Votre question

verification apres probleme iexplorer.exe [résolu]

Tags :
  • Sécurité
Dernière réponse : dans Sécurité et virus
29 Juillet 2008 15:32:56

Bonjour à tous,
J'avais un probleme avec iexplorer.exe. Est ce que vous pouvez analyser les logs HIJACKTHIS pour voir si c'est OK???
Merci de votre aide

les logs :
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:11:00, on 29/07/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\Ati2evxx.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
c:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\Network Associates\McAfee Desktop Firewall for Windows XP\FireSvc.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\vstskmgr.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\program files\lotus\notes\ntmulti.exe
C:\WINNT\system32\HPZipm12.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\TPHDEXLG.EXE
C:\WINNT\system32\TpKmpSVC.exe
C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
C:\Program Files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe
C:\WINNT\system32\Ati2evxx.exe
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Nokia\Nokia Software Launcher\NSLauncher.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINNT\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\lotus\organize\easyclip.exe
C:\Program Files\Yahoo!\Widgets\YahooWidgetEngine.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\PC Connectivity Solution\Transports\NclIrSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\Program Files\Internet Explorer\iehook.exe
C:\WINNT\system32\rundll32.exe
C:\WINNT\system32\taskmgr.exe
C:\Program Files\a-squared Anti-Malware\a2service.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINNT\explorer.exe
C:\Program Files\CCleaner\CCleaner.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by ABB
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [NSLauncher] C:\Program Files\Nokia\Nokia Software Launcher\NSLauncher.exe /startup
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [884d88f4] rundll32.exe "C:\WINNT\system32\ubflmqxy.dll",b
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINNT\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [Babylon Translator] C:\Program Files\Babylon\Babylon-Pro\Babylon.exe
O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe" -onlytray
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINNT\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] "C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" /NoDialog (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINNT\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Yahoo! Widget Engine.lnk = C:\Program Files\Yahoo!\Widgets\YahooWidgetEngine.exe
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Lotus Organizer EasyClip.lnk = ?
O4 - Global Startup: Lotus QuickStart.lnk = ?
O4 - Global Startup: VPN Client.lnk = ?
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Send To &Bluetooth - c:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Translate with &Babylon - res://C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/Translate.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O14 - IERESET.INF: START_PAGE_URL=http://inside.abb.com
O15 - Trusted Zone: http://*.mcafee.com
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie....
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Co...
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: a-squared Anti-Malware Service (a2AntiMalware) - Emsi Software GmbH - C:\Program Files\a-squared Anti-Malware\a2service.exe
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Ac Profile Manager Service (AcPrfMgrSvc) - Unknown owner - C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
O23 - Service: Access Connections Main Service (AcSvc) - Lenovo - C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINNT\system32\Ati2evxx.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - c:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: McAfee Desktop Firewall Service (FireSvc) - McAfee, Inc. - C:\Program Files\Network Associates\McAfee Desktop Firewall for Windows XP\FireSvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: ThinkPad PM Service (IBMPMSVC) - Unknown owner - C:\WINNT\system32\ibmpmsvc.exe
O23 - Service: Tivoli Endpoint (lcfd) - Unknown owner - C:\Tivoli\lcf\bin\w32-ix86\mrt\lcfd.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\vstskmgr.exe
O23 - Service: Multi-user Cleanup Service - IBM Corp - C:\program files\lotus\notes\ntmulti.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINNT\system32\HPZipm12.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: ThinkPad HDD APS Logging Service (TPHDEXLGSVC) - Lenovo. - C:\WINNT\System32\TPHDEXLG.EXE
O23 - Service: IBM KCU Service (TpKmpSVC) - Unknown owner - C:\WINNT\system32\TpKmpSVC.exe

--
End of file - 8899 bytes

Autres pages sur : verification probleme iexplorer exe resolu

29 Juillet 2008 15:45:48

Bonjour,

Apparemment Vundo.

Télécharge ComboFix (de sUBs) sur ton Bureau.

  • Désactive temporairement toute protection résidente ! (Antivirus, antispywares..)
  • Double clique sur ComboFix.exe.
  • Accepte la licence en cliquant sur Oui.
  • Lorsque l'opération sera terminée, un rapport apparaîtra. Poste ce rapport dans ta prochaine réponse.

    Le rapport se trouve ici : %systemdrive%\ComboFix.txt (%systemdrive% étant la partition où est installée Windows; C:\ en général)

    Aide : Comment utiliser ComboFix.
    30 Juillet 2008 17:02:54

    Bonjour,
    Voici le rapport conbofix. Au moment du scan, j'ai eu plusieurs fois le message suivant "The application or DLL c:\WINNT\System32\clbdll.dll i snot a valid windows image. Please check this against your installation diskette"

    Les logs:
    ComboFix 08-07-29.1 - A ELLOUGANI 2008-07-30 15:35:53.1 - NTFSx86
    Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.517 [GMT 0:00]
    Running from: C:\Documents and Settings\Administrator\Desktop\ComboFix.exe
    * Created a new restore point
    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\WINNT\system32\clbdll.dll
    C:\WINNT\system32\clbdll.old
    C:\WINNT\system32\clbinit.dll
    C:\WINNT\system32\drivers\clbdriver.sys
    C:\WINNT\system32\drivers\Winxf75.sys
    C:\WINNT\system32\ehilRXbc.ini
    C:\WINNT\system32\ehilRXbc.ini2
    C:\WINNT\system32\fijflgei.dll
    C:\WINNT\system32\jshfjhqr.ini
    C:\WINNT\system32\llalfeky.dll
    C:\WINNT\system32\mcrh.tmp
    C:\WINNT\system32\nnnlkHyv.dll
    C:\WINNT\system32\rwnekgkg.ini
    C:\WINNT\system32\smnqnmag.ini
    C:\WINNT\system32\urqOFuRl.dll
    C:\WINNT\system32\vav.cpl
    C:\WINNT\system32\WinCtrl32.dll
    C:\WINNT\system32\ydboxvoi.ini
    C:\WINNT\system32\yxqmlfbu.ini

    .
    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    -------\Legacy_CLBDRIVER
    -------\Legacy_WINXF75
    -------\Service_Winxf75


    ((((((((((((((((((((((((( Files Created from 2008-06-28 to 2008-07-30 )))))))))))))))))))))))))))))))
    .

    2008-07-30 15:50 . 2008-07-30 15:50 53,248 --a------ C:\temp\catchme.dll
    2008-07-30 14:23 . 2008-07-30 14:23 <DIR> d-------- C:\temp\72DF
    2008-07-30 14:13 . 2008-07-30 14:13 <DIR> d-------- C:\temp\6B62
    2008-07-30 13:52 . 2008-07-30 13:52 <DIR> d-------- C:\temp\BTN%Copy%1
    2008-07-30 11:44 . 2008-07-30 11:53 <DIR> d-------- C:\temp\hsperfdata_A ELLOUGANI
    2008-07-30 11:08 . 2008-07-30 11:08 99,456 --a------ C:\WINNT\system32\rqhjfhsj.dll
    2008-07-29 19:59 . 2008-07-29 19:59 <DIR> d-------- C:\temp\smkits
    2008-07-29 19:28 . 2008-07-29 19:29 <DIR> d-------- C:\Program Files\Software by Design
    2008-07-29 19:28 . 2005-05-25 05:00 90,112 --------- C:\WINNT\SDUnInst.exe
    2008-07-29 17:56 . 2008-07-29 17:56 <DIR> d-------- C:\temp\VBE
    2008-07-29 15:01 . 2008-07-29 15:01 <DIR> d-------- C:\temp\41FA
    2008-07-29 14:47 . 2008-07-29 14:47 <DIR> d-------- C:\temp\Google Toolbar
    2008-07-29 14:47 . 2008-07-29 14:47 <DIR> d-------- C:\temp\BabylonData
    2008-07-29 14:44 . 2008-07-30 15:50 <DIR> d-------- C:\temp\WERdf6a.dir00
    2008-07-29 14:44 . 2008-07-30 15:50 <DIR> d-------- C:\temp\WERcd0a.dir00
    2008-07-29 14:44 . 2008-07-30 15:50 <DIR> d-------- C:\temp\WERc8c6.dir00
    2008-07-29 14:23 . 2008-07-29 20:04 <DIR> d-------- C:\temp\notesAE2D45
    2008-07-29 14:10 . 2008-07-29 14:10 <DIR> d-------- C:\Program Files\Trend Micro
    2008-07-29 14:05 . 2008-07-29 14:05 <DIR> d-------- C:\Program Files\Panda Security
    2008-07-29 14:05 . 2008-06-19 17:24 28,544 --a------ C:\WINNT\system32\drivers\pavboot.sys
    2008-07-29 13:15 . 2008-07-30 15:50 <DIR> d-------- C:\temp\Word8.0
    2008-07-29 12:22 . 2008-07-30 15:50 <DIR> d-------- C:\temp\a2temp
    2008-07-29 12:21 . 2008-07-29 13:21 <DIR> d-------- C:\Program Files\a-squared Anti-Malware
    2008-07-29 00:51 . 2008-07-30 15:50 <DIR> d-------- C:\temp\jkos-A ELLOUGANI
    2008-07-29 00:50 . 2008-06-10 02:32 73,728 --a------ C:\WINNT\system32\javacpl.cpl
    2008-07-28 23:54 . 2008-07-28 23:54 <DIR> d---s---- C:\temp\Temporary Internet Files
    2008-07-28 23:54 . 2008-07-28 23:54 <DIR> d---s---- C:\temp\History
    2008-07-28 23:54 . 2008-07-30 15:50 <DIR> d---s---- C:\temp\Cookies
    2008-07-28 23:35 . 2008-07-30 15:50 <DIR> d-------- C:\temp\WER2cc4.dir00
    2008-07-26 06:36 . 2008-07-26 06:36 94,848 --a------ C:\WINNT\system32\gamnqnms.dll
    2008-07-25 19:45 . 1996-08-20 20:37 15,840 --a------ C:\WINNT\system32\Machnm1.exe
    2008-07-25 19:45 . 2005-09-25 16:37 5,632 --a------ C:\WINNT\system32\Machnm64.sys
    2008-07-25 19:45 . 2008-07-25 19:45 3,120 --a------ C:\WINNT\system32\118290.54
    2008-07-25 19:45 . 2008-07-25 19:45 3,120 --a------ C:\WINNT\118294.78
    2008-07-25 19:45 . 2003-08-13 00:27 2,304 --a------ C:\WINNT\system32\Machnm32.sys
    2008-07-25 17:10 . 2008-07-27 23:17 <DIR> d-------- C:\Program Files\AVM
    2008-07-25 17:10 . 2008-07-25 08:17 120,320 --a------ C:\WINNT\system32\avm.cpl
    2008-07-25 16:50 . 2008-07-25 16:51 30,672 --a------ C:\a
    2008-07-25 15:01 . 2008-07-25 15:02 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
    2008-07-25 14:19 . 2008-07-30 15:50 <DIR> d-------- C:\temp\NSU_b77b2a565b734e3913dbdc
    2008-07-25 11:59 . 2004-08-03 23:08 25,600 --a------ C:\WINNT\system32\drivers\usbser.sys
    2008-07-25 11:59 . 2004-08-03 23:08 25,600 --a--c--- C:\WINNT\system32\dllcache\usbser.sys
    2008-07-25 11:59 . 2008-07-25 11:59 0 --ah----- C:\WINNT\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
    2008-07-25 11:59 . 2008-07-25 11:59 0 --ah----- C:\WINNT\system32\drivers\Msft_Kernel_ccdcmb_01005.Wdf
    2008-07-25 00:32 . 2008-07-25 00:32 323,584 --a------ C:\WINNT\system32\cbXRlihe.dll
    2008-07-25 00:27 . 2008-07-30 14:27 <DIR> d-------- C:\temp\__SkypeIEToolbar_Cache
    2008-07-25 00:27 . 2008-07-25 00:27 34,816 --a------ C:\WINNT\system32\clbdll.dll.vir
    2008-07-25 00:27 . 2004-08-04 08:00 4,224 --a------ C:\WINNT\system32\beep.sys
    2008-07-25 00:08 . 2008-05-07 07:39 1,419,232 --a------ C:\WINNT\system32\wdfcoinstaller01005.dll
    2008-07-25 00:08 . 2008-05-07 07:38 659,968 --a------ C:\WINNT\system32\nmwcdcocls.dll
    2008-07-25 00:08 . 2008-05-07 07:38 20,864 --a------ C:\WINNT\system32\drivers\ccdcmbo.sys
    2008-07-25 00:08 . 2008-05-07 07:38 17,536 --a------ C:\WINNT\system32\drivers\ccdcmb.sys
    2008-07-25 00:08 . 2008-05-07 07:38 8,064 --a------ C:\WINNT\system32\drivers\usbser_lowerfltj.sys
    2008-07-25 00:08 . 2008-06-06 09:24 8,064 --a------ C:\WINNT\system32\drivers\usbser_lowerflt.sys
    2008-07-25 00:07 . 2008-07-25 00:07 <DIR> d-------- C:\Program Files\MSXML 6.0
    2008-07-24 16:41 . 2008-07-24 16:41 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\NSeries
    2008-07-18 22:01 . 2008-07-18 22:01 <DIR> d-------- C:\Program Files\HSDPA USB MODEM
    2008-07-18 22:01 . 2007-11-01 15:35 103,424 --a------ C:\WINNT\system32\MyDIT_GenClassCoInst.dll
    2008-07-18 22:01 . 2007-10-16 11:40 97,408 --a------ C:\WINNT\system32\drivers\cmusbser.sys
    2008-07-13 11:22 . 2007-08-24 19:45 101,120 -ra------ C:\WINNT\system32\drivers\ewusbmdm.sys
    2008-07-13 11:22 . 2007-08-24 19:45 24,448 -ra------ C:\WINNT\system32\drivers\ewdcsc.sys
    2008-07-13 11:21 . 2008-07-13 11:23 <DIR> d-------- C:\Program Files\Internet Mobile
    2008-07-13 11:20 . 2004-08-03 23:08 17,024 --a------ C:\WINNT\system32\drivers\usbohci.sys
    2008-07-13 11:20 . 2004-08-03 23:08 17,024 --a--c--- C:\WINNT\system32\dllcache\usbohci.sys
    2008-07-10 19:58 . 2008-07-13 12:15 <DIR> d-------- C:\LOGIAPRO
    2008-07-10 19:31 . 2008-07-10 19:58 <DIR> d-------- C:\Program Files\Common Files\PC SOFT
    2008-07-10 19:31 . 2008-07-13 12:16 <DIR> d-------- C:\logiasyndic
    2008-06-11 23:56 . 2008-06-12 00:07 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\U3

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-07-30 15:50 --------- d-----w C:\Documents and Settings\Administrator\Application Data\Skype
    2008-07-30 14:27 --------- d-----w C:\Documents and Settings\Administrator\Application Data\skypePM
    2008-07-29 00:50 --------- d-----w C:\Program Files\Java
    2008-07-25 19:44 --------- d--h--w C:\Program Files\InstallShield Installation Information
    2008-07-25 00:08 --------- d-----w C:\Program Files\Nokia
    2008-07-25 00:08 --------- d-----w C:\Documents and Settings\All Users\Application Data\Installations
    2008-07-25 00:06 --------- d-----w C:\Program Files\Common Files\Nokia
    2008-07-24 16:42 --------- d-----w C:\Documents and Settings\Administrator\Application Data\PC Suite
    2008-07-24 16:29 --------- d-----w C:\Documents and Settings\Administrator\Application Data\Nokia
    2008-06-27 19:41 --------- d-----w C:\Documents and Settings\All Users\Application Data\Babylon
    2008-03-28 21:52 32 ----a-w C:\Documents and Settings\All Users\Application Data\ezsid.dat
    2008-02-09 22:19 2,293,848 -c--a-w C:\Program Files\FLV PlayerFCSetup.exe
    2008-02-09 22:17 3,955,352 -c--a-w C:\Program Files\FLV PlayerRCATSetup.exe
    2008-02-09 21:34 411,248 -c--a-w C:\Program Files\FLV PlayerRCSetup.exe
    2007-03-09 08:12 27,648 -csha-w C:\WINNT\system32\AVSredirect.dll
    .

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2A32C803-1CB0-495A-8381-928837187B2E}]
    2008-07-25 00:32 323584 --a------ C:\WINNT\system32\cbXRlihe.dll

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ctfmon.exe"="C:\WINNT\system32\ctfmon.exe" [2004-08-04 08:00 15360]
    "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-11-17 09:57 68856]
    "Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2008-02-01 17:22 21898024]
    "Babylon Translator"="C:\Program Files\Babylon\Babylon-Pro\Babylon.exe" [2004-04-01 11:43 2400323]
    "PC Suite Tray"="C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe" [2007-12-10 10:12 695808]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2005-12-15 10:18 49152]
    "NSLauncher"="C:\Program Files\Nokia\Nokia Software Launcher\NSLauncher.exe" [2007-08-02 14:30 3096576]
    "TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2008-02-23 16:37 185896]
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 04:27 144784]
    "884d88f4"="C:\WINNT\system32\rqhjfhsj.dll" [2008-07-30 11:08 99456]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINNT\system32\CTFMON.EXE" [2004-08-04 08:00 15360]
    "Nokia.PCSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-11-07 17:35 1294336]

    C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\
    Yahoo! Widget Engine.lnk - C:\Program Files\Yahoo!\Widgets\YahooWidgetEngine.exe [2007-05-04 19:39:42 2913840]

    C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
    Bluetooth.lnk - C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe [2005-11-01 14:10:32 581693]
    Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [2006-05-16 09:54:22 24576]
    Lotus Organizer EasyClip.lnk - C:\lotus\organize\easyclip.exe [2002-08-08 20:49:20 87040]
    Lotus QuickStart.lnk - C:\lotus\wordpro\ltsstart.exe [2002-08-08 08:23:48 32768]
    VPN Client.lnk - C:\WINNT\Installer\{24C67B54-0718-445E-B663-3138D9246BD1}\Icon3E5562ED7.ico [2006-05-16 10:40:19 6144]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "disablecad"= 0 (0x0)

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
    "NoMSAppLogo5ChannelNotify"= 0 (0x0)
    "NoBandCustomize"= 0 (0x0)
    "NoSMMyPictures"= 1 (0x1)
    "NoSimpleStartMenu"= 1 (0x1)

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
    "Btn_Back"= 0 (0x0)
    "Btn_Forward"= 0 (0x0)
    "Btn_Stop"= 0 (0x0)
    "Btn_Refresh"= 0 (0x0)
    "Btn_Home"= 0 (0x0)
    "Btn_Search"= 0 (0x0)
    "Btn_History"= 0 (0x0)
    "Btn_Favorites"= 0 (0x0)
    "Btn_Media"= 2 (0x2)
    "SpecifyDefaultButtons"= 1 (0x1)
    "Btn_Folders"= 0 (0x0)
    "Btn_Fullscreen"= 0 (0x0)
    "Btn_Tools"= 0 (0x0)
    "Btn_MailNews"= 0 (0x0)
    "Btn_Size"= 0 (0x0)
    "Btn_Print"= 0 (0x0)
    "Btn_Edit"= 0 (0x0)
    "Btn_Discussions"= 0 (0x0)
    "Btn_Cut"= 0 (0x0)
    "Btn_Copy"= 0 (0x0)
    "Btn_Paste"= 0 (0x0)
    "Btn_Encoding"= 0 (0x0)
    "Btn_PrintPreview"= 0 (0x0)
    "NoFavoritesMenu"= 0 (0x0)
    "NoLogoff"= 0 (0x0)
    "EnforceShellExtensionSecurity"= 0 (0x0)
    "NoDeletePrinter"= 0 (0x0)
    "NoAddPrinter"= 0 (0x0)
    "NoPrinterTabs"= 0 (0x0)
    "NoSimpleStartMenu"= 1 (0x1)
    "ForceClassicControlPanel"= 1 (0x1)

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ACNotify]
    2006-04-17 12:01 32768 C:\Program Files\ThinkPad\ConnectUtilities\ACNotify.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tpfnf2]
    2005-07-05 22:45 28672 C:\WINNT\system32\notifyf2.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tphotkey]
    2005-11-30 19:16 24576 C:\WINNT\system32\tphklock.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "msacm.iac2"= C:\PROGRA~1\REPLAY~1\iac25_32.ax
    "msacm.dvacm"= C:\PROGRA~1\COMMON~1\ULEADS~1\Vio\Dvacm.acm

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    Authentication Packages REG_MULTI_SZ msv1_0 TivoliAP

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
    path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
    backup=C:\WINNT\pss\HP Digital Imaging Monitor.lnkCommon Startup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
    --a------ 2005-10-28 16:25 94208 C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sametime Connect]
    --a------ 2005-05-04 13:56 1310720 C:\Program Files\lotus\Sametime Client\connect.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ShStatEXE]
    --a------ 2004-08-18 08:00 94208 C:\Program Files\Network Associates\VirusScan\shstat.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
    --a------ 2008-02-23 16:37 185896 C:\Program Files\Common Files\Real\Update_OB\realsched.exe

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall"= 0 (0x0)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
    "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
    "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
    "C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
    "C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
    "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
    "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
    "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
    "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
    "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
    "C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
    "C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
    "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
    "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
    "C:\\Program Files\\Skype\\Phone\\Skype.exe"=

    R0 pavboot;pavboot;C:\WINNT\system32\drivers\pavboot.sys [2008-06-19 17:24]
    R0 Shockprf;Shockprf;C:\WINNT\system32\drivers\Shockprf.sys [2005-11-30 14:58]
    R1 ANC;ANC;C:\WINNT\system32\drivers\ANC.SYS [2005-11-08 08:27]
    R1 IBMTPCHK;IBMTPCHK;C:\WINNT\system32\Drivers\IBMBLDID.sys [2006-01-12 23:33]
    R1 ShockMgr;ShockMgr;C:\WINNT\system32\drivers\ShockMgr.sys [2005-06-20 11:18]
    R1 TPPWRIF;TPPWRIF;C:\WINNT\system32\drivers\Tppwrif.sys [2005-12-07 00:12]
    S3 lcfd;Tivoli Endpoint;C:\Tivoli\lcf\bin\w32-ix86\mrt\lcfd.exe [2005-05-22 01:15]
    S3 qcusbser;Mobile Connector USB Device for Legacy Serial Communication;C:\WINNT\system32\DRIVERS\cmusbser.sys [2007-10-16 11:40]

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]
    \Shell\AutoRun\command - D:\aamsstp\autorun.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{53632f97-3285-11dd-9c78-0015587fd50b}]
    \Shell\AutoRun\command - E:\LaunchU3.exe -a

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{aa86e88e-50cd-11dd-9c83-0019d22a4f22}]
    \Shell\AutoRun\command - E:\AutoRun.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{aa86e891-50cd-11dd-9c83-0019d22a4f22}]
    \Shell\AutoRun\command - E:\AutoRun.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{fb79fa6e-5259-11dd-9c86-0015587fd50b}]
    \Shell\AutoRun\command - E:\.\ShowModem.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{EEBF9CA6-567B-41cd-B5F6-EF2C7FEF37B5}]
    rundll32.exe advpack.dll,LaunchINFSectionEx C:\WINNT\INF\wmactedp.inf,PerUserStub,,4
    .
    Contents of the 'Scheduled Tasks' folder

    2008-03-04 C:\WINNT\Tasks\PMTask.job
    - C:\PROGRA~1\ThinkPad\UTILIT~1\PWMIDTSK.EXE [2005-12-07 00:12]

    2008-07-30 C:\WINNT\Tasks\SDMsgUpdate (TE).job
    - C:\PROGRA~1\SMARTD~2\Messages\SDNotify.exe [2007-09-26 08:53]
    .
    .
    ------- Supplementary Scan -------
    .
    R0 -: HKCU-Main,Start Page = hxxp://www.google.fr/
    R0 -: HKCU-Main,Search Page = hxxp://www.google.com
    R0 -: HKCU-Main,SearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
    R0 -: HKCU-Main,Search Bar = hxxp://www.google.com/ie
    R0 -: HKLM-Main,Default_Search_URL = hxxp://www.google.com/ie
    R1 -: HKCU-Internet Settings,ProxyOverride = <local>
    R0 -: HKCU-Search,SearchAssistant = hxxp://www.google.com/ie
    R1 -: HKCU-SearchURL,(Default) = hxxp://www.google.com/search?q=%s
    R0 -: HKLM-Search,SearchAssistant = hxxp://www.google.com/ie
    O8 -: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O8 -: Send To &Bluetooth - c:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm
    O8 -: Translate with &Babylon - C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/Translate.htm

    O16 -: Microsoft XML Parser for Java - file://C:\WINNT\Java\classes\xmldso.cab
    C:\WINNT\Downloaded Program Files\Microsoft XML Parser for Java.osd


    **************************************************************************

    catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-07-30 15:50:56
    Windows 5.1.2600 Service Pack 2 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------

    PROCESS: C:\WINNT\system32\winlogon.exe
    -> C:\Program Files\ThinkPad\ConnectUtilities\AcSvcStub.dll
    -> C:\Program Files\ThinkPad\ConnectUtilities\AcLocSettings.dll
    -> C:\Program Files\ThinkPad\ConnectUtilities\ACHelper.dll
    -> C:\WINNT\system32\tphklock.dll
    .
    ------------------------ Other Running Processes ------------------------
    .
    C:\WINNT\system32\ibmpmsvc.exe
    C:\WINNT\system32\ati2evxx.exe
    C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
    C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
    C:\Program Files\a-squared Anti-Malware\a2service.exe
    C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
    C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe
    C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
    C:\Program Files\Network Associates\McAfee Desktop Firewall for Windows XP\FireSvc.exe
    C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
    C:\Program Files\Network Associates\VirusScan\vstskmgr.exe
    C:\PROGRA~1\NETWOR~1\COMMON~1\naPrdMgr.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\Program Files\lotus\notes\ntmulti.exe
    C:\WINNT\system32\HPZipm12.exe
    C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
    C:\WINNT\system32\TPHDEXLG.exe
    C:\WINNT\system32\TpKmpSvc.exe
    C:\WINNT\system32\wdfmgr.exe
    C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
    C:\Program Files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe
    C:\WINNT\system32\wscntfy.exe
    C:\WINNT\system32\ati2evxx.exe
    C:\WINNT\system32\rundll32.exe
    C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
    C:\Program Files\PC Connectivity Solution\Transports\NclIrSrv.exe
    C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
    C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
    .
    **************************************************************************
    .
    Completion time: 2008-07-30 15:54:09 - machine was rebooted
    ComboFix-quarantined-files.txt 2008-07-30 15:54:05

    Pre-Run: 15,542,071,296 bytes free
    Post-Run: 15,547,318,272 bytes free

    330
    Contenus similaires
    31 Juillet 2008 00:18:46

    Re,

    Télécharge ZebRestore

    Dézippe-le. Ouvre le dossier, lance le en double cliquant sur l’exécutable.

    Coche :
    - RegEdit
    - Clés RUN
    - Bouton Arrêter
    - Windows Update
    - Gestionnaire des tâches
    - Panneau de configuration
    - Ajout/Suppression de programmes
    - Policies

    Clique sur Restaurer. Ferme le programme.

    -------------

    Sélectionne l'intégralité du cadre ci-dessous :

    Collect::
    C:\WINNT\system32\cbXRlihe.dll
    C:\WINNT\system32\rqhjfhsj.dll
    C:\WINNT\system32\gamnqnms.dll

    File::
    C:\WINNT\system32\clbdll.dll.vir

    Folder::
    C:\temp

    Registry::
    [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2A32C803-1CB0-495A-8381-928837187B2E}]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "TkBellExe"=-
    "884d88f4"=-


  • Copie/colle le dans le Bloc Notes (Démarrer\Tous les programmes\Accessoires\Bloc notes.)
  • Enregistre le sous sur ton bureau sous le nom de CFScript.txt
  • Glisse maintenant le fichier CFScript.txt dans ComboFix.exe comme ci-dessous :

  • Cela va relancer Combofix.
  • ComboFix créera ces fichiers sur ton Bureau :
    - Un fichier zippé nommé Submit [Date Time].zip
    - Un second fichier nommé - CF-Submit.htm
  • ComboFix peut exiger un redémarrage pour compléter son travail. Accepte.
  • Lorsque l'outil aura terminé, un rapport ComboFix.log apparaîtra à l'écran.
  • Une nouvelle fenêtre avec invite "Submit Files for further analysis" s'ouvrira. Clique "OK"
  • Ton navigateur se lancera automatiquement avec le fichier CF-Submit.htm et une fenêtre s'ouvrira :
    - Clique sur le bouton "Browse"("Parcourir") et navigue vers le fichier
    Submit [Date Time].zip qui est sur ton Bureau.
    - Clique sur le fichier afin de le sélectionner.
  • Soumets le fichier en cliquant "OK"
  • Lorsque cette opération sera complétée, tu peux supprimer ces deux fichiers qui se trouvent sur ton Bureau.
    Poste le contenu du rapport ComboFix.txt après redémarrage s'il y en a un.
    31 Juillet 2008 15:13:28

    Bonjour XmichouX,
    J'ai suivi la procédure. Au moment de l'envoi du fichier zip, j'ai eu le message suivant "improper usage" donc je ne sais pas si l'envoi est bon.

    Les logs combofix:

    ComboFix 08-07-29.1 - A ELLOUGANI 2008-07-31 13:11:23.2 - NTFSx86
    Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.487 [GMT 0:00]
    Running from: C:\Documents and Settings\Administrator\Desktop\ComboFix.exe
    Command switches used :: C:\Documents and Settings\Administrator\Desktop\CFScript.txt
    * Created a new restore point

    FILE ::
    C:\WINNT\system32\clbdll.dll.vir
    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\temp
    C:\temp\__SkypeIEToolbar_Cache\e70d95847a8f5723cfca6b3fd9946506\session\menu.external.css
    C:\temp\__SkypeIEToolbar_Cache\e70d95847a8f5723cfca6b3fd9946506\session\menu.external.html
    C:\temp\__SkypeIEToolbar_Cache\e70d95847a8f5723cfca6b3fd9946506\session\menu.external.js
    C:\temp\__SkypeIEToolbar_Cache\e70d95847a8f5723cfca6b3fd9946506\session\menu.graph.compat.css
    C:\temp\__SkypeIEToolbar_Cache\e70d95847a8f5723cfca6b3fd9946506\session\menu.graph.compat.js
    C:\temp\__SkypeIEToolbar_Cache\e70d95847a8f5723cfca6b3fd9946506\session\menu.graph.modern.css
    C:\temp\__SkypeIEToolbar_Cache\e70d95847a8f5723cfca6b3fd9946506\session\menu.graph.modern.js
    C:\temp\__SkypeIEToolbar_Cache\e70d95847a8f5723cfca6b3fd9946506\session\menu.text.css
    C:\temp\__SkypeIEToolbar_Cache\e70d95847a8f5723cfca6b3fd9946506\session\menu.text.js
    C:\temp\__SkypeIEToolbar_Cache\e70d95847a8f5723cfca6b3fd9946506\static\active_a.compat.flex.w11.gif
    C:\temp\__SkypeIEToolbar_Cache\e70d95847a8f5723cfca6b3fd9946506\static\active_a.compat.flex.w16.gif
    C:\temp\__SkypeIEToolbar_Cache\e70d95847a8f5723cfca6b3fd9946506\static\active_a.compat.stat.w11.gif
    C:\temp\__SkypeIEToolbar_Cache\e70d95847a8f5723cfca6b3fd9946506\static\active_a.compat.stat.w16.gif
    C:\temp\__SkypeIEToolbar_Cache\e70d95847a8f5723cfca6b3fd9946506\static\active_a.modern.flex.gif
    C:\temp\__SkypeIEToolbar_Cache\e70d95847a8f5723cfca6b3fd9946506\static\active_a.modern.stat.gif
    C:\temp\__SkypeIEToolbar_Cache\e70d95847a8f5723cfca6b3fd9946506\static\active_m.compat.gif
    C:\temp\__SkypeIEToolbar_Cache\e70d95847a8f5723cfca6b3fd9946506\static\active_m.modern.gif
    C:\temp\__SkypeIEToolbar_Cache\e70d95847a8f5723cfca6b3fd9946506\static\active_r.compat.gif
    C:\temp\__SkypeIEToolbar_Cache\e70d95847a8f5723cfca6b3fd9946506\static\active_r.modern.gif
    C:\temp\__SkypeIEToolbar_Cache\e70d95847a8f5723cfca6b3fd9946506\static\active_ra.compat.gif
    C:\temp\__SkypeIEToolbar_Cache\e70d95847a8f5723cfca6b3fd9946506\static\active_ra.modern.gif
    C:\temp\__SkypeIEToolbar_Cache\e70d95847a8f5723cfca6b3fd9946506\static\active_s.compat.gif
    C:\temp\__SkypeIEToolbar_Cache\e70d95847a8f5723cfca6b3fd9946506\static\active_s.modern.gif
    C:\temp\__SkypeIEToolbar_Cache\e70d95847a8f5723cfca6b3fd9946506\static\active_s_noflag.compat.gif
    C:\temp\__SkypeIEToolbar_Cache\e70d95847a8f5723cfca6b3fd9946506\static\active_s_noflag.modern.gif
    C:\temp\__SkypeIEToolbar_Cache\e70d95847a8f5723cfca6b3fd9946506\static\active_s_stat.compat.gif
    C:\temp\__SkypeIEToolbar_Cache\e70d95847a8f5723cfca6b3fd9946506\static\active_s_stat.modern.gif
    C:\temp\__SkypeIEToolbar_Cache\e70d95847a8f5723cfca6b3fd9946506\static\active_s_stat_noflag.compat.gif
    C:\temp\__SkypeIEToolbar_Cache\e70d95847a8f5723cfca6b3fd9946506\static\active_s_stat_noflag.modern.gif
    C:\temp\__SkypeIEToolbar_Cache\e70d95847a8f5723cfca6b3fd9946506\static\famfamfam\AC.gif
    C:\temp\__SkypeIEToolbar_Cache\e70d95847a8f5723cfca6b3fd9946506\static\famfamfam\AD.gif
    C:\temp\__SkypeIEToolbar_Cache\e70d95847a8f5723cfca6b3fd9946506\static\famfamfam\AE.gif
    C:\temp\__SkypeIEToolbar_Cache\e70d95847a8f5723cfca6b3fd9946506\static\famfamfam\AF.gif
    C:\temp\__SkypeIEToolbar_Cache\e70d95847a8f5723cfca6b3fd9946506\static\famfamfam\AG.gif
    C:\temp\__SkypeIEToolbar_Cache\e70d95847a8f5723cfca6b3fd9946506\static\famfamfam\AI.gif
    C:\temp\__SkypeIEToolbar_Cache\e70d95847a8f5723cfca6b3fd9946506\static\famfamfam\AL.gif
    C:\temp\__SkypeIEToolbar_Cache\e70d95847a8f5723cfca6b3fd9946506\static\famfamfam\AM.gif
    C:\temp\__SkypeIEToolbar_Cache\e70d95847a8f5723cfca6b3fd9946506\static\famfamfam\AN.gif
    C:\temp\__SkypeIEToolbar_Cache\e70d95847a8f5723cfca6b3fd9946506\static\famfamfam\AO.gif
    C:\temp\__SkypeIEToolbar_Cache\e70d95847a8f5723cfca6b3fd9946506\static\famfamfam\AR.gif
    C:\temp\__SkypeIEToolbar_Cache\e70d95847a8f5723cfca6b3fd9946506\static\famfamfam\AS.gif
    C:\temp\__SkypeIEToolbar_Cache\e70d95847a8f5723cfca6b3fd9946506\static\famfamfam\AT.gif
    C:\temp\__SkypeIEToolbar_Cache\e70d95847a8f5723cfca6b3fd9946506\static\famfamfam\AU.gif
    C:\temp\__SkypeIEToolbar_Cache\e70d95847a8f5723cfca6b3fd9946506\static\famfamfam\AW.gif
    C:\temp\__SkypeIEToolbar_Cache\e70d95847a8f5723cfca6b3fd9946506\static\famfamfam\AZ.gif
    C:\temp\__SkypeIEToolbar_Cache\e70d95847a8f5723cfca6b3fd9946506\static\famfamfam\BA.gif
    C:\temp\__SkypeIEToolbar_Cache\e70d95847a8f5723cfca6b3fd9946506\static\famfamfam\BB.gif
    C:\temp\__SkypeIEToolbar_Cache\e70d95847a8f5723cfca6b3fd9946506\static\famfamfam\BD.gif
    C:\temp\__SkypeIEToolbar_Cache\e70d95847a8f5723cfca6b3fd9946506\static\famfamfam\BE.gif
    C:\temp\__SkypeIEToolbar_Cache\e70d95847a8f5723cfca6b3fd9946506\static\famfamfam\BF.gif
    C:\temp\__SkypeIEToolbar_Cache\e70d95847a8f5723cfca6b3fd9946506\static\famfamfam\BG.gif
    C:\temp\__SkypeIEToolbar_Cache\e70d95847a8f5723cfca6b3fd9946506\static\famfamfam\BH.gif
    C:\temp\__SkypeIEToolbar_Cache\e70d95847a8f5723cfca6b3fd9946506\static\famfamfam\BI.gif
    C:\temp\__SkypeIEToolbar_Cache\e70d95847a8f5723cfca6b3fd9946506\static\famfamfam\BJ.gif
    C:\temp\__SkypeIEToolbar_Cache\e70d95847a8f5723cfca6b3fd9946506\static\famfamfam\BM.gif
    C:\temp\__SkypeIEToolbar_Cache\e70d95847a8f5723cfca6b3fd9946506\static\famfamfam\BN.gif
    C:\temp\__SkypeIEToolbar_Cache\e70d95847a8f5723cfca6b3fd9946506\static\famfamfam\BO.gif
    C:\temp\__SkypeIEToolbar_Cache\e70d95847a8f5723cfca6b3fd9946506\static\famfamfam\BR.gif
    C:\temp\__SkypeIEToolbar_Cache\e70d95847a8f5723cfca6b3fd9946506\static\famfamfam\BS.gif
    C:\temp\__SkypeIEToolbar_Cache\e70d95847a8f5723cfca6b3fd9946506\static\famfamfam\BT.gif
    C:\temp\__SkypeIEToolbar_Cache\e70d95847a8f5723cfca6b3fd9946506\static\famfamfam\BW.gif
    C:\temp\__SkypeIEToolbar_Cache\e70d95847a8f5723cfca6b3fd9946506\static\famfamfam\BY.gif
    C:\temp\__SkypeIEToolbar_Cache\e70d95847a8f5723cfca6b3fd9946506\static\famfamfam\BZ.gif
    C:\temp\__SkypeIEToolbar_Cache\e70d95847a8f5723cfca6b3fd9946506\static\famfamfam\CA.gif
    C:\temp\__SkypeIEToolbar_Cache\e70d95847a8f5723cfca6b3fd9946506\static\famfamfam\CD.gif
    C:\temp\__SkypeIEToolbar_Cache\e70d95847a8f5723cfca6b3fd9946506\static\famfamfam\CF.gif
    C:\temp\__SkypeIEToolbar_Cache\e70d95847a8f5723cfca6b3fd9946506\static\famfamfam\CG.gif
    C:\temp\__SkypeIEToolbar_Cache\e70d95847a8f5723cfca6b3fd9946506\static\famfamfam\CH.gif
    C:\temp\__SkypeIEToolbar_Cache\e70d95847a8f5723cfca6b3fd9946506\static\famfamfam\CI.gif
    C:\temp\__SkypeIEToolbar_Cache\e70d95847a8f5723cfca6b3fd9946506\static\famfamfam\CK.gif
    C:\temp\__SkypeIEToolbar_Cache\e70d95847a8f5723cfca6b3fd9946506\static\famfamfam\CL.gif
    C:\temp\__SkypeIEToolbar_Cache\e70d95847a8f5723cfca6b3fd9946506\static\famfamfam\CM.gif
    C:\temp\__SkypeIEToolbar_Cache\e70d95847a8f5723cfca6b3fd9946506\static\famfamfam\CN.gif
    C:\temp\__SkypeIEToolbar_Cache\e70d95847a8f5723cfca6b3fd9946506\static\famfamfam\CO.gif
    C:\temp\__SkypeIEToolbar_Cache\e70d95847a8f5723cfca6b3fd9946506\static\famfamfam\CR.gif
    C:\temp\__SkypeIEToolbar_Cache\e70d95847a8f5723cfca6b3fd9946506\static\famfamfam\CU.gif
    C:\temp\__SkypeIEToolbar_Cache\e70d95847a8f5723cfca6b3fd9946506\static\famfamfam\CV.gif
    C:\temp\__SkypeIEToolbar_Cache\e70d95847a8f5723cfca6b3fd9946506\static\famfamfam\CY.gif
    C:\temp\__SkypeIEToolbar_Cache\e70d95847a8f5723cfca6b3fd9946506\static\famfamfam\CZ.gif
    C:\temp\__SkypeIEToolbar_Cache\e70d95847a8f5723cfca6b3fd9946506\static\famfamfam\DE.gif
    C:\temp\__SkypeIEToolbar_Cache\e70d95847a8f5723cfca6b3fd9946506\static\famfamfam\DG.gif
    C:\temp\__SkypeIEToolbar_Cache\e70d95847a8f5723cfca6b3fd9946506\static\famfamfam\DJ.gif
    C:\temp\__SkypeIEToolbar_Cache\e70d95847a8f5723cfca6b3fd9946506\static\famfamfam\DK.gif
    C:\temp\__SkypeIEToolbar_Cache\e70d95847a8f5723cfca6b3fd9946506\static\famfamfam\DM.gif
    C:\temp\__SkypeIEToolbar_Cache\e70d95847a8f5723cfca6b3fd9946506\static\famfamfam\DO.gif
    C:\temp\__SkypeIEToolbar_Cache\e70d95847a8f5723cfca6b3fd9946506\static\famfamfam\DZ.gif
    C:\temp\__SkypeIEToolbar_Cache\e70d95847a8f5723cfca6b3fd9946506\static\famfamfam\EC.gif
    C:\temp\__SkypeIEToolbar_Cache\e70d95847a8f5723cfca6b3fd9946506\static\famfamfam\EE.gif
    C:\temp\__SkypeIEToolbar_Cache\e70d95847a8f5723cfca6b3fd9946506\static\famfamfam\EG.gif
    C:\temp\__SkypeIEToolbar_Cache\e70d95847a8f5723cfca6b3fd9946506\static\famfamfam\ER.gif
    C:\temp\__SkypeIEToolbar_Cache\e70d95847a8f5723cfca6b3fd9946506\static\famfamfam\ES.gif
    C:\temp\__SkypeIEToolbar_Cache\e70d95847a8f5723cfca6b3fd9946506\static\famfamfam\ET.gif
    C:\temp\__SkypeIEToolbar_Cache\e70d95847a8f5723cfca6b3fd9946506\static\famfamfam\FI.gif
    C:\temp\__SkypeIEToolbar_Cache\e70d95847a8f5723cfca6b3fd9946506\static\famfamfam\FJ.gif
    C:\temp\__SkypeIEToolbar_Cache\e70d95847a8f5723cfca6b3fd9946506\static\famfamfam\FK.gif
    C:\temp\__SkypeIEToolbar_Cache\e70d95847a8f5723cfca6b3fd9946506\static\famfamfam\FM.gif
    C:\temp\__SkypeIEToolbar_Cache\e70d95847a8f5723cfca6b3fd9946506\static\famfamfam\FO.gif
    C:\temp\__SkypeIEToolbar_Cache\e70d95847a8f5723cfca6b3fd9946506\static\famfamfam\FR.gif
    C:\temp\__SkypeIEToolbar_Cache\e70d95847a8f5723cfca6b3fd9946506\static\famfamfam\GA.gif
    C:\temp\__SkypeIEToolbar_Cache\e70d95847a8f5723cfca6b3fd9946506\static\famfamfam\GB.gif
    C:\temp\__SkypeIEToolbar_Cache\e70d95847a8f5723cfca6b3fd9946506\static\famfamfam\GD.gif
    C:\temp\__SkypeIEToolbar_Cache\e70d95847a8f5723cfca6b3fd9946506\static\famfamfam\GE.gif
    C:\temp\__SkypeIEToolbar_Cache\e70d95847a8f5723cfca6b3fd9946506\static\famfamfam\GF.gif
    C:\temp\__SkypeIEToolbar_Cache\e70d95847a8f5723cfca6b3fd9946506\static\famfamfam\GH.gif
    C:\temp\__SkypeIEToolbar_Cache\e70d95847a8f5723cfca6b3fd9946506\static\famfamfam\GI.gif
    C:\temp\__SkypeIEToolbar_Cache\e70d95847a8f5723cfca6b3fd9946506\static\famfamfam\GL.gif
    C:\temp\__SkypeIEToolbar_Cache\e70d95847a8f5723cfca6b3fd9946506\static\famfamfam\GM.gif
    C:\temp\__SkypeIEToolbar_Cache\e70d95847a8f5723cfca6b3fd9946506\static\famfamfam\GN.gif
    C:\temp\__SkypeIEToolbar_Cache\e70d95847a8f5723cfca6b3fd9946506\static\famfamfam\GP.gif
    C:\temp\__SkypeIEToolbar_Cache\e70d95847a8f5723cfca6b3fd9946506\static\famfamfam\GQ.gif
    C:\temp\__SkypeIEToolbar_Cache\e70d95847a8f5723cfca6b3fd9946506\static\famfamfam\GR.gif
    C:\temp\__SkypeIEToolbar_Cache\e70d95847a8f5723cfca6b3fd9946506\static\famfamfam\GT.gif
    C:\temp\__SkypeIEToolbar_Cache\e70d95847a8f5723cfca6b3fd9946506\static\famfamfam\GU.gif
    C:\temp\__SkypeIEToolbar_Cache\e70d95847a8f5723cfca6b3fd9946506\static\famfamfam\GW.gif
    C:\temp\__SkypeIEToolbar_Cache\e70d95847a8f5723cfca6b3fd9946506\static\famfamfam\GY.gif
    C:\temp\__SkypeIEToolbar_Cache\e70d95847a8f5723cfca6b3fd9946506\static\famfamfam\HK.gif
    C:\temp\__SkypeIEToolbar_Cache\e70d95847a8f5723cfca6b3fd9946506\static\famfamfam\HN.gif
    C:\temp\__SkypeIEToolbar_Cache\e70d95847a8f5723cfca6b3fd9946506\static\famfamfam\HR.gif
    C:\temp\__SkypeIEToolbar_Cache\e70d95847a8f5723cfca6b3fd9946506\static\famfamfam\HT.gif
    C:\temp\__SkypeIEToolbar_Cache\e70d95847a8f5723cfca6b3fd9946506\static\famfamfam\HU.gif
    C:\temp\__SkypeIEToolbar_Cache\e70d95847a8f5723cfca6b3fd9946506\static\famfamfam\ID.gif
    C:\temp\__SkypeIEToolbar_Cache\e70d95847a8f5723cfca6b3fd9946506\static\famfamfam\IE.gif
    C:\temp\__SkypeIEToolbar_Cache\e70d95847a8f5723cfca6b3fd9946506\static\famfamfam\IL.gif
    C:\temp\__SkypeIEToolbar_Cache\e70d95847a8f5723cfca6b3fd9946506\static\famfamfam\IN.gif
    C:\temp\__SkypeIEToolbar_Cache\e70d95847a8f5723cfca6b3fd9946506\static\famfamfam\IQ.gif
    C:\temp\__SkypeIEToolbar_Cache\e70d95847a8f5723cfca6b3fd9946506\static\famfamfam\IR.gif
    C:\temp\__SkypeIEToolbar_Cache\e70d95847a8f5723cfca6b3fd9946506\static\famfamfam\IS.gif
    C:\temp\__SkypeIEToolbar_Cache\e70d95847a8f5723cfca6b3fd9946506\static\famfamfam\IT.gif
    C:\temp\__SkypeIEToolbar_Cache\e70d95847a8f5723cfca6b3fd9946506\static\famfamfam\JM.gif
    C:\temp\__SkypeIEToolbar_Cache\e70d95847a8f5723cfca6b3fd9946506\static\famfamfam\JO.gif
    C:\temp\__SkypeIEToolbar_Cache\e70d95847a8f5723cfca6b3fd9946506\static\famfamfam\JP.gif
    C:\temp\__SkypeIEToolbar_Cache\e70d95847a8f5723cfca6b3fd9946506\static\famfamfam\KE.gif
    C:\temp\__SkypeIEToolbar_Cache\e70d95847a8f5723cfca6b3fd9946506\static\famfamfam\KG.gif
    C:\temp\__SkypeIEToolbar_Cache\e70d95847a8f5723cfca6b3fd9946506\static\famfamfam\KH.gif
    C:\temp\__SkypeIEToolbar_Cache\e70d95847a8f5723cfca6b3fd9946506\static\famfamfam\KI.gif
    C:\temp\__SkypeIEToolbar_Cache\e70d95847a8f5723cfca6b3fd9946506\static\famfamfam\KM.gif
    C:\temp\__SkypeIEToolbar_Cache\e70d95847a8f5723cfca6b3fd9946506\static\famfamfam\KN.gif
    C:\temp\__SkypeIEToolbar_Cache\e70d95847a8f5723cfca6b3fd9946506\static\famfamfam\KP.gif
    C:\temp\__SkypeIEToolbar_Cache\e70d95847a8f5723cfca6b3fd9946506\static\famfamfam\KR.gif
    C:\temp\__SkypeIEToolbar_Cache\e70d95847a8f5723cfca6b3fd9946506\static\famfamfam\KW.gif
    C:\temp\__SkypeIEToolbar_Cache\e70d95847a8f5723cfca6b3fd9946506\static\famfamfam\KY.gif
    C:\temp\__SkypeIEToolbar_Cache\e70d95847a8f5723cfca6b3fd9946506\static\famfamfam\KZ.gif
    C:\temp\__SkypeIEToolbar_Cache\e70d95847a8f5723cfca6b3fd9946506\static\famfamfam\LA.gif
    C:\temp\__SkypeIEToolbar_Cache\e70d95847a8f5723cfca6b3fd9946506\static\famfamfam\LB.gif
    C:\temp\__SkypeIEToolbar_Cache\e70d95847a8f5723cfca6b3fd9946506\static\famfamfam\LC.gif
    C:\temp\__SkypeIEToolbar_Cache\e70d95847a8f5723cfca6b3fd9946506\static\famfamfam\LI.gif
    C:\temp\__SkypeIEToolbar_Cache\e70d95847a8f5723cfca6b3fd9946506\static\famfamfam\LK.gif
    C:\temp\__SkypeIEToolbar_Cache\e70d95847a8f5723cfca6b3fd9946506\static\famfamfam\LR.gif
    C:\temp\__SkypeIEToolbar_Cache\e70d95847a8f5723cfca6b3fd9946506\static\famfamfam\LS.gif
    C:\temp\__SkypeIEToolbar_Cache\e70d95847a8f5723cfca6b3fd9946506\static\famfamfam\LT.gif
    C:\temp\__SkypeIEToolbar_Cache\e70d95847a8f5723cfca6b3fd9946506\static\famfamfam\LU.gif
    C:\temp\__SkypeIEToolbar_Cache\e70d95847a8f5723cfca6b3fd9946506\static\famfamfam\LV.gif
    C:\temp\__SkypeIEToolbar_Cache\e70d95847a8f5723cfca6b3fd9946506\static\famfamfam\LY.gif
    C:\temp\__SkypeIEToolbar_Cache\e70d95847a8f5723cfca6b3fd9946506\static\famfamfam\MA.gif
    C:\temp\__SkypeIEToolbar_Cache\e70d95847a8f5723cfca6b3fd9946506\static\famfamfam\MC.gif
    C:\temp\__SkypeIEToolbar_Cache\e70d95847a8f5723cfca6b3fd9946506\static\famfamfam\MD.gif
    C:\temp\__SkypeIEToolbar_Cache\e70d95847a8f5723cfca6b3fd9946506\static\famfamfam\ME.gif
    C:\temp\__SkypeIEToolbar_Cache\e70d95847a8f5723cfca6b3fd9946506\static\famfamfam\MG.gif
    C:\temp\__SkypeIEToolbar_Cache\e70d95847a8f5723cfca6b3fd9946506\static\famfamfam\MH.gif
    C:\temp\__SkypeIEToolbar_Cache\e70d95847a8f5723cfca6b3fd9946506\static\famfamfam\MK.gif
    C:\temp\__SkypeIEToolbar_Cache\e70d95847a8f5723cfca6b3fd9946506\static\famfamfam\ML.gif
    C:\temp\__SkypeIEToolbar_Cache\e70d95847a8f5723cfca6b3fd9946506\static\famfamfam\MM.gif
    C:\temp\__SkypeIEToolbar_Cache\e70d95847a8f5723cfca6b3fd9946506\static\famfamfam\MN.gif
    C:\temp\__SkypeIEToolbar_Cache\e70d95847a8f5723cfca6b3fd9946506\static\famfamfam\MO.gif
    C:\temp\__SkypeIEToolbar_Cache\e70d95847a8f5723cfca6b3fd9946506\static\famfamfam\MP.gif
    C:\temp\__SkypeIEToolbar_Cache\e70d95847a8f5723cfca6b3fd9946506\static\famfamfam\MQ.gif
    C:\temp\__SkypeIEToolbar_Cache\e70d95847a8f5723cfca6b3fd9946506\static\famfamfam\MR.gif
    C:\temp\__SkypeIEToolbar_Cache\e70d95847a8f5723cfca6b3fd9946506\static\famfamfam\MS.gif
    C:\temp\__SkypeIEToolbar_Cache\e70d95847a8f5723cfca6b3fd9946506\static\famfamfam\MT.gif
    C:\temp\__SkypeIEToolbar_Cache\e70d95847a8f5723cfca6b3fd9946506\static\famfamfam\MU.gif
    C:\temp\__SkypeIEToolbar_Cache\e70d95847a8f5723cfca6b3fd9946506\static\famfamfam\MV.gif
    C:\temp\__SkypeIEToolbar_Cache\e70d95847a8f5723cfca6b3fd9946506\static\famfamfam\MW.gif
    C:\temp\__SkypeIEToolbar_Cache\e70d95847a8f5723cfca6b3fd9946506\static\famfamfam\MX.gif
    C:\temp\__SkypeIEToolbar_Cache\e70d95847a8f5723cfca6b3fd9946506\static\famfamfam\MY.gif
    C:\temp\__SkypeIEToolbar_Cache\e70d95847a8f5723cfca6b3fd9946506\static\famfamfam\MZ.gif
    C:\temp\__SkypeIEToolbar_Cache\e70d95847a8f5723cfca6b3fd9946506\static\famfamfam\NA.gif
    C:\temp\__SkypeIEToolbar_Cache\e70d95847a8f5723cfca6b3fd9946506\static\famfamfam\NC.gif
    C:\temp\__SkypeIEToolbar_Cache\e70d95847a8f5723cfca6b3fd9946506\static\famfamfam\NE.gif
    C:\temp\__SkypeIEToolbar_Cache\e70d95847a8f5723cfca6b3fd9946506\static\famfamfam\NG.gif
    C:\temp\__SkypeIEToolbar_Cache\e70d95847a8f5723cfca6b3fd9946506\static\famfamfam\NI.gif
    C:\temp\__SkypeIEToolbar_Cache\e70d95847a8f5723cfca6b3fd9946506\static\famfamfam\NL.gif
    C:\temp\__SkypeIEToolbar_Cache\e70d95847a8f5723cfca6b3fd9946506\static\famfamfam\NO.gif
    C:\temp\__SkypeIEToolbar_Cache\e70d95847a8f5723cfca6b3fd9946506\static\famfamfam\NP.gif
    C:\temp\__SkypeIEToolbar_Cache\e70d95847a8f5723cfca6b3fd9946506\static\famfamfam\NR.gif
    C:\temp\__SkypeIEToolbar_Cache\e70d95847a8f5723cfca6b3fd9946506\static\famfamfam\NU.gif
    C:\temp\__SkypeIEToolbar_Cache\e70d95847a8f5723cfca6b3fd9946506\static\famfamfam\NZ.gif
    C:\temp\__SkypeIEToolbar_Cache\e70d95847a8f5723cfca6b3fd9946506\static\famfamfam\OM.gif
    C:\temp\__SkypeIEToolbar_Cache\e70d95847a8f5723cfca6b3fd9946506\static\famfamfam\PA.gif
    C:\temp\__SkypeIEToolbar_Cache\e70d95847a8f5723cfca6b3fd9946506\static\famfamfam\PE.gif
    C:\temp\__SkypeIEToolbar_Cache\e70d95847a8f5723cfca6b3fd9946506\static\famfamfam\PF.gif
    C:\temp\__SkypeIEToolbar_Cache\e70d95847a8f5723cfca6b3fd9946506\static\famfamfam\PG.gif
    C:\temp\__SkypeIEToolbar_Cache\e70d95847a8f5723cfca6b3fd9946506\static\famfamfam\PH.gif
    C:\temp\__SkypeIEToolbar_Cache\e70d95847a8f5723cfca6b3fd9946506\static\famfamfam\PK.gif
    C:\temp\__SkypeIEToolbar_Cache\e70d95847a8f5723cfca6b3fd9946506\static\famfamfam\PL.gif
    C:\temp\__SkypeIEToolbar_Cache\e70d95847a8f5723cfca6b3fd9946506\static\famfamfam\PM.gif
    C:\temp\__SkypeIEToolbar_Cache\e70d95847a8f5723cfca6b3fd9946506\static\famfamfam\PR.gif
    C:\temp\__SkypeIEToolbar_Cache\e70d95847a8f5723cfca6b3fd9946506\static\famfamfam\PS.gif
    C:\temp\__SkypeIEToolbar_Cache\e70d95847a8f5723cfca6b3fd9946506\static\famfamfam\PT.gif
    C:\temp\__SkypeIEToolbar_Cache\e70d95847a8f5723cfca6b3fd9946506\static\famfamfam\PW.gif
    C:\temp\__SkypeIEToolbar_Cache\e70d95847a8f5723cfca6b3fd9946506\static\famfamfam\PY.gif
    C:\temp\__SkypeIEToolbar_Cache\e70d95847a8f5723cfca6b3fd9946506\static\famfamfam\QA.gif
    C:\temp\__SkypeIEToolbar_Cache\e70d95847a8f5723cfca6b3fd9946506\static\famfamfam\RE.gif
    C:\temp\__SkypeIEToolbar_Cache\e70d95847a8f5723cfca6b3fd9946506\static\famfamfam\RO.gif
    C:\temp\__SkypeIEToolbar_Cache\e70d95847a8f5723cfca6b3fd9946506\static\famfamfam\RS.gif
    C:\temp\__SkypeIEToolbar_Cache\e70d95847a8f5723cfca6b3fd9946506\static\famfamfam\RU.gif
    C:\temp\__SkypeIEToolbar_Cache\e70d95847a8f5723cfca6b3fd9946506\static\famfamfam\RW.gif
    C:\temp\__SkypeIEToolbar_Cache\e70d95847a8f5723cfca6b3fd9946506\static\famfamfam\SA.gif
    C:\temp\__SkypeIEToolbar_Cache\e70d95847a8f5723cfca6b3fd9946506\static\famfamfam\SB.gif
    C:\temp\__SkypeIEToolbar_Cache\e70d95847a8f5723cfca6b3fd9946506\static\famfamfam\SC.gif
    C:\temp\__SkypeIEToolbar_Cache\e70d95847a8f5723cfca6b3fd9946506\static\famfamfam\SD.gif
    C:\temp\__SkypeIEToolbar_Cache\e70d95847a8f5723cfca6b3fd9946506\static\famfamfam\SE.gif
    C:\temp\__SkypeIEToolbar_Cache\e70d95847a8f5723cfca6b3fd9946506\static\famfamfam\SG.gif
    C:\temp\__SkypeIEToolbar_Cache\e70d95847a8f5723cfca6b3fd9946506\static\famfamfam\SH.gif
    C:\temp\__SkypeIEToolbar_Cache\e70d95847a8f5723cfca6b3fd9946506\static\famfamfam\SI.gif
    C:\temp\__SkypeIEToolbar_Cache\e70d95847a8f5723cfca6b3fd9946506\static\famfamfam\SK.gif
    C:\temp\__SkypeIEToolbar_Cache\e70d95847a8f5723cfca6b3fd9946506\static\famfamfam\SL.gif
    C:\temp\__SkypeIEToolbar_Cache\e70d95847a8f5723cfca6b3fd9946506\static\famfamfam\SM.gif
    C:\temp\__SkypeIEToolbar_Cache\e70d95847a8f5723cfca6b3fd9946506\static\famfamfam\SN.gif
    C:\temp\__SkypeIEToolbar_Cache\e70d95847a8f5723cfca6b3fd9946506\static\famfamfam\SO.gif
    C:\temp\__SkypeIEToolbar_Cache\e70d95847a8f5723cfca6b3fd9946506\static\famfamfam\SR.gif
    C:\temp\__SkypeIEToolbar_Cache\e70d95847a8f5723cfca6b3fd9946506\static\famfamfam\ST.gif
    C:\temp\__SkypeIEToolbar_Cache\e70d95847a8f5723cfca6b3fd9946506\static\famfamfam\SV.gif
    C:\temp\__SkypeIEToolbar_Cache\e70d95847a8f5723cfca6b3fd9946506\static\famfamfam\SY.gif
    C:\temp\__SkypeIEToolbar_Cache\e70d95847a8f5723cfca6b3fd9946506\static\famfamfam\SZ.gif
    C:\temp\__SkypeIEToolbar_Cache\e70d95847a8f5723cfca6b3fd9946506\static\famfamfam\TC.gif
    C:\temp\__SkypeIEToolbar_Cache\e70d95847a8f5723cfca6b3fd9946506\static\famfamfam\TD.gif
    C:\temp\__SkypeIEToolbar_Cache\e70d95847a8f5723cfca6b3fd9946506\static\famfamfam\TG.gif
    C:\temp\__SkypeIEToolbar_Cache\e70d95847a8f5723cfca6b3fd9946506\static\famfamfam\TH.gif
    C:\temp\__SkypeIEToolbar_Cache\e70d95847a8f5723cfca6b3fd9946506\static\famfamfam\TJ.gif
    C:\temp\__SkypeIEToolbar_Cache\e70d95847a8f5723cfca6b3fd9946506\static\famfamfam\TK.gif
    C:\temp\__SkypeIEToolbar_Cache\e70d95847a8f5723cfca6b3fd9946506\static\famfamfam\TL.gif
    C:\temp\__SkypeIEToolbar_Cache\e70d95847a8f5723cfca6b3fd9946506\static\famfamfam\TM.gif
    C:\temp\__SkypeIEToolbar_Cache\e70d95847a8f5723cfca6b3fd9946506\static\famfamfam\TN.gif
    C:\temp\__SkypeIEToolbar_Cache\e70d95847a8f5723cfca6b3fd9946506\static\famfamfam\TO.gif
    C:\temp\__SkypeIEToolbar_Cache\e70d95847a8f5723cfca6b3fd9946506\static\famfamfam\TR.gif
    C:\temp\__SkypeIEToolbar_Cache\e70d95847a8f5723cfca6b3fd9946506\static\famfamfam\TT.gif
    C:\temp\__SkypeIEToolbar_Cache\e70d95847a8f5723cfca6b3fd9946506\static\famfamfam\TV.gif
    C:\temp\__SkypeIEToolbar_Cache\e70d95847a8f5723cfca6b3fd9946506\static\famfamfam\TW.gif
    C:\temp\__SkypeIEToolbar_Cache\e70d95847a8f5723cfca6b3fd9946506\static\famfamfam\TZ.gif
    C:\temp\__SkypeIEToolbar_Cache\e70d95847a8f5723cfca6b3fd9946506\static\famfamfam\UA.gif
    C:\temp\__SkypeIEToolbar_Cache\e70d95847a8f5723cfca6b3fd9946506\static\famfamfam\UG.gif
    C:\temp\__SkypeIEToolbar_Cache\e70d95847a8f5723cfca6b3fd9946506\static\famfamfam\US.gif
    C:\temp\__SkypeIEToolbar_Cache\e70d95847a8f5723cfca6b3fd9946506\static\famfamfam\UY.gif
    C:\temp\__SkypeIEToolbar_Cache\e70d95847a8f5723cfca6b3fd9946506\static\famfamfam\UZ.gif
    C:\temp\__SkypeIEToolbar_Cache\e70d95847a8f5723cfca6b3fd9946506\static\famfamfam\VA.gif
    C:\temp\__SkypeIEToolbar_Cache\e70d95847a8f5723cfca6b3fd9946506\static\famfamfam\VC.gif
    C:\temp\__SkypeIEToolbar_Cache\e70d95847a8f5723cfca6b3fd9946506\static\famfamfam\VE.gif
    C:\temp\__SkypeIEToolbar_Cache\e70d95847a8f5723cfca6b3fd9946506\static\famfamfam\VG.gif
    C:\temp\__SkypeIEToolbar_Cache\e70d95847a8f5723cfca6b3fd9946506\static\famfamfam\VI.gif
    C:\temp\__SkypeIEToolbar_Cache\e70d95847a8f5723cfca6b3fd9946506\static\famfamfam\VN.gif
    C:\temp\__SkypeIEToolbar_Cache\e70d95847a8f5723cfca6b3fd9946506\static\famfamfam\VU.gif
    C:\temp\__SkypeIEToolbar_Cache\e70d95847a8f5723cfca6b3fd9946506\static\famfamfam\WF.gif
    C:\temp\__SkypeIEToolbar_Cache\e70d95847a8f5723cfca6b3fd9946506\static\famfamfam\WS.gif
    C:\temp\__SkypeIEToolbar_Cache\e70d95847a8f5723cfca6b3fd9946506\static\famfamfam\YE.gif
    C:\temp\__SkypeIEToolbar_Cache\e70d95847a8f5723cfca6b3fd9946506\static\famfamfam\YT.gif
    C:\temp\__SkypeIEToolbar_Cache\e70d95847a8f5723cfca6b3fd9946506\static\famfamfam\ZA.gif
    C:\temp\__SkypeIEToolbar_Cache\e70d95847a8f5723cfca6b3fd9946506\static\famfamfam\ZM.gif
    C:\temp\__SkypeIEToolbar_Cache\e70d95847a8f5723cfca6b3fd9946506\static\famfamfam\ZW.gif
    C:\temp\__SkypeIEToolbar_Cache\e70d95847a8f5723cfca6b3fd9946506\static\inactive_a.compat.flex.w11.gif
    C:\temp\__SkypeIEToolbar_Cache\e70d95847a8f5723cfca6b3fd9946506\static\inactive_a.compat.flex.w16.gif
    C:\temp\__SkypeIEToolbar_Cache\e70d95847a8f5723cfca6b3fd9946506\static\inactive_a.compat.stat.w11.gif
    C:\temp\__SkypeIEToolbar_Cache\e70d95847a8f5723cfca6b3fd9946506\static\inactive_a.compat.stat.w16.gif
    C:\temp\__SkypeIEToolbar_Cache\e70d95847a8f5723cfca6b3fd9946506\static\inactive_a.modern.flex.gif
    C:\temp\__SkypeIEToolbar_Cache\e70d95847a8f5723cfca6b3fd9946506\static\inactive_a.modern.stat.gif
    C:\temp\__SkypeIEToolbar_Cache\e70d95847a8f5723cfca6b3fd9946506\static\inactive_m.compat.gif
    C:\temp\__SkypeIEToolbar_Cache\e70d95847a8f5723cfca6b3fd9946506\static\inactive_m.modern.gif
    C:\temp\__SkypeIEToolbar_Cache\e70d95847a8f5723cfca6b3fd9946506\static\inactive_r.compat.gif
    C:\temp\__SkypeIEToolbar_Cache\e70d95847a8f5723cfca6b3fd9946506\static\inactive_r.modern.gif
    C:\temp\__SkypeIEToolbar_Cache\e70d95847a8f5723cfca6b3fd9946506\static\inactive_s.compat.gif
    C:\temp\__SkypeIEToolbar_Cache\e70d95847a8f5723cfca6b3fd9946506\static\inactive_s.modern.gif
    C:\temp\__SkypeIEToolbar_Cache\e70d95847a8f5723cfca6b3fd9946506\static\inactive_s_noflag.compat.gif
    C:\temp\__SkypeIEToolbar_Cache\e70d95847a8f5723cfca6b3fd9946506\static\inactive_s_noflag.modern.gif
    C:\temp\__SkypeIEToolbar_Cache\e70d95847a8f5723cfca6b3fd9946506\static\inactive_s_stat.compat.gif
    C:\temp\__SkypeIEToolbar_Cache\e70d95847a8f5723cfca6b3fd9946506\static\inactive_s_stat.modern.gif
    C:\temp\__SkypeIEToolbar_Cache\e70d95847a8f5723cfca6b3fd9946506\static\inactive_s_stat_noflag.compat.gif
    C:\temp\__SkypeIEToolbar_Cache\e70d95847a8f5723cfca6b3fd9946506\static\inactive_s_stat_noflag.modern.gif
    C:\temp\__SkypeIEToolbar_Cache\e70d95847a8f5723cfca6b3fd9946506\static\injection.graph.compat.flex.tmpl
    C:\temp\__SkypeIEToolbar_Cache\e70d95847a8f5723cfca6b3fd9946506\static\injection.graph.compat.stat.tmpl
    C:\temp\__SkypeIEToolbar_Cache\e70d95847a8f5723cfca6b3fd9946506\static\injection.graph.modern.flex.tmpl
    C:\temp\__SkypeIEToolbar_Cache\e70d95847a8f5723cfca6b3fd9946506\static\injection.graph.modern.stat.tmpl
    C:\temp\__SkypeIEToolbar_Cache\e70d95847a8f5723cfca6b3fd9946506\static\injection.text.flex.tmpl
    C:\temp\__SkypeIEToolbar_Cache\e70d95847a8f5723cfca6b3fd9946506\static\injection.text.stat.tmpl
    C:\temp\__SkypeIEToolbar_Cache\e70d95847a8f5723cfca6b3fd9946506\static\menu.external.css
    C:\temp\__SkypeIEToolbar_Cache\e70d95847a8f5723cfca6b3fd9946506\static\menu.external.html
    C:\temp\__SkypeIEToolbar_Cache\e70d95847a8f5723cfca6b3fd9946506\static\menu.external.js
    C:\temp\__SkypeIEToolbar_Cache\e70d95847a8f5723cfca6b3fd9946506\static\menu.graph.compat.css
    C:\temp\__SkypeIEToolbar_Cache\e70d95847a8f5723cfca6b3fd9946506\static\menu.graph.compat.js
    C:\temp\__SkypeIEToolbar_Cache\e70d95847a8f5723cfca6b3fd9946506\static\menu.graph.modern.css
    C:\temp\__SkypeIEToolbar_Cache\e70d95847a8f5723cfca6b3fd9946506\static\menu.graph.modern.js
    C:\temp\__SkypeIEToolbar_Cache\e70d95847a8f5723cfca6b3fd9946506\static\menu.text.css
    C:\temp\__SkypeIEToolbar_Cache\e70d95847a8f5723cfca6b3fd9946506\static\menu.text.js
    C:\temp\__SkypeIEToolbar_Cache\e70d95847a8f5723cfca6b3fd9946506\static\pushed_a.compat.flex.w11.gif
    C:\temp\__SkypeIEToolbar_Cache\e70d95847a8f5723cfca6b3fd9946506\static\pushed_a.compat.flex.w16.gif
    C:\temp\__SkypeIEToolbar_Cache\e70d95847a8f5723cfca6b3fd9946506\static\pushed_a.compat.stat.w11.gif
    C:\temp\__SkypeIEToolbar_Cache\e70d95847a8f5723cfca6b3fd9946506\static\pushed_a.compat.stat.w16.gif
    C:\temp\__SkypeIEToolbar_Cache\e70d95847a8f5723cfca6b3fd9946506\static\pushed_a.modern.flex.gif
    C:\temp\__SkypeIEToolbar_Cache\e70d95847a8f5723cfca6b3fd9946506\static\pushed_a.modern.stat.gif
    C:\temp\__SkypeIEToolbar_Cache\e70d95847a8f5723cfca6b3fd9946506\static\pushed_m.compat.gif
    C:\temp\__SkypeIEToolbar_Cache\e70d95847a8f5723cfca6b3fd9946506\static\pushed_m.modern.gif
    C:\temp\__SkypeIEToolbar_Cache\e70d95847a8f5723cfca6b3fd9946506\static\pushed_r.compat.gif
    C:\temp\__SkypeIEToolbar_Cache\e70d95847a8f5723cfca6b3fd9946506\static\pushed_r.modern.gif
    C:\temp\__SkypeIEToolbar_Cache\e70d95847a8f5723cfca6b3fd9946506\static\pushed_s.compat.gif
    C:\temp\__SkypeIEToolbar_Cache\e70d95847a8f5723cfca6b3fd9946506\static\pushed_s.modern.gif
    C:\temp\__SkypeIEToolbar_Cache\e70d95847a8f5723cfca6b3fd9946506\static\pushed_s_noflag.compat.gif
    C:\temp\__SkypeIEToolbar_Cache\e70d95847a8f5723cfca6b3fd9946506\static\pushed_s_noflag.modern.gif
    C:\temp\__SkypeIEToolbar_Cache\e70d95847a8f5723cfca6b3fd9946506\static\pushed_s_stat.compat.gif
    C:\temp\__SkypeIEToolbar_Cache\e70d95847a8f5723cfca6b3fd9946506\static\pushed_s_stat.modern.gif
    C:\temp\__SkypeIEToolbar_Cache\e70d95847a8f5723cfca6b3fd9946506\static\pushed_s_stat_noflag.compat.gif
    C:\temp\__SkypeIEToolbar_Cache\e70d95847a8f5723cfca6b3fd9946506\static\pushed_s_stat_noflag.modern.gif
    C:\temp\__SkypeIEToolbar_Cache\e70d95847a8f5723cfca6b3fd9946506\static\webicon_add.gif
    C:\temp\__SkypeIEToolbar_Cache\e70d95847a8f5723cfca6b3fd9946506\static\webicon_call.gif
    C:\temp\__SkypeIEToolbar_Cache\e70d95847a8f5723cfca6b3fd9946506\static\webicon_copy.gif
    C:\temp\__SkypeIEToolbar_Cache\e70d95847a8f5723cfca6b3fd9946506\static\webicon_find.gif
    C:\temp\__SkypeIEToolbar_Cache\e70d95847a8f5723cfca6b3fd9946506\static\webicon_sms.gif
    C:\temp\~DF14F1.tmp
    C:\temp\~DF32A4.tmp
    C:\temp\~DF3469.tmp
    C:\temp\~DF3775.tmp
    C:\temp\~DFBF39.tmp
    C:\temp\11376280.TMP
    C:\temp\Av-test.txt
    C:\temp\cc_20080730_1636.reg
    C:\temp\cnvB5.tmp
    C:\temp\jusched.log
    C:\temp\log.txt
    C:\temp\pcsuitecheck_new.xml
    C:\WINNT\system32\cbXRlihe.dll
    C:\WINNT\system32\clbdll.dll.vir
    C:\WINNT\system32\ehilRXbc.ini
    C:\WINNT\system32\ehilRXbc.ini2
    C:\WINNT\system32\gamnqnms.dll
    C:\WINNT\system32\rmemfoop.ini

    .
    ((((((((((((((((((((((((( Files Created from 2008-06-28 to 2008-07-31 )))))))))))))))))))))))))))))))
    .

    2008-07-31 13:18 . 2008-07-31 13:18 <DIR> d-------- C:\Temp\BabylonData
    2008-07-31 13:18 . 2008-07-31 13:19 <DIR> d-------- C:\Temp
    2008-07-31 13:18 . 2008-07-31 13:18 53,248 --a------ C:\Temp\catchme.dll
    2008-07-30 19:07 . 2007-07-30 19:19 43,352 --a------ C:\WINNT\system32\wups2.dll
    2008-07-30 19:07 . 2007-07-30 19:18 34,136 --a------ C:\WINNT\system32\wucltui.dll.mui
    2008-07-30 19:07 . 2007-07-30 19:19 25,944 --a------ C:\WINNT\system32\wuaucpl.cpl.mui
    2008-07-30 19:07 . 2007-07-30 19:18 20,312 --a------ C:\WINNT\system32\wuaueng.dll.mui
    2008-07-30 15:57 . 2008-07-30 15:57 99,456 --a------ C:\WINNT\system32\poofmemr.dll
    2008-07-30 15:54 . 2008-07-30 15:54 294 --ahs---- C:\WINNT\system32\jshfjhqr.ini
    2008-07-29 19:28 . 2008-07-29 19:29 <DIR> d-------- C:\Program Files\Software by Design
    2008-07-29 19:28 . 2005-05-25 05:00 90,112 --------- C:\WINNT\SDUnInst.exe
    2008-07-29 14:10 . 2008-07-29 14:10 <DIR> d-------- C:\Program Files\Trend Micro
    2008-07-29 14:05 . 2008-07-29 14:05 <DIR> d-------- C:\Program Files\Panda Security
    2008-07-29 14:05 . 2008-06-19 17:24 28,544 --a------ C:\WINNT\system32\drivers\pavboot.sys
    2008-07-29 12:21 . 2008-07-29 13:21 <DIR> d-------- C:\Program Files\a-squared Anti-Malware
    2008-07-29 00:50 . 2008-06-10 02:32 73,728 --a------ C:\WINNT\system32\javacpl.cpl
    2008-07-25 19:45 . 1996-08-20 20:37 15,840 --a------ C:\WINNT\system32\Machnm1.exe
    2008-07-25 19:45 . 2005-09-25 16:37 5,632 --a------ C:\WINNT\system32\Machnm64.sys
    2008-07-25 19:45 . 2008-07-25 19:45 3,120 --a------ C:\WINNT\system32\118290.54
    2008-07-25 19:45 . 2008-07-25 19:45 3,120 --a------ C:\WINNT\118294.78
    2008-07-25 19:45 . 2003-08-13 00:27 2,304 --a------ C:\WINNT\system32\Machnm32.sys
    2008-07-25 17:10 . 2008-07-27 23:17 <DIR> d-------- C:\Program Files\AVM
    2008-07-25 17:10 . 2008-07-25 08:17 120,320 --a------ C:\WINNT\system32\avm.cpl
    2008-07-25 16:50 . 2008-07-25 16:51 30,672 --a------ C:\a
    2008-07-25 15:01 . 2008-07-25 15:02 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
    2008-07-25 11:59 . 2004-08-03 23:08 25,600 --a------ C:\WINNT\system32\drivers\usbser.sys
    2008-07-25 11:59 . 2004-08-03 23:08 25,600 --a--c--- C:\WINNT\system32\dllcache\usbser.sys
    2008-07-25 11:59 . 2008-07-25 11:59 0 --ah----- C:\WINNT\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
    2008-07-25 11:59 . 2008-07-25 11:59 0 --ah----- C:\WINNT\system32\drivers\Msft_Kernel_ccdcmb_01005.Wdf
    2008-07-25 00:27 . 2004-08-04 08:00 4,224 --a------ C:\WINNT\system32\beep.sys
    2008-07-25 00:08 . 2008-05-07 07:39 1,419,232 --a------ C:\WINNT\system32\wdfcoinstaller01005.dll
    2008-07-25 00:08 . 2008-05-07 07:38 659,968 --a------ C:\WINNT\system32\nmwcdcocls.dll
    2008-07-25 00:08 . 2008-05-07 07:38 20,864 --a------ C:\WINNT\system32\drivers\ccdcmbo.sys
    2008-07-25 00:08 . 2008-05-07 07:38 17,536 --a------ C:\WINNT\system32\drivers\ccdcmb.sys
    2008-07-25 00:08 . 2008-05-07 07:38 8,064 --a------ C:\WINNT\system32\drivers\usbser_lowerfltj.sys
    2008-07-25 00:08 . 2008-06-06 09:24 8,064 --a------ C:\WINNT\system32\drivers\usbser_lowerflt.sys
    2008-07-25 00:07 . 2008-07-25 00:07 <DIR> d-------- C:\Program Files\MSXML 6.0
    2008-07-24 16:41 . 2008-07-24 16:41 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\NSeries
    2008-07-18 22:01 . 2008-07-18 22:01 <DIR> d-------- C:\Program Files\HSDPA USB MODEM
    2008-07-18 22:01 . 2007-11-01 15:35 103,424 --a------ C:\WINNT\system32\MyDIT_GenClassCoInst.dll
    2008-07-18 22:01 . 2007-10-16 11:40 97,408 --a------ C:\WINNT\system32\drivers\cmusbser.sys
    2008-07-13 11:22 . 2007-08-24 19:45 101,120 -ra------ C:\WINNT\system32\drivers\ewusbmdm.sys
    2008-07-13 11:22 . 2007-08-24 19:45 24,448 -ra------ C:\WINNT\system32\drivers\ewdcsc.sys
    2008-07-13 11:21 . 2008-07-13 11:23 <DIR> d-------- C:\Program Files\Internet Mobile
    2008-07-13 11:20 . 2004-08-03 23:08 17,024 --a------ C:\WINNT\system32\drivers\usbohci.sys
    2008-07-13 11:20 . 2004-08-03 23:08 17,024 --a--c--- C:\WINNT\system32\dllcache\usbohci.sys
    2008-07-10 19:58 . 2008-07-13 12:15 <DIR> d-------- C:\LOGIAPRO
    2008-07-10 19:31 . 2008-07-10 19:58 <DIR> d-------- C:\Program Files\Common Files\PC SOFT
    2008-07-10 19:31 . 2008-07-13 12:16 <DIR> d-------- C:\logiasyndic
    2008-06-11 23:56 . 2008-06-12 00:07 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\U3

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-07-31 13:19 --------- d-----w C:\Documents and Settings\Administrator\Application Data\Skype
    2008-07-31 08:03 --------- d-----w C:\Documents and Settings\Administrator\Application Data\skypePM
    2008-07-30 18:22 --------- d-----w C:\Program Files\lotus
    2008-07-29 00:50 --------- d-----w C:\Program Files\Java
    2008-07-25 19:44 --------- d--h--w C:\Program Files\InstallShield Installation Information
    2008-07-25 00:08 --------- d-----w C:\Program Files\Nokia
    2008-07-25 00:08 --------- d-----w C:\Documents and Settings\All Users\Application Data\Installations
    2008-07-25 00:06 --------- d-----w C:\Program Files\Common Files\Nokia
    2008-07-24 16:42 --------- d-----w C:\Documents and Settings\Administrator\Application Data\PC Suite
    2008-07-24 16:29 --------- d-----w C:\Documents and Settings\Administrator\Application Data\Nokia
    2008-06-27 19:41 --------- d-----w C:\Documents and Settings\All Users\Application Data\Babylon
    2008-03-28 21:52 32 ----a-w C:\Documents and Settings\All Users\Application Data\ezsid.dat
    2008-02-09 22:19 2,293,848 -c--a-w C:\Program Files\FLV PlayerFCSetup.exe
    2008-02-09 22:17 3,955,352 -c--a-w C:\Program Files\FLV PlayerRCATSetup.exe
    2008-02-09 21:34 411,248 -c--a-w C:\Program Files\FLV PlayerRCSetup.exe
    2007-03-09 08:12 27,648 -csha-w C:\WINNT\system32\AVSredirect.dll
    .

    ((((((((((((((((((((((((((((( snapshot@2008-07-30_15.53.53.43 )))))))))))))))))))))))))))))))))))))))))
    .
    + 2007-07-30 19:19:20 92,504 ------w C:\WINNT\SoftwareDistribution\WebSetup\cdm.dll
    + 2007-07-30 19:19:36 549,720 ------w C:\WINNT\SoftwareDistribution\WebSetup\wuapi.dll
    + 2007-07-30 19:19:16 53,080 ------w C:\WINNT\SoftwareDistribution\WebSetup\wuauclt.exe
    + 2007-07-30 19:19:42 1,712,984 ------w C:\WINNT\SoftwareDistribution\WebSetup\wuaueng.dll
    + 2007-07-30 19:19:32 325,976 ------w C:\WINNT\SoftwareDistribution\WebSetup\wucltui.dll
    + 2007-07-30 19:18:40 33,624 ------w C:\WINNT\SoftwareDistribution\WebSetup\wups.dll
    + 2007-07-30 19:19:12 43,352 ------w C:\WINNT\SoftwareDistribution\WebSetup\wups2.dll
    - 2004-08-04 08:00:00 66,560 ----a-w C:\WINNT\system32\cdm.dll
    + 2007-07-30 19:19:20 92,504 ----a-w C:\WINNT\system32\cdm.dll
    - 2004-08-04 08:00:00 66,560 -c--a-w C:\WINNT\system32\dllcache\cdm.dll
    + 2007-07-30 19:19:20 92,504 -c--a-w C:\WINNT\system32\dllcache\cdm.dll
    - 2004-08-04 08:00:00 111,104 -c--a-w C:\WINNT\system32\dllcache\wuauclt.exe
    + 2007-07-30 19:19:16 53,080 -c--a-w C:\WINNT\system32\dllcache\wuauclt.exe
    - 2004-08-04 08:00:00 1,134,592 -c--a-w C:\WINNT\system32\dllcache\wuaueng.dll
    + 2007-07-30 19:19:42 1,712,984 -c--a-w C:\WINNT\system32\dllcache\wuaueng.dll
    - 2004-08-04 08:00:00 112,640 -c--a-w C:\WINNT\system32\dllcache\wucltui.dll
    + 2007-07-30 19:19:32 325,976 -c--a-w C:\WINNT\system32\dllcache\wucltui.dll
    + 2007-07-30 19:19:36 549,720 ----a-w C:\WINNT\system32\SoftwareDistribution\Setup\ServiceStartup\wuapi.dll\7.0.6000.381\wuapi.dll
    + 2007-07-30 19:18:40 33,624 ----a-w C:\WINNT\system32\SoftwareDistribution\Setup\ServiceStartup\wups.dll\7.0.6000.381\wups.dll
    - 2004-08-04 08:00:00 111,104 ----a-w C:\WINNT\system32\wuauclt.exe
    + 2007-07-30 19:19:16 53,080 ----a-w C:\WINNT\system32\wuauclt.exe
    - 2004-08-04 08:00:00 1,134,592 ----a-w C:\WINNT\system32\wuaueng.dll
    + 2007-07-30 19:19:42 1,712,984 ----a-w C:\WINNT\system32\wuaueng.dll
    - 2004-08-04 08:00:00 112,640 -c--a-w C:\WINNT\system32\wucltui.dll
    + 2007-07-30 19:19:32 325,976 ----a-w C:\WINNT\system32\wucltui.dll
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ctfmon.exe"="C:\WINNT\system32\ctfmon.exe" [2004-08-04 08:00 15360]
    "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-11-17 09:57 68856]
    "Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2008-02-01 17:22 21898024]
    "Babylon Translator"="C:\Program Files\Babylon\Babylon-Pro\Babylon.exe" [2004-04-01 11:43 2400323]
    "PC Suite Tray"="C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe" [2007-12-10 10:12 695808]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2005-12-15 10:18 49152]
    "NSLauncher"="C:\Program Files\Nokia\Nokia Software Launcher\NSLauncher.exe" [2007-08-02 14:30 3096576]
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 04:27 144784]
    "ShStatEXE"="C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" [2004-08-18 08:00 94208]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINNT\system32\CTFMON.EXE" [2004-08-04 08:00 15360]
    "Nokia.PCSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-11-07 17:35 1294336]

    C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\
    Yahoo! Widget Engine.lnk - C:\Program Files\Yahoo!\Widgets\YahooWidgetEngine.exe [2007-05-04 19:39:42 2913840]

    C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
    Bluetooth.lnk - C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe [2005-11-01 14:10:32 581693]
    Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [2006-05-16 09:54:22 24576]
    Lotus Organizer EasyClip.lnk - C:\lotus\organize\easyclip.exe [2002-08-08 20:49:20 87040]
    Lotus QuickStart.lnk - C:\lotus\wordpro\ltsstart.exe [2002-08-08 08:23:48 32768]
    VPN Client.lnk - C:\WINNT\Installer\{24C67B54-0718-445E-B663-3138D9246BD1}\Icon3E5562ED7.ico [2006-05-16 10:40:19 6144]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ACNotify]
    2006-04-17 12:01 32768 C:\Program Files\ThinkPad\ConnectUtilities\ACNotify.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tpfnf2]
    2005-07-05 22:45 28672 C:\WINNT\system32\notifyf2.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tphotkey]
    2005-11-30 19:16 24576 C:\WINNT\system32\tphklock.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "msacm.iac2"= C:\PROGRA~1\REPLAY~1\iac25_32.ax
    "msacm.dvacm"= C:\PROGRA~1\COMMON~1\ULEADS~1\Vio\Dvacm.acm

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    Authentication Packages REG_MULTI_SZ msv1_0 TivoliAP

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
    path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
    backup=C:\WINNT\pss\HP Digital Imaging Monitor.lnkCommon Startup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
    --a------ 2005-10-28 16:25 94208 C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sametime Connect]
    --a------ 2005-05-04 13:56 1310720 C:\Program Files\lotus\Sametime Client\connect.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
    --a------ 2008-02-23 16:37 185896 C:\Program Files\Common Files\Real\Update_OB\realsched.exe

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall"= 0 (0x0)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
    "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
    "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
    "C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
    "C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
    "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
    "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
    "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
    "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
    "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
    "C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
    "C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
    "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
    "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
    "C:\\Program Files\\Skype\\Phone\\Skype.exe"=

    R0 pavboot;pavboot;C:\WINNT\system32\drivers\pavboot.sys [2008-06-19 17:24]
    R0 Shockprf;Shockprf;C:\WINNT\system32\drivers\Shockprf.sys [2005-11-30 14:58]
    R1 ANC;ANC;C:\WINNT\system32\drivers\ANC.SYS [2005-11-08 08:27]
    R1 IBMTPCHK;IBMTPCHK;C:\WINNT\system32\Drivers\IBMBLDID.sys [2006-01-12 23:33]
    R1 ShockMgr;ShockMgr;C:\WINNT\system32\drivers\ShockMgr.sys [2005-06-20 11:18]
    R1 TPPWRIF;TPPWRIF;C:\WINNT\system32\drivers\Tppwrif.sys [2005-12-07 00:12]
    S3 lcfd;Tivoli Endpoint;C:\Tivoli\lcf\bin\w32-ix86\mrt\lcfd.exe [2005-05-22 01:15]
    S3 qcusbser;Mobile Connector USB Device for Legacy Serial Communication;C:\WINNT\system32\DRIVERS\cmusbser.sys [2007-10-16 11:40]

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]
    \Shell\AutoRun\command - D:\aamsstp\autorun.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{53632f97-3285-11dd-9c78-0015587fd50b}]
    \Shell\AutoRun\command - E:\LaunchU3.exe -a

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{aa86e88e-50cd-11dd-9c83-0019d22a4f22}]
    \Shell\AutoRun\command - E:\AutoRun.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{aa86e891-50cd-11dd-9c83-0019d22a4f22}]
    \Shell\AutoRun\command - E:\AutoRun.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{fb79fa6e-5259-11dd-9c86-0015587fd50b}]
    \Shell\AutoRun\command - E:\.\ShowModem.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{EEBF9CA6-567B-41cd-B5F6-EF2C7FEF37B5}]
    rundll32.exe advpack.dll,LaunchINFSectionEx C:\WINNT\INF\wmactedp.inf,PerUserStub,,4
    .
    Contents of the 'Scheduled Tasks' folder

    2008-03-04 C:\WINNT\Tasks\PMTask.job
    - C:\PROGRA~1\ThinkPad\UTILIT~1\PWMIDTSK.EXE [2005-12-07 00:12]

    2008-07-31 C:\WINNT\Tasks\SDMsgUpdate (TE).job
    - C:\PROGRA~1\SMARTD~2\Messages\SDNotify.exe [2007-09-26 08:53]
    .
    **************************************************************************

    catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-07-31 13:18:10
    Windows 5.1.2600 Service Pack 2 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------

    PROCESS: C:\WINNT\system32\winlogon.exe
    -> C:\Program Files\ThinkPad\ConnectUtilities\AcSvcStub.dll
    -> C:\Program Files\ThinkPad\ConnectUtilities\AcLocSettings.dll
    -> C:\Program Files\ThinkPad\ConnectUtilities\ACHelper.dll
    -> C:\WINNT\system32\tphklock.dll
    .
    ------------------------ Other Running Processes ------------------------
    .
    C:\WINNT\system32\ibmpmsvc.exe
    C:\WINNT\system32\ati2evxx.exe
    C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
    C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
    C:\Program Files\a-squared Anti-Malware\a2service.exe
    C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
    C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe
    C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
    C:\Program Files\Network Associates\McAfee Desktop Firewall for Windows XP\FireSvc.exe
    C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
    C:\Program Files\Network Associates\VirusScan\mcshield.exe
    C:\PROGRA~1\NETWOR~1\COMMON~1\naPrdMgr.exe
    C:\Program Files\Network Associates\VirusScan\vstskmgr.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\Program Files\lotus\notes\ntmulti.exe
    C:\WINNT\system32\HPZipm12.exe
    C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
    C:\WINNT\system32\TPHDEXLG.exe
    C:\WINNT\system32\TpKmpSvc.exe
    C:\WINNT\system32\wdfmgr.exe
    C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
    C:\Program Files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe
    C:\WINNT\system32\ati2evxx.exe
    C:\WINNT\system32\wscntfy.exe
    C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
    C:\Program Files\PC Connectivity Solution\Transports\NclIrSrv.exe
    C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
    C:\ComboFix\catchme.cfexe
    .
    **************************************************************************
    .
    Completion time: 2008-07-31 13:22:36 - machine was rebooted
    ComboFix-quarantined-files.txt 2008-07-31 13:22:32

    Pre-Run: 15,486,984,192 bytes free
    Post-Run: 15,486,873,600 bytes free

    592
    31 Juillet 2008 15:15:03

    Re,

    Supprime C:\WINNT\system32\jshfjhqr.ini

    Télécharge MalwareByte's Anti-Malware sur ton Bureau.

  • Installe-le en double-cliquant sur le fichier Download_mbam-setup.exe.
    Une fois l'installation et la mise à jour effectuées :
  • Fais redémarrer ton ordinateur en mode sans échec
    - Au démarrage, après le chargement du bios, appuie successivement sur la touche F8 (ou F5) de ton clavier jusqu'à l'apparition d'un menu sur fond noir. Une fois arrivé à ce stade, sélectionne à l'aide du clavier Mode sans Echec.
    -- Dans ce mode, tu n'as pas accès à Internet, et tu te retrouves avec une configuration visuelle différente (pas de fond d'écran, icônes très grosses). Ne sois donc pas étonné.
    --- C'est pour ces différentes raisons que je t'invite à imprimer, noter, ou enregistrer dans un document texte les informations suivantes afin de ne pas être perdu.
    ---- ! Ne fais pas démarrer ton ordinateur en mode sans échec via MSConfig ! Pourquoi ? Certaines infections cassent les clefs du mode sans échec, ce qui ferait crasher ton ordinateur.

  • Exécute maintenant MalwareByte's Anti-Malware. Si cela n'est pas déjà fait, sélectionne "Exécuter un examen complet".
  • Afin de lancer la recherche, clic sur"Rechercher".
  • Une fois le scan terminé, une fenêtre s'ouvre, clic sur OK. Deux possibilités s'offrent à toi :

    ~ Si le programme n'a rien trouvé, appuie sur OK. Un rapport va apparaître, ferme-le.
    ~~ Si des infections sont présentes, clic sur "Afficher les résultats" puis sur "Supprimer la sélection". Enregistre le rapport sur ton Bureau.
    ~~~~ Fais redémarrer ton ordinateur normalement et poste le rapport dans ta prochaine réponse.

    REMARQUE : Si MalwareByte's Anti-Malware a besoin de redémarrer pour terminer la suppression, accepte en cliquant sur Ok.[/#f]

    Note : Si tu ne parviens à télécharger MBAM à part de MajorGeeks, tu peux le télécharger ici!

    [#FF0000]Aide
    :
  • Comment utiliser MBAM.
  • Comment faire démarrer son ordinateur en mode sans échec.
    31 Juillet 2008 21:54:45

    Re,
    J'ai cherche le fichier en question C:\WINNT\system32\jshfjhqr.ini pour le supprimer mais il n'y etait pas. J'ai donc lance le scan en mode sans echec, il a trouve 18 infections mais apparement aucune action n'a été effectuée. ci-apres le rapport :

    Malwarebytes' Anti-Malware 1.24
    Version de la base de données: 1012
    Windows 5.1.2600 Service Pack 2

    20:44:14 2008-07-31
    mbam-log-7-31-2008 (20-44-07).txt

    Type de recherche: Examen complet (C:\|D:\|F:\|)
    Eléments examinés: 121083
    Temps écoulé: 35 minute(s), 41 second(s)

    Processus mémoire infecté(s): 0
    Module(s) mémoire infecté(s): 0
    Clé(s) du Registre infectée(s): 0
    Valeur(s) du Registre infectée(s): 0
    Elément(s) de données du Registre infecté(s): 1
    Dossier(s) infecté(s): 1
    Fichier(s) infecté(s): 16

    Processus mémoire infecté(s):
    (Aucun élément nuisible détecté)

    Module(s) mémoire infecté(s):
    (Aucun élément nuisible détecté)

    Clé(s) du Registre infectée(s):
    (Aucun élément nuisible détecté)

    Valeur(s) du Registre infectée(s):
    (Aucun élément nuisible détecté)

    Elément(s) de données du Registre infecté(s):
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\StartMenuLogOff (Hijack.StartMenu) -> Bad: (1) Good: (0) -> No action taken.

    Dossier(s) infecté(s):
    C:\Program Files\AVM (Rogue.AntivirusMaster) -> No action taken.

    Fichier(s) infecté(s):
    C:\a (Rogue.Multiple) -> No action taken.
    C:\Documents and Settings\Administrator\Desktop\AV2009Install_77052209.exe (Rogue.Installer) -> No action taken.
    C:\QooBox\Quarantine\C\WINNT\system32\nnnlkHyv.dll.vir (Trojan.Vundo) -> No action taken.
    C:\QooBox\Quarantine\C\WINNT\system32\urqOFuRl.dll.vir (Trojan.Vundo) -> No action taken.
    C:\QooBox\Quarantine\C\WINNT\system32\vav.cpl.vir (Rogue.Antispyware) -> No action taken.
    C:\System Volume Information\_restore{93C73AA4-079D-447E-88AE-FD9A4AAB2E5B}\RP2\A0000006.cpl (Rogue.Antispyware) -> No action taken.
    C:\System Volume Information\_restore{93C73AA4-079D-447E-88AE-FD9A4AAB2E5B}\RP2\A0000011.dll (Trojan.Vundo) -> No action taken.
    C:\System Volume Information\_restore{93C73AA4-079D-447E-88AE-FD9A4AAB2E5B}\RP2\A0000012.dll (Trojan.Vundo) -> No action taken.
    C:\System Volume Information\_restore{93C73AA4-079D-447E-88AE-FD9A4AAB2E5B}\RP4\A0000244.dll (Trojan.Vundo) -> No action taken.
    C:\Program Files\AVM\avm.cpl (Rogue.AntivirusMaster) -> No action taken.
    C:\Program Files\AVM\avm.old (Rogue.AntivirusMaster) -> No action taken.
    C:\Program Files\AVM\avm0.dat (Rogue.AntivirusMaster) -> No action taken.
    C:\Program Files\AVM\avm1.dat (Rogue.AntivirusMaster) -> No action taken.
    C:\Documents and Settings\Administrator\Desktop\Vista Antivirus 2008.url (Rogue.VistaAntivirus2008) -> No action taken.
    C:\ibmugcd.bat (Trojan.Agent) -> No action taken.
    C:\WINNT\system32\avm.cpl (Trojan.FakeAlert) -> No action taken.
    2 Août 2008 00:20:33

    Re,

    Poste un nouveau rapport HijackTHis;
    4 Août 2008 19:53:52

    Re,
    Voici le nouveau rapport HijackTHis.

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 18:50, on 2008-08-04
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    C:\WINNT\System32\smss.exe
    C:\WINNT\system32\winlogon.exe
    C:\WINNT\system32\services.exe
    C:\WINNT\system32\lsass.exe
    C:\WINNT\system32\ibmpmsvc.exe
    C:\WINNT\system32\Ati2evxx.exe
    C:\WINNT\system32\svchost.exe
    C:\WINNT\System32\svchost.exe
    C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
    C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
    C:\WINNT\system32\spoolsv.exe
    C:\Program Files\a-squared Anti-Malware\a2service.exe
    C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
    c:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe
    C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
    C:\Program Files\Network Associates\McAfee Desktop Firewall for Windows XP\FireSvc.exe
    C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
    C:\Program Files\Network Associates\VirusScan\mcshield.exe
    C:\Program Files\Network Associates\VirusScan\vstskmgr.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\program files\lotus\notes\ntmulti.exe
    C:\WINNT\system32\HPZipm12.exe
    C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
    C:\WINNT\system32\svchost.exe
    C:\WINNT\System32\TPHDEXLG.EXE
    C:\WINNT\system32\TpKmpSVC.exe
    C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
    C:\Program Files\Network Associates\Common Framework\McScript_InUse.exe
    C:\Program Files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe
    C:\WINNT\system32\Ati2evxx.exe
    C:\WINNT\Explorer.EXE
    C:\WINNT\system32\wscntfy.exe
    C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    C:\Program Files\Nokia\Nokia Software Launcher\NSLauncher.exe
    C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
    C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
    C:\WINNT\system32\ctfmon.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Program Files\Skype\Phone\Skype.exe
    C:\Program Files\Babylon\Babylon-Pro\Babylon.exe
    C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe
    C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe
    C:\Program Files\Digital Line Detect\DLG.exe
    C:\lotus\organize\easyclip.exe
    C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
    C:\Program Files\Yahoo!\Widgets\YahooWidgetEngine.exe
    C:\Program Files\PC Connectivity Solution\Transports\NclIrSrv.exe
    C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
    C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
    C:\Program Files\Yahoo!\Widgets\YahooWidgetEngine.exe
    C:\Program Files\Yahoo!\Widgets\YahooWidgetEngine.exe
    C:\Program Files\Yahoo!\Widgets\YahooWidgetEngine.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
    C:\WINNT\system32\wuauclt.exe
    C:\Program Files\Skype\Plugin Manager\skypePM.exe
    C:\WINNT\system32\wuauclt.exe
    C:\Program Files\Internet Explorer\iehook.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
    O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
    O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINNT\System32\DLA\DLASHX_W.DLL
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    O4 - HKLM\..\Run: [NSLauncher] C:\Program Files\Nokia\Nokia Software Launcher\NSLauncher.exe /startup
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
    O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINNT\system32\ctfmon.exe
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
    O4 - HKCU\..\Run: [Babylon Translator] C:\Program Files\Babylon\Babylon-Pro\Babylon.exe
    O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe" -onlytray
    O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] "C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" /NoDialog (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [Nokia.PCSync] "C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" /NoDialog (User 'Default user')
    O4 - Startup: Yahoo! Widget Engine.lnk = C:\Program Files\Yahoo!\Widgets\YahooWidgetEngine.exe
    O4 - Global Startup: Bluetooth.lnk = ?
    O4 - Global Startup: Digital Line Detect.lnk = ?
    O4 - Global Startup: Lotus Organizer EasyClip.lnk = ?
    O4 - Global Startup: Lotus QuickStart.lnk = ?
    O4 - Global Startup: VPN Client.lnk = ?
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O8 - Extra context menu item: Send To &Bluetooth - c:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm
    O8 - Extra context menu item: Translate with &Babylon - res://C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/Translate.htm
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O14 - IERESET.INF: START_PAGE_URL=http://inside.abb.com
    O15 - Trusted Zone: http://*.mcafee.com
    O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie....
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Co...
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
    O20 - Winlogon Notify: ACNotify - ACNotify.dll (file missing)
    O23 - Service: a-squared Anti-Malware Service (a2AntiMalware) - Emsi Software GmbH - C:\Program Files\a-squared Anti-Malware\a2service.exe
    O23 - Service: Ac Profile Manager Service (AcPrfMgrSvc) - Unknown owner - C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
    O23 - Service: Access Connections Main Service (AcSvc) - Lenovo - C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINNT\system32\Ati2evxx.exe
    O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - c:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe
    O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
    O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
    O23 - Service: McAfee Desktop Firewall Service (FireSvc) - McAfee, Inc. - C:\Program Files\Network Associates\McAfee Desktop Firewall for Windows XP\FireSvc.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: ThinkPad PM Service (IBMPMSVC) - Unknown owner - C:\WINNT\system32\ibmpmsvc.exe
    O23 - Service: Tivoli Endpoint (lcfd) - Unknown owner - C:\Tivoli\lcf\bin\w32-ix86\mrt\lcfd.exe
    O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
    O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\mcshield.exe
    O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\vstskmgr.exe
    O23 - Service: Multi-user Cleanup Service - IBM Corp - C:\program files\lotus\notes\ntmulti.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINNT\system32\HPZipm12.exe
    O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
    O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
    O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
    O23 - Service: ThinkPad HDD APS Logging Service (TPHDEXLGSVC) - Lenovo. - C:\WINNT\System32\TPHDEXLG.EXE
    O23 - Service: IBM KCU Service (TpKmpSVC) - Unknown owner - C:\WINNT\system32\TpKmpSVC.exe

    --
    End of file - 10007 bytes
    4 Août 2008 23:02:20

    Re,

    Je pars en vacances demain.
    Merci d'envoyer un MP à un autre Helper ou membre affilié pour obtenir de l'aide.
    31 Août 2008 23:43:30

    Re,

    Poste un nouveau log ComboFix pour vérification stp.
    3 Septembre 2008 01:00:36

    Salut XmichouX,
    Ci-dessous le dernier rapport combofix.
    logs:
    ComboFix 08-07-29.1 - A ELLOUGANI 2008-09-02 22:56:27.3 - NTFSx86
    Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.481 [GMT 0:00]
    Running from: C:\Documents and Settings\Administrator\Desktop\forum\ComboFix.exe
    .
    - REDUCED FUNCTIONALITY MODE -
    .

    ((((((((((((((((((((((((( Files Created from 2008-08-02 to 2008-09-02 )))))))))))))))))))))))))))))))
    .

    2008-09-02 22:57 . 2008-09-02 22:57 53,248 --a------ C:\Temp\catchme.dll
    2008-09-02 21:37 . 2008-09-02 21:37 <DIR> d-------- C:\Temp\smkits
    2008-09-02 19:30 . 2008-09-02 19:30 <DIR> d-------- C:\Temp\3E0B
    2008-09-02 19:25 . 2008-09-02 19:25 <DIR> d-------- C:\Temp\3A34
    2008-08-31 22:04 . 2008-08-31 22:04 <DIR> d-------- C:\Temp\1811
    2008-08-30 20:06 . 2008-08-30 20:06 <DIR> d-------- C:\Temp\6FBF
    2008-08-13 13:17 . 2008-08-13 13:17 <DIR> d-------- C:\Temp\60A
    2008-08-13 13:12 . 2008-08-13 13:12 <DIR> d-------- C:\Temp\251
    2008-08-07 20:02 . 2008-08-07 20:02 <DIR> d-------- C:\Temp\671A
    2008-08-07 19:55 . 2008-08-07 19:55 <DIR> d-------- C:\Temp\6214
    2008-08-07 12:17 . 2008-08-07 12:17 <DIR> d-------- C:\Temp\32E
    2008-08-07 12:12 . 2008-08-07 12:12 <DIR> d-------- C:\Temp\7F85
    2008-08-04 18:54 . 2008-08-04 18:54 <DIR> d-------- C:\Temp\48ED
    2008-08-04 18:49 . 2008-08-04 18:49 <DIR> d-------- C:\Temp\451A

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-09-02 22:55 --------- d-----w C:\Documents and Settings\Administrator\Application Data\Skype
    2008-09-02 21:36 --------- d-----w C:\Documents and Settings\Administrator\Application Data\skypePM
    2008-08-01 20:10 --------- d-----w C:\Program Files\Microsoft CAPICOM 2.1.0.2
    2008-08-01 20:00 --------- d-----w C:\Documents and Settings\All Users\Application Data\Babylon
    2008-07-31 19:59 --------- d-----w C:\Program Files\Malwarebytes' Anti-Malware
    2008-07-31 19:59 --------- d-----w C:\Documents and Settings\All Users\Application Data\Malwarebytes
    2008-07-31 19:59 --------- d-----w C:\Documents and Settings\Administrator\Application Data\Malwarebytes
    2008-07-30 20:07 38,472 ----a-w C:\WINNT\system32\drivers\mbamswissarmy.sys
    2008-07-30 20:07 17,144 ----a-w C:\WINNT\system32\drivers\mbam.sys
    2008-07-30 18:22 --------- d-----w C:\Program Files\lotus
    2008-07-30 15:57 99,456 ----a-w C:\WINNT\system32\poofmemr.dll
    2008-07-29 19:29 --------- d-----w C:\Program Files\Software by Design
    2008-07-29 14:10 --------- d-----w C:\Program Files\Trend Micro
    2008-07-29 14:05 --------- d-----w C:\Program Files\Panda Security
    2008-07-29 13:21 --------- d-----w C:\Program Files\a-squared Anti-Malware
    2008-07-29 00:50 --------- d-----w C:\Program Files\Java
    2008-07-25 19:44 --------- d--h--w C:\Program Files\InstallShield Installation Information
    2008-07-25 15:02 --------- d-----w C:\Documents and Settings\All Users\Application Data\Lavasoft
    2008-07-25 11:59 0 ---ha-w C:\WINNT\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
    2008-07-25 11:59 0 ---ha-w C:\WINNT\system32\drivers\Msft_Kernel_ccdcmb_01005.Wdf
    2008-07-25 00:08 --------- d-----w C:\Program Files\Nokia
    2008-07-25 00:08 --------- d-----w C:\Documents and Settings\All Users\Application Data\Installations
    2008-07-25 00:07 --------- d-----w C:\Program Files\MSXML 6.0
    2008-07-25 00:06 --------- d-----w C:\Program Files\Common Files\Nokia
    2008-07-24 16:42 --------- d-----w C:\Documents and Settings\Administrator\Application Data\PC Suite
    2008-07-24 16:41 --------- d-----w C:\Documents and Settings\Administrator\Application Data\NSeries
    2008-07-24 16:29 --------- d-----w C:\Documents and Settings\Administrator\Application Data\Nokia
    2008-07-18 22:01 --------- d-----w C:\Program Files\HSDPA USB MODEM
    2008-07-13 11:23 --------- d-----w C:\Program Files\Internet Mobile
    2008-07-10 19:58 --------- d-----w C:\Program Files\Common Files\PC SOFT
    2008-07-07 20:32 253,952 ----a-w C:\WINNT\system32\es.dll
    2008-06-24 16:23 74,240 ----a-w C:\WINNT\system32\mscms.dll
    2008-06-23 16:12 667,136 ----a-w C:\WINNT\system32\wininet.dll
    2008-06-20 17:41 245,248 ----a-w C:\WINNT\system32\mswsock.dll
    2008-03-28 21:52 32 ----a-w C:\Documents and Settings\All Users\Application Data\ezsid.dat
    2008-02-09 22:19 2,293,848 -c--a-w C:\Program Files\FLV PlayerFCSetup.exe
    2008-02-09 22:17 3,955,352 -c--a-w C:\Program Files\FLV PlayerRCATSetup.exe
    2008-02-09 21:34 411,248 -c--a-w C:\Program Files\FLV PlayerRCSetup.exe
    2007-03-09 08:12 27,648 -csha-w C:\WINNT\system32\AVSredirect.dll
    .

    ((((((((((((((((((((((((((((( snapshot@2008-07-30_15.53.53.43 )))))))))))))))))))))))))))))))))))))))))
    .
    + 2005-02-25 03:35:05 14,048 ----a-w C:\WINNT\$hf_mig$\KB898461\spmsg.dll
    + 2005-02-25 03:35:05 209,632 ----a-w C:\WINNT\$hf_mig$\KB898461\spuninst.exe
    + 2005-02-25 03:35:05 22,752 ----a-w C:\WINNT\$hf_mig$\KB898461\spupdsvc.exe
    + 2005-02-25 03:35:05 22,240 ----a-w C:\WINNT\$hf_mig$\KB898461\update\spcustom.dll
    + 2005-02-25 03:35:05 718,048 ----a-w C:\WINNT\$hf_mig$\KB898461\update\update.exe
    + 2005-02-25 03:35:06 371,936 ----a-w C:\WINNT\$hf_mig$\KB898461\update\updspapi.dll
    + 2008-03-27 09:22:32 60,416 ----a-w C:\WINNT\$hf_mig$\KB942763\SP2QFE\tzchange.exe
    + 2008-03-27 10:40:24 60,416 ----a-w C:\WINNT\$hf_mig$\KB942763\SP3GDR\tzchange.exe
    + 2008-03-27 10:46:15 60,416 ----a-w C:\WINNT\$hf_mig$\KB942763\SP3QFE\tzchange.exe
    + 2007-11-30 11:18:51 17,272 ----a-w C:\WINNT\$hf_mig$\KB942763\spmsg.dll
    + 2007-11-30 11:18:51 231,288 ----a-w C:\WINNT\$hf_mig$\KB942763\spuninst.exe
    + 2007-11-30 11:18:51 26,488 ----a-w C:\WINNT\$hf_mig$\KB942763\update\spcustom.dll
    + 2007-11-30 11:18:51 755,576 ----a-w C:\WINNT\$hf_mig$\KB942763\update\update.exe
    + 2007-11-30 11:18:51 382,840 ----a-w C:\WINNT\$hf_mig$\KB942763\update\updspapi.dll
    + 2007-12-18 14:32:13 450,560 ----a-w C:\WINNT\$hf_mig$\KB944338-v2\SP2QFE\jscript.dll
    + 2007-12-18 14:32:13 417,792 ----a-w C:\WINNT\$hf_mig$\KB944338-v2\SP2QFE\vbscript.dll
    + 2007-03-06 01:22:36 14,048 ----a-w C:\WINNT\$hf_mig$\KB944338-v2\spmsg.dll
    + 2007-03-06 01:22:41 213,216 ----a-w C:\WINNT\$hf_mig$\KB944338-v2\spuninst.exe
    + 2007-03-06 01:22:34 22,752 ----a-w C:\WINNT\$hf_mig$\KB944338-v2\update\spcustom.dll
    + 2007-03-06 01:22:59 716,000 ----a-w C:\WINNT\$hf_mig$\KB944338-v2\update\update.exe
    + 2007-03-06 01:23:51 371,424 ----a-w C:\WINNT\$hf_mig$\KB944338-v2\update\updspapi.dll
    + 2008-01-23 04:56:21 554,008 ----a-w C:\WINNT\$hf_mig$\KB950749\SP2QFE\dao360.dll
    + 2007-12-10 12:41:11 518,944 ----a-w C:\WINNT\$hf_mig$\KB950749\SP2QFE\msexch40.dll
    + 2007-12-10 12:41:11 326,432 ----a-w C:\WINNT\$hf_mig$\KB950749\SP2QFE\msexcl40.dll
    + 2007-12-10 12:41:11 1,516,568 ----a-w C:\WINNT\$hf_mig$\KB950749\SP2QFE\msjet40.dll
    + 2007-12-10 12:41:11 355,112 ----a-w C:\WINNT\$hf_mig$\KB950749\SP2QFE\msjetol1.dll
    + 2008-03-27 07:39:13 151,583 ----a-w C:\WINNT\$hf_mig$\KB950749\SP2QFE\msjint40.dll
    + 2007-12-10 12:41:12 60,192 ----a-w C:\WINNT\$hf_mig$\KB950749\SP2QFE\msjter40.dll
    + 2007-12-10 12:41:12 248,608 ----a-w C:\WINNT\$hf_mig$\KB950749\SP2QFE\msjtes40.dll
    + 2007-12-10 12:41:12 219,936 ----a-w C:\WINNT\$hf_mig$\KB950749\SP2QFE\msltus40.dll
    + 2007-12-10 12:41:12 355,104 ----a-w C:\WINNT\$hf_mig$\KB950749\SP2QFE\mspbde40.dll
    + 2007-12-10 12:41:13 432,928 ----a-w C:\WINNT\$hf_mig$\KB950749\SP2QFE\msrd2x40.dll
    + 2007-12-10 12:41:13 322,336 ----a-w C:\WINNT\$hf_mig$\KB950749\SP2QFE\msrd3x40.dll
    + 2007-12-10 12:41:13 559,904 ----a-w C:\WINNT\$hf_mig$\KB950749\SP2QFE\msrepl40.dll
    + 2007-12-10 12:41:13 264,992 ----a-w C:\WINNT\$hf_mig$\KB950749\SP2QFE\mstext40.dll
    + 2007-12-10 12:41:13 838,432 ----a-w C:\WINNT\$hf_mig$\KB950749\SP2QFE\mswdat10.dll
    + 2007-12-10 12:41:14 621,344 ----a-w C:\WINNT\$hf_mig$\KB950749\SP2QFE\mswstr10.dll
    + 2007-12-10 12:41:14 355,104 ----a-w C:\WINNT\$hf_mig$\KB950749\SP2QFE\msxbde40.dll
    + 2007-03-06 01:22:36 14,048 ----a-w C:\WINNT\$hf_mig$\KB950749\spmsg.dll
    + 2007-03-06 01:22:41 213,216 ----a-w C:\WINNT\$hf_mig$\KB950749\spuninst.exe
    + 2007-03-06 01:22:34 22,752 ----a-w C:\WINNT\$hf_mig$\KB950749\update\spcustom.dll
    + 2007-03-06 01:22:59 716,000 ----a-w C:\WINNT\$hf_mig$\KB950749\update\update.exe
    + 2007-03-06 01:23:51 371,424 ----a-w C:\WINNT\$hf_mig$\KB950749\update\updspapi.dll
    + 2008-04-21 06:44:29 3,066,880 ----a-w C:\WINNT\$hf_mig$\KB950759\SP3GDR\mshtml.dll
    + 2008-04-21 06:44:29 666,112 ----a-w C:\WINNT\$hf_mig$\KB950759\SP3GDR\wininet.dll
    + 2008-04-21 06:24:01 3,067,392 ----a-w C:\WINNT\$hf_mig$\KB950759\SP3QFE\mshtml.dll
    + 2008-04-21 06:24:02 666,624 ----a-w C:\WINNT\$hf_mig$\KB950759\SP3QFE\wininet.dll
    + 2007-11-30 12:39:22 17,272 ----a-w C:\WINNT\$hf_mig$\KB950759\spmsg.dll
    + 2007-11-30 12:39:22 231,288 ----a-w C:\WINNT\$hf_mig$\KB950759\spuninst.exe
    + 2007-11-30 12:39:22 26,488 ----a-w C:\WINNT\$hf_mig$\KB950759\update\spcustom.dll
    + 2007-11-30 12:39:22 755,576 ----a-w C:\WINNT\$hf_mig$\KB950759\update\update.exe
    + 2007-11-30 12:39:22 382,840 ----a-w C:\WINNT\$hf_mig$\KB950759\update\updspapi.dll
    + 2007-11-30 12:39:22 17,272 ----a-w C:\WINNT\$hf_mig$\KB950760\spmsg.dll
    + 2007-11-30 12:39:22 231,288 ----a-w C:\WINNT\$hf_mig$\KB950760\spuninst.exe
    + 2007-11-30 12:39:22 26,488 ----a-w C:\WINNT\$hf_mig$\KB950760\update\spcustom.dll
    + 2007-11-30 12:39:22 755,576 ----a-w C:\WINNT\$hf_mig$\KB950760\update\update.exe
    + 2007-11-30 12:39:22 382,840 ----a-w C:\WINNT\$hf_mig$\KB950760\update\updspapi.dll
    + 2008-05-08 12:14:51 203,008 ----a-w C:\WINNT\$hf_mig$\KB950762\SP2QFE\rmcast.sys
    + 2008-05-08 14:02:52 203,136 ----a-w C:\WINNT\$hf_mig$\KB950762\SP3GDR\rmcast.sys
    + 2008-05-08 13:58:17 203,136 ----a-w C:\WINNT\$hf_mig$\KB950762\SP3QFE\rmcast.sys
    + 2007-11-30 12:39:22 17,272 ----a-w C:\WINNT\$hf_mig$\KB950762\spmsg.dll
    + 2007-11-30 12:39:22 231,288 ----a-w C:\WINNT\$hf_mig$\KB950762\spuninst.exe
    + 2007-11-30 12:39:22 26,488 ----a-w C:\WINNT\$hf_mig$\KB950762\update\spcustom.dll
    + 2007-11-30 12:39:22 755,576 ----a-w C:\WINNT\$hf_mig$\KB950762\update\update.exe
    + 2007-11-30 12:39:22 382,840 ----a-w C:\WINNT\$hf_mig$\KB950762\update\updspapi.dll
    + 2008-07-07 20:06:43 253,952 ----a-w C:\WINNT\$hf_mig$\KB950974\SP2QFE\es.dll
    + 2008-07-07 20:26:58 253,952 ----a-w C:\WINNT\$hf_mig$\KB950974\SP3GDR\es.dll
    + 2008-07-07 20:23:18 253,952 ----a-w C:\WINNT\$hf_mig$\KB950974\SP3QFE\es.dll
    + 2007-11-30 12:39:22 17,272 ----a-w C:\WINNT\$hf_mig$\KB950974\spmsg.dll
    + 2007-11-30 12:39:22 231,288 ----a-w C:\WINNT\$hf_mig$\KB950974\spuninst.exe
    + 2007-11-30 12:39:22 26,488 ----a-w C:\WINNT\$hf_mig$\KB950974\update\spcustom.dll
    + 2007-11-30 12:39:18 755,576 ----a-w C:\WINNT\$hf_mig$\KB950974\update\update.exe
    + 2007-11-30 12:39:19 382,840 ----a-w C:\WINNT\$hf_mig$\KB950974\update\updspapi.dll
    + 2008-07-14 11:03:00 62,976 ----a-w C:\WINNT\$hf_mig$\KB951072-v2\SP2QFE\tzchange.exe
    + 2008-07-11 12:42:28 62,976 ----a-w C:\WINNT\$hf_mig$\KB951072-v2\SP3GDR\tzchange.exe
    + 2008-07-11 12:51:51 62,976 ----a-w C:\WINNT\$hf_mig$\KB951072-v2\SP3QFE\tzchange.exe
    + 2007-11-30 11:18:51 17,272 ----a-w C:\WINNT\$hf_mig$\KB951072-v2\spmsg.dll
    + 2007-11-30 11:18:51 231,288 ----a-w C:\WINNT\$hf_mig$\KB951072-v2\spuninst.exe
    + 2007-11-30 11:18:51 26,488 ----a-w C:\WINNT\$hf_mig$\KB951072-v2\update\spcustom.dll
    + 2007-11-30 12:39:22 755,576 ----a-w C:\WINNT\$hf_mig$\KB951072-v2\update\update.exe
    + 2007-11-30 12:39:22 382,840 ----a-w C:\WINNT\$hf_mig$\KB951072-v2\update\updspapi.dll
    + 2008-06-13 09:52:16 272,128 ----a-w C:\WINNT\$hf_mig$\KB951376-v2\SP2QFE\bthport.sys
    + 2008-06-13 11:05:51 272,128 ----a-w C:\WINNT\$hf_mig$\KB951376-v2\SP3GDR\bthport.sys
    + 2008-06-13 11:27:43 272,128 ----a-w C:\WINNT\$hf_mig$\KB951376-v2\SP3QFE\bthport.sys
    + 2007-11-30 11:18:51 17,272 ----a-w C:\WINNT\$hf_mig$\KB951376-v2\spmsg.dll
    + 2007-11-30 11:18:51 231,288 ----a-w C:\WINNT\$hf_mig$\KB951376-v2\spuninst.exe
    + 2007-11-30 11:18:51 26,488 ----a-w C:\WINNT\$hf_mig$\KB951376-v2\update\spcustom.dll
    + 2007-11-30 11:18:51 755,576 ----a-w C:\WINNT\$hf_mig$\KB951376-v2\update\update.exe
    + 2007-11-30 11:18:51 382,840 ----a-w C:\WINNT\$hf_mig$\KB951376-v2\update\updspapi.dll
    + 2008-05-07 04:55:40 1,288,192 ----a-w C:\WINNT\$hf_mig$\KB951698\SP2QFE\quartz.dll
    + 2008-05-07 05:12:40 1,288,192 ----a-w C:\WINNT\$hf_mig$\KB951698\SP3GDR\quartz.dll
    + 2008-05-07 05:04:15 1,288,192 ----a-w C:\WINNT\$hf_mig$\KB951698\SP3QFE\quartz.dll
    + 2007-11-30 11:18:51 17,272 ----a-w C:\WINNT\$hf_mig$\KB951698\spmsg.dll
    + 2007-11-30 11:18:51 231,288 ----a-w C:\WINNT\$hf_mig$\KB951698\spuninst.exe
    + 2007-11-30 11:18:51 26,488 ----a-w C:\WINNT\$hf_mig$\KB951698\update\spcustom.dll
    + 2007-11-30 12:39:22 755,576 ----a-w C:\WINNT\$hf_mig$\KB951698\update\update.exe
    + 2007-11-30 12:39:22 382,840 ----a-w C:\WINNT\$hf_mig$\KB951698\update\updspapi.dll
    + 2006-08-16 12:08:32 100,352 ----a-w C:\WINNT\$hf_mig$\KB951748\SP2QFE\6to4svc.dll
    + 2008-06-20 10:44:08 138,368 ----a-w C:\WINNT\$hf_mig$\KB951748\SP2QFE\afd.sys
    + 2008-06-20 17:36:11 147,968 ----a-w C:\WINNT\$hf_mig$\KB951748\SP2QFE\dnsapi.dll
    + 2008-06-20 17:36:11 245,248 ----a-w C:\WINNT\$hf_mig$\KB951748\SP2QFE\mswsock.dll
    + 2008-06-20 10:44:42 360,960 ----a-w C:\WINNT\$hf_mig$\KB951748\SP2QFE\tcpip.sys
    + 2008-06-20 09:32:39 225,920 ----a-w C:\WINNT\$hf_mig$\KB951748\SP2QFE\tcpip6.sys
    + 2008-06-20 11:40:08 138,496 ----a-w C:\WINNT\$hf_mig$\KB951748\SP3GDR\afd.sys
    + 2008-06-20 17:46:57 147,968 ----a-w C:\WINNT\$hf_mig$\KB951748\SP3GDR\dnsapi.dll
    + 2008-06-20 17:46:57 245,248 ----a-w C:\WINNT\$hf_mig$\KB951748\SP3GDR\mswsock.dll
    + 2008-06-20 11:51:12 361,600 ----a-w C:\WINNT\$hf_mig$\KB951748\SP3GDR\tcpip.sys
    + 2008-06-20 11:08:27 225,856 ----a-w C:\WINNT\$hf_mig$\KB951748\SP3GDR\tcpip6.sys
    + 2008-06-20 11:48:03 138,496 ----a-w C:\WINNT\$hf_mig$\KB951748\SP3QFE\afd.sys
    + 2008-06-20 17:43:05 147,968 ----a-w C:\WINNT\$hf_mig$\KB951748\SP3QFE\dnsapi.dll
    + 2008-06-20 17:43:05 245,248 ----a-w C:\WINNT\$hf_mig$\KB951748\SP3QFE\mswsock.dll
    + 2008-06-20 11:59:02 361,600 ----a-w C:\WINNT\$hf_mig$\KB951748\SP3QFE\tcpip.sys
    + 2008-06-20 11:16:44 225,856 ----a-w C:\WINNT\$hf_mig$\KB951748\SP3QFE\tcpip6.sys
    + 2007-11-30 12:39:22 17,272 ----a-w C:\WINNT\$hf_mig$\KB951748\spmsg.dll
    + 2007-11-30 12:39:22 231,288 ----a-w C:\WINNT\$hf_mig$\KB951748\spuninst.exe
    + 2007-11-30 12:39:22 26,488 ----a-w C:\WINNT\$hf_mig$\KB951748\update\spcustom.dll
    + 2007-11-30 12:39:18 755,576 ----a-w C:\WINNT\$hf_mig$\KB951748\update\update.exe
    + 2007-11-30 12:39:19 382,840 ----a-w C:\WINNT\$hf_mig$\KB951748\update\updspapi.dll
    + 2008-06-24 16:28:00 74,240 ----a-w C:\WINNT\$hf_mig$\KB952954\SP2QFE\mscms.dll
    + 2008-06-24 16:43:16 74,240 ----a-w C:\WINNT\$hf_mig$\KB952954\SP3GDR\mscms.dll
    + 2008-06-24 16:53:10 74,240 ----a-w C:\WINNT\$hf_mig$\KB952954\SP3QFE\mscms.dll
    + 2007-11-30 12:39:22 17,272 ----a-w C:\WINNT\$hf_mig$\KB952954\spmsg.dll
    + 2007-11-30 12:39:22 231,288 ----a-w C:\WINNT\$hf_mig$\KB952954\spuninst.exe
    + 2007-11-30 12:39:22 26,488 ----a-w C:\WINNT\$hf_mig$\KB952954\update\spcustom.dll
    + 2007-11-30 12:39:22 755,576 ----a-w C:\WINNT\$hf_mig$\KB952954\update\update.exe
    + 2007-11-30 12:39:22 382,840 ----a-w C:\WINNT\$hf_mig$\KB952954\update\updspapi.dll
    + 2008-06-23 15:09:27 3,067,392 ----a-w C:\WINNT\$hf_mig$\KB953838\SP3GDR\mshtml.dll
    + 2008-06-26 08:15:29 1,499,136 ----a-w C:\WINNT\$hf_mig$\KB953838\SP3GDR\shdocvw.dll
    + 2008-06-26 08:15:30 619,520 ----a-w C:\WINNT\$hf_mig$\KB953838\SP3GDR\urlmon.dll
    + 2008-06-23 15:09:27 666,112 ----a-w C:\WINNT\$hf_mig$\KB953838\SP3GDR\wininet.dll
    + 2008-06-25 04:24:48 3,067,904 ----a-w C:\WINNT\$hf_mig$\KB953838\SP3QFE\mshtml.dll
    + 2008-06-26 08:00:52 1,499,136 ----a-w C:\WINNT\$hf_mig$\KB953838\SP3QFE\shdocvw.dll
    + 2008-06-26 08:00:52 619,520 ----a-w C:\WINNT\$hf_mig$\KB953838\SP3QFE\urlmon.dll
    + 2008-06-23 14:54:47 666,624 ----a-w C:\WINNT\$hf_mig$\KB953838\SP3QFE\wininet.dll
    + 2007-11-30 12:39:22 17,272 ----a-w C:\WINNT\$hf_mig$\KB953838\spmsg.dll
    + 2007-11-30 12:39:22 231,288 ----a-w C:\WINNT\$hf_mig$\KB953838\spuninst.exe
    + 2007-11-30 12:39:22 26,488 ----a-w C:\WINNT\$hf_mig$\KB953838\update\spcustom.dll
    + 2007-11-30 12:39:18 755,576 ----a-w C:\WINNT\$hf_mig$\KB953838\update\update.exe
    + 2007-11-30 12:39:19 382,840 ----a-w C:\WINNT\$hf_mig$\KB953838\update\updspapi.dll
    + 2005-02-25 03:35:05 209,632 -c----w C:\WINNT\$NtUninstallKB898461$\spuninst\spuninst.exe
    + 2005-02-25 03:35:06 371,936 -c----w C:\WINNT\$NtUninstallKB898461$\spuninst\updspapi.dll
    + 2005-06-28 17:23:24 213,216 -c----w C:\WINNT\$NtUninstallKB923689$\spuninst\spuninst.exe
    + 2005-06-28 17:23:53 371,424 -c----w C:\WINNT\$NtUninstallKB923689$\spuninst\updspapi.dll
    + 2005-01-28 12:44:28 2,370,296 -c----w C:\WINNT\$NtUninstallKB923689$\wmvcore.dll
    + 2005-06-28 10:23:26 213,216 -c----w C:\WINNT\$NtUninstallKB936782_WMP10$\spuninst\spuninst.exe
    + 2005-06-28 10:23:54 371,424 -c----w C:\WINNT\$NtUninstallKB936782_WMP10$\spuninst\updspapi.dll
    + 2006-03-10 05:09:14 5,533,696 -c----w C:\WINNT\$NtUninstallKB936782_WMP10$\wmp.dll
    + 2007-10-27 16:39:36 213,216 -c----w C:\WINNT\$NtUninstallKB941569$\spuninst\spuninst.exe
    + 2007-10-27 16:39:46 371,424 -c----w C:\WINNT\$NtUninstallKB941569$\spuninst\updspapi.dll
    + 2005-01-28 12:44:28 224,768 -c----w C:\WINNT\$NtUninstallKB941569$\wmasf.dll
    + 2007-11-30 11:18:51 231,288 -c----w C:\WINNT\$NtUninstallKB942763$\spuninst\spuninst.exe
    + 2007-11-30 11:18:51 382,840 -c----w C:\WINNT\$NtUninstallKB942763$\spuninst\updspapi.dll
    + 2004-08-04 08:00:00 561,179 -c----w C:\WINNT\$NtUninstallKB950749$\dao360.dll
    + 2004-08-04 08:00:00 512,029 -c----w C:\WINNT\$NtUninstallKB950749$\msexch40.dll
    + 2004-08-04 08:00:00 319,517 -c----w C:\WINNT\$NtUninstallKB950749$\msexcl40.dll
    + 2004-08-04 08:00:00 1,507,356 -c----w C:\WINNT\$NtUninstallKB950749$\msjet40.dll
    + 2004-08-04 08:00:00 358,976 -c----w C:\WINNT\$NtUninstallKB950749$\msjetol1.dll
    + 2004-08-04 08:00:00 358,976 -c----w C:\WINNT\$NtUninstallKB950749$\msjetoledb40.dll
    + 2004-08-04 08:00:00 151,583 -c----w C:\WINNT\$NtUninstallKB950749$\msjint40.dll
    + 2004-08-04 08:00:00 53,279 -c----w C:\WINNT\$NtUninstallKB950749$\msjter40.dll
    + 2004-08-04 08:00:00 241,693 -c----w C:\WINNT\$NtUninstallKB950749$\msjtes40.dll
    + 2004-08-04 08:00:00 213,023 -c----w C:\WINNT\$NtUninstallKB950749$\msltus40.dll
    + 2004-08-04 08:00:00 348,189 -c----w C:\WINNT\$NtUninstallKB950749$\mspbde40.dll
    + 2004-08-04 08:00:00 421,919 -c----w C:\WINNT\$NtUninstallKB950749$\msrd2x40.dll
    + 2004-08-04 08:00:00 315,423 -c----w C:\WINNT\$NtUninstallKB950749$\msrd3x40.dll
    + 2004-08-04 08:00:00 552,989 -c----w C:\WINNT\$NtUninstallKB950749$\msrepl40.dll
    + 2004-08-04 08:00:00 258,077 -c----w C:\WINNT\$NtUninstallKB950749$\mstext40.dll
    + 2004-08-04 08:00:00 831,519 -c----w C:\WINNT\$NtUninstallKB950749$\mswdat10.dll
    + 2004-08-04 08:00:00 614,429 -c----w C:\WINNT\$NtUninstallKB950749$\mswstr10.dll
    + 2004-08-04 08:00:00 348,189 -c----w C:\WINNT\$NtUninstallKB950749$\msxbde40.dll
    + 2007-03-06 01:22:41 213,216 -c----w C:\WINNT\$NtUninstallKB950749$\spuninst\spuninst.exe
    + 2007-03-06 01:23:51 371,424 -c----w C:\WINNT\$NtUninstallKB950749$\spuninst\updspapi.dll
    + 2006-03-04 03:58:42 1,022,976 -c----w C:\WINNT\$NtUninstallKB950759$\browseui.dll
    + 2006-03-04 03:58:42 151,040 -c----w C:\WINNT\$NtUninstallKB950759$\cdfview.dll
    + 2006-03-04 03:58:44 1,054,208 -c----w C:\WINNT\$NtUninstallKB950759$\danim.dll
    + 2004-08-04 08:00:00 357,888 -c----w C:\WINNT\$NtUninstallKB950759$\dxtmsft.dll
    + 2006-03-04 03:58:44 205,312 -c----w C:\WINNT\$NtUninstallKB950759$\dxtrans.dll
    + 2006-03-04 03:58:44 55,808 -c----w C:\WINNT\$NtUninstallKB950759$\extmgr.dll
    + 2004-08-04 08:00:00 18,432 -c----w C:\WINNT\$NtUninstallKB950759$\iedw.exe
    + 2006-03-04 03:58:44 251,904 -c----w C:\WINNT\$NtUninstallKB950759$\iepeers.dll
    + 2006-03-04 03:58:44 96,256 -c----w C:\WINNT\$NtUninstallKB950759$\inseng.dll
    + 2004-08-04 08:00:00 15,872 -c----w C:\WINNT\$NtUninstallKB950759$\jsproxy.dll
    + 2006-03-23 20:31:39 3,055,616 -c----w C:\WINNT\$NtUninstallKB950759$\mshtml.dll
    + 2006-03-04 03:58:48 448,512 -c----w C:\WINNT\$NtUninstallKB950759$\mshtmled.dll
    + 2006-03-04 03:58:48 146,432 -c----w C:\WINNT\$NtUninstallKB950759$\msrating.dll
    + 2006-03-04 03:58:48 532,480 -c----w C:\WINNT\$NtUninstallKB950759$\mstime.dll
    + 2006-03-04 03:58:48 39,424 -c----w C:\WINNT\$NtUninstallKB950759$\pngfilt.dll
    + 2006-03-30 09:27:01 1,495,040 -c----w C:\WINNT\$NtUninstallKB950759$\shdocvw.dll
    + 2006-03-04 03:58:50 474,112 -c----w C:\WINNT\$NtUninstallKB950759$\shlwapi.dll
    + 2007-11-30 12:39:22 231,288 -c----w C:\WINNT\$NtUninstallKB950759$\spuninst\spuninst.exe
    + 2007-11-30 12:39:22 382,840 -c----w C:\WINNT\$NtUninstallKB950759$\spuninst\updspapi.dll
    + 2006-03-18 11:04:10 614,400 -c----w C:\WINNT\$NtUninstallKB950759$\urlmon.dll
    + 2006-03-04 03:58:52 663,552 -c----w C:\WINNT\$NtUninstallKB950759$\wininet.dll
    + 2006-03-30 01:31:04 23,040 -c----w C:\WINNT\$NtUninstallKB950759$\xpsp3res.dll
    + 2007-11-30 12:39:22 231,288 -c----w C:\WINNT\$NtUninstallKB950760$\spuninst\spuninst.exe
    + 2007-11-30 12:39:22 382,840 -c----w C:\WINNT\$NtUninstallKB950760$\spuninst\updspapi.dll
    + 2004-08-04 08:00:00 200,064 -c----w C:\WINNT\$NtUninstallKB950762$\rmcast.sys
    + 2007-11-30 12:39:22 231,288 -c----w C:\WINNT\$NtUninstallKB950762$\spuninst\spuninst.exe
    + 2007-11-30 12:39:22 382,840 -c----w C:\WINNT\$NtUninstallKB950762$\spuninst\updspapi.dll
    + 2004-08-03 23:10:38 274,304 -c----w C:\WINNT\$NtUninstallKB951376-v2$\bthport.sys
    + 2007-11-30 11:18:51 231,288 -c----w C:\WINNT\$NtUninstallKB951376-v2$\spuninst\spuninst.exe
    + 2007-11-30 11:18:51 382,840 -c----w C:\WINNT\$NtUninstallKB951376-v2$\spuninst\updspapi.dll
    + 2005-08-30 03:54:26 1,287,168 -c----w C:\WINNT\$NtUninstallKB951698$\quartz.dll
    + 2007-11-30 11:18:51 231,288 -c----w C:\WINNT\$NtUninstallKB951698$\spuninst\spuninst.exe
    + 2007-11-30 12:39:22 382,840 -c----w C:\WINNT\$NtUninstallKB951698$\spuninst\updspapi.dll
    + 2004-08-04 08:00:00 100,352 -c----w C:\WINNT\$NtUninstallKB951748$\6to4svc.dll
    + 2004-08-04 08:00:00 138,496 -c----w C:\WINNT\$NtUninstallKB951748$\afd.sys
    + 2004-08-04 08:00:00 148,480 -c----w C:\WINNT\$NtUninstallKB951748$\dnsapi.dll
    + 2004-08-04 08:00:00 245,248 -c----w C:\WINNT\$NtUninstallKB951748$\mswsock.dll
    + 2007-11-30 12:39:22 231,288 -c----w C:\WINNT\$NtUninstallKB951748$\spuninst\spuninst.exe
    + 2007-11-30 12:39:19 382,840 -c----w C:\WINNT\$NtUninstallKB951748$\spuninst\updspapi.dll
    + 2006-01-13 02:28:14 359,808 -c----w C:\WINNT\$NtUninstallKB951748$\tcpip.sys
    + 2004-08-04 08:00:00 223,616 -c----w C:\WINNT\$NtUninstallKB951748$\tcpip6.sys
    - 2006-05-16 10:22:42 997,992 -c--a-w C:\WINNT\assembly\GAC\Microsoft.Office.Interop.Access\11.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.Access.dll
    + 2008-09-02 21:23:15 1,000,848 ----a-w C:\WINNT\assembly\GAC\Microsoft.Office.Interop.Access\11.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.Access.dll
    - 2006-05-16 10:22:42 1,100,392 -c--a-w C:\WINNT\assembly\GAC\Microsoft.Office.Interop.Excel\11.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.Excel.dll
    + 2008-09-02 21:24:03 1,103,248 ----a-w C:\WINNT\assembly\GAC\Microsoft.Office.Interop.Excel\11.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.Excel.dll
    - 2006-05-16 10:22:43 141,928 -c--a-w C:\WINNT\assembly\GAC\Microsoft.Office.Interop.Graph\11.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.Graph.dll
    + 2008-09-02 21:23:35 144,784 ----a-w C:\WINNT\assembly\GAC\Microsoft.Office.Interop.Graph\11.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.Graph.dll
    - 2006-05-16 10:25:44 88,776 -c--a-w C:\WINNT\assembly\GAC\Microsoft.Office.Interop.InfoPath.Xml\11.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.InfoPath.Xml.dll
    + 2008-09-02 21:24:22 91,488 ----a-w C:\WINNT\assembly\GAC\Microsoft.Office.Interop.InfoPath.Xml\11.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.InfoPath.Xml.dll
    - 2006-05-16 10:25:43 101,064 -c--a-w C:\WINNT\assembly\GAC\Microsoft.Office.Interop.InfoPath\11.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.InfoPath.dll
    + 2008-09-02 21:24:21 103,776 ----a-w C:\WINNT\assembly\GAC\Microsoft.Office.Interop.InfoPath\11.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.InfoPath.dll
    - 2006-05-16 10:22:43 461,416 -c--a-w C:\WINNT\assembly\GAC\Microsoft.Office.Interop.Owc11\11.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.Owc11.dll
    + 2008-09-02 21:23:59 464,272 ----a-w C:\WINNT\assembly\GAC\Microsoft.Office.Interop.Owc11\11.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.Owc11.dll
    - 2006-05-16 10:22:43 223,856 -c--a-w C:\WINNT\assembly\GAC\Microsoft.Office.Interop.PowerPoint\11.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.PowerPoint.dll
    + 2008-09-02 21:24:17 226,712 ----a-w C:\WINNT\assembly\GAC\Microsoft.Office.Interop.PowerPoint\11.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.PowerPoint.dll
    - 2006-05-16 10:22:43 20,080 -c--a-w C:\WINNT\assembly\GAC\Microsoft.Office.Interop.SmartTag\11.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.SmartTag.dll
    + 2008-09-02 21:23:57 22,928 ----a-w C:\WINNT\assembly\GAC\Microsoft.Office.Interop.SmartTag\11.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.SmartTag.dll
    - 2006-05-16 10:22:43 662,120 -c--a-w C:\WINNT\assembly\GAC\Microsoft.Office.Interop.Word\11.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.Word.dll
    + 2008-09-02 21:24:12 664,968 ----a-w C:\WINNT\assembly\GAC\Microsoft.Office.Interop.Word\11.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.Word.dll
    - 2006-05-16 10:22:42 371,296 -c--a-w C:\WINNT\assembly\GAC\Microsoft.Vbe.Interop.Forms\11.0.0.0__71e9bce111e9429c\Microsoft.Vbe.Interop.Forms.dll
    + 2008-09-02 21:23:34 374,152 ----a-w C:\WINNT\assembly\GAC\Microsoft.Vbe.Interop.Forms\11.0.0.0__71e9bce111e9429c\Microsoft.Vbe.Interop.Forms.dll
    - 2006-05-16 10:22:43 64,088 -c--a-w C:\WINNT\assembly\GAC\Microsoft.Vbe.Interop\11.0.0.0__71e9bce111e9429c\Microsoft.Vbe.Interop.dll
    + 2008-09-02 21:23:29 66,936 ----a-w C:\WINNT\assembly\GAC\Microsoft.Vbe.Interop\11.0.0.0__71e9bce111e9429c\Microsoft.Vbe.Interop.dll
    - 2006-05-16 10:22:43 223,800 -c--a-w C:\WINNT\assembly\GAC\office\11.0.0.0__71e9bce111e9429c\OFFICE.DLL
    + 2008-09-02 21:23:21 226,656 ----a-w C:\WINNT\assembly\GAC\office\11.0.0.0__71e9bce111e9429c\OFFICE.DLL
    - 2006-05-16 10:19:40 1,257,472 -c--a-w C:\WINNT\assembly\GAC\System.Web\1.0.5000.0__b03f5f7f11d50a3a\System.Web.dll
    + 2008-08-01 20:09:59 1,265,664 ----a-w C:\WINNT\assembly\GAC\System.Web\1.0.5000.0__b03f5f7f11d50a3a\System.Web.dll
    - 2006-05-16 10:16:12 1,224,704 -c--a-w C:\WINNT\assembly\GAC\System\1.0.5000.0__b77a5c561934e089\System.dll
    + 2008-08-01 20:10:00 1,232,896 ----a-w C:\WINNT\assembly\GAC\System\1.0.5000.0__b77a5c561934e089\System.dll
    + 2008-08-01 20:10:11 61,440 ----a-w C:\WINNT\assembly\NativeImages1_v1.1.4322\CustomMarshalers\1.0.5000.0__b03f5f7f11d50a3a_088bb0be\CustomMarshalers.dll
    + 2008-08-01 20:10:42 118,784 ----a-w C:\WINNT\assembly\NativeImages1_v1.1.4322\CustomMarshalers\1.0.5000.0__b03f5f7f11d50a3a_63382fd7\CustomMarshalers.dll
    + 2008-08-01 20:10:54 8,908,800 ----a-w C:\WINNT\assembly\NativeImages1_v1.1.4322\mscorlib\1.0.5000.0__b77a5c561934e089_179b4db8\mscorlib.dll
    + 2008-08-01 20:10:38 3,391,488 ----a-w C:\WINNT\assembly\NativeImages1_v1.1.4322\mscorlib\1.0.5000.0__b77a5c561934e089_36f42c92\mscorlib.dll
    + 2008-08-01 20:10:49 3,395,584 ----a-w C:\WINNT\assembly\NativeImages1_v1.1.4322\System.Design\1.0.5000.0__b03f5f7f11d50a3a_69a05c41\System.Design.dll
    + 2008-08-01 20:10:32 1,470,464 ----a-w C:\WINNT\assembly\NativeImages1_v1.1.4322\System.Design\1.0.5000.0__b03f5f7f11d50a3a_7489f320\System.Design.dll
    + 2008-08-01 20:10:12 90,112 ----a-w C:\WINNT\assembly\NativeImages1_v1.1.4322\System.Drawing.Design\1.0.5000.0__b03f5f7f11d50a3a_14703a85\System.Drawing.Design.dll
    + 2008-08-01 20:10:43 192,512 ----a-w C:\WINNT\assembly\NativeImages1_v1.1.4322\System.Drawing.Design\1.0.5000.0__b03f5f7f11d50a3a_aed2df02\System.Drawing.Design.dll
    + 2008-08-01 20:10:35 835,584 ----a-w C:\WINNT\assembly\NativeImages1_v1.1.4322\System.Drawing\1.0.5000.0__b03f5f7f11d50a3a_45d63502\System.Drawing.dll
    + 2008-08-01 20:10:50 2,244,608 ----a-w C:\WINNT\assembly\NativeImages1_v1.1.4322\System.Drawing\1.0.5000.0__b03f5f7f11d50a3a_e13c3ab3\System.Drawing.dll
    + 2008-08-01 20:10:20 3,018,752 ----a-w C:\WINNT\assembly\NativeImages1_v1.1.4322\System.Windows.Forms\1.0.5000.0__b77a5c561934e089_08c9b946\System.Windows.Forms.dll
    + 2008-08-01 20:10:46 7,884,800 ----a-w C:\WINNT\assembly\NativeImages1_v1.1.4322\System.Windows.Forms\1.0.5000.0__b77a5c561934e089_69874c05\System.Windows.Forms.dll
    + 2008-08-01 20:10:26 2,088,960 ----a-w C:\WINNT\assembly\NativeImages1_v1.1.4322\System.Xml\1.0.5000.0__b77a5c561934e089_12a8ad77\System.Xml.dll
    + 2008-08-01 20:10:48 5,513,216 ----a-w C:\WINNT\assembly\NativeImages1_v1.1.4322\System.Xml\1.0.5000.0__b77a5c561934e089_e74b763f\System.Xml.dll
    + 2008-08-01 20:10:10 1,966,080 ----a-w C:\WINNT\assembly\NativeImages1_v1.1.4322\System\1.0.5000.0__b77a5c561934e089_4d338382\System.dll
    + 2008-08-01 20:10:42 4,788,224 ----a-w C:\WINNT\assembly\NativeImages1_v1.1.4322\System\1.0.5000.0__b77a5c561934e089_ed33ec3c\System.dll
    + 2008-06-13 13:10:50 272,128 ------w C:\WINNT\Driver Cache\i386\bthport.sys
    + 2006-05-16 10:22:42 997,992 ----a-r C:\WINNT\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\ACCESS.DLL
    + 2003-07-14 21:57:34 38,968 ----a-r C:\WINNT\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\AUTHZAX.DLL
    + 2003-07-14 21:53:06 94,768 ----a-r C:\WINNT\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\AW.DLL
    + 2003-07-14 21:53:22 46,144 ----a-r C:\WINNT\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\BLNMGRPS.DLL
    + 2003-07-14 21:56:54 14,904 ----a-r C:\WINNT\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\DSITF.DLL
    + 2003-07-14 21:57:14 98,360 ----a-r C:\WINNT\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\DSSM.EXE
    + 2006-05-16 10:22:42 1,100,392 ----a-r C:\WINNT\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\EXCELPIA.DLL
    + 2002-10-07 08:49:36 192,573 ----a-r C:\WINNT\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\FORM.DLL
    + 2006-05-16 10:22:42 371,296 ----a-r C:\WINNT\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\FORMSPIA.DLL
    + 2003-07-14 21:40:12 179,768 ----a-r C:\WINNT\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\FPERSON.DLL
    + 2003-07-14 21:40:12 165,944 ----a-r C:\WINNT\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\FPLACE.DLL
    + 2006-05-16 10:22:43 141,928 ----a-r C:\WINNT\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\GRAPHPIA.DLL
    + 2003-07-14 21:45:14 58,944 ----a-r C:\WINNT\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\INLAUNCH.DLL
    + 2003-06-18 16:31:10 252,928 ----a-r C:\WINNT\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\MDIINK.DLL
    + 2003-07-14 21:57:14 124,480 ----a-r C:\WINNT\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\MSB1CORE.DLL
    + 2003-07-14 22:12:22 47,872 ----a-r C:\WINNT\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\MSB1XTOR.DLL
    + 2003-07-14 21:56:14 40,504 ----a-r C:\WINNT\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\MSE7.EXE
    + 2003-07-14 21:51:44 87,104 ----a-r C:\WINNT\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\MSENCODE.DLL
    + 2003-07-14 21:52:52 17,464 ----a-r C:\WINNT\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\MSMH.DLL
    + 2003-07-14 21:57:16 120,888 ----a-r C:\WINNT\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\MSOAUTH.DLL
    + 2003-07-14 21:52:52 27,704 ----a-r C:\WINNT\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\MSODCW.DLL
    + 2003-07-14 21:44:06 25,144 ----a-r C:\WINNT\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\MSOEURO.DLL
    + 2003-07-14 21:52:56 55,360 ----a-r C:\WINNT\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\MSOHTMED.EXE
    + 2003-07-14 21:56:16 54,328 ----a-r C:\WINNT\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\MSOMSE.DLL
    + 2003-07-11 01:15:48 1,292,872 ----a-r C:\WINNT\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\MSONSEXT.DLL
    + 2003-07-15 02:18:52 376,888 ----a-r C:\WINNT\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\MSORUN.DLL
    + 2003-07-14 21:52:54 28,224 ----a-r C:\WINNT\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\MSOSTYLE.DLL
    + 2003-07-14 21:52:52 35,896 ----a-r C:\WINNT\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\MSOSV.DLL
    + 2003-07-14 21:46:16 42,040 ----a-r C:\WINNT\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\MSOXEV.DLL
    + 2003-07-14 21:45:12 55,360 ----a-r C:\WINNT\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\MSOXMLED.EXE
    + 2003-07-14 21:45:12 39,488 ----a-r C:\WINNT\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\MSOXMLMF.DLL
    + 2003-06-18 16:31:54 788,480 ----a-r C:\WINNT\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\MSPFILT.DLL
    + 2003-06-18 16:31:50 16,384 ----a-r C:\WINNT\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\MSPGIMME.DLL
    + 2003-06-19 15:05:52 128,104 ----a-r C:\WINNT\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\MSPSCAN.EXE
    + 2003-06-19 15:05:50 364,648 ----a-r C:\WINNT\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\MSPVIEW.EXE
    + 2003-07-14 22:02:42 637,496 ----a-r C:\WINNT\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\MSQRY32.EXE
    + 2003-07-14 21:52:58 41,528 ----a-r C:\WINNT\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\MSSH.DLL
    + 2006-05-16 10:22:43 20,080 ----a-r C:\WINNT\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\MSTAGPIA.DLL
    + 2003-07-14 22:00:54 145,984 ----a-r C:\WINNT\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\MSWEBCAP.DLL
    + 2003-07-14 21:57:10 56,888 ----a-r C:\WINNT\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\NAME.DLL
    + 2003-07-14 21:56:52 13,888 ----a-r C:\WINNT\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\NPOFFICE.DLL
    + 2003-06-18 16:31:58 6,144 ----a-r C:\WINNT\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\OCRPS.DLL
    + 2006-05-16 10:22:43 223,800 ----a-r C:\WINNT\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\OFFICE.DLL
    + 2003-07-15 02:14:26 242,240 ----a-r C:\WINNT\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\OISGRAPH.DLL
    + 2003-07-14 22:05:24 1,054,264 ----a-r C:\WINNT\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\OMFC.DLL
    + 2003-07-14 22:05:24 1,054,264 ----a-r C:\WINNT\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\OMFC.DLL_0002
    + 2006-05-16 10:22:43 461,416 ----a-r C:\WINNT\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\OWC11PIA.DLL
    + 2003-07-15 02:18:44 93,752 ----a-r C:\WINNT\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\PP7X32.DLL
    + 2006-05-16 10:22:43 223,856 ----a-r C:\WINNT\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\PPTPIA.DLL
    + 2002-10-07 09:11:00 167,997 ----a-r C:\WINNT\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\PSOM.DLL
    + 2003-05-08 20:54:00 77,824 ----a-r C:\WINNT\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\REFEDIT.DLL
    + 2003-07-14 21:57:08 40,512 ----a-r C:\WINNT\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\REFIEBAR.DLL
    + 2002-10-07 08:49:42 81,984 ----a-r C:\WINNT\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\REVERSE.DLL
    + 2003-07-14 21:57:18 349,248 ----a-r C:\WINNT\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\SELFCERT.EXE
    + 2003-07-14 21:57:08 58,944 ----a-r C:\WINNT\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\SEQCHK10.DLL
    + 2003-07-14 21:53:14 11,848 ----a-r C:\WINNT\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\SMARTTAGINSTALL.EXE
    + 2002-10-07 08:53:04 106,561 ----a-r C:\WINNT\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\THOCRAPI.DLL
    + 2002-10-07 08:50:44 241,729 ----a-r C:\WINNT\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\TWCUTCHR.DLL
    + 2002-10-07 08:51:04 180,289 ----a-r C:\WINNT\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\TWCUTLIN.DLL
    + 2002-10-07 08:51:14 147,520 ----a-r C:\WINNT\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\TWLAY32.DLL
    + 2002-10-07 08:51:20 102,467 ----a-r C:\WINNT\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\TWORIENT.DLL
    + 2002-10-07 08:50:04 118,847 ----a-r C:\WINNT\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\TWRECE.DLL
    + 2002-10-07 08:49:56 81,983 ----a-r C:\WINNT\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\TWRECS.DLL
    + 2002-10-07 08:51:44 221,252 ----a-r C:\WINNT\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\TWSTRUCT.DLL
    + 2003-07-14 21:57:40 59,960 ----a-r C:\WINNT\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\UNBIND.EXE
    + 2006-05-16 10:22:43 64,088 ----a-r C:\WINNT\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\VBIDEPIA.DLL
    + 2006-05-16 10:22:43 662,120 ----a-r C:\WINNT\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\WORDPIA.DLL
    + 2002-10-07 09:03:34 1,794,113 ----a-r C:\WINNT\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\XIMAGE3B.DLL
    + 2003-04-30 10:52:32 1,581,120 ----a-r C:\WINNT\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\XPAGE3C.DLL
    + 2003-01-17 13:03:34 59,466 ----a-r C:\WINNT\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\XSCAN32.DAT
    + 2001-06-05 07:13:22 289,926 ----a-r C:\WINNT\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.8173\ENGDIC.DAT
    + 2001-06-05 07:13:22 34,168 ----a-r C:\WINNT\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.8173\ENGIDX.DAT
    + 2001-06-05 07:13:24 18,844 ----a-r C:\WINNT\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.8173\JFONT.DAT
    + 2001-06-05 07:13:26 65,536 ----a-r C:\WINNT\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.8173\LOOKUP.DAT
    + 2005-05-03 23:06:28 465,640 ----a-r C:\WINNT\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.8173\MSDMENG.DLL
    + 2005-05-03 23:06:32 1,411,816 ----a-r C:\WINNT\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.8173\MSDMINE.DLL
    + 2005-05-03 23:06:26 199,408 ----a-r C:\WINNT\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.8173\MSMDUN80.DLL
    + 2001-10-22 23:13:42 53,260 ----a-r C:\WINNT\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.8173\OCRHC.DAT
    + 2001-06-05 07:13:26 40,972 ----a-r C:\WINNT\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.8173\OCRVC.DAT
    + 2007-05-31 13:35:22 6,420,320 ----a-r C:\WINNT\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.8173\POWERPNT.EXE
    - 2006-05-16 10:27:42 593,920 ----a-r C:\WINNT\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\accicons.exe
    + 2008-09-02 21:27:38 593,920 ----a-r C:\WINNT\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\accicons.exe
    - 2006-05-16 10:27:42 12,288 -c--a-r C:\WINNT\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\cagicon.exe
    + 2008-09-02 21:27:38 12,288 ----a-r C:\WINNT\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\cagicon.exe
    - 2006-05-16 10:27:42 86,016 -c--a-r C:\WINNT\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\inficon.exe
    + 2008-09-02 21:27:38 86,016 ----a-r C:\WINNT\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\inficon.exe
    - 2006-05-16 10:27:42 135,168 ----a-r C:\WINNT\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\misc.exe
    + 2008-09-02 21:27:38 135,168 ----a-r C:\WINNT\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\misc.exe
    - 2006-05-16 10:27:42 11,264 -c--a-r C:\WINNT\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\mspicons.exe
    + 2008-09-02 21:27:38 11,264 ----a-r C:\WINNT\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\mspicons.exe
    - 2006-05-16 10:27:42 27,136 -c--a-r C:\WINNT\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\oisicon.exe
    + 2008-09-02 21:27:38 27,136 ----a-r C:\WINNT\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\oisicon.exe
    - 2006-05-16 10:27:42 4,096 -c--a-r C:\WINNT\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\opwicon.exe
    + 2008-09-02 21:27:38 4,096 ----a-r C:\WINNT\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\opwicon.exe
    - 2006-05-16 10:27:42 794,624 -c--a-r C:\WINNT\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\outicon.exe
    + 2008-09-02 21:27:39 794,624 ----a-r C:\WINNT\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\outicon.exe
    - 2006-05-16 10:27:42 249,856 ----a-r C:\WINNT\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\pptico.exe
    + 2008-09-02 21:27:38 249,856 ----a-r C:\WINNT\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\pptico.exe
    - 2006-05-16 10:27:42 61,440 -c--a-r C:\WINNT\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\pubs.exe
    + 2008-09-02 21:27:38 61,440 ----a-r C:\WINNT\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\pubs.exe
    - 2006-05-16 10:27:42 23,040 -c--a-r C:\WINNT\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\unbndico.exe
    + 2008-09-02 21:27:39 23,040 ----a-r C:\WINNT\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\unbndico.exe
    - 2006-05-16 10:27:42 286,720 ----a-r C:\WINNT\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\wordicon.exe
    + 2008-09-02 21:27:38 286,720 ----a-r C:\WINNT\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\wordicon.exe
    - 2006-05-16 10:27:42 409,600 ----a-r C:\WINNT\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\xlicons.exe
    + 2008-09-02 21:27:38 409,600 ----a-r C:\WINNT\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\xlicons.exe
    + 2008-08-01 20:07:14 32,768 ----a-r C:\WINNT\Installer\{C04E32E0-0416-434D-AFB9-6969D703A9EF}\icon.exe
    - 2004-07-15 00:49:16 258,048 -c--a-w C:\WINNT\Microsoft.NET\Framework\v1.1.4322\aspnet_isapi.dll
    + 2007-04-13 21:30:52 258,048 ----a-w C:\WINNT\Microsoft.NET\Framework\v1.1.4322\aspnet_isapi.dll
    - 2004-07-15 00:49:22 32,768 -c--a-w C:\WINNT\Microsoft.NET\Framework\v1.1.4322\aspnet_wp.exe
    + 2007-04-13 21:30:52 32,768 ----a-w C:\WINNT\Microsoft.NET\Framework\v1.1.4322\aspnet_wp.exe
    - 2004-07-14 23:32:22 81,920 -c--a-w C:\WINNT\Microsoft.NET\Framework\v1.1.4322\CORPerfMonExt.dll
    + 2007-04-13 20:57:52 81,920 ----a-w C:\WINNT\Microsoft.NET\Framework\v1.1.4322\CORPerfMonExt.dll
    - 2003-02-20 18:09:14 86,016 -c--a-w C:\WINNT\Microsoft.NET\Framework\v1.1.4322\mscorie.dll
    + 2007-04-13 20:57:58 86,016 ----a-w C:\WINNT\Microsoft.NET\Framework\v1.1.4322\mscorie.dll
    - 2004-07-14 23:25:06 315,392 -c--a-w C:\WINNT\Microsoft.NET\Framework\v1.1.4322\mscorjit.dll
    + 2007-04-13 20:56:30 315,392 ----a-w C:\WINNT\Microsoft.NET\Framework\v1.1.4322\mscorjit.dll
    - 2004-07-14 23:33:04 102,400 -c--a-w C:\WINNT\Microsoft.NET\Framework\v1.1.4322\mscorld.dll
    + 2007-04-13 20:58:00 102,400 ----a-w C:\WINNT\Microsoft.NET\Framework\v1.1.4322\mscorld.dll
    - 2004-07-15 13:29:02 2,138,112 -c--a-w C:\WINNT\Microsoft.NET\Framework\v1.1.4322\mscorlib.dll
    + 2007-04-13 20:50:46 2,142,208 ----a-w C:\WINNT\Microsoft.NET\Framework\v1.1.4322\mscorlib.dll
    - 2003-02-20 18:09:18 77,824 -c--a-w C:\WINNT\Microsoft.NET\Framework\v1.1.4322\mscorsn.dll
    + 2007-04-13 20:58:02 77,824 ----a-w C:\WINNT\Microsoft.NET\Framework\v1.1.4322\mscorsn.dll
    - 2004-07-14 23:26:52 2,510,848 -c--a-w C:\WINNT\Microsoft.NET\Framework\v1.1.4322\mscorsvr.dll
    + 2007-04-13 20:57:00 2,523,136 ----a-w C:\WINNT\Microsoft.NET\Framework\v1.1.4322\mscorsvr.dll
    - 2004-07-14 23:28:34 2,502,656 -c--a-w C:\WINNT\Microsoft.NET\Framework\v1.1.4322\mscorwks.dll
    + 2007-04-13 20:57:28 2,514,944 ----a-w C:\WINNT\Microsoft.NET\Framework\v1.1.4322\mscorwks.dll
    - 2004-08-10 15:20:00 106,496 -c--a-w C:\WINNT\Microsoft.NET\Framework\v1.1.4322\netfxupdate.exe
    + 2007-01-15 16:11:26 73,728 ----a-w C:\WINNT\Microsoft.NET\Framework\v1.1.4322\netfxupdate.exe
    + 2004-07-15 00:49:16 258,048 -c--a-w C:\WINNT\Microsoft.NET\Framework\v1.1.4322\SHADOW2912\_aspnet_isapi.dll
    + 2004-07-14 23:32:22 81,920 -c--a-w C:\WINNT\Microsoft.NET\Framework\v1.1.4322\SHADOW2912\_CORPerfMonExt.dll
    + 2004-07-14 23:24:30 282,624 -c--a-w C:\WINNT\Microsoft.NET\Framework\v1.1.4322\SHADOW2912\_fusion.dll
    + 2004-07-14 23:25:06 315,392 -c--a-w C:\WINNT\Microsoft.NET\Framework\v1.1.4322\SHADOW2912\_mscorjit.dll
    + 2004-07-15 13:29:02 2,138,112 -c--a-w C:\WINNT\Microsoft.NET\Framework\v1.1.4322\SHADOW2912\_mscorlib.dll
    + 2003-02-20 18:09:18 77,824 -c--a-w C:\WINNT\Microsoft.NET\Framework\v1.1.4322\SHADOW2912\_mscorsn.dll
    + 2004-07-14 23:26:52 2,510,848 -c--a-w C:\WINNT\Microsoft.NET\Framework\v1.1.4322\SHADOW2912\_mscorsvr.dll
    + 2004-07-14 23:28:34 2,502,656 -c--a-w C:\WINNT\Microsoft.NET\Framework\v1.1.4322\SHADOW2912\_mscorwks.dll
    + 2003-02-21 03:42:22 348,160 -c--a-w C:\WINNT\Microsoft.NET\Framework\v1.1.4322\SHADOW2912\_msvcr71.dll
    + 2004-07-14 23:34:50 94,208 -c--a-w C:\WINNT\Microsoft.NET\Framework\v1.1.4322\SHADOW2912\_PerfCounter.dll
    - 2004-07-15 13:31:16 1,224,704 -c--a-w C:\WINNT\Microsoft.NET\Framework\v1.1.4322\System.dll
    + 2007-04-13 21:35:38 1,232,896 ----a-w C:\WINNT\Microsoft.NET\Framework\v1.1.4322\System.dll
    - 2004-10-08 05:20:12 1,257,472 -c--a-w C:\WINNT\Microsoft.NET\Framework\v1.1.4322\System.Web.dll
    + 2007-04-13 21:35:46 1,265,664 ----a-w C:\WINNT\Microsoft.NET\Framework\v1.1.4322\System.Web.dll
    + 2007-07-30 19:19:20 92,504 ------w C:\WINNT\SoftwareDistribution\WebSetup\cdm.dll
    + 2007-07-30 19:19:36 549,720 ------w C:\WINNT\SoftwareDistribution\WebSetup\wuapi.dll
    + 2007-07-30 19:19:16 53,080 ------w C:\WINNT\SoftwareDistribution\WebSetup\wuauclt.exe
    + 2007-07-30 19:19:42 1,712,984 ------w C:\WINNT\SoftwareDistribution\WebSetup\wuaueng.dll
    + 2007-07-30 19:19:32 325,976 ------w C:\WINNT\SoftwareDistribution\WebSetup\wucltui.dll
    + 2007-07-30 19:18:40 33,624 ------w C:\WINNT\SoftwareDistribution\WebSetup\wups.dll
    + 2007-07-30 19:19:12 43,352 ------w C:\WINNT\SoftwareDistribution\WebSetup\wups2.dll
    - 2004-08-04 08:00:00 100,352 -c--a-w C:\WINNT\system32\6to4svc.dll
    + 2006-08-16 11:58:05 100,352 ----a-w C:\WINNT\system32\6to4svc.dll
    - 2006-03-04 03:58:42 1,022,976 ----a-w C:\WINNT\system32\browseui.dll
    + 2008-06-23 16:11:40 1,024,000 ----a-w C:\WINNT\system32\browseui.dll
    - 2006-03-04 03:58:42 151,040 ----a-w C:\WINNT\system32\cdfview.dll
    + 2008-06-23 16:11:40 151,040 ----a-w C:\WINNT\system32\cdfview.dll
    - 2004-08-04 08:00:00 66,560 ----a-w C:\WINNT\system32\cdm.dll
    + 2007-07-30 19:19:20 92,504 ----a-w C:\WINNT\system32\cdm.dll
    - 2006-03-04 03:58:44 1,054,208 -c--a-w C:\WINNT\system32\danim.dll
    + 2008-06-23 16:11:42 1,054,208 ----a-w C:\WINNT\system32\danim.dll
    - 2004-08-04 08:00:00 100,352 -c--a-w C:\WINNT\system32\dllcache\6to4svc.dll
    + 2006-08-16 11:58:05 100,352 -c--a-w C:\WINNT\system32\dllcache\6to4svc.dll
    - 2004-08-04 08:00:00 138,496 -c--a-w C:\WINNT\system32\dllcache\afd.sys
    + 2008-06-20 10:44:38 138,368 -c--a-w C:\WINNT\system32\dllcache\afd.sys
    - 2006-03-04 03:58:42 1,022,976 -c--a-w C:\WINNT\system32\dllcache\browseui.dll
    + 2008-06-23 16:11:40 1,024,000 -c--a-w C:\WINNT\system32\dllcache\browseui.dll
    - 2004-08-03 23:10:38 274,304 -c--a-w C:\WINNT\system32\dllcache\bthport.sys
    + 2008-06-13 13:10:50 272,128 -c--a-w C:\WINNT\system32\dllcache\bthport.sys
    - 2006-03-04 03:58:42 151,040 -c--a-w C:\WINNT\system32\dllcache\cdfview.dll
    + 2008-06-23 16:11:40 151,040 -c--a-w C:\WINNT\system32\dllcache\cdfview.dll
    - 2004-08-04 08:00:00 66,560 -c--a-w C:\WINNT\system32\dllcache\cdm.dll
    + 2007-07-30 19:19:20 92,504 -c--a-w C:\WINNT\system32\dllcache\cdm.dll
    - 2006-03-04 03:58:44 1,054,208 -c--a-w C:\WINNT\system32\dllcache\danim.dll
    + 2008-06-23 16:11:42 1,054,208 -c--a-w C:\WINNT\system32\dllcache\danim.dll
    - 2004-08-04 08:00:00 561,179 -c--a-w C:\WINNT\system32\dllcache\dao360.dll
    + 2008-03-25 04:50:25 554,008 -c--a-w C:\WINNT\system32\dllcache\dao360.dll
    - 2004-08-04 08:00:00 148,480 -c--a-w C:\WINNT\system32\dllcache\dnsapi.dll
    + 2008-06-20 17:41:10 148,992 -c--a-w C:\WINNT\system32\dllcache\dnsapi.dll
    - 2004-08-04 08:00:00 357,888 -c--a-w C:\WINNT\system32\dllcache\dxtmsft.dll
    + 2008-06-23 16:11:43 357,888 -c--a-w C:\WINNT\system32\dllcache\dxtmsft.dll
    - 2006-03-04 03:58:44 205,312 -c--a-w C:\WINNT\system32\dllcache\dxtrans.dll
    + 2008-06-23 16:11:43 205,312 -c--a-w C:\WINNT\system32\dllcache\dxtrans.dll
    - 2005-07-26 04:39:45 243,200 -c--a-w C:\WINNT\system32\dllcache\es.dll
    + 2008-07-07 20:32:22 253,952 -c--a-w C:\WINNT\system32\dllcache\es.dll
    - 2006-03-04 03:58:44 55,808 -c--a-w C:\WINNT\system32\dllcache\extmgr.dll
    + 2008-06-23 16:11:43 55,808 -c--a-w C:\WINNT\system32\dllcache\extmgr.dll
    - 2004-08-04 08:00:00 18,432 -c--a-w C:\WINNT\system32\dllcache\iedw.exe
    + 2008-06-23 09:53:58 18,432 -c--a-w C:\WINNT\system32\dllcache\iedw.exe
    - 2006-03-04 03:58:44 251,904 -c--a-w C:\WINNT\system32\dllcache\iepeers.dll
    + 2008-06-23 16:11:52 251,904 -c--a-w C:\WINNT\system32\dllcache\iepeers.dll
    - 2006-03-17 09:07:17 679,424 -c--a-w C:\WINNT\system32\dllcache\inetcomm.dll
    + 2008-04-11 18:50:43 683,520 -c--a-w C:\WINNT\system32\dllcache\inetcomm.dll
    - 2006-03-04 03:58:44 96,256 -c--a-w C:\WINNT\system32\dllcache\inseng.dll
    + 2008-06-23 16:11:52 96,256 -c--a-w C:\WINNT\system32\dllcache\inseng.dll
    - 2004-08-04 08:00:00 450,560 -c--a-w C:\WINNT\system32\dllcache\jscript.dll
    + 2007-12-18 14:40:58 450,560 -c--a-w C:\WINNT\system32\dllcache\jscript.dll
    - 2004-08-04 08:00:00 15,872 -c--a-w C:\WINNT\system32\dllcache\jsproxy.dll
    + 2008-06-23 16:11:52 16,384 -c--a-w C:\WINNT\system32\dllcache\jsproxy.dll
    - 2004-08-04 08:00:00 331,776 -c--a-w C:\WINNT\system32\dllcache\msadce.dll
    + 2008-05-01 14:30:33 331,776 -c--a-w C:\WINNT\system32\dllcache\msadce.dll
    - 2005-06-29 01:46:00 74,240 -c--a-w C:\WINNT\system32\dllcache\mscms.dll
    + 2008-06-24 16:23:05 74,240 -c--a-w C:\WINNT\system32\dllcache\mscms.dll
    - 2004-08-04 08:00:00 512,029 -c--a-w C:\WINNT\system32\dllcache\msexch40.dll
    + 2008-03-25 04:50:28 518,944 -c--a-w C:\WINNT\system32\dllcache\msexch40.dll
    - 2004-08-04 08:00:00 319,517 -c--a-w C:\WINNT\system32\dllcache\msexcl40.dll
    + 2008-03-25 04:50:30 326,432 -c--a-w C:\WINNT\system32\dllcache\msexcl40.dll
    - 2006-03-23 20:31:39 3,055,616 -c--a-w C:\WINNT\system32\dllcache\mshtml.dll
    + 2008-06-23 16:11:58 3,067,392 -c--a-w C:\WINNT\system32\dllcache\mshtml.dll
    - 2006-03-04 03:58:48 448,512 -c--a-w C:\WINNT\system32\dllcache\mshtmled.dll
    + 2008-06-23 16:12:00 449,024 -c--a-w C:\WINNT\system32\dllcache\mshtmled.dll
    - 2004-08-04 08:00:00 1,507,356 -c--a-w C:\WINNT\system32\dllcache\msjet40.dll
    + 2008-03-25 04:50:34 1,516,568 -c--a-w C:\WINNT\system32\dllcache\msjet40.dll
    - 2004-08-04 08:00:00 358,976 -c--a-w C:\WINNT\system32\dllcache\msjetol1.dll
    + 2008-03-25 04:50:40 355,112 -c--a-w C:\WINNT\system32\dllcache\msjetol1.dll
    - 2004-08-04 08:00:00 151,583 -c--a-w C:\WINNT\system32\dllcache\msjint40.dll
    + 2008-03-27 08:12:54 151,583 -c--a-w C:\WINNT\system32\dllcache\msjint40.dll
    - 2004-08-04 08:00:00 53,279 -c--a-w C:\WINNT\system32\dllcache\msjter40.dll
    + 2008-03-25 04:50:42 60,192 -c--a-w C:\WINNT\system32\dllcache\msjter40.dll
    - 2004-08-04 08:00:00 241,693 -c--a-w C:\WINNT\system32\dllcache\msjtes40.dll
    + 2008-03-25 04:50:42 248,608 -c--a-w C:\WINNT\system32\dllcache\msjtes40.dll
    - 2004-08-04 08:00:00 213,023 -c--a-w C:\WINNT\system32\dllcache\msltus40.dll
    + 2008-03-25 04:50:44 219,936 -c--a-w C:\WINNT\system32\dllcache\msltus40.dll
    - 2004-08-04 08:00:00 348,189 -c--a-w C:\WINNT\system32\dllcache\mspbde40.dll
    + 2008-03-25 04:50:45 355,104 -c--a-w C:\WINNT\system32\dllcache\mspbde40.dll
    - 2006-03-04 03:58:48 146,432 -c--a-w C:\WINNT\system32\dllcache\msrating.dll
    + 2008-06-23 16:12:02 146,432 -c--a-w C:\WINNT\system32\dllcache\msrating.dll
    - 2004-08-04 08:00:00 421,919 -c--a-w C:\WINNT\system32\dllcache\msrd2x40.dll
    + 2008-03-25 04:50:47 432,928 -c--a-w C:\WINNT\system32\dllcache\msrd2x40.dll
    - 2004-08-04 08:00:00 315,423 -c--a-w C:\WINNT\system32\dllcache\msrd3x40.dll
    + 2008-03-25 04:50:49 322,336 -c--a-w C:\WINNT\system32\dllcache\msrd3x40.dll
    - 2004-08-04 08:00:00 552,989 -c--a-w C:\WINNT\system32\dllcache\msrepl40.dll
    + 2008-03-25 04:50:52 559,904 -c--a-w C:\WINNT\system32\dllcache\msrepl40.dll
    - 2004-08-04 08:00:00 258,077 -c--a-w C:\WINNT\system32\dllcache\mstext40.dll
    + 2008-03-25 04:50:55 264,992 -c--a-w C:\WINNT\system32\dllcache\mstext40.dll
    - 2006-03-04 03:58:48 532,480 -c--a-w C:\WINNT\system32\dllcache\mstime.dll
    + 2008-06-23 16:12:02 532,480 -c--a-w C:\WINNT\system32\dllcache\mstime.dll
    - 2004-08-04 08:00:00 831,519 -c--a-w C:\WINNT\system32\dllcache\mswdat10.dll
    + 2008-03-25 04:50:57 838,432 -c--a-w C:\WINNT\system32\dllcache\mswdat10.dll
    - 2004-08-04 08:00:00 245,248 -c--a-w C:\WINNT\system32\dllcache\mswsock.dll
    + 2008-06-20 17:41:10 245,248 -c--a-w C:\WINNT\system32\dllcache\mswsock.dll
    - 2004-08-04 08:00:00 614,429 -c--a-w C:\WINNT\system32\dllcache\mswstr10.dll
    + 2008-03-25 04:50:58 621,344 -c--a-w C:\WINNT\system32\dllcache\mswstr10.dll
    - 2004-08-04 08:00:00 348,189 -c--a-w C:\WINNT\system32\dllcache\msxbde40.dll
    + 2008-03-25 04:50:58 355,104 -c--a-w C:\WINNT\system32\dllcache\msxbde40.dll
    - 2006-03-04 03:58:48 39,424 -c--a-w C:\WINNT\system32\dllcache\pngfilt.dll
    + 2008-06-23 16:12:02 39,424 -c--a-w C:\WINNT\system32\dllcache\pngfilt.dll
    - 2005-08-30 03:54:26 1,287,168 -c--a-w C:\WINNT\system32\dllcache\quartz.dll
    + 2008-05-07 05:18:48 1,287,680 -c--a-w C:\WINNT\system32\dllcache\quartz.dll
    - 2004-08-04 08:00:00 200,064 -c--a-w C:\WINNT\system32\dllcache\rmcast.sys
    + 2008-05-08 12:28:49 202,752 -c--a-w C:\WINNT\system32\dllcache\rmcast.sys
    - 2006-03-30 09:27:01 1,495,040 -c--a-w C:\WINNT\system32\dllcache\shdocvw.dll
    + 2008-06-23 16:12:05 1,499,136 -c--a-w C:\WINNT\system32\dllcache\shdocvw.dll
    - 2006-03-04 03:58:50 474,112 -c--a-w C:\WINNT\system32\dllcache\shlwapi.dll
    + 2008-06-23 16:12:05 474,112 -c--a-w C:\WINNT\system32\dllcache\shlwapi.dll
    - 2006-01-13 02:28:14 359,808 -c--a-w C:\WINNT\system32\dllcache\tcpip.sys
    + 2008-06-20 10:45:13 360,320 -c--a-w C:\WINNT\system32\dllcache\tcpip.sys
    - 2004-08-04 08:00:00 223,616 -c--a-w C:\WINNT\system32\dllcache\tcpip6.sys
    + 2008-06-20 09:52:06 225,920 -c--a-w C:\WINNT\system32\dllcache\tcpip6.sys
    - 2006-03-18 11:04:10 614,400 -c--a-w C:\WINNT\system32\dllcache\urlmon.dll
    + 2008-06-23 16:12:06 618,496 -c--a-w C:\WINNT\system32\dllcache\urlmon.dll
    - 2004-08-04 08:00:00 417,792 -c--a-w C:\WINNT\system32\dllcache\vbscript.dll
    + 2007-12-18 14:40:58 417,792 -c--a-w C:\WINNT\system32\dllcache\vbscript.dll
    - 2006-03-04 03:58:52 663,552 -c--a-w C:\WINNT\system32\dllcache\wininet.dll
    + 2008-06-23 16:12:08 667,136 -c--a-w C:\WINNT\system32\dllcache\wininet.dll
    - 2005-01-28 12:44:28 224,768 -c--a-w C:\WINNT\system32\dllcache\wmasf.dll
    + 2007-10-27 17:40:06 227,328 -c--a-w C:\WINNT\system32\dllcache\wmasf.dll
    - 2006-03-10 05:09:14 5,533,696 -c--a-w C:\WINNT\system32\dllcache\wmp.dll
    + 2007-04-30 08:20:24 5,537,792 -c--a-w C:\WINNT\system32\dllcache\wmp.dll
    - 2005-01-28 12:44:28 2,370,296 -c--a-w C:\WINNT\system32\dllcache\wmvcore.dll
    + 2006-12-07 05:29:34 2,374,472 -c--a-w C:\WINNT\system32\dllcache\wmvcore.dll
    - 2004-08-04 08:00:00 430,592 -c--a-w C:\WINNT\system32\dllcache\wuapi.dll
    + 2007-07-30 19:19:36 549,720 -c--a-w C:\WINNT\system32\dllcache\wuapi.dll
    - 2004-08-04 08:00:00 111,104 -c--a-w C:\WINNT\system32\dllcache\wuauclt.exe
    + 2007-07-30 19:19:16 53,080 -c--a-w C:\WINNT\system32\dllcache\wuauclt.exe
    - 2004-08-04 08:00:00 1,134,592 -c--a-w C:\WINNT\system32\dllcache\wuaueng.dll
    + 2007-07-30 19:19:42 1,712,984 -c--a-w C:\WINNT\system32\dllcache\wuaueng.dll
    - 2004-08-04 08:00:00 112,640 -c--a-w C:\WINNT\system32\dllcache\wucltui.dll
    + 2007-07-30 19:19:32 325,976 -c--a-w C:\WINNT\system32\dllcache\wucltui.dll
    - 2004-08-04 08:00:00 36,864 -c--a-w C:\WINNT\system32\dllcache\wups.dll
    + 2007-07-30 19:18:40 33,624 -c--a-w C:\WINNT\system32\dllcache\wups.dll
    - 2004-08-04 08:00:00 148,480 ----a-w C:\WINNT\system32\dnsapi.dll
    + 2008-06-20 17:41:10 148,992 ----a-w C:\WINNT\system32\dnsapi.dll
    - 2004-08-04 08:00:00 138,496 ----a-w C:\WINNT\system32\drivers\afd.sys
    + 2008-06-20 10:44:38 138,368 ----a-w C:\WINNT\system32\drivers\afd.sys
    + 2008-06-13 13:10:50 272,128 ------w C:\WINNT\system32\drivers\bthport.sys
    - 2004-08-04 08:00:00 200,064 -c--a-w C:\WINNT\system32\drivers\RMCast.sys
    + 2008-05-08 12:28:49 202,752 ----a-w C:\WINNT\system32\drivers\rmcast.sys
    - 2006-01-13 02:28:14 359,808 ----a-w C:\WINNT\system32\drivers\tcpip.sys
    + 2008-06-20 10:45:13 360,320 ----a-w C:\WINNT\system32\drivers\tcpip.sys
    - 2004-08-04 08:00:00 223,616 -c--a-w C:\WINNT\system32\drivers\tcpip6.sys
    + 2008-06-20 09:52:06 225,920 ----a-w C:\WINNT\system32\drivers\tcpip6.sys
    - 2004-08-04 08:00:00 357,888 ----a-w C:\WINNT\system32\dxtmsft.dll
    + 2008-06-23 16:11:43 357,888 ----a-w C:\WINNT\system32\dxtmsft.dll
    - 2006-03-04 03:58:44 205,312 ----a-w C:\WINNT\system32\dxtrans.dll
    + 2008-06-23 16:11:43 205,312 ----a-w C:\WINNT\system32\dxtrans.dll
    - 2006-03-04 03:58:44 55,808 -c--a-w C:\WINNT\system32\extmgr.dll
    + 2008-06-23 16:11:43 55,808 ----a-w C:\WINNT\system32\extmgr.dll
    - 2005-03-17 13:39:58 1,146,320 ----a-w C:\WINNT\system32\FM20.DLL
    + 2007-06-06 10:53:34 1,195,888 ----a-w C:\WINNT\system32\FM20.DLL
    - 2003-07-14 21:57:04 32,584 ----a-w C:\WINNT\system32\FM20ENU.DLL
    + 2007-03-22 19:17:04 35,440 ----a-w C:\WINNT\system32\FM20ENU.DLL
    - 2008-02-14 14:49:08 313,656 ----a-w C:\WINNT\system32\FNTCACHE.DAT
    + 2008-09-02 21:35:15 313,656 ----a-w C:\WINNT\system32\FNTCACHE.DAT
    - 2006-03-04 03:58:44 251,904 ----a-w C:\WINNT\system32\iepeers.dll
    + 2008-06-23 16:11:52 251,904 ----a-w C:\WINNT\system32\iepeers.dll
    - 2006-03-17 09:07:17 679,424 -c--a-w C:\WINNT\system32\inetcomm.dll
    + 2008-04-11 18:50:43 683,520 ----a-w C:\WINNT\system32\inetcomm.dll
    - 2006-03-04 03:58:44 96,256 -c--a-w C:\WINNT\system32\inseng.dll
    + 2008-06-23 16:11:52 96,256 ----a-w C:\WINNT\system32\inseng.dll
    - 2004-08-04 08:00:00 450,560 ----a-w C:\WINNT\system32\jscript.dll
    + 2007-12-18 14:40:58 450,560 ----a-w C:\WINNT\system32\jscript.dll
    - 2004-08-04 08:00:00 15,872 -c--a-w C:\WINNT\system32\jsproxy.dll
    + 2008-06-23 16:11:52 16,384 ----a-w C:\WINNT\system32\jsproxy.dll
    + 2008-03-20 18:06:36 1,480,232 ------w C:\WINNT\system32\LegitCheckControl.dll
    - 2004-03-22 14:17:06 24,816 ----a-w C:\WINNT\system32\mdimon.dll
    + 2007-04-09 13:23:54 28,040 ----a-w C:\WINNT\system32\mdimon.dll
    - 2008-06-25 09:15:48 17,972,344 ----a-w C:\WINNT\system32\MRT.exe
    + 2008-08-05 18:11:01 15,888,504 ----a-w C:\WINNT\system32\MRT.exe
    - 2005-09-23 06:28:52 270,848 ----a-w C:\WINNT\system32\mscoree.dll
    + 2006-12-22 12:28:14 271,360 ----a-w C:\WINNT\system32\mscoree.dll
    - 2004-08-04 08:00:00 512,029 -c--a-w C:\WINNT\system32\msexch40.dll
    + 2008-03-25 04:50:28 518,944 ----a-w C:\WINNT\system32\msexch40.dll
    - 2004-08-04 08:00:00 319,517 -c--a-w C:\WINNT\system32\msexcl40.dll
    + 2008-03-25 04:50:30 326,432 ----a-w C:\WINNT\system32\msexcl40.dll
    - 2006-03-23 20:31:39 3,055,616 ----a-w C:\WINNT\system32\mshtml.dll
    + 2008-06-23 16:11:58 3,067,392 ----a-w C:\WINNT\system32\mshtml.dll
    - 2006-03-04 03:58:48 448,512 ----a-w C:\WINNT\system32\mshtmled.dll
    + 2008-06-23 16:12:00 449,024 ----a-w C:\WINNT\system32\mshtmled.dll
    - 2004-08-04 08:00:00 1,507,356 ----a-w C:\WINNT\system32\msjet40.dll
    + 2008-03-25 04:50:34 1,516,568 ----a-w C:\WINNT\system32\msjet40.dll
    - 2004-08-04 08:00:00 358,976 ----a-w C:\WINNT\system32\msjetoledb40.dll
    + 2008-03-25 04:50:40 355,112 ----a-w C:\WINNT\system32\msjetoledb40.dll
    - 2004-08-04 08:00:00 151,583 ----a-w C:\WINNT\system32\msjint40.dll
    + 2008-03-27 08:12:54 151,583 ----a-w C:\WINNT\system32\msjint40.dll
    - 2004-08-04 08:00:00 53,279 ----a-w C:\WINNT\system32\msjter40.dll
    + 2008-03-25 04:50:42 60,192 ----a-w C:\WINNT\system32\msjter40.dll
    - 2004-08-04 08:00:00 241,693 ----a-w C:\WINNT\system32\msjtes40.dll
    + 2008-03-25 04:50:42 248,608 ----a-w C:\WINNT\system32\msjtes40.dll
    - 2004-08-04 08:00:00 213,023 -c--a-w C:\WINNT\system32\msltus40.dll
    + 2008-03-25 04:50:44 219,936 ----a-w C:\WINNT\system32\msltus40.dll
    - 2004-08-04 08:00:00 348,189 -c--a-w C:\WINNT\system32\mspbde40.dll
    + 2008-03-25 04:50:45 355,104 ----a-w C:\WINNT\system32\mspbde40.dll
    - 2006-03-04 03:58:48 146,432 ----a-w C:\WINNT\system32\msrating.dll
    + 2008-06-23 16:12:02 146,432 ----a-w C:\WINNT\system32\msrating.dll
    - 2004-08-04 08:00:00 421,919 -c--a-w C:\WINNT\system32\msrd2x40.dll
    + 2008-03-25 04:50:47 432,928 ----a-w C:\WINNT\system32\msrd2x40.dll
    - 2004-08-04 08:00:00 315,423 -c--a-w C:\WINNT\system32\msrd3x40.dll
    + 2008-03-25 04:50:49 322,336 ----a-w C:\WINNT\system32\msrd3x40.dll
    - 2004-08-04 08:00:00 552,989 -c--a-w C:\WINNT\system32\msrepl40.dll
    + 2008-03-25 04:50:52 559,904 ----a-w C:\WINNT\system32\msrepl40.dll
    - 2004-08-04 08:00:00 258,077 -c--a-w C:\WINNT\system32\mstext40.dll
    + 2008-03-25 04:50:55 264,992 ----a-w C:\WINNT\system32\mstext40.dll
    - 2006-03-04 03:58:48 532,480 ----a-w C:\WINNT\system32\mstime.dll
    + 2008-06-23 16:12:02 532,480 ----a-w C:\WINNT\system32\mstime.dll
    - 2004-08-04 08:00:00 831,519 ----a-w C:\WINNT\system32\mswdat10.dll
    + 2008-03-25 04:50:57 838,432 ----a-w C:\WINNT\system32\mswdat10.dll
    - 2004-08-04 08:00:00 614,429 ----a-w C:\WINNT\system32\mswstr10.dll
    + 2008-03-25 04:50:58 621,344 ----a-w C:\WINNT\system32\mswstr10.dll
    - 2004-08-04 08:00:00 348,189 -c--a-w C:\WINNT\system32\msxbde40.dll
    + 2008-03-25 04:50:58 355,104 ----a-w C:\WINNT\system32\msxbde40.dll
    - 2003-04-18 16:46:22 1,233,920 ----a-w C:\WINNT\system32\msxml4.dll
    + 2007-05-08 15:03:04 1,275,392 ----a-w C:\WINNT\system32\msxml4.dll
    - 2006-12-04 14:37:58 1,317,648 ----a-w C:\WINNT\system32\msxml6.dll
    + 2007-05-15 15:43:10 1,320,800 ----a-w C:\WINNT\system32\msxml6.dll
    + 2007-07-30 19:19:10 271,224 ----a-w C:\WINNT\system32\mucltui.dll
    - 2005-09-23 06:29:00 6,144 -c--a-w C:\WINNT\system32\mui\0409\mscorees.dll
    + 2006-12-22 13:02:36 6,144 ----a-w C:\WINNT\system32\mui\0409\mscorees.dll
    - 2006-03-04 03:58:48 39,424 ----a-w C:\WINNT\system32\pngfilt.dll
    + 2008-06-23 16:12:02 39,424 ----a-w C:\WINNT\system32\pngfilt.dll
    - 2005-08-30 03:54:26 1,287,168 ----a-w C:\WINNT\system32\quartz.dll
    + 2008-05-07 05:18:48 1,287,680 ----a-w C:\WINNT\system32\quartz.dll
    - 2006-03-30 09:27:01 1,495,040 ----a-w C:\WINNT\system32\shdocvw.dll
    + 2008-06-23 16:12:05 1,499,136 ----a-w C:\WINNT\system32\shdocvw.dll
    - 2006-03-04 03:58:50 474,112 ----a-w C:\WINNT\system32\shlwapi.dll
    + 2008-06-23 16:12:05 474,112 ----a-w C:\WINNT\system32\shlwapi.dll
    + 2007-07-30 19:19:36 549,720 ----a-w C:\WINNT\system32\SoftwareDistribution\Setup\ServiceStartup\wuapi.dll\7.0.6000.381\wuapi.dll
    + 2007-07-30 19:18:40 33,624 ----a-w C:\WINNT\system32\SoftwareDistribution\Setup\ServiceStartup\wups.dll\7.0.6000.381\wups.dll
    - 2006-10-08 21:51:14 14,640 ----a-w C:\WINNT\system32\spmsg.dll
    + 2007-11-30 12:39:22 17,272 ------w C:\WINNT\system32\spmsg.dll
    - 2004-03-22 14:17:04 765,680 ----a-w C:\WINNT\system32\spool\drivers\w32x86\3\mdigraph.dll
    + 2007-04-09 13:24:04 758,664 ----a-w C:\WINNT\system32\spool\drivers\w32x86\3\mdigraph.dll
    - 2004-03-22 14:17:10 42,224 ----a-w C:\WINNT\system32\spool\drivers\w32x86\3\mdiui.dll
    + 2007-04-09 13:23:58 46,472 ----a-w C:\WINNT\system32\spool\drivers\w32x86\3\mdiui.dll
    - 2004-03-22 14:17:04 765,680 -c--a-w C:\WINNT\system32\spool\drivers\w32x86\mdigraph.dll
    + 2007-04-09 13:24:04 758,664 ----a-w C:\WINNT\system32\spool\drivers\w32x86\mdigraph.dll
    - 2004-03-22 14:17:10 42,224 -c--a-w C:\WINNT\system32\spool\drivers\w32x86\mdiui.dll
    + 2007-04-09 13:23:58 46,472 ----a-w C:\WINNT\system32\spool\drivers\w32x86\mdiui.dll
    - 2004-03-22 14:17:08 25,840 ----a-w C:\WINNT\system32\spool\prtprocs\w32x86\mdippr.dll
    + 2007-04-09 13:23:54 28,552 ----a-w C:\WINNT\system32\spool\prtprocs\w32x86\mdippr.dll
    + 2008-07-14 11:09:18 62,976 ------w C:\WINNT\system32\tzchange.exe
    - 2006-03-18 11:04:10 614,400 ----a-w C:\WINNT\system32\urlmon.dll
    + 2008-06-23 16:12:06 618,496 ----a-w C:\WINNT\system32\urlmon.dll
    - 2004-08-04 08:00:00 417,792 ----a-w C:\WINNT\system32\vbscript.dll
    + 2007-12-18 14:40:58 417,792 ----a-w C:\WINNT\system32\vbscript.dll
    - 2005-01-28 12:44:28 224,768 ----a-w C:\WINNT\system32\wmasf.dll
    + 2007-10-27 17:40:06 227,328 ----a-w C:\WINNT\system32\wma
    3 Septembre 2008 18:30:07

    bonjour
    le rapport est incomplet

    Poste le rapport:C:\Combofix.txt
    clique dessus pour l'ouvrir, puis édition "sélectionner tout", édition "copier"

    viens sur le forum et édition "coller"

    ajoute un nouveau rapport Hijackthis.
    3 Septembre 2008 21:16:24

    re,
    Le rapport complet:
    ComboFix 08-07-29.1 - A ELLOUGANI 2008-09-02 22:56:27.3 - NTFSx86
    Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.481 [GMT 0:00]
    Running from: C:\Documents and Settings\Administrator\Desktop\forum\ComboFix.exe
    .
    - REDUCED FUNCTIONALITY MODE -
    .

    ((((((((((((((((((((((((( Files Created from 2008-08-02 to 2008-09-02 )))))))))))))))))))))))))))))))
    .

    2008-09-02 22:57 . 2008-09-02 22:57 53,248 --a------ C:\Temp\catchme.dll
    2008-09-02 21:37 . 2008-09-02 21:37 <DIR> d-------- C:\Temp\smkits
    2008-09-02 19:30 . 2008-09-02 19:30 <DIR> d-------- C:\Temp\3E0B
    2008-09-02 19:25 . 2008-09-02 19:25 <DIR> d-------- C:\Temp\3A34
    2008-08-31 22:04 . 2008-08-31 22:04 <DIR> d-------- C:\Temp\1811
    2008-08-30 20:06 . 2008-08-30 20:06 <DIR> d-------- C:\Temp\6FBF
    2008-08-13 13:17 . 2008-08-13 13:17 <DIR> d-------- C:\Temp\60A
    2008-08-13 13:12 . 2008-08-13 13:12 <DIR> d-------- C:\Temp\251
    2008-08-07 20:02 . 2008-08-07 20:02 <DIR> d-------- C:\Temp\671A
    2008-08-07 19:55 . 2008-08-07 19:55 <DIR> d-------- C:\Temp\6214
    2008-08-07 12:17 . 2008-08-07 12:17 <DIR> d-------- C:\Temp\32E
    2008-08-07 12:12 . 2008-08-07 12:12 <DIR> d-------- C:\Temp\7F85
    2008-08-04 18:54 . 2008-08-04 18:54 <DIR> d-------- C:\Temp\48ED
    2008-08-04 18:49 . 2008-08-04 18:49 <DIR> d-------- C:\Temp\451A

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-09-02 22:55 --------- d-----w C:\Documents and Settings\Administrator\Application Data\Skype
    2008-09-02 21:36 --------- d-----w C:\Documents and Settings\Administrator\Application Data\skypePM
    2008-08-01 20:10 --------- d-----w C:\Program Files\Microsoft CAPICOM 2.1.0.2
    2008-08-01 20:00 --------- d-----w C:\Documents and Settings\All Users\Application Data\Babylon
    2008-07-31 19:59 --------- d-----w C:\Program Files\Malwarebytes' Anti-Malware
    2008-07-31 19:59 --------- d-----w C:\Documents and Settings\All Users\Application Data\Malwarebytes
    2008-07-31 19:59 --------- d-----w C:\Documents and Settings\Administrator\Application Data\Malwarebytes
    2008-07-30 20:07 38,472 ----a-w C:\WINNT\system32\drivers\mbamswissarmy.sys
    2008-07-30 20:07 17,144 ----a-w C:\WINNT\system32\drivers\mbam.sys
    2008-07-30 18:22 --------- d-----w C:\Program Files\lotus
    2008-07-30 15:57 99,456 ----a-w C:\WINNT\system32\poofmemr.dll
    2008-07-29 19:29 --------- d-----w C:\Program Files\Software by Design
    2008-07-29 14:10 --------- d-----w C:\Program Files\Trend Micro
    2008-07-29 14:05 --------- d-----w C:\Program Files\Panda Security
    2008-07-29 13:21 --------- d-----w C:\Program Files\a-squared Anti-Malware
    2008-07-29 00:50 --------- d-----w C:\Program Files\Java
    2008-07-25 19:44 --------- d--h--w C:\Program Files\InstallShield Installation Information
    2008-07-25 15:02 --------- d-----w C:\Documents and Settings\All Users\Application Data\Lavasoft
    2008-07-25 11:59 0 ---ha-w C:\WINNT\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
    2008-07-25 11:59 0 ---ha-w C:\WINNT\system32\drivers\Msft_Kernel_ccdcmb_01005.Wdf
    2008-07-25 00:08 --------- d-----w C:\Program Files\Nokia
    2008-07-25 00:08 --------- d-----w C:\Documents and Settings\All Users\Application Data\Installations
    2008-07-25 00:07 --------- d-----w C:\Program Files\MSXML 6.0
    2008-07-25 00:06 --------- d-----w C:\Program Files\Common Files\Nokia
    2008-07-24 16:42 --------- d-----w C:\Documents and Settings\Administrator\Application Data\PC Suite
    2008-07-24 16:41 --------- d-----w C:\Documents and Settings\Administrator\Application Data\NSeries
    2008-07-24 16:29 --------- d-----w C:\Documents and Settings\Administrator\Application Data\Nokia
    2008-07-18 22:01 --------- d-----w C:\Program Files\HSDPA USB MODEM
    2008-07-13 11:23 --------- d-----w C:\Program Files\Internet Mobile
    2008-07-10 19:58 --------- d-----w C:\Program Files\Common Files\PC SOFT
    2008-07-07 20:32 253,952 ----a-w C:\WINNT\system32\es.dll
    2008-06-24 16:23 74,240 ----a-w C:\WINNT\system32\mscms.dll
    2008-06-23 16:12 667,136 ----a-w C:\WINNT\system32\wininet.dll
    2008-06-20 17:41 245,248 ----a-w C:\WINNT\system32\mswsock.dll
    2008-03-28 21:52 32 ----a-w C:\Documents and Settings\All Users\Application Data\ezsid.dat
    2008-02-09 22:19 2,293,848 -c--a-w C:\Program Files\FLV PlayerFCSetup.exe
    2008-02-09 22:17 3,955,352 -c--a-w C:\Program Files\FLV PlayerRCATSetup.exe
    2008-02-09 21:34 411,248 -c--a-w C:\Program Files\FLV PlayerRCSetup.exe
    2007-03-09 08:12 27,648 -csha-w C:\WINNT\system32\AVSredirect.dll
    .

    ((((((((((((((((((((((((((((( snapshot@2008-07-30_15.53.53.43 )))))))))))))))))))))))))))))))))))))))))
    .
    + 2005-02-25 03:35:05 14,048 ----a-w C:\WINNT\$hf_mig$\KB898461\spmsg.dll
    + 2005-02-25 03:35:05 209,632 ----a-w C:\WINNT\$hf_mig$\KB898461\spuninst.exe
    + 2005-02-25 03:35:05 22,752 ----a-w C:\WINNT\$hf_mig$\KB898461\spupdsvc.exe
    + 2005-02-25 03:35:05 22,240 ----a-w C:\WINNT\$hf_mig$\KB898461\update\spcustom.dll
    + 2005-02-25 03:35:05 718,048 ----a-w C:\WINNT\$hf_mig$\KB898461\update\update.exe
    + 2005-02-25 03:35:06 371,936 ----a-w C:\WINNT\$hf_mig$\KB898461\update\updspapi.dll
    + 2008-03-27 09:22:32 60,416 ----a-w C:\WINNT\$hf_mig$\KB942763\SP2QFE\tzchange.exe
    + 2008-03-27 10:40:24 60,416 ----a-w C:\WINNT\$hf_mig$\KB942763\SP3GDR\tzchange.exe
    + 2008-03-27 10:46:15 60,416 ----a-w C:\WINNT\$hf_mig$\KB942763\SP3QFE\tzchange.exe
    + 2007-11-30 11:18:51 17,272 ----a-w C:\WINNT\$hf_mig$\KB942763\spmsg.dll
    + 2007-11-30 11:18:51 231,288 ----a-w C:\WINNT\$hf_mig$\KB942763\spuninst.exe
    + 2007-11-30 11:18:51 26,488 ----a-w C:\WINNT\$hf_mig$\KB942763\update\spcustom.dll
    + 2007-11-30 11:18:51 755,576 ----a-w C:\WINNT\$hf_mig$\KB942763\update\update.exe
    + 2007-11-30 11:18:51 382,840 ----a-w C:\WINNT\$hf_mig$\KB942763\update\updspapi.dll
    + 2007-12-18 14:32:13 450,560 ----a-w C:\WINNT\$hf_mig$\KB944338-v2\SP2QFE\jscript.dll
    + 2007-12-18 14:32:13 417,792 ----a-w C:\WINNT\$hf_mig$\KB944338-v2\SP2QFE\vbscript.dll
    + 2007-03-06 01:22:36 14,048 ----a-w C:\WINNT\$hf_mig$\KB944338-v2\spmsg.dll
    + 2007-03-06 01:22:41 213,216 ----a-w C:\WINNT\$hf_mig$\KB944338-v2\spuninst.exe
    + 2007-03-06 01:22:34 22,752 ----a-w C:\WINNT\$hf_mig$\KB944338-v2\update\spcustom.dll
    + 2007-03-06 01:22:59 716,000 ----a-w C:\WINNT\$hf_mig$\KB944338-v2\update\update.exe
    + 2007-03-06 01:23:51 371,424 ----a-w C:\WINNT\$hf_mig$\KB944338-v2\update\updspapi.dll
    + 2008-01-23 04:56:21 554,008 ----a-w C:\WINNT\$hf_mig$\KB950749\SP2QFE\dao360.dll
    + 2007-12-10 12:41:11 518,944 ----a-w C:\WINNT\$hf_mig$\KB950749\SP2QFE\msexch40.dll
    + 2007-12-10 12:41:11 326,432 ----a-w C:\WINNT\$hf_mig$\KB950749\SP2QFE\msexcl40.dll
    + 2007-12-10 12:41:11 1,516,568 ----a-w C:\WINNT\$hf_mig$\KB950749\SP2QFE\msjet40.dll
    + 2007-12-10 12:41:11 355,112 ----a-w C:\WINNT\$hf_mig$\KB950749\SP2QFE\msjetol1.dll
    + 2008-03-27 07:39:13 151,583 ----a-w C:\WINNT\$hf_mig$\KB950749\SP2QFE\msjint40.dll
    + 2007-12-10 12:41:12 60,192 ----a-w C:\WINNT\$hf_mig$\KB950749\SP2QFE\msjter40.dll
    + 2007-12-10 12:41:12 248,608 ----a-w C:\WINNT\$hf_mig$\KB950749\SP2QFE\msjtes40.dll
    + 2007-12-10 12:41:12 219,936 ----a-w C:\WINNT\$hf_mig$\KB950749\SP2QFE\msltus40.dll
    + 2007-12-10 12:41:12 355,104 ----a-w C:\WINNT\$hf_mig$\KB950749\SP2QFE\mspbde40.dll
    + 2007-12-10 12:41:13 432,928 ----a-w C:\WINNT\$hf_mig$\KB950749\SP2QFE\msrd2x40.dll
    + 2007-12-10 12:41:13 322,336 ----a-w C:\WINNT\$hf_mig$\KB950749\SP2QFE\msrd3x40.dll
    + 2007-12-10 12:41:13 559,904 ----a-w C:\WINNT\$hf_mig$\KB950749\SP2QFE\msrepl40.dll
    + 2007-12-10 12:41:13 264,992 ----a-w C:\WINNT\$hf_mig$\KB950749\SP2QFE\mstext40.dll
    + 2007-12-10 12:41:13 838,432 ----a-w C:\WINNT\$hf_mig$\KB950749\SP2QFE\mswdat10.dll
    + 2007-12-10 12:41:14 621,344 ----a-w C:\WINNT\$hf_mig$\KB950749\SP2QFE\mswstr10.dll
    + 2007-12-10 12:41:14 355,104 ----a-w C:\WINNT\$hf_mig$\KB950749\SP2QFE\msxbde40.dll
    + 2007-03-06 01:22:36 14,048 ----a-w C:\WINNT\$hf_mig$\KB950749\spmsg.dll
    + 2007-03-06 01:22:41 213,216 ----a-w C:\WINNT\$hf_mig$\KB950749\spuninst.exe
    + 2007-03-06 01:22:34 22,752 ----a-w C:\WINNT\$hf_mig$\KB950749\update\spcustom.dll
    + 2007-03-06 01:22:59 716,000 ----a-w C:\WINNT\$hf_mig$\KB950749\update\update.exe
    + 2007-03-06 01:23:51 371,424 ----a-w C:\WINNT\$hf_mig$\KB950749\update\updspapi.dll
    + 2008-04-21 06:44:29 3,066,880 ----a-w C:\WINNT\$hf_mig$\KB950759\SP3GDR\mshtml.dll
    + 2008-04-21 06:44:29 666,112 ----a-w C:\WINNT\$hf_mig$\KB950759\SP3GDR\wininet.dll
    + 2008-04-21 06:24:01 3,067,392 ----a-w C:\WINNT\$hf_mig$\KB950759\SP3QFE\mshtml.dll
    + 2008-04-21 06:24:02 666,624 ----a-w C:\WINNT\$hf_mig$\KB950759\SP3QFE\wininet.dll
    + 2007-11-30 12:39:22 17,272 ----a-w C:\WINNT\$hf_mig$\KB950759\spmsg.dll
    + 2007-11-30 12:39:22 231,288 ----a-w C:\WINNT\$hf_mig$\KB950759\spuninst.exe
    + 2007-11-30 12:39:22 26,488 ----a-w C:\WINNT\$hf_mig$\KB950759\update\spcustom.dll
    + 2007-11-30 12:39:22 755,576 ----a-w C:\WINNT\$hf_mig$\KB950759\update\update.exe
    + 2007-11-30 12:39:22 382,840 ----a-w C:\WINNT\$hf_mig$\KB950759\update\updspapi.dll
    + 2007-11-30 12:39:22 17,272 ----a-w C:\WINNT\$hf_mig$\KB950760\spmsg.dll
    + 2007-11-30 12:39:22 231,288 ----a-w C:\WINNT\$hf_mig$\KB950760\spuninst.exe
    + 2007-11-30 12:39:22 26,488 ----a-w C:\WINNT\$hf_mig$\KB950760\update\spcustom.dll
    + 2007-11-30 12:39:22 755,576 ----a-w C:\WINNT\$hf_mig$\KB950760\update\update.exe
    + 2007-11-30 12:39:22 382,840 ----a-w C:\WINNT\$hf_mig$\KB950760\update\updspapi.dll
    + 2008-05-08 12:14:51 203,008 ----a-w C:\WINNT\$hf_mig$\KB950762\SP2QFE\rmcast.sys
    + 2008-05-08 14:02:52 203,136 ----a-w C:\WINNT\$hf_mig$\KB950762\SP3GDR\rmcast.sys
    + 2008-05-08 13:58:17 203,136 ----a-w C:\WINNT\$hf_mig$\KB950762\SP3QFE\rmcast.sys
    + 2007-11-30 12:39:22 17,272 ----a-w C:\WINNT\$hf_mig$\KB950762\spmsg.dll
    + 2007-11-30 12:39:22 231,288 ----a-w C:\WINNT\$hf_mig$\KB950762\spuninst.exe
    + 2007-11-30 12:39:22 26,488 ----a-w C:\WINNT\$hf_mig$\KB950762\update\spcustom.dll
    + 2007-11-30 12:39:22 755,576 ----a-w C:\WINNT\$hf_mig$\KB950762\update\update.exe
    + 2007-11-30 12:39:22 382,840 ----a-w C:\WINNT\$hf_mig$\KB950762\update\updspapi.dll
    + 2008-07-07 20:06:43 253,952 ----a-w C:\WINNT\$hf_mig$\KB950974\SP2QFE\es.dll
    + 2008-07-07 20:26:58 253,952 ----a-w C:\WINNT\$hf_mig$\KB950974\SP3GDR\es.dll
    + 2008-07-07 20:23:18 253,952 ----a-w C:\WINNT\$hf_mig$\KB950974\SP3QFE\es.dll
    + 2007-11-30 12:39:22 17,272 ----a-w C:\WINNT\$hf_mig$\KB950974\spmsg.dll
    + 2007-11-30 12:39:22 231,288 ----a-w C:\WINNT\$hf_mig$\KB950974\spuninst.exe
    + 2007-11-30 12:39:22 26,488 ----a-w C:\WINNT\$hf_mig$\KB950974\update\spcustom.dll
    + 2007-11-30 12:39:18 755,576 ----a-w C:\WINNT\$hf_mig$\KB950974\update\update.exe
    + 2007-11-30 12:39:19 382,840 ----a-w C:\WINNT\$hf_mig$\KB950974\update\updspapi.dll
    + 2008-07-14 11:03:00 62,976 ----a-w C:\WINNT\$hf_mig$\KB951072-v2\SP2QFE\tzchange.exe
    + 2008-07-11 12:42:28 62,976 ----a-w C:\WINNT\$hf_mig$\KB951072-v2\SP3GDR\tzchange.exe
    + 2008-07-11 12:51:51 62,976 ----a-w C:\WINNT\$hf_mig$\KB951072-v2\SP3QFE\tzchange.exe
    + 2007-11-30 11:18:51 17,272 ----a-w C:\WINNT\$hf_mig$\KB951072-v2\spmsg.dll
    + 2007-11-30 11:18:51 231,288 ----a-w C:\WINNT\$hf_mig$\KB951072-v2\spuninst.exe
    + 2007-11-30 11:18:51 26,488 ----a-w C:\WINNT\$hf_mig$\KB951072-v2\update\spcustom.dll
    + 2007-11-30 12:39:22 755,576 ----a-w C:\WINNT\$hf_mig$\KB951072-v2\update\update.exe
    + 2007-11-30 12:39:22 382,840 ----a-w C:\WINNT\$hf_mig$\KB951072-v2\update\updspapi.dll
    + 2008-06-13 09:52:16 272,128 ----a-w C:\WINNT\$hf_mig$\KB951376-v2\SP2QFE\bthport.sys
    + 2008-06-13 11:05:51 272,128 ----a-w C:\WINNT\$hf_mig$\KB951376-v2\SP3GDR\bthport.sys
    + 2008-06-13 11:27:43 272,128 ----a-w C:\WINNT\$hf_mig$\KB951376-v2\SP3QFE\bthport.sys
    + 2007-11-30 11:18:51 17,272 ----a-w C:\WINNT\$hf_mig$\KB951376-v2\spmsg.dll
    + 2007-11-30 11:18:51 231,288 ----a-w C:\WINNT\$hf_mig$\KB951376-v2\spuninst.exe
    + 2007-11-30 11:18:51 26,488 ----a-w C:\WINNT\$hf_mig$\KB951376-v2\update\spcustom.dll
    + 2007-11-30 11:18:51 755,576 ----a-w C:\WINNT\$hf_mig$\KB951376-v2\update\update.exe
    + 2007-11-30 11:18:51 382,840 ----a-w C:\WINNT\$hf_mig$\KB951376-v2\update\updspapi.dll
    + 2008-05-07 04:55:40 1,288,192 ----a-w C:\WINNT\$hf_mig$\KB951698\SP2QFE\quartz.dll
    + 2008-05-07 05:12:40 1,288,192 ----a-w C:\WINNT\$hf_mig$\KB951698\SP3GDR\quartz.dll
    + 2008-05-07 05:04:15 1,288,192 ----a-w C:\WINNT\$hf_mig$\KB951698\SP3QFE\quartz.dll
    + 2007-11-30 11:18:51 17,272 ----a-w C:\WINNT\$hf_mig$\KB951698\spmsg.dll
    + 2007-11-30 11:18:51 231,288 ----a-w C:\WINNT\$hf_mig$\KB951698\spuninst.exe
    + 2007-11-30 11:18:51 26,488 ----a-w C:\WINNT\$hf_mig$\KB951698\update\spcustom.dll
    + 2007-11-30 12:39:22 755,576 ----a-w C:\WINNT\$hf_mig$\KB951698\update\update.exe
    + 2007-11-30 12:39:22 382,840 ----a-w C:\WINNT\$hf_mig$\KB951698\update\updspapi.dll
    + 2006-08-16 12:08:32 100,352 ----a-w C:\WINNT\$hf_mig$\KB951748\SP2QFE\6to4svc.dll
    + 2008-06-20 10:44:08 138,368 ----a-w C:\WINNT\$hf_mig$\KB951748\SP2QFE\afd.sys
    + 2008-06-20 17:36:11 147,968 ----a-w C:\WINNT\$hf_mig$\KB951748\SP2QFE\dnsapi.dll
    + 2008-06-20 17:36:11 245,248 ----a-w C:\WINNT\$hf_mig$\KB951748\SP2QFE\mswsock.dll
    + 2008-06-20 10:44:42 360,960 ----a-w C:\WINNT\$hf_mig$\KB951748\SP2QFE\tcpip.sys
    + 2008-06-20 09:32:39 225,920 ----a-w C:\WINNT\$hf_mig$\KB951748\SP2QFE\tcpip6.sys
    + 2008-06-20 11:40:08 138,496 ----a-w C:\WINNT\$hf_mig$\KB951748\SP3GDR\afd.sys
    + 2008-06-20 17:46:57 147,968 ----a-w C:\WINNT\$hf_mig$\KB951748\SP3GDR\dnsapi.dll
    + 2008-06-20 17:46:57 245,248 ----a-w C:\WINNT\$hf_mig$\KB951748\SP3GDR\mswsock.dll
    + 2008-06-20 11:51:12 361,600 ----a-w C:\WINNT\$hf_mig$\KB951748\SP3GDR\tcpip.sys
    + 2008-06-20 11:08:27 225,856 ----a-w C:\WINNT\$hf_mig$\KB951748\SP3GDR\tcpip6.sys
    + 2008-06-20 11:48:03 138,496 ----a-w C:\WINNT\$hf_mig$\KB951748\SP3QFE\afd.sys
    + 2008-06-20 17:43:05 147,968 ----a-w C:\WINNT\$hf_mig$\KB951748\SP3QFE\dnsapi.dll
    + 2008-06-20 17:43:05 245,248 ----a-w C:\WINNT\$hf_mig$\KB951748\SP3QFE\mswsock.dll
    + 2008-06-20 11:59:02 361,600 ----a-w C:\WINNT\$hf_mig$\KB951748\SP3QFE\tcpip.sys
    + 2008-06-20 11:16:44 225,856 ----a-w C:\WINNT\$hf_mig$\KB951748\SP3QFE\tcpip6.sys
    + 2007-11-30 12:39:22 17,272 ----a-w C:\WINNT\$hf_mig$\KB951748\spmsg.dll
    + 2007-11-30 12:39:22 231,288 ----a-w C:\WINNT\$hf_mig$\KB951748\spuninst.exe
    + 2007-11-30 12:39:22 26,488 ----a-w C:\WINNT\$hf_mig$\KB951748\update\spcustom.dll
    + 2007-11-30 12:39:18 755,576 ----a-w C:\WINNT\$hf_mig$\KB951748\update\update.exe
    + 2007-11-30 12:39:19 382,840 ----a-w C:\WINNT\$hf_mig$\KB951748\update\updspapi.dll
    + 2008-06-24 16:28:00 74,240 ----a-w C:\WINNT\$hf_mig$\KB952954\SP2QFE\mscms.dll
    + 2008-06-24 16:43:16 74,240 ----a-w C:\WINNT\$hf_mig$\KB952954\SP3GDR\mscms.dll
    + 2008-06-24 16:53:10 74,240 ----a-w C:\WINNT\$hf_mig$\KB952954\SP3QFE\mscms.dll
    + 2007-11-30 12:39:22 17,272 ----a-w C:\WINNT\$hf_mig$\KB952954\spmsg.dll
    + 2007-11-30 12:39:22 231,288 ----a-w C:\WINNT\$hf_mig$\KB952954\spuninst.exe
    + 2007-11-30 12:39:22 26,488 ----a-w C:\WINNT\$hf_mig$\KB952954\update\spcustom.dll
    + 2007-11-30 12:39:22 755,576 ----a-w C:\WINNT\$hf_mig$\KB952954\update\update.exe
    + 2007-11-30 12:39:22 382,840 ----a-w C:\WINNT\$hf_mig$\KB952954\update\updspapi.dll
    + 2008-06-23 15:09:27 3,067,392 ----a-w C:\WINNT\$hf_mig$\KB953838\SP3GDR\mshtml.dll
    + 2008-06-26 08:15:29 1,499,136 ----a-w C:\WINNT\$hf_mig$\KB953838\SP3GDR\shdocvw.dll
    + 2008-06-26 08:15:30 619,520 ----a-w C:\WINNT\$hf_mig$\KB953838\SP3GDR\urlmon.dll
    + 2008-06-23 15:09:27 666,112 ----a-w C:\WINNT\$hf_mig$\KB953838\SP3GDR\wininet.dll
    + 2008-06-25 04:24:48 3,067,904 ----a-w C:\WINNT\$hf_mig$\KB953838\SP3QFE\mshtml.dll
    + 2008-06-26 08:00:52 1,499,136 ----a-w C:\WINNT\$hf_mig$\KB953838\SP3QFE\shdocvw.dll
    + 2008-06-26 08:00:52 619,520 ----a-w C:\WINNT\$hf_mig$\KB953838\SP3QFE\urlmon.dll
    + 2008-06-23 14:54:47 666,624 ----a-w C:\WINNT\$hf_mig$\KB953838\SP3QFE\wininet.dll
    + 2007-11-30 12:39:22 17,272 ----a-w C:\WINNT\$hf_mig$\KB953838\spmsg.dll
    + 2007-11-30 12:39:22 231,288 ----a-w C:\WINNT\$hf_mig$\KB953838\spuninst.exe
    + 2007-11-30 12:39:22 26,488 ----a-w C:\WINNT\$hf_mig$\KB953838\update\spcustom.dll
    + 2007-11-30 12:39:18 755,576 ----a-w C:\WINNT\$hf_mig$\KB953838\update\update.exe
    + 2007-11-30 12:39:19 382,840 ----a-w C:\WINNT\$hf_mig$\KB953838\update\updspapi.dll
    + 2005-02-25 03:35:05 209,632 -c----w C:\WINNT\$NtUninstallKB898461$\spuninst\spuninst.exe
    + 2005-02-25 03:35:06 371,936 -c----w C:\WINNT\$NtUninstallKB898461$\spuninst\updspapi.dll
    + 2005-06-28 17:23:24 213,216 -c----w C:\WINNT\$NtUninstallKB923689$\spuninst\spuninst.exe
    + 2005-06-28 17:23:53 371,424 -c----w C:\WINNT\$NtUninstallKB923689$\spuninst\updspapi.dll
    + 2005-01-28 12:44:28 2,370,296 -c----w C:\WINNT\$NtUninstallKB923689$\wmvcore.dll
    + 2005-06-28 10:23:26 213,216 -c----w C:\WINNT\$NtUninstallKB936782_WMP10$\spuninst\spuninst.exe
    + 2005-06-28 10:23:54 371,424 -c----w C:\WINNT\$NtUninstallKB936782_WMP10$\spuninst\updspapi.dll
    + 2006-03-10 05:09:14 5,533,696 -c----w C:\WINNT\$NtUninstallKB936782_WMP10$\wmp.dll
    + 2007-10-27 16:39:36 213,216 -c----w C:\WINNT\$NtUninstallKB941569$\spuninst\spuninst.exe
    + 2007-10-27 16:39:46 371,424 -c----w C:\WINNT\$NtUninstallKB941569$\spuninst\updspapi.dll
    + 2005-01-28 12:44:28 224,768 -c----w C:\WINNT\$NtUninstallKB941569$\wmasf.dll
    + 2007-11-30 11:18:51 231,288 -c----w C:\WINNT\$NtUninstallKB942763$\spuninst\spuninst.exe
    + 2007-11-30 11:18:51 382,840 -c----w C:\WINNT\$NtUninstallKB942763$\spuninst\updspapi.dll
    + 2004-08-04 08:00:00 561,179 -c----w C:\WINNT\$NtUninstallKB950749$\dao360.dll
    + 2004-08-04 08:00:00 512,029 -c----w C:\WINNT\$NtUninstallKB950749$\msexch40.dll
    + 2004-08-04 08:00:00 319,517 -c----w C:\WINNT\$NtUninstallKB950749$\msexcl40.dll
    + 2004-08-04 08:00:00 1,507,356 -c----w C:\WINNT\$NtUninstallKB950749$\msjet40.dll
    + 2004-08-04 08:00:00 358,976 -c----w C:\WINNT\$NtUninstallKB950749$\msjetol1.dll
    + 2004-08-04 08:00:00 358,976 -c----w C:\WINNT\$NtUninstallKB950749$\msjetoledb40.dll
    + 2004-08-04 08:00:00 151,583 -c----w C:\WINNT\$NtUninstallKB950749$\msjint40.dll
    + 2004-08-04 08:00:00 53,279 -c----w C:\WINNT\$NtUninstallKB950749$\msjter40.dll
    + 2004-08-04 08:00:00 241,693 -c----w C:\WINNT\$NtUninstallKB950749$\msjtes40.dll
    + 2004-08-04 08:00:00 213,023 -c----w C:\WINNT\$NtUninstallKB950749$\msltus40.dll
    + 2004-08-04 08:00:00 348,189 -c----w C:\WINNT\$NtUninstallKB950749$\mspbde40.dll
    + 2004-08-04 08:00:00 421,919 -c----w C:\WINNT\$NtUninstallKB950749$\msrd2x40.dll
    + 2004-08-04 08:00:00 315,423 -c----w C:\WINNT\$NtUninstallKB950749$\msrd3x40.dll
    + 2004-08-04 08:00:00 552,989 -c----w C:\WINNT\$NtUninstallKB950749$\msrepl40.dll
    + 2004-08-04 08:00:00 258,077 -c----w C:\WINNT\$NtUninstallKB950749$\mstext40.dll
    + 2004-08-04 08:00:00 831,519 -c----w C:\WINNT\$NtUninstallKB950749$\mswdat10.dll
    + 2004-08-04 08:00:00 614,429 -c----w C:\WINNT\$NtUninstallKB950749$\mswstr10.dll
    + 2004-08-04 08:00:00 348,189 -c----w C:\WINNT\$NtUninstallKB950749$\msxbde40.dll
    + 2007-03-06 01:22:41 213,216 -c----w C:\WINNT\$NtUninstallKB950749$\spuninst\spuninst.exe
    + 2007-03-06 01:23:51 371,424 -c----w C:\WINNT\$NtUninstallKB950749$\spuninst\updspapi.dll
    + 2006-03-04 03:58:42 1,022,976 -c----w C:\WINNT\$NtUninstallKB950759$\browseui.dll
    + 2006-03-04 03:58:42 151,040 -c----w C:\WINNT\$NtUninstallKB950759$\cdfview.dll
    + 2006-03-04 03:58:44 1,054,208 -c----w C:\WINNT\$NtUninstallKB950759$\danim.dll
    + 2004-08-04 08:00:00 357,888 -c----w C:\WINNT\$NtUninstallKB950759$\dxtmsft.dll
    + 2006-03-04 03:58:44 205,312 -c----w C:\WINNT\$NtUninstallKB950759$\dxtrans.dll
    + 2006-03-04 03:58:44 55,808 -c----w C:\WINNT\$NtUninstallKB950759$\extmgr.dll
    + 2004-08-04 08:00:00 18,432 -c----w C:\WINNT\$NtUninstallKB950759$\iedw.exe
    + 2006-03-04 03:58:44 251,904 -c----w C:\WINNT\$NtUninstallKB950759$\iepeers.dll
    + 2006-03-04 03:58:44 96,256 -c----w C:\WINNT\$NtUninstallKB950759$\inseng.dll
    + 2004-08-04 08:00:00 15,872 -c----w C:\WINNT\$NtUninstallKB950759$\jsproxy.dll
    + 2006-03-23 20:31:39 3,055,616 -c----w C:\WINNT\$NtUninstallKB950759$\mshtml.dll
    + 2006-03-04 03:58:48 448,512 -c----w C:\WINNT\$NtUninstallKB950759$\mshtmled.dll
    + 2006-03-04 03:58:48 146,432 -c----w C:\WINNT\$NtUninstallKB950759$\msrating.dll
    + 2006-03-04 03:58:48 532,480 -c----w C:\WINNT\$NtUninstallKB950759$\mstime.dll
    + 2006-03-04 03:58:48 39,424 -c----w C:\WINNT\$NtUninstallKB950759$\pngfilt.dll
    + 2006-03-30 09:27:01 1,495,040 -c----w C:\WINNT\$NtUninstallKB950759$\shdocvw.dll
    + 2006-03-04 03:58:50 474,112 -c----w C:\WINNT\$NtUninstallKB950759$\shlwapi.dll
    + 2007-11-30 12:39:22 231,288 -c----w C:\WINNT\$NtUninstallKB950759$\spuninst\spuninst.exe
    + 2007-11-30 12:39:22 382,840 -c----w C:\WINNT\$NtUninstallKB950759$\spuninst\updspapi.dll
    + 2006-03-18 11:04:10 614,400 -c----w C:\WINNT\$NtUninstallKB950759$\urlmon.dll
    + 2006-03-04 03:58:52 663,552 -c----w C:\WINNT\$NtUninstallKB950759$\wininet.dll
    + 2006-03-30 01:31:04 23,040 -c----w C:\WINNT\$NtUninstallKB950759$\xpsp3res.dll
    + 2007-11-30 12:39:22 231,288 -c----w C:\WINNT\$NtUninstallKB950760$\spuninst\spuninst.exe
    + 2007-11-30 12:39:22 382,840 -c----w C:\WINNT\$NtUninstallKB950760$\spuninst\updspapi.dll
    + 2004-08-04 08:00:00 200,064 -c----w C:\WINNT\$NtUninstallKB950762$\rmcast.sys
    + 2007-11-30 12:39:22 231,288 -c----w C:\WINNT\$NtUninstallKB950762$\spuninst\spuninst.exe
    + 2007-11-30 12:39:22 382,840 -c----w C:\WINNT\$NtUninstallKB950762$\spuninst\updspapi.dll
    + 2004-08-03 23:10:38 274,304 -c----w C:\WINNT\$NtUninstallKB951376-v2$\bthport.sys
    + 2007-11-30 11:18:51 231,288 -c----w C:\WINNT\$NtUninstallKB951376-v2$\spuninst\spuninst.exe
    + 2007-11-30 11:18:51 382,840 -c----w C:\WINNT\$NtUninstallKB951376-v2$\spuninst\updspapi.dll
    + 2005-08-30 03:54:26 1,287,168 -c----w C:\WINNT\$NtUninstallKB951698$\quartz.dll
    + 2007-11-30 11:18:51 231,288 -c----w C:\WINNT\$NtUninstallKB951698$\spuninst\spuninst.exe
    + 2007-11-30 12:39:22 382,840 -c----w C:\WINNT\$NtUninstallKB951698$\spuninst\updspapi.dll
    + 2004-08-04 08:00:00 100,352 -c----w C:\WINNT\$NtUninstallKB951748$\6to4svc.dll
    + 2004-08-04 08:00:00 138,496 -c----w C:\WINNT\$NtUninstallKB951748$\afd.sys
    + 2004-08-04 08:00:00 148,480 -c----w C:\WINNT\$NtUninstallKB951748$\dnsapi.dll
    + 2004-08-04 08:00:00 245,248 -c----w C:\WINNT\$NtUninstallKB951748$\mswsock.dll
    + 2007-11-30 12:39:22 231,288 -c----w C:\WINNT\$NtUninstallKB951748$\spuninst\spuninst.exe
    + 2007-11-30 12:39:19 382,840 -c----w C:\WINNT\$NtUninstallKB951748$\spuninst\updspapi.dll
    + 2006-01-13 02:28:14 359,808 -c----w C:\WINNT\$NtUninstallKB951748$\tcpip.sys
    + 2004-08-04 08:00:00 223,616 -c----w C:\WINNT\$NtUninstallKB951748$\tcpip6.sys
    - 2006-05-16 10:22:42 997,992 -c--a-w C:\WINNT\assembly\GAC\Microsoft.Office.Interop.Access\11.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.Access.dll
    + 2008-09-02 21:23:15 1,000,848 ----a-w C:\WINNT\assembly\GAC\Microsoft.Office.Interop.Access\11.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.Access.dll
    - 2006-05-16 10:22:42 1,100,392 -c--a-w C:\WINNT\assembly\GAC\Microsoft.Office.Interop.Excel\11.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.Excel.dll
    + 2008-09-02 21:24:03 1,103,248 ----a-w C:\WINNT\assembly\GAC\Microsoft.Office.Interop.Excel\11.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.Excel.dll
    - 2006-05-16 10:22:43 141,928 -c--a-w C:\WINNT\assembly\GAC\Microsoft.Office.Interop.Graph\11.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.Graph.dll
    + 2008-09-02 21:23:35 144,784 ----a-w C:\WINNT\assembly\GAC\Microsoft.Office.Interop.Graph\11.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.Graph.dll
    - 2006-05-16 10:25:44 88,776 -c--a-w C:\WINNT\assembly\GAC\Microsoft.Office.Interop.InfoPath.Xml\11.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.InfoPath.Xml.dll
    + 2008-09-02 21:24:22 91,488 ----a-w C:\WINNT\assembly\GAC\Microsoft.Office.Interop.InfoPath.Xml\11.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.InfoPath.Xml.dll
    - 2006-05-16 10:25:43 101,064 -c--a-w C:\WINNT\assembly\GAC\Microsoft.Office.Interop.InfoPath\11.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.InfoPath.dll
    + 2008-09-02 21:24:21 103,776 ----a-w C:\WINNT\assembly\GAC\Microsoft.Office.Interop.InfoPath\11.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.InfoPath.dll
    - 2006-05-16 10:22:43 461,416 -c--a-w C:\WINNT\assembly\GAC\Microsoft.Office.Interop.Owc11\11.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.Owc11.dll
    + 2008-09-02 21:23:59 464,272 ----a-w C:\WINNT\assembly\GAC\Microsoft.Office.Interop.Owc11\11.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.Owc11.dll
    - 2006-05-16 10:22:43 223,856 -c--a-w C:\WINNT\assembly\GAC\Microsoft.Office.Interop.PowerPoint\11.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.PowerPoint.dll
    + 2008-09-02 21:24:17 226,712 ----a-w C:\WINNT\assembly\GAC\Microsoft.Office.Interop.PowerPoint\11.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.PowerPoint.dll
    - 2006-05-16 10:22:43 20,080 -c--a-w C:\WINNT\assembly\GAC\Microsoft.Office.Interop.SmartTag\11.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.SmartTag.dll
    + 2008-09-02 21:23:57 22,928 ----a-w C:\WINNT\assembly\GAC\Microsoft.Office.Interop.SmartTag\11.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.SmartTag.dll
    - 2006-05-16 10:22:43 662,120 -c--a-w C:\WINNT\assembly\GAC\Microsoft.Office.Interop.Word\11.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.Word.dll
    + 2008-09-02 21:24:12 664,968 ----a-w C:\WINNT\assembly\GAC\Microsoft.Office.Interop.Word\11.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.Word.dll
    - 2006-05-16 10:22:42 371,296 -c--a-w C:\WINNT\assembly\GAC\Microsoft.Vbe.Interop.Forms\11.0.0.0__71e9bce111e9429c\Microsoft.Vbe.Interop.Forms.dll
    + 2008-09-02 21:23:34 374,152 ----a-w C:\WINNT\assembly\GAC\Microsoft.Vbe.Interop.Forms\11.0.0.0__71e9bce111e9429c\Microsoft.Vbe.Interop.Forms.dll
    - 2006-05-16 10:22:43 64,088 -c--a-w C:\WINNT\assembly\GAC\Microsoft.Vbe.Interop\11.0.0.0__71e9bce111e9429c\Microsoft.Vbe.Interop.dll
    + 2008-09-02 21:23:29 66,936 ----a-w C:\WINNT\assembly\GAC\Microsoft.Vbe.Interop\11.0.0.0__71e9bce111e9429c\Microsoft.Vbe.Interop.dll
    - 2006-05-16 10:22:43 223,800 -c--a-w C:\WINNT\assembly\GAC\office\11.0.0.0__71e9bce111e9429c\OFFICE.DLL
    + 2008-09-02 21:23:21 226,656 ----a-w C:\WINNT\assembly\GAC\office\11.0.0.0__71e9bce111e9429c\OFFICE.DLL
    - 2006-05-16 10:19:40 1,257,472 -c--a-w C:\WINNT\assembly\GAC\System.Web\1.0.5000.0__b03f5f7f11d50a3a\System.Web.dll
    + 2008-08-01 20:09:59 1,265,664 ----a-w C:\WINNT\assembly\GAC\System.Web\1.0.5000.0__b03f5f7f11d50a3a\System.Web.dll
    - 2006-05-16 10:16:12 1,224,704 -c--a-w C:\WINNT\assembly\GAC\System\1.0.5000.0__b77a5c561934e089\System.dll
    + 2008-08-01 20:10:00 1,232,896 ----a-w C:\WINNT\assembly\GAC\System\1.0.5000.0__b77a5c561934e089\System.dll
    + 2008-08-01 20:10:11 61,440 ----a-w C:\WINNT\assembly\NativeImages1_v1.1.4322\CustomMarshalers\1.0.5000.0__b03f5f7f11d50a3a_088bb0be\CustomMarshalers.dll
    + 2008-08-01 20:10:42 118,784 ----a-w C:\WINNT\assembly\NativeImages1_v1.1.4322\CustomMarshalers\1.0.5000.0__b03f5f7f11d50a3a_63382fd7\CustomMarshalers.dll
    + 2008-08-01 20:10:54 8,908,800 ----a-w C:\WINNT\assembly\NativeImages1_v1.1.4322\mscorlib\1.0.5000.0__b77a5c561934e089_179b4db8\mscorlib.dll
    + 2008-08-01 20:10:38 3,391,488 ----a-w C:\WINNT\assembly\NativeImages1_v1.1.4322\mscorlib\1.0.5000.0__b77a5c561934e089_36f42c92\mscorlib.dll
    + 2008-08-01 20:10:49 3,395,584 ----a-w C:\WINNT\assembly\NativeImages1_v1.1.4322\System.Design\1.0.5000.0__b03f5f7f11d50a3a_69a05c41\System.Design.dll
    + 2008-08-01 20:10:32 1,470,464 ----a-w C:\WINNT\assembly\NativeImages1_v1.1.4322\System.Design\1.0.5000.0__b03f5f7f11d50a3a_7489f320\System.Design.dll
    + 2008-08-01 20:10:12 90,112 ----a-w C:\WINNT\assembly\NativeImages1_v1.1.4322\System.Drawing.Design\1.0.5000.0__b03f5f7f11d50a3a_14703a85\System.Drawing.Design.dll
    + 2008-08-01 20:10:43 192,512 ----a-w C:\WINNT\assembly\NativeImages1_v1.1.4322\System.Drawing.Design\1.0.5000.0__b03f5f7f11d50a3a_aed2df02\System.Drawing.Design.dll
    + 2008-08-01 20:10:35 835,584 ----a-w C:\WINNT\assembly\NativeImages1_v1.1.4322\System.Drawing\1.0.5000.0__b03f5f7f11d50a3a_45d63502\System.Drawing.dll
    + 2008-08-01 20:10:50 2,244,608 ----a-w C:\WINNT\assembly\NativeImages1_v1.1.4322\System.Drawing\1.0.5000.0__b03f5f7f11d50a3a_e13c3ab3\System.Drawing.dll
    + 2008-08-01 20:10:20 3,018,752 ----a-w C:\WINNT\assembly\NativeImages1_v1.1.4322\System.Windows.Forms\1.0.5000.0__b77a5c561934e089_08c9b946\System.Windows.Forms.dll
    + 2008-08-01 20:10:46 7,884,800 ----a-w C:\WINNT\assembly\NativeImages1_v1.1.4322\System.Windows.Forms\1.0.5000.0__b77a5c561934e089_69874c05\System.Windows.Forms.dll
    + 2008-08-01 20:10:26 2,088,960 ----a-w C:\WINNT\assembly\NativeImages1_v1.1.4322\System.Xml\1.0.5000.0__b77a5c561934e089_12a8ad77\System.Xml.dll
    + 2008-08-01 20:10:48 5,513,216 ----a-w C:\WINNT\assembly\NativeImages1_v1.1.4322\System.Xml\1.0.5000.0__b77a5c561934e089_e74b763f\System.Xml.dll
    + 2008-08-01 20:10:10 1,966,080 ----a-w C:\WINNT\assembly\NativeImages1_v1.1.4322\System\1.0.5000.0__b77a5c561934e089_4d338382\System.dll
    + 2008-08-01 20:10:42 4,788,224 ----a-w C:\WINNT\assembly\NativeImages1_v1.1.4322\System\1.0.5000.0__b77a5c561934e089_ed33ec3c\System.dll
    + 2008-06-13 13:10:50 272,128 ------w C:\WINNT\Driver Cache\i386\bthport.sys
    + 2006-05-16 10:22:42 997,992 ----a-r C:\WINNT\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\ACCESS.DLL
    + 2003-07-14 21:57:34 38,968 ----a-r C:\WINNT\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\AUTHZAX.DLL
    + 2003-07-14 21:53:06 94,768 ----a-r C:\WINNT\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\AW.DLL
    + 2003-07-14 21:53:22 46,144 ----a-r C:\WINNT\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\BLNMGRPS.DLL
    + 2003-07-14 21:56:54 14,904 ----a-r C:\WINNT\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\DSITF.DLL
    + 2003-07-14 21:57:14 98,360 ----a-r C:\WINNT\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\DSSM.EXE
    + 2006-05-16 10:22:42 1,100,392 ----a-r C:\WINNT\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\EXCELPIA.DLL
    + 2002-10-07 08:49:36 192,573 ----a-r C:\WINNT\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\FORM.DLL
    + 2006-05-16 10:22:42 371,296 ----a-r C:\WINNT\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\FORMSPIA.DLL
    + 2003-07-14 21:40:12 179,768 ----a-r C:\WINNT\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\FPERSON.DLL
    + 2003-07-14 21:40:12 165,944 ----a-r C:\WINNT\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\FPLACE.DLL
    + 2006-05-16 10:22:43 141,928 ----a-r C:\WINNT\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\GRAPHPIA.DLL
    + 2003-07-14 21:45:14 58,944 ----a-r C:\WINNT\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\INLAUNCH.DLL
    + 2003-06-18 16:31:10 252,928 ----a-r C:\WINNT\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\MDIINK.DLL
    + 2003-07-14 21:57:14 124,480 ----a-r C:\WINNT\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\MSB1CORE.DLL
    + 2003-07-14 22:12:22 47,872 ----a-r C:\WINNT\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\MSB1XTOR.DLL
    + 2003-07-14 21:56:14 40,504 ----a-r C:\WINNT\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\MSE7.EXE
    + 2003-07-14 21:51:44 87,104 ----a-r C:\WINNT\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\MSENCODE.DLL
    + 2003-07-14 21:52:52 17,464 ----a-r C:\WINNT\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\MSMH.DLL
    + 2003-07-14 21:57:16 120,888 ----a-r C:\WINNT\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\MSOAUTH.DLL
    + 2003-07-14 21:52:52 27,704 ----a-r C:\WINNT\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\MSODCW.DLL
    + 2003-07-14 21:44:06 25,144 ----a-r C:\WINNT\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\MSOEURO.DLL
    + 2003-07-14 21:52:56 55,360 ----a-r C:\WINNT\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\MSOHTMED.EXE
    + 2003-07-14 21:56:16 54,328 ----a-r C:\WINNT\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\MSOMSE.DLL
    + 2003-07-11 01:15:48 1,292,872 ----a-r C:\WINNT\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\MSONSEXT.DLL
    + 2003-07-15 02:18:52 376,888 ----a-r C:\WINNT\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\MSORUN.DLL
    + 2003-07-14 21:52:54 28,224 ----a-r C:\WINNT\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\MSOSTYLE.DLL
    + 2003-07-14 21:52:52 35,896 ----a-r C:\WINNT\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\MSOSV.DLL
    + 2003-07-14 21:46:16 42,040 ----a-r C:\WINNT\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\MSOXEV.DLL
    + 2003-07-14 21:45:12 55,360 ----a-r C:\WINNT\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\MSOXMLED.EXE
    + 2003-07-14 21:45:12 39,488 ----a-r C:\WINNT\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\MSOXMLMF.DLL
    + 2003-06-18 16:31:54 788,480 ----a-r C:\WINNT\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\MSPFILT.DLL
    + 2003-06-18 16:31:50 16,384 ----a-r C:\WINNT\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\MSPGIMME.DLL
    + 2003-06-19 15:05:52 128,104 ----a-r C:\WINNT\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\MSPSCAN.EXE
    + 2003-06-19 15:05:50 364,648 ----a-r C:\WINNT\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\MSPVIEW.EXE
    + 2003-07-14 22:02:42 637,496 ----a-r C:\WINNT\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\MSQRY32.EXE
    + 2003-07-14 21:52:58 41,528 ----a-r C:\WINNT\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\MSSH.DLL
    + 2006-05-16 10:22:43 20,080 ----a-r C:\WINNT\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\MSTAGPIA.DLL
    + 2003-07-14 22:00:54 145,984 ----a-r C:\WINNT\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\MSWEBCAP.DLL
    + 2003-07-14 21:57:10 56,888 ----a-r C:\WINNT\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\NAME.DLL
    + 2003-07-14 21:56:52 13,888 ----a-r C:\WINNT\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\NPOFFICE.DLL
    + 2003-06-18 16:31:58 6,144 ----a-r C:\WINNT\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\OCRPS.DLL
    + 2006-05-16 10:22:43 223,800 ----a-r C:\WINNT\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\OFFICE.DLL
    + 2003-07-15 02:14:26 242,240 ----a-r C:\WINNT\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\OISGRAPH.DLL
    + 2003-07-14 22:05:24 1,054,264 ----a-r C:\WINNT\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\OMFC.DLL
    + 2003-07-14 22:05:24 1,054,264 ----a-r C:\WINNT\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\OMFC.DLL_0002
    + 2006-05-16 10:22:43 461,416 ----a-r C:\WINNT\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\OWC11PIA.DLL
    + 2003-07-15 02:18:44 93,752 ----a-r C:\WINNT\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\PP7X32.DLL
    + 2006-05-16 10:22:43 223,856 ----a-r C:\WINNT\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\PPTPIA.DLL
    + 2002-10-07 09:11:00 167,997 ----a-r C:\WINNT\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\PSOM.DLL
    + 2003-05-08 20:54:00 77,824 ----a-r C:\WINNT\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\REFEDIT.DLL
    + 2003-07-14 21:57:08 40,512 ----a-r C:\WINNT\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\REFIEBAR.DLL
    + 2002-10-07 08:49:42 81,984 ----a-r C:\WINNT\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\REVERSE.DLL
    + 2003-07-14 21:57:18 349,248 ----a-r C:\WINNT\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\SELFCERT.EXE
    + 2003-07-14 21:57:08 58,944 ----a-r C:\WINNT\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\SEQCHK10.DLL
    + 2003-07-14 21:53:14 11,848 ----a-r C:\WINNT\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\SMARTTAGINSTALL.EXE
    + 2002-10-07 08:53:04 106,561 ----a-r C:\WINNT\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\THOCRAPI.DLL
    + 2002-10-07 08:50:44 241,729 ----a-r C:\WINNT\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\TWCUTCHR.DLL
    + 2002-10-07 08:51:04 180,289 ----a-r C:\WINNT\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\TWCUTLIN.DLL
    + 2002-10-07 08:51:14 147,520 ----a-r C:\WINNT\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\TWLAY32.DLL
    + 2002-10-07 08:51:20 102,467 ----a-r C:\WINNT\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\TWORIENT.DLL
    + 2002-10-07 08:50:04 118,847 ----a-r C:\WINNT\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\TWRECE.DLL
    + 2002-10-07 08:49:56 81,983 ----a-r C:\WINNT\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\TWRECS.DLL
    + 2002-10-07 08:51:44 221,252 ----a-r C:\WINNT\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\TWSTRUCT.DLL
    + 2003-07-14 21:57:40 59,960 ----a-r C:\WINNT\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\UNBIND.EXE
    + 2006-05-16 10:22:43 64,088 ----a-r C:\WINNT\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\VBIDEPIA.DLL
    + 2006-05-16 10:22:43 662,120 ----a-r C:\WINNT\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\WORDPIA.DLL
    + 2002-10-07 09:03:34 1,794,113 ----a-r C:\WINNT\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\XIMAGE3B.DLL
    + 2003-04-30 10:52:32 1,581,120 ----a-r C:\WINNT\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\XPAGE3C.DLL
    + 2003-01-17 13:03:34 59,466 ----a-r C:\WINNT\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\XSCAN32.DAT
    + 2001-06-05 07:13:22 289,926 ----a-r C:\WINNT\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.8173\ENGDIC.DAT
    + 2001-06-05 07:13:22 34,168 ----a-r C:\WINNT\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.8173\ENGIDX.DAT
    + 2001-06-05 07:13:24 18,844 ----a-r C:\WINNT\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.8173\JFONT.DAT
    + 2001-06-05 07:13:26 65,536 ----a-r C:\WINNT\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.8173\LOOKUP.DAT
    + 2005-05-03 23:06:28 465,640 ----a-r C:\WINNT\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.8173\MSDMENG.DLL
    + 2005-05-03 23:06:32 1,411,816 ----a-r C:\WINNT\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.8173\MSDMINE.DLL
    + 2005-05-03 23:06:26 199,408 ----a-r C:\WINNT\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.8173\MSMDUN80.DLL
    + 2001-10-22 23:13:42 53,260 ----a-r C:\WINNT\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.8173\OCRHC.DAT
    + 2001-06-05 07:13:26 40,972 ----a-r C:\WINNT\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.8173\OCRVC.DAT
    + 2007-05-31 13:35:22 6,420,320 ----a-r C:\WINNT\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.8173\POWERPNT.EXE
    - 2006-05-16 10:27:42 593,920 ----a-r C:\WINNT\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\accicons.exe
    + 2008-09-02 21:27:38 593,920 ----a-r C:\WINNT\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\accicons.exe
    - 2006-05-16 10:27:42 12,288 -c--a-r C:\WINNT\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\cagicon.exe
    + 2008-09-02 21:27:38 12,288 ----a-r C:\WINNT\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\cagicon.exe
    - 2006-05-16 10:27:42 86,016 -c--a-r C:\WINNT\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\inficon.exe
    + 2008-09-02 21:27:38 86,016 ----a-r C:\WINNT\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\inficon.exe
    - 2006-05-16 10:27:42 135,168 ----a-r C:\WINNT\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\misc.exe
    + 2008-09-02 21:27:38 135,168 ----a-r C:\WINNT\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\misc.exe
    - 2006-05-16 10:27:42 11,264 -c--a-r C:\WINNT\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\mspicons.exe
    + 2008-09-02 21:27:38 11,264 ----a-r C:\WINNT\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\mspicons.exe
    - 2006-05-16 10:27:42 27,136 -c--a-r C:\WINNT\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\oisicon.exe
    + 2008-09-02 21:27:38 27,136 ----a-r C:\WINNT\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\oisicon.exe
    - 2006-05-16 10:27:42 4,096 -c--a-r C:\WINNT\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\opwicon.exe
    + 2008-09-02 21:27:38 4,096 ----a-r C:\WINNT\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\opwicon.exe
    - 2006-05-16 10:27:42 794,624 -c--a-r C:\WINNT\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\outicon.exe
    + 2008-09-02 21:27:39 794,624 ----a-r C:\WINNT\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\outicon.exe
    - 2006-05-16 10:27:42 249,856 ----a-r C:\WINNT\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\pptico.exe
    + 2008-09-02 21:27:38 249,856 ----a-r C:\WINNT\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\pptico.exe
    - 2006-05-16 10:27:42 61,440 -c--a-r C:\WINNT\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\pubs.exe
    + 2008-09-02 21:27:38 61,440 ----a-r C:\WINNT\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\pubs.exe
    - 2006-05-16 10:27:42 23,040 -c--a-r C:\WINNT\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\unbndico.exe
    + 2008-09-02 21:27:39 23,040 ----a-r C:\WINNT\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\unbndico.exe
    - 2006-05-16 10:27:42 286,720 ----a-r C:\WINNT\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\wordicon.exe
    + 2008-09-02 21:27:38 286,720 ----a-r C:\WINNT\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\wordicon.exe
    - 2006-05-16 10:27:42 409,600 ----a-r C:\WINNT\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\xlicons.exe
    + 2008-09-02 21:27:38 409,600 ----a-r C:\WINNT\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\xlicons.exe
    + 2008-08-01 20:07:14 32,768 ----a-r C:\WINNT\Installer\{C04E32E0-0416-434D-AFB9-6969D703A9EF}\icon.exe
    - 2004-07-15 00:49:16 258,048 -c--a-w C:\WINNT\Microsoft.NET\Framework\v1.1.4322\aspnet_isapi.dll
    + 2007-04-13 21:30:52 258,048 ----a-w C:\WINNT\Microsoft.NET\Framework\v1.1.4322\aspnet_isapi.dll
    - 2004-07-15 00:49:22 32,768 -c--a-w C:\WINNT\Microsoft.NET\Framework\v1.1.4322\aspnet_wp.exe
    + 2007-04-13 21:30:52 32,768 ----a-w C:\WINNT\Microsoft.NET\Framework\v1.1.4322\aspnet_wp.exe
    - 2004-07-14 23:32:22 81,920 -c--a-w C:\WINNT\Microsoft.NET\Framework\v1.1.4322\CORPerfMonExt.dll
    + 2007-04-13 20:57:52 81,920 ----a-w C:\WINNT\Microsoft.NET\Framework\v1.1.4322\CORPerfMonExt.dll
    - 2003-02-20 18:09:14 86,016 -c--a-w C:\WINNT\Microsoft.NET\Framework\v1.1.4322\mscorie.dll
    + 2007-04-13 20:57:58 86,016 ----a-w C:\WINNT\Microsoft.NET\Framework\v1.1.4322\mscorie.dll
    - 2004-07-14 23:25:06 315,392 -c--a-w C:\WINNT\Microsoft.NET\Framework\v1.1.4322\mscorjit.dll
    + 2007-04-13 20:56:30 315,392 ----a-w C:\WINNT\Microsoft.NET\Framework\v1.1.4322\mscorjit.dll
    - 2004-07-14 23:33:04 102,400 -c--a-w C:\WINNT\Microsoft.NET\Framework\v1.1.4322\mscorld.dll
    + 2007-04-13 20:58:00 102,400 ----a-w C:\WINNT\Microsoft.NET\Framework\v1.1.4322\mscorld.dll
    - 2004-07-15 13:29:02 2,138,112 -c--a-w C:\WINNT\Microsoft.NET\Framework\v1.1.4322\mscorlib.dll
    + 2007-04-13 20:50:46 2,142,208 ----a-w C:\WINNT\Microsoft.NET\Framework\v1.1.4322\mscorlib.dll
    - 2003-02-20 18:09:18 77,824 -c--a-w C:\WINNT\Microsoft.NET\Framework\v1.1.4322\mscorsn.dll
    + 2007-04-13 20:58:02 77,824 ----a-w C:\WINNT\Microsoft.NET\Framework\v1.1.4322\mscorsn.dll
    - 2004-07-14 23:26:52 2,510,848 -c--a-w C:\WINNT\Microsoft.NET\Framework\v1.1.4322\mscorsvr.dll
    + 2007-04-13 20:57:00 2,523,136 ----a-w C:\WINNT\Microsoft.NET\Framework\v1.1.4322\mscorsvr.dll
    - 2004-07-14 23:28:34 2,502,656 -c--a-w C:\WINNT\Microsoft.NET\Framework\v1.1.4322\mscorwks.dll
    + 2007-04-13 20:57:28 2,514,944 ----a-w C:\WINNT\Microsoft.NET\Framework\v1.1.4322\mscorwks.dll
    - 2004-08-10 15:20:00 106,496 -c--a-w C:\WINNT\Microsoft.NET\Framework\v1.1.4322\netfxupdate.exe
    + 2007-01-15 16:11:26 73,728 ----a-w C:\WINNT\Microsoft.NET\Framework\v1.1.4322\netfxupdate.exe
    + 2004-07-15 00:49:16 258,048 -c--a-w C:\WINNT\Microsoft.NET\Framework\v1.1.4322\SHADOW2912\_aspnet_isapi.dll
    + 2004-07-14 23:32:22 81,920 -c--a-w C:\WINNT\Microsoft.NET\Framework\v1.1.4322\SHADOW2912\_CORPerfMonExt.dll
    + 2004-07-14 23:24:30 282,624 -c--a-w C:\WINNT\Microsoft.NET\Framework\v1.1.4322\SHADOW2912\_fusion.dll
    + 2004-07-14 23:25:06 315,392 -c--a-w C:\WINNT\Microsoft.NET\Framework\v1.1.4322\SHADOW2912\_mscorjit.dll
    + 2004-07-15 13:29:02 2,138,112 -c--a-w C:\WINNT\Microsoft.NET\Framework\v1.1.4322\SHADOW2912\_mscorlib.dll
    + 2003-02-20 18:09:18 77,824 -c--a-w C:\WINNT\Microsoft.NET\Framework\v1.1.4322\SHADOW2912\_mscorsn.dll
    + 2004-07-14 23:26:52 2,510,848 -c--a-w C:\WINNT\Microsoft.NET\Framework\v1.1.4322\SHADOW2912\_mscorsvr.dll
    + 2004-07-14 23:28:34 2,502,656 -c--a-w C:\WINNT\Microsoft.NET\Framework\v1.1.4322\SHADOW2912\_mscorwks.dll
    + 2003-02-21 03:42:22 348,160 -c--a-w C:\WINNT\Microsoft.NET\Framework\v1.1.4322\SHADOW2912\_msvcr71.dll
    + 2004-07-14 23:34:50 94,208 -c--a-w C:\WINNT\Microsoft.NET\Framework\v1.1.4322\SHADOW2912\_PerfCounter.dll
    - 2004-07-15 13:31:16 1,224,704 -c--a-w C:\WINNT\Microsoft.NET\Framework\v1.1.4322\System.dll
    + 2007-04-13 21:35:38 1,232,896 ----a-w C:\WINNT\Microsoft.NET\Framework\v1.1.4322\System.dll
    - 2004-10-08 05:20:12 1,257,472 -c--a-w C:\WINNT\Microsoft.NET\Framework\v1.1.4322\System.Web.dll
    + 2007-04-13 21:35:46 1,265,664 ----a-w C:\WINNT\Microsoft.NET\Framework\v1.1.4322\System.Web.dll
    + 2007-07-30 19:19:20 92,504 ------w C:\WINNT\SoftwareDistribution\WebSetup\cdm.dll
    + 2007-07-30 19:19:36 549,720 ------w C:\WINNT\SoftwareDistribution\WebSetup\wuapi.dll
    + 2007-07-30 19:19:16 53,080 ------w C:\WINNT\SoftwareDistribution\WebSetup\wuauclt.exe
    + 2007-07-30 19:19:42 1,712,984 ------w C:\WINNT\SoftwareDistribution\WebSetup\wuaueng.dll
    + 2007-07-30 19:19:32 325,976 ------w C:\WINNT\SoftwareDistribution\WebSetup\wucltui.dll
    + 2007-07-30 19:18:40 33,624 ------w C:\WINNT\SoftwareDistribution\WebSetup\wups.dll
    + 2007-07-30 19:19:12 43,352 ------w C:\WINNT\SoftwareDistribution\WebSetup\wups2.dll
    - 2004-08-04 08:00:00 100,352 -c--a-w C:\WINNT\system32\6to4svc.dll
    + 2006-08-16 11:58:05 100,352 ----a-w C:\WINNT\system32\6to4svc.dll
    - 2006-03-04 03:58:42 1,022,976 ----a-w C:\WINNT\system32\browseui.dll
    + 2008-06-23 16:11:40 1,024,000 ----a-w C:\WINNT\system32\browseui.dll
    - 2006-03-04 03:58:42 151,040 ----a-w C:\WINNT\system32\cdfview.dll
    + 2008-06-23 16:11:40 151,040 ----a-w C:\WINNT\system32\cdfview.dll
    - 2004-08-04 08:00:00 66,560 ----a-w C:\WINNT\system32\cdm.dll
    + 2007-07-30 19:19:20 92,504 ----a-w C:\WINNT\system32\cdm.dll
    - 2006-03-04 03:58:44 1,054,208 -c--a-w C:\WINNT\system32\danim.dll
    + 2008-06-23 16:11:42 1,054,208 ----a-w C:\WINNT\system32\danim.dll
    - 2004-08-04 08:00:00 100,352 -c--a-w C:\WINNT\system32\dllcache\6to4svc.dll
    + 2006-08-16 11:58:05 100,352 -c--a-w C:\WINNT\system32\dllcache\6to4svc.dll
    - 2004-08-04 08:00:00 138,496 -c--a-w C:\WINNT\system32\dllcache\afd.sys
    + 2008-06-20 10:44:38 138,368 -c--a-w C:\WINNT\system32\dllcache\afd.sys
    - 2006-03-04 03:58:42 1,022,976 -c--a-w C:\WINNT\system32\dllcache\browseui.dll
    + 2008-06-23 16:11:40 1,024,000 -c--a-w C:\WINNT\system32\dllcache\browseui.dll
    - 2004-08-03 23:10:38 274,304 -c--a-w C:\WINNT\system32\dllcache\bthport.sys
    + 2008-06-13 13:10:50 272,128 -c--a-w C:\WINNT\system32\dllcache\bthport.sys
    - 2006-03-04 03:58:42 151,040 -c--a-w C:\WINNT\system32\dllcache\cdfview.dll
    + 2008-06-23 16:11:40 151,040 -c--a-w C:\WINNT\system32\dllcache\cdfview.dll
    - 2004-08-04 08:00:00 66,560 -c--a-w C:\WINNT\system32\dllcache\cdm.dll
    + 2007-07-30 19:19:20 92,504 -c--a-w C:\WINNT\system32\dllcache\cdm.dll
    - 2006-03-04 03:58:44 1,054,208 -c--a-w C:\WINNT\system32\dllcache\danim.dll
    + 2008-06-23 16:11:42 1,054,208 -c--a-w C:\WINNT\system32\dllcache\danim.dll
    - 2004-08-04 08:00:00 561,179 -c--a-w C:\WINNT\system32\dllcache\dao360.dll
    + 2008-03-25 04:50:25 554,008 -c--a-w C:\WINNT\system32\dllcache\dao360.dll
    - 2004-08-04 08:00:00 148,480 -c--a-w C:\WINNT\system32\dllcache\dnsapi.dll
    + 2008-06-20 17:41:10 148,992 -c--a-w C:\WINNT\system32\dllcache\dnsapi.dll
    - 2004-08-04 08:00:00 357,888 -c--a-w C:\WINNT\system32\dllcache\dxtmsft.dll
    + 2008-06-23 16:11:43 357,888 -c--a-w C:\WINNT\system32\dllcache\dxtmsft.dll
    - 2006-03-04 03:58:44 205,312 -c--a-w C:\WINNT\system32\dllcache\dxtrans.dll
    + 2008-06-23 16:11:43 205,312 -c--a-w C:\WINNT\system32\dllcache\dxtrans.dll
    - 2005-07-26 04:39:45 243,200 -c--a-w C:\WINNT\system32\dllcache\es.dll
    + 2008-07-07 20:32:22 253,952 -c--a-w C:\WINNT\system32\dllcache\es.dll
    - 2006-03-04 03:58:44 55,808 -c--a-w C:\WINNT\system32\dllcache\extmgr.dll
    + 2008-06-23 16:11:43 55,808 -c--a-w C:\WINNT\system32\dllcache\extmgr.dll
    - 2004-08-04 08:00:00 18,432 -c--a-w C:\WINNT\system32\dllcache\iedw.exe
    + 2008-06-23 09:53:58 18,432 -c--a-w C:\WINNT\system32\dllcache\iedw.exe
    - 2006-03-04 03:58:44 251,904 -c--a-w C:\WINNT\system32\dllcache\iepeers.dll
    + 2008-06-23 16:11:52 251,904 -c--a-w C:\WINNT\system32\dllcache\iepeers.dll
    - 2006-03-17 09:07:17 679,424 -c--a-w C:\WINNT\system32\dllcache\inetcomm.dll
    + 2008-04-11 18:50:43 683,520 -c--a-w C:\WINNT\system32\dllcache\inetcomm.dll
    - 2006-03-04 03:58:44 96,256 -c--a-w C:\WINNT\system32\dllcache\inseng.dll
    + 2008-06-23 16:11:52 96,256 -c--a-w C:\WINNT\system32\dllcache\inseng.dll
    - 2004-08-04 08:00:00 450,560 -c--a-w C:\WINNT\system32\dllcache\jscript.dll
    + 2007-12-18 14:40:58 450,560 -c--a-w C:\WINNT\system32\dllcache\jscript.dll
    - 2004-08-04 08:00:00 15,872 -c--a-w C:\WINNT\system32\dllcache\jsproxy.dll
    + 2008-06-23 16:11:52 16,384 -c--a-w C:\WINNT\system32\dllcache\jsproxy.dll
    - 2004-08-04 08:00:00 331,776 -c--a-w C:\WINNT\system32\dllcache\msadce.dll
    + 2008-05-01 14:30:33 331,776 -c--a-w C:\WINNT\system32\dllcache\msadce.dll
    - 2005-06-29 01:46:00 74,240 -c--a-w C:\WINNT\system32\dllcache\mscms.dll
    + 2008-06-24 16:23:05 74,240 -c--a-w C:\WINNT\system32\dllcache\mscms.dll
    - 2004-08-04 08:00:00 512,029 -c--a-w C:\WINNT\system32\dllcache\msexch40.dll
    + 2008-03-25 04:50:28 518,944 -c--a-w C:\WINNT\system32\dllcache\msexch40.dll
    - 2004-08-04 08:00:00 319,517 -c--a-w C:\WINNT\system32\dllcache\msexcl40.dll
    + 2008-03-25 04:50:30 326,432 -c--a-w C:\WINNT\system32\dllcache\msexcl40.dll
    - 2006-03-23 20:31:39 3,055,616 -c--a-w C:\WINNT\system32\dllcache\mshtml.dll
    + 2008-06-23 16:11:58 3,067,392 -c--a-w C:\WINNT\system32\dllcache\mshtml.dll
    - 2006-03-04 03:58:48 448,512 -c--a-w C:\WINNT\system32\dllcache\mshtmled.dll
    + 2008-06-23 16:12:00 449,024 -c--a-w C:\WINNT\system32\dllcache\mshtmled.dll
    - 2004-08-04 08:00:00 1,507,356 -c--a-w C:\WINNT\system32\dllcache\msjet40.dll
    + 2008-03-25 04:50:34 1,516,568 -c--a-w C:\WINNT\system32\dllcache\msjet40.dll
    - 2004-08-04 08:00:00 358,976 -c--a-w C:\WINNT\system32\dllcache\msjetol1.dll
    + 2008-03-25 04:50:40 355,112 -c--a-w C:\WINNT\system32\dllcache\msjetol1.dll
    - 2004-08-04 08:00:00 151,583 -c--a-w C:\WINNT\system32\dllcache\msjint40.dll
    + 2008-03-27 08:12:54 151,583 -c--a-w C:\WINNT\system32\dllcache\msjint40.dll
    - 2004-08-04 08:00:00 53,279 -c--a-w C:\WINNT\system32\dllcache\msjter40.dll
    + 2008-03-25 04:50:42 60,192 -c--a-w C:\WINNT\system32\dllcache\msjter40.dll
    - 2004-08-04 08:00:00 241,693 -c--a-w C:\WINNT\system32\dllcache\msjtes40.dll
    + 2008-03-25 04:50:42 248,608 -c--a-w C:\WINNT\system32\dllcache\msjtes40.dll
    - 2004-08-04 08:00:00 213,023 -c--a-w C:\WINNT\system32\dllcache\msltus40.dll
    + 2008-03-25 04:50:44 219,936 -c--a-w C:\WINNT\system32\dllcache\msltus40.dll
    - 2004-08-04 08:00:00 348,189 -c--a-w C:\WINNT\system32\dllcache\mspbde40.dll
    + 2008-03-25 04:50:45 355,104 -c--a-w C:\WINNT\system32\dllcache\mspbde40.dll
    - 2006-03-04 03:58:48 146,432 -c--a-w C:\WINNT\system32\dllcache\msrating.dll
    + 2008-06-23 16:12:02 146,432 -c--a-w C:\WINNT\system32\dllcache\msrating.dll
    - 2004-08-04 08:00:00 421,919 -c--a-w C:\WINNT\system32\dllcache\msrd2x40.dll
    + 2008-03-25 04:50:47 432,928 -c--a-w C:\WINNT\system32\dllcache\msrd2x40.dll
    - 2004-08-04 08:00:00 315,423 -c--a-w C:\WINNT\system32\dllcache\msrd3x40.dll
    + 2008-03-25 04:50:49 322,336 -c--a-w C:\WINNT\system32\dllcache\msrd3x40.dll
    - 2004-08-04 08:00:00 552,989 -c--a-w C:\WINNT\system32\dllcache\msrepl40.dll
    + 2008-03-25 04:50:52 559,904 -c--a-w C:\WINNT\system32\dllcache\msrepl40.dll
    - 2004-08-04 08:00:00 258,077 -c--a-w C:\WINNT\system32\dllcache\mstext40.dll
    + 2008-03-25 04:50:55 264,992 -c--a-w C:\WINNT\system32\dllcache\mstext40.dll
    - 2006-03-04 03:58:48 532,480 -c--a-w C:\WINNT\system32\dllcache\mstime.dll
    + 2008-06-23 16:12:02 532,480 -c--a-w C:\WINNT\system32\dllcache\mstime.dll
    - 2004-08-04 08:00:00 831,519 -c--a-w C:\WINNT\system32\dllcache\mswdat10.dll
    + 2008-03-25 04:50:57 838,432 -c--a-w C:\WINNT\system32\dllcache\mswdat10.dll
    - 2004-08-04 08:00:00 245,248 -c--a-w C:\WINNT\system32\dllcache\mswsock.dll
    + 2008-06-20 17:41:10 245,248 -c--a-w C:\WINNT\system32\dllcache\mswsock.dll
    - 2004-08-04 08:00:00 614,429 -c--a-w C:\WINNT\system32\dllcache\mswstr10.dll
    + 2008-03-25 04:50:58 621,344 -c--a-w C:\WINNT\system32\dllcache\mswstr10.dll
    - 2004-08-04 08:00:00 348,189 -c--a-w C:\WINNT\system32\dllcache\msxbde40.dll
    + 2008-03-25 04:50:58 355,104 -c--a-w C:\WINNT\system32\dllcache\msxbde40.dll
    - 2006-03-04 03:58:48 39,424 -c--a-w C:\WINNT\system32\dllcache\pngfilt.dll
    + 2008-06-23 16:12:02 39,424 -c--a-w C:\WINNT\system32\dllcache\pngfilt.dll
    - 2005-08-30 03:54:26 1,287,168 -c--a-w C:\WINNT\system32\dllcache\quartz.dll
    + 2008-05-07 05:18:48 1,287,680 -c--a-w C:\WINNT\system32\dllcache\quartz.dll
    - 2004-08-04 08:00:00 200,064 -c--a-w C:\WINNT\system32\dllcache\rmcast.sys
    + 2008-05-08 12:28:49 202,752 -c--a-w C:\WINNT\system32\dllcache\rmcast.sys
    - 2006-03-30 09:27:01 1,495,040 -c--a-w C:\WINNT\system32\dllcache\shdocvw.dll
    + 2008-06-23 16:12:05 1,499,136 -c--a-w C:\WINNT\system32\dllcache\shdocvw.dll
    - 2006-03-04 03:58:50 474,112 -c--a-w C:\WINNT\system32\dllcache\shlwapi.dll
    + 2008-06-23 16:12:05 474,112 -c--a-w C:\WINNT\system32\dllcache\shlwapi.dll
    - 2006-01-13 02:28:14 359,808 -c--a-w C:\WINNT\system32\dllcache\tcpip.sys
    + 2008-06-20 10:45:13 360,320 -c--a-w C:\WINNT\system32\dllcache\tcpip.sys
    - 2004-08-04 08:00:00 223,616 -c--a-w C:\WINNT\system32\dllcache\tcpip6.sys
    + 2008-06-20 09:52:06 225,920 -c--a-w C:\WINNT\system32\dllcache\tcpip6.sys
    - 2006-03-18 11:04:10 614,400 -c--a-w C:\WINNT\system32\dllcache\urlmon.dll
    + 2008-06-23 16:12:06 618,496 -c--a-w C:\WINNT\system32\dllcache\urlmon.dll
    - 2004-08-04 08:00:00 417,792 -c--a-w C:\WINNT\system32\dllcache\vbscript.dll
    + 2007-12-18 14:40:58 417,792 -c--a-w C:\WINNT\system32\dllcache\vbscript.dll
    - 2006-03-04 03:58:52 663,552 -c--a-w C:\WINNT\system32\dllcache\wininet.dll
    + 2008-06-23 16:12:08 667,136 -c--a-w C:\WINNT\system32\dllcache\wininet.dll
    - 2005-01-28 12:44:28 224,768 -c--a-w C:\WINNT\system32\dllcache\wmasf.dll
    + 2007-10-27 17:40:06 227,328 -c--a-w C:\WINNT\system32\dllcache\wmasf.dll
    - 2006-03-10 05:09:14 5,533,696 -c--a-w C:\WINNT\system32\dllcache\wmp.dll
    + 2007-04-30 08:20:24 5,537,792 -c--a-w C:\WINNT\system32\dllcache\wmp.dll
    - 2005-01-28 12:44:28 2,370,296 -c--a-w C:\WINNT\system32\dllcache\wmvcore.dll
    + 2006-12-07 05:29:34 2,374,472 -c--a-w C:\WINNT\system32\dllcache\wmvcore.dll
    - 2004-08-04 08:00:00 430,592 -c--a-w C:\WINNT\system32\dllcache\wuapi.dll
    + 2007-07-30 19:19:36 549,720 -c--a-w C:\WINNT\system32\dllcache\wuapi.dll
    - 2004-08-04 08:00:00 111,104 -c--a-w C:\WINNT\system32\dllcache\wuauclt.exe
    + 2007-07-30 19:19:16 53,080 -c--a-w C:\WINNT\system32\dllcache\wuauclt.exe
    - 2004-08-04 08:00:00 1,134,592 -c--a-w C:\WINNT\system32\dllcache\wuaueng.dll
    + 2007-07-30 19:19:42 1,712,984 -c--a-w C:\WINNT\system32\dllcache\wuaueng.dll
    - 2004-08-04 08:00:00 112,640 -c--a-w C:\WINNT\system32\dllcache\wucltui.dll
    + 2007-07-30 19:19:32 325,976 -c--a-w C:\WINNT\system32\dllcache\wucltui.dll
    - 2004-08-04 08:00:00 36,864 -c--a-w C:\WINNT\system32\dllcache\wups.dll
    + 2007-07-30 19:18:40 33,624 -c--a-w C:\WINNT\system32\dllcache\wups.dll
    - 2004-08-04 08:00:00 148,480 ----a-w C:\WINNT\system32\dnsapi.dll
    + 2008-06-20 17:41:10 148,992 ----a-w C:\WINNT\system32\dnsapi.dll
    - 2004-08-04 08:00:00 138,496 ----a-w C:\WINNT\system32\drivers\afd.sys
    + 2008-06-20 10:44:38 138,368 ----a-w C:\WINNT\system32\drivers\afd.sys
    + 2008-06-13 13:10:50 272,128 ------w C:\WINNT\system32\drivers\bthport.sys
    - 2004-08-04 08:00:00 200,064 -c--a-w C:\WINNT\system32\drivers\RMCast.sys
    + 2008-05-08 12:28:49 202,752 ----a-w C:\WINNT\system32\drivers\rmcast.sys
    - 2006-01-13 02:28:14 359,808 ----a-w C:\WINNT\system32\drivers\tcpip.sys
    + 2008-06-20 10:45:13 360,320 ----a-w C:\WINNT\system32\drivers\tcpip.sys
    - 2004-08-04 08:00:00 223,616 -c--a-w C:\WINNT\system32\drivers\tcpip6.sys
    + 2008-06-20 09:52:06 225,920 ----a-w C:\WINNT\system32\drivers\tcpip6.sys
    - 2004-08-04 08:00:00 357,888 ----a-w C:\WINNT\system32\dxtmsft.dll
    + 2008-06-23 16:11:43 357,888 ----a-w C:\WINNT\system32\dxtmsft.dll
    - 2006-03-04 03:58:44 205,312 ----a-w C:\WINNT\system32\dxtrans.dll
    + 2008-06-23 16:11:43 205,312 ----a-w C:\WINNT\system32\dxtrans.dll
    - 2006-03-04 03:58:44 55,808 -c--a-w C:\WINNT\system32\extmgr.dll
    + 2008-06-23 16:11:43 55,808 ----a-w C:\WINNT\system32\extmgr.dll
    - 2005-03-17 13:39:58 1,146,320 ----a-w C:\WINNT\system32\FM20.DLL
    + 2007-06-06 10:53:34 1,195,888 ----a-w C:\WINNT\system32\FM20.DLL
    - 2003-07-14 21:57:04 32,584 ----a-w C:\WINNT\system32\FM20ENU.DLL
    + 2007-03-22 19:17:04 35,440 ----a-w C:\WINNT\system32\FM20ENU.DLL
    - 2008-02-14 14:49:08 313,656 ----a-w C:\WINNT\system32\FNTCACHE.DAT
    + 2008-09-02 21:35:15 313,656 ----a-w C:\WINNT\system32\FNTCACHE.DAT
    - 2006-03-04 03:58:44 251,904 ----a-w C:\WINNT\system32\iepeers.dll
    + 2008-06-23 16:11:52 251,904 ----a-w C:\WINNT\system32\iepeers.dll
    - 2006-03-17 09:07:17 679,424 -c--a-w C:\WINNT\system32\inetcomm.dll
    + 2008-04-11 18:50:43 683,520 ----a-w C:\WINNT\system32\inetcomm.dll
    - 2006-03-04 03:58:44 96,256 -c--a-w C:\WINNT\system32\inseng.dll
    + 2008-06-23 16:11:52 96,256 ----a-w C:\WINNT\system32\inseng.dll
    - 2004-08-04 08:00:00 450,560 ----a-w C:\WINNT\system32\jscript.dll
    + 2007-12-18 14:40:58 450,560 ----a-w C:\WINNT\system32\jscript.dll
    - 2004-08-04 08:00:00 15,872 -c--a-w C:\WINNT\system32\jsproxy.dll
    + 2008-06-23 16:11:52 16,384 ----a-w C:\WINNT\system32\jsproxy.dll
    + 2008-03-20 18:06:36 1,480,232 ------w C:\WINNT\system32\LegitCheckControl.dll
    - 2004-03-22 14:17:06 24,816 ----a-w C:\WINNT\system32\mdimon.dll
    + 2007-04-09 13:23:54 28,040 ----a-w C:\WINNT\system32\mdimon.dll
    - 2008-06-25 09:15:48 17,972,344 ----a-w C:\WINNT\system32\MRT.exe
    + 2008-08-05 18:11:01 15,888,504 ----a-w C:\WINNT\system32\MRT.exe
    - 2005-09-23 06:28:52 270,848 ----a-w C:\WINNT\system32\mscoree.dll
    + 2006-12-22 12:28:14 271,360 ----a-w C:\WINNT\system32\mscoree.dll
    - 2004-08-04 08:00:00 512,029 -c--a-w C:\WINNT\system32\msexch40.dll
    + 2008-03-25 04:50:28 518,944 ----a-w C:\WINNT\system32\msexch40.dll
    - 2004-08-04 08:00:00 319,517 -c--a-w C:\WINNT\system32\msexcl40.dll
    + 2008-03-25 04:50:30 326,432 ----a-w C:\WINNT\system32\msexcl40.dll
    - 2006-03-23 20:31:39 3,055,616 ----a-w C:\WINNT\system32\mshtml.dll
    + 2008-06-23 16:11:58 3,067,392 ----a-w C:\WINNT\system32\mshtml.dll
    - 2006-03-04 03:58:48 448,512 ----a-w C:\WINNT\system32\mshtmled.dll
    + 2008-06-23 16:12:00 449,024 ----a-w C:\WINNT\system32\mshtmled.dll
    - 2004-08-04 08:00:00 1,507,356 ----a-w C:\WINNT\system32\msjet40.dll
    + 2008-03-25 04:50:34 1,516,568 ----a-w C:\WINNT\system32\msjet40.dll
    - 2004-08-04 08:00:00 358,976 ----a-w C:\WINNT\system32\msjetoledb40.dll
    + 2008-03-25 04:50:40 355,112 ----a-w C:\WINNT\system32\msjetoledb40.dll
    - 2004-08-04 08:00:00 151,583 ----a-w C:\WINNT\system32\msjint40.dll
    + 2008-03-27 08:12:54 151,583 ----a-w C:\WINNT\system32\msjint40.dll
    - 2004-08-04 08:00:00 53,279 ----a-w C:\WINNT\system32\msjter40.dll
    + 2008-03-25 04:50:42 60,192 ----a-w C:\WINNT\system32\msjter40.dll
    - 2004-08-04 08:00:00 241,693 ----a-w C:\WINNT\system32\msjtes40.dll
    + 2008-03-25 04:50:42 248,608 ----a-w C:\WINNT\system32\msjtes40.dll
    - 2004-08-04 08:00:00 213,023 -c--a-w C:\WINNT\system32\msltus40.dll
    + 2008-03-25 04:50:44 219,936 ----a-w C:\WINNT\system32\msltus40.dll
    - 2004-08-04 08:00:00 348,189 -c--a-w C:\WINNT\system32\mspbde40.dll
    + 2008-03-25 04:50:45 355,104 ----a-w C:\WINNT\system32\mspbde40.dll
    - 2006-03-04 03:58:48 146,432 ----a-w C:\WINNT\system32\msrating.dll
    + 2008-06-23 16:12:02 146,432 ----a-w C:\WINNT\system32\msrating.dll
    - 2004-08-04 08:00:00 421,919 -c--a-w C:\WINNT\system32\msrd2x40.dll
    + 2008-03-25 04:50:47 432,928 ----a-w C:\WINNT\system32\msrd2x40.dll
    - 2004-08-04 08:00:00 315,423 -c--a-w C:\WINNT\system32\msrd3x40.dll
    + 2008-03-25 04:50:49 322,336 ----a-w C:\WINNT\system32\msrd3x40.dll
    - 2004-08-04 08:00:00 552,989 -c--a-w C:\WINNT\system32\msrepl40.dll
    + 2008-03-25 04:50:52 559,904 ----a-w C:\WINNT\system32\msrepl40.dll
    - 2004-08-04 08:00:00 258,077 -c--a-w C:\WINNT\system32\mstext40.dll
    + 2008-03-25 04:50:55 264,992 ----a-w C:\WINNT\system32\mstext40.dll
    - 2006-03-04 03:58:48 532,480 ----a-w C:\WINNT\system32\mstime.dll
    + 2008-06-23 16:12:02 532,480 ----a-w C:\WINNT\system32\mstime.dll
    - 2004-08-04 08:00:00 831,519 ----a-w C:\WINNT\system32\mswdat10.dll
    + 2008-03-25 04:50:57 838,432 ----a-w C:\WINNT\system32\mswdat10.dll
    - 2004-08-04 08:00:00 614,429 ----a-w C:\WINNT\system32\mswstr10.dll
    + 2008-03-25 04:50:58 621,344 ----a-w C:\WINNT\system32\mswstr10.dll
    - 2004-08-04 08:00:00 348,189 -c--a-w C:\WINNT\system32\msxbde40.dll
    + 2008-03-25 04:50:58 355,104 ----a-w C:\WINNT\system32\msxbde40.dll
    - 2003-04-18 16:46:22 1,233,920 ----a-w C:\WINNT\system32\msxml4.dll
    + 2007-05-08 15:03:04 1,275,392 ----a-w C:\WINNT\system32\msxml4.dll
    - 2006-12-04 14:37:58 1,317,648 ----a-w C:\WINNT\system32\msxml6.dll
    + 2007-05-15 15:43:10 1,320,800 ----a-w C:\WINNT\system32\msxml6.dll
    + 2007-07-30 19:19:10 271,224 ----a-w C:\WINNT\system32\mucltui.dll
    - 2005-09-23 06:29:00 6,144 -c--a-w C:\WINNT\system32\mui\0409\mscorees.dll
    + 2006-12-22 13:02:36 6,144 ----a-w C:\WINNT\system32\mui\0409\mscorees.dll
    - 2006-03-04 03:58:48 39,424 ----a-w C:\WINNT\system32\pngfilt.dll
    + 2008-06-23 16:12:02 39,424 ----a-w C:\WINNT\system32\pngfilt.dll
    - 2005-08-30 03:54:26 1,287,168 ----a-w C:\WINNT\system32\quartz.dll
    + 2008-05-07 05:18:48 1,287,680 ----a-w C:\WINNT\system32\quartz.dll
    - 2006-03-30 09:27:01 1,495,040 ----a-w C:\WINNT\system32\shdocvw.dll
    + 2008-06-23 16:12:05 1,499,136 ----a-w C:\WINNT\system32\shdocvw.dll
    - 2006-03-04 03:58:50 474,112 ----a-w C:\WINNT\system32\shlwapi.dll
    + 2008-06-23 16:12:05 474,112 ----a-w C:\WINNT\system32\shlwapi.dll
    + 2007-07-30 19:19:36 549,720 ----a-w C:\WINNT\system32\SoftwareDistribution\Setup\ServiceStartup\wuapi.dll\7.0.6000.381\wuapi.dll
    + 2007-07-30 19:18:40 33,624 ----a-w C:\WINNT\system32\SoftwareDistribution\Setup\ServiceStartup\wups.dll\7.0.6000.381\wups.dll
    - 2006-10-08 21:51:14 14,640 ----a-w C:\WINNT\system32\spmsg.dll
    + 2007-11-30 12:39:22 17,272 ------w C:\WINNT\system32\spmsg.dll
    - 2004-03-22 14:17:04 765,680 ----a-w C:\WINNT\system32\spool\drivers\w32x86\3\mdigraph.dll
    + 2007-04-09 13:24:04 758,664 ----a-w C:\WINNT\system32\spool\drivers\w32x86\3\mdigraph.dll
    - 2004-03-22 14:17:10 42,224 ----a-w C:\WINNT\system32\spool\drivers\w32x86\3\mdiui.dll
    + 2007-04-09 13:23:58 46,472 ----a-w C:\WINNT\system32\spool\drivers\w32x86\3\mdiui.dll
    - 2004-03-22 14:17:04 765,680 -c--a-w C:\WINNT\system32\spool\drivers\w32x86\mdigraph.dll
    + 2007-04-09 13:24:04 758,664 ----a-w C:\WINNT\system32\spool\drivers\w32x86\mdigraph.dll
    - 2004-03-22 14:17:10 42,224 -c--a-w C:\WINNT\system32\spool\drivers\w32x86\mdiui.dll
    + 2007-04-09 13:23:58 46,472 ----a-w C:\WINNT\system32\spool\drivers\w32x86\mdiui.dll
    - 2004-03-22 14:17:08 25,840 ----a-w C:\WINNT\system32\spool\prtprocs\w32x86\mdippr.dll
    + 2007-04-09 13:23:54 28,552 ----a-w C:\WINNT\system32\spool\prtprocs\w32x86\mdippr.dll
    + 2008-07-14 11:09:18 62,976 ------w C:\WINNT\system32\tzchange.exe
    - 2006-03-18 11:04:10 614,400 ----a-w C:\WINNT\system32\urlmon.dll
    + 2008-06-23 16:12:06 618,496 ----a-w C:\WINNT\system32\urlmon.dll
    - 2004-08-04 08:00:00 417,792 ----a-w C:\WINNT\system32\vbscript.dll
    + 2007-12-18 14:40:58 417,792 ----a-w C:\WINNT\system32\vbscript.dll
    - 2005-01-28 12:44:28 224,768 ----a-w C:\WINNT\system32\wmasf.dll
    + 2007-10-27 17:40:06 227,328 ----a-w C:\WINNT\system32\wmasf.dll
    - 2006-03-10 05:09:14 5,533,696
    3 Septembre 2008 21:18:13

    les logs HiJackThis:
    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 19:18:21, on 03/09/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    C:\WINNT\System32\smss.exe
    C:\WINNT\system32\winlogon.exe
    C:\WINNT\system32\services.exe
    C:\WINNT\system32\lsass.exe
    C:\WINNT\system32\ibmpmsvc.exe
    C:\WINNT\system32\Ati2evxx.exe
    C:\WINNT\system32\svchost.exe
    C:\WINNT\System32\svchost.exe
    C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
    C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
    C:\WINNT\system32\spoolsv.exe
    C:\Program Files\a-squared Anti-Malware\a2service.exe
    C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
    c:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe
    C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
    C:\Program Files\Network Associates\McAfee Desktop Firewall for Windows XP\FireSvc.exe
    C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
    C:\Program Files\Network Associates\VirusScan\mcshield.exe
    C:\Program Files\Network Associates\VirusScan\vstskmgr.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\program files\lotus\notes\ntmulti.exe
    C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
    C:\WINNT\system32\svchost.exe
    C:\WINNT\System32\TPHDEXLG.EXE
    C:\WINNT\system32\TpKmpSVC.exe
    C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
    C:\Program Files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe
    C:\WINNT\system32\Ati2evxx.exe
    C:\WINNT\system32\wscntfy.exe
    C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    C:\Program Files\Nokia\Nokia Software Launcher\NSLauncher.exe
    C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
    C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
    C:\WINNT\system32\ctfmon.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Program Files\Skype\Phone\Skype.exe
    C:\Program Files\Babylon\Babylon-Pro\Babylon.exe
    C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe
    C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe
    C:\Program Files\Digital Line Detect\DLG.exe
    C:\lotus\organize\easyclip.exe
    C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
    C:\Program Files\Yahoo!\Widgets\YahooWidgetEngine.exe
    C:\Program Files\Yahoo!\Widgets\YahooWidgetEngine.exe
    C:\Program Files\Yahoo!\Widgets\YahooWidgetEngine.exe
    C:\Program Files\Yahoo!\Widgets\YahooWidgetEngine.exe
    C:\Program Files\Skype\Plugin Manager\skypePM.exe
    C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
    C:\WINNT\explorer.exe
    C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
    C:\Program Files\PC Connectivity Solution\Transports\NclIrSrv.exe
    C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\WINNT\system32\NOTEPAD.EXE
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
    O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
    O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINNT\System32\DLA\DLASHX_W.DLL
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    O4 - HKLM\..\Run: [NSLauncher] C:\Program Files\Nokia\Nokia Software Launcher\NSLauncher.exe /startup
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
    O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINNT\system32\ctfmon.exe
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
    O4 - HKCU\..\Run: [Babylon Translator] C:\Program Files\Babylon\Babylon-Pro\Babylon.exe
    O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe" -onlytray
    O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] "C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" /NoDialog (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [Nokia.PCSync] "C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" /NoDialog (User 'Default user')
    O4 - Startup: Yahoo! Widget Engine.lnk = C:\Program Files\Yahoo!\Widgets\YahooWidgetEngine.exe
    O4 - Global Startup: Bluetooth.lnk = ?
    O4 - Global Startup: Digital Line Detect.lnk = ?
    O4 - Global Startup: Lotus Organizer EasyClip.lnk = ?
    O4 - Global Startup: Lotus QuickStart.lnk = ?
    O4 - Global Startup: VPN Client.lnk = ?
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O8 - Extra context menu item: Send To &Bluetooth - c:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm
    O8 - Extra context menu item: Translate with &Babylon - res://C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/Translate.htm
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O14 - IERESET.INF: START_PAGE_URL=http://inside.abb.com
    O15 - Trusted Zone: http://*.mcafee.com
    O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie....
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Co...
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
    O20 - Winlogon Notify: ACNotify - ACNotify.dll (file missing)
    O23 - Service: a-squared Anti-Malware Service (a2AntiMalware) - Emsi Software GmbH - C:\Program Files\a-squared Anti-Malware\a2service.exe
    O23 - Service: Ac Profile Manager Service (AcPrfMgrSvc) - Unknown owner - C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
    O23 - Service: Access Connections Main Service (AcSvc) - Lenovo - C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINNT\system32\Ati2evxx.exe
    O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - c:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe
    O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
    O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
    O23 - Service: McAfee Desktop Firewall Service (FireSvc) - McAfee, Inc. - C:\Program Files\Network Associates\McAfee Desktop Firewall for Windows XP\FireSvc.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: ThinkPad PM Service (IBMPMSVC) - Unknown owner - C:\WINNT\system32\ibmpmsvc.exe
    O23 - Service: Tivoli Endpoint (lcfd) - Unknown owner - C:\Tivoli\lcf\bin\w32-ix86\mrt\lcfd.exe
    O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
    O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\mcshield.exe
    O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\vstskmgr.exe
    O23 - Service: Multi-user Cleanup Service - IBM Corp - C:\program files\lotus\notes\ntmulti.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINNT\system32\HPZipm12.exe
    O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
    O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
    O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
    O23 - Service: ThinkPad HDD APS Logging Service (TPHDEXLGSVC) - Lenovo. - C:\WINNT\System32\TPHDEXLG.EXE
    O23 - Service: IBM KCU Service (TpKmpSVC) - Unknown owner - C:\WINNT\system32\TpKmpSVC.exe

    --
    End of file - 10089 bytes
    3 Septembre 2008 21:33:41

    re
    le rapport ComboFix n'est toujours pas complet.
    mais au vu de ton rapport hijackthis, je ne préfère pas que tu repasses l'outil. (ça ne me semble pas nécessaire)

    ~Fais une analyse antivirus en ligne sur le site de Kaspersky
    http://www.kaspersky.com/kos/eng/partner/default/kavweb...

    * Clique sur Accept
    * Une barre jaune va te demander si tu acceptes d'installer le Kavwebscan_Unicode.cab, installe l'Active X.
    * clique une nouvelle fois sur "Accept"
    * Les bases de mises à jour vont s'installer, patiente un moment
    * Clique sur Next.
    * Clique sur My Computer, le scan se met en route; attends la fin du scan sans fermer la fenêtre sinon il s'arrêtera.
    * Poste le rapport de scan.
    6 Septembre 2008 00:44:20

    Friday, September 5, 2008
    Operating System: Microsoft Windows XP Professional Service Pack 2 (build 2600)
    Kaspersky Online Scanner 7 version: 7.0.25.0
    Program database last update: Friday, September 05, 2008 17:23:56
    Records in database: 1194745


    Scan settings
    Scan using the following database extended
    Scan archives yes
    Scan mail databases yes

    Scan area My Computer
    C:\
    D:\
    F:\

    Scan statistics
    Files scanned 94988
    Threat name 9
    Infected objects 10
    Suspicious objects 0
    Duration of the scan 02:24:12

    File name Threat name Threats count
    C:\Documents and Settings\Administrator\Desktop\antivirus foder\ASE_Setup_Free_fr.exe Infected: not-a-virus:FraudTool.Win32.AntiSpywareExpert.ab 1

    C:\Documents and Settings\Administrator\Desktop\antivirus foder\install_4887_MHwyMHwxMDAwMDAwMDAwfHx8fHx8fHw_.exe Infected: not-a-virus:FraudTool.Win32.UltimateAntivirus.ap 1

    C:\Documents and Settings\Administrator\Desktop\antivirus foder\install_4887_MHwyMHwxMDAwMDAwMDAwfHx8fHx8fHw_.exe Infected: not-a-virus:FraudTool.Win32.UltimateAntivirus.an 1

    C:\Documents and Settings\Administrator\Desktop\forum\ZEBRESTORE\[4]-Submit_2008-07-31@13.11.zip Infected: Trojan.Win32.Monder.avp 1

    C:\QooBox\Quarantine\C\temp\Av-test.txt.vir Infected: EICAR-Test-File 1

    C:\QooBox\Quarantine\C\WINNT\system32\clbdll.dll.vir.vir Infected: Rootkit.Win32.Clbd.gq 1

    C:\QooBox\Quarantine\C\WINNT\system32\drivers\Winxf75.sys.zip Infected: Trojan-Downloader.Win32.Mutant.aim 1

    C:\QooBox\Quarantine\C\WINNT\system32\WinCtrl32.dll.vir Infected: Trojan-Downloader.Win32.Mutant.asj 1

    C:\quarantine\clbdll.dll.Vir Infected: Rootkit.Win32.Clbd.gq 1

    C:\WINNT\system32\poofmemr.dll Infected: Trojan.Win32.Monder.bhs 1

    The selected area was scanned.
    7 Septembre 2008 22:09:57

    Bonjour Sham_Rock,
    Les suppressions ont été faites, les MAJ windows aussi. Ci-dessous les logs HiJackThis:
    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 20:09:52, on 07/09/2008
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16705)
    Boot mode: Normal

    Running processes:
    C:\WINNT\System32\smss.exe
    C:\WINNT\system32\winlogon.exe
    C:\WINNT\system32\services.exe
    C:\WINNT\system32\lsass.exe
    C:\WINNT\system32\ibmpmsvc.exe
    C:\WINNT\system32\Ati2evxx.exe
    C:\WINNT\system32\svchost.exe
    C:\WINNT\System32\svchost.exe
    C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
    C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
    C:\WINNT\system32\spoolsv.exe
    C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
    c:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe
    C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
    C:\Program Files\Network Associates\McAfee Desktop Firewall for Windows XP\FireSvc.exe
    C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
    C:\Program Files\Network Associates\VirusScan\mcshield.exe
    C:\Program Files\Network Associates\VirusScan\vstskmgr.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\program files\lotus\notes\ntmulti.exe
    C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
    C:\WINNT\system32\svchost.exe
    C:\WINNT\System32\TPHDEXLG.EXE
    C:\WINNT\system32\TpKmpSVC.exe
    C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
    C:\Program Files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe
    C:\WINNT\system32\wscntfy.exe
    C:\WINNT\system32\Ati2evxx.exe
    C:\WINNT\Explorer.EXE
    C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    C:\Program Files\Nokia\Nokia Software Launcher\NSLauncher.exe
    C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
    C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
    C:\WINNT\system32\ctfmon.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
    C:\Program Files\Skype\Phone\Skype.exe
    C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe
    C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe
    C:\Program Files\Digital Line Detect\DLG.exe
    C:\lotus\organize\easyclip.exe
    C:\Program Files\Yahoo!\Widgets\YahooWidgetEngine.exe
    C:\Program Files\Yahoo!\Widgets\YahooWidgetEngine.exe
    C:\Program Files\Yahoo!\Widgets\YahooWidgetEngine.exe
    C:\Program Files\Yahoo!\Widgets\YahooWidgetEngine.exe
    C:\Program Files\Skype\Plugin Manager\skypePM.exe
    C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
    C:\Program Files\Common Files\Real\Update_OB\RealOneMessageCenter.exe
    C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
    C:\Program Files\PC Connectivity Solution\Transports\NclIrSrv.exe
    C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\WINNT\system32\wuauclt.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
    O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
    O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINNT\System32\DLA\DLASHX_W.DLL
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    O4 - HKLM\..\Run: [NSLauncher] C:\Program Files\Nokia\Nokia Software Launcher\NSLauncher.exe /startup
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
    O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINNT\system32\ctfmon.exe
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
    O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe" -onlytray
    O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] "C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" /NoDialog (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [Nokia.PCSync] "C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" /NoDialog (User 'Default user')
    O4 - Startup: Yahoo! Widget Engine.lnk = C:\Program Files\Yahoo!\Widgets\YahooWidgetEngine.exe
    O4 - Global Startup: Bluetooth.lnk = ?
    O4 - Global Startup: Digital Line Detect.lnk = ?
    O4 - Global Startup: Lotus Organizer EasyClip.lnk = ?
    O4 - Global Startup: Lotus QuickStart.lnk = ?
    O4 - Global Startup: VPN Client.lnk = ?
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O8 - Extra context menu item: Send To &Bluetooth - c:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm
    O8 - Extra context menu item: Translate with &Babylon - res://C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/Translate.htm
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINNT\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINNT\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O14 - IERESET.INF: START_PAGE_URL=http://inside.abb.com
    O15 - Trusted Zone: http://*.mcafee.com
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Co...
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
    O20 - Winlogon Notify: ACNotify - ACNotify.dll (file missing)
    O23 - Service: Ac Profile Manager Service (AcPrfMgrSvc) - Unknown owner - C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
    O23 - Service: Access Connections Main Service (AcSvc) - Lenovo - C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINNT\system32\Ati2evxx.exe
    O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - c:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe
    O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
    O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
    O23 - Service: McAfee Desktop Firewall Service (FireSvc) - McAfee, Inc. - C:\Program Files\Network Associates\McAfee Desktop Firewall for Windows XP\FireSvc.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: ThinkPad PM Service (IBMPMSVC) - Unknown owner - C:\WINNT\system32\ibmpmsvc.exe
    O23 - Service: Tivoli Endpoint (lcfd) - Unknown owner - C:\Tivoli\lcf\bin\w32-ix86\mrt\lcfd.exe
    O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
    O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\mcshield.exe
    O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\vstskmgr.exe
    O23 - Service: Multi-user Cleanup Service - IBM Corp - C:\program files\lotus\notes\ntmulti.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINNT\system32\HPZipm12.exe
    O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
    O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
    O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
    O23 - Service: ThinkPad HDD APS Logging Service (TPHDEXLGSVC) - Lenovo. - C:\WINNT\System32\TPHDEXLG.EXE
    O23 - Service: IBM KCU Service (TpKmpSVC) - Unknown owner - C:\WINNT\system32\TpKmpSVC.exe

    --
    End of file - 10503 bytes
    8 Septembre 2008 20:40:08

    bonsoir
    Supprime tous les programmes installés pour la désinfection.


    Merci de consulter ce dossier (en pdf) pour en connaître davantage sur les risques du Net.



    Si tu trouves ce document intéressant, n'hésite pas à le transmettre à tes contacts.

    Si tu en as assez d'être assailli de publicités durant ta navigation, installe Firefox sécurisé avec les extensions noscript et AdBlock Plus.

    ~Edite ton premier message (en cliquant sur la gomme) et marque [résolu] dans le titre.

    :hello: 
    10 Septembre 2008 00:25:22

    Merci à tous pour votre aide précieuse
    10 Septembre 2008 18:41:47

    de rien
    bon surf
    :hello: 
    Tom's guide dans le monde
    • Allemagne
    • Italie
    • Irlande
    • Royaume Uni
    • Etats Unis
    Suivre Tom's Guide
    Inscrivez-vous à la Newsletter
    • ajouter à twitter
    • ajouter à facebook
    • ajouter un flux RSS