Se connecter / S'enregistrer
Votre question

pour Angeldark !!!

Tags :
  • Sécurité
Dernière réponse : dans Sécurité et virus
Anonyme
15 Mai 2008 15:31:55

salut Angeldark,
j'ai lu [dossier] prevention et protection et j'ai vu que tu donnais des coups de mains aux personnes en difficultés.voila,mon pc est équipé de windows vista basic, j'ai internet explorer.j'ai attrapé un cheval de troie comme virus, et j'ai fait un avast et un kaspersky qui a détecter les virus mais ils ne veulent pas les traiter ni les suprimé.
je te donne les résultat du hijackthis.
merci de ton aide!!!!
a bientot.

hijackthis :


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:08:40, on 15/05/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16643)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Orange HSS\Launcher\Launcher.exe
C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\AlertModule\0\AlertModule.exe
C:\Program Files\Orange HSS\connectivity\connectivitymanager.exe
C:\Program Files\Orange HSS\systray\systrayapp.exe
C:\Program Files\Orange HSS\Deskboard\deskboard.exe
C:\Program Files\Orange HSS\connectivity\CoreCom\CoreCom.exe
C:\Program Files\Orange HSS\connectivity\CoreCom\OraConfigRecover.exe
C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\FTCOMModule\0\FTCOMModule.exe
C:\Windows\explorer.exe
C:\Windows\system32\rundll32.exe
C:\Windows\system32\rundll32.exe
C:\Windows\system32\rundll32.exe
C:\Windows\system32\rundll32.exe
C:\Windows\system32\rundll32.exe
C:\Windows\system32\rundll32.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\system32\rundll32.exe
C:\Windows\system32\rundll32.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Users\Valé\Desktop\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.01net.com/telecharger/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.01net.com/telecharger/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: EoRezoBHO - {64F56FC1-1272-44CD-BA6E-39723696E350} - C:\Program Files\EoRezo\EoAdv\EoRezoBHO.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\system32\eDStoolbar.dll
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Sidebar] "C:\Program Files\windows sidebar\sidebar.exe" /autoRun
O4 - HKCU\..\Run: [MSServer] "rundll32.exe" C:\Users\VAL~1\AppData\Local\Temp\efcCvwUM.dll,#1
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [2826c118] rundll32.exe "C:\Users\VAL~1\AppData\Local\Temp\pnfdjrwt.dll",b
O4 - HKCU\..\Run: [RunSpySweeperScheduleAtStartup] "C:\Windows\system32\msfeedssync.exe" /ScheduleSweep=User_Feed_Synchronization-{86D4E83F-E95F-4147-B654-0255350728CB}
O4 - HKCU\..\Run: [cmds] "rundll32.exe" C:\Users\VAL~1\AppData\Local\Temp\khFUmKby.dll,c
O4 - HKUS\S-1-5-18\..\Run: [] (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [] (User 'Default user')
O4 - Global Startup: Outil de mise à jour Google.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: (no name) - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - (no file)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Boonty Games - BOONTY - C:\Program Files\Common Files\BOONTY Shared\Service\Boonty.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

--
End of file - 6896 bytes

Autres pages sur : angeldark

a b 8 Sécurité
15 Mai 2008 15:44:59

Bonjour,

Je ne suis pas le seul à désinfecter :) 

[#ff0000]Désactive tes protections résidentes (antivirus, Spybot-S&D, etc.) ![/#f]

  • Télécharge ComboFix ([#ff0000]sUBs[/#f]) sur ton Bureau.
  • Double clique sur ComboFix.exe (le .exe n'est pas forcément visible) afin de le lancer.
  • Lorsque la recherche sera terminée, un rapport apparaîtra. Poste ce rapport (C:\combofix.txt*) dans ta prochaine réponse.

    AIDE : Un guide et un tutoriel sur l'utilisation de ComboFix
    * le nom de la partition peut changer
    Anonyme
    15 Mai 2008 16:05:28

    merci de ton aide !!
    voici le raport de ComboFix :

    ComboFix 08-05-12.1 - Valé 2008-05-15 15:53:44.1 - NTFSx86
    Microsoft® Windows Vista™ Édition Familiale Basique 6.0.6000.0.1252.1.1036.18.163 [GMT 2:00]
    Endroit: C:\Users\Valé\Desktop\ComboFix.exe
    .

    (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\Program Files\PlayMP3z
    C:\Program Files\PlayMP3z\uninstall.exe

    .
    ((((((((((((((((((((((((((((( Fichiers créés 2008-04-15 to 2008-05-15 ))))))))))))))))))))))))))))))))))))
    .

    Pas de nouveau fichier créé dans cet espace de temps

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-05-15 13:59 4,194,304 --sha-w C:\Users\Valé\ntuser.dat
    2008-05-15 13:58 4,194,304 --sha-w C:\Users\Valé\ntuser.dat
    2008-05-15 13:53 2,097,152 --sha-w C:\Users\Invité\ntuser.dat
    2008-05-15 13:53 2,097,152 --sha-w C:\Users\Invité\ntuser.dat
    2008-05-15 07:05 --------- d-----w C:\ProgramData\Google Updater
    2008-05-14 21:30 --------- d-----w C:\ProgramData\Microsoft Help
    2008-05-14 21:30 --------- d-----w C:\Program Files\Windows Mail
    2008-05-14 18:03 164 ----a-w C:\install.dat
    2008-05-14 07:38 1,495,112 ----a-w C:\Users\Valé\install_flash_player.exe
    2008-05-14 07:38 1,495,112 ----a-w C:\Users\Valé\install_flash_player.exe
    2008-05-13 21:28 --------- d-----w C:\ProgramData\ESET
    2008-05-13 21:20 --------- d-----w C:\Program Files\Navilog1
    2008-05-13 18:27 --------- d---a-w C:\ProgramData\TEMP
    2008-05-13 09:42 --------- d-----w C:\Program Files\Google
    2008-05-13 06:00 --------- d-----w C:\ProgramData\Prevx
    2008-05-13 05:00 --------- d-----w C:\Program Files\Common Files\Panda Software
    2008-05-12 16:37 50,768 ----a-w C:\Windows\system32\drivers\aswMonFlt.sys
    2008-05-11 16:39 --------- d-----w C:\Users\Valé\AppData\Roaming\Mozilla
    2008-05-05 17:51 --------- d-----w C:\Program Files\Common Files\BOONTY Shared
    2008-04-30 19:23 --------- d-----w C:\Program Files\Microsoft Games
    2008-04-28 19:25 --------- d--h--w C:\Program Files\InstallShield Installation Information
    2008-04-25 10:10 --------- d-----w C:\ProgramData\GamesBar
    2008-04-21 17:45 --------- d-----w C:\ProgramData\Oberon Media
    2008-04-21 08:32 --------- d-----w C:\ProgramData\Logishrd
    2008-04-21 08:32 --------- d-----w C:\Program Files\Common Files\LogiShrd
    2008-04-19 19:49 --------- d-----w C:\Users\Valé\AppData\Roaming\LimeWire
    2008-04-17 11:24 --------- d-----w C:\Program Files\Common Files\Oberon Media
    2008-04-17 09:29 --------- d-----w C:\ProgramData\Apple Computer
    2008-04-17 07:35 --------- d-----w C:\Users\Valé\AppData\Roaming\Apple Computer
    2008-04-17 07:33 --------- d-----w C:\Program Files\QuickTime
    2008-04-17 07:27 --------- d-----w C:\Program Files\Common Files\Apple
    2008-04-17 07:25 --------- d-----w C:\ProgramData\Apple
    2008-04-17 07:25 --------- d-----w C:\Program Files\Apple Software Update
    2008-04-13 16:49 --------- d-----w C:\Users\Valé\AppData\Roaming\DeepBurner
    2008-04-12 09:25 --------- d-----w C:\Users\Valé\AppData\Roaming\PlayFirst
    2008-04-12 09:25 --------- d-----w C:\ProgramData\PlayFirst
    2008-04-11 12:18 --------- d-----w C:\ProgramData\MumboJumbo
    2008-04-01 19:25 --------- d-----w C:\ProgramData\WLInstaller
    2008-04-01 19:24 --------- d-s---w C:\Users\Valé\AppData\Roaming\Microsoft
    2008-03-27 14:16 15,872 ------w C:\Windows\System32\winskfr.dll
    2008-03-27 11:18 --------- d-----w C:\Program Files\Common Files\PX Storage Engine
    2008-03-26 18:40 --------- d-----w C:\ProgramData\BOONTY
    2008-03-23 08:01 --------- d-----w C:\Program Files\Common Files\Symantec Shared
    2008-03-06 09:25 4,103,032 ----a-w C:\Windows\System32\SpoonUninstall.exe
    2008-02-29 06:51 19,000 ----a-w C:\Windows\System32\kd1394.dll
    2008-02-29 06:39 40,960 ----a-w C:\Windows\System32\srclient.dll
    2008-02-29 06:39 371,712 ----a-w C:\Windows\System32\srcore.dll
    2008-02-29 06:38 313,856 ----a-w C:\Windows\System32\rstrui.exe
    2008-02-29 06:38 16,384 ----a-w C:\Windows\System32\srdelayed.exe
    2008-02-29 06:35 6,656 ----a-w C:\Windows\System32\kbd106n.dll
    2008-02-29 06:34 7,168 ----a-w C:\Windows\System32\f3ahvoas.dll
    2008-02-29 04:16 2,027,008 ----a-w C:\Windows\System32\win32k.sys
    2008-02-21 16:49 43,520 ----a-w C:\Windows\System32\CmdLineExt03.dll
    2008-02-21 04:43 826,368 ----a-w C:\Windows\System32\wininet.dll
    2008-02-21 04:43 56,320 ----a-w C:\Windows\System32\iesetup.dll
    2008-02-21 04:43 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll
    2008-02-21 04:43 296,448 ----a-w C:\Windows\System32\gdi32.dll
    2008-02-21 04:43 26,624 ----a-w C:\Windows\System32\ieUnatt.exe
    2008-02-19 05:10 620,088 ----a-w C:\Windows\System32\ci.dll
    2008-01-21 08:40 1,132 ----a-w C:\Users\Valé\AppData\Roaming\wklnhst.dat
    2007-12-16 12:51 174 --sha-w C:\Program Files\desktop.ini
    2008-01-05 10:55 2,516 --sha-w C:\Windows\System32\KGyGaAvL.sys
    .

    ------- Sigcheck -------

    .
    ((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    REGEDIT4
    *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 12:34 5724184]
    "Sidebar"="C:\Program Files\windows sidebar\sidebar.exe" [2008-01-10 10:00 1232896]
    "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-05-12 22:01 68856]
    "RunSpySweeperScheduleAtStartup"="C:\Windows\system32\msfeedssync.exe" [2006-11-02 11:45 12288]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-03-28 23:37 413696]
    "avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-05-12 18:39 79224]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 12:35 90112]
    "Acer Tour Reminder"="C:\Acer\AcerTour\Reminder.exe" [2007-02-15 18:39 151552]

    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
    Outil de mise … jour Google.lnk - C:\Program Files\Google\Google Updater\GoogleUpdater.exe [2008-05-12 22:00:50 124400]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "msacm.mkdmp3enc"= C:\Acer\EMPOWE~1\eMode\PCM\Kernel\Burner\MKDMP3Enc.ACM

    [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Empowering Technology Launcher.lnk]
    path=C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Empowering Technology Launcher.lnk
    backup=C:\Windows\pss\Empowering Technology Launcher.lnk.CommonStartup
    backupExtension=.CommonStartup

    [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Lancement rapide d'Adobe Reader.lnk]
    path=C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Lancement rapide d'Adobe Reader.lnk
    backup=C:\Windows\pss\Lancement rapide d'Adobe Reader.lnk.CommonStartup
    backupExtension=.CommonStartup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acer Empowering Technology Monitor]
    --a------ 2007-01-24 10:27 319488 C:\Acer\Empowering Technology\SysMonitor.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acer Tour Reminder]
    --a------ 2007-02-15 18:39 151552 C:\Acer\AcerTour\Reminder.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Apanel]
    C:\ACERSW\config\NewSetApanel.cmd

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\avast!]
    --a------ 2008-05-12 18:39 79224 C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BrMfcWnd]
    --a------ 2006-11-24 21:20 622592 C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eDataSecurity Loader]
    --a------ 2007-02-07 00:04 464168 C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IndexSearch]
    --a------ 2005-03-17 20:30 40960 C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Installation Diagnostics]
    --a------ 2006-11-04 11:52 126976 C:\Program Files\Brother\Brmfl06a\Brinstck.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OPTENET_GUI]
    --a------ 2006-12-20 11:14 404536 C:\PROGRA~1\CONTRO~1\bin\optgui.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ORAHSSSessionManager]
    --a------ 2007-07-24 20:03 102400 C:\Program Files\Orange HSS\SessionManager\SessionManager.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PaperPort PTD]
    --a------ 2005-03-17 20:17 57393 C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCMService]
    --a------ 2007-01-12 21:24 151552 C:\Acer\Empowering Technology\eMode\PCM\PCMService.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RtHDVCpl]
    --a------ 2007-03-23 13:04 4423680 C:\Windows\RtHDVCpl.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SetDefPrt]
    --a------ 2006-09-25 15:00 49152 C:\Program Files\Brother\Brmfl06a\BrStDvPt.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sidebar]
    --a------ 2008-01-10 10:00 1232896 C:\Program Files\Windows Sidebar\sidebar.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSBkgdUpdate]
    -ra------ 2003-10-14 11:22 155648 C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SystrayORAHSS]
    --a------ 2007-07-24 20:55 94208 C:\Program Files\Orange HSS\Systray\SystrayApp.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WarReg_PopUp]
    --a------ 2006-11-05 21:48 57344 C:\Acer\WR_PopUp\WarReg_PopUp.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
    --a------ 2007-12-16 08:18 1006264 C:\Program Files\Windows Defender\MSASCui.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
    "DisableMonitoring"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
    "DisableMonitoring"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
    "DisableMonitoring"=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
    "{27A992E8-3191-4058-BDC4-1321D34A3BBD}"= UDP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
    "{825364F4-5206-4106-9837-CCC9FB893293}"= TCP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
    "{7544676B-122D-44D9-B6F1-22A42CF36183}"= UDP:C:\Acer\Empowering Technology\eMode\PCM\PCMService.exe:CyberLink PowerCinema Resident Program
    "{1A18564B-6511-4C7F-B95E-0AD529D9AAFD}"= TCP:C:\Acer\Empowering Technology\eMode\PCM\PCMService.exe:CyberLink PowerCinema Resident Program
    "{EFE8DCAE-7635-4074-8040-2F5EFE92AEF2}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
    "TCP Query User{CC2F451E-58E2-4CEB-9778-9889EF6753B5}C:\\program files\\internet explorer\\iexplore.exe"= UDP:C:\program files\internet explorer\iexplore.exe:Internet Explorer
    "UDP Query User{A092B5EF-2A9E-457D-AFDD-83032F337ECE}C:\\program files\\internet explorer\\iexplore.exe"= TCP:C:\program files\internet explorer\iexplore.exe:Internet Explorer
    "TCP Query User{D25745B1-95F3-4832-A669-FF44238389F0}C:\\program files\\emule\\emule.exe"= UDP:C:\program files\emule\emule.exe:eMule
    "UDP Query User{9EF2A851-2043-44C5-96F7-13B14F4D4751}C:\\program files\\emule\\emule.exe"= TCP:C:\program files\emule\emule.exe:eMule
    "TCP Query User{0D88BB8A-3781-421D-90A8-4A0A17CCE82C}C:\\users\\valé\\desktop\\emule.exe"= UDP:C:\users\valé\desktop\emule.exe:emule.exe
    "UDP Query User{E28ED3C4-CBEC-4878-B4A3-4C80FBA2B731}C:\\users\\valé\\desktop\\emule.exe"= TCP:C:\users\valé\desktop\emule.exe:emule.exe
    "{FD296680-6964-4303-B774-A71048275A9B}"= UDP:C:\Program Files\LimeWire\LimeWire.exe:LimeWire
    "{74800000-A9BE-4677-A665-C95407F31A35}"= TCP:C:\Program Files\LimeWire\LimeWire.exe:LimeWire
    "TCP Query User{4000FA29-C2F3-483D-8770-8B6E182F43D7}C:\\program files\\microsoft games\\age of empires ii trial\\empires2.exe"= UDP:C:\program files\microsoft games\age of empires ii trial\empires2.exe:Age of Empires II
    "UDP Query User{C9ABFA1D-2067-48E1-93E5-C7A1C51B73F6}C:\\program files\\microsoft games\\age of empires ii trial\\empires2.exe"= TCP:C:\program files\microsoft games\age of empires ii trial\empires2.exe:Age of Empires II
    "TCP Query User{BEEBB5A9-D3D6-42D6-A8DD-7B32CDBE31B8}C:\\program files\\atari\\act of war - direct action\\actofwar.exe"= UDP:C:\program files\atari\act of war - direct action\actofwar.exe:ACTOFWAR
    "UDP Query User{433E1A6D-84ED-4539-B7FB-C420C3246243}C:\\program files\\atari\\act of war - direct action\\actofwar.exe"= TCP:C:\program files\atari\act of war - direct action\actofwar.exe:ACTOFWAR
    "{705A1F68-7AD4-457B-BA4C-CFB94991DF8A}"= Disabled:UDP:C:\Program Files\IncrediMail\bin\ImApp.exe:IncrediMail
    "{3A821033-8E50-41D1-81DC-94F818A78F94}"= Disabled:TCP:C:\Program Files\IncrediMail\bin\ImApp.exe:IncrediMail
    "{6B2C169B-6A3F-4D8C-9F33-F8B7C43AC420}"= Disabled:UDP:C:\Program Files\IncrediMail\bin\ImpCnt.exe:IncrediMail
    "{4A341FDE-7435-4EF9-BEF9-F3501FB00517}"= Disabled:TCP:C:\Program Files\IncrediMail\bin\ImpCnt.exe:IncrediMail
    "{B1EC8C9E-2ADA-4A2D-8DD3-581054046069}"= Disabled:UDP:C:\Program Files\IncrediMail\bin\IncMail.exe:IncrediMail
    "{6552E66E-61C9-4A58-A233-D649EFF1CCB4}"= Disabled:TCP:C:\Program Files\IncrediMail\bin\IncMail.exe:IncrediMail

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
    "DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
    "C:\\Program Files\\Orange HSS\\Connectivity\\ConnectivityManager.exe"= C:\Program Files\Orange HSS\Connectivity\ConnectivityManager.exe:*:enabled:CSS

    R0 AtiPcie;ATI PCI Express (3GIO) Filter;C:\Windows\system32\DRIVERS\AtiPcie.sys [2006-10-30 05:22]
    R0 PSDFilter;PSDFilter;C:\Windows\system32\DRIVERS\psdfilter.sys [2007-02-07 00:04]
    R0 PSDNServ;PSDNSERVER;C:\Windows\system32\drivers\PSDNServ.sys [2007-02-07 00:04]
    R0 psdvdisk;psdvdisk;C:\Windows\system32\drivers\psdvdisk.sys [2007-02-07 00:04]
    R1 aswSP;avast! Self Protection;C:\Windows\system32\drivers\aswSP.sys [2008-05-12 18:36]
    R2 aswFsBlk;aswFsBlk;C:\Windows\system32\DRIVERS\aswFsBlk.sys [2008-05-12 18:38]
    R2 aswMonFlt;aswMonFlt;C:\Windows\system32\DRIVERS\aswMonFlt.sys [2008-05-12 18:37]
    R3 atikmdag;atikmdag;C:\Windows\system32\DRIVERS\atikmdag.sys [2007-03-14 16:04]
    R3 PCASp50;PCASp50 NDIS Protocol Driver;C:\Windows\system32\Drivers\PCASp50.sys [2006-11-28 22:46]
    R3 yukonwlh;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk60x86.sys [2007-07-31 09:22]
    S3 Boonty Games;Boonty Games;"C:\Program Files\Common Files\BOONTY Shared\Service\Boonty.exe" [2008-05-05 19:51]
    S3 PCAMp50;PCAMp50 NDIS Protocol Driver;C:\Windows\system32\Drivers\PCAMp50.sys [2006-11-28 22:46]
    S4 eDataSecurity Service;eDSService.exe;"C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe" [2007-02-07 00:04]
    S4 OPTENET_FILTER;Orange Contrôle Parental;C:\Program Files\Controle Parental\bin\optproxy.exe [2006-12-21 20:15]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a7e75b1e-1381-11dd-b847-001c2531a75a}]
    \shell\Auto\command - cmd /C launch.bat
    \shell\AutoRun\command - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL cmd /C launch.bat

    .
    Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
    "2008-05-15 13:36:11 C:\Windows\Tasks\User_Feed_Synchronization-{86D4E83F-E95F-4147-B654-0255350728CB}.job"
    - C:\Windows\system32\msfeedssync.exe
    .
    **************************************************************************

    catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-05-15 15:58:34
    Windows 6.0.6000 NTFS

    Balayage processus cachés ...

    Balayage caché autostart entries ...

    HKCU\Software\Microsoft\Windows\CurrentVersion\Run
    msnmsgr = "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background??s

    Balayage des fichiers cachés ...


    C:\Users\Valé\AppData\Local\Microsoft\Messenger\rachel-79@hotmail.fr\SharingMetadata\Working\database_4E28_26DB_2826_C1B7\$db_clean$ 0 bytes

    Scan terminé avec succès
    Les fichiers cachés: 1

    **************************************************************************
    .
    --------------------- DLLs a chargé sous des processus courants ---------------------

    PROCESS: C:\Windows\system32\winlogon.exe
    -> C:\PROGRA~1\KASPER~1\KASPER~1.0\r3hook.dll

    PROCESS: C:\Windows\system32\lsass.exe
    -> C:\PROGRA~1\KASPER~1\KASPER~1.0\r3hook.dll
    -> C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\dnsq.dll
    .
    Temps d'accomplissement: 2008-05-15 16:01:05
    ComboFix-quarantined-files.txt 2008-05-15 14:00:58

    Le texte du message associé au numéro 0x2379 est introuvable dans le fichier de messages pour Application.
    Le texte du message associé au numéro 0x2379 est introuvable dans le fichier de messages pour Application.

    229 --- E O F --- 2008-05-14 21:30:41
    Contenus similaires
    a b 8 Sécurité
    15 Mai 2008 17:59:33

    Re,

    Télécharge MalwareByte's Anti-Malware sur ton Bureau.
    Installe-le en double-cliquant sur le fichier Download_mbam-setup.exe.

    Une fois l'installation et la mise à jour effectuées, redémarre en mode sans échec.
    AIDE : Redémarrer en mode sans échec

  • Exécute maintenant MalwareByte's Anti-Malware. Si cela n'est pas déjà fait, sélectionne "Exécuter un examen complet".
  • Afin de lancer la recherche, clic sur"Rechercher".
  • Une fois le scan terminé, une fenêtre s'ouvre, clic sur OK. Deux possibilités s'offrent à toi :
    -- si le programme n'a rien trouvé, appuie sur OK. Un rapport va apparaître, ferme-le.
    -- si des infections sont présentes, clic sur "Afficher les résultats" puis sur "Supprimer la sélection". Enregistre le rapport sur ton Bureau afin de le poster dans ta prochaine réponse.
    [#ff0000]REMARQUE : Si MalwareByte's Anti-Malware a besoin de redémarrer pour terminer la suppression, accepte en cliquant sur Ok.[/#f]

    AIDE : Tuto en images sur MBAM
    Anonyme
    15 Mai 2008 20:47:05

    ok le Malwarebyte's Anti-Malware est en route et il a deja trouver 2 éléments infectés, je te donne le rapport dés que c'est fini.
    a b 8 Sécurité
    15 Mai 2008 20:55:22

    No problem ;) 
    Anonyme
    15 Mai 2008 21:41:54

    re voila le rapport :

    Malwarebytes' Anti-Malware 1.12
    Version de la base de données: 752

    Type de recherche: Examen complet (C:\|D:\|)
    Eléments examinés: 130017
    Temps écoulé: 16 minute(s), 43 second(s)

    Processus mémoire infecté(s): 0
    Module(s) mémoire infecté(s): 0
    Clé(s) du Registre infectée(s): 8
    Valeur(s) du Registre infectée(s): 0
    Elément(s) de données du Registre infecté(s): 0
    Dossier(s) infecté(s): 5
    Fichier(s) infecté(s): 14

    Processus mémoire infecté(s):
    (Aucun élément nuisible détecté)

    Module(s) mémoire infecté(s):
    (Aucun élément nuisible détecté)

    Clé(s) du Registre infectée(s):
    HKEY_CURRENT_USER\Software\Mirar (AdWare.Mirar) -> No action taken.
    HKEY_CURRENT_USER\Software\PlayMP3 (Adware.PlayMP3Z) -> No action taken.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\PlayMP3 (Adware.PlayMP3Z) -> No action taken.
    HKEY_CURRENT_USER\Software\FBrowsingAdvisor (Trojan.FBrowsingAdvisor) -> No action taken.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\fbrowsingadvisor_is1 (Trojan.FBrowsingAdvisor) -> No action taken.
    HKEY_CURRENT_USER\Software\Microsoft\affri (Malware.Trace) -> No action taken.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\winvi (Adware.SoftMate) -> No action taken.
    HKEY_CURRENT_USER\Software\winvi (Adware.SoftMate) -> No action taken.

    Valeur(s) du Registre infectée(s):
    (Aucun élément nuisible détecté)

    Elément(s) de données du Registre infecté(s):
    (Aucun élément nuisible détecté)

    Dossier(s) infecté(s):
    C:\Program Files\winvi (Adware.SoftMate) -> No action taken.
    C:\Program Files\winvi\dsktp (Adware.SoftMate) -> No action taken.
    C:\Program Files\FBrowsingAdvisor (Trojan.FBrowsingAdvisor) -> No action taken.
    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PlayMP3z (Adware.PlayMP3Z) -> No action taken.
    C:\Users\Valé\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PlayMP3z (Adware.PlayMP3Z) -> No action taken.

    Fichier(s) infecté(s):
    C:\regxpcom.exe (Trojan.FBrowsingAdvisor) -> No action taken.
    C:\Program Files\FBrowsingAdvisor\XPCOMEvents.dll (Trojan.FBrowsingAdvisor) -> No action taken.
    C:\Program Files\winvi\Uninst.exe (Adware.SoftMate) -> No action taken.
    C:\Program Files\winvi\version.ini (Adware.SoftMate) -> No action taken.
    C:\Program Files\winvi\dsktp\AC_RunActiveContent.js (Adware.SoftMate) -> No action taken.
    C:\Program Files\winvi\dsktp\desktop.html (Adware.SoftMate) -> No action taken.
    C:\Program Files\winvi\dsktp\internetDetection.swf (Adware.SoftMate) -> No action taken.
    C:\Program Files\winvi\dsktp\settings.sol (Adware.SoftMate) -> No action taken.
    C:\Program Files\FBrowsingAdvisor\IXPCOMEvents.xpt (Trojan.FBrowsingAdvisor) -> No action taken.
    C:\Program Files\FBrowsingAdvisor\Logo.png (Trojan.FBrowsingAdvisor) -> No action taken.
    C:\Program Files\FBrowsingAdvisor\main.db (Trojan.FBrowsingAdvisor) -> No action taken.
    C:\Program Files\FBrowsingAdvisor\unins000.dat (Trojan.FBrowsingAdvisor) -> No action taken.
    C:\Program Files\FBrowsingAdvisor\unins000.exe (Trojan.FBrowsingAdvisor) -> No action taken.
    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PlayMP3z\Run PlayMP3z.lnk (Adware.PlayMP3Z) -> No action taken.
    Anonyme
    16 Mai 2008 09:51:18

    salut angeldark !
    j'ai refait un malwarebytes ce matin et voila le resultat :
    Malwarebytes' Anti-Malware 1.12
    Version de la base de données: 755

    Type de recherche: Examen complet (C:\|D:\|)
    Eléments examinés: 132926
    Temps écoulé: 24 minute(s), 29 second(s)

    Processus mémoire infecté(s): 0
    Module(s) mémoire infecté(s): 0
    Clé(s) du Registre infectée(s): 0
    Valeur(s) du Registre infectée(s): 0
    Elément(s) de données du Registre infecté(s): 0
    Dossier(s) infecté(s): 0
    Fichier(s) infecté(s): 0

    Processus mémoire infecté(s):
    (Aucun élément nuisible détecté)

    Module(s) mémoire infecté(s):
    (Aucun élément nuisible détecté)

    Clé(s) du Registre infectée(s):
    (Aucun élément nuisible détecté)

    Valeur(s) du Registre infectée(s):
    (Aucun élément nuisible détecté)

    Elément(s) de données du Registre infecté(s):
    (Aucun élément nuisible détecté)

    Dossier(s) infecté(s):
    (Aucun élément nuisible détecté)

    Fichier(s) infecté(s):
    (Aucun élément nuisible détecté)
    a b 8 Sécurité
    16 Mai 2008 12:07:16

    Reposte un rapport Hijackthis.
    Anonyme
    16 Mai 2008 13:06:35

    re,

    voila le nouveau rapport de hijackthis:



    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 13:07:53, on 16/05/2008
    Platform: Windows Vista (WinNT 6.00.1904)
    MSIE: Internet Explorer v7.00 (7.00.6000.16643)
    Boot mode: Normal

    Running processes:
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Program Files\Alwil Software\Avast4\ashDisp.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Windows\system32\taskeng.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Windows\system32\wbem\unsecapp.exe
    C:\Windows\System32\mobsync.exe
    C:\Program Files\Windows Live\Messenger\msnmsgr.exe
    C:\Program Files\Orange HSS\Launcher\Launcher.exe
    C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\AlertModule\0\AlertModule.exe
    C:\Program Files\Orange HSS\connectivity\connectivitymanager.exe
    C:\Program Files\Orange HSS\systray\systrayapp.exe
    C:\Program Files\Orange HSS\Deskboard\deskboard.exe
    C:\Program Files\Orange HSS\connectivity\CoreCom\CoreCom.exe
    C:\Program Files\Orange HSS\connectivity\CoreCom\OraConfigRecover.exe
    C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\FTCOMModule\0\FTCOMModule.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Google\Google Updater\GoogleUpdater.exe
    C:\Program Files\Orange HSS\browser\browser.exe
    C:\Users\Valé\Desktop\anti-virus\HiJackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.01net.com/telecharger/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.01net.com/telecharger/
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    O1 - Hosts: ::1 localhost
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: EoRezoBHO - {64F56FC1-1272-44CD-BA6E-39723696E350} - C:\Program Files\EoRezo\EoAdv\EoRezoBHO.dll (file missing)
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
    O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\system32\eDStoolbar.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
    O4 - HKCU\..\Run: [Sidebar] "C:\Program Files\windows sidebar\sidebar.exe" /autoRun
    O4 - HKCU\..\Run: [RunSpySweeperScheduleAtStartup] "C:\Windows\system32\msfeedssync.exe" /ScheduleSweep=User_Feed_Synchronization-{86D4E83F-E95F-4147-B654-0255350728CB}
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKUS\S-1-5-18\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (User 'SYSTEM')
    O4 - HKUS\S-1-5-18\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (User 'Default user')
    O4 - Global Startup: Outil de mise à jour Google.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
    O9 - Extra button: (no name) - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - (no file)
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
    O13 - Gopher Prefix:
    O15 - Trusted Zone: http://www.orange.fr
    O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    O23 - Service: Boonty Games - BOONTY - C:\Program Files\Common Files\BOONTY Shared\Service\Boonty.exe
    O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

    --
    End of file - 6370 bytes
    a b 8 Sécurité
    16 Mai 2008 18:19:49

    Refais un scan Combofix on termine.
    Anonyme
    17 Mai 2008 19:11:41

    re salut je te met le resultat de Combofix, mais avant je veux te demander qu'elle anti-virus gratuit je peut mettre pour eviter tout ca.merci


    ComboFix 08-05-12.1 - Valé 2008-05-17 19:01:17.2 - NTFSx86
    Endroit: C:\Users\Valé\Desktop\anti-virus\ComboFix.exe
    .

    ((((((((((((((((((((((((((((( Fichiers créés 2008-04-17 to 2008-05-17 ))))))))))))))))))))))))))))))))))))
    .

    Pas de nouveau fichier créé dans cet espace de temps

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-05-17 17:05 4,194,304 --sha-w C:\Users\Valé\ntuser.dat
    2008-05-17 17:05 4,194,304 --sha-w C:\Users\Valé\ntuser.dat
    2008-05-17 11:40 --------- d-----w C:\ProgramData\Google Updater
    2008-05-17 10:04 2,097,152 --sha-w C:\Users\Invité\ntuser.dat
    2008-05-17 10:04 2,097,152 --sha-w C:\Users\Invité\ntuser.dat
    2008-05-16 09:40 --------- d-----w C:\Program Files\Google
    2008-05-15 18:23 --------- d-----w C:\Users\Valé\AppData\Roaming\Malwarebytes
    2008-05-15 18:22 --------- d-----w C:\ProgramData\Malwarebytes
    2008-05-15 18:22 --------- d-----w C:\Program Files\Malwarebytes' Anti-Malware
    2008-05-14 21:30 --------- d-----w C:\ProgramData\Microsoft Help
    2008-05-14 21:30 --------- d-----w C:\Program Files\Windows Mail
    2008-05-14 18:03 164 ----a-w C:\install.dat
    2008-05-14 07:38 1,495,112 ----a-w C:\Users\Valé\install_flash_player.exe
    2008-05-14 07:38 1,495,112 ----a-w C:\Users\Valé\install_flash_player.exe
    2008-05-13 21:28 --------- d-----w C:\ProgramData\ESET
    2008-05-13 21:20 --------- d-----w C:\Program Files\Navilog1
    2008-05-13 18:27 --------- d---a-w C:\ProgramData\TEMP
    2008-05-13 06:00 --------- d-----w C:\ProgramData\Prevx
    2008-05-13 05:00 --------- d-----w C:\Program Files\Common Files\Panda Software
    2008-05-12 16:37 50,768 ----a-w C:\Windows\system32\drivers\aswMonFlt.sys
    2008-05-11 16:39 --------- d-----w C:\Users\Valé\AppData\Roaming\Mozilla
    2008-05-05 18:46 27,048 ----a-w C:\Windows\system32\drivers\mbamcatchme.sys
    2008-05-05 18:46 15,864 ----a-w C:\Windows\system32\drivers\mbam.sys
    2008-05-05 17:51 --------- d-----w C:\Program Files\Common Files\BOONTY Shared
    2008-04-30 19:23 --------- d-----w C:\Program Files\Microsoft Games
    2008-04-28 19:25 --------- d--h--w C:\Program Files\InstallShield Installation Information
    2008-04-25 10:10 --------- d-----w C:\ProgramData\GamesBar
    2008-04-21 17:45 --------- d-----w C:\ProgramData\Oberon Media
    2008-04-21 08:32 --------- d-----w C:\ProgramData\Logishrd
    2008-04-21 08:32 --------- d-----w C:\Program Files\Common Files\LogiShrd
    2008-04-19 19:49 --------- d-----w C:\Users\Valé\AppData\Roaming\LimeWire
    2008-04-17 11:24 --------- d-----w C:\Program Files\Common Files\Oberon Media
    2008-04-17 09:29 --------- d-----w C:\ProgramData\Apple Computer
    2008-04-17 07:35 --------- d-----w C:\Users\Valé\AppData\Roaming\Apple Computer
    2008-04-17 07:33 --------- d-----w C:\Program Files\QuickTime
    2008-04-17 07:27 --------- d-----w C:\Program Files\Common Files\Apple
    2008-04-17 07:25 --------- d-----w C:\ProgramData\Apple
    2008-04-17 07:25 --------- d-----w C:\Program Files\Apple Software Update
    2008-04-13 16:49 --------- d-----w C:\Users\Valé\AppData\Roaming\DeepBurner
    2008-04-12 09:25 --------- d-----w C:\Users\Valé\AppData\Roaming\PlayFirst
    2008-04-12 09:25 --------- d-----w C:\ProgramData\PlayFirst
    2008-04-11 12:18 --------- d-----w C:\ProgramData\MumboJumbo
    2008-04-01 19:25 --------- d-----w C:\ProgramData\WLInstaller
    2008-04-01 19:24 --------- d-s---w C:\Users\Valé\AppData\Roaming\Microsoft
    2008-03-27 14:16 15,872 ------w C:\Windows\System32\winskfr.dll
    2008-03-27 11:18 --------- d-----w C:\Program Files\Common Files\PX Storage Engine
    2008-03-26 18:40 --------- d-----w C:\ProgramData\BOONTY
    2008-03-23 08:01 --------- d-----w C:\Program Files\Common Files\Symantec Shared
    2008-03-06 09:25 4,103,032 ----a-w C:\Windows\System32\SpoonUninstall.exe
    2008-02-29 06:51 19,000 ----a-w C:\Windows\System32\kd1394.dll
    2008-02-29 06:39 40,960 ----a-w C:\Windows\System32\srclient.dll
    2008-02-29 06:39 371,712 ----a-w C:\Windows\System32\srcore.dll
    2008-02-29 06:38 313,856 ----a-w C:\Windows\System32\rstrui.exe
    2008-02-29 06:38 16,384 ----a-w C:\Windows\System32\srdelayed.exe
    2008-02-29 06:35 6,656 ----a-w C:\Windows\System32\kbd106n.dll
    2008-02-29 06:34 7,168 ----a-w C:\Windows\System32\f3ahvoas.dll
    2008-02-29 04:16 2,027,008 ----a-w C:\Windows\System32\win32k.sys
    2008-02-21 16:49 43,520 ----a-w C:\Windows\System32\CmdLineExt03.dll
    2008-02-21 04:43 826,368 ----a-w C:\Windows\System32\wininet.dll
    2008-02-21 04:43 56,320 ----a-w C:\Windows\System32\iesetup.dll
    2008-02-21 04:43 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll
    2008-02-21 04:43 296,448 ----a-w C:\Windows\System32\gdi32.dll
    2008-02-21 04:43 26,624 ----a-w C:\Windows\System32\ieUnatt.exe
    2008-02-19 05:10 620,088 ----a-w C:\Windows\System32\ci.dll
    2008-01-21 08:40 1,132 ----a-w C:\Users\Valé\AppData\Roaming\wklnhst.dat
    2007-12-16 12:51 174 --sha-w C:\Program Files\desktop.ini
    2008-01-05 10:55 2,516 --sha-w C:\Windows\System32\KGyGaAvL.sys
    .

    ------- Sigcheck -------

    .
    ((((((((((((((((((((((((((((( snapshot@2008-05-15_16.00.17,55 )))))))))))))))))))))))))))))))))))))))))
    .
    - 2008-05-15 07:35:36 67,584 --s-a-w C:\Windows\bootstat.dat
    + 2008-05-17 06:59:35 67,584 --s-a-w C:\Windows\bootstat.dat
    - 2008-05-15 07:35:38 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
    + 2008-05-17 06:59:36 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
    - 2008-05-15 07:35:38 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
    + 2008-05-17 06:59:36 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
    - 2008-04-20 11:27:10 16,384 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    + 2008-05-16 09:00:01 16,384 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    - 2008-04-20 11:27:10 32,768 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
    + 2008-05-16 09:00:01 32,768 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
    - 2008-04-20 11:27:10 16,384 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    + 2008-05-16 09:00:01 16,384 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    - 2008-05-15 07:39:28 1,572,864 --sha-w C:\Windows\ServiceProfiles\LocalService\ntuser.dat
    + 2008-05-17 12:29:41 1,572,864 --sha-w C:\Windows\ServiceProfiles\LocalService\ntuser.dat
    - 2008-05-15 07:39:19 1,572,864 --sha-w C:\Windows\ServiceProfiles\NetworkService\ntuser.dat
    + 2008-05-17 07:01:35 1,572,864 --sha-w C:\Windows\ServiceProfiles\NetworkService\ntuser.dat
    - 2008-05-15 13:55:31 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    + 2008-05-17 15:51:01 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    - 2008-05-15 13:55:31 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
    + 2008-05-17 15:51:01 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
    - 2008-05-15 13:55:31 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    + 2008-05-17 15:51:01 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    - 2008-04-06 05:56:20 19,836,024 ----a-w C:\Windows\System32\mrt.exe
    + 2008-05-09 21:35:04 16,863,864 ----a-w C:\Windows\System32\mrt.exe
    - 2008-05-15 07:40:23 9,628 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1268637173-3409073900-2464634042-1000_UserData.bin
    + 2008-05-17 07:01:59 9,812 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1268637173-3409073900-2464634042-1000_UserData.bin
    - 2008-05-15 07:40:23 60,446 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
    + 2008-05-17 07:01:59 60,478 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
    - 2008-05-15 07:26:32 2,554 ----a-w C:\Windows\System32\WDI\ERCQueuedResolutions.dat
    + 2008-05-15 18:25:38 2,554 ----a-w C:\Windows\System32\WDI\ERCQueuedResolutions.dat
    - 2008-05-15 07:39:37 59,954 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
    + 2008-05-17 07:01:57 60,034 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
    .
    -- Snapshot reset to current date --
    .
    ((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    REGEDIT4
    *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 12:34 5724184]
    "Sidebar"="C:\Program Files\windows sidebar\sidebar.exe" [2008-01-10 10:00 1232896]
    "RunSpySweeperScheduleAtStartup"="C:\Windows\system32\msfeedssync.exe" [2006-11-02 11:45 12288]
    "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-05-16 11:40 68856]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-03-28 23:37 413696]
    "avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-05-12 18:39 79224]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 12:35 90112]
    "Acer Tour Reminder"="C:\Acer\AcerTour\Reminder.exe" [2007-02-15 18:39 151552]

    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
    Outil de mise … jour Google.lnk - C:\Program Files\Google\Google Updater\GoogleUpdater.exe [2008-05-16 11:40:42 124400]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "msacm.mkdmp3enc"= C:\Acer\EMPOWE~1\eMode\PCM\Kernel\Burner\MKDMP3Enc.ACM

    [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Empowering Technology Launcher.lnk]
    path=C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Empowering Technology Launcher.lnk
    backup=C:\Windows\pss\Empowering Technology Launcher.lnk.CommonStartup
    backupExtension=.CommonStartup

    [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Lancement rapide d'Adobe Reader.lnk]
    path=C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Lancement rapide d'Adobe Reader.lnk
    backup=C:\Windows\pss\Lancement rapide d'Adobe Reader.lnk.CommonStartup
    backupExtension=.CommonStartup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acer Empowering Technology Monitor]
    --a------ 2007-01-24 10:27 319488 C:\Acer\Empowering Technology\SysMonitor.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acer Tour Reminder]
    --a------ 2007-02-15 18:39 151552 C:\Acer\AcerTour\Reminder.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Apanel]
    C:\ACERSW\config\NewSetApanel.cmd

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\avast!]
    --a------ 2008-05-12 18:39 79224 C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BrMfcWnd]
    --a------ 2006-11-24 21:20 622592 C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eDataSecurity Loader]
    --a------ 2007-02-07 00:04 464168 C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IndexSearch]
    --a------ 2005-03-17 20:30 40960 C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Installation Diagnostics]
    --a------ 2006-11-04 11:52 126976 C:\Program Files\Brother\Brmfl06a\Brinstck.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OPTENET_GUI]
    --a------ 2006-12-20 11:14 404536 C:\PROGRA~1\CONTRO~1\bin\optgui.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ORAHSSSessionManager]
    --a------ 2007-07-24 20:03 102400 C:\Program Files\Orange HSS\SessionManager\SessionManager.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PaperPort PTD]
    --a------ 2005-03-17 20:17 57393 C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCMService]
    --a------ 2007-01-12 21:24 151552 C:\Acer\Empowering Technology\eMode\PCM\PCMService.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RtHDVCpl]
    --a------ 2007-03-23 13:04 4423680 C:\Windows\RtHDVCpl.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SetDefPrt]
    --a------ 2006-09-25 15:00 49152 C:\Program Files\Brother\Brmfl06a\BrStDvPt.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sidebar]
    --a------ 2008-01-10 10:00 1232896 C:\Program Files\Windows Sidebar\sidebar.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSBkgdUpdate]
    -ra------ 2003-10-14 11:22 155648 C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SystrayORAHSS]
    --a------ 2007-07-24 20:55 94208 C:\Program Files\Orange HSS\Systray\SystrayApp.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WarReg_PopUp]
    --a------ 2006-11-05 21:48 57344 C:\Acer\WR_PopUp\WarReg_PopUp.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
    --a------ 2007-12-16 08:18 1006264 C:\Program Files\Windows Defender\MSASCui.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
    "DisableMonitoring"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
    "DisableMonitoring"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
    "DisableMonitoring"=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
    "{27A992E8-3191-4058-BDC4-1321D34A3BBD}"= UDP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
    "{825364F4-5206-4106-9837-CCC9FB893293}"= TCP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
    "{7544676B-122D-44D9-B6F1-22A42CF36183}"= UDP:C:\Acer\Empowering Technology\eMode\PCM\PCMService.exe:CyberLink PowerCinema Resident Program
    "{1A18564B-6511-4C7F-B95E-0AD529D9AAFD}"= TCP:C:\Acer\Empowering Technology\eMode\PCM\PCMService.exe:CyberLink PowerCinema Resident Program
    "{EFE8DCAE-7635-4074-8040-2F5EFE92AEF2}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
    "TCP Query User{CC2F451E-58E2-4CEB-9778-9889EF6753B5}C:\\program files\\internet explorer\\iexplore.exe"= UDP:C:\program files\internet explorer\iexplore.exe:Internet Explorer
    "UDP Query User{A092B5EF-2A9E-457D-AFDD-83032F337ECE}C:\\program files\\internet explorer\\iexplore.exe"= TCP:C:\program files\internet explorer\iexplore.exe:Internet Explorer
    "TCP Query User{D25745B1-95F3-4832-A669-FF44238389F0}C:\\program files\\emule\\emule.exe"= UDP:C:\program files\emule\emule.exe:eMule
    "UDP Query User{9EF2A851-2043-44C5-96F7-13B14F4D4751}C:\\program files\\emule\\emule.exe"= TCP:C:\program files\emule\emule.exe:eMule
    "TCP Query User{0D88BB8A-3781-421D-90A8-4A0A17CCE82C}C:\\users\\valé\\desktop\\emule.exe"= UDP:C:\users\valé\desktop\emule.exe:emule.exe
    "UDP Query User{E28ED3C4-CBEC-4878-B4A3-4C80FBA2B731}C:\\users\\valé\\desktop\\emule.exe"= TCP:C:\users\valé\desktop\emule.exe:emule.exe
    "{FD296680-6964-4303-B774-A71048275A9B}"= UDP:C:\Program Files\LimeWire\LimeWire.exe:LimeWire
    "{74800000-A9BE-4677-A665-C95407F31A35}"= TCP:C:\Program Files\LimeWire\LimeWire.exe:LimeWire
    "TCP Query User{4000FA29-C2F3-483D-8770-8B6E182F43D7}C:\\program files\\microsoft games\\age of empires ii trial\\empires2.exe"= UDP:C:\program files\microsoft games\age of empires ii trial\empires2.exe:Age of Empires II
    "UDP Query User{C9ABFA1D-2067-48E1-93E5-C7A1C51B73F6}C:\\program files\\microsoft games\\age of empires ii trial\\empires2.exe"= TCP:C:\program files\microsoft games\age of empires ii trial\empires2.exe:Age of Empires II
    "TCP Query User{BEEBB5A9-D3D6-42D6-A8DD-7B32CDBE31B8}C:\\program files\\atari\\act of war - direct action\\actofwar.exe"= UDP:C:\program files\atari\act of war - direct action\actofwar.exe:ACTOFWAR
    "UDP Query User{433E1A6D-84ED-4539-B7FB-C420C3246243}C:\\program files\\atari\\act of war - direct action\\actofwar.exe"= TCP:C:\program files\atari\act of war - direct action\actofwar.exe:ACTOFWAR
    "{705A1F68-7AD4-457B-BA4C-CFB94991DF8A}"= Disabled:UDP:C:\Program Files\IncrediMail\bin\ImApp.exe:IncrediMail
    "{3A821033-8E50-41D1-81DC-94F818A78F94}"= Disabled:TCP:C:\Program Files\IncrediMail\bin\ImApp.exe:IncrediMail
    "{6B2C169B-6A3F-4D8C-9F33-F8B7C43AC420}"= Disabled:UDP:C:\Program Files\IncrediMail\bin\ImpCnt.exe:IncrediMail
    "{4A341FDE-7435-4EF9-BEF9-F3501FB00517}"= Disabled:TCP:C:\Program Files\IncrediMail\bin\ImpCnt.exe:IncrediMail
    "{B1EC8C9E-2ADA-4A2D-8DD3-581054046069}"= Disabled:UDP:C:\Program Files\IncrediMail\bin\IncMail.exe:IncrediMail
    "{6552E66E-61C9-4A58-A233-D649EFF1CCB4}"= Disabled:TCP:C:\Program Files\IncrediMail\bin\IncMail.exe:IncrediMail

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
    "DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
    "C:\\Program Files\\Orange HSS\\Connectivity\\ConnectivityManager.exe"= C:\Program Files\Orange HSS\Connectivity\ConnectivityManager.exe:*:enabled:CSS

    R0 AtiPcie;ATI PCI Express (3GIO) Filter;C:\Windows\system32\DRIVERS\AtiPcie.sys [2006-10-30 05:22]
    R0 PSDFilter;PSDFilter;C:\Windows\system32\DRIVERS\psdfilter.sys [2007-02-07 00:04]
    R0 PSDNServ;PSDNSERVER;C:\Windows\system32\drivers\PSDNServ.sys [2007-02-07 00:04]
    R0 psdvdisk;psdvdisk;C:\Windows\system32\drivers\psdvdisk.sys [2007-02-07 00:04]
    R1 aswSP;avast! Self Protection;C:\Windows\system32\drivers\aswSP.sys [2008-05-12 18:36]
    R2 aswFsBlk;aswFsBlk;C:\Windows\system32\DRIVERS\aswFsBlk.sys [2008-05-12 18:38]
    R2 aswMonFlt;aswMonFlt;C:\Windows\system32\DRIVERS\aswMonFlt.sys [2008-05-12 18:37]
    R3 atikmdag;atikmdag;C:\Windows\system32\DRIVERS\atikmdag.sys [2007-03-14 16:04]
    R3 PCASp50;PCASp50 NDIS Protocol Driver;C:\Windows\system32\Drivers\PCASp50.sys [2006-11-28 22:46]
    R3 yukonwlh;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk60x86.sys [2007-07-31 09:22]
    S3 Boonty Games;Boonty Games;"C:\Program Files\Common Files\BOONTY Shared\Service\Boonty.exe" [2008-05-05 19:51]
    S3 PCAMp50;PCAMp50 NDIS Protocol Driver;C:\Windows\system32\Drivers\PCAMp50.sys [2006-11-28 22:46]
    S4 eDataSecurity Service;eDSService.exe;"C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe" [2007-02-07 00:04]
    S4 OPTENET_FILTER;Orange Contrôle Parental;C:\Program Files\Controle Parental\bin\optproxy.exe [2006-12-21 20:15]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a7e75b1e-1381-11dd-b847-001c2531a75a}]
    \shell\Auto\command - cmd /C launch.bat
    \shell\AutoRun\command - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL cmd /C launch.bat

    .
    Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
    "2008-05-17 15:59:12 C:\Windows\Tasks\User_Feed_Synchronization-{86D4E83F-E95F-4147-B654-0255350728CB}.job"
    - C:\Windows\system32\msfeedssync.exe
    .
    **************************************************************************

    catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-05-17 19:05:44
    Windows 6.0.6000 NTFS

    Balayage processus cachés ...

    Balayage caché autostart entries ...

    HKCU\Software\Microsoft\Windows\CurrentVersion\Run
    msnmsgr = "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background??s

    Balayage des fichiers cachés ...

    Scan terminé avec succès
    Les fichiers cachés: 0

    **************************************************************************
    .
    --------------------- DLLs a chargé sous des processus courants ---------------------

    PROCESS: C:\Windows\Explorer.exe
    -> ?:\Windows\system32\iertutil.dll
    .
    Temps d'accomplissement: 2008-05-17 19:07:17
    ComboFix-quarantined-files.txt 2008-05-17 17:06:50
    ComboFix2.txt 2008-05-15 14:01:06

    Le texte du message associé au numéro 0x2379 est introuvable dans le fichier de messages pour Application.
    Le texte du message associé au numéro 0x2379 est introuvable dans le fichier de messages pour Application.

    262 --- E O F --- 2008-05-17 08:38:46
    Anonyme
    17 Mai 2008 19:11:58

    re salut je te met le resultat de Combofix, mais avant je veux te demander qu'elle anti-virus gratuit je peut mettre pour eviter tout ca.merci


    ComboFix 08-05-12.1 - Valé 2008-05-17 19:01:17.2 - NTFSx86
    Endroit: C:\Users\Valé\Desktop\anti-virus\ComboFix.exe
    .

    ((((((((((((((((((((((((((((( Fichiers créés 2008-04-17 to 2008-05-17 ))))))))))))))))))))))))))))))))))))
    .

    Pas de nouveau fichier créé dans cet espace de temps

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-05-17 17:05 4,194,304 --sha-w C:\Users\Valé\ntuser.dat
    2008-05-17 17:05 4,194,304 --sha-w C:\Users\Valé\ntuser.dat
    2008-05-17 11:40 --------- d-----w C:\ProgramData\Google Updater
    2008-05-17 10:04 2,097,152 --sha-w C:\Users\Invité\ntuser.dat
    2008-05-17 10:04 2,097,152 --sha-w C:\Users\Invité\ntuser.dat
    2008-05-16 09:40 --------- d-----w C:\Program Files\Google
    2008-05-15 18:23 --------- d-----w C:\Users\Valé\AppData\Roaming\Malwarebytes
    2008-05-15 18:22 --------- d-----w C:\ProgramData\Malwarebytes
    2008-05-15 18:22 --------- d-----w C:\Program Files\Malwarebytes' Anti-Malware
    2008-05-14 21:30 --------- d-----w C:\ProgramData\Microsoft Help
    2008-05-14 21:30 --------- d-----w C:\Program Files\Windows Mail
    2008-05-14 18:03 164 ----a-w C:\install.dat
    2008-05-14 07:38 1,495,112 ----a-w C:\Users\Valé\install_flash_player.exe
    2008-05-14 07:38 1,495,112 ----a-w C:\Users\Valé\install_flash_player.exe
    2008-05-13 21:28 --------- d-----w C:\ProgramData\ESET
    2008-05-13 21:20 --------- d-----w C:\Program Files\Navilog1
    2008-05-13 18:27 --------- d---a-w C:\ProgramData\TEMP
    2008-05-13 06:00 --------- d-----w C:\ProgramData\Prevx
    2008-05-13 05:00 --------- d-----w C:\Program Files\Common Files\Panda Software
    2008-05-12 16:37 50,768 ----a-w C:\Windows\system32\drivers\aswMonFlt.sys
    2008-05-11 16:39 --------- d-----w C:\Users\Valé\AppData\Roaming\Mozilla
    2008-05-05 18:46 27,048 ----a-w C:\Windows\system32\drivers\mbamcatchme.sys
    2008-05-05 18:46 15,864 ----a-w C:\Windows\system32\drivers\mbam.sys
    2008-05-05 17:51 --------- d-----w C:\Program Files\Common Files\BOONTY Shared
    2008-04-30 19:23 --------- d-----w C:\Program Files\Microsoft Games
    2008-04-28 19:25 --------- d--h--w C:\Program Files\InstallShield Installation Information
    2008-04-25 10:10 --------- d-----w C:\ProgramData\GamesBar
    2008-04-21 17:45 --------- d-----w C:\ProgramData\Oberon Media
    2008-04-21 08:32 --------- d-----w C:\ProgramData\Logishrd
    2008-04-21 08:32 --------- d-----w C:\Program Files\Common Files\LogiShrd
    2008-04-19 19:49 --------- d-----w C:\Users\Valé\AppData\Roaming\LimeWire
    2008-04-17 11:24 --------- d-----w C:\Program Files\Common Files\Oberon Media
    2008-04-17 09:29 --------- d-----w C:\ProgramData\Apple Computer
    2008-04-17 07:35 --------- d-----w C:\Users\Valé\AppData\Roaming\Apple Computer
    2008-04-17 07:33 --------- d-----w C:\Program Files\QuickTime
    2008-04-17 07:27 --------- d-----w C:\Program Files\Common Files\Apple
    2008-04-17 07:25 --------- d-----w C:\ProgramData\Apple
    2008-04-17 07:25 --------- d-----w C:\Program Files\Apple Software Update
    2008-04-13 16:49 --------- d-----w C:\Users\Valé\AppData\Roaming\DeepBurner
    2008-04-12 09:25 --------- d-----w C:\Users\Valé\AppData\Roaming\PlayFirst
    2008-04-12 09:25 --------- d-----w C:\ProgramData\PlayFirst
    2008-04-11 12:18 --------- d-----w C:\ProgramData\MumboJumbo
    2008-04-01 19:25 --------- d-----w C:\ProgramData\WLInstaller
    2008-04-01 19:24 --------- d-s---w C:\Users\Valé\AppData\Roaming\Microsoft
    2008-03-27 14:16 15,872 ------w C:\Windows\System32\winskfr.dll
    2008-03-27 11:18 --------- d-----w C:\Program Files\Common Files\PX Storage Engine
    2008-03-26 18:40 --------- d-----w C:\ProgramData\BOONTY
    2008-03-23 08:01 --------- d-----w C:\Program Files\Common Files\Symantec Shared
    2008-03-06 09:25 4,103,032 ----a-w C:\Windows\System32\SpoonUninstall.exe
    2008-02-29 06:51 19,000 ----a-w C:\Windows\System32\kd1394.dll
    2008-02-29 06:39 40,960 ----a-w C:\Windows\System32\srclient.dll
    2008-02-29 06:39 371,712 ----a-w C:\Windows\System32\srcore.dll
    2008-02-29 06:38 313,856 ----a-w C:\Windows\System32\rstrui.exe
    2008-02-29 06:38 16,384 ----a-w C:\Windows\System32\srdelayed.exe
    2008-02-29 06:35 6,656 ----a-w C:\Windows\System32\kbd106n.dll
    2008-02-29 06:34 7,168 ----a-w C:\Windows\System32\f3ahvoas.dll
    2008-02-29 04:16 2,027,008 ----a-w C:\Windows\System32\win32k.sys
    2008-02-21 16:49 43,520 ----a-w C:\Windows\System32\CmdLineExt03.dll
    2008-02-21 04:43 826,368 ----a-w C:\Windows\System32\wininet.dll
    2008-02-21 04:43 56,320 ----a-w C:\Windows\System32\iesetup.dll
    2008-02-21 04:43 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll
    2008-02-21 04:43 296,448 ----a-w C:\Windows\System32\gdi32.dll
    2008-02-21 04:43 26,624 ----a-w C:\Windows\System32\ieUnatt.exe
    2008-02-19 05:10 620,088 ----a-w C:\Windows\System32\ci.dll
    2008-01-21 08:40 1,132 ----a-w C:\Users\Valé\AppData\Roaming\wklnhst.dat
    2007-12-16 12:51 174 --sha-w C:\Program Files\desktop.ini
    2008-01-05 10:55 2,516 --sha-w C:\Windows\System32\KGyGaAvL.sys
    .

    ------- Sigcheck -------

    .
    ((((((((((((((((((((((((((((( snapshot@2008-05-15_16.00.17,55 )))))))))))))))))))))))))))))))))))))))))
    .
    - 2008-05-15 07:35:36 67,584 --s-a-w C:\Windows\bootstat.dat
    + 2008-05-17 06:59:35 67,584 --s-a-w C:\Windows\bootstat.dat
    - 2008-05-15 07:35:38 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
    + 2008-05-17 06:59:36 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
    - 2008-05-15 07:35:38 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
    + 2008-05-17 06:59:36 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
    - 2008-04-20 11:27:10 16,384 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    + 2008-05-16 09:00:01 16,384 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    - 2008-04-20 11:27:10 32,768 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
    + 2008-05-16 09:00:01 32,768 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
    - 2008-04-20 11:27:10 16,384 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    + 2008-05-16 09:00:01 16,384 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    - 2008-05-15 07:39:28 1,572,864 --sha-w C:\Windows\ServiceProfiles\LocalService\ntuser.dat
    + 2008-05-17 12:29:41 1,572,864 --sha-w C:\Windows\ServiceProfiles\LocalService\ntuser.dat
    - 2008-05-15 07:39:19 1,572,864 --sha-w C:\Windows\ServiceProfiles\NetworkService\ntuser.dat
    + 2008-05-17 07:01:35 1,572,864 --sha-w C:\Windows\ServiceProfiles\NetworkService\ntuser.dat
    - 2008-05-15 13:55:31 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    + 2008-05-17 15:51:01 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    - 2008-05-15 13:55:31 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
    + 2008-05-17 15:51:01 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
    - 2008-05-15 13:55:31 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    + 2008-05-17 15:51:01 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    - 2008-04-06 05:56:20 19,836,024 ----a-w C:\Windows\System32\mrt.exe
    + 2008-05-09 21:35:04 16,863,864 ----a-w C:\Windows\System32\mrt.exe
    - 2008-05-15 07:40:23 9,628 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1268637173-3409073900-2464634042-1000_UserData.bin
    + 2008-05-17 07:01:59 9,812 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1268637173-3409073900-2464634042-1000_UserData.bin
    - 2008-05-15 07:40:23 60,446 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
    + 2008-05-17 07:01:59 60,478 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
    - 2008-05-15 07:26:32 2,554 ----a-w C:\Windows\System32\WDI\ERCQueuedResolutions.dat
    + 2008-05-15 18:25:38 2,554 ----a-w C:\Windows\System32\WDI\ERCQueuedResolutions.dat
    - 2008-05-15 07:39:37 59,954 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
    + 2008-05-17 07:01:57 60,034 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
    .
    -- Snapshot reset to current date --
    .
    ((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    REGEDIT4
    *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 12:34 5724184]
    "Sidebar"="C:\Program Files\windows sidebar\sidebar.exe" [2008-01-10 10:00 1232896]
    "RunSpySweeperScheduleAtStartup"="C:\Windows\system32\msfeedssync.exe" [2006-11-02 11:45 12288]
    "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-05-16 11:40 68856]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-03-28 23:37 413696]
    "avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-05-12 18:39 79224]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 12:35 90112]
    "Acer Tour Reminder"="C:\Acer\AcerTour\Reminder.exe" [2007-02-15 18:39 151552]

    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
    Outil de mise … jour Google.lnk - C:\Program Files\Google\Google Updater\GoogleUpdater.exe [2008-05-16 11:40:42 124400]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "msacm.mkdmp3enc"= C:\Acer\EMPOWE~1\eMode\PCM\Kernel\Burner\MKDMP3Enc.ACM

    [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Empowering Technology Launcher.lnk]
    path=C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Empowering Technology Launcher.lnk
    backup=C:\Windows\pss\Empowering Technology Launcher.lnk.CommonStartup
    backupExtension=.CommonStartup

    [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Lancement rapide d'Adobe Reader.lnk]
    path=C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Lancement rapide d'Adobe Reader.lnk
    backup=C:\Windows\pss\Lancement rapide d'Adobe Reader.lnk.CommonStartup
    backupExtension=.CommonStartup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acer Empowering Technology Monitor]
    --a------ 2007-01-24 10:27 319488 C:\Acer\Empowering Technology\SysMonitor.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acer Tour Reminder]
    --a------ 2007-02-15 18:39 151552 C:\Acer\AcerTour\Reminder.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Apanel]
    C:\ACERSW\config\NewSetApanel.cmd

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\avast!]
    --a------ 2008-05-12 18:39 79224 C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BrMfcWnd]
    --a------ 2006-11-24 21:20 622592 C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eDataSecurity Loader]
    --a------ 2007-02-07 00:04 464168 C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IndexSearch]
    --a------ 2005-03-17 20:30 40960 C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Installation Diagnostics]
    --a------ 2006-11-04 11:52 126976 C:\Program Files\Brother\Brmfl06a\Brinstck.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OPTENET_GUI]
    --a------ 2006-12-20 11:14 404536 C:\PROGRA~1\CONTRO~1\bin\optgui.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ORAHSSSessionManager]
    --a------ 2007-07-24 20:03 102400 C:\Program Files\Orange HSS\SessionManager\SessionManager.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PaperPort PTD]
    --a------ 2005-03-17 20:17 57393 C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCMService]
    --a------ 2007-01-12 21:24 151552 C:\Acer\Empowering Technology\eMode\PCM\PCMService.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RtHDVCpl]
    --a------ 2007-03-23 13:04 4423680 C:\Windows\RtHDVCpl.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SetDefPrt]
    --a------ 2006-09-25 15:00 49152 C:\Program Files\Brother\Brmfl06a\BrStDvPt.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sidebar]
    --a------ 2008-01-10 10:00 1232896 C:\Program Files\Windows Sidebar\sidebar.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSBkgdUpdate]
    -ra------ 2003-10-14 11:22 155648 C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SystrayORAHSS]
    --a------ 2007-07-24 20:55 94208 C:\Program Files\Orange HSS\Systray\SystrayApp.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WarReg_PopUp]
    --a------ 2006-11-05 21:48 57344 C:\Acer\WR_PopUp\WarReg_PopUp.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
    --a------ 2007-12-16 08:18 1006264 C:\Program Files\Windows Defender\MSASCui.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
    "DisableMonitoring"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
    "DisableMonitoring"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
    "DisableMonitoring"=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
    "{27A992E8-3191-4058-BDC4-1321D34A3BBD}"= UDP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
    "{825364F4-5206-4106-9837-CCC9FB893293}"= TCP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
    "{7544676B-122D-44D9-B6F1-22A42CF36183}"= UDP:C:\Acer\Empowering Technology\eMode\PCM\PCMService.exe:CyberLink PowerCinema Resident Program
    "{1A18564B-6511-4C7F-B95E-0AD529D9AAFD}"= TCP:C:\Acer\Empowering Technology\eMode\PCM\PCMService.exe:CyberLink PowerCinema Resident Program
    "{EFE8DCAE-7635-4074-8040-2F5EFE92AEF2}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
    "TCP Query User{CC2F451E-58E2-4CEB-9778-9889EF6753B5}C:\\program files\\internet explorer\\iexplore.exe"= UDP:C:\program files\internet explorer\iexplore.exe:Internet Explorer
    "UDP Query User{A092B5EF-2A9E-457D-AFDD-83032F337ECE}C:\\program files\\internet explorer\\iexplore.exe"= TCP:C:\program files\internet explorer\iexplore.exe:Internet Explorer
    "TCP Query User{D25745B1-95F3-4832-A669-FF44238389F0}C:\\program files\\emule\\emule.exe"= UDP:C:\program files\emule\emule.exe:eMule
    "UDP Query User{9EF2A851-2043-44C5-96F7-13B14F4D4751}C:\\program files\\emule\\emule.exe"= TCP:C:\program files\emule\emule.exe:eMule
    "TCP Query User{0D88BB8A-3781-421D-90A8-4A0A17CCE82C}C:\\users\\valé\\desktop\\emule.exe"= UDP:C:\users\valé\desktop\emule.exe:emule.exe
    "UDP Query User{E28ED3C4-CBEC-4878-B4A3-4C80FBA2B731}C:\\users\\valé\\desktop\\emule.exe"= TCP:C:\users\valé\desktop\emule.exe:emule.exe
    "{FD296680-6964-4303-B774-A71048275A9B}"= UDP:C:\Program Files\LimeWire\LimeWire.exe:LimeWire
    "{74800000-A9BE-4677-A665-C95407F31A35}"= TCP:C:\Program Files\LimeWire\LimeWire.exe:LimeWire
    "TCP Query User{4000FA29-C2F3-483D-8770-8B6E182F43D7}C:\\program files\\microsoft games\\age of empires ii trial\\empires2.exe"= UDP:C:\program files\microsoft games\age of empires ii trial\empires2.exe:Age of Empires II
    "UDP Query User{C9ABFA1D-2067-48E1-93E5-C7A1C51B73F6}C:\\program files\\microsoft games\\age of empires ii trial\\empires2.exe"= TCP:C:\program files\microsoft games\age of empires ii trial\empires2.exe:Age of Empires II
    "TCP Query User{BEEBB5A9-D3D6-42D6-A8DD-7B32CDBE31B8}C:\\program files\\atari\\act of war - direct action\\actofwar.exe"= UDP:C:\program files\atari\act of war - direct action\actofwar.exe:ACTOFWAR
    "UDP Query User{433E1A6D-84ED-4539-B7FB-C420C3246243}C:\\program files\\atari\\act of war - direct action\\actofwar.exe"= TCP:C:\program files\atari\act of war - direct action\actofwar.exe:ACTOFWAR
    "{705A1F68-7AD4-457B-BA4C-CFB94991DF8A}"= Disabled:UDP:C:\Program Files\IncrediMail\bin\ImApp.exe:IncrediMail
    "{3A821033-8E50-41D1-81DC-94F818A78F94}"= Disabled:TCP:C:\Program Files\IncrediMail\bin\ImApp.exe:IncrediMail
    "{6B2C169B-6A3F-4D8C-9F33-F8B7C43AC420}"= Disabled:UDP:C:\Program Files\IncrediMail\bin\ImpCnt.exe:IncrediMail
    "{4A341FDE-7435-4EF9-BEF9-F3501FB00517}"= Disabled:TCP:C:\Program Files\IncrediMail\bin\ImpCnt.exe:IncrediMail
    "{B1EC8C9E-2ADA-4A2D-8DD3-581054046069}"= Disabled:UDP:C:\Program Files\IncrediMail\bin\IncMail.exe:IncrediMail
    "{6552E66E-61C9-4A58-A233-D649EFF1CCB4}"= Disabled:TCP:C:\Program Files\IncrediMail\bin\IncMail.exe:IncrediMail

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
    "DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
    "C:\\Program Files\\Orange HSS\\Connectivity\\ConnectivityManager.exe"= C:\Program Files\Orange HSS\Connectivity\ConnectivityManager.exe:*:enabled:CSS

    R0 AtiPcie;ATI PCI Express (3GIO) Filter;C:\Windows\system32\DRIVERS\AtiPcie.sys [2006-10-30 05:22]
    R0 PSDFilter;PSDFilter;C:\Windows\system32\DRIVERS\psdfilter.sys [2007-02-07 00:04]
    R0 PSDNServ;PSDNSERVER;C:\Windows\system32\drivers\PSDNServ.sys [2007-02-07 00:04]
    R0 psdvdisk;psdvdisk;C:\Windows\system32\drivers\psdvdisk.sys [2007-02-07 00:04]
    R1 aswSP;avast! Self Protection;C:\Windows\system32\drivers\aswSP.sys [2008-05-12 18:36]
    R2 aswFsBlk;aswFsBlk;C:\Windows\system32\DRIVERS\aswFsBlk.sys [2008-05-12 18:38]
    R2 aswMonFlt;aswMonFlt;C:\Windows\system32\DRIVERS\aswMonFlt.sys [2008-05-12 18:37]
    R3 atikmdag;atikmdag;C:\Windows\system32\DRIVERS\atikmdag.sys [2007-03-14 16:04]
    R3 PCASp50;PCASp50 NDIS Protocol Driver;C:\Windows\system32\Drivers\PCASp50.sys [2006-11-28 22:46]
    R3 yukonwlh;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk60x86.sys [2007-07-31 09:22]
    S3 Boonty Games;Boonty Games;"C:\Program Files\Common Files\BOONTY Shared\Service\Boonty.exe" [2008-05-05 19:51]
    S3 PCAMp50;PCAMp50 NDIS Protocol Driver;C:\Windows\system32\Drivers\PCAMp50.sys [2006-11-28 22:46]
    S4 eDataSecurity Service;eDSService.exe;"C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe" [2007-02-07 00:04]
    S4 OPTENET_FILTER;Orange Contrôle Parental;C:\Program Files\Controle Parental\bin\optproxy.exe [2006-12-21 20:15]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a7e75b1e-1381-11dd-b847-001c2531a75a}]
    \shell\Auto\command - cmd /C launch.bat
    \shell\AutoRun\command - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL cmd /C launch.bat

    .
    Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
    "2008-05-17 15:59:12 C:\Windows\Tasks\User_Feed_Synchronization-{86D4E83F-E95F-4147-B654-0255350728CB}.job"
    - C:\Windows\system32\msfeedssync.exe
    .
    **************************************************************************

    catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-05-17 19:05:44
    Windows 6.0.6000 NTFS

    Balayage processus cachés ...

    Balayage caché autostart entries ...

    HKCU\Software\Microsoft\Windows\CurrentVersion\Run
    msnmsgr = "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background??s

    Balayage des fichiers cachés ...

    Scan terminé avec succès
    Les fichiers cachés: 0

    **************************************************************************
    .
    --------------------- DLLs a chargé sous des processus courants ---------------------

    PROCESS: C:\Windows\Explorer.exe
    -> ?:\Windows\system32\iertutil.dll
    .
    Temps d'accomplissement: 2008-05-17 19:07:17
    ComboFix-quarantined-files.txt 2008-05-17 17:06:50
    ComboFix2.txt 2008-05-15 14:01:06

    Le texte du message associé au numéro 0x2379 est introuvable dans le fichier de messages pour Application.
    Le texte du message associé au numéro 0x2379 est introuvable dans le fichier de messages pour Application.

    262 --- E O F --- 2008-05-17 08:38:46
    a b 8 Sécurité
    18 Mai 2008 12:15:15

    Re,

    [#ff0000]Désactive tes protections résidentes (antivirus...) ![/#f]
    Copie (Ctrl+C) le texte se situant dans le cadre ci-dessous :

    File::
    C:\Windows\system32\msfeedssync.exe

    Registry::
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "RunSpySweeperScheduleAtStartup"=-


    Ouvre le Bloc-notes (Démarrer>Exécuter...>notepad) puis colle (Ctrl+V) le texte précedemment copié.
    Sauvegarde ce fichier sous le nom de CFScript.txt.

    Glisse maintenant le fichier CFScript.txt dans ComboFix.exe comme ci-dessous :


    Cela va relancer ComboFix, tape sur 1 puis valide. Après redémarrage, poste le contenu du rapport Combofix.txt accompagné d'un rapport HijackThis.
    [#ff0000]NOTE : S'il n'y a pas de rédémarrage, poste quand même les rapports demandés.[/#f]
    18 Mai 2008 21:54:10

    résolut salut,je te poste le rapport combofix par contre le te le mets en plusieur fois car il est trop long :
    ComboFix 08-05-12.1 - Valé 2008-05-18 21:26:46.3 - NTFSx86
    Microsoft® Windows Vista™ Édition Familiale Basique 6.0.6001.1.1252.1.1036.18.184 [GMT 2:00]
    Endroit: C:\Users\Valé\Desktop\anti-virus\ComboFix.exe
    Command switches used :: C:\Users\Valé\Desktop\CFScript.txt..txt
    * Création d'un nouveau point de restauration
    .

    ((((((((((((((((((((((((((((( Fichiers créés 2008-04-18 to 2008-05-18 ))))))))))))))))))))))))))))))))))))
    .

    2008-05-18 17:37 . 2008-05-18 17:37 <REP> d-------- C:\Windows\LastGood.Tmp
    2008-05-18 17:07 . 2008-05-18 17:08 <REP> d-------- C:\Program Files\Windows Live Safety Center
    2008-05-18 16:29 . 2008-05-18 16:29 0 --ah----- C:\Windows\System32\drivers\Msft_User_WpdFs_01_00_00.Wdf
    2008-05-18 16:15 . 2008-05-18 16:15 <REP> d-------- C:\PerfLogs
    2008-05-18 15:18 . 2008-01-19 07:46 4,240,384 --a------ C:\Windows\System32\GameUXLegacyGDFs.dll
    2008-05-18 15:17 . 2008-01-19 09:35 9,847,296 --a------ C:\Windows\System32\NlsData000a.dll
    2008-05-18 15:16 . 2008-01-19 09:33 8,139,264 --a------ C:\Windows\System32\ssBranded.scr
    2008-05-18 15:15 . 2008-01-19 09:32 5,714,432 --a------ C:\Windows\System32\logon.scr
    2008-05-18 15:14 . 2008-01-19 08:06 8,147,456 --a------ C:\Windows\System32\wmploc.DLL
    2008-05-18 15:13 . 2008-01-19 09:33 599,552 --a------ C:\Windows\System32\vsp1cln.exe
    2008-05-18 15:13 . 2008-01-05 13:31 145,455 --a------ C:\Windows\System32\perfmon.msc
    2008-05-18 15:13 . 2008-01-05 13:22 144,909 --a------ C:\Windows\System32\fsmgmt.msc
    2008-05-18 15:13 . 2008-01-05 13:34 15,181 --a------ C:\Windows\System32\gatherWirelessInfo.vbs
    2008-05-18 15:13 . 2008-01-05 13:31 3 --a------ C:\Windows\System32\drivers\MsftWdf_Kernel_01007_Inbox_Critical.Wdf
    2008-05-18 15:12 . 2008-01-19 09:36 704,512 --a------ C:\Windows\System32\SmiEngine.dll
    2008-05-18 15:12 . 2008-01-19 09:36 357,888 --a------ C:\Windows\System32\wbemcomn.dll
    2008-05-18 15:12 . 2008-01-19 09:36 139,264 --a------ C:\Windows\System32\SmiInstaller.dll
    2008-05-18 15:11 . 2008-01-19 09:34 305,152 --a------ C:\Windows\System32\msdelta.dll
    2008-05-18 15:11 . 2008-01-19 09:34 258,560 --a------ C:\Windows\System32\dpx.dll
    2008-05-18 15:11 . 2008-01-19 09:34 246,784 --a------ C:\Windows\System32\drvstore.dll
    2008-05-18 15:11 . 2008-01-19 09:36 218,624 --a------ C:\Windows\System32\wdscore.dll
    2008-05-18 15:11 . 2008-01-19 09:33 130,560 --a------ C:\Windows\System32\PkgMgr.exe
    2008-05-18 15:11 . 2008-01-19 09:35 35,328 --a------ C:\Windows\System32\mspatcha.dll
    2008-05-16 11:40 . 2008-05-18 14:41 <REP> d-------- C:\Users\All Users\Google Updater
    2008-05-16 11:40 . 2008-05-18 14:41 <REP> d-------- C:\ProgramData\Google Updater
    2008-05-15 20:23 . 2008-05-15 20:23 <REP> d-------- C:\Users\Valé\AppData\Roaming\Malwarebytes
    2008-05-15 20:22 . 2008-05-15 20:22 <REP> d-------- C:\Users\All Users\Malwarebytes
    2008-05-15 20:22 . 2008-05-15 20:22 <REP> d-------- C:\ProgramData\Malwarebytes
    2008-05-15 20:22 . 2008-05-15 20:22 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware
    2008-05-15 20:22 . 2008-05-05 20:46 27,048 --a------ C:\Windows\System32\drivers\mbamcatchme.sys
    2008-05-15 20:22 . 2008-05-05 20:46 15,864 --a------ C:\Windows\System32\drivers\mbam.sys
    2008-05-15 09:41 . 2008-05-15 09:41 0 --ah----- C:\Users\Default.LOG2
    2008-05-15 09:41 . 2008-05-15 09:41 0 --ah----- C:\Users\Default.LOG1
    2008-05-15 09:41 . 2008-05-15 09:41 0 --ah----- C:\ProgramData.LOG2
    2008-05-15 09:41 . 2008-05-15 09:41 0 --ah----- C:\ProgramData.LOG1
    2008-05-14 20:03 . 2008-05-14 20:03 164 --a------ C:\install.dat
    2008-05-14 09:37 . 2008-05-14 09:38 1,495,112 --a------ C:\Users\Valé\install_flash_player.exe
    2008-05-14 09:37 . 2008-05-14 09:38 1,495,112 --a------ C:\Users\Valé\install_flash_player.exe
    2008-05-13 23:28 . 2008-05-13 23:28 <REP> d-------- C:\Users\All Users\ESET
    2008-05-13 23:28 . 2008-05-13 23:28 <REP> d-------- C:\ProgramData\ESET
    2008-05-13 22:55 . 2008-05-13 23:20 <REP> d-------- C:\Program Files\Navilog1
    2008-05-13 08:00 . 2008-05-13 08:00 <REP> d-------- C:\Users\All Users\Prevx
    2008-05-13 08:00 . 2008-05-13 08:01 <REP> d-------- C:\Temp
    2008-05-13 08:00 . 2008-05-13 08:00 <REP> d-------- C:\ProgramData\Prevx
    2008-05-12 21:24 . 2008-05-13 07:00 <REP> d-------- C:\Program Files\Common Files\Panda Software
    2008-05-12 21:09 . 2005-09-23 07:29 626,688 --a------ C:\Windows\System32\msvcr80.dll
    2008-05-12 15:56 . 2008-05-12 18:37 50,768 --a------ C:\Windows\System32\drivers\aswMonFlt.sys
    2008-05-11 22:09 . 2008-05-11 22:09 <REP> d-------- C:\VundoFix Backups
    2008-05-11 18:39 . 2008-05-11 18:39 <REP> d-------- C:\Users\Valé\AppData\Roaming\Mozilla
    2008-05-05 19:51 . 2008-05-05 19:51 <REP> d-------- C:\Program Files\Common Files\BOONTY Shared
    2008-04-25 10:25 . 2008-04-25 10:25 <REP> d-------- C:\Windows\wb
    2008-04-25 10:25 . 1999-02-08 14:36 87,552 -ra------ C:\Windows\system\url.dll
    2008-04-25 10:25 . 1999-02-08 14:36 9,728 -ra------ C:\Windows\system\rnaph.dll
    2008-04-25 10:21 . 1996-01-09 10:38 283,648 --a------ C:\Windows\uninst.exe
    2008-04-21 19:45 . 2008-04-21 19:45 <REP> d-------- C:\Users\All Users\Oberon Media
    2008-04-21 19:45 . 2008-04-21 19:45 <REP> d-------- C:\ProgramData\Oberon Media

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-05-18 19:30 4,194,304 --sha-w C:\Users\Valé\ntuser.dat
    2008-05-18 19:30 4,194,304 --sha-w C:\Users\Valé\ntuser.dat
    2008-05-18 15:36 --------- d--h--w C:\Program Files\InstallShield Installation Information
    2008-05-18 15:31 2,097,152 --sha-w C:\Users\Invité\ntuser.dat
    2008-05-18 15:31 2,097,152 --sha-w C:\Users\Invité\ntuser.dat
    2008-05-18 14:24 174 --sha-w C:\Program Files\desktop.ini
    2008-05-18 14:16 --------- d-----w C:\Program Files\Windows Sidebar
    2008-05-18 14:16 --------- d-----w C:\Program Files\Windows Photo Gallery
    2008-05-18 14:16 --------- d-----w C:\Program Files\Windows Mail
    2008-05-18 14:16 --------- d-----w C:\Program Files\Windows Defender
    2008-05-18 14:16 --------- d-----w C:\Program Files\Windows Collaboration
    2008-05-18 14:16 --------- d-----w C:\Program Files\Windows Calendar
    2008-05-18 13:42 82,432 ----a-w C:\Windows\System32\axaltocm.dll
    2008-05-18 13:42 101,888 ----a-w C:\Windows\System32\ifxcardm.dll
    2008-05-16 09:40 --------- d-----w C:\Program Files\Google
    2008-05-15 18:23 --------- d-----w C:\Users\Valé\AppData\Roaming\Malwarebytes
    2008-05-14 21:30 --------- d-----w C:\ProgramData\Microsoft Help
    2008-05-14 07:38 1,495,112 ----a-w C:\Users\Valé\install_flash_player.exe
    2008-05-14 07:38 1,495,112 ----a-w C:\Users\Valé\install_flash_player.exe
    2008-05-13 18:27 --------- d---a-w C:\ProgramData\TEMP
    2008-05-11 16:39 --------- d-----w C:\Users\Valé\AppData\Roaming\Mozilla
    2008-04-30 19:23 --------- d-----w C:\Program Files\Microsoft Games
    2008-04-25 10:10 --------- d-----w C:\ProgramData\GamesBar
    2008-04-21 08:32 --------- d-----w C:\ProgramData\Logishrd
    2008-04-21 08:32 --------- d-----w C:\Program Files\Common Files\LogiShrd
    2008-04-19 19:49 --------- d-----w C:\Users\Valé\AppData\Roaming\LimeWire
    2008-04-17 11:24 --------- d-----w C:\Program Files\Common Files\Oberon Media
    2008-04-17 09:29 --------- d-----w C:\ProgramData\Apple Computer
    2008-04-17 07:35 --------- d-----w C:\Users\Valé\AppData\Roaming\Apple Computer
    2008-04-17 07:33 --------- d-----w C:\Program Files\QuickTime
    2008-04-17 07:27 --------- d-----w C:\Program Files\Common Files\Apple
    2008-04-17 07:25 --------- d-----w C:\ProgramData\Apple
    2008-04-17 07:25 --------- d-----w C:\Program Files\Apple Software Update
    2008-04-13 16:49 --------- d-----w C:\Users\Valé\AppData\Roaming\DeepBurner
    2008-04-12 09:25 --------- d-----w C:\Users\Valé\AppData\Roaming\PlayFirst
    2008-04-12 09:25 --------- d-----w C:\ProgramData\PlayFirst
    2008-04-11 12:18 --------- d-----w C:\ProgramData\MumboJumbo
    2008-04-01 19:25 --------- d-----w C:\ProgramData\WLInstaller
    2008-04-01 19:24 --------- d-s---w C:\Users\Valé\AppData\Roaming\Microsoft
    2008-03-27 14:16 15,872 ------w C:\Windows\System32\winskfr.dll
    2008-03-27 11:18 --------- d-----w C:\Program Files\Common Files\PX Storage Engine
    2008-03-26 18:40 --------- d-----w C:\ProgramData\BOONTY
    2008-03-23 08:01 --------- d-----w C:\Program Files\Common Files\Symantec Shared
    2008-03-06 09:25 4,103,032 ----a-w C:\Windows\System32\SpoonUninstall.exe
    2008-02-29 07:14 19,000 ----a-w C:\Windows\System32\kd1394.dll
    2008-02-29 07:11 988,216 ----a-w C:\Windows\System32\winload.exe
    2008-02-29 07:11 927,288 ----a-w C:\Windows\System32\winresume.exe
    2008-02-29 06:53 46,592 ----a-w C:\Windows\System32\setbcdlocale.dll
    2008-02-29 06:53 40,960 ----a-w C:\Windows\System32\srclient.dll
    2008-02-29 06:53 378,368 ----a-w C:\Windows\System32\srcore.dll
    2008-02-29 06:35 6,656 ----a-w C:\Windows\System32\kbd106n.dll
    2008-02-29 04:21 2,032,128 ----a-w C:\Windows\System32\win32k.sys
    2008-02-29 04:12 318,464 ----a-w C:\Windows\System32\rstrui.exe
    2008-02-29 04:12 14,848 ----a-w C:\Windows\System32\srdelayed.exe
    2008-02-22 05:05 615,992 ----a-w C:\Windows\System32\ci.dll
    2008-02-22 05:01 826,880 ----a-w C:\Windows\System32\wininet.dll
    2008-02-22 04:57 295,936 ----a-w C:\Windows\System32\gdi32.dll
    2008-02-21 16:49 43,520 ----a-w C:\Windows\System32\CmdLineExt03.dll
    2008-01-21 08:40 1,132 ----a-w C:\Users\Valé\AppData\Roaming\wklnhst.dat
    2008-01-05 10:55 2,516 --sha-w C:\Windows\System32\KGyGaAvL.sys
    .

    ------- Sigcheck -------

    .
    ((((((((((((((((((((((((((((( snapshot_2008-05-17_19.06.26,18 )))))))))))))))))))))))))))))))))))))))))
    .
    - 2008-02-13 10:45:52 2,144,256 ----a-w C:\Windows\AppPatch\AcGenral.dll
    + 2008-01-19 07:33:41 2,154,496 ----a-w C:\Windows\AppPatch\AcGenral.dll
    - 2008-02-13 10:45:52 537,600 ----a-w C:\Windows\AppPatch\AcLayers.dll
    + 2008-01-19 07:33:41 540,672 ----a-w C:\Windows\AppPatch\AcLayers.dll
    - 2006-11-02 09:46:02 237,568 ----a-w C:\Windows\AppPatch\AcRedir.dll
    + 2008-01-19 07:33:41 237,568 ----a-w C:\Windows\AppPatch\AcRedir.dll
    - 2008-02-13 10:45:53 2,560 ----a-w C:\Windows\AppPatch\AcRes.dll
    + 2006-11-02 07:11:38 2,560 ----a-w C:\Windows\AppPatch\AcRes.dll
    - 2008-02-13 10:45:52 449,536 ----a-w C:\Windows\AppPatch\AcSpecfc.dll
    + 2008-01-19 07:33:41 459,264 ----a-w C:\Windows\AppPatch\AcSpecfc.dll
    - 2008-02-13 10:45:52 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll
    + 2008-01-19 07:33:42 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll
    - 2006-11-02 09:46:02 40,960 ----a-w C:\Windows\AppPatch\apihex86.dll
    + 2008-01-19 07:33:43 40,960 ----a-w C:\Windows\AppPatch\apihex86.dll
    - 2008-02-21 04:43:35 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll
    + 2008-01-19 07:34:28 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll
    - 2006-10-20 01:13:56 69,120 ----a-w C:\Windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
    + 2008-01-05 11:26:08 69,120 ----a-w C:\Windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
    - 2006-10-20 01:14:03 72,192 ----a-w C:\Windows\assembly\GAC_32\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
    + 2008-01-05 11:26:17 72,192 ----a-w C:\Windows\assembly\GAC_32\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
    - 2006-11-02 12:34:39 507,904 ----a-w C:\Windows\assembly\GAC_32\Microsoft.Ink\6.0.0.0__31bf3856ad364e35\Microsoft.Ink.dll
    + 2008-01-19 07:38:34 507,904 ----a-w C:\Windows\assembly\GAC_32\Microsoft.Ink\6.0.0.0__31bf3856ad364e35\Microsoft.Ink.dll
    - 2006-11-02 12:34:59 151,552 ----a-w C:\Windows\assembly\GAC_32\Microsoft.Transactions.Bridge.Dtc\3.0.0.0__b03f5f7f11d50a3a\Microsoft.Transactions.Bridge.Dtc.dll
    + 2008-01-05 11:21:39 151,552 ----a-w C:\Windows\assembly\GAC_32\Microsoft.Transactions.Bridge.Dtc\3.0.0.0__b03f5f7f11d50a3a\Microsoft.Transactions.Bridge.Dtc.dll
    - 2006-10-20 01:14:15 4,366,336 ----a-w C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll
    + 2008-01-05 11:26:32 4,444,160 ----a-w C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll
    - 2006-11-02 09:47:03 39,936 ----a-w C:\Windows\assembly\GAC_32\napcrypt\6.0.0.0__31bf3856ad364e35\NAPCRYPT.DLL
    + 2008-01-19 07:38:44 46,080 ----a-w C:\Windows\assembly\GAC_32\napcrypt\6.0.0.0__31bf3856ad364e35\NAPCRYPT.DLL
    - 2006-11-02 09:47:03 98,816 ----a-w C:\Windows\assembly\GAC_32\naphlpr\6.0.0.0__31bf3856ad364e35\NAPHLPR.DLL
    + 2008-01-19 07:38:45 103,936 ----a-w C:\Windows\assembly\GAC_32\naphlpr\6.0.0.0__31bf3856ad364e35\NAPHLPR.DLL
    - 2006-11-02 12:34:57 3,915,264 ----a-w C:\Windows\assembly\GAC_32\PresentationCore\3.0.0.0__31bf3856ad364e35\PresentationCore.dll
    + 2008-01-05 11:21:53 4,174,336 ----a-w C:\Windows\assembly\GAC_32\PresentationCore\3.0.0.0__31bf3856ad364e35\PresentationCore.dll
    - 2006-10-20 01:14:47 482,304 ----a-w C:\Windows\assembly\GAC_32\System.Data.OracleClient\2.0.0.0__b77a5c561934e089\System.Data.OracleClient.dll
    + 2008-01-05 11:26:54 483,840 ----a-w C:\Windows\assembly\GAC_32\System.Data.OracleClient\2.0.0.0__b77a5c561934e089\System.Data.OracleClient.dll
    - 2006-10-20 01:14:47 2,894,336 ----a-w C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
    + 2008-01-05 11:26:54 3,036,160 ----a-w C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
    - 2006-10-20 01:14:51 258,048 ----a-w C:\Windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
    + 2008-01-05 11:26:55 258,048 ----a-w C:\Windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
    - 2006-11-02 06:34:22 114,176 ----a-w C:\Windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
    + 2008-01-19 03:22:55 113,664 ----a-w C:\Windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
    - 2006-11-02 12:34:57 344,064 ----a-w C:\Windows\assembly\GAC_32\System.Printing\3.0.0.0__31bf3856ad364e35\System.Printing.dll
    + 2008-01-05 11:21:55 346,624 ----a-w C:\Windows\assembly\GAC_32\System.Printing\3.0.0.0__31bf3856ad364e35\System.Printing.dll
    - 2006-10-20 01:14:53 260,096 ----a-w C:\Windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
    + 2008-01-05 11:26:59 261,120 ----a-w C:\Windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
    - 2007-12-16 06:15:01 5,156,864 ----a-w C:\Windows\assembly\GAC_32\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dll
    + 2008-01-05 11:26:59 5,431,296 ----a-w C:\Windows\assembly\GAC_32\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dll
    - 2006-10-20 01:13:37 10,752 ----a-w C:\Windows\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
    + 2008-01-05 11:25:52 10,752 ----a-w C:\Windows\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
    - 2006-11-02 15:43:31 315,392 ----a-w C:\Windows\assembly\GAC_MSIL\AspNetMMCExt.resources\2.0.0.0_fr_b03f5f7f11d50a3a\aspnetmmcext.resources.dll
    + 2008-01-05 11:26:11 315,392 ----a-w C:\Windows\assembly\GAC_MSIL\AspNetMMCExt.resources\2.0.0.0_fr_b03f5f7f11d50a3a\aspnetmmcext.resources.dll
    - 2006-10-20 01:13:41 503,808 ----a-w C:\Windows\assembly\GAC_MSIL\AspNetMMCExt\2.0.0.0__b03f5f7f11d50a3a\AspNetMMCExt.dll
    + 2008-01-05 11:25:59 507,904 ----a-w C:\Windows\assembly\GAC_MSIL\AspNetMMCExt\2.0.0.0__b03f5f7f11d50a3a\AspNetMMCExt.dll
    - 2006-11-02 12:34:59 159,744 ----a-w C:\Windows\assembly\GAC_MSIL\ComSvcConfig\3.0.0.0__b03f5f7f11d50a3a\ComSvcConfig.exe
    + 2008-01-05 11:21:39 159,744 ----a-w C:\Windows\assembly\GAC_MSIL\ComSvcConfig\3.0.0.0__b03f5f7f11d50a3a\ComSvcConfig.exe
    - 2006-10-20 01:13:56 13,312 ----a-w C:\Windows\assembly\GAC_MSIL\cscompmgd\8.0.0.0__b03f5f7f11d50a3a\cscompmgd.dll
    + 2008-01-05 11:26:08 13,312 ----a-w C:\Windows\assembly\GAC_MSIL\cscompmgd\8.0.0.0__b03f5f7f11d50a3a\cscompmgd.dll
    - 2006-10-20 01:13:57 5,120 ----a-w C:\Windows\assembly\GAC_MSIL\dfsvc\2.0.0.0__b03f5f7f11d50a3a\dfsvc.exe
    + 2008-01-05 11:26:11 5,120 ----a-w C:\Windows\assembly\GAC_MSIL\dfsvc\2.0.0.0__b03f5f7f11d50a3a\dfsvc.exe
    - 2006-11-02 15:43:25 9,216 ----a-w C:\Windows\assembly\GAC_MSIL\EventViewer.Resources\6.0.0.0_fr_31bf3856ad364e35\EventViewer.resources.dll
    + 2008-01-19 07:53:44 9,216 ----a-w C:\Windows\assembly\GAC_MSIL\EventViewer.Resources\6.0.0.0_fr_31bf3856ad364e35\EventViewer.resources.dll
    - 2006-11-02 09:46:54 364,544 ----a-w C:\Windows\assembly\GAC_MSIL\EventViewer\6.0.0.0__31bf3856ad364e35\EventViewer.dll
    + 2008-01-19 07:38:21 364,544 ----a-w C:\Windows\assembly\GAC_MSIL\EventViewer\6.0.0.0__31bf3856ad364e35\EventViewer.dll
    - 2006-10-20 01:14:02 8,192 ----a-w C:\Windows\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a\IEExecRemote.dll
    + 2008-01-05 11:26:12 8,192 ----a-w C:\Windows\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a\IEExecRemote.dll
    - 2006-10-20 01:14:02 36,864 ----a-w C:\Windows\assembly\GAC_MSIL\IEHost\2.0.0.0__b03f5f7f11d50a3a\IEHost.dll
    + 2008-01-05 11:26:12 77,824 ----a-w C:\Windows\assembly\GAC_MSIL\IEHost\2.0.0.0__b03f5f7f11d50a3a\IEHost.dll
    - 2006-10-20 01:14:02 5,632 ----a-w C:\Windows\assembly\GAC_MSIL\IIEHost\2.0.0.0__b03f5f7f11d50a3a\IIEHost.dll
    + 2008-01-05 11:26:13 6,656 ----a-w C:\Windows\assembly\GAC_MSIL\IIEHost\2.0.0.0__b03f5f7f11d50a3a\IIEHost.dll
    - 2006-11-02 15:43:31 53,248 ----a-w C:\Windows\assembly\GAC_MSIL\Microsoft.Build.Engine.resources\2.0.0.0_fr_b03f5f7f11d50a3a\Microsoft.Build.Engine.resources.dll
    + 2008-01-05 11:26:11 53,248 ----a-w C:\Windows\assembly\GAC_MSIL\Microsoft.Build.Engine.resources\2.0.0.0_fr_b03f5f7f11d50a3a\Microsoft.Build.Engine.resources.dll
    - 2006-10-20 01:14:03 413,696 ----a-w C:\Windows\assembly\GAC_MSIL\Microsoft.Build.Engine\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Engine.dll
    + 2008-01-05 11:26:17 348,160 ----a-w C:\Windows\assembly\GAC_MSIL\Microsoft.Build.Engine\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Engine.dll
    - 2006-10-20 01:14:03 36,864 ----a-w C:\Windows\assembly\GAC_MSIL\Microsoft.Build.Framework\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll
    + 2008-01-05 11:26:17 36,864 ----a-w C:\Windows\assembly\GAC_MSIL\Microsoft.Build.Framework\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll
    - 2006-11-02 15:43:30 139,264 ----a-w C:\Windows\assembly\GAC_MSIL\Microsoft.Build.Tasks.resources\2.0.0.0_fr_b03f5f7f11d50a3a\Microsoft.Build.Tasks.resources.dll
    + 2008-01-05 11:26:11 139,264 ----a-w C:\Windows\assembly\GAC_MSIL\Microsoft.Build.Tasks.resources\2.0.0.0_fr_b03f5f7f11d50a3a\Microsoft.Build.Tasks.resources.dll
    - 2006-10-20 01:14:03 647,168 ----a-w C:\Windows\assembly\GAC_MSIL\Microsoft.Build.Tasks\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Tasks.dll
    + 2008-01-05 11:26:17 655,360 ----a-w C:\Windows\assembly\GAC_MSIL\Microsoft.Build.Tasks\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Tasks.dll
    - 2006-11-02 15:43:27 10,240 ----a-w C:\Windows\assembly\GAC_MSIL\microsoft.build.utilities.resources\2.0.0.0_fr_b03f5f7f11d50a3a\Microsoft.Build.Utilities.Resources.dll
    + 2008-01-05 11:26:11 10,752 ----a-w C:\Windows\assembly\GAC_MSIL\microsoft.build.utilities.resources\2.0.0.0_fr_b03f5f7f11d50a3a\Microsoft.Build.Utilities.Resources.dll
    - 2006-10-20 01:14:04 73,728 ----a-w C:\Windows\assembly\GAC_MSIL\Microsoft.Build.Utilities\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.dll
    + 2008-01-05 11:26:17 77,824 ----a-w C:\Windows\assembly\GAC_MSIL\Microsoft.Build.Utilities\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.dll
    - 2006-11-02 15:43:28 40,960 ----a-w C:\Windows\assembly\GAC_MSIL\Microsoft.Ink.Resources\6.0.0.0_fr_31bf3856ad364e35\Microsoft.Ink.Resources.dll
    + 2008-01-19 07:53:49 40,960 ----a-w C:\Windows\assembly\GAC_MSIL\Microsoft.Ink.Resources\6.0.0.0_fr_31bf3856ad364e35\Microsoft.Ink.Resources.dll
    - 2006-11-02 15:43:28 45,056 ----a-w C:\Windows\assembly\GAC_MSIL\Microsoft.Jscript.resources\8.0.0.0_fr_b03f5f7f11d50a3a\Microsoft.JScript.Resources.dll
    + 2008-01-05 11:26:11 45,056 ----a-w C:\Windows\assembly\GAC_MSIL\Microsoft.Jscript.resources\8.0.0.0_fr_b03f5f7f11d50a3a\Microsoft.JScript.Resources.dll
    - 2006-10-20 01:14:04 749,568 ----a-w C:\Windows\assembly\GAC_MSIL\Microsoft.JScript\8.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
    + 2008-01-05 11:26:19 749,568 ----a-w C:\Windows\assembly\GAC_MSIL\Microsoft.JScript\8.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
    - 2006-11-02 15:43:25 28,672 ----a-w C:\Windows\assembly\GAC_MSIL\Microsoft.ManagementConsole.Resources\3.0.0.0_fr_31bf3856ad364e35\Microsoft.ManagementConsole.Resources.dll
    + 2008-01-19 07:53:50 28,672 ----a-w C:\Windows\assembly\GAC_MSIL\Microsoft.ManagementConsole.Resources\3.0.0.0_fr_31bf3856ad364e35\Microsoft.ManagementConsole.Resources.dll
    - 2006-11-02 09:47:01 245,760 ----a-w C:\Windows\assembly\GAC_MSIL\Microsoft.ManagementConsole\3.0.0.0__31bf3856ad364e35\Microsoft.ManagementConsole.dll
    + 2008-01-19 07:38:35 188,416 ----a-w C:\Windows\assembly\GAC_MSIL\Microsoft.ManagementConsole\3.0.0.0__31bf3856ad364e35\Microsoft.ManagementConsole.dll
    - 2006-11-02 15:43:30 28,672 ----a-w C:\Windows\assembly\GAC_MSIL\Microsoft.Transactions.Bridge.resources\3.0.0.0_fr_b03f5f7f11d50a3a\Microsoft.Transactions.Bridge.Resources.dll
    + 2008-01-05 11:26:41 19,456 ----a-w C:\Windows\assembly\GAC_MSIL\Microsoft.Transactions.Bridge.resources\3.0.0.0_fr_b03f5f7f11d50a3a\Microsoft.Transactions.Bridge.Resources.dll
    - 2006-11-02 12:34:59 352,256 ----a-w C:\Windows\assembly\GAC_MSIL\Microsoft.Transactions.Bridge\3.0.0.0__b03f5f7f11d50a3a\Microsoft.Transactions.Bridge.dll
    + 2008-01-05 11:21:39 397,312 ----a-w C:\Windows\assembly\GAC_MSIL\Microsoft.Transactions.Bridge\3.0.0.0__b03f5f7f11d50a3a\Microsoft.Transactions.Bridge.dll
    - 2006-11-02 15:43:31 9,216 ----a-w C:\Windows\assembly\GAC_MSIL\microsoft.visualbasic.compatibility.data.resources\8.0.0.0_fr_b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.resources.dll
    + 2008-01-05 11:26:17 9,216 ----a-w C:\Windows\assembly\GAC_MSIL\microsoft.visualbasic.compatibility.data.resources\8.0.0.0_fr_b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.resources.dll
    - 2006-10-20 01:14:05 110,592 ----a-w C:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll
    + 2008-01-05 11:26:19 110,592 ----a-w C:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll
    - 2006-11-02 15:43:24 9,728 ----a-w C:\Windows\assembly\GAC_MSIL\microsoft.visualbasic.compatibility.resources\8.0.0.0_fr_b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.resources.dll
    + 2008-01-05 11:26:17 9,728 ----a-w C:\Windows\assembly\GAC_MSIL\microsoft.visualbasic.compatibility.resources\8.0.0.0_fr_b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.resources.dll
    - 2006-10-20 01:14:05 372,736 ----a-w C:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll
    + 2008-01-05 11:26:23 372,736 ----a-w C:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll
    - 2006-11-02 15:43:26 61,440 ----a-w C:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic.resources\8.0.0.0_fr_b03f5f7f11d50a3a\Microsoft.VisualBasic.resources.dll
    + 2008-01-05 11:26:11 61,440 ----a-w C:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic.resources\8.0.0.0_fr_b03f5f7f11d50a3a\Microsoft.VisualBasic.resources.dll
    - 2006-10-20 01:14:05 28,672 ----a-w C:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Vsa.dll
    + 2008-01-05 11:26:23 28,672 ----a-w C:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Vsa.dll
    - 2006-10-20 01:14:05 667,648 ----a-w C:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
    + 2008-01-05 11:26:23 671,744 ----a-w C:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
    - 2006-10-20 01:14:05 12,800 ----a-w C:\Windows\assembly\GAC_MSIL\Microsoft.Vsa.Vb.CodeDOMProcessor\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.Vb.CodeDOMProcessor.dll
    + 2008-01-05 11:26:24 12,800 ----a-w C:\Windows\assembly\GAC_MSIL\Microsoft.Vsa.Vb.CodeDOMProcessor\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.Vb.CodeDOMProcessor.dll
    - 2006-10-20 01:14:05 32,768 ----a-w C:\Windows\assembly\GAC_MSIL\Microsoft.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.dll
    + 2008-01-05 11:26:23 32,768 ----a-w C:\Windows\assembly\GAC_MSIL\Microsoft.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.dll
    - 2006-11-02 15:43:30 1,400,832 ----a-w C:\Windows\assembly\GAC_MSIL\MiguiControls.Resources\1.0.0.0_fr_31bf3856ad364e35\MIGUIControls.resources.dll
    + 2008-01-19 07:53:52 1,515,520 ----a-w C:\Windows\assembly\GAC_MSIL\MiguiControls.Resources\1.0.0.0_fr_31bf3856ad364e35\MIGUIControls.resources.dll
    - 2006-11-02 09:47:03 3,100,672 ----a-w C:\Windows\assembly\GAC_MSIL\MiguiControls\1.0.0.0__31bf3856ad364e35\MIGUIControls.dll
    + 2008-01-19 07:38:41 3,371,008 ----a-w C:\Windows\assembly\GAC_MSIL\MiguiControls\1.0.0.0__31bf3856ad364e35\MIGUIControls.dll
    - 2006-11-02 09:47:03 413,696 ----a-w C:\Windows\assembly\GAC_MSIL\MMCEx\3.0.0.0__31bf3856ad364e35\MMCEx.dll
    + 2008-01-19 07:38:41 417,792 ----a-w C:\Windows\assembly\GAC_MSIL\MMCEx\3.0.0.0__31bf3856ad364e35\MMCEx.dll
    - 2006-11-02 15:43:27 311,296 ----a-w C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_fr_b77a5c561934e089\mscorlib.Resources.dll
    + 2008-01-05 11:26:12 311,296 ----a-w C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_fr_b77a5c561934e089\mscorlib.Resources.dll
    - 2006-11-02 09:47:03 65,536 ----a-w C:\Windows\assembly\GAC_MSIL\napinit\6.0.0.0__31bf3856ad364e35\NAPINIT.DLL
    + 2008-01-19 07:38:45 65,536 ----a-w C:\Windows\assembly\GAC_MSIL\napinit\6.0.0.0__31bf3856ad364e35\NAPINIT.DLL
    - 2006-11-02 15:43:29 245,760 ----a-w C:\Windows\assembly\GAC_MSIL\napsnap.resources\6.0.0.0_fr_31bf3856ad364e35\napsnap.resources.dll
    + 2008-01-19 07:53:54 245,760 ----a-w C:\Windows\assembly\GAC_MSIL\napsnap.resources\6.0.0.0_fr_31bf3856ad364e35\napsnap.resources.dll
    - 2006-11-02 09:47:04 458,752 ----a-w C:\Windows\assembly\GAC_MSIL\napsnap\6.0.0.0__31bf3856ad364e35\NAPSNAP.DLL
    + 2008-01-19 07:38:45 458,752 ----a-w C:\Windows\assembly\GAC_MSIL\napsnap\6.0.0.0__31bf3856ad364e35\NAPSNAP.DLL
    - 2006-11-02 12:34:56 593,920 ----a-w C:\Windows\assembly\GAC_MSIL\PresentationBuildTasks\3.0.0.0__31bf3856ad364e35\PresentationBuildTasks.dll
    + 2008-01-05 11:21:52 602,112 ----a-w C:\Windows\assembly\GAC_MSIL\PresentationBuildTasks\3.0.0.0__31bf3856ad364e35\PresentationBuildTasks.dll
    - 2006-11-02 12:34:56 32,768 ----a-w C:\Windows\assembly\GAC_MSIL\PresentationCFFRasterizer\3.0.0.0__31bf3856ad364e35\PresentationCFFRasterizer.dll
    + 2008-01-05 11:21:52 32,768 ----a-w C:\Windows\assembly\GAC_MSIL\PresentationCFFRasterizer\3.0.0.0__31bf3856ad364e35\PresentationCFFRasterizer.dll
    - 2006-11-02 12:34:57 36,864 ----a-w C:\Windows\assembly\GAC_MSIL\PresentationFontCache\3.0.0.0__31bf3856ad364e35\PresentationFontCache.exe
    + 2008-01-05 11:21:53 36,864 ----a-w C:\Windows\assembly\GAC_MSIL\PresentationFontCache\3.0.0.0__31bf3856ad364e35\PresentationFontCache.exe
    - 2006-11-02 12:34:57 184,320 ----a-w C:\Windows\assembly\GAC_MSIL\PresentationFramework.Aero\3.0.0.0__31bf3856ad364e35\PresentationFramework.Aero.dll
    + 2008-01-05 11:21:53 184,320 ----a-w C:\Windows\assembly\GAC_MSIL\PresentationFramework.Aero\3.0.0.0__31bf3856ad364e35\PresentationFramework.Aero.dll
    - 2006-11-02 12:34:57 126,976 ----a-w C:\Windows\assembly\GAC_MSIL\PresentationFramework.Classic\3.0.0.0__31bf3856ad364e35\PresentationFramework.Classic.dll
    + 2008-01-05 11:21:53 131,072 ----a-w C:\Windows\assembly\GAC_MSIL\PresentationFramework.Classic\3.0.0.0__31bf3856ad364e35\PresentationFramework.Classic.dll
    - 2006-11-02 12:34:57 376,832 ----a-w C:\Windows\assembly\GAC_MSIL\PresentationFramework.Luna\3.0.0.0__31bf3856ad364e35\PresentationFramework.Luna.dll
    + 2008-01-05 11:21:53 376,832 ----a-w C:\Windows\assembly\GAC_MSIL\PresentationFramework.Luna\3.0.0.0__31bf3856ad364e35\PresentationFramework.Luna.dll
    - 2006-11-02 12:34:57 151,552 ----a-w C:\Windows\assembly\GAC_MSIL\PresentationFramework.Royale\3.0.0.0__31bf3856ad364e35\PresentationFramework.Royale.dll
    + 2008-01-05 11:21:54 151,552 ----a-w C:\Windows\assembly\GAC_MSIL\PresentationFramework.Royale\3.0.0.0__31bf3856ad364e35\PresentationFramework.Royale.dll
    - 2006-11-02 12:34:57 4,972,544 ----a-w C:\Windows\assembly\GAC_MSIL\PresentationFramework\3.0.0.0__31bf3856ad364e35\PresentationFramework.dll
    + 2008-01-05 11:21:53 5,210,112 ----a-w C:\Windows\assembly\GAC_MSIL\PresentationFramework\3.0.0.0__31bf3856ad364e35\PresentationFramework.dll
    - 2006-11-02 12:34:57 897,024 ----a-w C:\Windows\assembly\GAC_MSIL\PresentationUI\3.0.0.0__31bf3856ad364e35\PresentationUI.dll
    + 2008-01-05 11:21:55 897,024 ----a-w C:\Windows\assembly\GAC_MSIL\PresentationUI\3.0.0.0__31bf3856ad364e35\PresentationUI.dll
    - 2006-11-02 12:34:56 528,384 ----a-w C:\Windows\assembly\GAC_MSIL\ReachFramework\3.0.0.0__31bf3856ad364e35\ReachFramework.dll
    + 2008-01-05 11:21:55 528,384 ----a-w C:\Windows\assembly\GAC_MSIL\ReachFramework\3.0.0.0__31bf3856ad364e35\ReachFramework.dll
    - 2006-11-02 12:34:59 61,440 ----a-w C:\Windows\assembly\GAC_MSIL\ServiceModelReg\3.0.0.0__b03f5f7f11d50a3a\ServiceModelReg.exe
    + 2008-01-05 11:21:39 61,440 ----a-w C:\Windows\assembly\GAC_MSIL\ServiceModelReg\3.0.0.0__b03f5f7f11d50a3a\ServiceModelReg.exe
    - 2006-11-02 12:34:59 94,208 ----a-w C:\Windows\assembly\GAC_MSIL\SMDiagnostics\3.0.0.0__b77a5c561934e089\SMdiagnostics.dll
    + 2008-01-05 11:21:39 102,400 ----a-w C:\Windows\assembly\GAC_MSIL\SMDiagnostics\3.0.0.0__b77a5c561934e089\SMdiagnostics.dll
    - 2006-11-02 12:34:58 122,880 ----a-w C:\Windows\assembly\GAC_MSIL\SMSvcHost\3.0.0.0__b03f5f7f11d50a3a\SMSvcHost.exe
    + 2008-01-05 11:21:39 122,880 ----a-w C:\Windows\assembly\GAC_MSIL\SMSvcHost\3.0.0.0__b03f5f7f11d50a3a\SMSvcHost.exe
    - 2006-11-02 15:43:30 10,752 ----a-w C:\Windows\assembly\GAC_MSIL\sysglobl.resources\2.0.0.0_fr_b03f5f7f11d50a3a\sysglobl.resources.dll
    + 2008-01-05 11:26:12 10,752 ----a-w C:\Windows\assembly\GAC_MSIL\sysglobl.resources\2.0.0.0_fr_b03f5f7f11d50a3a\sysglobl.resources.dll
    - 2006-10-20 01:14:46 110,592 ----a-w C:\Windows\assembly\GAC_MSIL\sysglobl\2.0.0.0__b03f5f7f11d50a3a\sysglobl.dll
    + 2008-01-05 11:26:54 110,592 ----a-w C:\Windows\assembly\GAC_MSIL\sysglobl\2.0.0.0__b03f5f7f11d50a3a\sysglobl.dll
    - 2006-11-02 15:43:30 28,672 ----a-w C:\Windows\assembly\GAC_MSIL\System.Configuration.Install.resources\2.0.0.0_fr_b03f5f7f11d50a3a\System.Configuration.Install.Resources.dll
    + 2008-01-05 11:26:12 28,672 ----a-w C:\Windows\assembly\GAC_MSIL\System.Configuration.Install.resources\2.0.0.0_fr_b03f5f7f11d50a3a\System.Configuration.Install.Resources.dll
    - 2006-10-20 01:14:46 81,920 ----a-w C:\Windows\assembly\GAC_MSIL\System.Configuration.Install\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll
    + 2008-01-05 11:26:54 81,920 ----a-w C:\Windows\assembly\GAC_MSIL\System.Configuration.Install\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll
    - 2006-11-02 15:43:25 49,152 ----a-w C:\Windows\assembly\GAC_MSIL\system.configuration.resources\2.0.0.0_fr_b03f5f7f11d50a3a\System.Configuration.resources.dll
    + 2008-01-05 11:26:12 49,152 ----a-w C:\Windows\assembly\GAC_MSIL\system.configuration.resources\2.0.0.0_fr_b03f5f7f11d50a3a\System.Configuration.resources.dll
    - 2006-10-20 01:14:46 413,696 ----a-w C:\Windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.configuration.dll
    + 2008-01-05 11:26:54 425,984 ----a-w C:\Windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.configuration.dll
    - 2006-11-02 15:43:30 110,592 ----a-w C:\Windows\assembly\GAC_MSIL\System.Data.OracleClient.resources\2.0.0.0_fr_b77a5c561934e089\System.Data.OracleClient.resources.dll
    + 2008-01-05 11:26:12 110,592 ----a-w C:\Windows\assembly\GAC_MSIL\System.Data.OracleClient.resources\2.0.0.0_fr_b77a5c561934e089\System.Data.OracleClient.resources.dll
    - 2006-11-02 15:43:26 335,872 ----a-w C:\Windows\assembly\GAC_MSIL\System.Data.resources\2.0.0.0_fr_b77a5c561934e089\System.Data.Resources.dll
    + 2008-01-05 11:26:13 344,064 ----a-w C:\Windows\assembly\GAC_MSIL\System.Data.resources\2.0.0.0_fr_b77a5c561934e089\System.Data.Resources.dll
    - 2006-11-02 15:43:32 36,864 ----a-w C:\Windows\assembly\GAC_MSIL\System.Data.SqlXml.resources\2.0.0.0_fr_b77a5c561934e089\system.data.sqlxml.resources.dll
    + 2008-01-05 11:26:13 36,864 ----a-w C:\Windows\assembly\GAC_MSIL\System.Data.SqlXml.resources\2.0.0.0_fr_b77a5c561934e089\system.data.sqlxml.resources.dll
    - 2006-10-20 01:14:48 716,800 ----a-w C:\Windows\assembly\GAC_MSIL\System.Data.SqlXml\2.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll
    + 2008-01-05 11:26:55 741,376 ----a-w C:\Windows\assembly\GAC_MSIL\System.Data.SqlXml\2.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll
    - 2006-11-02 15:43:31 385,024 ----a-w C:\Windows\assembly\GAC_MSIL\System.Deployment.resources\2.0.0.0_fr_b03f5f7f11d50a3a\System.Deployment.resources.dll
    + 2008-01-05 11:26:14 389,120 ----a-w C:\Windows\assembly\GAC_MSIL\System.Deployment.resources\2.0.0.0_fr_b03f5f7f11d50a3a\System.Deployment.resources.dll
    - 2006-10-20 01:14:49 888,832 ----a-w C:\Windows\assembly\GAC_MSIL\System.Deployment\2.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll
    + 2008-01-05 11:26:55 933,888 ----a-w C:\Windows\assembly\GAC_MSIL\System.Deployment\2.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll
    - 2006-11-02 15:43:24 544,768 ----a-w C:\Windows\assembly\GAC_MSIL\System.Design.resources\2.0.0.0_fr_b03f5f7f11d50a3a\System.Design.Resources.dll
    + 2008-01-05 11:26:14 544,768 ----a-w C:\Windows\assembly\GAC_MSIL\System.Design.resources\2.0.0.0_fr_b03f5f7f11d50a3a\System.Design.Resources.dll
    - 2006-10-20 01:14:49 5,050,368 ----a-w C:\Windows\assembly\GAC_MSIL\System.Design\2.0.0.0__b03f5f7f11d50a3a\System.Design.dll
    + 2008-01-05 11:26:55 5,070,848 ----a-w C:\Windows\assembly\GAC_MSIL\System.Design\2.0.0.0__b03f5f7f11d50a3a\System.Design.dll
    - 2006-11-02 15:43:29 28,672 ----a-w C:\Windows\assembly\GAC_MSIL\System.DirectoryServices.Protocols.resources\2.0.0.0_fr_b03f5f7f11d50a3a\System.DirectoryServices.Protocols.resources.dll
    + 2008-01-05 11:26:14 28,672 ----a-w C:\Windows\assembly\GAC_MSIL\System.DirectoryServices.Protocols.resources\2.0.0.0_fr_b03f5f7f11d50a3a\System.DirectoryServices.Protocols.resources.dll
    - 2006-10-20 01:14:50 188,416 ----a-w C:\Windows\assembly\GAC_MSIL\System.DirectoryServices.Protocols\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll
    + 2008-01-05 11:26:55 188,416 ----a-w C:\Windows\assembly\GAC_MSIL\System.DirectoryServices.Protocols\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll
    - 2006-11-02 15:43:32 40,960 ----a-w C:\Windows\assembly\GAC_MSIL\System.DirectoryServices.resources\2.0.0.0_fr_b03f5f7f11d50a3a\System.DirectoryServices.Resources.dll
    + 2008-01-05 11:26:16 40,960 ----a-w C:\Windows\assembly\GAC_MSIL\System.DirectoryServices.resources\2.0.0.0_fr_b03f5f7f11d50a3a\System.DirectoryServices.Resources.dll
    - 2006-10-20 01:14:50 397,312 ----a-w C:\Windows\assembly\GAC_MSIL\System.DirectoryServices\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll
    + 2008-01-05 11:26:55 401,408 ----a-w C:\Windows\assembly\GAC_MSIL\System.DirectoryServices\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll
    - 2006-11-02 15:43:25 6,144 ----a-w C:\Windows\assembly\GAC_MSIL\System.Drawing.Design.resources\2.0.0.0_fr_b03f5f7f11d50a3a\System.Drawing.Design.Resources.dll
    + 2008-01-05 11:26:16 6,144 ----a-w C:\Windows\assembly\GAC_MSIL\System.Drawing.Design.resources\2.0.0.0_fr_b03f5f7f11d50a3a\System.Drawing.Design.Resources.dll
    - 2006-10-20 01:14:51 81,920 ----a-w C:\Windows\assembly\GAC_MSIL\System.Drawing.Design\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.Design.dll
    + 2008-01-05 11:26:55 81,920 ----a-w C:\Windows\assembly\GAC_MSIL\System.Drawing.Design\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.Design.dll
    - 2006-11-02 15:43:28 15,360 ----a-w C:\Windows\assembly\GAC_MSIL\System.Drawing.resources\2.0.0.0_fr_b03f5f7f11d50a3a\System.Drawing.Resources.dll
    + 2008-01-05 11:26:16 15,360 ----a-w C:\Windows\assembly\GAC_MSIL\System.Drawing.resources\2.0.0.0_fr_b03f5f7f11d50a3a\System.Drawing.Resources.dll
    - 2006-10-20 01:14:51 704,512 ----a-w C:\Windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
    + 2008-01-05 11:26:55 630,784 ----a-w C:\Windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
    - 2006-11-02 15:43:25 32,768 ----a-w C:\Windows\assembly\GAC_MSIL\System.EnterpriseServices.resources\2.0.0.0_fr_b03f5f7f11d50a3a\System.EnterpriseServices.Resources.dll
    + 2008-01-05 11:26:17 32,768 ----a-w C:\Windows\assembly\GAC_MSIL\System.EnterpriseServices.resources\2.0.0.0_fr_b03f5f7f11d50a3a\System.EnterpriseServices.Resources.dll
    - 2006-11-02 15:43:25 65,536 ----a-w C:\Windows\assembly\GAC_MSIL\System.IdentityModel.resources\3.0.0.0_fr_b77a5c561934e089\System.IdentityModel.Resources.dll
    + 2008-01-05 11:26:37 65,536 ----a-w C:\Windows\assembly\GAC_MSIL\System.IdentityModel.resources\3.0.0.0_fr_b77a5c561934e089\System.IdentityModel.Resources.dll
    - 2006-11-02 15:43:24 53,248 ----a-w C:\Windows\assembly\GAC_MSIL\System.IdentityModel.Selectors.resources\3.0.0.0_fr_b77a5c561934e089\System.IdentityModel.Selectors.Resources.dll
    + 2008-01-05 11:26:39 57,344 ----a-w C:\Windows\assembly\GAC_MSIL\System.IdentityModel.Selectors.resources\3.0.0.0_fr_b77a5c561934e089\System.IdentityModel.Selectors.Resources.dll
    - 2006-11-02 12:34:58 126,976 ----a-w C:\Windows\assembly\GAC_MSIL\System.IdentityModel.Selectors\3.0.0.0__b77a5c561934e089\System.IdentityModel.Selectors.dll
    + 2008-01-05 11:21:38 126,976 ----a-w C:\Windows\assembly\GAC_MSIL\System.IdentityModel.Selectors\3.0.0.0__b77a5c561934e089\System.IdentityModel.Selectors.dll
    - 2006-11-02 12:34:58 413,696 ----a-w C:\Windows\assembly\GAC_MSIL\System.IdentityModel\3.0.0.0__b77a5c561934e089\System.IdentityModel.dll
    + 2008-01-05 11:21:37 430,080 ----a-w C:\Windows\assembly\GAC_MSIL\System.IdentityModel\3.0.0.0__b77a5c561934e089\System.IdentityModel.dll
    - 2006-11-02 12:34:58 131,072 ----a-w C:\Windows\assembly\GAC_MSIL\System.IO.Log\3.0.0.0__b03f5f7f11d50a3a\System.IO.Log.dll
    + 2008-01-05 11:21:38 131,072 ----a-w C:\Windows\assembly\GAC_MSIL\System.IO.Log\3.0.0.0__b03f5f7f11d50a3a\System.IO.Log.dll
    - 2006-11-02 15:43:24 13,312 ----a-w C:\Windows\assembly\GAC_MSIL\System.Management.resources\2.0.0.0_fr_b03f5f7f11d50a3a\System.Management.Resources.dll
    + 2008-01-05 11:26:17 13,312 ----a-w C:\Windows\assembly\GAC_MSIL\System.Management.resources\2.0.0.0_fr_b03f5f7f11d50a3a\System.Management.Resources.dll
    - 2006-10-20 01:14:52 368,640 ----a-w C:\Windows\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll
    + 2008-01-05 11:26:58 372,736 ----a-w C:\Windows\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll
    - 2006-11-02 15:43:26 61,440 ----a-w C:\Windows\assembly\GAC_MSIL\System.Messaging.resources\2.0.0.0_fr_b03f5f7f11d50a3a\System.Messaging.Resources.dll
    + 2008-01-05 11:26:17 61,440 ----a-w C:\Windows\assembly\GAC_MSIL\System.Messaging.resources\2.0.0.0_fr_b03f5f7f11d50a3a\System.Messaging.Resources.dll
    - 2006-10-20 01:14:52 258,048 ----a-w C:\Windows\assembly\GAC_MSIL\System.Messaging\2.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll
    + 2008-01-05 11:26:58 258,048 ----a-w C:\Windows\assembly\GAC_MSIL\System.Messaging\2.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll
    - 2006-11-02 15:43:26 212,992 ----a-w C:\Windows\assembly\GAC_MSIL\System.resources\2.0.0.0_fr_b77a5c561934e089\system.Resources.dll
    + 2008-01-05 11:26:17 212,992 ----a-w C:\Windows\assembly\GAC_MSIL\System.resources\2.0.0.0_fr_b77a5c561934e089\system.Resources.dll
    - 2006-11-02 15:43:23 32,768 ----a-w C:\Windows\assembly\GAC_MSIL\System.Runtime.Remoting.resources\2.0.0.0_fr_b77a5c561934e089\System.Runtime.Remoting.Resources.dll
    + 2008-01-05 11:26:17 32,768 ----a-w C:\Windows\assembly\GAC_MSIL\System.Runtime.Remoting.resources\2.0.0.0_fr_b77a5c561934e089\System.Runtime.Remoting.Resources.dll
    - 2006-10-20 01:14:53 299,008 ----a-w C:\Windows\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
    + 2008-01-05 11:26:58 299,008 ----a-w C:\Windows\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
    - 2006-11-02 15:43:28 11,776 ----a-w C:\Windows\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap.resources\2.0.0.0_fr_b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.Resources.dll
    + 2008-01-05 11:26:17 11,776 ----a-w C:\Windows\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap.resources\2.0.0.0_fr_b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.Resources.dll
    - 2006-10-20 01:14:53 131,072 ----a-w C:\Windows\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
    + 2008-01-05 11:26:58 131,072 ----a-w C:\Windows\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
    - 2006-11-02 15:43:28 94,208 ----a-w C:\Windows\assembly\GAC_MSIL\System.Runtime.Serialization.resources\3.0.0.0_fr_b77a5c561934e089\System.RunTime.Serialization.Resources.dll
    + 2008-01-05 11:26:41 98,304 ----a-w C:\Windows\assembly\GAC_MSIL\System.Runtime.Serialization.resources\3.0.0.0_fr_b77a5c561934e089\System.RunTime.Serialization.Resources.dll
    - 2006-11-02 12:34:59 888,832 ----a-w C:\Windows\assembly\GAC_MSIL\System.Runtime.Serialization\3.0.0.0__b77a5c561934e089\System.Runtime.Serialization.dll
    + 2008-01-05 11:21:38 929,792 ----a-w C:\Windows\assembly\GAC_MSIL\System.Runtime.Serialization\3.0.0.0__b77a5c561934e089\System.Runtime.Serialization.dll
    - 2006-11-02 15:43:25 28,672 ----a-w C:\Windows\assembly\GAC_MSIL\System.Security.resources\2.0.0.0_fr_b03f5f7f11d50a3a\System.Security.Resources.dll
    + 2008-01-05 11:26:17 28,672 ----a-w C:\Windows\assembly\GAC_MSIL\System.Security.resources\2.0.0.0_fr_b03f5f7f11d50a3a\System.Security.Resources.dll
    - 2006-10-20 01:14:53 258,048 ----a-w C:\Windows\assembly\GAC_MSIL\System.Security\2.0.0.0__b03f5f7f11d50a3a\System.Security.dll
    + 2008-01-05 11:26:58 258,048 ----a-w C:\Windows\assembly\GAC_MSIL\System.Security\2.0.0.0__b03f5f7f11d50a3a\System.Security.dll
    - 2006-11-02 12:34:58 159,744 ----a-w C:\Windows\assembly\GAC_MSIL\System.ServiceModel.Install\3.0.0.0__b77a5c561934e089\System.ServiceModel.Install.dll
    + 2008-01-05 11:21:40 159,744 ----a-w C:\Windows\assembly\GAC_MSIL\System.ServiceModel.Install\3.0.0.0__b77a5c561934e089\System.ServiceModel.Install.dll
    - 2006-11-02 15:43:29 475,136 ----a-w C:\Windows\assembly\GAC_MSIL\System.ServiceModel.resources\3.0.0.0_fr_b77a5c561934e089\System.ServiceModel.Resources.dll
    + 2008-01-05 11:26:41 499,712 ----a-w C:\Windows\assembly\GAC_MSIL\System.ServiceModel.resources\3.0.0.0_fr_b77a5c561934e089\System.ServiceModel.Resources.dll
    - 2006-11-02 12:34:59 16,384 ----a-w C:\Windows\assembly\GAC_MSIL\System.ServiceModel.WasHosting\3.0.0.0__b77a5c561934e089\System.ServiceModel.WasHosting.dll
    + 2008-01-05 11:21:40 32,768 ----a-w C:\Windows\assembly\GAC_MSIL\System.ServiceModel.WasHosting\3.0.0.0__b77a5c561934e089\System.ServiceModel.WasHosting.dll
    - 2006-11-02 12:34:58 5,672,960 ----a-w C:\Windows\assembly\GAC_MSIL\System.ServiceModel\3.0.0.0__b77a5c561934e089\System.ServiceModel.dll
    + 2008-01-05 11:21:38 5,971,968 ----a-w C:\Windows\assembly\GAC_MSIL\System.ServiceModel\3.0.0.0__b77a5c561934e089\System.ServiceModel.dll
    - 2006-11-02 15:43:28 40,960 ----a-w C:\Windows\assembly\GAC_MSIL\System.ServiceProcess.resources\2.0.0.0_fr_b03f5f7f11d50a3a\System.ServiceProcess.Resources.dll
    + 2008-01-05 11:26:17 40,960 ----a-w C:\Windows\assembly\GAC_MSIL\System.ServiceProcess.resources\2.0.0.0_fr_b03f5f7f11d50a3a\System.ServiceProcess.Resources.dll
    - 2006-10-20 01:14:53 114,688 ----a-w C:\Windows\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
    + 2008-01-05 11:26:58 114,688 ----a-w C:\Windows\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
    - 2006-11-02 12:34:57 688,128 ----a-w C:\Windows\assembly\GAC_MSIL\System.Speech\3.0.0.0__31bf3856ad364e35\System.Speech.dll
    + 2008-01-05 11:21:55 688,128 ----a-w C:\Windows\assembly\GAC_MSIL\System.Speech\3.0.0.0__31bf3856ad364e35\System.Speech.dll
    - 2006-11-02 15:43:26 16,896 ----a-w C:\Windows\assembly\GAC_MSIL\System.Transactions.resources\2.0.0.0_fr_b77a5c561934e089\System.Transactions.resources.dll
    + 2008-01-05 11:26:17 16,896 ----a-w C:\Windows\assembly\GAC_MSIL\System.Transactions.resources\2.0.0.0_fr_b77a5c561934e089\System.Transactions.resources.dll
    - 2006-11-02 15:43:24 81,920 ----a-w C:\Windows\assembly\GAC_MSIL\System.Web.Mobile.resources\2.0.0.0_fr_b03f5f7f11d50a3a\System.Web.Mobile.resources.dll
    + 2008-01-05 11:26:17 81,920 ----a-w C:\Windows\assembly\GAC_MSIL\System.Web.Mobile.resources\2.0.0.0_fr_b03f5f7f11d50a3a\System.Web.Mobile.resources.dll
    - 2006-10-20 01:14:54 835,584 ----a-w C:\Windows\assembly\GAC_MSIL\System.Web.Mobile\2.0.0.0__b03f5f7f11d50a3a\System.Web.Mobile.dll
    + 2008-01-05 11:26:59 884,736 ----a-w C:\Windows\assembly\GAC_MSIL\System.Web.Mobile\2.0.0.0__b03f5f7f11d50a3a\System.Web.Mobile.dll
    - 2006-10-20 01:14:55 86,016 ----a-w C:\Windows\assembly\GAC_MSIL\System.Web.RegularExpressions\2.0.0.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll
    + 2008-01-05 11:26:59 90,112 ----a-w C:\Windows\assembly\GAC_MSIL\System.Web.RegularExpressions\2.0.0.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll
    - 2007-12-16 06:15:02 618,496 ----a-w C:\Windows\assembly\GAC_MSIL\System.Web.resources\2.0.0.0_fr_b03f5f7f11d50a3a\System.Web.Resources.dll
    + 2008-01-05 11:26:17 618,496 ----a-w C:\Windows\assembly\GAC_MSIL\System.Web.resources\2.0.0.0_fr_b03f5f7f11d50a3a\System.Web.Resources.dll
    - 2006-11-02 15:43:31 81,920 ----a-w C:\Windows\assembly\GAC_MSIL\System.Web.Services.resources\2.0.0.0_fr_b03f5f7f11d50a3a\System.Web.Services.Resources.dll
    + 2008-01-05 11:26:17 81,920 ----a-w C:\Windows\assembly\GAC_MSIL\System.Web.Services.resources\2.0.0.0_fr_b03f5f7f11d50a3a\System.Web.Services.Resources.dll
    - 2006-10-20 01:14:55 823,296 ----a-w C:\Windows\assembly\GAC_MSIL\System.Web.Services\2.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll
    + 2008-01-05 11:27:00 839,680 ----a-w C:\Windows\assembly\GAC_MSIL\System.Web.Services\2.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll
    - 2006-11-02 15:43:31 430,080 ----a-w C:\Windows\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_fr_b77a5c561934e089\System.Windows.Forms.Resources.dll
    + 2008-01-05 11:26:17 430,080 ----a-w C:\Windows\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_fr_b77a5c561934e089\System.Windows.Forms.Resources.dll
    - 2006-10-20 01:14:56 5,414,912 ----a-w C:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
    + 2008-01-05 11:27:02 5,013,504 ----a-w C:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
    - 2006-11-02 15:43:24 191,304 ----a-w C:\Windows\assembly\GAC_MSIL\System.Workflow.Activities.resources\3.0.0.0_fr_31bf3856ad364e35\System.Workflow.Activities.resources.dll
    + 2008-01-05 11:26:54 193,592 ----a-w C:\Windows\assembly\GAC_MSIL\System.Workflow.Activities.resources\3.0.0.0_fr_31bf3856ad364e35\System.Workflow.Activities.resources.dll
    - 2006-11-02 12:34:56 1,108,784 ----a-w C:\Windows\assembly\GAC_MSIL\System.Workflow.Activities\3.0.0.0__31bf3856ad364e35\System.Workflow.Activities.dll
    + 2008-01-05 11:22:14 1,152,040 ----a-w C:\Windows\assembly\GAC_MSIL\System.Workflow.Activities\3.0.0.0__31bf3856ad364e35\System.Workflow.Activities.dll
    - 2006-11-02 15:43:29 318,288 ----a-w C:\Windows\assembly\GAC_MSIL\System.Workflow.ComponentModel.resources\3.0.0.0_fr_31bf3856ad364e35\System.Workflow.ComponentModel.resources.dll
    + 2008-01-05 11:26:54 320,576 ----a-w C:\Windows\assembly\GAC_MSIL\System.Workflow.ComponentModel.resources\3.0.0.0_fr_31bf3856ad364e35\System.Workflow.ComponentModel.resources.dll
    - 2006-11-02 12:34:56 1,641,272 ----a-w C:\Windows\assembly\GAC_MSIL\System.Workflow.ComponentModel\3.0.0.0__31bf3856ad364e35\System.Workflow.ComponentModel.dll
    + 2008-01-05 11:22:15 1,635,376 ----a-w C:\Windows\assembly\GAC_MSIL\System.Workflow.ComponentModel\3.0.0.0__31bf3856ad364e35\System.Workflow.ComponentModel.dll
    - 2006-11-02 15:43:27 43,840 ----a-w C:\Windows\assembly\GAC_MSIL\System.Workflow.Runtime.resources\3.0.0.0_fr_31bf3856ad364e35\System.Workflow.Runtime.resources.dll
    + 2008-01-05 11:26:54 46,136 ----a-w C:\Windows\assembly\GAC_MSIL\System.Workflow.Runtime.resources\3.0.0.0_fr_31bf3856ad364e35\System.Workflow.Runtime.resources.dll
    - 2006-11-02 12:34:56 588,592 ----a-w C:\Windows\assembly\GAC_MSIL\System.Workflow.Runtime\3.0.0.0__31bf3856ad364e35\System.Workflow.Runtime.dll
    + 2008-01-05 11:22:15 578,592 ----a-w C:\Windows\assembly\GAC_MSIL\System.Workflow.Runtime\3.0.0.0__31bf3856ad364e35\System.Workflow.Runtime.dll
    - 2006-11-02 15:43:24 167,936 ----a-w C:\Windows\assembly\GAC_MSIL\System.XML.resources\2.0.0.0_fr_b77a5c561934e089\System.xml.Resources.dll
    + 2008-01-05 11:26:17 167,936 ----a-w C:\Windows\assembly\GAC_MSIL\System.XML.resources\2.0.0.0_fr_b77a5c561934e089\System.xml.Resources.dll
    - 2006-10-20 01:14:58 2,039,808 ----a-w C:\Windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.XML.dll
    + 2008-01-05 11:27:03 2,068,480 ----a-w C:\Windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.XML.dll
    - 2006-10-20 01:14:51 3,035,136 ----a-w C:\Windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll
    + 2008-01-05 11:26:55 3,076,096 ----a-w C:\Windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll
    - 2006-11-02 15:43:30 7,680 ----a-w C:\Windows\assembly\GAC_MSIL\TaskScheduler.Resources\6.0.0.0_fr_31bf3856ad364e35\TaskScheduler.resources.dll
    + 2008-01-19 07:54:01 7,680 ----a-w C:\Windows\assembly\GAC_MSIL\TaskScheduler.Resources\6.0.0.0_fr_31bf3856ad364e35\TaskScheduler.resources.dll
    - 2006-11-02 09:47:22 163,840 ----a-w C:\Windows\assembly\GAC_MSIL\TaskScheduler\6.0.0.0__31bf3856ad364e35\TaskScheduler.dll
    + 2008-01-19 07:39:26 163,840 ----a-w C:\Windows\assembly\GAC_MSIL\TaskScheduler\6.0.0.0__31bf3856ad364e35\TaskScheduler.dll
    - 2006-11-02 12:34:57 163,840 ----a-w C:\Windows\assembly\GAC_MSIL\UIAutomationClient\3.0.0.0__31bf3856ad364e35\UIAutomationClient.dll
    + 2008-01-05 11:21:56 163,840 ----a-w C:\Windows\assembly\GAC_MSIL\UIAutomationClient\3.0.0.0__31bf3856ad364e35\UIAutomationClient.dll
    - 2006-11-02 12:34:57 372,736 ----a-w C:\Windows\assembly\GAC_MSIL\UIAutomationClientsideProviders\3.0.0.0__31bf3856ad364e35\UIAutomationClientsideProviders.dll
    + 2008-01-05 11:22:00 372,736 ----a-w C:\Windows\assembly\GAC_MSIL\UIAutomationClientsideProviders\3.0.0.0__31bf3856ad364e35\UIAutomationClientsideProviders.dll
    - 2006-11-02 12:34:57 32,768 ----a-w C:\Windows\assembly\GAC_MSIL\UIAutomationProvider\3.0.0.0__31bf3856ad364e35\UIAutomationProvider.dll
    + 2008-01-05 11:22:00 32,768 ----a-w C:\Windows\assembly\GAC_MSIL\UIAutomationProvider\3.0.0.0__31bf3856ad364e35\UIAutomationProvider.dll
    - 2006-11-02 12:34:56 86,016 ----a-w C:\Windows\assembly\GAC_MSIL\UIAutomationTypes\3.0.0.0__31bf3856ad364e35\UIAutomationTypes.dll
    + 2008-01-05 11:22:00 86,016 ----a-w C:\Windows\assembly\GAC_MSIL\UIAutomationTypes\3.0.0.0__31bf3856ad364e35\UIAutomationTypes.dll
    - 2006-11-02 12:34:56 1,167,360 ----a-w C:\Windows\assembly\GAC_MSIL\WindowsBase\3.0.0.0__31bf3856ad364e35\WindowsBase.dll
    + 2008-01-05 11:22:00 1,204,224 ----a-w C:\Windows\assembly\GAC_MSIL\WindowsBase\3.0.0.0__31bf3856ad364e35\WindowsBase.dll
    - 2006-11-02 12:34:57 81,920 ----a-w C:\Windows\assembly\GAC_MSIL\WindowsFormsIntegration\3.0.0.0__31bf3856ad364e35\WindowsFormsIntegration.dll
    + 2008-01-05 11:22:01 81,920 ----a-w C:\Windows\assembly\GAC_MSIL\WindowsFormsIntegration\3.0.0.0__31bf3856ad364e35\WindowsFormsIntegration.dll
    - 2006-11-02 12:34:59 143,360 ----a-w C:\Windows\assembly\GAC_MSIL\WsatConfig\3.0.0.0__b03f5f7f11d50a3a\WsatConfig.exe
    + 2008-01-05 11:21:40 143,360 ----a-w C:\Windows\assembly\GAC_MSIL\WsatConfig\3.0.0.0__b03f5f7f11d50a3a\WsatConfig.exe
    + 2008-05-18 14:31:41 27,136 ----a-w C:\Windows\assembly\NativeImages_v2.0.50727_32\Accessibility\e2170385d6492ce6539124c5a3b361a8\Accessibility.ni.dll
    + 2008-05-18 15:05:40 884,736 ----a-w C:\Windows\assembly\NativeImages_v2.0.50727_32\AspNetMMCExt\b3a5c81e91bf9b1e63697e53a41ac0ed\AspNetMMCExt.ni.dll
    + 2008-05-18 15:03:49 503,808 ----a-w C:\Windows\assembly\NativeImages_v2.0.50727_32\ComSvcConfig\a29c71731e54f91d32ccc55d5493126d\ComSvcConfig.ni.exe
    + 2008-05-18 15:05:41 237,568 ----a-w C:\Windows\assembly\NativeImages_v2.0.50727_32\CustomMarshalers\8b7076d09705567c6431176b693597ab\CustomMarshalers.ni.dll
    + 2008-05-18 15:05:41 15,360 ----a-w C:\Windows\assembly\NativeImages_v2.0.50727_32\dfsvc\314a2a2c7ac434889e2478150e910adf\dfsvc.ni.exe
    + 2008-05-18 15:05:08 577,536 ----a-w C:\Windows\assembly\NativeImages_v2.0.50727_32\EventViewer\368debb045e28955b65910779050eccc\EventViewer.ni.dll
    + 2008-05-18 15:05:43 876,544 ----a-w C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Eng#\e24c7a7e58f9b3432df623710b9c5e01\Microsoft.Build.Engine.ni.dll
    + 2008-05-18 15:05:43 81,920 ----a-w C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Fra#\6dc26698fcb3f0f93759f3c38a6207d5\Microsoft.Build.Framework.ni.dll
    + 2008-05-18 15:05:46 1,695,744 ----a-w C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Tas#\87407c2d9c2530f716841b6d6ebdf563\Microsoft.Build.Tasks.ni.dll
    + 2008-05-18 15:05:47 167,936 ----a-w C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Uti#\bdd6a68dce3ff4146b24afdf9759402b\Microsoft.Build.Utilities.ni.dll
    + 2008-05-18 15:05:18 1,441,792 ----a-w C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Ink\d521fc6793855857df18b7cb9ab0acaa\Microsoft.Ink.ni.dll
    + 2008-05-18 15:05:37 2,441,216 ----a-w C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.JScript\2f558d3a6d024dfcdd1d62233a067b40\Microsoft.JScript.ni.dll
    + 2008-05-18 15:05:09 614,400 ----a-w C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Managemen#\b059345a9c2a126e320e17c2090dd354\Microsoft.ManagementConsole.ni.dll
    + 2008-05-18 15:05:04 1,232,896 ----a-w C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Transacti#\198b25c569e8a6fbb78092fe9c697600\Microsoft.Transactions.Bridge.ni.dll
    + 2008-05-18 15:05:20 401,408 ----a-w C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Transacti#\b0da39820e35eb3821e69ac8ace491a1\Microsoft.Transactions.Bridge.Dtc.ni.dll
    + 2008-05-18 15:05:50 1,740,800 ----a-w C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\a96c6b0c75f8ea3eb133018ba3b49f3f\Microsoft.VisualBasic.ni.dll
    + 2008-05-18 14:31:44 17,920 ----a-w C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualC\ce2416df0a2df3ab6f06673c545d71de\Microsoft.VisualC.ni.dll
    + 2008-05-18 15:05:37 77,824 ----a-w C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Vsa\81c771cf263c377d46aaf249c7ab903a\Microsoft.Vsa.ni.dll
    + 2008-05-18 15:05:16 6,443,008 ----a-w C:\Windows\assembly\NativeImages_v2.0.50727_32\MIGUIControls\66ad568e1ea098a2099364bf66bdaed8\MIGUIControls.ni.dll
    + 2008-05-18 15:05:23 1,691,648 ----a-w C:\Windows\assembly\NativeImages_v2.0.50727_32\MMCEx\f5934f1b89f7c8fb3f0bab1c21045f1c\MMCEx.ni.dll
    + 2008-05-18 15:05:09 319,488 ----a-w C:\Windows\assembly\NativeImages_v2.0.50727_32\MMCFxCommon\a3d6cbb5a1efbd314e7080bbbd78d1cd\MMCFxCommon.ni.dll
    + 2008-05-18 14:26:29 11,722,752 ----a-w C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\5b3e3b0551bcaa722c27dbb089c431e4\mscorlib.ni.dll
    + 2008-05-18 15:05:24 102,400 ----a-w C:\Windows\assembly\NativeImages_v2.0.50727_32\napcrypt\29d0ab81098806db3b769de45054ea13\napcrypt.ni.dll
    + 2008-05-18 15:05:24 139,264 ----a-w C:\Windows\assembly\NativeImages_v2.0.50727_32\naphlpr\65fba2f3c000945397537d9646148f6c\naphlpr.ni.dll
    + 2008-05-18 15:05:25 126,976 ----a-w C:\Windows\assembly\NativeImages_v2.0.50727_32\napinit\ad70802a13332254382fd4bddbfbc8b3\napinit.ni.dll
    + 2008-05-18 15:05:26 737,280 ----a-w C:\Windows\assembly\NativeImages_v2.0.50727_32\napsnap\ae9a564a6dd8814ba0ec381fd07be4bb\napsnap.ni.dll
    + 2008-05-18 15:05:54 2,641,920 ----a-w C:\Windows\assembly\NativeImages_v2.0.50727_32\Narrator\1b896bbb7ed678902995f5a2479962e8\Narrator.ni.exe
    + 2008-05-18 15:05:56 1,581,056 ----a-w C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationBuildTa#\7c78c24952fad7252c7ff7f739fd6198\PresentationBuildTasks.ni.dll
    + 2008-05-18 14:31:45 40,960 ----a-w C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCFFRast#\b4a8dfd870b136a2c16abd23850b99cb\PresentationCFFRasterizer.ni.dll
    + 2008-05-18 14:30:46 12,570,624 ----a-w C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\adcba7206e27f493c9f161339a668cd1\PresentationCore.ni.dll
    + 2008-05-18 14:30:57 49,152 ----a-w C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFontCac#\f4bbb8d27bd38e1aec2ee0a0a9646b31\PresentationFontCache.ni.exe
    + 2008-05-18 14:32:21 552,960 ----a-w C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\4bd2d5a15bb5178df5c5d24ef9003bb6\PresentationFramework.Luna.ni.dll
    + 2008-05-18 14:32:20 393,216 ----a-w C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\75438038f0d98e04583d0168d671981e\PresentationFramework.Aero.ni.dll
    + 2008-05-18 14:32:18 15,040,512 ----a-w C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\7606ee23b2b3fd1d5d3d1c10011d3ecc\PresentationFramework.ni.dll
    + 2008-05-18 14:32:22 274,432 ----a-w C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\e5c191994a86a85fa0b73041297bf650\PresentationFramework.Royale.ni.dll
    + 2008-05-18 14:32:20 245,760 ----a-w C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\edbcf79ab063533f570e1f4820a9e49b\PresentationFramework.Classic.ni.dll
    + 2008-05-18 15:06:02 2,035,712 ----a-w C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationUI\fa8522105eb716eed71e99bb9bfe06ee\PresentationUI.ni.dll
    + 2008-05-18 15:06:09 2,416,640 ----a-w C:\Windows\assembly\NativeImages_v2.0.50727_32\ReachFramework\99836ab309902e40176dc5ca0854f7b2\ReachFramework.ni.dll
    + 2008-05-18 15:05:26 139,264 ----a-w C:\Windows\assembly\NativeImages_v2.0.50727_32\ServiceModelReg\b682f5929b1f3f2a0b585cbc999df489\ServiceModelReg.ni.exe
    + 2008-05-18 15:04:51 303,104 ----a-w C:\Windows\assembly\NativeImages_v2.0.50727_32\SMDiagnostics\ee487a5b3e62f510183f68538f583135\SMDiagnostics.ni.dll
    + 2008-05-18 15:05:28 323,584 ----a-w C:\Windows\assembly\NativeImages_v2.0.50727_32\SMSvcHost\470e3064a09dc8107667143d09811786\SMSvcHost.ni.exe
    + 2008-05-18 15:20:43 262,144 ----a-w C:\Windows\assembly\NativeImages_v2.0.50727_32\sysglobl\811305f0e9b3729e5a6a991b6645de92\sysglobl.ni.dll
    + 2008-05-18 14:31:23 163,840 ----a-w C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuratio#\6f7e20306614996eb09c1422c2ab49b3\System.Configuration.Install.ni.dll
    + 2008-05-18 14:31:01 1,011,712 ----a-w C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\15366cc16c2550064601b5167821667d\System.Configuration.ni.dll
    + 2008-05-18 15:04:19 1,183,744 ----a-w C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data.OracleC#\f293fee60fc17173a220dec17a8f2a4a\System.Data.OracleClient.ni.dll
    + 2008-05-18 14:31:20 2,756,608 ----a-w C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data.SqlXml\797e38c8e8319f00da96c1786e07ab7a\System.Data.SqlXml.ni.dll
    + 2008-05-18 14:32:32 7,049,216 ----a-w C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\11afb76c8f51ad01fb460ab76e120f7c\System.Data.ni.dll
    + 2008-05-18 14:31:43 1,798,144 ----a-w C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Deployment\6167eaea1fb0a1067fc1fd17afe580ef\System.Deployment.ni.dll
    + 2008-05-18 14:32:46 10,969,088 ----a-w C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Design\d31a050a04e1f59f2c81298515d40e69\System.Design.ni.dll
    + 2008-05-18 15:04:20 512,000 ----a-w C:\Windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\4c99dec707cab9de8b03b8821a0716ac\System.DirectoryServices.Protocols.ni.dll
    + 2008-05-18 15:03:55 1,224,704 ----a-w C:\Windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\b6dfa3ee72dae0f0aa3d072d3b5af2a6\System.DirectoryServices.ni.dll
    + 2008-05-18 14:32:47 229,376 ----a-w C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing.Desi#\ee20eccec1e7d1e4ea6d033fb998e252\System.Drawing.Design.ni.dll
    + 2008-05-18 14:31:26 1,667,072 ----a-w C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\a35f567c4c67d6b1ca9a0023852847a2\System.Drawing.ni.dll
    + 2008-05-18 15:03:51 659,456 ----a-w C:\Windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\954db9046cf0977e8baeda9160910bc0\System.EnterpriseServices.ni.dll
    + 2008-05-18 15:03:51 294,912 ----a-w C:\Windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\954db9046cf0977e8baeda9160910bc0\System.EnterpriseServices.Wrapper.dll
    + 2008-05-18 15:05:02 241,664 ----a-w C:\Windows\assembly\NativeImages_v2.0.50727_32\System.IdentityMode#\5ff73b37102042c3e28f22106dde8ad4\System.IdentityModel.Selectors.ni.dll
    + 2008-05-18 15:04:59 1,118,208 ----a-w C:\Windows\assembly\NativeImages_v2.0.50727_32\System.IdentityModel\44573dbcf8c8046c8d4b9ba8109d90e7\System.IdentityModel.ni.dll
    + 2008-05-18 15:05:29 417,792 ----a-w C:\Windows\assembly\NativeImages_v2.0.50727_32\System.IO.Log\28b40aac039323938aa010da90240207\System.IO.Log.ni.dll
    + 2008-05-18 15:05:33 1,064,960 ----a-w C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\3faf6c0dd4b29ada10b11269abb62653\System.Management.ni.dll
    + 2008-05-18 15:05:01 655,360 ----a-w C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Messaging\1bb37d7286f4cd22de1b1e7f6d2950b2\System.Messaging.ni.dll
    + 2008-05-18 15:06:04 1,134,592 ----a-w C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Printing\d82ee3d7910c5dab8c97c4e7973d7bbc\System.Printing.ni.dll
    + 2008-05-18 15:03:57 815,104 ----a-w C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\8fe7232e97fdf63c6b146e93f432d7d7\System.Runtime.Remoting.ni.dll
    + 2008-05-18 15:04:57 2,445,312 ----a-w C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\529360b58964fe947006d8669aea62f3\System.Runtime.Serialization.ni.dll
    + 2008-05-18 14:31:23 339,968 ----a-w C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\bf712f7f1c6a43d6b08a3911e99159a0\System.Runtime.Serialization.Formatters.Soap.ni.dll
    + 2008-05-18 14:31:22 733,184 ----a-w C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Security\e3c0d1967dc5ac085e43f5a52c9cdc88\System.Security.ni.dll
    + 2008-05-18 15:04:50 18,071,552 ----a-w C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel\cfcba8cb539cb3dc5e92c544bd6d9dc5\System.ServiceModel.ni.dll
    + 2008-05-18 14:30:59 233,472 ----a-w C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\80a3d0416c6660b86e245bd1f6b66fd8\System.ServiceProcess.ni.dll
    + 2008-05-18 15:20:42 2,039,808 ----a-w C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Speech\b75eb02af4a4a29474726c41641ac18e\System.Speech.ni.dll
    + 2008-05-18 15:03:53 679,936 ----a-w C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\62dc499efc246da6806ba0b74ac447f1\System.Transactions.ni.dll
    + 2008-05-18 15:20:49 2,342,912 ----a-w C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web.Mobile\7185958cf25ae6673e828dd1e7ac65ed\System.Web.Mobile.ni.dll
    + 2008-05-18 15:04:20 237,568 ----a-w C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web.RegularE#\320ae07cc8c7b946d2944c63a72871fc\System.Web.RegularExpressions.ni.dll
    + 2008-05-18 15:04:16 1,986,560 ----a-w C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web.Services\af61137b092f7167a1bb6d5f8ee294d8\System.Web.Services.ni.dll
    + 2008-05-18 15:04:13 12,513,280 ----a-w C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\369cdfcbaefd8f28200e295c26c2141f\System.Web.ni.dll
    + 2008-05-18 14:31:40 13,193,216 ----a-w C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\45ee94a63c463b93e3ff694c6ecd0820\System.Windows.Forms.ni.dll
    + 2008-05-18 14:32:54 3,084,288 ----a-w C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Act#\d8f1a140d3e4aa0c9d6d5cb35bc97b66\System.Workflow.Activities.ni.dll
    + 2008-05-18 14:33:02 4,579,328 ----a-w C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Com#\8fb4ec7c0a4438b4a06657f6e6c44b71\System.Workflow.ComponentModel.ni.dll
    + 2008-05-18 14:33:07 2,088,960 ----a-w C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Run#\6774fc258b3b8cd8eb5256a76e0ffa67\System.Workflow.Runtime.ni.dll
    + 2008-05-18 14:31:12 5,771,264 ----a-w C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\0[
    18 Mai 2008 21:55:46

    + 2008-01-19 07:33:45 1,985,024 ----a-w C:\Windows\System32\authui.dll
    - 2006-11-02 09:46:02 78,848 ----a-w C:\Windows\System32\authz.dll
    + 2008-01-19 07:33:45 79,360 ----a-w C:\Windows\System32\authz.dll
    - 2006-11-02 09:44:50 640,000 ----a-w C:\Windows\System32\autochk.exe
    + 2008-01-19 07:33:01 642,560 ----a-w C:\Windows\System32\autochk.exe
    - 2006-11-02 09:44:51 653,312 ----a-w C:\Windows\System32\autoconv.exe
    + 2008-01-19 07:33:01 656,384 ----a-w C:\Windows\System32\autoconv.exe
    - 2006-11-02 09:44:51 632,320 ----a-w C:\Windows\System32\autofmt.exe
    + 2008-01-19 07:33:01 634,880 ----a-w C:\Windows\System32\autofmt.exe
    - 2006-11-02 09:46:02 516,608 ----a-w C:\Windows\System32\autoplay.dll
    + 2008-01-19 07:33:46 516,608 ----a-w C:\Windows\System32\autoplay.dll
    - 2006-11-02 09:46:02 103,936 ----a-w C:\Windows\System32\AuxiliaryDisplayApi.dll
    + 2008-01-19 07:33:46 103,936 ----a-w C:\Windows\System32\AuxiliaryDisplayApi.dll
    - 2007-12-16 12:46:29 65,024 ----a-w C:\Windows\System32\avicap32.dll
    + 2006-11-02 09:46:02 65,024 ----a-w C:\Windows\System32\avicap32.dll
    - 2007-12-16 12:46:29 88,576 ----a-w C:\Windows\System32\avifil32.dll
    + 2008-01-19 07:33:47 91,136 ----a-w C:\Windows\System32\avifil32.dll
    - 2006-11-02 09:46:02 12,800 ----a-w C:\Windows\System32\avrt.dll
    + 2008-01-19 07:33:47 12,800 ----a-w C:\Windows\System32\avrt.dll
    - 2006-11-02 09:46:02 756,224 ----a-w C:\Windows\System32\azroles.dll
    + 2008-01-19 07:33:47 756,736 ----a-w C:\Windows\System32\azroles.dll
    - 2006-11-02 09:46:02 316,416 ----a-w C:\Windows\System32\azroleui.dll
    + 2008-01-19 07:33:47 317,440 ----a-w C:\Windows\System32\azroleui.dll
    - 2006-11-02 09:46:02 28,672 ----a-w C:\Windows\System32\AzSqlExt.dll
    + 2008-01-19 07:33:47 28,160 ----a-w C:\Windows\System32\AzSqlExt.dll
    - 2006-11-02 09:47:18 121,960 ----a-w C:\Windows\System32\basecsp.dll
    + 2008-01-19 07:38:02 131,640 ----a-w C:\Windows\System32\basecsp.dll
    - 2006-11-02 09:46:02 68,608 ----a-w C:\Windows\System32\basesrv.dll
    + 2008-01-19 07:33:47 68,096 ----a-w C:\Windows\System32\basesrv.dll
    - 2008-02-13 10:49:05 12,800 ----a-w C:\Windows\System32\batt.dll
    + 2008-01-19 07:33:47 12,800 ----a-w C:\Windows\System32\batt.dll
    - 2006-11-02 09:44:51 259,584 ----a-w C:\Windows\System32\bcdedit.exe
    + 2008-01-19 07:33:01 334,336 ----a-w C:\Windows\System32\bcdedit.exe
    - 2006-11-02 09:46:02 46,592 ----a-w C:\Windows\System32\bcdprov.dll
    + 2008-01-19 07:33:47 48,128 ----a-w C:\Windows\System32\bcdprov.dll
    - 2006-11-02 09:46:02 108,032 ----a-w C:\Windows\System32\bcdsrv.dll
    + 2008-01-19 07:33:47 117,760 ----a-w C:\Windows\System32\bcdsrv.dll
    - 2006-11-02 09:46:02 265,728 ----a-w C:\Windows\System32\bcrypt.dll
    + 2008-01-19 07:33:47 274,432 ----a-w C:\Windows\System32\bcrypt.dll
    - 2006-11-02 09:46:02 317,440 ----a-w C:\Windows\System32\BFE.DLL
    + 2008-01-19 07:33:47 328,704 ----a-w C:\Windows\System32\BFE.DLL
    - 2006-11-02 09:44:51 192,000 ----a-w C:\Windows\System32\bitsadmin.exe
    + 2008-01-19 07:33:01 192,000 ----a-w C:\Windows\System32\bitsadmin.exe
    - 2006-11-02 09:46:02 31,744 ----a-w C:\Windows\System32\bitsigd.dll
    + 2008-01-19 07:33:47 31,744 ----a-w C:\Windows\System32\bitsigd.dll
    - 2006-11-02 12:34:55 542,720 ----a-w C:\Windows\System32\blackbox.dll
    + 2008-01-19 07:33:48 542,720 ----a-w C:\Windows\System32\blackbox.dll
    - 2006-11-02 09:52:01 940,648 ----a-w C:\Windows\System32\Boot\winload.exe
    + 2008-02-29 07:11:54 988,216 ----a-w C:\Windows\System32\Boot\winload.exe
    - 2006-11-02 09:52:02 902,248 ----a-w C:\Windows\System32\Boot\winresume.exe
    + 2008-02-29 07:11:56 927,288 ----a-w C:\Windows\System32\Boot\winresume.exe
    - 2006-11-02 09:44:51 81,408 ----a-w C:\Windows\System32\bootcfg.exe
    + 2008-01-19 07:33:02 81,408 ----a-w C:\Windows\System32\bootcfg.exe
    - 2006-11-02 06:56:11 2,560 ----a-w C:\Windows\System32\bootstr.dll
    + 2008-01-19 05:27:25 2,560 ----a-w C:\Windows\System32\bootstr.dll
    - 2006-11-02 09:49:40 21,608 ----a-w C:\Windows\System32\BOOTVID.DLL
    + 2008-01-19 07:41:34 24,120 ----a-w C:\Windows\System32\BOOTVID.DLL
    - 2006-11-02 12:35:06 1,342,976 ----a-w C:\Windows\System32\brcpl.dll
    + 2008-01-19 07:33:49 1,342,464 ----a-w C:\Windows\System32\brcpl.dll
    - 2006-11-02 12:35:06 52,224 ----a-w C:\Windows\System32\brcplsdw.dll
    + 2008-01-19 07:33:49 52,736 ----a-w C:\Windows\System32\brcplsdw.dll
    - 2006-11-02 09:44:52 15,360 ----a-w C:\Windows\System32\bridgeunattend.exe
    + 2008-01-19 07:33:02 15,360 ----a-w C:\Windows\System32\bridgeunattend.exe
    - 2006-11-02 09:46:02 81,408 ----a-w C:\Windows\System32\browser.dll
    + 2008-01-19 07:33:49 81,920 ----a-w C:\Windows\System32\browser.dll
    - 2006-11-02 09:46:02 1,321,472 ----a-w C:\Windows\System32\browseui.dll
    + 2008-01-19 07:33:49 1,324,032 ----a-w C:\Windows\System32\browseui.dll
    - 2006-11-02 09:46:02 43,008 ----a-w C:\Windows\System32\bthci.dll
    + 2008-01-19 07:33:49 45,568 ----a-w C:\Windows\System32\bthci.dll
    - 2006-11-02 12:33:51 91,136 ----a-w C:\Windows\System32\btpanui.dll
    + 2008-01-19 07:33:49 91,648 ----a-w C:\Windows\System32\btpanui.dll
    - 2006-11-02 12:34:04 879,616 ----a-w C:\Windows\System32\Bubbles.scr
    + 2008-01-19 07:32:58 879,616 ----a-w C:\Windows\System32\Bubbles.scr
    - 2006-11-02 09:46:02 68,608 ----a-w C:\Windows\System32\cabinet.dll
    + 2008-01-19 07:33:49 71,680 ----a-w C:\Windows\System32\cabinet.dll
    - 2006-11-02 09:46:02 96,768 ----a-w C:\Windows\System32\cabview.dll
    + 2008-01-19 07:33:49 97,280 ----a-w C:\Windows\System32\cabview.dll
    - 2006-11-02 09:44:52 25,600 ----a-w C:\Windows\System32\cacls.exe
    + 2008-01-19 07:33:02 25,600 ----a-w C:\Windows\System32\cacls.exe
    - 2006-11-02 09:46:02 16,896 ----a-w C:\Windows\System32\capisp.dll
    + 2008-01-19 07:33:50 17,920 ----a-w C:\Windows\System32\capisp.dll
    - 2006-11-02 09:46:02 451,072 ----a-w C:\Windows\System32\catsrv.dll
    + 2008-01-19 07:33:50 451,072 ----a-w C:\Windows\System32\catsrv.dll
    - 2006-11-02 09:46:02 488,448 ----a-w C:\Windows\System32\catsrvut.dll
    + 2008-01-19 07:33:50 487,936 ----a-w C:\Windows\System32\catsrvut.dll
    + 2008-01-19 07:33:03 44,032 ----a-w C:\Windows\System32\cbsra.exe
    - 2007-12-16 06:21:56 36,864 ----a-w C:\Windows\System32\cdd.dll
    + 2008-01-19 07:26:52 36,864 ----a-w C:\Windows\System32\cdd.dll
    - 2006-11-02 09:46:02 803,328 ----a-w C:\Windows\System32\cdosys.dll
    + 2008-01-19 07:33:50 805,888 ----a-w C:\Windows\System32\cdosys.dll
    - 2006-11-02 09:46:02 320,000 ----a-w C:\Windows\System32\certcli.dll
    + 2008-01-19 07:33:50 323,072 ----a-w C:\Windows\System32\certcli.dll
    - 2006-11-02 09:46:02 1,105,408 ----a-w C:\Windows\System32\CertEnroll.dll
    + 2008-01-19 07:33:51 1,111,552 ----a-w C:\Windows\System32\CertEnroll.dll
    + 2008-01-19 07:33:03 6,656 ----a-w C:\Windows\System32\CertEnrollCtrl.exe
    - 2006-11-02 09:46:02 632,320 ----a-w C:\Windows\System32\CertEnrollUI.dll
    + 2008-01-19 07:33:51 632,832 ----a-w C:\Windows\System32\CertEnrollUI.dll
    - 2006-11-02 09:46:02 1,503,232 ----a-w C:\Windows\System32\certmgr.dll
    + 2008-01-19 07:33:51 1,502,720 ----a-w C:\Windows\System32\certmgr.dll
    - 2006-11-02 09:46:02 39,936 ----a-w C:\Windows\System32\certprop.dll
    + 2008-01-19 07:33:51 40,448 ----a-w C:\Windows\System32\certprop.dll
    - 2006-11-02 09:44:54 213,504 ----a-w C:\Windows\System32\certreq.exe
    + 2008-01-19 07:33:03 215,040 ----a-w C:\Windows\System32\certreq.exe
    - 2006-11-02 09:44:55 786,944 ----a-w C:\Windows\System32\certutil.exe
    + 2008-01-19 07:33:03 798,720 ----a-w C:\Windows\System32\certutil.exe
    - 2006-11-02 12:34:54 225,792 ----a-w C:\Windows\System32\cewmdm.dll
    + 2008-01-19 07:33:52 225,792 ----a-w C:\Windows\System32\cewmdm.dll
    - 2006-11-02 09:46:02 47,104 ----a-w C:\Windows\System32\cfgbkend.dll
    + 2008-01-19 07:33:52 47,104 ----a-w C:\Windows\System32\cfgbkend.dll
    - 2008-02-13 10:49:07 19,456 ----a-w C:\Windows\System32\cfgmgr32.dll
    + 2008-01-19 07:33:52 17,408 ----a-w C:\Windows\System32\cfgmgr32.dll
    - 2006-11-02 09:46:05 1,671,168 ----a-w C:\Windows\System32\chsbrkr.dll
    + 2008-01-19 07:34:37 1,671,168 ----a-w C:\Windows\System32\chsbrkr.dll
    - 2006-11-02 09:46:05 6,103,040 ----a-w C:\Windows\System32\chtbrkr.dll
    + 2008-01-19 07:34:40 6,103,040 ----a-w C:\Windows\System32\chtbrkr.dll
    - 2006-11-02 09:46:02 171,008 ----a-w C:\Windows\System32\cic.dll
    + 2008-01-19 07:33:52 171,520 ----a-w C:\Windows\System32\cic.dll
    - 2006-11-02 09:44:58 53,248 ----a-w C:\Windows\System32\cipher.exe
    + 2008-01-19 07:33:04 58,368 ----a-w C:\Windows\System32\cipher.exe
    - 2006-11-02 09:46:02 523,776 ----a-w C:\Windows\System32\clbcatq.dll
    + 2008-01-19 07:33:52 523,776 ----a-w C:\Windows\System32\clbcatq.dll
    - 2008-02-13 10:49:07 224,824 ----a-w C:\Windows\System32\clfs.sys
    + 2008-01-19 07:42:58 247,352 ----a-w C:\Windows\System32\clfs.sys
    - 2006-11-02 09:46:02 56,320 ----a-w C:\Windows\System32\clfsw32.dll
    + 2008-01-19 07:33:52 56,832 ----a-w C:\Windows\System32\clfsw32.dll
    - 2006-11-02 09:46:02 119,296 ----a-w C:\Windows\System32\clusapi.dll
    + 2008-01-19 07:33:52 178,176 ----a-w C:\Windows\System32\clusapi.dll
    - 2006-11-02 09:46:03 31,232 ----a-w C:\Windows\System32\cmcfg32.dll
    + 2008-01-19 07:33:52 31,232 ----a-w C:\Windows\System32\cmcfg32.dll
    - 2006-11-02 09:44:59 320,000 ----a-w C:\Windows\System32\cmd.exe
    + 2008-01-19 07:33:04 318,976 ----a-w C:\Windows\System32\cmd.exe
    - 2006-11-02 09:46:03 480,768 ----a-w C:\Windows\System32\cmdial32.dll
    + 2008-01-19 07:33:53 481,792 ----a-w C:\Windows\System32\cmdial32.dll
    - 2006-11-02 09:44:59 71,680 ----a-w C:\Windows\System32\cmdl32.exe
    + 2008-01-19 07:33:04 72,704 ----a-w C:\Windows\System32\cmdl32.exe
    - 2006-11-02 09:46:03 64,000 ----a-w C:\Windows\System32\cmicryptinstall.dll
    + 2008-01-19 07:33:53 64,512 ----a-w C:\Windows\System32\cmicryptinstall.dll
    - 2007-12-16 06:17:09 61,952 ----a-w C:\Windows\System32\cmifw.dll
    + 2008-01-19 07:33:53 67,584 ----a-w C:\Windows\System32\cmifw.dll
    - 2006-11-02 09:46:03 281,088 ----a-w C:\Windows\System32\cmipnpinstall.dll
    + 2008-01-19 07:33:53 297,472 ----a-w C:\Windows\System32\cmipnpinstall.dll
    - 2006-11-02 09:46:03 32,256 ----a-w C:\Windows\System32\cmlua.dll
    + 2008-01-19 07:33:53 32,768 ----a-w C:\Windows\System32\cmlua.dll
    - 2006-11-02 09:44:59 48,128 ----a-w C:\Windows\System32\cmmon32.exe
    + 2008-01-19 07:33:04 48,640 ----a-w C:\Windows\System32\cmmon32.exe
    - 2006-11-02 09:46:03 25,600 ----a-w C:\Windows\System32\cmpbk32.dll
    + 2008-01-19 07:33:53 26,112 ----a-w C:\Windows\System32\cmpbk32.dll
    - 2006-11-02 09:44:59 83,968 ----a-w C:\Windows\System32\cmstp.exe
    + 2008-01-19 07:33:04 84,992 ----a-w C:\Windows\System32\cmstp.exe
    - 2006-11-02 09:46:03 14,336 ----a-w C:\Windows\System32\cmstplua.dll
    + 2008-01-19 07:33:53 14,336 ----a-w C:\Windows\System32\cmstplua.dll
    - 2006-11-02 09:46:03 47,616 ----a-w C:\Windows\System32\cmutil.dll
    + 2008-01-19 07:33:53 47,616 ----a-w C:\Windows\System32\cmutil.dll
    - 2006-11-02 09:46:03 26,624 ----a-w C:\Windows\System32\cofiredm.dll
    + 2008-01-19 07:33:58 26,624 ----a-w C:\Windows\System32\cofiredm.dll
    - 2006-11-02 09:46:03 62,464 ----a-w C:\Windows\System32\colbact.dll
    + 2008-01-19 07:33:58 62,464 ----a-w C:\Windows\System32\colbact.dll
    - 2006-11-02 12:34:47 161,280 ----a-w C:\Windows\System32\COLORCNV.DLL
    + 2008-01-19 07:33:58 161,280 ----a-w C:\Windows\System32\COLORCNV.DLL
    - 2006-11-02 09:46:03 686,592 ----a-w C:\Windows\System32\colorui.dll
    + 2008-01-19 07:33:58 686,592 ----a-w C:\Windows\System32\colorui.dll
    - 2006-11-02 09:46:03 201,216 ----a-w C:\Windows\System32\com\comadmin.dll
    + 2008-01-19 07:33:58 201,728 ----a-w C:\Windows\System32\com\comadmin.dll
    - 2006-11-02 09:46:03 537,088 ----a-w C:\Windows\System32\comctl32.dll
    + 2008-01-19 07:33:58 531,968 ----a-w C:\Windows\System32\comctl32.dll
    - 2006-11-02 09:46:03 454,656 ----a-w C:\Windows\System32\comdlg32.dll
    + 2008-01-19 07:33:58 450,048 ----a-w C:\Windows\System32\comdlg32.dll
    - 2006-11-02 09:46:03 281,600 ----a-w C:\Windows\System32\CompatUI.dll
    + 2008-01-19 07:33:58 282,624 ----a-w C:\Windows\System32\CompatUI.dll
    - 2006-11-02 09:45:37 80,896 ----a-w C:\Windows\System32\CompMgmtLauncher.exe
    + 2008-01-19 07:33:25 145,408 ----a-w C:\Windows\System32\CompMgmtLauncher.exe
    - 2006-11-02 09:46:03 276,480 ----a-w C:\Windows\System32\compstui.dll
    + 2008-01-19 07:33:58 276,480 ----a-w C:\Windows\System32\compstui.dll
    - 2006-11-02 09:44:59 36,352 ----a-w C:\Windows\System32\ComputerDefaults.exe
    + 2008-01-19 07:33:04 36,352 ----a-w C:\Windows\System32\ComputerDefaults.exe
    - 2006-11-02 09:46:03 92,160 ----a-w C:\Windows\System32\comrepl.dll
    + 2008-01-19 07:33:58 91,648 ----a-w C:\Windows\System32\comrepl.dll
    - 2006-11-02 08:50:31 1,236,992 ----a-w C:\Windows\System32\comres.dll
    + 2008-01-19 05:48:37 1,291,264 ----a-w C:\Windows\System32\comres.dll
    - 2006-11-02 09:46:03 212,992 ----a-w C:\Windows\System32\comsnap.dll
    + 2008-01-19 07:33:58 220,160 ----a-w C:\Windows\System32\comsnap.dll
    - 2006-11-02 09:46:03 1,210,880 ----a-w C:\Windows\System32\comsvcs.dll
    + 2008-01-19 07:33:59 1,208,320 ----a-w C:\Windows\System32\comsvcs.dll
    - 2006-11-02 09:46:03 584,704 ----a-w C:\Windows\System32\comuid.dll
    + 2008-01-19 07:33:59 593,408 ----a-w C:\Windows\System32\comuid.dll
    - 2008-05-17 15:51:01 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    + 2008-05-18 19:21:00 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    - 2008-05-17 15:51:01 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
    + 2008-05-18 19:21:00 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
    - 2008-05-17 15:51:01 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    + 2008-05-18 19:21:00 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    - 2006-11-02 09:44:59 68,608 ----a-w C:\Windows\System32\conime.exe
    + 2008-01-19 07:33:04 69,120 ----a-w C:\Windows\System32\conime.exe
    - 2006-11-02 09:46:03 1,645,568 ----a-w C:\Windows\System32\connect.dll
    + 2008-01-19 07:33:59 1,645,568 ----a-w C:\Windows\System32\connect.dll
    - 2006-11-02 09:44:59 81,920 ----a-w C:\Windows\System32\consent.exe
    + 2008-01-19 07:33:05 81,920 ----a-w C:\Windows\System32\consent.exe
    - 2006-11-02 09:44:59 17,408 ----a-w C:\Windows\System32\convert.exe
    + 2008-01-19 07:33:05 17,408 ----a-w C:\Windows\System32\convert.exe
    - 2006-11-02 09:46:03 17,408 ----a-w C:\Windows\System32\corpol.dll
    + 2008-01-19 07:33:59 17,408 ----a-w C:\Windows\System32\corpol.dll
    - 2006-11-02 09:46:03 15,360 ----a-w C:\Windows\System32\credssp.dll
    + 2008-01-19 07:33:59 15,872 ----a-w C:\Windows\System32\credssp.dll
    - 2006-11-02 09:46:03 178,176 ----a-w C:\Windows\System32\credui.dll
    + 2008-01-19 07:34:00 178,176 ----a-w C:\Windows\System32\credui.dll
    - 2007-05-06 20:58:42 974,336 ----a-w C:\Windows\System32\crypt32.dll
    + 2008-01-19 07:34:00 977,408 ----a-w C:\Windows\System32\crypt32.dll
    - 2006-11-02 09:46:03 57,856 ----a-w C:\Windows\System32\cryptdll.dll
    + 2008-01-19 07:34:00 57,856 ----a-w C:\Windows\System32\cryptdll.dll
    - 2006-11-02 09:46:03 93,184 ----a-w C:\Windows\System32\cryptnet.dll
    + 2008-01-19 07:34:00 97,792 ----a-w C:\Windows\System32\cryptnet.dll
    - 2006-11-02 09:46:03 123,392 ----a-w C:\Windows\System32\cryptsvc.dll
    + 2008-01-19 07:34:00 128,000 ----a-w C:\Windows\System32\cryptsvc.dll
    - 2006-11-02 09:46:03 969,216 ----a-w C:\Windows\System32\cryptui.dll
    + 2008-01-19 07:34:00 970,240 ----a-w C:\Windows\System32\cryptui.dll
    - 2006-11-02 09:46:03 27,648 ----a-w C:\Windows\System32\cscapi.dll
    + 2008-01-19 07:34:00 31,744 ----a-w C:\Windows\System32\cscapi.dll
    - 2006-11-02 09:46:03 22,016 ----a-w C:\Windows\System32\cscdll.dll
    + 2008-01-19 07:34:00 22,016 ----a-w C:\Windows\System32\cscdll.dll
    - 2006-11-02 09:45:00 114,688 ----a-w C:\Windows\System32\cscript.exe
    + 2008-01-19 07:33:05 139,264 ----a-w C:\Windows\System32\cscript.exe
    - 2007-12-16 06:19:50 49,664 ----a-w C:\Windows\System32\csrsrv.dll
    + 2008-01-19 07:34:01 49,152 ----a-w C:\Windows\System32\csrsrv.dll
    - 2006-11-02 09:45:00 7,680 ----a-w C:\Windows\System32\csrss.exe
    + 2008-01-19 07:33:05 6,144 ----a-w C:\Windows\System32\csrss.exe
    - 2006-11-02 09:45:00 46,080 ----a-w C:\Windows\System32\csrstub.exe
    + 2008-01-19 07:33:05 46,080 ----a-w C:\Windows\System32\csrstub.exe
    - 2006-11-02 09:46:03 1,029,120 ----a-w C:\Windows\System32\d3d10.dll
    + 2008-01-19 07:34:01 1,029,120 ----a-w C:\Windows\System32\d3d10.dll
    + 2008-01-19 07:34:01 159,744 ----a-w C:\Windows\System32\d3d10_1.dll
    + 2008-01-19 07:34:01 208,896 ----a-w C:\Windows\System32\d3d10_1core.dll
    - 2006-11-02 09:46:03 187,392 ----a-w C:\Windows\System32\d3d10core.dll
    + 2008-01-19 07:34:01 188,416 ----a-w C:\Windows\System32\d3d10core.dll
    - 2006-11-02 09:46:03 1,039,872 ----a-w C:\Windows\System32\d3d8.dll
    + 2008-01-19 07:34:01 1,039,360 ----a-w C:\Windows\System32\d3d8.dll
    - 2006-11-02 09:46:03 1,788,416 ----a-w C:\Windows\System32\d3d9.dll
    + 2008-01-19 07:34:01 1,788,928 ----a-w C:\Windows\System32\d3d9.dll
    - 2006-11-02 09:46:03 385,024 ----a-w C:\Windows\System32\d3dim.dll
    + 2008-01-19 07:34:01 384,512 ----a-w C:\Windows\System32\d3dim.dll
    - 2006-11-02 09:46:03 816,128 ----a-w C:\Windows\System32\d3dim700.dll
    + 2008-01-19 07:34:01 816,128 ----a-w C:\Windows\System32\d3dim700.dll
    - 2006-11-02 09:46:03 53,248 ----a-w C:\Windows\System32\d3dxof.dll
    + 2008-01-19 07:34:02 53,248 ----a-w C:\Windows\System32\d3dxof.dll
    - 2006-11-02 09:46:03 1,853,440 ----a-w C:\Windows\System32\dbgeng.dll
    + 2008-01-19 07:34:02 1,855,488 ----a-w C:\Windows\System32\dbgeng.dll
    - 2006-11-02 09:46:03 798,208 ----a-w C:\Windows\System32\dbghelp.dll
    + 2008-01-19 07:34:02 798,208 ----a-w C:\Windows\System32\dbghelp.dll
    - 2006-11-02 09:46:03 135,168 ----a-w C:\Windows\System32\dbnetlib.dll
    + 2008-01-19 07:34:02 135,168 ----a-w C:\Windows\System32\dbnetlib.dll
    - 2006-11-02 09:46:03 528,384 ----a-w C:\Windows\System32\ddraw.dll
    + 2008-01-19 07:34:03 522,752 ----a-w C:\Windows\System32\ddraw.dll
    - 2006-11-02 09:45:00 223,744 ----a-w C:\Windows\System32\Defrag.exe
    + 2008-01-19 07:33:05 226,816 ----a-w C:\Windows\System32\Defrag.exe
    - 2006-11-02 09:46:03 64,000 ----a-w C:\Windows\System32\devenum.dll
    + 2008-01-19 07:34:03 64,000 ----a-w C:\Windows\System32\devenum.dll
    - 2006-11-02 09:46:03 377,344 ----a-w C:\Windows\System32\devmgr.dll
    + 2008-01-19 07:34:03 377,344 ----a-w C:\Windows\System32\devmgr.dll
    - 2006-11-02 12:35:06 41,984 ----a-w C:\Windows\System32\dfdts.dll
    + 2008-01-19 07:34:03 39,936 ----a-w C:\Windows\System32\dfdts.dll
    - 2006-11-02 12:35:06 68,096 ----a-w C:\Windows\System32\DFDWiz.exe
    + 2008-01-19 07:33:05 68,608 ----a-w C:\Windows\System32\DFDWiz.exe
    - 2006-11-02 09:45:00 95,232 ----a-w C:\Windows\System32\dfrgfat.exe
    + 2008-01-19 07:33:05 96,768 ----a-w C:\Windows\System32\dfrgfat.exe
    - 2006-11-02 09:45:00 58,880 ----a-w C:\Windows\System32\dfrgifc.exe
    + 2008-01-19 07:33:05 58,880 ----a-w C:\Windows\System32\dfrgifc.exe
    - 2006-11-02 09:45:00 159,232 ----a-w C:\Windows\System32\DfrgNtfs.exe
    + 2008-01-19 07:33:05 163,840 ----a-w C:\Windows\System32\DfrgNtfs.exe
    - 2006-11-02 09:45:01 645,120 ----a-w C:\Windows\System32\dfrgui.exe
    + 2008-01-19 07:33:05 671,232 ----a-w C:\Windows\System32\dfrgui.exe
    - 2006-11-02 06:34:31 83,968 ----a-w C:\Windows\System32\dfshim.dll
    + 2008-01-05 11:27:04 96,760 ----a-w C:\Windows\System32\dfshim.dll
    - 2006-11-02 12:35:06 2,089,984 ----a-w C:\Windows\System32\dfsr.exe
    + 2008-01-19 07:33:06 2,091,520 ----a-w C:\Windows\System32\dfsr.exe
    - 2006-11-02 09:46:03 35,328 ----a-w C:\Windows\System32\DfsShlEx.dll
    + 2008-01-19 07:34:03 53,760 ----a-w C:\Windows\System32\DfsShlEx.dll
    - 2007-12-16 12:46:31 10,240 ----a-w C:\Windows\System32\dhcpcmonitor.dll
    + 2006-11-02 09:46:03 10,240 ----a-w C:\Windows\System32\dhcpcmonitor.dll
    - 2007-12-16 12:46:31 204,800 ----a-w C:\Windows\System32\dhcpcsvc.dll
    + 2008-01-19 07:34:03 204,288 ----a-w C:\Windows\System32\dhcpcsvc.dll
    - 2007-12-16 12:46:31 120,320 ----a-w C:\Windows\System32\dhcpcsvc6.dll
    + 2008-01-19 07:34:03 128,000 ----a-w C:\Windows\System32\dhcpcsvc6.dll
    - 2006-11-02 09:46:03 66,048 ----a-w C:\Windows\System32\DHCPQEC.DLL
    + 2008-01-19 07:34:03 66,048 ----a-w C:\Windows\System32\DHCPQEC.DLL
    - 2006-11-02 09:46:03 52,736 ----a-w C:\Windows\System32\dhcpsapi.dll
    + 2008-01-19 07:34:03 61,440 ----a-w C:\Windows\System32\dhcpsapi.dll
    - 2006-11-02 12:33:49 1,075,712 ----a-w C:\Windows\System32\diagperf.dll
    + 2008-01-19 07:34:03 1,078,272 ----a-w C:\Windows\System32\diagperf.dll
    - 2006-11-02 09:45:01 94,208 ----a-w C:\Windows\System32\diantz.exe
    + 2008-01-19 07:33:06 94,208 ----a-w C:\Windows\System32\diantz.exe
    - 2006-11-02 09:46:03 35,328 ----a-w C:\Windows\System32\dimsjob.dll
    + 2008-01-19 07:34:03 35,328 ----a-w C:\Windows\System32\dimsjob.dll
    - 2006-11-02 09:46:03 51,200 ----a-w C:\Windows\System32\dimsroam.dll
    + 2008-01-19 07:34:03 54,784 ----a-w C:\Windows\System32\dimsroam.dll
    - 2006-11-02 12:33:46 159,232 ----a-w C:\Windows\System32\dinput8.dll
    + 2008-01-19 07:34:04 159,232 ----a-w C:\Windows\System32\dinput8.dll
    - 2006-11-02 09:45:02 114,176 ----a-w C:\Windows\System32\diskpart.exe
    + 2008-01-19 07:33:07 120,320 ----a-w C:\Windows\System32\diskpart.exe
    - 2006-11-02 09:45:02 228,352 ----a-w C:\Windows\System32\diskraid.exe
    + 2008-01-19 07:33:07 230,912 ----a-w C:\Windows\System32\diskraid.exe
    - 2008-02-13 10:49:05 35,328 ----a-w C:\Windows\System32\dispci.dll
    + 2008-01-19 07:34:04 35,328 ----a-w C:\Windows\System32\dispci.dll
    - 2006-11-02 09:45:02 121,344 ----a-w C:\Windows\System32\dispdiag.exe
    + 2008-01-19 07:33:07 121,856 ----a-w C:\Windows\System32\dispdiag.exe
    - 2006-11-02 09:46:03 32,768 ----a-w C:\Windows\System32\dispex.dll
    + 2008-01-19 07:34:04 32,768 ----a-w C:\Windows\System32\dispex.dll
    - 2006-11-02 09:46:03 391,680 ----a-w C:\Windows\System32\dmdlgs.dll
    + 2008-01-19 07:34:04 388,096 ----a-w C:\Windows\System32\dmdlgs.dll
    - 2006-11-02 09:46:03 183,296 ----a-w C:\Windows\System32\dmdskmgr.dll
    + 2008-01-19 07:34:04 184,320 ----a-w C:\Windows\System32\dmdskmgr.dll
    + 2008-01-19 05:49:54 2,048 ----a-w C:\Windows\System32\dmdskres2.dll
    - 2006-11-02 12:33:49 178,688 ----a-w C:\Windows\System32\dmime.dll
    + 2008-01-19 07:34:04 178,688 ----a-w C:\Windows\System32\dmime.dll
    - 2006-11-02 12:33:49 38,400 ----a-w C:\Windows\System32\dmloader.dll
    + 2008-01-19 07:34:04 38,400 ----a-w C:\Windows\System32\dmloader.dll
    - 2006-11-02 09:46:04 42,496 ----a-w C:\Windows\System32\dmocx.dll
    + 2008-01-19 07:34:04 42,496 ----a-w C:\Windows\System32\dmocx.dll
    - 2006-11-02 12:33:49 84,480 ----a-w C:\Windows\System32\dmscript.dll
    + 2008-01-19 07:34:04 84,480 ----a-w C:\Windows\System32\dmscript.dll
    - 2006-11-02 12:33:49 105,472 ----a-w C:\Windows\System32\dmsynth.dll
    + 2008-01-19 07:34:04 105,472 ----a-w C:\Windows\System32\dmsynth.dll
    - 2006-11-02 12:33:49 101,376 ----a-w C:\Windows\System32\dmusic.dll
    + 2008-01-19 07:34:04 101,888 ----a-w C:\Windows\System32\dmusic.dll
    - 2006-11-02 09:46:04 18,944 ----a-w C:\Windows\System32\dmutil.dll
    + 2008-01-19 07:34:04 18,944 ----a-w C:\Windows\System32\dmutil.dll
    - 2006-11-02 09:46:04 125,440 ----a-w C:\Windows\System32\dmvdsitf.dll
    + 2008-01-19 07:34:04 131,584 ----a-w C:\Windows\System32\dmvdsitf.dll
    - 2007-12-16 11:42:18 162,816 ----a-w C:\Windows\System32\dnsapi.dll
    + 2008-01-19 07:34:05 165,888 ----a-w C:\Windows\System32\dnsapi.dll
    - 2007-12-16 11:41:39 24,576 ----a-w C:\Windows\System32\dnscacheugc.exe
    + 2008-01-19 07:33:07 25,088 ----a-w C:\Windows\System32\dnscacheugc.exe
    - 2006-11-02 09:46:04 47,616 ----a-w C:\Windows\System32\dnshc.dll
    + 2008-01-19 07:34:05 48,128 ----a-w C:\Windows\System32\dnshc.dll
    - 2007-12-16 11:42:18 83,968 ----a-w C:\Windows\System32\dnsrslvr.dll
    + 2008-01-19 07:34:05 86,528 ----a-w C:\Windows\System32\dnsrslvr.dll
    - 2006-11-02 09:46:04 26,112 ----a-w C:\Windows\System32\dot3api.dll
    + 2008-01-19 07:34:05 45,056 ----a-w C:\Windows\System32\dot3api.dll
    - 2006-11-02 09:46:04 41,472 ----a-w C:\Windows\System32\dot3cfg.dll
    + 2008-01-19 07:34:05 49,664 ----a-w C:\Windows\System32\dot3cfg.dll
    - 2006-11-02 09:46:04 45,568 ----a-w C:\Windows\System32\dot3dlg.dll
    + 2008-01-19 07:34:05 45,568 ----a-w C:\Windows\System32\dot3dlg.dll
    - 2006-11-02 09:46:04 41,472 ----a-w C:\Windows\System32\dot3gpclnt.dll
    + 2008-01-19 07:34:05 43,008 ----a-w C:\Windows\System32\dot3gpclnt.dll
    - 2006-11-02 09:46:04 225,792 ----a-w C:\Windows\System32\dot3gpui.dll
    + 2008-01-19 07:34:05 235,520 ----a-w C:\Windows\System32\dot3gpui.dll
    - 2006-11-02 09:46:04 72,192 ----a-w C:\Windows\System32\dot3msm.dll
    + 2008-01-19 07:34:05 74,752 ----a-w C:\Windows\System32\dot3msm.dll
    - 2006-11-02 09:46:04 146,944 ----a-w C:\Windows\System32\dot3svc.dll
    + 2008-01-19 07:34:05 175,104 ----a-w C:\Windows\System32\dot3svc.dll
    - 2006-11-02 09:46:04 141,824 ----a-w C:\Windows\System32\dot3ui.dll
    + 2008-01-19 07:34:05 142,848 ----a-w C:\Windows\System32\dot3ui.dll
    - 2006-11-02 09:45:03 407,040 ----a-w C:\Windows\System32\dpapimig.exe
    + 2008-01-19 07:33:07 407,040 ----a-w C:\Windows\System32\dpapimig.exe
    - 2006-11-02 09:45:03 160,768 ----a-w C:\Windows\System32\DpiScaling.exe
    + 2008-01-19 07:33:07 160,768 ----a-w C:\Windows\System32\DpiScaling.exe
    - 2006-11-02 09:46:04 376,320 ----a-w C:\Windows\System32\dpnet.dll
    + 2008-01-19 07:34:06 376,320 ----a-w C:\Windows\System32\dpnet.dll
    - 2007-12-16 06:21:55 134,656 ----a-w C:\Windows\System32\dps.dll
    + 2008-01-19 07:34:06 134,656 ----a-w C:\Windows\System32\dps.dll
    - 2006-11-02 09:45:03 66,048 ----a-w C:\Windows\System32\driverquery.exe
    + 2008-01-19 07:33:08 66,048 ----a-w C:\Windows\System32\driverquery.exe
    - 2006-11-02 08:55:12 53,376 ----a-w C:\Windows\System32\drivers\1394bus.sys
    + 2008-01-19 05:53:27 53,376 ----a-w C:\Windows\System32\drivers\1394bus.sys
    - 2007-12-16 06:20:45 258,232 ----a-w C:\Windows\System32\drivers\acpi.sys
    + 2008-01-19 07:43:03 266,808 ----a-w C:\Windows\System32\drivers\acpi.sys
    - 2006-11-02 08:58:43 270,336 ----a-w C:\Windows\System32\drivers\afd.sys
    + 2008-01-19 05:57:03 273,920 ----a-w C:\Windows\System32\drivers\afd.sys
    - 2006-11-02 08:30:18 40,960 ----a-w C:\Windows\System32\drivers\amdk8.sys
    + 2008-01-19 05:27:20 44,032 ----a-w C:\Windows\System32\drivers\amdk8.sys
    - 2006-11-02 08:58:10 17,408 ----a-w C:\Windows\System32\drivers\asyncmac.sys
    + 2008-01-19 05:56:29 17,408 ----a-w C:\Windows\System32\drivers\asyncmac.sys
    - 2008-02-13 10:46:40 21,560 ----a-w C:\Windows\System32\drivers\atapi.sys
    + 2008-01-19 07:41:30 21,560 ----a-w C:\Windows\System32\drivers\atapi.sys
    - 2008-02-13 10:46:39 109,624 ----a-w C:\Windows\System32\drivers\ataport.sys
    + 2008-01-19 07:43:06 110,136 ----a-w C:\Windows\System32\drivers\ataport.sys
    - 2006-11-02 12:34:03 12,288 ----a-w C:\Windows\System32\drivers\bdasup.sys
    + 2008-01-19 05:53:30 12,288 ----a-w C:\Windows\System32\drivers\bdasup.sys
    - 2006-11-02 08:51:03 6,144 ----a-w C:\Windows\System32\drivers\beep.sys
    + 2008-01-19 05:49:10 6,144 ----a-w C:\Windows\System32\drivers\beep.sys
    - 2006-11-02 08:31:12 69,632 ----a-w C:\Windows\System32\drivers\bowser.sys
    + 2008-01-19 05:28:26 69,632 ----a-w C:\Windows\System32\drivers\bowser.sys
    - 2006-11-02 09:23:19 93,184 ----a-w C:\Windows\System32\drivers\bridge.sys
    + 2008-01-19 06:58:26 93,696 ----a-w C:\Windows\System32\drivers\bridge.sys
    - 2006-11-02 08:30:50 70,144 ----a-w C:\Windows\System32\drivers\cdfs.sys
    + 2008-01-19 05:28:02 70,144 ----a-w C:\Windows\System32\drivers\cdfs.sys
    - 2006-11-02 08:51:44 67,072 ----a-w C:\Windows\System32\drivers\cdrom.sys
    + 2008-01-19 05:49:51 67,072 ----a-w C:\Windows\System32\drivers\cdrom.sys
    - 2006-11-02 09:50:51 125,032 ----a-w C:\Windows\System32\drivers\Classpnp.sys
    + 2008-01-19 07:43:13 127,544 ----a-w C:\Windows\System32\drivers\Classpnp.sys
    - 2006-11-02 09:50:02 33,384 ----a-w C:\Windows\System32\drivers\crashdmp.sys
    + 2008-01-19 07:41:58 36,408 ----a-w C:\Windows\System32\drivers\crashdmp.sys
    - 2006-11-02 08:31:04 74,752 ----a-w C:\Windows\System32\drivers\dfsc.sys
    + 2008-01-19 05:28:20 75,264 ----a-w C:\Windows\System32\drivers\dfsc.sys
    - 2006-11-02 09:49:51 52,840 ----a-w C:\Windows\System32\drivers\disk.sys
    + 2008-01-19 07:42:20 55,352 ----a-w C:\Windows\System32\drivers\disk.sys
    - 2006-11-02 08:51:36 19,456 ----a-w C:\Windows\System32\drivers\Diskdump.sys
    + 2008-01-19 05:49:43 19,968 ----a-w C:\Windows\System32\drivers\Diskdump.sys
    - 2006-11-02 09:20:50 130,048 ----a-w C:\Windows\System32\drivers\drmk.sys
    + 2008-01-19 06:53:03 130,048 ----a-w C:\Windows\System32\drivers\drmk.sys
    - 2006-11-02 08:54:59 5,632 ----a-w C:\Windows\System32\drivers\drmkaud.sys
    + 2008-01-19 05:53:16 5,632 ----a-w C:\Windows\System32\drivers\drmkaud.sys
    - 2006-11-02 09:49:48 26,728 ----a-w C:\Windows\System32\drivers\Dumpata.sys
    + 2008-01-19 07:41:40 29,240 ----a-w C:\Windows\System32\drivers\Dumpata.sys
    - 2006-11-02 08:38:17 13,312 ----a-w C:\Windows\System32\drivers\dxapi.sys
    + 2008-01-19 05:36:12 13,312 ----a-w C:\Windows\System32\drivers\dxapi.sys
    - 2006-11-02 08:38:18 76,288 ----a-w C:\Windows\System32\drivers\dxg.sys
    + 2008-01-19 05:36:12 76,288 ----a-w C:\Windows\System32\drivers\dxg.sys
    - 2007-12-16 06:21:56 619,008 ----a-w C:\Windows\System32\drivers\dxgkrnl.sys
    + 2008-01-19 05:36:41 625,152 ----a-w C:\Windows\System32\drivers\dxgkrnl.sys
    - 2006-11-02 12:33:51 132,200 ----a-w C:\Windows\System32\drivers\ecache.sys
    + 2008-01-19 07:42:11 143,416 ----a-w C:\Windows\System32\drivers\ecache.sys
    + 2008-01-19 05:28:01 136,192 ----a-w C:\Windows\System32\drivers\exfat.sys
    - 2006-11-02 08:30:49 142,336 ----a-w C:\Windows\System32\drivers\fastfat.sys
    + 2008-01-19 05:28:01 143,360 ----a-w C:\Windows\System32\drivers\fastfat.sys
    - 2006-11-02 08:51:33 25,088 ----a-w C:\Windows\System32\drivers\fdc.sys
    + 2008-01-19 05:49:37 25,088 ----a-w C:\Windows\System32\drivers\fdc.sys
    - 2006-11-02 09:49:58 56,424 ----a-w C:\Windows\System32\drivers\fileinfo.sys
    + 2008-01-19 07:42:31 58,936 ----a-w C:\Windows\System32\drivers\fileinfo.sys
    - 2006-11-02 08:32:55 27,648 ----a-w C:\Windows\System32\drivers\filetrace.sys
    + 2008-01-19 05:30:23 27,648 ----a-w C:\Windows\System32\drivers\filetrace.sys
    - 2006-11-02 09:51:14 183,912 ----a-w C:\Windows\System32\drivers\fltMgr.sys
    + 2008-01-19 07:42:38 192,056 ----a-w C:\Windows\System32\drivers\fltMgr.sys
    - 2007-12-16 06:08:05 12,800 ----a-w C:\Windows\System32\drivers\fs_rec.sys
    + 2008-01-19 05:27:57 12,800 ----a-w C:\Windows\System32\drivers\fs_rec.sys
    - 2006-11-02 08:57:29 84,992 ----a-w C:\Windows\System32\drivers\FWPKCLNT.SYS
    + 2008-01-19 07:43:01 101,432 ----a-w C:\Windows\System32\drivers\FWPKCLNT.SYS
    - 2007-05-06 20:59:01 53,760 ----a-w C:\Windows\System32\drivers\hdaudbus.sys
    + 2008-01-19 04:30:49 53,760 ----a-w C:\Windows\System32\drivers\hdaudbus.sys
    - 2006-11-02 08:55:01 38,912 ----a-w C:\Windows\System32\drivers\hidclass.sys
    + 2008-01-19 05:53:16 38,912 ----a-w C:\Windows\System32\drivers\hidclass.sys
    - 2006-11-02 08:55:00 25,472 ----a-w C:\Windows\System32\drivers\hidparse.sys
    + 2008-01-19 05:53:16 25,472 ----a-w C:\Windows\System32\drivers\hidparse.sys
    - 2006-11-02 08:55:01 12,288 ----a-w C:\Windows\System32\drivers\hidusb.sys
    + 2008-01-19 05:53:17 12,288 ----a-w C:\Windows\System32\drivers\hidusb.sys
    - 2006-11-02 08:57:08 385,536 ----a-w C:\Windows\System32\drivers\http.sys
    + 2008-01-19 05:55:25 401,408 ----a-w C:\Windows\System32\drivers\http.sys
    - 2008-02-13 10:49:04 54,784 ----a-w C:\Windows\System32\drivers\i8042prt.sys
    + 2008-01-19 05:49:18 54,784 ----a-w C:\Windows\System32\drivers\i8042prt.sys
    - 2006-11-02 08:58:04 47,104 ----a-w C:\Windows\System32\drivers\ipfltdrv.sys
    + 2008-01-19 05:56:23 47,616 ----a-w C:\Windows\System32\drivers\ipfltdrv.sys
    - 2006-11-02 08:58:09 99,840 ----a-w C:\Windows\System32\drivers\ipnat.sys
    + 2008-01-19 05:56:28 100,864 ----a-w C:\Windows\System32\drivers\ipnat.sys
    - 2006-11-02 08:57:10 95,744 ----a-w C:\Windows\System32\drivers\irda.sys
    + 2008-01-19 05:55:26 95,744 ----a-w C:\Windows\System32\drivers\irda.sys
    - 2006-11-02 08:57:04 13,312 ----a-w C:\Windows\System32\drivers\irenum.sys
    + 2008-01-19 05:55:19 13,312 ----a-w C:\Windows\System32\drivers\irenum.sys
    - 2008-02-13 10:49:04 35,384 ----a-w C:\Windows\System32\drivers\kbdclass.sys
    + 2008-01-19 07:41:52 35,384 ----a-w C:\Windows\System32\drivers\kbdclass.sys
    - 2008-02-13 10:49:04 15,872 ----a-w C:\Windows\System32\drivers\kbdhid.sys
    + 2008-01-19 05:49:17 15,872 ----a-w C:\Windows\System32\drivers\kbdhid.sys
    - 2006-11-02 08:51:20 148,992 ----a-w C:\Windows\System32\drivers\ks.sys
    + 2008-01-19 05:49:22 148,992 ----a-w C:\Windows\System32\drivers\ks.sys
    - 2006-11-02 09:51:38 407,144 ----a-w C:\Windows\System32\drivers\ksecdd.sys
    + 2008-01-19 07:43:25 441,400 ----a-w C:\Windows\System32\drivers\ksecdd.sys
    - 2006-11-02 08:56:49 47,104 ----a-w C:\Windows\System32\drivers\lltdio.sys
    + 2008-01-19 05:55:03 47,104 ----a-w C:\Windows\System32\drivers\lltdio.sys
    - 2006-11-02 08:33:07 83,456 ----a-w C:\Windows\System32\drivers\luafv.sys
    + 2008-01-19 05:30:36 84,480 ----a-w C:\Windows\System32\drivers\luafv.sys
    - 2006-11-02 08:52:01 18,944 ----a-w C:\Windows\System32\drivers\mcd.sys
    + 2008-01-19 05:49:59 18,944 ----a-w C:\Windows\System32\drivers\mcd.sys
    - 2006-11-02 08:58:52 31,744 ----a-w C:\Windows\System32\drivers\modem.sys
    + 2008-01-19 05:57:16 31,744 ----a-w C:\Windows\System32\drivers\modem.sys
    - 2007-12-16 09:56:45 41,984 ----a-w C:\Windows\System32\drivers\monitor.sys
    + 2008-01-19 05:52:19 41,984 ----a-w C:\Windows\System32\drivers\monitor.sys
    - 2008-02-13 10:49:04 34,360 ----a-w C:\Windows\System32\drivers\mouclass.sys
    + 2008-01-19 07:41:52 34,360 ----a-w C:\Windows\System32\drivers\mouclass.sys
    - 2008-02-13 10:49:04 15,872 ----a-w C:\Windows\System32\drivers\mouhid.sys
    + 2008-01-19 05:49:16 15,872 ----a-w C:\Windows\System32\drivers\mouhid.sys
    - 2006-11-02 09:49:57 54,888 ----a-w C:\Windows\System32\drivers\mountmgr.sys
    + 2008-01-19 07:42:28 57,400 ----a-w C:\Windows\System32\drivers\mountmgr.sys
    - 2007-12-16 06:17:10 63,488 ----a-w C:\Windows\System32\drivers\mpsdrv.sys
    + 2008-01-19 05:54:46 64,000 ----a-w C:\Windows\System32\drivers\mpsdrv.sys
    - 2008-02-13 10:50:33 110,080 ----a-w C:\Windows\System32\drivers\mrxdav.sys
    + 2008-01-19 05:28:45 110,080 ----a-w C:\Windows\System32\drivers\mrxdav.sys
    - 2007-12-16 06:10:26 101,888 ----a-w C:\Windows\System32\drivers\mrxsmb.sys
    + 2008-01-19 05:28:36 105,472 ----a-w C:\Windows\System32\drivers\mrxsmb.sys
    - 2006-11-02 08:31:27 211,456 ----a-w C:\Windows\System32\drivers\mrxsmb10.sys
    + 2008-01-19 05:28:42 211,968 ----a-w C:\Windows\System32\drivers\mrxsmb10.sys
    - 2007-12-16 06:10:26 58,368 ----a-w C:\Windows\System32\drivers\mrxsmb20.sys
    + 2008-01-19 05:28:37 78,848 ----a-w C:\Windows\System32\drivers\mrxsmb20.sys
    - 2006-11-02 08:30:56 22,528 ----a-w C:\Windows\System32\drivers\msfs.sys
    + 2008-01-19 05:28:09 22,528 ----a-w C:\Windows\System32\drivers\msfs.sys
    - 2006-11-02 09:49:20 13,928 ----a-w C:\Windows\System32\drivers\msisadrv.sys
    + 2008-01-19 07:41:14 16,440 ----a-w C:\Windows\System32\drivers\msisadrv.sys
    - 2006-11-02 09:51:12 168,552 ----a-w C:\Windows\System32\drivers\msiscsi.sys
    + 2008-01-19 07:42:35 181,304 ----a-w C:\Windows\System32\drivers\msiscsi.sys
    - 2006-11-02 08:51:15 8,192 ----a-w C:\Windows\System32\drivers\mskssrv.sys
    + 2008-01-19 05:49:20 8,192 ----a-w C:\Windows\System32\drivers\mskssrv.sys
    - 2006-11-02 08:51:13 5,888 ----a-w C:\Windows\System32\drivers\mspclock.sys
    + 2008-01-19 05:49:18 5,888 ----a-w C:\Windows\System32\drivers\mspclock.sys
    - 2006-11-02 08:51:14 5,504 ----a-w C:\Windows\System32\drivers\mspqm.sys
    + 2008-01-19 05:49:18 5,504 ----a-w C:\Windows\System32\drivers\mspqm.sys
    - 2006-11-02 09:51:09 160,872 ----a-w C:\Windows\System32\drivers\msrpc.sys
    + 2008-01-19 07:42:29 163,384 ----a-w C:\Windows\System32\drivers\msrpc.sys
    - 2006-11-02 09:49:54 28,776 ----a-w C:\Windows\System32\drivers\mssmbios.sys
    + 2008-01-19 07:41:49 31,288 ----a-w C:\Windows\System32\drivers\mssmbios.sys
    - 2006-11-02 08:51:13 6,016 ----a-w C:\Windows\System32\drivers\mstee.sys
    + 2008-01-19 05:49:19 6,016 ----a-w C:\Windows\System32\drivers\mstee.sys
    - 2006-11-02 09:50:24 46,696 ----a-w C:\Windows\System32\drivers\mup.sys
    + 2008-01-19 07:42:14 49,720 ----a-w C:\Windows\System32\drivers\mup.sys
    - 2006-11-02 09:51:42 500,840 ----a-w C:\Windows\System32\drivers\ndis.sys
    + 2008-01-19 07:43:31 529,464 ----a-w C:\Windows\System32\drivers\ndis.sys
    - 2007-12-16 06:22:02 20,480 ----a-w C:\Windows\System32\drivers\ndistapi.sys
    + 2008-01-19 05:56:24 20,992 ----a-w C:\Windows\System32\drivers\ndistapi.sys
    - 2006-11-02 08:57:22 16,896 ----a-w C:\Windows\System32\drivers\ndisuio.sys
    + 2008-01-19 05:55:40 16,896 ----a-w C:\Windows\System32\drivers\ndisuio.sys
    - 2006-11-02 08:58:14 118,784 ----a-w C:\Windows\System32\drivers\ndiswan.sys
    + 2008-01-19 05:56:33 121,344 ----a-w C:\Windows\System32\drivers\ndiswan.sys
    - 2007-12-16 06:22:01 48,640 ----a-w C:\Windows\System32\drivers\ndproxy.sys
    + 2008-01-19 05:56:28 49,664 ----a-w C:\Windows\System32\drivers\ndproxy.sys
    - 2006-11-02 08:57:26 35,840 ----a-w C:\Windows\System32\drivers\netbios.sys
    + 2008-01-19 05:55:45 35,840 ----a-w C:\Windows\System32\drivers\netbios.sys
    - 2006-11-02 08:57:20 184,320 ----a-w C:\Windows\System32\drivers\netbt.sys
    + 2008-01-19 05:55:35 184,320 ----a-w C:\Windows\System32\drivers\netbt.sys
    - 2008-02-13 10:46:19 216,632 ----a-w C:\Windows\System32\drivers\netio.sys
    + 2008-01-19 07:42:44 223,288 ----a-w C:\Windows\System32\drivers\netio.sys
    - 2006-11-02 08:30:57 34,816 ----a-w C:\Windows\System32\drivers\npfs.sys
    + 2008-01-19 05:28:10 34,816 ----a-w C:\Windows\System32\drivers\npfs.sys
    - 2006-11-02 08:57:30 16,384 ----a-w C:\Windows\System32\drivers\nsiproxy.sys
    + 2008-01-19 05:55:50 16,384 ----a-w C:\Windows\System32\drivers\nsiproxy.sys
    - 2007-12-16 22:50:41 1,060,920 ----a-w C:\Windows\System32\drivers\ntfs.sys
    + 2008-01-19 07:43:40 1,081,912 ----a-w C:\Windows\System32\drivers\ntfs.sys
    - 2006-11-02 08:51:05 4,608 ----a-w C:\Windows\System32\drivers\null.sys
    + 2008-01-19 05:49:12 4,608 ----a-w C:\Windows\System32\drivers\null.sys
    - 2008-02-13 10:46:39 154,624 ----a-w C:\Windows\System32\drivers\nwifi.sys
    + 2008-01-19 05:53:59 148,480 ----a-w C:\Windows\System32\drivers\nwifi.sys
    - 2006-11-02 08:55:16 62,080 ----a-w C:\Windows\System32\drivers\ohci1394.sys
    + 2008-01-19 05:53:33 61,952 ----a-w C:\Windows\System32\drivers\ohci1394.sys
    - 2007-12-16 06:21:56 70,144 ----a-w C:\Windows\System32\drivers\pacer.sys
    + 2008-01-19 05:55:53 72,192 ----a-w C:\Windows\System32\drivers\pacer.sys
    - 2006-11-02 08:51:30 79,360 ----a-w C:\Windows\System32\drivers\parport.sys
    + 2008-01-19 05:49:33 79,360 ----a-w C:\Windows\System32\drivers\parport.sys
    - 2006-11-02 09:50:23 49,256 ----a-w C:\Windows\System32\drivers\partmgr.sys
    + 2008-01-19 07:42:23 56,376 ----a-w C:\Windows\System32\drivers\partmgr.sys
    - 2006-11-02 08:51:23 8,704 ----a-w C:\Windows\System32\drivers\parvdm.sys
    + 2008-01-19 05:49:28 8,704 ----a-w C:\Windows\System32\drivers\parvdm.sys
    - 2006-11-02 09:50:57 140,392 ----a-w C:\Windows\System32\drivers\pci.sys
    + 2008-01-19 07:42:20 151,096 ----a-w C:\Windows\System32\drivers\pci.sys
    - 2008-02-13 10:46:40 15,928 ----a-w C:\Windows\System32\drivers\pciide.sys
    + 2008-01-19 07:41:13 16,440 ----a-w C:\Windows\System32\drivers\pciide.sys
    - 2008-02-13 10:46:40 45,112 ----a-w C:\Windows\System32\drivers\pciidex.sys
    + 2008-01-19 07:42:10 45,112 ----a-w C:\Windows\System32\drivers\pciidex.sys
    - 2006-11-02 08:55:04 167,424 ----a-w C:\Windows\System32\drivers\portcls.sys
    + 2008-01-19 05:53:19 167,936 ----a-w C:\Windows\System32\drivers\portcls.sys
    - 2006-11-02 12:33:47 31,232 ----a-w C:\Windows\System32\drivers\qwavedrv.sys
    + 2008-01-19 05:56:07 31,232 ----a-w C:\Windows\System32\drivers\qwavedrv.sys
    - 2006-11-02 08:58:13 11,776 ----a-w C:\Windows\System32\drivers\rasacd.sys
    + 2008-01-19 05:56:31 11,776 ----a-w C:\Windows\System32\drivers\rasacd.sys
    - 2007-05-06 20:58:04 74,752 ----a-w C:\Windows\System32\drivers\rasl2tp.sys
    + 2008-01-19 05:56:34 76,288 ----a-w C:\Windows\System32\drivers\rasl2tp.sys
    - 2006-11-02 08:58:12 41,472 ----a-w C:\Windows\System32\drivers\raspppoe.sys
    + 2008-01-19 05:56:33 41,472 ----a-w C:\Windows\System32\drivers\raspppoe.sys
    - 2007-05-06 20:58:04 60,928 ----a-w C:\Windows\System32\drivers\raspptp.sys
    + 2008-01-19 05:56:34 62,976 ----a-w C:\Windows\System32\drivers\raspptp.sys
    + 2008-01-19 05:56:43 69,120 ----a-w C:\Windows\System32\drivers\rassstp.sys
    - 2006-11-02 08:31:26 222,208 ----a-w C:\Windows\System32\drivers\rdbss.sys
    + 2008-01-19 05:28:37 224,768 ----a-w C:\Windows\System32\drivers\rdbss.sys
    - 2006-11-02 09:02:01 6,144 ----a-w C:\Windows\System32\drivers\RDPCDD.sys
    + 2008-01-19 06:01:08 6,144 ----a-w C:\Windows\System32\drivers\RDPCDD.sys
    - 2006-11-02 09:02:01 6,144 ----a-w C:\Windows\System32\drivers\RDPENCDD.sys
    + 2008-01-19 06:01:09 6,144 ----a-w C:\Windows\System32\drivers\RDPENCDD.sys
    - 2006-11-02 09:02:15 160,256 ----a-w C:\Windows\System32\drivers\rdpwd.sys
    + 2008-01-19 06:01:21 181,248 ----a-w C:\Windows\System32\drivers\rdpwd.sys
    - 2006-11-02 08:57:12 113,664 ----a-w C:\Windows\System32\drivers\rmcast.sys
    + 2008-01-19 05:55:29 113,664 ----a-w C:\Windows\System32\drivers\rmcast.sys
    - 2006-11-02 08:57:48 32,768 ----a-w C:\Windows\System32\drivers\RNDISMP.sys
    + 2008-01-19 05:56:07 33,280 ----a-w C:\Windows\System32\drivers\RNDISMP.sys
    - 2006-11-02 08:58:51 8,192 ----a-w C:\Windows\System32\drivers\rootmdm.sys
    + 2008-01-19 05:57:15 8,192 ----a-w C:\Windows\System32\drivers\rootmdm.sys
    - 2006-11-02 08:56:49 60,416 ----a-w C:\Windows\System32\drivers\rspndr.sys
    + 2008-01-19 05:55:03 60,416 ----a-w C:\Windows\System32\drivers\rspndr.sys
    - 2006-11-02 09:50:59 140,392 ----a-w C:\Windows\System32\drivers\scsiport.sys
    + 2008-01-19 07:42:10 142,904 ----a-w C:\Windows\System32\drivers\scsiport.sys
    - 2006-11-02 08:51:25 17,920 ----a-w C:\Windows\System32\drivers\serenum.sys
    + 2008-01-19 05:49:29 17,920 ----a-w C:\Windows\System32\drivers\serenum.sys
    - 2006-11-02 08:51:30 83,456 ----a-w C:\Windows\System32\drivers\serial.sys
    + 2008-01-19 05:49:35 83,456 ----a-w C:\Windows\System32\drivers\serial.sys
    - 2008-02-13 10:49:05 19,968 ----a-w C:\Windows\System32\drivers\sermouse.sys
    + 2008-01-19 05:49:16 19,968 ----a-w C:\Windows\System32\drivers\sermouse.sys
    - 2006-11-02 08:57:10 66,048 ----a-w C:\Windows\System32\drivers\smb.sys
    + 2008-01-19 05:55:27 66,560 ----a-w C:\Windows\System32\drivers\smb.sys
    - 2006-11-02 08:51:25 17,408 ----a-w C:\Windows\System32\drivers\smclib.sys
    + 2008-01-19 05:49:30 17,408 ----a-w C:\Windows\System32\drivers\smclib.sys
    - 2006-11-02 09:49:35 18,536 ----a-w C:\Windows\System32\drivers\spldr.sys
    + 2008-01-19 07:41:30 21,048 ----a-w C:\Windows\System32\drivers\spldr.sys
    - 2006-11-02 07:16:44 551,936 ----a-w C:\Windows\System32\drivers\spsys.sys
    + 2008-01-19 04:10:35 681,984 ----a-w C:\Windows\System32\drivers\spsys.sys
    - 2006-11-02 08:31:57 290,304 ----a-w C:\Windows\System32\drivers\srv.sys
    + 2008-01-19 05:29:28 288,256 ----a-w C:\Windows\System32\drivers\srv.sys
    - 2007-12-16 06:10:26 130,048 ----a-w C:\Windows\System32\drivers\srv2.sys
    + 2008-01-19 05:29:15 144,384 ----a-w C:\Windows\System32\drivers\srv2.sys
    - 2007-12-16 06:10:26 84,992 ----a-w C:\Windows\System32\drivers\srvnet.sys
    + 2008-01-19 05:29:12 98,304 ----a-w C:\Windows\System32\drivers\srvnet.sys
    - 2006-11-02 09:50:47 117,864 ----a-w C:\Windows\System32\drivers\Storport.sys
    + 2008-01-19 07:43:12 123,960 ----a-w C:\Windows\System32\drivers\Storport.sys
    - 2006-11-02 08:55:00 52,864 ----a-w C:\Windows\System32\drivers\stream.sys
    + 2008-01-19 05:53:16 52,992 ----a-w C:\Windows\System32\drivers\stream.sys
    - 2006-11-02 09:49:20 12,776 ----a-w C:\Windows\System32\drivers\swenum.sys
    + 2008-01-19 07:41:14 15,288 ----a-w C:\Windows\System32\drivers\swenum.sys
    - 2006-11-02 08:51:57 24,576 ----a-w C:\Windows\System32\drivers\tape.sys
    + 2008-01-19 05:49:56 24,576 ----a-w C:\Windows\System32\drivers\tape.sys
    - 2008-02-13 10:46:19 803,328 ----a-w C:\Windows\System32\drivers\tcpip.sys
    + 2008-01-19 07:43:39 891,448 ----a-w C:\Windows\System32\drivers\tcpip.sys
    - 2006-11-02 08:57:47 27,648 ----a-w C:\Windows\System32\drivers\tcpipreg.sys
    + 2008-01-19 05:56:07 30,208 ----a-w C:\Windows\System32\drivers\tcpipreg.sys
    - 2006-11-02 08:58:46 20,992 ----a-w C:\Windows\System32\drivers\tdi.sys
    + 2008-01-19 05:57:10 20,992 ----a-w C:\Windows\System32\drivers\tdi.sys
    - 2006-11-02 09:02:01 17,920 ----a-w C:\Windows\System32\drivers\tdpipe.sys
    + 2008-01-19 06:01:07 17,920 ----a-w C:\Windows\System32\drivers\tdpipe.sys
    - 2006-11-02 09:02:01 28,672 ----a-w C:\Windows\System32\drivers\tdtcp.sys
    + 2008-01-19 06:01:08 29,184 ----a-w C:\Windows\System32\drivers\tdtcp.sys
    - 2006-11-02 08:57:35 68,096 ----a-w C:\Windows\System32\drivers\tdx.sys
    + 2008-01-19 05:55:58 71,680 ----a-w C:\Windows\System32\drivers\tdx.sys
    - 2006-11-02 09:50:28 50,792 ----a-w C:\Windows\System32\drivers\termdd.sys
    + 2008-01-19 07:42:19 54,328 ----a-w C:\Windows\System32\drivers\termdd.sys
    - 2006-11-02 09:02:07 23,552 ----a-w C:\Windows\System32\drivers\tssecsrv.sys
    + 2008-01-19 06:01:15 23,552 ----a-w C:\Windows\System32\drivers\tssecsrv.sys
    - 2007-12-16 06:17:09 15,360 ----a-w C:\Windows\System32\drivers\TUNMP.SYS
    + 2008-01-19 05:55:41 15,360 ----a-w C:\Windows\System32\drivers\TUNMP.SYS
    - 2007-12-16 06:17:09 23,040 ----a-w C:\Windows\System32\drivers\tunnel.sys
    + 2008-01-19 05:55:50 23,040 ----a-w C:\Windows\System32\drivers\tunnel.sys
    - 2006-11-02 08:30:57 225,280 ----a-w C:\Windows\System32\drivers\udfs.sys
    + 2008-01-19 05:28:08 226,816 ----a-w C:\Windows\System32\drivers\udfs.sys
    - 2006-11-02 08:55:24 34,816 ----a-w C:\Windows\System32\drivers\umbus.sys
    + 2008-01-19 05:53:40 34,816 ----a-w C:\Windows\System32\drivers\umbus.sys
    - 2006-11-02 09:46:14 219,648 ----a-w C:\Windows\System32\drivers\UMDF\WpdFs.dll
    + 2008-01-19 07:37:09 220,160 ----a-w C:\Windows\System32\drivers\UMDF\WpdFs.dll
    - 2006-11-02 09:46:14 664,576 ----a-w C:\Windows\System32\drivers\UMDF\WpdMtpDr.dll
    + 2008-01-19 07:37:09 664,576 ----a-w C:\Windows\System32\drivers\UMDF\WpdMtpDr.dll
    - 2006-11-02 08:55:22 7,168 ----a-w C:\Windows\System32\drivers\umpass.sys
    + 2008-01-19 05:53:39 7,680 ----a-w C:\Windows\System32\drivers\umpass.sys
    - 2006-11-02 08:57:48 14,848 ----a-w C:\Windows\System32\drivers\usb8023.sys
    + 2008-01-19 05:56:08 15,872 ----a-w C:\Windows\System32\drivers\usb8023.sys
    - 2006-11-02 08:55:04 71,552 ----a-w C:\Windows\System32\drivers\USBAUDIO.sys
    + 2008-01-19 05:53:23 73,088 ----a-w C:\Windows\System32\drivers\USBAUDIO.sys
    - 2006-11-02 08:55:08 25,728 ----a-w C:\Windows\System32\drivers\USBCAMD.sys
    + 2008-01-19 05:53:23 25,728 ----a-w C:\Windows\System32\drivers\USBCAMD.sys
    - 2006-11-02 08:55:08 25,728 ----a-w C:\Windows\System32\drivers\USBCAMD2.sys
    + 2008-01-19 05:53:23 25,728 ----a-w C:\Windows\System32\drivers\USBCAMD2.sys
    - 2007-12-16 06:15:23 73,216 ----a-w C:\Windows\System32\drivers\usbccgp.sys
    + 2008-01-19 05:53:29 73,216 ----a-w C:\Windows\System32\drivers\usbccgp.sys
    - 2007-12-16 06:15:24 5,888 ----a-w C:\Windows\System32\drivers\usbd.sys
    + 2008-01-19 05:53:17 5,888 ----a-w C:\Windows\System32\drivers\usbd.sys
    - 2007-12-16 06:15:24 38,400 ----a-w C:\Windows\System32\drivers\usbehci.sys
    + 2008-01-19 05:53:21 39,424 ----a-w C:\Windows\System32\drivers\usbehci.sys
    - 2007-12-16 06:15:24 192,000 ----a-w C:\Windows\System32\drivers\usbhub.sys
    + 2008-01-19 05:53:42 194,560 ----a-w C:\Windows\System32\drivers\usbhub.sys
    - 2007-12-16 06:15:24 19,456 ----a-w C:\Windows\System32\drivers\usbohci.sys
    + 2008-01-19 05:53:21 19,456 ----a-w C:\Windows\System32\drivers\usbohci.sys
    - 2007-12-16 06:15:24 224,768 ----a-w C:\Windows\System32\drivers\usbport.sys
    + 2008-01-19 05:53:25 226,304 ----a-w C:\Windows\System32\drivers\usbport.sys
    - 2006-11-02 09:14:58 18,944 ----a-w C:\Windows\System32\drivers\usbprint.sys
    + 2008-01-19 06:14:40 18,944 ----a-w C:\Windows\System32\drivers\usbprint.sys
    - 2006-11-02 09:14:17 35,328 ----a-w C:\Windows\System32\drivers\usbscan.sys
    + 2008-01-19 06:14:09 35,328 ----a-w C:\Windows\System32\drivers\usbscan.sys
    - 2007-12-16 06:18:32 55,296 ----a-w C:\Windows\System32\drivers\USBSTOR.SYS
    + 2008-01-19 05:53:22 55,296 ----a-w C:\Windows\System32\drivers\USBSTOR.SYS
    - 2006-11-02 08:53:56 25,088 ----a-w C:\Windows\System32\drivers\vga.sys
    + 2008-01-19 05:52:06 25,088 ----a-w C:\Windows\System32\drivers\vga.sys
    - 2006-11-02 08:54:08 109,056 ----a-w C:\Windows\System32\drivers\videoprt.sys
    + 2008-01-19 05:52:12 110,080 ----a-w C:\Windows\System32\drivers\videoprt.sys
    - 2006-11-02 09:50:24 50,280 ----a-w C:\Windows\System32\drivers\volmgr.sys
    + 2008-01-19 07:42:18 52,792 ----a-w C:\Windows\System32\drivers\volmgr.sys
    - 2006-11-02 09:51:30 290,408 ----a-w C:\Windows\System32\drivers\volmgrx.sys
    + 2008-01-19 07:43:03 294,456 ----a-w C:\Windows\System32\drivers\volmgrx.sys
    - 2008-01-10 08:01:27 211,000 ----a-w C:\Windows\System32\drivers\volsnap.sys
    + 2008-01-19 07:42:48 227,896 ----a-w C:\Windows\System32\drivers\volsnap.sys
    - 2007-12-16 06:22:01 61,952 ----a-w C:\Windows\System32\drivers\wanarp.sys
    + 2008-01-19 05:56:31 62,464 ----a-w C:\Windows\System32\drivers\wanarp.sys
    - 2006-11-02 08:37:46 32,256 ----a-w C:\Windows\System32\drivers\watchdog.sys
    + 2008-01-19 05:35:30 32,768 ----a-w C:\Windows\System32\drivers\watchdog.sys
    - 2008-02-13 10:49:05 495,160 ----a-w C:\Windows\System32\drivers\Wdf01000.sys
    + 2008-01-19 07:43:27 503,864 ----a-w C:\Windows\System32\drivers\Wdf01000.sys
    - 2008-02-13 10:49:05 35,384 ----a-w C:\Windows\System32\drivers\WdfLdr.sys
    + 2008-01-19 07:41:59 35,896 ----a-w C:\Windows\System32\drivers\WdfLdr.sys
    - 2006-11-02 09:49:26 15,464 ----a-w C:\Windows\System32\drivers\wmilib.sys
    + 2008-01-19 07:41:20 17,976 ----a-w C:\Windows\System32\drivers\wmilib.sys
    - 2006-11-02 09:04:23 39,936 ----a-w C:\Windows\System32\drivers\WpdUsb.sys
    + 2008-01-19 06:04:19 39,936 ----a-w C:\Windows\System32\drivers\WpdUsb.sys
    - 2006-11-02 08:58:26 15,872 ----a-w C:\Windows\System32\drivers\ws2ifsl.sys
    + 2008-01-19 05:56:49 15,872 ----a-w C:\Windows\System32\drivers\ws2ifsl.sys
    - 2006-11-02 08:54:38 51,712 ----a-w C:\Windows\System32\drivers\WUDFPf.sys
    + 2008-01-19 05:52:50 51,200 ----a-w C:\Windows\System32\drivers\WUDFPf.sys
    - 2006-11-02 08:54:52 82,560 ----a-w C:\Windows\System32\drivers\WUDFRd.sys
    + 2008-01-19 05:53:04 83,328 ----a-w C:\Windows\System32\drivers\WUDFRd.sys
    + 2008-01-19 05:53:27 53,376 ----a-w C:\Windows\System32\DriverStore\FileRepository\1394.inf_82b142f8\1394bus.sys
    + 2008-01-19 05:53:33 61,952 ----a-w C:\Windows\System32\DriverStore\FileRepository\1394.inf_82b142f8\ohci1394.sys
    + 2008-01-19 05:53:31 45,696 ----a-w C:\Windows\System32\DriverStore\FileRepository\61883.inf_2e529361\61883.sys
    + 2008-01-19 07:43:03 266,808 ----a-w C:\Windows\System32\DriverStore\FileRepository\acpi.inf_cae6072a\acpi.sys
    + 2008-01-19 07:41:39 28,216 ----a-w C:\Windows\System32\DriverStore\FileRepository\acpi.inf_cae6072a\battc.sys
    + 2008-01-19 07:41:25 20,792 ----a-w C:\Windows\System32\DriverStore\FileRepository\acpi.inf_cae6072a\compbatt.sys
    + 2008-01-19 05:32:49 6,656 ----a-w C:\Windows\System32\DriverStore\FileRepository\acpi.inf_cae6072a\errdev.sys
    + 2008-01-19 05:32:47 11,264 ----a-w C:\Windows\System32\DriverStore\FileRepository\acpi.inf_cae6072a\wmiacpi.sys
    + 2008-01-19 07:43:20 422,968 ----a-w C:\Windows\System32\DriverStore\FileRepository\adp94xx.inf_93ff0816\adp94xx.sys
    + 2008-01-19 07:43:08 300,600 ----a-w C:\Windows\System32\DriverStore\FileRepository\adpahci.inf_b05fe39d\adpahci.sys
    + 2008-01-19 07:43:01 101,432 ----a-w C:\Windows\System32\DriverStore\FileRepository\adpu160m.inf_3971fffe\adpu160m.sys
    + 2008-01-19 07:42:18 149,560 ----a-w C:\Windows\System32\DriverStore\FileRepository\adpu320.inf_f47b91f7\adpu320.sys
    + 2008-01-19 07:42:35 61,496 ----a-w C:\Windows\System32\DriverStore\FileRepository\agp.inf_02606c83\GAGP30KX.SYS
    + 2008-01-19 07:42:32 59,448 ----a-w C:\Windows\System32\DriverStore\FileRepository\agp.inf_02606c83\UAGP35.SYS
    + 2008-01-19 07:42:39 79,416 ----a-w C:\Windows\System32\DriverStore\FileRepository\arc.inf_3d4cfd7e\arc.sys
    + 2008-01-19 07:42:40 79,928 ----a-w C:\Windows\System32\DriverStore\FileRepository\arcsas.inf_219c22b2\arcsas.sys
    + 2008-01-19 05:53:31 40,448 ----a-w C:\Windows\System32\DriverStore\FileRepository\avc.inf_83fd69e0\avc.sys
    + 2008-01-19 05:53:26 14,208 ----a-w C:\Windows\System32\DriverStore\FileRepository\avc.inf_83fd69e0\avcstrm.sys
    + 2008-01-19 07:41:39 28,216 ----a-w C:\Windows\System32\DriverStore\FileRepository\battery.inf_8adf1377\battc.sys
    + 2008-01-19 05:32:47 14,208 ----a-w C:\Windows\System32\DriverStore\FileRepository\battery.inf_8adf1377\CmBatt.sys
    + 2008-01-19 05:32:49 21,504 ----a-w C:\Windows\System32\DriverStore\FileRepository\battery.inf_8adf1377\hidbatt.sys
    + 2008-01-19 05:53:30 12,288 ----a-w C:\Windows\System32\DriverStore\FileRepository\bda.inf_3f6020cc\BdaSup.sys
    + 2008-01-19 05:30:07 45,568 ----a-w C:\Windows\System32\DriverStore\FileRepository\blbdrive.inf_7949c6c5\blbdrive.sys
    + 2006-11-02 08:24:45 13,568 ----a-w C:\Windows\System32\DriverStore\FileRepository\brmfcsto.inf_384d4a40\BrFiltLo.sys
    + 2006-11-02 08:24:46 5,248 ----a-w C:\Windows\System32\DriverStore\FileRepository\brmfcsto.inf_384d4a40\BrFiltUp.sys
    + 2008-01-19 05:53:38 19,456 ----a-w C:\Windows\System32\DriverStore\FileRepository\bth.inf_f5996c35\bthenum.sys
    + 2008-01-19 05:53:35 219,648 ----a-w C:\Windows\System32\DriverStore\FileRepository\bth.inf_f5996c35\bthport.sys
    + 2008-01-19 05:53:36 29,184 ----a-w C:\Windows\System32\DriverStore\FileRepository\bth.inf_f5996c35\BTHUSB.SYS
    + 2006-11-02 09:45:11 181,760 ----a-w C:\Windows\System32\DriverStore\FileRepository\bth.inf_f5996c35\fsquirt.exe
    + 2008-01-19 05:53:44 92,160 ----a-w C:\Windows\System32\DriverStore\FileRepository\bthpan.inf_4639805d\bthpan.sys
    + 2008-01-19 05:53:35 29,696 ----a-w C:\Windows\System32\DriverStore\FileRepository\bthprint.inf_63739af6\BTHPRINT.SYS
    + 2008-01-19 05:49:51 67,072 ----a-w C:\Windows\System32\DriverStore\FileRepository\cdrom.inf_a29e71c6\cdrom.sys
    + 2008-01-19 05:53:24 35,328 ----a-w C:\Windows\System32\DriverStore\FileRepository\circlass.inf_9e5da3b5\circlass.sys
    + 2008-01-19 05:34:11 26,112 ----a-w C:\Windows\System32\DriverStore\FileRepository\clusdisk.inf_e7d66a0e\ClusDisk.sys
    + 2008-01-19 05:27:21 41,472 ----a-w C:\Windows\System32\DriverStore\FileRepository\cpu.inf_ce69b789\amdk7.sys
    + 2008-01-19 05:27:20 44,032 ----a-w C:\Windows\System32\DriverStore\FileRepository\cpu.inf_ce69b789\amdk8.sys
    + 2008-01-19 05:27:20 40,960 ----a-w C:\Windows\System32\DriverStore\FileRepository\cpu.inf_ce69b789\crusoe.sys
    + 2008-01-19 05:27:21 41,472 ----a-w C:\Windows\System32\DriverStore\FileRepository\cpu.inf_ce69b789\intelppm.sys
    + 2008-01-19 05:27:21 40,960 ----a-w C:\Windows\System32\DriverStore\FileRepository\cpu.inf_ce69b789\processr.sys
    + 2008-01-19 05:27:21 41,472 ----a-w C:\Windows\System32\DriverStore\FileRepository\cpu.inf_ce69b789\viac7.sys
    + 2008-01-19 07:41:35 24,632 ----a-w C:\Windows\System32\DriverStore\FileRepository\crcdisk.inf_296260cb\crcdisk.sys
    + 2008-01-19 07:42:20 55,352 ----a-w C:\Windows\System32\DriverStore\FileRepository\disk.inf_90722180\disk.sys
    + 2008-01-19 05:52:06 26,112 ----a-w C:\Windows\System32\DriverStore\FileRepository\display.inf_67bec7cb\vgapnp.sys
    + 2006-11-02 09:46:03 28,672 ----a-w C:\Windows\System32\DriverStore\FileRepository\divasx86.inf_a8c72aef\diapi232.dll
    + 2006-11-02 07:31:04 258,560 ----a-w C:\Windows\System32\DriverStore\FileRepository\divasx86.inf_a8c72aef\dicapi.sys
    + 2006-11-02 07:31:05 493,568 ----a-w C:\Windows\System32\DriverStore\FileRepository\divasx86.inf_a8c72aef\dicowans.sys
    + 2006-11-02 07:31:05 433,664 ----a-w C:\Windows\System32\DriverStore\FileRepository\divasx86.inf_a8c72aef\dimaint.sys
    + 2006-11-02 09:46:03 9,216 ----a-w C:\Windows\System32\DriverStore\FileRepository\divasx86.inf_a8c72aef\disrvci.dll
    + 2006-11-02 09:46:03 38,912 ----a-w C:\Windows\System32\DriverStore\FileRepository\divasx86.inf_a8c72aef\disrvpp.dll
    + 2006-11-02 09:46:03 49,152 ----a-w C:\Windows\System32\DriverStore\FileRepository\divasx86.inf_a8c72aef\disrvsu.dll
    + 2006-11-02 09:45:02 256,000 ----a-w C:\Windows\System32\DriverStore\FileRepository\divasx86.inf_a8c72aef\ditrace.exe
    + 2006-09-18 21:28:41 2,373,091 ----a-w C:\Windows\System32\DriverStore\FileRepository\divasx86.inf_a8c72aef\dspdload.bin
    + 2006-11-02 09:46:02 132,608 ----a-w C:\Windows\System32\DriverStore\FileRepository\divasx86.inf_a8c72aef\xlog.exe
    + 2008-01-19 05:49:12 131,584 ----a-w C:\Windows\System32\DriverStore\FileRepository\dot4.inf_35726dac\Dot4.sys
    + 2008-01-19 05:49:10 10,752 ----a-w C:\Windows\System32\DriverStore\FileRepository\dot4.inf_35726dac\Dot4Scan.sys
    + 2008-01-19 05:49:10 36,864 ----a-w C:\Windows\System32\DriverStore\FileRepository\dot4.inf_35726dac\Dot4usb.sys
    + 2008-01-19 05:49:09 16,384 ----a-w C:\Windows\System32\DriverStore\FileRepository\dot4prt.inf_78ea7699\Dot4Prt.sys
    + 2008-01-19 07:43:11 342,584 ----a-w C:\Windows\System32\DriverStore\FileRepository\elxstor.inf_72774007\elxstor.sys
    + 2008-01-19 05:49:37 25,088 ----a-w C:\Windows\System32\DriverStore\FileRepository\fdc.inf_0c3c0ab2\fdc.sys
    + 2008-01-19 05:49:37 20,480 ----a-w C:\Windows\System32\DriverStore\FileRepository\flpydisk.inf_36da1340\flpydisk.sys
    + 2008-01-19 05:49:48 13,312 ----a-w C:\Windows\System32\DriverStore\FileRepository\flpydisk.inf_36da1340\sfloppy.sys
    + 2008-01-19 05:49:49 14,848 ----a-w C:\Windows\System32\DriverStore\FileRepository\genprint.inf_d8b7b444\scsiprnt.sys
    + 2008-01-19 07:42:12 141,880 ----a-w C:\Windows\System32\DriverStore\FileRepository\hal.inf_0c52392f\halacpi.dll
    + 2008-01-19 07:42:34 177,208 ----a-w C:\Windows\System32\DriverStore\FileRepository\hal.inf_0c52392f\halmacpi.dll
    + 2008-01-19 04:30:49 53,760 ----a-w C:\Windows\System32\DriverStore\FileRepository\hdaudbus.inf_d3db50b3\hdaudbus.sys
    + 2008-01-19 05:53:37 29,184 ----a-w C:\Windows\System32\DriverStore\FileRepository\hidbth.inf_c710ed03\hidbth.sys
    + 2008-01-19 05:49:35 83,456 ----a-w C:\Windows\System32\DriverStore\FileRepository\hiddigi.inf_33048ac2\serial.sys
    + 2008-01-19 05:51:02 20,608 ----a-w C:\Windows\System32\DriverStore\FileRepository\hiddigi.inf_33048ac2\wacompen.sys
    + 2008-01-19 07:42:04 40,504 ----a-w C:\Windows\System32\DriverStore\FileRepository\hpcisss.inf_1d464c11\HpCISSs.sys
    + 2008-01-19 05:49:10 10,752 ----a-w C:\Windows\System32\DriverStore\FileRepository\hpojscan.inf_9fe6bdb3\Dot4scan.sys
    + 2006-11-02 09:46:11 428,032 ----a-w C:\Windows\System32\DriverStore\FileRepository\hpojscan.inf_9fe6bdb3\hpojwia.dll
    + 2008-01-19 07:41:20 19,000 ----a-w C:\Windows\System32\DriverStore\FileRepository\i2omp.inf_9089886a\i2omgmt.sys
    + 2008-01-19 07:41:45 30,264 ----a-w C:\Windows\System32\DriverStore\FileRepository\i2omp.inf_9089886a\i2omp.sys
    + 2008-01-19 07:42:51 235,064 ----a-w C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_c9df7691\iaStorV.sys
    + 2008-01-19 05:53:26 26,624 ----a-w C:\Windows\System32\DriverStore\FileRepository\image.inf_f0309024\sonydcam.sys
    + 2008-01-19 05:53:16 38,912 ----a-w C:\Windows\System32\DriverStore\FileRepository\input.inf_a7cfdec8\hidclass.sys
    + 2008-01-19 05:53:18 21,504 ----a-w C:\Windows\System32\DriverStore\FileRepository\input.inf_a7cfdec8\hidir.sys
    + 2008-01-19 05:53:16 25,472 ----a-w C:\Windows\System32\DriverStore\FileRepository\input.inf_a7cfdec8\hidparse.sys
    + 2008-01-19 05:53:17 12,288 ----a-w C:\Windows\System32\DriverStore\FileRepository\input.inf_a7cfdec8\hidusb.sys
    + 2008-01-19 05:39:33 64,512 ----a-w C:\Windows\System32\DriverStore\FileRepository\ipmidrv.inf_dabf9271\IPMIDrv.sys
    + 2008-01-19 05:55:24 30,720 ----a-w C:\Windows\System32\DriverStore\FileRepository\irnsc.inf_4ce1b2a0\nscirda.sys
    + 2008-01-19 05:49:28 30,208 ----a-w C:\Windows\System32\DriverStore\FileRepository\irstusb.inf_84a26b83\irstusb.sys
    + 2008-01-19 05:50:35 14,848 ----a-w C:\Windows\System32\DriverStore\FileRepository\iscsi.inf_2e9833a4\iscsilog.dll
    + 2008-01-19 07:42:35 181,304 ----a-w C:\Windows\System32\DriverStore\FileRepository\iscsi.inf_2e9833a4\msiscsi.sys
    + 2008-01-19 05:49:18 54,784 ----a-w C:\Windows\System32\DriverStore\FileRepository\keyboard.inf_da7e599e\i8042prt.sys
    + 2006-11-02 09:39:43 6,656 ----a-w C:\Windows\System32\DriverStore\FileRepository\keyboard.inf_da7e599e\kbd106.dll
    + 2008-01-19 07:41:52 35,384 ----a-w C:\Windows\System32\DriverStore\FileRepository\keyboard.inf_da7e599e\kbdclass.sys
    + 2008-01-19 05:49:17 15,872 ----a-w C:\Windows\System32\DriverStore\FileRepository\keyboard.inf_da7e599e\kbdhid.sys
    + 2008-01-19 07:42:55 96,312 ----a-w C:\Windows\System32\DriverStore\FileRepository\lsi_fc.inf_dd17f23b\lsi_fc.sys
    + 2008-01-19 07:42:46 89,656 ----a-w C:\Windows\System32\DriverStore\FileRepository\lsi_sas.inf_d274ed64\lsi_sas.sys
    + 2008-01-19 07:42:56 96,312 ----a-w C:\Windows\System32\DriverStore\FileRepository\lsi_scsi.inf_3a19ff4c\lsi_scsi.sys
    + 2008-01-19 07:42:25 56,376 ----a-w C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys
    + 2008-01-19 07:42:30 57,400 ----a-w C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AMDAGP.SYS
    + 2008-01-19 07:42:15 49,720 ----a-w C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\isapnp.sys
    + 2008-01-19 07:41:14 16,440 ----a-w C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\msisadrv.sys
    + 2008-01-19 07:41:49 31,288 ----a-w C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\mssmbios.sys
    + 2008-01-19 07:43:07 109,112 ----a-w C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\NV_AGP.SYS
    + 2008-01-19 07:42:20 151,096 ----a-w C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\pci.sys
    + 2008-01-19 06:02:29 248,832 ----a-w C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\rdpdr.sys
    + 2008-01-19 07:42:21 55,864 ----a-w C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\SISAGP.SYS
    + 2006-11-02 09:49:42 22,632 ----a-w C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\streamci.dll
    + 2008-01-19 07:41:14 15,288 ----a-w C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\swenum.sys
    + 2008-01-19 07:42:19 54,328 ----a-w C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\termdd.sys
    + 2008-01-19 07:42:33 60,984 ----a-w C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\ULIAGPKX.SYS
    + 2008-01-19 07:42:27 56,888 ----a-w C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\VIAAGP.SYS
    + 2008-01-19 07:42:18 52,792 ----a-w C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\volmgr.sys
    + 2008-01-19 05:50:00 11,776 ----a-w C:\Windows\System32\DriverStore\FileRepository\mchgr.inf_82234179\adicsc.sys
    + 2008-01-19 05:50:01 10,752 ----a-w C:\Windows\System32\DriverStore\FileRepository\mchgr.inf_82234179\adicvls.sys
    + 2008-01-19 05:50:03 10,752 ----a-w C:\Windows\System32\DriverStore\FileRepository\mchgr.inf_82234179\atlmc.sys
    + 2008-01-19 05:50:03 9,728 ----a-w C:\Windows\System32\DriverStore\FileRepository\mchgr.inf_82234179\breecemc.sys
    + 2008-01-19 05:50:00 10,752 ----a-w C:\Windows\System32\DriverStore\FileRepository\mchgr.inf_82234179\ddsmc.sys
    + 2008-01-19 05:50:00 10,752 ----a-w C:\Windows\System32\DriverStore\FileRepository\mchgr.inf_82234179\elmsmc.sys
    + 2008-01-19 05:50:00 12,800 ----a-w C:\Windows\System32\DriverStore\FileRepository\mchgr.inf_82234179\examc.sys
    + 2008-01-19 05:50:00 14,336 ----a-w C:\Windows\System32\DriverStore\FileRepository\mchgr.inf_82234179\hpmc.sys
    + 2008-01-19 05:50:02 9,728 ----a-w C:\Windows\System32\DriverStore\FileRepository\mchgr.inf_82234179\jvcmc.sys
    + 2008-01-19 05:50:04 11,776 ----a-w C:\Windows\System32\DriverStore\FileRepository\mchgr.inf_82234179\libxprmc.sys
    + 2008-01-19 05:50:05 9,216 ----a-w C:\Windows\System32\DriverStore\FileRepository\mchgr.inf_82234179\m4mc.sys
    + 2008-01-19 05:50:01 10,752 ----a-w C:\Windows\System32\DriverStore\FileRepository\mchgr.inf_82234179\nsmmc.sys
    + 2008-01-19 05:50:02 12,288 ----a-w C:\Windows\System32\DriverStore\FileRepository\mchgr.inf_82234179\plasmc.sys
    + 2008-01-19 05:50:02 10,240 ----a-w C:\Windows\System32\DriverStore\FileRepository\mchgr.inf_82234179\pnrmc.sys
    + 2008-01-19 05:50:05 13,312 ----a-w C:\Windows\System32\DriverStore\FileRepository\mchgr.inf_82234179\powerfil.sys
    + 2008-01-19 05:50:03 11,776 ----a-w C:\Windows\System32\DriverStore\FileRepository\mchgr.inf_82234179\qlstrmc.sys
    + 2008-01-19 05:50:03 9,216 ----a-w C:\Windows\System32\DriverStore\FileRepository\mchgr.inf_82234179\qntmmc.sys
    + 2008-01-19 05:50:03 10,240 ----a-w C:\Windows\System32\DriverStore\FileRepository\mchgr.inf_82234179\seaddsmc.sys
    + 2008-01-19 05:50:05 10,240 ----a-w C:\Window
    18 Mai 2008 21:57:14

    ugin.dll
    - 2006-11-02 09:46:13 72,704 ----a-w C:\Windows\System32\migration\SxsMigPlugin.dll
    + 2008-01-19 07:36:37 72,704 ----a-w C:\Windows\System32\migration\SxsMigPlugin.dll
    - 2006-11-02 09:46:13 31,232 ----a-w C:\Windows\System32\migration\TableTextServiceMig.dll
    + 2008-01-19 07:36:38 31,232 ----a-w C:\Windows\System32\migration\TableTextServiceMig.dll
    - 2008-02-21 04:43:42 64,512 ----a-w C:\Windows\System32\migration\WininetPlugin.dll
    + 2008-02-22 05:01:41 64,512 ----a-w C:\Windows\System32\migration\WininetPlugin.dll
    - 2006-11-02 09:46:13 368,640 ----a-w C:\Windows\System32\migration\WMIMigrationPlugin.dll
    + 2008-01-19 07:36:22 372,224 ----a-w C:\Windows\System32\migration\WMIMigrationPlugin.dll
    - 2006-11-02 09:46:14 160,768 ----a-w C:\Windows\System32\migration\WsUpgrade.dll
    + 2008-01-19 07:37:11 161,280 ----a-w C:\Windows\System32\migration\WsUpgrade.dll
    - 2006-11-02 12:34:25 157,696 ----a-w C:\Windows\System32\migwiz\cmi2migxml.dll
    + 2008-01-19 07:33:53 159,232 ----a-w C:\Windows\System32\migwiz\cmi2migxml.dll
    - 2006-11-02 12:34:25 248,832 ----a-w C:\Windows\System32\migwiz\csiagent.dll
    + 2008-01-19 07:34:01 248,832 ----a-w C:\Windows\System32\migwiz\csiagent.dll
    + 2008-01-19 07:36:21 60,928 ----a-w C:\Windows\System32\migwiz\dlmanifests\BITSExtensions-Server\bitsmig.dll
    - 2006-11-02 12:34:18 106,496 ----a-w C:\Windows\System32\migwiz\dlmanifests\Microsoft-Windows-ADFS-DL\adfsmig.dll
    + 2008-01-19 07:36:21 150,016 ----a-w C:\Windows\System32\migwiz\dlmanifests\Microsoft-Windows-ADFS-DL\adfsmig.dll
    - 2006-11-02 12:34:07 71,680 ----a-w C:\Windows\System32\migwiz\dlmanifests\Microsoft-Windows-Bluetooth-Config\BthMigPlugin.dll
    + 2008-01-19 07:36:21 73,216 ----a-w C:\Windows\System32\migwiz\dlmanifests\Microsoft-Windows-Bluetooth-Config\BthMigPlugin.dll
    - 2006-11-02 12:34:13 55,808 ----a-w C:\Windows\System32\migwiz\dlmanifests\Microsoft-Windows-COM-ComPlus-Setup-DL\commig.dll
    + 2008-01-19 07:36:21 55,808 ----a-w C:\Windows\System32\migwiz\dlmanifests\Microsoft-Windows-COM-ComPlus-Setup-DL\commig.dll
    - 2006-11-02 12:34:16 51,200 ----a-w C:\Windows\System32\migwiz\dlmanifests\Microsoft-Windows-COM-DTC-Setup-DL\msdtcstp.dll
    + 2008-01-19 07:36:21 59,904 ----a-w C:\Windows\System32\migwiz\dlmanifests\Microsoft-Windows-COM-DTC-Setup-DL\msdtcstp.dll
    - 2006-11-02 12:34:15 122,880 ----a-w C:\Windows\System32\migwiz\dlmanifests\Microsoft-Windows-DHCPServerMigPlugin-DL\DhcpSrvMigPlugin.dll
    + 2008-01-19 07:36:21 122,880 ----a-w C:\Windows\System32\migwiz\dlmanifests\Microsoft-Windows-DHCPServerMigPlugin-DL\DhcpSrvMigPlugin.dll
    - 2006-11-02 12:34:19 85,504 ----a-w C:\Windows\System32\migwiz\dlmanifests\Microsoft-Windows-DirectoryServices-ADAM-DL\adammigrate.dll
    + 2008-01-19 07:36:21 89,088 ----a-w C:\Windows\System32\migwiz\dlmanifests\Microsoft-Windows-DirectoryServices-ADAM-DL\adammigrate.dll
    - 2006-11-02 12:34:22 416,256 ----a-w C:\Windows\System32\migwiz\dlmanifests\Microsoft-Windows-IasServer-MigPlugin\IasMigPlugin.dll
    + 2008-01-19 07:36:21 445,952 ----a-w C:\Windows\System32\migwiz\dlmanifests\Microsoft-Windows-IasServer-MigPlugin\IasMigPlugin.dll
    + 2008-01-19 07:36:21 41,984 ----a-w C:\Windows\System32\migwiz\dlmanifests\Microsoft-Windows-IE-ESC\EscMigPlugin.dll
    - 2006-11-02 12:34:07 128,512 ----a-w C:\Windows\System32\migwiz\dlmanifests\Microsoft-Windows-IIS-DL\iismig.dll
    + 2008-01-19 07:36:21 209,408 ----a-w C:\Windows\System32\migwiz\dlmanifests\Microsoft-Windows-IIS-DL\iismig.dll
    - 2006-11-02 12:34:07 89,088 ----a-w C:\Windows\System32\migwiz\dlmanifests\Microsoft-Windows-International-Core-DL\nlscoremig.dll
    + 2008-01-19 07:36:21 89,088 ----a-w C:\Windows\System32\migwiz\dlmanifests\Microsoft-Windows-International-Core-DL\nlscoremig.dll
    - 2006-11-02 12:34:21 284,672 ----a-w C:\Windows\System32\migwiz\dlmanifests\Microsoft-Windows-MediaPlayer-DRM-DL\drmmgrtn.dll
    + 2008-01-19 07:36:22 284,672 ----a-w C:\Windows\System32\migwiz\dlmanifests\Microsoft-Windows-MediaPlayer-DRM-DL\drmmgrtn.dll
    - 2006-11-02 12:34:16 539,136 ----a-w C:\Windows\System32\migwiz\dlmanifests\Microsoft-Windows-MediaPlayer\MediaPlayer-DLMigPlugin.dll
    + 2008-01-19 07:36:22 539,136 ----a-w C:\Windows\System32\migwiz\dlmanifests\Microsoft-Windows-MediaPlayer\MediaPlayer-DLMigPlugin.dll
    - 2006-11-02 12:34:23 122,368 ----a-w C:\Windows\System32\migwiz\dlmanifests\Microsoft-Windows-msmq-messagingcoreservice\mqmigplugin.dll
    + 2008-01-19 07:36:22 122,880 ----a-w C:\Windows\System32\migwiz\dlmanifests\Microsoft-Windows-msmq-messagingcoreservice\mqmigplugin.dll
    - 2006-11-02 12:34:14 127,488 ----a-w C:\Windows\System32\migwiz\dlmanifests\Microsoft-Windows-NDIS\ndismigplugin.dll
    + 2008-01-19 07:36:22 129,024 ----a-w C:\Windows\System32\migwiz\dlmanifests\Microsoft-Windows-NDIS\ndismigplugin.dll
    - 2006-11-02 12:34:11 61,952 ----a-w C:\Windows\System32\migwiz\dlmanifests\Microsoft-Windows-NetworkBridge\bridgemigplugin.dll
    + 2008-01-19 07:36:22 61,952 ----a-w C:\Windows\System32\migwiz\dlmanifests\Microsoft-Windows-NetworkBridge\bridgemigplugin.dll
    + 2008-01-19 07:36:22 135,680 ----a-w C:\Windows\System32\migwiz\dlmanifests\Microsoft-Windows-NetworkLoadBalancing-Core\NlbMigPlugin.dll
    - 2006-11-02 12:34:07 87,552 ----a-w C:\Windows\System32\migwiz\dlmanifests\Microsoft-Windows-OfflineFiles-DL\CscMig.dll
    + 2008-01-19 07:36:22 87,552 ----a-w C:\Windows\System32\migwiz\dlmanifests\Microsoft-Windows-OfflineFiles-DL\CscMig.dll
    - 2006-11-02 12:34:07 120,320 ----a-w C:\Windows\System32\migwiz\dlmanifests\Microsoft-Windows-PerformanceCounterInfrastructure-DL\CntrtextMig.dll
    + 2008-01-19 07:36:22 120,832 ----a-w C:\Windows\System32\migwiz\dlmanifests\Microsoft-Windows-PerformanceCounterInfrastructure-DL\CntrtextMig.dll
    - 2006-11-02 12:34:11 124,928 ----a-w C:\Windows\System32\migwiz\dlmanifests\Microsoft-Windows-RasApi\pbkmigr.dll
    + 2008-01-19 07:36:22 124,928 ----a-w C:\Windows\System32\migwiz\dlmanifests\Microsoft-Windows-RasApi\pbkmigr.dll
    - 2006-11-02 12:34:09 55,808 ----a-w C:\Windows\System32\migwiz\dlmanifests\Microsoft-Windows-RasConnectionManager\cmmigr.dll
    + 2008-01-19 07:36:22 56,320 ----a-w C:\Windows\System32\migwiz\dlmanifests\Microsoft-Windows-RasConnectionManager\cmmigr.dll
    - 2006-11-02 12:34:15 112,128 ----a-w C:\Windows\System32\migwiz\dlmanifests\Microsoft-Windows-RasServer-MigPlugin\RasMigPlugin.dll
    + 2008-01-19 07:36:22 115,200 ----a-w C:\Windows\System32\migwiz\dlmanifests\Microsoft-Windows-RasServer-MigPlugin\RasMigPlugin.dll
    - 2006-11-02 12:34:19 79,872 ----a-w C:\Windows\System32\migwiz\dlmanifests\Microsoft-Windows-shmig-DL\shmig.dll
    + 2008-01-19 07:36:22 79,872 ----a-w C:\Windows\System32\migwiz\dlmanifests\Microsoft-Windows-shmig-DL\shmig.dll
    - 2006-11-02 12:34:22 159,744 ----a-w C:\Windows\System32\migwiz\dlmanifests\Microsoft-Windows-StorageMigration\StorMigPlugin.dll
    + 2008-01-19 07:36:22 201,216 ----a-w C:\Windows\System32\migwiz\dlmanifests\Microsoft-Windows-StorageMigration\StorMigPlugin.dll
    - 2006-11-02 12:34:16 72,704 ----a-w C:\Windows\System32\migwiz\dlmanifests\Microsoft-Windows-Sxs\SxsMigPlugin.dll
    + 2008-01-19 07:36:22 72,704 ----a-w C:\Windows\System32\migwiz\dlmanifests\Microsoft-Windows-Sxs\SxsMigPlugin.dll
    - 2006-11-02 12:34:15 97,792 ----a-w C:\Windows\System32\migwiz\dlmanifests\Microsoft-Windows-TapiSetup\TapiMigPlugin.dll
    + 2008-01-19 07:36:22 98,304 ----a-w C:\Windows\System32\migwiz\dlmanifests\Microsoft-Windows-TapiSetup\TapiMigPlugin.dll
    - 2006-11-02 12:34:20 34,816 ----a-w C:\Windows\System32\migwiz\dlmanifests\Microsoft-Windows-TextServicesFramework-Migration-DL\imjpmig.dll
    + 2008-01-19 07:36:22 35,328 ----a-w C:\Windows\System32\migwiz\dlmanifests\Microsoft-Windows-TextServicesFramework-Migration-DL\imjpmig.dll
    - 2006-11-02 12:34:20 38,400 ----a-w C:\Windows\System32\migwiz\dlmanifests\Microsoft-Windows-TextServicesFramework-Migration-DL\imkrmig.dll
    + 2008-01-19 07:36:22 38,912 ----a-w C:\Windows\System32\migwiz\dlmanifests\Microsoft-Windows-TextServicesFramework-Migration-DL\imkrmig.dll
    - 2006-11-02 12:34:18 31,744 ----a-w C:\Windows\System32\migwiz\dlmanifests\Microsoft-Windows-TextServicesFramework-Migration-DL\imscmig.dll
    + 2008-01-19 07:36:22 31,744 ----a-w C:\Windows\System32\migwiz\dlmanifests\Microsoft-Windows-TextServicesFramework-Migration-DL\imscmig.dll
    - 2006-11-02 12:34:17 22,528 ----a-w C:\Windows\System32\migwiz\dlmanifests\Microsoft-Windows-TextServicesFramework-Migration-DL\imtcmig.dll
    + 2008-01-19 07:36:22 22,528 ----a-w C:\Windows\System32\migwiz\dlmanifests\Microsoft-Windows-TextServicesFramework-Migration-DL\imtcmig.dll
    - 2006-11-02 12:34:16 153,088 ----a-w C:\Windows\System32\migwiz\dlmanifests\Microsoft-Windows-TextServicesFramework-Migration-DL\msctfmig.dll
    + 2008-01-19 07:36:22 153,600 ----a-w C:\Windows\System32\migwiz\dlmanifests\Microsoft-Windows-TextServicesFramework-Migration-DL\msctfmig.dll
    - 2006-11-02 12:34:10 31,232 ----a-w C:\Windows\System32\migwiz\dlmanifests\Microsoft-Windows-TextServicesFramework-Migration-DL\TableTextServiceMig.dll
    + 2008-01-19 07:36:22 31,232 ----a-w C:\Windows\System32\migwiz\dlmanifests\Microsoft-Windows-TextServicesFramework-Migration-DL\TableTextServiceMig.dll
    - 2006-11-02 12:34:13 140,288 ----a-w C:\Windows\System32\migwiz\dlmanifests\Microsoft-Windows-Unimodem-Config\ModemMigPlugin.dll
    + 2008-01-19 07:36:22 143,872 ----a-w C:\Windows\System32\migwiz\dlmanifests\Microsoft-Windows-Unimodem-Config\ModemMigPlugin.dll
    - 2006-11-02 12:34:09 368,640 ----a-w C:\Windows\System32\migwiz\dlmanifests\Microsoft-Windows-WMI-Core\WMIMigrationPlugin.dll
    + 2008-01-19 07:36:22 372,224 ----a-w C:\Windows\System32\migwiz\dlmanifests\Microsoft-Windows-WMI-Core\WMIMigrationPlugin.dll
    - 2006-11-02 12:34:11 86,016 ----a-w C:\Windows\System32\migwiz\dlmanifests\Networking-MPSSVC-Svc\icfupgd.dll
    + 2008-01-19 07:36:22 87,552 ----a-w C:\Windows\System32\migwiz\dlmanifests\Networking-MPSSVC-Svc\icfupgd.dll
    - 2006-11-02 12:34:25 479,232 ----a-w C:\Windows\System32\migwiz\docagent.dll
    + 2008-01-19 07:34:05 479,232 ----a-w C:\Windows\System32\migwiz\docagent.dll
    - 2006-11-02 12:34:25 7,486,976 ----a-w C:\Windows\System32\migwiz\migcore.dll
    + 2008-01-19 07:34:48 7,463,424 ----a-w C:\Windows\System32\migwiz\migcore.dll
    - 2006-11-02 12:34:25 258,560 ----a-w C:\Windows\System32\migwiz\mighost.exe
    + 2008-01-19 07:33:15 258,560 ----a-w C:\Windows\System32\migwiz\mighost.exe
    - 2006-11-02 12:34:25 148,072 ----a-w C:\Windows\System32\migwiz\MigSetup.exe
    + 2008-01-19 07:42:19 150,584 ----a-w C:\Windows\System32\migwiz\MigSetup.exe
    - 2006-11-02 12:34:24 171,520 ----a-w C:\Windows\System32\migwiz\MigSys.dll
    + 2008-01-19 07:34:48 171,520 ----a-w C:\Windows\System32\migwiz\MigSys.dll
    - 2006-11-02 12:34:24 445,440 ----a-w C:\Windows\System32\migwiz\migui.dll
    + 2008-01-19 07:34:49 445,952 ----a-w C:\Windows\System32\migwiz\migui.dll
    - 2006-11-02 12:34:24 153,192 ----a-w C:\Windows\System32\migwiz\migwiz.exe
    + 2008-01-19 07:42:27 155,704 ----a-w C:\Windows\System32\migwiz\migwiz.exe
    - 2006-11-02 12:34:25 87,552 ----a-w C:\Windows\System32\migwiz\MXEAgent.dll
    + 2008-01-19 07:35:34 87,552 ----a-w C:\Windows\System32\migwiz\MXEAgent.dll
    - 2006-11-02 12:34:24 634,296 ----a-w C:\Windows\System32\migwiz\SFLIST2K.dat
    + 2008-01-05 11:38:21 634,268 ----a-w C:\Windows\System32\migwiz\SFLIST2K.dat
    - 2006-11-02 12:34:24 2,461,746 ----a-w C:\Windows\System32\migwiz\SFLISTLH.dat
    + 2008-01-05 11:38:21 2,462,746 ----a-w C:\Windows\System32\migwiz\SFLISTLH.dat
    - 2006-11-02 12:34:24 1,418,636 ----a-w C:\Windows\System32\migwiz\SFLISTXP.dat
    + 2008-01-05 11:38:22 1,427,046 ----a-w C:\Windows\System32\migwiz\SFLISTXP.dat
    - 2006-11-02 12:34:25 54,272 ----a-w C:\Windows\System32\migwiz\usmt2xtr.dll
    + 2008-01-19 07:34:49 54,272 ----a-w C:\Windows\System32\migwiz\usmt2xtr.dll
    - 2006-11-02 09:46:05 2,014,720 ----a-w C:\Windows\System32\milcore.dll
    + 2008-01-19 07:34:49 2,011,648 ----a-w C:\Windows\System32\milcore.dll
    - 2006-11-02 09:46:05 35,328 ----a-w C:\Windows\System32\mimefilt.dll
    + 2008-01-19 07:34:49 35,328 ----a-w C:\Windows\System32\mimefilt.dll
    - 2006-11-02 09:46:05 187,904 ----a-w C:\Windows\System32\mlang.dll
    + 2008-01-19 07:34:49 187,904 ----a-w C:\Windows\System32\mlang.dll
    - 2006-11-02 09:45:25 1,790,464 ----a-w C:\Windows\System32\mmc.exe
    + 2008-01-19 07:33:15 1,792,512 ----a-w C:\Windows\System32\mmc.exe
    - 2006-11-02 09:46:05 300,544 ----a-w C:\Windows\System32\mmcbase.dll
    + 2008-01-19 07:34:49 301,056 ----a-w C:\Windows\System32\mmcbase.dll
    - 2006-11-02 09:46:05 2,165,248 ----a-w C:\Windows\System32\mmcndmgr.dll
    + 2008-01-19 07:34:49 2,167,808 ----a-w C:\Windows\System32\mmcndmgr.dll
    - 2006-11-02 09:46:05 126,976 ----a-w C:\Windows\System32\mmcshext.dll
    + 2008-01-19 07:34:49 127,488 ----a-w C:\Windows\System32\mmcshext.dll
    - 2006-11-02 09:46:05 45,056 ----a-w C:\Windows\System32\mmcss.dll
    + 2008-01-19 07:34:49 45,056 ----a-w C:\Windows\System32\mmcss.dll
    - 2006-11-02 09:46:05 146,944 ----a-w C:\Windows\System32\MMDevAPI.dll
    + 2008-01-19 07:34:49 149,504 ----a-w C:\Windows\System32\MMDevAPI.dll
    - 2006-11-02 12:34:04 95,232 ----a-w C:\Windows\System32\mobsync.exe
    + 2008-01-19 07:33:15 95,744 ----a-w C:\Windows\System32\mobsync.exe
    - 2006-11-02 09:46:05 287,744 ----a-w C:\Windows\System32\modemui.dll
    + 2008-01-19 07:34:49 287,744 ----a-w C:\Windows\System32\modemui.dll
    - 2006-11-02 09:45:25 12,288 ----a-w C:\Windows\System32\mountvol.exe
    + 2008-01-19 07:33:15 13,312 ----a-w C:\Windows\System32\mountvol.exe
    - 2006-11-02 12:34:47 84,480 ----a-w C:\Windows\System32\MP3DMOD.DLL
    + 2008-01-19 07:34:52 84,480 ----a-w C:\Windows\System32\MP3DMOD.DLL
    - 2006-11-02 12:34:56 259,584 ----a-w C:\Windows\System32\MP43DECD.DLL
    + 2008-01-19 07:34:52 259,584 ----a-w C:\Windows\System32\MP43DECD.DLL
    - 2006-11-02 12:34:56 317,952 ----a-w C:\Windows\System32\MP4SDECD.DLL
    + 2008-01-19 07:34:52 317,952 ----a-w C:\Windows\System32\MP4SDECD.DLL
    - 2006-11-02 12:34:56 259,584 ----a-w C:\Windows\System32\MPG4DECD.DLL
    + 2008-01-19 07:34:52 259,584 ----a-w C:\Windows\System32\MPG4DECD.DLL
    - 2006-11-02 09:46:05 69,120 ----a-w C:\Windows\System32\mpr.dll
    + 2008-01-19 07:34:52 68,608 ----a-w C:\Windows\System32\mpr.dll
    - 2006-11-02 09:46:05 98,304 ----a-w C:\Windows\System32\mprapi.dll
    + 2008-01-19 07:34:52 97,792 ----a-w C:\Windows\System32\mprapi.dll
    - 2006-11-02 09:46:05 89,600 ----a-w C:\Windows\System32\mprddm.dll
    + 2008-01-19 07:34:53 104,960 ----a-w C:\Windows\System32\mprddm.dll
    - 2006-11-02 09:46:05 65,536 ----a-w C:\Windows\System32\mprdim.dll
    + 2008-01-19 07:34:53 68,608 ----a-w C:\Windows\System32\mprdim.dll
    - 2006-11-02 09:46:05 101,888 ----a-w C:\Windows\System32\mprmsg.dll
    + 2008-01-19 07:34:53 124,928 ----a-w C:\Windows\System32\mprmsg.dll
    - 2007-12-16 06:17:10 396,800 ----a-w C:\Windows\System32\MPSSVC.dll
    + 2008-01-19 07:34:53 393,216 ----a-w C:\Windows\System32\MPSSVC.dll
    - 2006-11-02 09:46:06 119,808 ----a-w C:\Windows\System32\msaatext.dll
    + 2008-01-19 07:34:54 120,320 ----a-w C:\Windows\System32\msaatext.dll
    - 2006-11-02 09:46:06 73,216 ----a-w C:\Windows\System32\msacm32.dll
    + 2008-01-19 07:34:54 71,680 ----a-w C:\Windows\System32\msacm32.dll
    - 2006-11-02 09:44:42 21,504 ----a-w C:\Windows\System32\msacm32.drv
    + 2008-01-19 07:32:56 21,504 ----a-w C:\Windows\System32\msacm32.drv
    - 2006-11-02 09:46:06 218,624 ----a-w C:\Windows\System32\mscandui.dll
    + 2008-01-19 07:34:54 218,624 ----a-w C:\Windows\System32\mscandui.dll
    - 2006-11-02 09:46:06 391,168 ----a-w C:\Windows\System32\mscms.dll
    + 2008-01-19 07:34:54 391,168 ----a-w C:\Windows\System32\mscms.dll
    - 2006-11-02 09:45:25 222,208 ----a-w C:\Windows\System32\msconfig.exe
    + 2008-01-19 07:33:16 227,840 ----a-w C:\Windows\System32\msconfig.exe
    - 2006-11-02 06:34:31 271,360 ----a-w C:\Windows\System32\mscoree.dll
    + 2008-01-05 11:27:04 282,112 ----a-w C:\Windows\System32\mscoree.dll
    - 2006-10-20 01:15:06 150,016 ----a-w C:\Windows\System32\mscorier.dll
    + 2008-01-05 11:27:05 158,720 ----a-w C:\Windows\System32\mscorier.dll
    - 2006-11-02 06:34:32 74,240 ----a-w C:\Windows\System32\mscories.dll
    + 2008-01-05 11:27:06 84,480 ----a-w C:\Windows\System32\mscories.dll
    - 2006-11-02 09:46:06 805,888 ----a-w C:\Windows\System32\msctf.dll
    + 2008-01-19 07:34:55 806,912 ----a-w C:\Windows\System32\msctf.dll
    - 2006-11-02 09:46:06 19,456 ----a-w C:\Windows\System32\MsCtfMonitor.dll
    + 2008-01-19 07:34:55 19,456 ----a-w C:\Windows\System32\MsCtfMonitor.dll
    - 2006-11-02 09:46:06 84,992 ----a-w C:\Windows\System32\msctfui.dll
    + 2008-01-19 07:34:55 84,992 ----a-w C:\Windows\System32\msctfui.dll
    - 2006-11-02 09:46:06 159,744 ----a-w C:\Windows\System32\msdadiag.dll
    + 2008-01-19 07:34:55 159,744 ----a-w C:\Windows\System32\msdadiag.dll
    - 2006-11-02 09:46:06 126,976 ----a-w C:\Windows\System32\msdart.dll
    + 2008-01-19 07:34:55 126,976 ----a-w C:\Windows\System32\msdart.dll
    - 2006-11-02 09:46:06 29,696 ----a-w C:\Windows\System32\msdmo.dll
    + 2008-01-19 07:34:55 30,720 ----a-w C:\Windows\System32\msdmo.dll
    - 2006-11-02 09:46:06 312,320 ----a-w C:\Windows\System32\msdrm.dll
    + 2008-01-19 07:34:56 329,216 ----a-w C:\Windows\System32\msdrm.dll
    - 2006-11-02 09:46:06 211,968 ----a-w C:\Windows\System32\msdt.dll
    + 2008-01-19 07:34:56 212,992 ----a-w C:\Windows\System32\msdt.dll
    - 2006-11-02 09:45:26 161,792 ----a-w C:\Windows\System32\msdt.exe
    + 2008-01-19 07:33:16 162,304 ----a-w C:\Windows\System32\msdt.exe
    - 2006-11-02 09:45:26 106,496 ----a-w C:\Windows\System32\msdtc.exe
    + 2008-01-19 07:33:16 105,984 ----a-w C:\Windows\System32\msdtc.exe
    - 2006-11-02 09:46:06 284,672 ----a-w C:\Windows\System32\msdtckrm.dll
    + 2008-01-19 07:34:56 344,576 ----a-w C:\Windows\System32\msdtckrm.dll
    - 2006-11-02 09:46:06 89,088 ----a-w C:\Windows\System32\msdtclog.dll
    + 2008-01-19 07:34:56 89,088 ----a-w C:\Windows\System32\msdtclog.dll
    - 2006-11-02 09:46:06 499,712 ----a-w C:\Windows\System32\msdtcprx.dll
    + 2008-01-19 07:34:56 557,568 ----a-w C:\Windows\System32\msdtcprx.dll
    - 2006-11-02 09:46:06 975,872 ----a-w C:\Windows\System32\msdtctm.dll
    + 2008-01-19 07:34:57 1,052,160 ----a-w C:\Windows\System32\msdtctm.dll
    - 2006-11-02 09:46:06 208,384 ----a-w C:\Windows\System32\msdtcuiu.dll
    + 2008-01-19 07:34:57 215,040 ----a-w C:\Windows\System32\msdtcuiu.dll
    + 2008-01-19 05:48:45 20,992 ----a-w C:\Windows\System32\msdtcVSp1res.dll
    - 2006-11-02 09:46:07 344,064 ----a-w C:\Windows\System32\msexcl40.dll
    + 2008-01-19 07:34:58 344,064 ----a-w C:\Windows\System32\msexcl40.dll
    - 2006-11-02 09:46:07 458,752 ----a-w C:\Windows\System32\msfeeds.dll
    + 2008-01-19 07:34:58 458,240 ----a-w C:\Windows\System32\msfeeds.dll
    - 2006-11-02 09:46:07 51,712 ----a-w C:\Windows\System32\msfeedsbs.dll
    + 2008-01-19 07:34:58 52,224 ----a-w C:\Windows\System32\msfeedsbs.dll
    - 2006-11-02 09:45:26 12,288 ----a-w C:\Windows\System32\msfeedssync.exe
    + 2008-01-19 07:33:16 12,800 ----a-w C:\Windows\System32\msfeedssync.exe
    - 2007-12-16 06:22:00 564,736 ----a-w C:\Windows\System32\msftedit.dll
    + 2008-01-19 07:34:58 564,224 ----a-w C:\Windows\System32\msftedit.dll
    - 2006-11-02 09:45:26 45,568 ----a-w C:\Windows\System32\mshta.exe
    + 2008-01-19 07:33:16 45,568 ----a-w C:\Windows\System32\mshta.exe
    - 2008-02-21 04:43:36 3,591,680 ----a-w C:\Windows\System32\mshtml.dll
    + 2008-02-22 04:59:30 3,578,368 ----a-w C:\Windows\System32\mshtml.dll
    - 2008-02-21 04:43:36 478,208 ----a-w C:\Windows\System32\mshtmled.dll
    + 2008-01-19 07:34:59 476,672 ----a-w C:\Windows\System32\mshtmled.dll
    - 2006-11-02 09:46:07 2,095,616 ----a-w C:\Windows\System32\msi.dll
    + 2008-01-19 07:35:10 2,085,888 ----a-w C:\Windows\System32\msi.dll
    - 2006-11-02 12:33:46 481,792 ----a-w C:\Windows\System32\msidcrl30.dll
    + 2008-01-19 07:35:10 475,648 ----a-w C:\Windows\System32\msidcrl30.dll
    - 2006-11-02 09:46:07 53,248 ----a-w C:\Windows\System32\msident.dll
    + 2008-01-19 07:35:10 53,248 ----a-w C:\Windows\System32\msident.dll
    - 2006-11-02 09:46:07 8,704 ----a-w C:\Windows\System32\msidle.dll
    + 2008-01-19 07:35:10 8,704 ----a-w C:\Windows\System32\msidle.dll
    - 2006-11-02 09:46:07 296,960 ----a-w C:\Windows\System32\msieftp.dll
    + 2008-01-19 07:35:10 296,960 ----a-w C:\Windows\System32\msieftp.dll
    - 2006-11-02 09:45:26 71,680 ----a-w C:\Windows\System32\msiexec.exe
    + 2008-01-19 07:33:16 71,680 ----a-w C:\Windows\System32\msiexec.exe
    - 2006-11-02 09:46:07 331,264 ----a-w C:\Windows\System32\msihnd.dll
    + 2008-01-19 07:35:10 332,288 ----a-w C:\Windows\System32\msihnd.dll
    - 2006-11-02 09:46:07 31,232 ----a-w C:\Windows\System32\msimtf.dll
    + 2008-01-19 07:35:10 31,232 ----a-w C:\Windows\System32\msimtf.dll
    - 2006-11-02 09:45:26 407,552 ----a-w C:\Windows\System32\msinfo32.exe
    + 2008-01-19 07:33:17 408,064 ----a-w C:\Windows\System32\msinfo32.exe
    - 2006-11-02 09:46:07 19,456 ----a-w C:\Windows\System32\msisip.dll
    + 2008-01-19 07:35:10 19,456 ----a-w C:\Windows\System32\msisip.dll
    - 2006-11-02 09:46:08 1,572,864 ----a-w C:\Windows\System32\msjet40.dll
    + 2008-01-19 07:35:11 1,589,248 ----a-w C:\Windows\System32\msjet40.dll
    - 2006-11-02 09:46:09 364,544 ----a-w C:\Windows\System32\msjetoledb40.dll
    + 2008-01-19 07:35:11 368,640 ----a-w C:\Windows\System32\msjetoledb40.dll
    - 2006-11-02 09:46:09 294,912 ----a-w C:\Windows\System32\msjtes40.dll
    + 2008-01-19 07:35:11 299,008 ----a-w C:\Windows\System32\msjtes40.dll
    - 2006-11-02 09:46:09 156,160 ----a-w C:\Windows\System32\msls31.dll
    + 2008-01-19 07:35:11 156,160 ----a-w C:\Windows\System32\msls31.dll
    - 2006-11-02 09:46:09 245,760 ----a-w C:\Windows\System32\msltus40.dll
    + 2008-01-19 07:35:11 245,760 ----a-w C:\Windows\System32\msltus40.dll
    - 2006-11-02 09:46:09 10,752 ----a-w C:\Windows\System32\msmmsp.dll
    + 2008-01-19 07:35:11 10,752 ----a-w C:\Windows\System32\msmmsp.dll
    - 2006-11-02 12:34:55 179,712 ----a-w C:\Windows\System32\msnetobj.dll
    + 2008-01-19 07:35:11 179,712 ----a-w C:\Windows\System32\msnetobj.dll
    - 2006-11-02 09:41:03 58,368 ----a-w C:\Windows\System32\msobjs.dll
    + 2008-01-19 07:29:57 58,880 ----a-w C:\Windows\System32\msobjs.dll
    - 2007-12-16 06:21:23 205,824 ----a-w C:\Windows\System32\msoeacct.dll
    + 2008-01-19 07:35:12 205,824 ----a-w C:\Windows\System32\msoeacct.dll
    - 2007-12-16 06:21:23 87,040 ----a-w C:\Windows\System32\msoert2.dll
    + 2008-01-19 07:35:12 87,552 ----a-w C:\Windows\System32\msoert2.dll
    - 2006-11-02 09:46:09 180,224 ----a-w C:\Windows\System32\msorcl32.dll
    + 2008-01-19 07:35:12 180,224 ----a-w C:\Windows\System32\msorcl32.dll
    - 2006-11-02 09:45:28 485,376 ----a-w C:\Windows\System32\mspaint.exe
    + 2008-01-19 07:33:17 485,376 ----a-w C:\Windows\System32\mspaint.exe
    - 2006-11-02 09:46:09 376,832 ----a-w C:\Windows\System32\mspbde40.dll
    + 2008-01-19 07:35:12 376,832 ----a-w C:\Windows\System32\mspbde40.dll
    - 2006-11-02 12:34:40 461,312 ----a-w C:\Windows\System32\msra.exe
    + 2008-01-19 07:33:17 464,896 ----a-w C:\Windows\System32\msra.exe
    - 2006-11-02 09:46:09 193,024 ----a-w C:\Windows\System32\msrating.dll
    + 2008-01-19 07:35:12 193,024 ----a-w C:\Windows\System32\msrating.dll
    - 2006-11-02 09:46:09 360,448 ----a-w C:\Windows\System32\msrd3x40.dll
    + 2008-01-19 07:35:12 344,064 ----a-w C:\Windows\System32\msrd3x40.dll
    - 2006-11-02 12:35:06 160,256 ----a-w C:\Windows\System32\msrdc.dll
    + 2008-01-19 07:35:12 160,256 ----a-w C:\Windows\System32\msrdc.dll
    - 2006-11-02 09:46:10 651,264 ----a-w C:\Windows\System32\msrepl40.dll
    + 2008-01-19 07:35:12 647,168 ----a-w C:\Windows\System32\msrepl40.dll
    - 2007-12-16 12:46:29 12,800 ----a-w C:\Windows\System32\msrle32.dll
    + 2006-11-02 09:46:10 12,800 ----a-w C:\Windows\System32\msrle32.dll
    - 2006-11-02 12:34:00 23,552 ----a-w C:\Windows\System32\msscb.dll
    + 2008-01-19 07:35:12 23,552 ----a-w C:\Windows\System32\msscb.dll
    - 2006-11-02 12:33:59 51,200 ----a-w C:\Windows\System32\msscntrs.dll
    + 2008-01-19 07:35:12 51,200 ----a-w C:\Windows\System32\msscntrs.dll
    - 2007-12-16 06:18:09 414,208 ----a-w C:\Windows\System32\msscp.dll
    + 2008-01-19 07:35:12 414,208 ----a-w C:\Windows\System32\msscp.dll
    - 2006-11-02 12:33:47 164,352 ----a-w C:\Windows\System32\mssha.dll
    + 2008-01-19 07:35:13 169,472 ----a-w C:\Windows\System32\mssha.dll
    - 2007-05-06 20:56:26 229,888 ----a-w C:\Windows\System32\msshsq.dll
    + 2008-01-19 07:35:13 248,832 ----a-w C:\Windows\System32\msshsq.dll
    - 2006-11-02 12:34:02 98,304 ----a-w C:\Windows\System32\mssitlb.dll
    + 2008-01-19 07:35:13 98,304 ----a-w C:\Windows\System32\mssitlb.dll
    - 2006-11-02 12:33:59 331,264 ----a-w C:\Windows\System32\mssph.dll
    + 2008-01-19 07:35:13 333,824 ----a-w C:\Windows\System32\mssph.dll
    - 2006-11-02 12:33:58 158,720 ----a-w C:\Windows\System32\mssphtb.dll
    + 2008-01-19 07:35:13 167,936 ----a-w C:\Windows\System32\mssphtb.dll
    - 2006-11-02 12:34:02 32,256 ----a-w C:\Windows\System32\mssprxy.dll
    + 2008-01-19 07:35:13 32,256 ----a-w C:\Windows\System32\mssprxy.dll
    - 2006-11-02 12:33:59 1,398,272 ----a-w C:\Windows\System32\mssrch.dll
    + 2008-01-19 07:36:08 1,400,832 ----a-w C:\Windows\System32\mssrch.dll
    - 2006-11-02 12:34:02 52,224 ----a-w C:\Windows\System32\msstrc.dll
    + 2008-01-19 07:35:13 52,224 ----a-w C:\Windows\System32\msstrc.dll
    - 2006-11-02 12:33:58 1,695,232 ----a-w C:\Windows\System32\mssvp.dll
    + 2008-01-19 07:35:13 1,696,768 ----a-w C:\Windows\System32\mssvp.dll
    - 2006-11-02 09:46:10 205,824 ----a-w C:\Windows\System32\mstask.dll
    + 2008-01-19 07:35:13 206,336 ----a-w C:\Windows\System32\mstask.dll
    - 2006-11-02 09:46:10 282,624 ----a-w C:\Windows\System32\mstext40.dll
    + 2008-01-19 07:35:13 282,624 ----a-w C:\Windows\System32\mstext40.dll
    - 2008-02-21 04:43:37 671,232 ----a-w C:\Windows\System32\mstime.dll
    + 2008-02-22 04:59:51 671,232 ----a-w C:\Windows\System32\mstime.dll
    - 2006-11-02 09:46:10 80,896 ----a-w C:\Windows\System32\mstlsapi.dll
    + 2008-01-19 07:35:13 83,968 ----a-w C:\Windows\System32\mstlsapi.dll
    - 2006-11-02 09:45:29 600,576 ----a-w C:\Windows\System32\mstsc.exe
    + 2008-01-19 07:33:18 677,888 ----a-w C:\Windows\System32\mstsc.exe
    - 2006-11-02 09:46:10 1,866,240 ----a-w C:\Windows\System32\mstscax.dll
    + 2008-01-19 07:35:14 2,061,824 ----a-w C:\Windows\System32\mstscax.dll
    - 2006-11-02 09:46:10 162,304 ----a-w C:\Windows\System32\msutb.dll
    + 2008-01-19 07:35:14 163,328 ----a-w C:\Windows\System32\msutb.dll
    - 2006-11-02 09:46:10 213,504 ----a-w C:\Windows\System32\msv1_0.dll
    + 2008-01-19 07:35:14 210,432 ----a-w C:\Windows\System32\msv1_0.dll
    - 2006-11-02 09:46:10 1,376,528 ----a-w C:\Windows\System32\msvbvm60.dll
    + 2008-01-19 07:35:15 1,386,496 ----a-w C:\Windows\System32\msvbvm60.dll
    - 2006-11-02 09:46:10 681,472 ----a-w C:\Windows\System32\msvcrt.dll
    + 2008-01-19 07:35:15 680,448 ----a-w C:\Windows\System32\msvcrt.dll
    - 2007-12-16 12:46:29 123,904 ----a-w C:\Windows\System32\msvfw32.dll
    + 2008-01-19 07:35:15 123,904 ----a-w C:\Windows\System32\msvfw32.dll
    - 2007-12-16 12:46:29 31,232 ----a-w C:\Windows\System32\msvidc32.dll
    + 2008-01-19 07:35:15 31,232 ----a-w C:\Windows\System32\msvidc32.dll
    - 2006-11-02 12:34:03 1,544,704 ----a-w C:\Windows\System32\MSVidCtl.dll
    + 2008-01-19 07:35:15 1,544,704 ----a-w C:\Windows\System32\MSVidCtl.dll
    - 2006-11-02 12:34:54 311,296 ----a-w C:\Windows\System32\mswmdm.dll
    + 2008-01-19 07:35:15 312,320 ----a-w C:\Windows\System32\mswmdm.dll
    - 2006-11-02 09:46:10 227,328 ----a-w C:\Windows\System32\mswsock.dll
    + 2008-01-19 07:35:15 223,232 ----a-w C:\Windows\System32\mswsock.dll
    - 2006-11-02 09:46:11 450,560 ----a-w C:\Windows\System32\msxbde40.dll
    + 2008-01-19 07:35:16 450,560 ----a-w C:\Windows\System32\msxbde40.dll
    - 2007-12-16 06:16:12 1,191,936 ----a-w C:\Windows\System32\msxml3.dll
    + 2008-01-19 07:35:16 1,190,400 ----a-w C:\Windows\System32\msxml3.dll
    - 2007-12-16 06:16:12 2,048 ----a-w C:\Windows\System32\msxml3r.dll
    + 2006-11-02 09:41:09 2,048 ----a-w C:\Windows\System32\msxml3r.dll
    - 2007-12-16 06:12:45 1,335,296 ----a-w C:\Windows\System32\msxml6.dll
    + 2008-01-19 07:35:16 1,332,224 ----a-w C:\Windows\System32\msxml6.dll
    - 2007-12-16 06:12:45 2,048 ----a-w C:\Windows\System32\msxml6r.dll
    + 2006-11-02 09:41:09 2,048 ----a-w C:\Windows\System32\msxml6r.dll
    - 2006-11-02 09:45:29 124,928 ----a-w C:\Windows\System32\mtstocom.exe
    + 2008-01-19 07:33:18 124,928 ----a-w C:\Windows\System32\mtstocom.exe
    - 2006-11-02 09:46:11 247,808 ----a-w C:\Windows\System32\mtxclu.dll
    + 2008-01-19 07:35:16 307,712 ----a-w C:\Windows\System32\mtxclu.dll
    - 2006-11-02 09:46:11 22,016 ----a-w C:\Windows\System32\mtxdm.dll
    + 2008-01-19 07:35:17 22,016 ----a-w C:\Windows\System32\mtxdm.dll
    - 2006-11-02 09:46:11 27,136 ----a-w C:\Windows\System32\mtxlegih.dll
    + 2008-01-19 07:35:17 27,136 ----a-w C:\Windows\System32\mtxlegih.dll
    - 2006-11-02 09:46:11 105,472 ----a-w C:\Windows\System32\mtxoci.dll
    + 2008-01-19 07:35:17 105,472 ----a-w C:\Windows\System32\mtxoci.dll
    - 2006-11-02 09:45:29 44,544 ----a-w C:\Windows\System32\MuiUnattend.exe
    + 2008-01-19 07:33:18 66,048 ----a-w C:\Windows\System32\MuiUnattend.exe
    - 2006-11-02 09:46:11 229,888 ----a-w C:\Windows\System32\mycomput.dll
    + 2008-01-19 07:35:34 229,888 ----a-w C:\Windows\System32\mycomput.dll
    - 2006-11-02 09:46:11 135,680 ----a-w C:\Windows\System32\mydocs.dll
    + 2008-01-19 07:35:34 135,680 ----a-w C:\Windows\System32\mydocs.dll
    - 2006-11-02 12:34:04 221,184 ----a-w C:\Windows\System32\Mystify.scr
    + 2008-01-19 07:32:59 221,184 ----a-w C:\Windows\System32\Mystify.scr
    - 2006-11-02 09:47:03 39,936 ----a-w C:\Windows\System32\NAPCRYPT.DLL
    + 2008-01-19 07:38:44 46,080 ----a-w C:\Windows\System32\NAPCRYPT.DLL
    - 2006-11-02 09:46:11 67,584 ----a-w C:\Windows\System32\napdsnap.dll
    + 2008-01-19 07:35:34 67,584 ----a-w C:\Windows\System32\napdsnap.dll
    - 2006-11-02 09:47:03 98,816 ----a-w C:\Windows\System32\NAPHLPR.DLL
    + 2008-01-19 07:38:45 103,936 ----a-w C:\Windows\System32\NAPHLPR.DLL
    - 2006-11-02 09:46:11 50,176 ----a-w C:\Windows\System32\NapiNSP.dll
    + 2008-01-19 07:35:35 50,176 ----a-w C:\Windows\System32\NapiNSP.dll
    - 2006-11-02 09:46:11 33,280 ----a-w C:\Windows\System32\napipsec.dll
    + 2008-01-19 07:35:35 34,304 ----a-w C:\Windows\System32\napipsec.dll
    - 2006-11-02 09:46:11 140,288 ----a-w C:\Windows\System32\NAPMONTR.DLL
    + 2008-01-19 07:35:35 153,600 ----a-w C:\Windows\System32\NAPMONTR.DLL
    - 2006-11-02 09:45:29 266,752 ----a-w C:\Windows\System32\NAPSTAT.EXE
    + 2008-01-19 07:33:18 267,264 ----a-w C:\Windows\System32\NAPSTAT.EXE
    - 2006-11-02 09:46:11 797,696 ----a-w C:\Windows\System32\NaturalLanguage6.dll
    + 2008-01-19 07:35:35 801,280 ----a-w C:\Windows\System32\NaturalLanguage6.dll
    - 2006-11-02 09:45:29 15,360 ----a-w C:\Windows\System32\nbtstat.exe
    + 2008-01-19 07:33:18 15,360 ----a-w C:\Windows\System32\nbtstat.exe
    - 2006-11-02 09:46:11 19,968 ----a-w C:\Windows\System32\NcdProp.dll
    + 2008-01-19 07:35:35 19,968 ----a-w C:\Windows\System32\NcdProp.dll
    - 2006-11-02 09:46:11 68,608 ----a-w C:\Windows\System32\nci.dll
    + 2008-01-19 07:35:35 74,240 ----a-w C:\Windows\System32\nci.dll
    - 2006-11-02 09:46:11 48,128 ----a-w C:\Windows\System32\ncobjapi.dll
    + 2008-01-19 07:35:35 48,128 ----a-w C:\Windows\System32\ncobjapi.dll
    - 2006-11-02 09:46:11 193,024 ----a-w C:\Windows\System32\ncrypt.dll
    + 2008-01-19 07:35:35 204,288 ----a-w C:\Windows\System32\ncrypt.dll
    - 2006-11-02 09:46:11 414,208 ----a-w C:\Windows\System32\ncryptui.dll
    + 2008-01-19 07:35:35 445,952 ----a-w C:\Windows\System32\ncryptui.dll
    - 2006-11-02 09:46:11 91,648 ----a-w C:\Windows\System32\ncsi.dll
    + 2008-01-19 07:35:35 93,184 ----a-w C:\Windows\System32\ncsi.dll
    - 2006-11-02 09:46:11 134,656 ----a-w C:\Windows\System32\ndfapi.dll
    + 2008-01-19 07:35:35 135,168 ----a-w C:\Windows\System32\ndfapi.dll
    - 2006-11-02 09:46:11 29,184 ----a-w C:\Windows\System32\ndfetw.dll
    + 2008-01-19 07:35:35 29,184 ----a-w C:\Windows\System32\ndfetw.dll
    - 2006-11-02 09:45:29 48,128 ----a-w C:\Windows\System32\net.exe
    + 2008-01-19 07:33:18 48,128 ----a-w C:\Windows\System32\net.exe
    - 2006-11-02 09:45:29 168,960 ----a-w C:\Windows\System32\net1.exe
    + 2008-01-19 07:33:18 158,720 ----a-w C:\Windows\System32\net1.exe
    - 2006-11-02 09:46:11 425,472 ----a-w C:\Windows\System32\netapi32.dll
    + 2008-01-19 07:35:35 466,944 ----a-w C:\Windows\System32\netapi32.dll
    - 2006-11-02 09:45:29 21,504 ----a-w C:\Windows\System32\netbtugc.exe
    + 2008-01-19 07:33:18 21,504 ----a-w C:\Windows\System32\netbtugc.exe
    - 2006-11-02 09:46:11 2,225,152 ----a-w C:\Windows\System32\netcenter.dll
    + 2008-01-19 07:35:35 2,225,664 ----a-w C:\Windows\System32\netcenter.dll
    - 2008-02-13 10:46:19 24,064 ----a-w C:\Windows\System32\netcfg.exe
    + 2008-01-19 07:33:18 25,600 ----a-w C:\Windows\System32\netcfg.exe
    - 2007-12-16 06:22:01 384,000 ----a-w C:\Windows\System32\netcfgx.dll
    + 2008-01-19 07:35:35 386,560 ----a-w C:\Windows\System32\netcfgx.dll
    - 2006-11-02 09:46:11 106,496 ----a-w C:\Windows\System32\netcorehc.dll
    + 2008-01-19 07:35:35 112,128 ----a-w C:\Windows\System32\netcorehc.dll
    - 2006-11-02 09:46:11 109,568 ----a-w C:\Windows\System32\netdiagfx.dll
    + 2008-01-19 07:35:35 112,128 ----a-w C:\Windows\System32\netdiagfx.dll
    - 2006-11-02 09:41:16 15,360 ----a-w C:\Windows\System32\netevent.dll
    + 2008-01-19 07:30:29 17,920 ----a-w C:\Windows\System32\netevent.dll
    - 2006-11-02 09:46:11 117,248 ----a-w C:\Windows\System32\netid.dll
    + 2008-01-19 07:35:35 119,808 ----a-w C:\Windows\System32\netid.dll
    - 2006-11-02 09:46:11 101,888 ----a-w C:\Windows\System32\netiohlp.dll
    + 2008-01-19 07:35:36 102,912 ----a-w C:\Windows\System32\netiohlp.dll
    - 2008-02-13 10:46:19 22,016 ----a-w C:\Windows\System32\netiougc.exe
    + 2008-01-19 07:33:18 22,528 ----a-w C:\Windows\System32\netiougc.exe
    - 2006-11-02 09:46:11 559,616 ----a-w C:\Windows\System32\netlogon.dll
    + 2008-01-19 07:35:36 592,384 ----a-w C:\Windows\System32\netlogon.dll
    - 2006-11-02 09:46:11 273,920 ----a-w C:\Windows\System32\netman.dll
    + 2008-01-19 07:35:36 274,432 ----a-w C:\Windows\System32\netman.dll
    - 2006-11-02 09:46:11 180,736 ----a-w C:\Windows\System32\netplwiz.dll
    + 2008-01-19 07:35:36 180,736 ----a-w C:\Windows\System32\netplwiz.dll
    - 2006-11-02 09:45:29 25,600 ----a-w C:\Windows\System32\Netplwiz.exe
    + 2008-01-19 07:33:18 25,600 ----a-w C:\Windows\System32\Netplwiz.exe
    - 2006-11-02 09:46:11 669,696 ----a-w C:\Windows\System32\netprof.dll
    + 2008-01-19 07:35:36 669,696 ----a-w C:\Windows\System32\netprof.dll
    - 2006-11-02 09:46:11 235,520 ----a-w C:\Windows\System32\netprofm.dll
    + 2008-01-19 07:35:36 237,056 ----a-w C:\Windows\System32\netprofm.dll
    - 2006-11-02 09:46:11 3,174,400 ----a-w C:\Windows\System32\netshell.dll
    + 2008-01-19 07:35:37 3,173,376 ----a-w C:\Windows\System32\netshell.dll
    - 2006-11-02 09:46:11 2,226,688 ----a-w C:\Windows\System32\networkexplorer.dll
    + 2008-01-19 07:35:37 2,226,688 ----a-w C:\Windows\System32\networkexplorer.dll
    - 2006-11-02 09:46:11 39,936 ----a-w C:\Windows\System32\networkitemfactory.dll
    + 2008-01-19 07:35:37 39,936 ----a-w C:\Windows\System32\networkitemfactory.dll
    - 2006-11-02 09:46:11 3,072,000 ----a-w C:\Windows\System32\networkmap.dll
    + 2008-01-19 07:35:38 3,072,000 ----a-w C:\Windows\System32\networkmap.dll
    - 2006-11-02 09:46:11 180,736 ----a-w C:\Windows\System32\newdev.dll
    + 2008-01-19 07:35:38 183,808 ----a-w C:\Windows\System32\newdev.dll
    - 2006-11-02 09:46:11 48,128 ----a-w C:\Windows\System32\nlaapi.dll
    + 2008-01-19 07:35:38 48,128 ----a-w C:\Windows\System32\nlaapi.dll
    - 2006-11-02 09:46:11 171,520 ----a-w C:\Windows\System32\nlasvc.dll
    + 2008-01-19 07:35:38 168,448 ----a-w C:\Windows\System32\nlasvc.dll
    - 2006-11-02 09:46:11 122,368 ----a-w C:\Windows\System32\nlhtml.dll
    + 2008-01-19 07:35:38 122,368 ----a-w C:\Windows\System32\nlhtml.dll
    + 2008-01-19 07:35:38 154,624 ----a-w C:\Windows\System32\nlmgp.dll
    - 2006-11-02 09:43:10 57,344 ----a-w C:\Windows\System32\nlsbres.dll
    + 2008-01-19 07:31:30 57,856 ----a-w C:\Windows\System32\nlsbres.dll
    - 2006-11-02 09:46:11 1,523,200 ----a-w C:\Windows\System32\NlsData0000.dll
    + 2008-01-19 07:35:38 1,523,712 ----a-w C:\Windows\System32\NlsData0000.dll
    - 2006-11-02 09:46:11 2,597,888 ----a-w C:\Windows\System32\NlsData0001.dll
    + 2008-01-19 07:35:39 2,599,936 ----a-w C:\Windows\System32\NlsData0001.dll
    - 2006-11-02 09:46:11 1,963,520 ----a-w C:\Windows\System32\NlsData0002.dll
    + 2008-01-19 07:35:39 1,965,056 ----a-w C:\Windows\System32\NlsData0002.dll
    - 2006-11-02 09:46:11 1,963,520 ----a-w C:\Windows\System32\NlsData0003.dll
    + 2008-01-19 07:35:40 1,965,056 ----a-w C:\Windows\System32\NlsData0003.dll
    - 2006-11-02 09:46:11 2,241,024 ----a-w C:\Windows\System32\NlsData0007.dll
    + 2008-01-19 07:35:40 2,243,072 ----a-w C:\Windows\System32\NlsData0007.dll
    - 2006-11-02 09:46:11 4,874,240 ----a-w C:\Windows\System32\NlsData0009.dll
    + 2008-01-19 07:35:42 4,875,776 ----a-w C:\Windows\System32\NlsData0009.dll
    - 2006-11-02 09:46:11 2,641,408 ----a-w C:\Windows\System32\NlsData000c.dll
    + 2008-01-19 07:35:45 2,643,456 ----a-w C:\Windows\System32\NlsData000c.dll
    - 2006-11-02 09:46:11 2,340,864 ----a-w C:\Windows\System32\NlsData000d.dll
    + 2008-01-19 07:35:46 2,342,912 ----a-w C:\Windows\System32\NlsData000d.dll
    - 2006-11-02 09:46:11 1,963,520 ----a-w C:\Windows\System32\NlsData000f.dll
    + 2008-01-19 07:35:46 1,965,056 ----a-w C:\Windows\System32\NlsData000f.dll
    - 2006-11-02 09:46:11 4,493,312 ----a-w C:\Windows\System32\NlsData0010.dll
    + 2008-01-19 07:35:46 4,495,360 ----a-w C:\Windows\System32\NlsData0010.dll
    - 2006-11-02 09:46:11 2,655,232 ----a-w C:\Windows\System32\NlsData0011.dll
    + 2008-01-19 07:35:46 2,657,280 ----a-w C:\Windows\System32\NlsData0011.dll
    - 2006-11-02 09:46:11 3,464,704 ----a-w C:\Windows\System32\NlsData0013.dll
    + 2008-01-19 07:35:47 3,466,752 ----a-w C:\Windows\System32\NlsData0013.dll
    - 2006-11-02 09:46:11 1,963,520 ----a-w C:\Windows\System32\NlsData0018.dll
    + 2008-01-19 07:35:47 1,965,056 ----a-w C:\Windows\System32\NlsData0018.dll
    - 2006-11-02 09:46:11 4,495,360 ----a-w C:\Windows\System32\NlsData0019.dll
    + 2008-01-19 07:35:47 4,497,408 ----a-w C:\Windows\System32\NlsData0019.dll
    - 2006-11-02 09:46:11 1,963,520 ----a-w C:\Windows\System32\NlsData001a.dll
    + 2008-01-19 07:35:48 1,965,056 ----a-w C:\Windows\System32\NlsData001a.dll
    - 2006-11-02 09:46:11 1,963,520 ----a-w C:\Windows\System32\NlsData001b.dll
    + 2008-01-19 07:35:48 1,965,056 ----a-w C:\Windows\System32\NlsData001b.dll
    - 2006-11-02 09:46:11 4,493,312 ----a-w C:\Windows\System32\NlsData001d.dll
    + 2008-01-19 07:35:49 4,495,360 ----a-w C:\Windows\System32\NlsData001d.dll
    - 2006-11-02 09:46:12 3,102,720 ----a-w C:\Windows\System32\NlsData0020.dll
    + 2008-01-19 07:35:49 3,104,768 ----a-w C:\Windows\System32\NlsData0020.dll
    - 2006-11-02 09:46:12 1,799,168 ----a-w C:\Windows\System32\NlsData0021.dll
    + 2008-01-19 07:35:49 1,801,216 ----a-w C:\Windows\System32\NlsData0021.dll
    - 2006-11-02 09:46:12 1,799,168 ----a-w C:\Windows\System32\NlsData0022.dll
    + 2008-01-19 07:35:49 1,801,216 ----a-w C:\Windows\System32\NlsData0022.dll
    - 2006-11-02 09:46:12 1,963,520 ----a-w C:\Windows\System32\NlsData0024.dll
    + 2008-01-19 07:35:50 1,965,056 ----a-w C:\Windows\System32\NlsData0024.dll
    - 2006-11-02 09:46:12 1,963,520 ----a-w C:\Windows\System32\NlsData0026.dll
    + 2008-01-19 07:35:50 1,965,056 ----a-w C:\Windows\System32\NlsData0026.dll
    - 2006-11-02 09:46:12 1,965,056 ----a-w C:\Windows\System32\NlsData0027.dll
    + 2008-01-19 07:35:50 1,966,592 ----a-w C:\Windows\System32\NlsData0027.dll
    - 2006-11-02 09:46:12 1,799,168 ----a-w C:\Windows\System32\NlsData002a.dll
    + 2008-01-19 07:35:50 1,801,216 ----a-w C:\Windows\System32\NlsData002a.dll
    - 2006-11-02 09:46:12 3,102,720 ----a-w C:\Windows\System32\NlsData0039.dll
    + 2008-01-19 07:35:51 3,104,768 ----a-w C:\Windows\System32\NlsData0039.dll
    - 2006-11-02 09:46:12 1,799,168 ----a-w C:\Windows\System32\NlsData003e.dll
    + 2008-01-19 07:35:51 1,801,216 ----a-w C:\Windows\System32\NlsData003e.dll
    - 2006-11-02 09:46:12 3,102,720 ----a-w C:\Windows\System32\NlsData0045.dll
    + 2008-01-19 07:35:51 3,104,768 ----a-w C:\Windows\System32\NlsData0045.dll
    - 2006-11-02 09:46:12 3,102,720 ----a-w C:\Windows\System32\NlsData0046.dll
    + 2008-01-19 07:35:52 3,104,768 ----a-w C:\Windows\System32\NlsData0046.dll
    - 2006-11-02 09:46:12 3,102,720 ----a-w C:\Windows\System32\NlsData0047.dll
    + 2008-01-19 07:35:52 3,104,768 ----a-w C:\Windows\System32\NlsData0047.dll
    - 2006-11-02 09:46:12 3,102,720 ----a-w C:\Windows\System32\NlsData0049.dll
    + 2008-01-19 07:35:53 3,104,768 ----a-w C:\Windows\System32\NlsData0049.dll
    - 2006-11-02 09:46:12 3,102,720 ----a-w C:\Windows\System32\NlsData004a.dll
    + 2008-01-19 07:35:53 3,104,768 ----a-w C:\Windows\System32\NlsData004a.dll
    - 2006-11-02 09:46:12 3,102,720 ----a-w C:\Windows\System32\NlsData004b.dll
    + 2008-01-19 07:35:54 3,104,768 ----a-w C:\Windows\System32\NlsData004b.dll
    - 2006-11-02 09:46:12 3,102,720 ----a-w C:\Windows\System32\NlsData004c.dll
    + 2008-01-19 07:35:54 3,104,768 ----a-w C:\Windows\System32\NlsData004c.dll
    - 2006-11-02 09:46:12 3,102,720 ----a-w C:\Windows\System32\NlsData004e.dll
    + 2008-01-19 07:35:54 3,104,768 ----a-w C:\Windows\System32\NlsData004e.dll
    - 2006-11-02 09:46:12 4,493,312 ----a-w C:\Windows\System32\NlsData0414.dll
    + 2008-01-19 07:35:55 4,495,360 ----a-w C:\Windows\System32\NlsData0414.dll
    - 2006-11-02 09:46:12 4,493,312 ----a-w C:\Windows\System32\NlsData0416.dll
    + 2008-01-19 07:35:56 4,495,360 ----a-w C:\Windows\System32\NlsData0416.dll
    - 2006-11-02 09:46:12 4,493,312 ----a-w C:\Windows\System32\NlsData0816.dll
    + 2008-01-19 07:35:57 4,495,360 ----a-w C:\Windows\System32\NlsData0816.dll
    - 2006-11-02 09:46:12 1,963,520 ----a-w C:\Windows\System32\NlsData081a.dll
    + 2008-01-19 07:35:57 1,965,056 ----a-w C:\Windows\System32\NlsData081a.dll
    - 2006-11-02 09:46:12 1,963,520 ----a-w C:\Windows\System32\NlsData0c1a.dll
    + 2008-01-19 07:35:57 1,965,056 ----a-w C:\Windows\System32\NlsData0c1a.dll
    - 2006-11-02 09:46:12 24,576 ----a-w C:\Windows\System32\Nlsdl.dll
    + 2008-01-19 07:35:57 25,088 ----a-w C:\Windows\System32\Nlsdl.dll
    - 2006-11-02 09:45:30 151,040 ----a-w C:\Windows\System32\notepad.exe
    + 2008-01-19 07:33:18 151,040 ----a-w C:\Windows\System32\notepad.exe
    - 2008-02-13 10:49:03 23,552 ----a-w C:\Windows\System32\nshhttp.dll
    + 2008-01-19 07:35:57 23,552 ----a-w C:\Windows\System32\nshhttp.dll
    - 2006-11-02 09:46:12 352,256 ----a-w C:\Windows\System32\nshipsec.dll
    + 2008-01-19 07:35:57 352,256 ----a-w C:\Windows\System32\nshipsec.dll
    - 2006-11-02 09:46:12 10,240 ----a-w C:\Windows\System32\nsi.dll
    + 2008-01-19 07:35:57 8,192 ----a-w C:\Windows\System32\nsi.dll
    - 2006-11-02 09:46:12 18,432 ----a-w C:\Windows\System32\nsisvc.dll
    + 2008-01-19 07:35:57 18,432 ----a-w C:\Windows\System32\nsisvc.dll
    - 2006-11-02 09:45:30 82,432 ----a-w C:\Windows\System32\nslookup.exe
    + 2008-01-19 07:33:18 82,944 ----a-w C:\Windows\System32\nslookup.exe
    - 2006-11-02 09:47:26 1,162,656 ----a-w C:\Windows\System32\ntdll.dll
    + 2008-01-19 07:38:14 1,203,792 ----a-w C:\Windows\System32\ntdll.dll
    - 2006-11-02 09:46:12 87,552 ----a-w C:\Windows\System32\ntdsapi.dll
    + 2008-01-19 07:35:58 88,576 ----a-w C:\Windows\System32\ntdsapi.dll
    - 2008-02-13 10:46:40 3,504,696 ----a-w C:\Windows\System32\ntkrnlpa.exe
    + 2008-01-19 07:43:48 3,600,440 ----a-w C:\Windows\System32\ntkrnlpa.exe
    - 2006-11-02 09:46:12 61,440 ----a-w C:\Windows\System32\ntlanman.dll
    + 2008-01-19 07:35:58 63,488 ----a-w C:\Windows\System32\ntlanman.dll
    - 2006-11-02 09:46:12 120,832 ----a-w C:\Windows\System32\ntmarta.dll
    + 2008-01-19 07:35:58 121,344 ----a-w C:\Windows\System32\ntmarta.dll
    - 2008-02-13 10:46:40 3,470,392 ----a-w C:\Windows\System32\ntoskrnl.exe
    + 2008-01-19 07:43:47 3,548,728 ----a-w C:\Windows\System32\ntoskrnl.exe
    - 2007-12-16 12:46:36 220,160 ----a-w C:\Windows\System32\ntprint.dll
    + 2008-01-19 07:35:59 216,064 ----a-w C:\Windows\System32\ntprint.dll
    - 2007-12-16 12:46:36 61,440 ----a-w C:\Windows\System32\ntprint.exe
    + 2006-11-02 09:45:31 61,440 ----a-w C:\Windows\System32\ntprint.exe
    - 2006-11-02 09:46:12 296,448 ----a-w C:\Windows\System32\ntshrui.dll
    + 2008-01-19 07:35:59 296,960 ----a-w C:\Windows\System32\ntshrui.dll
    - 2006-11-02 09:45:31 520,192 ----a-w C:\Windows\System32\ntvdm.exe
    + 2008-01-19 07:33:19 520,704 ----a-w C:\Windows\System32\ntvdm.exe
    - 2006-11-02 09:46:12 526,336 ----a-w C:\Windows\System32\objsel.dll
    + 2008-01-19 07:36:00 531,456 ----a-w C:\Windows\System32\objsel.dll
    - 2006-11-02 09:46:12 102,400 ----a-w C:\Windows\System32\occache.dll
    + 2008-01-19 07:36:00 102,912 ----a-w C:\Windows\System32\occache.dll
    - 2006-11-02 09:45:31 35,840 ----a-w C:\Windows\System32\ocsetup.exe
    + 2008-01-19 07:33:19 35,840 ----a-w C:\Windows\System32\ocsetup.exe
    - 2006-11-02 09:46:12 409,600 ----a-w C:\Windows\System32\odbc32.dll
    + 2008-01-19 07:36:00 409,600 ----a-w C:\Windows\System32\odbc32.dll
    - 2006-11-02 09:46:12 28,672 ----a-w C:\Windows\System32\odbcbcp.dll
    + 2008-01-19 07:36:00 28,672 ----a-w C:\Windows\System32\odbcbcp.dll
    - 2006-11-02 09:46:12 40,960 ----a-w C:\Windows\System32\odbcconf.dll
    + 2008-01-19 07:36:00 40,960 ----a-w C:\Windows\System32\odbcconf.dll
    - 2006-11-02 09:46:12 114,688 ----a-w C:\Windows\System32\odbccp32.dll
    + 2008-01-19 07:36:00 114,688 ----a-w C:\Windows\System32\odbccp32.dll
    - 2006-11-02 09:46:12 77,824 ----a-w C:\Windows\System32\odbccr32.dll
    + 2008-01-19 07:36:00 77,824 ----a-w C:\Windows\System32\odbccr32.dll
    - 2006-11-02 09:46:12 77,824 ----a-w C:\Windows\System32\odbccu32.dll
    + 2008-01-19 07:36:00 77,824 ----a-w C:\Windows\System32\odbccu32.dll
    - 2006-11-02 09:46:12 315,392 ----a-w C:\Windows\System32\odbcjt32.dll
    + 2008-01-19 07:36:00 319,488 ----a-w C:\Windows\System32\odbcjt32.dll
    - 2006-11-02 09:46:12 159,744 ----a-w C:\Windows\System32\odbctrac.dll
    + 2008-01-19 07:36:00 159,744 ----a-w C:\Windows\System32\odbctrac.dll
    - 2006-11-02 09:46:12 194,560 ----a-w C:\Windows\System32\offfilt.dll
    + 2008-01-19 07:36:00 194,560 ----a-w C:\Windows\System32\offfilt.dll
    - 2006-11-02 09:46:12 1,105,920 ----a-w C:\Windows\System32\ogldrv.dll
    + 2008-01-19 07:36:01 1,107,456 ----a-w C:\Windows\System32\ogldrv.dll
    - 2006-11-02 09:46:12 1,314,816 ----a-w C:\Windows\System32\ole32.dll
    + 2008-01-19 07:36:01 1,315,328 ----a-w C:\Windows\System32\ole32.dll
    - 2006-11-02 09:46:12 214,016 ----a-w C:\Windows\System32\oleacc.dll
    + 2008-01-19 07:36:01 215,040 ----a-w C:\Windows\System32\oleacc.dll
    - 2008-02-13 10:49:06 558,080 ----a-w C:\Windows\System32\oleaut32.dll
    + 2008-01-19 07:36:01 563,200 ----a-w C:\Windows\System32\oleaut32.dll
    - 2006-11-02 09:46:12 78,848 ----a-w C:\Windows\System32\olecli32.dll
    + 2008-01-19 07:36:01 78,848 ----a-w C:\Windows\System32\olecli32.dll
    - 2006-11-02 09:46:12 101,888 ----a-w C:\Windows\System32\oledlg.dll
    + 2008-01-19 07:36:01 101,888 ----a-w C:\Windows\System32\oledlg.dll
    - 2006-11-02 09:46:12 95,232 ----a-w C:\Windows\System32\oleprn.dll
    + 2008-01-19 07:36:01 96,768 ----a-w C:\Windows\System32\oleprn.dll
    - 2006-11-02 09:46:12 88,576 ----a-w C:\Windows\System32\olepro32.dll
    + 2008-01-19 07:36:01 88,576 ----a-w C:\Windows\System32\olepro32.dll
    - 2006-11-02 09:46:12 27,648 ----a-w C:\Windows\System32\olesvr32.dll
    + 2008-01-19 07:36:01 27,648 ----a-w C:\Windows\System32\olesvr32.dll
    - 2006-11-02 09:46:12 77,824 ----a-w C:\Windows\System32\olethk32.dll
    + 2008-01-19 07:36:01 77,824 ----a-w C:\Windows\System32\olethk32.dll
    - 2006-11-02 09:46:12 162,816 ----a-w C:\Windows\System32\onex.dll
    + 2008-01-19 07:36:02 1,541,120 ----a-w C:\Windows\System32\onex.dll
    - 2006-11-02 09:44:50 51,712 ----a-w C:\Windows\System32\oobe\audit.exe
    + 2008-01-19 07:33:01 52,736 ----a-w C:\Windows\System32\oobe\audit.exe
    - 2006-11-02 09:46:12 31,232 ----a-w C:\Windows\System32\oobe\diagER.dll
    + 2008-01-19 07:36:21 31,232 ----a-w C:\Windows\System32\oobe\diagER.dll
    - 2006-11-02 09:46:13 121,856 ----a-w C:\Windows\System32\oobe\diagnostic.dll
    + 2008-01-19 07:36:21 121,856 ----a-w C:\Windows\System32\oobe\diagnostic.dll
    - 2006-11-02 09:45:27 1,311,744 ----a-w C:\Windows\System32\oobe\msoobe.exe
    + 2008-01-19 07:33:17 1,315,328 ----a-w C:\Windows\System32\oobe\msoobe.exe
    - 2006-11-02 09:45:31 42,496 ----a-w C:\Windows\System32\oobe\oobeldr.exe
    + 2008-01-19 07:33:19 42,496 ----a-w C:\Windows\System32\oobe\oobeldr.exe
    - 2006-11-02 09:46:13 64,000 ----a-w C:\Windows\System32\oobe\pnpibs.dll
    + 2008-01-19 07:36:22 67,584 ----a-w C:\Windows\System32\oobe\pnpibs.dll
    - 2006-11-02 09:51:18 191,592 ----a-w C:\Windows\System32\oobe\Setup.exe
    + 2008-01-19 07:42:42 195,640 ----a-w C:\Windows\System32\oobe\Setup.exe
    - 2006-11-02 09:46:13 52,736 ----a-w C:\Windows\System32\oobe\spprgrss.dll
    + 2008-01-19 07:36:23 54,272 ----a-w C:\Windows\System32\oobe\spprgrss.dll
    - 2006-11-02 09:43:11 260,096 ----a-w C:\Windows\System32\oobe\W32UIRes.dll
    + 2008-01-19 07:31:32 266,752 ----a-w C:\Windows\System32\oobe\W32UIRes.dll
    - 2006-11-02 09:46:13 47,104 ----a-w C:\Windows\System32\oobe\wdsutil.dll
    + 2008-01-19 07:36:23 47,616 ----a-w C:\Windows\System32\oobe\wdsutil.dll
    - 2006-11-02 09:46:13 394,240 ----a-w C:\Windows\System32\oobe\win32ui.dll
    + 2008-01-19 07:36:23 416,768 ----a-w C:\Windows\System32\oobe\win32ui.dll
    - 2006-11-02 09:45:56 41,472 ----a-w C:\Windows\System32\oobe\windeploy.exe
    + 2008-01-19 07:33:37 62,976 ----a-w C:\Windows\System32\oobe\windeploy.exe
    - 2006-11-02 09:46:13 1,374,208 ----a-w C:\Windows\System32\oobe\winsetup.dll
    + 2008-01-19 07:36:23 1,468,928 ----a-w C:\Windows\System32\oobe\winsetup.dll
    - 2006-11-02 12:34:06 2,159,104 ----a-w C:\Windows\System32\oobefldr.dll
    + 2008-01-19 07:36:02 2,153,472 ----a-w C:\Windows\System32\oobefldr.dll
    - 2006-11-02 12:34:04 97,280 ----a-w C:\Windows\System32\OptionalFeatures.exe
    + 2008-01-19 07:33:19 97,280 ----a-w C:\Windows\System32\OptionalFeatures.exe
    - 2006-11-02 09:46:12 19,968 ----a-w C:\Windows\System32\osbaseln.dll
    + 2008-01-19 07:36:02 19,968 ----a-w C:\Windows\System32\osbaseln.dll
    - 2006-11-02 09:46:12 42,496 ----a-w C:\Windows\System32\osblprov.dll
    + 2008-01-19 07:36:02 42,496 ----a-w C:\Windows\System32\osblprov.dll
    - 2006-11-02 12:34:47 201,216 ----a-w C:\Windows\System32\P2P.dll
    + 2008-01-19 07:36:02 202,240 ----a-w C:\Windows\System32\P2P.dll
    - 2006-11-02 12:34:47 403,968 ----a-w C:\Windows\System32\p2pcollab.dll
    + 2008-01-19 07:36:02 403,968 ----a-w C:\Windows\System32\p2pcollab.dll
    - 2006-11-02 12:34:47 336,896 ----a-w C:\Windows\System32\P2PGraph.dll
    + 2008-01-19 07:36:09 336,896 ----a-w C:\Windows\System32\P2PGraph.dll
    - 2006-11-02 12:34:47 191,488 ----a-w C:\Windows\System32\p2phost.exe
    + 2008-01-19 07:33:19 192,000 ----a-w C:\Windows\System32\p2phost.exe
    - 2006-11-02 12:34:47 133,632 ----a-w C:\Windows\System32\p2pnetsh.dll
    + 2008-01-19 07:36:02 134,144 ----a-w C:\Windows\System32\p2pnetsh.dll
    - 2006-11-02 12:34:46 656,384 ----a-w C:\Windows\System32\p2psvc.dll
    + 2008-01-19 07:36:09 658,944 ----a-w C:\Windows\System32\p2psvc.dll
    - 2007-12-16 06:21:56 15,360 ----a-w C:\Windows\System32\pacerprf.dll
    + 2006-11-02 09:46:12 15,360 ----a-w C:\Windows\System32\pacerprf.dll
    - 2006-11-02 12:33:46 26,624 ----a-w C:\Windows\System32\pcadm.dll
    + 2008-01-19 07:36:03 26,624 ----a-w C:\Windows\System32\pcadm.dll
    - 2006-11-02 12:33:46 37,888 ----a-w C:\Windows\System32\pcasvc.dll
    + 2008-01-19 07:36:03 37,888 ----a-w C:\Windows\System32\pcasvc.dll
    - 2006-11-02 09:46:12 472,576 ----a-w C:\Windows\System32\pcaui.dll
    + 2008-01-19 07:36:03 464,384 ----a-w C:\Windows\System32\pcaui.dll
    - 2006-11-02 09:46:12 242,688 ----a-w C:\Windows\System32\pdh.dll
    + 2008-01-19 07:36:03 242,688 ----a-w C:\Windows\System32\pdh.dll
    - 2006-11-02 09:46:12 46,080 ----a-w C:\Windows\System32\pdhui.dll
    + 2008-01-19 07:36:03 46,592 ----a-w C:\Windows\System32\pdhui.dll
    - 2008-05-13 18:31:51 103,726 ----a-w C:\Windows\System32\perfc009.dat
    + 2008-05-18 19:08:16 101,052 ----a-w C:\Windows\System32\perfc009.dat
    - 2008-05-13 18:31:51 117,366 ----a-w C:\Windows\System32\perfc00C.dat
    + 2008-05-18 19:08:16 123,350 ----a-w C:\Windows\System32\perfc00C.dat
    - 2006-11-02 12:33:51 1,247,232 ----a-w C:\Windows\System32\PerfCenterCPL.dll
    + 2008-01-19 07:36:03 1,248,768 ----a-w C:\Windows\System32\PerfCenterCPL.dll
    - 2008-05-13 18:31:51 609,944 ----a-w C:\Windows\System32\perfh009.dat
    + 2008-05-18 19:08:16 586,980 ----a-w C:\Windows\System32\perfh009.dat
    - 2008-05-13 18:31:51 690,594 ----a-w C:\Windows\System32\perfh00C.dat
    + 2008-05-18 19:08:17 669,340 ----a-w C:\Windows\System32\perfh00C.dat
    - 2006-11-02 09:45:32 120,320 ----a-w C:\Windows\System32\perfmon.exe
    + 2008-01-19 07:33:19 120,320 ----a-w C:\Windows\System32\perfmon.exe
    - 2006-11-02 09:46:12 18,944 ----a-w C:\Windows\System32\perfnet.dll
    + 2008-01-19 07:36:03 19,968 ----a-w C:\Windows\System32\perfnet.dll
    - 2006-11-02 09:46:12 16,896 ----a-w C:\Windows\System32\perfts.dll
    + 2008-01-19 07:36:03 17,408 ----a-w C:\Windows\System32\perfts.dll
    - 2006-11-02 09:46:12 412,160 ----a-w C:\Windows\System32\PhotoMetadataHandler.dll
    + 2008-01-19 07:36:04 412,160 ----a-w C:\Windows\System32\PhotoMetadataHandler.dll
    - 2007-12-16 06:20:47 704,000 ----a-w C:\Windows\System32\PhotoScreensaver.scr
    + 2008-01-19 07:32:59 704,512 ----a-w C:\Windows\System32\PhotoScreensaver.scr
    - 2006-11-02 12:35:02 291,328 ----a-w C:\Windows\System32\photowiz.dll
    + 2008-01-19 07:36:05 291,328 ----a-w C:\Windows\System32\photowiz.dll
    - 2006-11-02 09:46:13 1,106,944 ----a-w C:\Windows\System32\pidgenx.dll
    + 2008-01-19 07:36:11 1,107,968 ----a-w C:\Windows\System32\pidgenx.dll
    - 2006-11-02 09:45:32 15,360 ----a-w C:\Windows\System32\PING.EXE
    + 2008-01-19 07:33:19 15,360 ----a-w C:\Windows\System32\PING.EXE
    - 2006-11-02 09:46:12 1,499,136 ----a-w C:\Windows\System32\pla.dll
    + 2008-01-19 07:36:06 1,502,208 ----a-w C:\Windows\System32\pla.dll
    - 2006-11-02 09:46:12 17,920 ----a-w C:\Windows\System32\PlaySndSrv.dll
    + 2008-01-19 07:36:06 17,920 ----a-w C:\Windows\System32\PlaySndSrv.dll
    - 2008-02-21 04:43:38 44,544 ----a-w C:\Windows\System32\pngfilt.dll
    + 2008-01-19 07:36:06 45,056 ----a-w C:\Windows\System32\pngfilt.dll
    - 2006-11-02 09:46:12 1,822,720 ----a-w C:\Windows\System32\pnidui.dll
    + 2008-01-19 07:36:07 1,823,232 ----a-w C:\Windows\System32\pnidui.dll
    - 2006-11-02 09:46:12 180,736 ----a-w C:\Windows\System32\pnpsetup.dll
    + 2008-01-19 07:36:07 180,736 ----a-w C:\Windows\System32\pnpsetup.dll
    - 2006-11-02 09:46:12 10,240 ----a-w C:\Windows\System32\pnpts.dll
    + 2008-01-19 07:36:07 10,752 ----a-w C:\Windows\System32\pnpts.dll
    - 2006-11-02 09:46:12 542,208 ----a-w C:\Windows\System32\pnpui.dll
    + 2008-01-19 07:36:07 542,208 ----a-w C:\Windows\System32\pnpui.dll
    - 2006-11-02 09:45:32 57,856 ----a-w C:\Windows\System32\PnPUnattend.exe
    + 2008-01-19 07:33:19 58,368 ----a-w C:\Windows\System32\PnPUnattend.exe
    - 2006-11-02 09:45:32 32,768 ----a-w C:\Windows\System32\PnPutil.exe
    + 2008-01-19 07:33:19 32,768 ----a-w C:\Windows\System32\PnPutil.exe
    - 2006-11-02 09:46:12 69,632 ----a-w C:\Windows\System32\PNPXAssoc.dll
    + 2008-01-19 07:36:07 69,632 ----a-w C:\Windows\System32\PNPXAssoc.dll
    - 2006-11-02 09:46:12 53,248 ----a-w C:\Windows\System32\PNPXAssocPrx.dll
    + 2008-01-19 07:36:07 53,248 ----a-w C:\Windows\System32\PNPXAssocPrx.dll
    - 2006-11-02 12:34:46 62,464 ----a-w C:\Windows\System32\pnrpnsp.dll
    + 2008-01-19 07:36:07 62,464 ----a-w C:\Windows\System32\pnrpnsp.dll
    - 2006-11-02 09:46:12 272,896 ----a-w C:\Windows\System32\polstore.dll
    + 2008-01-19 07:36:07 272,896 ----a-w C:\Windows\System32\polstore.dll
    - 2006-11-02 12:34:55 272,384 ----a-w C:\Windows\System32\PortableDeviceApi.dll
    + 2008-01-19 07:36:07 272,384 ----a-w C:\Windows\System32\PortableDeviceApi.dll
    - 2006-11-02 12:34:55 95,232 ----a-w C:\Windows\System32\PortableDeviceClassExtension.dll
    + 2008-01-19 07:36:07 94,720 ----a-w C:\Windows\System32\PortableDeviceClassExtension.dll
    - 2006-11-02 12:34:55 160,768 ----a-w C:\Windows\System32\PortableDeviceTypes.dll
    + 2008-01-19 07:36:07 160,768 ----a-w C:\Windows\System32\PortableDeviceTypes.dll
    - 2006-11-02 12:34:55 124,928 ----a-w C:\Windows\System32\PortableDeviceWiaCompat.dll
    + 2008-01-19 07:36:07 124,928 ----a-w C:\Windows\System32\PortableDeviceWiaCompat.dll
    - 2006-11-02 12:34:55 196,096 ----a-w C:\Windows\System32\PortableDeviceWMDRM.dll
    + 2008-01-19 07:36:07 196,608 ----a-w C:\Windows\System32\PortableDeviceWMDRM.dll
    - 2006-11-02 09:46:12 16,384 ----a-w C:\Windows\System32\pots.dll
    + 2008-01-19 07:36:07 16,896 ----a-w C:\Windows\System32\pots.dll
    - 2006-11-02 09:46:12 723,968 ----a-w C:\Windows\System32\powercpl.dll
    + 2008-01-19 07:36:07 723,968 ----a-w C:\Windows\System32\powercpl.dll
    - 2006-11-02 09:46:12 96,768 ----a-w C:\Windows\System32\powrprof.dll
    + 2008-01-19 07:36:07 97,280 ----a-w C:\Windows\System32\powrprof.dll
    - 2006-11-02 12:34:57 104,224 ----a-w C:\Windows\System32\PresentationCFFRasterizerNative_v0300.dll
    + 2008-01-05 11:21:52 106,520 ----a-w C:\Windows\System32\PresentationCFFRasterizerNative_v0300.dll
    - 2006-11-02 12:34:56 344,352 ----a-w C:\Windows\System32\PresentationHost.exe
    + 2008-01-05 11:21:54 350,744 ----a-w C:\Windows\System32\PresentationHost.exe
    - 2006-11-02 12:34:57 20,768 ----a-w C:\Windows\System32\PresentationHostProxy.dll
    + 2008-01-05 11:21:55 33,304 ----a-w C:\Windows\System32\PresentationHostProxy.dll
    - 2006-11-02 12:34:57 769,312 ----a-w C:\Windows\System32\PresentationNative_v0300.dll
    + 2008-01-05 11:21:55 779,800 ----a-w C:\Windows\System32\PresentationNative_v0300.dll
    - 2006-11-02 09:45:32 25,600 ----a-w C:\Windows\System32\prevhost.exe
    + 2008-01-19 07:33:20 26,112 ----a-w C:\Windows\System32\prevhost.exe
    - 2008-02-13 10:49:02 17,408 ----a-w C:\Windows\System32\prflbmsg.dll
    + 2006-11-02 09:42:44 17,408 ----a-w C:\Windows\System32\prflbmsg.dll
    - 2006-11-02 09:46:12 37,376 ----a-w C:\Windows\System32\printcom.dll
    + 2008-01-19 07:36:07 37,888 ----a-w C:\Windows\System32\printcom.dll
    - 2006-11-02 09:46:12 24,576 ----a-w C:\Windows\System32\printfilterpipelineprxy.dll
    + 2008-01-19 07:36:07 26,112 ----a-w C:\Windows\System32\printfilterpipelineprxy.dll
    - 2006-11-02 09:45:33 654,336 ----a-w C:\Windows\System32\printfilterpipelinesvc.exe
    + 2008-01-19 07:33:20 666,112 ----a-w C:\Windows\System32\printfilterpipelinesvc.exe
    - 2006-11-02 09:46:12 858,112 ----a-w C:\Windows\System32\printui.dll
    + 2008-01-19 07:36:08 869,888 ----a-w C:\Windows\System32\printui.dll
    - 2006-11-02 09:46:12 551,424 ----a-w C:\Windows\System32\prnntfy.dll
    + 2008-01-19 07:36:08 551,936 ----a-w C:\Windows\System32\prnntfy.dll
    - 2006-11-02 09:46:12 119,296 ----a-w C:\Windows\System32\prntvpt.dll
    + 2008-01-19 07:36:08 119,296 ----a-w C:\Windows\System32\prntvpt.dll
    - 2006-11-02 09:46:12 7,680 ----a-w C:\Windows\System32\procinst.dll
    + 2008-01-19 07:36:08 7,680 ----a-w C:\Windows\System32\procinst.dll
    + 2008-01-19 07:36:11 29,184 ----a-w C:\Windows\System32\profprov.dll
    - 2006-11-02 09:46:12 152,576 ----a-w C:\Windows\System32\profsvc.dll
    + 2008-01-19 07:36:11 153,600 ----a-w C:\Windows\System32\profsvc.dll
    - 2006-11-02 12:33:58 65,536 ----a-w C:\Windows\System32\propdefs.dll
    + 2008-01-19 07:36:11 65,536 ----a-w C:\Windows\System32\propdefs.dll
    - 2006-11-02 09:46:12 733,696 ----a-w C:\Windows\System32\propsys.dll
    + 2008-01-19 07:36:11 750,080 ----a-w C:\Windows\System32\propsys.dll
    + 2008-01-19 07:36:11 191,488 ----a-w C:\Windows\System32\provthrd.dll
    - 2006-11-02 09:46:12 40,448 ----a-w C:\Windows\System32\psbase.dll
    + 2008-01-19 07:36:11 40,448 ----a-w C:\Windows\System32\psbase.dll
    - 2006-11-02 09:49:46 24,168 ----a-w C:\Windows\System32\PSHED.DLL
    + 2008-01-19 07:42:18 51,768 ----a-w C:\Windows\System32\PSHED.DLL
    - 2007-05-06 20:55:41 292,352 ----a-w C:\Windows\System32\psisdecd.dll
    + 2008-01-19 07:36:12 293,376 ----a-w C:\Windows\System32\psisdecd.dll
    - 2006-11-02 09:46:12 166,400 ----a-w C:\Windows\System32\puiapi.dll
    + 2008-01-19 07:36:12 166,400 ----a-w C:\Windows\System32\puiapi.dll
    - 2006-11-02 09:46:12 299,520 ----a-w C:\Windows\System32\puiobj.dll
    + 2008-01-19 07:36:12 300,032 ----a-w C:\Windows\System32\puiobj.dll
    - 2006-11-02 09:46:12 163,328 ----a-w C:\Windows\System32\QAGENT.DLL
    + 2008-01-19 07:36:12 172,544 ----a-w C:\Windows\System32\QAGENT.DLL
    - 2006-11-02 09:46:12 277,504 ----a-w C:\Windows\System32\QAGENTRT.DLL
    + 2008-01-19 07:36:12 302,080 ----a-w C:\Windows\System32\QAGENTRT.DLL
    - 2006-11-02 09:46:12 208,896 ----a-w C:\Windows\System32\qasf.dll
    + 2008-01-19 07:36:12 208,896 ----a-w C:\Windows\System32\qasf.dll
    - 2006-11-02 09:46:12 192,000 ----a-w C:\Windows\System32\qcap.dll
    + 2008-01-19 07:36:12 192,000 ----a-w C:\Windows\System32\qcap.dll
    - 2006-11-02 09:46:12 68,608 ----a-w C:\Windows\System32\QCLIPROV.DLL
    + 2008-01-19 07:36:12 69,632 ----a-w C:\Windows\System32\QCLIPROV.DLL
    - 2006-11-02 09:46:12 281,600 ----a-w C:\Windows\System32\qdv.dll
    + 2008-01-19 07:36:13 281,600 ----a-w C:\Windows\System32\qdv.dll
    - 2006-11-02 09:46:12 488,448 ----a-w C:\Windows\System32\qdvd.dll
    + 2008-01-19 07:36:13 497,152 ----a-w C:\Windows\System32\qdvd.dll
    - 2006-11-02 12:33:53 505,344 ----a-w C:\Windows\System32\qedit.dll
    + 2008-01-19 07:36:13 505,344 ----a-w C:\Windows\System32\qedit.dll
    - 2007-12-16 06:06:10 750,080 ----a-w C:\Windows\System32\qmgr.dll
    + 2008-01-19 07:36:13 758,272 ----a-w C:\Windows\System32\qmgr.dll
    - 2006-11-02 09:46:12 151,552 ----a-w C:\Windows\System32\QSHVHOST.DLL
    + 2008-01-19 07:36:13 154,112 ----a-w C:\Windows\System32\QSHVHOST.DLL
    - 2006-11-02 09:46:12 80,896 ----a-w C:\Windows\System32\QSVRMGMT.DLL
    + 2008-01-19 07:36:13 81,920 ----a-w C:\Windows\System32\QSVRMGMT.DLL
    - 2007-12-16 06:14:37 1,327,104 ----a-w C:\Windows\System32\quartz.dll
    + 2008-01-19 07:36:14 1,314,816 ----a-w C:\Windows\System32\quartz.dll
    - 2006-11-02 09:46:12 1,380,864 ----a-w C:\Windows\System32\Query.dll
    + 2008-01-19 07:36:14 1,381,376 ----a-w C:\Windows\System32\Query.dll
    - 2006-11-02 09:46:12 78,848 ----a-w C:\Windows\System32\QUTIL.DLL
    + 2008-01-19 07:36:14 79,360 ----a-w C:\Windows\System32\QUTIL.DLL
    - 2006-11-02 12:33:47 242,176 ----a-w C:\Windows\System32\qwave.dll
    + 2008-01-19 07:36:14 243,712 ----a-w C:\Windows\System32\qwave.dll
    - 2006-11-02 09:45:34 20,480 ----a-w C:\Windows\System32\RacAgent.exe
    + 2008-01-19 07:33:23 20,480 ----a-w C:\Windows\System32\RacAgent.exe
    - 2006-11-02 09:46:12 862,720 ----a-w C:\Windows\System32\RacEngn.dll
    + 2008-01-19 07:36:15 889,344 ----a-w C:\Windows\System32\RacEngn.dll
    - 2006-11-02 09:46:12 280,064 ----a-w C:\Windows\System32\rasapi32.dll
    + 2008-01-19 07:36:15 286,720 ----a-w C:\Windows\System32\rasapi32.dll
    - 2006-11-02 09:46:12 90,624 ----a-w C:\Windows\System32\rasauto.dll
    + 2008-01-19 07:36:15 90,624 ----a-w C:\Windows\System32\rasauto.dll
    - 2007-12-16 06:22:01 77,824 ----a-w C:\Windows\System32\rascfg.dll
    + 2008-01-19 07:36:15 81,408 ----a-w C:\Windows\System32\rascfg.dll
    - 2006-11-02 09:46:12 274,432 ----a-w C:\Windows\System32\raschap.dll
    + 2008-01-19 07:36:15 281,600 ----a-w C:\Windows\System32\raschap.dll
    - 2006-11-02 09:46:12 15,360 ----a-w C:\Windows\System32\rasctrs.dll
    + 2008-01-19 07:36:15 15,360 ----a-w C:\Windows\System32\rasctrs.dll
    - 2007-12-16 06:22:01 52,736 ----a-w C:\Windows\System32\rasdiag.dll
    + 2008-01-19 07:36:15 52,736 ----a-w C:\Windows\System32\rasdiag.dll
    - 2006-11-02 09:46:12 824,832 ----a-w C:\Windows\System32\rasdlg.dll
    + 2008-01-19 07:36:15 825,856 ----a-w C:\Windows\System32\rasdlg.dll
    - 2006-11-02 12:34:40 161,792 ----a-w C:\Windows\System32\raserver.exe
    + 2008-01-19 07:33:23 161,792 ----a-w C:\Windows\System32\raserver.exe
    - 2006-11-02 09:46:12 641,536 ----a-w C:\Windows\System32\rasgcw.dll
    + 2008-01-19 07:36:15 642,560 ----a-w C:\Windows\System32\rasgcw.dll
    - 2006-11-02 09:46:12 70,656 ----a-w C:\Windows\System32\rasman.dll
    + 2008-01-19 07:36:15 71,168 ----a-w C:\Windows\System32\rasman.dll
    - 2006-11-02 09:46:12 234,496 ----a-w C:\Windows\System32\rasmans.dll
    + 2008-01-19 07:36:15 260,608 ----a-w C:\Windows\System32\rasmans.dll
    - 2006-11-02 09:46:12 974,848 ----a-w C:\Windows\System32\RASMM.dll
    + 2008-01-19 07:36:16 975,360 ----a-w C:\Windows\System32\RASMM.dll
    - 2006-11-02 09:46:12 255,488 ----a-w C:\Windows\System32\rasmontr.dll
    + 2008-01-19 07:36:16 155,136 ----a-w C:\Windows\System32\rasmontr.dll
    - 2007-12-16 06:22:01 32,768 ----a-w C:\Windows\System32\rasmxs.dll
    + 2006-11-02 09:46:12 32,768 ----a-w C:\Windows\System32\rasmxs.dll
    - 2006-11-02 09:45:34 39,424 ----a-w C:\Windows\System32\rasphone.exe
    + 2008-01-19 07:33:23 39,424 ----a-w C:\Windows\System32\rasphone.exe
    - 2006-11-02 09:46:12 376,832 ----a-w C:\Windows\System32\rasplap.dll
    + 2008-01-19 07:36:16 376,832 ----a-w C:\Windows\System32\rasplap.dll
    - 2006-11-02 09:46:12 254,976 ----a-w C:\Windows\System32\rasppp.dll
    + 2008-01-19 07:36:16 259,584 ----a-w C:\Windows\System32\rasppp.dll
    - 2006-11-02 09:46:12 67,072 ----a-w C:\Windows\System32\rasqec.dll
    + 2008-01-19 07:36:16 69,632 ----a-w C:\Windows\System32\rasqec.dll
    - 2007-12-16 06:22:01 22,016 ----a-w C:\Windows\System32\rasser.dll
    + 2006-11-02 09:46:12 22,016 ----a-w C:\Windows\System32\rasser.dll
    - 2006-11-02 09:46:12 67,072 ----a-w C:\Windows\System32\rastapi.dll
    + 2008-01-19 07:36:16 69,632 ----a-w C:\Windows\System32\rastapi.dll
    - 2006-11-02 09:46:12 232,960 ----a-w C:\Windows\System32\rastls.dll
    + 2008-01-19 07:36:16 243,712 ----a-w C:\Windows\System32\rastls.dll
    - 2006-11-02 09:46:12 8,704 ----a-w C:\Windows\System32\rdpcfgex.dll
    + 2008-01-
    18 Mai 2008 22:07:58

    + 2006-11-02 09:44:52 34,304 ----a-w C:\Windows\winsxs\x86_microsoft-windows-bth-user_31bf3856ad364e35_6.0.6001.18000_none_65193febd52e137a\bthudtask.exe
    + 2006-11-02 09:46:14 34,304 ----a-w C:\Windows\winsxs\x86_microsoft-windows-bth-user_31bf3856ad364e35_6.0.6001.18000_none_65193febd52e137a\wshbth.dll
    + 2008-01-19 07:33:49 91,648 ----a-w C:\Windows\winsxs\x86_microsoft-windows-btpanui_31bf3856ad364e35_6.0.6001.18000_none_6c8fb624f70b6f83\btpanui.dll
    + 2008-01-19 07:32:58 879,616 ----a-w C:\Windows\winsxs\x86_microsoft-windows-bubbles_31bf3856ad364e35_6.0.6001.18000_none_6e7e463bc9f1a17d\Bubbles.scr
    + 2008-01-19 07:33:51 1,502,720 ----a-w C:\Windows\winsxs\x86_microsoft-windows-c..atemanagersnapindll_31bf3856ad364e35_6.0.6001.18000_none_5520876bab8c76d7\certmgr.dll
    + 2008-01-19 07:34:20 262,144 ----a-w C:\Windows\winsxs\x86_microsoft-windows-c..complus-eventsystem_31bf3856ad364e35_6.0.6001.18000_none_0ced9f1d51bda029\es.dll
    + 2008-01-19 07:33:50 451,072 ----a-w C:\Windows\winsxs\x86_microsoft-windows-c..complus-runtime-qfe_31bf3856ad364e35_6.0.6001.18000_none_6b632e81788ed2d9\catsrv.dll
    + 2008-01-19 07:33:52 523,776 ----a-w C:\Windows\winsxs\x86_microsoft-windows-c..complus-runtime-qfe_31bf3856ad364e35_6.0.6001.18000_none_6b632e81788ed2d9\clbcatq.dll
    + 2008-01-19 07:33:58 62,464 ----a-w C:\Windows\winsxs\x86_microsoft-windows-c..complus-runtime-qfe_31bf3856ad364e35_6.0.6001.18000_none_6b632e81788ed2d9\colbact.dll
    + 2008-01-19 07:35:16 307,712 ----a-w C:\Windows\winsxs\x86_microsoft-windows-c..dtc-runtime-cluster_31bf3856ad364e35_6.0.6001.18000_none_96884f328cb241f3\mtxclu.dll
    + 2008-01-19 07:36:14 1,381,376 ----a-w C:\Windows\winsxs\x86_microsoft-windows-c..ent-indexing-common_31bf3856ad364e35_6.0.6001.18000_none_06b40dcad71051f6\Query.dll
    + 2008-01-19 07:33:50 487,936 ----a-w C:\Windows\winsxs\x86_microsoft-windows-c..fe-catsrvut-comsvcs_31bf3856ad364e35_6.0.6001.18000_none_72c2652d9fddfafd\catsrvut.dll
    + 2008-01-19 07:33:59 1,208,320 ----a-w C:\Windows\winsxs\x86_microsoft-windows-c..fe-catsrvut-comsvcs_31bf3856ad364e35_6.0.6001.18000_none_72c2652d9fddfafd\comsvcs.dll
    + 2008-01-19 07:35:17 22,016 ----a-w C:\Windows\winsxs\x86_microsoft-windows-c..mplus-runtime-mtxdm_31bf3856ad364e35_6.0.6001.18000_none_17f017e0d36c8c2d\mtxdm.dll
    + 2008-01-19 07:33:58 201,728 ----a-w C:\Windows\winsxs\x86_microsoft-windows-c..plus-admin-comadmin_31bf3856ad364e35_6.0.6001.18000_none_31612f34bf013e82\comadmin.dll
    + 2008-01-19 07:36:43 89,088 ----a-w C:\Windows\winsxs\x86_microsoft-windows-c..plus-runtime-txflog_31bf3856ad364e35_6.0.6001.18000_none_df1648b103737ef5\txflog.dll
    + 2008-01-19 07:34:03 1,078,272 ----a-w C:\Windows\winsxs\x86_microsoft-windows-c..rformance-xperfcore_31bf3856ad364e35_6.0.6001.18000_none_d71173946e986845\diagperf.dll
    + 2008-01-19 07:35:34 229,888 ----a-w C:\Windows\winsxs\x86_microsoft-windows-c..termanagementsnapin_31bf3856ad364e35_6.0.6001.18000_none_4b16202b7656fa35\mycomput.dll
    + 2008-01-19 07:33:50 323,072 ----a-w C:\Windows\winsxs\x86_microsoft-windows-c..tionauthorityclient_31bf3856ad364e35_6.0.6001.18000_none_d77db57c3ca78826\certcli.dll
    + 2008-01-19 05:48:45 20,992 ----a-w C:\Windows\winsxs\x86_microsoft-windows-c..us-dtc-vistasp1.res_31bf3856ad364e35_6.0.6001.18000_none_1246940101f076c1\msdtcVSp1res.dll
    + 2008-01-19 07:35:17 27,136 ----a-w C:\Windows\winsxs\x86_microsoft-windows-c..us-runtime-mtxlegih_31bf3856ad364e35_6.0.6001.18000_none_06195ad0b54f61e9\mtxlegih.dll
    + 2008-01-19 07:33:25 145,408 ----a-w C:\Windows\winsxs\x86_microsoft-windows-c..utermanagerlauncher_31bf3856ad364e35_6.0.6001.18000_none_8e157293f4522572\CompMgmtLauncher.exe
    + 2008-01-19 07:33:49 71,680 ----a-w C:\Windows\winsxs\x86_microsoft-windows-cabinet_31bf3856ad364e35_6.0.6001.18000_none_373f511ce1ebb446\cabinet.dll
    + 2008-01-19 07:33:49 97,280 ----a-w C:\Windows\winsxs\x86_microsoft-windows-cabview_31bf3856ad364e35_6.0.6001.18000_none_38025638e17eae65\cabview.dll
    + 2008-01-19 07:33:37 967,680 ----a-w C:\Windows\winsxs\x86_microsoft-windows-calendar_31bf3856ad364e35_6.0.6001.18000_none_90f0b3cb5ec7bc56\WinCal.exe
    + 2008-01-19 07:33:50 17,920 ----a-w C:\Windows\winsxs\x86_microsoft-windows-capisp-dll_31bf3856ad364e35_6.0.6001.18000_none_d2083fe73d460f81\capisp.dll
    + 2008-01-19 07:33:03 2,944,512 ----a-w C:\Windows\winsxs\x86_microsoft-windows-capturewizard_31bf3856ad364e35_6.0.6001.18000_none_6caf21de31abd9cf\CaptureWizard.exe
    + 2008-01-19 07:33:34 58,368 ----a-w C:\Windows\winsxs\x86_microsoft-windows-capturewizard_31bf3856ad364e35_6.0.6001.18000_none_6caf21de31abd9cf\VideoCameraAutoPlayManager.exe
    + 2008-01-19 07:33:50 14,848 ----a-w C:\Windows\winsxs\x86_microsoft-windows-cbsapi_31bf3856ad364e35_6.0.6001.18000_none_4e61d315f066f6f4\CbsApi.dll
    + 2008-01-19 05:28:02 70,144 ----a-w C:\Windows\winsxs\x86_microsoft-windows-cdfs_31bf3856ad364e35_6.0.6001.18000_none_a667930f1cf3e8c6\cdfs.sys
    + 2008-01-19 07:33:50 805,888 ----a-w C:\Windows\winsxs\x86_microsoft-windows-cdosys_31bf3856ad364e35_6.0.6001.18000_none_1e46002025645d61\cdosys.dll
    + 2008-01-19 07:33:03 215,040 ----a-w C:\Windows\winsxs\x86_microsoft-windows-certificaterequesttool_31bf3856ad364e35_6.0.6001.18000_none_6810938417684464\certreq.exe
    + 2006-11-02 09:46:02 41,984 ----a-w C:\Windows\winsxs\x86_microsoft-windows-certutil_31bf3856ad364e35_6.0.6001.18000_none_b58507ed335c92cc\certenc.dll
    + 2008-01-19 07:33:03 798,720 ----a-w C:\Windows\winsxs\x86_microsoft-windows-certutil_31bf3856ad364e35_6.0.6001.18000_none_b58507ed335c92cc\certutil.exe
    + 2008-01-19 07:33:04 58,368 ----a-w C:\Windows\winsxs\x86_microsoft-windows-cipher_31bf3856ad364e35_6.0.6001.18000_none_ad167f5aa518a33b\cipher.exe
    + 2008-01-19 07:43:13 127,544 ----a-w C:\Windows\winsxs\x86_microsoft-windows-classpnp_31bf3856ad364e35_6.0.6001.18000_none_15832e9bac11d542\Classpnp.sys
    + 2008-01-19 07:36:59 243,712 ----a-w C:\Windows\winsxs\x86_microsoft-windows-clipsinthelibrary_31bf3856ad364e35_6.0.6001.18000_none_3dfdfe30a8179be4\WMM2CLIP.dll
    + 2008-01-19 07:33:53 2,032,640 ----a-w C:\Windows\winsxs\x86_microsoft-windows-cmi_31bf3856ad364e35_6.0.6001.18000_none_a9ce4a485a8ade99\cmiv2.dll
    + 2008-01-19 07:33:53 119,808 ----a-w C:\Windows\winsxs\x86_microsoft-windows-cmiadapter_31bf3856ad364e35_6.0.6001.18000_none_be1539fd11331f58\cmiadapter.dll
    + 2008-01-19 07:33:53 271,360 ----a-w C:\Windows\winsxs\x86_microsoft-windows-cmitrustinfoinstallers_1122334455667788_6.0.6001.18000_none_9204f851b707724d\cmitrust.dll
    + 2008-01-19 07:43:38 614,968 ----a-w C:\Windows\winsxs\x86_microsoft-windows-codeintegrity_31bf3856ad364e35_6.0.6001.18000_none_a077f13e04bfe446\ci.dll
    + 2008-01-19 07:36:01 1,315,328 ----a-w C:\Windows\winsxs\x86_microsoft-windows-com-base-qfe-ole32_31bf3856ad364e35_6.0.6001.18000_none_ac1da75bf2516084\ole32.dll
    + 2008-01-19 07:36:17 547,328 ----a-w C:\Windows\winsxs\x86_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.0.6001.18000_none_69cadbfc3ddffe3c\rpcss.dll
    + 2006-11-02 09:46:03 7,168 ----a-w C:\Windows\winsxs\x86_microsoft-windows-com-base_31bf3856ad364e35_6.0.6001.18000_none_0dee367726857e43\comcat.dll
    + 2006-11-02 07:28:57 22,528 ----a-w C:\Windows\winsxs\x86_microsoft-windows-com-base_31bf3856ad364e35_6.0.6001.18000_none_0dee367726857e43\oleres.dll
    + 2008-01-19 07:33:58 91,648 ----a-w C:\Windows\winsxs\x86_microsoft-windows-com-complus-admin_31bf3856ad364e35_6.0.6001.18000_none_dd69b48f2ccd33a1\comrepl.dll
    + 2006-11-02 09:46:02 23,552 ----a-w C:\Windows\winsxs\x86_microsoft-windows-com-complus-runtime_31bf3856ad364e35_6.0.6001.18000_none_59cabf11d4b18d8a\catsrvps.dll
    + 2006-09-18 21:27:45 61,440 ----a-w C:\Windows\winsxs\x86_microsoft-windows-com-complus-runtime_31bf3856ad364e35_6.0.6001.18000_none_59cabf11d4b18d8a\comempty.dat
    + 2008-01-19 07:34:45 26,624 ----a-w C:\Windows\winsxs\x86_microsoft-windows-com-complus-runtime_31bf3856ad364e35_6.0.6001.18000_none_59cabf11d4b18d8a\mfcsubs.dll
    + 2006-11-02 09:46:11 7,168 ----a-w C:\Windows\winsxs\x86_microsoft-windows-com-complus-runtime_31bf3856ad364e35_6.0.6001.18000_none_59cabf11d4b18d8a\mtxex.dll
    + 2008-01-19 07:33:58 55,808 ----a-w C:\Windows\winsxs\x86_microsoft-windows-com-complus-setup_31bf3856ad364e35_6.0.6001.18000_none_e9a7d948ef4e2e4f\commig.dll
    + 2008-01-19 07:33:58 246,272 ----a-w C:\Windows\winsxs\x86_microsoft-windows-com-complus-setup_31bf3856ad364e35_6.0.6001.18000_none_e9a7d948ef4e2e4f\comsetup.dll
    + 2008-01-19 07:33:18 124,928 ----a-w C:\Windows\winsxs\x86_microsoft-windows-com-complus-setup_31bf3856ad364e35_6.0.6001.18000_none_e9a7d948ef4e2e4f\mtstocom.exe
    + 2008-01-19 07:33:59 593,408 ----a-w C:\Windows\winsxs\x86_microsoft-windows-com-complus-ui-comuid_31bf3856ad364e35_6.0.6001.18000_none_e3334e0265587ba0\comuid.dll
    + 2008-01-19 07:33:58 220,160 ----a-w C:\Windows\winsxs\x86_microsoft-windows-com-complus-ui_31bf3856ad364e35_6.0.6001.18000_none_b0a7c3b54838915e\comsnap.dll
    + 2006-11-02 09:45:00 8,704 ----a-w C:\Windows\winsxs\x86_microsoft-windows-com-complus-ui_31bf3856ad364e35_6.0.6001.18000_none_b0a7c3b54838915e\dcomcnfg.exe
    + 2008-01-19 05:48:37 1,291,264 ----a-w C:\Windows\winsxs\x86_microsoft-windows-com-complus.res_31bf3856ad364e35_6.0.6001.18000_none_2cb0dad7e631d923\comres.dll
    + 2008-01-19 07:34:56 557,568 ----a-w C:\Windows\winsxs\x86_microsoft-windows-com-dtc-client_31bf3856ad364e35_6.0.6001.18000_none_4cf2edb6b94dc8a7\msdtcprx.dll
    + 2008-01-19 07:37:13 38,912 ----a-w C:\Windows\winsxs\x86_microsoft-windows-com-dtc-client_31bf3856ad364e35_6.0.6001.18000_none_4cf2edb6b94dc8a7\xolehlp.dll
    + 2008-01-19 07:34:57 215,040 ----a-w C:\Windows\winsxs\x86_microsoft-windows-com-dtc-management_31bf3856ad364e35_6.0.6001.18000_none_49ce225e63db5f61\msdtcuiu.dll
    + 2008-01-19 07:35:17 105,472 ----a-w C:\Windows\winsxs\x86_microsoft-windows-com-dtc-oraclesupport_31bf3856ad364e35_6.0.6001.18000_none_ed702a6f686b92ff\mtxoci.dll
    + 2008-01-19 07:34:56 89,088 ----a-w C:\Windows\winsxs\x86_microsoft-windows-com-dtc-runtime-log_31bf3856ad364e35_6.0.6001.18000_none_24edda982f0453e5\msdtclog.dll
    + 2008-01-19 07:34:57 1,052,160 ----a-w C:\Windows\winsxs\x86_microsoft-windows-com-dtc-runtime-tm_31bf3856ad364e35_6.0.6001.18000_none_99988e221abfe282\msdtctm.dll
    + 2008-01-19 07:33:16 105,984 ----a-w C:\Windows\winsxs\x86_microsoft-windows-com-dtc-runtime_31bf3856ad364e35_6.0.6001.18000_none_195302e56002fb82\msdtc.exe
    + 2008-01-19 07:34:56 344,576 ----a-w C:\Windows\winsxs\x86_microsoft-windows-com-dtc-runtime_31bf3856ad364e35_6.0.6001.18000_none_195302e56002fb82\msdtckrm.dll
    + 2008-01-19 07:34:56 59,904 ----a-w C:\Windows\winsxs\x86_microsoft-windows-com-dtc-setup_31bf3856ad364e35_6.0.6001.18000_none_8dcba6fdadfaceb1\msdtcstp.dll
    + 2006-09-18 21:27:12 19,429 ----a-w C:\Windows\winsxs\x86_microsoft-windows-com-dtc-tracing_31bf3856ad364e35_6.0.6001.18000_none_17df4ac2f2cf5440\msdtcvtr.bat
    + 2008-01-19 07:36:01 78,848 ----a-w C:\Windows\winsxs\x86_microsoft-windows-com-legacyole-olecli32_31bf3856ad364e35_6.0.6001.18000_none_676929ea379e6587\olecli32.dll
    + 2006-09-18 21:35:10 27,792 ----a-w C:\Windows\winsxs\x86_microsoft-windows-com-legacyole_31bf3856ad364e35_6.0.6001.18000_none_3f1ba507d2463833\compobj.dll
    + 2006-11-02 09:39:39 3,072 ----a-w C:\Windows\winsxs\x86_microsoft-windows-com-legacyole_31bf3856ad364e35_6.0.6001.18000_none_3f1ba507d2463833\iprop.dll
    + 2006-09-18 21:35:13 42,592 ----a-w C:\Windows\winsxs\x86_microsoft-windows-com-legacyole_31bf3856ad364e35_6.0.6001.18000_none_3f1ba507d2463833\ole2.dll
    + 2006-09-18 21:35:14 169,520 ----a-w C:\Windows\winsxs\x86_microsoft-windows-com-legacyole_31bf3856ad364e35_6.0.6001.18000_none_3f1ba507d2463833\ole2disp.dll
    + 2006-09-18 21:35:15 153,008 ----a-w C:\Windows\winsxs\x86_microsoft-windows-com-legacyole_31bf3856ad364e35_6.0.6001.18000_none_3f1ba507d2463833\ole2nls.dll
    + 2008-01-19 07:36:01 27,648 ----a-w C:\Windows\winsxs\x86_microsoft-windows-com-legacyole_31bf3856ad364e35_6.0.6001.18000_none_3f1ba507d2463833\olesvr32.dll
    + 2008-01-19 07:36:01 77,824 ----a-w C:\Windows\winsxs\x86_microsoft-windows-com-legacyole_31bf3856ad364e35_6.0.6001.18000_none_3f1ba507d2463833\olethk32.dll
    + 2006-09-18 21:35:15 4,208 ----a-w C:\Windows\winsxs\x86_microsoft-windows-com-legacyole_31bf3856ad364e35_6.0.6001.18000_none_3f1ba507d2463833\storage.dll
    + 2006-09-18 21:35:15 177,856 ----a-w C:\Windows\winsxs\x86_microsoft-windows-com-legacyole_31bf3856ad364e35_6.0.6001.18000_none_3f1ba507d2463833\typelib.dll
    + 2008-01-19 07:36:01 101,888 ----a-w C:\Windows\winsxs\x86_microsoft-windows-com-oleui_31bf3856ad364e35_6.0.6001.18000_none_2073f9ffadc17996\oledlg.dll
    + 2008-01-19 07:33:58 450,048 ----a-w C:\Windows\winsxs\x86_microsoft-windows-comdlg32_31bf3856ad364e35_6.0.6001.18000_none_b5b111a1a5a793a5\comdlg32.dll
    + 2008-01-19 07:33:04 318,976 ----a-w C:\Windows\winsxs\x86_microsoft-windows-commandprompt_31bf3856ad364e35_6.0.6001.18000_none_8b0cc6bd1a5c896f\cmd.exe
    + 2008-01-19 07:42:58 247,352 ----a-w C:\Windows\winsxs\x86_microsoft-windows-commonlog_31bf3856ad364e35_6.0.6001.18000_none_7e829aad278c05f5\clfs.sys
    + 2008-01-19 07:33:52 56,832 ----a-w C:\Windows\winsxs\x86_microsoft-windows-commonlogservicesapi_31bf3856ad364e35_6.0.6001.18000_none_6eb526617fd72f1d\clfsw32.dll
    + 2008-01-19 07:35:35 119,808 ----a-w C:\Windows\winsxs\x86_microsoft-windows-computer-name-ui_31bf3856ad364e35_6.0.6001.18000_none_0e07278eee832e62\netid.dll
    + 2008-01-19 07:33:04 36,352 ----a-w C:\Windows\winsxs\x86_microsoft-windows-computerdefaults_31bf3856ad364e35_6.0.6001.18000_none_0676a1abc3496ab5\ComputerDefaults.exe
    + 2008-01-19 07:33:04 69,120 ----a-w C:\Windows\winsxs\x86_microsoft-windows-consoleime_31bf3856ad364e35_6.0.6001.18000_none_b63a896057bb3b00\conime.exe
    + 2008-01-19 07:35:38 122,368 ----a-w C:\Windows\winsxs\x86_microsoft-windows-content-filter-html_31bf3856ad364e35_6.0.6001.18000_none_228b69b7b242b842\nlhtml.dll
    + 2008-01-19 07:37:12 110,592 ----a-w C:\Windows\winsxs\x86_microsoft-windows-content-filter-html_31bf3856ad364e35_6.0.6001.18000_none_228b69b7b242b842\xmlfilter.dll
    + 2008-01-19 07:34:49 35,328 ----a-w C:\Windows\winsxs\x86_microsoft-windows-content-filter-mime_31bf3856ad364e35_6.0.6001.18000_none_1f2fa4abb4740d89\mimefilt.dll
    + 2008-01-19 07:36:00 194,560 ----a-w C:\Windows\winsxs\x86_microsoft-windows-content-filter-office_31bf3856ad364e35_6.0.6001.18000_none_09403ffa34ca40b3\offfilt.dll
    + 2008-01-19 07:36:17 26,624 ----a-w C:\Windows\winsxs\x86_microsoft-windows-content-filter-rtf_31bf3856ad364e35_6.0.6001.18000_none_56e5b08debfca3b5\rtffilt.dll
    + 2008-01-19 07:34:28 142,336 ----a-w C:\Windows\winsxs\x86_microsoft-windows-content-filter-wincal_31bf3856ad364e35_6.0.6001.18000_none_73a4dec4714423c3\icsfiltr.dll
    + 2008-01-19 07:33:01 656,384 ----a-w C:\Windows\winsxs\x86_microsoft-windows-convert_31bf3856ad364e35_6.0.6001.18000_none_9cd54abba85233ff\autoconv.exe
    + 2006-11-02 09:46:03 31,232 ----a-w C:\Windows\winsxs\x86_microsoft-windows-convert_31bf3856ad364e35_6.0.6001.18000_none_9cd54abba85233ff\cnvfat.dll
    + 2008-01-19 07:33:05 17,408 ----a-w C:\Windows\winsxs\x86_microsoft-windows-convert_31bf3856ad364e35_6.0.6001.18000_none_9cd54abba85233ff\convert.exe
    + 2008-01-19 05:27:57 12,800 ----a-w C:\Windows\winsxs\x86_microsoft-windows-coreos_31bf3856ad364e35_6.0.6001.18000_none_255246473e514737\fs_rec.sys
    + 2008-01-19 07:34:32 153,088 ----a-w C:\Windows\winsxs\x86_microsoft-windows-coreos_31bf3856ad364e35_6.0.6001.18000_none_255246473e514737\imagehlp.dll
    + 2006-11-02 09:44:15 5,120 ----a-w C:\Windows\winsxs\x86_microsoft-windows-coreos_31bf3856ad364e35_6.0.6001.18000_none_255246473e514737\wmi.dll
    + 2008-01-19 07:33:52 17,408 ----a-w C:\Windows\winsxs\x86_microsoft-windows-coreusermodepnp_31bf3856ad364e35_6.0.6001.18000_none_7701ab362cebf905\cfgmgr32.dll
    + 2008-01-19 07:33:08 101,888 ----a-w C:\Windows\winsxs\x86_microsoft-windows-coreusermodepnp_31bf3856ad364e35_6.0.6001.18000_none_7701ab362cebf905\drvinst.exe
    + 2008-01-19 07:36:45 221,696 ----a-w C:\Windows\winsxs\x86_microsoft-windows-coreusermodepnp_31bf3856ad364e35_6.0.6001.18000_none_7701ab362cebf905\umpnpmgr.dll
    + 2006-11-02 09:44:59 19,968 ----a-w C:\Windows\winsxs\x86_microsoft-windows-corruptedfilerecovery_31bf3856ad364e35_6.0.6001.18000_none_87b9b7e028c74e65\cofire.exe
    + 2008-01-19 07:33:58 26,624 ----a-w C:\Windows\winsxs\x86_microsoft-windows-corruptedfilerecovery_31bf3856ad364e35_6.0.6001.18000_none_87b9b7e028c74e65\cofiredm.dll
    + 2008-01-19 07:41:58 36,408 ----a-w C:\Windows\winsxs\x86_microsoft-windows-crashdump_31bf3856ad364e35_6.0.6001.18000_none_a58d5dbf16d602c3\crashdmp.sys
    + 2008-01-19 07:34:00 178,176 ----a-w C:\Windows\winsxs\x86_microsoft-windows-credui_31bf3856ad364e35_6.0.6001.18000_none_db374cc18eed7408\credui.dll
    + 2008-01-19 07:34:00 977,408 ----a-w C:\Windows\winsxs\x86_microsoft-windows-crypt32-dll_31bf3856ad364e35_6.0.6001.18000_none_5b6fc1dbddd3c6da\crypt32.dll
    + 2008-01-19 07:34:00 57,856 ----a-w C:\Windows\winsxs\x86_microsoft-windows-cryptdll-dll_31bf3856ad364e35_6.0.6001.18000_none_059e85e6adc57125\cryptdll.dll
    + 2008-01-19 07:34:00 97,792 ----a-w C:\Windows\winsxs\x86_microsoft-windows-cryptnet-dll_31bf3856ad364e35_6.0.6001.18000_none_17194119fbd5b944\cryptnet.dll
    + 2008-01-19 07:33:53 64,512 ----a-w C:\Windows\winsxs\x86_microsoft-windows-cryptplugininstaller_1122334455667788_6.0.6001.18000_none_dc523cd5db2a5cd8\cmicryptinstall.dll
    + 2008-01-19 07:34:00 128,000 ----a-w C:\Windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.0.6001.18000_none_75ff99649acf4de9\cryptsvc.dll
    + 2008-01-19 07:34:00 970,240 ----a-w C:\Windows\winsxs\x86_microsoft-windows-cryptui-dll_31bf3856ad364e35_6.0.6001.18000_none_85ee5b5e98235317\cryptui.dll
    + 2008-01-19 07:34:01 49,152 ----a-w C:\Windows\winsxs\x86_microsoft-windows-csrsrv_31bf3856ad364e35_6.0.6001.18000_none_c9873705a55da1c9\csrsrv.dll
    + 2008-01-19 07:33:05 6,144 ----a-w C:\Windows\winsxs\x86_microsoft-windows-csrss_31bf3856ad364e35_6.0.6001.18000_none_58e3e3d7e415ae4c\csrss.exe
    + 2008-01-19 07:34:40 166,400 ----a-w C:\Windows\winsxs\x86_microsoft-windows-d..-charcodedictionary_31bf3856ad364e35_6.0.6001.18000_none_2960cee1f8b4d497\IMJPCD.DLL
    + 2008-01-19 07:34:03 66,048 ----a-w C:\Windows\winsxs\x86_microsoft-windows-d..-enforcement-client_31bf3856ad364e35_6.0.6001.18000_none_40f9b5444251dc24\DHCPQEC.DLL
    + 2008-01-19 07:34:41 35,328 ----a-w C:\Windows\winsxs\x86_microsoft-windows-d..-japanese-migration_31bf3856ad364e35_6.0.6001.18000_none_0e6646c285e6dce6\imjpmig.dll
    + 2008-01-19 07:33:13 24,064 ----a-w C:\Windows\winsxs\x86_microsoft-windows-d..-japanese-migration_31bf3856ad364e35_6.0.6001.18000_none_0e6646c285e6dce6\imjppdmg.exe
    + 2008-01-19 07:33:13 14,336 ----a-w C:\Windows\winsxs\x86_microsoft-windows-d..-japanese-utilities_31bf3856ad364e35_6.0.6001.18000_none_ed313ee5721aa9bc\IMJPDADM.EXE
    + 2008-01-19 07:33:13 305,152 ----a-w C:\Windows\winsxs\x86_microsoft-windows-d..-japanese-utilities_31bf3856ad364e35_6.0.6001.18000_none_ed313ee5721aa9bc\IMJPDCT.EXE
    + 2008-01-19 07:34:41 33,280 ----a-w C:\Windows\winsxs\x86_microsoft-windows-d..-japanese-utilities_31bf3856ad364e35_6.0.6001.18000_none_ed313ee5721aa9bc\IMJPDCTP.DLL
    + 2006-11-02 09:45:20 36,352 ----a-w C:\Windows\winsxs\x86_microsoft-windows-d..-japanese-utilities_31bf3856ad364e35_6.0.6001.18000_none_ed313ee5721aa9bc\IMJPUEX.EXE
    + 2008-01-19 07:34:43 429,056 ----a-w C:\Windows\winsxs\x86_microsoft-windows-d..-mmc-usersandgroups_31bf3856ad364e35_6.0.6001.18000_none_03dd14ac81e8185f\localsec.dll
    + 2008-01-19 07:33:13 105,472 ----a-w C:\Windows\winsxs\x86_microsoft-windows-d..andlinepropertytool_31bf3856ad364e35_6.0.6001.18000_none_0b3d4ee880da609e\imjpuexc.exe
    + 2008-01-19 07:34:42 578,560 ----a-w C:\Windows\winsxs\x86_microsoft-windows-d..ashared-candidateui_31bf3856ad364e35_6.0.6001.18000_none_cd49b03ccd0b4cbd\MSCAND20.DLL
    + 2008-01-19 07:34:40 622,080 ----a-w C:\Windows\winsxs\x86_microsoft-windows-d..characterlistapplet_31bf3856ad364e35_6.0.6001.18000_none_8172de076bd5b221\IMJPCLST.DLL
    + 2008-01-19 07:34:41 824,832 ----a-w C:\Windows\winsxs\x86_microsoft-windows-d..e-coretipjpnprofile_31bf3856ad364e35_6.0.6001.18000_none_e1da04a4fdfcc2df\IMJPTIP.DLL
    + 2008-01-19 07:34:03 39,936 ----a-w C:\Windows\winsxs\x86_microsoft-windows-d..e-diagnostic-module_31bf3856ad364e35_6.0.6001.18000_none_f4212027c73a6121\dfdts.dll
    + 2008-01-19 07:34:40 126,976 ----a-w C:\Windows\winsxs\x86_microsoft-windows-d..e-eashared-kjshared_31bf3856ad364e35_6.0.6001.18000_none_3dc24fed9d837604\IMJKAPI.DLL
    + 2008-01-19 07:34:40 343,552 ----a-w C:\Windows\winsxs\x86_microsoft-windows-d..e-handwritingapplet_31bf3856ad364e35_6.0.6001.18000_none_0ea8de3af03999b3\IMJPCAC.DLL
    + 2008-01-19 07:38:02 155,704 ----a-w C:\Windows\winsxs\x86_microsoft-windows-d..ellman_software_csp_31bf3856ad364e35_6.0.6001.18000_none_3bf8bb8384e4ad56\dssenh.dll
    + 2008-01-19 07:37:12 87,552 ----a-w C:\Windows\winsxs\x86_microsoft-windows-d..frameworks-usermode_31bf3856ad364e35_6.0.6001.18000_none_9d11908bf54395f2\WUDFCoinstaller.dll
    + 2008-01-19 07:33:40 142,336 ----a-w C:\Windows\winsxs\x86_microsoft-windows-d..frameworks-usermode_31bf3856ad364e35_6.0.6001.18000_none_9d11908bf54395f2\WUDFHost.exe
    + 2008-01-19 05:52:50 51,200 ----a-w C:\Windows\winsxs\x86_microsoft-windows-d..frameworks-usermode_31bf3856ad364e35_6.0.6001.18000_none_9d11908bf54395f2\WUDFPf.sys
    + 2008-01-19 07:37:12 181,248 ----a-w C:\Windows\winsxs\x86_microsoft-windows-d..frameworks-usermode_31bf3856ad364e35_6.0.6001.18000_none_9d11908bf54395f2\WUDFPlatform.dll
    + 2008-01-19 05:53:04 83,328 ----a-w C:\Windows\winsxs\x86_microsoft-windows-d..frameworks-usermode_31bf3856ad364e35_6.0.6001.18000_none_9d11908bf54395f2\WUDFRd.sys
    + 2008-01-19 07:37:12 55,296 ----a-w C:\Windows\winsxs\x86_microsoft-windows-d..frameworks-usermode_31bf3856ad364e35_6.0.6001.18000_none_9d11908bf54395f2\WUDFSvc.dll
    + 2008-01-19 07:37:12 305,152 ----a-w C:\Windows\winsxs\x86_microsoft-windows-d..frameworks-usermode_31bf3856ad364e35_6.0.6001.18000_none_9d11908bf54395f2\WUDFx.dll
    + 2008-01-19 07:36:50 73,728 ----a-w C:\Windows\winsxs\x86_microsoft-windows-d..frastructure-client_31bf3856ad364e35_6.0.6001.18000_none_4c0a8c08a2e99108\wdi.dll
    + 2008-01-19 07:34:06 134,656 ----a-w C:\Windows\winsxs\x86_microsoft-windows-d..frastructure-server_31bf3856ad364e35_6.0.6001.18000_none_682a70959c3168f2\dps.dll
    + 2008-01-19 07:34:04 131,584 ----a-w C:\Windows\winsxs\x86_microsoft-windows-d..gement-vdsinterface_31bf3856ad364e35_6.0.6001.18000_none_a558065b1f02be3f\dmvdsitf.dll
    + 2008-01-19 07:34:40 15,360 ----a-w C:\Windows\winsxs\x86_microsoft-windows-d..hared-versiondialog_31bf3856ad364e35_6.0.6001.18000_none_0a8f4fb83a07f3e4\imever.dll
    + 2008-01-19 07:34:40 32,768 ----a-w C:\Windows\winsxs\x86_microsoft-windows-d..ime-eashared-imepad_31bf3856ad364e35_6.0.6001.18000_none_3a8c422a9f3101c4\IMEPADSM.DLL
    + 2008-01-19 07:33:13 252,416 ----a-w C:\Windows\winsxs\x86_microsoft-windows-d..ime-eashared-imepad_31bf3856ad364e35_6.0.6001.18000_none_3a8c422a9f3101c4\IMEPADSV.EXE
    + 2006-11-02 09:46:05 11,264 ----a-w C:\Windows\winsxs\x86_microsoft-windows-d..ime-eashared-imepad_31bf3856ad364e35_6.0.6001.18000_none_3a8c422a9f3101c4\padrs404.dll
    + 2008-01-19 07:34:42 18,944 ----a-w C:\Windows\winsxs\x86_microsoft-windows-d..ime-eashared-imepad_31bf3856ad364e35_6.0.6001.18000_none_3a8c422a9f3101c4\padrs411.dll
    + 2006-11-02 09:46:05 11,776 ----a-w C:\Windows\winsxs\x86_microsoft-windows-d..ime-eashared-imepad_31bf3856ad364e35_6.0.6001.18000_none_3a8c422a9f3101c4\padrs804.dll
    + 2008-01-19 07:34:41 1,305,088 ----a-w C:\Windows\winsxs\x86_microsoft-windows-d..japanese-customizer_31bf3856ad364e35_6.0.6001.18000_none_62e91f5257007bb7\imjpcus.dll
    + 2008-01-19 07:34:41 274,432 ----a-w C:\Windows\winsxs\x86_microsoft-windows-d..japanese-propertyui_31bf3856ad364e35_6.0.6001.18000_none_92c120d76a2bba03\imjputyc.dll
    + 2008-01-19 07:34:41 219,648 ----a-w C:\Windows\winsxs\x86_microsoft-windows-d..lekanjifinderapplet_31bf3856ad364e35_6.0.6001.18000_none_e2b3a1c548cf23f5\IMJPSKF.DLL
    + 2008-01-19 07:34:40 363,008 ----a-w C:\Windows\winsxs\x86_microsoft-windows-d..me-eashared-coretip_31bf3856ad364e35_6.0.6001.18000_none_79f6912a88d63336\IMETIP.DLL
    + 2008-01-19 07:34:40 327,680 ----a-w C:\Windows\winsxs\x86_microsoft-windows-d..nese-eacommonapijpn_31bf3856ad364e35_6.0.6001.18000_none_91f3ab34d023cf59\IMJPAPI.DLL
    + 2008-01-19 07:34:41 448,000 ----a-w C:\Windows\winsxs\x86_microsoft-windows-d..njifinderdictionary_31bf3856ad364e35_6.0.6001.18000_none_4616c04bb5d1ad1d\IMJPKDIC.DLL
    + 2008-01-19 07:34:40 31,744 ----a-w C:\Windows\winsxs\x86_microsoft-windows-d..omerfeedbackmanager_31bf3856ad364e35_6.0.6001.18000_none_dc33bb978e3166dc\imecfm.dll
    + 2008-01-19 07:34:07 39,936 ----a-w C:\Windows\winsxs\x86_microsoft-windows-d..opwindowmanager-api_31bf3856ad364e35_6.0.6001.18000_none_e00ee48d3ffd5af4\dwmapi.dll
    + 2008-01-19 07:34:49 2,011,648 ----a-w C:\Windows\winsxs\x86_microsoft-windows-d..opwindowmanager-api_31bf3856ad364e35_6.0.6001.18000_none_e00ee48d3ffd5af4\milcore.dll
    + 2008-01-19 07:35:58 88,576 ----a-w C:\Windows\winsxs\x86_microsoft-windows-d..oryservices-ntdsapi_31bf3856ad364e35_6.0.6001.18000_none_cedd4665f13650d7\ntdsapi.dll
    + 2006-11-02 09:46:13 26,624 ----a-w C:\Windows\winsxs\x86_microsoft-windows-d..oryservices-ntdsapi_31bf3856ad364e35_6.0.6001.18000_none_cedd4665f13650d7\w32topl.dll
    + 2008-01-19 07:33:05 68,608 ----a-w C:\Windows\winsxs\x86_microsoft-windows-d..ostic-user-resolver_31bf3856ad364e35_6.0.6001.18000_none_c535051605aefc07\DFDWiz.exe
    + 2008-01-19 07:33:08 81,920 ----a-w C:\Windows\winsxs\x86_microsoft-windows-d..pwindowmanager-core_31bf3856ad364e35_6.0.6001.18000_none_8da39414bd31fb37\dwm.exe
    + 2008-01-19 07:34:07 81,920 ----a-w C:\Windows\winsxs\x86_microsoft-windows-d..pwindowmanager-core_31bf3856ad364e35_6.0.6001.18000_none_8da39414bd31fb37\dwmredir.dll
    + 2008-01-19 07:36:47 28,672 ----a-w C:\Windows\winsxs\x86_microsoft-windows-d..pwindowmanager-core_31bf3856ad364e35_6.0.6001.18000_none_8da39414bd31fb37\uxsms.dll
    + 2008-01-19 07:36:11 208,384 ----a-w C:\Windows\winsxs\x86_microsoft-windows-d..pwindowmanager-udwm_31bf3856ad364e35_6.0.6001.18000_none_88931dbec077ed29\uDWM.dll
    + 2008-01-19 07:34:40 729,088 ----a-w C:\Windows\winsxs\x86_microsoft-windows-d..s-ime-japanese-core_31bf3856ad364e35_6.0.6001.18000_none_6f6b5d738da7e00f\IMJP10K.DLL
    + 2008-01-19 07:33:13 59,392 ----a-w C:\Windows\winsxs\x86_microsoft-windows-d..s-ime-japanese-core_31bf3856ad364e35_6.0.6001.18000_none_6f6b5d738da7e00f\IMJPDSVR.EXE
    + 2008-01-19 07:33:13 60,416 ----a-w C:\Windows\winsxs\x86_microsoft-windows-d..s-ime-japanese-core_31bf3856ad364e35_6.0.6001.18000_none_6f6b5d738da7e00f\IMJPMGR.EXE
    + 2006-11-02 09:46:05 4,608 ----a-w C:\Windows\winsxs\x86_microsoft-windows-d..tshow-kernelsupport_31bf3856ad364e35_6.0.6001.18000_none_e8019c5c974c4491\ksuser.dll
    + 2008-01-19 07:34:08 64,512 ----a-w C:\Windows\winsxs\x86_microsoft-windows-d..txvideoacceleration_31bf3856ad364e35_6.0.6001.18000_none_6bd4b28e4232f018\dxva2.dll
    + 2008-01-19 07:33:09 252,928 ----a-w C:\Windows\winsxs\x86_microsoft-windows-d..x-directxdiagnostic_31bf3856ad364e35_6.0.6001.18000_none_23c398325dc3f8d0\dxdiag.exe
    + 2008-01-19 07:34:07 195,072 ----a-w C:\Windows\winsxs\x86_microsoft-windows-d..x-directxdiagnostic_31bf3856ad364e35_6.0.6001.18000_none_23c398325dc3f8d0\dxdiagn.dll
    + 2008-01-19 07:33:05 671,232 ----a-w C:\Windows\winsxs\x86_microsoft-windows-defrag-adminui_31bf3856ad364e35_6.0.6001.18000_none_99160ebe9044f369\dfrgui.exe
    + 2008-01-19 07:33:05 226,816 ----a-w C:\Windows\winsxs\x86_microsoft-windows-defrag-cmdline_31bf3856ad364e35_6.0.6001.18000_none_c77bcfbbc6557a1c\Defrag.exe
    + 2008-01-19 07:33:05 96,768 ----a-w C:\Windows\winsxs\x86_microsoft-windows-defrag-fat_31bf3856ad364e35_6.0.6001.18000_none_23bd98030c29fb9d\dfrgfat.exe
    + 2008-01-19 07:33:05 163,840 ----a-w C:\Windows\winsxs\x86_microsoft-windows-defrag-ntfs_31bf3856ad364e35_6.0.6001.18000_none_1e22f0b7b462590d\DfrgNtfs.exe
    + 2008-01-19 07:36:29 105,984 ----a-w C:\Windows\winsxs\x86_microsoft-windows-defrag-shrink_31bf3856ad364e35_6.0.6001.18000_none_3fead83f2e064623\shrink.dll
    + 2008-01-19 07:34:55 305,152 ----a-w C:\Windows\winsxs\x86_microsoft-windows-deltacompressionengine_31bf3856ad364e35_6.0.6001.18000_none_402c681885bf19c2\msdelta.dll
    + 2008-01-19 07:35:12 35,328 ----a-w C:\Windows\winsxs\x86_microsoft-windows-deltacompressionengine_31bf3856ad364e35_6.0.6001.18000_none_402c681885bf19c2\mspatcha.dll
    + 2008-01-19 07:34:06 258,560 ----a-w C:\Windows\winsxs\x86_microsoft-windows-deltapackageexpander_31bf3856ad364e35_6.0.6001.18000_none_69de962f3507db4b\dpx.dll
    + 2008-01-19 07:33:29 85,504 ----a-w C:\Windows\winsxs\x86_microsoft-windows-deployment_31bf3856ad364e35_6.0.6001.18000_none_fbeef6caed4e0223\setupugc.exe
    + 2008-01-19 05:28:20 75,264 ----a-w C:\Windows\winsxs\x86_microsoft-windows-dfsclient_31bf3856ad364e35_6.0.6001.18000_none_879a2ddde61be4de\dfsc.sys
    + 2008-01-19 07:33:06 2,091,520 ----a-w C:\Windows\winsxs\x86_microsoft-windows-dfsr-core-clientonly_31bf3856ad364e35_6.0.6001.18000_none_b6798caa9a04157b\dfsr.exe
    + 2006-11-02 12:35:06 2,048 ----a-w C:\Windows\winsxs\x86_microsoft-windows-dfsr-core-clientonly_31bf3856ad364e35_6.0.6001.18000_none_b6798caa9a04157b\dfsrres.dll
    + 2008-01-19 07:34:03 53,760 ----a-w C:\Windows\winsxs\x86_microsoft-windows-dfsui_31bf3856ad364e35_6.0.6001.18000_none_59c002a6fd02dc8b\DfsShlEx.dll
    + 2006-11-02 09:46:03 10,240 ----a-w C:\Windows\winsxs\x86_microsoft-windows-dhcp-client-dll_31bf3856ad364e35_6.0.6001.18000_none_d75a29a02e8fcf7a\dhcpcmonitor.dll
    + 2008-01-19 07:34:03 204,288 ----a-w C:\Windows\winsxs\x86_microsoft-windows-dhcp-client-dll_31bf3856ad364e35_6.0.6001.18000_none_d75a29a02e8fcf7a\dhcpcsvc.dll
    + 2008-01-19 07:34:03 128,000 ----a-w C:\Windows\winsxs\x86_microsoft-windows-dhcp-client-dll_31bf3856ad364e35_6.0.6001.18000_none_d75a29a02e8fcf7a\dhcpcsvc6.dll
    + 2008-01-19 07:34:06 29,696 ----a-w C:\Windows\winsxs\x86_microsoft-windows-dhcpds_31bf3856ad364e35_6.0.6001.18000_none_be51b8ffa88635fc\dsauth.dll
    + 2008-01-19 07:34:03 61,440 ----a-w C:\Windows\winsxs\x86_microsoft-windows-dhcpserverapi_31bf3856ad364e35_6.0.6001.18000_none_a87c05a0e2db007a\dhcpsapi.dll
    + 2008-01-19 07:33:06 94,208 ----a-w C:\Windows\winsxs\x86_microsoft-windows-diantz_31bf3856ad364e35_6.0.6001.18000_none_a6c6146bc2a18c82\diantz.exe
    + 2008-01-19 07:33:06 894,976 ----a-w C:\Windows\winsxs\x86_microsoft-windows-digitallocker_31bf3856ad364e35_6.0.6001.18000_none_04d1e0ab2a69a034\digitalx.exe
    + 2008-01-19 07:34:03 54,784 ----a-w C:\Windows\winsxs\x86_microsoft-windows-dims-keyroam_31bf3856ad364e35_6.0.6001.18000_none_5ba418002d9d5002\dimsroam.dll
    + 2008-01-19 07:34:03 35,328 ----a-w C:\Windows\winsxs\x86_microsoft-windows-dims_31bf3856ad364e35_6.0.6001.18000_none_a982d3b31af4a1f3\dimsjob.dll
    + 2008-01-19 07:36:18 57,344 ----a-w C:\Windows\winsxs\x86_microsoft-windows-directory-services-sam_31bf3856ad364e35_6.0.6001.18000_none_b1ee595da0f48e64\samlib.dll
    + 2008-01-19 07:36:18 478,720 ----a-w C:\Windows\winsxs\x86_microsoft-windows-directory-services-sam_31bf3856ad364e35_6.0.6001.18000_none_b1ee595da0f48e64\samsrv.dll
    + 2008-01-19 07:36:12 208,896 ----a-w C:\Windows\winsxs\x86_microsoft-windows-directshow-asf_31bf3856ad364e35_6.0.6001.18000_none_1abd7fd5fe8a71dd\qasf.dll
    + 2008-01-19 07:36:12 192,000 ----a-w C:\Windows\winsxs\x86_microsoft-windows-directshow-capture_31bf3856ad364e35_6.0.6001.18000_none_b8d923331f8ab61f\qcap.dll
    + 2008-01-19 07:36:14 1,314,816 ----a-w C:\Windows\winsxs\x86_microsoft-windows-directshow-core_31bf3856ad364e35_6.0.6001.18000_none_a67037e0ede62b8c\quartz.dll
    + 2008-01-19 07:34:03 64,000 ----a-w C:\Windows\winsxs\x86_microsoft-windows-directshow-devenum_31bf3856ad364e35_6.0.6001.18000_none_593dac0c3feb7159\devenum.dll
    + 2008-01-19 07:34:55 30,720 ----a-w C:\Windows\winsxs\x86_microsoft-windows-directshow-dmo_31bf3856ad364e35_6.0.6001.18000_none_1a96414dfea9144f\msdmo.dll
    + 2008-01-19 07:36:13 281,600 ----a-w C:\Windows\winsxs\x86_microsoft-windows-directshow-dv_31bf3856ad364e35_6.0.6001.18000_none_fcd6c643202284e3\qdv.dll
    + 2008-01-19 07:36:13 497,152 ----a-w C:\Windows\winsxs\x86_microsoft-windows-directshow-dvdsupport_31bf3856ad364e35_6.0.6001.18000_none_54222ad1d3d8935c\qdvd.dll
    + 2008-01-19 07:33:43 70,144 ----a-w C:\Windows\winsxs\x86_microsoft-windows-directshow-other_31bf3856ad364e35_6.0.6001.18000_none_0d5187f9e0ba9013\amstream.dll
    + 2006-11-02 09:46:05 36,352 ----a-w C:\Windows\winsxs\x86_microsoft-windows-directshow-other_31bf3856ad364e35_6.0.6001.18000_none_0d5187f9e0ba9013\mciqtz32.dll
    + 2008-01-19 07:36:47 56,832 ----a-w C:\Windows\winsxs\x86_microsoft-windows-directshow-vfw-capture_31bf3856ad364e35_6.0.6001.18000_none_d67e26c426f002e7\vfwwdm32.dll
    + 2008-01-19 07:34:01 384,512 ----a-w C:\Windows\winsxs\x86_microsoft-windows-directx-direct3d_31bf3856ad364e35_6.0.6001.18000_none_eb4e0e435578fd76\d3dim.dll
    + 2008-01-19 07:34:01 816,128 ----a-w C:\Windows\winsxs\x86_microsoft-windows-directx-direct3d_31bf3856ad364e35_6.0.6001.18000_none_eb4e0e435578fd76\d3dim700.dll
    + 2006-11-02 09:46:03 593,920 ----a-w C:\Windows\winsxs\x86_microsoft-windows-directx-direct3d_31bf3856ad364e35_6.0.6001.18000_none_eb4e0e435578fd76\d3dramp.dll
    + 2008-01-19 07:34:01 159,744 ----a-w C:\Windows\winsxs\x86_microsoft-windows-directx-direct3d10.1_31bf3856ad364e35_6.0.6001.18000_none_50297d65a99216fa\d3d10_1.dll
    + 2008-01-19 07:34:01 208,896 ----a-w C:\Windows\winsxs\x86_microsoft-windows-directx-direct3d10.1_31bf3856ad364e35_6.0.6001.18000_none_50297d65a99216fa\d3d10_1core.dll
    + 2008-01-19 07:34:01 1,029,120 ----a-w C:\Windows\winsxs\x86_microsoft-windows-directx-direct3d10_31bf3856ad364e35_6.0.6001.18000_none_efb8659ecdabfdc1\d3d10.dll
    + 2008-01-19 07:34:01 188,416 ----a-w C:\Windows\winsxs\x86_microsoft-windows-directx-direct3d10_31bf3856ad364e35_6.0.6001.18000_none_efb8659ecdabfdc1\d3d10core.dll
    + 2008-01-19 07:34:01 1,039,360 ----a-w C:\Windows\winsxs\x86_microsoft-windows-directx-direct3d8_31bf3856ad364e35_6.0.6001.18000_none_c24c6c5b60c71ca2\d3d8.dll
    + 2006-11-02 09:46:03 11,264 ----a-w C:\Windows\winsxs\x86_microsoft-windows-directx-direct3d9_31bf3856ad364e35_6.0.6001.18000_none_c24d6ca560c635f9\d3d8thk.dll
    + 2008-01-19 07:34:01 1,788,928 ----a-w C:\Windows\winsxs\x86_microsoft-windows-directx-direct3d9_31bf3856ad364e35_6.0.6001.18000_none_c24d6ca560c635f9\d3d9.dll
    + 2008-01-19 07:34:02 53,248 ----a-w C:\Windows\winsxs\x86_microsoft-windows-directx-direct3dxof_31bf3856ad364e35_6.0.6001.18000_none_af75060ce4b76de7\d3dxof.dll
    + 2008-01-19 07:34:03 522,752 ----a-w C:\Windows\winsxs\x86_microsoft-windows-directx-directdraw_31bf3856ad364e35_6.0.6001.18000_none_0505a2ecc0013ebd\ddraw.dll
    + 2006-11-02 09:46:03 30,208 ----a-w C:\Windows\winsxs\x86_microsoft-windows-directx-directdraw_31bf3856ad364e35_6.0.6001.18000_none_0505a2ecc0013ebd\ddrawex.dll
    + 2006-11-02 12:33:46 136,192 ----a-w C:\Windows\winsxs\x86_microsoft-windows-directx-directinput_31bf3856ad364e35_6.0.6001.18000_none_1d981a3c0baebdc7\dinput.dll
    + 2008-01-19 07:34:04 159,232 ----a-w C:\Windows\winsxs\x86_microsoft-windows-directx-directinput_31bf3856ad364e35_6.0.6001.18000_none_1d981a3c0baebdc7\dinput8.dll
    + 2006-11-02 12:33:46 120,832 ----a-w C:\Windows\winsxs\x86_microsoft-windows-directx-directinput_31bf3856ad364e35_6.0.6001.18000_none_1d981a3c0baebdc7\gcdef.dll
    + 2006-11-02 12:33:46 36,352 ----a-w C:\Windows\winsxs\x86_microsoft-windows-directx-directinput_31bf3856ad364e35_6.0.6001.18000_none_1d981a3c0baebdc7\pid.dll
    + 2006-11-02 09:03:41 3,072 ----a-w C:\Windows\winsxs\x86_microsoft-windows-directx-directplay8_31bf3856ad364e35_6.0.6001.18000_none_78d68814bebf2d3b\dpnaddr.dll
    + 2006-11-02 09:46:04 56,832 ----a-w C:\Windows\winsxs\x86_microsoft-windows-directx-directplay8_31bf3856ad364e35_6.0.6001.18000_none_78d68814bebf2d3b\dpnathlp.dll
    + 2008-01-19 07:34:06 376,320 ----a-w C:\Windows\winsxs\x86_microsoft-windows-directx-directplay8_31bf3856ad364e35_6.0.6001.18000_none_78d68814bebf2d3b\dpnet.dll
    + 2006-11-02 09:46:04 7,168 ----a-w C:\Windows\winsxs\x86_microsoft-windows-directx-directplay8_31bf3856ad364e35_6.0.6001.18000_none_78d68814bebf2d3b\dpnhpast.dll
    + 2006-11-02 09:46:04 7,168 ----a-w C:\Windows\winsxs\x86_microsoft-windows-directx-directplay8_31bf3856ad364e35_6.0.6001.18000_none_78d68814bebf2d3b\dpnhupnp.dll
    + 2006-11-02 09:03:41 3,072 ----a-w C:\Windows\winsxs\x86_microsoft-windows-directx-directplay8_31bf3856ad364e35_6.0.6001.18000_none_78d68814bebf2d3b\dpnlobby.dll
    + 2006-11-02 09:45:03 23,040 ----a-w C:\Windows\winsxs\x86_microsoft-windows-directx-directplay8_31bf3856ad364e35_6.0.6001.18000_none_78d68814bebf2d3b\dpnsvr.exe
    + 2008-01-19 07:34:08 171,520 ----a-w C:\Windows\winsxs\x86_microsoft-windows-directx-dxgi_31bf3856ad364e35_6.0.6001.18000_none_3a7e78531e8cb9c8\dxgi.dll
    + 2008-01-19 07:36:17 151,552 ----a-w C:\Windows\winsxs\x86_microsoft-windows-directx-rgbrast_31bf3856ad364e35_6.0.6001.18000_none_745822d4f779e479\rgb9rast.dll
    + 2008-01-19 05:49:43 19,968 ----a-w C:\Windows\winsxs\x86_microsoft-windows-diskdump_31bf3856ad364e35_6.0.6001.18000_none_66be360c974630dd\Diskdump.sys
    + 2008-01-19 07:34:04 184,320 ----a-w C:\Windows\winsxs\x86_microsoft-windows-diskmanagement-snapin_31bf3856ad364e35_6.0.6001.18000_none_9c035933caa33fba\dmdskmgr.dll
    + 2008-01-19 07:34:04 388,096 ----a-w C:\Windows\winsxs\x86_microsoft-windows-diskmanagement_31bf3856ad364e35_6.0.6001.18000_none_0197b5b76fbd3f60\dmdlgs.dll
    + 2006-11-02 09:39:16 536,576 ----a-w C:\Windows\winsxs\x86_microsoft-windows-diskmanagement_31bf3856ad364e35_6.0.6001.18000_none_0197b5b76fbd3f60\dmdskres.dll
    + 2008-01-19 05:49:54 2,048 ----a-w C:\Windows\winsxs\x86_microsoft-windows-diskmanagement_31bf3856ad364e35_6.0.6001.18000_none_0197b5b76fbd3f60\dmdskres2.dll
    + 2006-11-02 09:46:03 23,040 ----a-w C:\Windows\winsxs\x86_microsoft-windows-diskmanagement_31bf3856ad364e35_6.0.6001.18000_none_0197b5b76fbd3f60\dmintf.dll
    + 2008-01-19 07:34:04 18,944 ----a-w C:\Windows\winsxs\x86_microsoft-windows-diskmanagement_31bf3856ad364e35_6.0.6001.18000_none_0197b5b76fbd3f60\dmutil.dll
    + 2008-01-19 07:33:07 120,320 ----a-w C:\Windows\winsxs\x86_microsoft-windows-diskpart_31bf3856ad364e35_6.0.6001.18000_none_68d8655a95ece6c4\diskpart.exe
    + 2008-01-19 07:33:07 230,912 ----a-w C:\Windows\winsxs\x86_microsoft-windows-diskraid_31bf3856ad364e35_6.0.6001.18000_none_6589a41097fa31a3\diskraid.exe
    + 2008-01-19 07:33:07 121,856 ----a-w C:\Windows\winsxs\x86_microsoft-windows-dispdiag_31bf3856ad364e35_6.0.6001.18000_none_44e4695530172d0f\dispdiag.exe
    + 2008-01-19 07:34:05 165,888 ----a-w C:\Windows\winsxs\x86_microsoft-windows-dns-client_31bf3856ad364e35_6.0.6001.18000_none_e1e27cdd8259636b\dnsapi.dll
    + 2008-01-19 07:33:07 25,088 ----a-w C:\Windows\winsxs\x86_microsoft-windows-dns-client_31bf3856ad364e35_6.0.6001.18000_none_e1e27cdd8259636b\dnscacheugc.exe
    + 2008-01-19 07:34:05 86,528 ----a-w C:\Windows\winsxs\x86_microsoft-windows-dns-client_31bf3856ad364e35_6.0.6001.18000_none_e1e27cdd8259636b\dnsrslvr.dll
    + 2008-01-19 07:34:05 48,128 ----a-w C:\Windows\winsxs\x86_microsoft-windows-dnshelperclass_31bf3856ad364e35_6.0.6001.18000_none_783f9f979084de15\dnshc.dll
    + 2008-01-19 07:34:05 49,664 ----a-w C:\Windows\winsxs\x86_microsoft-windows-dot3-netsh-helper_31bf3856ad364e35_6.0.6001.18000_none_daa71463c4176a6c\dot3cfg.dll
    + 2008-01-19 07:34:05 43,008 ----a-w C:\Windows\winsxs\x86_microsoft-windows-dot3gpclient_31bf3856ad364e35_6.0.6001.18000_none_7a53e74dbc779642\dot3gpclnt.dll
    + 2008-01-19 07:34:05 235,520 ----a-w C:\Windows\winsxs\x86_microsoft-windows-dot3gpui_31bf3856ad364e35_6.0.6001.18000_none_95879d0994c64109\dot3gpui.dll
    + 2008-01-19 07:34:05 45,056 ----a-w C:\Windows\winsxs\x86_microsoft-windows-dot3svc_31bf3856ad364e35_6.0.6001.18000_none_6b6c0ec873844bfa\dot3api.dll
    + 2008-01-19 07:34:05 45,568 ----a-w C:\Windows\winsxs\x86_microsoft-windows-dot3svc_31bf3856ad364e35_6.0.6001.18000_none_6b6c0ec873844bfa\dot3dlg.dll
    + 2008-01-19 07:34:05 74,752 ----a-w C:\Windows\winsxs\x86_microsoft-windows-dot3svc_31bf3856ad364e35_6.0.6001.18000_none_6b6c0ec873844bfa\dot3msm.dll
    + 2008-01-19 07:34:05 175,104 ----a-w C:\Windows\winsxs\x86_microsoft-windows-dot3svc_31bf3856ad364e35_6.0.6001.18000_none_6b6c0ec873844bfa\dot3svc.dll
    + 2008-01-19 07:34:05 142,848 ----a-w C:\Windows\winsxs\x86_microsoft-windows-dot3svc_31bf3856ad364e35_6.0.6001.18000_none_6b6c0ec873844bfa\dot3ui.dll
    + 2008-01-05 11:21:39 12,198 ----a-w C:\Windows\winsxs\x86_microsoft-windows-dot3svc_31bf3856ad364e35_6.0.6001.18000_none_6b6c0ec873844bfa\gatherWiredInfo.vbs
    + 2008-01-19 07:33:07 407,040 ----a-w C:\Windows\winsxs\x86_microsoft-windows-dpapi-keys_31bf3856ad364e35_6.0.6001.18000_none_7dd2d2fbcd70d3d7\dpapimig.exe
    + 2008-01-19 07:33:07 160,768 ----a-w C:\Windows\winsxs\x86_microsoft-windows-dpiscaling_31bf3856ad364e35_6.0.6001.18000_none_7a47d3365af01664\DpiScaling.exe
    + 2008-01-19 07:33:08 66,048 ----a-w C:\Windows\winsxs\x86_microsoft-windows-driverquery_31bf3856ad364e35_6.0.6001.18000_none_9622cb7595099fdc\driverquery.exe
    + 2008-01-19 07:33:34 112,640 ----a-w C:\Windows\winsxs\x86_microsoft-windows-driververifier_31bf3856ad364e35_6.0.6001.18000_none_ba6bdb179cbb664a\verifier.exe
    + 2008-01-19 07:34:06 246,784 ----a-w C:\Windows\winsxs\x86_microsoft-windows-drvstore_31bf3856ad364e35_6.0.6001.18000_none_f0f4552b43852d89\drvstore.dll
    + 2008-01-19 07:34:06 86,528 ----a-w C:\Windows\winsxs\x86_microsoft-windows-dskquota_31bf3856ad364e35_6.0.6001.18000_none_7e1371feb45d2cb8\dskquota.dll
    + 2008-01-19 07:34:07 190,976 ----a-w C:\Windows\winsxs\x86_microsoft-windows-dskquoui_31bf3856ad364e35_6.0.6001.18000_none_7e2e79ccb45510c7\dskquoui.dll
    + 2008-01-19 07:34:07 394,240 ----a-w C:\Windows\winsxs\x86_microsoft-windows-dsquery_31bf3856ad364e35_6.0.6001.18000_none_2dc52ffdfe4bfd41\dsquery.dll
    + 2006-09-18 21:39:30 215,943 ----a-w C:\Windows\winsxs\x86_microsoft-windows-dssec_31bf3856ad364e35_6.0.6001.18000_none_5a65d782fc87d29e\dssec.dat
    + 2008-01-19 07:34:07 44,032 ----a-w C:\Windows\winsxs\x86_microsoft-windows-dssec_31bf3856ad364e35_6.0.6001.18000_none_5a65d782fc87d29e\dssec.dll
    + 2008-01-19 07:41:40 29,240 ----a-w C:\Windows\winsxs\x86_microsoft-windows-dumpata_31bf3856ad364e35_6.0.6001.18000_none_693e1dfe6e08fb24\Dumpata.sys
    + 2008-01-19 07:34:07 183,808 ----a-w C:\Windows\winsxs\x86_microsoft-windows-duser_31bf3856ad364e35_6.0.6001.18000_none_5a74ae48fc7a81f9\duser.dll
    + 2008-01-19 05:36:12 76,288 ----a-w C:\Windows\winsxs\x86_microsoft-windows-dxg_31bf3856ad364e35_6.0.6001.18000_none_a8eb419e5b1d08cd\dxg.sys
    + 2008-01-19 07:43:03 294,456 ----a-w C:\Windows\winsxs\x86_microsoft-windows-dynamicvolumemanager_31bf3856ad364e35_6.0.6001.18000_none_dd02c2028628d6ec\volmgrx.sys
    + 2008-01-19 07:34:08 67,584 ----a-w C:\Windows\winsxs\x86_microsoft-windows-e..-enforcement-client_31bf3856ad364e35_6.0.6001.18000_none_e306f7bdc65f9f03\EAPQEC.DLL
    + 2008-01-19 07:34:08 187,904 ----a-w C:\Windows\winsxs\x86_microsoft-windows-e..-protocol-host-peer_31bf3856ad364e35_6.0.6001.18000_none_64138b2cc36a286b\eapp3hst.dll
    + 2008-01-19 07:34:08 135,680 ----a-w C:\Windows\winsxs\x86_microsoft-windows-e..-protocol-host-peer_31bf3856ad364e35_6.0.6001.18000_none_64138b2cc36a286b\eappcfg.dll
    + 2008-01-19 07:34:08 93,696 ----a-w C:\Windows\winsxs\x86_microsoft-windows-e..-protocol-host-peer_31bf3856ad364e35_6.0.6001.18000_none_64138b2cc36a286b\eappgnui.dll
    + 2008-01-19 07:34:08 181,760 ----a-w C:\Windows\winsxs\x86_microsoft-windows-e..-protocol-host-peer_31bf3856ad364e35_6.0.6001.18000_none_64138b2cc36a286b\eapphost.dll
    + 2008-01-19 07:34:08 41,472 ----a-w C:\Windows\winsxs\x86_microsoft-windows-e..-protocol-host-peer_31bf3856ad364e35_6.0.6001.18000_none_64138b2cc36a286b\eappprxy.dll
    + 2008-01-19 07:33:09 93,184 ----a-w C:\Windows\winsxs\x86_microsoft-windows-e..ageengine-utilities_31bf3856ad364e35_6.0.6001.18000_none_d98becfdc541212d\esentutl.exe
    + 2008-01-19 07:34:09 564,736 ----a-w C:\Windows\winsxs\x86_microsoft-windows-e..emorydevicesservice_31bf3856ad364e35_6.0.6001.18000_none_9e8bec4ef6ba613c\emdmgmt.dll
    + 2008-01-19 07:34:20 1,452,544 ----a-w C:\Windows\winsxs\x86_microsoft-windows-e..estorageengine-isam_31bf3856ad364e35_6.0.6001.18000_none_f1e446e12c0bbf09\esent.dll
    + 2008-01-19 07:42:11 143,416 ----a-w C:\Windows\winsxs\x86_microsoft-windows-e..memorydevicesdriver_31bf3856ad364e35_6.0.6001.18000_none_fb227609b982fd53\ecache.sys
    + 2008-01-19 07:33:08 104,448 ----a-w C:\Windows\winsxs\x86_microsoft-windows-e..ortingcompatibility_31bf3856ad364e35_6.0.6001.18000_none_fe9fa554f584b164\DWWIN.EXE
    + 2008-01-19 07:34:08 57,344 ----a-w C:\Windows\winsxs\x86_microsoft-windows-e..otocol-host-service_31bf3856ad364e35_6.0.6001.18000_none_8a49e7e0fe1e100a\eapsvc.dll
    + 2008-01-19 07:34:20 36,352 ----a-w C:\Windows\winsxs\x86_microsoft-windows-e..rformancemonitoring_31bf3856ad364e35_6.0.6001.18000_none_b1895358b41e4fcf\esentprf.dll
    + 2008-01-19 07:33:24 42,496 ----a-w C:\Windows\winsxs\x86_microsoft-windows-efs-rekeywiz_31bf3856ad364e35_6.0.6001.18000_none_07eaaa7d0bd7df55\rekeywiz.exe
    + 2008-01-19 07:34:08 86,528 ----a-w C:\Windows\winsxs\x86_microsoft-windows-efsadu_31bf3856ad364e35_6.0.6001.18000_none_f43075c8894cadba\efsadu.dll
    + 2008-01-19 07:34:20 485,888 ----a-w C:\Windows\winsxs\x86_microsoft-windows-enhancedvideorenderer_31bf3856ad364e35_6.0.6001.18000_none_8fa27dabcc867f14\evr.dll
    + 2008-01-19 07:33:35 1,143,296 ----a-w C:\Windows\winsxs\x86_microsoft-windows-errorreportingconsole_31bf3856ad364e35_6.0.6001.18000_none_560d317722e5879b\wercon.exe
    + 2008-01-19 07:36:52 62,976 ----a-w C:\Windows\winsxs\x86_microsoft-windows-errorreportingconsole_31bf3856ad364e35_6.0.6001.18000_none_560d317722e5879b\wercplsupport.dll
    + 2008-01-19 07:36:52 876,032 ----a-w C:\Windows\winsxs\x86_microsoft-windows-errorreportingcore_31bf3856ad364e35_6.0.6001.18000_none_2076b21605e43be9\wer.dll
    + 2008-01-19 07:36:52 30,208 ----a-w C:\Windows\winsxs\x86_microsoft-windows-errorreportingcore_31bf3856ad364e35_6.0.6001.18000_none_2076b21605e43be9\werdiagcontroller.dll
    + 2008-01-19 07:33:35 56,320 ----a-w C:\Windows\winsxs\x86_microsoft-windows-errorreportingcore_31bf3856ad364e35_6.0.6001.18000_none_2076b21605e43be9\wermgr.exe
    + 2008-01-19 07:34:21 147,456 ----a-w C:\Windows\winsxs\x86_microsoft-windows-errorreportingfaults_31bf3856ad364e35_6.0.6001.18000_none_70071ca23cc95139\Faultrep.dll
    + 2008-01-19 07:33:35 217,088 ----a-w C:\Windows\winsxs\x86_microsoft-windows-errorreportingfaults_31bf3856ad364e35_6.0.6001.18000_none_70071ca23cc95139\WerFault.exe
    + 2008-01-19 07:33:35 860,160 ----a-w C:\Windows\winsxs\x86_microsoft-windows-errorreportingfaults_31bf3856ad364e35_6.0.6001.18000_none_70071ca23cc95139\WerFaultSecure.exe
    + 2008-01-19 07:36:52 56,320 ----a-w C:\Windows\winsxs\x86_microsoft-windows-eventcollector_31bf3856ad364e35_6.0.6001.18000_none_fb0da2e774b2f589\wecapi.dll
    + 2008-01-19 07:36:52 145,408 ----a-w C:\Windows\winsxs\x86_microsoft-windows-eventcollector_31bf3856ad364e35_6.0.6001.18000_none_fb0da2e774b2f589\wecsvc.dll
    + 2008-01-19 07:33:35 163,328 ----a-w C:\Windows\winsxs\x86_microsoft-windows-eventcollector_31bf3856ad364e35_6.0.6001.18000_none_fb0da2e774b2f589\wecutil.exe
    + 2008-01-19 07:36:52 250,368 ----a-w C:\Windows\winsxs\x86_microsoft-windows-eventlog-api_31bf3856ad364e35_6.0.6001.18000_none_ac31021c654a3267\wevtapi.dll
    + 2008-01-19 07:33:36 163,328 ----a-w C:\Windows\winsxs\x86_microsoft-windows-eventlog-commandline_31bf3856ad364e35_6.0.6001.18000_none_c0d4359f7cd00788\wevtutil.exe
    + 2008-01-19 07:36:52 76,288 ----a-w C:\Windows\winsxs\x86_microsoft-windows-eventlog-forwardplugin_31bf3856ad364e35_6.0.6001.18000_none_756a295aedd9e8b1\wevtfwd.dll
    + 2008-01-19 07:36:53 1,013,760 ----a-w C:\Windows\winsxs\x86_microsoft-windows-eventlog_31bf3856ad364e35_6.0.6001.18000_none_dcc45c1a12d92f84\wevtsvc.dll
    + 2008-01-19 07:34:09 179,200 ----a-w C:\Windows\winsxs\x86_microsoft-windows-eventviewer_31bf3856ad364e35_6.0.6001.18000_none_6deb20979c1a92ae\els.dll
    + 2008-01-19 05:28:01 136,192 ----a-w C:\Windows\winsxs\x86_microsoft-windows-exfat_31bf3856ad364e35_6.0.6001.18000_none_5566df14192b9354\exfat.sys
    + 2008-01-19 07:33:10 2,927,104 ----a-w C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_51b4a71279bc6ebf\explorer.exe
    + 2008-01-19 07:34:20 20,992 ----a-w C:\Windows\winsxs\x86_microsoft-windows-explorerframe_31bf3856ad364e35_6.0.6001.18000_none_c27d096373d0e6da\ExplorerFrame.dll
    + 2008-01-19 07:33:10 53,248 ----a-w C:\Windows\winsxs\x86_microsoft-windows-extrac32_31bf3856ad364e35_6.0.6001.18000_none_db299a9f03e563ae\extrac32.exe
    + 2008-01-19 07:33:53 67,584 ----a-w C:\Windows\winsxs\x86_microsoft-windows-f..allconfig-installer_31bf3856ad364e35_6.0.6001.18000_none_17292e3efec80e43\cmifw.dll
    + 2008-01-19 07:36:44 92,672 ----a-w C:\Windows\winsxs\x86_microsoft-windows-f..emutilityfatlibrary_31bf3856ad364e35_6.0.6001.18000_none_4e61ed9559c4a66b\ufat.dll
    + 2008-01-19 07:36:45 322,560 ----a-w C:\Windows\winsxs\x86_microsoft-windows-f..mutilityntfslibrary_31bf3856ad364e35_6.0.6001.18000_none_fec3b7ccf3ed2ae1\untfs.dll
    + 2008-01-19 07:36:47 130,560 ----a-w C:\Windows\winsxs\x86_microsoft-windows-f..mutilityudfslibrary_31bf3856ad364e35_6.0.6001.18000_none_ebc090d05c898a58\uudf.dll
    + 2008-01-19 07:34:31 123,392 ----a-w C:\Windows\winsxs\x86_microsoft-windows-f..temutilitylibraries_31bf3856ad364e35_6.0.6001.18000_none_e99657d7efad5998\ifsutil.dll
    + 2008-01-19 07:36:45 99,840 ----a-w C:\Windows\winsxs\x86_microsoft-windows-f..temutilitylibraries_31bf3856ad364e35_6.0.6001.18000_none_e99657d7efad5998\ulib.dll
    + 2008-01-19 07:36:44 56,320 ----a-w C:\Windows\winsxs\x86_microsoft-windows-f..utilityexfatlibrary_31bf3856ad364e35_6.0.6001.18000_none_29ff64dd3e406baa\uexfat.dll
    + 2008-01-19 07:33:52 178,176 ----a-w C:\Windows\winsxs\x86_microsoft-windows-failovercluster-client_31bf3856ad364e35_6.0.6001.18000_none_a64f31c652a84afa\clusapi.dll
    + 2008-01-19 07:36:16 65,536 ----a-w C:\Windows\winsxs\x86_microsoft-windows-failovercluster-client_31bf3856ad364e35_6.0.6001.18000_none_a64f31c652a84afa\resutils.dll
    + 2008-01-19 05:28:01 143,360 ----a-w C:\Windows\winsxs\x86_microsoft-windows-fat_31bf3856ad364e35_6.0.6001.18000_none_aeb32b80576428df\fastfat.sys
    + 2008-01-19 07:34:21 131,072 ----a-w C:\Windows\winsxs\x86_microsoft-windows-fde_31bf3856ad364e35_6.0.6001.18000_none_a80bfb765bab31d9\fde.dll
    + 2008-01-19 07:34:21 53,760 ----a-w C:\Windows\winsxs\x86_microsoft-windows-fdeploy_31bf3856ad364e35_6.0.6001.18000_none_dfb5923d50be54df\fdeploy.dll
    + 2008-01-19 07:34:21 54,272 ----a-w C:\Windows\winsxs\x86_microsoft-windows-feclient_31bf3856ad364e35_6.0.6001.18000_none_beda112b5794d4e0\feclient.dll
    + 2008-01-19 07:36:52 125,952 ----a-w C:\Windows\winsxs\x86_microsoft-windows-feedback-service_31bf3856ad364e35_6.0.6001.18000_none_79cbf36190e59fa9\wersvc.dll
    + 2008-01-19 07:42:31 58,936 ----a-w C:\Windows\winsxs\x86_microsoft-windows-fileinfominifilter_31bf3856ad364e35_6.0.6001.18000_none_d6b4fb25314dd313\fileinfo.sys
    + 2008-01-19 05:30:23 27,648 ----a-w C:\Windows\winsxs\x86_microsoft-windows-filetracefilter_31bf3856ad364e35_6.0.6001.18000_none_fac453e26d1dd891\filetrace.sys
    + 2008-01-19 07:42:38 192,056 ----a-w C:\Windows\winsxs\x86_microsoft-windows-filtermanager-core_31bf3856ad364e35_6.0.6001.18000_none_110972f22acc1185\fltMgr.sys
    + 2008-01-19 07:33:10 61,952 ----a-w C:\Windows\winsxs\x86_microsoft-windows-findstr_31bf3856ad364e35_6.0.6001.18000_none_272f8b6259b4a784\findstr.exe
    + 2008-01-19 07:34:21 23,040 ----a-w C:\Windows\winsxs\x86_microsoft-windows-fmifs_31bf3856ad364e35_6.0.6001.18000_none_570e7185319735c5\fmifs.dll
    + 2008-01-19 07:36:38 155,648 ----a-w C:\Windows\winsxs\x86_microsoft-windows-font-embedding_31bf3856ad364e35_6.0.6001.18000_none_b5c023471ef3c803\t2embed.dll
    + 2006-11-02 09:46:11 15,360 ----a-w C:\Windows\winsxs\x86_microsoft-windows-font-registrysettings_31bf3856ad364e35_6.0.6001.18000_none_95b1533bb11caa04\muifontsetup.dll
    + 2008-01-19 07:34:21 142,336 ----a-w C:\Windows\winsxs\x86_microsoft-windows-fontext_31bf3856ad364e35_6.0.6001.18000_none_9e859882f39d4b1e\fontext.dll
    + 2008-01-19 07:33:11 55,296 ----a-w C:\Windows\winsxs\x86_microsoft-windows-fsutil_31bf3856ad364e35_6.0.6001.18000_none_cc641478efec9c31\fsutil.exe
    + 2008-01-19 07:33:11 41,984 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ftp_31bf3856ad364e35_6.0.6001.18000_none_aceb5df05889fdb6\ftp.exe
    + 2008-01-19 07:34:23 936,960 ----a-w C:\Windows\winsxs\x86_microsoft-windows-g..policy-admin-gpedit_31bf3856ad364e35_6.0.6001.18000_none_ce322c9564e76885\gpedit.dll
    + 2008-01-19 07:33:11 128,000 ----a-w C:\Windows\winsxs\x86_microsoft-windows-g..policy-cmdlinetools_31bf3856ad364e35_6.0.6001.18000_none_3b68feffdbf43f81\gpresult.exe
    + 2008-01-19 07:33:11 16,896 ----a-w C:\Windows\winsxs\x86_microsoft-windows-g..policy-cmdlinetools_31bf3856ad364e35_6.0.6001.18000_none_3b68feffdbf43f81\gpupdate.exe
    + 2008-01-19 07:33:53 50,176 ----a-w C:\Windows\winsxs\x86_microsoft-windows-gacinstaller_1122334455667788_6.0.6001.18000_none_a15e4b5f3c4bfda2\gacinstall.dll
    + 2008-01-19 07:34:23 1,696,256 ----a-w C:\Windows\winsxs\x86_microsoft-windows-gameexplorer_31bf3856ad364e35_6.0.6001.18000_none_42004f0ec13d017b\gameux.dll
    + 2008-01-19 05:46:25 4,240,384 ----a-w C:\Windows\winsxs\x86_microsoft-windows-gameexplorer_31bf3856ad364e35_6.0.6001.18000_none_42004f0ec13d017b\GameUXLegacyGDFs.dll
    + 2008-01-19 05:36:13 289,792 ----a-w C:\Windows\winsxs\x86_microsoft-windows-gdi_31bf3856ad364e35_6.0.6001.18000_none_a9d318785a865d4c\atmfd.dll
    + 2006-11-02 09:46:02 34,304 ----a-w C:\Windows\winsxs\x86_microsoft-windows-gdi_31bf3856ad364e35_6.0.6001.18000_none_a9d318785a865d4c\atmlib.dll
    + 2006-11-02 09:46:03 10,240 ----a-w C:\Windows\winsxs\x86_microsoft-windows-gdi_31bf3856ad364e35_6.0.6001.18000_none_a9d318785a865d4c\dciman32.dll
    + 2008-01-19 07:34:21 72,704 ----a-w C:\Windows\winsxs\x86_microsoft-windows-gdi_31bf3856ad364e35_6.0.6001.18000_none_a9d318785a865d4c\fontsub.dll
    + 2008-01-19 07:34:43 23,552 ----a-w C:\Windows\winsxs\x86_microsoft-windows-gdi_31bf3856ad364e35_6.0.6001.18000_none_a9d318785a865d4c\lpk.dll
    + 2008-01-19 07:34:23 295,936 ----a-w C:\Windows\winsxs\x86_microsoft-windows-gdi32_31bf3856ad364e35_6.0.6001.18000_none_597ea9fc49518b6b\gdi32.dll
    + 2008-01-19 07:33:59 1,645,568 ----a-w C:\Windows\winsxs\x86_microsoft-windows-getconnectedwizards_31bf3856ad364e35_6.0.6001.18000_none_650e8de796ba79b3\connect.dll
    + 2008-01-19 07:33:11 65,024 ----a-w C:\Windows\winsxs\x86_microsoft-windows-getmac_31bf3856ad364e35_6.0.6001.18000_none_0bfe96baa1fb1269\getmac.exe
    + 2008-01-19 07:36:06 1,597,440 ----a-w C:\Windows\winsxs\x86_microsoft-windows-gpupipeline_31bf3856ad364e35_6.0.6001.18000_none_fc2c21776f5b3026\Pipeline.dll
    + 2008-01-19 07:36:06 1,500,160 ----a-w C:\Windows\winsxs\x86_microsoft-windows-gpupipeline_31bf3856ad364e35_6.0.6001.18000_none_fc2c21776f5b3026\PipeTran.dll
    + 2008-01-19 07:34:23 75,264 ----a-w C:\Windows\winsxs\x86_microsoft-windows-grouppolicy-base_31bf3856ad364e35_6.0.6001.18000_none_282361dee702a605\gpapi.dll
    + 2008-01-19 07:34:25 574,464 ----a-w C:\Windows\winsxs\x86_microsoft-windows-grouppolicy-base_31bf3856ad364e35_6.0.6001.18000_none_282361dee702a605\gpsvc.dll
    + 2008-01-19 07:34:25 40,960 ----a-w C:\Windows\winsxs\x86_microsoft-windows-hbaapi_31bf3856ad364e35_6.0.6001.18000_none_4913ace3731fd383\hbaapi.dll
    + 2008-01-19 07:33:11 498,176 ----a-w C:\Windows\winsxs\x86_microsoft-windows-help-client_31bf3856ad364e35_6.0.6001.18000_none_6c1890222e16b0ed\HelpPane.exe
    + 2008-01-19 07:34:25 67,072 ----a-w C:\Windows\winsxs\x86_microsoft-windows-help-clientproxy_31bf3856ad364e35_6.0.6001.18000_none_c54a049513b4ab41\HelpPaneProxy.dll
    + 2008-01-19 07:33:43 1,730,560 ----a-w C:\Windows\winsxs\x86_microsoft-windows-help-datalayer_31bf3856ad364e35_6.0.6001.18000_none_c4baa7be1e56e939\apds.dll
    + 2008-01-19 07:34:25 100,352 ----a-w C:\Windows\winsxs\x86_microsoft-windows-help-helpcins_31bf3856ad364e35_6.0.6001.18000_none_90212c819d4413e2\helpcins.dll
    + 2008-01-19 07:36:00 146,432 ----a-w C:\Windows\winsxs\x86_microsoft-windows-help-oemhelpins_31bf3856ad364e35_6.0.6001.18000_none_024ec564aaac796e\OEMHelpIns.dll
    + 2008-01-19 07:33:43 219,648 ----a-w C:\Windows\winsxs\x86_microsoft-windows-help-storagelayer_31bf3856ad364e35_6.0.6001.18000_none_de9d25f604cd9b76\apircl.dll
    + 2008-01-19 07:33:44 198,656 ----a-w C:\Windows\winsxs\x86_microsoft-windows-help-storagelayer_31bf3856ad364e35_6.0.6001.18000_none_de9d25f604cd9b76\apss.dll
    + 2008-01-19 07:34:26 83,968 ----a-w C:\Windows\winsxs\x86_microsoft-windows-hlink_31bf3856ad364e35_6.0.6001.18000_none_57c22b07641ba9c6\hlink.dll
    + 2008-01-19 07:34:26 55,296 ----a-w C:\Windows\winsxs\x86_microsoft-windows-hotpatchinstaller_1122334455667788_6.0.6001.18000_none_75376fea1f3c9518\hotpatchins.dll
    + 2008-01-19 07:34:26 21,504 ----a-w C:\Windows\winsxs\x86_microsoft-windows-hotstart_31bf3856ad364e35_6.0.6001.18000_none_f0a3f7b1765e352f\HotStartUserAgent.dll
    + 2006-11-02 09:46:05 158,208 ----a-w C:\Windows\winsxs\x86_microsoft-windows-htmlhelp-infotech_31bf3856ad364e35_6.0.6001.18000_none_f6a3ed1413ba3d1f\itircl.dll
    + 2008-01-19 07:34:35 141,824 ----a-w C:\Windows\winsxs\x86_microsoft-windows-htmlhelp-infotech_31bf3856ad364e35_6.0.6001.18000_none_f6a3ed1413ba3d1f\itss.dll
    + 2006-11-02 09:45:13 14,848 ----a-w C:\Windows\winsxs\x86_microsoft-windows-htmlhelp_31bf3856ad364e35_6.0.6001.18000_none_c855f6b284bc7b14\hh.exe
    + 2006-11-02 09:46:05 43,008 ----a-w C:\Windows\winsxs\x86_microsoft-windows-htmlhelp_31bf3856ad364e35_6.0.6001.18000_none_c855f6b284bc7b14\hhsetup.dll
    + 2008-01-19 07:34:28 30,720 ----a-w C:\Windows\winsxs\x86_microsoft-windows-http-api_31bf3856ad364e35_6.0.6001.18000_none_f5ac3cff9d4bd9d3\httpapi.dll
    + 2008-01-19 05:55:25 401,408 ----a-w C:\Windows\winsxs\x86_microsoft-windows-http_31bf3856ad364e35_6.0.6001.18000_none_acc0fc4918daed18\http.sys
    + 2008-01-19 07:34:41 323,584 ----a-w C:\Windows\winsxs\x86_microsoft-windows-i..-chinese-tipprofile_31bf3856ad364e35_6.0.6001.18000_none_89c2606b0d9356b5\IMSCTIP.dll
    + 2008-01-19 07:33:52 166,912 ----a-w C:\Windows\winsxs\x86_microsoft-windows-i..-service-mmc-snapin_31bf3856ad364e35_6.0.6001.18000_none_1aaef56c4ea0e628\CIADMIN.DLL
    + 2008-01-19 07:34:33 496,128 ----a-w C:\Windows\winsxs\x86_microsoft-windows-i..2-filesystemsupport_31bf3856ad364e35_6.0.6001.18000_none_81b972d76501fd73\imapi2fs.dll
    + 2008-01-19 07:36:06 45,056 ----a-w C:\Windows\winsxs\x86_microsoft-windows-i..ablenetworkgraphics_31bf3856ad364e35_6.0.6001.18000_none_edc66f29136973ef\pngfilt.dll
    + 2008-01-19 07:34:42 608,768 ----a-w C:\Windows\winsxs\x86_microsoft-windows-i..chinese-tip_profile_31bf3856ad364e35_6.0.6001.18000_none_d43a65fd78a9b553\IMTCTIP.dll
    + 2008-01-19 07:34:25 27,136 ----a-w C:\Windows\winsxs\x86_microsoft-windows-i..compressionbinaries_31bf3856ad364e35_6.0.6001.18000_none_a9d277e19601852d\gzip.dll
    + 2008-01-19 07:34:41 31,744 ----a-w C:\Windows\winsxs\x86_microsoft-windows-i..d-chinese-migration_31bf3856ad364e35_6.0.6001.18000_none_1ca71ca60a12a4d9\imscmig.dll
    + 2008-01-19 07:34:26 289,792 ----a-w C:\Windows\winsxs\x86_microsoft-windows-i..ectionsharingconfig_31bf3856ad364e35_6.0.6001.18000_none_b03645b494998691\hnetcfg.dll
    + 2008-01-19 07:34:42 131,584 ----a-w C:\Windows\winsxs\x86_microsoft-windows-i..ed-chinese-csapplet_31bf3856ad364e35_6.0.6001.18000_none_418168cde0bef889\PINTLCSA.dll
    + 2008-01-19 07:36:58 244,224 ----a-w C:\Windows\winsxs\x86_microsoft-windows-i..ementscriptingtools_31bf3856ad364e35_6.0.6001.18000_none_026dac186ddda69b\wmi-appserver.dll
    + 2008-01-19 07:36:46 1,165,824 ----a-w C:\Windows\winsxs\x86_microsoft-windows-i..ersandsecurityzones_31bf3856ad364e35_6.0.6001.18000_none_b4e317dbd6c9eb53\urlmon.dll
    + 2008-01-19 07:36:55 16,896 ----a-w C:\Windows\winsxs\x86_microsoft-windows-i..g-service-rpcclient_31bf3856ad364e35_6.0.6001.18000_none_df9e8aafe5771783\WINSRPC.DLL
    + 2008-01-19 07:33:45 31,744 ----a-w C:\Windows\winsxs\x86_microsoft-windows-i..henticationbinaries_31bf3856ad364e35_6.0.6001.18000_none_4003e7995bdf7b0e\authanon.dll
    + 2008-01-19 07:34:42 293,376 ----a-w C:\Windows\winsxs\x86_microsoft-windows-i..hinese-imepadapplet_31bf3856ad364e35_6.0.6001.18000_none_fb2914a7fb7f05d4\IMTCCAC.dll
    + 2006-11-02 09:46:05 58,368 ----a-w C:\Windows\winsxs\x86_microsoft-windows-i..hinese-imepadapplet_31bf3856ad364e35_6.0.6001.18000_none_fb2914a7fb7f05d4\IMTCDIC.dll
    + 2008-01-19 07:34:42 124,928 ----a-w C:\Windows\winsxs\x86_microsoft-windows-i..hinese-imepadapplet_31bf3856ad364e35_6.0.6001.18000_none_fb2914a7fb7f05d4\IMTCSKF.dll
    + 2006-11-02 07:33:43 19,991,040 ----a-w C:\Windows\winsxs\x86_microsoft-windows-i..hinese-imepadapplet_31bf3856ad364e35_6.0.6001.18000_none_fb2914a7fb7f05d4\MSHWCHTR.dll
    + 2008-01-19 07:34:43 19,456 ----a-w C:\Windows\winsxs\x86_microsoft-windows-i..httploggingbinaries_31bf3856ad364e35_6.0.6001.18000_none_7c1992d3347e602c\loghttp.dll
    + 2008-01-19 07:34:32 12,288 ----a-w C:\Windows\winsxs\x86_microsoft-windows-i..httptracingbinaries_31bf3856ad364e35_6.0.6001.18000_none_2f86e8891af1bab7\iisetw.dll
    + 2008-01-19 07:34:32 140,288 ----a-w C:\Windows\winsxs\x86_microsoft-windows-i..httptracingbinaries_31bf3856ad364e35_6.0.6001.18000_none_2f86e8891af1bab7\iisfreb.dll
    + 2008-01-19 07:28:15 7,168 ----a-w C:\Windows\winsxs\x86_microsoft-windows-i..humb-shift_keyboard_31bf3856ad364e35_6.0.6001.18000_none_edc16b608ffdb9df\f3ahvoas.dll
    + 2006-11-02 09:45:17 144,384 ----a-w C:\Windows\winsxs\x86_microsoft-windows-i..i_initiator_service_31bf3856ad364e35_6.0.6001.18000_none_da73ab3e1517f045\iscsicli.exe
    + 2006-11-02 09:46:05 49,152 ----a-w C:\Windows\winsxs\x86_microsoft-windows-i..i_initiator_service_31bf3856ad364e35_6.0.6001.18000_none_da73ab3e1517f045\iscsidsc.dll
    + 2008-01-19 07:34:35 8,192 ----a-w C:\Windows\winsxs\x86_microsoft-windows-i..i_initiator_service_31bf3856ad364e35_6.0.6001.18000_none_da73ab3e1517f045\iscsied.dll
    + 2008-01-19 07:34:35 111,616 ----a-w C:\Windows\winsxs\x86_microsoft-windows-i..i_initiator_service_31bf3856ad364e35_6.0.6001.18000_none_da73ab3e1517f045\iscsiexe.dll
    + 2008-01-19 07:34:35 28,160 ----a-w C:\Windows\winsxs\x86_microsoft-windows-i..i_initiator_service_31bf3856ad364e35_6.0.6001.18000_none_da73ab3e1517f045\iscsium.dll
    + 2008-01-19 07:34:35 64,000 ----a-w C:\Windows\winsxs\x86_microsoft-windows-i..i_initiator_service_31bf3856ad364e35_6.0.6001.18000_none_da73ab3e1517f045\iscsiwmi.dll
    + 2006-11-02 12:35:03 120,320 ----a-w C:\Windows\winsxs\x86_microsoft-windows-i..integration-support_31bf3856ad364e35_6.0.6001.18000_none_2834ca37a387d4a3\idq.dll
    + 2008-01-19 07:33:13 14,848 ----a-w C:\Windows\winsxs\x86_microsoft-windows-i..integration-support_31bf3856ad364e35_6.0.6001.18000_none_2834ca37a387d4a3\isintsup.exe
    + 2008-01-19 07:36:52 47,104 ----a-w C:\Windows\winsxs\x86_microsoft-windows-i..integration-support_31bf3856ad364e35_6.0.6001.18000_none_2834ca37a387d4a3\WEBHITS.DLL
    + 2008-01-19 07:34:42 22,528 ----a-w C:\Windows\winsxs\x86_microsoft-windows-i..l-chinese-migration_31bf3856ad364e35_6.0.6001.18000_none_7b0cd4b8f515b13a\imtcmig.dll
    + 2008-01-19 07:34:35 10,752 ----a-w C:\Windows\winsxs\x86_microsoft-windows-i..l-keyboard-00000411_31bf3856ad364e35_6.0.6001.18000_none_e7420d836437d32b\KBDJPN.DLL
    + 2008-01-19 07:34:35 10,240 ----a-w C:\Windows\winsxs\x86_microsoft-windows-i..l-keyboard-00000412_31bf3856ad364e35_6.0.6001.18000_none_e7b394b163eed7b2\KBDKOR.DLL
    + 2008-01-19 07:34:41 124,416 ----a-w C:\Windows\winsxs\x86_microsoft-windows-i..lified-chinese-core_31bf3856ad364e35_6.0.6001.18000_none_18115de147f37e0a\ImSCCfg.DLL
    + 2008-01-19 07:34:41 649,728 ----a-w C:\Windows\winsxs\x86_microsoft-windows-i..lified-chinese-core_31bf3856ad364e35_6.0.6001.18000_none_18115de147f37e0a\ImSCCore.dll
    + 2008-01-19 07:33:13 87,552 ----a-w C:\Windows\winsxs\x86_microsoft-windows-i..lified-chinese-core_31bf3856ad364e35_6.0.6001.18000_none_18115de147f37e0a\IMSCPROP.exe
    + 2008-01-19 07:34:41 368,640 ----a-w C:\Windows\winsxs\x86_microsoft-windows-i..lified-chinese-core_31bf3856ad364e35_6.0.6001.18000_none_18115de147f37e0a\imscui.DLL
    + 2008-01-19 07:34:42 53,760 ----a-w C:\Windows\winsxs\x86_microsoft-windows-i..lified-chinese-core_31bf3856ad364e35_6.0.6001.18000_none_18115de147f37e0a\PMIGRATE.dll
    + 2008-01-19 07:35:13 671,232 ----a-w C:\Windows\winsxs\x86_microsoft-windows-i..mlrenderingadvanced_31bf3856ad364e35_6.0.6001.18000_none_e0c5a6a47c72aac2\mstime.dll
    + 2008-01-19 07:34:34 188,416 ----a-w C:\Windows\winsxs\x86_microsoft-windows-i..oexistencemigration_31bf3856ad364e35_6.0.6001.18000_none_11e312d27c5a6ba6\iphlpsvc.dll
    + 2008-01-19 05:55:41 15,360 ----a-w C:\Windows\winsxs\x86_microsoft-windows-i..oexistencemigration_31bf3856ad364e35_6.0.6001.18000_none_11e312d27c5a6ba6\TUNMP.SYS
    + 2008-01-19 05:55:50 23,040 ----a-w C:\Windows\winsxs\x86_microsoft-windows-i..oexistencemigration_31bf3856ad364e35_6.0.6001.18000_none_11e312d27c5a6ba6\tunnel.sys
    + 2008-01-19 07:33:58 40,960 ----a-w C:\Windows\winsxs\x86_microsoft-windows-i..pcompressiondynamic_31bf3856ad364e35_6.0.6001.18000_none_66df37aa10b1ebff\compdyn.dll
    + 2006-11-02 06:58:59 2,048 ----a-w C:\Windows\winsxs\x86_microsoft-windows-i..rnational-timezones_31bf3856ad364e35_6.0.6001.18000_none_15475676099210e3\tzres.dll
    + 2008-01-19 07:33:33 18,944 ----a-w C:\Windows\winsxs\x86_microsoft-windows-i..rnational-timezones_31bf3856ad364e35_6.0.6001.18000_none_15475676099
    18 Mai 2008 22:18:18

    + 2006-11-02 08:22:12 2,136,064 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6001.18000_none_9ddad43a2abbd52d\NlsLexicons0021.dll
    + 2006-11-02 08:22:44 5,499,904 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6001.18000_none_9ddad43a2abbd52d\NlsLexicons0022.dll
    + 2006-11-02 08:22:49 7,964,672 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6001.18000_none_9ddad43a2abbd52d\NlsLexicons0024.dll
    + 2006-11-02 08:22:42 5,791,232 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6001.18000_none_9ddad43a2abbd52d\NlsLexicons0026.dll
    + 2006-11-02 08:22:19 6,224,896 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6001.18000_none_9ddad43a2abbd52d\NlsLexicons0027.dll
    + 2006-11-02 08:22:41 4,096 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6001.18000_none_9ddad43a2abbd52d\NlsLexicons002a.dll
    + 2006-11-02 08:22:16 1,782,272 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6001.18000_none_9ddad43a2abbd52d\NlsLexicons0039.dll
    + 2006-11-02 08:22:20 4,045,824 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6001.18000_none_9ddad43a2abbd52d\NlsLexicons003e.dll
    + 2006-11-02 08:22:33 1,793,536 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6001.18000_none_9ddad43a2abbd52d\NlsLexicons0045.dll
    + 2006-11-02 08:22:25 1,808,896 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6001.18000_none_9ddad43a2abbd52d\NlsLexicons0046.dll
    + 2006-11-02 08:22:15 1,411,072 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6001.18000_none_9ddad43a2abbd52d\NlsLexicons0047.dll
    + 2006-11-02 08:22:39 1,558,016 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6001.18000_none_9ddad43a2abbd52d\NlsLexicons0049.dll
    + 2006-11-02 08:22:39 3,419,136 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6001.18000_none_9ddad43a2abbd52d\NlsLexicons004a.dll
    + 2006-11-02 08:22:36 1,702,912 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6001.18000_none_9ddad43a2abbd52d\NlsLexicons004b.dll
    + 2006-11-02 08:22:46 4,093,440 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6001.18000_none_9ddad43a2abbd52d\NlsLexicons004c.dll
    + 2006-11-02 08:22:37 1,972,736 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6001.18000_none_9ddad43a2abbd52d\NlsLexicons004e.dll
    + 2006-11-02 08:22:21 4,616,192 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6001.18000_none_9ddad43a2abbd52d\NlsLexicons0414.dll
    + 2006-11-02 08:22:24 5,090,816 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6001.18000_none_9ddad43a2abbd52d\NlsLexicons0416.dll
    + 2006-11-02 08:22:22 5,031,936 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6001.18000_none_9ddad43a2abbd52d\NlsLexicons0816.dll
    + 2006-11-02 08:22:29 7,042,560 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6001.18000_none_9ddad43a2abbd52d\NlsLexicons081a.dll
    + 2006-11-02 08:22:27 6,917,120 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6001.18000_none_9ddad43a2abbd52d\NlsLexicons0c1a.dll
    + 2006-11-02 08:21:54 5,071,872 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6001.18000_none_9ddad43a2abbd52d\NlsModels0011.dll
    + 2008-01-19 05:55:27 66,560 ----a-w C:\Windows\winsxs\x86_microsoft-windows-nbsmb_31bf3856ad364e35_6.0.6001.18000_none_5f6a9133f7f64138\smb.sys
    + 2008-01-19 07:33:18 15,360 ----a-w C:\Windows\winsxs\x86_microsoft-windows-nbtstat_31bf3856ad364e35_6.0.6001.18000_none_9e1084721e5ef25a\nbtstat.exe
    + 2008-01-19 07:35:35 19,968 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ncdprop_31bf3856ad364e35_6.0.6001.18000_none_53b5bc3310033b9a\NcdProp.dll
    + 2008-01-19 07:35:35 204,288 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ncrypt-dll_31bf3856ad364e35_6.0.6001.18000_none_5dde5591f19c0ea3\ncrypt.dll
    + 2008-01-19 07:35:35 445,952 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ncryptui-dll_31bf3856ad364e35_6.0.6001.18000_none_819bb442e304969b\ncryptui.dll
    + 2008-01-19 07:35:35 386,560 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ndis-tdi-bindingengine_31bf3856ad364e35_6.0.6001.18000_none_3e14e7642587c68e\netcfgx.dll
    + 2008-01-19 07:43:31 529,464 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ndis_31bf3856ad364e35_6.0.6001.18000_none_a7c72bc71c0f0d18\ndis.sys
    + 2008-01-19 07:35:35 129,024 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ndis_31bf3856ad364e35_6.0.6001.18000_none_a7c72bc71c0f0d18\ndismigplugin.dll
    + 2008-01-19 05:55:40 16,896 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ndisuio_31bf3856ad364e35_6.0.6001.18000_none_6bf107c3e6de1de1\ndisuio.sys
    + 2008-01-19 07:33:18 48,128 ----a-w C:\Windows\winsxs\x86_microsoft-windows-net-command-line-tool_31bf3856ad364e35_6.0.6001.18000_none_5232518072770fdb\net.exe
    + 2006-11-02 09:41:16 2,048 ----a-w C:\Windows\winsxs\x86_microsoft-windows-net-command-line-tool_31bf3856ad364e35_6.0.6001.18000_none_5232518072770fdb\neth.dll
    + 2008-01-19 07:33:18 158,720 ----a-w C:\Windows\winsxs\x86_microsoft-windows-net1-command-line-tool_31bf3856ad364e35_6.0.6001.18000_none_86dbf37154932a4e\net1.exe
    + 2008-01-19 07:35:35 466,944 ----a-w C:\Windows\winsxs\x86_microsoft-windows-netapi32_31bf3856ad364e35_6.0.6001.18000_none_8d341b13018fde32\netapi32.dll
    + 2008-01-19 05:55:45 35,840 ----a-w C:\Windows\winsxs\x86_microsoft-windows-netbios_31bf3856ad364e35_6.0.6001.18000_none_59e1b82a6b1f4ec0\netbios.sys
    + 2006-11-02 09:46:14 11,264 ----a-w C:\Windows\winsxs\x86_microsoft-windows-netbios_31bf3856ad364e35_6.0.6001.18000_none_59e1b82a6b1f4ec0\wshnetbs.dll
    + 2008-01-19 05:55:35 184,320 ----a-w C:\Windows\winsxs\x86_microsoft-windows-netbt_31bf3856ad364e35_6.0.6001.18000_none_6064c861f7442765\netbt.sys
    + 2008-01-19 07:33:18 21,504 ----a-w C:\Windows\winsxs\x86_microsoft-windows-netbt_31bf3856ad364e35_6.0.6001.18000_none_6064c861f7442765\netbtugc.exe
    + 2008-01-19 07:33:18 25,600 ----a-w C:\Windows\winsxs\x86_microsoft-windows-netcfg_31bf3856ad364e35_6.0.6001.18000_none_102edbb851798715\netcfg.exe
    + 2008-01-19 07:35:35 74,240 ----a-w C:\Windows\winsxs\x86_microsoft-windows-netcoinstaller_31bf3856ad364e35_6.0.6001.18000_none_f7224e15fd32d059\nci.dll
    + 2008-01-19 07:35:35 112,128 ----a-w C:\Windows\winsxs\x86_microsoft-windows-netcorehelperclasses_31bf3856ad364e35_6.0.6001.18000_none_e2283df77d81bfec\netcorehc.dll
    + 2008-01-19 07:30:29 17,920 ----a-w C:\Windows\winsxs\x86_microsoft-windows-netevent_31bf3856ad364e35_6.0.6001.18000_none_5a4658816a8ed033\netevent.dll
    + 2008-01-19 07:42:44 223,288 ----a-w C:\Windows\winsxs\x86_microsoft-windows-netio-infrastructure_31bf3856ad364e35_6.0.6001.18000_none_569b6cd5b54d875f\netio.sys
    + 2008-01-19 07:35:36 274,432 ----a-w C:\Windows\winsxs\x86_microsoft-windows-netman_31bf3856ad364e35_6.0.6001.18000_none_0fbd1b9651cfd333\netman.dll
    + 2008-01-19 07:33:18 25,600 ----a-w C:\Windows\winsxs\x86_microsoft-windows-netplwiz-exe_31bf3856ad364e35_6.0.6001.18000_none_ed56b4c61061e91c\Netplwiz.exe
    + 2008-01-19 07:35:36 180,736 ----a-w C:\Windows\winsxs\x86_microsoft-windows-netplwiz_31bf3856ad364e35_6.0.6001.18000_none_4b595e9cb585d487\netplwiz.dll
    + 2008-01-19 07:35:36 669,696 ----a-w C:\Windows\winsxs\x86_microsoft-windows-netprofui_31bf3856ad364e35_6.0.6001.18000_none_9ab263130766777e\netprof.dll
    + 2006-09-19 11:41:49 2,456 ----a-w C:\Windows\winsxs\x86_microsoft-windows-netshell_31bf3856ad364e35_6.0.6001.18000_none_d5836ad30e0ac92d\bench_24.bin
    + 2006-09-19 11:41:49 4,280 ----a-w C:\Windows\winsxs\x86_microsoft-windows-netshell_31bf3856ad364e35_6.0.6001.18000_none_d5836ad30e0ac92d\bench_32.bin
    + 2006-09-19 11:41:49 9,560 ----a-w C:\Windows\winsxs\x86_microsoft-windows-netshell_31bf3856ad364e35_6.0.6001.18000_none_d5836ad30e0ac92d\bench_48.bin
    + 2006-09-19 11:41:49 2,456 ----a-w C:\Windows\winsxs\x86_microsoft-windows-netshell_31bf3856ad364e35_6.0.6001.18000_none_d5836ad30e0ac92d\house_24.bin
    + 2006-09-19 11:41:49 4,280 ----a-w C:\Windows\winsxs\x86_microsoft-windows-netshell_31bf3856ad364e35_6.0.6001.18000_none_d5836ad30e0ac92d\house_32.bin
    + 2006-09-19 11:41:49 9,560 ----a-w C:\Windows\winsxs\x86_microsoft-windows-netshell_31bf3856ad364e35_6.0.6001.18000_none_d5836ad30e0ac92d\house_48.bin
    + 2008-01-19 07:35:37 3,173,376 ----a-w C:\Windows\winsxs\x86_microsoft-windows-netshell_31bf3856ad364e35_6.0.6001.18000_none_d5836ad30e0ac92d\netshell.dll
    + 2006-09-19 11:41:49 2,456 ----a-w C:\Windows\winsxs\x86_microsoft-windows-netshell_31bf3856ad364e35_6.0.6001.18000_none_d5836ad30e0ac92d\office_24.bin
    + 2006-09-19 11:41:49 4,280 ----a-w C:\Windows\winsxs\x86_microsoft-windows-netshell_31bf3856ad364e35_6.0.6001.18000_none_d5836ad30e0ac92d\office_32.bin
    + 2006-09-19 11:41:49 9,560 ----a-w C:\Windows\winsxs\x86_microsoft-windows-netshell_31bf3856ad364e35_6.0.6001.18000_none_d5836ad30e0ac92d\office_48.bin
    + 2008-01-19 07:36:07 1,823,232 ----a-w C:\Windows\winsxs\x86_microsoft-windows-netshell_31bf3856ad364e35_6.0.6001.18000_none_d5836ad30e0ac92d\pnidui.dll
    + 2008-01-19 07:33:47 328,704 ----a-w C:\Windows\winsxs\x86_microsoft-windows-network-security_31bf3856ad364e35_6.0.6001.18000_none_cd246fe92a8ad809\BFE.DLL
    + 2008-01-19 07:43:01 101,432 ----a-w C:\Windows\winsxs\x86_microsoft-windows-network-security_31bf3856ad364e35_6.0.6001.18000_none_cd246fe92a8ad809\FWPKCLNT.SYS
    + 2008-01-19 07:34:22 595,456 ----a-w C:\Windows\winsxs\x86_microsoft-windows-network-security_31bf3856ad364e35_6.0.6001.18000_none_cd246fe92a8ad809\FWPUCLNT.DLL
    + 2008-01-19 07:34:32 438,272 ----a-w C:\Windows\winsxs\x86_microsoft-windows-network-security_31bf3856ad364e35_6.0.6001.18000_none_cd246fe92a8ad809\IKEEXT.DLL
    + 2006-11-02 09:46:02 24,064 ----a-w C:\Windows\winsxs\x86_microsoft-windows-networkbridge_31bf3856ad364e35_6.0.6001.18000_none_07e9f0db06159927\brdgcfg.dll
    + 2008-01-19 06:58:26 93,696 ----a-w C:\Windows\winsxs\x86_microsoft-windows-networkbridge_31bf3856ad364e35_6.0.6001.18000_none_07e9f0db06159927\bridge.sys
    + 2008-01-19 07:33:49 61,952 ----a-w C:\Windows\winsxs\x86_microsoft-windows-networkbridge_31bf3856ad364e35_6.0.6001.18000_none_07e9f0db06159927\bridgemigplugin.dll
    + 2006-11-02 07:38:48 2,048 ----a-w C:\Windows\winsxs\x86_microsoft-windows-networkbridge_31bf3856ad364e35_6.0.6001.18000_none_07e9f0db06159927\bridgeres.dll
    + 2008-01-19 07:33:02 15,360 ----a-w C:\Windows\winsxs\x86_microsoft-windows-networkbridge_31bf3856ad364e35_6.0.6001.18000_none_07e9f0db06159927\bridgeunattend.exe
    + 2008-01-19 07:34:26 14,848 ----a-w C:\Windows\winsxs\x86_microsoft-windows-networkbridgenetsh_31bf3856ad364e35_6.0.6001.18000_none_c042002e65358bc9\hnetmon.dll
    + 2008-01-19 07:35:35 2,225,664 ----a-w C:\Windows\winsxs\x86_microsoft-windows-networkcenter_31bf3856ad364e35_6.0.6001.18000_none_35997daed8d1423f\netcenter.dll
    + 2008-01-19 07:35:37 2,226,688 ----a-w C:\Windows\winsxs\x86_microsoft-windows-networkexplorer_31bf3856ad364e35_6.0.6001.18000_none_4052611245e05b99\networkexplorer.dll
    + 2008-01-19 07:35:37 39,936 ----a-w C:\Windows\winsxs\x86_microsoft-windows-networkexplorer_31bf3856ad364e35_6.0.6001.18000_none_4052611245e05b99\networkitemfactory.dll
    + 2008-01-19 07:35:38 3,072,000 ----a-w C:\Windows\winsxs\x86_microsoft-windows-networkexplorer_31bf3856ad364e35_6.0.6001.18000_none_4052611245e05b99\networkmap.dll
    + 2008-01-19 07:35:36 237,056 ----a-w C:\Windows\winsxs\x86_microsoft-windows-networkprofile_31bf3856ad364e35_6.0.6001.18000_none_789b515a7625c7d5\netprofm.dll
    + 2006-11-02 09:46:11 11,264 ----a-w C:\Windows\winsxs\x86_microsoft-windows-networkprofile_31bf3856ad364e35_6.0.6001.18000_none_789b515a7625c7d5\nlmsprep.dll
    + 2006-11-02 09:46:12 16,384 ----a-w C:\Windows\winsxs\x86_microsoft-windows-networkprofile_31bf3856ad364e35_6.0.6001.18000_none_789b515a7625c7d5\npmproxy.dll
    + 2008-01-19 07:37:12 16,384 ----a-w C:\Windows\winsxs\x86_microsoft-windows-networkprovisioning_31bf3856ad364e35_6.0.6001.18000_none_cd52012bba411d6f\xmlprovi.dll
    + 2008-01-19 05:55:03 47,104 ----a-w C:\Windows\winsxs\x86_microsoft-windows-networktopology-inf_31bf3856ad364e35_6.0.6001.18000_none_3a58a90ea33e6d2b\lltdio.sys
    + 2008-01-19 05:55:03 60,416 ----a-w C:\Windows\winsxs\x86_microsoft-windows-networktopology-inf_31bf3856ad364e35_6.0.6001.18000_none_3a58a90ea33e6d2b\rspndr.sys
    + 2008-01-19 07:34:42 31,232 ----a-w C:\Windows\winsxs\x86_microsoft-windows-networktopology_31bf3856ad364e35_6.0.6001.18000_none_d155f734fa7d6b4f\lltdapi.dll
    + 2006-11-02 07:38:59 2,048 ----a-w C:\Windows\winsxs\x86_microsoft-windows-networktopology_31bf3856ad364e35_6.0.6001.18000_none_d155f734fa7d6b4f\lltdres.dll
    + 2008-01-19 07:34:42 188,928 ----a-w C:\Windows\winsxs\x86_microsoft-windows-networktopology_31bf3856ad364e35_6.0.6001.18000_none_d155f734fa7d6b4f\lltdsvc.dll
    + 2008-01-19 07:35:38 183,808 ----a-w C:\Windows\winsxs\x86_microsoft-windows-newdev_31bf3856ad364e35_6.0.6001.18000_none_11764b5450a917b3\newdev.dll
    + 2006-11-02 09:45:30 74,752 ----a-w C:\Windows\winsxs\x86_microsoft-windows-newdev_31bf3856ad364e35_6.0.6001.18000_none_11764b5450a917b3\newdev.exe
    + 2008-01-19 07:35:35 93,184 ----a-w C:\Windows\winsxs\x86_microsoft-windows-nlasvc_31bf3856ad364e35_6.0.6001.18000_none_6785f5c70aea4565\ncsi.dll
    + 2008-01-19 07:35:38 48,128 ----a-w C:\Windows\winsxs\x86_microsoft-windows-nlasvc_31bf3856ad364e35_6.0.6001.18000_none_6785f5c70aea4565\nlaapi.dll
    + 2008-01-19 07:35:38 168,448 ----a-w C:\Windows\winsxs\x86_microsoft-windows-nlasvc_31bf3856ad364e35_6.0.6001.18000_none_6785f5c70aea4565\nlasvc.dll
    + 2008-01-19 07:33:18 151,040 ----a-w C:\Windows\winsxs\x86_microsoft-windows-notepad_31bf3856ad364e35_6.0.6001.18000_none_6f1a8d7b6fffbb73\notepad.exe
    + 2008-01-19 07:33:18 151,040 ----a-w C:\Windows\winsxs\x86_microsoft-windows-notepadwin_31bf3856ad364e35_6.0.6001.18000_none_42c9ccdefb0d0dc9\notepad.exe
    + 2008-01-19 05:28:10 34,816 ----a-w C:\Windows\winsxs\x86_microsoft-windows-npfs_31bf3856ad364e35_6.0.6001.18000_none_a67184dd1ceb330f\npfs.sys
    + 2008-01-19 07:35:57 23,552 ----a-w C:\Windows\winsxs\x86_microsoft-windows-nshhttp_31bf3856ad364e35_6.0.6001.18000_none_73ad26e4747a6db9\nshhttp.dll
    + 2008-01-19 07:33:18 82,944 ----a-w C:\Windows\winsxs\x86_microsoft-windows-nslookup_31bf3856ad364e35_6.0.6001.18000_none_cb8073f066728e85\nslookup.exe
    + 2008-01-19 07:38:14 1,203,792 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ntdll_31bf3856ad364e35_6.0.6001.18000_none_58d6de41fc2dac16\ntdll.dll
    + 2008-01-19 07:43:40 1,081,912 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ntfs_31bf3856ad364e35_6.0.6001.18000_none_a67129bd1ceb9993\ntfs.sys
    + 2008-01-19 07:36:43 10,752 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ntfstransactionapi_31bf3856ad364e35_6.0.6001.18000_none_d8d8e80fc13aa5c5\txfw32.dll
    + 2008-01-19 07:35:58 63,488 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ntlanman_31bf3856ad364e35_6.0.6001.18000_none_301115c4e2a0204f\ntlanman.dll
    + 2008-01-19 07:35:59 296,960 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ntshrui_31bf3856ad364e35_6.0.6001.18000_none_5c0fae70fc5ec50d\ntshrui.dll
    + 2006-11-02 07:09:42 9,029 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ntvdm-system32_31bf3856ad364e35_6.0.6001.18000_none_fe0d791a728dd79c\ANSI.SYS
    + 2006-11-02 07:09:49 12,498 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ntvdm-system32_31bf3856ad364e35_6.0.6001.18000_none_fe0d791a728dd79c\append.exe
    + 2006-11-02 07:10:16 10,544 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ntvdm-system32_31bf3856ad364e35_6.0.6001.18000_none_fe0d791a728dd79c\COMM.drv
    + 2006-11-02 07:09:49 50,648 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ntvdm-system32_31bf3856ad364e35_6.0.6001.18000_none_fe0d791a728dd79c\COMMAND.COM
    + 2006-11-02 07:10:28 32,816 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ntvdm-system32_31bf3856ad364e35_6.0.6001.18000_none_fe0d791a728dd79c\COMMDLG.DLL
    + 2006-11-02 07:09:45 27,097 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ntvdm-system32_31bf3856ad364e35_6.0.6001.18000_none_fe0d791a728dd79c\country.sys
    + 2008-01-19 07:33:05 46,080 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ntvdm-system32_31bf3856ad364e35_6.0.6001.18000_none_fe0d791a728dd79c\csrstub.exe
    + 2006-09-18 21:43:37 27,200 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ntvdm-system32_31bf3856ad364e35_6.0.6001.18000_none_fe0d791a728dd79c\ctl3dv2.dll
    + 2006-11-02 07:10:32 39,424 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ntvdm-system32_31bf3856ad364e35_6.0.6001.18000_none_fe0d791a728dd79c\DDEML.DLL
    + 2006-11-02 07:09:52 20,634 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ntvdm-system32_31bf3856ad364e35_6.0.6001.18000_none_fe0d791a728dd79c\debug.exe
    + 2006-11-02 07:10:37 53,536 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ntvdm-system32_31bf3856ad364e35_6.0.6001.18000_none_fe0d791a728dd79c\dosx.exe
    + 2006-11-02 07:10:29 28,112 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ntvdm-system32_31bf3856ad364e35_6.0.6001.18000_none_fe0d791a728dd79c\DRWATSON.EXE
    + 2006-09-18 21:43:40 69,886 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ntvdm-system32_31bf3856ad364e35_6.0.6001.18000_none_fe0d791a728dd79c\edit.com
    + 2006-11-02 07:09:50 12,642 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ntvdm-system32_31bf3856ad364e35_6.0.6001.18000_none_fe0d791a728dd79c\edlin.exe
    + 2006-11-02 07:09:51 8,424 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ntvdm-system32_31bf3856ad364e35_6.0.6001.18000_none_fe0d791a728dd79c\exe2bin.exe
    + 2006-11-02 07:10:13 24,576 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ntvdm-system32_31bf3856ad364e35_6.0.6001.18000_none_fe0d791a728dd79c\GDI.EXE
    + 2008-01-19 05:33:30 56,320 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ntvdm-system32_31bf3856ad364e35_6.0.6001.18000_none_fe0d791a728dd79c\graftabl.com
    + 2006-11-02 07:09:59 19,694 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ntvdm-system32_31bf3856ad364e35_6.0.6001.18000_none_fe0d791a728dd79c\GRAPHICS.COM
    + 2006-11-02 07:09:41 4,768 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ntvdm-system32_31bf3856ad364e35_6.0.6001.18000_none_fe0d791a728dd79c\HIMEM.SYS
    + 2006-11-02 07:09:57 14,710 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ntvdm-system32_31bf3856ad364e35_6.0.6001.18000_none_fe0d791a728dd79c\KB16.COM
    + 2006-11-02 07:09:44 42,809 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ntvdm-system32_31bf3856ad364e35_6.0.6001.18000_none_fe0d791a728dd79c\KEY01.SYS
    + 2006-11-02 07:10:15 2,000 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ntvdm-system32_31bf3856ad364e35_6.0.6001.18000_none_fe0d791a728dd79c\keyboard.drv
    + 2006-11-02 07:09:44 42,537 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ntvdm-system32_31bf3856ad364e35_6.0.6001.18000_none_fe0d791a728dd79c\KEYBOARD.SYS
    + 2006-11-02 07:10:07 92,320 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ntvdm-system32_31bf3856ad364e35_6.0.6001.18000_none_fe0d791a728dd79c\krnl386.exe
    + 2006-09-18 21:43:37 221,600 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ntvdm-system32_31bf3856ad364e35_6.0.6001.18000_none_fe0d791a728dd79c\lanman.drv
    + 2006-09-18 21:43:37 9,936 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ntvdm-system32_31bf3856ad364e35_6.0.6001.18000_none_fe0d791a728dd79c\lzexpand.dll
    + 2006-11-02 07:09:55 39,274 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ntvdm-system32_31bf3856ad364e35_6.0.6001.18000_none_fe0d791a728dd79c\mem.exe
    + 2006-11-02 07:10:21 68,992 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ntvdm-system32_31bf3856ad364e35_6.0.6001.18000_none_fe0d791a728dd79c\MMSYSTEM.DLL
    + 2006-11-02 07:10:18 2,032 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ntvdm-system32_31bf3856ad364e35_6.0.6001.18000_none_fe0d791a728dd79c\mouse.drv
    + 2006-09-18 21:43:37 108,464 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ntvdm-system32_31bf3856ad364e35_6.0.6001.18000_none_fe0d791a728dd79c\netapi.dll
    + 2006-11-02 07:09:56 7,052 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ntvdm-system32_31bf3856ad364e35_6.0.6001.18000_none_fe0d791a728dd79c\nlsfunc.exe
    + 2006-11-02 07:09:29 27,866 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ntvdm-system32_31bf3856ad364e35_6.0.6001.18000_none_fe0d791a728dd79c\NTDOS.SYS
    + 2006-11-02 07:09:35 29,146 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ntvdm-system32_31bf3856ad364e35_6.0.6001.18000_none_fe0d791a728dd79c\NTDOS404.SYS
    + 2006-11-02 07:09:38 29,370 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ntvdm-system32_31bf3856ad364e35_6.0.6001.18000_none_fe0d791a728dd79c\NTDOS411.SYS
    + 2006-11-02 07:09:40 29,274 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ntvdm-system32_31bf3856ad364e35_6.0.6001.18000_none_fe0d791a728dd79c\NTDOS412.SYS
    + 2006-11-02 07:09:31 29,146 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ntvdm-system32_31bf3856ad364e35_6.0.6001.18000_none_fe0d791a728dd79c\NTDOS804.SYS
    + 2006-11-02 07:09:20 33,952 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ntvdm-system32_31bf3856ad364e35_6.0.6001.18000_none_fe0d791a728dd79c\NTIO.SYS
    + 2006-11-02 07:09:23 34,672 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ntvdm-system32_31bf3856ad364e35_6.0.6001.18000_none_fe0d791a728dd79c\NTIO404.SYS
    + 2006-11-02 07:09:24 35,776 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ntvdm-system32_31bf3856ad364e35_6.0.6001.18000_none_fe0d791a728dd79c\NTIO411.SYS
    + 2006-11-02 07:09:26 35,536 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ntvdm-system32_31bf3856ad364e35_6.0.6001.18000_none_fe0d791a728dd79c\NTIO412.SYS
    + 2006-11-02 07:09:22 34,672 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ntvdm-system32_31bf3856ad364e35_6.0.6001.18000_none_fe0d791a728dd79c\NTIO804.SYS
    + 2008-01-19 07:33:19 520,704 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ntvdm-system32_31bf3856ad364e35_6.0.6001.18000_none_fe0d791a728dd79c\ntvdm.exe
    + 2006-11-02 09:46:12 14,848 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ntvdm-system32_31bf3856ad364e35_6.0.6001.18000_none_fe0d791a728dd79c\ntvdmd.dll
    + 2006-09-18 21:43:37 82,944 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ntvdm-system32_31bf3856ad364e35_6.0.6001.18000_none_fe0d791a728dd79c\olecli.dll
    + 2006-11-02 07:10:34 24,064 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ntvdm-system32_31bf3856ad364e35_6.0.6001.18000_none_fe0d791a728dd79c\OLESVR.DLL
    + 2006-09-18 21:43:37 46,592 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ntvdm-system32_31bf3856ad364e35_6.0.6001.18000_none_fe0d791a728dd79c\pmspl.dll
    + 2006-11-02 07:10:00 2,842 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ntvdm-system32_31bf3856ad364e35_6.0.6001.18000_none_fe0d791a728dd79c\redir.exe
    + 2006-11-02 07:09:53 11,753 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ntvdm-system32_31bf3856ad364e35_6.0.6001.18000_none_fe0d791a728dd79c\setver.exe
    + 2006-11-02 07:10:14 5,120 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ntvdm-system32_31bf3856ad364e35_6.0.6001.18000_none_fe0d791a728dd79c\SHELL.DLL
    + 2006-11-02 07:10:16 1,744 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ntvdm-system32_31bf3856ad364e35_6.0.6001.18000_none_fe0d791a728dd79c\sound.drv
    + 2006-09-18 21:43:37 18,896 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ntvdm-system32_31bf3856ad364e35_6.0.6001.18000_none_fe0d791a728dd79c\sysedit.exe
    + 2006-11-02 07:10:14 3,360 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ntvdm-system32_31bf3856ad364e35_6.0.6001.18000_none_fe0d791a728dd79c\system.drv
    + 2006-11-02 07:10:26 4,048 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ntvdm-system32_31bf3856ad364e35_6.0.6001.18000_none_fe0d791a728dd79c\TIMER.DRV
    + 2006-11-02 07:10:25 13,888 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ntvdm-system32_31bf3856ad364e35_6.0.6001.18000_none_fe0d791a728dd79c\TOOLHELP.DLL
    + 2006-11-02 07:10:12 47,840 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ntvdm-system32_31bf3856ad364e35_6.0.6001.18000_none_fe0d791a728dd79c\USER.EXE
    + 2008-01-19 07:36:47 41,984 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ntvdm-system32_31bf3856ad364e35_6.0.6001.18000_none_fe0d791a728dd79c\vdmredir.dll
    + 2006-09-18 21:43:37 9,008 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ntvdm-system32_31bf3856ad364e35_6.0.6001.18000_none_fe0d791a728dd79c\ver.dll
    + 2006-11-02 07:10:17 2,176 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ntvdm-system32_31bf3856ad364e35_6.0.6001.18000_none_fe0d791a728dd79c\vga.drv
    + 2006-11-02 07:10:30 12,704 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ntvdm-system32_31bf3856ad364e35_6.0.6001.18000_none_fe0d791a728dd79c\WFWNET.DRV
    + 2006-11-02 07:10:35 9,216 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ntvdm-system32_31bf3856ad364e35_6.0.6001.18000_none_fe0d791a728dd79c\WIFEMAN.DLL
    + 2006-11-02 08:35:53 6,656 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ntvdm-system32_31bf3856ad364e35_6.0.6001.18000_none_fe0d791a728dd79c\win.com
    + 2006-09-18 21:43:37 13,312 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ntvdm-system32_31bf3856ad364e35_6.0.6001.18000_none_fe0d791a728dd79c\win87em.dll
    + 2006-09-18 21:43:37 256,192 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ntvdm-system32_31bf3856ad364e35_6.0.6001.18000_none_fe0d791a728dd79c\winhelp.exe
    + 2006-11-02 07:10:35 5,120 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ntvdm-system32_31bf3856ad364e35_6.0.6001.18000_none_fe0d791a728dd79c\WINNLS.DLL
    + 2006-11-02 07:10:22 2,864 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ntvdm-system32_31bf3856ad364e35_6.0.6001.18000_none_fe0d791a728dd79c\WINSOCK.DLL
    + 2006-11-02 07:10:18 2,112 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ntvdm-system32_31bf3856ad364e35_6.0.6001.18000_none_fe0d791a728dd79c\WINSPOOL.EXE
    + 2008-01-19 07:37:08 273,920 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ntvdm-system32_31bf3856ad364e35_6.0.6001.18000_none_fe0d791a728dd79c\wow32.dll
    + 2006-11-02 07:10:27 2,864 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ntvdm-system32_31bf3856ad364e35_6.0.6001.18000_none_fe0d791a728dd79c\WOWDEB.EXE
    + 2006-11-02 07:10:24 8,960 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ntvdm-system32_31bf3856ad364e35_6.0.6001.18000_none_fe0d791a728dd79c\WOWEXEC.EXE
    + 2008-01-19 07:36:47 17,408 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ntvdm-vdmdbg_31bf3856ad364e35_6.0.6001.18000_none_4ecd1ebf83b2e2c2\vdmdbg.dll
    + 2008-01-19 05:49:12 4,608 ----a-w C:\Windows\winsxs\x86_microsoft-windows-null_31bf3856ad364e35_6.0.6001.18000_none_a965ed7d1afd0ac7\null.sys
    + 2008-01-19 07:34:00 31,744 ----a-w C:\Windows\winsxs\x86_microsoft-windows-o..inefiles-win32-apis_31bf3856ad364e35_6.0.6001.18000_none_ab6af9d0f92539f0\cscapi.dll
    + 2008-01-19 07:34:00 22,016 ----a-w C:\Windows\winsxs\x86_microsoft-windows-o..inefiles-win32-apis_31bf3856ad364e35_6.0.6001.18000_none_ab6af9d0f92539f0\cscdll.dll
    + 2008-01-19 07:36:00 531,456 ----a-w C:\Windows\winsxs\x86_microsoft-windows-object-picker_31bf3856ad364e35_6.0.6001.18000_none_0f95da960c947ce6\objsel.dll
    + 2008-01-19 07:33:19 35,840 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ocsetup_31bf3856ad364e35_6.0.6001.18000_none_e37d31f65f47c773\ocsetup.exe
    + 2008-01-05 11:23:05 336,256 ----a-w C:\Windows\winsxs\x86_microsoft-windows-oespamfilter-binaries_31bf3856ad364e35_6.0.6001.18000_none_a261abc00b0b9725\OESpamFilter.dll
    + 2008-01-05 11:23:07 2,414,136 ----a-w C:\Windows\winsxs\x86_microsoft-windows-oespamfilter-dat_31bf3856ad364e35_6.0.6001.18000_none_f2881a246b7a5327\OESpamFilter.dat
    + 2008-01-19 07:36:01 88,576 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ole-automation-legacy_31bf3856ad364e35_6.0.6001.18000_none_3a13ba9301b4467e\olepro32.dll
    + 2008-01-19 07:36:01 563,200 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ole-automation_31bf3856ad364e35_6.0.6001.18000_none_bd002a8dfb7a3328\oleaut32.dll
    + 2008-01-19 07:36:01 215,040 ----a-w C:\Windows\winsxs\x86_microsoft-windows-oleacc_31bf3856ad364e35_6.0.6001.18000_none_6a84bdce2263bb83\oleacc.dll
    + 2008-01-19 07:36:02 1,541,120 ----a-w C:\Windows\winsxs\x86_microsoft-windows-onex_31bf3856ad364e35_6.0.6001.18000_none_a5cb1bed1d5ba052\onex.dll
    + 2008-01-19 07:33:17 1,315,328 ----a-w C:\Windows\winsxs\x86_microsoft-windows-oobe-machine_31bf3856ad364e35_6.0.6001.18000_none_0d7e4a350331a941\msoobe.exe
    + 2008-01-19 07:36:01 1,107,456 ----a-w C:\Windows\winsxs\x86_microsoft-windows-opengl-msogl_31bf3856ad364e35_6.0.6001.18000_none_fa6b2a96bf20ed86\ogldrv.dll
    + 2008-01-19 07:33:19 97,280 ----a-w C:\Windows\winsxs\x86_microsoft-windows-optionalfeatures_31bf3856ad364e35_6.0.6001.18000_none_6666fa49edaef003\OptionalFeatures.exe
    + 2008-01-19 07:43:48 3,600,440 ----a-w C:\Windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.0.6001.18000_none_6c3061a0b4231268\ntkrnlpa.exe
    + 2008-01-19 07:43:47 3,548,728 ----a-w C:\Windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.0.6001.18000_none_6c3061a0b4231268\ntoskrnl.exe
    + 2008-01-19 07:37:13 574,976 ----a-w C:\Windows\winsxs\x86_microsoft-windows-p..ellextensionhandler_31bf3856ad364e35_6.0.6001.18000_none_fba088f7925eab4e\XPSSHHDR.dll
    + 2008-01-19 07:36:08 119,296 ----a-w C:\Windows\winsxs\x86_microsoft-windows-p..g-printticket-win32_31bf3856ad364e35_6.0.6001.18000_none_135aa8af9f2ef621\prntvpt.dll
    + 2008-01-19 07:35:31 198,656 ----a-w C:\Windows\winsxs\x86_microsoft-windows-p..g-xpsdocumentwriter_31bf3856ad364e35_6.0.6001.18000_none_22d89eea630649b1\mxdwdui.dll
    + 2008-01-19 07:34:43 35,328 ----a-w C:\Windows\winsxs\x86_microsoft-windows-p..ing-lpdprintservice_31bf3856ad364e35_6.0.6001.18000_none_8b9de10971458622\lpdsvc.dll
    + 2008-01-19 07:33:58 276,480 ----a-w C:\Windows\winsxs\x86_microsoft-windows-p..installerandprintui_31bf3856ad364e35_6.0.6001.18000_none_d6543f9ff5ec4aec\compstui.dll
    + 2008-01-19 07:34:21 64,512 ----a-w C:\Windows\winsxs\x86_microsoft-windows-p..installerandprintui_31bf3856ad364e35_6.0.6001.18000_none_d6543f9ff5ec4aec\findnetprinters.dll
    + 2006-11-02 09:45:33 60,416 ----a-w C:\Windows\winsxs\x86_microsoft-windows-p..installerandprintui_31bf3856ad364e35_6.0.6001.18000_none_d6543f9ff5ec4aec\printui.exe
    + 2008-01-19 07:36:12 166,400 ----a-w C:\Windows\winsxs\x86_microsoft-windows-p..installerandprintui_31bf3856ad364e35_6.0.6001.18000_none_d6543f9ff5ec4aec\puiapi.dll
    + 2008-01-19 07:36:12 300,032 ----a-w C:\Windows\winsxs\x86_microsoft-windows-p..installerandprintui_31bf3856ad364e35_6.0.6001.18000_none_d6543f9ff5ec4aec\puiobj.dll
    + 2008-01-19 07:36:07 16,896 ----a-w C:\Windows\winsxs\x86_microsoft-windows-p..ment-troubleshooter_31bf3856ad364e35_6.0.6001.18000_none_8624bc25ba0f3472\pots.dll
    + 2008-01-19 07:33:57 238,592 ----a-w C:\Windows\winsxs\x86_microsoft-windows-p..ncecounterinstaller_1122334455667788_6.0.6001.18000_none_36d020f599dab181\CntrtextInstaller.DLL
    + 2006-11-02 09:45:02 17,408 ----a-w C:\Windows\winsxs\x86_microsoft-windows-p..ncetoolscommandline_31bf3856ad364e35_6.0.6001.18000_none_61237ad0fed51e58\diskperf.exe
    + 2008-01-19 07:33:14 56,320 ----a-w C:\Windows\winsxs\x86_microsoft-windows-p..ncetoolscommandline_31bf3856ad364e35_6.0.6001.18000_none_61237ad0fed51e58\logman.exe
    + 2006-11-02 09:45:35 37,376 ----a-w C:\Windows\winsxs\x86_microsoft-windows-p..ncetoolscommandline_31bf3856ad364e35_6.0.6001.18000_none_61237ad0fed51e58\relog.exe
    + 2008-01-19 07:33:33 337,408 ----a-w C:\Windows\winsxs\x86_microsoft-windows-p..ncetoolscommandline_31bf3856ad364e35_6.0.6001.18000_none_61237ad0fed51e58\tracerpt.exe
    + 2006-11-02 09:45:49 39,936 ----a-w C:\Windows\winsxs\x86_microsoft-windows-p..ncetoolscommandline_31bf3856ad364e35_6.0.6001.18000_none_61237ad0fed51e58\typeperf.exe
    + 2008-01-19 07:37:08 140,288 ----a-w C:\Windows\winsxs\x86_microsoft-windows-p..ntalcontrolsservice_31bf3856ad364e35_6.0.6001.18000_none_b84c8d19a23c2674\wpcsvc.dll
    + 2008-01-19 07:37:08 532,992 ----a-w C:\Windows\winsxs\x86_microsoft-windows-p..ntrolsadminoverride_31bf3856ad364e35_6.0.6001.18000_none_37c5c585da66cb4e\wpcao.dll
    + 2008-01-19 07:36:07 26,112 ----a-w C:\Windows\winsxs\x86_microsoft-windows-p..oler-filterpipeline_31bf3856ad364e35_6.0.6001.18000_none_2bad9989db66dd67\printfilterpipelineprxy.dll
    + 2008-01-19 07:33:20 666,112 ----a-w C:\Windows\winsxs\x86_microsoft-windows-p..oler-filterpipeline_31bf3856ad364e35_6.0.6001.18000_none_2bad9989db66dd67\printfilterpipelinesvc.exe
    + 2008-01-19 07:36:08 634,880 ----a-w C:\Windows\winsxs\x86_microsoft-windows-p..ooler-core-localspl_31bf3856ad364e35_6.0.6001.18000_none_301b5dfb92ae18db\localspl.dll
    + 2008-01-19 07:36:07 37,888 ----a-w C:\Windows\winsxs\x86_microsoft-windows-p..ooler-networkclient_31bf3856ad364e35_6.0.6001.18000_none_39733ab970ea03f2\printcom.dll
    + 2008-01-19 07:36:53 441,344 ----a-w C:\Windows\winsxs\x86_microsoft-windows-p..ooler-networkclient_31bf3856ad364e35_6.0.6001.18000_none_39733ab970ea03f2\win32spl.dll
    + 2006-11-02 09:46:12 39,424 ----a-w C:\Windows\winsxs\x86_microsoft-windows-p..ormancebasecounters_31bf3856ad364e35_6.0.6001.18000_none_31733dc35d19d298\perfctrs.dll
    + 2006-11-02 09:46:12 31,744 ----a-w C:\Windows\winsxs\x86_microsoft-windows-p..ormancebasecounters_31bf3856ad364e35_6.0.6001.18000_none_31733dc35d19d298\perfdisk.dll
    + 2008-01-19 07:36:03 19,968 ----a-w C:\Windows\winsxs\x86_microsoft-windows-p..ormancebasecounters_31bf3856ad364e35_6.0.6001.18000_none_31733dc35d19d298\perfnet.dll
    + 2006-11-02 09:46:12 28,672 ----a-w C:\Windows\winsxs\x86_microsoft-windows-p..ormancebasecounters_31bf3856ad364e35_6.0.6001.18000_none_31733dc35d19d298\perfos.dll
    + 2006-11-02 09:46:12 35,840 ----a-w C:\Windows\winsxs\x86_microsoft-windows-p..ormancebasecounters_31bf3856ad364e35_6.0.6001.18000_none_31733dc35d19d298\perfproc.dll
    + 2008-01-19 07:36:07 10,752 ----a-w C:\Windows\winsxs\x86_microsoft-windows-p..play-troubleshooter_31bf3856ad364e35_6.0.6001.18000_none_ba59178439b80d1e\pnpts.dll
    + 2008-01-19 07:36:11 163,840 ----a-w C:\Windows\winsxs\x86_microsoft-windows-p..pooler-core-spoolss_31bf3856ad364e35_6.0.6001.18000_none_5b3992df8e604356\spoolss.dll
    + 2008-01-19 07:36:08 551,936 ----a-w C:\Windows\winsxs\x86_microsoft-windows-p..randprintui-asyncui_31bf3856ad364e35_6.0.6001.18000_none_7be1521bf226254d\prnntfy.dll
    + 2008-01-19 07:35:59 216,064 ----a-w C:\Windows\winsxs\x86_microsoft-windows-p..randprintui-ntprint_31bf3856ad364e35_6.0.6001.18000_none_f0037a3c7d6c36a4\ntprint.dll
    + 2006-11-02 09:45:31 61,440 ----a-w C:\Windows\winsxs\x86_microsoft-windows-p..randprintui-ntprint_31bf3856ad364e35_6.0.6001.18000_none_f0037a3c7d6c36a4\ntprint.exe
    + 2008-01-19 07:36:08 869,888 ----a-w C:\Windows\winsxs\x86_microsoft-windows-p..randprintui-printui_31bf3856ad364e35_6.0.6001.18000_none_dc35506a73fa81bc\printui.dll
    + 2008-01-19 07:36:03 242,688 ----a-w C:\Windows\winsxs\x86_microsoft-windows-p..rastructureconsumer_31bf3856ad364e35_6.0.6001.18000_none_b3dc8e9f30720cdd\pdh.dll
    + 2008-01-19 07:36:06 1,502,208 ----a-w C:\Windows\winsxs\x86_microsoft-windows-p..rastructureconsumer_31bf3856ad364e35_6.0.6001.18000_none_b3dc8e9f30720cdd\pla.dll
    + 2008-01-19 07:36:22 96,256 ----a-w C:\Windows\winsxs\x86_microsoft-windows-p..rastructureconsumer_31bf3856ad364e35_6.0.6001.18000_none_b3dc8e9f30720cdd\PlaMig.dll
    + 2006-11-02 09:45:32 7,680 ----a-w C:\Windows\winsxs\x86_microsoft-windows-p..rastructureconsumer_31bf3856ad364e35_6.0.6001.18000_none_b3dc8e9f30720cdd\plasrv.exe
    + 2008-01-19 07:34:34 120,832 ----a-w C:\Windows\winsxs\x86_microsoft-windows-p..rnetprinting-client_31bf3856ad364e35_6.0.6001.18000_none_8ad265adc8633a42\inetpp.dll
    + 2008-01-19 07:34:34 15,360 ----a-w C:\Windows\winsxs\x86_microsoft-windows-p..rnetprinting-client_31bf3856ad364e35_6.0.6001.18000_none_8ad265adc8633a42\inetppui.dll
    + 2008-01-19 07:33:40 39,424 ----a-w C:\Windows\winsxs\x86_microsoft-windows-p..rnetprinting-client_31bf3856ad364e35_6.0.6001.18000_none_8ad265adc8633a42\wpnpinst.exe
    + 2008-01-19 07:36:39 135,168 ----a-w C:\Windows\winsxs\x86_microsoft-windows-p..rtmonitor-tcpmondll_31bf3856ad364e35_6.0.6001.18000_none_d2ac9d5aa723258e\tcpmon.dll
    + 2008-01-19 07:37:08 296,960 ----a-w C:\Windows\winsxs\x86_microsoft-windows-p..talcontrolssettings_31bf3856ad364e35_6.0.6001.18000_none_f3ec70780f6f64fc\Wpc.dll
    + 2008-01-19 07:33:14 7,680 ----a-w C:\Windows\winsxs\x86_microsoft-windows-p..ting-lprportmonitor_31bf3856ad364e35_6.0.6001.18000_none_b403a1813dce9905\lpq.exe
    + 2008-01-19 07:33:14 8,704 ----a-w C:\Windows\winsxs\x86_microsoft-windows-p..ting-lprportmonitor_31bf3856ad364e35_6.0.6001.18000_none_b403a1813dce9905\lpr.exe
    + 2008-01-19 07:34:43 13,312 ----a-w C:\Windows\winsxs\x86_microsoft-windows-p..ting-lprportmonitor_31bf3856ad364e35_6.0.6001.18000_none_b403a1813dce9905\lprhelp.dll
    + 2006-11-02 12:35:03 20,992 ----a-w C:\Windows\winsxs\x86_microsoft-windows-p..ting-lprportmonitor_31bf3856ad364e35_6.0.6001.18000_none_b403a1813dce9905\lprmon.dll
    + 2006-11-02 12:35:03 11,776 ----a-w C:\Windows\winsxs\x86_microsoft-windows-p..ting-lprportmonitor_31bf3856ad364e35_6.0.6001.18000_none_b403a1813dce9905\lprmonui.dll
    + 2008-01-19 07:36:24 8,192 ----a-w C:\Windows\winsxs\x86_microsoft-windows-p..ting-lprportmonitor_31bf3856ad364e35_6.0.6001.18000_none_b403a1813dce9905\SetupLpr.dll
    + 2008-01-19 07:32:56 258,048 ----a-w C:\Windows\winsxs\x86_microsoft-windows-p..ting-spooler-client_31bf3856ad364e35_6.0.6001.18000_none_932df61f18add086\winspool.drv
    + 2008-01-19 07:37:10 177,664 ----a-w C:\Windows\winsxs\x86_microsoft-windows-p..ting-wsdportmonitor_31bf3856ad364e35_6.0.6001.18000_none_16d3442ddf994157\WSDMon.dll
    + 2008-01-19 07:33:19 58,368 ----a-w C:\Windows\winsxs\x86_microsoft-windows-p..tomizationsnonwinpe_31bf3856ad364e35_6.0.6001.18000_none_cbcee9638f36c1e4\PnPUnattend.exe
    + 2008-01-19 07:33:23 427,520 ----a-w C:\Windows\winsxs\x86_microsoft-windows-p..topeeradhocmeetings_31bf3856ad364e35_6.0.6001.18000_none_aa47d5c4002219b8\WinCollab.exe
    + 2008-01-19 07:36:54 56,320 ----a-w C:\Windows\winsxs\x86_microsoft-windows-p..topeeradhocmeetings_31bf3856ad364e35_6.0.6001.18000_none_aa47d5c4002219b8\WinCollabContacts.dll
    + 2008-01-19 07:36:54 20,480 ----a-w C:\Windows\winsxs\x86_microsoft-windows-p..topeeradhocmeetings_31bf3856ad364e35_6.0.6001.18000_none_aa47d5c4002219b8\WinCollabDecorator.dll
    + 2008-01-19 07:36:54 66,048 ----a-w C:\Windows\winsxs\x86_microsoft-windows-p..topeeradhocmeetings_31bf3856ad364e35_6.0.6001.18000_none_aa47d5c4002219b8\WinCollabElev.dll
    + 2008-01-19 07:36:54 163,840 ----a-w C:\Windows\winsxs\x86_microsoft-windows-p..topeeradhocmeetings_31bf3856ad364e35_6.0.6001.18000_none_aa47d5c4002219b8\WinCollabFile.dll
    + 2008-01-19 07:36:54 226,816 ----a-w C:\Windows\winsxs\x86_microsoft-windows-p..topeeradhocmeetings_31bf3856ad364e35_6.0.6001.18000_none_aa47d5c4002219b8\WinCollabPres.dll
    + 2008-01-19 07:36:54 222,720 ----a-w C:\Windows\winsxs\x86_microsoft-windows-p..topeeradhocmeetings_31bf3856ad364e35_6.0.6001.18000_none_aa47d5c4002219b8\WinCollabProj.dll
    + 2006-11-02 12:34:47 1,486,848 ----a-w C:\Windows\winsxs\x86_microsoft-windows-p..topeeradhocmeetings_31bf3856ad364e35_6.0.6001.18000_none_aa47d5c4002219b8\WinCollabRes.dll
    + 2008-01-19 07:36:02 403,968 ----a-w C:\Windows\winsxs\x86_microsoft-windows-p..topeercollab-client_31bf3856ad364e35_6.0.6001.18000_none_9d3553ad8acced6c\p2pcollab.dll
    + 2008-01-19 07:36:22 120,832 ----a-w C:\Windows\winsxs\x86_microsoft-windows-p..unterinfrastructure_31bf3856ad364e35_6.0.6001.18000_none_7185fd57fee6c971\CntrtextMig.dll
    + 2008-01-19 07:34:42 113,664 ----a-w C:\Windows\winsxs\x86_microsoft-windows-p..unterinfrastructure_31bf3856ad364e35_6.0.6001.18000_none_7185fd57fee6c971\loadperf.dll
    + 2008-01-19 07:33:14 40,448 ----a-w C:\Windows\winsxs\x86_microsoft-windows-p..unterinfrastructure_31bf3856ad364e35_6.0.6001.18000_none_7185fd57fee6c971\lodctr.exe
    + 2006-11-02 09:20:19 30,674 ----a-w C:\Windows\winsxs\x86_microsoft-windows-p..unterinfrastructure_31bf3856ad364e35_6.0.6001.18000_none_7185fd57fee6c971\perfc.dat
    + 2006-11-02 09:20:19 30,674 ----a-w C:\Windows\winsxs\x86_microsoft-windows-p..unterinfrastructure_31bf3856ad364e35_6.0.6001.18000_none_7185fd57fee6c971\perfd.dat
    + 2006-11-02 09:20:21 287,440 ----a-w C:\Windows\winsxs\x86_microsoft-windows-p..unterinfrastructure_31bf3856ad364e35_6.0.6001.18000_none_7185fd57fee6c971\perfh.dat
    + 2006-11-02 09:20:21 287,440 ----a-w C:\Windows\winsxs\x86_microsoft-windows-p..unterinfrastructure_31bf3856ad364e35_6.0.6001.18000_none_7185fd57fee6c971\perfi.dat
    + 2006-11-02 09:42:44 17,408 ----a-w C:\Windows\winsxs\x86_microsoft-windows-p..unterinfrastructure_31bf3856ad364e35_6.0.6001.18000_none_7185fd57fee6c971\prflbmsg.dll
    + 2008-01-19 07:33:33 33,792 ----a-w C:\Windows\winsxs\x86_microsoft-windows-p..unterinfrastructure_31bf3856ad364e35_6.0.6001.18000_none_7185fd57fee6c971\unlodctr.exe
    + 2008-01-19 07:33:19 130,560 ----a-w C:\Windows\winsxs\x86_microsoft-windows-packagemanager_31bf3856ad364e35_6.0.6001.18000_none_ecd7c41bf34445a7\PkgMgr.exe
    + 2008-01-19 07:36:36 109,056 ----a-w C:\Windows\winsxs\x86_microsoft-windows-packagemanager_31bf3856ad364e35_6.0.6001.18000_none_ecd7c41bf34445a7\SSShim.dll
    + 2008-01-19 07:36:50 218,624 ----a-w C:\Windows\winsxs\x86_microsoft-windows-pantherengine_31bf3856ad364e35_6.0.6001.18000_none_ae116f90a5d6b7d4\wdscore.dll
    + 2008-01-19 07:37:08 72,192 ----a-w C:\Windows\winsxs\x86_microsoft-windows-parentalcontrolslsp_31bf3856ad364e35_6.0.6001.18000_none_d71f9ce4442f172c\wpclsp.dll
    + 2008-01-19 07:37:08 1,580,544 ----a-w C:\Windows\winsxs\x86_microsoft-windows-parentalcontrolspanel_31bf3856ad364e35_6.0.6001.18000_none_a14154be36c74a7b\wpccpl.dll
    + 2008-01-19 07:42:23 56,376 ----a-w C:\Windows\winsxs\x86_microsoft-windows-partitionmanager_31bf3856ad364e35_6.0.6001.18000_none_e19c138bba6f9093\partmgr.sys
    + 2008-01-19 07:36:02 134,144 ----a-w C:\Windows\winsxs\x86_microsoft-windows-peertopeeradmin_31bf3856ad364e35_6.0.6001.18000_none_47496a3bcfe750ac\p2pnetsh.dll
    + 2008-01-19 07:36:02 202,240 ----a-w C:\Windows\winsxs\x86_microsoft-windows-peertopeerbase_31bf3856ad364e35_6.0.6001.18000_none_6bd83b0d2606e9d6\P2P.dll
    + 2008-01-19 07:36:09 658,944 ----a-w C:\Windows\winsxs\x86_microsoft-windows-peertopeerbase_31bf3856ad364e35_6.0.6001.18000_none_6bd83b0d2606e9d6\p2psvc.dll
    + 2008-01-19 07:33:19 192,000 ----a-w C:\Windows\winsxs\x86_microsoft-windows-peertopeercollab_31bf3856ad364e35_6.0.6001.18000_none_97354e832d228b4c\p2phost.exe
    + 2008-01-19 07:36:09 336,896 ----a-w C:\Windows\winsxs\x86_microsoft-windows-peertopeergraphing_31bf3856ad364e35_6.0.6001.18000_none_62c2dad4e9be8a09\P2PGraph.dll
    + 2008-01-19 07:36:07 62,464 ----a-w C:\Windows\winsxs\x86_microsoft-windows-peertopeerpnrp_31bf3856ad364e35_6.0.6001.18000_none_717f15b322749509\pnrpnsp.dll
    + 2006-11-02 12:34:46 18,944 ----a-w C:\Windows\winsxs\x86_microsoft-windows-peertopeerpnrp_31bf3856ad364e35_6.0.6001.18000_none_717f15b322749509\pnrpperf.dll
    + 2008-01-19 07:36:03 1,248,768 ----a-w C:\Windows\winsxs\x86_microsoft-windows-perfcentercpl_31bf3856ad364e35_6.0.6001.18000_none_646d252ef4353323\PerfCenterCPL.dll
    + 2008-01-19 07:36:03 46,592 ----a-w C:\Windows\winsxs\x86_microsoft-windows-performancetoolsgui_31bf3856ad364e35_6.0.6001.18000_none_9c09be2ba0f3f010\pdhui.dll
    + 2008-01-19 07:33:19 120,320 ----a-w C:\Windows\winsxs\x86_microsoft-windows-performancetoolsgui_31bf3856ad364e35_6.0.6001.18000_none_9c09be2ba0f3f010\perfmon.exe
    + 2008-01-19 07:36:50 1,020,928 ----a-w C:\Windows\winsxs\x86_microsoft-windows-performancetoolsgui_31bf3856ad364e35_6.0.6001.18000_none_9c09be2ba0f3f010\wdc.dll
    + 2008-01-19 07:37:12 456,704 ----a-w C:\Windows\winsxs\x86_microsoft-windows-performancetoolsgui_31bf3856ad364e35_6.0.6001.18000_none_9c09be2ba0f3f010\wvc.dll
    + 2008-01-19 07:37:04 276,992 ----a-w C:\Windows\winsxs\x86_microsoft-windows-photo-image-codec_31bf3856ad364e35_6.0.6001.18000_none_9f39ae3545bed679\WMPhoto.dll
    + 2008-01-19 07:36:05 291,328 ----a-w C:\Windows\winsxs\x86_microsoft-windows-photo-printing-wizard_31bf3856ad364e35_6.0.6001.18000_none_54e8d04bdd11cce4\photowiz.dll
    + 2008-01-19 07:36:03 1,030,144 ----a-w C:\Windows\winsxs\x86_microsoft-windows-photoacquire_31bf3856ad364e35_6.0.6001.18000_none_343664970cc25614\PhotoAcq.dll
    + 2008-01-19 07:36:03 35,840 ----a-w C:\Windows\winsxs\x86_microsoft-windows-photobase_31bf3856ad364e35_6.0.6001.18000_none_408073129afe57df\PhotoBase.dll
    + 2008-01-19 07:36:03 95,744 ----a-w C:\Windows\winsxs\x86_microsoft-windows-photoclassic_31bf3856ad364e35_6.0.6001.18000_none_e8133e0beab0625e\PhotoClassic.dll
    + 2008-01-19 07:36:04 371,200 ----a-w C:\Windows\winsxs\x86_microsoft-windows-photolibrarydatabase_31bf3856ad364e35_6.0.6001.18000_none_b14338296c547974\PhotoLibraryDatabase.dll
    + 2008-01-19 07:36:09 798,208 ----a-w C:\Windows\winsxs\x86_microsoft-windows-photolibraryshell_31bf3856ad364e35_6.0.6001.18000_none_9343b908f0f645f9\PhotoLibraryMain.dll
    + 2008-01-19 07:36:04 412,160 ----a-w C:\Windows\winsxs\x86_microsoft-windows-photometadatahandler_31bf3856ad364e35_6.0.6001.18000_none_ca6f6160e5843407\PhotoMetadataHandler.dll
    + 2008-01-19 07:32:59 704,512 ----a-w C:\Windows\winsxs\x86_microsoft-windows-photoscreensaver_31bf3856ad364e35_6.0.6001.18000_none_6bce7ed85875ff89\PhotoScreensaver.scr
    + 2008-01-19 07:36:04 2,314,240 ----a-w C:\Windows\winsxs\x86_microsoft-windows-photoviewer_31bf3856ad364e35_6.0.6001.18000_none_dc3e8b3ccfb83930\PhotoViewer.dll
    + 2006-11-02 09:45:32 13,312 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ping-utilities_31bf3856ad364e35_6.0.6001.18000_none_a931a5078fdac855\PATHPING.EXE
    + 2008-01-19 07:33:19 15,360 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ping-utilities_31bf3856ad364e35_6.0.6001.18000_none_a931a5078fdac855\PING.EXE
    + 2006-11-02 09:45:49 12,288 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ping-utilities_31bf3856ad364e35_6.0.6001.18000_none_a931a5078fdac855\TRACERT.EXE
    + 2008-01-19 07:36:06 17,920 ----a-w C:\Windows\winsxs\x86_microsoft-windows-playsoundservice_31bf3856ad364e35_6.0.6001.18000_none_e7daea928def5128\PlaySndSrv.dll
    + 2008-01-19 07:34:03 377,344 ----a-w C:\Windows\winsxs\x86_microsoft-windows-pnpdevicemanager_31bf3856ad364e35_6.0.6001.18000_none_13d69a721f80b8ad\devmgr.dll
    + 2008-01-19 07:34:04 42,496 ----a-w C:\Windows\winsxs\x86_microsoft-windows-pnpdevicemanager_31bf3856ad364e35_6.0.6001.18000_none_13d69a721f80b8ad\dmocx.dll
    + 2008-01-19 07:36:22 67,584 ----a-w C:\Windows\winsxs\x86_microsoft-windows-pnpibs_31bf3856ad364e35_6.0.6001.18000_none_41fa7c636bf12738\pnpibs.dll
    + 2008-01-19 07:36:07 180,736 ----a-w C:\Windows\winsxs\x86_microsoft-windows-pnpinstaller_31bf3856ad364e35_6.0.6001.18000_none_92bad796dc2737da\pnpsetup.dll
    + 2008-01-19 07:33:53 297,472 ----a-w C:\Windows\winsxs\x86_microsoft-windows-pnpplugininstaller_1122334455667788_6.0.6001.18000_none_752dd56c4399e7e6\cmipnpinstall.dll
    + 2008-01-19 07:36:34 44,544 ----a-w C:\Windows\winsxs\x86_microsoft-windows-pnpsysprep_31bf3856ad364e35_6.0.6001.18000_none_41bd7b7cb7125f28\sppnp.dll
    + 2008-01-19 07:36:07 542,208 ----a-w C:\Windows\winsxs\x86_microsoft-windows-pnpui_31bf3856ad364e35_6.0.6001.18000_none_5ed7915a2b4970ea\pnpui.dll
    + 2008-01-19 07:33:19 32,768 ----a-w C:\Windows\winsxs\x86_microsoft-windows-pnputil_31bf3856ad364e35_6.0.6001.18000_none_fd63c291bc87866e\PnPutil.exe
    + 2008-01-19 07:36:07 723,968 ----a-w C:\Windows\winsxs\x86_microsoft-windows-powercpl_31bf3856ad364e35_6.0.6001.18000_none_61e0f2fb743843ce\powercpl.dll
    + 2008-01-19 07:34:43 13,824 ----a-w C:\Windows\winsxs\x86_microsoft-windows-printing-localprinting_31bf3856ad364e35_6.0.6001.18000_none_cc43ccec2b50152a\localui.dll
    + 2008-01-19 07:36:46 34,304 ----a-w C:\Windows\winsxs\x86_microsoft-windows-printing-localprinting_31bf3856ad364e35_6.0.6001.18000_none_cc43ccec2b50152a\usbmon.dll
    + 2008-01-19 07:36:01 96,768 ----a-w C:\Windows\winsxs\x86_microsoft-windows-printing-oleprn_31bf3856ad364e35_6.0.6001.18000_none_7b26dc5a5f429f66\oleprn.dll
    + 2008-01-19 07:37:13 1,675,264 ----a-w C:\Windows\winsxs\x86_microsoft-windows-printing-reach_31bf3856ad364e35_6.0.6001.18000_none_266c7a5e12320237\xpssvcs.dll
    + 2008-01-19 07:33:32 125,952 ----a-w C:\Windows\winsxs\x86_microsoft-windows-printing-spooler-core_31bf3856ad364e35_6.0.6001.18000_none_d64ba321c188c516\spoolsv.exe
    + 2008-01-19 07:33:43 52,224 ----a-w C:\Windows\winsxs\x86_microsoft-windows-processmodel_31bf3856ad364e35_6.0.6001.18000_none_b6c18e2ea4c354d2\apphostsvc.dll
    + 2008-01-19 07:33:34 19,456 ----a-w C:\Windows\winsxs\x86_microsoft-windows-processmodel_31bf3856ad364e35_6.0.6001.18000_none_b6c18e2ea4c354d2\w3wp.exe
    + 2008-01-19 07:34:32 371,200 ----a-w C:\Windows\winsxs\x86_microsoft-windows-processmodellibraries_31bf3856ad364e35_6.0.6001.18000_none_da9c5cd1aae25b0d\iisw3adm.dll
    + 2008-01-19 07:36:48 15,872 ----a-w C:\Windows\winsxs\x86_microsoft-windows-processmodellibraries_31bf3856ad364e35_6.0.6001.18000_none_da9c5cd1aae25b0d\w3tp.dll
    + 2008-01-19 07:36:48 46,080 ----a-w C:\Windows\winsxs\x86_microsoft-windows-processmodellibraries_31bf3856ad364e35_6.0.6001.18000_none_da9c5cd1aae25b0d\w3wphost.dll
    + 2008-01-19 07:36:49 22,528 ----a-w C:\Windows\winsxs\x86_microsoft-windows-processmodellibraries_31bf3856ad364e35_6.0.6001.18000_none_da9c5cd1aae25b0d\wbhst_pm.dll
    + 2008-01-19 07:36:49 24,064 ----a-w C:\Windows\winsxs\x86_microsoft-windows-processmodellibraries_31bf3856ad364e35_6.0.6001.18000_none_da9c5cd1aae25b0d\wbhstipm.dll
    + 2008-01-19 07:36:11 29,184 ----a-w C:\Windows\winsxs\x86_microsoft-windows-profsvc_31bf3856ad364e35_6.0.6001.18000_none_fbb1576d32ad0ba9\profprov.dll
    + 2008-01-19 07:36:11 153,600 ----a-w C:\Windows\winsxs\x86_microsoft-windows-profsvc_31bf3856ad364e35_6.0.6001.18000_none_fbb1576d32ad0ba9\profsvc.dll
    + 2008-01-19 07:36:11 750,080 ----a-w C:\Windows\winsxs\x86_microsoft-windows-propsys_31bf3856ad364e35_6.0.6001.18000_none_025d66bd2e6eb866\propsys.dll
    + 2008-01-19 07:42:18 51,768 ----a-w C:\Windows\winsxs\x86_microsoft-windows-pshed_31bf3856ad364e35_6.0.6001.18000_none_5bf2e3502d148f14\PSHED.DLL
    + 2008-01-19 07:36:13 505,344 ----a-w C:\Windows\winsxs\x86_microsoft-windows-qedit_31bf3856ad364e35_6.0.6001.18000_none_5a9bdcad476757c7\qedit.dll
    + 2008-01-19 05:55:53 72,192 ----a-w C:\Windows\winsxs\x86_microsoft-windows-qos_31bf3856ad364e35_6.0.6001.18000_none_ae4b689057a4a1e3\pacer.sys
    + 2006-11-02 09:46:12 15,360 ----a-w C:\Windows\winsxs\x86_microsoft-windows-qos_31bf3856ad364e35_6.0.6001.18000_none_ae4b689057a4a1e3\pacerprf.dll
    + 2006-11-02 09:46:13 33,280 ----a-w C:\Windows\winsxs\x86_microsoft-windows-qos_31bf3856ad364e35_6.0.6001.18000_none_ae4b689057a4a1e3\traffic.dll
    + 2006-11-02 09:46:14 13,824 ----a-w C:\Windows\winsxs\x86_microsoft-windows-qos_31bf3856ad364e35_6.0.6001.18000_none_ae4b689057a4a1e3\wshqos.dll
    + 2008-01-19 07:36:14 243,712 ----a-w C:\Windows\winsxs\x86_microsoft-windows-qwave_31bf3856ad364e35_6.0.6001.18000_none_58aa19c148bb06a8\qwave.dll
    + 2008-01-19 05:56:07 31,232 ----a-w C:\Windows\winsxs\x86_microsoft-windows-qwave_31bf3856ad364e35_6.0.6001.18000_none_58aa19c148bb06a8\qwavedrv.sys
    + 2008-01-19 07:33:24 60,416 ----a-w C:\Windows\winsxs\x86_microsoft-windows-r..-commandline-editor_31bf3856ad364e35_6.0.6001.18000_none_319433fd2aaf78e5\reg.exe
    + 2008-01-19 07:33:23 20,480 ----a-w C:\Windows\winsxs\x86_microsoft-windows-r..bilityanalysisagent_31bf3856ad364e35_6.0.6001.18000_none_26c0a2eaa039cb7f\RacAgent.exe
    + 2008-01-19 07:33:23 30,208 ----a-w C:\Windows\winsxs\x86_microsoft-windows-r..eak-diagnostic-core_31bf3856ad364e35_6.0.6001.18000_none_5b11a3037d624890\rdrleakdiag.exe
    + 2006-11-02 12:35:06 7,168 ----a-w C:\Windows\winsxs\x86_microsoft-windows-r..emanagement-service_31bf3856ad364e35_6.0.6001.18000_none_0e3e31f00e12b007\mll_hp.dll
    + 2008-01-19 07:34:49 11,264 ----a-w C:\Windows\winsxs\x86_microsoft-windows-r..emanagement-service_31bf3856ad364e35_6.0.6001.18000_none_0e3e31f00e12b007\mll_mtf.dll
    + 2008-01-19 07:34:49 9,728 ----a-w C:\Windows\winsxs\x86_microsoft-windows-r..emanagement-service_31bf3856ad364e35_6.0.6001.18000_none_0e3e31f00e12b007\mll_qic.dll
    + 2008-01-19 07:35:58 179,712 ----a-w C:\Windows\winsxs\x86_microsoft-windows-r..emanagement-service_31bf3856ad364e35_6.0.6001.18000_none_0e3e31f00e12b007\ntmsdba.dll
    + 2006-11-02 12:35:06 17,408 ----a-w C:\Windows\winsxs\x86_microsoft-windows-r..emanagement-service_31bf3856ad364e35_6.0.6001.18000_none_0e3e31f00e12b007\ntmsevt.dll
    + 2008-01-19 07:35:58 460,288 ----a-w C:\Windows\winsxs\x86_microsoft-windows-r..emanagement-service_31bf3856ad364e35_6.0.6001.18000_none_0e3e31f00e12b007\ntmssvc.dll
    + 2006-11-02 12:35:06 43,008 ----a-w C:\Windows\winsxs\x86_microsoft-windows-r..emanagement-service_31bf3856ad364e35_6.0.6001.18000_none_0e3e31f00e12b007\rsm.exe
    + 2006-11-02 12:35:06 26,624 ----a-w C:\Windows\winsxs\x86_microsoft-windows-r..emanagement-service_31bf3856ad364e35_6.0.6001.18000_none_0e3e31f00e12b007\rsmmllsv.exe
    + 2006-11-02 12:35:06 22,016 ----a-w C:\Windows\winsxs\x86_microsoft-windows-r..emanagement-service_31bf3856ad364e35_6.0.6001.18000_none_0e3e31f00e12b007\rsmsink.exe
    + 2006-11-02 12:35:06 54,272 ----a-w C:\Windows\winsxs\x86_microsoft-windows-r..emanagement-service_31bf3856ad364e35_6.0.6001.18000_none_0e3e31f00e12b007\rsmui.exe
    + 2008-01-19 07:34:56 329,216 ----a-w C:\Windows\winsxs\x86_microsoft-windows-r..ement-client-v1-api_31bf3856ad364e35_6.0.6001.18000_none_e7fd9cd8934491e6\msdrm.dll
    + 2008-01-19 07:36:15 889,344 ----a-w C:\Windows\winsxs\x86_microsoft-windows-r..ilityanalysisengine_31bf3856ad364e35_6.0.6001.18000_none_886ce4a9963d6b7e\RacEngn.dll
    + 2008-01-19 07:36:16 340,992 ----a-w C:\Windows\winsxs\x86_microsoft-windows-r..lityanalysismonitor_31bf3856ad364e35_6.0.6001.18000_none_810bc669406d8422\RelMon.dll
    + 2008-01-19 07:36:16 69,632 ----a-w C:\Windows\winsxs\x86_microsoft-windows-r..neenforcementclient_31bf3856ad364e35_6.0.6001.18000_none_3dcd940b57ea40f0\rasqec.dll
    + 2008-01-19 07:33:23 161,792 ----a-w C:\Windows\winsxs\x86_microsoft-windows-r..sistance-dcomserver_31bf3856ad364e35_6.0.6001.18000_none_2ff39ff37592ad4f\raserver.exe
    + 2008-01-19 07:36:03 124,928 ----a-w C:\Windows\winsxs\x86_microsoft-windows-rasapi_31bf3856ad364e35_6.0.6001.18000_none_6d377f6a4f85327c\pbkmigr.dll
    + 2008-01-19 07:36:15 286,720 ----a-w C:\Windows\winsxs\x86_microsoft-windows-rasapi_31bf3856ad364e35_6.0.6001.18000_none_6d377f6a4f85327c\rasapi32.dll
    + 2008-01-19 05:56:31 11,776 ----a-w C:\Windows\winsxs\x86_microsoft-windows-rasautodial_31bf3856ad364e35_6.0.6001.18000_none_0fd9feb665531f63\rasacd.sys
    + 2006-11-02 09:46:12 10,240 ----a-w C:\Windows\winsxs\x86_microsoft-windows-rasautodial_31bf3856ad364e35_6.0.6001.18000_none_0fd9feb665531f63\rasadhlp.dll
    + 2008-01-19 07:36:15 90,624 ----a-w C:\Windows\winsxs\x86_microsoft-windows-rasautodial_31bf3856ad364e35_6.0.6001.18000_none_0fd9feb665531f63\rasauto.dll
    + 2006-11-02 09:45:34 16,896 ----a-w C:\Windows\winsxs\x86_microsoft-windows-rasautodial_31bf3856ad364e35_6.0.6001.18000_none_0fd9feb665531f63\rasautou.exe
    + 2008-01-19 05:56:29 17,408 ----a-w C:\Windows\winsxs\x86_microsoft-windows-rasbase-asyncmac_31bf3856ad364e35_6.0.6001.18000_none_2457cee334d93e6f\asyncmac.sys
    + 2008-01-19 05:56:33 121,344 ----a-w C:\Windows\winsxs\x86_microsoft-windows-rasbase-ndiswan_31bf3856ad364e35_6.0.6001.18000_none_f33890c1574ac84e\ndiswan.sys
    + 2008-01-19 05:56:34 76,288 ----a-w C:\Windows\winsxs\x86_microsoft-windows-rasbase-rasl2tp_31bf3856ad364e35_6.0.6001.18000_none_99dc4c9ce7ee4a46\rasl2tp.sys
    + 2008-01-19 05:56:33 41,472 ----a-w C:\Windows\winsxs\x86_microsoft-windows-rasbase-raspppoe_31bf3856ad364e35_6.0.6001.18000_none_563384209a97d914\raspppoe.sys
    + 2008-01-19 05:56:34 62,976 ----a-w C:\Windows\winsxs\x86_microsoft-windows-rasbase-raspptp_31bf3856ad364e35_6.0.6001.18000_none_99ef1ed8e7d6dd1c\raspptp.sys
    + 2008-01-19 05:56:43 69,120 ----a-w C:\Windows\winsxs\x86_microsoft-windows-rasbase-rassstp_31bf3856ad364e35_6.0.6001.18000_none_99d1aff2e7ec7cf4\rassstp.sys
    + 2008-01-19 07:36:36 116,736 ----a-w C:\Windows\winsxs\x86_microsoft-windows-rasbase-rassstp_31bf3856ad364e35_6.0.6001.18000_none_99d1aff2e7ec7cf4\sstpsvc.dll
    + 2008-01-19 05:56:24 20,992 ----a-w C:\Windows\winsxs\x86_microsoft-windows-rasbase_31bf3856ad364e35_6.0.6001.18000_none_0de067e17a6f4519\ndistapi.sys
    + 2008-01-19 05:56:28 49,664 ----a-w C:\Windows\winsxs\x86_microsoft-windows-rasbase_31bf3856ad364e35_6.0.6001.18000_none_0de067e17a6f4519\ndproxy.sys
    + 2008-01-19 07:36:15 81,408 ----a-w C:\Windows\winsxs\x86_microsoft-windows-rasbase_31bf3856ad364e35_6.0.6001.18000_none_0de067e17a6f4519\rascfg.dll
    + 2008-01-19 07:36:15 52,736 ----a-w C:\Windows\winsxs\x86_microsoft-windows-rasbase_31bf3856ad364e35_6.0.6001.18000_none_0de067e17a6f4519\rasdiag.dll
    + 2006-11-02 09:46:12 32,768 ----a-w C:\Windows\winsxs\x86_microsoft-windows-rasbase_31bf3856ad364e35_6.0.6001.18000_none_0de067e17a6f4519\rasmxs.dll
    + 2006-11-02 09:46:12 22,016 ----a-w C:\Windows\winsxs\x86_microsoft-windows-rasbase_31bf3856ad364e35_6.0.6001.18000_none_0de067e17a6f4519\rasser.dll
    + 2008-01-19 05:56:31 62,464 ----a-w C:\Windows\winsxs\x86_microsoft-windows-rasbase_31bf3856ad364e35_6.0.6001.18000_none_0de067e17a6f4519\wanarp.sys
    + 2008-01-19 07:36:15 281,600 ----a-w C:\Windows\winsxs\x86_microsoft-windows-raschap_31bf3856ad364e35_6.0.6001.18000_none_12bf0305774c76e6\raschap.dll
    + 2006-11-02 09:45:34 16,896 ----a-w C:\Windows\winsxs\x86_microsoft-windows-rasclienttools_31bf3856ad364e35_6.0.6001.18000_none_6f46cfc8a8b142a0\rasdial.exe
    + 2008-01-19 07:33:23 39,424 ----a-w C:\Windows\winsxs\x86_microsoft-windows-rasclienttools_31bf3856ad364e35_6.0.6001.18000_none_6f46cfc8a8b142a0\rasphone.exe
    + 2008-01-19 07:33:53 481,792 ----a-w C:\Windows\winsxs\x86_microsoft-windows-rascmdial_31bf3856ad364e35_6.0.6001.18000_none_d3a71b4c555915f0\cmdial32.dll
    + 2008-01-19 07:33:52 31,232 ----a-w C:\Windows\winsxs\x86_microsoft-windows-rasconnectionmanager_31bf3856ad364e35_6.0.6001.18000_none_5f203f7160858cef\cmcfg32.dll
    + 2008-01-19 07:33:04 72,704 ----a-w C:\Windows\winsxs\x86_microsoft-windows-rasconnectionmanager_31bf3856ad364e35_6.0.6001.18000_none_5f203f7160858cef\cmdl32.exe
    + 2008-01-19 07:33:53 32,768 ----a-w C:\Windows\winsxs\x86_microsoft-windows-rasconnectionmanager_31bf3856ad364e35_6.0.6001.18000_none_5f203f7160858cef\cmlua.dll
    + 2008-01-19 07:33:53 56,320 ----a-w C:\Windows\winsxs\x86_microsoft-windows-rasconnectionmanager_31bf3856ad364e35_6.0.6001.18000_none_5f203f7160858cef\cmmigr.dll
    + 2008-01-19 07:33:04 48,640 ----a-w C:\Windows\winsxs\x86_microsoft-windows-rasconnectionmanager_31bf3856ad364e35_6.0.6001.18000_none_5f203f7160858cef\cmmon32.exe
    + 2008-01-19 07:33:53 26,112 ----a-w C:\Windows\winsxs\x86_microsoft-windows-rasconnectionmanager_31bf3856ad364e35_6.0.6001.18000_none_5f203f7160858cef\cmpbk32.dll
    + 2008-01-19 07:33:04 84,992 ----a-w C:\Windows\winsxs\x86_microsoft-windows-rasconnectionmanager_31bf3856ad364e35_6.0.6001.18000_none_5f203f7160858cef\cmstp.exe
    + 2008-01-19 07:33:53 14,336 ----a-w C:\Windows\winsxs\x86_microsoft-windows-rasconnectionmanager_31bf3856ad364e35_6.0.6001.18000_none_5f203f7160858cef\cmstplua.dll
    + 2008-01-19 07:33:53 47,616 ----a-w C:\Windows\winsxs\x86_microsoft-windows-rasconnectionmanager_31bf3856ad364e35_6.0.6001.18000_none_5f203f7160858cef\cmutil.dll
    + 2008-01-19 07:36:15 15,360 ----a-w C:\Windows\winsxs\x86_microsoft-windows-rasctrs_31bf3856ad364e35_6.0.6001.18000_none_141e18bf76686840\rasctrs.dll
    + 2008-01-19 07:36:15 825,856 ----a-w C:\Windows\winsxs\x86_microsoft-windows-rasdlg_31bf3856ad364e35_6.0.6001.18000_none_6d133c0e4fa0edb1\rasdlg.dll
    + 2008-01-19 07:36:15 642,560 ----a-w C:\Windows\winsxs\x86_microsoft-windows-rasgetconnectedwizard_31bf3856ad364e35_6.0.6001.18000_none_3a13de90cc381618\rasgcw.dll
    + 2008-01-19 07:34:31 29,696 ----a-w C:\Windows\winsxs\x86_microsoft-windows-rasifmon_31bf3856ad364e35_6.0.6001.18000_none_cacfc9d2ed2e7fd7\ifmon.dll
    + 2008-01-19 05:56:23 47,616 ----a-w C:\Windows\winsxs\x86_microsoft-windows-rasipfilter_31bf3856ad364e35_6.0.6001.18000_none_e76983e8bf2f6fb9\ipfltdrv.sys
    + 2008-01-19 07:36:15 71,168 ----a-w C:\Windows\winsxs\x86_microsoft-windows-rasman_31bf3856ad364e35_6.0.6001.18000_none_6ca64a1c4ff485d4\rasman.dll
    + 2008-01-19 07:36:15 260,608 ----a-w C:\Windows\winsxs\x86_microsoft-windows-rasmanservice_31bf3856ad364e35_6.0.6001.18000_none_9ebd9641a0a88359\rasmans.dll
    + 2008-01-19 07:36:16 975,360 ----a-w C:\Windows\winsxs\x86_microsoft-windows-rasmm_31bf3856ad364e35_6.0.6001.18000_none_6199f3fe5c652ff8\RASMM.dll
    + 2008-01-19 07:36:16 155,136 ----a-w C:\Windows\winsxs\x86_microsoft-windows-rasmontr_31bf3856ad364e35_6.0.6001.18000_none_82906dab6399852a\rasmontr.dll
    + 2008-01-19 07:34:53 104,960 ----a-w C:\Windows\winsxs\x86_microsoft-windows-rasmprddm_31bf3856ad364e35_6.0.6001.18000_none_99165124cd984b96\mprddm.dll
    + 2008-01-19 07:36:16 376,832 ----a-w C:\Windows\winsxs\x86_microsoft-windows-rasplap_31bf3856ad364e35_6.0.6001.18000_none_1236753177b2477f\rasplap.dll
    + 2008-01-19 07:36:16 259,584 ----a-w C:\Windows\winsxs\x86_microsoft-windows-rasppp_31bf3856ad364e35_6.0.6001.18000_none_6c94b11e4fff8902\rasppp.dll
    + 2006-11-02 09:46:12 36,352 ----a-w C:\Windows\winsxs\x86_microsoft-windows-rasrtutils_31bf3856ad364e35_6.0.6001.18000_none_0d159410ea7a8f9d\rtutils.dll
    + 2008-01-19 07:34:34 8,192 ----a-w C:\Windows\winsxs\x86_microsoft-windows-rasserver_31bf3856ad364e35_6.0.6001.18000_none_aba9395767cce10f\iprtprio.dll
    + 2008-01-19 07:34:34 252,416 ----a-w C:\Windows\winsxs\x86_microsoft-windows-rasserver_31bf3856ad364e35_6.0.6001.18000_none_aba9395767cce10f\iprtrmgr.dll
    + 2008-01-19 07:34:53 68,608 ----a-w C:\Windows\winsxs\x86_microsoft-windows-rasserver_31bf3856ad364e35_6.0.6001.18000_none_aba9395767cce10f\mprdim.dll
    + 2008-01-19 07:36:15 115,200 ----a-w C:\Windows\winsxs\x86_microsoft-windows-rasserver_31bf3856ad364e35_6.0.6001.18000_none_aba9395767cce10f\RasMigPlugin.dll
    + 2008-01-19 07:36:17 114,688 ----a-w C:\Windows\winsxs\x86_microsoft-windows-rasserver_31bf3856ad364e35_6.0.6001.18000_none_aba9395767cce10f\rtm.dll
    + 2008-01-19 07:36:16 69,632 ----a-w C:\Windows\winsxs\x86_microsoft-windows-rastapi_31bf3856ad364e35_6.0.6001.18000_none_0ee42a5979dd0144\rastapi.dll
    + 2008-01-19 07:36:16 243,712 ----a-w C:\Windows\winsxs\x86_microsoft-windows-rastls_31bf3856ad364e35_6.0.6001.18000_none_6c652bee5023e04d\rastls.dll
    + 2008-01-19 05:28:37 224,768 ----a-w C:\Windows\winsxs\x86_microsoft-windows-rdbss_31bf3856ad364e35_6.0.6001.18000_none_59d4d7cc61696f94\rdbss.sys
    + 2008-01-19 07:35:12 160,256 ----a-w C:\Windows\winsxs\x86_microsoft-windows-rdc_31bf3856ad364e35_6.0.6001.18000_none_a734f0925c3258df\msrdc.dll
    + 2008-01-19 07:33:23 193,024 ----a-w C:\Windows\winsxs\x86_microsoft-windows-recdisc-main_31bf3856ad364e35_6.0.6001.18000_none_847bfa71b3a145b1\recdisc.exe
    + 2008-01-19 07:36:20 6,656 ----a-w C:\Windows\winsxs\x86_microsoft-windows-recdisc-main_31bf3856ad364e35_6.0.6001.18000_none_847bfa71b3a145b1\sdspres.dll
    + 2008-01-19 07:36:16 40,960 ----a-w C:\Windows\winsxs\x86_microsoft-windows-regctrl_31bf3856ad364e35_6.0.6001.18000_none_1061c9328037245f\RegCtrl.dll
    + 2008-01-19 07:33:24 44,032 ----a-w C:\Windows\winsxs\x86_microsoft-windows-regini_31bf3856ad364e35_6.0.6001.18000_none_0c563c6eb9d0e37e\regini.exe
    + 2006-11-02 09:46:02 13,824 ----a-w C:\Windows\winsxs\x86_microsoft-windows-registry-editor_31bf3856ad364e35_6.0.6001.18000_none_f42eb564dbd8a697\clb.dll
    + 2008-01-19 07:33:24 134,656 ----a-w C:\Windows\winsxs\x86_microsoft-windows-registry-editor_31bf3856ad364e35_6.0.6001.18000_none_f42eb564dbd8a697\regedit.exe
    + 2006-11-02 09:45:35 9,216 ----a-w C:\Windows\winsxs\x86_microsoft-windows-registry-editor_31bf3856ad364e35_6.0.6001.18000_none_f42eb564dbd8a697\regedt32.exe
    + 2008-01-19 07:33:17 464,896 ----a-w C:\Windows\winsxs\x86_microsoft-windows-remoteassistance-exe_31bf3856ad364e35_6.0.6001.18000_none_3758172c01e5ce47\msra.exe
    + 2006-11-02 12:34:40 40,960 ----a-w C:\Windows\winsxs\x86_microsoft-windows-remoteassistance-exe_31bf3856ad364e35_6.0.6001.18000_none_3758172c01e5ce47\racpldlg.dll
    + 2008-01-19 07:33:28 82,944 ----a-w C:\Windows\winsxs\x86_microsoft-windows-remoteassistance-exe_31bf3856ad364e35_6.0.6001.18000_none_3758172c01e5ce47\sdchange.exe
    + 2008-01-19 07:36:16 106,496 ----a-w C:\Windows\winsxs\x86_microsoft-windows-remoteregistry-service_31bf3856ad364e35_6.0.6001.18000_none_896605b983775101\regsvc.dll
    + 2008-01-19 07:36:16 216,576 ----a-w C:\Windows\winsxs\x86_microsoft-windows-resampledmo_31bf3856ad364e35_6.0.6001.18000_none_9f6bf5b0d870ecd7\RESAMPLEDMO.DLL
    + 2008-01-19 07:33:53 126,464 ----a-w C:\Windows\winsxs\x86_microsoft-windows-rescacheinstaller_1122334455667788_6.0.6001.18000_none_b9a05e806817e1ab\rescinst.dll
    + 2006-11-02 09:45:37 14,848 ----a-w C:\Windows\winsxs\x86_microsoft-windows-restartmanager_31bf3856ad364e35_6.0.6001.18000_none_803567cb241e9c20\RmClient.exe
    + 2008-01-19 07:36:17 146,944 ----a-w C:\Windows\winsxs\x86_microsoft-windows-restartmanager_31bf3856ad364e35_6.0.6001.18000_none_803567cb241e9c20\RstrtMgr.dll
    + 2008-01-19 07:32:59 220,672 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ribbons_31bf3856ad364e35_6.0.6001.18000_none_88b4e40227fbeb47\Ribbons.scr
    + 2008-01-19 07:36:17 456,704 ----a-w C:\Windows\winsxs\x86_microsoft-windows-riched32_31bf3856ad364e35_6.0.6001.18000_none_9d00b3d6829ba4d0\riched20.dll
    + 2008-01-19 07:36:17 8,192 ----a-w C:\
    18 Mai 2008 22:31:23

    + 2008-01-19 07:36:49 88,576 ----a-w C:\Windows\winsxs\x86_wcf-infocard_api_dll_31bf3856ad364e35_6.0.6001.18000_none_a3e6fac8afa03682\infocardapi.dll
    + 2008-01-05 11:21:39 112,656 ----a-w C:\Windows\winsxs\x86_wcf-m_sm_cfg_ins_exe_31bf3856ad364e35_6.0.6001.18000_none_00215c101d25ea6b\SMConfigInstaller.exe
    + 2008-01-19 07:31:57 2,560 ----a-w C:\Windows\winsxs\x86_wcf-m_sm_evt_dll_vista_31bf3856ad364e35_6.0.6001.18000_none_786a30e49861a093\ServiceModelEvents.dll
    + 2008-01-19 07:36:49 11,264 ----a-w C:\Windows\winsxs\x86_wcf-m_svc_mon_sup_dll_31bf3856ad364e35_6.0.6001.18000_none_a5de054d4b9e6add\ServiceMonikerSupport.dll
    + 2008-01-05 11:21:38 126,976 ----a-w C:\Windows\winsxs\x86_wcf-system.identitymodel.selectors_b03f5f7f11d50a3a_6.0.6001.18000_none_63714fb13111ef3b\System.IdentityModel.Selectors.dll
    + 2008-01-05 11:21:37 430,080 ----a-w C:\Windows\winsxs\x86_wcf-system.identitymodel_b03f5f7f11d50a3a_6.0.6001.18000_none_25a8604e407e41cd\System.IdentityModel.dll
    + 2008-01-05 11:21:38 131,072 ----a-w C:\Windows\winsxs\x86_wcf-system.io.log_b03f5f7f11d50a3a_6.0.6001.18000_none_da6d95a2bb1e0de2\System.IO.Log.dll
    + 2008-01-05 11:21:38 929,792 ----a-w C:\Windows\winsxs\x86_wcf-system.runtime.serialization_b03f5f7f11d50a3a_6.0.6001.18000_none_0740a79720b4c834\System.Runtime.Serialization.dll
    + 2008-01-05 11:21:38 5,971,968 ----a-w C:\Windows\winsxs\x86_wcf-system.servicemodel_b03f5f7f11d50a3a_6.0.6001.18000_none_14f8b782eb7485e6\System.ServiceModel.dll
    + 2008-01-19 07:41:31 22,072 ----a-w C:\Windows\winsxs\x86_wd.inf_31bf3856ad364e35_6.0.6001.18000_none_13ae4ead610a7b3a\wd.sys
    + 2008-01-19 05:53:23 73,088 ----a-w C:\Windows\winsxs\x86_wdma_usb.inf_31bf3856ad364e35_6.0.6001.18000_none_6d17dba1b6dae561\USBAUDIO.sys
    + 2008-01-19 06:53:03 130,048 ----a-w C:\Windows\winsxs\x86_wdmaudio.inf_31bf3856ad364e35_6.0.6001.18000_none_606759131a25a8c1\drmk.sys
    + 2008-01-19 05:53:16 5,632 ----a-w C:\Windows\winsxs\x86_wdmaudio.inf_31bf3856ad364e35_6.0.6001.18000_none_606759131a25a8c1\drmkaud.sys
    + 2008-01-19 05:53:19 167,936 ----a-w C:\Windows\winsxs\x86_wdmaudio.inf_31bf3856ad364e35_6.0.6001.18000_none_606759131a25a8c1\portcls.sys
    + 2008-01-19 07:36:38 338,944 ----a-w C:\Windows\winsxs\x86_wdmaudio.inf_31bf3856ad364e35_6.0.6001.18000_none_606759131a25a8c1\SysFxUI.dll
    + 2008-01-19 07:36:58 1,312,256 ----a-w C:\Windows\winsxs\x86_wdmaudio.inf_31bf3856ad364e35_6.0.6001.18000_none_606759131a25a8c1\WMALFXGFXDSP.dll
    + 2008-01-19 07:35:13 248,832 ----a-w C:\Windows\winsxs\x86_windowssearchengine-structuredquery_31bf3856ad364e35_6.0.6001.18000_none_a6e4afe86e2c85ae\msshsq.dll
    + 2008-01-19 03:17:42 100,043 ----a-w C:\Windows\winsxs\x86_windowssearchengine..uredqueryschema.bin_31bf3856ad364e35_6.0.6001.18000_none_9784d4f858e3c74e\StructuredQuerySchema.bin
    + 2006-11-02 06:29:53 18,271 ----a-w C:\Windows\winsxs\x86_windowssearchengine..uredqueryschema.bin_31bf3856ad364e35_6.0.6001.18000_none_9784d4f858e3c74e\StructuredQuerySchemaTrivial.bin
    + 2008-01-19 07:35:12 23,552 ----a-w C:\Windows\winsxs\x86_windowssearchengine_31bf3856ad364e35_6.0.6001.18000_none_4a1873b72f5a2088\msscb.dll
    + 2008-01-19 07:35:12 51,200 ----a-w C:\Windows\winsxs\x86_windowssearchengine_31bf3856ad364e35_6.0.6001.18000_none_4a1873b72f5a2088\msscntrs.dll
    + 2008-01-19 07:35:13 98,304 ----a-w C:\Windows\winsxs\x86_windowssearchengine_31bf3856ad364e35_6.0.6001.18000_none_4a1873b72f5a2088\mssitlb.dll
    + 2008-01-19 07:35:13 333,824 ----a-w C:\Windows\winsxs\x86_windowssearchengine_31bf3856ad364e35_6.0.6001.18000_none_4a1873b72f5a2088\mssph.dll
    + 2008-01-19 07:35:13 167,936 ----a-w C:\Windows\winsxs\x86_windowssearchengine_31bf3856ad364e35_6.0.6001.18000_none_4a1873b72f5a2088\mssphtb.dll
    + 2008-01-19 07:35:13 32,256 ----a-w C:\Windows\winsxs\x86_windowssearchengine_31bf3856ad364e35_6.0.6001.18000_none_4a1873b72f5a2088\mssprxy.dll
    + 2008-01-19 07:36:08 1,400,832 ----a-w C:\Windows\winsxs\x86_windowssearchengine_31bf3856ad364e35_6.0.6001.18000_none_4a1873b72f5a2088\mssrch.dll
    + 2008-01-19 07:35:13 52,224 ----a-w C:\Windows\winsxs\x86_windowssearchengine_31bf3856ad364e35_6.0.6001.18000_none_4a1873b72f5a2088\msstrc.dll
    + 2008-01-19 07:35:13 1,696,768 ----a-w C:\Windows\winsxs\x86_windowssearchengine_31bf3856ad364e35_6.0.6001.18000_none_4a1873b72f5a2088\mssvp.dll
    + 2008-01-19 07:36:11 65,536 ----a-w C:\Windows\winsxs\x86_windowssearchengine_31bf3856ad364e35_6.0.6001.18000_none_4a1873b72f5a2088\propdefs.dll
    + 2008-01-19 07:33:28 76,800 ----a-w C:\Windows\winsxs\x86_windowssearchengine_31bf3856ad364e35_6.0.6001.18000_none_4a1873b72f5a2088\SearchFilterHost.exe
    + 2008-01-19 07:33:28 302,080 ----a-w C:\Windows\winsxs\x86_windowssearchengine_31bf3856ad364e35_6.0.6001.18000_none_4a1873b72f5a2088\SearchIndexer.exe
    + 2008-01-19 07:33:28 179,200 ----a-w C:\Windows\winsxs\x86_windowssearchengine_31bf3856ad364e35_6.0.6001.18000_none_4a1873b72f5a2088\SearchProtocolHost.exe
    + 2008-01-19 07:36:42 1,505,792 ----a-w C:\Windows\winsxs\x86_windowssearchengine_31bf3856ad364e35_6.0.6001.18000_none_4a1873b72f5a2088\tquery.dll
    + 2008-01-19 07:33:47 73,216 ----a-w C:\Windows\winsxs\x86_windowssideshowenhanceddriver.inf_31bf3856ad364e35_6.0.6001.18000_none_a4bddb83ceadd56c\AuxiliaryDisplayEnhancedDriver.dll
    + 2006-11-02 09:46:02 22,016 ----a-w C:\Windows\winsxs\x86_winmobil.inf_31bf3856ad364e35_6.0.6001.18000_none_9f841f055f7e71c2\btplugin.dll
    + 2008-01-19 07:33:52 65,536 ----a-w C:\Windows\winsxs\x86_winmobil.inf_31bf3856ad364e35_6.0.6001.18000_none_9f841f055f7e71c2\ceutil.dll
    + 2006-11-02 09:46:04 10,752 ----a-w C:\Windows\winsxs\x86_winmobil.inf_31bf3856ad364e35_6.0.6001.18000_none_9f841f055f7e71c2\dtptdns.dll
    + 2006-11-02 09:46:12 91,136 ----a-w C:\Windows\winsxs\x86_winmobil.inf_31bf3856ad364e35_6.0.6001.18000_none_9f841f055f7e71c2\rapi.dll
    + 2008-01-19 07:36:15 167,936 ----a-w C:\Windows\winsxs\x86_winmobil.inf_31bf3856ad364e35_6.0.6001.18000_none_9f841f055f7e71c2\rapimgr.dll
    + 2006-11-02 09:46:12 14,848 ----a-w C:\Windows\winsxs\x86_winmobil.inf_31bf3856ad364e35_6.0.6001.18000_none_9f841f055f7e71c2\rapispxy.dll
    + 2008-01-19 07:36:15 204,288 ----a-w C:\Windows\winsxs\x86_winmobil.inf_31bf3856ad364e35_6.0.6001.18000_none_9f841f055f7e71c2\rapistub.dll
    + 2006-11-02 09:46:13 16,384 ----a-w C:\Windows\winsxs\x86_winmobil.inf_31bf3856ad364e35_6.0.6001.18000_none_9f841f055f7e71c2\tcp2udp.dll
    + 2008-01-19 07:36:49 365,568 ----a-w C:\Windows\winsxs\x86_winmobil.inf_31bf3856ad364e35_6.0.6001.18000_none_9f841f055f7e71c2\wcescomm.dll
    + 2006-11-02 09:46:13 14,848 ----a-w C:\Windows\winsxs\x86_winmobil.inf_31bf3856ad364e35_6.0.6001.18000_none_9f841f055f7e71c2\wcescpxy.dll
    + 2006-11-02 09:46:14 20,480 ----a-w C:\Windows\winsxs\x86_winmobil.inf_31bf3856ad364e35_6.0.6001.18000_none_9f841f055f7e71c2\wmcoinst.dll
    + 2006-11-02 09:45:59 215,552 ----a-w C:\Windows\winsxs\x86_winmobil.inf_31bf3856ad364e35_6.0.6001.18000_none_9f841f055f7e71c2\wmdSync.exe
    + 2008-01-19 05:53:22 31,616 ----a-w C:\Windows\winsxs\x86_winusb.inf_31bf3856ad364e35_6.0.6001.18000_none_f7f4e48615a15a51\winusb.sys
    + 2008-01-19 07:37:09 220,160 ----a-w C:\Windows\winsxs\x86_wpdfs.inf_31bf3856ad364e35_6.0.6001.18000_none_25ecd581d29bc201\WpdFs.dll
    + 2008-01-19 07:37:08 33,280 ----a-w C:\Windows\winsxs\x86_wpdmtp.inf_31bf3856ad364e35_6.0.6001.18000_none_1f9a45a386b09d41\WpdConns.dll
    + 2006-11-02 09:46:14 151,552 ----a-w C:\Windows\winsxs\x86_wpdmtp.inf_31bf3856ad364e35_6.0.6001.18000_none_1f9a45a386b09d41\WpdMtp.dll
    + 2008-01-19 07:37:09 664,576 ----a-w C:\Windows\winsxs\x86_wpdmtp.inf_31bf3856ad364e35_6.0.6001.18000_none_1f9a45a386b09d41\WpdMtpDr.dll
    + 2008-01-19 07:37:09 66,560 ----a-w C:\Windows\winsxs\x86_wpdmtp.inf_31bf3856ad364e35_6.0.6001.18000_none_1f9a45a386b09d41\WpdMtpIP.dll
    + 2008-01-19 07:37:09 60,928 ----a-w C:\Windows\winsxs\x86_wpdmtp.inf_31bf3856ad364e35_6.0.6001.18000_none_1f9a45a386b09d41\WpdMtpUS.dll
    + 2008-01-19 06:04:19 39,936 ----a-w C:\Windows\winsxs\x86_wpdmtp.inf_31bf3856ad364e35_6.0.6001.18000_none_1f9a45a386b09d41\WpdUsb.sys
    + 2008-01-19 07:37:09 203,776 ----a-w C:\Windows\winsxs\x86_wpdrapi.inf_31bf3856ad364e35_6.0.6001.18000_none_ee0e96a7edd4ffae\WpdRapi.dll
    + 2008-01-05 11:21:52 76,312 ----a-w C:\Windows\winsxs\x86_wpf-penimc_31bf3856ad364e35_6.0.6001.18000_none_abb112e804add3e9\PenIMC.dll
    + 2008-01-05 11:21:52 602,112 ----a-w C:\Windows\winsxs\x86_wpf-presentationbuildtasks_31bf3856ad364e35_6.0.6001.18000_none_500d3ede4d7b8841\PresentationBuildTasks.dll
    + 2008-01-05 11:21:52 106,520 ----a-w C:\Windows\winsxs\x86_wpf-presentationcffrasterizernative_31bf3856ad364e35_6.0.6001.18000_none_c9955f1b8e527136\PresentationCFFRasterizerNative_v0300.dll
    + 2008-01-05 11:21:53 36,864 ----a-w C:\Windows\winsxs\x86_wpf-presentationfontcache_31bf3856ad364e35_6.0.6001.18000_none_059996cf122e11ba\PresentationFontCache.exe
    + 2008-01-05 11:21:53 184,320 ----a-w C:\Windows\winsxs\x86_wpf-presentationframework.aero_31bf3856ad364e35_6.0.6001.18000_none_3283bf9708914ddc\PresentationFramework.Aero.dll
    + 2008-01-05 11:21:53 131,072 ----a-w C:\Windows\winsxs\x86_wpf-presentationframework.classic_31bf3856ad364e35_6.0.6001.18000_none_f469453a29c5abb9\PresentationFramework.Classic.dll
    + 2008-01-05 11:21:53 376,832 ----a-w C:\Windows\winsxs\x86_wpf-presentationframework.luna_31bf3856ad364e35_6.0.6001.18000_none_315e9875093b655f\PresentationFramework.Luna.dll
    + 2008-01-05 11:21:54 151,552 ----a-w C:\Windows\winsxs\x86_wpf-presentationframework.royale_31bf3856ad364e35_6.0.6001.18000_none_eab530f9aa427eef\PresentationFramework.Royale.dll
    + 2008-01-05 11:21:53 5,210,112 ----a-w C:\Windows\winsxs\x86_wpf-presentationframework_31bf3856ad364e35_6.0.6001.18000_none_6e865c0655f667a9\PresentationFramework.dll
    + 2008-01-05 11:21:54 121,368 ----a-w C:\Windows\winsxs\x86_wpf-presentationhostdll_31bf3856ad364e35_6.0.6001.18000_none_700b6d391fff3bc7\PresentationHostDLL.dll
    + 2008-01-05 11:21:54 350,744 ----a-w C:\Windows\winsxs\x86_wpf-presentationhostexe_31bf3856ad364e35_6.0.6001.18000_none_6ff43351201dde39\PresentationHost.exe
    + 2008-01-05 11:21:55 33,304 ----a-w C:\Windows\winsxs\x86_wpf-presentationhostproxy_31bf3856ad364e35_6.0.6001.18000_none_2a8b16ac79cf1d6b\PresentationHostProxy.dll
    + 2008-01-05 11:21:55 779,800 ----a-w C:\Windows\winsxs\x86_wpf-presentationnative_31bf3856ad364e35_6.0.6001.18000_none_56c60bda468048e8\PresentationNative_v0300.dll
    + 2008-01-05 11:21:55 528,384 ----a-w C:\Windows\winsxs\x86_wpf-reachframework_31bf3856ad364e35_6.0.6001.18000_none_002a2b3028b98064\ReachFramework.dll
    + 2008-01-05 11:21:55 688,128 ----a-w C:\Windows\winsxs\x86_wpf-system.speech_31bf3856ad364e35_6.0.6001.18000_none_81bcf03b1c8dd006\System.Speech.dll
    + 2008-01-05 11:21:55 28,672 ----a-w C:\Windows\winsxs\x86_wpf-terminalserverwpfwrapperexe_31bf3856ad364e35_6.0.6001.18000_none_245f3f8acb9f83ce\TsWpfWrp.exe
    + 2008-01-05 11:21:56 163,840 ----a-w C:\Windows\winsxs\x86_wpf-uiautomationclient_31bf3856ad364e35_6.0.6001.18000_none_da78f83041486f09\UIAutomationClient.dll
    + 2008-01-05 11:22:00 372,736 ----a-w C:\Windows\winsxs\x86_wpf-uiautomationclientsideproviders_31bf3856ad364e35_6.0.6001.18000_none_54bc10654e665c78\UIAutomationClientsideProviders.dll
    + 2008-01-05 11:22:00 32,768 ----a-w C:\Windows\winsxs\x86_wpf-uiautomationprovider_31bf3856ad364e35_6.0.6001.18000_none_049cd1558af1e317\UIAutomationProvider.dll
    + 2008-01-05 11:22:00 86,016 ----a-w C:\Windows\winsxs\x86_wpf-uiautomationtypes_31bf3856ad364e35_6.0.6001.18000_none_5d12216d9af08c71\UIAutomationTypes.dll
    + 2008-01-05 11:22:00 1,204,224 ----a-w C:\Windows\winsxs\x86_wpf-windowsbase_31bf3856ad364e35_6.0.6001.18000_none_576d0ce447c61f7f\WindowsBase.dll
    + 2008-01-05 11:22:01 81,920 ----a-w C:\Windows\winsxs\x86_wpf-windowsformsintegration_31bf3856ad364e35_6.0.6001.18000_none_fa1c0f637bd0118b\WindowsFormsIntegration.dll
    + 2008-01-05 11:22:01 14,848 ----a-w C:\Windows\winsxs\x86_wpf-xamlviewer_31bf3856ad364e35_6.0.6001.18000_none_560e4c817cece28f\XamlViewer_v0300.exe
    + 2008-01-05 11:22:01 308,760 ----a-w C:\Windows\winsxs\x86_wpf-xpsviewerexe_31bf3856ad364e35_6.0.6001.18000_none_c9336c81088f402c\XPSViewer.exe
    + 2008-01-19 07:37:10 351,232 ----a-w C:\Windows\winsxs\x86_wsdapi_31bf3856ad364e35_6.0.6001.18000_none_beb38cd34d56a01d\WSDApi.dll
    + 2008-01-19 06:14:59 16,896 ----a-w C:\Windows\winsxs\x86_wsdprint.inf_31bf3856ad364e35_6.0.6001.18000_none_154f3e52b146ef82\WSDPrint.sys
    + 2008-01-19 07:37:10 56,320 ----a-w C:\Windows\winsxs\x86_wsdprint.inf_31bf3856ad364e35_6.0.6001.18000_none_154f3e52b146ef82\WSDPrPxy.dll
    + 2008-01-19 07:37:10 237,056 ----a-w C:\Windows\winsxs\x86_wsdscdrv.inf_31bf3856ad364e35_6.0.6001.18000_none_d03e46f3c9815a07\WSDScDrv.dll
    + 2008-01-19 07:37:10 54,272 ----a-w C:\Windows\winsxs\x86_wsdscdrv.inf_31bf3856ad364e35_6.0.6001.18000_none_d03e46f3c9815a07\WSDScPrx.dll
    + 2008-01-05 11:22:14 1,152,040 ----a-w C:\Windows\winsxs\x86_wwf-system.workflow.activities_31bf3856ad364e35_6.0.6001.18000_none_3265f2e277fead59\System.Workflow.Activities.dll
    + 2008-01-05 11:22:15 1,635,376 ----a-w C:\Windows\winsxs\x86_wwf-system.workflow.componentmodel_31bf3856ad364e35_6.0.6001.18000_none_8be419790e15a8ca\System.Workflow.ComponentModel.dll
    + 2008-01-05 11:22:15 578,592 ----a-w C:\Windows\winsxs\x86_wwf-system.workflow.runtime_31bf3856ad364e35_6.0.6001.18000_none_651add99a006f9de\System.Workflow.Runtime.dll
    + 2008-01-19 05:49:39 521,216 ----a-w C:\Windows\winsxs\x86_xnacc.inf_31bf3856ad364e35_6.0.6001.18000_none_b3ab89be7386e838\xnacc.sys
    .
    -- Snapshot reset to current date --
    .
    ((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    REGEDIT4
    *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 12:34 5724184]
    "Sidebar"="C:\Program Files\windows sidebar\sidebar.exe" [2008-01-19 09:33 1233920]
    "RunSpySweeperScheduleAtStartup"="C:\Windows\system32\msfeedssync.exe" [2008-01-19 09:33 12800]
    "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-05-16 11:40 68856]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-03-28 23:37 413696]
    "avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-05-12 18:39 79224]
    "RtHDVCpl"="RtHDVCpl.exe" [2007-03-23 13:04 4423680 C:\Windows\RtHDVCpl.exe]
    "Skytel"="Skytel.exe" [2007-03-16 09:06 1822720 C:\Windows\SkyTel.exe]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 12:35 90112]
    "Acer Tour Reminder"="C:\Acer\AcerTour\Reminder.exe" [2007-02-15 18:39 151552]

    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
    Outil de mise … jour Google.lnk - C:\Program Files\Google\Google Updater\GoogleUpdater.exe [2008-05-16 11:40:42 124400]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "EnableUIADesktopToggle"= 0 (0x0)

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "msacm.mkdmp3enc"= C:\Acer\EMPOWE~1\eMode\PCM\Kernel\Burner\MKDMP3Enc.ACM

    [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Empowering Technology Launcher.lnk]
    path=C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Empowering Technology Launcher.lnk
    backup=C:\Windows\pss\Empowering Technology Launcher.lnk.CommonStartup
    backupExtension=.CommonStartup

    [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Lancement rapide d'Adobe Reader.lnk]
    path=C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Lancement rapide d'Adobe Reader.lnk
    backup=C:\Windows\pss\Lancement rapide d'Adobe Reader.lnk.CommonStartup
    backupExtension=.CommonStartup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acer Empowering Technology Monitor]
    --a------ 2007-01-24 10:27 319488 C:\Acer\Empowering Technology\SysMonitor.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acer Tour Reminder]
    --a------ 2007-02-15 18:39 151552 C:\Acer\AcerTour\Reminder.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Apanel]
    C:\ACERSW\config\NewSetApanel.cmd

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\avast!]
    --a------ 2008-05-12 18:39 79224 C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BrMfcWnd]
    --a------ 2006-11-24 21:20 622592 C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eDataSecurity Loader]
    --a------ 2007-02-07 00:04 464168 C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IndexSearch]
    --a------ 2005-03-17 20:30 40960 C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Installation Diagnostics]
    --a------ 2006-11-04 11:52 126976 C:\Program Files\Brother\Brmfl06a\Brinstck.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OPTENET_GUI]
    --a------ 2006-12-20 11:14 404536 C:\PROGRA~1\CONTRO~1\bin\optgui.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ORAHSSSessionManager]
    --a------ 2007-07-24 20:03 102400 C:\Program Files\Orange HSS\SessionManager\SessionManager.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PaperPort PTD]
    --a------ 2005-03-17 20:17 57393 C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCMService]
    --a------ 2007-01-12 21:24 151552 C:\Acer\Empowering Technology\eMode\PCM\PCMService.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RtHDVCpl]
    --a------ 2007-03-23 13:04 4423680 C:\Windows\RtHDVCpl.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SetDefPrt]
    --a------ 2006-09-25 15:00 49152 C:\Program Files\Brother\Brmfl06a\BrStDvPt.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sidebar]
    --a------ 2008-01-19 09:33 1233920 C:\Program Files\Windows Sidebar\sidebar.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSBkgdUpdate]
    -ra------ 2003-10-14 11:22 155648 C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SystrayORAHSS]
    --a------ 2007-07-24 20:55 94208 C:\Program Files\Orange HSS\Systray\SystrayApp.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WarReg_PopUp]
    --a------ 2006-11-05 21:48 57344 C:\Acer\WR_PopUp\WarReg_PopUp.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
    --a------ 2008-01-19 09:38 1008184 C:\Program Files\Windows Defender\MSASCui.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
    "DisableMonitoring"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
    "DisableMonitoring"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
    "DisableMonitoring"=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
    "{27A992E8-3191-4058-BDC4-1321D34A3BBD}"= UDP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
    "{825364F4-5206-4106-9837-CCC9FB893293}"= TCP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
    "{7544676B-122D-44D9-B6F1-22A42CF36183}"= UDP:C:\Acer\Empowering Technology\eMode\PCM\PCMService.exe:CyberLink PowerCinema Resident Program
    "{1A18564B-6511-4C7F-B95E-0AD529D9AAFD}"= TCP:C:\Acer\Empowering Technology\eMode\PCM\PCMService.exe:CyberLink PowerCinema Resident Program
    "{EFE8DCAE-7635-4074-8040-2F5EFE92AEF2}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
    "TCP Query User{CC2F451E-58E2-4CEB-9778-9889EF6753B5}C:\\program files\\internet explorer\\iexplore.exe"= UDP:C:\program files\internet explorer\iexplore.exe:Internet Explorer
    "UDP Query User{A092B5EF-2A9E-457D-AFDD-83032F337ECE}C:\\program files\\internet explorer\\iexplore.exe"= TCP:C:\program files\internet explorer\iexplore.exe:Internet Explorer
    "TCP Query User{D25745B1-95F3-4832-A669-FF44238389F0}C:\\program files\\emule\\emule.exe"= UDP:C:\program files\emule\emule.exe:eMule
    "UDP Query User{9EF2A851-2043-44C5-96F7-13B14F4D4751}C:\\program files\\emule\\emule.exe"= TCP:C:\program files\emule\emule.exe:eMule
    "TCP Query User{0D88BB8A-3781-421D-90A8-4A0A17CCE82C}C:\\users\\valé\\desktop\\emule.exe"= UDP:C:\users\valé\desktop\emule.exe:emule.exe
    "UDP Query User{E28ED3C4-CBEC-4878-B4A3-4C80FBA2B731}C:\\users\\valé\\desktop\\emule.exe"= TCP:C:\users\valé\desktop\emule.exe:emule.exe
    "{FD296680-6964-4303-B774-A71048275A9B}"= UDP:C:\Program Files\LimeWire\LimeWire.exe:LimeWire
    "{74800000-A9BE-4677-A665-C95407F31A35}"= TCP:C:\Program Files\LimeWire\LimeWire.exe:LimeWire
    "TCP Query User{4000FA29-C2F3-483D-8770-8B6E182F43D7}C:\\program files\\microsoft games\\age of empires ii trial\\empires2.exe"= UDP:C:\program files\microsoft games\age of empires ii trial\empires2.exe:Age of Empires II
    "UDP Query User{C9ABFA1D-2067-48E1-93E5-C7A1C51B73F6}C:\\program files\\microsoft games\\age of empires ii trial\\empires2.exe"= TCP:C:\program files\microsoft games\age of empires ii trial\empires2.exe:Age of Empires II
    "TCP Query User{BEEBB5A9-D3D6-42D6-A8DD-7B32CDBE31B8}C:\\program files\\atari\\act of war - direct action\\actofwar.exe"= UDP:C:\program files\atari\act of war - direct action\actofwar.exe:ACTOFWAR
    "UDP Query User{433E1A6D-84ED-4539-B7FB-C420C3246243}C:\\program files\\atari\\act of war - direct action\\actofwar.exe"= TCP:C:\program files\atari\act of war - direct action\actofwar.exe:ACTOFWAR
    "{705A1F68-7AD4-457B-BA4C-CFB94991DF8A}"= Disabled:UDP:C:\Program Files\IncrediMail\bin\ImApp.exe:IncrediMail
    "{3A821033-8E50-41D1-81DC-94F818A78F94}"= Disabled:TCP:C:\Program Files\IncrediMail\bin\ImApp.exe:IncrediMail
    "{6B2C169B-6A3F-4D8C-9F33-F8B7C43AC420}"= Disabled:UDP:C:\Program Files\IncrediMail\bin\ImpCnt.exe:IncrediMail
    "{4A341FDE-7435-4EF9-BEF9-F3501FB00517}"= Disabled:TCP:C:\Program Files\IncrediMail\bin\ImpCnt.exe:IncrediMail
    "{B1EC8C9E-2ADA-4A2D-8DD3-581054046069}"= Disabled:UDP:C:\Program Files\IncrediMail\bin\IncMail.exe:IncrediMail
    "{6552E66E-61C9-4A58-A233-D649EFF1CCB4}"= Disabled:TCP:C:\Program Files\IncrediMail\bin\IncMail.exe:IncrediMail

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
    "C:\\Program Files\\Orange HSS\\Connectivity\\ConnectivityManager.exe"= C:\Program Files\Orange HSS\Connectivity\ConnectivityManager.exe:*:enabled:CSS

    R0 AtiPcie;ATI PCI Express (3GIO) Filter;C:\Windows\system32\DRIVERS\AtiPcie.sys [2006-10-30 05:22]
    R0 PSDFilter;PSDFilter;C:\Windows\system32\DRIVERS\psdfilter.sys [2007-02-07 00:04]
    R0 PSDNServ;PSDNSERVER;C:\Windows\system32\drivers\PSDNServ.sys [2007-02-07 00:04]
    R0 psdvdisk;psdvdisk;C:\Windows\system32\drivers\psdvdisk.sys [2007-02-07 00:04]
    R1 aswSP;avast! Self Protection;C:\Windows\system32\drivers\aswSP.sys [2008-05-12 18:36]
    R2 aswFsBlk;aswFsBlk;C:\Windows\system32\DRIVERS\aswFsBlk.sys [2008-05-12 18:38]
    R2 aswMonFlt;aswMonFlt;C:\Windows\system32\DRIVERS\aswMonFlt.sys [2008-05-12 18:37]
    R3 atikmdag;atikmdag;C:\Windows\system32\DRIVERS\atikmdag.sys [2007-03-14 16:04]
    R3 yukonwlh;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk60x86.sys [2007-07-31 09:22]
    S3 Boonty Games;Boonty Games;"C:\Program Files\Common Files\BOONTY Shared\Service\Boonty.exe" [2008-05-05 19:51]
    S3 PCAMp50;PCAMp50 NDIS Protocol Driver;C:\Windows\system32\Drivers\PCAMp50.sys [2006-11-28 22:46]
    S3 PCASp50;PCASp50 NDIS Protocol Driver;C:\Windows\system32\Drivers\PCASp50.sys [2006-11-28 22:46]
    S4 eDataSecurity Service;eDSService.exe;"C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe" [2007-02-07 00:04]
    S4 OPTENET_FILTER;Orange Contrôle Parental;C:\Program Files\Controle Parental\bin\optproxy.exe [2006-12-21 20:15]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a7e75b1e-1381-11dd-b847-001c2531a75a}]
    \shell\Auto\command - cmd /C launch.bat
    \shell\AutoRun\command - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL cmd /C launch.bat

    .
    Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
    "2008-05-18 19:10:05 C:\Windows\Tasks\User_Feed_Synchronization-{86D4E83F-E95F-4147-B654-0255350728CB}.job"
    - C:\Windows\system32\msfeedssync.exe
    .
    **************************************************************************

    catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-05-18 21:30:56
    Windows 6.0.6001 Service Pack 1 NTFS

    Balayage processus cachés ...

    Balayage caché autostart entries ...

    HKCU\Software\Microsoft\Windows\CurrentVersion\Run
    msnmsgr = "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background??s

    Balayage des fichiers cachés ...

    Scan terminé avec succès
    Les fichiers cachés: 0

    **************************************************************************
    .
    Temps d'accomplissement: 2008-05-18 21:33:02
    ComboFix-quarantined-files.txt 2008-05-18 19:32:54
    ComboFix2.txt 2008-05-17 17:07:18
    ComboFix3.txt 2008-05-15 14:01:06

    Pre-Run: 92,342,521,856 octets libres
    Post-Run: 92,310,884,352 octets libres

    7624 --- E O F --- 2008-05-18 13:49:53
    18 Mai 2008 22:42:29

    le rapport hijackthis :


    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 22:31:32, on 18/05/2008
    Platform: Windows Vista SP1 (WinNT 6.00.1905)
    MSIE: Internet Explorer v7.00 (7.00.6001.18000)
    Boot mode: Normal

    Running processes:
    C:\Windows\system32\Dwm.exe
    C:\Program Files\Alwil Software\Avast4\ashDisp.exe
    C:\Windows\RtHDVCpl.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Program Files\Google\Google Updater\GoogleUpdater.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\wbem\unsecapp.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Program Files\Internet Explorer\ieuser.exe
    C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\AlertModule\0\AlertModule.exe
    C:\Windows\Explorer.exe
    C:\Program Files\Orange HSS\Launcher\Launcher.exe
    C:\Program Files\Orange HSS\connectivity\connectivitymanager.exe
    C:\Program Files\Orange HSS\systray\systrayapp.exe
    C:\Program Files\Orange HSS\Deskboard\deskboard.exe
    C:\Program Files\Orange HSS\connectivity\CoreCom\CoreCom.exe
    C:\Program Files\Orange HSS\connectivity\CoreCom\OraConfigRecover.exe
    C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\FTCOMModule\0\FTCOMModule.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Windows Live\Messenger\msnmsgr.exe
    C:\Windows\system32\Macromed\Flash\FlashUtil9e.exe
    C:\Users\Valé\Desktop\anti-virus\HiJackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.01net.com/telecharger/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.01net.com/telecharger/
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    O1 - Hosts: ::1 localhost
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: EoRezoBHO - {64F56FC1-1272-44CD-BA6E-39723696E350} - C:\Program Files\EoRezo\EoAdv\EoRezoBHO.dll (file missing)
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
    O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\system32\eDStoolbar.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
    O4 - HKLM\..\Run: [Skytel] Skytel.exe
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
    O4 - HKCU\..\Run: [Sidebar] "C:\Program Files\windows sidebar\sidebar.exe" /autoRun
    O4 - HKCU\..\Run: [RunSpySweeperScheduleAtStartup] "C:\Windows\system32\msfeedssync.exe" /ScheduleSweep=User_Feed_Synchronization-{86D4E83F-E95F-4147-B654-0255350728CB}
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKUS\S-1-5-18\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (User 'SYSTEM')
    O4 - HKUS\S-1-5-18\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (User 'Default user')
    O4 - Global Startup: Outil de mise à jour Google.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
    O9 - Extra button: (no name) - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - (no file)
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
    O13 - Gopher Prefix:
    O15 - Trusted Zone: http://www.orange.fr
    O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    O23 - Service: Boonty Games - BOONTY - C:\Program Files\Common Files\BOONTY Shared\Service\Boonty.exe
    O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

    --
    End of file - 6501 bytes



    merci et bonne nuit !!!
    a b 8 Sécurité
    19 Mai 2008 13:32:40

    Clic droit sur Hijackthis -> Exécuter en tant qu'administrateur

    Fix les lignes dans le cadre ci-dessous avec Hijackthis : AIDE EN IMAGES

    O2 - BHO: EoRezoBHO - {64F56FC1-1272-44CD-BA6E-39723696E350} - C:\Program Files\EoRezo\EoAdv\EoRezoBHO.dll (file missing)
    O4 - HKCU\..\Run: [RunSpySweeperScheduleAtStartup] "C:\Windows\system32\msfeedssync.exe" /ScheduleSweep=User_Feed_Synchronization-{86D4E83F-E95F-4147-B654-0255350728CB}
    19 Mai 2008 17:05:37

    salut !
    c'est fait,voici le nouveau rapport hijackthis :


    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 17:05:32, on 19/05/2008
    Platform: Windows Vista SP1 (WinNT 6.00.1905)
    MSIE: Internet Explorer v7.00 (7.00.6001.18000)
    Boot mode: Normal

    Running processes:
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Program Files\Alwil Software\Avast4\ashDisp.exe
    C:\Windows\RtHDVCpl.exe
    C:\Program Files\Windows Live\Messenger\msnmsgr.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Program Files\Google\Google Updater\GoogleUpdater.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\wbem\unsecapp.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Windows\System32\mobsync.exe
    C:\Program Files\Orange HSS\Launcher\Launcher.exe
    C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\AlertModule\0\AlertModule.exe
    C:\Program Files\Orange HSS\connectivity\connectivitymanager.exe
    C:\Program Files\Orange HSS\systray\systrayapp.exe
    C:\Program Files\Orange HSS\Deskboard\deskboard.exe
    C:\Program Files\Orange HSS\connectivity\CoreCom\CoreCom.exe
    C:\Program Files\Orange HSS\connectivity\CoreCom\OraConfigRecover.exe
    C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\FTCOMModule\0\FTCOMModule.exe
    C:\Program Files\Internet Explorer\IEUser.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Windows\system32\Macromed\Flash\FlashUtil9e.exe
    C:\Users\Valé\Desktop\anti-virus\HiJackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.01net.com/telecharger/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.01net.com/telecharger/
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    O1 - Hosts: ::1 localhost
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
    O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\system32\eDStoolbar.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
    O4 - HKLM\..\Run: [Skytel] Skytel.exe
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
    O4 - HKCU\..\Run: [Sidebar] "C:\Program Files\windows sidebar\sidebar.exe" /autoRun
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKUS\S-1-5-18\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (User 'SYSTEM')
    O4 - HKUS\S-1-5-18\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (User 'Default user')
    O4 - Global Startup: Outil de mise à jour Google.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
    O9 - Extra button: (no name) - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - (no file)
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
    O13 - Gopher Prefix:
    O15 - Trusted Zone: http://www.orange.fr
    O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    O23 - Service: Boonty Games - BOONTY - C:\Program Files\Common Files\BOONTY Shared\Service\Boonty.exe
    O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

    --
    End of file - 6241 bytes
    a b 8 Sécurité
    19 Mai 2008 18:48:00

    Encore des soucis ?
    19 Mai 2008 23:16:55

    non ca va mieux !!!
    je te remerci de ton aide qui a ete tres presieuse.
    et bonne continuation sur le site...
    a b 8 Sécurité
    20 Mai 2008 12:22:44

    Bon surf ;) 

  • Télécharge ToolsCleaner sur ton Bureau.
  • Clique sur Recherche et laisse le scan se terminer.
  • Clique sur Suppression pour finaliser.
  • Clique sur Quitter, pour que le rapport puisse se créer.
  • Poste le rapport (TCleaner.txt) qui se trouve à la racine de ton disque dur (C:\)

    Désactive puis réactive la restauration du système : Voir aide

    Ajoute maintenant [Résolu] au titre de ton sujet. Pour cela :
    * Clique dans ton premier message sur le bouton "Editer" :
    * Rajoute la mention [Résolu] au titre
    * Clique ensuite sur "Valider votre message"

    Lis le dossier dossier sur la prévention et la protection pour ne plus avoir ce genre de problème en cliquant sur l'image ci-dessous :


    20 Mai 2008 16:08:16

    slt,
    quand je veux metre toolsCleaner2 en route, le programme ne répond pas !
    a b 8 Sécurité
    20 Mai 2008 19:20:26

    Pas grave. Supprime Hijackthis & co à la main.
    a b 8 Sécurité
    20 Mai 2008 19:58:17

    Ok ;) 
    20 Mai 2008 20:07:24

    merci pour tous !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
    Tom's guide dans le monde
    • Allemagne
    • Italie
    • Irlande
    • Royaume Uni
    • Etats Unis
    Suivre Tom's Guide
    Inscrivez-vous à la Newsletter
    • ajouter à twitter
    • ajouter à facebook
    • ajouter un flux RSS