Bonjour,
J'ai récemment fait un post sur un trojan/rootkit devastateur qui empêchait toute sauvegardes et tout 'removal'.
J'ai plus de détail sur l'origine de ce malware devastateur.
Il semble s'être inséré à partir du logiciel
skype durant une conversation avec mon ex-femme (qui vit à Shanghai, Chine). Son nom est 'catchme' et est VRAIMENT insivible! Rien ne le détecte, rien ne l'enlève et de plus il semble être capable de s'infiltrer dans les nouveaux bios de la carte mère!!
Window Installer service est déconnecté, et tout les networks sont effacé (y compris la liste et les drivers périphérique). Drag and drop ne fonctionne plus, les drivers sons, sont aussi effacé. Le
mode sans échec est tout aussi infecté, la fonction de restauration système est désactivé, svhost n'existe plus, bref on patauge dans la merde la plus complète!!
Son but semble obscure car, il pourrait tout effacer mais choisi de nous laisser faire et recommande même d'essayer de repartir l'ordinateur dans le but d'avoir une chance de retrouver le controle...
De ce que je vois, cela ne semble pas être quelque chose motivé par le gain, comme avec le
spam et autres trojan/malware qui veulent nous vendent leurs 'solution'...
Son origine asiatique, son potentiel dévastateur et immobilisateur (sadique/masochiste aussi), me fait craindre que se kit pourrait se retrouver jumelé avec un virus super efficace et se répendre comme une trainé de poudre!
Maintenant imaginé le dommage que cela pourrait faire!!
En tout cas, cela m'a aider à perçevoir une grande lacune dans nos système de défenses, qui se fit trop à l'accès a une connection internet pour 'patcher' ces intruts!! Je ne me souvient pas d'un logiciel anti espion et
anti rootkit qui ne me demande pas de s'updater' avant même le premier scan, sinon oublié ça!
Ce serait peut-être sage que quelqu'un quelque part ait l'idée de jumeller un système livecd boot avec linux et un logiciel de réparation adéquat et complètement indépendant du système d'exploitation Windows!
Car sinon, je vois mal comment notre socièté pourra récupérer si un tel malware se répend comme un virus à l'échelle du globe! La planète se retrouverait complètement immobilisé!!
En tout cas, c'est la première fois qu'un malware me force la main a acheter un nouveau HDD et peut-etre même une autre carte maîtresse!!!! Et la fait qu'il semble avoir passer par skype n'augure rien de bon non plus!!!!!
GMER 1.0.15.15281 -
http://www.gmer.net
Rootkit scan 2010-02-13 15:48:18
Windows 5.1.2600 Service Pack 3
Running: pu7folok.exe; Driver: C:\DOCUME~1\PASCAL~1\LOCALS~1\Temp\pfrcafob.sys
---- System - GMER 1.0.15 ----
SSDT Lbd.sys (Boot Driver/Lavasoft AB) ZwCreateKey [0xBA11887E]
SSDT Lbd.sys (Boot Driver/Lavasoft AB) ZwSetValueKey [0xBA118BFE]
---- Kernel code sections - GMER 1.0.15 ----
? Combo-Fix.sys The system cannot find the file specified. !
.text C:\WINDOWS\system32\DRIVERS\ati2mtag.sys section is writeable [0xB9039000, 0x223937, 0xE8000020]
? C:\DOCUME~1\PASCAL~1\LOCALS~1\Temp\catchme.sys The system cannot find the file specified. !
? C:\WINDOWS\system32\Drivers\PROCEXP113.SYS The system cannot find the file specified. !
---- User code sections - GMER 1.0.15 ----
.rsrc C:\WINDOWS\system32\winlogon.exe[952] C:\WINDOWS\system32\winlogon.exe section is executable [0x01077000, 0xB000, 0x60000060]
.rsrc C:\WINDOWS\system32\services.exe[996] C:\WINDOWS\system32\services.exe section is executable [0x0101C000, 0x2000, 0x60000060]
---- User IAT/EAT - GMER 1.0.15 ----
IAT C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe[416] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00F32F20] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll
IAT C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe[416] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00F32C90] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll
IAT C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe[416] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [00F32CF0] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll
IAT C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe[416] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00F32CC0] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll
IAT C:\WINDOWS\explorer.exe[4796] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00C52F20] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll
IAT C:\WINDOWS\explorer.exe[4796] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00C52C90] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll
IAT C:\WINDOWS\explorer.exe[4796] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [00C52CF0] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll
IAT C:\WINDOWS\explorer.exe[4796] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00C52CC0] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll
---- EOF - GMER 1.0.15 ----
Scan installed files
Logfile of random's system information tool 1.06 (written by random/random)
Run by Pascal Barre at 2010-02-13 15:50:03
WIN_XP Service Pack 3
System drive C: has 158 GB (52%) free of 305 GB
Total RAM: 2047 MB (71% free)
HijackThis download failed
======Scheduled tasks folder======
C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1123561945-1220945662-839522115-1003Core.job
C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1123561945-1220945662-839522115-1003UA.job
C:\WINDOWS\tasks\MP Scheduled Scan.job
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0347C33E-8762-4905-BF09-768834316C61}]
HP Print Enhancer - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll [2009-10-22 328248]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2008-06-11 75128]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]
AskBar BHO - C:\Program Files\AskBarDis\bar\bin\askBar.dll [2008-08-26 279944]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
AVG Safe Search - C:\Program Files\AVG\AVG8\avgssie.dll []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22 408448]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A057A204-BACC-4D26-9990-79A187E2698E}]
AVG Security Toolbar - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-10-11 41760]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-10-11 73728]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856}]
HP Smart BHO Class - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll [2009-10-22 517688]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{A057A204-BACC-4D26-9990-79A187E2698E} - AVG Security Toolbar - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL []
{3041d03e-fd4b-44e0-b742-2d9b88305f98} - Ask Toolbar - C:\Program Files\AskBarDis\bar\bin\askBar.dll [2008-08-26 279944]
{F2E259E8-0FC8-438C-A6E0-342DD80FA53E} - Copernic Agent - C:\Program Files\Copernic Agent\CopernicAgentExt.dll [2004-12-02 1066968]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2007-12-20 16860672]
"Ai Nap"=C:\Program Files\ASUS\Ai Suite\AiNap\AiNap.exe [2007-12-10 1412608]
"CPU Power Monitor"=C:\Program Files\ASUS\Ai Suite\AiGear3\CpuPowerMonitor.exe [2008-01-09 627200]
"ASUS Energy Saving"=C:\Program Files\ASUS\Ai Suite\EnergySaving\PwSave.exe [2008-01-24 1352192]
"Launch LCDMon"=C:\Program Files\Common Files\Logitech\LCD Manager\lcdmon.exe [2007-04-26 774168]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2008-06-12 34672]
"DIRECTCD"=C:\Program Files\InterVideo\Disc Master 2.5\DirectCD.exe [2005-10-24 299008]
"WINCINEMAMGR"=C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe [2005-01-21 270336]
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2009-09-05 417792]
"AppleSyncNotifier"=C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe [2009-08-13 177440]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2009-09-08 305440]
"HP Software Update"=C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [2007-10-14 49152]
"MSSE"=c:\Program Files\Microsoft Security Essentials\msseces.exe [2009-09-13 1048392]
"LogitechQuickCamRibbon"=C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe [2009-10-14 2793304]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-10-11 149280]
"StartCCC"=C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2009-12-11 98304]
"MultiScreen"=C:\Program Files\MultiScreen\MultiScreen.exe [2008-06-30 114688]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run]
"AqI81UIHwH"=C:\Documents and Settings\All Users\Application Data\rejepcrc\lglozsxy.exe []
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"EA Core"=C:\Program Files\Electronic Arts\EADM\Core.exe -silent []
"E07AXLRD_3516843"=C:\Program Files\Microsoft Encarta\Encarta Premium DVD 2007\EDICT.EXE [2006-06-10 351000]
"Skype"=C:\Program Files\Skype\Phone\Skype.exe [2009-10-09 25623336]
"Google Update"=C:\Documents and Settings\Pascal Barre\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-10-05 133104]
"Logitech Vid"=C:\Program Files\Logitech\Logitech Vid\Vid.exe [2010-01-19 5932888]
"msnmsgr"=C:\Program Files\Windows Live\Messenger\msnmsgr.exe [2009-07-26 3883856]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMJPMIG8.1]
C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE [2006-02-28 208952]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
C:\WINDOWS\system32\dumprep 0 -k []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSPY2002]
C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe [2006-02-28 59392]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002A]
C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE [2006-02-28 455168]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002ASync]
C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE [2006-02-28 455168]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Uniblue RegistryBooster 2]
C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S []
C:\Documents and Settings\All Users\Start Menu\Programs\Startup
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
InterVideo WinCinema Manager.lnk - C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE
TabUserW.exe.lnk - C:\WINDOWS\system32\WTablet\TabUserW.exe
Wireless Connection Manager.lnk - C:\Program Files\D-Link\D-Link DWA-552 Xtreme N Desktop Adapter\wirelesscm.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2009-12-11 155648]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2009-03-10 239496]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Lavasoft Ad-Aware Service]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MsMpSvc]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=
"NoDrives"=
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Swapper\swapper.exe"="C:\Program Files\Swapper\swapper.exe:*:Enabled:swapper"
"C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe"
"C:\Program Files\THQ\Gas Powered Games\Supreme Commander\bin\SupremeCommander.exe"="C:\Program Files\THQ\Gas Powered Games\Supreme Commander\bin\SupremeCommander.exe:*:Enabled:Supreme Commander"
"C:\Program Files\THQ\Gas Powered Games\Supreme Commander - Forged Alliance\bin\ForgedAlliance.exe"="C:\Program Files\THQ\Gas Powered Games\Supreme Commander - Forged Alliance\bin\ForgedAlliance.exe:*:Enabled:Supreme Commander - Forged Alliance"
"C:\Program Files\Autodesk\3ds Max 9\3dsmax.exe"="C:\Program Files\Autodesk\3ds Max 9\3dsmax.exe:*:Enabled:Autodesk 3ds Max 9 32-bit"
"C:\Program Files\Autodesk\Backburner\monitor.exe"="C:\Program Files\Autodesk\Backburner\monitor.exe:*:Enabled:backburner 2.3 monitor"
"C:\Program Files\Autodesk\Backburner\manager.exe"="C:\Program Files\Autodesk\Backburner\manager.exe:*:Enabled:backburner 2.3 manager"
"C:\Program Files\Autodesk\Backburner\server.exe"="C:\Program Files\Autodesk\Backburner\server.exe:*:Enabled:backburner 2.3 server"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Documents and Settings\Pascal Barre\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\octoshape\octoshape.exe"="C:\Documents and Settings\Pascal Barre\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\octoshape\octoshape.exe:*:Enabled:Octoshape add-in for Adobe Flash Player"
"C:\Program Files\Mozilla Firefox\firefox.exe"="C:\Program Files\Mozilla Firefox\firefox.exe:*:Disabled:Firefox"
"C:\Program Files\Mass Effect\Binaries\MassEffect.exe"="C:\Program Files\Mass Effect\Binaries\MassEffect.exe:*:Enabled:Mass Effect Game"
"C:\Program Files\Mass Effect\MassEffectLauncher.exe"="C:\Program Files\Mass Effect\MassEffectLauncher.exe:*:Enabled:Mass Effect Launcher"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\Program Files\2K Games\Firaxis Games\Sid Meier's Civilization 4 Complete\Beyond the Sword\Civ4BeyondSword.exe"="C:\Program Files\2K Games\Firaxis Games\Sid Meier's Civilization 4 Complete\Beyond the Sword\Civ4BeyondSword.exe:*:Enabled:Sid Meier's Civilization 4 : Beyond The Sword"
"C:\Program Files\Skype\Plugin Manager\skypePM.exe"="C:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager"
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe"="C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Dragon Age\bin_ship\daorigins.exe"="C:\Program Files\Dragon Age\bin_ship\daorigins.exe:*:Enabled:Dragon Age Origins Game"
"C:\Program Files\Dragon Age\DAOriginsLauncher.exe"="C:\Program Files\Dragon Age\DAOriginsLauncher.exe:*:Enabled:Dragon Age Origins Launcher"
"C:\Program Files\Dragon Age\bin_ship\daupdatersvc.service.exe"="C:\Program Files\Dragon Age\bin_ship\daupdatersvc.service.exe:*:Enabled:Dragon Age Origins Updater"
"C:\Program Files\backburner 2\monitor.exe"="C:\Program Files\backburner 2\monitor.exe:*:Enabled:backburner 2.3 monitor"
"C:\Program Files\backburner 2\manager.exe"="C:\Program Files\backburner 2\manager.exe:*:Enabled:backburner 2.3 manager"
"C:\Program Files\backburner 2\server.exe"="C:\Program Files\backburner 2\server.exe:*:Enabled:backburner 2.3 server"
"C:\Program Files\discreet\combustion 4\combustion.exe"="C:\Program Files\discreet\combustion 4\combustion.exe:*:Enabled:combustion"
"C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe"="C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe"="C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe"="C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe"="C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe"="C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe:*:Enabled:hpiscnapp.exe"
"C:\Program Files\Common Files\HP\Digital Imaging\bin\hpqPhotoCrm.exe"="C:\Program Files\Common Files\HP\Digital Imaging\bin\hpqPhotoCrm.exe:*:Enabled:hpqphotocrm.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqsudi.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqsudi.exe:*:Enabled:hpqsudi.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqpsapp.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqpsapp.exe:*:Enabled:hpqpsapp.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpofxs08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpofxs08.exe:*:Enabled:hpofxs08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqfxt08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqfxt08.exe:*:Enabled:hpqfxt08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqpse.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqpse.exe:*:Enabled:hpqpse.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe:*:Enabled:hpqgplgtupl.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe:*:Enabled:hpqgpc01.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqusgm.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqusgm.exe:*:Enabled:hpqusgm.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqusgh.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqusgh.exe:*:Enabled:hpqusgh.exe"
"C:\Program Files\HP\HP Software Update\hpwucli.exe"="C:\Program Files\HP\HP Software Update\hpwucli.exe:*:Enabled:hpwucli.exe"
"C:\Program Files\HP\Digital Imaging\Smart Web Printing\SmartWebPrintExe.exe"="C:\Program Files\HP\Digital Imaging\Smart Web Printing\SmartWebPrintExe.exe:*:Enabled:smartwebprintexe.exe"
"C:\Program Files\MagicTune Premium\MagicTune.exe"="C:\Program Files\MagicTune Premium\MagicTune.exe:*:Enabled:MagicTune"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype "
"C:\Program Files\Logitech\Logitech Vid\Vid.exe"="C:\Program Files\Logitech\Logitech Vid\Vid.exe:*:Enabled:Logitech Vid"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe"="C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe"="C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe"="C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe"="C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe"="C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe"="C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe:*:Enabled:hpiscnapp.exe"
"C:\Program Files\Common Files\HP\Digital Imaging\bin\hpqPhotoCrm.exe"="C:\Program Files\Common Files\HP\Digital Imaging\bin\hpqPhotoCrm.exe:*:Enabled:hpqphotocrm.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqsudi.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqsudi.exe:*:Enabled:hpqsudi.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqpsapp.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqpsapp.exe:*:Enabled:hpqpsapp.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpofxs08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpofxs08.exe:*:Enabled:hpofxs08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqfxt08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqfxt08.exe:*:Enabled:hpqfxt08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqpse.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqpse.exe:*:Enabled:hpqpse.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe:*:Enabled:hpqgplgtupl.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe:*:Enabled:hpqgpc01.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqusgm.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqusgm.exe:*:Enabled:hpqusgm.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqusgh.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqusgh.exe:*:Enabled:hpqusgh.exe"
"C:\Program Files\HP\HP Software Update\hpwucli.exe"="C:\Program Files\HP\HP Software Update\hpwucli.exe:*:Enabled:hpwucli.exe"
"C:\Program Files\HP\Digital Imaging\Smart Web Printing\SmartWebPrintExe.exe"="C:\Program Files\HP\Digital Imaging\Smart Web Printing\SmartWebPrintExe.exe:*:Enabled:smartwebprintexe.exe"
======List of files/folders created in the last 1 months======
2010-02-13 15:48:39 ----D---- C:\rsit
2010-02-13 15:48:39 ----D---- C:\Program Files\trend micro
2010-02-13 05:37:08 ----A---- C:\ComboFix.txt
2010-02-13 05:07:24 ----A---- C:\WINDOWS\zip.exe
2010-02-13 05:07:24 ----A---- C:\WINDOWS\SWXCACLS.exe
2010-02-13 05:07:24 ----A---- C:\WINDOWS\SWSC.exe
2010-02-13 05:07:24 ----A---- C:\WINDOWS\SWREG.exe
2010-02-13 05:07:24 ----A---- C:\WINDOWS\sed.exe
2010-02-13 05:07:24 ----A---- C:\WINDOWS\PEV.exe
2010-02-13 05:07:24 ----A---- C:\WINDOWS\NIRCMD.exe
2010-02-13 05:07:24 ----A---- C:\WINDOWS\MBR.exe
2010-02-13 05:07:24 ----A---- C:\WINDOWS\grep.exe
2010-02-13 05:07:18 ----D---- C:\WINDOWS\ERDNT
2010-02-13 05:07:17 ----D---- C:\ComboFix
2010-02-13 05:07:01 ----D---- C:\Qoobox
2010-02-13 05:05:52 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2010-02-13 05:05:51 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2010-02-12 22:39:08 ----D---- C:\.Trash-999
2010-02-08 14:18:09 ----D---- C:\Program Files\MultiScreen
2010-02-08 14:17:22 ----D---- C:\Program Files\MagicTune Premium
2010-02-08 14:10:08 ----D---- C:\Documents and Settings\All Users\Application Data\ATI
2010-02-08 14:02:42 ----D---- C:\Program Files\ATI
2010-02-07 19:41:24 ----HDC---- C:\WINDOWS\$NtUninstallKB978262$
2010-02-07 19:41:19 ----HDC---- C:\WINDOWS\$NtUninstallKB971468$
2010-02-07 19:38:15 ----HDC---- C:\WINDOWS\$NtUninstallKB978037$
2010-02-07 19:38:05 ----HDC---- C:\WINDOWS\$NtUninstallKB975713$
2010-02-07 19:37:56 ----HDC---- C:\WINDOWS\$NtUninstallKB978251$
2010-02-07 19:37:42 ----HDC---- C:\WINDOWS\$NtUninstallKB975560$
2010-02-07 19:37:28 ----HDC---- C:\WINDOWS\$NtUninstallKB977914$
2010-02-07 19:37:05 ----HDC---- C:\WINDOWS\$NtUninstallKB978706$
2010-02-07 19:36:43 ----HDC---- C:\WINDOWS\$NtUninstallKB977165$
2010-02-05 21:38:51 ----D---- C:\Program Files\Digimation Help and Scene Files
2010-02-02 13:16:43 ----D---- C:\Documents and Settings\Pascal Barre\Application Data\Facebook
2010-02-02 07:03:38 ----D---- C:\Documents and Settings\All Users\Application Data\discreet
2010-02-02 07:03:33 ----D---- C:\Documents and Settings\Pascal Barre\Application Data\combustion4
2010-02-02 07:03:24 ----A---- C:\WINDOWS\unvise32.exe
2010-02-02 07:03:15 ----D---- C:\Program Files\backburner 2
2010-02-02 07:02:18 ----D---- C:\Program Files\discreet
2010-01-20 19:27:22 ----D---- C:\Documents and Settings\All Users\Application Data\BioWare
2010-01-20 19:15:20 ----D---- C:\WINDOWS\system32\AGEIA
2010-01-20 19:15:19 ----D---- C:\Program Files\AGEIA Technologies
2010-01-20 18:49:41 ----D---- C:\Program Files\Dragon Age
2010-01-15 15:24:10 ----A---- C:\WINDOWS\system32\javaws.exe
2010-01-15 15:24:10 ----A---- C:\WINDOWS\system32\javaw.exe
2010-01-15 15:24:10 ----A---- C:\WINDOWS\system32\java.exe
======List of files/folders modified in the last 1 months======
2010-02-13 15:48:39 ----RD---- C:\Program Files
2010-02-13 05:37:11 ----D---- C:\WINDOWS\system32\drivers
2010-02-13 05:37:10 ----D---- C:\WINDOWS\Temp
2010-02-13 05:20:51 ----A---- C:\RTHDCPL_Dump.txt
2010-02-13 05:20:28 ----D---- C:\WINDOWS
2010-02-13 05:20:28 ----A---- C:\WINDOWS\system.ini
2010-02-13 05:19:16 ----D---- C:\WINDOWS\system32
2010-02-13 05:13:23 ----D---- C:\WINDOWS\AppPatch
2010-02-13 05:13:17 ----D---- C:\Program Files\Common Files
2010-02-10 06:11:00 ----A---- C:\WINDOWS\ntbtlog.txt
2010-02-09 19:28:14 ----SH---- C:\boot.ini
2010-02-09 19:28:13 ----A---- C:\WINDOWS\win.ini
2010-02-09 10:44:28 ----D---- C:\Program Files\Mozilla Firefox
2010-02-09 06:27:55 ----D---- C:\WINDOWS\system32\CatRoot2
2010-02-09 06:27:54 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-02-09 02:38:05 ----D---- C:\Documents and Settings\Pascal Barre\Application Data\dvdcss
2010-02-08 23:04:50 ----D---- C:\Documents and Settings\Pascal Barre\Application Data\Adobe
2010-02-08 22:24:26 ----D---- C:\Documents and Settings\Pascal Barre\Application Data\Skype
2010-02-08 20:46:30 ----D---- C:\WINDOWS\Prefetch
2010-02-08 19:30:08 ----D---- C:\Documents and Settings\Pascal Barre\Application Data\skypePM
2010-02-08 19:29:49 ----SD---- C:\WINDOWS\Tasks
2010-02-08 14:18:08 ----HD---- C:\Program Files\InstallShield Installation Information
2010-02-08 14:16:48 ----HD---- C:\WINDOWS\inf
2010-02-08 14:14:03 ----SHD---- C:\WINDOWS\Installer
2010-02-08 14:14:02 ----D---- C:\Config.Msi
2010-02-08 14:06:17 ----RSD---- C:\WINDOWS\assembly
2010-02-08 14:06:03 ----D---- C:\WINDOWS\WinSxS
2010-02-08 14:05:40 ----D---- C:\Program Files\ATI Technologies
2010-02-08 14:03:39 ----D---- C:\WINDOWS\system32\ReinstallBackups
2010-02-08 14:03:21 ----RSHDC---- C:\WINDOWS\system32\dllcache
2010-02-08 14:03:05 ----DC---- C:\WINDOWS\system32\DRVSTORE
2010-02-08 13:50:26 ----D---- C:\Documents and Settings\Pascal Barre\Application Data\HPAppData
2010-02-07 19:41:24 ----HD---- C:\WINDOWS\$hf_mig$
2010-02-07 19:41:22 ----A---- C:\WINDOWS\imsins.BAK
2010-02-04 18:24:18 ----D---- C:\Documents and Settings\Pascal Barre\Application Data\HpUpdate
2010-02-04 18:21:32 ----D---- C:\Documents and Settings\All Users\Application Data\Electronic Arts
2010-02-02 07:05:40 ----D---- C:\Program Files\Autodesk
2010-02-01 14:26:20 ----A---- C:\WINDOWS\system32\MRT.exe
2010-01-30 07:07:52 ----D---- C:\WINDOWS\system32\config
2010-01-22 15:12:55 ----D---- C:\Program Files\Internet Explorer
2010-01-22 15:12:41 ----D---- C:\WINDOWS\ie8updates
2010-01-21 16:10:51 ----D---- C:\WINDOWS\SxsCaPendDel
2010-01-21 16:10:51 ----D---- C:\Program Files\Microsoft Silverlight
2010-01-20 19:24:52 ----D---- C:\Program Files\Common Files\Microsoft Shared
2010-01-20 19:14:52 ----D---- C:\Program Files\Common Files\Wise Installation Wizard
2010-01-20 19:14:48 ----D---- C:\Program Files\Common Files\BioWare
2010-01-15 15:24:08 ----D---- C:\Program Files\Java
2010-01-14 11:12:06 ----N---- C:\WINDOWS\system32\MpSigStub.exe
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R1 AsIO;AsIO; C:\WINDOWS\system32\drivers\AsIO.sys [2007-12-17 12400]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-13 36352]
R1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-13 14592]
R1 MpFilter;Microsoft Malware Protection Driver; C:\WINDOWS\system32\DRIVERS\MpFilter.sys [2009-06-18 142832]
R3 AR5416;%ATHER.Service.DispName%; C:\WINDOWS\system32\DRIVERS\athw.sys [2008-01-17 1331136]
R3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2009-12-11 4525056]
R3 AtiHdmiService;ATI Function Driver for HDMI Service; C:\WINDOWS\system32\drivers\AtiHdmi.sys [2007-07-20 84992]
R3 catchme;catchme; \??\C:\DOCUME~1\PASCAL~1\LOCALS~1\Temp\catchme.sys []
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2009-05-18 26600]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 hidusb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2007-12-20 4637696]
R3 Iviaspi;IVI ASPI Shell; C:\WINDOWS\system32\drivers\iviaspi.sys [2003-09-10 21060]
R3 JSWSCIMD;jswscimd Service; C:\WINDOWS\system32\DRIVERS\jswscimd.sys [2007-08-28 57344]
R3 LVPr2Mon;Logitech LVPr2Mon Driver; C:\WINDOWS\system32\DRIVERS\LVPr2Mon.sys [2009-10-07 25752]
R3 LVRS;Logitech RightSound Filter Driver; C:\WINDOWS\system32\DRIVERS\lvrs.sys [2009-10-07 266008]
R3 LVUVC;Logitech Webcam 200(UVC); C:\WINDOWS\system32\DRIVERS\lvuvc.sys [2009-10-07 6756632]
R3 MagicTune;MagicTune; C:\WINDOWS\system32\drivers\MTiCtwl.sys [2008-10-24 13184]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
R3 MTsensor;ATK0110 ACPI UTILITY; C:\WINDOWS\system32\DRIVERS\ASACPI.sys [2004-08-13 5810]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824]
R3 Pfc;Padus ASPI Shell; C:\WINDOWS\system32\drivers\pfc.sys [2003-09-19 10368]
R3 usbaudio;USB Audio Driver (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2008-04-13 60032]
R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R3 WSIMD;wsimd Service; C:\WINDOWS\system32\DRIVERS\wsimd.sys [2007-12-13 57408]
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 FilterService;UVC Filter Service; C:\WINDOWS\system32\DRIVERS\lvuvcflt.sys [2009-10-07 23832]
S3 hamachi_oem;PlayLinc Adapter; C:\WINDOWS\system32\DRIVERS\gan_adapter.sys [2006-08-28 10664]
S3 lvpopflt;Logitech POP Suppression Filter; C:\WINDOWS\system32\DRIVERS\lvpopflt.sys [2009-10-07 114712]
S3 mbr;mbr; \??\C:\DOCUME~1\PASCAL~1\LOCALS~1\Temp\mbr.sys []
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 pfrcafob;pfrcafob; \??\C:\DOCUME~1\PASCAL~1\LOCALS~1\Temp\pfrcafob.sys []
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 SONYPVU1;Sony USB Filter Driver (SONYPVU1); C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS [2001-08-17 7552]
S3 StillCam;Still Serial Digital Camera Driver; C:\WINDOWS\system32\DRIVERS\serscan.sys [2001-08-17 6784]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 USBAAPL;Apple Mobile USB Driver; C:\WINDOWS\System32\Drivers\usbaapl.sys [2009-08-28 40448]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 usbvideo;USB Video Device (WDM); C:\WINDOWS\System32\Drivers\usbvideo.sys [2008-04-13 121984]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S3 yukonwxp;NDIS5.1 Miniport Driver for Marvell Yukon Ethernet Controller; C:\WINDOWS\system32\DRIVERS\yk51x86.sys [2007-08-15 265856]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []
S4 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2006-02-28 12032]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2009-06-05 144712]
R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2009-12-11 602112]
R2 Autodesk Licensing Service;Autodesk Licensing Service; C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe [2008-09-29 79360]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-12-12 238888]
R2 LVPrcSrv;Process Monitor; C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe [2009-10-07 154136]
R2 MagicTuneEngine;MagicTuneEngine; C:\Program Files\MagicTune Premium\MagicTuneEngine.exe [2007-08-23 45056]
R2 mi-raysat_3dsmax9_32;mental ray 3.5 Satellite (32-bit); C:\Program Files\Autodesk\3ds Max 9\mentalray\satellite\raysat_3dsmax9_32server.exe [2006-09-29 65536]
R2 TabletService;TabletService; C:\WINDOWS\system32\Tablet.exe [2005-12-05 753664]
S1 udffsrec;udffsrec; C:\WINDOWS\system32\drivers\udffsrec.sys [2005-05-30 5376]
S2 ACS;Atheros Configuration Service; C:\Program Files\D-Link\D-Link DWA-552 Xtreme N Desktop Adapter\acs.exe [2007-12-13 467028]
S2 ATI Smart;ATI Smart; C:\WINDOWS\system32\ati2sgag.exe [2009-05-15 593920]
S2 hpqddsvc;HP CUE DeviceDiscovery Service; C:\WINDOWS\system32\svchost.exe -k hpdevmgmt []
S2 HPSLPSVC;HP Network Devices Support; C:\WINDOWS\system32\svchost.exe -k HPService []
S2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-10-11 153376]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service; C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe [2009-09-21 1028432]
S2 MsMpSvc;Microsoft Antimalware Service; c:\Program Files\Microsoft Security Essentials\MsMpEng.exe [2009-07-02 17904]
S2 Net Driver HPZ12;Net Driver HPZ12; C:\WINDOWS\System32\svchost.exe -k HPZ12 []
S2 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\System32\svchost.exe -k HPZ12 []
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 DAUpdaterSvc;Dragon Age: Origins - Content Updater; C:\Program Files\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe [2009-07-26 25832]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2008-09-19 654848]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 hpqcxs08;hpqcxs08; C:\WINDOWS\system32\svchost.exe -k hpdevmgmt []
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2009-09-08 545568]
S3 jswpsapi;Jumpstart Wifi Protected Setup; C:\Program Files\D-Link\D-Link DWA-552 Xtreme N Desktop Adapter\jswpsapi.exe [2008-04-16 356434]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup []
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]
-----------------EOF-----------------
Afficher la suite