Se connecter / S'enregistrer
Votre question

Fenêtres intempestives sans cesse!!!!

Tags :
  • Fenêtre intempestive
  • Sécurité
Dernière réponse : dans Sécurité et virus
19 Mai 2008 21:16:55

Bonsoir à tous,

Des fenêtres de publicité apparaissent en permance et me rendent dingue!!!!

Pouvez-vous m'aider svp?

Voici le rapport Hijackthis:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:15:08, on 19/05/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\System32\FTRTSVC.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\dllcache\ibmpsw.exe
C:\INOCULAN\InoRpc.exe
C:\INOCULAN\InoRT.exe
C:\INOCULAN\InoTask.exe
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\WINDOWS\LogWatNT.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\SVCHOST.EXE
C:\Program Files\Microsoft SQL Server\MSSQL\Binn\sqlservr.exe
C:\WINDOWS\System32\ScsiAccess.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
c:\_integra\bin\ccmagent.exe
C:\Program Files\VNC\WinVNC\WinVNC.exe
C:\WINDOWS\system32\svchoST.exe
c:\_integra\bin\shstart.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\pctspk.exe
C:\WINDOWS\system32\atiptaxx.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\PROGRA~1\Wanadoo\TaskBarIcon.exe
C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\ZTE Corporation\ZXDSL852\CnxDslTb.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\inetsrv\sdhost.exe
C:\PROGRA~1\Wanadoo\EspaceWanadoo.exe
C:\Program Files\Svconr\Svconr.exe
C:\Program Files\JavaCore\JavaCore.exe
C:\Documents and Settings\lb.DOREC000\Application Data\SpeedRunner\SpeedRunner.exe
C:\Documents and Settings\lb.DOREC000\Application Data\Microsoft\Windows\nxhvt.exe
C:\WINDOWS\WNSXS~1\explorer.exe
C:\PROGRA~1\Wanadoo\ComComp.exe
C:\Program Files\??crosoft\m?config.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\PROGRA~1\Wanadoo\Toaster.exe
C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\backWeb-7288971.exe
C:\PROGRA~1\Wanadoo\Inactivity.exe
C:\PROGRA~1\Wanadoo\PollingModule.exe
C:\WINDOWS\System32\ALERTM~1\ALERTM~1.EXE
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\microsoft sql server\80\tools\binn\sqlmangr.exe
C:\PROGRA~1\Wanadoo\Watch.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\mrofinu.exe
C:\WINDOWS\system32\dllcache\wintcps.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\PROGRA~1\WinZip\winzip32.exe
C:\DOCUME~1\LBA999~1.DOR\LOCALS~1\Temp\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Wanadoo
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
F2 - REG:system.ini: UserInit=c:\windows\system32\userinit.exe,c:\_integra\bin\shstart.exe
O1 - Hosts: 128.45.0.11 NSRECY1
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {B6D231F4-A54C-A593-11E7-A78F74522F94} - C:\WINDOWS\system32\pqybqgt.dll
O4 - HKLM\..\Run: [Realtime Monitor] C:\INOCULAN\realmon.exe
O4 - HKLM\..\Run: [PCTVOICE] pctspk.exe
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
O4 - HKLM\..\Run: [CCM User Profile Manager] "c:\_integra\upm\bin\CCM_User.exe"
O4 - HKLM\..\Run: [WinVNC] "C:\Program Files\VNC\WinVNC\WinVNC.exe" -servicehelper
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\GestMaj.exe TaskBarIcon.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [CnxDslTaskBar] "C:\Program Files\ZTE Corporation\ZXDSL852\CnxDslTb.exe" "ZTE Corporation\ZXDSL852"
O4 - HKLM\..\Run: [Server Daemon Host Manager] C:\WINDOWS\system32\inetsrv\sdhost.exe
O4 - HKLM\..\Run: [runner1] C:\WINDOWS\mrofinu1001186.exe 61A847B5BBF72813329B39577AFF01F0B3E35B6638993F4661AA4EBD86D67C56389B284534F310F3D293314D6ECF32257895769ABCF75D7551F765142DAF48BD87822212339A30506CAC59B6
O4 - HKLM\..\RunServices: [Server Daemon Host Manager] C:\WINDOWS\system32\inetsrv\sdhost.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\GestMaj.exe EspaceWanadoo.exe
O4 - HKCU\..\Run: [Server Daemon Host Manager] C:\WINDOWS\system32\inetsrv\sdhost.exe
O4 - HKCU\..\Run: [Svconr] C:\Program Files\Svconr\Svconr.exe
O4 - HKCU\..\Run: [JavaCore] C:\Program Files\\JavaCore\\JavaCore.exe
O4 - HKCU\..\Run: [SpeedRunner] C:\Documents and Settings\lb.DOREC000\Application Data\SpeedRunner\SpeedRunner.exe
O4 - HKCU\..\Run: [SfKg6wIP] C:\Documents and Settings\lb.DOREC000\Application Data\Microsoft\Windows\nxhvt.exe
O4 - HKCU\..\Run: [Asba] "C:\WINDOWS\WNSXS~1\explorer.exe" -vt yazb
O4 - HKCU\..\Run: [Hsohaqi] "C:\Program Files\??crosoft\m?config.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Démarrage rapide du logiciel HP Image Zone.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: KODAK Software Updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\backWeb-7288971.exe
O4 - Global Startup: Logiciel Kodak EasyShare.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Service Manager.lnk = C:\Program Files\microsoft sql server\80\tools\binn\sqlmangr.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Wanadoo - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - http://www.wanadoo.fr (file missing) (HKCU)
O16 - DPF: {3A5A2021-0895-11D2-8817-0060089E0724} (GlobalEnglish Learning Technology) - http://corp.globalenglish.com/html/setup/cabs/ge.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = esp.arcelor.com
O17 - HKLM\Software\..\Telephony: DomainName = esp.arcelor.com
O17 - HKLM\System\CCS\Services\Tcpip\..\{945E8E45-3AC6-40E8-865B-ED64CCCF4521}: NameServer = 80.10.246.1 81.253.149.2
O17 - HKLM\System\CCS\Services\Tcpip\..\{AC51CD88-348C-41EC-8303-EF84C65AF366}: Domain = esp.arcelor.com
O17 - HKLM\System\CCS\Services\Tcpip\..\{AC51CD88-348C-41EC-8303-EF84C65AF366}: NameServer = 128.45.0.11,128.45.0.31
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = esp.arcelor.com
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = esp.arcelor.com,esp.arcelor.agn,recyfin.arcelor.com,arcelor.agn,sidmar.be,usinor.com,sidmar.agn
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = esp.arcelor.com,esp.arcelor.agn,recyfin.arcelor.com,arcelor.agn,sidmar.be,usinor.com,sidmar.agn
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
O23 - Service: IBM Access Driver Control - Unknown owner - C:\WINDOWS\system32\dllcache\ibmpsw.exe
O23 - Service: IMAPI CD-Burning COM Service (ImapiService) - Roxio Inc. - C:\WINDOWS\System32\ImapiRox.exe
O23 - Service: eTrust Antivirus RPC Server (InoRPC) - Computer Associates International, Inc. - C:\INOCULAN\InoRpc.exe
O23 - Service: eTrust Antivirus Realtime Server (InoRT) - Computer Associates International, Inc. - C:\INOCULAN\InoRT.exe
O23 - Service: eTrust Antivirus Job Server (InoTask) - Computer Associates International, Inc. - C:\INOCULAN\InoTask.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: Event Log Watch (LogWatch) - Unknown owner - C:\WINDOWS\LogWatNT.exe
O23 - Service: Microsoft Windows TCP Protocol - Unknown owner - C:\WINDOWS\system32\dllcache\wintcps.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: ScsiAccess - Unknown owner - C:\WINDOWS\System32\ScsiAccess.EXE
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
O23 - Service: CCM Windows Agent (WControl) - On Technology Corporation - c:\_integra\bin\ccmagent.exe
O23 - Service: VNC Server (winvnc) - RealVNC Ltd. - C:\Program Files\VNC\WinVNC\WinVNC.exe

--
End of file - 9631 bytes

Autres pages sur : fenetres intempestives cesse

21 Mai 2008 18:01:37

Bonjour,

Personne ne peut m'aider?? :-(

Il est si infecté que ça?? :-( :-(
a b 8 Sécurité
21 Mai 2008 19:18:19

Bonjour,

[#ff0000]Désactive tes protections résidentes (antivirus, Spybot-S&D, etc.) ![/#f]

  • Télécharge ComboFix ([#ff0000]sUBs[/#f]) sur ton Bureau.
  • Double clique sur ComboFix.exe (le .exe n'est pas forcément visible) afin de le lancer.
  • Lorsque la recherche sera terminée, un rapport apparaîtra. Poste ce rapport (C:\combofix.txt*) dans ta prochaine réponse.

    AIDE : Un guide et un tutoriel sur l'utilisation de ComboFix
    * le nom de la partition peut changer
    Contenus similaires
    22 Mai 2008 21:23:45

    Bonsoir,

    Voici le rapport:

    ComboFix 08-05-21.3 - lb 2008-05-22 21:06:13.1 - NTFSx86
    Running from: C:\Documents and Settings\lb.DOREC000\Desktop\ComboFix.exe
    * Created a new restore point

    WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\Documents and Settings\lb.DOREC000\Application Data\SpeedRunner
    C:\Documents and Settings\lb.DOREC000\Application Data\SpeedRunner\config.cfg
    C:\Documents and Settings\lb.DOREC000\Application Data\SpeedRunner\SpeedRunner.exe
    C:\Documents and Settings\lb.DOREC000\Application Data\SpeedRunner\SRUninstall.exe
    C:\Documents and Settings\lb.DOREC000\Local Settings\Temporary Internet Files\bestwiner.stt
    C:\Documents and Settings\lb.DOREC000\Start Menu\Programs\Outerinfo
    C:\Documents and Settings\lb.DOREC000\Start Menu\Programs\Outerinfo\Terms.lnk
    C:\Documents and Settings\lb.DOREC000\Start Menu\Programs\Outerinfo\Uninstall.lnk
    C:\Program Files\Common Files\Yazzle1560OinAdmin.exe
    C:\Program Files\Common Files\Yazzle1560OinUninstaller.exe
    C:\Program Files\crosof~1
    C:\Program Files\crosof~1\m?config.exe
    C:\Program Files\inetget2
    C:\Program Files\JavaCore
    C:\Program Files\JavaCore\JavaCore.exe
    C:\Program Files\JavaCore\UnInstall.exe
    C:\Program Files\outerinfo
    C:\Program Files\outerinfo\FF\chrome.manifest
    C:\Program Files\outerinfo\FF\components\FF.dll
    C:\Program Files\outerinfo\FF\components\OuterinfoAds.xpt
    C:\Program Files\outerinfo\FF\install.rdf
    C:\Program Files\outerinfo\Terms.rtf
    C:\Program Files\Spcron
    C:\Program Files\Spcron\Spc.dll
    C:\Program Files\Svconr
    C:\Program Files\Svconr\Svconr.exe
    C:\Program Files\Temporary
    C:\WINDOWS\b128.exe
    C:\WINDOWS\b152.exe
    C:\WINDOWS\b155.exe
    C:\WINDOWS\b156.exe
    C:\WINDOWS\b157.exe
    C:\WINDOWS\b999.exe
    C:\WINDOWS\mrofinu1001186.exe
    C:\WINDOWS\system32\27031_mssql.exe
    C:\WINDOWS\system32\inetsrv\sdhost.exe
    C:\WINDOWS\system32\pqybqgt.dll
    C:\WINDOWS\wnsxs~1
    C:\WINDOWS\wnsxs~1\explorer.exe
    C:\WINDOWS\wnsxs~1\W?nSxS\

    .
    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    -------\Legacy_MICROSOFT_WINDOWS_TCP_PROTOCOL
    -------\Service_Microsoft Windows TCP Protocol


    ((((((((((((((((((((((((( Files Created from 2008-04-22 to 2008-05-22 )))))))))))))))))))))))))))))))
    .

    2008-05-19 21:32 . 2008-05-20 19:08 54 --a------ C:\WINDOWS\system32\x
    2008-05-19 21:15 . 2008-05-19 21:16 65,536 --a------ C:\WINDOWS\system32\WinTrack.exe
    2008-05-19 21:08 . 2008-05-19 21:07 396,508 -r-hsc--- C:\WINDOWS\system32\dllcache\wintcps.exe
    2008-05-08 10:38 . 2008-05-19 21:31 13,502 --a------ C:\WINDOWS\system32\JambaIconFR.ico
    2008-05-04 21:33 . 2008-05-04 21:33 9,662 --a------ C:\WINDOWS\system32\ZoneAlarmIconFR.ico
    2008-04-30 12:07 . 2008-04-30 12:07 507,904 -r-hsc--- C:\WINDOWS\system32\dllcache\ibmpsw.exe
    2008-04-29 17:03 . 2008-04-30 16:53 <DIR> d-------- C:\Program Files\GlobalEnglish
    2008-04-29 12:34 . 2008-05-22 21:13 13,392 --a------ C:\WINDOWS\system32\nefcua.gfr
    2008-04-25 15:07 . 2008-04-25 15:07 <DIR> d-------- C:\WINDOWS\system32\shellexec
    2008-04-25 15:07 . 2008-04-25 15:07 47 --a------ C:\WINDOWS\system32\wps.dlx

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-05-22 19:17 --------- d-----w C:\Program Files\Wanadoo
    2008-04-21 18:19 539,136 ----a-w C:\WINDOWS\system32\remote.dll
    2008-02-25 10:44 603,176 ----a-w C:\autoruns.exe
    2008-02-25 10:44 513,064 ----a-w C:\autorunsc.exe
    2006-11-19 16:20 21,104 ----a-w C:\Documents and Settings\lb.DOREC000\Application Data\GDIPFONTCACHEV1.DAT
    2005-03-13 11:45 39,936 --sh--w C:\WINDOWS\system32\wps.dll
    2005-01-22 18:43 58,816 --sha-w C:\WINDOWS\system32\wps.exe
    2005-03-13 11:45 8,432 --sha-w C:\WINDOWS\system32\drivers\wps.sys
    .

    ------- Sigcheck -------

    2002-08-29 03:58 332928 244a2f9816bc9b593957281ef577d976 C:\WINDOWS\$NtServicePackUninstall$\tcpip.sys
    2004-08-04 00:14 359040 9f4b36614a0fc234525ba224957de55c C:\WINDOWS\ServicePackFiles\i386\tcpip.sys
    2004-08-04 00:14 359040 6a603809f598332dbedd535bdbce313e C:\WINDOWS\system32\drivers\tcpip.sys

    2004-08-04 01:56 1038848 0fdc6414bc4ffae1e4e6c0e5e099ced6 C:\WINDOWS\explorer.exe
    2002-08-29 05:41 1010688 a0bec278727ee02c108b98083152f783 C:\WINDOWS\$NtServicePackUninstall$\explorer.exe
    2004-08-04 01:56 1038848 aac6ab5b4da8e89eccb1806e4d28babd C:\WINDOWS\ServicePackFiles\i386\explorer.exe

    2002-08-29 05:41 19968 25fc10e547e3be0c36a738599c665239 C:\WINDOWS\$NtServicePackUninstall$\ctfmon.exe
    2004-08-04 01:56 22016 d11589d33eda6e5ed8ad57d272c98847 C:\WINDOWS\ServicePackFiles\i386\ctfmon.exe
    2004-08-04 01:56 22016 76b83a79591e8a5646124daac5f02859 C:\WINDOWS\system32\ctfmon.exe
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 01:56 22016]
    "WOOKIT"="C:\PROGRA~1\Wanadoo\GestMaj.exe" [2004-10-14 17:55 40960]
    "Asba"="C:\WINDOWS\WNSXS~1\explorer.exe" [ ]
    "Hsohaqi"="C:\Program Files\??crosoft\m?config.exe" [ ]
    "Windows Microsoft Services"="WinTrack.exe" [2008-05-19 21:16 65536 C:\WINDOWS\system32\WinTrack.exe]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Realtime Monitor"="C:\INOCULAN\realmon.exe" [2003-12-02 19:31 290816]
    "PCTVOICE"="pctspk.exe" [2001-12-11 19:09 172032 C:\WINDOWS\system32\pctspk.exe]
    "ATIModeChange"="Ati2mdxx.exe" [2001-09-05 03:24 36864 C:\WINDOWS\system32\Ati2mdxx.exe]
    "AtiPTA"="atiptaxx.exe" [2001-09-18 11:16 253952 C:\WINDOWS\system32\atiptaxx.exe]
    "CCM User Profile Manager"="c:\_integra\upm\bin\CCM_User.exe" [2003-12-16 18:13 446464]
    "WinVNC"="C:\Program Files\VNC\WinVNC\WinVNC.exe" [2003-03-05 13:49 344064]
    "Logitech Utility"="Logi_MwX.Exe" [2002-11-08 09:50 26624 C:\WINDOWS\LOGI_MWX.EXE]
    "WOOWATCH"="C:\PROGRA~1\Wanadoo\Watch.exe" [2004-08-23 15:49 28672]
    "WOOTASKBARICON"="C:\PROGRA~1\Wanadoo\GestMaj.exe" [2004-10-14 17:55 40960]
    "AdaptecDirectCD"="C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe" [2001-09-04 15:31 663552]
    "HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2004-09-13 15:49 57344]
    "CnxDslTaskBar"="C:\Program Files\ZTE Corporation\ZXDSL852\CnxDslTb.exe" [2005-05-20 19:32 286720]
    "Windows Microsoft Services"="WinTrack.exe" [2008-05-19 21:16 65536 C:\WINDOWS\system32\WinTrack.exe]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]
    "Windows Microsoft Services"="WinTrack.exe" [2008-05-19 21:16 65536 C:\WINDOWS\system32\WinTrack.exe]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-04 01:56 22016]
    "Server Daemon Host Manager"="C:\WINDOWS\system32\inetsrv\sdhost.exe" [ ]
    "Windows Microsoft Services"="WinTrack.exe" [2008-05-19 21:16 65536 C:\WINDOWS\system32\WinTrack.exe]

    C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
    D‚marrage rapide du logiciel HP Image Zone.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe [2004-11-04 19:50:52 61440]
    HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2004-11-04 19:28:24 266240]
    KODAK Software Updater.lnk - C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\backWeb-7288971.exe [2003-06-08 18:48:18 24624]
    Logiciel Kodak EasyShare.lnk - C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe [2003-06-25 07:25:38 622723]
    Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 01:01:04 83360]
    Service Manager.lnk - C:\Program Files\microsoft sql server\80\tools\binn\sqlmangr.exe [2002-12-17 17:23:32 82500]

    [HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
    "DisallowRun"= 1 (0x1)

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\disallowrun]
    "Protected system files1"= avgupsvc.exe
    "Protected system files2"= avgamsvr.exe
    "Protected system files3"= avgcc.exe
    "Protected system files4"= nod32kui.exe
    "Protected system files5"= nod32krn.exe
    "Protected system files6"= ccSetMgr.exe
    "Protected system files7"= ccEvtMgr.exe
    "Protected system files8"= DefWatch.exe
    "Protected system files9"= SavRoam.exe
    "Protected system files10"= Rtvscan.exe
    "Protected system files11"= VPTray.exe
    "Protected system files12"= ccApp.exe
    "Protected system files13"= AluSchedulerSvc.exe
    "Protected system files14"= nod32.exe
    "Protected system files15"= nod32ra.exe
    "Protected system files16"= UpdaterUI.exe
    "Protected system files17"= tbmon.exe
    "Protected system files18"= Mcshield.exe
    "Protected system files19"= SHSTAT.exe
    "Protected system files20"= ashMaiSv.exe
    "Protected system files21"= ashServ.exe
    "Protected system files22"= ashWebSv.exe
    "Protected system files23"= aswUpdSv.exe
    "Protected system files24"= AVGUARD.exe
    "Protected system files25"= AVWUPSRV.exe
    "Protected system files26"= avscan.exe
    "Protected system files27"= guardgui.exe
    "Protected system files28"= VxMon.exe
    "Protected system files29"= AVGNT.exe
    "Protected system files30"= avgemc.exe
    "Protected system files31"= avp.exe
    "Protected system files32"= avp.com

    [HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer\disallowrun]
    "Protected system files1"= avgupsvc.exe
    "Protected system files2"= avgamsvr.exe
    "Protected system files3"= avgcc.exe
    "Protected system files4"= nod32kui.exe
    "Protected system files5"= nod32krn.exe
    "Protected system files6"= ccSetMgr.exe
    "Protected system files7"= ccEvtMgr.exe
    "Protected system files8"= DefWatch.exe
    "Protected system files9"= SavRoam.exe
    "Protected system files10"= Rtvscan.exe
    "Protected system files11"= VPTray.exe
    "Protected system files12"= ccApp.exe
    "Protected system files13"= AluSchedulerSvc.exe
    "Protected system files14"= nod32.exe
    "Protected system files15"= nod32ra.exe
    "Protected system files16"= UpdaterUI.exe
    "Protected system files17"= tbmon.exe
    "Protected system files18"= Mcshield.exe
    "Protected system files19"= SHSTAT.exe
    "Protected system files20"= ashMaiSv.exe
    "Protected system files21"= ashServ.exe
    "Protected system files22"= ashWebSv.exe
    "Protected system files23"= aswUpdSv.exe
    "Protected system files24"= AVGUARD.exe
    "Protected system files25"= AVWUPSRV.exe
    "Protected system files26"= avscan.exe
    "Protected system files27"= guardgui.exe
    "Protected system files28"= VxMon.exe
    "Protected system files29"= AVGNT.exe
    "Protected system files30"= avgemc.exe
    "Protected system files31"= avp.exe
    "Protected system files32"= avp.com

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ckpNotify]

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall"= 0 (0x0)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "C:\\Program Files\\Kodak\\KODAK Software Updater\\7288971\\Program\\backWeb-7288971.exe"=

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

    R0 SSI;SSI;C:\WINDOWS\system32\Drivers\SSI.SYS [2005-12-14 20:06]
    R2 smefs;SMEFileSystem;C:\WINDOWS\system32\drivers\smefs.sys [2002-04-23 19:11]
    R3 CnxEtP;ZTE ZXDSL852 Adapter Filter Driver;C:\WINDOWS\system32\DRIVERS\CnxEtP.sys [2005-05-20 19:27]
    R3 CnxEtU;ZTE ZXDSL852 Interface Device Driver;C:\WINDOWS\system32\DRIVERS\CnxEtU.sys [2005-05-20 19:27]
    R3 CnxTgNW;ZTE ZXDSL852 WAN PPPoA Adapter Driver;C:\WINDOWS\system32\DRIVERS\CnxTgNW.sys [2005-05-20 19:28]
    R3 smedrv;SMEDriver;C:\WINDOWS\system32\drivers\smedrv.sys [2001-11-10 00:00]
    R3 usbmouseb;usbmouseb;C:\WINDOWS\SYSTEM32\drivers\wps.sys [2005-03-13 13:45]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    svchost.exe REG_MULTI_SZ svchost.exe
    yjnzii REG_MULTI_SZ yjnzii
    gwtnhu REG_MULTI_SZ gwtnhu
    MSDTCSERVEsss REG_MULTI_SZ MSDTCSERVEsss

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
    smss

    .
    **************************************************************************

    catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-05-22 21:15:34
    Windows 5.1.2600 Service Pack 2 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...


    C:\Documents and Settings\lb.DOREC000\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG:CA_INOCULATEIT 512 bytes hidden from API

    scan completed successfully
    hidden files: 1

    **************************************************************************
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------

    PROCESS: C:\WINDOWS\system32\winlogon.exe
    -> c:\windows\system32\nefcua.dll
    -> c:\windows\system32\bspkjj.dll
    -> c:\windows\system32\jxatdy.dll

    PROCESS: C:\WINDOWS\explorer.exe
    -> c:\windows\system32\jxatdy.dll
    -> c:\windows\system32\bspkjj.dll
    -> c:\windows\system32\nefcua.dll
    .
    ------------------------ Other Running Processes ------------------------
    .
    C:\WINDOWS\system32\ati2evxx.exe
    C:\WINDOWS\system32\FTRTSVC.exe
    C:\WINDOWS\system32\dllcache\ibmpsw.exe
    C:\INOCULAN\InoRpc.exe
    C:\INOCULAN\InoRT.exe
    C:\INOCULAN\InoTask.exe
    C:\WINDOWS\system32\drivers\KodakCCS.exe
    C:\WINDOWS\LogWatNT.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
    C:\Program Files\microsoft sql server\MSSQL\Binn\sqlservr.exe
    C:\WINDOWS\system32\ScsiAccess.EXE
    C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
    C:\WINDOWS\system32\wdfmgr.exe
    C:\_INTEGRA\BIN\CCMAGENT.EXE
    C:\_INTEGRA\BIN\SHSTART.EXE
    C:\Program Files\Logitech\MouseWare\system\EM_EXEC.EXE
    C:\PROGRA~1\Wanadoo\TaskBarIcon.exe
    C:\PROGRA~1\Wanadoo\EspaceWanadoo.exe
    C:\PROGRA~1\Wanadoo\ComComp.exe
    C:\PROGRA~1\Wanadoo\Toaster.exe
    C:\PROGRA~1\Wanadoo\Inactivity.exe
    C:\WINDOWS\system32\ALERTM~1\ALERTM~1.EXE
    C:\PROGRA~1\Wanadoo\PollingModule.exe
    .
    **************************************************************************
    .
    Completion time: 2008-05-22 21:23:55 - machine was rebooted
    ComboFix-quarantined-files.txt 2008-05-22 19:23:17

    Pre-Run: 22,737,111,040 bytes free
    Post-Run: 22,660,817,408 bytes free

    270
    a b 8 Sécurité
    23 Mai 2008 11:02:01

    Re,

    Télécharge MalwareByte's Anti-Malware sur ton Bureau.
    Installe-le en double-cliquant sur le fichier Download_mbam-setup.exe.

    Une fois l'installation et la mise à jour effectuées, redémarre en mode sans échec.
    AIDE : Redémarrer en mode sans échec

  • Exécute maintenant MalwareByte's Anti-Malware. Si cela n'est pas déjà fait, sélectionne "Exécuter un examen complet".
  • Afin de lancer la recherche, clic sur"Rechercher".
  • Une fois le scan terminé, une fenêtre s'ouvre, clic sur OK. Deux possibilités s'offrent à toi :
    -- si le programme n'a rien trouvé, appuie sur OK. Un rapport va apparaître, ferme-le.
    -- si des infections sont présentes, clic sur "Afficher les résultats" puis sur "Supprimer la sélection". Enregistre le rapport sur ton Bureau afin de le poster dans ta prochaine réponse.
    [#ff0000]REMARQUE : Si MalwareByte's Anti-Malware a besoin de redémarrer pour terminer la suppression, accepte en cliquant sur Ok.[/#f]

    AIDE : Tuto en images sur MBAM
    25 Mai 2008 13:27:30

    Bonjour,

    Je ne comprends pas ce que je dois télécharger; il s'affiche la page majorgeeks.com et je ne vois pas où se situe le fichier à télécharger... Sorry
    a b 8 Sécurité
    25 Mai 2008 13:41:19

    Tu as regardé le tuto ? :) 
    25 Mai 2008 18:21:08

    Rebonjour,

    Voici le rapport:
    Malwarebytes' Anti-Malware 1.12
    Version de la base de données: 785

    Type de recherche: Examen complet (C:\|)
    Eléments examinés: 79124
    Temps écoulé: 43 minute(s), 11 second(s)

    Processus mémoire infecté(s): 1
    Module(s) mémoire infecté(s): 0
    Clé(s) du Registre infectée(s): 7
    Valeur(s) du Registre infectée(s): 20
    Elément(s) de données du Registre infecté(s): 1
    Dossier(s) infecté(s): 6
    Fichier(s) infecté(s): 20

    Processus mémoire infecté(s):
    C:\WINDOWS\mrofinu1001186.exe (Trojan.Downloader) -> Unloaded process successfully.

    Module(s) mémoire infecté(s):
    (Aucun élément nuisible détecté)

    Clé(s) du Registre infectée(s):
    HKEY_CLASSES_ROOT\syswebtelecom.syswebtelecom (Dialer) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{639581d0-8376-4073-b73b-45993fa45156} (Dialer) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{66b0c472-a6b5-4e86-8330-f4875af90929} (Dialer) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Typelib\{21de6877-97c0-4fc7-9c16-666b996db4a2} (Dialer) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\Software\SpeedRunner (Adware.SurfAccuracy) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\WR (Malware.Trace) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Outerinfo (Adware.PurityScan) -> Quarantined and deleted successfully.

    Valeur(s) du Registre infectée(s):
    HKEY_CURRENT_USER\Software\Mozilla\Firefox\Extensions\{59a40ac9-e67d-4155-b31d-4b7330fcd2d6} (Adware.PurityScan) -> Quarantined and deleted successfully.
    HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Svconr (Trojan.Agent) -> Quarantined and deleted successfully.
    HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\SpeedRunner (Adware.SurfAccuracy) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Windows Service Agent (Backdoor.Bot) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Windows Service Agent (Backdoor.Bot) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\runner1 (Trojan.Agent) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun\Protected system files1 (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun\Protected system files2 (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun\Protected system files3 (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun\Protected system files4 (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun\Protected system files5 (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun\Protected system files6 (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun\Protected system files7 (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun\Protected system files8 (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun\Protected system files9 (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun\Protected system files10 (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun\Protected system files11 (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun\Protected system files12 (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun\Protected system files13 (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun\Protected system files14 (Security.Hijack) -> Quarantined and deleted successfully.

    Elément(s) de données du Registre infecté(s):
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SecurityProviders (Trojan.Agent) -> Data: spc.dll -> Quarantined and deleted successfully.

    Dossier(s) infecté(s):
    C:\Program Files\InetGet2 (Trojan.Downloader) -> Quarantined and deleted successfully.
    C:\Program Files\Temporary (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\Program Files\JavaCore (Trojan.Downloader) -> Quarantined and deleted successfully.
    C:\Program Files\Svconr (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\Program Files\Spcron (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\Documents and Settings\lb.DOREC000\Application Data\speedrunner (Adware.SurfAccuracy) -> Quarantined and deleted successfully.

    Fichier(s) infecté(s):
    C:\QooBox\Quarantine\C\Program Files\Outerinfo\FF\components\FF.dll.vir (Adware.ZenoSearch) -> Quarantined and deleted successfully.
    C:\QooBox\Quarantine\C\WINDOWS\system32\pqybqgt.dll.vir (Adware.ClickSpring) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{09A74484-38C6-43AE-9469-37A8ED71C44F}\RP2\A0000011.dll (Adware.ZenoSearch) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{09A74484-38C6-43AE-9469-37A8ED71C44F}\RP2\A0000024.dll (Adware.ClickSpring) -> Quarantined and deleted successfully.
    C:\Program Files\JavaCore\JavaCore.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
    C:\Program Files\JavaCore\UnInstall.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
    C:\Program Files\Svconr\Svconr.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\Program Files\Spcron\Spc.dll (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\Documents and Settings\lb.DOREC000\Application Data\speedrunner\config.cfg (Adware.SurfAccuracy) -> Quarantined and deleted successfully.
    C:\Documents and Settings\lb.DOREC000\Application Data\speedrunner\SpeedRunner.exe (Adware.SurfAccuracy) -> Quarantined and deleted successfully.
    C:\Documents and Settings\lb.DOREC000\Application Data\speedrunner\SRUninstall.exe (Adware.SurfAccuracy) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\YaRaby.exe (Backdoor.Bot) -> Delete on reboot.
    C:\WINDOWS\mrofinu1001186.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\Program Files\Common Files\Yazzle1560OinAdmin.exe (Adware.PurityScan) -> Quarantined and deleted successfully.
    C:\Program Files\Common Files\Yazzle1560OinUninstaller.exe (Adware.PurityScan) -> Quarantined and deleted successfully.
    C:\WINDOWS\b128.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
    C:\WINDOWS\b152.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
    C:\WINDOWS\b155.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
    C:\WINDOWS\b156.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
    C:\WINDOWS\b157.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
    a b 8 Sécurité
    25 Mai 2008 18:31:29

    Reposte un rapport Hijackthis.
    25 Mai 2008 18:41:12

    Le voilà:

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 18:47, on 2008-05-25
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\System32\Ati2evxx.exe
    C:\WINDOWS\System32\FTRTSVC.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\dllcache\ibmpsw.exe
    C:\INOCULAN\InoRpc.exe
    C:\INOCULAN\InoRT.exe
    C:\INOCULAN\InoTask.exe
    C:\WINDOWS\system32\drivers\KodakCCS.exe
    C:\WINDOWS\LogWatNT.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
    C:\WINDOWS\system32\SVCHOST.EXE
    C:\Program Files\Microsoft SQL Server\MSSQL\Binn\sqlservr.exe
    C:\WINDOWS\System32\ScsiAccess.EXE
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
    c:\_integra\bin\ccmagent.exe
    C:\Program Files\VNC\WinVNC\WinVNC.exe
    C:\WINDOWS\system32\svchoST.exe
    c:\_integra\bin\shstart.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\pctspk.exe
    C:\WINDOWS\system32\atiptaxx.exe
    C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
    C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    C:\PROGRA~1\Wanadoo\TaskBarIcon.exe
    C:\Program Files\ZTE Corporation\ZXDSL852\CnxDslTb.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\WINDOWS\system32\WinTrack.exe
    C:\PROGRA~1\Wanadoo\EspaceWanadoo.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\backWeb-7288971.exe
    C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
    C:\Program Files\microsoft sql server\80\tools\binn\sqlmangr.exe
    C:\Program Files\Logitech\MouseWare\system\em_exec.exe
    C:\PROGRA~1\Wanadoo\ComComp.exe
    C:\PROGRA~1\Wanadoo\Toaster.exe
    C:\PROGRA~1\Wanadoo\Inactivity.exe
    C:\PROGRA~1\Wanadoo\PollingModule.exe
    C:\WINDOWS\System32\ALERTM~1\ALERTM~1.EXE
    C:\PROGRA~1\Wanadoo\Watch.exe
    C:\Program Files\internet explorer\iexplore.exe
    C:\PROGRA~1\WinZip\winzip32.exe
    C:\DOCUME~1\LBA999~1.DOR\LOCALS~1\Temp\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
    F2 - REG:system.ini: UserInit=c:\windows\system32\userinit.exe,c:\_integra\bin\shstart.exe,
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6\Reader\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O4 - HKLM\..\Run: [Realtime Monitor] C:\INOCULAN\realmon.exe
    O4 - HKLM\..\Run: [PCTVOICE] pctspk.exe
    O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
    O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
    O4 - HKLM\..\Run: [CCM User Profile Manager] "c:\_integra\upm\bin\CCM_User.exe"
    O4 - HKLM\..\Run: [WinVNC] "C:\Program Files\VNC\WinVNC\WinVNC.exe" -servicehelper
    O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
    O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
    O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\GestMaj.exe TaskBarIcon.exe
    O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe"
    O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
    O4 - HKLM\..\Run: [CnxDslTaskBar] "C:\Program Files\ZTE Corporation\ZXDSL852\CnxDslTb.exe" "ZTE Corporation\ZXDSL852"
    O4 - HKLM\..\Run: [Windows Microsoft Services] WinTrack.exe
    O4 - HKLM\..\Run: [Malwarebytes Anti-Malware Reboot] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
    O4 - HKLM\..\RunServices: [Windows Microsoft Services] WinTrack.exe
    O4 - HKLM\..\RunServices: [Windows Service Agent] YaRaby.exe
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\GestMaj.exe EspaceWanadoo.exe
    O4 - HKCU\..\Run: [Asba] "C:\WINDOWS\WNSXS~1\explorer.exe" -vt yazb
    O4 - HKCU\..\Run: [Hsohaqi] "C:\Program Files\??crosoft\m?config.exe"
    O4 - HKCU\..\Run: [Windows Microsoft Services] WinTrack.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\S-1-5-18\..\Run: [JavaCore] C:\Program Files\\JavaCore\\JavaCore.exe (User 'SYSTEM')
    O4 - HKUS\S-1-5-18\..\Run: [SfKg6wIP] C:\Documents and Settings\lb.DOREC000\Application Data\Microsoft\Windows\tpydvg.exe (User 'SYSTEM')
    O4 - HKUS\S-1-5-18\..\Run: [Windows Service Agent] YaRaby.exe (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
    O4 - Global Startup: Démarrage rapide du logiciel HP Image Zone.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
    O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    O4 - Global Startup: KODAK Software Updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\backWeb-7288971.exe
    O4 - Global Startup: Logiciel Kodak EasyShare.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O4 - Global Startup: Service Manager.lnk = C:\Program Files\microsoft sql server\80\tools\binn\sqlmangr.exe
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra button: Wanadoo - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - http://www.wanadoo.fr (file missing) (HKCU)
    O16 - DPF: {3A5A2021-0895-11D2-8817-0060089E0724} (GlobalEnglish Learning Technology) - http://corp.globalenglish.com/html/setup/cabs/ge.cab
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = esp.arcelor.com
    O17 - HKLM\Software\..\Telephony: DomainName = esp.arcelor.com
    O17 - HKLM\System\CCS\Services\Tcpip\..\{945E8E45-3AC6-40E8-865B-ED64CCCF4521}: NameServer = 80.10.246.1 81.253.149.2
    O17 - HKLM\System\CCS\Services\Tcpip\..\{AC51CD88-348C-41EC-8303-EF84C65AF366}: Domain = esp.arcelor.com
    O17 - HKLM\System\CCS\Services\Tcpip\..\{AC51CD88-348C-41EC-8303-EF84C65AF366}: NameServer = 128.45.0.11,128.45.0.31
    O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = esp.arcelor.com
    O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = esp.arcelor.com,esp.arcelor.agn,recyfin.arcelor.com,arcelor.agn,sidmar.be,usinor.com,sidmar.agn
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = esp.arcelor.com,esp.arcelor.agn,recyfin.arcelor.com,arcelor.agn,sidmar.be,usinor.com,sidmar.agn
    O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
    O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
    O23 - Service: IBM Access Driver Control - Unknown owner - C:\WINDOWS\system32\dllcache\ibmpsw.exe
    O23 - Service: eTrust Antivirus RPC Server (InoRPC) - Computer Associates International, Inc. - C:\INOCULAN\InoRpc.exe
    O23 - Service: eTrust Antivirus Realtime Server (InoRT) - Computer Associates International, Inc. - C:\INOCULAN\InoRT.exe
    O23 - Service: eTrust Antivirus Job Server (InoTask) - Computer Associates International, Inc. - C:\INOCULAN\InoTask.exe
    O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
    O23 - Service: Event Log Watch (LogWatch) - Unknown owner - C:\WINDOWS\LogWatNT.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
    O23 - Service: ScsiAccess - Unknown owner - C:\WINDOWS\System32\ScsiAccess.EXE
    O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
    O23 - Service: CCM Windows Agent (WControl) - On Technology Corporation - c:\_integra\bin\ccmagent.exe
    O23 - Service: VNC Server (winvnc) - RealVNC Ltd. - C:\Program Files\VNC\WinVNC\WinVNC.exe

    --
    End of file - 8969 bytes
    a b 8 Sécurité
    25 Mai 2008 18:53:32

    Refais un scan Combofix.
    26 Mai 2008 21:24:36

    Bonsoir,

    Le voilà:
    ComboFix 08-05-21.3 - lb 2008-05-26 21:07:58.2 - NTFSx86
    Running from: C:\Documents and Settings\lb.DOREC000\Desktop\ComboFix.exe

    WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\Documents and Settings\lb.DOREC000\Local Settings\Temporary Internet Files\bestwiner.stt
    C:\WINDOWS\b999.exe

    .
    ((((((((((((((((((((((((( Files Created from 2008-04-26 to 2008-05-26 )))))))))))))))))))))))))))))))
    .

    2008-05-25 17:32 . 2008-05-25 17:32 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
    2008-05-25 17:32 . 2008-05-25 17:32 <DIR> d-------- C:\Documents and Settings\lb.DOREC000\Application Data\Malwarebytes
    2008-05-25 17:32 . 2008-05-25 17:32 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
    2008-05-25 17:32 . 2008-05-05 20:46 27,048 --a------ C:\WINDOWS\system32\drivers\mbamcatchme.sys
    2008-05-25 17:32 . 2008-05-05 20:46 15,864 --a------ C:\WINDOWS\system32\drivers\mbam.sys
    2008-05-25 17:31 . 2008-05-25 17:31 <DIR> d-------- C:\Program Files\Common Files\Download Manager
    2008-05-19 21:15 . 2008-05-19 21:16 65,536 --a------ C:\WINDOWS\system32\WinTrack.exe
    2008-05-19 21:08 . 2008-05-19 21:07 396,508 -r-hsc--- C:\WINDOWS\system32\dllcache\wintcps.exe
    2008-05-08 10:38 . 2008-05-19 21:31 13,502 --a------ C:\WINDOWS\system32\JambaIconFR.ico
    2008-05-04 21:33 . 2008-05-04 21:33 9,662 --a------ C:\WINDOWS\system32\ZoneAlarmIconFR.ico
    2008-04-30 12:07 . 2008-04-30 12:07 507,904 -r-hsc--- C:\WINDOWS\system32\dllcache\ibmpsw.exe
    2008-04-29 17:03 . 2008-04-30 16:53 <DIR> d-------- C:\Program Files\GlobalEnglish
    2008-04-29 12:34 . 2008-05-26 21:18 18,174 --a------ C:\WINDOWS\system32\nefcua.gfr

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-05-26 19:21 --------- d-----w C:\Program Files\Wanadoo
    2006-11-19 16:20 21,104 ----a-w C:\Documents and Settings\lb.DOREC000\Application Data\GDIPFONTCACHEV1.DAT
    2005-03-13 11:45 39,936 --sh--w C:\WINDOWS\system32\wps.dll
    2005-01-22 18:43 58,816 --sha-w C:\WINDOWS\system32\wps.exe
    2005-03-13 11:45 8,432 --sha-w C:\WINDOWS\system32\drivers\wps.sys
    .

    ------- Sigcheck -------

    2002-08-29 03:58 332928 244a2f9816bc9b593957281ef577d976 C:\WINDOWS\$NtServicePackUninstall$\tcpip.sys
    2004-08-04 00:14 359040 9f4b36614a0fc234525ba224957de55c C:\WINDOWS\ServicePackFiles\i386\tcpip.sys
    2004-08-04 00:14 359040 6a603809f598332dbedd535bdbce313e C:\WINDOWS\system32\drivers\tcpip.sys

    2004-08-04 01:56 1038848 0fdc6414bc4ffae1e4e6c0e5e099ced6 C:\WINDOWS\explorer.exe
    2002-08-29 05:41 1010688 a0bec278727ee02c108b98083152f783 C:\WINDOWS\$NtServicePackUninstall$\explorer.exe
    2004-08-04 01:56 1038848 aac6ab5b4da8e89eccb1806e4d28babd C:\WINDOWS\ServicePackFiles\i386\explorer.exe

    2002-08-29 05:41 19968 25fc10e547e3be0c36a738599c665239 C:\WINDOWS\$NtServicePackUninstall$\ctfmon.exe
    2004-08-04 01:56 22016 d11589d33eda6e5ed8ad57d272c98847 C:\WINDOWS\ServicePackFiles\i386\ctfmon.exe
    2004-08-04 01:56 22016 76b83a79591e8a5646124daac5f02859 C:\WINDOWS\system32\ctfmon.exe
    .
    ((((((((((((((((((((((((((((( snapshot@2008-05-22_21.22.18.39 )))))))))))))))))))))))))))))))))))))))))
    .
    - 2001-08-23 12:00:00 179,200 -c----w C:\WINDOWS\$NtServicePackUninstall$\accwiz.exe
    + 2001-08-23 12:00:00 185,856 -c----w C:\WINDOWS\$NtServicePackUninstall$\accwiz.exe
    - 2001-08-23 12:00:00 4,096 -c----w C:\WINDOWS\$NtServicePackUninstall$\actmovie.exe
    + 2001-08-23 12:00:00 10,752 -c----w C:\WINDOWS\$NtServicePackUninstall$\actmovie.exe
    - 2002-05-14 10:08:54 16,439 -c----w C:\WINDOWS\$NtServicePackUninstall$\admin.exe
    + 2002-05-14 10:08:54 24,631 -c----w C:\WINDOWS\$NtServicePackUninstall$\admin.exe
    - 2001-08-23 12:00:00 235,008 -c----w C:\WINDOWS\$NtServicePackUninstall$\agentsvr.exe
    + 2001-08-23 12:00:00 241,664 -c----w C:\WINDOWS\$NtServicePackUninstall$\agentsvr.exe
    - 2002-08-29 03:41:20 91,648 -c----w C:\WINDOWS\$NtServicePackUninstall$\ahui.exe
    + 2002-08-29 03:41:20 98,304 -c----w C:\WINDOWS\$NtServicePackUninstall$\ahui.exe
    - 2002-08-29 03:41:20 41,984 -c----w C:\WINDOWS\$NtServicePackUninstall$\alg.exe
    + 2002-08-29 03:41:20 48,640 -c----w C:\WINDOWS\$NtServicePackUninstall$\alg.exe
    - 2001-08-23 12:00:00 27,136 -c----w C:\WINDOWS\$NtServicePackUninstall$\asr_fmt.exe
    + 2001-08-23 12:00:00 33,792 -c----w C:\WINDOWS\$NtServicePackUninstall$\asr_fmt.exe
    - 2002-08-29 03:41:20 29,696 -c----w C:\WINDOWS\$NtServicePackUninstall$\asr_pfu.exe
    + 2002-08-29 03:41:20 36,352 -c----w C:\WINDOWS\$NtServicePackUninstall$\asr_pfu.exe
    - 2002-08-29 03:41:20 22,528 -c----w C:\WINDOWS\$NtServicePackUninstall$\at.exe
    + 2002-08-29 03:41:20 29,184 -c----w C:\WINDOWS\$NtServicePackUninstall$\at.exe
    - 2001-08-23 12:00:00 10,240 -c----w C:\WINDOWS\$NtServicePackUninstall$\atmadm.exe
    + 2001-08-23 12:00:00 16,896 -c----w C:\WINDOWS\$NtServicePackUninstall$\atmadm.exe
    - 2002-05-14 10:08:54 16,439 -c----w C:\WINDOWS\$NtServicePackUninstall$\author.exe
    + 2002-05-14 10:08:54 24,631 -c----w C:\WINDOWS\$NtServicePackUninstall$\author.exe
    - 2002-05-14 10:08:54 188,480 -c----w C:\WINDOWS\$NtServicePackUninstall$\cfgwiz.exe
    + 2002-05-14 10:08:54 196,672 -c----w C:\WINDOWS\$NtServicePackUninstall$\cfgwiz.exe
    - 2001-08-23 12:00:00 45,056 -c----w C:\WINDOWS\$NtServicePackUninstall$\cipher.exe
    + 2001-08-23 12:00:00 51,712 -c----w C:\WINDOWS\$NtServicePackUninstall$\cipher.exe
    - 2001-08-23 12:00:00 5,120 -c----w C:\WINDOWS\$NtServicePackUninstall$\cisvc.exe
    + 2001-08-23 12:00:00 11,776 -c----w C:\WINDOWS\$NtServicePackUninstall$\cisvc.exe
    - 2001-08-23 12:00:00 61,440 -c----w C:\WINDOWS\$NtServicePackUninstall$\cleanmgr.exe
    + 2001-08-23 12:00:00 68,096 -c----w C:\WINDOWS\$NtServicePackUninstall$\cleanmgr.exe
    - 2002-09-26 13:30:38 20,480 -c----w C:\WINDOWS\$NtServicePackUninstall$\cliconfg.exe
    + 2002-09-26 13:30:38 28,672 -c----w C:\WINDOWS\$NtServicePackUninstall$\cliconfg.exe
    - 2002-08-29 03:41:20 98,816 -c----w C:\WINDOWS\$NtServicePackUninstall$\clipbrd.exe
    + 2002-08-29 03:41:20 105,472 -c----w C:\WINDOWS\$NtServicePackUninstall$\clipbrd.exe
    - 2001-08-23 12:00:00 30,720 -c----w C:\WINDOWS\$NtServicePackUninstall$\clipsrv.exe
    + 2001-08-23 12:00:00 37,376 -c----w C:\WINDOWS\$NtServicePackUninstall$\clipsrv.exe
    - 2001-08-23 12:00:00 375,808 -c----w C:\WINDOWS\$NtServicePackUninstall$\cmd.exe
    + 2001-08-23 12:00:00 382,464 -c----w C:\WINDOWS\$NtServicePackUninstall$\cmd.exe
    - 2002-08-29 03:41:22 41,472 -c----w C:\WINDOWS\$NtServicePackUninstall$\cmdl32.exe
    + 2002-08-29 03:41:22 48,128 -c----w C:\WINDOWS\$NtServicePackUninstall$\cmdl32.exe
    - 2001-08-23 12:00:00 35,840 -c----w C:\WINDOWS\$NtServicePackUninstall$\cmmon32.exe
    + 2001-08-23 12:00:00 42,496 -c----w C:\WINDOWS\$NtServicePackUninstall$\cmmon32.exe
    - 2001-08-23 12:00:00 54,784 -c----w C:\WINDOWS\$NtServicePackUninstall$\cmstp.exe
    + 2001-08-23 12:00:00 61,440 -c----w C:\WINDOWS\$NtServicePackUninstall$\cmstp.exe
    - 2001-08-23 12:00:00 8,192 -c----w C:\WINDOWS\$NtServicePackUninstall$\comrepl.exe
    + 2001-08-23 12:00:00 14,848 -c----w C:\WINDOWS\$NtServicePackUninstall$\comrepl.exe
    - 2002-08-29 03:41:22 995,328 -c----w C:\WINDOWS\$NtServicePackUninstall$\conf.exe
    + 2002-08-29 03:41:22 1,003,520 -c----w C:\WINDOWS\$NtServicePackUninstall$\conf.exe
    - 2002-08-29 03:41:22 24,576 -c----w C:\WINDOWS\$NtServicePackUninstall$\conime.exe
    + 2002-08-29 03:41:22 31,232 -c----w C:\WINDOWS\$NtServicePackUninstall$\conime.exe
    - 2001-08-23 12:00:00 102,450 -c----w C:\WINDOWS\$NtServicePackUninstall$\cscript.exe
    + 2001-08-23 12:00:00 110,642 -c----w C:\WINDOWS\$NtServicePackUninstall$\cscript.exe
    - 2002-08-29 03:41:22 13,312 -c----w C:\WINDOWS\$NtServicePackUninstall$\ctfmon.exe
    + 2002-08-29 03:41:22 19,968 -c----w C:\WINDOWS\$NtServicePackUninstall$\ctfmon.exe
    - 2001-08-23 12:00:00 39,424 -c----w C:\WINDOWS\$NtServicePackUninstall$\davcdata.exe
    + 2001-08-23 12:00:00 46,080 -c----w C:\WINDOWS\$NtServicePackUninstall$\davcdata.exe
    - 2001-08-23 12:00:00 27,136 -c----w C:\WINDOWS\$NtServicePackUninstall$\ddeshare.exe
    + 2001-08-23 12:00:00 33,792 -c----w C:\WINDOWS\$NtServicePackUninstall$\ddeshare.exe
    - 2002-08-29 03:41:22 70,656 -c----w C:\WINDOWS\$NtServicePackUninstall$\defrag.exe
    + 2002-08-29 03:41:22 77,312 -c----w C:\WINDOWS\$NtServicePackUninstall$\defrag.exe
    - 2002-08-29 03:41:22 76,288 -c----w C:\WINDOWS\$NtServicePackUninstall$\dfrgfat.exe
    + 2002-08-29 03:41:22 82,944 -c----w C:\WINDOWS\$NtServicePackUninstall$\dfrgfat.exe
    - 2002-08-29 03:41:22 99,328 -c----w C:\WINDOWS\$NtServicePackUninstall$\dfrgntfs.exe
    + 2002-08-29 03:41:22 105,984 -c----w C:\WINDOWS\$NtServicePackUninstall$\dfrgntfs.exe
    - 2001-08-23 12:00:00 522,240 -c----w C:\WINDOWS\$NtServicePackUninstall$\dialer.exe
    + 2001-08-23 12:00:00 528,896 -c----w C:\WINDOWS\$NtServicePackUninstall$\dialer.exe
    - 2001-08-23 12:00:00 79,360 -c----w C:\WINDOWS\$NtServicePackUninstall$\diantz.exe
    + 2001-08-23 12:00:00 86,016 -c----w C:\WINDOWS\$NtServicePackUninstall$\diantz.exe
    - 2001-08-23 12:00:00 145,920 -c----w C:\WINDOWS\$NtServicePackUninstall$\diskpart.exe
    + 2001-08-23 12:00:00 152,576 -c----w C:\WINDOWS\$NtServicePackUninstall$\diskpart.exe
    - 2002-08-29 03:41:22 294,912 -c----w C:\WINDOWS\$NtServicePackUninstall$\dlimport.exe
    + 2002-08-29 03:41:22 303,104 -c----w C:\WINDOWS\$NtServicePackUninstall$\dlimport.exe
    - 2001-08-23 12:00:00 4,608 -c----w C:\WINDOWS\$NtServicePackUninstall$\dllhost.exe
    + 2001-08-23 12:00:00 11,264 -c----w C:\WINDOWS\$NtServicePackUninstall$\dllhost.exe
    - 2001-08-23 12:00:00 204,800 -c----w C:\WINDOWS\$NtServicePackUninstall$\dmadmin.exe
    + 2001-08-23 12:00:00 211,456 -c----w C:\WINDOWS\$NtServicePackUninstall$\dmadmin.exe
    - 2001-08-23 12:00:00 14,336 -c----w C:\WINDOWS\$NtServicePackUninstall$\dmremote.exe
    + 2001-08-23 12:00:00 20,992 -c----w C:\WINDOWS\$NtServicePackUninstall$\dmremote.exe
    - 2001-08-23 12:00:00 26,112 -c----w C:\WINDOWS\$NtServicePackUninstall$\dplaysvr.exe
    + 2001-08-23 12:00:00 32,768 -c----w C:\WINDOWS\$NtServicePackUninstall$\dplaysvr.exe
    - 2001-08-23 12:00:00 18,944 -c----w C:\WINDOWS\$NtServicePackUninstall$\dpnsvr.exe
    + 2001-08-23 12:00:00 25,600 -c----w C:\WINDOWS\$NtServicePackUninstall$\dpnsvr.exe
    - 2002-08-29 03:41:22 58,368 -c----w C:\WINDOWS\$NtServicePackUninstall$\dpvsetup.exe
    + 2002-08-29 03:41:22 65,024 -c----w C:\WINDOWS\$NtServicePackUninstall$\dpvsetup.exe
    - 2002-08-29 03:41:22 9,216 -c----w C:\WINDOWS\$NtServicePackUninstall$\dumprep.exe
    + 2002-08-29 03:41:22 15,872 -c----w C:\WINDOWS\$NtServicePackUninstall$\dumprep.exe
    - 2001-08-23 12:00:00 15,872 -c----w C:\WINDOWS\$NtServicePackUninstall$\dvdupgrd.exe
    + 2001-08-23 12:00:00 22,528 -c----w C:\WINDOWS\$NtServicePackUninstall$\dvdupgrd.exe
    - 2002-08-29 03:41:22 180,224 -c----w C:\WINDOWS\$NtServicePackUninstall$\dwwin.exe
    + 2002-08-29 03:41:22 188,416 -c----w C:\WINDOWS\$NtServicePackUninstall$\dwwin.exe
    - 2002-08-29 03:41:22 786,432 -c----w C:\WINDOWS\$NtServicePackUninstall$\dxdiag.exe
    + 2002-08-29 03:41:22 794,624 -c----w C:\WINDOWS\$NtServicePackUninstall$\dxdiag.exe
    - 2002-08-29 03:41:24 178,688 -c----w C:\WINDOWS\$NtServicePackUninstall$\eudcedit.exe
    + 2002-08-29 03:41:24 185,344 -c----w C:\WINDOWS\$NtServicePackUninstall$\eudcedit.exe
    - 2001-08-23 12:00:00 47,616 -c----w C:\WINDOWS\$NtServicePackUninstall$\evcreate.exe
    + 2001-08-23 12:00:00 54,272 -c----w C:\WINDOWS\$NtServicePackUninstall$\evcreate.exe
    - 2001-08-23 12:00:00 47,616 -c----w C:\WINDOWS\$NtServicePackUninstall$\eventcreate.exe
    + 2001-08-23 12:00:00 54,272 -c----w C:\WINDOWS\$NtServicePackUninstall$\eventcreate.exe
    - 2001-08-23 12:00:00 22,528 -c----w C:\WINDOWS\$NtServicePackUninstall$\evntcmd.exe
    + 2001-08-23 12:00:00 29,184 -c----w C:\WINDOWS\$NtServicePackUninstall$\evntcmd.exe
    - 2001-08-23 12:00:00 84,992 -c----w C:\WINDOWS\$NtServicePackUninstall$\evntwin.exe
    + 2001-08-23 12:00:00 91,648 -c----w C:\WINDOWS\$NtServicePackUninstall$\evntwin.exe
    - 2002-08-29 03:41:24 1,004,032 -c----w C:\WINDOWS\$NtServicePackUninstall$\explorer.exe
    + 2002-08-29 03:41:24 1,010,688 -c----w C:\WINDOWS\$NtServicePackUninstall$\explorer.exe
    - 2001-08-23 12:00:00 40,960 -c----w C:\WINDOWS\$NtServicePackUninstall$\extrac32.exe
    + 2001-08-23 12:00:00 47,616 -c----w C:\WINDOWS\$NtServicePackUninstall$\extrac32.exe
    - 2001-08-23 12:00:00 25,088 -c----w C:\WINDOWS\$NtServicePackUninstall$\findstr.exe
    + 2001-08-23 12:00:00 31,744 -c----w C:\WINDOWS\$NtServicePackUninstall$\findstr.exe
    - 2002-08-29 03:41:24 19,456 -c----w C:\WINDOWS\$NtServicePackUninstall$\fontview.exe
    + 2002-08-29 03:41:24 26,112 -c----w C:\WINDOWS\$NtServicePackUninstall$\fontview.exe
    - 2002-05-14 10:08:54 14,608 -c----w C:\WINDOWS\$NtServicePackUninstall$\fp98sadm.exe
    + 2002-05-14 10:08:54 21,264 -c----w C:\WINDOWS\$NtServicePackUninstall$\fp98sadm.exe
    - 2002-05-14 10:08:54 109,328 -c----w C:\WINDOWS\$NtServicePackUninstall$\fp98swin.exe
    + 2002-05-14 10:08:54 115,984 -c----w C:\WINDOWS\$NtServicePackUninstall$\fp98swin.exe
    - 2002-05-14 10:08:54 24,632 -c----w C:\WINDOWS\$NtServicePackUninstall$\fpadmcgi.exe
    + 2002-05-14 10:08:54 32,824 -c----w C:\WINDOWS\$NtServicePackUninstall$\fpadmcgi.exe
    - 2002-05-14 10:08:54 188,494 -c----w C:\WINDOWS\$NtServicePackUninstall$\fpcount.exe
    + 2002-05-14 10:08:54 196,686 -c----w C:\WINDOWS\$NtServicePackUninstall$\fpcount.exe
    - 2002-05-14 10:08:54 20,538 -c----w C:\WINDOWS\$NtServicePackUninstall$\fpremadm.exe
    + 2002-05-14 10:08:54 28,730 -c----w C:\WINDOWS\$NtServicePackUninstall$\fpremadm.exe
    - 2002-08-29 03:41:24 40,448 -c----w C:\WINDOWS\$NtServicePackUninstall$\ftp.exe
    + 2002-08-29 03:41:24 47,104 -c----w C:\WINDOWS\$NtServicePackUninstall$\ftp.exe
    - 2002-08-29 03:41:24 130,048 -c----w C:\WINDOWS\$NtServicePackUninstall$\fxsclnt.exe
    + 2002-08-29 03:41:24 136,704 -c----w C:\WINDOWS\$NtServicePackUninstall$\fxsclnt.exe
    - 2002-08-29 03:41:24 216,064 -c----w C:\WINDOWS\$NtServicePackUninstall$\fxscover.exe
    + 2002-08-29 03:41:24 222,720 -c----w C:\WINDOWS\$NtServicePackUninstall$\fxscover.exe
    - 2002-08-29 03:41:24 250,368 -c----w C:\WINDOWS\$NtServicePackUninstall$\fxssvc.exe
    + 2002-08-29 03:41:24 257,024 -c----w C:\WINDOWS\$NtServicePackUninstall$\fxssvc.exe
    - 2002-08-29 03:41:24 113,152 -c----w C:\WINDOWS\$NtServicePackUninstall$\gpresult.exe
    + 2002-08-29 03:41:24 119,808 -c----w C:\WINDOWS\$NtServicePackUninstall$\gpresult.exe
    - 2002-08-29 03:41:24 113,152 -c----w C:\WINDOWS\$NtServicePackUninstall$\gprslt.exe
    + 2002-08-29 03:41:24 119,808 -c----w C:\WINDOWS\$NtServicePackUninstall$\gprslt.exe
    - 2001-08-23 12:00:00 37,888 -c----w C:\WINDOWS\$NtServicePackUninstall$\grpconv.exe
    + 2001-08-23 12:00:00 44,544 -c----w C:\WINDOWS\$NtServicePackUninstall$\grpconv.exe
    - 2004-03-30 01:34:15 741,376 -c----w C:\WINDOWS\$NtServicePackUninstall$\helpctr.exe
    + 2004-03-30 01:34:15 748,032 -c----w C:\WINDOWS\$NtServicePackUninstall$\helpctr.exe
    - 2002-08-29 03:41:24 703,488 -c----w C:\WINDOWS\$NtServicePackUninstall$\helpsvc.exe
    + 2002-08-29 03:41:24 710,144 -c----w C:\WINDOWS\$NtServicePackUninstall$\helpsvc.exe
    - 2002-08-29 03:41:24 10,752 -c----w C:\WINDOWS\$NtServicePackUninstall$\hh.exe
    + 2002-08-29 03:41:24 17,408 -c----w C:\WINDOWS\$NtServicePackUninstall$\hh.exe
    - 2002-08-29 03:41:24 8,704 -c----w C:\WINDOWS\$NtServicePackUninstall$\hscupd.exe
    + 2002-08-29 03:41:24 15,360 -c----w C:\WINDOWS\$NtServicePackUninstall$\hscupd.exe
    - 2002-08-29 03:41:24 208,896 -c----w C:\WINDOWS\$NtServicePackUninstall$\icwconn1.exe
    + 2002-08-29 03:41:24 215,552 -c----w C:\WINDOWS\$NtServicePackUninstall$\icwconn1.exe
    - 2001-08-23 12:00:00 77,824 -c----w C:\WINDOWS\$NtServicePackUninstall$\icwconn2.exe
    + 2001-08-23 12:00:00 86,016 -c----w C:\WINDOWS\$NtServicePackUninstall$\icwconn2.exe
    - 2001-08-23 12:00:00 24,576 -c----w C:\WINDOWS\$NtServicePackUninstall$\icwrmind.exe
    + 2001-08-23 12:00:00 32,768 -c----w C:\WINDOWS\$NtServicePackUninstall$\icwrmind.exe
    - 2002-08-29 03:41:24 28,672 -c----w C:\WINDOWS\$NtServicePackUninstall$\ie4uinit.exe
    + 2002-08-29 03:41:24 35,328 -c----w C:\WINDOWS\$NtServicePackUninstall$\ie4uinit.exe
    - 2002-08-29 03:41:26 91,136 -c----w C:\WINDOWS\$NtServicePackUninstall$\iexplore.exe
    + 2002-08-29 03:41:26 97,792 -c----w C:\WINDOWS\$NtServicePackUninstall$\iexplore.exe
    - 2001-08-23 12:00:00 99,840 -c----w C:\WINDOWS\$NtServicePackUninstall$\iexpress.exe
    + 2001-08-23 12:00:00 106,496 -c----w C:\WINDOWS\$NtServicePackUninstall$\iexpress.exe
    - 2001-08-23 12:00:00 28,160 -c----w C:\WINDOWS\$NtServicePackUninstall$\iisrstas.exe
    + 2001-08-23 12:00:00 34,816 -c----w C:\WINDOWS\$NtServicePackUninstall$\iisrstas.exe
    - 2002-08-29 03:41:26 123,904 -c----w C:\WINDOWS\$NtServicePackUninstall$\imapi.exe
    + 2002-08-29 03:41:26 130,560 -c----w C:\WINDOWS\$NtServicePackUninstall$\imapi.exe
    - 2001-08-23 12:00:00 13,824 -c----w C:\WINDOWS\$NtServicePackUninstall$\inetin51.exe
    + 2001-08-23 12:00:00 20,480 -c----w C:\WINDOWS\$NtServicePackUninstall$\inetin51.exe
    - 2001-08-23 12:00:00 20,480 -c----w C:\WINDOWS\$NtServicePackUninstall$\inetwiz.exe
    + 2001-08-23 12:00:00 28,672 -c----w C:\WINDOWS\$NtServicePackUninstall$\inetwiz.exe
    - 2002-08-29 03:41:26 51,712 -c----w C:\WINDOWS\$NtServicePackUninstall$\ipconfig.exe
    + 2002-08-29 03:41:26 58,368 -c----w C:\WINDOWS\$NtServicePackUninstall$\ipconfig.exe
    - 2002-08-29 03:41:26 60,928 -c----w C:\WINDOWS\$NtServicePackUninstall$\ipv6.exe
    + 2002-08-29 03:41:26 67,584 -c----w C:\WINDOWS\$NtServicePackUninstall$\ipv6.exe
    - 2001-08-23 12:00:00 22,016 -c----w C:\WINDOWS\$NtServicePackUninstall$\ipxroute.exe
    + 2001-08-23 12:00:00 28,672 -c----w C:\WINDOWS\$NtServicePackUninstall$\ipxroute.exe
    - 2001-08-23 12:00:00 68,096 -c----w C:\WINDOWS\$NtServicePackUninstall$\locator.exe
    + 2001-08-23 12:00:00 74,752 -c----w C:\WINDOWS\$NtServicePackUninstall$\locator.exe
    - 2001-08-23 12:00:00 55,296 -c----w C:\WINDOWS\$NtServicePackUninstall$\logman.exe
    + 2001-08-23 12:00:00 61,952 -c----w C:\WINDOWS\$NtServicePackUninstall$\logman.exe
    - 2002-08-29 03:41:28 219,648 -c----w C:\WINDOWS\$NtServicePackUninstall$\logon.scr
    + 2002-08-29 03:41:28 226,304 -c----w C:\WINDOWS\$NtServicePackUninstall$\logon.scr
    - 2002-08-29 03:41:26 504,320 -c----w C:\WINDOWS\$NtServicePackUninstall$\logonui.exe
    + 2002-08-29 03:41:26 510,976 -c----w C:\WINDOWS\$NtServicePackUninstall$\logonui.exe
    - 2002-08-29 03:41:26 11,776 -c----w C:\WINDOWS\$NtServicePackUninstall$\lsass.exe
    + 2002-08-29 03:41:26 18,432 -c----w C:\WINDOWS\$NtServicePackUninstall$\lsass.exe
    - 2001-08-23 12:00:00 67,584 -c----w C:\WINDOWS\$NtServicePackUninstall$\magnify.exe
    + 2001-08-23 12:00:00 74,240 -c----w C:\WINDOWS\$NtServicePackUninstall$\magnify.exe
    - 2001-08-23 12:00:00 79,360 -c----w C:\WINDOWS\$NtServicePackUninstall$\makecab.exe
    + 2001-08-23 12:00:00 86,016 -c----w C:\WINDOWS\$NtServicePackUninstall$\makecab.exe
    - 2002-08-29 03:41:26 98,816 -c----w C:\WINDOWS\$NtServicePackUninstall$\migload.exe
    + 2002-08-29 03:41:26 105,472 -c----w C:\WINDOWS\$NtServicePackUninstall$\migload.exe
    - 2001-08-23 12:00:00 6,656 -c----w C:\WINDOWS\$NtServicePackUninstall$\migregdb.exe
    + 2001-08-23 12:00:00 13,312 -c----w C:\WINDOWS\$NtServicePackUninstall$\migregdb.exe
    - 2002-08-29 03:41:26 230,400 -c----w C:\WINDOWS\$NtServicePackUninstall$\migwiz.exe
    + 2002-08-29 03:41:26 237,056 -c----w C:\WINDOWS\$NtServicePackUninstall$\migwiz.exe
    - 2002-08-29 03:41:26 226,816 -c----w C:\WINDOWS\$NtServicePackUninstall$\migwiz_a.exe
    + 2002-08-29 03:41:26 233,472 -c----w C:\WINDOWS\$NtServicePackUninstall$\migwiz_a.exe
    - 2001-08-23 12:00:00 774,144 -c----w C:\WINDOWS\$NtServicePackUninstall$\mmc.exe
    + 2001-08-23 12:00:00 780,800 -c----w C:\WINDOWS\$NtServicePackUninstall$\mmc.exe
    - 2001-08-23 12:00:00 32,768 -c----w C:\WINDOWS\$NtServicePackUninstall$\mnmsrvc.exe
    + 2001-08-23 12:00:00 40,960 -c----w C:\WINDOWS\$NtServicePackUninstall$\mnmsrvc.exe
    - 2001-08-23 12:00:00 135,680 -c----w C:\WINDOWS\$NtServicePackUninstall$\mobsync.exe
    + 2001-08-23 12:00:00 142,336 -c----w C:\WINDOWS\$NtServicePackUninstall$\mobsync.exe
    - 2002-08-29 03:41:26 15,360 -c----w C:\WINDOWS\$NtServicePackUninstall$\mofcomp.exe
    + 2002-08-29 03:41:26 22,016 -c----w C:\WINDOWS\$NtServicePackUninstall$\mofcomp.exe
    - 2002-08-29 03:41:26 806,969 -c----w C:\WINDOWS\$NtServicePackUninstall$\moviemk.exe
    + 2002-08-29 03:41:26 815,161 -c----w C:\WINDOWS\$NtServicePackUninstall$\moviemk.exe
    - 2002-08-29 03:41:26 116,736 -c----w C:\WINDOWS\$NtServicePackUninstall$\mplay32.exe
    + 2002-08-29 03:41:26 123,392 -c----w C:\WINDOWS\$NtServicePackUninstall$\mplay32.exe
    - 2002-08-29 03:41:26 4,639 -c----w C:\WINDOWS\$NtServicePackUninstall$\mplayer2.exe
    + 2002-08-29 03:41:26 11,295 -c----w C:\WINDOWS\$NtServicePackUninstall$\mplayer2.exe
    - 2001-08-23 12:00:00 17,408 -c----w C:\WINDOWS\$NtServicePackUninstall$\mqbkup.exe
    + 2001-08-23 12:00:00 24,064 -c----w C:\WINDOWS\$NtServicePackUninstall$\mqbkup.exe
    - 2001-08-23 12:00:00 4,608 -c----w C:\WINDOWS\$NtServicePackUninstall$\mqsvc.exe
    + 2001-08-23 12:00:00 11,264 -c----w C:\WINDOWS\$NtServicePackUninstall$\mqsvc.exe
    - 2001-08-23 12:00:00 97,792 -c----w C:\WINDOWS\$NtServicePackUninstall$\mqtgsvc.exe
    + 2001-08-23 12:00:00 104,448 -c----w C:\WINDOWS\$NtServicePackUninstall$\mqtgsvc.exe
    - 2002-08-29 03:41:26 145,408 -c----w C:\WINDOWS\$NtServicePackUninstall$\msconfig.exe
    + 2002-08-29 03:41:26 152,064 -c----w C:\WINDOWS\$NtServicePackUninstall$\msconfig.exe
    - 2001-08-23 12:00:00 6,144 -c----w C:\WINDOWS\$NtServicePackUninstall$\msdtc.exe
    + 2001-08-23 12:00:00 12,800 -c----w C:\WINDOWS\$NtServicePackUninstall$\msdtc.exe
    - 2001-08-23 12:00:00 24,064 -c----w C:\WINDOWS\$NtServicePackUninstall$\mshta.exe
    + 2001-08-23 12:00:00 30,720 -c----w C:\WINDOWS\$NtServicePackUninstall$\mshta.exe
    - 2002-08-29 03:41:26 64,512 -c----w C:\WINDOWS\$NtServicePackUninstall$\msiexec.exe
    + 2002-08-29 03:41:26 71,168 -c----w C:\WINDOWS\$NtServicePackUninstall$\msiexec.exe
    - 2002-08-29 03:41:26 57,344 -c----w C:\WINDOWS\$NtServicePackUninstall$\msimn.exe
    + 2002-08-29 03:41:26 64,000 -c----w C:\WINDOWS\$NtServicePackUninstall$\msimn.exe
    - 2001-08-23 12:00:00 34,816 -c----w C:\WINDOWS\$NtServicePackUninstall$\msiregmv.exe
    + 2001-08-23 12:00:00 41,472 -c----w C:\WINDOWS\$NtServicePackUninstall$\msiregmv.exe
    - 2002-08-20 13:08:38 1,511,453 -c----w C:\WINDOWS\$NtServicePackUninstall$\msmsgs.exe
    + 2002-08-20 13:08:38 1,519,645 -c----w C:\WINDOWS\$NtServicePackUninstall$\msmsgs.exe
    - 2002-08-29 03:41:26 339,968 -c----w C:\WINDOWS\$NtServicePackUninstall$\mspaint.exe
    + 2002-08-29 03:41:26 346,624 -c----w C:\WINDOWS\$NtServicePackUninstall$\mspaint.exe
    - 2002-08-29 03:41:26 9,728 -c----w C:\WINDOWS\$NtServicePackUninstall$\mstinit.exe
    + 2002-08-29 03:41:26 16,384 -c----w C:\WINDOWS\$NtServicePackUninstall$\mstinit.exe
    - 2002-08-29 01:40:46 388,608 -c----w C:\WINDOWS\$NtServicePackUninstall$\mstsc.exe
    + 2002-08-29 01:40:46 395,264 -c----w C:\WINDOWS\$NtServicePackUninstall$\mstsc.exe
    - 2002-08-29 03:41:26 84,992 -c----w C:\WINDOWS\$NtServicePackUninstall$\muisetup.exe
    + 2002-08-29 03:41:26 91,648 -c----w C:\WINDOWS\$NtServicePackUninstall$\muisetup.exe
    - 2001-08-23 12:00:00 51,200 -c----w C:\WINDOWS\$NtServicePackUninstall$\narrator.exe
    + 2001-08-23 12:00:00 57,856 -c----w C:\WINDOWS\$NtServicePackUninstall$\narrator.exe
    - 2001-08-23 12:00:00 4,096 -c----w C:\WINDOWS\$NtServicePackUninstall$\nddeapir.exe
    + 2001-08-23 12:00:00 10,752 -c----w C:\WINDOWS\$NtServicePackUninstall$\nddeapir.exe
    - 2002-08-29 03:41:26 39,424 -c----w C:\WINDOWS\$NtServicePackUninstall$\net.exe
    + 2002-08-29 03:41:26 46,080 -c----w C:\WINDOWS\$NtServicePackUninstall$\net.exe
    - 2002-08-29 03:41:28 115,200 -c----w C:\WINDOWS\$NtServicePackUninstall$\net1.exe
    + 2002-08-29 03:41:28 121,856 -c----w C:\WINDOWS\$NtServicePackUninstall$\net1.exe
    - 2002-08-29 03:41:28 105,984 -c----w C:\WINDOWS\$NtServicePackUninstall$\netdde.exe
    + 2002-08-29 03:41:28 112,640 -c----w C:\WINDOWS\$NtServicePackUninstall$\netdde.exe
    - 2002-08-29 03:48:26 326,656 -c----w C:\WINDOWS\$NtServicePackUninstall$\netsetup.exe
    + 2002-08-29 03:48:26 334,336 -c----w C:\WINDOWS\$NtServicePackUninstall$\netsetup.exe
    - 2001-08-23 12:00:00 82,944 -c----w C:\WINDOWS\$NtServicePackUninstall$\netsh.exe
    + 2001-08-23 12:00:00 89,600 -c----w C:\WINDOWS\$NtServicePackUninstall$\netsh.exe
    - 2001-08-23 12:00:00 30,720 -c----w C:\WINDOWS\$NtServicePackUninstall$\netstat.exe
    + 2001-08-23 12:00:00 37,376 -c----w C:\WINDOWS\$NtServicePackUninstall$\netstat.exe
    - 2001-08-23 12:00:00 66,048 -c----w C:\WINDOWS\$NtServicePackUninstall$\notepad.exe
    + 2001-08-23 12:00:00 72,704 -c----w C:\WINDOWS\$NtServicePackUninstall$\notepad.exe
    - 2002-08-29 03:41:28 13,824 -c----w C:\WINDOWS\$NtServicePackUninstall$\nppagent.exe
    + 2002-08-29 03:41:28 20,480 -c----w C:\WINDOWS\$NtServicePackUninstall$\nppagent.exe
    - 2001-08-23 12:00:00 71,680 -c----w C:\WINDOWS\$NtServicePackUninstall$\nslookup.exe
    + 2001-08-23 12:00:00 78,336 -c----w C:\WINDOWS\$NtServicePackUninstall$\nslookup.exe
    - 2001-08-23 12:00:00 1,135,616 -c----w C:\WINDOWS\$NtServicePackUninstall$\ntbackup.exe
    + 2001-08-23 12:00:00 1,142,272 -c----w C:\WINDOWS\$NtServicePackUninstall$\ntbackup.exe
    - 2002-08-29 03:41:28 395,776 -c----w C:\WINDOWS\$NtServicePackUninstall$\ntvdm.exe
    + 2002-08-29 03:41:28 402,432 -c----w C:\WINDOWS\$NtServicePackUninstall$\ntvdm.exe
    - 2002-08-29 03:41:28 32,768 -c----w C:\WINDOWS\$NtServicePackUninstall$\odbcad32.exe
    + 2002-08-29 03:41:28 40,960 -c----w C:\WINDOWS\$NtServicePackUninstall$\odbcad32.exe
    - 2002-08-29 03:41:28 53,248 -c----w C:\WINDOWS\$NtServicePackUninstall$\odbcconf.exe
    + 2002-08-29 03:41:28 61,440 -c----w C:\WINDOWS\$NtServicePackUninstall$\odbcconf.exe
    - 2001-08-23 12:00:00 55,808 -c----w C:\WINDOWS\$NtServicePackUninstall$\oemig50.exe
    + 2001-08-23 12:00:00 62,464 -c----w C:\WINDOWS\$NtServicePackUninstall$\oemig50.exe
    - 2002-08-29 03:41:28 49,664 -c----w C:\WINDOWS\$NtServicePackUninstall$\oobebaln.exe
    + 2002-08-29 03:41:28 56,320 -c----w C:\WINDOWS\$NtServicePackUninstall$\oobebaln.exe
    - 2001-08-23 12:00:00 61,440 -c----w C:\WINDOWS\$NtServicePackUninstall$\openfiles.exe
    + 2001-08-23 12:00:00 68,096 -c----w C:\WINDOWS\$NtServicePackUninstall$\openfiles.exe
    - 2001-08-23 12:00:00 61,440 -c----w C:\WINDOWS\$NtServicePackUninstall$\opnfiles.exe
    + 2001-08-23 12:00:00 68,096 -c----w C:\WINDOWS\$NtServicePackUninstall$\opnfiles.exe
    - 2002-08-29 03:41:28 212,480 -c----w C:\WINDOWS\$NtServicePackUninstall$\osk.exe
    + 2002-08-29 03:41:28 219,136 -c----w C:\WINDOWS\$NtServicePackUninstall$\osk.exe
    - 2002-08-29 03:41:28 53,248 -c----w C:\WINDOWS\$NtServicePackUninstall$\packager.exe
    + 2002-08-29 03:41:28 59,904 -c----w C:\WINDOWS\$NtServicePackUninstall$\packager.exe
    - 2001-08-23 12:00:00 14,336 -c----w C:\WINDOWS\$NtServicePackUninstall$\perfmon.exe
    + 2001-08-23 12:00:00 20,992 -c----w C:\WINDOWS\$NtServicePackUninstall$\perfmon.exe
    - 2001-08-23 12:00:00 272,896 -c----w C:\WINDOWS\$NtServicePackUninstall$\pinball.exe
    + 2001-08-23 12:00:00 279,552 -c----w C:\WINDOWS\$NtServicePackUninstall$\pinball.exe
    - 2002-08-29 03:41:28 16,384 -c----w C:\WINDOWS\$NtServicePackUninstall$\ping.exe
    + 2002-08-29 03:41:28 23,040 -c----w C:\WINDOWS\$NtServicePackUninstall$\ping.exe
    - 2001-08-23 12:00:00 205,824 -c----w C:\WINDOWS\$NtServicePackUninstall$\progman.exe
    + 2001-08-23 12:00:00 212,480 -c----w C:\WINDOWS\$NtServicePackUninstall$\progman.exe
    - 2001-08-23 12:00:00 45,056 -c----w C:\WINDOWS\$NtServicePackUninstall$\proquota.exe
    + 2001-08-23 12:00:00 51,712 -c----w C:\WINDOWS\$NtServicePackUninstall$\proquota.exe
    - 2001-08-23 12:00:00 23,040 -c----w C:\WINDOWS\$NtServicePackUninstall$\proxycfg.exe
    + 2001-08-23 12:00:00 29,696 -c----w C:\WINDOWS\$NtServicePackUninstall$\proxycfg.exe
    - 2001-08-23 12:00:00 18,432 -c----w C:\WINDOWS\$NtServicePackUninstall$\qprocess.exe
    + 2001-08-23 12:00:00 25,088 -c----w C:\WINDOWS\$NtServicePackUninstall$\qprocess.exe
    - 2001-08-23 12:00:00 54,272 -c----w C:\WINDOWS\$NtServicePackUninstall$\rasphone.exe
    + 2001-08-23 12:00:00 60,928 -c----w C:\WINDOWS\$NtServicePackUninstall$\rasphone.exe
    - 2002-08-29 03:41:28 34,304 -c----w C:\WINDOWS\$NtServicePackUninstall$\rcimlby.exe
    + 2002-08-29 03:41:28 40,960 -c----w C:\WINDOWS\$NtServicePackUninstall$\rcimlby.exe
    - 2001-08-23 12:00:00 19,968 -c----w C:\WINDOWS\$NtServicePackUninstall$\rcp.exe
    + 2001-08-23 12:00:00 26,624 -c----w C:\WINDOWS\$NtServicePackUninstall$\rcp.exe
    - 2002-08-29 03:41:28 44,032 -c----w C:\WINDOWS\$NtServicePackUninstall$\rdpclip.exe
    + 2002-08-29 03:41:28 50,688 -c----w C:\WINDOWS\$NtServicePackUninstall$\rdpclip.exe
    - 2002-08-29 03:41:28 12,288 -c----w C:\WINDOWS\$NtServicePackUninstall$\rdsaddin.exe
    + 2002-08-29 03:41:28 18,944 -c----w C:\WINDOWS\$NtServicePackUninstall$\rdsaddin.exe
    - 2001-08-23 12:00:00 61,952 -c----w C:\WINDOWS\$NtServicePackUninstall$\rdshost.exe
    + 2001-08-23 12:00:00 68,608 -c----w C:\WINDOWS\$NtServicePackUninstall$\rdshost.exe
    - 2002-08-29 03:41:28 48,128 -c----w C:\WINDOWS\$NtServicePackUninstall$\reg.exe
    + 2002-08-29 03:41:28 54,784 -c----w C:\WINDOWS\$NtServicePackUninstall$\reg.exe
    - 2002-08-29 03:41:28 134,144 -c----w C:\WINDOWS\$NtServicePackUninstall$\regedit.exe
    + 2002-08-29 03:41:28 140,800 -c----w C:\WINDOWS\$NtServicePackUninstall$\regedit.exe
    - 2001-08-23 12:00:00 9,728 -c----w C:\WINDOWS\$NtServicePackUninstall$\regsvr32.exe
    + 2001-08-23 12:00:00 16,384 -c----w C:\WINDOWS\$NtServicePackUninstall$\regsvr32.exe
    - 2001-08-23 12:00:00 11,776 -c----w C:\WINDOWS\$NtServicePackUninstall$\rexec.exe
    + 2001-08-23 12:00:00 18,432 -c----w C:\WINDOWS\$NtServicePackUninstall$\rexec.exe
    - 2001-08-23 12:00:00 13,312 -c----w C:\WINDOWS\$NtServicePackUninstall$\rsh.exe
    + 2001-08-23 12:00:00 19,968 -c----w C:\WINDOWS\$NtServicePackUninstall$\rsh.exe
    - 2002-08-29 03:41:28 103,936 -c----w C:\WINDOWS\$NtServicePackUninstall$\rsnotify.exe
    + 2002-08-29 03:41:28 110,592 -c----w C:\WINDOWS\$NtServicePackUninstall$\rsnotify.exe
    - 2002-08-29 03:41:28 370,688 -c----w C:\WINDOWS\$NtServicePackUninstall$\rstrui.exe
    + 2002-08-29 03:41:28 377,344 -c----w C:\WINDOWS\$NtServicePackUninstall$\rstrui.exe
    - 2002-08-29 03:41:28 74,240 -c----w C:\WINDOWS\$NtServicePackUninstall$\rtcshare.exe
    + 2002-08-29 03:41:28 80,896 -c----w C:\WINDOWS\$NtServicePackUninstall$\rtcshare.exe
    - 2001-08-23 12:00:00 31,744 -c----w C:\WINDOWS\$NtServicePackUninstall$\rundll32.exe
    + 2001-08-23 12:00:00 38,400 -c----w C:\WINDOWS\$NtServicePackUninstall$\rundll32.exe
    - 2002-08-29 03:41:28 12,800 -c----w C:\WINDOWS\$NtServicePackUninstall$\runonce.exe
    + 2002-08-29 03:41:28 19,456 -c----w C:\WINDOWS\$NtServicePackUninstall$\runonce.exe
    - 2002-08-29 03:41:28 19,456 -c----w C:\WINDOWS\$NtServicePackUninstall$\savedump.exe
    + 2002-08-29 03:41:28 26,112 -c----w C:\WINDOWS\$NtServicePackUninstall$\savedump.exe
    - 2001-08-23 12:00:00 93,184 -c----w C:\WINDOWS\$NtServicePackUninstall$\scardsvr.exe
    + 2001-08-23 12:00:00 99,840 -c----w C:\WINDOWS\$NtServicePackUninstall$\scardsvr.exe
    - 2002-08-29 03:41:28 113,664 -c----w C:\WINDOWS\$NtServicePackUninstall$\schtasks.exe
    + 2002-08-29 03:41:28 120,320 -c----w C:\WINDOWS\$NtServicePackUninstall$\schtasks.exe
    - 2001-08-23 12:00:00 33,792 -c----w C:\WINDOWS\$NtServicePackUninstall$\scrcons.exe
    + 2001-08-23 12:00:00 40,448 -c----w C:\WINDOWS\$NtServicePackUninstall$\scrcons.exe
    - 2002-08-29 03:41:30 8,192 -c----w C:\WINDOWS\$NtServicePackUninstall$\scrnsave.scr
    + 2002-08-29 03:41:30 14,848 -c----w C:\WINDOWS\$NtServicePackUninstall$\scrnsave.scr
    - 2002-08-29 03:41:28 113,664 -c----w C:\WINDOWS\$NtServicePackUninstall$\sctasks.exe
    + 2002-08-29 03:41:28 120,320 -c----w C:\WINDOWS\$NtServicePackUninstall$\sctasks.exe
    - 2002-08-29 03:41:28 71,168 -c----w C:\WINDOWS\$NtServicePackUninstall$\sdbinst.exe
    + 2002-08-29 03:41:28 77,824 -c----w C:\WINDOWS\$NtServicePackUninstall$\sdbinst.exe
    - 2001-08-23 12:00:00 16,896 -c----w C:\WINDOWS\$NtServicePackUninstall$\secedit.exe
    + 2001-08-23 12:00:00 23,552 -c----w C:\WINDOWS\$NtServicePackUninstall$\secedit.exe
    - 2001-08-23 12:00:00 101,376 -c----w C:\WINDOWS\$NtServicePackUninstall$\services.exe
    + 2001-08-23 12:00:00 108,032 -c----w C:\WINDOWS\$NtServicePackUninstall$\services.exe
    - 2002-08-29 03:41:28 129,024 -c----w C:\WINDOWS\$NtServicePackUninstall$\sessmgr.exe
    + 2002-08-29 03:41:28 135,680 -c----w C:\WINDOWS\$NtServicePackUninstall$\sessmgr.exe
    - 2001-08-23 12:00:00 28,672 -c----w C:\WINDOWS\$NtServicePackUninstall$\sethc.exe
    + 2001-08-23 12:00:00 35,328 -c----w C:\WINDOWS\$NtServicePackUninstall$\sethc.exe
    - 2002-08-29 03:41:28 20,992 -c----w C:\WINDOWS\$NtServicePackUninstall$\setup.exe
    + 2002-08-29 03:41:28 27,648 -c----w C:\WINDOWS\$NtServicePackUninstall$\setup.exe
    - 2002-08-29 03:41:28 67,584 -c----w C:\WINDOWS\$NtServicePackUninstall$\setup50.exe
    + 2002-08-29 03:41:28 74,240 -c----w C:\WINDOWS\$NtServicePackUninstall$\setup50.exe
    - 2002-08-29 03:41:28 33,280 -c----w C:\WINDOWS\$NtServicePackUninstall$\shmgrate.exe
    + 2002-08-29 03:41:28 39,936 -c----w C:\WINDOWS\$NtServicePackUninstall$\shmgrate.exe
    - 2001-08-23 12:00:00 69,632 -c----w C:\WINDOWS\$NtServicePackUninstall$\shrpubw.exe
    + 2001-08-23 12:00:00 76,288 -c----w C:\WINDOWS\$NtServicePackUninstall$\shrpubw.exe
    - 2002-05-14 10:08:54 16,437 -c----w C:\WINDOWS\$NtServicePackUninstall$\shtml.exe
    + 2002-05-14 10:08:54 24,629 -c----w C:\WINDOWS\$NtServicePackUninstall$\shtml.exe
    - 2001-08-23 12:00:00 17,920 -c----w C:\WINDOWS\$NtServicePackUninstall$\shutdown.exe
    + 2001-08-23 12:00:00 24,576 -c----w C:\WINDOWS\$NtServicePackUninstall$\shutdown.exe
    - 2002-08-29 03:41:28 66,048 -c----w C:\WINDOWS\$NtServicePackUninstall$\sigverif.exe
    + 2002-08-29 03:41:28 72,704 -c----w C:\WINDOWS\$NtServicePackUninstall$\sigverif.exe
    - 2002-08-29 03:41:28 24,064 -c----w C:\WINDOWS\$NtServicePackUninstall$\skeys.exe
    + 2002-08-29 03:41:28 30,720 -c----w C:\WINDOWS\$NtServicePackUninstall$\skeys.exe
    - 2002-08-29 03:41:28 226,304 -c----w C:\WINDOWS\$NtServicePackUninstall$\smi2smir.exe
    + 2002-08-29 03:41:28 232,960 -c----w C:\WINDOWS\$NtServicePackUninstall$\smi2smir.exe
    - 2002-08-29 03:41:28 82,944 -c----w C:\WINDOWS\$NtServicePackUninstall$\smlogsvc.exe
    + 2002-08-29 03:41:28 89,600 -c----w C:\WINDOWS\$NtServicePackUninstall$\smlogsvc.exe
    - 2001-08-23 12:00:00 124,416 -c----w C:\WINDOWS\$NtServicePackUninstall$\sndrec32.exe
    + 2001-08-23 12:00:00 131,072 -c----w C:\WINDOWS\$NtServicePackUninstall$\sndrec32.exe
    - 2002-08-29 03:41:28 29,696 -c----w C:\WINDOWS\$NtServicePackUninstall$\snmp.exe
    + 2002-08-29 03:41:28 36,352 -c----w C:\WINDOWS\$NtServicePackUninstall$\snmp.exe
    - 2001-08-23 12:00:00 8,192 -c----w C:\WINDOWS\$NtServicePackUninstall$\snmptrap.exe
    + 2001-08-23 12:00:00 14,848 -c----w C:\WINDOWS\$NtServicePackUninstall$\snmptrap.exe
    - 2002-08-29 03:41:28 534,016 -c----w C:\WINDOWS\$NtServicePackUninstall$\spider.exe
    + 2002-08-29 03:41:28 540,672 -c----w C:\WINDOWS\$NtServicePackUninstall$\spider.exe
    - 2002-08-29 01:48:14 10,752 -c----w C:\WINDOWS\$NtServicePackUninstall$\spiisupd.exe
    + 2002-08-29 01:48:14 17,408 -c----w C:\WINDOWS\$NtServicePackUninstall$\spiisupd.exe
    - 2001-08-23 12:00:00 51,200 -c----w C:\WINDOWS\$NtServicePackUninstall$\spoolsv.exe
    + 2001-08-23 12:00:00 57,856 -c----w C:\WINDOWS\$NtServicePackUninstall$\spoolsv.exe
    - 2004-08-03 21:42:32 170,496 -c----w C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe
    + 2004-08-03 21:42:32 177,152 -c----w C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe
    - 2002-08-29 03:41:30 667,648 -c----w C:\WINDOWS\$NtServicePackUninstall$\ss3dfo.scr
    + 2002-08-29 03:41:30 675,840 -c----w C:\WINDOWS\$NtServicePackUninstall$\ss3dfo.scr
    - 2002-08-29 03:41:30 18,944 -c----w C:\WINDOWS\$NtServicePackUninstall$\ssbezier.scr
    + 2002-08-29 03:41:30 25,600 -c----w C:\WINDOWS\$NtServicePackUninstall$\ssbezier.scr
    - 2002-08-29 03:41:30 364,544 -c----w C:\WINDOWS\$NtServicePackUninstall$\ssflwbox.scr
    + 2002-08-29 03:41:30 372,736 -c----w C:\WINDOWS\$NtServicePackUninstall$\ssflwbox.scr
    - 2002-08-29 03:41:30 19,456 -c----w C:\WINDOWS\$NtServicePackUninstall$\ssmarque.scr
    + 2002-08-29 03:41:30 26,112 -c----w C:\WINDOWS\$NtServicePackUninstall$\ssmarque.scr
    - 2001-08-23 12:00:00 43,008 -c----w C:\WINDOWS\$NtServicePackUninstall$\ssmypics.scr
    + 2001-08-23 12:00:00 49,664 -c----w C:\WINDOWS\$NtServicePackUninstall$\ssmypics.scr
    - 2002-08-29 03:41:30 17,408 -c----w C:\WINDOWS\$NtServicePackUninstall$\ssmyst.scr
    + 2002-08-29 03:41:30 24,064 -c----w C:\WINDOWS\$NtServicePackUninstall$\ssmyst.scr
    - 2002-08-29 03:41:32 569,344 -c----w C:\WINDOWS\$NtServicePackUninstall$\sspipes.scr
    + 2002-08-29 03:41:32 577,536 -c----w C:\WINDOWS\$NtServicePackUninstall$\sspipes.scr
    - 2002-08-29 03:41:32 13,312 -c----w C:\WINDOWS\$NtServicePackUninstall$\ssstars.scr
    + 2002-08-29 03:41:32 19,968 -c----w C:\WINDOWS\$NtServicePackUninstall$\ssstars.scr
    - 2002-08-29 03:41:32 638,976 -c----w C:\WINDOWS\$NtServicePackUninstall$\sstext3d.scr
    + 2002-08-29 03:41:32 647,168 -c----w C:\WINDOWS\$NtServicePackUninstall$\sstext3d.scr
    - 2001-08-23 12:00:00 20,480 -c----w C:\WINDOWS\$NtServicePackUninstall$\stimon.exe
    + 2001-08-23 12:00:00 27,136 -c----w C:\WINDOWS\$NtServicePackUninstall$\stimon.exe
    - 2001-08-23 12:00:00 12,800 -c----w C:\WINDOWS\$NtServicePackUninstall$\svchost.exe
    + 2001-08-23 12:00:00 19,456 -c----w C:\WINDOWS\$NtServicePackUninstall$\svchost.exe
    - 2001-08-23 12:00:00 103,936 -c----w C:\WINDOWS\$NtServicePackUninstall$\sysocmgr.exe
    + 2001-08-23 12:00:00 110,592 -c----w C:\WINDOWS\$NtServicePackUninstall$\sysocmgr.exe
    - 2002-08-29 03:41:28 128,512 -c----w C:\WINDOWS\$NtServicePackUninstall$\taskmgr.exe
    + 2002-08-29 03:41:28 135,168 -c----w C:\WINDOWS\$NtServicePackUninstall$\taskmgr.exe
    - 2002-05-14 10:08:54 32,827 -c----w C:\WINDOWS\$NtServicePackUninstall$\tcptest.exe
    + 2002-05-14 10:08:54 41,019 -c----w C:\WINDOWS\$NtServicePackUninstall$\tcptest.exe
    - 2002-08-29 03:41:28 71,168 -c----w C:\WINDOWS\$NtServicePackUninstall$\telnet.exe
    + 2002-08-29 03:41:28 77,824 -c----w C:\WINDOWS\$NtServicePackUninstall$\telnet.exe
    - 2002-08-29 03:41:28 57,856 -c----w C:\WINDOWS\$NtServicePackUninstall$\tlntadmn.exe
    + 2002-08-29 03:41:28 64,512 -c----w C:\WINDOWS\$NtServicePackUninstall$\tlntadmn.exe
    - 2002-08-29 03:41:28 73,728 -c----w C:\WINDOWS\$NtServicePackUninstall$\tlntsess.exe
    + 2002-08-29 03:41:28 80,384 -c----w C:\WINDOWS\$NtServicePackUninstall$\tlntsess.exe
    - 2002-08-29 03:41:28 67,584 -c----w C:\WINDOWS\$NtServicePackUninstall$\tlntsvr.exe
    + 2002-08-29 03:41:28 74,240 -c----w C:\WINDOWS\$NtServicePackUninstall$\tlntsvr.exe
    - 2001-08-23 12:00:00 346,624 -c----w C:\WINDOWS\$NtServicePackUninstall$\tourstart.exe
    + 2001-08-23 12:00:00 353,280 -c----w C:\WINDOWS\$NtServicePackUninstall$\tourstart.exe
    - 2001-08-23 12:00:00 346,624 -c----w C:\WINDOWS\$NtServicePackUninstall$\tourstrt.exe
    + 2001-08-23 12:00:00 353,280 -c----w C:\WINDOWS\$NtServicePackUninstall$\tourstrt.exe
    - 2002-08-29 03:41:28 231,936 -c----w C:\WINDOWS\$NtServicePackUninstall$\tracerpt.exe
    + 2002-08-29 03:41:28 238,592 -c----w C:\WINDOWS\$NtServicePackUninstall$\tracerpt.exe
    - 2002-08-29 03:41:28 10,752 -c----w C:\WINDOWS\$NtServicePackUninstall$\tracert.exe
    + 2002-08-29 03:41:28 17,408 -c----w C:\WINDOWS\$NtServicePackUninstall$\tracert.exe
    - 2002-08-29 01:40:46 40,960 -c----w C:\WINDOWS\$NtServicePackUninstall$\tscupgrd.exe
    + 2002-08-29 01:40:46 47,616 -c----w C:\WINDOWS\$NtServicePackUninstall$\tscupgrd.exe
    - 2001-08-23 12:00:00 138,752 -c----w C:\WINDOWS\$NtServicePackUninstall$\uploadm.exe
    + 2001-08-23 12:00:00 145,408 -c----w C:\WINDOWS\$NtServicePackUninstall$\uploadm.exe
    - 2001-08-23 12:00:00 14,848 -c----w C:\WINDOWS\$NtServicePackUninstall$\upnpcont.exe
    + 2001-08-23 12:00:00 21,504 -c----w C:\WINDOWS\$NtServicePackUninstall$\upnpcont.exe
    - 2002-08-29 03:41:28 16,384 -c----w C:\WINDOWS\$NtServicePackUninstall$\ups.exe
    + 2002-08-29 03:41:28 23,040 -c----w C:\WINDOWS\$NtServicePackUninstall$\ups.exe
    - 2002-08-29 03:41:28 22,016 -c----w C:\WINDOWS\$NtServicePackUninstall$\userinit.exe
    + 2002-08-29 03:41:28 28,672 -c----w C:\WINDOWS\$NtServicePackUninstall$\userinit.exe
    - 2002-08-29 03:41:28 47,616 -c----w C:\WINDOWS\$NtServicePackUninstall$\utilman.exe
    + 2002-08-29 03:41:28 54,272 -c----w C:\WINDOWS\$NtServicePackUninstall$\utilman.exe
    - 2001-08-23 12:00:00 275,456 -c----w C:\WINDOWS\$NtServicePackUninstall$\vssvc.exe
    + 2001-08-23 12:00:00 282,112 -c----w C:\WINDOWS\$NtServicePackUninstall$\vssvc.exe
    - 2001-08-23 12:00:00 43,008 -c----w C:\WINDOWS\$NtServicePackUninstall$\wab.exe
    + 2001-08-23 12:00:00 49,664 -c----w C:\WINDOWS\$NtServicePackUninstall$\wab.exe
    - 2001-08-23 12:00:00 27,648 -c----w C:\WINDOWS\$NtServicePackUninstall$\wabmig.exe
    + 2001-08-23 12:00:00 34,304 -c----w C:\WINDOWS\$NtServicePackUninstall$\wabmig.exe
    - 2001-08-23 12:00:00 157,696 -c----w C:\WINDOWS\$NtServicePackUninstall$\wbemtest.exe
    + 2001-08-23 12:00:00 164,352 -c----w C:\WINDOWS\$NtServicePackUninstall$\wbemtest.exe
    - 2002-08-29 03:41:28 60,416 -c----w C:\WINDOWS\$NtServicePackUninstall$\wextract.exe
    + 2002-08-29 03:41:28 67,072 -c----w C:\WINDOWS\$NtServicePackUninstall$\wextract.exe
    - 2001-08-23 12:00:00 414,720 -c----w C:\WINDOWS\$NtServicePackUninstall$\wiaacmgr.exe
    + 2001-08-23 12:00:00 421,376 -c----w C:\WINDOWS\$NtServicePackUninstall$\wiaacmgr.exe
    - 2002-08-29 03:41:28 266,752 -c----w C:\WINDOWS\$NtServicePackUninstall$\winhlp32.exe
    + 2002-08-29 03:41:28 273,408 -c----w C:\WINDOWS\$NtServicePackUninstall$\winhlp32.exe
    - 2002-08-29 03:41:28 516,608 -c----w C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe
    + 2002-08-29 03:41:28 523,264 -c----w C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe
    - 2001-08-23 12:00:00 4,096 -c----w C:\WINDOWS\$NtServicePackUninstall$\winver.exe
    + 2001-08-23 12:00:00 10,752 -c----w C:\WINDOWS\$NtServicePackUninstall$\winver.exe
    - 2001-08-23 12:00:00 183,808 -c----w C:\WINDOWS\$NtServicePackUninstall$\wmiadap.exe
    + 2001-08-23 12:00:00 190,464 -c----w C:\WINDOWS\$NtServicePackUninstall$\wmiadap.exe
    - 2001-08-23 12:00:00 117,248 -c----w C:\WINDOWS\$NtServicePackUninstall$\wmiapsrv.exe
    + 2001-08-23 12:00:00 123,904 -c----w C:\WINDOWS\$NtServicePackUninstall$\wmiapsrv.exe
    - 2002-08-29 03:41:28 329,216 -c----w C:\WINDOWS\$NtServicePackUninstall$\wmic.exe
    + 2002-08-29 03:41:28 335,872 -c----w C:\WINDOWS\$NtServicePackUninstall$\wmic.exe
    - 2002-08-29 03:41:28 203,776 -c----w C:\WINDOWS\$NtServicePackUninstall$\wmiprvse.exe
    + 2002-08-29 03:41:28 210,432 -c----w C:\WINDOWS\$NtServicePackUninstall$\wmiprvse.exe
    - 2002-08-29 03:41:28 200,704 -c----w C:\WINDOWS\$NtServicePackUninstall$\wordpad.exe
    + 2002-08-29 03:41:28 207,360 -c----w C:\WINDOWS\$NtServicePackUninstall$\wordpad.exe
    - 2001-08-23 12:00:00 31,232 -c----w C:\WINDOWS\$NtServicePackUninstall$\wpabaln.exe
    + 2001-08-23 12:00:00 37,888 -c----w C:\WINDOWS\$NtServicePackUninstall$\wpabaln.exe
    - 2001-08-23 12:00:00 29,184 -c----w C:\WINDOWS\$NtServicePackUninstall$\wpnpinst.exe
    + 2001-08-23 12:00:00 35,840 -c----w C:\WINDOWS\$NtServicePackUninstall$\wpnpinst.exe
    - 2001-08-23 12:00:00 118,834 -c----w C:\WINDOWS\$NtServicePackUninstall$\wscript.exe
    + 2001-08-23 12:00:00 127,026 -c----w C:\WINDOWS\$NtServicePackUninstall$\wscript.exe
    - 2002-08-29 03:41:28 139,776 -c----w C:\WINDOWS\$NtServicePackUninstall$\wuauclt.exe
    + 2002-08-29 03:41:28 146,432 -c----w C:\WINDOWS\$NtServicePackUninstall$\wuauclt.exe
    - 2001-08-23 12:00:00 28,160 -c----w C:\WINDOWS\$NtServicePackUninstall$\xcopy.exe
    + 2001-08-23 12:00:00 34,816 -c----w C:\WINDOWS\$NtServicePackUninstall$\xcopy.exe
    - 2003-05-11 14:26:34 89,088 -c----w C:\WINDOWS\$NtUninstallKB823980$\spuninst\spuninst.exe
    + 2003-05-11 14:26:34 95,744 -c----w C:\WINDOWS\$NtUninstallKB823980$\spuninst\spuninst.exe
    - 2003-08-02 04:14:56 100,352 -c----w C:\WINDOWS\$NtUninstallKB824146$\spuninst\spuninst.exe
    + 2003-08-02 04:14:56 107,008 -c----w C:\WINDOWS\$NtUninstallKB824146$\spuninst\spuninst.exe
    - 2003-10-14 06:50:14 140,800 -c----w C:\WINDOWS\$NtUninstallKB828035$\spuninst\spuninst.exe
    + 2003-10-14 06:50:14 147,456 -c----w C:\WINDOWS\$NtUninstallKB828035$\spuninst\spuninst.exe
    - 2004-01-10 05:11:06 140,800 -c----w C:\WINDOWS\$NtUninstallKB835732$\spuninst\spuninst.exe
    + 2004-01-10 05:11:06 147,456 -c----w C:\WINDOWS\$NtUninstallKB835732$\spuninst\spuninst.exe
    - 2008-05-22 19:13:25 2,048 ----a-w C:\WINDOWS\bootstat.dat
    + 2008-05-26 19:14:22 2,048 ----a-w C:\WINDOWS\bootstat.dat
    - 2003-05-19 19:33:54 217,088 ----a-r C:\WINDOWS\Cache\Adobe Reader 6\setup.exe
    + 2003-05-19 19:33:54 225,280 ----a-r C:\WINDOWS\Cache\Adobe Reader 6\setup.exe
    - 2004-07-13 20:12:38 69,632 ------w C:\WINDOWS\erase_SR.exe
    + 2004-07-13 20:12:38 83,784 ------w C:\WINDOWS\erase_SR.exe
    - 2005-10-20 18:02:28 163,328 ----a-w C:\WINDOWS\erdnt\subs\ERDNT.EXE
    + 2005-10-20 18:02:28 173,568 ----a-w C:\WINDOWS\erdnt\subs\ERDNT.EXE
    - 2000-08-31 06:00:00 89,504 ----a-w C:\WINDOWS\fdsv.exe
    + 2000-08-31 06:00:00 97,696 ----a-w C:\WINDOWS\fdsv.exe
    - 2000-08-31 06:00:00 80,412 ----a-w C:\WINDOWS\grep.exe
    + 2000-08-31 06:00:00 87,068 ----a-w C:\WINDOWS\grep.exe
    - 2005-09-06 08:42:59 49,152 ----a-r C:\WINDOWS\Installer\{17293791-C82E-476C-9997-9A0FF234A19B}\NewShortcut1_17293791C82E476C99979A0FF234A19B.exe
    + 2005-09-06 08:42:59 57,344 ----a-r C:\WINDOWS\Installer\{17293791-C82E-476C-9997-9A0FF234A19B}\NewShortcut1_17293791C82E476C99979A0FF234A19B.exe
    - 2005-09-06 08:43:03 40,960 ----a-r C:\WINDOWS\Installer\{20FBC0A0-3160-4F14-83ED-3A74BB6B8C31}\NewShortcut1.A6CC6977_F7B4_4C0B_9510_BCD847D4BDB2.exe
    + 2005-09-06 08:43:03 49,152 ----a-r C:\WINDOWS\Installer\{20FBC0A0-3160-4F14-83ED-3A74BB6B8C31}\NewShortcut1.A6CC6977_F7B4_4C0B_9510_BCD847D4BDB2.exe
    - 2004-10-01 14:21:49 166,912 ----a-r C:\WINDOWS\Installer\{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}\places.exe
    + 2004-10-01 14:21:49 173,568 ----a-r C:\WINDOWS\Installer\{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}\places.exe
    - 2004-10-07 08:31:45 49,152 ----a-r C:\WINDOWS\Installer\{609F7AC8-C510-11D4-A788-009027ABA5D0}\_358549803C93_44DD_B1D6_E56E21E4D1E3.exe
    + 2004-10-07 08:31:45 57,344 ----a-r C:\WINDOWS\Installer\{609F7AC8-C510-11D4-A788-009027ABA5D0}\_358549803C93_44DD_B1D6_E56E21E4D1E3.exe
    - 2005-09-06 08:42:31 45,056 ----a-r C:\WINDOWS\Installer\{64FC0C98-B035-4530-B15D-3D30610B6DF1}\HPSUShortcut2_936C42D08CEE4BDFB8CEC4BDC93C6CF8_1.exe
    + 2005-09-06 08:42:31 53,248 ----a-r C:\WINDOWS\Installer\{64FC0C98-B035-4530-B15D-3D30610B6DF1}\HPSUShortcut2_936C42D08CEE4BDFB8CEC4BDC93C6CF8_1.exe
    - 2004-10-01 16:22:36 32,768 ----a-r C:\WINDOWS\Installer\{716E0306-8318-4364-8B8F-0CC4E9376BAC}\icon.exe
    + 2004-10-01 16:22:36 40,960 ----a-r C:\WINDOWS\Installer\{716E0306-8318-4364-8B8F-0CC4E9376BAC}\icon.exe
    - 2004-10-01 17:23:20 34,304 ----a-r C:\WINDOWS\Installer\{901E0413-6000-11D3-8CFE-0050048383C9}\misc.exe
    + 2004-10-01 17:23:20 40,960 ----a-r C:\WINDOWS\Installer\{901E0413-6000-11D3-8CFE-0050048383C9}\misc.exe
    - 2004-10-01 17:02:54 34,304 ----a-r C:\WINDOWS\Installer\{901F0407-6000-11D3-8CFE-0050048383C9}\misc.exe
    + 2004-10-01 17:02:54 40,960 ----a-r C:\WINDOWS\Installer\{901F0407-6000-11D3-8CFE-0050048383C9}\misc.exe
    - 2004-10-06 12:45:37 167,936 ----a-r C:\WINDOWS\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\accicons.exe
    + 2004-10-06 12:45:37 176,128 ----a-r C:\WINDOWS\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\accicons.exe
    - 2004-10-06 12:45:37 2,560 ----a-r C:\WINDOWS\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\cagicon.exe
    + 2004-10-06 12:45:37 9,216 ----a-r C:\WINDOWS\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\cagicon.exe
    - 2004-10-06 12:45:37 81,920 ----a-r C:\WINDOWS\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\fpicon.exe
    + 2004-10-06 12:45:37 90,112 ----a-r C:\WINDOWS\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\fpicon.exe
    - 2004-10-06 12:45:37 34,304 ----a-r C:\WINDOWS\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\misc.exe
    + 2004-10-06 12:45:37 40,960 ----a-r C:\WINDOWS\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\misc.exe
    - 2004-10-06 12:45:37 8,192 ----a-r C:\WINDOWS\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\mspicons.exe
    + 2004-10-06 12:45:37 14,848 ----a-r C:\WINDOWS\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\mspicons.exe
    - 2004-10-06 12:45:37 3,584 ----a-r C:\WINDOWS\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\opwicon.exe
    + 2004-10-06 12:45:37 10,240 ----a-r C:\WINDOWS\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\opwicon.exe
    - 2004-10-06 12:45:37 114,688 ----a-r C:\WINDOWS\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\outicon.exe
    + 2004-10-06 12:45:37 122,880 ----a-r C:\WINDOWS\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\outicon.exe
    - 2004-10-06 12:45:37 16,384 ----a-r C:\WINDOWS\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\PEicons.exe
    + 2004-10-06 12:45:37 23,040 ----a-r C:\WINDOWS\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\PEicons.exe
    - 2004-10-06 12:45:37 30,720 ----a-r C:\WINDOWS\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\pptico.exe
    + 2004-10-06 12:45:37 37,376 ----a-r C:\WINDOWS\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\pptico.exe
    - 2004-10-06 12:45:37 22,528 ----a-r C:\WINDOWS\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\unbndico.exe
    + 2004-10-06 12:45:37 29,184 ----a-r C:\WINDOWS\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\unbndico.exe
    - 2004-12-14 15:50:59 65,536 ----a-r C:\WINDOWS\Installer\{9D8FEE90-0377-49A9-AEFB-525BDE549BA4}\NewShortcut1.exe
    + 2004-12-14 15:50:59 73,728 ----a-r C:\WINDOWS\Installer\{9D8FEE90-0377-49A9-AEFB-525BDE549BA4}\NewShortcut1.exe
    - 2004-12-14 15:50:59 65,536 ----a-r C:\WINDOWS\Installer\{9D8FEE90-0377-49A9-AEFB-525BDE549BA4}\NewShortcut2.exe
    + 2004-12-14 15:50:59 73,728 ----a-r C:\WINDOWS\Installer\{9D8FEE90-0377-49A9-AEFB-525BDE549BA4}\NewShortcut2.exe
    - 2006-11-07 12:46:13 6,656 ----a-r C:\WINDOWS\Installer\{BC3E6DAB-253A-455E-A0C8-ACC5CE9D0D62}\ARIcon.exe
    + 2006-11-07 12:46:13 13,312 ----a-r C:\WINDOWS\Installer\{BC3E6DAB-253A-455E-A0C8-ACC5CE9D0D62}\ARIcon.exe
    - 2006-11-07 12:46:13 135,168 ----a-r C:\WINDOWS\Installer\{BC3E6DAB-253A-455E-A0C8-ACC5CE9D0D62}\misc.5F3981BD_0835_4200_A8E0_81FC138D2110.exe
    + 2006-11-07 12:46:13 143,360 ----a-r C:\WINDOWS\Installer\{BC3E6DAB-253A-455E-A0C8-ACC5CE9D0D62}\misc.5F3981BD_0835_4200_A8E0_81FC138D2110.exe
    - 2004-12-14 15:51:35 65,536 ----a-r C:\WINDOWS\Installer\{CA60320D-6A16-49C8-A34F-84EEF4799567}\NewShortcut11.exe
    + 2004-12-14 15:51:35 73,728 ----a-r C:\WINDOWS\Installer\{CA60320D-6A16-49C8-A34F-84EEF4799567}\NewShortcut11.exe
    - 2004-12-14 15:51:35 65,536 ----a-r C:\WINDOWS\Installer\{CA60320D-6A16-49C8-A34F-84EEF4799567}\NewShortcut12.exe
    + 2004-12-14 15:51:35 73,728 ----a-r C:\WINDOWS\Installer\{CA60320D-6A16-49C8-A34F-84EEF4799567}\NewShortcut12.exe
    - 2004-12-14 15:51:35 65,536 ----a-r C:\WINDOWS\Installer\{CA60320D-6A16-49C8-A34F-84EEF4799567}\NewShortcut13.exe
    + 2004-12-14 15:51:35 73,728 ----a-r C:\WINDOWS\Installer\{CA60320D-6A16-49C8-A34F-84EEF4799567}\NewShortcut13.exe
    - 2004-12-14 15:51:35 65,536 ----a-r C:\WINDOWS\Installer\{CA60320D-6A16-49C8-A34F-84EEF4799567}\NewShortcut4.exe
    + 2004-12-14 15:51:35 73,728 ----a-r C:\WINDOWS\Installer\{CA60320D-6A16-49C8-A34F-84EEF4799567}\NewShortcut4.exe
    - 2004-12-14 15:51:35 65,536 ----a-r C:\WINDOWS\Installer\{CA60320D-6A16-49C8-A34F-84EEF4799567}\NewShortcut5.exe
    + 2004-12-14 15:51:35 73,728 ----a-r C:\WINDOWS\Installer\{CA60320D-6A16-49C8-A34F-84EEF4799567}\NewShortcut5.exe
    - 2004-12-14 15:51:35 65,536 ----a-r C:\WINDOWS\Installer\{CA60320D-6A16-49C8-A34F-84EEF4799567}\NewShortcut6.exe
    + 2004-12-14 15:51:35 73,728 ----a-r C:\WINDOWS\Installer\{CA60320D-6A16-49C8-A34F-84EEF4799567}\NewShortcut6.exe
    - 2004-12-14 15:51:35 65,536 ----a-r C:\WINDOWS\Installer\{CA60320D-6A16-49C8-A34F-84EEF4799567}\NewShortcut7.exe
    + 2004-12-14 15:51:35 73,728 ----a-r C:\WINDOWS\Installer\{CA60320D-6A16-49C8-A34F-84EEF4799567}\NewShortcut7.exe
    - 2004-12-14 15:51:35 65,536 ----a-r C:\WINDOWS\Installer\{CA60320D-6A16-49C8-A34F-84EEF4799567}\NewShortcut8.exe
    + 2004-12-14 15:51:35 73,728 ----a-r C:\WINDOWS\Installer\{CA60320D-6A16-49C8-A34F-84EEF4799567}\NewShortcut8.exe
    - 2004-12-14 15:51:35 65,536 ----a-r C:\WINDOWS\Installer\{CA60320D-6A16-49C8-A34F-84EEF4799567}\NewShortcut9.exe
    + 2004-12-14 15:51:35 73,728 ----a-r C:\WINDOWS\Installer\{CA60320D-6A16-49C8-A34F-84EEF4799567}\NewShortcut9.exe
    - 2004-12-14 15:51:35 65,536 ----a-r C:\WINDOWS\Installer\{CA60320D-6A16-49C8-A34F-84EEF4799567}\TutorialSC.exe
    + 2004-12-14 15:51:35 73,728 ----a-r C:\WINDOWS\Installer\{CA60320D-6A16-49C8-A34F-84EEF4799567}\TutorialSC.exe
    - 1998-10-29 14:45:06 306,688 ----a-w C:\WINDOWS\IsUninst.exe
    + 1998-10-29 14:45:06 313,344 ----a-w C:\WINDOWS\IsUninst.exe
    - 2003-02-20 17:09:46 57,344 ----a-w C:\WINDOWS\Microsoft.NET\Framework\NETFXSBS10.exe
    + 2003-02-20 17:09:46 65,536 ----a-w C:\WINDOWS\Microsoft.NET\Framework\NETFXSBS10.exe
    - 2003-02-20 17:19:34 20,480 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_regiis.exe
    + 2003-02-20 17:19:34 28,672 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_regiis.exe
    - 2003-02-20 17:19:36 32,768 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_wp.exe
    + 2003-02-20 17:19:36 40,960 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_wp.exe
    - 2003-02-21 05:24:10 94,208 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\CasPol.exe
    + 2003-02-21 05:24:10 102,400 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\CasPol.exe
    - 2003-02-21 05:24:32 49,152 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\ConfigWizards.exe
    + 2003-02-21 05:24:32 57,344 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\ConfigWizards.exe
    - 2003-02-21 08:20:44 49,152 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\csc.exe
    + 2003-02-21 08:20:44 57,344 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\csc.exe
    - 2003-02-21 02:12:24 28,672 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\cvtres.exe
    + 2003-02-21 02:12:24 36,864 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\cvtres.exe
    - 2003-02-21 05:24:38 7,680 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\IEExec.exe
    + 2003-02-21 05:24:38 14,336 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\IEExec.exe
    - 2003-02-20 17:09:40 196,608 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\ilasm.exe
    + 2003-02-20 17:09:40 204,800 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\ilasm.exe
    - 2003-02-21 05:24:42 15,872 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\InstallUtil.exe
    + 2003-02-21 05:24:42 22,528 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\InstallUtil.exe
    - 2003-02-21 05:24:52 40,960 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\jsc.exe
    + 2003-02-21 05:24:52 49,152 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\jsc.exe
    - 2003-02-21 05:25:04 49,152 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\MigPol.exe
    + 2003-02-21 05:25:04 57,344 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\MigPol.exe
    - 2003-02-21 05:25:04 49,152 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\MigPolWin.exe
    + 2003-02-21 05:25:04 57,344 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\MigPolWin.exe
    - 2003-02-20 17:09:46 73,728 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\ngen.exe
    + 2003-02-20 17:09:46 81,920 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\ngen.exe
    - 2003-02-21 05:25:24 28,672 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\RegAsm.exe
    + 2003-02-21 05:25:24 36,864 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\RegAsm.exe
    - 2003-02-21 05:25:30 12,288 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\RegSvcs.exe
    + 2003-02-21 05:25:30 18,944 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\RegSvcs.exe
    - 2003-02-21 08:20:38 737,280 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\vbc.exe
    + 2003-02-21 08:20:38 745,472 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\vbc.exe
    - 2004-08-03 23:56:48 256,512 ----a-w C:\WINDOWS\msagent\agentsvr.exe
    + 2004-08-03 23:56:48 263,168 ----a-w C:\WINDOWS\msagent\agentsvr.exe
    - 2004-08-03 23:56:54 90,624 ----a-w C:\WINDOWS\mui\muisetup.exe
    + 2004-08-03 23:56:54 97,280 ----a-w C:\WINDOWS\mui\muisetup.exe
    - 2004-08-03 23:56:50 768,512 ----a-w C:\WINDOWS\PCHealth\HelpCtr\Binaries\helpctr.exe
    + 2004-08-03 23:56:50 775,168 ----a-w C:\WINDOWS\PCHealth\HelpCtr\Binaries\helpctr.exe
    - 2001-08-23 12:00:00 99,840 ----a-w C:\WINDOWS\PCHealth\HelpCtr\Binaries\HelpHost.exe
    + 2001-08-23 12:00:00 106,496 ----a-w C:\WINDOWS\PCHealth\HelpCtr\Binaries\HelpHost.exe
    - 2004-08-03 23:56:52 743,936 ----a-w C:\WINDOWS\PCHealth\HelpCtr\Binaries\helpsvc.exe
    + 2004-08-03 23:56:52 750,592 ----a-w C:\WINDOWS\PCHealth\HelpCtr\Binaries\helpsvc.exe
    - 2004-08-03 23:56:52 18,944 ----a-w C:\WINDOWS\PCHealth\HelpCtr\Binaries\hscupd.exe
    + 2004-08-03 23:56:52 25,600 ----a-w C:\WINDOWS\PCHealth\HelpCtr\Binaries\hscupd.exe
    - 2004-08-03 23:56:54 158,208 ----a-w C:\WINDOWS\PCHealth\HelpCtr\Binaries\msconfig.exe
    + 2004-08-03 23:56:54 164,864 ----a-w C:\WINDOWS\PCHealth\HelpCtr\Binaries\msconfig.exe
    - 2001-08-23 12:00:00 35,328 ----a-w C:\WINDOWS\PCHealth\HelpCtr\Binaries\notiflag.exe
    + 2001-08-23 12:00:00 41,984 ----a-w C:\WINDOWS\PCHealth\HelpCtr\Binaries\notiflag.exe
    - 2004-08-03 23:56:58 150,528 ----a-w C:\WINDOWS\PCHealth\UploadLB\Binaries\uploadm.exe
    + 2004-08-03 23:56:58 157,184 ----a-w C:\WINDOWS\PCHealth\UploadLB\Binaries\uploadm.exe
    - 2002-08-29 03:41:28 221,184 ----a-w C:\WINDOWS\RegisteredPackages\{3FDF25EE-E592-4495-8391-6E9C504DAC2B}$BACKUP$\System\setup_wm.exe
    + 2002-08-29 03:41:28 229,376 ----a-w C:\WINDOWS\RegisteredPackages\{3FDF25EE-E592-4495-8391-6E9C504DAC2B}$BACKUP$\System\setup_wm.exe
    - 2005-01-28 13:22:12 827,392 ----a-w C:\WINDOWS\RegisteredPackages\{3FDF25EE-E592-4495-8391-6E9C504DAC2B}\setup_wm.exe
    + 2005-01-28 13:22:12 835,584 ----a-w C:\WINDOWS\RegisteredPackages\{3FDF25EE-E592-4495-8391-6E9C504DAC2B}\setup_wm.exe
    - 2005-01-27 23:36:04 47,104 ----a-w C:\WINDOWS\RegisteredPackages\{981FB688-E76B-4246-987B-92083185B90A}\uwdf.exe
    + 2005-01-27 23:36:04 53,760 ----a-w C:\WINDOWS\RegisteredPackages\{981FB688-E76B-4246-987B-92083185B90A}\uwdf.exe
    - 2005-01-27 23:36:00 38,912 ----a-w C:\WINDOWS\RegisteredPackages\{981FB688-E76B-4246-987B-92083185B90A}\wdfmgr.exe
    + 2005-01-27 23:36:00 45,568 ----a-w C:\WINDOWS\RegisteredPackages\{981FB688-E76B-4246-987B-92083185B90A}\wdfmgr.exe
    - 2002-08-29 03:41:26 24,576 ----a-w C:\WINDOWS\RegisteredPackages\{AAC1D942-0B38-4E37-9E4E-5B96A9DD2170}$BACKUP$\System\logagent.exe
    + 2002-08-29 03:41:26 31,232 ----a-w C:\WINDOWS\RegisteredPackages\{AAC1D942-0B38-4E37-9E4E-5B96A9DD2170}$BACKUP$\System\logagent.exe
    - 2005-01-27 23:21:46 96,768 ----a-w C:\WINDOWS\RegisteredPackages\{AAC1D942-0B38-4E37-9E4E-5B96A9DD2170}\logagent.exe
    + 2005-01-27 23:21:46 103,424 ----a-w C:\WINDOWS\RegisteredPackages\{AAC1D942-0B38-4E37-9E4E-5B96A9DD2170}\logagent.exe
    - 2002-08-29 03:41:28 249,856 ----a-w C:\WINDOWS\RegisteredPackages\{DD90D410-1823-43EB-9A16-A2331BF08799}$BACKUP$\System\unregmp2.exe
    + 2002-08-29 03:41:28 258,048 ----a-w C:\WINDOWS\RegisteredPackages\{DD90D410-1823-43EB-9A16-A2331BF08799}$BACKUP$\System\unregmp2.exe
    - 2002-08-29 03:41:28 520,192 ----a-w C:\WINDOWS\RegisteredPackages\{DD90D410-1823-43EB-9A16-A2331BF08799}$BACKUP$\System\wmplayer.exe
    + 2002-08-29 03:41:28 528,384 ----a-w C:\WINDOWS\RegisteredPackages\{DD90D410-1823-43EB-9A16-A2331BF08799}$BACKUP$\System\wmplayer.exe
    - 2005-01-27 23:26:42 991,232 ----a-w C:\WINDOWS\RegisteredPackages\{DD90D410-1823-43EB-9A16-A2331BF08799}\migrate.exe
    + 2005-01-27 23:26:42 999,424 ----a-w C:\WINDOWS\RegisteredPackages\{DD90D410-1823-43EB-9A16-A2331BF08799}\migrate.exe
    - 2005-01-28 13:22:12 192,512 ----a-w C:\WINDOWS\RegisteredPackages\{DD90D410-1823-43EB-9A16-A2331BF08799}\unregmp2.exe
    + 2005-01-28 13:22:12 200,704 ----a-w C:\WINDOWS\RegisteredPackages\{DD90D410-1823-43EB-9A16-A2331BF08799}\unregmp2.exe
    - 2005-01-27 23:26:30 122,880 ----a-w C:\WINDOWS\RegisteredPackages\{DD90D410-1823-43EB-9A16-A2331BF08799}\wmlaunch.exe
    + 2005-01-27 23:26:30 131,072 ----a-w C:\WINDOWS\RegisteredPackages\{DD90D410-1823-43EB-9A16-A2331BF08799}\wmlaunch.exe
    - 2005-01-27 23:26:30 28,672 ----a-w C:\WINDOWS\RegisteredPackages\{DD90D410-1823-43EB-9A16-A2331BF08799}\wmpenc.exe
    + 2005-01-27 23:26:30 36,864 ----a-w C:\WINDOWS\RegisteredPackages\{DD90D410-1823-43EB-9A16-A2331BF08799}\wmpenc.exe
    - 2005-01-28 13:22:12 73,728 ----a-w C:\WINDOWS\RegisteredPackages\{DD90D410-1823-43EB-9A16-A2331BF08799}\wmplayer.exe
    + 2005-01-28 13:22:12 81,920 ----a-w C:\WINDOWS\RegisteredPackages\{DD90D410-1823-43EB-9A16-A2331BF08799}\wmplayer.exe
    - 2000-08-31 06:00:00 98,816 ----a-w C:\WINDOWS\sed.exe
    + 2000-08-31 06:00:00 105,472 ----a-w C:\WINDOWS\sed.exe
    - 2004-08-03 23:56:48 183,808 ------w C:\WINDOWS\ServicePackFiles\i386\accwiz.exe
    + 2004-08-03 23:56:48 190,464 ------w C:\WINDOWS\ServicePackFiles\i386\accwiz.exe
    - 2004-08-03 23:56:48 4,096 ------w C:\WINDOWS\ServicePackFiles\i386\actmovie.exe
    + 2004-08-03 23:56:48 10,752 ------w C:\WINDOWS\ServicePackFiles\i386\actmovie.exe
    - 2004-08-03 23:56:48 16,439 ------w C:\WINDOWS\ServicePackFiles\i386\admin.exe
    + 2004-08-03 23:56:48 24,631 ------w C:\WINDOWS\ServicePackFiles\i386\admin.exe
    - 2004-08-03 23:56:48 256,512 ------w C:\WINDOWS\ServicePackFiles\i386\agentsvr.exe
    + 2004-08-03 23:56:48 263,168 ------w C:\WINDOWS\ServicePackFiles\i386\agentsvr.exe
    - 2004-08-03 23:56:48 98,304 ------w C:\WINDOWS\ServicePackFiles\i386\ahui.exe
    + 2004-08-03 23:56:48 104,960 ------w C:\WINDOWS\ServicePackFiles\i386\ahui.exe
    - 2004-08-03 23:56:48 44,544 ------w C:\WINDOWS\ServicePackFiles\i386\alg.exe
    + 2004-08-03 23:56:48 51,200 ------w C:\WINDOWS\ServicePackFiles\i386\alg.exe
    - 2004-08-03 21:11:06 24,576 ------w C:\WINDOWS\ServicePackFiles\i386\aspnet_regiis.exe
    + 2004-08-03 21:11:06 32,768 ------w C:\WINDOWS\ServicePackFiles\i386\aspnet_regiis.exe
    - 2004-08-03 21:11:06 32,768 ------w C:\WINDOWS\ServicePackFiles\i386\aspnet_wp.exe
    + 2004-08-03 21:11:06 40,960 ------w C:\WINDOWS\ServicePackFiles\i386\aspnet_wp.exe
    - 2004-08-03 23:56:48 30,208 ------w C:\WINDOWS\ServicePackFiles\i386\asr_fmt.exe
    + 2004-08-03 23:56:48 36,864 ------w C:\WINDOWS\ServicePackFiles\i386\asr_fmt.exe
    - 2004-08-03 23:56:48 32,768 ------w C:\WINDOWS\ServicePackFiles\i386\asr_pfu.exe
    + 2004-08-03 23:56:48 39,424 ------w C:\WINDOWS\ServicePackFiles\i386\asr_pfu.exe
    - 2004-08-03 23:56:48 25,088 ------w C:\WINDOWS\ServicePackFiles\i386\at.exe
    + 2004-08-03 23:56:48 31,744 ------w C:\WINDOWS\ServicePackFiles\i386\at.exe
    - 2004-08-03 23:56:48 11,264 ------w C:\WINDOWS\ServicePackFiles\i386\atmadm.exe
    + 2004-08-03 23:56:48 17,920 ------w C:\WINDOWS\ServicePackFiles\i386\atmadm.exe
    - 2004-08-03 23:56:48 14,336 ------w C:\WINDOWS\ServicePackFiles\i386\auditusr.exe
    + 2004-08-03 23:56:48 20,992 ------w C:\WINDOWS\ServicePackFiles\i386\auditusr.exe
    - 2004-08-03 23:56:48 16,439 ------w C:\WINDOWS\ServicePackFiles\i386\author.exe
    + 2004-08-03 23:56:48 24,631 ------w C:\WINDOWS\ServicePackFiles\i386\author.exe
    - 2004-08-03 23:56:48 71,680 ------w C:\WINDOWS\ServicePackFiles\i386\blastcln.exe
    + 2004-08-03 23:56:48 78,336 ------w C:\WINDOWS\ServicePackFiles\i386\blastcln.exe
    - 2004-07-19 17:54:04 94,208 ------w C:\WINDOWS\ServicePackFiles\i386\caspol.exe
    + 2004-07-19 17:54:04 102,400 ------w C:\WINDOWS\ServicePackFiles\i386\caspol.exe
    - 2004-08-03 23:56:48 188,480 ------w C:\WINDOWS\ServicePackFiles\i386\cfgwiz.exe
    + 2004-08-03 23:56:48 196,672 ------w C:\WINDOWS\ServicePackFiles\i386\cfgwiz.exe
    - 2004-08-03 23:56:48 56,320 ------w C:\WINDOWS\ServicePackFiles\i386\cipher.exe
    + 2004-08-03 23:56:48 62,976 ------w C:\WINDOWS\ServicePackFiles\i386\cipher.exe
    - 2004-08-03 23:56:48 5,632 ------w C:\WINDOWS\ServicePackFiles\i386\cisvc.exe
    + 2004-08-03 23:56:48 12,288 ------w C:\WINDOWS\ServicePackFiles\i386\cisvc.exe
    - 2004-08-03 23:56:48 64,000 ------w C:\WINDOWS\ServicePackFiles\i386\cleanmgr.exe
    + 2004-08-03 23:56:48 70,656 ------w C:\WINDOWS\ServicePackFiles\i386\cleanmgr.exe
    - 2004-08-03 23:56:48 20,480 ------w C:\WINDOWS\ServicePackFiles\i386\cliconfg.exe
    + 2004-08-03 23:56:48 28,672 ------w C:\WINDOWS\ServicePackFiles\i386\cliconfg.exe
    - 2004-08-03 23:56:48 102,912 ------w C:\WINDOWS\ServicePackFiles\i386\clipbrd.exe
    + 2004-08-03 23:56:48 109,568 ------w C:\WINDOWS\ServicePackFiles\i386\clipbrd.exe
    - 2004-08-03 23:56:48 33,280 ------w C:\WINDOWS\ServicePackFiles\i386\clipsrv.exe
    + 2004-08-03 23:56:48 39,936 ------w C:\WINDOWS\ServicePackFiles\i386\clipsrv.exe
    - 2004-08-03 23:56:50 388,608 ------w C:\WINDOWS\ServicePackFiles\i386\cmd.exe
    + 2004-08-03 23:56:50 395,264 ------w C:\WINDOWS\ServicePackFiles\i386\cmd.exe
    - 2004-08-03 23:56:50 47,104 ------w C:\WINDOWS\ServicePackFiles\i386\cmdl32.exe
    + 2004-08-03 23:56:50 53,760 ------w C:\WINDOWS\ServicePackFiles\i386\cmdl32.exe
    - 2004-08-03 23:56:50 39,936 ------w C:\WINDOWS\ServicePackFiles\i386\cmmon32.exe
    + 2004-08-03 23:56:50 46,592 ------w C:\WINDOWS\ServicePackFiles\i386\cmmon32.exe
    - 2004-08-03 23:56:50 63,488 ------w C:\WINDOWS\ServicePackFiles\i386\cmstp.exe
    +
    a b 8 Sécurité
    26 Mai 2008 21:33:33

    Tu peux virer la partie nommée : ((((((((((((((((((((((((((((( snapshot@2008-05-22_21.22.18.39 )))))))))))))))))))))))))))))))))))))))))
    afin d'avoir tout le rapport ?
    26 Mai 2008 21:40:20

    Voilà:

    ComboFix 08-05-21.3 - lb 2008-05-26 21:07:58.2 - NTFSx86
    Running from: C:\Documents and Settings\lb.DOREC000\Desktop\ComboFix.exe

    WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\Documents and Settings\lb.DOREC000\Local Settings\Temporary Internet Files\bestwiner.stt
    C:\WINDOWS\b999.exe

    .
    ((((((((((((((((((((((((( Files Created from 2008-04-26 to 2008-05-26 )))))))))))))))))))))))))))))))
    .

    2008-05-25 17:32 . 2008-05-25 17:32 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
    2008-05-25 17:32 . 2008-05-25 17:32 <DIR> d-------- C:\Documents and Settings\lb.DOREC000\Application Data\Malwarebytes
    2008-05-25 17:32 . 2008-05-25 17:32 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
    2008-05-25 17:32 . 2008-05-05 20:46 27,048 --a------ C:\WINDOWS\system32\drivers\mbamcatchme.sys
    2008-05-25 17:32 . 2008-05-05 20:46 15,864 --a------ C:\WINDOWS\system32\drivers\mbam.sys
    2008-05-25 17:31 . 2008-05-25 17:31 <DIR> d-------- C:\Program Files\Common Files\Download Manager
    2008-05-19 21:15 . 2008-05-19 21:16 65,536 --a------ C:\WINDOWS\system32\WinTrack.exe
    2008-05-19 21:08 . 2008-05-19 21:07 396,508 -r-hsc--- C:\WINDOWS\system32\dllcache\wintcps.exe
    2008-05-08 10:38 . 2008-05-19 21:31 13,502 --a------ C:\WINDOWS\system32\JambaIconFR.ico
    2008-05-04 21:33 . 2008-05-04 21:33 9,662 --a------ C:\WINDOWS\system32\ZoneAlarmIconFR.ico
    2008-04-30 12:07 . 2008-04-30 12:07 507,904 -r-hsc--- C:\WINDOWS\system32\dllcache\ibmpsw.exe
    2008-04-29 17:03 . 2008-04-30 16:53 <DIR> d-------- C:\Program Files\GlobalEnglish
    2008-04-29 12:34 . 2008-05-26 21:18 18,174 --a------ C:\WINDOWS\system32\nefcua.gfr

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-05-26 19:21 --------- d-----w C:\Program Files\Wanadoo
    2006-11-19 16:20 21,104 ----a-w C:\Documents and Settings\lb.DOREC000\Application Data\GDIPFONTCACHEV1.DAT
    2005-03-13 11:45 39,936 --sh--w C:\WINDOWS\system32\wps.dll
    2005-01-22 18:43 58,816 --sha-w C:\WINDOWS\system32\wps.exe
    2005-03-13 11:45 8,432 --sha-w C:\WINDOWS\system32\drivers\wps.sys
    .

    ------- Sigcheck -------

    2002-08-29 03:58 332928 244a2f9816bc9b593957281ef577d976 C:\WINDOWS\$NtServicePackUninstall$\tcpip.sys
    2004-08-04 00:14 359040 9f4b36614a0fc234525ba224957de55c C:\WINDOWS\ServicePackFiles\i386\tcpip.sys
    2004-08-04 00:14 359040 6a603809f598332dbedd535bdbce313e C:\WINDOWS\system32\drivers\tcpip.sys

    2004-08-04 01:56 1038848 0fdc6414bc4ffae1e4e6c0e5e099ced6 C:\WINDOWS\explorer.exe
    2002-08-29 05:41 1010688 a0bec278727ee02c108b98083152f783 C:\WINDOWS\$NtServicePackUninstall$\explorer.exe
    2004-08-04 01:56 1038848 aac6ab5b4da8e89eccb1806e4d28babd C:\WINDOWS\ServicePackFiles\i386\explorer.exe

    2002-08-29 05:41 19968 25fc10e547e3be0c36a738599c665239 C:\WINDOWS\$NtServicePackUninstall$\ctfmon.exe
    2004-08-04 01:56 22016 d11589d33eda6e5ed8ad57d272c98847 C:\WINDOWS\ServicePackFiles\i386\ctfmon.exe
    2004-08-04 01:56 22016 76b83a79591e8a5646124daac5f02859 C:\WINDOWS\system32\ctfmon.exe
    .
    .
    - 2001-08-23 12:00:00 179,200 -c----w C:\WINDOWS\$NtServicePackUninstall$\accwiz.exe
    + 2001-08-23 12:00:00 185,856 -c----w C:\WINDOWS\$NtServicePackUninstall$\accwiz.exe
    - 2001-08-23 12:00:00 4,096 -c----w C:\WINDOWS\$NtServicePackUninstall$\actmovie.exe
    + 2001-08-23 12:00:00 10,752 -c----w C:\WINDOWS\$NtServicePackUninstall$\actmovie.exe
    - 2002-05-14 10:08:54 16,439 -c----w C:\WINDOWS\$NtServicePackUninstall$\admin.exe
    + 2002-05-14 10:08:54 24,631 -c----w C:\WINDOWS\$NtServicePackUninstall$\admin.exe
    - 2001-08-23 12:00:00 235,008 -c----w C:\WINDOWS\$NtServicePackUninstall$\agentsvr.exe
    + 2001-08-23 12:00:00 241,664 -c----w C:\WINDOWS\$NtServicePackUninstall$\agentsvr.exe
    - 2002-08-29 03:41:20 91,648 -c----w C:\WINDOWS\$NtServicePackUninstall$\ahui.exe
    + 2002-08-29 03:41:20 98,304 -c----w C:\WINDOWS\$NtServicePackUninstall$\ahui.exe
    - 2002-08-29 03:41:20 41,984 -c----w C:\WINDOWS\$NtServicePackUninstall$\alg.exe
    + 2002-08-29 03:41:20 48,640 -c----w C:\WINDOWS\$NtServicePackUninstall$\alg.exe
    - 2001-08-23 12:00:00 27,136 -c----w C:\WINDOWS\$NtServicePackUninstall$\asr_fmt.exe
    + 2001-08-23 12:00:00 33,792 -c----w C:\WINDOWS\$NtServicePackUninstall$\asr_fmt.exe
    - 2002-08-29 03:41:20 29,696 -c----w C:\WINDOWS\$NtServicePackUninstall$\asr_pfu.exe
    + 2002-08-29 03:41:20 36,352 -c----w C:\WINDOWS\$NtServicePackUninstall$\asr_pfu.exe
    - 2002-08-29 03:41:20 22,528 -c----w C:\WINDOWS\$NtServicePackUninstall$\at.exe
    + 2002-08-29 03:41:20 29,184 -c----w C:\WINDOWS\$NtServicePackUninstall$\at.exe
    - 2001-08-23 12:00:00 10,240 -c----w C:\WINDOWS\$NtServicePackUninstall$\atmadm.exe
    + 2001-08-23 12:00:00 16,896 -c----w C:\WINDOWS\$NtServicePackUninstall$\atmadm.exe
    - 2002-05-14 10:08:54 16,439 -c----w C:\WINDOWS\$NtServicePackUninstall$\author.exe
    + 2002-05-14 10:08:54 24,631 -c----w C:\WINDOWS\$NtServicePackUninstall$\author.exe
    - 2002-05-14 10:08:54 188,480 -c----w C:\WINDOWS\$NtServicePackUninstall$\cfgwiz.exe
    + 2002-05-14 10:08:54 196,672 -c----w C:\WINDOWS\$NtServicePackUninstall$\cfgwiz.exe
    - 2001-08-23 12:00:00 45,056 -c----w C:\WINDOWS\$NtServicePackUninstall$\cipher.exe
    + 2001-08-23 12:00:00 51,712 -c----w C:\WINDOWS\$NtServicePackUninstall$\cipher.exe
    - 2001-08-23 12:00:00 5,120 -c----w C:\WINDOWS\$NtServicePackUninstall$\cisvc.exe
    + 2001-08-23 12:00:00 11,776 -c----w C:\WINDOWS\$NtServicePackUninstall$\cisvc.exe
    - 2001-08-23 12:00:00 61,440 -c----w C:\WINDOWS\$NtServicePackUninstall$\cleanmgr.exe
    + 2001-08-23 12:00:00 68,096 -c----w C:\WINDOWS\$NtServicePackUninstall$\cleanmgr.exe
    - 2002-09-26 13:30:38 20,480 -c----w C:\WINDOWS\$NtServicePackUninstall$\cliconfg.exe
    + 2002-09-26 13:30:38 28,672 -c----w C:\WINDOWS\$NtServicePackUninstall$\cliconfg.exe
    - 2002-08-29 03:41:20 98,816 -c----w C:\WINDOWS\$NtServicePackUninstall$\clipbrd.exe
    + 2002-08-29 03:41:20 105,472 -c----w C:\WINDOWS\$NtServicePackUninstall$\clipbrd.exe
    - 2001-08-23 12:00:00 30,720 -c----w C:\WINDOWS\$NtServicePackUninstall$\clipsrv.exe
    + 2001-08-23 12:00:00 37,376 -c----w C:\WINDOWS\$NtServicePackUninstall$\clipsrv.exe
    - 2001-08-23 12:00:00 375,808 -c----w C:\WINDOWS\$NtServicePackUninstall$\cmd.exe
    + 2001-08-23 12:00:00 382,464 -c----w C:\WINDOWS\$NtServicePackUninstall$\cmd.exe
    - 2002-08-29 03:41:22 41,472 -c----w C:\WINDOWS\$NtServicePackUninstall$\cmdl32.exe
    + 2002-08-29 03:41:22 48,128 -c----w C:\WINDOWS\$NtServicePackUninstall$\cmdl32.exe
    - 2001-08-23 12:00:00 35,840 -c----w C:\WINDOWS\$NtServicePackUninstall$\cmmon32.exe
    + 2001-08-23 12:00:00 42,496 -c----w C:\WINDOWS\$NtServicePackUninstall$\cmmon32.exe
    - 2001-08-23 12:00:00 54,784 -c----w C:\WINDOWS\$NtServicePackUninstall$\cmstp.exe
    + 2001-08-23 12:00:00 61,440 -c----w C:\WINDOWS\$NtServicePackUninstall$\cmstp.exe
    - 2001-08-23 12:00:00 8,192 -c----w C:\WINDOWS\$NtServicePackUninstall$\comrepl.exe
    + 2001-08-23 12:00:00 14,848 -c----w C:\WINDOWS\$NtServicePackUninstall$\comrepl.exe
    - 2002-08-29 03:41:22 995,328 -c----w C:\WINDOWS\$NtServicePackUninstall$\conf.exe
    + 2002-08-29 03:41:22 1,003,520 -c----w C:\WINDOWS\$NtServicePackUninstall$\conf.exe
    - 2002-08-29 03:41:22 24,576 -c----w C:\WINDOWS\$NtServicePackUninstall$\conime.exe
    + 2002-08-29 03:41:22 31,232 -c----w C:\WINDOWS\$NtServicePackUninstall$\conime.exe
    - 2001-08-23 12:00:00 102,450 -c----w C:\WINDOWS\$NtServicePackUninstall$\cscript.exe
    + 2001-08-23 12:00:00 110,642 -c----w C:\WINDOWS\$NtServicePackUninstall$\cscript.exe
    - 2002-08-29 03:41:22 13,312 -c----w C:\WINDOWS\$NtServicePackUninstall$\ctfmon.exe
    + 2002-08-29 03:41:22 19,968 -c----w C:\WINDOWS\$NtServicePackUninstall$\ctfmon.exe
    - 2001-08-23 12:00:00 39,424 -c----w C:\WINDOWS\$NtServicePackUninstall$\davcdata.exe
    + 2001-08-23 12:00:00 46,080 -c----w C:\WINDOWS\$NtServicePackUninstall$\davcdata.exe
    - 2001-08-23 12:00:00 27,136 -c----w C:\WINDOWS\$NtServicePackUninstall$\ddeshare.exe
    + 2001-08-23 12:00:00 33,792 -c----w C:\WINDOWS\$NtServicePackUninstall$\ddeshare.exe
    - 2002-08-29 03:41:22 70,656 -c----w C:\WINDOWS\$NtServicePackUninstall$\defrag.exe
    + 2002-08-29 03:41:22 77,312 -c----w C:\WINDOWS\$NtServicePackUninstall$\defrag.exe
    - 2002-08-29 03:41:22 76,288 -c----w C:\WINDOWS\$NtServicePackUninstall$\dfrgfat.exe
    + 2002-08-29 03:41:22 82,944 -c----w C:\WINDOWS\$NtServicePackUninstall$\dfrgfat.exe
    - 2002-08-29 03:41:22 99,328 -c----w C:\WINDOWS\$NtServicePackUninstall$\dfrgntfs.exe
    + 2002-08-29 03:41:22 105,984 -c----w C:\WINDOWS\$NtServicePackUninstall$\dfrgntfs.exe
    - 2001-08-23 12:00:00 522,240 -c----w C:\WINDOWS\$NtServicePackUninstall$\dialer.exe
    + 2001-08-23 12:00:00 528,896 -c----w C:\WINDOWS\$NtServicePackUninstall$\dialer.exe
    - 2001-08-23 12:00:00 79,360 -c----w C:\WINDOWS\$NtServicePackUninstall$\diantz.exe
    + 2001-08-23 12:00:00 86,016 -c----w C:\WINDOWS\$NtServicePackUninstall$\diantz.exe
    - 2001-08-23 12:00:00 145,920 -c----w C:\WINDOWS\$NtServicePackUninstall$\diskpart.exe
    + 2001-08-23 12:00:00 152,576 -c----w C:\WINDOWS\$NtServicePackUninstall$\diskpart.exe
    - 2002-08-29 03:41:22 294,912 -c----w C:\WINDOWS\$NtServicePackUninstall$\dlimport.exe
    + 2002-08-29 03:41:22 303,104 -c----w C:\WINDOWS\$NtServicePackUninstall$\dlimport.exe
    - 2001-08-23 12:00:00 4,608 -c----w C:\WINDOWS\$NtServicePackUninstall$\dllhost.exe
    + 2001-08-23 12:00:00 11,264 -c----w C:\WINDOWS\$NtServicePackUninstall$\dllhost.exe
    - 2001-08-23 12:00:00 204,800 -c----w C:\WINDOWS\$NtServicePackUninstall$\dmadmin.exe
    + 2001-08-23 12:00:00 211,456 -c----w C:\WINDOWS\$NtServicePackUninstall$\dmadmin.exe
    - 2001-08-23 12:00:00 14,336 -c----w C:\WINDOWS\$NtServicePackUninstall$\dmremote.exe
    + 2001-08-23 12:00:00 20,992 -c----w C:\WINDOWS\$NtServicePackUninstall$\dmremote.exe
    - 2001-08-23 12:00:00 26,112 -c----w C:\WINDOWS\$NtServicePackUninstall$\dplaysvr.exe
    + 2001-08-23 12:00:00 32,768 -c----w C:\WINDOWS\$NtServicePackUninstall$\dplaysvr.exe
    - 2001-08-23 12:00:00 18,944 -c----w C:\WINDOWS\$NtServicePackUninstall$\dpnsvr.exe
    + 2001-08-23 12:00:00 25,600 -c----w C:\WINDOWS\$NtServicePackUninstall$\dpnsvr.exe
    - 2002-08-29 03:41:22 58,368 -c----w C:\WINDOWS\$NtServicePackUninstall$\dpvsetup.exe
    + 2002-08-29 03:41:22 65,024 -c----w C:\WINDOWS\$NtServicePackUninstall$\dpvsetup.exe
    - 2002-08-29 03:41:22 9,216 -c----w C:\WINDOWS\$NtServicePackUninstall$\dumprep.exe
    + 2002-08-29 03:41:22 15,872 -c----w C:\WINDOWS\$NtServicePackUninstall$\dumprep.exe
    - 2001-08-23 12:00:00 15,872 -c----w C:\WINDOWS\$NtServicePackUninstall$\dvdupgrd.exe
    + 2001-08-23 12:00:00 22,528 -c----w C:\WINDOWS\$NtServicePackUninstall$\dvdupgrd.exe
    - 2002-08-29 03:41:22 180,224 -c----w C:\WINDOWS\$NtServicePackUninstall$\dwwin.exe
    + 2002-08-29 03:41:22 188,416 -c----w C:\WINDOWS\$NtServicePackUninstall$\dwwin.exe
    - 2002-08-29 03:41:22 786,432 -c----w C:\WINDOWS\$NtServicePackUninstall$\dxdiag.exe
    + 2002-08-29 03:41:22 794,624 -c----w C:\WINDOWS\$NtServicePackUninstall$\dxdiag.exe
    - 2002-08-29 03:41:24 178,688 -c----w C:\WINDOWS\$NtServicePackUninstall$\eudcedit.exe
    + 2002-08-29 03:41:24 185,344 -c----w C:\WINDOWS\$NtServicePackUninstall$\eudcedit.exe
    - 2001-08-23 12:00:00 47,616 -c----w C:\WINDOWS\$NtServicePackUninstall$\evcreate.exe
    + 2001-08-23 12:00:00 54,272 -c----w C:\WINDOWS\$NtServicePackUninstall$\evcreate.exe
    - 2001-08-23 12:00:00 47,616 -c----w C:\WINDOWS\$NtServicePackUninstall$\eventcreate.exe
    + 2001-08-23 12:00:00 54,272 -c----w C:\WINDOWS\$NtServicePackUninstall$\eventcreate.exe
    - 2001-08-23 12:00:00 22,528 -c----w C:\WINDOWS\$NtServicePackUninstall$\evntcmd.exe
    + 2001-08-23 12:00:00 29,184 -c----w C:\WINDOWS\$NtServicePackUninstall$\evntcmd.exe
    - 2001-08-23 12:00:00 84,992 -c----w C:\WINDOWS\$NtServicePackUninstall$\evntwin.exe
    + 2001-08-23 12:00:00 91,648 -c----w C:\WINDOWS\$NtServicePackUninstall$\evntwin.exe
    - 2002-08-29 03:41:24 1,004,032 -c----w C:\WINDOWS\$NtServicePackUninstall$\explorer.exe
    + 2002-08-29 03:41:24 1,010,688 -c----w C:\WINDOWS\$NtServicePackUninstall$\explorer.exe
    - 2001-08-23 12:00:00 40,960 -c----w C:\WINDOWS\$NtServicePackUninstall$\extrac32.exe
    + 2001-08-23 12:00:00 47,616 -c----w C:\WINDOWS\$NtServicePackUninstall$\extrac32.exe
    - 2001-08-23 12:00:00 25,088 -c----w C:\WINDOWS\$NtServicePackUninstall$\findstr.exe
    + 2001-08-23 12:00:00 31,744 -c----w C:\WINDOWS\$NtServicePackUninstall$\findstr.exe
    - 2002-08-29 03:41:24 19,456 -c----w C:\WINDOWS\$NtServicePackUninstall$\fontview.exe
    + 2002-08-29 03:41:24 26,112 -c----w C:\WINDOWS\$NtServicePackUninstall$\fontview.exe
    - 2002-05-14 10:08:54 14,608 -c----w C:\WINDOWS\$NtServicePackUninstall$\fp98sadm.exe
    + 2002-05-14 10:08:54 21,264 -c----w C:\WINDOWS\$NtServicePackUninstall$\fp98sadm.exe
    - 2002-05-14 10:08:54 109,328 -c----w C:\WINDOWS\$NtServicePackUninstall$\fp98swin.exe
    + 2002-05-14 10:08:54 115,984 -c----w C:\WINDOWS\$NtServicePackUninstall$\fp98swin.exe
    - 2002-05-14 10:08:54 24,632 -c----w C:\WINDOWS\$NtServicePackUninstall$\fpadmcgi.exe
    + 2002-05-14 10:08:54 32,824 -c----w C:\WINDOWS\$NtServicePackUninstall$\fpadmcgi.exe
    - 2002-05-14 10:08:54 188,494 -c----w C:\WINDOWS\$NtServicePackUninstall$\fpcount.exe
    + 2002-05-14 10:08:54 196,686 -c----w C:\WINDOWS\$NtServicePackUninstall$\fpcount.exe
    - 2002-05-14 10:08:54 20,538 -c----w C:\WINDOWS\$NtServicePackUninstall$\fpremadm.exe
    + 2002-05-14 10:08:54 28,730 -c----w C:\WINDOWS\$NtServicePackUninstall$\fpremadm.exe
    - 2002-08-29 03:41:24 40,448 -c----w C:\WINDOWS\$NtServicePackUninstall$\ftp.exe
    + 2002-08-29 03:41:24 47,104 -c----w C:\WINDOWS\$NtServicePackUninstall$\ftp.exe
    - 2002-08-29 03:41:24 130,048 -c----w C:\WINDOWS\$NtServicePackUninstall$\fxsclnt.exe
    + 2002-08-29 03:41:24 136,704 -c----w C:\WINDOWS\$NtServicePackUninstall$\fxsclnt.exe
    - 2002-08-29 03:41:24 216,064 -c----w C:\WINDOWS\$NtServicePackUninstall$\fxscover.exe
    + 2002-08-29 03:41:24 222,720 -c----w C:\WINDOWS\$NtServicePackUninstall$\fxscover.exe
    - 2002-08-29 03:41:24 250,368 -c----w C:\WINDOWS\$NtServicePackUninstall$\fxssvc.exe
    + 2002-08-29 03:41:24 257,024 -c----w C:\WINDOWS\$NtServicePackUninstall$\fxssvc.exe
    - 2002-08-29 03:41:24 113,152 -c----w C:\WINDOWS\$NtServicePackUninstall$\gpresult.exe
    + 2002-08-29 03:41:24 119,808 -c----w C:\WINDOWS\$NtServicePackUninstall$\gpresult.exe
    - 2002-08-29 03:41:24 113,152 -c----w C:\WINDOWS\$NtServicePackUninstall$\gprslt.exe
    + 2002-08-29 03:41:24 119,808 -c----w C:\WINDOWS\$NtServicePackUninstall$\gprslt.exe
    - 2001-08-23 12:00:00 37,888 -c----w C:\WINDOWS\$NtServicePackUninstall$\grpconv.exe
    + 2001-08-23 12:00:00 44,544 -c----w C:\WINDOWS\$NtServicePackUninstall$\grpconv.exe
    - 2004-03-30 01:34:15 741,376 -c----w C:\WINDOWS\$NtServicePackUninstall$\helpctr.exe
    + 2004-03-30 01:34:15 748,032 -c----w C:\WINDOWS\$NtServicePackUninstall$\helpctr.exe
    - 2002-08-29 03:41:24 703,488 -c----w C:\WINDOWS\$NtServicePackUninstall$\helpsvc.exe
    + 2002-08-29 03:41:24 710,144 -c----w C:\WINDOWS\$NtServicePackUninstall$\helpsvc.exe
    - 2002-08-29 03:41:24 10,752 -c----w C:\WINDOWS\$NtServicePackUninstall$\hh.exe
    + 2002-08-29 03:41:24 17,408 -c----w C:\WINDOWS\$NtServicePackUninstall$\hh.exe
    - 2002-08-29 03:41:24 8,704 -c----w C:\WINDOWS\$NtServicePackUninstall$\hscupd.exe
    + 2002-08-29 03:41:24 15,360 -c----w C:\WINDOWS\$NtServicePackUninstall$\hscupd.exe
    - 2002-08-29 03:41:24 208,896 -c----w C:\WINDOWS\$NtServicePackUninstall$\icwconn1.exe
    + 2002-08-29 03:41:24 215,552 -c----w C:\WINDOWS\$NtServicePackUninstall$\icwconn1.exe
    - 2001-08-23 12:00:00 77,824 -c----w C:\WINDOWS\$NtServicePackUninstall$\icwconn2.exe
    + 2001-08-23 12:00:00 86,016 -c----w C:\WINDOWS\$NtServicePackUninstall$\icwconn2.exe
    - 2001-08-23 12:00:00 24,576 -c----w C:\WINDOWS\$NtServicePackUninstall$\icwrmind.exe
    + 2001-08-23 12:00:00 32,768 -c----w C:\WINDOWS\$NtServicePackUninstall$\icwrmind.exe
    - 2002-08-29 03:41:24 28,672 -c----w C:\WINDOWS\$NtServicePackUninstall$\ie4uinit.exe
    + 2002-08-29 03:41:24 35,328 -c----w C:\WINDOWS\$NtServicePackUninstall$\ie4uinit.exe
    - 2002-08-29 03:41:26 91,136 -c----w C:\WINDOWS\$NtServicePackUninstall$\iexplore.exe
    + 2002-08-29 03:41:26 97,792 -c----w C:\WINDOWS\$NtServicePackUninstall$\iexplore.exe
    - 2001-08-23 12:00:00 99,840 -c----w C:\WINDOWS\$NtServicePackUninstall$\iexpress.exe
    + 2001-08-23 12:00:00 106,496 -c----w C:\WINDOWS\$NtServicePackUninstall$\iexpress.exe
    - 2001-08-23 12:00:00 28,160 -c----w C:\WINDOWS\$NtServicePackUninstall$\iisrstas.exe
    + 2001-08-23 12:00:00 34,816 -c----w C:\WINDOWS\$NtServicePackUninstall$\iisrstas.exe
    - 2002-08-29 03:41:26 123,904 -c----w C:\WINDOWS\$NtServicePackUninstall$\imapi.exe
    + 2002-08-29 03:41:26 130,560 -c----w C:\WINDOWS\$NtServicePackUninstall$\imapi.exe
    - 2001-08-23 12:00:00 13,824 -c----w C:\WINDOWS\$NtServicePackUninstall$\inetin51.exe
    + 2001-08-23 12:00:00 20,480 -c----w C:\WINDOWS\$NtServicePackUninstall$\inetin51.exe
    - 2001-08-23 12:00:00 20,480 -c----w C:\WINDOWS\$NtServicePackUninstall$\inetwiz.exe
    + 2001-08-23 12:00:00 28,672 -c----w C:\WINDOWS\$NtServicePackUninstall$\inetwiz.exe
    - 2002-08-29 03:41:26 51,712 -c----w C:\WINDOWS\$NtServicePackUninstall$\ipconfig.exe
    + 2002-08-29 03:41:26 58,368 -c----w C:\WINDOWS\$NtServicePackUninstall$\ipconfig.exe
    - 2002-08-29 03:41:26 60,928 -c----w C:\WINDOWS\$NtServicePackUninstall$\ipv6.exe
    + 2002-08-29 03:41:26 67,584 -c----w C:\WINDOWS\$NtServicePackUninstall$\ipv6.exe
    - 2001-08-23 12:00:00 22,016 -c----w C:\WINDOWS\$NtServicePackUninstall$\ipxroute.exe
    + 2001-08-23 12:00:00 28,672 -c----w C:\WINDOWS\$NtServicePackUninstall$\ipxroute.exe
    - 2001-08-23 12:00:00 68,096 -c----w C:\WINDOWS\$NtServicePackUninstall$\locator.exe
    + 2001-08-23 12:00:00 74,752 -c----w C:\WINDOWS\$NtServicePackUninstall$\locator.exe
    - 2001-08-23 12:00:00 55,296 -c----w C:\WINDOWS\$NtServicePackUninstall$\logman.exe
    + 2001-08-23 12:00:00 61,952 -c----w C:\WINDOWS\$NtServicePackUninstall$\logman.exe
    - 2002-08-29 03:41:28 219,648 -c----w C:\WINDOWS\$NtServicePackUninstall$\logon.scr
    + 2002-08-29 03:41:28 226,304 -c----w C:\WINDOWS\$NtServicePackUninstall$\logon.scr
    - 2002-08-29 03:41:26 504,320 -c----w C:\WINDOWS\$NtServicePackUninstall$\logonui.exe
    + 2002-08-29 03:41:26 510,976 -c----w C:\WINDOWS\$NtServicePackUninstall$\logonui.exe
    - 2002-08-29 03:41:26 11,776 -c----w C:\WINDOWS\$NtServicePackUninstall$\lsass.exe
    + 2002-08-29 03:41:26 18,432 -c----w C:\WINDOWS\$NtServicePackUninstall$\lsass.exe
    - 2001-08-23 12:00:00 67,584 -c----w C:\WINDOWS\$NtServicePackUninstall$\magnify.exe
    + 2001-08-23 12:00:00 74,240 -c----w C:\WINDOWS\$NtServicePackUninstall$\magnify.exe
    - 2001-08-23 12:00:00 79,360 -c----w C:\WINDOWS\$NtServicePackUninstall$\makecab.exe
    + 2001-08-23 12:00:00 86,016 -c----w C:\WINDOWS\$NtServicePackUninstall$\makecab.exe
    - 2002-08-29 03:41:26 98,816 -c----w C:\WINDOWS\$NtServicePackUninstall$\migload.exe
    + 2002-08-29 03:41:26 105,472 -c----w C:\WINDOWS\$NtServicePackUninstall$\migload.exe
    - 2001-08-23 12:00:00 6,656 -c----w C:\WINDOWS\$NtServicePackUninstall$\migregdb.exe
    + 2001-08-23 12:00:00 13,312 -c----w C:\WINDOWS\$NtServicePackUninstall$\migregdb.exe
    - 2002-08-29 03:41:26 230,400 -c----w C:\WINDOWS\$NtServicePackUninstall$\migwiz.exe
    + 2002-08-29 03:41:26 237,056 -c----w C:\WINDOWS\$NtServicePackUninstall$\migwiz.exe
    - 2002-08-29 03:41:26 226,816 -c----w C:\WINDOWS\$NtServicePackUninstall$\migwiz_a.exe
    + 2002-08-29 03:41:26 233,472 -c----w C:\WINDOWS\$NtServicePackUninstall$\migwiz_a.exe
    - 2001-08-23 12:00:00 774,144 -c----w C:\WINDOWS\$NtServicePackUninstall$\mmc.exe
    + 2001-08-23 12:00:00 780,800 -c----w C:\WINDOWS\$NtServicePackUninstall$\mmc.exe
    - 2001-08-23 12:00:00 32,768 -c----w C:\WINDOWS\$NtServicePackUninstall$\mnmsrvc.exe
    + 2001-08-23 12:00:00 40,960 -c----w C:\WINDOWS\$NtServicePackUninstall$\mnmsrvc.exe
    - 2001-08-23 12:00:00 135,680 -c----w C:\WINDOWS\$NtServicePackUninstall$\mobsync.exe
    + 2001-08-23 12:00:00 142,336 -c----w C:\WINDOWS\$NtServicePackUninstall$\mobsync.exe
    - 2002-08-29 03:41:26 15,360 -c----w C:\WINDOWS\$NtServicePackUninstall$\mofcomp.exe
    + 2002-08-29 03:41:26 22,016 -c----w C:\WINDOWS\$NtServicePackUninstall$\mofcomp.exe
    - 2002-08-29 03:41:26 806,969 -c----w C:\WINDOWS\$NtServicePackUninstall$\moviemk.exe
    + 2002-08-29 03:41:26 815,161 -c----w C:\WINDOWS\$NtServicePackUninstall$\moviemk.exe
    - 2002-08-29 03:41:26 116,736 -c----w C:\WINDOWS\$NtServicePackUninstall$\mplay32.exe
    + 2002-08-29 03:41:26 123,392 -c----w C:\WINDOWS\$NtServicePackUninstall$\mplay32.exe
    - 2002-08-29 03:41:26 4,639 -c----w C:\WINDOWS\$NtServicePackUninstall$\mplayer2.exe
    + 2002-08-29 03:41:26 11,295 -c----w C:\WINDOWS\$NtServicePackUninstall$\mplayer2.exe
    - 2001-08-23 12:00:00 17,408 -c----w C:\WINDOWS\$NtServicePackUninstall$\mqbkup.exe
    + 2001-08-23 12:00:00 24,064 -c----w C:\WINDOWS\$NtServicePackUninstall$\mqbkup.exe
    - 2001-08-23 12:00:00 4,608 -c----w C:\WINDOWS\$NtServicePackUninstall$\mqsvc.exe
    + 2001-08-23 12:00:00 11,264 -c----w C:\WINDOWS\$NtServicePackUninstall$\mqsvc.exe
    - 2001-08-23 12:00:00 97,792 -c----w C:\WINDOWS\$NtServicePackUninstall$\mqtgsvc.exe
    + 2001-08-23 12:00:00 104,448 -c----w C:\WINDOWS\$NtServicePackUninstall$\mqtgsvc.exe
    - 2002-08-29 03:41:26 145,408 -c----w C:\WINDOWS\$NtServicePackUninstall$\msconfig.exe
    + 2002-08-29 03:41:26 152,064 -c----w C:\WINDOWS\$NtServicePackUninstall$\msconfig.exe
    - 2001-08-23 12:00:00 6,144 -c----w C:\WINDOWS\$NtServicePackUninstall$\msdtc.exe
    + 2001-08-23 12:00:00 12,800 -c----w C:\WINDOWS\$NtServicePackUninstall$\msdtc.exe
    - 2001-08-23 12:00:00 24,064 -c----w C:\WINDOWS\$NtServicePackUninstall$\mshta.exe
    + 2001-08-23 12:00:00 30,720 -c----w C:\WINDOWS\$NtServicePackUninstall$\mshta.exe
    - 2002-08-29 03:41:26 64,512 -c----w C:\WINDOWS\$NtServicePackUninstall$\msiexec.exe
    + 2002-08-29 03:41:26 71,168 -c----w C:\WINDOWS\$NtServicePackUninstall$\msiexec.exe
    - 2002-08-29 03:41:26 57,344 -c----w C:\WINDOWS\$NtServicePackUninstall$\msimn.exe
    + 2002-08-29 03:41:26 64,000 -c----w C:\WINDOWS\$NtServicePackUninstall$\msimn.exe
    - 2001-08-23 12:00:00 34,816 -c----w C:\WINDOWS\$NtServicePackUninstall$\msiregmv.exe
    + 2001-08-23 12:00:00 41,472 -c----w C:\WINDOWS\$NtServicePackUninstall$\msiregmv.exe
    - 2002-08-20 13:08:38 1,511,453 -c----w C:\WINDOWS\$NtServicePackUninstall$\msmsgs.exe
    + 2002-08-20 13:08:38 1,519,645 -c----w C:\WINDOWS\$NtServicePackUninstall$\msmsgs.exe
    - 2002-08-29 03:41:26 339,968 -c----w C:\WINDOWS\$NtServicePackUninstall$\mspaint.exe
    + 2002-08-29 03:41:26 346,624 -c----w C:\WINDOWS\$NtServicePackUninstall$\mspaint.exe
    - 2002-08-29 03:41:26 9,728 -c----w C:\WINDOWS\$NtServicePackUninstall$\mstinit.exe
    + 2002-08-29 03:41:26 16,384 -c----w C:\WINDOWS\$NtServicePackUninstall$\mstinit.exe
    - 2002-08-29 01:40:46 388,608 -c----w C:\WINDOWS\$NtServicePackUninstall$\mstsc.exe
    + 2002-08-29 01:40:46 395,264 -c----w C:\WINDOWS\$NtServicePackUninstall$\mstsc.exe
    - 2002-08-29 03:41:26 84,992 -c----w C:\WINDOWS\$NtServicePackUninstall$\muisetup.exe
    + 2002-08-29 03:41:26 91,648 -c----w C:\WINDOWS\$NtServicePackUninstall$\muisetup.exe
    - 2001-08-23 12:00:00 51,200 -c----w C:\WINDOWS\$NtServicePackUninstall$\narrator.exe
    + 2001-08-23 12:00:00 57,856 -c----w C:\WINDOWS\$NtServicePackUninstall$\narrator.exe
    - 2001-08-23 12:00:00 4,096 -c----w C:\WINDOWS\$NtServicePackUninstall$\nddeapir.exe
    + 2001-08-23 12:00:00 10,752 -c----w C:\WINDOWS\$NtServicePackUninstall$\nddeapir.exe
    - 2002-08-29 03:41:26 39,424 -c----w C:\WINDOWS\$NtServicePackUninstall$\net.exe
    + 2002-08-29 03:41:26 46,080 -c----w C:\WINDOWS\$NtServicePackUninstall$\net.exe
    - 2002-08-29 03:41:28 115,200 -c----w C:\WINDOWS\$NtServicePackUninstall$\net1.exe
    + 2002-08-29 03:41:28 121,856 -c----w C:\WINDOWS\$NtServicePackUninstall$\net1.exe
    - 2002-08-29 03:41:28 105,984 -c----w C:\WINDOWS\$NtServicePackUninstall$\netdde.exe
    + 2002-08-29 03:41:28 112,640 -c----w C:\WINDOWS\$NtServicePackUninstall$\netdde.exe
    - 2002-08-29 03:48:26 326,656 -c----w C:\WINDOWS\$NtServicePackUninstall$\netsetup.exe
    + 2002-08-29 03:48:26 334,336 -c----w C:\WINDOWS\$NtServicePackUninstall$\netsetup.exe
    - 2001-08-23 12:00:00 82,944 -c----w C:\WINDOWS\$NtServicePackUninstall$\netsh.exe
    + 2001-08-23 12:00:00 89,600 -c----w C:\WINDOWS\$NtServicePackUninstall$\netsh.exe
    - 2001-08-23 12:00:00 30,720 -c----w C:\WINDOWS\$NtServicePackUninstall$\netstat.exe
    + 2001-08-23 12:00:00 37,376 -c----w C:\WINDOWS\$NtServicePackUninstall$\netstat.exe
    - 2001-08-23 12:00:00 66,048 -c----w C:\WINDOWS\$NtServicePackUninstall$\notepad.exe
    + 2001-08-23 12:00:00 72,704 -c----w C:\WINDOWS\$NtServicePackUninstall$\notepad.exe
    - 2002-08-29 03:41:28 13,824 -c----w C:\WINDOWS\$NtServicePackUninstall$\nppagent.exe
    + 2002-08-29 03:41:28 20,480 -c----w C:\WINDOWS\$NtServicePackUninstall$\nppagent.exe
    - 2001-08-23 12:00:00 71,680 -c----w C:\WINDOWS\$NtServicePackUninstall$\nslookup.exe
    + 2001-08-23 12:00:00 78,336 -c----w C:\WINDOWS\$NtServicePackUninstall$\nslookup.exe
    - 2001-08-23 12:00:00 1,135,616 -c----w C:\WINDOWS\$NtServicePackUninstall$\ntbackup.exe
    + 2001-08-23 12:00:00 1,142,272 -c----w C:\WINDOWS\$NtServicePackUninstall$\ntbackup.exe
    - 2002-08-29 03:41:28 395,776 -c----w C:\WINDOWS\$NtServicePackUninstall$\ntvdm.exe
    + 2002-08-29 03:41:28 402,432 -c----w C:\WINDOWS\$NtServicePackUninstall$\ntvdm.exe
    - 2002-08-29 03:41:28 32,768 -c----w C:\WINDOWS\$NtServicePackUninstall$\odbcad32.exe
    + 2002-08-29 03:41:28 40,960 -c----w C:\WINDOWS\$NtServicePackUninstall$\odbcad32.exe
    - 2002-08-29 03:41:28 53,248 -c----w C:\WINDOWS\$NtServicePackUninstall$\odbcconf.exe
    + 2002-08-29 03:41:28 61,440 -c----w C:\WINDOWS\$NtServicePackUninstall$\odbcconf.exe
    - 2001-08-23 12:00:00 55,808 -c----w C:\WINDOWS\$NtServicePackUninstall$\oemig50.exe
    + 2001-08-23 12:00:00 62,464 -c----w C:\WINDOWS\$NtServicePackUninstall$\oemig50.exe
    - 2002-08-29 03:41:28 49,664 -c----w C:\WINDOWS\$NtServicePackUninstall$\oobebaln.exe
    + 2002-08-29 03:41:28 56,320 -c----w C:\WINDOWS\$NtServicePackUninstall$\oobebaln.exe
    - 2001-08-23 12:00:00 61,440 -c----w C:\WINDOWS\$NtServicePackUninstall$\openfiles.exe
    + 2001-08-23 12:00:00 68,096 -c----w C:\WINDOWS\$NtServicePackUninstall$\openfiles.exe
    - 2001-08-23 12:00:00 61,440 -c----w C:\WINDOWS\$NtServicePackUninstall$\opnfiles.exe
    + 2001-08-23 12:00:00 68,096 -c----w C:\WINDOWS\$NtServicePackUninstall$\opnfiles.exe
    - 2002-08-29 03:41:28 212,480 -c----w C:\WINDOWS\$NtServicePackUninstall$\osk.exe
    + 2002-08-29 03:41:28 219,136 -c----w C:\WINDOWS\$NtServicePackUninstall$\osk.exe
    - 2002-08-29 03:41:28 53,248 -c----w C:\WINDOWS\$NtServicePackUninstall$\packager.exe
    + 2002-08-29 03:41:28 59,904 -c----w C:\WINDOWS\$NtServicePackUninstall$\packager.exe
    - 2001-08-23 12:00:00 14,336 -c----w C:\WINDOWS\$NtServicePackUninstall$\perfmon.exe
    + 2001-08-23 12:00:00 20,992 -c----w C:\WINDOWS\$NtServicePackUninstall$\perfmon.exe
    - 2001-08-23 12:00:00 272,896 -c----w C:\WINDOWS\$NtServicePackUninstall$\pinball.exe
    + 2001-08-23 12:00:00 279,552 -c----w C:\WINDOWS\$NtServicePackUninstall$\pinball.exe
    - 2002-08-29 03:41:28 16,384 -c----w C:\WINDOWS\$NtServicePackUninstall$\ping.exe
    + 2002-08-29 03:41:28 23,040 -c----w C:\WINDOWS\$NtServicePackUninstall$\ping.exe
    - 2001-08-23 12:00:00 205,824 -c----w C:\WINDOWS\$NtServicePackUninstall$\progman.exe
    + 2001-08-23 12:00:00 212,480 -c----w C:\WINDOWS\$NtServicePackUninstall$\progman.exe
    - 2001-08-23 12:00:00 45,056 -c----w C:\WINDOWS\$NtServicePackUninstall$\proquota.exe
    + 2001-08-23 12:00:00 51,712 -c----w C:\WINDOWS\$NtServicePackUninstall$\proquota.exe
    - 2001-08-23 12:00:00 23,040 -c----w C:\WINDOWS\$NtServicePackUninstall$\proxycfg.exe
    + 2001-08-23 12:00:00 29,696 -c----w C:\WINDOWS\$NtServicePackUninstall$\proxycfg.exe
    - 2001-08-23 12:00:00 18,432 -c----w C:\WINDOWS\$NtServicePackUninstall$\qprocess.exe
    + 2001-08-23 12:00:00 25,088 -c----w C:\WINDOWS\$NtServicePackUninstall$\qprocess.exe
    - 2001-08-23 12:00:00 54,272 -c----w C:\WINDOWS\$NtServicePackUninstall$\rasphone.exe
    + 2001-08-23 12:00:00 60,928 -c----w C:\WINDOWS\$NtServicePackUninstall$\rasphone.exe
    - 2002-08-29 03:41:28 34,304 -c----w C:\WINDOWS\$NtServicePackUninstall$\rcimlby.exe
    + 2002-08-29 03:41:28 40,960 -c----w C:\WINDOWS\$NtServicePackUninstall$\rcimlby.exe
    - 2001-08-23 12:00:00 19,968 -c----w C:\WINDOWS\$NtServicePackUninstall$\rcp.exe
    + 2001-08-23 12:00:00 26,624 -c----w C:\WINDOWS\$NtServicePackUninstall$\rcp.exe
    - 2002-08-29 03:41:28 44,032 -c----w C:\WINDOWS\$NtServicePackUninstall$\rdpclip.exe
    + 2002-08-29 03:41:28 50,688 -c----w C:\WINDOWS\$NtServicePackUninstall$\rdpclip.exe
    - 2002-08-29 03:41:28 12,288 -c----w C:\WINDOWS\$NtServicePackUninstall$\rdsaddin.exe
    + 2002-08-29 03:41:28 18,944 -c----w C:\WINDOWS\$NtServicePackUninstall$\rdsaddin.exe
    - 2001-08-23 12:00:00 61,952 -c----w C:\WINDOWS\$NtServicePackUninstall$\rdshost.exe
    + 2001-08-23 12:00:00 68,608 -c----w C:\WINDOWS\$NtServicePackUninstall$\rdshost.exe
    - 2002-08-29 03:41:28 48,128 -c----w C:\WINDOWS\$NtServicePackUninstall$\reg.exe
    + 2002-08-29 03:41:28 54,784 -c----w C:\WINDOWS\$NtServicePackUninstall$\reg.exe
    - 2002-08-29 03:41:28 134,144 -c----w C:\WINDOWS\$NtServicePackUninstall$\regedit.exe
    + 2002-08-29 03:41:28 140,800 -c----w C:\WINDOWS\$NtServicePackUninstall$\regedit.exe
    - 2001-08-23 12:00:00 9,728 -c----w C:\WINDOWS\$NtServicePackUninstall$\regsvr32.exe
    + 2001-08-23 12:00:00 16,384 -c----w C:\WINDOWS\$NtServicePackUninstall$\regsvr32.exe
    - 2001-08-23 12:00:00 11,776 -c----w C:\WINDOWS\$NtServicePackUninstall$\rexec.exe
    + 2001-08-23 12:00:00 18,432 -c----w C:\WINDOWS\$NtServicePackUninstall$\rexec.exe
    - 2001-08-23 12:00:00 13,312 -c----w C:\WINDOWS\$NtServicePackUninstall$\rsh.exe
    + 2001-08-23 12:00:00 19,968 -c----w C:\WINDOWS\$NtServicePackUninstall$\rsh.exe
    - 2002-08-29 03:41:28 103,936 -c----w C:\WINDOWS\$NtServicePackUninstall$\rsnotify.exe
    + 2002-08-29 03:41:28 110,592 -c----w C:\WINDOWS\$NtServicePackUninstall$\rsnotify.exe
    - 2002-08-29 03:41:28 370,688 -c----w C:\WINDOWS\$NtServicePackUninstall$\rstrui.exe
    + 2002-08-29 03:41:28 377,344 -c----w C:\WINDOWS\$NtServicePackUninstall$\rstrui.exe
    - 2002-08-29 03:41:28 74,240 -c----w C:\WINDOWS\$NtServicePackUninstall$\rtcshare.exe
    + 2002-08-29 03:41:28 80,896 -c----w C:\WINDOWS\$NtServicePackUninstall$\rtcshare.exe
    - 2001-08-23 12:00:00 31,744 -c----w C:\WINDOWS\$NtServicePackUninstall$\rundll32.exe
    + 2001-08-23 12:00:00 38,400 -c----w C:\WINDOWS\$NtServicePackUninstall$\rundll32.exe
    - 2002-08-29 03:41:28 12,800 -c----w C:\WINDOWS\$NtServicePackUninstall$\runonce.exe
    + 2002-08-29 03:41:28 19,456 -c----w C:\WINDOWS\$NtServicePackUninstall$\runonce.exe
    - 2002-08-29 03:41:28 19,456 -c----w C:\WINDOWS\$NtServicePackUninstall$\savedump.exe
    + 2002-08-29 03:41:28 26,112 -c----w C:\WINDOWS\$NtServicePackUninstall$\savedump.exe
    - 2001-08-23 12:00:00 93,184 -c----w C:\WINDOWS\$NtServicePackUninstall$\scardsvr.exe
    + 2001-08-23 12:00:00 99,840 -c----w C:\WINDOWS\$NtServicePackUninstall$\scardsvr.exe
    - 2002-08-29 03:41:28 113,664 -c----w C:\WINDOWS\$NtServicePackUninstall$\schtasks.exe
    + 2002-08-29 03:41:28 120,320 -c----w C:\WINDOWS\$NtServicePackUninstall$\schtasks.exe
    - 2001-08-23 12:00:00 33,792 -c----w C:\WINDOWS\$NtServicePackUninstall$\scrcons.exe
    + 2001-08-23 12:00:00 40,448 -c----w C:\WINDOWS\$NtServicePackUninstall$\scrcons.exe
    - 2002-08-29 03:41:30 8,192 -c----w C:\WINDOWS\$NtServicePackUninstall$\scrnsave.scr
    + 2002-08-29 03:41:30 14,848 -c----w C:\WINDOWS\$NtServicePackUninstall$\scrnsave.scr
    - 2002-08-29 03:41:28 113,664 -c----w C:\WINDOWS\$NtServicePackUninstall$\sctasks.exe
    + 2002-08-29 03:41:28 120,320 -c----w C:\WINDOWS\$NtServicePackUninstall$\sctasks.exe
    - 2002-08-29 03:41:28 71,168 -c----w C:\WINDOWS\$NtServicePackUninstall$\sdbinst.exe
    + 2002-08-29 03:41:28 77,824 -c----w C:\WINDOWS\$NtServicePackUninstall$\sdbinst.exe
    - 2001-08-23 12:00:00 16,896 -c----w C:\WINDOWS\$NtServicePackUninstall$\secedit.exe
    + 2001-08-23 12:00:00 23,552 -c----w C:\WINDOWS\$NtServicePackUninstall$\secedit.exe
    - 2001-08-23 12:00:00 101,376 -c----w C:\WINDOWS\$NtServicePackUninstall$\services.exe
    + 2001-08-23 12:00:00 108,032 -c----w C:\WINDOWS\$NtServicePackUninstall$\services.exe
    - 2002-08-29 03:41:28 129,024 -c----w C:\WINDOWS\$NtServicePackUninstall$\sessmgr.exe
    + 2002-08-29 03:41:28 135,680 -c----w C:\WINDOWS\$NtServicePackUninstall$\sessmgr.exe
    - 2001-08-23 12:00:00 28,672 -c----w C:\WINDOWS\$NtServicePackUninstall$\sethc.exe
    + 2001-08-23 12:00:00 35,328 -c----w C:\WINDOWS\$NtServicePackUninstall$\sethc.exe
    - 2002-08-29 03:41:28 20,992 -c----w C:\WINDOWS\$NtServicePackUninstall$\setup.exe
    + 2002-08-29 03:41:28 27,648 -c----w C:\WINDOWS\$NtServicePackUninstall$\setup.exe
    - 2002-08-29 03:41:28 67,584 -c----w C:\WINDOWS\$NtServicePackUninstall$\setup50.exe
    + 2002-08-29 03:41:28 74,240 -c----w C:\WINDOWS\$NtServicePackUninstall$\setup50.exe
    - 2002-08-29 03:41:28 33,280 -c----w C:\WINDOWS\$NtServicePackUninstall$\shmgrate.exe
    + 2002-08-29 03:41:28 39,936 -c----w C:\WINDOWS\$NtServicePackUninstall$\shmgrate.exe
    - 2001-08-23 12:00:00 69,632 -c----w C:\WINDOWS\$NtServicePackUninstall$\shrpubw.exe
    + 2001-08-23 12:00:00 76,288 -c----w C:\WINDOWS\$NtServicePackUninstall$\shrpubw.exe
    - 2002-05-14 10:08:54 16,437 -c----w C:\WINDOWS\$NtServicePackUninstall$\shtml.exe
    + 2002-05-14 10:08:54 24,629 -c----w C:\WINDOWS\$NtServicePackUninstall$\shtml.exe
    - 2001-08-23 12:00:00 17,920 -c----w C:\WINDOWS\$NtServicePackUninstall$\shutdown.exe
    + 2001-08-23 12:00:00 24,576 -c----w C:\WINDOWS\$NtServicePackUninstall$\shutdown.exe
    - 2002-08-29 03:41:28 66,048 -c----w C:\WINDOWS\$NtServicePackUninstall$\sigverif.exe
    + 2002-08-29 03:41:28 72,704 -c----w C:\WINDOWS\$NtServicePackUninstall$\sigverif.exe
    - 2002-08-29 03:41:28 24,064 -c----w C:\WINDOWS\$NtServicePackUninstall$\skeys.exe
    + 2002-08-29 03:41:28 30,720 -c----w C:\WINDOWS\$NtServicePackUninstall$\skeys.exe
    - 2002-08-29 03:41:28 226,304 -c----w C:\WINDOWS\$NtServicePackUninstall$\smi2smir.exe
    + 2002-08-29 03:41:28 232,960 -c----w C:\WINDOWS\$NtServicePackUninstall$\smi2smir.exe
    - 2002-08-29 03:41:28 82,944 -c----w C:\WINDOWS\$NtServicePackUninstall$\smlogsvc.exe
    + 2002-08-29 03:41:28 89,600 -c----w C:\WINDOWS\$NtServicePackUninstall$\smlogsvc.exe
    - 2001-08-23 12:00:00 124,416 -c----w C:\WINDOWS\$NtServicePackUninstall$\sndrec32.exe
    + 2001-08-23 12:00:00 131,072 -c----w C:\WINDOWS\$NtServicePackUninstall$\sndrec32.exe
    - 2002-08-29 03:41:28 29,696 -c----w C:\WINDOWS\$NtServicePackUninstall$\snmp.exe
    + 2002-08-29 03:41:28 36,352 -c----w C:\WINDOWS\$NtServicePackUninstall$\snmp.exe
    - 2001-08-23 12:00:00 8,192 -c----w C:\WINDOWS\$NtServicePackUninstall$\snmptrap.exe
    + 2001-08-23 12:00:00 14,848 -c----w C:\WINDOWS\$NtServicePackUninstall$\snmptrap.exe
    - 2002-08-29 03:41:28 534,016 -c----w C:\WINDOWS\$NtServicePackUninstall$\spider.exe
    + 2002-08-29 03:41:28 540,672 -c----w C:\WINDOWS\$NtServicePackUninstall$\spider.exe
    - 2002-08-29 01:48:14 10,752 -c----w C:\WINDOWS\$NtServicePackUninstall$\spiisupd.exe
    + 2002-08-29 01:48:14 17,408 -c----w C:\WINDOWS\$NtServicePackUninstall$\spiisupd.exe
    - 2001-08-23 12:00:00 51,200 -c----w C:\WINDOWS\$NtServicePackUninstall$\spoolsv.exe
    + 2001-08-23 12:00:00 57,856 -c----w C:\WINDOWS\$NtServicePackUninstall$\spoolsv.exe
    - 2004-08-03 21:42:32 170,496 -c----w C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe
    + 2004-08-03 21:42:32 177,152 -c----w C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe
    - 2002-08-29 03:41:30 667,648 -c----w C:\WINDOWS\$NtServicePackUninstall$\ss3dfo.scr
    + 2002-08-29 03:41:30 675,840 -c----w C:\WINDOWS\$NtServicePackUninstall$\ss3dfo.scr
    - 2002-08-29 03:41:30 18,944 -c----w C:\WINDOWS\$NtServicePackUninstall$\ssbezier.scr
    + 2002-08-29 03:41:30 25,600 -c----w C:\WINDOWS\$NtServicePackUninstall$\ssbezier.scr
    - 2002-08-29 03:41:30 364,544 -c----w C:\WINDOWS\$NtServicePackUninstall$\ssflwbox.scr
    + 2002-08-29 03:41:30 372,736 -c----w C:\WINDOWS\$NtServicePackUninstall$\ssflwbox.scr
    - 2002-08-29 03:41:30 19,456 -c----w C:\WINDOWS\$NtServicePackUninstall$\ssmarque.scr
    + 2002-08-29 03:41:30 26,112 -c----w C:\WINDOWS\$NtServicePackUninstall$\ssmarque.scr
    - 2001-08-23 12:00:00 43,008 -c----w C:\WINDOWS\$NtServicePackUninstall$\ssmypics.scr
    + 2001-08-23 12:00:00 49,664 -c----w C:\WINDOWS\$NtServicePackUninstall$\ssmypics.scr
    - 2002-08-29 03:41:30 17,408 -c----w C:\WINDOWS\$NtServicePackUninstall$\ssmyst.scr
    + 2002-08-29 03:41:30 24,064 -c----w C:\WINDOWS\$NtServicePackUninstall$\ssmyst.scr
    - 2002-08-29 03:41:32 569,344 -c----w C:\WINDOWS\$NtServicePackUninstall$\sspipes.scr
    + 2002-08-29 03:41:32 577,536 -c----w C:\WINDOWS\$NtServicePackUninstall$\sspipes.scr
    - 2002-08-29 03:41:32 13,312 -c----w C:\WINDOWS\$NtServicePackUninstall$\ssstars.scr
    + 2002-08-29 03:41:32 19,968 -c----w C:\WINDOWS\$NtServicePackUninstall$\ssstars.scr
    - 2002-08-29 03:41:32 638,976 -c----w C:\WINDOWS\$NtServicePackUninstall$\sstext3d.scr
    + 2002-08-29 03:41:32 647,168 -c----w C:\WINDOWS\$NtServicePackUninstall$\sstext3d.scr
    - 2001-08-23 12:00:00 20,480 -c----w C:\WINDOWS\$NtServicePackUninstall$\stimon.exe
    + 2001-08-23 12:00:00 27,136 -c----w C:\WINDOWS\$NtServicePackUninstall$\stimon.exe
    - 2001-08-23 12:00:00 12,800 -c----w C:\WINDOWS\$NtServicePackUninstall$\svchost.exe
    + 2001-08-23 12:00:00 19,456 -c----w C:\WINDOWS\$NtServicePackUninstall$\svchost.exe
    - 2001-08-23 12:00:00 103,936 -c----w C:\WINDOWS\$NtServicePackUninstall$\sysocmgr.exe
    + 2001-08-23 12:00:00 110,592 -c----w C:\WINDOWS\$NtServicePackUninstall$\sysocmgr.exe
    - 2002-08-29 03:41:28 128,512 -c----w C:\WINDOWS\$NtServicePackUninstall$\taskmgr.exe
    + 2002-08-29 03:41:28 135,168 -c----w C:\WINDOWS\$NtServicePackUninstall$\taskmgr.exe
    - 2002-05-14 10:08:54 32,827 -c----w C:\WINDOWS\$NtServicePackUninstall$\tcptest.exe
    + 2002-05-14 10:08:54 41,019 -c----w C:\WINDOWS\$NtServicePackUninstall$\tcptest.exe
    - 2002-08-29 03:41:28 71,168 -c----w C:\WINDOWS\$NtServicePackUninstall$\telnet.exe
    + 2002-08-29 03:41:28 77,824 -c----w C:\WINDOWS\$NtServicePackUninstall$\telnet.exe
    - 2002-08-29 03:41:28 57,856 -c----w C:\WINDOWS\$NtServicePackUninstall$\tlntadmn.exe
    + 2002-08-29 03:41:28 64,512 -c----w C:\WINDOWS\$NtServicePackUninstall$\tlntadmn.exe
    - 2002-08-29 03:41:28 73,728 -c----w C:\WINDOWS\$NtServicePackUninstall$\tlntsess.exe
    + 2002-08-29 03:41:28 80,384 -c----w C:\WINDOWS\$NtServicePackUninstall$\tlntsess.exe
    - 2002-08-29 03:41:28 67,584 -c----w C:\WINDOWS\$NtServicePackUninstall$\tlntsvr.exe
    + 2002-08-29 03:41:28 74,240 -c----w C:\WINDOWS\$NtServicePackUninstall$\tlntsvr.exe
    - 2001-08-23 12:00:00 346,624 -c----w C:\WINDOWS\$NtServicePackUninstall$\tourstart.exe
    + 2001-08-23 12:00:00 353,280 -c----w C:\WINDOWS\$NtServicePackUninstall$\tourstart.exe
    - 2001-08-23 12:00:00 346,624 -c----w C:\WINDOWS\$NtServicePackUninstall$\tourstrt.exe
    + 2001-08-23 12:00:00 353,280 -c----w C:\WINDOWS\$NtServicePackUninstall$\tourstrt.exe
    - 2002-08-29 03:41:28 231,936 -c----w C:\WINDOWS\$NtServicePackUninstall$\tracerpt.exe
    + 2002-08-29 03:41:28 238,592 -c----w C:\WINDOWS\$NtServicePackUninstall$\tracerpt.exe
    - 2002-08-29 03:41:28 10,752 -c----w C:\WINDOWS\$NtServicePackUninstall$\tracert.exe
    + 2002-08-29 03:41:28 17,408 -c----w C:\WINDOWS\$NtServicePackUninstall$\tracert.exe
    - 2002-08-29 01:40:46 40,960 -c----w C:\WINDOWS\$NtServicePackUninstall$\tscupgrd.exe
    + 2002-08-29 01:40:46 47,616 -c----w C:\WINDOWS\$NtServicePackUninstall$\tscupgrd.exe
    - 2001-08-23 12:00:00 138,752 -c----w C:\WINDOWS\$NtServicePackUninstall$\uploadm.exe
    + 2001-08-23 12:00:00 145,408 -c----w C:\WINDOWS\$NtServicePackUninstall$\uploadm.exe
    - 2001-08-23 12:00:00 14,848 -c----w C:\WINDOWS\$NtServicePackUninstall$\upnpcont.exe
    + 2001-08-23 12:00:00 21,504 -c----w C:\WINDOWS\$NtServicePackUninstall$\upnpcont.exe
    - 2002-08-29 03:41:28 16,384 -c----w C:\WINDOWS\$NtServicePackUninstall$\ups.exe
    + 2002-08-29 03:41:28 23,040 -c----w C:\WINDOWS\$NtServicePackUninstall$\ups.exe
    - 2002-08-29 03:41:28 22,016 -c----w C:\WINDOWS\$NtServicePackUninstall$\userinit.exe
    + 2002-08-29 03:41:28 28,672 -c----w C:\WINDOWS\$NtServicePackUninstall$\userinit.exe
    - 2002-08-29 03:41:28 47,616 -c----w C:\WINDOWS\$NtServicePackUninstall$\utilman.exe
    + 2002-08-29 03:41:28 54,272 -c----w C:\WINDOWS\$NtServicePackUninstall$\utilman.exe
    - 2001-08-23 12:00:00 275,456 -c----w C:\WINDOWS\$NtServicePackUninstall$\vssvc.exe
    + 2001-08-23 12:00:00 282,112 -c----w C:\WINDOWS\$NtServicePackUninstall$\vssvc.exe
    - 2001-08-23 12:00:00 43,008 -c----w C:\WINDOWS\$NtServicePackUninstall$\wab.exe
    + 2001-08-23 12:00:00 49,664 -c----w C:\WINDOWS\$NtServicePackUninstall$\wab.exe
    - 2001-08-23 12:00:00 27,648 -c----w C:\WINDOWS\$NtServicePackUninstall$\wabmig.exe
    + 2001-08-23 12:00:00 34,304 -c----w C:\WINDOWS\$NtServicePackUninstall$\wabmig.exe
    - 2001-08-23 12:00:00 157,696 -c----w C:\WINDOWS\$NtServicePackUninstall$\wbemtest.exe
    + 2001-08-23 12:00:00 164,352 -c----w C:\WINDOWS\$NtServicePackUninstall$\wbemtest.exe
    - 2002-08-29 03:41:28 60,416 -c----w C:\WINDOWS\$NtServicePackUninstall$\wextract.exe
    + 2002-08-29 03:41:28 67,072 -c----w C:\WINDOWS\$NtServicePackUninstall$\wextract.exe
    - 2001-08-23 12:00:00 414,720 -c----w C:\WINDOWS\$NtServicePackUninstall$\wiaacmgr.exe
    + 2001-08-23 12:00:00 421,376 -c----w C:\WINDOWS\$NtServicePackUninstall$\wiaacmgr.exe
    - 2002-08-29 03:41:28 266,752 -c----w C:\WINDOWS\$NtServicePackUninstall$\winhlp32.exe
    + 2002-08-29 03:41:28 273,408 -c----w C:\WINDOWS\$NtServicePackUninstall$\winhlp32.exe
    - 2002-08-29 03:41:28 516,608 -c----w C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe
    + 2002-08-29 03:41:28 523,264 -c----w C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe
    - 2001-08-23 12:00:00 4,096 -c----w C:\WINDOWS\$NtServicePackUninstall$\winver.exe
    + 2001-08-23 12:00:00 10,752 -c----w C:\WINDOWS\$NtServicePackUninstall$\winver.exe
    - 2001-08-23 12:00:00 183,808 -c----w C:\WINDOWS\$NtServicePackUninstall$\wmiadap.exe
    + 2001-08-23 12:00:00 190,464 -c----w C:\WINDOWS\$NtServicePackUninstall$\wmiadap.exe
    - 2001-08-23 12:00:00 117,248 -c----w C:\WINDOWS\$NtServicePackUninstall$\wmiapsrv.exe
    + 2001-08-23 12:00:00 123,904 -c----w C:\WINDOWS\$NtServicePackUninstall$\wmiapsrv.exe
    - 2002-08-29 03:41:28 329,216 -c----w C:\WINDOWS\$NtServicePackUninstall$\wmic.exe
    + 2002-08-29 03:41:28 335,872 -c----w C:\WINDOWS\$NtServicePackUninstall$\wmic.exe
    - 2002-08-29 03:41:28 203,776 -c----w C:\WINDOWS\$NtServicePackUninstall$\wmiprvse.exe
    + 2002-08-29 03:41:28 210,432 -c----w C:\WINDOWS\$NtServicePackUninstall$\wmiprvse.exe
    - 2002-08-29 03:41:28 200,704 -c----w C:\WINDOWS\$NtServicePackUninstall$\wordpad.exe
    + 2002-08-29 03:41:28 207,360 -c----w C:\WINDOWS\$NtServicePackUninstall$\wordpad.exe
    - 2001-08-23 12:00:00 31,232 -c----w C:\WINDOWS\$NtServicePackUninstall$\wpabaln.exe
    + 2001-08-23 12:00:00 37,888 -c----w C:\WINDOWS\$NtServicePackUninstall$\wpabaln.exe
    - 2001-08-23 12:00:00 29,184 -c----w C:\WINDOWS\$NtServicePackUninstall$\wpnpinst.exe
    + 2001-08-23 12:00:00 35,840 -c----w C:\WINDOWS\$NtServicePackUninstall$\wpnpinst.exe
    - 2001-08-23 12:00:00 118,834 -c----w C:\WINDOWS\$NtServicePackUninstall$\wscript.exe
    + 2001-08-23 12:00:00 127,026 -c----w C:\WINDOWS\$NtServicePackUninstall$\wscript.exe
    - 2002-08-29 03:41:28 139,776 -c----w C:\WINDOWS\$NtServicePackUninstall$\wuauclt.exe
    + 2002-08-29 03:41:28 146,432 -c----w C:\WINDOWS\$NtServicePackUninstall$\wuauclt.exe
    - 2001-08-23 12:00:00 28,160 -c----w C:\WINDOWS\$NtServicePackUninstall$\xcopy.exe
    + 2001-08-23 12:00:00 34,816 -c----w C:\WINDOWS\$NtServicePackUninstall$\xcopy.exe
    - 2003-05-11 14:26:34 89,088 -c----w C:\WINDOWS\$NtUninstallKB823980$\spuninst\spuninst.exe
    + 2003-05-11 14:26:34 95,744 -c----w C:\WINDOWS\$NtUninstallKB823980$\spuninst\spuninst.exe
    - 2003-08-02 04:14:56 100,352 -c----w C:\WINDOWS\$NtUninstallKB824146$\spuninst\spuninst.exe
    + 2003-08-02 04:14:56 107,008 -c----w C:\WINDOWS\$NtUninstallKB824146$\spuninst\spuninst.exe
    - 2003-10-14 06:50:14 140,800 -c----w C:\WINDOWS\$NtUninstallKB828035$\spuninst\spuninst.exe
    + 2003-10-14 06:50:14 147,456 -c----w C:\WINDOWS\$NtUninstallKB828035$\spuninst\spuninst.exe
    - 2004-01-10 05:11:06 140,800 -c----w C:\WINDOWS\$NtUninstallKB835732$\spuninst\spuninst.exe
    + 2004-01-10 05:11:06 147,456 -c----w C:\WINDOWS\$NtUninstallKB835732$\spuninst\spuninst.exe
    - 2008-05-22 19:13:25 2,048 ----a-w C:\WINDOWS\bootstat.dat
    + 2008-05-26 19:14:22 2,048 ----a-w C:\WINDOWS\bootstat.dat
    - 2003-05-19 19:33:54 217,088 ----a-r C:\WINDOWS\Cache\Adobe Reader 6\setup.exe
    + 2003-05-19 19:33:54 225,280 ----a-r C:\WINDOWS\Cache\Adobe Reader 6\setup.exe
    - 2004-07-13 20:12:38 69,632 ------w C:\WINDOWS\erase_SR.exe
    + 2004-07-13 20:12:38 83,784 ------w C:\WINDOWS\erase_SR.exe
    - 2005-10-20 18:02:28 163,328 ----a-w C:\WINDOWS\erdnt\subs\ERDNT.EXE
    + 2005-10-20 18:02:28 173,568 ----a-w C:\WINDOWS\erdnt\subs\ERDNT.EXE
    - 2000-08-31 06:00:00 89,504 ----a-w C:\WINDOWS\fdsv.exe
    + 2000-08-31 06:00:00 97,696 ----a-w C:\WINDOWS\fdsv.exe
    - 2000-08-31 06:00:00 80,412 ----a-w C:\WINDOWS\grep.exe
    + 2000-08-31 06:00:00 87,068 ----a-w C:\WINDOWS\grep.exe
    - 2005-09-06 08:42:59 49,152 ----a-r C:\WINDOWS\Installer\{17293791-C82E-476C-9997-9A0FF234A19B}\NewShortcut1_17293791C82E476C99979A0FF234A19B.exe
    + 2005-09-06 08:42:59 57,344 ----a-r C:\WINDOWS\Installer\{17293791-C82E-476C-9997-9A0FF234A19B}\NewShortcut1_17293791C82E476C99979A0FF234A19B.exe
    - 2005-09-06 08:43:03 40,960 ----a-r C:\WINDOWS\Installer\{20FBC0A0-3160-4F14-83ED-3A74BB6B8C31}\NewShortcut1.A6CC6977_F7B4_4C0B_9510_BCD847D4BDB2.exe
    + 2005-09-06 08:43:03 49,152 ----a-r C:\WINDOWS\Installer\{20FBC0A0-3160-4F14-83ED-3A74BB6B8C31}\NewShortcut1.A6CC6977_F7B4_4C0B_9510_BCD847D4BDB2.exe
    - 2004-10-01 14:21:49 166,912 ----a-r C:\WINDOWS\Installer\{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}\places.exe
    + 2004-10-01 14:21:49 173,568 ----a-r C:\WINDOWS\Installer\{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}\places.exe
    - 2004-10-07 08:31:45 49,152 ----a-r C:\WINDOWS\Installer\{609F7AC8-C510-11D4-A788-009027ABA5D0}\_358549803C93_44DD_B1D6_E56E21E4D1E3.exe
    + 2004-10-07 08:31:45 57,344 ----a-r C:\WINDOWS\Installer\{609F7AC8-C510-11D4-A788-009027ABA5D0}\_358549803C93_44DD_B1D6_E56E21E4D1E3.exe
    - 2005-09-06 08:42:31 45,056 ----a-r C:\WINDOWS\Installer\{64FC0C98-B035-4530-B15D-3D30610B6DF1}\HPSUShortcut2_936C42D08CEE4BDFB8CEC4BDC93C6CF8_1.exe
    + 2005-09-06 08:42:31 53,248 ----a-r C:\WINDOWS\Installer\{64FC0C98-B035-4530-B15D-3D30610B6DF1}\HPSUShortcut2_936C42D08CEE4BDFB8CEC4BDC93C6CF8_1.exe
    - 2004-10-01 16:22:36 32,768 ----a-r C:\WINDOWS\Installer\{716E0306-8318-4364-8B8F-0CC4E9376BAC}\icon.exe
    + 2004-10-01 16:22:36 40,960 ----a-r C:\WINDOWS\Installer\{716E0306-8318-4364-8B8F-0CC4E9376BAC}\icon.exe
    - 2004-10-01 17:23:20 34,304 ----a-r C:\WINDOWS\Installer\{901E0413-6000-11D3-8CFE-0050048383C9}\misc.exe
    + 2004-10-01 17:23:20 40,960 ----a-r C:\WINDOWS\Installer\{901E0413-6000-11D3-8CFE-0050048383C9}\misc.exe
    - 2004-10-01 17:02:54 34,304 ----a-r C:\WINDOWS\Installer\{901F0407-6000-11D3-8CFE-0050048383C9}\misc.exe
    + 2004-10-01 17:02:54 40,960 ----a-r C:\WINDOWS\Installer\{901F0407-6000-11D3-8CFE-0050048383C9}\misc.exe
    - 2004-10-06 12:45:37 167,936 ----a-r C:\WINDOWS\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\accicons.exe
    + 2004-10-06 12:45:37 176,128 ----a-r C:\WINDOWS\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\accicons.exe
    - 2004-10-06 12:45:37 2,560 ----a-r C:\WINDOWS\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\cagicon.exe
    + 2004-10-06 12:45:37 9,216 ----a-r C:\WINDOWS\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\cagicon.exe
    - 2004-10-06 12:45:37 81,920 ----a-r C:\WINDOWS\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\fpicon.exe
    + 2004-10-06 12:45:37 90,112 ----a-r C:\WINDOWS\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\fpicon.exe
    - 2004-10-06 12:45:37 34,304 ----a-r C:\WINDOWS\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\misc.exe
    + 2004-10-06 12:45:37 40,960 ----a-r C:\WINDOWS\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\misc.exe
    - 2004-10-06 12:45:37 8,192 ----a-r C:\WINDOWS\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\mspicons.exe
    + 2004-10-06 12:45:37 14,848 ----a-r C:\WINDOWS\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\mspicons.exe
    - 2004-10-06 12:45:37 3,584 ----a-r C:\WINDOWS\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\opwicon.exe
    + 2004-10-06 12:45:37 10,240 ----a-r C:\WINDOWS\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\opwicon.exe
    - 2004-10-06 12:45:37 114,688 ----a-r C:\WINDOWS\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\outicon.exe
    + 2004-10-06 12:45:37 122,880 ----a-r C:\WINDOWS\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\outicon.exe
    - 2004-10-06 12:45:37 16,384 ----a-r C:\WINDOWS\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\PEicons.exe
    + 2004-10-06 12:45:37 23,040 ----a-r C:\WINDOWS\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\PEicons.exe
    - 2004-10-06 12:45:37 30,720 ----a-r C:\WINDOWS\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\pptico.exe
    + 2004-10-06 12:45:37 37,376 ----a-r C:\WINDOWS\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\pptico.exe
    - 2004-10-06 12:45:37 22,528 ----a-r C:\WINDOWS\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\unbndico.exe
    + 2004-10-06 12:45:37 29,184 ----a-r C:\WINDOWS\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\unbndico.exe
    - 2004-12-14 15:50:59 65,536 ----a-r C:\WINDOWS\Installer\{9D8FEE90-0377-49A9-AEFB-525BDE549BA4}\NewShortcut1.exe
    + 2004-12-14 15:50:59 73,728 ----a-r C:\WINDOWS\Installer\{9D8FEE90-0377-49A9-AEFB-525BDE549BA4}\NewShortcut1.exe
    - 2004-12-14 15:50:59 65,536 ----a-r C:\WINDOWS\Installer\{9D8FEE90-0377-49A9-AEFB-525BDE549BA4}\NewShortcut2.exe
    + 2004-12-14 15:50:59 73,728 ----a-r C:\WINDOWS\Installer\{9D8FEE90-0377-49A9-AEFB-525BDE549BA4}\NewShortcut2.exe
    - 2006-11-07 12:46:13 6,656 ----a-r C:\WINDOWS\Installer\{BC3E6DAB-253A-455E-A0C8-ACC5CE9D0D62}\ARIcon.exe
    + 2006-11-07 12:46:13 13,312 ----a-r C:\WINDOWS\Installer\{BC3E6DAB-253A-455E-A0C8-ACC5CE9D0D62}\ARIcon.exe
    - 2006-11-07 12:46:13 135,168 ----a-r C:\WINDOWS\Installer\{BC3E6DAB-253A-455E-A0C8-ACC5CE9D0D62}\misc.5F3981BD_0835_4200_A8E0_81FC138D2110.exe
    + 2006-11-07 12:46:13 143,360 ----a-r C:\WINDOWS\Installer\{BC3E6DAB-253A-455E-A0C8-ACC5CE9D0D62}\misc.5F3981BD_0835_4200_A8E0_81FC138D2110.exe
    - 2004-12-14 15:51:35 65,536 ----a-r C:\WINDOWS\Installer\{CA60320D-6A16-49C8-A34F-84EEF4799567}\NewShortcut11.exe
    + 2004-12-14 15:51:35 73,728 ----a-r C:\WINDOWS\Installer\{CA60320D-6A16-49C8-A34F-84EEF4799567}\NewShortcut11.exe
    - 2004-12-14 15:51:35 65,536 ----a-r C:\WINDOWS\Installer\{CA60320D-6A16-49C8-A34F-84EEF4799567}\NewShortcut12.exe
    + 2004-12-14 15:51:35 73,728 ----a-r C:\WINDOWS\Installer\{CA60320D-6A16-49C8-A34F-84EEF4799567}\NewShortcut12.exe
    - 2004-12-14 15:51:35 65,536 ----a-r C:\WINDOWS\Installer\{CA60320D-6A16-49C8-A34F-84EEF4799567}\NewShortcut13.exe
    + 2004-12-14 15:51:35 73,728 ----a-r C:\WINDOWS\Installer\{CA60320D-6A16-49C8-A34F-84EEF4799567}\NewShortcut13.exe
    - 2004-12-14 15:51:35 65,536 ----a-r C:\WINDOWS\Installer\{CA60320D-6A16-49C8-A34F-84EEF4799567}\NewShortcut4.exe
    + 2004-12-14 15:51:35 73,728 ----a-r C:\WINDOWS\Installer\{CA60320D-6A16-49C8-A34F-84EEF4799567}\NewShortcut4.exe
    - 2004-12-14 15:51:35 65,536 ----a-r C:\WINDOWS\Installer\{CA60320D-6A16-49C8-A34F-84EEF4799567}\NewShortcut5.exe
    + 2004-12-14 15:51:35 73,728 ----a-r C:\WINDOWS\Installer\{CA60320D-6A16-49C8-A34F-84EEF4799567}\NewShortcut5.exe
    - 2004-12-14 15:51:35 65,536 ----a-r C:\WINDOWS\Installer\{CA60320D-6A16-49C8-A34F-84EEF4799567}\NewShortcut6.exe
    + 2004-12-14 15:51:35 73,728 ----a-r C:\WINDOWS\Installer\{CA60320D-6A16-49C8-A34F-84EEF4799567}\NewShortcut6.exe
    - 2004-12-14 15:51:35 65,536 ----a-r C:\WINDOWS\Installer\{CA60320D-6A16-49C8-A34F-84EEF4799567}\NewShortcut7.exe
    + 2004-12-14 15:51:35 73,728 ----a-r C:\WINDOWS\Installer\{CA60320D-6A16-49C8-A34F-84EEF4799567}\NewShortcut7.exe
    - 2004-12-14 15:51:35 65,536 ----a-r C:\WINDOWS\Installer\{CA60320D-6A16-49C8-A34F-84EEF4799567}\NewShortcut8.exe
    + 2004-12-14 15:51:35 73,728 ----a-r C:\WINDOWS\Installer\{CA60320D-6A16-49C8-A34F-84EEF4799567}\NewShortcut8.exe
    - 2004-12-14 15:51:35 65,536 ----a-r C:\WINDOWS\Installer\{CA60320D-6A16-49C8-A34F-84EEF4799567}\NewShortcut9.exe
    + 2004-12-14 15:51:35 73,728 ----a-r C:\WINDOWS\Installer\{CA60320D-6A16-49C8-A34F-84EEF4799567}\NewShortcut9.exe
    - 2004-12-14 15:51:35 65,536 ----a-r C:\WINDOWS\Installer\{CA60320D-6A16-49C8-A34F-84EEF4799567}\TutorialSC.exe
    + 2004-12-14 15:51:35 73,728 ----a-r C:\WINDOWS\Installer\{CA60320D-6A16-49C8-A34F-84EEF4799567}\TutorialSC.exe
    - 1998-10-29 14:45:06 306,688 ----a-w C:\WINDOWS\IsUninst.exe
    + 1998-10-29 14:45:06 313,344 ----a-w C:\WINDOWS\IsUninst.exe
    - 2003-02-20 17:09:46 57,344 ----a-w C:\WINDOWS\Microsoft.NET\Framework\NETFXSBS10.exe
    + 2003-02-20 17:09:46 65,536 ----a-w C:\WINDOWS\Microsoft.NET\Framework\NETFXSBS10.exe
    - 2003-02-20 17:19:34 20,480 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_regiis.exe
    + 2003-02-20 17:19:34 28,672 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_regiis.exe
    - 2003-02-20 17:19:36 32,768 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_wp.exe
    + 2003-02-20 17:19:36 40,960 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_wp.exe
    - 2003-02-21 05:24:10 94,208 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\CasPol.exe
    + 2003-02-21 05:24:10 102,400 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\CasPol.exe
    - 2003-02-21 05:24:32 49,152 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\ConfigWizards.exe
    + 2003-02-21 05:24:32 57,344 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\ConfigWizards.exe
    - 2003-02-21 08:20:44 49,152 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\csc.exe
    + 2003-02-21 08:20:44 57,344 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\csc.exe
    - 2003-02-21 02:12:24 28,672 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\cvtres.exe
    + 2003-02-21 02:12:24 36,864 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\cvtres.exe
    - 2003-02-21 05:24:38 7,680 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\IEExec.exe
    + 2003-02-21 05:24:38 14,336 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\IEExec.exe
    - 2003-02-20 17:09:40 196,608 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\ilasm.exe
    + 2003-02-20 17:09:40 204,800 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\ilasm.exe
    - 2003-02-21 05:24:42 15,872 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\InstallUtil.exe
    + 2003-02-21 05:24:42 22,528 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\InstallUtil.exe
    - 2003-02-21 05:24:52 40,960 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\jsc.exe
    + 2003-02-21 05:24:52 49,152 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\jsc.exe
    - 2003-02-21 05:25:04 49,152 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\MigPol.exe
    + 2003-02-21 05:25:04 57,344 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\MigPol.exe
    - 2003-02-21 05:25:04 49,152 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\MigPolWin.exe
    + 2003-02-21 05:25:04 57,344 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\MigPolWin.exe
    - 2003-02-20 17:09:46 73,728 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\ngen.exe
    + 2003-02-20 17:09:46 81,920 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\ngen.exe
    - 2003-02-21 05:25:24 28,672 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\RegAsm.exe
    + 2003-02-21 05:25:24 36,864 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\RegAsm.exe
    - 2003-02-21 05:25:30 12,288 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\RegSvcs.exe
    + 2003-02-21 05:25:30 18,944 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\RegSvcs.exe
    - 2003-02-21 08:20:38 737,280 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\vbc.exe
    + 2003-02-21 08:20:38 745,472 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\vbc.exe
    - 2004-08-03 23:56:48 256,512 ----a-w C:\WINDOWS\msagent\agentsvr.exe
    + 2004-08-03 23:56:48 263,168 ----a-w C:\WINDOWS\msagent\agentsvr.exe
    - 2004-08-03 23:56:54 90,624 ----a-w C:\WINDOWS\mui\muisetup.exe
    + 2004-08-03 23:56:54 97,280 ----a-w C:\WINDOWS\mui\muisetup.exe
    - 2004-08-03 23:56:50 768,512 ----a-w C:\WINDOWS\PCHealth\HelpCtr\Binaries\helpctr.exe
    + 2004-08-03 23:56:50 775,168 ----a-w C:\WINDOWS\PCHealth\HelpCtr\Binaries\helpctr.exe
    - 2001-08-23 12:00:00 99,840 ----a-w C:\WINDOWS\PCHealth\HelpCtr\Binaries\HelpHost.exe
    + 2001-08-23 12:00:00 106,496 ----a-w C:\WINDOWS\PCHealth\HelpCtr\Binaries\HelpHost.exe
    - 2004-08-03 23:56:52 743,936 ----a-w C:\WINDOWS\PCHealth\HelpCtr\Binaries\helpsvc.exe
    + 2004-08-03 23:56:52 750,592 ----a-w C:\WINDOWS\PCHealth\HelpCtr\Binaries\helpsvc.exe
    - 2004-08-03 23:56:52 18,944 ----a-w C:\WINDOWS\PCHealth\HelpCtr\Binaries\hscupd.exe
    + 2004-08-03 23:56:52 25,600 ----a-w C:\WINDOWS\PCHealth\HelpCtr\Binaries\hscupd.exe
    - 2004-08-03 23:56:54 158,208 ----a-w C:\WINDOWS\PCHealth\HelpCtr\Binaries\msconfig.exe
    + 2004-08-03 23:56:54 164,864 ----a-w C:\WINDOWS\PCHealth\HelpCtr\Binaries\msconfig.exe
    - 2001-08-23 12:00:00 35,328 ----a-w C:\WINDOWS\PCHealth\HelpCtr\Binaries\notiflag.exe
    + 2001-08-23 12:00:00 41,984 ----a-w C:\WINDOWS\PCHealth\HelpCtr\Binaries\notiflag.exe
    - 2004-08-03 23:56:58 150,528 ----a-w C:\WINDOWS\PCHealth\UploadLB\Binaries\uploadm.exe
    + 2004-08-03 23:56:58 157,184 ----a-w C:\WINDOWS\PCHealth\UploadLB\Binaries\uploadm.exe
    - 2002-08-29 03:41:28 221,184 ----a-w C:\WINDOWS\RegisteredPackages\{3FDF25EE-E592-4495-8391-6E9C504DAC2B}$BACKUP$\System\setup_wm.exe
    + 2002-08-29 03:41:28 229,376 ----a-w C:\WINDOWS\RegisteredPackages\{3FDF25EE-E592-4495-8391-6E9C504DAC2B}$BACKUP$\System\setup_wm.exe
    - 2005-01-28 13:22:12 827,392 ----a-w C:\WINDOWS\RegisteredPackages\{3FDF25EE-E592-4495-8391-6E9C504DAC2B}\setup_wm.exe
    + 2005-01-28 13:22:12 835,584 ----a-w C:\WINDOWS\RegisteredPackages\{3FDF25EE-E592-4495-8391-6E9C504DAC2B}\setup_wm.exe
    - 2005-01-27 23:36:04 47,104 ----a-w C:\WINDOWS\RegisteredPackages\{981FB688-E76B-4246-987B-92083185B90A}\uwdf.exe
    + 2005-01-27 23:36:04 53,760 ----a-w C:\WINDOWS\RegisteredPackages\{981FB688-E76B-4246-987B-92083185B90A}\uwdf.exe
    - 2005-01-27 23:36:00 38,912 ----a-w C:\WINDOWS\RegisteredPackages\{981FB688-E76B-4246-987B-92083185B90A}\wdfmgr.exe
    + 2005-01-27 23:36:00 45,568 ----a-w C:\WINDOWS\RegisteredPackages\{981FB688-E76B-4246-987B-92083185B90A}\wdfmgr.exe
    - 2002-08-29 03:41:26 24,576 ----a-w C:\WINDOWS\RegisteredPackages\{AAC1D942-0B38-4E37-9E4E-5B96A9DD2170}$BACKUP$\System\logagent.exe
    + 2002-08-29 03:41:26 31,232 ----a-w C:\WINDOWS\RegisteredPackages\{AAC1D942-0B38-4E37-9E4E-5B96A9DD2170}$BACKUP$\System\logagent.exe
    - 2005-01-27 23:21:46 96,768 ----a-w C:\WINDOWS\RegisteredPackages\{AAC1D942-0B38-4E37-9E4E-5B96A9DD2170}\logagent.exe
    + 2005-01-27 23:21:46 103,424 ----a-w C:\WINDOWS\RegisteredPackages\{AAC1D942-0B38-4E37-9E4E-5B96A9DD2170}\logagent.exe
    - 2002-08-29 03:41:28 249,856 ----a-w C:\WINDOWS\RegisteredPackages\{DD90D410-1823-43EB-9A16-A2331BF08799}$BACKUP$\System\unregmp2.exe
    + 2002-08-29 03:41:28 258,048 ----a-w C:\WINDOWS\RegisteredPackages\{DD90D410-1823-43EB-9A16-A2331BF08799}$BACKUP$\System\unregmp2.exe
    - 2002-08-29 03:41:28 520,192 ----a-w C:\WINDOWS\RegisteredPackages\{DD90D410-1823-43EB-9A16-A2331BF08799}$BACKUP$\System\wmplayer.exe
    + 2002-08-29 03:41:28 528,384 ----a-w C:\WINDOWS\RegisteredPackages\{DD90D410-1823-43EB-9A16-A2331BF08799}$BACKUP$\System\wmplayer.exe
    - 2005-01-27 23:26:42 991,232 ----a-w C:\WINDOWS\RegisteredPackages\{DD90D410-1823-43EB-9A16-A2331BF08799}\migrate.exe
    + 2005-01-27 23:26:42 999,424 ----a-w C:\WINDOWS\RegisteredPackages\{DD90D410-1823-43EB-9A16-A2331BF08799}\migrate.exe
    - 2005-01-28 13:22:12 192,512 ----a-w C:\WINDOWS\RegisteredPackages\{DD90D410-1823-43EB-9A16-A2331BF08799}\unregmp2.exe
    + 2005-01-28 13:22:12 200,704 ----a-w C:\WINDOWS\RegisteredPackages\{DD90D410-1823-43EB-9A16-A2331BF08799}\unregmp2.exe
    - 2005-01-27 23:26:30 122,880 ----a-w C:\WINDOWS\RegisteredPackages\{DD90D410-1823-43EB-9A16-A2331BF08799}\wmlaunch.exe
    + 2005-01-27 23:26:30 131,072 ----a-w C:\WINDOWS\RegisteredPackages\{DD90D410-1823-43EB-9A16-A2331BF08799}\wmlaunch.exe
    - 2005-01-27 23:26:30 28,672 ----a-w C:\WINDOWS\RegisteredPackages\{DD90D410-1823-43EB-9A16-A2331BF08799}\wmpenc.exe
    + 2005-01-27 23:26:30 36,864 ----a-w C:\WINDOWS\RegisteredPackages\{DD90D410-1823-43EB-9A16-A2331BF08799}\wmpenc.exe
    - 2005-01-28 13:22:12 73,728 ----a-w C:\WINDOWS\RegisteredPackages\{DD90D410-1823-43EB-9A16-A2331BF08799}\wmplayer.exe
    + 2005-01-28 13:22:12 81,920 ----a-w C:\WINDOWS\RegisteredPackages\{DD90D410-1823-43EB-9A16-A2331BF08799}\wmplayer.exe
    - 2000-08-31 06:00:00 98,816 ----a-w C:\WINDOWS\sed.exe
    + 2000-08-31 06:00:00 105,472 ----a-w C:\WINDOWS\sed.exe
    - 2004-08-03 23:56:48 183,808 ------w C:\WINDOWS\ServicePackFiles\i386\accwiz.exe
    + 2004-08-03 23:56:48 190,464 ------w C:\WINDOWS\ServicePackFiles\i386\accwiz.exe
    - 2004-08-03 23:56:48 4,096 ------w C:\WINDOWS\ServicePackFiles\i386\actmovie.exe
    + 2004-08-03 23:56:48 10,752 ------w C:\WINDOWS\ServicePackFiles\i386\actmovie.exe
    - 2004-08-03 23:56:48 16,439 ------w C:\WINDOWS\ServicePackFiles\i386\admin.exe
    + 2004-08-03 23:56:48 24,631 ------w C:\WINDOWS\ServicePackFiles\i386\admin.exe
    - 2004-08-03 23:56:48 256,512 ------w C:\WINDOWS\ServicePackFiles\i386\agentsvr.exe
    + 2004-08-03 23:56:48 263,168 ------w C:\WINDOWS\ServicePackFiles\i386\agentsvr.exe
    - 2004-08-03 23:56:48 98,304 ------w C:\WINDOWS\ServicePackFiles\i386\ahui.exe
    + 2004-08-03 23:56:48 104,960 ------w C:\WINDOWS\ServicePackFiles\i386\ahui.exe
    - 2004-08-03 23:56:48 44,544 ------w C:\WINDOWS\ServicePackFiles\i386\alg.exe
    + 2004-08-03 23:56:48 51,200 ------w C:\WINDOWS\ServicePackFiles\i386\alg.exe
    - 2004-08-03 21:11:06 24,576 ------w C:\WINDOWS\ServicePackFiles\i386\aspnet_regiis.exe
    + 2004-08-03 21:11:06 32,768 ------w C:\WINDOWS\ServicePackFiles\i386\aspnet_regiis.exe
    - 2004-08-03 21:11:06 32,768 ------w C:\WINDOWS\ServicePackFiles\i386\aspnet_wp.exe
    + 2004-08-03 21:11:06 40,960 ------w C:\WINDOWS\ServicePackFiles\i386\aspnet_wp.exe
    - 2004-08-03 23:56:48 30,208 ------w C:\WINDOWS\ServicePackFiles\i386\asr_fmt.exe
    + 2004-08-03 23:56:48 36,864 ------w C:\WINDOWS\ServicePackFiles\i386\asr_fmt.exe
    - 2004-08-03 23:56:48 32,768 ------w C:\WINDOWS\ServicePackFiles\i386\asr_pfu.exe
    + 2004-08-03 23:56:48 39,424 ------w C:\WINDOWS\ServicePackFiles\i386\asr_pfu.exe
    - 2004-08-03 23:56:48 25,088 ------w C:\WINDOWS\ServicePackFiles\i386\at.exe
    + 2004-08-03 23:56:48 31,744 ------w C:\WINDOWS\ServicePackFiles\i386\at.exe
    - 2004-08-03 23:56:48 11,264 ------w C:\WINDOWS\ServicePackFiles\i386\atmadm.exe
    + 2004-08-03 23:56:48 17,920 ------w C:\WINDOWS\ServicePackFiles\i386\atmadm.exe
    - 2004-08-03 23:56:48 14,336 ------w C:\WINDOWS\ServicePackFiles\i386\auditusr.exe
    + 2004-08-03 23:56:48 20,992 ------w C:\WINDOWS\ServicePackFiles\i386\auditusr.exe
    - 2004-08-03 23:56:48 16,439 ------w C:\WINDOWS\ServicePackFiles\i386\author.exe
    + 2004-08-03 23:56:48 24,631 ------w C:\WINDOWS\ServicePackFiles\i386\author.exe
    - 2004-08-03 23:56:48 71,680 ------w C:\WINDOWS\ServicePackFiles\i386\blastcln.exe
    + 2004-08-03 23:56:48 78,336 ------w C:\WINDOWS\ServicePackFiles\i386\blastcln.exe
    - 2004-07-19 17:54:04 94,208 ------w C:\WINDOWS\ServicePackFiles\i386\caspol.exe
    + 2004-07-19 17:54:04 102,400 ------w C:\WINDOWS\ServicePackFiles\i386\caspol.exe
    - 2004-08-03 23:56:48 188,480 ------w C:\WINDOWS\ServicePackFiles\i386\cfgwiz.exe
    + 2004-08-03 23:56:48 196,672 ------w C:\WINDOWS\ServicePackFiles\i386\cfgwiz.exe
    - 2004-08-03 23:56:48 56,320 ------w C:\WINDOWS\ServicePackFiles\i386\cipher.exe
    + 2004-08-03 23:56:48 62,976 ------w C:\WINDOWS\ServicePackFiles\i386\cipher.exe
    - 2004-08-03 23:56:48 5,632 ------w C:\WINDOWS\ServicePackFiles\i386\cisvc.exe
    + 2004-08-03 23:56:48 12,288 ------w C:\WINDOWS\ServicePackFiles\i386\cisvc.exe
    - 2004-08-03 23:56:48 64,000 ------w C:\WINDOWS\ServicePackFiles\i386\cleanmgr.exe
    + 2004-08-03 23:56:48 70,656 ------w C:\WINDOWS\ServicePackFiles\i386\cleanmgr.exe
    - 2004-08-03 23:56:48 20,480 ------w C:\WINDOWS\ServicePackFiles\i386\cliconfg.exe
    + 2004-08-03 23:56:48 28,672 ------w C:\WINDOWS\ServicePackFiles\i386\cliconfg.exe
    - 2004-08-03 23:56:48 102,912 ------w C:\WINDOWS\ServicePackFiles\i386\clipbrd.exe
    + 2004-08-03 23:56:48 109,568 ------w C:\WINDOWS\ServicePackFiles\i386\clipbrd.exe
    - 2004-08-03 23:56:48 33,280 ------w C:\WINDOWS\ServicePackFiles\i386\clipsrv.exe
    + 2004-08-03 23:56:48 39,936 ------w C:\WINDOWS\ServicePackFiles\i386\clipsrv.exe
    - 2004-08-03 23:56:50 388,608 ------w C:\WINDOWS\ServicePackFiles\i386\cmd.exe
    + 2004-08-03 23:56:50 395,264 ------w C:\WINDOWS\ServicePackFiles\i386\cmd.exe
    - 2004-08-03 23:56:50 47,104 ------w C:\WINDOWS\ServicePackFiles\i386\cmdl32.exe
    + 2004-08-03 23:56:50 53,760 ------w C:\WINDOWS\ServicePackFiles\i386\cmdl32.exe
    - 2004-08-03 23:56:50 39,936 ------w C:\WINDOWS\ServicePackFiles\i386\cmmon32.exe
    + 2004-08-03 23:56:50 46,592 ------w C:\WINDOWS\ServicePackFiles\i386\cmmon32.exe
    - 2004-08-03 23:56:50 63,488 ------w C:\WINDOWS\ServicePackFiles\i386\cmstp.exe
    + 2004-08-03 23:56:50 70,144 ------w C:\WINDOWS\ServicePackFiles\i386\cmstp.exe
    - 2004-08-03 23:56:50 9,728 ------w C:\WIN
    26 Mai 2008 21:49:48

    La suite (sorry):
    + 2004-08-03 23:56:50 16,384 ------w C:\WINDOWS\ServicePackFiles\i386\comrepl.exe
    - 2004-08-03 21:59:36 9,728 ------w C:\WINDOWS\ServicePackFiles\i386\comsdupd.exe
    + 2004-08-03 21:59:36 16,384 ------w C:\WINDOWS\ServicePackFiles\i386\comsdupd.exe
    - 2004-08-03 23:56:50 1,032,192 ------w C:\WINDOWS\ServicePackFiles\i386\conf.exe
    + 2004-08-03 23:56:50 1,040,384 ------w C:\WINDOWS\ServicePackFiles\i386\conf.exe
    - 2004-08-03 23:56:50 27,648 ------w C:\WINDOWS\ServicePackFiles\i386\conime.exe
    + 2004-08-03 23:56:50 34,304 ------w C:\WINDOWS\ServicePackFiles\i386\conime.exe
    - 2004-08-03 21:11:18 49,152 ------w C:\WINDOWS\ServicePackFiles\i386\csc.exe
    + 2004-08-03 21:11:18 57,344 ------w C:\WINDOWS\ServicePackFiles\i386\csc.exe
    - 2004-08-03 23:56:50 98,304 ------w C:\WINDOWS\ServicePackFiles\i386\cscript.exe
    + 2004-08-03 23:56:50 106,496 ------w C:\WINDOWS\ServicePackFiles\i386\cscript.exe
    - 2004-08-03 23:56:50 42,496 ------w C:\WINDOWS\ServicePackFiles\i386\davcdata.exe
    + 2004-08-03 23:56:50 49,152 ------w C:\WINDOWS\ServicePackFiles\i386\davcdata.exe
    - 2004-08-03 23:56:50 30,208 ------w C:\WINDOWS\ServicePackFiles\i386\ddeshare.exe
    + 2004-08-03 23:56:50 36,864 ------w C:\WINDOWS\ServicePackFiles\i386\ddeshare.exe
    - 2004-08-03 23:56:50 25,088 ------w C:\WINDOWS\ServicePackFiles\i386\defrag.exe
    + 2004-08-03 23:56:50 31,744 ------w C:\WINDOWS\ServicePackFiles\i386\defrag.exe
    - 2004-08-03 23:56:50 82,432 ------w C:\WINDOWS\ServicePackFiles\i386\dfrgfat.exe
    + 2004-08-03 23:56:50 89,088 ------w C:\WINDOWS\ServicePackFiles\i386\dfrgfat.exe
    - 2004-08-03 23:56:50 104,960 ------w C:\WINDOWS\ServicePackFiles\i386\dfrgntfs.exe
    + 2004-08-03 23:56:50 111,616 ------w C:\WINDOWS\ServicePackFiles\i386\dfrgntfs.exe
    - 2004-08-03 23:56:50 539,136 ------w C:\WINDOWS\ServicePackFiles\i386\dialer.exe
    + 2004-08-03 23:56:50 545,792 ------w C:\WINDOWS\ServicePackFiles\i386\dialer.exe
    - 2004-08-03 23:56:50 85,504 ------w C:\WINDOWS\ServicePackFiles\i386\diantz.exe
    + 2004-08-03 23:56:50 92,160 ------w C:\WINDOWS\ServicePackFiles\i386\diantz.exe
    - 2004-08-03 23:56:50 163,840 ------w C:\WINDOWS\ServicePackFiles\i386\diskpart.exe
    + 2004-08-03 23:56:50 170,496 ------w C:\WINDOWS\ServicePackFiles\i386\diskpart.exe
    - 2004-08-03 23:56:50 294,912 ------w C:\WINDOWS\ServicePackFiles\i386\dlimport.exe
    + 2004-08-03 23:56:50 303,104 ------w C:\WINDOWS\ServicePackFiles\i386\dlimport.exe
    - 2004-08-03 23:56:50 5,120 ------w C:\WINDOWS\ServicePackFiles\i386\dllhost.exe
    + 2004-08-03 23:56:50 11,776 ------w C:\WINDOWS\ServicePackFiles\i386\dllhost.exe
    - 2004-08-03 23:56:50 224,768 ------w C:\WINDOWS\ServicePackFiles\i386\dmadmin.exe
    + 2004-08-03 23:56:50 231,424 ------w C:\WINDOWS\ServicePackFiles\i386\dmadmin.exe
    - 2004-08-03 23:56:50 15,872 ------w C:\WINDOWS\ServicePackFiles\i386\dmremote.exe
    + 2004-08-03 23:56:50 22,528 ------w C:\WINDOWS\ServicePackFiles\i386\dmremote.exe
    - 2004-08-03 23:56:50 30,208 ------w C:\WINDOWS\ServicePackFiles\i386\dplaysvr.exe
    + 2004-08-03 23:56:50 36,864 ------w C:\WINDOWS\ServicePackFiles\i386\dplaysvr.exe
    - 2004-08-03 23:56:50 18,432 ------w C:\WINDOWS\ServicePackFiles\i386\dpnsvr.exe
    + 2004-08-03 23:56:50 25,088 ------w C:\WINDOWS\ServicePackFiles\i386\dpnsvr.exe
    - 2004-08-03 23:56:50 83,456 ------w C:\WINDOWS\ServicePackFiles\i386\dpvsetup.exe
    + 2004-08-03 23:56:50 90,112 ------w C:\WINDOWS\ServicePackFiles\i386\dpvsetup.exe
    - 2004-08-03 23:56:50 10,752 ------w C:\WINDOWS\ServicePackFiles\i386\dumprep.exe
    + 2004-08-03 23:56:50 17,408 ------w C:\WINDOWS\ServicePackFiles\i386\dumprep.exe
    - 2004-08-03 23:56:50 17,920 ------w C:\WINDOWS\ServicePackFiles\i386\dvdupgrd.exe
    + 2004-08-03 23:56:50 24,576 ------w C:\WINDOWS\ServicePackFiles\i386\dvdupgrd.exe
    - 2004-08-03 23:56:50 180,224 ------w C:\WINDOWS\ServicePackFiles\i386\dwwin.exe
    + 2004-08-03 23:56:50 188,416 ------w C:\WINDOWS\ServicePackFiles\i386\dwwin.exe
    - 2004-08-03 23:56:50 1,298,432 ------w C:\WINDOWS\ServicePackFiles\i386\dxdiag.exe
    + 2004-08-03 23:56:50 1,306,624 ------w C:\WINDOWS\ServicePackFiles\i386\dxdiag.exe
    - 2004-08-03 23:56:50 193,024 ------w C:\WINDOWS\ServicePackFiles\i386\eudcedit.exe
    + 2004-08-03 23:56:50 199,680 ------w C:\WINDOWS\ServicePackFiles\i386\eudcedit.exe
    - 2004-08-03 23:56:50 50,176 ------w C:\WINDOWS\ServicePackFiles\i386\evcreate.exe
    + 2004-08-03 23:56:50 56,832 ------w C:\WINDOWS\ServicePackFiles\i386\evcreate.exe
    - 2004-08-03 23:56:50 24,064 ------w C:\WINDOWS\ServicePackFiles\i386\evntcmd.exe
    + 2004-08-03 23:56:50 30,720 ------w C:\WINDOWS\ServicePackFiles\i386\evntcmd.exe
    - 2004-08-03 23:56:50 92,160 ------w C:\WINDOWS\ServicePackFiles\i386\evntwin.exe
    + 2004-08-03 23:56:50 98,816 ------w C:\WINDOWS\ServicePackFiles\i386\evntwin.exe
    - 2004-08-03 23:56:50 45,568 ------w C:\WINDOWS\ServicePackFiles\i386\extrac32.exe
    + 2004-08-03 23:56:50 52,224 ------w C:\WINDOWS\ServicePackFiles\i386\extrac32.exe
    - 2004-08-03 23:56:50 20,992 ------w C:\WINDOWS\ServicePackFiles\i386\faxpatch.exe
    + 2004-08-03 23:56:50 27,648 ------w C:\WINDOWS\ServicePackFiles\i386\faxpatch.exe
    - 2004-08-03 23:56:50 27,136 ------w C:\WINDOWS\ServicePackFiles\i386\findstr.exe
    + 2004-08-03 23:56:50 33,792 ------w C:\WINDOWS\ServicePackFiles\i386\findstr.exe
    - 2004-08-03 23:56:50 22,528 ------w C:\WINDOWS\ServicePackFiles\i386\fltmc.exe
    + 2004-08-03 23:56:50 29,184 ------w C:\WINDOWS\ServicePackFiles\i386\fltmc.exe
    - 2004-08-03 23:56:50 20,992 ------w C:\WINDOWS\ServicePackFiles\i386\fontview.exe
    + 2004-08-03 23:56:50 27,648 ------w C:\WINDOWS\ServicePackFiles\i386\fontview.exe
    - 2004-08-03 23:56:50 15,120 ------w C:\WINDOWS\ServicePackFiles\i386\fp98sadm.exe
    + 2004-08-03 23:56:50 21,776 ------w C:\WINDOWS\ServicePackFiles\i386\fp98sadm.exe
    - 2004-08-03 23:56:50 109,840 ------w C:\WINDOWS\ServicePackFiles\i386\fp98swin.exe
    + 2004-08-03 23:56:50 116,496 ------w C:\WINDOWS\ServicePackFiles\i386\fp98swin.exe
    - 2004-08-03 23:56:50 24,632 ------w C:\WINDOWS\ServicePackFiles\i386\fpadmcgi.exe
    + 2004-08-03 23:56:50 32,824 ------w C:\WINDOWS\ServicePackFiles\i386\fpadmcgi.exe
    - 2004-08-03 23:56:50 188,494 ------w C:\WINDOWS\ServicePackFiles\i386\fpcount.exe
    + 2004-08-03 23:56:50 196,686 ------w C:\WINDOWS\ServicePackFiles\i386\fpcount.exe
    - 2004-08-03 23:56:50 20,538 ------w C:\WINDOWS\ServicePackFiles\i386\fpremadm.exe
    + 2004-08-03 23:56:50 28,730 ------w C:\WINDOWS\ServicePackFiles\i386\fpremadm.exe
    - 2004-08-03 23:56:50 28,728 ------w C:\WINDOWS\ServicePackFiles\i386\fpsrvadm.exe
    + 2004-08-03 23:56:50 36,920 ------w C:\WINDOWS\ServicePackFiles\i386\fpsrvadm.exe
    - 2004-08-03 23:56:50 193,024 ------w C:\WINDOWS\ServicePackFiles\i386\fsquirt.exe
    + 2004-08-03 23:56:50 199,680 ------w C:\WINDOWS\ServicePackFiles\i386\fsquirt.exe
    - 2004-08-03 23:56:50 42,496 ------w C:\WINDOWS\ServicePackFiles\i386\ftp.exe
    + 2004-08-03 23:56:50 49,152 ------w C:\WINDOWS\ServicePackFiles\i386\ftp.exe
    - 2004-08-03 23:56:50 143,360 ------w C:\WINDOWS\ServicePackFiles\i386\fxsclnt.exe
    + 2004-08-03 23:56:50 150,016 ------w C:\WINDOWS\ServicePackFiles\i386\fxsclnt.exe
    - 2004-08-03 23:56:50 229,376 ------w C:\WINDOWS\ServicePackFiles\i386\fxscover.exe
    + 2004-08-03 23:56:50 236,032 ------w C:\WINDOWS\ServicePackFiles\i386\fxscover.exe
    - 2004-08-03 23:56:50 267,776 ------w C:\WINDOWS\ServicePackFiles\i386\fxssvc.exe
    + 2004-08-03 23:56:50 274,432 ------w C:\WINDOWS\ServicePackFiles\i386\fxssvc.exe
    - 2004-08-03 23:56:50 119,808 ------w C:\WINDOWS\ServicePackFiles\i386\gprslt.exe
    + 2004-08-03 23:56:50 126,464 ------w C:\WINDOWS\ServicePackFiles\i386\gprslt.exe
    - 2004-08-03 23:56:50 39,424 ------w C:\WINDOWS\ServicePackFiles\i386\grpconv.exe
    + 2004-08-03 23:56:50 46,080 ------w C:\WINDOWS\ServicePackFiles\i386\grpconv.exe
    - 2004-08-03 23:56:50 768,512 ------w C:\WINDOWS\ServicePackFiles\i386\helpctr.exe
    + 2004-08-03 23:56:50 775,168 ------w C:\WINDOWS\ServicePackFiles\i386\helpctr.exe
    - 2004-08-03 23:56:52 743,936 ------w C:\WINDOWS\ServicePackFiles\i386\helpsvc.exe
    + 2004-08-03 23:56:52 750,592 ------w C:\WINDOWS\ServicePackFiles\i386\helpsvc.exe
    - 2004-08-03 23:56:52 10,752 ------w C:\WINDOWS\ServicePackFiles\i386\hh.exe
    + 2004-08-03 23:56:52 17,408 ------w C:\WINDOWS\ServicePackFiles\i386\hh.exe
    - 2004-08-03 23:56:52 18,944 ------w C:\WINDOWS\ServicePackFiles\i386\hscupd.exe
    + 2004-08-03 23:56:52 25,600 ------w C:\WINDOWS\ServicePackFiles\i386\hscupd.exe
    - 2004-08-03 23:56:52 214,528 ------w C:\WINDOWS\ServicePackFiles\i386\icwconn1.exe
    + 2004-08-03 23:56:52 221,184 ------w C:\WINDOWS\ServicePackFiles\i386\icwconn1.exe
    - 2004-08-03 23:56:52 86,016 ------w C:\WINDOWS\ServicePackFiles\i386\icwconn2.exe
    + 2004-08-03 23:56:52 94,208 ------w C:\WINDOWS\ServicePackFiles\i386\icwconn2.exe
    - 2004-08-03 23:56:52 24,576 ------w C:\WINDOWS\ServicePackFiles\i386\icwrmind.exe
    + 2004-08-03 23:56:52 32,768 ------w C:\WINDOWS\ServicePackFiles\i386\icwrmind.exe
    - 2004-08-03 23:56:52 34,304 ------w C:\WINDOWS\ServicePackFiles\i386\ie4uinit.exe
    + 2004-08-03 23:56:52 40,960 ------w C:\WINDOWS\ServicePackFiles\i386\ie4uinit.exe
    - 2004-08-03 23:56:52 18,432 ------w C:\WINDOWS\ServicePackFiles\i386\iedw.exe
    + 2004-08-03 23:56:52 25,088 ------w C:\WINDOWS\ServicePackFiles\i386\iedw.exe
    - 2004-07-19 17:54:06 7,680 ------w C:\WINDOWS\ServicePackFiles\i386\ieexec.exe
    + 2004-07-19 17:54:06 14,336 ------w C:\WINDOWS\ServicePackFiles\i386\ieexec.exe
    - 2004-08-03 23:56:52 93,184 ------w C:\WINDOWS\ServicePackFiles\i386\iexplore.exe
    + 2004-08-03 23:56:52 99,840 ------w C:\WINDOWS\ServicePackFiles\i386\iexplore.exe
    - 2004-08-03 23:56:52 114,688 ------w C:\WINDOWS\ServicePackFiles\i386\iexpress.exe
    + 2004-08-03 23:56:52 121,344 ------w C:\WINDOWS\ServicePackFiles\i386\iexpress.exe
    - 2004-08-03 23:56:52 30,720 ------w C:\WINDOWS\ServicePackFiles\i386\iisrstas.exe
    + 2004-08-03 23:56:52 37,376 ------w C:\WINDOWS\ServicePackFiles\i386\iisrstas.exe
    - 2004-08-03 21:11:48 184,320 ------w C:\WINDOWS\ServicePackFiles\i386\ilasm.exe
    + 2004-08-03 21:11:48 192,512 ------w C:\WINDOWS\ServicePackFiles\i386\ilasm.exe
    - 2004-08-03 23:56:52 150,016 ------w C:\WINDOWS\ServicePackFiles\i386\imapi.exe
    + 2004-08-03 23:56:52 156,672 ------w C:\WINDOWS\ServicePackFiles\i386\imapi.exe
    - 2004-08-03 23:56:52 15,872 ------w C:\WINDOWS\ServicePackFiles\i386\inetin51.exe
    + 2004-08-03 23:56:52 22,528 ------w C:\WINDOWS\ServicePackFiles\i386\inetin51.exe
    - 2004-08-03 23:56:52 20,480 ------w C:\WINDOWS\ServicePackFiles\i386\inetwiz.exe
    + 2004-08-03 23:56:52 28,672 ------w C:\WINDOWS\ServicePackFiles\i386\inetwiz.exe
    - 2004-07-19 17:54:06 24,576 ------w C:\WINDOWS\ServicePackFiles\i386\installutil.exe
    + 2004-07-19 17:54:06 32,768 ------w C:\WINDOWS\ServicePackFiles\i386\installutil.exe
    - 2004-08-03 23:56:52 55,808 ------w C:\WINDOWS\ServicePackFiles\i386\ipconfig.exe
    + 2004-08-03 23:56:52 62,464 ------w C:\WINDOWS\ServicePackFiles\i386\ipconfig.exe
    - 2004-08-03 23:56:52 53,248 ------w C:\WINDOWS\ServicePackFiles\i386\ipv6.exe
    + 2004-08-03 23:56:52 59,904 ------w C:\WINDOWS\ServicePackFiles\i386\ipv6.exe
    - 2004-08-03 23:56:52 23,552 ------w C:\WINDOWS\ServicePackFiles\i386\ipxroute.exe
    + 2004-08-03 23:56:52 30,208 ------w C:\WINDOWS\ServicePackFiles\i386\ipxroute.exe
    - 2004-08-03 23:56:52 152,576 ------w C:\WINDOWS\ServicePackFiles\i386\irftp.exe
    + 2004-08-03 23:56:52 159,232 ------w C:\WINDOWS\ServicePackFiles\i386\irftp.exe
    - 2004-07-19 17:54:06 40,960 ------w C:\WINDOWS\ServicePackFiles\i386\jsc.exe
    + 2004-07-19 17:54:06 49,152 ------w C:\WINDOWS\ServicePackFiles\i386\jsc.exe
    - 2004-08-03 21:31:56 480,256 ------w C:\WINDOWS\ServicePackFiles\i386\lang\cintsetp.exe
    + 2004-08-03 21:31:56 486,912 ------w C:\WINDOWS\ServicePackFiles\i386\lang\cintsetp.exe
    - 2004-08-03 21:31:40 57,399 ------w C:\WINDOWS\ServicePackFiles\i386\lang\cplexe.exe
    + 2004-08-03 21:31:40 65,591 ------w C:\WINDOWS\ServicePackFiles\i386\lang\cplexe.exe
    - 2004-08-03 21:31:54 307,257 ------w C:\WINDOWS\ServicePackFiles\i386\lang\imjpdct.exe
    + 2004-08-03 21:31:54 315,449 ------w C:\WINDOWS\ServicePackFiles\i386\lang\imjpdct.exe
    - 2004-08-03 21:31:56 155,705 ------w C:\WINDOWS\ServicePackFiles\i386\lang\imjpdsvr.exe
    + 2004-08-03 21:31:56 163,897 ------w C:\WINDOWS\ServicePackFiles\i386\lang\imjpdsvr.exe
    - 2004-08-03 21:31:58 196,665 ------w C:\WINDOWS\ServicePackFiles\i386\lang\imjpinst.exe
    + 2004-08-03 21:31:58 213,381 ------w C:\WINDOWS\ServicePackFiles\i386\lang\imjpinst.exe
    - 2004-08-03 21:32:00 208,952 ------w C:\WINDOWS\ServicePackFiles\i386\lang\imjpmig.exe
    + 2004-08-03 21:32:00 217,144 ------w C:\WINDOWS\ServicePackFiles\i386\lang\imjpmig.exe
    - 2004-08-03 21:32:12 233,527 ------w C:\WINDOWS\ServicePackFiles\i386\lang\imjprw.exe
    + 2004-08-03 21:32:12 241,719 ------w C:\WINDOWS\ServicePackFiles\i386\lang\imjprw.exe
    - 2004-08-03 21:32:16 262,200 ------w C:\WINDOWS\ServicePackFiles\i386\lang\imjputy.exe
    + 2004-08-03 21:32:16 270,392 ------w C:\WINDOWS\ServicePackFiles\i386\lang\imjputy.exe
    - 2004-08-03 21:31:50 59,392 ------w C:\WINDOWS\ServicePackFiles\i386\lang\imscinst.exe
    + 2004-08-03 21:31:50 73,656 ------w C:\WINDOWS\ServicePackFiles\i386\lang\imscinst.exe
    - 2004-08-03 21:31:50 70,144 ------w C:\WINDOWS\ServicePackFiles\i386\lang\pintlphr.exe
    + 2004-08-03 21:31:50 76,800 ------w C:\WINDOWS\ServicePackFiles\i386\lang\pintlphr.exe
    - 2004-08-03 21:32:16 44,032 ------w C:\WINDOWS\ServicePackFiles\i386\lang\tintlphr.exe
    + 2004-08-03 21:32:16 50,688 ------w C:\WINDOWS\ServicePackFiles\i386\lang\tintlphr.exe
    - 2004-08-03 21:32:16 455,168 ------w C:\WINDOWS\ServicePackFiles\i386\lang\tintsetp.exe
    + 2004-08-03 21:32:16 461,824 ------w C:\WINDOWS\ServicePackFiles\i386\lang\tintsetp.exe
    - 2004-08-03 23:56:52 75,264 ------w C:\WINDOWS\ServicePackFiles\i386\locator.exe
    + 2004-08-03 23:56:52 81,920 ------w C:\WINDOWS\ServicePackFiles\i386\locator.exe
    - 2004-08-03 23:56:52 103,936 ------w C:\WINDOWS\ServicePackFiles\i386\logagent.exe
    + 2004-08-03 23:56:52 110,592 ------w C:\WINDOWS\ServicePackFiles\i386\logagent.exe
    - 2004-08-03 23:56:52 59,392 ------w C:\WINDOWS\ServicePackFiles\i386\logman.exe
    + 2004-08-03 23:56:52 66,048 ------w C:\WINDOWS\ServicePackFiles\i386\logman.exe
    - 2004-08-03 23:56:58 220,672 ------w C:\WINDOWS\ServicePackFiles\i386\logon.scr
    + 2004-08-03 23:56:58 227,328 ------w C:\WINDOWS\ServicePackFiles\i386\logon.scr
    - 2004-08-03 23:56:52 514,560 ------w C:\WINDOWS\ServicePackFiles\i386\logonui.exe
    + 2004-08-03 23:56:52 521,216 ------w C:\WINDOWS\ServicePackFiles\i386\logonui.exe
    - 2004-08-03 23:56:52 13,312 ------w C:\WINDOWS\ServicePackFiles\i386\lsass.exe
    + 2004-08-03 23:56:52 19,968 ------w C:\WINDOWS\ServicePackFiles\i386\lsass.exe
    - 2004-08-03 23:56:52 72,704 ------w C:\WINDOWS\ServicePackFiles\i386\magnify.exe
    + 2004-08-03 23:56:52 79,360 ------w C:\WINDOWS\ServicePackFiles\i386\magnify.exe
    - 2004-08-03 23:56:52 85,504 ------w C:\WINDOWS\ServicePackFiles\i386\makecab.exe
    + 2004-08-03 23:56:52 92,160 ------w C:\WINDOWS\ServicePackFiles\i386\makecab.exe
    - 2004-08-03 23:56:52 103,424 ------w C:\WINDOWS\ServicePackFiles\i386\migload.exe
    + 2004-08-03 23:56:52 110,080 ------w C:\WINDOWS\ServicePackFiles\i386\migload.exe
    - 2004-08-03 23:56:52 786,432 ------w C:\WINDOWS\ServicePackFiles\i386\migrate.exe
    + 2004-08-03 23:56:52 794,624 ------w C:\WINDOWS\ServicePackFiles\i386\migrate.exe
    - 2004-08-03 23:56:52 7,680 ------w C:\WINDOWS\ServicePackFiles\i386\migregdb.exe
    + 2004-08-03 23:56:52 14,336 ------w C:\WINDOWS\ServicePackFiles\i386\migregdb.exe
    - 2004-08-03 23:56:52 240,128 ------w C:\WINDOWS\ServicePackFiles\i386\migwiz.exe
    + 2004-08-03 23:56:52 246,784 ------w C:\WINDOWS\ServicePackFiles\i386\migwiz.exe
    - 2004-08-03 23:56:52 236,032 ------w C:\WINDOWS\ServicePackFiles\i386\migwiz_a.exe
    + 2004-08-03 23:56:52 242,688 ------w C:\WINDOWS\ServicePackFiles\i386\migwiz_a.exe
    - 2004-08-03 23:56:52 815,104 ------w C:\WINDOWS\ServicePackFiles\i386\mmc.exe
    + 2004-08-03 23:56:52 821,760 ------w C:\WINDOWS\ServicePackFiles\i386\mmc.exe
    - 2004-08-03 23:56:52 32,768 ------w C:\WINDOWS\ServicePackFiles\i386\mnmsrvc.exe
    + 2004-08-03 23:56:52 40,960 ------w C:\WINDOWS\ServicePackFiles\i386\mnmsrvc.exe
    - 2004-08-03 23:56:52 143,360 ------w C:\WINDOWS\ServicePackFiles\i386\mobsync.exe
    + 2004-08-03 23:56:52 150,016 ------w C:\WINDOWS\ServicePackFiles\i386\mobsync.exe
    - 2004-08-03 23:56:52 16,384 ------w C:\WINDOWS\ServicePackFiles\i386\mofcomp.exe
    + 2004-08-03 23:56:52 23,040 ------w C:\WINDOWS\ServicePackFiles\i386\mofcomp.exe
    - 2004-08-03 23:56:54 3,555,328 ------w C:\WINDOWS\ServicePackFiles\i386\moviemk.exe
    + 2004-08-03 23:56:54 3,561,984 ------w C:\WINDOWS\ServicePackFiles\i386\moviemk.exe
    - 2004-08-03 23:56:54 123,392 ------w C:\WINDOWS\ServicePackFiles\i386\mplay32.exe
    + 2004-08-03 23:56:54 130,048 ------w C:\WINDOWS\ServicePackFiles\i386\mplay32.exe
    - 2004-08-03 23:56:54 4,639 ------w C:\WINDOWS\ServicePackFiles\i386\mplayer2.exe
    + 2004-08-03 23:56:54 11,295 ------w C:\WINDOWS\ServicePackFiles\i386\mplayer2.exe
    - 2004-08-03 23:56:54 19,968 ------w C:\WINDOWS\ServicePackFiles\i386\mqbkup.exe
    + 2004-08-03 23:56:54 26,624 ------w C:\WINDOWS\ServicePackFiles\i386\mqbkup.exe
    - 2004-08-03 23:56:54 4,608 ------w C:\WINDOWS\ServicePackFiles\i386\mqsvc.exe
    + 2004-08-03 23:56:54 11,264 ------w C:\WINDOWS\ServicePackFiles\i386\mqsvc.exe
    - 2004-08-03 23:56:54 117,248 ------w C:\WINDOWS\ServicePackFiles\i386\mqtgsvc.exe
    + 2004-08-03 23:56:54 123,904 ------w C:\WINDOWS\ServicePackFiles\i386\mqtgsvc.exe
    - 2004-08-03 23:56:54 158,208 ------w C:\WINDOWS\ServicePackFiles\i386\msconfig.exe
    + 2004-08-03 23:56:54 164,864 ------w C:\WINDOWS\ServicePackFiles\i386\msconfig.exe
    - 2004-08-03 23:56:54 6,144 ------w C:\WINDOWS\ServicePackFiles\i386\msdtc.exe
    + 2004-08-03 23:56:54 12,800 ------w C:\WINDOWS\ServicePackFiles\i386\msdtc.exe
    - 2004-08-03 23:56:54 29,184 ------w C:\WINDOWS\ServicePackFiles\i386\mshta.exe
    + 2004-08-03 23:56:54 35,840 ------w C:\WINDOWS\ServicePackFiles\i386\mshta.exe
    - 2004-08-03 23:56:54 77,312 ------w C:\WINDOWS\ServicePackFiles\i386\msiexec.exe
    + 2004-08-03 23:56:54 83,968 ------w C:\WINDOWS\ServicePackFiles\i386\msiexec.exe
    - 2004-08-03 23:56:54 60,416 ------w C:\WINDOWS\ServicePackFiles\i386\msimn.exe
    + 2004-08-03 23:56:54 67,072 ------w C:\WINDOWS\ServicePackFiles\i386\msimn.exe
    - 2004-08-03 23:56:54 40,960 ------w C:\WINDOWS\ServicePackFiles\i386\msiregmv.exe
    + 2004-08-03 23:56:54 47,616 ------w C:\WINDOWS\ServicePackFiles\i386\msiregmv.exe
    - 2004-08-03 23:56:54 1,667,584 ------w C:\WINDOWS\ServicePackFiles\i386\msmsgs.exe
    + 2004-08-03 23:56:54 1,674,240 ------w C:\WINDOWS\ServicePackFiles\i386\msmsgs.exe
    - 2004-08-03 23:56:54 343,040 ------w C:\WINDOWS\ServicePackFiles\i386\mspaint.exe
    + 2004-08-03 23:56:54 349,696 ------w C:\WINDOWS\ServicePackFiles\i386\mspaint.exe
    - 2004-08-03 23:56:54 12,288 ------w C:\WINDOWS\ServicePackFiles\i386\mstinit.exe
    + 2004-08-03 23:56:54 18,944 ------w C:\WINDOWS\ServicePackFiles\i386\mstinit.exe
    - 2004-08-03 21:59:42 407,552 ------w C:\WINDOWS\ServicePackFiles\i386\mstsc.exe
    + 2004-08-03 21:59:42 414,208 ------w C:\WINDOWS\ServicePackFiles\i386\mstsc.exe
    - 2004-08-03 23:56:54 90,624 ------w C:\WINDOWS\ServicePackFiles\i386\muisetup.exe
    + 2004-08-03 23:56:54 97,280 ------w C:\WINDOWS\ServicePackFiles\i386\muisetup.exe
    - 2004-08-03 23:56:56 53,760 ------w C:\WINDOWS\ServicePackFiles\i386\narrator.exe
    + 2004-08-03 23:56:56 60,416 ------w C:\WINDOWS\ServicePackFiles\i386\narrator.exe
    - 2004-08-03 23:56:56 4,096 ------w C:\WINDOWS\ServicePackFiles\i386\nddeapir.exe
    + 2004-08-03 23:56:56 10,752 ------w C:\WINDOWS\ServicePackFiles\i386\nddeapir.exe
    - 2004-08-03 23:56:56 42,496 ------w C:\WINDOWS\ServicePackFiles\i386\net.exe
    + 2004-08-03 23:56:56 49,152 ------w C:\WINDOWS\ServicePackFiles\i386\net.exe
    - 2004-08-03 23:56:56 124,928 ------w C:\WINDOWS\ServicePackFiles\i386\net1.exe
    + 2004-08-03 23:56:56 131,584 ------w C:\WINDOWS\ServicePackFiles\i386\net1.exe
    - 2004-08-03 23:56:56 111,104 ------w C:\WINDOWS\ServicePackFiles\i386\netdde.exe
    + 2004-08-03 23:56:56 117,760 ------w C:\WINDOWS\ServicePackFiles\i386\netdde.exe
    - 2004-08-03 21:12:20 106,496 ------w C:\WINDOWS\ServicePackFiles\i386\netfxupdate.exe
    + 2004-08-03 21:12:20 114,688 ------w C:\WINDOWS\ServicePackFiles\i386\netfxupdate.exe
    - 2004-08-04 00:02:46 329,728 ------w C:\WINDOWS\ServicePackFiles\i386\netsetup.exe
    + 2004-08-04 00:02:46 338,432 ------w C:\WINDOWS\ServicePackFiles\i386\netsetup.exe
    - 2004-08-03 23:56:56 86,016 ------w C:\WINDOWS\ServicePackFiles\i386\netsh.exe
    + 2004-08-03 23:56:56 92,672 ------w C:\WINDOWS\ServicePackFiles\i386\netsh.exe
    - 2004-08-03 23:56:56 36,864 ------w C:\WINDOWS\ServicePackFiles\i386\netstat.exe
    + 2004-08-03 23:56:56 43,520 ------w C:\WINDOWS\ServicePackFiles\i386\netstat.exe
    - 2004-08-03 21:12:20 147,456 ------w C:\WINDOWS\ServicePackFiles\i386\ngen.exe
    + 2004-08-03 21:12:20 155,648 ------w C:\WINDOWS\ServicePackFiles\i386\ngen.exe
    - 2004-08-03 23:56:56 69,120 ------w C:\WINDOWS\ServicePackFiles\i386\notepad.exe
    + 2004-08-03 23:56:56 75,776 ------w C:\WINDOWS\ServicePackFiles\i386\notepad.exe
    - 2004-08-03 23:56:56 15,360 ------w C:\WINDOWS\ServicePackFiles\i386\nppagent.exe
    + 2004-08-03 23:56:56 22,016 ------w C:\WINDOWS\ServicePackFiles\i386\nppagent.exe
    - 2004-08-03 23:56:56 76,800 ------w C:\WINDOWS\ServicePackFiles\i386\nslookup.exe
    + 2004-08-03 23:56:56 83,456 ------w C:\WINDOWS\ServicePackFiles\i386\nslookup.exe
    - 2004-08-03 23:56:56 1,200,128 ------w C:\WINDOWS\ServicePackFiles\i386\ntbackup.exe
    + 2004-08-03 23:56:56 1,206,784 ------w C:\WINDOWS\ServicePackFiles\i386\ntbackup.exe
    - 2004-08-03 23:56:56 419,840 ------w C:\WINDOWS\ServicePackFiles\i386\ntvdm.exe
    + 2004-08-03 23:56:56 426,496 ------w C:\WINDOWS\ServicePackFiles\i386\ntvdm.exe
    - 2004-08-03 23:56:56 32,768 ------w C:\WINDOWS\ServicePackFiles\i386\odbcad32.exe
    + 2004-08-03 23:56:56 40,960 ------w C:\WINDOWS\ServicePackFiles\i386\odbcad32.exe
    - 2004-08-03 23:56:56 69,632 ------w C:\WINDOWS\ServicePackFiles\i386\odbcconf.exe
    + 2004-08-03 23:56:56 77,824 ------w C:\WINDOWS\ServicePackFiles\i386\odbcconf.exe
    - 2004-08-03 23:56:56 60,416 ------w C:\WINDOWS\ServicePackFiles\i386\oemig50.exe
    + 2004-08-03 23:56:56 67,072 ------w C:\WINDOWS\ServicePackFiles\i386\oemig50.exe
    - 2004-08-03 23:56:56 51,200 ------w C:\WINDOWS\ServicePackFiles\i386\oobebaln.exe
    + 2004-08-03 23:56:56 57,856 ------w C:\WINDOWS\ServicePackFiles\i386\oobebaln.exe
    - 2004-08-03 23:56:56 67,584 ------w C:\WINDOWS\ServicePackFiles\i386\opnfiles.exe
    + 2004-08-03 23:56:56 74,240 ------w C:\WINDOWS\ServicePackFiles\i386\opnfiles.exe
    - 2004-08-03 23:56:56 215,552 ------w C:\WINDOWS\ServicePackFiles\i386\osk.exe
    + 2004-08-03 23:56:56 222,208 ------w C:\WINDOWS\ServicePackFiles\i386\osk.exe
    - 2004-08-03 23:56:56 58,368 ------w C:\WINDOWS\ServicePackFiles\i386\packager.exe
    + 2004-08-03 23:56:56 65,024 ------w C:\WINDOWS\ServicePackFiles\i386\packager.exe
    - 2004-08-03 23:56:56 15,872 ------w C:\WINDOWS\ServicePackFiles\i386\perfmon.exe
    + 2004-08-03 23:56:56 22,528 ------w C:\WINDOWS\ServicePackFiles\i386\perfmon.exe
    - 2004-08-03 23:56:56 281,088 ------w C:\WINDOWS\ServicePackFiles\i386\pinball.exe
    + 2004-08-03 23:56:56 287,744 ------w C:\WINDOWS\ServicePackFiles\i386\pinball.exe
    - 2004-08-03 23:56:56 17,920 ------w C:\WINDOWS\ServicePackFiles\i386\ping.exe
    + 2004-08-03 23:56:56 24,576 ------w C:\WINDOWS\ServicePackFiles\i386\ping.exe
    - 2004-08-03 23:56:56 49,152 ------w C:\WINDOWS\ServicePackFiles\i386\powercfg.exe
    + 2004-08-03 23:56:56 55,808 ------w C:\WINDOWS\ServicePackFiles\i386\powercfg.exe
    - 2004-08-03 23:56:56 109,568 ------w C:\WINDOWS\ServicePackFiles\i386\progman.exe
    + 2004-08-03 23:56:56 116,224 ------w C:\WINDOWS\ServicePackFiles\i386\progman.exe
    - 2004-08-03 23:56:56 50,176 ------w C:\WINDOWS\ServicePackFiles\i386\proquota.exe
    + 2004-08-03 23:56:56 56,832 ------w C:\WINDOWS\ServicePackFiles\i386\proquota.exe
    - 2004-08-03 23:56:56 9,216 ------w C:\WINDOWS\ServicePackFiles\i386\proxycfg.exe
    + 2004-08-03 23:56:56 15,872 ------w C:\WINDOWS\ServicePackFiles\i386\proxycfg.exe
    - 2004-08-03 23:56:56 20,480 ------w C:\WINDOWS\ServicePackFiles\i386\qprocess.exe
    + 2004-08-03 23:56:56 27,136 ------w C:\WINDOWS\ServicePackFiles\i386\qprocess.exe
    - 2004-08-03 23:56:56 56,832 ------w C:\WINDOWS\ServicePackFiles\i386\rasphone.exe
    + 2004-08-03 23:56:56 63,488 ------w C:\WINDOWS\ServicePackFiles\i386\rasphone.exe
    - 2004-08-03 23:56:56 35,840 ------w C:\WINDOWS\ServicePackFiles\i386\rcimlby.exe
    + 2004-08-03 23:56:56 42,496 ------w C:\WINDOWS\ServicePackFiles\i386\rcimlby.exe
    - 2004-08-03 23:56:56 21,504 ------w C:\WINDOWS\ServicePackFiles\i386\rcp.exe
    + 2004-08-03 23:56:56 28,160 ------w C:\WINDOWS\ServicePackFiles\i386\rcp.exe
    - 2004-08-03 23:56:56 62,464 ------w C:\WINDOWS\ServicePackFiles\i386\rdpclip.exe
    + 2004-08-03 23:56:56 69,120 ------w C:\WINDOWS\ServicePackFiles\i386\rdpclip.exe
    - 2004-08-03 23:56:56 13,824 ------w C:\WINDOWS\ServicePackFiles\i386\rdsaddin.exe
    + 2004-08-03 23:56:56 20,480 ------w C:\WINDOWS\ServicePackFiles\i386\rdsaddin.exe
    - 2004-08-03 23:56:56 67,072 ------w C:\WINDOWS\ServicePackFiles\i386\rdshost.exe
    + 2004-08-03 23:56:56 73,728 ------w C:\WINDOWS\ServicePackFiles\i386\rdshost.exe
    - 2004-08-03 23:56:56 50,176 ------w C:\WINDOWS\ServicePackFiles\i386\reg.exe
    + 2004-08-03 23:56:56 56,832 ------w C:\WINDOWS\ServicePackFiles\i386\reg.exe
    - 2004-07-19 17:54:16 28,672 ------w C:\WINDOWS\ServicePackFiles\i386\regasm.exe
    + 2004-07-19 17:54:16 36,864 ------w C:\WINDOWS\ServicePackFiles\i386\regasm.exe
    - 2004-08-03 23:56:56 146,432 ------w C:\WINDOWS\ServicePackFiles\i386\regedit.exe
    + 2004-08-03 23:56:56 153,088 ------w C:\WINDOWS\ServicePackFiles\i386\regedit.exe
    - 2004-07-19 17:54:16 11,264 ------w C:\WINDOWS\ServicePackFiles\i386\regsvcs.exe
    + 2004-07-19 17:54:16 17,920 ------w C:\WINDOWS\ServicePackFiles\i386\regsvcs.exe
    - 2004-08-03 23:56:56 11,776 ------w C:\WINDOWS\ServicePackFiles\i386\regsvr32.exe
    + 2004-08-03 23:56:56 18,432 ------w C:\WINDOWS\ServicePackFiles\i386\regsvr32.exe
    - 2004-08-03 23:56:56 13,824 ------w C:\WINDOWS\ServicePackFiles\i386\rexec.exe
    + 2004-08-03 23:56:56 20,480 ------w C:\WINDOWS\ServicePackFiles\i386\rexec.exe
    - 2004-08-03 23:56:56 14,848 ------w C:\WINDOWS\ServicePackFiles\i386\rsh.exe
    + 2004-08-03 23:56:56 21,504 ------w C:\WINDOWS\ServicePackFiles\i386\rsh.exe
    - 2004-08-03 23:56:56 107,520 ------w C:\WINDOWS\ServicePackFiles\i386\rsnotify.exe
    + 2004-08-03 23:56:56 114,176 ------w C:\WINDOWS\ServicePackFiles\i386\rsnotify.exe
    - 2004-08-03 23:56:56 380,416 ------w C:\WINDOWS\ServicePackFiles\i386\rstrui.exe
    + 2004-08-03 23:56:56 387,072 ------w C:\WINDOWS\ServicePackFiles\i386\rstrui.exe
    - 2004-08-03 23:56:56 77,312 ------w C:\WINDOWS\ServicePackFiles\i386\rtcshare.exe
    + 2004-08-03 23:56:56 83,968 ------w C:\WINDOWS\ServicePackFiles\i386\rtcshare.exe
    - 2004-08-03 23:56:56 33,280 ------w C:\WINDOWS\ServicePackFiles\i386\rundll32.exe
    + 2004-08-03 23:56:56 39,936 ------w C:\WINDOWS\ServicePackFiles\i386\rundll32.exe
    - 2004-08-03 23:56:56 14,336 ------w C:\WINDOWS\ServicePackFiles\i386\runonce.exe
    + 2004-08-03 23:56:56 20,992 ------w C:\WINDOWS\ServicePackFiles\i386\runonce.exe
    - 2004-08-03 23:56:56 13,312 ------w C:\WINDOWS\ServicePackFiles\i386\savedump.exe
    + 2004-08-03 23:56:56 19,968 ------w C:\WINDOWS\ServicePackFiles\i386\savedump.exe
    - 2004-08-03 23:56:56 95,744 ------w C:\WINDOWS\ServicePackFiles\i386\scardsvr.exe
    + 2004-08-03 23:56:56 102,400 ------w C:\WINDOWS\ServicePackFiles\i386\scardsvr.exe
    - 2004-08-03 23:56:56 36,864 ------w C:\WINDOWS\ServicePackFiles\i386\scrcons.exe
    + 2004-08-03 23:56:56 43,520 ------w C:\WINDOWS\ServicePackFiles\i386\scrcons.exe
    - 2004-08-03 23:56:58 9,216 ------w C:\WINDOWS\ServicePackFiles\i386\scrnsave.scr
    + 2004-08-03 23:56:58 15,872 ------w C:\WINDOWS\ServicePackFiles\i386\scrnsave.scr
    - 2004-08-03 23:56:56 121,856 ------w C:\WINDOWS\ServicePackFiles\i386\sctasks.exe
    + 2004-08-03 23:56:56 128,512 ------w C:\WINDOWS\ServicePackFiles\i386\sctasks.exe
    - 2004-08-03 23:56:56 77,312 ------w C:\WINDOWS\ServicePackFiles\i386\sdbinst.exe
    + 2004-08-03 23:56:56 83,968 ------w C:\WINDOWS\ServicePackFiles\i386\sdbinst.exe
    - 2004-08-03 23:56:56 18,432 ------w C:\WINDOWS\ServicePackFiles\i386\secedit.exe
    + 2004-08-03 23:56:56 25,088 ------w C:\WINDOWS\ServicePackFiles\i386\secedit.exe
    - 2004-08-03 23:56:56 108,032 ------w C:\WINDOWS\ServicePackFiles\i386\services.exe
    + 2004-08-03 23:56:56 114,688 ------w C:\WINDOWS\ServicePackFiles\i386\services.exe
    - 2004-08-03 23:56:58 140,800 ------w C:\WINDOWS\ServicePackFiles\i386\sessmgr.exe
    + 2004-08-03 23:56:58 147,456 ------w C:\WINDOWS\ServicePackFiles\i386\sessmgr.exe
    - 2004-08-03 23:56:58 31,232 ------w C:\WINDOWS\ServicePackFiles\i386\sethc.exe
    + 2004-08-03 23:56:58 37,888 ------w C:\WINDOWS\ServicePackFiles\i386\sethc.exe
    - 2004-08-03 21:12:22 102,400 ------w C:\WINDOWS\ServicePackFiles\i386\setregni.exe
    + 2004-08-03 21:12:22 110,592 ------w C:\WINDOWS\ServicePackFiles\i386\setregni.exe
    - 2004-08-03 23:56:58 23,040 ------w C:\WINDOWS\ServicePackFiles\i386\setup.exe
    + 2004-08-03 23:56:58 29,696 ------w C:\WINDOWS\ServicePackFiles\i386\setup.exe
    - 2004-08-03 23:56:58 774,144 ------w C:\WINDOWS\ServicePackFiles\i386\setup_wm.exe
    + 2004-08-03 23:56:58 782,336 ------w C:\WINDOWS\ServicePackFiles\i386\setup_wm.exe
    - 2004-08-03 23:56:58 73,216 ------w C:\WINDOWS\ServicePackFiles\i386\setup50.exe
    + 2004-08-03 23:56:58 79,872 ------w C:\WINDOWS\ServicePackFiles\i386\setup50.exe
    - 2004-08-03 23:56:58 42,496 ------w C:\WINDOWS\ServicePackFiles\i386\shmgrate.exe
    + 2004-08-03 23:56:58 49,152 ------w C:\WINDOWS\ServicePackFiles\i386\shmgrate.exe
    - 2004-08-03 23:56:58 77,824 ------w C:\WINDOWS\ServicePackFiles\i386\shrpubw.exe
    + 2004-08-03 23:56:58 84,480 ------w C:\WINDOWS\ServicePackFiles\i386\shrpubw.exe
    - 2004-08-03 23:56:58 16,437 ------w C:\WINDOWS\ServicePackFiles\i386\shtml.exe
    + 2004-08-03 23:56:58 24,629 ------w C:\WINDOWS\ServicePackFiles\i386\shtml.exe
    - 2004-08-03 23:56:58 19,456 ------w C:\WINDOWS\ServicePackFiles\i386\shutdown.exe
    + 2004-08-03 23:56:58 26,112 ------w C:\WINDOWS\ServicePackFiles\i386\shutdown.exe
    - 2004-08-03 23:56:58 70,144 ------w C:\WINDOWS\ServicePackFiles\i386\sigverif.exe
    + 2004-08-03 23:56:58 76,800 ------w C:\WINDOWS\ServicePackFiles\i386\sigverif.exe
    - 2004-08-03 23:56:58 26,112 ------w C:\WINDOWS\ServicePackFiles\i386\skeys.exe
    + 2004-08-03 23:56:58 32,768 ------w C:\WINDOWS\ServicePackFiles\i386\skeys.exe
    - 2004-08-03 23:56:58 32,866 ------w C:\WINDOWS\ServicePackFiles\i386\slrundll.exe
    + 2004-08-03 23:56:58 41,058 ------w C:\WINDOWS\ServicePackFiles\i386\slrundll.exe
    - 2004-08-03 23:56:58 73,796 ------w C:\WINDOWS\ServicePackFiles\i386\slserv.exe
    + 2004-08-03 23:56:58 81,988 ------w C:\WINDOWS\ServicePackFiles\i386\slserv.exe
    - 2004-08-03 23:56:58 8,192 ------w C:\WINDOWS\ServicePackFiles\i386\smbinst.exe
    + 2004-08-03 23:56:58 14,848 ------w C:\WINDOWS\ServicePackFiles\i386\smbinst.exe
    - 2004-08-03 23:56:58 236,544 ------w C:\WINDOWS\ServicePackFiles\i386\smi2smir.exe
    + 2004-08-03 23:56:58 243,200 ------w C:\WINDOWS\ServicePackFiles\i386\smi2smir.exe
    - 2004-08-03 23:56:58 89,600 ------w C:\WINDOWS\ServicePackFiles\i386\smlogsvc.exe
    + 2004-08-03 23:56:58 96,256 ------w C:\WINDOWS\ServicePackFiles\i386\smlogsvc.exe
    - 2004-08-03 23:56:58 131,584 ------w C:\WINDOWS\ServicePackFiles\i386\sndrec32.exe
    + 2004-08-03 23:56:58 138,240 ------w C:\WINDOWS\ServicePackFiles\i386\sndrec32.exe
    - 2004-08-03 23:56:58 32,768 ------w C:\WINDOWS\ServicePackFiles\i386\snmp.exe
    + 2004-08-03 23:56:58 39,424 ------w C:\WINDOWS\ServicePackFiles\i386\snmp.exe
    - 2004-08-03 23:56:58 8,704 ------w C:\WINDOWS\ServicePackFiles\i386\snmptrap.exe
    + 2004-08-03 23:56:58 15,360 ------w C:\WINDOWS\ServicePackFiles\i386\snmptrap.exe
    - 2004-08-03 23:56:58 8,192 ------w C:\WINDOWS\ServicePackFiles\i386\spdwnwxp.exe
    + 2004-08-03 23:56:58 14,848 ------w C:\WINDOWS\ServicePackFiles\i386\spdwnwxp.exe
    - 2004-08-03 23:56:58 538,624 ------w C:\WINDOWS\ServicePackFiles\i386\spider.exe
    + 2004-08-03 23:56:58 545,280 ------w C:\WINDOWS\ServicePackFiles\i386\spider.exe
    - 2004-08-03 21:59:36 12,800 ------w C:\WINDOWS\ServicePackFiles\i386\spiisupd.exe
    + 2004-08-03 21:59:36 19,456 ------w C:\WINDOWS\ServicePackFiles\i386\spiisupd.exe
    - 2004-08-03 23:56:58 11,776 ------w C:\WINDOWS\ServicePackFiles\i386\spnpinst.exe
    + 2004-08-03 23:56:58 18,432 ------w C:\WINDOWS\ServicePackFiles\i386\spnpinst.exe
    - 2004-08-03 23:56:58 57,856 ------w C:\WINDOWS\ServicePackFiles\i386\spoolsv.exe
    + 2004-08-03 23:56:58 64,512 ------w C:\WINDOWS\ServicePackFiles\i386\spoolsv.exe
    - 2004-08-03 23:56:58 21,504 ------w C:\WINDOWS\ServicePackFiles\i386\spupdwxp.exe
    + 2004-08-03 23:56:58 28,160 ------w C:\WINDOWS\ServicePackFiles\i386\spupdwxp.exe
    - 2004-08-03 23:56:58 704,512 ------w C:\WINDOWS\ServicePackFiles\i386\ss3dfo.scr
    + 2004-08-03 23:56:58 712,704 ------w C:\WINDOWS\ServicePackFiles\i386\ss3dfo.scr
    - 2004-08-03 23:56:58 19,968 ------w C:\WINDOWS\ServicePackFiles\i386\ssbezier.scr
    + 2004-08-03 23:56:58 26,624 ------w C:\WINDOWS\ServicePackFiles\i386\ssbezier.scr
    - 2004-08-03 23:56:58 393,216 ------w C:\WINDOWS\ServicePackFiles\i386\ssflwbox.scr
    + 2004-08-03 23:56:58 401,408 ------w C:\WINDOWS\ServicePackFiles\i386\ssflwbox.scr
    - 2004-08-03 23:56:58 20,992 ------w C:\WINDOWS\ServicePackFiles\i386\ssmarque.scr
    + 2004-08-03 23:56:58 27,648 ------w C:\WINDOWS\ServicePackFiles\i386\ssmarque.scr
    - 2004-08-03 23:56:58 47,104 ------w C:\WINDOWS\ServicePackFiles\i386\ssmypics.scr
    + 2004-08-03 23:56:58 53,760 ------w C:\WINDOWS\ServicePackFiles\i386\ssmypics.scr
    - 2004-08-03 23:56:58 18,944 ------w C:\WINDOWS\ServicePackFiles\i386\ssmyst.scr
    + 2004-08-03 23:56:58 25,600 ------w C:\WINDOWS\ServicePackFiles\i386\ssmyst.scr
    - 2004-08-03 23:56:58 610,304 ------w C:\WINDOWS\ServicePackFiles\i386\sspipes.scr
    + 2004-08-03 23:56:58 618,496 ------w C:\WINDOWS\ServicePackFiles\i386\sspipes.scr
    - 2004-08-03 23:56:58 14,336 ------w C:\WINDOWS\ServicePackFiles\i386\ssstars.scr
    + 2004-08-03 23:56:58 20,992 ------w C:\WINDOWS\ServicePackFiles\i386\ssstars.scr
    - 2004-08-03 23:56:58 679,936 ------w C:\WINDOWS\ServicePackFiles\i386\sstext3d.scr
    + 2004-08-03 23:56:58 688,128 ------w C:\WINDOWS\ServicePackFiles\i386\sstext3d.scr
    - 2004-08-03 23:56:58 14,848 ------w C:\WINDOWS\ServicePackFiles\i386\stimon.exe
    + 2004-08-03 23:56:58 21,504 ------w C:\WINDOWS\ServicePackFiles\i386\stimon.exe
    - 2004-08-03 23:56:58 16,449 ------w C:\WINDOWS\ServicePackFiles\i386\stub_fpsrvadm.exe
    + 2004-08-03 23:56:58 24,641 ------w C:\WINDOWS\ServicePackFiles\i386\stub_fpsrvadm.exe
    - 2004-08-03 23:56:58 65,601 ------w C:\WINDOWS\ServicePackFiles\i386\stub_fpsrvwin.exe
    + 2004-08-03 23:56:58 73,793 ------w C:\WINDOWS\ServicePackFiles\i386\stub_fpsrvwin.exe
    - 2004-08-03 23:56:58 14,336 ------w C:\WINDOWS\ServicePackFiles\i386\svchost.exe
    + 2004-08-03 23:56:58 20,992 ------w C:\WINDOWS\ServicePackFiles\i386\svchost.exe
    - 2004-08-03 23:56:58 105,984 ------w C:\WINDOWS\ServicePackFiles\i386\sysocmgr.exe
    + 2004-08-03 23:56:58 112,640 ------w C:\WINDOWS\ServicePackFiles\i386\sysocmgr.exe
    - 2004-08-03 23:56:58 135,680 ------w C:\WINDOWS\ServicePackFiles\i386\taskmgr.exe
    + 2004-08-03 23:56:58 142,336 ------w C:\WINDOWS\ServicePackFiles\i386\taskmgr.exe
    - 2004-08-03 23:56:58 32,827 ------w C:\WINDOWS\ServicePackFiles\i386\tcptest.exe
    + 2004-08-03 23:56:58 41,019 ------w C:\WINDOWS\ServicePackFiles\i386\tcptest.exe
    - 2004-08-03 23:56:58 75,264 ------w C:\WINDOWS\ServicePackFiles\i386\telnet.exe
    + 2004-08-03 23:56:58 81,920 ------w C:\WINDOWS\ServicePackFiles\i386\telnet.exe
    - 2004-08-03 23:56:58 61,440 ------w C:\WINDOWS\ServicePackFiles\i386\tlntadmn.exe
    + 2004-08-03 23:56:58 68,096 ------w C:\WINDOWS\ServicePackFiles\i386\tlntadmn.exe
    - 2004-08-03 23:56:58 78,336 ------w C:\WINDOWS\ServicePackFiles\i386\tlntsess.exe
    + 2004-08-03 23:56:58 84,992 ------w C:\WINDOWS\ServicePackFiles\i386\tlntsess.exe
    - 2004-08-03 23:56:58 73,216 ------w C:\WINDOWS\ServicePackFiles\i386\tlntsvr.exe
    + 2004-08-03 23:56:58 79,872 ------w C:\WINDOWS\ServicePackFiles\i386\tlntsvr.exe
    - 2004-08-03 21:12:46 118,784 ------w C:\WINDOWS\ServicePackFiles\i386\togac.exe
    + 2004-08-03 21:12:46 126,976 ------w C:\WINDOWS\ServicePackFiles\i386\togac.exe
    - 2004-08-03 23:56:58 347,136 ------w C:\WINDOWS\ServicePackFiles\i386\tourstrt.exe
    + 2004-08-03 23:56:58 353,792 ------w C:\WINDOWS\ServicePackFiles\i386\tourstrt.exe
    - 2004-08-03 23:56:58 82,432 ------w C:\WINDOWS\ServicePackFiles\i386\tp4mon.exe
    + 2004-08-03 23:56:58 89,088 ------w C:\WINDOWS\ServicePackFiles\i386\tp4mon.exe
    - 2004-08-03 23:56:58 259,584 ------w C:\WINDOWS\ServicePackFiles\i386\tracerpt.exe
    + 2004-08-03 23:56:58 266,240 ------w C:\WINDOWS\ServicePackFiles\i386\tracerpt.exe
    - 2004-08-03 23:56:58 12,288 ------w C:\WINDOWS\ServicePackFiles\i386\tracert.exe
    + 2004-08-03 23:56:58 18,944 ------w C:\WINDOWS\ServicePackFiles\i386\tracert.exe
    - 2004-08-03 21:59:28 44,544 ------w C:\WINDOWS\ServicePackFiles\i386\tscupgrd.exe
    + 2004-08-03 21:59:28 51,200 ------w C:\WINDOWS\ServicePackFiles\i386\tscupgrd.exe
    - 2004-08-03 23:56:58 208,896 ------w C:\WINDOWS\ServicePackFiles\i386\unregmp2.exe
    + 2004-08-03 23:56:58 217,088 ------w C:\WINDOWS\ServicePackFiles\i386\unregmp2.exe
    - 2004-08-03 23:56:58 150,528 ------w C:\WINDOWS\ServicePackFiles\i386\uploadm.exe
    + 2004-08-03 23:56:58 157,184 ------w C:\WINDOWS\ServicePackFiles\i386\uploadm.exe
    - 2004-08-03 23:56:58 16,896 ------w C:\WINDOWS\ServicePackFiles\i386\upnpcont.exe
    + 2004-08-03 23:56:58 23,552 ------w C:\WINDOWS\ServicePackFiles\i386\upnpcont.exe
    - 2004-08-03 23:56:58 18,432 ------w C:\WINDOWS\ServicePackFiles\i386\ups.exe
    + 2004-08-03 23:56:58 25,088 ------w C:\WINDOWS\ServicePackFiles\i386\ups.exe
    - 2004-08-03 23:56:58 24,576 ------w C:\WINDOWS\ServicePackFiles\i386\userinit.exe
    + 2004-08-03 23:56:58 31,232 ------w C:\WINDOWS\ServicePackFiles\i386\userinit.exe
    - 2004-08-03 23:56:58 50,176 ------w C:\WINDOWS\ServicePackFiles\i386\utilman.exe
    + 2004-08-03 23:56:58 56,832 ------w C:\WINDOWS\ServicePackFiles\i386\utilman.exe
    - 2004-07-19 17:54:22 716,800 ------w C:\WINDOWS\ServicePackFiles\i386\vbc.exe
    + 2004-07-19 17:54:22 724,992 ------w C:\WINDOWS\ServicePackFiles\i386\vbc.exe
    - 2004-08-03 23:56:58 289,792 ------w C:\WINDOWS\ServicePackFiles\i386\vssvc.exe
    + 2004-08-03 23:56:58 296,448 ------w C:\WINDOWS\ServicePackFiles\i386\vssvc.exe
    - 2004-08-03 23:56:58 46,080 ------w C:\WINDOWS\ServicePackFiles\i386\wab.exe
    + 2004-08-03 23:56:58 52,736 ------w C:\WINDOWS\ServicePackFiles\i386\wab.exe
    - 2004-08-03 23:56:58 30,208 ------w C:\WINDOWS\ServicePackFiles\i386\wabmig.exe
    + 2004-08-03 23:56:58 36,864 ------w C:\WINDOWS\ServicePackFiles\i386\wabmig.exe
    - 2004-08-03 23:56:58 116,224 ------w C:\WINDOWS\ServicePackFiles\i386\wbemtest.exe
    + 2004-08-03 23:56:58 122,880 ------w C:\WINDOWS\ServicePackFiles\i386\wbemtest.exe
    - 2004-08-03 23:56:58 65,536 ------w C:\WINDOWS\ServicePackFiles\i386\wextract.exe
    + 2004-08-03 23:56:58 72,192 ------w C:\WINDOWS\ServicePackFiles\i386\wextract.exe
    - 2004-08-03 23:56:58 433,664 ------w C:\WINDOWS\ServicePackFiles\i386\wiaacmgr.exe
    + 2004-08-03 23:56:58 440,320 ------w C:\WINDOWS\ServicePackFiles\i386\wiaacmgr.exe
    - 2004-08-03 23:56:58 283,648 ------w C:\WINDOWS\ServicePackFiles\i386\winhlp32.exe
    + 2004-08-03 23:56:58 290,304 ------w C:\WINDOWS\ServicePackFiles\i386\winhlp32.exe
    - 2004-08-03 23:56:58 502,272 ------w C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
    + 2004-08-03 23:56:58 508,928 ------w C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
    - 2004-08-03 23:56:58 5,632 ------w C:\WINDOWS\ServicePackFiles\i386\winver.exe
    + 2004-08-03 23:56:58 12,288 ------w C:\WINDOWS\ServicePackFiles\i386\winver.exe
    - 2004-08-03 23:56:58 196,608 ------w C:\WINDOWS\ServicePackFiles\i386\wmiadap.exe
    + 2004-08-03 23:56:58 203,264 ------w C:\WINDOWS\ServicePackFiles\i386\wmiadap.exe
    - 2004-08-03 23:56:58 126,464 ------w C:\WINDOWS\ServicePackFiles\i386\wmiapsrv.exe
    + 2004-08-03 23:56:58 133,120 ------w C:\WINDOWS\ServicePackFiles\i386\wmiapsrv.exe
    - 2004-08-03 23:56:58 358,912 ------w C:\WINDOWS\ServicePackFiles\i386\wmic.exe
    + 2004-08-03 23:56:58 365,568 ------w C:\WINDOWS\ServicePackFiles\i386\wmic.exe
    - 2004-08-03 23:56:58 218,112 ------w C:\WINDOWS\ServicePackFiles\i386\wmiprvse.exe
    + 2004-08-03 23:56:58 224,768 ------w C:\WINDOWS\ServicePackFiles\i386\wmiprvse.exe
    - 2004-08-03 23:56:58 73,728 ------w C:\WINDOWS\ServicePackFiles\i386\wmplayer.exe
    + 2004-08-03 23:56:58 81,920 ------w C:\WINDOWS\ServicePackFiles\i386\wmplayer.exe
    - 2004-08-03 23:56:58 214,528 ------w C:\WINDOWS\ServicePackFiles\i386\wordpad.exe
    + 2004-08-03 23:56:58 221,184 ------w C:\WINDOWS\ServicePackFiles\i386\wordpad.exe
    - 2004-08-03 23:56:58 32,256 ------w C:\WINDOWS\ServicePackFiles\i386\wpabaln.exe
    + 2004-08-03 23:56:58 38,912 ------w C:\WINDOWS\ServicePackFiles\i386\wpabaln.exe
    - 2004-08-03 23:56:58 32,256 ------w C:\WINDOWS\ServicePackFiles\i386\wpnpinst.exe
    + 2004-08-03 23:56:58 38,912 ------w C:\WINDOWS\ServicePackFiles\i386\wpnpinst.exe
    - 2004-08-03 23:56:58 13,824 ------w C:\WINDOWS\ServicePackFiles\i386\wscntfy.exe
    + 2004-08-03 23:56:58 20,480 ------w C:\WINDOWS\ServicePackFiles\i386\wscntfy.exe
    - 2004-08-03 23:56:58 114,688 ------w C:\WINDOWS\ServicePackFiles\i386\wscript.exe
    + 2004-08-03 23:56:58 122,880 ------w C:\WINDOWS\ServicePackFiles\i386\wscript.exe
    - 2004-08-03 23:56:58 111,104 ------w C:\WINDOWS\ServicePackFiles\i386\wuauclt.exe
    + 2004-08-03 23:56:58 117,760 ------w C:\WINDOWS\ServicePackFiles\i386\wuauclt.exe
    - 2004-08-03 23:56:58 165,888 ------w C:\WINDOWS\ServicePackFiles\i386\wuauclt1.exe
    + 2004-08-03 23:56:58 172,544 ------w C:\WINDOWS\ServicePackFiles\i386\wuauclt1.exe
    - 2004-08-03 23:56:58 30,720 ------w C:\WINDOWS\ServicePackFiles\i386\xcopy.exe
    + 2004-08-03 23:56:58 37,376 ------w C:\WINDOWS\ServicePackFiles\i386\xcopy.exe
    - 2002-02-18 08:23:10 46,352 ----a-w C:\WINDOWS\setdebug.exe
    + 2002-02-18 08:23:10 53,008 ----a-w C:\WINDOWS\setdebug.exe
    - 2004-10-04 14:19:39 249,856 ------w C:\WINDOWS\Setup1.exe
    + 2004-10-04 14:19:39 258,048 ------w C:\WINDOWS\Setup1.exe
    - 2004-08-03 23:56:58 32,866 ------w C:\WINDOWS\slrundll.exe
    + 2004-08-03 23:56:58 41,058 ------w C:\WINDOWS\slrundll.exe
    - 2004-10-04 14:19:38 73,216 ----a-w C:\WINDOWS\ST6UNST.EXE
    + 2004-10-04 14:19:38 79,872 ----a-w C:\WINDOWS\ST6UNST.EXE
    - 2000-08-31 06:00:00 136,704 ----a-w C:\WINDOWS\swsc.exe
    + 2000-08-31 06:00:00 144,384 ----a-w C:\WINDOWS\swsc.exe
    - 2000-08-31 06:00:00 212,480 ----a-w C:\WINDOWS\swxcacls.exe
    + 2000-08-31 06:00:00 219,136 ----a-w C:\WINDOWS\swxcacls.exe
    - 2004-08-03 23:56:50 9,728 ----a-w C:\WINDOWS\system32\Com\comrepl.exe
    + 2004-08-03 23:56:50 16,384 ----a-w C:\WINDOWS\system32\Com\comrepl.exe
    - 2001-08-23 12:00:00 5,120 ----a-w C:\WINDOWS\system32\Com\comrereg.exe
    + 2001-08-23 12:00:00 11,776 ----a-w C:\WINDOWS\system32\Com\comrereg.exe
    - 2008-05-22 19:13:27 16,384 ----a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
    + 2008-05-26 19:14:24 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
    - 2008-05-22 19:13:27 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
    + 2008-05-26 19:14:24 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
    + 2008-05-22 20:25:22 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008052220080523\index.dat
    - 2008-05-22 19:13:27 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
    + 2008-05-26 19:14:24 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
    - 2001-08-23 12:00:00 19,456 -c--a-w C:\WINDOWS\system32\dllcache\arp.exe
    + 2001-08-23 12:00:00 26,112 -c--a-w C:\WINDOWS\system32\dllcache\arp.exe
    - 2001-08-23 12:00:00 32,256 -c--a-w C:\WINDOWS\system32\dllcache\asr_ldm.exe
    + 2001-08-23 12:00:00 38,912 -c--a-w C:\WINDOWS\system32\dllcache\asr_ldm.exe
    - 2001-08-23 12:00:00 11,264 -c--a-w C:\WINDOWS\system32\dllcache\attrib.exe
    + 2001-08-23 12:00:00 17,920 -c--a-w C:\WINDOWS\system32\dllcache\attrib.exe
    - 2001-08-23 12:00:00 42,577 -c--a-w C:\WINDOWS\system32\dllcache\bckgzm.exe
    + 2001-08-23 12:00:00 49,233 -c--a-w C:\WINDOWS\system32\dllcache\bckgzm.exe
    - 2001-08-23 12:00:00 136,704 -c--a-w C:\WINDOWS\system32\dllcache\bootcfg.exe
    + 2001-08-23 12:00:00 143,360 -c--a-w C:\WINDOWS\system32\dllcache\bootcfg.exe
    - 2001-08-23 12:00:00 4,608 -c--a-w C:\WINDOWS\system32\dllcache\bootok.exe
    + 2001-08-23 12:00:00 11,264 -c--a-w C:\WINDOWS\system32\dllcache\bootok.exe
    - 2001-08-23 12:00:00 5,120 -c--a-w C:\WINDOWS\system32\dllcache\bootvrfy.exe
    + 2001-08-23 12:00:00 11,776 -c--a-w C:\WINDOWS\system32\dllcache\bootvrfy.exe
    - 2001-08-23 12:00:00 18,432 -c--a-w C:\WINDOWS\system32\dllcache\cacls.exe
    + 2001-08-23 12:00:00 25,088 -c--a-w C:\WINDOWS\system32\dllcache\cacls.exe
    - 2001-08-23 12:00:00 114,688 -c--a-w C:\WINDOWS\system32\dllcache\calc.exe
    + 2001-08-23 12:00:00 121,344 -c--a-w C:\WINDOWS\system32\dllcache\calc.exe
    - 2001-08-23 12:00:00 12,288 -c--a-w C:\WINDOWS\system32\dllcache\cb32.exe
    + 2001-08-23 12:00:00 20,480 -c--a-w C:\WINDOWS\system32\dllcache\cb32.exe
    - 2001-08-23 12:00:00 9,728 -c--a-w C:\WINDOWS\system32\dllcache\change.exe
    + 2001-08-23 12:00:00 16,384 -c--a-w C:\WINDOWS\system32\dllcache\change.exe
    - 2001-08-23 12:00:00 80,384 -c--a-w C:\WINDOWS\system32\dllcache\charmap.exe
    + 2001-08-23 12:00:00 87,040 -c--a-w C:\WINDOWS\system32\dllcache\charmap.exe
    - 2001-08-23 12:00:00 13,312 -c--a-w C:\WINDOWS\system32\dllcache\chglogon.exe
    + 2001-08-23 12:00:00 19,968 -c--a-w C:\WINDOWS\system32\dllcache\chglogon.exe
    - 2001-08-23 12:00:00 15,872 -c--a-w C:\WINDOWS\system32\dllcache\chgport.exe
    + 2001-08-23 12:00:00 22,528 -c--a-w C:\WINDOWS\system32\dllcache\chgport.exe
    - 2001-08-23 12:00:00 14,336 -c--a-w C:\WINDOWS\system32\dllcache\chgusr.exe
    + 2001-08-23 12:00:00 20,992 -c--a-w C:\WINDOWS\system32\dllcache\chgusr.exe
    - 2001-08-23 12:00:00 11,776 -c--a-w C:\WINDOWS\system32\dllcache\chkdsk.exe
    + 2001-08-23 12:00:00 18,432 -c--a-w C:\WINDOWS\system32\dllcache\chkdsk.exe
    - 2001-08-23 12:00:00 11,264 -c--a-w C:\WINDOWS\system32\dllcache\chkntfs.exe
    + 2001-08-23 12:00:00 17,920 -c--a-w C:\WINDOWS\system32\dllcache\chkntfs.exe
    - 2001-08-23 12:00:00 42,575 -c--a-w C:\WINDOWS\system32\dllcache\chkrzm.exe
    + 2001-08-23 12:00:00 49,231 -c--a-w C:\WINDOWS\system32\dllcache\chkrzm.exe
    - 2001-08-23 12:00:00 8,192 -c--a-w C:\WINDOWS\system32\dllcache\cidaemon.exe
    + 2001-08-23 12:00:00 14,848 -c--a-w C:\WINDOWS\system32\dllcache\cidaemon.exe
    - 2001-08-23 12:00:00 7,680 -c--a-w C:\WINDOWS\system32\dllcache\ckcnv.exe
    + 2001-08-23 12:00:00 14,336 -c--a-w C:\WINDOWS\system32\dllcache\ckcnv.exe
    - 2001-08-23 12:00:00 15,872 -c--a-w C:\WINDOWS\system32\dllcache\comp.exe
    + 2001-08-23 12:00:00 22,528 -c--a-w C:\WINDOWS\system32\dllcache\comp.exe
    - 2001-08-23 12:00:00 17,408 -c--a-w C:\WINDOWS\system32\dllcache\compact.exe
    + 2001-08-23 12:00:00 24,064 -c--a-w C:\WINDOWS\system32\dllcache\compact.exe
    - 2001-08-23 12:00:00 5,120 -c--a-w C:\WINDOWS\system32\dllcache\comrereg.exe
    + 2001-08-23 12:00:00 11,776 -c--a-w C:\WINDOWS\system32\dllcache\comrereg.exe
    - 2001-08-23 12:00:00 8,192 -c--a-w C:\WINDOWS\system32\dllcache\control.exe
    26 Mai 2008 21:51:44

    Et:

    + 2001-08-23 12:00:00 14,848 -c--a-w C:\WINDOWS\system32\dllcache\control.exe
    - 2001-08-23 12:00:00 13,824 -c--a-w C:\WINDOWS\system32\dllcache\convert.exe
    + 2001-08-23 12:00:00 20,480 -c--a-w C:\WINDOWS\system32\dllcache\convert.exe
    - 2001-08-23 12:00:00 56,320 -c--a-w C:\WINDOWS\system32\dllcache\convlog.exe
    + 2001-08-23 12:00:00 62,976 -c--a-w C:\WINDOWS\system32\dllcache\convlog.exe
    - 2001-08-23 12:00:00 18,944 -c--a-w C:\WINDOWS\system32\dllcache\cprofile.exe
    + 2001-08-23 12:00:00 25,600 -c--a-w C:\WINDOWS\system32\dllcache\cprofile.exe
    - 2001-08-23 12:00:00 5,120 -c--a-w C:\WINDOWS\system32\dllcache\dcomcnfg.exe
    + 2001-08-23 12:00:00 11,776 -c--a-w C:\WINDOWS\system32\dllcache\dcomcnfg.exe
    - 2001-08-23 12:00:00 17,920 -c--a-w C:\WINDOWS\system32\dllcache\diskperf.exe
    + 2001-08-23 12:00:00 24,576 -c--a-w C:\WINDOWS\system32\dllcache\diskperf.exe
    - 2001-08-23 12:00:00 4,608 -c--a-w C:\WINDOWS\system32\dllcache\dllhst3g.exe
    + 2001-08-23 12:00:00 11,264 -c--a-w C:\WINDOWS\system32\dllcache\dllhst3g.exe
    - 2001-08-23 12:00:00 10,752 -c--a-w C:\WINDOWS\system32\dllcache\doskey.exe
    + 2001-08-23 12:00:00 17,408 -c--a-w C:\WINDOWS\system32\dllcache\doskey.exe
    - 2001-08-23 12:00:00 58,368 -c--a-w C:\WINDOWS\system32\dllcache\drvqry.exe
    + 2001-08-23 12:00:00 65,024 -c--a-w C:\WINDOWS\system32\dllcache\drvqry.exe
    - 2001-08-23 12:00:00 45,568 -c--a-w C:\WINDOWS\system32\dllcache\drwtsn32.exe
    + 2001-08-23 12:00:00 52,224 -c--a-w C:\WINDOWS\system32\dllcache\drwtsn32.exe
    - 2001-08-23 12:00:00 39,424 -c--a-w C:\WINDOWS\system32\dllcache\esentutl.exe
    + 2001-08-23 12:00:00 46,080 -c--a-w C:\WINDOWS\system32\dllcache\esentutl.exe
    - 2001-08-23 12:00:00 8,704 -c--a-w C:\WINDOWS\system32\dllcache\eventvwr.exe
    + 2001-08-23 12:00:00 15,360 -c--a-w C:\WINDOWS\system32\dllcache\eventvwr.exe
    - 2001-08-23 12:00:00 77,824 -c--a-w C:\WINDOWS\system32\dllcache\evtrig.exe
    + 2001-08-23 12:00:00 84,480 -c--a-w C:\WINDOWS\system32\dllcache\evtrig.exe
    - 2001-08-17 20:36:54 23,040 -c--a-w C:\WINDOWS\system32\dllcache\EXCH_regtrace.exe
    + 2001-08-17 20:36:54 29,696 -c--a-w C:\WINDOWS\system32\dllcache\EXCH_regtrace.exe
    - 2001-08-23 12:00:00 15,872 -c--a-w C:\WINDOWS\system32\dllcache\expand.exe
    + 2001-08-23 12:00:00 22,528 -c--a-w C:\WINDOWS\system32\dllcache\expand.exe
    - 2001-08-23 12:00:00 14,848 -c--a-w C:\WINDOWS\system32\dllcache\fc.exe
    + 2001-08-23 12:00:00 21,504 -c--a-w C:\WINDOWS\system32\dllcache\fc.exe
    - 2001-08-23 12:00:00 9,216 -c--a-w C:\WINDOWS\system32\dllcache\find.exe
    + 2001-08-23 12:00:00 15,872 -c--a-w C:\WINDOWS\system32\dllcache\find.exe
    - 2001-08-23 12:00:00 9,216 -c--a-w C:\WINDOWS\system32\dllcache\finger.exe
    + 2001-08-23 12:00:00 15,872 -c--a-w C:\WINDOWS\system32\dllcache\finger.exe
    - 2001-08-23 12:00:00 3,072 -c--a-w C:\WINDOWS\system32\dllcache\fixmapi.exe
    + 2001-08-23 12:00:00 9,728 -c--a-w C:\WINDOWS\system32\dllcache\fixmapi.exe
    - 2001-08-23 12:00:00 14,848 -c--a-w C:\WINDOWS\system32\dllcache\flattemp.exe
    + 2001-08-23 12:00:00 21,504 -c--a-w C:\WINDOWS\system32\dllcache\flattemp.exe
    - 2001-08-23 12:00:00 7,168 -c--a-w C:\WINDOWS\system32\dllcache\forcedos.exe
    + 2001-08-23 12:00:00 13,824 -c--a-w C:\WINDOWS\system32\dllcache\forcedos.exe
    - 2001-08-23 12:00:00 55,296 -c--a-w C:\WINDOWS\system32\dllcache\freecell.exe
    + 2001-08-23 12:00:00 61,952 -c--a-w C:\WINDOWS\system32\dllcache\freecell.exe
    - 2001-08-23 12:00:00 56,320 -c--a-w C:\WINDOWS\system32\dllcache\fsutil.exe
    + 2001-08-23 12:00:00 62,976 -c--a-w C:\WINDOWS\system32\dllcache\fsutil.exe
    - 2001-08-23 12:00:00 11,264 -c--a-w C:\WINDOWS\system32\dllcache\fxssend.exe
    + 2001-08-23 12:00:00 17,920 -c--a-w C:\WINDOWS\system32\dllcache\fxssend.exe
    - 2001-08-23 12:00:00 55,296 -c--a-w C:\WINDOWS\system32\dllcache\getmac.exe
    + 2001-08-23 12:00:00 61,952 -c--a-w C:\WINDOWS\system32\dllcache\getmac.exe
    - 2001-08-23 12:00:00 57,344 -c--a-w C:\WINDOWS\system32\dllcache\gpupdate.exe
    + 2001-08-23 12:00:00 64,000 -c--a-w C:\WINDOWS\system32\dllcache\gpupdate.exe
    - 2001-08-23 12:00:00 14,848 -c--a-w C:\WINDOWS\system32\dllcache\help.exe
    + 2001-08-23 12:00:00 21,504 -c--a-w C:\WINDOWS\system32\dllcache\help.exe
    - 2001-08-23 12:00:00 99,840 -c--a-w C:\WINDOWS\system32\dllcache\helphost.exe
    + 2001-08-23 12:00:00 106,496 -c--a-w C:\WINDOWS\system32\dllcache\helphost.exe
    - 2001-08-23 12:00:00 7,680 -c--a-w C:\WINDOWS\system32\dllcache\hostname.exe
    + 2001-08-23 12:00:00 14,336 -c--a-w C:\WINDOWS\system32\dllcache\hostname.exe
    - 2001-08-23 12:00:00 42,573 -c--a-w C:\WINDOWS\system32\dllcache\hrtzzm.exe
    + 2001-08-23 12:00:00 49,229 -c--a-w C:\WINDOWS\system32\dllcache\hrtzzm.exe
    - 2001-08-23 12:00:00 73,728 -c--a-w C:\WINDOWS\system32\dllcache\icwtutor.exe
    + 2001-08-23 12:00:00 81,920 -c--a-w C:\WINDOWS\system32\dllcache\icwtutor.exe
    - 2001-08-23 12:00:00 14,336 -c--a-w C:\WINDOWS\system32\dllcache\iisreset.exe
    + 2001-08-23 12:00:00 20,992 -c--a-w C:\WINDOWS\system32\dllcache\iisreset.exe
    - 2001-08-23 12:00:00 6,656 -c--a-w C:\WINDOWS\system32\dllcache\iissync.exe
    + 2001-08-23 12:00:00 13,312 -c--a-w C:\WINDOWS\system32\dllcache\iissync.exe
    - 2001-08-23 12:00:00 7,680 -c--a-w C:\WINDOWS\system32\dllcache\inetmgr.exe
    + 2001-08-23 12:00:00 14,336 -c--a-w C:\WINDOWS\system32\dllcache\inetmgr.exe
    - 2001-08-23 12:00:00 44,032 -c--a-w C:\WINDOWS\system32\dllcache\ipsec6.exe
    + 2001-08-23 12:00:00 50,688 -c--a-w C:\WINDOWS\system32\dllcache\ipsec6.exe
    - 2001-08-23 12:00:00 16,384 -c--a-w C:\WINDOWS\system32\dllcache\isignup.exe
    + 2001-08-23 12:00:00 24,576 -c--a-w C:\WINDOWS\system32\dllcache\isignup.exe
    - 2001-08-23 12:00:00 9,728 -c--a-w C:\WINDOWS\system32\dllcache\label.exe
    + 2001-08-23 12:00:00 16,384 -c--a-w C:\WINDOWS\system32\dllcache\label.exe
    - 2001-08-23 12:00:00 29,696 -c--a-w C:\WINDOWS\system32\dllcache\lights.exe
    + 2001-08-23 12:00:00 36,352 -c--a-w C:\WINDOWS\system32\dllcache\lights.exe
    - 2001-08-23 12:00:00 25,088 -c--a-w C:\WINDOWS\system32\dllcache\lnkstub.exe
    + 2001-08-23 12:00:00 31,744 -c--a-w C:\WINDOWS\system32\dllcache\lnkstub.exe
    - 2001-08-23 12:00:00 5,120 -c--a-w C:\WINDOWS\system32\dllcache\lodctr.exe
    + 2001-08-23 12:00:00 11,776 -c--a-w C:\WINDOWS\system32\dllcache\lodctr.exe
    - 2005-01-27 23:21:46 96,768 -c--a-w C:\WINDOWS\system32\dllcache\logagent.exe
    + 2005-01-27 23:21:46 103,424 -c--a-w C:\WINDOWS\system32\dllcache\logagent.exe
    - 2001-08-23 12:00:00 15,360 -c--a-w C:\WINDOWS\system32\dllcache\logoff.exe
    + 2001-08-23 12:00:00 22,016 -c--a-w C:\WINDOWS\system32\dllcache\logoff.exe
    - 2001-08-23 12:00:00 6,144 -c--a-w C:\WINDOWS\system32\dllcache\lpq.exe
    + 2001-08-23 12:00:00 12,800 -c--a-w C:\WINDOWS\system32\dllcache\lpq.exe
    - 2001-08-23 12:00:00 8,192 -c--a-w C:\WINDOWS\system32\dllcache\lpr.exe
    + 2001-08-23 12:00:00 14,848 -c--a-w C:\WINDOWS\system32\dllcache\lpr.exe
    - 2001-08-23 12:00:00 34,304 -c--a-w C:\WINDOWS\system32\dllcache\migisol.exe
    + 2001-08-23 12:00:00 40,960 -c--a-w C:\WINDOWS\system32\dllcache\migisol.exe
    - 2001-08-23 12:00:00 8,192 -c--a-w C:\WINDOWS\system32\dllcache\mountvol.exe
    + 2001-08-23 12:00:00 14,848 -c--a-w C:\WINDOWS\system32\dllcache\mountvol.exe
    - 2001-08-23 12:00:00 22,016 -c--a-w C:\WINDOWS\system32\dllcache\mpnotify.exe
    + 2001-08-23 12:00:00 28,672 -c--a-w C:\WINDOWS\system32\dllcache\mpnotify.exe
    - 2001-08-23 12:00:00 12,800 -c--a-w C:\WINDOWS\system32\dllcache\mrinfo.exe
    + 2001-08-23 12:00:00 19,456 -c--a-w C:\WINDOWS\system32\dllcache\mrinfo.exe
    - 2001-08-23 12:00:00 20,992 -c--a-w C:\WINDOWS\system32\dllcache\msg.exe
    + 2001-08-23 12:00:00 27,648 -c--a-w C:\WINDOWS\system32\dllcache\msg.exe
    - 2001-08-23 12:00:00 126,976 -c--a-w C:\WINDOWS\system32\dllcache\mshearts.exe
    + 2001-08-23 12:00:00 133,632 -c--a-w C:\WINDOWS\system32\dllcache\mshearts.exe
    - 2001-08-23 12:00:00 39,936 -c--a-w C:\WINDOWS\system32\dllcache\msinfo32.exe
    + 2001-08-23 12:00:00 46,592 -c--a-w C:\WINDOWS\system32\dllcache\msinfo32.exe
    - 2001-08-23 12:00:00 28,160 -c--a-w C:\WINDOWS\system32\dllcache\msoobe.exe
    + 2001-08-23 12:00:00 34,816 -c--a-w C:\WINDOWS\system32\dllcache\msoobe.exe
    - 2001-08-23 12:00:00 6,656 -c--a-w C:\WINDOWS\system32\dllcache\msswchx.exe
    + 2001-08-23 12:00:00 13,312 -c--a-w C:\WINDOWS\system32\dllcache\msswchx.exe
    - 2001-08-23 12:00:00 20,480 -c--a-w C:\WINDOWS\system32\dllcache\nbtstat.exe
    + 2001-08-23 12:00:00 27,136 -c--a-w C:\WINDOWS\system32\dllcache\nbtstat.exe
    - 2001-08-23 12:00:00 35,328 -c--a-w C:\WINDOWS\system32\dllcache\notiflag.exe
    + 2001-08-23 12:00:00 41,984 -c--a-w C:\WINDOWS\system32\dllcache\notiflag.exe
    - 2001-08-23 12:00:00 31,744 -c--a-w C:\WINDOWS\system32\dllcache\ntsd.exe
    + 2001-08-23 12:00:00 38,400 -c--a-w C:\WINDOWS\system32\dllcache\ntsd.exe
    - 2001-08-23 12:00:00 126,464 -c--a-w C:\WINDOWS\system32\dllcache\nwscript.exe
    + 2001-08-23 12:00:00 133,120 -c--a-w C:\WINDOWS\system32\dllcache\nwscript.exe
    - 2001-08-23 12:00:00 40,448 -c--a-w C:\WINDOWS\system32\dllcache\osuninst.exe
    + 2001-08-23 12:00:00 47,104 -c--a-w C:\WINDOWS\system32\dllcache\osuninst.exe
    - 2001-08-23 12:00:00 21,504 -c--a-w C:\WINDOWS\system32\dllcache\pathping.exe
    + 2001-08-23 12:00:00 28,160 -c--a-w C:\WINDOWS\system32\dllcache\pathping.exe
    - 2001-08-23 12:00:00 15,360 -c--a-w C:\WINDOWS\system32\dllcache\pentnt.exe
    + 2001-08-23 12:00:00 22,016 -c--a-w C:\WINDOWS\system32\dllcache\pentnt.exe
    - 2001-08-23 12:00:00 33,280 -c--a-w C:\WINDOWS\system32\dllcache\ping6.exe
    + 2001-08-23 12:00:00 39,936 -c--a-w C:\WINDOWS\system32\dllcache\ping6.exe
    - 2001-08-23 12:00:00 9,216 -c--a-w C:\WINDOWS\system32\dllcache\print.exe
    + 2001-08-23 12:00:00 15,872 -c--a-w C:\WINDOWS\system32\dllcache\print.exe
    - 2001-08-23 12:00:00 16,896 -c--a-w C:\WINDOWS\system32\dllcache\qappsrv.exe
    + 2001-08-23 12:00:00 23,552 -c--a-w C:\WINDOWS\system32\dllcache\qappsrv.exe
    - 2001-08-23 12:00:00 9,728 -c--a-w C:\WINDOWS\system32\dllcache\query.exe
    + 2001-08-23 12:00:00 16,384 -c--a-w C:\WINDOWS\system32\dllcache\query.exe
    - 2001-08-23 12:00:00 16,384 -c--a-w C:\WINDOWS\system32\dllcache\quser.exe
    + 2001-08-23 12:00:00 23,040 -c--a-w C:\WINDOWS\system32\dllcache\quser.exe
    - 2001-08-23 12:00:00 22,016 -c--a-w C:\WINDOWS\system32\dllcache\qwinsta.exe
    + 2001-08-23 12:00:00 28,672 -c--a-w C:\WINDOWS\system32\dllcache\qwinsta.exe
    - 2001-08-23 12:00:00 11,776 -c--a-w C:\WINDOWS\system32\dllcache\rasautou.exe
    + 2001-08-23 12:00:00 18,432 -c--a-w C:\WINDOWS\system32\dllcache\rasautou.exe
    - 2001-08-23 12:00:00 11,264 -c--a-w C:\WINDOWS\system32\dllcache\rasdial.exe
    + 2001-08-23 12:00:00 17,920 -c--a-w C:\WINDOWS\system32\dllcache\rasdial.exe
    - 2001-08-23 12:00:00 7,168 -c--a-w C:\WINDOWS\system32\dllcache\recover.exe
    + 2001-08-23 12:00:00 13,824 -c--a-w C:\WINDOWS\system32\dllcache\recover.exe
    - 2001-08-23 12:00:00 3,584 -c--a-w C:\WINDOWS\system32\dllcache\regedt32.exe
    + 2001-08-23 12:00:00 10,240 -c--a-w C:\WINDOWS\system32\dllcache\regedt32.exe
    - 2001-08-23 12:00:00 33,792 -c--a-w C:\WINDOWS\system32\dllcache\regini.exe
    + 2001-08-23 12:00:00 40,448 -c--a-w C:\WINDOWS\system32\dllcache\regini.exe
    - 2001-08-23 12:00:00 14,848 -c--a-w C:\WINDOWS\system32\dllcache\register.exe
    + 2001-08-23 12:00:00 21,504 -c--a-w C:\WINDOWS\system32\dllcache\register.exe
    - 2001-08-23 12:00:00 4,608 -c--a-w C:\WINDOWS\system32\dllcache\regwiz.exe
    + 2001-08-23 12:00:00 11,264 -c--a-w C:\WINDOWS\system32\dllcache\regwiz.exe
    - 2001-08-23 12:00:00 32,768 -c--a-w C:\WINDOWS\system32\dllcache\relog.exe
    + 2001-08-23 12:00:00 39,424 -c--a-w C:\WINDOWS\system32\dllcache\relog.exe
    - 2001-08-23 12:00:00 12,800 -c--a-w C:\WINDOWS\system32\dllcache\replace.exe
    + 2001-08-23 12:00:00 19,456 -c--a-w C:\WINDOWS\system32\dllcache\replace.exe
    - 2001-08-23 12:00:00 9,728 -c--a-w C:\WINDOWS\system32\dllcache\reset.exe
    + 2001-08-23 12:00:00 16,384 -c--a-w C:\WINDOWS\system32\dllcache\reset.exe
    - 2001-08-23 12:00:00 19,968 -c--a-w C:\WINDOWS\system32\dllcache\route.exe
    + 2001-08-23 12:00:00 26,624 -c--a-w C:\WINDOWS\system32\dllcache\route.exe
    - 2001-08-23 12:00:00 25,600 -c--a-w C:\WINDOWS\system32\dllcache\routemon.exe
    + 2001-08-23 12:00:00 32,256 -c--a-w C:\WINDOWS\system32\dllcache\routemon.exe
    - 2001-08-23 12:00:00 49,152 -c--a-w C:\WINDOWS\system32\dllcache\rsm.exe
    + 2001-08-23 12:00:00 55,808 -c--a-w C:\WINDOWS\system32\dllcache\rsm.exe
    - 2001-08-23 12:00:00 24,576 -c--a-w C:\WINDOWS\system32\dllcache\rsmsink.exe
    + 2001-08-23 12:00:00 31,232 -c--a-w C:\WINDOWS\system32\dllcache\rsmsink.exe
    - 2001-08-23 12:00:00 49,152 -c--a-w C:\WINDOWS\system32\dllcache\rsmui.exe
    + 2001-08-23 12:00:00 55,808 -c--a-w C:\WINDOWS\system32\dllcache\rsmui.exe
    - 2001-08-23 12:00:00 62,976 -c--a-w C:\WINDOWS\system32\dllcache\rsopprov.exe
    + 2001-08-23 12:00:00 69,632 -c--a-w C:\WINDOWS\system32\dllcache\rsopprov.exe
    - 2001-08-23 12:00:00 132,608 -c--a-w C:\WINDOWS\system32\dllcache\rsvp.exe
    + 2001-08-23 12:00:00 139,264 -c--a-w C:\WINDOWS\system32\dllcache\rsvp.exe
    - 2001-08-23 12:00:00 16,384 -c--a-w C:\WINDOWS\system32\dllcache\runas.exe
    + 2001-08-23 12:00:00 23,040 -c--a-w C:\WINDOWS\system32\dllcache\runas.exe
    - 2001-08-23 12:00:00 15,872 -c--a-w C:\WINDOWS\system32\dllcache\rwinsta.exe
    + 2001-08-23 12:00:00 22,528 -c--a-w C:\WINDOWS\system32\dllcache\rwinsta.exe
    - 2001-08-23 12:00:00 36,864 -c--a-w C:\WINDOWS\system32\dllcache\sapisvr.exe
    + 2001-08-23 12:00:00 45,056 -c--a-w C:\WINDOWS\system32\dllcache\sapisvr.exe
    - 2001-08-23 12:00:00 31,232 -c--a-w C:\WINDOWS\system32\dllcache\sc.exe
    + 2001-08-23 12:00:00 37,888 -c--a-w C:\WINDOWS\system32\dllcache\sc.exe
    - 2005-01-28 13:22:12 827,392 -c--a-w C:\WINDOWS\system32\dllcache\setup_wm.exe
    + 2005-01-28 13:22:12 835,584 -c--a-w C:\WINDOWS\system32\dllcache\setup_wm.exe
    - 2001-08-23 12:00:00 9,728 -c--a-w C:\WINDOWS\system32\dllcache\sfc.exe
    + 2001-08-23 12:00:00 16,384 -c--a-w C:\WINDOWS\system32\dllcache\sfc.exe
    - 2001-08-23 12:00:00 14,848 -c--a-w C:\WINDOWS\system32\dllcache\shadow.exe
    + 2001-08-23 12:00:00 21,504 -c--a-w C:\WINDOWS\system32\dllcache\shadow.exe
    - 2001-08-23 12:00:00 42,573 -c--a-w C:\WINDOWS\system32\dllcache\shvlzm.exe
    + 2001-08-23 12:00:00 49,229 -c--a-w C:\WINDOWS\system32\dllcache\shvlzm.exe
    - 2001-08-23 12:00:00 138,752 -c--a-w C:\WINDOWS\system32\dllcache\sndvol32.exe
    + 2001-08-23 12:00:00 145,408 -c--a-w C:\WINDOWS\system32\dllcache\sndvol32.exe
    - 2001-08-23 12:00:00 56,832 -c--a-w C:\WINDOWS\system32\dllcache\sol.exe
    + 2001-08-23 12:00:00 63,488 -c--a-w C:\WINDOWS\system32\dllcache\sol.exe
    - 2001-08-23 12:00:00 23,552 -c--a-w C:\WINDOWS\system32\dllcache\sort.exe
    + 2001-08-23 12:00:00 30,208 -c--a-w C:\WINDOWS\system32\dllcache\sort.exe
    - 2001-08-23 12:00:00 47,104 -c--a-w C:\WINDOWS\system32\dllcache\srdiag.exe
    + 2001-08-23 12:00:00 53,760 -c--a-w C:\WINDOWS\system32\dllcache\srdiag.exe
    - 2001-08-23 12:00:00 9,216 -c--a-w C:\WINDOWS\system32\dllcache\subst.exe
    + 2001-08-23 12:00:00 15,872 -c--a-w C:\WINDOWS\system32\dllcache\subst.exe
    - 2001-08-23 12:00:00 51,200 -c--a-w C:\WINDOWS\system32\dllcache\syncapp.exe
    + 2001-08-23 12:00:00 57,856 -c--a-w C:\WINDOWS\system32\dllcache\syncapp.exe
    - 2001-08-23 12:00:00 68,096 -c--a-w C:\WINDOWS\system32\dllcache\sysinfo.exe
    + 2001-08-23 12:00:00 74,752 -c--a-w C:\WINDOWS\system32\dllcache\sysinfo.exe
    - 2001-08-23 12:00:00 36,864 -c--a-w C:\WINDOWS\system32\dllcache\syskey.exe
    + 2001-08-23 12:00:00 43,520 -c--a-w C:\WINDOWS\system32\dllcache\syskey.exe
    - 2001-08-23 12:00:00 3,072 -c--a-w C:\WINDOWS\system32\dllcache\systray.exe
    + 2001-08-23 12:00:00 9,728 -c--a-w C:\WINDOWS\system32\dllcache\systray.exe
    - 2001-08-23 12:00:00 72,192 -c--a-w C:\WINDOWS\system32\dllcache\taskkill.exe
    + 2001-08-23 12:00:00 78,848 -c--a-w C:\WINDOWS\system32\dllcache\taskkill.exe
    - 2001-08-23 12:00:00 72,192 -c--a-w C:\WINDOWS\system32\dllcache\tasklist.exe
    + 2001-08-23 12:00:00 78,848 -c--a-w C:\WINDOWS\system32\dllcache\tasklist.exe
    - 2001-08-23 12:00:00 15,360 -c--a-w C:\WINDOWS\system32\dllcache\taskman.exe
    + 2001-08-23 12:00:00 22,016 -c--a-w C:\WINDOWS\system32\dllcache\taskman.exe
    - 2001-08-23 12:00:00 12,288 -c--a-w C:\WINDOWS\system32\dllcache\tcmsetup.exe
    + 2001-08-23 12:00:00 18,944 -c--a-w C:\WINDOWS\system32\dllcache\tcmsetup.exe
    - 2001-08-23 12:00:00 19,456 -c--a-w C:\WINDOWS\system32\dllcache\tcpsvcs.exe
    + 2001-08-23 12:00:00 26,112 -c--a-w C:\WINDOWS\system32\dllcache\tcpsvcs.exe
    - 2001-08-23 12:00:00 16,896 -c--a-w C:\WINDOWS\system32\dllcache\tftp.exe
    + 2001-08-23 12:00:00 23,552 -c--a-w C:\WINDOWS\system32\dllcache\tftp.exe
    - 2001-08-23 12:00:00 31,744 -c--a-w C:\WINDOWS\system32\dllcache\tracert6.exe
    + 2001-08-23 12:00:00 38,400 -c--a-w C:\WINDOWS\system32\dllcache\tracert6.exe
    - 2001-08-23 12:00:00 14,848 -c--a-w C:\WINDOWS\system32\dllcache\tscon.exe
    + 2001-08-23 12:00:00 21,504 -c--a-w C:\WINDOWS\system32\dllcache\tscon.exe
    - 2001-08-23 12:00:00 14,848 -c--a-w C:\WINDOWS\system32\dllcache\tsdiscon.exe
    + 2001-08-23 12:00:00 21,504 -c--a-w C:\WINDOWS\system32\dllcache\tsdiscon.exe
    - 2001-08-23 12:00:00 16,384 -c--a-w C:\WINDOWS\system32\dllcache\tskill.exe
    + 2001-08-23 12:00:00 23,040 -c--a-w C:\WINDOWS\system32\dllcache\tskill.exe
    - 2001-08-23 12:00:00 14,336 -c--a-w C:\WINDOWS\system32\dllcache\tsprof.exe
    + 2001-08-23 12:00:00 20,992 -c--a-w C:\WINDOWS\system32\dllcache\tsprof.exe
    - 2001-08-23 12:00:00 16,896 -c--a-w C:\WINDOWS\system32\dllcache\tsshutdn.exe
    + 2001-08-23 12:00:00 23,552 -c--a-w C:\WINDOWS\system32\dllcache\tsshutdn.exe
    - 2001-08-23 12:00:00 25,600 -c--a-w C:\WINDOWS\system32\dllcache\twunk_32.exe
    + 2001-08-23 12:00:00 32,256 -c--a-w C:\WINDOWS\system32\dllcache\twunk_32.exe
    - 2001-08-23 12:00:00 36,352 -c--a-w C:\WINDOWS\system32\dllcache\typeperf.exe
    + 2001-08-23 12:00:00 43,008 -c--a-w C:\WINDOWS\system32\dllcache\typeperf.exe
    - 2001-08-23 12:00:00 4,096 -c--a-w C:\WINDOWS\system32\dllcache\unlodctr.exe
    + 2001-08-23 12:00:00 10,752 -c--a-w C:\WINDOWS\system32\dllcache\unlodctr.exe
    - 2005-01-28 13:22:12 192,512 -c--a-w C:\WINDOWS\system32\dllcache\unregmp2.exe
    + 2005-01-28 13:22:12 200,704 -c--a-w C:\WINDOWS\system32\dllcache\unregmp2.exe
    - 2001-08-23 12:00:00 16,896 -c--a-w C:\WINDOWS\system32\dllcache\unsecapp.exe
    + 2001-08-23 12:00:00 23,552 -c--a-w C:\WINDOWS\system32\dllcache\unsecapp.exe
    - 2001-08-23 12:00:00 98,304 -c--a-w C:\WINDOWS\system32\dllcache\verifier.exe
    + 2001-08-23 12:00:00 104,960 -c--a-w C:\WINDOWS\system32\dllcache\verifier.exe
    - 2001-08-23 12:00:00 33,792 -c--a-w C:\WINDOWS\system32\dllcache\vssadmin.exe
    + 2001-08-23 12:00:00 40,448 -c--a-w C:\WINDOWS\system32\dllcache\vssadmin.exe
    - 2001-08-23 12:00:00 49,664 -c--a-w C:\WINDOWS\system32\dllcache\w32tm.exe
    + 2001-08-23 12:00:00 56,320 -c--a-w C:\WINDOWS\system32\dllcache\w32tm.exe
    - 2001-08-23 12:00:00 12,288 -c--a-w C:\WINDOWS\system32\dllcache\wb32.exe
    + 2001-08-23 12:00:00 20,480 -c--a-w C:\WINDOWS\system32\dllcache\wb32.exe
    - 2001-08-23 12:00:00 8,192 -c--a-w C:\WINDOWS\system32\dllcache\winhstb.exe
    + 2001-08-23 12:00:00 14,848 -c--a-w C:\WINDOWS\system32\dllcache\winhstb.exe
    - 2001-08-23 12:00:00 13,312 -c--a-w C:\WINDOWS\system32\dllcache\winmgmt.exe
    + 2001-08-23 12:00:00 19,968 -c--a-w C:\WINDOWS\system32\dllcache\winmgmt.exe
    - 2001-08-23 12:00:00 119,808 -c--a-w C:\WINDOWS\system32\dllcache\winmine.exe
    + 2001-08-23 12:00:00 126,464 -c--a-w C:\WINDOWS\system32\dllcache\winmine.exe
    - 2001-08-23 12:00:00 11,776 -c--a-w C:\WINDOWS\system32\dllcache\winmsd.exe
    + 2001-08-23 12:00:00 18,432 -c--a-w C:\WINDOWS\system32\dllcache\winmsd.exe
    - 2005-01-28 13:22:12 73,728 -c--a-w C:\WINDOWS\system32\dllcache\wmplayer.exe
    + 2005-01-28 13:22:12 81,920 -c--a-w C:\WINDOWS\system32\dllcache\wmplayer.exe
    - 2002-08-29 03:41:28 77,824 -c--a-w C:\WINDOWS\system32\dllcache\wmpstub.exe
    + 2002-08-29 03:41:28 86,016 -c--a-w C:\WINDOWS\system32\dllcache\wmpstub.exe
    - 2001-08-23 12:00:00 5,632 -c--a-w C:\WINDOWS\system32\dllcache\write.exe
    + 2001-08-23 12:00:00 12,288 -c--a-w C:\WINDOWS\system32\dllcache\write.exe
    - 2001-08-23 12:00:00 32,256 -c--a-w C:\WINDOWS\system32\dllcache\wupdmgr.exe
    + 2001-08-23 12:00:00 38,912 -c--a-w C:\WINDOWS\system32\dllcache\wupdmgr.exe
    - 2001-08-23 12:00:00 36,937 -c--a-w C:\WINDOWS\system32\dllcache\zclientm.exe
    + 2001-08-23 12:00:00 43,593 -c--a-w C:\WINDOWS\system32\dllcache\zclientm.exe
    - 2004-08-03 23:56:56 53,760 ----a-w C:\WINDOWS\system32\narrator.exe
    + 2004-08-03 23:56:56 60,416 ----a-w C:\WINDOWS\system32\narrator.exe
    - 2001-08-23 12:00:00 20,480 ----a-w C:\WINDOWS\system32\nbtstat.exe
    + 2001-08-23 12:00:00 27,136 ----a-w C:\WINDOWS\system32\nbtstat.exe
    - 2004-08-03 23:56:56 4,096 ----a-w C:\WINDOWS\system32\nddeapir.exe
    + 2004-08-03 23:56:56 10,752 ----a-w C:\WINDOWS\system32\nddeapir.exe
    - 2004-08-04 00:02:46 329,728 ----a-w C:\WINDOWS\system32\netsetup.exe
    + 2004-08-04 00:02:46 338,432 ----a-w C:\WINDOWS\system32\netsetup.exe
    - 2004-08-03 23:56:56 86,016 ----a-w C:\WINDOWS\system32\netsh.exe
    + 2004-08-03 23:56:56 92,672 ----a-w C:\WINDOWS\system32\netsh.exe
    - 2004-08-03 23:56:56 36,864 ----a-w C:\WINDOWS\system32\netstat.exe
    + 2004-08-03 23:56:56 43,520 ----a-w C:\WINDOWS\system32\netstat.exe
    - 2004-08-03 23:56:56 15,360 ----a-w C:\WINDOWS\system32\npp\nppagent.exe
    + 2004-08-03 23:56:56 22,016 ----a-w C:\WINDOWS\system32\npp\nppagent.exe
    - 2004-08-03 23:56:56 76,800 ----a-w C:\WINDOWS\system32\nslookup.exe
    + 2004-08-03 23:56:56 83,456 ----a-w C:\WINDOWS\system32\nslookup.exe
    - 2001-08-23 12:00:00 126,464 ----a-w C:\WINDOWS\system32\nwscript.exe
    + 2001-08-23 12:00:00 133,120 ----a-w C:\WINDOWS\system32\nwscript.exe
    - 2004-08-03 23:56:56 32,768 ----a-w C:\WINDOWS\system32\odbcad32.exe
    + 2004-08-03 23:56:56 40,960 ----a-w C:\WINDOWS\system32\odbcad32.exe
    - 2004-08-03 23:56:56 69,632 ----a-w C:\WINDOWS\system32\odbcconf.exe
    + 2004-08-03 23:56:56 77,824 ----a-w C:\WINDOWS\system32\odbcconf.exe
    - 2001-08-23 12:00:00 28,160 ----a-w C:\WINDOWS\system32\oobe\msoobe.exe
    + 2001-08-23 12:00:00 34,816 ----a-w C:\WINDOWS\system32\oobe\msoobe.exe
    - 2004-08-03 23:56:56 51,200 ----a-w C:\WINDOWS\system32\oobe\oobebaln.exe
    + 2004-08-03 23:56:56 57,856 ----a-w C:\WINDOWS\system32\oobe\oobebaln.exe
    - 2004-08-03 23:56:56 67,584 ----a-w C:\WINDOWS\system32\openfiles.exe
    + 2004-08-03 23:56:56 74,240 ----a-w C:\WINDOWS\system32\openfiles.exe
    - 2004-08-03 23:56:56 215,552 ----a-w C:\WINDOWS\system32\osk.exe
    + 2004-08-03 23:56:56 222,208 ----a-w C:\WINDOWS\system32\osk.exe
    - 2001-08-23 12:00:00 40,448 ----a-w C:\WINDOWS\system32\osuninst.exe
    + 2001-08-23 12:00:00 47,104 ----a-w C:\WINDOWS\system32\osuninst.exe
    - 2004-08-03 23:56:56 58,368 ----a-w C:\WINDOWS\system32\packager.exe
    + 2004-08-03 23:56:56 65,024 ----a-w C:\WINDOWS\system32\packager.exe
    - 2001-08-23 12:00:00 21,504 ----a-w C:\WINDOWS\system32\pathping.exe
    + 2001-08-23 12:00:00 28,160 ----a-w C:\WINDOWS\system32\pathping.exe
    - 2001-08-23 12:00:00 15,360 ----a-w C:\WINDOWS\system32\pentnt.exe
    + 2001-08-23 12:00:00 22,016 ----a-w C:\WINDOWS\system32\pentnt.exe
    - 2004-08-03 23:56:56 15,872 ----a-w C:\WINDOWS\system32\perfmon.exe
    + 2004-08-03 23:56:56 22,528 ----a-w C:\WINDOWS\system32\perfmon.exe
    - 2001-08-23 12:00:00 33,280 ----a-w C:\WINDOWS\system32\ping6.exe
    + 2001-08-23 12:00:00 39,936 ----a-w C:\WINDOWS\system32\ping6.exe
    - 2004-08-03 23:56:56 49,152 ------w C:\WINDOWS\system32\powercfg.exe
    + 2004-08-03 23:56:56 55,808 ------w C:\WINDOWS\system32\powercfg.exe
    - 2001-08-23 12:00:00 9,216 ----a-w C:\WINDOWS\system32\print.exe
    + 2001-08-23 12:00:00 15,872 ----a-w C:\WINDOWS\system32\print.exe
    - 2004-08-03 23:56:56 109,568 ----a-w C:\WINDOWS\system32\progman.exe
    + 2004-08-03 23:56:56 116,224 ----a-w C:\WINDOWS\system32\progman.exe
    - 2004-08-03 23:56:56 50,176 ----a-w C:\WINDOWS\system32\proquota.exe
    + 2004-08-03 23:56:56 56,832 ----a-w C:\WINDOWS\system32\proquota.exe
    - 2004-08-03 23:56:56 9,216 ----a-w C:\WINDOWS\system32\proxycfg.exe
    + 2004-08-03 23:56:56 15,872 ----a-w C:\WINDOWS\system32\proxycfg.exe
    - 2001-12-11 17:09:00 122,880 ----a-w C:\WINDOWS\system32\ptuninst.exe
    + 2001-12-11 17:09:00 131,072 ----a-w C:\WINDOWS\system32\ptuninst.exe
    - 2001-08-23 12:00:00 16,896 ----a-w C:\WINDOWS\system32\qappsrv.exe
    + 2001-08-23 12:00:00 23,552 ----a-w C:\WINDOWS\system32\qappsrv.exe
    - 2004-08-03 23:56:56 20,480 ----a-w C:\WINDOWS\system32\qprocess.exe
    + 2004-08-03 23:56:56 27,136 ----a-w C:\WINDOWS\system32\qprocess.exe
    - 2001-05-04 16:17:12 49,664 ----a-w C:\WINDOWS\system32\QuickTime\QuickTimeUpdateHelper.exe
    + 2001-05-04 16:17:12 57,856 ----a-w C:\WINDOWS\system32\QuickTime\QuickTimeUpdateHelper.exe
    - 2001-08-23 12:00:00 22,016 ----a-w C:\WINDOWS\system32\qwinsta.exe
    + 2001-08-23 12:00:00 28,672 ----a-w C:\WINDOWS\system32\qwinsta.exe
    - 2001-08-23 12:00:00 11,264 ----a-w C:\WINDOWS\system32\rasdial.exe
    + 2001-08-23 12:00:00 17,920 ----a-w C:\WINDOWS\system32\rasdial.exe
    - 2004-08-03 23:56:56 56,832 ----a-w C:\WINDOWS\system32\rasphone.exe
    + 2004-08-03 23:56:56 63,488 ----a-w C:\WINDOWS\system32\rasphone.exe
    - 2004-08-03 23:56:56 35,840 ----a-w C:\WINDOWS\system32\rcimlby.exe
    + 2004-08-03 23:56:56 42,496 ----a-w C:\WINDOWS\system32\rcimlby.exe
    - 2004-08-03 23:56:56 21,504 ----a-w C:\WINDOWS\system32\rcp.exe
    + 2004-08-03 23:56:56 28,160 ----a-w C:\WINDOWS\system32\rcp.exe
    - 2004-08-03 23:56:56 13,824 ----a-w C:\WINDOWS\system32\rdsaddin.exe
    + 2004-08-03 23:56:56 20,480 ----a-w C:\WINDOWS\system32\rdsaddin.exe
    - 2004-08-03 23:56:56 67,072 ----a-w C:\WINDOWS\system32\rdshost.exe
    + 2004-08-03 23:56:56 73,728 ----a-w C:\WINDOWS\system32\rdshost.exe
    - 2001-08-23 12:00:00 7,168 ----a-w C:\WINDOWS\system32\recover.exe
    + 2001-08-23 12:00:00 13,824 ----a-w C:\WINDOWS\system32\recover.exe
    - 2001-08-23 12:00:00 3,584 ----a-w C:\WINDOWS\system32\regedt32.exe
    + 2001-08-23 12:00:00 10,240 ----a-w C:\WINDOWS\system32\regedt32.exe
    - 2001-08-23 12:00:00 33,792 ----a-w C:\WINDOWS\system32\regini.exe
    + 2001-08-23 12:00:00 40,448 ----a-w C:\WINDOWS\system32\regini.exe
    - 2001-08-23 12:00:00 4,608 ----a-w C:\WINDOWS\system32\regwiz.exe
    + 2001-08-23 12:00:00 11,264 ----a-w C:\WINDOWS\system32\regwiz.exe
    - 2001-08-23 12:00:00 32,768 ----a-w C:\WINDOWS\system32\relog.exe
    + 2001-08-23 12:00:00 39,424 ----a-w C:\WINDOWS\system32\relog.exe
    - 2001-08-23 12:00:00 12,800 ----a-w C:\WINDOWS\system32\replace.exe
    + 2001-08-23 12:00:00 19,456 ----a-w C:\WINDOWS\system32\replace.exe
    - 2001-08-23 12:00:00 9,728 ----a-w C:\WINDOWS\system32\reset.exe
    + 2001-08-23 12:00:00 16,384 ----a-w C:\WINDOWS\system32\reset.exe
    - 2001-08-23 12:00:00 47,104 ----a-w C:\WINDOWS\system32\Restore\srdiag.exe
    + 2001-08-23 12:00:00 53,760 ----a-w C:\WINDOWS\system32\Restore\srdiag.exe
    - 2004-08-03 23:56:56 13,824 ----a-w C:\WINDOWS\system32\rexec.exe
    + 2004-08-03 23:56:56 20,480 ----a-w C:\WINDOWS\system32\rexec.exe
    - 2001-08-23 12:00:00 19,968 ----a-w C:\WINDOWS\system32\route.exe
    + 2001-08-23 12:00:00 26,624 ----a-w C:\WINDOWS\system32\route.exe
    - 2001-08-23 12:00:00 25,600 ----a-w C:\WINDOWS\system32\routemon.exe
    + 2001-08-23 12:00:00 32,256 ----a-w C:\WINDOWS\system32\routemon.exe
    - 2004-08-03 23:56:56 14,848 ----a-w C:\WINDOWS\system32\rsh.exe
    + 2004-08-03 23:56:56 21,504 ----a-w C:\WINDOWS\system32\rsh.exe
    - 2001-08-23 12:00:00 49,152 ----a-w C:\WINDOWS\system32\rsm.exe
    + 2001-08-23 12:00:00 55,808 ----a-w C:\WINDOWS\system32\rsm.exe
    - 2001-08-23 12:00:00 24,576 ----a-w C:\WINDOWS\system32\rsmsink.exe
    + 2001-08-23 12:00:00 31,232 ----a-w C:\WINDOWS\system32\rsmsink.exe
    - 2001-08-23 12:00:00 49,152 ----a-w C:\WINDOWS\system32\rsmui.exe
    + 2001-08-23 12:00:00 55,808 ----a-w C:\WINDOWS\system32\rsmui.exe
    - 2004-08-03 23:56:56 107,520 ----a-w C:\WINDOWS\system32\rsnotify.exe
    + 2004-08-03 23:56:56 114,176 ----a-w C:\WINDOWS\system32\rsnotify.exe
    - 2001-08-23 12:00:00 62,976 ----a-w C:\WINDOWS\system32\rsopprov.exe
    + 2001-08-23 12:00:00 69,632 ----a-w C:\WINDOWS\system32\rsopprov.exe
    - 2004-08-03 23:56:56 77,312 ----a-w C:\WINDOWS\system32\rtcshare.exe
    + 2004-08-03 23:56:56 83,968 ----a-w C:\WINDOWS\system32\rtcshare.exe
    - 2001-08-23 12:00:00 16,384 ----a-w C:\WINDOWS\system32\runas.exe
    + 2001-08-23 12:00:00 23,040 ----a-w C:\WINDOWS\system32\runas.exe
    - 2001-08-23 12:00:00 15,872 ----a-w C:\WINDOWS\system32\rwinsta.exe
    + 2001-08-23 12:00:00 22,528 ----a-w C:\WINDOWS\system32\rwinsta.exe
    - 2004-08-03 23:56:56 13,312 ----a-w C:\WINDOWS\system32\savedump.exe
    + 2004-08-03 23:56:56 19,968 ----a-w C:\WINDOWS\system32\savedump.exe
    - 2001-08-23 12:00:00 31,232 ----a-w C:\WINDOWS\system32\sc.exe
    + 2001-08-23 12:00:00 37,888 ----a-w C:\WINDOWS\system32\sc.exe
    - 2004-08-03 23:56:56 121,856 ----a-w C:\WINDOWS\system32\schtasks.exe
    + 2004-08-03 23:56:56 128,512 ----a-w C:\WINDOWS\system32\schtasks.exe
    - 2004-08-03 23:56:58 9,216 ----a-w C:\WINDOWS\system32\scrnsave.scr
    + 2004-08-03 23:56:58 15,872 ----a-w C:\WINDOWS\system32\scrnsave.scr
    - 2004-08-03 23:56:56 77,312 ----a-w C:\WINDOWS\system32\sdbinst.exe
    + 2004-08-03 23:56:56 83,968 ----a-w C:\WINDOWS\system32\sdbinst.exe
    - 2004-08-03 23:56:56 18,432 ----a-w C:\WINDOWS\system32\secedit.exe
    + 2004-08-03 23:56:56 25,088 ----a-w C:\WINDOWS\system32\secedit.exe
    - 2004-08-03 23:56:58 31,232 ----a-w C:\WINDOWS\system32\sethc.exe
    + 2004-08-03 23:56:58 37,888 ----a-w C:\WINDOWS\system32\sethc.exe
    - 2004-08-03 23:56:58 23,040 ----a-w C:\WINDOWS\system32\setup.exe
    + 2004-08-03 23:56:58 29,696 ----a-w C:\WINDOWS\system32\setup.exe
    - 2001-08-23 12:00:00 9,728 ----a-w C:\WINDOWS\system32\sfc.exe
    + 2001-08-23 12:00:00 16,384 ----a-w C:\WINDOWS\system32\sfc.exe
    - 2001-08-23 12:00:00 14,848 ----a-w C:\WINDOWS\system32\shadow.exe
    + 2001-08-23 12:00:00 21,504 ----a-w C:\WINDOWS\system32\shadow.exe
    - 2004-08-03 23:56:58 42,496 ----a-w C:\WINDOWS\system32\shmgrate.exe
    + 2004-08-03 23:56:58 49,152 ----a-w C:\WINDOWS\system32\shmgrate.exe
    - 2004-08-03 23:56:58 77,824 ----a-w C:\WINDOWS\system32\shrpubw.exe
    + 2004-08-03 23:56:58 84,480 ----a-w C:\WINDOWS\system32\shrpubw.exe
    - 2004-08-03 23:56:58 70,144 ----a-w C:\WINDOWS\system32\sigverif.exe
    + 2004-08-03 23:56:58 76,800 ----a-w C:\WINDOWS\system32\sigverif.exe
    - 2004-08-03 23:56:58 26,112 ----a-w C:\WINDOWS\system32\skeys.exe
    + 2004-08-03 23:56:58 32,768 ----a-w C:\WINDOWS\system32\skeys.exe
    - 2004-08-03 23:56:58 32,866 ------w C:\WINDOWS\system32\slrundll.exe
    + 2004-08-03 23:56:58 41,058 ------w C:\WINDOWS\system32\slrundll.exe
    - 2004-08-03 23:56:58 73,796 ------w C:\WINDOWS\system32\slserv.exe
    + 2004-08-03 23:56:58 81,988 ------w C:\WINDOWS\system32\slserv.exe
    - 2004-08-03 23:56:58 8,192 ------w C:\WINDOWS\system32\smbinst.exe
    + 2004-08-03 23:56:58 14,848 ------w C:\WINDOWS\system32\smbinst.exe
    - 2004-08-03 23:56:58 8,192 ----a-w C:\WINDOWS\system32\spdwnwxp.exe
    + 2004-08-03 23:56:58 14,848 ----a-w C:\WINDOWS\system32\spdwnwxp.exe
    - 2004-08-03 21:59:36 12,800 ----a-w C:\WINDOWS\system32\spiisupd.exe
    + 2004-08-03 21:59:36 19,456 ----a-w C:\WINDOWS\system32\spiisupd.exe
    - 2004-08-03 23:56:58 11,776 ------w C:\WINDOWS\system32\spnpinst.exe
    + 2004-08-03 23:56:58 18,432 ------w C:\WINDOWS\system32\spnpinst.exe
    - 2004-12-14 17:06:26 299,008 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\hpzcfg12.exe
    + 2004-12-14 17:06:26 307,200 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\hpzcfg12.exe
    - 2001-10-31 11:29:02 368,640 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\hpzeng04.exe
    + 2001-10-31 11:29:02 376,832 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\hpzeng04.exe
    - 2004-12-14 17:06:26 659,456 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\hpzeng12.exe
    + 2004-12-14 17:06:26 667,648 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\hpzeng12.exe
    - 2004-12-14 17:06:26 331,776 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\hpzpre12.exe
    + 2004-12-14 17:06:26 339,968 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\hpzpre12.exe
    - 2004-12-14 17:06:26 401,408 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\hpzstc12.exe
    + 2004-12-14 17:06:26 409,600 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\hpzstc12.exe
    - 2004-12-14 17:06:26 180,224 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\hpzstw12.exe
    + 2004-12-14 17:06:26 188,416 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\hpzstw12.exe
    - 2004-12-14 17:06:26 176,128 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztbu12.exe
    + 2004-12-14 17:06:26 184,320 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztbu12.exe
    - 2001-10-31 11:29:22 405,504 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztbx04.exe
    + 2001-10-31 11:29:22 413,696 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztbx04.exe
    - 2004-12-14 17:06:26 7,348,224 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztbx12.exe
    + 2004-12-14 17:06:26 7,356,416 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztbx12.exe
    - 2004-12-14 17:06:26 299,008 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\hpofficejet_6200_ser24ba\hpzcfg12.exe
    + 2004-12-14 17:06:26 307,200 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\hpofficejet_6200_ser24ba\hpzcfg12.exe
    - 2004-12-14 17:06:26 659,456 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\hpofficejet_6200_ser24ba\hpzeng12.exe
    + 2004-12-14 17:06:26 667,648 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\hpofficejet_6200_ser24ba\hpzeng12.exe
    - 2004-12-14 17:06:26 331,776 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\hpofficejet_6200_ser24ba\hpzpre12.exe
    + 2004-12-14 17:06:26 339,968 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\hpofficejet_6200_ser24ba\hpzpre12.exe
    - 2004-12-14 17:06:26 401,408 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\hpofficejet_6200_ser24ba\hpzstc12.exe
    + 2004-12-14 17:06:26 409,600 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\hpofficejet_6200_ser24ba\hpzstc12.exe
    - 2004-12-14 17:06:26 180,224 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\hpofficejet_6200_ser24ba\hpzstw12.exe
    + 2004-12-14 17:06:26 188,416 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\hpofficejet_6200_ser24ba\hpzstw12.exe
    - 2004-12-14 17:06:26 176,128 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\hpofficejet_6200_ser24ba\hpztbu12.exe
    + 2004-12-14 17:06:26 184,320 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\hpofficejet_6200_ser24ba\hpztbu12.exe
    - 2004-12-14 17:06:26 7,348,224 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\hpofficejet_6200_ser24ba\hpztbx12.exe
    + 2004-12-14 17:06:26 7,356,416 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\hpofficejet_6200_ser24ba\hpztbx12.exe
    - 2001-10-31 11:29:02 368,640 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\vid_03f0_pid_2311_rev_0100\hpzeng04.exe
    + 2001-10-31 11:29:02 376,832 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\vid_03f0_pid_2311_rev_0100\hpzeng04.exe
    - 2001-10-31 11:29:22 405,504 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\vid_03f0_pid_2311_rev_0100\hpztbx04.exe
    + 2001-10-31 11:29:22 413,696 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\vid_03f0_pid_2311_rev_0100\hpztbx04.exe
    - 2004-08-03 21:42:44 15,872 ----a-w C:\WINDOWS\system32\spupdsvc.exe
    + 2004-08-03 21:42:44 22,528 ----a-w C:\WINDOWS\system32\spupdsvc.exe
    - 2004-08-03 23:56:58 21,504 ------w C:\WINDOWS\system32\spupdwxp.exe
    + 2004-08-03 23:56:58 28,160 ------w C:\WINDOWS\system32\spupdwxp.exe
    - 2004-08-03 23:56:58 704,512 ----a-w C:\WINDOWS\system32\ss3dfo.scr
    + 2004-08-03 23:56:58 712,704 ----a-w C:\WINDOWS\system32\ss3dfo.scr
    - 2004-08-03 23:56:58 19,968 ----a-w C:\WINDOWS\system32\ssbezier.scr
    + 2004-08-03 23:56:58 26,624 ----a-w C:\WINDOWS\system32\ssbezier.scr
    - 2004-08-03 23:56:58 393,216 ----a-w C:\WINDOWS\system32\ssflwbox.scr
    + 2004-08-03 23:56:58 401,408 ----a-w C:\WINDOWS\system32\ssflwbox.scr
    - 2004-08-03 23:56:58 20,992 ----a-w C:\WINDOWS\system32\ssmarque.scr
    + 2004-08-03 23:56:58 27,648 ----a-w C:\WINDOWS\system32\ssmarque.scr
    - 2004-08-03 23:56:58 47,104 ----a-w C:\WINDOWS\system32\ssmypics.scr
    + 2004-08-03 23:56:58 53,760 ----a-w C:\WINDOWS\system32\ssmypics.scr
    - 2004-08-03 23:56:58 18,944 ----a-w C:\WINDOWS\system32\ssmyst.scr
    + 2004-08-03 23:56:58 25,600 ----a-w C:\WINDOWS\system32\ssmyst.scr
    - 2004-08-03 23:56:58 610,304 ----a-w C:\WINDOWS\system32\sspipes.scr
    + 2004-08-03 23:56:58 618,496 ----a-w C:\WINDOWS\system32\sspipes.scr
    - 2004-08-03 23:56:58 14,336 ----a-w C:\WINDOWS\system32\ssstars.scr
    + 2004-08-03 23:56:58 20,992 ----a-w C:\WINDOWS\system32\ssstars.scr
    - 2004-08-03 23:56:58 679,936 ----a-w C:\WINDOWS\system32\sstext3d.scr
    + 2004-08-03 23:56:58 688,128 ----a-w C:\WINDOWS\system32\sstext3d.scr
    - 2004-08-03 23:56:58 14,848 ----a-w C:\WINDOWS\system32\stimon.exe
    + 2004-08-03 23:56:58 21,504 ----a-w C:\WINDOWS\system32\stimon.exe
    - 2001-08-23 12:00:00 9,216 ----a-w C:\WINDOWS\system32\subst.exe
    + 2001-08-23 12:00:00 15,872 ----a-w C:\WINDOWS\system32\subst.exe
    - 2001-08-23 12:00:00 51,200 ----a-w C:\WINDOWS\system32\syncapp.exe
    + 2001-08-23 12:00:00 57,856 ----a-w C:\WINDOWS\system32\syncapp.exe
    - 2001-08-23 12:00:00 36,864 ----a-w C:\WINDOWS\system32\syskey.exe
    + 2001-08-23 12:00:00 43,520 ----a-w C:\WINDOWS\system32\syskey.exe
    - 2004-08-03 23:56:58 105,984 ----a-w C:\WINDOWS\system32\sysocmgr.exe
    + 2004-08-03 23:56:58 112,640 ----a-w C:\WINDOWS\system32\sysocmgr.exe
    - 2001-08-23 12:00:00 68,096 ----a-w C:\WINDOWS\system32\systeminfo.exe
    + 2001-08-23 12:00:00 74,752 ----a-w C:\WINDOWS\system32\systeminfo.exe
    - 2001-08-23 12:00:00 3,072 ----a-w C:\WINDOWS\system32\systray.exe
    + 2001-08-23 12:00:00 9,728 ----a-w C:\WINDOWS\system32\systray.exe
    - 2001-08-23 12:00:00 72,192 ----a-w C:\WINDOWS\system32\taskkill.exe
    + 2001-08-23 12:00:00 78,848 ----a-w C:\WINDOWS\system32\taskkill.exe
    - 2001-08-23 12:00:00 72,192 ----a-w C:\WINDOWS\system32\tasklist.exe
    + 2001-08-23 12:00:00 78,848 ----a-w C:\WINDOWS\system32\tasklist.exe
    - 2001-08-23 12:00:00 15,360 ----a-w C:\WINDOWS\system32\taskman.exe
    + 2001-08-23 12:00:00 22,016 ----a-w C:\WINDOWS\system32\taskman.exe
    - 2001-08-23 12:00:00 12,288 ----a-w C:\WINDOWS\system32\tcmsetup.exe
    + 2001-08-23 12:00:00 18,944 ----a-w C:\WINDOWS\system32\tcmsetup.exe
    - 2001-08-23 12:00:00 19,456 ----a-w C:\WINDOWS\system32\tcpsvcs.exe
    + 2001-08-23 12:00:00 26,112 ----a-w C:\WINDOWS\system32\tcpsvcs.exe
    - 2004-08-03 23:56:58 75,264 ----a-w C:\WINDOWS\system32\telnet.exe
    + 2004-08-03 23:56:58 81,920 ----a-w C:\WINDOWS\system32\telnet.exe
    - 2001-08-23 12:00:00 16,896 ----a-w C:\WINDOWS\system32\tftp.exe
    + 2001-08-23 12:00:00 23,552 ----a-w C:\WINDOWS\system32\tftp.exe
    - 2004-08-03 23:56:58 61,440 ----a-w C:\WINDOWS\system32\tlntadmn.exe
    + 2004-08-03 23:56:58 68,096 ----a-w C:\WINDOWS\system32\tlntadmn.exe
    - 2004-08-03 23:56:58 78,336 ----a-w C:\WINDOWS\system32\tlntsess.exe
    + 2004-08-03 23:56:58 84,992 ----a-w C:\WINDOWS\system32\tlntsess.exe
    - 1998-04-16 16:45:19 57,856 ------w C:\WINDOWS\system32\Tngremo_.exe
    + 1998-04-16 16:45:19 64,512 ------w C:\WINDOWS\system32\Tngremo_.exe
    - 1999-11-10 19:35:56 154,112 ------w C:\WINDOWS\system32\Tngremov.exe
    + 1999-11-10 19:35:56 160,768 ------w C:\WINDOWS\system32\Tngremov.exe
    - 2004-08-03 23:56:58 259,584 ----a-w C:\WINDOWS\system32\tracerpt.exe
    + 2004-08-03 23:56:58 266,240 ----a-w C:\WINDOWS\system32\tracerpt.exe
    - 2004-08-03 23:56:58 12,288 ----a-w C:\WINDOWS\system32\tracert.exe
    + 2004-08-03 23:56:58 18,944 ----a-w C:\WINDOWS\system32\tracert.exe
    - 2001-08-23 12:00:00 31,744 ----a-w C:\WINDOWS\system32\tracert6.exe
    + 2001-08-23 12:00:00 38,400 ----a-w C:\WINDOWS\system32\tracert6.exe
    - 2001-08-23 12:00:00 14,848 ----a-w C:\WINDOWS\system32\tscon.exe
    + 2001-08-23 12:00:00 21,504 ----a-w C:\WINDOWS\system32\tscon.exe
    - 2004-08-03 21:59:28 44,544 ----a-w C:\WINDOWS\system32\tscupgrd.exe
    + 2004-08-03 21:59:28 51,200 ----a-w C:\WINDOWS\system32\tscupgrd.exe
    - 2001-08-23 12:00:00 14,848 ----a-w C:\WINDOWS\system32\tsdiscon.exe
    + 2001-08-23 12:00:00 21,504 ----a-w C:\WINDOWS\system32\tsdiscon.exe
    - 2001-08-23 12:00:00 16,384 ----a-w C:\WINDOWS\system32\tskill.exe
    + 2001-08-23 12:00:00 23,040 ----a-w C:\WINDOWS\system32\tskill.exe
    - 2001-08-23 12:00:00 16,896 ----a-w C:\WINDOWS\system32\tsshutdn.exe
    + 2001-08-23 12:00:00 23,552 ----a-w C:\WINDOWS\system32\tsshutdn.exe
    - 2001-08-23 12:00:00 36,352 ----a-w C:\WINDOWS\system32\typeperf.exe
    + 2001-08-23 12:00:00 43,008 ----a-w C:\WINDOWS\system32\typeperf.exe
    - 2001-08-23 12:00:00 4,096 ----a-w C:\WINDOWS\system32\unlodctr.exe
    + 2001-08-23 12:00:00 10,752 ----a-w C:\WINDOWS\system32\unlodctr.exe
    - 2004-08-03 23:56:58 16,896 ----a-w C:\WINDOWS\system32\upnpcont.exe
    + 2004-08-03 23:56:58 23,552 ----a-w C:\WINDOWS\system32\upnpcont.exe
    - 2003-02-21 03:16:08 49,152 ----a-w C:\WINDOWS\system32\URTTemp\regtlib.exe
    + 2003-02-21 03:16:08 57,344 ----a-w C:\WINDOWS\system32\URTTemp\regtlib.exe
    - 2004-08-03 23:56:52 103,424 ----a-w C:\WINDOWS\system32\usmt\migload.exe
    + 2004-08-03 23:56:52 110,080 ----a-w C:\WINDOWS\system32\usmt\migload.exe
    - 2004-08-03 23:56:52 236,032 ----a-w C:\WINDOWS\system32\usmt\migwiz_a.exe
    + 2004-08-03 23:56:52 242,688 ----a-w C:\WINDOWS\system32\usmt\migwiz_a.exe
    - 2001-08-23 12:00:00 77,891 ----a-w C:\WINDOWS\system32\usrmlnka.exe
    + 2001-08-23 12:00:00 86,083 ----a-w C:\WINDOWS\system32\usrmlnka.exe
    - 2001-08-23 12:00:00 61,508 ----a-w C:\WINDOWS\system32\usrprbda.exe
    + 2001-08-23 12:00:00 69,700 ----a-w C:\WINDOWS\system32\usrprbda.exe
    - 2001-08-23 12:00:00 69,700 ----a-w C:\WINDOWS\system32\usrshuta.exe
    + 2001-08-23 12:00:00 77,892 ----a-w C:\WINDOWS\system32\usrshuta.exe
    - 2004-08-03 23:56:58 50,176 ----a-w C:\WINDOWS\system32\utilman.exe
    + 2004-08-03 23:56:58 56,832 ----a-w C:\WINDOWS\system32\utilman.exe
    - 2005-01-27 23:36:04 47,104 ----a-w C:\WINDOWS\system32\uwdf.exe
    + 2005-01-27 23:36:04 53,760 ----a-w C:\WINDOWS\system32\uwdf.exe
    - 2001-08-23 12:00:00 98,304 ----a-w C:\WINDOWS\system32\verifier.exe
    + 2001-08-23 12:00:00 104,960 ----a-w C:\WINDOWS\system32\verifier.exe
    - 2001-08-23 12:00:00 33,792 ----a-w C:\WINDOWS\system32\vssadmin.exe
    + 2001-08-23 12:00:00 40,448 ----a-w C:\WINDOWS\system32\vssadmin.exe
    - 2001-08-23 12:00:00 49,664 ----a-w C:\WINDOWS\system32\w32tm.exe
    + 2001-08-23 12:00:00 56,320 ----a-w C:\WINDOWS\system32\w32tm.exe
    - 2004-08-03 23:56:52 16,384 ----a-w C:\WINDOWS\system32\wbem\mofcomp.exe
    + 2004-08-03 23:56:52 23,040 ----a-w C:\WINDOWS\system32\wbem\mofcomp.exe
    - 2004-08-03 23:56:56 36,864 ----a-w C:\WINDOWS\system32\wbem\scrcons.exe
    + 2004-08-03 23:56:56 43,520 ----a-w C:\WINDOWS\system32\wbem\scrcons.exe
    - 2001-08-23 12:00:00 16,896 ----a-w C:\WINDOWS\system32\wbem\unsecapp.exe
    + 2001-08-23 12:00:00 23,552 ----a-w C:\WINDOWS\system32\wbem\unsecapp.exe
    - 2004-08-03 23:56:58 116,224 ----a-w C:\WINDOWS\system32\wbem\wbemtest.exe
    + 2004-08-03 23:56:58 122,880 ----a-w C:\WINDOWS\system32\wbem\wbemtest.exe
    - 2001-08-23 12:00:00 13,312 ----a-w C:\WINDOWS\system32\wbem\winmgmt.exe
    + 2001-08-23 12:00:00 19,968 ----a-w C:\WINDOWS\system32\wbem\winmgmt.exe
    - 2004-08-03 23:56:58 358,912 ----a-w C:\WINDOWS\system32\wbem\wmic.exe
    + 2004-08-03 23:56:58 365,568 ----a-w C:\WINDOWS\system32\wbem\wmic.exe
    - 2004-08-03 23:56:58 65,536 ----a-w C:\WINDOWS\system32\wextract.exe
    + 2004-08-03 23:56:58 72,192 ----a-w C:\WINDOWS\system32\wextract.exe
    - 2004-08-03 23:56:58 433,664 ----a-w C:\WINDOWS\system32\wiaacmgr.exe
    + 2004-08-03 23:56:58 440,320 ----a-w C:\WINDOWS\system32\wiaacmgr.exe
    - 2001-08-23 12:00:00 8,192 ----a-w C:\WINDOWS\system32\winhlp32.exe
    + 2001-08-23 12:00:00 14,848 ----a-w C:\WINDOWS\system32\winhlp32.exe
    - 2001-08-23 12:00:00 11,776 ----a-w C:\WINDOWS\system32\winmsd.exe
    + 2001-08-23 12:00:00 18,432 ----a-w C:\WINDOWS\system32\winmsd.exe
    - 2004-08-03 23:56:58 5,632 ----a-w C:\WINDOWS\system32\winver.exe
    + 2004-08-03 23:56:58 12,288 ----a-w C:\WINDOWS\system32\winver.exe
    - 2002-02-18 08:23:10 171,792 ----a-w C:\WINDOWS\system32\wjview.exe
    + 2002-02-18 08:23:10 178,448 ----a-w C:\WINDOWS\system32\wjview.exe
    - 2002-08-29 03:41:28 77,824 ----a-w C:\WINDOWS\system32\wmpstub.exe
    + 2002-08-29 03:41:28 86,016 ----a-w C:\WINDOWS\system32\wmpstub.exe
    - 2004-08-03 23:56:58 32,256 ----a-w C:\WINDOWS\system32\wpabaln.exe
    + 2004-08-03 23:56:58 38,912 ----a-w C:\WINDOWS\system32\wpabaln.exe
    - 2004-08-03 23:56:58 32,256 ----a-w C:\WINDOWS\system32\wpnpinst.exe
    + 2004-08-03 23:56:58 38,912 ----a-w C:\WINDOWS\system32\wpnpinst.exe
    - 2001-08-23 12:00:00 5,632 ----a-w C:\WINDOWS\system32\write.exe
    + 2001-08-23 12:00:00 12,288 ----a-w C:\WINDOWS\system32\write.exe
    - 2004-08-03 23:56:58 13,824 ------w C:\WINDOWS\system32\wscntfy.exe
    + 2004-08-03 23:56:58 20,480 ------w C:\WINDOWS\system32\wscntfy.exe
    - 2004-08-03 23:56:58 114,688 ----a-w C:\WINDOWS\system32\wscript.exe
    + 2004-08-03 23:56:58 122,880 ----a-w C:\WINDOWS\system32\wscript.exe
    - 2004-08-03 23:56:58 165,888 ------w C:\WINDOWS\system32\wuauclt1.exe
    + 2004-08-03 23:56:58 172,544 ------w C:\WINDOWS\system32\wuauclt1.exe
    - 2001-08-23 12:00:00 32,256 ----a-w C:\WINDOWS\system32\wupdmgr.exe
    + 2001-08-23 12:00:00 38,912 ----a-w C:\WINDOWS\system32\wupdmgr.exe
    - 2004-08-03 23:56:58 30,720 ----a-w C:\WINDOWS\system32\xcopy.exe
    + 2004-08-03 23:56:58 37,376 ----a-w C:\WINDOWS\system32\xcopy.exe
    - 2003-10-14 06:50:15 26,112 ----a-w C:\WINDOWS\system32\xpsp1hfm.exe
    + 2003-10-14 06:50:15 32,768 ----a-w C:\WINDOWS\system32\xpsp1hfm.exe
    - 2001-08-23 12:00:00 15,360 ----a-w C:\WINDOWS\TASKMAN.EXE
    + 2001-08-23 12:00:00 22,016 ----a-w C:\WINDOWS\TASKMAN.EXE
    - 2008-05-22 19:13:30 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_5b4.dat
    + 2008-05-26 19:14:28 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_5b4.dat
    - 2001-08-23 12:00:00 25,600 ----a-w C:\WINDOWS\twunk_32.exe
    + 2001-08-23 12:00:00 32,256 ----a-w C:\WINDOWS\twunk_32.exe
    - 2004-10-07 08:31:55 40,960 ----a-w C:\WINDOWS\uneng.exe
    + 2004-10-07 08:31:55 51,100 ----a-w C:\WINDOWS\uneng.exe
    - 1999-11-10 10:05:00 86,016 ----a-w C:\WINDOWS\unvise32qt.exe
    + 1999-11-10 10:05:00 94,208 ----a-w C:\WINDOWS\unvise32qt.exe
    - 2000-08-31 06:00:00 68,096 ----a-w C:\WINDOWS\zip.exe
    + 2000-08-31 06:00:00 74,752 ----a-w C:\WINDOWS\zip.exe
    .
    -- Snapshot reset to current date --
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 01:56 22016]
    "WOOKIT"="C:\PROGRA~1\Wanadoo\GestMaj.exe" [2004-10-14 17:55 40960]
    "Asba"="C:\WINDOWS\WNSXS~1\explorer.exe" [ ]
    "Hsohaqi"="C:\Program Files\??crosoft\m?config.exe" [ ]
    "Windows Microsoft Services"="WinTrack.exe" [2008-05-19 21:16 65536 C:\WINDOWS\system32\WinTrack.exe]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Realtime Monitor"="C:\INOCULAN\realmon.exe" [2003-12-02 19:31 290816]
    "PCTVOICE"="pctspk.exe" [2001-12-11 19:09 172032 C:\WINDOWS\system32\pctspk.exe]
    "ATIModeChange"="Ati2mdxx.exe" [2001-09-05 03:24 36864 C:\WINDOWS\system32\Ati2mdxx.exe]
    "AtiPTA"="atiptaxx.exe" [2001-09-18 11:16 253952 C:\WINDOWS\system32\atiptaxx.exe]
    "CCM User Profile Manager"="c:\_integra\upm\bin\CCM_User.exe" [2003-12-16 18:13 446464]
    "WinVNC"="C:\Program Files\VNC\WinVNC\WinVNC.exe" [2003-03-05 13:49 344064]
    "Logitech Utility"="Logi_MwX.Exe" [2002-11-08 09:50 26624 C:\WINDOWS\LOGI_MWX.EXE]
    "WOOWATCH"="C:\PROGRA~1\Wanadoo\Watch.exe" [2004-08-23 15:49 28672]
    "WOOTASKBARICON"="C:\PROGRA~1\Wanadoo\GestMaj.exe" [2004-10-14 17:55 40960]
    "AdaptecDirectCD"="C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe" [2001-09-04 15:31 663552]
    "HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2004-09-13 15:49 57344]
    "CnxDslTaskBar"="C:\Program Files\ZTE Corporation\ZXDSL852\CnxDslTb.exe" [2005-05-20 19:32 286720]
    "Windows Microsoft Services"="WinTrack.exe" [2008-05-19 21:16 65536 C:\WINDOWS\system32\WinTrack.exe]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]
    "Windows Microsoft Services"="WinTrack.exe" [2008-05-19 21:16 65536 C:\WINDOWS\system32\WinTrack.exe]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-04 01:56 22016]
    "Server Daemon Host Manager"="C:\WINDOWS\system32\inetsrv\sdhost.exe" [ ]
    "Windows Microsoft Services"="WinTrack.exe" [2008-05-19 21:16 65536 C:\WINDOWS\system32\WinTrack.exe]
    "JavaCore"="C:\Program Files\\JavaCore\\JavaCore.exe" [ ]
    "SfKg6wIP"="C:\Documents and Settings\lb.DOREC000\Application Data\Microsoft\Windows\tpydvg.exe" [2008-05-22 21:44 44544]
    "Windows Service Agent"="YaRaby.exe" []

    C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
    D‚marrage rapide du logiciel HP Image Zone.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe [2004-11-04 19:50:52 61440]
    HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2004-11-04 19:28:24 266240]
    KODAK Software Updater.lnk - C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\backWeb-7288971.exe [2003-06-08 18:48:18 24624]
    Logiciel Kodak EasyShare.lnk - C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe [2003-06-25 07:25:38 622723]
    Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 01:01:04 83360]
    Service Manager.lnk - C:\Program Files\microsoft sql server\80\tools\binn\sqlmangr.exe [2002-12-17 17:23:32 82500]

    [HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
    "DisallowRun"= 1 (0x1)

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\disallowrun]
    "Protected system files15"= nod32ra.exe
    "Protected system files16"= UpdaterUI.exe
    "Protected system files17"= tbmon.exe
    "Protected system files18"= Mcshield.exe
    "Protected system files19"= SHSTAT.exe
    "Protected system files20"= ashMaiSv.exe
    "Protected system files21"= ashServ.exe
    "Protected system files22"= ashWebSv.exe
    "Protected system files23"= aswUpdSv.exe
    "Protected system files24"= AVGUARD.exe
    "Protected system files25"= AVWUPSRV.exe
    "Protected system files26"= avscan.exe
    "Protected system files27"= guardgui.exe
    "Protected system files28"= VxMon.exe
    "Protected system files29"= AVGNT.exe
    "Protected system files30"= avgemc.exe
    "Protected system files31"= avp.exe
    "Protected system files32"= avp.com

    [HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer\disallowrun]
    "Protected system files1"= avgupsvc.exe
    "Protected system files2"= avgamsvr.exe
    "Protected system files3"= avgcc.exe
    "Protected system files4"= nod32kui.exe
    "Protected system files5"= nod32krn.exe
    "Protected system files6"= ccSetMgr.exe
    "Protected system files7"= ccEvtMgr.exe
    "Protected system files8"= DefWatch.exe
    "Protected system files9"= SavRoam.exe
    "Protected system files10"= Rtvscan.exe
    "Protected system files11"= VPTray.exe
    "Protected system files12"= ccApp.exe
    "Protected system files13"= AluSchedulerSvc.exe
    "Protected system files14"= nod32.exe
    "Protected system files15"= nod32ra.exe
    "Protected system files16"= UpdaterUI.exe
    "Protected system files17"= tbmon.exe
    "Protected system files18"= Mcshield.exe
    "Protected system files19"= SHSTAT.exe
    "Protected system files20"= ashMaiSv.exe
    "Protected system files21"= ashServ.exe
    "Protected system files22"= ashWebSv.exe
    "Protected system files23"= aswUpdSv.exe
    "Protected system files24"= AVGUARD.exe
    "Protected system files25"= AVWUPSRV.exe
    "Protected system files26"= avscan.exe
    "Protected system files27"= guardgui.exe
    "Protected system files28"= VxMon.exe
    "Protected system files29"= AVGNT.exe
    "Protected system files30"= avgemc.exe
    "Protected system files31"= avp.exe
    "Protected system files32"= avp.com

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ckpNotify]

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
    SecurityProviders schannel.dll, digest.dll

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall"= 0 (0x0)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "C:\\Program Files\\Kodak\\KODAK Software Updater\\7288971\\Program\\backWeb-7288971.exe"=

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

    R0 SSI;SSI;C:\WINDOWS\system32\Drivers\SSI.SYS [2005-12-14 20:06]
    R2 gwtnhu;gwtnhu;C:\WINDOWS\system32\svchost.exe [2004-08-04 01:56]
    R2 IBM Access Driver Control;IBM Access Driver Control;"C:\WINDOWS\system32\dllcache\ibmpsw.exe" [2008-04-30 12:07]
    R2 LogWatch;Event Log Watch;C:\WINDOWS\LogWatNT.exe [2000-06-08 20:15]
    R2 MSDTCSERVEsss;Distributed Tracking Servess;C:\WINDOWS\system32\SVCHOST.EXE [2004-08-04 01:56]
    R2 smefs;SMEFileSystem;C:\WINDOWS\system32\drivers\smefs.sys [2002-04-23 19:11]
    R2 smss;Servers;C:\WINDOWS\system32\svchost.exe [2004-08-04 01:56]
    R2 svchost.exe;COM+ Event System alerte;C:\WINDOWS\system32\svchost.exe [2004-08-04 01:56]
    R2 yjnzii;yjnzii;C:\WINDOWS\system32\svchoST.exe [2004-08-04 01:56]
    R3 CnxEtP;ZTE ZXDSL852 Adapter Filter Driver;C:\WINDOWS\system32\DRIVERS\CnxEtP.sys [2005-05-20 19:27]
    R3 CnxEtU;ZTE ZXDSL852 Interface Device Driver;C:\WINDOWS\system32\DRIVERS\CnxEtU.sys [2005-05-20 19:27]
    R3 CnxTgNW;ZTE ZXDSL852 WAN PPPoA Adapter Driver;C:\WINDOWS\system32\DRIVERS\CnxTgNW.sys [2005-05-20 19:28]
    R3 smedrv;SMEDriver;C:\WINDOWS\system32\drivers\smedrv.sys [2001-11-10 00:00]
    R3 usbmouseb;usbmouseb;C:\WINDOWS\SYSTEM32\drivers\wps.sys [2005-03-13 13:45]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    svchost.exe REG_MULTI_SZ svchost.exe
    yjnzii REG_MULTI_SZ yjnzii
    gwtnhu REG_MULTI_SZ gwtnhu
    MSDTCSERVEsss REG_MULTI_SZ MSDTCSERVEsss

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
    smss

    .
    **************************************************************************

    catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-05-26 21:19:15
    Windows 5.1.2600 Service Pack 2 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...


    C:\Documents and Settings\lb.DOREC000\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG:CA_INOCULATEIT 512 bytes hidden from API

    scan completed successfully
    hidden files: 1

    **************************************************************************
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------

    PROCESS: C:\WINDOWS\system32\winlogon.exe
    -> c:\windows\system32\nefcua.dll
    -> c:\windows\system32\bspkjj.dll
    -> c:\windows\system32\jxatdy.dll

    PROCESS: C:\WINDOWS\explorer.exe
    -> c:\windows\system32\jxatdy.dll
    -> c:\windows\system32\bspkjj.dll
    -> c:\windows\system32\nefcua.dll
    .
    ------------------------ Other Running Processes ------------------------
    .
    C:\WINDOWS\system32\ati2evxx.exe
    C:\WINDOWS\system32\FTRTSVC.exe
    C:\INOCULAN\InoRpc.exe
    C:\INOCULAN\InoRT.exe
    C:\INOCULAN\InoTask.exe
    C:\WINDOWS\system32\drivers\KodakCCS.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
    C:\Program Files\microsoft sql server\MSSQL\Binn\sqlservr.exe
    C:\WINDOWS\system32\ScsiAccess.EXE
    C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
    C:\WINDOWS\system32\wdfmgr.exe
    C:\_INTEGRA\BIN\CCMAGENT.EXE
    C:\_INTEGRA\BIN\SHSTART.EXE
    C:\Program Files\Logitech\MouseWare\system\EM_EXEC.EXE
    C:\PROGRA~1\Wanadoo\EspaceWanadoo.exe
    C:\PROGRA~1\Wanadoo\ComComp.exe
    C:\PROGRA~1\Wanadoo\Toaster.exe
    C:\PROGRA~1\Wanadoo\Inactivity.exe
    C:\PROGRA~1\Wanadoo\PollingModule.exe
    C:\WINDOWS\system32\ALERTM~1\ALERTM~1.EXE
    .
    **************************************************************************
    .
    Completion time: 2008-05-26 21:27:11 - machine was rebooted
    ComboFix-quarantined-files.txt 2008-05-26 19:26:31
    ComboFix2.txt 2008-05-22 19:23:57

    Pre-Run: 21,948,085,248 bytes free
    Post-Run: 21,958,581,248 bytes free

    2101
    a b 8 Sécurité
    27 Mai 2008 12:16:31

    Re,

    Copie (Ctrl+C) le texte se situant dans le cadre ci-dessous :

    Driver::
    yjnzii

    File::
    C:\WINDOWS\system32\svchoST.exe
    C:\Documents and Settings\lb.DOREC000\Application Data\Microsoft\Windows\tpydvg.exe
    C:\WINDOWS\system32\WinTrack.exe

    Folder::
    C:\Program Files\JavaCore\
    C:\WINDOWS\system32\inetsrv

    Registry::
    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "Server Daemon Host Manager"=-
    "Windows Microsoft Services"=-
    "SfKg6wIP"=-
    "Windows Service Agent"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]
    "Windows Microsoft Services"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Windows Microsoft Services"=-
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Asba"=-
    "Hsohaqi"=-
    "Windows Microsoft Services"=-


    Ouvre le Bloc-Notes puis colle (Ctrl+V) le texte précedemment copié.
    Sauvegarde ce fichier sous le nom de CFScript.txt.

    Glisse maintenant le fichier CFScript.txt dans Combofix.exe comme ci-dessous :


    Cela va relancer Combofix, tape sur 1 puis valide. Après redémarrage, poste le contenu du rapport Combofix.txt accompagné d'un rapport Hijackthis.
    [#ff0000]NOTE : S'il n'y a pas de rédémarrage, poste quand même les rapports demandés.[/#f]
    27 Mai 2008 21:13:56

    Bonsoir,

    Le voilà:
    ComboFix 08-05-21.3 - lb 2008-05-27 20:57:01.3 - NTFSx86
    Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.70 [GMT 2:00]Running from: C:\Documents and Settings\lb.DOREC000\Desktop\ComboFix.exe
    Command switches used :: C:\Documents and Settings\lb.DOREC000\Desktop\CFScript.txt
    * Created a new restore point

    WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

    FILE ::
    C:\Documents and Settings\lb.DOREC000\Application Data\Microsoft\Windows\tpydvg.exe
    C:\WINDOWS\system32\WinTrack.exe
    C:\WINDOWS\system32\svchoST.exe :#:
    C:\WINDOWS\system32\inetsrv :#:
    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\Documents and Settings\lb.DOREC000\Application Data\Microsoft\Windows\tpydvg.exe
    C:\WINDOWS\mrofinu1001186.exe
    C:\WINDOWS\system32\WinTrack.exe

    .
    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    -------\Legacy_YJNZII
    -------\Service_yjnzii


    ((((((((((((((((((((((((( Files Created from 2008-04-27 to 2008-05-27 )))))))))))))))))))))))))))))))
    .

    2008-05-26 22:38 . 2008-05-26 22:39 493,568 --a------ C:\WINDOWS\system32\WinTcp2.exe
    2008-05-25 17:32 . 2008-05-25 17:32 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
    2008-05-25 17:32 . 2008-05-25 17:32 <DIR> d-------- C:\Documents and Settings\lb.DOREC000\Application Data\Malwarebytes
    2008-05-25 17:32 . 2008-05-25 17:32 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
    2008-05-25 17:32 . 2008-05-05 20:46 27,048 --a------ C:\WINDOWS\system32\drivers\mbamcatchme.sys
    2008-05-25 17:32 . 2008-05-05 20:46 15,864 --a------ C:\WINDOWS\system32\drivers\mbam.sys
    2008-05-25 17:31 . 2008-05-25 17:31 <DIR> d-------- C:\Program Files\Common Files\Download Manager
    2008-05-19 21:08 . 2008-05-19 21:07 396,508 -r-hsc--- C:\WINDOWS\system32\dllcache\wintcps.exe
    2008-05-08 10:38 . 2008-05-19 21:31 13,502 --a------ C:\WINDOWS\system32\JambaIconFR.ico
    2008-05-04 21:33 . 2008-05-04 21:33 9,662 --a------ C:\WINDOWS\system32\ZoneAlarmIconFR.ico
    2008-04-30 12:07 . 2008-04-30 12:07 507,904 -r-hsc--- C:\WINDOWS\system32\dllcache\ibmpsw.exe
    2008-04-29 17:03 . 2008-04-30 16:53 <DIR> d-------- C:\Program Files\GlobalEnglish
    2008-04-29 12:34 . 2008-05-27 21:04 19,936 --a------ C:\WINDOWS\system32\nefcua.gfr

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-05-27 19:06 --------- d-----w C:\Program Files\Wanadoo
    2008-04-21 18:19 539,136 ----a-w C:\WINDOWS\system32\remote.dll
    2006-11-19 16:20 21,104 ----a-w C:\Documents and Settings\lb.DOREC000\Application Data\GDIPFONTCACHEV1.DAT
    2005-03-13 11:45 39,936 --sh--w C:\WINDOWS\system32\wps.dll
    2005-01-22 18:43 58,816 --sha-w C:\WINDOWS\system32\wps.exe
    2005-03-13 11:45 8,432 --sha-w C:\WINDOWS\system32\drivers\wps.sys
    .

    ------- Sigcheck -------

    2002-08-29 03:58 332928 244a2f9816bc9b593957281ef577d976 C:\WINDOWS\$NtServicePackUninstall$\tcpip.sys
    2004-08-04 00:14 359040 9f4b36614a0fc234525ba224957de55c C:\WINDOWS\ServicePackFiles\i386\tcpip.sys
    2004-08-04 00:14 359040 6a603809f598332dbedd535bdbce313e C:\WINDOWS\system32\drivers\tcpip.sys

    2004-08-04 01:56 1038848 0fdc6414bc4ffae1e4e6c0e5e099ced6 C:\WINDOWS\explorer.exe
    2002-08-29 05:41 1010688 a0bec278727ee02c108b98083152f783 C:\WINDOWS\$NtServicePackUninstall$\explorer.exe
    2004-08-04 01:56 1038848 aac6ab5b4da8e89eccb1806e4d28babd C:\WINDOWS\ServicePackFiles\i386\explorer.exe

    2002-08-29 05:41 19968 25fc10e547e3be0c36a738599c665239 C:\WINDOWS\$NtServicePackUninstall$\ctfmon.exe
    2004-08-04 01:56 22016 d11589d33eda6e5ed8ad57d272c98847 C:\WINDOWS\ServicePackFiles\i386\ctfmon.exe
    2004-08-04 01:56 22016 76b83a79591e8a5646124daac5f02859 C:\WINDOWS\system32\ctfmon.exe
    .
    ((((((((((((((((((((((((((((( snapshot_2008-05-26_21.25.26.92 )))))))))))))))))))))))))))))))))))))))))
    .
    - 2008-05-26 19:14:22 2,048 ----a-w C:\WINDOWS\bootstat.dat
    + 2008-05-27 19:03:34 2,048 ----a-w C:\WINDOWS\bootstat.dat
    - 2005-10-20 18:02:28 173,568 ----a-w C:\WINDOWS\erdnt\subs\ERDNT.EXE
    + 2005-10-20 18:02:28 163,328 ----a-w C:\WINDOWS\erdnt\subs\ERDNT.EXE
    - 2008-05-26 19:14:24 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
    + 2008-05-27 19:03:37 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
    - 2008-05-26 19:14:24 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
    + 2008-05-27 19:03:37 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
    - 2008-05-26 19:14:24 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
    + 2008-05-27 19:03:37 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
    + 2008-05-27 19:03:41 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_5c0.dat
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 01:56 22016]
    "WOOKIT"="C:\PROGRA~1\Wanadoo\GestMaj.exe" [2004-10-14 17:55 40960]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Realtime Monitor"="C:\INOCULAN\realmon.exe" [2003-12-02 19:31 290816]
    "PCTVOICE"="pctspk.exe" [2001-12-11 19:09 172032 C:\WINDOWS\system32\pctspk.exe]
    "ATIModeChange"="Ati2mdxx.exe" [2001-09-05 03:24 36864 C:\WINDOWS\system32\Ati2mdxx.exe]
    "AtiPTA"="atiptaxx.exe" [2001-09-18 11:16 253952 C:\WINDOWS\system32\atiptaxx.exe]
    "CCM User Profile Manager"="c:\_integra\upm\bin\CCM_User.exe" [2003-12-16 18:13 446464]
    "WinVNC"="C:\Program Files\VNC\WinVNC\WinVNC.exe" [2003-03-05 13:49 344064]
    "Logitech Utility"="Logi_MwX.Exe" [2002-11-08 09:50 26624 C:\WINDOWS\LOGI_MWX.EXE]
    "WOOWATCH"="C:\PROGRA~1\Wanadoo\Watch.exe" [2004-08-23 15:49 28672]
    "WOOTASKBARICON"="C:\PROGRA~1\Wanadoo\GestMaj.exe" [2004-10-14 17:55 40960]
    "AdaptecDirectCD"="C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe" [2001-09-04 15:31 663552]
    "HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2004-09-13 15:49 57344]
    "CnxDslTaskBar"="C:\Program Files\ZTE Corporation\ZXDSL852\CnxDslTb.exe" [2005-05-20 19:32 286720]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-04 01:56 22016]
    "JavaCore"="C:\Program Files\\JavaCore\\JavaCore.exe" [ ]

    C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
    D‚marrage rapide du logiciel HP Image Zone.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe [2004-11-04 19:50:52 61440]
    HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2004-11-04 19:28:24 266240]
    KODAK Software Updater.lnk - C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\backWeb-7288971.exe [2003-06-08 18:48:18 24624]
    Logiciel Kodak EasyShare.lnk - C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe [2003-06-25 07:25:38 622723]
    Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 01:01:04 83360]
    Service Manager.lnk - C:\Program Files\microsoft sql server\80\tools\binn\sqlmangr.exe [2002-12-17 17:23:32 82500]

    [HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
    "DisallowRun"= 1 (0x1)

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\disallowrun]
    "Protected system files15"= nod32ra.exe
    "Protected system files16"= UpdaterUI.exe
    "Protected system files17"= tbmon.exe
    "Protected system files18"= Mcshield.exe
    "Protected system files19"= SHSTAT.exe
    "Protected system files20"= ashMaiSv.exe
    "Protected system files21"= ashServ.exe
    "Protected system files22"= ashWebSv.exe
    "Protected system files23"= aswUpdSv.exe
    "Protected system files24"= AVGUARD.exe
    "Protected system files25"= AVWUPSRV.exe
    "Protected system files26"= avscan.exe
    "Protected system files27"= guardgui.exe
    "Protected system files28"= VxMon.exe
    "Protected system files29"= AVGNT.exe
    "Protected system files30"= avgemc.exe
    "Protected system files31"= avp.exe
    "Protected system files32"= avp.com

    [HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer\disallowrun]
    "Protected system files1"= avgupsvc.exe
    "Protected system files2"= avgamsvr.exe
    "Protected system files3"= avgcc.exe
    "Protected system files4"= nod32kui.exe
    "Protected system files5"= nod32krn.exe
    "Protected system files6"= ccSetMgr.exe
    "Protected system files7"= ccEvtMgr.exe
    "Protected system files8"= DefWatch.exe
    "Protected system files9"= SavRoam.exe
    "Protected system files10"= Rtvscan.exe
    "Protected system files11"= VPTray.exe
    "Protected system files12"= ccApp.exe
    "Protected system files13"= AluSchedulerSvc.exe
    "Protected system files14"= nod32.exe
    "Protected system files15"= nod32ra.exe
    "Protected system files16"= UpdaterUI.exe
    "Protected system files17"= tbmon.exe
    "Protected system files18"= Mcshield.exe
    "Protected system files19"= SHSTAT.exe
    "Protected system files20"= ashMaiSv.exe
    "Protected system files21"= ashServ.exe
    "Protected system files22"= ashWebSv.exe
    "Protected system files23"= aswUpdSv.exe
    "Protected system files24"= AVGUARD.exe
    "Protected system files25"= AVWUPSRV.exe
    "Protected system files26"= avscan.exe
    "Protected system files27"= guardgui.exe
    "Protected system files28"= VxMon.exe
    "Protected system files29"= AVGNT.exe
    "Protected system files30"= avgemc.exe
    "Protected system files31"= avp.exe
    "Protected system files32"= avp.com

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ckpNotify]

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
    SecurityProviders schannel.dll, digest.dll

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall"= 0 (0x0)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "C:\\Program Files\\Kodak\\KODAK Software Updater\\7288971\\Program\\backWeb-7288971.exe"=

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

    R0 SSI;SSI;C:\WINDOWS\system32\Drivers\SSI.SYS [2005-12-14 20:06]
    R2 smefs;SMEFileSystem;C:\WINDOWS\system32\drivers\smefs.sys [2002-04-23 19:11]
    R3 CnxEtP;ZTE ZXDSL852 Adapter Filter Driver;C:\WINDOWS\system32\DRIVERS\CnxEtP.sys [2005-05-20 19:27]
    R3 CnxEtU;ZTE ZXDSL852 Interface Device Driver;C:\WINDOWS\system32\DRIVERS\CnxEtU.sys [2005-05-20 19:27]
    R3 CnxTgNW;ZTE ZXDSL852 WAN PPPoA Adapter Driver;C:\WINDOWS\system32\DRIVERS\CnxTgNW.sys [2005-05-20 19:28]
    R3 smedrv;SMEDriver;C:\WINDOWS\system32\drivers\smedrv.sys [2001-11-10 00:00]
    R3 usbmouseb;usbmouseb;C:\WINDOWS\SYSTEM32\drivers\wps.sys [2005-03-13 13:45]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    svchost.exe REG_MULTI_SZ svchost.exe
    yjnzii REG_MULTI_SZ yjnzii
    gwtnhu REG_MULTI_SZ gwtnhu
    MSDTCSERVEsss REG_MULTI_SZ MSDTCSERVEsss

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
    smss

    .
    **************************************************************************

    catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-05-27 21:04:47
    Windows 5.1.2600 Service Pack 2 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...


    C:\Documents and Settings\lb.DOREC000\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG:CA_INOCULATEIT 512 bytes hidden from API

    scan completed successfully
    hidden files: 1

    **************************************************************************
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------

    PROCESS: C:\WINDOWS\system32\winlogon.exe
    -> c:\windows\system32\nefcua.dll
    -> c:\windows\system32\bspkjj.dll

    PROCESS: C:\WINDOWS\explorer.exe
    -> c:\windows\system32\bspkjj.dll
    -> c:\windows\system32\nefcua.dll
    .
    ------------------------ Other Running Processes ------------------------
    .
    C:\WINDOWS\system32\ati2evxx.exe
    C:\WINDOWS\system32\FTRTSVC.exe
    C:\WINDOWS\system32\dllcache\ibmpsw.exe
    C:\INOCULAN\InoRpc.exe
    C:\INOCULAN\InoRT.exe
    C:\INOCULAN\InoTask.exe
    C:\WINDOWS\system32\drivers\KodakCCS.exe
    C:\WINDOWS\LogWatNT.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
    C:\Program Files\microsoft sql server\MSSQL\Binn\sqlservr.exe
    C:\WINDOWS\system32\ScsiAccess.EXE
    C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
    C:\WINDOWS\system32\wdfmgr.exe
    C:\_INTEGRA\BIN\CCMAGENT.EXE
    C:\_INTEGRA\BIN\SHSTART.EXE
    C:\Program Files\Logitech\MouseWare\system\EM_EXEC.EXE
    C:\PROGRA~1\Wanadoo\TaskBarIcon.exe
    C:\WINDOWS\system32\imapi.exe
    .
    **************************************************************************
    .
    Completion time: 2008-05-27 21:12:43 - machine was rebooted
    ComboFix-quarantined-files.txt 2008-05-27 19:11:53
    ComboFix2.txt 2008-05-26 19:27:14
    ComboFix3.txt 2008-05-22 19:23:57

    Pre-Run: 21,850,212,864 bytes free
    Post-Run: 21,823,471,616 bytes free

    230
    27 Mai 2008 21:16:28

    Re,

    Et le rapport Hijackthis:
    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 21:18, on 2008-05-27
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\System32\Ati2evxx.exe
    C:\WINDOWS\System32\FTRTSVC.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\dllcache\ibmpsw.exe
    C:\INOCULAN\InoRpc.exe
    C:\INOCULAN\InoRT.exe
    C:\INOCULAN\InoTask.exe
    C:\WINDOWS\system32\drivers\KodakCCS.exe
    C:\WINDOWS\LogWatNT.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
    C:\WINDOWS\system32\SVCHOST.EXE
    C:\Program Files\Microsoft SQL Server\MSSQL\Binn\sqlservr.exe
    C:\WINDOWS\System32\ScsiAccess.EXE
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
    c:\_integra\bin\ccmagent.exe
    C:\Program Files\VNC\WinVNC\WinVNC.exe
    c:\_integra\bin\shstart.exe
    C:\WINDOWS\system32\pctspk.exe
    C:\WINDOWS\system32\atiptaxx.exe
    C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
    C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    C:\Program Files\Logitech\MouseWare\system\em_exec.exe
    C:\Program Files\ZTE Corporation\ZXDSL852\CnxDslTb.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\PROGRA~1\Wanadoo\TaskBarIcon.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\backWeb-7288971.exe
    C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
    C:\Program Files\microsoft sql server\80\tools\binn\sqlmangr.exe
    C:\WINDOWS\explorer.exe
    C:\WINDOWS\system32\notepad.exe
    C:\Program Files\Wanadoo\EspaceWanadoo.exe
    C:\Program Files\Wanadoo\ComComp.exe
    C:\PROGRA~1\Wanadoo\Toaster.exe
    C:\PROGRA~1\Wanadoo\Inactivity.exe
    C:\PROGRA~1\Wanadoo\PollingModule.exe
    C:\WINDOWS\System32\ALERTM~1\ALERTM~1.EXE
    C:\Program Files\Wanadoo\Watch.exe
    C:\Program Files\internet explorer\iexplore.exe
    C:\WINDOWS\TEMP\DIL7.tmp
    C:\WINDOWS\TEMP\DIL8.tmp
    C:\WINDOWS\17PHolmes1001186.exe
    C:\PROGRA~1\WinZip\winzip32.exe
    C:\DOCUME~1\LBA999~1.DOR\LOCALS~1\Temp\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6\Reader\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O4 - HKLM\..\Run: [Realtime Monitor] C:\INOCULAN\realmon.exe
    O4 - HKLM\..\Run: [PCTVOICE] pctspk.exe
    O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
    O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
    O4 - HKLM\..\Run: [CCM User Profile Manager] "c:\_integra\upm\bin\CCM_User.exe"
    O4 - HKLM\..\Run: [WinVNC] "C:\Program Files\VNC\WinVNC\WinVNC.exe" -servicehelper
    O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
    O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
    O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\GestMaj.exe TaskBarIcon.exe
    O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe"
    O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
    O4 - HKLM\..\Run: [CnxDslTaskBar] "C:\Program Files\ZTE Corporation\ZXDSL852\CnxDslTb.exe" "ZTE Corporation\ZXDSL852"
    O4 - HKLM\..\Run: [runner1] C:\WINDOWS\mrofinu1001186.exe 61A847B5BBF72813329B39577AFF01F0B3E35B6638993F4661AA4EBD86D67C56389B284534F310
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\GestMaj.exe EspaceWanadoo.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
    O4 - Global Startup: Démarrage rapide du logiciel HP Image Zone.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
    O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    O4 - Global Startup: KODAK Software Updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\backWeb-7288971.exe
    O4 - Global Startup: Logiciel Kodak EasyShare.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O4 - Global Startup: Service Manager.lnk = C:\Program Files\microsoft sql server\80\tools\binn\sqlmangr.exe
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra button: Wanadoo - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - http://www.wanadoo.fr (file missing) (HKCU)
    O16 - DPF: {3A5A2021-0895-11D2-8817-0060089E0724} (GlobalEnglish Learning Technology) - http://corp.globalenglish.com/html/setup/cabs/ge.cab
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = esp.arcelor.com
    O17 - HKLM\Software\..\Telephony: DomainName = esp.arcelor.com
    O17 - HKLM\System\CCS\Services\Tcpip\..\{945E8E45-3AC6-40E8-865B-ED64CCCF4521}: NameServer = 80.10.246.130 81.253.149.10
    O17 - HKLM\System\CCS\Services\Tcpip\..\{AC51CD88-348C-41EC-8303-EF84C65AF366}: Domain = esp.arcelor.com
    O17 - HKLM\System\CCS\Services\Tcpip\..\{AC51CD88-348C-41EC-8303-EF84C65AF366}: NameServer = 128.45.0.11,128.45.0.31
    O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = esp.arcelor.com
    O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = esp.arcelor.com,esp.arcelor.agn,recyfin.arcelor.com,arcelor.agn,sidmar.be,usinor.com,sidmar.agn
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = esp.arcelor.com,esp.arcelor.agn,recyfin.arcelor.com,arcelor.agn,sidmar.be,usinor.com,sidmar.agn
    O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
    O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
    O23 - Service: IBM Access Driver Control - Unknown owner - C:\WINDOWS\system32\dllcache\ibmpsw.exe
    O23 - Service: eTrust Antivirus RPC Server (InoRPC) - Computer Associates International, Inc. - C:\INOCULAN\InoRpc.exe
    O23 - Service: eTrust Antivirus Realtime Server (InoRT) - Computer Associates International, Inc. - C:\INOCULAN\InoRT.exe
    O23 - Service: eTrust Antivirus Job Server (InoTask) - Computer Associates International, Inc. - C:\INOCULAN\InoTask.exe
    O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
    O23 - Service: Event Log Watch (LogWatch) - Unknown owner - C:\WINDOWS\LogWatNT.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
    O23 - Service: ScsiAccess - Unknown owner - C:\WINDOWS\System32\ScsiAccess.EXE
    O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
    O23 - Service: CCM Windows Agent (WControl) - On Technology Corporation - c:\_integra\bin\ccmagent.exe
    O23 - Service: VNC Server (winvnc) - RealVNC Ltd. - C:\Program Files\VNC\WinVNC\WinVNC.exe

    --
    End of file - 8249 bytes
    a b 8 Sécurité
    28 Mai 2008 13:03:40

    Recommence avec ce script :

    File::
    C:\Windows\System32\bspkjj.dll
    C:\Windows\System32\nefcua.dll
    C:\WINDOWS\mrofinu1001186.exe

    Registry::
    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "JavaCore"=-
    29 Mai 2008 18:50:20

    Bonjour,

    Combofix ne se lance pas... Je fais bien la manip pourtant
    a b 8 Sécurité
    30 Mai 2008 21:26:23

    Tu as bien nommé le script du même nom ?
    2 Juin 2008 17:19:55

    Oui! Même hijackthis ne se lance pas.
    a b 8 Sécurité
    2 Juin 2008 17:58:32

    Supprime combofix, retélécharge-le puis recommence.
    2 Juin 2008 20:08:52

    Je l'ai supprimé, je l'ai télécharger sur mon bureau. Je double-clique dessus et il ne se passe rien.
    a b 8 Sécurité
    2 Juin 2008 20:41:02

    Aucune erreur, même pour Hijackthis ? Et en sans échec ?
    2 Juin 2008 21:27:21

    Rien ne se lance. Et je n'arrive pas à démarrer en mode sans echec. L'ordi se bloque sur la plage où je dois faire un ctrl+Alt+Suppr (et j'ai déjà attendu 3h).
    a b 8 Sécurité
    3 Juin 2008 12:30:26

    Tu as le cd de Windows pour faire un réparation ?
    Tom's guide dans le monde
    • Allemagne
    • Italie
    • Irlande
    • Royaume Uni
    • Etats Unis
    Suivre Tom's Guide
    Inscrivez-vous à la Newsletter
    • ajouter à twitter
    • ajouter à facebook
    • ajouter un flux RSS