Vista internet security
olivier
-
Simon -
Simon -
Bonjour,
Ce matin j'ai eu une alerte qui m'annonçait que j'avais un virus et qu'il fallait mettre à jour vista internet security. Je n'ai pas fait attention mais ce programme semble en fait être le virus...
J'ai trouvé des réponses sur des forums anglais qui conseillent d'abord de créer un fichier exefix puis d'analyser avec spyware doctor. Le logiciel est payant et je me demandais si il n'y aurait pas un autre moyen que de payer pour réparer (il trouve en effet le virus).
En attendant j'ai essayer de faire une suppression manuelle qui marche temporairement mais le virus réapparait peu de temps après...
MBAM n'a rien trouvé, avg n'a rien trouvé et remove it trouve quelque chose mais le virus réapparait également.
Que faire?
Merci d'avance.
Ce matin j'ai eu une alerte qui m'annonçait que j'avais un virus et qu'il fallait mettre à jour vista internet security. Je n'ai pas fait attention mais ce programme semble en fait être le virus...
J'ai trouvé des réponses sur des forums anglais qui conseillent d'abord de créer un fichier exefix puis d'analyser avec spyware doctor. Le logiciel est payant et je me demandais si il n'y aurait pas un autre moyen que de payer pour réparer (il trouve en effet le virus).
En attendant j'ai essayer de faire une suppression manuelle qui marche temporairement mais le virus réapparait peu de temps après...
MBAM n'a rien trouvé, avg n'a rien trouvé et remove it trouve quelque chose mais le virus réapparait également.
Que faire?
Merci d'avance.
A voir également:
- Vista internet security
- Microsoft security essentials - Télécharger - Antivirus & Antimalwares
- Eset internet security download - Télécharger - Sécurité
- Gps sans internet - Guide
- Windows vista - Télécharger - Divers Utilitaires
- Complete internet repair - Télécharger - Web & Internet
33 réponses
j'avais le même souci qu'olivier depuis hier...alors mille mercis pour le tuyau combofix , tout est rentré dans l'ordre maintenant !
Désolé je m'étais absenté un peu...
J'ai fait la procédure rkill puis combofix tout a lheure et vista internet security vient de réapparaitre...
J'imagine que je suis pas encore tranquille!
Que faire?
Je devrais prendre quoi comme protection antivirus et antispyware?
J'ai fait la procédure rkill puis combofix tout a lheure et vista internet security vient de réapparaitre...
J'imagine que je suis pas encore tranquille!
Que faire?
Je devrais prendre quoi comme protection antivirus et antispyware?
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
En attendant j'ai fait le seul truc qui semble calmer le virus à savoir remove it... Pour linstant je suis tranquille mais j'imagine que c'est pas fini!
ComboFix 10-02-12.01 - Olivier 16/02/2010 10:32:20.2.2 - x86
Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6001.1.1252.33.1036.18.2046.1317 [GMT 1:00]
Lancé depuis: c:\users\Olivier\Desktop\ComboKill.exe
SP: SUPERAntiSpyware *disabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}
SP: Windows Defender *disabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\system32\begimepo.exe
c:\windows\system32\stacsv.exe
.
((((((((((((((((((((((((((((( Fichiers créés du 2010-01-16 au 2010-02-16 ))))))))))))))))))))))))))))))))))))
.
2010-02-16 09:40 . 2010-02-16 09:40 -------- d-----w- c:\users\Olivier\AppData\Local\temp
2010-02-16 09:40 . 2010-02-16 09:40 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-02-13 15:23 . 2010-02-13 15:25 -------- d-----w- c:\program files\SEAF
2010-02-13 15:15 . 2010-02-13 15:15 -------- d-----w- C:\_OTM
2010-02-13 11:18 . 2010-02-13 11:24 1455792860 ----a-w- C:\UsbFix_Upload_Me_PC-de-Olivier.zip
2010-02-12 03:08 . 2010-02-13 11:24 -------- d-----w- C:\UsbFix
2010-02-11 17:12 . 2010-02-11 17:20 -------- d-----w- c:\program files\ZHPDiag
2010-02-11 10:53 . 2010-02-11 10:53 5115823 ----a-w- c:\programdata\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2010-02-11 10:47 . 2010-02-11 10:47 -------- d-----w- c:\users\Olivier\AppData\Local\Threat Expert
2010-02-11 10:38 . 2010-01-21 23:21 767952 ------w- c:\windows\BDTSupport.dll
2010-02-11 10:38 . 2008-11-26 11:08 131 ----a-w- c:\windows\IDB.zip
2010-02-11 10:38 . 2009-10-28 00:36 1152444 ----a-w- c:\windows\UDB.zip
2010-02-11 10:38 . 2009-10-30 10:11 233136 ----a-w- c:\windows\system32\drivers\pctgntdi.sys
2010-02-11 10:38 . 2009-10-30 10:09 98600 ----a-w- c:\windows\system32\drivers\pctwfpfilter.sys
2010-02-11 10:38 . 2009-11-09 10:20 207792 ----a-w- c:\windows\system32\drivers\PCTCore.sys
2010-02-11 10:38 . 2009-10-06 15:31 87784 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys
2010-02-11 10:38 . 2009-09-03 08:45 70408 ----a-w- c:\windows\system32\drivers\pctplsg.sys
2010-02-11 10:37 . 2010-02-11 10:39 -------- d-----w- c:\program files\Common Files\PC Tools
2010-02-11 10:37 . 2010-02-11 14:34 -------- d-----w- c:\program files\Spyware Doctor
2010-02-11 10:37 . 2010-02-11 10:37 -------- d-----w- c:\users\Olivier\AppData\Roaming\PC Tools
2010-02-11 10:37 . 2010-02-11 10:37 -------- d-----w- c:\programdata\PC Tools
2010-02-11 10:35 . 2010-02-11 10:33 329 ----a-w- c:\users\Olivier\exefix.reg
2010-02-11 10:18 . 2010-02-11 10:18 -------- d-----w- c:\windows\Sun
2010-02-07 10:09 . 2010-02-07 10:10 -------- d-----w- c:\program files\QuickTime
2010-02-07 10:07 . 2010-02-07 10:07 72488 ----a-w- c:\programdata\Apple Computer\Installer Cache\iTunes 9.0.3.15\SetupAdmin.exe
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-02-12 08:26 . 2009-04-23 18:09 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-02-11 15:00 . 2007-05-20 11:04 -------- d-----w- c:\program files\BAE
2010-02-11 10:40 . 2006-11-02 15:48 672322 ----a-w- c:\windows\system32\perfh00C.dat
2010-02-11 10:40 . 2006-11-02 15:48 124434 ----a-w- c:\windows\system32\perfc00C.dat
2010-02-07 14:25 . 2007-06-16 11:08 55717 ----a-w- c:\users\Olivier\AppData\Roaming\nvModes.dat
2010-02-07 10:13 . 2007-06-16 20:48 -------- d-----w- c:\program files\iTunes
2010-02-07 10:12 . 2007-06-16 20:47 -------- d-----w- c:\program files\iPod
2010-02-07 10:12 . 2007-10-27 22:44 -------- d-----w- c:\program files\Common Files\Apple
2010-01-07 15:07 . 2009-04-23 18:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-07 15:07 . 2009-04-23 18:09 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-12-26 01:05 . 2009-12-26 01:05 118104 ---ha-w- c:\windows\system32\mlfcache.dat
2009-12-23 20:36 . 2009-12-23 20:36 653560 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2009-12-21 08:24 . 2007-06-16 20:48 -------- d-----w- c:\programdata\Apple Computer
2009-11-28 09:37 . 2009-05-10 10:02 117760 ----a-w- c:\users\Olivier\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2009-05-13 11:33 . 2009-05-10 22:06 31250464 --sha-w- c:\windows\System32\drivers\fidbox.dat
2007-05-20 18:27 . 2007-05-20 18:27 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-06-14 1004800]
[HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
2009-06-14 14:07 1004800 ----a-w- c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-06-14 1004800]
[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-06-14 1004800]
[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-05-19 39408]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-19 1008184]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-11-17 815104]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0\bin\jusched.exe" [2007-05-20 77824]
"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064]
"dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-11-15 16384]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-09-03 111936]
"SigmatelSysTrayApp"="sttray.exe" [2007-02-08 303104]
"NvSvc"="c:\windows\system32\nvsvc.dll" [2007-10-04 86016]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-10-04 8497696]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-10-04 81920]
"NVHotkey"="c:\windows\system32\nvHotkey.dll" [2007-10-04 86016]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-12-19 2043160]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-11-10 417792]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-01-22 141608]
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Lancement rapide d'Adobe Reader.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2008-4-23 29696]
QuickSet.lnk - c:\windows\Installer\{53A01CC6-14B0-4512-A2E7-10D39BF83DC4}\NewShortcut2_53A01CC614B04512A2E710D39BF83DC4.exe [2007-5-20 45056]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"HonorAutoRunSetting"= 0 (0x0)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"HonorAutoRunSetting"= 0 (0x0)
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-22 10:05 356352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\avgrsstx.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer"=wdmaud.drv
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Digital Line Detect.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Digital Line Detect.lnk
backup=c:\windows\pss\Digital Line Detect.lnk.CommonStartup
backupExtension=.CommonStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupport]
2006-11-12 01:19 446976 ----a-w- c:\program files\DellSupport\DSAgnt.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupportCenter]
2009-05-21 08:55 206064 ----a-w- c:\program files\Dell Support Center\bin\sprtcmd.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dscactivate]
2007-11-15 08:24 16384 ----a-w- c:\program files\Dell Support Center\gs_agent\custom\dsca.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ECenter]
2006-11-17 21:13 17920 ----a-w- c:\dell\E-Center\EULALauncher.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
2006-10-03 10:37 81920 ----a-w- c:\program files\Common Files\InstallShield\UpdateService\issch.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCMService]
2006-10-13 10:31 184320 ------w- c:\program files\Dell\MediaDirect\PCMService.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2009-11-10 22:08 417792 ----a-w- c:\program files\QuickTime\QTTask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxWatchTray]
2006-11-05 10:22 221184 ----a-w- c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SigmatelSysTrayApp]
2007-02-08 05:11 303104 ----a-w- c:\windows\sttray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001
R0 pavboot;pavboot;c:\windows\System32\drivers\pavboot.sys [11/05/2009 10:02 28544]
R0 PCTCore;PCTools KDS;c:\windows\System32\drivers\PCTCore.sys [11/02/2010 11:38 207792]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\System32\drivers\avgldx86.sys [23/04/2009 19:29 335240]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\System32\drivers\avgtdix.sys [23/04/2009 19:29 108552]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [28/04/2009 10:33 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [28/04/2009 10:33 72944]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [23/04/2009 19:28 297752]
R2 Browser Defender Update Service;Browser Defender Update Service;c:\program files\Spyware Doctor\BDT\BDTUpdateService.exe [11/02/2010 11:38 112592]
S2 gupdate1c9f56b54aee582;Service Google Update (gupdate1c9f56b54aee582);c:\program files\Google\Update\GoogleUpdate.exe [25/06/2009 09:02 133104]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [28/04/2009 10:33 7408]
S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [11/02/2010 11:37 359624]
.
Contenu du dossier 'Tâches planifiées'
2010-02-16 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-06-25 08:02]
2010-02-16 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-06-25 08:02]
.
.
------- Examen supplémentaire -------
.
uStart Page = hxxp://www.google.fr/
uInternet Settings,ProxyServer = 172.16.0.1:3128
uInternet Settings,ProxyOverride = 172.16.*
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
Trusted Zone: internet
Trusted Zone: mcafee.com
TCP: {15CCD27B-9130-4E61-8283-64154F547479} = 192.168.1.1
.
- - - - ORPHELINS SUPPRIMES - - - -
BHO-{1392b8d2-5c05-419f-a8f6-b9f15a596612} - (no file)
MSConfigStartUp-Corel Photo Downloader - c:\program files\Corel\Corel Snapfire Plus\PhotoDownloader.exe
MSConfigStartUp-Google Desktop Search - c:\program files\Google\Google Desktop Search\GoogleDesktop.exe
MSConfigStartUp-mcagent_exe - c:\program files\McAfee.com\Agent\mcagent.exe
MSConfigStartUp-MskAgentexe - c:\program files\McAfee\MSK\MskAgent.exe
AddRemove-HijackThis - c:\genproc\outil\HijackThis.exe
AddRemove-Tibia_is1 - c:\program files\Tibia\unins000.exe
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-02-16 10:40
Windows 6.0.6001 Service Pack 1 NTFS
Recherche de processus cachés ...
Recherche d'éléments en démarrage automatique cachés ...
Recherche de fichiers cachés ...
Scan terminé avec succès
Fichiers cachés: 0
**************************************************************************
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Heure de fin: 2010-02-16 10:43:50
ComboFix-quarantined-files.txt 2010-02-16 09:43
Avant-CF: 59 312 934 912 octets libres
Après-CF: 59 274 358 784 octets libres
- - End Of File - - 38EFB6B1553F0D51D6C347E45692991F
Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6001.1.1252.33.1036.18.2046.1317 [GMT 1:00]
Lancé depuis: c:\users\Olivier\Desktop\ComboKill.exe
SP: SUPERAntiSpyware *disabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}
SP: Windows Defender *disabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\system32\begimepo.exe
c:\windows\system32\stacsv.exe
.
((((((((((((((((((((((((((((( Fichiers créés du 2010-01-16 au 2010-02-16 ))))))))))))))))))))))))))))))))))))
.
2010-02-16 09:40 . 2010-02-16 09:40 -------- d-----w- c:\users\Olivier\AppData\Local\temp
2010-02-16 09:40 . 2010-02-16 09:40 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-02-13 15:23 . 2010-02-13 15:25 -------- d-----w- c:\program files\SEAF
2010-02-13 15:15 . 2010-02-13 15:15 -------- d-----w- C:\_OTM
2010-02-13 11:18 . 2010-02-13 11:24 1455792860 ----a-w- C:\UsbFix_Upload_Me_PC-de-Olivier.zip
2010-02-12 03:08 . 2010-02-13 11:24 -------- d-----w- C:\UsbFix
2010-02-11 17:12 . 2010-02-11 17:20 -------- d-----w- c:\program files\ZHPDiag
2010-02-11 10:53 . 2010-02-11 10:53 5115823 ----a-w- c:\programdata\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2010-02-11 10:47 . 2010-02-11 10:47 -------- d-----w- c:\users\Olivier\AppData\Local\Threat Expert
2010-02-11 10:38 . 2010-01-21 23:21 767952 ------w- c:\windows\BDTSupport.dll
2010-02-11 10:38 . 2008-11-26 11:08 131 ----a-w- c:\windows\IDB.zip
2010-02-11 10:38 . 2009-10-28 00:36 1152444 ----a-w- c:\windows\UDB.zip
2010-02-11 10:38 . 2009-10-30 10:11 233136 ----a-w- c:\windows\system32\drivers\pctgntdi.sys
2010-02-11 10:38 . 2009-10-30 10:09 98600 ----a-w- c:\windows\system32\drivers\pctwfpfilter.sys
2010-02-11 10:38 . 2009-11-09 10:20 207792 ----a-w- c:\windows\system32\drivers\PCTCore.sys
2010-02-11 10:38 . 2009-10-06 15:31 87784 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys
2010-02-11 10:38 . 2009-09-03 08:45 70408 ----a-w- c:\windows\system32\drivers\pctplsg.sys
2010-02-11 10:37 . 2010-02-11 10:39 -------- d-----w- c:\program files\Common Files\PC Tools
2010-02-11 10:37 . 2010-02-11 14:34 -------- d-----w- c:\program files\Spyware Doctor
2010-02-11 10:37 . 2010-02-11 10:37 -------- d-----w- c:\users\Olivier\AppData\Roaming\PC Tools
2010-02-11 10:37 . 2010-02-11 10:37 -------- d-----w- c:\programdata\PC Tools
2010-02-11 10:35 . 2010-02-11 10:33 329 ----a-w- c:\users\Olivier\exefix.reg
2010-02-11 10:18 . 2010-02-11 10:18 -------- d-----w- c:\windows\Sun
2010-02-07 10:09 . 2010-02-07 10:10 -------- d-----w- c:\program files\QuickTime
2010-02-07 10:07 . 2010-02-07 10:07 72488 ----a-w- c:\programdata\Apple Computer\Installer Cache\iTunes 9.0.3.15\SetupAdmin.exe
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-02-12 08:26 . 2009-04-23 18:09 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-02-11 15:00 . 2007-05-20 11:04 -------- d-----w- c:\program files\BAE
2010-02-11 10:40 . 2006-11-02 15:48 672322 ----a-w- c:\windows\system32\perfh00C.dat
2010-02-11 10:40 . 2006-11-02 15:48 124434 ----a-w- c:\windows\system32\perfc00C.dat
2010-02-07 14:25 . 2007-06-16 11:08 55717 ----a-w- c:\users\Olivier\AppData\Roaming\nvModes.dat
2010-02-07 10:13 . 2007-06-16 20:48 -------- d-----w- c:\program files\iTunes
2010-02-07 10:12 . 2007-06-16 20:47 -------- d-----w- c:\program files\iPod
2010-02-07 10:12 . 2007-10-27 22:44 -------- d-----w- c:\program files\Common Files\Apple
2010-01-07 15:07 . 2009-04-23 18:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-07 15:07 . 2009-04-23 18:09 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-12-26 01:05 . 2009-12-26 01:05 118104 ---ha-w- c:\windows\system32\mlfcache.dat
2009-12-23 20:36 . 2009-12-23 20:36 653560 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2009-12-21 08:24 . 2007-06-16 20:48 -------- d-----w- c:\programdata\Apple Computer
2009-11-28 09:37 . 2009-05-10 10:02 117760 ----a-w- c:\users\Olivier\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2009-05-13 11:33 . 2009-05-10 22:06 31250464 --sha-w- c:\windows\System32\drivers\fidbox.dat
2007-05-20 18:27 . 2007-05-20 18:27 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-06-14 1004800]
[HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
2009-06-14 14:07 1004800 ----a-w- c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-06-14 1004800]
[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-06-14 1004800]
[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-05-19 39408]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-19 1008184]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-11-17 815104]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0\bin\jusched.exe" [2007-05-20 77824]
"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064]
"dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-11-15 16384]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-09-03 111936]
"SigmatelSysTrayApp"="sttray.exe" [2007-02-08 303104]
"NvSvc"="c:\windows\system32\nvsvc.dll" [2007-10-04 86016]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-10-04 8497696]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-10-04 81920]
"NVHotkey"="c:\windows\system32\nvHotkey.dll" [2007-10-04 86016]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-12-19 2043160]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-11-10 417792]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-01-22 141608]
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Lancement rapide d'Adobe Reader.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2008-4-23 29696]
QuickSet.lnk - c:\windows\Installer\{53A01CC6-14B0-4512-A2E7-10D39BF83DC4}\NewShortcut2_53A01CC614B04512A2E710D39BF83DC4.exe [2007-5-20 45056]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"HonorAutoRunSetting"= 0 (0x0)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"HonorAutoRunSetting"= 0 (0x0)
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-22 10:05 356352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\avgrsstx.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer"=wdmaud.drv
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Digital Line Detect.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Digital Line Detect.lnk
backup=c:\windows\pss\Digital Line Detect.lnk.CommonStartup
backupExtension=.CommonStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupport]
2006-11-12 01:19 446976 ----a-w- c:\program files\DellSupport\DSAgnt.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupportCenter]
2009-05-21 08:55 206064 ----a-w- c:\program files\Dell Support Center\bin\sprtcmd.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dscactivate]
2007-11-15 08:24 16384 ----a-w- c:\program files\Dell Support Center\gs_agent\custom\dsca.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ECenter]
2006-11-17 21:13 17920 ----a-w- c:\dell\E-Center\EULALauncher.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
2006-10-03 10:37 81920 ----a-w- c:\program files\Common Files\InstallShield\UpdateService\issch.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCMService]
2006-10-13 10:31 184320 ------w- c:\program files\Dell\MediaDirect\PCMService.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2009-11-10 22:08 417792 ----a-w- c:\program files\QuickTime\QTTask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxWatchTray]
2006-11-05 10:22 221184 ----a-w- c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SigmatelSysTrayApp]
2007-02-08 05:11 303104 ----a-w- c:\windows\sttray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001
R0 pavboot;pavboot;c:\windows\System32\drivers\pavboot.sys [11/05/2009 10:02 28544]
R0 PCTCore;PCTools KDS;c:\windows\System32\drivers\PCTCore.sys [11/02/2010 11:38 207792]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\System32\drivers\avgldx86.sys [23/04/2009 19:29 335240]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\System32\drivers\avgtdix.sys [23/04/2009 19:29 108552]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [28/04/2009 10:33 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [28/04/2009 10:33 72944]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [23/04/2009 19:28 297752]
R2 Browser Defender Update Service;Browser Defender Update Service;c:\program files\Spyware Doctor\BDT\BDTUpdateService.exe [11/02/2010 11:38 112592]
S2 gupdate1c9f56b54aee582;Service Google Update (gupdate1c9f56b54aee582);c:\program files\Google\Update\GoogleUpdate.exe [25/06/2009 09:02 133104]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [28/04/2009 10:33 7408]
S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [11/02/2010 11:37 359624]
.
Contenu du dossier 'Tâches planifiées'
2010-02-16 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-06-25 08:02]
2010-02-16 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-06-25 08:02]
.
.
------- Examen supplémentaire -------
.
uStart Page = hxxp://www.google.fr/
uInternet Settings,ProxyServer = 172.16.0.1:3128
uInternet Settings,ProxyOverride = 172.16.*
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
Trusted Zone: internet
Trusted Zone: mcafee.com
TCP: {15CCD27B-9130-4E61-8283-64154F547479} = 192.168.1.1
.
- - - - ORPHELINS SUPPRIMES - - - -
BHO-{1392b8d2-5c05-419f-a8f6-b9f15a596612} - (no file)
MSConfigStartUp-Corel Photo Downloader - c:\program files\Corel\Corel Snapfire Plus\PhotoDownloader.exe
MSConfigStartUp-Google Desktop Search - c:\program files\Google\Google Desktop Search\GoogleDesktop.exe
MSConfigStartUp-mcagent_exe - c:\program files\McAfee.com\Agent\mcagent.exe
MSConfigStartUp-MskAgentexe - c:\program files\McAfee\MSK\MskAgent.exe
AddRemove-HijackThis - c:\genproc\outil\HijackThis.exe
AddRemove-Tibia_is1 - c:\program files\Tibia\unins000.exe
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-02-16 10:40
Windows 6.0.6001 Service Pack 1 NTFS
Recherche de processus cachés ...
Recherche d'éléments en démarrage automatique cachés ...
Recherche de fichiers cachés ...
Scan terminé avec succès
Fichiers cachés: 0
**************************************************************************
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Heure de fin: 2010-02-16 10:43:50
ComboFix-quarantined-files.txt 2010-02-16 09:43
Avant-CF: 59 312 934 912 octets libres
Après-CF: 59 274 358 784 octets libres
- - End Of File - - 38EFB6B1553F0D51D6C347E45692991F
Malwarebytes' Anti-Malware 1.44
Version de la base de données: 3746
Windows 6.0.6001 Service Pack 1
Internet Explorer 7.0.6001.18000
16/02/2010 18:02:38
mbam-log-2010-02-16 (18-02-38).txt
Type de recherche: Examen complet (C:\|D:\|E:\|)
Eléments examinés: 253731
Temps écoulé: 1 hour(s), 40 minute(s), 1 second(s)
Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 0
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 2
Processus mémoire infecté(s):
(Aucun élément nuisible détecté)
Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)
Clé(s) du Registre infectée(s):
(Aucun élément nuisible détecté)
Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)
Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)
Dossier(s) infecté(s):
(Aucun élément nuisible détecté)
Fichier(s) infecté(s):
C:\Users\Olivier\AppData\Local\av.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Users\Olivier\Local Settings\Application Data\av.exe (ROGUE.Win7Antispyware2010) -> Quarantined and deleted successfully.
Version de la base de données: 3746
Windows 6.0.6001 Service Pack 1
Internet Explorer 7.0.6001.18000
16/02/2010 18:02:38
mbam-log-2010-02-16 (18-02-38).txt
Type de recherche: Examen complet (C:\|D:\|E:\|)
Eléments examinés: 253731
Temps écoulé: 1 hour(s), 40 minute(s), 1 second(s)
Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 0
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 2
Processus mémoire infecté(s):
(Aucun élément nuisible détecté)
Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)
Clé(s) du Registre infectée(s):
(Aucun élément nuisible détecté)
Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)
Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)
Dossier(s) infecté(s):
(Aucun élément nuisible détecté)
Fichier(s) infecté(s):
C:\Users\Olivier\AppData\Local\av.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Users\Olivier\Local Settings\Application Data\av.exe (ROGUE.Win7Antispyware2010) -> Quarantined and deleted successfully.
Tu peux me recoller un nouveau log ZhpDiag et me dire comment va le pc ?
This log file is located at C:\rkill.log.
Please post this only if requested to by the person helping you.
Otherwise you can close this log when you wish.
Ran as Olivia on 19/02/2010 at 17:20:13.
Processes terminated by Rkill or while it was running:
C:\Windows\system32\RUNDLL32.EXE
C:\Users\Olivia\AppData\Local\av.exe
C:\Users\Olivia\Downloads\rkill.exe
Rkill completed on 19/02/2010 at 17:20:19.
Please post this only if requested to by the person helping you.
Otherwise you can close this log when you wish.
Ran as Olivia on 19/02/2010 at 17:20:13.
Processes terminated by Rkill or while it was running:
C:\Windows\system32\RUNDLL32.EXE
C:\Users\Olivia\AppData\Local\av.exe
C:\Users\Olivia\Downloads\rkill.exe
Rkill completed on 19/02/2010 at 17:20:19.
Logfile of random's system information tool 1.06 (written by random/random)
Run by tchu yi at 2010-03-02 15:16:23
Microsoft® Windows Vista™ Édition Familiale Basique Service Pack 1
System drive C: has 51 GB (45%) free of 114 GB
Total RAM: 2813 MB (51% free)
======Scheduled tasks folder======
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
C:\Windows\tasks\McDefragTask.job
C:\Windows\tasks\McQcTask.job
C:\Windows\tasks\Norton Security Scan for tchu yi.job
C:\Windows\tasks\PCConfidential.job
C:\Windows\tasks\RegPowerClean.job
C:\Windows\tasks\RPCReminder.job
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27 75128]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]
AskBar BHO - C:\Program Files\AskBarDis\bar\bin\askBar.dll [2009-04-02 333192]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{22FC6CE8-7D47-479F-B74A-BFBB04ADB9AF}]
PCCBHO.CPCCBHO - C:\Program Files\Winferno\PC Confidential\PCCBHO.dll [2008-04-01 73728]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{27B4851A-3207-45A2-B947-BE8AFE6163AB}]
McAfee Phishing Filter - c:\PROGRA~1\mcafee\msk\mskapbho.dll [2009-01-09 246800]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6EBF7485-159F-4bff-A14F-B9E3AAC4465B}]
Search Helper - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll [2009-05-19 137600]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7DB2D5A0-7241-4E79-B68D-6309F01C5231}]
scriptproxy - c:\PROGRA~1\mcafee\VIRUSS~1\scriptsn.dll [2009-03-25 62784]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Programme d'aide de l'Assistant de connexion Windows Live - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22 408448]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{a8f9752d-e2b8-4e7a-86b5-499f4330e2fe}]
Eazel-FR Toolbar - C:\Program Files\Eazel-FR\tbEaze.dll [2009-07-02 2215960]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2010-01-30 279664]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll [2010-01-30 812528]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B164E929-A1B6-4A06-B104-2CD0E90A88FF}]
McAfee SiteAdvisor BHO - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll [2009-11-23 204048]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D2A2595C-4FE4-4315-AA9B-19DBD6271B71}]
PriceGongCtrl Class - C:\Program Files\PriceGong\1.5.0\PriceGongIE.dll [2009-08-10 288056]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-10-29 41760]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E15A8DC0-8516-42A1-81EA-DC94EC1ACF10}]
Windows Live Toolbar Helper - C:\Program Files\Windows Live\Toolbar\wltcore.dll [2009-02-06 1068904]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E38FA08E-F56A-4169-ABF5-5C71E3C153A1}]
NetAssistantBHO Class - C:\Program Files\My.Freeze.com Toolbar\NetAssistant.dll [2008-11-26 253048]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F0626A63-410B-45E2-99A1-3F2475B2D695}]
Search Assistant - C:\Program Files\SGPSA\BHO.dll [2009-08-25 927232]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FCBCCB87-9224-4B8D-B117-F56D924BEB18}]
XBTBPos00 Class - C:\Program Files\My.Freeze.com Toolbar\freeze_int2.dll [2009-10-26 1916024]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - McAfee SiteAdvisor Toolbar - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll [2009-11-23 204048]
{21FA44EF-376D-4D53-9B0F-8A89D3229068} - &Windows Live Toolbar - C:\Program Files\Windows Live\Toolbar\wltcore.dll [2009-02-06 1068904]
{3041d03e-fd4b-44e0-b742-2d9b88305f98} - Ask Toolbar - C:\Program Files\AskBarDis\bar\bin\askBar.dll [2009-04-02 333192]
{1BB22D38-A411-4B13-A746-C2A4F4EC7344} - Fast Browser Search Toolbar - C:\Program Files\Fast Browser Search\IE\FBStoolbar.dll [2009-08-13 2602368]
{9ec204df-0e48-4c32-816e-2e928a4fd9c2} - WalterShop - C:\Windows\system32\mscoree.dll [2008-07-27 282112]
{D0523BB4-21E7-11DD-9AB7-415B56D89593} - My.Freeze.com Toolbar - C:\Program Files\My.Freeze.com Toolbar\freeze_int2.dll [2009-10-26 1916024]
{a8f9752d-e2b8-4e7a-86b5-499f4330e2fe} - Eazel-FR Toolbar - C:\Program Files\Eazel-FR\tbEaze.dll [2009-07-02 2215960]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2010-01-30 279664]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2008-01-21 1008184]
"RtHDVCpl"=C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [2008-10-31 6609440]
"Google Desktop Search"=C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [2009-12-19 30192]
"Acer ePower Management"=C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe [2008-12-18 690720]
"EgisTecLiveUpdate"=C:\Program Files\EgisTec Egis Software Update\EgisUpdate.exe [2008-10-27 199464]
"mwlDaemon"=C:\Program Files\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe [2008-10-27 346672]
"BkupTray"=C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe [2008-04-25 28672]
"PLFSetI"=C:\Windows\PLFSetI.exe [2008-07-29 200704]
"NvCplDaemon"=C:\Windows\system32\NvCpl.dll [2008-11-21 13601312]
"NvMediaCenter"=C:\Windows\system32\NvMcTray.dll [2008-11-21 92704]
"LManager"=C:\PROGRA~1\LAUNCH~1\LManager.exe [2009-01-09 870920]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2009-01-09 1418536]
"ArcadeDeluxeAgent"=C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe [2008-10-08 147456]
"CLMLServer"=C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe [2008-10-08 167936]
"PlayMovie"=C:\Program Files\Acer Arcade Deluxe\PlayMovie\PMVService.exe [2008-10-17 167936]
"mcagent_exe"=C:\Program Files\McAfee.com\Agent\mcagent.exe [2009-03-25 645328]
"FBSSA"=C:\Program Files\SGPSA\ie3sh.exe [2009-08-27 765824]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-10-29 149280]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-02-27 35696]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"WindowsWelcomeCenter"=oobefldr.dll,ShowWelcomeCenter []
"msnmsgr"=C:\Program Files\Windows Live\Messenger\msnmsgr.exe [2009-07-26 3883856]
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2009-04-30 68856]
"WMPNSCFG"=C:\Program Files\Windows Media Player\WMPNSCFG.exe [2008-01-21 202240]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mcmscsvc]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MCODS]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MpfService]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableUIADesktopToggle"=0
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ce048231-2275-11df-b86f-00235a55c624}]
shell\AutoRun\command - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Yang.EXE
======File associations======
.exe - open - "C:\Users\tchu yi\AppData\Local\av.exe" /START "%1" %*
======List of files/folders created in the last 1 months======
2010-03-02 15:16:23 ----D---- C:\rsit
2010-03-02 15:16:23 ----D---- C:\Program Files\trend micro
2010-03-02 14:00:16 ----D---- C:\Program Files\ZHPDiag
2010-02-24 18:36:23 ----A---- C:\Windows\system32\tzres.dll
2010-02-24 18:35:41 ----A---- C:\Windows\system32\RMActivate_isv.exe
2010-02-24 18:35:41 ----A---- C:\Windows\system32\RMActivate.exe
2010-02-24 18:35:40 ----A---- C:\Windows\system32\secproc_ssp.dll
2010-02-24 18:35:40 ----A---- C:\Windows\system32\secproc_isv.dll
2010-02-24 18:35:40 ----A---- C:\Windows\system32\secproc.dll
2010-02-24 18:35:40 ----A---- C:\Windows\system32\RMActivate_ssp_isv.exe
2010-02-24 18:35:40 ----A---- C:\Windows\system32\RMActivate_ssp.exe
2010-02-24 18:35:39 ----A---- C:\Windows\system32\secproc_ssp_isv.dll
2010-02-24 18:35:39 ----A---- C:\Windows\system32\msdrm.dll
2010-02-24 18:00:50 ----D---- C:\Program Files\Common Files\Symantec Shared
2010-02-22 17:03:15 ----D---- C:\ProgramData\Symantec
2010-02-22 17:03:15 ----D---- C:\ProgramData\Norton
2010-02-22 17:03:15 ----D---- C:\Program Files\Norton Security Scan
2010-02-22 17:03:13 ----D---- C:\ProgramData\NortonInstaller
2010-02-22 17:03:13 ----D---- C:\Program Files\NortonInstaller
2010-02-22 14:02:46 ----D---- C:\Windows\system32\Adobe
2010-02-10 15:04:36 ----A---- C:\Windows\system32\ntoskrnl.exe
2010-02-10 15:04:36 ----A---- C:\Windows\system32\ntkrnlpa.exe
2010-02-10 15:04:26 ----A---- C:\Windows\system32\quartz.dll
2010-02-10 15:04:26 ----A---- C:\Windows\system32\msyuv.dll
2010-02-10 15:04:26 ----A---- C:\Windows\system32\msvidc32.dll
2010-02-10 15:04:25 ----A---- C:\Windows\system32\tsbyuv.dll
2010-02-10 15:04:25 ----A---- C:\Windows\system32\msvfw32.dll
2010-02-10 15:04:25 ----A---- C:\Windows\system32\msrle32.dll
2010-02-10 15:04:25 ----A---- C:\Windows\system32\mciavi32.dll
2010-02-10 15:04:25 ----A---- C:\Windows\system32\iyuv_32.dll
2010-02-10 15:04:25 ----A---- C:\Windows\system32\avifil32.dll
2010-02-10 15:04:25 ----A---- C:\Windows\system32\avicap32.dll
======List of files/folders modified in the last 1 months======
2010-03-02 15:16:25 ----D---- C:\Windows\Temp
2010-03-02 15:16:23 ----RD---- C:\Program Files
2010-03-02 15:16:23 ----D---- C:\Windows\Prefetch
2010-03-02 12:57:00 ----SHD---- C:\System Volume Information
2010-03-02 11:35:54 ----D---- C:\Windows\System32
2010-03-02 11:35:54 ----D---- C:\Windows\inf
2010-03-02 11:35:54 ----A---- C:\Windows\system32\PerfStringBackup.INI
2010-03-02 11:30:24 ----D---- C:\Windows
2010-03-01 23:43:47 ----D---- C:\Program Files\Mozilla Firefox
2010-02-28 03:02:58 ----D---- C:\Windows\system32\catroot2
2010-02-25 13:29:18 ----D---- C:\Windows\rescache
2010-02-25 13:11:24 ----RSD---- C:\Windows\Fonts
2010-02-25 13:11:24 ----D---- C:\Windows\system32\fr-FR
2010-02-25 04:49:35 ----SHD---- C:\Windows\Installer
2010-02-25 03:02:42 ----D---- C:\Windows\winsxs
2010-02-25 03:01:17 ----D---- C:\Windows\system32\catroot
2010-02-24 18:00:50 ----D---- C:\Program Files\Common Files
2010-02-22 17:03:21 ----D---- C:\Windows\Tasks
2010-02-22 17:03:18 ----D---- C:\Windows\system32\Tasks
2010-02-22 17:03:15 ----HD---- C:\ProgramData
2010-02-22 17:03:15 ----D---- C:\Windows\system32\drivers
2010-02-22 14:03:14 ----D---- C:\Windows\system32\Macromed
2010-02-22 14:02:47 ----SD---- C:\Windows\Downloaded Program Files
2010-02-11 14:08:31 ----D---- C:\Program Files\Windows Mail
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R1 DritekPortIO;Dritek General Port I/O; \??\C:\PROGRA~1\LAUNCH~1\DPortIO.sys [2006-11-02 20112]
R1 mfehidk;McAfee Inc. mfehidk; C:\Windows\system32\drivers\mfehidk.sys [2009-03-25 214024]
R1 MPFP;MPFP; C:\Windows\System32\Drivers\Mpfp.sys [2008-10-23 130424]
R2 mwlPSDFilter;mwlPSDFilter; C:\Windows\system32\DRIVERS\mwlPSDFilter.sys [2008-10-09 19504]
R2 mwlPSDNServ;mwlPSDNServ; C:\Windows\system32\DRIVERS\mwlPSDNServ.sys [2008-10-09 16432]
R2 mwlPSDVDisk;mwlPSDVDisk; C:\Windows\system32\DRIVERS\mwlPSDVDisk.sys [2008-10-09 59952]
R3 athr;Atheros Extensible Wireless LAN device driver; C:\Windows\system32\DRIVERS\athr.sys [2008-11-04 952320]
R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0; C:\Windows\system32\DRIVERS\b57nd60x.sys [2008-09-29 223232]
R3 CmBatt;Pilote pour Batterie à méthode de contrôle ACPI Microsoft; C:\Windows\system32\DRIVERS\CmBatt.sys [2008-01-21 14208]
R3 DKbFltr;Dritek Keyboard Filter Driver; C:\Windows\system32\DRIVERS\DKbFltr.sys [2006-11-02 21264]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys [2008-10-31 2231456]
R3 mfeavfk;McAfee Inc. mfeavfk; C:\Windows\system32\drivers\mfeavfk.sys [2009-03-25 79880]
R3 mfebopk;McAfee Inc. mfebopk; C:\Windows\system32\drivers\mfebopk.sys [2009-03-25 35272]
R3 mfesmfk;McAfee Inc. mfesmfk; C:\Windows\system32\drivers\mfesmfk.sys [2009-03-25 40552]
R3 NTIDrvr;Upper Class Filter Driver; C:\Windows\system32\DRIVERS\NTIDrvr.sys [2008-01-30 14848]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver; C:\Windows\system32\drivers\nvhda32v.sys [2008-09-05 45600]
R3 nvlddmkm;nvlddmkm; C:\Windows\system32\DRIVERS\nvlddmkm.sys [2008-11-21 7451264]
R3 nvsmu;nvsmu; C:\Windows\system32\DRIVERS\nvsmu.sys [2008-08-25 15872]
R3 SynTP;Synaptics TouchPad Driver; C:\Windows\system32\DRIVERS\SynTP.sys [2009-01-09 204976]
R3 usbvideo;Périphérique vidéo USB (WDM); C:\Windows\System32\Drivers\usbvideo.sys [2008-01-21 134016]
R3 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\DRIVERS\wmiacpi.sys [2008-01-21 11264]
S3 drmkaud;Filtre de décodeur DRM (Noyau Microsoft); C:\Windows\system32\drivers\drmkaud.sys [2008-01-21 5632]
S3 fssfltr;FssFltr; C:\Windows\system32\DRIVERS\fssfltr.sys [2009-08-05 54632]
S3 HdAudAddService;Pilote de fonction UAA 1.1 Microsoft pour le service High Definition Audio; C:\Windows\system32\drivers\HdAudio.sys [2006-11-02 235520]
S3 JMCR;JMCR; C:\Windows\system32\DRIVERS\jmcr.sys [2008-12-29 109920]
S3 mferkdk;McAfee Inc. mferkdk; C:\Windows\system32\drivers\mferkdk.sys [2009-03-25 34216]
S3 MSKSSRV;Proxy de service de répartition Microsoft; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-21 8192]
S3 MSPCLOCK;Proxy d'horloge de répartition Microsoft; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-21 5888]
S3 MSPQM;Proxy de gestion de qualité de répartition Microsoft; C:\Windows\system32\drivers\MSPQM.sys [2008-01-21 5504]
S3 MSTEE;Convertisseur en T/site-à-site de répartition Microsoft; C:\Windows\system32\drivers\MSTEE.sys [2008-01-21 6016]
S3 netr28;Ralink 802.11n Wireless Driver for Windows Vista; C:\Windows\system32\DRIVERS\netr28.sys [2008-08-09 419328]
S3 RimUsb;Téléphone intelligent BlackBerry ; C:\Windows\System32\Drivers\RimUsb.sys [2008-04-16 22784]
S3 sscdbus;SAMSUNG USB Composite Device driver (WDM); C:\Windows\system32\DRIVERS\sscdbus.sys [2005-08-17 58352]
S3 sscdmdfl;SAMSUNG CDMA Modem Filter; C:\Windows\system32\DRIVERS\sscdmdfl.sys [2005-08-17 8272]
S3 sscdmdm;SAMSUNG CDMA Modem Drivers; C:\Windows\system32\DRIVERS\sscdmdm.sys [2005-08-17 93872]
S3 usbaudio;Pilote USB audio (WDM); C:\Windows\system32\drivers\usbaudio.sys [2008-01-21 73088]
S3 WpdUsb;WpdUsb; C:\Windows\system32\DRIVERS\wpdusb.sys [2008-01-21 39936]
S3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-21 83328]
S4 ErrDev;Microsoft Hardware Error Device Driver; C:\Windows\system32\drivers\errdev.sys [2008-01-21 6656]
S4 MegaSR;MegaSR; C:\Windows\system32\drivers\megasr.sys [2008-01-21 386616]
S4 sdbus;sdbus; C:\Windows\system32\DRIVERS\sdbus.sys [2008-01-21 88576]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 BUNAgentSvc;NTI Backup Now 5 Agent Service; C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe [2008-03-03 16384]
R2 CLHNService;CLHNService; C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe [2008-10-04 69632]
R2 ePowerSvc;Acer ePower Service; C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe [2008-12-18 653856]
R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [2007-01-17 61440]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service; C:\Program Files\McAfee\SiteAdvisor\McSACore.exe [2009-12-08 93320]
R2 mcmscsvc;McAfee Services; C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe [2009-03-25 797864]
R2 McNASvc;McAfee Network Agent; c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe [2009-01-09 2482848]
R2 McProxy;McAfee Proxy Service; c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe [2009-01-09 359952]
R2 McShield;McAfee Real-time Scanner; C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe [2009-03-25 144704]
R2 MobilityService;MobilityService; C:\Acer\Mobility Center\MobilityService.exe [2007-12-06 110592]
R2 MpfService;McAfee Personal Firewall Service; C:\Program Files\McAfee\MPF\MPFSrv.exe [2009-03-19 884360]
R2 MSK80Service;McAfee Anti-Spam Service; C:\Program Files\McAfee\MSK\MskSrver.exe [2009-01-09 26640]
R2 MWLService;MyWinLocker Service; C:\Program Files\EgisTec\MyWinLocker 3\x86\\MWLService.exe [2008-10-27 306736]
R2 NTIBackupSvc;NTI Backup Now 5 Backup Service; C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [2008-04-25 45056]
R2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service; C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [2008-04-25 131072]
R2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe [2008-11-21 203296]
R2 RichVideo;Cyberlink RichVideo Service(CRVS); C:\Program Files\Cyberlink\Shared files\RichVideo.exe [2007-01-09 272024]
R2 SeaPort;SeaPort; C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe [2009-05-19 240512]
R3 McSysmon;McAfee SystemGuards; C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe [2009-03-23 606736]
S2 ASKUpgrade;ASKUpgrade; C:\Program Files\AskBarDis\bar\bin\ASKUpgrade.exe [2009-04-02 234888]
S2 gupdate;Service Google Update (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2010-01-30 135664]
S3 fsssvc;Service Windows Live Contrôle parental; C:\Program Files\Windows Live\Family Safety\fsssvc.exe [2009-08-05 704864]
S3 GoogleDesktopManager-110309-193829;Google Desktop Manager 5.9.911.3589; C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [2009-12-19 30192]
S3 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-04-30 182768]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-03 69632]
S3 McODS;McAfee Scanner; C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe [2009-04-01 365072]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 441712]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
-----------------EOF-----------------
Run by tchu yi at 2010-03-02 15:16:23
Microsoft® Windows Vista™ Édition Familiale Basique Service Pack 1
System drive C: has 51 GB (45%) free of 114 GB
Total RAM: 2813 MB (51% free)
======Scheduled tasks folder======
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
C:\Windows\tasks\McDefragTask.job
C:\Windows\tasks\McQcTask.job
C:\Windows\tasks\Norton Security Scan for tchu yi.job
C:\Windows\tasks\PCConfidential.job
C:\Windows\tasks\RegPowerClean.job
C:\Windows\tasks\RPCReminder.job
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27 75128]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]
AskBar BHO - C:\Program Files\AskBarDis\bar\bin\askBar.dll [2009-04-02 333192]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{22FC6CE8-7D47-479F-B74A-BFBB04ADB9AF}]
PCCBHO.CPCCBHO - C:\Program Files\Winferno\PC Confidential\PCCBHO.dll [2008-04-01 73728]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{27B4851A-3207-45A2-B947-BE8AFE6163AB}]
McAfee Phishing Filter - c:\PROGRA~1\mcafee\msk\mskapbho.dll [2009-01-09 246800]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6EBF7485-159F-4bff-A14F-B9E3AAC4465B}]
Search Helper - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll [2009-05-19 137600]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7DB2D5A0-7241-4E79-B68D-6309F01C5231}]
scriptproxy - c:\PROGRA~1\mcafee\VIRUSS~1\scriptsn.dll [2009-03-25 62784]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Programme d'aide de l'Assistant de connexion Windows Live - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22 408448]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{a8f9752d-e2b8-4e7a-86b5-499f4330e2fe}]
Eazel-FR Toolbar - C:\Program Files\Eazel-FR\tbEaze.dll [2009-07-02 2215960]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2010-01-30 279664]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll [2010-01-30 812528]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B164E929-A1B6-4A06-B104-2CD0E90A88FF}]
McAfee SiteAdvisor BHO - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll [2009-11-23 204048]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D2A2595C-4FE4-4315-AA9B-19DBD6271B71}]
PriceGongCtrl Class - C:\Program Files\PriceGong\1.5.0\PriceGongIE.dll [2009-08-10 288056]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-10-29 41760]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E15A8DC0-8516-42A1-81EA-DC94EC1ACF10}]
Windows Live Toolbar Helper - C:\Program Files\Windows Live\Toolbar\wltcore.dll [2009-02-06 1068904]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E38FA08E-F56A-4169-ABF5-5C71E3C153A1}]
NetAssistantBHO Class - C:\Program Files\My.Freeze.com Toolbar\NetAssistant.dll [2008-11-26 253048]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F0626A63-410B-45E2-99A1-3F2475B2D695}]
Search Assistant - C:\Program Files\SGPSA\BHO.dll [2009-08-25 927232]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FCBCCB87-9224-4B8D-B117-F56D924BEB18}]
XBTBPos00 Class - C:\Program Files\My.Freeze.com Toolbar\freeze_int2.dll [2009-10-26 1916024]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - McAfee SiteAdvisor Toolbar - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll [2009-11-23 204048]
{21FA44EF-376D-4D53-9B0F-8A89D3229068} - &Windows Live Toolbar - C:\Program Files\Windows Live\Toolbar\wltcore.dll [2009-02-06 1068904]
{3041d03e-fd4b-44e0-b742-2d9b88305f98} - Ask Toolbar - C:\Program Files\AskBarDis\bar\bin\askBar.dll [2009-04-02 333192]
{1BB22D38-A411-4B13-A746-C2A4F4EC7344} - Fast Browser Search Toolbar - C:\Program Files\Fast Browser Search\IE\FBStoolbar.dll [2009-08-13 2602368]
{9ec204df-0e48-4c32-816e-2e928a4fd9c2} - WalterShop - C:\Windows\system32\mscoree.dll [2008-07-27 282112]
{D0523BB4-21E7-11DD-9AB7-415B56D89593} - My.Freeze.com Toolbar - C:\Program Files\My.Freeze.com Toolbar\freeze_int2.dll [2009-10-26 1916024]
{a8f9752d-e2b8-4e7a-86b5-499f4330e2fe} - Eazel-FR Toolbar - C:\Program Files\Eazel-FR\tbEaze.dll [2009-07-02 2215960]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2010-01-30 279664]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2008-01-21 1008184]
"RtHDVCpl"=C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [2008-10-31 6609440]
"Google Desktop Search"=C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [2009-12-19 30192]
"Acer ePower Management"=C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe [2008-12-18 690720]
"EgisTecLiveUpdate"=C:\Program Files\EgisTec Egis Software Update\EgisUpdate.exe [2008-10-27 199464]
"mwlDaemon"=C:\Program Files\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe [2008-10-27 346672]
"BkupTray"=C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe [2008-04-25 28672]
"PLFSetI"=C:\Windows\PLFSetI.exe [2008-07-29 200704]
"NvCplDaemon"=C:\Windows\system32\NvCpl.dll [2008-11-21 13601312]
"NvMediaCenter"=C:\Windows\system32\NvMcTray.dll [2008-11-21 92704]
"LManager"=C:\PROGRA~1\LAUNCH~1\LManager.exe [2009-01-09 870920]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2009-01-09 1418536]
"ArcadeDeluxeAgent"=C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe [2008-10-08 147456]
"CLMLServer"=C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe [2008-10-08 167936]
"PlayMovie"=C:\Program Files\Acer Arcade Deluxe\PlayMovie\PMVService.exe [2008-10-17 167936]
"mcagent_exe"=C:\Program Files\McAfee.com\Agent\mcagent.exe [2009-03-25 645328]
"FBSSA"=C:\Program Files\SGPSA\ie3sh.exe [2009-08-27 765824]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-10-29 149280]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-02-27 35696]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"WindowsWelcomeCenter"=oobefldr.dll,ShowWelcomeCenter []
"msnmsgr"=C:\Program Files\Windows Live\Messenger\msnmsgr.exe [2009-07-26 3883856]
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2009-04-30 68856]
"WMPNSCFG"=C:\Program Files\Windows Media Player\WMPNSCFG.exe [2008-01-21 202240]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mcmscsvc]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MCODS]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MpfService]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableUIADesktopToggle"=0
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ce048231-2275-11df-b86f-00235a55c624}]
shell\AutoRun\command - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Yang.EXE
======File associations======
.exe - open - "C:\Users\tchu yi\AppData\Local\av.exe" /START "%1" %*
======List of files/folders created in the last 1 months======
2010-03-02 15:16:23 ----D---- C:\rsit
2010-03-02 15:16:23 ----D---- C:\Program Files\trend micro
2010-03-02 14:00:16 ----D---- C:\Program Files\ZHPDiag
2010-02-24 18:36:23 ----A---- C:\Windows\system32\tzres.dll
2010-02-24 18:35:41 ----A---- C:\Windows\system32\RMActivate_isv.exe
2010-02-24 18:35:41 ----A---- C:\Windows\system32\RMActivate.exe
2010-02-24 18:35:40 ----A---- C:\Windows\system32\secproc_ssp.dll
2010-02-24 18:35:40 ----A---- C:\Windows\system32\secproc_isv.dll
2010-02-24 18:35:40 ----A---- C:\Windows\system32\secproc.dll
2010-02-24 18:35:40 ----A---- C:\Windows\system32\RMActivate_ssp_isv.exe
2010-02-24 18:35:40 ----A---- C:\Windows\system32\RMActivate_ssp.exe
2010-02-24 18:35:39 ----A---- C:\Windows\system32\secproc_ssp_isv.dll
2010-02-24 18:35:39 ----A---- C:\Windows\system32\msdrm.dll
2010-02-24 18:00:50 ----D---- C:\Program Files\Common Files\Symantec Shared
2010-02-22 17:03:15 ----D---- C:\ProgramData\Symantec
2010-02-22 17:03:15 ----D---- C:\ProgramData\Norton
2010-02-22 17:03:15 ----D---- C:\Program Files\Norton Security Scan
2010-02-22 17:03:13 ----D---- C:\ProgramData\NortonInstaller
2010-02-22 17:03:13 ----D---- C:\Program Files\NortonInstaller
2010-02-22 14:02:46 ----D---- C:\Windows\system32\Adobe
2010-02-10 15:04:36 ----A---- C:\Windows\system32\ntoskrnl.exe
2010-02-10 15:04:36 ----A---- C:\Windows\system32\ntkrnlpa.exe
2010-02-10 15:04:26 ----A---- C:\Windows\system32\quartz.dll
2010-02-10 15:04:26 ----A---- C:\Windows\system32\msyuv.dll
2010-02-10 15:04:26 ----A---- C:\Windows\system32\msvidc32.dll
2010-02-10 15:04:25 ----A---- C:\Windows\system32\tsbyuv.dll
2010-02-10 15:04:25 ----A---- C:\Windows\system32\msvfw32.dll
2010-02-10 15:04:25 ----A---- C:\Windows\system32\msrle32.dll
2010-02-10 15:04:25 ----A---- C:\Windows\system32\mciavi32.dll
2010-02-10 15:04:25 ----A---- C:\Windows\system32\iyuv_32.dll
2010-02-10 15:04:25 ----A---- C:\Windows\system32\avifil32.dll
2010-02-10 15:04:25 ----A---- C:\Windows\system32\avicap32.dll
======List of files/folders modified in the last 1 months======
2010-03-02 15:16:25 ----D---- C:\Windows\Temp
2010-03-02 15:16:23 ----RD---- C:\Program Files
2010-03-02 15:16:23 ----D---- C:\Windows\Prefetch
2010-03-02 12:57:00 ----SHD---- C:\System Volume Information
2010-03-02 11:35:54 ----D---- C:\Windows\System32
2010-03-02 11:35:54 ----D---- C:\Windows\inf
2010-03-02 11:35:54 ----A---- C:\Windows\system32\PerfStringBackup.INI
2010-03-02 11:30:24 ----D---- C:\Windows
2010-03-01 23:43:47 ----D---- C:\Program Files\Mozilla Firefox
2010-02-28 03:02:58 ----D---- C:\Windows\system32\catroot2
2010-02-25 13:29:18 ----D---- C:\Windows\rescache
2010-02-25 13:11:24 ----RSD---- C:\Windows\Fonts
2010-02-25 13:11:24 ----D---- C:\Windows\system32\fr-FR
2010-02-25 04:49:35 ----SHD---- C:\Windows\Installer
2010-02-25 03:02:42 ----D---- C:\Windows\winsxs
2010-02-25 03:01:17 ----D---- C:\Windows\system32\catroot
2010-02-24 18:00:50 ----D---- C:\Program Files\Common Files
2010-02-22 17:03:21 ----D---- C:\Windows\Tasks
2010-02-22 17:03:18 ----D---- C:\Windows\system32\Tasks
2010-02-22 17:03:15 ----HD---- C:\ProgramData
2010-02-22 17:03:15 ----D---- C:\Windows\system32\drivers
2010-02-22 14:03:14 ----D---- C:\Windows\system32\Macromed
2010-02-22 14:02:47 ----SD---- C:\Windows\Downloaded Program Files
2010-02-11 14:08:31 ----D---- C:\Program Files\Windows Mail
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R1 DritekPortIO;Dritek General Port I/O; \??\C:\PROGRA~1\LAUNCH~1\DPortIO.sys [2006-11-02 20112]
R1 mfehidk;McAfee Inc. mfehidk; C:\Windows\system32\drivers\mfehidk.sys [2009-03-25 214024]
R1 MPFP;MPFP; C:\Windows\System32\Drivers\Mpfp.sys [2008-10-23 130424]
R2 mwlPSDFilter;mwlPSDFilter; C:\Windows\system32\DRIVERS\mwlPSDFilter.sys [2008-10-09 19504]
R2 mwlPSDNServ;mwlPSDNServ; C:\Windows\system32\DRIVERS\mwlPSDNServ.sys [2008-10-09 16432]
R2 mwlPSDVDisk;mwlPSDVDisk; C:\Windows\system32\DRIVERS\mwlPSDVDisk.sys [2008-10-09 59952]
R3 athr;Atheros Extensible Wireless LAN device driver; C:\Windows\system32\DRIVERS\athr.sys [2008-11-04 952320]
R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0; C:\Windows\system32\DRIVERS\b57nd60x.sys [2008-09-29 223232]
R3 CmBatt;Pilote pour Batterie à méthode de contrôle ACPI Microsoft; C:\Windows\system32\DRIVERS\CmBatt.sys [2008-01-21 14208]
R3 DKbFltr;Dritek Keyboard Filter Driver; C:\Windows\system32\DRIVERS\DKbFltr.sys [2006-11-02 21264]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys [2008-10-31 2231456]
R3 mfeavfk;McAfee Inc. mfeavfk; C:\Windows\system32\drivers\mfeavfk.sys [2009-03-25 79880]
R3 mfebopk;McAfee Inc. mfebopk; C:\Windows\system32\drivers\mfebopk.sys [2009-03-25 35272]
R3 mfesmfk;McAfee Inc. mfesmfk; C:\Windows\system32\drivers\mfesmfk.sys [2009-03-25 40552]
R3 NTIDrvr;Upper Class Filter Driver; C:\Windows\system32\DRIVERS\NTIDrvr.sys [2008-01-30 14848]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver; C:\Windows\system32\drivers\nvhda32v.sys [2008-09-05 45600]
R3 nvlddmkm;nvlddmkm; C:\Windows\system32\DRIVERS\nvlddmkm.sys [2008-11-21 7451264]
R3 nvsmu;nvsmu; C:\Windows\system32\DRIVERS\nvsmu.sys [2008-08-25 15872]
R3 SynTP;Synaptics TouchPad Driver; C:\Windows\system32\DRIVERS\SynTP.sys [2009-01-09 204976]
R3 usbvideo;Périphérique vidéo USB (WDM); C:\Windows\System32\Drivers\usbvideo.sys [2008-01-21 134016]
R3 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\DRIVERS\wmiacpi.sys [2008-01-21 11264]
S3 drmkaud;Filtre de décodeur DRM (Noyau Microsoft); C:\Windows\system32\drivers\drmkaud.sys [2008-01-21 5632]
S3 fssfltr;FssFltr; C:\Windows\system32\DRIVERS\fssfltr.sys [2009-08-05 54632]
S3 HdAudAddService;Pilote de fonction UAA 1.1 Microsoft pour le service High Definition Audio; C:\Windows\system32\drivers\HdAudio.sys [2006-11-02 235520]
S3 JMCR;JMCR; C:\Windows\system32\DRIVERS\jmcr.sys [2008-12-29 109920]
S3 mferkdk;McAfee Inc. mferkdk; C:\Windows\system32\drivers\mferkdk.sys [2009-03-25 34216]
S3 MSKSSRV;Proxy de service de répartition Microsoft; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-21 8192]
S3 MSPCLOCK;Proxy d'horloge de répartition Microsoft; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-21 5888]
S3 MSPQM;Proxy de gestion de qualité de répartition Microsoft; C:\Windows\system32\drivers\MSPQM.sys [2008-01-21 5504]
S3 MSTEE;Convertisseur en T/site-à-site de répartition Microsoft; C:\Windows\system32\drivers\MSTEE.sys [2008-01-21 6016]
S3 netr28;Ralink 802.11n Wireless Driver for Windows Vista; C:\Windows\system32\DRIVERS\netr28.sys [2008-08-09 419328]
S3 RimUsb;Téléphone intelligent BlackBerry ; C:\Windows\System32\Drivers\RimUsb.sys [2008-04-16 22784]
S3 sscdbus;SAMSUNG USB Composite Device driver (WDM); C:\Windows\system32\DRIVERS\sscdbus.sys [2005-08-17 58352]
S3 sscdmdfl;SAMSUNG CDMA Modem Filter; C:\Windows\system32\DRIVERS\sscdmdfl.sys [2005-08-17 8272]
S3 sscdmdm;SAMSUNG CDMA Modem Drivers; C:\Windows\system32\DRIVERS\sscdmdm.sys [2005-08-17 93872]
S3 usbaudio;Pilote USB audio (WDM); C:\Windows\system32\drivers\usbaudio.sys [2008-01-21 73088]
S3 WpdUsb;WpdUsb; C:\Windows\system32\DRIVERS\wpdusb.sys [2008-01-21 39936]
S3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-21 83328]
S4 ErrDev;Microsoft Hardware Error Device Driver; C:\Windows\system32\drivers\errdev.sys [2008-01-21 6656]
S4 MegaSR;MegaSR; C:\Windows\system32\drivers\megasr.sys [2008-01-21 386616]
S4 sdbus;sdbus; C:\Windows\system32\DRIVERS\sdbus.sys [2008-01-21 88576]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 BUNAgentSvc;NTI Backup Now 5 Agent Service; C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe [2008-03-03 16384]
R2 CLHNService;CLHNService; C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe [2008-10-04 69632]
R2 ePowerSvc;Acer ePower Service; C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe [2008-12-18 653856]
R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [2007-01-17 61440]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service; C:\Program Files\McAfee\SiteAdvisor\McSACore.exe [2009-12-08 93320]
R2 mcmscsvc;McAfee Services; C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe [2009-03-25 797864]
R2 McNASvc;McAfee Network Agent; c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe [2009-01-09 2482848]
R2 McProxy;McAfee Proxy Service; c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe [2009-01-09 359952]
R2 McShield;McAfee Real-time Scanner; C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe [2009-03-25 144704]
R2 MobilityService;MobilityService; C:\Acer\Mobility Center\MobilityService.exe [2007-12-06 110592]
R2 MpfService;McAfee Personal Firewall Service; C:\Program Files\McAfee\MPF\MPFSrv.exe [2009-03-19 884360]
R2 MSK80Service;McAfee Anti-Spam Service; C:\Program Files\McAfee\MSK\MskSrver.exe [2009-01-09 26640]
R2 MWLService;MyWinLocker Service; C:\Program Files\EgisTec\MyWinLocker 3\x86\\MWLService.exe [2008-10-27 306736]
R2 NTIBackupSvc;NTI Backup Now 5 Backup Service; C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [2008-04-25 45056]
R2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service; C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [2008-04-25 131072]
R2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe [2008-11-21 203296]
R2 RichVideo;Cyberlink RichVideo Service(CRVS); C:\Program Files\Cyberlink\Shared files\RichVideo.exe [2007-01-09 272024]
R2 SeaPort;SeaPort; C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe [2009-05-19 240512]
R3 McSysmon;McAfee SystemGuards; C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe [2009-03-23 606736]
S2 ASKUpgrade;ASKUpgrade; C:\Program Files\AskBarDis\bar\bin\ASKUpgrade.exe [2009-04-02 234888]
S2 gupdate;Service Google Update (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2010-01-30 135664]
S3 fsssvc;Service Windows Live Contrôle parental; C:\Program Files\Windows Live\Family Safety\fsssvc.exe [2009-08-05 704864]
S3 GoogleDesktopManager-110309-193829;Google Desktop Manager 5.9.911.3589; C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [2009-12-19 30192]
S3 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-04-30 182768]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-03 69632]
S3 McODS;McAfee Scanner; C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe [2009-04-01 365072]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 441712]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
-----------------EOF-----------------
Simon - 21 mar 2010 à 09:50
J'ai eu le truc hier soir. 3 heurs pour le virer.
"Vista security" est le virus. Il est composé de chevaux de troie, d'espions, il fait des modifs de fichiers,.......
C'est un virus qui harcèle l'utilisateur pour qu'il donne ses numéros bancaires!!!!! Il fait croire que l'ordi est infesté de virus pour que l'utilisateur achète une solution fictive.
La vrai solution est de le bloquer avec un bon pare feu (autre que celui de windows expl : Zone alarme car il est possible de vérifier tous ce qui sort et entre sur le PC) puis il faut l'éliminer avec un "anti-spyware".
J'ai trouvé 5 Torjal, et 3 autres éléments du virus.
Après ça, l'ordi doit fonctionner correctement.
J'ai eu le truc hier soir. 3 heurs pour le virer.
"Vista security" est le virus. Il est composé de chevaux de troie, d'espions, il fait des modifs de fichiers,.......
C'est un virus qui harcèle l'utilisateur pour qu'il donne ses numéros bancaires!!!!! Il fait croire que l'ordi est infesté de virus pour que l'utilisateur achète une solution fictive.
La vrai solution est de le bloquer avec un bon pare feu (autre que celui de windows expl : Zone alarme car il est possible de vérifier tous ce qui sort et entre sur le PC) puis il faut l'éliminer avec un "anti-spyware".
J'ai trouvé 5 Torjal, et 3 autres éléments du virus.
Après ça, l'ordi doit fonctionner correctement.
