Win32 beagle virus attack

alisafi, le samedi 14 juin 2008 à 23:24:51

Bonsoir,
Je suis arrivé, apres une lutte de 24 heures a executer ComboFix, et HijackThis, j'ai du installer sur une autre partition windows xp, et sur cette installation , j'ai pus executer elibagla-9875, cette action m'a permis ensuite de pouvoir installer kaspersky , une trial version, spyboot egalement sur l'ancienne istallation de windows; ces deux logitiels ont indiqués plusieurs problemes du a ce virus win32 win32.Beagle, ils ont pus corriger certains problemes , j'ai pus ensuite installer sp3 , je retrouve un fonctionnement quasi normal du fonctionnement de mon pc
voici les rapports de conmbofix et HijackThis
merci de me dire si mon Pc est encore infecté ou non

ComboFix 08-06-12.2 - user 06/14/2008 21:01:59.1 - NTFSx86
Microsoft Windows XP Edition familiale 5.1.2600.3.1256.1.1036.18.276 [GMT 2:00]
Endroit: C:\Documents and Settings\user\Bureau\ComboFix.exe
* Création d'un nouveau point de restauration

[color=red]AVERTISSEMENT - LA CONSOLE DE RةCUPةRATION N'EST PAS INSTALLةE SUR CETTE MACHINE !!/color
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\A2\real.txt
C:\Documents and Settings\user\real.txt
C:\WINDOWS\explorer.exe.tmp
C:\WINDOWS\system32\drivers\downld
C:\WINDOWS\system32\drivers\downld\14496937.exe
C:\WINDOWS\system32\drivers\downld\14553796.exe
C:\WINDOWS\system32\drivers\downld\14659296.exe
C:\WINDOWS\system32\drivers\downld\14673015.exe
C:\WINDOWS\system32\drivers\downld\14685593.exe
C:\WINDOWS\system32\drivers\downld\14695187.exe
C:\WINDOWS\system32\drivers\downld\607296.exe
C:\WINDOWS\system32\drivers\downld\625515.exe
C:\WINDOWS\system32\drivers\downld\67281.exe
C:\WINDOWS\system32\drivers\downld\70218.exe
C:\WINDOWS\system32\drivers\downld\71906.exe
C:\WINDOWS\system32\drivers\downld\72265.exe
C:\WINDOWS\system32\real.txt

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_SROSA

((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-05-14 to 2008-06-14 ))))))))))))))))))))))))))))))))))))
.

Pas de nouveau fichier cr‚‚ dans cet espace de temps

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-14 19:59 --------- d-----w C:\Program Files\MSN Messenger
2008-06-14 19:08 --------- d-----w C:\Documents and Settings\user\Application Data\OpenOffice.org2
2008-06-14 19:07 --------- d-----w C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-06-14 19:05 5,641,248 --sha-w C:\WINDOWS\system32\drivers\fidbox.dat
2008-06-14 19:05 47,248 --sha-w C:\WINDOWS\system32\drivers\fidbox.idx
2008-06-14 19:05 458,784 --sha-w C:\WINDOWS\system32\drivers\fidbox2.dat
2008-06-14 19:05 4,744 --sha-w C:\WINDOWS\system32\drivers\fidbox2.idx
2008-06-14 19:00 --------- d-----w C:\Documents and Settings\user\Application Data\Free Download Manager
2008-06-14 18:57 96,966 ----a-w C:\WINDOWS\system32\drivers\klin.dat
2008-06-14 18:57 88,774 ----a-w C:\WINDOWS\system32\drivers\klick.dat
2008-06-14 18:39 --------- d-----w C:\Program Files\Kaspersky Lab
2008-06-14 18:32 --------- d-----w C:\Program Files\Secunia
2008-06-14 12:10 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-06-14 12:08 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-06-14 04:16 --------- d-----w C:\Program Files\SuperCopier2
2008-06-14 04:15 --------- d-----w C:\Program Files\MP3 WAV Converter
2008-06-14 04:13 --------- d-----w C:\Program Files\BearFlix
2008-06-13 10:25 --------- d-----w C:\Program Files\Lavasoft
2008-06-13 10:25 --------- d-----w C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-06-13 10:24 --------- d-----w C:\Program Files\Fichiers communs\Wise Installation Wizard
2008-06-12 21:18 78,415 ----a-w C:\WINDOWS\system32\drivers\klif.cab
2008-06-12 21:15 --------- d-----w C:\Documents and Settings\A3\Application Data\OpenOffice.org2
2008-06-12 11:57 --------- d-----w C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files
2008-06-12 10:34 --------- d-----w C:\Program Files\McAfee
2008-06-12 06:01 74,752 ----a-w C:\WINDOWS\ST6UNST.EXE
2008-06-12 06:01 290,816 ------w C:\WINDOWS\Setup1.exe
2008-06-11 18:52 --------- d-----w C:\Documents and Settings\user\Application Data\Skype
2008-06-11 14:03 --------- d-----w C:\Documents and Settings\user\Application Data\skypePM
2008-06-11 12:52 --------- d-----w C:\Documents and Settings\All Users\Application Data\Messenger Plus!
2008-06-11 06:57 --------- d-----w C:\Program Files\Messenger Plus! Live
2008-06-11 06:53 32 ----a-w C:\Documents and Settings\All Users\Application Data\ezsid.dat
2008-06-11 06:52 --------- d-----w C:\Program Files\Skype
2008-06-11 06:52 --------- d-----w C:\Program Files\Fichiers communs\Skype
2008-06-11 06:52 --------- d-----w C:\Documents and Settings\All Users\Application Data\Skype
2008-06-10 13:40 --------- d-----w C:\Program Files\eMule
2008-06-10 13:38 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-06-10 10:56 --------- d-----w C:\Program Files\Windows Live
2008-06-10 10:50 --------- d-----w C:\Program Files\SatelliteTVforPC
2008-06-09 19:40 --------- d-----w C:\Program Files\Apple Software Update
2008-06-09 19:40 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple
2008-06-09 16:29 --------- d-----w C:\Documents and Settings\user\Application Data\AdobeUM
2008-06-09 06:49 --------- d-----w C:\Program Files\Nod32
2008-06-08 22:53 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-06-08 12:42 --------- d-----w C:\Documents and Settings\A2\Application Data\Apple Computer
2008-06-06 20:11 --------- d-----w C:\Program Files\@Last Software
2008-06-06 20:07 --------- d-----w C:\Program Files\Google
2008-06-01 23:38 --------- d-----w C:\Program Files\Eduserv
2008-05-31 13:12 --------- d-----w C:\Program Files\nLite
2008-05-30 12:03 1,483 ----a-w C:\Program Files\uninstal.log
2008-05-30 11:32 --------- d-----w C:\Program Files\VideoLAN
2008-05-30 06:24 1,248 ----a-w C:\vlxjaw3o.sys
2008-05-24 19:51 --------- d-----w C:\Program Files\Automate unDRM
2008-05-23 21:04 --------- d-----w C:\Documents and Settings\A2\Application Data\vlc
2008-05-18 01:40 --------- d-----w C:\Documents and Settings\All Users\Application Data\Ulead Systems
2008-05-18 01:38 --------- d-----w C:\Program Files\TP
2008-05-17 18:21 --------- d-----w C:\Program Files\Ligos
2008-05-17 18:17 36,734 ----a-w C:\WINDOWS\system32\OggDSuninst.exe
2008-05-17 18:17 --------- d-----w C:\Program Files\NimoCodec Pack
2008-05-17 18:17 --------- d-----w C:\Program Files\ffdshow
2008-05-17 18:15 --------- d-----w C:\Program Files\AC3Filter
2008-05-17 11:21 --------- d-----w C:\Documents and Settings\A1\Application Data\Ulead Systems
2008-05-17 07:54 --------- d-----w C:\Documents and Settings\A2\Application Data\Ulead Systems
2008-05-17 07:17 --------- d-----w C:\Documents and Settings\A3\Application Data\Ulead Systems
2008-05-16 17:40 --------- d-----w C:\Program Files\QuickTime
2008-05-16 17:39 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-05-16 09:58 12,632 ----a-w C:\WINDOWS\system32\lsdelete.exe
2008-05-14 16:31 --------- d-----w C:\Program Files\UIU
2008-05-13 21:03 --------- d-----w C:\Documents and Settings\user\Application Data\Apple Computer
2008-05-13 20:48 --------- d-----w C:\Documents and Settings\user\Application Data\Ulead Systems
2008-05-13 20:33 --------- d-----w C:\Program Files\Intel
2008-05-13 20:30 --------- d-----w C:\Program Files\SmartSound Software
2008-05-13 20:30 --------- d-----w C:\Documents and Settings\All Users\Application Data\SmartSound Software Inc
2008-05-13 20:28 --------- d-----w C:\Program Files\Windows Media Components
2008-05-13 20:28 --------- d-----w C:\Documents and Settings\All Users\Application Data\InstallShield
2008-05-13 20:27 --------- d-----w C:\Program Files\Fichiers communs\InstallShield
2008-05-13 17:55 --------- d-----w C:\Documents and Settings\user\Application Data\BSplayer Pro
2008-05-13 17:50 --------- d-----w C:\Program Files\FLVPlayer
2008-05-11 08:26 --------- d-----w C:\Documents and Settings\A2\Application Data\DivX
2008-05-08 14:02 203,136 ----a-w C:\WINDOWS\system32\drivers\rmcast.sys
2008-05-07 05:11 1,294,336 ----a-w C:\WINDOWS\system32\quartz.dll
2008-05-05 22:09 --------- d-----w C:\Program Files\Macromedia
2008-05-01 09:18 --------- d-----w C:\Program Files\beausoft
2008-05-01 09:12 --------- d-----w C:\Program Files\Cracklock
2008-04-30 21:34 --------- d-----w C:\Program Files\Fichiers communs\xing shared
2008-04-30 21:34 --------- d-----w C:\Program Files\Fichiers communs\Real
2008-04-30 21:33 499,712 ----a-w C:\WINDOWS\system32\msvcp71.dll
2008-04-30 21:33 348,160 ----a-w C:\WINDOWS\system32\msvcr71.dll
2008-04-30 21:33 --------- d-----w C:\Program Files\Real
2008-04-30 15:41 --------- d-----w C:\Program Files\ImTOO
2008-04-29 21:38 --------- dcsh--w C:\Program Files\Fichiers communs\WindowsLiveInstaller
2008-04-29 16:35 --------- d-----w C:\Program Files\YesMessenger
2008-04-29 09:20 15,648 ----a-w C:\WINDOWS\system32\drivers\NSDriver.sys
2008-04-29 09:19 15,648 ----a-w C:\WINDOWS\system32\drivers\Awrtrd.sys
2008-04-29 09:19 12,960 ----a-w C:\WINDOWS\system32\drivers\Awrtpd.sys
2008-04-27 16:22 --------- d-----w C:\Program Files\DivX
2008-04-27 08:26 --------- d-----w C:\Program Files\Java
2008-04-27 08:22 --------- d-----w C:\Program Files\CAPCOM
2008-04-27 06:01 --------- d-----w C:\Program Files\Ubisoft
2008-04-25 16:22 206,088 ----a-w C:\WINDOWS\system32\klogon.dll
2008-04-25 16:21 26,964 ----a-w C:\WINDOWS\system32\drivers\klopp.dat
.
[code]<pre>
----a-w 22,918,720 2007-07-21 16:16:37 C:\Program Files\eMule\Incoming\antivirus\(kav) kaspersky anti virus 7.0.0.125 fr + licence key\kav7.0.0.125fr .exe
</pre>/code

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C}]
04/25/2008 06:22 PM 62728 --a------ C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ievkbd.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [04/13/2008 07:34 PM 15360]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [01/28/2008 11:43 AM 2097488]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"VTTimer"="VTTimer.exe" [03/07/2005 09:33 PM 53248 C:\WINDOWS\system32\VTTimer.exe]
"VTTrayp"="VTtrayp.exe" [10/31/2005 10:15 PM 163840 C:\WINDOWS\system32\VTTrayp.exe]
"SoundMan"="SOUNDMAN.EXE" [03/01/2006 10:22 AM 577536 C:\WINDOWS\soundman.exe]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [02/22/2008 04:25 AM 144784]
"HP Software Update"="C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe" [06/25/2003 12:24 PM 49152]
"HP Component Manager"="C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" [10/23/2003 08:51 PM 233472]
"HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe" [07/28/2003 03:43 PM 188416]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [10/22/2006 02:22 PM 7700480]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [10/22/2006 02:22 PM 86016]
"TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [04/30/2008 11:33 PM 185896]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [03/28/2008 11:37 PM 413696]
"PremierOpinion"="C:\Program Files\PremierOpinion\pmropn.exe" [ ]
"AVP"="C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe" [04/25/2008 06:21 PM 201992]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [04/13/2008 07:34 PM 15360]
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [06/11/2008 03:29 PM 5674352]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\PremierOpinion]
C:\Program Files\PremierOpinion\pmls.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.JPGL"= jpgl.dll
"msacm.divxa32"= DivXa32.acm

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sacsvr]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sglfb.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\tga.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\wd.sys]
@="Driver"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Metacafe.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Metacafe.lnk
backup=C:\WINDOWS\pss\Metacafe.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^user^Menu Démarrer^Programmes^Démarrage^Metacafe.lnk]
path=C:\Documents and Settings\user\Menu Démarrer\Programmes\Démarrage\Metacafe.lnk
backup=C:\WINDOWS\pss\Metacafe.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdVantage]
C:\Program Files\AdVantage\AdVantage.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\amva]
C:\WINDOWS\system32\amvo.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BearFlix]
C:\Program Files\BearFlix\BearFlix.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Flash Media]
C:\WINDOWS\system32\% %% %^%^% ^^%% %^^^ ^ ^%%^% ^^% ^.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Free Download Manager]
--a------ 08/21/2006 01:24 AM 2068527 C:\Program Files\Free Download Manager\fdm.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--------- 04/13/2008 07:34 PM 1695232 C:\Program Files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
C:\PROGRA~1\WI1F86~1\MESSEN~1\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
--a--c--- 10/22/2006 02:22 PM 1622016 C:\WINDOWS\system32\nwiz.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PremierOpinion]
C:\Program Files\PremierOpinion\pmropn.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\runner1]
C:\WINDOWS\mrofinu1423.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\McAfee\\Common Framework\\FrameworkService.exe"=
"C:\\Program Files\\eMule\\eMule.exe"=
"C:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=

R0 klbg;Kaspersky Lab Boot Guard Driver;C:\WINDOWS\system32\drivers\klbg.sys [01/29/2008 06:29 PM]
R0 videX32;videX32;C:\WINDOWS\system32\DRIVERS\videX32.sys [02/23/2006 05:38 AM]
R0 xfilt;VIA SATA IDE Hot-plug Driver;C:\WINDOWS\system32\DRIVERS\xfilt.sys [02/23/2006 05:39 AM]
R3 KLFLTDEV;Kaspersky Lab KLFltDev;C:\WINDOWS\system32\DRIVERS\klfltdev.sys [03/13/2008 07:02 PM]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;C:\WINDOWS\system32\DRIVERS\klim5.sys [03/25/2008 08:07 PM]
S3 DCamUSBNW802;Mustek Wcam 300;C:\WINDOWS\system32\DRIVERS\pcam.sys [07/24/2001 08:50 PM]
S3 PSI;PSI;C:\WINDOWS\system32\DRIVERS\psi_mf.sys [04/23/2008 01:56 PM]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{66442c35-2104-11dd-99fb-0019213a951c}]
\Shell\??\command - D:\taipingtianguov1.1.exe
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL taipingtianguov1.1.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b4afdfaf-da4f-11dc-ad0c-806d6172696f}]
\Shell\AutoRun\command - H:\x.com
\Shell\explore\Command - H:\x.com
\Shell\open\Command - H:\x.com

.
Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
"2008-06-09 19:40:58 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-14 21:07:42
Windows 5.1.2600 Service Pack 3 NTFS

Balayage processus cach‚s ...

Balayage cach‚ autostart entries ...

Balayage des fichiers cach‚s ...

Scan termin‚ avec succٹs
Les fichiers cach‚s: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\MagicDisc\MagicDisc.exe
C:\Program Files\Secunia\PSI (RC2)\psi.exe
C:\Program Files\OpenOffice.org 2.3\program\soffice.exe
C:\Program Files\OpenOffice.org 2.3\program\soffice.bin
C:\WINDOWS\system32\wscntfy.exe
.
**************************************************************************
.
Temps d'accomplissement: 06/14/2008 21:10:48 - machine was rebooted
ComboFix-quarantined-files.txt 2008-06-14 19:10:43

Pre-Run: 2,503,217,152 octets libres
Post-Run: 2,682,966,016 octets libres

267 --- E O F --- 2008-06-14 15:42:20

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:08:16, on 14-06-2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\VTTimer.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\MagicDisc\MagicDisc.exe
C:\Program Files\Secunia\PSI (RC2)\psi.exe
C:\Program Files\OpenOffice.org 2.3\program\soffice.exe
C:\Program Files\OpenOffice.org 2.3\program\soffice.BIN
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ievkbd.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdmcks.dll
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [PremierOpinion] C:\Program Files\PremierOpinion\pmropn.exe -boot
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RESEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: MagicDisc.lnk = C:\Program Files\MagicDisc\MagicDisc.exe
O4 - Startup: OpenOffice.org 2.3.lnk = C:\Program Files\OpenOffice.org 2.3\program\quickstart.exe
O4 - Startup: Secunia PSI (RC2).lnk = C:\Program Files\Secunia\PSI (RC2)\psi.exe
O8 - Extra context menu item: Ajouter à Kaspersky Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ie_banner_deny.htm
O8 - Extra context menu item: Download all with Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm
O8 - Extra context menu item: Download selected with Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Download with Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Statistiques de la protection du trafic Internet - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\SCIEPlgn.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: PremierOpinion - C:\Program Files\PremierOpinion\pmls.dll (file missing)
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Kaspersky Internet Security (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
End of file - 7578 bytes

Configuration: Windows XP
Internet Explorer 7.0

Répondre à alisafi Signaler ce message aux modérateurs Aller au dernier message

Ce message vous semble utile, votez !
Signaler ce message aux modérateurs

higelin22, le dimanche 15 juin 2008 à 01:21:38

saliut
fait un scan only avec hijackthis
puis coche ceci

O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O20 - Winlogon Notify: PremierOpinion - C:\Program Files\PremierOpinion\pmls.dll (file missing)

ensuite fait fix checked.....

redemarre et refait un rapport hijackthis que tu post ici s t plait

Répondre à higelin22

Ce message vous semble utile, votez !
Signaler ce message aux modérateurs

alisafi, le dimanche 15 juin 2008 à 09:26:59

Bonjour , merci pour ta reponse, je le ferais ce soir en rentrant
merci encore

Répondre à alisafi

Ce message vous semble utile, votez !
Signaler ce message aux modérateurs

DeNisCoOl, le dimanche 15 juin 2008 à 09:43:08

salut alisafi et higelin22,

Pour aider un peu,

/!\ Manip crée spécialement pour cet utilisateur , ne pas reproduire chez soi ... /!\

------------------------------
Créer un nouveau document texte : clic droit de souris sur le bureau > Nouveau > Document Texte, et y coller les lignes suivantes :

Registry::
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PremierOpinion]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\PremierOpinion]

File::
C:\Program Files\PremierOpinion\pmropn.exe

Folder::
C:\Program Files\PremierOpinion\

Enregistre ce fichier sous le nom CFScript

► Déconnecte toi d'Internet et referme les fenêtres de tous les programmes en cours.

► Désactive provisoirement et seulement le temps de l'utilisation de ComboFix, la protection en temps réel de ton Antivirus et de tes Antispywares, qui peuvent gêner fortement la procédure de recherche et de nettoyage de l'outil.

* Faire un glisser/déposer de ce fichier CFScript sur le fichier ComboFix.exe comme montré sur ce lien :
http://img.photobucket.com/albums/v666/sUBs/CFScript.gif
* Une fenêtre bleue va apparaître: au message qui apparaît (Type 1 to continue, or 2 to abort) ,taper 1 puis valider.
* Patienter le temps du scan. Le bureau va disparaître à plusieurs reprises: c'est normal!
* Ne toucher à rien tant que le scan n'est pas terminé.
* Une fois le scan achevé, un rapport va s'afficher: poster son contenu, en précisant où en sont les soucis.

* Si le fichier ne s'ouvre pas, il se trouve ici ==> C:\ComboFix.txt

Tu pourras ensuite cocher et fixer la ligne suivante si nécessaire :
O4 - HKLM\..\Run: [PremierOpinion] C:\Program Files\PremierOpinion\pmropn.exe -boot

A+

Denis Attendez avant de crier victoire, on vous dira quand tout est propre :-) (GMT-5h: Québec, CA)
Si la réponse vous convient, dites le, cela aidera la communauté CCM, par avance merci

Répondre à DeNisCoOl

Ce message vous semble utile, votez !
Signaler ce message aux modérateurs

green day, le dimanche 15 juin 2008 à 09:49:34

Salut :)

au lieu de mettre ceci :

/!\ Manip crée spécialement pour cet utilisateur , ne pas reproduire chez soi ... /!\

tu devrais plutôt mettre ceci :

"utilisateur débutant : ne pas reproduire seul, sous peine de faire planter votre système"

ce sera déjà plus correcte :)

@+ Chaque voyage est le rêve d'une nouvelle naissance (Jean Royer)
Green day alias : Foxboro Hot Tubs

Répondre à green day

Ce message vous semble utile, votez !
Signaler ce message aux modérateurs

alisafi, le dimanche 15 juin 2008 à 21:39:00

salut a tous;
voila Denis, j'ai fais ce que tu m'as suggerer de faire , je voulais te dire que j'ai deja , avant de faire cette manipulation , j'ai deja supprimer le dossier premieropinion avec tout son contenu ,
Voice le rapport que je vien d'obtenir

ComboFix 08-06-12.2 - user1 06/15/2008 21:21:40.2 - NTFSx86
Microsoft Windows XP Edition familiale 5.1.2600.3.1256.1.1036.18.245 [GMT 2:00]
Endroit: C:\Documents and Settings\user1\Bureau\ComboFix.exe
Command switches used :: C:\Documents and Settings\user1\Bureau\CFScript.txt
* Création d'un nouveau point de restauration

[color=red][b]AVERTISSEMENT - LA CONSOLE DE RةCUPةRATION N'EST PAS INSTALLةE SUR CETTE MACHINE !!/b /color

FILE ::
C:\Program Files\PremierOpinion\pmropn.exe
.

((((((((((((((((((((((((((((( Fichiers créés 2008-05-15 to 2008-06-15 ))))))))))))))))))))))))))))))))))))
.

Pas de nouveau fichier créé dans cet espace de temps

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-15 19:20 --------- d-----w C:\Documents and Settings\user1\Application Data\OpenOffice.org2
2008-06-15 19:04 --------- d-----w C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-06-15 15:48 507,936 --sha-w C:\WINDOWS\system32\drivers\fidbox2.dat
2008-06-15 15:48 5,641,248 --sha-w C:\WINDOWS\system32\drivers\fidbox.dat
2008-06-15 15:48 47,248 --sha-w C:\WINDOWS\system32\drivers\fidbox.idx
2008-06-15 15:48 4,912 --sha-w C:\WINDOWS\system32\drivers\fidbox2.idx
2008-06-15 06:36 --------- d-----w C:\Program Files\eMule
2008-06-14 22:02 --------- d-----w C:\Program Files\aMSN
2008-06-14 20:02 --------- d-----w C:\Program Files\Trend Micro
2008-06-14 19:59 --------- d-----w C:\Program Files\MSN Messenger
2008-06-14 19:00 --------- d-----w C:\Documents and Settings\user1\Application Data\Free Download Manager
2008-06-14 18:57 96,966 ----a-w C:\WINDOWS\system32\drivers\klin.dat
2008-06-14 18:57 88,774 ----a-w C:\WINDOWS\system32\drivers\klick.dat
2008-06-14 18:39 --------- d-----w C:\Program Files\Kaspersky Lab
2008-06-14 18:32 --------- d-----w C:\Program Files\Secunia
2008-06-14 12:10 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-06-14 12:08 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-06-14 04:16 --------- d-----w C:\Program Files\SuperCopier2
2008-06-14 04:15 --------- d-----w C:\Program Files\MP3 WAV Converter
2008-06-14 04:13 --------- d-----w C:\Program Files\BearFlix
2008-06-13 10:25 --------- d-----w C:\Program Files\Lavasoft
2008-06-13 10:25 --------- d-----w C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-06-13 10:24 --------- d-----w C:\Program Files\Fichiers communs\Wise Installation Wizard
2008-06-12 21:18 78,415 ----a-w C:\WINDOWS\system32\drivers\klif.cab
2008-06-12 21:15 --------- d-----w C:\Documents and Settings\A3\Application Data\OpenOffice.org2
2008-06-12 11:57 --------- d-----w C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files
2008-06-12 10:34 --------- d-----w C:\Program Files\McAfee
2008-06-12 06:01 74,752 ----a-w C:\WINDOWS\ST6UNST.EXE
2008-06-12 06:01 290,816 ------w C:\WINDOWS\Setup1.exe
2008-06-11 18:52 --------- d-----w C:\Documents and Settings\user1\Application Data\Skype
2008-06-11 14:03 --------- d-----w C:\Documents and Settings\user1\Application Data\skypePM
2008-06-11 12:52 --------- d-----w C:\Documents and Settings\All Users\Application Data\Messenger Plus!
2008-06-11 06:57 --------- d-----w C:\Program Files\Messenger Plus! Live
2008-06-11 06:53 32 ----a-w C:\Documents and Settings\All Users\Application Data\ezsid.dat
2008-06-11 06:52 --------- d-----w C:\Program Files\Skype
2008-06-11 06:52 --------- d-----w C:\Program Files\Fichiers communs\Skype
2008-06-11 06:52 --------- d-----w C:\Documents and Settings\All Users\Application Data\Skype
2008-06-10 13:38 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-06-10 10:56 --------- d-----w C:\Program Files\Windows Live
2008-06-10 10:50 --------- d-----w C:\Program Files\SatelliteTVforPC
2008-06-09 19:40 --------- d-----w C:\Program Files\Apple Software Update
2008-06-09 19:40 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple
2008-06-09 16:29 --------- d-----w C:\Documents and Settings\user1\Application Data\AdobeUM
2008-06-09 06:49 --------- d-----w C:\Program Files\Nod32
2008-06-08 22:53 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-06-08 12:42 --------- d-----w C:\Documents and Settings\A2\Application Data\Apple Computer
2008-06-06 20:11 --------- d-----w C:\Program Files\@Last Software
2008-06-06 20:07 --------- d-----w C:\Program Files\Google
2008-06-01 23:38 --------- d-----w C:\Program Files\Eduserv
2008-05-31 13:12 --------- d-----w C:\Program Files\nLite
2008-05-30 12:03 1,483 ----a-w C:\Program Files\uninstal.log
2008-05-30 11:32 --------- d-----w C:\Program Files\VideoLAN
2008-05-30 06:24 1,248 ----a-w C:\vlxjaw3o.sys
2008-05-24 19:51 --------- d-----w C:\Program Files\Automate unDRM
2008-05-23 21:04 --------- d-----w C:\Documents and Settings\A2\Application Data\vlc
2008-05-18 01:40 --------- d-----w C:\Documents and Settings\All Users\Application Data\Ulead Systems
2008-05-18 01:38 --------- d-----w C:\Program Files\TP
2008-05-17 18:21 --------- d-----w C:\Program Files\Ligos
2008-05-17 18:17 36,734 ----a-w C:\WINDOWS\system32\OggDSuninst.exe
2008-05-17 18:17 --------- d-----w C:\Program Files\NimoCodec Pack
2008-05-17 18:17 --------- d-----w C:\Program Files\ffdshow
2008-05-17 18:15 --------- d-----w C:\Program Files\AC3Filter
2008-05-17 11:21 --------- d-----w C:\Documents and Settings\A1\Application Data\Ulead Systems
2008-05-17 07:54 --------- d-----w C:\Documents and Settings\A2\Application Data\Ulead Systems
2008-05-17 07:17 --------- d-----w C:\Documents and Settings\A3\Application Data\Ulead Systems
2008-05-16 17:40 --------- d-----w C:\Program Files\QuickTime
2008-05-16 17:39 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-05-16 09:58 12,632 ----a-w C:\WINDOWS\system32\lsdelete.exe
2008-05-14 16:31 --------- d-----w C:\Program Files\UIU
2008-05-13 21:03 --------- d-----w C:\Documents and Settings\user1\Application Data\Apple Computer
2008-05-13 20:48 --------- d-----w C:\Documents and Settings\user1\Application Data\Ulead Systems
2008-05-13 20:33 --------- d-----w C:\Program Files\Intel
2008-05-13 20:30 --------- d-----w C:\Program Files\SmartSound Software
2008-05-13 20:30 --------- d-----w C:\Documents and Settings\All Users\Application Data\SmartSound Software Inc
2008-05-13 20:28 --------- d-----w C:\Program Files\Windows Media Components
2008-05-13 20:28 --------- d-----w C:\Documents and Settings\All Users\Application Data\InstallShield
2008-05-13 20:27 --------- d-----w C:\Program Files\Fichiers communs\InstallShield
2008-05-13 17:55 --------- d-----w C:\Documents and Settings\user1\Application Data\BSplayer Pro
2008-05-13 17:50 --------- d-----w C:\Program Files\FLVPlayer
2008-05-11 08:26 --------- d-----w C:\Documents and Settings\A2\Application Data\DivX
2008-05-08 14:02 203,136 ----a-w C:\WINDOWS\system32\drivers\rmcast.sys
2008-05-07 05:11 1,294,336 ----a-w C:\WINDOWS\system32\quartz.dll
2008-05-05 22:09 --------- d-----w C:\Program Files\Macromedia
2008-05-01 09:18 --------- d-----w C:\Program Files\beausoft
2008-05-01 09:12 --------- d-----w C:\Program Files\Cracklock
2008-04-30 21:34 --------- d-----w C:\Program Files\Fichiers communs\xing shared
2008-04-30 21:34 --------- d-----w C:\Program Files\Fichiers communs\Real
2008-04-30 21:33 499,712 ----a-w C:\WINDOWS\system32\msvcp71.dll
2008-04-30 21:33 348,160 ----a-w C:\WINDOWS\system32\msvcr71.dll
2008-04-30 21:33 --------- d-----w C:\Program Files\Real
2008-04-30 15:41 --------- d-----w C:\Program Files\ImTOO
2008-04-29 21:38 --------- dcsh--w C:\Program Files\Fichiers communs\WindowsLiveInstaller
2008-04-29 16:35 --------- d-----w C:\Program Files\YesMessenger
2008-04-29 09:20 15,648 ----a-w C:\WINDOWS\system32\drivers\NSDriver.sys
2008-04-29 09:19 15,648 ----a-w C:\WINDOWS\system32\drivers\Awrtrd.sys
2008-04-29 09:19 12,960 ----a-w C:\WINDOWS\system32\drivers\Awrtpd.sys
2008-04-27 16:22 --------- d-----w C:\Program Files\DivX
2008-04-27 08:26 --------- d-----w C:\Program Files\Java
2008-04-27 08:22 --------- d-----w C:\Program Files\CAPCOM
2008-04-27 06:01 --------- d-----w C:\Program Files\Ubisoft
.
[code]<pre>
----a-w 22,918,720 2007-07-21 16:16:37 C:\Program Files\eMule\Incoming\antivirus\(kav) kaspersky anti virus 7.0.0.125 fr + licence key\kav7.0.0.125fr .exe
</pre>/code

((((((((((((((((((((((((((((( snapshot@Sat 06-14-2008_21.10.25.57 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-03-01 12:34:26 124,928 ----a-w C:\WINDOWS\$hf_mig$\KB947864-IE7\SP2QFE\advpack.dll
+ 2008-03-01 12:34:26 347,136 ----a-w C:\WINDOWS\$hf_mig$\KB947864-IE7\SP2QFE\dxtmsft.dll
+ 2008-03-01 12:34:26 214,528 ----a-w C:\WINDOWS\$hf_mig$\KB947864-IE7\SP2QFE\dxtrans.dll
+ 2008-03-01 12:34:27 132,608 ----a-w C:\WINDOWS\$hf_mig$\KB947864-IE7\SP2QFE\extmgr.dll
+ 2008-03-01 12:34:27 63,488 ----a-w C:\WINDOWS\$hf_mig$\KB947864-IE7\SP2QFE\icardie.dll
+ 2008-02-22 09:39:56 70,656 ----a-w C:\WINDOWS\$hf_mig$\KB947864-IE7\SP2QFE\ie4uinit.exe
+ 2008-03-01 12:34:27 153,088 ----a-w C:\WINDOWS\$hf_mig$\KB947864-IE7\SP2QFE\ieakeng.dll
+ 2008-03-01 12:34:27 230,400 ----a-w C:\WINDOWS\$hf_mig$\KB947864-IE7\SP2QFE\ieaksie.dll
+ 2008-02-15 05:44:25 161,792 ----a-w C:\WINDOWS\$hf_mig$\KB947864-IE7\SP2QFE\ieakui.dll
+ 2007-04-17 09:32:38 2,455,488 ----a-w C:\WINDOWS\$hf_mig$\KB947864-IE7\SP2QFE\ieapfltr.dat
+ 2008-03-01 12:34:27 383,488 ----a-w C:\WINDOWS\$hf_mig$\KB947864-IE7\SP2QFE\ieapfltr.dll
+ 2008-03-01 12:34:27 388,608 ----a-w C:\WINDOWS\$hf_mig$\KB947864-IE7\SP2QFE\iedkcs32.dll
+ 2008-03-01 12:34:29 6,067,712 ----a-w C:\WINDOWS\$hf_mig$\KB947864-IE7\SP2QFE\ieframe.dll
+ 2008-03-01 12:34:29 44,544 ----a-w C:\WINDOWS\$hf_mig$\KB947864-IE7\SP2QFE\iernonce.dll
+ 2008-03-01 12:34:29 267,776 ----a-w C:\WINDOWS\$hf_mig$\KB947864-IE7\SP2QFE\iertutil.dll
+ 2008-02-22 09:39:56 13,824 ----a-w C:\WINDOWS\$hf_mig$\KB947864-IE7\SP2QFE\ieudinit.exe
+ 2008-02-22 09:40:22 625,664 ----a-w C:\WINDOWS\$hf_mig$\KB947864-IE7\SP2QFE\iexplore.exe
+ 2008-03-01 12:34:30 27,648 ----a-w C:\WINDOWS\$hf_mig$\KB947864-IE7\SP2QFE\jsproxy.dll
+ 2008-03-01 12:34:30 459,264 ----a-w C:\WINDOWS\$hf_mig$\KB947864-IE7\SP2QFE\msfeeds.dll
+ 2008-03-01 12:34:30 52,224 ----a-w C:\WINDOWS\$hf_mig$\KB947864-IE7\SP2QFE\msfeedsbs.dll
+ 2008-03-01 12:34:32 3,593,216 ----a-w C:\WINDOWS\$hf_mig$\KB947864-IE7\SP2QFE\mshtml.dll
+ 2008-03-01 12:34:32 478,208 ----a-w C:\WINDOWS\$hf_mig$\KB947864-IE7\SP2QFE\mshtmled.dll
+ 2008-03-01 12:34:32 193,024 ----a-w C:\WINDOWS\$hf_mig$\KB947864-IE7\SP2QFE\msrating.dll
+ 2008-03-01 12:34:32 671,232 ----a-w C:\WINDOWS\$hf_mig$\KB947864-IE7\SP2QFE\mstime.dll
+ 2008-03-01 12:34:32 102,912 ----a-w C:\WINDOWS\$hf_mig$\KB947864-IE7\SP2QFE\occache.dll
+ 2008-03-01 12:34:32 44,544 ----a-w C:\WINDOWS\$hf_mig$\KB947864-IE7\SP2QFE\pngfilt.dll
+ 2008-03-01 12:34:32 105,984 ----a-w C:\WINDOWS\$hf_mig$\KB947864-IE7\SP2QFE\url.dll
+ 2008-03-01 12:34:33 1,162,752 ----a-w C:\WINDOWS\$hf_mig$\KB947864-IE7\SP2QFE\urlmon.dll
+ 2008-03-01 12:34:33 233,472 ----a-w C:\WINDOWS\$hf_mig$\KB947864-IE7\SP2QFE\webcheck.dll
+ 2008-03-01 12:34:33 827,392 ----a-w C:\WINDOWS\$hf_mig$\KB947864-IE7\SP2QFE\wininet.dll
+ 2007-03-06 01:34:33 15,072 ----a-w C:\WINDOWS\$hf_mig$\KB947864-IE7\spmsg.dll
+ 2007-03-06 01:34:38 216,800 ----a-w C:\WINDOWS\$hf_mig$\KB947864-IE7\spuninst.exe
+ 2007-03-06 01:34:31 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB947864-IE7\update\spcustom.dll
+ 2007-03-06 01:34:56 727,776 ----a-w C:\WINDOWS\$hf_mig$\KB947864-IE7\update\update.exe
+ 2007-03-06 01:35:48 394,976 ----a-w C:\WINDOWS\$hf_mig$\KB947864-IE7\update\updspapi.dll
+ 2006-05-25 08:29:04 213,216 -c----w C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe
+ 2006-05-25 08:29:04 371,424 -c----w C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\updspapi.dll
+ 2006-05-24 10:32:48 213,216 -c----w C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe
+ 2006-05-24 10:32:48 371,424 -c----w C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\updspapi.dll
- 2008-06-14 15:37:10 1,257,472 ----a-w C:\WINDOWS\assembly\GAC\System.Web\1.0.5000.0__b03f5f7f11d50a3a\System.Web.dll
+ 2008-06-14 19:38:02 1,265,664 ----a-w C:\WINDOWS\assembly\GAC\System.Web\1.0.5000.0__b03f5f7f11d50a3a\System.Web.dll
- 2008-06-14 15:37:17 1,224,704 ----a-w C:\WINDOWS\assembly\GAC\System\1.0.5000.0__b77a5c561934e089\System.dll
+ 2008-06-14 19:38:03 1,232,896 ----a-w C:\WINDOWS\assembly\GAC\System\1.0.5000.0__b77a5c561934e089\System.dll
- 2008-04-29 21:41:08 68,608 ----a-w C:\WINDOWS\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
+ 2008-06-14 19:29:43 68,608 ----a-w C:\WINDOWS\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
- 2008-04-29 21:41:38 72,192 ----a-w C:\WINDOWS\assembly\GAC_32\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
+ 2008-06-14 19:29:54 72,192 ----a-w C:\WINDOWS\assembly\GAC_32\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
- 2008-04-29 21:41:41 4,308,992 ----a-w C:\WINDOWS\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll
+ 2008-06-14 19:29:54 4,308,992 ----a-w C:\WINDOWS\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll
- 2008-04-29 21:41:44 482,304 ----a-w C:\WINDOWS\assembly\GAC_32\System.Data.OracleClient\2.0.0.0__b77a5c561934e089\System.Data.OracleClient.dll
+ 2008-06-14 19:29:56 482,304 ----a-w C:\WINDOWS\assembly\GAC_32\System.Data.OracleClient\2.0.0.0__b77a5c561934e089\System.Data.OracleClient.dll
- 2008-04-29 21:41:30 2,878,976 ----a-w C:\WINDOWS\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
+ 2008-06-14 19:29:51 2,902,016 ----a-w C:\WINDOWS\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
- 2008-04-29 21:41:00 258,048 ----a-w C:\WINDOWS\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
+ 2008-06-14 19:29:36 258,048 ----a-w C:\WINDOWS\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
- 2008-04-29 21:41:00 114,176 ----a-w C:\WINDOWS\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
+ 2008-06-14 19:29:36 114,176 ----a-w C:\WINDOWS\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
- 2008-04-29 21:41:59 260,096 ----a-w C:\WINDOWS\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
+ 2008-06-14 19:30:02 260,096 ----a-w C:\WINDOWS\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
- 2008-04-29 21:41:18 5,025,792 ----a-w C:\WINDOWS\assembly\GAC_32\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dll
+ 2008-06-14 19:29:46 5,156,864 ----a-w C:\WINDOWS\assembly\GAC_32\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dll
- 2008-04-29 21:41:07 10,752 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
+ 2008-06-14 19:29:41 10,752 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
- 2008-04-29 21:40:59 503,808 ----a-w C:\WINDOWS\assembly\GAC_MSIL\AspNetMMCExt\2.0.0.0__b03f5f7f11d50a3a\AspNetMMCExt.dll
+ 2008-06-14 19:29:35 507,904 ----a-w C:\WINDOWS\assembly\GAC_MSIL\AspNetMMCExt\2.0.0.0__b03f5f7f11d50a3a\AspNetMMCExt.dll
- 2008-04-29 21:41:01 13,312 ----a-w C:\WINDOWS\assembly\GAC_MSIL\cscompmgd\8.0.0.0__b03f5f7f11d50a3a\cscompmgd.dll
+ 2008-06-14 19:29:38 13,312 ----a-w C:\WINDOWS\assembly\GAC_MSIL\cscompmgd\8.0.0.0__b03f5f7f11d50a3a\cscompmgd.dll
- 2008-04-29 21:41:35 8,192 ----a-w C:\WINDOWS\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a\IEExecRemote.dll
+ 2008-06-14 19:29:52 8,192 ----a-w C:\WINDOWS\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a\IEExecRemote.dll
- 2008-04-29 21:41:36 36,864 ----a-w C:\WINDOWS\assembly\GAC_MSIL\IEHost\2.0.0.0__b03f5f7f11d50a3a\IEHost.dll
+ 2008-06-14 19:29:53 36,864 ----a-w C:\WINDOWS\assembly\GAC_MSIL\IEHost\2.0.0.0__b03f5f7f11d50a3a\IEHost.dll
- 2008-04-29 21:41:37 5,632 ----a-w C:\WINDOWS\assembly\GAC_MSIL\IIEHost\2.0.0.0__b03f5f7f11d50a3a\IIEHost.dll
+ 2008-06-14 19:29:53 5,632 ----a-w C:\WINDOWS\assembly\GAC_MSIL\IIEHost\2.0.0.0__b03f5f7f11d50a3a\IIEHost.dll
- 2008-04-29 21:41:03 413,696 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.Build.Engine\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Engine.dll
+ 2008-06-14 19:29:39 413,696 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.Build.Engine\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Engine.dll
- 2008-04-29 21:41:03 36,864 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.Build.Framework\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll
+ 2008-06-14 19:29:39 36,864 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.Build.Framework\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll
- 2008-04-29 21:41:05 647,168 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.Build.Tasks\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Tasks.dll
+ 2008-06-14 19:29:41 647,168 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.Build.Tasks\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Tasks.dll
- 2008-04-29 21:41:06 73,728 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.Build.Utilities\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.dll
+ 2008-06-14 19:29:41 73,728 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.Build.Utilities\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.dll
- 2008-04-29 21:41:02 745,472 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.JScript\8.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
+ 2008-06-14 19:29:39 749,568 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.JScript\8.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
- 2008-04-29 21:42:04 110,592 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll
+ 2008-06-14 19:30:04 110,592 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll
- 2008-04-29 21:42:03 372,736 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll
+ 2008-06-14 19:30:03 372,736 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll
- 2008-04-29 21:40:57 28,672 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.VisualBasic.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Vsa.dll
+ 2008-06-14 19:29:33 28,672 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.VisualBasic.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Vsa.dll
- 2008-04-29 21:42:02 667,648 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
+ 2008-06-14 19:30:03 667,648 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
- 2008-04-29 21:42:06 5,632 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.VisualC\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll
+ 2008-06-14 19:30:04 5,632 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.VisualC\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll
- 2008-04-29 21:40:58 12,800 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.Vsa.Vb.CodeDOMProcessor\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.Vb.CodeDOMProcessor.dll
+ 2008-06-14 19:29:35 12,800 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.Vsa.Vb.CodeDOMProcessor\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.Vb.CodeDOMProcessor.dll
- 2008-04-29 21:40:58 32,768 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.dll
+ 2008-06-14 19:29:34 32,768 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.dll
- 2008-04-29 21:40:58 7,168 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft_VsaVb\8.0.0.0__b03f5f7f11d50a3a\Microsoft_VsaVb.dll
+ 2008-06-14 19:29:34 7,168 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft_VsaVb\8.0.0.0__b03f5f7f11d50a3a\Microsoft_VsaVb.dll
- 2008-04-29 21:41:51 110,592 ----a-w C:\WINDOWS\assembly\GAC_MSIL\sysglobl\2.0.0.0__b03f5f7f11d50a3a\sysglobl.dll
+ 2008-06-14 19:29:59 110,592 ----a-w C:\WINDOWS\assembly\GAC_MSIL\sysglobl\2.0.0.0__b03f5f7f11d50a3a\sysglobl.dll
- 2008-04-29 21:41:09 81,920 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Configuration.Install\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll
+ 2008-06-14 19:29:43 81,920 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Configuration.Install\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll
- 2008-04-29 21:41:52 389,120 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.configuration.dll
+ 2008-06-14 19:29:59 413,696 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.configuration.dll
- 2008-04-29 21:41:46 716,800 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Data.SqlXml\2.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll
+ 2008-06-14 19:29:57 716,800 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Data.SqlXml\2.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll
- 2008-04-29 21:41:00 884,736 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Deployment\2.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll
+ 2008-06-14 19:29:37 888,832 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Deployment\2.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll
- 2008-04-29 21:41:34 5,050,368 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Design\2.0.0.0__b03f5f7f11d50a3a\System.Design.dll
+ 2008-06-14 19:29:51 5,001,216 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Design\2.0.0.0__b03f5f7f11d50a3a\System.Design.dll
- 2008-04-29 21:41:11 188,416 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.DirectoryServices.Protocols\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll
+ 2008-06-14 19:29:44 188,416 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.DirectoryServices.Protocols\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll
- 2008-04-29 21:41:10 397,312 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.DirectoryServices\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll
+ 2008-06-14 19:29:43 397,312 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.DirectoryServices\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll
- 2008-04-29 21:41:13 81,920 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Drawing.Design\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.Design.dll
+ 2008-06-14 19:29:45 81,920 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Drawing.Design\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.Design.dll
- 2008-04-29 21:41:57 700,416 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
+ 2008-06-14 19:30:01 577,536 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
- 2008-04-29 21:41:47 368,640 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll
+ 2008-06-14 19:29:57 372,736 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll
- 2008-04-29 21:41:58 258,048 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Messaging\2.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll
+ 2008-06-14 19:30:01 258,048 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Messaging\2.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll
- 2008-04-29 21:41:48 299,008 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
+ 2008-06-14 19:29:58 299,008 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
- 2008-04-29 21:41:50 131,072 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
+ 2008-06-14 19:29:58 131,072 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
- 2008-04-29 21:41:08 258,048 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Security\2.0.0.0__b03f5f7f11d50a3a\System.Security.dll
+ 2008-06-14 19:29:42 258,048 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Security\2.0.0.0__b03f5f7f11d50a3a\System.Security.dll
- 2008-04-29 21:41:15 114,688 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
+ 2008-06-14 19:29:45 114,688 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
- 2008-04-29 21:42:00 835,584 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Web.Mobile\2.0.0.0__b03f5f7f11d50a3a\System.Web.Mobile.dll
+ 2008-06-14 19:30:02 835,584 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Web.Mobile\2.0.0.0__b03f5f7f11d50a3a\System.Web.Mobile.dll
- 2008-04-29 21:41:20 86,016 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Web.RegularExpressions\2.0.0.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll
+ 2008-06-14 19:29:46 86,016 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Web.RegularExpressions\2.0.0.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll
- 2008-04-29 21:41:22 823,296 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Web.Services\2.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll
+ 2008-06-14 19:29:47 823,296 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Web.Services\2.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll
- 2008-04-29 21:41:25 5,316,608 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
+ 2008-06-14 19:29:48 5,152,768 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
- 2008-04-29 21:41:28 2,035,712 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.XML.dll
+ 2008-06-14 19:29:49 2,027,520 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.XML.dll
- 2008-04-29 21:41:55 3,018,752 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll
+ 2008-06-14 19:30:00 2,940,928 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll
+ 2008-06-14 19:46:20 26,624 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Accessibility\[u]0/u34a44742647d86bbaa1c8f15b7cb528\Accessibility.ni.dll
+ 2008-06-14 19:46:31 888,832 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\AspNetMMCExt\bb304cec0361eca66b0fa89d1a59e969\AspNetMMCExt.ni.dll
+ 2008-06-14 19:46:34 237,568 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\CustomMarshalers\a6eea31abed00f52cc062c424092dafd\CustomMarshalers.ni.dll
+ 2008-06-14 19:46:32 15,360 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\dfsvc\1dd3efadaa530f2449dc13c568ea5164\dfsvc.ni.exe
+ 2008-06-14 19:46:38 880,640 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Eng#\6930d162678847a01f47fed348873e15\Microsoft.Build.Engine.ni.dll
+ 2008-06-14 19:46:39 81,920 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Fra#\a2f7cb74d513ff512c4bec4c300aaa15\Microsoft.Build.Framework.ni.dll
+ 2008-06-14 19:46:47 1,687,552 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Tas#\917a297b2ea5a0f5fbd388a4259c26ba\Microsoft.Build.Tasks.ni.dll
+ 2008-06-14 19:46:50 163,840 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Uti#\c9adde7899f180b78f199267c84fa3a0\Microsoft.Build.Utilities.ni.dll
+ 2008-06-14 19:46:57 1,720,320 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\[u]0/u44886a99768c9ee6dfae01b295354c9\Microsoft.VisualBasic.ni.dll
+ 2008-06-14 19:33:59 11,304,960 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\1fb9d8194c139bc9c29600e687c112b6\mscorlib.ni.dll
+ 2008-06-14 19:47:04 1,003,520 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\c4ec8ced34ef9ab8954cff5bf5d0fc05\System.Configuration.ni.dll
+ 2008-06-14 19:34:34 6,676,480 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Data\ab5532e25121f69c1df505c56ed62fab\System.Data.ni.dll
+ 2008-06-14 19:47:07 1,724,416 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Deployment\600ab411d9ec3bc2df23b85bf663d9f9\System.Deployment.ni.dll
+ 2008-06-14 19:34:51 10,702,848 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Design\51b0a2ce84b66381e636f67a29179050\System.Design.ni.dll
+ 2008-06-14 19:47:14 512,000 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\[u]0/ufa46f97e5901f66384d24c91953fca1\System.DirectoryServices.Protocols.ni.dll
+ 2008-06-14 19:47:12 1,216,512 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\bcb19767b1dd92ea6ead4713747a3f9d\System.DirectoryServices.ni.dll
+ 2008-06-14 19:34:55 229,376 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing.Desi#\df7ec312ebe9d15ba00294c1e1b3a5c6\System.Drawing.Design.ni.dll
+ 2008-06-14 19:34:54 1,601,536 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\171abffae7d81afa0a1f913aa092d753\System.Drawing.ni.dll
+ 2008-06-14 19:47:17 659,456 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\[u]0/ucb936db5338057a6eefd08d17cf1749\System.EnterpriseServices.ni.dll
+ 2008-06-14 19:47:17 294,912 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\[u]0/ucb936db5338057a6eefd08d17cf1749\System.EnterpriseServices.Wrapper.dll
+ 2008-06-14 19:47:20 729,088 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Security\531fdb92069c959eb4c7f6fc87a2c943\System.Security.ni.dll
+ 2008-06-14 19:47:22 684,032 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Transactions\1f04130d373d41e907397eb57ba046bb\System.Transactions.ni.dll
+ 2008-06-14 19:48:11 2,306,048 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web.Mobile\830d818643869a46b45df035b39913c0\System.Web.Mobile.ni.dll
+ 2008-06-14 19:48:12 237,568 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web.RegularE#\[u]0/u83e36946f184bd0578406e00584e953\System.Web.RegularExpressions.ni.dll
+ 2008-06-14 19:48:17 1,941,504 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web.Services\2861d1fbebc0438e1a199f430e2dec4c\System.Web.Services.ni.dll
+ 2008-06-14 19:47:59 12,185,600 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web\d1df715e50f008d994d12ef39606a565\System.Web.ni.dll
+ 2008-06-14 19:35:19 13,107,200 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c137809123042cafa5275b677638c165\System.Windows.Forms.ni.dll
+ 2008-06-14 19:35:35 5,623,808 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\8fbebde964c57f779f777a2c19c75919\System.Xml.ni.dll
+ 2008-06-14 19:34:21 8,130,560 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\30bad1d3e889c7b60f85b092688c76de\System.ni.dll
+ 2008-06-14 19:38:28 61,440 ----a-w C:\WINDOWS\assembly\NativeImages1_v1.1.4322\CustomMarshalers\1.0.5000.0__b03f5f7f11d50a3a_51a447fc\CustomMarshalers.dll
+ 2008-06-14 19:39:03 3,391,488 ----a-w C:\WINDOWS\assembly\NativeImages1_v1.1.4322\mscorlib\1.0.5000.0__b77a5c561934e089_e9fa9258\mscorlib.dll
+ 2008-06-14 19:38:54 1,470,464 ----a-w C:\WINDOWS\assembly\NativeImages1_v1.1.4322\System.Design\1.0.5000.0__b03f5f7f11d50a3a_c77643f8\System.Design.dll
+ 2008-06-14 19:38:30 90,112 ----a-w C:\WINDOWS\assembly\NativeImages1_v1.1.4322\System.Drawing.Design\1.0.5000.0__b03f5f7f11d50a3a_49978b5b\System.Drawing.Design.dll
+ 2008-06-14 19:38:57 835,584 ----a-w C:\WINDOWS\assembly\NativeImages1_v1.1.4322\System.Drawing\1.0.5000.0__b03f5f7f11d50a3a_6cf8aa9d\System.Drawing.dll
+ 2008-06-14 19:38:40 3,018,752 ----a-w C:\WINDOWS\assembly\NativeImages1_v1.1.4322\System.Windows.Forms\1.0.5000.0__b77a5c561934e089_ec048a9c\System.Windows.Forms.dll
+ 2008-06-14 19:38:49 2,088,960 ----a-w C:\WINDOWS\assembly\NativeImages1_v1.1.4322\System.Xml\1.0.5000.0__b77a5c561934e089_416362b4\System.Xml.dll
+ 2008-06-14 19:38:26 1,966,080 ----a-w C:\WINDOWS\assembly\NativeImages1_v1.1.4322\System\1.0.5000.0__b77a5c561934e089_0e2d43cd\System.dll
- 2008-06-14 19:06:29 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-06-15 19:04:01 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-04-13 17:33:20 61,440 -c----w C:\WINDOWS\ie7\admparse.dll
+ 2008-04-13 17:33:20 101,888 -c----w C:\WINDOWS\ie7\advpack.dll
+ 2008-04-13 17:33:24 33,792 -c----w C:\WINDOWS\ie7\custsat.dll
+ 2008-04-13 17:33:24 357,888 -c----w C:\WINDOWS\ie7\dxtmsft.dll
+ 2008-04-13 17:33:24 205,312 -c----w C:\WINDOWS\ie7\dxtrans.dll
+ 2008-04-13 17:33:26 55,808 -c----w C:\WINDOWS\ie7\extmgr.dll
+ 2008-04-13 17:33:28 38,912 -c----w C:\WINDOWS\ie7\hmmapi.dll
+ 2008-04-13 17:34:08 34,304 -c----w C:\WINDOWS\ie7\ie4uinit.exe
+ 2008-04-13 17:33:28 143,360 -c----w C:\WINDOWS\ie7\ieakeng.dll
+ 2008-04-13 17:33:28 221,184 -c----w C:\WINDOWS\ie7\ieaksie.dll
+ 2003-04-24 12:00:00 245,760 -c----w C:\WINDOWS\ie7\ieakui.dll
+ 2008-04-13 17:33:28 323,584 -c----w C:\WINDOWS\ie7\iedkcs32.dll
+ 2008-04-13 17:34:08 18,432 -c----w C:\WINDOWS\ie7\iedw.exe
+ 2008-04-13 17:33:28 251,904 -c----w C:\WINDOWS\ie7\iepeers.dll
+ 2008-04-13 17:33:28 49,152 -c----w C:\WINDOWS\ie7\iernonce.dll
+ 2008-04-13 17:33:28 63,488 -c----w C:\WINDOWS\ie7\iesetup.dll
+ 2008-04-13 17:34:08 93,184 -c----w C:\WINDOWS\ie7\iexplore.exe
+ 2008-04-13 17:33:28 35,840 -c----w C:\WINDOWS\ie7\imgutil.dll
+ 2008-04-13 17:33:28 96,768 -c----w C:\WINDOWS\ie7\inseng.dll
+ 2008-04-13 17:33:28 15,872 -c----w C:\WINDOWS\ie7\jsproxy.dll
+ 2008-04-13 17:33:30 22,528 -c----w C:\WINDOWS\ie7\licmgr10.dll
+ 2008-04-13 17:34:14 29,184 -c----w C:\WINDOWS\ie7\mshta.exe
+ 2008-04-21 06:43:36 3,087,872 -c----w C:\WINDOWS\ie7\mshtml.dll
+ 2008-04-13 17:33:32 449,024 -c----w C:\WINDOWS\ie7\mshtmled.dll
+ 2008-04-13 16:56:26 57,344 -c----w C:\WINDOWS\ie7\mshtmler.dll
+ 2003-04-24 12:00:00 146,432 -c----w C:\WINDOWS\ie7\msls31.dll
+ 2008-04-13 17:33:34 146,432 -c----w C:\WINDOWS\ie7\msrating.dll
+ 2008-04-13 17:33:34 532,480 -c----w C:\WINDOWS\ie7\mstime.dll
+ 2008-04-13 17:33:40 97,280 -c----w C:\WINDOWS\ie7\occache.dll
+ 2008-04-13 17:33:40 39,424 -c----w C:\WINDOWS\ie7\pngfilt.dll
+ 2007-09-26 16:34:42 33,472 -c----w C:\WINDOWS\ie7\spuninst\iecustom.dll
+ 2007-09-26 16:32:30 66,048 -c--a-w C:\WINDOWS\ie7\spuninst\ieResetIcons.exe
+ 2006-09-06 15:43:28 216,800 -c----w C:\WINDOWS\ie7\spuninst\spuninst.exe
+ 2006-09-06 15:43:30 394,976 -c----w C:\WINDOWS\ie7\spuninst\updspapi.dll
+ 2008-04-13 17:33:50 37,888 -c----w C:\WINDOWS\ie7\url.dll
+ 2008-04-13 17:33:50 621,568 -c----w C:\WINDOWS\ie7\urlmon.dll
+ 2008-04-13 17:33:50 851,968 -c----w C:\WINDOWS\ie7\vgx.dll
+ 2008-04-13 17:33:50 281,600 -c----w C:\WINDOWS\ie7\webcheck.dll
+ 2008-04-21 06:43:36 670,208 -c----w C:\WINDOWS\ie7\wininet.dll
+ 2007-08-13 16:39:00 123,904 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\advpack.dll
+ 2007-08-13 16:39:00 123,904 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\advpack.dll.000
+ 2007-08-13 16:35:46 346,624 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\dxtmsft.dll
+ 2007-08-13 16:35:46 346,624 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\dxtmsft.dll.000
+ 2007-08-13 16:35:38 214,528 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\dxtrans.dll
+ 2007-08-13 16:35:38 214,528 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\dxtrans.dll.000
+ 2007-08-13 16:54:10 131,584 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\extmgr.dll
+ 2007-08-13 16:54:10 131,584 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\extmgr.dll.000
+ 2007-08-13 16:36:26 61,952 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\icardie.dll
+ 2007-08-13 16:39:06 54,784 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\ie4uinit.exe
+ 2007-08-13 16:39:06 54,784 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\ie4uinit.exe.000
+ 2007-08-13 16:39:26 152,064 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\ieakeng.dll
+ 2007-08-13 16:39:26 152,064 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\ieakeng.dll.000
+ 2007-08-13 16:39:54 229,376 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\ieaksie.dll
+ 2007-08-13 16:39:54 229,376 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\ieaksie.dll.000
+ 2007-08-13 15:56:54 161,792 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\ieakui.dll
+ 2007-02-12 14:10:12 2,451,312 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\ieapfltr.dat
+ 2007-07-11 10:27:48 383,488 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\ieapfltr.dll
+ 2007-08-13 16:39:50 382,976 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\iedkcs32.dll
+ 2007-08-13 16:39:50 382,976 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\iedkcs32.dll.000
+ 2007-08-13 16:54:10 6,049,280 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\ieframe.dll
+ 2007-08-13 16:39:10 43,008 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\iernonce.dll
+ 2007-08-13 16:39:10 43,008 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\iernonce.dll.000
+ 2007-08-13 16:34:04 266,752 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\iertutil.dll
+ 2007-08-13 16:39:10 13,312 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\ieudinit.exe
+ 2007-08-13 16:43:56 622,080 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\iexplore.exe
+ 2007-08-13 16:43:56 622,080 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\iexplore.exe.000
+ 2007-08-13 16:54:10 27,136 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\jsproxy.dll
+ 2007-08-13 16:54:10 27,136 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\jsproxy.dll.000
+ 2007-08-13 16:54:10 458,752 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\msfeeds.dll
+ 2007-08-13 16:54:10 50,688 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\msfeedsbs.dll
+ 2007-08-13 16:54:12 3,578,368 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\mshtml.dll
+ 2007-08-13 16:54:10 475,648 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\mshtmled.dll
+ 2007-08-13 16:54:10 475,648 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\mshtmled.dll.000
+ 2007-08-13 16:44:26 192,000 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\msrating.dll
+ 2007-08-13 16:44:26 192,000 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\msrating.dll.000
+ 2007-08-13 16:54:10 670,720 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\mstime.dll
+ 2007-08-13 16:54:10 670,720 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\mstime.dll.000
+ 2007-08-13 16:44:06 101,376 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\occache.dll
+ 2007-08-13 16:44:06 101,376 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\occache.dll.000
+ 2007-08-13 16:36:12 44,544 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\pngfilt.dll
+ 2007-08-13 16:36:12 44,544 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\pngfilt.dll.000
+ 2007-03-06 01:34:38 216,800 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\spuninst\spuninst.exe
+ 2007-03-06 01:35:48 394,976 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\spuninst\updspapi.dll
+ 2007-08-13 16:44:30 105,984 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\url.dll
+ 2007-08-13 16:44:30 105,984 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\url.dll.000
+ 2007-08-13 16:54:10 1,162,240 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\urlmon.dll
+ 2007-08-13 16:54:10 1,162,240 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\urlmon.dll.000
+ 2007-08-13 16:54:10 231,424 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\webcheck.dll
+ 2007-08-13 16:54:10 231,424 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\webcheck.dll.000
+ 2007-08-13 16:54:10 818,688 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\wininet.dll
- 2004-07-14 23:49:16 258,048 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_isapi.dll
+ 2007-04-13 19:30:52 258,048 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_isapi.dll
- 2004-07-14 23:49:22 32,768 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_wp.exe
+ 2007-04-13 19:30:52 32,768 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_wp.exe
- 2004-07-14 22:32:22 81,920 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\CORPerfMonExt.dll
+ 2007-04-13 18:57:52 81,920 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\CORPerfMonExt.dll
- 2003-02-20 17:09:14 86,016 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\mscorie.dll
+ 2007-04-13 18:57:58 86,016 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\mscorie.dll
- 2004-07-14 22:25:06 315,392 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\mscorjit.dll
+ 2007-04-13 18:56:30 315,392 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\mscorjit.dll
- 2004-07-14 22:33:04 102,400 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\mscorld.dll
+ 2007-04-13 18:58:00 102,400 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\mscorld.dll
- 2004-07-15 12:29:02 2,138,112 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\mscorlib.dll
+ 2007-04-13 18:50:46 2,142,208 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\mscorlib.dll
- 2003-02-20 17:09:18 77,824 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\mscorsn.dll
+ 2007-04-13 18:58:02 77,824 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\mscorsn.dll
- 2004-07-14 22:26:52 2,510,848 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\mscorsvr.dll
+ 2007-04-13 18:57:00 2,523,136 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\mscorsvr.dll
- 2004-07-14 22:28:34 2,502,656 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\mscorwks.dll
+ 2007-04-13 18:57:28 2,514,944 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\mscorwks.dll
- 2004-08-10 14:20:00 106,496 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\netfxupdate.exe
+ 2007-01-15 14:11:26 73,728 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\netfxupdate.exe
+ 2004-07-14 23:49:16 258,048 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\SHADOW244\_aspnet_isapi.dll
+ 2004-07-14 22:32:22 81,920 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\SHADOW244\_CORPerfMonExt.dll
+ 2004-07-14 22:24:30 282,624 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\SHADOW244\_fusion.dll
+ 2004-07-14 22:25:06 315,392 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\SHADOW244\_mscorjit.dll
+ 2004-07-15 12:29:02 2,138,112 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\SHADOW244\_mscorlib.dll
+ 2003-02-20 17:09:18 77,824 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\SHADOW244\_mscorsn.dll
+ 2004-07-14 22:26:52 2,510,848 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\SHADOW244\_mscorsvr.dll
+ 2004-07-14 22:28:34 2,502,656 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\SHADOW244\_mscorwks.dll
+ 2003-02-21 02:42:22 348,160 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\SHADOW244\_msvcr71.dll
+ 2004-07-14 22:34:50 94,208 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\SHADOW244\_PerfCounter.dll
- 2004-07-15 12:31:16 1,224,704 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\System.dll
+ 2007-04-13 19:35:38 1,232,896 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\System.dll
- 2004-07-15 12:29:00 1,257,472 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\System.Web.dll
+ 2007-04-13 19:35:46 1,265,664 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\System.Web.dll
- 2005-09-23 05:28:58 55,488 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\AppLaunch.exe
+ 2007-04-13 01:21:18 58,712 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\AppLaunch.exe
- 2005-09-23 05:28:32 10,752 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_filter.dll
+ 2007-04-13 01:20:52 10,752 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_filter.dll
- 2005-09-23 05:28:32 8,192 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_isapi.dll
+ 2007-04-13 01:20:52 8,192 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_isapi.dll
- 2005-09-23 05:28:32 23,552 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Aspnet_perf.dll
+ 2007-04-13 01:20:52 23,552 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Aspnet_perf.dll
- 2005-09-23 05:28:32 70,656 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_rc.dll
+ 2007-04-13 01:20:50 75,264 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_rc.dll
- 2005-09-23 05:28:32 26,824 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_regiis.exe
+ 2007-04-13 01:20:52 32,608 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_regiis.exe
- 2005-09-23 05:28:32 29,896 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
+ 2007-04-13 01:20:52 33,632 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
- 2005-09-23 05:28:32 29,888 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_wp.exe
+ 2007-04-13 01:20:52 32,600 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_wp.exe
- 2005-09-23 05:28:32 503,808 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\AspNetMMCExt.dll
+ 2007-04-13 01:20:52 507,904 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\AspNetMMCExt.dll
- 2005-09-23 05:28:56 88,576 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\CORPerfMonExt.dll
+ 2007-04-13 01:21:16 88,576 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\CORPerfMonExt.dll
- 2005-09-23 05:28:38 4,608 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\dfsvc.exe
+ 2007-04-13 01:20:58 5,120 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\dfsvc.exe
- 2005-09-23 05:28:56 9,728 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\IEExec.exe
+ 2007-04-13 01:21:16 9,728 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\IEExec.exe
- 2005-09-23 05:28:56 224,952 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\ilasm.exe
+ 2007-04-13 01:21:16 228,688 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\ilasm.exe
- 2005-09-23 05:28:56 28,672 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\InstallUtil.exe
+ 2007-04-13 01:21:16 28,672 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\InstallUtil.exe
- 2005-09-23 05:28:48 413,696 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft.Build.Engine.dll
+ 2007-04-13 01:21:10 413,696 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft.Build.Engine.dll
- 2005-09-23 05:28:48 647,168 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft.Build.Tasks.dll
+ 2007-04-13 01:21:10 647,168 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft.Build.Tasks.dll
- 2005-09-23 05:28:48 745,472 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft.JScript.dll
+ 2007-04-13 01:21:08 749,568 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft.JScript.dll
- 2005-09-23 05:28:32 87,552 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\MmcAspExt.dll
+ 2007-04-13 01:20:52 87,040 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\MmcAspExt.dll
- 2005-09-23 05:28:56 800,768 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscordacwks.dll
+ 2007-04-13 01:21:18 802,304 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscordacwks.dll
- 2005-09-23 05:28:56 36,864 -c--a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorie.dll
+ 2007-04-13 01:21:16 36,864 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorie.dll
- 2005-09-23 05:28:56 326,144 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll
+ 2007-04-13 01:21:16 326,656 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll
- 2005-09-23 05:28:56 4,308,992 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorlib.dll
+ 2007-04-13 01:21:16 4,308,992 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorlib.dll
- 2005-09-23 05:28:56 102,400 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorpe.dll
+ 2007-04-13 01:21:16 102,912 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorpe.dll
- 2005-09-23 05:28:56 226,816 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvc.dll
+ 2007-04-13 01:21:18 227,328 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvc.dll
- 2005-09-23 05:28:56 66,240 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
+ 2007-04-13 01:21:18 68,952 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
- 2005-09-23 05:28:50 5,615,616 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll
+ 2007-04-13 01:21:12 5,634,048 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll
- 2005-09-23 05:28:56 96,440 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\ngen.exe
+ 2007-04-13 01:21:16 99,152 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\ngen.exe
- 2005-09-23 05:28:56 14,848 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\normalization.dll
+ 2007-04-13 01:21:18 15,360 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\normalization.dll
- 2005-09-23 05:28:50 136,192 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\peverify.dll
+ 2007-04-13 01:21:12 136,192 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\peverify.dll
- 2005-09-23 05:28:56 377,344 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\SOS.dll
+ 2007-04-13 01:21:18 382,464 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\SOS.dll
- 2005-09-23 05:28:56 110,592 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\sysglobl.dll
+ 2007-04-13 01:21:18 110,592 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\sysglobl.dll
- 2005-09-23 05:28:58 389,120 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.configuration.dll
+ 2007-04-13 01:21:18 413,696 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.configuration.dll
- 2005-09-23 05:28:56 2,878,976 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Data.dll
+ 2007-04-13 01:21:16 2,902,016 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Data.dll
- 2005-09-23 05:28:56 482,304 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Data.OracleClient.dll
+ 2007-04-13 01:21:18 482,304 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Data.OracleClient.dll
- 2005-09-23 05:28:56 716,800 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Data.SqlXml.dll
+ 2007-04-13 01:21:18 716,800 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Data.SqlXml.dll
- 2005-09-23 05:28:38 884,736 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Deployment.dll
+ 2007-04-13 01:20:58 888,832 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Deployment.dll
- 2005-09-23 05:28:56 5,050,368 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Design.dll
+ 2007-04-13 01:21:16 5,001,216 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Design.dll
- 2005-09-23 05:28:56 188,416 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.DirectoryServices.Protocols.dll
+ 2007-04-13 01:21:18 188,416 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.DirectoryServices.Protocols.dll
- 2005-09-23 05:28:56 3,018,752 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.dll
+ 2007-04-13 01:21:16 2,940,928 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.dll
- 2005-09-23 05:28:56 700,416 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Drawing.dll
+ 2007-04-13 01:21:16 577,536 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Drawing.dll
- 2005-09-23 05:28:56 258,048 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.EnterpriseServices.dll
+ 2007-04-13 01:21:16 258,048 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.EnterpriseServices.dll
- 2005-09-23 05:28:56 47,616 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.EnterpriseServices.Thunk.dll
+ 2007-04-13 01:21:18 47,616 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.EnterpriseServices.Thunk.dll
- 2005-09-23 05:28:56 114,176 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.EnterpriseServices.Wrapper.dll
+ 2007-04-13 01:21:18 114,176 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.EnterpriseServices.Wrapper.dll