maintenanceservice.exe\""
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\mpio]
"ImagePath"="system32\drivers\mpio.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\mpsdrv]
"ImagePath"="System32\drivers\mpsdrv.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\MpsSvc]
"ServiceDll"="%SystemRoot%\system32\mpssvc.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Mraid35x]
"ImagePath"="system32\drivers\mraid35x.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\MRxDAV]
"ImagePath"="\SystemRoot\system32\drivers\mrxdav.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\mrxsmb]
"ImagePath"="system32\DRIVERS\mrxsmb.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\mrxsmb10]
"ImagePath"="system32\DRIVERS\mrxsmb10.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\mrxsmb20]
"ImagePath"="system32\DRIVERS\mrxsmb20.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\msahci]
"ImagePath"="system32\drivers\msahci.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\msdsm]
"ImagePath"="system32\drivers\msdsm.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\MSDTC]
"ImagePath"="%SystemRoot%\System32\msdtc.exe"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\MSDTC Bridge 3.0.0.0]
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\MSDTC Bridge 4.0.0.0]
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Msfs]
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\msisadrv]
"ImagePath"="system32\drivers\msisadrv.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\MSiSCSI]
"ServiceDll"="%systemroot%\system32\iscsiexe.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\msiserver]
"ImagePath"="%systemroot%\system32\msiexec.exe /V"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\MSKSSRV]
"ImagePath"="system32\drivers\MSKSSRV.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\MSPCLOCK]
"ImagePath"="system32\drivers\MSPCLOCK.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\MSPQM]
"ImagePath"="system32\drivers\MSPQM.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\MsRPC]
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\MSSCNTRS]
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\mssmbios]
"ImagePath"="system32\DRIVERS\mssmbios.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\MSTEE]
"ImagePath"="system32\drivers\MSTEE.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Mup]
"ImagePath"="System32\Drivers\mup.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\napagent]
"ServiceDLL"="%SystemRoot%\system32\qagentRT.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\NativeWifiP]
"ImagePath"="system32\DRIVERS\nwifi.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\NDIS]
"ImagePath"="system32\drivers\ndis.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\NdisTapi]
"ImagePath"="system32\DRIVERS\ndistapi.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Ndisuio]
"ImagePath"="system32\DRIVERS\ndisuio.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\NdisWan]
"ImagePath"="system32\DRIVERS\ndiswan.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\NDProxy]
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Net Driver HPZ12]
"ServiceDll"="c:\windows\system32\HPZinw12.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\NetBIOS]
"ImagePath"="system32\DRIVERS\netbios.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\netbt]
"ImagePath"="System32\DRIVERS\netbt.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Netlogon]
"ImagePath"="%SystemRoot%\system32\lsass.exe"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Netman]
"ServiceDll"="%SystemRoot%\System32\netman.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\NetMsmqActivator]
"ImagePath"="\"c:\windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe\" -NetMsmqActivator"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\NetPipeActivator]
"ImagePath"="c:\windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\netprofm]
"ServiceDll"="%SystemRoot%\System32\netprofm.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\NetTcpActivator]
"ImagePath"="c:\windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\NetTcpPortSharing]
"ImagePath"="c:\windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\nfrd960]
"ImagePath"="system32\drivers\nfrd960.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\NlaSvc]
"ServiceDll"="%SystemRoot%\System32\nlasvc.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Npfs]
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\nsi]
"ServiceDll"="%systemroot%\system32\nsisvc.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\nsiproxy]
"ImagePath"="system32\drivers\nsiproxy.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\NTDS]
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Ntfs]
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\ntrigdigi]
"ImagePath"="\SystemRoot\system32\drivers\ntrigdigi.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Null]
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\nvraid]
"ImagePath"="system32\drivers\nvraid.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\nvstor]
"ImagePath"="system32\drivers\nvstor.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\nv_agp]
"ImagePath"="\SystemRoot\system32\drivers\nv_agp.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\NwlnkFlt]
"ImagePath"="system32\DRIVERS\nwlnkflt.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\NwlnkFwd]
"ImagePath"="system32\DRIVERS\nwlnkfwd.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\ohci1394]
"ImagePath"="system32\DRIVERS\ohci1394.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\ose]
"ImagePath"="\"c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE\""
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\osppsvc]
"ImagePath"="\"c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE\""
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Outlook]
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\p2pimsvc]
"ServiceDll"="%SystemRoot%\system32\p2psvc.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\p2psvc]
"ServiceDll"="%SystemRoot%\system32\p2psvc.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Parport]
"ImagePath"="system32\DRIVERS\parport.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\partmgr]
"ImagePath"="System32\drivers\partmgr.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Parvdm]
"ImagePath"="system32\DRIVERS\parvdm.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\PcaSvc]
"ServiceDll"="%SystemRoot%\System32\pcasvc.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\pci]
"ImagePath"="system32\drivers\pci.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\pciide]
"ImagePath"="system32\DRIVERS\pciide.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\pcmcia]
"ImagePath"="system32\DRIVERS\pcmcia.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\pdfcDispatcher]
"ImagePath"="c:\program files\PDF Complete\pdfsvc.exe /startedbyscm:66B66708-40E2BE4D-pdfcService"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\PEAUTH]
"ImagePath"="system32\drivers\peauth.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\PerfDisk]
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\PerfNet]
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\PerfOS]
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\PerfProc]
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\pla]
"ServiceDll"="%systemroot%\system32\pla.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\PlugPlay]
"ServiceDll"="%SystemRoot%\system32\umpnpmgr.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Pml Driver HPZ12]
"ServiceDll"="c:\windows\system32\HPZipm12.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\PNRPAutoReg]
"ServiceDll"="%SystemRoot%\system32\p2psvc.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\PNRPsvc]
"ServiceDll"="%SystemRoot%\system32\p2psvc.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\PolicyAgent]
"ServiceDll"="%SystemRoot%\System32\ipsecsvc.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\PortProxy]
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\PptpMiniport]
"ImagePath"="system32\DRIVERS\raspptp.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Processor]
"ImagePath"="\SystemRoot\system32\drivers\processr.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\ProfSvc]
"ServiceDll"="%systemroot%\system32\profsvc.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\ProtectedStorage]
"ImagePath"="%SystemRoot%\system32\lsass.exe"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\PSched]
"ImagePath"="system32\DRIVERS\pacer.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\ql2300]
"ImagePath"="system32\drivers\ql2300.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\ql40xx]
"ImagePath"="system32\drivers\ql40xx.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\QWAVE]
"ServiceDll"="%windir%\system32\qwave.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\QWAVEdrv]
"ImagePath"="\SystemRoot\system32\drivers\qwavedrv.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\RasAcd]
"ImagePath"="System32\DRIVERS\rasacd.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\RasAuto]
"ServiceDll"="%SystemRoot%\System32\rasauto.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Rasl2tp]
"ImagePath"="system32\DRIVERS\rasl2tp.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\RasMan]
"ServiceDll"="%SystemRoot%\System32\rasmans.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\RasPppoe]
"ImagePath"="system32\DRIVERS\raspppoe.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\RasSstp]
"ImagePath"="system32\DRIVERS\rassstp.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\rdbss]
"ImagePath"="system32\DRIVERS\rdbss.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\RDPCDD]
"ImagePath"="System32\DRIVERS\RDPCDD.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\RDPDD]
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\rdpdr]
"ImagePath"="\SystemRoot\system32\drivers\rdpdr.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\RDPENCDD]
"ImagePath"="system32\drivers\rdpencdd.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\RDPNP]
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\RDPWD]
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\RemoteAccess]
"ServiceDLL"="%SystemRoot%\System32\mprdim.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\RemoteRegistry]
"ServiceDll"="%SystemRoot%\system32\regsvc.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\RpcLocator]
"ImagePath"="%SystemRoot%\system32\locator.exe"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\RpcSs]
"ServiceDll"="%SystemRoot%\system32\rpcss.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\rspndr]
"ImagePath"="system32\DRIVERS\rspndr.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\RVIEGVST]
"ImagePath"="\??\c:\program files\Roland\Virtual Sound Canvas VST\RVIEg01VST.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\SamSs]
"ImagePath"="%SystemRoot%\system32\lsass.exe"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\sbp2port]
"ImagePath"="system32\drivers\sbp2port.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\SCardSvr]
"ServiceDll"="%SystemRoot%\System32\SCardSvr.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Schedule]
"ServiceDll"="%systemroot%\system32\schedsvc.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\SCPolicySvc]
"ServiceDll"="%SystemRoot%\System32\certprop.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\SDRSVC]
"ServiceDll"="%Systemroot%\System32\SDRSVC.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\secdrv]
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\seclogon]
"ServiceDll"="%windir%\system32\seclogon.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\SENS]
"ServiceDll"="%SystemRoot%\system32\sens.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Serenum]
"ImagePath"="\SystemRoot\system32\drivers\serenum.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Serial]
"ImagePath"="\SystemRoot\system32\drivers\serial.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\sermouse]
"ImagePath"="\SystemRoot\system32\drivers\sermouse.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\ServiceModelEndpoint 3.0.0.0]
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\ServiceModelOperation 3.0.0.0]
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\ServiceModelService 3.0.0.0]
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\SessionEnv]
"ServiceDLL"="%SystemRoot%\system32\sessenv.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\sffdisk]
"ImagePath"="\SystemRoot\system32\drivers\sffdisk.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\sffp_mmc]
"ImagePath"="\SystemRoot\system32\drivers\sffp_mmc.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\sffp_sd]
"ImagePath"="\SystemRoot\system32\drivers\sffp_sd.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\sfloppy]
"ImagePath"="\SystemRoot\system32\drivers\sfloppy.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\SharedAccess]
"ServiceDll"="%SystemRoot%\System32\ipnathlp.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\ShellHWDetection]
"ServiceDll"="%SystemRoot%\System32\shsvcs.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\sisagp]
"ImagePath"="\SystemRoot\system32\drivers\sisagp.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\SiSRaid2]
"ImagePath"="system32\drivers\sisraid2.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\SiSRaid4]
"ImagePath"="system32\drivers\sisraid4.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\SkypeUpdate]
"ImagePath"="\"c:\program files\Skype\Updater\Updater.exe\""
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\slsvc]
"ImagePath"="%SystemRoot%\system32\SLsvc.exe"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\SLUINotify]
"ServiceDll"="%SystemRoot%\system32\SLUINotify.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Smb]
"ImagePath"="system32\DRIVERS\smb.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\SMSvcHost 3.0.0.0]
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\SMSvcHost 4.0.0.0]
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\SNMPTRAP]
"ImagePath"="%SystemRoot%\System32\snmptrap.exe"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\spldr]
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Spooler]
"ImagePath"="%SystemRoot%\System32\spoolsv.exe"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\sptd]
"ImagePath"="\SystemRoot\System32\Drivers\sptd.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\srv]
"ImagePath"="System32\DRIVERS\srv.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\srv2]
"ImagePath"="System32\DRIVERS\srv2.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\srvnet]
"ImagePath"="System32\DRIVERS\srvnet.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\SSDPSRV]
"ServiceDll"="%SystemRoot%\System32\ssdpsrv.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\SstpSvc]
"ServiceDll"="%SystemRoot%\system32\sstpsvc.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\StillCam]
"ImagePath"="system32\DRIVERS\serscan.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\stisvc]
"ServiceDll"="%SystemRoot%\System32\wiaservc.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\swenum]
"ImagePath"="system32\DRIVERS\swenum.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\swprv]
"ServiceDll"="%Systemroot%\System32\swprv.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Symc8xx]
"ImagePath"="system32\drivers\symc8xx.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Sym_hi]
"ImagePath"="system32\drivers\sym_hi.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Sym_u3]
"ImagePath"="system32\drivers\sym_u3.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\synasusb]
"ImagePath"="System32\Drivers\synasusb.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\SynTP]
"ImagePath"="system32\DRIVERS\SynTP.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\SysMain]
"ServiceDll"="%systemroot%\system32\sysmain.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\TabletInputService]
"ServiceDll"="%SystemRoot%\System32\TabSvc.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\TapiSrv]
"ServiceDll"="%SystemRoot%\System32\tapisrv.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\TASCAM_US122144]
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\TBS]
"ServiceDll"="%SystemRoot%\System32\tbssvc.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Tcpip]
"ImagePath"="System32\drivers\tcpip.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Tcpip6]
"ImagePath"="system32\DRIVERS\tcpip.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\tcpipreg]
"ImagePath"="System32\drivers\tcpipreg.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\TDPIPE]
"ImagePath"="system32\drivers\tdpipe.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\TDTCP]
"ImagePath"="system32\drivers\tdtcp.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\tdx]
"ImagePath"="system32\DRIVERS\tdx.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\teamviewervpn]
"ImagePath"="system32\DRIVERS\teamviewervpn.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\TermDD]
"ImagePath"="system32\DRIVERS\termdd.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\TermService]
"ServiceDll"="%SystemRoot%\System32\termsrv.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Themes]
"ServiceDll"="%SystemRoot%\system32\shsvcs.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\THREADORDER]
"ServiceDll"="%SystemRoot%\system32\mmcss.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\TPM]
"ImagePath"="system32\drivers\tpm.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\TrkWks]
"ServiceDll"="%SystemRoot%\System32\trkwks.dll"
--
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\TrueSight]
"ImagePath"="\??\"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\TrustedInstaller]
"ImagePath"="%SystemRoot%\servicing\TrustedInstaller.exe"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\TSDDD]
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\tssecsrv]
"ImagePath"="System32\DRIVERS\tssecsrv.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\TuneUp.Defrag]
"ImagePath"="%SystemRoot%\System32\TuneUpDefragService.exe"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\TuneUp.ProgramStatisticsSvc]
"ImagePath"="%SystemRoot%\System32\TUProgSt.exe"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\tunmp]
"ImagePath"="system32\DRIVERS\tunmp.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\tunnel]
"ImagePath"="system32\DRIVERS\tunnel.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\uagp35]
"ImagePath"="\SystemRoot\system32\drivers\uagp35.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\udfs]
"ImagePath"="system32\DRIVERS\udfs.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\UGatherer]
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\UGTHRSVC]
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\UI0Detect]
"ImagePath"="%SystemRoot%\system32\UI0Detect.exe"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\uliagpkx]
"ImagePath"="\SystemRoot\system32\drivers\uliagpkx.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\uliahci]
"ImagePath"="system32\drivers\uliahci.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\UlSata]
"ImagePath"="system32\drivers\ulsata.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\ulsata2]
"ImagePath"="system32\drivers\ulsata2.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\umbus]
"ImagePath"="system32\DRIVERS\umbus.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\upnphost]
"ServiceDll"="%SystemRoot%\System32\upnphost.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\US122]
"ImagePath"="System32\Drivers\US122.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\US122DL]
"ImagePath"="System32\Drivers\US122DL.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Us122WdmService]
"ImagePath"="System32\Drivers\US122Wdm.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\usb]
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\USBAAPL]
"ImagePath"="System32\Drivers\usbaapl.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\usbaudio]
"ImagePath"="system32\drivers\usbaudio.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\usbccgp]
"ImagePath"="system32\DRIVERS\usbccgp.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\usbcir]
"ImagePath"="\SystemRoot\system32\drivers\usbcir.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\usbehci]
"ImagePath"="system32\DRIVERS\usbehci.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\usbhub]
"ImagePath"="system32\DRIVERS\usbhub.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\usbohci]
"ImagePath"="system32\DRIVERS\usbohci.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\usbprint]
"ImagePath"="system32\DRIVERS\usbprint.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\usbscan]
"ImagePath"="system32\DRIVERS\usbscan.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\USBSTOR]
"ImagePath"="system32\DRIVERS\USBSTOR.SYS"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\usbuhci]
"ImagePath"="system32\DRIVERS\usbuhci.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\UxSms]
"ServiceDll"="%SystemRoot%\System32\uxsms.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\UxTuneUp]
"ServiceDll"="%SystemRoot%\System32\uxtuneup.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\vds]
"ImagePath"="%SystemRoot%\System32\vds.exe"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\vga]
"ImagePath"="system32\DRIVERS\vgapnp.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\VgaSave]
"ImagePath"="\SystemRoot\System32\drivers\vga.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\viaagp]
"ImagePath"="\SystemRoot\system32\drivers\viaagp.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\ViaC7]
"ImagePath"="\SystemRoot\system32\drivers\viac7.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\viaide]
"ImagePath"="system32\drivers\viaide.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\volmgr]
"ImagePath"="system32\drivers\volmgr.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\volmgrx]
"ImagePath"="System32\drivers\volmgrx.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\volsnap]
"ImagePath"="system32\drivers\volsnap.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\vsmraid]
"ImagePath"="system32\drivers\vsmraid.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\VSS]
"ImagePath"="%systemroot%\system32\vssvc.exe"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\vToolbarUpdater40.2.4]
"ImagePath"="\"c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\40.2.4\ToolbarUpdater.exe\""
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\W32Time]
"ServiceDll"="%systemroot%\system32\w32time.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\W3SVC]
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\WacomPen]
"ImagePath"="\SystemRoot\system32\drivers\wacompen.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Wanarp]
"ImagePath"="system32\DRIVERS\wanarp.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Wanarpv6]
"ImagePath"="system32\DRIVERS\wanarp.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\wcncsvc]
"ServiceDll"="%SystemRoot%\System32\wcncsvc.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\WcsPlugInService]
"ServiceDll"="%SystemRoot%\System32\WcsPlugInService.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Wd]
"ImagePath"="system32\drivers\wd.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Wdf01000]
"ImagePath"="system32\drivers\Wdf01000.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\WdiServiceHost]
"ServiceDll"="%SystemRoot%\system32\wdi.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\WdiSystemHost]
"ServiceDll"="%SystemRoot%\system32\wdi.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\WebClient]
"ServiceDll"="%SystemRoot%\System32\webclnt.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Wecsvc]
"ServiceDll"="%SystemRoot%\system32\wecsvc.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\wercplsupport]
"ServiceDll"="%SystemRoot%\System32\wercplsupport.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\WerSvc]
"ServiceDll"="%SystemRoot%\System32\WerSvc.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\WinDefend]
"ServiceDll"="%ProgramFiles%\Windows Defender\mpsvc.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Windows Workflow Foundation 3.0.0.0]
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Windows Workflow Foundation 4.0.0.0]
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\WinHttpAutoProxySvc]
"ServiceDll"="winhttp.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Winmgmt]
"ServiceDll"="%SystemRoot%\system32\wbem\WMIsvc.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\WinRM]
"ServiceDll"="%SystemRoot%\system32\WsmSvc.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Winsock]
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\WinSock2]
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\WinUSB]
"ImagePath"="system32\DRIVERS\WinUSB.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Wlansvc]
"ServiceDll"="%SystemRoot%\System32\wlansvc.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\WmiAcpi]
"ImagePath"="system32\DRIVERS\wmiacpi.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\WmiApRpl]
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\wmiApSrv]
"ImagePath"="%systemroot%\system32\wbem\WmiApSrv.exe"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\WMPNetworkSvc]
"ImagePath"="\"%ProgramFiles%\Windows Media Player\wmpnetwk.exe\""
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\WPCSvc]
"ServiceDll"="%SystemRoot%\System32\wpcsvc.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\WPDBusEnum]
"ServiceDll"="%SystemRoot%\system32\wpdbusenum.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\WpdUsb]
"ImagePath"="system32\DRIVERS\wpdusb.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\WPFFontCache_v0400]
"ImagePath"="c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\ws2ifsl]
"ImagePath"="\SystemRoot\system32\drivers\ws2ifsl.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\WSearch]
"ImagePath"="%systemroot%\system32\SearchIndexer.exe /Embedding"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\WSearchIdxPi]
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\WtuSystemSupport]
"ImagePath"="\"c:\program files\AVG Web TuneUp\WtuSystemSupport.exe\""
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\wuauserv]
"ServiceDll"="%systemroot%\system32\wuaueng.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\WUDFRd]
"ImagePath"="system32\DRIVERS\WUDFRd.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\wudfsvc]
"ServiceDll"="%SystemRoot%\System32\WUDFSvc.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\xmlprov]
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\{07171AC2-0D2A-427d-BCE5-B6C2D6C7058B}]
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\{59421C86-6535-4C3E-AECD-5BBC619CB297}]
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\{657796CE-13CE-4CA5-B067-6948B809C90F}]
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\{79B55CDF-6B23-4DFA-80F3-64D0D20A4920}]
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\{DC2E157A-852A-4EE3-9150-4DCEDAFEB5D3}]
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- DLLs chargées dans les processus actifs ---------------------
.
- - - - - - - > 'Explorer.exe'(5592)
c:\program files\Common Files\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll
.
------------------------ Autres processus actifs ------------------------
.
c:\progra~1\AVG\AVG2015\avgrsx.exe
c:\program files\AVG\AVG2015\avgcsrvx.exe
c:\program files\AVG Web TuneUp\WtuSystemSupport.exe
c:\windows\system32\WLANExt.exe
c:\program files\Google\Update\1.3.29.1\GoogleCrashHandler.exe
c:\windows\system32\AEADISRV.EXE
c:\program files\AVG\AVG2015\avgidsagent.exe
c:\program files\AVG\AVG2015\avgwdsvc.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\PDF Complete\pdfsvc.exe
c:\program files\AVG\AVG2015\avgnsx.exe
c:\program files\AVG\AVG2015\avgemcx.exe
c:\windows\System32\TUProgSt.exe
c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\40.2.4\ToolbarUpdater.exe
c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\40.2.4\loggingserver.exe
c:\windows\system32\conime.exe
c:\program files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
c:\program files\AVG\AVG2015\avgui.exe
c:\program files\AVG Web TuneUp\vprot.exe
c:\program files\Google\Drive\googledrivesync.exe
c:\users\TO\AppData\Local\Microsoft\OneDrive\OneDrive.exe
c:\users\TO\AppData\Roaming\Dropbox\bin\Dropbox.exe
c:\windows\system32\wbem\unsecapp.exe
c:\program files\Hewlett-Packard\HP Health Check\hphc_service.exe
c:\program files\Google\Drive\googledrivesync.exe
c:\windows\system32\RacAgent.exe
.
**************************************************************************
.
Heure de fin: 2015-12-22 16:58:23 - La machine a redémarré
ComboFix-quarantined-files.txt 2015-12-22 15:57
.
Avant-CF: 9 453 379 584 octets libres
Après-CF: 8 970 833 920 octets libres
.
- - End Of File - - A3119C3F9F7567A84CFEF28236013A3A
5C616939100B85E558DA92B899A0FC36