ComboFix 15-12-16.01 - TO 22/12/2015 16:15:02.2.1 - x86 Lancé depuis: c:\users\TO\Desktop\ComboFix.exe . . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . . c:\users\TO\AppData\Local\Temp\_MEI37362\_ctypes.pyd c:\users\TO\AppData\Local\Temp\_MEI37362\_elementtree.pyd c:\users\TO\AppData\Local\Temp\_MEI37362\_hashlib.pyd c:\users\TO\AppData\Local\Temp\_MEI37362\_multiprocessing.pyd c:\users\TO\AppData\Local\Temp\_MEI37362\_psutil_windows.pyd c:\users\TO\AppData\Local\Temp\_MEI37362\_socket.pyd c:\users\TO\AppData\Local\Temp\_MEI37362\_ssl.pyd c:\users\TO\AppData\Local\Temp\_MEI37362\_yappi.pyd c:\users\TO\AppData\Local\Temp\_MEI37362\common.time34.pyd c:\users\TO\AppData\Local\Temp\_MEI37362\hashobjs_ext.pyd c:\users\TO\AppData\Local\Temp\_MEI37362\pyexpat.pyd c:\users\TO\AppData\Local\Temp\_MEI37362\pysqlite2._sqlite.pyd c:\users\TO\AppData\Local\Temp\_MEI37362\python27.dll c:\users\TO\AppData\Local\Temp\_MEI37362\pythoncom27.dll c:\users\TO\AppData\Local\Temp\_MEI37362\PyWinTypes27.dll c:\users\TO\AppData\Local\Temp\_MEI37362\select.pyd c:\users\TO\AppData\Local\Temp\_MEI37362\thumbnails_ext.pyd c:\users\TO\AppData\Local\Temp\_MEI37362\unicodedata.pyd c:\users\TO\AppData\Local\Temp\_MEI37362\usb_ext.pyd c:\users\TO\AppData\Local\Temp\_MEI37362\win32api.pyd c:\users\TO\AppData\Local\Temp\_MEI37362\win32com.shell.shell.pyd c:\users\TO\AppData\Local\Temp\_MEI37362\win32crypt.pyd c:\users\TO\AppData\Local\Temp\_MEI37362\win32event.pyd c:\users\TO\AppData\Local\Temp\_MEI37362\win32file.pyd c:\users\TO\AppData\Local\Temp\_MEI37362\win32gui.pyd c:\users\TO\AppData\Local\Temp\_MEI37362\win32inet.pyd c:\users\TO\AppData\Local\Temp\_MEI37362\win32pdh.pyd c:\users\TO\AppData\Local\Temp\_MEI37362\win32pipe.pyd c:\users\TO\AppData\Local\Temp\_MEI37362\win32process.pyd c:\users\TO\AppData\Local\Temp\_MEI37362\win32profile.pyd c:\users\TO\AppData\Local\Temp\_MEI37362\win32security.pyd c:\users\TO\AppData\Local\Temp\_MEI37362\win32ts.pyd c:\users\TO\AppData\Local\Temp\_MEI37362\windows._lib_cacheinvalidation.pyd c:\users\TO\AppData\Local\Temp\_MEI37362\wx._animate.pyd c:\users\TO\AppData\Local\Temp\_MEI37362\wx._controls_.pyd c:\users\TO\AppData\Local\Temp\_MEI37362\wx._core_.pyd c:\users\TO\AppData\Local\Temp\_MEI37362\wx._gdi_.pyd c:\users\TO\AppData\Local\Temp\_MEI37362\wx._html2.pyd c:\users\TO\AppData\Local\Temp\_MEI37362\wx._misc_.pyd c:\users\TO\AppData\Local\Temp\_MEI37362\wx._windows_.pyd c:\users\TO\AppData\Local\Temp\_MEI37362\wx._wizard.pyd c:\users\TO\AppData\Local\Temp\_MEI37362\wxbase30u_net_vc90.dll c:\users\TO\AppData\Local\Temp\_MEI37362\wxbase30u_vc90.dll c:\users\TO\AppData\Local\Temp\_MEI37362\wxmsw30u_adv_vc90.dll c:\users\TO\AppData\Local\Temp\_MEI37362\wxmsw30u_core_vc90.dll c:\users\TO\AppData\Local\Temp\_MEI37362\wxmsw30u_html_vc90.dll c:\users\TO\AppData\Local\Temp\_MEI37362\wxmsw30u_webview_vc90.dll c:\windows\system32\AdobePDF.dll c:\windows\system32\MailBee.dll . ---- Exécution préalable ------- . C:\install.exe c:\program files\ma-config.com\config.xml c:\program files\ma-config.com\CPUID\cpuidsdk.dll c:\program files\ma-config.com\Drivers\driverhardwarev2.sys c:\program files\ma-config.com\Drivers\driverhardwarev2ia64.sys c:\program files\ma-config.com\Drivers\driverhardwarev2x64.cat c:\program files\ma-config.com\Drivers\driverhardwarev2x64.sys c:\program files\ma-config.com\Drivers\matos9x.vxd c:\program files\ma-config.com\HardwareDetection.ocx c:\program files\ma-config.com\Langues\LangueMC_en.dll c:\program files\ma-config.com\Langues\LangueMC_fr.dll c:\program files\ma-config.com\ma-config.html c:\program files\ma-config.com\maconfservice.exe c:\program files\ma-config.com\MCBCL.dll c:\program files\ma-config.com\mcnoyau.dll c:\program files\ma-config.com\mcrypt.dll c:\program files\ma-config.com\mcsettings.exe c:\program files\ma-config.com\nphardwaredetection.dll c:\program files\ma-config.com\sqlite3.dll c:\programdata\ma-config.com\Logs\maconfservice.txt c:\programdata\ma-config.com\Logs\npapi.txt c:\programdata\ma-config.com\mcbase.db c:\programdata\ma-config.com\Temp\mc_BE62.tmp c:\users\TO\AppData\Local\Temp\_MEI29162\_ctypes.pyd c:\users\TO\AppData\Local\Temp\_MEI29162\_elementtree.pyd c:\users\TO\AppData\Local\Temp\_MEI29162\_hashlib.pyd c:\users\TO\AppData\Local\Temp\_MEI29162\_multiprocessing.pyd c:\users\TO\AppData\Local\Temp\_MEI29162\_psutil_windows.pyd c:\users\TO\AppData\Local\Temp\_MEI29162\_socket.pyd c:\users\TO\AppData\Local\Temp\_MEI29162\_ssl.pyd c:\users\TO\AppData\Local\Temp\_MEI29162\_yappi.pyd c:\users\TO\AppData\Local\Temp\_MEI29162\common.time34.pyd c:\users\TO\AppData\Local\Temp\_MEI29162\hashobjs_ext.pyd c:\users\TO\AppData\Local\Temp\_MEI29162\pyexpat.pyd c:\users\TO\AppData\Local\Temp\_MEI29162\pysqlite2._sqlite.pyd c:\users\TO\AppData\Local\Temp\_MEI29162\python27.dll c:\users\TO\AppData\Local\Temp\_MEI29162\pythoncom27.dll c:\users\TO\AppData\Local\Temp\_MEI29162\PyWinTypes27.dll c:\users\TO\AppData\Local\Temp\_MEI29162\select.pyd c:\users\TO\AppData\Local\Temp\_MEI29162\thumbnails_ext.pyd c:\users\TO\AppData\Local\Temp\_MEI29162\unicodedata.pyd c:\users\TO\AppData\Local\Temp\_MEI29162\usb_ext.pyd c:\users\TO\AppData\Local\Temp\_MEI29162\win32api.pyd c:\users\TO\AppData\Local\Temp\_MEI29162\win32com.shell.shell.pyd c:\users\TO\AppData\Local\Temp\_MEI29162\win32crypt.pyd c:\users\TO\AppData\Local\Temp\_MEI29162\win32event.pyd c:\users\TO\AppData\Local\Temp\_MEI29162\win32file.pyd c:\users\TO\AppData\Local\Temp\_MEI29162\win32gui.pyd c:\users\TO\AppData\Local\Temp\_MEI29162\win32inet.pyd c:\users\TO\AppData\Local\Temp\_MEI29162\win32pdh.pyd c:\users\TO\AppData\Local\Temp\_MEI29162\win32pipe.pyd c:\users\TO\AppData\Local\Temp\_MEI29162\win32process.pyd c:\users\TO\AppData\Local\Temp\_MEI29162\win32profile.pyd c:\users\TO\AppData\Local\Temp\_MEI29162\win32security.pyd c:\users\TO\AppData\Local\Temp\_MEI29162\win32ts.pyd c:\users\TO\AppData\Local\Temp\_MEI29162\windows._lib_cacheinvalidation.pyd c:\users\TO\AppData\Local\Temp\_MEI29162\wx._animate.pyd c:\users\TO\AppData\Local\Temp\_MEI29162\wx._controls_.pyd c:\users\TO\AppData\Local\Temp\_MEI29162\wx._core_.pyd c:\users\TO\AppData\Local\Temp\_MEI29162\wx._gdi_.pyd c:\users\TO\AppData\Local\Temp\_MEI29162\wx._html2.pyd c:\users\TO\AppData\Local\Temp\_MEI29162\wx._misc_.pyd c:\users\TO\AppData\Local\Temp\_MEI29162\wx._windows_.pyd c:\users\TO\AppData\Local\Temp\_MEI29162\wx._wizard.pyd c:\users\TO\AppData\Local\Temp\_MEI29162\wxbase30u_net_vc90.dll c:\users\TO\AppData\Local\Temp\_MEI29162\wxbase30u_vc90.dll c:\users\TO\AppData\Local\Temp\_MEI29162\wxmsw30u_adv_vc90.dll c:\users\TO\AppData\Local\Temp\_MEI29162\wxmsw30u_core_vc90.dll c:\users\TO\AppData\Local\Temp\_MEI29162\wxmsw30u_html_vc90.dll c:\users\TO\AppData\Local\Temp\_MEI29162\wxmsw30u_webview_vc90.dll c:\users\TO\AppData\Roaming\1&1\1&1 EasyLogin\EasyLogin.log c:\users\TO\AppData\Roaming\1&1\1&1 EasyLogin\update\ConnexionDirecte_setup.exe c:\users\TO\ZHPDiag3.exe c:\windows\system32\~GLH0002.TMP . . ((((((((((((((((((((((((((((((((((((((( Pilotes/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . . -------\Legacy_driverhardwarev2 -------\Legacy_driverhardwarev2 -------\Service_driverhardwarev2 -------\Service_maconfservice -------\Service_driverhardwarev2 -------\Service_maconfservice . . ((((((((((((((((((((((((((((( Fichiers créés du 2015-11-22 au 2015-12-22 )))))))))))))))))))))))))))))))))))) . . 2015-12-22 15:31 . 2015-12-22 15:31 -------- d-----w- c:\users\TEMP\AppData\Local\temp 2015-12-22 15:31 . 2015-12-22 15:31 -------- d-----w- c:\users\McAfeeMVSUser\AppData\Local\temp 2015-12-22 15:31 . 2015-12-22 15:31 -------- d-----w- c:\users\Default\AppData\Local\temp 2015-12-22 11:20 . 2015-12-22 11:20 -------- d-----w- C:\OneDriveTemp 2015-12-19 10:46 . 2015-12-22 11:51 -------- d-----w- C:\FRST 2015-12-19 08:13 . 2015-12-19 08:13 -------- d-----w- c:\programdata\AVG Security Toolbar 2015-12-19 08:13 . 2015-12-22 11:33 -------- d-----w- c:\users\TO\AppData\Local\AVG Web TuneUp 2015-12-19 08:12 . 2015-12-19 08:12 -------- d-----w- c:\programdata\AVG Secure Search 2015-12-19 08:12 . 2015-12-19 08:12 -------- d-----w- c:\program files\Common Files\AVG Secure Search 2015-12-19 08:12 . 2015-12-19 08:13 -------- d-----w- c:\programdata\AVG Web TuneUp 2015-12-19 08:11 . 2015-12-19 08:12 -------- d-----w- c:\program files\AVG Web TuneUp 2015-12-18 14:54 . 2015-08-13 14:15 304640 ----a-w- c:\windows\system32\drivers\srv.sys 2015-12-18 14:54 . 2015-08-13 14:15 102912 ----a-w- c:\windows\system32\drivers\srvnet.sys 2015-12-18 14:52 . 2015-07-21 16:07 56256 ----a-w- c:\windows\system32\drivers\mountmgr.sys 2015-12-18 14:52 . 2015-07-21 16:07 140224 ----a-w- c:\windows\system32\drivers\ecache.sys 2015-12-18 14:52 . 2015-07-21 16:03 10752 ----a-w- c:\windows\system32\msmmsp.dll 2015-12-18 14:52 . 2015-07-21 16:03 564224 ----a-w- c:\windows\system32\emdmgmt.dll 2015-12-18 14:50 . 2015-07-03 16:04 1316864 ----a-w- c:\windows\system32\ole32.dll 2015-12-18 14:48 . 2015-07-31 19:27 103120 ----a-w- c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll 2015-12-18 14:46 . 2015-06-17 15:09 73216 ----a-w- c:\windows\system32\msiexec.exe 2015-12-18 14:46 . 2015-06-17 16:50 2264576 ----a-w- c:\windows\system32\msi.dll 2015-12-18 14:45 . 2015-06-12 16:01 298496 ----a-w- c:\windows\system32\gdi32.dll 2015-12-18 14:43 . 2015-04-24 15:54 532480 ----a-w- c:\windows\system32\comctl32.dll 2015-12-18 14:41 . 2015-07-10 19:37 2067968 ----a-w- c:\windows\system32\mstscax.dll 2015-12-18 14:23 . 2015-03-05 02:32 244152 ----a-w- c:\windows\system32\clfs.sys 2015-12-18 14:23 . 2015-03-05 02:23 57344 ----a-w- c:\windows\system32\clfsw32.dll 2015-12-18 14:22 . 2015-11-06 16:32 219648 ----a-w- c:\windows\system32\d3d10_1core.dll 2015-12-18 14:22 . 2015-11-06 16:32 189952 ----a-w- c:\windows\system32\d3d10core.dll 2015-12-18 14:22 . 2015-11-06 16:32 160768 ----a-w- c:\windows\system32\d3d10_1.dll 2015-12-18 14:22 . 2015-11-06 15:27 1172480 ----a-w- c:\windows\system32\d3d10warp.dll 2015-12-18 14:22 . 2015-11-06 15:26 486400 ----a-w- c:\windows\system32\d3d10level9.dll 2015-12-18 14:22 . 2015-11-06 15:20 682496 ----a-w- c:\windows\system32\d2d1.dll 2015-12-18 14:22 . 2015-11-06 17:05 627712 ----a-w- c:\windows\system32\user32.dll 2015-12-18 14:22 . 2015-11-06 16:32 1029120 ----a-w- c:\windows\system32\d3d10.dll 2015-12-18 14:22 . 2015-11-06 15:24 2068480 ----a-w- c:\windows\system32\win32k.sys 2015-12-18 14:22 . 2015-11-06 15:20 1073152 ----a-w- c:\windows\system32\DWrite.dll 2015-12-18 14:22 . 2015-11-06 15:19 802304 ----a-w- c:\windows\system32\FntCache.dll 2015-12-18 14:06 . 2015-10-13 14:31 273408 ----a-w- c:\windows\system32\drivers\afd.sys 2015-12-18 14:06 . 2015-10-13 14:31 72192 ----a-w- c:\windows\system32\drivers\tdx.sys 2015-12-18 14:05 . 2015-11-02 17:04 179200 ----a-w- c:\windows\system32\els.dll 2015-12-18 14:01 . 2015-10-17 16:01 501248 ----a-w- c:\windows\system32\kerberos.dll 2015-12-18 13:56 . 2015-07-18 16:03 68608 ----a-w- c:\windows\system32\basesrv.dll 2015-12-18 13:49 . 2015-09-02 21:26 34304 ----a-w- c:\windows\system32\atmlib.dll 2015-12-18 13:49 . 2015-09-02 19:54 297472 ----a-w- c:\windows\system32\atmfd.dll 2015-12-18 13:27 . 2015-08-05 15:59 602112 ----a-w- c:\windows\system32\schedsvc.dll 2015-12-18 13:24 . 2015-10-14 20:22 1206192 ----a-w- c:\windows\system32\ntdll.dll 2015-12-18 13:24 . 2015-07-21 16:03 49664 ----a-w- c:\windows\system32\csrsrv.dll 2015-12-18 13:24 . 2015-10-14 16:01 3606464 ----a-w- c:\windows\system32\ntkrnlpa.exe 2015-12-18 13:24 . 2015-10-14 16:01 3554752 ----a-w- c:\windows\system32\ntoskrnl.exe 2015-12-18 13:21 . 2015-10-01 16:03 940032 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\journal.dll 2015-12-18 12:44 . 2015-07-10 19:37 1402368 ----a-w- c:\windows\system32\msxml6.dll 2015-12-18 12:44 . 2015-07-10 19:37 1253376 ----a-w- c:\windows\system32\msxml3.dll 2015-12-18 12:43 . 2015-05-31 08:11 225792 ----a-w- c:\windows\system32\cewmdm.dll 2015-12-18 12:23 . 2015-04-10 23:22 279552 ----a-w- c:\windows\system32\services.exe 2015-12-18 12:10 . 2014-09-04 23:27 143360 ----a-w- c:\windows\system32\drivers\fastfat.sys 2015-12-18 11:50 . 2015-10-10 16:02 526272 ----a-w- c:\windows\system32\drivers\ndis.sys 2015-12-18 11:25 . 2015-07-01 15:57 199680 ----a-w- c:\windows\system32\WebClnt.dll 2015-12-18 11:24 . 2015-07-09 14:25 151040 ----a-w- c:\windows\system32\notepad.exe 2015-12-18 11:24 . 2015-07-09 14:25 151040 ----a-w- c:\windows\notepad.exe 2015-12-18 11:24 . 2015-11-10 17:03 1208832 ----a-w- c:\windows\system32\comsvcs.dll 2015-12-18 11:24 . 2015-11-10 17:03 488448 ----a-w- c:\windows\system32\catsrvut.dll 2015-12-18 11:23 . 2015-11-05 07:34 113664 ----a-w- c:\windows\system32\drivers\rmcast.sys 2015-12-18 11:22 . 2015-05-04 22:50 7680 ----a-w- c:\windows\system32\spwmp.dll 2015-12-18 11:21 . 2015-05-04 22:50 4096 ----a-w- c:\windows\system32\msdxm.ocx 2015-12-18 11:21 . 2015-05-04 22:50 4096 ----a-w- c:\windows\system32\dxmasf.dll 2015-12-18 11:21 . 2015-05-04 21:21 107520 ----a-w- c:\program files\Windows Media Player\wmpconfig.exe 2015-12-18 11:21 . 2015-05-04 21:21 168960 ----a-w- c:\program files\Windows Media Player\wmplayer.exe 2015-12-18 11:21 . 2015-05-04 21:21 107520 ----a-w- c:\program files\Windows Media Player\wmpshare.exe 2015-12-18 11:21 . 2015-05-04 21:21 8147456 ----a-w- c:\windows\system32\wmploc.DLL 2015-12-18 11:18 . 2015-06-27 16:02 218112 ----a-w- c:\windows\system32\msv1_0.dll 2015-12-18 11:18 . 2015-06-27 14:21 217088 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys 2015-12-18 11:18 . 2015-06-27 14:21 81408 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys 2015-12-18 11:18 . 2015-01-09 00:17 107008 ----a-w- c:\windows\system32\drivers\mrxsmb.sys 2015-12-18 11:18 . 2015-09-26 16:04 206336 ----a-w- c:\windows\system32\ncrypt.dll 2015-12-18 11:18 . 2015-09-26 16:05 281600 ----a-w- c:\windows\system32\schannel.dll 2015-12-18 11:18 . 2015-06-27 16:03 783872 ----a-w- c:\windows\system32\rpcrt4.dll 2015-12-18 11:18 . 2015-06-27 16:01 801280 ----a-w- c:\windows\system32\advapi32.dll 2015-12-18 11:18 . 2015-09-26 13:21 274432 ----a-w- c:\windows\system32\bcrypt.dll 2015-12-18 11:18 . 2015-09-22 13:11 440768 ----a-w- c:\windows\system32\drivers\ksecdd.sys 2015-12-17 17:19 . 2015-12-22 15:39 -------- d-----r- c:\users\TO\Google Drive 2015-12-17 17:16 . 2015-12-17 17:16 -------- d-----w- c:\program files\Microsoft OneDrive 2015-12-17 17:16 . 2015-12-22 15:38 -------- d-----r- c:\users\TO\OneDrive 2015-12-17 17:14 . 2015-12-17 17:14 -------- d-----w- c:\programdata\Microsoft OneDrive 2015-12-15 20:18 . 2015-12-18 13:15 -------- d-----w- c:\program files\ZHPFix 2015-12-15 07:10 . 2015-12-15 07:10 -------- d-----w- c:\users\TO\AppData\Local\Avg 2015-12-14 23:59 . 2015-01-29 01:35 369664 ----a-w- c:\windows\system32\WMPhoto.dll 2015-12-14 23:59 . 2015-01-29 01:35 975360 ----a-w- c:\windows\system32\WindowsCodecs.dll 2015-12-14 23:57 . 2014-06-13 18:22 81560 ----a-w- c:\windows\system32\mscories.dll 2015-12-14 23:57 . 2014-06-13 18:22 156824 ----a-w- c:\windows\system32\mscorier.dll 2015-12-14 23:57 . 2014-06-15 22:18 1131664 ----a-w- c:\windows\system32\dfshim.dll 2015-12-14 23:52 . 2014-10-10 01:00 146432 ----a-w- c:\windows\system32\msaudite.dll 2015-12-14 23:52 . 2014-10-09 23:22 619520 ----a-w- c:\windows\system32\adtschema.dll 2015-12-14 23:52 . 2014-10-10 01:01 449536 ----a-w- c:\windows\system32\termsrv.dll 2015-12-14 23:51 . 2014-12-19 00:25 115200 ----a-w- c:\windows\system32\drivers\mrxdav.sys 2015-12-14 23:40 . 2014-08-27 00:55 2048 ----a-w- c:\windows\system32\msxml3r.dll 2015-12-14 23:39 . 2014-10-24 01:04 67072 ----a-w- c:\windows\system32\packager.dll 2015-12-14 23:38 . 2015-01-09 00:18 64000 ----a-w- c:\windows\system32\smss.exe 2015-12-14 23:37 . 2015-01-21 02:02 807936 ----a-w- c:\windows\system32\msctf.dll 2015-12-14 23:37 . 2014-08-12 02:25 729600 ----a-w- c:\windows\system32\IMJP10K.DLL 2015-12-14 23:35 . 2014-10-10 01:00 1259008 ----a-w- c:\windows\system32\lsasrv.dll 2015-12-14 23:35 . 2014-10-03 01:17 316928 ----a-w- c:\windows\system32\audiosrv.dll 2015-12-14 23:35 . 2014-10-03 01:18 274432 ----a-w- c:\windows\system32\AUDIOKSE.dll 2015-12-14 23:35 . 2014-10-03 01:17 170496 ----a-w- c:\windows\system32\EncDump.dll 2015-12-14 23:35 . 2014-10-03 01:17 396800 ----a-w- c:\windows\system32\AudioEng.dll 2015-12-14 23:34 . 2014-12-06 03:14 48640 ----a-w- c:\windows\system32\nlaapi.dll 2015-12-14 23:34 . 2014-12-06 03:14 174080 ----a-w- c:\windows\system32\nlasvc.dll 2015-12-14 23:34 . 2014-12-06 03:14 93184 ----a-w- c:\windows\system32\ncsi.dll 2015-12-14 23:33 . 2014-10-18 01:08 564224 ----a-w- c:\windows\system32\oleaut32.dll 2015-12-14 23:32 . 2014-12-08 01:59 306176 ----a-w- c:\windows\system32\scesrv.dll 2015-12-14 19:23 . 2015-12-14 19:24 170200 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys 2015-12-14 19:14 . 2015-10-05 08:50 51928 ----a-w- c:\windows\system32\drivers\mwac.sys 2015-12-14 19:14 . 2015-10-05 08:50 94936 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys 2015-12-14 19:14 . 2015-10-05 08:50 23256 ----a-w- c:\windows\system32\drivers\mbam.sys 2015-12-14 19:14 . 2015-12-14 19:15 -------- d-----w- c:\program files\Malwarebytes Anti-Malware 2015-12-14 15:43 . 2015-12-14 15:43 -------- d-----w- c:\users\TO\AppData\Local\Dropbox 2015-12-14 15:43 . 2015-12-14 15:43 -------- d-----w- c:\programdata\Dropbox . . . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2015-12-14 17:05 . 2013-11-18 22:47 796864 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2015-12-14 17:05 . 2013-11-18 22:47 142528 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2015-10-19 11:38 . 2015-10-19 11:38 252336 ----a-w- c:\windows\system32\drivers\avgidsdriverx.sys 2013-10-12 01:38 . 2013-10-12 01:38 50053120 ----a-w- c:\program files\GUTCB89.tmp 2009-04-17 20:47 . 2009-04-17 20:46 19875528 ----a-w- c:\program files\coolpaie_SP_3.3.0.68.exe 2009-04-17 20:23 . 2009-04-17 20:23 7869591 ----a-w- c:\program files\Podmailing_Setup_0_11_2.exe . . ((((((((((((((((((((((((((((((((( Points de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés REGEDIT4 . [HKEY_LOCAL_MACHINE\SOFTWARE\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}] 2015-12-19 08:10 2410896 ----a-w- c:\program files\AVG Web TuneUp\4.2.4.155\AVG Web TuneUp.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ GoogleDriveBlacklisted] @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}" [HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}] 2015-11-04 13:01 576840 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ GoogleDriveSynced] @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}" [HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}] 2015-11-04 13:01 576840 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ GoogleDriveSyncing] @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}" [HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}] 2015-11-04 13:01 576840 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ OneDrive1] @="{BBACC218-34EA-4666-9D7A-C78F2274A524}" [HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}] 2015-12-17 17:15 1587912 ----a-w- c:\users\TO\AppData\Local\Microsoft\OneDrive\17.3.6281.1202\FileSyncShell.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ OneDrive2] @="{5AB7172C-9C11-405C-8DD5-AF20F3606282}" [HKEY_CLASSES_ROOT\CLSID\{5AB7172C-9C11-405C-8DD5-AF20F3606282}] 2015-12-17 17:15 1587912 ----a-w- c:\users\TO\AppData\Local\Microsoft\OneDrive\17.3.6281.1202\FileSyncShell.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ OneDrive3] @="{A78ED123-AB77-406B-9962-2A5D9D2F7F30}" [HKEY_CLASSES_ROOT\CLSID\{A78ED123-AB77-406B-9962-2A5D9D2F7F30}] 2015-12-17 17:15 1587912 ----a-w- c:\users\TO\AppData\Local\Microsoft\OneDrive\17.3.6281.1202\FileSyncShell.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ OneDrive4] @="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}" [HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}] 2015-12-17 17:15 1587912 ----a-w- c:\users\TO\AppData\Local\Microsoft\OneDrive\17.3.6281.1202\FileSyncShell.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ OneDrive5] @="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}" [HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}] 2015-12-17 17:15 1587912 ----a-w- c:\users\TO\AppData\Local\Microsoft\OneDrive\17.3.6281.1202\FileSyncShell.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1] @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}] 2015-12-08 21:33 199488 ----a-w- c:\users\TO\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2] @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}] 2015-12-08 21:33 199488 ----a-w- c:\users\TO\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3] @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}] 2015-12-08 21:33 199488 ----a-w- c:\users\TO\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4] @="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}] 2015-12-08 21:33 199488 ----a-w- c:\users\TO\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "NoWinKeys"= 1 (0x1) . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\DeviceNP] 2007-06-08 17:04 49152 ------w- c:\windows\System32\DeviceNP.dll . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] @="Driver" . [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk] path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk backup=c:\windows\pss\HP Digital Imaging Monitor.lnk.CommonStartup backupExtension=.CommonStartup . [HKLM\~\startupfolder\C:^Users^TO^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dropbox.lnk] path=c:\users\TO\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk backup=c:\windows\pss\Dropbox.lnk.Startup backupExtension=.Startup . [HKLM\~\startupfolder\C:^Users^TO^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.4.1.lnk] path=c:\users\TO\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk backup=c:\windows\pss\OpenOffice.org 3.4.1.lnk.Startup backupExtension=.Startup . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM] 2013-04-04 08:36 958576 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher] 2013-05-08 21:20 41056 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon] 2013-04-21 20:43 59720 ----a-w- c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Photosmart 5520 series (NET)] 2012-10-17 03:05 1837672 ----a-w- c:\program files\HP\HP Photosmart 5520 series\Bin\ScanToPCActivationApp.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update] 2011-10-28 11:18 49208 ----a-w- c:\program files\HP\HP Software Update\hpwuschd2.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpWirelessAssistant] 2008-04-15 22:51 488752 ----a-w- c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QlbCtrl.exe] 2008-05-14 19:26 177456 ----a-w- c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] 2014-01-17 14:24 421888 ----a-w- c:\program files\QuickTime\QTTask.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sidebar] 2009-04-11 06:28 1233920 ----a-w- c:\program files\Windows Sidebar\sidebar.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] 2014-07-25 10:29 256896 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh] 2008-03-27 19:05 1045800 ----a-w- c:\program files\Synaptics\SynTP\SynTPEnh.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender] 2008-01-21 02:33 1008184 ----a-w- c:\program files\Windows Defender\MSASCui.exe . [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-] "LightScribe Control Panel"=c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-] "HP Health Check Scheduler"=c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe "AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin "IgfxTray"=c:\windows\system32\igfxtray.exe "Persistence"=c:\windows\system32\igfxpers.exe "HotKeysCmds"=c:\windows\system32\hkcmd.exe "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime "PTHOSTTR"=c:\program files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE /Start "PDF Complete"="c:\program files\PDF Complete\pdfsty.exe" "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" "APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" "HP Software Update"=c:\program files\Hp\HP Software Update\HPWuSchd2.exe . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-1091579693-3492347612-461701170-1004] "EnableNotifications"=dword:00000001 "EnableNotificationsRef"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12 LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache . HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs UxTuneUp . [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}] 2008-03-18 01:56 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe . [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}] 2015-12-17 17:04 1000264 ----a-w- c:\program files\Google\Chrome\Application\47.0.2526.106\Installer\chrmstp.exe . Contenu du dossier 'Tâches planifiées' . 2015-12-22 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-11-18 17:05] . 2015-12-22 c:\windows\Tasks\DropboxUpdateTaskUserS-1-5-21-1091579693-3492347612-461701170-1004Core.job - c:\users\TO\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-12-14 15:43] . 2015-12-22 c:\windows\Tasks\DropboxUpdateTaskUserS-1-5-21-1091579693-3492347612-461701170-1004UA.job - c:\users\TO\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-12-14 15:43] . 2015-12-22 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2014-06-11 16:34] . 2015-12-22 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2014-06-11 16:34] . 2014-03-30 c:\windows\Tasks\Maintenance en 1 clic.job - c:\program files\TuneUp Utilities 2009\OneClickStarter.exe [2008-12-12 14:04] . . ------- Examen supplémentaire ------- . uStart Page = https://mysearch.avg.com/?cid={064384DA-8DCF-4D82-9692-42DEB88B38C6}&mid=811bc8c512f847d39699d16b22605fcb-70287c5c0e557a6f5c90d94a5c94205cb086d5a9&lang=fr&ds=AVG&coid=avgtbavg&cmpid=1215av&pr=fr&d=2015-12-19 09:12&v=4.2.4.155&pid=wtu&sg=&sap=hp mStart Page = hxxp://www.google.com IE: &Envoyer à OneNote - c:\progra~1\MICROS~4\Office14\ONBttnIE.dll/105 IE: Convertir les liens sélectionnés en fichier Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~4\Office14\EXCEL.EXE/3000 IE: Envoyer à &Bluetooth - c:\program files\WIDCOMM\Logiciel Bluetooth\btsendto_ie_ctx.htm Trusted Zone: clonewarsadventures.com Trusted Zone: freerealms.com Trusted Zone: soe.com Trusted Zone: sony.com FF - ProfilePath - c:\users\TO\AppData\Roaming\Mozilla\Firefox\Profiles\4stolb28.default-1384451292283\ . - - - - ORPHELINS SUPPRIMES - - - - . MSConfigStartUp-BCSSync - c:\program files\Microsoft Office\Office14\BCSSync.exe MSConfigStartUp-iTunesHelper - c:\program files\iTunes\iTunesHelper.exe MSConfigStartUp-SoundMAXPnP - c:\program files\Analog Devices\Core\smax4pnp.exe MSConfigStartUp-TkBellExe - c:\program files\Common Files\Real\Update_OB\realsched.exe MSConfigStartUp-VirtualCloneDrive - c:\program files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe . . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2015-12-22 16:36 Windows 6.0.6002 Service Pack 2 NTFS . Recherche de processus cachés ... . Recherche d'éléments en démarrage automatique cachés ... . Recherche de fichiers cachés ... . Scan terminé avec succès Fichiers cachés: 0 . ************************************************************************** . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\pdfcDispatcher] "ImagePath"="c:\program files\PDF Complete\pdfsvc.exe /startedbyscm:66B66708-40E2BE4D-pdfcService" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\npggsvc] "ImagePath"="c:\windows\system32\GameMon.des -service" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\TrueSight] "ImagePath"="\??\" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\.NET CLR Data] . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\.NET CLR Networking] . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\.NET CLR Networking 4.0.0.0] . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\.NET Data Provider for Oracle] . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\.NET Data Provider for SqlServer] . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\.NET Memory Cache 4.0] . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\.NETFramework] . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\ACPI] "ImagePath"="system32\drivers\acpi.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\adfs] . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\ADIHdAudAddService] "ImagePath"="system32\drivers\ADIHdAud.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\AdobeDriveCS4_NP] . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\AdobeFlashPlayerUpdateSvc] "ImagePath"="c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\adp94xx] "ImagePath"="system32\drivers\adp94xx.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\adpahci] "ImagePath"="system32\drivers\adpahci.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\adpu160m] "ImagePath"="system32\drivers\adpu160m.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\adpu320] "ImagePath"="system32\drivers\adpu320.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\adsi] . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\AEADIFilters] "ImagePath"="%SystemRoot%\system32\AEADISRV.EXE" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\AeLookupSvc] "ServiceDll"="%SystemRoot%\System32\aelupsvc.dll" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\AFD] "ImagePath"="\SystemRoot\system32\drivers\afd.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\AgereModemAudio] "ImagePath"="c:\windows\system32\agrsmsvc.exe" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\AgereSoftModem] "ImagePath"="system32\DRIVERS\AGRSM.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\agp440] "ImagePath"="\SystemRoot\system32\drivers\agp440.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\aic78xx] "ImagePath"="system32\drivers\djsvs.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\ALG] "ImagePath"="%SystemRoot%\System32\alg.exe" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\aliide] "ImagePath"="system32\drivers\aliide.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\amdagp] "ImagePath"="\SystemRoot\system32\drivers\amdagp.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\amdide] "ImagePath"="system32\drivers\amdide.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\AmdK7] "ImagePath"="\SystemRoot\system32\drivers\amdk7.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\AmdK8] "ImagePath"="system32\DRIVERS\amdk8.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Appinfo] "ServiceDll"="%SystemRoot%\System32\appinfo.dll" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\AppMgmt] "ServiceDll"="%SystemRoot%\System32\appmgmts.dll" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\arc] "ImagePath"="system32\drivers\arc.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\arcsas] "ImagePath"="system32\drivers\arcsas.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\ASP.NET] . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\ASP.NET_1.1.4322] . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\ASP.NET_2.0.50727] . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\ASP.NET_4.0.30319] . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Aspi32] . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\aspnet_state] "ImagePath"="%SystemRoot%\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\AsyncMac] "ImagePath"="system32\DRIVERS\asyncmac.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\atapi] "ImagePath"="system32\drivers\atapi.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\athrusb] "ImagePath"="system32\DRIVERS\athrusb.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\atksgt] "ImagePath"="system32\DRIVERS\atksgt.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\AudioEndpointBuilder] "ServiceDll"="%SystemRoot%\System32\Audiosrv.dll" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Audiosrv] "ServiceDll"="%SystemRoot%\System32\Audiosrv.dll" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Avg] . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Avgdiskx] "ImagePath"="system32\DRIVERS\avgdiskx.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\AVGIDSAgent] "ImagePath"="\"c:\program files\AVG\AVG2015\avgidsagent.exe\"" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\AVGIDSDriver] "ImagePath"="system32\DRIVERS\avgidsdriverx.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\AVGIDSHX] "ImagePath"="system32\DRIVERS\avgidshx.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\AVGIDSShim] "ImagePath"="system32\DRIVERS\avgidsshimx.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Avgldx86] "ImagePath"="system32\DRIVERS\avgldx86.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Avglogx] "ImagePath"="system32\DRIVERS\avglogx.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Avgmfx86] "ImagePath"="system32\DRIVERS\avgmfx86.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Avgrkx86] "ImagePath"="system32\DRIVERS\avgrkx86.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Avgtdix] "ImagePath"="system32\DRIVERS\avgtdix.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\avgwd] "ImagePath"="\"c:\program files\AVG\AVG2015\avgwdsvc.exe\"" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\b57nd60x] "ImagePath"="system32\DRIVERS\b57nd60x.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\BattC] "MofImagePath"="system32\drivers\battc.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\BCM43XX] "ImagePath"="system32\DRIVERS\bcmwl6.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Beep] . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\BFE] "ServiceDll"="%SystemRoot%\System32\bfe.dll" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\BITS] "ServiceDll"="%systemroot%\system32\qmgr.dll" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\blbdrive] "ImagePath"="\SystemRoot\system32\drivers\blbdrive.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\bowser] "ImagePath"="system32\DRIVERS\bowser.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\BrFiltLo] "ImagePath"="\SystemRoot\system32\drivers\brfiltlo.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\BrFiltUp] "ImagePath"="\SystemRoot\system32\drivers\brfiltup.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Browser] "ServiceDll"="%SystemRoot%\System32\browser.dll" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Brserid] "ImagePath"="\SystemRoot\system32\drivers\brserid.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\BrSerWdm] "ImagePath"="\SystemRoot\system32\drivers\brserwdm.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\BrUsbMdm] "ImagePath"="\SystemRoot\system32\drivers\brusbmdm.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\BrUsbSer] "ImagePath"="\SystemRoot\system32\drivers\brusbser.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\btaudio] "ImagePath"="system32\drivers\btaudio.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\BTDriver] "ImagePath"="system32\DRIVERS\btport.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\BTHMODEM] "ImagePath"="\SystemRoot\system32\drivers\bthmodem.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\BTHPORT] . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\BTKRNL] "ImagePath"="system32\DRIVERS\btkrnl.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\catchme] "ImagePath"="\??\c:\users\TO\AppData\Local\Temp\catchme.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\cdfs] "ImagePath"="system32\DRIVERS\cdfs.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\cdrom] "ImagePath"="system32\DRIVERS\cdrom.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\CertPropSvc] "ServiceDll"="%SystemRoot%\System32\certprop.dll" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\circlass] "ImagePath"="\SystemRoot\system32\drivers\circlass.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\CLFS] "ImagePath"="System32\CLFS.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\clr_optimization_v2.0.50727_32] "ImagePath"="%systemroot%\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\clr_optimization_v4.0.30319_32] "ImagePath"="c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\CmBatt] "ImagePath"="system32\DRIVERS\CmBatt.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\cmdide] "ImagePath"="system32\drivers\cmdide.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Com4QLBEx] "ImagePath"="\"c:\program files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe\"" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Compbatt] "ImagePath"="system32\DRIVERS\compbatt.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\COMSysApp] "ImagePath"="%SystemRoot%\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235}" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\crcdisk] "ImagePath"="system32\drivers\crcdisk.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Crusoe] "ImagePath"="\SystemRoot\system32\drivers\crusoe.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\crypt32] . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\CryptSvc] "ServiceDll"="%SystemRoot%\system32\cryptsvc.dll" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\DAMDrv] "ImagePath"="system32\DRIVERS\DAMDrv.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\DCLocator] . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\DcomLaunch] "ServiceDll"="%SystemRoot%\system32\rpcss.dll" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\DfsC] "ImagePath"="System32\Drivers\dfsc.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\DFSR] "ImagePath"="%SystemRoot%\system32\DFSR.exe" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Dhcp] "ServiceDll"="%SystemRoot%\system32\dhcpcsvc.dll" -- . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\disk] "ImagePath"="system32\drivers\disk.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Dnscache] "ServiceDll"="%SystemRoot%\System32\dnsrslvr.dll" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\dot3svc] "ServiceDll"="%SystemRoot%\System32\dot3svc.dll" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\dot4] "ImagePath"="system32\DRIVERS\Dot4.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Dot4Print] "ImagePath"="system32\DRIVERS\Dot4Prt.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Dot4Scan] "ImagePath"="system32\DRIVERS\Dot4Scan.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\dot4usb] "ImagePath"="system32\DRIVERS\dot4usb.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\DPS] "ServiceDll"="%SystemRoot%\system32\dps.dll" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\drmkaud] "ImagePath"="system32\drivers\drmkaud.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\DXGKrnl] "ImagePath"="\SystemRoot\System32\drivers\dxgkrnl.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\e1express] "ImagePath"="system32\DRIVERS\e1e6032.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\E1G60] "ImagePath"="system32\DRIVERS\E1G60I32.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\EapHost] "ServiceDll"="%SystemRoot%\System32\eapsvc.dll" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Ecache] "ImagePath"="System32\drivers\ecache.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\elxstor] "ImagePath"="system32\drivers\elxstor.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\EmdCache] . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\EMDMgmt] "ServiceDll"="%systemroot%\system32\emdmgmt.dll" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\ErrDev] "ImagePath"="\SystemRoot\system32\drivers\errdev.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\ESENT] . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Eventlog] "ServiceDll"="%SystemRoot%\System32\wevtsvc.dll" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\EventSystem] "ServiceDll"="%systemroot%\system32\es.dll" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\ewusbnet] "ImagePath"="system32\DRIVERS\ewusbnet.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\ew_hwusbdev] "ImagePath"="system32\DRIVERS\ew_hwusbdev.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\exfat] . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\fastfat] . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\fdc] "ImagePath"="system32\DRIVERS\fdc.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\fdPHost] "ServiceDll"="%SystemRoot%\system32\fdPHost.dll" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\FDResPub] "ServiceDll"="%SystemRoot%\system32\fdrespub.dll" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\FileInfo] "ImagePath"="system32\drivers\fileinfo.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Filetrace] "ImagePath"="system32\drivers\filetrace.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\FLCDLOCK] "ImagePath"="c:\windows\system32\flcdlock.exe" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\FLEXnet Licensing Service] "ImagePath"="\"c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe\"" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\flpydisk] "ImagePath"="system32\DRIVERS\flpydisk.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\FltMgr] "ImagePath"="system32\drivers\fltmgr.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\FontCache] "ServiceDll"="%SystemRoot%\system32\FntCache.dll" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\FontCache3.0.0.0] "ImagePath"="%systemroot%\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Fs_Rec] . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\gagp30kx] "ImagePath"="\SystemRoot\system32\drivers\gagp30kx.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\gpsvc] "ServiceDll"="%SystemRoot%\System32\gpsvc.dll" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\gupdate] "ImagePath"="\"c:\program files\Google\Update\GoogleUpdate.exe\" /svc" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\gupdatem] "ImagePath"="\"c:\program files\Google\Update\GoogleUpdate.exe\" /medsvc" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\HBtnKey] "ImagePath"="system32\DRIVERS\cpqbttn.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\HdAudAddService] "ImagePath"="system32\drivers\HdAudio.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\HDAudBus] "ImagePath"="system32\DRIVERS\HDAudBus.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\HidBth] "ImagePath"="\SystemRoot\system32\drivers\hidbth.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\HidIr] "ImagePath"="\SystemRoot\system32\drivers\hidir.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\hidserv] "ServiceDll"="%SystemRoot%\System32\hidserv.dll" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\HidUsb] "ImagePath"="system32\DRIVERS\hidusb.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\hkmsvc] "ServiceDLL"="%SystemRoot%\system32\kmsvc.dll" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\HP Health Check Service] "ImagePath"="\"c:\program files\Hewlett-Packard\HP Health Check\hphc_service.exe\"" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\HpCISSs] "ImagePath"="system32\drivers\hpcisss.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\HpqKbFiltr] "ImagePath"="system32\DRIVERS\HpqKbFiltr.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\hpqwmiex] "ImagePath"="\"c:\program files\Hewlett-Packard\Shared\hpqWmiEx.exe\"" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\HTTP] "ImagePath"="system32\drivers\HTTP.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\huawei_enumerator] "ImagePath"="system32\DRIVERS\ew_jubusenum.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\huawei_update] . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\hwcdcmdm0] . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\hwdatacard] "ImagePath"="system32\DRIVERS\ewusbmdm.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\HWHandSet] . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\hwusbapp] . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\hwusbdev] "ImagePath"="system32\DRIVERS\ewusbdev.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\hwusbser] . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\hw_usbdev] . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\i2omp] "ImagePath"="system32\drivers\i2omp.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\i8042prt] "ImagePath"="system32\DRIVERS\i8042prt.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\IAANTMON] "ImagePath"="c:\program files\Intel\Intel Matrix Storage Manager\IAANTMon.exe" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\ialm] . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\iaStor] "ImagePath"="system32\drivers\iastor.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\iaStorV] "ImagePath"="system32\drivers\iastorv.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\IDriverT] "ImagePath"="\"c:\program files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe\"" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\idsvc] "ImagePath"="\"%systemroot%\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe\"" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\igfx] "ImagePath"="system32\DRIVERS\igdkmd32.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\iirsp] "ImagePath"="system32\drivers\iirsp.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\IKEEXT] "ServiceDll"="%SystemRoot%\System32\ikeext.dll" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\inetaccs] . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\intelide] "ImagePath"="system32\drivers\intelide.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\intelppm] "ImagePath"="system32\DRIVERS\intelppm.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\IPBusEnum] "ServiceDll"="%SystemRoot%\system32\ipbusenum.dll" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\IpFilterDriver] "ImagePath"="system32\DRIVERS\ipfltdrv.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\iphlpsvc] "ServiceDll"="%SystemRoot%\System32\iphlpsvc.dll" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\IpInIp] "ImagePath"="system32\DRIVERS\ipinip.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\IPMIDRV] "ImagePath"="\SystemRoot\system32\drivers\ipmidrv.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\IPNAT] "ImagePath"="system32\DRIVERS\ipnat.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\IRENUM] "ImagePath"="system32\drivers\irenum.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\isapnp] "ImagePath"="system32\drivers\isapnp.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\iScsiPrt] "ImagePath"="system32\DRIVERS\msiscsi.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\iteatapi] "ImagePath"="system32\drivers\iteatapi.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\iteraid] "ImagePath"="system32\drivers\iteraid.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\IviRegMgr] "ImagePath"="c:\program files\Common Files\InterVideo\RegMgr\iviRegMgr.exe" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\kbdclass] "ImagePath"="system32\DRIVERS\kbdclass.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\kbdhid] "ImagePath"="system32\DRIVERS\kbdhid.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\KeyIso] "ImagePath"="%SystemRoot%\system32\lsass.exe" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\KMWDFILTER] "ImagePath"="system32\DRIVERS\KMWDFILTER.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\KSecDD] "ImagePath"="System32\Drivers\ksecdd.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\KtmRm] "ServiceDll"="%systemroot%\system32\msdtckrm.dll" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\LanmanServer] "ServiceDll"="%SystemRoot%\System32\srvsvc.dll" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\LanmanWorkstation] "ServiceDll"="%SystemRoot%\System32\wkssvc.dll" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\ldap] . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\LightScribeService] "ImagePath"="\"c:\program files\Common Files\LightScribe\LSSrvc.exe\"" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\lirsgt] "ImagePath"="system32\DRIVERS\lirsgt.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\lltdio] "ImagePath"="system32\DRIVERS\lltdio.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\lltdsvc] "ServiceDll"="%SystemRoot%\System32\lltdsvc.dll" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\lmhosts] "ServiceDll"="%SystemRoot%\System32\lmhsvc.dll" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Lsa] . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\LSI_FC] "ImagePath"="system32\drivers\lsi_fc.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\LSI_SAS] "ImagePath"="system32\drivers\lsi_sas.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\LSI_SCSI] "ImagePath"="system32\drivers\lsi_scsi.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\luafv] "ImagePath"="\SystemRoot\system32\drivers\luafv.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\mamotou] "ImagePath"="system32\DRIVERS\mamotou.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\MaVctrl] "ImagePath"="system32\DRIVERS\MaVc2K.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\MBAMProtector] "ImagePath"="\??\c:\windows\system32\drivers\mbam.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\MBAMService] "ImagePath"="\"c:\program files\Malwarebytes Anti-Malware\mbamservice.exe\"" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\MBAMWebAccessControl] "ImagePath"="\??\c:\windows\system32\drivers\mwac.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\mcdbus] "ImagePath"="system32\DRIVERS\mcdbus.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\megasas] "ImagePath"="system32\drivers\megasas.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\MegaSR] "ImagePath"="system32\drivers\megasr.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\MMCSS] "ServiceDll"="%SystemRoot%\system32\mmcss.dll" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Modem] "ImagePath"="system32\drivers\modem.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\monitor] "ImagePath"="system32\DRIVERS\monitor.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\motmodem] "ImagePath"="system32\DRIVERS\motmodem.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\mouclass] "ImagePath"="system32\DRIVERS\mouclass.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\mouhid] "ImagePath"="system32\DRIVERS\mouhid.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\MountMgr] "ImagePath"="System32\drivers\mountmgr.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\MozillaMaintenance] "ImagePath"="\"c:\program files\Mozilla Maintenance Service\maintenanceservice.exe\"" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\mpio] "ImagePath"="system32\drivers\mpio.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\mpsdrv] "ImagePath"="System32\drivers\mpsdrv.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\MpsSvc] "ServiceDll"="%SystemRoot%\system32\mpssvc.dll" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Mraid35x] "ImagePath"="system32\drivers\mraid35x.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\MRxDAV] "ImagePath"="\SystemRoot\system32\drivers\mrxdav.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\mrxsmb] "ImagePath"="system32\DRIVERS\mrxsmb.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\mrxsmb10] "ImagePath"="system32\DRIVERS\mrxsmb10.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\mrxsmb20] "ImagePath"="system32\DRIVERS\mrxsmb20.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\msahci] "ImagePath"="system32\drivers\msahci.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\msdsm] "ImagePath"="system32\drivers\msdsm.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\MSDTC] "ImagePath"="%SystemRoot%\System32\msdtc.exe" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\MSDTC Bridge 3.0.0.0] . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\MSDTC Bridge 4.0.0.0] . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Msfs] . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\msisadrv] "ImagePath"="system32\drivers\msisadrv.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\MSiSCSI] "ServiceDll"="%systemroot%\system32\iscsiexe.dll" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\msiserver] "ImagePath"="%systemroot%\system32\msiexec.exe /V" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\MSKSSRV] "ImagePath"="system32\drivers\MSKSSRV.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\MSPCLOCK] "ImagePath"="system32\drivers\MSPCLOCK.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\MSPQM] "ImagePath"="system32\drivers\MSPQM.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\MsRPC] . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\MSSCNTRS] . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\mssmbios] "ImagePath"="system32\DRIVERS\mssmbios.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\MSTEE] "ImagePath"="system32\drivers\MSTEE.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Mup] "ImagePath"="System32\Drivers\mup.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\napagent] "ServiceDLL"="%SystemRoot%\system32\qagentRT.dll" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\NativeWifiP] "ImagePath"="system32\DRIVERS\nwifi.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\NDIS] "ImagePath"="system32\drivers\ndis.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\NdisTapi] "ImagePath"="system32\DRIVERS\ndistapi.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Ndisuio] "ImagePath"="system32\DRIVERS\ndisuio.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\NdisWan] "ImagePath"="system32\DRIVERS\ndiswan.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\NDProxy] . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Net Driver HPZ12] "ServiceDll"="c:\windows\system32\HPZinw12.dll" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\NetBIOS] "ImagePath"="system32\DRIVERS\netbios.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\netbt] "ImagePath"="System32\DRIVERS\netbt.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Netlogon] "ImagePath"="%SystemRoot%\system32\lsass.exe" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Netman] "ServiceDll"="%SystemRoot%\System32\netman.dll" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\NetMsmqActivator] "ImagePath"="\"c:\windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe\" -NetMsmqActivator" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\NetPipeActivator] "ImagePath"="c:\windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\netprofm] "ServiceDll"="%SystemRoot%\System32\netprofm.dll" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\NetTcpActivator] "ImagePath"="c:\windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\NetTcpPortSharing] "ImagePath"="c:\windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\nfrd960] "ImagePath"="system32\drivers\nfrd960.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\NlaSvc] "ServiceDll"="%SystemRoot%\System32\nlasvc.dll" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Npfs] . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\npggsvc] "ImagePath"="c:\windows\system32\GameMon.des -service" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\nsi] "ServiceDll"="%systemroot%\system32\nsisvc.dll" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\nsiproxy] "ImagePath"="system32\drivers\nsiproxy.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\NTDS] . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Ntfs] . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\ntrigdigi] "ImagePath"="\SystemRoot\system32\drivers\ntrigdigi.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Null] . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\nvraid] "ImagePath"="system32\drivers\nvraid.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\nvstor] "ImagePath"="system32\drivers\nvstor.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\nv_agp] "ImagePath"="\SystemRoot\system32\drivers\nv_agp.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\NwlnkFlt] "ImagePath"="system32\DRIVERS\nwlnkflt.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\NwlnkFwd] "ImagePath"="system32\DRIVERS\nwlnkfwd.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\ohci1394] "ImagePath"="system32\DRIVERS\ohci1394.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\ose] "ImagePath"="\"c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE\"" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\osppsvc] "ImagePath"="\"c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE\"" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Outlook] . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\p2pimsvc] "ServiceDll"="%SystemRoot%\system32\p2psvc.dll" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\p2psvc] "ServiceDll"="%SystemRoot%\system32\p2psvc.dll" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Parport] "ImagePath"="system32\DRIVERS\parport.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\partmgr] "ImagePath"="System32\drivers\partmgr.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Parvdm] "ImagePath"="system32\DRIVERS\parvdm.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\PcaSvc] "ServiceDll"="%SystemRoot%\System32\pcasvc.dll" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\pci] "ImagePath"="system32\drivers\pci.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\pciide] "ImagePath"="system32\DRIVERS\pciide.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\pcmcia] "ImagePath"="system32\DRIVERS\pcmcia.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\pdfcDispatcher] "ImagePath"="c:\program files\PDF Complete\pdfsvc.exe /startedbyscm:66B66708-40E2BE4D-pdfcService" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\PEAUTH] "ImagePath"="system32\drivers\peauth.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\PerfDisk] . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\PerfNet] . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\PerfOS] . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\PerfProc] . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\pla] "ServiceDll"="%systemroot%\system32\pla.dll" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\PlugPlay] "ServiceDll"="%SystemRoot%\system32\umpnpmgr.dll" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Pml Driver HPZ12] "ServiceDll"="c:\windows\system32\HPZipm12.dll" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\PNRPAutoReg] "ServiceDll"="%SystemRoot%\system32\p2psvc.dll" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\PNRPsvc] "ServiceDll"="%SystemRoot%\system32\p2psvc.dll" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\PolicyAgent] "ServiceDll"="%SystemRoot%\System32\ipsecsvc.dll" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\PortProxy] . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\PptpMiniport] "ImagePath"="system32\DRIVERS\raspptp.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Processor] "ImagePath"="\SystemRoot\system32\drivers\processr.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\ProfSvc] "ServiceDll"="%systemroot%\system32\profsvc.dll" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\ProtectedStorage] "ImagePath"="%SystemRoot%\system32\lsass.exe" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\PSched] "ImagePath"="system32\DRIVERS\pacer.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\ql2300] "ImagePath"="system32\drivers\ql2300.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\ql40xx] "ImagePath"="system32\drivers\ql40xx.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\QWAVE] "ServiceDll"="%windir%\system32\qwave.dll" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\QWAVEdrv] "ImagePath"="\SystemRoot\system32\drivers\qwavedrv.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\RasAcd] "ImagePath"="System32\DRIVERS\rasacd.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\RasAuto] "ServiceDll"="%SystemRoot%\System32\rasauto.dll" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Rasl2tp] "ImagePath"="system32\DRIVERS\rasl2tp.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\RasMan] "ServiceDll"="%SystemRoot%\System32\rasmans.dll" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\RasPppoe] "ImagePath"="system32\DRIVERS\raspppoe.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\RasSstp] "ImagePath"="system32\DRIVERS\rassstp.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\rdbss] "ImagePath"="system32\DRIVERS\rdbss.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\RDPCDD] "ImagePath"="System32\DRIVERS\RDPCDD.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\RDPDD] . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\rdpdr] "ImagePath"="\SystemRoot\system32\drivers\rdpdr.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\RDPENCDD] "ImagePath"="system32\drivers\rdpencdd.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\RDPNP] . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\RDPWD] . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\RemoteAccess] "ServiceDLL"="%SystemRoot%\System32\mprdim.dll" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\RemoteRegistry] "ServiceDll"="%SystemRoot%\system32\regsvc.dll" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\RpcLocator] "ImagePath"="%SystemRoot%\system32\locator.exe" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\RpcSs] "ServiceDll"="%SystemRoot%\system32\rpcss.dll" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\rspndr] "ImagePath"="system32\DRIVERS\rspndr.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\RVIEGVST] "ImagePath"="\??\c:\program files\Roland\Virtual Sound Canvas VST\RVIEg01VST.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\SamSs] "ImagePath"="%SystemRoot%\system32\lsass.exe" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\sbp2port] "ImagePath"="system32\drivers\sbp2port.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\SCardSvr] "ServiceDll"="%SystemRoot%\System32\SCardSvr.dll" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Schedule] "ServiceDll"="%systemroot%\system32\schedsvc.dll" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\SCPolicySvc] "ServiceDll"="%SystemRoot%\System32\certprop.dll" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\SDRSVC] "ServiceDll"="%Systemroot%\System32\SDRSVC.dll" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\secdrv] . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\seclogon] "ServiceDll"="%windir%\system32\seclogon.dll" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\SENS] "ServiceDll"="%SystemRoot%\system32\sens.dll" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Serenum] "ImagePath"="\SystemRoot\system32\drivers\serenum.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Serial] "ImagePath"="\SystemRoot\system32\drivers\serial.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\sermouse] "ImagePath"="\SystemRoot\system32\drivers\sermouse.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\ServiceModelEndpoint 3.0.0.0] . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\ServiceModelOperation 3.0.0.0] . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\ServiceModelService 3.0.0.0] . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\SessionEnv] "ServiceDLL"="%SystemRoot%\system32\sessenv.dll" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\sffdisk] "ImagePath"="\SystemRoot\system32\drivers\sffdisk.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\sffp_mmc] "ImagePath"="\SystemRoot\system32\drivers\sffp_mmc.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\sffp_sd] "ImagePath"="\SystemRoot\system32\drivers\sffp_sd.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\sfloppy] "ImagePath"="\SystemRoot\system32\drivers\sfloppy.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\SharedAccess] "ServiceDll"="%SystemRoot%\System32\ipnathlp.dll" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\ShellHWDetection] "ServiceDll"="%SystemRoot%\System32\shsvcs.dll" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\sisagp] "ImagePath"="\SystemRoot\system32\drivers\sisagp.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\SiSRaid2] "ImagePath"="system32\drivers\sisraid2.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\SiSRaid4] "ImagePath"="system32\drivers\sisraid4.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\SkypeUpdate] "ImagePath"="\"c:\program files\Skype\Updater\Updater.exe\"" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\slsvc] "ImagePath"="%SystemRoot%\system32\SLsvc.exe" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\SLUINotify] "ServiceDll"="%SystemRoot%\system32\SLUINotify.dll" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Smb] "ImagePath"="system32\DRIVERS\smb.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\SMSvcHost 3.0.0.0] . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\SMSvcHost 4.0.0.0] . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\SNMPTRAP] "ImagePath"="%SystemRoot%\System32\snmptrap.exe" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\spldr] . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Spooler] "ImagePath"="%SystemRoot%\System32\spoolsv.exe" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\sptd] "ImagePath"="\SystemRoot\System32\Drivers\sptd.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\srv] "ImagePath"="System32\DRIVERS\srv.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\srv2] "ImagePath"="System32\DRIVERS\srv2.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\srvnet] "ImagePath"="System32\DRIVERS\srvnet.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\SSDPSRV] "ServiceDll"="%SystemRoot%\System32\ssdpsrv.dll" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\SstpSvc] "ServiceDll"="%SystemRoot%\system32\sstpsvc.dll" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\StillCam] "ImagePath"="system32\DRIVERS\serscan.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\stisvc] "ServiceDll"="%SystemRoot%\System32\wiaservc.dll" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\swenum] "ImagePath"="system32\DRIVERS\swenum.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\swprv] "ServiceDll"="%Systemroot%\System32\swprv.dll" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Symc8xx] "ImagePath"="system32\drivers\symc8xx.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Sym_hi] "ImagePath"="system32\drivers\sym_hi.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Sym_u3] "ImagePath"="system32\drivers\sym_u3.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\synasusb] "ImagePath"="System32\Drivers\synasusb.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\SynTP] "ImagePath"="system32\DRIVERS\SynTP.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\SysMain] "ServiceDll"="%systemroot%\system32\sysmain.dll" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\TabletInputService] "ServiceDll"="%SystemRoot%\System32\TabSvc.dll" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\TapiSrv] "ServiceDll"="%SystemRoot%\System32\tapisrv.dll" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\TASCAM_US122144] . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\TBS] "ServiceDll"="%SystemRoot%\System32\tbssvc.dll" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Tcpip] "ImagePath"="System32\drivers\tcpip.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Tcpip6] "ImagePath"="system32\DRIVERS\tcpip.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\tcpipreg] "ImagePath"="System32\drivers\tcpipreg.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\TDPIPE] "ImagePath"="system32\drivers\tdpipe.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\TDTCP] "ImagePath"="system32\drivers\tdtcp.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\tdx] "ImagePath"="system32\DRIVERS\tdx.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\teamviewervpn] "ImagePath"="system32\DRIVERS\teamviewervpn.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\TermDD] "ImagePath"="system32\DRIVERS\termdd.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\TermService] "ServiceDll"="%SystemRoot%\System32\termsrv.dll" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Themes] "ServiceDll"="%SystemRoot%\system32\shsvcs.dll" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\THREADORDER] "ServiceDll"="%SystemRoot%\system32\mmcss.dll" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\TPM] "ImagePath"="system32\drivers\tpm.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\TrkWks] "ServiceDll"="%SystemRoot%\System32\trkwks.dll" -- . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\TrueSight] "ImagePath"="\??\" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\TrustedInstaller] "ImagePath"="%SystemRoot%\servicing\TrustedInstaller.exe" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\TSDDD] . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\tssecsrv] "ImagePath"="System32\DRIVERS\tssecsrv.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\TuneUp.Defrag] "ImagePath"="%SystemRoot%\System32\TuneUpDefragService.exe" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\TuneUp.ProgramStatisticsSvc] "ImagePath"="%SystemRoot%\System32\TUProgSt.exe" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\tunmp] "ImagePath"="system32\DRIVERS\tunmp.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\tunnel] "ImagePath"="system32\DRIVERS\tunnel.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\uagp35] "ImagePath"="\SystemRoot\system32\drivers\uagp35.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\udfs] "ImagePath"="system32\DRIVERS\udfs.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\UGatherer] . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\UGTHRSVC] . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\UI0Detect] "ImagePath"="%SystemRoot%\system32\UI0Detect.exe" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\uliagpkx] "ImagePath"="\SystemRoot\system32\drivers\uliagpkx.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\uliahci] "ImagePath"="system32\drivers\uliahci.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\UlSata] "ImagePath"="system32\drivers\ulsata.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\ulsata2] "ImagePath"="system32\drivers\ulsata2.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\umbus] "ImagePath"="system32\DRIVERS\umbus.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\upnphost] "ServiceDll"="%SystemRoot%\System32\upnphost.dll" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\US122] "ImagePath"="System32\Drivers\US122.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\US122DL] "ImagePath"="System32\Drivers\US122DL.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Us122WdmService] "ImagePath"="System32\Drivers\US122Wdm.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\usb] . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\USBAAPL] "ImagePath"="System32\Drivers\usbaapl.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\usbaudio] "ImagePath"="system32\drivers\usbaudio.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\usbccgp] "ImagePath"="system32\DRIVERS\usbccgp.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\usbcir] "ImagePath"="\SystemRoot\system32\drivers\usbcir.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\usbehci] "ImagePath"="system32\DRIVERS\usbehci.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\usbhub] "ImagePath"="system32\DRIVERS\usbhub.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\usbohci] "ImagePath"="system32\DRIVERS\usbohci.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\usbprint] "ImagePath"="system32\DRIVERS\usbprint.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\usbscan] "ImagePath"="system32\DRIVERS\usbscan.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\USBSTOR] "ImagePath"="system32\DRIVERS\USBSTOR.SYS" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\usbuhci] "ImagePath"="system32\DRIVERS\usbuhci.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\UxSms] "ServiceDll"="%SystemRoot%\System32\uxsms.dll" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\UxTuneUp] "ServiceDll"="%SystemRoot%\System32\uxtuneup.dll" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\vds] "ImagePath"="%SystemRoot%\System32\vds.exe" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\vga] "ImagePath"="system32\DRIVERS\vgapnp.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\VgaSave] "ImagePath"="\SystemRoot\System32\drivers\vga.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\viaagp] "ImagePath"="\SystemRoot\system32\drivers\viaagp.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\ViaC7] "ImagePath"="\SystemRoot\system32\drivers\viac7.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\viaide] "ImagePath"="system32\drivers\viaide.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\volmgr] "ImagePath"="system32\drivers\volmgr.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\volmgrx] "ImagePath"="System32\drivers\volmgrx.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\volsnap] "ImagePath"="system32\drivers\volsnap.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\vsmraid] "ImagePath"="system32\drivers\vsmraid.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\VSS] "ImagePath"="%systemroot%\system32\vssvc.exe" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\vToolbarUpdater40.2.4] "ImagePath"="\"c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\40.2.4\ToolbarUpdater.exe\"" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\W32Time] "ServiceDll"="%systemroot%\system32\w32time.dll" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\W3SVC] . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\WacomPen] "ImagePath"="\SystemRoot\system32\drivers\wacompen.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Wanarp] "ImagePath"="system32\DRIVERS\wanarp.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Wanarpv6] "ImagePath"="system32\DRIVERS\wanarp.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\wcncsvc] "ServiceDll"="%SystemRoot%\System32\wcncsvc.dll" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\WcsPlugInService] "ServiceDll"="%SystemRoot%\System32\WcsPlugInService.dll" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Wd] "ImagePath"="system32\drivers\wd.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Wdf01000] "ImagePath"="system32\drivers\Wdf01000.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\WdiServiceHost] "ServiceDll"="%SystemRoot%\system32\wdi.dll" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\WdiSystemHost] "ServiceDll"="%SystemRoot%\system32\wdi.dll" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\WebClient] "ServiceDll"="%SystemRoot%\System32\webclnt.dll" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Wecsvc] "ServiceDll"="%SystemRoot%\system32\wecsvc.dll" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\wercplsupport] "ServiceDll"="%SystemRoot%\System32\wercplsupport.dll" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\WerSvc] "ServiceDll"="%SystemRoot%\System32\WerSvc.dll" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\WinDefend] "ServiceDll"="%ProgramFiles%\Windows Defender\mpsvc.dll" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Windows Workflow Foundation 3.0.0.0] . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Windows Workflow Foundation 4.0.0.0] . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\WinHttpAutoProxySvc] "ServiceDll"="winhttp.dll" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Winmgmt] "ServiceDll"="%SystemRoot%\system32\wbem\WMIsvc.dll" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\WinRM] "ServiceDll"="%SystemRoot%\system32\WsmSvc.dll" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Winsock] . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\WinSock2] . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\WinUSB] "ImagePath"="system32\DRIVERS\WinUSB.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Wlansvc] "ServiceDll"="%SystemRoot%\System32\wlansvc.dll" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\WmiAcpi] "ImagePath"="system32\DRIVERS\wmiacpi.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\WmiApRpl] . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\wmiApSrv] "ImagePath"="%systemroot%\system32\wbem\WmiApSrv.exe" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\WMPNetworkSvc] "ImagePath"="\"%ProgramFiles%\Windows Media Player\wmpnetwk.exe\"" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\WPCSvc] "ServiceDll"="%SystemRoot%\System32\wpcsvc.dll" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\WPDBusEnum] "ServiceDll"="%SystemRoot%\system32\wpdbusenum.dll" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\WpdUsb] "ImagePath"="system32\DRIVERS\wpdusb.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\WPFFontCache_v0400] "ImagePath"="c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\ws2ifsl] "ImagePath"="\SystemRoot\system32\drivers\ws2ifsl.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\WSearch] "ImagePath"="%systemroot%\system32\SearchIndexer.exe /Embedding" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\WSearchIdxPi] . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\WtuSystemSupport] "ImagePath"="\"c:\program files\AVG Web TuneUp\WtuSystemSupport.exe\"" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\wuauserv] "ServiceDll"="%systemroot%\system32\wuaueng.dll" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\WUDFRd] "ImagePath"="system32\DRIVERS\WUDFRd.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\wudfsvc] "ServiceDll"="%SystemRoot%\System32\WUDFSvc.dll" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\xmlprov] . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\{07171AC2-0D2A-427d-BCE5-B6C2D6C7058B}] . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\{59421C86-6535-4C3E-AECD-5BBC619CB297}] . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\{657796CE-13CE-4CA5-B067-6948B809C90F}] . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\{79B55CDF-6B23-4DFA-80F3-64D0D20A4920}] . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\{DC2E157A-852A-4EE3-9150-4DCEDAFEB5D3}] . --------------------- CLES DE REGISTRE BLOQUEES --------------------- . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 "MSCurrentCountry"=dword:000000b5 . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . --------------------- DLLs chargées dans les processus actifs --------------------- . - - - - - - - > 'Explorer.exe'(5592) c:\program files\Common Files\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll . ------------------------ Autres processus actifs ------------------------ . c:\progra~1\AVG\AVG2015\avgrsx.exe c:\program files\AVG\AVG2015\avgcsrvx.exe c:\program files\AVG Web TuneUp\WtuSystemSupport.exe c:\windows\system32\WLANExt.exe c:\program files\Google\Update\1.3.29.1\GoogleCrashHandler.exe c:\windows\system32\AEADISRV.EXE c:\program files\AVG\AVG2015\avgidsagent.exe c:\program files\AVG\AVG2015\avgwdsvc.exe c:\program files\Common Files\LightScribe\LSSrvc.exe c:\program files\PDF Complete\pdfsvc.exe c:\program files\AVG\AVG2015\avgnsx.exe c:\program files\AVG\AVG2015\avgemcx.exe c:\windows\System32\TUProgSt.exe c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\40.2.4\ToolbarUpdater.exe c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\40.2.4\loggingserver.exe c:\windows\system32\conime.exe c:\program files\Intel\Intel Matrix Storage Manager\IAAnotif.exe c:\program files\AVG\AVG2015\avgui.exe c:\program files\AVG Web TuneUp\vprot.exe c:\program files\Google\Drive\googledrivesync.exe c:\users\TO\AppData\Local\Microsoft\OneDrive\OneDrive.exe c:\users\TO\AppData\Roaming\Dropbox\bin\Dropbox.exe c:\windows\system32\wbem\unsecapp.exe c:\program files\Hewlett-Packard\HP Health Check\hphc_service.exe c:\program files\Google\Drive\googledrivesync.exe c:\windows\system32\RacAgent.exe . ************************************************************************** . Heure de fin: 2015-12-22 16:58:23 - La machine a redémarré ComboFix-quarantined-files.txt 2015-12-22 15:57 . Avant-CF: 9 453 379 584 octets libres Après-CF: 8 970 833 920 octets libres . - - End Of File - - A3119C3F9F7567A84CFEF28236013A3A 5C616939100B85E558DA92B899A0FC36