Sujet Précédent Sujet Suivant

Pb mise a jour atomatique et pub intempestive

Fermé
sherry60 - 24 déc. 2008 à 11:56
 Utilisateur anonyme - 24 déc. 2008 à 15:17
Bonjour,
voila j'ai ete infecte par le virus myspacy.biz/viewimage.php de msn je l'ai retire grace a msnfix et depuis je ne peut plus fair les mise a jour automatique j'ai également des page internet qui arrive d partout et aussi antivirus 360 qui arrive jai un anti virus et anti espion zone alarm merci pour votre aide je ne suis pas rés doué en informatique.
PS: pour les mise a jour automatique je bien cocher les cases.
A voir également:

10 réponses

Réponse 1 / 10
Utilisateur anonyme
24 déc. 2008 à 12:05
Salut,

▶ Télécharge hijackthis

▶ Enregistre la cible sous .... "le bureau"

▶ Fais un double-clic sur "HJTInstall.exe" afin de lancer l'installation

▶ Clique sur Install ensuite sur "I Accept"

▶ Clique sur" Do a scan system and save log file"

▶ Le bloc-notes s'ouvrira, fais un copier-coller de tout son contenu ici dans ta prochaine réponse

▶ Tuto hijackthis(Merci à Balltrap34)

Si un rapport ne passe pas faire une alerte à la conciergerie avec le /!\ jaune.
0
Réponse 2 / 10
sherry60
24 déc. 2008 à 12:11
Merci pour ton aide voici le rapport

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:11:03, on 24/12/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\EPSON\EBAPI\eEBSVC.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Fichiers communs\AOL\1230108207\ee\AOLSoftware.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Fichiers communs\ArcSoft\Connection Service\Bin\ACService.exe
C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Fichiers communs\Portrait Displays\Shared\dtsrvc.exe
C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Fichiers communs\Portrait Displays\Drivers\pdisrvc.exe
C:\WINDOWS\System32\svchost.exe
c:\program files\fichiers communs\aol\1230108207\ee\services\antiSpywareApp\ver2_0_28_1\AOLSP Scheduler.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
c:\program files\fichiers communs\aol\1230108207\ee\aolsoftware.exe
C:\Program Files\Zone Labs\ZoneAlarm\MailFrontier\mantispm.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\WINDOWS\system32\mmc.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.bing.com/?cc=fr&toHttps=1&redig=55729C844D6A45819CAD368B3E178C9F
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://neufportail.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [AOLSAV] C:\PROGRA~1\TECHCI~1\AOLSAV\AOLAgent.exe
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Fichiers communs\AOL\1230108207\ee\AOLSoftware.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: &Recherche AOL Toolbar - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: CabBuilder - http://kiw.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/...
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/...
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} - https://www.touslesdrivers.com/index.php?v_page=29
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://wwwimages.adobe.com/www.adobe.com/products/acrobat/nos/gp.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O20 - AppInit_DLLs: xzdwcq.dll
O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files\Fichiers communs\ArcSoft\Connection Service\Bin\ACService.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
O23 - Service: Portrait Displays Display Tune Service (DTSRVC) - Unknown owner - C:\Program Files\Fichiers communs\Portrait Displays\Shared\dtsrvc.exe
O23 - Service: EpsonBidirectionalService - Unknown owner - C:\Program Files\Fichiers communs\EPSON\EBAPI\eEBSVC.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe
O23 - Service: getPlus(R) Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Unknown owner - C:\WINDOWS\system32\drivers\KodakCCS.exe (file missing)
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Portrait Displays SDK Service (PdiService) - Portrait Displays, Inc. - C:\Program Files\Fichiers communs\Portrait Displays\Drivers\pdisrvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
0
Réponse 3 / 10
Utilisateur anonyme
24 déc. 2008 à 12:15
Re,

Télécharge et installe MalwareByte's Anti-Malware
Malwarebyte

Mets le à jour

▶ Double clique sur le raccourci de MalwareByte's Anti-Malware qui est sur le bureau.

▶ Sélectionne Exécuter un examen complet si ce n'est pas déjà fait

▶ clique sur Rechercher

▶ Une fois le scan terminé, une fenêtre s'ouvre, clique sur sur Ok

Si MalwareByte's n'a rien détecté, clique sur Ok Un rapport va apparaître ferme-le.

Si MalwareByte's a détecté des infections, clique sur Afficher les résultats ensuite sur Supprimer la sélection

Enregistre le rapport sur ton Bureau comme cela il sera plus facile à retrouver, poste ensuite ce rapport.

Note : Si MalwareByte's a besoin de redémarrer pour terminer la suppression, accepte en cliquant sur Ok

Si un rapport ne passe pas faire une alerte à la conciergerie avec le /!\ jaune.


Tutoriel pour MalwareByte's
0
Réponse 4 / 10
sherry60
24 déc. 2008 à 14:12
J'ai fais ce que tu m'as dis et voici le rapport. Sa a un rapport avec mes mise a jour automatiques sa on m'avait dit que les malwares n'étaient pas dangereux est-ce vrai?

Malwarebytes' Anti-Malware 1.31
Version de la base de données: 1540
Windows 5.1.2600 Service Pack 3

24/12/2008 14:11:43
mbam-log-2008-12-24 (14-11-43).txt

Type de recherche: Examen complet (C:\|D:\|)
Eléments examinés: 95538
Temps écoulé: 1 hour(s), 21 minute(s), 37 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 2
Clé(s) du Registre infectée(s): 14
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 2
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 43

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
C:\WINDOWS\system32\qoMgddDU.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\xzdwcq.dll (Trojan.Vundo.H) -> Delete on reboot.

Clé(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{50fde0ee-2fe5-4fde-93d6-5725a139689b} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{50fde0ee-2fe5-4fde-93d6-5725a139689b} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7a06cab3-3085-4526-b632-583f438081ff} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{7a06cab3-3085-4526-b632-583f438081ff} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{7a06cab3-3085-4526-b632-583f438081ff} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{50fde0ee-2fe5-4fde-93d6-5725a139689b} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\instkey (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Track System (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully.

Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Notification Packages (Trojan.Vundo.H) -> Data: c:\windows\system32\qomgdddu -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Authentication Packages (Trojan.Vundo.H) -> Data: c:\windows\system32\qomgdddu -> Delete on reboot.

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
C:\WINDOWS\system32\qoMgddDU.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\UDddgMoq.ini (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\UDddgMoq.ini2 (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\xzdwcq.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\fmqxuofy.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\yfouxqmf.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\srywicsn.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\nsciwyrs.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\vdlqdkst.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\tskdqldv.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\Documents and Settings\greg\Local Settings\Temporary Internet Files\Content.IE5\9Y68QH27\upd105320[1] (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\Documents and Settings\greg\Local Settings\Temporary Internet Files\Content.IE5\9Y68QH27\index[1] (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{6998EF88-EBBC-48C7-B8BB-D7385C07A4FC}\RP109\A0029173.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{6998EF88-EBBC-48C7-B8BB-D7385C07A4FC}\RP108\A0028958.exe (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{6998EF88-EBBC-48C7-B8BB-D7385C07A4FC}\RP108\A0028989.exe (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\opnmLbYP.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\byXQgfgh.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\byXQHxwu.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\byXRhIBR.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\nnnKcaXO.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\awtqnNDU.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\awtutUMc.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\bquiqr.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\fccccCVp.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\mrosblbr.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\qoMfcYpM.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\vtUlJbXP.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\vtUlMeed.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\tuvSiGWo.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\xxyxWolK.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\yaywxwvs.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\yayyVnLe.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\jkkJyXpN.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\efcASkiJ.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\efcATNDT.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\wvUmjIbY.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\lessoixy.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ljJAQKbA.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ljJYSkKC.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\greg\Application Data\Microsoft\Internet Explorer\Quick Launch\Antivirus 360.lnk (Rogue.A360Antivirus) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ieupdates.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\winsrc.dll (Adware.Toolbar) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\awttqQhf.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 5 / 10
Utilisateur anonyme
24 déc. 2008 à 14:13
Re,

Télécharge SDFix (créé par AndyManchesta) et sauvegarde le sur ton Bureau.
SDFix (créé par AndyManchesta)

ou http://downloads.andymanchesta.com/RemovalTools/SDFix.exe.

ou http://downloads.andymanchesta.com/RemovalTools/SDFix.exe?thread

ou http://sdfix.net/SDFix.exe

--> Double-cliques sur SDFix.exe et choisis "Install" .
Double clique sur SDFix.exe et choisis Install pour l'extraire dans un dossier dédié sur le Bureau.

Redémarre ton ordinateur en mode sans échec en suivant la procédure que voici :

• Redémarre ton ordinateur

• Après avoir entendu l'ordinateur biper lors du démarrage, mais avant que l'icône Windows apparaisse, tapote la touche F8 (une pression par seconde).

• A la place du chargement normal de Windows, un menu avec différentes options devrait apparaître.

• Choisis la première option, pour exécuter Windows en mode sans échec, puis appuie sur "Entrée".

• Choisis ton compte.

• Puis, ouvre le dossier SDFix qui vient d'être créé dans le répertoire C:\ et double clique sur RunThis. pour lancer le script.

• Appuie sur une touche pour commencer le processus de nettoyage.

• Il va supprimer les services et les entrées du Registre de certains trojans trouvés puis te demandera d'appuyer sur une touche pour redémarrer.

• Appuie sur une touche pour redémarrer le PC.

• Ton système sera plus long pour redémarrer qu'à l'accoutumée car l'outil va continuer à s'exécuter et supprimer des fichiers.

• Après le chargement du Bureau, l'outil terminera son travail et affichera Finished.

• Appuie sur une touche pour finir l'exécution du script et charger les icônes de ton Bureau.

• Les icônes du Bureau affichées, le rapport SDFix s'ouvrira à l'écran et s'enregistrera aussi dans le dossier SDFix sous le nom Report.txt.


• Enfin, copie/colle le contenu du fichier Report.txt dans ta prochaine réponse sur le forum, avec un nouveau rapport Hijackthis !

•NOTE:Si SDFix ne se lance pas
Clique sur=> Démarrer => Exécuter
Copie/colle ceci :
%systemroot%\system32\cmd.exe /K %systemdrive%\SDFix\apps\FixPath.exe

Clique sur Ok.

Redémarre et essaie de relance SDFix.

Si un rapport ne passe pas faire une alerte à la conciergerie avec le /!\ jaune.
0
Réponse 6 / 10
sherry60
24 déc. 2008 à 15:05
[b]System Report[/b]
*************

Run on 24/12/2008 at 14:43

Microsoft Windows XP [version 5.1.2600]

Current user is an administrator

[b]Running Processes[/b]:

\SystemRoot\System32\smss.exe [132]
\??\C:\WINDOWS\system32\csrss.exe [180]
\??\C:\WINDOWS\system32\winlogon.exe [204]
C:\WINDOWS\system32\services.exe [248]
C:\WINDOWS\system32\lsass.exe [260]
C:\WINDOWS\system32\svchost.exe [408]
C:\WINDOWS\system32\svchost.exe [472]
C:\WINDOWS\system32\svchost.exe [544]
C:\WINDOWS\Explorer.EXE [748]


[b]Drivers - Running[/b]:

ACPI
atapi
Beep
Cdfs
Cdrom
Disk
Fastfat
Fdc
Flpydisk
FltMgr
Ftdisk
i8042prt
Imapi
isapnp
Kbdclass
KSecDD
L8042Kbd
L8042mou
LMouKE
Mouclass
MountMgr
Msfs
mssmbios
Mup
NDIS
Npfs
Ntfs
Null
PartMgr
PCI
PxHelp20
redbook
sr
swenum
TermDD
Update
usbehci
usbhub
usbuhci
VgaSave
ViaIde
VolSnap


[b]Drivers - Stopped[/b]:

Abiosdsk
abp480n5
ACPIEC
adpu160m
aec
AFD
Aha154x
aic78u2
aic78xx
ALCXWDM
AliIde
AmdK7
amsint
asc
asc3350p
asc3550
ASCTRM
AsyncMac
Atdisk
Atmarpc
audstub
basic2
catchme
cbidf2k
cd20xrnt
Cdaudio
Changer
CmdIde
cmuda
Cpqarray
dac960nt
dmboot
dmio
dmload
DMusic
dpti2o
drmkaud
Fallback
Fips
Fsks
Gpc
hpn
hpt3xx
HSFHWBS2
HSF_DP
HSF_DPV
hsf_msft
HTTP
i2omgmt
i2omp
ini910u
IntelIde
ip6fw
IpFilterDriver
IpInIp
IpNat
IPSec
IRENUM
K56
KLIF
kmixer
lbrtfdc
mdmxsdk
mnmdd
Modem
mraid35x
MRxDAV
MRxSmb
MSKSSRV
MSPCLOCK
MSPQM
NdisTapi
Ndisuio
NdisWan
NDProxy
NetBIOS
NetBT
nv
NwlnkFlt
NwlnkFwd
Parport
ParVdm
PCIDump
PCIIde
Pcmcia
pcouffin
PDCOMP
PDFRAME
pdiddcci
PdiPorts
PDRELI
PDRFRAME
perc2
perc2hib
Pivot
pivotmou
PptpMiniport
Processor
PSched
Ptilink
ql1080
Ql10wnt
ql12160
ql1240
ql1280
RasAcd
Rasl2tp
RasPppoe
Raspti
Rdbss
RDPCDD
RDPWD
Rksample
rtl8139
Secdrv
serenum
Serial
Sfloppy
Simbad
SoftFax
Sparrow
splitter
srescan
Srv
ss_bus
ss_mdfl
ss_mdm
StarOpen
swmidi
symc810
symc8xx
sym_hi
sym_u3
sysaudio
Tcpip
TDPIPE
TDTCP
Tones
TosIde
Udfs
ultra
usbccgp
usbprint
usbscan
USBSTOR
V124
vsdatant
Wanarp
wanatw
WDICA
wdmaud
winachsf
WS2IFSL
WudfPf
WudfRd


[b]Services - Running[/b]:

CryptSvc
DcomLaunch
Eventlog
helpsvc
PlugPlay
RpcSs
srservice
winmgmt


[b]Services - Stopped[/b]:

ACDaemon
Alerter
ALG
AOL
AppMgmt
aspnet_state
AudioSrv
BITS
Browser
cisvc
ClipSrv
clr_optimization_v2.0.50727_32
COMSysApp
Dhcp
dmadmin
dmserver
Dnscache
Dot3svc
DTSRVC
EapHost
EpsonBidirectionalService
EPSONStatusAgent2
ERSvc
EventSystem
FastUserSwitchingCompatibility
getPlus(R)
HidServ
hkmsvc
HTTPFilter
ImapiService
JavaQuickStarterService
KodakCCS
lanmanserver
lanmanworkstation
LmHosts
Messenger
mnmsrvc
MSDTC
MSIServer
napagent
NetDDE
NetDDEdsdm
Netlogon
Netman
Nla
NtLmSsp
NtmsSvc
NVSvc
PdiService
PolicyAgent
ProtectedStorage
RasAuto
RasMan
RDSessMgr
RemoteAccess
RpcLocator
RSVP
SamSs
SCardSvr
Schedule
seclogon
SENS
SharedAccess
ShellHWDetection
Spooler
SSDPSRV
stisvc
SwPrv
SysmonLog
TapiSrv
TermService
Themes
TrkWks
upnphost
UPS
usnjsvc
vsmon
VSS
W32Time
WebClient
WLSetupSvc
WmdmPmSN
WmiApSrv
WMPNetworkSvc
wscsvc
wuauserv
WudfSvc
WZCSVC
xmlprov


[b]Files Created/Modified - 60 Days[/b]:


C:\

6 Nov 2008 12:58:24 0 A.... "C:\AUTOEXEC.BAT"
6 Nov 2008 12:58:24 0 A.... "C:\CONFIG.SYS"
6 Nov 2008 12:58:24 0 A.SHR "C:\IO.SYS"
6 Nov 2008 12:58:24 0 A.SHR "C:\MSDOS.SYS"
6 Nov 2008 13:54:00 47 564 A.SHR "C:\NTDETECT.COM"
24 Dec 2008 14:40:02 1 207 959 552 A.SH. "C:\pagefile.sys"


C:\WINDOWS\

24 Dec 2008 14:40:20 2 048 A.S.. "C:\WINDOWS\bootstat.dat"
15 Nov 2008 15:18:20 127 034 ....R "C:\WINDOWS\bwUnin-8.1.1.50-8876480SL.exe"
6 Nov 2008 13:46:12 335 A.... "C:\WINDOWS\nsreg.dat"
6 Nov 2008 14:09:48 2 678 ..... "C:\WINDOWS\$NtServicePackUninstall$\17hvnnv5.dat"
6 Nov 2008 14:09:50 2 678 ..... "C:\WINDOWS\$NtServicePackUninstall$\5f3jtv1j.dat"
6 Nov 2008 14:09:48 2 678 ..... "C:\WINDOWS\$NtServicePackUninstall$\5zj7733j.dat"
6 Nov 2008 14:09:48 2 678 ..... "C:\WINDOWS\$NtServicePackUninstall$\f13hzvnp.dat"
6 Nov 2008 13:09:38 155 995 ..... "C:\WINDOWS\$NtServicePackUninstall$\f13tvxbx.zip"
6 Nov 2008 13:09:38 23 ..... "C:\WINDOWS\$NtServicePackUninstall$\u485b9vn.dat"
6 Nov 2008 13:09:38 2 232 ..... "C:\WINDOWS\$NtServicePackUninstall$\x3dvf757.dat"
6 Nov 2008 14:09:48 2 678 ..... "C:\WINDOWS\$NtServicePackUninstall$\zzjrt7bd.dat"
1 Dec 2008 12:54:00 921 600 A.... "C:\WINDOWS\Downloaded Program Files\InstallerControl.dll"
20 Nov 2008 19:41:52 38 428 A.... "C:\WINDOWS\Downloaded Program Files\unagiuninst.exe"
13 Nov 2008 20:54:02 2 341 376 A.... "C:\WINDOWS\Internet Logs\xDB1.tmp"
15 Nov 2008 15:40:30 2 386 432 A.... "C:\WINDOWS\Internet Logs\xDB2.tmp"
21 Nov 2008 21:56:56 1 288 192 A.... "C:\WINDOWS\Internet Logs\xDB3.tmp"
6 Nov 2008 12:58:50 237 568 A..H. "C:\WINDOWS\repair\ntuser.dat"
13 Nov 2008 19:26:06 917 504 A.... "C:\WINDOWS\system\cmids3d.dll"
13 Nov 2008 19:26:08 1 458 176 A.... "C:\WINDOWS\system\SmWizard.exe"
13 Nov 2008 19:26:06 712 704 A.... "C:\WINDOWS\system32\a3d.dll"
13 Nov 2008 19:26:06 712 704 A.... "C:\WINDOWS\system32\Audio3D.dll"
13 Nov 2008 19:26:06 28 672 A.... "C:\WINDOWS\system32\cmirmdrv.dll"
13 Nov 2008 19:26:08 233 472 A.... "C:\WINDOWS\system32\cmirmdrv.exe"
13 Nov 2008 19:26:08 151 552 A.... "C:\WINDOWS\system32\cmuda.dll"
23 Dec 2008 21:01:52 126 464 A.... "C:\WINDOWS\system32\cxpzid.dll"
6 Nov 2008 21:37:40 410 976 A.... "C:\WINDOWS\system32\deploytk.dll"
6 Nov 2008 12:55:26 21 892 A.... "C:\WINDOWS\system32\emptyregdb.dat"
2 Dec 2008 7:25:52 132 480 A.... "C:\WINDOWS\system32\FNTCACHE.DAT"
23 Dec 2008 21:01:52 126 464 A.... "C:\WINDOWS\system32\gbqmjmnk.dll"
6 Nov 2008 21:37:42 144 792 A.... "C:\WINDOWS\system32\java.exe"
6 Nov 2008 21:37:42 144 792 A.... "C:\WINDOWS\system32\javaw.exe"
6 Nov 2008 21:37:42 148 888 A.... "C:\WINDOWS\system32\javaws.exe"
10 Dec 2008 0:24:38 17 593 280 A.... "C:\WINDOWS\system32\MRT.exe"
13 Dec 2008 7:37:56 3 593 216 A.... "C:\WINDOWS\system32\mshtml.dll"
22 Nov 2008 14:02:20 58 596 A.... "C:\WINDOWS\system32\perfc009.dat"
22 Nov 2008 14:02:20 71 248 A.... "C:\WINDOWS\system32\perfc00C.dat"
22 Nov 2008 14:02:20 392 296 A.... "C:\WINDOWS\system32\perfh009.dat"
22 Nov 2008 14:02:20 458 230 A.... "C:\WINDOWS\system32\perfh00C.dat"
6 Nov 2008 14:12:18 278 528 A.... "C:\WINDOWS\system32\pncrt.dll"
6 Nov 2008 14:12:18 6 656 A.... "C:\WINDOWS\system32\pndx5016.dll"
6 Nov 2008 14:12:18 5 632 A.... "C:\WINDOWS\system32\pndx5032.dll"
19 Dec 2008 20:48:16 2 117 632 A.... "C:\WINDOWS\system32\python25.dll"
19 Dec 2008 20:48:16 339 968 A.... "C:\WINDOWS\system32\pythoncom25.dll"
19 Dec 2008 20:48:16 114 688 A.... "C:\WINDOWS\system32\pywintypes25.dll"
6 Nov 2008 14:12:18 157 696 A.... "C:\WINDOWS\system32\rmoc3260.dll"
13 Nov 2008 19:26:08 32 768 A.... "C:\WINDOWS\system32\udaprop.dll"
6 Nov 2008 19:06:10 1 353 016 A.... "C:\WINDOWS\system32\vete.dll"
13 Nov 2008 17:40:28 62 009 A.... "C:\WINDOWS\system32\wpfb_nv4_disp.dll"
23 Nov 2008 12:40:12 4 212 ...H. "C:\WINDOWS\system32\zllictbl.dat"
24 Dec 2008 14:39:14 6 A..H. "C:\WINDOWS\Tasks\SA.DAT"
24 Dec 2008 14:42:42 1 554 A.... "C:\WINDOWS\Temp\scs4.tmp"
23 Dec 2008 21:01:26 6 827 A.... "C:\WINDOWS\Temp\tmp7.exe"
23 Dec 2008 21:00:02 0 A.... "C:\WINDOWS\Temp\tmp7.tmp"
17 Dec 2008 8:55:22 256 A.... "C:\WINDOWS\Temp\ZLT0045c.TMP"
17 Dec 2008 8:55:22 256 A.... "C:\WINDOWS\Temp\ZLT00463.TMP"
18 Dec 2008 7:41:46 256 A.... "C:\WINDOWS\Temp\ZLT01a2a.TMP"
18 Dec 2008 7:41:46 256 A.... "C:\WINDOWS\Temp\ZLT01a2d.TMP"
22 Dec 2008 10:56:58 256 A.... "C:\WINDOWS\Temp\ZLT01b18.TMP"
24 Dec 2008 14:15:06 0 A.... "C:\WINDOWS\Temp\ZLT01c08.TMP"
24 Dec 2008 14:15:08 256 A.... "C:\WINDOWS\Temp\ZLT01c0f.TMP"
24 Dec 2008 11:50:32 256 A.... "C:\WINDOWS\Temp\ZLT02d5f.TMP"
24 Dec 2008 11:50:32 256 A.... "C:\WINDOWS\Temp\ZLT02d62.TMP"
23 Dec 2008 8:05:06 256 A.... "C:\WINDOWS\Temp\ZLT032b3.TMP"
23 Dec 2008 8:05:06 256 A.... "C:\WINDOWS\Temp\ZLT032b6.TMP"
20 Dec 2008 7:59:50 256 A.... "C:\WINDOWS\Temp\ZLT04445.TMP"
20 Dec 2008 7:59:50 256 A.... "C:\WINDOWS\Temp\ZLT04448.TMP"
23 Dec 2008 22:26:00 256 A.... "C:\WINDOWS\Temp\ZLT0459e.TMP"
23 Dec 2008 22:26:02 256 A.... "C:\WINDOWS\Temp\ZLT045a2.TMP"
24 Dec 2008 9:38:54 256 A.... "C:\WINDOWS\Temp\ZLT048a3.TMP"
21 Dec 2008 14:47:14 256 A.... "C:\WINDOWS\Temp\ZLT04a37.TMP"
21 Dec 2008 14:47:14 256 A.... "C:\WINDOWS\Temp\ZLT04a3a.TMP"
24 Dec 2008 9:59:28 256 A.... "C:\WINDOWS\Temp\ZLT0585a.TMP"
24 Dec 2008 9:59:28 256 A.... "C:\WINDOWS\Temp\ZLT05861.TMP"
23 Dec 2008 22:52:46 256 A.... "C:\WINDOWS\Temp\ZLT05a1b.TMP"
23 Dec 2008 22:52:48 256 A.... "C:\WINDOWS\Temp\ZLT05a1e.TMP"
22 Dec 2008 10:39:18 256 A.... "C:\WINDOWS\Temp\ZLT05a96.TMP"
22 Dec 2008 10:39:18 256 A.... "C:\WINDOWS\Temp\ZLT05a99.TMP"
16 Dec 2008 9:47:20 256 A.... "C:\WINDOWS\Temp\ZLT05e07.TMP"
16 Dec 2008 9:47:22 256 A.... "C:\WINDOWS\Temp\ZLT05e0a.TMP"
19 Dec 2008 7:39:02 256 A.... "C:\WINDOWS\Temp\ZLT06637.TMP"
19 Dec 2008 7:39:02 256 A.... "C:\WINDOWS\Temp\ZLT0663b.TMP"
22 Dec 2008 10:56:58 256 A.... "C:\WINDOWS\Temp\ZLT0681f.TMP"
24 Dec 2008 9:38:54 256 A.... "C:\WINDOWS\Temp\ZLT06b28.TMP"
18 Dec 2008 12:35:02 256 A.... "C:\WINDOWS\Temp\ZLT07aa5.TMP"
18 Dec 2008 12:35:04 256 A.... "C:\WINDOWS\Temp\ZLT07aa9.TMP"
24 Dec 2008 10:46:50 256 A.... "C:\WINDOWS\Temp\ZLT07ca1.TMP"
24 Dec 2008 10:46:52 256 A.... "C:\WINDOWS\Temp\ZLT07ca8.TMP"
24 Oct 2008 12:21:10 455 296 ..... "C:\WINDOWS\Driver Cache\i386\mrxsmb.sys"
6 Nov 2008 13:09:38 155 995 A.... "C:\WINDOWS\java\Packages\F13TVXBX.ZIP"
13 Nov 2008 19:26:06 712 704 A.... "C:\WINDOWS\system32\dllcache\a3d.dll"
24 Oct 2008 12:21:10 455 296 ..... "C:\WINDOWS\system32\dllcache\mrxsmb.sys"
13 Dec 2008 7:37:56 3 593 216 ..... "C:\WINDOWS\system32\dllcache\mshtml.dll"
6 Nov 2008 14:12:22 8 552 A.... "C:\WINDOWS\system32\drivers\asctrm.sys"
13 Nov 2008 19:26:08 818 496 A.... "C:\WINDOWS\system32\drivers\cmuda.sys"
24 Dec 2008 14:39:28 7 537 184 A.SH. "C:\WINDOWS\system32\drivers\fidbox.dat"
3 Dec 2008 19:52:34 15 504 A.... "C:\WINDOWS\system32\drivers\mbam.sys"
3 Dec 2008 19:52:38 38 496 A.... "C:\WINDOWS\system32\drivers\mbamswissarmy.sys"
24 Oct 2008 12:21:10 455 296 A.... "C:\WINDOWS\system32\drivers\mrxsmb.sys"
1 Dec 2008 14:10:34 47 360 A.... "C:\WINDOWS\system32\drivers\pcouffin.sys"
24 Nov 2008 14:03:00 5 632 A.... "C:\WINDOWS\system32\drivers\StarOpen.sys"
6 Nov 2008 20:42:50 32 047 A.... "C:\WINDOWS\system32\oobe\updshell.htm"
6 Nov 2008 19:06:14 445 256 A.... "C:\WINDOWS\system32\ZoneLabs\arclib.dll"
14 Nov 2008 8:04:22 714 208 A.... "C:\WINDOWS\system32\ZoneLabs\qrbase.dll"
14 Nov 2008 8:04:22 792 032 A.... "C:\WINDOWS\system32\ZoneLabs\qrsrecl.dll"
23 Dec 2008 22:09:56 10 535 173 A.... "C:\WINDOWS\system32\ZoneLabs\spyware.dat"
14 Nov 2008 8:04:26 9 900 691 A.... "C:\WINDOWS\system32\ZoneLabs\spyware0.dat"
14 Nov 2008 8:04:22 1 504 736 A.... "C:\WINDOWS\system32\ZoneLabs\srescan.dll"
14 Nov 2008 8:04:22 51 176 A.... "C:\WINDOWS\system32\ZoneLabs\srescan.sys"
24 Dec 2008 10:52:48 467 968 A.... "C:\WINDOWS\system32\ZoneLabs\zlqrtdb.dat"
12 Dec 2008 17:10:12 1 233 920 A.... "C:\WINDOWS\WinSxS\x86_Microsoft.MSXML2_6bd6b9abf345378f_4.20.9818.0_x-ww_8ff50c5d\msxml4.dll"
22 Nov 2008 13:58:22 258 048 A.... "C:\WINDOWS\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.dll"
22 Nov 2008 13:58:22 114 176 A.... "C:\WINDOWS\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.Wrapper.dll"
12 Dec 2008 17:10:12 82 432 A.... "C:\WINDOWS\WinSxS\x86_Microsoft.MSXML2R_6bd6b9abf345378f_4.1.0.0_x-ww_29c3ad6a\msxml4r.dll"
6 Nov 2008 14:09:48 2 678 A.... "C:\WINDOWS\java\Packages\Data\17HVNNV5.DAT"
6 Nov 2008 14:09:50 2 678 A.... "C:\WINDOWS\java\Packages\Data\5F3JTV1J.DAT"
6 Nov 2008 14:09:48 2 678 A.... "C:\WINDOWS\java\Packages\Data\5ZJ7733J.DAT"
6 Nov 2008 14:09:48 2 678 A.... "C:\WINDOWS\java\Packages\Data\F13HZVNP.DAT"
6 Nov 2008 13:09:38 23 A.... "C:\WINDOWS\java\Packages\Data\U485B9VN.DAT"
6 Nov 2008 13:09:38 2 232 A.... "C:\WINDOWS\java\Packages\Data\X3DVF757.DAT"
6 Nov 2008 14:09:48 2 678 A.... "C:\WINDOWS\java\Packages\Data\ZZJRT7BD.DAT"
6 Nov 2008 20:34:00 76 487 A.... "C:\WINDOWS\PCHEALTH\HELPCTR\OfflineCache\index.dat"
7 Nov 2008 18:55:10 89 102 A.... "C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe"
6 Nov 2008 20:42:50 5 723 A.... "C:\WINDOWS\system32\oobe\setup\autoupdt.htm"
6 Nov 2008 20:42:50 15 646 A.... "C:\WINDOWS\system32\oobe\setup\au_plcy.htm"
6 Nov 2008 12:57:50 714 A.... "C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Microsoft Corporation,L=Redmond,S=Washington,C=US\Connection.htm"
6 Nov 2008 12:57:50 2 915 A.... "C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Microsoft Corporation,L=Redmond,S=Washington,C=US\OfflineOptions.htm"
6 Nov 2008 12:57:50 13 525 A.... "C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Microsoft Corporation,L=Redmond,S=Washington,C=US\OfflineDC.htm"
6 Nov 2008 12:57:50 30 494 A.... "C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Microsoft Corporation,L=Redmond,S=Washington,C=US\pss_getting_worldwide_help.htm"
24 Dec 2008 14:39:20 603 020 A.... "C:\WINDOWS\system32\ZoneLabs\avsys\bases\sfdb.dat"
6 Nov 2008 12:57:48 2 911 A.... "C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Microsoft Corporation,L=Redmond,S=Washington,C=US\Remote Assistance\confirm.htm"
6 Nov 2008 20:32:10 16 302 A.... "C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Microsoft Corporation,L=Redmond,S=Washington,C=US\Remote Assistance\rcstatus.htm"
6 Nov 2008 20:32:10 5 691 A.... "C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Microsoft Corporation,L=Redmond,S=Washington,C=US\Remote Assistance\Common\ConnIssue.htm"
6 Nov 2008 12:57:48 1 678 A.... "C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Microsoft Corporation,L=Redmond,S=Washington,C=US\Remote Assistance\Common\LearnInternet.htm"
6 Nov 2008 12:57:48 2 335 A.... "C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Microsoft Corporation,L=Redmond,S=Washington,C=US\Remote Assistance\Common\RAHelp.htm"
6 Nov 2008 20:32:10 3 151 A.... "C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Microsoft Corporation,L=Redmond,S=Washington,C=US\Remote Assistance\Common\RCMoreInfo.htm"
6 Nov 2008 12:57:48 3 394 A.... "C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Microsoft Corporation,L=Redmond,S=Washington,C=US\Remote Assistance\Escalation\Common\rcConnection.htm"
6 Nov 2008 12:57:48 2 637 A.... "C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Microsoft Corporation,L=Redmond,S=Washington,C=US\Remote Assistance\Escalation\Common\rcscreen1.htm"
6 Nov 2008 12:57:48 4 555 A.... "C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Microsoft Corporation,L=Redmond,S=Washington,C=US\Remote Assistance\Escalation\Common\rcscreen2.htm"
6 Nov 2008 12:57:48 321 A.... "C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Microsoft Corporation,L=Redmond,S=Washington,C=US\Remote Assistance\Escalation\Common\rcscreen3.htm"
6 Nov 2008 20:32:10 3 623 A.... "C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Microsoft Corporation,L=Redmond,S=Washington,C=US\Remote Assistance\Escalation\Email\escalationhelp.htm"
6 Nov 2008 12:57:48 4 864 A.... "C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Microsoft Corporation,L=Redmond,S=Washington,C=US\Remote Assistance\Escalation\Email\rcDetails.htm"
6 Nov 2008 20:32:10 8 188 A.... "C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Microsoft Corporation,L=Redmond,S=Washington,C=US\Remote Assistance\Escalation\Email\rcscreen7.htm"
6 Nov 2008 12:57:48 7 798 A.... "C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Microsoft Corporation,L=Redmond,S=Washington,C=US\Remote Assistance\Escalation\Email\rcscreen8.htm"
6 Nov 2008 12:57:48 8 553 A.... "C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Microsoft Corporation,L=Redmond,S=Washington,C=US\Remote Assistance\Escalation\Email\rcscreen9.htm"
6 Nov 2008 12:57:48 5 351 A.... "C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Microsoft Corporation,L=Redmond,S=Washington,C=US\Remote Assistance\Escalation\Email\rcInviteStatus.htm"
6 Nov 2008 12:57:48 4 404 A.... "C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Microsoft Corporation,L=Redmond,S=Washington,C=US\Remote Assistance\Escalation\Email\rcscreen4.htm"
6 Nov 2008 12:57:48 15 107 A.... "C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Microsoft Corporation,L=Redmond,S=Washington,C=US\Remote Assistance\Escalation\Email\rcscreen5.htm"
6 Nov 2008 20:32:10 30 864 A.... "C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Microsoft Corporation,L=Redmond,S=Washington,C=US\Remote Assistance\Escalation\Email\rcscreen6.htm"
6 Nov 2008 12:57:48 1 298 A.... "C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Microsoft Corporation,L=Redmond,S=Washington,C=US\Remote Assistance\Escalation\Email\rcscreen6_head.htm"
6 Nov 2008 20:32:10 3 311 A.... "C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Microsoft Corporation,L=Redmond,S=Washington,C=US\Remote Assistance\Escalation\Email\ShieldsUpMsg.htm"
6 Nov 2008 12:57:48 13 777 A.... "C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Microsoft Corporation,L=Redmond,S=Washington,C=US\Remote Assistance\Escalation\Unsolicited\UnSolicitedRCUI.htm"


C:\Program Files\

20 Nov 2008 19:42:32 228 704 A.... "C:\Program Files\AIM6\migrator.exe"
20 Nov 2008 19:42:32 35 888 A.... "C:\Program Files\AIM6\rbm.exe"
20 Nov 2008 19:41:54 94 021 A.... "C:\Program Files\AIM6\uninst.exe"
20 Nov 2008 19:41:16 119 950 A.... "C:\Program Files\AIM6\uninstall.exe"
6 Nov 2008 14:14:12 8 154 A.... "C:\Program Files\AOL 9.0\Xpcs Registry.dat"
1 Dec 2008 13:59:00 3 069 A.... "C:\Program Files\DVD Shrink\unins000.dat"
3 Dec 2008 19:52:32 380 048 A.... "C:\Program Files\Malwarebytes' Anti-Malware\mbam-dor.exe"
3 Dec 2008 19:52:32 73 360 A.... "C:\Program Files\Malwarebytes' Anti-Malware\mbam.dll"
3 Dec 2008 19:52:32 1 265 296 A.... "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe"
3 Dec 2008 19:52:34 73 360 A.... "C:\Program Files\Malwarebytes' Anti-Malware\mbamext.dll"
3 Dec 2008 19:52:34 399 504 A.... "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe"
3 Dec 2008 19:52:34 170 640 A.... "C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe"
3 Dec 2008 19:52:36 44 688 A.... "C:\Program Files\Malwarebytes' Anti-Malware\ssubtmr6.dll"
24 Dec 2008 12:18:58 8 704 A.... "C:\Program Files\Malwarebytes' Anti-Malware\unins000.dat"
24 Dec 2008 12:18:32 688 784 A.... "C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
3 Dec 2008 19:52:36 77 968 A.... "C:\Program Files\Malwarebytes' Anti-Malware\zlib.dll"
1 Dec 2008 11:58:20 35 986 A.... "C:\Program Files\PhotoFiltre\Uninst.exe"
8 Nov 2008 14:55:36 4 100 096 A.... "C:\Program Files\Quickpartitions\npsibelius.dll"
12 Dec 2008 17:14:26 13 381 632 A.... "C:\Program Files\Adobe\Photoshop Elements\PhotoshopElements.exe"
19 Dec 2008 20:48:18 43 520 A.... "C:\Program Files\AGI\common\agcutils.dll"
19 Dec 2008 20:47:56 148 800 A.... "C:\Program Files\AGI\common\bootstrapper.exe"
11 Dec 2008 14:48:50 128 966 A.... "C:\Program Files\AGI\common\common.zip"
19 Dec 2008 20:48:06 24 064 A.... "C:\Program Files\AGI\Python25\python.exe"
19 Dec 2008 20:48:06 24 576 A.... "C:\Program Files\AGI\Python25\pythonw.exe"
22 Nov 2008 14:34:26 208 A.... "C:\Program Files\ArcSoft\Print Creations\active.dat"
22 Nov 2008 14:34:22 144 A.... "C:\Program Files\ArcSoft\Print Creations\guid.dat"
22 Nov 2008 14:34:26 70 A.... "C:\Program Files\ArcSoft\Print Creations\tic.dat"
13 Nov 2008 19:26:06 712 704 A.... "C:\Program Files\C-Media\WIN_ME\AUDIO3D.DLL"
13 Nov 2008 19:26:08 3 456 A.... "C:\Program Files\C-Media\WIN_ME\CMIAINFO.SYS"
13 Nov 2008 19:26:06 917 504 A.... "C:\Program Files\C-Media\WIN_ME\CMIDS3D.DLL"
13 Nov 2008 19:26:06 28 672 A.... "C:\Program Files\C-Media\WIN_ME\CMIRMDRV.DLL"
13 Nov 2008 19:26:08 233 472 A.... "C:\Program Files\C-Media\WIN_ME\CMIRMDRV.EXE"
13 Nov 2008 19:26:08 151 552 A.... "C:\Program Files\C-Media\WIN_ME\CMUDA.DLL"
13 Nov 2008 19:26:08 818 496 A.... "C:\Program Files\C-Media\WIN_ME\CMUDA.SYS"
13 Nov 2008 19:26:08 1 347 584 A.... "C:\Program Files\C-Media\WIN_ME\MESetup.dat"
13 Nov 2008 19:26:08 868 352 A.... "C:\Program Files\C-Media\WIN_ME\Setup.exe"
13 Nov 2008 19:26:08 1 458 176 A.... "C:\Program Files\C-Media\WIN_ME\SmWizard.exe"
13 Nov 2008 19:26:08 32 768 A.... "C:\Program Files\C-Media\WIN_ME\UDAPROP.DLL"
13 Nov 2008 19:26:08 1 286 144 A.... "C:\Program Files\C-Media\WIN_ME\W2KSetup.dat"
27 Nov 2008 18:30:18 16 A.... "C:\Program Files\eMule\Config\AC_SearchStrings.dat"
22 Nov 2008 20:43:06 365 A.... "C:\Program Files\eMule\Config\cryptkey.dat"
22 Nov 2008 20:42:38 206 A.... "C:\Program Files\eMule\Config\filter.dat"
27 Nov 2008 18:30:18 5 A.... "C:\Program Files\eMule\Config\partperm.dat"
27 Nov 2008 18:30:18 61 A.... "C:\Program Files\eMule\Config\preferences.dat"
27 Nov 2008 18:30:18 2 A.... "C:\Program Files\eMule\Config\shareddir.dat"
27 Nov 2008 18:30:18 2 A.... "C:\Program Files\eMule\Config\tempdir.dat"
27 Nov 2008 18:30:18 860 A.... "C:\Program Files\eMule\Config\traffic.dat"
27 Nov 2008 18:30:18 16 A.... "C:\Program Files\eMule\Config\userhash.dat"
23 Nov 2008 12:47:34 258 A.... "C:\Program Files\eMule\Temp\009.part.met.tmp"
6 Nov 2008 14:13:42 2 106 480 A.... "C:\Program Files\Fichiers communs\aolback\aolback.exe"
13 Nov 2008 17:40:04 121 064 A.... "C:\Program Files\InstallShield Installation Information\{0217E1D1-BCEF-4A61-AF6D-F7740F65A066}\setup.exe"
13 Nov 2008 17:15:22 368 640 A.... "C:\Program Files\InstallShield Installation Information\{0217E1D1-BCEF-4A61-AF6D-F7740F65A066}\_setup.dll"
13 Nov 2008 17:39:24 121 064 A.... "C:\Program Files\InstallShield Installation Information\{0DEA342C-15CB-4F52-97B6-06A9C4B9C06F}\setup.exe"
13 Nov 2008 17:16:00 159 744 A.... "C:\Program Files\InstallShield Installation Information\{0DEA342C-15CB-4F52-97B6-06A9C4B9C06F}\_setup.dll"
15 Nov 2008 15:18:02 380 928 A.... "C:\Program Files\InstallShield Installation Information\{900B1197-53F5-4F46-A882-2CFFFE2EEDCB}\_setup.dll"
13 Nov 2008 17:37:56 121 064 A.... "C:\Program Files\InstallShield Installation Information\{A586DC50-B18D-48FB-B7CC-A598200457C2}\setup.exe"
13 Nov 2008 17:14:24 368 640 A.... "C:\Program Files\InstallShield Installation Information\{A586DC50-B18D-48FB-B7CC-A598200457C2}\_setup.dll"
24 Nov 2008 13:21:28 119 016 A.... "C:\Program Files\InstallShield Installation Information\{C4A4722E-79F9-417C-BD72-8D359A090C97}\setup.exe"
24 Nov 2008 13:21:30 380 928 A.... "C:\Program Files\InstallShield Installation Information\{C4A4722E-79F9-417C-BD72-8D359A090C97}\_setup.dll"
22 Nov 2008 13:52:22 175 104 A.... "C:\Program Files\InstallShield Installation Information\{CAE8A0F1-B498-4C23-95FA-55047E730C8F}\Setup.exe"
24 Nov 2008 13:25:10 119 016 A.... "C:\Program Files\InstallShield Installation Information\{EBA29752-DDD2-4B62-B2E3-9841F92A3E3A}\setup.exe"
24 Nov 2008 13:25:12 380 928 A.... "C:\Program Files\InstallShield Installation Information\{EBA29752-DDD2-4B62-B2E3-9841F92A3E3A}\_setup.dll"
13 Nov 2008 20:49:26 368 640 A.... "C:\Program Files\InstallShield Installation Information\{FB08F381-6533-4108-B7DD-039E11FBC27E}\_setup.dll"
6 Nov 2008 14:13:22 106 496 A.... "C:\Program Files\Internet Explorer\PLUGINS\npqtplugin5.dll"
6 Nov 2008 14:13:22 106 496 A.... "C:\Program Files\Internet Explorer\PLUGINS\npqtplugin6.dll"
6 Nov 2008 14:13:22 106 496 A.... "C:\Program Files\Internet Explorer\PLUGINS\npqtplugin7.dll"
6 Nov 2008 14:13:22 106 496 A.... "C:\Program Files\Internet Explorer\PLUGINS\npqtplugin.dll"
6 Nov 2008 14:13:22 106 496 A.... "C:\Program Files\Internet Explorer\PLUGINS\npqtplugin2.dll"
6 Nov 2008 14:13:22 106 496 A.... "C:\Program Files\Internet Explorer\PLUGINS\npqtplugin3.dll"
6 Nov 2008 14:13:22 106 496 A.... "C:\Program Files\Internet Explorer\PLUGINS\npqtplugin4.dll"
6 Nov 2008 21:37:38 994 A.... "C:\Program Files\Java\jre6\Welcome.html"
12 Dec 2008 17:09:32 19 802 A.... "C:\Program Files\Kodak\Kodak EasyShare software\ReadMe.htm"
12 Dec 2008 17:09:50 9 679 A.... "C:\Program Files\Kodak\Kodak EasyShare software\ReadMeCamera.htm"
6 Nov 2008 19:36:26 95 035 A.... "C:\Program Files\Neuf\Kit\uninstall.exe"
6 Nov 2008 14:12:22 38 912 A.... "C:\Program Files\Real\RealPlayer\embedgui_fr.dll"
6 Nov 2008 14:12:20 32 482 A.... "C:\Program Files\Real\RealPlayer\playrlic.html"
6 Nov 2008 14:12:22 11 264 A.... "C:\Program Files\Real\RealPlayer\pngui_fr.dll"
6 Nov 2008 14:12:18 10 752 A.... "C:\Program Files\Real\RealPlayer\pnmi3260.dll"
6 Nov 2008 14:12:18 149 504 A.... "C:\Program Files\Real\RealPlayer\pset3260.dll"
6 Nov 2008 14:12:22 36 864 A.... "C:\Program Files\Real\RealPlayer\psethvy_fr.dll"
6 Nov 2008 14:12:18 20 432 A.... "C:\Program Files\Real\RealPlayer\Readme.html"
6 Nov 2008 14:12:18 26 112 A.... "C:\Program Files\Real\RealPlayer\realplay.exe"
6 Nov 2008 14:12:22 13 824 A.... "C:\Program Files\Real\RealPlayer\rnath_fr.dll"
6 Nov 2008 14:12:22 47 616 A.... "C:\Program Files\Real\RealPlayer\rnereg_fr.dll"
6 Nov 2008 14:12:18 146 432 A.... "C:\Program Files\Real\RealPlayer\rnms3260.dll"
6 Nov 2008 14:12:22 53 248 A.... "C:\Program Files\Real\RealPlayer\rnmsg_fr.dll"
6 Nov 2008 14:12:22 15 872 A.... "C:\Program Files\Real\RealPlayer\rnuneng_fr.dll"
6 Nov 2008 14:12:18 395 264 A.... "C:\Program Files\Real\RealPlayer\rpap3260.dll"
6 Nov 2008 14:12:22 68 096 A.... "C:\Program Files\Real\RealPlayer\rpapp_fr.dll"
6 Nov 2008 14:12:18 389 120 A.... "C:\Program Files\Real\RealPlayer\rpbasic.dll"
6 Nov 2008 14:12:22 51 712 A.... "C:\Program Files\Real\RealPlayer\rpclsvc_fr.dll"
6 Nov 2008 14:12:22 266 752 A.... "C:\Program Files\Real\RealPlayer\rpclutil_fr.dll"
6 Nov 2008 14:12:18 242 176 A.... "C:\Program Files\Real\RealPlayer\rpde3260.dll"
6 Nov 2008 14:12:22 36 864 A.... "C:\Program Files\Real\RealPlayer\rpdestpn_fr.dll"
6 Nov 2008 14:12:22 233 984 A.... "C:\Program Files\Real\RealPlayer\rpmnpane_fr.dll"
6 Nov 2008 14:12:22 265 216 A.... "C:\Program Files\Real\RealPlayer\rpplus_fr.dll"
6 Nov 2008 14:12:20 71 168 A.... "C:\Program Files\Real\RealPlayer\rprp3260.dll"
6 Nov 2008 14:12:18 12 800 A.... "C:\Program Files\Real\RealPlayer\rpshellsearch.dll"
6 Nov 2008 14:12:18 14 336 A.... "C:\Program Files\Real\RealPlayer\rpun3260.dll"
6 Nov 2008 14:12:22 59 392 A.... "C:\Program Files\Real\RealPlayer\rpupgrd_fr.dll"
6 Nov 2008 14:12:18 18 944 A.... "C:\Program Files\Real\RealPlayer\twebbrowse.dll"
6 Nov 2008 14:12:22 12 288 A.... "C:\Program Files\Real\RealPlayer\upgrdhlp_fr.dll"
24 Nov 2008 14:01:44 52 736 A.... "C:\Program Files\Samsung\Samsung PC Studio 3\BpmCount.dll"
24 Nov 2008 14:01:48 800 248 A.... "C:\Program Files\Samsung\Samsung PC Studio 3\CDDBControlSamsung.dll"
24 Nov 2008 14:01:50 595 448 A.... "C:\Program Files\Samsung\Samsung PC Studio 3\CddbMusicIDSamsung.dll"
24 Nov 2008 14:01:52 550 392 A.... "C:\Program Files\Samsung\Samsung PC Studio 3\CddbPlaylist2Samsung.dll"
24 Nov 2008 14:01:54 808 440 A.... "C:\Program Files\Samsung\Samsung PC Studio 3\CDDBUISamsung.dll"
24 Nov 2008 14:00:20 18 944 A.... "C:\Program Files\Samsung\Samsung PC Studio 3\CMLoader.dll"
24 Nov 2008 14:03:04 94 208 A.... "C:\Program Files\Samsung\Samsung PC Studio 3\ComnCtrl.dll"
24 Nov 2008 14:00:20 155 648 A.... "C:\Program Files\Samsung\Samsung PC Studio 3\ConMgr.exe"
24 Nov 2008 14:00:20 16 180 A.... "C:\Program Files\Samsung\Samsung PC Studio 3\conmgr.reg"
24 Nov 2008 14:00:20 110 592 A.... "C:\Program Files\Samsung\Samsung PC Studio 3\ConMgrC.dll"
24 Nov 2008 14:00:20 8 192 A.... "C:\Program Files\Samsung\Samsung PC Studio 3\ConMgrPS.dll"
24 Nov 2008 14:03:06 36 864 A.... "C:\Program Files\Samsung\Samsung PC Studio 3\ConMgrInterface.dll"
24 Nov 2008 14:00:22 200 704 A.... "C:\Program Files\Samsung\Samsung PC Studio 3\ConMgr_Setting.exe"
24 Nov 2008 14:00:22 839 680 A.... "C:\Program Files\Samsung\Samsung PC Studio 3\ConWiz.exe"
24 Nov 2008 14:03:08 43 008 A.... "C:\Program Files\Samsung\Samsung PC Studio 3\DataObject12.dll"
24 Nov 2008 14:03:18 86 016 A.... "C:\Program Files\Samsung\Samsung PC Studio 3\DrmCheck.dll"
24 Nov 2008 14:01:56 204 800 A.... "C:\Program Files\Samsung\Samsung PC Studio 3\DShowHelper.dll"
24 Nov 2008 14:03:08 159 744 A.... "C:\Program Files\Samsung\Samsung PC Studio 3\EmailManager.dll"
24 Nov 2008 14:02:04 262 144 A.... "C:\Program Files\Samsung\Samsung PC Studio 3\FBSoundEditor.dll"
24 Nov 2008 14:03:18 40 960 A.... "C:\Program Files\Samsung\Samsung PC Studio 3\FileManager.dll"
24 Nov 2008 14:02:06 45 056 A.... "C:\Program Files\Samsung\Samsung PC Studio 3\FRManager.dll"
24 Nov 2008 14:02:08 73 728 A.... "C:\Program Files\Samsung\Samsung PC Studio 3\FunBoxPlayerCtrl.dll"
24 Nov 2008 14:02:08 102 400 A.... "C:\Program Files\Samsung\Samsung PC Studio 3\FunBoxPlayerViewer.dll"
24 Nov 2008 14:03:20 38 912 A.... "C:\Program Files\Samsung\Samsung PC Studio 3\FunBoxDll.dll"
24 Nov 2008 14:02:12 143 360 A.... "C:\Program Files\Samsung\Samsung PC Studio 3\FunMp3Info.dll"
24 Nov 2008 14:02:12 12 800 A.... "C:\Program Files\Samsung\Samsung PC Studio 3\FunRegistry.exe"
24 Nov 2008 14:03:20 90 112 A.... "C:\Program Files\Samsung\Samsung PC Studio 3\FunToPC.exe"
24 Nov 2008 14:03:20 65 536 A.... "C:\Program Files\Samsung\Samsung PC Studio 3\FunToPhone.exe"
24 Nov 2008 14:02:18 3 566 434 A.... "C:\Program Files\Samsung\Samsung PC Studio 3\fun_avcodec.dll"
24 Nov 2008 14:02:18 42 108 A.... "C:\Program Files\Samsung\Samsung PC Studio 3\fun_avutil.dll"
24 Nov 2008 14:02:18 53 248 A.... "C:\Program Files\Samsung\Samsung PC Studio 3\fun_flv_enc.dll"
24 Nov 2008 14:02:20 237 568 A.... "C:\Program Files\Samsung\Samsung PC Studio 3\fun_id3tag.dll"
24 Nov 2008 14:02:20 77 824 A.... "C:\Program Files\Samsung\Samsung PC Studio 3\fun_mp4_dec.dll"
24 Nov 2008 14:02:22 684 032 A.... "C:\Program Files\Samsung\Samsung PC Studio 3\fun_mp4_enc.dll"
24 Nov 2008 14:00:22 176 628 A.... "C:\Program Files\Samsung\Samsung PC Studio 3\HSPIO.dll"
24 Nov 2008 14:02:22 290 816 A.... "C:\Program Files\Samsung\Samsung PC Studio 3\lame_enc.dll"
24 Nov 2008 14:01:24 614 400 A.... "C:\Program Files\Samsung\Samsung PC Studio 3\Launcher.exe"
24 Nov 2008 14:01:26 1 249 280 A.... "C:\Program Files\Samsung\Samsung PC Studio 3\LCRes.dll"
24 Nov 2008 14:03:08 131 072 A.... "C:\Program Files\Samsung\Samsung PC Studio 3\libsml.dll"
24 Nov 2008 13:26:42 376 832 A.... "C:\Program Files\Samsung\Samsung PC Studio 3\LiveUpdate.exe"
24 Nov 2008 13:26:42 376 832 A.... "C:\Program Files\Samsung\Samsung PC Studio 3\LiveUpdateReal.exe"
24 Nov 2008 14:02:28 1 998 848 A.... "C:\Program Files\Samsung\Samsung PC Studio 3\M5_EmuSmw5.dll"
24 Nov 2008 14:02:34 3 838 772 A.... "C:\Program Files\Samsung\Samsung PC Studio 3\MA_RES_NEW.dat"
24 Nov 2008 14:01:26 26 604 A.... "C:\Program Files\Samsung\Samsung PC Studio 3\MDPF.dat"
24 Nov 2008 14:03:20 86 016 A.... "C:\Program Files\Samsung\Samsung PC Studio 3\MediaCheck.dll"
24 Nov 2008 14:03:16 512 000 A.... "C:\Program Files\Samsung\Samsung PC Studio 3\MessageManager.exe"
24 Nov 2008 14:03:10 51 712 A.... "C:\Program Files\Samsung\Samsung PC Studio 3\MgrConfig.dll"
24 Nov 2008 14:03:10 27 648 A.... "C:\Program Files\Samsung\Samsung PC Studio 3\MgrLogFile.dll"
24 Nov 2008 14:03:12 77 824 A.... "C:\Program Files\Samsung\Samsung PC Studio 3\MimeParser.dll"
24 Nov 2008 14:01:30 831 488 A.... "C:\Program Files\Samsung\Samsung PC Studio 3\MLBMImg.dll"
24 Nov 2008 14:01:32 385 024 A.... "C:\Program Files\Samsung\Samsung PC Studio 3\MLDShow.dll"
24 Nov 2008 14:01:32 147 456 A.... "C:\Program Files\Samsung\Samsung PC Studio 3\MLMMObjCtrl.dll"
24 Nov 2008 14:01:32 167 936 A.... "C:\Program Files\Samsung\Samsung PC Studio 3\MLMMSMsg.dll"
24 Nov 2008 14:01:32 73 728 A.... "C:\Program Files\Samsung\Samsung PC Studio 3\MLSYAud.dll"
24 Nov 2008 14:01:32 73 728 A.... "C:\Program Files\Samsung\Samsung PC Studio 3\MLTXStr.dll"
24 Nov 2008 14:01:34 438 272 A.... "C:\Program Files\Samsung\Samsung PC Studio 3\MLUICtrl.dll"
24 Nov 2008 14:01:34 110 592 A.... "C:\Program Files\Samsung\Samsung PC Studio 3\MLXMLDoc.dll"
24 Nov 2008 14:03:16 516 096 A.... "C:\Program Files\Samsung\Samsung PC Studio 3\MM.exe"
24 Nov 2008 14:02:36 225 280 A.... "C:\Program Files\Samsung\Samsung PC Studio 3\mmdb_music_s1.dat"
24 Nov 2008 14:01:34 303 104 A.... "C:\Program Files\Samsung\Samsung PC Studio 3\MMSComm.dll"
24 Nov 2008 14:01:34 540 672 A.... "C:\Program Files\Samsung\Samsung PC Studio 3\MMSComposer.exe"
24 Nov 2008 14:01:36 647 168 A.... "C:\Program Files\Samsung\Samsung PC Studio 3\MMSConsole.dll"
24 Nov 2008 14:01:38 1 257 472 A.... "C:\Program Files\Samsung\Samsung PC Studio 3\MMSContBrowser.dll"
24 Nov 2008 14:01:38 229 376 A.... "C:\Program Files\Samsung\Samsung PC Studio 3\MMSData.dll"
24 Nov 2008 14:01:38 475 136 A.... "C:\Program Files\Samsung\Samsung PC Studio 3\MMSMediaPlayer.exe"
24 Nov 2008 14:01:38 176 128 A.... "C:\Program Files\Samsung\Samsung PC Studio 3\MMSMenuBar.dll"
24 Nov 2008 14:01:40 221 184 A.... "C:\Program Files\Samsung\Samsung PC Studio 3\MMSMessageBrowser.dll"
24 Nov 2008 14:01:42 1 376 256 A.... "C:\Program Files\Samsung\Samsung PC Studio 3\MMSPageEditor.dll"
24 Nov 2008 14:01:44 704 512 A.... "C:\Program Files\Samsung\Samsung PC Studio 3\MMSPhotoEditor.dll"
24 Nov 2008 14:03:12 29 696 A.... "C:\Program Files\Samsung\Samsung PC Studio 3\mobex.dll"
24 Nov 2008 14:00:22 266 240 A.... "C:\Program Files\Samsung\Samsung PC Studio 3\MObexDll.dll"
24 Nov 2008 14:00:20 10 060 A.... "C:\Program Files\Samsung\Samsung PC Studio 3\Model.reg"
24 Nov 2008 14:00:20 38 080 A.... "C:\Program Files\Samsung\Samsung PC Studio 3\Model12.reg"
24 Nov 2008 14:00:20 1 584 A.... "C:\Program Files\Samsung\Samsung PC Studio 3\MTP.reg"
24 Nov 2008 14:02:38 737 280 A.... "C:\Program Files\Samsung\Samsung PC Studio 3\Multimedia manager.exe"
24 Nov 2008 14:02:42 2 510 848 A.... "C:\Program Files\Samsung\Samsung PC Studio 3\Multimedia player.exe"
24 Nov 2008 14:03:00 155 648 A.... "C:\Program Files\Samsung\Samsung PC Studio 3\NetworkingWizard.exe"
24 Nov 2008 14:03:12 299 008 A.... "C:\Program Files\Samsung\Samsung PC Studio 3\OutlookManager.dll"
24 Nov 2008 14:03:14 1 085 440 A.... "C:\Program Files\Samsung\Samsung PC Studio 3\PC Sync.exe"
24 Nov 2008 14:03:18 192 512 A.... "C:\Program Files\Samsung\Samsung PC Studio 3\PE.exe"
24 Nov 2008 14:03:18 217 088 A.... "C:\Program Files\Samsung\Samsung PC Studio 3\PhoneEditor.exe"
24 Nov 2008 14:03:22 454 656 A.... "C:\Program Files\Samsung\Samsung PC Studio 3\PhoneExplorer.exe"
24 Nov 2008 14:00:14 647 168 A.... "C:\Program Files\Samsung\Samsung PC Studio 3\PMCtrl.dll"
24 Nov 2008 14:00:14 176 128 A.... "C:\Program Files\Samsung\Samsung PC Studio 3\PMFind.dll"
24 Nov 2008 14:00:14 385 024 A.... "C:\Program Files\Samsung\Samsung PC Studio 3\PMIE.dll"
24 Nov 2008 14:00:14 454 656 A.... "C:\Program Files\Samsung\Samsung PC Studio 3\PMLib.dll"
24 Nov 2008 14:00:14 184 320 A.... "C:\Program Files\Samsung\Samsung PC Studio 3\PMPrint.dll"
24 Nov 2008 14:00:16 1 490 944 A.... "C:\Program Files\Samsung\Samsung PC Studio 3\PMRes.dll"
24 Nov 2008 14:03:22 200 704 A.... "C:\Program Files\Samsung\Samsung PC Studio 3\ProfileManager.dll"
24 Nov 2008 14:00:16 196 608 A.... "C:\Program Files\Samsung\Samsung PC Studio 3\PSComn.dll"
24 Nov 2008 14:00:18 774 144 A.... "C:\Program Files\Samsung\Samsung PC Studio 3\PSCtrl.dll"
24 Nov 2008 14:00:18 180 224 A.... "C:\Program Files\Samsung\Samsung PC Studio 3\PSFind.dll"
24 Nov 2008 14:00:18 364 544 A.... "C:\Program Files\Samsung\Samsung PC Studio 3\PSIE.dll"
24 Nov 2008 14:00:18 212 992 A.... "C:\Program Files\Samsung\Samsung PC Studio 3\PSLib.dll"
24 Nov 2008 14:00:20 196 608 A.... "C:\Program Files\Samsung\Samsung PC Studio 3\PSPrint.dll"
24 Nov 2008 14:03:22 389 120 A.... "C:\Program Files\Samsung\Samsung PC Studio 3\PXCmd.dll"
24 Nov 2008 14:03:24 69 632 A.... "C:\Program Files\Samsung\Samsung PC Studio 3\PXCommon.dll"
24 Nov 2008 14:03:24 73 728 A.... "C:\Program Files\Samsung\Samsung PC Studio 3\PXControls.dll"
24 Nov 2008 14:03:24 225 280 A.... "C:\Program Files\Samsung\Samsung PC Studio 3\PXID3Tag.dll"
24 Nov 2008 14:03:24 827 392 A.... "C:\Program Files\Samsung\Samsung PC Studio 3\PXImage.dll"
24 Nov 2008 14:03:26 192 512 A.... "C:\Program Files\Samsung\Samsung PC Studio 3\PXRes.dll"
24 Nov 2008 14:03:26 212 992 A.... "C:\Program Files\Samsung\Samsung PC Studio 3\PXSecCommonDlg.dll"
24 Nov 2008 14:03:26 282 624 A.... "C:\Program Files\Samsung\Samsung PC Studio 3\PXViewCtrls.dll"
24 Nov 2008 14:03:54 950 272 A.... "C:\Program Files\Samsung\Samsung PC Studio 3\SecTheme.dll"
24 Nov 2008 14:03:26 77 824 A.... "C:\Program Files\Samsung\Samsung PC Studio 3\SecToPC.exe"
24 Nov 2008 14:03:26 38 912 A.... "C:\Program Files\Samsung\Samsung PC Studio 3\SecToPhone.exe"
24 Nov 2008 14:02:46 180 224 A.... "C:\Program Files\Samsung\Samsung PC Studio 3\Share_func.dll"
24 Nov 2008 14:02:52 225 280 A.... "C:\Program Files\Samsung\Samsung PC Studio 3\Share_podcast.dll"
24 Nov 2008 14:02:48 204 800 A.... "C:\Program Files\Samsung\Samsung PC Studio 3\Share_mconverter.dll"
24 Nov 2008 14:02:48 290 816 A.... "C:\Program Files\Samsung\Samsung PC Studio 3\Share_mmaker.dll"
24 Nov 2008 14:02:52 323 584 A.... "C:\Program Files\Samsung\Samsung PC Studio 3\Share_publish.dll"
24 Nov 2008 14:02:48 65 530 A.... "C:\Program Files\Samsung\Samsung PC Studio 3\Share_mconverter2.dat"
24 Nov 2008 14:02:50 827 242 A.... "C:\Program Files\Samsung\Samsung PC Studio 3\Share_mmaker2.dat"
24 Nov 2008 14:02:52 17 266 A.... "C:\Program Files\Samsung\Samsung PC Studio 3\Share_print.dat"
24 Nov 2008 14:02:46 135 168 A.... "C:\Program Files\Samsung\Samsung PC Studio 3\Share_db.dll"
24 Nov 2008 14:02:50 160 533 A.... "C:\Program Files\Samsung\Samsung PC Studio 3\Share_PE.dat"
24 Nov 2008 14:02:52 344 064 A.... "C:\Program Files\Samsung\Samsung PC Studio 3\Share_PE.dll"
24 Nov 2008 14:02:54 149 892 A.... "C:\Program Files\Samsung\Samsung PC Studio 3\Share_se.dat"
24 Nov 2008 14:02:52 92 104 A.... "C:\Program Files\Samsung\Samsung PC Studio 3\Share_Publish.dat"
24 Nov 2008 14:02:42 147 456 A.... "C:\Program Files\Samsung\Samsung PC Studio 3\Share_CDBurn.dll"
24 Nov 2008 14:02:54 154 518 A.... "C:\Program Files\Samsung\Samsung PC Studio 3\Share_Wallpaper.dat"
24 Nov 2008 14:02:50 22 016 A.... "C:\Program Files\Samsung\Samsung PC Studio 3\Share_PDF.dll"
24 Nov 2008 14:02:52 29 696 A.... "C:\Program Files\Samsung\Samsung PC Studio 3\Share_Phone.dll"
24 Nov 2008 14:02:56 1 179 648 A.... "C:\Program Files\Samsung\Samsung PC Studio 3\Share_WallPaper.dll"
24 Nov 2008 14:02:54 126 976 A.... "C:\Program Files\Samsung\Samsung PC Studio 3\Share_uBlog.dll"
24 Nov 2008 14:02:46 31 232 A.... "C:\Program Files\Samsung\Samsung PC Studio 3\Share_image.dll"
24 Nov 2008 14:02:48 212 992 A.... "C:\Program Files\Samsung\Samsung PC Studio 3\Share_meditor.dll"
24 Nov 2008 14:02:48 176 675 A.... "C:\Program Files\Samsung\Samsung PC Studio 3\Share_meditor2.dat"
24 Nov 2008 14:02:44 708 608 A.... "C:\Program Files\Samsung\Samsung PC Studio 3\Share_control.dll"
24 Nov 2008 14:02:50 217 088 A.... "C:\Program Files\Samsung\Samsung PC Studio 3\Share_music.dll"
24 Nov 2008 14:02:52 122 880 A.... "C:\Program Files\Samsung\Samsung PC Studio 3\Share_print.dll"
24 Nov 2008 14:02:50 425 984 A.... "C:\Program Files\Samsung\Samsung PC Studio 3\share_mtp.dll"
24 Nov 2008 14:02:58 2 367 488 A.... "C:\Program Files\Samsung\Samsung PC Studio 3\SMAFMMS5EMU.dll"
24 Nov 2008 14:03:14 479 232 A.... "C:\Program Files\Samsung\Samsung PC Studio 3\SMLParser.dll"
24 Nov 2008 14:03:00 552 960 A.... "C:\Program Files\Samsung\Samsung PC Studio 3\SoundImport.dll"
24 Nov 2008 14:00:20 206 A.... "C:\Program Files\Samsung\Samsung PC Studio 3\StarOpen.reg"
24 Nov 2008 14:03:00 5 632 A.... "C:\Program Files\Samsung\Samsung PC Studio 3\StarOpen.sys"
24 Nov 2008 14:03:14 212 992 A.... "C:\Program Files\Samsung\Samsung PC Studio 3\SyncEngine.dll"
24 Nov 2008 14:03:16 282 624 A.... "C:\Program Files\Samsung\Samsung PC Studio 3\SyncEngine12.dll"
24 Nov 2008 14:00:20 106 496 A.... "C:\Program Files\Samsung\Samsung PC Studio 3\Type.dll"
24 Nov 2008 14:00:20 94 208 A.... "C:\Program Files\Samsung\Samsung PC Studio 3\vObject.dll"
24 Nov 2008 14:03:56 2 371 584 A.... "C:\Program Files\Samsung\Samsung PC Studio 3\XTP9601LibL.dll"
24 Dec 2008 12:10:42 396 288 A.... "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe"
15 Nov 2008 15:18:52 93 421 A.... "C:\Program Files\Yahoo!\Common\unyt.exe"
19 Dec 2008 20:48:24 9 216 A.... "C:\Program Files\AGI\common\win32\perfmondata.dll"
19 Dec 2008 20:48:24 10 240 A.... "C:\Program Files\AGI\common\win32\pythonservice.exe"
19 Dec 2008 20:48:24 5 632 A.... "C:\Program Files\AGI\common\win32\win32popenWin9x.exe"
19 Dec 2008 20:48:28 4 193 A.... "C:\Program Files\AGI\common\win32com\readme.htm"
24 Dec 2008 9:44:50 75 462 A.... "C:\Program Files\AOL\Installers\ASP 2.0\alsetup.exe"
24 Dec 2008 9:44:50 5 632 A.... "C:\Program Files\AOL\Installers\ASP 2.0\aspchk.dll"
24 Dec 2008 9:44:50 412 328 A.... "C:\Program Files\AOL\Installers\ASP 2.0\ASPinst.exe"
24 Dec 2008 9:44:50 512 000 A.... "C:\Program Files\AOL\Installers\ASP 2.0\gui.dll"
24 Dec 2008 9:44:50 88 576 A.... "C:\Program Files\AOL\Installers\ASP 2.0\instph.dll"
24 Dec 2008 9:44:50 53 248 A.... "C:\Program Files\AOL\Installers\ASP 2.0\instsup.dll"
24 Dec 2008 9:44:50 550 641 A.... "C:\Program Files\AOL\Installers\ASP 2.0\muninst.exe"
24 Dec 2008 9:44:50 9 728 A.... "C:\Program Files\AOL\Installers\ASP 2.0\ocpchk.dll"
24 Dec 2008 9:44:54 7 418 429 A.... "C:\Program Files\AOL\Installers\ASP 2.0\ocpinst.exe"
24 Dec 2008 9:44:54 29 184 A.... "C:\Program Files\AOL\Installers\ASP 2.0\postproc.exe"
24 Dec 2008 9:44:54 77 824 A.... "C:\Program Files\AOL\Installers\ASP 2.0\ProgUpd.dll"
24 Dec 2008 9:44:54 173 136 A.... "C:\Program Files\AOL\Installers\ASP 2.0\setup.exe"
24 Dec 2008 9:44:54 6 144 A.... "C:\Program Files\AOL\Installers\ASP 2.0\tbinst.dll"
24 Dec 2008 9:44:54 222 000 A.... "C:\Program Files\AOL\Installers\ASP 2.0\tbsetup.exe"
6 Nov 2008 14:11:48 305 A.... "C:\Program Files\AOL 9.0\backup\restore\comp02.sys"
22 Nov 2008 17:57:22 92 536 A.... "C:\Program Files\Fichiers communs\Adobe\Updater6\AdobeUpdaterInstallMgr.exe"
22 Nov 2008 17:57:38 2 519 416 A.... "C:\Program Files\Fichiers communs\Adobe\Updater6\Adobe_Updater.exe"
20 Nov 2008 19:41:10 88 673 A.... "C:\Program Files\Fichiers communs\AOL\AOLDiag\tbunins.exe"
24 Dec 2008 9:43:26 62 053 A.... "C:\Program Files\Fichiers communs\AOL\Loader\alunins.exe"
6 Nov 2008 14:11:08 77 824 A.... "C:\Program Files\Fichiers communs\AOL\System Information\progupd.dll"
20 Nov 2008 8:50:36 305 664 A.... "C:\Program Files\Fichiers communs\ArcSoft\Bin\ArcAD.dll"
24 Nov 2008 18:59:28 358 912 A.... "C:\Program Files\Fichiers communs\ArcSoft\Bin\ArcCon.dll"
22 Nov 2008 14:33:50 1 664 A.... "C:\Program Files\Fichiers communs\ArcSoft\Media Browser\active.dat"
22 Nov 2008 14:33:50 148 A.... "C:\Program Files\Fichiers communs\ArcSoft\Media Browser\guid.dat"
6 Nov 2008 14:12:22 84 992 A.... "C:\Program Files\Fichiers communs\Real\Codecs\14_43260.dll"
6 Nov 2008 14:12:22 44 032 A.... "C:\Program Files\Fichiers communs\Real\Codecs\28_83260.dll"
6 Nov 2008 14:12:18 19 968 A.... "C:\Program Files\Fichiers communs\Real\Codecs\atrc3260.dll"
6 Nov 2008 14:12:18 49 664 A.... "C:\Program Files\Fichiers communs\Real\Codecs\cook3260.dll"
6 Nov 2008 14:12:18 36 864 A.... "C:\Program Files\Fichiers communs\Real\Codecs\ddnt3260.dll"
6 Nov 2008 14:12:18 20 992 A.... "C:\Program Files\Fichiers communs\Real\Codecs\dnet3260.dll"
6 Nov 2008 14:12:18 90 624 A.... "C:\Program Files\Fichiers communs\Real\Codecs\drv13260.dll"
6 Nov 2008 14:12:18 160 768 A.... "C:\Program Files\Fichiers communs\Real\Codecs\drv23260.dll"
6 Nov 2008 14:12:18 177 152 A.... "C:\Program Files\Fichiers communs\Real\Codecs\drv33260.dll"
6 Nov 2008 14:12:22 205 312 A.... "C:\Program Files\Fichiers communs\Real\Codecs\drv43260.dll"
6 Nov 2008 14:12:18 40 448 A.... "C:\Program Files\Fichiers communs\Real\Codecs\dspr3260.dll"
6 Nov 2008 14:12:18 525 824 A.... "C:\Program Files\Fichiers communs\Real\Codecs\rnco3260.dll"
6 Nov 2008 14:12:18 30 720 A.... "C:\Program Files\Fichiers communs\Real\Codecs\rv103260.dll"
6 Nov 2008 14:12:18 94 208 A.... "C:\Program Files\Fichiers communs\Real\Codecs\rv203260.dll"
6 Nov 2008 14:12:18 90 112 A.... "C:\Program Files\Fichiers communs\Real\Codecs\rv303260.dll"
6 Nov 2008 14:12:22 80 896 A.... "C:\Program Files\Fichiers communs\Real\Codecs\rv403260.dll"
6 Nov 2008 14:12:18 17 408 A.... "C:\Program Files\Fichiers communs\Real\Codecs\sipr3260.dll"
6 Nov 2008 14:12:18 49 152 A.... "C:\Program Files\Fichiers communs\Real\Codecs\tokr3260.dll"
6 Nov 2008 14:12:18 254 976 A.... "C:\Program Files\Fichiers communs\Real\Common\embd3260.dll"
6 Nov 2008 14:12:18 985 600 A.... "C:\Program Files\Fichiers communs\Real\Common\pnen3260.dll"
6 Nov 2008 14:12:18 387 072 A.... "C:\Program Files\Fichiers communs\Real\Common\pngu3266.dll"
6 Nov 2008 14:12:18 11 264 A.... "C:\Program Files\Fichiers communs\Real\Common\pnrs3260.dll"
6 Nov 2008 14:12:22 96 256 A.... "C:\Program Files\Fichiers communs\Real\Common\rjbviz.dll"
6 Nov 2008 14:12:22 18 432 A.... "C:\Program Files\Fichiers communs\Real\Common\rjbviz_fr.dll"
6 Nov 2008 14:12:18 141 824 A.... "C:\Program Files\Fichiers communs\Real\Common\rner3260.dll"
6 Nov 2008 14:12:18 247 808 A.... "C:\Program Files\Fichiers communs\Real\Common\rpcl3260.dll"
6 Nov 2008 14:12:18 551 936 A.... "C:\Program Files\Fichiers communs\Real\Common\rpmn3260.dll"
6 Nov 2008 14:12:18 10 752 A.... "C:\Program Files\Fichiers communs\Real\Common\rppr3260.dll"
6 Nov 2008 14:12:18 526 336 A.... "C:\Program Files\Fichiers communs\Real\Common\rput3260.dll"
6 Nov 2008 14:12:18 5 632 A.... "C:\Program Files\Fichiers communs\Real\Common\trdr3260.dll"
6 Nov 2008 14:12:20 64 000 A.... "C:\Program Files\Fichiers communs\Real\Plugins\audp3260.dll"
6 Nov 2008 14:12:16 30 720 A.... "C:\Program Files\Fichiers communs\Real\Plugins\auth3260.dll"
6 Nov 2008 14:12:16 25 088 A.... "C:\Program Files\Fichiers communs\Real\Plugins\basc3260.dll"
6 Nov 2008 14:12:20 105 472 A.... "C:\Program Files\Fichiers communs\Real\Plugins\Dbc_hbrf.dll"
6 Nov 2008 14:12:20 75 776 A.... "C:\Program Files\Fichiers communs\Real\Plugins\Dbc_hbrr.dll"
6 Nov 2008 14:12:16 121 344 A.... "C:\Program Files\Fichiers communs\Real\Plugins\http3260.dll"
6 Nov 2008 14:12:16 48 640 A.... "C:\Program Files\Fichiers communs\Real\Plugins\memf3260.dll"
6 Nov 2008 14:12:16 26 624 A.... "C:\Program Files\Fichiers communs\Real\Plugins\meta3260.dll"
6 Nov 2008 14:12:20 28 160 A.... "C:\Program Files\Fichiers communs\Real\Plugins\mp3f3260.dll"
6 Nov 2008 14:12:20 44 544 A.... "C:\Program Files\Fichiers communs\Real\Plugins\mp3m3260.dll"
6 Nov 2008 14:12:20 83 968 A.... "C:\Program Files\Fichiers communs\Real\Plugins\mp3r3260.dll"
6 Nov 2008 14:12:16 28 160 A.... "C:\Program Files\Fichiers communs\Real\Plugins\ntau3260.dll"
6 Nov 2008 14:12:16 28 160 A.... "C:\Program Files\Fichiers communs\Real\Plugins\plus3260.dll"
6 Nov 2008 14:12:18 36 864 A.... "C:\Program Files\Fichiers communs\Real\Plugins\pnxr3260.dll"
6 Nov 2008 14:12:20 82 432 A.... "C:\Program Files\Fichiers communs\Real\Plugins\ppff3260.dll"
6 Nov 2008 14:12:20 27 648 A.... "C:\Program Files\Fichiers communs\Real\Plugins\pxcg3260.dll"
6 Nov 2008 14:12:20 80 896 A.... "C:\Program Files\Fichiers communs\Real\Plugins\pxcj3260.dll"
6 Nov 2008 14:12:20 83 456 A.... "C:\Program Files\Fichiers communs\Real\Plugins\pxcp3260.dll"
6 Nov 2008 14:12:20 131 072 A.... "C:\Program Files\Fichiers communs\Real\Plugins\pxff3260.dll"
6 Nov 2008 14:12:20 45 568 A.... "C:\Program Files\Fichiers communs\Real\Plugins\pxgf3260.dll"
6 Nov 2008 14:12:20 55 808 A.... "C:\Program Files\Fichiers communs\Real\Plugins\pxgr3260.dll"
6 Nov 2008 14:12:20 38 912 A.... "C:\Program Files\Fichiers communs\Real\Plugins\pxjf3260.dll"
6 Nov 2008 14:12:20 93 696 A.... "C:\Program Files\Fichiers communs\Real\Plugins\pxjr3260.dll"
6 Nov 2008 14:12:20 39 936 A.... "C:\Program Files\Fichiers communs\Real\Plugins\pxpf3260.dll"
6 Nov 2008 14:12:20 84 480 A.... "C:\Program Files\Fichiers communs\Real\Plugins\pxpr3260.dll"
6 Nov 2008 14:12:20 90 112 A.... "C:\Program Files\Fichiers communs\Real\Plugins\pxre3260.dll"
6 Nov 2008 14:12:18 118 784 A.... "C:\Program Files\Fichiers communs\Real\Plugins\rare3260.dll"
6 Nov 2008 14:12:22 140 288 A.... "C:\Program Files\Fichiers communs\Real\Plugins\rmff3260.dll"
6 Nov 2008 14:12:18 28 160 A.... "C:\Program Files\Fichiers communs\Real\Plugins\rn5a3260.dll"
6 Nov 2008 14:12:20 93 184 A.... "C:\Program Files\Fichiers communs\Real\Plugins\rtff3260.dll"
6 Nov 2008 14:12:20 84 992 A.... "C:\Program Files\Fichiers communs\Real\Plugins\rtre3260.dll"
6 Nov 2008 14:12:18 9 728 A.... "C:\Program Files\Fichiers communs\Real\Plugins\rupf3260.dll"
6 Nov 2008 14:12:18 96 768 A.... "C:\Program Files\Fichiers communs\Real\Plugins\rupr3260.dll"
6 Nov 2008 14:12:18 126 976 A.... "C:\Program Files\Fichiers communs\Real\Plugins\rvre3260.dll"
0
Réponse 7 / 10
sherry60
24 déc. 2008 à 15:06
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:06:02, on 24/12/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Fichiers communs\AOL\1230108207\ee\AOLSoftware.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\WINDOWS\system32\ctfmon.exe
c:\program files\fichiers communs\aol\1230108207\ee\services\antiSpywareApp\ver2_0_28_1\AOLSP Scheduler.exe
C:\Program Files\Fichiers communs\EPSON\EBAPI\eEBSVC.exe
C:\Program Files\Fichiers communs\ArcSoft\Connection Service\Bin\ACService.exe
C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
c:\program files\fichiers communs\aol\1230108207\ee\aolsoftware.exe
C:\Program Files\Fichiers communs\Portrait Displays\Shared\dtsrvc.exe
C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Fichiers communs\Portrait Displays\Drivers\pdisrvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Zone Labs\ZoneAlarm\MailFrontier\mantispm.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.bing.com/?cc=fr&toHttps=1&redig=55729C844D6A45819CAD368B3E178C9F
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://neufportail.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [AOLSAV] C:\PROGRA~1\TECHCI~1\AOLSAV\AOLAgent.exe
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Fichiers communs\AOL\1230108207\ee\AOLSoftware.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: &Recherche AOL Toolbar - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: CabBuilder - http://kiw.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/...
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/...
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} - https://www.touslesdrivers.com/index.php?v_page=29
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://wwwimages.adobe.com/www.adobe.com/products/acrobat/nos/gp.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O20 - AppInit_DLLs: xzdwcq.dll
O20 - Winlogon Notify: rqRLbCSM - rqRLbCSM.dll (file missing)
O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files\Fichiers communs\ArcSoft\Connection Service\Bin\ACService.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
O23 - Service: Portrait Displays Display Tune Service (DTSRVC) - Unknown owner - C:\Program Files\Fichiers communs\Portrait Displays\Shared\dtsrvc.exe
O23 - Service: EpsonBidirectionalService - Unknown owner - C:\Program Files\Fichiers communs\EPSON\EBAPI\eEBSVC.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe
O23 - Service: getPlus(R) Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Unknown owner - C:\WINDOWS\system32\drivers\KodakCCS.exe (file missing)
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Portrait Displays SDK Service (PdiService) - Portrait Displays, Inc. - C:\Program Files\Fichiers communs\Portrait Displays\Drivers\pdisrvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
0
Réponse 8 / 10
Utilisateur anonyme
24 déc. 2008 à 15:08
Re,

▶ Installe - Télécharge SmitfraudFix (de de S!Ri, balltrap34 et moe31)

Option:1 => Recherche:

Double cliquer sur SmitfraudFix.exe

Sélectionner 1 et pressez =>Entrée dans le menu pour créer

▶ un rapport des fichiers responsables de l'infection. Le rapport se trouve à la racine du disque

système

C:\rapport.txt et colle le rapport génèrer sur le forum.

Ne pas faire l'option 2 sans un avis d'une personne compétente*<=


Tutoriel Smitfraudix

Si un rapport ne passe pas faire une alerte à la conciergerie avec le /!\ jaune.
0
Réponse 9 / 10
sherry60
24 déc. 2008 à 15:15
SmitFraudFix v2.387

Rapport fait à 15:12:46,95, 24/12/2008
Executé à partir de C:\Documents and Settings\greg\Bureau\SmitfraudFix
OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
Le type du système de fichiers est NTFS
Fix executé en mode normal

»»»»»»»»»»»»»»»»»»»»»»»» Process

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Fichiers communs\AOL\1230108207\ee\AOLSoftware.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\WINDOWS\system32\ctfmon.exe
c:\program files\fichiers communs\aol\1230108207\ee\services\antiSpywareApp\ver2_0_28_1\AOLSP Scheduler.exe
C:\Program Files\Fichiers communs\EPSON\EBAPI\eEBSVC.exe
C:\Program Files\Fichiers communs\ArcSoft\Connection Service\Bin\ACService.exe
C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
c:\program files\fichiers communs\aol\1230108207\ee\aolsoftware.exe
C:\Program Files\Fichiers communs\Portrait Displays\Shared\dtsrvc.exe
C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Fichiers communs\Portrait Displays\Drivers\pdisrvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Zone Labs\ZoneAlarm\MailFrontier\mantispm.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\WINDOWS\system32\cmd.exe

»»»»»»»»»»»»»»»»»»»»»»»» hosts


»»»»»»»»»»»»»»»»»»»»»»»» C:\


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\greg


»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\greg\LOCALS~1\Temp


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\greg\Application Data

C:\Documents and Settings\greg\Application Data\Skinux PRESENT !

»»»»»»»»»»»»»»»»»»»»»»»» Menu Démarrer


»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\greg\Favoris


»»»»»»»»»»»»»»»»»»»»»»»» Bureau


»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files


»»»»»»»»»»»»»»»»»»»»»»»» Clés corrompues


»»»»»»»»»»»»»»»»»»»»»»»» Eléments du bureau

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="Ma page d'accueil"


»»»»»»»»»»»»»»»»»»»»»»»» o4Patch
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

o4Patch
Credits: Malware Analysis & Diagnostic
Code: S!Ri



»»»»»»»»»»»»»»»»»»»»»»»» IEDFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri



»»»»»»»»»»»»»»»»»»»»»»»» Agent.OMZ.Fix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

Agent.OMZ.Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» VACFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» 404Fix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

404Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"="xzdwcq.dll"


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"Userinit"="C:\\WINDOWS\\system32\\userinit.exe,"
"System"=""


»»»»»»»»»»»»»»»»»»»»»»»» RK



»»»»»»»»»»»»»»»»»»»»»»»» DNS

Description: Carte réseau Fast Ethernet PCI Realtek RTL8139 Family - Miniport d'ordonnancement de paquets
DNS Server Search Order: 192.168.1.1

HKLM\SYSTEM\CCS\Services\Tcpip\..\{3DC73685-B043-41CA-A9F4-B8A8EAF2CC96}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS1\Services\Tcpip\..\{3DC73685-B043-41CA-A9F4-B8A8EAF2CC96}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS2\Services\Tcpip\..\{3DC73685-B043-41CA-A9F4-B8A8EAF2CC96}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1


»»»»»»»»»»»»»»»»»»»»»»»» Recherche infection wininet.dll


»»»»»»»»»»»»»»»»»»»»»»»» Fin
0
Réponse 10 / 10
Utilisateur anonyme
24 déc. 2008 à 15:17
Re,

2) Nettoyage:

Redemarrer l'ordinateur en mode sans échec:

Double cliquer sur smitfraudix:

▶ Sélectionner 2 et pressez Entrée dans le menu pour supprimer les fichiers responsables de l'infection.

▶ A la question: Voulez-vous nettoyer le registre ? répondre O (oui) et pressez Entrée afin de débloquer le fond d'écran et supprimer les clés de registre de l'infection:.

▶ Le fix déterminera si le fichier wininet.dll est infecté. A la question: Corriger le fichier infecté ? répondre O (oui) et pressez Entrée pour remplacer le fichier corrompu:.

▶ Un redemarrage sera peut être necessaire pour terminer la procedure de nettoyage. Le rapport se trouve à la racine du disque système C:\rapport.txt:

Option::

* Pour effacer la liste des sites de confiance et sensibles, sélectionner 3 et pressez Entrée dans le menu.

A la question: Réinitialiser la liste des sites de confiance et sensibles ? répondre O (oui) et pressez Entrée afin de restaurer les zones de confiances et sensibles:.

:FAUX POSITIF::

process.exe est détecté par certains antivirus (AntiVir, Dr.Web, Kaspersky Anti-Virus) comme étant un RiskTool. Il ne s'agit pas d'un virus, mais d'un utilitaire destiné à mettre fin à des processus. Mis entre de mauvaises mains, cet utilitaire pourrait arrêter des logiciels de sécurité (Antivirus, Firewall...) d'où l'alerte émise par ces antivirus.

Si un rapport ne passe pas faire une alerte à la conciergerie avec le /!\ jaune.
0

Discussions similaires

mise à jour boitier X96 mini
Brunoche -
Vico -

3 réponses
Table des matières dont les titres n'apparaissent pas..
Synua -
ggg -

10 réponses